1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24#include "oidset.h"
25
26static const char * const receive_pack_usage[] = {
27 N_("git receive-pack <git-dir>"),
28 NULL
29};
30
31enum deny_action {
32 DENY_UNCONFIGURED,
33 DENY_IGNORE,
34 DENY_WARN,
35 DENY_REFUSE,
36 DENY_UPDATE_INSTEAD
37};
38
39static int deny_deletes;
40static int deny_non_fast_forwards;
41static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
42static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
43static int receive_fsck_objects = -1;
44static int transfer_fsck_objects = -1;
45static struct strbuf fsck_msg_types = STRBUF_INIT;
46static int receive_unpack_limit = -1;
47static int transfer_unpack_limit = -1;
48static int advertise_atomic_push = 1;
49static int advertise_push_options;
50static int unpack_limit = 100;
51static off_t max_input_size;
52static int report_status;
53static int use_sideband;
54static int use_atomic;
55static int use_push_options;
56static int quiet;
57static int prefer_ofs_delta = 1;
58static int auto_update_server_info;
59static int auto_gc = 1;
60static int reject_thin;
61static int stateless_rpc;
62static const char *service_dir;
63static const char *head_name;
64static void *head_name_to_free;
65static int sent_capabilities;
66static int shallow_update;
67static const char *alt_shallow_file;
68static struct strbuf push_cert = STRBUF_INIT;
69static unsigned char push_cert_sha1[20];
70static struct signature_check sigcheck;
71static const char *push_cert_nonce;
72static const char *cert_nonce_seed;
73
74static const char *NONCE_UNSOLICITED = "UNSOLICITED";
75static const char *NONCE_BAD = "BAD";
76static const char *NONCE_MISSING = "MISSING";
77static const char *NONCE_OK = "OK";
78static const char *NONCE_SLOP = "SLOP";
79static const char *nonce_status;
80static long nonce_stamp_slop;
81static timestamp_t nonce_stamp_slop_limit;
82static struct ref_transaction *transaction;
83
84static enum {
85 KEEPALIVE_NEVER = 0,
86 KEEPALIVE_AFTER_NUL,
87 KEEPALIVE_ALWAYS
88} use_keepalive;
89static int keepalive_in_sec = 5;
90
91static struct tmp_objdir *tmp_objdir;
92
93static enum deny_action parse_deny_action(const char *var, const char *value)
94{
95 if (value) {
96 if (!strcasecmp(value, "ignore"))
97 return DENY_IGNORE;
98 if (!strcasecmp(value, "warn"))
99 return DENY_WARN;
100 if (!strcasecmp(value, "refuse"))
101 return DENY_REFUSE;
102 if (!strcasecmp(value, "updateinstead"))
103 return DENY_UPDATE_INSTEAD;
104 }
105 if (git_config_bool(var, value))
106 return DENY_REFUSE;
107 return DENY_IGNORE;
108}
109
110static int receive_pack_config(const char *var, const char *value, void *cb)
111{
112 int status = parse_hide_refs_config(var, value, "receive");
113
114 if (status)
115 return status;
116
117 if (strcmp(var, "receive.denydeletes") == 0) {
118 deny_deletes = git_config_bool(var, value);
119 return 0;
120 }
121
122 if (strcmp(var, "receive.denynonfastforwards") == 0) {
123 deny_non_fast_forwards = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.unpacklimit") == 0) {
128 receive_unpack_limit = git_config_int(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "transfer.unpacklimit") == 0) {
133 transfer_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "receive.fsck.skiplist") == 0) {
138 const char *path;
139
140 if (git_config_pathname(&path, var, value))
141 return 1;
142 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
143 fsck_msg_types.len ? ',' : '=', path);
144 free((char *)path);
145 return 0;
146 }
147
148 if (skip_prefix(var, "receive.fsck.", &var)) {
149 if (is_valid_msg_type(var, value))
150 strbuf_addf(&fsck_msg_types, "%c%s=%s",
151 fsck_msg_types.len ? ',' : '=', var, value);
152 else
153 warning("Skipping unknown msg id '%s'", var);
154 return 0;
155 }
156
157 if (strcmp(var, "receive.fsckobjects") == 0) {
158 receive_fsck_objects = git_config_bool(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "transfer.fsckobjects") == 0) {
163 transfer_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (!strcmp(var, "receive.denycurrentbranch")) {
168 deny_current_branch = parse_deny_action(var, value);
169 return 0;
170 }
171
172 if (strcmp(var, "receive.denydeletecurrent") == 0) {
173 deny_delete_current = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
178 prefer_ofs_delta = git_config_bool(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.updateserverinfo") == 0) {
183 auto_update_server_info = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.autogc") == 0) {
188 auto_gc = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.shallowupdate") == 0) {
193 shallow_update = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.certnonceseed") == 0)
198 return git_config_string(&cert_nonce_seed, var, value);
199
200 if (strcmp(var, "receive.certnonceslop") == 0) {
201 nonce_stamp_slop_limit = git_config_ulong(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "receive.advertiseatomic") == 0) {
206 advertise_atomic_push = git_config_bool(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertisepushoptions") == 0) {
211 advertise_push_options = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.keepalive") == 0) {
216 keepalive_in_sec = git_config_int(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.maxinputsize") == 0) {
221 max_input_size = git_config_int64(var, value);
222 return 0;
223 }
224
225 return git_default_config(var, value, cb);
226}
227
228static void show_ref(const char *path, const struct object_id *oid)
229{
230 if (sent_capabilities) {
231 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
232 } else {
233 struct strbuf cap = STRBUF_INIT;
234
235 strbuf_addstr(&cap,
236 "report-status delete-refs side-band-64k quiet");
237 if (advertise_atomic_push)
238 strbuf_addstr(&cap, " atomic");
239 if (prefer_ofs_delta)
240 strbuf_addstr(&cap, " ofs-delta");
241 if (push_cert_nonce)
242 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
243 if (advertise_push_options)
244 strbuf_addstr(&cap, " push-options");
245 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
246 packet_write_fmt(1, "%s %s%c%s\n",
247 oid_to_hex(oid), path, 0, cap.buf);
248 strbuf_release(&cap);
249 sent_capabilities = 1;
250 }
251}
252
253static int show_ref_cb(const char *path_full, const struct object_id *oid,
254 int flag, void *data)
255{
256 struct oidset *seen = data;
257 const char *path = strip_namespace(path_full);
258
259 if (ref_is_hidden(path, path_full))
260 return 0;
261
262 /*
263 * Advertise refs outside our current namespace as ".have"
264 * refs, so that the client can use them to minimize data
265 * transfer but will otherwise ignore them.
