1#include "builtin.h"
2#include "pack.h"
3#include "refs.h"
4#include "pkt-line.h"
5#include "sideband.h"
6#include "run-command.h"
7#include "exec_cmd.h"
8#include "commit.h"
9#include "object.h"
10#include "remote.h"
11#include "connect.h"
12#include "transport.h"
13#include "string-list.h"
14#include "sha1-array.h"
15#include "connected.h"
16#include "argv-array.h"
17#include "version.h"
18#include "tag.h"
19#include "gpg-interface.h"
20static const char receive_pack_usage[] = "git receive-pack <git-dir>";
22enum deny_action {
24 DENY_UNCONFIGURED,
25 DENY_IGNORE,
26 DENY_WARN,
27 DENY_REFUSE
28};
29static int deny_deletes;
31static int deny_non_fast_forwards;
32static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
33static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
34static int receive_fsck_objects = -1;
35static int transfer_fsck_objects = -1;
36static int receive_unpack_limit = -1;
37static int transfer_unpack_limit = -1;
38static int unpack_limit = 100;
39static int report_status;
40static int use_sideband;
41static int quiet;
42static int prefer_ofs_delta = 1;
43static int auto_update_server_info;
44static int auto_gc = 1;
45static int fix_thin = 1;
46static const char *head_name;
47static void *head_name_to_free;
48static int sent_capabilities;
49static int shallow_update;
50static const char *alt_shallow_file;
51static struct strbuf push_cert = STRBUF_INIT;
52static unsigned char push_cert_sha1[20];
53static struct signature_check sigcheck;
54static const char *push_cert_nonce;
55static const char *cert_nonce_seed;
56static const char *NONCE_UNSOLICITED = "UNSOLICITED";
58static const char *NONCE_BAD = "BAD";
59static const char *NONCE_MISSING = "MISSING";
60static const char *NONCE_OK = "OK";
61static const char *nonce_status;
62static enum deny_action parse_deny_action(const char *var, const char *value)
64{
65 if (value) {
66 if (!strcasecmp(value, "ignore"))
67 return DENY_IGNORE;
68 if (!strcasecmp(value, "warn"))
69 return DENY_WARN;
70 if (!strcasecmp(value, "refuse"))
71 return DENY_REFUSE;
72 }
73 if (git_config_bool(var, value))
74 return DENY_REFUSE;
75 return DENY_IGNORE;
76}
77static int receive_pack_config(const char *var, const char *value, void *cb)
79{
80 int status = parse_hide_refs_config(var, value, "receive");
81 if (status)
83 return status;
84 if (strcmp(var, "receive.denydeletes") == 0) {
86 deny_deletes = git_config_bool(var, value);
87 return 0;
88 }
89 if (strcmp(var, "receive.denynonfastforwards") == 0) {
91 deny_non_fast_forwards = git_config_bool(var, value);
92 return 0;
93 }
94 if (strcmp(var, "receive.unpacklimit") == 0) {
96 receive_unpack_limit = git_config_int(var, value);
97 return 0;
98 }
99 if (strcmp(var, "transfer.unpacklimit") == 0) {
101 transfer_unpack_limit = git_config_int(var, value);
102 return 0;
103 }
104 if (strcmp(var, "receive.fsckobjects") == 0) {
106 receive_fsck_objects = git_config_bool(var, value);
107 return 0;
108 }
109 if (strcmp(var, "transfer.fsckobjects") == 0) {
111 transfer_fsck_objects = git_config_bool(var, value);
112 return 0;
113 }
114 if (!strcmp(var, "receive.denycurrentbranch")) {
116 deny_current_branch = parse_deny_action(var, value);
117 return 0;
118 }
119 if (strcmp(var, "receive.denydeletecurrent") == 0) {
121 deny_delete_current = parse_deny_action(var, value);
122 return 0;
123 }
124 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
126 prefer_ofs_delta = git_config_bool(var, value);
127 return 0;
128 }
129 if (strcmp(var, "receive.updateserverinfo") == 0) {
131 auto_update_server_info = git_config_bool(var, value);
132 return 0;
133 }
134 if (strcmp(var, "receive.autogc") == 0) {
136 auto_gc = git_config_bool(var, value);
137 return 0;
138 }
139 if (strcmp(var, "receive.shallowupdate") == 0) {
141 shallow_update = git_config_bool(var, value);
142 return 0;
143 }
144 if (strcmp(var, "receive.certnonceseed") == 0)
146 return git_config_string(&cert_nonce_seed, var, value);
147 return git_default_config(var, value, cb);
149}
150static void show_ref(const char *path, const unsigned char *sha1)
152{
153 if (ref_is_hidden(path))
154 return;
155 if (sent_capabilities) {
157 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
158 } else {
159 struct strbuf cap = STRBUF_INIT;
160 strbuf_addstr(&cap,
162 "report-status delete-refs side-band-64k quiet");
163 if (prefer_ofs_delta)
164 strbuf_addstr(&cap, " ofs-delta");
165 if (push_cert_nonce)
166 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
167 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
168 packet_write(1, "%s %s%c%s\n",
169 sha1_to_hex(sha1), path, 0, cap.buf);
170 strbuf_release(&cap);
171 sent_capabilities = 1;
172 }
173}
174static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
176{
177 path = strip_namespace(path);
178 /*
179 * Advertise refs outside our current namespace as ".have"
180 * refs, so that the client can use them to minimize data
181 * transfer but will otherwise ignore them. This happens to
182 * cover ".have" that are thrown in by add_one_alternate_ref()
183 * to mark histories that are complete in our alternates as
184 * well.
