1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28};
29enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36};
37static int deny_deletes;
39static int deny_non_fast_forwards;
40static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42static int receive_fsck_objects = -1;
43static int transfer_fsck_objects = -1;
44static struct strbuf fsck_msg_types = STRBUF_INIT;
45static int receive_unpack_limit = -1;
46static int transfer_unpack_limit = -1;
47static int advertise_atomic_push = 1;
48static int advertise_push_options;
49static int unpack_limit = 100;
50static off_t max_input_size;
51static int report_status;
52static int use_sideband;
53static int use_atomic;
54static int use_push_options;
55static int quiet;
56static int prefer_ofs_delta = 1;
57static int auto_update_server_info;
58static int auto_gc = 1;
59static int reject_thin;
60static int stateless_rpc;
61static const char *service_dir;
62static const char *head_name;
63static void *head_name_to_free;
64static int sent_capabilities;
65static int shallow_update;
66static const char *alt_shallow_file;
67static struct strbuf push_cert = STRBUF_INIT;
68static unsigned char push_cert_sha1[20];
69static struct signature_check sigcheck;
70static const char *push_cert_nonce;
71static const char *cert_nonce_seed;
72static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74static const char *NONCE_BAD = "BAD";
75static const char *NONCE_MISSING = "MISSING";
76static const char *NONCE_OK = "OK";
77static const char *NONCE_SLOP = "SLOP";
78static const char *nonce_status;
79static long nonce_stamp_slop;
80static unsigned long nonce_stamp_slop_limit;
81static struct ref_transaction *transaction;
82static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87} use_keepalive;
88static int keepalive_in_sec = 5;
89static struct tmp_objdir *tmp_objdir;
91static enum deny_action parse_deny_action(const char *var, const char *value)
93{
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107}
108static int receive_pack_config(const char *var, const char *value, void *cb)
110{
111 int status = parse_hide_refs_config(var, value, "receive");
112 if (status)
114 return status;
115 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223 return git_default_config(var, value, cb);
225}
226static void show_ref(const char *path, const unsigned char *sha1)
228{
229 if (sent_capabilities) {
230 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250}
251static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254{
255 const char *path = strip_namespace(path_full);
256 if (ref_is_hidden(path, path_full))
258 return 0;
259 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272}
273static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275{
276 show_ref(".have", sha1);
277 return 0;
278}
279static void collect_one_alternate_ref(const struct ref *ref, void *data)
281{
282 struct sha1_array *sa = data;
283 sha1_array_append(sa, ref->old_oid.hash);
284}
285static void write_head_info(void)
287{
288 struct sha1_array sa = SHA1_ARRAY_INIT;
289 for_each_alternate_ref(collect_one_alternate_ref, &sa);
291 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
292 sha1_array_clear(&sa);
293 for_each_ref(show_ref_cb, NULL);
294 if (!sent_capabilities)
295 show_ref("capabilities^{}", null_sha1);
296 advertise_shallow_grafts(1);
298 /* EOF */
300 packet_flush(1);
301}
302struct command {
304 struct command *next;
305 const char *error_string;
306 unsigned int skip_update:1,
307 did_not_exist:1;
308 int index;
309 unsigned char old_sha1[20];
310 unsigned char new_sha1[20];
311 char ref_name[FLEX_ARRAY]; /* more */
312};
313static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
315static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
316static void report_message(const char *prefix, const char *err, va_list params)
318{
319 int sz;
320 char msg[4096];
321 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
323 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
324 if (sz > (sizeof(msg) - 1))
325 sz = sizeof(msg) - 1;
326 msg[sz++] = '\n';
327 if (use_sideband)
329 send_sideband(1, 2, msg, sz, use_sideband);
330 else
331 xwrite(2, msg, sz);
332}
333static void rp_warning(const char *err, ...)
335{
336 va_list params;
337 va_start(params, err);
338 report_message("warning: ", err, params);
339 va_end(params);
340}
341static void rp_error(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("error: ", err, params);
347 va_end(params);
348}
349static int copy_to_sideband(int in, int out, void *arg)
351{
352 char data[128];
353 int keepalive_active = 0;
354 if (keepalive_in_sec <= 0)
356 use_keepalive = KEEPALIVE_NEVER;
357 if (use_keepalive == KEEPALIVE_ALWAYS)
358 keepalive_active = 1;
359 while (1) {
361 ssize_t sz;
362 if (keepalive_active) {
364 struct pollfd pfd;
365 int ret;
366 pfd.fd = in;
368 pfd.events = POLLIN;
369 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
370 if (ret < 0) {
372 if (errno == EINTR)
373 continue;
374 else
375 break;
376 } else if (ret == 0) {
377 /* no data; send a keepalive packet */
378 static const char buf[] = "0005\1";
379 write_or_die(1, buf, sizeof(buf) - 1);
380 continue;
381 } /* else there is actual data to read */
382 }
383 sz = xread(in, data, sizeof(data));
385 if (sz <= 0)
386 break;
387 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
389 const char *p = memchr(data, '\0', sz);
390 if (p) {
391 /*
392 * The NUL tells us to start sending keepalives. Make
393 * sure we send any other data we read along
394 * with it.
395 */
396 keepalive_active = 1;
397 send_sideband(1, 2, data, p - data, use_sideband);
398 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
399 continue;
400 }
401 }
402 /*
404 * Either we're not looking for a NUL signal, or we didn't see
405 * it yet; just pass along the data.
