Mac's HFS+ folds concatentations of ".git" and ignorable Unicode
characters [1] to ".git" [2]. Hence we need to disallow all names which
could potentially be a shortname for ".git". Example: in an empty
directory create a folder ".g\U+200Cit". Now you can't create another
folder ".git".
The following characters are ignorable Unicode which are ignored on
HFS+:
unicode hex name
-------------------------------------------------
U+200C 0xe2808c ZERO WIDTH NON-JOINER
U+200D 0xe2808d ZERO WIDTH JOINER
U+200E 0xe2808e LEFT-TO-RIGHT MARK
U+200F 0xe2808f RIGHT-TO-LEFT MARK
U+202A 0xe280aa LEFT-TO-RIGHT EMBEDDING
U+202B 0xe280ab RIGHT-TO-LEFT EMBEDDING
U+202C 0xe280ac POP DIRECTIONAL FORMATTING
U+202D 0xe280ad LEFT-TO-RIGHT OVERRIDE
U+202E 0xe280ae RIGHT-TO-LEFT OVERRIDE
U+206A 0xe281aa INHIBIT SYMMETRIC SWAPPING
U+206B 0xe281ab ACTIVATE SYMMETRIC SWAPPING
U+206C 0xe281ac INHIBIT ARABIC FORM SHAPING
U+206D 0xe281ad ACTIVATE ARABIC FORM SHAPING
U+206E 0xe281ae NATIONAL DIGIT SHAPES
U+206F 0xe281af NOMINAL DIGIT SHAPES
U+FEFF 0xefbbbf ZERO WIDTH NO-BREAK SPACE
[1] http://www.unicode.org/versions/Unicode7.0.0/ch05.pdf#G40025http://www.unicode.org/reports/tr31/#Layout_and_Format_Control_Characters
[2] http://dubeiko.com/development/FileSystems/HFSPLUS/tn1150.html#UnicodeSubtleties
Change-Id: Ib6a1dd090b2649bdd8ec16387c994ed29de2860d
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Windows creates shortnames for all non-8.3 files (see [1]). Hence we
need to disallow all names which could potentially be a shortname for
".git". Example: in an empty directory create a folder "GIT~1". Now you
can't create another folder ".git".
The path "GIT~1" may map to ".git" on Windows. A potential victim to
such an attack first has to initialize a git repository in order to
receive any git commits. Hence the .git folder created by init will get
the shortname "GIT~1". ".git" will only get a different shortname if the
user has created a file "GIT~1" before initialization of the git
repository.
[1] http://en.wikipedia.org/wiki/8.3_filename
Change-Id: I9978ab8f2d2951c46c1b9bbde57986d64d26b9b2
Signed-off-by: Christian Halstrick <christian.halstrick@sap.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Windows treats "foo." and "foo " as "foo". The ".git" directory is
special, as it contains metadata for a local Git repository. Disallow
variations that Windows considers to be the same.
Change-Id: I28eb48859a95a89111b4987c91de97557e3bb539
The component name ".GIT" inside a tree entry could confuse a
case insensitive filesystem into looking at a submodule and
not a directory entry.
Disallow any case permutations of ".git" to prevent this
confusion from entering a repository and showing up at a
later date on a case insensitive system.
Change-Id: Iaa3f768931d0d5764bf07ac5f6f3ff2b1fdda01b
If the DirCache contains a path that is known to be invalid, refuse to
read the DirCache into memory. This avoids confusing errors later if
an invalid path read from the DirCache were to be passed into a new
DirCacheEntry constructor.
Change-Id: Ic033d81e23a5fbd554cc4dff80a232504562ffa8
isValidPath is an older simple form of the validation performed by
checkValidPath. Use the latter as it more consistently matches
git-core's validation rules.
By running the same validation as fsck, callers creating an entry
for the DirCache are more likely to learn early they are trying
to build trees that will fail fsck.
Change-Id: Ibf5ac116097156aa05c18e231bc65c0854932eb1
Windows does not like naming files "a.". The trailing "." may be
dropped by the filesystem, which is confusing. Even though these
tests currently do not write to disk, future tests like them might.
