1#include "builtin.h"
2#include "config.h"
3#include "commit.h"
4#include "refs.h"
5#include "object-store.h"
6#include "pkt-line.h"
7#include "sideband.h"
8#include "run-command.h"
9#include "remote.h"
10#include "connect.h"
11#include "send-pack.h"
12#include "quote.h"
13#include "transport.h"
14#include "version.h"
15#include "sha1-array.h"
16#include "gpg-interface.h"
17#include "cache.h"
18int option_parse_push_signed(const struct option *opt,
20 const char *arg, int unset)
21{
22 if (unset) {
23 *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
24 return 0;
25 }
26 switch (git_parse_maybe_bool(arg)) {
27 case 1:
28 *(int *)(opt->value) = SEND_PACK_PUSH_CERT_ALWAYS;
29 return 0;
30 case 0:
31 *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
32 return 0;
33 }
34 if (!strcasecmp("if-asked", arg)) {
35 *(int *)(opt->value) = SEND_PACK_PUSH_CERT_IF_ASKED;
36 return 0;
37 }
38 die("bad %s argument: %s", opt->long_name, arg);
39}
40static void feed_object(const struct object_id *oid, FILE *fh, int negative)
42{
43 if (negative && !has_sha1_file(oid->hash))
44 return;
45 if (negative)
47 putc('^', fh);
48 fputs(oid_to_hex(oid), fh);
49 putc('\n', fh);
50}
51/*
53 * Make a pack stream and spit it out into file descriptor fd
54 */
55static int pack_objects(int fd, struct ref *refs, struct oid_array *extra, struct send_pack_args *args)
56{
57 /*
58 * The child becomes pack-objects --revs; we feed
59 * the revision parameters to it via its stdin and
60 * let its stdout go back to the other end.
61 */
62 struct child_process po = CHILD_PROCESS_INIT;
63 FILE *po_in;
64 int i;
65 int rc;
66 argv_array_push(&po.args, "pack-objects");
68 argv_array_push(&po.args, "--all-progress-implied");
69 argv_array_push(&po.args, "--revs");
70 argv_array_push(&po.args, "--stdout");
71 if (args->use_thin_pack)
72 argv_array_push(&po.args, "--thin");
73 if (args->use_ofs_delta)
74 argv_array_push(&po.args, "--delta-base-offset");
75 if (args->quiet || !args->progress)
76 argv_array_push(&po.args, "-q");
77 if (args->progress)
78 argv_array_push(&po.args, "--progress");
79 if (is_repository_shallow(the_repository))
80 argv_array_push(&po.args, "--shallow");
81 po.in = -1;
82 po.out = args->stateless_rpc ? -1 : fd;
83 po.git_cmd = 1;
84 if (start_command(&po))
85 die_errno("git pack-objects failed");
86 /*
88 * We feed the pack-objects we just spawned with revision
89 * parameters by writing to the pipe.
90 */
91 po_in = xfdopen(po.in, "w");
92 for (i = 0; i < extra->nr; i++)
93 feed_object(&extra->oid[i], po_in, 1);
94 while (refs) {
96 if (!is_null_oid(&refs->old_oid))
97 feed_object(&refs->old_oid, po_in, 1);
98 if (!is_null_oid(&refs->new_oid))
99 feed_object(&refs->new_oid, po_in, 0);
100 refs = refs->next;
101 }
102 fflush(po_in);
104 if (ferror(po_in))
105 die_errno("error writing to pack-objects");
106 fclose(po_in);
107 if (args->stateless_rpc) {
109 char *buf = xmalloc(LARGE_PACKET_MAX);
110 while (1) {
111 ssize_t n = xread(po.out, buf, LARGE_PACKET_MAX);
112 if (n <= 0)
113 break;
114 send_sideband(fd, -1, buf, n, LARGE_PACKET_MAX);
115 }
116 free(buf);
117 close(po.out);
118 po.out = -1;
119 }
120 rc = finish_command(&po);
122 if (rc) {
123 /*
124 * For a normal non-zero exit, we assume pack-objects wrote
125 * something useful to stderr. For death by signal, though,
126 * we should mention it to the user. The exception is SIGPIPE
127 * (141), because that's a normal occurrence if the remote end
128 * hangs up (and we'll report that by trying to read the unpack
129 * status).
