aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit/resources
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'stable-6.3' into stable-6.4Matthias Sohn2023-02-221-0/+4
|\ | | | | | | | | | | | | | | | | * stable-6.3: Use Java 11 ProcessHandle to get pid of the current process Acquire file lock "gc.pid" before running gc Silence API errors introduced by 9424052f Change-Id: Ic40dbab18616d8d9fe3820b9890c86652b80eb47
| * Merge branch 'stable-6.2' into stable-6.3Matthias Sohn2023-02-221-0/+4
| |\ | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.2: Use Java 11 ProcessHandle to get pid of the current process Acquire file lock "gc.pid" before running gc Silence API errors introduced by 9424052f Change-Id: I53cf9675deac0b588048d8224216d2a7e8bd16ec
| | * Merge branch 'stable-6.1' into stable-6.2Matthias Sohn2023-02-221-0/+4
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.1: Use Java 11 ProcessHandle to get pid of the current process Acquire file lock "gc.pid" before running gc Silence API errors introduced by 9424052f Change-Id: I0562a4a224779ccf1e4cc1ff8f5a352e55ab220a
| | | * Merge branch 'stable-6.0' into stable-6.1Matthias Sohn2023-02-221-0/+4
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.0: Use Java 11 ProcessHandle to get pid of the current process Acquire file lock "gc.pid" before running gc Silence API errors introduced by 9424052f Change-Id: Ib9a2419253ffcbc90874adbfdb8129fee3178210
| | | | * Merge branch 'stable-5.13' into stable-6.0Matthias Sohn2023-02-221-0/+4
| | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.13: Acquire file lock "gc.pid" before running gc Silence API errors introduced by 9424052f Change-Id: Ibb5c46cb79377d2d2cd7d4586f31c86665d2851c
| | | | | * Acquire file lock "gc.pid" before running gcMatthias Sohn2023-02-211-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git guards gc by locking a lock file "gc.pid" before starting execution. The lock file contains the pid and hostname of the process holding the lock. Git tries to kill the process holding that lock if the lock file wasn't modified in the last 12 hours and was started from the same host. Teach JGit to acquire this lock before running gc but skip execution if another process already holds the lock. Killing the other process could be undesired if it's a long running application. If the lock file wasn't modified in the last 12 hours try to lock it and run gc if locking succeeds. Register a shutdown hook for the lock file to ensure it is cleaned up if the process is gracefully killed. Change-Id: I00b838dcbf4fb0d03863bf7a2cd86b743c6c6971
* | | | | | Split out ApplyCommand logic to PatchApplier classNitzan Gur-Furman2022-09-151-0/+4
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PatchApplier now routes updates through the index. This has two results: * we can now execute patches in-memory. * the JGit apply command will now always update the index to match the working tree. Change-Id: Id60a88232f05d0367787d038d2518c670cdb543f Co-authored-by: Han-Wen Nienhuys <hanwen@google.com> Co-authored-by: Nitzan Gur-Furman <nitzan@google.com>
* | | | | ObjectDirectory: improve reading of shallow fileRobin Müller2022-07-311-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use FileUtils.readWithRetries(). Change-Id: I5929184caca6b83a1ee87b462e541620bd68aa90
* | | | | Fetch: add support for shallowRobin Müller2022-07-311-0/+4
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for shallow cloning. The CloneCommand and the FetchCommand now have the new methods setDepth, setShallowSince and addShallowExclude to tell the server that the client doesn't want to download the complete history. Bug: 475615 Change-Id: Ic80fb6efb5474543ae59be590ebe385bec21cc0d
* | | | Merge branch 'stable-6.1' into stable-6.2Matthias Sohn2022-06-151-0/+5
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.1: Prepare 5.13.2-SNAPSHOT builds JGit v5.13.1.202206130422-r AmazonS3: Add support for AWS API signature version 4 Change-Id: Id4965aacd4e2ea1e8575a2c1bd4845729db6049a
| * | | Merge branch 'stable-6.0' into stable-6.1Matthias Sohn2022-06-151-0/+5
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-6.0: Prepare 5.13.2-SNAPSHOT builds JGit v5.13.1.202206130422-r AmazonS3: Add support for AWS API signature version 4 Change-Id: Ie9c38ab8033fe1283e8b444b6acd3f4298062bf3
| | * | Merge branch 'stable-5.13' into stable-6.0Matthias Sohn2022-06-151-0/+5
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.13: Prepare 5.13.2-SNAPSHOT builds JGit v5.13.1.202206130422-r AmazonS3: Add support for AWS API signature version 4 Change-Id: Ibd663a1d874d1aac274abc3dd44354fd99f64c39
