builtin / receive-pack.con commit clone: use a real progress meter for connectivity check (38e590e)
   1#include "builtin.h"
   2#include "lockfile.h"
   3#include "pack.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "exec_cmd.h"
   9#include "commit.h"
  10#include "object.h"
  11#include "remote.h"
  12#include "connect.h"
  13#include "transport.h"
  14#include "string-list.h"
  15#include "sha1-array.h"
  16#include "connected.h"
  17#include "argv-array.h"
  18#include "version.h"
  19#include "tag.h"
  20#include "gpg-interface.h"
  21#include "sigchain.h"
  22#include "fsck.h"
  23
  24static const char * const receive_pack_usage[] = {
  25        N_("git receive-pack <git-dir>"),
  26        NULL
  27};
  28
  29enum deny_action {
  30        DENY_UNCONFIGURED,
  31        DENY_IGNORE,
  32        DENY_WARN,
  33        DENY_REFUSE,
  34        DENY_UPDATE_INSTEAD
  35};
  36
  37static int deny_deletes;
  38static int deny_non_fast_forwards;
  39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  41static int receive_fsck_objects = -1;
  42static int transfer_fsck_objects = -1;
  43static struct strbuf fsck_msg_types = STRBUF_INIT;
  44static int receive_unpack_limit = -1;
  45static int transfer_unpack_limit = -1;
  46static int advertise_atomic_push = 1;
  47static int unpack_limit = 100;
  48static int report_status;
  49static int use_sideband;
  50static int use_atomic;
  51static int quiet;
  52static int prefer_ofs_delta = 1;
  53static int auto_update_server_info;
  54static int auto_gc = 1;
  55static int reject_thin;
  56static int stateless_rpc;
  57static const char *service_dir;
  58static const char *head_name;
  59static void *head_name_to_free;
  60static int sent_capabilities;
  61static int shallow_update;
  62static const char *alt_shallow_file;
  63static struct strbuf push_cert = STRBUF_INIT;
  64static unsigned char push_cert_sha1[20];
  65static struct signature_check sigcheck;
  66static const char *push_cert_nonce;
  67static const char *cert_nonce_seed;
  68
  69static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  70static const char *NONCE_BAD = "BAD";
  71static const char *NONCE_MISSING = "MISSING";
  72static const char *NONCE_OK = "OK";
  73static const char *NONCE_SLOP = "SLOP";
  74static const char *nonce_status;
  75static long nonce_stamp_slop;
  76static unsigned long nonce_stamp_slop_limit;
  77static struct ref_transaction *transaction;
  78
  79static enum deny_action parse_deny_action(const char *var, const char *value)
  80{
  81        if (value) {
  82                if (!strcasecmp(value, "ignore"))
  83                        return DENY_IGNORE;
  84                if (!strcasecmp(value, "warn"))
  85                        return DENY_WARN;
  86                if (!strcasecmp(value, "refuse"))
  87                        return DENY_REFUSE;
  88                if (!strcasecmp(value, "updateinstead"))
  89                        return DENY_UPDATE_INSTEAD;
  90        }
  91        if (git_config_bool(var, value))
  92                return DENY_REFUSE;
  93        return DENY_IGNORE;
  94}
  95
  96static int receive_pack_config(const char *var, const char *value, void *cb)
  97{
  98        int status = parse_hide_refs_config(var, value, "receive");
  99
 100        if (status)
 101                return status;
 102
 103        if (strcmp(var, "receive.denydeletes") == 0) {
 104                deny_deletes = git_config_bool(var, value);
 105                return 0;
 106        }
 107
 108        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 109                deny_non_fast_forwards = git_config_bool(var, value);
 110                return 0;
 111        }
 112
 113        if (strcmp(var, "receive.unpacklimit") == 0) {
 114                receive_unpack_limit = git_config_int(var, value);
 115                return 0;
 116        }
 117
 118        if (strcmp(var, "transfer.unpacklimit") == 0) {
 119                transfer_unpack_limit = git_config_int(var, value);
 120                return 0;
 121        }
 122
 123        if (strcmp(var, "receive.fsck.skiplist") == 0) {
 124                const char *path;
 125
 126                if (git_config_pathname(&path, var, value))
 127                        return 1;
 128                strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
 129                        fsck_msg_types.len ? ',' : '=', path);
 130                free((char *)path);
 131                return 0;
 132        }
 133
 134        if (skip_prefix(var, "receive.fsck.", &var)) {
 135                if (is_valid_msg_type(var, value))
 136                        strbuf_addf(&fsck_msg_types, "%c%s=%s",
 137                                fsck_msg_types.len ? ',' : '=', var, value);
 138                else
 139                        warning("Skipping unknown msg id '%s'", var);
 140                return 0;
 141        }
 142
 143        if (strcmp(var, "receive.fsckobjects") == 0) {
 144                receive_fsck_objects = git_config_bool(var, value);
 145                return 0;
 146        }
 147
 148        if (strcmp(var, "transfer.fsckobjects") == 0) {
 149                transfer_fsck_objects = git_config_bool(var, value);
 150                return 0;
 151        }
 152
 153        if (!strcmp(var, "receive.denycurrentbranch")) {
 154                deny_current_branch = parse_deny_action(var, value);
 155                return 0;
 156        }
 157
 158        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 159                deny_delete_current = parse_deny_action(var, value);
 160                return 0;
 161        }
 162
 163        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 164                prefer_ofs_delta = git_config_bool(var, value);
 165                return 0;
 166        }
 167
 168        if (strcmp(var, "receive.updateserverinfo") == 0) {
 169                auto_update_server_info = git_config_bool(var, value);
 170                return 0;
 171        }
 172
 173        if (strcmp(var, "receive.autogc") == 0) {
 174                auto_gc = git_config_bool(var, value);
 175                return 0;
 176        }
 177
 178        if (strcmp(var, "receive.shallowupdate") == 0) {
 179                shallow_update = git_config_bool(var, value);
 180                return 0;
 181        }
 182
 183        if (strcmp(var, "receive.certnonceseed") == 0)
 184                return git_config_string(&cert_nonce_seed, var, value);
 185
 186        if (strcmp(var, "receive.certnonceslop") == 0) {
 187                nonce_stamp_slop_limit = git_config_ulong(var, value);
 188                return 0;
 189        }
 190
 191        if (strcmp(var, "receive.advertiseatomic") == 0) {
 192                advertise_atomic_push = git_config_bool(var, value);
 193                return 0;
 194        }
 195
 196        return git_default_config(var, value, cb);
 197}
 198
 199static void show_ref(const char *path, const unsigned char *sha1)
 200{
 201        if (sent_capabilities) {
 202                packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
 203        } else {
 204                struct strbuf cap = STRBUF_INIT;
 205
 206                strbuf_addstr(&cap,
 207                              "report-status delete-refs side-band-64k quiet");
 208                if (advertise_atomic_push)
 209                        strbuf_addstr(&cap, " atomic");
 210                if (prefer_ofs_delta)
 211                        strbuf_addstr(&cap, " ofs-delta");
 212                if (push_cert_nonce)
 213                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 214                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 215                packet_write(1, "%s %s%c%s\n",
 216                             sha1_to_hex(sha1), path, 0, cap.buf);
 217                strbuf_release(&cap);
 218                sent_capabilities = 1;
 219        }
 220}
 221
 222static int show_ref_cb(const char *path_full, const struct object_id *oid,
 223                       int flag, void *unused)
 224{
 225        const char *path = strip_namespace(path_full);
 226
 227        if (ref_is_hidden(path, path_full))
 228                return 0;
 229
 230        /*
 231         * Advertise refs outside our current namespace as ".have"
 232         * refs, so that the client can use them to minimize data
 233         * transfer but will otherwise ignore them. This happens to
 234         * cover ".have" that are thrown in by add_one_alternate_ref()
 235         * to mark histories that are complete in our alternates as
 236         * well.
