[apparmor] test git repo

Steve Beattie steve at nxnw.org
Mon Oct 2 22:02:04 UTC 2017 

On Sat, Sep 30, 2017 at 07:50:56AM +0200, intrigeri wrote:
> Steve Beattie:
> > Please feel free to take check out it,
> 
> At first glance it looks good!
> 
> I've compared the content of the trees and they are the same (modulo
> the last revision in bzr that I guess will be converted before the
> final switch).

Yes, the conversion was done with a combination of git-remote-bzr
and reposurgeon, so everything is reproducible[0], and can
incorporate additional commits to the bzr branches until we cut over
formally. And indeed, I've regenerated the repo and pushed again to
https://code.launchpad.net/~sbeattie/apparmor/+git/apparmor which
includes the latest commit/cherry-picks. That said, it's akin to a
rebase mostly, so a simple fetch/pull will likely have problems.

> One thing I've noticed is that the way changes are backported from
> master to older branches (i.e. tons of cherry-picks) makes history
> hard to analyze, i.e. it's very hard to tell "what do we have in
> master but not in apparmor-2.11". One way we fix that problem in other
> projects is to fork topic branches not off master, but off the oldest
> maintenance branch the topic branch is a candidate for, and then we
> merge the topic branch into all candidate maintenance branches, no
> cherry-pick involved, no commit duplication, and history becomes more
> useful :)

Do you have a smallish example git tree you can point to? I want to
make sure it looks nothing like what upstream php does[1], which makes
it nearly impossible to tease out how a patch was cherry-picked for
a specific newer branch[2],

> > as I'd like to cut over permanently to git in the next day or two.
> 
> /me is excited! Thanks a lot for doing this work.

I'm glad other people are excited, because this conversion exercise
has emphatically reinforced what a colossal disincentive git is for me.

Thanks for the feedback.

[0] If you're interested, the relevant bits to generating everything are viewable at
    https://git.launchpad.net/~sbeattie/+git/reposurgeon-working-dirs/tree/apparmor-manual-conversion

[1] http://git.php.net/?p=php-src.git

[2] For a specific random example: https://bugs.php.net/bug.php?id=74111
    aka CVE-2017-12933. Original commit is
    http://git.php.net/?p=php-src.git;a=commit;h=f8c514ba6b7962a219296a837b2dbc22f749e736
    which got applied to the php 5.6 branch and then
    merged forward onto the php 7.x branches... but possibly as
    http://git.php.net/?p=php-src.git;a=commit;h=3a25a56a92ac1d0d6028a8ecd32ccf03bcd71ade
    ?  However, doing 'git tag --contains' on
    f8c514ba6b7962a219296a837b2dbc22f749e736 and
    3a25a56a92ac1d0d6028a8ecd32ccf03bcd71ade shows both commits in
    the 7.0.22 tag... so what actually applies to 7.0? Attempting to
    use tig to visualize what's happening just leads to nonsense.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20171002/a0f6a79e/attachment.sig>

More information about the AppArmor mailing list