From 966253db757948d4e0738c5c1fac5b694f0d042d Mon Sep 17 00:00:00 2001 From: Eric Sesterhenn Date: Mon, 14 Oct 2024 14:04:08 -0700 Subject: fuzz: port fuzz-credential-from-url-gently from OSS-Fuzz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git's fuzz tests are run continuously as part of OSS-Fuzz [1]. Several additional fuzz tests have been contributed directly to OSS-Fuzz; however, these tests are vulnerable to bitrot because they are not built during Git's CI runs, and thus breaking changes are much less likely to be noticed by Git contributors. Port one of these tests back to the Git project: fuzz-credential-from-url-gently This test was originally written by Eric Sesterhenn as part of a security audit of Git [2]. It was then contributed to the OSS-Fuzz repo in commit c58ac4492 (Git fuzzing: uncomment the existing and add new targets. (#11486), 2024-02-21) by Jaroslav Lobačevski. I (Josh Steadmon) have verified with both Eric and Jaroslav that they're OK with moving this test to the Git project. [1] https://github.com/google/oss-fuzz [2] https://ostif.org/wp-content/uploads/2023/01/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf Co-authored-by: Jaroslav Lobačevski Co-authored-by: Josh Steadmon Signed-off-by: Josh Steadmon Signed-off-by: Taylor Blau --- ci/run-build-and-minimal-fuzzers.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'ci') diff --git a/ci/run-build-and-minimal-fuzzers.sh b/ci/run-build-and-minimal-fuzzers.sh index af8065f349..631796ab8b 100755 --- a/ci/run-build-and-minimal-fuzzers.sh +++ b/ci/run-build-and-minimal-fuzzers.sh @@ -13,7 +13,16 @@ group "Build fuzzers" make \ LIB_FUZZING_ENGINE="-fsanitize=fuzzer,address" \ fuzz-all -for fuzzer in commit-graph config date pack-headers pack-idx ; do +fuzzers=" +commit-graph +config +credential-from-url-gently +date +pack-headers +pack-idx +" + +for fuzzer in $fuzzers; do begin_group "fuzz-$fuzzer" ./oss-fuzz/fuzz-$fuzzer -verbosity=0 -runs=1 || exit 1 end_group "fuzz-$fuzzer" -- cgit v1.3 From 72686d4e5e9a7236b9716368d86fae5bf1ae6156 Mon Sep 17 00:00:00 2001 From: Eric Sesterhenn Date: Mon, 14 Oct 2024 14:04:09 -0700 Subject: fuzz: port fuzz-parse-attr-line from OSS-Fuzz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git's fuzz tests are run continuously as part of OSS-Fuzz [1]. Several additional fuzz tests have been contributed directly to OSS-Fuzz; however, these tests are vulnerable to bitrot because they are not built during Git's CI runs, and thus breaking changes are much less likely to be noticed by Git contributors. Port one of these tests back to the Git project: fuzz-parse-attr-line This test was originally written by Eric Sesterhenn as part of a security audit of Git [2]. It was then contributed to the OSS-Fuzz repo in commit c58ac4492 (Git fuzzing: uncomment the existing and add new targets. (#11486), 2024-02-21) by Jaroslav Lobačevski. I (Josh Steadmon) have verified with both Eric and Jaroslav that they're OK with moving this test to the Git project. [1] https://github.com/google/oss-fuzz [2] https://ostif.org/wp-content/uploads/2023/01/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf Co-authored-by: Jaroslav Lobačevski Co-authored-by: Josh Steadmon Signed-off-by: Josh Steadmon Signed-off-by: Taylor Blau --- Makefile | 1 + attr.c | 40 ++-------------------------------- attr.h | 43 +++++++++++++++++++++++++++++++++++++ ci/run-build-and-minimal-fuzzers.sh | 1 + oss-fuzz/.gitignore | 1 + oss-fuzz/fuzz-parse-attr-line.c | 39 +++++++++++++++++++++++++++++++++ 6 files changed, 87 insertions(+), 38 deletions(-) create mode 100644 oss-fuzz/fuzz-parse-attr-line.c (limited to 'ci') diff --git a/Makefile b/Makefile index 22f7585f74..cfbbd70fdc 100644 --- a/Makefile +++ b/Makefile @@ -2426,6 +2426,7 @@ FUZZ_OBJS += oss-fuzz/fuzz-credential-from-url-gently.o FUZZ_OBJS += oss-fuzz/fuzz-date.o FUZZ_OBJS += oss-fuzz/fuzz-pack-headers.o FUZZ_OBJS += oss-fuzz/fuzz-pack-idx.o +FUZZ_OBJS += oss-fuzz/fuzz-parse-attr-line.o .PHONY: fuzz-objs fuzz-objs: $(FUZZ_OBJS) diff --git a/attr.c b/attr.c index c605d2c170..192936c4bc 100644 --- a/attr.c +++ b/attr.c @@ -259,42 +259,6 @@ const struct git_attr *git_attr(const char *name) return git_attr_internal(name, strlen(name)); } -/* What does a matched pattern decide? */ -struct attr_state { - const struct git_attr *attr; - const char *setto; -}; - -struct pattern { - const char *pattern; - int patternlen; - int nowildcardlen; - unsigned flags; /* PATTERN_FLAG_* */ -}; - -/* - * One rule, as from a .gitattributes file. - * - * If is_macro is true, then u.attr is a pointer to the git_attr being - * defined. - * - * If is_macro is false, then u.pat is the filename pattern to which the - * rule applies. - * - * In either case, num_attr is the number of attributes affected by - * this rule, and state is an array listing them. The attributes are - * listed as they appear in the file (macros unexpanded). - */ -struct match_attr { - union { - struct pattern pat; - const struct git_attr *attr; - } u; - char is_macro; - size_t num_attr; - struct attr_state state[FLEX_ARRAY]; -}; - static const char blank[] = " \t\r\n"; /* Flags usable in read_attr() and parse_attr_line() family of functions. */ @@ -353,8 +317,8 @@ static const char *parse_attr(const char *src, int lineno, const char *cp, return ep + strspn(ep, blank); } -static struct match_attr *parse_attr_line(const char *line, const char *src, - int lineno, unsigned flags) +struct match_attr *parse_attr_line(const char *line, const char *src, + int lineno, unsigned flags) { size_t namelen, num_attr, i; const char *cp, *name, *states; diff --git a/attr.h b/attr.h index bb33b60880..a04a521092 100644 --- a/attr.h +++ b/attr.h @@ -240,4 +240,47 @@ int git_attr_system_is_enabled(void); extern char *git_attr_tree; +/* + * Exposed for fuzz-testing only. + */ + +/* What does a matched pattern decide? */ +struct attr_state { + const struct git_attr *attr; + const char *setto; +}; + +struct pattern { + const char *pattern; + int patternlen; + int nowildcardlen; + unsigned flags; /* PATTERN_FLAG_* */ +}; + +/* + * One rule, as from a .gitattributes file. + * + * If is_macro is true, then u.attr is a pointer to the git_attr being + * defined. + * + * If is_macro is false, then u.pat is the filename pattern to which the + * rule applies. + * + * In either case, num_attr is the number of attributes affected by + * this rule, and state is an