Upgrade libgit2 to v0.27.2 #27525
Upgrade libgit2 to v0.27.2 #27525
Conversation
* upgrade libgit2 to 0.27.1 * fix for API changes
|
This may be the first PR I have authored in my life to pass only Windows CI and none of the others. |
ararslan
added
the
external dependencies
|
I think my PR was only for libgit2 v0.27.1, but v0.27.2 had now been released, so we should use that. |
staticfloat
force-pushed
the
sf/libgit2_mbedtls
branch
from
0224e79
to
fbb677f
Compare
Yep, that's what this is based off of. I've also switched over to the |
|
the libgit2 changes don't appear to be on this branch (or github is doing something funny with the diff). |
|
Wow, thanks for that. A rebase went bad I think. I |
staticfloat
force-pushed
the
sf/libgit2_mbedtls
branch
from
fc360ca
to
d9b1bd3
Compare
|
You will probably need most of the other changes from #27241. (getting rid of old patches + interface updates) |
| @@ -0,0 +1,39 @@ | |||
| diff --git a/.travis.yml b/.travis.yml | |||
There was a problem hiding this comment.
Add a link to the upstream PR?
staticfloat
force-pushed
the
sf/libgit2_mbedtls
branch
4 times, most recently
from
9461520
to
166a78f
Compare
* upgrade libgit2 to 0.27.1 * fix for API changes
libgit2 supports SHA1 collision detection [0], which basically identifies files that have distinctive sequences of bytes that show they have been hand-crafted to defeat SHA1, and instead alters the SHA1 hashing algorithm to do something different for those bytestreams. This "hardens" the SHA1 implementation, and importantly for us, doesn't introduce any extra dependencies such as libssl. [0]: https://blog.github.com/2017-03-20-sha-1-collision-detection-on-github-com/
| @@ -0,0 +1 @@ | |||
| 6059f607530c302aa1b74c77fcbb5fa2 | |||
There was a problem hiding this comment.
can remove this checksum (it was for 0.27.1)
| @@ -0,0 +1 @@ | |||
| 6827d19be048be94d87d118c04c37ee9fc8161d1fb5820fd0feadc8b9d99f08835e1c5ccab47ae2406cb4601efce0d30d03bd66d1ec6e25d591c3ba1e0073ec7 | |||
|
LGTM. Will need to check that ssh clones of private repos work on Windows (see #27241 (comment)) |
staticfloat
force-pushed
the
sf/libgit2_mbedtls
branch
from
166a78f
to
a4797b3
Compare
|
Is there a way we can run the buildbots without merging? Or just try it and see? |
|
The 64-bit linux failure seems to persist, and has something to do with this line: julia/stdlib/LibGit2/test/libgit2.jl Line 2368 in 4420717 |
We can, and we should. We just go to |
|
If I remember correctly, that credentials thing is part of what will be fixed by #24738. Essentially, right now a piece of memory is getting overwritten with zeros in a way that can be a little race-conditiony. I've restarted the build one more time just to make sure. |
|
Let's hope so. @mbauman is working on it as we speak. |
|
Great, I see that you've logged in and triggered the build. It will run through everything (including all tests) but we should download it locally and ensure it runs (and doesn't have a dependency on |
|
Will do. I triggered a windows one as well |
|
CI straight flush! |
|
Linux looks good: though it failed the same test as travis. |
|
Yep, I'm calling this one good. Crossing fingers that I don't wake up tomorrow to us borking all travis again. ;) |
|
Does #27386 (comment) have anything to do with this? This was merged very recently though... |
|
No, I don't think it could be. This PR doesn't touch |
|
The Windows build didn't seem to work, and we don't have new nightlies, so we can't yet test whether ssh works. |
|
I'm giving some TLC to the windows buildbots right now. Filesystem permissions problems, as usual. |
|
FYI: I tried out ssh clone of a private repo on windows and it seemed to work. |
|
I get a Ideas? |
|
Grrr, looks like this also broke This causes this test to fail. |
|
Based on the error message, it means that I don't understand CMake well enough though. |
|
Fixed in #27601 |
|
@nalimilan do you have any extra patches applied to libgit2, libssh2 or libmbedtls? It looks like we're dying within mbedTLS while initializing mbedTLS while libssh2 is initializing on behalf of libgit2's initialization routines. |
|
Also, upstream libgit2 patch has landed, huzzah. Hopefully eventually we can drop these patches. |
Not AFAICT. I'm using |
|
I don't think so, because this is dying within |
This is a possibly-unbroken upgrade path to a newer mbedTLS. It includes a pull request I just opened against libgit2, and in local testing successfully suppresses linking against
libssl.so.