| | | * AmazonS3: Add support for AWS API signature version 4eric.steele2022-06-131-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updating the AmazonS3 class to support AWS Signature version 4 because version 2 is no longer supported in all AWS regions. The version can be selected with the new 'aws.api.signature.version' property (defaults to 2 for backwards compatibility). When set to '4', the user must also specify the AWS region via the 'region' property. The 'region' property must match the region that the 'domain' property resolves to. Bug: 579907 Change-Id: If289dbc6d0f57323cfeaac2624c4eb5028f78d13
* | | | Teach JGit to handle external diff/merge tools defined in .gitattributesAndre Bossert2022-06-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds API that allows UI to find (and handle) diff/merge tools, specific for the given path. The assumption is that user can specify file type specific diff/merge tools via gitattributes. Bug: 552840 Change-Id: I1daa091e9afa542a9ebb5417853dff0452ed52dd Signed-off-by: Mykola Zakharchuk <zakharchuk.vn@gmail.com> Signed-off-by: Andrey Loskutov <loskutov@gmx.de> Signed-off-by: Andre Bossert <andre.bossert@siemens.com>
* | | | Fetch: Introduce negative refspecs.yunjieli2022-04-131-0/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement negative refspecs in JGit fetch, following C Git. Git supports negative refspecs in source only while this change supports them in both source and destination. If one branch is equal to any branch or matches any pattern in the negative refspecs collection, the branch will not be fetched even if it's in the toFetch collection. With this feature, users can express more complex patterns during fetch. Change-Id: Iaa1cd4de5c08c273e198b72e12e3dadae7be709f Sign-off-by: Yunjie Li<yunjieli@google.com>
* | | Describe: add support for core.abbrev config optionMatthias Sohn2022-03-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If core.abbrev is unset or "auto" estimate abbreviation length like C git does: - Estimate repository's object count by only considering packed objects, round up to next power of 2 - With the order of 2^len objects, we expect a collision at 2^(len/2). But we also care about hex chars, not bits, and there are 4 bits per hex. So all together we need to divide by 2; but we also want to round odd numbers up, hence adding one before dividing. - For small repos use at least 7 hexdigits - If object database fails to determine object count use 7 hexdigits as fallback If it is set to "no" do not abbreviate object-ids. Otherwise set it to the configured value capped to the range between 4 and length of an unabbreviated object-id. Change-Id: I425f9724b69813dbb57872466bf2d2e1d6dc72c6
* | | Add a typed config getter for integers confined to a rangeMatthias Sohn2022-03-021-0/+2
| | | | | | | | | | | | | | | | | | Use Integer#MIN_VALUE to denote unset option. Change-Id: I4d65f2434013111f25520c0ed2b9a9dc8123c6cf
* | | PushCommand: consider push.default when no RefSpecs are givenRolf Theunissen2022-02-141-0/+5
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When no RefSpecs are given, PushCommand until now simply fell back to pushing the current branch to an upstream branch of the same name. This corresponds to push.default=current. Any setting from the git config for push.default was simply ignored. Implement the other modes (nothing, matching, upstream, and simple), too. Add a setter and getter for the PushDefault so that an application can force a particular mode to be used. For backwards compatibility, use "current" as the default setting; to figure out the value from the git config, which defaults to "simple", call setPushDefault(null). Bug: 351314 Change-Id: I86c5402318771e47d80b137e99947762e1150bb4 Signed-off-by: Rolf Theunissen <rolf.theunissen@gmail.com> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | Factor out parsing git-style size numbers to StringUtilsThomas Wolf2021-10-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | Move the code to parse numbers with an optional 'k', 'm', or 'g' suffix from the config file handling to StringUtils. This enables me to re-use it in EGit, which has duplicate code in StorageSizeFieldEditor. As this is generally useful functionality, providing it in the library makes sense. Change-Id: I86e4f5f62e14f99b35726b198ba3bbf1669418d9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | Don't rely on an implicit default character setThomas Wolf2021-10-261-0/+1
|/ | | | | | | | | | | | | JEP 400 (Java 18) will change the default character set to UTF-8 unconditionally.[1] Introduce SystemReader.getDefaultCharset() that provides the locale-dependent charset the way JEP 400 recommends. Change all code locations using Charset.defaultCharset() to use the new SystemReader method instead. [1] https://openjdk.java.net/jeps/400 Change-Id: I986f97a410d2fc70748b6f93228a2d45ff100b2c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Support commit.template config propertyJulian Ruppel2021-07-211-0/+1
