1. 19 Feb, 2020 6 commits
  2. 18 Feb, 2020 8 commits
  3. 15 Feb, 2020 1 commit
  4. 11 Feb, 2020 2 commits
    • streams: openssl: switch approach to silence Valgrind errors · 0119e57d
      As OpenSSL loves using uninitialized bytes as another source of entropy,
      we need to mark them as defined so that Valgrind won't complain about
      use of these bytes. Traditionally, we've been using the macro
      `VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
      OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
      become opaque. As such, we also can't set it as defined anymore, as we
      have no way of knowing its size.
      
      Let's change gears instead by just swapping out the allocator functions
      of OpenSSL with our own ones. The twist is that instead of calling
      `malloc`, we just call `calloc` to have the bytes initialized
      automatically. Next to soothing Valgrind, this approach has the benefit
      of being completely agnostic of the memory sanitizer and is neatly
      contained at a single place.
      
      Note that we shouldn't do this for non-Valgrind builds. As we cannot
      set up memory functions for a given SSL context, only, we need to swap
      them at a global context. Furthermore, as it's possible to call
      `OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
      set up their own allocators.
      Patrick Steinhardt committed
    • cmake: consolidate Valgrind option · 877054f3
      OpenSSL doesn't initialize bytes on purpose in order to generate
      additional entropy. Valgrind isn't too happy about that though, causing
      it to generate warninings about various issues regarding use of
      uninitialized bytes.
      
      We traditionally had some infrastructure to silence these errors in our
      OpenSSL stream implementation, where we invoke the Valgrind macro
      `VALGRIND_MAKE_MEMDEFINED` in various callbacks that we provide to
      OpenSSL. Naturally, we only include these instructions if a preprocessor
      define "VALGRIND" is set, and that in turn is only set if passing
      "-DVALGRIND" to CMake. We do that in our usual Azure pipelines, but we
      in fact forgot to do this in our nightly build. As a result, we get a
      slew of warnings for these nightly builds, but not for our normal
      builds.
      
      To fix this, we could just add "-DVALGRIND" to our nightly builds. But
      starting with commit d827b11b (tests: execute leak checker via CTest
      directly, 2019-06-28), we do have a secondary variable that directs
      whether we want to use memory sanitizers for our builds. As such, every
      user wishing to use Valgrind for our tests needs to pass both options
      "VALGRIND" and "USE_LEAK_CHECKER", which is cumbersome and error prone,
      as can be seen by our own builds.
      
      Instead, let's consolidate this into a single option, removing the old
      "-DVALGRIND" one. Instead, let's just add the preprocessor directive if
      USE_LEAK_CHECKER equals "valgrind" and remove "-DVALGRIND" from our own
      pipelines.
      Patrick Steinhardt committed
  5. 08 Feb, 2020 2 commits
  6. 07 Feb, 2020 21 commits
    • scripts: add script to create releases · 2ae45bc3
      The current release process is not documented in any way. As a result,
      it's not obvious how releases should be done at all, like e.g. which
      locations need adjusting.
      
      To fix this, let's introduce a new script that shall from now on be used
      to do all releases. As input it gets the tree that shall be released,
      the repository in which to do the release, credentials to
      authenticate against GitHub and the new version. E.g. executing the
      following will create a new release v0.32:
      
          $ ./script/release.py 0.32.0 --user pks-t --password ****
      
      While the password may currently be your usual GitLab password, it's
      recommended to use a personal access token intead.
      
      The script will then perform the following steps:
      
          1. Verify that "include/git2/version.h" matches the new version.
      
          2. Verify that "docs/changelog.md" has a section for that new
             version.
      
          3. Extract the changelog entries for the current release from
             "docs/changelog.md".
      
          4. Generate two archives in "tar.gz" and "zip" format via "git
             archive" from the tree passed by the user. If no tree was passed,
             we will use "HEAD".
      
          5. Create the GitHub release using the extracted changelog entries
             as well as tag and name information derived from the version
             passed by the used.
      
          6. Upload both code archives to that release.
      
      This should cover all steps required for a new release and thus ensures
      that nothing is missing that shouldn't be.
      Patrick Steinhardt committed
    • editorconfig: special-case Python scripts · 1e556eeb
      Python's PEP 8 specifies that one shall use spaces instead of tabs as
      coding style, and we actually honor that currently. Our EditorConfig
      does not special-case Python scripts, though, which is why we end up
      with our C coding style and thus with tabs.
      
