1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24
25static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28};
29
30enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36};
37
38static int deny_deletes;
39static int deny_non_fast_forwards;
40static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42static int receive_fsck_objects = -1;
43static int transfer_fsck_objects = -1;
44static struct strbuf fsck_msg_types = STRBUF_INIT;
45static int receive_unpack_limit = -1;
46static int transfer_unpack_limit = -1;
47static int advertise_atomic_push = 1;
48static int advertise_push_options;
49static int unpack_limit = 100;
50static off_t max_input_size;
51static int report_status;
52static int use_sideband;
53static int use_atomic;
54static int use_push_options;
55static int quiet;
56static int prefer_ofs_delta = 1;
57static int auto_update_server_info;
58static int auto_gc = 1;
59static int reject_thin;
60static int stateless_rpc;
61static const char *service_dir;
62static const char *head_name;
63static void *head_name_to_free;
64static int sent_capabilities;
65static int shallow_update;
66static const char *alt_shallow_file;
67static struct strbuf push_cert = STRBUF_INIT;
68static unsigned char push_cert_sha1[20];
69static struct signature_check sigcheck;
70static const char *push_cert_nonce;
71static const char *cert_nonce_seed;
72
73static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74static const char *NONCE_BAD = "BAD";
75static const char *NONCE_MISSING = "MISSING";
76static const char *NONCE_OK = "OK";
77static const char *NONCE_SLOP = "SLOP";
78static const char *nonce_status;
79static long nonce_stamp_slop;
80static unsigned long nonce_stamp_slop_limit;
81static struct ref_transaction *transaction;
82
83static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87} use_keepalive;
88static int keepalive_in_sec = 5;
89
90static struct tmp_objdir *tmp_objdir;
91
92static enum deny_action parse_deny_action(const char *var, const char *value)
93{
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107}
108
109static int receive_pack_config(const char *var, const char *value, void *cb)
110{
111 int status = parse_hide_refs_config(var, value, "receive");
112
113 if (status)
114 return status;
115
116 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125
126 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138
139 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146
147 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155
156 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165
166 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198
199 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213
214 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218
219 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223
224 return git_default_config(var, value, cb);
225}
226
227static void show_ref(const char *path, const unsigned char *sha1)
228{
229 if (sent_capabilities) {
230 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233
234 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write_fmt(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250}
251
252static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254{
255 const char *path = strip_namespace(path_full);
256
257 if (ref_is_hidden(path, path_full))
258 return 0;
259
260 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272}
273
274static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275{
276 show_ref(".have", sha1);
277 return 0;
278}
279
280static void collect_one_alternate_ref(const char *refname,
281 const struct object_id *oid,
282 void *data)
283{
284 struct sha1_array *sa = data;
285 sha1_array_append(sa, oid->hash);
286}
287
288static void write_head_info(void)
289{
290 struct sha1_array sa = SHA1_ARRAY_INIT;
291
292 for_each_alternate_ref(collect_one_alternate_ref, &sa);
293 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
294 sha1_array_clear(&sa);
295 for_each_ref(show_ref_cb, NULL);
296 if (!sent_capabilities)
297 show_ref("capabilities^{}", null_sha1);
298
299 advertise_shallow_grafts(1);
300
301 /* EOF */
302 packet_flush(1);
303}
304
305struct command {
306 struct command *next;
307 const char *error_string;
308 unsigned int skip_update:1,
309 did_not_exist:1;
310 int index;
311 unsigned char old_sha1[20];
312 unsigned char new_sha1[20];
313 char ref_name[FLEX_ARRAY]; /* more */
314};
315
316static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
317static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
318
319static void report_message(const char *prefix, const char *err, va_list params)
320{
321 int sz;
322 char msg[4096];
323
324 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
325 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
326 if (sz > (sizeof(msg) - 1))
327 sz = sizeof(msg) - 1;
328 msg[sz++] = '\n';
329
330 if (use_sideband)
331 send_sideband(1, 2, msg, sz, use_sideband);
332 else
333 xwrite(2, msg, sz);
334}
335
336static void rp_warning(const char *err, ...)
337{
338 va_list params;
339 va_start(params, err);
340 report_message("warning: ", err, params);
341 va_end(params);
342}
343
344static void rp_error(const char *err, ...)
345{
346 va_list params;
347 va_start(params, err);
348 report_message("error: ", err, params);
349 va_end(params);
350}
351
352static int copy_to_sideband(int in, int out, void *arg)
353{
354 char data[128];
355 int keepalive_active = 0;
356
357 if (keepalive_in_sec <= 0)
358 use_keepalive = KEEPALIVE_NEVER;
359 if (use_keepalive == KEEPALIVE_ALWAYS)
360 keepalive_active = 1;
361
362 while (1) {
363 ssize_t sz;
364
365 if (keepalive_active) {
366 struct pollfd pfd;
367 int ret;
368
369 pfd.fd = in;
370 pfd.events = POLLIN;
371 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
372
373 if (ret < 0) {
374 if (errno == EINTR)
375 continue;
376 else
377 break;
378 } else if (ret == 0) {
379 /* no data; send a keepalive packet */
380 static const char buf[] = "0005\1";
381 write_or_die(1, buf, sizeof(buf) - 1);
382 continue;
383 } /* else there is actual data to read */
384 }
385
386 sz = xread(in, data, sizeof(data));
387 if (sz <= 0)
388 break;
389
390 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
391 const char *p = memchr(data, '\0', sz);
392 if (p) {
393 /*
394 * The NUL tells us to start sending keepalives. Make
395 * sure we send any other data we read along
396 * with it.
397 */
398 keepalive_active = 1;
399 send_sideband(1, 2, data, p - data, use_sideband);
400 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
401 continue;
402 }
403 }
404
405 /*
406 * Either we're not looking for a NUL signal, or we didn't see
407 * it yet; just pass along the data.
