builtin / receive-pack.con commit blame: move no_whole_file_rename flag to scoreboard (1f44129)
   1#include "builtin.h"
   2#include "lockfile.h"
   3#include "pack.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "exec_cmd.h"
   9#include "commit.h"
  10#include "object.h"
  11#include "remote.h"
  12#include "connect.h"
  13#include "transport.h"
  14#include "string-list.h"
  15#include "sha1-array.h"
  16#include "connected.h"
  17#include "argv-array.h"
  18#include "version.h"
  19#include "tag.h"
  20#include "gpg-interface.h"
  21#include "sigchain.h"
  22#include "fsck.h"
  23#include "tmp-objdir.h"
  24#include "oidset.h"
  25
  26static const char * const receive_pack_usage[] = {
  27        N_("git receive-pack <git-dir>"),
  28        NULL
  29};
  30
  31enum deny_action {
  32        DENY_UNCONFIGURED,
  33        DENY_IGNORE,
  34        DENY_WARN,
  35        DENY_REFUSE,
  36        DENY_UPDATE_INSTEAD
  37};
  38
  39static int deny_deletes;
  40static int deny_non_fast_forwards;
  41static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  42static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  43static int receive_fsck_objects = -1;
  44static int transfer_fsck_objects = -1;
  45static struct strbuf fsck_msg_types = STRBUF_INIT;
  46static int receive_unpack_limit = -1;
  47static int transfer_unpack_limit = -1;
  48static int advertise_atomic_push = 1;
  49static int advertise_push_options;
  50static int unpack_limit = 100;
  51static off_t max_input_size;
  52static int report_status;
  53static int use_sideband;
  54static int use_atomic;
  55static int use_push_options;
  56static int quiet;
  57static int prefer_ofs_delta = 1;
  58static int auto_update_server_info;
  59static int auto_gc = 1;
  60static int reject_thin;
  61static int stateless_rpc;
  62static const char *service_dir;
  63static const char *head_name;
  64static void *head_name_to_free;
  65static int sent_capabilities;
  66static int shallow_update;
  67static const char *alt_shallow_file;
  68static struct strbuf push_cert = STRBUF_INIT;
  69static unsigned char push_cert_sha1[20];
  70static struct signature_check sigcheck;
  71static const char *push_cert_nonce;
  72static const char *cert_nonce_seed;
  73
  74static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  75static const char *NONCE_BAD = "BAD";
  76static const char *NONCE_MISSING = "MISSING";
  77static const char *NONCE_OK = "OK";
  78static const char *NONCE_SLOP = "SLOP";
  79static const char *nonce_status;
  80static long nonce_stamp_slop;
  81static timestamp_t nonce_stamp_slop_limit;
  82static struct ref_transaction *transaction;
  83
  84static enum {
  85        KEEPALIVE_NEVER = 0,
  86        KEEPALIVE_AFTER_NUL,
  87        KEEPALIVE_ALWAYS
  88} use_keepalive;
  89static int keepalive_in_sec = 5;
  90
  91static struct tmp_objdir *tmp_objdir;
  92
  93static enum deny_action parse_deny_action(const char *var, const char *value)
  94{
  95        if (value) {
  96                if (!strcasecmp(value, "ignore"))
  97                        return DENY_IGNORE;
  98                if (!strcasecmp(value, "warn"))
  99                        return DENY_WARN;
 100                if (!strcasecmp(value, "refuse"))
 101                        return DENY_REFUSE;
 102                if (!strcasecmp(value, "updateinstead"))
 103                        return DENY_UPDATE_INSTEAD;
 104        }
 105        if (git_config_bool(var, value))
 106                return DENY_REFUSE;
 107        return DENY_IGNORE;
 108}
 109
 110static int receive_pack_config(const char *var, const char *value, void *cb)
 111{
 112        int status = parse_hide_refs_config(var, value, "receive");
 113
 114        if (status)
 115                return status;
 116
 117        if (strcmp(var, "receive.denydeletes") == 0) {
 118                deny_deletes = git_config_bool(var, value);
 119                return 0;
 120        }
 121
 122        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 123                deny_non_fast_forwards = git_config_bool(var, value);
 124                return 0;
 125        }
 126
 127        if (strcmp(var, "receive.unpacklimit") == 0) {
 128                receive_unpack_limit = git_config_int(var, value);
 129                return 0;
 130        }
 131
 132        if (strcmp(var, "transfer.unpacklimit") == 0) {
 133                transfer_unpack_limit = git_config_int(var, value);
 134                return 0;
 135        }
 136
 137        if (strcmp(var, "receive.fsck.skiplist") == 0) {
 138                const char *path;
 139
 140                if (git_config_pathname(&path, var, value))
 141                        return 1;
 142                strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
 143                        fsck_msg_types.len ? ',' : '=', path);
 144                free((char *)path);
 145                return 0;
 146        }
 147
 148        if (skip_prefix(var, "receive.fsck.", &var)) {
 149                if (is_valid_msg_type(var, value))
 150                        strbuf_addf(&fsck_msg_types, "%c%s=%s",
 151                                fsck_msg_types.len ? ',' : '=', var, value);
 152                else
 153                        warning("Skipping unknown msg id '%s'", var);
 154                return 0;
 155        }
 156
 157        if (strcmp(var, "receive.fsckobjects") == 0) {
 158                receive_fsck_objects = git_config_bool(var, value);
 159                return 0;
 160        }
 161
 162        if (strcmp(var, "transfer.fsckobjects") == 0) {
 163                transfer_fsck_objects = git_config_bool(var, value);
 164                return 0;
 165        }
 166
 167        if (!strcmp(var, "receive.denycurrentbranch")) {
 168                deny_current_branch = parse_deny_action(var, value);
 169                return 0;
 170        }
 171
 172        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 173                deny_delete_current = parse_deny_action(var, value);
 174                return 0;
 175        }
 176
 177        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 178                prefer_ofs_delta = git_config_bool(var, value);
 179                return 0;
 180        }
 181
 182        if (strcmp(var, "receive.updateserverinfo") == 0) {
 183                auto_update_server_info = git_config_bool(var, value);
 184                return 0;
 185        }
 186
 187        if (strcmp(var, "receive.autogc") == 0) {
 188                auto_gc = git_config_bool(var, value);
 189                return 0;
 190        }
 191
 192        if (strcmp(var, "receive.shallowupdate") == 0) {
 193                shallow_update = git_config_bool(var, value);
 194                return 0;
 195        }
 196
 197        if (strcmp(var, "receive.certnonceseed") == 0)
 198                return git_config_string(&cert_nonce_seed, var, value);
 199
 200        if (strcmp(var, "receive.certnonceslop") == 0) {
 201                nonce_stamp_slop_limit = git_config_ulong(var, value);
 202                return 0;
 203        }
 204
 205        if (strcmp(var, "receive.advertiseatomic") == 0) {
 206                advertise_atomic_push = git_config_bool(var, value);
 207                return 0;
 208        }
 209
 210        if (strcmp(var, "receive.advertisepushoptions") == 0) {
 211                advertise_push_options = git_config_bool(var, value);
 212                return 0;
 213        }
 214
 215        if (strcmp(var, "receive.keepalive") == 0) {
 216                keepalive_in_sec = git_config_int(var, value);
 217                return 0;
 218        }
 219
 220        if (strcmp(var, "receive.maxinputsize") == 0) {
 221                max_input_size = git_config_int64(var, value);
 222                return 0;
 223        }
 224
 225        return git_default_config(var, value, cb);
 226}
 227
 228static void show_ref(const char *path, const struct object_id *oid)
 229{
 230        if (sent_capabilities) {
 231                packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
 232        } else {
 233                struct strbuf cap = STRBUF_INIT;
 234
 235                strbuf_addstr(&cap,
 236                              "report-status delete-refs side-band-64k quiet");
 237                if (advertise_atomic_push)
 238                        strbuf_addstr(&cap, " atomic");
 239                if (prefer_ofs_delta)
 240                        strbuf_addstr(&cap, " ofs-delta");
 241                if (push_cert_nonce)
 242                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 243                if (advertise_push_options)
 244                        strbuf_addstr(&cap, " push-options");
 245                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 246                packet_write_fmt(1, "%s %s%c%s\n",
 247                             oid_to_hex(oid), path, 0, cap.buf);
 248                strbuf_release(&cap);
 249                sent_capabilities = 1;
 250        }
 251}
 252
 253static int show_ref_cb(const char *path_full, const struct object_id *oid,
 254                       int flag, void *data)
 255{
 256        struct oidset *seen = data;
 257        const char *path = strip_namespace(path_full);
 258
 259        if (ref_is_hidden(path, path_full))
 260                return 0;
 261
 262        /*
 263         * Advertise refs outside our current namespace as ".have"
 264         * refs, so that the client can use them to minimize data
 265         * transfer but will otherwise ignore them.
