1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30#include "commit-reach.h"
31
32static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35};
36
37enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43};
44
45static int deny_deletes;
46static int deny_non_fast_forwards;
47static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49static int receive_fsck_objects = -1;
50static int transfer_fsck_objects = -1;
51static struct strbuf fsck_msg_types = STRBUF_INIT;
52static int receive_unpack_limit = -1;
53static int transfer_unpack_limit = -1;
54static int advertise_atomic_push = 1;
55static int advertise_push_options;
56static int unpack_limit = 100;
57static off_t max_input_size;
58static int report_status;
59static int use_sideband;
60static int use_atomic;
61static int use_push_options;
62static int quiet;
63static int prefer_ofs_delta = 1;
64static int auto_update_server_info;
65static int auto_gc = 1;
66static int reject_thin;
67static int stateless_rpc;
68static const char *service_dir;
69static const char *head_name;
70static void *head_name_to_free;
71static int sent_capabilities;
72static int shallow_update;
73static const char *alt_shallow_file;
74static struct strbuf push_cert = STRBUF_INIT;
75static struct object_id push_cert_oid;
76static struct signature_check sigcheck;
77static const char *push_cert_nonce;
78static const char *cert_nonce_seed;
79
80static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81static const char *NONCE_BAD = "BAD";
82static const char *NONCE_MISSING = "MISSING";
83static const char *NONCE_OK = "OK";
84static const char *NONCE_SLOP = "SLOP";
85static const char *nonce_status;
86static long nonce_stamp_slop;
87static timestamp_t nonce_stamp_slop_limit;
88static struct ref_transaction *transaction;
89
90static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94} use_keepalive;
95static int keepalive_in_sec = 5;
96
97static struct tmp_objdir *tmp_objdir;
98
99static enum deny_action parse_deny_action(const char *var, const char *value)
100{
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114}
115
116static int receive_pack_config(const char *var, const char *value, void *cb)
117{
118 int status = parse_hide_refs_config(var, value, "receive");
119
120 if (status)
121 return status;
122
123 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145
146 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153
154 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205
206 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225
226 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230
231 return git_default_config(var, value, cb);
232}
233
234static void show_ref(const char *path, const struct object_id *oid)
235{
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240
241 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257}
258
259static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261{
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264
265 if (ref_is_hidden(path, path_full))
266 return 0;
267
268 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282}
283
284static void show_one_alternate_ref(const struct object_id *oid,
285 void *data)
286{
287 struct oidset *seen = data;
288
289 if (oidset_insert(seen, oid))
290 return;
291
292 show_ref(".have", oid);
293}
294
295static void write_head_info(void)
296{
297 static struct oidset seen = OIDSET_INIT;
298
299 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304
305 advertise_shallow_grafts(1);
306
307 /* EOF */
308 packet_flush(1);
309}
310
311struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320};
321
322static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324
325static void report_message(const char *prefix, const char *err, va_list params)
326{
327 int sz;
328 char msg[4096];
329
330 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335
336 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340}
341
342static void rp_warning(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348}
349
350static void rp_error(const char *err, ...)
351{
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356}
357
358static int copy_to_sideband(int in, int out, void *arg)
359{
360 char data[128];
361 int keepalive_active = 0;
362
363 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367
368 while (1) {
369 ssize_t sz;
370
371 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374
375 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378
379 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391
392 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395
396 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410
411 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419}
420
421#define HMAC_BLOCK_SIZE 64
422
423static void hmac_sha1(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426{
427 unsigned char key[HMAC_BLOCK_SIZE];
428 unsigned char k_ipad[HMAC_BLOCK_SIZE];
429 unsigned char k_opad[HMAC_BLOCK_SIZE];
430 int i;
431 git_SHA_CTX ctx;
432
433 /* RFC 2104 2. (1) */
434 memset(key, '\0', HMAC_BLOCK_SIZE);
435 if (HMAC_BLOCK_SIZE < key_len) {
436 git_SHA1_Init(&ctx);
437 git_SHA1_Update(&ctx, key_in, key_len);
438 git_SHA1_Final(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442
443 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448
449 /* RFC 2104 2. (3) & (4) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
452 git_SHA1_Update(&ctx, text, text_len);
453 git_SHA1_Final(out, &ctx);
454
455 /* RFC 2104 2. (6) & (7) */
456 git_SHA1_Init(&ctx);
457 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
458 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
459 git_SHA1_Final(out, &ctx);
460}
461
462static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463{
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char sha1[GIT_SHA1_RAWSZ];
466
467 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
469 strbuf_release(&buf);
470
471 /* RFC 2104 5. HMAC-SHA1-80 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
473 return strbuf_detach(&buf, NULL);
474}
475
476/*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483{
484 int key_len = strlen(key);
485 const char *line = msg;
486
487 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489
490 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502}
503
504static const char *check_nonce(const char *buf, size_t len)
505{
506 char *nonce = find_header(buf, len, "nonce", NULL);
507 timestamp_t stamp, ostamp;
508 char *bohmac, *expect = NULL;
509 const char *retval = NONCE_BAD;
510
511 if (!nonce) {
512 retval = NONCE_MISSING;
513 goto leave;
514 } else if (!push_cert_nonce) {
515 retval = NONCE_UNSOLICITED;
516 goto leave;
517 } else if (!strcmp(push_cert_nonce, nonce)) {
518 retval = NONCE_OK;
519 goto leave;
520 }
521
522 if (!stateless_rpc) {
523 /* returned nonce MUST match what we gave out earlier */
524 retval = NONCE_BAD;
525 goto leave;
526 }
527
528 /*
529 * In stateless mode, we may be receiving a nonce issued by
530 * another instance of the server that serving the same
531 * repository, and the timestamps may not match, but the
532 * nonce-seed and dir should match, so we can recompute and
533 * report the time slop.
534 *
535 * In addition, when a nonce issued by another instance has
536 * timestamp within receive.certnonceslop seconds, we pretend
537 * as if we issued that nonce when reporting to the hook.
538 */
539
540 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
541 if (*nonce <= '0' || '9' < *nonce) {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545 stamp = parse_timestamp(nonce, &bohmac, 10);
546 if (bohmac == nonce || bohmac[0] != '-') {
547 retval = NONCE_BAD;
548 goto leave;
549 }
550
551 expect = prepare_push_cert_nonce(service_dir, stamp);
552 if (strcmp(expect, nonce)) {
553 /* Not what we would have signed earlier */
554 retval = NONCE_BAD;
555 goto leave;
556 }
557
558 /*
559 * By how many seconds is this nonce stale? Negative value
560 * would mean it was issued by another server with its clock
561 * skewed in the future.