 237         */
 238        if (!path)
 239                path = ".have";
 240        show_ref(path, oid->hash);
 241        return 0;
 242}
 243
 244static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
 245{
 246        show_ref(".have", sha1);
 247}
 248
 249static void collect_one_alternate_ref(const struct ref *ref, void *data)
 250{
 251        struct sha1_array *sa = data;
 252        sha1_array_append(sa, ref->old_oid.hash);
 253}
 254
 255static void write_head_info(void)
 256{
 257        struct sha1_array sa = SHA1_ARRAY_INIT;
 258
 259        for_each_alternate_ref(collect_one_alternate_ref, &sa);
 260        sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
 261        sha1_array_clear(&sa);
 262        for_each_ref(show_ref_cb, NULL);
 263        if (!sent_capabilities)
 264                show_ref("capabilities^{}", null_sha1);
 265
 266        advertise_shallow_grafts(1);
 267
 268        /* EOF */
 269        packet_flush(1);
 270}
 271
 272struct command {
 273        struct command *next;
 274        const char *error_string;
 275        unsigned int skip_update:1,
 276                     did_not_exist:1;
 277        int index;
 278        unsigned char old_sha1[20];
 279        unsigned char new_sha1[20];
 280        char ref_name[FLEX_ARRAY]; /* more */
 281};
 282
 283static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 284static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 285
 286static void report_message(const char *prefix, const char *err, va_list params)
 287{
 288        int sz;
 289        char msg[4096];
 290
 291        sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
 292        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 293        if (sz > (sizeof(msg) - 1))
 294                sz = sizeof(msg) - 1;
 295        msg[sz++] = '\n';
 296
 297        if (use_sideband)
 298                send_sideband(1, 2, msg, sz, use_sideband);
 299        else
 300                xwrite(2, msg, sz);
 301}
 302
 303static void rp_warning(const char *err, ...)
 304{
 305        va_list params;
 306        va_start(params, err);
 307        report_message("warning: ", err, params);
 308        va_end(params);
 309}
 310
 311static void rp_error(const char *err, ...)
 312{
 313        va_list params;
 314        va_start(params, err);
 315        report_message("error: ", err, params);
 316        va_end(params);
 317}
 318
 319static int copy_to_sideband(int in, int out, void *arg)
 320{
 321        char data[128];
 322        while (1) {
 323                ssize_t sz = xread(in, data, sizeof(data));
 324                if (sz <= 0)
 325                        break;
 326                send_sideband(1, 2, data, sz, use_sideband);
 327        }
 328        close(in);
 329        return 0;
 330}
 331
 332#define HMAC_BLOCK_SIZE 64
 333
 334static void hmac_sha1(unsigned char *out,
 335                      const char *key_in, size_t key_len,
 336                      const char *text, size_t text_len)
 337{
 338        unsigned char key[HMAC_BLOCK_SIZE];
 339        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 340        unsigned char k_opad[HMAC_BLOCK_SIZE];
 341        int i;
 342        git_SHA_CTX ctx;
 343
 344        /* RFC 2104 2. (1) */
 345        memset(key, '\0', HMAC_BLOCK_SIZE);
 346        if (HMAC_BLOCK_SIZE < key_len) {
 347                git_SHA1_Init(&ctx);
 348                git_SHA1_Update(&ctx, key_in, key_len);
 349                git_SHA1_Final(key, &ctx);
 350        } else {
 351                memcpy(key, key_in, key_len);
 352        }
 353
 354        /* RFC 2104 2. (2) & (5) */
 355        for (i = 0; i < sizeof(key); i++) {
 356                k_ipad[i] = key[i] ^ 0x36;
 357                k_opad[i] = key[i] ^ 0x5c;
 358        }
 359
 360        /* RFC 2104 2. (3) & (4) */
 361        git_SHA1_Init(&ctx);
 362        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 363        git_SHA1_Update(&ctx, text, text_len);
 364        git_SHA1_Final(out, &ctx);
 365
 366        /* RFC 2104 2. (6) & (7) */
 367        git_SHA1_Init(&ctx);
 368        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 369        git_SHA1_Update(&ctx, out, 20);
 370        git_SHA1_Final(out, &ctx);
 371}
 372
 373static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
 374{
 375        struct strbuf buf = STRBUF_INIT;
 376        unsigned char sha1[20];
 377
 378        strbuf_addf(&buf, "%s:%lu", path, stamp);
 379        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 380        strbuf_release(&buf);
 381
 382        /* RFC 2104 5. HMAC-SHA1-80 */
 383        strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
 384        return strbuf_detach(&buf, NULL);
 385}
 386
 387/*
 388 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 389 * after dropping "_commit" from its name and possibly moving it out
 390 * of commit.c
 391 */
 392static char *find_header(const char *msg, size_t len, const char *key)
 393{
 394        int key_len = strlen(key);
 395        const char *line = msg;
 396
 397        while (line && line < msg + len) {
 398                const char *eol = strchrnul(line, '\n');
 399
 400                if ((msg + len <= eol) || line == eol)
 401                        return NULL;
 402                if (line + key_len < eol &&
 403                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 404                        int offset = key_len + 1;
 405                        return xmemdupz(line + offset, (eol - line) - offset);
 406                }
 407                line = *eol ? eol + 1 : NULL;
 408        }
 409        return NULL;
 410}
 411
 412static const char *check_nonce(const char *buf, size_t len)
 413{
 414        char *nonce = find_header(buf, len, "nonce");
 415        unsigned long stamp, ostamp;
 416        char *bohmac, *expect = NULL;
 417        const char *retval = NONCE_BAD;
 418
 419        if (!nonce) {
 420                retval = NONCE_MISSING;
 421                goto leave;
 422        } else if (!push_cert_nonce) {
 423                retval = NONCE_UNSOLICITED;
 424                goto leave;
 425        } else if (!strcmp(push_cert_nonce, nonce)) {
 426                retval = NONCE_OK;
 427                goto leave;
 428        }
 429
 430        if (!stateless_rpc) {
 431                /* returned nonce MUST match what we gave out earlier */
 432                retval = NONCE_BAD;
 433                goto leave;
 434        }
 435
 436        /*
 437         * In stateless mode, we may be receiving a nonce issued by
 438         * another instance of the server that serving the same
 439         * repository, and the timestamps may not match, but the
 440         * nonce-seed and dir should match, so we can recompute and
 441         * report the time slop.
 442         *
 443         * In addition, when a nonce issued by another instance has
 444         * timestamp within receive.certnonceslop seconds, we pretend
 445         * as if we issued that nonce when reporting to the hook.