 266         */
 267        if (!path) {
 268                if (oidset_insert(seen, oid))
 269                        return 0;
 270                path = ".have";
 271        } else {
 272                oidset_insert(seen, oid);
 273        }
 274        show_ref(path, oid);
 275        return 0;
 276}
 277
 278static void show_one_alternate_ref(const char *refname,
 279                                   const struct object_id *oid,
 280                                   void *data)
 281{
 282        struct oidset *seen = data;
 283
 284        if (oidset_insert(seen, oid))
 285                return;
 286
 287        show_ref(".have", oid);
 288}
 289
 290static void write_head_info(void)
 291{
 292        static struct oidset seen = OIDSET_INIT;
 293
 294        for_each_ref(show_ref_cb, &seen);
 295        for_each_alternate_ref(show_one_alternate_ref, &seen);
 296        oidset_clear(&seen);
 297        if (!sent_capabilities)
 298                show_ref("capabilities^{}", &null_oid);
 299
 300        advertise_shallow_grafts(1);
 301
 302        /* EOF */
 303        packet_flush(1);
 304}
 305
 306struct command {
 307        struct command *next;
 308        const char *error_string;
 309        unsigned int skip_update:1,
 310                     did_not_exist:1;
 311        int index;
 312        struct object_id old_oid;
 313        struct object_id new_oid;
 314        char ref_name[FLEX_ARRAY]; /* more */
 315};
 316
 317static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 318static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 319
 320static void report_message(const char *prefix, const char *err, va_list params)
 321{
 322        int sz;
 323        char msg[4096];
 324
 325        sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
 326        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 327        if (sz > (sizeof(msg) - 1))
 328                sz = sizeof(msg) - 1;
 329        msg[sz++] = '\n';
 330
 331        if (use_sideband)
 332                send_sideband(1, 2, msg, sz, use_sideband);
 333        else
 334                xwrite(2, msg, sz);
 335}
 336
 337static void rp_warning(const char *err, ...)
 338{
 339        va_list params;
 340        va_start(params, err);
 341        report_message("warning: ", err, params);
 342        va_end(params);
 343}
 344
 345static void rp_error(const char *err, ...)
 346{
 347        va_list params;
 348        va_start(params, err);
 349        report_message("error: ", err, params);
 350        va_end(params);
 351}
 352
 353static int copy_to_sideband(int in, int out, void *arg)
 354{
 355        char data[128];
 356        int keepalive_active = 0;
 357
 358        if (keepalive_in_sec <= 0)
 359                use_keepalive = KEEPALIVE_NEVER;
 360        if (use_keepalive == KEEPALIVE_ALWAYS)
 361                keepalive_active = 1;
 362
 363        while (1) {
 364                ssize_t sz;
 365
 366                if (keepalive_active) {
 367                        struct pollfd pfd;
 368                        int ret;
 369
 370                        pfd.fd = in;
 371                        pfd.events = POLLIN;
 372                        ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
 373
 374                        if (ret < 0) {
 375                                if (errno == EINTR)
 376                                        continue;
 377                                else
 378                                        break;
 379                        } else if (ret == 0) {
 380                                /* no data; send a keepalive packet */
 381                                static const char buf[] = "0005\1";
 382                                write_or_die(1, buf, sizeof(buf) - 1);
 383                                continue;
 384                        } /* else there is actual data to read */
 385                }
 386
 387                sz = xread(in, data, sizeof(data));
 388                if (sz <= 0)
 389                        break;
 390
 391                if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
 392                        const char *p = memchr(data, '\0', sz);
 393                        if (p) {
 394                                /*
 395                                 * The NUL tells us to start sending keepalives. Make
 396                                 * sure we send any other data we read along
 397                                 * with it.
 398                                 */
 399                                keepalive_active = 1;
 400                                send_sideband(1, 2, data, p - data, use_sideband);
 401                                send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
 402                                continue;
 403                        }
 404                }
 405
 406                /*
 407                 * Either we're not looking for a NUL signal, or we didn't see
 408                 * it yet; just pass along the data.
 409                 */
 410                send_sideband(1, 2, data, sz, use_sideband);
 411        }
 412        close(in);
 413        return 0;
 414}
 415
 416#define HMAC_BLOCK_SIZE 64
 417
 418static void hmac_sha1(unsigned char *out,
 419                      const char *key_in, size_t key_len,
 420                      const char *text, size_t text_len)
 421{
 422        unsigned char key[HMAC_BLOCK_SIZE];
 423        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 424        unsigned char k_opad[HMAC_BLOCK_SIZE];
 425        int i;
 426        git_SHA_CTX ctx;
 427
 428        /* RFC 2104 2. (1) */
 429        memset(key, '\0', HMAC_BLOCK_SIZE);
 430        if (HMAC_BLOCK_SIZE < key_len) {
 431                git_SHA1_Init(&ctx);
 432                git_SHA1_Update(&ctx, key_in, key_len);
 433                git_SHA1_Final(key, &ctx);
 434        } else {
 435                memcpy(key, key_in, key_len);
 436        }
 437
 438        /* RFC 2104 2. (2) & (5) */
 439        for (i = 0; i < sizeof(key); i++) {
 440                k_ipad[i] = key[i] ^ 0x36;
 441                k_opad[i] = key[i] ^ 0x5c;
 442        }
 443
 444        /* RFC 2104 2. (3) & (4) */
 445        git_SHA1_Init(&ctx);
 446        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 447        git_SHA1_Update(&ctx, text, text_len);
 448        git_SHA1_Final(out, &ctx);
 449
 450        /* RFC 2104 2. (6) & (7) */
 451        git_SHA1_Init(&ctx);
 452        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 453        git_SHA1_Update(&ctx, out, 20);
 454        git_SHA1_Final(out, &ctx);
 455}
 456
 457static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
 458{
 459        struct strbuf buf = STRBUF_INIT;
 460        unsigned char sha1[20];
 461
 462        strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
 463        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 464        strbuf_release(&buf);
 465
 466        /* RFC 2104 5. HMAC-SHA1-80 */
 467        strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
 468        return strbuf_detach(&buf, NULL);
 469}
 470
 471/*
 472 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 473 * after dropping "_commit" from its name and possibly moving it out
 474 * of commit.c
 475 */
 476static char *find_header(const char *msg, size_t len, const char *key)
 477{
 478        int key_len = strlen(key);
 479        const char *line = msg;
 480
 481        while (line && line < msg + len) {
 482                const char *eol = strchrnul(line, '\n');
 483
 484                if ((msg + len <= eol) || line == eol)
 485                        return NULL;
 486                if (line + key_len < eol &&
 487                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 488                        int offset = key_len + 1;
 489                        return xmemdupz(line + offset, (eol - line) - offset);
 490                }
 491                line = *eol ? eol + 1 : NULL;
 492        }
 493        return NULL;
 494}
 495
 496static const char *check_nonce(const char *buf, size_t len)
 497{
 498        char *nonce = find_header(buf, len, "nonce");
 499        timestamp_t stamp, ostamp;
 500        char *bohmac, *expect = NULL;
 501        const char *retval = NONCE_BAD;
 502
 503        if (!nonce) {
 504                retval = NONCE_MISSING;
 505                goto leave;
 506        } else if (!push_cert_nonce) {
 507                retval = NONCE_UNSOLICITED;
 508                goto leave;
 509        } else if (!strcmp(push_cert_nonce, nonce)) {
 510                retval = NONCE_OK;
 511                goto leave;
 512        }
 513
 514        if (!stateless_rpc) {
 515                /* returned nonce MUST match what we gave out earlier */
 516                retval = NONCE_BAD;
 517                goto leave;
 518        }
 519
 520        /*
 521         * In stateless mode, we may be receiving a nonce issued by
 522         * another instance of the server that serving the same
 523         * repository, and the timestamps may not match, but the
 524         * nonce-seed and dir should match, so we can recompute and
 525         * report the time slop.
