Commit Graph

8359 Commits

Author SHA1 Message Date
Junio C Hamano
792a572320 Merge branch 'so/rebase-doc-fork-point'
* so/rebase-doc-fork-point:
  Documentation/git-rebase.txt: document when --fork-point is auto-enabled
2014-10-14 10:49:07 -07:00
Christian Couder
dfd66ddf5a Documentation: add documentation for 'git interpret-trailers'
While at it add git-interpret-trailers to "command-list.txt".

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-13 13:59:49 -07:00
brian m. carlson
f8a48affbb Documentation: fix mismatched delimiters in git-imap-send
The documentation for git-imap-send uses block delimiters with
mismatched lengths, which Asciidoctor doesn't support.  As a result, the
page is misrendered.  Adjust the delimiters so that they are of the same
length.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-13 13:35:37 -07:00
brian m. carlson
c9a5172fdf Documentation: adjust document title underlining
AsciiDoc specification states that in two-line titles, the title
underline has to be the same length as the title text, plus or minus two
characters.  Asciidoctor, however, requires that this must be plus or
minus one character.  Adjust the underlines to be the same length as the
title text to improve compatibility.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-13 13:35:18 -07:00
Philip Oakley
673151a9bb doc: add 'everyday' to 'git help'
The "Everyday GIT With 20 Commands Or So" is not accessible via the
Git help system.  Move everyday.txt to giteveryday.txt so that "git
help everyday" works, and create a new placeholder file everyday.html
to refer people who follow existing URLs to the updated location.

giteveryday.txt now formats well with AsciiDoc as a man page and
refreshed content to a more command modern style.

Add 'everyday' to the help --guides list and update git(1) and 5
other links to giteveryday.

Signed-off-by: Philip Oakley <philipoakley@iee.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-10 16:02:26 -07:00
Philip Oakley
5a568ea050 doc: Makefile regularise OBSOLETE_HTML list building
Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Philip Oakley <philipoakley@iee.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-10 15:59:41 -07:00
Philip Oakley
992cb20688 doc: modernise everyday.txt wording and format in man page style
Refresh the contents of everyday.txt contents to a more modern
command style. Also update the mark-up so that it can be formatted
as a man page with AsciiDoc ready for transfer to the Git guides.
The transfer is in subsequent commits.

Guidance on modernising the command style provided by Junio at [1],
[2] and [3].

[1] Individual Developer, both Standalone and Participant
http://article.gmane.org/gmane.comp.version-control.git/254269
[2] Integrator
http://article.gmane.org/gmane.comp.version-control.git/254502
[3] Administrator
http://article.gmane.org/gmane.comp.version-control.git/254824

Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Philip Oakley <philipoakley@iee.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-10 15:59:40 -07:00
brian m. carlson
c30c43c07d Documentation: fix misrender of pretty-formats in Asciidoctor
Neither the AsciiDoc nor the Asciidoctor documentation specify whether
the same number of delimiter characters must be used to end a block as
to begin it, although both sets of documentation show exactly matching
pairs.  AsciiDoc allows mismatches, but AsciiDoctor apparently does not.
Adjust the pretty formats documentation to use matching pairs to prevent
a misrendering where the remainder of the document was rendered as a
listing block.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-08 13:51:46 -07:00
Junio C Hamano
63a45136a3 Update draft release notes to 2.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-08 13:08:55 -07:00
Junio C Hamano
fb06b5280e Merge branch 'jc/push-cert'
Allow "git push" request to be signed, so that it can be verified and
audited, using the GPG signature of the person who pushed, that the
tips of branches at a public repository really point the commits
the pusher wanted to, without having to "trust" the server.

* jc/push-cert: (24 commits)
  receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
  signed push: allow stale nonce in stateless mode
  signed push: teach smart-HTTP to pass "git push --signed" around
  signed push: fortify against replay attacks
  signed push: add "pushee" header to push certificate
  signed push: remove duplicated protocol info
  send-pack: send feature request on push-cert packet
  receive-pack: GPG-validate push certificates
  push: the beginning of "git push --signed"
  pack-protocol doc: typofix for PKT-LINE
  gpg-interface: move parse_signature() to where it should be
  gpg-interface: move parse_gpg_output() to where it should be
  send-pack: clarify that cmds_sent is a boolean
  send-pack: refactor inspecting and resetting status and sending commands
  send-pack: rename "new_refs" to "need_pack_data"
  receive-pack: factor out capability string generation
  send-pack: factor out capability string generation
  send-pack: always send capabilities
  send-pack: refactor decision to send update per ref
  send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
  ...
2014-10-08 13:05:25 -07:00
Junio C Hamano
325602ce12 Sync with maint
* maint:
  git-tag.txt: Add a missing hyphen to `-s`
2014-10-07 13:41:03 -07:00
Junio C Hamano
3c2dc76f01 Merge branch 'maint-2.0' into maint
* maint-2.0:
  git-tag.txt: Add a missing hyphen to `-s`
2014-10-07 13:40:51 -07:00
Junio C Hamano
76f8611a5f Merge branch 'maint-1.9' into maint-2.0
* maint-1.9:
  git-tag.txt: Add a missing hyphen to `-s`
2014-10-07 13:40:39 -07:00
Junio C Hamano
9181365b85 Merge branch 'maint-1.8.5' into maint-1.9
* maint-1.8.5:
  git-tag.txt: Add a missing hyphen to `-s`
2014-10-07 13:40:19 -07:00
Wieland Hoffmann
eeff891ac7 git-tag.txt: Add a missing hyphen to -s
Signed-off-by: Wieland Hoffmann <themineo@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-07 11:08:06 -07:00
Michael Haggerty
013870cd2c fdopen_lock_file(): access a lockfile using stdio
Add a new function, fdopen_lock_file(), which returns a FILE pointer
open to the lockfile. If a stream is open on a lock_file object, it is
closed using fclose() on commit, rollback, or close_lock_file().