 446         */
 447
 448        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 449        if (*nonce <= '0' || '9' < *nonce) {
 450                retval = NONCE_BAD;
 451                goto leave;
 452        }
 453        stamp = strtoul(nonce, &bohmac, 10);
 454        if (bohmac == nonce || bohmac[0] != '-') {
 455                retval = NONCE_BAD;
 456                goto leave;
 457        }
 458
 459        expect = prepare_push_cert_nonce(service_dir, stamp);
 460        if (strcmp(expect, nonce)) {
 461                /* Not what we would have signed earlier */
 462                retval = NONCE_BAD;
 463                goto leave;
 464        }
 465
 466        /*
 467         * By how many seconds is this nonce stale?  Negative value
 468         * would mean it was issued by another server with its clock
 469         * skewed in the future.
 470         */
 471        ostamp = strtoul(push_cert_nonce, NULL, 10);
 472        nonce_stamp_slop = (long)ostamp - (long)stamp;
 473
 474        if (nonce_stamp_slop_limit &&
 475            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 476                /*
 477                 * Pretend as if the received nonce (which passes the
 478                 * HMAC check, so it is not a forged by third-party)
 479                 * is what we issued.
 480                 */
 481                free((void *)push_cert_nonce);
 482                push_cert_nonce = xstrdup(nonce);
 483                retval = NONCE_OK;
 484        } else {
 485                retval = NONCE_SLOP;
 486        }
 487
 488leave:
 489        free(nonce);
 490        free(expect);
 491        return retval;
 492}
 493
 494static void prepare_push_cert_sha1(struct child_process *proc)
 495{
 496        static int already_done;
 497
 498        if (!push_cert.len)
 499                return;
 500
 501        if (!already_done) {
 502                struct strbuf gpg_output = STRBUF_INIT;
 503                struct strbuf gpg_status = STRBUF_INIT;
 504                int bogs /* beginning_of_gpg_sig */;
 505
 506                already_done = 1;
 507                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 508                        hashclr(push_cert_sha1);
 509
 510                memset(&sigcheck, '\0', sizeof(sigcheck));
 511                sigcheck.result = 'N';
 512
 513                bogs = parse_signature(push_cert.buf, push_cert.len);
 514                if (verify_signed_buffer(push_cert.buf, bogs,
 515                                         push_cert.buf + bogs, push_cert.len - bogs,
 516                                         &gpg_output, &gpg_status) < 0) {
 517                        ; /* error running gpg */
 518                } else {
 519                        sigcheck.payload = push_cert.buf;
 520                        sigcheck.gpg_output = gpg_output.buf;
 521                        sigcheck.gpg_status = gpg_status.buf;
 522                        parse_gpg_output(&sigcheck);
 523                }
 524
 525                strbuf_release(&gpg_output);
 526                strbuf_release(&gpg_status);
 527                nonce_status = check_nonce(push_cert.buf, bogs);
 528        }
 529        if (!is_null_sha1(push_cert_sha1)) {
 530                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 531                                 sha1_to_hex(push_cert_sha1));
 532                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 533                                 sigcheck.signer ? sigcheck.signer : "");
 534                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 535                                 sigcheck.key ? sigcheck.key : "");
 536                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 537                                 sigcheck.result);
 538                if (push_cert_nonce) {
 539                        argv_array_pushf(&proc->env_array,
 540                                         "GIT_PUSH_CERT_NONCE=%s",
 541                                         push_cert_nonce);
 542                        argv_array_pushf(&proc->env_array,
 543                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 544                                         nonce_status);
 545                        if (nonce_status == NONCE_SLOP)
 546                                argv_array_pushf(&proc->env_array,
 547                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 548                                                 nonce_stamp_slop);
 549                }
 550        }
 551}
 552
 553typedef int (*feed_fn)(void *, const char **, size_t *);
 554static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
 555{
 556        struct child_process proc = CHILD_PROCESS_INIT;
 557        struct async muxer;
 558        const char *argv[2];
 559        int code;
 560
 561        argv[0] = find_hook(hook_name);
 562        if (!argv[0])
 563                return 0;
 564
 565        argv[1] = NULL;
 566
 567        proc.argv = argv;
 568        proc.in = -1;
 569        proc.stdout_to_stderr = 1;
 570
 571        if (use_sideband) {
 572                memset(&muxer, 0, sizeof(muxer));
 573                muxer.proc = copy_to_sideband;
 574                muxer.in = -1;
 575                code = start_async(&muxer);
 576                if (code)
 577                        return code;
 578                proc.err = muxer.in;
 579        }
 580
 581        prepare_push_cert_sha1(&proc);
 582
 583        code = start_command(&proc);
 584        if (code) {
 585                if (use_sideband)
 586                        finish_async(&muxer);
 587                return code;
 588        }
 589
 590        sigchain_push(SIGPIPE, SIG_IGN);
 591
 592        while (1) {
 593                const char *buf;
 594                size_t n;
 595                if (feed(feed_state, &buf, &n))
 596                        break;
 597                if (write_in_full(proc.in, buf, n) != n)
 598                        break;
 599        }
 600        close(proc.in);
 601        if (use_sideband)
 602                finish_async(&muxer);
 603
 604        sigchain_pop(SIGPIPE);
 605
 606        return finish_command(&proc);
 607}
 608
 609struct receive_hook_feed_state {
 610        struct command *cmd;
 611        int skip_broken;
 612        struct strbuf buf;
 613};
 614
 615static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 616{
 617        struct receive_hook_feed_state *state = state_;
 618        struct command *cmd = state->cmd;
 619
 620        while (cmd &&
 621               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 622                cmd = cmd->next;
 623        if (!cmd)
 624                return -1; /* EOF */
 625        strbuf_reset(&state->buf);
 626        strbuf_addf(&state->buf, "%s %s %s\n",
 627                    sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
 628                    cmd->ref_name);
 629        state->cmd = cmd->next;
 630        if (bufp) {
 631                *bufp = state->buf.buf;
 632                *sizep = state->buf.len;
 633        }
 634        return 0;
 635}
 636
 637static int run_receive_hook(struct command *commands, const char *hook_name,
 638                            int skip_broken)
 639{
 640        struct receive_hook_feed_state state;
 641        int status;
 642
 643        strbuf_init(&state.buf, 0);
 644        state.cmd = commands;
 645        state.skip_broken = skip_broken;
 646        if (feed_receive_hook(&state, NULL, NULL))
 647                return 0;
 648        state.cmd = commands;
 649        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 650        strbuf_release(&state.buf);
 651        return status;
 652}
 653
 654static int run_update_hook(struct command *cmd)
 655{
 656        const char *argv[5];
 657        struct child_process proc = CHILD_PROCESS_INIT;
 658        int code;
 659
 660        argv[0] = find_hook("update");
 661        if (!argv[0])
 662                return 0;
 663
 664        argv[1] = cmd->ref_name;
 665        argv[2] = sha1_to_hex(cmd->old_sha1);
 666        argv[3] = sha1_to_hex(cmd->new_sha1);
 667        argv[4] = NULL;
 668
 669        proc.no_stdin = 1;
 670        proc.stdout_to_stderr = 1;
 671        proc.err = use_sideband ? -1 : 0;
 672        proc.argv = argv;
 673
 674        code = start_command(&proc);
 675        if (code)
 676                return code;
 677        if (use_sideband)
 678                copy_to_sideband(proc.err, -1, NULL);
 679        return finish_command(&proc);
 680}
 681
 682static int is_ref_checked_out(const char *ref)
 683{
 684        if (is_bare_repository())
 685                return 0;
 686
 687        if (!head_name)
 688                return 0;
 689        return !strcmp(head_name, ref);
 690}
 691
 692static char *refuse_unconfigured_deny_msg[] = {
 693        "By default, updating the current branch in a non-bare repository",
 694        "is denied, because it will make the index and work tree inconsistent",
 695        "with what you pushed, and will require 'git reset --hard' to match",
 696        "the work tree to HEAD.",
 697        "",
 698        "You can set 'receive.denyCurrentBranch' configuration variable to",
 699        "'ignore' or 'warn' in the remote repository to allow pushing into",
 700        "its current branch; however, this is not recommended unless you",
 701        "arranged to update its work tree to match what you pushed in some",
 702        "other way.",
 703        "",
 704        "To squelch this message and still keep the default behaviour, set",
 705        "'receive.denyCurrentBranch' configuration variable to 'refuse'."
