Welcome to the 92nd edition of Git Rev News, a digest of all things Git. For our goals, the archives, the way we work, and how to contribute or to subscribe, see the Git Rev News page on git.github.io.
This edition covers what happened during the month of October 2022.
Git participated in GSoC (Google Summer of Code) 2022
The following contributors have successfully passed their final evaluation and published a final report:
Shaoxuan Yuan worked on the More Sparse Index Integrations project project. He was co-mentored by Derrick Stolee and Victoria Dye.
Abhradeep Chakraborty worked on the Reachability bitmap improvements project. He was co-mentored by Kaartic Sivaraam and Taylor Blau.
Also Siddharth Asthana successfully participated in GSoC 2022 for GitLab (instead of Git) and contributed to Git as part of his work on the Add Support for Mailmap project. He was co-mentored by John Cai and Christian Couder.
Congratulations to these contributors and their mentors!
[PATCH] fuzz: add basic fuzz testing for git command
Arthur Chan sent a patch to add basic fuzz testing to Git. The patch
added a set of helper functions in some fuzz-cmd-base.{h,c}
files
and a demonstration entry point (called fuzzing target) for
LibFuzzer or similar tools
to inject fuzzed data into git status
in a fuzz-cmd-status.c
file.
Ævar Arnfjörð Bjarmason replied to Arthur. He suggested coding style
improvements to better match our style as well as taking a look at
the infrastructure code we already have for fuzzing. He also
wondered if existing code - that is, APIs for file generation and
the shell-based infrastructure in the t/
directory - could not
be used for fuzzing, too.
Arthur replied that he couldn’t find existing infrastructure code
for fuzzing and that he was confused about avoiding the system
(3)
calls as they were needed to reset the state of the repo after each
round of fuzzing, and the LLVM oss-fuzz library required such
resetting logic to be included in the C code.
Junio Hamano, the Git maintainer, also replied to Arthur saying
that, before adding new fuzzing infrastructure, existing one should
be moved into a new fuzz/
directory. Junio also suggested some
coding style improvements and commented on possible performance and
correctness issues.
Arthur replied to Junio that he implemented the suggested changes in a version 2 of the patch that he was preparing, and then sent this version 2 to the mailing list.
This version of this patch indeed moved some existing
fuzz-commit-graph.c
, fuzz-pack-headers.c
and fuzz-pack-idx.c
files into a new oss-fuzz
directory. The patch still added the new
fuzzing infrastructure that was in the previous version, though a lot
of the issues that had been pointed out were fixed.
Junio replied that it was better to have the “cleaning up of existing stuff” and “addition of new stuff” split into two separate patches instead of having everything in the same one.
Arthur agreed to split the move of the existing fuzzing infrastructure into a separate preparatory patch called “fuzz: reorganise the path for existing oss-fuzz fuzzers” that he later sent to the mailing list.
Junio reviewed the preparatory patch and found that some changes to
the .gitignore
file were likely missing. He also asked how the
fuzzing should be launched.
Arthur replied agreed that changing the .gitignore
file was needed
and said that he got privately in touch with people from
oss-fuzz targeting Git
who had implemented the existing fuzzing. He also said that a
Dockerfile and build script prepared for Git would launch the
fuzzing.
Arthur then sent a
version 2 of the preparatory patch
with a few small fixes and the .gitignore
changes that Junio
suggested. Soon after he sent a
version 3
with very minor changes compared to version 2.
Ævar replied to this new version suggesting some commit message
improvements to better explain the patch purpose as well as creating
oss-fuzz/.gitignore
instead of changing the .gitignore
file at
the root of the repository.
Arthur sent a version 4 with the suggested changes.
Junio commented a bit on how to make sure people get CC’ed in the
emails sent by GitGitGadget but
was happy with the patch itself, which has since been merged into the
master
branch.
We are looking forward to even more fuzzing infrastructure improvements in the near future.
Events
Various
--local
clone optimization
(important when cloning with --recurse-submodules
from untrusted repositories)
and git shell
’s interactive command mode.
Fixed in Git 2.38.1..git
folders exposed to public.Light reading
git log
should be clean” vs. team
“git log
should have an accurate history” and the consequences for GitHub users.Git tools and sites
focus
is a tool to manage
Git sparse checkouts
derived from the Bazel build graph.nb
is a command line and local web
note-taking, bookmarking, archiving, and knowledge base application
with Git-backed versioning and syncing.This edition of Git Rev News was curated by Christian Couder <christian.couder@gmail.com>, Jakub Narębski <jnareb@gmail.com>, Markus Jansen <mja@jansen-preisler.de> and Kaartic Sivaraam <kaartic.sivaraam@gmail.com> with help from Johannes Schindelin and Bruno Brito.