For most, the version of git available with your distribution is sufficient. I, however, like to make things interesting for myself. Accordingly, neither the git build available in wheezy main nor wheezy-backports meets my needs (Jessie also doesn’t provide the latest release). Provided are 1.7 and 1.9, respectively; I need at least 2.41.
Fortunately, building git from source isn’t particularly challenging.
Preparation
First, remove your distribution’s version of git:
apt-get remove git
Second, ensure that the necessary requirements are met before building git:
apt-get update apt-get install libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev build-essential autoconf
In place of libz-dev, zlib1g-dev may be selected; this is nothing to worry about.
Downloading & Building
When I wrote this, 2.7.1 was the latest stable release. As that will inevitably change, finding the latest release is a matter of visiting https://github.com/git/git/releases; from the list, copy the link to the latest tar.gz release and substitute that below.
Using git-2.7.1.tar.gz as the latest version, building git is a matter of:
cd /tmp curl -L --progress https://github.com/git/git/archive/v2.7.1.tar.gz | tar xz cd git-2.7.1/ make configure ./configure make prefix=/usr/local all
As long as the aforementioned prerequisites are met, this should succeed without incident.
Installing the latest git build
To install the newly-built git:
make prefix=/usr/local install
Next, confirm that the install succeeded and git is accessible:
$ which git /usr/local/bin/git
Lastly, verify that the installed version matches what you built:
$ git --version git version 2.7.1
If either the location or version don’t match, confirm that you removed all existing git builds as noted in the Preparation section.
Monitoring for new releases
Now that you’ve built git from source, apt-get update && apt-get upgrade won’t cover your git binary. Instead, you’ll repeat the above process, substituting the latest release for 2.7.1 in the preceding examples.
Since the Git project uses GitHub’s releases feature to tag updates, there’s an RSS (okay, Atom, but ¯\_(ツ)_/¯) feed to track changes: https://github.com/git/git/releases.atom. I’ve connected that to a Slack instance and used IFTTT to deliver notifications via email.
Owing to https://ma.ttias.be/remote-code-execution-git-versions-client-server-2-7-1-cve-2016-2324-cve-2016-2315/ and http://seclists.org/oss-sec/2016/q1/645, updating to at least 2.7.4 is warranted.