This change will allow callers to use stdio to write to a lockfile
without having to muck around in the internal representation of the
lock_file object (callers will be rewritten in upcoming commits).

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 14:08:10 -07:00
Michael Haggerty
ec38b4e482 get_locked_file_path(): new function
Add a function to return the path of the file that is locked by a
lock_file object. This reduces the knowledge that callers have to have
about the lock_file layout.

Suggested-by: Ronnie Sahlberg <sahlberg@google.com>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:53:54 -07:00
Michael Haggerty
47ba4662bf lockfile: rename LOCK_NODEREF to LOCK_NO_DEREF
This makes it harder to misread the name as LOCK_NODE_REF.

Suggested-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:53:28 -07:00
Michael Haggerty
751bacedaa commit_lock_file_to(): refactor a helper out of commit_lock_file()
commit_locked_index(), when writing to an alternate index file,
duplicates (poorly) the code in commit_lock_file(). And anyway, it
shouldn't have to know so much about the internal workings of lockfile
objects. So extract a new function commit_lock_file_to() that does the
work common to the two functions, and call it from both
commit_lock_file() and commit_locked_index().

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:52:06 -07:00
Michael Haggerty
d75145acf6 api-lockfile: document edge cases
* Document the behavior of commit_lock_file() when it fails, namely
  that it rolls back the lock_file object and sets errno
  appropriately.

* Document the behavior of rollback_lock_file() when called for a
  lock_file object that has already been committed or rolled back,
  namely that it is a NOOP.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:14 -07:00
Michael Haggerty
8e86c155d2 close_lock_file(): if close fails, roll back
If closing an open lockfile fails, then we cannot be sure of the
contents of the lockfile, so there is nothing sensible to do but
delete it. This change also insures that the lock_file object is left
in a defined state in this error path (namely, unlocked).

The only caller that is ultimately affected by this change is
try_merge_strategy() -> write_locked_index(), which can call
close_lock_file() via various execution paths. This caller uses a
static lock_file object which previously could have been reused after
a failed close_lock_file() even though it was still in locked state.
This change causes the lock_file object to be unlocked on failure,
thus fixing this error-handling path.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:13 -07:00
Michael Haggerty
8a1c7533e2 commit_lock_file(): die() if called for unlocked lockfile object
It was previously a bug to call commit_lock_file() with a lock_file
object that was not active (an illegal access would happen within the
function).  It was presumably never done, but this would be an easy
programming error to overlook.  So before continuing, do a consistency
check that the lock_file object really is locked.

Helped-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:45:13 -07:00
Michael Haggerty
a5e48669a2 api-lockfile: revise and expand the documentation
Document a couple more functions and the flags argument as used by
hold_lock_file_for_update() and hold_lock_file_for_append().
Reorganize the document to make it more accessible.

Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Helped-by: Junio Hamano <gitster@pobox.com>
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-01 13:38:38 -07:00
Junio C Hamano
565301e416 Sync with 2.1.2
* maint:
  Git 2.1.2
2014-09-29 22:17:57 -07:00
Junio C Hamano
80b616d04b Git 2.1.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-29 22:15:00 -07:00
Junio C Hamano
060517093e Merge branch 'jk/send-pack-many-refspecs' into maint
"git push" over HTTP transport had an artificial limit on number of
refs that can be pushed imposed by the command line length.

* jk/send-pack-many-refspecs:
  send-pack: take refspecs over stdin
2014-09-29 22:08:17 -07:00
Junio C Hamano
e7867e80f0 Merge branch 'so/rebase-doc' into maint
* so/rebase-doc:
  Documentation/git-rebase.txt: <upstream> must be given to specify <branch>
  Documentation/git-rebase.txt: -f forces a rebase that would otherwise be a no-op
2014-09-29 22:08:12 -07:00
Junio C Hamano
0bf7dd652c Update draft release notes to 2.2 2014-09-29 12:44:43 -07:00
Junio C Hamano
507fe835ed Merge branch 'da/rev-parse-verify-quiet'
"rev-parse --verify --quiet $name" is meant to quietly exit with a
non-zero status when $name is not a valid object name, but still
gave error messages in some cases.

