]> source.dussan.org Git - jgit.git/log
jgit.git
3 years agoMerge branch 'stable-5.12' 40/180440/1
Matthias Sohn [Mon, 10 May 2021 23:00:31 +0000 (01:00 +0200)]
Merge branch 'stable-5.12'

* stable-5.12:
  LockFile: create OutputStream only when needed
  Remove ReftableNumbersNotIncreasingException

Change-Id: I9d85187d00771beef908f1136015d059024f4118

3 years agoMerge branch 'stable-5.11' into stable-5.12 39/180439/1
Matthias Sohn [Mon, 10 May 2021 22:59:10 +0000 (00:59 +0200)]
Merge branch 'stable-5.11' into stable-5.12

* stable-5.11:
  LockFile: create OutputStream only when needed
  Remove ReftableNumbersNotIncreasingException

Change-Id: I7adb5c4fc28e0043a985b5136424f3f756b2f84f

3 years agoMerge branch 'stable-5.10' into stable-5.11 38/180438/1
Matthias Sohn [Mon, 10 May 2021 22:57:46 +0000 (00:57 +0200)]
Merge branch 'stable-5.10' into stable-5.11

* stable-5.10:
  LockFile: create OutputStream only when needed
  Remove ReftableNumbersNotIncreasingException

Change-Id: Id6e0a78caf12c19a01a88d1ddb8a7df2b3590f98

3 years agoMerge branch 'stable-5.9' into stable-5.10 37/180437/1
Matthias Sohn [Mon, 10 May 2021 22:56:57 +0000 (00:56 +0200)]
Merge branch 'stable-5.9' into stable-5.10

* stable-5.9:
  LockFile: create OutputStream only when needed
  Remove ReftableNumbersNotIncreasingException
  Fix stamping to produce stable file timestamps

Change-Id: I056382d1d93f3e0a95838bdd1f0be89711c8a722

3 years agoMerge branch 'stable-5.8' into stable-5.9 36/180436/1
Matthias Sohn [Mon, 10 May 2021 22:55:54 +0000 (00:55 +0200)]
Merge branch 'stable-5.8' into stable-5.9

* stable-5.8:
  LockFile: create OutputStream only when needed
  Remove ReftableNumbersNotIncreasingException

Change-Id: I3274c97cf560398c3c4c27d6759500452f315db0

3 years agoMerge branch 'stable-5.7' into stable-5.8 35/180435/1
Matthias Sohn [Mon, 10 May 2021 22:51:21 +0000 (00:51 +0200)]
Merge branch 'stable-5.7' into stable-5.8

* stable-5.7:
  LockFile: create OutputStream only when needed
  Remove ReftableNumbersNotIncreasingException

Change-Id: Ib3f280e0741f87a0ff615d857a5ea39b35527e74

3 years agoMerge branch 'stable-5.6' into stable-5.7 34/180434/1
Matthias Sohn [Mon, 10 May 2021 22:19:10 +0000 (00:19 +0200)]
Merge branch 'stable-5.6' into stable-5.7

* stable-5.6:
  LockFile: create OutputStream only when needed

Change-Id: I7c0e37d2cee0923662a7e39df5a802a84c017e4f

3 years agoLockFile: create OutputStream only when needed 32/180432/1
Thomas Wolf [Tue, 4 May 2021 21:48:56 +0000 (23:48 +0200)]
LockFile: create OutputStream only when needed

Don't create the stream eagerly in lock(); that may cause JGit to
exceed OS or JVM limits on open file descriptors if many locks need
to be created, for instance when creating many refs. Instead create
the output stream only when one really needs to write something.

Bug: 573328
Change-Id: If9441ed40494d46f594a896d34a5c4f56f91ebf4
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoAdd a cgit interoperability test for LockFile 52/180352/5
Matthias Sohn [Fri, 7 May 2021 08:51:59 +0000 (10:51 +0200)]
Add a cgit interoperability test for LockFile

Change-Id: I30cacd1f50f8f4ff4dd91ad291bf279980e3c4b5
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoAdd TemporaryBuffer.toString(int limit) 51/180351/4
Matthias Sohn [Fri, 7 May 2021 08:50:58 +0000 (10:50 +0200)]
Add TemporaryBuffer.toString(int limit)

Change-Id: I8603fcdfd0244088b3b217f002a78e7a646ea205
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoLockFile: create OutputStream only when needed 98/180198/4
Thomas Wolf [Tue, 4 May 2021 21:48:56 +0000 (23:48 +0200)]
LockFile: create OutputStream only when needed

Don't create the stream eagerly in lock(); that may cause JGit to
exceed OS or JVM limits on open file descriptors if many locks need
to be created, for instance when creating many refs. Instead create
the output stream only when one really needs to write something.

Bug: 573328
Change-Id: If9441ed40494d46f594a896d34a5c4f56f91ebf4
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoMerge branch 'stable-5.12' 83/180283/2
Matthias Sohn [Thu, 6 May 2021 07:55:52 +0000 (09:55 +0200)]
Merge branch 'stable-5.12'

* stable-5.12:
  Prepare 5.12.0-SNAPSHOT builds
  JGit v5.12.0.202105051250-m2

Change-Id: I88e0e3d341f375d6c85d532e4f010ac20f81c3d1
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoPrepare 5.12.0-SNAPSHOT builds 80/180280/2
Matthias Sohn [Thu, 6 May 2021 07:25:31 +0000 (09:25 +0200)]
Prepare 5.12.0-SNAPSHOT builds

Change-Id: I2fc5305e7eaaa4593d418fc3b31d20e4b6e1e585

3 years agoJGit v5.12.0.202105051250-m2 52/180252/1 v5.12.0.202105051250-m2
Matthias Sohn [Wed, 5 May 2021 15:50:19 +0000 (17:50 +0200)]
JGit v5.12.0.202105051250-m2

Change-Id: Ic7d86c91ec0ff9aa0678dcb971c197e62a4ca2dc
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoMerge "[releng] Update eclipse-jarsigner-plugin to 1.3.1"
Matthias Sohn [Mon, 26 Apr 2021 21:07:56 +0000 (17:07 -0400)]
Merge "[releng] Update eclipse-jarsigner-plugin to 1.3.1"

3 years agoUpdate jetty to 9.4.40.v20210413 33/179733/2
Matthias Sohn [Fri, 23 Apr 2021 13:58:59 +0000 (15:58 +0200)]
Update jetty to 9.4.40.v20210413

Change-Id: I5585b9a22bf20a49ad4bb9a24e053325792ec546
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years ago[releng] Update eclipse-jarsigner-plugin to 1.3.1 27/179527/1
Thomas Wolf [Mon, 19 Apr 2021 20:48:06 +0000 (22:48 +0200)]
[releng] Update eclipse-jarsigner-plugin to 1.3.1

Up from 1.1.7. See [1] for the reason.

