path: root/Documentation/technical
AgeCommit message (Collapse)Author
2015-05-25each_ref_fn: change to take an object_id parameterMichael Haggerty
Change typedef each_ref_fn to take a "const struct object_id *oid" parameter instead of "const unsigned char *sha1". To aid this transition, implement an adapter that can be used to wrap old-style functions matching the old typedef, which is now called "each_ref_sha1_fn"), and make such functions callable via the new interface. This requires the old function and its cb_data to be wrapped in a "struct each_ref_fn_sha1_adapter", and that object to be used as the cb_data for an adapter function, each_ref_fn_adapter(). This is an enormous diff, but most of it consists of simple, mechanical changes to the sites that call any of the "for_each_ref" family of functions. Subsequent to this change, the call sites can be rewritten one by one to use the new interface. Signed-off-by: Michael Haggerty <> Signed-off-by: brian m. carlson <> Signed-off-by: Junio C Hamano <>
2015-05-22Merge branch 'ps/doc-packfile-vs-pack-file'Junio C Hamano
Doc consistency updates. * ps/doc-packfile-vs-pack-file: doc: fix inconsistent spelling of "packfile" pack-protocol.txt: fix insconsistent spelling of "packfile" git-unpack-objects.txt: fix inconsistent spelling of "packfile" git-verify-pack.txt: fix inconsistent spelling of "packfile"
2015-05-22doc: fix inconsistent spelling of "packfile"Patrick Steinhardt
Fix remaining instances where "pack-file" is used instead of "packfile". Some places remain where we still use "pack-file", This is the case when we explicitly refer to a file with a ".pack" extension as opposed to a data source providing a pack data stream. Signed-off-by: Patrick Steinhardt <> Signed-off-by: Junio C Hamano <>
2015-05-17pack-protocol.txt: fix insconsistent spelling of "packfile"Patrick Steinhardt
Signed-off-by: Patrick Steinhardt <> Signed-off-by: Junio C Hamano <>
2015-03-28Merge branch 'jn/doc-api-errors'Junio C Hamano
* jn/doc-api-errors: api-error-handling doc: typofix
2015-03-28api-error-handling doc: typofixThomas Ackermann
Signed-off-by: Thomas Ackermann <> Signed-off-by: Junio C Hamano <>
2015-02-25Merge branch 'jk/strbuf-doc-to-header'Junio C Hamano
The strbuf API was explained between the API documentation and in the header file. Move missing bits to strbuf.h so that programmers can check only one place for all necessary information. * jk/strbuf-doc-to-header: strbuf.h: group documentation for trim functions strbuf.h: drop boilerplate descriptions of strbuf_split_* strbuf.h: reorganize api function grouping headers strbuf.h: format asciidoc code blocks as 4-space indent strbuf.h: drop asciidoc list formatting from API docs strbuf.h: unify documentation comments beginnings strbuf.h: integrate api-strbuf.txt documentation
2015-02-25Merge branch 'jn/doc-api-errors'Junio C Hamano
The error handling functions and conventions are now documented in the API manual. * jn/doc-api-errors: doc: document error handling functions and conventions
2015-02-11Merge branch 'sb/atomic-push'Junio C Hamano
"git push" has been taught a "--atomic" option that makes push to update more than one ref an "all-or-none" affair. * sb/atomic-push: Document receive.advertiseatomic add basic tests for atomic pushes push.c: add an --atomic argument send-pack.c: add --atomic command line argument send-pack: rename ref_update_to_be_sent to check_to_send_update receive-pack.c: negotiate atomic push support receive-pack.c: add execute_commands_atomic function receive-pack.c: move transaction handling in a central place receive-pack.c: move iterating over all commands outside execute_commands receive-pack.c: die instead of error in case of possible future bug receive-pack.c: shorten the execute_commands loop over all commands
2015-01-16strbuf.h: integrate api-strbuf.txt documentationJeff King
Some of strbuf is documented as comments above functions, and some is separate in Documentation/technical/api-strbuf.txt. This makes it annoying to find the appropriate documentation. We'd rather have it all in one place, which means all in the text document, or all in the header. Let's choose the header as that place. Even though the formatting is not quite as pretty, this keeps the documentation close to the related code. The hope is that this makes it easier to find what you want (human-readable comments are right next to the C declarations), and easier for writers to keep the documentation up to date. This is more or less a straight import of the text from api-strbuf.txt into C comments, complete with asciidoc formatting. The exceptions are: 1. All comments created in this way are started with "/**" to indicate they are part of the API documentation. This may help later with extracting the text to pretty-print it. 2. Function descriptions do not repeat the function name, as it is available in the context directly below. So: `strbuf_add`:: Add data of given length to the buffer. from api-strbuf.txt becomes: /** * Add data of given length to the buffer. */ void strbuf_add(struct strbuf *sb, const void *, size_t); As a result, any block-continuation required in asciidoc for that list item was dropped in favor of straight blank-line paragraph (since it is not necessary when we are not in a list item). 