[ANNOUNCE] Gerrit Code Review 2.2.2.2, 2.3.1, 2.4.2
2,611 views
Skip to first unread message
Shawn Pearce
Jun 25, 2012, 11:49:34 AM6/25/12
to repo-discuss
Gerrit 2.2.2.2, 2.3.1, and 2.4.2 are now available:
http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.2.2.2.war
http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.3.1.war
http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.4.2.war
Security Fix
------------
* Some access control sections may be ignored
Gerrit sometimes ignored an access control section in a project if the
exact same section name appeared in All-Projects. The bug required an
unrelated project to have access.inheritFrom set to All-Projects and
be accessed before the project that has the same section name as
All-Projects. This is an unlikely scenario for most servers, as Gerrit
does not normally set inheritFrom equal to All-Projects. The usual
behavior is to not supply this property in project.config, and permit
the implicit inheritence to take place.
Affected Versions
-----------------
This bug first appeared in 2.2, and impacts all releases since.
Work Around
-----------
Administrators that can't immediately upgrade to a patched release
should disable cache permission_sort in gerrit.config:
[cache "permission_sort"]
memoryLimit = 0
maxAge = 1s
and restart the server process.
http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.2.2.2.war
http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.3.1.war
http://code.google.com/p/gerrit/downloads/detail?name=gerrit-2.4.2.war
Security Fix
------------
* Some access control sections may be ignored
Gerrit sometimes ignored an access control section in a project if the
exact same section name appeared in All-Projects. The bug required an
unrelated project to have access.inheritFrom set to All-Projects and
be accessed before the project that has the same section name as
All-Projects. This is an unlikely scenario for most servers, as Gerrit
does not normally set inheritFrom equal to All-Projects. The usual
behavior is to not supply this property in project.config, and permit
the implicit inheritence to take place.
Affected Versions
-----------------
This bug first appeared in 2.2, and impacts all releases since.
Work Around
-----------
Administrators that can't immediately upgrade to a patched release
should disable cache permission_sort in gerrit.config:
[cache "permission_sort"]
memoryLimit = 0
maxAge = 1s
and restart the server process.
Saša Živkov
Aug 9, 2012, 10:09:18 AM8/9/12
to huodian007, repo-d...@googlegroups.com
On Thu, Aug 9, 2012 at 11:59 AM, huodian007 <jialin....@gmail.com> wrote:
> Hi Shawn,
>
> I am Jialin from Marvell, working on android development. I want to know if
> there is any interface in gerrit to update DB.
>
>
>
> The story is we have built up an auto-build system for android, and as you
> know, developer’s environment is usually not clean, we need to ensure the
> patch can be built successfully in a clean environment before merge, We want
> to create process below.
>
> 1. Create account “build_robot” in gerrit
>
> 2. User submit patch to gerrit
>
> 3. User trigger auto-build with gerrit patch info (like change id, …)
>
> 4. Auto build system fetch patch from gerrit, apply patch, and build
>
> 5. Audo build system add review comment by using account
> “build_robot”, then all the human reviewers can see the auto-build result.
>
>
>
> Base on our investigation, we found we can write db table
> PATCH_SET_APPROVALS & CHANGE_MESSAGES by using cmd below:
>
> ssh -p 29418 chenjl @ shgit.marvell.com gerrit gsql --format PRETTY -c
> \"insert into PATCH_SET_APPROVALS …"
>
>
>
> however, we think this way is not good, so we want to know if there is http
> request (like below) or other local interface.
Use the "review" command. To see the available options:
ssh -p 29418 chenjl @ shgit.marvell.com gerrit review --help
example:
ssh -p 29418 chenjl @ shgit.marvell.com gerrit review <commit-id> --verified 1
>
>
>
> http://shgit.marvell.com/r/gerrit/rpc/ChangeDetailService
>
> changeDetails & publishComments
>
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
> Hi Shawn,
>
> I am Jialin from Marvell, working on android development. I want to know if
> there is any interface in gerrit to update DB.
>
>
>
> The story is we have built up an auto-build system for android, and as you
> know, developer’s environment is usually not clean, we need to ensure the
> patch can be built successfully in a clean environment before merge, We want
> to create process below.
