1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28};
29enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36};
37static int deny_deletes;
39static int deny_non_fast_forwards;
40static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42static int receive_fsck_objects = -1;
43static int transfer_fsck_objects = -1;
44static struct strbuf fsck_msg_types = STRBUF_INIT;
45static int receive_unpack_limit = -1;
46static int transfer_unpack_limit = -1;
47static int advertise_atomic_push = 1;
48static int advertise_push_options;
49static int unpack_limit = 100;
50static off_t max_input_size;
51static int report_status;
52static int use_sideband;
53static int use_atomic;
54static int use_push_options;
55static int quiet;
56static int prefer_ofs_delta = 1;
57static int auto_update_server_info;
58static int auto_gc = 1;
59static int reject_thin;
60static int stateless_rpc;
61static const char *service_dir;
62static const char *head_name;
63static void *head_name_to_free;
64static int sent_capabilities;
65static int shallow_update;
66static const char *alt_shallow_file;
67static struct strbuf push_cert = STRBUF_INIT;
68static unsigned char push_cert_sha1[20];
69static struct signature_check sigcheck;
70static const char *push_cert_nonce;
71static const char *cert_nonce_seed;
72static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74static const char *NONCE_BAD = "BAD";
75static const char *NONCE_MISSING = "MISSING";
76static const char *NONCE_OK = "OK";
77static const char *NONCE_SLOP = "SLOP";
78static const char *nonce_status;
79static long nonce_stamp_slop;
80static unsigned long nonce_stamp_slop_limit;
81static struct ref_transaction *transaction;
82static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87} use_keepalive;
88static int keepalive_in_sec = 5;
89static struct tmp_objdir *tmp_objdir;
91static enum deny_action parse_deny_action(const char *var, const char *value)
93{
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107}
108static int receive_pack_config(const char *var, const char *value, void *cb)
110{
111 int status = parse_hide_refs_config(var, value, "receive");
112 if (status)
114 return status;
115 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223 return git_default_config(var, value, cb);
225}
226static void show_ref(const char *path, const unsigned char *sha1)
228{
229 if (sent_capabilities) {
230 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write_fmt(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250}
251static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254{
255 const char *path = strip_namespace(path_full);
256 if (ref_is_hidden(path, path_full))
258 return 0;
259 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272}
273static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275{
276 show_ref(".have", sha1);
277 return 0;
278}
279static void collect_one_alternate_ref(const char *refname,
281 const struct object_id *oid,
282 void *data)
283{
284 struct sha1_array *sa = data;
285 sha1_array_append(sa, oid->hash);
286}
287static void write_head_info(void)
289{
290 struct sha1_array sa = SHA1_ARRAY_INIT;
291 for_each_alternate_ref(collect_one_alternate_ref, &sa);
293 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
294 sha1_array_clear(&sa);
295 for_each_ref(show_ref_cb, NULL);
296 if (!sent_capabilities)
297 show_ref("capabilities^{}", null_sha1);
298 advertise_shallow_grafts(1);
300 /* EOF */
302 packet_flush(1);
303}
304struct command {
306 struct command *next;
307 const char *error_string;
308 unsigned int skip_update:1,
309 did_not_exist:1;
310 int index;
311 unsigned char old_sha1[20];
312 unsigned char new_sha1[20];
313 char ref_name[FLEX_ARRAY]; /* more */
314};
315static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
317static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
318static void report_message(const char *prefix, const char *err, va_list params)
320{
321 int sz;
322 char msg[4096];
323 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
325 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
326 if (sz > (sizeof(msg) - 1))
327 sz = sizeof(msg) - 1;
328 msg[sz++] = '\n';
329 if (use_sideband)
331 send_sideband(1, 2, msg, sz, use_sideband);
332 else
333 xwrite(2, msg, sz);
334}
335static void rp_warning(const char *err, ...)
337{
338 va_list params;
339 va_start(params, err);
340 report_message("warning: ", err, params);
341 va_end(params);
342}
343static void rp_error(const char *err, ...)
345{
346 va_list params;
347 va_start(params, err);
348 report_message("error: ", err, params);
349 va_end(params);
350}
351static int copy_to_sideband(int in, int out, void *arg)
353{
354 char data[128];
355 int keepalive_active = 0;
356 if (keepalive_in_sec <= 0)
358 use_keepalive = KEEPALIVE_NEVER;
359 if (use_keepalive == KEEPALIVE_ALWAYS)
360 keepalive_active = 1;
361 while (1) {
363 ssize_t sz;
364 if (keepalive_active) {
366 struct pollfd pfd;
367 int ret;
368 pfd.fd = in;
370 pfd.events = POLLIN;
371 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
372 if (ret < 0) {
374 if (errno == EINTR)
375 continue;
376 else
377 break;
378 } else if (ret == 0) {
379 /* no data; send a keepalive packet */
380 static const char buf[] = "0005\1";
381 write_or_die(1, buf, sizeof(buf) - 1);
382 continue;
383 } /* else there is actual data to read */
384 }
385 sz = xread(in, data, sizeof(data));
387 if (sz <= 0)
388 break;
389 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
391 const char *p = memchr(data, '\0', sz);
392 if (p) {
393 /*
394 * The NUL tells us to start sending keepalives. Make
395 * sure we send any other data we read along
396 * with it.
397 */
398 keepalive_active = 1;
399 send_sideband(1, 2, data, p - data, use_sideband);
400 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
401 continue;
402 }
403 }
404 /*
406 * Either we're not looking for a NUL signal, or we didn't see
407 * it yet; just pass along the data.