 706};
 707
 708static void refuse_unconfigured_deny(void)
 709{
 710        int i;
 711        for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
 712                rp_error("%s", refuse_unconfigured_deny_msg[i]);
 713}
 714
 715static char *refuse_unconfigured_deny_delete_current_msg[] = {
 716        "By default, deleting the current branch is denied, because the next",
 717        "'git clone' won't result in any file checked out, causing confusion.",
 718        "",
 719        "You can set 'receive.denyDeleteCurrent' configuration variable to",
 720        "'warn' or 'ignore' in the remote repository to allow deleting the",
 721        "current branch, with or without a warning message.",
 722        "",
 723        "To squelch this message, you can set it to 'refuse'."
 724};
 725
 726static void refuse_unconfigured_deny_delete_current(void)
 727{
 728        int i;
 729        for (i = 0;
 730             i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
 731             i++)
 732                rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
 733}
 734
 735static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 736static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 737{
 738        static struct lock_file shallow_lock;
 739        struct sha1_array extra = SHA1_ARRAY_INIT;
 740        struct check_connected_options opt = CHECK_CONNECTED_INIT;
 741        uint32_t mask = 1 << (cmd->index % 32);
 742        int i;
 743
 744        trace_printf_key(&trace_shallow,
 745                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 746        for (i = 0; i < si->shallow->nr; i++)
 747                if (si->used_shallow[i] &&
 748                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 749                    !delayed_reachability_test(si, i))
 750                        sha1_array_append(&extra, si->shallow->sha1[i]);
 751
 752        setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
 753        if (check_connected(command_singleton_iterator, cmd, &opt)) {
 754                rollback_lock_file(&shallow_lock);
 755                sha1_array_clear(&extra);
 756                return -1;
 757        }
 758
 759        commit_lock_file(&shallow_lock);
 760
 761        /*
 762         * Make sure setup_alternate_shallow() for the next ref does
 763         * not lose these new roots..
 764         */
 765        for (i = 0; i < extra.nr; i++)
 766                register_shallow(extra.sha1[i]);
 767
 768        si->shallow_ref[cmd->index] = 0;
 769        sha1_array_clear(&extra);
 770        return 0;
 771}
 772
 773/*
 774 * NEEDSWORK: we should consolidate various implementions of "are we
 775 * on an unborn branch?" test into one, and make the unified one more
 776 * robust. !get_sha1() based check used here and elsewhere would not
 777 * allow us to tell an unborn branch from corrupt ref, for example.
 778 * For the purpose of fixing "deploy-to-update does not work when
 779 * pushing into an empty repository" issue, this should suffice for
 780 * now.
 781 */
 782static int head_has_history(void)
 783{
 784        unsigned char sha1[20];
 785
 786        return !get_sha1("HEAD", sha1);
 787}
 788
 789static const char *push_to_deploy(unsigned char *sha1,
 790                                  struct argv_array *env,
 791                                  const char *work_tree)
 792{
 793        const char *update_refresh[] = {
 794                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 795        };
 796        const char *diff_files[] = {
 797                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 798        };
 799        const char *diff_index[] = {
 800                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 801                NULL, "--", NULL
 802        };
 803        const char *read_tree[] = {
 804                "read-tree", "-u", "-m", NULL, NULL
 805        };
 806        struct child_process child = CHILD_PROCESS_INIT;
 807
 808        child.argv = update_refresh;
 809        child.env = env->argv;
 810        child.dir = work_tree;
 811        child.no_stdin = 1;
 812        child.stdout_to_stderr = 1;
 813        child.git_cmd = 1;
 814        if (run_command(&child))
 815                return "Up-to-date check failed";
 816
 817        /* run_command() does not clean up completely; reinitialize */
 818        child_process_init(&child);
 819        child.argv = diff_files;
 820        child.env = env->argv;
 821        child.dir = work_tree;
 822        child.no_stdin = 1;
 823        child.stdout_to_stderr = 1;
 824        child.git_cmd = 1;
 825        if (run_command(&child))
 826                return "Working directory has unstaged changes";
 827
 828        /* diff-index with either HEAD or an empty tree */
 829        diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
 830
 831        child_process_init(&child);
 832        child.argv = diff_index;
 833        child.env = env->argv;
 834        child.no_stdin = 1;
 835        child.no_stdout = 1;
 836        child.stdout_to_stderr = 0;
 837        child.git_cmd = 1;
 838        if (run_command(&child))
 839                return "Working directory has staged changes";
 840
 841        read_tree[3] = sha1_to_hex(sha1);
 842        child_process_init(&child);
 843        child.argv = read_tree;
 844        child.env = env->argv;
 845        child.dir = work_tree;
 846        child.no_stdin = 1;
 847        child.no_stdout = 1;
 848        child.stdout_to_stderr = 0;
 849        child.git_cmd = 1;
 850        if (run_command(&child))
 851                return "Could not update working tree to new HEAD";
 852
 853        return NULL;
 854}
 855
 856static const char *push_to_checkout_hook = "push-to-checkout";
 857
 858static const char *push_to_checkout(unsigned char *sha1,
 859                                    struct argv_array *env,
 860                                    const char *work_tree)
 861{
 862        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
 863        if (run_hook_le(env->argv, push_to_checkout_hook,
 864                        sha1_to_hex(sha1), NULL))
 865                return "push-to-checkout hook declined";
 866        else
 867                return NULL;
 868}
 869
 870static const char *update_worktree(unsigned char *sha1)
 871{
 872        const char *retval;
 873        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
 874        struct argv_array env = ARGV_ARRAY_INIT;
 875
 876        if (is_bare_repository())
 877                return "denyCurrentBranch = updateInstead needs a worktree";
 878
 879        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
 880
 881        if (!find_hook(push_to_checkout_hook))
 882                retval = push_to_deploy(sha1, &env, work_tree);
 883        else
 884                retval = push_to_checkout(sha1, &env, work_tree);
 885
 886        argv_array_clear(&env);
 887        return retval;
 888}
 889
 890static const char *update(struct command *cmd, struct shallow_info *si)
 891{
 892        const char *name = cmd->ref_name;
 893        struct strbuf namespaced_name_buf = STRBUF_INIT;
 894        const char *namespaced_name, *ret;
 895        unsigned char *old_sha1 = cmd->old_sha1;
 896        unsigned char *new_sha1 = cmd->new_sha1;
 897
 898        /* only refs/... are allowed */
 899        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
 900                rp_error("refusing to create funny ref '%s' remotely", name);
 901                return "funny refname";
 902        }
 903
 904        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
 905        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
 906
 907        if (is_ref_checked_out(namespaced_name)) {
 908                switch (deny_current_branch) {
 909                case DENY_IGNORE:
 910                        break;
 911                case DENY_WARN:
 912                        rp_warning("updating the current branch");
 913                        break;
 914                case DENY_REFUSE:
 915                case DENY_UNCONFIGURED:
 916                        rp_error("refusing to update checked out branch: %s", name);
 917                        if (deny_current_branch == DENY_UNCONFIGURED)
 918                                refuse_unconfigured_deny();
 919                        return "branch is currently checked out";
 920                case DENY_UPDATE_INSTEAD:
 921                        ret = update_worktree(new_sha1);
 922                        if (ret)
 923                                return ret;
 924                        break;
 925                }
 926        }
 927
 928        if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
 929                error("unpack should have generated %s, "
 930                      "but I can't find it!", sha1_to_hex(new_sha1));
 931                return "bad pack";
 932        }
 933
 934        if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
 935                if (deny_deletes && starts_with(name, "refs/heads/")) {
 936                        rp_error("denying ref deletion for %s", name);
