1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30#include "commit-reach.h"
31static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35};
36enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43};
44static int deny_deletes;
46static int deny_non_fast_forwards;
47static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49static int receive_fsck_objects = -1;
50static int transfer_fsck_objects = -1;
51static struct strbuf fsck_msg_types = STRBUF_INIT;
52static int receive_unpack_limit = -1;
53static int transfer_unpack_limit = -1;
54static int advertise_atomic_push = 1;
55static int advertise_push_options;
56static int unpack_limit = 100;
57static off_t max_input_size;
58static int report_status;
59static int use_sideband;
60static int use_atomic;
61static int use_push_options;
62static int quiet;
63static int prefer_ofs_delta = 1;
64static int auto_update_server_info;
65static int auto_gc = 1;
66static int reject_thin;
67static int stateless_rpc;
68static const char *service_dir;
69static const char *head_name;
70static void *head_name_to_free;
71static int sent_capabilities;
72static int shallow_update;
73static const char *alt_shallow_file;
74static struct strbuf push_cert = STRBUF_INIT;
75static struct object_id push_cert_oid;
76static struct signature_check sigcheck;
77static const char *push_cert_nonce;
78static const char *cert_nonce_seed;
79static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81static const char *NONCE_BAD = "BAD";
82static const char *NONCE_MISSING = "MISSING";
83static const char *NONCE_OK = "OK";
84static const char *NONCE_SLOP = "SLOP";
85static const char *nonce_status;
86static long nonce_stamp_slop;
87static timestamp_t nonce_stamp_slop_limit;
88static struct ref_transaction *transaction;
89static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94} use_keepalive;
95static int keepalive_in_sec = 5;
96static struct tmp_objdir *tmp_objdir;
98static enum deny_action parse_deny_action(const char *var, const char *value)
100{
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114}
115static int receive_pack_config(const char *var, const char *value, void *cb)
117{
118 int status = parse_hide_refs_config(var, value, "receive");
119 if (status)
121 return status;
122 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230 return git_default_config(var, value, cb);
232}
233static void show_ref(const char *path, const struct object_id *oid)
235{
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257}
258static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261{
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264 if (ref_is_hidden(path, path_full))
266 return 0;
267 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282}
283static void show_one_alternate_ref(const char *refname,
285 const struct object_id *oid,
286 void *data)
287{
288 struct oidset *seen = data;
289 if (oidset_insert(seen, oid))
291 return;
292 show_ref(".have", oid);
294}
295static void write_head_info(void)
297{
298 static struct oidset seen = OIDSET_INIT;
299 for_each_ref(show_ref_cb, &seen);
301 for_each_alternate_ref(show_one_alternate_ref, &seen);
302 oidset_clear(&seen);
303 if (!sent_capabilities)
304 show_ref("capabilities^{}", &null_oid);
305 advertise_shallow_grafts(1);
307 /* EOF */
309 packet_flush(1);
310}
311struct command {
313 struct command *next;
314 const char *error_string;
315 unsigned int skip_update:1,
316 did_not_exist:1;
317 int index;
318 struct object_id old_oid;
319 struct object_id new_oid;
320 char ref_name[FLEX_ARRAY]; /* more */
321};
322static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
324static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
325static void report_message(const char *prefix, const char *err, va_list params)
327{
328 int sz;
329 char msg[4096];
330 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
332 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
333 if (sz > (sizeof(msg) - 1))
334 sz = sizeof(msg) - 1;
335 msg[sz++] = '\n';
336 if (use_sideband)
338 send_sideband(1, 2, msg, sz, use_sideband);
339 else
340 xwrite(2, msg, sz);
341}
342static void rp_warning(const char *err, ...)
344{
345 va_list params;
346 va_start(params, err);
347 report_message("warning: ", err, params);
348 va_end(params);
349}
350static void rp_error(const char *err, ...)
352{
353 va_list params;
354 va_start(params, err);
355 report_message("error: ", err, params);
356 va_end(params);
357}
358static int copy_to_sideband(int in, int out, void *arg)
360{
361 char data[128];
362 int keepalive_active = 0;
363 if (keepalive_in_sec <= 0)
365 use_keepalive = KEEPALIVE_NEVER;
366 if (use_keepalive == KEEPALIVE_ALWAYS)
367 keepalive_active = 1;
368 while (1) {
370 ssize_t sz;
371 if (keepalive_active) {
373 struct pollfd pfd;
374 int ret;
375 pfd.fd = in;
377 pfd.events = POLLIN;
378 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
379 if (ret < 0) {
381 if (errno == EINTR)
382 continue;
383 else
384 break;
385 } else if (ret == 0) {
386 /* no data; send a keepalive packet */
387 static const char buf[] = "0005\1";
388 write_or_die(1, buf, sizeof(buf) - 1);
389 continue;
390 } /* else there is actual data to read */
391 }
392 sz = xread(in, data, sizeof(data));
394 if (sz <= 0)
395 break;
396 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
398 const char *p = memchr(data, '\0', sz);
399 if (p) {
400 /*
401 * The NUL tells us to start sending keepalives. Make
402 * sure we send any other data we read along
403 * with it.
404 */
405 keepalive_active = 1;
406 send_sideband(1, 2, data, p - data, use_sideband);
407 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
408 continue;
409 }
410 }
411 /*
413 * Either we're not looking for a NUL signal, or we didn't see
414 * it yet; just pass along the data.
