Commit Graph

38922 Commits

Author SHA1 Message Date
Junio C Hamano
c2d081ceb9 Merge branch 'av/wincred-with-at-in-username-fix'
The credential helper for Windows (in contrib/) used to mishandle
a user name with an at-sign in it.

* av/wincred-with-at-in-username-fix:
  wincred: fix get credential if username has "@"
2015-02-18 11:44:56 -08:00
René Scharfe
dc8edc8f7d daemon: use callback to build interpolated path
Provide a callback function for strbuf_expand() instead of using the
helper strbuf_expand_dict_cb().  While the resulting code is longer, it
only looks up the canonical hostname and IP address if at least one of
the placeholders %CH and %IP are used with --interpolated-path.

Use a struct for passing the directory to the callback function instead
of passing it directly to avoid having to cast away its const qualifier.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 13:40:49 -08:00
René Scharfe
edef953e48 daemon: look up client-supplied hostname lazily
Look up canonical hostname and IP address using getaddrinfo(3) or
gethostbyname(3) only if --interpolated-path or --access-hook were
specified.

Do that by introducing getter functions for canon_hostname and
ip_address and using them for all read accesses.  These wrappers call
the new helper lookup_hostname(), which sets the variables only at its
first call.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 13:40:36 -08:00
Jeff King
b485373052 daemon: sanitize incoming virtual hostname
We use the daemon_avoid_alias function to make sure that the
pathname the user gives us is sane. However, after applying
that check, we might then interpolate the path using a
string given by the server admin, but which may contain more
untrusted data from the client. We should be sure to
sanitize this data, as well.

We cannot use daemon_avoid_alias here, as it is more strict
than we need in requiring a leading '/'. At the same time,
we can be much more strict here. We are interpreting a
hostname, which should not contain slashes or excessive runs
of dots, as those things are not allowed in DNS names.

Note that in addition to cleansing the hostname field, we
must check the "canonical hostname" (%CH) as well as the
port (%P), which we take as a raw string.  For the canonical
hostname, this comes from an actual DNS lookup on the
accessed IP, which makes it a much less likely vector for
problems. But it does not hurt to sanitize it in the same
way. Unfortunately we cannot test this case easily, as it
would involve a custom hostname lookup.

We do not need to check %IP, as it comes straight from
inet_ntop, so must have a sane form.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 13:15:30 -08:00
Jeff King
5248f2dd4f t5570: test git-daemon's --interpolated-path option
We did not test this at all; let's just give a basic sanity
check that we can find a path based on virtual hosting, and
that the downcase canonicalization works.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 13:15:07 -08:00
Jeff King
94bc83c593 git_connect: let user override virtual-host we send to daemon
When we connect to a git-daemon at a given host and port, we
actually send the string "localhost:9418" to the other side,
which allows it to do virtual-hosting lookups. For testing
and debugging, we'd like to be able to send arbitrary
strings, rather than the hostname we actually connected to.

Using "insteadOf" config does not work for this purpose, as
the hostname determination happens at a very low level,
right before we feed the hostname to our lookup routines.
You could use /etc/hosts or similar to get around this, but
we cannot do that portably from our test suite.

Instead, this patch provides an environment variable that
can be used to send an arbitrary string.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 13:15:07 -08:00
Michael Haggerty
d1dd721f11 refs.h: remove duplication in function docstrings
Add more information to the comment introducing the four reference
transaction update functions, so that each function's docstring
doesn't have to repeat it. Add a pointer from the individual
functions' docstrings to the introductory comment.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:25:18 -08:00
Michael Haggerty
4b7b520b9f update_ref(): improve documentation
Add a docstring for update_ref(), emphasizing its similarity to
ref_transaction_update(). Rename its parameters to match those of
ref_transaction_update().

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:25:03 -08:00
Michael Haggerty
1618033401 ref_transaction_verify(): new function to check a reference's value
If NULL is passed to ref_transaction_update()'s new_sha1 parameter,
then just verify old_sha1 (under lock) without trying to change the
new value of the reference.

Use this functionality to add a new function ref_transaction_verify(),
which checks the current value of the reference under lock but doesn't
change it.

Use ref_transaction_verify() in the implementation of "git update-ref
--stdin"'s "verify" command to avoid the awkward need to "update" the
reference to its existing value.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:24:59 -08:00
Michael Haggerty
60294596ba ref_transaction_delete(): check that old_sha1 is not null_sha1
It makes no sense to delete a reference that is already known not to
exist.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:24:55 -08:00
Michael Haggerty
f04c5b5522 ref_transaction_create(): check that new_sha1 is valid
Creating a reference requires a new_sha1 that is not NULL and not
null_sha1.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:24:48 -08:00
Michael Haggerty
a933c23e66 commit: avoid race when creating orphan commits
If HEAD doesn't point at anything during the initial check, then we
should make sure that it *still* doesn't point at anything when we are
ready to update the reference. Otherwise, another process might commit
while we are working (e.g., while we are waiting for the user to edit
the commit message) and we will silently overwrite it.

