commit | d94f25aed3d949c37ab82d47c2b0ab6e60cb9402 | [log] [tgz] |
---|---|---|
author | Michael Ochmann <michael.ochmann@sap.com> | Tue Feb 09 15:17:31 2016 +0100 |
committer | Saša Živkov <zivkov@gmail.com> | Thu Feb 11 13:39:30 2016 +0000 |
tree | 3fa9c42e45bb3a89c863c64bc1947bb9108d92fb | |
parent | 59c765652e481af5f5b3477a8383b948d8d5bba1 [diff] |
Option to skip library download during init The init tool offers a mechanism to download a required library like BouncyCastle during installation, and to remove "stale" versions of that library from the lib/ folder if specified in libraries.config. However, init does not check (and in general cannot check) that the library actually is stale, but forcefully replaces it with the version stated in libraries.config. For security critical libraries like BouncyCastle this is dangerous, especially when doing a batch install. In that case, init may silently download a potentially vulnerable library version and replace a more secure version already residing in the lib/ folder. This patch adds two new options to the init program to disable the automatic library download altogether, or selectively: --skip-all-downloads switches the download mechanism off completely; --skip-download <lib> switches the download off for the given library (<lib> being the section name of a library in libraries.config). Change-Id: I1df60b2fd7a4bf519b135e16deebb68a3b9095ef Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The IRC channel on freenode is #gerrit. An archive is available at: echelog.com.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Buck and run the following:
git clone --recursive https://gerrit.googlesource.com/gerrit cd gerrit && buck build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update & apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.