415 */
416 send_sideband(1, 2, data, sz, use_sideband);
417 }
418 close(in);
419 return 0;
420}
421#define HMAC_BLOCK_SIZE 64
423static void hmac_sha1(unsigned char *out,
425 const char *key_in, size_t key_len,
426 const char *text, size_t text_len)
427{
428 unsigned char key[HMAC_BLOCK_SIZE];
429 unsigned char k_ipad[HMAC_BLOCK_SIZE];
430 unsigned char k_opad[HMAC_BLOCK_SIZE];
431 int i;
432 git_SHA_CTX ctx;
433 /* RFC 2104 2. (1) */
435 memset(key, '\0', HMAC_BLOCK_SIZE);
436 if (HMAC_BLOCK_SIZE < key_len) {
437 git_SHA1_Init(&ctx);
438 git_SHA1_Update(&ctx, key_in, key_len);
439 git_SHA1_Final(key, &ctx);
440 } else {
441 memcpy(key, key_in, key_len);
442 }
443 /* RFC 2104 2. (2) & (5) */
445 for (i = 0; i < sizeof(key); i++) {
446 k_ipad[i] = key[i] ^ 0x36;
447 k_opad[i] = key[i] ^ 0x5c;
448 }
449 /* RFC 2104 2. (3) & (4) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
453 git_SHA1_Update(&ctx, text, text_len);
454 git_SHA1_Final(out, &ctx);
455 /* RFC 2104 2. (6) & (7) */
457 git_SHA1_Init(&ctx);
458 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
459 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
460 git_SHA1_Final(out, &ctx);
461}
462static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
464{
465 struct strbuf buf = STRBUF_INIT;
466 unsigned char sha1[GIT_SHA1_RAWSZ];
467 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
469 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
470 strbuf_release(&buf);
471 /* RFC 2104 5. HMAC-SHA1-80 */
473 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
474 return strbuf_detach(&buf, NULL);
475}
476/*
478 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
479 * after dropping "_commit" from its name and possibly moving it out
480 * of commit.c
481 */
482static char *find_header(const char *msg, size_t len, const char *key,
483 const char **next_line)
484{
485 int key_len = strlen(key);
486 const char *line = msg;
487 while (line && line < msg + len) {
489 const char *eol = strchrnul(line, '\n');
490 if ((msg + len <= eol) || line == eol)
492 return NULL;
493 if (line + key_len < eol &&
494 !memcmp(line, key, key_len) && line[key_len] == ' ') {
495 int offset = key_len + 1;
496 if (next_line)
497 *next_line = *eol ? eol + 1 : eol;
498 return xmemdupz(line + offset, (eol - line) - offset);
499 }
500 line = *eol ? eol + 1 : NULL;
501 }
502 return NULL;
503}
504static const char *check_nonce(const char *buf, size_t len)
506{
507 char *nonce = find_header(buf, len, "nonce", NULL);
508 timestamp_t stamp, ostamp;
509 char *bohmac, *expect = NULL;
510 const char *retval = NONCE_BAD;
511 if (!nonce) {
513 retval = NONCE_MISSING;
514 goto leave;
515 } else if (!push_cert_nonce) {
516 retval = NONCE_UNSOLICITED;
517 goto leave;
518 } else if (!strcmp(push_cert_nonce, nonce)) {
519 retval = NONCE_OK;
520 goto leave;
521 }
522 if (!stateless_rpc) {
524 /* returned nonce MUST match what we gave out earlier */
525 retval = NONCE_BAD;
526 goto leave;
527 }
528 /*
530 * In stateless mode, we may be receiving a nonce issued by
531 * another instance of the server that serving the same
532 * repository, and the timestamps may not match, but the
533 * nonce-seed and dir should match, so we can recompute and
534 * report the time slop.
535 *
536 * In addition, when a nonce issued by another instance has
537 * timestamp within receive.certnonceslop seconds, we pretend
538 * as if we issued that nonce when reporting to the hook.
539 */
540 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
542 if (*nonce <= '0' || '9' < *nonce) {
543 retval = NONCE_BAD;
544 goto leave;
545 }
546 stamp = parse_timestamp(nonce, &bohmac, 10);
547 if (bohmac == nonce || bohmac[0] != '-') {
548 retval = NONCE_BAD;
549 goto leave;
550 }
551 expect = prepare_push_cert_nonce(service_dir, stamp);
553 if (strcmp(expect, nonce)) {
554 /* Not what we would have signed earlier */
555 retval = NONCE_BAD;
556 goto leave;
557 }
558 /*
560 * By how many seconds is this nonce stale? Negative value
561 * would mean it was issued by another server with its clock
562 * skewed in the future.
563 */
564 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
565 nonce_stamp_slop = (long)ostamp - (long)stamp;
566 if (nonce_stamp_slop_limit &&
568 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
569 /*
570 * Pretend as if the received nonce (which passes the
571 * HMAC check, so it is not a forged by third-party)
572 * is what we issued.
573 */
574 free((void *)push_cert_nonce);
575 push_cert_nonce = xstrdup(nonce);
576 retval = NONCE_OK;
577 } else {
578 retval = NONCE_SLOP;
579 }
580leave:
582 free(nonce);
583 free(expect);
584 return retval;
585}
586/*
588 * Return 1 if there is no push_cert or if the push options in push_cert are
589 * the same as those in the argument; 0 otherwise.
590 */
591static int check_cert_push_options(const struct string_list *push_options)
592{
593 const char *buf = push_cert.buf;
594 int len = push_cert.len;
595 char *option;
597 const char *next_line;
598 int options_seen = 0;
599 int retval = 1;
601 if (!len)
603 return 1;
604 while ((option = find_header(buf, len, "push-option", &next_line))) {
606 len -= (next_line - buf);
607 buf = next_line;
608 options_seen++;
609 if (options_seen > push_options->nr
610 || strcmp(option,
611 push_options->items[options_seen - 1].string)) {
612 retval = 0;
613 goto leave;
614 }
615 free(option);
616 }
617 if (options_seen != push_options->nr)
619 retval = 0;
620leave:
622 free(option);
623 return retval;
624}
625static void prepare_push_cert_sha1(struct child_process *proc)
627{
628 static int already_done;
629 if (!push_cert.len)
631 return;
632 if (!already_done) {
634 int bogs /* beginning_of_gpg_sig */;
635 already_done = 1;
637 if (write_object_file(push_cert.buf, push_cert.len, "blob",
638 &push_cert_oid))
639 oidclr(&push_cert_oid);
640 memset(&sigcheck, '\0', sizeof(sigcheck));
642 bogs = parse_signature(push_cert.buf, push_cert.len);
644 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
645 push_cert.len - bogs, &sigcheck);
646 nonce_status = check_nonce(push_cert.buf, bogs);
648 }
649 if (!is_null_oid(&push_cert_oid)) {
650 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
651 oid_to_hex(&push_cert_oid));
652 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
653 sigcheck.signer ? sigcheck.signer : "");
654 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
655 sigcheck.key ? sigcheck.key : "");
656 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
657 sigcheck.result);
658 if (push_cert_nonce) {
659 argv_array_pushf(&proc->env_array,
660 "GIT_PUSH_CERT_NONCE=%s",
661 push_cert_nonce);
662 argv_array_pushf(&proc->env_array,
663 "GIT_PUSH_CERT_NONCE_STATUS=%s",
664 nonce_status);
665 if (nonce_status == NONCE_SLOP)
666 argv_array_pushf(&proc->env_array,
667 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
