1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24#include "oidset.h"
25
26static const char * const receive_pack_usage[] = {
27 N_("git receive-pack <git-dir>"),
28 NULL
29};
30
31enum deny_action {
32 DENY_UNCONFIGURED,
33 DENY_IGNORE,
34 DENY_WARN,
35 DENY_REFUSE,
36 DENY_UPDATE_INSTEAD
37};
38
39static int deny_deletes;
40static int deny_non_fast_forwards;
41static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
42static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
43static int receive_fsck_objects = -1;
44static int transfer_fsck_objects = -1;
45static struct strbuf fsck_msg_types = STRBUF_INIT;
46static int receive_unpack_limit = -1;
47static int transfer_unpack_limit = -1;
48static int advertise_atomic_push = 1;
49static int advertise_push_options;
50static int unpack_limit = 100;
51static off_t max_input_size;
52static int report_status;
53static int use_sideband;
54static int use_atomic;
55static int use_push_options;
56static int quiet;
57static int prefer_ofs_delta = 1;
58static int auto_update_server_info;
59static int auto_gc = 1;
60static int reject_thin;
61static int stateless_rpc;
62static const char *service_dir;
63static const char *head_name;
64static void *head_name_to_free;
65static int sent_capabilities;
66static int shallow_update;
67static const char *alt_shallow_file;
68static struct strbuf push_cert = STRBUF_INIT;
69static unsigned char push_cert_sha1[20];
70static struct signature_check sigcheck;
71static const char *push_cert_nonce;
72static const char *cert_nonce_seed;
73
74static const char *NONCE_UNSOLICITED = "UNSOLICITED";
75static const char *NONCE_BAD = "BAD";
76static const char *NONCE_MISSING = "MISSING";
77static const char *NONCE_OK = "OK";
78static const char *NONCE_SLOP = "SLOP";
79static const char *nonce_status;
80static long nonce_stamp_slop;
81static timestamp_t nonce_stamp_slop_limit;
82static struct ref_transaction *transaction;
83
84static enum {
85 KEEPALIVE_NEVER = 0,
86 KEEPALIVE_AFTER_NUL,
87 KEEPALIVE_ALWAYS
88} use_keepalive;
89static int keepalive_in_sec = 5;
90
91static struct tmp_objdir *tmp_objdir;
92
93static enum deny_action parse_deny_action(const char *var, const char *value)
94{
95 if (value) {
96 if (!strcasecmp(value, "ignore"))
97 return DENY_IGNORE;
98 if (!strcasecmp(value, "warn"))
99 return DENY_WARN;
100 if (!strcasecmp(value, "refuse"))
101 return DENY_REFUSE;
102 if (!strcasecmp(value, "updateinstead"))
103 return DENY_UPDATE_INSTEAD;
104 }
105 if (git_config_bool(var, value))
106 return DENY_REFUSE;
107 return DENY_IGNORE;
108}
109
110static int receive_pack_config(const char *var, const char *value, void *cb)
111{
112 int status = parse_hide_refs_config(var, value, "receive");
113
114 if (status)
115 return status;
116
117 if (strcmp(var, "receive.denydeletes") == 0) {
118 deny_deletes = git_config_bool(var, value);
119 return 0;
120 }
121
122 if (strcmp(var, "receive.denynonfastforwards") == 0) {
123 deny_non_fast_forwards = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.unpacklimit") == 0) {
128 receive_unpack_limit = git_config_int(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "transfer.unpacklimit") == 0) {
133 transfer_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "receive.fsck.skiplist") == 0) {
138 const char *path;
139
140 if (git_config_pathname(&path, var, value))
141 return 1;
142 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
143 fsck_msg_types.len ? ',' : '=', path);
144 free((char *)path);
145 return 0;
146 }
147
148 if (skip_prefix(var, "receive.fsck.", &var)) {
149 if (is_valid_msg_type(var, value))
150 strbuf_addf(&fsck_msg_types, "%c%s=%s",
151 fsck_msg_types.len ? ',' : '=', var, value);
152 else
153 warning("Skipping unknown msg id '%s'", var);
154 return 0;
155 }
156
157 if (strcmp(var, "receive.fsckobjects") == 0) {
158 receive_fsck_objects = git_config_bool(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "transfer.fsckobjects") == 0) {
163 transfer_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (!strcmp(var, "receive.denycurrentbranch")) {
168 deny_current_branch = parse_deny_action(var, value);
169 return 0;
170 }
171
172 if (strcmp(var, "receive.denydeletecurrent") == 0) {
173 deny_delete_current = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
178 prefer_ofs_delta = git_config_bool(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.updateserverinfo") == 0) {
183 auto_update_server_info = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.autogc") == 0) {
188 auto_gc = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.shallowupdate") == 0) {
193 shallow_update = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.certnonceseed") == 0)
198 return git_config_string(&cert_nonce_seed, var, value);
199
200 if (strcmp(var, "receive.certnonceslop") == 0) {
201 nonce_stamp_slop_limit = git_config_ulong(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "receive.advertiseatomic") == 0) {
206 advertise_atomic_push = git_config_bool(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertisepushoptions") == 0) {
211 advertise_push_options = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.keepalive") == 0) {
216 keepalive_in_sec = git_config_int(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.maxinputsize") == 0) {
221 max_input_size = git_config_int64(var, value);
222 return 0;
223 }
224
225 return git_default_config(var, value, cb);
226}
227
228static void show_ref(const char *path, const struct object_id *oid)
229{
230 if (sent_capabilities) {
231 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
232 } else {
233 struct strbuf cap = STRBUF_INIT;
234
235 strbuf_addstr(&cap,
236 "report-status delete-refs side-band-64k quiet");
237 if (advertise_atomic_push)
238 strbuf_addstr(&cap, " atomic");
239 if (prefer_ofs_delta)
240 strbuf_addstr(&cap, " ofs-delta");
241 if (push_cert_nonce)
242 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
243 if (advertise_push_options)
244 strbuf_addstr(&cap, " push-options");
245 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
246 packet_write_fmt(1, "%s %s%c%s\n",
247 oid_to_hex(oid), path, 0, cap.buf);
248 strbuf_release(&cap);
249 sent_capabilities = 1;
250 }
251}
252
253static int show_ref_cb(const char *path_full, const struct object_id *oid,
254 int flag, void *data)
255{
256 struct oidset *seen = data;
257 const char *path = strip_namespace(path_full);
258
259 if (ref_is_hidden(path, path_full))
260 return 0;
261
262 /*
263 * Advertise refs outside our current namespace as ".have"
264 * refs, so that the client can use them to minimize data
265 * transfer but will otherwise ignore them.
266 */
267 if (!path) {
268 if (oidset_insert(seen, oid))
269 return 0;
270 path = ".have";
271 } else {
272 oidset_insert(seen, oid);
273 }
274 show_ref(path, oid);
275 return 0;
276}
277
278static void show_one_alternate_ref(const char *refname,
279 const struct object_id *oid,
280 void *data)
281{
282 struct oidset *seen = data;
283
284 if (oidset_insert(seen, oid))
285 return;
286
287 show_ref(".have", oid);
288}
289
290static void write_head_info(void)
291{
292 static struct oidset seen = OIDSET_INIT;
293
294 for_each_ref(show_ref_cb, &seen);
295 for_each_alternate_ref(show_one_alternate_ref, &seen);
296 oidset_clear(&seen);
297 if (!sent_capabilities)
298 show_ref("capabilities^{}", &null_oid);
299
300 advertise_shallow_grafts(1);
301
302 /* EOF */
303 packet_flush(1);
304}
305
306struct command {
307 struct command *next;
308 const char *error_string;
309 unsigned int skip_update:1,
310 did_not_exist:1;
311 int index;
312 struct object_id old_oid;
313 struct object_id new_oid;
314 char ref_name[FLEX_ARRAY]; /* more */
315};
316
317static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
318static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
319
320static void report_message(const char *prefix, const char *err, va_list params)
321{
322 int sz;
323 char msg[4096];
324
325 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
326 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
327 if (sz > (sizeof(msg) - 1))
328 sz = sizeof(msg) - 1;
329 msg[sz++] = '\n';
330
331 if (use_sideband)
332 send_sideband(1, 2, msg, sz, use_sideband);
333 else
334 xwrite(2, msg, sz);
335}
336
337static void rp_warning(const char *err, ...)
