Rather than assume all dependencies are required for all programs, split them out. This will make packaging easier, as well as splitting the code to use subprojects. Note that due to the use of config.h semantics, in most cases the got_compat.h header file is now at the top of the .c file it is included in, so that it can handle the system header inclusion properly.

Simply the SHA detection by not predicating on libcrypto, but instead checking individual header files.

Remove sha1.h as this is found portably across systems.

It will soon grow functions to deal with sha256 too. stsp@ agrees.

In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

i.e. "listen: listen: shutting down" -> "listen: shutting down" the procname is already prepended by vlog() ok jamsek

gotd used 0600 (due to mkstemps(3)), gotadmin 0644; change it to 0444 since packfiles shouldn't change once created. Mirrors what git does. ok stsp@

Allow clients to run "got send -d" against gotd. Clients will send a zero-id as new id for a reference and, in the special but more common case of just deleting and not updating, no pack file will be sent. ok and tweaks by stsp@

ok jamsek

Clients will send an empty pack file if they are only creating new references and have no objects to upload. Make gotd handle this and add a regression test which triggers the bug. Problem found by op@. The new regression test caught an unrelated issue where the client connection was left lingering after references had been updated, which made 'got send' followed by 'got clone -l' fail with the connection limit configured for the test suite (just one connection is allowed at a time). Fix this as well. ok op@

ok op, jamsek

ok op@

ok stsp@

The session process takes over the old state definitions under a new name ("session state"). The parent only needs to keep track of whether a client has been granted access, so it only uses two states: NEW, and ACCCESS_GRANTED which is set as soon as the auth process has granted repository access and before the session and repo_read/repo_write children are started. Because 'gotctl info' can no longer observe the session state remove support code for printing it. ok op@

The new session process is able to manipulate files in the repository and keeps track of the read/write client session state. The parent process now restricts its view of the filesystem to the absolute path stored in argv[0], and combines this with unveil "x" on this path. As a result the parent process can only re-exec itself. small tweaks + ok op@