1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
27};
28enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
35};
36static int deny_deletes;
38static int deny_non_fast_forwards;
39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41static int receive_fsck_objects = -1;
42static int transfer_fsck_objects = -1;
43static struct strbuf fsck_msg_types = STRBUF_INIT;
44static int receive_unpack_limit = -1;
45static int transfer_unpack_limit = -1;
46static int advertise_atomic_push = 1;
47static int advertise_push_options;
48static int unpack_limit = 100;
49static off_t max_input_size;
50static int report_status;
51static int use_sideband;
52static int use_atomic;
53static int use_push_options;
54static int quiet;
55static int prefer_ofs_delta = 1;
56static int auto_update_server_info;
57static int auto_gc = 1;
58static int reject_thin;
59static int stateless_rpc;
60static const char *service_dir;
61static const char *head_name;
62static void *head_name_to_free;
63static int sent_capabilities;
64static int shallow_update;
65static const char *alt_shallow_file;
66static struct strbuf push_cert = STRBUF_INIT;
67static unsigned char push_cert_sha1[20];
68static struct signature_check sigcheck;
69static const char *push_cert_nonce;
70static const char *cert_nonce_seed;
71static const char *NONCE_UNSOLICITED = "UNSOLICITED";
73static const char *NONCE_BAD = "BAD";
74static const char *NONCE_MISSING = "MISSING";
75static const char *NONCE_OK = "OK";
76static const char *NONCE_SLOP = "SLOP";
77static const char *nonce_status;
78static long nonce_stamp_slop;
79static unsigned long nonce_stamp_slop_limit;
80static struct ref_transaction *transaction;
81static enum {
83 KEEPALIVE_NEVER = 0,
84 KEEPALIVE_AFTER_NUL,
85 KEEPALIVE_ALWAYS
86} use_keepalive;
87static int keepalive_in_sec = 5;
88static enum deny_action parse_deny_action(const char *var, const char *value)
90{
91 if (value) {
92 if (!strcasecmp(value, "ignore"))
93 return DENY_IGNORE;
94 if (!strcasecmp(value, "warn"))
95 return DENY_WARN;
96 if (!strcasecmp(value, "refuse"))
97 return DENY_REFUSE;
98 if (!strcasecmp(value, "updateinstead"))
99 return DENY_UPDATE_INSTEAD;
100 }
101 if (git_config_bool(var, value))
102 return DENY_REFUSE;
103 return DENY_IGNORE;
104}
105static int receive_pack_config(const char *var, const char *value, void *cb)
107{
108 int status = parse_hide_refs_config(var, value, "receive");
109 if (status)
111 return status;
112 if (strcmp(var, "receive.denydeletes") == 0) {
114 deny_deletes = git_config_bool(var, value);
115 return 0;
116 }
117 if (strcmp(var, "receive.denynonfastforwards") == 0) {
119 deny_non_fast_forwards = git_config_bool(var, value);
120 return 0;
121 }
122 if (strcmp(var, "receive.unpacklimit") == 0) {
124 receive_unpack_limit = git_config_int(var, value);
125 return 0;
126 }
127 if (strcmp(var, "transfer.unpacklimit") == 0) {
129 transfer_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132 if (strcmp(var, "receive.fsck.skiplist") == 0) {
134 const char *path;
135 if (git_config_pathname(&path, var, value))
137 return 1;
138 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
139 fsck_msg_types.len ? ',' : '=', path);
140 free((char *)path);
141 return 0;
142 }
143 if (skip_prefix(var, "receive.fsck.", &var)) {
145 if (is_valid_msg_type(var, value))
146 strbuf_addf(&fsck_msg_types, "%c%s=%s",
147 fsck_msg_types.len ? ',' : '=', var, value);
148 else
149 warning("Skipping unknown msg id '%s'", var);
150 return 0;
151 }
152 if (strcmp(var, "receive.fsckobjects") == 0) {
154 receive_fsck_objects = git_config_bool(var, value);
155 return 0;
156 }
157 if (strcmp(var, "transfer.fsckobjects") == 0) {
159 transfer_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162 if (!strcmp(var, "receive.denycurrentbranch")) {
164 deny_current_branch = parse_deny_action(var, value);
165 return 0;
166 }
167 if (strcmp(var, "receive.denydeletecurrent") == 0) {
169 deny_delete_current = parse_deny_action(var, value);
170 return 0;
171 }
172 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
174 prefer_ofs_delta = git_config_bool(var, value);
175 return 0;
176 }
177 if (strcmp(var, "receive.updateserverinfo") == 0) {
179 auto_update_server_info = git_config_bool(var, value);
180 return 0;
181 }
182 if (strcmp(var, "receive.autogc") == 0) {
184 auto_gc = git_config_bool(var, value);
185 return 0;
186 }
187 if (strcmp(var, "receive.shallowupdate") == 0) {
189 shallow_update = git_config_bool(var, value);
190 return 0;
191 }
192 if (strcmp(var, "receive.certnonceseed") == 0)
194 return git_config_string(&cert_nonce_seed, var, value);
195 if (strcmp(var, "receive.certnonceslop") == 0) {
197 nonce_stamp_slop_limit = git_config_ulong(var, value);
198 return 0;
199 }
200 if (strcmp(var, "receive.advertiseatomic") == 0) {
202 advertise_atomic_push = git_config_bool(var, value);
203 return 0;
204 }
205 if (strcmp(var, "receive.advertisepushoptions") == 0) {
207 advertise_push_options = git_config_bool(var, value);
208 return 0;
209 }
210 if (strcmp(var, "receive.keepalive") == 0) {
212 keepalive_in_sec = git_config_int(var, value);
213 return 0;
214 }
215 if (strcmp(var, "receive.maxinputsize") == 0) {
217 max_input_size = git_config_int64(var, value);
218 return 0;
219 }
220 return git_default_config(var, value, cb);
222}
223static void show_ref(const char *path, const unsigned char *sha1)
225{
226 if (sent_capabilities) {
227 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
228 } else {
229 struct strbuf cap = STRBUF_INIT;
230 strbuf_addstr(&cap,
232 "report-status delete-refs side-band-64k quiet");
233 if (advertise_atomic_push)
234 strbuf_addstr(&cap, " atomic");
235 if (prefer_ofs_delta)
236 strbuf_addstr(&cap, " ofs-delta");
237 if (push_cert_nonce)
238 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
239 if (advertise_push_options)
240 strbuf_addstr(&cap, " push-options");
241 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
242 packet_write(1, "%s %s%c%s\n",
243 sha1_to_hex(sha1), path, 0, cap.buf);
244 strbuf_release(&cap);
245 sent_capabilities = 1;
246 }
247}
248static int show_ref_cb(const char *path_full, const struct object_id *oid,
250 int flag, void *unused)
251{
252 const char *path = strip_namespace(path_full);
253 if (ref_is_hidden(path, path_full))
255 return 0;
256 /*
258 * Advertise refs outside our current namespace as ".have"
259 * refs, so that the client can use them to minimize data
260 * transfer but will otherwise ignore them. This happens to
261 * cover ".have" that are thrown in by add_one_alternate_ref()
262 * to mark histories that are complete in our alternates as
263 * well.
