1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30#include "commit-reach.h"
31
32static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35};
36
37enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43};
44
45static int deny_deletes;
46static int deny_non_fast_forwards;
47static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49static int receive_fsck_objects = -1;
50static int transfer_fsck_objects = -1;
51static struct strbuf fsck_msg_types = STRBUF_INIT;
52static int receive_unpack_limit = -1;
53static int transfer_unpack_limit = -1;
54static int advertise_atomic_push = 1;
55static int advertise_push_options;
56static int unpack_limit = 100;
57static off_t max_input_size;
58static int report_status;
59static int use_sideband;
60static int use_atomic;
61static int use_push_options;
62static int quiet;
63static int prefer_ofs_delta = 1;
64static int auto_update_server_info;
65static int auto_gc = 1;
66static int reject_thin;
67static int stateless_rpc;
68static const char *service_dir;
69static const char *head_name;
70static void *head_name_to_free;
71static int sent_capabilities;
72static int shallow_update;
73static const char *alt_shallow_file;
74static struct strbuf push_cert = STRBUF_INIT;
75static struct object_id push_cert_oid;
76static struct signature_check sigcheck;
77static const char *push_cert_nonce;
78static const char *cert_nonce_seed;
79
80static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81static const char *NONCE_BAD = "BAD";
82static const char *NONCE_MISSING = "MISSING";
83static const char *NONCE_OK = "OK";
84static const char *NONCE_SLOP = "SLOP";
85static const char *nonce_status;
86static long nonce_stamp_slop;
87static timestamp_t nonce_stamp_slop_limit;
88static struct ref_transaction *transaction;
89
90static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94} use_keepalive;
95static int keepalive_in_sec = 5;
96
97static struct tmp_objdir *tmp_objdir;
98
99static enum deny_action parse_deny_action(const char *var, const char *value)
100{
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114}
115
116static int receive_pack_config(const char *var, const char *value, void *cb)
117{
118 int status = parse_hide_refs_config(var, value, "receive");
119
120 if (status)
121 return status;
122
123 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145
146 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153
154 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205
206 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225
226 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230
231 return git_default_config(var, value, cb);
232}
233
234static void show_ref(const char *path, const struct object_id *oid)
235{
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240
241 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257}
258
259static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261{
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264
265 if (ref_is_hidden(path, path_full))
266 return 0;
267
268 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282}
283
284static void show_one_alternate_ref(const char *refname,
285 const struct object_id *oid,
286 void *data)
287{
288 struct oidset *seen = data;
289
290 if (oidset_insert(seen, oid))
291 return;
292
293 show_ref(".have", oid);
294}
295
296static void write_head_info(void)
297{
298 static struct oidset seen = OIDSET_INIT;
299
300 for_each_ref(show_ref_cb, &seen);
301 for_each_alternate_ref(show_one_alternate_ref, &seen);
302 oidset_clear(&seen);
303 if (!sent_capabilities)
304 show_ref("capabilities^{}", &null_oid);
305
306 advertise_shallow_grafts(1);
307
308 /* EOF */
309 packet_flush(1);
310}
311
312struct command {
313 struct command *next;
314 const char *error_string;
315 unsigned int skip_update:1,
316 did_not_exist:1;
317 int index;
318 struct object_id old_oid;
319 struct object_id new_oid;
320 char ref_name[FLEX_ARRAY]; /* more */
321};
322
323static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
324static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
325
326static void report_message(const char *prefix, const char *err, va_list params)
327{
328 int sz;
329 char msg[4096];
330
331 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
332 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
333 if (sz > (sizeof(msg) - 1))
334 sz = sizeof(msg) - 1;
335 msg[sz++] = '\n';
336
337 if (use_sideband)
338 send_sideband(1, 2, msg, sz, use_sideband);
339 else
340 xwrite(2, msg, sz);
341}
342
343static void rp_warning(const char *err, ...)
344{
345 va_list params;
346 va_start(params, err);
347 report_message("warning: ", err, params);
348 va_end(params);
349}
350
351static void rp_error(const char *err, ...)
352{
353 va_list params;
354 va_start(params, err);
355 report_message("error: ", err, params);
356 va_end(params);
357}
358
359static int copy_to_sideband(int in, int out, void *arg)
360{
361 char data[128];
362 int keepalive_active = 0;
363
364 if (keepalive_in_sec <= 0)
365 use_keepalive = KEEPALIVE_NEVER;
366 if (use_keepalive == KEEPALIVE_ALWAYS)
367 keepalive_active = 1;
368
369 while (1) {
370 ssize_t sz;
371
372 if (keepalive_active) {
373 struct pollfd pfd;
374 int ret;
375
376 pfd.fd = in;
377 pfd.events = POLLIN;
378 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
379
380 if (ret < 0) {
381 if (errno == EINTR)
382 continue;
383 else
384 break;
385 } else if (ret == 0) {
386 /* no data; send a keepalive packet */
387 static const char buf[] = "0005\1";
388 write_or_die(1, buf, sizeof(buf) - 1);
389 continue;
390 } /* else there is actual data to read */
391 }
392
393 sz = xread(in, data, sizeof(data));
394 if (sz <= 0)
395 break;
396
397 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
398 const char *p = memchr(data, '\0', sz);
399 if (p) {
400 /*
401 * The NUL tells us to start sending keepalives. Make
402 * sure we send any other data we read along
403 * with it.
404 */
405 keepalive_active = 1;
406 send_sideband(1, 2, data, p - data, use_sideband);
407 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
408 continue;
409 }
410 }
411
412 /*
413 * Either we're not looking for a NUL signal, or we didn't see
414 * it yet; just pass along the data.