[1] https://www.eclipse.org/lists/cbi-dev/msg02374.html

Change-Id: Ia7c1c9f443793ce476acd6ddfe521ea488a1a60b
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoImplement ours/theirs content conflict resolution 34/179234/2
Thomas Wolf [Mon, 12 Apr 2021 21:50:54 +0000 (23:50 +0200)]
Implement ours/theirs content conflict resolution

Git has different conflict resolution strategies:

* There is a tree merge strategy "ours" which just ignores any changes
  from theirs ("-s ours"). JGit also has the mirror strategy "theirs"
  ignoring any changes from "ours". (This doesn't exist in C git.)
  Adapt StashApplyCommand and CherrypickCommand to be able to use those
  tree merge strategies.
* For the resolve/recursive tree merge strategies, there are content
  conflict resolution strategies "ours" and "theirs", which resolve
  any conflict hunks by taking the "ours" or "theirs" hunk. In C git
  those correspond to "-Xours" or -Xtheirs". Implement that in
  MergeAlgorithm, and add API to set and pass through such a strategy
  for resolving content conflicts.
* The "ours/theirs" content conflict resolution strategies also apply
  for binary files. Handle these cases in ResolveMerger.

Note that the content conflict resolution strategies ("-X ours/theirs")
do _not_ apply to modify/delete or delete/modify conflicts. Such
conflicts are always reported as conflicts by C git. They do apply,
however, if one side completely clears a file's content.

Bug: 501111
Change-Id: I2c9c170c61c440a2ab9c387991e7a0c3ab960e07
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agossh: ensure list is modifiable before using Iterator.remove(). 13/179313/1
Thomas Wolf [Wed, 14 Apr 2021 15:47:38 +0000 (17:47 +0200)]
ssh: ensure list is modifiable before using Iterator.remove().

Bug: 572849
Change-Id: If6be0024d2069e2d85541d7e87c6b0371db4b3df
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoUpdate orbit to S20210406213021 and add 4.20-staging target 48/179148/1
Matthias Sohn [Sat, 10 Apr 2021 20:36:33 +0000 (22:36 +0200)]
Update orbit to S20210406213021 and add 4.20-staging target

Change-Id: I465831b0edf359b504918009dd7fb03a77b06305
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoFix typo in test method name 87/179087/1
Thomas Wolf [Fri, 2 Apr 2021 18:33:42 +0000 (20:33 +0200)]
Fix typo in test method name

Change-Id: I34718829435daf8ded4ce596c824dd3cfbafbaf6
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoMerge "Upgrade ecj to 3.25.0"
Matthias Sohn [Wed, 7 Apr 2021 23:08:19 +0000 (19:08 -0400)]
Merge "Upgrade ecj to 3.25.0"

3 years agoAllow file mode conflicts in virtual base commit on recursive merge. 30/178730/4
Marija Savtchouk [Thu, 1 Apr 2021 14:52:26 +0000 (15:52 +0100)]
Allow file mode conflicts in virtual base commit on recursive merge.

Similar to https://git.eclipse.org/r/c/jgit/jgit/+/175166, ignore
path that have conflicts on attributes, so that the virtual base could
be used by RecursiveMerger.

Change-Id: I99c95445a305558d55bbb9c9e97446caaf61c154
Signed-off-by: Marija Savtchouk <mariasavtchouk@google.com>
3 years agosshd: don't lock the known_hosts files on reading 44/178744/1
Thomas Wolf [Mon, 22 Mar 2021 11:20:52 +0000 (12:20 +0100)]
sshd: don't lock the known_hosts files on reading

Similar to git config file reading lock the file only when writing.
There may still be lock conflicts on writing, but those in the worst
case result in an entry not being added and thus being asked for later
again.

Because the OpenSshServerkeyDatabase and its HostKeyFiles may be (and
usually are) shared between different SSH sessions, we still need to
ensure in-process mutual exclusion.

Bug: 559548
Change-Id: I4af97628deff9eaac2520576917c856949f2680d
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoAllow info messages in UsernamePasswordCredentialsProvider 43/178743/1
Thomas Wolf [Sat, 20 Mar 2021 17:54:17 +0000 (18:54 +0100)]
Allow info messages in UsernamePasswordCredentialsProvider

o.e.j.ssh.apache produces passphrase prompts containing
InformationalMessage items to show the fingerprint of the key
the passphrase is being asked for. Allow this so that the credentials
provider can be used with o.e.j.ssh.apache.

Change-Id: Ibc2ffd3a987d3118952726091b9b80442972dfd8
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agossh config: do environment variable replacement 42/178742/1
Thomas Wolf [Sat, 20 Mar 2021 17:46:13 +0000 (18:46 +0100)]
ssh config: do environment variable replacement

OpenSSH 8.4 has introduced simple environment variable substitution
for some keys. Implement that feature in our ssh config file parser,
too.

Bug: 572103
Change-Id: I360f2c5510eea4ec3329aeedf3d29dfefc9163f0
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agosshd: implement server-sig-algs SSH extension (client side) 41/178741/1
Thomas Wolf [Fri, 19 Mar 2021 20:48:04 +0000 (21:48 +0100)]
sshd: implement server-sig-algs SSH extension (client side)

Apache MINA sshd has an implementation of this, but it doesn't comply
to RFC 8308 [1] and it is buggy. (See SSHD-1141 [2].)

Add a simpler KexExtensionHandler and if the server sends extension
server-sig-algs, use its value to re-order the chosen signature
algorithms such that the algorithms the server announced as supported
are at the front.

If the server didn't tell us anything, don't do anything. RFC 8308
suggests for RSA to default to ssh-rsa, but says once rsa-sha2-* was
"widely enough" adopted, defaulting to that might be OK.

Currently we seem to be in a transition phase; Fedora 33 has already
disabled ssh-rsa by default, and openssh is about to do so. Whatever
we might do without info from the server, it'd be good for some servers
and bad for others. So don't do anything and let the user re-order via
ssh config PubkeyAcceptedAlgorithms on a case-by-case basis.