      Special-case "*.py" files to override that default with spaces to fix
      this.
      Patrick Steinhardt committed
    • tests: iterator: fix iterator expecting too few items · 26b71d60
      The testcase iterator::workdir::filesystem_gunk sets up quite a lot of
      directories, which is why it only runs in case GITTEST_INVASIVE_SPEED is
      set in the environment. Because we do not run our default CI with this
      variable, we didn't notice commit 852c83ee (refs: refuse to delete
      HEAD, 2020-01-15) breaking the test as it introduced a new reference to
      the "testrepo" repository.
      
      Fix the oversight by increasing the number of expected iterator items.
      Patrick Steinhardt committed
    • azure: test: silence termination message when killing git-daemon(1) · 49bb4237
      In order to properly tear down the test environment, we will kill
      git-daemon(1) if we've exercised it. As git-daemon(1) is spawned as a
      background process, it is still owned by the shell and thus killing it
      later on will print a termination message to the shell's stderr, causing
      Azure to report it as an error.
      
      Fix this by disowning the background process.
      Patrick Steinhardt committed
    • azure: docker: avoid re-creating libgit2 home directory · fb03f02a
      The Docker entrypoint currently creates the libgit2 user with "useradd
      --create-home". As we start the Docker container with two volumes
      pointing into "/home/libgit2/", the home directory will already exist.
      While useradd(1) copes with this just fine, it will print error messages
      to stderr which end up as failures in our Azure pipelines.
      
      Fix this by simply removing the "--create-home" parameter.
      Patrick Steinhardt committed
    • azure: test: silence curl to not cause Azure to trop · 52cb4040
      Without the "--silent" parameter, curl will print a progress meter to
      stderr. Azure has the nice feature of interpreting any output to stderr
      as errors with a big red warning towards the end of the build. Let's
      thus silence curl to not generate any misleading messages.
      Patrick Steinhardt committed
    • azure: docker: pipe downloaded archives into tar(1) directly · a3ec07d7
      When building dependencies for our Docker images, we first download the
      sources to disk first, unpack them and finally remove the archive again.
      This can be sped up by piping the downloading archive into tar(1)
      directly to parallelize both tasks. Furthermore, let's silence curl(1)
      to not print to status information to stderr, which tends to be
      interpreted as errors by Azure Pipelines.
      Patrick Steinhardt committed
    • streams: openssl: ignore return value of `git_mutex_lock` · b3b92e09
      OpenSSL pre-v1.1 required us to set up a locking function to properly
      support multithreading. The locking function signature cannot return any
      error codes, and as a result we can't do anything if `git_mutex_lock`
      fails. To silence static analysis tools, let's just explicitly ignore
      its return value by casting it to `void`.
      Patrick Steinhardt committed
    • cache: fix invalid memory access in case updating cache entry fails · 7d1b1774
      When adding a new entry to our cache where an entry with the same OID
      exists already, then we only update the existing entry in case it is
      unparsed and the new entry is parsed. Currently, we do not check the
      return value of `git_oidmap_set` though when updating the existing
      entry. As a result, we will _not_ have updated the existing entry if
      `git_oidmap_set` fails, but have decremented its refcount and
      incremented the new entry's refcount. Later on, this may likely lead to
      dereferencing invalid memory.
      
      Fix the issue by checking the return value of `git_oidmap_set`. In case
      it fails, we will simply keep the existing stored instead, even though
      it's unparsed.
      Patrick Steinhardt committed
    • worktree: report errors when unable to read locking reason · 775af015
      Git worktree's have the ability to be locked in order to spare them from
      deletion, e.g. if a worktree is absent due to being located on a
      removable disk it is a good idea to lock it. When locking such
      worktrees, it is possible to give a locking reason in order to help the
      user later on when inspecting status of any such locked trees.
      
      The function `git_worktree_is_locked` serves to read out the locking
      status. It currently does not properly report any errors when reading
      the reason file, and callers are unexpecting of any negative return
      values, too. Fix this by converting callers to expect error codes and
      checking the return code of `git_futils_readbuffer`.
      Patrick Steinhardt committed
    • repository: check error codes when reading common link · 2288a713
      When checking whether a path is a valid repository path, we try to read
      the "commondir" link file. In the process, we neither confirm that
      constructing the file's path succeeded nor do we verify that reading the
      file succeeded, which might cause us to verify repositories on an empty
      or bogus path later on.
      