415 */
416 send_sideband(1, 2, data, sz, use_sideband);
417 }
418 close(in);
419 return 0;
420}
421
422#define HMAC_BLOCK_SIZE 64
423
424static void hmac_sha1(unsigned char *out,
425 const char *key_in, size_t key_len,
426 const char *text, size_t text_len)
427{
428 unsigned char key[HMAC_BLOCK_SIZE];
429 unsigned char k_ipad[HMAC_BLOCK_SIZE];
430 unsigned char k_opad[HMAC_BLOCK_SIZE];
431 int i;
432 git_SHA_CTX ctx;
433
434 /* RFC 2104 2. (1) */
435 memset(key, '\0', HMAC_BLOCK_SIZE);
436 if (HMAC_BLOCK_SIZE < key_len) {
437 git_SHA1_Init(&ctx);
438 git_SHA1_Update(&ctx, key_in, key_len);
439 git_SHA1_Final(key, &ctx);
440 } else {
441 memcpy(key, key_in, key_len);
442 }
443
444 /* RFC 2104 2. (2) & (5) */
445 for (i = 0; i < sizeof(key); i++) {
446 k_ipad[i] = key[i] ^ 0x36;
447 k_opad[i] = key[i] ^ 0x5c;
448 }
449
450 /* RFC 2104 2. (3) & (4) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
453 git_SHA1_Update(&ctx, text, text_len);
454 git_SHA1_Final(out, &ctx);
455
456 /* RFC 2104 2. (6) & (7) */
457 git_SHA1_Init(&ctx);
458 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
459 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
460 git_SHA1_Final(out, &ctx);
461}
462
463static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
464{
465 struct strbuf buf = STRBUF_INIT;
466 unsigned char sha1[GIT_SHA1_RAWSZ];
467
468 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
469 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
470 strbuf_release(&buf);
471
472 /* RFC 2104 5. HMAC-SHA1-80 */
473 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
474 return strbuf_detach(&buf, NULL);
475}
476
477/*
478 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
479 * after dropping "_commit" from its name and possibly moving it out
480 * of commit.c
481 */
482static char *find_header(const char *msg, size_t len, const char *key,
483 const char **next_line)
484{
485 int key_len = strlen(key);
486 const char *line = msg;
487
488 while (line && line < msg + len) {
489 const char *eol = strchrnul(line, '\n');
490
491 if ((msg + len <= eol) || line == eol)
492 return NULL;
493 if (line + key_len < eol &&
494 !memcmp(line, key, key_len) && line[key_len] == ' ') {
495 int offset = key_len + 1;
496 if (next_line)
497 *next_line = *eol ? eol + 1 : eol;
498 return xmemdupz(line + offset, (eol - line) - offset);
499 }
500 line = *eol ? eol + 1 : NULL;
501 }
502 return NULL;
503}
504
505static const char *check_nonce(const char *buf, size_t len)
506{
507 char *nonce = find_header(buf, len, "nonce", NULL);
508 timestamp_t stamp, ostamp;
509 char *bohmac, *expect = NULL;
510 const char *retval = NONCE_BAD;
511
512 if (!nonce) {
513 retval = NONCE_MISSING;
514 goto leave;
515 } else if (!push_cert_nonce) {
516 retval = NONCE_UNSOLICITED;
517 goto leave;
518 } else if (!strcmp(push_cert_nonce, nonce)) {
519 retval = NONCE_OK;
520 goto leave;
521 }
522
523 if (!stateless_rpc) {
524 /* returned nonce MUST match what we gave out earlier */
525 retval = NONCE_BAD;
526 goto leave;
527 }
528
529 /*
530 * In stateless mode, we may be receiving a nonce issued by
531 * another instance of the server that serving the same
532 * repository, and the timestamps may not match, but the
533 * nonce-seed and dir should match, so we can recompute and
534 * report the time slop.
535 *
536 * In addition, when a nonce issued by another instance has
537 * timestamp within receive.certnonceslop seconds, we pretend
538 * as if we issued that nonce when reporting to the hook.
539 */
540
541 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
542 if (*nonce <= '0' || '9' < *nonce) {
543 retval = NONCE_BAD;
544 goto leave;
545 }
546 stamp = parse_timestamp(nonce, &bohmac, 10);
547 if (bohmac == nonce || bohmac[0] != '-') {
548 retval = NONCE_BAD;
549 goto leave;
550 }
551
552 expect = prepare_push_cert_nonce(service_dir, stamp);
553 if (strcmp(expect, nonce)) {
554 /* Not what we would have signed earlier */
555 retval = NONCE_BAD;
556 goto leave;
557 }
558
559 /*
560 * By how many seconds is this nonce stale? Negative value
561 * would mean it was issued by another server with its clock
562 * skewed in the future.
563 */
564 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
565 nonce_stamp_slop = (long)ostamp - (long)stamp;
566
567 if (nonce_stamp_slop_limit &&
568 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
569 /*
570 * Pretend as if the received nonce (which passes the
571 * HMAC check, so it is not a forged by third-party)
572 * is what we issued.
573 */
574 free((void *)push_cert_nonce);
575 push_cert_nonce = xstrdup(nonce);
576 retval = NONCE_OK;
577 } else {
578 retval = NONCE_SLOP;
579 }
580
581leave:
582 free(nonce);
583 free(expect);
584 return retval;
585}
586
587/*
588 * Return 1 if there is no push_cert or if the push options in push_cert are
589 * the same as those in the argument; 0 otherwise.
590 */
591static int check_cert_push_options(const struct string_list *push_options)
592{
593 const char *buf = push_cert.buf;
594 int len = push_cert.len;
595
596 char *option;
597 const char *next_line;
598 int options_seen = 0;
599
600 int retval = 1;
601
602 if (!len)
603 return 1;
604
605 while ((option = find_header(buf, len, "push-option", &next_line))) {
606 len -= (next_line - buf);
607 buf = next_line;
608 options_seen++;
609 if (options_seen > push_options->nr
610 || strcmp(option,
611 push_options->items[options_seen - 1].string)) {
612 retval = 0;
613 goto leave;
614 }
615 free(option);
616 }
617
618 if (options_seen != push_options->nr)
619 retval = 0;
620
621leave:
622 free(option);
623 return retval;
624}
625
626static void prepare_push_cert_sha1(struct child_process *proc)
627{
628 static int already_done;
629
630 if (!push_cert.len)
631 return;
632
633 if (!already_done) {
634 int bogs /* beginning_of_gpg_sig */;
635
636 already_done = 1;
637 if (write_object_file(push_cert.buf, push_cert.len, "blob",
638 &push_cert_oid))
639 oidclr(&push_cert_oid);
640
641 memset(&sigcheck, '\0', sizeof(sigcheck));
642
643 bogs = parse_signature(push_cert.buf, push_cert.len);
644 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
645 push_cert.len - bogs, &sigcheck);
646
647 nonce_status = check_nonce(push_cert.buf, bogs);
648 }
649 if (!is_null_oid(&push_cert_oid)) {
650 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
651 oid_to_hex(&push_cert_oid));
652 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
653 sigcheck.signer ? sigcheck.signer : "");
654 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
655 sigcheck.key ? sigcheck.key : "");
656 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
657 sigcheck.result);
658 if (push_cert_nonce) {
659 argv_array_pushf(&proc->env_array,
660 "GIT_PUSH_CERT_NONCE=%s",
661 push_cert_nonce);
662 argv_array_pushf(&proc->env_array,
663 "GIT_PUSH_CERT_NONCE_STATUS=%s",
664 nonce_status);
665 if (nonce_status == NONCE_SLOP)
666 argv_array_pushf(&proc->env_array,
667 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