266 */
267 if (!path) {
268 if (oidset_insert(seen, oid))
269 return 0;
270 path = ".have";
271 } else {
272 oidset_insert(seen, oid);
273 }
274 show_ref(path, oid);
275 return 0;
276}
277
278static void show_one_alternate_ref(const char *refname,
279 const struct object_id *oid,
280 void *data)
281{
282 struct oidset *seen = data;
283
284 if (oidset_insert(seen, oid))
285 return;
286
287 show_ref(".have", oid);
288}
289
290static void write_head_info(void)
291{
292 static struct oidset seen = OIDSET_INIT;
293
294 for_each_ref(show_ref_cb, &seen);
295 for_each_alternate_ref(show_one_alternate_ref, &seen);
296 oidset_clear(&seen);
297 if (!sent_capabilities)
298 show_ref("capabilities^{}", &null_oid);
299
300 advertise_shallow_grafts(1);
301
302 /* EOF */
303 packet_flush(1);
304}
305
306struct command {
307 struct command *next;
308 const char *error_string;
309 unsigned int skip_update:1,
310 did_not_exist:1;
311 int index;
312 struct object_id old_oid;
313 struct object_id new_oid;
314 char ref_name[FLEX_ARRAY]; /* more */
315};
316
317static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
318static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
319
320static void report_message(const char *prefix, const char *err, va_list params)
321{
322 int sz;
323 char msg[4096];
324
325 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
326 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
327 if (sz > (sizeof(msg) - 1))
328 sz = sizeof(msg) - 1;
329 msg[sz++] = '\n';
330
331 if (use_sideband)
332 send_sideband(1, 2, msg, sz, use_sideband);
333 else
334 xwrite(2, msg, sz);
335}
336
337static void rp_warning(const char *err, ...)
338{
339 va_list params;
340 va_start(params, err);
341 report_message("warning: ", err, params);
342 va_end(params);
343}
344
345static void rp_error(const char *err, ...)
346{
347 va_list params;
348 va_start(params, err);
349 report_message("error: ", err, params);
350 va_end(params);
351}
352
353static int copy_to_sideband(int in, int out, void *arg)
354{
355 char data[128];
356 int keepalive_active = 0;
357
358 if (keepalive_in_sec <= 0)
359 use_keepalive = KEEPALIVE_NEVER;
360 if (use_keepalive == KEEPALIVE_ALWAYS)
361 keepalive_active = 1;
362
363 while (1) {
364 ssize_t sz;
365
366 if (keepalive_active) {
367 struct pollfd pfd;
368 int ret;
369
370 pfd.fd = in;
371 pfd.events = POLLIN;
372 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
373
374 if (ret < 0) {
375 if (errno == EINTR)
376 continue;
377 else
378 break;
379 } else if (ret == 0) {
380 /* no data; send a keepalive packet */
381 static const char buf[] = "0005\1";
382 write_or_die(1, buf, sizeof(buf) - 1);
383 continue;
384 } /* else there is actual data to read */
385 }
386
387 sz = xread(in, data, sizeof(data));
388 if (sz <= 0)
389 break;
390
391 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
392 const char *p = memchr(data, '\0', sz);
393 if (p) {
394 /*
395 * The NUL tells us to start sending keepalives. Make
396 * sure we send any other data we read along
397 * with it.
398 */
399 keepalive_active = 1;
400 send_sideband(1, 2, data, p - data, use_sideband);
401 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
402 continue;
403 }
404 }
405
406 /*
407 * Either we're not looking for a NUL signal, or we didn't see
408 * it yet; just pass along the data.
409 */
410 send_sideband(1, 2, data, sz, use_sideband);
411 }
412 close(in);
413 return 0;
414}
415
416#define HMAC_BLOCK_SIZE 64
417
418static void hmac_sha1(unsigned char *out,
419 const char *key_in, size_t key_len,
420 const char *text, size_t text_len)
421{
422 unsigned char key[HMAC_BLOCK_SIZE];
423 unsigned char k_ipad[HMAC_BLOCK_SIZE];
424 unsigned char k_opad[HMAC_BLOCK_SIZE];
425 int i;
426 git_SHA_CTX ctx;
427
428 /* RFC 2104 2. (1) */
429 memset(key, '\0', HMAC_BLOCK_SIZE);
430 if (HMAC_BLOCK_SIZE < key_len) {
431 git_SHA1_Init(&ctx);
432 git_SHA1_Update(&ctx, key_in, key_len);
433 git_SHA1_Final(key, &ctx);
434 } else {
435 memcpy(key, key_in, key_len);
436 }
437
438 /* RFC 2104 2. (2) & (5) */
439 for (i = 0; i < sizeof(key); i++) {
440 k_ipad[i] = key[i] ^ 0x36;
441 k_opad[i] = key[i] ^ 0x5c;
442 }
443
444 /* RFC 2104 2. (3) & (4) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
447 git_SHA1_Update(&ctx, text, text_len);
448 git_SHA1_Final(out, &ctx);
449
450 /* RFC 2104 2. (6) & (7) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
453 git_SHA1_Update(&ctx, out, 20);
454 git_SHA1_Final(out, &ctx);
455}
456
457static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
458{
459 struct strbuf buf = STRBUF_INIT;
460 unsigned char sha1[20];
461
462 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
463 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
464 strbuf_release(&buf);
465
466 /* RFC 2104 5. HMAC-SHA1-80 */
467 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
468 return strbuf_detach(&buf, NULL);
469}
470
471/*
472 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
473 * after dropping "_commit" from its name and possibly moving it out
474 * of commit.c
475 */
476static char *find_header(const char *msg, size_t len, const char *key)
477{
478 int key_len = strlen(key);
479 const char *line = msg;
480
481 while (line && line < msg + len) {
482 const char *eol = strchrnul(line, '\n');
483
484 if ((msg + len <= eol) || line == eol)
485 return NULL;
486 if (line + key_len < eol &&
487 !memcmp(line, key, key_len) && line[key_len] == ' ') {
488 int offset = key_len + 1;
489 return xmemdupz(line + offset, (eol - line) - offset);
490 }
491 line = *eol ? eol + 1 : NULL;
492 }
493 return NULL;
494}
495
496static const char *check_nonce(const char *buf, size_t len)
497{
498 char *nonce = find_header(buf, len, "nonce");
499 timestamp_t stamp, ostamp;
500 char *bohmac, *expect = NULL;
501 const char *retval = NONCE_BAD;
502
503 if (!nonce) {
504 retval = NONCE_MISSING;
505 goto leave;
506 } else if (!push_cert_nonce) {
507 retval = NONCE_UNSOLICITED;
508 goto leave;
509 } else if (!strcmp(push_cert_nonce, nonce)) {
510 retval = NONCE_OK;
511 goto leave;
512 }
513
514 if (!stateless_rpc) {
515 /* returned nonce MUST match what we gave out earlier */
516 retval = NONCE_BAD;
517 goto leave;
518 }
519
520 /*
521 * In stateless mode, we may be receiving a nonce issued by
522 * another instance of the server that serving the same
523 * repository, and the timestamps may not match, but the
524 * nonce-seed and dir should match, so we can recompute and
525 * report the time slop.
526 *
527 * In addition, when a nonce issued by another instance has
528 * timestamp within receive.certnonceslop seconds, we pretend
529 * as if we issued that nonce when reporting to the hook.
530 */
531
532 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
533 if (*nonce <= '0' || '9' < *nonce) {
534 retval = NONCE_BAD;
535 goto leave;
536 }
537 stamp = parse_timestamp(nonce, &bohmac, 10);
538 if (bohmac == nonce || bohmac[0] != '-') {
539 retval = NONCE_BAD;
540 goto leave;
541 }
542
543 expect = prepare_push_cert_nonce(service_dir, stamp);
544 if (strcmp(expect, nonce)) {
545 /* Not what we would have signed earlier */
546 retval = NONCE_BAD;
547 goto leave;
548 }
549
550 /*
551 * By how many seconds is this nonce stale? Negative value
552 * would mean it was issued by another server with its clock
553 * skewed in the future.