185 */
186 if (!path)
187 path = ".have";
188 show_ref(path, sha1);
189 return 0;
190}
191static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
193{
194 show_ref(".have", sha1);
195}
196static void collect_one_alternate_ref(const struct ref *ref, void *data)
198{
199 struct sha1_array *sa = data;
200 sha1_array_append(sa, ref->old_sha1);
201}
202static void write_head_info(void)
204{
205 struct sha1_array sa = SHA1_ARRAY_INIT;
206 for_each_alternate_ref(collect_one_alternate_ref, &sa);
207 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
208 sha1_array_clear(&sa);
209 for_each_ref(show_ref_cb, NULL);
210 if (!sent_capabilities)
211 show_ref("capabilities^{}", null_sha1);
212 advertise_shallow_grafts(1);
214 /* EOF */
216 packet_flush(1);
217}
218struct command {
220 struct command *next;
221 const char *error_string;
222 unsigned int skip_update:1,
223 did_not_exist:1;
224 int index;
225 unsigned char old_sha1[20];
226 unsigned char new_sha1[20];
227 char ref_name[FLEX_ARRAY]; /* more */
228};
229static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
231static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
232static void report_message(const char *prefix, const char *err, va_list params)
234{
235 int sz = strlen(prefix);
236 char msg[4096];
237 strncpy(msg, prefix, sz);
239 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
240 if (sz > (sizeof(msg) - 1))
241 sz = sizeof(msg) - 1;
242 msg[sz++] = '\n';
243 if (use_sideband)
245 send_sideband(1, 2, msg, sz, use_sideband);
246 else
247 xwrite(2, msg, sz);
248}
249static void rp_warning(const char *err, ...)
251{
252 va_list params;
253 va_start(params, err);
254 report_message("warning: ", err, params);
255 va_end(params);
256}
257static void rp_error(const char *err, ...)
259{
260 va_list params;
261 va_start(params, err);
262 report_message("error: ", err, params);
263 va_end(params);
264}
265static int copy_to_sideband(int in, int out, void *arg)
267{
268 char data[128];
269 while (1) {
270 ssize_t sz = xread(in, data, sizeof(data));
271 if (sz <= 0)
272 break;
273 send_sideband(1, 2, data, sz, use_sideband);
274 }
275 close(in);
276 return 0;
277}
278#define HMAC_BLOCK_SIZE 64
280static void hmac_sha1(unsigned char out[20],
282 const char *key_in, size_t key_len,
283 const char *text, size_t text_len)
284{
285 unsigned char key[HMAC_BLOCK_SIZE];
286 unsigned char k_ipad[HMAC_BLOCK_SIZE];
287 unsigned char k_opad[HMAC_BLOCK_SIZE];
288 int i;
289 git_SHA_CTX ctx;
290 /* RFC 2104 2. (1) */
292 memset(key, '\0', HMAC_BLOCK_SIZE);
293 if (HMAC_BLOCK_SIZE < key_len) {
294 git_SHA1_Init(&ctx);
295 git_SHA1_Update(&ctx, key_in, key_len);
296 git_SHA1_Final(key, &ctx);
297 } else {
298 memcpy(key, key_in, key_len);
299 }
300 /* RFC 2104 2. (2) & (5) */
302 for (i = 0; i < sizeof(key); i++) {
303 k_ipad[i] = key[i] ^ 0x36;
304 k_opad[i] = key[i] ^ 0x5c;
305 }
306 /* RFC 2104 2. (3) & (4) */
308 git_SHA1_Init(&ctx);
309 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
310 git_SHA1_Update(&ctx, text, text_len);
311 git_SHA1_Final(out, &ctx);
312 /* RFC 2104 2. (6) & (7) */
314 git_SHA1_Init(&ctx);
315 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
316 git_SHA1_Update(&ctx, out, sizeof(out));
317 git_SHA1_Final(out, &ctx);
318}
319static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
321{
322 struct strbuf buf = STRBUF_INIT;
323 unsigned char sha1[20];
324 strbuf_addf(&buf, "%s:%lu", path, stamp);
326 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
327 strbuf_release(&buf);
328 /* RFC 2104 5. HMAC-SHA1-80 */
330 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
331 return strbuf_detach(&buf, NULL);
332}
333/*
335 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
336 * after dropping "_commit" from its name and possibly moving it out
337 * of commit.c
338 */
339static char *find_header(const char *msg, size_t len, const char *key)
340{
341 int key_len = strlen(key);
342 const char *line = msg;
343 while (line && line < msg + len) {
345 const char *eol = strchrnul(line, '\n');
346 if ((msg + len <= eol) || line == eol)
348 return NULL;
349 if (line + key_len < eol &&
350 !memcmp(line, key, key_len) && line[key_len] == ' ') {
351 int offset = key_len + 1;
352 return xmemdupz(line + offset, (eol - line) - offset);
353 }
354 line = *eol ? eol + 1 : NULL;
355 }
356 return NULL;
357}
358static const char *check_nonce(const char *buf, size_t len)
360{
361 char *nonce = find_header(buf, len, "nonce");
362 const char *retval = NONCE_BAD;
363 if (!nonce) {
365 retval = NONCE_MISSING;
366 goto leave;
367 } else if (!push_cert_nonce) {
368 retval = NONCE_UNSOLICITED;
369 goto leave;
370 } else if (!strcmp(push_cert_nonce, nonce)) {
371 retval = NONCE_OK;
372 goto leave;
373 }
374 /* returned nonce MUST match what we gave out earlier */
376 retval = NONCE_BAD;
377leave:
379 free(nonce);
380 return retval;
381}
382static void prepare_push_cert_sha1(struct child_process *proc)
384{
385 static int already_done;
386 struct argv_array env = ARGV_ARRAY_INIT;
387 if (!push_cert.len)
389 return;
390 if (!already_done) {
392 struct strbuf gpg_output = STRBUF_INIT;
393 struct strbuf gpg_status = STRBUF_INIT;
394 int bogs /* beginning_of_gpg_sig */;
395 already_done = 1;
397 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
398 hashclr(push_cert_sha1);
399 memset(&sigcheck, '\0', sizeof(sigcheck));
401 sigcheck.result = 'N';
402 bogs = parse_signature(push_cert.buf, push_cert.len);
404 if (verify_signed_buffer(push_cert.buf, bogs,