408 */
409 send_sideband(1, 2, data, sz, use_sideband);
410 }
411 close(in);
412 return 0;
413}
414#define HMAC_BLOCK_SIZE 64
416static void hmac_sha1(unsigned char *out,
418 const char *key_in, size_t key_len,
419 const char *text, size_t text_len)
420{
421 unsigned char key[HMAC_BLOCK_SIZE];
422 unsigned char k_ipad[HMAC_BLOCK_SIZE];
423 unsigned char k_opad[HMAC_BLOCK_SIZE];
424 int i;
425 git_SHA_CTX ctx;
426 /* RFC 2104 2. (1) */
428 memset(key, '\0', HMAC_BLOCK_SIZE);
429 if (HMAC_BLOCK_SIZE < key_len) {
430 git_SHA1_Init(&ctx);
431 git_SHA1_Update(&ctx, key_in, key_len);
432 git_SHA1_Final(key, &ctx);
433 } else {
434 memcpy(key, key_in, key_len);
435 }
436 /* RFC 2104 2. (2) & (5) */
438 for (i = 0; i < sizeof(key); i++) {
439 k_ipad[i] = key[i] ^ 0x36;
440 k_opad[i] = key[i] ^ 0x5c;
441 }
442 /* RFC 2104 2. (3) & (4) */
444 git_SHA1_Init(&ctx);
445 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
446 git_SHA1_Update(&ctx, text, text_len);
447 git_SHA1_Final(out, &ctx);
448 /* RFC 2104 2. (6) & (7) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
452 git_SHA1_Update(&ctx, out, 20);
453 git_SHA1_Final(out, &ctx);
454}
455static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
457{
458 struct strbuf buf = STRBUF_INIT;
459 unsigned char sha1[20];
460 strbuf_addf(&buf, "%s:%lu", path, stamp);
462 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
463 strbuf_release(&buf);
464 /* RFC 2104 5. HMAC-SHA1-80 */
466 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
467 return strbuf_detach(&buf, NULL);
468}
469/*
471 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
472 * after dropping "_commit" from its name and possibly moving it out
473 * of commit.c
474 */
475static char *find_header(const char *msg, size_t len, const char *key)
476{
477 int key_len = strlen(key);
478 const char *line = msg;
479 while (line && line < msg + len) {
481 const char *eol = strchrnul(line, '\n');
482 if ((msg + len <= eol) || line == eol)
484 return NULL;
485 if (line + key_len < eol &&
486 !memcmp(line, key, key_len) && line[key_len] == ' ') {
487 int offset = key_len + 1;
488 return xmemdupz(line + offset, (eol - line) - offset);
489 }
490 line = *eol ? eol + 1 : NULL;
491 }
492 return NULL;
493}
494static const char *check_nonce(const char *buf, size_t len)
496{
497 char *nonce = find_header(buf, len, "nonce");
498 unsigned long stamp, ostamp;
499 char *bohmac, *expect = NULL;
500 const char *retval = NONCE_BAD;
501 if (!nonce) {
503 retval = NONCE_MISSING;
504 goto leave;
505 } else if (!push_cert_nonce) {
506 retval = NONCE_UNSOLICITED;
507 goto leave;
508 } else if (!strcmp(push_cert_nonce, nonce)) {
509 retval = NONCE_OK;
510 goto leave;
511 }
512 if (!stateless_rpc) {
514 /* returned nonce MUST match what we gave out earlier */
515 retval = NONCE_BAD;
516 goto leave;
517 }
518 /*
520 * In stateless mode, we may be receiving a nonce issued by
521 * another instance of the server that serving the same
522 * repository, and the timestamps may not match, but the
523 * nonce-seed and dir should match, so we can recompute and
524 * report the time slop.
525 *
526 * In addition, when a nonce issued by another instance has
527 * timestamp within receive.certnonceslop seconds, we pretend
528 * as if we issued that nonce when reporting to the hook.
529 */
530 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
532 if (*nonce <= '0' || '9' < *nonce) {
533 retval = NONCE_BAD;
534 goto leave;
535 }
536 stamp = strtoul(nonce, &bohmac, 10);
537 if (bohmac == nonce || bohmac[0] != '-') {
538 retval = NONCE_BAD;
539 goto leave;
540 }
541 expect = prepare_push_cert_nonce(service_dir, stamp);
543 if (strcmp(expect, nonce)) {
544 /* Not what we would have signed earlier */
545 retval = NONCE_BAD;
546 goto leave;
547 }
548 /*
550 * By how many seconds is this nonce stale? Negative value
551 * would mean it was issued by another server with its clock
552 * skewed in the future.
553 */
554 ostamp = strtoul(push_cert_nonce, NULL, 10);
555 nonce_stamp_slop = (long)ostamp - (long)stamp;
556 if (nonce_stamp_slop_limit &&
558 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
559 /*
560 * Pretend as if the received nonce (which passes the
561 * HMAC check, so it is not a forged by third-party)
562 * is what we issued.
563 */
564 free((void *)push_cert_nonce);
565 push_cert_nonce = xstrdup(nonce);
566 retval = NONCE_OK;
567 } else {
568 retval = NONCE_SLOP;
569 }
570leave:
572 free(nonce);
573 free(expect);
574 return retval;
575}
576static void prepare_push_cert_sha1(struct child_process *proc)
578{
579 static int already_done;
580 if (!push_cert.len)
582 return;
583 if (!already_done) {
585 struct strbuf gpg_output = STRBUF_INIT;
586 struct strbuf gpg_status = STRBUF_INIT;
587 int bogs /* beginning_of_gpg_sig */;
588 already_done = 1;
590 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
591 hashclr(push_cert_sha1);
592 memset(&sigcheck, '\0', sizeof(sigcheck));
594 sigcheck.result = 'N';
595 bogs = parse_signature(push_cert.buf, push_cert.len);
597 if (verify_signed_buffer(push_cert.buf, bogs,
598 push_cert.buf + bogs, push_cert.len - bogs,
599 &gpg_output, &gpg_status) < 0) {
600 ; /* error running gpg */
601 } else {
602 sigcheck.payload = push_cert.buf;
603 sigcheck.gpg_output = gpg_output.buf;
604 sigcheck.gpg_status = gpg_status.buf;
605 parse_gpg_output(&sigcheck);
606 }
607 strbuf_release(&gpg_output);
609 strbuf_release(&gpg_status);
610 nonce_status = check_nonce(push_cert.buf, bogs);
611 }
612 if (!is_null_sha1(push_cert_sha1)) {
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
614 sha1_to_hex(push_cert_sha1));
615 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
616 sigcheck.signer ? sigcheck.signer : "");
617 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
618 sigcheck.key ? sigcheck.key : "");
619 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
620 sigcheck.result);
621 if (push_cert_nonce) {
622 argv_array_pushf(&proc->env_array,
623 "GIT_PUSH_CERT_NONCE=%s",
624 push_cert_nonce);
625 argv_array_pushf(&proc->env_array,
626 "GIT_PUSH_CERT_NONCE_STATUS=%s",
627 nonce_status);
628 if (nonce_status == NONCE_SLOP)
629 argv_array_pushf(&proc->env_array,
630 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
631 nonce_stamp_slop);
632 }
633 }
634}
635struct receive_hook_feed_state {
637 struct command *cmd;
638 int skip_broken;
639 struct strbuf buf;
640 const struct string_list *push_options;
641};
642typedef int (*feed_fn)(void *, const char **, size_t *);
644static int run_and_feed_hook(const char *hook_name, feed_fn feed,