338{
339 va_list params;
340 va_start(params, err);
341 report_message("warning: ", err, params);
342 va_end(params);
343}
344
345static void rp_error(const char *err, ...)
346{
347 va_list params;
348 va_start(params, err);
349 report_message("error: ", err, params);
350 va_end(params);
351}
352
353static int copy_to_sideband(int in, int out, void *arg)
354{
355 char data[128];
356 int keepalive_active = 0;
357
358 if (keepalive_in_sec <= 0)
359 use_keepalive = KEEPALIVE_NEVER;
360 if (use_keepalive == KEEPALIVE_ALWAYS)
361 keepalive_active = 1;
362
363 while (1) {
364 ssize_t sz;
365
366 if (keepalive_active) {
367 struct pollfd pfd;
368 int ret;
369
370 pfd.fd = in;
371 pfd.events = POLLIN;
372 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
373
374 if (ret < 0) {
375 if (errno == EINTR)
376 continue;
377 else
378 break;
379 } else if (ret == 0) {
380 /* no data; send a keepalive packet */
381 static const char buf[] = "0005\1";
382 write_or_die(1, buf, sizeof(buf) - 1);
383 continue;
384 } /* else there is actual data to read */
385 }
386
387 sz = xread(in, data, sizeof(data));
388 if (sz <= 0)
389 break;
390
391 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
392 const char *p = memchr(data, '\0', sz);
393 if (p) {
394 /*
395 * The NUL tells us to start sending keepalives. Make
396 * sure we send any other data we read along
397 * with it.
398 */
399 keepalive_active = 1;
400 send_sideband(1, 2, data, p - data, use_sideband);
401 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
402 continue;
403 }
404 }
405
406 /*
407 * Either we're not looking for a NUL signal, or we didn't see
408 * it yet; just pass along the data.
409 */
410 send_sideband(1, 2, data, sz, use_sideband);
411 }
412 close(in);
413 return 0;
414}
415
416#define HMAC_BLOCK_SIZE 64
417
418static void hmac_sha1(unsigned char *out,
419 const char *key_in, size_t key_len,
420 const char *text, size_t text_len)
421{
422 unsigned char key[HMAC_BLOCK_SIZE];
423 unsigned char k_ipad[HMAC_BLOCK_SIZE];
424 unsigned char k_opad[HMAC_BLOCK_SIZE];
425 int i;
426 git_SHA_CTX ctx;
427
428 /* RFC 2104 2. (1) */
429 memset(key, '\0', HMAC_BLOCK_SIZE);
430 if (HMAC_BLOCK_SIZE < key_len) {
431 git_SHA1_Init(&ctx);
432 git_SHA1_Update(&ctx, key_in, key_len);
433 git_SHA1_Final(key, &ctx);
434 } else {
435 memcpy(key, key_in, key_len);
436 }
437
438 /* RFC 2104 2. (2) & (5) */
439 for (i = 0; i < sizeof(key); i++) {
440 k_ipad[i] = key[i] ^ 0x36;
441 k_opad[i] = key[i] ^ 0x5c;
442 }
443
444 /* RFC 2104 2. (3) & (4) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
447 git_SHA1_Update(&ctx, text, text_len);
448 git_SHA1_Final(out, &ctx);
449
450 /* RFC 2104 2. (6) & (7) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
453 git_SHA1_Update(&ctx, out, 20);
454 git_SHA1_Final(out, &ctx);
455}
456
457static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
458{
459 struct strbuf buf = STRBUF_INIT;
460 unsigned char sha1[20];
461
462 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
463 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
464 strbuf_release(&buf);
465
466 /* RFC 2104 5. HMAC-SHA1-80 */
467 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
468 return strbuf_detach(&buf, NULL);
469}
470
471/*
472 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
473 * after dropping "_commit" from its name and possibly moving it out
474 * of commit.c
475 */
476static char *find_header(const char *msg, size_t len, const char *key,
477 const char **next_line)
478{
479 int key_len = strlen(key);
480 const char *line = msg;
481
482 while (line && line < msg + len) {
483 const char *eol = strchrnul(line, '\n');
484
485 if ((msg + len <= eol) || line == eol)
486 return NULL;
487 if (line + key_len < eol &&
488 !memcmp(line, key, key_len) && line[key_len] == ' ') {
489 int offset = key_len + 1;
490 if (next_line)
491 *next_line = *eol ? eol + 1 : eol;
492 return xmemdupz(line + offset, (eol - line) - offset);
493 }
494 line = *eol ? eol + 1 : NULL;
495 }
496 return NULL;
497}
498
499static const char *check_nonce(const char *buf, size_t len)
500{
501 char *nonce = find_header(buf, len, "nonce", NULL);
502 timestamp_t stamp, ostamp;
503 char *bohmac, *expect = NULL;
504 const char *retval = NONCE_BAD;
505
506 if (!nonce) {
507 retval = NONCE_MISSING;
508 goto leave;
509 } else if (!push_cert_nonce) {
510 retval = NONCE_UNSOLICITED;
511 goto leave;
512 } else if (!strcmp(push_cert_nonce, nonce)) {
513 retval = NONCE_OK;
514 goto leave;
515 }
516
517 if (!stateless_rpc) {
518 /* returned nonce MUST match what we gave out earlier */
519 retval = NONCE_BAD;
520 goto leave;
521 }
522
523 /*
524 * In stateless mode, we may be receiving a nonce issued by
525 * another instance of the server that serving the same
526 * repository, and the timestamps may not match, but the
527 * nonce-seed and dir should match, so we can recompute and
528 * report the time slop.
529 *
530 * In addition, when a nonce issued by another instance has
531 * timestamp within receive.certnonceslop seconds, we pretend
532 * as if we issued that nonce when reporting to the hook.
533 */
534
535 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
536 if (*nonce <= '0' || '9' < *nonce) {
537 retval = NONCE_BAD;
538 goto leave;
539 }
540 stamp = parse_timestamp(nonce, &bohmac, 10);
541 if (bohmac == nonce || bohmac[0] != '-') {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545
546 expect = prepare_push_cert_nonce(service_dir, stamp);
547 if (strcmp(expect, nonce)) {
548 /* Not what we would have signed earlier */
549 retval = NONCE_BAD;
550 goto leave;
551 }
552
553 /*
554 * By how many seconds is this nonce stale? Negative value
555 * would mean it was issued by another server with its clock
556 * skewed in the future.
557 */
558 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
559 nonce_stamp_slop = (long)ostamp - (long)stamp;
560
561 if (nonce_stamp_slop_limit &&
562 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
563 /*
564 * Pretend as if the received nonce (which passes the
565 * HMAC check, so it is not a forged by third-party)
566 * is what we issued.