668 nonce_stamp_slop);
669 }
670 }
671}
672
673struct receive_hook_feed_state {
674 struct command *cmd;
675 int skip_broken;
676 struct strbuf buf;
677 const struct string_list *push_options;
678};
679
680typedef int (*feed_fn)(void *, const char **, size_t *);
681static int run_and_feed_hook(const char *hook_name, feed_fn feed,
682 struct receive_hook_feed_state *feed_state)
683{
684 struct child_process proc = CHILD_PROCESS_INIT;
685 struct async muxer;
686 const char *argv[2];
687 int code;
688
689 argv[0] = find_hook(hook_name);
690 if (!argv[0])
691 return 0;
692
693 argv[1] = NULL;
694
695 proc.argv = argv;
696 proc.in = -1;
697 proc.stdout_to_stderr = 1;
698 if (feed_state->push_options) {
699 int i;
700 for (i = 0; i < feed_state->push_options->nr; i++)
701 argv_array_pushf(&proc.env_array,
702 "GIT_PUSH_OPTION_%d=%s", i,
703 feed_state->push_options->items[i].string);
704 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
705 feed_state->push_options->nr);
706 } else
707 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
708
709 if (tmp_objdir)
710 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
711
712 if (use_sideband) {
713 memset(&muxer, 0, sizeof(muxer));
714 muxer.proc = copy_to_sideband;
715 muxer.in = -1;
716 code = start_async(&muxer);
717 if (code)
718 return code;
719 proc.err = muxer.in;
720 }
721
722 prepare_push_cert_sha1(&proc);
723
724 code = start_command(&proc);
725 if (code) {
726 if (use_sideband)
727 finish_async(&muxer);
728 return code;
729 }
730
731 sigchain_push(SIGPIPE, SIG_IGN);
732
733 while (1) {
734 const char *buf;
735 size_t n;
736 if (feed(feed_state, &buf, &n))
737 break;
738 if (write_in_full(proc.in, buf, n) < 0)
739 break;
740 }
741 close(proc.in);
742 if (use_sideband)
743 finish_async(&muxer);
744
745 sigchain_pop(SIGPIPE);
746
747 return finish_command(&proc);
748}
749
750static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
751{
752 struct receive_hook_feed_state *state = state_;
753 struct command *cmd = state->cmd;
754
755 while (cmd &&
756 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
757 cmd = cmd->next;
758 if (!cmd)
759 return -1; /* EOF */
760 strbuf_reset(&state->buf);
761 strbuf_addf(&state->buf, "%s %s %s\n",
762 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
763 cmd->ref_name);
764 state->cmd = cmd->next;
765 if (bufp) {
766 *bufp = state->buf.buf;
767 *sizep = state->buf.len;
768 }
769 return 0;
770}
771
772static int run_receive_hook(struct command *commands,
773 const char *hook_name,
774 int skip_broken,
775 const struct string_list *push_options)
776{
777 struct receive_hook_feed_state state;
778 int status;
779
780 strbuf_init(&state.buf, 0);
781 state.cmd = commands;
782 state.skip_broken = skip_broken;
783 if (feed_receive_hook(&state, NULL, NULL))
784 return 0;
785 state.cmd = commands;
786 state.push_options = push_options;
787 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
788 strbuf_release(&state.buf);
789 return status;
790}
791
792static int run_update_hook(struct command *cmd)
793{
794 const char *argv[5];
795 struct child_process proc = CHILD_PROCESS_INIT;
796 int code;
797
798 argv[0] = find_hook("update");
799 if (!argv[0])
800 return 0;
801
802 argv[1] = cmd->ref_name;
803 argv[2] = oid_to_hex(&cmd->old_oid);
804 argv[3] = oid_to_hex(&cmd->new_oid);
805 argv[4] = NULL;
806
807 proc.no_stdin = 1;
808 proc.stdout_to_stderr = 1;
809 proc.err = use_sideband ? -1 : 0;
810 proc.argv = argv;
811
812 code = start_command(&proc);
813 if (code)
814 return code;
815 if (use_sideband)
816 copy_to_sideband(proc.err, -1, NULL);
817 return finish_command(&proc);
818}
819
820static int is_ref_checked_out(const char *ref)
821{
822 if (is_bare_repository())
823 return 0;
824
825 if (!head_name)
826 return 0;
827 return !strcmp(head_name, ref);
828}
829
830static char *refuse_unconfigured_deny_msg =
831 N_("By default, updating the current branch in a non-bare repository\n"
832 "is denied, because it will make the index and work tree inconsistent\n"
833 "with what you pushed, and will require 'git reset --hard' to match\n"
834 "the work tree to HEAD.\n"
835 "\n"
836 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
837 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
838 "its current branch; however, this is not recommended unless you\n"
839 "arranged to update its work tree to match what you pushed in some\n"
840 "other way.\n"
841 "\n"
842 "To squelch this message and still keep the default behaviour, set\n"
843 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
844
845static void refuse_unconfigured_deny(void)
846{
847 rp_error("%s", _(refuse_unconfigured_deny_msg));
848}
849
850static char *refuse_unconfigured_deny_delete_current_msg =
851 N_("By default, deleting the current branch is denied, because the next\n"
852 "'git clone' won't result in any file checked out, causing confusion.\n"
853 "\n"
854 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
855 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
856 "current branch, with or without a warning message.\n"
857 "\n"
858 "To squelch this message, you can set it to 'refuse'.");
859
860static void refuse_unconfigured_deny_delete_current(void)
861{
862 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
863}
864
865static int command_singleton_iterator(void *cb_data, struct object_id *oid);
866static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
867{
868 struct lock_file shallow_lock = LOCK_INIT;
869 struct oid_array extra = OID_ARRAY_INIT;
870 struct check_connected_options opt = CHECK_CONNECTED_INIT;
871 uint32_t mask = 1 << (cmd->index % 32);
872 int i;
873
874 trace_printf_key(&trace_shallow,
875 "shallow: update_shallow_ref %s\n", cmd->ref_name);
876 for (i = 0; i < si->shallow->nr; i++)
877 if (si->used_shallow[i] &&
878 (si->used_shallow[i][cmd->index / 32] & mask) &&
879 !delayed_reachability_test(si, i))
880 oid_array_append(&extra, &si->shallow->oid[i]);
881
882 opt.env = tmp_objdir_env(tmp_objdir);
883 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
884 if (check_connected(command_singleton_iterator, cmd, &opt)) {
885 rollback_lock_file(&shallow_lock);
886 oid_array_clear(&extra);
887 return -1;
888 }
889
890 commit_lock_file(&shallow_lock);
891
892 /*
893 * Make sure setup_alternate_shallow() for the next ref does
894 * not lose these new roots..
895 */
896 for (i = 0; i < extra.nr; i++)
897 register_shallow(the_repository, &extra.oid[i]);
898
899 si->shallow_ref[cmd->index] = 0;
900 oid_array_clear(&extra);
901 return 0;
902}
903
904/*
905 * NEEDSWORK: we should consolidate various implementions of "are we
906 * on an unborn branch?" test into one, and make the unified one more
907 * robust. !get_sha1() based check used here and elsewhere would not
908 * allow us to tell an unborn branch from corrupt ref, for example.
909 * For the purpose of fixing "deploy-to-update does not work when
910 * pushing into an empty repository" issue, this should suffice for
911 * now.
