Change-Id: I9b00a4041c19115e81326afd2213b98603f789ad

Tag the version number and API range in the OSGi manifest files
whenever we bump the pom.xml files.

Change-Id: I7c38b51f7139c02bef6b0e67d3f9199cbcdc8a39
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

Because this is the original contribution made under the project's
official license, EMO has tagged it "epl" and dropped it from the
project's IP log.

Change-Id: I55a2a57c570a555f4c86903767d60ae7cfddacbe
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

* push-sideband:
  Reuse the line buffer between strings in PacketLineIn
  http.server: Use TemporaryBuffer and compress some responses
  Reduce multi-level buffered streams in transport code
  Fix smart HTTP client buffer alignment
  Use "ERR message" for early ReceivePack problems
  Catch and report "ERR message" during remote advertisements
  Wait for EOF on stderr before finishing SSH channel
  Capture non-progress side band #2 messages and put in result
  ReceivePack: Enable side-band-64k capability for status reports
  Use more restrictive patterns for sideband progress scraping
  Prefix remote progress tasks with "remote: "
  Decode side-band channel number as unsigned integer
  Refactor SideBandInputStream construction
  Refactor SideBandOutputStream to be buffered

Change-Id: Ic9689e64e8c87971f2fd402cb619082309d5587f

When reading pkt-lines off an InputStream we are quite likely to
consume a whole group of fairly short lines in rapid succession, such
as in the have exchange that occurs in the fetch-pack/upload-pack
protocol.  Rather than allocating a throwaway buffer for each
line's raw byte sequence, reuse a buffer that is equal to the small
side-band packet size, which is 1000 bytes.  Text based pkt-lines
are required to be less than this size because many widely deployed
versions of C Git use a statically allocated array of this length.

Change-Id: Ia5c8e95b85020f7f80b6d269dda5059b092d274d
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

The HTTP server side code now uses the same approach that the smart
HTTP client code uses when preparing a request body.  The payload
is streamed into a TemporaryBuffer of limited size.  If the entire
data fits, its compressed with gzip if the user agent supports that,
and a Content-Length header is used to transmit the fixed length
body to the peer.  If however the data overflows the limited memory
segment, its streamed uncompressed to the peer.

One might initially think that larger contents which overflow
the buffer should also be compressed, rather than sent raw, since
they were deemed "large".  But usually these larger contents are
actually a pack file which has been already heavily compressed by
Git specific routines.  Trying to deflate that with gzip is probably
going to take up more space, not less, so the compression overhead
isn't worthwhile.

This buffer and compress optimization helps repositories with a
large number of references, as their text based advertisements
compress well. For example jgit's own native repository currently
requires 32,628 bytes for its full advertisement of 489 references.
Most repositories have fewer references, and thus could compress
their entire response in one buffer.

Change-Id: I790609c9f763339e0a1db9172aa570e29af96f42
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

Some transports actually provide stream buffering on their own,
without needing to be wrapped up inside of a BufferedInputStream in
order to smooth out system calls to read or write.  A great example
of this is the JSch SSH client, or the Apache MINA SSHD server.
Both use custom buffering to packetize the streams into the encrypted
SSH channel, and wrapping them up inside of a BufferedInputStream
or BufferedOutputStream is relatively pointless.

Our SideBandOutputStream implementation also provides some fairly
large buffering, equal to one complete side-band packet on the main
data channel.  Wrapping that inside of a BufferedOutputStream just to
smooth out small writes from PackWriter causes extra data copies, and
provides no advantage.  We can save some memory and some CPU cycles
by letting PackWriter dump directly into the SideBandOutputStream's
internal buffer array.

Instead we push the buffering streams down to be as close to the
network socket (or operating system pipe) as possible.  This allows
us to smooth out the smaller reads/writes from pkt-line messages
during advertisement and negotation, but avoid copying altogether
when the stream switches to larger writes over a side band channel.