array listing them. The attributes are + * listed as they appear in the file (macros unexpanded). + */ +struct match_attr { + union { + struct pattern pat; + const struct git_attr *attr; + } u; + char is_macro; + size_t num_attr; + struct attr_state state[FLEX_ARRAY]; +}; + +struct match_attr *parse_attr_line(const char *line, const char *src, + int lineno, unsigned flags); + #endif /* ATTR_H */ diff --git a/ci/run-build-and-minimal-fuzzers.sh b/ci/run-build-and-minimal-fuzzers.sh index 631796ab8b..13c85320d6 100755 --- a/ci/run-build-and-minimal-fuzzers.sh +++ b/ci/run-build-and-minimal-fuzzers.sh @@ -20,6 +20,7 @@ credential-from-url-gently date pack-headers pack-idx +parse-attr-line " for fuzzer in $fuzzers; do diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore index 2cfc845b20..ec185f061c 100644 --- a/oss-fuzz/.gitignore +++ b/oss-fuzz/.gitignore @@ -4,3 +4,4 @@ fuzz-credential-from-url-gently fuzz-date fuzz-pack-headers fuzz-pack-idx +fuzz-parse-attr-line diff --git a/oss-fuzz/fuzz-parse-attr-line.c b/oss-fuzz/fuzz-parse-attr-line.c new file mode 100644 index 0000000000..45a4c4e53c --- /dev/null +++ b/oss-fuzz/fuzz-parse-attr-line.c @@ -0,0 +1,39 @@ +#include "git-compat-util.h" +#include +#include +#include +#include +#include "attr.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct match_attr *res; + char *buf; + + buf = malloc(size + 1); + if (!buf) + return 0; + + memcpy(buf, data, size); + buf[size] = 0; + + res = parse_attr_line(buf, "dummy", 0, 0); + + if (res) { + int j; + for (j = 0; j < res->num_attr; j++) { + const char *setto = res->state[j].setto; + if (ATTR_TRUE(setto) || ATTR_FALSE(setto) || + ATTR_UNSET(setto)) + ; + else + free((char *)setto); + } + free(res); + } + free(buf); + + return 0; +} -- cgit v1.3 From 751d063f27a1d3c77ef092d4737524c55c65d972 Mon Sep 17 00:00:00 2001 From: Eric Sesterhenn Date: Mon, 14 Oct 2024 14:04:10 -0700 Subject: fuzz: port fuzz-url-decode-mem from OSS-Fuzz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git's fuzz tests are run continuously as part of OSS-Fuzz [1]. Several additional fuzz tests have been contributed directly to OSS-Fuzz; however, these tests are vulnerable to bitrot because they are not built during Git's CI runs, and thus breaking changes are much less likely to be noticed by Git contributors. Port one of these tests back to the Git project: fuzz-url-decode-mem This test was originally written by Eric Sesterhenn as part of a security audit of Git [2]. It was then contributed to the OSS-Fuzz repo in commit c58ac4492 (Git fuzzing: uncomment the existing and add new targets. (#11486), 2024-02-21) by Jaroslav Lobačevski. I (Josh Steadmon) have verified with both Eric and Jaroslav that they're OK with moving this test to the Git project. [1] https://github.com/google/oss-fuzz [2] https://ostif.org/wp-content/uploads/2023/01/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf Co-authored-by: Jaroslav Lobačevski Co-authored-by: Josh Steadmon Signed-off-by: Josh Steadmon Signed-off-by: Taylor Blau --- Makefile | 1 + ci/run-build-and-minimal-fuzzers.sh | 1 + oss-fuzz/.gitignore | 1 + oss-fuzz/fuzz-url-decode-mem.c | 43 +++++++++++++++++++++++++++++++++++++ 4 files changed, 46 insertions(+) create mode 100644 oss-fuzz/fuzz-url-decode-mem.c (limited to 'ci') diff --git a/Makefile b/Makefile index cfbbd70fdc..5d630eedaa 100644 --- a/Makefile +++ b/Makefile @@ -2427,6 +2427,7 @@ FUZZ_OBJS += oss-fuzz/fuzz-date.o FUZZ_OBJS += oss-fuzz/fuzz-pack-headers.o FUZZ_OBJS += oss-fuzz/fuzz-pack-idx.o FUZZ_OBJS += oss-fuzz/fuzz-parse-attr-line.o +FUZZ_OBJS += oss-fuzz/fuzz-url-decode-mem.o .PHONY: fuzz-objs fuzz-objs: $(FUZZ_OBJS) diff --git a/ci/run-build-and-minimal-fuzzers.sh b/ci/run-build-and-minimal-fuzzers.sh index 13c85320d6..e7b97952e7 100755 --- a/ci/run-build-and-minimal-fuzzers.sh +++ b/ci/run-build-and-minimal-fuzzers.sh @@ -21,6 +21,7 @@ date pack-headers pack-idx parse-attr-line +url-decode-mem " for fuzzer in $fuzzers; do diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore index ec185f061c..f2d74de457 100644 --- a/oss-fuzz/.gitignore +++ b/oss-fuzz/.gitignore @@ -5,3 +5,4 @@ fuzz-date fuzz-pack-headers fuzz-pack-idx fuzz-parse-attr-line +fuzz-url-decode-mem diff --git a/oss-fuzz/fuzz-url-decode-mem.c b/oss-fuzz/fuzz-url-decode-mem.c new file mode 100644 index 0000000000..2342aa993b --- /dev/null +++ b/oss-fuzz/fuzz-url-decode-mem.c @@ -0,0 +1,43 @@ +#include "git-compat-util.h" +#include +#include +#include +#include +#include +#include "url.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + char *buf; + char *r; + const char *pbuf; + + buf = malloc(size + 1); + if (!buf) + return 0; + + memcpy(buf, data, size); + buf[size] = 0; + + // start fuzzing + r = url_decode(buf); + free(r); + + r = url_percent_decode(buf); + free(r); + + pbuf = (const char*) buf; + r = url_decode_parameter_name(&pbuf); + free(r); + + pbuf = (const char*) buf; + r = url_decode_parameter_value(&pbuf); + free(r); + + // cleanup + free(buf); + + return 0; +} -- cgit v1.3 From ad797eace4209f34aec7fc113ed70887d05c8007 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Thu, 31 Oct 2024 23:49:33 +0000 Subject: ci: remove clause for Ubuntu 16.04 We're no longer testing this version and it's well beyond regular LTS support now, so remove the stanza for it from the case statement in our CI code. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- ci/install-dependencies.sh | 5 ----- 1 file changed, 5 deletions(-) (limited to 'ci') diff --git a/ci/install-dependencies.sh b/ci/install-dependencies.sh index 126e570eb4..d30ae53a18 100755 --- a/ci/install-dependencies.sh +++ b/ci/install-dependencies.sh @@ -55,11 +55,6 @@ ubuntu-*|ubuntu32-*) ${CC_PACKAGE:-${CC:-gcc}} $PYTHON_PACKAGE case "$distro" in - ubuntu-16.04) - # Does not support JGit, but we also don't really care about - # the others. We rather care whether Git still compiles and - # runs fine overall. - ;; ubuntu-*) mkdir --parents "$CUSTOM_PATH" -- cgit v1.3 From ac112fd4f088040787f501b3f4b8279caa394d4e Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Thu, 31 Oct 2024 23:49:34 +0000 Subject: Add additional CI jobs to avoid accidental breakage In general, we'd like to make sure Git works on the LTS versions of major Linux distributions. To do that, let's add CI jobs for the oldest regular (non-extended) LTS versions of the major distributions: Ubuntu 20.04, Debian 11, and RHEL 