| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| | |
* stable-3.4:
Reset pageResultSize when PaginationType NONE back-fill results
Release-Notes: skip
Change-Id: I32a22fcbd7c84d07ff96df44975dd4c53259b94e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a follow up of change 413358.
In particular, if some results are skipped because of
of the visibility constraints, more changes need to
be asked from the index, and pageResultSize needs to
be reset to know how many results are returned from each
query.
Without this change querying for more changes could end
up in an infinite loop as exposed in a test in 3.6 [1]
[1]: https://gerrit.googlesource.com/gerrit/+/refs/heads/stable-3.6/javatests/com/google/gerrit/server/query/change/FakeQueryChangesTest.java#126
Release-Notes: skip
Change-Id: I566010c6f5bfcb4fbc003bc6693aa25d4dd44a81
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the first query to the index did not fill the full limit the caller
wants, we paginate to obtain more results. However, subsequent queries
are not needed if there are no more results from the previous query.
This add a test for the change 413358 [1], that has reintroduced the
issue fixed in change 344695.
[1]: https://gerrit-review.googlesource.com/c/gerrit/+/413358/comment/85bca522_2b3552b2/
Bug: Issue 330195358
Release-Notes: skip
Change-Id: If578ee877587488fdf3715331bd8d23e9d86f750
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* stable-3.4:
Fix paginationType NONE to run further queries only if needed
Fix detection of invalid SSH key algorithm
Demonstrate SshKeyUtil fails to validate invalid SSH keys
Move comment of PaginatingSource.read()
Fix visibility filter for changes when paginationType NONE
Add tests for pagination to back fill the results
Release-Notes: skip
Change-Id: I9df29c9ae3b37026c9866fd97b6bb7f8dbb0dde9
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the first query to the index did not fill the full limit the caller
wants, we paginate to obtain more results. However, subsequent queries
are not needed if the previous query returned less results
than the limit.
This is a follow up of the change 413358 [1], that has reintroduced the
issue fixed in change 344695.
[1]: https://gerrit-review.googlesource.com/c/gerrit/+/413358/comment/85bca522_2b3552b2/
Bug: Issue 330195358
Release-Notes: Fix pagination to stop querying when there are no more results
Change-Id: Ie326f3628f5312a83bf83177a3fa5134f042b59a
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Verify that the OpenSSH key algorithm matches the one
associated with the public key. Throw a new specific
InvalidKeyAlgorithmException if the two algorithms do not match.
This is a breaking change because invalid OpenSSH keys
have been tolerated since the very beginning, when Shawn introduced
the SSH support in Change 6610.
Attempting to store new invalid SSH keys would fail and result
an HTTP status 400 error as response to the add keys REST-API.
Make SshKeyCacheImpl tolerant to existing keys stored
in the accounts' profile, otherwise Gerrit may start flagging
keys that have been previously stored as invalid, resulting
in random authentication failures by existing users.
Existing invalid keys are reported in the error_log with the
associated exceptions and automatically fixed, removing the
invalid key from the accounts profile and adjusting the key
algorithm with the one associated with the public key.
Bug: Issue 330758152
Release-Notes: Breaking change: validate and reject SSH keys with invalid or mismatched algorithm
Change-Id: I83c89a786f70aa3b88744a70f10012415f45f284
(cherry picked from commit 6eac4fe62a6a081c5c9395f8874bdc49615eea0d)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The SshKeyUtil has always missed the validation of the SSH key algo
specified as a prefix of the Base-64 encoded key.
Whilst the behaviour has always been the same since 2008, it is
nonetheless buggy and should be validated for preventing the storage
of invalid keys.
TODO: Mark the SSH key validation test as disabled for allowing the
build to succeed. The test can be enabled back again once the validation
has been amended to verify the key algorithm.
Bug: Issue 330758152
Release-Notes: skip
Change-Id: I42b1c6474fa876828e5353e81e97b21b981665f9
(cherry picked from commit 4f3ff5abdb18ad34078d8dd2f0ad1d4e610957d1)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move the comment about restarting the DataSource for back filling
results skipped for visibility. The comment in fact is valid for
any PaginationType specified.
Adress the comment in change 413358 [1].