* da/rev-parse-verify-quiet:
  stash: prefer --quiet over shell redirection of the standard error stream
  refs: make rev-parse --quiet actually quiet
  t1503: use test_must_be_empty
  Documentation: a note about stdout for git rev-parse --verify --quiet
2014-09-29 12:36:10 -07:00
Junio C Hamano
b8e533f12a Merge branch 'hj/pretty-naked-decoration'
The pretty-format specifier "%d", which expanded to " (tagname)"
for a tagged commit, gained a cousin "%D" that just gives the
"tagname" without frills.

* hj/pretty-naked-decoration:
  pretty: add %D format specifier
2014-09-29 12:36:09 -07:00
Sergey Organov
f51a48ec3a Documentation/git-rebase.txt: document when --fork-point is auto-enabled
Running "git rebase" without giving a specific commit with respect
to which the operation is done enables --fork-point mode, while
telling the command to rebase with respect to a specific commit,
i.e. "git rebase <upstream>" does not.

This was not mentioned in the DESCRIPTION section of the manual
page, even though the case of omitted <upstream> was otherwise
discussed.  That in turn made actual behavior of vanilla "git
rebase" hardly discoverable.

While we are at it, clarify the --fork-point description itself as
well.

Signed-off-by: Sergey Organov <sorganov@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-29 09:30:04 -07:00
Junio C Hamano
d29e9c89db Update draft release notes to 2.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-26 14:59:32 -07:00
Junio C Hamano
1c2ea2cdc0 Merge branch 'rs/realloc-array'
Code cleanup.

* rs/realloc-array:
  use REALLOC_ARRAY for changing the allocation size of arrays
  add macro REALLOC_ARRAY
2014-09-26 14:39:45 -07:00
Junio C Hamano
b33000878a Merge branch 'jk/close-stderr-of-credential-cache-deamon'
Plug fd leaks.

* jk/close-stderr-of-credential-cache-deamon:
  credential-cache: close stderr in daemon process
2014-09-26 14:39:45 -07:00
Junio C Hamano
97b8860c07 Update draft release notes to 2.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-19 14:25:09 -07:00
Junio C Hamano
85e70c31ef Sync with Git 2.1.1 2014-09-19 14:22:43 -07:00
Junio C Hamano
349cb50963 Git 2.1.1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-19 14:21:31 -07:00
Junio C Hamano
f7153344cf Merge branch 'sp/pack-protocol-doc-on-shallow' into maint
* sp/pack-protocol-doc-on-shallow:
  Document LF appearing in shallow command during send-pack/receive-pack
2014-09-19 14:05:11 -07:00
Junio C Hamano
04cd47f553 Merge branch 'jk/command-line-config-empty-string' into maint
* jk/command-line-config-empty-string:
  config: teach "git -c" to recognize an empty string

Conflicts:
	config.c
2014-09-19 14:05:10 -07:00
Junio C Hamano
9c9fbee8f5 Merge branch 'so/rebase-doc'
* so/rebase-doc:
  Documentation/git-rebase.txt: <upstream> must be given to specify <branch>
2014-09-19 11:38:42 -07:00
Junio C Hamano
9d6db4a28d Merge branch 'sp/doc-update-index-cacheinfo'
* sp/doc-update-index-cacheinfo:
  Documentation: use single-parameter --cacheinfo in example
2014-09-19 11:38:40 -07:00
Junio C Hamano
56feed1c76 Merge branch 'rs/export-strbuf-addchars'
Code clean-up.

* rs/export-strbuf-addchars:
  strbuf: use strbuf_addchars() for adding a char multiple times
  strbuf: export strbuf_addchars()
2014-09-19 11:38:39 -07:00
Junio C Hamano
ceeacc501b Merge branch 'bb/date-iso-strict'
"log --date=iso" uses a slight variant of ISO 8601 format that is
made more human readable.  A new "--date=iso-strict" option gives
datetime output that is more strictly conformant.

* bb/date-iso-strict:
  pretty: provide a strict ISO 8601 date format
2014-09-19 11:38:32 -07:00
Junio C Hamano
b1de6b21f3 Merge branch 'jk/fast-export-anonymize'
Sometimes users want to report a bug they experience on their
repository, but they are not at liberty to share the contents of
the repository.  "fast-export" was taught an "--anonymize" option
to replace blob contents, names of people and paths and log
messages with bland and simple strings to help them.

* jk/fast-export-anonymize:
  docs/fast-export: explain --anonymize more completely
  teach fast-export an --anonymize option
2014-09-19 11:38:31 -07:00
Junio C Hamano
d9dd4cebec Merge branch 'jk/send-pack-many-refspecs'
The number of refs that can be pushed at once over smart HTTP was
limited by the command line length.  The limitation has been lifted
by passing these refs from the standard input of send-pack.

* jk/send-pack-many-refspecs:
  send-pack: take refspecs over stdin
2014-09-19 11:38:31 -07:00
Harry Jeffery
9271095cc5 pretty: add %D format specifier
Add a new format specifier, '%D' that is identical in behaviour to '%d',
except that it does not include the ' (' prefix or ')' suffix provided
by '%d'.