264 */
265 if (!path)
266 path = ".have";
267 show_ref(path, oid->hash);
268 return 0;
269}
270static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
272{
273 show_ref(".have", sha1);
274}
275static void collect_one_alternate_ref(const struct ref *ref, void *data)
277{
278 struct sha1_array *sa = data;
279 sha1_array_append(sa, ref->old_oid.hash);
280}
281static void write_head_info(void)
283{
284 struct sha1_array sa = SHA1_ARRAY_INIT;
285 for_each_alternate_ref(collect_one_alternate_ref, &sa);
287 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
288 sha1_array_clear(&sa);
289 for_each_ref(show_ref_cb, NULL);
290 if (!sent_capabilities)
291 show_ref("capabilities^{}", null_sha1);
292 advertise_shallow_grafts(1);
294 /* EOF */
296 packet_flush(1);
297}
298struct command {
300 struct command *next;
301 const char *error_string;
302 unsigned int skip_update:1,
303 did_not_exist:1;
304 int index;
305 unsigned char old_sha1[20];
306 unsigned char new_sha1[20];
307 char ref_name[FLEX_ARRAY]; /* more */
308};
309static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
311static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
312static void report_message(const char *prefix, const char *err, va_list params)
314{
315 int sz;
316 char msg[4096];
317 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
319 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
320 if (sz > (sizeof(msg) - 1))
321 sz = sizeof(msg) - 1;
322 msg[sz++] = '\n';
323 if (use_sideband)
325 send_sideband(1, 2, msg, sz, use_sideband);
326 else
327 xwrite(2, msg, sz);
328}
329static void rp_warning(const char *err, ...)
331{
332 va_list params;
333 va_start(params, err);
334 report_message("warning: ", err, params);
335 va_end(params);
336}
337static void rp_error(const char *err, ...)
339{
340 va_list params;
341 va_start(params, err);
342 report_message("error: ", err, params);
343 va_end(params);
344}
345static int copy_to_sideband(int in, int out, void *arg)
347{
348 char data[128];
349 int keepalive_active = 0;
350 if (keepalive_in_sec <= 0)
352 use_keepalive = KEEPALIVE_NEVER;
353 if (use_keepalive == KEEPALIVE_ALWAYS)
354 keepalive_active = 1;
355 while (1) {
357 ssize_t sz;
358 if (keepalive_active) {
360 struct pollfd pfd;
361 int ret;
362 pfd.fd = in;
364 pfd.events = POLLIN;
365 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
366 if (ret < 0) {
368 if (errno == EINTR)
369 continue;
370 else
371 break;
372 } else if (ret == 0) {
373 /* no data; send a keepalive packet */
374 static const char buf[] = "0005\1";
375 write_or_die(1, buf, sizeof(buf) - 1);
376 continue;
377 } /* else there is actual data to read */
378 }
379 sz = xread(in, data, sizeof(data));
381 if (sz <= 0)
382 break;
383 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
385 const char *p = memchr(data, '\0', sz);
386 if (p) {
387 /*
388 * The NUL tells us to start sending keepalives. Make
389 * sure we send any other data we read along
390 * with it.
391 */
392 keepalive_active = 1;
393 send_sideband(1, 2, data, p - data, use_sideband);
394 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
395 continue;
396 }
397 }
398 /*
400 * Either we're not looking for a NUL signal, or we didn't see
401 * it yet; just pass along the data.
402 */
403 send_sideband(1, 2, data, sz, use_sideband);
404 }
405 close(in);
406 return 0;
407}
408#define HMAC_BLOCK_SIZE 64
410static void hmac_sha1(unsigned char *out,
412 const char *key_in, size_t key_len,
413 const char *text, size_t text_len)
414{
415 unsigned char key[HMAC_BLOCK_SIZE];
416 unsigned char k_ipad[HMAC_BLOCK_SIZE];
417 unsigned char k_opad[HMAC_BLOCK_SIZE];
418 int i;
419 git_SHA_CTX ctx;
420 /* RFC 2104 2. (1) */
422 memset(key, '\0', HMAC_BLOCK_SIZE);
423 if (HMAC_BLOCK_SIZE < key_len) {
424 git_SHA1_Init(&ctx);
425 git_SHA1_Update(&ctx, key_in, key_len);
426 git_SHA1_Final(key, &ctx);
427 } else {
428 memcpy(key, key_in, key_len);
429 }
430 /* RFC 2104 2. (2) & (5) */
432 for (i = 0; i < sizeof(key); i++) {
433 k_ipad[i] = key[i] ^ 0x36;
434 k_opad[i] = key[i] ^ 0x5c;
435 }
436 /* RFC 2104 2. (3) & (4) */
438 git_SHA1_Init(&ctx);
439 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
440 git_SHA1_Update(&ctx, text, text_len);
441 git_SHA1_Final(out, &ctx);
442 /* RFC 2104 2. (6) & (7) */
444 git_SHA1_Init(&ctx);
445 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
446 git_SHA1_Update(&ctx, out, 20);
447 git_SHA1_Final(out, &ctx);
448}
449static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
451{
452 struct strbuf buf = STRBUF_INIT;
453 unsigned char sha1[20];
454 strbuf_addf(&buf, "%s:%lu", path, stamp);
456 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
457 strbuf_release(&buf);
458 /* RFC 2104 5. HMAC-SHA1-80 */
460 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
461 return strbuf_detach(&buf, NULL);
462}
463/*
465 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
466 * after dropping "_commit" from its name and possibly moving it out
467 * of commit.c
468 */
469static char *find_header(const char *msg, size_t len, const char *key)
470{
471 int key_len = strlen(key);
472 const char *line = msg;
473 while (line && line < msg + len) {
475 const char *eol = strchrnul(line, '\n');
476 if ((msg + len <= eol) || line == eol)
478 return NULL;
479 if (line + key_len < eol &&
480 !memcmp(line, key, key_len) && line[key_len] == ' ') {
481 int offset = key_len + 1;
482 return xmemdupz(line + offset, (eol - line) - offset);
483 }
484 line = *eol ? eol + 1 : NULL;
485 }
486 return NULL;
487}
488static const char *check_nonce(const char *buf, size_t len)
490{
491 char *nonce = find_header(buf, len, "nonce");
492 unsigned long stamp, ostamp;
493 char *bohmac, *expect = NULL;
494 const char *retval = NONCE_BAD;
495 if (!nonce) {
497 retval = NONCE_MISSING;
498 goto leave;
499 } else if (!push_cert_nonce) {
500 retval = NONCE_UNSOLICITED;
501 goto leave;
502 } else if (!strcmp(push_cert_nonce, nonce)) {
503 retval = NONCE_OK;
504 goto leave;
505 }
506 if (!stateless_rpc) {
508 /* returned nonce MUST match what we gave out earlier */
509 retval = NONCE_BAD;
510 goto leave;
511 }
512 /*
514 * In stateless mode, we may be receiving a nonce issued by
515 * another instance of the server that serving the same
516 * repository, and the timestamps may not match, but the
517 * nonce-seed and dir should match, so we can recompute and
518 * report the time slop.
519 *
520 * In addition, when a nonce issued by another instance has
521 * timestamp within receive.certnonceslop seconds, we pretend
522 * as if we issued that nonce when reporting to the hook.
