1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "protocol.h"
29static const char * const receive_pack_usage[] = {
31 N_("git receive-pack <git-dir>"),
32 NULL
33};
34enum deny_action {
36 DENY_UNCONFIGURED,
37 DENY_IGNORE,
38 DENY_WARN,
39 DENY_REFUSE,
40 DENY_UPDATE_INSTEAD
41};
42static int deny_deletes;
44static int deny_non_fast_forwards;
45static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
46static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
47static int receive_fsck_objects = -1;
48static int transfer_fsck_objects = -1;
49static struct strbuf fsck_msg_types = STRBUF_INIT;
50static int receive_unpack_limit = -1;
51static int transfer_unpack_limit = -1;
52static int advertise_atomic_push = 1;
53static int advertise_push_options;
54static int unpack_limit = 100;
55static off_t max_input_size;
56static int report_status;
57static int use_sideband;
58static int use_atomic;
59static int use_push_options;
60static int quiet;
61static int prefer_ofs_delta = 1;
62static int auto_update_server_info;
63static int auto_gc = 1;
64static int reject_thin;
65static int stateless_rpc;
66static const char *service_dir;
67static const char *head_name;
68static void *head_name_to_free;
69static int sent_capabilities;
70static int shallow_update;
71static const char *alt_shallow_file;
72static struct strbuf push_cert = STRBUF_INIT;
73static struct object_id push_cert_oid;
74static struct signature_check sigcheck;
75static const char *push_cert_nonce;
76static const char *cert_nonce_seed;
77static const char *NONCE_UNSOLICITED = "UNSOLICITED";
79static const char *NONCE_BAD = "BAD";
80static const char *NONCE_MISSING = "MISSING";
81static const char *NONCE_OK = "OK";
82static const char *NONCE_SLOP = "SLOP";
83static const char *nonce_status;
84static long nonce_stamp_slop;
85static timestamp_t nonce_stamp_slop_limit;
86static struct ref_transaction *transaction;
87static enum {
89 KEEPALIVE_NEVER = 0,
90 KEEPALIVE_AFTER_NUL,
91 KEEPALIVE_ALWAYS
92} use_keepalive;
93static int keepalive_in_sec = 5;
94static struct tmp_objdir *tmp_objdir;
96static enum deny_action parse_deny_action(const char *var, const char *value)
98{
99 if (value) {
100 if (!strcasecmp(value, "ignore"))
101 return DENY_IGNORE;
102 if (!strcasecmp(value, "warn"))
103 return DENY_WARN;
104 if (!strcasecmp(value, "refuse"))
105 return DENY_REFUSE;
106 if (!strcasecmp(value, "updateinstead"))
107 return DENY_UPDATE_INSTEAD;
108 }
109 if (git_config_bool(var, value))
110 return DENY_REFUSE;
111 return DENY_IGNORE;
112}
113static int receive_pack_config(const char *var, const char *value, void *cb)
115{
116 int status = parse_hide_refs_config(var, value, "receive");
117 if (status)
119 return status;
120 if (strcmp(var, "receive.denydeletes") == 0) {
122 deny_deletes = git_config_bool(var, value);
123 return 0;
124 }
125 if (strcmp(var, "receive.denynonfastforwards") == 0) {
127 deny_non_fast_forwards = git_config_bool(var, value);
128 return 0;
129 }
130 if (strcmp(var, "receive.unpacklimit") == 0) {
132 receive_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135 if (strcmp(var, "transfer.unpacklimit") == 0) {
137 transfer_unpack_limit = git_config_int(var, value);
138 return 0;
139 }
140 if (strcmp(var, "receive.fsck.skiplist") == 0) {
142 const char *path;
143 if (git_config_pathname(&path, var, value))
145 return 1;
146 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
147 fsck_msg_types.len ? ',' : '=', path);
148 free((char *)path);
149 return 0;
150 }
151 if (skip_prefix(var, "receive.fsck.", &var)) {
153 if (is_valid_msg_type(var, value))
154 strbuf_addf(&fsck_msg_types, "%c%s=%s",
155 fsck_msg_types.len ? ',' : '=', var, value);
156 else
157 warning("Skipping unknown msg id '%s'", var);
158 return 0;
159 }
160 if (strcmp(var, "receive.fsckobjects") == 0) {
162 receive_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165 if (strcmp(var, "transfer.fsckobjects") == 0) {
167 transfer_fsck_objects = git_config_bool(var, value);
168 return 0;
169 }
170 if (!strcmp(var, "receive.denycurrentbranch")) {
172 deny_current_branch = parse_deny_action(var, value);
173 return 0;
174 }
175 if (strcmp(var, "receive.denydeletecurrent") == 0) {
177 deny_delete_current = parse_deny_action(var, value);
178 return 0;
179 }
180 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
182 prefer_ofs_delta = git_config_bool(var, value);
183 return 0;
184 }
185 if (strcmp(var, "receive.updateserverinfo") == 0) {
187 auto_update_server_info = git_config_bool(var, value);
188 return 0;