645 struct receive_hook_feed_state *feed_state)
646{
647 struct child_process proc = CHILD_PROCESS_INIT;
648 struct async muxer;
649 const char *argv[2];
650 int code;
651 argv[0] = find_hook(hook_name);
653 if (!argv[0])
654 return 0;
655 argv[1] = NULL;
657 proc.argv = argv;
659 proc.in = -1;
660 proc.stdout_to_stderr = 1;
661 if (feed_state->push_options) {
662 int i;
663 for (i = 0; i < feed_state->push_options->nr; i++)
664 argv_array_pushf(&proc.env_array,
665 "GIT_PUSH_OPTION_%d=%s", i,
666 feed_state->push_options->items[i].string);
667 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
668 feed_state->push_options->nr);
669 } else
670 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
671 if (tmp_objdir)
673 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
674 if (use_sideband) {
676 memset(&muxer, 0, sizeof(muxer));
677 muxer.proc = copy_to_sideband;
678 muxer.in = -1;
679 code = start_async(&muxer);
680 if (code)
681 return code;
682 proc.err = muxer.in;
683 }
684 prepare_push_cert_sha1(&proc);
686 code = start_command(&proc);
688 if (code) {
689 if (use_sideband)
690 finish_async(&muxer);
691 return code;
692 }
693 sigchain_push(SIGPIPE, SIG_IGN);
695 while (1) {
697 const char *buf;
698 size_t n;
699 if (feed(feed_state, &buf, &n))
700 break;
701 if (write_in_full(proc.in, buf, n) != n)
702 break;
703 }
704 close(proc.in);
705 if (use_sideband)
706 finish_async(&muxer);
707 sigchain_pop(SIGPIPE);
709 return finish_command(&proc);
711}
712static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
714{
715 struct receive_hook_feed_state *state = state_;
716 struct command *cmd = state->cmd;
717 while (cmd &&
719 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
720 cmd = cmd->next;
721 if (!cmd)
722 return -1; /* EOF */
723 strbuf_reset(&state->buf);
724 strbuf_addf(&state->buf, "%s %s %s\n",
725 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
726 cmd->ref_name);
727 state->cmd = cmd->next;
728 if (bufp) {
729 *bufp = state->buf.buf;
730 *sizep = state->buf.len;
731 }
732 return 0;
733}
734static int run_receive_hook(struct command *commands,
736 const char *hook_name,
737 int skip_broken,
738 const struct string_list *push_options)
739{
740 struct receive_hook_feed_state state;
741 int status;
742 strbuf_init(&state.buf, 0);
744 state.cmd = commands;
745 state.skip_broken = skip_broken;
746 if (feed_receive_hook(&state, NULL, NULL))
747 return 0;
748 state.cmd = commands;
749 state.push_options = push_options;
750 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
751 strbuf_release(&state.buf);
752 return status;
753}
754static int run_update_hook(struct command *cmd)
756{
757 const char *argv[5];
758 struct child_process proc = CHILD_PROCESS_INIT;
759 int code;
760 argv[0] = find_hook("update");
762 if (!argv[0])
763 return 0;
764 argv[1] = cmd->ref_name;
766 argv[2] = sha1_to_hex(cmd->old_sha1);
767 argv[3] = sha1_to_hex(cmd->new_sha1);
768 argv[4] = NULL;
769 proc.no_stdin = 1;
771 proc.stdout_to_stderr = 1;
772 proc.err = use_sideband ? -1 : 0;
773 proc.argv = argv;
774 proc.env = tmp_objdir_env(tmp_objdir);
775 code = start_command(&proc);
777 if (code)
778 return code;
779 if (use_sideband)
780 copy_to_sideband(proc.err, -1, NULL);
781 return finish_command(&proc);
782}
783static int is_ref_checked_out(const char *ref)
785{
786 if (is_bare_repository())
787 return 0;
788 if (!head_name)
790 return 0;
791 return !strcmp(head_name, ref);
792}
793static char *refuse_unconfigured_deny_msg =
795 N_("By default, updating the current branch in a non-bare repository\n"
796 "is denied, because it will make the index and work tree inconsistent\n"
797 "with what you pushed, and will require 'git reset --hard' to match\n"
798 "the work tree to HEAD.\n"
799 "\n"
800 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
801 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
802 "its current branch; however, this is not recommended unless you\n"
803 "arranged to update its work tree to match what you pushed in some\n"
804 "other way.\n"
805 "\n"
806 "To squelch this message and still keep the default behaviour, set\n"
807 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
808static void refuse_unconfigured_deny(void)
810{
811 rp_error("%s", _(refuse_unconfigured_deny_msg));
812}
813static char *refuse_unconfigured_deny_delete_current_msg =
815 N_("By default, deleting the current branch is denied, because the next\n"
816 "'git clone' won't result in any file checked out, causing confusion.\n"
817 "\n"
818 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
819 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
820 "current branch, with or without a warning message.\n"
821 "\n"
822 "To squelch this message, you can set it to 'refuse'.");
823static void refuse_unconfigured_deny_delete_current(void)
825{
826 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
827}
828static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
830static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
831{
832 static struct lock_file shallow_lock;
833 struct sha1_array extra = SHA1_ARRAY_INIT;
834 struct check_connected_options opt = CHECK_CONNECTED_INIT;
835 uint32_t mask = 1 << (cmd->index % 32);
836 int i;
837 trace_printf_key(&trace_shallow,
839 "shallow: update_shallow_ref %s\n", cmd->ref_name);
840 for (i = 0; i < si->shallow->nr; i++)
841 if (si->used_shallow[i] &&
842 (si->used_shallow[i][cmd->index / 32] & mask) &&
843 !delayed_reachability_test(si, i))
844 sha1_array_append(&extra, si->shallow->sha1[i]);
845 opt.env = tmp_objdir_env(tmp_objdir);
847 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
848 if (check_connected(command_singleton_iterator, cmd, &opt)) {
849 rollback_lock_file(&shallow_lock);
850 sha1_array_clear(&extra);
851 return -1;
852 }
853 commit_lock_file(&shallow_lock);
855 /*
857 * Make sure setup_alternate_shallow() for the next ref does
858 * not lose these new roots..
859 */
860 for (i = 0; i < extra.nr; i++)
861 register_shallow(extra.sha1[i]);
862 si->shallow_ref[cmd->index] = 0;
864 sha1_array_clear(&extra);
865 return 0;
866}
867/*
869 * NEEDSWORK: we should consolidate various implementions of "are we
870 * on an unborn branch?" test into one, and make the unified one more
871 * robust. !get_sha1() based check used here and elsewhere would not
872 * allow us to tell an unborn branch from corrupt ref, for example.
873 * For the purpose of fixing "deploy-to-update does not work when
874 * pushing into an empty repository" issue, this should suffice for
875 * now.
