Google Git
Sign in
gerrit / gerrit / 4b2b2d831b39f57720923d5b0c23f1b6d94be0e9
commit4b2b2d831b39f57720923d5b0c23f1b6d94be0e9[log] [tgz]
authorLuca Milanesio <luca.milanesio@gmail.com>Tue Jan 12 21:47:15 2021 +0000
committerDavid Ostrovsky <david@ostrovsky.org>Tue Jan 26 13:29:32 2021 +0100
treef3e655ca41ee8c32a7315611556930c33f72e2e5
parentb5f92f10f99c7374c57bebde21d26bec12c38b33 [diff]
Avoid creating HTTP Sessions for Git-over-HTTP

The Change-Id: Iffcd0fbd7 has involuntarily triggered the
creation of a new HTTP Session for every invocation a Git-over-HTTP
request.

All came from the mistake of tracing the HTTP session instead
of the Gerrit session in the audit record.
The HTTP Servlet API specs say that any attempt to access
the current session of an incoming request would result
in the creation of a brand-new session.

The session involuntarily created also had an expiry time
equal to zero, which prevented the session housekeeper
to reclaim them later on, even though they were unused.

The consequence of creating an empty session for every
Git-over-HTTP request isn't immediately tangible, because
the session is empty and doesn't occupy a significant
amount of memory. However, longer-term, the in-memory
hashtable that records all the sessions, each one using
750 bytes on average, will be causing the overload
of the JVM heap and the crash of the process because of
lack of available memory.

Use the correct Gerrit session-id, retrieving
from the Provider<WebSession> the proper session, if active
and logged in, and make sure in tests that no HTTP sessions
are created as a result of a Git-over-http request.

Bug: Issue 13858
Change-Id: I8c086fed54b196c3f46fa88ac78c127784524d30
5 files changed
tree: f3e655ca41ee8c32a7315611556930c33f72e2e5
  1. .settings/
  2. contrib/
  3. Documentation/
  4. gerrit-acceptance-framework/
  5. gerrit-acceptance-tests/
  6. gerrit-cache-h2/
  7. gerrit-cache-mem/
  8. gerrit-common/
  9. gerrit-elasticsearch/
  10. gerrit-extension-api/
  11. gerrit-gpg/
  12. gerrit-gwtdebug/
  13. gerrit-gwtexpui/
  14. gerrit-gwtui/
  15. gerrit-gwtui-common/
  16. gerrit-httpd/
  17. gerrit-index/
  18. gerrit-launcher/
  19. gerrit-lucene/
  20. gerrit-main/
  21. gerrit-oauth/
  22. gerrit-openid/
  23. gerrit-patch-commonsnet/
  24. gerrit-patch-jgit/
  25. gerrit-pgm/
  26. gerrit-plugin-api/
  27. gerrit-plugin-gwtui/
  28. gerrit-prettify/
  29. gerrit-reviewdb/
  30. gerrit-server/
  31. gerrit-sshd/
  32. gerrit-test-util/
  33. gerrit-util-cli/
  34. gerrit-util-http/
  35. gerrit-util-ssl/
  36. gerrit-war/
  37. lib/
  38. plugins/
  39. polygerrit-ui/
  40. ReleaseNotes/
  41. tools/
  42. website/
  43. .bazelignore
  44. .bazelproject
  45. .bazelrc
  46. .bazelversion
  47. .editorconfig
  48. .git-blame-ignore-revs
  49. .gitignore
  50. .gitmodules
  51. .gitreview
  52. .mailmap
  53. .pydevproject
  54. BUILD
  55. COPYING
  56. INSTALL
  57. Jenkinsfile
  58. README.md
  59. SUBMITTING_PATCHES
  60. version.bzl
  61. WORKSPACE
README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Build Status

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Bazel and run the following:

    git clone --recursive https://gerrit.googlesource.com/gerrit
    cd gerrit && bazel build release

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update & apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

On Fedora run:

    dnf clean all && dnf install gerrit-<version>[-<release>]

Use pre-built Gerrit images on Docker

Docker images of Gerrit are available on DockerHub

To run a CentOS 7 based Gerrit image:

    docker run -p 8080:8080 gerritforge/gerrit-centos7[:version]

To run a Ubuntu 15.04 based Gerrit image:

    docker run -p 8080:8080 gerritforge/gerrit-ubuntu15.04[:version]

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.