ReleaseNotes/ReleaseNotes-2.1.2.txt

Release notes for Gerrit 2.1.2
==============================

Gerrit 2.1.2 is now available in the usual location:

link:http://code.google.com/p/gerrit/downloads/list[http://code.google.com/p/gerrit/downloads/list]

Schema Change
-------------

*WARNING* This release contains multiple schema changes.  To upgrade:
----
  java -jar gerrit.war init -d site_path
----


Breakages
---------

* issue 421 Force validation of the author and committer lines
+
The author line must now match the authenticated user when uploading a
change, and both author and committer must match when pushing directly
into a branch with the Push Branch permission.  This is a new
restriction that did not exist in prior versions and was necessary to
close a hole that permitted users to completely forge commits if they
had Push Branch +1 granted.
+
Project owners may grant the new Forge Identity permission to permit a
user group to forge the author and/or committer lines in commit
objects they are pushing for review, or directly into a branch.  To
match prior behavior grant Forge Identity +1 where Read +2 (Upload)
exists, and Forge Identity +2 where Push Branch >= +1 exists.


New Features
------------

UI
~~

* issue 169 Highlight line-level (aka word) differences in files
+
Differences within a replaced line are now highlighted with a brighter
red or green background color.  The highlighting algorithm is still
crude and could benefit from more fine-tuning, as its largely driven
by a simple Myers O(ND) character difference over the replaced lines.

* issue 408 Show summary of code review, verified on all open changes
+
The open changes views now show the status summary columns, just like
a user dashboard shows.  This requires an extra RPC per page display,
but can save user time when trying to identify which reviews should be
examined.

* Only enable 'Delete' button when there are selections
+
In Settings panels the delete button is enabled only if at least one
row has been selected to be removed.

* SSH commands stop option parsing on \--
+
Like most POSIX commands, `\--` now signifies the end of options for
any command accessible over SSH.

* issue 416 Add download links to side-by-side viewer
+
The side-by-side viewer now offers links to download the complete file
of either the left or right side.  To protect the users from malicious
cross-site scripting attacks, the download links force the content to
be wrapped inside of a ZIP archive with a randomized file name.
Server administrators may use the mimetype.safe configuration setting
to avoid this wrapping if they trust users to only upload safe file
content.

* Include formatted HTML documentation in WAR
+
Official release WARs now contain the formatted HTML documentation,
and a 'Documentation' menu will display in the main UI (alongside
'All', 'My', 'Admin') to help users access the local copy rather
than jumping to the remote Google Code project site.

* Enhanced patch set download commands
+
Download commands for patch sets are now offered as a tabbed panel,
allowing the user to select between 'repo download', 'git pull',
or 'git fetch ... && git cherry-pick' styles, as well as to select
the transport protocol used, including anonymous Git or HTTP, or
authenticated SSH or HTTP.  The current selections are remembered
for signed-in users, permitting end-users to quickly reuse their
preferred method of grabbing a patch set.

* issue 405 Add canned per-line comment reply of 'Done'
* issue 380 Use N/P to jump to next/previous comments

Permissions
~~~~~~~~~~~

* issue 60 Change permissions to be branch based
+
Almost all permissions are now per-branch within each project.  This
includes Code Review, Verified, Submit, Push Branch, and even Owner.
Permissions can be set on a specific branch, or on a wildcard that
matches all branches that start with that prefix.  Read permission is
still handled at the project level, but future versions should support
per-branch read access as well.

* MaxNoBlock category for advisory review levels
+
The new MaxNoBlock category function can be used in a custom approval
category for reviews that are performed by automated lint tools.
See link:http://gerrit.googlecode.com/svn/documentation/2.1.2/access-control.html#function_MaxNoBlock[access control]
for more details on this function.

Remote Access
~~~~~~~~~~~~~

* Enable smart HTTP under /p/ URLs
+
Git 1.6.6 and later support a more efficient HTTP protocol for both
fetch/clone and push, by relying upon Git specific server side logic.
Gerrit Code Review now includes the necessary server side support when
accessing repositories using URLs of the form
`http://review.example.com/p/'$projectname'.git`.
+
Authentication over smart HTTP URLs is performed using standard HTTP
digest authentication, with the username matching the SSH username,
but the password coming from a field that is generated by Gerrit and
accessible to the user on their Settings > SSH Keys tab.
+
Smart HTTP requests enter the same resource queue as SSH requests,
using the embedded Jetty server to suspend the request and later
resume it when processing resources are available.  This ensures HTTP
repository requests don't overtax the server when made concurrently
with SSH requests.