 526         *
 527         * In addition, when a nonce issued by another instance has
 528         * timestamp within receive.certnonceslop seconds, we pretend
 529         * as if we issued that nonce when reporting to the hook.
 530         */
 531
 532        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 533        if (*nonce <= '0' || '9' < *nonce) {
 534                retval = NONCE_BAD;
 535                goto leave;
 536        }
 537        stamp = parse_timestamp(nonce, &bohmac, 10);
 538        if (bohmac == nonce || bohmac[0] != '-') {
 539                retval = NONCE_BAD;
 540                goto leave;
 541        }
 542
 543        expect = prepare_push_cert_nonce(service_dir, stamp);
 544        if (strcmp(expect, nonce)) {
 545                /* Not what we would have signed earlier */
 546                retval = NONCE_BAD;
 547                goto leave;
 548        }
 549
 550        /*
 551         * By how many seconds is this nonce stale?  Negative value
 552         * would mean it was issued by another server with its clock
 553         * skewed in the future.
 554         */
 555        ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
 556        nonce_stamp_slop = (long)ostamp - (long)stamp;
 557
 558        if (nonce_stamp_slop_limit &&
 559            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 560                /*
 561                 * Pretend as if the received nonce (which passes the
 562                 * HMAC check, so it is not a forged by third-party)
 563                 * is what we issued.
 564                 */
 565                free((void *)push_cert_nonce);
 566                push_cert_nonce = xstrdup(nonce);
 567                retval = NONCE_OK;
 568        } else {
 569                retval = NONCE_SLOP;
 570        }
 571
 572leave:
 573        free(nonce);
 574        free(expect);
 575        return retval;
 576}
 577
 578static void prepare_push_cert_sha1(struct child_process *proc)
 579{
 580        static int already_done;
 581
 582        if (!push_cert.len)
 583                return;
 584
 585        if (!already_done) {
 586                struct strbuf gpg_output = STRBUF_INIT;
 587                struct strbuf gpg_status = STRBUF_INIT;
 588                int bogs /* beginning_of_gpg_sig */;
 589
 590                already_done = 1;
 591                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 592                        hashclr(push_cert_sha1);
 593
 594                memset(&sigcheck, '\0', sizeof(sigcheck));
 595                sigcheck.result = 'N';
 596
 597                bogs = parse_signature(push_cert.buf, push_cert.len);
 598                if (verify_signed_buffer(push_cert.buf, bogs,
 599                                         push_cert.buf + bogs, push_cert.len - bogs,
 600                                         &gpg_output, &gpg_status) < 0) {
 601                        ; /* error running gpg */
 602                } else {
 603                        sigcheck.payload = push_cert.buf;
 604                        sigcheck.gpg_output = gpg_output.buf;
 605                        sigcheck.gpg_status = gpg_status.buf;
 606                        parse_gpg_output(&sigcheck);
 607                }
 608
 609                strbuf_release(&gpg_output);
 610                strbuf_release(&gpg_status);
 611                nonce_status = check_nonce(push_cert.buf, bogs);
 612        }
 613        if (!is_null_sha1(push_cert_sha1)) {
 614                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 615                                 sha1_to_hex(push_cert_sha1));
 616                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 617                                 sigcheck.signer ? sigcheck.signer : "");
 618                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 619                                 sigcheck.key ? sigcheck.key : "");
 620                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 621                                 sigcheck.result);
 622                if (push_cert_nonce) {
 623                        argv_array_pushf(&proc->env_array,
 624                                         "GIT_PUSH_CERT_NONCE=%s",
 625                                         push_cert_nonce);
 626                        argv_array_pushf(&proc->env_array,
 627                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 628                                         nonce_status);
 629                        if (nonce_status == NONCE_SLOP)
 630                                argv_array_pushf(&proc->env_array,
 631                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 632                                                 nonce_stamp_slop);
 633                }
 634        }
 635}
 636
 637struct receive_hook_feed_state {
 638        struct command *cmd;
 639        int skip_broken;
 640        struct strbuf buf;
 641        const struct string_list *push_options;
 642};
 643
 644typedef int (*feed_fn)(void *, const char **, size_t *);
 645static int run_and_feed_hook(const char *hook_name, feed_fn feed,
 646                             struct receive_hook_feed_state *feed_state)
 647{
 648        struct child_process proc = CHILD_PROCESS_INIT;
 649        struct async muxer;
 650        const char *argv[2];
 651        int code;
 652
 653        argv[0] = find_hook(hook_name);
 654        if (!argv[0])
 655                return 0;
 656
 657        argv[1] = NULL;
 658
 659        proc.argv = argv;
 660        proc.in = -1;
 661        proc.stdout_to_stderr = 1;
 662        if (feed_state->push_options) {
 663                int i;
 664                for (i = 0; i < feed_state->push_options->nr; i++)
 665                        argv_array_pushf(&proc.env_array,
 666                                "GIT_PUSH_OPTION_%d=%s", i,
 667                                feed_state->push_options->items[i].string);
 668                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
 669                                 feed_state->push_options->nr);
 670        } else
 671                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
 672
 673        if (tmp_objdir)
 674                argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
 675
 676        if (use_sideband) {
 677                memset(&muxer, 0, sizeof(muxer));
 678                muxer.proc = copy_to_sideband;
 679                muxer.in = -1;
 680                code = start_async(&muxer);
 681                if (code)
 682                        return code;
 683                proc.err = muxer.in;
 684        }
 685
 686        prepare_push_cert_sha1(&proc);
 687
 688        code = start_command(&proc);
 689        if (code) {
 690                if (use_sideband)
 691                        finish_async(&muxer);
 692                return code;
 693        }
 694
 695        sigchain_push(SIGPIPE, SIG_IGN);
 696
 697        while (1) {
 698                const char *buf;
 699                size_t n;
 700                if (feed(feed_state, &buf, &n))
 701                        break;
 702                if (write_in_full(proc.in, buf, n) != n)
 703                        break;
 704        }
 705        close(proc.in);
 706        if (use_sideband)
 707                finish_async(&muxer);
 708
 709        sigchain_pop(SIGPIPE);
 710
 711        return finish_command(&proc);
 712}
 713
 714static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 715{
 716        struct receive_hook_feed_state *state = state_;
 717        struct command *cmd = state->cmd;
 718
 719        while (cmd &&
 720               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 721                cmd = cmd->next;
 722        if (!cmd)
 723                return -1; /* EOF */
 724        strbuf_reset(&state->buf);
 725        strbuf_addf(&state->buf, "%s %s %s\n",
 726                    oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
 727                    cmd->ref_name);
 728        state->cmd = cmd->next;
 729        if (bufp) {
 730                *bufp = state->buf.buf;
 731                *sizep = state->buf.len;
 732        }
 733        return 0;
 734}
 735
 736static int run_receive_hook(struct command *commands,
 737                            const char *hook_name,
 738                            int skip_broken,
 739                            const struct string_list *push_options)
 740{
 741        struct receive_hook_feed_state state;
 742        int status;
 743
 744        strbuf_init(&state.buf, 0);
 745        state.cmd = commands;
 746        state.skip_broken = skip_broken;
 747        if (feed_receive_hook(&state, NULL, NULL))
 748                return 0;
 749        state.cmd = commands;
 750        state.push_options = push_options;
 751        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 752        strbuf_release(&state.buf);
 753        return status;
 754}
 755
 756static int run_update_hook(struct command *cmd)
 757{
 758        const char *argv[5];
 759        struct child_process proc = CHILD_PROCESS_INIT;
 760        int code;
 761