This fixes a failing test in t7516.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:24:20 -08:00
Michael Haggerty
a908a31c34 commit: add tests of commit races
Committing involves the following steps:

1. Determine the current value of HEAD (if any).
2. Create the new commit object.
3. Update HEAD.

Please note that step 2 can take arbitrarily long, because it might
involve the user editing a commit message.

If a second process sneaks in a commit during step 2, then the first
commit process should fail. This is usually done correctly, because
step 3 verifies that HEAD still points at the same commit that it
pointed to during step 1.

However, if there is a race when creating an *orphan* commit, then the
test in step 3 is skipped.

Add tests for proper handling of such races. One of the new tests
fails. It will be fixed in a moment.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:23:54 -08:00
Michael Haggerty
fb5a6bb61c ref_transaction_delete(): remove "have_old" parameter
Instead, verify the reference's old value if and only if old_sha1 is
non-NULL.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:23:48 -08:00
Michael Haggerty
1d147bdff0 ref_transaction_update(): remove "have_old" parameter
Instead, verify the reference's old value if and only if old_sha1 is
non-NULL.

ref_transaction_delete() will get the same treatment in a moment.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:22:50 -08:00
Michael Haggerty
8df4e51138 struct ref_update: move "have_old" into "flags"
Instead of having a separate have_old field, record this boolean value
as a bit in the "flags" field.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:22:42 -08:00
Michael Haggerty
fec14ec38c refs.c: change some "flags" to "unsigned int"
Change the following functions' "flags" arguments from "int" to
"unsigned int":

 * ref_transaction_update()
 * ref_transaction_create()
 * ref_transaction_delete()
 * update_ref()
 * delete_ref()
 * lock_ref_sha1_basic()

Also change the "flags" member in "struct ref_update" to unsigned.

Suggested-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 11:22:29 -08:00
Stefan Beller
bc1c2caa73 read-cache.c: free cache entry when refreshing fails
This fixes a memory leak when building the cache entries as
refresh_cache_entry may decide to return NULL, but it does not
free the cache entry structure which was passed in as an argument.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 10:42:43 -08:00
Junio C Hamano
3188ab3af6 Post 2.3 cycle (batch #2)
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-17 10:22:17 -08:00
Junio C Hamano
a158904323 Merge branch 'mg/push-repo-option-doc'
The "git push" documentation made the "--repo=<there>" option
easily misunderstood.

* mg/push-repo-option-doc:
  git-push.txt: document the behavior of --repo
2015-02-17 10:15:31 -08:00
Junio C Hamano
445bb5b74d Merge branch 'jc/t4122-use-test-write-lines'
* jc/t4122-use-test-write-lines:
  t4122: use test_write_lines from test-lib-functions
2015-02-17 10:15:29 -08:00
Junio C Hamano
fccf4a0567 Merge branch 'jk/status-read-branch-name-fix'
Code to read branch name from various files in .git/ directory
would have misbehaved if the code to write them left an empty file.

* jk/status-read-branch-name-fix:
  read_and_strip_branch: fix typo'd address-of operator
2015-02-17 10:15:29 -08:00
Junio C Hamano
f6b50a8bf4 Merge branch 'jk/remote-curl-an-array-in-struct-cannot-be-null'
Fix a misspelled conditional that is always true.

* jk/remote-curl-an-array-in-struct-cannot-be-null:
  do not check truth value of flex arrays
2015-02-17 10:15:27 -08:00
Junio C Hamano
ec8618a7f8 Merge branch 'jc/diff-format-doc'
The documentation incorrectly said that C(opy) and R(ename) are the
only ones that can be followed by the score number in the output in
the --raw format.

* jc/diff-format-doc:
  diff-format doc: a score can follow M for rewrite
2015-02-17 10:15:26 -08:00
Junio C Hamano
b93b5b21b5 Merge branch 'jk/dumb-http-idx-fetch-fix'
A broken pack .idx file in the receiving repository prevented the
dumb http transport from fetching a good copy of it from the other
side.

* jk/dumb-http-idx-fetch-fix:
  dumb-http: do not pass NULL path to parse_pack_index
2015-02-17 10:15:25 -08:00
Junio C Hamano
d7c8b33a35 Merge branch 'mg/commit-author-no-match-malformed-message'
The error message from "git commit", when a non-existing author
name was given as value to the "--author=" parameter, has been
reworded to avoid misunderstanding.

* mg/commit-author-no-match-malformed-message:
  commit: reword --author error message
2015-02-17 10:15:23 -08:00
Junio C Hamano
a23069ce04 Merge branch 'jc/doc-log-rev-list-options'
"git log --help" used to show rev-list options that are irrelevant
to the "log" command.