912 */
913static int head_has_history(void)
914{
915 struct object_id oid;
916
917 return !get_oid("HEAD", &oid);
918}
919
920static const char *push_to_deploy(unsigned char *sha1,
921 struct argv_array *env,
922 const char *work_tree)
923{
924 const char *update_refresh[] = {
925 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
926 };
927 const char *diff_files[] = {
928 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
929 };
930 const char *diff_index[] = {
931 "diff-index", "--quiet", "--cached", "--ignore-submodules",
932 NULL, "--", NULL
933 };
934 const char *read_tree[] = {
935 "read-tree", "-u", "-m", NULL, NULL
936 };
937 struct child_process child = CHILD_PROCESS_INIT;
938
939 child.argv = update_refresh;
940 child.env = env->argv;
941 child.dir = work_tree;
942 child.no_stdin = 1;
943 child.stdout_to_stderr = 1;
944 child.git_cmd = 1;
945 if (run_command(&child))
946 return "Up-to-date check failed";
947
948 /* run_command() does not clean up completely; reinitialize */
949 child_process_init(&child);
950 child.argv = diff_files;
951 child.env = env->argv;
952 child.dir = work_tree;
953 child.no_stdin = 1;
954 child.stdout_to_stderr = 1;
955 child.git_cmd = 1;
956 if (run_command(&child))
957 return "Working directory has unstaged changes";
958
959 /* diff-index with either HEAD or an empty tree */
960 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
961
962 child_process_init(&child);
963 child.argv = diff_index;
964 child.env = env->argv;
965 child.no_stdin = 1;
966 child.no_stdout = 1;
967 child.stdout_to_stderr = 0;
968 child.git_cmd = 1;
969 if (run_command(&child))
970 return "Working directory has staged changes";
971
972 read_tree[3] = sha1_to_hex(sha1);
973 child_process_init(&child);
974 child.argv = read_tree;
975 child.env = env->argv;
976 child.dir = work_tree;
977 child.no_stdin = 1;
978 child.no_stdout = 1;
979 child.stdout_to_stderr = 0;
980 child.git_cmd = 1;
981 if (run_command(&child))
982 return "Could not update working tree to new HEAD";
983
984 return NULL;
985}
986
987static const char *push_to_checkout_hook = "push-to-checkout";
988
989static const char *push_to_checkout(unsigned char *sha1,
990 struct argv_array *env,
991 const char *work_tree)
992{
993 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
994 if (run_hook_le(env->argv, push_to_checkout_hook,
995 sha1_to_hex(sha1), NULL))
996 return "push-to-checkout hook declined";
997 else
998 return NULL;
999}
1000
1001static const char *update_worktree(unsigned char *sha1)
1002{
1003 const char *retval;
1004 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1005 struct argv_array env = ARGV_ARRAY_INIT;
1006
1007 if (is_bare_repository())
1008 return "denyCurrentBranch = updateInstead needs a worktree";
1009
1010 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1011
1012 if (!find_hook(push_to_checkout_hook))
1013 retval = push_to_deploy(sha1, &env, work_tree);
1014 else
1015 retval = push_to_checkout(sha1, &env, work_tree);
1016
1017 argv_array_clear(&env);
1018 return retval;
1019}
1020
1021static const char *update(struct command *cmd, struct shallow_info *si)
1022{
1023 const char *name = cmd->ref_name;
1024 struct strbuf namespaced_name_buf = STRBUF_INIT;
1025 static char *namespaced_name;
1026 const char *ret;
1027 struct object_id *old_oid = &cmd->old_oid;
1028 struct object_id *new_oid = &cmd->new_oid;
1029
1030 /* only refs/... are allowed */
1031 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1032 rp_error("refusing to create funny ref '%s' remotely", name);
1033 return "funny refname";
1034 }
1035
1036 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1037 free(namespaced_name);
1038 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1039
1040 if (is_ref_checked_out(namespaced_name)) {
1041 switch (deny_current_branch) {
1042 case DENY_IGNORE:
1043 break;
1044 case DENY_WARN:
1045 rp_warning("updating the current branch");
1046 break;
1047 case DENY_REFUSE:
1048 case DENY_UNCONFIGURED:
1049 rp_error("refusing to update checked out branch: %s", name);
1050 if (deny_current_branch == DENY_UNCONFIGURED)
1051 refuse_unconfigured_deny();
1052 return "branch is currently checked out";
1053 case DENY_UPDATE_INSTEAD:
1054 ret = update_worktree(new_oid->hash);
1055 if (ret)
1056 return ret;
1057 break;
1058 }
1059 }
1060
1061 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1062 error("unpack should have generated %s, "
1063 "but I can't find it!", oid_to_hex(new_oid));
1064 return "bad pack";
1065 }
1066
1067 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1068 if (deny_deletes && starts_with(name, "refs/heads/")) {
1069 rp_error("denying ref deletion for %s", name);
1070 return "deletion prohibited";
1071 }
1072
1073 if (head_name && !strcmp(namespaced_name, head_name)) {
1074 switch (deny_delete_current) {
1075 case DENY_IGNORE:
1076 break;
1077 case DENY_WARN:
1078 rp_warning("deleting the current branch");
1079 break;
1080 case DENY_REFUSE:
1081 case DENY_UNCONFIGURED:
1082 case DENY_UPDATE_INSTEAD:
1083 if (deny_delete_current == DENY_UNCONFIGURED)
1084 refuse_unconfigured_deny_delete_current();
1085 rp_error("refusing to delete the current branch: %s", name);
1086 return "deletion of the current branch prohibited";
1087 default:
1088 return "Invalid denyDeleteCurrent setting";
1089 }
1090 }
1091 }
1092
1093 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1094 !is_null_oid(old_oid) &&
1095 starts_with(name, "refs/heads/")) {
1096 struct object *old_object, *new_object;
1097 struct commit *old_commit, *new_commit;
1098
1099 old_object = parse_object(the_repository, old_oid);
1100 new_object = parse_object(the_repository, new_oid);
1101
1102 if (!old_object || !new_object ||
1103 old_object->type != OBJ_COMMIT ||
1104 new_object->type != OBJ_COMMIT) {
1105 error("bad sha1 objects for %s", name);
1106 return "bad ref";
1107 }
1108 old_commit = (struct commit *)old_object;
1109 new_commit = (struct commit *)new_object;
1110 if (!in_merge_bases(old_commit, new_commit)) {
1111 rp_error("denying non-fast-forward %s"
1112 " (you should pull first)", name);
1113 return "non-fast-forward";
1114 }
1115 }
1116 if (run_update_hook(cmd)) {
1117 rp_error("hook declined to update %s", name);
1118 return "hook declined";
1119 }
1120
1121 if (is_null_oid(new_oid)) {
1122 struct strbuf err = STRBUF_INIT;
1123 if (!parse_object(the_repository, old_oid)) {
1124 old_oid = NULL;
1125 if (ref_exists(name)) {
1126 rp_warning("Allowing deletion of corrupt ref.");
1127 } else {