Change-Id: I2f6f16caee64783c77d3dd1b2a41b3cc0c64c159
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

This proved to be a pretty difficult to find bug.  If we read exactly
the number of response bytes from the UnionInputStream and didn't
try to read beyond that length, the last connection's InputStream is
still inside of the UnionInputStream, and UnionInputStream.isEmpty()
returns false.  But there is no data present, so the next read
request to our UnionInputStream returns EOF at a point where the
HTTP client code should have started a new request in order to get
more data.

Instead of wrapping the UnionInputStream, push an dummy stream onto
the end of it which when invoked always starts the next request and
then returns EOF.  The UnionInputStream will automatically pop that
dummy stream out, and then read the next request's stream.

This way we never get into the state where we don't think we need
to run another request in order to satisfy the current read request,
but we really do.

The bug was hidden for so long because BasePackConnection.init()
was always wrapping the InputStream into a BufferedInputStream
with an 8 KiB buffer.  This made the odds of us reading from the
UnionInputStream the exact number of available bytes quite low, as
the BufferedInputStream would always try to read a full buffer size.

Change-Id: I02b5ec3ef6853688687d91de000a5fbe2354915d
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

If the application wants to, it can use sendError(String) to send one
or more error messages to clients before the advertisements are sent.
These will cause a C Git client to break out of the advertisement
parsing loop, display "remote error: message\n", and terminate.

Servers can optionally use this to send a detailed error to a client
explaining why it cannot use the ReceivePack service on a repository.
Over smart HTTP these errors are sent in a 200 OK response, and
are in the payload, allowing the Git client to give the end-user
the custom message rather than the generic error "403 Forbidden".

Change-Id: I03f4345183765d21002118617174c77f71427b5a
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

GitHub broke the native git protocol a while ago by interjecting an
"ERR message" line into the upload-pack or receive-pack advertisement
list.  This didn't match the expected pattern, so it caused existing
C Git clients to abort with a protocol exception.

These days, C Git clients actually look for this message and abort
with a more graceful notice to the end-user.  JGit should do the
same, including setting up a custom exception type that makes it
easier for higher-level UIs to identify a message from the remote
site and present it to the user.

Change-Id: I51ab62a382cfaf1082210e8bfaa69506fd0d9786
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

JSch will allow us to close the connection and then just drop
any late messages coming over the stderr stream for the command.
This makes it easy to lose final output on a command, like from
Gerrit Code Review's post receive hook.

Instead spawn a background thread to copy data from JSch's pipe
into our own buffer, and wait for that thread to receive EOF on the
pipe before we declare the connection closed. This way we don't
have a race condition between the stderr data arriving and JSch
just tearing down the channel.

Change-Id: Ica1ba40ed2b4b6efb7d5e4ea240efc0a56fb71f6
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

Any messages received on side band #2 that aren't scraped as a
progress message into our ProgressMonitor are now forwarded to a
buffer which is later included into the OperationResult object.
Application callers can use this buffer to present the additional
messages from the remote peer after the push or fetch operation
has concluded.

The smart push connections using the native send-pack/receive-pack
protocol now request side-band-64k capability if it is available
and forward any messages received through that channel onto this
message buffer.  This makes hook messages available over smart HTTP,
or even over SSH.

The SSH transport was modified to redirect the remote command's
stderr stream into the message buffer, interleaved with any data
received over side band #2.  Due to buffering between these two
different channels in the SSH channel mux itself the order of any
writes between the two cannot be ensured, but it tries to stay close.

The local fork transport was also modified to redirect the local
receive-pack's stderr into the message buffer, rather than going to
the invoking JVM's System.err.  This gives applications a chance
to log the local error messages, rather than needing to redirect
their JVM's stderr before startup.

To keep things simple, the application has to wait for the entire
operation to complete before it can see the messages.  This may
be a downside if the user is trying to debug a remote hook that is
blocking indefinitely, the user would need to abort the connection
before they can inspect the message buffer in any sort of UI built
on top of JGit.