554 */
555 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
556 nonce_stamp_slop = (long)ostamp - (long)stamp;
557
558 if (nonce_stamp_slop_limit &&
559 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
560 /*
561 * Pretend as if the received nonce (which passes the
562 * HMAC check, so it is not a forged by third-party)
563 * is what we issued.
564 */
565 free((void *)push_cert_nonce);
566 push_cert_nonce = xstrdup(nonce);
567 retval = NONCE_OK;
568 } else {
569 retval = NONCE_SLOP;
570 }
571
572leave:
573 free(nonce);
574 free(expect);
575 return retval;
576}
577
578static void prepare_push_cert_sha1(struct child_process *proc)
579{
580 static int already_done;
581
582 if (!push_cert.len)
583 return;
584
585 if (!already_done) {
586 struct strbuf gpg_output = STRBUF_INIT;
587 struct strbuf gpg_status = STRBUF_INIT;
588 int bogs /* beginning_of_gpg_sig */;
589
590 already_done = 1;
591 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
592 hashclr(push_cert_sha1);
593
594 memset(&sigcheck, '\0', sizeof(sigcheck));
595 sigcheck.result = 'N';
596
597 bogs = parse_signature(push_cert.buf, push_cert.len);
598 if (verify_signed_buffer(push_cert.buf, bogs,
599 push_cert.buf + bogs, push_cert.len - bogs,
600 &gpg_output, &gpg_status) < 0) {
601 ; /* error running gpg */
602 } else {
603 sigcheck.payload = push_cert.buf;
604 sigcheck.gpg_output = gpg_output.buf;
605 sigcheck.gpg_status = gpg_status.buf;
606 parse_gpg_output(&sigcheck);
607 }
608
609 strbuf_release(&gpg_output);
610 strbuf_release(&gpg_status);
611 nonce_status = check_nonce(push_cert.buf, bogs);
612 }
613 if (!is_null_sha1(push_cert_sha1)) {
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
615 sha1_to_hex(push_cert_sha1));
616 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
617 sigcheck.signer ? sigcheck.signer : "");
618 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
619 sigcheck.key ? sigcheck.key : "");
620 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
621 sigcheck.result);
622 if (push_cert_nonce) {
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE=%s",
625 push_cert_nonce);
626 argv_array_pushf(&proc->env_array,
627 "GIT_PUSH_CERT_NONCE_STATUS=%s",
628 nonce_status);
629 if (nonce_status == NONCE_SLOP)
630 argv_array_pushf(&proc->env_array,
631 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
632 nonce_stamp_slop);
633 }
634 }
635}
636
637struct receive_hook_feed_state {
638 struct command *cmd;
639 int skip_broken;
640 struct strbuf buf;
641 const struct string_list *push_options;
642};
643
644typedef int (*feed_fn)(void *, const char **, size_t *);
645static int run_and_feed_hook(const char *hook_name, feed_fn feed,
646 struct receive_hook_feed_state *feed_state)
647{
648 struct child_process proc = CHILD_PROCESS_INIT;
649 struct async muxer;
650 const char *argv[2];
651 int code;
652
653 argv[0] = find_hook(hook_name);
654 if (!argv[0])
655 return 0;
656
657 argv[1] = NULL;
658
659 proc.argv = argv;
660 proc.in = -1;
661 proc.stdout_to_stderr = 1;
662 if (feed_state->push_options) {
663 int i;
664 for (i = 0; i < feed_state->push_options->nr; i++)
665 argv_array_pushf(&proc.env_array,
666 "GIT_PUSH_OPTION_%d=%s", i,
667 feed_state->push_options->items[i].string);
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
669 feed_state->push_options->nr);
670 } else
671 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
672
673 if (tmp_objdir)
674 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
675
676 if (use_sideband) {
677 memset(&muxer, 0, sizeof(muxer));
678 muxer.proc = copy_to_sideband;
679 muxer.in = -1;
680 code = start_async(&muxer);
681 if (code)
682 return code;
683 proc.err = muxer.in;
684 }
685
686 prepare_push_cert_sha1(&proc);
687
688 code = start_command(&proc);
689 if (code) {
690 if (use_sideband)
691 finish_async(&muxer);
692 return code;
693 }
694
695 sigchain_push(SIGPIPE, SIG_IGN);
696
697 while (1) {
698 const char *buf;
699 size_t n;
700 if (feed(feed_state, &buf, &n))
701 break;
702 if (write_in_full(proc.in, buf, n) != n)
703 break;
704 }
705 close(proc.in);
706 if (use_sideband)
707 finish_async(&muxer);
708
709 sigchain_pop(SIGPIPE);
710
711 return finish_command(&proc);
712}
713
714static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
715{
716 struct receive_hook_feed_state *state = state_;
717 struct command *cmd = state->cmd;
718
719 while (cmd &&
720 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
721 cmd = cmd->next;
722 if (!cmd)
723 return -1; /* EOF */
724 strbuf_reset(&state->buf);
725 strbuf_addf(&state->buf, "%s %s %s\n",
726 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
727 cmd->ref_name);
728 state->cmd = cmd->next;
729 if (bufp) {
730 *bufp = state->buf.buf;
731 *sizep = state->buf.len;
732 }
733 return 0;
734}
735
736static int run_receive_hook(struct command *commands,
737 const char *hook_name,
738 int skip_broken,
739 const struct string_list *push_options)
740{
741 struct receive_hook_feed_state state;
742 int status;
743
744 strbuf_init(&state.buf, 0);
745 state.cmd = commands;
746 state.skip_broken = skip_broken;
747 if (feed_receive_hook(&state, NULL, NULL))
748 return 0;
749 state.cmd = commands;
750 state.push_options = push_options;
751 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
752 strbuf_release(&state.buf);
753 return status;
754}
755
756static int run_update_hook(struct command *cmd)
757{
758 const char *argv[5];
759 struct child_process proc = CHILD_PROCESS_INIT;
760 int code;
761
762 argv[0] = find_hook("update");
763 if (!argv[0])
764 return 0;
765
766 argv[1] = cmd->ref_name;
767 argv[2] = oid_to_hex(&cmd->old_oid);
768 argv[3] = oid_to_hex(&cmd->new_oid);
769 argv[4] = NULL;
770
771 proc.no_stdin = 1;
772 proc.stdout_to_stderr = 1;
773 proc.err = use_sideband ? -1 : 0;
774 proc.argv = argv;
775
776 code = start_command(&proc);
777 if (code)
778 return code;
779 if (use_sideband)
780 copy_to_sideband(proc.err, -1, NULL);
781 return finish_command(&proc);
782}
783
784static int is_ref_checked_out(const char *ref)
785{
786 if (is_bare_repository())
787 return 0;
788
789 if (!head_name)
790 return 0;
791 return !strcmp(head_name, ref);
792}
793
794static char *refuse_unconfigured_deny_msg =
795 N_("By default, updating the current branch in a non-bare repository\n"
796 "is denied, because it will make the index and work tree inconsistent\n"
797 "with what you pushed, and will require 'git reset --hard' to match\n"
798 "the work tree to HEAD.\n"
799 "\n"
800 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
801 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
802 "its current branch; however, this is not recommended unless you\n"
803 "arranged to update its work tree to match what you pushed in some\n"
804 "other way.\n"
805 "\n"
806 "To squelch this message and still keep the default behaviour, set\n"
807 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
808
809static void refuse_unconfigured_deny(void)
810{
811 rp_error("%s", _(refuse_unconfigured_deny_msg));
812}
813
814static char *refuse_unconfigured_deny_delete_current_msg =
815 N_("By default, deleting the current branch is denied, because the next\n"
816 "'git clone' won't result in any file checked out, causing confusion.\n"
817 "\n"
818 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
819 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
820 "current branch, with or without a warning message.\n"
821 "\n"
822 "To squelch this message, you can set it to 'refuse'.");
823
824static void refuse_unconfigured_deny_delete_current(void)
825{
826 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
827}
828
829static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
830static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
831{
832 static struct lock_file shallow_lock;
833 struct oid_array extra = OID_ARRAY_INIT;
834 struct check_connected_options opt = CHECK_CONNECTED_INIT;
835 uint32_t mask = 1 << (cmd->index % 32);
836 int i;
837
838 trace_printf_key(&trace_shallow,
839 "shallow: update_shallow_ref %s\n", cmd->ref_name);
840 for (i = 0; i < si->shallow->nr; i++)
841 if (si->used_shallow[i] &&
842 (si->used_shallow[i][cmd->index / 32] & mask) &&
843 !delayed_reachability_test(si, i))
844 oid_array_append(&extra, &si->shallow->oid[i]);
845
846 opt.env = tmp_objdir_env(tmp_objdir);
847 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
848 if (check_connected(command_singleton_iterator, cmd, &opt)) {
849 rollback_lock_file(&shallow_lock);
850 oid_array_clear(&extra);
851 return -1;
852 }
853
854 commit_lock_file(&shallow_lock);
855
856 /*
857 * Make sure setup_alternate_shallow() for the next ref does
858 * not lose these new roots..