3. There is minor re-wording to integrate existing comments and api-strbuf text. In each case, I took whichever version was more descriptive, and eliminated any redundancies. In one case, for strbuf_addstr, the api documentation gave its inline definition; I eliminated this as redundant with the actual definition, which can be seen directly below the comment. 4. The functions in the header file are re-ordered to match the ordering of the API documentation, under the assumption that more thought went into the grouping there. Helped-by: Jonathan Nieder <> Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2015-01-08receive-pack.c: negotiate atomic push supportRonnie Sahlberg
This adds the atomic protocol option to allow receive-pack to inform the client that it has atomic push capability. This commit makes the functionality introduced in the previous commits go live for the serving side. The changes in documentation reflect the protocol capabilities of the server. Signed-off-by: Stefan Beller <> Signed-off-by: Junio C Hamano <>
2014-12-22Merge branch 'nd/split-index'Junio C Hamano
A typofix to the documentation of a feature already in the release. * nd/split-index: index-format.txt: add a missing closing quote
2014-12-22Merge branch 'jk/credential-quit'Junio C Hamano
Credential helpers are asked in turn until one of them give positive response, which is cumbersome to turn off when you need to run Git in an automated setting. The credential helper interface learned to allow a helper to say "stop, don't ask other helpers." Also GIT_TERMINAL_PROMPT environment can be set to false to disable our built-in prompt mechanism for passwords. * jk/credential-quit: prompt: respect GIT_TERMINAL_PROMPT to disable terminal prompts credential: let helpers tell us to quit
2014-12-11index-format.txt: add a missing closing quoteNguyễn Thái Ngọc Duy
Signed-off-by: Nguyễn Thái Ngọc Duy <> Signed-off-by: Junio C Hamano <>
2014-12-04doc: document error handling functions and conventionsJonathan Nieder
Signed-off-by: Jonathan Nieder <> Signed-off-by: Junio C Hamano <>
2014-12-04credential: let helpers tell us to quitJeff King
When we are trying to fill a credential, we loop over the set of defined credential-helpers, then fall back to running askpass, and then finally prompt on the terminal. Helpers which cannot find a credential are free to tell us nothing, but they cannot currently ask us to stop prompting. This patch lets them provide a "quit" attribute, which asks us to stop the process entirely (avoiding running more helpers, as well as the askpass/terminal prompt). This has a few possible uses: 1. A helper which prompts the user itself (e.g., in a dialog) can provide a "cancel" button to the user to stop further prompts. 2. Some helpers may know that prompting cannot possibly work. For example, if their role is to broker a ticket from an external auth system and that auth system cannot be contacted, there is no point in continuing (we need a ticket to authenticate, and the user cannot provide one by typing it in). Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
2014-11-25sort_string_list(): rename to string_list_sort()Michael Haggerty
The new name is more consistent with the names of other string_list-related functions. Suggested-by: Junio C Hamano <> Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-11-04Documentation: typofixesThomas Ackermann
In addition to fixing trivial and obvious typos, be careful about the following points: - Spell ASCII, URL and CRC in ALL CAPS; - Spell Linux as Capitalized; - Do not omit periods in "i.e." and "e.g.". Signed-off-by: Thomas Ackermann <> Signed-off-by: Junio C Hamano <>
2014-10-31Merge branch 'rs/child-process-init'Junio C Hamano
* rs/child-process-init: api-run-command: add missing list item marker
2014-10-28api-run-command: add missing list item markerRené Scharfe
Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-10-19run-command: add env_array, an optional argv_array for envRené Scharfe
Similar to args, add a struct argv_array member to struct child_process that simplifies specifying the environment for children. It is freed automatically by finish_command() or if start_command() encounters an error. Suggested-by: Jeff King <> Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-10-14Merge branch 'mh/lockfile-stdio'Junio C Hamano