8. Because RHEL isn't available to the public at no charge, use AlmaLinux, which is binary compatible with it. Note that Debian does not offer the language-pack packages, but suitable locale support can be installed with the locales-all package. Otherwise, use the set of installation instructions which exist and are most similar to the existing supported distros. Signed-off-by: brian m. carlson Signed-off-by: Taylor Blau --- .github/workflows/main.yml | 9 +++++++++ ci/install-dependencies.sh | 14 ++++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) (limited to 'ci') diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9301a1edd6..808ddc19b8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -342,12 +342,21 @@ jobs: - jobname: linux-musl image: alpine distro: alpine-latest + # Supported until 2025-04-02. - jobname: linux32 image: i386/ubuntu:focal distro: ubuntu32-20.04 - jobname: pedantic image: fedora distro: fedora-latest + # A RHEL 8 compatible distro. Supported until 2029-05-31. + - jobname: almalinux-8 + image: almalinux:8 + distro: almalinux-8 + # Supported until 2026-08-31. + - jobname: debian-11 + image: debian:11 + distro: debian-11 env: jobname: ${{matrix.vector.jobname}} distro: ${{matrix.vector.distro}} diff --git a/ci/install-dependencies.sh b/ci/install-dependencies.sh index d30ae53a18..d020cb7aa5 100755 --- a/ci/install-dependencies.sh +++ b/ci/install-dependencies.sh @@ -29,26 +29,32 @@ alpine-*) apache2 apache2-http2 apache2-proxy apache2-ssl apache2-webdav apr-util-dbd_sqlite3 \ bash cvs gnupg perl-cgi perl-dbd-sqlite perl-io-tty >/dev/null ;; -fedora-*) +fedora-*|almalinux-*) dnf -yq update >/dev/null && dnf -yq install make gcc findutils diffutils perl python3 gettext zlib-devel expat-devel openssl-devel curl-devel pcre2-devel >/dev/null ;; -ubuntu-*|ubuntu32-*) +ubuntu-*|ubuntu32-*|debian-*) # Required so that apt doesn't wait for user input on certain packages. export DEBIAN_FRONTEND=noninteractive case "$distro" in ubuntu-*) SVN='libsvn-perl subversion' + LANGUAGES='language-pack-is' ;; - *) + ubuntu32-*) SVN= + LANGUAGES='language-pack-is' + ;; + *) + SVN='libsvn-perl subversion' + LANGUAGES='locales-all' ;; esac sudo apt-get -q update sudo apt-get -q -y install \ - language-pack-is apache2 cvs cvsps git gnupg $SVN \ + $LANGUAGES apache2 cvs cvsps git gnupg $SVN \ make libssl-dev libcurl4-openssl-dev libexpat-dev wget sudo default-jre \ tcl tk gettext zlib1g-dev perl-modules liberror-perl libauthen-sasl-perl \ libemail-valid-perl libio-pty-perl libio-socket-ssl-perl libnet-smtp-ssl-perl libdbd-sqlite3-perl libcgi-pm-perl \ -- cgit v1.3 From 4838deab65e71686353ad2e40cad679e26bfc0a4 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Fri, 6 Dec 2024 14:24:38 +0100 Subject: Makefile: refactor GIT-VERSION-GEN to be reusable Our "GIT-VERSION-GEN" script always writes the "GIT-VERSION-FILE" into the current directory, where the expectation is that it should exist in the source directory. But other build systems that support out-of-tree builds may not want to do that to keep the source directory pristine, even though CMake currently doesn't care. Refactor the script such that it won't write the "GIT-VERSION-FILE" directly anymore, but instead knows to replace @PLACEHOLDERS@ in an arbitrary input file. This allows us to simplify the logic in CMake to determine the project version, but can also be reused later on in order to generate other files that need to contain version information like our "git.rc" file. While at it, change the format of the version file by removing the spaces around the equals sign. Like this we can continue to include the file in our Makefiles, but can also start to source it in shell scripts in subsequent steps. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- GIT-VERSION-FILE.in | 1 + GIT-VERSION-GEN | 61 ++++++++++++++++++++++++++++--------- Makefile | 5 ++- ci/test-documentation.sh | 2 +- contrib/buildsystems/CMakeLists.txt | 23 ++++---------- contrib/buildsystems/git-version.in | 1 + 6 files changed, 59 insertions(+), 34 deletions(-) create mode 100644 GIT-VERSION-FILE.in create mode 100644 contrib/buildsystems/git-version.in (limited to 'ci') diff --git a/GIT-VERSION-FILE.in b/GIT-VERSION-FILE.in new file mode 100644 index 0000000000..3789a48a34 --- /dev/null +++ b/GIT-VERSION-FILE.in @@ -0,0 +1 @@ +GIT_VERSION=@GIT_VERSION@ diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 78e8631f67..7afc7aad14 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,23 +1,48 @@ #!/bin/sh -GVF=GIT-VERSION-FILE DEF_VER=v2.47.GIT LF=' ' +if test "$#" -ne 3 +then + echo >&2 "USAGE: $0 " + exit 1 +fi + +SOURCE_DIR="$1" +INPUT="$2" +OUTPUT="$3" + +if ! test -f "$INPUT" +then + echo >&2 "Input is not a file: $INPUT" + exit 1 +fi + +# Protect us from reading Git version information outside of the Git directory +# in case it is not a repository itself, but embedded in an unrelated +# repository. +GIT_CEILING_DIRECTORIES="$SOURCE_DIR/.." +export GIT_CEILING_DIRECTORIES + # First see if there is a version file (included in release tarballs), # then try git-describe, then default. -if test -f version +if test -f "$SOURCE_DIR"/version then - VN=$(cat version) || VN="$DEF_VER" -elif { test -d "${GIT_DIR:-.git}" || test -f .git; } && - VN=$(git describe --match "v[0-9]*" HEAD 2>/dev/null) && + VN=$(cat "$SOURCE_DIR"/version) || VN="$DEF_VER" +elif { + test -d "$SOURCE_DIR/.git" || + test -d "${GIT_DIR:-.git}" || + test -f "$SOURCE_DIR"/.git; + } && + VN=$(git -C "$SOURCE_DIR" describe --match "v[0-9]*" HEAD 2>/dev/null) && case "$VN" in *$LF*) (exit 1) ;; v[0-9]*) - git update-index -q --refresh - test -z "$(git diff-index --name-only HEAD --)" || + git -C "$SOURCE_DIR" update-index -q --refresh + test -z "$(git -C "$SOURCE_DIR" diff-index --name-only HEAD --)" || VN="$VN-dirty" ;; esac then @@ -26,15 +51,21 @@ else VN="$DEF_VER" fi -VN=$(expr "$VN" : v*'\(.*\)') +GIT_VERSION=$(expr "$VN" : v*'\(.