1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30
31static const char * const receive_pack_usage[] = {
32 N_("git receive-pack <git-dir>"),
33 NULL
34};
35
36enum deny_action {
37 DENY_UNCONFIGURED,
38 DENY_IGNORE,
39 DENY_WARN,
40 DENY_REFUSE,
41 DENY_UPDATE_INSTEAD
42};
43
44static int deny_deletes;
45static int deny_non_fast_forwards;
46static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
47static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
48static int receive_fsck_objects = -1;
49static int transfer_fsck_objects = -1;
50static struct strbuf fsck_msg_types = STRBUF_INIT;
51static int receive_unpack_limit = -1;
52static int transfer_unpack_limit = -1;
53static int advertise_atomic_push = 1;
54static int advertise_push_options;
55static int unpack_limit = 100;
56static off_t max_input_size;
57static int report_status;
58static int use_sideband;
59static int use_atomic;
60static int use_push_options;
61static int quiet;
62static int prefer_ofs_delta = 1;
63static int auto_update_server_info;
64static int auto_gc = 1;
65static int reject_thin;
66static int stateless_rpc;
67static const char *service_dir;
68static const char *head_name;
69static void *head_name_to_free;
70static int sent_capabilities;
71static int shallow_update;
72static const char *alt_shallow_file;
73static struct strbuf push_cert = STRBUF_INIT;
74static struct object_id push_cert_oid;
75static struct signature_check sigcheck;
76static const char *push_cert_nonce;
77static const char *cert_nonce_seed;
78
79static const char *NONCE_UNSOLICITED = "UNSOLICITED";
80static const char *NONCE_BAD = "BAD";
81static const char *NONCE_MISSING = "MISSING";
82static const char *NONCE_OK = "OK";
83static const char *NONCE_SLOP = "SLOP";
84static const char *nonce_status;
85static long nonce_stamp_slop;
86static timestamp_t nonce_stamp_slop_limit;
87static struct ref_transaction *transaction;
88
89static enum {
90 KEEPALIVE_NEVER = 0,
91 KEEPALIVE_AFTER_NUL,
92 KEEPALIVE_ALWAYS
93} use_keepalive;
94static int keepalive_in_sec = 5;
95
96static struct tmp_objdir *tmp_objdir;
97
98static enum deny_action parse_deny_action(const char *var, const char *value)
99{
100 if (value) {
101 if (!strcasecmp(value, "ignore"))
102 return DENY_IGNORE;
103 if (!strcasecmp(value, "warn"))
104 return DENY_WARN;
105 if (!strcasecmp(value, "refuse"))
106 return DENY_REFUSE;
107 if (!strcasecmp(value, "updateinstead"))
108 return DENY_UPDATE_INSTEAD;
109 }
110 if (git_config_bool(var, value))
111 return DENY_REFUSE;
112 return DENY_IGNORE;
113}
114
115static int receive_pack_config(const char *var, const char *value, void *cb)
116{
117 int status = parse_hide_refs_config(var, value, "receive");
118
119 if (status)
120 return status;
121
122 if (strcmp(var, "receive.denydeletes") == 0) {
123 deny_deletes = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.denynonfastforwards") == 0) {
128 deny_non_fast_forwards = git_config_bool(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "receive.unpacklimit") == 0) {
133 receive_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "transfer.unpacklimit") == 0) {
138 transfer_unpack_limit = git_config_int(var, value);
139 return 0;
140 }
141
142 if (strcmp(var, "receive.fsck.skiplist") == 0) {
143 const char *path;
144
145 if (git_config_pathname(&path, var, value))
146 return 1;
147 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
148 fsck_msg_types.len ? ',' : '=', path);
149 free((char *)path);
150 return 0;
151 }
152
153 if (skip_prefix(var, "receive.fsck.", &var)) {
154 if (is_valid_msg_type(var, value))
155 strbuf_addf(&fsck_msg_types, "%c%s=%s",
156 fsck_msg_types.len ? ',' : '=', var, value);
157 else
158 warning("Skipping unknown msg id '%s'", var);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsckobjects") == 0) {
163 receive_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (strcmp(var, "transfer.fsckobjects") == 0) {
168 transfer_fsck_objects = git_config_bool(var, value);
169 return 0;
170 }
171
172 if (!strcmp(var, "receive.denycurrentbranch")) {
173 deny_current_branch = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "receive.denydeletecurrent") == 0) {
178 deny_delete_current = parse_deny_action(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
183 prefer_ofs_delta = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.updateserverinfo") == 0) {
188 auto_update_server_info = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.autogc") == 0) {
193 auto_gc = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.shallowupdate") == 0) {
198 shallow_update = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "receive.certnonceseed") == 0)
203 return git_config_string(&cert_nonce_seed, var, value);
204
205 if (strcmp(var, "receive.certnonceslop") == 0) {
206 nonce_stamp_slop_limit = git_config_ulong(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertiseatomic") == 0) {
211 advertise_atomic_push = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.advertisepushoptions") == 0) {
216 advertise_push_options = git_config_bool(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.keepalive") == 0) {
221 keepalive_in_sec = git_config_int(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.maxinputsize") == 0) {
226 max_input_size = git_config_int64(var, value);
227 return 0;
228 }
229
230 return git_default_config(var, value, cb);
231}
232
233static void show_ref(const char *path, const struct object_id *oid)
234{
235 if (sent_capabilities) {
236 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
237 } else {
238 struct strbuf cap = STRBUF_INIT;
239
240 strbuf_addstr(&cap,
241 "report-status delete-refs side-band-64k quiet");
242 if (advertise_atomic_push)
243 strbuf_addstr(&cap, " atomic");
244 if (prefer_ofs_delta)
245 strbuf_addstr(&cap, " ofs-delta");
246 if (push_cert_nonce)
247 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
248 if (advertise_push_options)
249 strbuf_addstr(&cap, " push-options");
250 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
251 packet_write_fmt(1, "%s %s%c%s\n",
252 oid_to_hex(oid), path, 0, cap.buf);
253 strbuf_release(&cap);
254 sent_capabilities = 1;
255 }
256}
257
258static int show_ref_cb(const char *path_full, const struct object_id *oid,
259 int flag, void *data)
260{
261 struct oidset *seen = data;
262 const char *path = strip_namespace(path_full);
263
264 if (ref_is_hidden(path, path_full))
265 return 0;
266
267 /*
268 * Advertise refs outside our current namespace as ".have"
269 * refs, so that the client can use them to minimize data
270 * transfer but will otherwise ignore them.
271 */
272 if (!path) {
273 if (oidset_insert(seen, oid))
274 return 0;
275 path = ".have";
276 } else {
277 oidset_insert(seen, oid);
278 }
279 show_ref(path, oid);
280 return 0;
281}
282
283static void show_one_alternate_ref(const char *refname,
284 const struct object_id *oid,
285 void *data)
286{
287 struct oidset *seen = data;
288
289 if (oidset_insert(seen, oid))
290 return;
291
292 show_ref(".have", oid);
293}
294
295static void write_head_info(void)
296{
297 static struct oidset seen = OIDSET_INIT;
298
299 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304
305 advertise_shallow_grafts(1);
306
307 /* EOF */
308 packet_flush(1);
309}
310
311struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320};
321
322static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324
325static void report_message(const char *prefix, const char *err, va_list params)
326{
327 int sz;
328 char msg[4096];
329
330 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335
336 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340}
341
342static void rp_warning(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348}
349
350static void rp_error(const char *err, ...)