406 */
407 send_sideband(1, 2, data, sz, use_sideband);
408 }
409 close(in);
410 return 0;
411}
412#define HMAC_BLOCK_SIZE 64
414static void hmac_sha1(unsigned char *out,
416 const char *key_in, size_t key_len,
417 const char *text, size_t text_len)
418{
419 unsigned char key[HMAC_BLOCK_SIZE];
420 unsigned char k_ipad[HMAC_BLOCK_SIZE];
421 unsigned char k_opad[HMAC_BLOCK_SIZE];
422 int i;
423 git_SHA_CTX ctx;
424 /* RFC 2104 2. (1) */
426 memset(key, '\0', HMAC_BLOCK_SIZE);
427 if (HMAC_BLOCK_SIZE < key_len) {
428 git_SHA1_Init(&ctx);
429 git_SHA1_Update(&ctx, key_in, key_len);
430 git_SHA1_Final(key, &ctx);
431 } else {
432 memcpy(key, key_in, key_len);
433 }
434 /* RFC 2104 2. (2) & (5) */
436 for (i = 0; i < sizeof(key); i++) {
437 k_ipad[i] = key[i] ^ 0x36;
438 k_opad[i] = key[i] ^ 0x5c;
439 }
440 /* RFC 2104 2. (3) & (4) */
442 git_SHA1_Init(&ctx);
443 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
444 git_SHA1_Update(&ctx, text, text_len);
445 git_SHA1_Final(out, &ctx);
446 /* RFC 2104 2. (6) & (7) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
450 git_SHA1_Update(&ctx, out, 20);
451 git_SHA1_Final(out, &ctx);
452}
453static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
455{
456 struct strbuf buf = STRBUF_INIT;
457 unsigned char sha1[20];
458 strbuf_addf(&buf, "%s:%lu", path, stamp);
460 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
461 strbuf_release(&buf);
462 /* RFC 2104 5. HMAC-SHA1-80 */
464 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
465 return strbuf_detach(&buf, NULL);
466}
467/*
469 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
470 * after dropping "_commit" from its name and possibly moving it out
471 * of commit.c
472 */
473static char *find_header(const char *msg, size_t len, const char *key)
474{
475 int key_len = strlen(key);
476 const char *line = msg;
477 while (line && line < msg + len) {
479 const char *eol = strchrnul(line, '\n');
480 if ((msg + len <= eol) || line == eol)
482 return NULL;
483 if (line + key_len < eol &&
484 !memcmp(line, key, key_len) && line[key_len] == ' ') {
485 int offset = key_len + 1;
486 return xmemdupz(line + offset, (eol - line) - offset);
487 }
488 line = *eol ? eol + 1 : NULL;
489 }
490 return NULL;
491}
492static const char *check_nonce(const char *buf, size_t len)
494{
495 char *nonce = find_header(buf, len, "nonce");
496 unsigned long stamp, ostamp;
497 char *bohmac, *expect = NULL;
498 const char *retval = NONCE_BAD;
499 if (!nonce) {
501 retval = NONCE_MISSING;
502 goto leave;
503 } else if (!push_cert_nonce) {
504 retval = NONCE_UNSOLICITED;
505 goto leave;
506 } else if (!strcmp(push_cert_nonce, nonce)) {
507 retval = NONCE_OK;
508 goto leave;
509 }
510 if (!stateless_rpc) {
512 /* returned nonce MUST match what we gave out earlier */
513 retval = NONCE_BAD;
514 goto leave;
515 }
516 /*
518 * In stateless mode, we may be receiving a nonce issued by
519 * another instance of the server that serving the same
520 * repository, and the timestamps may not match, but the
521 * nonce-seed and dir should match, so we can recompute and
522 * report the time slop.
523 *
524 * In addition, when a nonce issued by another instance has
525 * timestamp within receive.certnonceslop seconds, we pretend
526 * as if we issued that nonce when reporting to the hook.
527 */
528 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
530 if (*nonce <= '0' || '9' < *nonce) {
531 retval = NONCE_BAD;
532 goto leave;
533 }
534 stamp = strtoul(nonce, &bohmac, 10);
535 if (bohmac == nonce || bohmac[0] != '-') {
536 retval = NONCE_BAD;
537 goto leave;
538 }
539 expect = prepare_push_cert_nonce(service_dir, stamp);
541 if (strcmp(expect, nonce)) {
542 /* Not what we would have signed earlier */
543 retval = NONCE_BAD;
544 goto leave;
545 }
546 /*
548 * By how many seconds is this nonce stale? Negative value
549 * would mean it was issued by another server with its clock
550 * skewed in the future.
551 */
552 ostamp = strtoul(push_cert_nonce, NULL, 10);
553 nonce_stamp_slop = (long)ostamp - (long)stamp;
554 if (nonce_stamp_slop_limit &&
556 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
557 /*
558 * Pretend as if the received nonce (which passes the
559 * HMAC check, so it is not a forged by third-party)
560 * is what we issued.
561 */
562 free((void *)push_cert_nonce);
563 push_cert_nonce = xstrdup(nonce);
564 retval = NONCE_OK;
565 } else {
566 retval = NONCE_SLOP;
567 }
568leave:
570 free(nonce);
571 free(expect);
572 return retval;
573}
574static void prepare_push_cert_sha1(struct child_process *proc)
576{
577 static int already_done;
578 if (!push_cert.len)
580 return;
581 if (!already_done) {
583 struct strbuf gpg_output = STRBUF_INIT;
584 struct strbuf gpg_status = STRBUF_INIT;
585 int bogs /* beginning_of_gpg_sig */;
586 already_done = 1;
588 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
589 hashclr(push_cert_sha1);
590 memset(&sigcheck, '\0', sizeof(sigcheck));
592 sigcheck.result = 'N';
593 bogs = parse_signature(push_cert.buf, push_cert.len);
595 if (verify_signed_buffer(push_cert.buf, bogs,
596 push_cert.buf + bogs, push_cert.len - bogs,
597 &gpg_output, &gpg_status) < 0) {
598 ; /* error running gpg */
599 } else {
600 sigcheck.payload = push_cert.buf;
601 sigcheck.gpg_output = gpg_output.buf;
602 sigcheck.gpg_status = gpg_status.buf;
603 parse_gpg_output(&sigcheck);
604 }
605 strbuf_release(&gpg_output);
607 strbuf_release(&gpg_status);
608 nonce_status = check_nonce(push_cert.buf, bogs);
609 }
610 if (!is_null_sha1(push_cert_sha1)) {
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
612 sha1_to_hex(push_cert_sha1));
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
614 sigcheck.signer ? sigcheck.signer : "");
615 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
616 sigcheck.key ? sigcheck.key : "");
617 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
618 sigcheck.result);
619 if (push_cert_nonce) {
620 argv_array_pushf(&proc->env_array,
621 "GIT_PUSH_CERT_NONCE=%s",
622 push_cert_nonce);
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_STATUS=%s",
625 nonce_status);
626 if (nonce_status == NONCE_SLOP)
627 argv_array_pushf(&proc->env_array,
628 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
629 nonce_stamp_slop);
630 }
631 }
632}
633struct receive_hook_feed_state {
635 struct command *cmd;
636 int skip_broken;
637 struct strbuf buf;
638 const struct string_list *push_options;
639};
640typedef int (*feed_fn)(void *, const char **, size_t *);
642static int run_and_feed_hook(const char *hook_name, feed_fn feed,