523 */
524 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
526 if (*nonce <= '0' || '9' < *nonce) {
527 retval = NONCE_BAD;
528 goto leave;
529 }
530 stamp = strtoul(nonce, &bohmac, 10);
531 if (bohmac == nonce || bohmac[0] != '-') {
532 retval = NONCE_BAD;
533 goto leave;
534 }
535 expect = prepare_push_cert_nonce(service_dir, stamp);
537 if (strcmp(expect, nonce)) {
538 /* Not what we would have signed earlier */
539 retval = NONCE_BAD;
540 goto leave;
541 }
542 /*
544 * By how many seconds is this nonce stale? Negative value
545 * would mean it was issued by another server with its clock
546 * skewed in the future.
547 */
548 ostamp = strtoul(push_cert_nonce, NULL, 10);
549 nonce_stamp_slop = (long)ostamp - (long)stamp;
550 if (nonce_stamp_slop_limit &&
552 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
553 /*
554 * Pretend as if the received nonce (which passes the
555 * HMAC check, so it is not a forged by third-party)
556 * is what we issued.
557 */
558 free((void *)push_cert_nonce);
559 push_cert_nonce = xstrdup(nonce);
560 retval = NONCE_OK;
561 } else {
562 retval = NONCE_SLOP;
563 }
564leave:
566 free(nonce);
567 free(expect);
568 return retval;
569}
570static void prepare_push_cert_sha1(struct child_process *proc)
572{
573 static int already_done;
574 if (!push_cert.len)
576 return;
577 if (!already_done) {
579 struct strbuf gpg_output = STRBUF_INIT;
580 struct strbuf gpg_status = STRBUF_INIT;
581 int bogs /* beginning_of_gpg_sig */;
582 already_done = 1;
584 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
585 hashclr(push_cert_sha1);
586 memset(&sigcheck, '\0', sizeof(sigcheck));
588 sigcheck.result = 'N';
589 bogs = parse_signature(push_cert.buf, push_cert.len);
591 if (verify_signed_buffer(push_cert.buf, bogs,
592 push_cert.buf + bogs, push_cert.len - bogs,
593 &gpg_output, &gpg_status) < 0) {
594 ; /* error running gpg */
595 } else {
596 sigcheck.payload = push_cert.buf;
597 sigcheck.gpg_output = gpg_output.buf;
598 sigcheck.gpg_status = gpg_status.buf;
599 parse_gpg_output(&sigcheck);
600 }
601 strbuf_release(&gpg_output);
603 strbuf_release(&gpg_status);
604 nonce_status = check_nonce(push_cert.buf, bogs);
605 }
606 if (!is_null_sha1(push_cert_sha1)) {
607 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
608 sha1_to_hex(push_cert_sha1));
609 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
610 sigcheck.signer ? sigcheck.signer : "");
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
612 sigcheck.key ? sigcheck.key : "");
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
614 sigcheck.result);
615 if (push_cert_nonce) {
616 argv_array_pushf(&proc->env_array,
617 "GIT_PUSH_CERT_NONCE=%s",
618 push_cert_nonce);
619 argv_array_pushf(&proc->env_array,
620 "GIT_PUSH_CERT_NONCE_STATUS=%s",
621 nonce_status);
622 if (nonce_status == NONCE_SLOP)
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
625 nonce_stamp_slop);
626 }
627 }
628}
629struct receive_hook_feed_state {
631 struct command *cmd;
632 int skip_broken;
633 struct strbuf buf;
634 const struct string_list *push_options;
635};
636typedef int (*feed_fn)(void *, const char **, size_t *);
638static int run_and_feed_hook(const char *hook_name, feed_fn feed,
639 struct receive_hook_feed_state *feed_state)
640{
641 struct child_process proc = CHILD_PROCESS_INIT;
642 struct async muxer;
643 const char *argv[2];
644 int code;
645 argv[0] = find_hook(hook_name);
647 if (!argv[0])
648 return 0;
649 argv[1] = NULL;
651 proc.argv = argv;
653 proc.in = -1;
654 proc.stdout_to_stderr = 1;
655 if (feed_state->push_options) {
656 int i;
657 for (i = 0; i < feed_state->push_options->nr; i++)
658 argv_array_pushf(&proc.env_array,
659 "GIT_PUSH_OPTION_%d=%s", i,
660 feed_state->push_options->items[i].string);
661 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
662 feed_state->push_options->nr);
663 } else
664 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
665 if (use_sideband) {
667 memset(&muxer, 0, sizeof(muxer));
668 muxer.proc = copy_to_sideband;
669 muxer.in = -1;
670 code = start_async(&muxer);
671 if (code)
672 return code;
673 proc.err = muxer.in;
674 }
675 prepare_push_cert_sha1(&proc);
677 code = start_command(&proc);
679 if (code) {
680 if (use_sideband)
681 finish_async(&muxer);
682 return code;
683 }
684 sigchain_push(SIGPIPE, SIG_IGN);
686 while (1) {
688 const char *buf;
689 size_t n;
690 if (feed(feed_state, &buf, &n))
691 break;
692 if (write_in_full(proc.in, buf, n) != n)
693 break;
694 }
695 close(proc.in);
696 if (use_sideband)
697 finish_async(&muxer);
698 sigchain_pop(SIGPIPE);
700 return finish_command(&proc);
702}
703static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
705{
706 struct receive_hook_feed_state *state = state_;
707 struct command *cmd = state->cmd;
708 while (cmd &&
710 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
711 cmd = cmd->next;
712 if (!cmd)
713 return -1; /* EOF */
714 strbuf_reset(&state->buf);
715 strbuf_addf(&state->buf, "%s %s %s\n",
716 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
717 cmd->ref_name);
718 state->cmd = cmd->next;
719 if (bufp) {
720 *bufp = state->buf.buf;
721 *sizep = state->buf.len;
722 }
723 return 0;
724}
725static int run_receive_hook(struct command *commands,
727 const char *hook_name,
728 int skip_broken,
729 const struct string_list *push_options)
730{
731 struct receive_hook_feed_state state;
732 int status;
733 strbuf_init(&state.buf, 0);
735 state.cmd = commands;
736 state.skip_broken = skip_broken;
737 if (feed_receive_hook(&state, NULL, NULL))
738 return 0;
739 state.cmd = commands;
740 state.push_options = push_options;
741 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
742 strbuf_release(&state.buf);
743 return status;
744}
745static int run_update_hook(struct command *cmd)
747{
748 const char *argv[5];
749 struct child_process proc = CHILD_PROCESS_INIT;
750 int code;
751 argv[0] = find_hook("update");
753 if (!argv[0])
754 return 0;
755 argv[1] = cmd->ref_name;
757 argv[2] = sha1_to_hex(cmd->old_sha1);
758 argv[3] = sha1_to_hex(cmd->new_sha1);
759 argv[4] = NULL;
760 proc.no_stdin = 1;
762 proc.stdout_to_stderr = 1;
763 proc.err = use_sideband ? -1 : 0;
764 proc.argv = argv;
765 code = start_command(&proc);
767 if (code)
768 return code;
769 if (use_sideband)
770 copy_to_sideband(proc.err, -1, NULL);
771 return finish_command(&proc);
772}
773static int is_ref_checked_out(const char *ref)
775{
776 if (is_bare_repository())
777 return 0;
778 if (!head_name)
780 return 0;
781 return !strcmp(head_name, ref);
782}
783static char *refuse_unconfigured_deny_msg[] = {
785 "By default, updating the current branch in a non-bare repository",
786 "is denied, because it will make the index and work tree inconsistent",
787 "with what you pushed, and will require 'git reset --hard' to match",
788 "the work tree to HEAD.",
789 "",
790 "You can set 'receive.denyCurrentBranch' configuration variable to",
791 "'ignore' or 'warn' in the remote repository to allow pushing into",
792 "its current branch; however, this is not recommended unless you",
793 "arranged to update its work tree to match what you pushed in some",
794 "other way.",
795 "",
796 "To squelch this message and still keep the default behaviour, set",
797 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
798};
799static void refuse_unconfigured_deny(void)
801{
802 int i;
803 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
804 rp_error("%s", refuse_unconfigured_deny_msg[i]);
805}
806static char *refuse_unconfigured_deny_delete_current_msg[] = {
808 "By default, deleting the current branch is denied, because the next",
809 "'git clone' won't result in any file checked out, causing confusion.",
810 "",
811 "You can set 'receive.denyDeleteCurrent' configuration variable to",
812 "'warn' or 'ignore' in the remote repository to allow deleting the",
813 "current branch, with or without a warning message.",
814 "",
815 "To squelch this message, you can set it to 'refuse'."
