[csw-maintainers] Fwd: help needed for subversion ...

Thu Mar 17 14:38:54 CET 2011

Hi Sebastian,

Am 17.03.2011 um 14:13 schrieb Sebastian Kayser:
> * Dagobert Michelsen <dam at opencsw.org> wrote:
>> From: "rupert THURNER" <rupert.thurner at gmail.com>
>>> i wanted to do an emergency build of subversion, as there is a remote denial of service possibility only requiring read permission, see http://subversion.apache.org/security/CVE-2011-0715-advisory.txt.
>>> 
>>> [...]
>>> 
>>> for checkpkg:
>>> would it be a possibility to do one of (1) use automatically the "old" gar version so it reliably builds, or (2) enable a continuous integration build so a gar change immediately lets the build of subversion fail?
>> 
>> This would of course be possible but it would not be good: the udpated
>> checkpkg catches much more errors and when they show up it usually means
>> the package needs more fixing instead of "please let me release what was
>> thought to be good yesterday".
> 
> I agree though that the possibility of emergency-building a package
> tweak with the GAR version that was used to build the previous package
> revision is something that sounds helpful.
> 
> Dago, could we start to integrate the GAR URL & revision that's used for
> building a package in pkginfo? I remember that we had the discussion
> previously and OPENCSW_REPOSITORY was mentioned. The used GAR revision
> isn't necessarily the same though.

As there is only one revision for the whole svn tree including GAR and
the packages the tree and number is sufficient. The URL and revision is
in the packages for a long time now:

  web at web [web]:/home/web/bin > pkgparam CSWiconv OPENCSW_REPOSITORY         
  https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/pkg/libiconv/trunk@5766

You can use the revision to fixate the external link on checking out GAR.
This should best be done using by using mgar and with some build option
to it, like "mgar --legacy-rebuild" or something.

Best regards

  -- Dago