rename lib/sha1.c to lib/hash.c It will soon grow functions to deal with sha256 too. stsp@ agrees.

include sha2.h too where sha1.h is included In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

drop double process name from some gotd logs i.e. "listen: listen: shutting down" -> "listen: shutting down" the procname is already prepended by vlog() ok jamsek

rename a function for clarity

zap trailing whitespace

gotd, gotadmin: install packfiles and index files as 0444 gotd used 0600 (due to mkstemps(3)), gotadmin 0644; change it to 0444 since packfiles shouldn't change once created. Mirrors what git does. ok stsp@

gotd: implement the delete-refs capability Allow clients to run "got send -d" against gotd. Clients will send a zero-id as new id for a reference and, in the special but more common case of just deleting and not updating, no pack file will be sent. ok and tweaks by stsp@

make gotd session process accept just one flush packet at a time ok jamsek

gotd: fix "bad packfile with zero objects" error while creating branches Clients will send an empty pack file if they are only creating new references and have no objects to upload. Make gotd handle this and add a regression test which triggers the bug. Problem found by op@. The new regression test caught an unrelated issue where the client connection was left lingering after references had been updated, which made 'got send' followed by 'got clone -l' fail with the connection limit configured for the test suite (just one connection is allowed at a time). Fix this as well. ok op@

fix an issue where gotd fails to accept multiple have-lines from clients ok op, jamsek

fix an issue where multiple ref-updates are rejected by gotd ok op@

replace malloc+memcpy with strndup. no functional change intended ok stsp@

update client state tracking in the gotd parent process The session process takes over the old state definitions under a new name ("session state"). The parent only needs to keep track of whether a client has been granted access, so it only uses two states: NEW, and ACCCESS_GRANTED which is set as soon as the auth process has granted repository access and before the session and repo_read/repo_write children are started. Because 'gotctl info' can no longer observe the session state remove support code for printing it. ok op@

do not forget to initialize delta_cache_fd in the session process

add a gotd session process, split off from the parent process The new session process is able to manipulate files in the repository and keeps track of the read/write client session state. The parent process now restricts its view of the filesystem to the absolute path stored in argv[0], and combines this with unveil "x" on this path. As a result the parent process can only re-exec itself. small tweaks + ok op@