643 struct receive_hook_feed_state *feed_state)
644{
645 struct child_process proc = CHILD_PROCESS_INIT;
646 struct async muxer;
647 const char *argv[2];
648 int code;
649 argv[0] = find_hook(hook_name);
651 if (!argv[0])
652 return 0;
653 argv[1] = NULL;
655 proc.argv = argv;
657 proc.in = -1;
658 proc.stdout_to_stderr = 1;
659 if (feed_state->push_options) {
660 int i;
661 for (i = 0; i < feed_state->push_options->nr; i++)
662 argv_array_pushf(&proc.env_array,
663 "GIT_PUSH_OPTION_%d=%s", i,
664 feed_state->push_options->items[i].string);
665 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
666 feed_state->push_options->nr);
667 } else
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
669 if (tmp_objdir)
671 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
672 if (use_sideband) {
674 memset(&muxer, 0, sizeof(muxer));
675 muxer.proc = copy_to_sideband;
676 muxer.in = -1;
677 code = start_async(&muxer);
678 if (code)
679 return code;
680 proc.err = muxer.in;
681 }
682 prepare_push_cert_sha1(&proc);
684 code = start_command(&proc);
686 if (code) {
687 if (use_sideband)
688 finish_async(&muxer);
689 return code;
690 }
691 sigchain_push(SIGPIPE, SIG_IGN);
693 while (1) {
695 const char *buf;
696 size_t n;
697 if (feed(feed_state, &buf, &n))
698 break;
699 if (write_in_full(proc.in, buf, n) != n)
700 break;
701 }
702 close(proc.in);
703 if (use_sideband)
704 finish_async(&muxer);
705 sigchain_pop(SIGPIPE);
707 return finish_command(&proc);
709}
710static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
712{
713 struct receive_hook_feed_state *state = state_;
714 struct command *cmd = state->cmd;
715 while (cmd &&
717 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
718 cmd = cmd->next;
719 if (!cmd)
720 return -1; /* EOF */
721 strbuf_reset(&state->buf);
722 strbuf_addf(&state->buf, "%s %s %s\n",
723 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
724 cmd->ref_name);
725 state->cmd = cmd->next;
726 if (bufp) {
727 *bufp = state->buf.buf;
728 *sizep = state->buf.len;
729 }
730 return 0;
731}
732static int run_receive_hook(struct command *commands,
734 const char *hook_name,
735 int skip_broken,
736 const struct string_list *push_options)
737{
738 struct receive_hook_feed_state state;
739 int status;
740 strbuf_init(&state.buf, 0);
742 state.cmd = commands;
743 state.skip_broken = skip_broken;
744 if (feed_receive_hook(&state, NULL, NULL))
745 return 0;
746 state.cmd = commands;
747 state.push_options = push_options;
748 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
749 strbuf_release(&state.buf);
750 return status;
751}
752static int run_update_hook(struct command *cmd)
754{
755 const char *argv[5];
756 struct child_process proc = CHILD_PROCESS_INIT;
757 int code;
758 argv[0] = find_hook("update");
760 if (!argv[0])
761 return 0;
762 argv[1] = cmd->ref_name;
764 argv[2] = sha1_to_hex(cmd->old_sha1);
765 argv[3] = sha1_to_hex(cmd->new_sha1);
766 argv[4] = NULL;
767 proc.no_stdin = 1;
769 proc.stdout_to_stderr = 1;
770 proc.err = use_sideband ? -1 : 0;
771 proc.argv = argv;
772 proc.env = tmp_objdir_env(tmp_objdir);
773 code = start_command(&proc);
775 if (code)
776 return code;
777 if (use_sideband)
778 copy_to_sideband(proc.err, -1, NULL);
779 return finish_command(&proc);
780}
781static int is_ref_checked_out(const char *ref)
783{
784 if (is_bare_repository())
785 return 0;
786 if (!head_name)
788 return 0;
789 return !strcmp(head_name, ref);
790}
791static char *refuse_unconfigured_deny_msg =
793 N_("By default, updating the current branch in a non-bare repository\n"
794 "is denied, because it will make the index and work tree inconsistent\n"
795 "with what you pushed, and will require 'git reset --hard' to match\n"
796 "the work tree to HEAD.\n"
797 "\n"
798 "You can set 'receive.denyCurrentBranch' configuration variable to\n"
799 "'ignore' or 'warn' in the remote repository to allow pushing into\n"
800 "its current branch; however, this is not recommended unless you\n"
801 "arranged to update its work tree to match what you pushed in some\n"
802 "other way.\n"
803 "\n"
804 "To squelch this message and still keep the default behaviour, set\n"
805 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
806static void refuse_unconfigured_deny(void)
808{
809 rp_error("%s", _(refuse_unconfigured_deny_msg));
810}
811static char *refuse_unconfigured_deny_delete_current_msg =
813 N_("By default, deleting the current branch is denied, because the next\n"
814 "'git clone' won't result in any file checked out, causing confusion.\n"
815 "\n"
816 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
817 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
818 "current branch, with or without a warning message.\n"
819 "\n"
820 "To squelch this message, you can set it to 'refuse'.");
821static void refuse_unconfigured_deny_delete_current(void)
823{
824 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
825}
826static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
828static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
829{
830 static struct lock_file shallow_lock;
831 struct sha1_array extra = SHA1_ARRAY_INIT;
832 struct check_connected_options opt = CHECK_CONNECTED_INIT;
833 uint32_t mask = 1 << (cmd->index % 32);
834 int i;
835 trace_printf_key(&trace_shallow,
837 "shallow: update_shallow_ref %s\n", cmd->ref_name);
838 for (i = 0; i < si->shallow->nr; i++)
839 if (si->used_shallow[i] &&
840 (si->used_shallow[i][cmd->index / 32] & mask) &&
841 !delayed_reachability_test(si, i))
842 sha1_array_append(&extra, si->shallow->sha1[i]);
843 opt.env = tmp_objdir_env(tmp_objdir);
845 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
846 if (check_connected(command_singleton_iterator, cmd, &opt)) {
847 rollback_lock_file(&shallow_lock);
848 sha1_array_clear(&extra);
849 return -1;
850 }
851 commit_lock_file(&shallow_lock);
853 /*
855 * Make sure setup_alternate_shallow() for the next ref does
856 * not lose these new roots..
857 */
858 for (i = 0; i < extra.nr; i++)
859 register_shallow(extra.sha1[i]);
860 si->shallow_ref[cmd->index] = 0;
862 sha1_array_clear(&extra);
863 return 0;
864}
865/*
867 * NEEDSWORK: we should consolidate various implementions of "are we
868 * on an unborn branch?" test into one, and make the unified one more
869 * robust. !get_sha1() based check used here and elsewhere would not
870 * allow us to tell an unborn branch from corrupt ref, for example.
871 * For the purpose of fixing "deploy-to-update does not work when
872 * pushing into an empty repository" issue, this should suffice for
873 * now.