668 nonce_stamp_slop);
669 }
670 }
671}
672struct receive_hook_feed_state {
674 struct command *cmd;
675 int skip_broken;
676 struct strbuf buf;
677 const struct string_list *push_options;
678};
679typedef int (*feed_fn)(void *, const char **, size_t *);
681static int run_and_feed_hook(const char *hook_name, feed_fn feed,
682 struct receive_hook_feed_state *feed_state)
683{
684 struct child_process proc = CHILD_PROCESS_INIT;
685 struct async muxer;
686 const char *argv[2];
687 int code;
688 argv[0] = find_hook(hook_name);
690 if (!argv[0])
691 return 0;
692 argv[1] = NULL;
694 proc.argv = argv;
696 proc.in = -1;
697 proc.stdout_to_stderr = 1;
698 if (feed_state->push_options) {
699 int i;
700 for (i = 0; i < feed_state->push_options->nr; i++)
701 argv_array_pushf(&proc.env_array,
702 "GIT_PUSH_OPTION_%d=%s", i,
703 feed_state->push_options->items[i].string);
704 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
705 feed_state->push_options->nr);
706 } else
707 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
708 if (tmp_objdir)
710 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
711 if (use_sideband) {
713 memset(&muxer, 0, sizeof(muxer));
714 muxer.proc = copy_to_sideband;
715 muxer.in = -1;
716 code = start_async(&muxer);
717 if (code)
718 return code;
719 proc.err = muxer.in;
720 }
721 prepare_push_cert_sha1(&proc);
723 code = start_command(&proc);
725 if (code) {
726 if (use_sideband)
727 finish_async(&muxer);
728 return code;
729 }
730 sigchain_push(SIGPIPE, SIG_IGN);
732 while (1) {
734 const char *buf;
735 size_t n;
736 if (feed(feed_state, &buf, &n))
737 break;
738 if (write_in_full(proc.in, buf, n) < 0)
739 break;
740 }
741 close(proc.in);
742 if (use_sideband)
743 finish_async(&muxer);
744 sigchain_pop(SIGPIPE);
746 return finish_command(&proc);
748}
749static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
751{
752 struct receive_hook_feed_state *state = state_;
753 struct command *cmd = state->cmd;
754 while (cmd &&
756 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
757 cmd = cmd->next;
758 if (!cmd)
759 return -1; /* EOF */
760 strbuf_reset(&state->buf);
761 strbuf_addf(&state->buf, "%s %s %s\n",
762 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
763 cmd->ref_name);
764 state->cmd = cmd->next;
765 if (bufp) {
766 *bufp = state->buf.buf;
767 *sizep = state->buf.len;
768 }
769 return 0;
770}
771static int run_receive_hook(struct command *commands,
773 const char *hook_name,
774 int skip_broken,
775 const struct string_list *push_options)
776{
777 struct receive_hook_feed_state state;
778 int status;
779 strbuf_init(&state.buf, 0);
781 state.cmd = commands;
782 state.skip_broken = skip_broken;
783 if (feed_receive_hook(&state, NULL, NULL))
784 return 0;
785 state.cmd = commands;
786 state.push_options = push_options;
787 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
788 strbuf_release(&state.buf);
789 return status;
790}
791static int run_update_hook(struct command *cmd)
793{
794 const char *argv[5];
795 struct child_process proc = CHILD_PROCESS_INIT;
796 int code;
797 argv[0] = find_hook("update");
799 if (!argv[0])
800 return 0;
801 argv[1] = cmd->ref_name;
803 argv[2] = oid_to_hex(&cmd->old_oid);
804 argv[3] = oid_to_hex(&cmd->new_oid);
805 argv[4] = NULL;
806 proc.no_stdin = 1;
808 proc.stdout_to_stderr = 1;
809 proc.err = use_sideband ? -1 : 0;
810 proc.argv = argv;
811 code = start_command(&proc);
813 if (code)
814 return code;
815 if (use_sideband)
816 copy_to_sideband(proc.err, -1, NULL);
817 return finish_command(&proc);
818}
819static int is_ref_checked_out(const char *ref)
821{
822 if (is_bare_repository())
823 return 0;
824 if (!head_name)
826 return 0;
827 return !strcmp(head_name, ref);
828}
829static char *refuse_unconfigured_deny_msg =
831 N_("By default, updating the current branch in a non-bare repository\n"
832 "is denied, because it will make the index and work tree inconsistent\n"
833 "with what you pushed, and will require 'git reset --hard' to match\n"
834 "the work tree to HEAD.\n"
835 "\n"
836 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
837 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
838 "its current branch; however, this is not recommended unless you\n"
839 "arranged to update its work tree to match what you pushed in some\n"
840 "other way.\n"
841 "\n"
842 "To squelch this message and still keep the default behaviour, set\n"
843 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
844static void refuse_unconfigured_deny(void)
846{
847 rp_error("%s", _(refuse_unconfigured_deny_msg));
848}
849static char *refuse_unconfigured_deny_delete_current_msg =
851 N_("By default, deleting the current branch is denied, because the next\n"
852 "'git clone' won't result in any file checked out, causing confusion.\n"
853 "\n"
854 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
855 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
856 "current branch, with or without a warning message.\n"
857 "\n"
858 "To squelch this message, you can set it to 'refuse'.");
859static void refuse_unconfigured_deny_delete_current(void)
861{
862 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
863}
864static int command_singleton_iterator(void *cb_data, struct object_id *oid);
866static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
867{
868 struct lock_file shallow_lock = LOCK_INIT;
869 struct oid_array extra = OID_ARRAY_INIT;
870 struct check_connected_options opt = CHECK_CONNECTED_INIT;
871 uint32_t mask = 1 << (cmd->index % 32);
872 int i;
873 trace_printf_key(&trace_shallow,
875 "shallow: update_shallow_ref %s\n", cmd->ref_name);
876 for (i = 0; i < si->shallow->nr; i++)
877 if (si->used_shallow[i] &&
878 (si->used_shallow[i][cmd->index / 32] & mask) &&
879 !delayed_reachability_test(si, i))
880 oid_array_append(&extra, &si->shallow->oid[i]);
881 opt.env = tmp_objdir_env(tmp_objdir);
883 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
884 if (check_connected(command_singleton_iterator, cmd, &opt)) {
885 rollback_lock_file(&shallow_lock);
886 oid_array_clear(&extra);
887 return -1;
888 }
889 commit_lock_file(&shallow_lock);
891 /*
893 * Make sure setup_alternate_shallow() for the next ref does
894 * not lose these new roots..
895 */
896 for (i = 0; i < extra.nr; i++)
897 register_shallow(the_repository, &extra.oid[i]);
898 si->shallow_ref[cmd->index] = 0;
900 oid_array_clear(&extra);
901 return 0;
902}
903/*
905 * NEEDSWORK: we should consolidate various implementions of "are we
906 * on an unborn branch?" test into one, and make the unified one more
907 * robust. !get_sha1() based check used here and elsewhere would not
908 * allow us to tell an unborn branch from corrupt ref, for example.
909 * For the purpose of fixing "deploy-to-update does not work when
910 * pushing into an empty repository" issue, this should suffice for
911 * now.
