* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https [not found] <E1OguCD-00023v-03@melo.openembedded.org> @ 2010-08-05 7:12 ` Martin Jansa 2010-08-05 7:38 ` Roman I Khimov 0 siblings, 1 reply; 8+ messages in thread From: Martin Jansa @ 2010-08-05 7:12 UTC (permalink / raw) To: openembedded-devel; +Cc: openembedded-commits On Thu, Aug 05, 2010 at 06:44:53AM +0000, git version control wrote: > Module: openembedded.git > Branch: org.openembedded.dev > Commit: 64b73f5d3bc4516de7deaf2c3647a96a1d5285e1 > URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=64b73f5d3bc4516de7deaf2c3647a96a1d5285e1 > > Author: Roman I Khimov <khimov@altell.ru> > Date: Thu Aug 5 10:16:54 2010 +0400 > > bitbake.conf: trust server certificate when doing svn over https > > Fixes fetching from https:// svn repos with self-signed certs. Maybe we should add also --accept theirs-full (just in case) --force (to force overwrite of existing files) ie matchbox-panel-2-icon-themes_0.0.1.bb matchbox-panel-2_svn.bb are checkouting/updating tiwo different SRCREVs and every few builds you end up removing svn checkout from downloads dir, just because it refuses to upgrade to newer revision (applets dir already exists there). Any objections (someone intentionaly keeping dirty checkouts in his DL_DIR)? Regards, -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https 2010-08-05 7:12 ` [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https Martin Jansa @ 2010-08-05 7:38 ` Roman I Khimov 2010-08-05 8:24 ` Martin Jansa 0 siblings, 1 reply; 8+ messages in thread From: Roman I Khimov @ 2010-08-05 7:38 UTC (permalink / raw) To: openembedded-devel В сообщении от Четверг 05 августа 2010 11:12:01 автор Martin Jansa написал: > Maybe we should add also > --accept theirs-full (just in case) > --force (to force overwrite of existing files) > > ie > matchbox-panel-2-icon-themes_0.0.1.bb > matchbox-panel-2_svn.bb > are checkouting/updating tiwo different SRCREVs and every few builds you > end up removing svn checkout from downloads dir, just because it > refuses to upgrade to newer revision (applets dir already exists there). > > Any objections (someone intentionaly keeping dirty checkouts in his > DL_DIR)? No objections here. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https 2010-08-05 7:38 ` Roman I Khimov @ 2010-08-05 8:24 ` Martin Jansa 2010-08-05 8:41 ` Roman I Khimov 0 siblings, 1 reply; 8+ messages in thread From: Martin Jansa @ 2010-08-05 8:24 UTC (permalink / raw) To: openembedded-devel On Thu, Aug 05, 2010 at 11:38:00AM +0400, Roman I Khimov wrote: > В сообщении от Четверг 05 августа 2010 11:12:01 автор Martin Jansa написал: > > Maybe we should add also > > --accept theirs-full (just in case) > > --force (to force overwrite of existing files) > > > > ie > > matchbox-panel-2-icon-themes_0.0.1.bb > > matchbox-panel-2_svn.bb > > are checkouting/updating tiwo different SRCREVs and every few builds you > > end up removing svn checkout from downloads dir, just because it > > refuses to upgrade to newer revision (applets dir already exists there). > > > > Any objections (someone intentionaly keeping dirty checkouts in his > > DL_DIR)? > > No objections here. On older buildhost I noticed that svn, version 1.5.1 (r32289) doesn't support --trust-server-cert Added in 1.6 http://subversion.apache.org/docs/release-notes/1.6.html I don't know if it's worth it to force builders to upgrade subversion or add their FETCHCOMMAND_svn UPDATECOMMAND_svn to local.conf. I'll send patch removing --trust-server-cert and adding force+accept. Regards, -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https 