Release notes for Gerrit 2.1.2 ============================== Gerrit 2.1.2 is now available in the usual location: link:http://code.google.com/p/gerrit/downloads/list[http://code.google.com/p/gerrit/downloads/list] Schema Change ------------- *WARNING* This release contains multiple schema changes. To upgrade: ---- java -jar gerrit.war init -d site_path ---- Breakages --------- * issue 421 Force validation of the author and committer lines + The author line must now match the authenticated user when uploading a change, and both author and committer must match when pushing directly into a branch with the Push Branch permission. This is a new restriction that did not exist in prior versions and was necessary to close a hole that permitted users to completely forge commits if they had Push Branch +1 granted. + Project owners may grant the new Forge Identity permission to permit a user group to forge the author and/or committer lines in commit objects they are pushing for review, or directly into a branch. To match prior behavior grant Forge Identity +1 where Read +2 (Upload) exists, and Forge Identity +2 where Push Branch >= +1 exists. New Features ------------ UI - Diff Viewer ~~~~~~~~~~~~~~~~ * issue 169 Highlight line-level (aka word) differences in files + Differences within a replaced line are now highlighted with a brighter red or green background color. Some heuristics are applied to identify and highlight reindented blocks in popular C/C++/Java/C#-like and Python-like languages. The highlighting algorithm is still simple and could benefit from more fine-tuning, as its largely driven by a simple Myers O(ND) character difference over the replaced lines. + The configuration variable cache.diff.intraline can be used to disable this feature site-wide, if it causes problems. * Improve side-by-side viewer look-and-feel + The look-and-feel of the side-by-side viewer (and also of the unified viewer) has been significantly improved in this release. Coloring of regions is more consistently applied, reducing reader distraction. Comment boxes use a cleaner display, and take up less space per line. * Adjustable patch display settings + Users can now set the tab size or number of columns when displaying a patch. Toggles are also available to enable or disable syntax coloring, intraline differences, whitespace errors, and visible tabs. * issue 416 Add download links to side-by-side viewer + The side-by-side viewer now offers links to download the complete file of either the left or right side. To protect the users from malicious cross-site scripting attacks, the download links force the content to be wrapped inside of a ZIP archive with a randomized file name. Server administrators may use the mimetype.safe configuration setting to avoid this wrapping if they trust users to only upload safe file content. * Improve performance of 'Show Full Files' + The 'Show Full File' checkbox in the file viewers no longer requires an RPC if the file is sufficiently small enough and syntax coloring was enabled. The browser can update the UI using the cached data it already has on hand. * Show old file paths on renamed/copied files + If a file was renamed or copied, the side-by-side viewer now shows the old file path in the column header instead of the generic header text 'Old Version'. * Improved character set detection + Gerrit now uses the Mozilla character set detection algorithm when trying to determine what charset was used to write a text file. For UTF-8 or ISO-8859-1/ASCII users, there should be no difference over prior releases. With this change, the server can now also automatically recognize source files encoded in: a. Chinese (ISO-2022-CN, BIG5, EUC-TW, GB18030, HZ-GB-23121) b. Cyrillic (ISO-8859-5, KOI8-R, WINDOWS-1251, MACCYRILLIC, IBM866, IBM855) c. Greek (ISO-8859-7, WINDOWS-1253) d. Hebrew (ISO-8859-8, WINDOWS-1255) e. Japanese (ISO-2022-JP, SHIFT_JIS, EUC-JP) f. Korean (ISO-2022-KR, EUC-KR) g. Unicode (UTF-8, UTF-16BE / UTF-16LE, UTF-32BE / UTF-32LE / X-ISO-10646-UCS-4-34121 / X-ISO-10646-UCS-4-21431) h. WINDOWS-1252 * issue 405 Add canned per-line comment reply of 'Done' * issue 380 Use N/P to jump to next/previous comments * Use RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK for tabs * Use a tooltip to explain whitespace errors UI - Other ~~~~~~~~~~ * issue 408 Show summary of code review, verified on all open changes + The open changes views now show the status summary columns, just like a user dashboard shows. This requires an extra RPC per page display, but can save user time when trying to identify which reviews should be examined. * Only enable 'Delete' button when there are selections + In Settings panels the delete button is enabled only if at least one row has been selected to be removed. * SSH commands stop option parsing on \-- + Like most POSIX commands, `\--` now signifies the end of options for any