912 */
913static int head_has_history(void)
914{
915 struct object_id oid;
916 return !get_oid("HEAD", &oid);
918}
919static const char *push_to_deploy(unsigned char *sha1,
921 struct argv_array *env,
922 const char *work_tree)
923{
924 const char *update_refresh[] = {
925 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
926 };
927 const char *diff_files[] = {
928 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
929 };
930 const char *diff_index[] = {
931 "diff-index", "--quiet", "--cached", "--ignore-submodules",
932 NULL, "--", NULL
933 };
934 const char *read_tree[] = {
935 "read-tree", "-u", "-m", NULL, NULL
936 };
937 struct child_process child = CHILD_PROCESS_INIT;
938 child.argv = update_refresh;
940 child.env = env->argv;
941 child.dir = work_tree;
942 child.no_stdin = 1;
943 child.stdout_to_stderr = 1;
944 child.git_cmd = 1;
945 if (run_command(&child))
946 return "Up-to-date check failed";
947 /* run_command() does not clean up completely; reinitialize */
949 child_process_init(&child);
950 child.argv = diff_files;
951 child.env = env->argv;
952 child.dir = work_tree;
953 child.no_stdin = 1;
954 child.stdout_to_stderr = 1;
955 child.git_cmd = 1;
956 if (run_command(&child))
957 return "Working directory has unstaged changes";
958 /* diff-index with either HEAD or an empty tree */
960 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
961 child_process_init(&child);
963 child.argv = diff_index;
964 child.env = env->argv;
965 child.no_stdin = 1;
966 child.no_stdout = 1;
967 child.stdout_to_stderr = 0;
968 child.git_cmd = 1;
969 if (run_command(&child))
970 return "Working directory has staged changes";
971 read_tree[3] = sha1_to_hex(sha1);
973 child_process_init(&child);
974 child.argv = read_tree;
975 child.env = env->argv;
976 child.dir = work_tree;
977 child.no_stdin = 1;
978 child.no_stdout = 1;
979 child.stdout_to_stderr = 0;
980 child.git_cmd = 1;
981 if (run_command(&child))
982 return "Could not update working tree to new HEAD";
983 return NULL;
985}
986static const char *push_to_checkout_hook = "push-to-checkout";
988static const char *push_to_checkout(unsigned char *sha1,
990 struct argv_array *env,
991 const char *work_tree)
992{
993 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
994 if (run_hook_le(env->argv, push_to_checkout_hook,
995 sha1_to_hex(sha1), NULL))
996 return "push-to-checkout hook declined";
997 else
998 return NULL;
999}
1000static const char *update_worktree(unsigned char *sha1)
1002{
1003 const char *retval;
1004 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1005 struct argv_array env = ARGV_ARRAY_INIT;
1006 if (is_bare_repository())
1008 return "denyCurrentBranch = updateInstead needs a worktree";
1009 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1011 if (!find_hook(push_to_checkout_hook))
1013 retval = push_to_deploy(sha1, &env, work_tree);
1014 else
1015 retval = push_to_checkout(sha1, &env, work_tree);
1016 argv_array_clear(&env);
1018 return retval;
1019}
1020static const char *update(struct command *cmd, struct shallow_info *si)
1022{
1023 const char *name = cmd->ref_name;
1024 struct strbuf namespaced_name_buf = STRBUF_INIT;
1025 static char *namespaced_name;
1026 const char *ret;
1027 struct object_id *old_oid = &cmd->old_oid;
1028 struct object_id *new_oid = &cmd->new_oid;
1029 /* only refs/... are allowed */
1031 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1032 rp_error("refusing to create funny ref '%s' remotely", name);
1033 return "funny refname";
1034 }
1035 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1037 free(namespaced_name);
1038 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1039 if (is_ref_checked_out(namespaced_name)) {
1041 switch (deny_current_branch) {
1042 case DENY_IGNORE:
1043 break;
1044 case DENY_WARN:
1045 rp_warning("updating the current branch");
1046 break;
1047 case DENY_REFUSE:
1048 case DENY_UNCONFIGURED:
1049 rp_error("refusing to update checked out branch: %s", name);
1050 if (deny_current_branch == DENY_UNCONFIGURED)
1051 refuse_unconfigured_deny();
1052 return "branch is currently checked out";
1053 case DENY_UPDATE_INSTEAD:
1054 ret = update_worktree(new_oid->hash);
1055 if (ret)
1056 return ret;
1057 break;
1058 }
1059 }
1060 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1062 error("unpack should have generated %s, "
1063 "but I can't find it!", oid_to_hex(new_oid));
1064 return "bad pack";
1065 }
1066 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1068 if (deny_deletes && starts_with(name, "refs/heads/")) {
1069 rp_error("denying ref deletion for %s", name);
1070 return "deletion prohibited";
1071 }
1072 if (head_name && !strcmp(namespaced_name, head_name)) {
1074 switch (deny_delete_current) {
1075 case DENY_IGNORE:
1076 break;
1077 case DENY_WARN:
1078 rp_warning("deleting the current branch");
1079 break;
1080 case DENY_REFUSE:
1081 case DENY_UNCONFIGURED:
1082 case DENY_UPDATE_INSTEAD:
1083 if (deny_delete_current == DENY_UNCONFIGURED)
1084 refuse_unconfigured_deny_delete_current();
1085 rp_error("refusing to delete the current branch: %s", name);
1086 return "deletion of the current branch prohibited";
1087 default:
1088 return "Invalid denyDeleteCurrent setting";
1089 }
1090 }
1091 }
1092 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1094 !is_null_oid(old_oid) &&
1095 starts_with(name, "refs/heads/")) {
1096 struct object *old_object, *new_object;
1097 struct commit *old_commit, *new_commit;
1098 old_object = parse_object(the_repository, old_oid);
1100 new_object = parse_object(the_repository, new_oid);
1101 if (!old_object || !new_object ||
1103 old_object->type != OBJ_COMMIT ||
1104 new_object->type != OBJ_COMMIT) {
1105 error("bad sha1 objects for %s", name);
1106 return "bad ref";
1107 }
1108 old_commit = (struct commit *)old_object;
1109 new_commit = (struct commit *)new_object;
1110 if (!in_merge_bases(old_commit, new_commit)) {
1111 rp_error("denying non-fast-forward %s"
1112 " (you should pull first)", name);
1113 return "non-fast-forward";
1114 }
1115 }
1116 if (run_update_hook(cmd)) {
1117 rp_error("hook declined to update %s", name);
1118 return "hook declined";
1119 }
1120 if (is_null_oid(new_oid)) {
1122 struct strbuf err = STRBUF_INIT;
1123 if (!parse_object(the_repository, old_oid)) {
1124 old_oid = NULL;
1125 if (ref_exists(name)) {
1126 rp_warning("Allowing deletion of corrupt ref.");
