builtin / receive-pack.con commit interdiff: teach show_interdiff() to indent interdiff (3b02641)
   1#include "builtin.h"
   2#include "repository.h"
   3#include "config.h"
   4#include "lockfile.h"
   5#include "pack.h"
   6#include "refs.h"
   7#include "pkt-line.h"
   8#include "sideband.h"
   9#include "run-command.h"
  10#include "exec-cmd.h"
  11#include "commit.h"
  12#include "object.h"
  13#include "remote.h"
  14#include "connect.h"
  15#include "transport.h"
  16#include "string-list.h"
  17#include "sha1-array.h"
  18#include "connected.h"
  19#include "argv-array.h"
  20#include "version.h"
  21#include "tag.h"
  22#include "gpg-interface.h"
  23#include "sigchain.h"
  24#include "fsck.h"
  25#include "tmp-objdir.h"
  26#include "oidset.h"
  27#include "packfile.h"
  28#include "object-store.h"
  29#include "protocol.h"
  30
  31static const char * const receive_pack_usage[] = {
  32        N_("git receive-pack <git-dir>"),
  33        NULL
  34};
  35
  36enum deny_action {
  37        DENY_UNCONFIGURED,
  38        DENY_IGNORE,
  39        DENY_WARN,
  40        DENY_REFUSE,
  41        DENY_UPDATE_INSTEAD
  42};
  43
  44static int deny_deletes;
  45static int deny_non_fast_forwards;
  46static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  47static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  48static int receive_fsck_objects = -1;
  49static int transfer_fsck_objects = -1;
  50static struct strbuf fsck_msg_types = STRBUF_INIT;
  51static int receive_unpack_limit = -1;
  52static int transfer_unpack_limit = -1;
  53static int advertise_atomic_push = 1;
  54static int advertise_push_options;
  55static int unpack_limit = 100;
  56static off_t max_input_size;
  57static int report_status;
  58static int use_sideband;
  59static int use_atomic;
  60static int use_push_options;
  61static int quiet;
  62static int prefer_ofs_delta = 1;
  63static int auto_update_server_info;
  64static int auto_gc = 1;
  65static int reject_thin;
  66static int stateless_rpc;
  67static const char *service_dir;
  68static const char *head_name;
  69static void *head_name_to_free;
  70static int sent_capabilities;
  71static int shallow_update;
  72static const char *alt_shallow_file;
  73static struct strbuf push_cert = STRBUF_INIT;
  74static struct object_id push_cert_oid;
  75static struct signature_check sigcheck;
  76static const char *push_cert_nonce;
  77static const char *cert_nonce_seed;
  78
  79static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  80static const char *NONCE_BAD = "BAD";
  81static const char *NONCE_MISSING = "MISSING";
  82static const char *NONCE_OK = "OK";
  83static const char *NONCE_SLOP = "SLOP";
  84static const char *nonce_status;
  85static long nonce_stamp_slop;
  86static timestamp_t nonce_stamp_slop_limit;
  87static struct ref_transaction *transaction;
  88
  89static enum {
  90        KEEPALIVE_NEVER = 0,
  91        KEEPALIVE_AFTER_NUL,
  92        KEEPALIVE_ALWAYS
  93} use_keepalive;
  94static int keepalive_in_sec = 5;
  95
  96static struct tmp_objdir *tmp_objdir;
  97
  98static enum deny_action parse_deny_action(const char *var, const char *value)
  99{
 100        if (value) {
 101                if (!strcasecmp(value, "ignore"))
 102                        return DENY_IGNORE;
 103                if (!strcasecmp(value, "warn"))
 104                        return DENY_WARN;
 105                if (!strcasecmp(value, "refuse"))
 106                        return DENY_REFUSE;
 107                if (!strcasecmp(value, "updateinstead"))
 108                        return DENY_UPDATE_INSTEAD;
 109        }
 110        if (git_config_bool(var, value))
 111                return DENY_REFUSE;
 112        return DENY_IGNORE;
 113}
 114
 115static int receive_pack_config(const char *var, const char *value, void *cb)
 116{
 117        int status = parse_hide_refs_config(var, value, "receive");
 118
 119        if (status)
 120                return status;
 121
 122        if (strcmp(var, "receive.denydeletes") == 0) {
 123                deny_deletes = git_config_bool(var, value);
 124                return 0;
 125        }
 126
 127        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 128                deny_non_fast_forwards = git_config_bool(var, value);
 129                return 0;
 130        }
 131
 132        if (strcmp(var, "receive.unpacklimit") == 0) {
 133                receive_unpack_limit = git_config_int(var, value);
 134                return 0;
 135        }
 136
 137        if (strcmp(var, "transfer.unpacklimit") == 0) {
 138                transfer_unpack_limit = git_config_int(var, value);
 139                return 0;
 140        }
 141
 142        if (strcmp(var, "receive.fsck.skiplist") == 0) {
 143                const char *path;
 144
 145                if (git_config_pathname(&path, var, value))
 146                        return 1;
 147                strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
 148                        fsck_msg_types.len ? ',' : '=', path);
 149                free((char *)path);
 150                return 0;
 151        }
 152
 153        if (skip_prefix(var, "receive.fsck.", &var)) {
 154                if (is_valid_msg_type(var, value))
 155                        strbuf_addf(&fsck_msg_types, "%c%s=%s",
 156                                fsck_msg_types.len ? ',' : '=', var, value);
 157                else
 158                        warning("Skipping unknown msg id '%s'", var);
 159                return 0;
 160        }
 161
 162        if (strcmp(var, "receive.fsckobjects") == 0) {
 163                receive_fsck_objects = git_config_bool(var, value);
 164                return 0;
 165        }
 166
 167        if (strcmp(var, "transfer.fsckobjects") == 0) {
 168                transfer_fsck_objects = git_config_bool(var, value);
 169                return 0;
 170        }
 171
 172        if (!strcmp(var, "receive.denycurrentbranch")) {
 173                deny_current_branch = parse_deny_action(var, value);
 174                return 0;
 175        }
 176
 177        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 178                deny_delete_current = parse_deny_action(var, value);
 179                return 0;
 180        }
 181
 182        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 183                prefer_ofs_delta = git_config_bool(var, value);
 184                return 0;
 185        }
 186
 187        if (strcmp(var, "receive.updateserverinfo") == 0) {
 188                auto_update_server_info = git_config_bool(var, value);
 189                return 0;
 190        }
 191
 192        if (strcmp(var, "receive.autogc") == 0) {
 193                auto_gc = git_config_bool(var, value);
 194                return 0;
 195        }
 196
 197        if (strcmp(var, "receive.shallowupdate") == 0) {
 198                shallow_update = git_config_bool(var, value);
 199                return 0;
 200        }
 201
 202        if (strcmp(var, "receive.certnonceseed") == 0)
 203                return git_config_string(&cert_nonce_seed, var, value);
 204
 205        if (strcmp(var, "receive.certnonceslop") == 0) {
 206                nonce_stamp_slop_limit = git_config_ulong(var, value);
 207                return 0;
 208        }
 209
 210        if (strcmp(var, "receive.advertiseatomic") == 0) {
 211                advertise_atomic_push = git_config_bool(var, value);
 212                return 0;
 213        }
 214
 215        if (strcmp(var, "receive.advertisepushoptions") == 0) {
 216                advertise_push_options = git_config_bool(var, value);
 217                return 0;
 218        }
 219
 220        if (strcmp(var, "receive.keepalive") == 0) {
 221                keepalive_in_sec = git_config_int(var, value);
 222                return 0;
 223        }
 224
 225        if (strcmp(var, "receive.maxinputsize") == 0) {
 226                max_input_size = git_config_int64(var, value);
 227                return 0;
 228        }
 229
 230        return git_default_config(var, value, cb);
 231}
 232
 233static void show_ref(const char *path, const struct object_id *oid)
 234{
 235        if (sent_capabilities) {
 236                packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
 237        } else {
 238                struct strbuf cap = STRBUF_INIT;
 239
 240                strbuf_addstr(&cap,
 241                              "report-status delete-refs side-band-64k quiet");
 242                if (advertise_atomic_push)
 243                        strbuf_addstr(&cap, " atomic");
 244                if (prefer_ofs_delta)
 245                        strbuf_addstr(&cap, " ofs-delta");
 246                if (push_cert_nonce)
 247                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 248                if (advertise_push_options)
 249                        strbuf_addstr(&cap, " push-options");
 250                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 251                packet_write_fmt(1, "%s %s%c%s\n",
 252                             oid_to_hex(oid), path, 0, cap.buf);
 253                strbuf_release(&cap);
 254                sent_capabilities = 1;
 255        }
 256}
 257
 258static int show_ref_cb(const char *path_full, const struct object_id *oid,
 259                       int flag, void *data)
 260{
 261        struct oidset *seen = data;
 262        const char *path = strip_namespace(path_full);
 263
 264        if (ref_is_hidden(path, path_full))
 265                return 0;
 266
 267        /*
 268         * Advertise refs outside our current namespace as ".have"
 269         * refs, so that the client can use them to minimize data
 270         * transfer but will otherwise ignore them.