| | | | | | | | | | Adds functionality to read the git commit.template property. The template content is read either via a default encoding or, if present, via encoding specified by i18n.commitEncoding property. Bug: 446355 Change-Id: I0c45db98e324ddff26a7e0262835f259d6528a86 Signed-off-by: Julian Ruppel <julian.ruppel@sap.com>
* Merge branch 'stable-5.12'Matthias Sohn2021-06-261-0/+1
|\ | | | | | | | | | | | | | | * stable-5.12: Retry loose object read upon "Stale file handle" exception Ignore missing javadoc in test bundles Change-Id: I67c613c066a3252f9b0d0a3dcc026b57e10bfe1d
| * Merge branch 'stable-5.11' into stable-5.12Matthias Sohn2021-06-261-0/+1
| |\ | | | | | | | | | | | | | | | | | | | | | * stable-5.11: Retry loose object read upon "Stale file handle" exception Ignore missing javadoc in test bundles Change-Id: Ia4dc886c920cec3c9da86e1a90a0af68bd016b4f
| | * Merge branch 'stable-5.10' into stable-5.11Matthias Sohn2021-06-261-0/+1
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.10: Retry loose object read upon "Stale file handle" exception Ignore missing javadoc in test bundles Change-Id: Ia385fa6b5d2fee64476793e06860a279bf2f6e36
| | | * Merge branch 'stable-5.9' into stable-5.10Matthias Sohn2021-06-251-0/+1
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.9: Retry loose object read upon "Stale file handle" exception Ignore missing javadoc in test bundles Change-Id: I56fc2c47193a891285a705d44b3507f23982dc8a
| | | | * Retry loose object read upon "Stale file handle" exceptionAntonio Barone2021-06-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When reading loose objects over NFS it is possible that the OS syscall would fail with ESTALE errors: This happens when the open file descriptor no longer refers to a valid file. Notoriously it is possible to hit this scenario when git data is shared among multiple clients, for example by multiple gerrit instances in HA. If one of the two clients performs a GC operation that would cause the packing and then the pruning of loose objects, the other client might still hold a reference to those objects, which would cause an exception to bubble up the stack. The Linux NFS FAQ[1] (at point A.10), suggests that the proper way to handle such ESTALE scenarios is to: "[...] close the file or directory where the error occurred, and reopen it so the NFS client can resolve the pathname again and retrieve the new file handle." In case of a stale file handle exception, we now attempt to read the loose object again (up to 5 times), until we either succeed or encounter a FileNotFoundException, in which case the search can continue to Packfiles and alternates. The limit of 5 provides an arbitrary upper bounds that is consistent to the one chosen when handling stale file handles for packed-refs files (see [2] for context). [1] http://nfs.sourceforge.net/ [2] https://git.eclipse.org/r/c/jgit/jgit/+/54350 Bug: 573791 Change-Id: I9950002f772bbd8afeb9c6108391923be9d0ef51
| | * | | Merge branch 'stable-5.10' into stable-5.11Matthias Sohn2021-05-111-0/+3
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.10: LockFile: create OutputStream only when needed Remove ReftableNumbersNotIncreasingException Change-Id: Id6e0a78caf12c19a01a88d1ddb8a7df2b3590f98
| | | * | Merge branch 'stable-5.9' into stable-5.10Matthias Sohn2021-05-111-0/+3
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.9: LockFile: create OutputStream only when needed Remove ReftableNumbersNotIncreasingException Fix stamping to produce stable file timestamps Change-Id: I056382d1d93f3e0a95838bdd1f0be89711c8a722
| | | | * Merge branch 'stable-5.8' into stable-5.9Matthias Sohn2021-05-111-0/+3
| | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.8: LockFile: create OutputStream only when needed Remove ReftableNumbersNotIncreasingException Change-Id: I3274c97cf560398c3c4c27d6759500452f315db0
| | | | | * Merge branch 'stable-5.7' into stable-5.8Matthias Sohn2021-05-111-0/+7
| | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.7: LockFile: create OutputStream only when needed Remove ReftableNumbersNotIncreasingException Change-Id: Ib3f280e0741f87a0ff615d857a5ea39b35527e74
| | | | | | * Merge branch 'stable-5.6' into stable-5.7Matthias Sohn2021-05-111-0/+7
| | | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.6: LockFile: create OutputStream only when needed Change-Id: I7c0e37d2cee0923662a7e39df5a802a84c017e4f