130 */
131 if (rc > 128 && rc != 141)
132 error("pack-objects died of signal %d", rc - 128);
133 return -1;
134 }
135 return 0;
136}
137static int receive_unpack_status(int in)
139{
140 const char *line = packet_read_line(in, NULL);
141 if (!line)
142 return error(_("unexpected flush packet while reading remote unpack status"));
143 if (!skip_prefix(line, "unpack ", &line))
144 return error(_("unable to parse remote unpack status: %s"), line);
145 if (strcmp(line, "ok"))
146 return error(_("remote unpack failed: %s"), line);
147 return 0;
148}
149static int receive_status(int in, struct ref *refs)
151{
152 struct ref *hint;
153 int ret;
154 hint = NULL;
156 ret = receive_unpack_status(in);
157 while (1) {
158 char *refname;
159 char *msg;
160 char *line = packet_read_line(in, NULL);
161 if (!line)
162 break;
163 if (!starts_with(line, "ok ") && !starts_with(line, "ng ")) {
164 error("invalid ref status from remote: %s", line);
165 ret = -1;
166 break;
167 }
168 refname = line + 3;
170 msg = strchr(refname, ' ');
171 if (msg)
172 *msg++ = '\0';
173 /* first try searching at our hint, falling back to all refs */
175 if (hint)
176 hint = find_ref_by_name(hint, refname);
177 if (!hint)
178 hint = find_ref_by_name(refs, refname);
179 if (!hint) {
180 warning("remote reported status on unknown ref: %s",
181 refname);
182 continue;
183 }
184 if (hint->status != REF_STATUS_EXPECTING_REPORT) {
185 warning("remote reported status on unexpected ref: %s",
186 refname);
187 continue;
188 }
189 if (line[0] == 'o' && line[1] == 'k')
191 hint->status = REF_STATUS_OK;
192 else {
193 hint->status = REF_STATUS_REMOTE_REJECT;
194 ret = -1;
195 }
196 hint->remote_status = xstrdup_or_null(msg);
197 /* start our next search from the next ref */
198 hint = hint->next;
199 }
200 return ret;
201}
202static int sideband_demux(int in, int out, void *data)
204{
205 int *fd = data, ret;
206 if (async_with_fork())
207 close(fd[1]);
208 ret = recv_sideband("send-pack", fd[0], out);
209 close(out);
210 return ret;
211}
212static int advertise_shallow_grafts_cb(const struct commit_graft *graft, void *cb)
214{
215 struct strbuf *sb = cb;
216 if (graft->nr_parent == -1)
217 packet_buf_write(sb, "shallow %s\n", oid_to_hex(&graft->oid));
218 return 0;
219}
220static void advertise_shallow_grafts_buf(struct strbuf *sb)
222{
223 if (!is_repository_shallow(the_repository))
224 return;
225 for_each_commit_graft(advertise_shallow_grafts_cb, sb);
226}
227#define CHECK_REF_NO_PUSH -1
229#define CHECK_REF_STATUS_REJECTED -2
230#define CHECK_REF_UPTODATE -3
231static int check_to_send_update(const struct ref *ref, const struct send_pack_args *args)
232{
233 if (!ref->peer_ref && !args->send_mirror)
234 return CHECK_REF_NO_PUSH;
235 /* Check for statuses set by set_ref_status_for_push() */
237 switch (ref->status) {
238 case REF_STATUS_REJECT_NONFASTFORWARD:
239 case REF_STATUS_REJECT_ALREADY_EXISTS:
240 case REF_STATUS_REJECT_FETCH_FIRST:
241 case REF_STATUS_REJECT_NEEDS_FORCE:
242 case REF_STATUS_REJECT_STALE:
243 case REF_STATUS_REJECT_NODELETE:
244 return CHECK_REF_STATUS_REJECTED;
245 case REF_STATUS_UPTODATE:
246 return CHECK_REF_UPTODATE;
247 default:
248 return 0;
249 }
250}
251/*
253 * the beginning of the next line, or the end of buffer.