1128 rp_warning("Deleting a non-existent ref.");
1129 cmd->did_not_exist = 1;
1130 }
1131 }
1132 if (ref_transaction_delete(transaction,
1133 namespaced_name,
1134 old_oid,
1135 0, "push", &err)) {
1136 rp_error("%s", err.buf);
1137 strbuf_release(&err);
1138 return "failed to delete";
1139 }
1140 strbuf_release(&err);
1141 return NULL; /* good */
1142 }
1143 else {
1144 struct strbuf err = STRBUF_INIT;
1145 if (shallow_update && si->shallow_ref[cmd->index] &&
1146 update_shallow_ref(cmd, si))
1147 return "shallow error";
1148
1149 if (ref_transaction_update(transaction,
1150 namespaced_name,
1151 new_oid, old_oid,
1152 0, "push",
1153 &err)) {
1154 rp_error("%s", err.buf);
1155 strbuf_release(&err);
1156
1157 return "failed to update ref";
1158 }
1159 strbuf_release(&err);
1160
1161 return NULL; /* good */
1162 }
1163}
1164
1165static void run_update_post_hook(struct command *commands)
1166{
1167 struct command *cmd;
1168 struct child_process proc = CHILD_PROCESS_INIT;
1169 const char *hook;
1170
1171 hook = find_hook("post-update");
1172 if (!hook)
1173 return;
1174
1175 for (cmd = commands; cmd; cmd = cmd->next) {
1176 if (cmd->error_string || cmd->did_not_exist)
1177 continue;
1178 if (!proc.args.argc)
1179 argv_array_push(&proc.args, hook);
1180 argv_array_push(&proc.args, cmd->ref_name);
1181 }
1182 if (!proc.args.argc)
1183 return;
1184
1185 proc.no_stdin = 1;
1186 proc.stdout_to_stderr = 1;
1187 proc.err = use_sideband ? -1 : 0;
1188
1189 if (!start_command(&proc)) {
1190 if (use_sideband)
1191 copy_to_sideband(proc.err, -1, NULL);
1192 finish_command(&proc);
1193 }
1194}
1195
1196static void check_aliased_update(struct command *cmd, struct string_list *list)
1197{
1198 struct strbuf buf = STRBUF_INIT;
1199 const char *dst_name;
1200 struct string_list_item *item;
1201 struct command *dst_cmd;
1202 int flag;
1203
1204 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1205 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1206 strbuf_release(&buf);
1207
1208 if (!(flag & REF_ISSYMREF))
1209 return;
1210
1211 if (!dst_name) {
1212 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1213 cmd->skip_update = 1;
1214 cmd->error_string = "broken symref";
1215 return;
1216 }
1217 dst_name = strip_namespace(dst_name);
1218
1219 if ((item = string_list_lookup(list, dst_name)) == NULL)
1220 return;
1221
1222 cmd->skip_update = 1;
1223
1224 dst_cmd = (struct command *) item->util;
1225
1226 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1227 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1228 return;
1229
1230 dst_cmd->skip_update = 1;
1231
1232 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1233 " its target '%s' (%s..%s)",
1234 cmd->ref_name,
1235 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1236 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1237 dst_cmd->ref_name,
1238 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1239 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1240
1241 cmd->error_string = dst_cmd->error_string =
1242 "inconsistent aliased update";
1243}
1244
1245static void check_aliased_updates(struct command *commands)
1246{
1247 struct command *cmd;
1248 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1249
1250 for (cmd = commands; cmd; cmd = cmd->next) {
1251 struct string_list_item *item =
1252 string_list_append(&ref_list, cmd->ref_name);
1253 item->util = (void *)cmd;
1254 }
1255 string_list_sort(&ref_list);
1256
1257 for (cmd = commands; cmd; cmd = cmd->next) {
1258 if (!cmd->error_string)
1259 check_aliased_update(cmd, &ref_list);
1260 }
1261
1262 string_list_clear(&ref_list, 0);
1263}
1264
1265static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1266{
1267 struct command **cmd_list = cb_data;
1268 struct command *cmd = *cmd_list;
1269
1270 if (!cmd || is_null_oid(&cmd->new_oid))
1271 return -1; /* end of list */
1272 *cmd_list = NULL; /* this returns only one */
1273 oidcpy(oid, &cmd->new_oid);
1274 return 0;
1275}
1276
1277static void set_connectivity_errors(struct command *commands,
1278 struct shallow_info *si)
1279{
1280 struct command *cmd;
1281
1282 for (cmd = commands; cmd; cmd = cmd->next) {
1283 struct command *singleton = cmd;
1284 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1285
1286 if (shallow_update && si->shallow_ref[cmd->index])
1287 /* to be checked in update_shallow_ref() */
1288 continue;
1289
1290 opt.env = tmp_objdir_env(tmp_objdir);
1291 if (!check_connected(command_singleton_iterator, &singleton,
1292 &opt))
1293 continue;
1294
1295 cmd->error_string = "missing necessary objects";
1296 }
1297}
1298
1299struct iterate_data {
1300 struct command *cmds;
1301 struct shallow_info *si;
1302};
1303
1304static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1305{
1306 struct iterate_data *data = cb_data;
1307 struct command **cmd_list = &data->cmds;
1308 struct command *cmd = *cmd_list;
1309
1310 for (; cmd; cmd = cmd->next) {
1311 if (shallow_update && data->si->shallow_ref[cmd->index])
1312 /* to be checked in update_shallow_ref() */
1313 continue;
1314 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1315 oidcpy(oid, &cmd->new_oid);
1316 *cmd_list = cmd->next;
1317 return 0;
1318 }
1319 }
1320 *cmd_list = NULL;
1321 return -1; /* end of list */
1322}
1323
1324static void reject_updates_to_hidden(struct command *commands)
1325{
1326 struct strbuf refname_full = STRBUF_INIT;
1327 size_t prefix_len;
1328 struct command *cmd;
1329
1330 strbuf_addstr(&refname_full, get_git_namespace());
1331 prefix_len = refname_full.len;
1332
1333 for (cmd = commands; cmd; cmd = cmd->next) {
1334 if (cmd->error_string)
1335 continue;
1336
1337 strbuf_setlen(&refname_full, prefix_len);
1338 strbuf_addstr(&refname_full, cmd->ref_name);
1339
1340 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1341 continue;
1342 if (is_null_oid(&cmd->new_oid))
1343 cmd->error_string = "deny deleting a hidden ref";
1344 else
1345 cmd->error_string = "deny updating a hidden ref";
1346 }
1347
1348 strbuf_release(&refname_full);
1349}
1350
1351static int should_process_cmd(struct command *cmd)
1352{
1353 return !cmd->error_string && !cmd->skip_update;
1354}
1355
1356static void warn_if_skipped_connectivity_check(struct command *commands,
1357 struct shallow_info *si)
1358{
1359 struct command *cmd;
1360 int checked_connectivity = 1;
1361
1362 for (cmd = commands; cmd; cmd = cmd->next) {
1363 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1364 error("BUG: connectivity check has not been run on ref %s",
1365 cmd->ref_name);
1366 checked_connectivity = 0;