351{
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356}
357
358static int copy_to_sideband(int in, int out, void *arg)
359{
360 char data[128];
361 int keepalive_active = 0;
362
363 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367
368 while (1) {
369 ssize_t sz;
370
371 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374
375 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378
379 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391
392 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395
396 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410
411 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419}
420
421#define HMAC_BLOCK_SIZE 64
422
423static void hmac_sha1(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426{
427 unsigned char key[HMAC_BLOCK_SIZE];
428 unsigned char k_ipad[HMAC_BLOCK_SIZE];
429 unsigned char k_opad[HMAC_BLOCK_SIZE];
430 int i;
431 git_SHA_CTX ctx;
432
433 /* RFC 2104 2. (1) */
434 memset(key, '\0', HMAC_BLOCK_SIZE);
435 if (HMAC_BLOCK_SIZE < key_len) {
436 git_SHA1_Init(&ctx);
437 git_SHA1_Update(&ctx, key_in, key_len);
438 git_SHA1_Final(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442
443 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448
449 /* RFC 2104 2. (3) & (4) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
452 git_SHA1_Update(&ctx, text, text_len);
453 git_SHA1_Final(out, &ctx);
454
455 /* RFC 2104 2. (6) & (7) */
456 git_SHA1_Init(&ctx);
457 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
458 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
459 git_SHA1_Final(out, &ctx);
460}
461
462static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463{
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char sha1[GIT_SHA1_RAWSZ];
466
467 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
469 strbuf_release(&buf);
470
471 /* RFC 2104 5. HMAC-SHA1-80 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
473 return strbuf_detach(&buf, NULL);
474}
475
476/*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483{
484 int key_len = strlen(key);
485 const char *line = msg;
486
487 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489
490 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502}
503
504static const char *check_nonce(const char *buf, size_t len)
505{
506 char *nonce = find_header(buf, len, "nonce", NULL);
507 timestamp_t stamp, ostamp;
508 char *bohmac, *expect = NULL;
509 const char *retval = NONCE_BAD;
510
511 if (!nonce) {
512 retval = NONCE_MISSING;
513 goto leave;
514 } else if (!push_cert_nonce) {
515 retval = NONCE_UNSOLICITED;
516 goto leave;
517 } else if (!strcmp(push_cert_nonce, nonce)) {
518 retval = NONCE_OK;
519 goto leave;
520 }
521
522 if (!stateless_rpc) {
523 /* returned nonce MUST match what we gave out earlier */
524 retval = NONCE_BAD;
525 goto leave;
526 }
527
528 /*
529 * In stateless mode, we may be receiving a nonce issued by
530 * another instance of the server that serving the same
531 * repository, and the timestamps may not match, but the
532 * nonce-seed and dir should match, so we can recompute and
533 * report the time slop.
534 *
535 * In addition, when a nonce issued by another instance has
536 * timestamp within receive.certnonceslop seconds, we pretend
537 * as if we issued that nonce when reporting to the hook.
538 */
539
540 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
541 if (*nonce <= '0' || '9' < *nonce) {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545 stamp = parse_timestamp(nonce, &bohmac, 10);
546 if (bohmac == nonce || bohmac[0] != '-') {
547 retval = NONCE_BAD;
548 goto leave;
549 }
550
551 expect = prepare_push_cert_nonce(service_dir, stamp);
552 if (strcmp(expect, nonce)) {
553 /* Not what we would have signed earlier */
554 retval = NONCE_BAD;
555 goto leave;
556 }
557
558 /*
559 * By how many seconds is this nonce stale? Negative value
560 * would mean it was issued by another server with its clock
561 * skewed in the future.
562 */
563 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
564 nonce_stamp_slop = (long)ostamp - (long)stamp;
565
566 if (nonce_stamp_slop_limit &&
567 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
568 /*
569 * Pretend as if the received nonce (which passes the
570 * HMAC check, so it is not a forged by third-party)
571 * is what we issued.
572 */
573 free((void *)push_cert_nonce);
574 push_cert_nonce = xstrdup(nonce);
575 retval = NONCE_OK;
576 } else {
577 retval = NONCE_SLOP;
578 }
579
580leave:
581 free(nonce);
582 free(expect);
583 return retval;
584}
585
586/*
587 * Return 1 if there is no push_cert or if the push options in push_cert are
588 * the same as those in the argument; 0 otherwise.
589 */
590static int check_cert_push_options(const struct string_list *push_options)
591{
592 const char *buf = push_cert.buf;
593 int len = push_cert.len;
594
595 char *option;
596 const char *next_line;
597 int options_seen = 0;
598
599 int retval = 1;
600
601 if (!len)
602 return 1;
603
604 while ((option = find_header(buf, len, "push-option", &next_line))) {
605 len -= (next_line - buf);
606 buf = next_line;
607 options_seen++;
608 if (options_seen > push_options->nr
609 || strcmp(option,
610 push_options->items[options_seen - 1].string)) {
611 retval = 0;
612 goto leave;
613 }
614 free(option);
615 }
616
617 if (options_seen != push_options->nr)
618 retval = 0;
619
620leave:
621 free(option);
622 return retval;
623}
624
625static void prepare_push_cert_sha1(struct child_process *proc)
626{
627 static int already_done;
628
629 if (!push_cert.len)
630 return;
631
632 if (!already_done) {
633 struct strbuf gpg_output = STRBUF_INIT;
634 struct strbuf gpg_status = STRBUF_INIT;
635 int bogs /* beginning_of_gpg_sig */;
636
637 already_done = 1;
638 if (write_object_file(push_cert.buf, push_cert.len, "blob",
639 &push_cert_oid))
640 oidclr(&push_cert_oid);
641
642 memset(&sigcheck, '\0', sizeof(sigcheck));
643 sigcheck.result = 'N';
644
645 bogs = parse_signature(push_cert.buf, push_cert.len);
646 if (verify_signed_buffer(push_cert.buf, bogs,
647 push_cert.buf + bogs, push_cert.len - bogs,
648 &gpg_output, &gpg_status) < 0) {
649 ; /* error running gpg */
650 } else {
651 sigcheck.payload = push_cert.buf;
652 sigcheck.gpg_output = gpg_output.buf;
653 sigcheck.gpg_status = gpg_status.buf;
654 parse_gpg_output(&sigcheck);
655 }
656
657 strbuf_release(&gpg_output);
658 strbuf_release(&gpg_status);
659 nonce_status = check_nonce(push_cert.buf, bogs);
660 }
661 if (!is_null_oid(&push_cert_oid)) {
662 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
663 oid_to_hex(&push_cert_oid));
664 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
665 sigcheck.signer ? sigcheck.signer : "");
666 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
667 sigcheck.key ? sigcheck.key : "");