408 */
409 send_sideband(1, 2, data, sz, use_sideband);
410 }
411 close(in);
412 return 0;
413}
414
415#define HMAC_BLOCK_SIZE 64
416
417static void hmac_sha1(unsigned char *out,
418 const char *key_in, size_t key_len,
419 const char *text, size_t text_len)
420{
421 unsigned char key[HMAC_BLOCK_SIZE];
422 unsigned char k_ipad[HMAC_BLOCK_SIZE];
423 unsigned char k_opad[HMAC_BLOCK_SIZE];
424 int i;
425 git_SHA_CTX ctx;
426
427 /* RFC 2104 2. (1) */
428 memset(key, '\0', HMAC_BLOCK_SIZE);
429 if (HMAC_BLOCK_SIZE < key_len) {
430 git_SHA1_Init(&ctx);
431 git_SHA1_Update(&ctx, key_in, key_len);
432 git_SHA1_Final(key, &ctx);
433 } else {
434 memcpy(key, key_in, key_len);
435 }
436
437 /* RFC 2104 2. (2) & (5) */
438 for (i = 0; i < sizeof(key); i++) {
439 k_ipad[i] = key[i] ^ 0x36;
440 k_opad[i] = key[i] ^ 0x5c;
441 }
442
443 /* RFC 2104 2. (3) & (4) */
444 git_SHA1_Init(&ctx);
445 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
446 git_SHA1_Update(&ctx, text, text_len);
447 git_SHA1_Final(out, &ctx);
448
449 /* RFC 2104 2. (6) & (7) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
452 git_SHA1_Update(&ctx, out, 20);
453 git_SHA1_Final(out, &ctx);
454}
455
456static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
457{
458 struct strbuf buf = STRBUF_INIT;
459 unsigned char sha1[20];
460
461 strbuf_addf(&buf, "%s:%lu", path, stamp);
462 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
463 strbuf_release(&buf);
464
465 /* RFC 2104 5. HMAC-SHA1-80 */
466 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
467 return strbuf_detach(&buf, NULL);
468}
469
470/*
471 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
472 * after dropping "_commit" from its name and possibly moving it out
473 * of commit.c
474 */
475static char *find_header(const char *msg, size_t len, const char *key)
476{
477 int key_len = strlen(key);
478 const char *line = msg;
479
480 while (line && line < msg + len) {
481 const char *eol = strchrnul(line, '\n');
482
483 if ((msg + len <= eol) || line == eol)
484 return NULL;
485 if (line + key_len < eol &&
486 !memcmp(line, key, key_len) && line[key_len] == ' ') {
487 int offset = key_len + 1;
488 return xmemdupz(line + offset, (eol - line) - offset);
489 }
490 line = *eol ? eol + 1 : NULL;
491 }
492 return NULL;
493}
494
495static const char *check_nonce(const char *buf, size_t len)
496{
497 char *nonce = find_header(buf, len, "nonce");
498 unsigned long stamp, ostamp;
499 char *bohmac, *expect = NULL;
500 const char *retval = NONCE_BAD;
501
502 if (!nonce) {
503 retval = NONCE_MISSING;
504 goto leave;
505 } else if (!push_cert_nonce) {
506 retval = NONCE_UNSOLICITED;
507 goto leave;
508 } else if (!strcmp(push_cert_nonce, nonce)) {
509 retval = NONCE_OK;
510 goto leave;
511 }
512
513 if (!stateless_rpc) {
514 /* returned nonce MUST match what we gave out earlier */
515 retval = NONCE_BAD;
516 goto leave;
517 }
518
519 /*
520 * In stateless mode, we may be receiving a nonce issued by
521 * another instance of the server that serving the same
522 * repository, and the timestamps may not match, but the
523 * nonce-seed and dir should match, so we can recompute and
524 * report the time slop.
525 *
526 * In addition, when a nonce issued by another instance has
527 * timestamp within receive.certnonceslop seconds, we pretend
528 * as if we issued that nonce when reporting to the hook.
529 */
530
531 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
532 if (*nonce <= '0' || '9' < *nonce) {
533 retval = NONCE_BAD;
534 goto leave;
535 }
536 stamp = strtoul(nonce, &bohmac, 10);
537 if (bohmac == nonce || bohmac[0] != '-') {
538 retval = NONCE_BAD;
539 goto leave;
540 }
541
542 expect = prepare_push_cert_nonce(service_dir, stamp);
543 if (strcmp(expect, nonce)) {
544 /* Not what we would have signed earlier */
545 retval = NONCE_BAD;
546 goto leave;
547 }
548
549 /*
550 * By how many seconds is this nonce stale? Negative value
551 * would mean it was issued by another server with its clock
552 * skewed in the future.
553 */
554 ostamp = strtoul(push_cert_nonce, NULL, 10);
555 nonce_stamp_slop = (long)ostamp - (long)stamp;
556
557 if (nonce_stamp_slop_limit &&
558 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
559 /*
560 * Pretend as if the received nonce (which passes the
561 * HMAC check, so it is not a forged by third-party)
562 * is what we issued.
563 */
564 free((void *)push_cert_nonce);
565 push_cert_nonce = xstrdup(nonce);
566 retval = NONCE_OK;
567 } else {
568 retval = NONCE_SLOP;
569 }
570
571leave:
572 free(nonce);
573 free(expect);
574 return retval;
575}
576
577static void prepare_push_cert_sha1(struct child_process *proc)
578{
579 static int already_done;
580
581 if (!push_cert.len)
582 return;
583
584 if (!already_done) {
585 struct strbuf gpg_output = STRBUF_INIT;
586 struct strbuf gpg_status = STRBUF_INIT;
587 int bogs /* beginning_of_gpg_sig */;
588
589 already_done = 1;
590 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
591 hashclr(push_cert_sha1);
592
593 memset(&sigcheck, '\0', sizeof(sigcheck));
594 sigcheck.result = 'N';
595
596 bogs = parse_signature(push_cert.buf, push_cert.len);
597 if (verify_signed_buffer(push_cert.buf, bogs,
598 push_cert.buf + bogs, push_cert.len - bogs,
599 &gpg_output, &gpg_status) < 0) {
600 ; /* error running gpg */
601 } else {
602 sigcheck.payload = push_cert.buf;
603 sigcheck.gpg_output = gpg_output.buf;
604 sigcheck.gpg_status = gpg_status.buf;
605 parse_gpg_output(&sigcheck);
606 }
607
608 strbuf_release(&gpg_output);
609 strbuf_release(&gpg_status);
610 nonce_status = check_nonce(push_cert.buf, bogs);
611 }
612 if (!is_null_sha1(push_cert_sha1)) {
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
614 sha1_to_hex(push_cert_sha1));
615 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
616 sigcheck.signer ? sigcheck.signer : "");
617 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
618 sigcheck.key ? sigcheck.key : "");
619 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
620 sigcheck.result);
621 if (push_cert_nonce) {
622 argv_array_pushf(&proc->env_array,
623 "GIT_PUSH_CERT_NONCE=%s",
624 push_cert_nonce);
625 argv_array_pushf(&proc->env_array,
626 "GIT_PUSH_CERT_NONCE_STATUS=%s",
627 nonce_status);
628 if (nonce_status == NONCE_SLOP)
629 argv_array_pushf(&proc->env_array,
630 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
631 nonce_stamp_slop);
632 }
633 }
634}
635
636struct receive_hook_feed_state {
637 struct command *cmd;
638 int skip_broken;
639 struct strbuf buf;
640 const struct string_list *push_options;
641};
642
643typedef int (*feed_fn)(void *, const char **, size_t *);
644static int run_and_feed_hook(const char *hook_name, feed_fn feed,