[1]: https://gerrit-review.googlesource.com/c/gerrit/+/413358/comment/d7a90bb0_0f8ebc9f/
Release-Notes: skip
Change-Id: I9826b8be4005a946c7952ae89eb81f8c191997e3
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The introduction of paginationType NONE in
change 379354 affected the API pagination.
In particular, if some results are skipped because of
of the visibility constraints, more changes need to
be asked from the index, until we have filled the
full limit the caller wants or if there are no more
changes [1].
[1]: https://gerrit-review.googlesource.com/c/gerrit/+/379354/8/java/com/google/gerrit/index/query/PaginatingSource.java#72
Bug: Issue 328958027
Release-Notes: Fix NONE paginationType filtering of changes
Change-Id: I3ccff7f8ba5a6d3903f9acbe3f5c439c55225ce2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When querying Lucene, if we have not filled the full
limit the caller wants, `PaginatingSource.read()`
need to restart the source and continue. This should happen
regardless of the paginationType.
Bug: Issue 328958027
Release-Notes: skip
Change-Id: I02bc97eeecde2149e374dd036b87dd4c06034f27
|
| |
| |
| |
| |
| |
| |
| |
| | |
The tests in FakeQueryChangesTest were executed only
for the default pagination (OFFSET) and SEARCH_AFTER
Release-Notes: skip
Change-Id: Ic5c84bdc28fccbf0a4c931d7137ce8f232907622
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change visibility of the PredicateArgs constructor to public. This will
allow plugins implementing operators with args to use PredicateArgs
instead of implementing their own arg parser.
Release-Notes: skip
Change-Id: Ief39f4606a96c24ae3ad58bd0031a825ce4cdcab
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Comparing an unnormalized psa with a normalized psa can create
unexpected differences, leading to error messages during the
copy-approvals command like:
java.lang.IllegalArgumentException: Approval that should be copied is not copied.
Fix those situations by applying normalization to the current approvals
before comparing them to the inferred approvals (which already have
normalization applied).
Release-Notes: Fix copy-approvals for cases where current approvals have different values when normalized
Change-Id: I17cccf537943654f89a4d02af13ec2dda768f0df
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
$ git log --oneline --no-merges 74fa245b3..acf21c0bc
acf21c0bc RefDirectory: Do not unlock until after deleting loose ref
86ef2d531 Add missing javadoc description for declared exception
29c89d1f0 SnapshottingRefDirectory: Invalidate snapshot after locking ref for update
8197cab33 SnapshottingRefDir: Replace lambas with method refs
8b49e01ab SnapshottingRefDir: Reduce casts with overrides
747618358 Improve handling of NFS stale handle errors
ca54c5176 Fix handling of missing pack index file
60af389b4 Add tests for handling pack files removal during fetch
b4c66104f Introduce a PriorityQueue sorting RevCommits by commit timestamp
2d52df154 Remove org.eclipse.jgit.benchmark/.factorypath
10c5c17eb Update jmh to 1.37 for org.eclipse.jgit.benchmark
2177bed9a Silence API warnings
e712b4716 Make sure ref to prune is in packed refs
170244d05 Checkout: better directory handling
4d6671b4c (origin/stable-5.13) PackConfig: fix @since tags
244165fc5 Remove unused API problem filters
f103a1d5c Add support for git config repack.packKeptObjects
f5f4bf0ad Do not exclude objects in locked packs from bitmap processing
43d6bc5ef Prepare 6.6.2-SNAPSHOT builds
ff08cbfe0 (tag: v6.6.1.202309021850-r) JGit v6.6.1.202309021850-r
9072103f3 Checkout: better directory handling
c64dfe5b4 Update to Tycho 4.0.1
88ca88a32 Add verification in GcKeepFilesTest that bitmaps are generated
3a6eec9bb Express the explicit intention of creating bitmaps in GC
ac8d7838f GC: prune all packfiles after the loosen phase
dd92c1aa9 Prepare 5.13.3-SNAPSHOT builds
5aa8a7e27 (tag: v5.13.2.202306221912-r) JGit v5.13.2.202306221912-r
6f4f7e911 Update Orbit to R20230531010532 for 2023-06
f6928f573 Revert "RefDirectory: Throw exception if CAS of packed ref list fails"