567 */
568 free((void *)push_cert_nonce);
569 push_cert_nonce = xstrdup(nonce);
570 retval = NONCE_OK;
571 } else {
572 retval = NONCE_SLOP;
573 }
574
575leave:
576 free(nonce);
577 free(expect);
578 return retval;
579}
580
581/*
582 * Return 1 if there is no push_cert or if the push options in push_cert are
583 * the same as those in the argument; 0 otherwise.
584 */
585static int check_cert_push_options(const struct string_list *push_options)
586{
587 const char *buf = push_cert.buf;
588 int len = push_cert.len;
589
590 char *option;
591 const char *next_line;
592 int options_seen = 0;
593
594 int retval = 1;
595
596 if (!len)
597 return 1;
598
599 while ((option = find_header(buf, len, "push-option", &next_line))) {
600 len -= (next_line - buf);
601 buf = next_line;
602 options_seen++;
603 if (options_seen > push_options->nr
604 || strcmp(option,
605 push_options->items[options_seen - 1].string)) {
606 retval = 0;
607 goto leave;
608 }
609 free(option);
610 }
611
612 if (options_seen != push_options->nr)
613 retval = 0;
614
615leave:
616 free(option);
617 return retval;
618}
619
620static void prepare_push_cert_sha1(struct child_process *proc)
621{
622 static int already_done;
623
624 if (!push_cert.len)
625 return;
626
627 if (!already_done) {
628 struct strbuf gpg_output = STRBUF_INIT;
629 struct strbuf gpg_status = STRBUF_INIT;
630 int bogs /* beginning_of_gpg_sig */;
631
632 already_done = 1;
633 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
634 hashclr(push_cert_sha1);
635
636 memset(&sigcheck, '\0', sizeof(sigcheck));
637 sigcheck.result = 'N';
638
639 bogs = parse_signature(push_cert.buf, push_cert.len);
640 if (verify_signed_buffer(push_cert.buf, bogs,
641 push_cert.buf + bogs, push_cert.len - bogs,
642 &gpg_output, &gpg_status) < 0) {
643 ; /* error running gpg */
644 } else {
645 sigcheck.payload = push_cert.buf;
646 sigcheck.gpg_output = gpg_output.buf;
647 sigcheck.gpg_status = gpg_status.buf;
648 parse_gpg_output(&sigcheck);
649 }
650
651 strbuf_release(&gpg_output);
652 strbuf_release(&gpg_status);
653 nonce_status = check_nonce(push_cert.buf, bogs);
654 }
655 if (!is_null_sha1(push_cert_sha1)) {
656 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
657 sha1_to_hex(push_cert_sha1));
658 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
659 sigcheck.signer ? sigcheck.signer : "");
660 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
661 sigcheck.key ? sigcheck.key : "");
662 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
663 sigcheck.result);
664 if (push_cert_nonce) {
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE=%s",
667 push_cert_nonce);
668 argv_array_pushf(&proc->env_array,
669 "GIT_PUSH_CERT_NONCE_STATUS=%s",
670 nonce_status);
671 if (nonce_status == NONCE_SLOP)
672 argv_array_pushf(&proc->env_array,
673 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
674 nonce_stamp_slop);
675 }
676 }
677}
678
679struct receive_hook_feed_state {
680 struct command *cmd;
681 int skip_broken;
682 struct strbuf buf;
683 const struct string_list *push_options;
684};
685
686typedef int (*feed_fn)(void *, const char **, size_t *);
687static int run_and_feed_hook(const char *hook_name, feed_fn feed,
688 struct receive_hook_feed_state *feed_state)
689{
690 struct child_process proc = CHILD_PROCESS_INIT;
691 struct async muxer;
692 const char *argv[2];
693 int code;
694
695 argv[0] = find_hook(hook_name);
696 if (!argv[0])
697 return 0;
698
699 argv[1] = NULL;
700
701 proc.argv = argv;
702 proc.in = -1;
703 proc.stdout_to_stderr = 1;
704 if (feed_state->push_options) {
705 int i;
706 for (i = 0; i < feed_state->push_options->nr; i++)
707 argv_array_pushf(&proc.env_array,
708 "GIT_PUSH_OPTION_%d=%s", i,
709 feed_state->push_options->items[i].string);
710 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
711 feed_state->push_options->nr);
712 } else
713 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
714
715 if (tmp_objdir)
716 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
717
718 if (use_sideband) {
719 memset(&muxer, 0, sizeof(muxer));
720 muxer.proc = copy_to_sideband;
721 muxer.in = -1;
722 code = start_async(&muxer);
723 if (code)
724 return code;
725 proc.err = muxer.in;
726 }
727
728 prepare_push_cert_sha1(&proc);
729
730 code = start_command(&proc);
731 if (code) {
732 if (use_sideband)
733 finish_async(&muxer);
734 return code;
735 }
736
737 sigchain_push(SIGPIPE, SIG_IGN);
738
739 while (1) {
740 const char *buf;
741 size_t n;
742 if (feed(feed_state, &buf, &n))
743 break;
744 if (write_in_full(proc.in, buf, n) != n)
745 break;
746 }
747 close(proc.in);
748 if (use_sideband)
749 finish_async(&muxer);
750
751 sigchain_pop(SIGPIPE);
752
753 return finish_command(&proc);
754}
755
756static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
757{
758 struct receive_hook_feed_state *state = state_;
759 struct command *cmd = state->cmd;
760
761 while (cmd &&
762 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
763 cmd = cmd->next;
764 if (!cmd)
765 return -1; /* EOF */
766 strbuf_reset(&state->buf);
767 strbuf_addf(&state->buf, "%s %s %s\n",
768 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
769 cmd->ref_name);
770 state->cmd = cmd->next;
771 if (bufp) {
772 *bufp = state->buf.buf;
773 *sizep = state->buf.len;
774 }
775 return 0;
776}
777
778static int run_receive_hook(struct command *commands,
779 const char *hook_name,
780 int skip_broken,
781 const struct string_list *push_options)
782{
783 struct receive_hook_feed_state state;
784 int status;
785
786 strbuf_init(&state.buf, 0);
787 state.cmd = commands;
788 state.skip_broken = skip_broken;
789 if (feed_receive_hook(&state, NULL, NULL))
790 return 0;
791 state.cmd = commands;
792 state.push_options = push_options;
793 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
794 strbuf_release(&state.buf);
795 return status;
796}
797
798static int run_update_hook(struct command *cmd)
799{
800 const char *argv[5];
801 struct child_process proc = CHILD_PROCESS_INIT;
802 int code;
803
804 argv[0] = find_hook("update");
805 if (!argv[0])
806 return 0;
807
808 argv[1] = cmd->ref_name;
809 argv[2] = oid_to_hex(&cmd->old_oid);
810 argv[3] = oid_to_hex(&cmd->new_oid);
811 argv[4] = NULL;
812
813 proc.no_stdin = 1;
814 proc.stdout_to_stderr = 1;
815 proc.err = use_sideband ? -1 : 0;
816 proc.argv = argv;
817
818 code = start_command(&proc);
819 if (code)
820 return code;
821 if (use_sideband)
822 copy_to_sideband(proc.err, -1, NULL);
823 return finish_command(&proc);
824}
825
826static int is_ref_checked_out(const char *ref)
827{
828 if (is_bare_repository())
829 return 0;
830
831 if (!head_name)
832 return 0;
833 return !strcmp(head_name, ref);
834}
835
836static char *refuse_unconfigured_deny_msg =
837 N_("By default, updating the current branch in a non-bare repository\n"
838 "is denied, because it will make the index and work tree inconsistent\n"
839 "with what you pushed, and will require 'git reset --hard' to match\n"
840 "the work tree to HEAD.\n"
841 "\n"
842 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
843 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
844 "its current branch; however, this is not recommended unless you\n"
845 "arranged to update its work tree to match what you pushed in some\n"
846 "other way.\n"
847 "\n"
848 "To squelch this message and still keep the default behaviour, set\n"
849 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
850
851static void refuse_unconfigured_deny(void)
852{
853 rp_error("%s", _(refuse_unconfigured_deny_msg));
854}
855
856static char *refuse_unconfigured_deny_delete_current_msg =
857 N_("By default, deleting the current branch is denied, because the next\n"
858 "'git clone' won't result in any file checked out, causing confusion.\n"
859 "\n"
860 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
861 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
862 "current branch, with or without a warning message.\n"
863 "\n"
864 "To squelch this message, you can set it to 'refuse'.");
865
866static void refuse_unconfigured_deny_delete_current(void)
867{
868 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
869}
870
871static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
872static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
873{
874 static struct lock_file shallow_lock;
875 struct oid_array extra = OID_ARRAY_INIT;
876 struct check_connected_options opt = CHECK_CONNECTED_INIT;
877 uint32_t mask = 1 << (cmd->index % 32);
878 int i;
879
880 trace_printf_key(&trace_shallow,
881 "shallow: update_shallow_ref %s\n", cmd->ref_name);
882 for (i = 0; i < si->shallow->nr; i++)
883 if (si->used_shallow[i] &&
884 (si->used_shallow[i][cmd->index / 32] & mask) &&
885 !delayed_reachability_test(si, i))
886 oid_array_append(&extra, &si->shallow->oid[i]);
887
888 opt.env = tmp_objdir_env(tmp_objdir);
889 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
890 if (check_connected(command_singleton_iterator, cmd, &opt)) {
891 rollback_lock_file(&shallow_lock);
892 oid_array_clear(&extra);
893 return -1;
894 }
895
896 commit_lock_file(&shallow_lock);
897
898 /*
899 * Make sure setup_alternate_shallow() for the next ref does
900 * not lose these new roots..