562 */
563 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
564 nonce_stamp_slop = (long)ostamp - (long)stamp;
565
566 if (nonce_stamp_slop_limit &&
567 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
568 /*
569 * Pretend as if the received nonce (which passes the
570 * HMAC check, so it is not a forged by third-party)
571 * is what we issued.
572 */
573 free((void *)push_cert_nonce);
574 push_cert_nonce = xstrdup(nonce);
575 retval = NONCE_OK;
576 } else {
577 retval = NONCE_SLOP;
578 }
579
580leave:
581 free(nonce);
582 free(expect);
583 return retval;
584}
585
586/*
587 * Return 1 if there is no push_cert or if the push options in push_cert are
588 * the same as those in the argument; 0 otherwise.
589 */
590static int check_cert_push_options(const struct string_list *push_options)
591{
592 const char *buf = push_cert.buf;
593 int len = push_cert.len;
594
595 char *option;
596 const char *next_line;
597 int options_seen = 0;
598
599 int retval = 1;
600
601 if (!len)
602 return 1;
603
604 while ((option = find_header(buf, len, "push-option", &next_line))) {
605 len -= (next_line - buf);
606 buf = next_line;
607 options_seen++;
608 if (options_seen > push_options->nr
609 || strcmp(option,
610 push_options->items[options_seen - 1].string)) {
611 retval = 0;
612 goto leave;
613 }
614 free(option);
615 }
616
617 if (options_seen != push_options->nr)
618 retval = 0;
619
620leave:
621 free(option);
622 return retval;
623}
624
625static void prepare_push_cert_sha1(struct child_process *proc)
626{
627 static int already_done;
628
629 if (!push_cert.len)
630 return;
631
632 if (!already_done) {
633 int bogs /* beginning_of_gpg_sig */;
634
635 already_done = 1;
636 if (write_object_file(push_cert.buf, push_cert.len, "blob",
637 &push_cert_oid))
638 oidclr(&push_cert_oid);
639
640 memset(&sigcheck, '\0', sizeof(sigcheck));
641
642 bogs = parse_signature(push_cert.buf, push_cert.len);
643 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
644 push_cert.len - bogs, &sigcheck);
645
646 nonce_status = check_nonce(push_cert.buf, bogs);
647 }
648 if (!is_null_oid(&push_cert_oid)) {
649 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
650 oid_to_hex(&push_cert_oid));
651 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
652 sigcheck.signer ? sigcheck.signer : "");
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
654 sigcheck.key ? sigcheck.key : "");
655 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
656 sigcheck.result);
657 if (push_cert_nonce) {
658 argv_array_pushf(&proc->env_array,
659 "GIT_PUSH_CERT_NONCE=%s",
660 push_cert_nonce);
661 argv_array_pushf(&proc->env_array,
662 "GIT_PUSH_CERT_NONCE_STATUS=%s",
663 nonce_status);
664 if (nonce_status == NONCE_SLOP)
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
667 nonce_stamp_slop);
668 }
669 }
670}
671
672struct receive_hook_feed_state {
673 struct command *cmd;
674 int skip_broken;
675 struct strbuf buf;
676 const struct string_list *push_options;
677};
678
679typedef int (*feed_fn)(void *, const char **, size_t *);
680static int run_and_feed_hook(const char *hook_name, feed_fn feed,
681 struct receive_hook_feed_state *feed_state)
682{
683 struct child_process proc = CHILD_PROCESS_INIT;
684 struct async muxer;
685 const char *argv[2];
686 int code;
687
688 argv[0] = find_hook(hook_name);
689 if (!argv[0])
690 return 0;
691
692 argv[1] = NULL;
693
694 proc.argv = argv;
695 proc.in = -1;
696 proc.stdout_to_stderr = 1;
697 if (feed_state->push_options) {
698 int i;
699 for (i = 0; i < feed_state->push_options->nr; i++)
700 argv_array_pushf(&proc.env_array,
701 "GIT_PUSH_OPTION_%d=%s", i,
702 feed_state->push_options->items[i].string);
703 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
704 feed_state->push_options->nr);
705 } else
706 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
707
708 if (tmp_objdir)
709 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
710
711 if (use_sideband) {
712 memset(&muxer, 0, sizeof(muxer));
713 muxer.proc = copy_to_sideband;
714 muxer.in = -1;
715 code = start_async(&muxer);
716 if (code)
717 return code;
718 proc.err = muxer.in;
719 }
720
721 prepare_push_cert_sha1(&proc);
722
723 code = start_command(&proc);
724 if (code) {
725 if (use_sideband)
726 finish_async(&muxer);
727 return code;
728 }
729
730 sigchain_push(SIGPIPE, SIG_IGN);
731
732 while (1) {
733 const char *buf;
734 size_t n;
735 if (feed(feed_state, &buf, &n))
736 break;
737 if (write_in_full(proc.in, buf, n) < 0)
738 break;
739 }
740 close(proc.in);
741 if (use_sideband)
742 finish_async(&muxer);
743
744 sigchain_pop(SIGPIPE);
745
746 return finish_command(&proc);
747}
748
749static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
750{
751 struct receive_hook_feed_state *state = state_;
752 struct command *cmd = state->cmd;
753
754 while (cmd &&
755 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
756 cmd = cmd->next;
757 if (!cmd)
758 return -1; /* EOF */
759 strbuf_reset(&state->buf);
760 strbuf_addf(&state->buf, "%s %s %s\n",
761 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
762 cmd->ref_name);
763 state->cmd = cmd->next;
764 if (bufp) {
765 *bufp = state->buf.buf;
766 *sizep = state->buf.len;
767 }
768 return 0;
769}
770
771static int run_receive_hook(struct command *commands,
772 const char *hook_name,
773 int skip_broken,
774 const struct string_list *push_options)
775{
776 struct receive_hook_feed_state state;
777 int status;
778
779 strbuf_init(&state.buf, 0);
780 state.cmd = commands;
781 state.skip_broken = skip_broken;
782 if (feed_receive_hook(&state, NULL, NULL))
783 return 0;
784 state.cmd = commands;
785 state.push_options = push_options;
786 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
787 strbuf_release(&state.buf);
788 return status;
789}
790
791static int run_update_hook(struct command *cmd)
792{
793 const char *argv[5];
794 struct child_process proc = CHILD_PROCESS_INIT;
795 int code;
796
797 argv[0] = find_hook("update");
798 if (!argv[0])
799 return 0;
800
801 argv[1] = cmd->ref_name;
