1#include "builtin.h"
2#include "config.h"
3#include "lockfile.h"
4#include "pack.h"
5#include "refs.h"
6#include "pkt-line.h"
7#include "sideband.h"
8#include "run-command.h"
9#include "exec_cmd.h"
10#include "commit.h"
11#include "object.h"
12#include "remote.h"
13#include "connect.h"
14#include "transport.h"
15#include "string-list.h"
16#include "sha1-array.h"
17#include "connected.h"
18#include "argv-array.h"
19#include "version.h"
20#include "tag.h"
21#include "gpg-interface.h"
22#include "sigchain.h"
23#include "fsck.h"
24#include "tmp-objdir.h"
25#include "oidset.h"
26
27static const char * const receive_pack_usage[] = {
28 N_("git receive-pack <git-dir>"),
29 NULL
30};
31
32enum deny_action {
33 DENY_UNCONFIGURED,
34 DENY_IGNORE,
35 DENY_WARN,
36 DENY_REFUSE,
37 DENY_UPDATE_INSTEAD
38};
39
40static int deny_deletes;
41static int deny_non_fast_forwards;
42static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
43static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
44static int receive_fsck_objects = -1;
45static int transfer_fsck_objects = -1;
46static struct strbuf fsck_msg_types = STRBUF_INIT;
47static int receive_unpack_limit = -1;
48static int transfer_unpack_limit = -1;
49static int advertise_atomic_push = 1;
50static int advertise_push_options;
51static int unpack_limit = 100;
52static off_t max_input_size;
53static int report_status;
54static int use_sideband;
55static int use_atomic;
56static int use_push_options;
57static int quiet;
58static int prefer_ofs_delta = 1;
59static int auto_update_server_info;
60static int auto_gc = 1;
61static int reject_thin;
62static int stateless_rpc;
63static const char *service_dir;
64static const char *head_name;
65static void *head_name_to_free;
66static int sent_capabilities;
67static int shallow_update;
68static const char *alt_shallow_file;
69static struct strbuf push_cert = STRBUF_INIT;
70static unsigned char push_cert_sha1[20];
71static struct signature_check sigcheck;
72static const char *push_cert_nonce;
73static const char *cert_nonce_seed;
74
75static const char *NONCE_UNSOLICITED = "UNSOLICITED";
76static const char *NONCE_BAD = "BAD";
77static const char *NONCE_MISSING = "MISSING";
78static const char *NONCE_OK = "OK";
79static const char *NONCE_SLOP = "SLOP";
80static const char *nonce_status;
81static long nonce_stamp_slop;
82static timestamp_t nonce_stamp_slop_limit;
83static struct ref_transaction *transaction;
84
85static enum {
86 KEEPALIVE_NEVER = 0,
87 KEEPALIVE_AFTER_NUL,
88 KEEPALIVE_ALWAYS
89} use_keepalive;
90static int keepalive_in_sec = 5;
91
92static struct tmp_objdir *tmp_objdir;
93
94static enum deny_action parse_deny_action(const char *var, const char *value)
95{
96 if (value) {
97 if (!strcasecmp(value, "ignore"))
98 return DENY_IGNORE;
99 if (!strcasecmp(value, "warn"))
100 return DENY_WARN;
101 if (!strcasecmp(value, "refuse"))
102 return DENY_REFUSE;
103 if (!strcasecmp(value, "updateinstead"))
104 return DENY_UPDATE_INSTEAD;
105 }
106 if (git_config_bool(var, value))
107 return DENY_REFUSE;
108 return DENY_IGNORE;
109}
110
111static int receive_pack_config(const char *var, const char *value, void *cb)
112{
113 int status = parse_hide_refs_config(var, value, "receive");
114
115 if (status)
116 return status;
117
118 if (strcmp(var, "receive.denydeletes") == 0) {
119 deny_deletes = git_config_bool(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "receive.denynonfastforwards") == 0) {
124 deny_non_fast_forwards = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.unpacklimit") == 0) {
129 receive_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "transfer.unpacklimit") == 0) {
134 transfer_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "receive.fsck.skiplist") == 0) {
139 const char *path;
140
141 if (git_config_pathname(&path, var, value))
142 return 1;
143 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
144 fsck_msg_types.len ? ',' : '=', path);
145 free((char *)path);
146 return 0;
147 }
148
149 if (skip_prefix(var, "receive.fsck.", &var)) {
150 if (is_valid_msg_type(var, value))
151 strbuf_addf(&fsck_msg_types, "%c%s=%s",
152 fsck_msg_types.len ? ',' : '=', var, value);
153 else
154 warning("Skipping unknown msg id '%s'", var);
155 return 0;
156 }
157
158 if (strcmp(var, "receive.fsckobjects") == 0) {
159 receive_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162
163 if (strcmp(var, "transfer.fsckobjects") == 0) {
164 transfer_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (!strcmp(var, "receive.denycurrentbranch")) {
169 deny_current_branch = parse_deny_action(var, value);
170 return 0;
171 }
172
173 if (strcmp(var, "receive.denydeletecurrent") == 0) {
174 deny_delete_current = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
179 prefer_ofs_delta = git_config_bool(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "receive.updateserverinfo") == 0) {
184 auto_update_server_info = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.autogc") == 0) {
189 auto_gc = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.shallowupdate") == 0) {
194 shallow_update = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.certnonceseed") == 0)
199 return git_config_string(&cert_nonce_seed, var, value);
200
201 if (strcmp(var, "receive.certnonceslop") == 0) {
202 nonce_stamp_slop_limit = git_config_ulong(var, value);
203 return 0;
204 }
205
206 if (strcmp(var, "receive.advertiseatomic") == 0) {
207 advertise_atomic_push = git_config_bool(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertisepushoptions") == 0) {
212 advertise_push_options = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.keepalive") == 0) {
217 keepalive_in_sec = git_config_int(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.maxinputsize") == 0) {
222 max_input_size = git_config_int64(var, value);
223 return 0;
224 }
225
226 return git_default_config(var, value, cb);
227}
228
229static void show_ref(const char *path, const struct object_id *oid)
230{
231 if (sent_capabilities) {
232 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
233 } else {
234 struct strbuf cap = STRBUF_INIT;
235
236 strbuf_addstr(&cap,
237 "report-status delete-refs side-band-64k quiet");
238 if (advertise_atomic_push)
239 strbuf_addstr(&cap, " atomic");
240 if (prefer_ofs_delta)
241 strbuf_addstr(&cap, " ofs-delta");
242 if (push_cert_nonce)
243 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
244 if (advertise_push_options)
245 strbuf_addstr(&cap, " push-options");
246 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
247 packet_write_fmt(1, "%s %s%c%s\n",
248 oid_to_hex(oid), path, 0, cap.buf);
249 strbuf_release(&cap);
250 sent_capabilities = 1;
251 }
252}
253
254static int show_ref_cb(const char *path_full, const struct object_id *oid,
255 int flag, void *data)
256{
257 struct oidset *seen = data;
258 const char *path = strip_namespace(path_full);
259
260 if (ref_is_hidden(path, path_full))
261 return 0;
262
263 /*
264 * Advertise refs outside our current namespace as ".have"
265 * refs, so that the client can use them to minimize data
266 * transfer but will otherwise ignore them.