 937                        return "deletion prohibited";
 938                }
 939
 940                if (head_name && !strcmp(namespaced_name, head_name)) {
 941                        switch (deny_delete_current) {
 942                        case DENY_IGNORE:
 943                                break;
 944                        case DENY_WARN:
 945                                rp_warning("deleting the current branch");
 946                                break;
 947                        case DENY_REFUSE:
 948                        case DENY_UNCONFIGURED:
 949                        case DENY_UPDATE_INSTEAD:
 950                                if (deny_delete_current == DENY_UNCONFIGURED)
 951                                        refuse_unconfigured_deny_delete_current();
 952                                rp_error("refusing to delete the current branch: %s", name);
 953                                return "deletion of the current branch prohibited";
 954                        default:
 955                                return "Invalid denyDeleteCurrent setting";
 956                        }
 957                }
 958        }
 959
 960        if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
 961            !is_null_sha1(old_sha1) &&
 962            starts_with(name, "refs/heads/")) {
 963                struct object *old_object, *new_object;
 964                struct commit *old_commit, *new_commit;
 965
 966                old_object = parse_object(old_sha1);
 967                new_object = parse_object(new_sha1);
 968
 969                if (!old_object || !new_object ||
 970                    old_object->type != OBJ_COMMIT ||
 971                    new_object->type != OBJ_COMMIT) {
 972                        error("bad sha1 objects for %s", name);
 973                        return "bad ref";
 974                }
 975                old_commit = (struct commit *)old_object;
 976                new_commit = (struct commit *)new_object;
 977                if (!in_merge_bases(old_commit, new_commit)) {
 978                        rp_error("denying non-fast-forward %s"
 979                                 " (you should pull first)", name);
 980                        return "non-fast-forward";
 981                }
 982        }
 983        if (run_update_hook(cmd)) {
 984                rp_error("hook declined to update %s", name);
 985                return "hook declined";
 986        }
 987
 988        if (is_null_sha1(new_sha1)) {
 989                struct strbuf err = STRBUF_INIT;
 990                if (!parse_object(old_sha1)) {
 991                        old_sha1 = NULL;
 992                        if (ref_exists(name)) {
 993                                rp_warning("Allowing deletion of corrupt ref.");
 994                        } else {
 995                                rp_warning("Deleting a non-existent ref.");
 996                                cmd->did_not_exist = 1;
 997                        }
 998                }
 999                if (ref_transaction_delete(transaction,
1000                                           namespaced_name,
1001                                           old_sha1,
1002                                           0, "push", &err)) {
1003                        rp_error("%s", err.buf);
1004                        strbuf_release(&err);
1005                        return "failed to delete";
1006                }
1007                strbuf_release(&err);
1008                return NULL; /* good */
1009        }
1010        else {
1011                struct strbuf err = STRBUF_INIT;
1012                if (shallow_update && si->shallow_ref[cmd->index] &&
1013                    update_shallow_ref(cmd, si))
1014                        return "shallow error";
1015
1016                if (ref_transaction_update(transaction,
1017                                           namespaced_name,
1018                                           new_sha1, old_sha1,
1019                                           0, "push",
1020                                           &err)) {
1021                        rp_error("%s", err.buf);
1022                        strbuf_release(&err);
1023
1024                        return "failed to update ref";
1025                }
1026                strbuf_release(&err);
1027
1028                return NULL; /* good */
1029        }
1030}
1031
1032static void run_update_post_hook(struct command *commands)
1033{
1034        struct command *cmd;
1035        int argc;
1036        struct child_process proc = CHILD_PROCESS_INIT;
1037        const char *hook;
1038
1039        hook = find_hook("post-update");
1040        for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1041                if (cmd->error_string || cmd->did_not_exist)
1042                        continue;
1043                argc++;
1044        }
1045        if (!argc || !hook)
1046                return;
1047
1048        argv_array_push(&proc.args, hook);
1049        for (cmd = commands; cmd; cmd = cmd->next) {
1050                if (cmd->error_string || cmd->did_not_exist)
1051                        continue;
1052                argv_array_push(&proc.args, cmd->ref_name);
1053        }
1054
1055        proc.no_stdin = 1;
1056        proc.stdout_to_stderr = 1;
1057        proc.err = use_sideband ? -1 : 0;
1058
1059        if (!start_command(&proc)) {
1060                if (use_sideband)
1061                        copy_to_sideband(proc.err, -1, NULL);
1062                finish_command(&proc);
1063        }
1064}
1065
1066static void check_aliased_update(struct command *cmd, struct string_list *list)
1067{
1068        struct strbuf buf = STRBUF_INIT;
1069        const char *dst_name;
1070        struct string_list_item *item;
1071        struct command *dst_cmd;
1072        unsigned char sha1[GIT_SHA1_RAWSZ];
1073        char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1074             cmd_newh[GIT_SHA1_HEXSZ + 1],
1075             dst_oldh[GIT_SHA1_HEXSZ + 1],
1076             dst_newh[GIT_SHA1_HEXSZ + 1];
1077        int flag;
1078
1079        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1080        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1081        strbuf_release(&buf);
1082
1083        if (!(flag & REF_ISSYMREF))
1084                return;
1085
1086        if (!dst_name) {
1087                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1088                cmd->skip_update = 1;
1089                cmd->error_string = "broken symref";
1090                return;
1091        }
1092        dst_name = strip_namespace(dst_name);
1093
1094        if ((item = string_list_lookup(list, dst_name)) == NULL)
1095                return;
1096
1097        cmd->skip_update = 1;
1098
1099        dst_cmd = (struct command *) item->util;
1100
1101        if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1102            !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1103                return;
1104
1105        dst_cmd->skip_update = 1;
1106
1107        find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1108        find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1109        find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1110        find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1111        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1112                 " its target '%s' (%s..%s)",
1113                 cmd->ref_name, cmd_oldh, cmd_newh,
1114                 dst_cmd->ref_name, dst_oldh, dst_newh);
1115
1116        cmd->error_string = dst_cmd->error_string =
1117                "inconsistent aliased update";
1118}
1119
1120static void check_aliased_updates(struct command *commands)
1121{
1122        struct command *cmd;
1123        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1124
1125        for (cmd = commands; cmd; cmd = cmd->next) {
1126                struct string_list_item *item =
1127                        string_list_append(&ref_list, cmd->ref_name);
1128                item->util = (void *)cmd;
1129        }
1130        string_list_sort(&ref_list);
1131
1132        for (cmd = commands; cmd; cmd = cmd->next) {
1133                if (!cmd->error_string)
1134                        check_aliased_update(cmd, &ref_list);
1135        }
1136
1137        string_list_clear(&ref_list, 0);
1138}
1139
1140static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1141{
1142        struct command **cmd_list = cb_data;
1143        struct command *cmd = *cmd_list;
1144
1145        if (!cmd || is_null_sha1(cmd->new_sha1))
1146                return -1; /* end of list */
1147        *cmd_list = NULL; /* this returns only one */
1148        hashcpy(sha1, cmd->new_sha1);
1149        return 0;
1150}
1151
1152static void set_connectivity_errors(struct command *commands,
1153                                    struct shallow_info *si)
1154{
1155        struct command *cmd;
1156
1157        for (cmd = commands; cmd; cmd = cmd->next) {
1158                struct command *singleton = cmd;
1159                if (shallow_update && si->shallow_ref[cmd->index])