*\)') + +read GIT_MAJOR_VERSION GIT_MINOR_VERSION GIT_MICRO_VERSION trailing <"$OUTPUT"+ -if test -r $GVF +if ! test -f "$OUTPUT" || ! cmp "$OUTPUT"+ "$OUTPUT" >/dev/null then - VC=$(sed -e 's/^GIT_VERSION = //' <$GVF) + mv "$OUTPUT"+ "$OUTPUT" else - VC=unset + rm "$OUTPUT"+ fi -test "$VN" = "$VC" || { - echo >&2 "GIT_VERSION = $VN" - echo "GIT_VERSION = $VN" >$GVF -} diff --git a/Makefile b/Makefile index 75e26d2e31..73510d6bcb 100644 --- a/Makefile +++ b/Makefile @@ -592,7 +592,10 @@ include shared.mak # Disable -pedantic compilation. GIT-VERSION-FILE: FORCE - @$(SHELL_PATH) ./GIT-VERSION-GEN + @OLD=$$(cat $@ 2>/dev/null || :) && \ + $(SHELL_PATH) ./GIT-VERSION-GEN "$(shell pwd)" GIT-VERSION-FILE.in $@ && \ + NEW=$$(cat $@ 2>/dev/null || :) && \ + if test "$$OLD" != "$$NEW"; then echo "$$NEW" >&2; fi -include GIT-VERSION-FILE # Set our default configuration. diff --git a/ci/test-documentation.sh b/ci/test-documentation.sh index 02b3af3941..6c018b673e 100755 --- a/ci/test-documentation.sh +++ b/ci/test-documentation.sh @@ -6,7 +6,7 @@ . ${0%/*}/lib.sh filter_log () { - sed -e '/^GIT_VERSION = /d' \ + sed -e '/^GIT_VERSION=/d' \ -e "/constant Gem::ConfigMap is deprecated/d" \ -e '/^ \* new asciidoc flags$/d' \ -e '/stripped namespace before processing/d' \ diff --git a/contrib/buildsystems/CMakeLists.txt b/contrib/buildsystems/CMakeLists.txt index 1abf5f099c..376d748ce9 100644 --- a/contrib/buildsystems/CMakeLists.txt +++ b/contrib/buildsystems/CMakeLists.txt @@ -83,23 +83,12 @@ if(NOT SH_EXE) "On Windows, you can get it as part of 'Git for Windows' install at https://gitforwindows.org/") endif() -#Create GIT-VERSION-FILE using GIT-VERSION-GEN -if(NOT EXISTS ${CMAKE_SOURCE_DIR}/GIT-VERSION-FILE) - message("Generating GIT-VERSION-FILE") - execute_process(COMMAND ${SH_EXE} ${CMAKE_SOURCE_DIR}/GIT-VERSION-GEN - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}) -endif() - -#Parse GIT-VERSION-FILE to get the version -file(STRINGS ${CMAKE_SOURCE_DIR}/GIT-VERSION-FILE git_version REGEX "GIT_VERSION = (.*)") -string(REPLACE "GIT_VERSION = " "" git_version ${git_version}) -string(FIND ${git_version} "GIT" location) -if(location EQUAL -1) - string(REGEX MATCH "[0-9]*\\.[0-9]*\\.[0-9]*" git_version ${git_version}) -else() - string(REGEX MATCH "[0-9]*\\.[0-9]*" git_version ${git_version}) - string(APPEND git_version ".0") #for building from a snapshot -endif() +message("Generating Git version") +execute_process(COMMAND ${SH_EXE} "${CMAKE_SOURCE_DIR}/GIT-VERSION-GEN" + "${CMAKE_SOURCE_DIR}" + "${CMAKE_SOURCE_DIR}/contrib/buildsystems/git-version.in" + "${CMAKE_BINARY_DIR}/git-version") +file(STRINGS "${CMAKE_BINARY_DIR}/git-version" git_version) project(git VERSION ${git_version} diff --git a/contrib/buildsystems/git-version.in b/contrib/buildsystems/git-version.in new file mode 100644 index 0000000000..9750505ae7 --- /dev/null +++ b/contrib/buildsystems/git-version.in @@ -0,0 +1 @@ +@GIT_MAJOR_VERSION@.@GIT_MINOR_VERSION@.@GIT_MICRO_VERSION@ -- cgit v1.3 From 33b06fa603958ba936ea7602c9b81d10ffcd08bb Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Thu, 12 Dec 2024 07:47:15 +0100 Subject: ci/lib: remove duplicate trap to end "CI setup" group We exlicitly trap on EXIT in order to end the "CI setup" group. This isn't necessary though given that `begin_group ()` already sets up the trap for us. Remove the duplicate trap. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- ci/lib.sh | 1 - 1 file changed, 1 deletion(-) (limited to 'ci') diff --git a/ci/lib.sh b/ci/lib.sh index 74b430be23..de3a95cea1 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -56,7 +56,6 @@ group () { } begin_group "CI setup" -trap "end_group 'CI setup'" EXIT # Set 'exit on error' for all CI scripts to let the caller know that # something went wrong. -- cgit v1.3 From d2ca12020ffb7ee7f0ee1154f394a994f045b5a9 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Thu, 12 Dec 2024 07:47:16 +0100 Subject: ci/lib: do not interpret escape sequences in `group ()` arguments We use printf to set up sections with GitLab CI, which requires us to print a bunch of escape sequences via printf. The group name is controlled by the user and is expanded directly into the formatting string, which may cause problems in case the argument contains escape sequences or formatting directives. Fix this potential issue by using formatting directives to pass variable data. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- ci/lib.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'ci') diff --git a/ci/lib.sh b/ci/lib.sh index de3a95cea1..803f56bc82 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -18,7 +18,8 @@ elif test true = "$GITLAB_CI" then begin_group () { need_to_end_group=t - printf "\e[0Ksection_start:$(date +%s):$(echo "$1" | tr ' ' _)[collapsed=true]\r\e[0K$1\n" + printf '\e[0Ksection_start:%s:%s[collapsed=true]\r\e[0K%s\n' \ + "$(date +%s)" "$(echo "$1" | tr ' ' _)" "$1" trap "end_group '$1'" EXIT set -x } @@ -27,7 +28,8 @@ then test -n "$need_to_end_group" || return 0 set +x need_to_end_group= - printf "\e[0Ksection_end:$(date +%s):$(echo "$1" | tr ' ' _)\r\e[0K\n" + printf '\e[0Ksection_end:%s:%s\r\e[0K\n' \ + "$(date +%s)" "$(echo "$1" | tr ' ' _)" trap - EXIT } else -- cgit v1.3 From c6b43f663eb252deb28cfff79e1ccdefed87c971 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Thu, 12 Dec 2024 07:47:17 +0100 Subject: ci/lib: fix "CI setup" sections with GitLab CI Whenever we source "ci/lib.sh" we wrap the directives in a separate group so that they can easily be collapsed in the web UI. And as we source the script multiple times during a single CI run we thus end up with the same section name reused multiple times, as well. This is broken on GitLab CI though, where reusing the same group name is not supported. The consequence is that only the last of these sections can be collapsed. Fix this issue by including the name of the sourcing script in the group's name. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- ci/lib.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ci') diff --git a/ci/lib.sh b/ci/lib.sh index 803f56bc82..63c42fe93a 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -57,7 +57,7 @@ group () { return $res } -begin_group "CI setup" +begin_group "CI setup via $(basename $0)" # Set 'exit on error' for all CI scripts to let the caller know that # something went wrong. @@ -388,5 +388,5 @@ esac MAKEFLAGS="$MAKEFLAGS CC=${CC:-cc}" -end_group "CI setup" +end_group "CI setup via $(basename $0)" set -x -- cgit v1.3 From 714c134dd6f29d23b46cb85cd8bd82a2ce894c65 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Fri, 13 Dec 2024 11:41:16 +0100 Subject: ci/lib: support custom output directories when creating test artifacts Update `create_failed_test_artifacts ()` so that it can handle arbitrary test output directories. This fixes creation of these artifacts for macOS on GitLab CI, which uses a separate output directory already. This will also be used by our out-of-tree builds with Meson. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- ci/lib.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'ci') diff --git a/ci/lib.sh b/ci/lib.sh index 930f98d722..2e7a5f0540 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -180,9 +180,9 @@ handle_failed_tests () { } create_failed_test_artifacts () { - mkdir -p t/failed-test-artifacts + mkdir -p "${TEST_OUTPUT_DIRECTORY:-t}"/failed-test-artifacts - for test_exit in t/test-results/*.exit + for test_exit in "${TEST_OUTPUT_DIRECTORY:-t}"/test-results/*.exit do test 0 != "$(cat "$test_exit")" || continue @@ -191,11 +191,11 @@ create_failed_test_artifacts () { printf "\\e[33m\\e[1m=== Failed test: ${test_name} ===\\e[m\\n" echo "The full logs are in the 'print test failures' step below." echo "See also the 'failed-tests-*' artifacts attached to this run." - cat "t/test-results/$test_name.markup" + cat "${TEST_OUTPUT_DIRECTORY:-t}/test-results/$test_name.markup" - trash_dir="t/trash directory.$test_name" - cp "t/test-results/$test_name.out" t/failed-test-artifacts/ - tar czf t/failed-test-artifacts/"$test_name".trash.tar.gz "$trash_dir" + trash_dir="${TEST_OUTPUT_DIRECTORY:-t}/trash directory.$test_name" + cp "${TEST_OUTPUT_DIRECTORY:-t}/test-results/$test_name.out" "${TEST_OUTPUT_DIRECTORY:-t}"/failed-test-artifacts/ + tar czf "${TEST_OUTPUT_DIRECTORY:-t}/failed-test-artifacts/$test_name.trash.tar.gz" "$trash_dir" done } -- cgit v1.3 From eab5dbab92fa60298aa4a1952fcbc6cae824d939 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Fri, 13 Dec 2024 11:41:23 +0100 Subject: ci: wire up Meson builds Wire up CI builds for both GitLab and GitHub that use the Meson build system. While the setup is mostly trivial, one gotcha is the test output directory used to be in "t/", but now it is contained in the build directory. To unify the logic across Makefile- and Meson-based builds we explicitly set up the `TEST_OUTPUT_DIRECTORY` variable so that it is the same for both build systems. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- .github/workflows/main.yml | 7 +++++++ .gitlab-ci.yml | 8 ++++++++ ci/install-dependencies.sh | 7 +++++++ ci/lib.sh | 2 +- ci/print-test-failures.sh | 2 +- ci/run-build-and-tests.sh | 31 ++++++++++++++++++++++++------- 6 files changed, 48 insertions(+), 9 deletions(-) (limited to 'ci') diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 808ddc19b8..c231419abc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -286,6 +286,9 @@ jobs: - jobname: osx-gcc cc: gcc-13 pool: macos-13 + - jobname: osx-meson + cc: clang + pool: macos-13 - jobname: linux-gcc-default cc: gcc pool: ubuntu-latest @@ -298,11 +301,15 @@ jobs: - jobname: linux-asan-ubsan cc: clang pool: ubuntu-latest + - jobname: linux-meson + cc: gcc + pool: ubuntu-latest env: CC: ${{matrix.vector.cc}} CC_PACKAGE: ${{matrix.vector.cc_package}} jobname: ${{matrix.vector.jobname}} distro: ${{matrix.vector.pool}} + TEST_OUTPUT_DIRECTORY: ${{github.workspace}}/t runs-on: ${{matrix.vector.pool}} steps: - uses: actions/checkout@v4 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a1bc92893f..3eec72ddc6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -20,6 +20,7 @@ test:linux: - saas-linux-medium-amd64 variables: CUSTOM_PATH: "/custom" + TEST_OUTPUT_DIRECTORY: "/tmp/test-output" before_script: - ./ci/install-dependencies.sh script: @@ -31,6 +32,7 @@ test:linux: if test "$CI_JOB_STATUS" != 'success' then sudo --preserve-env --set-home --user=builder ./ci/print-test-failures.sh + mv "$TEST_OUTPUT_DIRECTORY"/failed-test-artifacts t/ fi parallel: matrix: @@ -67,6 +69,9 @@ test:linux: image: fedora:latest - jobname: linux-musl image: alpine:latest + - jobname: linux-meson + image: ubuntu:latest + CC: gcc artifacts: paths: - t/failed-test-artifacts @@ -104,6 +109,9 @@ test:osx: - jobname: osx-reftable image: macos-13-xcode-14 CC: clang + - jobname: osx-meson + image: macos-14-xcode-15 + CC: clang artifacts: paths: - t/failed-test-artifacts diff --git a/ci/install-dependencies.sh b/ci/install-dependencies.sh index d020cb7aa5..d1cb9fa878 100755 --- a/ci/install-dependencies.sh +++ b/ci/install-dependencies.sh @@ -58,6 +58,7 @@ ubuntu-*|ubuntu32-*|debian-*) make libssl-dev libcurl4-openssl-dev libexpat-dev wget sudo default-jre \ tcl tk gettext zlib1g-dev perl-modules liberror-perl libauthen-sasl-perl \ libemail-valid-perl libio-pty-perl libio-socket-ssl-perl libnet-smtp-ssl-perl libdbd-sqlite3-perl libcgi-pm-perl \ + libpcre2-dev meson ninja-build pkg-config \ ${CC_PACKAGE:-${CC:-gcc}} $PYTHON_PACKAGE case "$distro" in @@ -90,6 +91,12 @@ macos-*) sudo xattr -d com.apple.quarantine "$CUSTOM_PATH/p4" "$CUSTOM_PATH/p4d" 2>/dev/null || true rm helix-core-server.tgz + case "$jobname" in + osx-meson) + brew install meson ninja pcre2 + ;; + esac + if test -n "$CC_PACKAGE" then BREW_PACKAGE=${CC_PACKAGE/-/@} diff --git a/ci/lib.sh b/ci/lib.sh index 2e7a5f0540..b436f85541 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -236,7 +236,7 @@ then CC="${CC_PACKAGE:-${CC:-gcc}}" DONT_SKIP_TAGS=t handle_failed_tests () { - echo "FAILED_TEST_ARTIFACTS=t/failed-test-artifacts" >>$GITHUB_ENV + echo "FAILED_TEST_ARTIFACTS=${TEST_OUTPUT_DIRECTORY:-t}/failed-test-artifacts" >>$GITHUB_ENV create_failed_test_artifacts return 1 } diff --git a/ci/print-test-failures.sh b/ci/print-test-failures.sh index b1f80aeac3..655687dd82 100755 --- a/ci/print-test-failures.sh +++ b/ci/print-test-failures.sh @@ -46,7 +46,7 @@ do ;; github-actions) mkdir -p failed-test-artifacts - echo "FAILED_TEST_ARTIFACTS=t/failed-test-artifacts" >>$GITHUB_ENV + echo "FAILED_TEST_ARTIFACTS=${TEST_OUTPUT_DIRECTORY:t}/failed-test-artifacts" >>$GITHUB_ENV cp "${TEST_EXIT%.exit}.out" failed-test-artifacts/ tar czf failed-test-artifacts/"$test_name".trash.tar.gz "$trash_dir" continue diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh index 2e28d02b20..c4a41bba0b 100755 --- a/ci/run-build-and-tests.sh +++ b/ci/run-build-and-tests.sh @@ -48,12 +48,29 @@ pedantic) ;; esac -group Build make -if test -n "$run_tests" -then - group "Run tests" make test || - handle_failed_tests -fi -check_unignored_build_artifacts +case "$jobname" in +*-meson) + group "Configure" meson setup build . \ + --warnlevel 2 --werror \ + --wrap-mode nofallback + group "Build" meson compile -C build -- + if test -n "$run_tests" + then + group "Run tests" meson test -C