816};
817static void refuse_unconfigured_deny_delete_current(void)
819{
820 int i;
821 for (i = 0;
822 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
823 i++)
824 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
825}
826static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
828static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
829{
830 static struct lock_file shallow_lock;
831 struct sha1_array extra = SHA1_ARRAY_INIT;
832 struct check_connected_options opt = CHECK_CONNECTED_INIT;
833 uint32_t mask = 1 << (cmd->index % 32);
834 int i;
835 trace_printf_key(&trace_shallow,
837 "shallow: update_shallow_ref %s\n", cmd->ref_name);
838 for (i = 0; i < si->shallow->nr; i++)
839 if (si->used_shallow[i] &&
840 (si->used_shallow[i][cmd->index / 32] & mask) &&
841 !delayed_reachability_test(si, i))
842 sha1_array_append(&extra, si->shallow->sha1[i]);
843 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
845 if (check_connected(command_singleton_iterator, cmd, &opt)) {
846 rollback_lock_file(&shallow_lock);
847 sha1_array_clear(&extra);
848 return -1;
849 }
850 commit_lock_file(&shallow_lock);
852 /*
854 * Make sure setup_alternate_shallow() for the next ref does
855 * not lose these new roots..
856 */
857 for (i = 0; i < extra.nr; i++)
858 register_shallow(extra.sha1[i]);
859 si->shallow_ref[cmd->index] = 0;
861 sha1_array_clear(&extra);
862 return 0;
863}
864/*
866 * NEEDSWORK: we should consolidate various implementions of "are we
867 * on an unborn branch?" test into one, and make the unified one more
868 * robust. !get_sha1() based check used here and elsewhere would not
869 * allow us to tell an unborn branch from corrupt ref, for example.
870 * For the purpose of fixing "deploy-to-update does not work when
871 * pushing into an empty repository" issue, this should suffice for
872 * now.
873 */
874static int head_has_history(void)
875{
876 unsigned char sha1[20];
877 return !get_sha1("HEAD", sha1);
879}
880static const char *push_to_deploy(unsigned char *sha1,
882 struct argv_array *env,
883 const char *work_tree)
884{
885 const char *update_refresh[] = {
886 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
887 };
888 const char *diff_files[] = {
889 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
890 };
891 const char *diff_index[] = {
892 "diff-index", "--quiet", "--cached", "--ignore-submodules",
893 NULL, "--", NULL
894 };
895 const char *read_tree[] = {
896 "read-tree", "-u", "-m", NULL, NULL
897 };
898 struct child_process child = CHILD_PROCESS_INIT;
899 child.argv = update_refresh;
901 child.env = env->argv;
902 child.dir = work_tree;
903 child.no_stdin = 1;
904 child.stdout_to_stderr = 1;
905 child.git_cmd = 1;
906 if (run_command(&child))
907 return "Up-to-date check failed";
908 /* run_command() does not clean up completely; reinitialize */
910 child_process_init(&child);
911 child.argv = diff_files;
912 child.env = env->argv;
913 child.dir = work_tree;
914 child.no_stdin = 1;
915 child.stdout_to_stderr = 1;
916 child.git_cmd = 1;
917 if (run_command(&child))
918 return "Working directory has unstaged changes";
919 /* diff-index with either HEAD or an empty tree */
921 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
922 child_process_init(&child);
924 child.argv = diff_index;
925 child.env = env->argv;
926 child.no_stdin = 1;
927 child.no_stdout = 1;
928 child.stdout_to_stderr = 0;
929 child.git_cmd = 1;
930 if (run_command(&child))
931 return "Working directory has staged changes";
932 read_tree[3] = sha1_to_hex(sha1);
934 child_process_init(&child);
935 child.argv = read_tree;
936 child.env = env->argv;
937 child.dir = work_tree;
938 child.no_stdin = 1;
939 child.no_stdout = 1;
940 child.stdout_to_stderr = 0;
941 child.git_cmd = 1;
942 if (run_command(&child))
943 return "Could not update working tree to new HEAD";
944 return NULL;
946}
947static const char *push_to_checkout_hook = "push-to-checkout";
949static const char *push_to_checkout(unsigned char *sha1,
951 struct argv_array *env,
952 const char *work_tree)
953{
954 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
955 if (run_hook_le(env->argv, push_to_checkout_hook,
956 sha1_to_hex(sha1), NULL))
957 return "push-to-checkout hook declined";
958 else
959 return NULL;
960}
961static const char *update_worktree(unsigned char *sha1)
963{
964 const char *retval;
965 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
966 struct argv_array env = ARGV_ARRAY_INIT;
967 if (is_bare_repository())
969 return "denyCurrentBranch = updateInstead needs a worktree";
970 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
972 if (!find_hook(push_to_checkout_hook))
974 retval = push_to_deploy(sha1, &env, work_tree);
975 else
976 retval = push_to_checkout(sha1, &env, work_tree);
977 argv_array_clear(&env);
979 return retval;
980}
981static const char *update(struct command *cmd, struct shallow_info *si)
983{
984 const char *name = cmd->ref_name;
985 struct strbuf namespaced_name_buf = STRBUF_INIT;
986 const char *namespaced_name, *ret;
987 unsigned char *old_sha1 = cmd->old_sha1;
988 unsigned char *new_sha1 = cmd->new_sha1;
989 /* only refs/... are allowed */
991 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
992 rp_error("refusing to create funny ref '%s' remotely", name);
993 return "funny refname";
994 }
995 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
997 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
998 if (is_ref_checked_out(namespaced_name)) {
1000 switch (deny_current_branch) {
1001 case DENY_IGNORE:
1002 break;
1003 case DENY_WARN:
1004 rp_warning("updating the current branch");
1005 break;
1006 case DENY_REFUSE:
1007 case DENY_UNCONFIGURED:
1008 rp_error("refusing to update checked out branch: %s", name);
1009 if (deny_current_branch == DENY_UNCONFIGURED)
1010 refuse_unconfigured_deny();
1011 return "branch is currently checked out";
1012 case DENY_UPDATE_INSTEAD:
1013 ret = update_worktree(new_sha1);
1014 if (ret)
1015 return ret;
1016 break;
1017 }
1018 }
1019 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1021 error("unpack should have generated %s, "
1022 "but I can't find it!", sha1_to_hex(new_sha1));
1023 return "bad pack";
1024 }
1025 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1027 if (deny_deletes && starts_with(name, "refs/heads/")) {
1028 rp_error("denying ref deletion for %s", name);
1029 return "deletion prohibited";
1030 }
1031 if (head_name && !strcmp(namespaced_name, head_name)) {
1033 switch (deny_delete_current) {
1034 case DENY_IGNORE:
1035 break;
1036 case DENY_WARN:
1037 rp_warning("deleting the current branch");
