1#include "builtin.h"
2#include "config.h"
3#include "lockfile.h"
4#include "pack.h"
5#include "refs.h"
6#include "pkt-line.h"
7#include "sideband.h"
8#include "run-command.h"
9#include "exec_cmd.h"
10#include "commit.h"
11#include "object.h"
12#include "remote.h"
13#include "connect.h"
14#include "transport.h"
15#include "string-list.h"
16#include "sha1-array.h"
17#include "connected.h"
18#include "argv-array.h"
19#include "version.h"
20#include "tag.h"
21#include "gpg-interface.h"
22#include "sigchain.h"
23#include "fsck.h"
24#include "tmp-objdir.h"
25#include "oidset.h"
26#include "packfile.h"
27#include "protocol.h"
28
29static const char * const receive_pack_usage[] = {
30 N_("git receive-pack <git-dir>"),
31 NULL
32};
33
34enum deny_action {
35 DENY_UNCONFIGURED,
36 DENY_IGNORE,
37 DENY_WARN,
38 DENY_REFUSE,
39 DENY_UPDATE_INSTEAD
40};
41
42static int deny_deletes;
43static int deny_non_fast_forwards;
44static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
45static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
46static int receive_fsck_objects = -1;
47static int transfer_fsck_objects = -1;
48static struct strbuf fsck_msg_types = STRBUF_INIT;
49static int receive_unpack_limit = -1;
50static int transfer_unpack_limit = -1;
51static int advertise_atomic_push = 1;
52static int advertise_push_options;
53static int unpack_limit = 100;
54static off_t max_input_size;
55static int report_status;
56static int use_sideband;
57static int use_atomic;
58static int use_push_options;
59static int quiet;
60static int prefer_ofs_delta = 1;
61static int auto_update_server_info;
62static int auto_gc = 1;
63static int reject_thin;
64static int stateless_rpc;
65static const char *service_dir;
66static const char *head_name;
67static void *head_name_to_free;
68static int sent_capabilities;
69static int shallow_update;
70static const char *alt_shallow_file;
71static struct strbuf push_cert = STRBUF_INIT;
72static struct object_id push_cert_oid;
73static struct signature_check sigcheck;
74static const char *push_cert_nonce;
75static const char *cert_nonce_seed;
76
77static const char *NONCE_UNSOLICITED = "UNSOLICITED";
78static const char *NONCE_BAD = "BAD";
79static const char *NONCE_MISSING = "MISSING";
80static const char *NONCE_OK = "OK";
81static const char *NONCE_SLOP = "SLOP";
82static const char *nonce_status;
83static long nonce_stamp_slop;
84static timestamp_t nonce_stamp_slop_limit;
85static struct ref_transaction *transaction;
86
87static enum {
88 KEEPALIVE_NEVER = 0,
89 KEEPALIVE_AFTER_NUL,
90 KEEPALIVE_ALWAYS
91} use_keepalive;
92static int keepalive_in_sec = 5;
93
94static struct tmp_objdir *tmp_objdir;
95
96static enum deny_action parse_deny_action(const char *var, const char *value)
97{
98 if (value) {
99 if (!strcasecmp(value, "ignore"))
100 return DENY_IGNORE;
101 if (!strcasecmp(value, "warn"))
102 return DENY_WARN;
103 if (!strcasecmp(value, "refuse"))
104 return DENY_REFUSE;
105 if (!strcasecmp(value, "updateinstead"))
106 return DENY_UPDATE_INSTEAD;
107 }
108 if (git_config_bool(var, value))
109 return DENY_REFUSE;
110 return DENY_IGNORE;
111}
112
113static int receive_pack_config(const char *var, const char *value, void *cb)
114{
115 int status = parse_hide_refs_config(var, value, "receive");
116
117 if (status)
118 return status;
119
120 if (strcmp(var, "receive.denydeletes") == 0) {
121 deny_deletes = git_config_bool(var, value);
122 return 0;
123 }
124
125 if (strcmp(var, "receive.denynonfastforwards") == 0) {
126 deny_non_fast_forwards = git_config_bool(var, value);
127 return 0;
128 }
129
130 if (strcmp(var, "receive.unpacklimit") == 0) {
131 receive_unpack_limit = git_config_int(var, value);
132 return 0;
133 }
134
135 if (strcmp(var, "transfer.unpacklimit") == 0) {
136 transfer_unpack_limit = git_config_int(var, value);
137 return 0;
138 }
139
140 if (strcmp(var, "receive.fsck.skiplist") == 0) {
141 const char *path;
142
143 if (git_config_pathname(&path, var, value))
144 return 1;
145 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
146 fsck_msg_types.len ? ',' : '=', path);
147 free((char *)path);
148 return 0;
149 }
150
151 if (skip_prefix(var, "receive.fsck.", &var)) {
152 if (is_valid_msg_type(var, value))
153 strbuf_addf(&fsck_msg_types, "%c%s=%s",
154 fsck_msg_types.len ? ',' : '=', var, value);
155 else
156 warning("Skipping unknown msg id '%s'", var);
157 return 0;
158 }
159
160 if (strcmp(var, "receive.fsckobjects") == 0) {
161 receive_fsck_objects = git_config_bool(var, value);
162 return 0;
163 }
164
165 if (strcmp(var, "transfer.fsckobjects") == 0) {
166 transfer_fsck_objects = git_config_bool(var, value);
167 return 0;
168 }
169
170 if (!strcmp(var, "receive.denycurrentbranch")) {
171 deny_current_branch = parse_deny_action(var, value);
172 return 0;
173 }
174
175 if (strcmp(var, "receive.denydeletecurrent") == 0) {
176 deny_delete_current = parse_deny_action(var, value);
177 return 0;
178 }
179
180 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
181 prefer_ofs_delta = git_config_bool(var, value);
182 return 0;
183 }
184
185 if (strcmp(var, "receive.updateserverinfo") == 0) {
186 auto_update_server_info = git_config_bool(var, value);
187 return 0;
188 }
189
190 if (strcmp(var, "receive.autogc") == 0) {
191 auto_gc = git_config_bool(var, value);
192 return 0;
193 }
194
195 if (strcmp(var, "receive.shallowupdate") == 0) {
196 shallow_update = git_config_bool(var, value);
197 return 0;
198 }
199
200 if (strcmp(var, "receive.certnonceseed") == 0)
201 return git_config_string(&cert_nonce_seed, var, value);
202
203 if (strcmp(var, "receive.certnonceslop") == 0) {
204 nonce_stamp_slop_limit = git_config_ulong(var, value);
205 return 0;
206 }
207
208 if (strcmp(var, "receive.advertiseatomic") == 0) {
209 advertise_atomic_push = git_config_bool(var, value);
210 return 0;
211 }
212
213 if (strcmp(var, "receive.advertisepushoptions") == 0) {
214 advertise_push_options = git_config_bool(var, value);
215 return 0;
216 }
217
218 if (strcmp(var, "receive.keepalive") == 0) {
219 keepalive_in_sec = git_config_int(var, value);
220 return 0;
221 }
222
223 if (strcmp(var, "receive.maxinputsize") == 0) {
224 max_input_size = git_config_int64(var, value);
225 return 0;
226 }
227
228 return git_default_config(var, value, cb);
229}
230
231static void show_ref(const char *path, const struct object_id *oid)
232{
233 if (sent_capabilities) {
234 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
235 } else {
236 struct strbuf cap = STRBUF_INIT;
237
238 strbuf_addstr(&cap,
239 "report-status delete-refs side-band-64k quiet");
240 if (advertise_atomic_push)
241 strbuf_addstr(&cap, " atomic");
242 if (prefer_ofs_delta)
243 strbuf_addstr(&cap, " ofs-delta");
244 if (push_cert_nonce)
245 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
246 if (advertise_push_options)
247 strbuf_addstr(&cap, " push-options");
248 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
249 packet_write_fmt(1, "%s %s%c%s\n",
250 oid_to_hex(oid), path, 0, cap.buf);
251 strbuf_release(&cap);
252 sent_capabilities = 1;
253 }
254}
255
256static int show_ref_cb(const char *path_full, const struct object_id *oid,
257 int flag, void *data)
258{
259 struct oidset *seen = data;
260 const char *path = strip_namespace(path_full);
261
262 if (ref_is_hidden(path, path_full))
263 return 0;
264
265 /*
266 * Advertise refs outside our current namespace as ".have"
267 * refs, so that the client can use them to minimize data
268 * transfer but will otherwise ignore them.