* issue 392 Make hooks/commit-msg available over HTTP
+
The scp filesystem holding client side tools and hooks is now
avaliable over `http://review.example.com/tools/'$name'`.  User
documentation was updated with example URLs.

Server Administration
~~~~~~~~~~~~~~~~~~~~~

* issue 383 Add event hook support
+
Site administrator managed hook scripts can now be invoked at various
points in processing.  Currently these scripts are informational only
and cannot influence the outcome of an event.  For more details see
link:http://gerrit.googlecode.com/svn/documentation/2.1.2/config-hooks.html[hooks].

* Log HTTP activity to $site_path/logs/httpd_log
+
When httpd.listenUrl is http:// or https://, requests are logged into
`'$site_path'/logs/httpd_log`.  This mirrors the behavior of the SSH
daemon, which also logs requests into the same directory.  For proxy
URLs HTTP requests aren't logged, since the front-end server should be
handling the logging.  Logging can be forced on, or forced off by
setting link:http://gerrit.googlecode.com/svn/documentation/2.1.2/config-gerrit.html#httpd.requestLog[httpd.requestLog].

* Allow the daemon's host key to authenticate to itself
+
The SSH daemon's host key can now be used to authenticate as the magic
user `Gerrit Code Review`.  This user identity is blessed as even more
powerful than a site administrator, as using it requires access to the
private half of the host key.  For example:
+
----
  ssh -p 29418 -i site_path/etc/ssh_host_rsa_key 'Gerrit Code Review'@localhost gerrit flush-caches --all
----

* Allow $site_path/etc/peer_keys to authenticate peer daemons
+
Additional public keys for the magical 'Gerrit Code Review' user may
be specified in an OpenSSH authorized_keys style file and are
functionally equivilent to authenticating with the daemon's host key.
The keys are primarily intended to be other daemons, most likely
slaves, that share the same set of repositories and database.

* Allow suexec to run any command as any user
+
The new SSH based suexec command can only be invoked by the magic user
`Gerrit Code Review` and permits executing any other command as any
other registered user account.  This forms the foundation of allowing
a slave daemon process to transparently proxy any write request from a
client forward to the current master.
+
The transparent proxy support is not yet implemented in the slave.


Bug Fixes
---------

* issue 448 Disable syntax highlighting on unified views
+
Syntax highlighting in the unified patch view isn't useful if it hides
the added and removed lines red/green text color.  Disable it entirely
so the add/remove coloring shows up instead.

* Send missing dependencies to owners if they are the only reviewer
+
If the owner of the change is the only reviewer and the change can't
be submitted due to a missing dependency, Gerrit failed to send out an
email notification.  Fixed.

* issue 385 Delete session cookie when session is expired
+
If the session expires and the user clicks "Close" in the session
expired popup dialog box, delete the cookie so the user can continue
to use the website as an anonymous user.

* issue 387 Use quoted printable strings in outgoing email
+
Names or subjects with non-ASCII characters were not quoted properly
in the email notification headers.  Fixed.

* daemon: Really allow httpd.listenUrl to end with /
+
If httpd.listenUrl ended with / the configuration got botched during
init and the site didn't work as expected.  Fixed by correctly
handling an optional trailing / in this variable.

* Fix NoShell to flush the error before exiting
+
Sometimes users missed the standard error message that indicated no
shell was available, due to a thread race condition not always
flushing the outgoing buffer.  Fixed.

* Dequote saved OpenID URLs
+
Certain OpenID URLs were getting double quotes thrown around them
after being saved in the last identity cookie on the client.  The
quotes were loading back into the dialog on a subsequent sign-in
attempt, resulting in an error as double quotes aren't valid in an
HTTP URL.  Fixed by dropping the quotes if present.

* issue 389 Catch bad commentlink patterns and report them
