Nicolas Pitre [Wed, 29 Oct 2008 23:02:52 +0000 (19:02 -0400)]
pack-objects: don't leak pack window reference when splitting packs
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Wed, 29 Oct 2008 23:02:51 +0000 (19:02 -0400)]
extend test coverage for latest pack corruption resilience improvements
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Wed, 29 Oct 2008 23:02:50 +0000 (19:02 -0400)]
pack-objects: allow "fixing" a corrupted pack without a full repack
When the pack data to be reused is found to be bad, let's fall back to
full object access through the generic path which has its own strategies
to find alternate object sources in that case. This allows for "fixing"
a corrupted pack simply by copying either another pack containing the
object(s) found to be bad, or the loose object itself, into the object
store and launch a repack without the need for -f.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Wed, 29 Oct 2008 23:02:49 +0000 (19:02 -0400)]
make find_pack_revindex() aware of the nasty world
It currently calls die() whenever given offset is not found thinking
that such thing should never happen. But this offset may come from a
corrupted pack whych _could_ happen and not be found. Callers should
deal with this possibility gracefully instead.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Wed, 29 Oct 2008 23:02:48 +0000 (19:02 -0400)]
make check_object() resilient to pack corruptions
The check_object() function tries to get away with the least amount of
pack access possible when it already has partial information on given
object rather than calling the more costly packed_object_info().
When things don't look right, it should just give up and fall back to
packed_object_info() directly instead of die()'ing.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Wed, 29 Oct 2008 23:02:47 +0000 (19:02 -0400)]
make packed_object_info() resilient to pack corruptions
In the same spirit as commit
8eca0b47ff, let's try to survive a pack
corruption by making packed_object_info() able to fall back to alternate
packs or loose objects.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Wed, 29 Oct 2008 23:02:46 +0000 (19:02 -0400)]
make unpack_object_header() non fatal
It is possible to have pack corruption in the object header. Currently
unpack_object_header() simply die() on them instead of letting the caller
deal with that gracefully.
So let's have unpack_object_header() return an error instead, and find
a better name for unpack_object_header_gently() in that context. All
callers of unpack_object_header() are ready for it.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Wed, 29 Oct 2008 23:02:45 +0000 (19:02 -0400)]
better validation on delta base object offsets
In one case, it was possible to have a bad offset equal to 0 effectively
pointing a delta onto itself and crashing git after too many recursions.
In the other cases, a negative offset could result due to off_t being
signed. Catch those.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Fri, 31 Oct 2008 15:31:08 +0000 (11:31 -0400)]
close another possibility for propagating pack corruption
Abstract
--------
With index v2 we have a per object CRC to allow quick and safe reuse of
pack data when repacking. This, however, doesn't currently prevent a
stealth corruption from being propagated into a new pack when _not_
reusing pack data as demonstrated by the modification to t5302 included
here.
The Context
-----------
The Git database is all checksummed with SHA1 hashes. Any kind of
corruption can be confirmed by verifying this per object hash against
corresponding data. However this can be costly to perform systematically
and therefore this check is often not performed at run time when
accessing the object database.
First, the loose object format is entirely compressed with zlib which
already provide a CRC verification of its own when inflating data. Any
disk corruption would be caught already in this case.
Then, packed objects are also compressed with zlib but only for their
actual payload. The object headers and delta base references are not
deflated for obvious performance reasons, however this leave them
vulnerable to potentially undetected disk corruptions. Object types
are often validated against the expected type when they're requested,
and deflated size must always match the size recorded in the object header,
so those cases are pretty much covered as well.
Where corruptions could go unnoticed is in the delta base reference.
Of course, in the OBJ_REF_DELTA case, the odds for a SHA1 reference to
get corrupted so it actually matches the SHA1 of another object with the
same size (the delta header stores the expected size of the base object
to apply against) are virtually zero. In the OBJ_OFS_DELTA case, the
reference is a pack offset which would have to match the start boundary
of a different base object but still with the same size, and although this
is relatively much more "probable" than in the OBJ_REF_DELTA case, the
probability is also about zero in absolute terms. Still, the possibility
exists as demonstrated in t5302 and is certainly greater than a SHA1
collision, especially in the OBJ_OFS_DELTA case which is now the default
when repacking.
Again, repacking by reusing existing pack data is OK since the per object
CRC provided by index v2 guards against any such corruptions. What t5302
failed to test is a full repack in such case.
The Solution
------------
As unlikely as this kind of stealth corruption can be in practice, it
certainly isn't acceptable to propagate it into a freshly created pack.
But, because this is so unlikely, we don't want to pay the run time cost
associated with extra validation checks all the time either. Furthermore,
consequences of such corruption in anything but repacking should be rather
visible, and even if it could be quite unpleasant, it still has far less
severe consequences than actively creating bad packs.
So the best compromize is to check packed object CRC when unpacking
objects, and only during the compression/writing phase of a repack, and
only when not streaming the result. The cost of this is minimal (less
than 1% CPU time), and visible only with a full repack.
Someone with a stats background could provide an objective evaluation of
this, but I suspect that it's bad RAM that has more potential for data
corruptions at this point, even in those cases where this extra check
is not performed. Still, it is best to prevent a known hole for
corruption when recreating object data into a new pack.
