From: Alejandro Colomar <alx@kernel.org>
To: Mark Wielaard <mark@klomp.org>
Cc: Joel Sherrill <joel@rtems.org>,
Florian Weimer <fweimer@redhat.com>,
Guinevere Larsen via Overseers <overseers@sourceware.org>,
Sandra Loosemore <sloosemore@baylibre.com>,
Guinevere Larsen <blarsen@redhat.com>, GCC <gcc@gcc.gnu.org>,
binutils <binutils@sourceware.org>,
Eli Zaretskii via Gdb <gdb@sourceware.org>,
libc-alpha@sourceware.org
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
Date: Sun, 21 Apr 2024 22:40:14 +0200 [thread overview]
Message-ID: <ZiV5unTogyI7rPJA@debian> (raw)
In-Reply-To: <20240421153052.GA29957@gnu.wildebeest.org>
[-- Attachment #1: Type: text/plain, Size: 6047 bytes --]
On Sun, Apr 21, 2024 at 05:30:52PM +0200, Mark Wielaard wrote:
> Hi Alejandro,
Hi Mark,
I've reordered your message, to organize my response.
> On Wed, Apr 10, 2024 at 06:30:42PM +0200, Alejandro Colomar wrote:
> > It would also be interesting to require showing range-diffs between
> > patch revisions. They make it much more difficult to introduce a
> > vulnerability after a reviewer has turned its mins into approving the
> > patch. Of course, the patch could go in if the submitter lies in the
> > range-diff and the vuln is undetected, but then it can be verified a
> > posteriory to prove that there was a lie.
>
> Could you give an example of using git range-diff?
Sure!
> Normally when asked for changes to a
> patch (series) I do an git rebase -i (on the local branch I used to
> develop the feature/bug fix) and split/commit all requested changes
> and then sent the new patches with git send-email again.
I do the same thing.
> But I guess
> to use/combine that with git range-diffs I should start creating new
> local branches for each patch (series) in development?
No; it's compatible with that workflow.
> How do you go from
> v1 of a patch (series) to a v2?
I'll start first with how you go from nothing to v1, which will help
explain how you go from v1 to v2.
Let's say I have a branch 'unifont' for adding the Unifont font to the
Linux man-pages' PDF book. I have it in a branch that applies on top of
'master'.
$ git log --oneline --graph master..unifont;
* 892a12470 (HEAD -> unifont, alx/contrib, contrib) share/mk/: build-fonts-unifont: Specify spacewidth in afmtodit(1)
* d80376b08 share/mk/: build-pdf-book: Use Unifont
* 7ec952012 share/mk/: build-fonts-unifont: Build UnifontR from unifont.otf
I want to send that as a patch set (v1, of course, since it's the first
send). I would already use range-diff when generating the patches:
$ git format-patch -o ./patches master..HEAD \
--range-diff=master -v1 --cover-letter;
./patches/v1-0000-cover-letter.patch
./patches/v1-0001-share-mk-build-fonts-unifont-Build-UnifontR-from-.patch
./patches/v1-0002-share-mk-build-pdf-book-Use-Unifont.patch
./patches/v1-0003-share-mk-build-fonts-unifont-Specify-spacewidth-i.patch
Why would you do that in v1? It notes the commit IDs of the patches, so
you can later check them when preparing v2; we'll come back to that.
For now, see what this adds to the patch set:
$ tail ./patches/v1-0000-cover-letter.patch ;
create mode 100644 share/mk/build/fonts/unifont/pfa.mk
create mode 100644 share/mk/configure/build-depends/fonts-unifont/unifont.otf.mk
Range-diff against v0:
-: --------- > 1: 7ec952012 share/mk/: build-fonts-unifont: Build UnifontR from unifont.otf
-: --------- > 2: d80376b08 share/mk/: build-pdf-book: Use Unifont
-: --------- > 3: 892a12470 share/mk/: build-fonts-unifont: Specify spacewidth in afmtodit(1)
--
2.43.0
You can see the IDs of the commits that form this patch set, which match
the git-log(1) that I showed above. Now someone suggests a change. For
this example, I wasn't happy with a commit message, and added a space to
the third commit message subject line. The git-log(1) is now:
$ git log --oneline --graph master..unifont
* bc7fa7d92 (HEAD -> unifont) share/mk/: build-fonts-unifont: Specify space width in afmtodit(1)
* d80376b08 share/mk/: build-pdf-book: Use Unifont
* 7ec952012 share/mk/: build-fonts-unifont: Build UnifontR from unifont.otf
Let's generate a v2 patch set, showing the range-diff against v1. We
need to check the commit IDs of the first set, which can be found in the
mailing list archives, thanks to the trick we used. The v1 range was
7ec952012^..892a12470. So we just pass that range:
$ git format-patch -o ./patches/ master..HEAD \
--range-diff=7ec952012^..892a12470 -v2 --cover-letter;
./patches/v2-0000-cover-letter.patch
./patches/v2-0001-share-mk-build-fonts-unifont-Build-UnifontR-from-.patch
./patches/v2-0002-share-mk-build-pdf-book-Use-Unifont.patch
./patches/v2-0003-share-mk-build-fonts-unifont-Specify-space-width-.patch
The v2 cover letter shows the changes introduced since v1:
$ tail -n20 ./patches/v2-0000-cover-letter.patch
create mode 100644 share/mk/build/fonts/unifont/dit.mk
create mode 100644 share/mk/build/fonts/unifont/pfa.mk
create mode 100644 share/mk/configure/build-depends/fonts-unifont/unifont.otf.mk
Range-diff against v1:
1: 7ec952012 = 1: 7ec952012 share/mk/: build-fonts-unifont: Build UnifontR from unifont.otf
2: d80376b08 = 2: d80376b08 share/mk/: build-pdf-book: Use Unifont
3: 892a12470 ! 3: bc7fa7d92 share/mk/: build-fonts-unifont: Specify spacewidth in afmtodit(1)
@@ Metadata
Author: Alejandro Colomar <alx@kernel.org>
## Commit message ##
- share/mk/: build-fonts-unifont: Specify spacewidth in afmtodit(1)
+ share/mk/: build-fonts-unifont: Specify space width in afmtodit(1)
Link: <https://lore.kernel.org/linux-man/ZiQ_mTQHPq3ig723@debian/T/#t>
Suggested-by: "G. Branden Robinson" <branden@debian.org>
--
2.43.0
If too much time passes between the last time the commit was rebased and
when you create the range diff, you might need to use tags, such as
'unifont-v1', to avoid git(1) collecting garbagge and removing those
old commits. But if you send shortly after rebasing, you won't need
that.