901 */
902 for (i = 0; i < extra.nr; i++)
903 register_shallow(extra.oid[i].hash);
904
905 si->shallow_ref[cmd->index] = 0;
906 oid_array_clear(&extra);
907 return 0;
908}
909
910/*
911 * NEEDSWORK: we should consolidate various implementions of "are we
912 * on an unborn branch?" test into one, and make the unified one more
913 * robust. !get_sha1() based check used here and elsewhere would not
914 * allow us to tell an unborn branch from corrupt ref, for example.
915 * For the purpose of fixing "deploy-to-update does not work when
916 * pushing into an empty repository" issue, this should suffice for
917 * now.
918 */
919static int head_has_history(void)
920{
921 unsigned char sha1[20];
922
923 return !get_sha1("HEAD", sha1);
924}
925
926static const char *push_to_deploy(unsigned char *sha1,
927 struct argv_array *env,
928 const char *work_tree)
929{
930 const char *update_refresh[] = {
931 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
932 };
933 const char *diff_files[] = {
934 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
935 };
936 const char *diff_index[] = {
937 "diff-index", "--quiet", "--cached", "--ignore-submodules",
938 NULL, "--", NULL
939 };
940 const char *read_tree[] = {
941 "read-tree", "-u", "-m", NULL, NULL
942 };
943 struct child_process child = CHILD_PROCESS_INIT;
944
945 child.argv = update_refresh;
946 child.env = env->argv;
947 child.dir = work_tree;
948 child.no_stdin = 1;
949 child.stdout_to_stderr = 1;
950 child.git_cmd = 1;
951 if (run_command(&child))
952 return "Up-to-date check failed";
953
954 /* run_command() does not clean up completely; reinitialize */
955 child_process_init(&child);
956 child.argv = diff_files;
957 child.env = env->argv;
958 child.dir = work_tree;
959 child.no_stdin = 1;
960 child.stdout_to_stderr = 1;
961 child.git_cmd = 1;
962 if (run_command(&child))
963 return "Working directory has unstaged changes";
964
965 /* diff-index with either HEAD or an empty tree */
966 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
967
968 child_process_init(&child);
969 child.argv = diff_index;
970 child.env = env->argv;
971 child.no_stdin = 1;
972 child.no_stdout = 1;
973 child.stdout_to_stderr = 0;
974 child.git_cmd = 1;
975 if (run_command(&child))
976 return "Working directory has staged changes";
977
978 read_tree[3] = sha1_to_hex(sha1);
979 child_process_init(&child);
980 child.argv = read_tree;
981 child.env = env->argv;
982 child.dir = work_tree;
983 child.no_stdin = 1;
984 child.no_stdout = 1;
985 child.stdout_to_stderr = 0;
986 child.git_cmd = 1;
987 if (run_command(&child))
988 return "Could not update working tree to new HEAD";
989
990 return NULL;
991}
992
993static const char *push_to_checkout_hook = "push-to-checkout";
994
995static const char *push_to_checkout(unsigned char *sha1,
996 struct argv_array *env,
997 const char *work_tree)
998{
999 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1000 if (run_hook_le(env->argv, push_to_checkout_hook,
1001 sha1_to_hex(sha1), NULL))
1002 return "push-to-checkout hook declined";
1003 else
1004 return NULL;
1005}
1006
1007static const char *update_worktree(unsigned char *sha1)
1008{
1009 const char *retval;
1010 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1011 struct argv_array env = ARGV_ARRAY_INIT;
1012
1013 if (is_bare_repository())
1014 return "denyCurrentBranch = updateInstead needs a worktree";
1015
1016 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1017
1018 if (!find_hook(push_to_checkout_hook))
1019 retval = push_to_deploy(sha1, &env, work_tree);
1020 else
1021 retval = push_to_checkout(sha1, &env, work_tree);
1022
1023 argv_array_clear(&env);
1024 return retval;
1025}
1026
1027static const char *update(struct command *cmd, struct shallow_info *si)
1028{
1029 const char *name = cmd->ref_name;
1030 struct strbuf namespaced_name_buf = STRBUF_INIT;
1031 const char *namespaced_name, *ret;
1032 struct object_id *old_oid = &cmd->old_oid;
1033 struct object_id *new_oid = &cmd->new_oid;
1034
1035 /* only refs/... are allowed */
1036 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1037 rp_error("refusing to create funny ref '%s' remotely", name);
1038 return "funny refname";
1039 }
1040
1041 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1042 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1043
1044 if (is_ref_checked_out(namespaced_name)) {
1045 switch (deny_current_branch) {
1046 case DENY_IGNORE:
1047 break;
1048 case DENY_WARN:
1049 rp_warning("updating the current branch");
1050 break;
1051 case DENY_REFUSE:
1052 case DENY_UNCONFIGURED:
1053 rp_error("refusing to update checked out branch: %s", name);
1054 if (deny_current_branch == DENY_UNCONFIGURED)
1055 refuse_unconfigured_deny();
1056 return "branch is currently checked out";
1057 case DENY_UPDATE_INSTEAD:
1058 ret = update_worktree(new_oid->hash);
1059 if (ret)
1060 return ret;
1061 break;
1062 }
1063 }
1064
1065 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1066 error("unpack should have generated %s, "
1067 "but I can't find it!", oid_to_hex(new_oid));
1068 return "bad pack";
1069 }
1070
1071 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1072 if (deny_deletes && starts_with(name, "refs/heads/")) {
1073 rp_error("denying ref deletion for %s", name);
1074 return "deletion prohibited";
1075 }
1076
1077 if (head_name && !strcmp(namespaced_name, head_name)) {
1078 switch (deny_delete_current) {
1079 case DENY_IGNORE:
1080 break;
1081 case DENY_WARN:
1082 rp_warning("deleting the current branch");
1083 break;
1084 case DENY_REFUSE:
1085 case DENY_UNCONFIGURED:
1086 case DENY_UPDATE_INSTEAD:
1087 if (deny_delete_current == DENY_UNCONFIGURED)
1088 refuse_unconfigured_deny_delete_current();