* mh/lockfile-stdio: commit_packed_refs(): reimplement using fdopen_lock_file() dump_marks(): reimplement using fdopen_lock_file() fdopen_lock_file(): access a lockfile using stdio
2014-10-14Merge branch 'mh/lockfile'Junio C Hamano
The lockfile API and its users have been cleaned up. * mh/lockfile: (38 commits) lockfile.h: extract new header file for the functions in lockfile.c hold_locked_index(): move from lockfile.c to read-cache.c hold_lock_file_for_append(): restore errno before returning get_locked_file_path(): new function lockfile.c: rename static functions lockfile: rename LOCK_NODEREF to LOCK_NO_DEREF commit_lock_file_to(): refactor a helper out of commit_lock_file() trim_last_path_component(): replace last_path_elm() resolve_symlink(): take a strbuf parameter resolve_symlink(): use a strbuf for internal scratch space lockfile: change lock_file::filename into a strbuf commit_lock_file(): use a strbuf to manage temporary space try_merge_strategy(): use a statically-allocated lock_file object try_merge_strategy(): remove redundant lock_file allocation struct lock_file: declare some fields volatile lockfile: avoid transitory invalid states git_config_set_multivar_in_file(): avoid call to rollback_lock_file() dump_marks(): remove a redundant call to rollback_lock_file() api-lockfile: document edge cases commit_lock_file(): rollback lock file on failure to rename ...
2014-10-08Merge branch 'jc/push-cert'Junio C Hamano
Allow "git push" request to be signed, so that it can be verified and audited, using the GPG signature of the person who pushed, that the tips of branches at a public repository really point the commits the pusher wanted to, without having to "trust" the server. * jc/push-cert: (24 commits) receive-pack::hmac_sha1(): copy the entire SHA-1 hash out signed push: allow stale nonce in stateless mode signed push: teach smart-HTTP to pass "git push --signed" around signed push: fortify against replay attacks signed push: add "pushee" header to push certificate signed push: remove duplicated protocol info send-pack: send feature request on push-cert packet receive-pack: GPG-validate push certificates push: the beginning of "git push --signed" pack-protocol doc: typofix for PKT-LINE gpg-interface: move parse_signature() to where it should be gpg-interface: move parse_gpg_output() to where it should be send-pack: clarify that cmds_sent is a boolean send-pack: refactor inspecting and resetting status and sending commands send-pack: rename "new_refs" to "need_pack_data" receive-pack: factor out capability string generation send-pack: factor out capability string generation send-pack: always send capabilities send-pack: refactor decision to send update per ref send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher ...
2014-10-01fdopen_lock_file(): access a lockfile using stdioMichael Haggerty
Add a new function, fdopen_lock_file(), which returns a FILE pointer open to the lockfile. If a stream is open on a lock_file object, it is closed using fclose() on commit, rollback, or close_lock_file(). This change will allow callers to use stdio to write to a lockfile without having to muck around in the internal representation of the lock_file object (callers will be rewritten in upcoming commits). Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-10-01get_locked_file_path(): new functionMichael Haggerty
Add a function to return the path of the file that is locked by a lock_file object. This reduces the knowledge that callers have to have about the lock_file layout. Suggested-by: Ronnie Sahlberg <> Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-10-01lockfile: rename LOCK_NODEREF to LOCK_NO_DEREFMichael Haggerty
This makes it harder to misread the name as LOCK_NODE_REF. Suggested-by: Torsten Bögershausen <> Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-10-01commit_lock_file_to(): refactor a helper out of commit_lock_file()Michael Haggerty
commit_locked_index(), when writing to an alternate index file, duplicates (poorly) the code in commit_lock_file(). And anyway, it shouldn't have to know so much about the internal workings of lockfile objects. So extract a new function commit_lock_file_to() that does the work common to the two functions, and call it from both commit_lock_file() and commit_locked_index(). Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-10-01api-lockfile: document edge casesMichael Haggerty