254 *
255 * NEEDSWORK: perhaps move this to git-compat-util.h or somewhere and
256 * convert many similar uses found by "git grep -A4 memchr".
257 */
258static const char *next_line(const char *line, size_t len)
259{
260 const char *nl = memchr(line, '\n', len);
261 if (!nl)
262 return line + len; /* incomplete line */
263 return nl + 1;
264}
265static int generate_push_cert(struct strbuf *req_buf,
267 const struct ref *remote_refs,
268 struct send_pack_args *args,
269 const char *cap_string,
270 const char *push_cert_nonce)
271{
272 const struct ref *ref;
273 struct string_list_item *item;
274 char *signing_key = xstrdup(get_signing_key());
275 const char *cp, *np;
276 struct strbuf cert = STRBUF_INIT;
277 int update_seen = 0;
278 strbuf_addstr(&cert, "certificate version 0.1\n");
280 strbuf_addf(&cert, "pusher %s ", signing_key);
281 datestamp(&cert);
282 strbuf_addch(&cert, '\n');
283 if (args->url && *args->url) {
284 char *anon_url = transport_anonymize_url(args->url);
285 strbuf_addf(&cert, "pushee %s\n", anon_url);
286 free(anon_url);
287 }
288 if (push_cert_nonce[0])
289 strbuf_addf(&cert, "nonce %s\n", push_cert_nonce);
290 if (args->push_options)
291 for_each_string_list_item(item, args->push_options)
292 strbuf_addf(&cert, "push-option %s\n", item->string);
293 strbuf_addstr(&cert, "\n");
294 for (ref = remote_refs; ref; ref = ref->next) {
296 if (check_to_send_update(ref, args) < 0)
297 continue;
298 update_seen = 1;
299 strbuf_addf(&cert, "%s %s %s\n",
300 oid_to_hex(&ref->old_oid),
301 oid_to_hex(&ref->new_oid),
302 ref->name);
303 }
304 if (!update_seen)
305 goto free_return;
306 if (sign_buffer(&cert, &cert, signing_key))
308 die(_("failed to sign the push certificate"));
309 packet_buf_write(req_buf, "push-cert%c%s", 0, cap_string);
311 for (cp = cert.buf; cp < cert.buf + cert.len; cp = np) {
312 np = next_line(cp, cert.buf + cert.len - cp);
313 packet_buf_write(req_buf,
314 "%.*s", (int)(np - cp), cp);
315 }
316 packet_buf_write(req_buf, "push-cert-end\n");
317free_return:
319 free(signing_key);
320 strbuf_release(&cert);
321 return update_seen;
322}
323static int atomic_push_failure(struct send_pack_args *args,
326 struct ref *remote_refs,
327 struct ref *failing_ref)
328{
329 struct ref *ref;
330 /* Mark other refs as failed */
331 for (ref = remote_refs; ref; ref = ref->next) {
332 if (!ref->peer_ref && !args->send_mirror)
333 continue;
334 switch (ref->status) {
336 case REF_STATUS_EXPECTING_REPORT:
337 ref->status = REF_STATUS_ATOMIC_PUSH_FAILED;
338 continue;
339 default:
340 break; /* do nothing */
341 }
342 }
343 return error("atomic push failed for ref %s. status: %d\n",
344 failing_ref->name, failing_ref->status);
345}
346#define NONCE_LEN_LIMIT 256
348static void reject_invalid_nonce(const char *nonce, int len)
350{
351 int i = 0;
352 if (NONCE_LEN_LIMIT <= len)
354 die("the receiving end asked to sign an invalid nonce <%.*s>",
355 len, nonce);
356 for (i = 0; i < len; i++) {
358 int ch = nonce[i] & 0xFF;
359 if (isalnum(ch) ||
360 ch == '-' || ch == '.' ||
361 ch == '/' || ch == '+' ||
362 ch == '=' || ch == '_')
363 continue;
364 die("the receiving end asked to sign an invalid nonce <%.*s>",
365 len, nonce);
366 }
367}
368int send_pack(struct send_pack_args *args,
370 int fd[], struct child_process *conn,
371 struct ref *remote_refs,
372 struct oid_array *extra_have)
373{
374 int in = fd[0];
375 int out = fd[1];
376 struct strbuf req_buf = STRBUF_INIT;
377 struct strbuf cap_buf = STRBUF_INIT;
378 struct ref *ref;
379 int need_pack_data = 0;