1127 } else {
1128 rp_warning("Deleting a non-existent ref.");
1129 cmd->did_not_exist = 1;
1130 }
1131 }
1132 if (ref_transaction_delete(transaction,
1133 namespaced_name,
1134 old_oid,
1135 0, "push", &err)) {
1136 rp_error("%s", err.buf);
1137 strbuf_release(&err);
1138 return "failed to delete";
1139 }
1140 strbuf_release(&err);
1141 return NULL; /* good */
1142 }
1143 else {
1144 struct strbuf err = STRBUF_INIT;
1145 if (shallow_update && si->shallow_ref[cmd->index] &&
1146 update_shallow_ref(cmd, si))
1147 return "shallow error";
1148 if (ref_transaction_update(transaction,
1150 namespaced_name,
1151 new_oid, old_oid,
1152 0, "push",
1153 &err)) {
1154 rp_error("%s", err.buf);
1155 strbuf_release(&err);
1156 return "failed to update ref";
1158 }
1159 strbuf_release(&err);
1160 return NULL; /* good */
1162 }
1163}
1164static void run_update_post_hook(struct command *commands)
1166{
1167 struct command *cmd;
1168 struct child_process proc = CHILD_PROCESS_INIT;
1169 const char *hook;
1170 hook = find_hook("post-update");
1172 if (!hook)
1173 return;
1174 for (cmd = commands; cmd; cmd = cmd->next) {
1176 if (cmd->error_string || cmd->did_not_exist)
1177 continue;
1178 if (!proc.args.argc)
1179 argv_array_push(&proc.args, hook);
1180 argv_array_push(&proc.args, cmd->ref_name);
1181 }
1182 if (!proc.args.argc)
1183 return;
1184 proc.no_stdin = 1;
1186 proc.stdout_to_stderr = 1;
1187 proc.err = use_sideband ? -1 : 0;
1188 if (!start_command(&proc)) {
1190 if (use_sideband)
1191 copy_to_sideband(proc.err, -1, NULL);
1192 finish_command(&proc);
1193 }
1194}
1195static void check_aliased_update(struct command *cmd, struct string_list *list)
1197{
1198 struct strbuf buf = STRBUF_INIT;
1199 const char *dst_name;
1200 struct string_list_item *item;
1201 struct command *dst_cmd;
1202 int flag;
1203 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1205 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1206 strbuf_release(&buf);
1207 if (!(flag & REF_ISSYMREF))
1209 return;
1210 if (!dst_name) {
1212 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1213 cmd->skip_update = 1;
1214 cmd->error_string = "broken symref";
1215 return;
1216 }
1217 dst_name = strip_namespace(dst_name);
1218 if ((item = string_list_lookup(list, dst_name)) == NULL)
1220 return;
1221 cmd->skip_update = 1;
1223 dst_cmd = (struct command *) item->util;
1225 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1227 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1228 return;
1229 dst_cmd->skip_update = 1;
1231 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1233 " its target '%s' (%s..%s)",
1234 cmd->ref_name,
1235 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1236 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1237 dst_cmd->ref_name,
1238 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1239 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1240 cmd->error_string = dst_cmd->error_string =
1242 "inconsistent aliased update";
1243}
1244static void check_aliased_updates(struct command *commands)
1246{
1247 struct command *cmd;
1248 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1249 for (cmd = commands; cmd; cmd = cmd->next) {
1251 struct string_list_item *item =
1252 string_list_append(&ref_list, cmd->ref_name);
1253 item->util = (void *)cmd;
1254 }
1255 string_list_sort(&ref_list);
1256 for (cmd = commands; cmd; cmd = cmd->next) {
1258 if (!cmd->error_string)
1259 check_aliased_update(cmd, &ref_list);
1260 }
1261 string_list_clear(&ref_list, 0);
1263}
1264static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1266{
1267 struct command **cmd_list = cb_data;
1268 struct command *cmd = *cmd_list;
1269 if (!cmd || is_null_oid(&cmd->new_oid))
1271 return -1; /* end of list */
1272 *cmd_list = NULL; /* this returns only one */
1273 oidcpy(oid, &cmd->new_oid);
1274 return 0;
1275}
1276static void set_connectivity_errors(struct command *commands,
1278 struct shallow_info *si)
1279{
1280 struct command *cmd;
1281 for (cmd = commands; cmd; cmd = cmd->next) {
1283 struct command *singleton = cmd;
1284 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1285 if (shallow_update && si->shallow_ref[cmd->index])
1287 /* to be checked in update_shallow_ref() */
1288 continue;
1289 opt.env = tmp_objdir_env(tmp_objdir);
1291 if (!check_connected(command_singleton_iterator, &singleton,
1292 &opt))
1293 continue;
1294 cmd->error_string = "missing necessary objects";
1296 }
1297}
1298struct iterate_data {
1300 struct command *cmds;
1301 struct shallow_info *si;
1302};
1303static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1305{
1306 struct iterate_data *data = cb_data;
1307 struct command **cmd_list = &data->cmds;
1308 struct command *cmd = *cmd_list;
1309 for (; cmd; cmd = cmd->next) {
1311 if (shallow_update && data->si->shallow_ref[cmd->index])
1312 /* to be checked in update_shallow_ref() */
1313 continue;
1314 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1315 oidcpy(oid, &cmd->new_oid);
1316 *cmd_list = cmd->next;
1317 return 0;
1318 }
1319 }
1320 *cmd_list = NULL;
1321 return -1; /* end of list */
1322}
1323static void reject_updates_to_hidden(struct command *commands)
1325{
1326 struct strbuf refname_full = STRBUF_INIT;
1327 size_t prefix_len;
1328 struct command *cmd;
1329 strbuf_addstr(&refname_full, get_git_namespace());
1331 prefix_len = refname_full.len;
1332 for (cmd = commands; cmd; cmd = cmd->next) {
1334 if (cmd->error_string)
1335 continue;
1336 strbuf_setlen(&refname_full, prefix_len);
1338 strbuf_addstr(&refname_full, cmd->ref_name);
1339 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1341 continue;
1342 if (is_null_oid(&cmd->new_oid))
1343 cmd->error_string = "deny deleting a hidden ref";
1344 else
1345 cmd->error_string = "deny updating a hidden ref";
1346 }
1347 strbuf_release(&refname_full);
1349}
1350static int should_process_cmd(struct command *cmd)
1352{
1353 return !cmd->error_string && !cmd->skip_update;
1354}
1355static void warn_if_skipped_connectivity_check(struct command *commands,
1357 struct shallow_info *si)
1358{
1359 struct command *cmd;
1360 int checked_connectivity = 1;
1361 for (cmd = commands; cmd; cmd = cmd->next) {
1363 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1364 error("BUG: connectivity check has not been run on ref %s",
1365 cmd->ref_name);