command accessible over SSH. * Include formatted HTML documentation in WAR + Official release WARs now contain the formatted HTML documentation, and a 'Documentation' menu will display in the main UI (alongside 'All', 'My', 'Admin') to help users access the local copy rather than jumping to the remote Google Code project site. * Enhanced patch set download commands + Download commands for patch sets are now offered as a tabbed panel, allowing the user to select between 'repo download', 'git pull', or 'git fetch ... && git cherry-pick' or 'git fetch ... && git format-patch' styles, as well as to select the transport protocol used, including anonymous Git or HTTP, or authenticated SSH or HTTP. The current selections are remembered for signed-in users, permitting end-users to quickly reuse their preferred method of grabbing a patch set. * Theme the web UI with different skin colors + Site administrators can now theme the UI with local site colors by setting theme variables in gerrit.config. Permissions ~~~~~~~~~~~ * issue 60 Change permissions to be branch based + Almost all permissions are now per-branch within each project. This includes Code Review, Verified, Submit, Push Branch, and even Owner. Permissions can be set on a specific branch, or on a wildcard that matches all branches that start with that prefix. Read permission is still handled at the project level, but future versions should support per-branch read access as well. * MaxNoBlock category for advisory review levels + The new MaxNoBlock category function can be used in a custom approval category for reviews that are performed by automated lint tools. See link:http://gerrit.googlecode.com/svn/documentation/2.1.2/access-control.html#function_MaxNoBlock[access control] for more details on this function. Remote Access ~~~~~~~~~~~~~ * Enable smart HTTP under /p/ URLs + Git 1.6.6 and later support a more efficient HTTP protocol for both fetch/clone and push, by relying upon Git specific server side logic. Gerrit Code Review now includes the necessary server side support when accessing repositories using URLs of the form `http://review.example.com/p/'$projectname'.git`. Authentication over smart HTTP URLs is performed using standard HTTP digest authentication, with the username matching the SSH username, but the password coming from a field that is generated by Gerrit and accessible to the user on their Settings > SSH Keys tab. Smart HTTP requests enter the same resource queue as SSH requests, using the embedded Jetty server to suspend the request and later resume it when processing resources are available. This ensures HTTP repository requests don't overtax the server when made concurrently with SSH requests. * issue 392 Make hooks/commit-msg available over HTTP + The scp filesystem holding client side tools and hooks is now avaliable over `http://review.example.com/tools/'$name'`. User documentation is updated with example URLs. * issue 470 Allow /r/I... URLs + Change-Ids can now be searched for by accessing the URL `http://example.com/r/'Ichangeid'`, similar to how commits can be searched by `http://example.com/r/'commitsha1'`. * gerrit-sshd: Allow double quoted strings + SSH command arguments may now be quoted with double quotes, in addition to single quotes. This can make it easier to intermix quoting styles with the shell that is calling the SSH client . Server Administration ~~~~~~~~~~~~~~~~~~~~~ * issue 383 Add event hook support + Site administrator managed hook scripts can now be invoked at various points in processing. Currently these scripts are informational only and cannot influence the outcome of an event. For more details see link:http://gerrit.googlecode.com/svn/documentation/2.1.2/config-hooks.html[hooks]. * Add stream-events command + The new 'gerrit stream-events' command can be used over SSH by an end-user to watch a live stream of any visible patch set creation, comments and change submissions. For more details see link:http://gerrit.googlecode.com/svn/documentation/2.1.2/cmd-stream-events.html[gerrit stream-events]. * Log HTTP activity to $site_path/logs/httpd_log + When httpd.listenUrl is http:// or https://, requests are logged into `'$site_path'/logs/httpd_log`. This mirrors the behavior of the SSH daemon, which also logs requests into the same directory. For proxy URLs HTTP requests aren't logged, since the front-end server is expected to be performing the logging. Logging can be forced on, or forced off by setting link:http://gerrit.googlecode.com/svn/documentation/2.1.2/config-gerrit.html#httpd.requestLog[httpd.requestLog]. * Allow the daemon's host key to authenticate to itself + The SSH daemon's host key can now be used to authenticate as the magic user `Gerrit Code Review`. This user identity is blessed as even more powerful than a user in the Administrators group, as using it requires access to the private half of the host