Update to LibGit2 v0.26.0

base/libgit2/libgit2.jl

@@ -873,33 +873,13 @@ function set_ssl_cert_locations(cert_loc)
     cert_file = isfile(cert_loc) ? cert_loc : Cstring(C_NULL)
     cert_dir  = isdir(cert_loc) ? cert_loc : Cstring(C_NULL)
     cert_file == C_NULL && cert_dir == C_NULL && return
-    # TODO FIX https://github.com/libgit2/libgit2/pull/3935#issuecomment-253910017
-    #ccall((:git_libgit2_opts, :libgit2), Cint,
-    #      (Cint, Cstring, Cstring),
-    #      Cint(Consts.SET_SSL_CERT_LOCATIONS), cert_file, cert_dir)
-    ENV["SSL_CERT_FILE"] = cert_file
-    ENV["SSL_CERT_DIR"] = cert_dir
+    @check ccall((:git_libgit2_opts, :libgit2), Cint,
+          (Cint, Cstring, Cstring),
+          Cint(Consts.SET_SSL_CERT_LOCATIONS), cert_file, cert_dir)
 end
 
 function __init__()
-    # Look for OpenSSL env variable for CA bundle (linux only)
-    # windows and macOS use the OS native security backends
-    old_ssl_cert_dir = Base.get(ENV, "SSL_CERT_DIR", nothing)
-    old_ssl_cert_file = Base.get(ENV, "SSL_CERT_FILE", nothing)
-    @static if is_linux()
-        cert_loc = if "SSL_CERT_DIR" in keys(ENV)
-            ENV["SSL_CERT_DIR"]
-        elseif "SSL_CERT_FILE" in keys(ENV)
-            ENV["SSL_CERT_FILE"]
-        else
-            # If we have a bundled ca cert file, point libgit2 at that so SSL connections work.
-            abspath(ccall(:jl_get_julia_home, Any, ()),Base.DATAROOTDIR,"julia","cert.pem")
-        end
-        set_ssl_cert_locations(cert_loc)
-    end
-
-    err = ccall((:git_libgit2_init, :libgit2), Cint, ())
-    err > 0 || throw(ErrorException("error initializing LibGit2 module"))
+    @check ccall((:git_libgit2_init, :libgit2), Cint, ())
     REFCOUNT[] = 1
 
     atexit() do
@@ -909,21 +889,18 @@ function __init__()
         end
     end
 
+    # Look for OpenSSL env variable for CA bundle (linux only)
+    # windows and macOS use the OS native security backends
     @static if is_linux()
-        if old_ssl_cert_dir != Base.get(ENV, "SSL_CERT_DIR", "")
-            if old_ssl_cert_dir === nothing
-                delete!(ENV, "SSL_CERT_DIR")
-            else
-                ENV["SSL_CERT_DIR"] = old_ssl_cert_dir
-            end
-        end
-        if old_ssl_cert_file != Base.get(ENV, "SSL_CERT_FILE", "")
-            if old_ssl_cert_file === nothing
-                delete!(ENV, "SSL_CERT_FILE")
-            else
-                ENV["SSL_CERT_FILE"] = old_ssl_cert_file
-            end
+        cert_loc = if "SSL_CERT_DIR" in keys(ENV)
+            ENV["SSL_CERT_DIR"]
+        elseif "SSL_CERT_FILE" in keys(ENV)
+            ENV["SSL_CERT_FILE"]
+        else
+            # If we have a bundled ca cert file, point libgit2 at that so SSL connections work.
+            abspath(ccall(:jl_get_julia_home, Any, ()), Base.DATAROOTDIR, "julia", "cert.pem")
         end
+        set_ssl_cert_locations(cert_loc)
     end
 end
 

deps/checksums/libgit2-15e119375018fba121cf58e02a9f17fe22df0df8.tar.gz/md5

@@ -0,0 +1 @@
+0d6fd3ed9265c6804349149b23ae6362

deps/checksums/libgit2-15e119375018fba121cf58e02a9f17fe22df0df8.tar.gz/sha512

@@ -0,0 +1 @@
+88a8a42bb8d18a5a722938404e048266d0899362ac89fdfedfa9f71aeb90408d8d98b4d9b9ea2ff46755d0a2cd8686ff04d31e85827566e1290a9536b8b36ac8

deps/libgit2.mk

@@ -37,7 +37,7 @@ LIBGIT2_OPTS += -DCURL_INCLUDE_DIRS=$(build_includedir) -DCURL_LIBRARIES="-L$(bu
 endif
 
 ifeq ($(OS),Linux)
-LIBGIT2_OPTS += -DUSE_OPENSSL=OFF -DUSE_MBEDTLS=ON -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
+LIBGIT2_OPTS += -DUSE_HTTPS=ON -DTLS_BACKEND="mbedTLS" -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
 endif
 ifeq ($(OS),FreeBSD)
 LIBGIT2_OPTS += -DCMAKE_INSTALL_RPATH="\$$ORIGIN"
@@ -78,29 +78,14 @@ $(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied: $(LIBGIT2_SRC_PATH)/so
 		patch -p1 -f < $(SRCDIR)/patches/libgit2-agent-nonfatal.patch
 	echo 1 > $@
 
-$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-writer-fix.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied
-	cd $(LIBGIT2_SRC_PATH) && \
-		patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls-writer-fix.patch
-	echo 1 > $@
-
-$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-writer-fix.patch-applied
+$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied
 	cd $(LIBGIT2_SRC_PATH) && \
 		patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls-verify.patch
 	echo 1 > $@
 