859 */
860 for (i = 0; i < extra.nr; i++)
861 register_shallow(extra.oid[i].hash);
862
863 si->shallow_ref[cmd->index] = 0;
864 oid_array_clear(&extra);
865 return 0;
866}
867
868/*
869 * NEEDSWORK: we should consolidate various implementions of "are we
870 * on an unborn branch?" test into one, and make the unified one more
871 * robust. !get_sha1() based check used here and elsewhere would not
872 * allow us to tell an unborn branch from corrupt ref, for example.
873 * For the purpose of fixing "deploy-to-update does not work when
874 * pushing into an empty repository" issue, this should suffice for
875 * now.
876 */
877static int head_has_history(void)
878{
879 unsigned char sha1[20];
880
881 return !get_sha1("HEAD", sha1);
882}
883
884static const char *push_to_deploy(unsigned char *sha1,
885 struct argv_array *env,
886 const char *work_tree)
887{
888 const char *update_refresh[] = {
889 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
890 };
891 const char *diff_files[] = {
892 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
893 };
894 const char *diff_index[] = {
895 "diff-index", "--quiet", "--cached", "--ignore-submodules",
896 NULL, "--", NULL
897 };
898 const char *read_tree[] = {
899 "read-tree", "-u", "-m", NULL, NULL
900 };
901 struct child_process child = CHILD_PROCESS_INIT;
902
903 child.argv = update_refresh;
904 child.env = env->argv;
905 child.dir = work_tree;
906 child.no_stdin = 1;
907 child.stdout_to_stderr = 1;
908 child.git_cmd = 1;
909 if (run_command(&child))
910 return "Up-to-date check failed";
911
912 /* run_command() does not clean up completely; reinitialize */
913 child_process_init(&child);
914 child.argv = diff_files;
915 child.env = env->argv;
916 child.dir = work_tree;
917 child.no_stdin = 1;
918 child.stdout_to_stderr = 1;
919 child.git_cmd = 1;
920 if (run_command(&child))
921 return "Working directory has unstaged changes";
922
923 /* diff-index with either HEAD or an empty tree */
924 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
925
926 child_process_init(&child);
927 child.argv = diff_index;
928 child.env = env->argv;
929 child.no_stdin = 1;
930 child.no_stdout = 1;
931 child.stdout_to_stderr = 0;
932 child.git_cmd = 1;
933 if (run_command(&child))
934 return "Working directory has staged changes";
935
936 read_tree[3] = sha1_to_hex(sha1);
937 child_process_init(&child);
938 child.argv = read_tree;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.no_stdout = 1;
943 child.stdout_to_stderr = 0;
944 child.git_cmd = 1;
945 if (run_command(&child))
946 return "Could not update working tree to new HEAD";
947
948 return NULL;
949}
950
951static const char *push_to_checkout_hook = "push-to-checkout";
952
953static const char *push_to_checkout(unsigned char *sha1,
954 struct argv_array *env,
955 const char *work_tree)
956{
957 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
958 if (run_hook_le(env->argv, push_to_checkout_hook,
959 sha1_to_hex(sha1), NULL))
960 return "push-to-checkout hook declined";
961 else
962 return NULL;
963}
964
965static const char *update_worktree(unsigned char *sha1)
966{
967 const char *retval;
968 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
969 struct argv_array env = ARGV_ARRAY_INIT;
970
971 if (is_bare_repository())
972 return "denyCurrentBranch = updateInstead needs a worktree";
973
974 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
975
976 if (!find_hook(push_to_checkout_hook))
977 retval = push_to_deploy(sha1, &env, work_tree);
978 else
979 retval = push_to_checkout(sha1, &env, work_tree);
980
981 argv_array_clear(&env);
982 return retval;
983}
984
985static const char *update(struct command *cmd, struct shallow_info *si)
986{
987 const char *name = cmd->ref_name;
988 struct strbuf namespaced_name_buf = STRBUF_INIT;
989 const char *namespaced_name, *ret;
990 struct object_id *old_oid = &cmd->old_oid;
991 struct object_id *new_oid = &cmd->new_oid;
992
993 /* only refs/... are allowed */
994 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
995 rp_error("refusing to create funny ref '%s' remotely", name);
996 return "funny refname";
997 }
998
999 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1000 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1001
1002 if (is_ref_checked_out(namespaced_name)) {
1003 switch (deny_current_branch) {
1004 case DENY_IGNORE:
1005 break;
1006 case DENY_WARN:
1007 rp_warning("updating the current branch");
1008 break;
1009 case DENY_REFUSE:
1010 case DENY_UNCONFIGURED:
1011 rp_error("refusing to update checked out branch: %s", name);
1012 if (deny_current_branch == DENY_UNCONFIGURED)
1013 refuse_unconfigured_deny();
1014 return "branch is currently checked out";
1015 case DENY_UPDATE_INSTEAD:
1016 ret = update_worktree(new_oid->hash);
1017 if (ret)
1018 return ret;
1019 break;
1020 }
1021 }
1022
1023 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1024 error("unpack should have generated %s, "
1025 "but I can't find it!", oid_to_hex(new_oid));
1026 return "bad pack";
1027 }
1028
1029 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1030 if (deny_deletes && starts_with(name, "refs/heads/")) {
1031 rp_error("denying ref deletion for %s", name);
1032 return "deletion prohibited";
1033 }
1034
1035 if (head_name && !strcmp(namespaced_name, head_name)) {
1036 switch (deny_delete_current) {
1037 case DENY_IGNORE:
1038 break;
1039 case DENY_WARN:
1040 rp_warning("deleting the current branch");
1041 break;
1042 case DENY_REFUSE:
1043 case DENY_UNCONFIGURED:
1044 case DENY_UPDATE_INSTEAD:
1045 if (deny_delete_current == DENY_UNCONFIGURED)
1046 refuse_unconfigured_deny_delete_current();
1047 rp_error("refusing to delete the current branch: %s", name);