267 */
268 if (!path) {
269 if (oidset_insert(seen, oid))
270 return 0;
271 path = ".have";
272 } else {
273 oidset_insert(seen, oid);
274 }
275 show_ref(path, oid);
276 return 0;
277}
278
279static void show_one_alternate_ref(const char *refname,
280 const struct object_id *oid,
281 void *data)
282{
283 struct oidset *seen = data;
284
285 if (oidset_insert(seen, oid))
286 return;
287
288 show_ref(".have", oid);
289}
290
291static void write_head_info(void)
292{
293 static struct oidset seen = OIDSET_INIT;
294
295 for_each_ref(show_ref_cb, &seen);
296 for_each_alternate_ref(show_one_alternate_ref, &seen);
297 oidset_clear(&seen);
298 if (!sent_capabilities)
299 show_ref("capabilities^{}", &null_oid);
300
301 advertise_shallow_grafts(1);
302
303 /* EOF */
304 packet_flush(1);
305}
306
307struct command {
308 struct command *next;
309 const char *error_string;
310 unsigned int skip_update:1,
311 did_not_exist:1;
312 int index;
313 struct object_id old_oid;
314 struct object_id new_oid;
315 char ref_name[FLEX_ARRAY]; /* more */
316};
317
318static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
319static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
320
321static void report_message(const char *prefix, const char *err, va_list params)
322{
323 int sz;
324 char msg[4096];
325
326 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
327 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
328 if (sz > (sizeof(msg) - 1))
329 sz = sizeof(msg) - 1;
330 msg[sz++] = '\n';
331
332 if (use_sideband)
333 send_sideband(1, 2, msg, sz, use_sideband);
334 else
335 xwrite(2, msg, sz);
336}
337
338static void rp_warning(const char *err, ...)
339{
340 va_list params;
341 va_start(params, err);
342 report_message("warning: ", err, params);
343 va_end(params);
344}
345
346static void rp_error(const char *err, ...)
347{
348 va_list params;
349 va_start(params, err);
350 report_message("error: ", err, params);
351 va_end(params);
352}
353
354static int copy_to_sideband(int in, int out, void *arg)
355{
356 char data[128];
357 int keepalive_active = 0;
358
359 if (keepalive_in_sec <= 0)
360 use_keepalive = KEEPALIVE_NEVER;
361 if (use_keepalive == KEEPALIVE_ALWAYS)
362 keepalive_active = 1;
363
364 while (1) {
365 ssize_t sz;
366
367 if (keepalive_active) {
368 struct pollfd pfd;
369 int ret;
370
371 pfd.fd = in;
372 pfd.events = POLLIN;
373 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
374
375 if (ret < 0) {
376 if (errno == EINTR)
377 continue;
378 else
379 break;
380 } else if (ret == 0) {
381 /* no data; send a keepalive packet */
382 static const char buf[] = "0005\1";
383 write_or_die(1, buf, sizeof(buf) - 1);
384 continue;
385 } /* else there is actual data to read */
386 }
387
388 sz = xread(in, data, sizeof(data));
389 if (sz <= 0)
390 break;
391
392 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
393 const char *p = memchr(data, '\0', sz);
394 if (p) {
395 /*
396 * The NUL tells us to start sending keepalives. Make
397 * sure we send any other data we read along
398 * with it.
399 */
400 keepalive_active = 1;
401 send_sideband(1, 2, data, p - data, use_sideband);
402 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
403 continue;
404 }
405 }
406
407 /*
408 * Either we're not looking for a NUL signal, or we didn't see
409 * it yet; just pass along the data.
410 */
411 send_sideband(1, 2, data, sz, use_sideband);
412 }
413 close(in);
414 return 0;
415}
416
417#define HMAC_BLOCK_SIZE 64
418
419static void hmac_sha1(unsigned char *out,
420 const char *key_in, size_t key_len,
421 const char *text, size_t text_len)
422{
423 unsigned char key[HMAC_BLOCK_SIZE];
424 unsigned char k_ipad[HMAC_BLOCK_SIZE];
425 unsigned char k_opad[HMAC_BLOCK_SIZE];
426 int i;
427 git_SHA_CTX ctx;
428
429 /* RFC 2104 2. (1) */
430 memset(key, '\0', HMAC_BLOCK_SIZE);
431 if (HMAC_BLOCK_SIZE < key_len) {
432 git_SHA1_Init(&ctx);
433 git_SHA1_Update(&ctx, key_in, key_len);
434 git_SHA1_Final(key, &ctx);
435 } else {
436 memcpy(key, key_in, key_len);
437 }
438
439 /* RFC 2104 2. (2) & (5) */
440 for (i = 0; i < sizeof(key); i++) {
441 k_ipad[i] = key[i] ^ 0x36;
442 k_opad[i] = key[i] ^ 0x5c;
443 }
444
445 /* RFC 2104 2. (3) & (4) */
446 git_SHA1_Init(&ctx);
447 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
448 git_SHA1_Update(&ctx, text, text_len);
449 git_SHA1_Final(out, &ctx);
450
451 /* RFC 2104 2. (6) & (7) */
452 git_SHA1_Init(&ctx);
453 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
454 git_SHA1_Update(&ctx, out, 20);
455 git_SHA1_Final(out, &ctx);
456}
457
458static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
459{
460 struct strbuf buf = STRBUF_INIT;
461 unsigned char sha1[20];
462
463 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
464 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
465 strbuf_release(&buf);
466
467 /* RFC 2104 5. HMAC-SHA1-80 */
468 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
469 return strbuf_detach(&buf, NULL);
470}
471
472/*
473 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
474 * after dropping "_commit" from its name and possibly moving it out
475 * of commit.c
476 */
477static char *find_header(const char *msg, size_t len, const char *key,
478 const char **next_line)
479{
480 int key_len = strlen(key);
481 const char *line = msg;
482
483 while (line && line < msg + len) {
484 const char *eol = strchrnul(line, '\n');
485
486 if ((msg + len <= eol) || line == eol)
487 return NULL;
488 if (line + key_len < eol &&
489 !memcmp(line, key, key_len) && line[key_len] == ' ') {
490 int offset = key_len + 1;
491 if (next_line)
492 *next_line = *eol ? eol + 1 : eol;
493 return xmemdupz(line + offset, (eol - line) - offset);
494 }
495 line = *eol ? eol + 1 : NULL;
496 }
497 return NULL;
498}
499
500static const char *check_nonce(const char *buf, size_t len)
501{
502 char *nonce = find_header(buf, len, "nonce", NULL);
503 timestamp_t stamp, ostamp;
504 char *bohmac, *expect = NULL;
505 const char *retval = NONCE_BAD;
506
507 if (!nonce) {
508 retval = NONCE_MISSING;
509 goto leave;
510 } else if (!push_cert_nonce) {
511 retval = NONCE_UNSOLICITED;
512 goto leave;
513 } else if (!strcmp(push_cert_nonce, nonce)) {
514 retval = NONCE_OK;
515 goto leave;
516 }
517
518 if (!stateless_rpc) {
519 /* returned nonce MUST match what we gave out earlier */
520 retval = NONCE_BAD;
521 goto leave;
522 }
523
524 /*
525 * In stateless mode, we may be receiving a nonce issued by
526 * another instance of the server that serving the same
527 * repository, and the timestamps may not match, but the
528 * nonce-seed and dir should match, so we can recompute and
529 * report the time slop.
530 *
531 * In addition, when a nonce issued by another instance has
532 * timestamp within receive.certnonceslop seconds, we pretend
533 * as if we issued that nonce when reporting to the hook.
534 */
535
536 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
537 if (*nonce <= '0' || '9' < *nonce) {
538 retval = NONCE_BAD;
539 goto leave;
540 }
541 stamp = parse_timestamp(nonce, &bohmac, 10);
542 if (bohmac == nonce || bohmac[0] != '-') {
543 retval = NONCE_BAD;
544 goto leave;
545 }
546
547 expect = prepare_push_cert_nonce(service_dir, stamp);
548 if (strcmp(expect, nonce)) {
549 /* Not what we would have signed earlier */
550 retval = NONCE_BAD;
551 goto leave;
552 }
553
554 /*
555 * By how many seconds is this nonce stale? Negative value
556 * would mean it was issued by another server with its clock
557 * skewed in the future.