405 push_cert.buf + bogs, push_cert.len - bogs,
406 &gpg_output, &gpg_status) < 0) {
407 ; /* error running gpg */
408 } else {
409 sigcheck.payload = push_cert.buf;
410 sigcheck.gpg_output = gpg_output.buf;
411 sigcheck.gpg_status = gpg_status.buf;
412 parse_gpg_output(&sigcheck);
413 }
414 strbuf_release(&gpg_output);
416 strbuf_release(&gpg_status);
417 nonce_status = check_nonce(push_cert.buf, bogs);
418 }
419 if (!is_null_sha1(push_cert_sha1)) {
420 argv_array_pushf(&env, "GIT_PUSH_CERT=%s", sha1_to_hex(push_cert_sha1));
421 argv_array_pushf(&env, "GIT_PUSH_CERT_SIGNER=%s",
422 sigcheck.signer ? sigcheck.signer : "");
423 argv_array_pushf(&env, "GIT_PUSH_CERT_KEY=%s",
424 sigcheck.key ? sigcheck.key : "");
425 argv_array_pushf(&env, "GIT_PUSH_CERT_STATUS=%c", sigcheck.result);
426 if (push_cert_nonce) {
427 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE=%s", push_cert_nonce);
428 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE_STATUS=%s", nonce_status);
429 }
430 proc->env = env.argv;
431 }
432}
433typedef int (*feed_fn)(void *, const char **, size_t *);
435static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
436{
437 struct child_process proc;
438 struct async muxer;
439 const char *argv[2];
440 int code;
441 argv[0] = find_hook(hook_name);
443 if (!argv[0])
444 return 0;
445 argv[1] = NULL;
447 memset(&proc, 0, sizeof(proc));
449 proc.argv = argv;
450 proc.in = -1;
451 proc.stdout_to_stderr = 1;
452 prepare_push_cert_sha1(&proc);
454 if (use_sideband) {
456 memset(&muxer, 0, sizeof(muxer));
457 muxer.proc = copy_to_sideband;
458 muxer.in = -1;
459 code = start_async(&muxer);
460 if (code)
461 return code;
462 proc.err = muxer.in;
463 }
464 code = start_command(&proc);
466 if (code) {
467 if (use_sideband)
468 finish_async(&muxer);
469 return code;
470 }
471 while (1) {
473 const char *buf;
474 size_t n;
475 if (feed(feed_state, &buf, &n))
476 break;
477 if (write_in_full(proc.in, buf, n) != n)
478 break;
479 }
480 close(proc.in);
481 if (use_sideband)
482 finish_async(&muxer);
483 return finish_command(&proc);
484}
485struct receive_hook_feed_state {
487 struct command *cmd;
488 int skip_broken;
489 struct strbuf buf;
490};
491static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
493{
494 struct receive_hook_feed_state *state = state_;
495 struct command *cmd = state->cmd;
496 while (cmd &&
498 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
499 cmd = cmd->next;
500 if (!cmd)
501 return -1; /* EOF */
502 strbuf_reset(&state->buf);
503 strbuf_addf(&state->buf, "%s %s %s\n",
504 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
505 cmd->ref_name);
506 state->cmd = cmd->next;
507 if (bufp) {
508 *bufp = state->buf.buf;
509 *sizep = state->buf.len;
510 }
511 return 0;
512}
513static int run_receive_hook(struct command *commands, const char *hook_name,
515 int skip_broken)
516{
517 struct receive_hook_feed_state state;
518 int status;
519 strbuf_init(&state.buf, 0);
521 state.cmd = commands;
522 state.skip_broken = skip_broken;
523 if (feed_receive_hook(&state, NULL, NULL))
524 return 0;
525 state.cmd = commands;
526 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
527 strbuf_release(&state.buf);
528 return status;
529}
530static int run_update_hook(struct command *cmd)
532{
533 const char *argv[5];
534 struct child_process proc;
535 int code;
536 argv[0] = find_hook("update");
538 if (!argv[0])
539 return 0;
540 argv[1] = cmd->ref_name;
542 argv[2] = sha1_to_hex(cmd->old_sha1);
543 argv[3] = sha1_to_hex(cmd->new_sha1);
544 argv[4] = NULL;
545 memset(&proc, 0, sizeof(proc));
547 proc.no_stdin = 1;
548 proc.stdout_to_stderr = 1;
549 proc.err = use_sideband ? -1 : 0;
550 proc.argv = argv;
551 code = start_command(&proc);
553 if (code)
554 return code;
555 if (use_sideband)
556 copy_to_sideband(proc.err, -1, NULL);
557 return finish_command(&proc);
558}
559static int is_ref_checked_out(const char *ref)
561{
562 if (is_bare_repository())
563 return 0;
564 if (!head_name)
566 return 0;
567 return !strcmp(head_name, ref);
568}
569static char *refuse_unconfigured_deny_msg[] = {
571 "By default, updating the current branch in a non-bare repository",
572 "is denied, because it will make the index and work tree inconsistent",
573 "with what you pushed, and will require 'git reset --hard' to match",
574 "the work tree to HEAD.",
575 "",
576 "You can set 'receive.denyCurrentBranch' configuration variable to",
577 "'ignore' or 'warn' in the remote repository to allow pushing into",
578 "its current branch; however, this is not recommended unless you",
579 "arranged to update its work tree to match what you pushed in some",
580 "other way.",
581 "",
582 "To squelch this message and still keep the default behaviour, set",
583 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
584};
585static void refuse_unconfigured_deny(void)
587{
588 int i;
589 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
590 rp_error("%s", refuse_unconfigured_deny_msg[i]);
591}
592static char *refuse_unconfigured_deny_delete_current_msg[] = {
594 "By default, deleting the current branch is denied, because the next",
595 "'git clone' won't result in any file checked out, causing confusion.",
596 "",
597 "You can set 'receive.denyDeleteCurrent' configuration variable to",
598 "'warn' or 'ignore' in the remote repository to allow deleting the",
599 "current branch, with or without a warning message.",
600 "",
601 "To squelch this message, you can set it to 'refuse'."