2010-08-05 8:24 ` Martin Jansa @ 2010-08-05 8:41 ` Roman I Khimov 2010-08-05 8:55 ` Frans Meulenbroeks 0 siblings, 1 reply; 8+ messages in thread From: Roman I Khimov @ 2010-08-05 8:41 UTC (permalink / raw) To: openembedded-devel В сообщении от Четверг 05 августа 2010 12:24:40 автор Martin Jansa написал: > On Thu, Aug 05, 2010 at 11:38:00AM +0400, Roman I Khimov wrote: > > В сообщении от Четверг 05 августа 2010 11:12:01 автор Martin Jansa написал: > > > Maybe we should add also > > > --accept theirs-full (just in case) > > > --force (to force overwrite of existing files) > > > > > > ie > > > matchbox-panel-2-icon-themes_0.0.1.bb > > > matchbox-panel-2_svn.bb > > > are checkouting/updating tiwo different SRCREVs and every few builds > > > you end up removing svn checkout from downloads dir, just because it > > > refuses to upgrade to newer revision (applets dir already exists > > > there). > > > > > > Any objections (someone intentionaly keeping dirty checkouts in his > > > DL_DIR)? > > > > No objections here. > > On older buildhost I noticed that > svn, version 1.5.1 (r32289) > doesn't support --trust-server-cert Argh. Certainly, not my day. Usually I use Debian lenny as a build machine and that really has 1.5.1 with no "--trust-server-cert" option. And that pf_ring recipe that does svn over https worked there just because I've had that repo checked out before packaging it in OE. Then as usually I've cherry-picked the patch to another machine with different machine/distro build configuration (surprisingly how often seem-to-be-good recipes fail after that) running under OpenSUSE 11.2. Immediately seen svn checkout error and figured out that it's "trivial" to fix (with OpenSUSE's svn 1.6.6). Turns out, not that much. Sorry. Feel free to revert it as I would only be able to do that some 8-9 hours later. > I don't know if it's worth it to force builders to upgrade subversion or > add their FETCHCOMMAND_svn UPDATECOMMAND_svn to local.conf. IMO we should not break support for major stable (or LTS) distros, so my patch is broken. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https 2010-08-05 8:41 ` Roman I Khimov @ 2010-08-05 8:55 ` Frans Meulenbroeks 2010-08-05 9:04 ` Roman I Khimov ` (2 more replies) 0 siblings, 3 replies; 8+ messages in thread From: Frans Meulenbroeks @ 2010-08-05 8:55 UTC (permalink / raw) To: openembedded-devel 2010/8/5 Roman I Khimov <khimov@altell.ru>: > В сообщении от Четверг 05 августа 2010 12:24:40 автор Martin Jansa написал: > >> I don't know if it's worth it to force builders to upgrade subversion or >> add their FETCHCOMMAND_svn UPDATECOMMAND_svn to local.conf. > > IMO we should not break support for major stable (or LTS) distros, so my patch > is broken. > I agree that we should not break support for major distros. but without your patch some of the recipes cannot be build easily. The solution of Martin seems a good inbetween. Frans ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https 2010-08-05 8:55 ` Frans Meulenbroeks @ 2010-08-05 9:04 ` Roman I Khimov 2010-08-05 9:10 ` Martin Jansa 2010-08-05 14:54 ` Tom Rini 2 siblings, 0 replies; 8+ messages in thread From: Roman I Khimov @ 2010-08-05 9:04 UTC (permalink / raw) To: openembedded-devel В сообщении от Четверг 05 августа 2010 12:55:05 автор Frans Meulenbroeks написал: > 2010/8/5 Roman I Khimov <khimov@altell.ru>: > > В сообщении от Четверг 05 августа 2010 12:24:40 автор Martin Jansa написал: > >> I don't know if it's worth it to force builders to upgrade subversion or > >> add their FETCHCOMMAND_svn UPDATECOMMAND_svn to local.conf. > > > > IMO