668 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
669 sigcheck.result);
670 if (push_cert_nonce) {
671 argv_array_pushf(&proc->env_array,
672 "GIT_PUSH_CERT_NONCE=%s",
673 push_cert_nonce);
674 argv_array_pushf(&proc->env_array,
675 "GIT_PUSH_CERT_NONCE_STATUS=%s",
676 nonce_status);
677 if (nonce_status == NONCE_SLOP)
678 argv_array_pushf(&proc->env_array,
679 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
680 nonce_stamp_slop);
681 }
682 }
683}
684
685struct receive_hook_feed_state {
686 struct command *cmd;
687 int skip_broken;
688 struct strbuf buf;
689 const struct string_list *push_options;
690};
691
692typedef int (*feed_fn)(void *, const char **, size_t *);
693static int run_and_feed_hook(const char *hook_name, feed_fn feed,
694 struct receive_hook_feed_state *feed_state)
695{
696 struct child_process proc = CHILD_PROCESS_INIT;
697 struct async muxer;
698 const char *argv[2];
699 int code;
700
701 argv[0] = find_hook(hook_name);
702 if (!argv[0])
703 return 0;
704
705 argv[1] = NULL;
706
707 proc.argv = argv;
708 proc.in = -1;
709 proc.stdout_to_stderr = 1;
710 if (feed_state->push_options) {
711 int i;
712 for (i = 0; i < feed_state->push_options->nr; i++)
713 argv_array_pushf(&proc.env_array,
714 "GIT_PUSH_OPTION_%d=%s", i,
715 feed_state->push_options->items[i].string);
716 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
717 feed_state->push_options->nr);
718 } else
719 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
720
721 if (tmp_objdir)
722 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
723
724 if (use_sideband) {
725 memset(&muxer, 0, sizeof(muxer));
726 muxer.proc = copy_to_sideband;
727 muxer.in = -1;
728 code = start_async(&muxer);
729 if (code)
730 return code;
731 proc.err = muxer.in;
732 }
733
734 prepare_push_cert_sha1(&proc);
735
736 code = start_command(&proc);
737 if (code) {
738 if (use_sideband)
739 finish_async(&muxer);
740 return code;
741 }
742
743 sigchain_push(SIGPIPE, SIG_IGN);
744
745 while (1) {
746 const char *buf;
747 size_t n;
748 if (feed(feed_state, &buf, &n))
749 break;
750 if (write_in_full(proc.in, buf, n) < 0)
751 break;
752 }
753 close(proc.in);
754 if (use_sideband)
755 finish_async(&muxer);
756
757 sigchain_pop(SIGPIPE);
758
759 return finish_command(&proc);
760}
761
762static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
763{
764 struct receive_hook_feed_state *state = state_;
765 struct command *cmd = state->cmd;
766
767 while (cmd &&
768 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
769 cmd = cmd->next;
770 if (!cmd)
771 return -1; /* EOF */
772 strbuf_reset(&state->buf);
773 strbuf_addf(&state->buf, "%s %s %s\n",
774 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
775 cmd->ref_name);
776 state->cmd = cmd->next;
777 if (bufp) {
778 *bufp = state->buf.buf;
779 *sizep = state->buf.len;
780 }
781 return 0;
782}
783
784static int run_receive_hook(struct command *commands,
785 const char *hook_name,
786 int skip_broken,
787 const struct string_list *push_options)
788{
789 struct receive_hook_feed_state state;
790 int status;
791
792 strbuf_init(&state.buf, 0);
793 state.cmd = commands;
794 state.skip_broken = skip_broken;
795 if (feed_receive_hook(&state, NULL, NULL))
796 return 0;
797 state.cmd = commands;
798 state.push_options = push_options;
799 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
800 strbuf_release(&state.buf);
801 return status;
802}
803
804static int run_update_hook(struct command *cmd)
805{
806 const char *argv[5];
807 struct child_process proc = CHILD_PROCESS_INIT;
808 int code;
809
810 argv[0] = find_hook("update");
811 if (!argv[0])
812 return 0;
813
814 argv[1] = cmd->ref_name;
815 argv[2] = oid_to_hex(&cmd->old_oid);
816 argv[3] = oid_to_hex(&cmd->new_oid);
817 argv[4] = NULL;
818
819 proc.no_stdin = 1;
820 proc.stdout_to_stderr = 1;
821 proc.err = use_sideband ? -1 : 0;
822 proc.argv = argv;
823
824 code = start_command(&proc);
825 if (code)
826 return code;
827 if (use_sideband)
828 copy_to_sideband(proc.err, -1, NULL);
829 return finish_command(&proc);
830}
831
832static int is_ref_checked_out(const char *ref)
833{
834 if (is_bare_repository())
835 return 0;
836
837 if (!head_name)
838 return 0;
839 return !strcmp(head_name, ref);
840}
841
842static char *refuse_unconfigured_deny_msg =
843 N_("By default, updating the current branch in a non-bare repository\n"
844 "is denied, because it will make the index and work tree inconsistent\n"
845 "with what you pushed, and will require 'git reset --hard' to match\n"
846 "the work tree to HEAD.\n"
847 "\n"
848 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
849 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
850 "its current branch; however, this is not recommended unless you\n"
851 "arranged to update its work tree to match what you pushed in some\n"
852 "other way.\n"
853 "\n"
854 "To squelch this message and still keep the default behaviour, set\n"
855 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
856
857static void refuse_unconfigured_deny(void)
858{
859 rp_error("%s", _(refuse_unconfigured_deny_msg));
860}
861
862static char *refuse_unconfigured_deny_delete_current_msg =
863 N_("By default, deleting the current branch is denied, because the next\n"
864 "'git clone' won't result in any file checked out, causing confusion.\n"
865 "\n"
866 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
867 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
868 "current branch, with or without a warning message.\n"
869 "\n"
870 "To squelch this message, you can set it to 'refuse'.");
871
872static void refuse_unconfigured_deny_delete_current(void)
873{
874 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
875}
876
877static int command_singleton_iterator(void *cb_data, struct object_id *oid);
878static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
879{
880 struct lock_file shallow_lock = LOCK_INIT;
881 struct oid_array extra = OID_ARRAY_INIT;
882 struct check_connected_options opt = CHECK_CONNECTED_INIT;
883 uint32_t mask = 1 << (cmd->index % 32);
884 int i;
885
886 trace_printf_key(&trace_shallow,
887 "shallow: update_shallow_ref %s\n", cmd->ref_name);
888 for (i = 0; i < si->shallow->nr; i++)
889 if (si->used_shallow[i] &&
890 (si->used_shallow[i][cmd->index / 32] & mask) &&
891 !delayed_reachability_test(si, i))
892 oid_array_append(&extra, &si->shallow->oid[i]);
893
894 opt.env = tmp_objdir_env(tmp_objdir);
895 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
896 if (check_connected(command_singleton_iterator, cmd, &opt)) {
897 rollback_lock_file(&shallow_lock);
898 oid_array_clear(&extra);
899 return -1;
900 }
901
902 commit_lock_file(&shallow_lock);
903
904 /*
905 * Make sure setup_alternate_shallow() for the next ref does
906 * not lose these new roots..