602};
603static void refuse_unconfigured_deny_delete_current(void)
605{
606 int i;
607 for (i = 0;
608 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
609 i++)
610 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
611}
612static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
614static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
615{
616 static struct lock_file shallow_lock;
617 struct sha1_array extra = SHA1_ARRAY_INIT;
618 const char *alt_file;
619 uint32_t mask = 1 << (cmd->index % 32);
620 int i;
621 trace_printf_key(&trace_shallow,
623 "shallow: update_shallow_ref %s\n", cmd->ref_name);
624 for (i = 0; i < si->shallow->nr; i++)
625 if (si->used_shallow[i] &&
626 (si->used_shallow[i][cmd->index / 32] & mask) &&
627 !delayed_reachability_test(si, i))
628 sha1_array_append(&extra, si->shallow->sha1[i]);
629 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
631 if (check_shallow_connected(command_singleton_iterator,
632 0, cmd, alt_file)) {
633 rollback_lock_file(&shallow_lock);
634 sha1_array_clear(&extra);
635 return -1;
636 }
637 commit_lock_file(&shallow_lock);
639 /*
641 * Make sure setup_alternate_shallow() for the next ref does
642 * not lose these new roots..
643 */
644 for (i = 0; i < extra.nr; i++)
645 register_shallow(extra.sha1[i]);
646 si->shallow_ref[cmd->index] = 0;
648 sha1_array_clear(&extra);
649 return 0;
650}
651static const char *update(struct command *cmd, struct shallow_info *si)
653{
654 const char *name = cmd->ref_name;
655 struct strbuf namespaced_name_buf = STRBUF_INIT;
656 const char *namespaced_name;
657 unsigned char *old_sha1 = cmd->old_sha1;
658 unsigned char *new_sha1 = cmd->new_sha1;
659 struct ref_lock *lock;
660 /* only refs/... are allowed */
662 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
663 rp_error("refusing to create funny ref '%s' remotely", name);
664 return "funny refname";
665 }
666 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
668 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
669 if (is_ref_checked_out(namespaced_name)) {
671 switch (deny_current_branch) {
672 case DENY_IGNORE:
673 break;
674 case DENY_WARN:
675 rp_warning("updating the current branch");
676 break;
677 case DENY_REFUSE:
678 case DENY_UNCONFIGURED:
679 rp_error("refusing to update checked out branch: %s", name);
680 if (deny_current_branch == DENY_UNCONFIGURED)
681 refuse_unconfigured_deny();
682 return "branch is currently checked out";
683 }
684 }
685 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
687 error("unpack should have generated %s, "
688 "but I can't find it!", sha1_to_hex(new_sha1));
689 return "bad pack";
690 }
691 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
693 if (deny_deletes && starts_with(name, "refs/heads/")) {
694 rp_error("denying ref deletion for %s", name);
695 return "deletion prohibited";
696 }
697 if (!strcmp(namespaced_name, head_name)) {
699 switch (deny_delete_current) {
700 case DENY_IGNORE:
701 break;
702 case DENY_WARN:
703 rp_warning("deleting the current branch");
704 break;
705 case DENY_REFUSE:
706 case DENY_UNCONFIGURED:
707 if (deny_delete_current == DENY_UNCONFIGURED)
708 refuse_unconfigured_deny_delete_current();
709 rp_error("refusing to delete the current branch: %s", name);
710 return "deletion of the current branch prohibited";
711 }
712 }
713 }
714 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
716 !is_null_sha1(old_sha1) &&
717 starts_with(name, "refs/heads/")) {
718 struct object *old_object, *new_object;
719 struct commit *old_commit, *new_commit;
720 old_object = parse_object(old_sha1);
722 new_object = parse_object(new_sha1);
723 if (!old_object || !new_object ||
725 old_object->type != OBJ_COMMIT ||
726 new_object->type != OBJ_COMMIT) {
727 error("bad sha1 objects for %s", name);
728 return "bad ref";
729 }
730 old_commit = (struct commit *)old_object;
731 new_commit = (struct commit *)new_object;
732 if (!in_merge_bases(old_commit, new_commit)) {
733 rp_error("denying non-fast-forward %s"
734 " (you should pull first)", name);
735 return "non-fast-forward";
736 }
737 }
738 if (run_update_hook(cmd)) {
739 rp_error("hook declined to update %s", name);
740 return "hook declined";
741 }
742 if (is_null_sha1(new_sha1)) {
744 if (!parse_object(old_sha1)) {
745 old_sha1 = NULL;
746 if (ref_exists(name)) {
747 rp_warning("Allowing deletion of corrupt ref.");
748 } else {
749 rp_warning("Deleting a non-existent ref.");
750 cmd->did_not_exist = 1;
751 }
752 }
753 if (delete_ref(namespaced_name, old_sha1, 0)) {
754 rp_error("failed to delete %s", name);
755 return "failed to delete";
756 }
757 return NULL; /* good */
758 }
759 else {
760 if (shallow_update && si->shallow_ref[cmd->index] &&
