diff --git a/go.mod b/go.mod index 8dd469e4c..899111bac 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/argoproj-labs/argocd-operator v0.15.0 github.com/bradleyfalzon/ghinstallation/v2 v2.17.0 github.com/go-errors/errors v1.5.1 - github.com/go-git/go-git/v5 v5.16.4 + github.com/go-git/go-git/v5 v5.16.5 github.com/go-logr/logr v1.4.3 github.com/google/uuid v1.6.0 github.com/onsi/ginkgo/v2 v2.27.4 diff --git a/go.sum b/go.sum index 3c9a17932..57095a782 100644 --- a/go.sum +++ b/go.sum @@ -146,8 +146,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.16.4 h1:7ajIEZHZJULcyJebDLo99bGgS0jRrOxzZG4uCk2Yb2Y= -github.com/go-git/go-git/v5 v5.16.4/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= +github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s= +github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M= github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI= github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go index 9afdce301..867553c68 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go @@ -1,9 +1,11 @@ package idxfile import ( - "bufio" "bytes" + "crypto" + "encoding/hex" "errors" + "fmt" "io" "github.com/go-git/go-git/v5/plumbing/hash" @@ -25,12 +27,15 @@ const ( // Decoder reads and decodes idx files from an input stream. type Decoder struct { - *bufio.Reader + io.Reader + h hash.Hash } // NewDecoder builds a new idx stream decoder, that reads from r. func NewDecoder(r io.Reader) *Decoder { - return &Decoder{bufio.NewReader(r)} + h := hash.New(crypto.SHA1) + tr := io.TeeReader(r, h) + return &Decoder{tr, h} } // Decode reads from the stream and decode the content into the MemoryIndex struct. @@ -45,7 +50,7 @@ func (d *Decoder) Decode(idx *MemoryIndex) error { readObjectNames, readCRC32, readOffsets, - readChecksums, + readPackChecksum, } for _, f := range flow { @@ -54,11 +59,21 @@ func (d *Decoder) Decode(idx *MemoryIndex) error { } } + actual := d.h.Sum(nil) + if err := readIdxChecksum(idx, d); err != nil { + return err + } + + if !bytes.Equal(actual, idx.IdxChecksum[:]) { + return fmt.Errorf("%w: checksum mismatch: %q instead of %q", + ErrMalformedIdxFile, hex.EncodeToString(idx.IdxChecksum[:]), hex.EncodeToString(actual)) + } + return nil } func validateHeader(r io.Reader) error { - var h = make([]byte, 4) + h := make([]byte, 4) if _, err := io.ReadFull(r, h); err != nil { return err } @@ -165,11 +180,15 @@ func readOffsets(idx *MemoryIndex, r io.Reader) error { return nil } -func readChecksums(idx *MemoryIndex, r io.Reader) error { +func readPackChecksum(idx *MemoryIndex, r io.Reader) error { if _, err := io.ReadFull(r, idx.PackfileChecksum[:]); err != nil { return err } + return nil +} + +func readIdxChecksum(idx *MemoryIndex, r io.Reader) error { if _, err := io.ReadFull(r, idx.IdxChecksum[:]); err != nil { return err } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go index d7932f4ea..621883a67 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go @@ -30,7 +30,7 @@ type Reader struct { func NewReader(r io.Reader) (*Reader, error) { zlib, err := sync.GetZlibReader(r) if err != nil { - return nil, packfile.ErrZLib.AddDetails(err.Error()) + return nil, packfile.ErrZLib.AddDetails("%s", err.Error()) } return &Reader{ diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go index 62f1d13cb..2659c27e5 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go @@ -47,7 +47,6 @@ type Parser struct { oi []*objectInfo oiByHash map[plumbing.Hash]*objectInfo oiByOffset map[int64]*objectInfo - checksum plumbing.Hash cache *cache.BufferLRU // delta content by offset, only used if source is not seekable @@ -133,28 +132,27 @@ func (p *Parser) onFooter(h plumbing.Hash) error { // Parse start decoding phase of the packfile. func (p *Parser) Parse() (plumbing.Hash, error) { if err := p.init(); err != nil { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } if err := p.indexObjects(); err != nil { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } - var err error - p.checksum, err = p.scanner.Checksum() + checksum, err := p.scanner.Checksum() if err != nil && err != io.EOF { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } if err := p.resolveDeltas(); err != nil { - return plumbing.ZeroHash, err + return plumbing.ZeroHash, wrapEOF(err) } - if err := p.onFooter(p.checksum); err != nil { - return plumbing.ZeroHash, err + if err := p.onFooter(checksum); err != nil { + return plumbing.ZeroHash, wrapEOF(err) } - return p.checksum, nil + return checksum, nil } func (p *Parser) init() error { @@ -218,7 +216,7 @@ func (p *Parser) indexObjects() error { if !ok { // can't find referenced object in this pack file // this must be a "thin" pack. - parent = &objectInfo{ //Placeholder parent + parent = &objectInfo{ // Placeholder parent SHA1: oh.Reference, ExternalRef: true, // mark as an external reference that must be resolved Type: plumbing.AnyObject, @@ -531,6 +529,13 @@ func (p *Parser) readData(w io.Writer, o *objectInfo) error { return nil } +func wrapEOF(err error) error { + if err == io.ErrUnexpectedEOF || err == io.EOF { + return fmt.Errorf("%w: %w", ErrMalformedPackFile, err) + } + return err +} + // applyPatchBase applies the patch to target. // // Note that ota will be updated based on the description in resolveObject. @@ -558,15 +563,6 @@ func applyPatchBase(ota *objectInfo, base io.ReaderAt, delta io.Reader, target i return nil } -func getSHA1(t plumbing.ObjectType, data []byte) (plumbing.Hash, error) { - hasher := plumbing.NewHasher(t, int64(len(data))) - if _, err := hasher.Write(data); err != nil { - return plumbing.ZeroHash, err - } - - return hasher.Sum(), nil -} - type objectInfo struct { Offset int64 Length int64 diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go index 730343ee3..8318aae40 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go @@ -3,12 +3,15 @@ package packfile import ( "bufio" "bytes" + "crypto" + "errors" "fmt" - "hash" + gohash "hash" "hash/crc32" "io" "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/hash" "github.com/go-git/go-git/v5/utils/binary" "github.com/go-git/go-git/v5/utils/ioutil" "github.com/go-git/go-git/v5/utils/sync" @@ -24,6 +27,8 @@ var ( ErrUnsupportedVersion = NewError("unsupported packfile version") // ErrSeekNotSupported returned if seek is not support ErrSeekNotSupported = NewError("not seek support") + // ErrMalformedPackFile is returned by the parser when the pack file is corrupted. + ErrMalformedPackFile = errors.New("malformed PACK file") ) // ObjectHeader contains the information related to the object, this information @@ -37,8 +42,9 @@ type ObjectHeader struct { } type Scanner struct { - r *scannerReader - crc hash.Hash32 + r *scannerReader + crc gohash.Hash32 + packHasher hash.Hash // pendingObject is used to detect if an object has been read, or still // is waiting to be read @@ -56,10 +62,12 @@ func NewScanner(r io.Reader) *Scanner { _, ok := r.(io.ReadSeeker) crc := crc32.NewIEEE() + hasher := hash.New(crypto.SHA1) return &Scanner{ - r: newScannerReader(r, crc), + r: newScannerReader(r, io.MultiWriter(crc, hasher)), crc: crc, IsSeekable: ok, + packHasher: hasher, } } @@ -68,6 +76,7 @@ func (s *Scanner) Reset(r io.Reader) { s.r.Reset(r) s.crc.Reset() + s.packHasher.Reset() s.IsSeekable = ok s.pendingObject = nil s.version = 0 @@ -114,7 +123,7 @@ func (s *Scanner) Header() (version, objects uint32, err error) { // readSignature reads a returns the signature field in the packfile. func (s *Scanner) readSignature() ([]byte, error) { - var sig = make([]byte, 4) + sig := make([]byte, 4) if _, err := io.ReadFull(s.r, sig); err != nil { return []byte{}, err } @@ -322,7 +331,6 @@ func (s *Scanner) NextObject(w io.Writer) (written int64, crc32 uint32, err erro func (s *Scanner) ReadObject() (io.ReadCloser, error) { s.pendingObject = nil zr, err := sync.GetZlibReader(s.r) - if