diff --git a/go.mod b/go.mod index 8a561f317..4bf591778 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-ssm-agent -go 1.24 +go 1.24.0 replace github.com/aws/aws-sdk-go => ./extra/aws-sdk-go @@ -17,7 +17,7 @@ require ( github.com/creack/pty v1.1.11 github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e github.com/fsnotify/fsnotify v1.5.1 - github.com/go-git/go-git/v5 v5.15.0 + github.com/go-git/go-git/v5 v5.16.5 github.com/google/go-github/v61 v61.0.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.6.0 diff --git a/go.sum b/go.sum index 132a2b21d..9c9e43f91 100644 --- a/go.sum +++ b/go.sum @@ -48,8 +48,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.15.0 h1:f5Qn0W0F7ry1iN0ZwIU5m/n7/BKB4hiZfc+zlZx7ly0= -github.com/go-git/go-git/v5 v5.15.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= +github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s= +github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE= github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78= @@ -138,8 +138,6 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= -golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= @@ -149,8 +147,6 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= -golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= @@ -171,20 +167,16 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= -golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o= -golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw= golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= +golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0= -golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU= golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= +golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= diff --git a/vendor/github.com/creack/pty/Dockerfile.riscv b/vendor/github.com/creack/pty/Dockerfile.riscv index cf80bc0ca..adfdf82c8 100644 --- a/vendor/github.com/creack/pty/Dockerfile.riscv +++ b/vendor/github.com/creack/pty/Dockerfile.riscv @@ -1,4 +1,4 @@ -FROM public.ecr.aws/docker/library/golang:1.24 +FROM golang:1.13 # Clone and complie a riscv compatible version of the go compiler. RUN git clone https://review.gerrithub.io/riscv/riscv-go /riscv-go diff --git a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go index 3cd0f952c..e2c77edca 100644 --- a/vendor/github.com/go-git/go-git/v5/options.go +++ b/vendor/github.com/go-git/go-git/v5/options.go @@ -8,6 +8,7 @@ import ( "time" "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/plumbing" formatcfg "github.com/go-git/go-git/v5/plumbing/format/config" @@ -72,9 +73,16 @@ type CloneOptions struct { // Tags describe how the tags will be fetched from the remote repository, // by default is AllTags. Tags TagMode - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // ProxyOptions provides info required for connecting to a proxy. ProxyOptions transport.ProxyOptions @@ -153,9 +161,16 @@ type PullOptions struct { // Force allows the pull to update a local branch even when the remote // branch does not descend from it. Force bool - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // ProxyOptions provides info required for connecting to a proxy. ProxyOptions transport.ProxyOptions @@ -211,9 +226,16 @@ type FetchOptions struct { // Force allows the fetch to update a local branch even when the remote // branch does not descend from it. Force bool - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // ProxyOptions provides info required for connecting to a proxy. ProxyOptions transport.ProxyOptions @@ -267,9 +289,16 @@ type PushOptions struct { // Force allows the push to update a remote branch even when the local // branch does not descend from it. Force bool - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // RequireRemoteRefs only allows a remote ref to be updated if its current // value is the one specified here. @@ -693,9 +722,16 @@ func (o *CreateTagOptions) loadConfigTagger(r *Repository) error { type ListOptions struct { // Auth credentials, if required, to use with the remote repository. Auth transport.AuthMethod - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // PeelingOption defines how peeled objects are handled during a // remote list. diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go index 9afdce301..867553c68 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go @@ -1,9 +1,11 @@ package idxfile import ( - "bufio" "bytes" + "crypto" + "encoding/hex" "errors" + "fmt" "io" "github.com/go-git/go-git/v5/plumbing/hash" @@ -25,12 +27,15 @@ const ( // Decoder reads and decodes idx files from an input stream. type Decoder struct { - *bufio.Reader + io.Reader + h hash.Hash } // NewDecoder builds a new idx stream decoder, that reads from r. func NewDecoder(r io.Reader) *Decoder { - return &Decoder{bufio.NewReader(r)} + h := hash.New(crypto.SHA1) + tr := io.TeeReader(r, h) + return &Decoder{tr, h} } // Decode reads from