761 update_shallow_ref(cmd, si))
762 return "shallow error";
763 lock = lock_any_ref_for_update(namespaced_name, old_sha1,
765 0, NULL);
766 if (!lock) {
767 rp_error("failed to lock %s", name);
768 return "failed to lock";
769 }
770 if (write_ref_sha1(lock, new_sha1, "push")) {
771 return "failed to write"; /* error() already called */
772 }
773 return NULL; /* good */
774 }
775}
776static void run_update_post_hook(struct command *commands)
778{
779 struct command *cmd;
780 int argc;
781 const char **argv;
782 struct child_process proc;
783 char *hook;
784 hook = find_hook("post-update");
786 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
787 if (cmd->error_string || cmd->did_not_exist)
788 continue;
789 argc++;
790 }
791 if (!argc || !hook)
792 return;
793 argv = xmalloc(sizeof(*argv) * (2 + argc));
795 argv[0] = hook;
796 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
798 if (cmd->error_string || cmd->did_not_exist)
799 continue;
800 argv[argc] = xstrdup(cmd->ref_name);
801 argc++;
802 }
803 argv[argc] = NULL;
804 memset(&proc, 0, sizeof(proc));
806 proc.no_stdin = 1;
807 proc.stdout_to_stderr = 1;
808 proc.err = use_sideband ? -1 : 0;
809 proc.argv = argv;
810 if (!start_command(&proc)) {
812 if (use_sideband)
813 copy_to_sideband(proc.err, -1, NULL);
814 finish_command(&proc);
815 }
816}
817static void check_aliased_update(struct command *cmd, struct string_list *list)
819{
820 struct strbuf buf = STRBUF_INIT;
821 const char *dst_name;
822 struct string_list_item *item;
823 struct command *dst_cmd;
824 unsigned char sha1[20];
825 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
826 int flag;
827 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
829 dst_name = resolve_ref_unsafe(buf.buf, sha1, 0, &flag);
830 strbuf_release(&buf);
831 if (!(flag & REF_ISSYMREF))
833 return;
834 dst_name = strip_namespace(dst_name);
836 if (!dst_name) {
837 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
838 cmd->skip_update = 1;
839 cmd->error_string = "broken symref";
840 return;
841 }
842 if ((item = string_list_lookup(list, dst_name)) == NULL)
844 return;
845 cmd->skip_update = 1;
847 dst_cmd = (struct command *) item->util;
849 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
851 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
852 return;
853 dst_cmd->skip_update = 1;
855 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
857 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
858 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
859 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
860 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
861 " its target '%s' (%s..%s)",
862 cmd->ref_name, cmd_oldh, cmd_newh,
863 dst_cmd->ref_name, dst_oldh, dst_newh);
864 cmd->error_string = dst_cmd->error_string =
866 "inconsistent aliased update";
867}
868static void check_aliased_updates(struct command *commands)
870{
871 struct command *cmd;
872 struct string_list ref_list = STRING_LIST_INIT_NODUP;
873 for (cmd = commands; cmd; cmd = cmd->next) {
875 struct string_list_item *item =
876 string_list_append(&ref_list, cmd->ref_name);
877 item->util = (void *)cmd;
878 }
879 sort_string_list(&ref_list);
880 for (cmd = commands; cmd; cmd = cmd->next) {
882 if (!cmd->error_string)
883 check_aliased_update(cmd, &ref_list);
884 }
885 string_list_clear(&ref_list, 0);
887}
888static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
890{
891 struct command **cmd_list = cb_data;
892 struct command *cmd = *cmd_list;
893 if (!cmd || is_null_sha1(cmd->new_sha1))
895 return -1; /* end of list */
896 *cmd_list = NULL; /* this returns only one */
897 hashcpy(sha1, cmd->new_sha1);
898 return 0;
899}
900static void set_connectivity_errors(struct command *commands,
902 struct shallow_info *si)
903{
904 struct command *cmd;
905 for (cmd = commands; cmd; cmd = cmd->next) {
907 struct command *singleton = cmd;
908 if (shallow_update && si->shallow_ref[cmd->index])
909 /* to be checked in update_shallow_ref() */
910 continue;
911 if (!check_everything_connected(command_singleton_iterator,
912 0, &singleton))
913 continue;
914 cmd->error_string = "missing necessary objects";
915 }
916}
917struct iterate_data {
919 struct command *cmds;
920 struct shallow_info *si;
921};
922static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
924{
925 struct iterate_data *data = cb_data;
926 struct command **cmd_list = &data->cmds;
927 struct command *cmd = *cmd_list;
928 for (; cmd; cmd = cmd->next) {
930 if (shallow_update && data->si->shallow_ref[cmd->index])
931 /* to be checked in update_shallow_ref() */
932 continue;
933 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