380 int allow_deleting_refs = 0;
381 int status_report = 0;
382 int use_sideband = 0;
383 int quiet_supported = 0;
384 int agent_supported = 0;
385 int use_atomic = 0;
386 int atomic_supported = 0;
387 int use_push_options = 0;
388 int push_options_supported = 0;
389 unsigned cmds_sent = 0;
390 int ret;
391 struct async demux;
392 const char *push_cert_nonce = NULL;
393 /* Does the other end support the reporting? */
395 if (server_supports("report-status"))
396 status_report = 1;
397 if (server_supports("delete-refs"))
398 allow_deleting_refs = 1;
399 if (server_supports("ofs-delta"))
400 args->use_ofs_delta = 1;
401 if (server_supports("side-band-64k"))
402 use_sideband = 1;
403 if (server_supports("quiet"))
404 quiet_supported = 1;
405 if (server_supports("agent"))
406 agent_supported = 1;
407 if (server_supports("no-thin"))
408 args->use_thin_pack = 0;
409 if (server_supports("atomic"))
410 atomic_supported = 1;
411 if (server_supports("push-options"))
412 push_options_supported = 1;
413 if (args->push_cert != SEND_PACK_PUSH_CERT_NEVER) {
415 int len;
416 push_cert_nonce = server_feature_value("push-cert", &len);
417 if (push_cert_nonce) {
418 reject_invalid_nonce(push_cert_nonce, len);
419 push_cert_nonce = xmemdupz(push_cert_nonce, len);
420 } else if (args->push_cert == SEND_PACK_PUSH_CERT_ALWAYS) {
421 die(_("the receiving end does not support --signed push"));
422 } else if (args->push_cert == SEND_PACK_PUSH_CERT_IF_ASKED) {
423 warning(_("not sending a push certificate since the"
424 " receiving end does not support --signed"
425 " push"));
426 }
427 }
428 if (!remote_refs) {
430 fprintf(stderr, "No refs in common and none specified; doing nothing.\n"
431 "Perhaps you should specify a branch such as 'master'.\n");
432 return 0;
433 }
434 if (args->atomic && !atomic_supported)
435 die(_("the receiving end does not support --atomic push"));
436 use_atomic = atomic_supported && args->atomic;
438 if (args->push_options && !push_options_supported)
440 die(_("the receiving end does not support push options"));
441 use_push_options = push_options_supported && args->push_options;
443 if (status_report)
445 strbuf_addstr(&cap_buf, " report-status");
446 if (use_sideband)
447 strbuf_addstr(&cap_buf, " side-band-64k");
448 if (quiet_supported && (args->quiet || !args->progress))
449 strbuf_addstr(&cap_buf, " quiet");
450 if (use_atomic)
451 strbuf_addstr(&cap_buf, " atomic");
452 if (use_push_options)
453 strbuf_addstr(&cap_buf, " push-options");
454 if (agent_supported)
455 strbuf_addf(&cap_buf, " agent=%s", git_user_agent_sanitized());
456 /*
458 * NEEDSWORK: why does delete-refs have to be so specific to
459 * send-pack machinery that set_ref_status_for_push() cannot
460 * set this bit for us???
461 */
462 for (ref = remote_refs; ref; ref = ref->next)
463 if (ref->deletion && !allow_deleting_refs)
464 ref->status = REF_STATUS_REJECT_NODELETE;
465 if (!args->dry_run)
467 advertise_shallow_grafts_buf(&req_buf);
468 if (!args->dry_run && push_cert_nonce)
470 cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
471 cap_buf.buf, push_cert_nonce);
472 /*
474 * Clear the status for each ref and see if we need to send
475 * the pack data.
476 */
477 for (ref = remote_refs; ref; ref = ref->next) {
478 switch (check_to_send_update(ref, args)) {
479 case 0: /* no error */
480 break;
481 case CHECK_REF_STATUS_REJECTED:
482 /*
483 * When we know the server would reject a ref update if
484 * we were to send it and we're trying to send the refs
485 * atomically, abort the whole operation.