269 */
270 if (!path) {
271 if (oidset_insert(seen, oid))
272 return 0;
273 path = ".have";
274 } else {
275 oidset_insert(seen, oid);
276 }
277 show_ref(path, oid);
278 return 0;
279}
280
281static void show_one_alternate_ref(const char *refname,
282 const struct object_id *oid,
283 void *data)
284{
285 struct oidset *seen = data;
286
287 if (oidset_insert(seen, oid))
288 return;
289
290 show_ref(".have", oid);
291}
292
293static void write_head_info(void)
294{
295 static struct oidset seen = OIDSET_INIT;
296
297 for_each_ref(show_ref_cb, &seen);
298 for_each_alternate_ref(show_one_alternate_ref, &seen);
299 oidset_clear(&seen);
300 if (!sent_capabilities)
301 show_ref("capabilities^{}", &null_oid);
302
303 advertise_shallow_grafts(1);
304
305 /* EOF */
306 packet_flush(1);
307}
308
309struct command {
310 struct command *next;
311 const char *error_string;
312 unsigned int skip_update:1,
313 did_not_exist:1;
314 int index;
315 struct object_id old_oid;
316 struct object_id new_oid;
317 char ref_name[FLEX_ARRAY]; /* more */
318};
319
320static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
321static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
322
323static void report_message(const char *prefix, const char *err, va_list params)
324{
325 int sz;
326 char msg[4096];
327
328 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
329 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
330 if (sz > (sizeof(msg) - 1))
331 sz = sizeof(msg) - 1;
332 msg[sz++] = '\n';
333
334 if (use_sideband)
335 send_sideband(1, 2, msg, sz, use_sideband);
336 else
337 xwrite(2, msg, sz);
338}
339
340static void rp_warning(const char *err, ...)
341{
342 va_list params;
343 va_start(params, err);
344 report_message("warning: ", err, params);
345 va_end(params);
346}
347
348static void rp_error(const char *err, ...)
349{
350 va_list params;
351 va_start(params, err);
352 report_message("error: ", err, params);
353 va_end(params);
354}
355
356static int copy_to_sideband(int in, int out, void *arg)
357{
358 char data[128];
359 int keepalive_active = 0;
360
361 if (keepalive_in_sec <= 0)
362 use_keepalive = KEEPALIVE_NEVER;
363 if (use_keepalive == KEEPALIVE_ALWAYS)
364 keepalive_active = 1;
365
366 while (1) {
367 ssize_t sz;
368
369 if (keepalive_active) {
370 struct pollfd pfd;
371 int ret;
372
373 pfd.fd = in;
374 pfd.events = POLLIN;
375 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
376
377 if (ret < 0) {
378 if (errno == EINTR)
379 continue;
380 else
381 break;
382 } else if (ret == 0) {
383 /* no data; send a keepalive packet */
384 static const char buf[] = "0005\1";
385 write_or_die(1, buf, sizeof(buf) - 1);
386 continue;
387 } /* else there is actual data to read */
388 }
389
390 sz = xread(in, data, sizeof(data));
391 if (sz <= 0)
392 break;
393
394 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
395 const char *p = memchr(data, '\0', sz);
396 if (p) {
397 /*
398 * The NUL tells us to start sending keepalives. Make
399 * sure we send any other data we read along
400 * with it.
401 */
402 keepalive_active = 1;
403 send_sideband(1, 2, data, p - data, use_sideband);
404 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
405 continue;
406 }
407 }
408
409 /*
410 * Either we're not looking for a NUL signal, or we didn't see
411 * it yet; just pass along the data.
412 */
413 send_sideband(1, 2, data, sz, use_sideband);
414 }
415 close(in);
416 return 0;
417}
418
419#define HMAC_BLOCK_SIZE 64
420
421static void hmac_sha1(unsigned char *out,
422 const char *key_in, size_t key_len,
423 const char *text, size_t text_len)
424{
425 unsigned char key[HMAC_BLOCK_SIZE];
426 unsigned char k_ipad[HMAC_BLOCK_SIZE];
427 unsigned char k_opad[HMAC_BLOCK_SIZE];
428 int i;
429 git_SHA_CTX ctx;
430
431 /* RFC 2104 2. (1) */
432 memset(key, '\0', HMAC_BLOCK_SIZE);
433 if (HMAC_BLOCK_SIZE < key_len) {
434 git_SHA1_Init(&ctx);
435 git_SHA1_Update(&ctx, key_in, key_len);
436 git_SHA1_Final(key, &ctx);
437 } else {
438 memcpy(key, key_in, key_len);
439 }
440
441 /* RFC 2104 2. (2) & (5) */
442 for (i = 0; i < sizeof(key); i++) {
443 k_ipad[i] = key[i] ^ 0x36;
444 k_opad[i] = key[i] ^ 0x5c;
445 }
446
447 /* RFC 2104 2. (3) & (4) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
450 git_SHA1_Update(&ctx, text, text_len);
451 git_SHA1_Final(out, &ctx);
452
453 /* RFC 2104 2. (6) & (7) */
454 git_SHA1_Init(&ctx);
455 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
456 git_SHA1_Update(&ctx, out, 20);
457 git_SHA1_Final(out, &ctx);
458}
459
460static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
461{
462 struct strbuf buf = STRBUF_INIT;
463 unsigned char sha1[20];
464
465 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
466 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
467 strbuf_release(&buf);
468
469 /* RFC 2104 5. HMAC-SHA1-80 */
470 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
471 return strbuf_detach(&buf, NULL);
472}
473
474/*
475 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
476 * after dropping "_commit" from its name and possibly moving it out
477 * of commit.c
478 */
479static char *find_header(const char *msg, size_t len, const char *key,
480 const char **next_line)
481{
482 int key_len = strlen(key);
483 const char *line = msg;
484
485 while (line && line < msg + len) {
486 const char *eol = strchrnul(line, '\n');
487
488 if ((msg + len <= eol) || line == eol)
489 return NULL;
490 if (line + key_len < eol &&
491 !memcmp(line, key, key_len) && line[key_len] == ' ') {
492 int offset = key_len + 1;
493 if (next_line)
494 *next_line = *eol ? eol + 1 : eol;
495 return xmemdupz(line + offset, (eol - line) - offset);
496 }
497 line = *eol ? eol + 1 : NULL;
498 }
499 return NULL;
500}
501
502static const char *check_nonce(const char *buf, size_t len)
503{
504 char *nonce = find_header(buf, len, "nonce", NULL);
505 timestamp_t stamp, ostamp;
506 char *bohmac, *expect = NULL;
507 const char *retval = NONCE_BAD;
508
509 if (!nonce) {
510 retval = NONCE_MISSING;
511 goto leave;
512 } else if (!push_cert_nonce) {
513 retval = NONCE_UNSOLICITED;
514 goto leave;
515 } else if (!strcmp(push_cert_nonce, nonce)) {
516 retval = NONCE_OK;
517 goto leave;
518 }
519
520 if (!stateless_rpc) {
521 /* returned nonce MUST match what we gave out earlier */
522 retval = NONCE_BAD;
523 goto leave;
524 }
525
526 /*
527 * In stateless mode, we may be receiving a nonce issued by
528 * another instance of the server that serving the same
529 * repository, and the timestamps may not match, but the
530 * nonce-seed and dir should match, so we can recompute and
531 * report the time slop.