What about the streamed pack case? Well, any client receiving a pack
must always consider that pack as untrusty and perform full validation
anyway, hence no such stealth corruption could be propagated to remote
repositoryes already. It is therefore worthless doing local validation
in that case.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sun, 2 Nov 2008 07:36:07 +0000 (00:36 -0700)]
Update draft release notes to 1.6.1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Fri, 24 Oct 2008 02:44:27 +0000 (19:44 -0700)]
Stop using compat/regex.c on platforms with working regexp library
We used to have non-POSIX comformant BRE in our code, and linked with GNU
regexp library on a few platforms (Darwin, FreeBSD and AIX) to work it
around. This was backwards.
We've fixed the broken regexps to use ERE that native regexp libraries on
these platforms can handle just fine. There is no need to link with GNU
regexp library on these platforms anymore.
Tested-on-AIX-by: Mike Ralphson <mike@abacus.co.uk>
Tested-on-FreeBSD-by: Jeff King <peff@peff.net>
Tested-on-Darwin-by: Arjen Laarhoven <arjen@yaph.org>
Tested-on-Darwin-by: Pieter de Bie <pieter@frim.nl>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Tom Preston-Werner [Sat, 1 Nov 2008 18:44:45 +0000 (11:44 -0700)]
connect.c: add a way for git-daemon to pass an error back to client
The current behavior of git-daemon is to simply close the connection on
any error condition. This leaves the client without any information as
to the cause of the failed fetch/push/etc.
This patch allows get_remote_heads to accept a line prefixed with "ERR"
that it can display to the user in an informative fashion. Once clients
can understand this ERR line, git-daemon can be made to properly report
"repository not found", "permission denied", or other errors.
Example
S: ERR No matching repository.
C: fatal: remote error: No matching repository.
Signed-off-by: Tom Preston-Werner <tom@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jan Krüger [Sat, 1 Nov 2008 14:42:16 +0000 (15:42 +0100)]
Introduce receive.denyDeletes
Occasionally, it may be useful to prevent branches from getting deleted from
a centralized repository, particularly when no administrative access to the
server is available to undo it via reflog. It also makes
receive.denyNonFastForwards more useful if it is used for access control
since it prevents force-updating by deleting and re-creating a ref.
Signed-off-by: Jan Krüger <jk@jk.gs>
Acked-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sun, 2 Nov 2008 07:15:22 +0000 (00:15 -0700)]
Merge branch 'maint'
* maint:
Start 1.6.0.4 cycle
add instructions on how to send patches to the mailing list with Gmail
Documentation/gitattributes: Add subsection header for each attribute
git send-email: avoid leaking directory file descriptors.
send-pack: do not send out single-level refs such as refs/stash
fix overlapping memcpy in normalize_absolute_path
pack-objects: avoid reading uninitalized data
correct cache_entry allocation
Conflicts:
RelNotes
Junio C Hamano [Sun, 2 Nov 2008 07:14:04 +0000 (00:14 -0700)]
Start 1.6.0.4 cycle
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Tom Preston-Werner [Sat, 1 Nov 2008 15:28:18 +0000 (15:28 +0000)]
add instructions on how to send patches to the mailing list with Gmail
Gmail is one of the most popular email providers in the world. Now that Gmail
supports IMAP, sending properly formatted patches via `git imap-send` is
trivial. This section in SubmittingPatches explains how to do so.
Signed-off-by: Tom Preston-Werner <tom@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jakub Narebski [Sat, 1 Nov 2008 06:24:55 +0000 (06:24 +0000)]
Documentation/gitattributes: Add subsection header for each attribute
This makes attributes easier to find; before this patch some
attributes had individual subsections, and some didn't.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Pierre Habouzit [Fri, 31 Oct 2008 18:57:10 +0000 (18:57 +0000)]
git send-email: avoid leaking directory file descriptors.
Signed-off-by: Pierre Habouzit <madcoder@debian.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jeff King [Wed, 29 Oct 2008 05:17:55 +0000 (05:17 +0000)]
send-pack: do not send out single-level refs such as refs/stash
Since no version of receive-pack accepts these "funny refs", we should
mirror the check when considering the list of refs to send. IOW, don't
even make them eligible for matching or mirroring.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jeff King [Thu, 23 Oct 2008 04:32:23 +0000 (04:32 +0000)]
fix overlapping memcpy in normalize_absolute_path
The comments for normalize_absolute_path explicitly claim
that the source and destination buffers may be the same
(though they may not otherwise overlap). Thus the call to
memcpy may involve copying overlapping data, and memmove
should be used instead.
This fixes a valgrind error in t1504.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jeff King [Thu, 23 Oct 2008 04:31:03 +0000 (04:31 +0000)]
pack-objects: avoid reading uninitalized data
In the main loop of find_deltas, we do:
struct object_entry *entry = *list++;
...
if (!*list_size)
...
break
Because we look at and increment *list _before_ the check of
list_size, in the very last iteration of the loop we will
look at uninitialized data, and increment the pointer beyond
one past the end of the allocated space. Since we don't
actually do anything with the data until after the check,
this is not a problem in practice.
But since it technically violates the C standard, and
because it provokes a spurious valgrind warning, let's just
move the initialization of entry to a safe place.
This fixes valgrind errors in t5300, t5301, t5302, t303, and
t9400.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jeff King [Thu, 23 Oct 2008 04:30:58 +0000 (04:30 +0000)]
correct cache_entry allocation
Most cache_entry structs are allocated by using the
cache_entry_size macro, which rounds the size of the struct
up to the nearest multiple of 8 bytes (presumably to avoid
memory fragmentation).
There is one exception: the special "conflict entry" is
allocated with an empty name, and so is explicitly given
just one extra byte to hold the NUL.
