commit | 85423930af072ea4f17e202db585a37384ff0c6d | [log] [tgz] |
---|---|---|
author | Edwin Kempin <ekempin@google.com> | Thu Sep 29 17:21:53 2022 +0200 |
committer | Edwin Kempin <ekempin@google.com> | Tue Oct 04 11:33:51 2022 +0200 |
tree | 4ce0372eb66e7f110fc2f215c1ea2da079397e9c | |
parent | 4bd3a7ae88979983dbba0c4a694da52eb638db4f [diff] |
Cherry-Pick: Do not fail if non-visible users are involved If a change is cherry-picked, Gerrit automatically adds the change owner and the reviewers of the cherry-picked change as reviewers on the cherry-pick change. CCs of the cherry-picked change are automatically added as CCs on the cherry-pick change. Same as for revert (see change I8264d96f7) the visibility check for these explicit reviewers/CCs should be skipped. So far cherry-pick failed if any of the accounts that are added as reviewers/CCs on the cherry-pick change are not visible to the caller. Failing in this case is unnecessary since the user doing the cherry-pick already knows about the existence of the reviewer/CC accounts (see below) and hence we can just skip the account visibility check for them during cherry-pick. Cherry-picking a change is only possible if the calling user can see the change that is being cherry-picked. If a user can see the change, they can also see the change owner and all its reviewers/CCs regardless of whether these accounts are visible. This means the user doing the cherry-pick knows that Gerrit accounts exists for all users the are either change owners, reviewer or CC on the cherry-picked change. This means we can preserve them as reviewers/CCs on the cherry-pick change, even if their accounts are not visible to the user doing the cherry-pick (as it doesn't expose the existence of accounts that the user didn't already know before). In addition cherry-pick also implicitly CCs the author and committer if they are forged. Here the situation is a bit different. It's possible that there are no matching accounts for the author and committer, hence from being able to see the author and committer information on the cherry-picked change one cannot deduce that corresponding Gerrit accounts exists. Hence we can only CC them on the cherry-pick change if they are visible to the user doing the cherry-pick, as otherwise the account existence would be revealed. If the author/committer accounts are not visible we silently drop CCing them now so that the cherry-pick can still succeed in this case. We do the same when pushing commits with forged authors/committers so that doing local cherry-picks can also succeed if the accounts of the forged authors/committers are not visible. Bug: Issue 16274 Bug: Google b/232285749 Signed-off-by: Edwin Kempin <ekempin@google.com> Change-Id: I1531d1f95b572b89998a82d503c3a3bb23f8712d Release-Notes: skip
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update && apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 8 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8
To run a Ubuntu 20.04 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.