Option to skip library download during init

The init tool offers a mechanism to download a required library like
BouncyCastle during installation, and to remove "stale" versions of
that library from the lib/ folder if specified in libraries.config.
However, init does not check (and in general cannot check) that
the library actually is stale, but forcefully replaces it with the
version stated in libraries.config.

For security critical libraries like BouncyCastle this is dangerous,
especially when doing a batch install. In that case, init may silently
download a potentially vulnerable library version and replace a more
secure version already residing in the lib/ folder.

This patch adds two new options to the init program to disable the
automatic library download altogether, or selectively:

--skip-all-downloads switches the download mechanism off completely;

--skip-download <lib> switches the download off for the given library
  (<lib> being the section name of a library in libraries.config).

Change-Id: I1df60b2fd7a4bf519b135e16deebb68a3b9095ef
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
7 files changed
tree: 3fa9c42e45bb3a89c863c64bc1947bb9108d92fb
  1. .settings/
  2. bucklets/
  3. contrib/
  4. Documentation/
  5. gerrit-acceptance-framework/
  6. gerrit-acceptance-tests/
  7. gerrit-antlr/
  8. gerrit-cache-h2/
  9. gerrit-common/
  10. gerrit-extension-api/
  11. gerrit-gpg/
  12. gerrit-gwtdebug/
  13. gerrit-gwtexpui/
  14. gerrit-gwtui/
  15. gerrit-gwtui-common/
  16. gerrit-httpd/
  17. gerrit-launcher/
  18. gerrit-lucene/
  19. gerrit-main/
  20. gerrit-oauth/
  21. gerrit-openid/
  22. gerrit-patch-commonsnet/
  23. gerrit-patch-jgit/
  24. gerrit-pgm/
  25. gerrit-plugin-api/
  26. gerrit-plugin-archetype/
  27. gerrit-plugin-gwt-archetype/
  28. gerrit-plugin-gwtui/
  29. gerrit-plugin-js-archetype/
  30. gerrit-prettify/
  31. gerrit-reviewdb/
  32. gerrit-server/
  33. gerrit-sshd/
  34. gerrit-util-cli/
  35. gerrit-util-http/
  36. gerrit-util-ssl/
  37. gerrit-war/
  38. lib/
  39. plugins/
  40. polygerrit-ui/
  41. ReleaseNotes/
  42. tools/
  43. website/
  44. .buckconfig
  45. .buckversion
  46. .editorconfig
  47. .gitignore
  48. .gitmodules
  49. .mailmap
  50. .pydevproject
  51. .watchmanconfig
  52. BUCK
  53. COPYING
  54. INSTALL
  55. README.md
  56. SUBMITTING_PATCHES
  57. VERSION
README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The IRC channel on freenode is #gerrit. An archive is available at: echelog.com.

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Buck and run the following:

    git clone --recursive https://gerrit.googlesource.com/gerrit
    cd gerrit && buck build release

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update & apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.

Events

  • March 14-18 2016: Gerrit Hackathon, Berlin (free seats are still available).