Re: [PATCH 1/1] git: update to v2.3.2

2015-03-07 Thread Jason A. Donenfeld
Merged, thanks. ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-07 Thread John Keeping
On Sat, Mar 07, 2015 at 04:59:26PM +0100, Lukas Fleischer wrote: On Sat, 07 Mar 2015 at 15:46:41, John Keeping wrote: This requires that we save the downloaded file explicitly rather than piping it straight to tar, but that is advisable anyway since it allows us to check the exit status of

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-07 Thread Lukas Fleischer
On Sat, 07 Mar 2015 at 18:02:59, John Keeping wrote: [...] I'm not sure what benefit it has if it's optional. Will anyone check? Maybe we could do something like: if type sha256sum /dev/null 21 then sha256sum --check git.sha256sum $(GIT_FILE)

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-07 Thread John Keeping
On Sat, Mar 07, 2015 at 06:49:32PM +0100, Lukas Fleischer wrote: On Sat, 07 Mar 2015 at 18:02:59, John Keeping wrote: [...] I'm not sure what benefit it has if it's optional. Will anyone check? Maybe we could do something like: if type sha256sum /dev/null 21 then

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-07 Thread Lukas Fleischer
On Sat, 07 Mar 2015 at 15:46:41, John Keeping wrote: This requires that we save the downloaded file explicitly rather than piping it straight to tar, but that is advisable anyway since it allows us to check the exit status of curl and make sure that we have downloaded the file successfully.

[PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-07 Thread John Keeping
This requires that we save the downloaded file explicitly rather than piping it straight to tar, but that is advisable anyway since it allows us to check the exit status of curl and make sure that we have downloaded the file successfully. Also add a test to make sure we don't forget to update the

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-07 Thread Todd Zullinger
John Keeping wrote: I still think we can't rely on `gpg --recv-keys` though, we would have to distribute the key with CGit and possible also do something to avoid importing it into the user's keyring by default. If the check was to be run from a cgit clone, the key Junio uses to sign git