| | | | | | | * LockFile: create OutputStream only when neededThomas Wolf2021-05-101-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't create the stream eagerly in lock(); that may cause JGit to exceed OS or JVM limits on open file descriptors if many locks need to be created, for instance when creating many refs. Instead create the output stream only when one really needs to write something. Bug: 573328 Change-Id: If9441ed40494d46f594a896d34a5c4f56f91ebf4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | | | searchForReuse might impact performance in large repositoriesFabio Ponciroli2021-06-251-0/+1
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The search for reuse phase for *all* the objects scans *all* the packfiles, looking for the best candidate to serve back to the client. This can lead to an expensive operation when the number of packfiles and objects is high. Add parameter "pack.searchForReuseTimeout" to limit the time spent on this search. Change-Id: I54f5cddb6796fdc93ad9585c2ab4b44854fa6c48
* | | | | | | ApplyCommand: support binary patchesThomas Wolf2021-05-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement applying binary patches. Handles both literal and delta patches. Note that C git also runs binary files through the clean and smudge filters. Implement the same safeguards against corrupted patches as in C git: require the full OIDs to be present in the patch file, and apply a binary patch only if both pre- and post-image hashes match. Add tests for applying literal and delta patches. Bug: 371725 Change-Id: I71dc214fe4145d7cc8e4769384fb78c7d0d6c220 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | | ApplyCommand: add a stream to apply a delta patchThomas Wolf2021-05-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new BinaryDeltaInputStream that applies a delta provided by another InputStream to a given base. Because delta application needs random access to the base, the base itself cannot be yet another InputStream. But at least this enables streaming of the result. Add a simple test using delta hunks generated by C git. Bug: 371725 Change-Id: Ibd26fa2f49860737ad5c5387f7f4870d3e85e628 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | | | | ApplyCommand: add streams to read/write binary patch hunksThomas Wolf2021-05-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add streams that can encode or decode git binary patch data on the fly. Git writes binary patches base-85 encoded, at most 52 un-encoded bytes, with the unencoded data length prefixed in a one-character encoding, and suffixed with a newline character. Add a test for both the new input and the output stream. The test roundtrips binary data of different lengths in different ways. Bug: 371725 Change-Id: Ic3faebaa4637520f5448b3d1acd78d5aaab3907a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | | ApplyCommand: add a base-85 codecThomas Wolf2021-05-261-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an implementation for base-85 encoding and decoding [1]. Git binary patches use this format. Base-85 encoding assembles bytes as 32-bit MSB values, then converts these values to base-85 numbers (always 5 bytes) encoded as printable ASCII characters. Decoding base-85 is the reverse operation. Note that decoding may overflow on invalid input as 85^5 > 2^32. Encodings always have a length that is a multiple of 5. If input length is not divisible by 4, padding bytes are (logically) added, which are ignored when decoding. The encoding for n bytes has thus always exactly length (n + 3) / 4 * 5 in integer arithmetic (truncating division). Includes tests. [1] https://datatracker.ietf.org/doc/html/rfc1924 Bug: 371725 Change-Id: Ib5b9a503cd62cf70e080a4fb38c8cd1eeeaebcfe Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | | | | LockFile: create OutputStream only when neededThomas Wolf2021-05-071-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't create the stream eagerly in lock(); that may cause JGit to exceed OS or JVM limits on open file descriptors if many locks need to be created, for instance when creating many refs. Instead create the output stream only when one really needs to write something. Bug: 573328 Change-Id: If9441ed40494d46f594a896d34a5c4f56f91ebf4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | | Merge branch 'stable-5.11'Matthias Sohn2021-03-261-0/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.11: Refactor CommitCommand to improve readability CommitCommand: fix formatting CommitCommand: remove unncessary comment Ensure post-commit hook is called after index lock was released sshd: try all configured signature algorithms for a key sshd: modernize ssh config file parsing sshd: implement ssh config PubkeyAcceptedAlgorithms Change-Id: Ic3235ffd84c9d7537a1fe5ff4f216578e6e26724 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