1367 }
1368 }
1369 if (!checked_connectivity)
1370 BUG("connectivity check skipped???");
1371}
1372
1373static void execute_commands_non_atomic(struct command *commands,
1374 struct shallow_info *si)
1375{
1376 struct command *cmd;
1377 struct strbuf err = STRBUF_INIT;
1378
1379 for (cmd = commands; cmd; cmd = cmd->next) {
1380 if (!should_process_cmd(cmd))
1381 continue;
1382
1383 transaction = ref_transaction_begin(&err);
1384 if (!transaction) {
1385 rp_error("%s", err.buf);
1386 strbuf_reset(&err);
1387 cmd->error_string = "transaction failed to start";
1388 continue;
1389 }
1390
1391 cmd->error_string = update(cmd, si);
1392
1393 if (!cmd->error_string
1394 && ref_transaction_commit(transaction, &err)) {
1395 rp_error("%s", err.buf);
1396 strbuf_reset(&err);
1397 cmd->error_string = "failed to update ref";
1398 }
1399 ref_transaction_free(transaction);
1400 }
1401 strbuf_release(&err);
1402}
1403
1404static void execute_commands_atomic(struct command *commands,
1405 struct shallow_info *si)
1406{
1407 struct command *cmd;
1408 struct strbuf err = STRBUF_INIT;
1409 const char *reported_error = "atomic push failure";
1410
1411 transaction = ref_transaction_begin(&err);
1412 if (!transaction) {
1413 rp_error("%s", err.buf);
1414 strbuf_reset(&err);
1415 reported_error = "transaction failed to start";
1416 goto failure;
1417 }
1418
1419 for (cmd = commands; cmd; cmd = cmd->next) {
1420 if (!should_process_cmd(cmd))
1421 continue;
1422
1423 cmd->error_string = update(cmd, si);
1424
1425 if (cmd->error_string)
1426 goto failure;
1427 }
1428
1429 if (ref_transaction_commit(transaction, &err)) {
1430 rp_error("%s", err.buf);
1431 reported_error = "atomic transaction failed";
1432 goto failure;
1433 }
1434 goto cleanup;
1435
1436failure:
1437 for (cmd = commands; cmd; cmd = cmd->next)
1438 if (!cmd->error_string)
1439 cmd->error_string = reported_error;
1440
1441cleanup:
1442 ref_transaction_free(transaction);
1443 strbuf_release(&err);
1444}
1445
1446static void execute_commands(struct command *commands,
1447 const char *unpacker_error,
1448 struct shallow_info *si,
1449 const struct string_list *push_options)
1450{
1451 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1452 struct command *cmd;
1453 struct iterate_data data;
1454 struct async muxer;
1455 int err_fd = 0;
1456
1457 if (unpacker_error) {
1458 for (cmd = commands; cmd; cmd = cmd->next)
1459 cmd->error_string = "unpacker error";
1460 return;
1461 }
1462
1463 if (use_sideband) {
1464 memset(&muxer, 0, sizeof(muxer));
1465 muxer.proc = copy_to_sideband;
1466 muxer.in = -1;
1467 if (!start_async(&muxer))
1468 err_fd = muxer.in;
1469 /* ...else, continue without relaying sideband */
1470 }
1471
1472 data.cmds = commands;
1473 data.si = si;
1474 opt.err_fd = err_fd;
1475 opt.progress = err_fd && !quiet;
1476 opt.env = tmp_objdir_env(tmp_objdir);
1477 if (check_connected(iterate_receive_command_list, &data, &opt))
1478 set_connectivity_errors(commands, si);
1479
1480 if (use_sideband)
1481 finish_async(&muxer);
1482
1483 reject_updates_to_hidden(commands);
1484
1485 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1486 for (cmd = commands; cmd; cmd = cmd->next) {
1487 if (!cmd->error_string)
1488 cmd->error_string = "pre-receive hook declined";
1489 }
1490 return;
1491 }
1492
1493 /*
1494 * Now we'll start writing out refs, which means the objects need
1495 * to be in their final positions so that other processes can see them.
1496 */
1497 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1498 for (cmd = commands; cmd; cmd = cmd->next) {
1499 if (!cmd->error_string)
1500 cmd->error_string = "unable to migrate objects to permanent storage";
1501 }
1502 return;
1503 }
1504 tmp_objdir = NULL;
1505
1506 check_aliased_updates(commands);
1507
1508 free(head_name_to_free);
1509 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1510
1511 if (use_atomic)
1512 execute_commands_atomic(commands, si);
1513 else
1514 execute_commands_non_atomic(commands, si);
1515
1516 if (shallow_update)
1517 warn_if_skipped_connectivity_check(commands, si);
1518}
1519
1520static struct command **queue_command(struct command **tail,
1521 const char *line,
1522 int linelen)
1523{
1524 struct object_id old_oid, new_oid;
1525 struct command *cmd;
1526 const char *refname;
1527 int reflen;
1528 const char *p;
1529
1530 if (parse_oid_hex(line, &old_oid, &p) ||
1531 *p++ != ' ' ||
1532 parse_oid_hex(p, &new_oid, &p) ||
1533 *p++ != ' ')
1534 die("protocol error: expected old/new/ref, got '%s'", line);
1535
1536 refname = p;
1537 reflen = linelen - (p - line);
1538 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1539 oidcpy(&cmd->old_oid, &old_oid);
1540 oidcpy(&cmd->new_oid, &new_oid);
1541 *tail = cmd;
1542 return &cmd->next;
1543}
1544
1545static void queue_commands_from_cert(struct command **tail,
1546 struct strbuf *push_cert)
1547{
1548 const char *boc, *eoc;
1549
1550 if (*tail)
1551 die("protocol error: got both push certificate and unsigned commands");
1552
1553 boc = strstr(push_cert->buf, "\n\n");
1554 if (!boc)
1555 die("malformed push certificate %.*s", 100, push_cert->buf);
1556 else
1557 boc += 2;
1558 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1559
1560 while (boc < eoc) {
1561 const char *eol = memchr(boc, '\n', eoc - boc);
1562 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1563 boc = eol ? eol + 1 : eoc;
1564 }
1565}
1566
1567static struct command *read_head_info(struct oid_array *shallow)
1568{
1569 struct command *commands = NULL;
1570 struct command **p = &commands;
1571 for (;;) {
1572 char *line;
1573 int len, linelen;
1574
1575 line = packet_read_line(0, &len);
1576 if (!line)
1577 break;
1578
1579 if (len > 8 && starts_with(line, "shallow ")) {
1580 struct object_id oid;
1581 if (get_oid_hex(line + 8, &oid))
1582 die("protocol error: expected shallow sha, got '%s'",
1583 line + 8);
1584 oid_array_append(shallow, &oid);
1585 continue;
1586 }
1587
1588 linelen = strlen(line);
1589 if (linelen < len) {
1590 const char *feature_list = line + linelen + 1;
1591 if (parse_feature_request(feature_list, "report-status"))
1592 report_status = 1;
1593 if (parse_feature_request(feature_list, "side-band-64k"))
1594 use_sideband = LARGE_PACKET_MAX;
1595 if (parse_feature_request(feature_list, "quiet"))
1596 quiet = 1;
1597 if (advertise_atomic_push
1598 && parse_feature_request(feature_list, "atomic"))
1599 use_atomic = 1;
1600 if (advertise_push_options
1601 && parse_feature_request(feature_list, "push-options"))
1602 use_push_options = 1;