key. For example: + ---- ssh -p 29418 -i site_path/etc/ssh_host_rsa_key 'Gerrit Code Review'@localhost gerrit flush-caches --all ---- * Allow $site_path/etc/peer_keys to authenticate peer daemons + Additional public keys for the magical 'Gerrit Code Review' user may be specified in an OpenSSH authorized_keys style file and are functionally equivilent to authenticating with the daemon's host key. The keys are primarily intended to be other daemons, most likely slaves, that share the same set of repositories and database. * Allow suexec to run any command as any user + The new SSH based suexec command can only be invoked by the magic user `Gerrit Code Review` and permits executing any other command as any other registered user account. This forms the foundation of allowing a slave daemon process to transparently proxy any write request from a client forward to the current master. + The transparent proxy support is not yet implemented in the slave. * Support automation of gsql by JSON, -c option + The gsql command now supports JSON as an output format, making software driven queries over SSH easier. The -c option accepts one query, executes it, and returns. Other ~~~~~ * Warn when a commit message isn't wrapped + During receive Gerrit warns the user if their commit messages appears to be incorrectly formatted, by having lines that aren't hard-wrapped or that has an extremely long subject line. * During merge use existing author identity values + When Gerrit creates a merge commit in order to submit a change, the author information of the merge commit is taken from the submitter. If all of the commits being submitted were written by the submitter, the authorship of the merge commit is copied from one of those commits rather than from the user's preferred account information. Bug Fixes --------- UI ~~ * Change "Publish Comments" to "Review" + The term "Publish Comments" was used on two different buttons that performed two different actions. The first usage was to open the screen which shows the scoring buttons, provides the cover letter editor, and shows the in-line comments for final review before publication. The button that opens that review screen has been renamed "Review". The second usage of the button was to actually send out the notification emails, and expose the comments to others. This button is still called "Publish Comments". * issue 448 Disable syntax highlighting on unified views + Syntax highlighting in the unified patch view isn't useful if it hides the added and removed lines red/green text color. Disable it entirely so the add/remove coloring shows up instead. * Disable 'Syntax Highlighting' and 'Show Full File' on big files + If the file is really big (over 9000 lines), 'Show Full File' is actually disabled on the server side, to prevent the client from being overrun with data. The UI now reflects this by disabling the checkbox for the user, and adds a tooltip to indicate why its greyed out. * Don't try to syntax highlight plain text + Plain text files can't benefit from syntax highlighting, its actually more confusing than it is useful. Skip highlighting on them. * issue 251 Fix bad syntax highlighting + Prior versions performed syntax highlighting on a per-line basis, resulting in confusing or bogus results in multi-line contexts like C/Java's "/\* ... \*/" style comment. Fixed by performing highlighting on the entire file contents, even if only some lines are displayed to meet the user's context setting. * Ensure vertical tabs are visible + Vertical tab markers are red, which means they can be hidden against a whitespace error, or deleted region marker. Tabs are now shown as black against these cases. * Handle bare CR in the middle of a line + If a CR ("\r") appears in the middle of a line rather than nestled against an LF as a CRLF pair, its now displayed as a whitespace error, and the line isn't broken at the CR. This fixes an issue where a mostly CRLF file with a single malformed line ending caused the side-by-side display to render incorrectly (or not at all). * issue 438 Skip gitlink modes as we can't get a content difference + The special gitlink mode inside of a tree points to a commit in the submodule project. We can't show the content of it inside of the supermodule. * issue 456 Support enter to submit on most forms + Enter key on a lot of forms did not activate the reasonable default action, e.g. add a reviewer to an existing review. Fixed. * issue 347 Improve handling of files renamed between patch sets + Comment counts in the "history" section of a file viewer were not displayed when the file was renamed between two different patch sets of the same change. Fixed. * Fix the style of the Reviewed column header + The reviewed column header wasn't displaying with the same style as its siblings. Fixed. * Fix duplicate "Needed By" pointers between changes + If a change's current patch set was