the stream and decode the content into the MemoryIndex struct. @@ -45,7 +50,7 @@ func (d *Decoder) Decode(idx *MemoryIndex) error { readObjectNames, readCRC32, readOffsets, - readChecksums, + readPackChecksum, } for _, f := range flow { @@ -54,11 +59,21 @@ func (d *Decoder) Decode(idx *MemoryIndex) error { } } + actual := d.h.Sum(nil) + if err := readIdxChecksum(idx, d); err != nil { + return err + } + + if !bytes.Equal(actual, idx.IdxChecksum[:]) { + return fmt.Errorf("%w: checksum mismatch: %q instead of %q", + ErrMalformedIdxFile, hex.EncodeToString(idx.IdxChecksum[:]), hex.EncodeToString(actual)) + } + return nil } func validateHeader(r io.Reader) error { - var h = make([]byte, 4) + h := make([]byte, 4) if _, err := io.ReadFull(r, h); err != nil { return err } @@ -165,11 +180,15 @@ func readOffsets(idx *MemoryIndex, r io.Reader) error { return nil } -func readChecksums(idx *MemoryIndex, r io.Reader) error { +func readPackChecksum(idx *MemoryIndex, r io.Reader) error { if _, err := io.ReadFull(r, idx.PackfileChecksum[:]); err != nil { return err } + return nil +} + +func readIdxChecksum(idx *MemoryIndex, r io.Reader) error { if _, err := io.ReadFull(r, idx.IdxChecksum[:]); err != nil { return err } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go index 9237a7434..136c3e2ac 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go @@ -4,6 +4,7 @@ import ( "bytes" "io" "sort" + "sync" encbin "encoding/binary" @@ -57,8 +58,9 @@ type MemoryIndex struct { PackfileChecksum [hash.Size]byte IdxChecksum [hash.Size]byte - offsetHash map[int64]plumbing.Hash - offsetHashIsFull bool + offsetHash map[int64]plumbing.Hash + offsetBuildOnce sync.Once + mu sync.RWMutex } var _ Index = (*MemoryIndex)(nil) @@ -126,13 +128,13 @@ func (idx *MemoryIndex) FindOffset(h plumbing.Hash) (int64, error) { offset := idx.getOffset(k, i) - if !idx.offsetHashIsFull { - // Save the offset for reverse lookup - if idx.offsetHash == nil { - idx.offsetHash = make(map[int64]plumbing.Hash) - } - idx.offsetHash[int64(offset)] = h + // Save the offset for reverse lookup + idx.mu.Lock() + if idx.offsetHash == nil { + idx.offsetHash = make(map[int64]plumbing.Hash) } + idx.offsetHash[int64(offset)] = h + idx.mu.Unlock() return int64(offset), nil } @@ -173,20 +175,17 @@ func (idx *MemoryIndex) FindHash(o int64) (plumbing.Hash, error) { var hash plumbing.Hash var ok bool - if idx.offsetHash != nil { - if hash, ok = idx.offsetHash[o]; ok { - return hash, nil - } + var genErr error + idx.offsetBuildOnce.Do(func() { + genErr = idx.genOffsetHash() + }) + if genErr != nil { + return plumbing.ZeroHash, genErr } - // Lazily generate the reverse offset/hash map if required. - if !idx.offsetHashIsFull || idx.offsetHash == nil { - if err := idx.genOffsetHash(); err != nil { - return plumbing.ZeroHash, err - } - - hash, ok = idx.offsetHash[o] - } + idx.mu.RLock() + hash, ok = idx.offsetHash[o] + idx.mu.RUnlock() if !ok { return plumbing.ZeroHash, plumbing.ErrObjectNotFound @@ -202,8 +201,7 @@ func (idx *MemoryIndex) genOffsetHash() error { return err } - idx.offsetHash = make(map[int64]plumbing.Hash, count) - idx.offsetHashIsFull = true + offsetHash := make(map[int64]plumbing.Hash, count) var hash plumbing.Hash i := uint32(0) @@ -212,11 +210,15 @@ func (idx *MemoryIndex) genOffsetHash() error { for secondLevel := uint32(0); i < fanoutValue; i++ { copy(hash[:], idx.Names[mappedFirstLevel][secondLevel*objectIDLength:]) offset := int64(idx.getOffset(mappedFirstLevel, int(secondLevel))) - idx.offsetHash[offset] = hash + offsetHash[offset] = hash secondLevel++ } } + idx.mu.Lock() + idx.offsetHash = offsetHash + idx.mu.Unlock() + return nil } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go index d7932f4ea..621883a67 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go @@ -30,7 +30,7 @@ type Reader struct { func NewReader(r io.Reader) (*Reader, error) { zlib, err := sync.GetZlibReader(r) if err != nil { - return nil, packfile.ErrZLib.AddDetails(err.Error()) + return nil, packfile.ErrZLib.AddDetails("%s", err.Error()) } return &Reader{ diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go index 62f1d13cb..2659c27e5 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go @@ -47,7 +47,6 @@ type Parser struct { oi []*objectInfo oiByHash map[plumbing.Hash]*objectInfo oiByOffset map[int64]*objectInfo - checksum plumbing.Hash cache *cache.BufferLRU // delta content by offset, only used if source is not seekable @@ -133,28 +132,27 @@ func (p *Parser) onFooter(h plumbing.Hash) error { // Parse start decoding phase of the packfile. func (p *Parser) Parse() (plumbing.Hash, error) { if err := p.init(); err != nil { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } if err := p.indexObjects(); err != nil { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } - var err error - p.checksum, err = p.scanner.Checksum() + checksum, err := p.scanner.Checksum() if err != nil && err != io.EOF { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } if err := p.resolveDeltas(); err != nil { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } - if err := p.onFooter(p.checksum); err != nil { - return plumbing.ZeroHash, err + if err := p.onFooter(checksum); err != nil { + return plumbing.ZeroHash, wrapEOF(err) } - return p.checksum, nil + return checksum, nil } func (p *Parser) init() error { @@ -218,7 +216,7 @@ func (p *Parser) indexObjects() error { if !ok { // can't find referenced object in this pack file // this must be a "thin" pack. - parent = &objectInfo{ //Placeholder parent + parent = &objectInfo{ // Placeholder parent SHA1: oh.Reference, ExternalRef: true, // mark as an external reference that must be resolved Type: plumbing.AnyObject, @@ -531,6 +529,13 @@ func (p *Parser) readData(w io.Writer, o *objectInfo) error { return nil } +func wrapEOF(err error) error { + if err == io.ErrUnexpectedEOF || err == io.EOF { + return fmt.Errorf("%w: %w", ErrMalformedPackFile, err) + } + return err +} + // applyPatchBase applies the patch to target. // // Note that ota will be updated based on the description in resolveObject. @@ -558,15 +563,6 @@ func applyPatchBase(ota *objectInfo, base io.ReaderAt, delta io.Reader, target i return nil } -func getSHA1(t plumbing.ObjectType, data []byte) (plumbing.Hash, error) { - hasher := plumbing.NewHasher(t, int64(len(data))) - if _, err := hasher.Write(data); err != nil { - return plumbing.ZeroHash, err - } - - return hasher.Sum(), nil -} - type objectInfo struct { Offset int64 Length int64 diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go index 730343ee3..8318aae40 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go @@ -3,12 +3,15 @@ package packfile import ( "bufio" "bytes" + "crypto" + "errors" "fmt" - "hash" + gohash "hash" "hash/crc32" "io" "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/hash" "github.com/go-git/go-git/v5/utils/binary" "github.com/go-git/go-git/v5/utils/ioutil" "github.com/go-git/go-git/v5/utils/sync" @@ -24,6 +27,8 @@ var ( ErrUnsupportedVersion = NewError("unsupported packfile version") // ErrSeekNotSupported returned if seek is not support ErrSeekNotSupported = NewError("not seek support") + // ErrMalformedPackFile is returned by the parser when the pack file is corrupted. + ErrMalformedPackFile = errors.New("malformed PACK file") ) // ObjectHeader contains the information related to the object, this information @@ -37,8 +42,9 @@ type ObjectHeader struct { } type Scanner struct { - r *scannerReader - crc hash.Hash32 + r *scannerReader + crc gohash.Hash32 + packHasher hash.Hash // pendingObject is used to detect if an object has been read, or still // is waiting to be read @@ -56,10 +62,12 @@ func NewScanner(r io.Reader) *Scanner { _, ok := r.(io.ReadSeeker) crc := crc32.NewIEEE() + hasher := hash.New(crypto.SHA1) return &Scanner{ - r: newScannerReader(r, crc), + r: newScannerReader(r, io.MultiWriter(crc, hasher)), crc: crc, IsSeekable: ok, + packHasher: hasher, } } @@ -68,6 +76,7 @@ func (s *Scanner) Reset(r io.Reader) { s.r.Reset(r) s.crc.Reset() + s.packHasher.Reset() s.IsSeekable = ok s.pendingObject = nil s.version = 0 @@ -114,7 +123,7 @@ func (s *Scanner) Header() (version, objects uint32, err error) { // readSignature reads a returns the signature field in the packfile. func (s *Scanner) readSignature() ([]byte, error) { - var sig = make([]byte, 4) + sig := make([]byte, 4) if _, err := io.ReadFull(s.r, sig); err != nil { return []byte{}, err } @@ -322,7 +331,6 @@ func (s *Scanner) NextObject(w io.Writer) (written int64, crc32 uint32, err erro func (s *Scanner) ReadObject() (io.ReadCloser, error) { s.pendingObject = nil zr, err := sync.GetZlibReader(s.r) - if err != nil { return nil, fmt.Errorf("zlib reset error: %s", err) } @@ -374,7 +382,18 @@ func (s *Scanner) Checksum() (plumbing.Hash, error) { return plumbing.ZeroHash, err } - return binary.ReadHash(s.r) + s.r.Flush() + actual := plumbing.Hash(s.packHasher.Sum(nil)) + packChecksum, err := binary.ReadHash(s.r) + if err != nil { + return plumbing.ZeroHash, err + } + + if actual != packChecksum { + return plumbing.ZeroHash, fmt.Errorf("%w: checksum mismatch: %q instead of %q", ErrMalformedPackFile, packChecksum, actual) + } + + return packChecksum, nil } // Close reads the reader until io.EOF @@ -401,17 +420,17 @@ func (s *Scanner) Flush() error { // to the crc32 hash writer. type scannerReader struct { reader io.Reader - crc io.Writer + writer io.Writer rbuf *bufio.Reader wbuf *bufio.Writer offset int64 } -func newScannerReader(r io.Reader, h io.Writer) *scannerReader { +func newScannerReader(r io.Reader, w io.Writer) *scannerReader { sr := &scannerReader{ - rbuf: bufio.NewReader(nil), - wbuf: bufio.NewWriterSize(nil, 64), - crc: h, + rbuf: bufio.NewReader(nil), + wbuf: bufio.NewWriterSize(nil, 64), + writer: w, } sr.Reset(r) @@ -421,7 +440,7 @@ func newScannerReader(r io.Reader, h io.Writer) *scannerReader { func (r *scannerReader) Reset(reader io.Reader) { r.reader = reader r.rbuf.Reset(r.reader) - r.wbuf.Reset(r.crc) + r.wbuf.Reset(r.writer) r.offset = 0 if seeker, ok := r.reader.