summaryrefslogtreecommitdiff
path: root/transport-helper.c
AgeCommit message (Collapse)AuthorFilesLines
2014-10-28use child_process_init() to initialize struct child_process variablesLibravatar René Scharfe1-1/+1
Call child_process_init() instead of zeroing the memory of variables of type struct child_process by hand before use because the former is both clearer and shorter. Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-24Merge branch 'rs/run-command-env-array'Libravatar Junio C Hamano1-8/+2
Add managed "env" array to child_process to clarify the lifetime rules. * rs/run-command-env-array: use env_array member of struct child_process run-command: add env_array, an optional argv_array for env
2014-10-19use env_array member of struct child_processLibravatar René Scharfe1-8/+2
Convert users of struct child_process to using the managed env_array for specifying environment variables instead of supplying an array on the stack or bringing their own argv_array. This shortens and simplifies the code and ensures automatically that the allocated memory is freed after use. Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-15refs.c: change resolve_ref_unsafe reading argument to be a flags fieldLibravatar Ronnie Sahlberg1-1/+4
resolve_ref_unsafe takes a boolean argument for reading (a nonexistent ref resolves successfully for writing but not for reading). Change this to be a flags field instead, and pass the new constant RESOLVE_REF_READING when we want this behaviour. While at it, swap two of the arguments in the function to put output arguments at the end. As a nice side effect, this ensures that we can catch callers that were unaware of the new API so they can be audited. Give the wrapper functions resolve_refdup and read_ref_full the same treatment for consistency. Signed-off-by: Ronnie Sahlberg <sahlberg@google.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-08Merge branch 'jc/push-cert'Libravatar Junio C Hamano1-1/+8
Allow "git push" request to be signed, so that it can be verified and audited, using the GPG signature of the person who pushed, that the tips of branches at a public repository really point the commits the pusher wanted to, without having to "trust" the server. * jc/push-cert: (24 commits) receive-pack::hmac_sha1(): copy the entire SHA-1 hash out signed push: allow stale nonce in stateless mode signed push: teach smart-HTTP to pass "git push --signed" around signed push: fortify against replay attacks signed push: add "pushee" header to push certificate signed push: remove duplicated protocol info send-pack: send feature request on push-cert packet receive-pack: GPG-validate push certificates push: the beginning of "git push --signed" pack-protocol doc: typofix for PKT-LINE gpg-interface: move parse_signature() to where it should be gpg-interface: move parse_gpg_output() to where it should be send-pack: clarify that cmds_sent is a boolean send-pack: refactor inspecting and resetting status and sending commands send-pack: rename "new_refs" to "need_pack_data" receive-pack: factor out capability string generation send-pack: factor out capability string generation send-pack: always send capabilities send-pack: refactor decision to send update per ref send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher ...
2014-09-17signed push: teach smart-HTTP to pass "git push --signed" aroundLibravatar Junio C Hamano1-1/+8
The "--signed" option received by "git push" is first passed to the transport layer, which the native transport directly uses to notice that a push certificate needs to be sent. When the transport-helper is involved, however, the option needs to be told to the helper with set_helper_option(), and the helper needs to take necessary action. For the smart-HTTP helper, the "necessary action" involves spawning the "git send-pack" subprocess with the "--signed" option. Once the above all gets wired in, the smart-HTTP transport now can use the push certificate mechanism to authenticate its pushes. Add a test that is modeled after tests for the native transport in t5534-push-signed.sh to t5541-http-push-smart.sh. Update the test Apache configuration to pass GNUPGHOME environment variable through. As PassEnv would trigger warnings for an environment variable that is not set, export it from test-lib.sh set to a harmless value when GnuPG is not being used in the tests. Note that the added test is deliberately loose and does not check the nonce in this step. This is because the stateless RPC mode is inevitably flaky and a nonce that comes back in the actual push processing is one issued by a different process; if the two interactions with the server crossed a second boundary, the nonces will not match and such a check will fail. A later patch in the series will work around this shortcoming. Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-08-20run-command: introduce child_process_init()Libravatar René Scharfe1-2/+3