a80130d65 Bazel: Fix remote build execution for Java 17
f4eb38f9f Bump bazel vesion to 6.2.0
ceeb9ad80 Prepare 6.6.1-SNAPSHOT builds
d3962e0e7 (tag: v6.6.0.202305301015-r) JGit v6.6.0.202305301015-r
cae6d4e6b Update to Orbit S20230516204213
264b91c3e Prepare 6.6.0-SNAPSHOT builds
246f37d19 (tag: v6.6.0.202305241045-m3) JGit v6.6.0.202305241045-m3
6b3b2b33a GraphObjectIndex: fix search in findGraphPosition
d3d0ec429 Update to Tycho 4.0.0-SNAPSHOT
0d92f543f PGP sign p2 artefacts
f8038b6b5 Revert 'Use net.i2p.crypto:eddsa directly from Maven Central'
5a00dd873 Update dash license-tool-plugin to 1.0.2
2cbf0c177 Also add suppressed exception if unchecked exception occurs in finally
334852c52 Candidate: use "Objects.equals" instead of "=="
4562e79e2 Use hamcrest 2.2 directly from Maven Central
04ca81308 Use commons-logging directly from Maven Central
72455b5fd Update jna to 5.13.0
e53250921 Use bytebuddy directly from Maven Central
ca0696664 Use jna directly from Maven Central
7e094c6cf Use net.i2p.crypto:eddsa directly from Maven Central
b3dcf6344 Use org.tukaani:xz directly from Maven Central
4aa89daac Use args4j directly from Maven Central
7e67fe1d4 Use gson directly from Maven Central
6f2d93fb8 Remove unused $NON-NLS-1$
0f7d485bc Remove unused API filters
913e6cf3f Switch to Apache MINA sshd 2.10.0
43954ea62 [releng] API filter for PackIndex.DEFAULT_WRITE_REVERSE_INDEX
2c89a3ec7 PackExt: add a #getTmpExtension method
d0564cf8a UploadPack: Record negotiation stats on fetchV2 call
e6f216119 RewriteGeneratorTest: Introduce test cases for the RewriteGenerator
ce88e62ed PackWriter: write the PackReverseIndex file
05e7e9d5a Prepare 6.6.0-SNAPSHOT builds
f6f56fc9b JGit v6.6.0.202305031100-m2
Release-Notes: Update JGit to acf21c0bc
Change-Id: Id1f96b09c989cafa4a3871a88c1c8cf5e96f9def
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
JGit packer tracks the number of times that an object was not
found in the bitmap index or if the bitmap index was completely
missing. The Gerrit admin may be interested in knowing that
the incoming traffic is slowed down by excessive bitmap
index misses because of the increase of the overall git-upload-pack
latencies and the impact on the server's throughput.
Also add a specific counter for when the bitmap index is totally
missing, which the Gerrit admin should use for setting alerts
of possible GC cycles being ineffective.
Add the git/upload-pack/bitmap_index_misses_count for beging used
in performance graphs, while the git/upload-pack/no_bitmap_index
should be more suitable for alerts.
Release-Notes: Add metrics for git/upload-pack/bitmap_index_misses_count and a separate one for missing bitmap indexs
Change-Id: Ie76bdcc39073748a5a0c59618cba58d286e08ba9
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
JGit packer tracks time spent in searching for reuse and sizes
associated with the phase "Finding sources".
Gerrit already has an out-of-the-box capability for
tracking JGit protocol-level metrics, but did not cover until
now, the "Finding sources" phase, which is critical for an optimal
Git/HTTP performance.
Add the git/upload-pack/phase_searching_for_* so that the Gerrit
admin can graph how these are performing and spot any potential
issues.
Release-Notes: Add timer for git/upload-pack/phase_searching_for_* phases
Change-Id: I65abde2c2157de61f4ee2114609085065aa5a659
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
JGit packer tracks time spent in the negotiation phase.
This statistic was only exposed in the sshd_log and is not available
when the client uses Git/HTTP, which is counter-intuitive.
Having the statistics in log files is not ideal, though, because
for the Gerrit administrator, it takes more time to surface them
and defining alerts or monitoring:
- Logs need to be collected
- Metrics extracted
- Calculate the KPIs
- Graph and alert based on KPIs
Gerrit already has an out-of-the-box capability for
tracking JGit protocol-level metrics, but did not cover until
now, the negotiation phase, which is critical for an optimal Git/HTTP
performance.