 271         */
 272        if (!path) {
 273                if (oidset_insert(seen, oid))
 274                        return 0;
 275                path = ".have";
 276        } else {
 277                oidset_insert(seen, oid);
 278        }
 279        show_ref(path, oid);
 280        return 0;
 281}
 282
 283static void show_one_alternate_ref(const char *refname,
 284                                   const struct object_id *oid,
 285                                   void *data)
 286{
 287        struct oidset *seen = data;
 288
 289        if (oidset_insert(seen, oid))
 290                return;
 291
 292        show_ref(".have", oid);
 293}
 294
 295static void write_head_info(void)
 296{
 297        static struct oidset seen = OIDSET_INIT;
 298
 299        for_each_ref(show_ref_cb, &seen);
 300        for_each_alternate_ref(show_one_alternate_ref, &seen);
 301        oidset_clear(&seen);
 302        if (!sent_capabilities)
 303                show_ref("capabilities^{}", &null_oid);
 304
 305        advertise_shallow_grafts(1);
 306
 307        /* EOF */
 308        packet_flush(1);
 309}
 310
 311struct command {
 312        struct command *next;
 313        const char *error_string;
 314        unsigned int skip_update:1,
 315                     did_not_exist:1;
 316        int index;
 317        struct object_id old_oid;
 318        struct object_id new_oid;
 319        char ref_name[FLEX_ARRAY]; /* more */
 320};
 321
 322static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 323static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 324
 325static void report_message(const char *prefix, const char *err, va_list params)
 326{
 327        int sz;
 328        char msg[4096];
 329
 330        sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
 331        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 332        if (sz > (sizeof(msg) - 1))
 333                sz = sizeof(msg) - 1;
 334        msg[sz++] = '\n';
 335
 336        if (use_sideband)
 337                send_sideband(1, 2, msg, sz, use_sideband);
 338        else
 339                xwrite(2, msg, sz);
 340}
 341
 342static void rp_warning(const char *err, ...)
 343{
 344        va_list params;
 345        va_start(params, err);
 346        report_message("warning: ", err, params);
 347        va_end(params);
 348}
 349
 350static void rp_error(const char *err, ...)
 351{
 352        va_list params;
 353        va_start(params, err);
 354        report_message("error: ", err, params);
 355        va_end(params);
 356}
 357
 358static int copy_to_sideband(int in, int out, void *arg)
 359{
 360        char data[128];
 361        int keepalive_active = 0;
 362
 363        if (keepalive_in_sec <= 0)
 364                use_keepalive = KEEPALIVE_NEVER;
 365        if (use_keepalive == KEEPALIVE_ALWAYS)
 366                keepalive_active = 1;
 367
 368        while (1) {
 369                ssize_t sz;
 370
 371                if (keepalive_active) {
 372                        struct pollfd pfd;
 373                        int ret;
 374
 375                        pfd.fd = in;
 376                        pfd.events = POLLIN;
 377                        ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
 378
 379                        if (ret < 0) {
 380                                if (errno == EINTR)
 381                                        continue;
 382                                else
 383                                        break;
 384                        } else if (ret == 0) {
 385                                /* no data; send a keepalive packet */
 386                                static const char buf[] = "0005\1";
 387                                write_or_die(1, buf, sizeof(buf) - 1);
 388                                continue;
 389                        } /* else there is actual data to read */
 390                }
 391
 392                sz = xread(in, data, sizeof(data));
 393                if (sz <= 0)
 394                        break;
 395
 396                if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
 397                        const char *p = memchr(data, '\0', sz);
 398                        if (p) {
 399                                /*
 400                                 * The NUL tells us to start sending keepalives. Make
 401                                 * sure we send any other data we read along
 402                                 * with it.
 403                                 */
 404                                keepalive_active = 1;
 405                                send_sideband(1, 2, data, p - data, use_sideband);
 406                                send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
 407                                continue;
 408                        }
 409                }
 410
 411                /*
 412                 * Either we're not looking for a NUL signal, or we didn't see
 413                 * it yet; just pass along the data.
 414                 */
 415                send_sideband(1, 2, data, sz, use_sideband);
 416        }
 417        close(in);
 418        return 0;
 419}
 420
 421#define HMAC_BLOCK_SIZE 64
 422
 423static void hmac_sha1(unsigned char *out,
 424                      const char *key_in, size_t key_len,
 425                      const char *text, size_t text_len)
 426{
 427        unsigned char key[HMAC_BLOCK_SIZE];
 428        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 429        unsigned char k_opad[HMAC_BLOCK_SIZE];
 430        int i;
 431        git_SHA_CTX ctx;
 432
 433        /* RFC 2104 2. (1) */
 434        memset(key, '\0', HMAC_BLOCK_SIZE);
 435        if (HMAC_BLOCK_SIZE < key_len) {
 436                git_SHA1_Init(&ctx);
 437                git_SHA1_Update(&ctx, key_in, key_len);
 438                git_SHA1_Final(key, &ctx);
 439        } else {
 440                memcpy(key, key_in, key_len);
 441        }
 442
 443        /* RFC 2104 2. (2) & (5) */
 444        for (i = 0; i < sizeof(key); i++) {
 445                k_ipad[i] = key[i] ^ 0x36;
 446                k_opad[i] = key[i] ^ 0x5c;
 447        }
 448
 449        /* RFC 2104 2. (3) & (4) */
 450        git_SHA1_Init(&ctx);
 451        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 452        git_SHA1_Update(&ctx, text, text_len);
 453        git_SHA1_Final(out, &ctx);
 454
 455        /* RFC 2104 2. (6) & (7) */
 456        git_SHA1_Init(&ctx);
 457        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 458        git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
 459        git_SHA1_Final(out, &ctx);
 460}
 461
 462static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
 463{
 464        struct strbuf buf = STRBUF_INIT;
 465        unsigned char sha1[GIT_SHA1_RAWSZ];
 466
 467        strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
 468        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 469        strbuf_release(&buf);
 470
 471        /* RFC 2104 5. HMAC-SHA1-80 */
 472        strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
 473        return strbuf_detach(&buf, NULL);
 474}
 475
 476/*
 477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 478 * after dropping "_commit" from its name and possibly moving it out
 479 * of commit.c
 480 */
 481static char *find_header(const char *msg, size_t len, const char *key,
 482                         const char **next_line)
 483{
 484        int key_len = strlen(key);
 485        const char *line = msg;
 486
 487        while (line && line < msg + len) {
 488                const char *eol = strchrnul(line, '\n');
 489
 490                if ((msg + len <= eol) || line == eol)
 491                        return NULL;
 492                if (line + key_len < eol &&
 493                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 494                        int offset = key_len + 1;
 495                        if (next_line)
 496                                *next_line = *eol ? eol + 1 : eol;
 497                        return xmemdupz(line + offset, (eol - line) - offset);
 498                }
 499                line = *eol ? eol + 1 : NULL;
 500        }
 501        return NULL;
 502}
 503
 504static const char *check_nonce(const char *buf, size_t len)
 505{
 506        char *nonce = find_header(buf, len, "nonce", NULL);
 507        timestamp_t stamp, ostamp;
 508        char *bohmac, *expect = NULL;
 509        const char *retval = NONCE_BAD;
 510
 511        if (!nonce) {
 512                retval = NONCE_MISSING;
 513                goto leave;
 514        } else if (!push_cert_nonce) {
 515                retval = NONCE_UNSOLICITED;
 516                goto leave;
 517        } else if (!strcmp(push_cert_nonce, nonce)) {
 518                retval = NONCE_OK;
 519                goto leave;
 520        }
 521
 522        if (!stateless_rpc) {
 523                /* returned nonce MUST match what we gave out earlier */
 524                retval = NONCE_BAD;
 525                goto leave;
 526        }
 527
 528        /*
 529         * In stateless mode, we may be receiving a nonce issued by
 530         * another instance of the server that serving the same
 531         * repository, and the timestamps may not match, but the
 532         * nonce-seed and dir should match, so we can recompute and
 533         * report the time slop.