907 */
908 for (i = 0; i < extra.nr; i++)
909 register_shallow(the_repository, &extra.oid[i]);
910
911 si->shallow_ref[cmd->index] = 0;
912 oid_array_clear(&extra);
913 return 0;
914}
915
916/*
917 * NEEDSWORK: we should consolidate various implementions of "are we
918 * on an unborn branch?" test into one, and make the unified one more
919 * robust. !get_sha1() based check used here and elsewhere would not
920 * allow us to tell an unborn branch from corrupt ref, for example.
921 * For the purpose of fixing "deploy-to-update does not work when
922 * pushing into an empty repository" issue, this should suffice for
923 * now.
924 */
925static int head_has_history(void)
926{
927 struct object_id oid;
928
929 return !get_oid("HEAD", &oid);
930}
931
932static const char *push_to_deploy(unsigned char *sha1,
933 struct argv_array *env,
934 const char *work_tree)
935{
936 const char *update_refresh[] = {
937 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
938 };
939 const char *diff_files[] = {
940 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
941 };
942 const char *diff_index[] = {
943 "diff-index", "--quiet", "--cached", "--ignore-submodules",
944 NULL, "--", NULL
945 };
946 const char *read_tree[] = {
947 "read-tree", "-u", "-m", NULL, NULL
948 };
949 struct child_process child = CHILD_PROCESS_INIT;
950
951 child.argv = update_refresh;
952 child.env = env->argv;
953 child.dir = work_tree;
954 child.no_stdin = 1;
955 child.stdout_to_stderr = 1;
956 child.git_cmd = 1;
957 if (run_command(&child))
958 return "Up-to-date check failed";
959
960 /* run_command() does not clean up completely; reinitialize */
961 child_process_init(&child);
962 child.argv = diff_files;
963 child.env = env->argv;
964 child.dir = work_tree;
965 child.no_stdin = 1;
966 child.stdout_to_stderr = 1;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has unstaged changes";
970
971 /* diff-index with either HEAD or an empty tree */
972 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
973
974 child_process_init(&child);
975 child.argv = diff_index;
976 child.env = env->argv;
977 child.no_stdin = 1;
978 child.no_stdout = 1;
979 child.stdout_to_stderr = 0;
980 child.git_cmd = 1;
981 if (run_command(&child))
982 return "Working directory has staged changes";
983
984 read_tree[3] = sha1_to_hex(sha1);
985 child_process_init(&child);
986 child.argv = read_tree;
987 child.env = env->argv;
988 child.dir = work_tree;
989 child.no_stdin = 1;
990 child.no_stdout = 1;
991 child.stdout_to_stderr = 0;
992 child.git_cmd = 1;
993 if (run_command(&child))
994 return "Could not update working tree to new HEAD";
995
996 return NULL;
997}
998
999static const char *push_to_checkout_hook = "push-to-checkout";
1000
1001static const char *push_to_checkout(unsigned char *sha1,
1002 struct argv_array *env,
1003 const char *work_tree)
1004{
1005 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1006 if (run_hook_le(env->argv, push_to_checkout_hook,
1007 sha1_to_hex(sha1), NULL))
1008 return "push-to-checkout hook declined";
1009 else
1010 return NULL;
1011}
1012
1013static const char *update_worktree(unsigned char *sha1)
1014{
1015 const char *retval;
1016 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1017 struct argv_array env = ARGV_ARRAY_INIT;
1018
1019 if (is_bare_repository())
1020 return "denyCurrentBranch = updateInstead needs a worktree";
1021
1022 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1023
1024 if (!find_hook(push_to_checkout_hook))
1025 retval = push_to_deploy(sha1, &env, work_tree);
1026 else
1027 retval = push_to_checkout(sha1, &env, work_tree);
1028
1029 argv_array_clear(&env);
1030 return retval;
1031}
1032
1033static const char *update(struct command *cmd, struct shallow_info *si)
1034{
1035 const char *name = cmd->ref_name;
1036 struct strbuf namespaced_name_buf = STRBUF_INIT;
1037 static char *namespaced_name;
1038 const char *ret;
1039 struct object_id *old_oid = &cmd->old_oid;
1040 struct object_id *new_oid = &cmd->new_oid;
1041
1042 /* only refs/... are allowed */
1043 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1044 rp_error("refusing to create funny ref '%s' remotely", name);
1045 return "funny refname";
1046 }
1047
1048 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1049 free(namespaced_name);
1050 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1051
1052 if (is_ref_checked_out(namespaced_name)) {
1053 switch (deny_current_branch) {
1054 case DENY_IGNORE:
1055 break;
1056 case DENY_WARN:
1057 rp_warning("updating the current branch");
1058 break;
1059 case DENY_REFUSE:
1060 case DENY_UNCONFIGURED:
1061 rp_error("refusing to update checked out branch: %s", name);
1062 if (deny_current_branch == DENY_UNCONFIGURED)
1063 refuse_unconfigured_deny();
1064 return "branch is currently checked out";
1065 case DENY_UPDATE_INSTEAD:
1066 ret = update_worktree(new_oid->hash);
1067 if (ret)
1068 return ret;
1069 break;
1070 }
1071 }
1072
1073 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1074 error("unpack should have generated %s, "
1075 "but I can't find it!", oid_to_hex(new_oid));
1076 return "bad pack";
1077 }
1078
1079 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1080 if (deny_deletes && starts_with(name, "refs/heads/")) {
1081 rp_error("denying ref deletion for %s", name);
1082 return "deletion prohibited";
1083 }
1084
1085 if (head_name && !strcmp(namespaced_name, head_name)) {
1086 switch (deny_delete_current) {
1087 case DENY_IGNORE:
1088 break;
1089 case DENY_WARN:
1090 rp_warning("deleting the current branch");
1091 break;
1092 case DENY_REFUSE:
1093 case DENY_UNCONFIGURED:
1094 case DENY_UPDATE_INSTEAD:
1095 if (deny_delete_current == DENY_UNCONFIGURED)
1096 refuse_unconfigured_deny_delete_current();
1097 rp_error("refusing to delete the current branch: %s", name);
1098 return "deletion of the current branch prohibited";
1099 default:
1100 return "Invalid denyDeleteCurrent setting";
1101 }
1102 }
1103 }
1104
1105 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1106 !is_null_oid(old_oid) &&
1107 starts_with(name, "refs/heads/")) {
1108 struct object *old_object, *new_object;
1109 struct commit *old_commit, *new_commit;
1110
1111 old_object = parse_object(old_oid);
1112 new_object = parse_object(new_oid);
1113
1114 if (!old_object || !new_object ||
1115 old_object->type != OBJ_COMMIT ||
1116 new_object->type != OBJ_COMMIT) {
1117 error("bad sha1 objects for %s", name);
1118 return "bad ref";
1119 }
1120 old_commit = (struct commit *)old_object;
1121 new_commit = (struct commit *)new_object;
1122 if (!in_merge_bases(old_commit, new_commit)) {
1123 rp_error("denying non-fast-forward %s"
1124 " (you should pull first)", name);