Replace "." with "-", which has the same sorting properties that
were desirable about ".", but does not have the same limitations.
Change-Id: Ie5b7594bf5e79828d1341883c73ddb70123d5055
Explicitly pass STAGE_0 when creating a DirCacheEntry from String.
This matches the immediate next constructor that accepts the int
stage argument better, making the code easier to read.
Fix a weird line break where the comma was orphaned by itself.
Change-Id: Icf0970dd02a63877f9e41b51b982b0265e8b8887
By routing writes through SafeBufferedOutputStream the caller can be
alerted to any flush at close failures while writing or appending to
the rebase todo script.
Switch the character encoding to be done at the line granularity, as
this is sufficiently long enough that encoding overheads will not be a
bottleneck, but short enough that the amount of temporary data will
not cause memory problems for the JVM.
Change-Id: Ice5ec10a7cbadc58486d481b92940056f9ffc43a
Encourage callers to explicitly name a directory to hold any
overflow data. Call sites have more information about what is
going into the buffer and how it should be protected at the
filesystem level than just throwing content to the system wide
temporary directory.
Callers that still really don't care (or need to care) can pass
null for the File argument to have the system directory used.
Change-Id: I89009bbee49d3850d42cd82c2c462e51043acda0
File contents are processed into a single byte[] for character
conversion. The data must fit entirely in memory, so avoid any
file IO.
Change-Id: I3fe8be2e5f37d5ae953596dda1ed3fe6d4f6aebc
This applies the same filesystem permissions as the source objects.
Users may override in properties files using the tmpdir value.
Change-Id: I3ec332cf41f12eae246cfaee9fd792c52cb2908b
Increase the in-memory buffer for the TREE extension to 5 MiB, and
overflow to $GIT_DIR instead of /tmp. Using a larger buffer reduces
the chances a repository will overflow and need to spool the extension
to disk. Using $GIT_DIR allows the TREE extension contents to have
the same file system protections as the final $GIT_DIR/index.
Wrap the entire thing in a try/finally to ensure the temp file is
deleted from disk after the block has finished using it. To avoid
dangling NFS files, LocalFile.destroy() does close the local file
before deleting it.
Change-Id: I8f871181a4689e3ebf0cdd4fd1769333cf7546c3
Connecting to an SshSession may fail due to different reasons. Jsch for
example often throws an com.jcraft.jsch.JschException: verify: false.[1]
The issue is still not fixed in JSch 0.1.51.
In such a case it is worth retrying to connect. The number of connection
attempts can be configured using ssh_config parameter
"ConnectionAttempts" [2].
Don't retry if the user canceled authentication.
[1] http://sourceforge.net/p/jsch/bugs/58/
[2] http://linux.die.net/man/5/ssh_config
Bug: 437656
Change-Id: I6dd2a3786b7d3f15f5a46821d8edac987a57e381
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Originally, blame's walk to find a scapegoat to blame for a file
walking backward from a commit used the test
treeWalk.getFileMode(0).getObjectType() != OBJ_BLOB
to throw out gitlink (submodule) entries. Later, 52500d3264 (blame:
Micro optimize blob lookup in tree, 2014-04-17) changed that test to
(treeWalk.getRawMode(0) & TYPE_FILE) != TYPE_FILE
These checks are not the same, though: the older test accepts files
and symlinks, while the newer one accepts files, symlinks, and gitlink
(submodule) entries. This is particularly broken in the submodule
case --- trying to parse the referred-to commit as a blob produces
caught an exception: GET /gerrit/+blame/master/plugins/reviewnotes HTTP/1.1
org.eclipse.jgit.errors.MissingObjectException: Missing blob 61702414c046dd6b811c9137b765f9db422f83db
Stick to just (possibly executable) files instead. Symlinks are not
line-oriented data so blame on a symlink is not likely to be useful.
A quick grep for '& TYPE_' doesn't find any other instances of this
bug.