Add the git/upload-pack/phase_negotiating so that the Gerrit admin
can graph how these are performing and spot any potential issues.
Release-Notes: Add timer for git/upload-pack/phase_negotiating
Change-Id: If185e0a1b4a4418243a2273ec850de01337afdd8
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Not having any work to do is less significant to admins than when there
is work to do. Decreasing the logging level allows admins to opt-in to
the "not pruning" messages.
Change-Id: Id68ecb1960c4f996df70420fd58416e957670471
Release-Notes: skip
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently we only wait 30 seconds on top of either httpd or sshd
gracefulStopTimeout before terminating Gerrit, in some instances this
might not be enough.
Make it configurable so end user can decide what's best for their use
case.
Release-Notes: Introduce configurable shutdown timeout
Change-Id: Ie976264792f683f8024f0b0266a3318f509f5cf5
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Change I493b9d7ee0 refactored the copy-approvals code to make it
multi-threaded and slice-based.
In doing so, it replaced `BatchUpdate.execute()` calls with with
low-level `BatchRefUpdate.execute()` calls, introducing a regression
whereby `refUpdate` events were no longer emitted.
Explicitly fire `refUpdate` events upon the successful copy-approval
update of the change meta ref and introduce a test to ensure this
behavior is kept.
Release-Notes: skip
Forward-Compatible: checked
Change-Id: I21ac623bd0f1b4a493f7e7984a93bd20911cd3d8
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-3.4:
Make the indexing operation fail upon StorageException(s)
ConsistencyCheckerIT: Delete calls to index broken changes that fail silently
RefAdvertisementIT: Don't call reindex that would fail silently
Release-Notes: skip
Change-Id: Ie96402babc84da9e63fda409cfec44f87ff37ba2
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-3.3:
Make the indexing operation fail upon StorageException(s)
ConsistencyCheckerIT: Delete calls to index broken changes that fail silently
RefAdvertisementIT: Don't call reindex that would fail silently
Release-Notes: skip
Change-Id: I775de4baa70920c515aa040ff2222ec8052dd366
|
| | |\ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* stable-3.2:
Make the indexing operation fail upon StorageException(s)
ConsistencyCheckerIT: Delete calls to index broken changes that fail silently
RefAdvertisementIT: Don't call reindex that would fail silently
Release-Notes: skip
Change-Id: Iecdf1e4ce450c8fab5244338ce46e6e4d95bf959
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change 270450 caused the blanking of the Lucene document
upon reindexing if any field caused a StorageException.
Whilst the overall intention was good, the implementation
caused the Lucene index replace operation to continue with
a Document without any fields instead of making the whole
operation fail.
StorageExceptions are thrown when the underlying storage,
being a filesystem or anything else, returns some errors.
Whether the failure is permanent or temporary (e.g. concurrent
GCs, repacking or pruning may cause sporadic StorageException(s))
returning a blank Lucene document was incorrect because, instead
of failing the operation, it was causing the change entry to be
completely removed from the index.
Let the StorageException fail the indexing operation, so that
existing entries may continue to exist, allowing the caller
to retry the operation.
The previous implementation, returning an empty Document, did
not allow any retry, because once the change entry was removed
from the index, it could not be discovered and reindexed anymore
for example by a `gerrit index changes <changenum>`.
Tested manually, applying a randomic StorageException thrown
during the fetching of the ChangeField extensions:
public static Set<String> getExtensions(ChangeData cd) {
if (new Random().nextBoolean()) {
throw new StorageException("Simulated storage exception");
}
return extensions(cd).collect(toSet());
}
Before this change, every time one change indexing throws a
StorageException, it disappears from the index. Eventually,
all changes will be eliminated and only an off-line reindex
or the reindex of all changes in the project would allow to
recover them.
After this change, some of the indexing operations are
successful and other fails. However, retrying the reindexing
operation would allow to reindex all of them.
Even if the above test case looks strange at first sight,
it simulates a real-life scenario where a low percentage
of indexing operation (0.1%) may fail because of sporadic
StorageExceptions. Before this change, some index entries
were missing on a daily basis (5 to 10 changes per day),
whilst after this change all indexing operation can be
retried and do not result in any indexing entry loss.
