| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
dotgit: fix a filesystem race in Refs/walkReferencesTree
|
| | |
| |
| |
| | |
Signed-off-by: Javi Fontan <jfontan@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Checks that reading references it correctly skips deleted directories
and files.
Signed-off-by: Javi Fontan <jfontan@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In walkReferencesTree(), the filesystem is browsed recursively. After a folder
is listed, each child element (directory, file) are inspected.
What can happen is that by the time we get to operate on the child element, it
might have been deleted from the filesystem and we would get a PathError.
In the case of directories there was already a case to avoid bubbling up the error
(we consider that there is no ref there, which is correct), but that was missing
for files. This commit just apply the same logic.
|
| |\ \
| | |
| | | |
fix(ssh): unable to pass a custom HostKeyCallback func
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Don't overwrite HostKeyCallback if one is provided.
Fixes: c35b8082c863 ("plumbing: transport/ssh, auto-populate ClientConfig.HostKeyAlgorithms. Fixes #411")
Fixes: https://github.com/go-git/go-git/issues/654
Signed-off-by: Ayman Bagabas <ayman.bagabas@gmail.com>
|
| |\ \
| | |
| | | |
ci: Bump GitHub actions, enable go test race detection and stop using developer's GPG keys during test execution
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
After the fix of data races in go-billy (go-git/go-billy/pull/28)
race detection can be enabled in go-git to ensure no new issues
go undetected.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Removes the error messages:
Node.js 12 actions are deprecated.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The TestPullAdd test uses git CLI to perform a commit.
Contributors with signing enabled globally would have their GPG
configuration being used to sign that test commit.
This behaviour was transparent for contributors that do not use
secure keys which requires physical confirmation.
The new behaviour disables GPG signing for that test, which was
not required as part of the test.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |\ \
| | |
| | | |
*: Fix panic for empty revisions. Fixes #674
|
| |/ /
| |
| |
| | |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |\ \
| | |
| | | |
Bump dependencies
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
- github.com/ProtonMail/go-crypto to version 0.0.0-20230217124315-7d5c6f04bbb8.
- github.com/acomagu/bufpipe to version 1.0.4.
- github.com/go-git/go-billy/v5 to version 5.4.1.
- golang.org/x/crypto to version 0.6.0.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |\ \
| | |
| | | |
fix: don't use the `firstErrLine` when it is empty
|
| | | |
| | |
| | |
| | |
| | | |
Returning `nil` causes `handleAdvRefDecodeError` to fall back
to `io.ErrUnexpectedEOF`.
|
| |\ \ \
| | | |
| | | | |
build(deps): bump golang.org/x/net from 0.2.0 to 0.7.0
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0)
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |\ \ \
| | | |
| | | | |
_examples: README.md , Remove broken Config link.
|
| | |/ /
| | |
| | |
| | | |
This link is broken and doesn't appear to map to anything current.
I propose We remove this link.
|
| |\ \ \
| | | |
| | | | |
plumbing: support SSH/X509 signed tags
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit enables support for extracting the SSH and X509 signatures
from (annotated) Git tags, as an initial step to support the
verification of more signatures than just PGP in go-git.
The ported logic from Git further ensures that we look for a signature
at the tail of an annotation, instead of the first signature we find
in the annotation, as this could theoretically result in a faulty
signature getting detected if part of a an annotation itself (e.g.
by being placed in the middle as part of an inherited message).
For commits, no further change is required as the current extraction
of any signature (format) from `gpgsig` in the commit header is
sufficient for manual verification.
In a future iteration, we could add `signature/ssh` and `signature/x509`
packages to further enable people to deal with verifying other
signatures than PGP. As well as adding additional methods to `Commit`
and `Tag` to provide glue between the packages and the most prominent
user-facing APIs.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
|
| |\ \ \
| |/ /
|/| | |
Remove need to build with CGO
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up from #618, at the time the Pure Go sha1cd implementation
was not performant enough to be the default. This has now changed
and the cgo and generic implementations yields similar results.
Users are able to override the default implementation, however this
seems to be a better default as it does not require the use of CGO
during build time.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
When we delete dir1/dir2/file1, we currently check if dir2 becomes
empty with the deletion of file1, and if so, we delete dir2. If
dir1 becomes empty with the deletion of dir2, we don't notice that,
and dir1 is left behind.
This commit adds a loop to check each parent directory in the file
path for emptiness, removing empty directories along the way until
a non-empty directory is found (or an error occurs).
|
| | |
|
| |\
| |
| | |
go.mod: update go-billy v5.4.0, removes races
|
| |/ |
|
| | |
|
| |\
| |
| | |
plumbing: transport/ssh: fix panic on Windows 10 with paegent as ssh-agent
|
| | | |
|
| |\ \
| | |
| | | |
Fix error when building with `CGO_ENABLED=0`
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes regression in which applications that depend on
go-git could no longer build with CGO_ENABLED=0
or when vendoring dependencies.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Some applications that depend on go-git may not need
to build using CGO. The new test ensures no new
regressions going forwards.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |\ \
| |/
|/| |
Return error instead of creating empty commits
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BuildTree now returns an ErrEmptyCommit error, when there are no
changes to be committed. This can be opted-out via
CommitOptions.AllowEmptyCommits.
This is a breaking change which enables applications to detect when
empty commits are to be created.
Some instances in which this can occur is when the fs (e.g. `billy/osfs`)
make changes to the underlying files, causing a conflict between what
the previous Git worktree state was, and the current state. Changes to
the fs implementations are orthogonal to this, and will be dealt with
separately.
The new behaviour aligns with the Git CLI, in which empty commits
returns the error message: 'nothing to commit, working tree clean'.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |\
| |
| | |
Update dependencies to remove supply chain CVEs
|
| | |
| |
| |
| | |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mitigates known supply chain CVEs:
golang.org/x/crypto:
- GO-2021-0356
- GO-2022-0968
golang.org/x/net:
- GO-2021-0238
- GO-2022-0236
- GO-2022-0288
- GO-2022-0969
golang.org/x/sys:
- GO-2022-0493
golang.org/x/text:
- GO-2021-0113
- GO-2022-1059
Updates other dependencies that have no backwards compatibility
issues.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| | |
|
| |\
| |
| | |
.github: update go version
|
| |/ |
|
| |\
| |
| | |
sha1: Add collision resistent implementation
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the same SHA1 collision resistent algorithm used by both the
Git CLI and libgit2.
Only commits with input that match the unavoidable bit conditions will be further
processed, which will result in different hashes.
Which is the same behaviour experienced in the Git CLI and Libgit2.
Users can override the hash algorithm used with:
hash.RegisterHash(crypto.SHA1, sha1.New)
xref links:
https://github.com/libgit2/libgit2/pull/4136/commits/2dfd1294f7a694bfa9e864a9489ae3cb318a5ed0
https://github.com/git/git/commit/28dc98e343ca4eb370a29ceec4c19beac9b5c01e
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |\
| |
| | |
plumbing: object, rename calculation uses too much memory
|
| | |
| |
| |
| |
| |
| |
| | |
The size of the similarity matrix is not limited and can be quite big
when lots of files are deleted and added in a commit.
Signed-off-by: Javi Fontan <jfontan@gmail.com>
|
| |\ \
| | |
| | | |
plumbing: config, Branch name with hash can be cloned. Fixes #309
|
| | | | |
|