1603 }
1604
1605 if (!strcmp(line, "push-cert")) {
1606 int true_flush = 0;
1607 char certbuf[1024];
1608
1609 for (;;) {
1610 len = packet_read(0, NULL, NULL,
1611 certbuf, sizeof(certbuf), 0);
1612 if (!len) {
1613 true_flush = 1;
1614 break;
1615 }
1616 if (!strcmp(certbuf, "push-cert-end\n"))
1617 break; /* end of cert */
1618 strbuf_addstr(&push_cert, certbuf);
1619 }
1620
1621 if (true_flush)
1622 break;
1623 continue;
1624 }
1625
1626 p = queue_command(p, line, linelen);
1627 }
1628
1629 if (push_cert.len)
1630 queue_commands_from_cert(p, &push_cert);
1631
1632 return commands;
1633}
1634
1635static void read_push_options(struct string_list *options)
1636{
1637 while (1) {
1638 char *line;
1639 int len;
1640
1641 line = packet_read_line(0, &len);
1642
1643 if (!line)
1644 break;
1645
1646 string_list_append(options, line);
1647 }
1648}
1649
1650static const char *parse_pack_header(struct pack_header *hdr)
1651{
1652 switch (read_pack_header(0, hdr)) {
1653 case PH_ERROR_EOF:
1654 return "eof before pack header was fully read";
1655
1656 case PH_ERROR_PACK_SIGNATURE:
1657 return "protocol error (pack signature mismatch detected)";
1658
1659 case PH_ERROR_PROTOCOL:
1660 return "protocol error (pack version unsupported)";
1661
1662 default:
1663 return "unknown error in parse_pack_header";
1664
1665 case 0:
1666 return NULL;
1667 }
1668}
1669
1670static const char *pack_lockfile;
1671
1672static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1673{
1674 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1675 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1676}
1677
1678static const char *unpack(int err_fd, struct shallow_info *si)
1679{
1680 struct pack_header hdr;
1681 const char *hdr_err;
1682 int status;
1683 struct child_process child = CHILD_PROCESS_INIT;
1684 int fsck_objects = (receive_fsck_objects >= 0
1685 ? receive_fsck_objects
1686 : transfer_fsck_objects >= 0
1687 ? transfer_fsck_objects
1688 : 0);
1689
1690 hdr_err = parse_pack_header(&hdr);
1691 if (hdr_err) {
1692 if (err_fd > 0)
1693 close(err_fd);
1694 return hdr_err;
1695 }
1696
1697 if (si->nr_ours || si->nr_theirs) {
1698 alt_shallow_file = setup_temporary_shallow(si->shallow);
1699 argv_array_push(&child.args, "--shallow-file");
1700 argv_array_push(&child.args, alt_shallow_file);
1701 }
1702
1703 tmp_objdir = tmp_objdir_create();
1704 if (!tmp_objdir) {
1705 if (err_fd > 0)
1706 close(err_fd);
1707 return "unable to create temporary object directory";
1708 }
1709 child.env = tmp_objdir_env(tmp_objdir);
1710
1711 /*
1712 * Normally we just pass the tmp_objdir environment to the child
1713 * processes that do the heavy lifting, but we may need to see these
1714 * objects ourselves to set up shallow information.
1715 */
1716 tmp_objdir_add_as_alternate(tmp_objdir);
1717
1718 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1719 argv_array_push(&child.args, "unpack-objects");
1720 push_header_arg(&child.args, &hdr);
1721 if (quiet)
1722 argv_array_push(&child.args, "-q");
1723 if (fsck_objects)
1724 argv_array_pushf(&child.args, "--strict%s",
1725 fsck_msg_types.buf);
1726 if (max_input_size)
1727 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1728 (uintmax_t)max_input_size);
1729 child.no_stdout = 1;
1730 child.err = err_fd;
1731 child.git_cmd = 1;
1732 status = run_command(&child);
1733 if (status)
1734 return "unpack-objects abnormal exit";
1735 } else {
1736 char hostname[HOST_NAME_MAX + 1];
1737
1738 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1739 push_header_arg(&child.args, &hdr);
1740
1741 if (xgethostname(hostname, sizeof(hostname)))
1742 xsnprintf(hostname, sizeof(hostname), "localhost");
1743 argv_array_pushf(&child.args,
1744 "--keep=receive-pack %"PRIuMAX" on %s",
1745 (uintmax_t)getpid(),
1746 hostname);
1747
1748 if (!quiet && err_fd)
1749 argv_array_push(&child.args, "--show-resolving-progress");
1750 if (use_sideband)
1751 argv_array_push(&child.args, "--report-end-of-input");
1752 if (fsck_objects)
1753 argv_array_pushf(&child.args, "--strict%s",
1754 fsck_msg_types.buf);
1755 if (!reject_thin)
1756 argv_array_push(&child.args, "--fix-thin");
1757 if (max_input_size)
1758 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1759 (uintmax_t)max_input_size);
1760 child.out = -1;
1761 child.err = err_fd;
1762 child.git_cmd = 1;
1763 status = start_command(&child);
1764 if (status)
1765 return "index-pack fork failed";
1766 pack_lockfile = index_pack_lockfile(child.out);
1767 close(child.out);
1768 status = finish_command(&child);
1769 if (status)
1770 return "index-pack abnormal exit";
1771 reprepare_packed_git(the_repository);
1772 }
1773 return NULL;
1774}
1775
1776static const char *unpack_with_sideband(struct shallow_info *si)
1777{
1778 struct async muxer;
1779 const char *ret;
1780
1781 if (!use_sideband)
1782 return unpack(0, si);
1783
1784 use_keepalive = KEEPALIVE_AFTER_NUL;
1785 memset(&muxer, 0, sizeof(muxer));
1786 muxer.proc = copy_to_sideband;
1787 muxer.in = -1;
1788 if (start_async(&muxer))
1789 return NULL;
1790
1791 ret = unpack(muxer.in, si);
1792
1793 finish_async(&muxer);
1794 return ret;
1795}
1796
1797static void prepare_shallow_update(struct command *commands,
1798 struct shallow_info *si)
1799{
1800 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1801
1802 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1803 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1804
1805 si->need_reachability_test =
1806 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1807 si->reachable =
1808 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1809 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1810
1811 for (i = 0; i < si->nr_ours; i++)
1812 si->need_reachability_test[si->ours[i]] = 1;
1813
1814 for (i = 0; i < si->shallow->nr; i++) {
1815 if (!si->used_shallow[i])
1816 continue;
1817 for (j = 0; j < bitmap_size; j++) {
1818 if (!si->used_shallow[i][j])
1819 continue;
1820 si->need_reachability_test[i]++;
1821 for (k = 0; k < 32; k++)
1822 if (si->used_shallow[i][j] & (1U << k))
1823 si->shallow_ref[j * 32 + k]++;
1824 }
1825
1826 /*
1827 * true for those associated with some refs and belong
1828 * in "ours" list aka "step 7 not done yet"
1829 */
1830 si->need_reachability_test[i] =
1831 si->need_reachability_test[i] > 1;
1832 }
1833
1834 /*
1835 * keep hooks happy by forcing a temporary shallow file via
1836 * env variable because we can't add --shallow-file to every
1837 * command. check_everything_connected() will be done with
1838 * true .git/shallow though.