Bug: Issue 314113030
Release-Notes: Fail the change reindex operation upon StorageException(s)
Change-Id: Ia121f47f7a68c290849a22dea657804743a26b0d
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These calls used to fail silently and are of no further use.
This change is part of a series that allows for the fake change index
to run in integration tests. The fake index throws an exception in
case reindexing fails, which made this test fail.
Release-Notes: skip
Change-Id: I9c9d3f7613bca057bf0963442077bb6c0b3dab51
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
receivePackOmitsMissingObject wants to test a scenario where we
have a change ref, but the patch set ref / commit was deleted or
is otherwise gone.
It did that by adding a new patch set pointing to a non-existent
SHA1 and triggered a reindex of that change. However, that reindex
fails silently because we submit the reindex task to another
executor and provide no feedback to the caller.
This commit modifies the test and just deletes the patch set ref
which makes for the same scenario but without the reindex trouble.
This change is part of a series that allows for the fake change index
to run in integration tests. The fake index throws an exception in
case reindexing fails, which made this test fail.
Release-Notes: skip
Change-Id: Icf79795a343a6abca28c6504b279eb0a5c84fad2
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The timer block didn't include the call to the persisted cache despite
the message of the timer indicating it did. Since the block that was
previously included could have interesting timing information, keep it
but provide a more accurate operation description.
Change-Id: If038571f71f805cbb96294bb20a365e99104c136
Release-Notes: skip
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It can be helpful for admins to see when disk cache pruning is running
and what work it's doing.
Change-Id: I7802387b71f03029f246385080e4b976b7972359
Release-Notes: skip
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix build command for Java11 in dev-bazel docs to comply with default
bazel version and .bazelrc
Release-Notes: skip
Change-Id: I86add69bfe995737d249d202d0392e35300d6d46
|
|\ \ \ \ \ |
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This method de-duplicates the potentially expensive
hasMissingDependencies() call for callers that needed to do
`canFastForward() || canMerge()`.
Change-Id: If4b5a1244b79d84103af8939e621b503ba587cc3
Release-Notes: Improved performance for conflicts: operator and other mergability checks when submit type is Merge-If-Necessary
|
|\ \ \ \ \
| |/ / / /
|/| / / /
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-3.4:
Update Jetty to 9.4.53.v20231009 for security updates
Bump JGit to v5.13.2.202306221912-r (5aa8a7e27)
Release-Notes: skip
Change-Id: Ibdcf22c5b29f5157995004592e930e57a22d6091
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-3.3:
Update Jetty to 9.4.53.v20231009 for security updates
Release-Notes: skip
Change-Id: Iebbfe9ea1fc69e91e74208e30ea9a1b0a71ab1bd
|
| | |\|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-3.2:
Update Jetty to 9.4.53.v20231009 for security updates
Release-Notes: skip
Change-Id: If1d4dfc04d9407f0bab937a996d9321358a7b6a8
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Jetty 9.4.53.v20231009 includes the following two security fixes:
- CVE-2023-36478 [1] - zero-days security issue discovered on
the 10th of October, also known as "HTTP/2 Rapid Reset"
- CVE-2023-44487 [2] - HTTP/2 Stream Cancellation Attack
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-36478
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Release-Notes: Update Jetty to 9.4.53.v20231009 with critical security fixes
Change-Id: Ie93fbcb8b35d9e4997dc0578893a8856b56b173c
(cherry picked from commit c49057e05d35ff2ad1a7307aa9168b84ae7588db)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since we need to keep 3.4 compatible with Java 8, we can't update it
past the JGit stable-5.13 branch as 6.0+ is Java 11 only.