[1] https://tools.ietf.org/html/rfc8308
[2] https://issues.apache.org/jira/browse/SSHD-1141

Bug: 572056
Change-Id: I59aa691a030ffe0fae54289df00ca5c6e165817b
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoUpgrade ecj to 3.25.0 95/178595/1
Marco Miller [Tue, 30 Mar 2021 17:56:34 +0000 (13:56 -0400)]
Upgrade ecj to 3.25.0

Change-Id: I09d018205564205b194de020941fd4152ae8b24e
Signed-off-by: Marco Miller <marco.miller@ericsson.com>
3 years agoBazel: Remove unused dependencies flagged by unused_deps 53/178453/1
David Ostrovsky [Sat, 27 Mar 2021 14:27:01 +0000 (15:27 +0100)]
Bazel: Remove unused dependencies flagged by unused_deps

Change-Id: I7fcb494fdce4bb3de203236fa51b188b099d842f
Signed-off-by: David Ostrovsky <david@ostrovsky.org>
3 years agoBazel: Format build file with buildifier 52/178452/1
David Ostrovsky [Sat, 27 Mar 2021 13:59:54 +0000 (14:59 +0100)]
Bazel: Format build file with buildifier

Change-Id: I4c0c7ffb04d7bed517faf1a4932d8c76738bff11
Signed-off-by: David Ostrovsky <david@ostrovsky.org>
3 years agoUpgrade wagon-ssh to 3.4.3 31/178331/2
Marco Miller [Wed, 24 Mar 2021 16:12:39 +0000 (12:12 -0400)]
Upgrade wagon-ssh to 3.4.3

Change-Id: Ibc3a9ea83e264920b4a995f6d22904fe3be97d5a
Signed-off-by: Marco Miller <marco.miller@ericsson.com>
3 years agoUpdate spring-boot-maven-plugin to 2.4.4 22/178422/1
Matthias Sohn [Fri, 26 Mar 2021 11:49:00 +0000 (12:49 +0100)]
Update spring-boot-maven-plugin to 2.4.4

Change-Id: I8ba1e544b2e80ad66aacd230c4a442bdc1d60375

3 years agoUpdate spotbugs-maven-plugin to 4.2.2 21/178421/1
Matthias Sohn [Fri, 26 Mar 2021 11:32:55 +0000 (12:32 +0100)]
Update spotbugs-maven-plugin to 4.2.2

Change-Id: Ib522b66249e5493c3fd191b5c56e87f8941569c2

3 years agoUpdate japicmp-maven-plugin to 0.15.3 20/178420/1
Matthias Sohn [Fri, 26 Mar 2021 11:28:13 +0000 (12:28 +0100)]
Update japicmp-maven-plugin to 0.15.3

Change-Id: I3b1b295e7f97182a5541b1912e0acbfffb981d71

3 years agoMerge branch 'stable-5.11' 01/178401/1
Matthias Sohn [Fri, 26 Mar 2021 08:55:58 +0000 (09:55 +0100)]
Merge branch 'stable-5.11'

* stable-5.11:
  Refactor CommitCommand to improve readability
  CommitCommand: fix formatting
  CommitCommand: remove unncessary comment
  Ensure post-commit hook is called after index lock was released
  sshd: try all configured signature algorithms for a key
  sshd: modernize ssh config file parsing
  sshd: implement ssh config PubkeyAcceptedAlgorithms

Change-Id: Ic3235ffd84c9d7537a1fe5ff4f216578e6e26724
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoRefactor CommitCommand to improve readability 42/178142/2
Matthias Sohn [Sat, 20 Mar 2021 10:35:27 +0000 (11:35 +0100)]
Refactor CommitCommand to improve readability

Change-Id: Id3cac81cd32c07f677b7f669d58e32b5290e1790
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoCommitCommand: fix formatting 41/178141/2
Matthias Sohn [Sat, 20 Mar 2021 10:20:52 +0000 (11:20 +0100)]
CommitCommand: fix formatting

Change-Id: I5efd1ffee4ebb08b3b5c27e29162493615727840
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoCommitCommand: remove unncessary comment 40/178140/2
Matthias Sohn [Sat, 20 Mar 2021 10:19:07 +0000 (11:19 +0100)]
CommitCommand: remove unncessary comment

Let the code speak for itself.

Change-Id: I6a6d6c327ffac23fc607295a7f4fd3131b3d1e58
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoEnsure post-commit hook is called after index lock was released 38/178138/3
Matthias Sohn [Sat, 20 Mar 2021 10:15:20 +0000 (11:15 +0100)]
Ensure post-commit hook is called after index lock was released

Otherwise a post-commit hook cannot modify the index.

Bug: 566934
Change-Id: I0093dccd93b2064f243544b516bdce198afdb18b
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agosshd: try all configured signature algorithms for a key 43/178043/3
Thomas Wolf [Fri, 19 Mar 2021 08:35:34 +0000 (09:35 +0100)]
sshd: try all configured signature algorithms for a key

For RSA keys, there may be several configured signature algorithms:
rsa-sha2-512, rsa-sha2-256, and ssh-rsa. Upstream sshd has bug
SSHD-1105 [1] and always and unconditionally uses only the first
configured algorithm. With the default order, this means that it cannot
connect to a server that knows only ssh-rsa, like for instance Apache
MINA sshd servers older than 2.6.0.

This affects for instance bitbucket.org or also AWS Code Commit.

Re-introduce our own pubkey authenticator that fixes this.

Note that a server may impose a penalty (back-off delay) for subsequent
authentication attempts with signature algorithms unknown to the server.
In such cases, users can re-order the signature algorithm list via the
PubkeyAcceptedAlgorithms (formerly PubkeyAcceptedKeyTypes) ssh config.

[1] https://issues.apache.org/jira/browse/SSHD-1105

Bug: 572056
Change-Id: I7fb9c759ab6532e5f3b6524e9084085ddb2f30d6
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agosshd: modernize ssh config file parsing 42/178042/2
Thomas Wolf [Fri, 19 Mar 2021 08:24:31 +0000 (09:24 +0100)]
sshd: modernize ssh config file parsing

OpenSSH has changed some things in ssh config files. Update our parser
to implement some of these changes:

* ignore trailing comments on a line
* rename PubkeyAcceptedKeyTypes to PubkeyAcceptedAlgorithms

Note that for the rename, openSSH still accepts both names. We do the
same, translating names whenever we get or set values.

Change-Id: Icccca060e6a4350a7acf05ff9e260f2c8c60ee1a
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agosshd: implement ssh config PubkeyAcceptedAlgorithms 41/178041/2
Thomas Wolf [Thu, 18 Mar 2021 20:16:48 +0000 (21:16 +0100)]
sshd: implement ssh config PubkeyAcceptedAlgorithms

Apache MINA sshd 2.6.0 appears to use only the first appropriate
public key signature algorithm for a particular key. See [1]. For
RSA keys, that is rsa-sha2-512. This breaks authentication at servers
that only know the older (and deprecated) ssh-rsa algorithm.

