Commit Briefs
factorize imsg_clear calls after imsg_flush failures
imsg_clear frees and closes resources allocated as part of enqueueing imsgs so it's a no-op after reads. discussed with and ok stsp@
portable: fix use of d->namlen
As done elsewhere, d->namlen is not a portable field from readdir, therefore simualte this via the strlen of the directory name instead.
reuse existing deltas when creating pack files
tested by thomas, naddy, and myself
shrink the width of formatted output fields to their expected size
Replace FMT_SCALED_STRSIZE with (FMT_SCALED_STRSIZE - 2) as field width when formatting output for printing. FMT_SCALED_STRSIZE includes space for a nul byte and a minus sign. Output values are expected to be always positive here. ok stsp
portable: add murmurhash2 to deltify test
Add missing include for the deltify test now that it depends on murmurhash2.
tweak error reporting due to invalid numbers
Use the same idiom as in the strtonum(3) manpage which produces a more readable error message. OK kn, stsp
fix infinite loop in got-index-pack for pack files >= 4GB in size
Because of a missing range check our zlib wrapper would end up calling zlib over and over with zero bytes of input. Problem reported by semarie and naddy. Fixed with help from millert@. ok millert naddy
improve error message due to malformed `author' in got.conf
tweak and ok stsp@
fix loose object file header parser for zero-length headers
ok millert tracey
fix landlock usage: handled_access_fs must list all actions
The ruleset's handled_access_fs has to list all the defined actions because otherwise missing ones are implicitly permitted. Thus, the previous version ended up allowing "almost everything" except reading files. Original diff from Mickaël Salaün, thanks! ok thomas
s/ENOTSUP/EOPNOTSUPP/
linux defines these errors to the same values, but the landlock doc uses `EOPNOTSUPP' consistently. Spotted initially by brynet@ and reminded by Mickaël Salaün, thanks! ok thomas
portable: add support for landlock
landlock is a new set of linux APIs that is conceptually similar to unveil(2): the idea is to restrict what a process can do on a specified part of the filesystem. There are some differences in the behaviour: the major one being that the landlock ruleset is inherited across execve(2). This just restricts the libexec helpers by completely revoking ANY filesystem access; after all they are the biggest attack surface. got send/fetch/clone *may* end up spawning ssh(1), so at the moment is not possible to landlock the main process. From Omar Polo.
fix 'got status' reporting all directories on NFS mounts as unversioned
Problem found and fix tested by Ted Bullock. ok millert, naddy