876 */
877static int head_has_history(void)
878{
879 unsigned char sha1[20];
880 return !get_sha1("HEAD", sha1);
882}
883static const char *push_to_deploy(unsigned char *sha1,
885 struct argv_array *env,
886 const char *work_tree)
887{
888 const char *update_refresh[] = {
889 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
890 };
891 const char *diff_files[] = {
892 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
893 };
894 const char *diff_index[] = {
895 "diff-index", "--quiet", "--cached", "--ignore-submodules",
896 NULL, "--", NULL
897 };
898 const char *read_tree[] = {
899 "read-tree", "-u", "-m", NULL, NULL
900 };
901 struct child_process child = CHILD_PROCESS_INIT;
902 child.argv = update_refresh;
904 child.env = env->argv;
905 child.dir = work_tree;
906 child.no_stdin = 1;
907 child.stdout_to_stderr = 1;
908 child.git_cmd = 1;
909 if (run_command(&child))
910 return "Up-to-date check failed";
911 /* run_command() does not clean up completely; reinitialize */
913 child_process_init(&child);
914 child.argv = diff_files;
915 child.env = env->argv;
916 child.dir = work_tree;
917 child.no_stdin = 1;
918 child.stdout_to_stderr = 1;
919 child.git_cmd = 1;
920 if (run_command(&child))
921 return "Working directory has unstaged changes";
922 /* diff-index with either HEAD or an empty tree */
924 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
925 child_process_init(&child);
927 child.argv = diff_index;
928 child.env = env->argv;
929 child.no_stdin = 1;
930 child.no_stdout = 1;
931 child.stdout_to_stderr = 0;
932 child.git_cmd = 1;
933 if (run_command(&child))
934 return "Working directory has staged changes";
935 read_tree[3] = sha1_to_hex(sha1);
937 child_process_init(&child);
938 child.argv = read_tree;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.no_stdout = 1;
943 child.stdout_to_stderr = 0;
944 child.git_cmd = 1;
945 if (run_command(&child))
946 return "Could not update working tree to new HEAD";
947 return NULL;
949}
950static const char *push_to_checkout_hook = "push-to-checkout";
952static const char *push_to_checkout(unsigned char *sha1,
954 struct argv_array *env,
955 const char *work_tree)
956{
957 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
958 if (run_hook_le(env->argv, push_to_checkout_hook,
959 sha1_to_hex(sha1), NULL))
960 return "push-to-checkout hook declined";
961 else
962 return NULL;
963}
964static const char *update_worktree(unsigned char *sha1)
966{
967 const char *retval;
968 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
969 struct argv_array env = ARGV_ARRAY_INIT;
970 if (is_bare_repository())
972 return "denyCurrentBranch = updateInstead needs a worktree";
973 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
975 if (!find_hook(push_to_checkout_hook))
977 retval = push_to_deploy(sha1, &env, work_tree);
978 else
979 retval = push_to_checkout(sha1, &env, work_tree);
980 argv_array_clear(&env);
982 return retval;
983}
984static const char *update(struct command *cmd, struct shallow_info *si)
986{
987 const char *name = cmd->ref_name;
988 struct strbuf namespaced_name_buf = STRBUF_INIT;
989 const char *namespaced_name, *ret;
990 unsigned char *old_sha1 = cmd->old_sha1;
991 unsigned char *new_sha1 = cmd->new_sha1;
992 /* only refs/... are allowed */
994 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
995 rp_error("refusing to create funny ref '%s' remotely", name);
996 return "funny refname";
997 }
998 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1000 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1001 if (is_ref_checked_out(namespaced_name)) {
1003 switch (deny_current_branch) {
1004 case DENY_IGNORE:
1005 break;
1006 case DENY_WARN:
1007 rp_warning("updating the current branch");
1008 break;
1009 case DENY_REFUSE:
1010 case DENY_UNCONFIGURED:
1011 rp_error("refusing to update checked out branch: %s", name);
1012 if (deny_current_branch == DENY_UNCONFIGURED)
1013 refuse_unconfigured_deny();
1014 return "branch is currently checked out";
1015 case DENY_UPDATE_INSTEAD:
1016 ret = update_worktree(new_sha1);
1017 if (ret)
1018 return ret;
1019 break;
1020 }
1021 }
1022 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1024 error("unpack should have generated %s, "
1025 "but I can't find it!", sha1_to_hex(new_sha1));
1026 return "bad pack";
1027 }
1028 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1030 if (deny_deletes && starts_with(name, "refs/heads/")) {
1031 rp_error("denying ref deletion for %s", name);
1032 return "deletion prohibited";
1033 }
1034 if (head_name && !strcmp(namespaced_name, head_name)) {
1036 switch (deny_delete_current) {
1037 case DENY_IGNORE:
1038 break;
1039 case DENY_WARN:
1040 rp_warning("deleting the current branch");
1041 break;
1042 case DENY_REFUSE:
1043 case DENY_UNCONFIGURED:
1044 case DENY_UPDATE_INSTEAD:
1045 if (deny_delete_current == DENY_UNCONFIGURED)
1046 refuse_unconfigured_deny_delete_current();
1047 rp_error("refusing to delete the current branch: %s", name);
1048 return "deletion of the current branch prohibited";
1049 default:
1050 return "Invalid denyDeleteCurrent setting";
1051 }
1052 }
1053 }
1054 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1056 !is_null_sha1(old_sha1) &&
1057 starts_with(name, "refs/heads/")) {
1058 struct object *old_object, *new_object;
1059 struct commit *old_commit, *new_commit;
1060 old_object = parse_object(old_sha1);
1062 new_object = parse_object(new_sha1);
1063 if (!old_object || !new_object ||
1065 old_object->type != OBJ_COMMIT ||
1066 new_object->type != OBJ_COMMIT) {
1067 error("bad sha1 objects for %s", name);
1068 return "bad ref";
1069 }
1070 old_commit = (struct commit *)old_object;
1071 new_commit = (struct commit *)new_object;
1072 if (!in_merge_bases(old_commit, new_commit)) {
1073 rp_error("denying non-fast-forward %s"
1074 " (you should pull first)", name);
1075 return "non-fast-forward";
1076 }
1077 }
1078 if (run_update_hook(cmd)) {
1079 rp_error("hook declined to update %s", name);
1080 return "hook declined";
1081 }
1082 if (is_null_sha1(new_sha1)) {
1084 struct strbuf err = STRBUF_INIT;
1085 if (!parse_object(old_sha1)) {
1086 old_sha1 = NULL;
1087 if (ref_exists(name)) {
1088 rp_warning("Allowing deletion of corrupt ref.");
1089 } else {
1090 rp_warning("Deleting a non-existent ref.");
1091 cmd->did_not_exist = 1;
1092 }