build --print-errorlogs --test-args="$GIT_TEST_OPTS" || ( + ./t/aggregate-results.sh "${TEST_OUTPUT_DIRECTORY:-t}/test-results" + handle_failed_tests + ) + fi + ;; +*) + group Build make + if test -n "$run_tests" + then + group "Run tests" make test || + handle_failed_tests + fi + ;; +esac +check_unignored_build_artifacts save_good_tree -- cgit v1.3 From 7d0037b59ae0d22a2718c28d8e70e3ef3f3f991e Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sun, 29 Dec 2024 23:28:30 -0500 Subject: thread-utils: introduce optional barrier type One thread primitive we don't yet support is a barrier: it waits for all threads to reach a synchronization point before letting any of them continue. This would be useful for avoiding the LSan race we see in index-pack (and other places) by having all threads complete their initialization before any of them start to do real work. POSIX introduced a pthread_barrier_t in 2004, which does what we want. But if we want to rely on it: 1. Our Windows pthread emulation would need a new set of wrapper functions. There's a Synchronization Barrier primitive there, which was introduced in Windows 8 (which is old enough for us to depend on). 2. macOS (and possibly other systems) has pthreads but not pthread_barrier_t. So there we'd have to implement our own barrier based on the mutex and cond primitives. Those are do-able, but since we only care about avoiding races in our LSan builds, there's an easier way: make it a noop on systems without a native pthread barrier. This patch introduces a "maybe_thread_barrier" API. The clunky name (rather than just using pthread_barrier directly) should hopefully clue people in that on some systems it will do nothing. It's wired to a Makefile knob which has to be triggered manually, and we enable it for the linux-leaks CI jobs (since we know we'll have it there). There are some other possible options: - we could turn it on all the time for Linux systems based on uname. But we really only care about it for LSan builds, and there is no need to add extra code to regular builds. - we could turn it on only for LSan builds. But that would break builds on non-Linux platforms (like macOS) that otherwise should support sanitizers. - we could trigger only on the combination of Linux and LSan together. This isn't too hard to do, but the uname check isn't completely accurate. It is really about what your libc supports, and non-glibc systems might not have it (though at least musl seems to). So we'd risk breaking builds on those systems, which would need to add a new knob. Though the upside would be that running local "make SANITIZE=leak test" would be protected automatically. And of course none of this protects LSan runs from races on systems without pthread barriers. It's probably OK in practice to protect only our CI jobs, though. The race is rare-ish and most leak-checking happens through CI. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- Makefile | 7 +++++++ ci/lib.sh | 1 + thread-utils.h | 17 +++++++++++++++++ 3 files changed, 25 insertions(+) (limited to 'ci') diff --git a/Makefile b/Makefile index 97e8385b66..2c6dad8a75 100644 --- a/Makefile +++ b/Makefile @@ -141,6 +141,10 @@ include shared.mak # # Define NO_PTHREADS if you do not have or do not want to use Pthreads. # +# Define THREAD_BARRIER_PTHREAD if your system has pthread_barrier_t. Barrier +# support is optional and is only helpful when building with SANITIZE=leak, as +# it is used to eliminate some races in the leak-checker. +# # Define NO_PREAD if you have a problem with pread() system call (e.g. # cygwin1.dll before v1.5.22). # @@ -2079,6 +2083,9 @@ ifdef NO_PTHREADS else BASIC_CFLAGS += $(PTHREAD_CFLAGS) EXTLIBS += $(PTHREAD_LIBS) + ifdef THREAD_BARRIER_PTHREAD + BASIC_CFLAGS += -DTHREAD_BARRIER_PTHREAD + endif endif ifdef HAVE_PATHS_H diff --git a/ci/lib.sh b/ci/lib.sh index 8885ee3c3f..6a1267fbcb 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -385,6 +385,7 @@ linux-musl) ;; linux-leaks|linux-reftable-leaks) export SANITIZE=leak + export THREAD_BARRIER_PTHREAD=1 ;; linux-asan-ubsan) export SANITIZE=address,undefined diff --git a/thread-utils.h b/thread-utils.h index 4961487ed9..3df5be9916 100644 --- a/thread-utils.h +++ b/thread-utils.h @@ -53,5 +53,22 @@ int dummy_pthread_init(void *); int online_cpus(void); int init_recursive_mutex(pthread_mutex_t*); +#ifdef THREAD_BARRIER_PTHREAD +#define maybe_thread_barrier_t pthread_barrier_t +#define maybe_thread_barrier_init pthread_barrier_init +#define maybe_thread_barrier_wait pthread_barrier_wait +#define maybe_thread_barrier_destroy pthread_barrier_destroy +#else +#define maybe_thread_barrier_t int +static inline int maybe_thread_barrier_init(maybe_thread_barrier_t *b UNUSED, + void *attr UNUSED, + unsigned nr UNUSED) +{ + errno = ENOSYS; + return -1; +} +#define maybe_thread_barrier_wait(barrier) +#define maybe_thread_barrier_destroy(barrier) +#endif #endif /* THREAD_COMPAT_H */ -- cgit v1.3 From 599a63409bed67d61c359d316da5a10bcddc954b Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:03 +0100 Subject: ci: exercise unsafe OpenSSL backend In the preceding commit we have fixed a segfault when using an unsafe SHA1 backend that is different from the safe one. This segfault only went by unnoticed because we never set up an unsafe backend in our CI systems. Fix this ommission by setting `OPENSSL_SHA1_UNSAFE` in our TEST-vars job. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- ci/run-build-and-tests.