However, later code doesn't realize that this particular
struct has been allocated differently, and happily tries
reading and copying it based on the ce_size macro, which
assumes the 8-byte alignment.
This can lead to reading uninitalized data, though since
that data is simply padding, there shouldn't be any problem
as a result. Still, it makes sense to hold the padding
assumption so as not to surprise later maintainers.
This fixes valgrind errors in t1005, t3030, t4002, and
t4114.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sun, 2 Nov 2008 05:31:46 +0000 (22:31 -0700)]
Merge git://repo.or.cz/git-gui
* git://repo.or.cz/git-gui: (27 commits)
git-gui: Update German translation.
git-gui: Do not munge conflict marker lines in a normal diff
git-gui: Add a simple implementation of SSH_ASKPASS.
git-gui: Add a dialog that shows the OpenSSH public key.
git-gui: Mark-up strings in show_{other,unmerged}_diff() for localization
git-gui: Show a round number of bytes of large untracked text files
git-gui: Fix the blame viewer destroy handler.
git-gui: Add a search command to the blame viewer.
git-gui: Fix the blame window shape.
git-gui: Fix switch statement in lib/merge.tcl
git-gui: Fix fetching from remotes when adding them
git-gui: Fix removing non-pushable remotes
git-gui: Make input boxes in init/clone/open dialogs consistent
git-gui: Avoid using the term URL when specifying repositories
git-gui: gui.autoexplore makes explorer to pop up automatically after picking
git-gui: Add Explore Working Copy to the Repository menu
git-gui: Use git web--browser for web browsing
git-gui: mkdir -p when initializing new remote repository
git-gui: Add support for removing remotes
git-gui: Add support for adding remotes
...
Junio C Hamano [Sun, 2 Nov 2008 05:31:14 +0000 (22:31 -0700)]
Merge branch 'maint' of git://repo.or.cz/git-gui into maint
* 'maint' of git://repo.or.cz/git-gui:
git-gui: Help identify aspell version on Windows too
Christian Stimming [Sat, 25 Oct 2008 20:51:05 +0000 (22:51 +0200)]
git-gui: Update German translation.
Not yet completed, though.
Signed-off-by: Christian Stimming <stimming@tuhh.de>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Johannes Sixt [Tue, 14 Oct 2008 11:48:37 +0000 (13:48 +0200)]
git-gui: Do not munge conflict marker lines in a normal diff
Previously, conflict markers were highlighted in two ways: (1) They
received a distinguishing color; and (2) they had the '+' removed at the
beginning of the line. However, by doing (2), a hunk that contained
conflict markers could not be staged or unstaged because the resulting
patch was corrupted. With this change we no longer modify the diff text
of a 2-way diff, so that "Stage Hunk" and friends work.
Note that 3-way diff of a conflicted file is unaffected by this change,
and '++' before conflict markers is still removed. But this has no negative
impact because in this mode staging hunks or lines is disabled anyway.
Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Alexander Gavrilov [Wed, 15 Oct 2008 09:28:21 +0000 (13:28 +0400)]
git-gui: Add a simple implementation of SSH_ASKPASS.
OpenSSH allows specifying an external program to use
for direct user interaction. While most Linux systems
already have such programs, some environments, for
instance, msysgit, lack it. This patch adds a simple
fallback Tcl implementation of the tool.
In msysgit it is also necessary to set a fake value of
the DISPLAY variable, because otherwise ssh won't even
try to use SSH_ASKPASS handlers.
Signed-off-by: Alexander Gavrilov <angavrilov@gmail.com>
Acked-by: Johannes Sixt <johannes.sixt@telecom.at>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Alexander Gavrilov [Wed, 15 Oct 2008 09:28:20 +0000 (13:28 +0400)]
git-gui: Add a dialog that shows the OpenSSH public key.
Generating a new SSH key or finding an existing one may
be a difficult task for non-technical users, especially
on Windows.
This commit adds a new dialog that shows the public key,
or allows the user to generate a new one if none were found.
Since this is a convenience/informational feature for new
users, and the dialog is mostly read-only, it is located
in the Help menu.
The command line used to invoke ssh-keygen is designed to
force it to use SSH_ASKPASS if available, or accept empty
passphrases, but _never_ wait for user response on the tty.
Signed-off-by: Alexander Gavrilov <angavrilov@gmail.com>
Acked-by: Johannes Sixt <johannes.sixt@telecom.at>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Junio C Hamano [Fri, 31 Oct 2008 08:42:58 +0000 (01:42 -0700)]
Merge branch 'maint'
* maint:
git-svn: change dashed git-commit-tree to git commit-tree
Documentation: clarify information about 'ident' attribute
bash completion: add doubledash to "git show"
Use test-chmtime -v instead of perl in t5000 to get mtime of a file
Add --verbose|-v to test-chmtime
asciidoc: add minor workaround to add an empty line after code blocks
Plug a memleak in builtin-revert
Add file delete/create info when we overflow rename_limit
Install git-cvsserver in $(bindir)
Install git-shell in bindir, too
Deskin Miller [Fri, 31 Oct 2008 04:10:25 +0000 (00:10 -0400)]
git-svn: change dashed git-commit-tree to git commit-tree
Signed-off-by: Deskin Miller <deskinm@umich.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jan Krüger [Thu, 30 Oct 2008 18:14:33 +0000 (19:14 +0100)]
Documentation: clarify information about 'ident' attribute
The documentation spoke of the attribute being set "to" a path; this can
mistakenly be interpreted as "the attribute needs to have its value set to
some kind of path". This clarifies things.