1125 return "non-fast-forward";
1126 }
1127 }
1128 if (run_update_hook(cmd)) {
1129 rp_error("hook declined to update %s", name);
1130 return "hook declined";
1131 }
1132
1133 if (is_null_oid(new_oid)) {
1134 struct strbuf err = STRBUF_INIT;
1135 if (!parse_object(old_oid)) {
1136 old_oid = NULL;
1137 if (ref_exists(name)) {
1138 rp_warning("Allowing deletion of corrupt ref.");
1139 } else {
1140 rp_warning("Deleting a non-existent ref.");
1141 cmd->did_not_exist = 1;
1142 }
1143 }
1144 if (ref_transaction_delete(transaction,
1145 namespaced_name,
1146 old_oid,
1147 0, "push", &err)) {
1148 rp_error("%s", err.buf);
1149 strbuf_release(&err);
1150 return "failed to delete";
1151 }
1152 strbuf_release(&err);
1153 return NULL; /* good */
1154 }
1155 else {
1156 struct strbuf err = STRBUF_INIT;
1157 if (shallow_update && si->shallow_ref[cmd->index] &&
1158 update_shallow_ref(cmd, si))
1159 return "shallow error";
1160
1161 if (ref_transaction_update(transaction,
1162 namespaced_name,
1163 new_oid, old_oid,
1164 0, "push",
1165 &err)) {
1166 rp_error("%s", err.buf);
1167 strbuf_release(&err);
1168
1169 return "failed to update ref";
1170 }
1171 strbuf_release(&err);
1172
1173 return NULL; /* good */
1174 }
1175}
1176
1177static void run_update_post_hook(struct command *commands)
1178{
1179 struct command *cmd;
1180 struct child_process proc = CHILD_PROCESS_INIT;
1181 const char *hook;
1182
1183 hook = find_hook("post-update");
1184 if (!hook)
1185 return;
1186
1187 for (cmd = commands; cmd; cmd = cmd->next) {
1188 if (cmd->error_string || cmd->did_not_exist)
1189 continue;
1190 if (!proc.args.argc)
1191 argv_array_push(&proc.args, hook);
1192 argv_array_push(&proc.args, cmd->ref_name);
1193 }
1194 if (!proc.args.argc)
1195 return;
1196
1197 proc.no_stdin = 1;
1198 proc.stdout_to_stderr = 1;
1199 proc.err = use_sideband ? -1 : 0;
1200
1201 if (!start_command(&proc)) {
1202 if (use_sideband)
1203 copy_to_sideband(proc.err, -1, NULL);
1204 finish_command(&proc);
1205 }
1206}
1207
1208static void check_aliased_update(struct command *cmd, struct string_list *list)
1209{
1210 struct strbuf buf = STRBUF_INIT;
1211 const char *dst_name;
1212 struct string_list_item *item;
1213 struct command *dst_cmd;
1214 int flag;
1215
1216 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1217 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1218 strbuf_release(&buf);
1219
1220 if (!(flag & REF_ISSYMREF))
1221 return;
1222
1223 if (!dst_name) {
1224 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1225 cmd->skip_update = 1;
1226 cmd->error_string = "broken symref";
1227 return;
1228 }
1229 dst_name = strip_namespace(dst_name);
1230
1231 if ((item = string_list_lookup(list, dst_name)) == NULL)
1232 return;
1233
1234 cmd->skip_update = 1;
1235
1236 dst_cmd = (struct command *) item->util;
1237
1238 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1239 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1240 return;
1241
1242 dst_cmd->skip_update = 1;
1243
1244 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1245 " its target '%s' (%s..%s)",
1246 cmd->ref_name,
1247 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1248 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1249 dst_cmd->ref_name,
1250 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1251 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1252
1253 cmd->error_string = dst_cmd->error_string =
1254 "inconsistent aliased update";
1255}
1256
1257static void check_aliased_updates(struct command *commands)
1258{
1259 struct command *cmd;
1260 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1261
1262 for (cmd = commands; cmd; cmd = cmd->next) {
1263 struct string_list_item *item =
1264 string_list_append(&ref_list, cmd->ref_name);
1265 item->util = (void *)cmd;
1266 }
1267 string_list_sort(&ref_list);
1268
1269 for (cmd = commands; cmd; cmd = cmd->next) {
1270 if (!cmd->error_string)
1271 check_aliased_update(cmd, &ref_list);
1272 }
1273
1274 string_list_clear(&ref_list, 0);
1275}
1276
1277static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1278{
1279 struct command **cmd_list = cb_data;
1280 struct command *cmd = *cmd_list;
1281
1282 if (!cmd || is_null_oid(&cmd->new_oid))
1283 return -1; /* end of list */
1284 *cmd_list = NULL; /* this returns only one */
1285 oidcpy(oid, &cmd->new_oid);
1286 return 0;
1287}
1288
1289static void set_connectivity_errors(struct command *commands,
1290 struct shallow_info *si)
1291{
1292 struct command *cmd;
1293
1294 for (cmd = commands; cmd; cmd = cmd->next) {
1295 struct command *singleton = cmd;
1296 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1297
1298 if (shallow_update && si->shallow_ref[cmd->index])
1299 /* to be checked in update_shallow_ref() */
1300 continue;
1301
1302 opt.env = tmp_objdir_env(tmp_objdir);
1303 if (!check_connected(command_singleton_iterator, &singleton,
1304 &opt))
1305 continue;
1306
1307 cmd->error_string = "missing necessary objects";
1308 }
1309}
1310
1311struct iterate_data {
1312 struct command *cmds;
1313 struct shallow_info *si;
1314};
1315
1316static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1317{
1318 struct iterate_data *data = cb_data;
1319 struct command **cmd_list = &data->cmds;
1320 struct command *cmd = *cmd_list;
1321
1322 for (; cmd; cmd = cmd->next) {
1323 if (shallow_update && data->si->shallow_ref[cmd->index])
1324 /* to be checked in update_shallow_ref() */
1325 continue;
1326 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1327 oidcpy(oid, &cmd->new_oid);
1328 *cmd_list = cmd->next;
1329 return 0;
1330 }
1331 }
1332 *cmd_list = NULL;
1333 return -1; /* end of list */
1334}
1335
1336static void reject_updates_to_hidden(struct command *commands)
1337{
1338 struct strbuf refname_full = STRBUF_INIT;
1339 size_t prefix_len;
1340 struct command *cmd;
1341
1342 strbuf_addstr(&refname_full, get_git_namespace());
1343 prefix_len = refname_full.len;
1344
1345 for (cmd = commands; cmd; cmd = cmd->next) {
1346 if (cmd->error_string)
1347 continue;
1348
1349 strbuf_setlen(&refname_full, prefix_len);
1350 strbuf_addstr(&refname_full, cmd->ref_name);
1351
1352 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1353 continue;
1354 if (is_null_oid(&cmd->new_oid))
1355 cmd->error_string = "deny deleting a hidden ref";
1356 else
1357 cmd->error_string = "deny updating a hidden ref";
1358 }
1359
1360 strbuf_release(&refname_full);
1361}
1362
1363static int should_process_cmd(struct command *cmd)
1364{
1365 return !cmd->error_string && !cmd->skip_update;
1366}
1367
1368static void warn_if_skipped_connectivity_check(struct command *commands,
1369 struct shallow_info *si)
1370{