645 struct receive_hook_feed_state *feed_state)
646{
647 struct child_process proc = CHILD_PROCESS_INIT;
648 struct async muxer;
649 const char *argv[2];
650 int code;
651
652 argv[0] = find_hook(hook_name);
653 if (!argv[0])
654 return 0;
655
656 argv[1] = NULL;
657
658 proc.argv = argv;
659 proc.in = -1;
660 proc.stdout_to_stderr = 1;
661 if (feed_state->push_options) {
662 int i;
663 for (i = 0; i < feed_state->push_options->nr; i++)
664 argv_array_pushf(&proc.env_array,
665 "GIT_PUSH_OPTION_%d=%s", i,
666 feed_state->push_options->items[i].string);
667 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
668 feed_state->push_options->nr);
669 } else
670 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
671
672 if (tmp_objdir)
673 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
674
675 if (use_sideband) {
676 memset(&muxer, 0, sizeof(muxer));
677 muxer.proc = copy_to_sideband;
678 muxer.in = -1;
679 code = start_async(&muxer);
680 if (code)
681 return code;
682 proc.err = muxer.in;
683 }
684
685 prepare_push_cert_sha1(&proc);
686
687 code = start_command(&proc);
688 if (code) {
689 if (use_sideband)
690 finish_async(&muxer);
691 return code;
692 }
693
694 sigchain_push(SIGPIPE, SIG_IGN);
695
696 while (1) {
697 const char *buf;
698 size_t n;
699 if (feed(feed_state, &buf, &n))
700 break;
701 if (write_in_full(proc.in, buf, n) != n)
702 break;
703 }
704 close(proc.in);
705 if (use_sideband)
706 finish_async(&muxer);
707
708 sigchain_pop(SIGPIPE);
709
710 return finish_command(&proc);
711}
712
713static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
714{
715 struct receive_hook_feed_state *state = state_;
716 struct command *cmd = state->cmd;
717
718 while (cmd &&
719 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
720 cmd = cmd->next;
721 if (!cmd)
722 return -1; /* EOF */
723 strbuf_reset(&state->buf);
724 strbuf_addf(&state->buf, "%s %s %s\n",
725 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
726 cmd->ref_name);
727 state->cmd = cmd->next;
728 if (bufp) {
729 *bufp = state->buf.buf;
730 *sizep = state->buf.len;
731 }
732 return 0;
733}
734
735static int run_receive_hook(struct command *commands,
736 const char *hook_name,
737 int skip_broken,
738 const struct string_list *push_options)
739{
740 struct receive_hook_feed_state state;
741 int status;
742
743 strbuf_init(&state.buf, 0);
744 state.cmd = commands;
745 state.skip_broken = skip_broken;
746 if (feed_receive_hook(&state, NULL, NULL))
747 return 0;
748 state.cmd = commands;
749 state.push_options = push_options;
750 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
751 strbuf_release(&state.buf);
752 return status;
753}
754
755static int run_update_hook(struct command *cmd)
756{
757 const char *argv[5];
758 struct child_process proc = CHILD_PROCESS_INIT;
759 int code;
760
761 argv[0] = find_hook("update");
762 if (!argv[0])
763 return 0;
764
765 argv[1] = cmd->ref_name;
766 argv[2] = sha1_to_hex(cmd->old_sha1);
767 argv[3] = sha1_to_hex(cmd->new_sha1);
768 argv[4] = NULL;
769
770 proc.no_stdin = 1;
771 proc.stdout_to_stderr = 1;
772 proc.err = use_sideband ? -1 : 0;
773 proc.argv = argv;
774 proc.env = tmp_objdir_env(tmp_objdir);
775
776 code = start_command(&proc);
777 if (code)
778 return code;
779 if (use_sideband)
780 copy_to_sideband(proc.err, -1, NULL);
781 return finish_command(&proc);
782}
783
784static int is_ref_checked_out(const char *ref)
785{
786 if (is_bare_repository())
787 return 0;
788
789 if (!head_name)
790 return 0;
791 return !strcmp(head_name, ref);
792}
793
794static char *refuse_unconfigured_deny_msg =
795 N_("By default, updating the current branch in a non-bare repository\n"
796 "is denied, because it will make the index and work tree inconsistent\n"
797 "with what you pushed, and will require 'git reset --hard' to match\n"
798 "the work tree to HEAD.\n"
799 "\n"
800 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
801 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
802 "its current branch; however, this is not recommended unless you\n"
803 "arranged to update its work tree to match what you pushed in some\n"
804 "other way.\n"
805 "\n"
806 "To squelch this message and still keep the default behaviour, set\n"
807 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
808
809static void refuse_unconfigured_deny(void)
810{
811 rp_error("%s", _(refuse_unconfigured_deny_msg));
812}
813
814static char *refuse_unconfigured_deny_delete_current_msg =
815 N_("By default, deleting the current branch is denied, because the next\n"
816 "'git clone' won't result in any file checked out, causing confusion.\n"
817 "\n"
818 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
819 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
820 "current branch, with or without a warning message.\n"
821 "\n"
822 "To squelch this message, you can set it to 'refuse'.");
823
824static void refuse_unconfigured_deny_delete_current(void)
825{
826 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
827}
828
829static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
830static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
831{
832 static struct lock_file shallow_lock;
833 struct sha1_array extra = SHA1_ARRAY_INIT;
834 struct check_connected_options opt = CHECK_CONNECTED_INIT;
835 uint32_t mask = 1 << (cmd->index % 32);
836 int i;
837
838 trace_printf_key(&trace_shallow,
839 "shallow: update_shallow_ref %s\n", cmd->ref_name);
840 for (i = 0; i < si->shallow->nr; i++)
841 if (si->used_shallow[i] &&
842 (si->used_shallow[i][cmd->index / 32] & mask) &&
843 !delayed_reachability_test(si, i))
844 sha1_array_append(&extra, si->shallow->sha1[i]);
845
846 opt.env = tmp_objdir_env(tmp_objdir);
847 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
848 if (check_connected(command_singleton_iterator, cmd, &opt)) {
849 rollback_lock_file(&shallow_lock);
850 sha1_array_clear(&extra);
851 return -1;
852 }
853
854 commit_lock_file(&shallow_lock);
855
856 /*
857 * Make sure setup_alternate_shallow() for the next ref does
858 * not lose these new roots..
859 */
860 for (i = 0; i < extra.nr; i++)
861 register_shallow(extra.sha1[i]);
862
863 si->shallow_ref[cmd->index] = 0;
864 sha1_array_clear(&extra);
865 return 0;
866}
867
868/*
869 * NEEDSWORK: we should consolidate various implementions of "are we
870 * on an unborn branch?" test into one, and make the unified one more
871 * robust. !get_sha1() based check used here and elsewhere would not
872 * allow us to tell an unborn branch from corrupt ref, for example.
873 * For the purpose of fixing "deploy-to-update does not work when
874 * pushing into an empty repository" issue, this should suffice for
875 * now.