934 hashcpy(sha1, cmd->new_sha1);
935 *cmd_list = cmd->next;
936 return 0;
937 }
938 }
939 *cmd_list = NULL;
940 return -1; /* end of list */
941}
942static void reject_updates_to_hidden(struct command *commands)
944{
945 struct command *cmd;
946 for (cmd = commands; cmd; cmd = cmd->next) {
948 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
949 continue;
950 if (is_null_sha1(cmd->new_sha1))
951 cmd->error_string = "deny deleting a hidden ref";
952 else
953 cmd->error_string = "deny updating a hidden ref";
954 }
955}
956static void execute_commands(struct command *commands,
958 const char *unpacker_error,
959 struct shallow_info *si)
960{
961 int checked_connectivity;
962 struct command *cmd;
963 unsigned char sha1[20];
964 struct iterate_data data;
965 if (unpacker_error) {
967 for (cmd = commands; cmd; cmd = cmd->next)
968 cmd->error_string = "unpacker error";
969 return;
970 }
971 data.cmds = commands;
973 data.si = si;
974 if (check_everything_connected(iterate_receive_command_list, 0, &data))
975 set_connectivity_errors(commands, si);
976 reject_updates_to_hidden(commands);
978 if (run_receive_hook(commands, "pre-receive", 0)) {
980 for (cmd = commands; cmd; cmd = cmd->next) {
981 if (!cmd->error_string)
982 cmd->error_string = "pre-receive hook declined";
983 }
984 return;
985 }
986 check_aliased_updates(commands);
988 free(head_name_to_free);
990 head_name = head_name_to_free = resolve_refdup("HEAD", sha1, 0, NULL);
991 checked_connectivity = 1;
993 for (cmd = commands; cmd; cmd = cmd->next) {
994 if (cmd->error_string)
995 continue;
996 if (cmd->skip_update)
998 continue;
999 cmd->error_string = update(cmd, si);
1001 if (shallow_update && !cmd->error_string &&
1002 si->shallow_ref[cmd->index]) {
1003 error("BUG: connectivity check has not been run on ref %s",
1004 cmd->ref_name);
1005 checked_connectivity = 0;
1006 }
1007 }
1008 if (shallow_update && !checked_connectivity)
1010 error("BUG: run 'git fsck' for safety.\n"
1011 "If there are errors, try to remove "
1012 "the reported refs above");
1013}
1014static struct command **queue_command(struct command **tail,
1016 const char *line,
1017 int linelen)
1018{
1019 unsigned char old_sha1[20], new_sha1[20];
1020 struct command *cmd;
1021 const char *refname;
1022 int reflen;
1023 if (linelen < 83 ||
1025 line[40] != ' ' ||
1026 line[81] != ' ' ||
1027 get_sha1_hex(line, old_sha1) ||
1028 get_sha1_hex(line + 41, new_sha1))
1029 die("protocol error: expected old/new/ref, got '%s'", line);
1030 refname = line + 82;
1032 reflen = linelen - 82;
1033 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1034 hashcpy(cmd->old_sha1, old_sha1);
1035 hashcpy(cmd->new_sha1, new_sha1);
1036 memcpy(cmd->ref_name, refname, reflen);
1037 cmd->ref_name[reflen] = '\0';
1038 *tail = cmd;
1039 return &cmd->next;
1040}
1041static void queue_commands_from_cert(struct command **tail,
1043 struct strbuf *push_cert)
1044{
1045 const char *boc, *eoc;
1046 if (*tail)
1048 die("protocol error: got both push certificate and unsigned commands");
1049 boc = strstr(push_cert->buf, "\n\n");
1051 if (!boc)
1052 die("malformed push certificate %.*s", 100, push_cert->buf);
1053 else
1054 boc += 2;
1055 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1056 while (boc < eoc) {
1058 const char *eol = memchr(boc, '\n', eoc - boc);
1059 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1060 boc = eol ? eol + 1 : eoc;
1061 }
1062}
1063static struct command *read_head_info(struct sha1_array *shallow)
1065{
1066 struct command *commands = NULL;
1067 struct command **p = &commands;
1068 for (;;) {
1069 char *line;
1070 int len, linelen;
1071 line = packet_read_line(0, &len);
1073 if (!line)
1074 break;
1075 if (len == 48 && starts_with(line, "shallow ")) {
1077 unsigned char sha1[20];
1078 if (get_sha1_hex(line + 8, sha1))
1079 die("protocol error: expected shallow sha, got '%s'",
1080 line + 8);
1081 sha1_array_append(shallow, sha1);
1082 continue;
1083 }
1084 linelen = strlen(line);
1086 if (linelen < len) {
1087 const char *feature_list = line + linelen + 1;
1088 if (parse_feature_request(feature_list, "report-status"))
1089 report_status = 1;
1090 if (parse_feature_request(feature_list, "side-band-64k"))
1091 use_sideband = LARGE_PACKET_MAX;
1092 if (parse_feature_request(feature_list, "quiet"))
1093 quiet = 1;
1094 }
1095 if (!strcmp(line, "push-cert")) {
1097 int true_flush = 0;
1098 char certbuf[1024];
1099 for (;;) {
1101 len = packet_read(0, NULL, NULL,
1102 certbuf, sizeof(certbuf), 0);
1103 if (!len) {
1104 true_flush = 1;
1105 break;
1106 }
1107 if (!strcmp(certbuf, "push-cert-end\n"))
1108 break; /* end of cert */
1109 strbuf_addstr(&push_cert, certbuf);