1371 struct command *cmd;
1372 int checked_connectivity = 1;
1373
1374 for (cmd = commands; cmd; cmd = cmd->next) {
1375 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1376 error("BUG: connectivity check has not been run on ref %s",
1377 cmd->ref_name);
1378 checked_connectivity = 0;
1379 }
1380 }
1381 if (!checked_connectivity)
1382 BUG("connectivity check skipped???");
1383}
1384
1385static void execute_commands_non_atomic(struct command *commands,
1386 struct shallow_info *si)
1387{
1388 struct command *cmd;
1389 struct strbuf err = STRBUF_INIT;
1390
1391 for (cmd = commands; cmd; cmd = cmd->next) {
1392 if (!should_process_cmd(cmd))
1393 continue;
1394
1395 transaction = ref_transaction_begin(&err);
1396 if (!transaction) {
1397 rp_error("%s", err.buf);
1398 strbuf_reset(&err);
1399 cmd->error_string = "transaction failed to start";
1400 continue;
1401 }
1402
1403 cmd->error_string = update(cmd, si);
1404
1405 if (!cmd->error_string
1406 && ref_transaction_commit(transaction, &err)) {
1407 rp_error("%s", err.buf);
1408 strbuf_reset(&err);
1409 cmd->error_string = "failed to update ref";
1410 }
1411 ref_transaction_free(transaction);
1412 }
1413 strbuf_release(&err);
1414}
1415
1416static void execute_commands_atomic(struct command *commands,
1417 struct shallow_info *si)
1418{
1419 struct command *cmd;
1420 struct strbuf err = STRBUF_INIT;
1421 const char *reported_error = "atomic push failure";
1422
1423 transaction = ref_transaction_begin(&err);
1424 if (!transaction) {
1425 rp_error("%s", err.buf);
1426 strbuf_reset(&err);
1427 reported_error = "transaction failed to start";
1428 goto failure;
1429 }
1430
1431 for (cmd = commands; cmd; cmd = cmd->next) {
1432 if (!should_process_cmd(cmd))
1433 continue;
1434
1435 cmd->error_string = update(cmd, si);
1436
1437 if (cmd->error_string)
1438 goto failure;
1439 }
1440
1441 if (ref_transaction_commit(transaction, &err)) {
1442 rp_error("%s", err.buf);
1443 reported_error = "atomic transaction failed";
1444 goto failure;
1445 }
1446 goto cleanup;
1447
1448failure:
1449 for (cmd = commands; cmd; cmd = cmd->next)
1450 if (!cmd->error_string)
1451 cmd->error_string = reported_error;
1452
1453cleanup:
1454 ref_transaction_free(transaction);
1455 strbuf_release(&err);
1456}
1457
1458static void execute_commands(struct command *commands,
1459 const char *unpacker_error,
1460 struct shallow_info *si,
1461 const struct string_list *push_options)
1462{
1463 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1464 struct command *cmd;
1465 struct iterate_data data;
1466 struct async muxer;
1467 int err_fd = 0;
1468
1469 if (unpacker_error) {
1470 for (cmd = commands; cmd; cmd = cmd->next)
1471 cmd->error_string = "unpacker error";
1472 return;
1473 }
1474
1475 if (use_sideband) {
1476 memset(&muxer, 0, sizeof(muxer));
1477 muxer.proc = copy_to_sideband;
1478 muxer.in = -1;
1479 if (!start_async(&muxer))
1480 err_fd = muxer.in;
1481 /* ...else, continue without relaying sideband */
1482 }
1483
1484 data.cmds = commands;
1485 data.si = si;
1486 opt.err_fd = err_fd;
1487 opt.progress = err_fd && !quiet;
1488 opt.env = tmp_objdir_env(tmp_objdir);
1489 if (check_connected(iterate_receive_command_list, &data, &opt))
1490 set_connectivity_errors(commands, si);
1491
1492 if (use_sideband)
1493 finish_async(&muxer);
1494
1495 reject_updates_to_hidden(commands);
1496
1497 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1498 for (cmd = commands; cmd; cmd = cmd->next) {
1499 if (!cmd->error_string)
1500 cmd->error_string = "pre-receive hook declined";
1501 }
1502 return;
1503 }
1504
1505 /*
1506 * Now we'll start writing out refs, which means the objects need
1507 * to be in their final positions so that other processes can see them.
1508 */
1509 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1510 for (cmd = commands; cmd; cmd = cmd->next) {
1511 if (!cmd->error_string)
1512 cmd->error_string = "unable to migrate objects to permanent storage";
1513 }
1514 return;
1515 }
1516 tmp_objdir = NULL;
1517
1518 check_aliased_updates(commands);
1519
1520 free(head_name_to_free);
1521 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1522
1523 if (use_atomic)
1524 execute_commands_atomic(commands, si);
1525 else
1526 execute_commands_non_atomic(commands, si);
1527
1528 if (shallow_update)
1529 warn_if_skipped_connectivity_check(commands, si);
1530}
1531
1532static struct command **queue_command(struct command **tail,
1533 const char *line,
1534 int linelen)
1535{
1536 struct object_id old_oid, new_oid;
1537 struct command *cmd;
1538 const char *refname;
1539 int reflen;
1540 const char *p;
1541
1542 if (parse_oid_hex(line, &old_oid, &p) ||
1543 *p++ != ' ' ||
1544 parse_oid_hex(p, &new_oid, &p) ||
1545 *p++ != ' ')
1546 die("protocol error: expected old/new/ref, got '%s'", line);
1547
1548 refname = p;
1549 reflen = linelen - (p - line);
1550 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1551 oidcpy(&cmd->old_oid, &old_oid);
1552 oidcpy(&cmd->new_oid, &new_oid);
1553 *tail = cmd;
1554 return &cmd->next;
1555}
1556
1557static void queue_commands_from_cert(struct command **tail,
1558 struct strbuf *push_cert)
1559{
1560 const char *boc, *eoc;
1561
1562 if (*tail)
1563 die("protocol error: got both push certificate and unsigned commands");
1564
1565 boc = strstr(push_cert->buf, "\n\n");
1566 if (!boc)
1567 die("malformed push certificate %.*s", 100, push_cert->buf);
1568 else
1569 boc += 2;
1570 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1571
1572 while (boc < eoc) {
1573 const char *eol = memchr(boc, '\n', eoc - boc);
1574 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1575 boc = eol ? eol + 1 : eoc;
1576 }
1577}
1578
1579static struct command *read_head_info(struct oid_array *shallow)
1580{
1581 struct command *commands = NULL;
1582 struct command **p = &commands;
1583 for (;;) {
1584 char *line;
1585 int len, linelen;
1586
1587 line = packet_read_line(0, &len);
1588 if (!line)
1589 break;
1590
1591 if (len > 8 && starts_with(line, "shallow ")) {
1592 struct object_id oid;
1593 if (get_oid_hex(line + 8, &oid))
1594 die("protocol error: expected shallow sha, got '%s'",
1595 line + 8);
1596 oid_array_append(shallow, &oid);
1597 continue;
1598 }
1599
1600 linelen = strlen(line);
1601 if (linelen < len) {
1602 const char *feature_list = line + linelen + 1;
1603 if (parse_feature_request(feature_list, "report-status"))
1604 report_status = 1;
1605 if (parse_feature_request(feature_list, "side-band-64k"))
1606 use_sideband = LARGE_PACKET_MAX;
1607 if (parse_feature_request(feature_list, "quiet"))
1608 quiet = 1;
1609 if (advertise_atomic_push
1610 && parse_feature_request(feature_list, "atomic"))