With PubkeyAcceptedAlgorithms, users can re-order algorithms in
the ssh config file per host, if needed. Setting

  PubkeyAcceptedAlgorithms ^ssh-rsa

will put "ssh-rsa" at the front of the list of algorithms, and then
authentication at such servers with RSA keys works again.

[1] https://issues.apache.org/jira/browse/SSHD-1105

Bug: 572056
Change-Id: I86c3b93f05960c68936e80642965815926bb2532
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoOptimize RevWalkUtils.findBranchesReachableFrom() 54/176854/4
Adithya Chakilam [Tue, 23 Feb 2021 19:58:03 +0000 (13:58 -0600)]
Optimize RevWalkUtils.findBranchesReachableFrom()

In [1], improved RevWalk.getMergedInto() is introduced to avoid repeated
work while performing RevWalk.isMergedInto() on many refs. Modify
findBranchesReachableFrom() to use it.

[1] I65de9873dce67af9c415d1d236bf52d31b67e8fe

Change-Id: I81d615241638d4093df64b449637af601843a5ed
Signed-off-by: Adithya Chakilam <quic_achakila@quicinc.com>
3 years agoIntroduce getMergedInto(RevCommit commit, Collection<Ref> refs) 39/176439/6
Adithya Chakilam [Thu, 18 Feb 2021 19:41:19 +0000 (13:41 -0600)]
Introduce getMergedInto(RevCommit commit, Collection<Ref> refs)

In cases where we need to determine if a given commit is merged
into many refs, using isMergedInto(base, tip) for each ref would
cause multiple unwanted walks.

getMergedInto() marks the unreachable commits as uninteresting
which would then avoid walking that same path again.

Using the same api, also introduce isMergedIntoAny() and
isMergedIntoAll()

Change-Id: I65de9873dce67af9c415d1d236bf52d31b67e8fe
Signed-off-by: Adithya Chakilam <quic_achakila@quicinc.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoSkip detecting content renames for large files 53/177553/5
Youssef Elghareeb [Thu, 11 Mar 2021 12:01:14 +0000 (13:01 +0100)]
Skip detecting content renames for large files

There are two code paths for detecting renames: one on tree diffs
(using DiffFormatter#scan) and the other on single file diffs (using
DiffFormatter#format). The latter skips binary and large files
for rename detection - check [1], but the former doesn't.

This change skips content rename detection for the tree diffs case for
large files. This is essential to avoid expensive computations while
reading the file, especially for callers who don't want to pay that
cost. Content renames are those which involve files with slightly
modified content. Exact renames will still be identified.

The default threshold for file sizes is reused from
PackConfig.DEFAULT_BIG_FILE_THRESHOLD: 50 MB.

[1] https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/232876421d067a1242e8afcaa33b9171342fee3e/org.eclipse.jgit/src/org/eclipse/jgit/diff/RawText.java#386

Change-Id: Idbc2c29bd381c6e387185204638f76fda47df41e
Signed-off-by: Youssef Elghareeb <ghareeb@google.com>
3 years agoRemove unused API problem filters 42/177642/4
Matthias Sohn [Thu, 11 Mar 2021 23:30:14 +0000 (00:30 +0100)]
Remove unused API problem filters

Change-Id: I34be8afa42971b94d86312ff8b672b133cd23d45
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoDocument http options supported by JGit 00/177700/1
Thomas Wolf [Sat, 13 Mar 2021 16:05:47 +0000 (17:05 +0100)]
Document http options supported by JGit

Change-Id: I0af4f9991fdb4f09de25f743d1e0dca67ceaa18b
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoHTTP cookies: do tilde expansion on http.cookieFile 49/177649/1
Thomas Wolf [Tue, 9 Mar 2021 21:23:14 +0000 (22:23 +0100)]
HTTP cookies: do tilde expansion on http.cookieFile

Git config http.cookieFile must have ~ expansion, compare [1].

It also should be an absolute path. While a relative path is allowed,
C git just passes the value on to libcurl, so it'll be relative to the
current working directory and thus not work in all directories.

Log a warning if the path is relative.

(Alternatives would be to throw an exception, or to resolve the path
relative to the .git directory, or relative to the working tree root,
or relative to the config file it occurs in. But C git does not seem
to do either.)

[1] https://github.com/git/git/commit/e5a39ad8e

Bug: 571798
Change-Id: I5cdab6061d0613ac7d8cb7977e5b97f5b88f562d
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoPrepare 5.12.0-SNAPSHOT builds 19/177519/2
Matthias Sohn [Wed, 10 Mar 2021 15:06:00 +0000 (16:06 +0100)]
Prepare 5.12.0-SNAPSHOT builds

Change-Id: I736de7c3deb11da75777d459f47332df0b486443
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoMerge branch 'stable-5.11' 18/177518/1
Matthias Sohn [Wed, 10 Mar 2021 15:05:18 +0000 (16:05 +0100)]
Merge branch 'stable-5.11'

* stable-5.11:
  Update Orbit to R20210223232630
  Prepare 5.11.1-SNAPSHOT builds
  JGit v5.11.0.202103091610-r
  Prepare 5.11.0-SNAPSHOT builds
  JGit v5.11.0.202103031150-rc1

Change-Id: I808e53a3c54a49d0dd62c69818ea2f5672e16a91

3 years agoUpdate Orbit to R20210223232630 68/177468/1
Matthias Sohn [Tue, 9 Mar 2021 23:39:29 +0000 (00:39 +0100)]
Update Orbit to R20210223232630

Change-Id: I7577131b2c6e808b59f6c453233b261c64646d35
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoPrepare 5.11.1-SNAPSHOT builds 65/177465/1
Matthias Sohn [Tue, 9 Mar 2021 22:42:31 +0000 (23:42 +0100)]
Prepare 5.11.1-SNAPSHOT builds

Change-Id: I94628ccbb5099a65aa4345cfd28a141ff5555b68
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoJGit v5.11.0.202103091610-r 61/177461/1 v5.11.0.202103091610-r
Matthias Sohn [Tue, 9 Mar 2021 21:10:22 +0000 (22:10 +0100)]
JGit v5.11.0.202103091610-r

Change-Id: I8e6855eaf7228459f492036feb4e34ca085698a7
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoMerge branch 'master' into stable-5.11 44/177444/1
Matthias Sohn [Tue, 9 Mar 2021 17:00:55 +0000 (18:00 +0100)]
Merge branch 'master' into stable-5.11