1093 }
1094 if (ref_transaction_delete(transaction,
1095 namespaced_name,
1096 old_sha1,
1097 0, "push", &err)) {
1098 rp_error("%s", err.buf);
1099 strbuf_release(&err);
1100 return "failed to delete";
1101 }
1102 strbuf_release(&err);
1103 return NULL; /* good */
1104 }
1105 else {
1106 struct strbuf err = STRBUF_INIT;
1107 if (shallow_update && si->shallow_ref[cmd->index] &&
1108 update_shallow_ref(cmd, si))
1109 return "shallow error";
1110 if (ref_transaction_update(transaction,
1112 namespaced_name,
1113 new_sha1, old_sha1,
1114 0, "push",
1115 &err)) {
1116 rp_error("%s", err.buf);
1117 strbuf_release(&err);
1118 return "failed to update ref";
1120 }
1121 strbuf_release(&err);
1122 return NULL; /* good */
1124 }
1125}
1126static void run_update_post_hook(struct command *commands)
1128{
1129 struct command *cmd;
1130 int argc;
1131 struct child_process proc = CHILD_PROCESS_INIT;
1132 const char *hook;
1133 hook = find_hook("post-update");
1135 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1136 if (cmd->error_string || cmd->did_not_exist)
1137 continue;
1138 argc++;
1139 }
1140 if (!argc || !hook)
1141 return;
1142 argv_array_push(&proc.args, hook);
1144 for (cmd = commands; cmd; cmd = cmd->next) {
1145 if (cmd->error_string || cmd->did_not_exist)
1146 continue;
1147 argv_array_push(&proc.args, cmd->ref_name);
1148 }
1149 proc.no_stdin = 1;
1151 proc.stdout_to_stderr = 1;
1152 proc.err = use_sideband ? -1 : 0;
1153 if (!start_command(&proc)) {
1155 if (use_sideband)
1156 copy_to_sideband(proc.err, -1, NULL);
1157 finish_command(&proc);
1158 }
1159}
1160static void check_aliased_update(struct command *cmd, struct string_list *list)
1162{
1163 struct strbuf buf = STRBUF_INIT;
1164 const char *dst_name;
1165 struct string_list_item *item;
1166 struct command *dst_cmd;
1167 unsigned char sha1[GIT_SHA1_RAWSZ];
1168 int flag;
1169 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1171 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1172 strbuf_release(&buf);
1173 if (!(flag & REF_ISSYMREF))
1175 return;
1176 if (!dst_name) {
1178 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1179 cmd->skip_update = 1;
1180 cmd->error_string = "broken symref";
1181 return;
1182 }
1183 dst_name = strip_namespace(dst_name);
1184 if ((item = string_list_lookup(list, dst_name)) == NULL)
1186 return;
1187 cmd->skip_update = 1;
1189 dst_cmd = (struct command *) item->util;
1191 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1193 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1194 return;
1195 dst_cmd->skip_update = 1;
1197 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1199 " its target '%s' (%s..%s)",
1200 cmd->ref_name,
1201 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1202 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1203 dst_cmd->ref_name,
1204 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1205 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1206 cmd->error_string = dst_cmd->error_string =
1208 "inconsistent aliased update";
1209}
1210static void check_aliased_updates(struct command *commands)
1212{
1213 struct command *cmd;
1214 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1215 for (cmd = commands; cmd; cmd = cmd->next) {
1217 struct string_list_item *item =
1218 string_list_append(&ref_list, cmd->ref_name);
1219 item->util = (void *)cmd;
1220 }
1221 string_list_sort(&ref_list);
1222 for (cmd = commands; cmd; cmd = cmd->next) {
1224 if (!cmd->error_string)
1225 check_aliased_update(cmd, &ref_list);
1226 }
1227 string_list_clear(&ref_list, 0);
1229}
1230static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1232{
1233 struct command **cmd_list = cb_data;
1234 struct command *cmd = *cmd_list;
1235 if (!cmd || is_null_sha1(cmd->new_sha1))
1237 return -1; /* end of list */
1238 *cmd_list = NULL; /* this returns only one */
1239 hashcpy(sha1, cmd->new_sha1);
1240 return 0;
1241}
1242static void set_connectivity_errors(struct command *commands,
1244 struct shallow_info *si)
1245{
1246 struct command *cmd;
1247 for (cmd = commands; cmd; cmd = cmd->next) {
1249 struct command *singleton = cmd;
1250 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1251 if (shallow_update && si->shallow_ref[cmd->index])
1253 /* to be checked in update_shallow_ref() */
1254 continue;
1255 opt.env = tmp_objdir_env(tmp_objdir);
1257 if (!check_connected(command_singleton_iterator, &singleton,
1258 &opt))
1259 continue;
1260 cmd->error_string = "missing necessary objects";
1262 }
1263}
1264struct iterate_data {
1266 struct command *cmds;
1267 struct shallow_info *si;
1268};
1269static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1271{
1272 struct iterate_data *data = cb_data;
1273 struct command **cmd_list = &data->cmds;
1274 struct command *cmd = *cmd_list;
1275 for (; cmd; cmd = cmd->next) {
1277 if (shallow_update && data->si->shallow_ref[cmd->index])
1278 /* to be checked in update_shallow_ref() */
1279 continue;
1280 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1281 hashcpy(sha1, cmd->new_sha1);
1282 *cmd_list = cmd->next;
1283 return 0;
1284 }
1285 }
1286 *cmd_list = NULL;
1287 return -1; /* end of list */
1288}
1289static void reject_updates_to_hidden(struct command *commands)
1291{
1292 struct strbuf refname_full = STRBUF_INIT;
1293 size_t prefix_len;
1294 struct command *cmd;
1295 strbuf_addstr(&refname_full, get_git_namespace());
1297 prefix_len = refname_full.len;
1298 for (cmd = commands; cmd; cmd = cmd->next) {
1300 if (cmd->error_string)
1301 continue;
1302 strbuf_setlen(&refname_full, prefix_len);
1304 strbuf_addstr(&refname_full, cmd->ref_name);
1305 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1307 continue;
1308 if (is_null_sha1(cmd->new_sha1))
1309 cmd->error_string = "deny deleting a hidden ref";
1310 else
1311 cmd->error_string = "deny updating a hidden ref";
1312 }
1313 strbuf_release(&refname_full);
1315}
1316static int should_process_cmd(struct command *cmd)
1318{
1319 return !cmd->error_string && !cmd->skip_update;
1320}
1321static void warn_if_skipped_connectivity_check(struct command *commands,
1323 struct shallow_info *si)
1324{
1325 struct command *cmd;
1326 int checked_connectivity = 1;
1327 for (cmd = commands; cmd; cmd = cmd->next) {
1329 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1330 error("BUG: connectivity check has not been run on ref %s",