1089 rp_error("refusing to delete the current branch: %s", name);
1090 return "deletion of the current branch prohibited";
1091 default:
1092 return "Invalid denyDeleteCurrent setting";
1093 }
1094 }
1095 }
1096
1097 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1098 !is_null_oid(old_oid) &&
1099 starts_with(name, "refs/heads/")) {
1100 struct object *old_object, *new_object;
1101 struct commit *old_commit, *new_commit;
1102
1103 old_object = parse_object(old_oid->hash);
1104 new_object = parse_object(new_oid->hash);
1105
1106 if (!old_object || !new_object ||
1107 old_object->type != OBJ_COMMIT ||
1108 new_object->type != OBJ_COMMIT) {
1109 error("bad sha1 objects for %s", name);
1110 return "bad ref";
1111 }
1112 old_commit = (struct commit *)old_object;
1113 new_commit = (struct commit *)new_object;
1114 if (!in_merge_bases(old_commit, new_commit)) {
1115 rp_error("denying non-fast-forward %s"
1116 " (you should pull first)", name);
1117 return "non-fast-forward";
1118 }
1119 }
1120 if (run_update_hook(cmd)) {
1121 rp_error("hook declined to update %s", name);
1122 return "hook declined";
1123 }
1124
1125 if (is_null_oid(new_oid)) {
1126 struct strbuf err = STRBUF_INIT;
1127 if (!parse_object(old_oid->hash)) {
1128 old_oid = NULL;
1129 if (ref_exists(name)) {
1130 rp_warning("Allowing deletion of corrupt ref.");
1131 } else {
1132 rp_warning("Deleting a non-existent ref.");
1133 cmd->did_not_exist = 1;
1134 }
1135 }
1136 if (ref_transaction_delete(transaction,
1137 namespaced_name,
1138 old_oid->hash,
1139 0, "push", &err)) {
1140 rp_error("%s", err.buf);
1141 strbuf_release(&err);
1142 return "failed to delete";
1143 }
1144 strbuf_release(&err);
1145 return NULL; /* good */
1146 }
1147 else {
1148 struct strbuf err = STRBUF_INIT;
1149 if (shallow_update && si->shallow_ref[cmd->index] &&
1150 update_shallow_ref(cmd, si))
1151 return "shallow error";
1152
1153 if (ref_transaction_update(transaction,
1154 namespaced_name,
1155 new_oid->hash, old_oid->hash,
1156 0, "push",
1157 &err)) {
1158 rp_error("%s", err.buf);
1159 strbuf_release(&err);
1160
1161 return "failed to update ref";
1162 }
1163 strbuf_release(&err);
1164
1165 return NULL; /* good */
1166 }
1167}
1168
1169static void run_update_post_hook(struct command *commands)
1170{
1171 struct command *cmd;
1172 struct child_process proc = CHILD_PROCESS_INIT;
1173 const char *hook;
1174
1175 hook = find_hook("post-update");
1176 if (!hook)
1177 return;
1178
1179 for (cmd = commands; cmd; cmd = cmd->next) {
1180 if (cmd->error_string || cmd->did_not_exist)
1181 continue;
1182 if (!proc.args.argc)
1183 argv_array_push(&proc.args, hook);
1184 argv_array_push(&proc.args, cmd->ref_name);
1185 }
1186 if (!proc.args.argc)
1187 return;
1188
1189 proc.no_stdin = 1;
1190 proc.stdout_to_stderr = 1;
1191 proc.err = use_sideband ? -1 : 0;
1192
1193 if (!start_command(&proc)) {
1194 if (use_sideband)
1195 copy_to_sideband(proc.err, -1, NULL);
1196 finish_command(&proc);
1197 }
1198}
1199
1200static void check_aliased_update(struct command *cmd, struct string_list *list)
1201{
1202 struct strbuf buf = STRBUF_INIT;
1203 const char *dst_name;
1204 struct string_list_item *item;
1205 struct command *dst_cmd;
1206 unsigned char sha1[GIT_MAX_RAWSZ];
1207 int flag;
1208
1209 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1210 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1211 strbuf_release(&buf);
1212
1213 if (!(flag & REF_ISSYMREF))
1214 return;
1215
1216 if (!dst_name) {
1217 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1218 cmd->skip_update = 1;
1219 cmd->error_string = "broken symref";
1220 return;
1221 }
1222 dst_name = strip_namespace(dst_name);
1223
1224 if ((item = string_list_lookup(list, dst_name)) == NULL)
1225 return;
1226
1227 cmd->skip_update = 1;
1228
1229 dst_cmd = (struct command *) item->util;
1230
1231 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1232 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1233 return;
1234
1235 dst_cmd->skip_update = 1;
1236
1237 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1238 " its target '%s' (%s..%s)",
1239 cmd->ref_name,
1240 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1241 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1242 dst_cmd->ref_name,
1243 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1244 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1245
1246 cmd->error_string = dst_cmd->error_string =
1247 "inconsistent aliased update";
1248}
1249
1250static void check_aliased_updates(struct command *commands)
1251{
1252 struct command *cmd;
1253 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1254
1255 for (cmd = commands; cmd; cmd = cmd->next) {
1256 struct string_list_item *item =
1257 string_list_append(&ref_list, cmd->ref_name);
1258 item->util = (void *)cmd;
1259 }
1260 string_list_sort(&ref_list);
1261
1262 for (cmd = commands; cmd; cmd = cmd->next) {
1263 if (!cmd->error_string)
1264 check_aliased_update(cmd, &ref_list);
1265 }
1266
1267 string_list_clear(&ref_list, 0);
1268}
1269
1270static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1271{
1272 struct command **cmd_list = cb_data;
1273 struct command *cmd = *cmd_list;
1274
1275 if (!cmd || is_null_oid(&cmd->new_oid))
1276 return -1; /* end of list */
1277 *cmd_list = NULL; /* this returns only one */
1278 hashcpy(sha1, cmd->new_oid.hash);
1279 return 0;
1280}
1281
1282static void set_connectivity_errors(struct command *commands,
1283 struct shallow_info *si)
1284{
1285 struct command *cmd;
1286
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1288 struct command *singleton = cmd;
1289 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1290
1291 if (shallow_update && si->shallow_ref[cmd->index])