* master:
  Manually set status of jmh dependencies
  Update DEPENDENCIES report for 5.11.0
  Add dependency to dash-licenses
  PackFile: Add id + ext based constructors
  GC: deleteOrphans: Use PackFile
  PackExt: Convert to Enum
  Restore preserved packs during missing object seeks
  Pack: Replace extensions bitset with bitmapIdx PackFile
  PackDirectory: Use PackFile to ensure we find preserved packs
  GC: Use PackFile to de-dup logic
  Create a PackFile class for Pack filenames

Change-Id: I1d56517cb6a95e10aed22cdb9e5f3e504872d110

3 years agoManually set status of jmh dependencies 25/177325/2
Matthias Sohn [Sun, 7 Mar 2021 17:41:05 +0000 (18:41 +0100)]
Manually set status of jmh dependencies

The following jmh dependencies were approved as works-with:
- jmh-core/1.21 has GPL-2.0 license and was approved in CQ20517
- jmh-generator-annprocess/1.21 has GPL-2.0 license and was approved in
CQ20518

Change-Id: Ibbe28c6e8359c576b23f40281e74f2e0d4a0dee0

3 years agoUpdate DEPENDENCIES report for 5.11.0 24/177324/3
Matthias Sohn [Sun, 7 Mar 2021 16:44:05 +0000 (17:44 +0100)]
Update DEPENDENCIES report for 5.11.0

Computed by dash license-tool-plugin [1].

[1] https://github.com/eclipse/dash-licenses

Change-Id: I28727115914613cefdcf9a9f462c195b6af23156

3 years agoAdd dependency to dash-licenses 23/177323/2
Matthias Sohn [Wed, 27 Jan 2021 23:25:06 +0000 (00:25 +0100)]
Add dependency to dash-licenses

This is required to run the license check using the license tool [1]
required by the Eclipse project handbook [2]:

mvn org.eclipse.dash:license-tool-plugin:license-check -Ddash.summary=DEPENDENCIES

Note: the tool still requires Java 11 hence it needs to be run in a
separate build step and is not yet integrated in the build which runs
on Java 8.

[1] https://github.com/eclipse/dash-licenses
[2] https://www.eclipse.org/projects/handbook/#ip-license-tool

Change-Id: Ib41d54de246c3c9499cc3be9f026294c39fdfd99

3 years agoPackFile: Add id + ext based constructors 92/177192/3
Nasser Grainawi [Thu, 4 Mar 2021 21:14:43 +0000 (14:14 -0700)]
PackFile: Add id + ext based constructors

Add new constructors to PackFile to improve a common use case where
callers know the directory, id, and extension, but previously needed to
construct a valid file name (with prefix, '.', etc) to create a
PackFile. Most callers can use the variant that has id as an ObjectId,
but provide an id as String variant too.

Change-Id: I39e4466abe8c9509f5916d5bfe675066570b8585
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
3 years agoGC: deleteOrphans: Use PackFile 91/177191/1
Nasser Grainawi [Thu, 4 Mar 2021 00:05:21 +0000 (17:05 -0700)]
GC: deleteOrphans: Use PackFile

It's easier to follow the logic here when we can use our own objects
instead of Strings.

Change-Id: I6a166edcc67903fc1ca3544f458634c4cef8fde7
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
3 years agoPackExt: Convert to Enum 53/176953/3
Nasser Grainawi [Fri, 26 Feb 2021 22:49:06 +0000 (15:49 -0700)]
PackExt: Convert to Enum

This class already looked very much like an Enum, but wasn't one.

As an Enum, we can use PackExt in EnumMaps and EnumSets. Convert the
Map key usage in PackDirectory to an EnumMap.

Change-Id: Ice097fd468a05805f914e6862fbd1d96ec8c45d1
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
3 years agoRestore preserved packs during missing object seeks 88/122288/14
Martin Fick [Tue, 15 Dec 2020 21:20:44 +0000 (14:20 -0700)]
Restore preserved packs during missing object seeks

Provide a recovery path for objects being referenced during the pack
pruning race. Due to the pack pruning race, it is possible for objects
to become referenced after a pack has been deemed safe to prune, but
before it actually gets pruned. If this happened previously, the newly
referenced objects would be missing and potentially result in a
corrupted ref.

Add the ability to recover from this situation when an object is missing
but happens to still be available in a pack in the "preserved"
directory. This is likely only useful when used in conjunction with the
--preserve-old-packs GC option, which prunes packs by hard-linking to
the preserved directory. If an object is missing and found in a pack in
the preserved directory, immediately recover that pack and its
associated files (idx, bitmaps...) by moving them back to the original
pack directory, and then retry the operation that would have failed due
to the missing object. This retry can now succeed and the repository
may avoid corruption. This approach should drastically reduce the
chance of a corrupt repository during pack pruning at very little extra
cost. This extra cost should only be incurred when objects are missing
and a failure would normally occur.

Change-Id: I2a704e3276b88cc892159d9bfe2455c6eec64252
Signed-off-by: Martin Fick <quic_mfick@quicinc.com>
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
3 years agoPack: Replace extensions bitset with bitmapIdx PackFile 29/175129/8
Nasser Grainawi [Thu, 11 Feb 2021 06:26:17 +0000 (23:26 -0700)]
Pack: Replace extensions bitset with bitmapIdx PackFile

The only extension that was ever consulted from the bitmap was the
bitmap index. We can simplify the Pack code as well as the code of
all the callers if we focus on just that usage.

Change-Id: I799ddfdee93142af67ce5081d14a430d36aa4c15
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
3 years agoPackDirectory: Use PackFile to ensure we find preserved packs 30/175130/11
Nasser Grainawi [Thu, 11 Feb 2021 06:33:43 +0000 (23:33 -0700)]
PackDirectory: Use PackFile to ensure we find preserved packs

Update scanPacksImpl and listPackDirectory (renamed to
getPackFilesByExtById) to use the new PackFile functionality to
validate file names and complete pack file sets (.pack, .idx, etc).

Most importantly, this allows a later change to rely on scanPacks() to
complete a packList that contains packs with the 'old-' prefix in their
extension.

This also eliminates duplication of logic for how to identify and
construct pack files.

Change-Id: I7175e5fefb187a29e0a7cf53c392aee922314f31
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
3 years agoGC: Use PackFile to de-dup logic 33/176533/4
Nasser Grainawi [Fri, 19 Feb 2021 00:36:49 +0000 (17:36 -0700)]
GC: Use PackFile to de-dup logic

GC has several places where it tries to build files names for packs that
we can use the PackFile class for instead.