 762        argv[0] = find_hook("update");
 763        if (!argv[0])
 764                return 0;
 765
 766        argv[1] = cmd->ref_name;
 767        argv[2] = oid_to_hex(&cmd->old_oid);
 768        argv[3] = oid_to_hex(&cmd->new_oid);
 769        argv[4] = NULL;
 770
 771        proc.no_stdin = 1;
 772        proc.stdout_to_stderr = 1;
 773        proc.err = use_sideband ? -1 : 0;
 774        proc.argv = argv;
 775
 776        code = start_command(&proc);
 777        if (code)
 778                return code;
 779        if (use_sideband)
 780                copy_to_sideband(proc.err, -1, NULL);
 781        return finish_command(&proc);
 782}
 783
 784static int is_ref_checked_out(const char *ref)
 785{
 786        if (is_bare_repository())
 787                return 0;
 788
 789        if (!head_name)
 790                return 0;
 791        return !strcmp(head_name, ref);
 792}
 793
 794static char *refuse_unconfigured_deny_msg =
 795        N_("By default, updating the current branch in a non-bare repository\n"
 796           "is denied, because it will make the index and work tree inconsistent\n"
 797           "with what you pushed, and will require 'git reset --hard' to match\n"
 798           "the work tree to HEAD.\n"
 799           "\n"
 800           "You can set the 'receive.denyCurrentBranch' configuration variable\n"
 801           "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
 802           "its current branch; however, this is not recommended unless you\n"
 803           "arranged to update its work tree to match what you pushed in some\n"
 804           "other way.\n"
 805           "\n"
 806           "To squelch this message and still keep the default behaviour, set\n"
 807           "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
 808
 809static void refuse_unconfigured_deny(void)
 810{
 811        rp_error("%s", _(refuse_unconfigured_deny_msg));
 812}
 813
 814static char *refuse_unconfigured_deny_delete_current_msg =
 815        N_("By default, deleting the current branch is denied, because the next\n"
 816           "'git clone' won't result in any file checked out, causing confusion.\n"
 817           "\n"
 818           "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
 819           "'warn' or 'ignore' in the remote repository to allow deleting the\n"
 820           "current branch, with or without a warning message.\n"
 821           "\n"
 822           "To squelch this message, you can set it to 'refuse'.");
 823
 824static void refuse_unconfigured_deny_delete_current(void)
 825{
 826        rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
 827}
 828
 829static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 830static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 831{
 832        static struct lock_file shallow_lock;
 833        struct oid_array extra = OID_ARRAY_INIT;
 834        struct check_connected_options opt = CHECK_CONNECTED_INIT;
 835        uint32_t mask = 1 << (cmd->index % 32);
 836        int i;
 837
 838        trace_printf_key(&trace_shallow,
 839                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 840        for (i = 0; i < si->shallow->nr; i++)
 841                if (si->used_shallow[i] &&
 842                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 843                    !delayed_reachability_test(si, i))
 844                        oid_array_append(&extra, &si->shallow->oid[i]);
 845
 846        opt.env = tmp_objdir_env(tmp_objdir);
 847        setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
 848        if (check_connected(command_singleton_iterator, cmd, &opt)) {
 849                rollback_lock_file(&shallow_lock);
 850                oid_array_clear(&extra);
 851                return -1;
 852        }
 853
 854        commit_lock_file(&shallow_lock);
 855
 856        /*
 857         * Make sure setup_alternate_shallow() for the next ref does
 858         * not lose these new roots..
 859         */
 860        for (i = 0; i < extra.nr; i++)
 861                register_shallow(extra.oid[i].hash);
 862
 863        si->shallow_ref[cmd->index] = 0;
 864        oid_array_clear(&extra);
 865        return 0;
 866}
 867
 868/*
 869 * NEEDSWORK: we should consolidate various implementions of "are we
 870 * on an unborn branch?" test into one, and make the unified one more
 871 * robust. !get_sha1() based check used here and elsewhere would not
 872 * allow us to tell an unborn branch from corrupt ref, for example.
 873 * For the purpose of fixing "deploy-to-update does not work when
 874 * pushing into an empty repository" issue, this should suffice for
 875 * now.
 876 */
 877static int head_has_history(void)
 878{
 879        unsigned char sha1[20];
 880
 881        return !get_sha1("HEAD", sha1);
 882}
 883
 884static const char *push_to_deploy(unsigned char *sha1,
 885                                  struct argv_array *env,
 886                                  const char *work_tree)
 887{
 888        const char *update_refresh[] = {
 889                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 890        };
 891        const char *diff_files[] = {
 892                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 893        };
 894        const char *diff_index[] = {
 895                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 896                NULL, "--", NULL
 897        };
 898        const char *read_tree[] = {
 899                "read-tree", "-u", "-m", NULL, NULL
 900        };
 901        struct child_process child = CHILD_PROCESS_INIT;
 902
 903        child.argv = update_refresh;
 904        child.env = env->argv;
 905        child.dir = work_tree;
 906        child.no_stdin = 1;
 907        child.stdout_to_stderr = 1;
 908        child.git_cmd = 1;
 909        if (run_command(&child))
 910                return "Up-to-date check failed";
 911
 912        /* run_command() does not clean up completely; reinitialize */
 913        child_process_init(&child);
 914        child.argv = diff_files;
 915        child.env = env->argv;
 916        child.dir = work_tree;
 917        child.no_stdin = 1;
 918        child.stdout_to_stderr = 1;
 919        child.git_cmd = 1;
 920        if (run_command(&child))
 921                return "Working directory has unstaged changes";
 922
 923        /* diff-index with either HEAD or an empty tree */
 924        diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
 925
 926        child_process_init(&child);
 927        child.argv = diff_index;
 928        child.env = env->argv;
 929        child.no_stdin = 1;
 930        child.no_stdout = 1;
 931        child.stdout_to_stderr = 0;
 932        child.git_cmd = 1;
 933        if (run_command(&child))
 934                return "Working directory has staged changes";
 935
 936        read_tree[3] = sha1_to_hex(sha1);
 937        child_process_init(&child);
 938        child.argv = read_tree;
 939        child.env = env->argv;
 940        child.dir = work_tree;
 941        child.no_stdin = 1;
 942        child.no_stdout = 1;
 943        child.stdout_to_stderr = 0;
 944        child.git_cmd = 1;
 945        if (run_command(&child))
 946                return "Could not update working tree to new HEAD";
 947
 948        return NULL;
 949}
 950
 951static const char *push_to_checkout_hook = "push-to-checkout";
 952
 953static const char *push_to_checkout(unsigned char *sha1,
 954                                    struct argv_array *env,
 955                                    const char *work_tree)
 956{
 957        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
 958        if (run_hook_le(env->argv, push_to_checkout_hook,
 959                        sha1_to_hex(sha1), NULL))
 960                return "push-to-checkout hook declined";
 961        else
 962                return NULL;
 963}
 964
 965static const char *update_worktree(unsigned char *sha1)
 966{
 967        const char *retval;
 968        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
 969        struct argv_array env = ARGV_ARRAY_INIT;
 970
 971        if (is_bare_repository())
 972                return "denyCurrentBranch = updateInstead needs a worktree";
 973
 974        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
 975
 976        if (!find_hook(push_to_checkout_hook))
 977                retval = push_to_deploy(sha1, &env, work_tree);
 978        else
 979                retval = push_to_checkout(sha1, &env, work_tree);
 980
 981        argv_array_clear(&env);
 982        return retval;
 983}
 984
 985static const char *update(struct command *cmd, struct shallow_info *si)
 986{
 987        const char *name = cmd->ref_name;
 988        struct strbuf namespaced_name_buf = STRBUF_INIT;
 989        const char *namespaced_name, *ret;
 990        struct object_id *old_oid = &cmd->old_oid;
 991        struct object_id *new_oid = &cmd->new_oid;
 992
 993        /* only refs/... are allowed */
 994        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
 995                rp_error("refusing to create funny ref '%s' remotely", name);
 996                return "funny refname";
 997        }