1160                        /* to be checked in update_shallow_ref() */
1161                        continue;
1162                if (!check_connected(command_singleton_iterator, &singleton,
1163                                     NULL))
1164                        continue;
1165                cmd->error_string = "missing necessary objects";
1166        }
1167}
1168
1169struct iterate_data {
1170        struct command *cmds;
1171        struct shallow_info *si;
1172};
1173
1174static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1175{
1176        struct iterate_data *data = cb_data;
1177        struct command **cmd_list = &data->cmds;
1178        struct command *cmd = *cmd_list;
1179
1180        for (; cmd; cmd = cmd->next) {
1181                if (shallow_update && data->si->shallow_ref[cmd->index])
1182                        /* to be checked in update_shallow_ref() */
1183                        continue;
1184                if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1185                        hashcpy(sha1, cmd->new_sha1);
1186                        *cmd_list = cmd->next;
1187                        return 0;
1188                }
1189        }
1190        *cmd_list = NULL;
1191        return -1; /* end of list */
1192}
1193
1194static void reject_updates_to_hidden(struct command *commands)
1195{
1196        struct strbuf refname_full = STRBUF_INIT;
1197        size_t prefix_len;
1198        struct command *cmd;
1199
1200        strbuf_addstr(&refname_full, get_git_namespace());
1201        prefix_len = refname_full.len;
1202
1203        for (cmd = commands; cmd; cmd = cmd->next) {
1204                if (cmd->error_string)
1205                        continue;
1206
1207                strbuf_setlen(&refname_full, prefix_len);
1208                strbuf_addstr(&refname_full, cmd->ref_name);
1209
1210                if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1211                        continue;
1212                if (is_null_sha1(cmd->new_sha1))
1213                        cmd->error_string = "deny deleting a hidden ref";
1214                else
1215                        cmd->error_string = "deny updating a hidden ref";
1216        }
1217
1218        strbuf_release(&refname_full);
1219}
1220
1221static int should_process_cmd(struct command *cmd)
1222{
1223        return !cmd->error_string && !cmd->skip_update;
1224}
1225
1226static void warn_if_skipped_connectivity_check(struct command *commands,
1227                                               struct shallow_info *si)
1228{
1229        struct command *cmd;
1230        int checked_connectivity = 1;
1231
1232        for (cmd = commands; cmd; cmd = cmd->next) {
1233                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1234                        error("BUG: connectivity check has not been run on ref %s",
1235                              cmd->ref_name);
1236                        checked_connectivity = 0;
1237                }
1238        }
1239        if (!checked_connectivity)
1240                die("BUG: connectivity check skipped???");
1241}
1242
1243static void execute_commands_non_atomic(struct command *commands,
1244                                        struct shallow_info *si)
1245{
1246        struct command *cmd;
1247        struct strbuf err = STRBUF_INIT;
1248
1249        for (cmd = commands; cmd; cmd = cmd->next) {
1250                if (!should_process_cmd(cmd))
1251                        continue;
1252
1253                transaction = ref_transaction_begin(&err);
1254                if (!transaction) {
1255                        rp_error("%s", err.buf);
1256                        strbuf_reset(&err);
1257                        cmd->error_string = "transaction failed to start";
1258                        continue;
1259                }
1260
1261                cmd->error_string = update(cmd, si);
1262
1263                if (!cmd->error_string
1264                    && ref_transaction_commit(transaction, &err)) {
1265                        rp_error("%s", err.buf);
1266                        strbuf_reset(&err);
1267                        cmd->error_string = "failed to update ref";
1268                }
1269                ref_transaction_free(transaction);
1270        }
1271        strbuf_release(&err);
1272}
1273
1274static void execute_commands_atomic(struct command *commands,
1275                                        struct shallow_info *si)
1276{
1277        struct command *cmd;
1278        struct strbuf err = STRBUF_INIT;
1279        const char *reported_error = "atomic push failure";
1280
1281        transaction = ref_transaction_begin(&err);
1282        if (!transaction) {
1283                rp_error("%s", err.buf);
1284                strbuf_reset(&err);
1285                reported_error = "transaction failed to start";
1286                goto failure;
1287        }
1288
1289        for (cmd = commands; cmd; cmd = cmd->next) {
1290                if (!should_process_cmd(cmd))
1291                        continue;
1292
1293                cmd->error_string = update(cmd, si);
1294
1295                if (cmd->error_string)
1296                        goto failure;
1297        }
1298
1299        if (ref_transaction_commit(transaction, &err)) {
1300                rp_error("%s", err.buf);
1301                reported_error = "atomic transaction failed";
1302                goto failure;
1303        }
1304        goto cleanup;
1305
1306failure:
1307        for (cmd = commands; cmd; cmd = cmd->next)
1308                if (!cmd->error_string)
1309                        cmd->error_string = reported_error;
1310
1311cleanup:
1312        ref_transaction_free(transaction);
1313        strbuf_release(&err);
1314}
1315
1316static void execute_commands(struct command *commands,
1317                             const char *unpacker_error,
1318                             struct shallow_info *si)
1319{
1320        struct command *cmd;
1321        unsigned char sha1[20];
1322        struct iterate_data data;
1323
1324        if (unpacker_error) {
1325                for (cmd = commands; cmd; cmd = cmd->next)
1326                        cmd->error_string = "unpacker error";
1327                return;
1328        }
1329
1330        data.cmds = commands;
1331        data.si = si;
1332        if (check_connected(iterate_receive_command_list, &data, NULL))
1333                set_connectivity_errors(commands, si);
1334
1335        reject_updates_to_hidden(commands);
1336
1337        if (run_receive_hook(commands, "pre-receive", 0)) {
1338                for (cmd = commands; cmd; cmd = cmd->next) {
1339                        if (!cmd->error_string)
1340                                cmd->error_string = "pre-receive hook declined";
1341                }
1342                return;
1343        }
1344
1345        check_aliased_updates(commands);
1346
1347        free(head_name_to_free);
1348        head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1349
1350        if (use_atomic)
1351                execute_commands_atomic(commands, si);
1352        else
1353                execute_commands_non_atomic(commands, si);
1354
1355        if (shallow_update)
1356                warn_if_skipped_connectivity_check(commands, si);
1357}
1358
1359static struct command **queue_command(struct command **tail,
1360                                      const char *line,
1361                                      int linelen)
1362{
1363        unsigned char old_sha1[20], new_sha1[20];
1364        struct command *cmd;
1365        const char *refname;
1366        int reflen;
1367
1368        if (linelen < 83 ||
1369            line[40] != ' ' ||
1370            line[81] != ' ' ||
1371            get_sha1_hex(line, old_sha1) ||
1372            get_sha1_hex(line + 41, new_sha1))
1373                die("protocol error: expected old/new/ref, got '%s'", line);
1374
1375        refname = line + 82;
1376        reflen = linelen - 82;
1377        cmd = xcalloc(1, st_add3(sizeof(struct command), reflen, 1));
1378        hashcpy(cmd->old_sha1, old_sha1);
1379        hashcpy(cmd->new_sha1, new_sha1);
1380        memcpy(cmd->ref_name, refname, reflen);
1381        cmd->ref_name[reflen] = '\0';
1382        *tail = cmd;
1383        return &cmd->next;
1384}
1385
1386static void queue_commands_from_cert(struct command **tail,
1387                                     struct strbuf *push_cert)
1388{
1389        const char *boc, *eoc;
1390
1391        if (*tail)
1392                die("protocol error: got both push certificate and unsigned commands");
1393
1394        boc = strstr(push_cert->buf, "\n\n");
1395        if (!boc)
1396                die("malformed push certificate %.*s", 100, push_cert->buf);
1397        else
1398                boc += 2;
1399        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1400
1401        while (boc < eoc) {
1402                const char *eol = memchr(boc, '\n', eoc - boc);
1403                tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1404                boc = eol ? eol + 1 : eoc;
1405        }
1406}
1407
1408static struct command *read_head_info(struct sha1_array *shallow)
1409{