| * | | | | | Ensure post-commit hook is called after index lock was releasedMatthias Sohn2021-03-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise a post-commit hook cannot modify the index. Bug: 566934 Change-Id: I0093dccd93b2064f243544b516bdce198afdb18b Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | | | | HTTP cookies: do tilde expansion on http.cookieFileThomas Wolf2021-03-121-0/+1
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git config http.cookieFile must have ~ expansion, compare [1]. It also should be an absolute path. While a relative path is allowed, C git just passes the value on to libcurl, so it'll be relative to the current working directory and thus not work in all directories. Log a warning if the path is relative. (Alternatives would be to throw an exception, or to resolve the path relative to the .git directory, or relative to the working tree root, or relative to the config file it occurs in. But C git does not seem to do either.) [1] https://github.com/git/git/commit/e5a39ad8e Bug: 571798 Change-Id: I5cdab6061d0613ac7d8cb7977e5b97f5b88f562d Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | Create a PackFile class for Pack filenamesNasser Grainawi2021-03-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PackFile class is intended to be a central place to do all common pack filename manipulation and parsing to help reduce repeated code and bugs. Use the PackFile class in the Pack class and in many tests to ensure it works well in a variety of situations. Later changes will expand use of PackFiles to even more areas. Change-Id: I921b30f865759162bae46ddd2c6d669de06add4a Signed-off-by: Nasser Grainawi <quic_nasserg@quicinc.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | | | IgnoreNode: include path to file for invalid .gitignore patternsThomas Wolf2021-02-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Include the full file path of the .gitignore file and the line number of the invalid pattern. Also include the pattern itself. .gitignore files inside the repository are reported with their repository-relative path; files outside (from git config core.excludesFile or .git/info/exclude) are reported with their full absolute path. Bug: 571143 Change-Id: Ibe5969679bc22cff923c62e3ab9801d90d6d06d1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | FastIgnoreRule: include bad pattern in log messageThomas Wolf2021-02-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a .gitignore pattern cannot be parsed include the pattern in the log message. Just reporting "not closed bracket" isn't helpful if the user doesn't know in which pattern the problem occurred. Even better would be to include the full path of the .gitignore file that contained the offending pattern. This is not implemented in this change; it may need new API and needs more thought. Bug: 571143 Change-Id: Id5b16d9cf550544ba3ad409a02041946fa8516ab Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | Fail clone if initial branch doesn't exist in remote repositoryMatthias Sohn2021-02-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | jgit clone --branch foo <url> did not fail if the remote branch "foo" didn't exist in the remote repository being cloned. Bug: 546580 Change-Id: I55648ad3a39da4a5711dfa8e6d6682bb8190a6d6 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | | | | | GPG signature verification via BouncyCastleThomas Wolf2021-02-161-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a GpgSignatureVerifier interface, plus a factory to create instances thereof that is provided via the ServiceLoader mechanism. Implement the new interface for BouncyCastle. A verifier maintains an internal LRU cache of previously found public keys to speed up verifying multiple objects (tag or commits). Mergetags are not handled. Provide a new VerifySignatureCommand in org.eclipse.jgit.api together with a factory method Git.verifySignature(). The command can verify signatures on tags or commits, and can be limited to accept only tags or commits. Provide a new public WrongObjectTypeException thrown when the command is limited to either tags or commits and a name resolves to some other object kind. In jgit.pgm, implement "git tag -v", "git log --show-signature", and "git show --show-signature". The output is similar to command-line gpg invoked via git, but not identical. In particular, lines are not prefixed by "gpg:" but by "bc:". Trust levels for public keys are read from the keys' trust packets, not from GPG's internal trust database. A trust packet may or may not be set. Command-line GPG produces more warning lines depending on the trust level, warning about keys with a trust level below "full". There are no unit tests because JGit still doesn't have any setup to do signing unit tests; this would require at