 534         *
 535         * In addition, when a nonce issued by another instance has
 536         * timestamp within receive.certnonceslop seconds, we pretend
 537         * as if we issued that nonce when reporting to the hook.
 538         */
 539
 540        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 541        if (*nonce <= '0' || '9' < *nonce) {
 542                retval = NONCE_BAD;
 543                goto leave;
 544        }
 545        stamp = parse_timestamp(nonce, &bohmac, 10);
 546        if (bohmac == nonce || bohmac[0] != '-') {
 547                retval = NONCE_BAD;
 548                goto leave;
 549        }
 550
 551        expect = prepare_push_cert_nonce(service_dir, stamp);
 552        if (strcmp(expect, nonce)) {
 553                /* Not what we would have signed earlier */
 554                retval = NONCE_BAD;
 555                goto leave;
 556        }
 557
 558        /*
 559         * By how many seconds is this nonce stale?  Negative value
 560         * would mean it was issued by another server with its clock
 561         * skewed in the future.
 562         */
 563        ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
 564        nonce_stamp_slop = (long)ostamp - (long)stamp;
 565
 566        if (nonce_stamp_slop_limit &&
 567            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 568                /*
 569                 * Pretend as if the received nonce (which passes the
 570                 * HMAC check, so it is not a forged by third-party)
 571                 * is what we issued.
 572                 */
 573                free((void *)push_cert_nonce);
 574                push_cert_nonce = xstrdup(nonce);
 575                retval = NONCE_OK;
 576        } else {
 577                retval = NONCE_SLOP;
 578        }
 579
 580leave:
 581        free(nonce);
 582        free(expect);
 583        return retval;
 584}
 585
 586/*
 587 * Return 1 if there is no push_cert or if the push options in push_cert are
 588 * the same as those in the argument; 0 otherwise.
 589 */
 590static int check_cert_push_options(const struct string_list *push_options)
 591{
 592        const char *buf = push_cert.buf;
 593        int len = push_cert.len;
 594
 595        char *option;
 596        const char *next_line;
 597        int options_seen = 0;
 598
 599        int retval = 1;
 600
 601        if (!len)
 602                return 1;
 603
 604        while ((option = find_header(buf, len, "push-option", &next_line))) {
 605                len -= (next_line - buf);
 606                buf = next_line;
 607                options_seen++;
 608                if (options_seen > push_options->nr
 609                    || strcmp(option,
 610                              push_options->items[options_seen - 1].string)) {
 611                        retval = 0;
 612                        goto leave;
 613                }
 614                free(option);
 615        }
 616
 617        if (options_seen != push_options->nr)
 618                retval = 0;
 619
 620leave:
 621        free(option);
 622        return retval;
 623}
 624
 625static void prepare_push_cert_sha1(struct child_process *proc)
 626{
 627        static int already_done;
 628
 629        if (!push_cert.len)
 630                return;
 631
 632        if (!already_done) {
 633                struct strbuf gpg_output = STRBUF_INIT;
 634                struct strbuf gpg_status = STRBUF_INIT;
 635                int bogs /* beginning_of_gpg_sig */;
 636
 637                already_done = 1;
 638                if (write_object_file(push_cert.buf, push_cert.len, "blob",
 639                                      &push_cert_oid))
 640                        oidclr(&push_cert_oid);
 641
 642                memset(&sigcheck, '\0', sizeof(sigcheck));
 643                sigcheck.result = 'N';
 644
 645                bogs = parse_signature(push_cert.buf, push_cert.len);
 646                if (verify_signed_buffer(push_cert.buf, bogs,
 647                                         push_cert.buf + bogs, push_cert.len - bogs,
 648                                         &gpg_output, &gpg_status) < 0) {
 649                        ; /* error running gpg */
 650                } else {
 651                        sigcheck.payload = push_cert.buf;
 652                        sigcheck.gpg_output = gpg_output.buf;
 653                        sigcheck.gpg_status = gpg_status.buf;
 654                        parse_gpg_output(&sigcheck);
 655                }
 656
 657                strbuf_release(&gpg_output);
 658                strbuf_release(&gpg_status);
 659                nonce_status = check_nonce(push_cert.buf, bogs);
 660        }
 661        if (!is_null_oid(&push_cert_oid)) {
 662                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 663                                 oid_to_hex(&push_cert_oid));
 664                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 665                                 sigcheck.signer ? sigcheck.signer : "");
 666                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 667                                 sigcheck.key ? sigcheck.key : "");
 668                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 669                                 sigcheck.result);
 670                if (push_cert_nonce) {
 671                        argv_array_pushf(&proc->env_array,
 672                                         "GIT_PUSH_CERT_NONCE=%s",
 673                                         push_cert_nonce);
 674                        argv_array_pushf(&proc->env_array,
 675                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 676                                         nonce_status);
 677                        if (nonce_status == NONCE_SLOP)
 678                                argv_array_pushf(&proc->env_array,
 679                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 680                                                 nonce_stamp_slop);
 681                }
 682        }
 683}
 684
 685struct receive_hook_feed_state {
 686        struct command *cmd;
 687        int skip_broken;
 688        struct strbuf buf;
 689        const struct string_list *push_options;
 690};
 691
 692typedef int (*feed_fn)(void *, const char **, size_t *);
 693static int run_and_feed_hook(const char *hook_name, feed_fn feed,
 694                             struct receive_hook_feed_state *feed_state)
 695{
 696        struct child_process proc = CHILD_PROCESS_INIT;
 697        struct async muxer;
 698        const char *argv[2];
 699        int code;
 700
 701        argv[0] = find_hook(hook_name);
 702        if (!argv[0])
 703                return 0;
 704
 705        argv[1] = NULL;
 706
 707        proc.argv = argv;
 708        proc.in = -1;
 709        proc.stdout_to_stderr = 1;
 710        if (feed_state->push_options) {
 711                int i;
 712                for (i = 0; i < feed_state->push_options->nr; i++)
 713                        argv_array_pushf(&proc.env_array,
 714                                "GIT_PUSH_OPTION_%d=%s", i,
 715                                feed_state->push_options->items[i].string);
 716                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
 717                                 feed_state->push_options->nr);
 718        } else
 719                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
 720
 721        if (tmp_objdir)
 722                argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
 723
 724        if (use_sideband) {
 725                memset(&muxer, 0, sizeof(muxer));
 726                muxer.proc = copy_to_sideband;
 727                muxer.in = -1;
 728                code = start_async(&muxer);
 729                if (code)
 730                        return code;
 731                proc.err = muxer.in;
 732        }
 733
 734        prepare_push_cert_sha1(&proc);
 735
 736        code = start_command(&proc);
 737        if (code) {
 738                if (use_sideband)
 739                        finish_async(&muxer);
 740                return code;
 741        }
 742
 743        sigchain_push(SIGPIPE, SIG_IGN);
 744
 745        while (1) {
 746                const char *buf;
 747                size_t n;
 748                if (feed(feed_state, &buf, &n))
 749                        break;
 750                if (write_in_full(proc.in, buf, n) < 0)
 751                        break;
 752        }
 753        close(proc.in);
 754        if (use_sideband)
 755                finish_async(&muxer);
 756
 757        sigchain_pop(SIGPIPE);
 758
 759        return finish_command(&proc);
 760}
 761
 762static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 763{
 764        struct receive_hook_feed_state *state = state_;
 765        struct command *cmd = state->cmd;
 766
 767        while (cmd &&
 768               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 769                cmd = cmd->next;
 770        if (!cmd)
 771                return -1; /* EOF */
 772        strbuf_reset(&state->buf);
 773        strbuf_addf(&state->buf, "%s %s %s\n",
 774                    oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
 775                    cmd->ref_name);
 776        state->cmd = cmd->next;
 777        if (bufp) {
 778                *bufp = state->buf.buf;
 779                *sizep = state->buf.len;
 780        }
 781        return 0;