558 */
559 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
560 nonce_stamp_slop = (long)ostamp - (long)stamp;
561
562 if (nonce_stamp_slop_limit &&
563 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
564 /*
565 * Pretend as if the received nonce (which passes the
566 * HMAC check, so it is not a forged by third-party)
567 * is what we issued.
568 */
569 free((void *)push_cert_nonce);
570 push_cert_nonce = xstrdup(nonce);
571 retval = NONCE_OK;
572 } else {
573 retval = NONCE_SLOP;
574 }
575
576leave:
577 free(nonce);
578 free(expect);
579 return retval;
580}
581
582/*
583 * Return 1 if there is no push_cert or if the push options in push_cert are
584 * the same as those in the argument; 0 otherwise.
585 */
586static int check_cert_push_options(const struct string_list *push_options)
587{
588 const char *buf = push_cert.buf;
589 int len = push_cert.len;
590
591 char *option;
592 const char *next_line;
593 int options_seen = 0;
594
595 int retval = 1;
596
597 if (!len)
598 return 1;
599
600 while ((option = find_header(buf, len, "push-option", &next_line))) {
601 len -= (next_line - buf);
602 buf = next_line;
603 options_seen++;
604 if (options_seen > push_options->nr
605 || strcmp(option,
606 push_options->items[options_seen - 1].string)) {
607 retval = 0;
608 goto leave;
609 }
610 free(option);
611 }
612
613 if (options_seen != push_options->nr)
614 retval = 0;
615
616leave:
617 free(option);
618 return retval;
619}
620
621static void prepare_push_cert_sha1(struct child_process *proc)
622{
623 static int already_done;
624
625 if (!push_cert.len)
626 return;
627
628 if (!already_done) {
629 struct strbuf gpg_output = STRBUF_INIT;
630 struct strbuf gpg_status = STRBUF_INIT;
631 int bogs /* beginning_of_gpg_sig */;
632
633 already_done = 1;
634 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
635 hashclr(push_cert_sha1);
636
637 memset(&sigcheck, '\0', sizeof(sigcheck));
638 sigcheck.result = 'N';
639
640 bogs = parse_signature(push_cert.buf, push_cert.len);
641 if (verify_signed_buffer(push_cert.buf, bogs,
642 push_cert.buf + bogs, push_cert.len - bogs,
643 &gpg_output, &gpg_status) < 0) {
644 ; /* error running gpg */
645 } else {
646 sigcheck.payload = push_cert.buf;
647 sigcheck.gpg_output = gpg_output.buf;
648 sigcheck.gpg_status = gpg_status.buf;
649 parse_gpg_output(&sigcheck);
650 }
651
652 strbuf_release(&gpg_output);
653 strbuf_release(&gpg_status);
654 nonce_status = check_nonce(push_cert.buf, bogs);
655 }
656 if (!is_null_sha1(push_cert_sha1)) {
657 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
658 sha1_to_hex(push_cert_sha1));
659 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
660 sigcheck.signer ? sigcheck.signer : "");
661 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
662 sigcheck.key ? sigcheck.key : "");
663 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
664 sigcheck.result);
665 if (push_cert_nonce) {
666 argv_array_pushf(&proc->env_array,
667 "GIT_PUSH_CERT_NONCE=%s",
668 push_cert_nonce);
669 argv_array_pushf(&proc->env_array,
670 "GIT_PUSH_CERT_NONCE_STATUS=%s",
671 nonce_status);
672 if (nonce_status == NONCE_SLOP)
673 argv_array_pushf(&proc->env_array,
674 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
675 nonce_stamp_slop);
676 }
677 }
678}
679
680struct receive_hook_feed_state {
681 struct command *cmd;
682 int skip_broken;
683 struct strbuf buf;
684 const struct string_list *push_options;
685};
686
687typedef int (*feed_fn)(void *, const char **, size_t *);
688static int run_and_feed_hook(const char *hook_name, feed_fn feed,
689 struct receive_hook_feed_state *feed_state)
690{
691 struct child_process proc = CHILD_PROCESS_INIT;
692 struct async muxer;
693 const char *argv[2];
694 int code;
695
696 argv[0] = find_hook(hook_name);
697 if (!argv[0])
698 return 0;
699
700 argv[1] = NULL;
701
702 proc.argv = argv;
703 proc.in = -1;
704 proc.stdout_to_stderr = 1;
705 if (feed_state->push_options) {
706 int i;
707 for (i = 0; i < feed_state->push_options->nr; i++)
708 argv_array_pushf(&proc.env_array,
709 "GIT_PUSH_OPTION_%d=%s", i,
710 feed_state->push_options->items[i].string);
711 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
712 feed_state->push_options->nr);
713 } else
714 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
715
716 if (tmp_objdir)
717 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
718
719 if (use_sideband) {
720 memset(&muxer, 0, sizeof(muxer));
721 muxer.proc = copy_to_sideband;
722 muxer.in = -1;
723 code = start_async(&muxer);
724 if (code)
725 return code;
726 proc.err = muxer.in;
727 }
728
729 prepare_push_cert_sha1(&proc);
730
731 code = start_command(&proc);
732 if (code) {
733 if (use_sideband)
734 finish_async(&muxer);
735 return code;
736 }
737
738 sigchain_push(SIGPIPE, SIG_IGN);
739
740 while (1) {
741 const char *buf;
742 size_t n;
743 if (feed(feed_state, &buf, &n))
744 break;
745 if (write_in_full(proc.in, buf, n) != n)
746 break;
747 }
748 close(proc.in);
749 if (use_sideband)
750 finish_async(&muxer);
751
752 sigchain_pop(SIGPIPE);
753
754 return finish_command(&proc);
755}
756
757static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
758{
759 struct receive_hook_feed_state *state = state_;
760 struct command *cmd = state->cmd;
761
762 while (cmd &&
763 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
764 cmd = cmd->next;
765 if (!cmd)
766 return -1; /* EOF */
767 strbuf_reset(&state->buf);
768 strbuf_addf(&state->buf, "%s %s %s\n",
769 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
770 cmd->ref_name);
771 state->cmd = cmd->next;
772 if (bufp) {
773 *bufp = state->buf.buf;
774 *sizep = state->buf.len;
775 }
776 return 0;
777}
778
779static int run_receive_hook(struct command *commands,
780 const char *hook_name,
781 int skip_broken,
782 const struct string_list *push_options)
783{
784 struct receive_hook_feed_state state;
785 int status;
786
787 strbuf_init(&state.buf, 0);
788 state.cmd = commands;
789 state.skip_broken = skip_broken;
790 if (feed_receive_hook(&state, NULL, NULL))
791 return 0;
792 state.cmd = commands;
793 state.push_options = push_options;
794 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
795 strbuf_release(&state.buf);
796 return status;
797}
798
799static int run_update_hook(struct command *cmd)
800{
801 const char *argv[5];
802 struct child_process proc = CHILD_PROCESS_INIT;
803 int code;
804
805 argv[0] = find_hook("update");
806 if (!argv[0])
807 return 0;
808
809 argv[1] = cmd->ref_name;
810 argv[2] = oid_to_hex(&cmd->old_oid);
811 argv[3] = oid_to_hex(&cmd->new_oid);
812 argv[4] = NULL;
813
814 proc.no_stdin = 1;
815 proc.stdout_to_stderr = 1;
816 proc.err = use_sideband ? -1 : 0;
817 proc.argv = argv;