1110 }
1111 if (true_flush)
1113 break;
1114 continue;
1115 }
1116 p = queue_command(p, line, linelen);
1118 }
1119 if (push_cert.len)
1121 queue_commands_from_cert(p, &push_cert);
1122 return commands;
1124}
1125static const char *parse_pack_header(struct pack_header *hdr)
1127{
1128 switch (read_pack_header(0, hdr)) {
1129 case PH_ERROR_EOF:
1130 return "eof before pack header was fully read";
1131 case PH_ERROR_PACK_SIGNATURE:
1133 return "protocol error (pack signature mismatch detected)";
1134 case PH_ERROR_PROTOCOL:
1136 return "protocol error (pack version unsupported)";
1137 default:
1139 return "unknown error in parse_pack_header";
1140 case 0:
1142 return NULL;
1143 }
1144}
1145static const char *pack_lockfile;
1147static const char *unpack(int err_fd, struct shallow_info *si)
1149{
1150 struct pack_header hdr;
1151 struct argv_array av = ARGV_ARRAY_INIT;
1152 const char *hdr_err;
1153 int status;
1154 char hdr_arg[38];
1155 struct child_process child;
1156 int fsck_objects = (receive_fsck_objects >= 0
1157 ? receive_fsck_objects
1158 : transfer_fsck_objects >= 0
1159 ? transfer_fsck_objects
1160 : 0);
1161 hdr_err = parse_pack_header(&hdr);
1163 if (hdr_err) {
1164 if (err_fd > 0)
1165 close(err_fd);
1166 return hdr_err;
1167 }
1168 snprintf(hdr_arg, sizeof(hdr_arg),
1169 "--pack_header=%"PRIu32",%"PRIu32,
1170 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1171 if (si->nr_ours || si->nr_theirs) {
1173 alt_shallow_file = setup_temporary_shallow(si->shallow);
1174 argv_array_pushl(&av, "--shallow-file", alt_shallow_file, NULL);
1175 }
1176 memset(&child, 0, sizeof(child));
1178 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1179 argv_array_pushl(&av, "unpack-objects", hdr_arg, NULL);
1180 if (quiet)
1181 argv_array_push(&av, "-q");
1182 if (fsck_objects)
1183 argv_array_push(&av, "--strict");
1184 child.argv = av.argv;
1185 child.no_stdout = 1;
1186 child.err = err_fd;
1187 child.git_cmd = 1;
1188 status = run_command(&child);
1189 if (status)
1190 return "unpack-objects abnormal exit";
1191 } else {
1192 int s;
1193 char keep_arg[256];
1194 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1196 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1197 strcpy(keep_arg + s, "localhost");
1198 argv_array_pushl(&av, "index-pack",
1200 "--stdin", hdr_arg, keep_arg, NULL);
1201 if (fsck_objects)
1202 argv_array_push(&av, "--strict");
1203 if (fix_thin)
1204 argv_array_push(&av, "--fix-thin");
1205 child.argv = av.argv;
1206 child.out = -1;
1207 child.err = err_fd;
1208 child.git_cmd = 1;
1209 status = start_command(&child);
1210 if (status)
1211 return "index-pack fork failed";
1212 pack_lockfile = index_pack_lockfile(child.out);
1213 close(child.out);
1214 status = finish_command(&child);
1215 if (status)
1216 return "index-pack abnormal exit";
1217 reprepare_packed_git();
1218 }
1219 return NULL;
1220}
1221static const char *unpack_with_sideband(struct shallow_info *si)
1223{
1224 struct async muxer;
1225 const char *ret;
1226 if (!use_sideband)
1228 return unpack(0, si);
1229 memset(&muxer, 0, sizeof(muxer));
1231 muxer.proc = copy_to_sideband;
1232 muxer.in = -1;
1233 if (start_async(&muxer))
1234 return NULL;
1235 ret = unpack(muxer.in, si);
1237 finish_async(&muxer);
1239 return ret;
1240}
1241static void prepare_shallow_update(struct command *commands,
1243 struct shallow_info *si)
1244{
1245 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1246 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1248 si->shallow->nr);
1249 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1250 si->need_reachability_test =
1252 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1253 si->reachable =
1254 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1255 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1256 for (i = 0; i < si->nr_ours; i++)
1258 si->need_reachability_test[si->ours[i]] = 1;
1259 for (i = 0; i < si->shallow->nr; i++) {
1261 if (!si->used_shallow[i])
1262 continue;
1263 for (j = 0; j < bitmap_size; j++) {
1264 if (!si->used_shallow[i][j])
1265 continue;
1266 si->need_reachability_test[i]++;
1267 for (k = 0; k < 32; k++)
1268 if (si->used_shallow[i][j] & (1 << k))
1269 si->shallow_ref[j * 32 + k]++;
1270 }
1271 /*
1273 * true for those associated with some refs and belong
1274 * in "ours" list aka "step 7 not done yet"
1275 */
1276 si->need_reachability_test[i] =
1277 si->need_reachability_test[i] > 1;
1278 }
1279 /*
1281 * keep hooks happy by forcing a temporary shallow file via
1282 * env variable because we can't add --shallow-file to every
1283 * command. check_everything_connected() will be done with
1284 * true .git/shallow though.