Signed-off-by: Harry Jeffery <harry@exec64.co.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-18 15:15:21 -07:00
René Scharfe
3ac22f82ed add macro REALLOC_ARRAY
The macro ALLOC_GROW manages several aspects of dynamic memory
allocations for arrays: It performs overprovisioning in order to avoid
reallocations in future calls, updates the allocation size variable,
multiplies the item size and thus allows users to simply specify the
item count, performs the reallocation and updates the array pointer.

Sometimes this is too much.  Add the macro REALLOC_ARRAY, which only
takes care of the latter three points and allows users to specfiy the
number of items the array can store.  It can increase and also decrease
the size.  Using the macro avoid duplicating the variable name and
takes care of the item sizes automatically.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-18 09:13:38 -07:00
Junio C Hamano
5732373daa signed push: allow stale nonce in stateless mode
When operating with the stateless RPC mode, we will receive a nonce
issued by another instance of us that advertised our capability and
refs some time ago.  Update the logic to check received nonce to
detect this case, compute how much time has passed since the nonce
was issued and report the status with a new environment variable
GIT_PUSH_CERT_NONCE_SLOP to the hooks.

GIT_PUSH_CERT_NONCE_STATUS will report "SLOP" in such a case.  The
hooks are free to decide how large a slop it is willing to accept.

Strictly speaking, the "nonce" is not really a "nonce" anymore in
the stateless RPC mode, as it will happily take any "nonce" issued
by it (which is protected by HMAC and its secret key) as long as it
is fresh enough.  The degree of this security degradation, relative
to the native protocol, is about the same as the "we make sure that
the 'git push' decided to update our refs with new objects based on
the freshest observation of our refs by making sure the values they
claim the original value of the refs they ask us to update exactly
match the current state" security is loosened to accomodate the
stateless RPC mode in the existing code without this series, so
there is no need for those who are already using smart HTTP to push
to their repositories to be alarmed any more than they already are.

In addition, the server operator can set receive.certnonceslop
configuration variable to specify how stale a nonce can be (in
seconds).  When this variable is set, and if the nonce received in
the certificate that passes the HMAC check was less than that many
seconds old, hooks are given "OK" in GIT_PUSH_CERT_NONCE_STATUS
(instead of "SLOP") and the received nonce value is given in
GIT_PUSH_CERT_NONCE, which makes it easier for a simple-minded
hook to check if the certificate we received is recent enough.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-17 15:19:54 -07:00
Junio C Hamano
b89363e4a5 signed push: fortify against replay attacks
In order to prevent a valid push certificate for pushing into an
repository from getting replayed in a different push operation, send
a nonce string from the receive-pack process and have the signer
include it in the push certificate.  The receiving end uses an HMAC
hash of the path to the repository it serves and the current time
stamp, hashed with a secret seed (the secret seed does not have to
be per-repository but can be defined in /etc/gitconfig) to generate
the nonce, in order to ensure that a random third party cannot forge
a nonce that looks like it originated from it.

The original nonce is exported as GIT_PUSH_CERT_NONCE for the hooks
to examine and match against the value on the "nonce" header in the
certificate to notice a replay, but returned "nonce" header in the
push certificate is examined by receive-pack and the result is
exported as GIT_PUSH_CERT_NONCE_STATUS, whose value would be "OK"
if the nonce recorded in the certificate matches what we expect, so
that the hooks can more easily check.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-17 14:27:40 -07:00
Sergey Organov
95c68267ff Documentation/git-rebase.txt: <upstream> must be given to specify <branch>
Current syntax description makes one wonder if there is any
syntactic way to distinguish between <branch> and <upstream> so that
one can specify <branch> but not <upstream>, but that is not the
case.

Make it explicit that these arguments are positional, i.e. the
earlier ones cannot be omitted if you want to give later ones.

Signed-off-by: Sergey Organov <sorganov@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-16 11:27:12 -07:00
Jeff King
f5e3c0b9d0 credential-cache: close stderr in daemon process
If the stderr of "git credential-cache" is redirected to a
pipe, the reader on the other end of a pipe may be surprised
that the pipe remains open long after the process exits.
This happens because we may auto-spawn a daemon which is
long-lived, and which keeps stderr open.

We can solve this by redirecting the daemon's stderr to
/dev/null once we are ready to go into our event loop. We
would not want to do so before then, because we may want to
report errors about the setup (e.g., failure to establish
the listening socket).

This does mean that we will not report errors we encounter
for specific clients. That's acceptable, as such errors
should be rare (e.g., clients sending buggy requests).
However, we also provide an escape hatch: if you want to see
these later messages, you can provide the "--debug" option
to keep stderr open.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-16 11:11:58 -07:00
David Aguilar
56625df74c Documentation: a note about stdout for git rev-parse --verify --quiet
Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-15 15:34:31 -07:00
Junio C Hamano
9be89160e7 signed push: add "pushee" header to push certificate
Record the URL of the intended recipient for a push (after
anonymizing it if it has authentication material) on a new "pushee
URL" header.  Because the networking configuration (SSH-tunnels,
proxies, etc.) on the pushing user's side varies, the receiving
repository may not know the single canonical URL all the pushing
users would refer it as (besides, many sites allow pushing over
ssh://host/path and https://host/path protocols to the same
repository but with different local part of the path).  So this
value may not be reliably used for replay-attack prevention
purposes, but this will still serve as a human readable hint to
identify the repository the certificate refers to.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-15 13:23:28 -07:00
Junio C Hamano
4adf569dea signed push: remove duplicated protocol info
With the interim protocol, we used to send the update commands even
though we already send a signed copy of the same information when
push certificate is in use.  Update the send-pack/receive-pack pair
not to do so.