* jc/doc-log-rev-list-options:
  Documentation: what does "git log --indexed-objects" even mean?
2015-02-17 10:15:22 -08:00
Junio C Hamano
38459ee6af Merge branch 'jc/apply-ws-fix-expands'
"git apply --whitespace=fix" used to under-allocate the memory
when the fix resulted in a longer text than the original patch.

* jc/apply-ws-fix-expands:
  apply: count the size of postimage correctly
  apply: make update_pre_post_images() sanity check the given postlen
  apply.c: typofix
2015-02-17 10:15:21 -08:00
Junio C Hamano
c1fa3e21bc Merge branch 'ak/add-i-empty-candidates'
The interactive "show a list and let the user choose from it"
interface "add -i" used showed and prompted to the user even when
the candidate list was empty, against which the only "choice" the
user could have made was to choose nothing.

* ak/add-i-empty-candidates:
  add -i: return from list_and_choose if there is no candidate
2015-02-17 10:15:20 -08:00
Junio C Hamano
9f55a77777 Merge branch 'ks/rebase-i-abbrev'
The insn sheet "git rebase -i" creates did not fully honor
core.abbrev settings.

* ks/rebase-i-abbrev:
  rebase -i: use full object name internally throughout the script
2015-02-17 10:15:18 -08:00
Junio C Hamano
a6c68158e5 Merge branch 'mh/deref-symref-over-helper-transport'
"git fetch" over a remote-helper that cannot respond to "list"
command could not fetch from a symbolic reference e.g. HEAD.

* mh/deref-symref-over-helper-transport:
  transport-helper: do not request symbolic refs to remote helpers
2015-02-17 10:15:18 -08:00
Kyle J. McKay
f471494303 git-send-email.perl: support no- prefix with older GetOptions
Only Perl version 5.8.0 or later is required, but that comes with
an older Getopt::Long (2.32) that does not support the 'no-'
prefix.  Support for that was added in Getopt::Long version 2.33.

Since the help only mentions the 'no-' prefix and not the 'no'
prefix, add explicit support for the 'no-' prefix to support
older GetOptions versions.

Reported-by: Tom G. Christensen <tgc@statsbiblioteket.dk>
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Tested-by: Tom G. Christensen <tgc@statsbiblioteket.dk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-16 13:26:51 -08:00
Torsten Bögershausen
f400e51c13 test-lib.sh: set prerequisite SANITY by testing what we really need
What we wanted out of the SANITY precondition is that the filesystem
behaves sensibly with permission bits settings.

 - You should not be able to remove a file in a read-only directory,

 - You should not be able to tell if a file in a directory exists if
   the directory lacks read or execute permission bits.

We used to cheat by approximating that condition with "is the /
writable?" test and/or "are we running as root?" test.  Neither test
is sufficient or appropriate in environments like Cygwin.

Signed-off-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-15 15:48:38 -08:00
Junio C Hamano
db7b9e3ad3 t4008: modernise style
Update this ancient test script to a more modern style in which the
expected result is prepared inside the body of the test that uses
it.  Also, instead of using $tree, a shell variable, throughout the
test script, create a tag that points at it, to make it easier to
manually debug the test script in its trash directory.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-15 15:38:16 -08:00
Junio C Hamano
bd9150b7e5 t/diff-lib: check exact object names in compare_diff_raw
The "sanitize" helper wanted to strip the similarity and
dissimilarity scores when making comparison, but it was
stripping away the object names as well.

While we do not want to require the exact object names the tests
expect to be maintained, as it would be seen as an extra burden,
this would have prevented us catching a silly bug such as showing
non 0{40} object name on the preimage side of an addition or on the
postimage side of a deletion, because all [0-9a-f]{40} strings were
considered equally OK.

In the longer term, when a test only wants to see the status of the
change without having to worry about object names, it should be
rewritten not to inspect the raw format.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-15 15:38:16 -08:00
Junio C Hamano
459b8d22e5 tests: do not borrow from COPYING and README from the real source
These two files have been modified since the tests started using
as test input, making the exact object names they expect to be
different from what actually happens in the trash repository they
use to run tests.

Instead, take a snapshot of these two files and keep them in
t/diff-lib/ so that we can update the real ones without having to
worry about breaking tests.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-15 15:38:10 -08:00
Junio C Hamano
bb8db1b553 t4010: correct expected object names
The output the test expects is bogus.

It was left unnoticed only because compare_diff_raw, which only
cares about the add/delete/rename/copy was used to check the result.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-15 15:38:10 -08:00
Junio C Hamano
2c0ab4d49d t9300: correct expected object names
The output the test #36 expects is bogus.  There are no blob objects
whose names are 36a590... or 046d037... when this test was run.