532 *
533 * In addition, when a nonce issued by another instance has
534 * timestamp within receive.certnonceslop seconds, we pretend
535 * as if we issued that nonce when reporting to the hook.
536 */
537
538 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
539 if (*nonce <= '0' || '9' < *nonce) {
540 retval = NONCE_BAD;
541 goto leave;
542 }
543 stamp = parse_timestamp(nonce, &bohmac, 10);
544 if (bohmac == nonce || bohmac[0] != '-') {
545 retval = NONCE_BAD;
546 goto leave;
547 }
548
549 expect = prepare_push_cert_nonce(service_dir, stamp);
550 if (strcmp(expect, nonce)) {
551 /* Not what we would have signed earlier */
552 retval = NONCE_BAD;
553 goto leave;
554 }
555
556 /*
557 * By how many seconds is this nonce stale? Negative value
558 * would mean it was issued by another server with its clock
559 * skewed in the future.
560 */
561 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
562 nonce_stamp_slop = (long)ostamp - (long)stamp;
563
564 if (nonce_stamp_slop_limit &&
565 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
566 /*
567 * Pretend as if the received nonce (which passes the
568 * HMAC check, so it is not a forged by third-party)
569 * is what we issued.
570 */
571 free((void *)push_cert_nonce);
572 push_cert_nonce = xstrdup(nonce);
573 retval = NONCE_OK;
574 } else {
575 retval = NONCE_SLOP;
576 }
577
578leave:
579 free(nonce);
580 free(expect);
581 return retval;
582}
583
584/*
585 * Return 1 if there is no push_cert or if the push options in push_cert are
586 * the same as those in the argument; 0 otherwise.
587 */
588static int check_cert_push_options(const struct string_list *push_options)
589{
590 const char *buf = push_cert.buf;
591 int len = push_cert.len;
592
593 char *option;
594 const char *next_line;
595 int options_seen = 0;
596
597 int retval = 1;
598
599 if (!len)
600 return 1;
601
602 while ((option = find_header(buf, len, "push-option", &next_line))) {
603 len -= (next_line - buf);
604 buf = next_line;
605 options_seen++;
606 if (options_seen > push_options->nr
607 || strcmp(option,
608 push_options->items[options_seen - 1].string)) {
609 retval = 0;
610 goto leave;
611 }
612 free(option);
613 }
614
615 if (options_seen != push_options->nr)
616 retval = 0;
617
618leave:
619 free(option);
620 return retval;
621}
622
623static void prepare_push_cert_sha1(struct child_process *proc)
624{
625 static int already_done;
626
627 if (!push_cert.len)
628 return;
629
630 if (!already_done) {
631 struct strbuf gpg_output = STRBUF_INIT;
632 struct strbuf gpg_status = STRBUF_INIT;
633 int bogs /* beginning_of_gpg_sig */;
634
635 already_done = 1;
636 if (write_object_file(push_cert.buf, push_cert.len, "blob",
637 &push_cert_oid))
638 oidclr(&push_cert_oid);
639
640 memset(&sigcheck, '\0', sizeof(sigcheck));
641 sigcheck.result = 'N';
642
643 bogs = parse_signature(push_cert.buf, push_cert.len);
644 if (verify_signed_buffer(push_cert.buf, bogs,
645 push_cert.buf + bogs, push_cert.len - bogs,
646 &gpg_output, &gpg_status) < 0) {
647 ; /* error running gpg */
648 } else {
649 sigcheck.payload = push_cert.buf;
650 sigcheck.gpg_output = gpg_output.buf;
651 sigcheck.gpg_status = gpg_status.buf;
652 parse_gpg_output(&sigcheck);
653 }
654
655 strbuf_release(&gpg_output);
656 strbuf_release(&gpg_status);
657 nonce_status = check_nonce(push_cert.buf, bogs);
658 }
659 if (!is_null_oid(&push_cert_oid)) {
660 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
661 oid_to_hex(&push_cert_oid));
662 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
663 sigcheck.signer ? sigcheck.signer : "");
664 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
665 sigcheck.key ? sigcheck.key : "");
666 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
667 sigcheck.result);
668 if (push_cert_nonce) {
669 argv_array_pushf(&proc->env_array,
670 "GIT_PUSH_CERT_NONCE=%s",
671 push_cert_nonce);
672 argv_array_pushf(&proc->env_array,
673 "GIT_PUSH_CERT_NONCE_STATUS=%s",
674 nonce_status);
675 if (nonce_status == NONCE_SLOP)
676 argv_array_pushf(&proc->env_array,
677 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
678 nonce_stamp_slop);
679 }
680 }
681}
682
683struct receive_hook_feed_state {
684 struct command *cmd;
685 int skip_broken;
686 struct strbuf buf;
687 const struct string_list *push_options;
688};
689
690typedef int (*feed_fn)(void *, const char **, size_t *);
691static int run_and_feed_hook(const char *hook_name, feed_fn feed,
692 struct receive_hook_feed_state *feed_state)
693{
694 struct child_process proc = CHILD_PROCESS_INIT;
695 struct async muxer;
696 const char *argv[2];
697 int code;
698
699 argv[0] = find_hook(hook_name);
700 if (!argv[0])
701 return 0;
702
703 argv[1] = NULL;
704
705 proc.argv = argv;
706 proc.in = -1;
707 proc.stdout_to_stderr = 1;
708 if (feed_state->push_options) {
709 int i;
710 for (i = 0; i < feed_state->push_options->nr; i++)
711 argv_array_pushf(&proc.env_array,
712 "GIT_PUSH_OPTION_%d=%s", i,
713 feed_state->push_options->items[i].string);
714 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
715 feed_state->push_options->nr);
716 } else
717 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
718
719 if (tmp_objdir)
720 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
721
722 if (use_sideband) {
723 memset(&muxer, 0, sizeof(muxer));
724 muxer.proc = copy_to_sideband;
725 muxer.in = -1;
726 code = start_async(&muxer);
727 if (code)
728 return code;
729 proc.err = muxer.in;
730 }
731
732 prepare_push_cert_sha1(&proc);
733
734 code = start_command(&proc);
735 if (code) {
736 if (use_sideband)
737 finish_async(&muxer);
738 return code;
739 }
740
741 sigchain_push(SIGPIPE, SIG_IGN);
742
743 while (1) {
744 const char *buf;
745 size_t n;
746 if (feed(feed_state, &buf, &n))
747 break;
748 if (write_in_full(proc.in, buf, n) < 0)
749 break;
750 }
751 close(proc.in);
752 if (use_sideband)
753 finish_async(&muxer);
754
755 sigchain_pop(SIGPIPE);
756
757 return finish_command(&proc);
758}
759
760static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
761{
762 struct receive_hook_feed_state *state = state_;
763 struct command *cmd = state->cmd;
764
765 while (cmd &&
766 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
767 cmd = cmd->next;
768 if (!cmd)
769 return -1; /* EOF */
770 strbuf_reset(&state->buf);
771 strbuf_addf(&state->buf, "%s %s %s\n",
772 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
773 cmd->ref_name);
774 state->cmd = cmd->next;
775 if (bufp) {
776 *bufp = state->buf.buf;
777 *sizep = state->buf.len;
778 }
779 return 0;
780}
781
782static int run_receive_hook(struct command *commands,
783 const char *hook_name,
784 int skip_broken,
785 const struct string_list *push_options)
786{
787 struct receive_hook_feed_state state;
788 int status;
789
790 strbuf_init(&state.buf, 0);
791 state.cmd = commands;
792 state.skip_broken = skip_broken;
793 if (feed_receive_hook(&state, NULL, NULL))
