<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/builtin/send-pack.c, branch v2.3.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.3.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.3.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2014-10-08T20:05:25Z</updated>
<entry>
<title>Merge branch 'jc/push-cert'</title>
<updated>2014-10-08T20:05:25Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2014-10-08T20:05:15Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=fb06b5280ea05d75515fa780cf08d4ec9d6fe101'/>
<id>urn:sha1:fb06b5280ea05d75515fa780cf08d4ec9d6fe101</id>
<content type='text'>
Allow "git push" request to be signed, so that it can be verified and
audited, using the GPG signature of the person who pushed, that the
tips of branches at a public repository really point the commits
the pusher wanted to, without having to "trust" the server.

* jc/push-cert: (24 commits)
  receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
  signed push: allow stale nonce in stateless mode
  signed push: teach smart-HTTP to pass "git push --signed" around
  signed push: fortify against replay attacks
  signed push: add "pushee" header to push certificate
  signed push: remove duplicated protocol info
  send-pack: send feature request on push-cert packet
  receive-pack: GPG-validate push certificates
  push: the beginning of "git push --signed"
  pack-protocol doc: typofix for PKT-LINE
  gpg-interface: move parse_signature() to where it should be
  gpg-interface: move parse_gpg_output() to where it should be
  send-pack: clarify that cmds_sent is a boolean
  send-pack: refactor inspecting and resetting status and sending commands
  send-pack: rename "new_refs" to "need_pack_data"
  receive-pack: factor out capability string generation
  send-pack: factor out capability string generation
  send-pack: always send capabilities
  send-pack: refactor decision to send update per ref
  send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
  ...
</content>
</entry>
<entry>
<title>signed push: teach smart-HTTP to pass "git push --signed" around</title>
<updated>2014-09-17T21:58:04Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2014-09-15T21:59:00Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=0ea47f9d3307bdb1cd9364acd3e4a463b244bba2'/>
<id>urn:sha1:0ea47f9d3307bdb1cd9364acd3e4a463b244bba2</id>
<content type='text'>
The "--signed" option received by "git push" is first passed to the
transport layer, which the native transport directly uses to notice
that a push certificate needs to be sent.  When the transport-helper
is involved, however, the option needs to be told to the helper with
set_helper_option(), and the helper needs to take necessary action.
For the smart-HTTP helper, the "necessary action" involves spawning
the "git send-pack" subprocess with the "--signed" option.

Once the above all gets wired in, the smart-HTTP transport now can
use the push certificate mechanism to authenticate its pushes.

Add a test that is modeled after tests for the native transport in
t5534-push-signed.sh to t5541-http-push-smart.sh.  Update the test
Apache configuration to pass GNUPGHOME environment variable through.
As PassEnv would trigger warnings for an environment variable that
is not set, export it from test-lib.sh set to a harmless value when
GnuPG is not being used in the tests.

Note that the added test is deliberately loose and does not check
the nonce in this step.  This is because the stateless RPC mode is
inevitably flaky and a nonce that comes back in the actual push
processing is one issued by a different process; if the two
interactions with the server crossed a second boundary, the nonces
will not match and such a check will fail.  A later patch in the
series will work around this shortcoming.

Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>send-pack: take refspecs over stdin</title>
<updated>2014-08-26T19:58:02Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2014-08-21T12:21:20Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=26be19ba8d8d2e7e3e288b395e7156d5b7af5140'/>
<id>urn:sha1:26be19ba8d8d2e7e3e288b395e7156d5b7af5140</id>
<content type='text'>
Pushing a large number of refs works over most transports,
because we implement send-pack as an internal function.
However, it can sometimes fail when pushing over http,
because we have to spawn "git send-pack --stateless-rpc" to
do the heavy lifting, and we pass each refspec on the
command line. This can cause us to overflow the OS limits on
the size of the command line for a large push.

We can solve this by giving send-pack a --stdin option and
using it from remote-curl.  We already dealt with this on
the fetch-pack side in 078b895 (fetch-pack: new --stdin
option to read refs from stdin, 2012-04-02). The stdin
option (and in particular, its use of packet-lines for
stateless-rpc input) is modeled after that solution.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'nd/shallow-clone'</title>
<updated>2014-01-17T20:21:20Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2014-01-17T20:21:14Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=92251b1b5b5e53ac9de890105e2a2bd9d15e2ecb'/>
<id>urn:sha1:92251b1b5b5e53ac9de890105e2a2bd9d15e2ecb</id>
<content type='text'>
Fetching from a shallow-cloned repository used to be forbidden,
primarily because the codepaths involved were not carefully vetted
and we did not bother supporting such usage. This attempts to allow
object transfer out of a shallow-cloned repository in a controlled
way (i.e. the receiver become a shallow repository with truncated
history).