 782}
 783
 784static int run_receive_hook(struct command *commands,
 785                            const char *hook_name,
 786                            int skip_broken,
 787                            const struct string_list *push_options)
 788{
 789        struct receive_hook_feed_state state;
 790        int status;
 791
 792        strbuf_init(&state.buf, 0);
 793        state.cmd = commands;
 794        state.skip_broken = skip_broken;
 795        if (feed_receive_hook(&state, NULL, NULL))
 796                return 0;
 797        state.cmd = commands;
 798        state.push_options = push_options;
 799        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 800        strbuf_release(&state.buf);
 801        return status;
 802}
 803
 804static int run_update_hook(struct command *cmd)
 805{
 806        const char *argv[5];
 807        struct child_process proc = CHILD_PROCESS_INIT;
 808        int code;
 809
 810        argv[0] = find_hook("update");
 811        if (!argv[0])
 812                return 0;
 813
 814        argv[1] = cmd->ref_name;
 815        argv[2] = oid_to_hex(&cmd->old_oid);
 816        argv[3] = oid_to_hex(&cmd->new_oid);
 817        argv[4] = NULL;
 818
 819        proc.no_stdin = 1;
 820        proc.stdout_to_stderr = 1;
 821        proc.err = use_sideband ? -1 : 0;
 822        proc.argv = argv;
 823
 824        code = start_command(&proc);
 825        if (code)
 826                return code;
 827        if (use_sideband)
 828                copy_to_sideband(proc.err, -1, NULL);
 829        return finish_command(&proc);
 830}
 831
 832static int is_ref_checked_out(const char *ref)
 833{
 834        if (is_bare_repository())
 835                return 0;
 836
 837        if (!head_name)
 838                return 0;
 839        return !strcmp(head_name, ref);
 840}
 841
 842static char *refuse_unconfigured_deny_msg =
 843        N_("By default, updating the current branch in a non-bare repository\n"
 844           "is denied, because it will make the index and work tree inconsistent\n"
 845           "with what you pushed, and will require 'git reset --hard' to match\n"
 846           "the work tree to HEAD.\n"
 847           "\n"
 848           "You can set the 'receive.denyCurrentBranch' configuration variable\n"
 849           "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
 850           "its current branch; however, this is not recommended unless you\n"
 851           "arranged to update its work tree to match what you pushed in some\n"
 852           "other way.\n"
 853           "\n"
 854           "To squelch this message and still keep the default behaviour, set\n"
 855           "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
 856
 857static void refuse_unconfigured_deny(void)
 858{
 859        rp_error("%s", _(refuse_unconfigured_deny_msg));
 860}
 861
 862static char *refuse_unconfigured_deny_delete_current_msg =
 863        N_("By default, deleting the current branch is denied, because the next\n"
 864           "'git clone' won't result in any file checked out, causing confusion.\n"
 865           "\n"
 866           "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
 867           "'warn' or 'ignore' in the remote repository to allow deleting the\n"
 868           "current branch, with or without a warning message.\n"
 869           "\n"
 870           "To squelch this message, you can set it to 'refuse'.");
 871
 872static void refuse_unconfigured_deny_delete_current(void)
 873{
 874        rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
 875}
 876
 877static int command_singleton_iterator(void *cb_data, struct object_id *oid);
 878static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 879{
 880        struct lock_file shallow_lock = LOCK_INIT;
 881        struct oid_array extra = OID_ARRAY_INIT;
 882        struct check_connected_options opt = CHECK_CONNECTED_INIT;
 883        uint32_t mask = 1 << (cmd->index % 32);
 884        int i;
 885
 886        trace_printf_key(&trace_shallow,
 887                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 888        for (i = 0; i < si->shallow->nr; i++)
 889                if (si->used_shallow[i] &&
 890                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 891                    !delayed_reachability_test(si, i))
 892                        oid_array_append(&extra, &si->shallow->oid[i]);
 893
 894        opt.env = tmp_objdir_env(tmp_objdir);
 895        setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
 896        if (check_connected(command_singleton_iterator, cmd, &opt)) {
 897                rollback_lock_file(&shallow_lock);
 898                oid_array_clear(&extra);
 899                return -1;
 900        }
 901
 902        commit_lock_file(&shallow_lock);
 903
 904        /*
 905         * Make sure setup_alternate_shallow() for the next ref does
 906         * not lose these new roots..
 907         */
 908        for (i = 0; i < extra.nr; i++)
 909                register_shallow(the_repository, &extra.oid[i]);
 910
 911        si->shallow_ref[cmd->index] = 0;
 912        oid_array_clear(&extra);
 913        return 0;
 914}
 915
 916/*
 917 * NEEDSWORK: we should consolidate various implementions of "are we
 918 * on an unborn branch?" test into one, and make the unified one more
 919 * robust. !get_sha1() based check used here and elsewhere would not
 920 * allow us to tell an unborn branch from corrupt ref, for example.
 921 * For the purpose of fixing "deploy-to-update does not work when
 922 * pushing into an empty repository" issue, this should suffice for
 923 * now.
 924 */
 925static int head_has_history(void)
 926{
 927        struct object_id oid;
 928
 929        return !get_oid("HEAD", &oid);
 930}
 931
 932static const char *push_to_deploy(unsigned char *sha1,
 933                                  struct argv_array *env,
 934                                  const char *work_tree)
 935{
 936        const char *update_refresh[] = {
 937                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 938        };
 939        const char *diff_files[] = {
 940                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 941        };
 942        const char *diff_index[] = {
 943                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 944                NULL, "--", NULL
 945        };
 946        const char *read_tree[] = {
 947                "read-tree", "-u", "-m", NULL, NULL
 948        };
 949        struct child_process child = CHILD_PROCESS_INIT;
 950
 951        child.argv = update_refresh;
 952        child.env = env->argv;
 953        child.dir = work_tree;
 954        child.no_stdin = 1;
 955        child.stdout_to_stderr = 1;
 956        child.git_cmd = 1;
 957        if (run_command(&child))
 958                return "Up-to-date check failed";
 959
 960        /* run_command() does not clean up completely; reinitialize */
 961        child_process_init(&child);
 962        child.argv = diff_files;
 963        child.env = env->argv;
 964        child.dir = work_tree;
 965        child.no_stdin = 1;
 966        child.stdout_to_stderr = 1;
 967        child.git_cmd = 1;
 968        if (run_command(&child))
 969                return "Working directory has unstaged changes";
 970
 971        /* diff-index with either HEAD or an empty tree */
 972        diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
 973
 974        child_process_init(&child);
 975        child.argv = diff_index;
 976        child.env = env->argv;
 977        child.no_stdin = 1;
 978        child.no_stdout = 1;
 979        child.stdout_to_stderr = 0;
 980        child.git_cmd = 1;
 981        if (run_command(&child))
 982                return "Working directory has staged changes";
 983
 984        read_tree[3] = sha1_to_hex(sha1);
 985        child_process_init(&child);
 986        child.argv = read_tree;
 987        child.env = env->argv;
 988        child.dir = work_tree;
 989        child.no_stdin = 1;
 990        child.no_stdout = 1;
 991        child.stdout_to_stderr = 0;
 992        child.git_cmd = 1;
 993        if (run_command(&child))
 994                return "Could not update working tree to new HEAD";
 995
 996        return NULL;
 997}
 998
 999static const char *push_to_checkout_hook = "push-to-checkout";
1000
1001static const char *push_to_checkout(unsigned char *sha1,
1002                                    struct argv_array *env,
1003                                    const char *work_tree)
1004{
1005        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1006        if (run_hook_le(env->argv, push_to_checkout_hook,
1007                        sha1_to_hex(sha1), NULL))
1008                return "push-to-checkout hook declined";
1009        else
1010                return NULL;
1011}
1012
1013static const char *update_worktree(unsigned char *sha1)
1014{
1015        const char *retval;
1016        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1017        struct argv_array env = ARGV_ARRAY_INIT;
1018
1019        if (is_bare_repository())
1020                return "denyCurrentBranch = updateInstead needs a worktree";
1021
1022        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1023
1024        if (!find_hook(push_to_checkout_hook))
1025                retval = push_to_deploy(sha1, &env, work_tree);
1026        else
1027                retval = push_to_checkout(sha1, &env, work_tree);