1331 cmd->ref_name);
1332 checked_connectivity = 0;
1333 }
1334 }
1335 if (!checked_connectivity)
1336 die("BUG: connectivity check skipped???");
1337}
1338static void execute_commands_non_atomic(struct command *commands,
1340 struct shallow_info *si)
1341{
1342 struct command *cmd;
1343 struct strbuf err = STRBUF_INIT;
1344 for (cmd = commands; cmd; cmd = cmd->next) {
1346 if (!should_process_cmd(cmd))
1347 continue;
1348 transaction = ref_transaction_begin(&err);
1350 if (!transaction) {
1351 rp_error("%s", err.buf);
1352 strbuf_reset(&err);
1353 cmd->error_string = "transaction failed to start";
1354 continue;
1355 }
1356 cmd->error_string = update(cmd, si);
1358 if (!cmd->error_string
1360 && ref_transaction_commit(transaction, &err)) {
1361 rp_error("%s", err.buf);
1362 strbuf_reset(&err);
1363 cmd->error_string = "failed to update ref";
1364 }
1365 ref_transaction_free(transaction);
1366 }
1367 strbuf_release(&err);
1368}
1369static void execute_commands_atomic(struct command *commands,
1371 struct shallow_info *si)
1372{
1373 struct command *cmd;
1374 struct strbuf err = STRBUF_INIT;
1375 const char *reported_error = "atomic push failure";
1376 transaction = ref_transaction_begin(&err);
1378 if (!transaction) {
1379 rp_error("%s", err.buf);
1380 strbuf_reset(&err);
1381 reported_error = "transaction failed to start";
1382 goto failure;
1383 }
1384 for (cmd = commands; cmd; cmd = cmd->next) {
1386 if (!should_process_cmd(cmd))
1387 continue;
1388 cmd->error_string = update(cmd, si);
1390 if (cmd->error_string)
1392 goto failure;
1393 }
1394 if (ref_transaction_commit(transaction, &err)) {
1396 rp_error("%s", err.buf);
1397 reported_error = "atomic transaction failed";
1398 goto failure;
1399 }
1400 goto cleanup;
1401failure:
1403 for (cmd = commands; cmd; cmd = cmd->next)
1404 if (!cmd->error_string)
1405 cmd->error_string = reported_error;
1406cleanup:
1408 ref_transaction_free(transaction);
1409 strbuf_release(&err);
1410}
1411static void execute_commands(struct command *commands,
1413 const char *unpacker_error,
1414 struct shallow_info *si,
1415 const struct string_list *push_options)
1416{
1417 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1418 struct command *cmd;
1419 unsigned char sha1[20];
1420 struct iterate_data data;
1421 struct async muxer;
1422 int err_fd = 0;
1423 if (unpacker_error) {
1425 for (cmd = commands; cmd; cmd = cmd->next)
1426 cmd->error_string = "unpacker error";
1427 return;
1428 }
1429 if (use_sideband) {
1431 memset(&muxer, 0, sizeof(muxer));
1432 muxer.proc = copy_to_sideband;
1433 muxer.in = -1;
1434 if (!start_async(&muxer))
1435 err_fd = muxer.in;
1436 /* ...else, continue without relaying sideband */
1437 }
1438 data.cmds = commands;
1440 data.si = si;
1441 opt.err_fd = err_fd;
1442 opt.progress = err_fd && !quiet;
1443 opt.env = tmp_objdir_env(tmp_objdir);
1444 if (check_connected(iterate_receive_command_list, &data, &opt))
1445 set_connectivity_errors(commands, si);
1446 if (use_sideband)
1448 finish_async(&muxer);
1449 reject_updates_to_hidden(commands);
1451 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1453 for (cmd = commands; cmd; cmd = cmd->next) {
1454 if (!cmd->error_string)
1455 cmd->error_string = "pre-receive hook declined";
1456 }
1457 return;
1458 }
1459 /*
1461 * Now we'll start writing out refs, which means the objects need
1462 * to be in their final positions so that other processes can see them.
1463 */
1464 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1465 for (cmd = commands; cmd; cmd = cmd->next) {
1466 if (!cmd->error_string)
1467 cmd->error_string = "unable to migrate objects to permanent storage";
1468 }
1469 return;
1470 }
1471 tmp_objdir = NULL;
1472 check_aliased_updates(commands);
1474 free(head_name_to_free);
1476 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1477 if (use_atomic)
1479 execute_commands_atomic(commands, si);
1480 else
1481 execute_commands_non_atomic(commands, si);
1482 if (shallow_update)
1484 warn_if_skipped_connectivity_check(commands, si);
1485}
1486static struct command **queue_command(struct command **tail,
1488 const char *line,
1489 int linelen)
1490{
1491 unsigned char old_sha1[20], new_sha1[20];
1492 struct command *cmd;
1493 const char *refname;
1494 int reflen;
1495 if (linelen < 83 ||
1497 line[40] != ' ' ||
1498 line[81] != ' ' ||
1499 get_sha1_hex(line, old_sha1) ||
1500 get_sha1_hex(line + 41, new_sha1))
1501 die("protocol error: expected old/new/ref, got '%s'", line);
1502 refname = line + 82;
1504 reflen = linelen - 82;
1505 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1506 hashcpy(cmd->old_sha1, old_sha1);
1507 hashcpy(cmd->new_sha1, new_sha1);
1508 *tail = cmd;
1509 return &cmd->next;
1510}
1511static void queue_commands_from_cert(struct command **tail,
1513 struct strbuf *push_cert)
1514{
1515 const char *boc, *eoc;
1516 if (*tail)
1518 die("protocol error: got both push certificate and unsigned commands");
1519 boc = strstr(push_cert->buf, "\n\n");
1521 if (!boc)
1522 die("malformed push certificate %.*s", 100, push_cert->buf);
1523 else
1524 boc += 2;
1525 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1526 while (boc < eoc) {
1528 const char *eol = memchr(boc, '\n', eoc - boc);
1529 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1530 boc = eol ? eol + 1 : eoc;
1531 }
1532}
1533static struct command *read_head_info(struct sha1_array *shallow)
1535{
1536 struct command *commands = NULL;
1537 struct command **p = &commands;
1538 for (;;) {
1539 char *line;
1540 int len, linelen;
1541 line = packet_read_line(0, &len);
1543 if (!line)
1544 break;
1545 if (len == 48 && starts_with(line, "shallow ")) {
1547 unsigned char sha1[20];
1548 if (get_sha1_hex(line + 8, sha1))
1549 die("protocol error: expected shallow sha, got '%s'",
1550 line + 8);
1551 sha1_array_append(shallow, sha1);
1552 continue;
1553 }
1554 linelen = strlen(line);
1556 if (linelen < len) {
1557 const char *feature_list = line + linelen + 1;
1558 if (parse_feature_request(feature_list, "report-status"))
1559 report_status = 1;
1560 if (parse_feature_request(feature_list, "side-band-64k"))
1561 use_sideband = LARGE_PACKET_MAX;
1562 if (parse_feature_request(feature_list, "quiet"))
1563 quiet = 1;
1564 if (advertise_atomic_push
1565 && parse_feature_request(feature_list, "atomic"))