least a faked .gpg directory with pre-created key rings and keys, and a way to make the BouncyCastle classes use that directory instead of the default. See bug 547538 and also bug 544847. Tested manually with a small test repository containing signed and unsigned commits and tags, with signatures made with different keys and made by command-line git using GPG 2.2.25 and by JGit using BouncyCastle 1.65. Bug: 547751 Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | TransportHttp: support preemptive Basic authenticationThomas Wolf2021-01-141-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the caller knows already HTTP Basic authentication will be needed and if it also already has the username and password, preemptive authentication is a little bit more efficient since it avoids the initial 401 response. Add a setPreemptiveBasicAuthentication(username, password) method to TransportHttp. Client code could call this for instance in a TransportConfigCallback. The method throws an IllegalStateException if it is called after an HTTP request has already been made. Additionally, a URI can include userinfo. Although it is not recommended to put passwords in URIs, JGit's URIish and also the Java URL and URI classes still allow it. The underlying HTTP connection may omit these fields though. If present, take these fields as additional source for preemptive Basic authentication if setPreemptiveBasicAuthentication() has not been called. No preemptive authentication will be done if the connection is redirected to a different host. Add tests. Bug: 541327 Change-Id: Id00b975e56a15b532de96f7bbce48106d992a22b Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | TransportHttp: shared SSLContext during fetch or pushThomas Wolf2021-01-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TransportHttp makes several HTTP requests. The SSLContext and socket factory must be shared over these requests, otherwise authentication information may not be propagated correctly from one request to the next. This is important for authentication mechanisms that rely on client-side state, like NEGOTIATE (either NTLM, if the underlying HTTP library supports it, or Kerberos). In particular, SPNEGO cannot authenticate on a POST request; the authentication must come from the initial GET request, which implies that the POST request must use the same SSLContext and socket factory that was used for the GET. Change the way HTTPS connections are configured. Introduce the concept of a GitSession, which is a client-side HTTP session over several HTTPS requests. TransportHttp creates such a session and uses it to configure all HTTP requests during that session (fetch or push). This gives a way to abstract away the differences between JDK and Apache HTTP connections and to configure SSL setup outside. A GitSession can maintain state and thus give all HTTP requests in a session the same socket factory. Introduce an extension interface HttpConnectionFactory2 that adds a method to obtain a new GitSession. Implement this for both existing HTTP connection factories. Change TransportHttp to use the new GitSession to configure HTTP connections. The old methods for disabling SSL verification still exist to support possibly external connection and connection factory implementations that do not make use of the new GitSession yet. Bug: 535850 Change-Id: Iedf67464e4e353c1883447c13c86b5a838e678f1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | TransportHttp: make the connection factory configurableThomas Wolf2021-01-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, TransportHttp always used the globally set connection factory. This is problematic if that global factory is changed in the middle of a fetch or push operation. Initialize the factory to use in the constructor, then use that factory for all HTTP requests made through this transport. Provide a setter and a getter for it so that client code can customize the factory, if needed, in a TransportConfigCallback. Once a factory has been used on a TransportHttp instance it cannot be changed anymore. Make the global static factory reference volatile. Change-Id: I7c6ee16680407d3724e901c426db174a3125ba1c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | | | | | Client-side protocol V2 support for fetchingThomas Wolf2021-01-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (stateless protocol, simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. The SSH tests are much slower and much more focused on the SSH protocol and SSH key handling. Factor out two very simple cloning and pulling tests and make those run with protocol V2. Bug: 553083 Change-Id: I357c7f5daa7efb2872f1c64ee6f6d54229031ae1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>