Change-Id: Ibc215f4569e63071da5b7e5c6674ce924ae39e11
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

We now advertise the side-band-64k capability inside of ReceivePack,
allowing hooks to echo status messages down the side band channel
instead of over the optional stderr stream.

This change permits hooks running inside of an http:// based push
invocation to still message the end-user with more detailed errors
than the small per-command string in the status report.

Change-Id: I64f251ef2d13ab3fd0e1a319a4683725455e5244
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

To avoid scraping a non-progress message as though it were a progress
item for the progress monitor, use a more restrictive pattern to
watch the remote side's messages.  These two regexps should match
any message produced by C Git since 42e18fbf5f94 ("more compact
progress display", Oct 2007), and which first appeared in Git 1.5.4.

Change-Id: I57e34cf59d42c1dbcbd1a83dd6f499ce5e39d15d
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

When we pull task messages off the remote peer via sideband #2
prefix them with the string "remote: " to make it clear to the
user these are coming from the other system, and not from their
local client.

Change-Id: I02c5e67c6be67e30e40d3bc4be314d6640feb519
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

This field is unsigned in the protocol, so treat it
as such when we report the channel number in errors.

Change-Id: I20a52809c7a756e9f66b3557a4300ae1e11f6d25
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

Typically we refer to the raw InputStream (the stream without the
pkt-line headers on it) as rawIn, and the pkt-line header variant
as pckIn.  Refactor our fields to reflect that.  To ensure these
are actually the same underlying InputStream, we now create our own
PacketLineIn wrapper around the supplied raw InputStream.  Its a
very low-cost object since it has only the 4 byte length buffer.

Instead of hardcoding the header length as 5, use the constant from
SideBandOutputStream.  This makes it a bit more clear what we are
consuming, exactly here.

Change-Id: Iebd05538042913536b88c3ddc3adc3a86a841cc5
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

Instead of relying on our callers to wrap us up inside of a
BufferedOutputStream and using the proper block sizing, do the
buffering directly inside of SideBandOutputStream.  This ensures
we don't get large write-throughs from BufferedOutputStream that
might overflow the configured packet size.

The constructor of SideBandOutputStream is also beefed up to check
its arguments and ensure they are within acceptable ranges for the
current side-band protocol.

Change-Id: Ic14567327d03c9e972f9734b8228178bc448867d
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

The tests were using a Locale.ROOT constant which was introduced
in Java 6.  However, we need to retain Java 5 support.

Change-Id: I75c5648fcfc728a9aea2e839d2ad0320f5cf742f
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
CC: Sasa Zivkov <sasa.zivkov@sap.com>

This has been approved for use under the EDL.

Change-Id: I9142d8e7d53533f97f85c21b90ff93ee566564b5
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

The initial contribution was handled through a CQ, and does not need
to be reported as an individual bug record in the project's IP log.
Its an odd corner case that the EMO IP team doesn't want to see,
even though its technically a contribution written by at least
some non-committers.

The project.skipCommit variable can now be used to mask out any
particular change from the IP log.  Currently within JGit we want
to mask only the initial commit, but others could be masked if the
need arises.

Change-Id: I598e08137ddc5913284471ee2aa545f4df685023
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

We need at least one project definition to dump out a reasonably
sane IP log file in XML format.

Change-Id: I5cfcd70cd98e29159014cf3dbf0433dd9c49d49c
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

The initial commit line counts where wrong in the IP log, as we
were incrementing the file pointer by not the number of bytes in
the line, but the offset of the start of the next line.

Change-Id: Ia220ba235e9fa522f3f5591b76652c174bcb094d
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

If the login fails due to an invalid username or password, the only
way we can tell this is by looking at the page title and seeing if
the error message "Invalid Username or Password" is present.

If the user made a typo on their password, we shouldn't plow through
and try to run a query.  Doing so returns an HTML login page that
can't be parsed as a CSV file.