874 */
875static int head_has_history(void)
876{
877 unsigned char sha1[20];
878 return !get_sha1("HEAD", sha1);
880}
881static const char *push_to_deploy(unsigned char *sha1,
883 struct argv_array *env,
884 const char *work_tree)
885{
886 const char *update_refresh[] = {
887 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
888 };
889 const char *diff_files[] = {
890 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
891 };
892 const char *diff_index[] = {
893 "diff-index", "--quiet", "--cached", "--ignore-submodules",
894 NULL, "--", NULL
895 };
896 const char *read_tree[] = {
897 "read-tree", "-u", "-m", NULL, NULL
898 };
899 struct child_process child = CHILD_PROCESS_INIT;
900 child.argv = update_refresh;
902 child.env = env->argv;
903 child.dir = work_tree;
904 child.no_stdin = 1;
905 child.stdout_to_stderr = 1;
906 child.git_cmd = 1;
907 if (run_command(&child))
908 return "Up-to-date check failed";
909 /* run_command() does not clean up completely; reinitialize */
911 child_process_init(&child);
912 child.argv = diff_files;
913 child.env = env->argv;
914 child.dir = work_tree;
915 child.no_stdin = 1;
916 child.stdout_to_stderr = 1;
917 child.git_cmd = 1;
918 if (run_command(&child))
919 return "Working directory has unstaged changes";
920 /* diff-index with either HEAD or an empty tree */
922 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
923 child_process_init(&child);
925 child.argv = diff_index;
926 child.env = env->argv;
927 child.no_stdin = 1;
928 child.no_stdout = 1;
929 child.stdout_to_stderr = 0;
930 child.git_cmd = 1;
931 if (run_command(&child))
932 return "Working directory has staged changes";
933 read_tree[3] = sha1_to_hex(sha1);
935 child_process_init(&child);
936 child.argv = read_tree;
937 child.env = env->argv;
938 child.dir = work_tree;
939 child.no_stdin = 1;
940 child.no_stdout = 1;
941 child.stdout_to_stderr = 0;
942 child.git_cmd = 1;
943 if (run_command(&child))
944 return "Could not update working tree to new HEAD";
945 return NULL;
947}
948static const char *push_to_checkout_hook = "push-to-checkout";
950static const char *push_to_checkout(unsigned char *sha1,
952 struct argv_array *env,
953 const char *work_tree)
954{
955 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
956 if (run_hook_le(env->argv, push_to_checkout_hook,
957 sha1_to_hex(sha1), NULL))
958 return "push-to-checkout hook declined";
959 else
960 return NULL;
961}
962static const char *update_worktree(unsigned char *sha1)
964{
965 const char *retval;
966 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
967 struct argv_array env = ARGV_ARRAY_INIT;
968 if (is_bare_repository())
970 return "denyCurrentBranch = updateInstead needs a worktree";
971 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
973 if (!find_hook(push_to_checkout_hook))
975 retval = push_to_deploy(sha1, &env, work_tree);
976 else
977 retval = push_to_checkout(sha1, &env, work_tree);
978 argv_array_clear(&env);
980 return retval;
981}
982static const char *update(struct command *cmd, struct shallow_info *si)
984{
985 const char *name = cmd->ref_name;
986 struct strbuf namespaced_name_buf = STRBUF_INIT;
987 const char *namespaced_name, *ret;
988 unsigned char *old_sha1 = cmd->old_sha1;
989 unsigned char *new_sha1 = cmd->new_sha1;
990 /* only refs/... are allowed */
992 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
993 rp_error("refusing to create funny ref '%s' remotely", name);
994 return "funny refname";
995 }
996 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
998 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
999 if (is_ref_checked_out(namespaced_name)) {
1001 switch (deny_current_branch) {
1002 case DENY_IGNORE:
1003 break;
1004 case DENY_WARN:
1005 rp_warning("updating the current branch");
1006 break;
1007 case DENY_REFUSE:
1008 case DENY_UNCONFIGURED:
1009 rp_error("refusing to update checked out branch: %s", name);
1010 if (deny_current_branch == DENY_UNCONFIGURED)
1011 refuse_unconfigured_deny();
1012 return "branch is currently checked out";
1013 case DENY_UPDATE_INSTEAD:
1014 ret = update_worktree(new_sha1);
1015 if (ret)
1016 return ret;
1017 break;
1018 }
1019 }
1020 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1022 error("unpack should have generated %s, "
1023 "but I can't find it!", sha1_to_hex(new_sha1));
1024 return "bad pack";
1025 }
1026 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1028 if (deny_deletes && starts_with(name, "refs/heads/")) {
1029 rp_error("denying ref deletion for %s", name);
1030 return "deletion prohibited";
1031 }
1032 if (head_name && !strcmp(namespaced_name, head_name)) {
1034 switch (deny_delete_current) {
1035 case DENY_IGNORE:
1036 break;
1037 case DENY_WARN:
1038 rp_warning("deleting the current branch");
1039 break;
1040 case DENY_REFUSE:
1041 case DENY_UNCONFIGURED:
1042 case DENY_UPDATE_INSTEAD:
1043 if (deny_delete_current == DENY_UNCONFIGURED)
1044 refuse_unconfigured_deny_delete_current();
1045 rp_error("refusing to delete the current branch: %s", name);
1046 return "deletion of the current branch prohibited";
1047 default:
1048 return "Invalid denyDeleteCurrent setting";
1049 }
1050 }
1051 }
1052 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1054 !is_null_sha1(old_sha1) &&
1055 starts_with(name, "refs/heads/")) {
1056 struct object *old_object, *new_object;
1057 struct commit *old_commit, *new_commit;
1058 old_object = parse_object(old_sha1);
1060 new_object = parse_object(new_sha1);
1061 if (!old_object || !new_object ||
1063 old_object->type != OBJ_COMMIT ||
1064 new_object->type != OBJ_COMMIT) {
1065 error("bad sha1 objects for %s", name);
1066 return "bad ref";
1067 }
1068 old_commit = (struct commit *)old_object;
1069 new_commit = (struct commit *)new_object;
1070 if (!in_merge_bases(old_commit, new_commit)) {
1071 rp_error("denying non-fast-forward %s"
1072 " (you should pull first)", name);
1073 return "non-fast-forward";
1074 }
1075 }
1076 if (run_update_hook(cmd)) {
1077 rp_error("hook declined to update %s", name);
1078 return "hook declined";
1079 }
1080 if (is_null_sha1(new_sha1)) {
1082 struct strbuf err = STRBUF_INIT;
1083 if (!parse_object(old_sha1)) {
1084 old_sha1 = NULL;
1085 if (ref_exists(name)) {
1086 rp_warning("Allowing deletion of corrupt ref.");
1087 } else {
1088 rp_warning("Deleting a non-existent ref.");
1089 cmd->did_not_exist = 1;
1090 }
1091 }