1028
1029        argv_array_clear(&env);
1030        return retval;
1031}
1032
1033static const char *update(struct command *cmd, struct shallow_info *si)
1034{
1035        const char *name = cmd->ref_name;
1036        struct strbuf namespaced_name_buf = STRBUF_INIT;
1037        static char *namespaced_name;
1038        const char *ret;
1039        struct object_id *old_oid = &cmd->old_oid;
1040        struct object_id *new_oid = &cmd->new_oid;
1041
1042        /* only refs/... are allowed */
1043        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1044                rp_error("refusing to create funny ref '%s' remotely", name);
1045                return "funny refname";
1046        }
1047
1048        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1049        free(namespaced_name);
1050        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1051
1052        if (is_ref_checked_out(namespaced_name)) {
1053                switch (deny_current_branch) {
1054                case DENY_IGNORE:
1055                        break;
1056                case DENY_WARN:
1057                        rp_warning("updating the current branch");
1058                        break;
1059                case DENY_REFUSE:
1060                case DENY_UNCONFIGURED:
1061                        rp_error("refusing to update checked out branch: %s", name);
1062                        if (deny_current_branch == DENY_UNCONFIGURED)
1063                                refuse_unconfigured_deny();
1064                        return "branch is currently checked out";
1065                case DENY_UPDATE_INSTEAD:
1066                        ret = update_worktree(new_oid->hash);
1067                        if (ret)
1068                                return ret;
1069                        break;
1070                }
1071        }
1072
1073        if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1074                error("unpack should have generated %s, "
1075                      "but I can't find it!", oid_to_hex(new_oid));
1076                return "bad pack";
1077        }
1078
1079        if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1080                if (deny_deletes && starts_with(name, "refs/heads/")) {
1081                        rp_error("denying ref deletion for %s", name);
1082                        return "deletion prohibited";
1083                }
1084
1085                if (head_name && !strcmp(namespaced_name, head_name)) {
1086                        switch (deny_delete_current) {
1087                        case DENY_IGNORE:
1088                                break;
1089                        case DENY_WARN:
1090                                rp_warning("deleting the current branch");
1091                                break;
1092                        case DENY_REFUSE:
1093                        case DENY_UNCONFIGURED:
1094                        case DENY_UPDATE_INSTEAD:
1095                                if (deny_delete_current == DENY_UNCONFIGURED)
1096                                        refuse_unconfigured_deny_delete_current();
1097                                rp_error("refusing to delete the current branch: %s", name);
1098                                return "deletion of the current branch prohibited";
1099                        default:
1100                                return "Invalid denyDeleteCurrent setting";
1101                        }
1102                }
1103        }
1104
1105        if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1106            !is_null_oid(old_oid) &&
1107            starts_with(name, "refs/heads/")) {
1108                struct object *old_object, *new_object;
1109                struct commit *old_commit, *new_commit;
1110
1111                old_object = parse_object(old_oid);
1112                new_object = parse_object(new_oid);
1113
1114                if (!old_object || !new_object ||
1115                    old_object->type != OBJ_COMMIT ||
1116                    new_object->type != OBJ_COMMIT) {
1117                        error("bad sha1 objects for %s", name);
1118                        return "bad ref";
1119                }
1120                old_commit = (struct commit *)old_object;
1121                new_commit = (struct commit *)new_object;
1122                if (!in_merge_bases(old_commit, new_commit)) {
1123                        rp_error("denying non-fast-forward %s"
1124                                 " (you should pull first)", name);
1125                        return "non-fast-forward";
1126                }
1127        }
1128        if (run_update_hook(cmd)) {
1129                rp_error("hook declined to update %s", name);
1130                return "hook declined";
1131        }
1132
1133        if (is_null_oid(new_oid)) {
1134                struct strbuf err = STRBUF_INIT;
1135                if (!parse_object(old_oid)) {
1136                        old_oid = NULL;
1137                        if (ref_exists(name)) {
1138                                rp_warning("Allowing deletion of corrupt ref.");
1139                        } else {
1140                                rp_warning("Deleting a non-existent ref.");
1141                                cmd->did_not_exist = 1;
1142                        }
1143                }
1144                if (ref_transaction_delete(transaction,
1145                                           namespaced_name,
1146                                           old_oid,
1147                                           0, "push", &err)) {
1148                        rp_error("%s", err.buf);
1149                        strbuf_release(&err);
1150                        return "failed to delete";
1151                }
1152                strbuf_release(&err);
1153                return NULL; /* good */
1154        }
1155        else {
1156                struct strbuf err = STRBUF_INIT;
1157                if (shallow_update && si->shallow_ref[cmd->index] &&
1158                    update_shallow_ref(cmd, si))
1159                        return "shallow error";
1160
1161                if (ref_transaction_update(transaction,
1162                                           namespaced_name,
1163                                           new_oid, old_oid,
1164                                           0, "push",
1165                                           &err)) {
1166                        rp_error("%s", err.buf);
1167                        strbuf_release(&err);
1168
1169                        return "failed to update ref";
1170                }
1171                strbuf_release(&err);
1172
1173                return NULL; /* good */
1174        }
1175}
1176
1177static void run_update_post_hook(struct command *commands)
1178{
1179        struct command *cmd;
1180        struct child_process proc = CHILD_PROCESS_INIT;
1181        const char *hook;
1182
1183        hook = find_hook("post-update");
1184        if (!hook)
1185                return;
1186
1187        for (cmd = commands; cmd; cmd = cmd->next) {
1188                if (cmd->error_string || cmd->did_not_exist)
1189                        continue;
1190                if (!proc.args.argc)
1191                        argv_array_push(&proc.args, hook);
1192                argv_array_push(&proc.args, cmd->ref_name);
1193        }
1194        if (!proc.args.argc)
1195                return;
1196
1197        proc.no_stdin = 1;
1198        proc.stdout_to_stderr = 1;
1199        proc.err = use_sideband ? -1 : 0;
1200
1201        if (!start_command(&proc)) {
1202                if (use_sideband)
1203                        copy_to_sideband(proc.err, -1, NULL);
1204                finish_command(&proc);
1205        }
1206}
1207
1208static void check_aliased_update(struct command *cmd, struct string_list *list)
1209{
1210        struct strbuf buf = STRBUF_INIT;
1211        const char *dst_name;
1212        struct string_list_item *item;
1213        struct command *dst_cmd;
1214        int flag;
1215
1216        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1217        dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1218        strbuf_release(&buf);
1219
1220        if (!(flag & REF_ISSYMREF))
1221                return;
1222
1223        if (!dst_name) {
1224                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1225                cmd->skip_update = 1;
1226                cmd->error_string = "broken symref";
1227                return;
1228        }
1229        dst_name = strip_namespace(dst_name);
1230
1231        if ((item = string_list_lookup(list, dst_name)) == NULL)
1232                return;
1233
1234        cmd->skip_update = 1;
1235
1236        dst_cmd = (struct command *) item->util;
1237
1238        if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1239            !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1240                return;
1241
1242        dst_cmd->skip_update = 1;
1243
1244        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1245                 " its target '%s' (%s..%s)",
1246                 cmd->ref_name,
1247                 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1248                 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1249                 dst_cmd->ref_name,
1250                 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1251                 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1252