      Fix this by checking return values. As the function to verify repos
      doesn't currently support returning errors, this commit also refactors
      the function to return an error code, passing validity of the repo via
      an out parameter instead, and adjusts all existing callers.
      Patrick Steinhardt committed
    • pack-objects: check return code of `git_zstream_set_input` · b169cd52
      While `git_zstream_set_input` cannot fail right now, it might change in
      the future if we ever decide to have it check its parameters more
      vigorously. Let's thus check whether its return code signals an error.
      Patrick Steinhardt committed
    • indexer: check return code of `git_hash_ctx_init` · 90450d88
      Initialization of the hashing context may fail on some systems, most
      notably on Win32 via the legacy hashing context. As such, we need to
      always check the error code of `git_hash_ctx_init`, which is not done
      when creating a new indexer.
      
      Fix the issue by adding checks.
      Patrick Steinhardt committed
    • push: check error code returned by `git_revwalk_hide` · 6eebfc06
      When queueing objects we want to push, we call `git_revwalk_hide` to
      hide all objects already known to the remote from our revwalk. We do not
      check its return value though, where the orginial intent was to ignore
      the case where the pushed OID is not a known committish. As
      `git_revwalk_hide` can fail due to other reasons like out-of-memory
      exceptions, we should still check its return value.
      
      Fix the issue by checking the function's return value, ignoring
      errors hinting that it's not a committish. As `git_revwalk__push_commit`
      currently clobbers these error codes, we need to adjust it as well in
      order to make it available downstream.
      Patrick Steinhardt committed
    • notes: check error code returned by `git_iterator_advance` · 31a577d0
      When calling `git_note_next`, we end up calling `git_iterator_advance`
      but ignore its error code. The intent is that we do not want to return
      an error if it returns `GIT_ITEROVER`, as we want to return that value
      on the next invocation of `git_note_next`. We should still check for any
      other error codes returned by `git_iterator_advance` to catch unexpected
      internal errors.
      
      Fix this by checking the function's return value, ignoring
      `GIT_ITEROVER`.
      Patrick Steinhardt committed
    • tests: add missing error checks · 2e6cbff8
      We should always verify error codes returned by function calls in our
      test suite to not accidentally miss any weird results. Coverity reported
      missing checks in several locations, which this commit fixes.
      Patrick Steinhardt committed
    • tests: blame: fix conversion specifiers in format string · 7d65d4cb
      While the blame helper function `hunk_message` accepts a printf-style
      format string, we didn't add a compiler attribute to let the compiler
      check for correct conversion specifiers. As a result, some users of the
      function used wrong specifiers.
      
      Add the GIT_FORMAT_PRINTF attribute to the function and fix resulting
      warnings by using the correct specifiers.
      Patrick Steinhardt committed
    • Merge pull request #5387 from pks-t/pks/transport-http-custom-headers · 03ac24b1
      transports: http: fix custom headers not being applied
      Patrick Steinhardt committed
    • Merge pull request #5382 from libgit2/pks/azure-coverity · 65ac33ae
      azure: fix Coverity pipeline
      Patrick Steinhardt committed
    • transports: http: fix custom headers not being applied · 46228d86
      In commit b9c5b15a (http: use the new httpclient, 2019-12-22), the HTTP
      code got refactored to extract a generic HTTP client that operates
      independently of the Git protocol. Part of refactoring was the creation
      of a new `git_http_request` struct that encapsulates the generation of
      requests. Our Git-specific HTTP transport was converted to use that in
      `generate_request`, but during the process we forgot to set up custom
      headers for the `git_http_request` and as a result we do not send out
      these headers anymore.
      
      Fix the issue by correctly setting up the request's custom headers and
      add a test to verify we correctly send them.
      Patrick Steinhardt committed
    • sha1_lookup: inline its only function into "pack.c" · f0f1cd1d
      The file "sha1_lookup.c" contains a single function `sha1_position`
      only which is used only in the packfile implementation. As the function
      is comparatively small, to enable the compiler to optimize better and to
      remove symbol visibility, move it into "pack.c".
      Patrick Steinhardt committed