1611 use_atomic = 1;
1612 if (advertise_push_options
1613 && parse_feature_request(feature_list, "push-options"))
1614 use_push_options = 1;
1615 }
1616
1617 if (!strcmp(line, "push-cert")) {
1618 int true_flush = 0;
1619 char certbuf[1024];
1620
1621 for (;;) {
1622 len = packet_read(0, NULL, NULL,
1623 certbuf, sizeof(certbuf), 0);
1624 if (!len) {
1625 true_flush = 1;
1626 break;
1627 }
1628 if (!strcmp(certbuf, "push-cert-end\n"))
1629 break; /* end of cert */
1630 strbuf_addstr(&push_cert, certbuf);
1631 }
1632
1633 if (true_flush)
1634 break;
1635 continue;
1636 }
1637
1638 p = queue_command(p, line, linelen);
1639 }
1640
1641 if (push_cert.len)
1642 queue_commands_from_cert(p, &push_cert);
1643
1644 return commands;
1645}
1646
1647static void read_push_options(struct string_list *options)
1648{
1649 while (1) {
1650 char *line;
1651 int len;
1652
1653 line = packet_read_line(0, &len);
1654
1655 if (!line)
1656 break;
1657
1658 string_list_append(options, line);
1659 }
1660}
1661
1662static const char *parse_pack_header(struct pack_header *hdr)
1663{
1664 switch (read_pack_header(0, hdr)) {
1665 case PH_ERROR_EOF:
1666 return "eof before pack header was fully read";
1667
1668 case PH_ERROR_PACK_SIGNATURE:
1669 return "protocol error (pack signature mismatch detected)";
1670
1671 case PH_ERROR_PROTOCOL:
1672 return "protocol error (pack version unsupported)";
1673
1674 default:
1675 return "unknown error in parse_pack_header";
1676
1677 case 0:
1678 return NULL;
1679 }
1680}
1681
1682static const char *pack_lockfile;
1683
1684static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1685{
1686 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1687 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1688}
1689
1690static const char *unpack(int err_fd, struct shallow_info *si)
1691{
1692 struct pack_header hdr;
1693 const char *hdr_err;
1694 int status;
1695 struct child_process child = CHILD_PROCESS_INIT;
1696 int fsck_objects = (receive_fsck_objects >= 0
1697 ? receive_fsck_objects
1698 : transfer_fsck_objects >= 0
1699 ? transfer_fsck_objects
1700 : 0);
1701
1702 hdr_err = parse_pack_header(&hdr);
1703 if (hdr_err) {
1704 if (err_fd > 0)
1705 close(err_fd);
1706 return hdr_err;
1707 }
1708
1709 if (si->nr_ours || si->nr_theirs) {
1710 alt_shallow_file = setup_temporary_shallow(si->shallow);
1711 argv_array_push(&child.args, "--shallow-file");
1712 argv_array_push(&child.args, alt_shallow_file);
1713 }
1714
1715 tmp_objdir = tmp_objdir_create();
1716 if (!tmp_objdir) {
1717 if (err_fd > 0)
1718 close(err_fd);
1719 return "unable to create temporary object directory";
1720 }
1721 child.env = tmp_objdir_env(tmp_objdir);
1722
1723 /*
1724 * Normally we just pass the tmp_objdir environment to the child
1725 * processes that do the heavy lifting, but we may need to see these
1726 * objects ourselves to set up shallow information.
1727 */
1728 tmp_objdir_add_as_alternate(tmp_objdir);
1729
1730 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1731 argv_array_push(&child.args, "unpack-objects");
1732 push_header_arg(&child.args, &hdr);
1733 if (quiet)
1734 argv_array_push(&child.args, "-q");
1735 if (fsck_objects)
1736 argv_array_pushf(&child.args, "--strict%s",
1737 fsck_msg_types.buf);
1738 if (max_input_size)
1739 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1740 (uintmax_t)max_input_size);
1741 child.no_stdout = 1;
1742 child.err = err_fd;
1743 child.git_cmd = 1;
1744 status = run_command(&child);
1745 if (status)
1746 return "unpack-objects abnormal exit";
1747 } else {
1748 char hostname[HOST_NAME_MAX + 1];
1749
1750 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1751 push_header_arg(&child.args, &hdr);
1752
1753 if (xgethostname(hostname, sizeof(hostname)))
1754 xsnprintf(hostname, sizeof(hostname), "localhost");
1755 argv_array_pushf(&child.args,
1756 "--keep=receive-pack %"PRIuMAX" on %s",
1757 (uintmax_t)getpid(),
1758 hostname);
1759
1760 if (!quiet && err_fd)
1761 argv_array_push(&child.args, "--show-resolving-progress");
1762 if (use_sideband)
1763 argv_array_push(&child.args, "--report-end-of-input");
1764 if (fsck_objects)
1765 argv_array_pushf(&child.args, "--strict%s",
1766 fsck_msg_types.buf);
1767 if (!reject_thin)
1768 argv_array_push(&child.args, "--fix-thin");
1769 if (max_input_size)
1770 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1771 (uintmax_t)max_input_size);
1772 child.out = -1;
1773 child.err = err_fd;
1774 child.git_cmd = 1;
1775 status = start_command(&child);
1776 if (status)
1777 return "index-pack fork failed";
1778 pack_lockfile = index_pack_lockfile(child.out);
1779 close(child.out);
1780 status = finish_command(&child);
1781 if (status)
1782 return "index-pack abnormal exit";
1783 reprepare_packed_git(the_repository);
1784 }
1785 return NULL;
1786}
1787
1788static const char *unpack_with_sideband(struct shallow_info *si)
1789{
1790 struct async muxer;
1791 const char *ret;
1792
1793 if (!use_sideband)
1794 return unpack(0, si);
1795
1796 use_keepalive = KEEPALIVE_AFTER_NUL;
1797 memset(&muxer, 0, sizeof(muxer));
1798 muxer.proc = copy_to_sideband;
1799 muxer.in = -1;
1800 if (start_async(&muxer))
1801 return NULL;
1802
1803 ret = unpack(muxer.in, si);
1804
1805 finish_async(&muxer);
1806 return ret;
1807}
1808
1809static void prepare_shallow_update(struct command *commands,
1810 struct shallow_info *si)
1811{
1812 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1813
1814 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1815 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1816
1817 si->need_reachability_test =
1818 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1819 si->reachable =
1820 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1821 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1822
1823 for (i = 0; i < si->nr_ours; i++)
1824 si->need_reachability_test[si->ours[i]] = 1;
1825
1826 for (i = 0; i < si->shallow->nr; i++) {
1827 if (!si->used_shallow[i])
1828 continue;
1829 for (j = 0; j < bitmap_size; j++) {
1830 if (!si->used_shallow[i][j])
1831 continue;
1832 si->need_reachability_test[i]++;
1833 for (k = 0; k < 32; k++)
1834 if (si->used_shallow[i][j] & (1U << k))
1835 si->shallow_ref[j * 32 + k]++;
1836 }
1837
1838 /*
1839 * true for those associated with some refs and belong
1840 * in "ours" list aka "step 7 not done yet"
1841 */
1842 si->need_reachability_test[i] =
1843 si->need_reachability_test[i] > 1;
1844 }
1845
1846 /*
1847 * keep hooks happy by forcing a temporary shallow file via
1848 * env variable because we can't add --shallow-file to every
1849 * command. check_everything_connected() will be done with
1850 * true .git/shallow though.