876 */
877static int head_has_history(void)
878{
879 unsigned char sha1[20];
880
881 return !get_sha1("HEAD", sha1);
882}
883
884static const char *push_to_deploy(unsigned char *sha1,
885 struct argv_array *env,
886 const char *work_tree)
887{
888 const char *update_refresh[] = {
889 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
890 };
891 const char *diff_files[] = {
892 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
893 };
894 const char *diff_index[] = {
895 "diff-index", "--quiet", "--cached", "--ignore-submodules",
896 NULL, "--", NULL
897 };
898 const char *read_tree[] = {
899 "read-tree", "-u", "-m", NULL, NULL
900 };
901 struct child_process child = CHILD_PROCESS_INIT;
902
903 child.argv = update_refresh;
904 child.env = env->argv;
905 child.dir = work_tree;
906 child.no_stdin = 1;
907 child.stdout_to_stderr = 1;
908 child.git_cmd = 1;
909 if (run_command(&child))
910 return "Up-to-date check failed";
911
912 /* run_command() does not clean up completely; reinitialize */
913 child_process_init(&child);
914 child.argv = diff_files;
915 child.env = env->argv;
916 child.dir = work_tree;
917 child.no_stdin = 1;
918 child.stdout_to_stderr = 1;
919 child.git_cmd = 1;
920 if (run_command(&child))
921 return "Working directory has unstaged changes";
922
923 /* diff-index with either HEAD or an empty tree */
924 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
925
926 child_process_init(&child);
927 child.argv = diff_index;
928 child.env = env->argv;
929 child.no_stdin = 1;
930 child.no_stdout = 1;
931 child.stdout_to_stderr = 0;
932 child.git_cmd = 1;
933 if (run_command(&child))
934 return "Working directory has staged changes";
935
936 read_tree[3] = sha1_to_hex(sha1);
937 child_process_init(&child);
938 child.argv = read_tree;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.no_stdout = 1;
943 child.stdout_to_stderr = 0;
944 child.git_cmd = 1;
945 if (run_command(&child))
946 return "Could not update working tree to new HEAD";
947
948 return NULL;
949}
950
951static const char *push_to_checkout_hook = "push-to-checkout";
952
953static const char *push_to_checkout(unsigned char *sha1,
954 struct argv_array *env,
955 const char *work_tree)
956{
957 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
958 if (run_hook_le(env->argv, push_to_checkout_hook,
959 sha1_to_hex(sha1), NULL))
960 return "push-to-checkout hook declined";
961 else
962 return NULL;
963}
964
965static const char *update_worktree(unsigned char *sha1)
966{
967 const char *retval;
968 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
969 struct argv_array env = ARGV_ARRAY_INIT;
970
971 if (is_bare_repository())
972 return "denyCurrentBranch = updateInstead needs a worktree";
973
974 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
975
976 if (!find_hook(push_to_checkout_hook))
977 retval = push_to_deploy(sha1, &env, work_tree);
978 else
979 retval = push_to_checkout(sha1, &env, work_tree);
980
981 argv_array_clear(&env);
982 return retval;
983}
984
985static const char *update(struct command *cmd, struct shallow_info *si)
986{
987 const char *name = cmd->ref_name;
988 struct strbuf namespaced_name_buf = STRBUF_INIT;
989 const char *namespaced_name, *ret;
990 unsigned char *old_sha1 = cmd->old_sha1;
991 unsigned char *new_sha1 = cmd->new_sha1;
992
993 /* only refs/... are allowed */
994 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
995 rp_error("refusing to create funny ref '%s' remotely", name);
996 return "funny refname";
997 }
998
999 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1000 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1001
1002 if (is_ref_checked_out(namespaced_name)) {
1003 switch (deny_current_branch) {
1004 case DENY_IGNORE:
1005 break;
1006 case DENY_WARN:
1007 rp_warning("updating the current branch");
1008 break;
1009 case DENY_REFUSE:
1010 case DENY_UNCONFIGURED:
1011 rp_error("refusing to update checked out branch: %s", name);
1012 if (deny_current_branch == DENY_UNCONFIGURED)
1013 refuse_unconfigured_deny();
1014 return "branch is currently checked out";
1015 case DENY_UPDATE_INSTEAD:
1016 ret = update_worktree(new_sha1);
1017 if (ret)
1018 return ret;
1019 break;
1020 }
1021 }
1022
1023 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1024 error("unpack should have generated %s, "
1025 "but I can't find it!", sha1_to_hex(new_sha1));
1026 return "bad pack";
1027 }
1028
1029 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1030 if (deny_deletes && starts_with(name, "refs/heads/")) {
1031 rp_error("denying ref deletion for %s", name);
1032 return "deletion prohibited";
1033 }
1034
1035 if (head_name && !strcmp(namespaced_name, head_name)) {
1036 switch (deny_delete_current) {
1037 case DENY_IGNORE:
1038 break;
1039 case DENY_WARN:
1040 rp_warning("deleting the current branch");
1041 break;
1042 case DENY_REFUSE:
1043 case DENY_UNCONFIGURED:
1044 case DENY_UPDATE_INSTEAD:
1045 if (deny_delete_current == DENY_UNCONFIGURED)
1046 refuse_unconfigured_deny_delete_current();
1047 rp_error("refusing to delete the current branch: %s", name);
1048 return "deletion of the current branch prohibited";
1049 default:
1050 return "Invalid denyDeleteCurrent setting";
1051 }
1052 }
1053 }
1054
1055 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1056 !is_null_sha1(old_sha1) &&
1057 starts_with(name, "refs/heads/")) {
1058 struct object *old_object, *new_object;
1059 struct commit *old_commit, *new_commit;
1060
1061 old_object = parse_object(old_sha1);
1062 new_object = parse_object(new_sha1);
1063
1064 if (!old_object || !new_object ||
1065 old_object->type != OBJ_COMMIT ||
1066 new_object->type != OBJ_COMMIT) {
1067 error("bad sha1 objects for %s", name);
1068 return "bad ref";
1069 }
1070 old_commit = (struct commit *)old_object;
1071 new_commit = (struct commit *)new_object;
1072 if (!in_merge_bases(old_commit, new_commit)) {
1073 rp_error("denying non-fast-forward %s"
1074 " (you should pull first)", name);
1075 return "non-fast-forward";
1076 }
1077 }
1078 if (run_update_hook(cmd)) {
1079 rp_error("hook declined to update %s", name);
1080 return "hook declined";
1081 }
1082
1083 if (is_null_sha1(new_sha1)) {
1084 struct strbuf err = STRBUF_INIT;
1085 if (!parse_object(old_sha1)) {
1086 old_sha1 = NULL;
1087 if (ref_exists(name)) {
1088 rp_warning("Allowing deletion of corrupt ref.");
1089 } else {
1090 rp_warning("Deleting a non-existent ref.");
1091 cmd->did_not_exist = 1;
1092 }
1093 }
1094 if (ref_transaction_delete(transaction,