1048 return "deletion of the current branch prohibited";
1049 default:
1050 return "Invalid denyDeleteCurrent setting";
1051 }
1052 }
1053 }
1054
1055 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1056 !is_null_oid(old_oid) &&
1057 starts_with(name, "refs/heads/")) {
1058 struct object *old_object, *new_object;
1059 struct commit *old_commit, *new_commit;
1060
1061 old_object = parse_object(old_oid->hash);
1062 new_object = parse_object(new_oid->hash);
1063
1064 if (!old_object || !new_object ||
1065 old_object->type != OBJ_COMMIT ||
1066 new_object->type != OBJ_COMMIT) {
1067 error("bad sha1 objects for %s", name);
1068 return "bad ref";
1069 }
1070 old_commit = (struct commit *)old_object;
1071 new_commit = (struct commit *)new_object;
1072 if (!in_merge_bases(old_commit, new_commit)) {
1073 rp_error("denying non-fast-forward %s"
1074 " (you should pull first)", name);
1075 return "non-fast-forward";
1076 }
1077 }
1078 if (run_update_hook(cmd)) {
1079 rp_error("hook declined to update %s", name);
1080 return "hook declined";
1081 }
1082
1083 if (is_null_oid(new_oid)) {
1084 struct strbuf err = STRBUF_INIT;
1085 if (!parse_object(old_oid->hash)) {
1086 old_oid = NULL;
1087 if (ref_exists(name)) {
1088 rp_warning("Allowing deletion of corrupt ref.");
1089 } else {
1090 rp_warning("Deleting a non-existent ref.");
1091 cmd->did_not_exist = 1;
1092 }
1093 }
1094 if (ref_transaction_delete(transaction,
1095 namespaced_name,
1096 old_oid->hash,
1097 0, "push", &err)) {
1098 rp_error("%s", err.buf);
1099 strbuf_release(&err);
1100 return "failed to delete";
1101 }
1102 strbuf_release(&err);
1103 return NULL; /* good */
1104 }
1105 else {
1106 struct strbuf err = STRBUF_INIT;
1107 if (shallow_update && si->shallow_ref[cmd->index] &&
1108 update_shallow_ref(cmd, si))
1109 return "shallow error";
1110
1111 if (ref_transaction_update(transaction,
1112 namespaced_name,
1113 new_oid->hash, old_oid->hash,
1114 0, "push",
1115 &err)) {
1116 rp_error("%s", err.buf);
1117 strbuf_release(&err);
1118
1119 return "failed to update ref";
1120 }
1121 strbuf_release(&err);
1122
1123 return NULL; /* good */
1124 }
1125}
1126
1127static void run_update_post_hook(struct command *commands)
1128{
1129 struct command *cmd;
1130 struct child_process proc = CHILD_PROCESS_INIT;
1131 const char *hook;
1132
1133 hook = find_hook("post-update");
1134 if (!hook)
1135 return;
1136
1137 for (cmd = commands; cmd; cmd = cmd->next) {
1138 if (cmd->error_string || cmd->did_not_exist)
1139 continue;
1140 if (!proc.args.argc)
1141 argv_array_push(&proc.args, hook);
1142 argv_array_push(&proc.args, cmd->ref_name);
1143 }
1144 if (!proc.args.argc)
1145 return;
1146
1147 proc.no_stdin = 1;
1148 proc.stdout_to_stderr = 1;
1149 proc.err = use_sideband ? -1 : 0;
1150
1151 if (!start_command(&proc)) {
1152 if (use_sideband)
1153 copy_to_sideband(proc.err, -1, NULL);
1154 finish_command(&proc);
1155 }
1156}
1157
1158static void check_aliased_update(struct command *cmd, struct string_list *list)
1159{
1160 struct strbuf buf = STRBUF_INIT;
1161 const char *dst_name;
1162 struct string_list_item *item;
1163 struct command *dst_cmd;
1164 unsigned char sha1[GIT_MAX_RAWSZ];
1165 int flag;
1166
1167 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1168 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1169 strbuf_release(&buf);
1170
1171 if (!(flag & REF_ISSYMREF))
1172 return;
1173
1174 if (!dst_name) {
1175 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1176 cmd->skip_update = 1;
1177 cmd->error_string = "broken symref";
1178 return;
1179 }
1180 dst_name = strip_namespace(dst_name);
1181
1182 if ((item = string_list_lookup(list, dst_name)) == NULL)
1183 return;
1184
1185 cmd->skip_update = 1;
1186
1187 dst_cmd = (struct command *) item->util;
1188
1189 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1190 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1191 return;
1192
1193 dst_cmd->skip_update = 1;
1194
1195 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1196 " its target '%s' (%s..%s)",
1197 cmd->ref_name,
1198 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1199 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1200 dst_cmd->ref_name,
1201 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1202 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1203
1204 cmd->error_string = dst_cmd->error_string =
1205 "inconsistent aliased update";
1206}
1207
1208static void check_aliased_updates(struct command *commands)
1209{
1210 struct command *cmd;
1211 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1212
1213 for (cmd = commands; cmd; cmd = cmd->next) {
1214 struct string_list_item *item =
1215 string_list_append(&ref_list, cmd->ref_name);
1216 item->util = (void *)cmd;
1217 }
1218 string_list_sort(&ref_list);
1219
1220 for (cmd = commands; cmd; cmd = cmd->next) {
1221 if (!cmd->error_string)
1222 check_aliased_update(cmd, &ref_list);
1223 }
1224
1225 string_list_clear(&ref_list, 0);
1226}
1227
1228static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1229{
1230 struct command **cmd_list = cb_data;
1231 struct command *cmd = *cmd_list;
1232
1233 if (!cmd || is_null_oid(&cmd->new_oid))
1234 return -1; /* end of list */
1235 *cmd_list = NULL; /* this returns only one */
1236 hashcpy(sha1, cmd->new_oid.hash);
1237 return 0;
1238}
1239
1240static void set_connectivity_errors(struct command *commands,
1241 struct shallow_info *si)
1242{
1243 struct command *cmd;
1244
1245 for (cmd = commands; cmd; cmd = cmd->next) {
1246 struct command *singleton = cmd;
1247 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1248
1249 if (shallow_update && si->shallow_ref[cmd->index])
1250 /* to be checked in update_shallow_ref() */