802 argv[2] = oid_to_hex(&cmd->old_oid);
803 argv[3] = oid_to_hex(&cmd->new_oid);
804 argv[4] = NULL;
805
806 proc.no_stdin = 1;
807 proc.stdout_to_stderr = 1;
808 proc.err = use_sideband ? -1 : 0;
809 proc.argv = argv;
810
811 code = start_command(&proc);
812 if (code)
813 return code;
814 if (use_sideband)
815 copy_to_sideband(proc.err, -1, NULL);
816 return finish_command(&proc);
817}
818
819static int is_ref_checked_out(const char *ref)
820{
821 if (is_bare_repository())
822 return 0;
823
824 if (!head_name)
825 return 0;
826 return !strcmp(head_name, ref);
827}
828
829static char *refuse_unconfigured_deny_msg =
830 N_("By default, updating the current branch in a non-bare repository\n"
831 "is denied, because it will make the index and work tree inconsistent\n"
832 "with what you pushed, and will require 'git reset --hard' to match\n"
833 "the work tree to HEAD.\n"
834 "\n"
835 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
836 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
837 "its current branch; however, this is not recommended unless you\n"
838 "arranged to update its work tree to match what you pushed in some\n"
839 "other way.\n"
840 "\n"
841 "To squelch this message and still keep the default behaviour, set\n"
842 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
843
844static void refuse_unconfigured_deny(void)
845{
846 rp_error("%s", _(refuse_unconfigured_deny_msg));
847}
848
849static char *refuse_unconfigured_deny_delete_current_msg =
850 N_("By default, deleting the current branch is denied, because the next\n"
851 "'git clone' won't result in any file checked out, causing confusion.\n"
852 "\n"
853 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
854 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
855 "current branch, with or without a warning message.\n"
856 "\n"
857 "To squelch this message, you can set it to 'refuse'.");
858
859static void refuse_unconfigured_deny_delete_current(void)
860{
861 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
862}
863
864static int command_singleton_iterator(void *cb_data, struct object_id *oid);
865static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
866{
867 struct lock_file shallow_lock = LOCK_INIT;
868 struct oid_array extra = OID_ARRAY_INIT;
869 struct check_connected_options opt = CHECK_CONNECTED_INIT;
870 uint32_t mask = 1 << (cmd->index % 32);
871 int i;
872
873 trace_printf_key(&trace_shallow,
874 "shallow: update_shallow_ref %s\n", cmd->ref_name);
875 for (i = 0; i < si->shallow->nr; i++)
876 if (si->used_shallow[i] &&
877 (si->used_shallow[i][cmd->index / 32] & mask) &&
878 !delayed_reachability_test(si, i))
879 oid_array_append(&extra, &si->shallow->oid[i]);
880
881 opt.env = tmp_objdir_env(tmp_objdir);
882 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
883 if (check_connected(command_singleton_iterator, cmd, &opt)) {
884 rollback_lock_file(&shallow_lock);
885 oid_array_clear(&extra);
886 return -1;
887 }
888
889 commit_lock_file(&shallow_lock);
890
891 /*
892 * Make sure setup_alternate_shallow() for the next ref does
893 * not lose these new roots..
894 */
895 for (i = 0; i < extra.nr; i++)
896 register_shallow(the_repository, &extra.oid[i]);
897
898 si->shallow_ref[cmd->index] = 0;
899 oid_array_clear(&extra);
900 return 0;
901}
902
903/*
904 * NEEDSWORK: we should consolidate various implementions of "are we
905 * on an unborn branch?" test into one, and make the unified one more
906 * robust. !get_sha1() based check used here and elsewhere would not
907 * allow us to tell an unborn branch from corrupt ref, for example.
908 * For the purpose of fixing "deploy-to-update does not work when
909 * pushing into an empty repository" issue, this should suffice for
910 * now.
911 */
912static int head_has_history(void)
913{
914 struct object_id oid;
915
916 return !get_oid("HEAD", &oid);
917}
918
919static const char *push_to_deploy(unsigned char *sha1,
920 struct argv_array *env,
921 const char *work_tree)
922{
923 const char *update_refresh[] = {
924 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
925 };
926 const char *diff_files[] = {
927 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
928 };
929 const char *diff_index[] = {
930 "diff-index", "--quiet", "--cached", "--ignore-submodules",
931 NULL, "--", NULL
932 };
933 const char *read_tree[] = {
934 "read-tree", "-u", "-m", NULL, NULL
935 };
936 struct child_process child = CHILD_PROCESS_INIT;
937
938 child.argv = update_refresh;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.stdout_to_stderr = 1;
943 child.git_cmd = 1;
944 if (run_command(&child))
945 return "Up-to-date check failed";
946
947 /* run_command() does not clean up completely; reinitialize */
948 child_process_init(&child);
949 child.argv = diff_files;
950 child.env = env->argv;
951 child.dir = work_tree;
952 child.no_stdin = 1;
953 child.stdout_to_stderr = 1;
954 child.git_cmd = 1;
955 if (run_command(&child))
956 return "Working directory has unstaged changes";
957
958 /* diff-index with either HEAD or an empty tree */
959 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
960
961 child_process_init(&child);
962 child.argv = diff_index;
963 child.env = env->argv;
964 child.no_stdin = 1;
965 child.no_stdout = 1;
966 child.stdout_to_stderr = 0;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has staged changes";
970
971 read_tree[3] = sha1_to_hex(sha1);
972 child_process_init(&child);
973 child.argv = read_tree;
974 child.env = env->argv;
975 child.dir = work_tree;
976 child.no_stdin = 1;
977 child.no_stdout = 1;
978 child.stdout_to_stderr = 0;
979 child.git_cmd = 1;
980 if (run_command(&child))
981 return "Could not update working tree to new HEAD";
982
983 return NULL;
984}
985
986static const char *push_to_checkout_hook = "push-to-checkout";
987
988static const char *push_to_checkout(unsigned char *sha1,
989 struct argv_array *env,
990 const char *work_tree)
991{
992 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
993 if (run_hook_le(env->argv, push_to_checkout_hook,
994 sha1_to_hex(sha1), NULL))