Change-Id: Ia6d7f862435a52ae09ebe29c3835bcee3cf73b93
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

If we can't find a Git repository after searching all the way up
to the filesystem root, JGit threw an NPE because we tried to get
the path of null.

Change-Id: I4e42364aeba53993c0ea528a9aeba3f08c7b3321
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Reviewed-by: Robin Rosenberg <robin.rosenberg@dewire.com>

The support for NLS relies on java.util API to load a standard
ResourceBundle and then uses java reflection API to inject localized
strings into public String fields of the corresponding instance
of TranslationBundle.

Locale setting is supported per thread to enable concurrent threads
to use different locales. This is useful when JGit runs in a server
context where (error) messages might need to differ per-request to
suit the user's preference.

Change-Id: Ie0e63a0d7bb74eaad495dbe8248595d8a3a76883
Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>

The script merges explicit copyright statements in all Java
sources with author information from git history, updates the
copyright headers accordingly, and updates the license headers
to EDL.  For recognized copyright formats see the test data in
tools/fix-headers.tst.

To fix headers only in the current working directory:

  ./tools/fix-headers.pl

To fix the headers for all revisions (don't do this if you don't
understand the implications of rewriting history) run:

  ./tools/rewrite-history.sh

Authors are mapped to employer copyright statements through a
hardcoded table in the top of the script.  This is a crude but
simple way to list date ranges under which certain changes need
to be attributed to copyright holders other than the author.

Change-Id: I654d758658cded02d91324c385f336bcc57fd85f
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

When implementing branch read access, we need to prove that the
newly created reference(s) point to objects that the user can see.

There are two ways that an object is reachable:
1)  It's reachable from a branch or change the user can see
2)  It was uploaded as part of the pack file the user sent us

This change adds additional methods in ReceivePack that will allow a
server to check the above conditions, in order to ensure that a user
is not trying to create a reference that they cannot see, or that a
malicious user isn't attempting to forge the SHA-1 of an object that
they cannot see in order to base a change off of it.

Change-Id: Ieba75b4f0331e06a03417c37f4ae1ebca4fbee5a

If the readAdvertisedRefs() method throws an exception, its already
closed the connection and wrapped the underlying cause inside of a
suitable TransportException object that it is throwing.  We shouldn't
catch IOException and rethrow a wrapped copy here, because we'll double
wrap the exception thrown by readAdvertisedRefs.  This may obsecure the
root cause of the connection failure from the end-user.

Change-Id: I0ca61560f9888c666323dac8a5582aab25e897ff
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

If the build server is really busy, we might wait longer than 250 ms
before being interrupted, simply because one of our threads couldn't
be scheduled onto a CPU.  Don't make that cause a test failure.
Instead tolerate longer than expected waits, but not shorter waits.

Change-Id: I64511eec24b49e33928451e4c8b8c124eddaf0c2
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

When a user of ReceivePack or UploadPack wants to control what refs
are sent to the client, for instance when some refs should be hidden
from some clients, this interface can be extended to provide a fine
grained control over what refs are sent to the client.

Change-Id: Ie6320b0f8922e1a5e1bad91c016bd476ea094366

The boolean field sentCommand is always true at this point, as it
was assigned just 5 lines above.  So we always set the status of
the update command object to AWAITING_REPORT.

Simplify the logic by dropping the ?: operator.  I assume this is
older code from an attempt to manage dry-run push support within
the native connection, but in fact dry-run support is done higher
up inside of PushProcess.

Change-Id: I450d491bbbb5afecdbf5444ab7169222e856a3bb
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

JGit relies on JUnit 3, not JUnit 4.

Change-Id: Ic5a0ae1564d7744c203321857fc603e7008dbf13
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

Change-Id: I17e2c22498092d25dace88319698626ce55df822

Somehow we missed setting this up for the project.

Change-Id: Id55a6415f5fd03a7cd9d4d4ecbdd726cef79430d
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>

Change-Id: Ie4133083a1cb1730f3dba52c0b8d359c7ed845e6
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>