err != nil { return nil, fmt.Errorf("zlib reset error: %s", err) } @@ -374,7 +382,18 @@ func (s *Scanner) Checksum() (plumbing.Hash, error) { return plumbing.ZeroHash, err } - return binary.ReadHash(s.r) + s.r.Flush() + actual := plumbing.Hash(s.packHasher.Sum(nil)) + packChecksum, err := binary.ReadHash(s.r) + if err != nil { + return plumbing.ZeroHash, err + } + + if actual != packChecksum { + return plumbing.ZeroHash, fmt.Errorf("%w: checksum mismatch: %q instead of %q", ErrMalformedPackFile, packChecksum, actual) + } + + return packChecksum, nil } // Close reads the reader until io.EOF @@ -401,17 +420,17 @@ func (s *Scanner) Flush() error { // to the crc32 hash writer. type scannerReader struct { reader io.Reader - crc io.Writer + writer io.Writer rbuf *bufio.Reader wbuf *bufio.Writer offset int64 } -func newScannerReader(r io.Reader, h io.Writer) *scannerReader { +func newScannerReader(r io.Reader, w io.Writer) *scannerReader { sr := &scannerReader{ - rbuf: bufio.NewReader(nil), - wbuf: bufio.NewWriterSize(nil, 64), - crc: h, + rbuf: bufio.NewReader(nil), + wbuf: bufio.NewWriterSize(nil, 64), + writer: w, } sr.Reset(r) @@ -421,7 +440,7 @@ func newScannerReader(r io.Reader, h io.Writer) *scannerReader { func (r *scannerReader) Reset(reader io.Reader) { r.reader = reader r.rbuf.Reset(r.reader) - r.wbuf.Reset(r.crc) + r.wbuf.Reset(r.writer) r.offset = 0 if seeker, ok := r.reader.(io.ReadSeeker); ok { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go index f8d26a28e..2a94083f0 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/advrefs_decode.go @@ -262,9 +262,8 @@ func decodeShallow(p *advRefsDecoder) decoderStateFn { p.line = bytes.TrimPrefix(p.line, shallow) if len(p.line) != hashSize { - p.error(fmt.Sprintf( - "malformed shallow hash: wrong length, expected 40 bytes, read %d bytes", - len(p.line))) + p.error("malformed shallow hash: wrong length, expected 40 bytes, read %d bytes", + len(p.line)) return nil } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go index 1205cfaf1..157fa5690 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/updreq_encode.go @@ -62,7 +62,7 @@ func (req *ReferenceUpdateRequest) encodeCommands(e *pktline.Encoder, } for _, cmd := range cmds[1:] { - if err := e.Encodef(formatCommand(cmd)); err != nil { + if err := e.Encodef("%s", formatCommand(cmd)); err != nil { return err } } diff --git a/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go b/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go index 91b4aceae..db82fefde 100644 --- a/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go +++ b/vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go @@ -2,6 +2,8 @@ package filesystem import ( "bytes" + "encoding/hex" + "fmt" "io" "os" "sync" @@ -87,6 +89,11 @@ func (s *ObjectStorage) loadIdxFile(h plumbing.Hash) (err error) { return err } + if !bytes.Equal(idxf.PackfileChecksum[:], h[:]) { + return fmt.Errorf("%w: packfile mismatch: target is %q not %q", + idxfile.ErrMalformedIdxFile, hex.EncodeToString(idxf.PackfileChecksum[:]), h.String()) + } + s.index[h] = idxf return err } @@ -186,7 +193,8 @@ func (s *ObjectStorage) HasEncodedObject(h plumbing.Hash) (err error) { } func (s *ObjectStorage) encodedObjectSizeFromUnpacked(h plumbing.Hash) ( - size int64, err error) { + size int64, err error, +) { f, err := s.dir.Object(h) if err != nil { if os.IsNotExist(err) { @@ -274,7 +282,8 @@ func (s *ObjectStorage) storePackfileInCache(hash plumbing.Hash, p *packfile.Pac } func (s *ObjectStorage) encodedObjectSizeFromPackfile(h plumbing.Hash) ( - size int64, err error) { + size int64, err error, +) { if err := s.requireIndex(); err != nil { return 0, err } @@ -310,7 +319,8 @@ func (s *ObjectStorage) encodedObjectSizeFromPackfile(h plumbing.Hash) ( // EncodedObjectSize returns the plaintext size of the given object, // without actually reading the full object data from storage. func (s *ObjectStorage) EncodedObjectSize(h