995 return "push-to-checkout hook declined";
996 else
997 return NULL;
998}
999
1000static const char *update_worktree(unsigned char *sha1)
1001{
1002 const char *retval;
1003 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1004 struct argv_array env = ARGV_ARRAY_INIT;
1005
1006 if (is_bare_repository())
1007 return "denyCurrentBranch = updateInstead needs a worktree";
1008
1009 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1010
1011 if (!find_hook(push_to_checkout_hook))
1012 retval = push_to_deploy(sha1, &env, work_tree);
1013 else
1014 retval = push_to_checkout(sha1, &env, work_tree);
1015
1016 argv_array_clear(&env);
1017 return retval;
1018}
1019
1020static const char *update(struct command *cmd, struct shallow_info *si)
1021{
1022 const char *name = cmd->ref_name;
1023 struct strbuf namespaced_name_buf = STRBUF_INIT;
1024 static char *namespaced_name;
1025 const char *ret;
1026 struct object_id *old_oid = &cmd->old_oid;
1027 struct object_id *new_oid = &cmd->new_oid;
1028 int do_update_worktree = 0;
1029
1030 /* only refs/... are allowed */
1031 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1032 rp_error("refusing to create funny ref '%s' remotely", name);
1033 return "funny refname";
1034 }
1035
1036 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1037 free(namespaced_name);
1038 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1039
1040 if (is_ref_checked_out(namespaced_name)) {
1041 switch (deny_current_branch) {
1042 case DENY_IGNORE:
1043 break;
1044 case DENY_WARN:
1045 rp_warning("updating the current branch");
1046 break;
1047 case DENY_REFUSE:
1048 case DENY_UNCONFIGURED:
1049 rp_error("refusing to update checked out branch: %s", name);
1050 if (deny_current_branch == DENY_UNCONFIGURED)
1051 refuse_unconfigured_deny();
1052 return "branch is currently checked out";
1053 case DENY_UPDATE_INSTEAD:
1054 /* pass -- let other checks intervene first */
1055 do_update_worktree = 1;
1056 break;
1057 }
1058 }
1059
1060 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1061 error("unpack should have generated %s, "
1062 "but I can't find it!", oid_to_hex(new_oid));
1063 return "bad pack";
1064 }
1065
1066 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1067 if (deny_deletes && starts_with(name, "refs/heads/")) {
1068 rp_error("denying ref deletion for %s", name);
1069 return "deletion prohibited";
1070 }
1071
1072 if (head_name && !strcmp(namespaced_name, head_name)) {
1073 switch (deny_delete_current) {
1074 case DENY_IGNORE:
1075 break;
1076 case DENY_WARN:
1077 rp_warning("deleting the current branch");
1078 break;
1079 case DENY_REFUSE:
1080 case DENY_UNCONFIGURED:
1081 case DENY_UPDATE_INSTEAD:
1082 if (deny_delete_current == DENY_UNCONFIGURED)
1083 refuse_unconfigured_deny_delete_current();
1084 rp_error("refusing to delete the current branch: %s", name);
1085 return "deletion of the current branch prohibited";
1086 default:
1087 return "Invalid denyDeleteCurrent setting";
1088 }
1089 }
1090 }
1091
1092 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1093 !is_null_oid(old_oid) &&
1094 starts_with(name, "refs/heads/")) {
1095 struct object *old_object, *new_object;
1096 struct commit *old_commit, *new_commit;
1097
1098 old_object = parse_object(the_repository, old_oid);
1099 new_object = parse_object(the_repository, new_oid);
1100
1101 if (!old_object || !new_object ||
1102 old_object->type != OBJ_COMMIT ||
1103 new_object->type != OBJ_COMMIT) {
1104 error("bad sha1 objects for %s", name);
1105 return "bad ref";
1106 }
1107 old_commit = (struct commit *)old_object;
1108 new_commit = (struct commit *)new_object;
1109 if (!in_merge_bases(old_commit, new_commit)) {
1110 rp_error("denying non-fast-forward %s"
1111 " (you should pull first)", name);
1112 return "non-fast-forward";
1113 }
1114 }
1115 if (run_update_hook(cmd)) {
1116 rp_error("hook declined to update %s", name);
1117 return "hook declined";
1118 }
1119
1120 if (do_update_worktree) {
1121 ret = update_worktree(new_oid->hash);
1122 if (ret)
1123 return ret;
1124 }
1125
1126 if (is_null_oid(new_oid)) {
1127 struct strbuf err = STRBUF_INIT;
1128 if (!parse_object(the_repository, old_oid)) {
1129 old_oid = NULL;
1130 if (ref_exists(name)) {
1131 rp_warning("Allowing deletion of corrupt ref.");
1132 } else {
1133 rp_warning("Deleting a non-existent ref.");
1134 cmd->did_not_exist = 1;
1135 }
1136 }
1137 if (ref_transaction_delete(transaction,
1138 namespaced_name,
1139 old_oid,
1140 0, "push", &err)) {
1141 rp_error("%s", err.buf);
1142 strbuf_release(&err);
1143 return "failed to delete";
1144 }
1145 strbuf_release(&err);
1146 return NULL; /* good */
1147 }
1148 else {
1149 struct strbuf err = STRBUF_INIT;
1150 if (shallow_update && si->shallow_ref[cmd->index] &&
1151 update_shallow_ref(cmd, si))
1152 return "shallow error";
1153
1154 if (ref_transaction_update(transaction,
1155 namespaced_name,
1156 new_oid, old_oid,
1157 0, "push",
1158 &err)) {
1159 rp_error("%s", err.buf);
1160 strbuf_release(&err);
1161
1162 return "failed to update ref";
1163 }
1164 strbuf_release(&err);
1165
1166 return NULL; /* good */
1167 }
1168}
1169
1170static void run_update_post_hook(struct command *commands)
1171{
1172 struct command *cmd;
1173 struct child_process proc = CHILD_PROCESS_INIT;
1174 const char *hook;
1175
1176 hook = find_hook("post-update");
1177 if (!hook)
1178 return;
1179
1180 for (cmd = commands; cmd; cmd = cmd->next) {
1181 if (cmd->error_string || cmd->did_not_exist)
1182 continue;
1183 if (!proc.args.argc)
1184 argv_array_push(&proc.args, hook);
1185 argv_array_push(&proc.args, cmd->ref_name);
1186 }
1187 if (!proc.args.argc)
1188 return;
1189
1190 proc.no_stdin = 1;
1191 proc.stdout_to_stderr = 1;
1192 proc.err = use_sideband ? -1 : 0;
1193
1194 if (!start_command(&proc)) {
1195 if (use_sideband)
1196 copy_to_sideband(proc.err, -1, NULL);
1197 finish_command(&proc);
1198 }
1199}
1200
1201static void check_aliased_update(struct command *cmd, struct string_list *list)
1202{
1203 struct strbuf buf = STRBUF_INIT;
1204 const char *dst_name;