Signed-off-by: Jan Krüger <jk@jk.gs>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Markus Heidelberg [Fri, 31 Oct 2008 00:04:46 +0000 (01:04 +0100)]
bash completion: add doubledash to "git show"
Signed-off-by: Markus Heidelberg <markus.heidelberg@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Alex Riesen [Thu, 30 Oct 2008 10:20:27 +0000 (11:20 +0100)]
Use test-chmtime -v instead of perl in t5000 to get mtime of a file
The test was broken on admittedly broken combination of Windows, Cygwin,
and ActiveState Perl.
Signed-off-by: Alex Riesen <ariesen@harmanbecker.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Alex Riesen [Thu, 30 Oct 2008 09:00:29 +0000 (10:00 +0100)]
Add --verbose|-v to test-chmtime
This allows us replace perl when getting the mtime of a file because
of time zone conversions, though at the moment only one platform which
does this has been identified: Cygwin when used with ActiveState Perl
(as usual).
The output format is:
<mtime1> TAB <filename1> <LF>
<mtime2> TAB <filename2> <LF>
...
which, if only mtime is needed can be parsed with cut(1):
test-chmtime -v +0 filename1 | cut -f 1
Also, the change adds a description of programs features, with examples.
Signed-off-by: Alex Riesen <ariesen@harmanbecker.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jonas Fonseca [Thu, 30 Oct 2008 10:45:03 +0000 (11:45 +0100)]
asciidoc: add minor workaround to add an empty line after code blocks
Insert an empty <simpara> in manpages after code blocks to force and
empty line.
The problem can be seen on the manpage for the git tutorial, where an
example command and the following paragraph is printed with no empty
line between them:
First, note that you can get documentation for a command such as git
log --graph with:
$ man git-log
It is a good idea to introduce yourself to git [...]
Signed-off-by: Jonas Fonseca <fonseca@diku.dk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Alex Riesen [Tue, 28 Oct 2008 17:27:33 +0000 (18:27 +0100)]
Plug a memleak in builtin-revert
Probably happened when working around git_path's problem with returned
buffer being reused.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Fri, 24 Oct 2008 05:54:09 +0000 (22:54 -0700)]
compat/cygwin.c: make runtime detection of lstat/stat lessor impact
The original patch that lead to an earlier commit
adbc0b6 (cygwin: Use
native Win32 API for stat, 2008-09-30) did not call git_default_config()
and it was a good thing. The lazy config reading when lstat/stat is
called for the first time to find out if core.filemode is set can happen
anytime in the calling program. If it happens after the calling program
parsed the configuration file to prime its default parameter settings and
processed its command line parameters to tweak them, this will overwrite
the values set by the program with the values read from the config file.
This essentially reverts the code to the version as submitted by Mark,
with a bit more comments to clarify why we do not fall back on the default
configuration parser from git_cygwin_config().
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Linus Torvalds [Mon, 27 Oct 2008 20:06:16 +0000 (13:06 -0700)]
Add file delete/create info when we overflow rename_limit
When we refuse to do rename detection due to having too many files
created or deleted, let the user know the numbers. That way there is a
reasonable starting point for setting the diff.renamelimit option.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nanako Shiraishi [Wed, 10 Sep 2008 11:03:18 +0000 (20:03 +0900)]
Install git-cvsserver in $(bindir)
It is one of the server side programs and needs to be found on usual $PATH.
Signed-off-by: Nanako Shiraishi <nanako3@lavabit.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Tommi Virtanen [Sun, 24 Aug 2008 20:23:25 +0000 (23:23 +0300)]
Install git-shell in bindir, too
/etc/passwd shell field must be something execable, you can't enter
"/usr/bin/git shell" there. git-shell must be present as a separate
executable, or it is useless.
Signed-off-by: Tommi Virtanen <tv@eagain.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sun, 26 Oct 2008 23:21:08 +0000 (16:21 -0700)]
Merge branch 'maint'
* maint:
add -p: warn if only binary changes present
git-archive: work in bare repos
git-svn: change dashed git-config to git config
Thomas Rast [Sun, 26 Oct 2008 19:37:06 +0000 (20:37 +0100)]
add -p: warn if only binary changes present
Current 'git add -p' will say "No changes." if there are no changes to
text files, which can be confusing if there _are_ changes to binary
files. Add some code to distinguish the two cases, and give a
different message in the latter one.
Signed-off-by: Thomas Rast <trast@student.ethz.ch>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Charles Bailey [Sat, 25 Oct 2008 15:38:14 +0000 (11:38 -0400)]
git-archive: work in bare repos
This moves the call to git_config to a place where it doesn't break the
logic for using git archive in a bare repository but retains the fix to
make git archive respect core.autocrlf.
Tests are by René Scharfe.
Signed-off-by: Charles Bailey <charles@hashpling.org>
Tested-by: Deskin Miller <deskinm@umich.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sun, 26 Oct 2008 18:07:18 +0000 (11:07 -0700)]
receive-pack: fix "borrowing from alternate object store" implementation
In the alternate_object_database structure, ent->base[] is a buffer the
users can use to form pathnames to loose objects, and ent->name is a
pointer into that buffer (it points at one beyond ".git/objects/"). If
you get a call to add_refs_from_alternate() after somebody used the entry
(has_loose_object() has been called, for example), *ent->name would not be
NUL, and ent->base[] won't be the path to the object store.