1851 */
1852 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1853}
1854
1855static void update_shallow_info(struct command *commands,
1856 struct shallow_info *si,
1857 struct oid_array *ref)
1858{
1859 struct command *cmd;
1860 int *ref_status;
1861 remove_nonexistent_theirs_shallow(si);
1862 if (!si->nr_ours && !si->nr_theirs) {
1863 shallow_update = 0;
1864 return;
1865 }
1866
1867 for (cmd = commands; cmd; cmd = cmd->next) {
1868 if (is_null_oid(&cmd->new_oid))
1869 continue;
1870 oid_array_append(ref, &cmd->new_oid);
1871 cmd->index = ref->nr - 1;
1872 }
1873 si->ref = ref;
1874
1875 if (shallow_update) {
1876 prepare_shallow_update(commands, si);
1877 return;
1878 }
1879
1880 ALLOC_ARRAY(ref_status, ref->nr);
1881 assign_shallow_commits_to_refs(si, NULL, ref_status);
1882 for (cmd = commands; cmd; cmd = cmd->next) {
1883 if (is_null_oid(&cmd->new_oid))
1884 continue;
1885 if (ref_status[cmd->index]) {
1886 cmd->error_string = "shallow update not allowed";
1887 cmd->skip_update = 1;
1888 }
1889 }
1890 free(ref_status);
1891}
1892
1893static void report(struct command *commands, const char *unpack_status)
1894{
1895 struct command *cmd;
1896 struct strbuf buf = STRBUF_INIT;
1897
1898 packet_buf_write(&buf, "unpack %s\n",
1899 unpack_status ? unpack_status : "ok");
1900 for (cmd = commands; cmd; cmd = cmd->next) {
1901 if (!cmd->error_string)
1902 packet_buf_write(&buf, "ok %s\n",
1903 cmd->ref_name);
1904 else
1905 packet_buf_write(&buf, "ng %s %s\n",
1906 cmd->ref_name, cmd->error_string);
1907 }
1908 packet_buf_flush(&buf);
1909
1910 if (use_sideband)
1911 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1912 else
1913 write_or_die(1, buf.buf, buf.len);
1914 strbuf_release(&buf);
1915}
1916
1917static int delete_only(struct command *commands)
1918{
1919 struct command *cmd;
1920 for (cmd = commands; cmd; cmd = cmd->next) {
1921 if (!is_null_oid(&cmd->new_oid))
1922 return 0;
1923 }
1924 return 1;
1925}
1926
1927int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1928{
1929 int advertise_refs = 0;
1930 struct command *commands;
1931 struct oid_array shallow = OID_ARRAY_INIT;
1932 struct oid_array ref = OID_ARRAY_INIT;
1933 struct shallow_info si;
1934
1935 struct option options[] = {
1936 OPT__QUIET(&quiet, N_("quiet")),
1937 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1938 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1939 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1940 OPT_END()
1941 };
1942
1943 packet_trace_identity("receive-pack");
1944
1945 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1946
1947 if (argc > 1)
1948 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1949 if (argc == 0)
1950 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1951
1952 service_dir = argv[0];
1953
1954 setup_path();
1955
1956 if (!enter_repo(service_dir, 0))
1957 die("'%s' does not appear to be a git repository", service_dir);
1958
1959 git_config(receive_pack_config, NULL);
1960 if (cert_nonce_seed)
1961 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1962
1963 if (0 <= transfer_unpack_limit)
1964 unpack_limit = transfer_unpack_limit;
1965 else if (0 <= receive_unpack_limit)
1966 unpack_limit = receive_unpack_limit;
1967
1968 switch (determine_protocol_version_server()) {
1969 case protocol_v2:
1970 /*
1971 * push support for protocol v2 has not been implemented yet,
1972 * so ignore the request to use v2 and fallback to using v0.
1973 */
1974 break;
1975 case protocol_v1:
1976 /*
1977 * v1 is just the original protocol with a version string,
1978 * so just fall through after writing the version string.
1979 */
1980 if (advertise_refs || !stateless_rpc)
1981 packet_write_fmt(1, "version 1\n");
1982
1983 /* fallthrough */
1984 case protocol_v0:
1985 break;
1986 case protocol_unknown_version:
1987 BUG("unknown protocol version");
1988 }
1989
1990 if (advertise_refs || !stateless_rpc) {
1991 write_head_info();
1992 }
1993 if (advertise_refs)
1994 return 0;
1995
1996 if ((commands = read_head_info(&shallow)) != NULL) {
1997 const char *unpack_status = NULL;
1998 struct string_list push_options = STRING_LIST_INIT_DUP;
1999
2000 if (use_push_options)
2001 read_push_options(&push_options);
2002 if (!check_cert_push_options(&push_options)) {
2003 struct command *cmd;
2004 for (cmd = commands; cmd; cmd = cmd->next)
2005 cmd->error_string = "inconsistent push options";
2006 }
2007
2008 prepare_shallow_info(&si, &shallow);
2009 if (!si.nr_ours && !si.nr_theirs)
2010 shallow_update = 0;
2011 if (!delete_only(commands)) {
2012 unpack_status = unpack_with_sideband(&si);
2013 update_shallow_info(commands, &si, &ref);
2014 }
2015 use_keepalive = KEEPALIVE_ALWAYS;
2016 execute_commands(commands, unpack_status, &si,
2017 &push_options);
2018 if (pack_lockfile)
2019 unlink_or_warn(pack_lockfile);
2020 if (report_status)
2021 report(commands, unpack_status);
2022 run_receive_hook(commands, "post-receive", 1,
2023 &push_options);
2024 run_update_post_hook(commands);
2025 string_list_clear(&push_options, 0);
2026 if (auto_gc) {
2027 const char *argv_gc_auto[] = {
2028 "gc", "--auto", "--quiet", NULL,
2029 };
2030 struct child_process proc = CHILD_PROCESS_INIT;
2031
2032 proc.no_stdin = 1;
2033 proc.stdout_to_stderr = 1;
2034 proc.err = use_sideband ? -1 : 0;
2035 proc.git_cmd = 1;
2036 proc.argv = argv_gc_auto;
2037
2038 close_all_packs(the_repository->objects);
2039 if (!start_command(&proc)) {
2040 if (use_sideband)
2041 copy_to_sideband(proc.err, -1, NULL);
2042 finish_command(&proc);
2043 }
2044 }
2045 if (auto_update_server_info)
2046 update_server_info(0);
2047 clear_shallow_info(&si);
2048 }
2049 if (use_sideband)
2050 packet_flush(1);
2051 oid_array_clear(&shallow);
2052 oid_array_clear(&ref);
2053 free((void *)push_cert_nonce);
2054 return 0;
2055}