818
819 code = start_command(&proc);
820 if (code)
821 return code;
822 if (use_sideband)
823 copy_to_sideband(proc.err, -1, NULL);
824 return finish_command(&proc);
825}
826
827static int is_ref_checked_out(const char *ref)
828{
829 if (is_bare_repository())
830 return 0;
831
832 if (!head_name)
833 return 0;
834 return !strcmp(head_name, ref);
835}
836
837static char *refuse_unconfigured_deny_msg =
838 N_("By default, updating the current branch in a non-bare repository\n"
839 "is denied, because it will make the index and work tree inconsistent\n"
840 "with what you pushed, and will require 'git reset --hard' to match\n"
841 "the work tree to HEAD.\n"
842 "\n"
843 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
844 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
845 "its current branch; however, this is not recommended unless you\n"
846 "arranged to update its work tree to match what you pushed in some\n"
847 "other way.\n"
848 "\n"
849 "To squelch this message and still keep the default behaviour, set\n"
850 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
851
852static void refuse_unconfigured_deny(void)
853{
854 rp_error("%s", _(refuse_unconfigured_deny_msg));
855}
856
857static char *refuse_unconfigured_deny_delete_current_msg =
858 N_("By default, deleting the current branch is denied, because the next\n"
859 "'git clone' won't result in any file checked out, causing confusion.\n"
860 "\n"
861 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
862 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
863 "current branch, with or without a warning message.\n"
864 "\n"
865 "To squelch this message, you can set it to 'refuse'.");
866
867static void refuse_unconfigured_deny_delete_current(void)
868{
869 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
870}
871
872static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
873static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
874{
875 static struct lock_file shallow_lock;
876 struct oid_array extra = OID_ARRAY_INIT;
877 struct check_connected_options opt = CHECK_CONNECTED_INIT;
878 uint32_t mask = 1 << (cmd->index % 32);
879 int i;
880
881 trace_printf_key(&trace_shallow,
882 "shallow: update_shallow_ref %s\n", cmd->ref_name);
883 for (i = 0; i < si->shallow->nr; i++)
884 if (si->used_shallow[i] &&
885 (si->used_shallow[i][cmd->index / 32] & mask) &&
886 !delayed_reachability_test(si, i))
887 oid_array_append(&extra, &si->shallow->oid[i]);
888
889 opt.env = tmp_objdir_env(tmp_objdir);
890 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
891 if (check_connected(command_singleton_iterator, cmd, &opt)) {
892 rollback_lock_file(&shallow_lock);
893 oid_array_clear(&extra);
894 return -1;
895 }
896
897 commit_lock_file(&shallow_lock);
898
899 /*
900 * Make sure setup_alternate_shallow() for the next ref does
901 * not lose these new roots..
902 */
903 for (i = 0; i < extra.nr; i++)
904 register_shallow(&extra.oid[i]);
905
906 si->shallow_ref[cmd->index] = 0;
907 oid_array_clear(&extra);
908 return 0;
909}
910
911/*
912 * NEEDSWORK: we should consolidate various implementions of "are we
913 * on an unborn branch?" test into one, and make the unified one more
914 * robust. !get_sha1() based check used here and elsewhere would not
915 * allow us to tell an unborn branch from corrupt ref, for example.
916 * For the purpose of fixing "deploy-to-update does not work when
917 * pushing into an empty repository" issue, this should suffice for
918 * now.
919 */
920static int head_has_history(void)
921{
922 struct object_id oid;
923
924 return !get_oid("HEAD", &oid);
925}
926
927static const char *push_to_deploy(unsigned char *sha1,
928 struct argv_array *env,
929 const char *work_tree)
930{
931 const char *update_refresh[] = {
932 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
933 };
934 const char *diff_files[] = {
935 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
936 };
937 const char *diff_index[] = {
938 "diff-index", "--quiet", "--cached", "--ignore-submodules",
939 NULL, "--", NULL
940 };
941 const char *read_tree[] = {
942 "read-tree", "-u", "-m", NULL, NULL
943 };
944 struct child_process child = CHILD_PROCESS_INIT;
945
946 child.argv = update_refresh;
947 child.env = env->argv;
948 child.dir = work_tree;
949 child.no_stdin = 1;
950 child.stdout_to_stderr = 1;
951 child.git_cmd = 1;
952 if (run_command(&child))
953 return "Up-to-date check failed";
954
955 /* run_command() does not clean up completely; reinitialize */
956 child_process_init(&child);
957 child.argv = diff_files;
958 child.env = env->argv;
959 child.dir = work_tree;
960 child.no_stdin = 1;
961 child.stdout_to_stderr = 1;
962 child.git_cmd = 1;
963 if (run_command(&child))
964 return "Working directory has unstaged changes";
965
966 /* diff-index with either HEAD or an empty tree */
967 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
968
969 child_process_init(&child);
970 child.argv = diff_index;
971 child.env = env->argv;
972 child.no_stdin = 1;
973 child.no_stdout = 1;
974 child.stdout_to_stderr = 0;
975 child.git_cmd = 1;
976 if (run_command(&child))
977 return "Working directory has staged changes";
978
979 read_tree[3] = sha1_to_hex(sha1);
980 child_process_init(&child);
981 child.argv = read_tree;
982 child.env = env->argv;
983 child.dir = work_tree;
984 child.no_stdin = 1;
985 child.no_stdout = 1;
986 child.stdout_to_stderr = 0;
987 child.git_cmd = 1;
988 if (run_command(&child))
989 return "Could not update working tree to new HEAD";
990
991 return NULL;
992}
993
994static const char *push_to_checkout_hook = "push-to-checkout";
995
996static const char *push_to_checkout(unsigned char *sha1,
997 struct argv_array *env,
998 const char *work_tree)
999{
1000 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1001 if (run_hook_le(env->argv, push_to_checkout_hook,
1002 sha1_to_hex(sha1), NULL))
1003 return "push-to-checkout hook declined";
1004 else
1005 return NULL;
1006}
1007
1008static const char *update_worktree(unsigned char *sha1)
1009{
1010 const char *retval;
1011 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1012 struct argv_array env = ARGV_ARRAY_INIT;
1013
1014 if (is_bare_repository())
1015 return "denyCurrentBranch = updateInstead needs a worktree";
1016
1017 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1018
1019 if (!find_hook(push_to_checkout_hook))
1020 retval = push_to_deploy(sha1, &env, work_tree);
1021 else
1022 retval = push_to_checkout(sha1, &env, work_tree);
1023
1024 argv_array_clear(&env);
1025 return retval;
1026}
1027
1028static const char *update(struct command *cmd, struct shallow_info *si)
1029{
1030 const char *name = cmd->ref_name;