used as the parent for multiple patch sets of another change, that dependent change showed up more than once in the "Needed By" list. Fixed. * Expand group names to be 255 characters * Update URL for GitHub's SSH key guide * issue 314 Hide group type choice if LDAP is not enabled Email ~~~~~ * Send missing dependencies to owners if they are the only reviewer + If the owner of the change is the only reviewer and the change can't be submitted due to a missing dependency, Gerrit failed to send out an email notification. Fixed. * issue 387 Use quoted printable strings in outgoing email + Names or subjects with non-ASCII characters were not quoted properly in the email notification headers. Fixed. * issue 475 Include the name/email in email body if not in envelope + When the email address from line is a generic server identity, there is no way to know who wrote a comment or voted on a change. An additional from line is now injected at the start of the email body to indicate the actual user. Remote Access ~~~~~~~~~~~~~ * issue 385 Delete session cookie when session is expired + If the session expires and the user clicks "Close" in the session expired popup dialog box, delete the cookie so the user can continue to use the website as an anonymous user. * Dequote saved OpenID URLs + Certain OpenID URLs were getting double quotes thrown around them after being saved in the last identity cookie on the client. The quotes were loading back into the dialog on a subsequent sign-in attempt, resulting in an error as double quotes aren't valid in an HTTP URL. Fixed by dropping the quotes if present. * Fix NoShell to flush the error before exiting + Sometimes users missed the standard error message that indicated no shell was available, due to a thread race condition not always flushing the outgoing buffer. Fixed. * issue 488 Allow gerrit approve to post comments on closed changes + The 'gerrit approve' command previously refused to work on a closed change, but the web UI permitted comments to be added anyway. Fixed by allowing the command line tool to also post comments to closed changes. * issue 466 Reject pushing to invalid reference names + Gerrit allowed the invalid `HEAD:/refs/for/master` push refspec to actaully create the branch `refs/heads/refs/for/master`, which confused any other client trying to push. Fixed. * issue 485 Trim the username before requesting authentication + LDAP usernames no longer are permitted to start with or end with whitespace, removing a common source of typos that lead to users being automatically assigned more than one Gerrit user account. Server Administration ~~~~~~~~~~~~~~~~~~~~~ * daemon: Really allow httpd.listenUrl to end with / + If httpd.listenUrl ended with / the configuration got botched during init and the site didn't work as expected. Fixed by correctly handling an optional trailing / in this variable. * issue 478 Catch daemon startup failures in error_log + Startup errors often went to /dev/null, leaving the admin wondering why the server didn't launch as expected. Fixed. * issue 483 Ensure uncaught exceptions are logged + Some exceptions were reaching the top of the stack frame without being caught and logged, causing the JRE to print the exception to stderr and then terminate the thread. Since stderr was redirected to /dev/null by gerrit.sh, we usually lost these messages. Exception handlers are now installed to trap and log any uncaught errors. * issue 451 gerrit.sh: Wait until the daemon is serving requests + The gerrit.sh script now waits until the deamon is actually running and able to serve requests before returning to the caller with a successful exit status code. This makes it easier to then start up dependent tasks that need the server to be ready before they can run. * gerrit.sh: Don't use let, dash doesn't support it + /bin/sh on Debian/Ubuntu systems is dash, not bash. The dash shell does not support the let command. * gerrit.sh: Correct JAVA_HOME behavior + JAVA_HOME now can be overridden by container.javaHome, as the documentation states. * init: Only suggest downloading BouncyCastle on new installs + Upgrades of an existing installation which has not installed the BouncyCastle library shouldn't be encouraged to download and install the library again. The administrator has already chosen not to use it, we shouldn't nag them about it. * issue 389 Catch bad commentlink patterns and report them + A bad commentlink.match pattern could cause the change screen to simply not load, with no errors in the server log, and nothing immediately visible on the client. Most bad patterns are now caught during server startup and are reported in the server error_log. Certain failures are caught on the client side, and sent to the server error log over RPC. Bad patterns are simply skipped when logged. * issue 419 MySQL: Fix account\_group\_members\_audit removed\_on + MySQL has a "feature" which