1839 */
1840 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1841}
1842
1843static void update_shallow_info(struct command *commands,
1844 struct shallow_info *si,
1845 struct oid_array *ref)
1846{
1847 struct command *cmd;
1848 int *ref_status;
1849 remove_nonexistent_theirs_shallow(si);
1850 if (!si->nr_ours && !si->nr_theirs) {
1851 shallow_update = 0;
1852 return;
1853 }
1854
1855 for (cmd = commands; cmd; cmd = cmd->next) {
1856 if (is_null_oid(&cmd->new_oid))
1857 continue;
1858 oid_array_append(ref, &cmd->new_oid);
1859 cmd->index = ref->nr - 1;
1860 }
1861 si->ref = ref;
1862
1863 if (shallow_update) {
1864 prepare_shallow_update(commands, si);
1865 return;
1866 }
1867
1868 ALLOC_ARRAY(ref_status, ref->nr);
1869 assign_shallow_commits_to_refs(si, NULL, ref_status);
1870 for (cmd = commands; cmd; cmd = cmd->next) {
1871 if (is_null_oid(&cmd->new_oid))
1872 continue;
1873 if (ref_status[cmd->index]) {
1874 cmd->error_string = "shallow update not allowed";
1875 cmd->skip_update = 1;
1876 }
1877 }
1878 free(ref_status);
1879}
1880
1881static void report(struct command *commands, const char *unpack_status)
1882{
1883 struct command *cmd;
1884 struct strbuf buf = STRBUF_INIT;
1885
1886 packet_buf_write(&buf, "unpack %s\n",
1887 unpack_status ? unpack_status : "ok");
1888 for (cmd = commands; cmd; cmd = cmd->next) {
1889 if (!cmd->error_string)
1890 packet_buf_write(&buf, "ok %s\n",
1891 cmd->ref_name);
1892 else
1893 packet_buf_write(&buf, "ng %s %s\n",
1894 cmd->ref_name, cmd->error_string);
1895 }
1896 packet_buf_flush(&buf);
1897
1898 if (use_sideband)
1899 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1900 else
1901 write_or_die(1, buf.buf, buf.len);
1902 strbuf_release(&buf);
1903}
1904
1905static int delete_only(struct command *commands)
1906{
1907 struct command *cmd;
1908 for (cmd = commands; cmd; cmd = cmd->next) {
1909 if (!is_null_oid(&cmd->new_oid))
1910 return 0;
1911 }
1912 return 1;
1913}
1914
1915int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1916{
1917 int advertise_refs = 0;
1918 struct command *commands;
1919 struct oid_array shallow = OID_ARRAY_INIT;
1920 struct oid_array ref = OID_ARRAY_INIT;
1921 struct shallow_info si;
1922
1923 struct option options[] = {
1924 OPT__QUIET(&quiet, N_("quiet")),
1925 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1926 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1927 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1928 OPT_END()
1929 };
1930
1931 packet_trace_identity("receive-pack");
1932
1933 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1934
1935 if (argc > 1)
1936 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1937 if (argc == 0)
1938 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1939
1940 service_dir = argv[0];
1941
1942 setup_path();
1943
1944 if (!enter_repo(service_dir, 0))
1945 die("'%s' does not appear to be a git repository", service_dir);
1946
1947 git_config(receive_pack_config, NULL);
1948 if (cert_nonce_seed)
1949 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1950
1951 if (0 <= transfer_unpack_limit)
1952 unpack_limit = transfer_unpack_limit;
1953 else if (0 <= receive_unpack_limit)
1954 unpack_limit = receive_unpack_limit;
1955
1956 switch (determine_protocol_version_server()) {
1957 case protocol_v2:
1958 /*
1959 * push support for protocol v2 has not been implemented yet,
1960 * so ignore the request to use v2 and fallback to using v0.
1961 */
1962 break;
1963 case protocol_v1:
1964 /*
1965 * v1 is just the original protocol with a version string,
1966 * so just fall through after writing the version string.
1967 */
1968 if (advertise_refs || !stateless_rpc)
1969 packet_write_fmt(1, "version 1\n");
1970
1971 /* fallthrough */
1972 case protocol_v0:
1973 break;
1974 case protocol_unknown_version:
1975 BUG("unknown protocol version");
1976 }
1977
1978 if (advertise_refs || !stateless_rpc) {
1979 write_head_info();
1980 }
1981 if (advertise_refs)
1982 return 0;
1983
1984 if ((commands = read_head_info(&shallow)) != NULL) {
1985 const char *unpack_status = NULL;
1986 struct string_list push_options = STRING_LIST_INIT_DUP;
1987
1988 if (use_push_options)
1989 read_push_options(&push_options);
1990 if (!check_cert_push_options(&push_options)) {
1991 struct command *cmd;
1992 for (cmd = commands; cmd; cmd = cmd->next)
1993 cmd->error_string = "inconsistent push options";
1994 }
1995
1996 prepare_shallow_info(&si, &shallow);
1997 if (!si.nr_ours && !si.nr_theirs)
1998 shallow_update = 0;
1999 if (!delete_only(commands)) {
2000 unpack_status = unpack_with_sideband(&si);
2001 update_shallow_info(commands, &si, &ref);
2002 }
2003 use_keepalive = KEEPALIVE_ALWAYS;
2004 execute_commands(commands, unpack_status, &si,
2005 &push_options);
2006 if (pack_lockfile)
2007 unlink_or_warn(pack_lockfile);
2008 if (report_status)
2009 report(commands, unpack_status);
2010 run_receive_hook(commands, "post-receive", 1,
2011 &push_options);
2012 run_update_post_hook(commands);
2013 string_list_clear(&push_options, 0);
2014 if (auto_gc) {
2015 const char *argv_gc_auto[] = {
2016 "gc", "--auto", "--quiet", NULL,
2017 };
2018 struct child_process proc = CHILD_PROCESS_INIT;
2019
2020 proc.no_stdin = 1;
2021 proc.stdout_to_stderr = 1;
2022 proc.err = use_sideband ? -1 : 0;
2023 proc.git_cmd = 1;
2024 proc.argv = argv_gc_auto;
2025
2026 close_all_packs(the_repository->objects);
2027 if (!start_command(&proc)) {
2028 if (use_sideband)
2029 copy_to_sideband(proc.err, -1, NULL);
2030 finish_command(&proc);
2031 }
2032 }
2033 if (auto_update_server_info)
2034 update_server_info(0);
2035 clear_shallow_info(&si);
2036 }
2037 if (use_sideband)
2038 packet_flush(1);
2039 oid_array_clear(&shallow);
2040 oid_array_clear(&ref);
2041 free((void *)push_cert_nonce);
2042 return 0;
2043}