486 */
487 if (use_atomic) {
488 strbuf_release(&req_buf);
489 strbuf_release(&cap_buf);
490 return atomic_push_failure(args, remote_refs, ref);
491 }
492 /* else fallthrough */
493 default:
494 continue;
495 }
496 if (!ref->deletion)
497 need_pack_data = 1;
498 if (args->dry_run || !status_report)
500 ref->status = REF_STATUS_OK;
501 else
502 ref->status = REF_STATUS_EXPECTING_REPORT;
503 }
504 /*
506 * Finally, tell the other end!
507 */
508 for (ref = remote_refs; ref; ref = ref->next) {
509 char *old_hex, *new_hex;
510 if (args->dry_run || push_cert_nonce)
512 continue;
513 if (check_to_send_update(ref, args) < 0)
515 continue;
516 old_hex = oid_to_hex(&ref->old_oid);
518 new_hex = oid_to_hex(&ref->new_oid);
519 if (!cmds_sent) {
520 packet_buf_write(&req_buf,
521 "%s %s %s%c%s",
522 old_hex, new_hex, ref->name, 0,
523 cap_buf.buf);
524 cmds_sent = 1;
525 } else {
526 packet_buf_write(&req_buf, "%s %s %s",
527 old_hex, new_hex, ref->name);
528 }
529 }
530 if (use_push_options) {
532 struct string_list_item *item;
533 packet_buf_flush(&req_buf);
535 for_each_string_list_item(item, args->push_options)
536 packet_buf_write(&req_buf, "%s", item->string);
537 }
538 if (args->stateless_rpc) {
540 if (!args->dry_run && (cmds_sent || is_repository_shallow(the_repository))) {
541 packet_buf_flush(&req_buf);
542 send_sideband(out, -1, req_buf.buf, req_buf.len, LARGE_PACKET_MAX);
543 }
544 } else {
545 write_or_die(out, req_buf.buf, req_buf.len);
546 packet_flush(out);
547 }
548 strbuf_release(&req_buf);
549 strbuf_release(&cap_buf);
550 if (use_sideband && cmds_sent) {
552 memset(&demux, 0, sizeof(demux));
553 demux.proc = sideband_demux;
554 demux.data = fd;
555 demux.out = -1;
556 demux.isolate_sigpipe = 1;
557 if (start_async(&demux))
558 die("send-pack: unable to fork off sideband demultiplexer");
559 in = demux.out;
560 }
561 if (need_pack_data && cmds_sent) {
563 if (pack_objects(out, remote_refs, extra_have, args) < 0) {
564 for (ref = remote_refs; ref; ref = ref->next)
565 ref->status = REF_STATUS_NONE;
566 if (args->stateless_rpc)
567 close(out);
568 if (git_connection_is_socket(conn))
569 shutdown(fd[0], SHUT_WR);
570 /*
572 * Do not even bother with the return value; we know we
573 * are failing, and just want the error() side effects.
574 */
575 if (status_report)
576 receive_unpack_status(in);
577 if (use_sideband) {
579 close(demux.out);
580 finish_async(&demux);
581 }
582 fd[1] = -1;
583 return -1;
584 }
585 if (!args->stateless_rpc)
586 /* Closed by pack_objects() via start_command() */
587 fd[1] = -1;
588 }
589 if (args->stateless_rpc && cmds_sent)
590 packet_flush(out);
591 if (status_report && cmds_sent)
593 ret = receive_status(in, remote_refs);
594 else
595 ret = 0;
596 if (args->stateless_rpc)
597 packet_flush(out);
598 if (use_sideband && cmds_sent) {
600 close(demux.out);
601 if (finish_async(&demux)) {
602 error("error in sideband demultiplexer");
603 ret = -1;
604 }
605 }
606 if (ret < 0)
608 return ret;
609 if (args->porcelain)
611 return 0;
612 for (ref = remote_refs; ref; ref = ref->next) {
614 switch (ref->status) {
615 case REF_STATUS_NONE:
616 case REF_STATUS_UPTODATE:
617 case REF_STATUS_OK:
618 break;
619 default:
620 return -1;
621 }
622 }
623 return 0;
624}