This caller is expecting to read the path to the object store in ent->base[];
it needs to NUL terminate the buffer if it wants to.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Joey Hess [Fri, 24 Oct 2008 05:48:50 +0000 (01:48 -0400)]
git-daemon: set REMOTE_ADDR to client address
This allows hooks like pre-receive to look at the client's IP
address.
Of course the IP address can't be used to get strong security;
git-daemon isn't the right thing to use if you need that. However,
basic IP address checking can be good enough in some situations.
REMOTE_ADDR is the same environment variable used to communicate the
client's address to CGI scripts.
Signed-off-by: Joey Hess <joey@kitenet.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Deskin Miller [Thu, 23 Oct 2008 19:21:34 +0000 (15:21 -0400)]
git-svn: change dashed git-config to git config
Signed-off-by: Deskin Miller <deskinm@umich.edu>
Acked-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jeff King [Wed, 22 Oct 2008 19:22:53 +0000 (15:22 -0400)]
submodule: fix some non-portable grep invocations
Not all greps support "-e", but in this case we can easily convert it to a
single extended regex.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Johannes Sixt [Wed, 22 Oct 2008 07:39:47 +0000 (09:39 +0200)]
git-remote: list branches in vertical lists
Previously, branches were listed on a single line in each section. But
if there are many branches, then horizontal, line-wrapped lists are very
inconvenient to scan for a human. This makes the lists vertical, i.e one
branch per line is printed.
Since "git remote" is porcelain, we can easily make this
backwards-incompatible change.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Jeff King [Tue, 21 Oct 2008 13:54:19 +0000 (09:54 -0400)]
rm: loosen safety valve for empty files
If a file is different between the working tree copy, the index, and the
HEAD, then we do not allow it to be deleted without --force.
However, this is overly tight in the face of "git add --intent-to-add":
$ git add --intent-to-add file
$ : oops, I don't actually want to stage that yet
$ git rm --cached file
error: 'empty' has staged content different from both the
file and the HEAD (use -f to force removal)
$ git rm -f --cached file
Unfortunately, there is currently no way to distinguish between an empty
file that has been added and an "intent to add" file. The ideal behavior
would be to disallow the former while allowing the latter.
This patch loosens the safety valve to allow the deletion only if we are
deleting the cached entry and the cached content is empty. This covers
the intent-to-add situation, and assumes there is little harm in not
protecting users who have legitimately added an empty file. In many
cases, the file will still be empty, in which case the safety valve does
not trigger anyway (since the content remains untouched in the working
tree). Otherwise, we do remove the fact that no content was staged, but
given that the content is by definition empty, it is not terribly
difficult for a user to recreate it.
However, we still document the desired behavior in the form of two
tests. One checks the correct removal of an intent-to-add file. The other
checks that we still disallow removal of empty files, but is marked as
expect_failure to indicate this compromise. If the intent-to-add feature
is ever extended to differentiate between normal empty files and
intent-to-add files, then the safety valve can be re-tightened.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Wed, 22 Oct 2008 00:58:25 +0000 (17:58 -0700)]
Merge branch 'jk/diff-convfilter'
* jk/diff-convfilter:
diff: add filter for converting binary to text
diff: introduce diff.<driver>.binary
diff: unify external diff and funcname parsing code
t4012: use test_cmp instead of cmp
Junio C Hamano [Wed, 22 Oct 2008 00:58:21 +0000 (17:58 -0700)]
Merge branch 'js/maint-fetch-update-head'
* js/maint-fetch-update-head:
pull: allow "git pull origin $something:$current_branch" into an unborn branch
Fix fetch/pull when run without --update-head-ok
Conflicts:
t/t5510-fetch.sh
Junio C Hamano [Wed, 22 Oct 2008 00:58:11 +0000 (17:58 -0700)]
Merge branch 'jc/maint-co-track'
* jc/maint-co-track:
Enhance hold_lock_file_for_{update,append}() API
demonstrate breakage of detached checkout with symbolic link HEAD
Fix "checkout --track -b newbranch" on detached HEAD
Conflicts:
builtin-commit.c
Junio C Hamano [Wed, 22 Oct 2008 00:58:01 +0000 (17:58 -0700)]
Merge branch 'rs/alloc-ref'
* rs/alloc-ref:
make alloc_ref_from_str() the new alloc_ref()
use alloc_ref_from_str() everywhere
add alloc_ref_with_prefix()
Junio C Hamano [Wed, 22 Oct 2008 00:57:56 +0000 (17:57 -0700)]
Merge branch 'jk/fix-ls-files-other'
* jk/fix-ls-files-other:
refactor handling of "other" files in ls-files and status
Junio C Hamano [Tue, 21 Oct 2008 20:48:41 +0000 (13:48 -0700)]
Merge branch 'jc/maint-reset-remove-unmerged-new'
* jc/maint-reset-remove-unmerged-new:
reset --hard/read-tree --reset -u: remove unmerged new paths
Junio C Hamano [Tue, 21 Oct 2008 20:47:22 +0000 (13:47 -0700)]
Merge branch 'maint'
* maint:
GIT 1.6.0.3
rehabilitate 'git index-pack' inside the object store
Junio C Hamano [Tue, 21 Oct 2008 20:37:42 +0000 (13:37 -0700)]
GIT 1.6.0.3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Nicolas Pitre [Tue, 21 Oct 2008 01:17:07 +0000 (21:17 -0400)]
rehabilitate 'git index-pack' inside the object store
Before commit
d0b92a3f6e it was possible to run 'git index-pack'
directly in the .git/objects/pack/ directory. Restore that ability.
Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Tue, 21 Oct 2008 06:40:21 +0000 (23:40 -0700)]
Merge branch 'maint'
* maint:
Fix testcase failure when extended attributes are in use
Lee Marlow [Mon, 20 Oct 2008 17:35:31 +0000 (11:35 -0600)]
workflows documentation: fix link to git-request-pull[1]
Signed-off-by: Lee Marlow <lee.marlow@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Lee Marlow [Mon, 20 Oct 2008 17:31:38 +0000 (11:31 -0600)]
bash completion: Add 'workflows' to 'git help'
Completion for new workflow documentation introduced in
f948dd8
Signed-off-by: Lee Marlow <lee.marlow@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Tue, 21 Oct 2008 05:16:09 +0000 (22:16 -0700)]
Merge git://git.kernel.org/pub/scm/gitk/gitk
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Turn short SHA1 names into links too
gitk: Regenerate .po files
gitk: New way of constructing menus that allows for Alt+letter accelerators
gitk: Bind Key-Return to create on new branch dialog
gitk: Fix binding for <Return> in sha1 entry field
gitk: Clean up file encoding code and add enable/disable option
gitk: Implement batch lookup and caching of encoding attrs
gitk: Enhance file encoding support
gitk: Add untranslated error messages to translation
gitk: Fix a bug in collapsing deeply nested trees
gitk: Use <Button-2> for context menus on OSX
Jeff King [Tue, 21 Oct 2008 00:36:25 +0000 (20:36 -0400)]
document "intent to add" option to git-add
This was added by
3942581 but never documented.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Paul Mackerras [Mon, 20 Oct 2008 23:18:12 +0000 (10:18 +1100)]
gitk: Turn short SHA1 names into links too
This changes the link detection logic to accept strings of between 6
and 40 hex characters as a possible SHA1 ID of another commit, rather
than insisting on seeing the full 40 hex characters.
To make the logic that turns a possible link into an actual link work
with abbreviated IDs, this changes the way the commitinterest array is
used, and puts the code that deals with it in a pair of new functions.
The commitinterest array is now indexed by just the first 4 characters
of the interesting SHA1 ID, and each element is a list of id + command
pairs. This also pulls out the logic for expanding an abbreviated
SHA1 to the list of matching full IDs into its own function (the way
it is done is still the same slow way it was done before, which should
be improved some day).
This also fixes the bug where clicking on a link would take you to the
wrong commit if the line number of the target had changed since the
link was made.
This is based on a patch by Linus Torvalds, but totally rewritten by me.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Junio C Hamano [Mon, 20 Oct 2008 05:51:17 +0000 (22:51 -0700)]
Fix testcase failure when extended attributes are in use
06cbe855 (Make core.sharedRepository more generic, 2008-04-16) made
several testcases in t1301-shared-repo.sh which fail if on a system
which creates files with extended attributes (e.g. SELinux), since ls
appends a '+' sign to the permission set in such cases. In fact,
POSIX.1 allows ls to add a single printable character after the usual
3x3 permission bits to show that an optional alternate/additional access
method is associated with the path.
This fixes the testcase to strip any such sign prior to verifying the
permission set.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Tested-by: Deskin Miller <deskinm@umich.edu>
Junio C Hamano [Sun, 19 Oct 2008 23:07:29 +0000 (16:07 -0700)]
Merge branch 'sh/maint-rebase3'
* sh/maint-rebase3:
rebase--interactive: fix parent rewriting for dropped commits
Junio C Hamano [Sun, 19 Oct 2008 23:07:23 +0000 (16:07 -0700)]
Merge branch 'tr/workflow-doc'
* tr/workflow-doc:
Documentation: add manpage about workflows
Documentation: Refer to git-rebase(1) to warn against rewriting
Documentation: new upstream rebase recovery section in git-rebase
Junio C Hamano [Sun, 19 Oct 2008 23:07:07 +0000 (16:07 -0700)]
Merge branch 'mv/clonev'
* mv/clonev:
Implement git clone -v
Junio C Hamano [Sun, 19 Oct 2008 23:07:02 +0000 (16:07 -0700)]
Merge branch 'ml/cygwin-filemode'
* ml/cygwin-filemode:
compat/cygwin.c - Use cygwin's stat if core.filemode == true
Junio C Hamano [Sun, 19 Oct 2008 23:06:53 +0000 (16:06 -0700)]
Merge branch 'gb/refactor-pathinfo'
* gb/refactor-pathinfo:
gitweb: refactor input parameters parse/validation
Junio C Hamano [Sun, 19 Oct 2008 23:06:47 +0000 (16:06 -0700)]
Merge branch 'dp/checkattr'
* dp/checkattr:
git-check-attr(1): use 'verse' for multi-line synopsis sections
check-attr: Add --stdin option
check-attr: add an internal check_attr() function
Junio C Hamano [Sun, 19 Oct 2008 23:06:44 +0000 (16:06 -0700)]
Merge branch 'gb/formatpatch-autonbr'
* gb/formatpatch-autonbr:
format-patch: autonumber by default
Junio C Hamano [Sun, 19 Oct 2008 23:06:39 +0000 (16:06 -0700)]
Merge branch 'sp/describe-lwtag'
* sp/describe-lwtag:
describe: Make --tags and --all match lightweight tags more often
Junio C Hamano [Sun, 19 Oct 2008 23:06:31 +0000 (16:06 -0700)]
Merge branch 'ae/preservemerge'
* ae/preservemerge:
rebase: Support preserving merges in non-interactive mode
Junio C Hamano [Sun, 19 Oct 2008 23:06:21 +0000 (16:06 -0700)]
Merge branch 'mv/merge-noff'
* mv/merge-noff:
builtin-commit: use reduce_heads() only when appropriate
Conflicts:
builtin-commit.c
t/t7600-merge.sh
Junio C Hamano [Sun, 19 Oct 2008 23:05:58 +0000 (16:05 -0700)]
Merge branch 'ns/rebase-noverify'
* ns/rebase-noverify:
rebase: Document --no-verify option to bypass pre-rebase hook
rebase --no-verify
Junio C Hamano [Sun, 19 Oct 2008 22:53:46 +0000 (15:53 -0700)]
Merge branch 'maint'
* maint:
Documentation: Clarify '--signoff' for git-commit
Junio C Hamano [Sun, 19 Oct 2008 22:32:35 +0000 (15:32 -0700)]
Fix mismerge at
cdb22c4 in builtin-checkout.c
The code to complain when -b is not given but an explicit --track/--no-track
override was given from the command line was unchanged on one branch and
reworked on the other branch. The merge result incorrectly kept it.