1253        cmd->error_string = dst_cmd->error_string =
1254                "inconsistent aliased update";
1255}
1256
1257static void check_aliased_updates(struct command *commands)
1258{
1259        struct command *cmd;
1260        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1261
1262        for (cmd = commands; cmd; cmd = cmd->next) {
1263                struct string_list_item *item =
1264                        string_list_append(&ref_list, cmd->ref_name);
1265                item->util = (void *)cmd;
1266        }
1267        string_list_sort(&ref_list);
1268
1269        for (cmd = commands; cmd; cmd = cmd->next) {
1270                if (!cmd->error_string)
1271                        check_aliased_update(cmd, &ref_list);
1272        }
1273
1274        string_list_clear(&ref_list, 0);
1275}
1276
1277static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1278{
1279        struct command **cmd_list = cb_data;
1280        struct command *cmd = *cmd_list;
1281
1282        if (!cmd || is_null_oid(&cmd->new_oid))
1283                return -1; /* end of list */
1284        *cmd_list = NULL; /* this returns only one */
1285        oidcpy(oid, &cmd->new_oid);
1286        return 0;
1287}
1288
1289static void set_connectivity_errors(struct command *commands,
1290                                    struct shallow_info *si)
1291{
1292        struct command *cmd;
1293
1294        for (cmd = commands; cmd; cmd = cmd->next) {
1295                struct command *singleton = cmd;
1296                struct check_connected_options opt = CHECK_CONNECTED_INIT;
1297
1298                if (shallow_update && si->shallow_ref[cmd->index])
1299                        /* to be checked in update_shallow_ref() */
1300                        continue;
1301
1302                opt.env = tmp_objdir_env(tmp_objdir);
1303                if (!check_connected(command_singleton_iterator, &singleton,
1304                                     &opt))
1305                        continue;
1306
1307                cmd->error_string = "missing necessary objects";
1308        }
1309}
1310
1311struct iterate_data {
1312        struct command *cmds;
1313        struct shallow_info *si;
1314};
1315
1316static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1317{
1318        struct iterate_data *data = cb_data;
1319        struct command **cmd_list = &data->cmds;
1320        struct command *cmd = *cmd_list;
1321
1322        for (; cmd; cmd = cmd->next) {
1323                if (shallow_update && data->si->shallow_ref[cmd->index])
1324                        /* to be checked in update_shallow_ref() */
1325                        continue;
1326                if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1327                        oidcpy(oid, &cmd->new_oid);
1328                        *cmd_list = cmd->next;
1329                        return 0;
1330                }
1331        }
1332        *cmd_list = NULL;
1333        return -1; /* end of list */
1334}
1335
1336static void reject_updates_to_hidden(struct command *commands)
1337{
1338        struct strbuf refname_full = STRBUF_INIT;
1339        size_t prefix_len;
1340        struct command *cmd;
1341
1342        strbuf_addstr(&refname_full, get_git_namespace());
1343        prefix_len = refname_full.len;
1344
1345        for (cmd = commands; cmd; cmd = cmd->next) {
1346                if (cmd->error_string)
1347                        continue;
1348
1349                strbuf_setlen(&refname_full, prefix_len);
1350                strbuf_addstr(&refname_full, cmd->ref_name);
1351
1352                if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1353                        continue;
1354                if (is_null_oid(&cmd->new_oid))
1355                        cmd->error_string = "deny deleting a hidden ref";
1356                else
1357                        cmd->error_string = "deny updating a hidden ref";
1358        }
1359
1360        strbuf_release(&refname_full);
1361}
1362
1363static int should_process_cmd(struct command *cmd)
1364{
1365        return !cmd->error_string && !cmd->skip_update;
1366}
1367
1368static void warn_if_skipped_connectivity_check(struct command *commands,
1369                                               struct shallow_info *si)
1370{
1371        struct command *cmd;
1372        int checked_connectivity = 1;
1373
1374        for (cmd = commands; cmd; cmd = cmd->next) {
1375                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1376                        error("BUG: connectivity check has not been run on ref %s",
1377                              cmd->ref_name);
1378                        checked_connectivity = 0;
1379                }
1380        }
1381        if (!checked_connectivity)
1382                BUG("connectivity check skipped???");
1383}
1384
1385static void execute_commands_non_atomic(struct command *commands,
1386                                        struct shallow_info *si)
1387{
1388        struct command *cmd;
1389        struct strbuf err = STRBUF_INIT;
1390
1391        for (cmd = commands; cmd; cmd = cmd->next) {
1392                if (!should_process_cmd(cmd))
1393                        continue;
1394
1395                transaction = ref_transaction_begin(&err);
1396                if (!transaction) {
1397                        rp_error("%s", err.buf);
1398                        strbuf_reset(&err);
1399                        cmd->error_string = "transaction failed to start";
1400                        continue;
1401                }
1402
1403                cmd->error_string = update(cmd, si);
1404
1405                if (!cmd->error_string
1406                    && ref_transaction_commit(transaction, &err)) {
1407                        rp_error("%s", err.buf);
1408                        strbuf_reset(&err);
1409                        cmd->error_string = "failed to update ref";
1410                }
1411                ref_transaction_free(transaction);
1412        }
1413        strbuf_release(&err);
1414}
1415
1416static void execute_commands_atomic(struct command *commands,
1417                                        struct shallow_info *si)
1418{
1419        struct command *cmd;
1420        struct strbuf err = STRBUF_INIT;
1421        const char *reported_error = "atomic push failure";
1422
1423        transaction = ref_transaction_begin(&err);
1424        if (!transaction) {
1425                rp_error("%s", err.buf);
1426                strbuf_reset(&err);
1427                reported_error = "transaction failed to start";
1428                goto failure;
1429        }
1430
1431        for (cmd = commands; cmd; cmd = cmd->next) {
1432                if (!should_process_cmd(cmd))
1433                        continue;
1434
1435                cmd->error_string = update(cmd, si);
1436
1437                if (cmd->error_string)
1438                        goto failure;
1439        }
1440
1441        if (ref_transaction_commit(transaction, &err)) {
1442                rp_error("%s", err.buf);
1443                reported_error = "atomic transaction failed";
1444                goto failure;
1445        }
1446        goto cleanup;
1447
1448failure:
1449        for (cmd = commands; cmd; cmd = cmd->next)
1450                if (!cmd->error_string)
1451                        cmd->error_string = reported_error;
1452
1453cleanup:
1454        ref_transaction_free(transaction);
1455        strbuf_release(&err);
1456}
1457
1458static void execute_commands(struct command *commands,
1459                             const char *unpacker_error,
1460                             struct shallow_info *si,
1461                             const struct string_list *push_options)
1462{
1463        struct check_connected_options opt = CHECK_CONNECTED_INIT;
1464        struct command *cmd;
1465        struct iterate_data data;
1466        struct async muxer;
1467        int err_fd = 0;
1468
1469        if (unpacker_error) {
1470                for (cmd = commands; cmd; cmd = cmd->next)
1471                        cmd->error_string = "unpacker error";
1472                return;
1473        }
1474
1475        if (use_sideband) {
1476                memset(&muxer, 0, sizeof(muxer));
1477                muxer.proc = copy_to_sideband;
1478                muxer.in = -1;
1479                if (!start_async(&muxer))
1480                        err_fd = muxer.in;
1481                /* ...else, continue without relaying sideband */
1482        }
1483
1484        data.cmds = commands;
1485        data.si = si;
1486        opt.err_fd = err_fd;
1487        opt.progress = err_fd && !quiet;
1488        opt.env = tmp_objdir_env(tmp_objdir);
1489        if (check_connected(iterate_receive_command_list, &data, &opt))
1490                set_connectivity_errors(commands, si);
1491
1492        if (use_sideband)
1493                finish_async(&muxer);
1494
1495        reject_updates_to_hidden(commands);
1496
1497        if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1498                for (cmd = commands; cmd; cmd = cmd->next) {
1499                        if (!cmd->error_string)
1500                                cmd->error_string = "pre-receive hook declined";
1501                }
1502                return;
1503        }
1504
1505        /*
1506         * Now we'll start writing out refs, which means the objects need
1507         * to be in their final positions so that other processes can see them.