The notable thing on the receive-pack side is that it makes sure
that there is no command sent over the traditional protocol packet
outside the push certificate.  Otherwise a pusher can claim to be
pushing one set of ref updates in the signed certificate while
issuing commands to update unrelated refs, and such an update will
evade later audits.

Finally, start documenting the protocol.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-15 13:23:28 -07:00
Junio C Hamano
d05b9618ce receive-pack: GPG-validate push certificates
Reusing the GPG signature check helpers we already have, verify
the signature in receive-pack and give the results to the hooks
via GIT_PUSH_CERT_{SIGNER,KEY,STATUS} environment variables.

Policy decisions, such as accepting or rejecting a good signature by
a key that is not fully trusted, is left to the hook and kept
outside of the core.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-15 13:23:28 -07:00
Junio C Hamano
a85b377d04 push: the beginning of "git push --signed"
While signed tags and commits assert that the objects thusly signed
came from you, who signed these objects, there is not a good way to
assert that you wanted to have a particular object at the tip of a
particular branch.  My signing v2.0.1 tag only means I want to call
the version v2.0.1, and it does not mean I want to push it out to my
'master' branch---it is likely that I only want it in 'maint', so
the signature on the object alone is insufficient.

The only assurance to you that 'maint' points at what I wanted to
place there comes from your trust on the hosting site and my
authentication with it, which cannot easily audited later.

Introduce a mechanism that allows you to sign a "push certificate"
(for the lack of better name) every time you push, asserting that
what object you are pushing to update which ref that used to point
at what other object.  Think of it as a cryptographic protection for
ref updates, similar to signed tags/commits but working on an
orthogonal axis.

The basic flow based on this mechanism goes like this:

 1. You push out your work with "git push --signed".

 2. The sending side learns where the remote refs are as usual,
    together with what protocol extension the receiving end
    supports.  If the receiving end does not advertise the protocol
    extension "push-cert", an attempt to "git push --signed" fails.

    Otherwise, a text file, that looks like the following, is
    prepared in core:

	certificate version 0.1
	pusher Junio C Hamano <gitster@pobox.com> 1315427886 -0700

	7339ca65... 21580ecb... refs/heads/master
	3793ac56... 12850bec... refs/heads/next

    The file begins with a few header lines, which may grow as we
    gain more experience.  The 'pusher' header records the name of
    the signer (the value of user.signingkey configuration variable,
    falling back to GIT_COMMITTER_{NAME|EMAIL}) and the time of the
    certificate generation.  After the header, a blank line follows,
    followed by a copy of the protocol message lines.

    Each line shows the old and the new object name at the tip of
    the ref this push tries to update, in the way identical to how
    the underlying "git push" protocol exchange tells the ref
    updates to the receiving end (by recording the "old" object
    name, the push certificate also protects against replaying).  It
    is expected that new command packet types other than the
    old-new-refname kind will be included in push certificate in the
    same way as would appear in the plain vanilla command packets in
    unsigned pushes.

    The user then is asked to sign this push certificate using GPG,
    formatted in a way similar to how signed tag objects are signed,
    and the result is sent to the other side (i.e. receive-pack).

    In the protocol exchange, this step comes immediately before the
    sender tells what the result of the push should be, which in
    turn comes before it sends the pack data.

 3. When the receiving end sees a push certificate, the certificate
    is written out as a blob.  The pre-receive hook can learn about
    the certificate by checking GIT_PUSH_CERT environment variable,
    which, if present, tells the object name of this blob, and make
    the decision to allow or reject this push.  Additionally, the
    post-receive hook can also look at the certificate, which may be
    a good place to log all the received certificates for later
    audits.

Because a push certificate carry the same information as the usual
command packets in the protocol exchange, we can omit the latter
when a push certificate is in use and reduce the protocol overhead.
This however is not included in this patch to make it easier to
review (in other words, the series at this step should never be
released without the remainder of the series, as it implements an
interim protocol that will be incompatible with the final one).
As such, the documentation update for the protocol is left out of
this step.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-15 13:23:20 -07:00
Junio C Hamano
e543b3f6fe pack-protocol doc: typofix for PKT-LINE
Everywhere else we use PKT-LINE to denote the pkt-line formatted
data, but "shallow/deepen" messages are described with PKT_LINE().

Fix them.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-15 13:23:20 -07:00
Eric Wong
a831a3fd86 git svn: find-rev allows short switches for near matches
Allow -B and -A to act as short aliases for --before and --after
options respectively.  This reduces typing and hopefully allows
reuse of muscle memory for grep(1) users.