Spotted by Matt McCutchen.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Matt McCutchen [Sun, 19 Oct 2008 00:40:50 +0000 (20:40 -0400)]
git-merge-recursive: honor merge.conflictstyle once again
This was originally implemented in
c236bcd06138bcbc929b86ad1a513635bf4847b2
but was lost to a mismerge in
9ba929ed652f5ed7707f1c684999af4ad02c4925.
Signed-off-by: Matt McCutchen <matt@mattmccutchen.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Thomas Rast [Sun, 19 Oct 2008 15:20:21 +0000 (17:20 +0200)]
Documentation: add manpage about workflows
This attempts to make a manpage about workflows that is both handy to
point people at it and as a beginner's introduction.
Signed-off-by: Thomas Rast <trast@student.ethz.ch>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Fredrik Skolmli [Sun, 19 Oct 2008 16:09:43 +0000 (18:09 +0200)]
Documentation: Spelling fix
Signed-off-by: Fredrik Skolmli <fredrik@frsk.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sun, 19 Oct 2008 19:38:50 +0000 (12:38 -0700)]
Merge branch 'pb/rename-rowin32'
* pb/rename-rowin32:
Do not rename read-only files during a push
Looks-fine-to-me-by: Shawn O. Pearce <spearce@spearce.org>
Acked-by: Johannes Sixt <johannes.sixt@telecom.at>
Junio C Hamano [Fri, 17 Oct 2008 22:44:39 +0000 (15:44 -0700)]
Enhance hold_lock_file_for_{update,append}() API
This changes the "die_on_error" boolean parameter to a mere "flags", and
changes the existing callers of hold_lock_file_for_update/append()
functions to pass LOCK_DIE_ON_ERROR.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Fri, 17 Oct 2008 22:56:11 +0000 (15:56 -0700)]
demonstrate breakage of detached checkout with symbolic link HEAD
When core.prefersymlinkrefs is in use, detaching the HEAD by
checkout incorrectly clobbers the tip of the current branch.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Abhijit Bhopatkar [Sun, 19 Oct 2008 04:19:23 +0000 (09:49 +0530)]
Documentation: Clarify '--signoff' for git-commit
'--signoff' uses commiter name always to add the signoff line,
make it explicit in the documentation.
Signed-off-by: Abhijit Bhopatkar <bain@devslashzero.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Wed, 15 Oct 2008 23:00:06 +0000 (16:00 -0700)]
reset --hard/read-tree --reset -u: remove unmerged new paths
When aborting a failed merge that has brought in a new path using "git
reset --hard" or "git read-tree --reset -u", we used to first forget about
the new path (via read_cache_unmerged) and then matched the working tree
to what is recorded in the index, thus ending up leaving the new path in
the work tree.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sat, 18 Oct 2008 15:30:39 +0000 (08:30 -0700)]
Update draft release notes for 1.6.1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sat, 18 Oct 2008 15:26:44 +0000 (08:26 -0700)]
Merge branch 'maint'
* maint:
Hopefully the final draft release notes update before 1.6.0.3
diff(1): clarify what "T"ypechange status means
contrib: update packinfo.pl to not use dashed commands
force_object_loose: Fix memory leak
tests: shell negation portability fix
Junio C Hamano [Sat, 18 Oct 2008 15:26:39 +0000 (08:26 -0700)]
Hopefully the final draft release notes update before 1.6.0.3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sat, 18 Oct 2008 15:20:51 +0000 (08:20 -0700)]
diff(1): clarify what "T"ypechange status means
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Junio C Hamano [Sat, 18 Oct 2008 15:18:11 +0000 (08:18 -0700)]
Merge branch 'db/maint-checkout-b' into maint
* db/maint-checkout-b:
Check early that a new branch is new and valid
Jeff King [Sun, 5 Oct 2008 21:43:45 +0000 (17:43 -0400)]
diff: add filter for converting binary to text
When diffing binary files, it is sometimes nice to see the
differences of a canonical text form rather than either a
binary patch or simply "binary files differ."
Until now, the only option for doing this was to define an
external diff command to perform the diff. This was a lot of
work, since the external command needed to take care of
doing the diff itself (including mode changes), and lost the
benefit of git's colorization and other options.