 998
 999        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1000        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1001
1002        if (is_ref_checked_out(namespaced_name)) {
1003                switch (deny_current_branch) {
1004                case DENY_IGNORE:
1005                        break;
1006                case DENY_WARN:
1007                        rp_warning("updating the current branch");
1008                        break;
1009                case DENY_REFUSE:
1010                case DENY_UNCONFIGURED:
1011                        rp_error("refusing to update checked out branch: %s", name);
1012                        if (deny_current_branch == DENY_UNCONFIGURED)
1013                                refuse_unconfigured_deny();
1014                        return "branch is currently checked out";
1015                case DENY_UPDATE_INSTEAD:
1016                        ret = update_worktree(new_oid->hash);
1017                        if (ret)
1018                                return ret;
1019                        break;
1020                }
1021        }
1022
1023        if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1024                error("unpack should have generated %s, "
1025                      "but I can't find it!", oid_to_hex(new_oid));
1026                return "bad pack";
1027        }
1028
1029        if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1030                if (deny_deletes && starts_with(name, "refs/heads/")) {
1031                        rp_error("denying ref deletion for %s", name);
1032                        return "deletion prohibited";
1033                }
1034
1035                if (head_name && !strcmp(namespaced_name, head_name)) {
1036                        switch (deny_delete_current) {
1037                        case DENY_IGNORE:
1038                                break;
1039                        case DENY_WARN:
1040                                rp_warning("deleting the current branch");
1041                                break;
1042                        case DENY_REFUSE:
1043                        case DENY_UNCONFIGURED:
1044                        case DENY_UPDATE_INSTEAD:
1045                                if (deny_delete_current == DENY_UNCONFIGURED)
1046                                        refuse_unconfigured_deny_delete_current();
1047                                rp_error("refusing to delete the current branch: %s", name);
1048                                return "deletion of the current branch prohibited";
1049                        default:
1050                                return "Invalid denyDeleteCurrent setting";
1051                        }
1052                }
1053        }
1054
1055        if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1056            !is_null_oid(old_oid) &&
1057            starts_with(name, "refs/heads/")) {
1058                struct object *old_object, *new_object;
1059                struct commit *old_commit, *new_commit;
1060
1061                old_object = parse_object(old_oid->hash);
1062                new_object = parse_object(new_oid->hash);
1063
1064                if (!old_object || !new_object ||
1065                    old_object->type != OBJ_COMMIT ||
1066                    new_object->type != OBJ_COMMIT) {
1067                        error("bad sha1 objects for %s", name);
1068                        return "bad ref";
1069                }
1070                old_commit = (struct commit *)old_object;
1071                new_commit = (struct commit *)new_object;
1072                if (!in_merge_bases(old_commit, new_commit)) {
1073                        rp_error("denying non-fast-forward %s"
1074                                 " (you should pull first)", name);
1075                        return "non-fast-forward";
1076                }
1077        }
1078        if (run_update_hook(cmd)) {
1079                rp_error("hook declined to update %s", name);
1080                return "hook declined";
1081        }
1082
1083        if (is_null_oid(new_oid)) {
1084                struct strbuf err = STRBUF_INIT;
1085                if (!parse_object(old_oid->hash)) {
1086                        old_oid = NULL;
1087                        if (ref_exists(name)) {
1088                                rp_warning("Allowing deletion of corrupt ref.");
1089                        } else {
1090                                rp_warning("Deleting a non-existent ref.");
1091                                cmd->did_not_exist = 1;
1092                        }
1093                }
1094                if (ref_transaction_delete(transaction,
1095                                           namespaced_name,
1096                                           old_oid->hash,
1097                                           0, "push", &err)) {
1098                        rp_error("%s", err.buf);
1099                        strbuf_release(&err);
1100                        return "failed to delete";
1101                }
1102                strbuf_release(&err);
1103                return NULL; /* good */
1104        }
1105        else {
1106                struct strbuf err = STRBUF_INIT;
1107                if (shallow_update && si->shallow_ref[cmd->index] &&
1108                    update_shallow_ref(cmd, si))
1109                        return "shallow error";
1110
1111                if (ref_transaction_update(transaction,
1112                                           namespaced_name,
1113                                           new_oid->hash, old_oid->hash,
1114                                           0, "push",
1115                                           &err)) {
1116                        rp_error("%s", err.buf);
1117                        strbuf_release(&err);
1118
1119                        return "failed to update ref";
1120                }
1121                strbuf_release(&err);
1122
1123                return NULL; /* good */
1124        }
1125}
1126
1127static void run_update_post_hook(struct command *commands)
1128{
1129        struct command *cmd;
1130        struct child_process proc = CHILD_PROCESS_INIT;
1131        const char *hook;
1132
1133        hook = find_hook("post-update");
1134        if (!hook)
1135                return;
1136
1137        for (cmd = commands; cmd; cmd = cmd->next) {
1138                if (cmd->error_string || cmd->did_not_exist)
1139                        continue;
1140                if (!proc.args.argc)
1141                        argv_array_push(&proc.args, hook);
1142                argv_array_push(&proc.args, cmd->ref_name);
1143        }
1144        if (!proc.args.argc)
1145                return;
1146
1147        proc.no_stdin = 1;
1148        proc.stdout_to_stderr = 1;
1149        proc.err = use_sideband ? -1 : 0;
1150
1151        if (!start_command(&proc)) {
1152                if (use_sideband)
1153                        copy_to_sideband(proc.err, -1, NULL);
1154                finish_command(&proc);
1155        }
1156}
1157
1158static void check_aliased_update(struct command *cmd, struct string_list *list)
1159{
1160        struct strbuf buf = STRBUF_INIT;
1161        const char *dst_name;
1162        struct string_list_item *item;
1163        struct command *dst_cmd;
1164        unsigned char sha1[GIT_MAX_RAWSZ];
1165        int flag;
1166
1167        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1168        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1169        strbuf_release(&buf);
1170
1171        if (!(flag & REF_ISSYMREF))
1172                return;
1173
1174        if (!dst_name) {
1175                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1176                cmd->skip_update = 1;
1177                cmd->error_string = "broken symref";
1178                return;
1179        }
1180        dst_name = strip_namespace(dst_name);
1181
1182        if ((item = string_list_lookup(list, dst_name)) == NULL)
1183                return;
1184
1185        cmd->skip_update = 1;
1186
1187        dst_cmd = (struct command *) item->util;
1188
1189        if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1190            !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1191                return;
1192
1193        dst_cmd->skip_update = 1;
1194
1195        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1196                 " its target '%s' (%s..%s)",
1197                 cmd->ref_name,
1198                 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1199                 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1200                 dst_cmd->ref_name,
1201                 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1202                 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1203
1204        cmd->error_string = dst_cmd->error_string =
1205                "inconsistent aliased update";
1206}
1207
1208static void check_aliased_updates(struct command *commands)
1209{
1210        struct command *cmd;
1211        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1212
1213        for (cmd = commands; cmd; cmd = cmd->next) {