Signed-off-by: Eric Wong <normalperson@yhbt.net>
2014-09-14 08:08:24 +00:00
Lawrence Velázquez
26bb3c10ef git-svn.txt: Remove mentions of repack options
Git no longer seems to use these flags or their associated config keys;
when they are present, git-svn outputs a message indicating that they
are being ignored.

Signed-off-by: Lawrence Velázquez <vq@larryv.me>
Signed-off-by: Eric Wong <normalperson@yhbt.net>
2014-09-14 08:08:24 +00:00
Junio C Hamano
ce1d3a93a6 Update draft release notes to 2.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-11 11:19:47 -07:00
Steffen Prohaska
7ac92f64dd Documentation: use single-parameter --cacheinfo in example
The single-parameter form is described as the preferred way.  Separate
arguments are only supported for backward compatibility.  Update the
example to the recommended form.

Signed-off-by: Steffen Prohaska <prohaska@zib.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-11 10:38:02 -07:00
Junio C Hamano
bedd3b4b7b Merge branch 'nd/large-blobs'
Teach a few codepaths to punt (instead of dying) when large blobs
that would not fit in core are involved in the operation.

* nd/large-blobs:
  diff: shortcut for diff'ing two binary SHA-1 objects
  diff --stat: mark any file larger than core.bigfilethreshold binary
  diff.c: allow to pass more flags to diff_populate_filespec
  sha1_file.c: do not die failing to malloc in unpack_compressed_entry
  wrapper.c: introduce gentle xmallocz that does not die()
2014-09-11 10:33:33 -07:00
Junio C Hamano
825fd93767 Merge branch 'rs/child-process-init'
Code clean-up.

* rs/child-process-init:
  run-command: inline prepare_run_command_v_opt()
  run-command: call run_command_v_opt_cd_env() instead of duplicating it
  run-command: introduce child_process_init()
  run-command: introduce CHILD_PROCESS_INIT
2014-09-11 10:33:27 -07:00
Junio C Hamano
7f346e9d73 Merge branch 'ta/config-set-1'
Use the new caching config-set API in git_config() calls.

* ta/config-set-1:
  add tests for `git_config_get_string_const()`
  add a test for semantic errors in config files
  rewrite git_config() to use the config-set API
  config: add `git_die_config()` to the config-set API
  change `git_config()` return value to void
  add line number and file name info to `config_set`
  config.c: fix accuracy of line number in errors
  config.c: mark error and warnings strings for translation
2014-09-11 10:33:25 -07:00
Junio C Hamano
0c72b98f31 Update draft release notes to 2.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-09 13:06:26 -07:00
Junio C Hamano
346fad5bb3 Merge branch 'sp/pack-protocol-doc-on-shallow'
* sp/pack-protocol-doc-on-shallow:
  Document LF appearing in shallow command during send-pack/receive-pack
2014-09-09 12:54:09 -07:00
Junio C Hamano
c0ad561a46 Merge branch 'tf/imap-send-create'
* tf/imap-send-create:
  imap-send: create target mailbox if it is missing
  imap-send: clarify CRAM-MD5 vs LOGIN documentation
2014-09-09 12:54:09 -07:00
Junio C Hamano
3ef87bd872 Merge branch 'tb/pretty-format-cd-date-format'
Documentation update.

* tb/pretty-format-cd-date-format:
  pretty: note that %cd respects the --date= option
2014-09-09 12:54:08 -07:00
Junio C Hamano
067f86fe12 Merge branch 'so/rebase-doc'
May need further updates to the description to explain what makes
various modes of operation to decide that the request can become a
"no-op".

* so/rebase-doc:
  Documentation/git-rebase.txt: -f forces a rebase that would otherwise be a no-op
2014-09-09 12:54:04 -07:00
Junio C Hamano
4645b014c5 Merge branch 'la/init-doc'
* la/init-doc:
  Documentation: git-init: flesh out example
  Documentation: git-init: template directory: reword and cross-reference
  Documentation: git-init: reword parenthetical statements
  Documentation: git-init: --separate-git-dir: clarify
  Documentation: git-init: template directory: reword
  Documentation: git-init: list items facelift
  Documentation: git-init: typographical fixes
2014-09-09 12:54:00 -07:00
Junio C Hamano
93424a0fd8 Merge branch 'jk/command-line-config-empty-string'
"git -c section.var command" and "git -c section.var= command"
should pass the configuration differently (the former should be
a boolean true, the latter should be an empty string).

* jk/command-line-config-empty-string:
  config: teach "git -c" to recognize an empty string
2014-09-09 12:53:57 -07:00
Junio C Hamano
713c6f3ab0 Merge branch 'bc/imap-send-doc'
* bc/imap-send-doc:
  imap-send doc: omit confusing "to use imap-send" modifier
2014-09-09 12:53:55 -07:00
René Scharfe
d07235a027 strbuf: export strbuf_addchars()
Move strbuf_addchars() to strbuf.c, where it belongs, and make it
available for other callers.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-08 11:26:45 -07:00
Junio C Hamano
85f083786f Start the post-2.1 cycle
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-02 13:30:13 -07:00
Junio C Hamano
f655651e09 Merge branch 'rs/strbuf-getcwd'
Reduce the use of fixed sized buffer passed to getcwd() calls
by introducing xgetcwd() helper.