+
A bad commentlink.match pattern could cause the change screen to
simply not load, with no errors in the server log, and nothing
immediately visible on the client.  Most bad patterns are now caught
during server startup and are reported in the server error_log.
Certain failures are caught on the client side, and sent to the server
error log over RPC.  Bad patterns are simply skipped when logged.

* issue 419 MySQL: Fix account\_group\_members\_audit removed\_on
+
MySQL has a "feature" which prevented the removed_on column from being
NULL when we meant for it to be NULL.  Fixed by using the MySQL
suggested work around, which is non-standard SQL.

* Change "Publish Comments" to "Review"
+
The term "Publish Comments" was used on two different buttons that
performed two different actions.  The first usage was to open the
screen which shows the scoring buttons, provides the cover letter
editor, and shows the in-line comments for final review before
publication.  The button that opens that review screen has been
renamed "Review".  The second usage of the button was to actually send
out the notification emails, and expose the comments to others.  This
button is still called "Publish Comments".

* issue 427 Adjust SocketUtilTest to be more likely to pass
+
Some DNS environments, especially those based on OpenDNS, were failing
this test case during a build because the upstream resolver was
returning back a bogus record for an invalid domain name.  The test
was adjusted to use a name that is less likely to be resolved by a
broken upstream resolver.

* 424 Use JGit's LockFile to copy files during init
+
init sometimes truncated the WAR file to 0 bytes if it was running
from the destination WAR.  Fixed by using JGit's LockFile class which
writes to a temporary file and does an atomic rename to finish.

* issue 438 Skip gitlink modes as we can't get a content difference
+
The special gitlink mode inside of a tree points to a commit in the
submodule project.  We can't show the content of it inside of the
supermodule.

* Don't try to syntax highlight plain text
+
Plain text files can't benefit from syntax highlighting, its actually
more confusing than it is useful.  Skip highlighting on them.

* issue 251 Fix bad syntax highlighting
+
Prior versions performed syntax highlighting on a per-line basis,
resulting in confusing or bogus results in multi-line contexts like
C/Java's "/\* ... \*/" style comment.  Fixed by performing
highlighting on the entire file contents, even if only some lines are
displayed to met the user's context setting.

* init: Only suggest downloading BouncyCastle on new installs
+
Upgrades of an existing installation which has not installed the
BouncyCastle library shouldn't be encouraged to download and install
the library again.  The administrator has already chosen not to use
it, we shouldn't nag them about it.

* issue 423 Bind to LDAP using only the end-user identity
+
Microsoft Active Directory doesn't support anonymous binds, and some
installations might not be able to create a generic role account for
Gerrit Code Review.  The new auth.type LDAP_BIND permits Gerrit to
authenticate using only the end-user's credentials, avoiding the need
for an anonymous or role account bind.

* issue 423 Defer LDAP server type discovery until first authentication
+
Microsoft Active Directory wasn't being detected, because the
anonymous bind during server startup failed.  Instead the server
type is detected during the first user authentication, where we
have a valid directory context to query over.

* issue 314 Hide group type choice if LDAP is not enabled
* Expand group names to be 255 characters
* Update URL for GitHub's SSH key guide


Schema Changes in Detail
------------------------

* Remove Project.Id and use only Project.NameKey
+
The project_id column was dropped from the projects table, and all
associated subtables, and only the name is now used to link records
in the database.  This simplifies the schema for eventual changes
onto less-traditional storage systems.

* Move sshUserName from Account to AccountExternalId
+