1095 namespaced_name,
1096 old_sha1,
1097 0, "push", &err)) {
1098 rp_error("%s", err.buf);
1099 strbuf_release(&err);
1100 return "failed to delete";
1101 }
1102 strbuf_release(&err);
1103 return NULL; /* good */
1104 }
1105 else {
1106 struct strbuf err = STRBUF_INIT;
1107 if (shallow_update && si->shallow_ref[cmd->index] &&
1108 update_shallow_ref(cmd, si))
1109 return "shallow error";
1110
1111 if (ref_transaction_update(transaction,
1112 namespaced_name,
1113 new_sha1, old_sha1,
1114 0, "push",
1115 &err)) {
1116 rp_error("%s", err.buf);
1117 strbuf_release(&err);
1118
1119 return "failed to update ref";
1120 }
1121 strbuf_release(&err);
1122
1123 return NULL; /* good */
1124 }
1125}
1126
1127static void run_update_post_hook(struct command *commands)
1128{
1129 struct command *cmd;
1130 int argc;
1131 struct child_process proc = CHILD_PROCESS_INIT;
1132 const char *hook;
1133
1134 hook = find_hook("post-update");
1135 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1136 if (cmd->error_string || cmd->did_not_exist)
1137 continue;
1138 argc++;
1139 }
1140 if (!argc || !hook)
1141 return;
1142
1143 argv_array_push(&proc.args, hook);
1144 for (cmd = commands; cmd; cmd = cmd->next) {
1145 if (cmd->error_string || cmd->did_not_exist)
1146 continue;
1147 argv_array_push(&proc.args, cmd->ref_name);
1148 }
1149
1150 proc.no_stdin = 1;
1151 proc.stdout_to_stderr = 1;
1152 proc.err = use_sideband ? -1 : 0;
1153
1154 if (!start_command(&proc)) {
1155 if (use_sideband)
1156 copy_to_sideband(proc.err, -1, NULL);
1157 finish_command(&proc);
1158 }
1159}
1160
1161static void check_aliased_update(struct command *cmd, struct string_list *list)
1162{
1163 struct strbuf buf = STRBUF_INIT;
1164 const char *dst_name;
1165 struct string_list_item *item;
1166 struct command *dst_cmd;
1167 unsigned char sha1[GIT_SHA1_RAWSZ];
1168 int flag;
1169
1170 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1171 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1172 strbuf_release(&buf);
1173
1174 if (!(flag & REF_ISSYMREF))
1175 return;
1176
1177 if (!dst_name) {
1178 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1179 cmd->skip_update = 1;
1180 cmd->error_string = "broken symref";
1181 return;
1182 }
1183 dst_name = strip_namespace(dst_name);
1184
1185 if ((item = string_list_lookup(list, dst_name)) == NULL)
1186 return;
1187
1188 cmd->skip_update = 1;
1189
1190 dst_cmd = (struct command *) item->util;
1191
1192 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1193 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1194 return;
1195
1196 dst_cmd->skip_update = 1;
1197
1198 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1199 " its target '%s' (%s..%s)",
1200 cmd->ref_name,
1201 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1202 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1203 dst_cmd->ref_name,
1204 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1205 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1206
1207 cmd->error_string = dst_cmd->error_string =
1208 "inconsistent aliased update";
1209}
1210
1211static void check_aliased_updates(struct command *commands)
1212{
1213 struct command *cmd;
1214 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1215
1216 for (cmd = commands; cmd; cmd = cmd->next) {
1217 struct string_list_item *item =
1218 string_list_append(&ref_list, cmd->ref_name);
1219 item->util = (void *)cmd;
1220 }
1221 string_list_sort(&ref_list);
1222
1223 for (cmd = commands; cmd; cmd = cmd->next) {
1224 if (!cmd->error_string)
1225 check_aliased_update(cmd, &ref_list);
1226 }
1227
1228 string_list_clear(&ref_list, 0);
1229}
1230
1231static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1232{
1233 struct command **cmd_list = cb_data;
1234 struct command *cmd = *cmd_list;
1235
1236 if (!cmd || is_null_sha1(cmd->new_sha1))
1237 return -1; /* end of list */
1238 *cmd_list = NULL; /* this returns only one */
1239 hashcpy(sha1, cmd->new_sha1);
1240 return 0;
1241}
1242
1243static void set_connectivity_errors(struct command *commands,
1244 struct shallow_info *si)
1245{
1246 struct command *cmd;
1247
1248 for (cmd = commands; cmd; cmd = cmd->next) {
1249 struct command *singleton = cmd;
1250 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1251
1252 if (shallow_update && si->shallow_ref[cmd->index])
1253 /* to be checked in update_shallow_ref() */
1254 continue;
1255
1256 opt.env = tmp_objdir_env(tmp_objdir);
1257 if (!check_connected(command_singleton_iterator, &singleton,
1258 &opt))
1259 continue;
1260
1261 cmd->error_string = "missing necessary objects";
1262 }
1263}
1264
1265struct iterate_data {
1266 struct command *cmds;
1267 struct shallow_info *si;
1268};
1269
1270static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1271{
1272 struct iterate_data *data = cb_data;
1273 struct command **cmd_list = &data->cmds;
1274 struct command *cmd = *cmd_list;
1275
1276 for (; cmd; cmd = cmd->next) {
1277 if (shallow_update && data->si->shallow_ref[cmd->index])
1278 /* to be checked in update_shallow_ref() */
1279 continue;
1280 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1281 hashcpy(sha1, cmd->new_sha1);
1282 *cmd_list = cmd->next;
1283 return 0;
1284 }
1285 }
1286 *cmd_list = NULL;
1287 return -1; /* end of list */
1288}
1289
1290static void reject_updates_to_hidden(struct command *commands)
1291{
1292 struct strbuf refname_full = STRBUF_INIT;
1293 size_t prefix_len;
1294 struct command *cmd;
1295
1296 strbuf_addstr(&refname_full, get_git_namespace());
1297 prefix_len = refname_full.len;
1298
1299 for (cmd = commands; cmd; cmd = cmd->next) {
1300 if (cmd->error_string)
1301 continue;
1302
1303 strbuf_setlen(&refname_full, prefix_len);
1304 strbuf_addstr(&refname_full, cmd->ref_name);
1305
1306 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1307 continue;
1308 if (is_null_sha1(cmd->new_sha1))
1309 cmd->error_string = "deny deleting a hidden ref";
1310 else
1311 cmd->error_string = "deny updating a hidden ref";
1312 }
1313
1314 strbuf_release(&refname_full);
1315}
1316
1317static int should_process_cmd(struct command *cmd)
1318{
1319 return !cmd->error_string && !cmd->skip_update;
1320}
1321
1322static void warn_if_skipped_connectivity_check(struct command *commands,
1323 struct shallow_info *si)
1324{
1325 struct command *cmd;
1326 int checked_connectivity = 1;
1327
1328 for (cmd = commands; cmd; cmd = cmd->next) {
1329 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1330 error("BUG: connectivity check has not been run on ref %s",