1410        struct command *commands = NULL;
1411        struct command **p = &commands;
1412        for (;;) {
1413                char *line;
1414                int len, linelen;
1415
1416                line = packet_read_line(0, &len);
1417                if (!line)
1418                        break;
1419
1420                if (len == 48 && starts_with(line, "shallow ")) {
1421                        unsigned char sha1[20];
1422                        if (get_sha1_hex(line + 8, sha1))
1423                                die("protocol error: expected shallow sha, got '%s'",
1424                                    line + 8);
1425                        sha1_array_append(shallow, sha1);
1426                        continue;
1427                }
1428
1429                linelen = strlen(line);
1430                if (linelen < len) {
1431                        const char *feature_list = line + linelen + 1;
1432                        if (parse_feature_request(feature_list, "report-status"))
1433                                report_status = 1;
1434                        if (parse_feature_request(feature_list, "side-band-64k"))
1435                                use_sideband = LARGE_PACKET_MAX;
1436                        if (parse_feature_request(feature_list, "quiet"))
1437                                quiet = 1;
1438                        if (advertise_atomic_push
1439                            && parse_feature_request(feature_list, "atomic"))
1440                                use_atomic = 1;
1441                }
1442
1443                if (!strcmp(line, "push-cert")) {
1444                        int true_flush = 0;
1445                        char certbuf[1024];
1446
1447                        for (;;) {
1448                                len = packet_read(0, NULL, NULL,
1449                                                  certbuf, sizeof(certbuf), 0);
1450                                if (!len) {
1451                                        true_flush = 1;
1452                                        break;
1453                                }
1454                                if (!strcmp(certbuf, "push-cert-end\n"))
1455                                        break; /* end of cert */
1456                                strbuf_addstr(&push_cert, certbuf);
1457                        }
1458
1459                        if (true_flush)
1460                                break;
1461                        continue;
1462                }
1463
1464                p = queue_command(p, line, linelen);
1465        }
1466
1467        if (push_cert.len)
1468                queue_commands_from_cert(p, &push_cert);
1469
1470        return commands;
1471}
1472
1473static const char *parse_pack_header(struct pack_header *hdr)
1474{
1475        switch (read_pack_header(0, hdr)) {
1476        case PH_ERROR_EOF:
1477                return "eof before pack header was fully read";
1478
1479        case PH_ERROR_PACK_SIGNATURE:
1480                return "protocol error (pack signature mismatch detected)";
1481
1482        case PH_ERROR_PROTOCOL:
1483                return "protocol error (pack version unsupported)";
1484
1485        default:
1486                return "unknown error in parse_pack_header";
1487
1488        case 0:
1489                return NULL;
1490        }
1491}
1492
1493static const char *pack_lockfile;
1494
1495static const char *unpack(int err_fd, struct shallow_info *si)
1496{
1497        struct pack_header hdr;
1498        const char *hdr_err;
1499        int status;
1500        char hdr_arg[38];
1501        struct child_process child = CHILD_PROCESS_INIT;
1502        int fsck_objects = (receive_fsck_objects >= 0
1503                            ? receive_fsck_objects
1504                            : transfer_fsck_objects >= 0
1505                            ? transfer_fsck_objects
1506                            : 0);
1507
1508        hdr_err = parse_pack_header(&hdr);
1509        if (hdr_err) {
1510                if (err_fd > 0)
1511                        close(err_fd);
1512                return hdr_err;
1513        }
1514        snprintf(hdr_arg, sizeof(hdr_arg),
1515                        "--pack_header=%"PRIu32",%"PRIu32,
1516                        ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1517
1518        if (si->nr_ours || si->nr_theirs) {
1519                alt_shallow_file = setup_temporary_shallow(si->shallow);
1520                argv_array_push(&child.args, "--shallow-file");
1521                argv_array_push(&child.args, alt_shallow_file);
1522        }
1523
1524        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1525                argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1526                if (quiet)
1527                        argv_array_push(&child.args, "-q");
1528                if (fsck_objects)
1529                        argv_array_pushf(&child.args, "--strict%s",
1530                                fsck_msg_types.buf);
1531                child.no_stdout = 1;
1532                child.err = err_fd;
1533                child.git_cmd = 1;
1534                status = run_command(&child);
1535                if (status)
1536                        return "unpack-objects abnormal exit";
1537        } else {
1538                char hostname[256];
1539
1540                argv_array_pushl(&child.args, "index-pack",
1541                                 "--stdin", hdr_arg, NULL);
1542
1543                if (gethostname(hostname, sizeof(hostname)))
1544                        xsnprintf(hostname, sizeof(hostname), "localhost");
1545                argv_array_pushf(&child.args,
1546                                 "--keep=receive-pack %"PRIuMAX" on %s",
1547                                 (uintmax_t)getpid(),
1548                                 hostname);
1549
1550                if (fsck_objects)
1551                        argv_array_pushf(&child.args, "--strict%s",
1552                                fsck_msg_types.buf);
1553                if (!reject_thin)
1554                        argv_array_push(&child.args, "--fix-thin");
1555                child.out = -1;
1556                child.err = err_fd;
1557                child.git_cmd = 1;
1558                status = start_command(&child);
1559                if (status)
1560                        return "index-pack fork failed";
1561                pack_lockfile = index_pack_lockfile(child.out);
1562                close(child.out);
1563                status = finish_command(&child);
1564                if (status)
1565                        return "index-pack abnormal exit";
1566                reprepare_packed_git();
1567        }
1568        return NULL;
1569}
1570
1571static const char *unpack_with_sideband(struct shallow_info *si)
1572{
1573        struct async muxer;
1574        const char *ret;
1575
1576        if (!use_sideband)
1577                return unpack(0, si);
1578
1579        memset(&muxer, 0, sizeof(muxer));
1580        muxer.proc = copy_to_sideband;
1581        muxer.in = -1;
1582        if (start_async(&muxer))
1583                return NULL;
1584
1585        ret = unpack(muxer.in, si);
1586
1587        finish_async(&muxer);
1588        return ret;
1589}
1590
1591static void prepare_shallow_update(struct command *commands,
1592                                   struct shallow_info *si)
1593{
1594        int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1595
1596        ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1597        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1598
1599        si->need_reachability_test =
1600                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1601        si->reachable =
1602                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1603        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1604
1605        for (i = 0; i < si->nr_ours; i++)
1606                si->need_reachability_test[si->ours[i]] = 1;
1607
1608        for (i = 0; i < si->shallow->nr; i++) {
1609                if (!si->used_shallow[i])
1610                        continue;
1611                for (j = 0; j < bitmap_size; j++) {
1612                        if (!si->used_shallow[i][j])
1613                                continue;
1614                        si->need_reachability_test[i]++;
1615                        for (k = 0; k < 32; k++)
1616                                if (si->used_shallow[i][j] & (1U << k))
1617                                        si->shallow_ref[j * 32 + k]++;
1618                }
1619
1620                /*
1621                 * true for those associated with some refs and belong
1622                 * in "ours" list aka "step 7 not done yet"
1623                 */
1624                si->need_reachability_test[i] =
1625                        si->need_reachability_test[i] > 1;
1626        }
1627
1628        /*
1629         * keep hooks happy by forcing a temporary shallow file via
1630         * env variable because we can't add --shallow-file to every
1631         * command. check_everything_connected() will be done with
1632         * true .git/shallow though.