1214                struct string_list_item *item =
1215                        string_list_append(&ref_list, cmd->ref_name);
1216                item->util = (void *)cmd;
1217        }
1218        string_list_sort(&ref_list);
1219
1220        for (cmd = commands; cmd; cmd = cmd->next) {
1221                if (!cmd->error_string)
1222                        check_aliased_update(cmd, &ref_list);
1223        }
1224
1225        string_list_clear(&ref_list, 0);
1226}
1227
1228static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1229{
1230        struct command **cmd_list = cb_data;
1231        struct command *cmd = *cmd_list;
1232
1233        if (!cmd || is_null_oid(&cmd->new_oid))
1234                return -1; /* end of list */
1235        *cmd_list = NULL; /* this returns only one */
1236        hashcpy(sha1, cmd->new_oid.hash);
1237        return 0;
1238}
1239
1240static void set_connectivity_errors(struct command *commands,
1241                                    struct shallow_info *si)
1242{
1243        struct command *cmd;
1244
1245        for (cmd = commands; cmd; cmd = cmd->next) {
1246                struct command *singleton = cmd;
1247                struct check_connected_options opt = CHECK_CONNECTED_INIT;
1248
1249                if (shallow_update && si->shallow_ref[cmd->index])
1250                        /* to be checked in update_shallow_ref() */
1251                        continue;
1252
1253                opt.env = tmp_objdir_env(tmp_objdir);
1254                if (!check_connected(command_singleton_iterator, &singleton,
1255                                     &opt))
1256                        continue;
1257
1258                cmd->error_string = "missing necessary objects";
1259        }
1260}
1261
1262struct iterate_data {
1263        struct command *cmds;
1264        struct shallow_info *si;
1265};
1266
1267static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1268{
1269        struct iterate_data *data = cb_data;
1270        struct command **cmd_list = &data->cmds;
1271        struct command *cmd = *cmd_list;
1272
1273        for (; cmd; cmd = cmd->next) {
1274                if (shallow_update && data->si->shallow_ref[cmd->index])
1275                        /* to be checked in update_shallow_ref() */
1276                        continue;
1277                if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1278                        hashcpy(sha1, cmd->new_oid.hash);
1279                        *cmd_list = cmd->next;
1280                        return 0;
1281                }
1282        }
1283        *cmd_list = NULL;
1284        return -1; /* end of list */
1285}
1286
1287static void reject_updates_to_hidden(struct command *commands)
1288{
1289        struct strbuf refname_full = STRBUF_INIT;
1290        size_t prefix_len;
1291        struct command *cmd;
1292
1293        strbuf_addstr(&refname_full, get_git_namespace());
1294        prefix_len = refname_full.len;
1295
1296        for (cmd = commands; cmd; cmd = cmd->next) {
1297                if (cmd->error_string)
1298                        continue;
1299
1300                strbuf_setlen(&refname_full, prefix_len);
1301                strbuf_addstr(&refname_full, cmd->ref_name);
1302
1303                if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1304                        continue;
1305                if (is_null_oid(&cmd->new_oid))
1306                        cmd->error_string = "deny deleting a hidden ref";
1307                else
1308                        cmd->error_string = "deny updating a hidden ref";
1309        }
1310
1311        strbuf_release(&refname_full);
1312}
1313
1314static int should_process_cmd(struct command *cmd)
1315{
1316        return !cmd->error_string && !cmd->skip_update;
1317}
1318
1319static void warn_if_skipped_connectivity_check(struct command *commands,
1320                                               struct shallow_info *si)
1321{
1322        struct command *cmd;
1323        int checked_connectivity = 1;
1324
1325        for (cmd = commands; cmd; cmd = cmd->next) {
1326                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1327                        error("BUG: connectivity check has not been run on ref %s",
1328                              cmd->ref_name);
1329                        checked_connectivity = 0;
1330                }
1331        }
1332        if (!checked_connectivity)
1333                die("BUG: connectivity check skipped???");
1334}
1335
1336static void execute_commands_non_atomic(struct command *commands,
1337                                        struct shallow_info *si)
1338{
1339        struct command *cmd;
1340        struct strbuf err = STRBUF_INIT;
1341
1342        for (cmd = commands; cmd; cmd = cmd->next) {
1343                if (!should_process_cmd(cmd))
1344                        continue;
1345
1346                transaction = ref_transaction_begin(&err);
1347                if (!transaction) {
1348                        rp_error("%s", err.buf);
1349                        strbuf_reset(&err);
1350                        cmd->error_string = "transaction failed to start";
1351                        continue;
1352                }
1353
1354                cmd->error_string = update(cmd, si);
1355
1356                if (!cmd->error_string
1357                    && ref_transaction_commit(transaction, &err)) {
1358                        rp_error("%s", err.buf);
1359                        strbuf_reset(&err);
1360                        cmd->error_string = "failed to update ref";
1361                }
1362                ref_transaction_free(transaction);
1363        }
1364        strbuf_release(&err);
1365}
1366
1367static void execute_commands_atomic(struct command *commands,
1368                                        struct shallow_info *si)
1369{
1370        struct command *cmd;
1371        struct strbuf err = STRBUF_INIT;
1372        const char *reported_error = "atomic push failure";
1373
1374        transaction = ref_transaction_begin(&err);
1375        if (!transaction) {
1376                rp_error("%s", err.buf);
1377                strbuf_reset(&err);
1378                reported_error = "transaction failed to start";
1379                goto failure;
1380        }
1381
1382        for (cmd = commands; cmd; cmd = cmd->next) {
1383                if (!should_process_cmd(cmd))
1384                        continue;
1385
1386                cmd->error_string = update(cmd, si);
1387
1388                if (cmd->error_string)
1389                        goto failure;
1390        }
1391
1392        if (ref_transaction_commit(transaction, &err)) {
1393                rp_error("%s", err.buf);
1394                reported_error = "atomic transaction failed";
1395                goto failure;
1396        }
1397        goto cleanup;
1398
1399failure:
1400        for (cmd = commands; cmd; cmd = cmd->next)
1401                if (!cmd->error_string)
1402                        cmd->error_string = reported_error;
1403
1404cleanup:
1405        ref_transaction_free(transaction);
1406        strbuf_release(&err);
1407}
1408
1409static void execute_commands(struct command *commands,
1410                             const char *unpacker_error,
1411                             struct shallow_info *si,
1412                             const struct string_list *push_options)
1413{
1414        struct check_connected_options opt = CHECK_CONNECTED_INIT;
1415        struct command *cmd;
1416        struct object_id oid;
1417        struct iterate_data data;
1418        struct async muxer;
1419        int err_fd = 0;
1420
1421        if (unpacker_error) {
1422                for (cmd = commands; cmd; cmd = cmd->next)
1423                        cmd->error_string = "unpacker error";
1424                return;
1425        }
1426
1427        if (use_sideband) {
1428                memset(&muxer, 0, sizeof(muxer));
1429                muxer.proc = copy_to_sideband;
1430                muxer.in = -1;
1431                if (!start_async(&muxer))
1432                        err_fd = muxer.in;
1433                /* ...else, continue without relaying sideband */
1434        }
1435
1436        data.cmds = commands;
1437        data.si = si;
1438        opt.err_fd = err_fd;
1439        opt.progress = err_fd && !quiet;
1440        opt.env = tmp_objdir_env(tmp_objdir);
1441        if (check_connected(iterate_receive_command_list, &data, &opt))
1442                set_connectivity_errors(commands, si);
1443
1444        if (use_sideband)
1445                finish_async(&muxer);
1446
1447        reject_updates_to_hidden(commands);
1448
1449        if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1450                for (cmd = commands; cmd; cmd = cmd->next) {
1451                        if (!cmd->error_string)
1452                                cmd->error_string = "pre-receive hook declined";
1453                }
1454                return;
1455        }
1456
1457        /*
1458         * Now we'll start writing out refs, which means the objects need
1459         * to be in their final positions so that other processes can see them.