>
> 1. Create account “build_robot” in gerrit
>
> 2. User submit patch to gerrit
>
> 3. User trigger auto-build with gerrit patch info (like change id, …)
>
> 4. Auto build system fetch patch from gerrit, apply patch, and build
>
> 5. Audo build system add review comment by using account
> “build_robot”, then all the human reviewers can see the auto-build result.
>
>
>
> Base on our investigation, we found we can write db table
> PATCH_SET_APPROVALS & CHANGE_MESSAGES by using cmd below:
>
> ssh -p 29418 chenjl @ shgit.marvell.com gerrit gsql --format PRETTY -c
> \"insert into PATCH_SET_APPROVALS …"
>
>
>
> however, we think this way is not good, so we want to know if there is http
> request (like below) or other local interface.
Use the "review" command. To see the available options:
ssh -p 29418 chenjl @ shgit.marvell.com gerrit review --help
example:
ssh -p 29418 chenjl @ shgit.marvell.com gerrit review <commit-id> --verified 1
>
>
>
> http://shgit.marvell.com/r/gerrit/rpc/ChangeDetailService
>
> changeDetails & publishComments
>
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
Martin Fick
Aug 10, 2012, 7:41:55 PM8/10/12
to repo-d...@googlegroups.com, huodian007
Please don't highjack threads...
Look up the ssh commands, there are many that you might find
useful, specifically you will want the "ssh gerrit review"
command,
-Martin
On Thursday, August 09, 2012 03:59:34 am huodian007 wrote:
> Hi Shawn,
>
> I am Jialin from Marvell, working on android development.
> I want to know if there is any interface in gerrit to
> update DB.
>
>
>
> The story is we have built up an auto-build system for
> android, and as you know, developer’s environment is
> usually not clean, we need to ensure the patch can be
> built successfully in a clean environment before merge,
> We want to create process below.
>
> 1. Create account “build_robot” in gerrit
>
> 2. User submit patch to gerrit
>
> 3. User trigger auto-build with gerrit patch info
> (like change id, …)
>
> 4. Auto build system fetch patch from gerrit, apply
> patch, and build
>
> 5. Audo build system add review comment by using
> account “build_robot”, then all the human reviewers can
> see the auto-build result.
>
>
>
> Base on our investigation, we found we can write db table
> PATCH_SET_APPROVALS & CHANGE_MESSAGES by using cmd below:
>
> *ssh -p 29418 chenjl @ shgit.marvell.com gerrit gsql*
member of Code Aurora Forum
Look up the ssh commands, there are many that you might find
useful, specifically you will want the "ssh gerrit review"
command,
-Martin
On Thursday, August 09, 2012 03:59:34 am huodian007 wrote:
> Hi Shawn,
>
> I am Jialin from Marvell, working on android development.
> I want to know if there is any interface in gerrit to
> update DB.
>
>
>
> The story is we have built up an auto-build system for
> android, and as you know, developer’s environment is
> usually not clean, we need to ensure the patch can be
> built successfully in a clean environment before merge,
> We want to create process below.
>
> 1. Create account “build_robot” in gerrit
>
> 2. User submit patch to gerrit
>
> 3. User trigger auto-build with gerrit patch info
> (like change id, …)
>
> 4. Auto build system fetch patch from gerrit, apply
> patch, and build
>
> 5. Audo build system add review comment by using
> account “build_robot”, then all the human reviewers can
> see the auto-build result.
>
>
>
> Base on our investigation, we found we can write db table
> PATCH_SET_APPROVALS & CHANGE_MESSAGES by using cmd below:
>
> --format PRETTY -c \"insert into PATCH_SET_APPROVALS …"
>
>
>
> however, we think this way is not good, so we want to
> know if there is http request (like below) or other
> local interface.
>
>
>
Employee of Qualcomm Innovation Center, Inc. which is a
>
>
>
> however, we think this way is not good, so we want to
> know if there is http request (like below) or other
> local interface.
>
>
>
member of Code Aurora Forum
Reply all
Reply to author
Forward
0 new messages