Add a helper function for initializing those struct child_process variables for which the macro CHILD_PROCESS_INIT can't be used. Suggested-by: Jeff King <peff@peff.net> Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-20transport-helper: avoid reading past end-of-stringLibravatar Jeff King1-7/+7
We detect the "import-marks" capability by looking for that string, but _without_ a trailing space. Then we skip past it using strlen("import-marks "), with a space. So if a remote helper gives us exactly "import-marks", we will read past the end-of-string by one character. This is unlikely to be a problem in practice, because such input is malformed in the first place, and because there is a good chance that the string has an extra NUL terminator one character after the original (because it formerly had a newline in it that we parsed off). We can fix it by using skip_prefix with "import-marks ", with the space. The other form appears to be a typo from a515ebe (transport-helper: implement marks location as capability, 2011-07-16); "import-marks" has never existed without an argument, and it should match the "export-marks" definition above. Speaking of which, we can also use skip_prefix in a few other places while we are in the function. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-16Merge branch 'fc/remote-helper-refmap'Libravatar Junio C Hamano1-9/+23
Allow remote-helper/fast-import based transport to rename the refs while transferring the history. * fc/remote-helper-refmap: transport-helper: remove unnecessary strbuf resets transport-helper: add support to delete branches fast-export: add support to delete refs fast-import: add support to delete refs transport-helper: add support to push symbolic refs transport-helper: add support for old:new refspec fast-export: add new --refspec option fast-export: improve argument parsing
2014-06-16Merge branch 'bg/xcalloc-nmemb-then-size'Libravatar Junio C Hamano1-1/+1
Like calloc(3), xcalloc() takes nmemb and then size. * bg/xcalloc-nmemb-then-size: transport-helper.c: rearrange xcalloc arguments remote.c: rearrange xcalloc arguments reflog-walk.c: rearrange xcalloc arguments pack-revindex.c: rearrange xcalloc arguments notes.c: rearrange xcalloc arguments imap-send.c: rearrange xcalloc arguments http-push.c: rearrange xcalloc arguments diff.c: rearrange xcalloc arguments config.c: rearrange xcalloc arguments commit.c: rearrange xcalloc arguments builtin/remote.c: rearrange xcalloc arguments builtin/ls-remote.c: rearrange xcalloc arguments
2014-05-27transport-helper.c: rearrange xcalloc argumentsLibravatar Brian Gesiak1-1/+1
xcalloc() takes two arguments: the number of elements and their size. transport_helper_init passes the arguments in reverse order, passing the size of a helper_data*, followed by the number to allocate. Rearrange them so they are in the correct order. Signed-off-by: Brian Gesiak <modocache@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-05-20Revert "Merge branch 'jc/graduate-remote-hg-bzr' (early part)"Libravatar Junio C Hamano1-29/+44
Instead of showing a warning and working as before, fail and show the message and force immediate upgrade from their upstream repositories when these tools are run, per request from their primary author. Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-05-19Revert "Merge branch 'fc/transport-helper-sync-error-fix'"Libravatar Junio C Hamano1-44/+29
This reverts commit d508e4a8e2391ae2596403b6478d01cf3d5f928f, reversing changes made to e42552135a2a396f37053a89f44952ea907870b2. The author of the original topic says he broke the upcoming 2.0 release with something that relates to "synchronization crash regression" while refusing to give further specifics, so this would unfortunately be the safest option for the upcoming release. Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-05-15get_importer: use run-command's internal argv_arrayLibravatar Jeff King1-6/+3
This saves a few lines and lets us avoid having to clean up the memory manually when the command finishes. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-05-15get_exporter: use argv_arrayLibravatar Jeff King1-16/+10
This simplifies the code and avoids a fixed array size that we might accidentally overflow. It also prevents a leak after finish_command is run, by using the argv_array that run-command manages for us. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-05-15get_helper: use run-command's internal argv_arrayLibravatar Jeff King1-6/+3
The get_helper functions dynamically allocates an argv_array, feeds it to start_command, and then returns. We then have to later clean up the memory manually after calling finish_command. We can make this simpler by just using run-command's internal argv_array, which handles cleanup for us. This also prevents a memory leak in the case that transport_take_over is used, in which case we free the child in finish_connect, which does not manually free the array. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-21transport-helper: remove unnecessary strbuf resetsLibravatar Felipe Contreras1-4/+0
Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-21transport-helper: add support to delete branchesLibravatar Felipe Contreras1-11/+13
For remote-helpers that use 'export' to push. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-21transport-helper: add support to push symbolic refsLibravatar Felipe Contreras1-1/+10
For example 'HEAD'. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-21transport-helper: add support for old:new refspecLibravatar Felipe Contreras1-3/+10
By using fast-export's new --refspec option. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-14transport-helper: fix sync issue on crashesLibravatar Felipe Contreras1-2/+11
When a remote helper crashes while pushing we should revert back to the state before the push, however, it's possible that `git fast-export` already finished its job, and therefore has exported the marks already. This creates a synchronization problem because from that moment on `git fast-{import,export}` will have marks that the remote helper is not aware of and all further commands fail (if those marks are referenced). The fix is to tell `git fast-export` to export to a temporary file, and only after the remote helper has finishes successfully, move to the final destination. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-14transport-helper: trivial cleanupLibravatar Felipe Contreras1-12/+12
It's simpler to store the file names directly, and form the fast-export arguments only when needed, and re-use the same strbuf with a format. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-14transport-helper: propagate recvline() error pushingLibravatar Felipe Contreras1-7/+11
It's cleaner, and will allow us to do something sensible on errors later. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-14remote-helpers: make recvline return an errorLibravatar Felipe Contreras1-7/+14
Instead of exiting directly, make it the duty of the caller to do so. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-14transport-helper: remove barely used xchgline()Libravatar Felipe Contreras1-7/+2
It's only used once, we can just call the two functions inside directly. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-03-18Merge branch 'fc/transport-helper-fixes'Libravatar Junio C Hamano1-8/+17
Updates transport-helper, fast-import and fast-export to allow the ref mapping and ref deletion in a way similar to the natively supported transports. * fc/transport-helper-fixes: remote-bzr: support the new 'force' option test-hg.sh: tests are now expected to pass transport-helper.c: do not overwrite forced bit transport-helper: check for 'forced update' message transport-helper: add 'force' to 'export' helpers transport-helper: don't update refs in dry-run transport-helper: mismerge fix
2014-02-24transport-helper.c: do not overwrite forced bitLibravatar Max Horn1-1/+1
If the the transport helper says it was a forced update, then it is a forced update. It is however possible that an update is forced without the transport-helper knowing about it, namely because some higher up code had objections to the update and needed forcing in order to let it through to the transport helper. In other words, it does not necessarily mean the update was *not* forced, when the helper did not say "forced update". Signed-off-by: Max Horn <max@quendi.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-01-27Merge branch 'ef/mingw-write'Libravatar Junio C Hamano1-3/+2
* ef/mingw-write: mingw: remove mingw_write prefer xwrite instead of write
2014-01-17Merge branch 'nd/shallow-clone'Libravatar Junio C Hamano1-0/+6
Fetching from a shallow-cloned repository used to be forbidden, primarily because the codepaths involved were not carefully vetted and we did not bother supporting such usage. This attempts to allow object transfer out of a shallow-cloned repository in a controlled way (i.e. the receiver become a shallow repository with truncated history). * nd/shallow-clone: (31 commits) t5537: fix incorrect expectation in test case 10 shallow: remove unused code send-pack.c: mark a file-local function static git-clone.txt: remove shallow clone limitations prune: clean .git/shallow after pruning objects clone: use git protocol for cloning shallow repo locally send-pack: support pushing from a shallow clone via http receive-pack: support pushing to a shallow clone via http smart-http: support shallow fetch/clone remote-curl: pass ref SHA-1 to fetch-pack as well send-pack: support pushing to a shallow clone receive-pack: allow pushes that update .git/shallow connected.c: add new variant that runs with --shallow-file add GIT_SHALLOW_FILE to propagate --shallow-file to subprocesses receive/send-pack: support pushing from a shallow clone receive-pack: reorder some code in unpack() fetch: add --update-shallow to accept refs that update .git/shallow upload-pack: make sure deepening preserves shallow roots fetch: support fetching from a shallow repository clone: support remote shallow repository ...