1092 if (ref_transaction_delete(transaction,
1093 namespaced_name,
1094 old_sha1,
1095 0, "push", &err)) {
1096 rp_error("%s", err.buf);
1097 strbuf_release(&err);
1098 return "failed to delete";
1099 }
1100 strbuf_release(&err);
1101 return NULL; /* good */
1102 }
1103 else {
1104 struct strbuf err = STRBUF_INIT;
1105 if (shallow_update && si->shallow_ref[cmd->index] &&
1106 update_shallow_ref(cmd, si))
1107 return "shallow error";
1108 if (ref_transaction_update(transaction,
1110 namespaced_name,
1111 new_sha1, old_sha1,
1112 0, "push",
1113 &err)) {
1114 rp_error("%s", err.buf);
1115 strbuf_release(&err);
1116 return "failed to update ref";
1118 }
1119 strbuf_release(&err);
1120 return NULL; /* good */
1122 }
1123}
1124static void run_update_post_hook(struct command *commands)
1126{
1127 struct command *cmd;
1128 int argc;
1129 struct child_process proc = CHILD_PROCESS_INIT;
1130 const char *hook;
1131 hook = find_hook("post-update");
1133 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1134 if (cmd->error_string || cmd->did_not_exist)
1135 continue;
1136 argc++;
1137 }
1138 if (!argc || !hook)
1139 return;
1140 argv_array_push(&proc.args, hook);
1142 for (cmd = commands; cmd; cmd = cmd->next) {
1143 if (cmd->error_string || cmd->did_not_exist)
1144 continue;
1145 argv_array_push(&proc.args, cmd->ref_name);
1146 }
1147 proc.no_stdin = 1;
1149 proc.stdout_to_stderr = 1;
1150 proc.err = use_sideband ? -1 : 0;
1151 if (!start_command(&proc)) {
1153 if (use_sideband)
1154 copy_to_sideband(proc.err, -1, NULL);
1155 finish_command(&proc);
1156 }
1157}
1158static void check_aliased_update(struct command *cmd, struct string_list *list)
1160{
1161 struct strbuf buf = STRBUF_INIT;
1162 const char *dst_name;
1163 struct string_list_item *item;
1164 struct command *dst_cmd;
1165 unsigned char sha1[GIT_SHA1_RAWSZ];
1166 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1167 cmd_newh[GIT_SHA1_HEXSZ + 1],
1168 dst_oldh[GIT_SHA1_HEXSZ + 1],
1169 dst_newh[GIT_SHA1_HEXSZ + 1];
1170 int flag;
1171 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1173 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1174 strbuf_release(&buf);
1175 if (!(flag & REF_ISSYMREF))
1177 return;
1178 if (!dst_name) {
1180 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1181 cmd->skip_update = 1;
1182 cmd->error_string = "broken symref";
1183 return;
1184 }
1185 dst_name = strip_namespace(dst_name);
1186 if ((item = string_list_lookup(list, dst_name)) == NULL)
1188 return;
1189 cmd->skip_update = 1;
1191 dst_cmd = (struct command *) item->util;
1193 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1195 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1196 return;
1197 dst_cmd->skip_update = 1;
1199 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1201 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1202 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1203 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1204 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1205 " its target '%s' (%s..%s)",
1206 cmd->ref_name, cmd_oldh, cmd_newh,
1207 dst_cmd->ref_name, dst_oldh, dst_newh);
1208 cmd->error_string = dst_cmd->error_string =
1210 "inconsistent aliased update";
1211}
1212static void check_aliased_updates(struct command *commands)
1214{
1215 struct command *cmd;
1216 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1217 for (cmd = commands; cmd; cmd = cmd->next) {
1219 struct string_list_item *item =
1220 string_list_append(&ref_list, cmd->ref_name);
1221 item->util = (void *)cmd;
1222 }
1223 string_list_sort(&ref_list);
1224 for (cmd = commands; cmd; cmd = cmd->next) {
1226 if (!cmd->error_string)
1227 check_aliased_update(cmd, &ref_list);
1228 }
1229 string_list_clear(&ref_list, 0);
1231}
1232static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1234{
1235 struct command **cmd_list = cb_data;
1236 struct command *cmd = *cmd_list;
1237 if (!cmd || is_null_sha1(cmd->new_sha1))
1239 return -1; /* end of list */
1240 *cmd_list = NULL; /* this returns only one */
1241 hashcpy(sha1, cmd->new_sha1);
1242 return 0;
1243}
1244static void set_connectivity_errors(struct command *commands,
1246 struct shallow_info *si)
1247{
1248 struct command *cmd;
1249 for (cmd = commands; cmd; cmd = cmd->next) {
1251 struct command *singleton = cmd;
1252 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1253 if (shallow_update && si->shallow_ref[cmd->index])
1255 /* to be checked in update_shallow_ref() */
1256 continue;
1257 opt.env = tmp_objdir_env(tmp_objdir);
1259 if (!check_connected(command_singleton_iterator, &singleton,
1260 &opt))
1261 continue;
1262 cmd->error_string = "missing necessary objects";
1264 }
1265}
1266struct iterate_data {
1268 struct command *cmds;
1269 struct shallow_info *si;
1270};
1271static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1273{
1274 struct iterate_data *data = cb_data;
1275 struct command **cmd_list = &data->cmds;
1276 struct command *cmd = *cmd_list;
1277 for (; cmd; cmd = cmd->next) {
1279 if (shallow_update && data->si->shallow_ref[cmd->index])
1280 /* to be checked in update_shallow_ref() */
1281 continue;
1282 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1283 hashcpy(sha1, cmd->new_sha1);
1284 *cmd_list = cmd->next;
1285 return 0;
1286 }
1287 }
1288 *cmd_list = NULL;
1289 return -1; /* end of list */
1290}
1291static void reject_updates_to_hidden(struct command *commands)
1293{
1294 struct strbuf refname_full = STRBUF_INIT;
1295 size_t prefix_len;
1296 struct command *cmd;
1297 strbuf_addstr(&refname_full, get_git_namespace());
1299 prefix_len = refname_full.len;
1300 for (cmd = commands; cmd; cmd = cmd->next) {
1302 if (cmd->error_string)
1303 continue;
1304 strbuf_setlen(&refname_full, prefix_len);
1306 strbuf_addstr(&refname_full, cmd->ref_name);
1307 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1309 continue;
1310 if (is_null_sha1(cmd->new_sha1))
1311 cmd->error_string = "deny deleting a hidden ref";
1312 else
1313 cmd->error_string = "deny updating a hidden ref";
1314 }
1315 strbuf_release(&refname_full);
1317}
1318static int should_process_cmd(struct command *cmd)
1320{
1321 return !cmd->error_string && !cmd->skip_update;
1322}
1323static void warn_if_skipped_connectivity_check(struct command *commands,
1325 struct shallow_info *si)
1326{
1327 struct command *cmd;
1328 int checked_connectivity = 1;