* rs/strbuf-getcwd:
  use strbuf_add_absolute_path() to add absolute paths
  abspath: convert absolute_path() to strbuf
  use xgetcwd() to set $GIT_DIR
  use xgetcwd() to get the current directory or die
  wrapper: add xgetcwd()
  abspath: convert real_path_internal() to strbuf
  abspath: use strbuf_getcwd() to remember original working directory
  setup: convert setup_git_directory_gently_1 et al. to strbuf
  unix-sockets: use strbuf_getcwd()
  strbuf: add strbuf_getcwd()
2014-09-02 13:28:44 -07:00
Junio C Hamano
56f214e071 Merge branch 'ta/config-set'
Add in-core caching layer to let us avoid reading the same
configuration files number of times.

* ta/config-set:
  test-config: add tests for the config_set API
  add `config_set` API for caching config-like files
2014-09-02 13:24:18 -07:00
Beat Bolli
466fb6742d pretty: provide a strict ISO 8601 date format
Git's "ISO" date format does not really conform to the ISO 8601
standard due to small differences, and it cannot be parsed by ISO
8601-only parsers, e.g. those of XML toolchains.

The output from "--date=iso" deviates from ISO 8601 in these ways:

  - a space instead of the `T` date/time delimiter
  - a space between time and time zone
  - no colon between hours and minutes of the time zone

Add a strict ISO 8601 date format for displaying committer and
author dates.  Use the '%aI' and '%cI' format specifiers and add
'--date=iso-strict' or '--date=iso8601-strict' date format names.

See http://thread.gmane.org/gmane.comp.version-control.git/255879 and
http://thread.gmane.org/gmane.comp.version-control.git/52414/focus=52585
for discussion.

Signed-off-by: Beat Bolli <bbolli@ewanet.ch>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-29 12:37:02 -07:00
Shawn Pearce
5d146f7a0f Document LF appearing in shallow command during send-pack/receive-pack
The implementation sends an LF, but the protocol documentation was
missing this detail.

Signed-off-by: Shawn Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-28 15:13:55 -07:00
Jeff King
75d3d6573e docs/fast-export: explain --anonymize more completely
The original commit made mention of this option, but not why
one might want it or how they might use it. Let's try to be
a little more thorough, and also explain how to confirm that
the output really is anonymous.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-28 10:32:52 -07:00
Jeff King
a872275098 teach fast-export an --anonymize option
Sometimes users want to report a bug they experience on
their repository, but they are not at liberty to share the
contents of the repository. It would be useful if they could
produce a repository that has a similar shape to its history
and tree, but without leaking any information. This
"anonymized" repository could then be shared with developers
(assuming it still replicates the original problem).

This patch implements an "--anonymize" option to
fast-export, which generates a stream that can recreate such
a repository. Producing a single stream makes it easy for
the caller to verify that they are not leaking any useful
information. You can get an overview of what will be shared
by running a command like:

  git fast-export --anonymize --all |
  perl -pe 's/\d+/X/g' |
  sort -u |
  less

which will show every unique line we generate, modulo any
numbers (each anonymized token is assigned a number, like
"User 0", and we replace it consistently in the output).

In addition to anonymizing, this produces test cases that
are relatively small (compared to the original repository)
and fast to generate (compared to using filter-branch, or
modifying the output of fast-export yourself). Here are
numbers for git.git:

  $ time git fast-export --anonymize --all \
         --tag-of-filtered-object=drop >output
  real    0m2.883s
  user    0m2.828s
  sys     0m0.052s

  $ gzip output
  $ ls -lh output.gz | awk '{print $5}'
  2.9M

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-27 10:42:16 -07:00
Jeff King
26be19ba8d send-pack: take refspecs over stdin
Pushing a large number of refs works over most transports,
because we implement send-pack as an internal function.
However, it can sometimes fail when pushing over http,
because we have to spawn "git send-pack --stateless-rpc" to
do the heavy lifting, and we pass each refspec on the
command line. This can cause us to overflow the OS limits on
the size of the command line for a large push.

We can solve this by giving send-pack a --stdin option and
using it from remote-curl.  We already dealt with this on
the fetch-pack side in 078b895 (fetch-pack: new --stdin
option to read refs from stdin, 2012-04-02). The stdin
option (and in particular, its use of packet-lines for
stateless-rpc input) is modeled after that solution.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-26 12:58:02 -07:00
René Scharfe
679eebe24d abspath: convert absolute_path() to strbuf
Move most of the code of absolute_path() into the new function
strbuf_add_absolute_path() and in the process transform it to use
struct strbuf and xgetcwd() instead of a PATH_MAX-sized buffer,
which can be too small on some file systems.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-26 11:06:06 -07:00
Thomas Braun
dddecc5b7f pretty: note that %cd respects the --date= option
Signed-off-by: Thomas Braun <thomas.braun@virtuell-zuhause.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-21 13:09:06 -07:00
René Scharfe
483bbd4e4c run-command: introduce child_process_init()
Add a helper function for initializing those struct child_process
variables for which the macro CHILD_PROCESS_INIT can't be used.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-20 09:54:58 -07:00
René Scharfe
d318027932 run-command: introduce CHILD_PROCESS_INIT
Most struct child_process variables are cleared using memset first after
declaration.  Provide a macro, CHILD_PROCESS_INIT, that can be used to
initialize them statically instead.  That's shorter, doesn't require a
function call and is slightly more readable (especially given that we
already have STRBUF_INIT, ARGV_ARRAY_INIT etc.).