* nd/shallow-clone: (31 commits)
  t5537: fix incorrect expectation in test case 10
  shallow: remove unused code
  send-pack.c: mark a file-local function static
  git-clone.txt: remove shallow clone limitations
  prune: clean .git/shallow after pruning objects
  clone: use git protocol for cloning shallow repo locally
  send-pack: support pushing from a shallow clone via http
  receive-pack: support pushing to a shallow clone via http
  smart-http: support shallow fetch/clone
  remote-curl: pass ref SHA-1 to fetch-pack as well
  send-pack: support pushing to a shallow clone
  receive-pack: allow pushes that update .git/shallow
  connected.c: add new variant that runs with --shallow-file
  add GIT_SHALLOW_FILE to propagate --shallow-file to subprocesses
  receive/send-pack: support pushing from a shallow clone
  receive-pack: reorder some code in unpack()
  fetch: add --update-shallow to accept refs that update .git/shallow
  upload-pack: make sure deepening preserves shallow roots
  fetch: support fetching from a shallow repository
  clone: support remote shallow repository
  ...
</content>
</entry>
<entry>
<title>send-pack: support pushing from a shallow clone via http</title>
<updated>2013-12-11T00:14:18Z</updated>
<author>
<name>Nguyễn Thái Ngọc Duy</name>
<email>pclouds@gmail.com</email>
</author>
<published>2013-12-05T13:02:52Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=f2c681cf12c54ce3859b36693f8a13c36126577b'/>
<id>urn:sha1:f2c681cf12c54ce3859b36693f8a13c36126577b</id>
<content type='text'>
Signed-off-by: Nguyễn Thái Ngọc Duy &lt;pclouds@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>send-pack: support pushing to a shallow clone</title>
<updated>2013-12-11T00:14:18Z</updated>
<author>
<name>Nguyễn Thái Ngọc Duy</name>
<email>pclouds@gmail.com</email>
</author>
<published>2013-12-05T13:02:48Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=b016918b2f283513758957b06a14eb2f5c2a9619'/>
<id>urn:sha1:b016918b2f283513758957b06a14eb2f5c2a9619</id>
<content type='text'>
Signed-off-by: Nguyễn Thái Ngọc Duy &lt;pclouds@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>receive/send-pack: support pushing from a shallow clone</title>
<updated>2013-12-11T00:14:17Z</updated>
<author>
<name>Nguyễn Thái Ngọc Duy</name>
<email>pclouds@gmail.com</email>
</author>
<published>2013-12-05T13:02:44Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=5dbd767601812209273ae007a97b7c9305dc6cfd'/>
<id>urn:sha1:5dbd767601812209273ae007a97b7c9305dc6cfd</id>
<content type='text'>
Signed-off-by: Nguyễn Thái Ngọc Duy &lt;pclouds@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>connect.c: teach get_remote_heads to parse "shallow" lines</title>
<updated>2013-12-11T00:14:16Z</updated>
<author>
<name>Nguyễn Thái Ngọc Duy</name>
<email>pclouds@gmail.com</email>
</author>
<published>2013-12-05T13:02:33Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=b06dcd7d6829c86afda6b311cadf009ee4b4dd59'/>
<id>urn:sha1:b06dcd7d6829c86afda6b311cadf009ee4b4dd59</id>
<content type='text'>
No callers pass a non-empty pointer as shallow_points at this
stage. As a result, all clients still refuse to talk to shallow
repository on the other end.

Signed-off-by: Nguyễn Thái Ngọc Duy &lt;pclouds@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>send-pack: forbid pushing from a shallow repository</title>
<updated>2013-12-11T00:14:16Z</updated>
<author>
<name>Nguyễn Thái Ngọc Duy</name>
<email>pclouds@gmail.com</email>
</author>
<published>2013-12-05T13:02:30Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=0b854bcc2a3b34c09835393234cd807fde08722f'/>
<id>urn:sha1:0b854bcc2a3b34c09835393234cd807fde08722f</id>
<content type='text'>
send-pack can send a pack with loose ends to the server.  receive-pack
before 6d4bb38 (fetch: verify we have everything we need before
updating our ref - 2011-09-01) does not detect this and keeps the pack
anyway, which corrupts the repository, at least from fsck point of
view.

send-pack will learn to safely push from a shallow repository later.

Signed-off-by: Nguyễn Thái Ngọc Duy &lt;pclouds@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>remote.h: replace struct extra_have_objects with struct sha1_array</title>
<updated>2013-12-11T00:14:15Z</updated>
<author>
<name>Nguyễn Thái Ngọc Duy</name>
<email>pclouds@gmail.com</email>
</author>
<published>2013-12-05T13:02:29Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=13eb4626c43b3116bb431671d593565eadc36852'/>
<id>urn:sha1:13eb4626c43b3116bb431671d593565eadc36852</id>
<content type='text'>
The latter can do everything the former can and is used in many more
places.

Signed-off-by: Nguyễn Thái Ngọc Duy &lt;pclouds@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
