rename sha1.c to hash.c

include sha2.h where sha1.h was included

sed -i s/sha1/hash not exactly, some "hash" were changed back to "sha1" for the time being.

typo and style(9): do not use function calls in initialisers. ok stsp@

gotd: implement the delete-refs capability Allow clients to run "got send -d" against gotd. Clients will send a zero-id as new id for a reference and, in the special but more common case of just deleting and not updating, no pack file will be sent. ok and tweaks by stsp@

gotd: fix "bad packfile with zero objects" error while creating branches Clients will send an empty pack file if they are only creating new references and have no objects to upload. Make gotd handle this and add a regression test which triggers the bug. Problem found by op@. The new regression test caught an unrelated issue where the client connection was left lingering after references had been updated, which made 'got send' followed by 'got clone -l' fail with the connection limit configured for the test suite (just one connection is allowed at a time). Fix this as well. ok op@

replace malloc+memcpy with strndup. no functional change intended ok stsp@

gotd: delete trailing blanks spotted while re-reading

add a gotd session process, split off from the parent process The new session process is able to manipulate files in the repository and keeps track of the read/write client session state. The parent process now restricts its view of the filesystem to the absolute path stored in argv[0], and combines this with unveil "x" on this path. As a result the parent process can only re-exec itself. small tweaks + ok op@

convert gotd repo_read.c and repo_write.c to single-client Because these processes are now started on demand per client connection there is no need to keep track of multiple clients anymore. Also, these processes can now exit when a disconnect event is received. ok op, jamsek

fork gotd repo_read/repo_write children on demand ok op, jamsek

switch gotd from chroot(2) to unveil(2) In the future, gotd will fork+exec new processes for each client connection. Using unveil instead of chroot avoids having to start such processes as root. The -portable version could use chroot(2) where no equivalent to unveil(2) exists. A future component which starts new processes will be isolated as a separate process, which could run as root in the -portable version. ok op@

rename GOTD_SOCK_FILENO to GOTD_FILENO_MSG_PIPE for clarity (it's not a socket)

fix typo which caused a double-free in gotd repo_write_shutdown()

remove sendfd pledge promise from gotd repo_write process Have the parent process send one end of the pipe directly to gotsh(1), such that repo_write can run without "sendfd". Combining "sendfd" and "recvfd" in the same process is frowned upon. ok tracey