1460         */
1461        if (tmp_objdir_migrate(tmp_objdir) < 0) {
1462                for (cmd = commands; cmd; cmd = cmd->next) {
1463                        if (!cmd->error_string)
1464                                cmd->error_string = "unable to migrate objects to permanent storage";
1465                }
1466                return;
1467        }
1468        tmp_objdir = NULL;
1469
1470        check_aliased_updates(commands);
1471
1472        free(head_name_to_free);
1473        head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1474
1475        if (use_atomic)
1476                execute_commands_atomic(commands, si);
1477        else
1478                execute_commands_non_atomic(commands, si);
1479
1480        if (shallow_update)
1481                warn_if_skipped_connectivity_check(commands, si);
1482}
1483
1484static struct command **queue_command(struct command **tail,
1485                                      const char *line,
1486                                      int linelen)
1487{
1488        struct object_id old_oid, new_oid;
1489        struct command *cmd;
1490        const char *refname;
1491        int reflen;
1492        const char *p;
1493
1494        if (parse_oid_hex(line, &old_oid, &p) ||
1495            *p++ != ' ' ||
1496            parse_oid_hex(p, &new_oid, &p) ||
1497            *p++ != ' ')
1498                die("protocol error: expected old/new/ref, got '%s'", line);
1499
1500        refname = p;
1501        reflen = linelen - (p - line);
1502        FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1503        oidcpy(&cmd->old_oid, &old_oid);
1504        oidcpy(&cmd->new_oid, &new_oid);
1505        *tail = cmd;
1506        return &cmd->next;
1507}
1508
1509static void queue_commands_from_cert(struct command **tail,
1510                                     struct strbuf *push_cert)
1511{
1512        const char *boc, *eoc;
1513
1514        if (*tail)
1515                die("protocol error: got both push certificate and unsigned commands");
1516
1517        boc = strstr(push_cert->buf, "\n\n");
1518        if (!boc)
1519                die("malformed push certificate %.*s", 100, push_cert->buf);
1520        else
1521                boc += 2;
1522        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1523
1524        while (boc < eoc) {
1525                const char *eol = memchr(boc, '\n', eoc - boc);
1526                tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1527                boc = eol ? eol + 1 : eoc;
1528        }
1529}
1530
1531static struct command *read_head_info(struct oid_array *shallow)
1532{
1533        struct command *commands = NULL;
1534        struct command **p = &commands;
1535        for (;;) {
1536                char *line;
1537                int len, linelen;
1538
1539                line = packet_read_line(0, &len);
1540                if (!line)
1541                        break;
1542
1543                if (len > 8 && starts_with(line, "shallow ")) {
1544                        struct object_id oid;
1545                        if (get_oid_hex(line + 8, &oid))
1546                                die("protocol error: expected shallow sha, got '%s'",
1547                                    line + 8);
1548                        oid_array_append(shallow, &oid);
1549                        continue;
1550                }
1551
1552                linelen = strlen(line);
1553                if (linelen < len) {
1554                        const char *feature_list = line + linelen + 1;
1555                        if (parse_feature_request(feature_list, "report-status"))
1556                                report_status = 1;
1557                        if (parse_feature_request(feature_list, "side-band-64k"))
1558                                use_sideband = LARGE_PACKET_MAX;
1559                        if (parse_feature_request(feature_list, "quiet"))
1560                                quiet = 1;
1561                        if (advertise_atomic_push
1562                            && parse_feature_request(feature_list, "atomic"))
1563                                use_atomic = 1;
1564                        if (advertise_push_options
1565                            && parse_feature_request(feature_list, "push-options"))
1566                                use_push_options = 1;
1567                }
1568
1569                if (!strcmp(line, "push-cert")) {
1570                        int true_flush = 0;
1571                        char certbuf[1024];
1572
1573                        for (;;) {
1574                                len = packet_read(0, NULL, NULL,
1575                                                  certbuf, sizeof(certbuf), 0);
1576                                if (!len) {
1577                                        true_flush = 1;
1578                                        break;
1579                                }
1580                                if (!strcmp(certbuf, "push-cert-end\n"))
1581                                        break; /* end of cert */
1582                                strbuf_addstr(&push_cert, certbuf);
1583                        }
1584
1585                        if (true_flush)
1586                                break;
1587                        continue;
1588                }
1589
1590                p = queue_command(p, line, linelen);
1591        }
1592
1593        if (push_cert.len)
1594                queue_commands_from_cert(p, &push_cert);
1595
1596        return commands;
1597}
1598
1599static void read_push_options(struct string_list *options)
1600{
1601        while (1) {
1602                char *line;
1603                int len;
1604
1605                line = packet_read_line(0, &len);
1606
1607                if (!line)
1608                        break;
1609
1610                string_list_append(options, line);
1611        }
1612}
1613
1614static const char *parse_pack_header(struct pack_header *hdr)
1615{
1616        switch (read_pack_header(0, hdr)) {
1617        case PH_ERROR_EOF:
1618                return "eof before pack header was fully read";
1619
1620        case PH_ERROR_PACK_SIGNATURE:
1621                return "protocol error (pack signature mismatch detected)";
1622
1623        case PH_ERROR_PROTOCOL:
1624                return "protocol error (pack version unsupported)";
1625
1626        default:
1627                return "unknown error in parse_pack_header";
1628
1629        case 0:
1630                return NULL;
1631        }
1632}
1633
1634static const char *pack_lockfile;
1635
1636static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1637{
1638        argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1639                        ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1640}
1641
1642static const char *unpack(int err_fd, struct shallow_info *si)
1643{
1644        struct pack_header hdr;
1645        const char *hdr_err;
1646        int status;
1647        struct child_process child = CHILD_PROCESS_INIT;
1648        int fsck_objects = (receive_fsck_objects >= 0
1649                            ? receive_fsck_objects
1650                            : transfer_fsck_objects >= 0
1651                            ? transfer_fsck_objects
1652                            : 0);
1653
1654        hdr_err = parse_pack_header(&hdr);
1655        if (hdr_err) {
1656                if (err_fd > 0)
1657                        close(err_fd);
1658                return hdr_err;
1659        }
1660
1661        if (si->nr_ours || si->nr_theirs) {
1662                alt_shallow_file = setup_temporary_shallow(si->shallow);
1663                argv_array_push(&child.args, "--shallow-file");
1664                argv_array_push(&child.args, alt_shallow_file);
1665        }
1666
1667        tmp_objdir = tmp_objdir_create();
1668        if (!tmp_objdir) {
1669                if (err_fd > 0)
1670                        close(err_fd);
1671                return "unable to create temporary object directory";
1672        }
1673        child.env = tmp_objdir_env(tmp_objdir);
1674
1675        /*
1676         * Normally we just pass the tmp_objdir environment to the child
1677         * processes that do the heavy lifting, but we may need to see these
1678         * objects ourselves to set up shallow information.