Change-Id: Iebcc91f1bee3c91adda51dccd6372e8302bf23fe
Signed-off-by: Jonathan Nieder <jrn@google.com>
0b5441a8 introduced an enum for authentication types and changed the
case of digest and basic authentication type names to all uppercase.
This broke digest authentication at least when using Gerrit as the git
server.
According to RFC2617 [1] "Basic" and "Digest" is the literal to be used
in authentication headers and not "BASIC" [1] and "DIGEST" [2].
According to RFC4559 "Negotiate" [3] is used for SPNEGO based
authentication.
[1] http://tools.ietf.org/html/rfc2617#page-5
[2] http://tools.ietf.org/html/rfc2617#page-8
[3] http://tools.ietf.org/html/rfc4559#page-3
Bug: 435866
Change-Id: I6173aff9352d7def225cafe2d73e5176ad40dff0
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Unstashed changes are saved in a commit which is added as an additional
parent to the stash commit.
This behaviour is fully compatible with C Git stashing of untracked
files.
Bug: 434411
Change-Id: I2af784deb0c2320bb57bc4fd472a8daad8674e7d
Signed-off-by: Andreas Hermann <a.v.hermann@gmail.com>
If a client passes a multiline message as argument to ReflogWriter.log()
the Reflog gets corrupted and cannot be parsed. ReflogWriter.log() is
invoked implicitly from various commands such as StashCreate, Rebase and
many more. However the message is not always filtered for line feeds.
Such an example is the StashCreateOperation of EGit which passes
unchecked user input as commit message. If a multiline comment is pasted
to the stash create dialog, the reflog gets corrupted.
ReflogWriter now replaces line endings in log message with spaces.
Bug: 435509
Change-Id: I3010cc902e13bee4d7b6696dfd11ab51062739d3
Signed-off-by: Andreas Hermann <a.v.hermann@gmail.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
The aim of this change is to place all commits of a branch on the same
lane and commits of other (side) branches on different lanes.
The algorithm treats first parents of a commit specially by placing them
on the same lane as the commit itself. When a commit is the first parent
of multiple children it could be placed on any of these children's
lanes. In this case it is placed on the longest child lane, as this is
usually the lane of the branch the commit actually was made on.
Other (non-first) parents are placed on new lanes. This creates a layout
that should make it easier to see branches and merges and follow linear
branch histories.
This differs from the previous approach, which sometimes plotted the
commits of a side branch on the same lane as the base branch commits and
further commits on the base branch appeared on a different lane.
This made the base branch appear as if it was the side branch and
the side branch appears to be the base branch.
In addition to lane assignment, also the plotting code changed to start
drawing a branch lane from the commit where it forks out. Previously it
started only when the first commit on the branch appeared.
Active lanes are continued with every commit that is processed.
Previously lanes were only continued when the next commit on the lane
was encountered. This could produce (temporarily) dangling commits if
the next commit on the lane was not processed yet.
CQ: 8299
Bug: 419359
Bug: 434945
Change-Id: Ibe547aa24b5948ae264f7d0f56a492a4ef335608
Signed-off-by: Konrad Kügler <swamblumat-eclipsebugs@yahoo.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Child commits always have a lane assigned when their parents are
processed, so this code is no longer necessary.
Children only assign themselves to parents in
PlotCommitList.setupChildren(), which is called from enter(), when the
child is processed. If the child leaves enter() it should always have a
lane assigned. As a result of this, when processing a parent, all its
known children already have lanes assigned. If the underlying RevWalk
emits a parent before one of its children (which it should not do), the
parent does not know of the child emitted later, because setupChildren()
has not been called for the child yet. So even in this case, no child
without a lane is encountered when processing a (parent) commit.
Change-Id: I982adc5c114370ecfd699d96221a76463de900ca
Signed-off-by: Konrad Kügler <swamblumat-eclipsebugs@yahoo.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This also properly removes the newly determinded lane position from the
freePositions set in handleBlockedLanes(). closeLane() does only recycle
active lanes, to avoid recycling lanes twice.