2014-01-17prefer xwrite instead of writeLibravatar Erik Faye-Lund1-3/+2
Our xwrite wrapper already deals with a few potential hazards, and are as such more robust. Prefer it instead of write to get the robustness benefits everywhere. Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com> Reviewed-and-improved-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-10smart-http: support shallow fetch/cloneLibravatar Nguyễn Thái Ngọc Duy1-0/+6
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-05replace {pre,suf}fixcmp() with {starts,ends}_with()Libravatar Christian Couder1-8/+8
Leaving only the function definitions and declarations so that any new topic in flight can still make use of the old functions, replace existing uses of the prefixcmp() and suffixcmp() with new API functions. The change can be recreated by mechanically applying this: $ git grep -l -e prefixcmp -e suffixcmp -- \*.c | grep -v strbuf\\.c | xargs perl -pi -e ' s|!prefixcmp\(|starts_with\(|g; s|prefixcmp\(|!starts_with\(|g; s|!suffixcmp\(|ends_with\(|g; s|suffixcmp\(|!ends_with\(|g; ' on the result of preparatory changes in this series. Signed-off-by: Christian Couder <chriscool@tuxfamily.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-11-12transport-helper: check for 'forced update' messageLibravatar Felipe Contreras1-1/+7
So the remote-helpers can tell us when a forced push was needed. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-11-12transport-helper: add 'force' to 'export' helpersLibravatar Felipe Contreras1-0/+5
Otherwise they cannot know when to force the push or not (other than hacks). Tests-by: Richard Hansen <rhansen@bbn.com> Documentation-by: Richard Hansen <rhansen@bbn.com> Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-10-31transport-helper: trivial style fixLibravatar Felipe Contreras1-0/+1
Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-10-31transport-helper: don't update refs in dry-runLibravatar Felipe Contreras1-4/+5
The remote helper namespace should not be updated. Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-10-31transport-helper: mismerge fixLibravatar Felipe Contreras1-3/+0
Commit 9c51558 (transport-helper: trivial code shuffle) moved these lines above, but 99d9ec0 (Merge branch 'fc/transport-helper-no-refspec') had a wrong merge conflict and readded them. Reported-by: Richard Hansen <rhansen@bbn.com> Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-09-12Merge branch 'mm/mediawiki-dumb-push-fix'Libravatar Junio C Hamano1-2/+5
* mm/mediawiki-dumb-push-fix: git-remote-mediawiki: no need to update private ref in non-dumb push git-remote-mediawiki: use no-private-update capability on dumb push transport-helper: add no-private-update capability git-remote-mediawiki: add test and check Makefile targets
2013-09-09Merge branch 'jc/push-cas'Libravatar Junio C Hamano1-2/+28
Allow a safer "rewind of the remote tip" push than blind "--force", by requiring that the overwritten remote ref to be unchanged since the new history to replace it was prepared. The machinery is more or less ready. The "--force" option is again the big red button to override any safety, thanks to J6t's sanity (the original round allowed --lockref to defeat --force). The logic to choose the default implemented here is fragile (e.g. "git fetch" after seeing a failure will update the remote-tracking branch and will make the next "push" pass, defeating the safety pretty easily). It is suitable only for the simplest workflows, and it may hurt users more than it helps them. * jc/push-cas: push: teach --force-with-lease to smart-http transport send-pack: fix parsing of --force-with-lease option t5540/5541: smart-http does not support "--force-with-lease" t5533: test "push --force-with-lease" push --force-with-lease: tie it all together push --force-with-lease: implement logic to populate old_sha1_expect[] remote.c: add command line option parser for "--force-with-lease" builtin/push.c: use OPT_BOOL, not OPT_BOOLEAN cache.h: move remote/connect API out of it
2013-09-09Merge branch 'nd/clone-connectivity-shortcut'Libravatar Junio C Hamano1-0/+10
* nd/clone-connectivity-shortcut: smart http: use the same connectivity check on cloning
2013-09-03transport-helper: add no-private-update capabilityLibravatar Matthieu Moy1-2/+5
Since 664059fb (transport-helper: update remote helper namespace, 2013-04-17), a 'push' operation on a remote helper updates the private ref by default. This is often a good thing, but it can also be desirable to disable this update to force the next 'pull' to re-import the pushed revisions. Allow remote-helpers to disable the automatic update by introducing a new capability. Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-08-02push: teach --force-with-lease to smart-http transportLibravatar Junio C Hamano1-2/+22