Helped-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-20 09:53:37 -07:00
Nguyễn Thái Ngọc Duy
6bf3b81348 diff --stat: mark any file larger than core.bigfilethreshold binary
Too large files may lead to failure to allocate memory. If it happens
here, it could impact quite a few commands that involve
diff. Moreover, too large files are inefficient to compare anyway (and
most likely non-text), so mark them binary and skip looking at their
content.

Noticed-by: Dale R. Worley <worley@alum.mit.edu>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-18 10:16:45 -07:00
Junio C Hamano
6c4ab27f23 Git 2.1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-15 15:09:12 -07:00
Sergey Organov
2d26d533a0 Documentation/git-rebase.txt: -f forces a rebase that would otherwise be a no-op
"Current branch is a descendant of the commit you are rebasing onto"
does not necessarily mean "rebase" requires "--force".  For a plain
vanilla "history flattening" rebase, the rebase can be done without
forcing if there is a merge between the tip of the branch being
rebased and the commit you are rebasing onto, even if the tip is
descendant of the other.

[jc: reworded both the text and the log description]

Signed-off-by: Sergey Organov <sorganov@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-12 13:37:45 -07:00
Linus Arver
64de2e10a0 Documentation: git-init: flesh out example
Add a third step `git commit` after adding files for the first time.

Signed-off-by: Linus Arver <linusarver@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-08 13:17:42 -07:00
Linus Arver
8994fbf3ec Documentation: git-init: template directory: reword and cross-reference
Signed-off-by: Linus Arver <linusarver@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-08 13:17:42 -07:00
Linus Arver
4dde849a20 Documentation: git-init: reword parenthetical statements
Signed-off-by: Linus Arver <linusarver@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-08 13:17:41 -07:00
Linus Arver
c165d1f5ca Documentation: git-init: --separate-git-dir: clarify
Use shorter sentences to describe what actually happens. We describe
what the term "Git symbolic link" actually means.

Also, we separate out the description of the behavioral change upon
reinitialization into its own paragraph.

Signed-off-by: Linus Arver <linusarver@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-08 13:17:41 -07:00
Linus Arver
86d387af37 Documentation: git-init: template directory: reword
Signed-off-by: Linus Arver <linusarver@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-08 13:17:41 -07:00
Linus Arver
ddeab3aea3 Documentation: git-init: list items facelift
No textual change.

Signed-off-by: Linus Arver <linusarver@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-08 13:17:40 -07:00
Linus Arver
6e1ccacbed Documentation: git-init: typographical fixes
Use backticks when we quote something that the user should literally
use.

Signed-off-by: Linus Arver <linusarver@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-08 13:17:40 -07:00
Tanay Abhra
5a80e97c82 config: add git_die_config() to the config-set API
Add `git_die_config` that dies printing the line number and the file name
of the highest priority value for the configuration variable `key`. A custom
error message is also printed before dying, specified by the caller, which can
be skipped if `err` argument is set to NULL.

It has usage in non-callback based config value retrieval where we can
raise an error and die if there is a semantic error.
For example,

	if (!git_config_get_value(key, &value)){
		if (!strcmp(value, "foo"))
			git_config_die(key, "value: `%s` is illegal", value);
		else
			/* do work */
	}

Signed-off-by: Tanay Abhra <tanayabh@gmail.com>
Reviewed-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-07 11:40:25 -07:00
Marc Branchaud
5261ec5d5d Release notes: grammatical fixes
Signed-off-by: Marc Branchaud <marcnarc@xiplink.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-07 09:44:05 -07:00
brian m. carlson
a127b3f24d imap-send doc: omit confusing "to use imap-send" modifier
It wouldn't make sense for these configuration variables to be
required for Git in general to function.  'Required' in this context
means required for git imap-send to work.

Noticed while trying to figure out what the sentence describing
imap.tunnel meant.

[jn: expanded to also simplify explanation of imap.folder and
 imap.host in the same way]

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-05 11:51:37 -07:00
Junio C Hamano
f54d3c6d7c RelNotes: no more check_ref_format micro-optimization
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-05 11:45:09 -07:00
Junio C Hamano
a789ca70e7 config: teach "git -c" to recognize an empty string
In a config file, you can do:

  [foo]
  bar

to turn the "foo.bar" boolean flag on, and you can do:

  [foo]
  bar=

to set "foo.bar" to the empty string. However, git's "-c"
parameter treats both:

  git -c foo.bar

and

  git -c foo.bar=

as the boolean flag, and there is no way to set a variable
to the empty string. This patch enables the latter form to
do that.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-05 10:09:17 -07:00