Bug 1434892

Summary: API break after update to 0.24
Product: [Fedora] Fedora EPEL Reporter: Igor Gnatenko <ignatenko>
Component: libgit2Assignee: Pete Walter <walter.pete>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: herrold, i, kevin, pingou, rdieter, veeti.paananen, walter.pete
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libgit2-0.24.6-2.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-28 16:19:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Igor Gnatenko 2017-03-22 14:42:02 UTC
Breaking API is not acceptable for EL*

Comment 1 Pete Walter 2017-03-22 15:15:48 UTC
This update is needed to fix a number of security issues which we don't have the manpower to backport fixes for (https://bugzilla.redhat.com/show_bug.cgi?id=1411860) and to address https://bugzilla.redhat.com/show_bug.cgi?id=1426035

The update keeps ABI compatibility, and as for any minor API changes, I maintain all of the dependent packages (python-pygit2, libgit2-glib, gitg) and will take care of them.

Sorry, I know you hate RHEL and EPEL and want to see them fail and Fedora succeed, but blocking improvements that other people work on isn't the way to go here. Can you please also neuter your -1 karma in the Bodhi update that you clearly filed without even installing the update?

Thanks. Closing as wontfix.

Comment 2 Rex Dieter 2017-03-22 15:28:46 UTC
there's some good and bad here, let's start with the bad:

the comment on reporter's character and motives.


The good:
I think as maintainer you did well to make an effort to actually provide a compatible ABI here.

The approach used to achieve that is... questionable however, simply copying the same library from a previous build is probably not acceptable.

Comment 3 Igor Gnatenko 2017-03-22 16:18:55 UTC
I was talking about API, not ABI.

Comment 4 Kevin Fenzi 2017-03-22 17:05:00 UTC
Note that there is actually a policy for incompatible upgrades: 

https://fedoraproject.org/wiki/EPEL_incompatible_upgrades_policy

At least more communication would be good here, and rebuilding/including all the packages that use libgtk2 in the collection in any update.

Comment 5 Rex Dieter 2017-03-22 22:58:09 UTC
Regarding the last part, addressed in comment #1 :
"I maintain all of the dependent packages (python-pygit2, libgit2-glib, gitg) and will take care of them."

Comment 6 Pierre-YvesChibon 2017-03-23 09:01:30 UTC
But that doesn't include dependent packages of them, for example pagure which relies on pygit2

Comment 7 Pete Walter 2017-03-23 09:41:00 UTC
Right. pygit2 needs more testing: see bug https://bugzilla.redhat.com/show_bug.cgi?id=1426035 for discussion about that. The update that is being discussed here keeps full binary compatibility that is needed for old pygit2 and keeps it working exactly like it was before.

At the same time this update also opens up the possibility to put a new pygit2 version in EPEL.

Doing things step by step here to not break the whole world at a time.

Comment 8 Kevin Fenzi 2017-03-24 03:15:44 UTC
I'm not a big fan of the way you are keeping binary compatibiity. 

I think it breaks https://fedoraproject.org/wiki/Packaging:Guidelines#No_inclusion_of_pre-built_binaries_or_libraries

it also means all those things are still vulnerable, etc.

Comment 9 Pierre-YvesChibon 2017-03-25 07:55:33 UTC
Plus if you just bump the release and rebuild, you will get the new soname versioned as 0.21 while I believe rebuilding the same spec file should lead to the same RPM.

Comment 10 Igor Gnatenko 2017-03-28 12:14:55 UTC
Including built libgit2.so.21 from previous build
1) doesn't fix security issue
2) doesn't preserve API
3) violates policy of pre-build libraries to some degree

Comment 11 Pierre-YvesChibon 2017-05-16 14:28:40 UTC
4) breaks building on the top of pygit2 https://koji.fedoraproject.org/koji/taskinfo?taskID=19587785

Comment 12 Pierre-YvesChibon 2017-05-16 14:38:59 UTC
(In reply to Pierre-YvesChibon from comment #11)
> 4) breaks building on the top of pygit2
> https://koji.fedoraproject.org/koji/taskinfo?taskID=19587785

Ok, seems this was un-related, so I guess point 4) doesn't apply :)

Comment 13 Pete Walter 2017-08-10 09:12:07 UTC
I've dropped the libgit2.so.21 ABI compatibility now, thanks everybody!

Comment 14 Fedora Update System 2017-08-12 00:21:10 UTC
libgit2-0.24.6-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c63ac9cba

Comment 15 Fedora Update System 2017-08-28 16:19:34 UTC
libgit2-0.24.6-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.