794 return 0;
795 state.cmd = commands;
796 state.push_options = push_options;
797 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
798 strbuf_release(&state.buf);
799 return status;
800}
801
802static int run_update_hook(struct command *cmd)
803{
804 const char *argv[5];
805 struct child_process proc = CHILD_PROCESS_INIT;
806 int code;
807
808 argv[0] = find_hook("update");
809 if (!argv[0])
810 return 0;
811
812 argv[1] = cmd->ref_name;
813 argv[2] = oid_to_hex(&cmd->old_oid);
814 argv[3] = oid_to_hex(&cmd->new_oid);
815 argv[4] = NULL;
816
817 proc.no_stdin = 1;
818 proc.stdout_to_stderr = 1;
819 proc.err = use_sideband ? -1 : 0;
820 proc.argv = argv;
821
822 code = start_command(&proc);
823 if (code)
824 return code;
825 if (use_sideband)
826 copy_to_sideband(proc.err, -1, NULL);
827 return finish_command(&proc);
828}
829
830static int is_ref_checked_out(const char *ref)
831{
832 if (is_bare_repository())
833 return 0;
834
835 if (!head_name)
836 return 0;
837 return !strcmp(head_name, ref);
838}
839
840static char *refuse_unconfigured_deny_msg =
841 N_("By default, updating the current branch in a non-bare repository\n"
842 "is denied, because it will make the index and work tree inconsistent\n"
843 "with what you pushed, and will require 'git reset --hard' to match\n"
844 "the work tree to HEAD.\n"
845 "\n"
846 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
847 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
848 "its current branch; however, this is not recommended unless you\n"
849 "arranged to update its work tree to match what you pushed in some\n"
850 "other way.\n"
851 "\n"
852 "To squelch this message and still keep the default behaviour, set\n"
853 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
854
855static void refuse_unconfigured_deny(void)
856{
857 rp_error("%s", _(refuse_unconfigured_deny_msg));
858}
859
860static char *refuse_unconfigured_deny_delete_current_msg =
861 N_("By default, deleting the current branch is denied, because the next\n"
862 "'git clone' won't result in any file checked out, causing confusion.\n"
863 "\n"
864 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
865 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
866 "current branch, with or without a warning message.\n"
867 "\n"
868 "To squelch this message, you can set it to 'refuse'.");
869
870static void refuse_unconfigured_deny_delete_current(void)
871{
872 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
873}
874
875static int command_singleton_iterator(void *cb_data, struct object_id *oid);
876static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
877{
878 static struct lock_file shallow_lock;
879 struct oid_array extra = OID_ARRAY_INIT;
880 struct check_connected_options opt = CHECK_CONNECTED_INIT;
881 uint32_t mask = 1 << (cmd->index % 32);
882 int i;
883
884 trace_printf_key(&trace_shallow,
885 "shallow: update_shallow_ref %s\n", cmd->ref_name);
886 for (i = 0; i < si->shallow->nr; i++)
887 if (si->used_shallow[i] &&
888 (si->used_shallow[i][cmd->index / 32] & mask) &&
889 !delayed_reachability_test(si, i))
890 oid_array_append(&extra, &si->shallow->oid[i]);
891
892 opt.env = tmp_objdir_env(tmp_objdir);
893 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
894 if (check_connected(command_singleton_iterator, cmd, &opt)) {
895 rollback_lock_file(&shallow_lock);
896 oid_array_clear(&extra);
897 return -1;
898 }
899
900 commit_lock_file(&shallow_lock);
901
902 /*
903 * Make sure setup_alternate_shallow() for the next ref does
904 * not lose these new roots..
905 */
906 for (i = 0; i < extra.nr; i++)
907 register_shallow(&extra.oid[i]);
908
909 si->shallow_ref[cmd->index] = 0;
910 oid_array_clear(&extra);
911 return 0;
912}
913
914/*
915 * NEEDSWORK: we should consolidate various implementions of "are we
916 * on an unborn branch?" test into one, and make the unified one more
917 * robust. !get_sha1() based check used here and elsewhere would not
918 * allow us to tell an unborn branch from corrupt ref, for example.
919 * For the purpose of fixing "deploy-to-update does not work when
920 * pushing into an empty repository" issue, this should suffice for
921 * now.
922 */
923static int head_has_history(void)
924{
925 struct object_id oid;
926
927 return !get_oid("HEAD", &oid);
928}
929
930static const char *push_to_deploy(unsigned char *sha1,
931 struct argv_array *env,
932 const char *work_tree)
933{
934 const char *update_refresh[] = {
935 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
936 };
937 const char *diff_files[] = {
938 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
939 };
940 const char *diff_index[] = {
941 "diff-index", "--quiet", "--cached", "--ignore-submodules",
942 NULL, "--", NULL
943 };
944 const char *read_tree[] = {
945 "read-tree", "-u", "-m", NULL, NULL
946 };
947 struct child_process child = CHILD_PROCESS_INIT;
948
949 child.argv = update_refresh;
950 child.env = env->argv;
951 child.dir = work_tree;
952 child.no_stdin = 1;
953 child.stdout_to_stderr = 1;
954 child.git_cmd = 1;
955 if (run_command(&child))
956 return "Up-to-date check failed";
957
958 /* run_command() does not clean up completely; reinitialize */
959 child_process_init(&child);
960 child.argv = diff_files;
961 child.env = env->argv;
962 child.dir = work_tree;
963 child.no_stdin = 1;
964 child.stdout_to_stderr = 1;
965 child.git_cmd = 1;
966 if (run_command(&child))
967 return "Working directory has unstaged changes";
968
969 /* diff-index with either HEAD or an empty tree */
970 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
971
972 child_process_init(&child);
973 child.argv = diff_index;
974 child.env = env->argv;
975 child.no_stdin = 1;
976 child.no_stdout = 1;
977 child.stdout_to_stderr = 0;
978 child.git_cmd = 1;
979 if (run_command(&child))
980 return "Working directory has staged changes";
981
982 read_tree[3] = sha1_to_hex(sha1);
983 child_process_init(&child);
984 child.argv = read_tree;
985 child.env = env->argv;
986 child.dir = work_tree;
987 child.no_stdin = 1;
988 child.no_stdout = 1;
989 child.stdout_to_stderr = 0;
990 child.git_cmd = 1;
991 if (run_command(&child))
992 return "Could not update working tree to new HEAD";
993
994 return NULL;
995}
996
997static const char *push_to_checkout_hook = "push-to-checkout";
998
999static const char *push_to_checkout(unsigned char *sha1,
1000 struct argv_array *env,
1001 const char *work_tree)
1002{
1003 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1004 if (run_hook_le(env->argv, push_to_checkout_hook,
1005 sha1_to_hex(sha1), NULL))
1006 return "push-to-checkout hook declined";
1007 else
1008 return NULL;
1009}
1010
1011static const char *update_worktree(unsigned char *sha1)
1012{
1013 const char *retval;
1014 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1015 struct argv_array env = ARGV_ARRAY_INIT;
1016
1017 if (is_bare_repository())