1205 struct string_list_item *item;
1206 struct command *dst_cmd;
1207 int flag;
1208
1209 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1210 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1211 strbuf_release(&buf);
1212
1213 if (!(flag & REF_ISSYMREF))
1214 return;
1215
1216 if (!dst_name) {
1217 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1218 cmd->skip_update = 1;
1219 cmd->error_string = "broken symref";
1220 return;
1221 }
1222 dst_name = strip_namespace(dst_name);
1223
1224 if ((item = string_list_lookup(list, dst_name)) == NULL)
1225 return;
1226
1227 cmd->skip_update = 1;
1228
1229 dst_cmd = (struct command *) item->util;
1230
1231 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1232 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1233 return;
1234
1235 dst_cmd->skip_update = 1;
1236
1237 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1238 " its target '%s' (%s..%s)",
1239 cmd->ref_name,
1240 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1241 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1242 dst_cmd->ref_name,
1243 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1244 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1245
1246 cmd->error_string = dst_cmd->error_string =
1247 "inconsistent aliased update";
1248}
1249
1250static void check_aliased_updates(struct command *commands)
1251{
1252 struct command *cmd;
1253 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1254
1255 for (cmd = commands; cmd; cmd = cmd->next) {
1256 struct string_list_item *item =
1257 string_list_append(&ref_list, cmd->ref_name);
1258 item->util = (void *)cmd;
1259 }
1260 string_list_sort(&ref_list);
1261
1262 for (cmd = commands; cmd; cmd = cmd->next) {
1263 if (!cmd->error_string)
1264 check_aliased_update(cmd, &ref_list);
1265 }
1266
1267 string_list_clear(&ref_list, 0);
1268}
1269
1270static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1271{
1272 struct command **cmd_list = cb_data;
1273 struct command *cmd = *cmd_list;
1274
1275 if (!cmd || is_null_oid(&cmd->new_oid))
1276 return -1; /* end of list */
1277 *cmd_list = NULL; /* this returns only one */
1278 oidcpy(oid, &cmd->new_oid);
1279 return 0;
1280}
1281
1282static void set_connectivity_errors(struct command *commands,
1283 struct shallow_info *si)
1284{
1285 struct command *cmd;
1286
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1288 struct command *singleton = cmd;
1289 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1290
1291 if (shallow_update && si->shallow_ref[cmd->index])
1292 /* to be checked in update_shallow_ref() */
1293 continue;
1294
1295 opt.env = tmp_objdir_env(tmp_objdir);
1296 if (!check_connected(command_singleton_iterator, &singleton,
1297 &opt))
1298 continue;
1299
1300 cmd->error_string = "missing necessary objects";
1301 }
1302}
1303
1304struct iterate_data {
1305 struct command *cmds;
1306 struct shallow_info *si;
1307};
1308
1309static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1310{
1311 struct iterate_data *data = cb_data;
1312 struct command **cmd_list = &data->cmds;
1313 struct command *cmd = *cmd_list;
1314
1315 for (; cmd; cmd = cmd->next) {
1316 if (shallow_update && data->si->shallow_ref[cmd->index])
1317 /* to be checked in update_shallow_ref() */
1318 continue;
1319 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1320 oidcpy(oid, &cmd->new_oid);
1321 *cmd_list = cmd->next;
1322 return 0;
1323 }
1324 }
1325 *cmd_list = NULL;
1326 return -1; /* end of list */
1327}
1328
1329static void reject_updates_to_hidden(struct command *commands)
1330{
1331 struct strbuf refname_full = STRBUF_INIT;
1332 size_t prefix_len;
1333 struct command *cmd;
1334
1335 strbuf_addstr(&refname_full, get_git_namespace());
1336 prefix_len = refname_full.len;
1337
1338 for (cmd = commands; cmd; cmd = cmd->next) {
1339 if (cmd->error_string)
1340 continue;
1341
1342 strbuf_setlen(&refname_full, prefix_len);
1343 strbuf_addstr(&refname_full, cmd->ref_name);
1344
1345 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1346 continue;
1347 if (is_null_oid(&cmd->new_oid))
1348 cmd->error_string = "deny deleting a hidden ref";
1349 else
1350 cmd->error_string = "deny updating a hidden ref";
1351 }
1352
1353 strbuf_release(&refname_full);
1354}
1355
1356static int should_process_cmd(struct command *cmd)
1357{
1358 return !cmd->error_string && !cmd->skip_update;
1359}
1360
1361static void warn_if_skipped_connectivity_check(struct command *commands,
1362 struct shallow_info *si)
1363{
1364 struct command *cmd;
1365 int checked_connectivity = 1;
1366
1367 for (cmd = commands; cmd; cmd = cmd->next) {
1368 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1369 error("BUG: connectivity check has not been run on ref %s",
1370 cmd->ref_name);
1371 checked_connectivity = 0;
1372 }
1373 }
1374 if (!checked_connectivity)
1375 BUG("connectivity check skipped???");
1376}
1377
1378static void execute_commands_non_atomic(struct command *commands,
1379 struct shallow_info *si)
1380{
1381 struct command *cmd;
1382 struct strbuf err = STRBUF_INIT;
1383
1384 for (cmd = commands; cmd; cmd = cmd->next) {
1385 if (!should_process_cmd(cmd))
1386 continue;
1387
1388 transaction = ref_transaction_begin(&err);
1389 if (!transaction) {
1390 rp_error("%s", err.buf);
1391 strbuf_reset(&err);
1392 cmd->error_string = "transaction failed to start";
1393 continue;
1394 }
1395
1396 cmd->error_string = update(cmd, si);
1397
1398 if (!cmd->error_string
1399 && ref_transaction_commit(transaction, &err)) {
1400 rp_error("%s", err.buf);
1401 strbuf_reset(&err);
1402 cmd->error_string = "failed to update ref";
1403 }
1404 ref_transaction_free(transaction);
1405 }
1406 strbuf_release(&err);
1407}
1408
1409static void execute_commands_atomic(struct command *commands,
1410 struct shallow_info *si)
1411{
1412 struct command *cmd;
1413 struct strbuf err = STRBUF_INIT;
1414 const char *reported_error = "atomic push failure";
1415
1416 transaction = ref_transaction_begin(&err);
1417 if (!transaction) {
1418 rp_error("%s", err.buf);