1031 struct strbuf namespaced_name_buf = STRBUF_INIT;
1032 static char *namespaced_name;
1033 const char *ret;
1034 struct object_id *old_oid = &cmd->old_oid;
1035 struct object_id *new_oid = &cmd->new_oid;
1036
1037 /* only refs/... are allowed */
1038 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1039 rp_error("refusing to create funny ref '%s' remotely", name);
1040 return "funny refname";
1041 }
1042
1043 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1044 free(namespaced_name);
1045 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1046
1047 if (is_ref_checked_out(namespaced_name)) {
1048 switch (deny_current_branch) {
1049 case DENY_IGNORE:
1050 break;
1051 case DENY_WARN:
1052 rp_warning("updating the current branch");
1053 break;
1054 case DENY_REFUSE:
1055 case DENY_UNCONFIGURED:
1056 rp_error("refusing to update checked out branch: %s", name);
1057 if (deny_current_branch == DENY_UNCONFIGURED)
1058 refuse_unconfigured_deny();
1059 return "branch is currently checked out";
1060 case DENY_UPDATE_INSTEAD:
1061 ret = update_worktree(new_oid->hash);
1062 if (ret)
1063 return ret;
1064 break;
1065 }
1066 }
1067
1068 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1069 error("unpack should have generated %s, "
1070 "but I can't find it!", oid_to_hex(new_oid));
1071 return "bad pack";
1072 }
1073
1074 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1075 if (deny_deletes && starts_with(name, "refs/heads/")) {
1076 rp_error("denying ref deletion for %s", name);
1077 return "deletion prohibited";
1078 }
1079
1080 if (head_name && !strcmp(namespaced_name, head_name)) {
1081 switch (deny_delete_current) {
1082 case DENY_IGNORE:
1083 break;
1084 case DENY_WARN:
1085 rp_warning("deleting the current branch");
1086 break;
1087 case DENY_REFUSE:
1088 case DENY_UNCONFIGURED:
1089 case DENY_UPDATE_INSTEAD:
1090 if (deny_delete_current == DENY_UNCONFIGURED)
1091 refuse_unconfigured_deny_delete_current();
1092 rp_error("refusing to delete the current branch: %s", name);
1093 return "deletion of the current branch prohibited";
1094 default:
1095 return "Invalid denyDeleteCurrent setting";
1096 }
1097 }
1098 }
1099
1100 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1101 !is_null_oid(old_oid) &&
1102 starts_with(name, "refs/heads/")) {
1103 struct object *old_object, *new_object;
1104 struct commit *old_commit, *new_commit;
1105
1106 old_object = parse_object(old_oid);
1107 new_object = parse_object(new_oid);
1108
1109 if (!old_object || !new_object ||
1110 old_object->type != OBJ_COMMIT ||
1111 new_object->type != OBJ_COMMIT) {
1112 error("bad sha1 objects for %s", name);
1113 return "bad ref";
1114 }
1115 old_commit = (struct commit *)old_object;
1116 new_commit = (struct commit *)new_object;
1117 if (!in_merge_bases(old_commit, new_commit)) {
1118 rp_error("denying non-fast-forward %s"
1119 " (you should pull first)", name);
1120 return "non-fast-forward";
1121 }
1122 }
1123 if (run_update_hook(cmd)) {
1124 rp_error("hook declined to update %s", name);
1125 return "hook declined";
1126 }
1127
1128 if (is_null_oid(new_oid)) {
1129 struct strbuf err = STRBUF_INIT;
1130 if (!parse_object(old_oid)) {
1131 old_oid = NULL;
1132 if (ref_exists(name)) {
1133 rp_warning("Allowing deletion of corrupt ref.");
1134 } else {
1135 rp_warning("Deleting a non-existent ref.");
1136 cmd->did_not_exist = 1;
1137 }
1138 }
1139 if (ref_transaction_delete(transaction,
1140 namespaced_name,
1141 old_oid ? old_oid->hash : NULL,
1142 0, "push", &err)) {
1143 rp_error("%s", err.buf);
1144 strbuf_release(&err);
1145 return "failed to delete";
1146 }
1147 strbuf_release(&err);
1148 return NULL; /* good */
1149 }
1150 else {
1151 struct strbuf err = STRBUF_INIT;
1152 if (shallow_update && si->shallow_ref[cmd->index] &&
1153 update_shallow_ref(cmd, si))
1154 return "shallow error";
1155
1156 if (ref_transaction_update(transaction,
1157 namespaced_name,
1158 new_oid->hash, old_oid->hash,
1159 0, "push",
1160 &err)) {
1161 rp_error("%s", err.buf);
1162 strbuf_release(&err);
1163
1164 return "failed to update ref";
1165 }
1166 strbuf_release(&err);
1167
1168 return NULL; /* good */
1169 }
1170}
1171
1172static void run_update_post_hook(struct command *commands)
1173{
1174 struct command *cmd;
1175 struct child_process proc = CHILD_PROCESS_INIT;
1176 const char *hook;
1177
1178 hook = find_hook("post-update");
1179 if (!hook)
1180 return;
1181
1182 for (cmd = commands; cmd; cmd = cmd->next) {
1183 if (cmd->error_string || cmd->did_not_exist)
1184 continue;
1185 if (!proc.args.argc)
1186 argv_array_push(&proc.args, hook);
1187 argv_array_push(&proc.args, cmd->ref_name);
1188 }
1189 if (!proc.args.argc)
1190 return;
1191
1192 proc.no_stdin = 1;
1193 proc.stdout_to_stderr = 1;
1194 proc.err = use_sideband ? -1 : 0;
1195
1196 if (!start_command(&proc)) {
1197 if (use_sideband)
1198 copy_to_sideband(proc.err, -1, NULL);
1199 finish_command(&proc);
1200 }
1201}
1202
1203static void check_aliased_update(struct command *cmd, struct string_list *list)
1204{
1205 struct strbuf buf = STRBUF_INIT;
1206 const char *dst_name;
1207 struct string_list_item *item;
1208 struct command *dst_cmd;
1209 unsigned char sha1[GIT_MAX_RAWSZ];
1210 int flag;
1211
1212 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1213 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1214 strbuf_release(&buf);
1215
1216 if (!(flag & REF_ISSYMREF))
1217 return;
1218
1219 if (!dst_name) {
1220 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1221 cmd->skip_update = 1;
1222 cmd->error_string = "broken symref";
1223 return;
1224 }
1225 dst_name = strip_namespace(dst_name);
1226
1227 if ((item = string_list_lookup(list, dst_name)) == NULL)
1228 return;
1229
1230 cmd->skip_update = 1;
1231
1232 dst_cmd = (struct command *) item->util;
1233
1234 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1235 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1236 return;
1237
1238 dst_cmd->skip_update = 1;
1239
1240 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1241 " its target '%s' (%s..%s)",
1242 cmd->ref_name,
1243 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1244 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1245 dst_cmd->ref_name,
1246 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1247 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1248
1249 cmd->error_string = dst_cmd->error_string =
1250 "inconsistent aliased update";
1251}
1252
1253static void check_aliased_updates(struct command *commands)
1254{
1255 struct command *cmd;
1256 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1257
1258 for (cmd = commands; cmd; cmd = cmd->next) {
1259 struct string_list_item *item =
1260 string_list_append(&ref_list, cmd->ref_name);