1038 break;
1039 case DENY_REFUSE:
1040 case DENY_UNCONFIGURED:
1041 case DENY_UPDATE_INSTEAD:
1042 if (deny_delete_current == DENY_UNCONFIGURED)
1043 refuse_unconfigured_deny_delete_current();
1044 rp_error("refusing to delete the current branch: %s", name);
1045 return "deletion of the current branch prohibited";
1046 default:
1047 return "Invalid denyDeleteCurrent setting";
1048 }
1049 }
1050 }
1051 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1053 !is_null_sha1(old_sha1) &&
1054 starts_with(name, "refs/heads/")) {
1055 struct object *old_object, *new_object;
1056 struct commit *old_commit, *new_commit;
1057 old_object = parse_object(old_sha1);
1059 new_object = parse_object(new_sha1);
1060 if (!old_object || !new_object ||
1062 old_object->type != OBJ_COMMIT ||
1063 new_object->type != OBJ_COMMIT) {
1064 error("bad sha1 objects for %s", name);
1065 return "bad ref";
1066 }
1067 old_commit = (struct commit *)old_object;
1068 new_commit = (struct commit *)new_object;
1069 if (!in_merge_bases(old_commit, new_commit)) {
1070 rp_error("denying non-fast-forward %s"
1071 " (you should pull first)", name);
1072 return "non-fast-forward";
1073 }
1074 }
1075 if (run_update_hook(cmd)) {
1076 rp_error("hook declined to update %s", name);
1077 return "hook declined";
1078 }
1079 if (is_null_sha1(new_sha1)) {
1081 struct strbuf err = STRBUF_INIT;
1082 if (!parse_object(old_sha1)) {
1083 old_sha1 = NULL;
1084 if (ref_exists(name)) {
1085 rp_warning("Allowing deletion of corrupt ref.");
1086 } else {
1087 rp_warning("Deleting a non-existent ref.");
1088 cmd->did_not_exist = 1;
1089 }
1090 }
1091 if (ref_transaction_delete(transaction,
1092 namespaced_name,
1093 old_sha1,
1094 0, "push", &err)) {
1095 rp_error("%s", err.buf);
1096 strbuf_release(&err);
1097 return "failed to delete";
1098 }
1099 strbuf_release(&err);
1100 return NULL; /* good */
1101 }
1102 else {
1103 struct strbuf err = STRBUF_INIT;
1104 if (shallow_update && si->shallow_ref[cmd->index] &&
1105 update_shallow_ref(cmd, si))
1106 return "shallow error";
1107 if (ref_transaction_update(transaction,
1109 namespaced_name,
1110 new_sha1, old_sha1,
1111 0, "push",
1112 &err)) {
1113 rp_error("%s", err.buf);
1114 strbuf_release(&err);
1115 return "failed to update ref";
1117 }
1118 strbuf_release(&err);
1119 return NULL; /* good */
1121 }
1122}
1123static void run_update_post_hook(struct command *commands)
1125{
1126 struct command *cmd;
1127 int argc;
1128 struct child_process proc = CHILD_PROCESS_INIT;
1129 const char *hook;
1130 hook = find_hook("post-update");
1132 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1133 if (cmd->error_string || cmd->did_not_exist)
1134 continue;
1135 argc++;
1136 }
1137 if (!argc || !hook)
1138 return;
1139 argv_array_push(&proc.args, hook);
1141 for (cmd = commands; cmd; cmd = cmd->next) {
1142 if (cmd->error_string || cmd->did_not_exist)
1143 continue;
1144 argv_array_push(&proc.args, cmd->ref_name);
1145 }
1146 proc.no_stdin = 1;
1148 proc.stdout_to_stderr = 1;
1149 proc.err = use_sideband ? -1 : 0;
1150 if (!start_command(&proc)) {
1152 if (use_sideband)
1153 copy_to_sideband(proc.err, -1, NULL);
1154 finish_command(&proc);
1155 }
1156}
1157static void check_aliased_update(struct command *cmd, struct string_list *list)
1159{
1160 struct strbuf buf = STRBUF_INIT;
1161 const char *dst_name;
1162 struct string_list_item *item;
1163 struct command *dst_cmd;
1164 unsigned char sha1[GIT_SHA1_RAWSZ];
1165 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1166 cmd_newh[GIT_SHA1_HEXSZ + 1],
1167 dst_oldh[GIT_SHA1_HEXSZ + 1],
1168 dst_newh[GIT_SHA1_HEXSZ + 1];
1169 int flag;
1170 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1172 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1173 strbuf_release(&buf);
1174 if (!(flag & REF_ISSYMREF))
1176 return;
1177 if (!dst_name) {
1179 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1180 cmd->skip_update = 1;
1181 cmd->error_string = "broken symref";
1182 return;
1183 }
1184 dst_name = strip_namespace(dst_name);
1185 if ((item = string_list_lookup(list, dst_name)) == NULL)
1187 return;
1188 cmd->skip_update = 1;
1190 dst_cmd = (struct command *) item->util;
1192 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1194 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1195 return;
1196 dst_cmd->skip_update = 1;
1198 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1200 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1201 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1202 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1203 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1204 " its target '%s' (%s..%s)",
1205 cmd->ref_name, cmd_oldh, cmd_newh,
1206 dst_cmd->ref_name, dst_oldh, dst_newh);
1207 cmd->error_string = dst_cmd->error_string =
1209 "inconsistent aliased update";
1210}
1211static void check_aliased_updates(struct command *commands)
1213{
1214 struct command *cmd;
1215 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1216 for (cmd = commands; cmd; cmd = cmd->next) {
1218 struct string_list_item *item =
1219 string_list_append(&ref_list, cmd->ref_name);
1220 item->util = (void *)cmd;
1221 }
1222 string_list_sort(&ref_list);
1223 for (cmd = commands; cmd; cmd = cmd->next) {
1225 if (!cmd->error_string)
1226 check_aliased_update(cmd, &ref_list);
1227 }
1228 string_list_clear(&ref_list, 0);
1230}
1231static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1233{
1234 struct command **cmd_list = cb_data;
1235 struct command *cmd = *cmd_list;
1236 if (!cmd || is_null_sha1(cmd->new_sha1))
1238 return -1; /* end of list */
1239 *cmd_list = NULL; /* this returns only one */
1240 hashcpy(sha1, cmd->new_sha1);
1241 return 0;
1242}
1243static void set_connectivity_errors(struct command *commands,
1245 struct shallow_info *si)
1246{
1247 struct command *cmd;
1248 for (cmd = commands; cmd; cmd = cmd->next) {
1250 struct command *singleton = cmd;
1251 if (shallow_update && si->shallow_ref[cmd->index])
1252 /* to be checked in update_shallow_ref() */
1253 continue;
1254 if (!check_connected(command_singleton_iterator, &singleton,
1255 NULL))
1256 continue;
1257 cmd->error_string = "missing necessary objects";
1258 }
1259}
1260struct iterate_data {
1262 struct command *cmds;
1263 struct shallow_info *si;
1264};
1265static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1267{
1268 struct iterate_data *data = cb_data;
1269 struct command **cmd_list = &data->cmds;
1270 struct command *cmd = *cmd_list;
1271 for (; cmd; cmd = cmd->next) {
1273 if (shallow_update && data->si->shallow_ref[cmd->index])