1331 cmd->ref_name);
1332 checked_connectivity = 0;
1333 }
1334 }
1335 if (!checked_connectivity)
1336 die("BUG: connectivity check skipped???");
1337}
1338
1339static void execute_commands_non_atomic(struct command *commands,
1340 struct shallow_info *si)
1341{
1342 struct command *cmd;
1343 struct strbuf err = STRBUF_INIT;
1344
1345 for (cmd = commands; cmd; cmd = cmd->next) {
1346 if (!should_process_cmd(cmd))
1347 continue;
1348
1349 transaction = ref_transaction_begin(&err);
1350 if (!transaction) {
1351 rp_error("%s", err.buf);
1352 strbuf_reset(&err);
1353 cmd->error_string = "transaction failed to start";
1354 continue;
1355 }
1356
1357 cmd->error_string = update(cmd, si);
1358
1359 if (!cmd->error_string
1360 && ref_transaction_commit(transaction, &err)) {
1361 rp_error("%s", err.buf);
1362 strbuf_reset(&err);
1363 cmd->error_string = "failed to update ref";
1364 }
1365 ref_transaction_free(transaction);
1366 }
1367 strbuf_release(&err);
1368}
1369
1370static void execute_commands_atomic(struct command *commands,
1371 struct shallow_info *si)
1372{
1373 struct command *cmd;
1374 struct strbuf err = STRBUF_INIT;
1375 const char *reported_error = "atomic push failure";
1376
1377 transaction = ref_transaction_begin(&err);
1378 if (!transaction) {
1379 rp_error("%s", err.buf);
1380 strbuf_reset(&err);
1381 reported_error = "transaction failed to start";
1382 goto failure;
1383 }
1384
1385 for (cmd = commands; cmd; cmd = cmd->next) {
1386 if (!should_process_cmd(cmd))
1387 continue;
1388
1389 cmd->error_string = update(cmd, si);
1390
1391 if (cmd->error_string)
1392 goto failure;
1393 }
1394
1395 if (ref_transaction_commit(transaction, &err)) {
1396 rp_error("%s", err.buf);
1397 reported_error = "atomic transaction failed";
1398 goto failure;
1399 }
1400 goto cleanup;
1401
1402failure:
1403 for (cmd = commands; cmd; cmd = cmd->next)
1404 if (!cmd->error_string)
1405 cmd->error_string = reported_error;
1406
1407cleanup:
1408 ref_transaction_free(transaction);
1409 strbuf_release(&err);
1410}
1411
1412static void execute_commands(struct command *commands,
1413 const char *unpacker_error,
1414 struct shallow_info *si,
1415 const struct string_list *push_options)
1416{
1417 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1418 struct command *cmd;
1419 unsigned char sha1[20];
1420 struct iterate_data data;
1421 struct async muxer;
1422 int err_fd = 0;
1423
1424 if (unpacker_error) {
1425 for (cmd = commands; cmd; cmd = cmd->next)
1426 cmd->error_string = "unpacker error";
1427 return;
1428 }
1429
1430 if (use_sideband) {
1431 memset(&muxer, 0, sizeof(muxer));
1432 muxer.proc = copy_to_sideband;
1433 muxer.in = -1;
1434 if (!start_async(&muxer))
1435 err_fd = muxer.in;
1436 /* ...else, continue without relaying sideband */
1437 }
1438
1439 data.cmds = commands;
1440 data.si = si;
1441 opt.err_fd = err_fd;
1442 opt.progress = err_fd && !quiet;
1443 opt.env = tmp_objdir_env(tmp_objdir);
1444 if (check_connected(iterate_receive_command_list, &data, &opt))
1445 set_connectivity_errors(commands, si);
1446
1447 if (use_sideband)
1448 finish_async(&muxer);
1449
1450 reject_updates_to_hidden(commands);
1451
1452 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1453 for (cmd = commands; cmd; cmd = cmd->next) {
1454 if (!cmd->error_string)
1455 cmd->error_string = "pre-receive hook declined";
1456 }
1457 return;
1458 }
1459
1460 /*
1461 * Now we'll start writing out refs, which means the objects need
1462 * to be in their final positions so that other processes can see them.
1463 */
1464 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1465 for (cmd = commands; cmd; cmd = cmd->next) {
1466 if (!cmd->error_string)
1467 cmd->error_string = "unable to migrate objects to permanent storage";
1468 }
1469 return;
1470 }
1471 tmp_objdir = NULL;
1472
1473 check_aliased_updates(commands);
1474
1475 free(head_name_to_free);
1476 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1477
1478 if (use_atomic)
1479 execute_commands_atomic(commands, si);
1480 else
1481 execute_commands_non_atomic(commands, si);
1482
1483 if (shallow_update)
1484 warn_if_skipped_connectivity_check(commands, si);
1485}
1486
1487static struct command **queue_command(struct command **tail,
1488 const char *line,
1489 int linelen)
1490{
1491 unsigned char old_sha1[20], new_sha1[20];
1492 struct command *cmd;
1493 const char *refname;
1494 int reflen;
1495
1496 if (linelen < 83 ||
1497 line[40] != ' ' ||
1498 line[81] != ' ' ||
1499 get_sha1_hex(line, old_sha1) ||
1500 get_sha1_hex(line + 41, new_sha1))
1501 die("protocol error: expected old/new/ref, got '%s'", line);
1502
1503 refname = line + 82;
1504 reflen = linelen - 82;
1505 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1506 hashcpy(cmd->old_sha1, old_sha1);
1507 hashcpy(cmd->new_sha1, new_sha1);
1508 *tail = cmd;
1509 return &cmd->next;
1510}
1511
1512static void queue_commands_from_cert(struct command **tail,
1513 struct strbuf *push_cert)
1514{
1515 const char *boc, *eoc;
1516
1517 if (*tail)
1518 die("protocol error: got both push certificate and unsigned commands");
1519
1520 boc = strstr(push_cert->buf, "\n\n");
1521 if (!boc)
1522 die("malformed push certificate %.*s", 100, push_cert->buf);
1523 else
1524 boc += 2;
1525 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1526
1527 while (boc < eoc) {
1528 const char *eol = memchr(boc, '\n', eoc - boc);
1529 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1530 boc = eol ? eol + 1 : eoc;
1531 }
1532}
1533
1534static struct command *read_head_info(struct sha1_array *shallow)
1535{
1536 struct command *commands = NULL;
1537 struct command **p = &commands;
1538 for (;;) {
1539 char *line;
1540 int len, linelen;
1541
1542 line = packet_read_line(0, &len);
1543 if (!line)
1544 break;
1545
1546 if (len == 48 && starts_with(line, "shallow ")) {
1547 unsigned char sha1[20];
1548 if (get_sha1_hex(line + 8, sha1))
1549 die("protocol error: expected shallow sha, got '%s'",
1550 line + 8);
1551 sha1_array_append(shallow, sha1);
1552 continue;
1553 }
1554
1555 linelen = strlen(line);
1556 if (linelen < len) {
1557 const char *feature_list = line + linelen + 1;
1558 if (parse_feature_request(feature_list, "report-status"))
1559 report_status = 1;
1560 if (parse_feature_request(feature_list, "side-band-64k"))
1561 use_sideband = LARGE_PACKET_MAX;
1562 if (parse_feature_request(feature_list, "quiet"))
1563 quiet = 1;
1564 if (advertise_atomic_push
1565 && parse_feature_request(feature_list, "atomic"))