1261 item->util = (void *)cmd;
1262 }
1263 string_list_sort(&ref_list);
1264
1265 for (cmd = commands; cmd; cmd = cmd->next) {
1266 if (!cmd->error_string)
1267 check_aliased_update(cmd, &ref_list);
1268 }
1269
1270 string_list_clear(&ref_list, 0);
1271}
1272
1273static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1274{
1275 struct command **cmd_list = cb_data;
1276 struct command *cmd = *cmd_list;
1277
1278 if (!cmd || is_null_oid(&cmd->new_oid))
1279 return -1; /* end of list */
1280 *cmd_list = NULL; /* this returns only one */
1281 hashcpy(sha1, cmd->new_oid.hash);
1282 return 0;
1283}
1284
1285static void set_connectivity_errors(struct command *commands,
1286 struct shallow_info *si)
1287{
1288 struct command *cmd;
1289
1290 for (cmd = commands; cmd; cmd = cmd->next) {
1291 struct command *singleton = cmd;
1292 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1293
1294 if (shallow_update && si->shallow_ref[cmd->index])
1295 /* to be checked in update_shallow_ref() */
1296 continue;
1297
1298 opt.env = tmp_objdir_env(tmp_objdir);
1299 if (!check_connected(command_singleton_iterator, &singleton,
1300 &opt))
1301 continue;
1302
1303 cmd->error_string = "missing necessary objects";
1304 }
1305}
1306
1307struct iterate_data {
1308 struct command *cmds;
1309 struct shallow_info *si;
1310};
1311
1312static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1313{
1314 struct iterate_data *data = cb_data;
1315 struct command **cmd_list = &data->cmds;
1316 struct command *cmd = *cmd_list;
1317
1318 for (; cmd; cmd = cmd->next) {
1319 if (shallow_update && data->si->shallow_ref[cmd->index])
1320 /* to be checked in update_shallow_ref() */
1321 continue;
1322 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1323 hashcpy(sha1, cmd->new_oid.hash);
1324 *cmd_list = cmd->next;
1325 return 0;
1326 }
1327 }
1328 *cmd_list = NULL;
1329 return -1; /* end of list */
1330}
1331
1332static void reject_updates_to_hidden(struct command *commands)
1333{
1334 struct strbuf refname_full = STRBUF_INIT;
1335 size_t prefix_len;
1336 struct command *cmd;
1337
1338 strbuf_addstr(&refname_full, get_git_namespace());
1339 prefix_len = refname_full.len;
1340
1341 for (cmd = commands; cmd; cmd = cmd->next) {
1342 if (cmd->error_string)
1343 continue;
1344
1345 strbuf_setlen(&refname_full, prefix_len);
1346 strbuf_addstr(&refname_full, cmd->ref_name);
1347
1348 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1349 continue;
1350 if (is_null_oid(&cmd->new_oid))
1351 cmd->error_string = "deny deleting a hidden ref";
1352 else
1353 cmd->error_string = "deny updating a hidden ref";
1354 }
1355
1356 strbuf_release(&refname_full);
1357}
1358
1359static int should_process_cmd(struct command *cmd)
1360{
1361 return !cmd->error_string && !cmd->skip_update;
1362}
1363
1364static void warn_if_skipped_connectivity_check(struct command *commands,
1365 struct shallow_info *si)
1366{
1367 struct command *cmd;
1368 int checked_connectivity = 1;
1369
1370 for (cmd = commands; cmd; cmd = cmd->next) {
1371 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1372 error("BUG: connectivity check has not been run on ref %s",
1373 cmd->ref_name);
1374 checked_connectivity = 0;
1375 }
1376 }
1377 if (!checked_connectivity)
1378 die("BUG: connectivity check skipped???");
1379}
1380
1381static void execute_commands_non_atomic(struct command *commands,
1382 struct shallow_info *si)
1383{
1384 struct command *cmd;
1385 struct strbuf err = STRBUF_INIT;
1386
1387 for (cmd = commands; cmd; cmd = cmd->next) {
1388 if (!should_process_cmd(cmd))
1389 continue;
1390
1391 transaction = ref_transaction_begin(&err);
1392 if (!transaction) {
1393 rp_error("%s", err.buf);
1394 strbuf_reset(&err);
1395 cmd->error_string = "transaction failed to start";
1396 continue;
1397 }
1398
1399 cmd->error_string = update(cmd, si);
1400
1401 if (!cmd->error_string
1402 && ref_transaction_commit(transaction, &err)) {
1403 rp_error("%s", err.buf);
1404 strbuf_reset(&err);
1405 cmd->error_string = "failed to update ref";
1406 }
1407 ref_transaction_free(transaction);
1408 }
1409 strbuf_release(&err);
1410}
1411
1412static void execute_commands_atomic(struct command *commands,
1413 struct shallow_info *si)
1414{
1415 struct command *cmd;
1416 struct strbuf err = STRBUF_INIT;
1417 const char *reported_error = "atomic push failure";
1418
1419 transaction = ref_transaction_begin(&err);
1420 if (!transaction) {
1421 rp_error("%s", err.buf);
1422 strbuf_reset(&err);
1423 reported_error = "transaction failed to start";
1424 goto failure;
1425 }
1426
1427 for (cmd = commands; cmd; cmd = cmd->next) {
1428 if (!should_process_cmd(cmd))
1429 continue;
1430
1431 cmd->error_string = update(cmd, si);
1432
1433 if (cmd->error_string)
1434 goto failure;
1435 }
1436
1437 if (ref_transaction_commit(transaction, &err)) {
1438 rp_error("%s", err.buf);
1439 reported_error = "atomic transaction failed";
1440 goto failure;
1441 }
1442 goto cleanup;
1443
1444failure:
1445 for (cmd = commands; cmd; cmd = cmd->next)
1446 if (!cmd->error_string)
1447 cmd->error_string = reported_error;
1448
1449cleanup:
1450 ref_transaction_free(transaction);
1451 strbuf_release(&err);
1452}
1453
1454static void execute_commands(struct command *commands,
1455 const char *unpacker_error,
1456 struct shallow_info *si,
1457 const struct string_list *push_options)
1458{
1459 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1460 struct command *cmd;
1461 struct object_id oid;
1462 struct iterate_data data;
1463 struct async muxer;
1464 int err_fd = 0;
1465
1466 if (unpacker_error) {
1467 for (cmd = commands; cmd; cmd = cmd->next)
1468 cmd->error_string = "unpacker error";
1469 return;
1470 }
1471
1472 if (use_sideband) {
1473 memset(&muxer, 0, sizeof(muxer));
1474 muxer.proc = copy_to_sideband;
1475 muxer.in = -1;
1476 if (!start_async(&muxer))
1477 err_fd = muxer.in;
1478 /* ...else, continue without relaying sideband */
1479 }
1480
1481 data.cmds = commands;
1482 data.si = si;
1483 opt.err_fd = err_fd;
1484 opt.progress = err_fd && !quiet;
1485 opt.env = tmp_objdir_env(tmp_objdir);
1486 if (check_connected(iterate_receive_command_list, &data, &opt))
1487 set_connectivity_errors(commands, si);
1488
1489 if (use_sideband)
1490 finish_async(&muxer);
1491
1492 reject_updates_to_hidden(commands);
1493
1494 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1495 for (cmd = commands; cmd; cmd = cmd->next) {
1496 if (!cmd->error_string)
1497 cmd->error_string = "pre-receive hook declined";
1498 }
1499 return;
1500 }
1501
1502 /*
1503 * Now we'll start writing out refs, which means the objects need
1504 * to be in their final positions so that other processes can see them.