1274 /* to be checked in update_shallow_ref() */
1275 continue;
1276 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1277 hashcpy(sha1, cmd->new_sha1);
1278 *cmd_list = cmd->next;
1279 return 0;
1280 }
1281 }
1282 *cmd_list = NULL;
1283 return -1; /* end of list */
1284}
1285static void reject_updates_to_hidden(struct command *commands)
1287{
1288 struct strbuf refname_full = STRBUF_INIT;
1289 size_t prefix_len;
1290 struct command *cmd;
1291 strbuf_addstr(&refname_full, get_git_namespace());
1293 prefix_len = refname_full.len;
1294 for (cmd = commands; cmd; cmd = cmd->next) {
1296 if (cmd->error_string)
1297 continue;
1298 strbuf_setlen(&refname_full, prefix_len);
1300 strbuf_addstr(&refname_full, cmd->ref_name);
1301 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1303 continue;
1304 if (is_null_sha1(cmd->new_sha1))
1305 cmd->error_string = "deny deleting a hidden ref";
1306 else
1307 cmd->error_string = "deny updating a hidden ref";
1308 }
1309 strbuf_release(&refname_full);
1311}
1312static int should_process_cmd(struct command *cmd)
1314{
1315 return !cmd->error_string && !cmd->skip_update;
1316}
1317static void warn_if_skipped_connectivity_check(struct command *commands,
1319 struct shallow_info *si)
1320{
1321 struct command *cmd;
1322 int checked_connectivity = 1;
1323 for (cmd = commands; cmd; cmd = cmd->next) {
1325 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1326 error("BUG: connectivity check has not been run on ref %s",
1327 cmd->ref_name);
1328 checked_connectivity = 0;
1329 }
1330 }
1331 if (!checked_connectivity)
1332 die("BUG: connectivity check skipped???");
1333}
1334static void execute_commands_non_atomic(struct command *commands,
1336 struct shallow_info *si)
1337{
1338 struct command *cmd;
1339 struct strbuf err = STRBUF_INIT;
1340 for (cmd = commands; cmd; cmd = cmd->next) {
1342 if (!should_process_cmd(cmd))
1343 continue;
1344 transaction = ref_transaction_begin(&err);
1346 if (!transaction) {
1347 rp_error("%s", err.buf);
1348 strbuf_reset(&err);
1349 cmd->error_string = "transaction failed to start";
1350 continue;
1351 }
1352 cmd->error_string = update(cmd, si);
1354 if (!cmd->error_string
1356 && ref_transaction_commit(transaction, &err)) {
1357 rp_error("%s", err.buf);
1358 strbuf_reset(&err);
1359 cmd->error_string = "failed to update ref";
1360 }
1361 ref_transaction_free(transaction);
1362 }
1363 strbuf_release(&err);
1364}
1365static void execute_commands_atomic(struct command *commands,
1367 struct shallow_info *si)
1368{
1369 struct command *cmd;
1370 struct strbuf err = STRBUF_INIT;
1371 const char *reported_error = "atomic push failure";
1372 transaction = ref_transaction_begin(&err);
1374 if (!transaction) {
1375 rp_error("%s", err.buf);
1376 strbuf_reset(&err);
1377 reported_error = "transaction failed to start";
1378 goto failure;
1379 }
1380 for (cmd = commands; cmd; cmd = cmd->next) {
1382 if (!should_process_cmd(cmd))
1383 continue;
1384 cmd->error_string = update(cmd, si);
1386 if (cmd->error_string)
1388 goto failure;
1389 }
1390 if (ref_transaction_commit(transaction, &err)) {
1392 rp_error("%s", err.buf);
1393 reported_error = "atomic transaction failed";
1394 goto failure;
1395 }
1396 goto cleanup;
1397failure:
1399 for (cmd = commands; cmd; cmd = cmd->next)
1400 if (!cmd->error_string)
1401 cmd->error_string = reported_error;
1402cleanup:
1404 ref_transaction_free(transaction);
1405 strbuf_release(&err);
1406}
1407static void execute_commands(struct command *commands,
1409 const char *unpacker_error,
1410 struct shallow_info *si,
1411 const struct string_list *push_options)
1412{
1413 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1414 struct command *cmd;
1415 unsigned char sha1[20];
1416 struct iterate_data data;
1417 struct async muxer;
1418 int err_fd = 0;
1419 if (unpacker_error) {
1421 for (cmd = commands; cmd; cmd = cmd->next)
1422 cmd->error_string = "unpacker error";
1423 return;
1424 }
1425 if (use_sideband) {
1427 memset(&muxer, 0, sizeof(muxer));
1428 muxer.proc = copy_to_sideband;
1429 muxer.in = -1;
1430 if (!start_async(&muxer))
1431 err_fd = muxer.in;
1432 /* ...else, continue without relaying sideband */
1433 }
1434 data.cmds = commands;
1436 data.si = si;
1437 opt.err_fd = err_fd;
1438 opt.progress = err_fd && !quiet;
1439 if (check_connected(iterate_receive_command_list, &data, &opt))
1440 set_connectivity_errors(commands, si);
1441 if (use_sideband)
1443 finish_async(&muxer);
1444 reject_updates_to_hidden(commands);
1446 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1448 for (cmd = commands; cmd; cmd = cmd->next) {
1449 if (!cmd->error_string)
1450 cmd->error_string = "pre-receive hook declined";
1451 }
1452 return;
1453 }
1454 check_aliased_updates(commands);
1456 free(head_name_to_free);
1458 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1459 if (use_atomic)
1461 execute_commands_atomic(commands, si);
1462 else
1463 execute_commands_non_atomic(commands, si);
1464 if (shallow_update)
1466 warn_if_skipped_connectivity_check(commands, si);
1467}
1468static struct command **queue_command(struct command **tail,
1470 const char *line,
1471 int linelen)
1472{
1473 unsigned char old_sha1[20], new_sha1[20];
1474 struct command *cmd;
1475 const char *refname;
1476 int reflen;
1477 if (linelen < 83 ||
1479 line[40] != ' ' ||
1480 line[81] != ' ' ||
1481 get_sha1_hex(line, old_sha1) ||
1482 get_sha1_hex(line + 41, new_sha1))
1483 die("protocol error: expected old/new/ref, got '%s'", line);
1484 refname = line + 82;
1486 reflen = linelen - 82;
1487 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1488 hashcpy(cmd->old_sha1, old_sha1);
1489 hashcpy(cmd->new_sha1, new_sha1);
1490 *tail = cmd;
1491 return &cmd->next;
1492}
1493static void queue_commands_from_cert(struct command **tail,
1495 struct strbuf *push_cert)
1496{
1497 const char *boc, *eoc;
1498 if (*tail)
1500 die("protocol error: got both push certificate and unsigned commands");
1501 boc = strstr(push_cert->buf, "\n\n");
1503 if (!boc)
1504 die("malformed push certificate %.*s", 100, push_cert->buf);
1505 else
1506 boc += 2;
1507 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1508 while (boc < eoc) {
1510 const char *eol = memchr(boc, '\n', eoc - boc);
1511 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1512 boc = eol ? eol + 1 : eoc;
1513 }
1514}
1515static struct command *read_head_info(struct sha1_array *shallow)
1517{
1518 struct command *commands = NULL;
1519 struct command **p = &commands;
1520 for (;;) {
1521 char *line;
1522 int len, linelen;
1523 line = packet_read_line(0, &len);
1525 if (!line)
1526 break;