1566 use_atomic = 1;
1567 if (advertise_push_options
1568 && parse_feature_request(feature_list, "push-options"))
1569 use_push_options = 1;
1570 }
1571
1572 if (!strcmp(line, "push-cert")) {
1573 int true_flush = 0;
1574 char certbuf[1024];
1575
1576 for (;;) {
1577 len = packet_read(0, NULL, NULL,
1578 certbuf, sizeof(certbuf), 0);
1579 if (!len) {
1580 true_flush = 1;
1581 break;
1582 }
1583 if (!strcmp(certbuf, "push-cert-end\n"))
1584 break; /* end of cert */
1585 strbuf_addstr(&push_cert, certbuf);
1586 }
1587
1588 if (true_flush)
1589 break;
1590 continue;
1591 }
1592
1593 p = queue_command(p, line, linelen);
1594 }
1595
1596 if (push_cert.len)
1597 queue_commands_from_cert(p, &push_cert);
1598
1599 return commands;
1600}
1601
1602static void read_push_options(struct string_list *options)
1603{
1604 while (1) {
1605 char *line;
1606 int len;
1607
1608 line = packet_read_line(0, &len);
1609
1610 if (!line)
1611 break;
1612
1613 string_list_append(options, line);
1614 }
1615}
1616
1617static const char *parse_pack_header(struct pack_header *hdr)
1618{
1619 switch (read_pack_header(0, hdr)) {
1620 case PH_ERROR_EOF:
1621 return "eof before pack header was fully read";
1622
1623 case PH_ERROR_PACK_SIGNATURE:
1624 return "protocol error (pack signature mismatch detected)";
1625
1626 case PH_ERROR_PROTOCOL:
1627 return "protocol error (pack version unsupported)";
1628
1629 default:
1630 return "unknown error in parse_pack_header";
1631
1632 case 0:
1633 return NULL;
1634 }
1635}
1636
1637static const char *pack_lockfile;
1638
1639static const char *unpack(int err_fd, struct shallow_info *si)
1640{
1641 struct pack_header hdr;
1642 const char *hdr_err;
1643 int status;
1644 char hdr_arg[38];
1645 struct child_process child = CHILD_PROCESS_INIT;
1646 int fsck_objects = (receive_fsck_objects >= 0
1647 ? receive_fsck_objects
1648 : transfer_fsck_objects >= 0
1649 ? transfer_fsck_objects
1650 : 0);
1651
1652 hdr_err = parse_pack_header(&hdr);
1653 if (hdr_err) {
1654 if (err_fd > 0)
1655 close(err_fd);
1656 return hdr_err;
1657 }
1658 snprintf(hdr_arg, sizeof(hdr_arg),
1659 "--pack_header=%"PRIu32",%"PRIu32,
1660 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1661
1662 if (si->nr_ours || si->nr_theirs) {
1663 alt_shallow_file = setup_temporary_shallow(si->shallow);
1664 argv_array_push(&child.args, "--shallow-file");
1665 argv_array_push(&child.args, alt_shallow_file);
1666 }
1667
1668 tmp_objdir = tmp_objdir_create();
1669 if (!tmp_objdir)
1670 return "unable to create temporary object directory";
1671 child.env = tmp_objdir_env(tmp_objdir);
1672
1673 /*
1674 * Normally we just pass the tmp_objdir environment to the child
1675 * processes that do the heavy lifting, but we may need to see these
1676 * objects ourselves to set up shallow information.
1677 */
1678 tmp_objdir_add_as_alternate(tmp_objdir);
1679
1680 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1681 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1682 if (quiet)
1683 argv_array_push(&child.args, "-q");
1684 if (fsck_objects)
1685 argv_array_pushf(&child.args, "--strict%s",
1686 fsck_msg_types.buf);
1687 if (max_input_size)
1688 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1689 (uintmax_t)max_input_size);
1690 child.no_stdout = 1;
1691 child.err = err_fd;
1692 child.git_cmd = 1;
1693 status = run_command(&child);
1694 if (status)
1695 return "unpack-objects abnormal exit";
1696 } else {
1697 char hostname[256];
1698
1699 argv_array_pushl(&child.args, "index-pack",
1700 "--stdin", hdr_arg, NULL);
1701
1702 if (gethostname(hostname, sizeof(hostname)))
1703 xsnprintf(hostname, sizeof(hostname), "localhost");
1704 argv_array_pushf(&child.args,
1705 "--keep=receive-pack %"PRIuMAX" on %s",
1706 (uintmax_t)getpid(),
1707 hostname);
1708
1709 if (!quiet && err_fd)
1710 argv_array_push(&child.args, "--show-resolving-progress");
1711 if (use_sideband)
1712 argv_array_push(&child.args, "--report-end-of-input");
1713 if (fsck_objects)
1714 argv_array_pushf(&child.args, "--strict%s",
1715 fsck_msg_types.buf);
1716 if (!reject_thin)
1717 argv_array_push(&child.args, "--fix-thin");
1718 if (max_input_size)
1719 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1720 (uintmax_t)max_input_size);
1721 child.out = -1;
1722 child.err = err_fd;
1723 child.git_cmd = 1;
1724 status = start_command(&child);
1725 if (status)
1726 return "index-pack fork failed";
1727 pack_lockfile = index_pack_lockfile(child.out);
1728 close(child.out);
1729 status = finish_command(&child);
1730 if (status)
1731 return "index-pack abnormal exit";
1732 reprepare_packed_git();
1733 }
1734 return NULL;
1735}
1736
1737static const char *unpack_with_sideband(struct shallow_info *si)
1738{
1739 struct async muxer;
1740 const char *ret;
1741
1742 if (!use_sideband)
1743 return unpack(0, si);
1744
1745 use_keepalive = KEEPALIVE_AFTER_NUL;
1746 memset(&muxer, 0, sizeof(muxer));
1747 muxer.proc = copy_to_sideband;
1748 muxer.in = -1;
1749 if (start_async(&muxer))
1750 return NULL;
1751
1752 ret = unpack(muxer.in, si);
1753
1754 finish_async(&muxer);
1755 return ret;
1756}
1757
1758static void prepare_shallow_update(struct command *commands,
1759 struct shallow_info *si)
1760{
1761 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1762
1763 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1764 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1765
1766 si->need_reachability_test =
1767 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1768 si->reachable =
1769 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1770 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1771
1772 for (i = 0; i < si->nr_ours; i++)
1773 si->need_reachability_test[si->ours[i]] = 1;
1774
1775 for (i = 0; i < si->shallow->nr; i++) {
1776 if (!si->used_shallow[i])
1777 continue;
1778 for (j = 0; j < bitmap_size; j++) {
1779 if (!si->used_shallow[i][j])
1780 continue;
1781 si->need_reachability_test[i]++;
1782 for (k = 0; k < 32; k++)
1783 if (si->used_shallow[i][j] & (1U << k))
1784 si->shallow_ref[j * 32 + k]++;
1785 }
1786
1787 /*
1788 * true for those associated with some refs and belong
1789 * in "ours" list aka "step 7 not done yet"
1790 */
1791 si->need_reachability_test[i] =
1792 si->need_reachability_test[i] > 1;
1793 }
1794
1795 /*
1796 * keep hooks happy by forcing a temporary shallow file via
1797 * env variable because we can't add --shallow-file to every
1798 * command. check_everything_connected() will be done with
1799 * true .git/shallow though.
