确定应该应用补丁程序顺序的工具? [英] Tool that figures out order in which patches should be applied?
问题描述
背景:
我正在尝试让Ubuntu在FIPS模式下工作。我需要 FIPSify 的软件包之一是openssh。根据CentOS的openssh * .spec文件,它们在openssh源代码之上应用的补丁之一是 openssh-6.6-fips.patch 。但是,debian打包代码根本没有该补丁,因此我想从CentOS借用该补丁并在Ubuntu上使用。
I am trying to get Ubuntu to work under FIPS mode. One of the packages that I need to FIPSify is openssh. According to CentOS openssh *.spec file one of the patches that they apply on top of openssh source code is openssh-6.6-fips.patch. However, debian packaging code does not have that patch at all so I thought to "borrow" it from CentOS and use on Ubuntu.
问题:
不幸的是,此 openssh-6.6-fips.patch 补丁不能完全应用于ubuntu openssh源代码代码是由于CentOS在生成它之前应用了其他补丁。我已经安装了所有补丁,但是要应用它们而不产生冲突并不容易,因为我不知道补丁的依赖性。
Unfortunately, this openssh-6.6-fips.patch patch does not apply cleanly on top of ubuntu openssh source code due to other patches that CentOS applied before generating it. I have all the patches, but it is not easy to apply them without conflicts, because I don't know patch dependencies.
是否有一个工具可以自动执行此过程,输入时将使用来自Ubuntu的openssh源代码,来自CentOS的补丁以及我要应用的目标补丁。然后在输出中它会告诉我是否(以及如何)可以应用这些CentOS补丁而不触发冲突?
推荐答案
用于此目的的工具是一个版本控制系统,我将显示(完全未经测试的)git命令显示其操作方式。
The tool to use for this is a version control system, and I will show (completely untested) git commands of how I would do it.
## Create repository ##
$ mkdir workdir
$ cd workdir
$ git init
$ touch .gitignore # \ Creates a first commit
$ git add .gitignore # > for the branches to
$ git commit -m .gitignore # / have in common
## Import debian source code ##
$ git checkout -b debian master
$ tar zxvf /the/debian/source/code.tgz
$ git add .
$ git commit -m "Base debian source code"
## Import centos source code ##
$ git checkout -b centos master
$ tar zxvf /the/centos/source/code.tgz
$ git add .
$ git commit -m "Base centos source code"
## Apply centos rpm patches ##
$ pacth -p1 < /the/file/listed/as/patch1/in/spec/file
$ git add .
$ git commit -m the_pacth1_file_name
$ pacth -p1 < /the/file/listed/as/patch2/in/spec/file
$ git add .
$ git commit -m the_pacth2_file_name
$ # repeat for all the patches up till, including openssh-6.6-fips.patch
到目前为止,该命令对您没有任何帮助,只是git存储库包含构建软件包时使用的最终源代码。但是,由于补丁存储为单独的提交(这是关键),因此我们可以执行标准的版本控制操作,并根据需要包含/排除分支的某些部分。
So far the command have gotten you nothing other than a git repository that contains the final source code used when building a package. However since the patches are stored as separate commits (this is the key), we can do standard version control manipulation and include/exclude parts of the branches as we want.
因此,假设openssh-6.6-fips.patch是第5个补丁程序,只是为了选择一个数字,您的问题是,由于在第1到第4补丁程序中做了一些其他更改,因此它不适用于ubuntu源码
So assuming openssh-6.6-fips.patch is patch number 5 just to pick a number, your problem is that it does not apply cleanly to the ubuntu source because of some additional changes in done in patches 1 to 4 which it builds on top of, right?
适当的版本控制系统会跟踪父版本之间的关系,如果运气好的话,它将找出如何自行解决冲突的方法,或者可能并需要手动解决它,但是在任何情况下,版本控制系统都是解决此类情况的最佳工具。
A proper version control system keeps track of parent relations to versions, and with luck it will figure out how to resolve conflicts on its own, or it might give up and you need to resolve it manually, but in any case, a version control system is the best tool there is to handle such situations.
因此,如果唯一的补丁程序从centos源代码获取的是openssh-6.6-fips.patch,然后在基础centos源代码提交的顶部创建一个仅包含此补丁的新分支,然后将该分支重新建立到ubunt你的分支。经过重新调整的提交将为您提供一个补丁,可以将其干净地应用于ubuntu源代码
So if the only patch you want from the centos source code is openssh-6.6-fips.patch, then you create a new branch containing just this patch on top of the base centos source code commit, and then rebase that branch onto the ubuntu branch. That rebased commit will then give you a patch that will apply cleanly onto the ubuntu source code
$ git checkout -b fips centos
$ git rebase -i master # Pick only the first base commit
# and the openssh-6.6-fips.patch
$ # Resolve conflicts if any and check in
现在您有一个分支 fips ,其中仅包含centos基本源代码,并且犯下的罪行。
Now you have a branch fips which only contains the centos base source code and the fips commit. Then you want to rebase this onto the ubuntu branch.
# Rebase from (excluding) one behind the top of fips branch,
# to (including) the tip of the fips branch
$ git rebase --onto ubuntu fips^ fips
# Resolve and check in any conflicts should there be any
$ git format-patch ubuntu..fips
最后一条命令将为您提供一个补丁文件,该文件将干净地应用于您可以添加到包装代码中。
The last command will give you a patch file that will apply cleanly that you can add to the packaging code.
这篇关于确定应该应用补丁程序顺序的工具?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