Change-Id: I99e5ceff9050f8583368fca35279251955e4644d
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
3 years agoCreate a PackFile class for Pack filenames 45/176145/5
Nasser Grainawi [Thu, 11 Feb 2021 05:51:05 +0000 (22:51 -0700)]
Create a PackFile class for Pack filenames

The PackFile class is intended to be a central place to do all
common pack filename manipulation and parsing to help reduce repeated
code and bugs. Use the PackFile class in the Pack class and in many
tests to ensure it works well in a variety of situations. Later changes
will expand use of PackFiles to even more areas.

Change-Id: I921b30f865759162bae46ddd2c6d669de06add4a
Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoPrepare 5.11.0-SNAPSHOT builds 63/177163/1
Matthias Sohn [Thu, 4 Mar 2021 15:27:51 +0000 (16:27 +0100)]
Prepare 5.11.0-SNAPSHOT builds

Change-Id: I89ed49a6acc53dd75d16f40c99e1140e0c18f646
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoJGit v5.11.0.202103031150-rc1 07/177107/1 v5.11.0.202103031150-rc1
Matthias Sohn [Wed, 3 Mar 2021 16:48:00 +0000 (17:48 +0100)]
JGit v5.11.0.202103031150-rc1

Change-Id: I0a86fa59645888f9f36ea6938c9121e095f02fc6
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoMerge branch 'master' into stable-5.11 03/177103/1
Matthias Sohn [Wed, 3 Mar 2021 16:44:20 +0000 (17:44 +0100)]
Merge branch 'master' into stable-5.11

* master:
  HTTP: cookie file stores expiration in seconds
  Update Orbit to S20210223232630
  LFS: handle invalid pointers better
  Fix errorprone configuration for maven-compiler-plugin with javac

Change-Id: Ib76e754bd36789de0a3c6b85a4814aa1fe9cb401

3 years agoHTTP: cookie file stores expiration in seconds 83/176983/3
Thomas Wolf [Mon, 1 Mar 2021 07:30:09 +0000 (08:30 +0100)]
HTTP: cookie file stores expiration in seconds

A cookie file stores the expiration in seconds since the Linux Epoch,
not in milliseconds. Correct reading and writing cookie files; with
a backwards-compatibility hack to read files that contain a millisecond
timestamp.

Add a test, and fix tests not to rely on the actual current time so
that they will also run successfully after 2030-01-01 noon.

Bug: 571574
Change-Id: If3ba68391e574520701cdee119544eedc42a1ff2
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoMerge "Update Orbit to S20210223232630"
Matthias Sohn [Tue, 2 Mar 2021 16:07:49 +0000 (11:07 -0500)]
Merge "Update Orbit to S20210223232630"

3 years agoUpdate Orbit to S20210223232630 19/177019/1
Matthias Sohn [Mon, 1 Mar 2021 21:10:22 +0000 (22:10 +0100)]
Update Orbit to S20210223232630

Change-Id: Ida7a54cfe0bd15c1c28b892dea3452958924f0c0
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoLFS: handle invalid pointers better 22/175522/6
Thomas Wolf [Fri, 29 Jan 2021 22:03:44 +0000 (23:03 +0100)]
LFS: handle invalid pointers better

Make sure that SmudgeFilter calls LfsPointer.parseLfsPointer() with
a stream that supports mark/reset, and make sure that parseLfsPointer()
resets the stream properly if it decides that the stream content is not
a LFS pointer.

Add a test.

Bug: 570758
Change-Id: I2593d67cff31b2dfdfaaa48e437331f0ed877915
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoRemove ReftableNumbersNotIncreasingException 10/159910/2
Han-Wen Nienhuys [Mon, 1 Mar 2021 11:17:54 +0000 (12:17 +0100)]
Remove ReftableNumbersNotIncreasingException

In a distributed setting, one can have multiple datacenters use
reftables for serving, while the ground truth for the Ref database is
administered centrally. In this setting, replication delays combined
with compaction can cause update-index ranges to overlap.

Such a setting is used at Google, and the JGit code already handles
this correctly (modulo a bugfix that applied in change I8f8215b99a).

Remove the restriction that was applied at FileReftableDatabase.

Signed-off-by: Han-Wen Nienhuys <hanwen@google.com>
Change-Id: I6f9ed0fbd7fbc5220083ab808b22a909215f13a9

3 years agoFix errorprone configuration for maven-compiler-plugin with javac 27/174127/3
Matthias Sohn [Sun, 27 Dec 2020 01:11:47 +0000 (02:11 +0100)]
Fix errorprone configuration for maven-compiler-plugin with javac

See https://errorprone.info/docs/installation.

Add new profile jdk8 to enable running errorprone with javac on java 8
and java 11. Remove errorprone configuration from benchmark module,
didn't find a way to make it work and this module does not contain any
productive code.

Change-Id: I6a84195af05e6cea9e7c04ad5cd4c79742e80cb3
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoMerge branch 'stable-5.11' 80/176880/1
Matthias Sohn [Thu, 25 Feb 2021 08:09:57 +0000 (09:09 +0100)]
Merge branch 'stable-5.11'

* stable-5.11:
  Prepare 5.11.0-SNAPSHOT builds
  JGit v5.11.0.202102240950-m3

Change-Id: Ia216a698dd4f0dd235dfe4de4d2cc127aa530eed

3 years agoPrepare 5.11.0-SNAPSHOT builds 57/176857/1
Matthias Sohn [Wed, 24 Feb 2021 20:21:34 +0000 (21:21 +0100)]
Prepare 5.11.0-SNAPSHOT builds

Change-Id: If3dbe084ee37ae4b993d3a10ec48b14e8709ff6d
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoJGit v5.11.0.202102240950-m3 39/176839/1 v5.11.0.202102240950-m3
Matthias Sohn [Wed, 24 Feb 2021 14:50:41 +0000 (15:50 +0100)]
JGit v5.11.0.202102240950-m3

Change-Id: Iea6b3515fa63db497989194b6bf50fe7324086d0
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoMerge branch 'master' into stable-5.11 13/176813/1
Matthias Sohn [Wed, 24 Feb 2021 13:54:52 +0000 (14:54 +0100)]
Merge branch 'master' into stable-5.11

* master: (35 commits)
  [releng] japicmp: update last release version
  IgnoreNode: include path to file for invalid .gitignore patterns
  FastIgnoreRule: include bad pattern in log message
  init: add config option to set default for the initial branch name
  init: allow specifying the initial branch name for the new repository
  Fail clone if initial branch doesn't exist in remote repository
  GPG: fix reading unprotected old-format secret keys
  Update Orbit to S20210216215844
  Add missing bazel dependency for o.e.j.gpg.bc.test
  GPG: handle extended private key format
  dfs: handle short copies
  [GPG] Provide a factory for the BouncyCastleGpgSigner
  Fix boxing warnings
  GPG: compute the keygrip to find a secret key
  GPG signature verification via BouncyCastle
  Post commit hook failure should not cause commit failure
  Allow to define additional Hook classes outside JGit
  GitHook: use default charset for output and error streams
  GitHook: use generic OutputStream instead of PrintStream
  Update jetty to 9.4.36.v20210114
  ...