1292 /* to be checked in update_shallow_ref() */
1293 continue;
1294
1295 opt.env = tmp_objdir_env(tmp_objdir);
1296 if (!check_connected(command_singleton_iterator, &singleton,
1297 &opt))
1298 continue;
1299
1300 cmd->error_string = "missing necessary objects";
1301 }
1302}
1303
1304struct iterate_data {
1305 struct command *cmds;
1306 struct shallow_info *si;
1307};
1308
1309static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1310{
1311 struct iterate_data *data = cb_data;
1312 struct command **cmd_list = &data->cmds;
1313 struct command *cmd = *cmd_list;
1314
1315 for (; cmd; cmd = cmd->next) {
1316 if (shallow_update && data->si->shallow_ref[cmd->index])
1317 /* to be checked in update_shallow_ref() */
1318 continue;
1319 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1320 hashcpy(sha1, cmd->new_oid.hash);
1321 *cmd_list = cmd->next;
1322 return 0;
1323 }
1324 }
1325 *cmd_list = NULL;
1326 return -1; /* end of list */
1327}
1328
1329static void reject_updates_to_hidden(struct command *commands)
1330{
1331 struct strbuf refname_full = STRBUF_INIT;
1332 size_t prefix_len;
1333 struct command *cmd;
1334
1335 strbuf_addstr(&refname_full, get_git_namespace());
1336 prefix_len = refname_full.len;
1337
1338 for (cmd = commands; cmd; cmd = cmd->next) {
1339 if (cmd->error_string)
1340 continue;
1341
1342 strbuf_setlen(&refname_full, prefix_len);
1343 strbuf_addstr(&refname_full, cmd->ref_name);
1344
1345 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1346 continue;
1347 if (is_null_oid(&cmd->new_oid))
1348 cmd->error_string = "deny deleting a hidden ref";
1349 else
1350 cmd->error_string = "deny updating a hidden ref";
1351 }
1352
1353 strbuf_release(&refname_full);
1354}
1355
1356static int should_process_cmd(struct command *cmd)
1357{
1358 return !cmd->error_string && !cmd->skip_update;
1359}
1360
1361static void warn_if_skipped_connectivity_check(struct command *commands,
1362 struct shallow_info *si)
1363{
1364 struct command *cmd;
1365 int checked_connectivity = 1;
1366
1367 for (cmd = commands; cmd; cmd = cmd->next) {
1368 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1369 error("BUG: connectivity check has not been run on ref %s",
1370 cmd->ref_name);
1371 checked_connectivity = 0;
1372 }
1373 }
1374 if (!checked_connectivity)
1375 die("BUG: connectivity check skipped???");
1376}
1377
1378static void execute_commands_non_atomic(struct command *commands,
1379 struct shallow_info *si)
1380{
1381 struct command *cmd;
1382 struct strbuf err = STRBUF_INIT;
1383
1384 for (cmd = commands; cmd; cmd = cmd->next) {
1385 if (!should_process_cmd(cmd))
1386 continue;
1387
1388 transaction = ref_transaction_begin(&err);
1389 if (!transaction) {
1390 rp_error("%s", err.buf);
1391 strbuf_reset(&err);
1392 cmd->error_string = "transaction failed to start";
1393 continue;
1394 }
1395
1396 cmd->error_string = update(cmd, si);
1397
1398 if (!cmd->error_string
1399 && ref_transaction_commit(transaction, &err)) {
1400 rp_error("%s", err.buf);
1401 strbuf_reset(&err);
1402 cmd->error_string = "failed to update ref";
1403 }
1404 ref_transaction_free(transaction);
1405 }
1406 strbuf_release(&err);
1407}
1408
1409static void execute_commands_atomic(struct command *commands,
1410 struct shallow_info *si)
1411{
1412 struct command *cmd;
1413 struct strbuf err = STRBUF_INIT;
1414 const char *reported_error = "atomic push failure";
1415
1416 transaction = ref_transaction_begin(&err);
1417 if (!transaction) {
1418 rp_error("%s", err.buf);
1419 strbuf_reset(&err);
1420 reported_error = "transaction failed to start";
1421 goto failure;
1422 }
1423
1424 for (cmd = commands; cmd; cmd = cmd->next) {
1425 if (!should_process_cmd(cmd))
1426 continue;
1427
1428 cmd->error_string = update(cmd, si);
1429
1430 if (cmd->error_string)
1431 goto failure;
1432 }
1433
1434 if (ref_transaction_commit(transaction, &err)) {
1435 rp_error("%s", err.buf);
1436 reported_error = "atomic transaction failed";
1437 goto failure;
1438 }
1439 goto cleanup;
1440
1441failure:
1442 for (cmd = commands; cmd; cmd = cmd->next)
1443 if (!cmd->error_string)
1444 cmd->error_string = reported_error;
1445
1446cleanup:
1447 ref_transaction_free(transaction);
1448 strbuf_release(&err);
1449}
1450
1451static void execute_commands(struct command *commands,
1452 const char *unpacker_error,
1453 struct shallow_info *si,
1454 const struct string_list *push_options)
1455{
1456 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1457 struct command *cmd;
1458 struct object_id oid;
1459 struct iterate_data data;
1460 struct async muxer;
1461 int err_fd = 0;
1462
1463 if (unpacker_error) {
1464 for (cmd = commands; cmd; cmd = cmd->next)
1465 cmd->error_string = "unpacker error";
1466 return;
1467 }
1468
1469 if (use_sideband) {
1470 memset(&muxer, 0, sizeof(muxer));
1471 muxer.proc = copy_to_sideband;
1472 muxer.in = -1;
1473 if (!start_async(&muxer))
1474 err_fd = muxer.in;
1475 /* ...else, continue without relaying sideband */
1476 }
1477
1478 data.cmds = commands;
1479 data.si = si;
1480 opt.err_fd = err_fd;
1481 opt.progress = err_fd && !quiet;
1482 opt.env = tmp_objdir_env(tmp_objdir);
1483 if (check_connected(iterate_receive_command_list, &data, &opt))
1484 set_connectivity_errors(commands, si);
1485
1486 if (use_sideband)
1487 finish_async(&muxer);
1488
1489 reject_updates_to_hidden(commands);
1490
1491 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1492 for (cmd = commands; cmd; cmd = cmd->next) {
1493 if (!cmd->error_string)
1494 cmd->error_string = "pre-receive hook declined";
1495 }
1496 return;
1497 }
1498
1499 /*
1500 * Now we'll start writing out refs, which means the objects need
1501 * to be in their final positions so that other processes can see them.