1251 continue;
1252
1253 opt.env = tmp_objdir_env(tmp_objdir);
1254 if (!check_connected(command_singleton_iterator, &singleton,
1255 &opt))
1256 continue;
1257
1258 cmd->error_string = "missing necessary objects";
1259 }
1260}
1261
1262struct iterate_data {
1263 struct command *cmds;
1264 struct shallow_info *si;
1265};
1266
1267static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1268{
1269 struct iterate_data *data = cb_data;
1270 struct command **cmd_list = &data->cmds;
1271 struct command *cmd = *cmd_list;
1272
1273 for (; cmd; cmd = cmd->next) {
1274 if (shallow_update && data->si->shallow_ref[cmd->index])
1275 /* to be checked in update_shallow_ref() */
1276 continue;
1277 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1278 hashcpy(sha1, cmd->new_oid.hash);
1279 *cmd_list = cmd->next;
1280 return 0;
1281 }
1282 }
1283 *cmd_list = NULL;
1284 return -1; /* end of list */
1285}
1286
1287static void reject_updates_to_hidden(struct command *commands)
1288{
1289 struct strbuf refname_full = STRBUF_INIT;
1290 size_t prefix_len;
1291 struct command *cmd;
1292
1293 strbuf_addstr(&refname_full, get_git_namespace());
1294 prefix_len = refname_full.len;
1295
1296 for (cmd = commands; cmd; cmd = cmd->next) {
1297 if (cmd->error_string)
1298 continue;
1299
1300 strbuf_setlen(&refname_full, prefix_len);
1301 strbuf_addstr(&refname_full, cmd->ref_name);
1302
1303 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1304 continue;
1305 if (is_null_oid(&cmd->new_oid))
1306 cmd->error_string = "deny deleting a hidden ref";
1307 else
1308 cmd->error_string = "deny updating a hidden ref";
1309 }
1310
1311 strbuf_release(&refname_full);
1312}
1313
1314static int should_process_cmd(struct command *cmd)
1315{
1316 return !cmd->error_string && !cmd->skip_update;
1317}
1318
1319static void warn_if_skipped_connectivity_check(struct command *commands,
1320 struct shallow_info *si)
1321{
1322 struct command *cmd;
1323 int checked_connectivity = 1;
1324
1325 for (cmd = commands; cmd; cmd = cmd->next) {
1326 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1327 error("BUG: connectivity check has not been run on ref %s",
1328 cmd->ref_name);
1329 checked_connectivity = 0;
1330 }
1331 }
1332 if (!checked_connectivity)
1333 die("BUG: connectivity check skipped???");
1334}
1335
1336static void execute_commands_non_atomic(struct command *commands,
1337 struct shallow_info *si)
1338{
1339 struct command *cmd;
1340 struct strbuf err = STRBUF_INIT;
1341
1342 for (cmd = commands; cmd; cmd = cmd->next) {
1343 if (!should_process_cmd(cmd))
1344 continue;
1345
1346 transaction = ref_transaction_begin(&err);
1347 if (!transaction) {
1348 rp_error("%s", err.buf);
1349 strbuf_reset(&err);
1350 cmd->error_string = "transaction failed to start";
1351 continue;
1352 }
1353
1354 cmd->error_string = update(cmd, si);
1355
1356 if (!cmd->error_string
1357 && ref_transaction_commit(transaction, &err)) {
1358 rp_error("%s", err.buf);
1359 strbuf_reset(&err);
1360 cmd->error_string = "failed to update ref";
1361 }
1362 ref_transaction_free(transaction);
1363 }
1364 strbuf_release(&err);
1365}
1366
1367static void execute_commands_atomic(struct command *commands,
1368 struct shallow_info *si)
1369{
1370 struct command *cmd;
1371 struct strbuf err = STRBUF_INIT;
1372 const char *reported_error = "atomic push failure";
1373
1374 transaction = ref_transaction_begin(&err);
1375 if (!transaction) {
1376 rp_error("%s", err.buf);
1377 strbuf_reset(&err);
1378 reported_error = "transaction failed to start";
1379 goto failure;
1380 }
1381
1382 for (cmd = commands; cmd; cmd = cmd->next) {
1383 if (!should_process_cmd(cmd))
1384 continue;
1385
1386 cmd->error_string = update(cmd, si);
1387
1388 if (cmd->error_string)
1389 goto failure;
1390 }
1391
1392 if (ref_transaction_commit(transaction, &err)) {
1393 rp_error("%s", err.buf);
1394 reported_error = "atomic transaction failed";
1395 goto failure;
1396 }
1397 goto cleanup;
1398
1399failure:
1400 for (cmd = commands; cmd; cmd = cmd->next)
1401 if (!cmd->error_string)
1402 cmd->error_string = reported_error;
1403
1404cleanup:
1405 ref_transaction_free(transaction);
1406 strbuf_release(&err);
1407}
1408
1409static void execute_commands(struct command *commands,
1410 const char *unpacker_error,
1411 struct shallow_info *si,
1412 const struct string_list *push_options)
1413{
1414 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1415 struct command *cmd;
1416 struct object_id oid;
1417 struct iterate_data data;
1418 struct async muxer;
1419 int err_fd = 0;
1420
1421 if (unpacker_error) {
1422 for (cmd = commands; cmd; cmd = cmd->next)
1423 cmd->error_string = "unpacker error";
1424 return;
1425 }
1426
1427 if (use_sideband) {
1428 memset(&muxer, 0, sizeof(muxer));
1429 muxer.proc = copy_to_sideband;
1430 muxer.in = -1;
1431 if (!start_async(&muxer))
1432 err_fd = muxer.in;
1433 /* ...else, continue without relaying sideband */
1434 }
1435
1436 data.cmds = commands;
1437 data.si = si;
1438 opt.err_fd = err_fd;
1439 opt.progress = err_fd && !quiet;
1440 opt.env = tmp_objdir_env(tmp_objdir);
1441 if (check_connected(iterate_receive_command_list, &data, &opt))
1442 set_connectivity_errors(commands, si);
1443
1444 if (use_sideband)
1445 finish_async(&muxer);
1446
1447 reject_updates_to_hidden(commands);
1448
1449 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1450 for (cmd = commands; cmd; cmd = cmd->next) {
1451 if (!cmd->error_string)
1452 cmd->error_string = "pre-receive hook declined";
1453 }
1454 return;
1455 }
1456
1457 /*
1458 * Now we'll start writing out refs, which means the objects need
1459 * to be in their final positions so that other processes can see them.