1505 */
1506 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1507 for (cmd = commands; cmd; cmd = cmd->next) {
1508 if (!cmd->error_string)
1509 cmd->error_string = "unable to migrate objects to permanent storage";
1510 }
1511 return;
1512 }
1513 tmp_objdir = NULL;
1514
1515 check_aliased_updates(commands);
1516
1517 free(head_name_to_free);
1518 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1519
1520 if (use_atomic)
1521 execute_commands_atomic(commands, si);
1522 else
1523 execute_commands_non_atomic(commands, si);
1524
1525 if (shallow_update)
1526 warn_if_skipped_connectivity_check(commands, si);
1527}
1528
1529static struct command **queue_command(struct command **tail,
1530 const char *line,
1531 int linelen)
1532{
1533 struct object_id old_oid, new_oid;
1534 struct command *cmd;
1535 const char *refname;
1536 int reflen;
1537 const char *p;
1538
1539 if (parse_oid_hex(line, &old_oid, &p) ||
1540 *p++ != ' ' ||
1541 parse_oid_hex(p, &new_oid, &p) ||
1542 *p++ != ' ')
1543 die("protocol error: expected old/new/ref, got '%s'", line);
1544
1545 refname = p;
1546 reflen = linelen - (p - line);
1547 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1548 oidcpy(&cmd->old_oid, &old_oid);
1549 oidcpy(&cmd->new_oid, &new_oid);
1550 *tail = cmd;
1551 return &cmd->next;
1552}
1553
1554static void queue_commands_from_cert(struct command **tail,
1555 struct strbuf *push_cert)
1556{
1557 const char *boc, *eoc;
1558
1559 if (*tail)
1560 die("protocol error: got both push certificate and unsigned commands");
1561
1562 boc = strstr(push_cert->buf, "\n\n");
1563 if (!boc)
1564 die("malformed push certificate %.*s", 100, push_cert->buf);
1565 else
1566 boc += 2;
1567 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1568
1569 while (boc < eoc) {
1570 const char *eol = memchr(boc, '\n', eoc - boc);
1571 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1572 boc = eol ? eol + 1 : eoc;
1573 }
1574}
1575
1576static struct command *read_head_info(struct oid_array *shallow)
1577{
1578 struct command *commands = NULL;
1579 struct command **p = &commands;
1580 for (;;) {
1581 char *line;
1582 int len, linelen;
1583
1584 line = packet_read_line(0, &len);
1585 if (!line)
1586 break;
1587
1588 if (len > 8 && starts_with(line, "shallow ")) {
1589 struct object_id oid;
1590 if (get_oid_hex(line + 8, &oid))
1591 die("protocol error: expected shallow sha, got '%s'",
1592 line + 8);
1593 oid_array_append(shallow, &oid);
1594 continue;
1595 }
1596
1597 linelen = strlen(line);
1598 if (linelen < len) {
1599 const char *feature_list = line + linelen + 1;
1600 if (parse_feature_request(feature_list, "report-status"))
1601 report_status = 1;
1602 if (parse_feature_request(feature_list, "side-band-64k"))
1603 use_sideband = LARGE_PACKET_MAX;
1604 if (parse_feature_request(feature_list, "quiet"))
1605 quiet = 1;
1606 if (advertise_atomic_push
1607 && parse_feature_request(feature_list, "atomic"))
1608 use_atomic = 1;
1609 if (advertise_push_options
1610 && parse_feature_request(feature_list, "push-options"))
1611 use_push_options = 1;
1612 }
1613
1614 if (!strcmp(line, "push-cert")) {
1615 int true_flush = 0;
1616 char certbuf[1024];
1617
1618 for (;;) {
1619 len = packet_read(0, NULL, NULL,
1620 certbuf, sizeof(certbuf), 0);
1621 if (!len) {
1622 true_flush = 1;
1623 break;
1624 }
1625 if (!strcmp(certbuf, "push-cert-end\n"))
1626 break; /* end of cert */
1627 strbuf_addstr(&push_cert, certbuf);
1628 }
1629
1630 if (true_flush)
1631 break;
1632 continue;
1633 }
1634
1635 p = queue_command(p, line, linelen);
1636 }
1637
1638 if (push_cert.len)
1639 queue_commands_from_cert(p, &push_cert);
1640
1641 return commands;
1642}
1643
1644static void read_push_options(struct string_list *options)
1645{
1646 while (1) {
1647 char *line;
1648 int len;
1649
1650 line = packet_read_line(0, &len);
1651
1652 if (!line)
1653 break;
1654
1655 string_list_append(options, line);
1656 }
1657}
1658
1659static const char *parse_pack_header(struct pack_header *hdr)
1660{
1661 switch (read_pack_header(0, hdr)) {
1662 case PH_ERROR_EOF:
1663 return "eof before pack header was fully read";
1664
1665 case PH_ERROR_PACK_SIGNATURE:
1666 return "protocol error (pack signature mismatch detected)";
1667
1668 case PH_ERROR_PROTOCOL:
1669 return "protocol error (pack version unsupported)";
1670
1671 default:
1672 return "unknown error in parse_pack_header";
1673
1674 case 0:
1675 return NULL;
1676 }
1677}
1678
1679static const char *pack_lockfile;
1680
1681static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1682{
1683 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1684 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1685}
1686
1687static const char *unpack(int err_fd, struct shallow_info *si)
1688{
1689 struct pack_header hdr;
1690 const char *hdr_err;
1691 int status;
1692 struct child_process child = CHILD_PROCESS_INIT;
1693 int fsck_objects = (receive_fsck_objects >= 0
1694 ? receive_fsck_objects
1695 : transfer_fsck_objects >= 0
1696 ? transfer_fsck_objects
1697 : 0);
1698
1699 hdr_err = parse_pack_header(&hdr);
1700 if (hdr_err) {
1701 if (err_fd > 0)
1702 close(err_fd);
1703 return hdr_err;
1704 }
1705
1706 if (si->nr_ours || si->nr_theirs) {
1707 alt_shallow_file = setup_temporary_shallow(si->shallow);
1708 argv_array_push(&child.args, "--shallow-file");
1709 argv_array_push(&child.args, alt_shallow_file);
1710 }
1711
1712 tmp_objdir = tmp_objdir_create();
1713 if (!tmp_objdir) {
1714 if (err_fd > 0)
1715 close(err_fd);
1716 return "unable to create temporary object directory";
1717 }
1718 child.env = tmp_objdir_env(tmp_objdir);
1719
1720 /*
1721 * Normally we just pass the tmp_objdir environment to the child
1722 * processes that do the heavy lifting, but we may need to see these
1723 * objects ourselves to set up shallow information.
1724 */
1725 tmp_objdir_add_as_alternate(tmp_objdir);
1726
1727 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1728 argv_array_push(&child.args, "unpack-objects");
1729 push_header_arg(&child.args, &hdr);
1730 if (quiet)
1731 argv_array_push(&child.args, "-q");
1732 if (fsck_objects)
1733 argv_array_pushf(&child.args, "--strict%s",
1734 fsck_msg_types.buf);
1735 if (max_input_size)
1736 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1737 (uintmax_t)max_input_size);
1738 child.no_stdout = 1;
1739 child.err = err_fd;
1740 child.git_cmd = 1;
1741 status = run_command(&child);
1742 if (status)
1743 return "unpack-objects abnormal exit";
1744 } else {
1745 char hostname[HOST_NAME_MAX + 1];
1746
1747 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1748 push_header_arg(&child.args, &hdr);
1749
1750 if (xgethostname(hostname, sizeof(hostname)))
1751 xsnprintf(hostname, sizeof(hostname), "localhost");
1752 argv_array_pushf(&child.args,
1753 "--keep=receive-pack %"PRIuMAX" on %s",
1754 (uintmax_t)getpid(),
1755 hostname);
1756
1757 if (!quiet && err_fd)
1758 argv_array_push(&child.args, "--show-resolving-progress");
1759 if (use_sideband)
1760 argv_array_push(&child.args, "--report-end-of-input");
1761 if (fsck_objects)
1762 argv_array_pushf(&child.args, "--strict%s",
1763 fsck_msg_types.buf);
1764 if (!reject_thin)
1765 argv_array_push(&child.args, "--fix-thin");
1766 if (max_input_size)
1767 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1768 (uintmax_t)max_input_size);
1769 child.out = -1;
1770 child.err = err_fd;
1771 child.git_cmd = 1;
1772 status = start_command(&child);
1773 if (status)
1774 return "index-pack fork failed";
1775 pack_lockfile = index_pack_lockfile(child.out);
1776 close(child.out);
1777 status = finish_command(&child);
1778 if (status)
1779 return "index-pack abnormal exit";
1780 reprepare_packed_git();
1781 }
1782 return NULL;
1783}
1784
1785static const char *unpack_with_sideband(struct shallow_info *si)
1786{
1787 struct async muxer;
1788 const char *ret;
1789
1790 if (!use_sideband)
1791 return unpack(0, si);
1792
1793 use_keepalive = KEEPALIVE_AFTER_NUL;
1794 memset(&muxer, 0, sizeof(muxer));
1795 muxer.proc = copy_to_sideband;
1796 muxer.in = -1;
1797 if (start_async(&muxer))
1798 return NULL;
1799
1800 ret = unpack(muxer.in, si);
1801
1802 finish_async(&muxer);
1803 return ret;
1804}
1805
1806static void prepare_shallow_update(struct command *commands,
1807 struct shallow_info *si)
1808{
1809 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1810
1811 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1812 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1813
1814 si->need_reachability_test =
1815 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1816 si->reachable =
1817 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1818 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1819
1820 for (i = 0; i < si->nr_ours; i++)
1821 si->need_reachability_test[si->ours[i]] = 1;
1822
1823 for (i = 0; i < si->shallow->nr; i++) {
1824 if (!si->used_shallow[i])
1825 continue;
1826 for (j = 0; j < bitmap_size; j++) {
1827 if (!si->used_shallow[i][j])
1828 continue;
1829 si->need_reachability_test[i]++;
1830 for (k = 0; k < 32; k++)
1831 if (si->used_shallow[i][j] & (1U << k))
1832 si->shallow_ref[j * 32 + k]++;
1833 }
1834
1835 /*
1836 * true for those associated with some refs and belong
1837 * in "ours" list aka "step 7 not done yet"
1838 */
1839 si->need_reachability_test[i] =
1840 si->need_reachability_test[i] > 1;
1841 }
1842
1843 /*
1844 * keep hooks happy by forcing a temporary shallow file via
1845 * env variable because we can't add --shallow-file to every
1846 * command. check_everything_connected() will be done with
1847 * true .git/shallow though.