1527 if (len == 48 && starts_with(line, "shallow ")) {
1529 unsigned char sha1[20];
1530 if (get_sha1_hex(line + 8, sha1))
1531 die("protocol error: expected shallow sha, got '%s'",
1532 line + 8);
1533 sha1_array_append(shallow, sha1);
1534 continue;
1535 }
1536 linelen = strlen(line);
1538 if (linelen < len) {
1539 const char *feature_list = line + linelen + 1;
1540 if (parse_feature_request(feature_list, "report-status"))
1541 report_status = 1;
1542 if (parse_feature_request(feature_list, "side-band-64k"))
1543 use_sideband = LARGE_PACKET_MAX;
1544 if (parse_feature_request(feature_list, "quiet"))
1545 quiet = 1;
1546 if (advertise_atomic_push
1547 && parse_feature_request(feature_list, "atomic"))
1548 use_atomic = 1;
1549 if (advertise_push_options
1550 && parse_feature_request(feature_list, "push-options"))
1551 use_push_options = 1;
1552 }
1553 if (!strcmp(line, "push-cert")) {
1555 int true_flush = 0;
1556 char certbuf[1024];
1557 for (;;) {
1559 len = packet_read(0, NULL, NULL,
1560 certbuf, sizeof(certbuf), 0);
1561 if (!len) {
1562 true_flush = 1;
1563 break;
1564 }
1565 if (!strcmp(certbuf, "push-cert-end\n"))
1566 break; /* end of cert */
1567 strbuf_addstr(&push_cert, certbuf);
1568 }
1569 if (true_flush)
1571 break;
1572 continue;
1573 }
1574 p = queue_command(p, line, linelen);
1576 }
1577 if (push_cert.len)
1579 queue_commands_from_cert(p, &push_cert);
1580 return commands;
1582}
1583static void read_push_options(struct string_list *options)
1585{
1586 while (1) {
1587 char *line;
1588 int len;
1589 line = packet_read_line(0, &len);
1591 if (!line)
1593 break;
1594 string_list_append(options, line);
1596 }
1597}
1598static const char *parse_pack_header(struct pack_header *hdr)
1600{
1601 switch (read_pack_header(0, hdr)) {
1602 case PH_ERROR_EOF:
1603 return "eof before pack header was fully read";
1604 case PH_ERROR_PACK_SIGNATURE:
1606 return "protocol error (pack signature mismatch detected)";
1607 case PH_ERROR_PROTOCOL:
1609 return "protocol error (pack version unsupported)";
1610 default:
1612 return "unknown error in parse_pack_header";
1613 case 0:
1615 return NULL;
1616 }
1617}
1618static const char *pack_lockfile;
1620static const char *unpack(int err_fd, struct shallow_info *si)
1622{
1623 struct pack_header hdr;
1624 const char *hdr_err;
1625 int status;
1626 char hdr_arg[38];
1627 struct child_process child = CHILD_PROCESS_INIT;
1628 int fsck_objects = (receive_fsck_objects >= 0
1629 ? receive_fsck_objects
1630 : transfer_fsck_objects >= 0
1631 ? transfer_fsck_objects
1632 : 0);
1633 hdr_err = parse_pack_header(&hdr);
1635 if (hdr_err) {
1636 if (err_fd > 0)
1637 close(err_fd);
1638 return hdr_err;
1639 }
1640 snprintf(hdr_arg, sizeof(hdr_arg),
1641 "--pack_header=%"PRIu32",%"PRIu32,
1642 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1643 if (si->nr_ours || si->nr_theirs) {
1645 alt_shallow_file = setup_temporary_shallow(si->shallow);
1646 argv_array_push(&child.args, "--shallow-file");
1647 argv_array_push(&child.args, alt_shallow_file);
1648 }
1649 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1651 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1652 if (quiet)
1653 argv_array_push(&child.args, "-q");
1654 if (fsck_objects)
1655 argv_array_pushf(&child.args, "--strict%s",
1656 fsck_msg_types.buf);
1657 if (max_input_size)
1658 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1659 (uintmax_t)max_input_size);
1660 child.no_stdout = 1;
1661 child.err = err_fd;
1662 child.git_cmd = 1;
1663 status = run_command(&child);
1664 if (status)
1665 return "unpack-objects abnormal exit";
1666 } else {
1667 char hostname[256];
1668 argv_array_pushl(&child.args, "index-pack",
1670 "--stdin", hdr_arg, NULL);
1671 if (gethostname(hostname, sizeof(hostname)))
1673 xsnprintf(hostname, sizeof(hostname), "localhost");
1674 argv_array_pushf(&child.args,
1675 "--keep=receive-pack %"PRIuMAX" on %s",
1676 (uintmax_t)getpid(),
1677 hostname);
1678 if (!quiet && err_fd)
1680 argv_array_push(&child.args, "--show-resolving-progress");
1681 if (use_sideband)
1682 argv_array_push(&child.args, "--report-end-of-input");
1683 if (fsck_objects)
1684 argv_array_pushf(&child.args, "--strict%s",
1685 fsck_msg_types.buf);
1686 if (!reject_thin)
1687 argv_array_push(&child.args, "--fix-thin");
1688 if (max_input_size)
1689 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1690 (uintmax_t)max_input_size);
1691 child.out = -1;
1692 child.err = err_fd;
1693 child.git_cmd = 1;
1694 status = start_command(&child);
1695 if (status)
1696 return "index-pack fork failed";
1697 pack_lockfile = index_pack_lockfile(child.out);
1698 close(child.out);
1699 status = finish_command(&child);
1700 if (status)
1701 return "index-pack abnormal exit";
1702 reprepare_packed_git();
1703 }
1704 return NULL;
1705}
1706static const char *unpack_with_sideband(struct shallow_info *si)
1708{
1709 struct async muxer;
1710 const char *ret;
1711 if (!use_sideband)
1713 return unpack(0, si);
1714 use_keepalive = KEEPALIVE_AFTER_NUL;
1716 memset(&muxer, 0, sizeof(muxer));
1717 muxer.proc = copy_to_sideband;
1718 muxer.in = -1;
1719 if (start_async(&muxer))
1720 return NULL;
1721 ret = unpack(muxer.in, si);
1723 finish_async(&muxer);
1725 return ret;
1726}
1727static void prepare_shallow_update(struct command *commands,
1729 struct shallow_info *si)
1730{
1731 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1732 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1734 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1735 si->need_reachability_test =
1737 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1738 si->reachable =
1739 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1740 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1741 for (i = 0; i < si->nr_ours; i++)
1743 si->need_reachability_test[si->ours[i]] = 1;
1744 for (i = 0; i < si->shallow->nr; i++) {
1746 if (!si->used_shallow[i])
1747 continue;
1748 for (j = 0; j < bitmap_size; j++) {
1749 if (!si->used_shallow[i][j])
1750 continue;
1751 si->need_reachability_test[i]++;
1752 for (k = 0; k < 32; k++)
1753 if (si->used_shallow[i][j] & (1U << k))
1754 si->shallow_ref[j * 32 + k]++;
1755 }
1756 /*
1758 * true for those associated with some refs and belong
1759 * in "ours" list aka "step 7 not done yet"
1760 */
1761 si->need_reachability_test[i] =
1762 si->need_reachability_test[i] > 1;
1763 }
1764 /*
1766 * keep hooks happy by forcing a temporary shallow file via
1767 * env variable because we can't add --shallow-file to every
1768 * command. check_everything_connected() will be done with
1769 * true .git/shallow though.