(io.ReadSeeker); ok { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go index 3d096e18b..78627b065 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go @@ -62,10 +62,55 @@ type Commit struct { ParentHashes []plumbing.Hash // Encoding is the encoding of the commit. Encoding MessageEncoding + // List of extra headers of the commit + ExtraHeaders []ExtraHeader s storer.EncodedObjectStorer } +// ExtraHeader holds any non-standard header +type ExtraHeader struct { + // Header name + Key string + // Value of the header + Value string +} + +// Implement fmt.Formatter for ExtraHeader +func (h ExtraHeader) Format(f fmt.State, verb rune) { + switch verb { + case 'v': + fmt.Fprintf(f, "ExtraHeader{Key: %v, Value: %v}", h.Key, h.Value) + default: + fmt.Fprintf(f, "%s", h.Key) + if len(h.Value) > 0 { + fmt.Fprint(f, " ") + // Content may be spread on multiple lines, if so we need to + // prepend each of them with a space for "continuation". + value := strings.TrimSuffix(h.Value, "\n") + lines := strings.Split(value, "\n") + fmt.Fprint(f, strings.Join(lines, "\n ")) + } + } +} + +// Parse an extra header and indicate whether it may be continue on the next line +func parseExtraHeader(line []byte) (ExtraHeader, bool) { + split := bytes.SplitN(line, []byte{' '}, 2) + + out := ExtraHeader { + Key: string(bytes.TrimRight(split[0], "\n")), + Value: "", + } + + if len(split) == 2 { + out.Value += string(split[1]) + return out, true + } else { + return out, false + } +} + // GetCommit gets a commit from an object storer and decodes it. func GetCommit(s storer.EncodedObjectStorer, h plumbing.Hash) (*Commit, error) { o, err := s.EncodedObject(plumbing.CommitObject, h) @@ -204,6 +249,7 @@ func (c *Commit) Decode(o plumbing.EncodedObject) (err error) { var mergetag bool var pgpsig bool var msgbuf bytes.Buffer + var extraheader *ExtraHeader = nil for { line, err := r.ReadBytes('\n') if err != nil && err != io.EOF { @@ -230,7 +276,19 @@ func (c *Commit) Decode(o plumbing.EncodedObject) (err error) { } } + if extraheader != nil { + if len(line) > 0 && line[0] == ' ' { + extraheader.Value += string(line[1:]) + continue + } else { + extraheader.Value = strings.TrimRight(extraheader.Value, "\n") + c.ExtraHeaders = append(c.ExtraHeaders, *extraheader) + extraheader = nil + } + } + if !message { + original_line := line line = bytes.TrimSpace(line) if len(line) == 0 { message = true @@ -261,6 +319,13 @@ func (c *Commit) Decode(o plumbing.EncodedObject) (err error) { case headerpgp: c.PGPSignature += string(data) + "\n" pgpsig = true + default: + h, maybecontinued := parseExtraHeader(original_line) + if maybecontinued { + extraheader = &h + } else { + c.ExtraHeaders = append(c.ExtraHeaders, h) + } } } else { msgbuf.Write(line) @@ -341,6 +406,13 @@ func (c *Commit) encode(o plumbing.EncodedObject, includeSig bool) (err error) { } } + for _, header := range c.ExtraHeaders { + + if _, err = fmt.Fprintf(w, "\n%s", header); err != nil { + return err + } + } + if c.PGPSignature != "" && includeSig { if _, err = fmt.Fprint(w, "\n"+headerpgp+" "); err != nil { return err diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go index f8d26a28e..2a94083f0 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go @@ -262,9 +262,8 @@ func decodeShallow(p *advRefsDecoder) decoderStateFn { p.line = bytes.TrimPrefix(p.line, shallow) if len(p.line) != hashSize { - p.error(fmt.Sprintf( - "malformed shallow hash: wrong length, expected 40 bytes, read %d bytes", - len(p.line))) + p.error("malformed shallow hash: wrong length, expected 40 bytes, read %d bytes", + len(p.line)) return nil } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go index 1205cfaf1..157fa5690 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go @@ -62,7 +62,7 @@ func (req *ReferenceUpdateRequest) encodeCommands(e *pktline.Encoder, } for _, cmd := range cmds[1:] { - if err := e.Encodef(formatCommand(cmd)); err != nil { + if err := e.Encodef("%s", formatCommand(cmd)); err != nil { return err } } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go index fae1aa98c..b4c5e98be 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go @@ -113,9 +113,17 @@ type Endpoint struct { Port int // Path is the repository path. Path string - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if Protocol is HTTPS. InsecureSkipTLS bool - // CaBundle specify additional ca bundle with system cert pool + // ClientCert specifies an optional client certificate to use for mutual + // TLS authentication if Protocol is HTTPS. + ClientCert []byte + // ClientKey specifies an optional client key to use for mutual TLS + // authentication if Protocol is HTTPS. + ClientKey []byte + // CaBundle specifies an optional CA