1460 */
1461 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1462 for (cmd = commands; cmd; cmd = cmd->next) {
1463 if (!cmd->error_string)
1464 cmd->error_string = "unable to migrate objects to permanent storage";
1465 }
1466 return;
1467 }
1468 tmp_objdir = NULL;
1469
1470 check_aliased_updates(commands);
1471
1472 free(head_name_to_free);
1473 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1474
1475 if (use_atomic)
1476 execute_commands_atomic(commands, si);
1477 else
1478 execute_commands_non_atomic(commands, si);
1479
1480 if (shallow_update)
1481 warn_if_skipped_connectivity_check(commands, si);
1482}
1483
1484static struct command **queue_command(struct command **tail,
1485 const char *line,
1486 int linelen)
1487{
1488 struct object_id old_oid, new_oid;
1489 struct command *cmd;
1490 const char *refname;
1491 int reflen;
1492 const char *p;
1493
1494 if (parse_oid_hex(line, &old_oid, &p) ||
1495 *p++ != ' ' ||
1496 parse_oid_hex(p, &new_oid, &p) ||
1497 *p++ != ' ')
1498 die("protocol error: expected old/new/ref, got '%s'", line);
1499
1500 refname = p;
1501 reflen = linelen - (p - line);
1502 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1503 oidcpy(&cmd->old_oid, &old_oid);
1504 oidcpy(&cmd->new_oid, &new_oid);
1505 *tail = cmd;
1506 return &cmd->next;
1507}
1508
1509static void queue_commands_from_cert(struct command **tail,
1510 struct strbuf *push_cert)
1511{
1512 const char *boc, *eoc;
1513
1514 if (*tail)
1515 die("protocol error: got both push certificate and unsigned commands");
1516
1517 boc = strstr(push_cert->buf, "\n\n");
1518 if (!boc)
1519 die("malformed push certificate %.*s", 100, push_cert->buf);
1520 else
1521 boc += 2;
1522 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1523
1524 while (boc < eoc) {
1525 const char *eol = memchr(boc, '\n', eoc - boc);
1526 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1527 boc = eol ? eol + 1 : eoc;
1528 }
1529}
1530
1531static struct command *read_head_info(struct oid_array *shallow)
1532{
1533 struct command *commands = NULL;
1534 struct command **p = &commands;
1535 for (;;) {
1536 char *line;
1537 int len, linelen;
1538
1539 line = packet_read_line(0, &len);
1540 if (!line)
1541 break;
1542
1543 if (len > 8 && starts_with(line, "shallow ")) {
1544 struct object_id oid;
1545 if (get_oid_hex(line + 8, &oid))
1546 die("protocol error: expected shallow sha, got '%s'",
1547 line + 8);
1548 oid_array_append(shallow, &oid);
1549 continue;
1550 }
1551
1552 linelen = strlen(line);
1553 if (linelen < len) {
1554 const char *feature_list = line + linelen + 1;
1555 if (parse_feature_request(feature_list, "report-status"))
1556 report_status = 1;
1557 if (parse_feature_request(feature_list, "side-band-64k"))
1558 use_sideband = LARGE_PACKET_MAX;
1559 if (parse_feature_request(feature_list, "quiet"))
1560 quiet = 1;
1561 if (advertise_atomic_push
1562 && parse_feature_request(feature_list, "atomic"))
1563 use_atomic = 1;
1564 if (advertise_push_options
1565 && parse_feature_request(feature_list, "push-options"))
1566 use_push_options = 1;
1567 }
1568
1569 if (!strcmp(line, "push-cert")) {
1570 int true_flush = 0;
1571 char certbuf[1024];
1572
1573 for (;;) {
1574 len = packet_read(0, NULL, NULL,
1575 certbuf, sizeof(certbuf), 0);
1576 if (!len) {
1577 true_flush = 1;
1578 break;
1579 }
1580 if (!strcmp(certbuf, "push-cert-end\n"))
1581 break; /* end of cert */
1582 strbuf_addstr(&push_cert, certbuf);
1583 }
1584
1585 if (true_flush)
1586 break;
1587 continue;
1588 }
1589
1590 p = queue_command(p, line, linelen);
1591 }
1592
1593 if (push_cert.len)
1594 queue_commands_from_cert(p, &push_cert);
1595
1596 return commands;
1597}
1598
1599static void read_push_options(struct string_list *options)
1600{
1601 while (1) {
1602 char *line;
1603 int len;
1604
1605 line = packet_read_line(0, &len);
1606
1607 if (!line)
1608 break;
1609
1610 string_list_append(options, line);
1611 }
1612}
1613
1614static const char *parse_pack_header(struct pack_header *hdr)
1615{
1616 switch (read_pack_header(0, hdr)) {
1617 case PH_ERROR_EOF:
1618 return "eof before pack header was fully read";
1619
1620 case PH_ERROR_PACK_SIGNATURE:
1621 return "protocol error (pack signature mismatch detected)";
1622
1623 case PH_ERROR_PROTOCOL:
1624 return "protocol error (pack version unsupported)";
1625
1626 default:
1627 return "unknown error in parse_pack_header";
1628
1629 case 0:
1630 return NULL;
1631 }
1632}
1633
1634static const char *pack_lockfile;
1635
1636static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1637{
1638 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1639 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1640}
1641
1642static const char *unpack(int err_fd, struct shallow_info *si)
1643{
1644 struct pack_header hdr;
1645 const char *hdr_err;
1646 int status;
1647 struct child_process child = CHILD_PROCESS_INIT;
1648 int fsck_objects = (receive_fsck_objects >= 0
1649 ? receive_fsck_objects
1650 : transfer_fsck_objects >= 0
1651 ? transfer_fsck_objects
1652 : 0);
1653
1654 hdr_err = parse_pack_header(&hdr);
1655 if (hdr_err) {
1656 if (err_fd > 0)
1657 close(err_fd);
1658 return hdr_err;
1659 }
1660
1661 if (si->nr_ours || si->nr_theirs) {
1662 alt_shallow_file = setup_temporary_shallow(si->shallow);
1663 argv_array_push(&child.args, "--shallow-file");
1664 argv_array_push(&child.args, alt_shallow_file);
1665 }
1666
1667 tmp_objdir = tmp_objdir_create();
1668 if (!tmp_objdir) {
1669 if (err_fd > 0)
1670 close(err_fd);
1671 return "unable to create temporary object directory";
1672 }
1673 child.env = tmp_objdir_env(tmp_objdir);
1674
1675 /*
1676 * Normally we just pass the tmp_objdir environment to the child
1677 * processes that do the heavy lifting, but we may need to see these
1678 * objects ourselves to set up shallow information.
1679 */
1680 tmp_objdir_add_as_alternate(tmp_objdir);
1681
1682 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1683 argv_array_push(&child.args, "unpack-objects");
1684 push_header_arg(&child.args, &hdr);
1685 if (quiet)
1686 argv_array_push(&child.args, "-q");
1687 if (fsck_objects)
1688 argv_array_pushf(&child.args, "--strict%s",
1689 fsck_msg_types.buf);
1690 if (max_input_size)
1691 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1692 (uintmax_t)max_input_size);
1693 child.no_stdout = 1;
1694 child.err = err_fd;
1695 child.git_cmd = 1;
1696 status = run_command(&child);
1697 if (status)
1698 return "unpack-objects abnormal exit";
1699 } else {
1700 char hostname[HOST_NAME_MAX + 1];
1701
1702 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1703 push_header_arg(&child.args, &hdr);
1704
1705 if (xgethostname(hostname, sizeof(hostname)))
1706 xsnprintf(hostname, sizeof(hostname), "localhost");
1707 argv_array_pushf(&child.args,
1708 "--keep=receive-pack %"PRIuMAX" on %s",
1709 (uintmax_t)getpid(),
1710 hostname);
1711
1712 if (!quiet && err_fd)
1713 argv_array_push(&child.args, "--show-resolving-progress");
1714 if (use_sideband)
1715 argv_array_push(&child.args, "--report-end-of-input");
1716 if (fsck_objects)
1717 argv_array_pushf(&child.args, "--strict%s",
1718 fsck_msg_types.buf);
1719 if (!reject_thin)
1720 argv_array_push(&child.args, "--fix-thin");
1721 if (max_input_size)
1722 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1723 (uintmax_t)max_input_size);
1724 child.out = -1;
1725 child.err = err_fd;
1726 child.git_cmd = 1;
1727 status = start_command(&child);
1728 if (status)
1729 return "index-pack fork failed";
1730 pack_lockfile = index_pack_lockfile(child.out);
1731 close(child.out);
1732 status = finish_command(&child);
1733 if (status)
1734 return "index-pack abnormal exit";
1735 reprepare_packed_git();
1736 }
1737 return NULL;
1738}
1739
1740static const char *unpack_with_sideband(struct shallow_info *si)
1741{
1742 struct async muxer;
1743 const char *ret;
1744
1745 if (!use_sideband)
1746 return unpack(0, si);
1747
1748 use_keepalive = KEEPALIVE_AFTER_NUL;
1749 memset(&muxer, 0, sizeof(muxer));
1750 muxer.proc = copy_to_sideband;
1751 muxer.in = -1;
1752 if (start_async(&muxer))
1753 return NULL;
1754
1755 ret = unpack(muxer.in, si);
1756
1757 finish_async(&muxer);
1758 return ret;
1759}
1760
1761static void prepare_shallow_update(struct command *commands,
1762 struct shallow_info *si)
1763{
1764 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1765
1766 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1767 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1768
1769 si->need_reachability_test =
1770 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1771 si->reachable =
1772 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1773 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1774
1775 for (i = 0; i < si->nr_ours; i++)
1776 si->need_reachability_test[si->ours[i]] = 1;
1777
1778 for (i = 0; i < si->shallow->nr; i++) {
1779 if (!si->used_shallow[i])
1780 continue;
1781 for (j = 0; j < bitmap_size; j++) {
1782 if (!si->used_shallow[i][j])
1783 continue;
1784 si->need_reachability_test[i]++;
1785 for (k = 0; k < 32; k++)
1786 if (si->used_shallow[i][j] & (1U << k))
1787 si->shallow_ref[j * 32 + k]++;
1788 }
1789
1790 /*
1791 * true for those associated with some refs and belong
1792 * in "ours" list aka "step 7 not done yet"
1793 */
1794 si->need_reachability_test[i] =
1795 si->need_reachability_test[i] > 1;
1796 }
1797
1798 /*
1799 * keep hooks happy by forcing a temporary shallow file via
1800 * env variable because we can't add --shallow-file to every
1801 * command. check_everything_connected() will be done with
1802 * true .git/shallow though.