Lately, I haven't sent many patches to mailing lists, except for trivial
oneliners, so I don't remember an example where I used this, but I can
point to several github PRs where I've used this to document all changes
that have happened to my patch sets, even when the maintainer has edited
them, to be fully transparent. For example:
<https://github.com/neomutt/neomutt/pull/4221#issuecomment-2061341972>
<https://github.com/neomutt/neomutt/pull/4221#issuecomment-2052533059>
Have a lovely day!
Alex
--
<https://www.alejandro-colomar.es/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-04-21 20:40 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-29 20:39 Security warning about xz library compromise Mark Wielaard
2024-04-01 15:06 ` Sourceware mitigating and preventing the next xz-backdoor Mark Wielaard
2024-04-02 19:54 ` Sandra Loosemore
2024-04-02 20:03 ` Paul Eggert
2024-04-02 20:20 ` Paul Koning
2024-04-02 20:28 ` Ian Lance Taylor
2024-04-03 6:26 ` Martin Uecker
2024-04-03 14:00 ` Michael Matz
2024-04-03 14:14 ` Paul Koning
2024-04-03 14:32 ` Martin Uecker
2024-04-03 14:46 ` Jeffrey Walton
2024-04-03 16:02 ` Michael Matz
2024-04-03 16:26 ` Joel Sherrill
2024-04-03 16:32 ` Martin Uecker
2024-04-03 16:51 ` Andreas Schwab
2024-04-03 16:56 ` Jonathan Wakely
2024-04-03 18:46 ` Jonathon Anderson
2024-04-03 19:01 ` Martin Uecker
2024-04-05 21:15 ` Andrew Sutton
2024-04-06 13:00 ` Richard Biener
2024-04-06 15:59 ` Martin Uecker
2024-04-04 13:59 ` Michael Matz
2024-04-09 16:44 ` anderson.jonathonm
2024-04-09 17:57 ` Andreas Schwab
2024-04-09 19:59 ` Jonathon Anderson
2024-04-09 20:11 ` Paul Koning
2024-04-09 21:40 ` Jeffrey Walton
2024-04-09 21:50 ` Paul Eggert
2024-04-09 21:58 ` Sam James
2024-04-09 22:15 ` Paul Eggert
2024-04-09 22:22 ` Sam James
2024-04-09 22:53 ` Paul Eggert
2024-04-09 22:03 ` Jonathon Anderson
2024-04-09 22:10 ` Sam James
2024-04-09 21:54 ` Jonathon Anderson
2024-04-09 22:00 ` Sam James
2024-04-10 14:09 ` Frank Ch. Eigler
2024-04-10 18:47 ` Jonathon Anderson
2024-04-10 19:00 ` Frank Ch. Eigler
2024-04-10 10:26 ` Claudio Bantaloukas
2024-04-02 22:08 ` Guinevere Larsen
2024-04-02 22:21 ` Guinevere Larsen
2024-04-02 22:50 ` Jeffrey Walton
2024-04-02 23:20 ` Mark Wielaard
2024-04-02 23:34 ` Paul Koning
2024-04-03 0:37 ` Jeffrey Walton
2024-04-03 8:08 ` Florian Weimer
2024-04-03 13:53 ` Joel Sherrill
2024-04-04 10:25 ` Mark Wielaard
2024-04-10 16:30 ` Alejandro Colomar
2024-04-21 15:30 ` Mark Wielaard
2024-04-21 20:40 ` Alejandro Colomar [this message]
2024-04-21 20:52 ` Alejandro Colomar
2024-04-30 11:28 ` Alejandro Colomar
2024-04-03 14:04 ` Tom Tromey
2024-04-03 14:42 ` Jeff Law
2024-04-04 10:48 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZiV5unTogyI7rPJA@debian \
--to=alx@kernel.org \
--cc=binutils@sourceware.org \
--cc=blarsen@redhat.com \
--cc=fweimer@redhat.com \
--cc=gcc@gcc.gnu.org \
--cc=gdb@sourceware.org \
--cc=joel@rtems.org \
--cc=libc-alpha@sourceware.org \
--cc=mark@klomp.org \
--cc=overseers@sourceware.org \
--cc=sloosemore@baylibre.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).