1329 for (cmd = commands; cmd; cmd = cmd->next) {
1331 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1332 error("BUG: connectivity check has not been run on ref %s",
1333 cmd->ref_name);
1334 checked_connectivity = 0;
1335 }
1336 }
1337 if (!checked_connectivity)
1338 die("BUG: connectivity check skipped???");
1339}
1340static void execute_commands_non_atomic(struct command *commands,
1342 struct shallow_info *si)
1343{
1344 struct command *cmd;
1345 struct strbuf err = STRBUF_INIT;
1346 for (cmd = commands; cmd; cmd = cmd->next) {
1348 if (!should_process_cmd(cmd))
1349 continue;
1350 transaction = ref_transaction_begin(&err);
1352 if (!transaction) {
1353 rp_error("%s", err.buf);
1354 strbuf_reset(&err);
1355 cmd->error_string = "transaction failed to start";
1356 continue;
1357 }
1358 cmd->error_string = update(cmd, si);
1360 if (!cmd->error_string
1362 && ref_transaction_commit(transaction, &err)) {
1363 rp_error("%s", err.buf);
1364 strbuf_reset(&err);
1365 cmd->error_string = "failed to update ref";
1366 }
1367 ref_transaction_free(transaction);
1368 }
1369 strbuf_release(&err);
1370}
1371static void execute_commands_atomic(struct command *commands,
1373 struct shallow_info *si)
1374{
1375 struct command *cmd;
1376 struct strbuf err = STRBUF_INIT;
1377 const char *reported_error = "atomic push failure";
1378 transaction = ref_transaction_begin(&err);
1380 if (!transaction) {
1381 rp_error("%s", err.buf);
1382 strbuf_reset(&err);
1383 reported_error = "transaction failed to start";
1384 goto failure;
1385 }
1386 for (cmd = commands; cmd; cmd = cmd->next) {
1388 if (!should_process_cmd(cmd))
1389 continue;
1390 cmd->error_string = update(cmd, si);
1392 if (cmd->error_string)
1394 goto failure;
1395 }
1396 if (ref_transaction_commit(transaction, &err)) {
1398 rp_error("%s", err.buf);
1399 reported_error = "atomic transaction failed";
1400 goto failure;
1401 }
1402 goto cleanup;
1403failure:
1405 for (cmd = commands; cmd; cmd = cmd->next)
1406 if (!cmd->error_string)
1407 cmd->error_string = reported_error;
1408cleanup:
1410 ref_transaction_free(transaction);
1411 strbuf_release(&err);
1412}
1413static void execute_commands(struct command *commands,
1415 const char *unpacker_error,
1416 struct shallow_info *si,
1417 const struct string_list *push_options)
1418{
1419 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1420 struct command *cmd;
1421 unsigned char sha1[20];
1422 struct iterate_data data;
1423 struct async muxer;
1424 int err_fd = 0;
1425 if (unpacker_error) {
1427 for (cmd = commands; cmd; cmd = cmd->next)
1428 cmd->error_string = "unpacker error";
1429 return;
1430 }
1431 if (use_sideband) {
1433 memset(&muxer, 0, sizeof(muxer));
1434 muxer.proc = copy_to_sideband;
1435 muxer.in = -1;
1436 if (!start_async(&muxer))
1437 err_fd = muxer.in;
1438 /* ...else, continue without relaying sideband */
1439 }
1440 data.cmds = commands;
1442 data.si = si;
1443 opt.err_fd = err_fd;
1444 opt.progress = err_fd && !quiet;
1445 opt.env = tmp_objdir_env(tmp_objdir);
1446 if (check_connected(iterate_receive_command_list, &data, &opt))
1447 set_connectivity_errors(commands, si);
1448 if (use_sideband)
1450 finish_async(&muxer);
1451 reject_updates_to_hidden(commands);
1453 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1455 for (cmd = commands; cmd; cmd = cmd->next) {
1456 if (!cmd->error_string)
1457 cmd->error_string = "pre-receive hook declined";
1458 }
1459 return;
1460 }
1461 /*
1463 * Now we'll start writing out refs, which means the objects need
1464 * to be in their final positions so that other processes can see them.
1465 */
1466 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1467 for (cmd = commands; cmd; cmd = cmd->next) {
1468 if (!cmd->error_string)
1469 cmd->error_string = "unable to migrate objects to permanent storage";
1470 }
1471 return;
1472 }
1473 tmp_objdir = NULL;
1474 check_aliased_updates(commands);
1476 free(head_name_to_free);
1478 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1479 if (use_atomic)
1481 execute_commands_atomic(commands, si);
1482 else
1483 execute_commands_non_atomic(commands, si);
1484 if (shallow_update)
1486 warn_if_skipped_connectivity_check(commands, si);
1487}
1488static struct command **queue_command(struct command **tail,
1490 const char *line,
1491 int linelen)
1492{
1493 unsigned char old_sha1[20], new_sha1[20];
1494 struct command *cmd;
1495 const char *refname;
1496 int reflen;
1497 if (linelen < 83 ||
1499 line[40] != ' ' ||
1500 line[81] != ' ' ||
1501 get_sha1_hex(line, old_sha1) ||
1502 get_sha1_hex(line + 41, new_sha1))
1503 die("protocol error: expected old/new/ref, got '%s'", line);
1504 refname = line + 82;
1506 reflen = linelen - 82;
1507 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1508 hashcpy(cmd->old_sha1, old_sha1);
1509 hashcpy(cmd->new_sha1, new_sha1);
1510 *tail = cmd;
1511 return &cmd->next;
1512}
1513static void queue_commands_from_cert(struct command **tail,
1515 struct strbuf *push_cert)
1516{
1517 const char *boc, *eoc;
1518 if (*tail)
1520 die("protocol error: got both push certificate and unsigned commands");
1521 boc = strstr(push_cert->buf, "\n\n");
1523 if (!boc)
1524 die("malformed push certificate %.*s", 100, push_cert->buf);
1525 else
1526 boc += 2;
1527 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1528 while (boc < eoc) {
1530 const char *eol = memchr(boc, '\n', eoc - boc);
1531 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1532 boc = eol ? eol + 1 : eoc;
1533 }
1534}
1535static struct command *read_head_info(struct sha1_array *shallow)
1537{
1538 struct command *commands = NULL;
1539 struct command **p = &commands;
1540 for (;;) {
1541 char *line;
1542 int len, linelen;
1543 line = packet_read_line(0, &len);
1545 if (!line)
1546 break;
1547 if (len == 48 && starts_with(line, "shallow ")) {
1549 unsigned char sha1[20];
1550 if (get_sha1_hex(line + 8, sha1))
1551 die("protocol error: expected shallow sha, got '%s'",
1552 line + 8);
1553 sha1_array_append(shallow, sha1);
1554 continue;
1555 }
1556 linelen = strlen(line);
1558 if (linelen < len) {
1559 const char *feature_list = line + linelen + 1;
1560 if (parse_feature_request(feature_list, "report-status"))
1561 report_status = 1;
1562 if (parse_feature_request(feature_list, "side-band-64k"))
1563 use_sideband = LARGE_PACKET_MAX;
1564 if (parse_feature_request(feature_list, "quiet"))
1565 quiet = 1;