The ssh\_user\_name column in accounts was moved to an additional row
in account\_external\_ids, using external\_id prefix `username:`.
This removes the non-primary key unique index from the table, making
it easier to move to less traditional storage systems.

* Replace all transactions with single row updates
+
Schema update operations have been reworked to not require multi-row
transaction support in the database.  This makes it easier to port
onto a distributed storage system where multi-row atomic updates
aren't possible, or to run on MySQL MyISAM tables.


Other Changes
-------------
* Update gwtorm to 1.1.4-SNAPSHOT
* Add unique column ids to every column
* Remove unused byName @SecondaryKey from ApprovalCategory
* Remove @SecondaryKey from AccountGroup
* documentation: Remove mention of mysql_nextval.sql script
* Drop MySQL function nextval_project_id
* documentation: Remove project_id from manual insert
* Update JGit to 0.5.1.106-g10a3391
* Split the core receive logic out of the SSH code
* Move toProject into PageLinks for reuse
* Correct SSH Username to be just Username
* Don't display the magic username identity on the identities tab
* Show Status column header on the SSH key table
* Queue smart HTTP requests alongside SSH requests
* Add a password field to the account identities
* Authenticate /p/ HTTP and SSH access by password
* Advertise the smart HTTP URLs to references
* Refactor the SSH session state
* Fixing Eclipse settings file
* Merge "Fixing Eclipse settings file"
* Add --commit to comment-added as there was previously no way to kno...
* Fix imports inside of PatchScreen.java
* Fix crash while loading project Access tab
* Replace our own @Nullable with javax.annotation.Nullable.
* Merge "Replace our own @Nullable with javax.annotation.Nullable."
* Correctly hide delete button on inherited permissions
* Allow per-branch OWN +1 to delegate branch ownership
* Block inheritance by default on per-branch permissions.
* Merge "Block inheritance by default on per-branch permissions."
* Simplify FunctionState as discussed previously
* Restore delete right checkboxes in wild card project
* issue 393 Require branch deletion permission for pushes over HTTP
* issue 399 Update JGit to 0.5.1.140-g660fd39
* Merge "Add MaxNoBlock category for advisory review levels"
* Add standard eclipse generated files to .gitignore
* Merge "Add standard eclipse generated files to .gitignore"
* Don't reformat the source if the files are identical
* Fix schema 27 upgrade for H2
* Update JGit to 0.5.1.141-g3eee606
* Merge "Update JGit to 0.5.1.141-g3eee606"
* Manage database connections directly in PatchScriptFactory
* issue 425 Update user documentation to explain branch access control
* Merge "Update user documentation to explain branch access control"
* Update to gwtjsonrpc 1.2.2-SNAPSHOT
* Merge "Update to gwtjsonrpc 1.2.2-SNAPSHOT"
* Allow refs/* pattern on new reference rights
* Trim reference name from user when adding access right
* Execute Git commands with AccessPath.GIT
* Update to GWT 2.0.1
* Update to Ehcache 1.7.2
* Update to mime-util 2.1.3
* Update to H2 1.2.128
* issue 442 Fix IncorrectObjectTypeException on initial commit
* Compute allowed approval categories separately.
* Move new change display to PostReceiveHook
* Drop unused formatLanguage property from patch table
* issue 447 documentation: Improve Apache mod_proxy configuration
* issue 445 Fix whitespace errors with word diff enabled
* issue 439 Move syntax highlighting back to client
* Remove Mozilla Rhino from our build
* Add missing step to add gwtui_dbg configuration
* Remove useless imports from Schema_28
* Fix upgrading H2 from schema 20 to current
* Move release notes into the repository
* issue 454 documentation: Improve bugzilla link example to include #
* Drop unused err PrintWriter in Receive
* documentation: Describe how to do case insensitive commentlink
* Add patch releases to release notes
* Update to gwtorm 1.1.4, gwtjsonrpc 1.2.2, gwtexpui 1.2.1
* Update to GWT 2.0.2
* documentation: Remove stupid ReleaseNotes build rules
* documentation: Use a per-version directory

6df5ea1a3db71d300142099bbe5182507437ab55