* modules/jgit 035e0e23f25..5aa8a7e27 (7):
f6928f573 Revert "RefDirectory: Throw exception if CAS of packed ref list fails"
2fd050c56 GcConcurrentTest: @Ignore flaky testInterruptGc
2aaa56113 Fix CommitTemplateConfigTest
61d4e3134 [bazel] Skip ConfigTest#testCommitTemplatePathInHomeDirecory
f3a3a2e87 Demote severity of some error prone bug patterns to warnings
b9b90d1d3 Add missing since tag for SshBasicTestBase
4f662a26f Add missing since tag for SshTestHarness#publicKey2
631858183 Silence API errors
96d9e3eb1 (origin/stable-5.9) Prevent infinite loop rescanning the pack list on PackMismatchException
f371bfb3e Remove blank in maven.config
f73efea21 Remove blank in maven.config
23b9693a7 DirCache: support option index.skipHash
3212c8fa3 GC: Close File.lines stream
d9f75e8bb If tryLock fails to get the lock another gc has it
1691e3877 Fix GcConcurrentTest#testInterruptGc
49f527386 Don't swallow IOException in GC.PidLock#lock
a6da439b4 Check if FileLock is valid before using or releasing it
8eee800fb Acquire file lock "gc.pid" before running gc
380f091fa Silence API errors introduced by 9424052f
9424052f2 Add pack options to preserve and prune old pack files
ed2cbd9e8 Allow to perform PackedBatchRefUpdate without locking loose refs
e55bad514 Document option "core.sha1Implementation" introduced in 59029aec
21e902dd7 Shortcut during git fetch for avoiding looping through all local refs
765083200 FetchCommand: fix fetchSubmodules to work on a Ref to a blob
8040936f8 Silence API warnings introduced by I466dcde6
ad977f157 Allow the exclusions of refs prefixes from bitmap
e4529cd39 PackWriterBitmapPreparer: do not include annotated tags in bitmap
611412a05 BatchingProgressMonitor: avoid int overflow when computing percentage
cd3fc7a29 Speedup GC listing objects referenced from reflogs
2011fe06d FileSnapshotTest: Add more MISSING_FILE coverage
aa9f736c3 Silence API warnings
48316309b [benchmarks] Remove profiler configuration
c20e9676c Add SHA1 benchmark
4fac79658 [benchmarks] Set version of maven-compiler-plugin to 3.8.1
8d53a1433 Fix running JMH benchmarks
59029aec3 Add option to allow using JDK's SHA1 implementation
924491d4d Ignore IllegalStateException if JVM is already shutting down
Release-Notes: Bump JGit to v5.13.2.202306221912-r
Change-Id: I4cc1acbf1761336fa4556450791b814b275c3370
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The menu names for getting to the project listing changed a while ago.
Also add a link to the `gerrit set-head` SSH command.
Change-Id: Ic5430bf21c4b6a7a044c58e0ae9aa5185000452c
Release-Notes: documentation improvements
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update to group files is not supported because there are no validations
on the changes being done to these files, without which the group data
might get corrupted. Thus don't allow merges into All-Users group refs
which updates group files (i.e., group.config, members and subgroups).
But it is still useful to allow users to update files apart from group
files. For example, users can maintain task config [1] in group refs
which allows users to collaborate and review changes on group specific
task configs.
[1] https://gerrit.googlesource.com/plugins/task/+/refs/heads/stable-3.5/src/main/resources/Documentation/task.md
Release-Notes: users can now upload changes to group refs except changes to group files
Change-Id: I993f7a2d9e2db73744bb13313d058917322768d1
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Submit requirements currently cannot be configured with aliased
operators as aliases are ignored with submit requirement predicates.
Fix this by setting up the aliases in ChangeQueryBuilder's constructor
so that the query builder for submit requirement expressions also
includes them.
Release-Notes: Aliased operators now work with submit requirements
Change-Id: I54a472785d1b5addf54c4dea4be2778bfed59e96
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
While changing preferred email, the client-side cache is incorrectly
updated, resulting in duplicate emails in the cache. Fix the issue by
updating the relevant logic.
Bug: Issue 304335624
Release-Notes: Changing preferred email does not result in duplicate emails
Change-Id: Ifea0d2a91426acc27b8b89720b39c858f859f31e
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Prior to this change, warning [1] was observed in the error logs for a
plugin which has exclusively bindings for SshExecuteCommandInterceptor/
SshCreateCommandInterceptor in the ssh module as outlined in the
documentation provided in references [2] and [3]. Fix this by skipping
the warning if those bindings are found.
[1] WARN com.google.gerrit.sshd.SshPluginStarterCallback : Plugin
<plugin_name> did not define its top-level command nor any
DynamicOptions com.google.inject.ConfigurationException: Guice
configuration errors:
[Guice/MissingImplementation]: No implementation for Command annotated
with @CommandName("<plugin_name>") was bound.