prevented the removed_on column from being NULL when we meant for it to be NULL. Fixed by using the MySQL suggested work around, which is non-standard SQL. * issue 424 WAR truncated during init + init sometimes truncated the WAR file to 0 bytes if it was running from the destination WAR. Fixed by using JGit's LockFile class which writes to a temporary file and does an atomic rename to finish. * issue 423 Bind to LDAP using only the end-user identity + Microsoft Active Directory doesn't support anonymous binds, and some installations might not be able to create a generic role account for Gerrit Code Review. The new auth.type LDAP_BIND permits Gerrit to authenticate using only the end-user's credentials, avoiding the need for an anonymous or role account bind. * issue 423 Defer LDAP server type discovery until first authentication + Microsoft Active Directory wasn't being detected, because the anonymous bind during server startup failed. Instead the server type is detected during the first user authentication, where we have a valid directory context to query over. * issue 486 Reload UI if code split fails to download + If the server gets upgraded and the user hasn't reloaded their browser tab since the upgrade, opening a new section of the UI sometimes failed. Fixed by executing an implicit reload in these cases, reducing the number of times a user sees a failure. Development ~~~~~~~~~~~ * issue 427 Adjust SocketUtilTest to be more likely to pass + Some DNS environments, especially those based on OpenDNS, were failing this test case during a build because the upstream resolver was returning back a bogus record for an invalid domain name. The test was adjusted to use a name that is less likely to be resolved by a broken upstream resolver. * Fix /become?user_name=... under GWT debugger + The /become URL now accepts ?user_name=who to authenticate, making it easier to setup a launch configuration to debug a particular user account in development. * Show localhost based SSH URLs + SSH URLs using localhost as the hostname are now visible in the web UI, making it easier to copy and paste SSH URLs when debugging fetching of changes. * issue 490 Try Titlecase class name first when launching programs + Launching daemon or init from the classes directory on a case insensitive filesystem like Mac OS X HFS+ or Windows NTFS failed. Fixed. * Misc. license issues + The CDDL javax.servlet package was replaced by an Apache License 2.0 implementation from the Apache Foundation. The unnecessary OpenXRI package, which was never even included in the distribution, was removed from the license file. Schema Changes in Detail ------------------------ * Remove Project.Id and use only Project.NameKey + The project_id column was dropped from the projects table, and all associated subtables, and only the name is now used to link records in the database. This simplifies the schema for eventual changes onto less-traditional storage systems. * Move sshUserName from Account to AccountExternalId + The ssh\_user\_name column in accounts was moved to an additional row in account\_external\_ids, using external\_id prefix `username:`. This removes the non-primary key unique index from the table, making it easier to move to less traditional storage systems. * Replace all transactions with single row updates + Schema update operations have been reworked to not require multi-row transaction support in the database. This makes it easier to port onto a distributed storage system where multi-row atomic updates aren't possible, or to run on MySQL MyISAM tables. Other Changes ------------- * Update gwtorm to 1.1.4-SNAPSHOT * Add unique column ids to every column * Remove unused byName @SecondaryKey from ApprovalCategory * Remove @SecondaryKey from AccountGroup * documentation: Remove mention of mysql_nextval.sql script * Drop MySQL function nextval_project_id * documentation: Remove project_id from manual insert * Update JGit to 0.5.1.106-g10a3391 * Split the core receive logic out of the SSH code * Move toProject into PageLinks for reuse * Correct SSH Username to be just Username * Don't display the magic username identity on the identities tab * Show Status column header on the SSH key table * Queue smart HTTP requests alongside SSH requests * Add a password field to the account identities * Authenticate /p/ HTTP and SSH access by password * Advertise the smart HTTP URLs to references * Refactor the SSH session state * Fixing Eclipse settings file * Add --commit to comment-added as there was previously no way to kno... * Fix imports inside of PatchScreen.java * Fix crash while loading project Access tab * Replace our own @Nullable with javax.annotation.Nullable. * Correctly hide delete button on inherited permissions * Allow per-branch OWN +1 to delegate branch ownership * Block inheritance by default on per-branch permissions. * Simplify FunctionState