1508         */
1509        if (tmp_objdir_migrate(tmp_objdir) < 0) {
1510                for (cmd = commands; cmd; cmd = cmd->next) {
1511                        if (!cmd->error_string)
1512                                cmd->error_string = "unable to migrate objects to permanent storage";
1513                }
1514                return;
1515        }
1516        tmp_objdir = NULL;
1517
1518        check_aliased_updates(commands);
1519
1520        free(head_name_to_free);
1521        head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1522
1523        if (use_atomic)
1524                execute_commands_atomic(commands, si);
1525        else
1526                execute_commands_non_atomic(commands, si);
1527
1528        if (shallow_update)
1529                warn_if_skipped_connectivity_check(commands, si);
1530}
1531
1532static struct command **queue_command(struct command **tail,
1533                                      const char *line,
1534                                      int linelen)
1535{
1536        struct object_id old_oid, new_oid;
1537        struct command *cmd;
1538        const char *refname;
1539        int reflen;
1540        const char *p;
1541
1542        if (parse_oid_hex(line, &old_oid, &p) ||
1543            *p++ != ' ' ||
1544            parse_oid_hex(p, &new_oid, &p) ||
1545            *p++ != ' ')
1546                die("protocol error: expected old/new/ref, got '%s'", line);
1547
1548        refname = p;
1549        reflen = linelen - (p - line);
1550        FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1551        oidcpy(&cmd->old_oid, &old_oid);
1552        oidcpy(&cmd->new_oid, &new_oid);
1553        *tail = cmd;
1554        return &cmd->next;
1555}
1556
1557static void queue_commands_from_cert(struct command **tail,
1558                                     struct strbuf *push_cert)
1559{
1560        const char *boc, *eoc;
1561
1562        if (*tail)
1563                die("protocol error: got both push certificate and unsigned commands");
1564
1565        boc = strstr(push_cert->buf, "\n\n");
1566        if (!boc)
1567                die("malformed push certificate %.*s", 100, push_cert->buf);
1568        else
1569                boc += 2;
1570        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1571
1572        while (boc < eoc) {
1573                const char *eol = memchr(boc, '\n', eoc - boc);
1574                tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1575                boc = eol ? eol + 1 : eoc;
1576        }
1577}
1578
1579static struct command *read_head_info(struct oid_array *shallow)
1580{
1581        struct command *commands = NULL;
1582        struct command **p = &commands;
1583        for (;;) {
1584                char *line;
1585                int len, linelen;
1586
1587                line = packet_read_line(0, &len);
1588                if (!line)
1589                        break;
1590
1591                if (len > 8 && starts_with(line, "shallow ")) {
1592                        struct object_id oid;
1593                        if (get_oid_hex(line + 8, &oid))
1594                                die("protocol error: expected shallow sha, got '%s'",
1595                                    line + 8);
1596                        oid_array_append(shallow, &oid);
1597                        continue;
1598                }
1599
1600                linelen = strlen(line);
1601                if (linelen < len) {
1602                        const char *feature_list = line + linelen + 1;
1603                        if (parse_feature_request(feature_list, "report-status"))
1604                                report_status = 1;
1605                        if (parse_feature_request(feature_list, "side-band-64k"))
1606                                use_sideband = LARGE_PACKET_MAX;
1607                        if (parse_feature_request(feature_list, "quiet"))
1608                                quiet = 1;
1609                        if (advertise_atomic_push
1610                            && parse_feature_request(feature_list, "atomic"))
1611                                use_atomic = 1;
1612                        if (advertise_push_options
1613                            && parse_feature_request(feature_list, "push-options"))
1614                                use_push_options = 1;
1615                }
1616
1617                if (!strcmp(line, "push-cert")) {
1618                        int true_flush = 0;
1619                        char certbuf[1024];
1620
1621                        for (;;) {
1622                                len = packet_read(0, NULL, NULL,
1623                                                  certbuf, sizeof(certbuf), 0);
1624                                if (!len) {
1625                                        true_flush = 1;
1626                                        break;
1627                                }
1628                                if (!strcmp(certbuf, "push-cert-end\n"))
1629                                        break; /* end of cert */
1630                                strbuf_addstr(&push_cert, certbuf);
1631                        }
1632
1633                        if (true_flush)
1634                                break;
1635                        continue;
1636                }
1637
1638                p = queue_command(p, line, linelen);
1639        }
1640
1641        if (push_cert.len)
1642                queue_commands_from_cert(p, &push_cert);
1643
1644        return commands;
1645}
1646
1647static void read_push_options(struct string_list *options)
1648{
1649        while (1) {
1650                char *line;
1651                int len;
1652
1653                line = packet_read_line(0, &len);
1654
1655                if (!line)
1656                        break;
1657
1658                string_list_append(options, line);
1659        }
1660}
1661
1662static const char *parse_pack_header(struct pack_header *hdr)
1663{
1664        switch (read_pack_header(0, hdr)) {
1665        case PH_ERROR_EOF:
1666                return "eof before pack header was fully read";
1667
1668        case PH_ERROR_PACK_SIGNATURE:
1669                return "protocol error (pack signature mismatch detected)";
1670
1671        case PH_ERROR_PROTOCOL:
1672                return "protocol error (pack version unsupported)";
1673
1674        default:
1675                return "unknown error in parse_pack_header";
1676
1677        case 0:
1678                return NULL;
1679        }
1680}
1681
1682static const char *pack_lockfile;
1683
1684static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1685{
1686        argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1687                        ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1688}
1689
1690static const char *unpack(int err_fd, struct shallow_info *si)
1691{
1692        struct pack_header hdr;
1693        const char *hdr_err;
1694        int status;
1695        struct child_process child = CHILD_PROCESS_INIT;
1696        int fsck_objects = (receive_fsck_objects >= 0
1697                            ? receive_fsck_objects
1698                            : transfer_fsck_objects >= 0
1699                            ? transfer_fsck_objects
1700                            : 0);
1701
1702        hdr_err = parse_pack_header(&hdr);
1703        if (hdr_err) {
1704                if (err_fd > 0)
1705                        close(err_fd);
1706                return hdr_err;
1707        }
1708
1709        if (si->nr_ours || si->nr_theirs) {
1710                alt_shallow_file = setup_temporary_shallow(si->shallow);
1711                argv_array_push(&child.args, "--shallow-file");
1712                argv_array_push(&child.args, alt_shallow_file);
1713        }
1714
1715        tmp_objdir = tmp_objdir_create();
1716        if (!tmp_objdir) {
1717                if (err_fd > 0)
1718                        close(err_fd);
1719                return "unable to create temporary object directory";
1720        }
1721        child.env = tmp_objdir_env(tmp_objdir);
1722
1723        /*
1724         * Normally we just pass the tmp_objdir environment to the child
1725         * processes that do the heavy lifting, but we may need to see these
1726         * objects ourselves to set up shallow information.
1727         */
1728        tmp_objdir_add_as_alternate(tmp_objdir);
1729
1730        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1731                argv_array_push(&child.args, "unpack-objects");
1732                push_header_arg(&child.args, &hdr);
1733                if (quiet)
1734                        argv_array_push(&child.args, "-q");
1735                if (fsck_objects)
1736                        argv_array_pushf(&child.args, "--strict%s",
1737                                fsck_msg_types.buf);
1738                if (max_input_size)
1739                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1740                                (uintmax_t)max_input_size);
1741                child.no_stdout = 1;
1742                child.err = err_fd;
1743                child.git_cmd = 1;
1744                status = run_command(&child);
1745                if (status)
1746                        return "unpack-objects abnormal exit";
1747        } else {
1748                char hostname[HOST_NAME_MAX + 1];
1749
1750                argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1751                push_header_arg(&child.args, &hdr);
1752
1753                if (xgethostname(hostname, sizeof(hostname)))
1754                        xsnprintf(hostname, sizeof(hostname), "localhost");
1755                argv_array_pushf(&child.args,
1756                                 "--keep=receive-pack %"PRIuMAX" on %s",
1757                                 (uintmax_t)getpid(),
1758                                 hostname);
1759
1760                if (!quiet && err_fd)
1761                        argv_array_push(&child.args, "--show-resolving-progress");
1762                if (use_sideband)
1763                        argv_array_push(&child.args, "--report-end-of-input");
1764                if (fsck_objects)
1765                        argv_array_pushf(&child.args, "--strict%s",
1766                                fsck_msg_types.buf);
1767                if (!reject_thin)
1768                        argv_array_push(&child.args, "--fix-thin");
1769                if (max_input_size)
1770                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1771                                (uintmax_t)max_input_size);
1772                child.out = -1;
1773                child.err = err_fd;
1774                child.git_cmd = 1;
1775                status = start_command(&child);
1776                if (status)
1777                        return "index-pack fork failed";
1778                pack_lockfile = index_pack_lockfile(child.out);
1779                close(child.out);
1780                status = finish_command(&child);
1781                if (status)
1782                        return "index-pack abnormal exit";
1783                reprepare_packed_git(the_repository);
1784        }
1785        return NULL;
1786}
1787
1788static const char *unpack_with_sideband(struct shallow_info *si)
1789{
1790        struct async muxer;
1791        const char *ret;
1792
1793        if (!use_sideband)
1794                return unpack(0, si);
1795
1796        use_keepalive = KEEPALIVE_AFTER_NUL;
1797        memset(&muxer, 0, sizeof(muxer));
1798        muxer.proc = copy_to_sideband;
1799        muxer.in = -1;
1800        if (start_async(&muxer))
1801                return NULL;
1802
1803        ret = unpack(muxer.in, si);
1804
1805        finish_async(&muxer);
1806        return ret;
1807}
1808
1809static void prepare_shallow_update(struct command *commands,
1810                                   struct shallow_info *si)
1811{
1812        int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1813
1814        ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1815        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1816
1817        si->need_reachability_test =
1818                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1819        si->reachable =
1820                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1821        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1822
1823        for (i = 0; i < si->nr_ours; i++)
1824                si->need_reachability_test[si->ours[i]] = 1;
1825
1826        for (i = 0; i < si->shallow->nr; i++) {
1827                if (!si->used_shallow[i])
1828                        continue;
1829                for (j = 0; j < bitmap_size; j++) {
1830                        if (!si->used_shallow[i][j])
1831                                continue;
1832                        si->need_reachability_test[i]++;
1833                        for (k = 0; k < 32; k++)
1834                                if (si->used_shallow[i][j] & (1U << k))
1835                                        si->shallow_ref[j * 32 + k]++;
1836                }
1837
1838                /*
1839                 * true for those associated with some refs and belong
1840                 * in "ours" list aka "step 7 not done yet"
1841                 */
1842                si->need_reachability_test[i] =
1843                        si->need_reachability_test[i] > 1;
1844        }
1845
1846        /*
1847         * keep hooks happy by forcing a temporary shallow file via
1848         * env variable because we can't add --shallow-file to every
1849         * command. check_everything_connected() will be done with
1850         * true .git/shallow though.