It was left unnoticed only because compare_diff_raw, which only
cares about the add/delete/rename/copy was used to check the result.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-15 15:38:09 -08:00
Junio C Hamano
f2b4f0a23b t4008: correct stale comments
A complete rewrite of a single file was originally designed to be
expressed as a deletion immediately followed by a creation of the
same file, and the comments in the test updated here were written to
reflect that design decision made in f345b0a0 (Add -B flag to diff-*
brothers., 2005-05-30).  However, we later realized that a complete
rewrite is merely how a textual diff should be represented at
366175ef (Rework -B output., 2005-06-19), and updated the actual
tests.  But we forgot to update the introductory text while doing
so.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-15 15:38:09 -08:00
Stefan Beller
0b868f0eec hex.c: reduce memory footprint of sha1_to_hex static buffers
41 bytes is the exact number of bytes needed for having the returned
hex string represented. 50 seems to be an arbitrary number, such
that there are no benefits from alignment to certain address boundaries.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-13 13:42:17 -08:00
Дилян Палаузов
5d308512ff do not include the same header twice
A few files include the same header file directly more than once.

As all these headers protect themselves against repeated inclusion
by the "#ifndef FOO_H / #define FOO_H / ... / #endif" idiom, leave
only the first inclusion and remove the later inclusion as a no-op
clean-up.

Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-13 13:16:12 -08:00
Junio C Hamano
852a15d748 send-email: ask confirmation if given encoding name is very short
Sometimes people respond "y<ENTER>" (or "yes<ENTER>") when asked
this question:

    Which 8bit encoding should I declare [UTF-8]?

We already have a mechanism to avoid accepting a mistyped e-mail
address (we ask to confirm when the given address lacks "@" in it);
reuse it to trigger the same confirmation when given a very short
answer.  As a typical charset name is probably at least 4 chars or
longer (e.g. "UTF8" spelled without the dash, or "Big5"), this would
prevent such a mistake.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-13 12:20:25 -08:00
Mike Hommey
aab1beb0e1 transport-helper: ask the helper to set the same options for import as for fetch
A remote helper is currently only told about the 'check-connectivity',
'cloning', and 'update-shallow' options when it supports the 'fetch'
command, but not when it supports 'import' instead.

This is especially important for the 'cloning' option, because it
means a remote helper that only supports 'import' can't distinguish
between a clone and a pull besides doing some assumptions from the
git directory state.

Signed-off-by: Mike Hommey <mh@glandium.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-13 11:32:28 -08:00
Mike Hommey
2879bc3b0c transport-helper: ask the helper to set progress and verbosity options after asking for its capabilities
Currently, a remote helper is only told about the progress and verbosity
options for the 'fetch' and 'push' commands. This means a remote helper
that implements 'import' and 'export' can never know the user requested
progress or verbosity (or lack thereof) through the command line.

Telling the remote helper about those options after asking for its
capabilities ensures it can act accordingly for all commands.

Signed-off-by: Mike Hommey <mh@glandium.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-13 11:31:54 -08:00
Mike Hommey
45917f0f99 transport-helper: fix typo in error message when --signed is not supported
Signed-off-by: Mike Hommey <mh@glandium.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-12 12:31:28 -08:00
Michael Haggerty
31e79f0a54 refs: remove the gap in the REF_* constant values
There is no reason to "reserve" a gap between the public and private
flags values.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-12 11:42:53 -08:00
Michael Haggerty
581d4e0cdb refs: move REF_DELETING to refs.c
It is only used internally now. Document it a little bit better, too.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-12 11:42:53 -08:00
Junio C Hamano
a983e6ac58 xread/xwrite: clip MAX_IO_SIZE to SSIZE_MAX
Since 0b6806b9 (xread, xwrite: limit size of IO to 8MB, 2013-08-20),
we chomp our calls to read(2) and write(2) into chunks of
MAX_IO_SIZE bytes (8 MiB), because a large IO results in a bad
latency when the program needs to be killed.  This also brought our
IO below SSIZE_MAX, which is a limit POSIX allows read(2) and
write(2) to fail when the IO size exceeds it, for OS X, where a
problem was originally reported.

However, there are other systems that define SSIZE_MAX smaller than
our default, and feeding 8 MiB to underlying read(2)/write(2) would
fail.  Make sure we clip our calls to the lower limit as well.

Reported-by: Joachim Schmitz <jojo@schmitz-digital.de>
Helped-by: Torsten Bögershausen <tboegi@web.de>
Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-12 11:01:11 -08:00
Junio C Hamano
18d0fec240 Post 2.3 cycle (batch #1)
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-02-11 13:54:03 -08:00
Junio C Hamano
bb831db677 Merge branch 'ah/usage-strings'
* ah/usage-strings:
  standardize usage info string format
2015-02-11 13:44:20 -08:00