as discussed previously * Restore delete right checkboxes in wild card project * issue 393 Require branch deletion permission for pushes over HTTP * issue 399 Update JGit to 0.5.1.140-g660fd39 * Add standard eclipse generated files to .gitignore * Don't reformat the source if the files are identical * Fix schema 27 upgrade for H2 * Update JGit to 0.5.1.141-g3eee606 * Manage database connections directly in PatchScriptFactory * issue 425 Update user documentation to explain branch access control * Update to gwtjsonrpc 1.2.2-SNAPSHOT * Allow refs/* pattern on new reference rights * Trim reference name from user when adding access right * Execute Git commands with AccessPath.GIT * Update to GWT 2.0.1 * Update to Ehcache 1.7.2 * Update to mime-util 2.1.3 * Update to H2 1.2.128 * issue 442 Fix IncorrectObjectTypeException on initial commit * Compute allowed approval categories separately. * Move new change display to PostReceiveHook * Drop unused formatLanguage property from patch table * issue 447 documentation: Improve Apache mod_proxy configuration * issue 445 Fix whitespace errors with word diff enabled * issue 439 Move syntax highlighting back to client * Remove Mozilla Rhino from our build * Add missing step to add gwtui_dbg configuration * Remove useless imports from Schema_28 * Fix upgrading H2 from schema 20 to current * Move release notes into the repository * issue 454 documentation: Improve bugzilla link example to include # * Drop unused err PrintWriter in Receive * documentation: Describe how to do case insensitive commentlink * Add patch releases to release notes * Update to gwtorm 1.1.4, gwtjsonrpc 1.2.2, gwtexpui 1.2.1 * Update to GWT 2.0.2 * documentation: Remove stupid ReleaseNotes build rules * documentation: Use a per-version directory * Draft 2.1.2 release notes * documentation: Fix version number to only consider x.y.z format * Drop XRI related support from our notices list * documentation: Correct sorting error in notices * documentation: Add JSR 305 and AOP Alliance to licenses * documentation: Correct links to the MPL 1.1 license * Replace CDDL javax.servlet with APLv2 implementation * documentation: Document database.pool* variables * Update 2.1.2 release notes to mention juniversalchardet * Fix whitespace ignore feature * Fix database connection leak in git-receive-pack * Delay marking a file reviewed until its displaying * Simplify patch display to a single RPC * Fix missing right side border of history, dependency tables * Cleanup useless leftmost/rightmost CSS classes * Don't RPC to load the full file if we already have it * Add Forge Identity +3 to permit pushing filtered history * Fix source code formatting in RefControl * Fix combined diffs on merge commits * Fix SparseFileContent for delete-only patches * Simplify some CSS rules for side-by-side viewer * Color entire replace block same background shade * Cleanup CSS for side-by-side view when there are character differen... * documentation: Fix typo on the word database * Always use class wdc on replace line common sections * Fix side-by-side table header CSS glitch * Fix file line padding in side-by-side viewer * Improve the way inline comments are shown * Fix side by side view column headers to use normal font * Tweak the intraline difference heuristics * Refactor and add to streaming events schema * Documentation schema for stream-events command * Fix source code formatting errors in MergeOp * Cleanup display of branches panel when gitweb isn't configured * Fix "Show Tabs" checkbox * Update 2.1.2 release notes * Reorganize 2.1.2 release notes into categories * Hide syntax highlighting checkbox in unified view * Change default tab width to 8 * Ensure drafts redisplay when refreshing the page * Fix tab marker RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK * issue 473 Don't aggressively coalesce across lines * Fix intraline difference off-by-one when LF is added * Mark add or delete regions with darker colors * Invalidate the diff cache * Fix build breakage due to missing constants * Fix editable username when authType is LDAP or HTTP_LDAP * issue 481 Fix enter with completion in add reviewer box * Make intraline differences easier to debug * Avoid "es" replaced by "es = Address" * Cleanup line insertions joined against indentation change * Change become to use user_name field * Stop leaking patch controls CSS to other widgets * Fix coloring of tab markers in syntax highlighting * Fix toggling syntax highlighting on partial file * Permit use of syntax highlighting in unified view * Use hunk background colors on unified views with syntax highlighting * Fix source code formatting in ApproveCommand.java * issue 483 Log the type of a non-task after it executes * Update to GWT 2.0.3 * issue 489 Drop host name resolution failure test * issue 483 Remove reliance on afterExecute from WorkQueue 71b04c00b174b056ed2579683e2c1546d156b75a