We have been passing enough information to enable the compare-and-swap logic down to the transport layer, but the transport helper was not passing it to smart-http transport. Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-07-29many small typofixesLibravatar Ondřej Bílka1-2/+2
Signed-off-by: Ondřej Bílka <neleai@seznam.cz> Reviewed-by: Marc Branchaud <marcnarc@xiplink.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-07-23smart http: use the same connectivity check on cloningLibravatar Nguyễn Thái Ngọc Duy1-0/+10
This is an extension of c6807a4 (clone: open a shortcut for connectivity check - 2013-05-26) to reduce the cost of connectivity check at clone time, this time with smart http protocol. Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-07-22push --force-with-lease: tie it all togetherLibravatar Junio C Hamano1-0/+6
This teaches the deepest part of the callchain for "git push" (and "git send-pack") to enforce "the old value of the ref must be this, otherwise fail this push" (aka "compare-and-swap" / "--lockref"). Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-07-22Merge branch 'jk/gcc-function-attributes'Libravatar Junio C Hamano1-1/+2
Use the function attributes extension to catch mistakes in use of our own variadic functions that use NULL sentinel at the end (i.e. like execl(3)) and format strings (i.e. like printf(3)). * jk/gcc-function-attributes: Add the LAST_ARG_MUST_BE_NULL macro wt-status: use "format" function attribute for status_printf use "sentinel" function attribute for variadic lists add missing "format" function attributes
2013-07-09add missing "format" function attributesLibravatar Jeff King1-1/+2
For most of our functions that take printf-like formats, we use gcc's __attribute__((format)) to get compiler warnings when the functions are misused. Let's give a few more functions the same protection. In most cases, the annotations do not uncover any actual bugs; the only code change needed is that we passed a size_t to transfer_debug, which expected an int. Since we expect the passed-in value to be a relatively small buffer size (and cast a similar value to int directly below), we can just cast away the problem. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-06-21transport-helper: be quiet on read errors from helpersLibravatar Jeff King1-1/+1
Prior to commit 81d340d4, we did not print any error message if a remote transport helper died unexpectedly. If a helper did not print any error message (e.g., because it crashed), the user could be left confused. That commit tried to rectify the situation by printing a note that the helper exited unexpectedly. However, this makes a much more common case worse: when a helper does die with a useful message, we print the extra "Reading from 'git-remote-foo failed" message. This can also end up confusing users, as they may not even know what remote helpers are (e.g., the fact that http support comes through git-remote-https is purely an implementation detail that most users do not know or care about). Since we do not have a good way of knowing whether the helper printed a useful error, and since the common failure mode is for it to do so, let's default to remaining quiet. Debuggers can dig further by setting GIT_TRANSPORT_HELPER_DEBUG. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-06-06Merge branch 'fc/transport-helper-no-refspec'Libravatar Junio C Hamano1-1/+12
With "export" remote-helper protocol, (1) a push that tries to update a remote ref whose name is different from the pushing side does not work yet, and (2) the helper may not know how to do --dry-run Detect such problematic cases and disable them for now. * fc/transport-helper-no-refspec: transport-helper: check if the dry-run is supported transport-helper: barf when user tries old:new
2013-05-29Merge branch 'fc/transport-helper-error-reporting'Libravatar Junio C Hamano1-16/+32
Update transport helper to report errors and maintain ref hierarchy used to keep track of remote helper state better. * fc/transport-helper-error-reporting: transport-helper: fix remote helper namespace regression test: remote-helper: add missing and t5801: "VAR=VAL shell_func args" is forbidden transport-helper: update remote helper namespace transport-helper: trivial code shuffle transport-helper: warn when refspec is not used transport-helper: clarify pushing without refspecs transport-helper: update refspec documentation transport-helper: clarify *:* refspec transport-helper: improve push messages transport-helper: mention helper name when it dies transport-helper: report errors properly