1018 return "denyCurrentBranch = updateInstead needs a worktree";
1019
1020 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1021
1022 if (!find_hook(push_to_checkout_hook))
1023 retval = push_to_deploy(sha1, &env, work_tree);
1024 else
1025 retval = push_to_checkout(sha1, &env, work_tree);
1026
1027 argv_array_clear(&env);
1028 return retval;
1029}
1030
1031static const char *update(struct command *cmd, struct shallow_info *si)
1032{
1033 const char *name = cmd->ref_name;
1034 struct strbuf namespaced_name_buf = STRBUF_INIT;
1035 static char *namespaced_name;
1036 const char *ret;
1037 struct object_id *old_oid = &cmd->old_oid;
1038 struct object_id *new_oid = &cmd->new_oid;
1039
1040 /* only refs/... are allowed */
1041 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1042 rp_error("refusing to create funny ref '%s' remotely", name);
1043 return "funny refname";
1044 }
1045
1046 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1047 free(namespaced_name);
1048 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1049
1050 if (is_ref_checked_out(namespaced_name)) {
1051 switch (deny_current_branch) {
1052 case DENY_IGNORE:
1053 break;
1054 case DENY_WARN:
1055 rp_warning("updating the current branch");
1056 break;
1057 case DENY_REFUSE:
1058 case DENY_UNCONFIGURED:
1059 rp_error("refusing to update checked out branch: %s", name);
1060 if (deny_current_branch == DENY_UNCONFIGURED)
1061 refuse_unconfigured_deny();
1062 return "branch is currently checked out";
1063 case DENY_UPDATE_INSTEAD:
1064 ret = update_worktree(new_oid->hash);
1065 if (ret)
1066 return ret;
1067 break;
1068 }
1069 }
1070
1071 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1072 error("unpack should have generated %s, "
1073 "but I can't find it!", oid_to_hex(new_oid));
1074 return "bad pack";
1075 }
1076
1077 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1078 if (deny_deletes && starts_with(name, "refs/heads/")) {
1079 rp_error("denying ref deletion for %s", name);
1080 return "deletion prohibited";
1081 }
1082
1083 if (head_name && !strcmp(namespaced_name, head_name)) {
1084 switch (deny_delete_current) {
1085 case DENY_IGNORE:
1086 break;
1087 case DENY_WARN:
1088 rp_warning("deleting the current branch");
1089 break;
1090 case DENY_REFUSE:
1091 case DENY_UNCONFIGURED:
1092 case DENY_UPDATE_INSTEAD:
1093 if (deny_delete_current == DENY_UNCONFIGURED)
1094 refuse_unconfigured_deny_delete_current();
1095 rp_error("refusing to delete the current branch: %s", name);
1096 return "deletion of the current branch prohibited";
1097 default:
1098 return "Invalid denyDeleteCurrent setting";
1099 }
1100 }
1101 }
1102
1103 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1104 !is_null_oid(old_oid) &&
1105 starts_with(name, "refs/heads/")) {
1106 struct object *old_object, *new_object;
1107 struct commit *old_commit, *new_commit;
1108
1109 old_object = parse_object(old_oid);
1110 new_object = parse_object(new_oid);
1111
1112 if (!old_object || !new_object ||
1113 old_object->type != OBJ_COMMIT ||
1114 new_object->type != OBJ_COMMIT) {
1115 error("bad sha1 objects for %s", name);
1116 return "bad ref";
1117 }
1118 old_commit = (struct commit *)old_object;
1119 new_commit = (struct commit *)new_object;
1120 if (!in_merge_bases(old_commit, new_commit)) {
1121 rp_error("denying non-fast-forward %s"
1122 " (you should pull first)", name);
1123 return "non-fast-forward";
1124 }
1125 }
1126 if (run_update_hook(cmd)) {
1127 rp_error("hook declined to update %s", name);
1128 return "hook declined";
1129 }
1130
1131 if (is_null_oid(new_oid)) {
1132 struct strbuf err = STRBUF_INIT;
1133 if (!parse_object(old_oid)) {
1134 old_oid = NULL;
1135 if (ref_exists(name)) {
1136 rp_warning("Allowing deletion of corrupt ref.");
1137 } else {
1138 rp_warning("Deleting a non-existent ref.");
1139 cmd->did_not_exist = 1;
1140 }
1141 }
1142 if (ref_transaction_delete(transaction,
1143 namespaced_name,
1144 old_oid,
1145 0, "push", &err)) {
1146 rp_error("%s", err.buf);
1147 strbuf_release(&err);
1148 return "failed to delete";
1149 }
1150 strbuf_release(&err);
1151 return NULL; /* good */
1152 }
1153 else {
1154 struct strbuf err = STRBUF_INIT;
1155 if (shallow_update && si->shallow_ref[cmd->index] &&
1156 update_shallow_ref(cmd, si))
1157 return "shallow error";
1158
1159 if (ref_transaction_update(transaction,
1160 namespaced_name,
1161 new_oid, old_oid,
1162 0, "push",
1163 &err)) {
1164 rp_error("%s", err.buf);
1165 strbuf_release(&err);
1166
1167 return "failed to update ref";
1168 }
1169 strbuf_release(&err);
1170
1171 return NULL; /* good */
1172 }
1173}
1174
1175static void run_update_post_hook(struct command *commands)
1176{
1177 struct command *cmd;
1178 struct child_process proc = CHILD_PROCESS_INIT;
1179 const char *hook;
1180
1181 hook = find_hook("post-update");
1182 if (!hook)
1183 return;
1184
1185 for (cmd = commands; cmd; cmd = cmd->next) {
1186 if (cmd->error_string || cmd->did_not_exist)
1187 continue;
1188 if (!proc.args.argc)
1189 argv_array_push(&proc.args, hook);
1190 argv_array_push(&proc.args, cmd->ref_name);
1191 }
1192 if (!proc.args.argc)
1193 return;
1194
1195 proc.no_stdin = 1;
1196 proc.stdout_to_stderr = 1;
1197 proc.err = use_sideband ? -1 : 0;
1198
1199 if (!start_command(&proc)) {
1200 if (use_sideband)
1201 copy_to_sideband(proc.err, -1, NULL);
1202 finish_command(&proc);
1203 }
1204}
1205
1206static void check_aliased_update(struct command *cmd, struct string_list *list)
1207{
1208 struct strbuf buf = STRBUF_INIT;
1209 const char *dst_name;
1210 struct string_list_item *item;
1211 struct command *dst_cmd;
1212 int flag;
1213
1214 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1215 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1216 strbuf_release(&buf);
1217
1218 if (!(flag & REF_ISSYMREF))
1219 return;
1220
1221 if (!dst_name) {
1222 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1223 cmd->skip_update = 1;
1224 cmd->error_string = "broken symref";
1225 return;
1226 }
1227 dst_name = strip_namespace(dst_name);
1228
1229 if ((item = string_list_lookup(list, dst_name)) == NULL)
1230 return;
1231
1232 cmd->skip_update = 1;
1233
1234 dst_cmd = (struct command *) item->util;
1235
1236 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1237 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1238 return;
1239
1240 dst_cmd->skip_update = 1;
1241
1242 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1243 " its target '%s' (%s..%s)",
1244 cmd->ref_name,
1245 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1246 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1247 dst_cmd->ref_name,
1248 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1249 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1250
1251 cmd->error_string = dst_cmd->error_string =
1252 "inconsistent aliased update";
1253}
1254
1255static void check_aliased_updates(struct command *commands)