Change-Id: I1cf5ab262c67b986e82422c48dfc103e335d28cc

3 years ago[releng] japicmp: update last release version 55/176755/3
Thomas Wolf [Tue, 23 Feb 2021 21:17:07 +0000 (22:17 +0100)]
[releng] japicmp: update last release version

The baseline for the 5.11 release is 5.10.0.202012080955-r.

Change-Id: Ied9b42dc58ba981e5586fa58d1b3e70a39c78a10
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoIgnoreNode: include path to file for invalid .gitignore patterns 44/176744/2
Thomas Wolf [Tue, 23 Feb 2021 17:10:08 +0000 (18:10 +0100)]
IgnoreNode: include path to file for invalid .gitignore patterns

Include the full file path of the .gitignore file and the line number
of the invalid pattern. Also include the pattern itself.

.gitignore files inside the repository are reported with their
repository-relative path; files outside (from git config
core.excludesFile or .git/info/exclude) are reported with their
full absolute path.

Bug: 571143
Change-Id: Ibe5969679bc22cff923c62e3ab9801d90d6d06d1
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoFastIgnoreRule: include bad pattern in log message 31/176731/2
Thomas Wolf [Tue, 23 Feb 2021 12:11:56 +0000 (13:11 +0100)]
FastIgnoreRule: include bad pattern in log message

When a .gitignore pattern cannot be parsed include the pattern in the
log message. Just reporting "not closed bracket" isn't helpful if the
user doesn't know in which pattern the problem occurred.

Even better would be to include the full path of the .gitignore file
that contained the offending pattern. This is not implemented in this
change; it may need new API and needs more thought.

Bug: 571143
Change-Id: Id5b16d9cf550544ba3ad409a02041946fa8516ab
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoinit: add config option to set default for the initial branch name 97/175297/7
Matthias Sohn [Mon, 25 Jan 2021 01:43:18 +0000 (02:43 +0100)]
init: add config option to set default for the initial branch name

We introduced the option --initial-branch=<branch-name> to allow
initializing a new repository with a different initial branch.

To allow users to override the initial branch name more permanently
(i.e. without having to specify the name manually for each 'git init'),
introduce the 'init.defaultBranch' option.

This option was added to git in 2.28.0.

See https://git-scm.com/docs/git-config#Documentation/git-config.txt-initdefaultBranch

Bug: 564794
Change-Id: I679b14057a54cd3d19e44460c4a5bd3a368ec848
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoinit: allow specifying the initial branch name for the new repository 96/175296/6
Matthias Sohn [Mon, 25 Jan 2021 00:54:03 +0000 (01:54 +0100)]
init: allow specifying the initial branch name for the new repository

Add option --initial-branch/-b to InitCommand and the CLI init command.
This is the first step to implement support for the new option
init.defaultBranch. Both were added to git in release 2.28.

See https://git-scm.com/docs/git-init#Documentation/git-init.txt--bltbranch-namegt

Bug: 564794
Change-Id: Ia383b3f90b5549db80f99b2310450a7faf6bce4c
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoFail clone if initial branch doesn't exist in remote repository 64/175264/8
Matthias Sohn [Sat, 23 Jan 2021 23:17:13 +0000 (00:17 +0100)]
Fail clone if initial branch doesn't exist in remote repository

jgit clone --branch foo <url>

did not fail if the remote branch "foo" didn't exist in the remote
repository being cloned.

Bug: 546580
Change-Id: I55648ad3a39da4a5711dfa8e6d6682bb8190a6d6
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoGPG: fix reading unprotected old-format secret keys 95/176595/1
Thomas Wolf [Mon, 22 Feb 2021 08:29:12 +0000 (09:29 +0100)]
GPG: fix reading unprotected old-format secret keys

Fix code and add a test case. The old code passed on the original input
stream, which has already been consumed.

Bug: 570501
Change-Id: I81f60698ce42443df57e59b1d1ab155574136fa8
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoUpdate Orbit to S20210216215844 69/176569/1
Matthias Sohn [Sat, 20 Feb 2021 23:01:22 +0000 (00:01 +0100)]
Update Orbit to S20210216215844

Change-Id: Ic3af137e4aad0e6f7fd32c910766f547562442d6
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoAdd missing bazel dependency for o.e.j.gpg.bc.test 64/176564/2
Matthias Sohn [Sat, 20 Feb 2021 18:05:59 +0000 (19:05 +0100)]
Add missing bazel dependency for o.e.j.gpg.bc.test

This was missed in 64cbea8a9794047fe576d03ab8a46e4eaf7eabee.

Change-Id: I0b2b234b9888a7dd8b7ace624233b141fb7c4394
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoGPG: handle extended private key format 32/175332/11
Thomas Wolf [Sun, 24 Jan 2021 01:13:43 +0000 (02:13 +0100)]
GPG: handle extended private key format

Add detection for the key-value pair format that was available in
gpg-agent for some time already and that has become the default since
gpg-agent 2.2.20. If a secret key in the .gnupg/private-keys-v1.d
directory is found to have this format, extract the human-readable key
from it, convert it to the binary serialized form and hand that to
BouncyCastle.

Encrypted keys in the new format may use AES/OCB. OCB is a patent-
encumbered algorithm; although there is a license for open-source
software, that may not be good enough and OCB may not be available in
Java. It is not available in the default security provider in Java,
and it is also not available in the BouncyCastle version included in
Eclipse.

Implement AES/OCB decryption, throwing a PGPException with a nice
message if the algorithm is not available. Include a copy of the normal
s-expression parser of BouncyCastle and fix it to properly handle data
from such keys: such keys do not contain an internal hash since the
AES/OCB cipher includes and checks a MAC already.

Bug: 570501
Change-Id: Ifa6391a809a84cfc6ae7c6610af6a79204b4143b
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agodfs: handle short copies 47/173947/4
wh [Thu, 17 Dec 2020 18:14:32 +0000 (18:14 +0000)]
dfs: handle short copies

`copy` is documented as possibly returning a smaller number of bytes
than requested. In practice, this can occur if a block is cached and the
reader never pulls in the file to check its size.