1366 checked_connectivity = 0;
1367 }
1368 }
1369 if (!checked_connectivity)
1370 BUG("connectivity check skipped???");
1371}
1372static void execute_commands_non_atomic(struct command *commands,
1374 struct shallow_info *si)
1375{
1376 struct command *cmd;
1377 struct strbuf err = STRBUF_INIT;
1378 for (cmd = commands; cmd; cmd = cmd->next) {
1380 if (!should_process_cmd(cmd))
1381 continue;
1382 transaction = ref_transaction_begin(&err);
1384 if (!transaction) {
1385 rp_error("%s", err.buf);
1386 strbuf_reset(&err);
1387 cmd->error_string = "transaction failed to start";
1388 continue;
1389 }
1390 cmd->error_string = update(cmd, si);
1392 if (!cmd->error_string
1394 && ref_transaction_commit(transaction, &err)) {
1395 rp_error("%s", err.buf);
1396 strbuf_reset(&err);
1397 cmd->error_string = "failed to update ref";
1398 }
1399 ref_transaction_free(transaction);
1400 }
1401 strbuf_release(&err);
1402}
1403static void execute_commands_atomic(struct command *commands,
1405 struct shallow_info *si)
1406{
1407 struct command *cmd;
1408 struct strbuf err = STRBUF_INIT;
1409 const char *reported_error = "atomic push failure";
1410 transaction = ref_transaction_begin(&err);
1412 if (!transaction) {
1413 rp_error("%s", err.buf);
1414 strbuf_reset(&err);
1415 reported_error = "transaction failed to start";
1416 goto failure;
1417 }
1418 for (cmd = commands; cmd; cmd = cmd->next) {
1420 if (!should_process_cmd(cmd))
1421 continue;
1422 cmd->error_string = update(cmd, si);
1424 if (cmd->error_string)
1426 goto failure;
1427 }
1428 if (ref_transaction_commit(transaction, &err)) {
1430 rp_error("%s", err.buf);
1431 reported_error = "atomic transaction failed";
1432 goto failure;
1433 }
1434 goto cleanup;
1435failure:
1437 for (cmd = commands; cmd; cmd = cmd->next)
1438 if (!cmd->error_string)
1439 cmd->error_string = reported_error;
1440cleanup:
1442 ref_transaction_free(transaction);
1443 strbuf_release(&err);
1444}
1445static void execute_commands(struct command *commands,
1447 const char *unpacker_error,
1448 struct shallow_info *si,
1449 const struct string_list *push_options)
1450{
1451 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1452 struct command *cmd;
1453 struct iterate_data data;
1454 struct async muxer;
1455 int err_fd = 0;
1456 if (unpacker_error) {
1458 for (cmd = commands; cmd; cmd = cmd->next)
1459 cmd->error_string = "unpacker error";
1460 return;
1461 }
1462 if (use_sideband) {
1464 memset(&muxer, 0, sizeof(muxer));
1465 muxer.proc = copy_to_sideband;
1466 muxer.in = -1;
1467 if (!start_async(&muxer))
1468 err_fd = muxer.in;
1469 /* ...else, continue without relaying sideband */
1470 }
1471 data.cmds = commands;
1473 data.si = si;
1474 opt.err_fd = err_fd;
1475 opt.progress = err_fd && !quiet;
1476 opt.env = tmp_objdir_env(tmp_objdir);
1477 if (check_connected(iterate_receive_command_list, &data, &opt))
1478 set_connectivity_errors(commands, si);
1479 if (use_sideband)
1481 finish_async(&muxer);
1482 reject_updates_to_hidden(commands);
1484 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1486 for (cmd = commands; cmd; cmd = cmd->next) {
1487 if (!cmd->error_string)
1488 cmd->error_string = "pre-receive hook declined";
1489 }
1490 return;
1491 }
1492 /*
1494 * Now we'll start writing out refs, which means the objects need
1495 * to be in their final positions so that other processes can see them.
1496 */
1497 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1498 for (cmd = commands; cmd; cmd = cmd->next) {
1499 if (!cmd->error_string)
1500 cmd->error_string = "unable to migrate objects to permanent storage";
1501 }
1502 return;
1503 }
1504 tmp_objdir = NULL;
1505 check_aliased_updates(commands);
1507 free(head_name_to_free);
1509 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1510 if (use_atomic)
1512 execute_commands_atomic(commands, si);
1513 else
1514 execute_commands_non_atomic(commands, si);
1515 if (shallow_update)
1517 warn_if_skipped_connectivity_check(commands, si);
1518}
1519static struct command **queue_command(struct command **tail,
1521 const char *line,
1522 int linelen)
1523{
1524 struct object_id old_oid, new_oid;
1525 struct command *cmd;
1526 const char *refname;
1527 int reflen;
1528 const char *p;
1529 if (parse_oid_hex(line, &old_oid, &p) ||
1531 *p++ != ' ' ||
1532 parse_oid_hex(p, &new_oid, &p) ||
1533 *p++ != ' ')
1534 die("protocol error: expected old/new/ref, got '%s'", line);
1535 refname = p;
1537 reflen = linelen - (p - line);
1538 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1539 oidcpy(&cmd->old_oid, &old_oid);
1540 oidcpy(&cmd->new_oid, &new_oid);
1541 *tail = cmd;
1542 return &cmd->next;
1543}
1544static void queue_commands_from_cert(struct command **tail,
1546 struct strbuf *push_cert)
1547{
1548 const char *boc, *eoc;
1549 if (*tail)
1551 die("protocol error: got both push certificate and unsigned commands");
1552 boc = strstr(push_cert->buf, "\n\n");
1554 if (!boc)
1555 die("malformed push certificate %.*s", 100, push_cert->buf);
1556 else
1557 boc += 2;
1558 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1559 while (boc < eoc) {
1561 const char *eol = memchr(boc, '\n', eoc - boc);
1562 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1563 boc = eol ? eol + 1 : eoc;
1564 }
1565}
1566static struct command *read_head_info(struct oid_array *shallow)
1568{
1569 struct command *commands = NULL;
1570 struct command **p = &commands;
1571 for (;;) {
1572 char *line;
1573 int len, linelen;
1574 line = packet_read_line(0, &len);
1576 if (!line)
1577 break;
1578 if (len > 8 && starts_with(line, "shallow ")) {
1580 struct object_id oid;
1581 if (get_oid_hex(line + 8, &oid))
1582 die("protocol error: expected shallow sha, got '%s'",
1583 line + 8);
1584 oid_array_append(shallow, &oid);
1585 continue;
1586 }
1587 linelen = strlen(line);
1589 if (linelen < len) {
1590 const char *feature_list = line + linelen + 1;
1591 if (parse_feature_request(feature_list, "report-status"))
1592 report_status = 1;
1593 if (parse_feature_request(feature_list, "side-band-64k"))
1594 use_sideband = LARGE_PACKET_MAX;
1595 if (parse_feature_request(feature_list, "quiet"))
1596 quiet = 1;
1597 if (advertise_atomic_push
1598 && parse_feature_request(feature_list, "atomic"))
1599 use_atomic = 1;
1600 if (advertise_push_options
1601 && parse_feature_request(feature_list, "push-options"))