-$(LIBGIT2_SRC_PATH)/libgit2-gitconfig-symlink.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied
-	cd $(LIBGIT2_SRC_PATH) && \
-		patch -p1 -f < $(SRCDIR)/patches/libgit2-gitconfig-symlink.patch
-	echo 1 > $@
-
-$(LIBGIT2_SRC_PATH)/libgit2-free-config.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-gitconfig-symlink.patch-applied
-	cd $(LIBGIT2_SRC_PATH) && \
-		patch -p1 -f < $(SRCDIR)/patches/libgit2-free-config.patch
-	echo 1 > $@
-
-$(LIBGIT2_SRC_PATH)/libgit2-remote-push-NULL.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-free-config.patch-applied
+$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied
 	cd $(LIBGIT2_SRC_PATH) && \
-		patch -p1 -f < $(SRCDIR)/patches/libgit2-remote-push-NULL.patch
+		patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls-fixup.patch
 	echo 1 > $@
 
 $(build_datarootdir)/julia/cert.pem: $(CERTFILE)
@@ -111,11 +96,8 @@ $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: \
 	$(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied \
 	$(LIBGIT2_SRC_PATH)/libgit2-ssh.patch-applied \
 	$(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied \
-	$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-writer-fix.patch-applied \
 	$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-verify.patch-applied \
-	$(LIBGIT2_SRC_PATH)/libgit2-gitconfig-symlink.patch-applied \
-	$(LIBGIT2_SRC_PATH)/libgit2-free-config.patch-applied \
-	$(LIBGIT2_SRC_PATH)/libgit2-remote-push-NULL.patch-applied
+	$(LIBGIT2_SRC_PATH)/libgit2-mbedtls-fixup.patch-applied
 
 ifneq ($(CERTFILE),)
 $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: $(build_datarootdir)/julia/cert.pem

deps/libgit2.version

@@ -1,2 +1,2 @@
-LIBGIT2_BRANCH=v0.25.1
-LIBGIT2_SHA1=2fcb8705e584ca61f6c4657525c9d2713f6a39d2
+LIBGIT2_BRANCH=v0.26.0
+LIBGIT2_SHA1=15e119375018fba121cf58e02a9f17fe22df0df8

deps/patches/libgit2-mbedtls-fixup.patch

@@ -0,0 +1,70 @@
+commit de8721ae70dfae529fdb50224a47eadf6d29c574
+Author: Curtis Vogt <curtis.vogt@gmail.com>
+Date:   Thu Jun 29 16:31:08 2017 -0500
+
+    Corrections to mbedtls support with LibGit2 0.26.0
+
+diff --git a/src/settings.c b/src/settings.c
+index 3a46f0d..4d976a0 100644
+--- a/src/settings.c
++++ b/src/settings.c
+@@ -179,14 +179,18 @@ int git_libgit2_opts(int key, ...)
+ 			const char *path = va_arg(ap, const char *);
+ 			error = git_openssl_set_cert_file(file, path);
+ 		}
+-#elif GIT_MBEDTLS
++#elif defined(GIT_MBEDTLS)
+ 		{
+ 			const char *file = va_arg(ap, const char *);
+ 			const char *path = va_arg(ap, const char *);
+-			if (file)
++			if (file) {
+ 				error = git_mbedtls_set_cert_file(file, 0);
+-			if (error && path)
+-				error = git_mbedtls_set_cert_file(path, 0);
++			} else if (path) {
++				error = git_mbedtls_set_cert_file(path, 1);
++			} else {
++				giterr_set(GITERR_NET, "cannot set certificate locations: no file or path given");
++				error = -1;
++			}
+ 		}
+ #else
+ 		giterr_set(GITERR_NET, "cannot set certificate locations: OpenSSL or mbedTLS is not enabled");
+diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c
+index e456ea8..b4eb991 100644
+--- a/src/streams/mbedtls.c
++++ b/src/streams/mbedtls.c
+@@ -205,12 +205,12 @@ static int ssl_set_error(mbedtls_ssl_context *ssl, int error)
+ 		break;
+
+ 	case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
+-		giterr_set(GITERR_SSL, "SSL error: %x[%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
++		giterr_set(GITERR_SSL, "SSL error: 0x%04x [%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
+ 		ret = GIT_ECERTIFICATE;
+ 		break;
+
+ 	default:
+-		giterr_set(GITERR_SSL, "SSL error: %x - %s", error, errbuf);
++		giterr_set(GITERR_SSL, "SSL error: 0x%04x - %s", error, errbuf);
+ 	}
+
+ 	return ret;
+@@ -236,7 +236,7 @@ static int verify_server_cert(mbedtls_ssl_context *ssl, const char *host)
+ 	if ((ret = mbedtls_ssl_get_verify_result(ssl)) != 0) {
+ 		char vrfy_buf[512];
+ 		mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "", ret);
+-		giterr_set(GITERR_SSL, "The SSL certificate is invalid: %x - %s", ret, vrfy_buf);
++		giterr_set(GITERR_SSL, "The SSL certificate is invalid: 0x%04x - %s", ret, vrfy_buf);
+ 		return GIT_ECERTIFICATE;
+ 	}
+
+@@ -430,7 +430,7 @@ int git_mbedtls_set_cert_file(const char *path, int is_dir)
+ 		ret = mbedtls_x509_crt_parse_file(cacert, path);
+ 	}
+ 	// mbedtls_x509_crt_parse_path returns the number of invalid certs on success
+-	if (ret <= 0) {
++	if (ret < 0) {
+ 		mbedtls_x509_crt_free(cacert);
+ 		git__free(cacert);
+ 		mbedtls_strerror( ret, errbuf, 512 );