1419 strbuf_reset(&err);
1420 reported_error = "transaction failed to start";
1421 goto failure;
1422 }
1423
1424 for (cmd = commands; cmd; cmd = cmd->next) {
1425 if (!should_process_cmd(cmd))
1426 continue;
1427
1428 cmd->error_string = update(cmd, si);
1429
1430 if (cmd->error_string)
1431 goto failure;
1432 }
1433
1434 if (ref_transaction_commit(transaction, &err)) {
1435 rp_error("%s", err.buf);
1436 reported_error = "atomic transaction failed";
1437 goto failure;
1438 }
1439 goto cleanup;
1440
1441failure:
1442 for (cmd = commands; cmd; cmd = cmd->next)
1443 if (!cmd->error_string)
1444 cmd->error_string = reported_error;
1445
1446cleanup:
1447 ref_transaction_free(transaction);
1448 strbuf_release(&err);
1449}
1450
1451static void execute_commands(struct command *commands,
1452 const char *unpacker_error,
1453 struct shallow_info *si,
1454 const struct string_list *push_options)
1455{
1456 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1457 struct command *cmd;
1458 struct iterate_data data;
1459 struct async muxer;
1460 int err_fd = 0;
1461
1462 if (unpacker_error) {
1463 for (cmd = commands; cmd; cmd = cmd->next)
1464 cmd->error_string = "unpacker error";
1465 return;
1466 }
1467
1468 if (use_sideband) {
1469 memset(&muxer, 0, sizeof(muxer));
1470 muxer.proc = copy_to_sideband;
1471 muxer.in = -1;
1472 if (!start_async(&muxer))
1473 err_fd = muxer.in;
1474 /* ...else, continue without relaying sideband */
1475 }
1476
1477 data.cmds = commands;
1478 data.si = si;
1479 opt.err_fd = err_fd;
1480 opt.progress = err_fd && !quiet;
1481 opt.env = tmp_objdir_env(tmp_objdir);
1482 if (check_connected(iterate_receive_command_list, &data, &opt))
1483 set_connectivity_errors(commands, si);
1484
1485 if (use_sideband)
1486 finish_async(&muxer);
1487
1488 reject_updates_to_hidden(commands);
1489
1490 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1491 for (cmd = commands; cmd; cmd = cmd->next) {
1492 if (!cmd->error_string)
1493 cmd->error_string = "pre-receive hook declined";
1494 }
1495 return;
1496 }
1497
1498 /*
1499 * Now we'll start writing out refs, which means the objects need
1500 * to be in their final positions so that other processes can see them.
1501 */
1502 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1503 for (cmd = commands; cmd; cmd = cmd->next) {
1504 if (!cmd->error_string)
1505 cmd->error_string = "unable to migrate objects to permanent storage";
1506 }
1507 return;
1508 }
1509 tmp_objdir = NULL;
1510
1511 check_aliased_updates(commands);
1512
1513 free(head_name_to_free);
1514 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1515
1516 if (use_atomic)
1517 execute_commands_atomic(commands, si);
1518 else
1519 execute_commands_non_atomic(commands, si);
1520
1521 if (shallow_update)
1522 warn_if_skipped_connectivity_check(commands, si);
1523}
1524
1525static struct command **queue_command(struct command **tail,
1526 const char *line,
1527 int linelen)
1528{
1529 struct object_id old_oid, new_oid;
1530 struct command *cmd;
1531 const char *refname;
1532 int reflen;
1533 const char *p;
1534
1535 if (parse_oid_hex(line, &old_oid, &p) ||
1536 *p++ != ' ' ||
1537 parse_oid_hex(p, &new_oid, &p) ||
1538 *p++ != ' ')
1539 die("protocol error: expected old/new/ref, got '%s'", line);
1540
1541 refname = p;
1542 reflen = linelen - (p - line);
1543 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1544 oidcpy(&cmd->old_oid, &old_oid);
1545 oidcpy(&cmd->new_oid, &new_oid);
1546 *tail = cmd;
1547 return &cmd->next;
1548}
1549
1550static void queue_commands_from_cert(struct command **tail,
1551 struct strbuf *push_cert)
1552{
1553 const char *boc, *eoc;
1554
1555 if (*tail)
1556 die("protocol error: got both push certificate and unsigned commands");
1557
1558 boc = strstr(push_cert->buf, "\n\n");
1559 if (!boc)
1560 die("malformed push certificate %.*s", 100, push_cert->buf);
1561 else
1562 boc += 2;
1563 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1564
1565 while (boc < eoc) {
1566 const char *eol = memchr(boc, '\n', eoc - boc);
1567 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1568 boc = eol ? eol + 1 : eoc;
1569 }
1570}
1571
1572static struct command *read_head_info(struct packet_reader *reader,
1573 struct oid_array *shallow)
1574{
1575 struct command *commands = NULL;
1576 struct command **p = &commands;
1577 for (;;) {
1578 int linelen;
1579
1580 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1581 break;
1582
1583 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1584 struct object_id oid;
1585 if (get_oid_hex(reader->line + 8, &oid))
1586 die("protocol error: expected shallow sha, got '%s'",
1587 reader->line + 8);
1588 oid_array_append(shallow, &oid);
1589 continue;
1590 }
1591
1592 linelen = strlen(reader->line);
1593 if (linelen < reader->pktlen) {
1594 const char *feature_list = reader->line + linelen + 1;
1595 if (parse_feature_request(feature_list, "report-status"))
1596 report_status = 1;
1597 if (parse_feature_request(feature_list, "side-band-64k"))
1598 use_sideband = LARGE_PACKET_MAX;
1599 if (parse_feature_request(feature_list, "quiet"))
1600 quiet = 1;
1601 if (advertise_atomic_push
1602 && parse_feature_request(feature_list, "atomic"))
1603 use_atomic = 1;
1604 if (advertise_push_options
1605 && parse_feature_request(feature_list, "push-options"))
1606 use_push_options = 1;
1607 }
1608
1609 if (!strcmp(reader->line, "push-cert")) {
1610 int true_flush = 0;
1611 int saved_options = reader->options;
1612 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1613
1614 for (;;) {
1615 packet_reader_read(reader);
1616 if (reader->status == PACKET_READ_FLUSH) {
1617 true_flush = 1;
1618 break;
1619 }
1620 if (reader->status != PACKET_READ_NORMAL) {
1621 die("protocol error: got an unexpected packet");
1622 }
1623 if (!strcmp(reader->line, "push-cert-end\n"))
1624 break; /* end of cert */
1625 strbuf_addstr(&push_cert, reader->line);
1626 }
1627 reader->options = saved_options;
1628
1629 if (true_flush)
1630 break;
1631 continue;
1632 }
1633
1634 p = queue_command(p, reader->line, linelen);
