[openssl-users] Minimizing the pain of reformatting your OpenSSL patches

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl-users] Minimizing the pain of reformatting your OpenSSL patches

Matthias St. Pierre

Hello,

the upcoming security update imposes a special challenge to
all OpenSSL users who maintain their own patch sets.

The reason is the code reformat which has taken place in between
the last and the upcoming release, which renders existing patches
useless.
<https://www.openssl.org/blog/blog/2015/01/05/source-code-reformat>

Matt Caswell has posted a detailed article explaining how you can
reformat your patches, see
<https://www.openssl.org/blog/blog/2015/02/11/code-reformat-finished>

This article inspired me to the following solution and I extended his
ideas a little. Here is the recipe which worked for me. It is a little
bit simpler than the solution of the blog, because it does not involve
cherry-picking. Also, I wrote a script helping me to do the bulk
conversion of many patches:

  Assuming, you have a branch "${branch}" containing all your
  patches, The script creates a copy of your branch, named
  "${branch}-pre-auto-reformat" which it then rebases to
  "${upstream}-pre-auto-reformat".
 
  For every commit on the rebased branch, it does an automatic
  conversion, placing the results onto a new branch
  "${upstream}-pre-auto-reformat"

Finally, you can rebase a copy "${upstream}-reformatted" of the
reformatted branch "${upstream}-post-auto-reformat" to the
upcoming release (say, 1.0.1m).

More details at the end of the mail.


Regards,
msp


DISCLAIMER
The script is merely a demonstration which may serve as a starting
point for you and may not be 100% fool-proof. I hope it will turn out
to be useful for some of you. However, I don't take any
responsibilities if anything goes wrong. Use it at your own risk!




--

In following I describe the steps in more detail how you can

 1) get your patches into git (if you havn't done it yet)
 2) do the reformatting in git, with the help of the script
 3) rebase your patches to the current release
 4) recreate the patches using 'git format-patch'


If your patches are already maintained in a git repository,
you may skip step 1)


1) If you only have patches, no git repository, it's a good idea
to get your own clone of the git repository, in which you have an
own branch to maintain your patches.

   git clone git://git.openssl.org/openssl.git
   cd openssl

This will not only ease the transition, but also pay back in the future,
since the powerful capabilities features of git will make it easy in the
future to rebase your patches using just two commands, 'git rebase' and
'git format-patch'.


Just create a branch off the vanilla release from which your
patches depart (say, OpenSSL 1.0.1k)

   git checkout -b mypatches OpenSSL_1_0_1k

Apply your patches one-after-the-other, creating a single commit
for each patch with meaningful commit messages. Note that the header
line of your commit message will be used by 'git format-patch' to create
a filename for the patch.

(If you don't know how to do this in git, you may want to consult
http://git-scm.com/doc)


2) Now we assume that

  a) you already have an OpenSSL git repository
  b) your patches are on a branch called 'mypatches',
     which were branched from one of the stable branches
     before the reformatting (say OpenSSL_1_0_1-stable)
  c) your working copy is clean (no local changes or
     untracked files)
  d) you're running linux (if not, get yourself a Linux VM)


The attached script shows an example of how to automate
the procedure of reformatting every single commit on your
branch and recommitting it. It contains a lot of comments
to explain what it is doing. PLEASE READ THE COMMENTS
CAREFULLY BEFORE RUNNING THE SCRIPT!

You just have to set the two variables 'branch' and 'upstream'
at the beginning of the script (marked 'todo') to the name
of your branch and its upstream branch, respectively.

The script may fail on the first run when attempting to rebase
"${branch}-pre-auto-reformat". This case is anticipated, just
fix your conflicts, and run the script again
(see <http://git-scm.com/book/en/v2/Git-Branching-Rebasing>)

If any other error occurs, you are on your own ;-)

However, the script does not move existing branch labels, it operates
on new branches. So you may restart as often as you like, as long
as you remove the intermediate branches created by the script
(using 'git branch -D')

If you're still anxious to do this on your production repository, try
it on a copy of repository first.

3) After the script has succeeded, you can rebase your
reformatted branch to the head of the stable branch or
to the tag of the most recent release, e.g. to OpenSSL_1_0_1k:

git checkout -b mypatches-reformatted mypatches-post-auto-reformat
git rebase OpenSSL_1_0_1k


4) Now you can have git recreate your patches automatically
with a single command:

   git format-patch OpenSSL_1_0_1k..HEAD

or, more generally:

   git format-patch $(git merge-base HEAD OpenSSL_1_0_1-stable)..HEAD
 





_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

reformat.sh (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] Minimizing the pain of reformatting your OpenSSL patches

Matthias St. Pierre
Copy & Paste error:

The name of the new branch is
   "${upstream}-post-auto-reformat"
not
   "${upstream}-pre-auto-reformat"

msp

On 03/19/2015 09:40 AM, Dr. Matthias St. Pierre wrote:
>   For every commit on the rebased branch, it does an automatic
>   conversion, placing the results onto a new branch
>   "${upstream}-pre-auto-reformat"
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] Minimizing the pain of reformatting your OpenSSL patches

Matthias St. Pierre
In reply to this post by Matthias St. Pierre
Sorry for that, another typo:

Please replace OpenSSL_1_0_1k by OpenSSL_1_0_1m below.