* Document the behavior of commit_lock_file() when it fails, namely that it rolls back the lock_file object and sets errno appropriately. * Document the behavior of rollback_lock_file() when called for a lock_file object that has already been committed or rolled back, namely that it is a NOOP. Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-10-01close_lock_file(): if close fails, roll backMichael Haggerty
If closing an open lockfile fails, then we cannot be sure of the contents of the lockfile, so there is nothing sensible to do but delete it. This change also insures that the lock_file object is left in a defined state in this error path (namely, unlocked). The only caller that is ultimately affected by this change is try_merge_strategy() -> write_locked_index(), which can call close_lock_file() via various execution paths. This caller uses a static lock_file object which previously could have been reused after a failed close_lock_file() even though it was still in locked state. This change causes the lock_file object to be unlocked on failure, thus fixing this error-handling path. Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-10-01commit_lock_file(): die() if called for unlocked lockfile objectMichael Haggerty
It was previously a bug to call commit_lock_file() with a lock_file object that was not active (an illegal access would happen within the function). It was presumably never done, but this would be an easy programming error to overlook. So before continuing, do a consistency check that the lock_file object really is locked. Helped-by: Johannes Sixt <> Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-10-01api-lockfile: revise and expand the documentationMichael Haggerty
Document a couple more functions and the flags argument as used by hold_lock_file_for_update() and hold_lock_file_for_append(). Reorganize the document to make it more accessible. Helped-by: Jonathan Nieder <> Helped-by: Junio Hamano <> Signed-off-by: Michael Haggerty <> Signed-off-by: Junio C Hamano <>
2014-09-26Merge branch 'rs/realloc-array'Junio C Hamano
Code cleanup. * rs/realloc-array: use REALLOC_ARRAY for changing the allocation size of arrays add macro REALLOC_ARRAY
2014-09-19Merge branch 'sp/pack-protocol-doc-on-shallow' into maintJunio C Hamano
* sp/pack-protocol-doc-on-shallow: Document LF appearing in shallow command during send-pack/receive-pack
2014-09-19Merge branch 'rs/export-strbuf-addchars'Junio C Hamano
Code clean-up. * rs/export-strbuf-addchars: strbuf: use strbuf_addchars() for adding a char multiple times strbuf: export strbuf_addchars()
2014-09-18add macro REALLOC_ARRAYRené Scharfe
The macro ALLOC_GROW manages several aspects of dynamic memory allocations for arrays: It performs overprovisioning in order to avoid reallocations in future calls, updates the allocation size variable, multiplies the item size and thus allows users to simply specify the item count, performs the reallocation and updates the array pointer. Sometimes this is too much. Add the macro REALLOC_ARRAY, which only takes care of the latter three points and allows users to specfiy the number of items the array can store. It can increase and also decrease the size. Using the macro avoid duplicating the variable name and takes care of the item sizes automatically. Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-09-17signed push: fortify against replay attacksJunio C Hamano
In order to prevent a valid push certificate for pushing into an repository from getting replayed in a different push operation, send a nonce string from the receive-pack process and have the signer include it in the push certificate. The receiving end uses an HMAC hash of the path to the repository it serves and the current time stamp, hashed with a secret seed (the secret seed does not have to be per-repository but can be defined in /etc/gitconfig) to generate the nonce, in order to ensure that a random third party cannot forge a nonce that looks like it originated from it. The original nonce is exported as GIT_PUSH_CERT_NONCE for the hooks to examine and match against the value on the "nonce" header in the certificate to notice a replay, but returned "nonce" header in the push certificate is examined by receive-pack and the result is exported as GIT_PUSH_CERT_NONCE_STATUS, whose value would be "OK" if the nonce recorded in the certificate matches what we expect, so that the hooks can more easily check. Signed-off-by: Junio C Hamano <>
2014-09-15signed push: add "pushee" header to push certificateJunio C Hamano