This patch adds a text conversion option, which converts a
file to its canonical format before performing the diff.
This is less flexible than an arbitrary external diff, but
is much less work to set up. For example:
$ echo '*.jpg diff=exif' >>.gitattributes
$ git config diff.exif.textconv exiftool
$ git config diff.exif.binary false
allows one to see jpg diffs represented by the text output
of exiftool.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Jeff King [Sun, 5 Oct 2008 21:43:36 +0000 (17:43 -0400)]
diff: introduce diff.<driver>.binary
The "diff" gitattribute is somewhat overloaded right now. It
can say one of three things:
1. this file is definitely binary, or definitely not
(i.e., diff or !diff)
2. this file should use an external diff engine (i.e.,
diff=foo, diff.foo.command = custom-script)
3. this file should use particular funcname patterns
(i.e., diff=foo, diff.foo.(x?)funcname = some-regex)
Most of the time, there is no conflict between these uses,
since using one implies that the other is irrelevant (e.g.,
an external diff engine will decide for itself whether the
file is binary).
However, there is at least one conflicting situation: there
is no way to say "use the regular rules to determine whether
this file is binary, but if we do diff it textually, use
this funcname pattern." That is, currently setting diff=foo
indicates that the file is definitely text.
This patch introduces a "binary" config option for a diff
driver, so that one can explicitly set diff.foo.binary. We
default this value to "don't know". That is, setting a diff
attribute to "foo" and using "diff.foo.funcname" will have
no effect on the binaryness of a file. To get the current
behavior, one can set diff.foo.binary to true.
This patch also has one additional advantage: it cleans up
the interface to the userdiff code a bit. Before, calling
code had to know more about whether attributes were false,
true, or unset to determine binaryness. Now that binaryness
is a property of a driver, we can represent these situations
just by passing back a driver struct.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Jeff King [Sun, 5 Oct 2008 21:43:21 +0000 (17:43 -0400)]
diff: unify external diff and funcname parsing code
Both sets of code assume that one specifies a diff profile
as a gitattribute via the "diff=foo" attribute. They then
pull information about that profile from the config as
diff.foo.*.
The code for each is currently completely separate from the
other, which has several disadvantages:
- there is duplication as we maintain code to create and
search the separate lists of external drivers and
funcname patterns
- it is difficult to add new profile options, since it is
unclear where they should go
- the code is difficult to follow, as we rely on the
"check if this file is binary" code to find the funcname
pattern as a side effect. This is the first step in
refactoring the binary-checking code.
This patch factors out these diff profiles into "userdiff"
drivers. A file with "diff=foo" uses the "foo" driver, which
is specified by a single struct.
Note that one major difference between the two pieces of
code is that the funcname patterns are always loaded,
whereas external drivers are loaded only for the "git diff"
porcelain; the new code takes care to retain that situation.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Jeff King [Sun, 5 Oct 2008 21:42:35 +0000 (17:42 -0400)]
t4012: use test_cmp instead of cmp
This makes erroneous output slightly easier to see. We also
flip the argument order to match our usual style.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Brian Gernhardt [Thu, 2 Oct 2008 20:55:39 +0000 (16:55 -0400)]
format-patch: autonumber by default
format-patch is most commonly used for multiple patches at once when
sending a patchset, in which case we want to number the patches; on
the other hand, single patches are not usually expected to be
numbered.
In other words, the typical behavior expected from format-patch is the
one obtained by enabling autonumber, so we set it to be the default.
Users that want to disable numbering for a particular patchset can do
so with the existing -N command-line switch. Users that want to
change the default behavior can use the format.numbering config key.
Signed-off-by: Brian Gernhardt <benji@silverinsanity.com>
Test-updates-by: Jeff King <peff@peff.net>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Petr Baudis [Fri, 3 Oct 2008 10:20:43 +0000 (12:20 +0200)]
Do not rename read-only files during a push
Win32 does not allow renaming read-only files (at least on a Samba
share), making push into a local directory to fail. Thus, defer
the chmod() call in index-pack.c:final() only after
move_temp_to_file() was called.
Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Junio C Hamano [Sat, 18 Oct 2008 14:07:23 +0000 (07:07 -0700)]
Merge branch 'pb/commit-where'
* pb/commit-where:
tutorial: update output of git commit
reformat informational commit message
git commit: Reformat output somewhat
builtin-commit.c: show on which branch a commit was added
René Scharfe [Sat, 18 Oct 2008 08:44:18 +0000 (10:44 +0200)]
make alloc_ref_from_str() the new alloc_ref()
With all calls to alloc_ref() gone, we can remove it and then we're free
to give alloc_ref_from_str() the shorter name. It's a much nicer
interface, as the callers always need to have a name string when they
allocate a ref anyway and don't need to calculate and pass its length+1
any more.
Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
René Scharfe [Sat, 18 Oct 2008 08:41:33 +0000 (10:41 +0200)]
use alloc_ref_from_str() everywhere
Replace pairs of alloc_ref() and strcpy() with alloc_ref_from_str(),
simplifying the code.
In connect.c, also a pair of alloc_ref() and memcpy() is replaced --
the additional cost of a strlen() call should not have too much of an
impact. Consistency and simplicity are more important.
In remote.c, the code was allocating 11 bytes more than needed for
the name part, but I couldn't see them being used for anything.
Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
Signed-off-by: Junio C Hamano <gitster@pobox.com>