[2] https://gerrit-review.googlesource.com/Documentation/dev-plugins.html#ssh-command-creation-interception
[3] https://gerrit-review.googlesource.com/Documentation/dev-plugins.html#ssh-command-execution-interception
Bug: Issue 302408544
Change-Id: I80a2de37f2d38766b66315359779f7678f7062db
Release-Notes: Eliminated startup warning for plugins whose SshModule only provides Ssh*CommandInterceptors
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This cache only stores the data needed to speedup ref advertisements.
The index is used to populate this cache when it is available otherwise
it falls back to scanning noteDb (generally on replicas). This cache is
most useful when using 'git upload-pack' with projects with large change
counts on replicas.
The following times were seen when running 'git ls-remote' on a project
with around 380K changes stored on NFS:
With ES index (primary):
Before this change: (cold 1m3s) 12-17s (with large enough "changes" cache)
After this change: (cold 1m3s) 12-17s (with large enough "changes" cache)
No Index (replica):
Before this change: (cold ~4m) ~4m
After this change: (cold 2m25s) 12-17s
Although the numbers above do not show an improvement on "best" times
for primaries using ES, that's because those numbers represent the times
achieved with the existing "changes" cache enabled. However, since the
existing "changes" cache is disabled by default, most sites will see an
improvement after this change with 'git upload-pack' on primaries also,
and additionally with 'git receive-pack'. Thus the warm times after this
change are more achievable and more likely to stay fast, even when other
projects are accessed in between. Before this change it is harder to
achieve and maintain the warm times.
The existing "changes" cache can also is used to help cache changes by
project, however, it is documented as not being appropriate for
multi-primary setups since it will be out of date if alterations are
made to changes outside of the current server. The existing cache is
also not useable on replicas where there is no index. It is noteworthy
that the existing cache provide value beyond just its ability to cache
results since loading change data from the index (even with ES), is
faster than loading change data via a noteDb scan.
Similar to the existing cache, the new cache is able to take advantage
of the index when it is available on primaries, however it is actually
multi-primary friendly because it stores the meta-ref id for each change
and out-of-date changes are detected on each cache fetch resulting in
the cache being incrementally kept up-to-date. The new cache is also
useable on replicas by also falling back to a noteDb scan when the index
is not available, however here too it is able to incrementally stay up
to date after the first scan.
The new cache is much more space efficient than the existing "changes"
cache as it takes advantage of the fact that determining visibility for
public changes requires access only to a change's destination branch and
that many changes are generally destined for each branch. So although
the existing cache is fairly compact, this new cache stores even fewer
change data fields. This makes it likely possible to keep all the
projects on a server cached in memory, even on servers with large
projects and change counts. It may make sense to eventually remove the
existing changes cache.
Release-Notes: Add cache to speedup ref advertisements (particularly on replicas) and receive-pack
Forward-Compatible: checked
Change-Id: Ib9c77ee03d9012cdeb6ad05eed3492c3009e4334
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The statement "refreshed from source data every maxAge interval" is
not true. The Guava [1] and Caffeine [2] docs specify that each entry
should be automatically removed from the cache once a fixed duration
has elapsed after the entry's creation. The value is not refreshed
automatically after its removal. Thus remove the misleading statement.
[1] https://guava.dev/releases/19.0/api/docs/com/google/common/cache/CacheBuilder.html#expireAfterWrite(long,%20java.util.concurrent.TimeUnit)
[2] https://www.javadoc.io/doc/com.github.ben-manes.caffeine/caffeine/2.1.0/com/github/benmanes/caffeine/cache/Caffeine.html#expireAfterWrite-long-java.util.concurrent.TimeUnit-
Release-Notes: skip
Change-Id: Ie83a22f1936ea6208456b2fac05f5d4c46cae8ad
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Similar to in memory cache, override persistent cache's
refreshAfterWrite and maxAge settings from gerrit config when
available.
Release-Notes: refreshAfterWrite and maxAge settings in gerrit config are now honored for both persistent and in-memory caches
Change-Id: Iab8667cd44dc6bcc5d54d217ea273209e4754e50
|