Bug: 565874
Change-Id: I1e53b3d2f4ab09334178934dc0ef74ea99045cd3
Signed-off-by: wh <wh9692@protonmail.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoMerge "[GPG] Provide a factory for the BouncyCastleGpgSigner"
Thomas Wolf [Fri, 19 Feb 2021 07:57:38 +0000 (02:57 -0500)]
Merge "[GPG] Provide a factory for the BouncyCastleGpgSigner"

3 years ago[GPG] Provide a factory for the BouncyCastleGpgSigner 73/176473/3
Thomas Wolf [Thu, 18 Feb 2021 16:06:27 +0000 (17:06 +0100)]
[GPG] Provide a factory for the BouncyCastleGpgSigner

Otherwise client code has no way to ever create an instance without
using internal non-API.

Change-Id: I6201f98d4b1704a053159967b8adacd98e368522
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoMerge "Rename PackFile to Pack"
Jonathan Nieder [Thu, 18 Feb 2021 22:04:07 +0000 (17:04 -0500)]
Merge "Rename PackFile to Pack"

3 years agoFix boxing warnings 03/176303/2
Matthias Sohn [Tue, 16 Feb 2021 00:13:35 +0000 (01:13 +0100)]
Fix boxing warnings

Change-Id: Idf4887a99e87c375ec32e2fd289cfce82d78cbce
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoGPG: compute the keygrip to find a secret key 55/174955/13
Thomas Wolf [Sun, 17 Jan 2021 15:21:28 +0000 (16:21 +0100)]
GPG: compute the keygrip to find a secret key

The gpg-agent stores secret keys in individual files in the secret
key directory private-keys-v1.d. The files have the key's keygrip
(in upper case) as name and extension ".key".

A keygrip is a SHA1 hash over the parameters of the public key. By
computing this keygrip, we can pre-compute the expected file name and
then check only that one file instead of having to iterate over all
keys stored in that directory.

This file naming scheme is actually an implementation detail of
gpg-agent. It is unlikely to change, though. The keygrip itself is
computed via libgcrypt and will remain stable according to the GPG
main author.[1]

Add an implementation for calculating the keygrip and include tests.
Do not iterate over files in BouncyCastleGpgKeyLocator but only check
the single file identified by the keygrip.

Ideally upstream BouncyCastle would provide such a getKeyGrip() method.
But as it re-builds GPG and libgcrypt internals, it's doubtful it would
be included there, and since BouncyCastle even lacks a number of curve
OIDs for ed25519/curve25519 and uses the short-Weierstrass parameters
instead of the more common Montgomery parameters, including it there
might be quite a bit of work.

[1] http://gnupg.10057.n7.nabble.com/GnuPG-2-1-x-and-2-2-x-keyring-formats-tp54146p54154.html

Bug: 547536
Change-Id: I30022a0e7b33b1bf35aec1222f84591f0c30ddfd
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoGPG signature verification via BouncyCastle 06/174406/12
Thomas Wolf [Thu, 7 Jan 2021 16:11:57 +0000 (17:11 +0100)]
GPG signature verification via BouncyCastle

Add a GpgSignatureVerifier interface, plus a factory to create
instances thereof that is provided via the ServiceLoader mechanism.

Implement the new interface for BouncyCastle. A verifier maintains
an internal LRU cache of previously found public keys to speed up
verifying multiple objects (tag or commits). Mergetags are not handled.

Provide a new VerifySignatureCommand in org.eclipse.jgit.api together
with a factory method Git.verifySignature(). The command can verify
signatures on tags or commits, and can be limited to accept only tags
or commits. Provide a new public WrongObjectTypeException thrown when
the command is limited to either tags or commits and a name resolves
to some other object kind.

In jgit.pgm, implement "git tag -v", "git log --show-signature", and
"git show --show-signature". The output is similar to command-line
gpg invoked via git, but not identical. In particular, lines are not
prefixed by "gpg:" but by "bc:".

Trust levels for public keys are read from the keys' trust packets,
not from GPG's internal trust database. A trust packet may or may
not be set. Command-line GPG produces more warning lines depending
on the trust level, warning about keys with a trust level below
"full".

There are no unit tests because JGit still doesn't have any setup to
do signing unit tests; this would require at least a faked .gpg
directory with pre-created key rings and keys, and a way to make the
BouncyCastle classes use that directory instead of the default. See
bug 547538 and also bug 544847.

Tested manually with a small test repository containing signed and
unsigned commits and tags, with signatures made with different keys
and made by command-line git using GPG 2.2.25 and by JGit using
BouncyCastle 1.65.

Bug: 547751
Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years agoPost commit hook failure should not cause commit failure 76/154476/10
Tim Neumann [Fri, 13 Dec 2019 14:20:02 +0000 (15:20 +0100)]
Post commit hook failure should not cause commit failure

As the post commit hook is run after a commit is finished, it can not
abort the commit and the exit code of this hook should not have any
effect.

This can be achieved by not throwing a AbortedByHookException exception.
The stderr output is not lost thanks to contributions for bug 553471.

Bug: 553428
Change-Id: I451a76e04103e632ff44e045561c5a41f7b7d558
Signed-off-by: Tim Neumann <Tim.Neumann@advantest.com>
Signed-off-by: Fabian Pfaff <fabian.pfaff@vogella.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoAllow to define additional Hook classes outside JGit 47/175947/5
Matthias Sohn [Sun, 7 Feb 2021 22:48:57 +0000 (23:48 +0100)]
Allow to define additional Hook classes outside JGit

EGit wants to add gitflow specific hooks in org.eclipse.egit.gitflow.
Make GitHook public to allow sub-classing outside of the
org.eclipse.jgit.hooks package.

Change-Id: I439575ec901e3610b5cf9d66f7641c8324faa865
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoGitHook: use default charset for output and error streams 17/176017/4
Matthias Sohn [Tue, 9 Feb 2021 01:42:29 +0000 (02:42 +0100)]
GitHook: use default charset for output and error streams

External scripts most probably expect the default charset.

Change-Id: I318a5e1d9f536a95e70c06ffb5b6f408cd40f73a
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoGitHook: use generic OutputStream instead of PrintStream 16/176016/3
Matthias Sohn [Tue, 9 Feb 2021 01:34:10 +0000 (02:34 +0100)]
GitHook: use generic OutputStream instead of PrintStream

Change-Id: I15e64dc963c9d27dc9c8de4976dd63f74b918b15
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years agoUpdate jetty to 9.4.36.v20210114 34/176234/1
Matthias Sohn [Sat, 13 Feb 2021 20:56:03 +0000 (21:56 +0100)]
Update jetty to 9.4.36.v20210114

Change-Id: Iea57f0fddb0f10dbd1c9be886bfa5ad8c3ff5cb5
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>