Change-Id: Icd019fcf7974441ed05686bb61d6de4e8bf4ab7c
Signed-off-by: Konrad Kügler <swamblumat-eclipsebugs@yahoo.de>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Adds support for Negotiate(SPNEGO) HTTP authentication method. This method
is set to have a higher priority as Digest HTTP authentication method.
Bug: 428836
Change-Id: Ib181096d39f538df1dd7d3f36516843777bf12ae
Signed-off-by: Laurent Goujon <lgoujon@twitter.com>
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
Refactors HttpAuthMethod to support more authentication methods,
still sorted by priority orders.
Bug: 428836
Change-Id: I049c1742e7afbc51f3f6033fa4d471b344813cfa
Signed-off-by: Laurent Goujon <lgoujon@twitter.com>
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
Sun HttpURLConnection is able to handle authentication like SPNEGO without
caller intervention. However, there are some restrictions:
- do not need user direct input (user,password for example)
- it doesn't work when request body is chunked/streamed (because it cannot be
replayed)
Unfortunately there is no real way to leverage HttpURLConnection authentication
work as the authentication header is stripped off the request before returning
to the caller. There's also no way to explicitly disable authentication in
HttpURLConnection (SPNEGO auth will always be attempted if a valid token can be
created by GSSAPI).
This is an issue for jgit since it is expected that the first request will be
used to detect authentication method, and reuse for the subsequent requests.
This patch modifies TransportHTTP to detect authentication done in the background
by HttpURLConnection and sets the jgit authentication method accordingly so it will
always work for future requests (assuming that the authentication method used by
HttpURLConnection is also supported by jgit).
Bug: 428836
Change-Id: I79f3b70ca2b8377e20da8e6a01914e43e96595ce
Signed-off-by: Laurent Goujon <lgoujon@twitter.com>
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
Adds a factory class for GSSManager. GSSManager is already a factory class but
it doesn't work well with SPNEGO HTTP authentication unless the
javax.security.auth.useSubjectCredsOnly system property is set to false.
On Sun JDK, Sun GSSManagerImpl can be configured directly for SPNEGO auth
(without setting any system property). For a better experience, the class
availability is detected by reflection and used instead.
Detection is only done once, and fallbacks to org.ietf.jgss.GSSManager.
Bug: 428836
Change-Id: Idb9123d1f4013966919db43043ec959d4b133ae2
Signed-off-by: Laurent Goujon <lgoujon@twitter.com>
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
This partially reverts 6de12836d7.
Performing a TreeWalk over 2 trees to identify and skip unmodified
subtrees to pass all blame onto an ancestor appears to be a micro
optimization that works for a very limited number of files. In the
general case the 2 tree walk is slowing down blame more than it helps
to speed it up.
I keep coming up with files in multiple repositories where 6de128 is
making things worse, not better, and only one example where it
actually improved performance, render_view_impl.cc in chromium
as described in the commit message.
Change-Id: Ic6d5fff22acb5ab6485614a07bdb388e8c336679
By specifying a mainline parent, a merge is cherry picked as if this
parent was its only parent. If no mainline parent is given, cherry
picking merges is not allowed, as before.
Change-Id: I391cb73bf8f49e2df61428c17b40fae8c86a8b76
Signed-off-by: Konrad Kügler <swamblumat-eclipsebugs@yahoo.de>
Adds further tests where the working tree is dirty (differs from
index) and where we have staged but uncommitted changes.
Fixed the test case 9 for file/directory conflicts.
Bug: 428819
Change-Id: Ie44a288b052abe936ebb74272d0fefef3b218a7a
Signed-off-by: Axel Richard <axel.richard@obeo.fr>
Signed-off-by: Robin Rosenberg <robin.rosenberg@dewire.com>
Signed-off-by: Christian Halstrick <christian.halstrick@sap.com>
C git tries to read this file from the rebase state directory and
complains about it not being there for rebases started by JGit. An empty
'quiet' file represents the (verbose) default.
Change-Id: I1844ccbf8d35442d7a8918b57b67eb9b9efd6352
Signed-off-by: Konrad Kügler <swamblumat-eclipsebugs@yahoo.de>