1679         */
1680        tmp_objdir_add_as_alternate(tmp_objdir);
1681
1682        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1683                argv_array_push(&child.args, "unpack-objects");
1684                push_header_arg(&child.args, &hdr);
1685                if (quiet)
1686                        argv_array_push(&child.args, "-q");
1687                if (fsck_objects)
1688                        argv_array_pushf(&child.args, "--strict%s",
1689                                fsck_msg_types.buf);
1690                if (max_input_size)
1691                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1692                                (uintmax_t)max_input_size);
1693                child.no_stdout = 1;
1694                child.err = err_fd;
1695                child.git_cmd = 1;
1696                status = run_command(&child);
1697                if (status)
1698                        return "unpack-objects abnormal exit";
1699        } else {
1700                char hostname[HOST_NAME_MAX + 1];
1701
1702                argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1703                push_header_arg(&child.args, &hdr);
1704
1705                if (xgethostname(hostname, sizeof(hostname)))
1706                        xsnprintf(hostname, sizeof(hostname), "localhost");
1707                argv_array_pushf(&child.args,
1708                                 "--keep=receive-pack %"PRIuMAX" on %s",
1709                                 (uintmax_t)getpid(),
1710                                 hostname);
1711
1712                if (!quiet && err_fd)
1713                        argv_array_push(&child.args, "--show-resolving-progress");
1714                if (use_sideband)
1715                        argv_array_push(&child.args, "--report-end-of-input");
1716                if (fsck_objects)
1717                        argv_array_pushf(&child.args, "--strict%s",
1718                                fsck_msg_types.buf);
1719                if (!reject_thin)
1720                        argv_array_push(&child.args, "--fix-thin");
1721                if (max_input_size)
1722                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1723                                (uintmax_t)max_input_size);
1724                child.out = -1;
1725                child.err = err_fd;
1726                child.git_cmd = 1;
1727                status = start_command(&child);
1728                if (status)
1729                        return "index-pack fork failed";
1730                pack_lockfile = index_pack_lockfile(child.out);
1731                close(child.out);
1732                status = finish_command(&child);
1733                if (status)
1734                        return "index-pack abnormal exit";
1735                reprepare_packed_git();
1736        }
1737        return NULL;
1738}
1739
1740static const char *unpack_with_sideband(struct shallow_info *si)
1741{
1742        struct async muxer;
1743        const char *ret;
1744
1745        if (!use_sideband)
1746                return unpack(0, si);
1747
1748        use_keepalive = KEEPALIVE_AFTER_NUL;
1749        memset(&muxer, 0, sizeof(muxer));
1750        muxer.proc = copy_to_sideband;
1751        muxer.in = -1;
1752        if (start_async(&muxer))
1753                return NULL;
1754
1755        ret = unpack(muxer.in, si);
1756
1757        finish_async(&muxer);
1758        return ret;
1759}
1760
1761static void prepare_shallow_update(struct command *commands,
1762                                   struct shallow_info *si)
1763{
1764        int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1765
1766        ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1767        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1768
1769        si->need_reachability_test =
1770                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1771        si->reachable =
1772                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1773        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1774
1775        for (i = 0; i < si->nr_ours; i++)
1776                si->need_reachability_test[si->ours[i]] = 1;
1777
1778        for (i = 0; i < si->shallow->nr; i++) {
1779                if (!si->used_shallow[i])
1780                        continue;
1781                for (j = 0; j < bitmap_size; j++) {
1782                        if (!si->used_shallow[i][j])
1783                                continue;
1784                        si->need_reachability_test[i]++;
1785                        for (k = 0; k < 32; k++)
1786                                if (si->used_shallow[i][j] & (1U << k))
1787                                        si->shallow_ref[j * 32 + k]++;
1788                }
1789
1790                /*
1791                 * true for those associated with some refs and belong
1792                 * in "ours" list aka "step 7 not done yet"
1793                 */
1794                si->need_reachability_test[i] =
1795                        si->need_reachability_test[i] > 1;
1796        }
1797
1798        /*
1799         * keep hooks happy by forcing a temporary shallow file via
1800         * env variable because we can't add --shallow-file to every
1801         * command. check_everything_connected() will be done with
1802         * true .git/shallow though.
1803         */
1804        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1805}
1806
1807static void update_shallow_info(struct command *commands,
1808                                struct shallow_info *si,
1809                                struct oid_array *ref)
1810{
1811        struct command *cmd;
1812        int *ref_status;
1813        remove_nonexistent_theirs_shallow(si);
1814        if (!si->nr_ours && !si->nr_theirs) {
1815                shallow_update = 0;
1816                return;
1817        }
1818
1819        for (cmd = commands; cmd; cmd = cmd->next) {
1820                if (is_null_oid(&cmd->new_oid))
1821                        continue;
1822                oid_array_append(ref, &cmd->new_oid);
1823                cmd->index = ref->nr - 1;
1824        }
1825        si->ref = ref;
1826
1827        if (shallow_update) {
1828                prepare_shallow_update(commands, si);
1829                return;
1830        }
1831
1832        ALLOC_ARRAY(ref_status, ref->nr);
1833        assign_shallow_commits_to_refs(si, NULL, ref_status);
1834        for (cmd = commands; cmd; cmd = cmd->next) {
1835                if (is_null_oid(&cmd->new_oid))
1836                        continue;
1837                if (ref_status[cmd->index]) {
1838                        cmd->error_string = "shallow update not allowed";
1839                        cmd->skip_update = 1;
1840                }
1841        }
1842        free(ref_status);
1843}
1844
1845static void report(struct command *commands, const char *unpack_status)
1846{
1847        struct command *cmd;
1848        struct strbuf buf = STRBUF_INIT;
1849
1850        packet_buf_write(&buf, "unpack %s\n",
1851                         unpack_status ? unpack_status : "ok");
1852        for (cmd = commands; cmd; cmd = cmd->next) {
1853                if (!cmd->error_string)
1854                        packet_buf_write(&buf, "ok %s\n",
1855                                         cmd->ref_name);
1856                else
1857                        packet_buf_write(&buf, "ng %s %s\n",
1858                                         cmd->ref_name, cmd->error_string);
1859        }
1860        packet_buf_flush(&buf);
1861
1862        if (use_sideband)
1863                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1864        else
1865                write_or_die(1, buf.buf, buf.len);
1866        strbuf_release(&buf);
1867}
1868
1869static int delete_only(struct command *commands)
1870{
1871        struct command *cmd;
1872        for (cmd = commands; cmd; cmd = cmd->next) {
1873                if (!is_null_oid(&cmd->new_oid))
1874                        return 0;
1875        }
1876        return 1;
1877}
1878
1879int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1880{
1881        int advertise_refs = 0;
1882        struct command *commands;
1883        struct oid_array shallow = OID_ARRAY_INIT;
1884        struct oid_array ref = OID_ARRAY_INIT;
1885        struct shallow_info si;
1886
1887        struct option options[] = {
1888                OPT__QUIET(&quiet, N_("quiet")),
1889                OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1890                OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1891                OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1892                OPT_END()
1893        };
1894
1895        packet_trace_identity("receive-pack");
1896
1897        argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1898
1899        if (argc > 1)
1900                usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1901        if (argc == 0)
1902                usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1903
1904        service_dir = argv[0];
1905
1906        setup_path();
1907
1908        if (!enter_repo(service_dir, 0))
1909                die("'%s' does not appear to be a git repository", service_dir);
1910
1911        git_config(receive_pack_config, NULL);
1912        if (cert_nonce_seed)
1913                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1914
1915        if (0 <= transfer_unpack_limit)
1916                unpack_limit = transfer_unpack_limit;
1917        else if (0 <= receive_unpack_limit)
1918                unpack_limit = receive_unpack_limit;
1919
1920        if (advertise_refs || !stateless_rpc) {
1921                write_head_info();
1922        }
1923        if (advertise_refs)
1924                return 0;
1925
1926        if ((commands = read_head_info(&shallow)) != NULL) {
1927                const char *unpack_status = NULL;
1928                struct string_list push_options = STRING_LIST_INIT_DUP;
1929
1930                if (use_push_options)
1931                        read_push_options(&push_options);
1932
1933                prepare_shallow_info(&si, &shallow);
1934                if (!si.nr_ours && !si.nr_theirs)
1935                        shallow_update = 0;
1936                if (!delete_only(commands)) {
1937                        unpack_status = unpack_with_sideband(&si);
1938                        update_shallow_info(commands, &si, &ref);
1939                }
1940                use_keepalive = KEEPALIVE_ALWAYS;
1941                execute_commands(commands, unpack_status, &si,
1942                                 &push_options);
1943                if (pack_lockfile)
1944                        unlink_or_warn(pack_lockfile);
1945                if (report_status)
1946                        report(commands, unpack_status);
1947                run_receive_hook(commands, "post-receive", 1,
1948                                 &push_options);
1949                run_update_post_hook(commands);
1950                string_list_clear(&push_options, 0);
1951                if (auto_gc) {
1952                        const char *argv_gc_auto[] = {
1953                                "gc", "--auto", "--quiet", NULL,
1954                        };
1955                        struct child_process proc = CHILD_PROCESS_INIT;
1956
1957                        proc.no_stdin = 1;
1958                        proc.stdout_to_stderr = 1;
1959                        proc.err = use_sideband ? -1 : 0;
1960                        proc.git_cmd = 1;
1961                        proc.argv = argv_gc_auto;
1962
1963                        close_all_packs();
1964                        if (!start_command(&proc)) {
1965                                if (use_sideband)
1966                                        copy_to_sideband(proc.err, -1, NULL);
1967                                finish_command(&proc);
1968                        }
1969                }
1970                if (auto_update_server_info)
1971                        update_server_info(0);
1972                clear_shallow_info(&si);
1973        }
1974        if (use_sideband)
1975                packet_flush(1);
1976        oid_array_clear(&shallow);
1977        oid_array_clear(&ref);
1978        free((void *)push_cert_nonce);
1979        return 0;
1980}