1635 }
1636
1637 if (push_cert.len)
1638 queue_commands_from_cert(p, &push_cert);
1639
1640 return commands;
1641}
1642
1643static void read_push_options(struct packet_reader *reader,
1644 struct string_list *options)
1645{
1646 while (1) {
1647 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1648 break;
1649
1650 string_list_append(options, reader->line);
1651 }
1652}
1653
1654static const char *parse_pack_header(struct pack_header *hdr)
1655{
1656 switch (read_pack_header(0, hdr)) {
1657 case PH_ERROR_EOF:
1658 return "eof before pack header was fully read";
1659
1660 case PH_ERROR_PACK_SIGNATURE:
1661 return "protocol error (pack signature mismatch detected)";
1662
1663 case PH_ERROR_PROTOCOL:
1664 return "protocol error (pack version unsupported)";
1665
1666 default:
1667 return "unknown error in parse_pack_header";
1668
1669 case 0:
1670 return NULL;
1671 }
1672}
1673
1674static const char *pack_lockfile;
1675
1676static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1677{
1678 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1679 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1680}
1681
1682static const char *unpack(int err_fd, struct shallow_info *si)
1683{
1684 struct pack_header hdr;
1685 const char *hdr_err;
1686 int status;
1687 struct child_process child = CHILD_PROCESS_INIT;
1688 int fsck_objects = (receive_fsck_objects >= 0
1689 ? receive_fsck_objects
1690 : transfer_fsck_objects >= 0
1691 ? transfer_fsck_objects
1692 : 0);
1693
1694 hdr_err = parse_pack_header(&hdr);
1695 if (hdr_err) {
1696 if (err_fd > 0)
1697 close(err_fd);
1698 return hdr_err;
1699 }
1700
1701 if (si->nr_ours || si->nr_theirs) {
1702 alt_shallow_file = setup_temporary_shallow(si->shallow);
1703 argv_array_push(&child.args, "--shallow-file");
1704 argv_array_push(&child.args, alt_shallow_file);
1705 }
1706
1707 tmp_objdir = tmp_objdir_create();
1708 if (!tmp_objdir) {
1709 if (err_fd > 0)
1710 close(err_fd);
1711 return "unable to create temporary object directory";
1712 }
1713 child.env = tmp_objdir_env(tmp_objdir);
1714
1715 /*
1716 * Normally we just pass the tmp_objdir environment to the child
1717 * processes that do the heavy lifting, but we may need to see these
1718 * objects ourselves to set up shallow information.
1719 */
1720 tmp_objdir_add_as_alternate(tmp_objdir);
1721
1722 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1723 argv_array_push(&child.args, "unpack-objects");
1724 push_header_arg(&child.args, &hdr);
1725 if (quiet)
1726 argv_array_push(&child.args, "-q");
1727 if (fsck_objects)
1728 argv_array_pushf(&child.args, "--strict%s",
1729 fsck_msg_types.buf);
1730 if (max_input_size)
1731 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1732 (uintmax_t)max_input_size);
1733 child.no_stdout = 1;
1734 child.err = err_fd;
1735 child.git_cmd = 1;
1736 status = run_command(&child);
1737 if (status)
1738 return "unpack-objects abnormal exit";
1739 } else {
1740 char hostname[HOST_NAME_MAX + 1];
1741
1742 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1743 push_header_arg(&child.args, &hdr);
1744
1745 if (xgethostname(hostname, sizeof(hostname)))
1746 xsnprintf(hostname, sizeof(hostname), "localhost");
1747 argv_array_pushf(&child.args,
1748 "--keep=receive-pack %"PRIuMAX" on %s",
1749 (uintmax_t)getpid(),
1750 hostname);
1751
1752 if (!quiet && err_fd)
1753 argv_array_push(&child.args, "--show-resolving-progress");
1754 if (use_sideband)
1755 argv_array_push(&child.args, "--report-end-of-input");
1756 if (fsck_objects)
1757 argv_array_pushf(&child.args, "--strict%s",
1758 fsck_msg_types.buf);
1759 if (!reject_thin)
1760 argv_array_push(&child.args, "--fix-thin");
1761 if (max_input_size)
1762 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1763 (uintmax_t)max_input_size);
1764 child.out = -1;
1765 child.err = err_fd;
1766 child.git_cmd = 1;
1767 status = start_command(&child);
1768 if (status)
1769 return "index-pack fork failed";
1770 pack_lockfile = index_pack_lockfile(child.out);
1771 close(child.out);
1772 status = finish_command(&child);
1773 if (status)
1774 return "index-pack abnormal exit";
1775 reprepare_packed_git(the_repository);
1776 }
1777 return NULL;
1778}
1779
1780static const char *unpack_with_sideband(struct shallow_info *si)
1781{
1782 struct async muxer;
1783 const char *ret;
1784
1785 if (!use_sideband)
1786 return unpack(0, si);
1787
1788 use_keepalive = KEEPALIVE_AFTER_NUL;
1789 memset(&muxer, 0, sizeof(muxer));
1790 muxer.proc = copy_to_sideband;
1791 muxer.in = -1;
1792 if (start_async(&muxer))
1793 return NULL;
1794
1795 ret = unpack(muxer.in, si);
1796
1797 finish_async(&muxer);
1798 return ret;
1799}
1800
1801static void prepare_shallow_update(struct command *commands,
1802 struct shallow_info *si)
1803{
1804 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1805
1806 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1807 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1808
1809 si->need_reachability_test =
1810 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1811 si->reachable =
1812 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1813 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1814
1815 for (i = 0; i < si->nr_ours; i++)
1816 si->need_reachability_test[si->ours[i]] = 1;
1817
1818 for (i = 0; i < si->shallow->nr; i++) {
1819 if (!si->used_shallow[i])
1820 continue;
1821 for (j = 0; j < bitmap_size; j++) {
1822 if (!si->used_shallow[i][j])
1823 continue;
1824 si->need_reachability_test[i]++;
1825 for (k = 0; k < 32; k++)
1826 if (si->used_shallow[i][j] & (1U << k))
1827 si->shallow_ref[j * 32 + k]++;
1828 }
1829
1830 /*
1831 * true for those associated with some refs and belong
1832 * in "ours" list aka "step 7 not done yet"
1833 */
1834 si->need_reachability_test[i] =
1835 si->need_reachability_test[i] > 1;
1836 }
1837
1838 /*
1839 * keep hooks happy by forcing a temporary shallow file via
1840 * env variable because we can't add --shallow-file to every
1841 * command. check_connected() will be done with
1842 * true .git/shallow though.