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'ci') diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh index 2e28d02b20..e90b338001 100755 --- a/ci/run-build-and-tests.sh +++ b/ci/run-build-and-tests.sh @@ -17,6 +17,7 @@ linux-gcc) export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main ;; linux-TEST-vars) + export OPENSSL_SHA1_UNSAFE=YesPlease export GIT_TEST_SPLIT_INDEX=yes export GIT_TEST_MERGE_ALGORITHM=recursive export GIT_TEST_FULL_IN_PACK_ARRAY=true -- cgit v1.3 From fc89d14c639faec779956b4e3cd873c07bd4327b Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Wed, 1 Jan 2025 14:13:01 -0800 Subject: Revert barrier-based LSan threading race workaround The extra "barrier" approach was too much code whose sole purpose was to work around a race that is not even ours (i.e. in LSan's teardown code). In preparation for queuing a solution taking a much-less-invasive approach, let's revert them. --- Makefile | 7 ------- builtin/grep.c | 8 -------- builtin/index-pack.c | 6 ------ ci/lib.sh | 1 - thread-utils.h | 17 ----------------- 5 files changed, 39 deletions(-) (limited to 'ci') diff --git a/Makefile b/Makefile index 2c6dad8a75..97e8385b66 100644 --- a/Makefile +++ b/Makefile @@ -141,10 +141,6 @@ include shared.mak # # Define NO_PTHREADS if you do not have or do not want to use Pthreads. # -# Define THREAD_BARRIER_PTHREAD if your system has pthread_barrier_t. Barrier -# support is optional and is only helpful when building with SANITIZE=leak, as -# it is used to eliminate some races in the leak-checker. -# # Define NO_PREAD if you have a problem with pread() system call (e.g. # cygwin1.dll before v1.5.22). # @@ -2083,9 +2079,6 @@ ifdef NO_PTHREADS else BASIC_CFLAGS += $(PTHREAD_CFLAGS) EXTLIBS += $(PTHREAD_LIBS) - ifdef THREAD_BARRIER_PTHREAD - BASIC_CFLAGS += -DTHREAD_BARRIER_PTHREAD - endif endif ifdef HAVE_PATHS_H diff --git a/builtin/grep.c b/builtin/grep.c index 61b2c27490..d00ee76f24 100644 --- a/builtin/grep.c +++ b/builtin/grep.c @@ -101,9 +101,6 @@ static pthread_cond_t cond_write; /* Signalled when we are finished with everything. */ static pthread_cond_t cond_result; -/* Synchronize the start of all threads */ -static maybe_thread_barrier_t start_barrier; - static int skip_first_line; static void add_work(struct grep_opt *opt, struct grep_source *gs) @@ -201,8 +198,6 @@ static void *run(void *arg) int hit = 0; struct grep_opt *opt = arg; - maybe_thread_barrier_wait(&start_barrier); - while (1) { struct work_item *w = get_work(); if (!w) @@ -234,7 +229,6 @@ static void start_threads(struct grep_opt *opt) pthread_cond_init(&cond_add, NULL); pthread_cond_init(&cond_write, NULL); pthread_cond_init(&cond_result, NULL); - maybe_thread_barrier_init(&start_barrier, NULL, num_threads + 1); grep_use_locks = 1; enable_obj_read_lock(); @@ -254,7 +248,6 @@ static void start_threads(struct grep_opt *opt) die(_("grep: failed to create thread: %s"), strerror(err)); } - maybe_thread_barrier_wait(&start_barrier); } static int wait_all(void) @@ -291,7 +284,6 @@ static int wait_all(void) pthread_cond_destroy(&cond_add); pthread_cond_destroy(&cond_write); pthread_cond_destroy(&cond_result); - maybe_thread_barrier_destroy(&start_barrier); grep_use_locks = 0; disable_obj_read_lock(); diff --git a/builtin/index-pack.c b/builtin/index-pack.c index 27b120f26c..0b62b2589f 100644 --- a/builtin/index-pack.c +++ b/builtin/index-pack.c @@ -185,8 +185,6 @@ static pthread_mutex_t deepest_delta_mutex; static pthread_key_t key; -static maybe_thread_barrier_t start_barrier; - static inline void lock_mutex(pthread_mutex_t *mutex) { if (threads_active) @@ -211,7 +209,6 @@ static void init_thread(void) if (show_stat) pthread_mutex_init(&deepest_delta_mutex, NULL); pthread_key_create(&key, NULL); - maybe_thread_barrier_init(&start_barrier, NULL, nr_threads); CALLOC_ARRAY(thread_data, nr_threads); for (i = 0; i < nr_threads; i++) { thread_data[i].pack_fd = xopen(curr_pack, O_RDONLY); @@ -234,7 +231,6 @@ static void cleanup_thread(void) for (i = 0; i < nr_threads; i++) close(thread_data[i].pack_fd); pthread_key_delete(key); - maybe_thread_barrier_destroy(&start_barrier); free(thread_data); } @@ -1104,8 +1100,6 @@ static int compare_ref_delta_entry(const void *a, const void *b) static void *threaded_second_pass(void *data) { - if (threads_active) - maybe_thread_barrier_wait(&start_barrier); if (data) set_thread_data(data); for (;;) { diff --git a/ci/lib.sh b/ci/lib.sh index 6a1267fbcb..8885ee3c3f 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -385,7 +385,6 @@ linux-musl) ;; linux-leaks|linux-reftable-leaks) export SANITIZE=leak - export THREAD_BARRIER_PTHREAD=1 ;; linux-asan-ubsan) export SANITIZE=address,undefined diff --git a/thread-utils.h b/thread-utils.h index 3df5be9916..4961487ed9 100644 --- a/thread-utils.h +++ b/thread-utils.h @@ -53,22 +53,5 @@ int dummy_pthread_init(void *); int online_cpus(void); int init_recursive_mutex(pthread_mutex_t*); -#ifdef THREAD_BARRIER_PTHREAD -#define maybe_thread_barrier_t pthread_barrier_t -#define maybe_thread_barrier_init pthread_barrier_init -#define maybe_thread_barrier_wait pthread_barrier_wait -#define maybe_thread_barrier_destroy pthread_barrier_destroy -#else -#define maybe_thread_barrier_t int -static inline int maybe_thread_barrier_init(maybe_thread_barrier_t *b UNUSED, - void *attr UNUSED, - unsigned nr UNUSED) -{ - errno = ENOSYS; - return -1; -} -#define maybe_thread_barrier_wait(barrier) -#define maybe_thread_barrier_destroy(barrier) -#endif #endif /* THREAD_COMPAT_H */ -- cgit v1.3 From 04c29bdea04e5af5193fd386b62a48c320351f19 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Wed, 22 Jan 2025 12:31:30 +0100 Subject: ci: merge linux-gcc-default into linux-gcc The "linux-gcc-default" job is mostly doing the same as the "linux-gcc" job, except for a couple of minor differences: - We use an explicit GCC version instead of the default version provided by the distribution. We have other jobs that test with "gcc-8", making this distinction pointless. - We don't set up the Python version explicitly, and instead use the default Python version. Python 2 has been end-of-life for quite a while now though, making this distinction less interesting. - We set up the default branch name to be "main" in "linux-gcc". We have other testcases that don't and also some that explicitly use "master". - We use "ubuntu:20.04" in one job and "ubuntu:latest" in another. We already have a couple other jobs testing these respectively. So overall, the job does not add much to our test coverage. Drop the "linux-gcc-default" job and adapt "linux-gcc" to start using the default GCC compiler, effectively merging those two jobs into one. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- .github/workflows/main.yml | 4 ---- .gitlab-ci.yml | 4 ---- ci/lib.sh | 5 ----- 3 files changed, 13 deletions(-) (limited to 'ci') diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 808ddc19b8..32d35d2257 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -271,7 +271,6 @@ jobs: pool: ubuntu-latest - jobname: linux-gcc cc: gcc - cc_package: gcc-8 pool: ubuntu-20.04 - jobname: linux-TEST-vars cc: gcc @@ -286,9 +285,6 @@ jobs: - jobname: osx-gcc cc: gcc-13 pool: macos-13 - - jobname: linux-gcc-default - cc: gcc - pool: ubuntu-latest - jobname: linux-leaks cc: gcc pool: ubuntu-latest diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a1bc92893f..b86bb0bdb3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -46,14 +46,10 @@ test:linux: - jobname: linux-gcc image: ubuntu:20.04 CC: gcc - CC_PACKAGE: gcc-8 - jobname: linux-TEST-vars image: ubuntu:20.04 CC: gcc CC_PACKAGE: gcc-8 - - jobname: linux-gcc-default - image: ubuntu:latest - CC: gcc - jobname: linux-leaks image: ubuntu:latest CC: gcc diff --git a/ci/lib.sh b/ci/lib.sh index 930f98d722..e67c481d4f 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -328,11 +328,6 @@ export SKIP_DASHED_BUILT_INS=YesPlease case "$distro" in ubuntu-*) - if test "$jobname" = "linux-gcc-default" - then - break - fi - # Python 2 is end of life, and Ubuntu 23.04 and newer don't actually # have it anymore. We thus only test with Python 2 on older LTS # releases. -- cgit v1.3 From 4b5073c64b6e4180dcf1bed09c6fdd52cd1b2d21 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Wed, 22 Jan 2025 12:31:31 +0100 Subject: ci: repurpose "linux-gcc" job for deprecations The "linux-gcc" job isn't all that interesting by itself and can be considered more or less the "standard" job: it is running with a reasonably up-to-date image and uses GCC as a compiler, both of which we already cover in other jobs. There is one exception though: we change the default branch to be "main" instead of "master", so it is forging ahead a bit into the future to make sure that this change does not cause havoc. So let's expand on this a bit and also add the new "WITH_BREAKING_CHANGES" flag to the mix. Rename the job to "linux-breaking-changes" accordingly. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- .github/workflows/main.yml | 2 +- .gitlab-ci.yml | 2 +- ci/run-build-and-tests.sh | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) (limited to 'ci') diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 32d35d2257..46b96fb96c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -269,7 +269,7 @@ jobs: - jobname: linux-reftable cc: clang pool: ubuntu-latest - - jobname: linux-gcc + - jobname: linux-breaking-changes cc: gcc pool: ubuntu-20.04 - jobname: linux-TEST-vars diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b86bb0bdb3..492e5d9082 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -43,7 +43,7 @@ test:linux: - jobname: linux-reftable image: ubuntu:latest CC: clang - - jobname: linux-gcc + - jobname: linux-breaking-changes image: ubuntu:20.04 CC: gcc - jobname: linux-TEST-vars diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh index 2e28d02b20..2ccd812fb4 100755 --- a/ci/run-build-and-tests.sh +++ b/ci/run-build-and-tests.sh @@ -13,8 +13,9 @@ esac run_tests=t case "$jobname" in -linux-gcc) +linux-breaking-changes) export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main + export WITH_BREAKING_CHANGES=YesPlease ;; linux-TEST-vars) export GIT_TEST_SPLIT_INDEX=yes -- cgit v1.3 From 28911f7dcad1ccc6ac4f6939036de76bb4f4c09b Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Wed, 22 Jan 2025 13:05:50 +0100 Subject: meson: wire up fuzzers Meson does not yet know to build our fuzzers. Introduce a new build option "fuzzers" and wire up the fuzzers in case it is enabled. Adapt our CI jobs so that they build the fuzzers by default. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- ci/run-build-and-tests.sh | 3 ++- meson.build | 4 ++++ meson_options.txt | 2 ++ oss-fuzz/meson.build | 20 ++++++++++++++++++++ 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 oss-fuzz/meson.build (limited to 'ci') diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh index 76667a1277..6c828c3b75 100755 --- a/ci/run-build-and-tests.sh +++ b/ci/run-build-and-tests.sh @@ -53,7 +53,8 @@ case "$jobname" in *-meson) group "Configure" meson setup build . \ --warnlevel 2 --werror \ - --wrap-mode nofallback + --wrap-mode nofallback \ + -Dfuzzers=true group "Build" meson compile -C build -- if test -n "$run_tests" then diff --git a/meson.build b/meson.build index a59072edf5..052bd80ac4 100644 --- a/meson.build +++ b/meson.build @@ -1906,6 +1906,10 @@ if get_option('tests') subdir('t') endif +if get_option('fuzzers') + subdir('oss-fuzz') +endif + subdir('bin-wrappers') if get_option('docs') != [] subdir('Documentation') diff --git a/meson_options.txt b/meson_options.txt index 89b01bad04..34ba679cf9 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -95,3 +95,5 @@ option('tests', type: 'boolean', value: true, description: 'Enable building tests. This requires Perl, but is separate from the "perl" option such that you can build tests without Perl features enabled.') option('test_output_directory', type: 'string', description: 'Path to the directory used to store test outputs') +option('fuzzers', type: 'boolean', value: false, + description: 'Enable building fuzzers.') diff --git a/oss-fuzz/meson.build b/oss-fuzz/meson.build new file mode 100644 index 0000000000..ed79665501 --- /dev/null +++ b/oss-fuzz/meson.build @@ -0,0 +1,20 @@ +fuzz_programs = [ + 'fuzz-commit-graph.c', + 'fuzz-config.c', + 'fuzz-credential-from-url-gently.c', + 'fuzz-date.c', + 'fuzz-pack-headers.c', + 'fuzz-pack-idx.c', + 'fuzz-parse-attr-line.c', + 'fuzz-url-decode-mem.c', +] + +foreach fuzz_program : fuzz_programs + executable(fs.stem(fuzz_program), + sources: [ + 'dummy-cmd-main.c', + fuzz_program, + ], + dependencies: [libgit, common_main], + ) +endforeach -- cgit v1.3 From a8179952e13af2902d4806d2e2982bcfeb6339eb Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Wed, 22 Jan 2025 13:05:53 +0100 Subject: ci: raise error when Meson generates warnings Meson prints warnings in several cases, like for example when using a feature supported by the current version of Meson, but not yet supported by the minimum required version as declared by the project. These warnings will not cause the setup to fail by default, which makes it quite easy to miss them. Improve this by passing `--fatal-meson-warnings` to `meson setup` so that our CI jobs will fail on warnings. Signed-off-by: Patrick Steinhardt Signed-off-by: Junio C Hamano --- ci/run-build-and-tests.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'ci') diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh index 6c828c3b75..964322055f 100755 --- a/ci/run-build-and-tests.sh +++ b/ci/run-build-and-tests.sh @@ -52,6 +52,7 @@ esac case "$jobname" in *-meson) group "Configure" meson setup build . \ + --fatal-meson-warnings \ --warnlevel 2 --werror \ --wrap-mode nofallback \ -Dfuzzers=true -- cgit v1.3