plumbing.Hash) ( - size int64, err error) { + size int64, err error, +) { size, err = s.encodedObjectSizeFromUnpacked(h) if err != nil && err != plumbing.ErrObjectNotFound { return 0, err @@ -371,7 +381,8 @@ func (s *ObjectStorage) EncodedObject(t plumbing.ObjectType, h plumbing.Hash) (p // DeltaObject returns the object with the given hash, by searching for // it in the packfile and the git object directories. func (s *ObjectStorage) DeltaObject(t plumbing.ObjectType, - h plumbing.Hash) (plumbing.EncodedObject, error) { + h plumbing.Hash, +) (plumbing.EncodedObject, error) { obj, err := s.getFromUnpacked(h) if err == plumbing.ErrObjectNotFound { obj, err = s.getFromPackfile(h, true) @@ -451,8 +462,8 @@ var copyBufferPool = sync.Pool{ // Get returns the object with the given hash, by searching for it in // the packfile. func (s *ObjectStorage) getFromPackfile(h plumbing.Hash, canBeDelta bool) ( - plumbing.EncodedObject, error) { - + plumbing.EncodedObject, error, +) { if err := s.requireIndex(); err != nil { return nil, err } @@ -509,9 +520,7 @@ func (s *ObjectStorage) decodeDeltaObjectAt( return nil, err } - var ( - base plumbing.Hash - ) + var base plumbing.Hash switch header.Type { case plumbing.REFDeltaObject: diff --git a/vendor/github.com/go-git/go-git/v5/worktree.go b/vendor/github.com/go-git/go-git/v5/worktree.go index 479904e0c..5e9cd7bd9 100644 --- a/vendor/github.com/go-git/go-git/v5/worktree.go +++ b/vendor/github.com/go-git/go-git/v5/worktree.go @@ -310,13 +310,20 @@ func (w *Worktree) ResetSparsely(opts *ResetOptions, dirs []string) error { return err } + var removedFiles []string if opts.Mode == MixedReset || opts.Mode == MergeReset || opts.Mode == HardReset { - if err := w.resetIndex(t, dirs, opts.Files); err != nil { + if removedFiles, err = w.resetIndex(t, dirs, opts.Files); err != nil { return err } } - if opts.Mode == MergeReset || opts.Mode == HardReset { + if opts.Mode == MergeReset && len(removedFiles) > 0 { + if err := w.resetWorktree(t, removedFiles); err != nil { + return err + } + } + + if opts.Mode == HardReset { if err := w.resetWorktree(t, opts.Files); err != nil { return err } @@ -365,23 +372,24 @@ func (w *Worktree) Reset(opts *ResetOptions) error { return w.ResetSparsely(opts, nil) } -func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) error { +func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) ([]string, error) { idx, err := w.r.Storer.Index() if err != nil { - return err + return nil, err } b := newIndexBuilder(idx) changes, err := w.diffTreeWithStaging(t, true) if err != nil { - return err + return nil, err } + var removedFiles []string for _, ch := range changes { a, err := ch.Action() if err != nil { - return err + return nil, err } var name string @@ -392,7 +400,7 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) err name = ch.To.String() e, err = t.FindEntry(name) if err != nil { - return err + return nil, err } case merkletrie.Delete: name = ch.From.String() @@ -406,6 +414,7 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) err } b.Remove(name) + removedFiles = append(removedFiles, name) if e == nil { continue } @@ -424,7 +433,7 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) err idx.SkipUnless(dirs) } - return w.r.Storer.SetIndex(idx) + return removedFiles, w.r.Storer.SetIndex(idx) } func inFiles(files []string, v string) bool { diff --git a/vendor/modules.txt b/vendor/modules.txt index 90e0e938b..e124e4f5a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -319,8 +319,8 @@ github.com/go-git/go-billy/v5/helper/polyfill github.com/go-git/go-billy/v5/memfs github.com/go-git/go-billy/v5/osfs github.com/go-git/go-billy/v5/util -# github.com/go-git/go-git/v5 v5.16.4 -## explicit; go 1.23.0 +# github.com/go-git/go-git/v5 v5.16.5 +## explicit; go 1.24.0 github.com/go-git/go-git/v5 github.com/go-git/go-git/v5/config github.com/go-git/go-git/v5/internal/path_util