1602 use_push_options = 1;
1603 }
1604 if (!strcmp(line, "push-cert")) {
1606 int true_flush = 0;
1607 char certbuf[1024];
1608 for (;;) {
1610 len = packet_read(0, NULL, NULL,
1611 certbuf, sizeof(certbuf), 0);
1612 if (!len) {
1613 true_flush = 1;
1614 break;
1615 }
1616 if (!strcmp(certbuf, "push-cert-end\n"))
1617 break; /* end of cert */
1618 strbuf_addstr(&push_cert, certbuf);
1619 }
1620 if (true_flush)
1622 break;
1623 continue;
1624 }
1625 p = queue_command(p, line, linelen);
1627 }
1628 if (push_cert.len)
1630 queue_commands_from_cert(p, &push_cert);
1631 return commands;
1633}
1634static void read_push_options(struct string_list *options)
1636{
1637 while (1) {
1638 char *line;
1639 int len;
1640 line = packet_read_line(0, &len);
1642 if (!line)
1644 break;
1645 string_list_append(options, line);
1647 }
1648}
1649static const char *parse_pack_header(struct pack_header *hdr)
1651{
1652 switch (read_pack_header(0, hdr)) {
1653 case PH_ERROR_EOF:
1654 return "eof before pack header was fully read";
1655 case PH_ERROR_PACK_SIGNATURE:
1657 return "protocol error (pack signature mismatch detected)";
1658 case PH_ERROR_PROTOCOL:
1660 return "protocol error (pack version unsupported)";
1661 default:
1663 return "unknown error in parse_pack_header";
1664 case 0:
1666 return NULL;
1667 }
1668}
1669static const char *pack_lockfile;
1671static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1673{
1674 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1675 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1676}
1677static const char *unpack(int err_fd, struct shallow_info *si)
1679{
1680 struct pack_header hdr;
1681 const char *hdr_err;
1682 int status;
1683 struct child_process child = CHILD_PROCESS_INIT;
1684 int fsck_objects = (receive_fsck_objects >= 0
1685 ? receive_fsck_objects
1686 : transfer_fsck_objects >= 0
1687 ? transfer_fsck_objects
1688 : 0);
1689 hdr_err = parse_pack_header(&hdr);
1691 if (hdr_err) {
1692 if (err_fd > 0)
1693 close(err_fd);
1694 return hdr_err;
1695 }
1696 if (si->nr_ours || si->nr_theirs) {
1698 alt_shallow_file = setup_temporary_shallow(si->shallow);
1699 argv_array_push(&child.args, "--shallow-file");
1700 argv_array_push(&child.args, alt_shallow_file);
1701 }
1702 tmp_objdir = tmp_objdir_create();
1704 if (!tmp_objdir) {
1705 if (err_fd > 0)
1706 close(err_fd);
1707 return "unable to create temporary object directory";
1708 }
1709 child.env = tmp_objdir_env(tmp_objdir);
1710 /*
1712 * Normally we just pass the tmp_objdir environment to the child
1713 * processes that do the heavy lifting, but we may need to see these
1714 * objects ourselves to set up shallow information.
1715 */
1716 tmp_objdir_add_as_alternate(tmp_objdir);
1717 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1719 argv_array_push(&child.args, "unpack-objects");
1720 push_header_arg(&child.args, &hdr);
1721 if (quiet)
1722 argv_array_push(&child.args, "-q");
1723 if (fsck_objects)
1724 argv_array_pushf(&child.args, "--strict%s",
1725 fsck_msg_types.buf);
1726 if (max_input_size)
1727 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1728 (uintmax_t)max_input_size);
1729 child.no_stdout = 1;
1730 child.err = err_fd;
1731 child.git_cmd = 1;
1732 status = run_command(&child);
1733 if (status)
1734 return "unpack-objects abnormal exit";
1735 } else {
1736 char hostname[HOST_NAME_MAX + 1];
1737 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1739 push_header_arg(&child.args, &hdr);
1740 if (xgethostname(hostname, sizeof(hostname)))
1742 xsnprintf(hostname, sizeof(hostname), "localhost");
1743 argv_array_pushf(&child.args,
1744 "--keep=receive-pack %"PRIuMAX" on %s",
1745 (uintmax_t)getpid(),
1746 hostname);
1747 if (!quiet && err_fd)
1749 argv_array_push(&child.args, "--show-resolving-progress");
1750 if (use_sideband)
1751 argv_array_push(&child.args, "--report-end-of-input");
1752 if (fsck_objects)
1753 argv_array_pushf(&child.args, "--strict%s",
1754 fsck_msg_types.buf);
1755 if (!reject_thin)
1756 argv_array_push(&child.args, "--fix-thin");
1757 if (max_input_size)
1758 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1759 (uintmax_t)max_input_size);
1760 child.out = -1;
1761 child.err = err_fd;
1762 child.git_cmd = 1;
1763 status = start_command(&child);
1764 if (status)
1765 return "index-pack fork failed";
1766 pack_lockfile = index_pack_lockfile(child.out);
1767 close(child.out);
1768 status = finish_command(&child);
1769 if (status)
1770 return "index-pack abnormal exit";
1771 reprepare_packed_git(the_repository);
1772 }
1773 return NULL;
1774}
1775static const char *unpack_with_sideband(struct shallow_info *si)
1777{
1778 struct async muxer;
1779 const char *ret;
1780 if (!use_sideband)
1782 return unpack(0, si);
1783 use_keepalive = KEEPALIVE_AFTER_NUL;
1785 memset(&muxer, 0, sizeof(muxer));
1786 muxer.proc = copy_to_sideband;
1787 muxer.in = -1;
1788 if (start_async(&muxer))
1789 return NULL;
1790 ret = unpack(muxer.in, si);
1792 finish_async(&muxer);
1794 return ret;
1795}
1796static void prepare_shallow_update(struct command *commands,
1798 struct shallow_info *si)
1799{
1800 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1801 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1803 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1804 si->need_reachability_test =
1806 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1807 si->reachable =
1808 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1809 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1810 for (i = 0; i < si->nr_ours; i++)
1812 si->need_reachability_test[si->ours[i]] = 1;
1813 for (i = 0; i < si->shallow->nr; i++) {
1815 if (!si->used_shallow[i])
1816 continue;
1817 for (j = 0; j < bitmap_size; j++) {
1818 if (!si->used_shallow[i][j])
1819 continue;
1820 si->need_reachability_test[i]++;
1821 for (k = 0; k < 32; k++)
1822 if (si->used_shallow[i][j] & (1U << k))
1823 si->shallow_ref[j * 32 + k]++;
1824 }
1825 /*
1827 * true for those associated with some refs and belong
1828 * in "ours" list aka "step 7 not done yet"
1829 */
1830 si->need_reachability_test[i] =
1831 si->need_reachability_test[i] > 1;
1832 }
1833 /*
1835 * keep hooks happy by forcing a temporary shallow file via
1836 * env variable because we can't add --shallow-file to every
1837 * command. check_everything_connected() will be done with
1838 * true .git/shallow though.