1633         */
1634        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1635}
1636
1637static void update_shallow_info(struct command *commands,
1638                                struct shallow_info *si,
1639                                struct sha1_array *ref)
1640{
1641        struct command *cmd;
1642        int *ref_status;
1643        remove_nonexistent_theirs_shallow(si);
1644        if (!si->nr_ours && !si->nr_theirs) {
1645                shallow_update = 0;
1646                return;
1647        }
1648
1649        for (cmd = commands; cmd; cmd = cmd->next) {
1650                if (is_null_sha1(cmd->new_sha1))
1651                        continue;
1652                sha1_array_append(ref, cmd->new_sha1);
1653                cmd->index = ref->nr - 1;
1654        }
1655        si->ref = ref;
1656
1657        if (shallow_update) {
1658                prepare_shallow_update(commands, si);
1659                return;
1660        }
1661
1662        ALLOC_ARRAY(ref_status, ref->nr);
1663        assign_shallow_commits_to_refs(si, NULL, ref_status);
1664        for (cmd = commands; cmd; cmd = cmd->next) {
1665                if (is_null_sha1(cmd->new_sha1))
1666                        continue;
1667                if (ref_status[cmd->index]) {
1668                        cmd->error_string = "shallow update not allowed";
1669                        cmd->skip_update = 1;
1670                }
1671        }
1672        free(ref_status);
1673}
1674
1675static void report(struct command *commands, const char *unpack_status)
1676{
1677        struct command *cmd;
1678        struct strbuf buf = STRBUF_INIT;
1679
1680        packet_buf_write(&buf, "unpack %s\n",
1681                         unpack_status ? unpack_status : "ok");
1682        for (cmd = commands; cmd; cmd = cmd->next) {
1683                if (!cmd->error_string)
1684                        packet_buf_write(&buf, "ok %s\n",
1685                                         cmd->ref_name);
1686                else
1687                        packet_buf_write(&buf, "ng %s %s\n",
1688                                         cmd->ref_name, cmd->error_string);
1689        }
1690        packet_buf_flush(&buf);
1691
1692        if (use_sideband)
1693                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1694        else
1695                write_or_die(1, buf.buf, buf.len);
1696        strbuf_release(&buf);
1697}
1698
1699static int delete_only(struct command *commands)
1700{
1701        struct command *cmd;
1702        for (cmd = commands; cmd; cmd = cmd->next) {
1703                if (!is_null_sha1(cmd->new_sha1))
1704                        return 0;
1705        }
1706        return 1;
1707}
1708
1709int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1710{
1711        int advertise_refs = 0;
1712        struct command *commands;
1713        struct sha1_array shallow = SHA1_ARRAY_INIT;
1714        struct sha1_array ref = SHA1_ARRAY_INIT;
1715        struct shallow_info si;
1716
1717        struct option options[] = {
1718                OPT__QUIET(&quiet, N_("quiet")),
1719                OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1720                OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1721                OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1722                OPT_END()
1723        };
1724
1725        packet_trace_identity("receive-pack");
1726
1727        argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1728
1729        if (argc > 1)
1730                usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1731        if (argc == 0)
1732                usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1733
1734        service_dir = argv[0];
1735
1736        setup_path();
1737
1738        if (!enter_repo(service_dir, 0))
1739                die("'%s' does not appear to be a git repository", service_dir);
1740
1741        git_config(receive_pack_config, NULL);
1742        if (cert_nonce_seed)
1743                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1744
1745        if (0 <= transfer_unpack_limit)
1746                unpack_limit = transfer_unpack_limit;
1747        else if (0 <= receive_unpack_limit)
1748                unpack_limit = receive_unpack_limit;
1749
1750        if (advertise_refs || !stateless_rpc) {
1751                write_head_info();
1752        }
1753        if (advertise_refs)
1754                return 0;
1755
1756        if ((commands = read_head_info(&shallow)) != NULL) {
1757                const char *unpack_status = NULL;
1758
1759                prepare_shallow_info(&si, &shallow);
1760                if (!si.nr_ours && !si.nr_theirs)
1761                        shallow_update = 0;
1762                if (!delete_only(commands)) {
1763                        unpack_status = unpack_with_sideband(&si);
1764                        update_shallow_info(commands, &si, &ref);
1765                }
1766                execute_commands(commands, unpack_status, &si);
1767                if (pack_lockfile)
1768                        unlink_or_warn(pack_lockfile);
1769                if (report_status)
1770                        report(commands, unpack_status);
1771                run_receive_hook(commands, "post-receive", 1);
1772                run_update_post_hook(commands);
1773                if (auto_gc) {
1774                        const char *argv_gc_auto[] = {
1775                                "gc", "--auto", "--quiet", NULL,
1776                        };
1777                        struct child_process proc = CHILD_PROCESS_INIT;
1778
1779                        proc.no_stdin = 1;
1780                        proc.stdout_to_stderr = 1;
1781                        proc.err = use_sideband ? -1 : 0;
1782                        proc.git_cmd = 1;
1783                        proc.argv = argv_gc_auto;
1784
1785                        close_all_packs();
1786                        if (!start_command(&proc)) {
1787                                if (use_sideband)
1788                                        copy_to_sideband(proc.err, -1, NULL);
1789                                finish_command(&proc);
1790                        }
1791                }
1792                if (auto_update_server_info)
1793                        update_server_info(0);
1794                clear_shallow_info(&si);
1795        }
1796        if (use_sideband)
1797                packet_flush(1);
1798        sha1_array_clear(&shallow);
1799        sha1_array_clear(&ref);
1800        free((void *)push_cert_nonce);
1801        return 0;
1802}