1256{
1257 struct command *cmd;
1258 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1259
1260 for (cmd = commands; cmd; cmd = cmd->next) {
1261 struct string_list_item *item =
1262 string_list_append(&ref_list, cmd->ref_name);
1263 item->util = (void *)cmd;
1264 }
1265 string_list_sort(&ref_list);
1266
1267 for (cmd = commands; cmd; cmd = cmd->next) {
1268 if (!cmd->error_string)
1269 check_aliased_update(cmd, &ref_list);
1270 }
1271
1272 string_list_clear(&ref_list, 0);
1273}
1274
1275static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1276{
1277 struct command **cmd_list = cb_data;
1278 struct command *cmd = *cmd_list;
1279
1280 if (!cmd || is_null_oid(&cmd->new_oid))
1281 return -1; /* end of list */
1282 *cmd_list = NULL; /* this returns only one */
1283 oidcpy(oid, &cmd->new_oid);
1284 return 0;
1285}
1286
1287static void set_connectivity_errors(struct command *commands,
1288 struct shallow_info *si)
1289{
1290 struct command *cmd;
1291
1292 for (cmd = commands; cmd; cmd = cmd->next) {
1293 struct command *singleton = cmd;
1294 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1295
1296 if (shallow_update && si->shallow_ref[cmd->index])
1297 /* to be checked in update_shallow_ref() */
1298 continue;
1299
1300 opt.env = tmp_objdir_env(tmp_objdir);
1301 if (!check_connected(command_singleton_iterator, &singleton,
1302 &opt))
1303 continue;
1304
1305 cmd->error_string = "missing necessary objects";
1306 }
1307}
1308
1309struct iterate_data {
1310 struct command *cmds;
1311 struct shallow_info *si;
1312};
1313
1314static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1315{
1316 struct iterate_data *data = cb_data;
1317 struct command **cmd_list = &data->cmds;
1318 struct command *cmd = *cmd_list;
1319
1320 for (; cmd; cmd = cmd->next) {
1321 if (shallow_update && data->si->shallow_ref[cmd->index])
1322 /* to be checked in update_shallow_ref() */
1323 continue;
1324 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1325 oidcpy(oid, &cmd->new_oid);
1326 *cmd_list = cmd->next;
1327 return 0;
1328 }
1329 }
1330 *cmd_list = NULL;
1331 return -1; /* end of list */
1332}
1333
1334static void reject_updates_to_hidden(struct command *commands)
1335{
1336 struct strbuf refname_full = STRBUF_INIT;
1337 size_t prefix_len;
1338 struct command *cmd;
1339
1340 strbuf_addstr(&refname_full, get_git_namespace());
1341 prefix_len = refname_full.len;
1342
1343 for (cmd = commands; cmd; cmd = cmd->next) {
1344 if (cmd->error_string)
1345 continue;
1346
1347 strbuf_setlen(&refname_full, prefix_len);
1348 strbuf_addstr(&refname_full, cmd->ref_name);
1349
1350 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1351 continue;
1352 if (is_null_oid(&cmd->new_oid))
1353 cmd->error_string = "deny deleting a hidden ref";
1354 else
1355 cmd->error_string = "deny updating a hidden ref";
1356 }
1357
1358 strbuf_release(&refname_full);
1359}
1360
1361static int should_process_cmd(struct command *cmd)
1362{
1363 return !cmd->error_string && !cmd->skip_update;
1364}
1365
1366static void warn_if_skipped_connectivity_check(struct command *commands,
1367 struct shallow_info *si)
1368{
1369 struct command *cmd;
1370 int checked_connectivity = 1;
1371
1372 for (cmd = commands; cmd; cmd = cmd->next) {
1373 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1374 error("BUG: connectivity check has not been run on ref %s",
1375 cmd->ref_name);
1376 checked_connectivity = 0;
1377 }
1378 }
1379 if (!checked_connectivity)
1380 die("BUG: connectivity check skipped???");
1381}
1382
1383static void execute_commands_non_atomic(struct command *commands,
1384 struct shallow_info *si)
1385{
1386 struct command *cmd;
1387 struct strbuf err = STRBUF_INIT;
1388
1389 for (cmd = commands; cmd; cmd = cmd->next) {
1390 if (!should_process_cmd(cmd))
1391 continue;
1392
1393 transaction = ref_transaction_begin(&err);
1394 if (!transaction) {
1395 rp_error("%s", err.buf);
1396 strbuf_reset(&err);
1397 cmd->error_string = "transaction failed to start";
1398 continue;
1399 }
1400
1401 cmd->error_string = update(cmd, si);
1402
1403 if (!cmd->error_string
1404 && ref_transaction_commit(transaction, &err)) {
1405 rp_error("%s", err.buf);
1406 strbuf_reset(&err);
1407 cmd->error_string = "failed to update ref";
1408 }
1409 ref_transaction_free(transaction);
1410 }
1411 strbuf_release(&err);
1412}
1413
1414static void execute_commands_atomic(struct command *commands,
1415 struct shallow_info *si)
1416{
1417 struct command *cmd;
1418 struct strbuf err = STRBUF_INIT;
1419 const char *reported_error = "atomic push failure";
1420
1421 transaction = ref_transaction_begin(&err);
1422 if (!transaction) {
1423 rp_error("%s", err.buf);
1424 strbuf_reset(&err);
1425 reported_error = "transaction failed to start";
1426 goto failure;
1427 }
1428
1429 for (cmd = commands; cmd; cmd = cmd->next) {
1430 if (!should_process_cmd(cmd))
1431 continue;
1432
1433 cmd->error_string = update(cmd, si);
1434
1435 if (cmd->error_string)
1436 goto failure;
1437 }
1438
1439 if (ref_transaction_commit(transaction, &err)) {
1440 rp_error("%s", err.buf);
1441 reported_error = "atomic transaction failed";
1442 goto failure;
1443 }
1444 goto cleanup;
1445
1446failure:
1447 for (cmd = commands; cmd; cmd = cmd->next)
1448 if (!cmd->error_string)
1449 cmd->error_string = reported_error;
1450
1451cleanup:
1452 ref_transaction_free(transaction);
1453 strbuf_release(&err);
1454}
1455
1456static void execute_commands(struct command *commands,
1457 const char *unpacker_error,
1458 struct shallow_info *si,
1459 const struct string_list *push_options)
1460{
1461 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1462 struct command *cmd;
1463 struct iterate_data data;
1464 struct async muxer;
1465 int err_fd = 0;
1466
1467 if (unpacker_error) {
1468 for (cmd = commands; cmd; cmd = cmd->next)
1469 cmd->error_string = "unpacker error";
1470 return;
1471 }
1472
1473 if (use_sideband) {
1474 memset(&muxer, 0, sizeof(muxer));
1475 muxer.proc = copy_to_sideband;
1476 muxer.in = -1;
1477 if (!start_async(&muxer))
1478 err_fd = muxer.in;
1479 /* ...else, continue without relaying sideband */
1480 }
1481
1482 data.cmds = commands;
1483 data.si = si;
1484 opt.err_fd = err_fd;
1485 opt.progress = err_fd && !quiet;
1486 opt.env = tmp_objdir_env(tmp_objdir);
1487 if (check_connected(iterate_receive_command_list, &data, &opt))
1488 set_connectivity_errors(commands, si);
1489
1490 if (use_sideband)
1491 finish_async(&muxer);
1492
1493 reject_updates_to_hidden(commands);
1494
1495 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1496 for (cmd = commands; cmd; cmd = cmd->next) {
1497 if (!cmd->error_string)
1498 cmd->error_string = "pre-receive hook declined";
1499 }
1500 return;
1501 }
1502
1503 /*
1504 * Now we'll start writing out refs, which means the objects need
1505 * to be in their final positions so that other processes can see them.