bundle to use for SSL verification + // if Protocol is HTTPS. The bundle is added in addition to the system + // CA bundle. CaBundle []byte // Proxy provides info required for connecting to a proxy. Proxy ProxyOptions diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go index df01890b2..5dd2e311f 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go @@ -15,12 +15,13 @@ import ( "strings" "sync" + "github.com/golang/groupcache/lru" + "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/protocol/packp" "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability" "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/utils/ioutil" - "github.com/golang/groupcache/lru" ) // it requires a bytes.Buffer, because we need to know the length @@ -185,6 +186,18 @@ func transportWithInsecureTLS(transport *http.Transport) { transport.TLSClientConfig.InsecureSkipVerify = true } +func transportWithClientCert(transport *http.Transport, cert, key []byte) error { + keyPair, err := tls.X509KeyPair(cert, key) + if err != nil { + return err + } + if transport.TLSClientConfig == nil { + transport.TLSClientConfig = &tls.Config{} + } + transport.TLSClientConfig.Certificates = []tls.Certificate{keyPair} + return nil +} + func transportWithCABundle(transport *http.Transport, caBundle []byte) error { rootCAs, err := x509.SystemCertPool() if err != nil { @@ -206,6 +219,11 @@ func transportWithProxy(transport *http.Transport, proxyURL *url.URL) { } func configureTransport(transport *http.Transport, ep *transport.Endpoint) error { + if len(ep.ClientCert) > 0 && len(ep.ClientKey) > 0 { + if err := transportWithClientCert(transport, ep.ClientCert, ep.ClientKey); err != nil { + return err + } + } if len(ep.CaBundle) > 0 { if err := transportWithCABundle(transport, ep.CaBundle); err != nil { return err @@ -230,7 +248,7 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (* // We need to configure the http transport if there are transport specific // options present in the endpoint. - if len(ep.CaBundle) > 0 || ep.InsecureSkipTLS || ep.Proxy.URL != "" { + if len(ep.ClientKey) > 0 || len(ep.ClientCert) > 0 || len(ep.CaBundle) > 0 || ep.InsecureSkipTLS || ep.Proxy.URL != "" { var transport *http.Transport // if the client wasn't configured to have a cache for transports then just configure // the transport and use it directly, otherwise try to use the cache. @@ -242,9 +260,13 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (* } transport = tr.Clone() - configureTransport(transport, ep) + if err := configureTransport(transport, ep); err != nil { + return nil, err + } } else { transportOpts := transportOptions{ + clientCert: string(ep.ClientCert), + clientKey: string(ep.ClientKey), caBundle: string(ep.CaBundle), insecureSkipTLS: ep.InsecureSkipTLS, } @@ -260,7 +282,9 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (* if !found { transport = c.client.Transport.(*http.Transport).Clone() - configureTransport(transport, ep) + if err := configureTransport(transport, ep); err != nil { + return nil, err + } c.addTransport(transportOpts, transport) } } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go index c8db38920..1991d0512 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go @@ -9,8 +9,10 @@ import ( type transportOptions struct { insecureSkipTLS bool // []byte is not comparable. - caBundle string - proxyURL url.URL + clientCert string + clientKey string + caBundle string + proxyURL url.URL } func (c *client) addTransport(opts transportOptions, transport *http.Transport) { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go index 6882e51bb..a61610601 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go @@ -231,7 +231,10 @@ func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) { // /etc/ssh/ssh_known_hosts func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) { kh, err := NewKnownHostsDb(files...) - return kh.HostKeyCallback(), err + if err != nil { + return nil, err + } + return kh.HostKeyCallback(), nil } // NewKnownHostsDb returns knownhosts.HostKeyDB based on a file based on a @@ -311,13 +314,40 @@ type HostKeyCallbackHelper struct { // HostKeyAlgorithms is a list of supported host key algorithms that will // be used for host key verification. HostKeyAlgorithms []string + + // fallback allows for injecting the fallback call, which is called + // when a HostKeyCallback is not set. + fallback func(files ...string) (ssh.HostKeyCallback, error) } // SetHostKeyCallbackAndAlgorithms sets the field HostKeyCallback and HostKeyAlgorithms in the given cfg. // If the host key callback or algorithms is empty it is left empty. It will be handled by the dial method, // falling back to knownhosts. func (m *HostKeyCallbackHelper) SetHostKeyCallbackAndAlgorithms(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { + if cfg == nil { + cfg = &ssh.ClientConfig{} + } + + if m.HostKeyCallback == nil { + if m.fallback == nil { + m.fallback = NewKnownHostsCallback + } + + hkcb, err := m.fallback() + if err != nil { + return nil, fmt.Errorf("cannot create known hosts callback: %w", err) + } + + cfg.HostKeyCallback = hkcb + cfg.HostKeyAlgorithms = m.HostKeyAlgorithms + return cfg, err + } + cfg.HostKeyCallback = m.HostKeyCallback cfg.HostKeyAlgorithms = m.HostKeyAlgorithms return cfg, nil } + +func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { + return m.SetHostKeyCallbackAndAlgorithms(cfg) +} diff --git a/vendor/github.com/go-git/go-git/v5/remote.go b/vendor/github.com/go-git/go-git/v5/remote.go index e2c734e75..730812797 100644 --- a/vendor/github.com/go-git/go-git/v5/remote.go +++ b/vendor/github.com/go-git/go-git/v5/remote.go @@ -114,7 +114,7 @@ func (r *Remote) PushContext(ctx context.Context, o *PushOptions) (err error) { o.RemoteURL = r.c.URLs[len(r.c.URLs)-1] } - s, err := newSendPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.CABundle, o.ProxyOptions) + s, err := newSendPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.ClientCert, o.ClientKey, o.CABundle, o.ProxyOptions) if err != nil { return err } @@ -416,7 +416,7 @@ func (r *Remote) fetch(ctx context.Context, o *FetchOptions) (sto storer.Referen o.RemoteURL = r.c.URLs[0] } - s, err := newUploadPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.CABundle, o.ProxyOptions) + s, err := newUploadPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.ClientCert, o.ClientKey, o.CABundle, o.ProxyOptions) if err != nil { return nil, err } @@ -532,8 +532,8 @@ func depthChanged(before []plumbing.Hash, s storage.Storer) (bool, error) { return false, nil } -func newUploadPackSession(url string, auth transport.AuthMethod, insecure bool, cabundle []byte, proxyOpts transport.ProxyOptions) (transport.UploadPackSession, error) { - c, ep, err := newClient(url, insecure, cabundle, proxyOpts) +func newUploadPackSession(url string, auth transport.AuthMethod, insecure bool, clientCert, clientKey, caBundle []byte, proxyOpts transport.ProxyOptions) (transport.UploadPackSession, error) { + c, ep, err := newClient(url, insecure, clientCert, clientKey, caBundle, proxyOpts) if err != nil { return nil, err } @@ -541,8 +541,8 @@ func newUploadPackSession(url string, auth transport.AuthMethod, insecure bool, return c.NewUploadPackSession(ep, auth) } -func newSendPackSession(url string, auth transport.AuthMethod, insecure bool, cabundle []byte, proxyOpts transport.ProxyOptions) (transport.ReceivePackSession, error) { - c, ep, err := newClient(url, insecure, cabundle, proxyOpts) +func newSendPackSession(url string, auth transport.AuthMethod, insecure bool, clientCert, clientKey, caBundle []byte, proxyOpts transport.ProxyOptions) (transport.ReceivePackSession, error) { + c, ep, err := newClient(url, insecure, clientCert, clientKey, caBundle, proxyOpts) if err != nil { return nil, err } @@ -550,13 +550,15 @@ func newSendPackSession(url string, auth transport.AuthMethod, insecure bool, ca return c.NewReceivePackSession(ep, auth) } -func newClient(url string, insecure bool, cabundle []byte, proxyOpts transport.ProxyOptions) (transport.Transport, *transport.Endpoint, error) { +func newClient(url string, insecure bool, clientCert, clientKey, caBundle []byte, proxyOpts transport.ProxyOptions) (transport.Transport, *transport.Endpoint, error) { ep, err := transport.NewEndpoint(url) if err != nil { return nil, nil, err } ep.InsecureSkipTLS = insecure - ep.CaBundle = cabundle + ep.ClientCert = clientCert + ep.ClientKey = clientKey + ep.CaBundle = caBundle ep.Proxy = proxyOpts c, err := client.NewClient(ep) @@ -1356,7 +1358,7 @@ func (r *Remote) list(ctx context.Context, o *ListOptions) (rfs []*plumbing.Refe return nil, ErrEmptyUrls } - s, err := newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle, o.ProxyOptions) + s, err := newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.ClientCert, o.ClientKey, o.CABundle, o.ProxyOptions) if err != nil { return nil, err } diff --git a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go index 200098e7a..401590544 100644 --- a/vendor/github.com/go-git/go-git/v5/repository.go +++ b/vendor/github.com/go-git/go-git/v5/repository.go @@ -19,6 +19,7 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/osfs" "github.com/go-git/go-billy/v5/util" + "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/internal/path_util" "github.com/go-git/go-git/v5/internal/revision" @@ -930,6 +931,8 @@ func (r *Repository) clone(ctx context.Context, o *CloneOptions) error { Tags: o.Tags, RemoteName: o.RemoteName, InsecureSkipTLS: o.InsecureSkipTLS, + ClientCert: o.ClientCert, + ClientKey: o.ClientKey, CABundle: o.CABundle, ProxyOptions: o.ProxyOptions, }, o.ReferenceName) diff --git a/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go b/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go index 91b4aceae..db82fefde 100644 --- a/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go +++ b/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go @@ -2,6 +2,8 @@ package filesystem import ( "bytes" + "encoding/hex" + "fmt" "io" "os" "sync" @@ -87,6 +89,11 @@ func (s *ObjectStorage) loadIdxFile(h plumbing.Hash) (err error) { return err } + if !bytes.Equal(idxf.PackfileChecksum[:], h[:]) { + return fmt.Errorf("%w: packfile mismatch: target is %q not %q", + idxfile.ErrMalformedIdxFile, hex.EncodeToString(idxf.PackfileChecksum[:]), h.String()) + } + s.index[h] = idxf return err } @@ -186,7 +193,8 @@ func (s *ObjectStorage) HasEncodedObject(h plumbing.Hash) (err error) { } func (s *ObjectStorage) encodedObjectSizeFromUnpacked(h plumbing.Hash) ( - size int64, err error) { + size int64, err error, +) { f, err := s.dir.Object(h) if err != nil { if os.IsNotExist(err) { @@ -274,7 +282,8 @@ func (s *ObjectStorage) storePackfileInCache(hash plumbing.Hash, p *packfile.Pac } func (s *ObjectStorage) encodedObjectSizeFromPackfile(h plumbing.Hash) ( - size int64, err error) { + size int64, err error, +) { if err := s.requireIndex(); err != nil { return 0, err } @@ -310,7 +319,8 @@ func (s *ObjectStorage) encodedObjectSizeFromPackfile(h plumbing.Hash) ( // EncodedObjectSize returns the plaintext size of the given object, // without actually reading the full object data from storage. func (s *ObjectStorage) EncodedObjectSize(h plumbing.Hash) ( - size int64, err error) { + size int64, err error, +) { size, err = s.encodedObjectSizeFromUnpacked(h) if err != nil && err != plumbing.ErrObjectNotFound { return 0, err @@ -371,7 +381,8 @@ func (s *ObjectStorage) EncodedObject(t plumbing.ObjectType, h plumbing.Hash) (p // DeltaObject returns the object with the given hash, by searching for // it in the packfile and the git object directories. func (s *ObjectStorage) DeltaObject(t plumbing.ObjectType, - h plumbing.Hash) (plumbing.EncodedObject, error) { + h plumbing.Hash, +) (plumbing.EncodedObject, error) { obj, err := s.getFromUnpacked(h) if err == plumbing.ErrObjectNotFound { obj, err = s.getFromPackfile(h, true) @@ -451,8 +462,8 @@ var copyBufferPool = sync.Pool{ // Get returns the object with the given hash, by searching for it in // the packfile. func (s *ObjectStorage) getFromPackfile(h plumbing.Hash, canBeDelta bool) ( - plumbing.EncodedObject, error) { - + plumbing.EncodedObject, error, +) { if err := s.requireIndex(); err != nil { return nil, err } @@ -509,9 +520,7 @@ func (s *ObjectStorage) decodeDeltaObjectAt( return nil, err } - var ( - base plumbing.Hash - ) + var base plumbing.Hash switch header.Type { case plumbing.REFDeltaObject: diff --git a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/change.go b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/change.go index 450feb4ba..d32b5a7d4 100644 --- a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/change.go +++ b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/change.go @@ -131,7 +131,9 @@ func (l *Changes) addRecursive(root noder.Path, ctor noderToChangeFn) error { } if !root.IsDir() { - l.Add(ctor(root)) + if !root.Skip() { + l.Add(ctor(root)) + } return nil } @@ -148,7 +150,7 @@ func (l *Changes) addRecursive(root noder.Path, ctor noderToChangeFn) error { } return err } - if current.IsDir() { + if current.IsDir() || current.Skip() { continue } l.Add(ctor(current)) diff --git a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/difftree.go b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/difftree.go index 4ef2d9907..7fc8d02d7 100644 --- a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/difftree.go +++ b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/difftree.go @@ -297,18 +297,16 @@ func DiffTreeContext(ctx context.Context, fromTree, toTree noder.Noder, case noMoreNoders: return ret, nil case onlyFromRemains: - if err = ret.AddRecursiveDelete(from); err != nil { - return nil, err + if !from.Skip() { + if err = ret.AddRecursiveDelete(from); err != nil { + return nil, err + } } if err = ii.nextFrom(); err != nil { return nil, err } case onlyToRemains: - if to.Skip() { - if err = ret.AddRecursiveDelete(to); err != nil { - return nil, err - } - } else { + if !to.Skip() { if err = ret.AddRecursiveInsert(to); err != nil { return nil, err } @@ -317,26 +315,25 @@ func DiffTreeContext(ctx context.Context, fromTree, toTree noder.Noder, return nil, err } case bothHaveNodes: - if from.Skip() { - if err = ret.AddRecursiveDelete(from); err != nil { - return nil, err - } - if err := ii.nextBoth(); err != nil { - return nil, err + var err error + switch { + case from.Skip(): + if from.Name() == to.Name() { + err = ii.nextBoth() + } else { + err = ii.nextFrom() } - break - } - if to.Skip() { - if err = ret.AddRecursiveDelete(to); err != nil { - return nil, err - } - if err := ii.nextBoth(); err != nil { - return nil, err + case to.Skip(): + if from.Name() == to.Name() { + err = ii.nextBoth() + } else { + err = ii.nextTo() } - break + default: + err = diffNodes(&ret, ii) } - if err = diffNodes(&ret, ii); err != nil { + if err != nil { return nil, err } default: diff --git a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/index/node.go b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/index/node.go index c1809f7ec..5bc63f8b2 100644 --- a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/index/node.go +++ b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/index/node.go @@ -36,7 +36,15 @@ func NewRootNode(idx *index.Index) noder.Noder { parent := fullpath fullpath = path.Join(fullpath, part) - if _, ok := m[fullpath]; ok { + // It's possible that the first occurrence of subdirectory is skipped. + // The parent node can be created with SkipWorktree set to true, but + // if any future children do not skip their subtree, the entire lineage + // of the tree needs to have this value set to false so that subdirectories + // are not ignored. + if parentNode, ok := m[fullpath]; ok { + if e.SkipWorktree == false { + parentNode.skip = false + } continue } diff --git a/vendor/github.com/go-git/go-git/v5/worktree.go b/vendor/github.com/go-git/go-git/v5/worktree.go index dded08e99..5e9cd7bd9 100644 --- a/vendor/github.com/go-git/go-git/v5/worktree.go +++ b/vendor/github.com/go-git/go-git/v5/worktree.go @@ -12,6 +12,7 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/util" + "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/filemode" @@ -79,6 +80,8 @@ func (w *Worktree) PullContext(ctx context.Context, o *PullOptions) error { Progress: o.Progress, Force: o.Force, InsecureSkipTLS: o.InsecureSkipTLS, + ClientCert: o.ClientCert, + ClientKey: o.ClientKey, CABundle: o.CABundle, ProxyOptions: o.ProxyOptions, }) @@ -307,13 +310,20 @@ func (w *Worktree) ResetSparsely(opts *ResetOptions, dirs []string) error { return err } + var removedFiles []string if opts.Mode == MixedReset || opts.Mode == MergeReset || opts.Mode == HardReset { - if err := w.resetIndex(t, dirs, opts.Files); err != nil { + if removedFiles, err = w.resetIndex(t, dirs, opts.Files); err != nil { return err } } - if opts.Mode == MergeReset || opts.Mode == HardReset { + if opts.Mode == MergeReset && len(removedFiles) > 0 { + if err := w.resetWorktree(t, removedFiles); err != nil { + return err + } + } + + if opts.Mode == HardReset { if err := w.resetWorktree(t, opts.Files); err != nil { return err } @@ -362,23 +372,24 @@ func (w *Worktree) Reset(opts *ResetOptions) error { return w.ResetSparsely(opts, nil) } -func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) error { +func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) ([]string, error) { idx, err := w.r.Storer.Index() if err != nil { - return err + return nil, err } b := newIndexBuilder(idx) changes, err := w.diffTreeWithStaging(t, true) if err != nil { - return err + return nil, err } + var removedFiles []string for _, ch := range changes { a, err := ch.Action() if err != nil { - return err + return nil, err } var name string @@ -389,7 +400,7 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) err name = ch.To.String() e, err = t.FindEntry(name) if err != nil { - return err + return nil, err } case merkletrie.Delete: name = ch.From.String() @@ -403,6 +414,7 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) err } b.Remove(name) + removedFiles = append(removedFiles, name) if e == nil { continue } @@ -421,7 +433,7 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) err idx.SkipUnless(dirs) } - return w.r.Storer.SetIndex(idx) + return removedFiles, w.r.Storer.SetIndex(idx) } func inFiles(files []string, v string) bool { diff --git a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm index b58dc2b4c..4230fba01 100644 --- a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm +++ b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm @@ -1,4 +1,4 @@ -FROM public.ecr.aws/docker/library/golang:1.24 +FROM golang:1.23@sha256:51a6466e8dbf3e00e422eb0f7a97ac450b2d57b33617bbe8d2ee0bddcd9d0d37 ENV GOOS=linux ENV GOARCH=arm diff --git a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 index 9462d2a8c..59928252a 100644 --- a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 +++ b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 @@ -1,4 +1,4 @@ -FROM public.ecr.aws/docker/library/golang:1.24 +FROM golang:1.23@sha256:51a6466e8dbf3e00e422eb0f7a97ac450b2d57b33617bbe8d2ee0bddcd9d0d37 ENV GOOS=linux ENV GOARCH=arm64 diff --git a/vendor/modules.txt b/vendor/modules.txt index 6a429bf16..df5e815ae 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -177,8 +177,8 @@ github.com/go-git/go-billy/v5/helper/polyfill github.com/go-git/go-billy/v5/memfs github.com/go-git/go-billy/v5/osfs github.com/go-git/go-billy/v5/util -# github.com/go-git/go-git/v5 v5.15.0 -## explicit; go 1.23.0 +# github.com/go-git/go-git/v5 v5.16.5 +## explicit; go 1.24.0 github.com/go-git/go-git/v5 github.com/go-git/go-git/v5/config github.com/go-git/go-git/v5/internal/path_util