1566 if (advertise_atomic_push
1567 && parse_feature_request(feature_list, "atomic"))
1568 use_atomic = 1;
1569 if (advertise_push_options
1570 && parse_feature_request(feature_list, "push-options"))
1571 use_push_options = 1;
1572 }
1573 if (!strcmp(line, "push-cert")) {
1575 int true_flush = 0;
1576 char certbuf[1024];
1577 for (;;) {
1579 len = packet_read(0, NULL, NULL,
1580 certbuf, sizeof(certbuf), 0);
1581 if (!len) {
1582 true_flush = 1;
1583 break;
1584 }
1585 if (!strcmp(certbuf, "push-cert-end\n"))
1586 break; /* end of cert */
1587 strbuf_addstr(&push_cert, certbuf);
1588 }
1589 if (true_flush)
1591 break;
1592 continue;
1593 }
1594 p = queue_command(p, line, linelen);
1596 }
1597 if (push_cert.len)
1599 queue_commands_from_cert(p, &push_cert);
1600 return commands;
1602}
1603static void read_push_options(struct string_list *options)
1605{
1606 while (1) {
1607 char *line;
1608 int len;
1609 line = packet_read_line(0, &len);
1611 if (!line)
1613 break;
1614 string_list_append(options, line);
1616 }
1617}
1618static const char *parse_pack_header(struct pack_header *hdr)
1620{
1621 switch (read_pack_header(0, hdr)) {
1622 case PH_ERROR_EOF:
1623 return "eof before pack header was fully read";
1624 case PH_ERROR_PACK_SIGNATURE:
1626 return "protocol error (pack signature mismatch detected)";
1627 case PH_ERROR_PROTOCOL:
1629 return "protocol error (pack version unsupported)";
1630 default:
1632 return "unknown error in parse_pack_header";
1633 case 0:
1635 return NULL;
1636 }
1637}
1638static const char *pack_lockfile;
1640static const char *unpack(int err_fd, struct shallow_info *si)
1642{
1643 struct pack_header hdr;
1644 const char *hdr_err;
1645 int status;
1646 char hdr_arg[38];
1647 struct child_process child = CHILD_PROCESS_INIT;
1648 int fsck_objects = (receive_fsck_objects >= 0
1649 ? receive_fsck_objects
1650 : transfer_fsck_objects >= 0
1651 ? transfer_fsck_objects
1652 : 0);
1653 hdr_err = parse_pack_header(&hdr);
1655 if (hdr_err) {
1656 if (err_fd > 0)
1657 close(err_fd);
1658 return hdr_err;
1659 }
1660 snprintf(hdr_arg, sizeof(hdr_arg),
1661 "--pack_header=%"PRIu32",%"PRIu32,
1662 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1663 if (si->nr_ours || si->nr_theirs) {
1665 alt_shallow_file = setup_temporary_shallow(si->shallow);
1666 argv_array_push(&child.args, "--shallow-file");
1667 argv_array_push(&child.args, alt_shallow_file);
1668 }
1669 tmp_objdir = tmp_objdir_create();
1671 if (!tmp_objdir)
1672 return "unable to create temporary object directory";
1673 child.env = tmp_objdir_env(tmp_objdir);
1674 /*
1676 * Normally we just pass the tmp_objdir environment to the child
1677 * processes that do the heavy lifting, but we may need to see these
1678 * objects ourselves to set up shallow information.
1679 */
1680 tmp_objdir_add_as_alternate(tmp_objdir);
1681 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1683 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1684 if (quiet)
1685 argv_array_push(&child.args, "-q");
1686 if (fsck_objects)
1687 argv_array_pushf(&child.args, "--strict%s",
1688 fsck_msg_types.buf);
1689 if (max_input_size)
1690 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1691 (uintmax_t)max_input_size);
1692 child.no_stdout = 1;
1693 child.err = err_fd;
1694 child.git_cmd = 1;
1695 status = run_command(&child);
1696 if (status)
1697 return "unpack-objects abnormal exit";
1698 } else {
1699 char hostname[256];
1700 argv_array_pushl(&child.args, "index-pack",
1702 "--stdin", hdr_arg, NULL);
1703 if (gethostname(hostname, sizeof(hostname)))
1705 xsnprintf(hostname, sizeof(hostname), "localhost");
1706 argv_array_pushf(&child.args,
1707 "--keep=receive-pack %"PRIuMAX" on %s",
1708 (uintmax_t)getpid(),
1709 hostname);
1710 if (!quiet && err_fd)
1712 argv_array_push(&child.args, "--show-resolving-progress");
1713 if (use_sideband)
1714 argv_array_push(&child.args, "--report-end-of-input");
1715 if (fsck_objects)
1716 argv_array_pushf(&child.args, "--strict%s",
1717 fsck_msg_types.buf);
1718 if (!reject_thin)
1719 argv_array_push(&child.args, "--fix-thin");
1720 if (max_input_size)
1721 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1722 (uintmax_t)max_input_size);
1723 child.out = -1;
1724 child.err = err_fd;
1725 child.git_cmd = 1;
1726 status = start_command(&child);
1727 if (status)
1728 return "index-pack fork failed";
1729 pack_lockfile = index_pack_lockfile(child.out);
1730 close(child.out);
1731 status = finish_command(&child);
1732 if (status)
1733 return "index-pack abnormal exit";
1734 reprepare_packed_git();
1735 }
1736 return NULL;
1737}
1738static const char *unpack_with_sideband(struct shallow_info *si)
1740{
1741 struct async muxer;
1742 const char *ret;
1743 if (!use_sideband)
1745 return unpack(0, si);
1746 use_keepalive = KEEPALIVE_AFTER_NUL;
1748 memset(&muxer, 0, sizeof(muxer));
1749 muxer.proc = copy_to_sideband;
1750 muxer.in = -1;
1751 if (start_async(&muxer))
1752 return NULL;
1753 ret = unpack(muxer.in, si);
1755 finish_async(&muxer);
1757 return ret;
1758}
1759static void prepare_shallow_update(struct command *commands,
1761 struct shallow_info *si)
1762{
1763 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1764 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1766 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1767 si->need_reachability_test =
1769 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1770 si->reachable =
1771 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1772 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1773 for (i = 0; i < si->nr_ours; i++)
1775 si->need_reachability_test[si->ours[i]] = 1;
1776 for (i = 0; i < si->shallow->nr; i++) {
1778 if (!si->used_shallow[i])
1779 continue;
1780 for (j = 0; j < bitmap_size; j++) {
1781 if (!si->used_shallow[i][j])
1782 continue;
1783 si->need_reachability_test[i]++;
1784 for (k = 0; k < 32; k++)
1785 if (si->used_shallow[i][j] & (1U << k))
1786 si->shallow_ref[j * 32 + k]++;
1787 }
1788 /*
1790 * true for those associated with some refs and belong
1791 * in "ours" list aka "step 7 not done yet"
1792 */
1793 si->need_reachability_test[i] =
1794 si->need_reachability_test[i] > 1;
1795 }
1796 /*
1798 * keep hooks happy by forcing a temporary shallow file via
1799 * env variable because we can't add --shallow-file to every
1800 * command. check_everything_connected() will be done with
1801 * true .git/shallow though.