1506 */
1507 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1508 for (cmd = commands; cmd; cmd = cmd->next) {
1509 if (!cmd->error_string)
1510 cmd->error_string = "unable to migrate objects to permanent storage";
1511 }
1512 return;
1513 }
1514 tmp_objdir = NULL;
1515
1516 check_aliased_updates(commands);
1517
1518 free(head_name_to_free);
1519 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1520
1521 if (use_atomic)
1522 execute_commands_atomic(commands, si);
1523 else
1524 execute_commands_non_atomic(commands, si);
1525
1526 if (shallow_update)
1527 warn_if_skipped_connectivity_check(commands, si);
1528}
1529
1530static struct command **queue_command(struct command **tail,
1531 const char *line,
1532 int linelen)
1533{
1534 struct object_id old_oid, new_oid;
1535 struct command *cmd;
1536 const char *refname;
1537 int reflen;
1538 const char *p;
1539
1540 if (parse_oid_hex(line, &old_oid, &p) ||
1541 *p++ != ' ' ||
1542 parse_oid_hex(p, &new_oid, &p) ||
1543 *p++ != ' ')
1544 die("protocol error: expected old/new/ref, got '%s'", line);
1545
1546 refname = p;
1547 reflen = linelen - (p - line);
1548 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1549 oidcpy(&cmd->old_oid, &old_oid);
1550 oidcpy(&cmd->new_oid, &new_oid);
1551 *tail = cmd;
1552 return &cmd->next;
1553}
1554
1555static void queue_commands_from_cert(struct command **tail,
1556 struct strbuf *push_cert)
1557{
1558 const char *boc, *eoc;
1559
1560 if (*tail)
1561 die("protocol error: got both push certificate and unsigned commands");
1562
1563 boc = strstr(push_cert->buf, "\n\n");
1564 if (!boc)
1565 die("malformed push certificate %.*s", 100, push_cert->buf);
1566 else
1567 boc += 2;
1568 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1569
1570 while (boc < eoc) {
1571 const char *eol = memchr(boc, '\n', eoc - boc);
1572 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1573 boc = eol ? eol + 1 : eoc;
1574 }
1575}
1576
1577static struct command *read_head_info(struct oid_array *shallow)
1578{
1579 struct command *commands = NULL;
1580 struct command **p = &commands;
1581 for (;;) {
1582 char *line;
1583 int len, linelen;
1584
1585 line = packet_read_line(0, &len);
1586 if (!line)
1587 break;
1588
1589 if (len > 8 && starts_with(line, "shallow ")) {
1590 struct object_id oid;
1591 if (get_oid_hex(line + 8, &oid))
1592 die("protocol error: expected shallow sha, got '%s'",
1593 line + 8);
1594 oid_array_append(shallow, &oid);
1595 continue;
1596 }
1597
1598 linelen = strlen(line);
1599 if (linelen < len) {
1600 const char *feature_list = line + linelen + 1;
1601 if (parse_feature_request(feature_list, "report-status"))
1602 report_status = 1;
1603 if (parse_feature_request(feature_list, "side-band-64k"))
1604 use_sideband = LARGE_PACKET_MAX;
1605 if (parse_feature_request(feature_list, "quiet"))
1606 quiet = 1;
1607 if (advertise_atomic_push
1608 && parse_feature_request(feature_list, "atomic"))
1609 use_atomic = 1;
1610 if (advertise_push_options
1611 && parse_feature_request(feature_list, "push-options"))
1612 use_push_options = 1;
1613 }
1614
1615 if (!strcmp(line, "push-cert")) {
1616 int true_flush = 0;
1617 char certbuf[1024];
1618
1619 for (;;) {
1620 len = packet_read(0, NULL, NULL,
1621 certbuf, sizeof(certbuf), 0);
1622 if (!len) {
1623 true_flush = 1;
1624 break;
1625 }
1626 if (!strcmp(certbuf, "push-cert-end\n"))
1627 break; /* end of cert */
1628 strbuf_addstr(&push_cert, certbuf);
1629 }
1630
1631 if (true_flush)
1632 break;
1633 continue;
1634 }
1635
1636 p = queue_command(p, line, linelen);
1637 }
1638
1639 if (push_cert.len)
1640 queue_commands_from_cert(p, &push_cert);
1641
1642 return commands;
1643}
1644
1645static void read_push_options(struct string_list *options)
1646{
1647 while (1) {
1648 char *line;
1649 int len;
1650
1651 line = packet_read_line(0, &len);
1652
1653 if (!line)
1654 break;
1655
1656 string_list_append(options, line);
1657 }
1658}
1659
1660static const char *parse_pack_header(struct pack_header *hdr)
1661{
1662 switch (read_pack_header(0, hdr)) {
1663 case PH_ERROR_EOF:
1664 return "eof before pack header was fully read";
1665
1666 case PH_ERROR_PACK_SIGNATURE:
1667 return "protocol error (pack signature mismatch detected)";
1668
1669 case PH_ERROR_PROTOCOL:
1670 return "protocol error (pack version unsupported)";
1671
1672 default:
1673 return "unknown error in parse_pack_header";
1674
1675 case 0:
1676 return NULL;
1677 }
1678}
1679
1680static const char *pack_lockfile;
1681
1682static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1683{
1684 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1685 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1686}
1687
1688static const char *unpack(int err_fd, struct shallow_info *si)
1689{
1690 struct pack_header hdr;
1691 const char *hdr_err;
1692 int status;
1693 struct child_process child = CHILD_PROCESS_INIT;
1694 int fsck_objects = (receive_fsck_objects >= 0
1695 ? receive_fsck_objects
1696 : transfer_fsck_objects >= 0
1697 ? transfer_fsck_objects
1698 : 0);
1699
1700 hdr_err = parse_pack_header(&hdr);
1701 if (hdr_err) {
1702 if (err_fd > 0)
1703 close(err_fd);
1704 return hdr_err;
1705 }
1706
1707 if (si->nr_ours || si->nr_theirs) {
1708 alt_shallow_file = setup_temporary_shallow(si->shallow);
1709 argv_array_push(&child.args, "--shallow-file");
1710 argv_array_push(&child.args, alt_shallow_file);
1711 }
1712
1713 tmp_objdir = tmp_objdir_create();
1714 if (!tmp_objdir) {
1715 if (err_fd > 0)
1716 close(err_fd);
1717 return "unable to create temporary object directory";
1718 }
1719 child.env = tmp_objdir_env(tmp_objdir);
1720
1721 /*
1722 * Normally we just pass the tmp_objdir environment to the child
1723 * processes that do the heavy lifting, but we may need to see these
1724 * objects ourselves to set up shallow information.
1725 */
1726 tmp_objdir_add_as_alternate(tmp_objdir);
1727
1728 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1729 argv_array_push(&child.args, "unpack-objects");
1730 push_header_arg(&child.args, &hdr);
1731 if (quiet)
1732 argv_array_push(&child.args, "-q");
1733 if (fsck_objects)
1734 argv_array_pushf(&child.args, "--strict%s",
1735 fsck_msg_types.buf);
1736 if (max_input_size)
1737 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1738 (uintmax_t)max_input_size);
1739 child.no_stdout = 1;
1740 child.err = err_fd;
1741 child.git_cmd = 1;
1742 status = run_command(&child);
1743 if (status)
1744 return "unpack-objects abnormal exit";
1745 } else {
1746 char hostname[HOST_NAME_MAX + 1];
1747
1748 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1749 push_header_arg(&child.args, &hdr);
1750
1751 if (xgethostname(hostname, sizeof(hostname)))
1752 xsnprintf(hostname, sizeof(hostname), "localhost");
1753 argv_array_pushf(&child.args,
1754 "--keep=receive-pack %"PRIuMAX" on %s",
1755 (uintmax_t)getpid(),
1756 hostname);
1757
1758 if (!quiet && err_fd)
1759 argv_array_push(&child.args, "--show-resolving-progress");
1760 if (use_sideband)
1761 argv_array_push(&child.args, "--report-end-of-input");
1762 if (fsck_objects)
1763 argv_array_pushf(&child.args, "--strict%s",
1764 fsck_msg_types.buf);
1765 if (!reject_thin)
1766 argv_array_push(&child.args, "--fix-thin");
1767 if (max_input_size)
1768 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1769 (uintmax_t)max_input_size);
1770 child.out = -1;
1771 child.err = err_fd;
1772 child.git_cmd = 1;
1773 status = start_command(&child);
1774 if (status)
1775 return "index-pack fork failed";
1776 pack_lockfile = index_pack_lockfile(child.out);
1777 close(child.out);
1778 status = finish_command(&child);
1779 if (status)
1780 return "index-pack abnormal exit";
1781 reprepare_packed_git();
1782 }
1783 return NULL;
1784}
1785
1786static const char *unpack_with_sideband(struct shallow_info *si)
1787{
1788 struct async muxer;
1789 const char *ret;
1790
1791 if (!use_sideband)
1792 return unpack(0, si);
1793
1794 use_keepalive = KEEPALIVE_AFTER_NUL;
1795 memset(&muxer, 0, sizeof(muxer));
1796 muxer.proc = copy_to_sideband;
1797 muxer.in = -1;
1798 if (start_async(&muxer))
1799 return NULL;
1800
1801 ret = unpack(muxer.in, si);
1802
1803 finish_async(&muxer);
1804 return ret;
1805}
1806
1807static void prepare_shallow_update(struct command *commands,
1808 struct shallow_info *si)
1809{
1810 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1811
1812 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1813 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1814
1815 si->need_reachability_test =
1816 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1817 si->reachable =
1818 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1819 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1820
1821 for (i = 0; i < si->nr_ours; i++)
1822 si->need_reachability_test[si->ours[i]] = 1;
1823
1824 for (i = 0; i < si->shallow->nr; i++) {
1825 if (!si->used_shallow[i])
1826 continue;
1827 for (j = 0; j < bitmap_size; j++) {
1828 if (!si->used_shallow[i][j])
1829 continue;
1830 si->need_reachability_test[i]++;
1831 for (k = 0; k < 32; k++)
1832 if (si->used_shallow[i][j] & (1U << k))
1833 si->shallow_ref[j * 32 + k]++;
1834 }
1835
1836 /*
1837 * true for those associated with some refs and belong
1838 * in "ours" list aka "step 7 not done yet"
1839 */
1840 si->need_reachability_test[i] =
1841 si->need_reachability_test[i] > 1;
1842 }
1843
1844 /*
1845 * keep hooks happy by forcing a temporary shallow file via
1846 * env variable because we can't add --shallow-file to every
1847 * command. check_everything_connected() will be done with
1848 * true .git/shallow though.
