Reported by Anton:
"Recent versions of libgit2 broke stagit for me due to the added opt-out
GIT_OPT_SET_OWNER_VALIDATION configuration knob. My repositories are owned by
root:vcs and I run stagit as another user which happens to be in vcs group but
not the owner of the repository. Disabling the validation makes stagit work as
expected again."
Some notes:
When using regular git it also provides a knob. This is due to a security
concern in some cases, which is not applicable to stagit.
git log somerepo
fatal: unsafe repository ('somerepo' is owned by someone else)
To add an exception for this directory, call:
git config --global --add safe.directory somerepo
See also / related:
- https://github.blog/2022-04-12-git-security-vulnerability-announced/
git_blob_rawsize now returns with git_object_size_t (unsigned). This was
git_off_t (signed).
In my current version 1.1.0:
types.h:typedef uint64_t git_object_size_t;
v0.28.5:
https://libgit2.org/libgit2/#v0.28.5/group/blob/git_blob_rawsize
changed from v0.99 onwards:
https://libgit2.org/libgit2/#v0.99.0/group/blob/git_blob_rawsize
Fix: use size_t to remain compatible (with a possible warning in older
versions), since git_object_size_t is a new defined type.
This assumes size_t is atleast uint32_t / uint64_t size.
Adapted from a patch by Augustin Fabre <augustin@augfab.fr>, thanks!
git_submodule_lookup does not work without a working tree [1], so the
current approach fails to recognize any submodules in bare repos.
Instead, notice that
$ git ls-tree HEAD
lists any submodules as commit objects regardless of a working tree.
This is the only instance commit object is used in a tree, so we will
use this to check for submodules.
[1]: https://github.com/libgit2/libgit2/pull/4305/files
In general version tags are done in chronological order, so this will have a
better sorting for tagged (versioned) releases.
Request from Caltlgin Stsodaat and others, thanks!
The unveil() system call first appeared in OpenBSD 6.4.
For stagit it has the following properties now:
- stagit-index: only read-access to the file-system for the specified
directories/repositories.
- stagit: read-access to the specified directory/repository.
read-write and creation access to the current directory for the output files.
read-write and creation access to the specified cache file.
... also clear all fields in the structure on failure.
This is not as big an optimization as stagit-gopher, because the diffstat is
displayed in the log, but the difference is still measurable.