1839 */
1840 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1841}
1842static void update_shallow_info(struct command *commands,
1844 struct shallow_info *si,
1845 struct oid_array *ref)
1846{
1847 struct command *cmd;
1848 int *ref_status;
1849 remove_nonexistent_theirs_shallow(si);
1850 if (!si->nr_ours && !si->nr_theirs) {
1851 shallow_update = 0;
1852 return;
1853 }
1854 for (cmd = commands; cmd; cmd = cmd->next) {
1856 if (is_null_oid(&cmd->new_oid))
1857 continue;
1858 oid_array_append(ref, &cmd->new_oid);
1859 cmd->index = ref->nr - 1;
1860 }
1861 si->ref = ref;
1862 if (shallow_update) {
1864 prepare_shallow_update(commands, si);
1865 return;
1866 }
1867 ALLOC_ARRAY(ref_status, ref->nr);
1869 assign_shallow_commits_to_refs(si, NULL, ref_status);
1870 for (cmd = commands; cmd; cmd = cmd->next) {
1871 if (is_null_oid(&cmd->new_oid))
1872 continue;
1873 if (ref_status[cmd->index]) {
1874 cmd->error_string = "shallow update not allowed";
1875 cmd->skip_update = 1;
1876 }
1877 }
1878 free(ref_status);
1879}
1880static void report(struct command *commands, const char *unpack_status)
1882{
1883 struct command *cmd;
1884 struct strbuf buf = STRBUF_INIT;
1885 packet_buf_write(&buf, "unpack %s\n",
1887 unpack_status ? unpack_status : "ok");
1888 for (cmd = commands; cmd; cmd = cmd->next) {
1889 if (!cmd->error_string)
1890 packet_buf_write(&buf, "ok %s\n",
1891 cmd->ref_name);
1892 else
1893 packet_buf_write(&buf, "ng %s %s\n",
1894 cmd->ref_name, cmd->error_string);
1895 }
1896 packet_buf_flush(&buf);
1897 if (use_sideband)
1899 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1900 else
1901 write_or_die(1, buf.buf, buf.len);
1902 strbuf_release(&buf);
1903}
1904static int delete_only(struct command *commands)
1906{
1907 struct command *cmd;
1908 for (cmd = commands; cmd; cmd = cmd->next) {
1909 if (!is_null_oid(&cmd->new_oid))
1910 return 0;
1911 }
1912 return 1;
1913}
1914int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1916{
1917 int advertise_refs = 0;
1918 struct command *commands;
1919 struct oid_array shallow = OID_ARRAY_INIT;
1920 struct oid_array ref = OID_ARRAY_INIT;
1921 struct shallow_info si;
1922 struct option options[] = {
1924 OPT__QUIET(&quiet, N_("quiet")),
1925 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1926 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1927 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1928 OPT_END()
1929 };
1930 packet_trace_identity("receive-pack");
1932 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1934 if (argc > 1)
1936 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1937 if (argc == 0)
1938 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1939 service_dir = argv[0];
1941 setup_path();
1943 if (!enter_repo(service_dir, 0))
1945 die("'%s' does not appear to be a git repository", service_dir);
1946 git_config(receive_pack_config, NULL);
1948 if (cert_nonce_seed)
1949 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1950 if (0 <= transfer_unpack_limit)
1952 unpack_limit = transfer_unpack_limit;
1953 else if (0 <= receive_unpack_limit)
1954 unpack_limit = receive_unpack_limit;
1955 switch (determine_protocol_version_server()) {
1957 case protocol_v2:
1958 /*
1959 * push support for protocol v2 has not been implemented yet,
1960 * so ignore the request to use v2 and fallback to using v0.
1961 */
1962 break;
1963 case protocol_v1:
1964 /*
1965 * v1 is just the original protocol with a version string,
1966 * so just fall through after writing the version string.
1967 */
1968 if (advertise_refs || !stateless_rpc)
1969 packet_write_fmt(1, "version 1\n");
1970 /* fallthrough */
1972 case protocol_v0:
1973 break;
1974 case protocol_unknown_version:
1975 BUG("unknown protocol version");
1976 }
1977 if (advertise_refs || !stateless_rpc) {
1979 write_head_info();
1980 }
1981 if (advertise_refs)
1982 return 0;
1983 if ((commands = read_head_info(&shallow)) != NULL) {
1985 const char *unpack_status = NULL;
1986 struct string_list push_options = STRING_LIST_INIT_DUP;
1987 if (use_push_options)
1989 read_push_options(&push_options);
1990 if (!check_cert_push_options(&push_options)) {
1991 struct command *cmd;
1992 for (cmd = commands; cmd; cmd = cmd->next)
1993 cmd->error_string = "inconsistent push options";
1994 }
1995 prepare_shallow_info(&si, &shallow);
1997 if (!si.nr_ours && !si.nr_theirs)
1998 shallow_update = 0;
1999 if (!delete_only(commands)) {
2000 unpack_status = unpack_with_sideband(&si);
2001 update_shallow_info(commands, &si, &ref);
2002 }
2003 use_keepalive = KEEPALIVE_ALWAYS;
2004 execute_commands(commands, unpack_status, &si,
2005 &push_options);
2006 if (pack_lockfile)
2007 unlink_or_warn(pack_lockfile);
2008 if (report_status)
2009 report(commands, unpack_status);
2010 run_receive_hook(commands, "post-receive", 1,
2011 &push_options);
2012 run_update_post_hook(commands);
2013 string_list_clear(&push_options, 0);
2014 if (auto_gc) {
2015 const char *argv_gc_auto[] = {
2016 "gc", "--auto", "--quiet", NULL,
2017 };
2018 struct child_process proc = CHILD_PROCESS_INIT;
2019 proc.no_stdin = 1;
2021 proc.stdout_to_stderr = 1;
2022 proc.err = use_sideband ? -1 : 0;
2023 proc.git_cmd = 1;
2024 proc.argv = argv_gc_auto;
2025 close_all_packs(the_repository->objects);
2027 if (!start_command(&proc)) {
2028 if (use_sideband)
2029 copy_to_sideband(proc.err, -1, NULL);
2030 finish_command(&proc);
2031 }
2032 }
2033 if (auto_update_server_info)
2034 update_server_info(0);
2035 clear_shallow_info(&si);
2036 }
2037 if (use_sideband)
2038 packet_flush(1);
2039 oid_array_clear(&shallow);
2040 oid_array_clear(&ref);
2041 free((void *)push_cert_nonce);
2042 return 0;
2043}