1502 */
1503 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1504 for (cmd = commands; cmd; cmd = cmd->next) {
1505 if (!cmd->error_string)
1506 cmd->error_string = "unable to migrate objects to permanent storage";
1507 }
1508 return;
1509 }
1510 tmp_objdir = NULL;
1511
1512 check_aliased_updates(commands);
1513
1514 free(head_name_to_free);
1515 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1516
1517 if (use_atomic)
1518 execute_commands_atomic(commands, si);
1519 else
1520 execute_commands_non_atomic(commands, si);
1521
1522 if (shallow_update)
1523 warn_if_skipped_connectivity_check(commands, si);
1524}
1525
1526static struct command **queue_command(struct command **tail,
1527 const char *line,
1528 int linelen)
1529{
1530 struct object_id old_oid, new_oid;
1531 struct command *cmd;
1532 const char *refname;
1533 int reflen;
1534 const char *p;
1535
1536 if (parse_oid_hex(line, &old_oid, &p) ||
1537 *p++ != ' ' ||
1538 parse_oid_hex(p, &new_oid, &p) ||
1539 *p++ != ' ')
1540 die("protocol error: expected old/new/ref, got '%s'", line);
1541
1542 refname = p;
1543 reflen = linelen - (p - line);
1544 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1545 oidcpy(&cmd->old_oid, &old_oid);
1546 oidcpy(&cmd->new_oid, &new_oid);
1547 *tail = cmd;
1548 return &cmd->next;
1549}
1550
1551static void queue_commands_from_cert(struct command **tail,
1552 struct strbuf *push_cert)
1553{
1554 const char *boc, *eoc;
1555
1556 if (*tail)
1557 die("protocol error: got both push certificate and unsigned commands");
1558
1559 boc = strstr(push_cert->buf, "\n\n");
1560 if (!boc)
1561 die("malformed push certificate %.*s", 100, push_cert->buf);
1562 else
1563 boc += 2;
1564 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1565
1566 while (boc < eoc) {
1567 const char *eol = memchr(boc, '\n', eoc - boc);
1568 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1569 boc = eol ? eol + 1 : eoc;
1570 }
1571}
1572
1573static struct command *read_head_info(struct oid_array *shallow)
1574{
1575 struct command *commands = NULL;
1576 struct command **p = &commands;
1577 for (;;) {
1578 char *line;
1579 int len, linelen;
1580
1581 line = packet_read_line(0, &len);
1582 if (!line)
1583 break;
1584
1585 if (len > 8 && starts_with(line, "shallow ")) {
1586 struct object_id oid;
1587 if (get_oid_hex(line + 8, &oid))
1588 die("protocol error: expected shallow sha, got '%s'",
1589 line + 8);
1590 oid_array_append(shallow, &oid);
1591 continue;
1592 }
1593
1594 linelen = strlen(line);
1595 if (linelen < len) {
1596 const char *feature_list = line + linelen + 1;
1597 if (parse_feature_request(feature_list, "report-status"))
1598 report_status = 1;
1599 if (parse_feature_request(feature_list, "side-band-64k"))
1600 use_sideband = LARGE_PACKET_MAX;
1601 if (parse_feature_request(feature_list, "quiet"))
1602 quiet = 1;
1603 if (advertise_atomic_push
1604 && parse_feature_request(feature_list, "atomic"))
1605 use_atomic = 1;
1606 if (advertise_push_options
1607 && parse_feature_request(feature_list, "push-options"))
1608 use_push_options = 1;
1609 }
1610
1611 if (!strcmp(line, "push-cert")) {
1612 int true_flush = 0;
1613 char certbuf[1024];
1614
1615 for (;;) {
1616 len = packet_read(0, NULL, NULL,
1617 certbuf, sizeof(certbuf), 0);
1618 if (!len) {
1619 true_flush = 1;
1620 break;
1621 }
1622 if (!strcmp(certbuf, "push-cert-end\n"))
1623 break; /* end of cert */
1624 strbuf_addstr(&push_cert, certbuf);
1625 }
1626
1627 if (true_flush)
1628 break;
1629 continue;
1630 }
1631
1632 p = queue_command(p, line, linelen);
1633 }
1634
1635 if (push_cert.len)
1636 queue_commands_from_cert(p, &push_cert);
1637
1638 return commands;
1639}
1640
1641static void read_push_options(struct string_list *options)
1642{
1643 while (1) {
1644 char *line;
1645 int len;
1646
1647 line = packet_read_line(0, &len);
1648
1649 if (!line)
1650 break;
1651
1652 string_list_append(options, line);
1653 }
1654}
1655
1656static const char *parse_pack_header(struct pack_header *hdr)
1657{
1658 switch (read_pack_header(0, hdr)) {
1659 case PH_ERROR_EOF:
1660 return "eof before pack header was fully read";
1661
1662 case PH_ERROR_PACK_SIGNATURE:
1663 return "protocol error (pack signature mismatch detected)";
1664
1665 case PH_ERROR_PROTOCOL:
1666 return "protocol error (pack version unsupported)";
1667
1668 default:
1669 return "unknown error in parse_pack_header";
1670
1671 case 0:
1672 return NULL;
1673 }
1674}
1675
1676static const char *pack_lockfile;
1677
1678static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1679{
1680 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1681 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1682}
1683
1684static const char *unpack(int err_fd, struct shallow_info *si)
1685{
1686 struct pack_header hdr;
1687 const char *hdr_err;
1688 int status;
1689 struct child_process child = CHILD_PROCESS_INIT;
1690 int fsck_objects = (receive_fsck_objects >= 0
1691 ? receive_fsck_objects
1692 : transfer_fsck_objects >= 0
1693 ? transfer_fsck_objects
1694 : 0);
1695
1696 hdr_err = parse_pack_header(&hdr);
1697 if (hdr_err) {
1698 if (err_fd > 0)
1699 close(err_fd);
1700 return hdr_err;
1701 }
1702
1703 if (si->nr_ours || si->nr_theirs) {
1704 alt_shallow_file = setup_temporary_shallow(si->shallow);
1705 argv_array_push(&child.args, "--shallow-file");
1706 argv_array_push(&child.args, alt_shallow_file);
1707 }
1708
1709 tmp_objdir = tmp_objdir_create();
1710 if (!tmp_objdir) {
1711 if (err_fd > 0)
1712 close(err_fd);
1713 return "unable to create temporary object directory";
1714 }
1715 child.env = tmp_objdir_env(tmp_objdir);
1716
1717 /*
1718 * Normally we just pass the tmp_objdir environment to the child
1719 * processes that do the heavy lifting, but we may need to see these
1720 * objects ourselves to set up shallow information.
1721 */
1722 tmp_objdir_add_as_alternate(tmp_objdir);
1723
1724 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1725 argv_array_push(&child.args, "unpack-objects");
1726 push_header_arg(&child.args, &hdr);
1727 if (quiet)
1728 argv_array_push(&child.args, "-q");
1729 if (fsck_objects)
1730 argv_array_pushf(&child.args, "--strict%s",
1731 fsck_msg_types.buf);
1732 if (max_input_size)
1733 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1734 (uintmax_t)max_input_size);
1735 child.no_stdout = 1;
1736 child.err = err_fd;
1737 child.git_cmd = 1;
1738 status = run_command(&child);
1739 if (status)
1740 return "unpack-objects abnormal exit";
1741 } else {
1742 char hostname[HOST_NAME_MAX + 1];
1743
1744 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1745 push_header_arg(&child.args, &hdr);
1746
1747 if (xgethostname(hostname, sizeof(hostname)))
1748 xsnprintf(hostname, sizeof(hostname), "localhost");
1749 argv_array_pushf(&child.args,
1750 "--keep=receive-pack %"PRIuMAX" on %s",
1751 (uintmax_t)getpid(),
1752 hostname);
1753
1754 if (!quiet && err_fd)
1755 argv_array_push(&child.args, "--show-resolving-progress");
1756 if (use_sideband)
1757 argv_array_push(&child.args, "--report-end-of-input");
1758 if (fsck_objects)
1759 argv_array_pushf(&child.args, "--strict%s",
1760 fsck_msg_types.buf);
1761 if (!reject_thin)
1762 argv_array_push(&child.args, "--fix-thin");
1763 if (max_input_size)
1764 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1765 (uintmax_t)max_input_size);
1766 child.out = -1;
1767 child.err = err_fd;
1768 child.git_cmd = 1;
1769 status = start_command(&child);
1770 if (status)
1771 return "index-pack fork failed";
1772 pack_lockfile = index_pack_lockfile(child.out);
1773 close(child.out);
1774 status = finish_command(&child);
1775 if (status)
1776 return "index-pack abnormal exit";
1777 reprepare_packed_git();
1778 }
1779 return NULL;
1780}
1781
1782static const char *unpack_with_sideband(struct shallow_info *si)
1783{
1784 struct async muxer;
1785 const char *ret;
1786
1787 if (!use_sideband)
1788 return unpack(0, si);
1789
1790 use_keepalive = KEEPALIVE_AFTER_NUL;
1791 memset(&muxer, 0, sizeof(muxer));
1792 muxer.proc = copy_to_sideband;
1793 muxer.in = -1;
1794 if (start_async(&muxer))
1795 return NULL;
1796
1797 ret = unpack(muxer.in, si);
1798
1799 finish_async(&muxer);
1800 return ret;
1801}
1802
1803static void prepare_shallow_update(struct command *commands,
1804 struct shallow_info *si)
1805{
1806 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1807
1808 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1809 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1810
1811 si->need_reachability_test =
1812 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1813 si->reachable =
1814 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1815 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1816
1817 for (i = 0; i < si->nr_ours; i++)
1818 si->need_reachability_test[si->ours[i]] = 1;
1819
1820 for (i = 0; i < si->shallow->nr; i++) {
1821 if (!si->used_shallow[i])
1822 continue;
1823 for (j = 0; j < bitmap_size; j++) {
1824 if (!si->used_shallow[i][j])
1825 continue;
1826 si->need_reachability_test[i]++;
1827 for (k = 0; k < 32; k++)
1828 if (si->used_shallow[i][j] & (1U << k))
1829 si->shallow_ref[j * 32 + k]++;
1830 }
1831
1832 /*
1833 * true for those associated with some refs and belong
1834 * in "ours" list aka "step 7 not done yet"
1835 */
1836 si->need_reachability_test[i] =
1837 si->need_reachability_test[i] > 1;
1838 }
1839
1840 /*
1841 * keep hooks happy by forcing a temporary shallow file via
1842 * env variable because we can't add --shallow-file to every
1843 * command. check_everything_connected() will be done with
1844 * true .git/shallow though.