1843 */
1844 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1845}
1846
1847static void update_shallow_info(struct command *commands,
1848 struct shallow_info *si,
1849 struct oid_array *ref)
1850{
1851 struct command *cmd;
1852 int *ref_status;
1853 remove_nonexistent_theirs_shallow(si);
1854 if (!si->nr_ours && !si->nr_theirs) {
1855 shallow_update = 0;
1856 return;
1857 }
1858
1859 for (cmd = commands; cmd; cmd = cmd->next) {
1860 if (is_null_oid(&cmd->new_oid))
1861 continue;
1862 oid_array_append(ref, &cmd->new_oid);
1863 cmd->index = ref->nr - 1;
1864 }
1865 si->ref = ref;
1866
1867 if (shallow_update) {
1868 prepare_shallow_update(commands, si);
1869 return;
1870 }
1871
1872 ALLOC_ARRAY(ref_status, ref->nr);
1873 assign_shallow_commits_to_refs(si, NULL, ref_status);
1874 for (cmd = commands; cmd; cmd = cmd->next) {
1875 if (is_null_oid(&cmd->new_oid))
1876 continue;
1877 if (ref_status[cmd->index]) {
1878 cmd->error_string = "shallow update not allowed";
1879 cmd->skip_update = 1;
1880 }
1881 }
1882 free(ref_status);
1883}
1884
1885static void report(struct command *commands, const char *unpack_status)
1886{
1887 struct command *cmd;
1888 struct strbuf buf = STRBUF_INIT;
1889
1890 packet_buf_write(&buf, "unpack %s\n",
1891 unpack_status ? unpack_status : "ok");
1892 for (cmd = commands; cmd; cmd = cmd->next) {
1893 if (!cmd->error_string)
1894 packet_buf_write(&buf, "ok %s\n",
1895 cmd->ref_name);
1896 else
1897 packet_buf_write(&buf, "ng %s %s\n",
1898 cmd->ref_name, cmd->error_string);
1899 }
1900 packet_buf_flush(&buf);
1901
1902 if (use_sideband)
1903 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1904 else
1905 write_or_die(1, buf.buf, buf.len);
1906 strbuf_release(&buf);
1907}
1908
1909static int delete_only(struct command *commands)
1910{
1911 struct command *cmd;
1912 for (cmd = commands; cmd; cmd = cmd->next) {
1913 if (!is_null_oid(&cmd->new_oid))
1914 return 0;
1915 }
1916 return 1;
1917}
1918
1919int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1920{
1921 int advertise_refs = 0;
1922 struct command *commands;
1923 struct oid_array shallow = OID_ARRAY_INIT;
1924 struct oid_array ref = OID_ARRAY_INIT;
1925 struct shallow_info si;
1926 struct packet_reader reader;
1927
1928 struct option options[] = {
1929 OPT__QUIET(&quiet, N_("quiet")),
1930 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1931 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1932 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1933 OPT_END()
1934 };
1935
1936 packet_trace_identity("receive-pack");
1937
1938 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1939
1940 if (argc > 1)
1941 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1942 if (argc == 0)
1943 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1944
1945 service_dir = argv[0];
1946
1947 setup_path();
1948
1949 if (!enter_repo(service_dir, 0))
1950 die("'%s' does not appear to be a git repository", service_dir);
1951
1952 git_config(receive_pack_config, NULL);
1953 if (cert_nonce_seed)
1954 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1955
1956 if (0 <= transfer_unpack_limit)
1957 unpack_limit = transfer_unpack_limit;
1958 else if (0 <= receive_unpack_limit)
1959 unpack_limit = receive_unpack_limit;
1960
1961 switch (determine_protocol_version_server()) {
1962 case protocol_v2:
1963 /*
1964 * push support for protocol v2 has not been implemented yet,
1965 * so ignore the request to use v2 and fallback to using v0.
1966 */
1967 break;
1968 case protocol_v1:
1969 /*
1970 * v1 is just the original protocol with a version string,
1971 * so just fall through after writing the version string.
1972 */
1973 if (advertise_refs || !stateless_rpc)
1974 packet_write_fmt(1, "version 1\n");
1975
1976 /* fallthrough */
1977 case protocol_v0:
1978 break;
1979 case protocol_unknown_version:
1980 BUG("unknown protocol version");
1981 }
1982
1983 if (advertise_refs || !stateless_rpc) {
1984 write_head_info();
1985 }
1986 if (advertise_refs)
1987 return 0;
1988
1989 packet_reader_init(&reader, 0, NULL, 0,
1990 PACKET_READ_CHOMP_NEWLINE |
1991 PACKET_READ_DIE_ON_ERR_PACKET);
1992
1993 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
1994 const char *unpack_status = NULL;
1995 struct string_list push_options = STRING_LIST_INIT_DUP;
1996
1997 if (use_push_options)
1998 read_push_options(&reader, &push_options);
1999 if (!check_cert_push_options(&push_options)) {
2000 struct command *cmd;
2001 for (cmd = commands; cmd; cmd = cmd->next)
2002 cmd->error_string = "inconsistent push options";
2003 }
2004
2005 prepare_shallow_info(&si, &shallow);
2006 if (!si.nr_ours && !si.nr_theirs)
2007 shallow_update = 0;
2008 if (!delete_only(commands)) {
2009 unpack_status = unpack_with_sideband(&si);
2010 update_shallow_info(commands, &si, &ref);
2011 }
2012 use_keepalive = KEEPALIVE_ALWAYS;
2013 execute_commands(commands, unpack_status, &si,
2014 &push_options);
2015 if (pack_lockfile)
2016 unlink_or_warn(pack_lockfile);
2017 if (report_status)
2018 report(commands, unpack_status);
2019 run_receive_hook(commands, "post-receive", 1,
2020 &push_options);
2021 run_update_post_hook(commands);
2022 string_list_clear(&push_options, 0);
2023 if (auto_gc) {
2024 const char *argv_gc_auto[] = {
2025 "gc", "--auto", "--quiet", NULL,
2026 };
2027 struct child_process proc = CHILD_PROCESS_INIT;
2028
2029 proc.no_stdin = 1;
2030 proc.stdout_to_stderr = 1;
2031 proc.err = use_sideband ? -1 : 0;
2032 proc.git_cmd = 1;
2033 proc.argv = argv_gc_auto;
2034
2035 close_all_packs(the_repository->objects);
2036 if (!start_command(&proc)) {
2037 if (use_sideband)
2038 copy_to_sideband(proc.err, -1, NULL);
2039 finish_command(&proc);
2040 }
2041 }
2042 if (auto_update_server_info)
2043 update_server_info(0);
2044 clear_shallow_info(&si);
2045 }
2046 if (use_sideband)
2047 packet_flush(1);
2048 oid_array_clear(&shallow);
2049 oid_array_clear(&ref);
2050 free((void *)push_cert_nonce);
2051 return 0;
2052}