1285 */
1286 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1287}
1288static void update_shallow_info(struct command *commands,
1290 struct shallow_info *si,
1291 struct sha1_array *ref)
1292{
1293 struct command *cmd;
1294 int *ref_status;
1295 remove_nonexistent_theirs_shallow(si);
1296 if (!si->nr_ours && !si->nr_theirs) {
1297 shallow_update = 0;
1298 return;
1299 }
1300 for (cmd = commands; cmd; cmd = cmd->next) {
1302 if (is_null_sha1(cmd->new_sha1))
1303 continue;
1304 sha1_array_append(ref, cmd->new_sha1);
1305 cmd->index = ref->nr - 1;
1306 }
1307 si->ref = ref;
1308 if (shallow_update) {
1310 prepare_shallow_update(commands, si);
1311 return;
1312 }
1313 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1315 assign_shallow_commits_to_refs(si, NULL, ref_status);
1316 for (cmd = commands; cmd; cmd = cmd->next) {
1317 if (is_null_sha1(cmd->new_sha1))
1318 continue;
1319 if (ref_status[cmd->index]) {
1320 cmd->error_string = "shallow update not allowed";
1321 cmd->skip_update = 1;
1322 }
1323 }
1324 free(ref_status);
1325}
1326static void report(struct command *commands, const char *unpack_status)
1328{
1329 struct command *cmd;
1330 struct strbuf buf = STRBUF_INIT;
1331 packet_buf_write(&buf, "unpack %s\n",
1333 unpack_status ? unpack_status : "ok");
1334 for (cmd = commands; cmd; cmd = cmd->next) {
1335 if (!cmd->error_string)
1336 packet_buf_write(&buf, "ok %s\n",
1337 cmd->ref_name);
1338 else
1339 packet_buf_write(&buf, "ng %s %s\n",
1340 cmd->ref_name, cmd->error_string);
1341 }
1342 packet_buf_flush(&buf);
1343 if (use_sideband)
1345 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1346 else
1347 write_or_die(1, buf.buf, buf.len);
1348 strbuf_release(&buf);
1349}
1350static int delete_only(struct command *commands)
1352{
1353 struct command *cmd;
1354 for (cmd = commands; cmd; cmd = cmd->next) {
1355 if (!is_null_sha1(cmd->new_sha1))
1356 return 0;
1357 }
1358 return 1;
1359}
1360int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1362{
1363 int advertise_refs = 0;
1364 int stateless_rpc = 0;
1365 int i;
1366 const char *dir = NULL;
1367 struct command *commands;
1368 struct sha1_array shallow = SHA1_ARRAY_INIT;
1369 struct sha1_array ref = SHA1_ARRAY_INIT;
1370 struct shallow_info si;
1371 packet_trace_identity("receive-pack");
1373 argv++;
1375 for (i = 1; i < argc; i++) {
1376 const char *arg = *argv++;
1377 if (*arg == '-') {
1379 if (!strcmp(arg, "--quiet")) {
1380 quiet = 1;
1381 continue;
1382 }
1383 if (!strcmp(arg, "--advertise-refs")) {
1385 advertise_refs = 1;
1386 continue;
1387 }
1388 if (!strcmp(arg, "--stateless-rpc")) {
1389 stateless_rpc = 1;
1390 continue;
1391 }
1392 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1393 fix_thin = 0;
1394 continue;
1395 }
1396 usage(receive_pack_usage);
1398 }
1399 if (dir)
1400 usage(receive_pack_usage);
1401 dir = arg;
1402 }
1403 if (!dir)
1404 usage(receive_pack_usage);
1405 setup_path();
1407 if (!enter_repo(dir, 0))
1409 die("'%s' does not appear to be a git repository", dir);
1410 git_config(receive_pack_config, NULL);
1412 if (cert_nonce_seed)
1413 push_cert_nonce = prepare_push_cert_nonce(dir, time(NULL));
1414 if (0 <= transfer_unpack_limit)
1416 unpack_limit = transfer_unpack_limit;
1417 else if (0 <= receive_unpack_limit)
1418 unpack_limit = receive_unpack_limit;
1419 if (advertise_refs || !stateless_rpc) {
1421 write_head_info();
1422 }
1423 if (advertise_refs)
1424 return 0;
1425 if ((commands = read_head_info(&shallow)) != NULL) {
1427 const char *unpack_status = NULL;
1428 prepare_shallow_info(&si, &shallow);
1430 if (!si.nr_ours && !si.nr_theirs)
1431 shallow_update = 0;
1432 if (!delete_only(commands)) {
1433 unpack_status = unpack_with_sideband(&si);
1434 update_shallow_info(commands, &si, &ref);
1435 }
1436 execute_commands(commands, unpack_status, &si);
1437 if (pack_lockfile)
1438 unlink_or_warn(pack_lockfile);
1439 if (report_status)
1440 report(commands, unpack_status);
1441 run_receive_hook(commands, "post-receive", 1);
1442 run_update_post_hook(commands);
1443 if (auto_gc) {
1444 const char *argv_gc_auto[] = {
1445 "gc", "--auto", "--quiet", NULL,
1446 };
1447 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1448 run_command_v_opt(argv_gc_auto, opt);
1449 }
1450 if (auto_update_server_info)
1451 update_server_info(0);
1452 clear_shallow_info(&si);
1453 }
1454 if (use_sideband)
1455 packet_flush(1);
1456 sha1_array_clear(&shallow);
1457 sha1_array_clear(&ref);
1458 free((void *)push_cert_nonce);
1459 return 0;
1460}