1770 */
1771 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1772}
1773static void update_shallow_info(struct command *commands,
1775 struct shallow_info *si,
1776 struct sha1_array *ref)
1777{
1778 struct command *cmd;
1779 int *ref_status;
1780 remove_nonexistent_theirs_shallow(si);
1781 if (!si->nr_ours && !si->nr_theirs) {
1782 shallow_update = 0;
1783 return;
1784 }
1785 for (cmd = commands; cmd; cmd = cmd->next) {
1787 if (is_null_sha1(cmd->new_sha1))
1788 continue;
1789 sha1_array_append(ref, cmd->new_sha1);
1790 cmd->index = ref->nr - 1;
1791 }
1792 si->ref = ref;
1793 if (shallow_update) {
1795 prepare_shallow_update(commands, si);
1796 return;
1797 }
1798 ALLOC_ARRAY(ref_status, ref->nr);
1800 assign_shallow_commits_to_refs(si, NULL, ref_status);
1801 for (cmd = commands; cmd; cmd = cmd->next) {
1802 if (is_null_sha1(cmd->new_sha1))
1803 continue;
1804 if (ref_status[cmd->index]) {
1805 cmd->error_string = "shallow update not allowed";
1806 cmd->skip_update = 1;
1807 }
1808 }
1809 free(ref_status);
1810}
1811static void report(struct command *commands, const char *unpack_status)
1813{
1814 struct command *cmd;
1815 struct strbuf buf = STRBUF_INIT;
1816 packet_buf_write(&buf, "unpack %s\n",
1818 unpack_status ? unpack_status : "ok");
1819 for (cmd = commands; cmd; cmd = cmd->next) {
1820 if (!cmd->error_string)
1821 packet_buf_write(&buf, "ok %s\n",
1822 cmd->ref_name);
1823 else
1824 packet_buf_write(&buf, "ng %s %s\n",
1825 cmd->ref_name, cmd->error_string);
1826 }
1827 packet_buf_flush(&buf);
1828 if (use_sideband)
1830 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1831 else
1832 write_or_die(1, buf.buf, buf.len);
1833 strbuf_release(&buf);
1834}
1835static int delete_only(struct command *commands)
1837{
1838 struct command *cmd;
1839 for (cmd = commands; cmd; cmd = cmd->next) {
1840 if (!is_null_sha1(cmd->new_sha1))
1841 return 0;
1842 }
1843 return 1;
1844}
1845int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1847{
1848 int advertise_refs = 0;
1849 struct command *commands;
1850 struct sha1_array shallow = SHA1_ARRAY_INIT;
1851 struct sha1_array ref = SHA1_ARRAY_INIT;
1852 struct shallow_info si;
1853 struct option options[] = {
1855 OPT__QUIET(&quiet, N_("quiet")),
1856 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1857 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1858 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1859 OPT_END()
1860 };
1861 packet_trace_identity("receive-pack");
1863 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1865 if (argc > 1)
1867 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1868 if (argc == 0)
1869 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1870 service_dir = argv[0];
1872 setup_path();
1874 if (!enter_repo(service_dir, 0))
1876 die("'%s' does not appear to be a git repository", service_dir);
1877 git_config(receive_pack_config, NULL);
1879 if (cert_nonce_seed)
1880 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1881 if (0 <= transfer_unpack_limit)
1883 unpack_limit = transfer_unpack_limit;
1884 else if (0 <= receive_unpack_limit)
1885 unpack_limit = receive_unpack_limit;
1886 if (advertise_refs || !stateless_rpc) {
1888 write_head_info();
1889 }
1890 if (advertise_refs)
1891 return 0;
1892 if ((commands = read_head_info(&shallow)) != NULL) {
1894 const char *unpack_status = NULL;
1895 struct string_list push_options = STRING_LIST_INIT_DUP;
1896 if (use_push_options)
1898 read_push_options(&push_options);
1899 prepare_shallow_info(&si, &shallow);
1901 if (!si.nr_ours && !si.nr_theirs)
1902 shallow_update = 0;
1903 if (!delete_only(commands)) {
1904 unpack_status = unpack_with_sideband(&si);
1905 update_shallow_info(commands, &si, &ref);
1906 }
1907 use_keepalive = KEEPALIVE_ALWAYS;
1908 execute_commands(commands, unpack_status, &si,
1909 &push_options);
1910 if (pack_lockfile)
1911 unlink_or_warn(pack_lockfile);
1912 if (report_status)
1913 report(commands, unpack_status);
1914 run_receive_hook(commands, "post-receive", 1,
1915 &push_options);
1916 run_update_post_hook(commands);
1917 if (push_options.nr)
1918 string_list_clear(&push_options, 0);
1919 if (auto_gc) {
1920 const char *argv_gc_auto[] = {
1921 "gc", "--auto", "--quiet", NULL,
1922 };
1923 struct child_process proc = CHILD_PROCESS_INIT;
1924 proc.no_stdin = 1;
1926 proc.stdout_to_stderr = 1;
1927 proc.err = use_sideband ? -1 : 0;
1928 proc.git_cmd = 1;
1929 proc.argv = argv_gc_auto;
1930 close_all_packs();
1932 if (!start_command(&proc)) {
1933 if (use_sideband)
1934 copy_to_sideband(proc.err, -1, NULL);
1935 finish_command(&proc);
1936 }
1937 }
1938 if (auto_update_server_info)
1939 update_server_info(0);
1940 clear_shallow_info(&si);
1941 }
1942 if (use_sideband)
1943 packet_flush(1);
1944 sha1_array_clear(&shallow);
1945 sha1_array_clear(&ref);
1946 free((void *)push_cert_nonce);
1947 return 0;
1948}