we should not break support for major stable (or LTS) distros, so my > > patch is broken. > > I agree that we should not break support for major distros. but > without your patch some of the recipes cannot be build easily. > The solution of Martin seems a good inbetween. Unfortunately, "--force" wouldn't solve untrusted certificate problem: build@build2:~$ svn --non-interactive --force co https://svn.ntop.org/svn/ntop/trunk/PF_RING svn: OPTIONS of 'https://svn.ntop.org/svn/ntop/trunk/PF_RING': Server certificate verification failed: issuer is not trusted (https://svn.ntop.org) build@build2:~$ svn --version |grep \ version svn, version 1.5.1 (r32289) So it either stays as it is or we need svn-native to really fix the problem. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https 2010-08-05 8:55 ` Frans Meulenbroeks 2010-08-05 9:04 ` Roman I Khimov @ 2010-08-05 9:10 ` Martin Jansa 2010-08-05 14:54 ` Tom Rini 2 siblings, 0 replies; 8+ messages in thread From: Martin Jansa @ 2010-08-05 9:10 UTC (permalink / raw) To: openembedded-devel On Thu, Aug 05, 2010 at 10:55:05AM +0200, Frans Meulenbroeks wrote: > 2010/8/5 Roman I Khimov <khimov@altell.ru>: > > В сообщении от Четверг 05 августа 2010 12:24:40 автор Martin Jansa написал: > > > > >> I don't know if it's worth it to force builders to upgrade subversion or > >> add their FETCHCOMMAND_svn UPDATECOMMAND_svn to local.conf. > > > > IMO we should not break support for major stable (or LTS) distros, so my patch > > is broken. > > > I agree that we should not break support for major distros. but > without your patch some of the recipes cannot be build easily. > The solution of Martin seems a good inbetween. > > Frans I've pushed my patch removing --trust-server-cert and adding --accept, but --accept is only for >=1.5 If we want to support svn older than that ie: svn, version 1.1.1 (r11581) in RHEL4 maybe we should add subversion-native and drop ASSUME_PROVIDED? Regards, -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https 2010-08-05 8:55 ` Frans Meulenbroeks 2010-08-05 9:04 ` Roman I Khimov 2010-08-05 9:10 ` Martin Jansa @ 2010-08-05 14:54 ` Tom Rini 2 siblings, 0 replies; 8+ messages in thread From: Tom Rini @ 2010-08-05 14:54 UTC (permalink / raw) To: openembedded-devel Frans Meulenbroeks wrote: > 2010/8/5 Roman I Khimov <khimov@altell.ru>: >> В сообщении от Четверг 05 августа 2010 12:24:40 автор Martin Jansa написал: > >>> I don't know if it's worth it to force builders to upgrade subversion or >>> add their FETCHCOMMAND_svn UPDATECOMMAND_svn to local.conf. >> IMO we should not break support for major stable (or LTS) distros, so my patch >> is broken. >> > I agree that we should not break support for major distros. but > without your patch some of the recipes cannot be build easily. > The solution of Martin seems a good inbetween. Adding subversion-native isn't hard, I've got one around locally for RHEL4 :) It's svn 1.6.5. Also got the logic to add svn-native for any svn:// uris. -- Tom Rini Mentor Graphics Corporation ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-08-05 14:54 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <E1OguCD-00023v-03@melo.openembedded.org>
2010-08-05 7:12 ` [oe-commits] Roman I Khimov : bitbake.conf: trust server certificate when doing svn over https Martin Jansa
2010-08-05 7:38 ` Roman I Khimov
2010-08-05 8:24 ` Martin Jansa
2010-08-05 8:41 ` Roman I Khimov
2010-08-05 8:55 ` Frans Meulenbroeks
2010-08-05 9:04 ` Roman I Khimov
2010-08-05 9:10 ` Martin Jansa
2010-08-05 14:54 ` Tom Rini
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.