1566 use_atomic = 1;
1567 if (advertise_push_options
1568 && parse_feature_request(feature_list, "push-options"))
1569 use_push_options = 1;
1570 }
1571 if (!strcmp(line, "push-cert")) {
1573 int true_flush = 0;
1574 char certbuf[1024];
1575 for (;;) {
1577 len = packet_read(0, NULL, NULL,
1578 certbuf, sizeof(certbuf), 0);
1579 if (!len) {
1580 true_flush = 1;
1581 break;
1582 }
1583 if (!strcmp(certbuf, "push-cert-end\n"))
1584 break; /* end of cert */
1585 strbuf_addstr(&push_cert, certbuf);
1586 }
1587 if (true_flush)
1589 break;
1590 continue;
1591 }
1592 p = queue_command(p, line, linelen);
1594 }
1595 if (push_cert.len)
1597 queue_commands_from_cert(p, &push_cert);
1598 return commands;
1600}
1601static void read_push_options(struct string_list *options)
1603{
1604 while (1) {
1605 char *line;
1606 int len;
1607 line = packet_read_line(0, &len);
1609 if (!line)
1611 break;
1612 string_list_append(options, line);
1614 }
1615}
1616static const char *parse_pack_header(struct pack_header *hdr)
1618{
1619 switch (read_pack_header(0, hdr)) {
1620 case PH_ERROR_EOF:
1621 return "eof before pack header was fully read";
1622 case PH_ERROR_PACK_SIGNATURE:
1624 return "protocol error (pack signature mismatch detected)";
1625 case PH_ERROR_PROTOCOL:
1627 return "protocol error (pack version unsupported)";
1628 default:
1630 return "unknown error in parse_pack_header";
1631 case 0:
1633 return NULL;
1634 }
1635}
1636static const char *pack_lockfile;
1638static const char *unpack(int err_fd, struct shallow_info *si)
1640{
1641 struct pack_header hdr;
1642 const char *hdr_err;
1643 int status;
1644 char hdr_arg[38];
1645 struct child_process child = CHILD_PROCESS_INIT;
1646 int fsck_objects = (receive_fsck_objects >= 0
1647 ? receive_fsck_objects
1648 : transfer_fsck_objects >= 0
1649 ? transfer_fsck_objects
1650 : 0);
1651 hdr_err = parse_pack_header(&hdr);
1653 if (hdr_err) {
1654 if (err_fd > 0)
1655 close(err_fd);
1656 return hdr_err;
1657 }
1658 snprintf(hdr_arg, sizeof(hdr_arg),
1659 "--pack_header=%"PRIu32",%"PRIu32,
1660 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1661 if (si->nr_ours || si->nr_theirs) {
1663 alt_shallow_file = setup_temporary_shallow(si->shallow);
1664 argv_array_push(&child.args, "--shallow-file");
1665 argv_array_push(&child.args, alt_shallow_file);
1666 }
1667 tmp_objdir = tmp_objdir_create();
1669 if (!tmp_objdir)
1670 return "unable to create temporary object directory";
1671 child.env = tmp_objdir_env(tmp_objdir);
1672 /*
1674 * Normally we just pass the tmp_objdir environment to the child
1675 * processes that do the heavy lifting, but we may need to see these
1676 * objects ourselves to set up shallow information.
1677 */
1678 tmp_objdir_add_as_alternate(tmp_objdir);
1679 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1681 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1682 if (quiet)
1683 argv_array_push(&child.args, "-q");
1684 if (fsck_objects)
1685 argv_array_pushf(&child.args, "--strict%s",
1686 fsck_msg_types.buf);
1687 if (max_input_size)
1688 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1689 (uintmax_t)max_input_size);
1690 child.no_stdout = 1;
1691 child.err = err_fd;
1692 child.git_cmd = 1;
1693 status = run_command(&child);
1694 if (status)
1695 return "unpack-objects abnormal exit";
1696 } else {
1697 char hostname[256];
1698 argv_array_pushl(&child.args, "index-pack",
1700 "--stdin", hdr_arg, NULL);
1701 if (gethostname(hostname, sizeof(hostname)))
1703 xsnprintf(hostname, sizeof(hostname), "localhost");
1704 argv_array_pushf(&child.args,
1705 "--keep=receive-pack %"PRIuMAX" on %s",
1706 (uintmax_t)getpid(),
1707 hostname);
1708 if (!quiet && err_fd)
1710 argv_array_push(&child.args, "--show-resolving-progress");
1711 if (use_sideband)
1712 argv_array_push(&child.args, "--report-end-of-input");
1713 if (fsck_objects)
1714 argv_array_pushf(&child.args, "--strict%s",
1715 fsck_msg_types.buf);
1716 if (!reject_thin)
1717 argv_array_push(&child.args, "--fix-thin");
1718 if (max_input_size)
1719 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1720 (uintmax_t)max_input_size);
1721 child.out = -1;
1722 child.err = err_fd;
1723 child.git_cmd = 1;
1724 status = start_command(&child);
1725 if (status)
1726 return "index-pack fork failed";
1727 pack_lockfile = index_pack_lockfile(child.out);
1728 close(child.out);
1729 status = finish_command(&child);
1730 if (status)
1731 return "index-pack abnormal exit";
1732 reprepare_packed_git();
1733 }
1734 return NULL;
1735}
1736static const char *unpack_with_sideband(struct shallow_info *si)
1738{
1739 struct async muxer;
1740 const char *ret;
1741 if (!use_sideband)
1743 return unpack(0, si);
1744 use_keepalive = KEEPALIVE_AFTER_NUL;
1746 memset(&muxer, 0, sizeof(muxer));
1747 muxer.proc = copy_to_sideband;
1748 muxer.in = -1;
1749 if (start_async(&muxer))
1750 return NULL;
1751 ret = unpack(muxer.in, si);
1753 finish_async(&muxer);
1755 return ret;
1756}
1757static void prepare_shallow_update(struct command *commands,
1759 struct shallow_info *si)
1760{
1761 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1762 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1764 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1765 si->need_reachability_test =
1767 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1768 si->reachable =
1769 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1770 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1771 for (i = 0; i < si->nr_ours; i++)
1773 si->need_reachability_test[si->ours[i]] = 1;
1774 for (i = 0; i < si->shallow->nr; i++) {
1776 if (!si->used_shallow[i])
1777 continue;
1778 for (j = 0; j < bitmap_size; j++) {
1779 if (!si->used_shallow[i][j])
1780 continue;
1781 si->need_reachability_test[i]++;
1782 for (k = 0; k < 32; k++)
1783 if (si->used_shallow[i][j] & (1U << k))
1784 si->shallow_ref[j * 32 + k]++;
1785 }
1786 /*
1788 * true for those associated with some refs and belong
1789 * in "ours" list aka "step 7 not done yet"
1790 */
1791 si->need_reachability_test[i] =
1792 si->need_reachability_test[i] > 1;
1793 }
1794 /*
1796 * keep hooks happy by forcing a temporary shallow file via
1797 * env variable because we can't add --shallow-file to every
1798 * command. check_everything_connected() will be done with
1799 * true .git/shallow though.