1803 */
1804 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1805}
1806
1807static void update_shallow_info(struct command *commands,
1808 struct shallow_info *si,
1809 struct oid_array *ref)
1810{
1811 struct command *cmd;
1812 int *ref_status;
1813 remove_nonexistent_theirs_shallow(si);
1814 if (!si->nr_ours && !si->nr_theirs) {
1815 shallow_update = 0;
1816 return;
1817 }
1818
1819 for (cmd = commands; cmd; cmd = cmd->next) {
1820 if (is_null_oid(&cmd->new_oid))
1821 continue;
1822 oid_array_append(ref, &cmd->new_oid);
1823 cmd->index = ref->nr - 1;
1824 }
1825 si->ref = ref;
1826
1827 if (shallow_update) {
1828 prepare_shallow_update(commands, si);
1829 return;
1830 }
1831
1832 ALLOC_ARRAY(ref_status, ref->nr);
1833 assign_shallow_commits_to_refs(si, NULL, ref_status);
1834 for (cmd = commands; cmd; cmd = cmd->next) {
1835 if (is_null_oid(&cmd->new_oid))
1836 continue;
1837 if (ref_status[cmd->index]) {
1838 cmd->error_string = "shallow update not allowed";
1839 cmd->skip_update = 1;
1840 }
1841 }
1842 free(ref_status);
1843}
1844
1845static void report(struct command *commands, const char *unpack_status)
1846{
1847 struct command *cmd;
1848 struct strbuf buf = STRBUF_INIT;
1849
1850 packet_buf_write(&buf, "unpack %s\n",
1851 unpack_status ? unpack_status : "ok");
1852 for (cmd = commands; cmd; cmd = cmd->next) {
1853 if (!cmd->error_string)
1854 packet_buf_write(&buf, "ok %s\n",
1855 cmd->ref_name);
1856 else
1857 packet_buf_write(&buf, "ng %s %s\n",
1858 cmd->ref_name, cmd->error_string);
1859 }
1860 packet_buf_flush(&buf);
1861
1862 if (use_sideband)
1863 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1864 else
1865 write_or_die(1, buf.buf, buf.len);
1866 strbuf_release(&buf);
1867}
1868
1869static int delete_only(struct command *commands)
1870{
1871 struct command *cmd;
1872 for (cmd = commands; cmd; cmd = cmd->next) {
1873 if (!is_null_oid(&cmd->new_oid))
1874 return 0;
1875 }
1876 return 1;
1877}
1878
1879int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1880{
1881 int advertise_refs = 0;
1882 struct command *commands;
1883 struct oid_array shallow = OID_ARRAY_INIT;
1884 struct oid_array ref = OID_ARRAY_INIT;
1885 struct shallow_info si;
1886
1887 struct option options[] = {
1888 OPT__QUIET(&quiet, N_("quiet")),
1889 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1890 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1891 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1892 OPT_END()
1893 };
1894
1895 packet_trace_identity("receive-pack");
1896
1897 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1898
1899 if (argc > 1)
1900 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1901 if (argc == 0)
1902 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1903
1904 service_dir = argv[0];
1905
1906 setup_path();
1907
1908 if (!enter_repo(service_dir, 0))
1909 die("'%s' does not appear to be a git repository", service_dir);
1910
1911 git_config(receive_pack_config, NULL);
1912 if (cert_nonce_seed)
1913 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1914
1915 if (0 <= transfer_unpack_limit)
1916 unpack_limit = transfer_unpack_limit;
1917 else if (0 <= receive_unpack_limit)
1918 unpack_limit = receive_unpack_limit;
1919
1920 if (advertise_refs || !stateless_rpc) {
1921 write_head_info();
1922 }
1923 if (advertise_refs)
1924 return 0;
1925
1926 if ((commands = read_head_info(&shallow)) != NULL) {
1927 const char *unpack_status = NULL;
1928 struct string_list push_options = STRING_LIST_INIT_DUP;
1929
1930 if (use_push_options)
1931 read_push_options(&push_options);
1932
1933 prepare_shallow_info(&si, &shallow);
1934 if (!si.nr_ours && !si.nr_theirs)
1935 shallow_update = 0;
1936 if (!delete_only(commands)) {
1937 unpack_status = unpack_with_sideband(&si);
1938 update_shallow_info(commands, &si, &ref);
1939 }
1940 use_keepalive = KEEPALIVE_ALWAYS;
1941 execute_commands(commands, unpack_status, &si,
1942 &push_options);
1943 if (pack_lockfile)
1944 unlink_or_warn(pack_lockfile);
1945 if (report_status)
1946 report(commands, unpack_status);
1947 run_receive_hook(commands, "post-receive", 1,
1948 &push_options);
1949 run_update_post_hook(commands);
1950 string_list_clear(&push_options, 0);
1951 if (auto_gc) {
1952 const char *argv_gc_auto[] = {
1953 "gc", "--auto", "--quiet", NULL,
1954 };
1955 struct child_process proc = CHILD_PROCESS_INIT;
1956
1957 proc.no_stdin = 1;
1958 proc.stdout_to_stderr = 1;
1959 proc.err = use_sideband ? -1 : 0;
1960 proc.git_cmd = 1;
1961 proc.argv = argv_gc_auto;
1962
1963 close_all_packs();
1964 if (!start_command(&proc)) {
1965 if (use_sideband)
1966 copy_to_sideband(proc.err, -1, NULL);
1967 finish_command(&proc);
1968 }
1969 }
1970 if (auto_update_server_info)
1971 update_server_info(0);
1972 clear_shallow_info(&si);
1973 }
1974 if (use_sideband)
1975 packet_flush(1);
1976 oid_array_clear(&shallow);
1977 oid_array_clear(&ref);
1978 free((void *)push_cert_nonce);
1979 return 0;
1980}