1845 */
1846 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1847}
1848
1849static void update_shallow_info(struct command *commands,
1850 struct shallow_info *si,
1851 struct oid_array *ref)
1852{
1853 struct command *cmd;
1854 int *ref_status;
1855 remove_nonexistent_theirs_shallow(si);
1856 if (!si->nr_ours && !si->nr_theirs) {
1857 shallow_update = 0;
1858 return;
1859 }
1860
1861 for (cmd = commands; cmd; cmd = cmd->next) {
1862 if (is_null_oid(&cmd->new_oid))
1863 continue;
1864 oid_array_append(ref, &cmd->new_oid);
1865 cmd->index = ref->nr - 1;
1866 }
1867 si->ref = ref;
1868
1869 if (shallow_update) {
1870 prepare_shallow_update(commands, si);
1871 return;
1872 }
1873
1874 ALLOC_ARRAY(ref_status, ref->nr);
1875 assign_shallow_commits_to_refs(si, NULL, ref_status);
1876 for (cmd = commands; cmd; cmd = cmd->next) {
1877 if (is_null_oid(&cmd->new_oid))
1878 continue;
1879 if (ref_status[cmd->index]) {
1880 cmd->error_string = "shallow update not allowed";
1881 cmd->skip_update = 1;
1882 }
1883 }
1884 free(ref_status);
1885}
1886
1887static void report(struct command *commands, const char *unpack_status)
1888{
1889 struct command *cmd;
1890 struct strbuf buf = STRBUF_INIT;
1891
1892 packet_buf_write(&buf, "unpack %s\n",
1893 unpack_status ? unpack_status : "ok");
1894 for (cmd = commands; cmd; cmd = cmd->next) {
1895 if (!cmd->error_string)
1896 packet_buf_write(&buf, "ok %s\n",
1897 cmd->ref_name);
1898 else
1899 packet_buf_write(&buf, "ng %s %s\n",
1900 cmd->ref_name, cmd->error_string);
1901 }
1902 packet_buf_flush(&buf);
1903
1904 if (use_sideband)
1905 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1906 else
1907 write_or_die(1, buf.buf, buf.len);
1908 strbuf_release(&buf);
1909}
1910
1911static int delete_only(struct command *commands)
1912{
1913 struct command *cmd;
1914 for (cmd = commands; cmd; cmd = cmd->next) {
1915 if (!is_null_oid(&cmd->new_oid))
1916 return 0;
1917 }
1918 return 1;
1919}
1920
1921int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1922{
1923 int advertise_refs = 0;
1924 struct command *commands;
1925 struct oid_array shallow = OID_ARRAY_INIT;
1926 struct oid_array ref = OID_ARRAY_INIT;
1927 struct shallow_info si;
1928
1929 struct option options[] = {
1930 OPT__QUIET(&quiet, N_("quiet")),
1931 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1932 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1933 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1934 OPT_END()
1935 };
1936
1937 packet_trace_identity("receive-pack");
1938
1939 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1940
1941 if (argc > 1)
1942 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1943 if (argc == 0)
1944 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1945
1946 service_dir = argv[0];
1947
1948 setup_path();
1949
1950 if (!enter_repo(service_dir, 0))
1951 die("'%s' does not appear to be a git repository", service_dir);
1952
1953 git_config(receive_pack_config, NULL);
1954 if (cert_nonce_seed)
1955 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1956
1957 if (0 <= transfer_unpack_limit)
1958 unpack_limit = transfer_unpack_limit;
1959 else if (0 <= receive_unpack_limit)
1960 unpack_limit = receive_unpack_limit;
1961
1962 if (advertise_refs || !stateless_rpc) {
1963 write_head_info();
1964 }
1965 if (advertise_refs)
1966 return 0;
1967
1968 if ((commands = read_head_info(&shallow)) != NULL) {
1969 const char *unpack_status = NULL;
1970 struct string_list push_options = STRING_LIST_INIT_DUP;
1971
1972 if (use_push_options)
1973 read_push_options(&push_options);
1974 if (!check_cert_push_options(&push_options)) {
1975 struct command *cmd;
1976 for (cmd = commands; cmd; cmd = cmd->next)
1977 cmd->error_string = "inconsistent push options";
1978 }
1979
1980 prepare_shallow_info(&si, &shallow);
1981 if (!si.nr_ours && !si.nr_theirs)
1982 shallow_update = 0;
1983 if (!delete_only(commands)) {
1984 unpack_status = unpack_with_sideband(&si);
1985 update_shallow_info(commands, &si, &ref);
1986 }
1987 use_keepalive = KEEPALIVE_ALWAYS;
1988 execute_commands(commands, unpack_status, &si,
1989 &push_options);
1990 if (pack_lockfile)
1991 unlink_or_warn(pack_lockfile);
1992 if (report_status)
1993 report(commands, unpack_status);
1994 run_receive_hook(commands, "post-receive", 1,
1995 &push_options);
1996 run_update_post_hook(commands);
1997 string_list_clear(&push_options, 0);
1998 if (auto_gc) {
1999 const char *argv_gc_auto[] = {
2000 "gc", "--auto", "--quiet", NULL,
2001 };
2002 struct child_process proc = CHILD_PROCESS_INIT;
2003
2004 proc.no_stdin = 1;
2005 proc.stdout_to_stderr = 1;
2006 proc.err = use_sideband ? -1 : 0;
2007 proc.git_cmd = 1;
2008 proc.argv = argv_gc_auto;
2009
2010 close_all_packs();
2011 if (!start_command(&proc)) {
2012 if (use_sideband)
2013 copy_to_sideband(proc.err, -1, NULL);
2014 finish_command(&proc);
2015 }
2016 }
2017 if (auto_update_server_info)
2018 update_server_info(0);
2019 clear_shallow_info(&si);
2020 }
2021 if (use_sideband)
2022 packet_flush(1);
2023 oid_array_clear(&shallow);
2024 oid_array_clear(&ref);
2025 free((void *)push_cert_nonce);
2026 return 0;
2027}