On 03/19/2015 09:40 AM, Dr. Matthias St. Pierre wrote:
> 3) After the script has succeeded, you can rebase your
> reformatted branch to the head of the stable branch or
> to the tag of the most recent release, e.g. to OpenSSL_1_0_1k:
>
> git checkout -b mypatches-reformatted mypatches-post-auto-reformat
> git rebase OpenSSL_1_0_1k
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] FIXED: Minimizing the pain of reformatting your OpenSSL patches

Matthias St. Pierre
In reply to this post by Matthias St. Pierre

Hello,

my original post contained two typos. Also, the script reversed the order
of the commits due to a forgotten '--reverse'. (Probably, it was too late,
last night ;)

So here comes a repost with all corrections. Sorry for the inconveniences.

Regards,

msp



--

Hello,


the upcoming security update imposes a special challenge to
all OpenSSL users who maintain their own patch sets.

The reason is the code reformat which has taken place in between
the last and the upcoming release, which renders existing patches
useless.
<https://www.openssl.org/blog/blog/2015/01/05/source-code-reformat>

Matt Caswell has posted a detailed article explaining how you can
reformat your patches, see
<https://www.openssl.org/blog/blog/2015/02/11/code-reformat-finished>

This article inspired me to the following solution and I extended his
ideas a little. Here is the recipe which worked for me. It is a little
bit simpler than the solution of the blog, because it does not involve
cherry-picking. Also, I wrote a script helping me to do the bulk
conversion of many patches:

  Assuming, you have a branch "${branch}" containing all your
  patches, The script creates a copy of your branch, named
  "${branch}-pre-auto-reformat" which it then rebases to
  "${upstream}-pre-auto-reformat".
 
  For every commit on the rebased branch, it does an automatic
  conversion, placing the results onto a new branch
  "${upstream}-post-auto-reformat"

Finally, you can rebase a copy "${upstream}-reformatted" of the
reformatted branch "${upstream}-post-auto-reformat" to the
upcoming release (say, 1.0.1m).

More details at the end of the mail.


Regards,
msp


DISCLAIMER
The script is merely a demonstration which may serve as a starting
point for you and may not be 100% fool-proof. I hope it will turn out
to be useful for some of you. However, I don't take any
responsibilities if anything goes wrong. Use it at your own risk!




--

In following I describe the steps in more detail how you can

 1) get your patches into git (if you havn't done it yet)
 2) do the reformatting in git, with the help of the script
 3) rebase your patches to the current release
 4) recreate the patches using 'git format-patch'


If your patches are already maintained in a git repository,
you may skip step 1)


1) If you only have patches, no git repository, it's a good idea
to get your own clone of the git repository, in which you have an
own branch to maintain your patches.

   git clone git://git.openssl.org/openssl.git
   cd openssl

This will not only ease the transition, but also pay back in the future,
since the powerful capabilities features of git will make it easy in the
future to rebase your patches using just two commands, 'git rebase' and
'git format-patch'.


Just create a branch off the vanilla release from which your
patches depart (say, OpenSSL 1.0.1k)

   git checkout -b mypatches OpenSSL_1_0_1k

Apply your patches one-after-the-other, creating a single commit
for each patch with meaningful commit messages. Note that the header
line of your commit message will be used by 'git format-patch' to create
a filename for the patch.

(If you don't know how to do this in git, you may want to consult
http://git-scm.com/doc)


2) Now we assume that

  a) you already have an OpenSSL git repository
  b) your patches are on a branch called 'mypatches',
     which were branched from one of the stable branches
     before the reformatting (say OpenSSL_1_0_1-stable)
  c) your working copy is clean (no local changes or
     untracked files)
  d) you're running linux (if not, get yourself a Linux VM)


The attached script shows an example of how to automate
the procedure of reformatting every single commit on your
branch and recommitting it. It contains a lot of comments
to explain what it is doing. PLEASE READ THE COMMENTS
CAREFULLY BEFORE RUNNING THE SCRIPT!

You just have to set the two variables 'branch' and 'upstream'
at the beginning of the script (marked 'todo') to the name
of your branch and its upstream branch, respectively.

The script may fail on the first run when attempting to rebase
"${branch}-pre-auto-reformat". This case is anticipated, just
fix your conflicts, and run the script again
(see <http://git-scm.com/book/en/v2/Git-Branching-Rebasing>)

If any other error occurs, you are on your own

However, the script does not move existing branch labels, it operates
on new branches. So you may restart as often as you like, as long
as you remove the intermediate branches created by the script
(using 'git branch -D')

If you're still anxious to do this on your production repository, try
it on a copy of repository first.

3) After the script has succeeded, you can rebase your
reformatted branch to the head of the stable branch or
to the tag of the most recent release, e.g. to OpenSSL_1_0_1m:

git checkout -b mypatches-reformatted mypatches-post-auto-reformat
git rebase OpenSSL_1_0_1m


4) Now you can have git recreate your patches automatically
with a single command:

   git format-patch OpenSSL_1_0_1m..HEAD

or, more generally:

   git format-patch $(git merge-base HEAD OpenSSL_1_0_1-stable)..HEAD
 




_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

reformat.sh (3K) Download Attachment