1800 */
1801 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1802}
1803static void update_shallow_info(struct command *commands,
1805 struct shallow_info *si,
1806 struct sha1_array *ref)
1807{
1808 struct command *cmd;
1809 int *ref_status;
1810 remove_nonexistent_theirs_shallow(si);
1811 if (!si->nr_ours && !si->nr_theirs) {
1812 shallow_update = 0;
1813 return;
1814 }
1815 for (cmd = commands; cmd; cmd = cmd->next) {
1817 if (is_null_sha1(cmd->new_sha1))
1818 continue;
1819 sha1_array_append(ref, cmd->new_sha1);
1820 cmd->index = ref->nr - 1;
1821 }
1822 si->ref = ref;
1823 if (shallow_update) {
1825 prepare_shallow_update(commands, si);
1826 return;
1827 }
1828 ALLOC_ARRAY(ref_status, ref->nr);
1830 assign_shallow_commits_to_refs(si, NULL, ref_status);
1831 for (cmd = commands; cmd; cmd = cmd->next) {
1832 if (is_null_sha1(cmd->new_sha1))
1833 continue;
1834 if (ref_status[cmd->index]) {
1835 cmd->error_string = "shallow update not allowed";
1836 cmd->skip_update = 1;
1837 }
1838 }
1839 free(ref_status);
1840}
1841static void report(struct command *commands, const char *unpack_status)
1843{
1844 struct command *cmd;
1845 struct strbuf buf = STRBUF_INIT;
1846 packet_buf_write(&buf, "unpack %s\n",
1848 unpack_status ? unpack_status : "ok");
1849 for (cmd = commands; cmd; cmd = cmd->next) {
1850 if (!cmd->error_string)
1851 packet_buf_write(&buf, "ok %s\n",
1852 cmd->ref_name);
1853 else
1854 packet_buf_write(&buf, "ng %s %s\n",
1855 cmd->ref_name, cmd->error_string);
1856 }
1857 packet_buf_flush(&buf);
1858 if (use_sideband)
1860 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1861 else
1862 write_or_die(1, buf.buf, buf.len);
1863 strbuf_release(&buf);
1864}
1865static int delete_only(struct command *commands)
1867{
1868 struct command *cmd;
1869 for (cmd = commands; cmd; cmd = cmd->next) {
1870 if (!is_null_sha1(cmd->new_sha1))
1871 return 0;
1872 }
1873 return 1;
1874}
1875int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1877{
1878 int advertise_refs = 0;
1879 struct command *commands;
1880 struct sha1_array shallow = SHA1_ARRAY_INIT;
1881 struct sha1_array ref = SHA1_ARRAY_INIT;
1882 struct shallow_info si;
1883 struct option options[] = {
1885 OPT__QUIET(&quiet, N_("quiet")),
1886 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1887 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1888 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1889 OPT_END()
1890 };
1891 packet_trace_identity("receive-pack");
1893 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1895 if (argc > 1)
1897 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1898 if (argc == 0)
1899 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1900 service_dir = argv[0];
1902 setup_path();
1904 if (!enter_repo(service_dir, 0))
1906 die("'%s' does not appear to be a git repository", service_dir);
1907 git_config(receive_pack_config, NULL);
1909 if (cert_nonce_seed)
1910 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1911 if (0 <= transfer_unpack_limit)
1913 unpack_limit = transfer_unpack_limit;
1914 else if (0 <= receive_unpack_limit)
1915 unpack_limit = receive_unpack_limit;
1916 if (advertise_refs || !stateless_rpc) {
1918 write_head_info();
1919 }
1920 if (advertise_refs)
1921 return 0;
1922 if ((commands = read_head_info(&shallow)) != NULL) {
1924 const char *unpack_status = NULL;
1925 struct string_list push_options = STRING_LIST_INIT_DUP;
1926 if (use_push_options)
1928 read_push_options(&push_options);
1929 prepare_shallow_info(&si, &shallow);
1931 if (!si.nr_ours && !si.nr_theirs)
1932 shallow_update = 0;
1933 if (!delete_only(commands)) {
1934 unpack_status = unpack_with_sideband(&si);
1935 update_shallow_info(commands, &si, &ref);
1936 }
1937 use_keepalive = KEEPALIVE_ALWAYS;
1938 execute_commands(commands, unpack_status, &si,
1939 &push_options);
1940 if (pack_lockfile)
1941 unlink_or_warn(pack_lockfile);
1942 if (report_status)
1943 report(commands, unpack_status);
1944 run_receive_hook(commands, "post-receive", 1,
1945 &push_options);
1946 run_update_post_hook(commands);
1947 string_list_clear(&push_options, 0);
1948 if (auto_gc) {
1949 const char *argv_gc_auto[] = {
1950 "gc", "--auto", "--quiet", NULL,
1951 };
1952 struct child_process proc = CHILD_PROCESS_INIT;
1953 proc.no_stdin = 1;
1955 proc.stdout_to_stderr = 1;
1956 proc.err = use_sideband ? -1 : 0;
1957 proc.git_cmd = 1;
1958 proc.argv = argv_gc_auto;
1959 close_all_packs();
1961 if (!start_command(&proc)) {
1962 if (use_sideband)
1963 copy_to_sideband(proc.err, -1, NULL);
1964 finish_command(&proc);
1965 }
1966 }
1967 if (auto_update_server_info)
1968 update_server_info(0);
1969 clear_shallow_info(&si);
1970 }
1971 if (use_sideband)
1972 packet_flush(1);
1973 sha1_array_clear(&shallow);
1974 sha1_array_clear(&ref);
1975 free((void *)push_cert_nonce);
1976 return 0;
1977}