1800 */
1801 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1802}
1803
1804static void update_shallow_info(struct command *commands,
1805 struct shallow_info *si,
1806 struct sha1_array *ref)
1807{
1808 struct command *cmd;
1809 int *ref_status;
1810 remove_nonexistent_theirs_shallow(si);
1811 if (!si->nr_ours && !si->nr_theirs) {
1812 shallow_update = 0;
1813 return;
1814 }
1815
1816 for (cmd = commands; cmd; cmd = cmd->next) {
1817 if (is_null_sha1(cmd->new_sha1))
1818 continue;
1819 sha1_array_append(ref, cmd->new_sha1);
1820 cmd->index = ref->nr - 1;
1821 }
1822 si->ref = ref;
1823
1824 if (shallow_update) {
1825 prepare_shallow_update(commands, si);
1826 return;
1827 }
1828
1829 ALLOC_ARRAY(ref_status, ref->nr);
1830 assign_shallow_commits_to_refs(si, NULL, ref_status);
1831 for (cmd = commands; cmd; cmd = cmd->next) {
1832 if (is_null_sha1(cmd->new_sha1))
1833 continue;
1834 if (ref_status[cmd->index]) {
1835 cmd->error_string = "shallow update not allowed";
1836 cmd->skip_update = 1;
1837 }
1838 }
1839 free(ref_status);
1840}
1841
1842static void report(struct command *commands, const char *unpack_status)
1843{
1844 struct command *cmd;
1845 struct strbuf buf = STRBUF_INIT;
1846
1847 packet_buf_write(&buf, "unpack %s\n",
1848 unpack_status ? unpack_status : "ok");
1849 for (cmd = commands; cmd; cmd = cmd->next) {
1850 if (!cmd->error_string)
1851 packet_buf_write(&buf, "ok %s\n",
1852 cmd->ref_name);
1853 else
1854 packet_buf_write(&buf, "ng %s %s\n",
1855 cmd->ref_name, cmd->error_string);
1856 }
1857 packet_buf_flush(&buf);
1858
1859 if (use_sideband)
1860 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1861 else
1862 write_or_die(1, buf.buf, buf.len);
1863 strbuf_release(&buf);
1864}
1865
1866static int delete_only(struct command *commands)
1867{
1868 struct command *cmd;
1869 for (cmd = commands; cmd; cmd = cmd->next) {
1870 if (!is_null_sha1(cmd->new_sha1))
1871 return 0;
1872 }
1873 return 1;
1874}
1875
1876int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1877{
1878 int advertise_refs = 0;
1879 struct command *commands;
1880 struct sha1_array shallow = SHA1_ARRAY_INIT;
1881 struct sha1_array ref = SHA1_ARRAY_INIT;
1882 struct shallow_info si;
1883
1884 struct option options[] = {
1885 OPT__QUIET(&quiet, N_("quiet")),
1886 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1887 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1888 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1889 OPT_END()
1890 };
1891
1892 packet_trace_identity("receive-pack");
1893
1894 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1895
1896 if (argc > 1)
1897 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1898 if (argc == 0)
1899 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1900
1901 service_dir = argv[0];
1902
1903 setup_path();
1904
1905 if (!enter_repo(service_dir, 0))
1906 die("'%s' does not appear to be a git repository", service_dir);
1907
1908 git_config(receive_pack_config, NULL);
1909 if (cert_nonce_seed)
1910 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1911
1912 if (0 <= transfer_unpack_limit)
1913 unpack_limit = transfer_unpack_limit;
1914 else if (0 <= receive_unpack_limit)
1915 unpack_limit = receive_unpack_limit;
1916
1917 if (advertise_refs || !stateless_rpc) {
1918 write_head_info();
1919 }
1920 if (advertise_refs)
1921 return 0;
1922
1923 if ((commands = read_head_info(&shallow)) != NULL) {
1924 const char *unpack_status = NULL;
1925 struct string_list push_options = STRING_LIST_INIT_DUP;
1926
1927 if (use_push_options)
1928 read_push_options(&push_options);
1929
1930 prepare_shallow_info(&si, &shallow);
1931 if (!si.nr_ours && !si.nr_theirs)
1932 shallow_update = 0;
1933 if (!delete_only(commands)) {
1934 unpack_status = unpack_with_sideband(&si);
1935 update_shallow_info(commands, &si, &ref);
1936 }
1937 use_keepalive = KEEPALIVE_ALWAYS;
1938 execute_commands(commands, unpack_status, &si,
1939 &push_options);
1940 if (pack_lockfile)
1941 unlink_or_warn(pack_lockfile);
1942 if (report_status)
1943 report(commands, unpack_status);
1944 run_receive_hook(commands, "post-receive", 1,
1945 &push_options);
1946 run_update_post_hook(commands);
1947 string_list_clear(&push_options, 0);
1948 if (auto_gc) {
1949 const char *argv_gc_auto[] = {
1950 "gc", "--auto", "--quiet", NULL,
1951 };
1952 struct child_process proc = CHILD_PROCESS_INIT;
1953
1954 proc.no_stdin = 1;
1955 proc.stdout_to_stderr = 1;
1956 proc.err = use_sideband ? -1 : 0;
1957 proc.git_cmd = 1;
1958 proc.argv = argv_gc_auto;
1959
1960 close_all_packs();
1961 if (!start_command(&proc)) {
1962 if (use_sideband)
1963 copy_to_sideband(proc.err, -1, NULL);
1964 finish_command(&proc);
1965 }
1966 }
1967 if (auto_update_server_info)
1968 update_server_info(0);
1969 clear_shallow_info(&si);
1970 }
1971 if (use_sideband)
1972 packet_flush(1);
1973 sha1_array_clear(&shallow);
1974 sha1_array_clear(&ref);
1975 free((void *)push_cert_nonce);
1976 return 0;
1977}