Record the URL of the intended recipient for a push (after anonymizing it if it has authentication material) on a new "pushee URL" header. Because the networking configuration (SSH-tunnels, proxies, etc.) on the pushing user's side varies, the receiving repository may not know the single canonical URL all the pushing users would refer it as (besides, many sites allow pushing over ssh://host/path and https://host/path protocols to the same repository but with different local part of the path). So this value may not be reliably used for replay-attack prevention purposes, but this will still serve as a human readable hint to identify the repository the certificate refers to. Signed-off-by: Junio C Hamano <>
2014-09-15signed push: remove duplicated protocol infoJunio C Hamano
With the interim protocol, we used to send the update commands even though we already send a signed copy of the same information when push certificate is in use. Update the send-pack/receive-pack pair not to do so. The notable thing on the receive-pack side is that it makes sure that there is no command sent over the traditional protocol packet outside the push certificate. Otherwise a pusher can claim to be pushing one set of ref updates in the signed certificate while issuing commands to update unrelated refs, and such an update will evade later audits. Finally, start documenting the protocol. Signed-off-by: Junio C Hamano <>
2014-09-15pack-protocol doc: typofix for PKT-LINEJunio C Hamano
Everywhere else we use PKT-LINE to denote the pkt-line formatted data, but "shallow/deepen" messages are described with PKT_LINE(). Fix them. Signed-off-by: Junio C Hamano <>
2014-09-11Merge branch 'rs/child-process-init'Junio C Hamano
Code clean-up. * rs/child-process-init: run-command: inline prepare_run_command_v_opt() run-command: call run_command_v_opt_cd_env() instead of duplicating it run-command: introduce child_process_init() run-command: introduce CHILD_PROCESS_INIT
2014-09-11Merge branch 'ta/config-set-1'Junio C Hamano
Use the new caching config-set API in git_config() calls. * ta/config-set-1: add tests for `git_config_get_string_const()` add a test for semantic errors in config files rewrite git_config() to use the config-set API config: add `git_die_config()` to the config-set API change `git_config()` return value to void add line number and file name info to `config_set` config.c: fix accuracy of line number in errors config.c: mark error and warnings strings for translation
2014-09-09Merge branch 'sp/pack-protocol-doc-on-shallow'Junio C Hamano
* sp/pack-protocol-doc-on-shallow: Document LF appearing in shallow command during send-pack/receive-pack
2014-09-08strbuf: export strbuf_addchars()René Scharfe
Move strbuf_addchars() to strbuf.c, where it belongs, and make it available for other callers. Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-09-02Merge branch 'rs/strbuf-getcwd'Junio C Hamano
Reduce the use of fixed sized buffer passed to getcwd() calls by introducing xgetcwd() helper. * rs/strbuf-getcwd: use strbuf_add_absolute_path() to add absolute paths abspath: convert absolute_path() to strbuf use xgetcwd() to set $GIT_DIR use xgetcwd() to get the current directory or die wrapper: add xgetcwd() abspath: convert real_path_internal() to strbuf abspath: use strbuf_getcwd() to remember original working directory setup: convert setup_git_directory_gently_1 et al. to strbuf unix-sockets: use strbuf_getcwd() strbuf: add strbuf_getcwd()
2014-09-02Merge branch 'ta/config-set'Junio C Hamano
Add in-core caching layer to let us avoid reading the same configuration files number of times. * ta/config-set: test-config: add tests for the config_set API add `config_set` API for caching config-like files
2014-08-28Document LF appearing in shallow command during send-pack/receive-packShawn Pearce
The implementation sends an LF, but the protocol documentation was missing this detail. Signed-off-by: Shawn Pearce <> Signed-off-by: Junio C Hamano <>
2014-08-26abspath: convert absolute_path() to strbufRené Scharfe
Move most of the code of absolute_path() into the new function strbuf_add_absolute_path() and in the process transform it to use struct strbuf and xgetcwd() instead of a PATH_MAX-sized buffer, which can be too small on some file systems. Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-08-20run-command: introduce child_process_init()René Scharfe
Add a helper function for initializing those struct child_process variables for which the macro CHILD_PROCESS_INIT can't be used. Suggested-by: Jeff King <> Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>
2014-08-20run-command: introduce CHILD_PROCESS_INITRené Scharfe
Most struct child_process variables are cleared using memset first after declaration. Provide a macro, CHILD_PROCESS_INIT, that can be used to initialize them statically instead. That's shorter, doesn't require a function call and is slightly more readable (especially given that we already have STRBUF_INIT, ARGV_ARRAY_INIT etc.). Helped-by: Johannes Sixt <> Signed-off-by: Rene Scharfe <> Signed-off-by: Junio C Hamano <>