1848 */
1849 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1850}
1851
1852static void update_shallow_info(struct command *commands,
1853 struct shallow_info *si,
1854 struct oid_array *ref)
1855{
1856 struct command *cmd;
1857 int *ref_status;
1858 remove_nonexistent_theirs_shallow(si);
1859 if (!si->nr_ours && !si->nr_theirs) {
1860 shallow_update = 0;
1861 return;
1862 }
1863
1864 for (cmd = commands; cmd; cmd = cmd->next) {
1865 if (is_null_oid(&cmd->new_oid))
1866 continue;
1867 oid_array_append(ref, &cmd->new_oid);
1868 cmd->index = ref->nr - 1;
1869 }
1870 si->ref = ref;
1871
1872 if (shallow_update) {
1873 prepare_shallow_update(commands, si);
1874 return;
1875 }
1876
1877 ALLOC_ARRAY(ref_status, ref->nr);
1878 assign_shallow_commits_to_refs(si, NULL, ref_status);
1879 for (cmd = commands; cmd; cmd = cmd->next) {
1880 if (is_null_oid(&cmd->new_oid))
1881 continue;
1882 if (ref_status[cmd->index]) {
1883 cmd->error_string = "shallow update not allowed";
1884 cmd->skip_update = 1;
1885 }
1886 }
1887 free(ref_status);
1888}
1889
1890static void report(struct command *commands, const char *unpack_status)
1891{
1892 struct command *cmd;
1893 struct strbuf buf = STRBUF_INIT;
1894
1895 packet_buf_write(&buf, "unpack %s\n",
1896 unpack_status ? unpack_status : "ok");
1897 for (cmd = commands; cmd; cmd = cmd->next) {
1898 if (!cmd->error_string)
1899 packet_buf_write(&buf, "ok %s\n",
1900 cmd->ref_name);
1901 else
1902 packet_buf_write(&buf, "ng %s %s\n",
1903 cmd->ref_name, cmd->error_string);
1904 }
1905 packet_buf_flush(&buf);
1906
1907 if (use_sideband)
1908 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1909 else
1910 write_or_die(1, buf.buf, buf.len);
1911 strbuf_release(&buf);
1912}
1913
1914static int delete_only(struct command *commands)
1915{
1916 struct command *cmd;
1917 for (cmd = commands; cmd; cmd = cmd->next) {
1918 if (!is_null_oid(&cmd->new_oid))
1919 return 0;
1920 }
1921 return 1;
1922}
1923
1924int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1925{
1926 int advertise_refs = 0;
1927 struct command *commands;
1928 struct oid_array shallow = OID_ARRAY_INIT;
1929 struct oid_array ref = OID_ARRAY_INIT;
1930 struct shallow_info si;
1931
1932 struct option options[] = {
1933 OPT__QUIET(&quiet, N_("quiet")),
1934 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1935 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1936 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1937 OPT_END()
1938 };
1939
1940 packet_trace_identity("receive-pack");
1941
1942 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1943
1944 if (argc > 1)
1945 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1946 if (argc == 0)
1947 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1948
1949 service_dir = argv[0];
1950
1951 setup_path();
1952
1953 if (!enter_repo(service_dir, 0))
1954 die("'%s' does not appear to be a git repository", service_dir);
1955
1956 git_config(receive_pack_config, NULL);
1957 if (cert_nonce_seed)
1958 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1959
1960 if (0 <= transfer_unpack_limit)
1961 unpack_limit = transfer_unpack_limit;
1962 else if (0 <= receive_unpack_limit)
1963 unpack_limit = receive_unpack_limit;
1964
1965 if (advertise_refs || !stateless_rpc) {
1966 write_head_info();
1967 }
1968 if (advertise_refs)
1969 return 0;
1970
1971 if ((commands = read_head_info(&shallow)) != NULL) {
1972 const char *unpack_status = NULL;
1973 struct string_list push_options = STRING_LIST_INIT_DUP;
1974
1975 if (use_push_options)
1976 read_push_options(&push_options);
1977 if (!check_cert_push_options(&push_options)) {
1978 struct command *cmd;
1979 for (cmd = commands; cmd; cmd = cmd->next)
1980 cmd->error_string = "inconsistent push options";
1981 }
1982
1983 prepare_shallow_info(&si, &shallow);
1984 if (!si.nr_ours && !si.nr_theirs)
1985 shallow_update = 0;
1986 if (!delete_only(commands)) {
1987 unpack_status = unpack_with_sideband(&si);
1988 update_shallow_info(commands, &si, &ref);
1989 }
1990 use_keepalive = KEEPALIVE_ALWAYS;
1991 execute_commands(commands, unpack_status, &si,
1992 &push_options);
1993 if (pack_lockfile)
1994 unlink_or_warn(pack_lockfile);
1995 if (report_status)
1996 report(commands, unpack_status);
1997 run_receive_hook(commands, "post-receive", 1,
1998 &push_options);
1999 run_update_post_hook(commands);
2000 string_list_clear(&push_options, 0);
2001 if (auto_gc) {
2002 const char *argv_gc_auto[] = {
2003 "gc", "--auto", "--quiet", NULL,
2004 };
2005 struct child_process proc = CHILD_PROCESS_INIT;
2006
2007 proc.no_stdin = 1;
2008 proc.stdout_to_stderr = 1;
2009 proc.err = use_sideband ? -1 : 0;
2010 proc.git_cmd = 1;
2011 proc.argv = argv_gc_auto;
2012
2013 close_all_packs();
2014 if (!start_command(&proc)) {
2015 if (use_sideband)
2016 copy_to_sideband(proc.err, -1, NULL);
2017 finish_command(&proc);
2018 }
2019 }
2020 if (auto_update_server_info)
2021 update_server_info(0);
2022 clear_shallow_info(&si);
2023 }
2024 if (use_sideband)
2025 packet_flush(1);
2026 oid_array_clear(&shallow);
2027 oid_array_clear(&ref);
2028 free((void *)push_cert_nonce);
2029 return 0;
2030}