1851         */
1852        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1853}
1854
1855static void update_shallow_info(struct command *commands,
1856                                struct shallow_info *si,
1857                                struct oid_array *ref)
1858{
1859        struct command *cmd;
1860        int *ref_status;
1861        remove_nonexistent_theirs_shallow(si);
1862        if (!si->nr_ours && !si->nr_theirs) {
1863                shallow_update = 0;
1864                return;
1865        }
1866
1867        for (cmd = commands; cmd; cmd = cmd->next) {
1868                if (is_null_oid(&cmd->new_oid))
1869                        continue;
1870                oid_array_append(ref, &cmd->new_oid);
1871                cmd->index = ref->nr - 1;
1872        }
1873        si->ref = ref;
1874
1875        if (shallow_update) {
1876                prepare_shallow_update(commands, si);
1877                return;
1878        }
1879
1880        ALLOC_ARRAY(ref_status, ref->nr);
1881        assign_shallow_commits_to_refs(si, NULL, ref_status);
1882        for (cmd = commands; cmd; cmd = cmd->next) {
1883                if (is_null_oid(&cmd->new_oid))
1884                        continue;
1885                if (ref_status[cmd->index]) {
1886                        cmd->error_string = "shallow update not allowed";
1887                        cmd->skip_update = 1;
1888                }
1889        }
1890        free(ref_status);
1891}
1892
1893static void report(struct command *commands, const char *unpack_status)
1894{
1895        struct command *cmd;
1896        struct strbuf buf = STRBUF_INIT;
1897
1898        packet_buf_write(&buf, "unpack %s\n",
1899                         unpack_status ? unpack_status : "ok");
1900        for (cmd = commands; cmd; cmd = cmd->next) {
1901                if (!cmd->error_string)
1902                        packet_buf_write(&buf, "ok %s\n",
1903                                         cmd->ref_name);
1904                else
1905                        packet_buf_write(&buf, "ng %s %s\n",
1906                                         cmd->ref_name, cmd->error_string);
1907        }
1908        packet_buf_flush(&buf);
1909
1910        if (use_sideband)
1911                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1912        else
1913                write_or_die(1, buf.buf, buf.len);
1914        strbuf_release(&buf);
1915}
1916
1917static int delete_only(struct command *commands)
1918{
1919        struct command *cmd;
1920        for (cmd = commands; cmd; cmd = cmd->next) {
1921                if (!is_null_oid(&cmd->new_oid))
1922                        return 0;
1923        }
1924        return 1;
1925}
1926
1927int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1928{
1929        int advertise_refs = 0;
1930        struct command *commands;
1931        struct oid_array shallow = OID_ARRAY_INIT;
1932        struct oid_array ref = OID_ARRAY_INIT;
1933        struct shallow_info si;
1934
1935        struct option options[] = {
1936                OPT__QUIET(&quiet, N_("quiet")),
1937                OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1938                OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1939                OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1940                OPT_END()
1941        };
1942
1943        packet_trace_identity("receive-pack");
1944
1945        argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1946
1947        if (argc > 1)
1948                usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1949        if (argc == 0)
1950                usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1951
1952        service_dir = argv[0];
1953
1954        setup_path();
1955
1956        if (!enter_repo(service_dir, 0))
1957                die("'%s' does not appear to be a git repository", service_dir);
1958
1959        git_config(receive_pack_config, NULL);
1960        if (cert_nonce_seed)
1961                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1962
1963        if (0 <= transfer_unpack_limit)
1964                unpack_limit = transfer_unpack_limit;
1965        else if (0 <= receive_unpack_limit)
1966                unpack_limit = receive_unpack_limit;
1967
1968        switch (determine_protocol_version_server()) {
1969        case protocol_v2:
1970                /*
1971                 * push support for protocol v2 has not been implemented yet,
1972                 * so ignore the request to use v2 and fallback to using v0.
1973                 */
1974                break;
1975        case protocol_v1:
1976                /*
1977                 * v1 is just the original protocol with a version string,
1978                 * so just fall through after writing the version string.
1979                 */
1980                if (advertise_refs || !stateless_rpc)
1981                        packet_write_fmt(1, "version 1\n");
1982
1983                /* fallthrough */
1984        case protocol_v0:
1985                break;
1986        case protocol_unknown_version:
1987                BUG("unknown protocol version");
1988        }
1989
1990        if (advertise_refs || !stateless_rpc) {
1991                write_head_info();
1992        }
1993        if (advertise_refs)
1994                return 0;
1995
1996        if ((commands = read_head_info(&shallow)) != NULL) {
1997                const char *unpack_status = NULL;
1998                struct string_list push_options = STRING_LIST_INIT_DUP;
1999
2000                if (use_push_options)
2001                        read_push_options(&push_options);
2002                if (!check_cert_push_options(&push_options)) {
2003                        struct command *cmd;
2004                        for (cmd = commands; cmd; cmd = cmd->next)
2005                                cmd->error_string = "inconsistent push options";
2006                }
2007
2008                prepare_shallow_info(&si, &shallow);
2009                if (!si.nr_ours && !si.nr_theirs)
2010                        shallow_update = 0;
2011                if (!delete_only(commands)) {
2012                        unpack_status = unpack_with_sideband(&si);
2013                        update_shallow_info(commands, &si, &ref);
2014                }
2015                use_keepalive = KEEPALIVE_ALWAYS;
2016                execute_commands(commands, unpack_status, &si,
2017                                 &push_options);
2018                if (pack_lockfile)
2019                        unlink_or_warn(pack_lockfile);
2020                if (report_status)
2021                        report(commands, unpack_status);
2022                run_receive_hook(commands, "post-receive", 1,
2023                                 &push_options);
2024                run_update_post_hook(commands);
2025                string_list_clear(&push_options, 0);
2026                if (auto_gc) {
2027                        const char *argv_gc_auto[] = {
2028                                "gc", "--auto", "--quiet", NULL,
2029                        };
2030                        struct child_process proc = CHILD_PROCESS_INIT;
2031
2032                        proc.no_stdin = 1;
2033                        proc.stdout_to_stderr = 1;
2034                        proc.err = use_sideband ? -1 : 0;
2035                        proc.git_cmd = 1;
2036                        proc.argv = argv_gc_auto;
2037
2038                        close_all_packs(the_repository->objects);
2039                        if (!start_command(&proc)) {
2040                                if (use_sideband)
2041                                        copy_to_sideband(proc.err, -1, NULL);
2042                                finish_command(&proc);
2043                        }
2044                }
2045                if (auto_update_server_info)
2046                        update_server_info(0);
2047                clear_shallow_info(&si);
2048        }
2049        if (use_sideband)
2050                packet_flush(1);
2051        oid_array_clear(&shallow);
2052        oid_array_clear(&ref);
2053        free((void *)push_cert_nonce);
2054        return 0;
2055}