1849 */
1850 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1851}
1852
1853static void update_shallow_info(struct command *commands,
1854 struct shallow_info *si,
1855 struct oid_array *ref)
1856{
1857 struct command *cmd;
1858 int *ref_status;
1859 remove_nonexistent_theirs_shallow(si);
1860 if (!si->nr_ours && !si->nr_theirs) {
1861 shallow_update = 0;
1862 return;
1863 }
1864
1865 for (cmd = commands; cmd; cmd = cmd->next) {
1866 if (is_null_oid(&cmd->new_oid))
1867 continue;
1868 oid_array_append(ref, &cmd->new_oid);
1869 cmd->index = ref->nr - 1;
1870 }
1871 si->ref = ref;
1872
1873 if (shallow_update) {
1874 prepare_shallow_update(commands, si);
1875 return;
1876 }
1877
1878 ALLOC_ARRAY(ref_status, ref->nr);
1879 assign_shallow_commits_to_refs(si, NULL, ref_status);
1880 for (cmd = commands; cmd; cmd = cmd->next) {
1881 if (is_null_oid(&cmd->new_oid))
1882 continue;
1883 if (ref_status[cmd->index]) {
1884 cmd->error_string = "shallow update not allowed";
1885 cmd->skip_update = 1;
1886 }
1887 }
1888 free(ref_status);
1889}
1890
1891static void report(struct command *commands, const char *unpack_status)
1892{
1893 struct command *cmd;
1894 struct strbuf buf = STRBUF_INIT;
1895
1896 packet_buf_write(&buf, "unpack %s\n",
1897 unpack_status ? unpack_status : "ok");
1898 for (cmd = commands; cmd; cmd = cmd->next) {
1899 if (!cmd->error_string)
1900 packet_buf_write(&buf, "ok %s\n",
1901 cmd->ref_name);
1902 else
1903 packet_buf_write(&buf, "ng %s %s\n",
1904 cmd->ref_name, cmd->error_string);
1905 }
1906 packet_buf_flush(&buf);
1907
1908 if (use_sideband)
1909 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1910 else
1911 write_or_die(1, buf.buf, buf.len);
1912 strbuf_release(&buf);
1913}
1914
1915static int delete_only(struct command *commands)
1916{
1917 struct command *cmd;
1918 for (cmd = commands; cmd; cmd = cmd->next) {
1919 if (!is_null_oid(&cmd->new_oid))
1920 return 0;
1921 }
1922 return 1;
1923}
1924
1925int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1926{
1927 int advertise_refs = 0;
1928 struct command *commands;
1929 struct oid_array shallow = OID_ARRAY_INIT;
1930 struct oid_array ref = OID_ARRAY_INIT;
1931 struct shallow_info si;
1932
1933 struct option options[] = {
1934 OPT__QUIET(&quiet, N_("quiet")),
1935 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1936 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1937 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1938 OPT_END()
1939 };
1940
1941 packet_trace_identity("receive-pack");
1942
1943 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1944
1945 if (argc > 1)
1946 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1947 if (argc == 0)
1948 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1949
1950 service_dir = argv[0];
1951
1952 setup_path();
1953
1954 if (!enter_repo(service_dir, 0))
1955 die("'%s' does not appear to be a git repository", service_dir);
1956
1957 git_config(receive_pack_config, NULL);
1958 if (cert_nonce_seed)
1959 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1960
1961 if (0 <= transfer_unpack_limit)
1962 unpack_limit = transfer_unpack_limit;
1963 else if (0 <= receive_unpack_limit)
1964 unpack_limit = receive_unpack_limit;
1965
1966 switch (determine_protocol_version_server()) {
1967 case protocol_v1:
1968 /*
1969 * v1 is just the original protocol with a version string,
1970 * so just fall through after writing the version string.
1971 */
1972 if (advertise_refs || !stateless_rpc)
1973 packet_write_fmt(1, "version 1\n");
1974
1975 /* fallthrough */
1976 case protocol_v0:
1977 break;
1978 case protocol_unknown_version:
1979 BUG("unknown protocol version");
1980 }
1981
1982 if (advertise_refs || !stateless_rpc) {
1983 write_head_info();
1984 }
1985 if (advertise_refs)
1986 return 0;
1987
1988 if ((commands = read_head_info(&shallow)) != NULL) {
1989 const char *unpack_status = NULL;
1990 struct string_list push_options = STRING_LIST_INIT_DUP;
1991
1992 if (use_push_options)
1993 read_push_options(&push_options);
1994 if (!check_cert_push_options(&push_options)) {
1995 struct command *cmd;
1996 for (cmd = commands; cmd; cmd = cmd->next)
1997 cmd->error_string = "inconsistent push options";
1998 }
1999
2000 prepare_shallow_info(&si, &shallow);
2001 if (!si.nr_ours && !si.nr_theirs)
2002 shallow_update = 0;
2003 if (!delete_only(commands)) {
2004 unpack_status = unpack_with_sideband(&si);
2005 update_shallow_info(commands, &si, &ref);
2006 }
2007 use_keepalive = KEEPALIVE_ALWAYS;
2008 execute_commands(commands, unpack_status, &si,
2009 &push_options);
2010 if (pack_lockfile)
2011 unlink_or_warn(pack_lockfile);
2012 if (report_status)
2013 report(commands, unpack_status);
2014 run_receive_hook(commands, "post-receive", 1,
2015 &push_options);
2016 run_update_post_hook(commands);
2017 string_list_clear(&push_options, 0);
2018 if (auto_gc) {
2019 const char *argv_gc_auto[] = {
2020 "gc", "--auto", "--quiet", NULL,
2021 };
2022 struct child_process proc = CHILD_PROCESS_INIT;
2023
2024 proc.no_stdin = 1;
2025 proc.stdout_to_stderr = 1;
2026 proc.err = use_sideband ? -1 : 0;
2027 proc.git_cmd = 1;
2028 proc.argv = argv_gc_auto;
2029
2030 close_all_packs();
2031 if (!start_command(&proc)) {
2032 if (use_sideband)
2033 copy_to_sideband(proc.err, -1, NULL);
2034 finish_command(&proc);
2035 }
2036 }
2037 if (auto_update_server_info)
2038 update_server_info(0);
2039 clear_shallow_info(&si);
2040 }
2041 if (use_sideband)
2042 packet_flush(1);
2043 oid_array_clear(&shallow);
2044 oid_array_clear(&ref);
2045 free((void *)push_cert_nonce);
2046 return 0;
2047}