| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
*: Fix panic for empty revisions. Fixes #674
|
|/
|
|
| |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\
| |
| | |
Bump dependencies
|
| |
| |
| |
| | |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|/
|
|
|
|
|
|
|
| |
- github.com/ProtonMail/go-crypto to version 0.0.0-20230217124315-7d5c6f04bbb8.
- github.com/acomagu/bufpipe to version 1.0.4.
- github.com/go-git/go-billy/v5 to version 5.4.1.
- golang.org/x/crypto to version 0.6.0.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\
| |
| | |
fix: don't use the `firstErrLine` when it is empty
|
| |
| |
| |
| |
| | |
Returning `nil` causes `handleAdvRefDecodeError` to fall back
to `io.ErrUnexpectedEOF`.
|
|\ \
| | |
| | | |
build(deps): bump golang.org/x/net from 0.2.0 to 0.7.0
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0)
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \
| | |
| | | |
_examples: README.md , Remove broken Config link.
|
| |/
| |
| |
| | |
This link is broken and doesn't appear to map to anything current.
I propose We remove this link.
|
|\ \
| | |
| | | |
plumbing: support SSH/X509 signed tags
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit enables support for extracting the SSH and X509 signatures
from (annotated) Git tags, as an initial step to support the
verification of more signatures than just PGP in go-git.
The ported logic from Git further ensures that we look for a signature
at the tail of an annotation, instead of the first signature we find
in the annotation, as this could theoretically result in a faulty
signature getting detected if part of a an annotation itself (e.g.
by being placed in the middle as part of an inherited message).
For commits, no further change is required as the current extraction
of any signature (format) from `gpgsig` in the commit header is
sufficient for manual verification.
In a future iteration, we could add `signature/ssh` and `signature/x509`
packages to further enable people to deal with verifying other
signatures than PGP. As well as adding additional methods to `Commit`
and `Tag` to provide glue between the packages and the most prominent
user-facing APIs.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
|
|\ \
| |/
|/| |
Remove need to build with CGO
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Follow-up from #618, at the time the Pure Go sha1cd implementation
was not performant enough to be the default. This has now changed
and the cgo and generic implementations yields similar results.
Users are able to override the default implementation, however this
seems to be a better default as it does not require the use of CGO
during build time.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When we delete dir1/dir2/file1, we currently check if dir2 becomes
empty with the deletion of file1, and if so, we delete dir2. If
dir1 becomes empty with the deletion of dir2, we don't notice that,
and dir1 is left behind.
This commit adds a loop to check each parent directory in the file
path for emptiness, removing empty directories along the way until
a non-empty directory is found (or an error occurs).
|
| |
|
|\
| |
| | |
go.mod: update go-billy v5.4.0, removes races
|
|/ |
|
| |
|
|\
| |
| | |
plumbing: transport/ssh: fix panic on Windows 10 with paegent as ssh-agent
|
| | |
|
|\ \
| | |
| | | |
Fix error when building with `CGO_ENABLED=0`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes regression in which applications that depend on
go-git could no longer build with CGO_ENABLED=0
or when vendoring dependencies.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Some applications that depend on go-git may not need
to build using CGO. The new test ensures no new
regressions going forwards.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\ \
| |/
|/| |
Return error instead of creating empty commits
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BuildTree now returns an ErrEmptyCommit error, when there are no
changes to be committed. This can be opted-out via
CommitOptions.AllowEmptyCommits.
This is a breaking change which enables applications to detect when
empty commits are to be created.
Some instances in which this can occur is when the fs (e.g. `billy/osfs`)
make changes to the underlying files, causing a conflict between what
the previous Git worktree state was, and the current state. Changes to
the fs implementations are orthogonal to this, and will be dealt with
separately.
The new behaviour aligns with the Git CLI, in which empty commits
returns the error message: 'nothing to commit, working tree clean'.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\
| |
| | |
Update dependencies to remove supply chain CVEs
|
| |
| |
| |
| | |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mitigates known supply chain CVEs:
golang.org/x/crypto:
- GO-2021-0356
- GO-2022-0968
golang.org/x/net:
- GO-2021-0238
- GO-2022-0236
- GO-2022-0288
- GO-2022-0969
golang.org/x/sys:
- GO-2022-0493
golang.org/x/text:
- GO-2021-0113
- GO-2022-1059
Updates other dependencies that have no backwards compatibility
issues.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |
|
|\
| |
| | |
.github: update go version
|
|/ |
|
|\
| |
| | |
sha1: Add collision resistent implementation
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the same SHA1 collision resistent algorithm used by both the
Git CLI and libgit2.
Only commits with input that match the unavoidable bit conditions will be further
processed, which will result in different hashes.
Which is the same behaviour experienced in the Git CLI and Libgit2.
Users can override the hash algorithm used with:
hash.RegisterHash(crypto.SHA1, sha1.New)
xref links:
https://github.com/libgit2/libgit2/pull/4136/commits/2dfd1294f7a694bfa9e864a9489ae3cb318a5ed0
https://github.com/git/git/commit/28dc98e343ca4eb370a29ceec4c19beac9b5c01e
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\
| |
| | |
plumbing: object, rename calculation uses too much memory
|
| |
| |
| |
| |
| |
| |
| | |
The size of the similarity matrix is not limited and can be quite big
when lots of files are deleted and added in a commit.
Signed-off-by: Javi Fontan <jfontan@gmail.com>
|
|\ \
| | |
| | | |
plumbing: config, Branch name with hash can be cloned. Fixes #309
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Allow unsupported `multi_ack` capability
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Azure DevOps requires capabilities multi_ack / multi_ack_detailed,
which are not fully implemented and by default are included in
transport.UnsupportedCapabilities.
The initial clone operations require a full download of the repository,
and therefore those unsupported capabilities are not as crucial, so
by removing them from that list allows for the first clone to work
successfully.
Additional fetches will yield issues, therefore to support that
repository users have to work from a clean clone until those
capabilities are fully supported. Commits and pushes back into the
repository have also been tested and work fine.
This change adds an example for cloning Azure DevOps repositories.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\ \ \
| | | |
| | | | |
Fixed some little typos
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
plumbing: gitattributes, Avoid index out of range
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a path is deeper than the single asterisk pattern the code would
crash with a "index out of range".
This change checks the length of the remaining pattern before it
references an element of that slice.
With a single trailing asterisk paths deeper than the pattern should not
get the attributes.
For example with the following `.gitattributes` file:
thirdparty/* linguist-vendored
This is how git handles it:
$ git check-attr --all thirdparty/README.md
thirdparty/README.md: diff: markdown
thirdparty/README.md: linguist-vendored: set
$ git check-attr --all thirdparty/package/README.md
thirdparty/package/README.md: diff: markdown
|
|\ \ \ \
| | | | |
| | | | | |
Optimise zlib reader and consolidate sync.Pools
|