Rather than assume all dependencies are required for all programs, split them out. This will make packaging easier, as well as splitting the code to use subprojects. Note that due to the use of config.h semantics, in most cases the got_compat.h header file is now at the top of the .c file it is included in, so that it can handle the system header inclusion properly.

This adds a set of functions to abstract over SHA1Init, SHA1Update, SHA1Final, their respective SHA256 variants and how to compare digests. Replace all the SHA1*() usage with the new APIs. It's a preparatory step for sha256 handling. ok stsp@

This is included portably.

Simply the SHA detection by not predicating on libcrypto, but instead checking individual header files.

Remove sha1.h as this is found portably across systems.

It will soon grow functions to deal with sha256 too. stsp@ agrees.

In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

ok stsp

ok op@

add_delta already calls got_delta_open casting the size_t to off_t, and all the add_delta callers pass an off_t anyway; fixes an implicit off_t truncation. ok stsp@

It's only a preparatory step, as checking whether a size_t is less than SIZE_MAX is moot. In a follow-up commit, however, the `filesize' field of the struct got_pack will become off_t and these checks will kick in. This also makes consistent how we guard mmap(2) against empty files. ok and improvements stsp@

off_t is a signed type and depending on the platform, it can be "long" or "long long", so cast to long long for printf().

The tslen argument is always in the (1..9) range so `int' is technically fine (even int8_t would be!) but all the callers are passing a size_t, so change the type accordingly. ok stsp@

Prevents a dead-lock in 'tog log' where tog wants to exit (e.g. because the user pressed Ctrl-C) while a got-read-pack child process wants to send more commits. Closing the parent's pipe descriptor makes writes to the pipe fail in the child process. The child then unwinds via an ERR_EOF error and exits, instead of forever polling its end of the pipe in order to write more data. ok jamsek

off_t is a signed type and depending on the platform, it can be "long" or "long long", so cast to long long for printf(). ok stsp

Now that the handling of including sys/queue.h is better, there's no need to remove those lines from the source. Copy the location of those original sys/queue.h lines from upstream at the same line number, so as to avoid any conflicts in the future.

This prepares for callers of got_repo_open() that cannot afford to open files in /tmp, such as gotwebd. In a follow-up change, we could ask such callers to pass in the required amount of open temporary files. One consequence is that got_repo_open() now requires the "cpath" pledge promise. Add the "cpath" promise to affected callers and remove it once the repository has been opened. ok tracey