There's no need to set the fd to -1 on ibufs created with imsg_create(3), and it was probably never needed.

While here also fix a fd leak in got-read-pack. We were dup'ing imsg.fd without closing imsg.fd later; instead just use imsg_get_fd() to extract the file descriptor. Tested by falsifian and Kyle Ackerman, thanks! 'go ahead' stsp@

ok op, jamsek

Move some functions from object_parse.c into hash.c. These functions either require hash.c code anyway or contain object ID implementation internals. Add a new file object_qid.c, for got_object_id_queue and got_object_qid. This new file must be linked to virtually every program.

Rather than assume all dependencies are required for all programs, split them out. This will make packaging easier, as well as splitting the code to use subprojects. Note that due to the use of config.h semantics, in most cases the got_compat.h header file is now at the top of the .c file it is included in, so that it can handle the system header inclusion properly.

The sending and receiving side are sending the data differently. It works now by chance since a struct got_object_id is "just" a SHA1_DIGEST_LENGTH sized buffer, but will break in the future. Furthermore, the structure of the data as described in got_lib_privsep.h is not respected, as the path_len field is not transmitted. Change it to send/receive a whole struct got_object_id, the path without the NUL and the proper length. (The path is also actually mandatory, so assert it too.) improvements + ok stsp@

Simply the SHA detection by not predicating on libcrypto, but instead checking individual header files.

Remove sha1.h as this is found portably across systems.

In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

change got_img_commit_painting_request, got_imsg_tag_object and the data of GOT_IMSG_TRAVERSED_COMMITS not to copy the sha1 digest to the imsg buffer and then from it to a new struct got_object_id but send directly the whole struct. ok stsp@

ok stsp@

ok stsp@

Keep track of parent commits that will be processed as part of looping over the commit queue provided by the main process, and do not add these commits to the queue again. Fixes pointless traversal of commits on the queue which will simply be skipped. The end result is the same either way. ok tracey

got-read-pack forgot to send a tree-enumeration-done message to the main process if the tree of a given commit had already been traversed. The main process would then not add the corresponding commit to the pack file, even though it should be added. Found while using 'got send' towards gotd in order to populate an empty repository on the server with non-trivial history, where some commits always ended up missing due to this bug. ok tracey

ok op@

It's only a preparatory step, as checking whether a size_t is less than SIZE_MAX is moot. In a follow-up commit, however, the `filesize' field of the struct got_pack will become off_t and these checks will kick in. This also makes consistent how we guard mmap(2) against empty files. ok and improvements stsp@

ok millert@

ok stsp@

Now that the handling of including sys/queue.h is better, there's no need to remove those lines from the source. Copy the location of those original sys/queue.h lines from upstream at the same line number, so as to avoid any conflicts in the future.

ok op, tracey

Thanks to the design of Got, the libexec helpers don't need any resource (in fact they run under pledge "stdio recvfd" on OpenBSD) and so using cap_enter(2) on FreeBSD is dead-easy. While the main process can't be sandboxed on FreeBSD (needs to exec the helpers), all the tough work is done by these small libexec helpers which is also the biggest attack surface. tested by naddy, ok thomas