1802 */
1803 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1804}
1805static void update_shallow_info(struct command *commands,
1807 struct shallow_info *si,
1808 struct sha1_array *ref)
1809{
1810 struct command *cmd;
1811 int *ref_status;
1812 remove_nonexistent_theirs_shallow(si);
1813 if (!si->nr_ours && !si->nr_theirs) {
1814 shallow_update = 0;
1815 return;
1816 }
1817 for (cmd = commands; cmd; cmd = cmd->next) {
1819 if (is_null_sha1(cmd->new_sha1))
1820 continue;
1821 sha1_array_append(ref, cmd->new_sha1);
1822 cmd->index = ref->nr - 1;
1823 }
1824 si->ref = ref;
1825 if (shallow_update) {
1827 prepare_shallow_update(commands, si);
1828 return;
1829 }
1830 ALLOC_ARRAY(ref_status, ref->nr);
1832 assign_shallow_commits_to_refs(si, NULL, ref_status);
1833 for (cmd = commands; cmd; cmd = cmd->next) {
1834 if (is_null_sha1(cmd->new_sha1))
1835 continue;
1836 if (ref_status[cmd->index]) {
1837 cmd->error_string = "shallow update not allowed";
1838 cmd->skip_update = 1;
1839 }
1840 }
1841 free(ref_status);
1842}
1843static void report(struct command *commands, const char *unpack_status)
1845{
1846 struct command *cmd;
1847 struct strbuf buf = STRBUF_INIT;
1848 packet_buf_write(&buf, "unpack %s\n",
1850 unpack_status ? unpack_status : "ok");
1851 for (cmd = commands; cmd; cmd = cmd->next) {
1852 if (!cmd->error_string)
1853 packet_buf_write(&buf, "ok %s\n",
1854 cmd->ref_name);
1855 else
1856 packet_buf_write(&buf, "ng %s %s\n",
1857 cmd->ref_name, cmd->error_string);
1858 }
1859 packet_buf_flush(&buf);
1860 if (use_sideband)
1862 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1863 else
1864 write_or_die(1, buf.buf, buf.len);
1865 strbuf_release(&buf);
1866}
1867static int delete_only(struct command *commands)
1869{
1870 struct command *cmd;
1871 for (cmd = commands; cmd; cmd = cmd->next) {
1872 if (!is_null_sha1(cmd->new_sha1))
1873 return 0;
1874 }
1875 return 1;
1876}
1877int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1879{
1880 int advertise_refs = 0;
1881 struct command *commands;
1882 struct sha1_array shallow = SHA1_ARRAY_INIT;
1883 struct sha1_array ref = SHA1_ARRAY_INIT;
1884 struct shallow_info si;
1885 struct option options[] = {
1887 OPT__QUIET(&quiet, N_("quiet")),
1888 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1889 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1890 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1891 OPT_END()
1892 };
1893 packet_trace_identity("receive-pack");
1895 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1897 if (argc > 1)
1899 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1900 if (argc == 0)
1901 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1902 service_dir = argv[0];
1904 setup_path();
1906 if (!enter_repo(service_dir, 0))
1908 die("'%s' does not appear to be a git repository", service_dir);
1909 git_config(receive_pack_config, NULL);
1911 if (cert_nonce_seed)
1912 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1913 if (0 <= transfer_unpack_limit)
1915 unpack_limit = transfer_unpack_limit;
1916 else if (0 <= receive_unpack_limit)
1917 unpack_limit = receive_unpack_limit;
1918 if (advertise_refs || !stateless_rpc) {
1920 write_head_info();
1921 }
1922 if (advertise_refs)
1923 return 0;
1924 if ((commands = read_head_info(&shallow)) != NULL) {
1926 const char *unpack_status = NULL;
1927 struct string_list push_options = STRING_LIST_INIT_DUP;
1928 if (use_push_options)
1930 read_push_options(&push_options);
1931 prepare_shallow_info(&si, &shallow);
1933 if (!si.nr_ours && !si.nr_theirs)
1934 shallow_update = 0;
1935 if (!delete_only(commands)) {
1936 unpack_status = unpack_with_sideband(&si);
1937 update_shallow_info(commands, &si, &ref);
1938 }
1939 use_keepalive = KEEPALIVE_ALWAYS;
1940 execute_commands(commands, unpack_status, &si,
1941 &push_options);
1942 if (pack_lockfile)
1943 unlink_or_warn(pack_lockfile);
1944 if (report_status)
1945 report(commands, unpack_status);
1946 run_receive_hook(commands, "post-receive", 1,
1947 &push_options);
1948 run_update_post_hook(commands);
1949 if (push_options.nr)
1950 string_list_clear(&push_options, 0);
1951 if (auto_gc) {
1952 const char *argv_gc_auto[] = {
1953 "gc", "--auto", "--quiet", NULL,
1954 };
1955 struct child_process proc = CHILD_PROCESS_INIT;
1956 proc.no_stdin = 1;
1958 proc.stdout_to_stderr = 1;
1959 proc.err = use_sideband ? -1 : 0;
1960 proc.git_cmd = 1;
1961 proc.argv = argv_gc_auto;
1962 close_all_packs();
1964 if (!start_command(&proc)) {
1965 if (use_sideband)
1966 copy_to_sideband(proc.err, -1, NULL);
1967 finish_command(&proc);
1968 }
1969 }
1970 if (auto_update_server_info)
1971 update_server_info(0);
1972 clear_shallow_info(&si);
1973 }
1974 if (use_sideband)
1975 packet_flush(1);
1976 sha1_array_clear(&shallow);
1977 sha1_array_clear(&ref);
1978 free((void *)push_cert_nonce);
1979 return 0;
1980}