189 }
190 if (strcmp(var, "receive.autogc") == 0) {
192 auto_gc = git_config_bool(var, value);
193 return 0;
194 }
195 if (strcmp(var, "receive.shallowupdate") == 0) {
197 shallow_update = git_config_bool(var, value);
198 return 0;
199 }
200 if (strcmp(var, "receive.certnonceseed") == 0)
202 return git_config_string(&cert_nonce_seed, var, value);
203 if (strcmp(var, "receive.certnonceslop") == 0) {
205 nonce_stamp_slop_limit = git_config_ulong(var, value);
206 return 0;
207 }
208 if (strcmp(var, "receive.advertiseatomic") == 0) {
210 advertise_atomic_push = git_config_bool(var, value);
211 return 0;
212 }
213 if (strcmp(var, "receive.advertisepushoptions") == 0) {
215 advertise_push_options = git_config_bool(var, value);
216 return 0;
217 }
218 if (strcmp(var, "receive.keepalive") == 0) {
220 keepalive_in_sec = git_config_int(var, value);
221 return 0;
222 }
223 if (strcmp(var, "receive.maxinputsize") == 0) {
225 max_input_size = git_config_int64(var, value);
226 return 0;
227 }
228 return git_default_config(var, value, cb);
230}
231static void show_ref(const char *path, const struct object_id *oid)
233{
234 if (sent_capabilities) {
235 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
236 } else {
237 struct strbuf cap = STRBUF_INIT;
238 strbuf_addstr(&cap,
240 "report-status delete-refs side-band-64k quiet");
241 if (advertise_atomic_push)
242 strbuf_addstr(&cap, " atomic");
243 if (prefer_ofs_delta)
244 strbuf_addstr(&cap, " ofs-delta");
245 if (push_cert_nonce)
246 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
247 if (advertise_push_options)
248 strbuf_addstr(&cap, " push-options");
249 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
250 packet_write_fmt(1, "%s %s%c%s\n",
251 oid_to_hex(oid), path, 0, cap.buf);
252 strbuf_release(&cap);
253 sent_capabilities = 1;
254 }
255}
256static int show_ref_cb(const char *path_full, const struct object_id *oid,
258 int flag, void *data)
259{
260 struct oidset *seen = data;
261 const char *path = strip_namespace(path_full);
262 if (ref_is_hidden(path, path_full))
264 return 0;
265 /*
267 * Advertise refs outside our current namespace as ".have"
268 * refs, so that the client can use them to minimize data
269 * transfer but will otherwise ignore them.
270 */
271 if (!path) {
272 if (oidset_insert(seen, oid))
273 return 0;
274 path = ".have";
275 } else {
276 oidset_insert(seen, oid);
277 }
278 show_ref(path, oid);
279 return 0;
280}
281static void show_one_alternate_ref(const char *refname,
283 const struct object_id *oid,
284 void *data)
285{
286 struct oidset *seen = data;
287 if (oidset_insert(seen, oid))
289 return;
290 show_ref(".have", oid);
292}
293static void write_head_info(void)
295{
296 static struct oidset seen = OIDSET_INIT;
297 for_each_ref(show_ref_cb, &seen);
299 for_each_alternate_ref(show_one_alternate_ref, &seen);
300 oidset_clear(&seen);
301 if (!sent_capabilities)
302 show_ref("capabilities^{}", &null_oid);
303 advertise_shallow_grafts(1);
305 /* EOF */
307 packet_flush(1);
308}
309struct command {
311 struct command *next;
312 const char *error_string;
313 unsigned int skip_update:1,
314 did_not_exist:1;
315 int index;
316 struct object_id old_oid;
317 struct object_id new_oid;
318 char ref_name[FLEX_ARRAY]; /* more */
319};
320static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
322static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void report_message(const char *prefix, const char *err, va_list params)
325{
326 int sz;
327 char msg[4096];
328 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
330 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
331 if (sz > (sizeof(msg) - 1))
332 sz = sizeof(msg) - 1;
333 msg[sz++] = '\n';
334 if (use_sideband)
336 send_sideband(1, 2, msg, sz, use_sideband);
337 else
338 xwrite(2, msg, sz);
339}
340static void rp_warning(const char *err, ...)
342{
343 va_list params;
344 va_start(params, err);
345 report_message("warning: ", err, params);
346 va_end(params);
347}
348static void rp_error(const char *err, ...)
350{
351 va_list params;
352 va_start(params, err);
353 report_message("error: ", err, params);
354 va_end(params);
355}
356static int copy_to_sideband(int in, int out, void *arg)
358{
359 char data[128];
360 int keepalive_active = 0;
361 if (keepalive_in_sec <= 0)
363 use_keepalive = KEEPALIVE_NEVER;
364 if (use_keepalive == KEEPALIVE_ALWAYS)
365 keepalive_active = 1;
366 while (1) {
368 ssize_t sz;
369 if (keepalive_active) {
371 struct pollfd pfd;
372 int ret;
373 pfd.fd = in;
375 pfd.events = POLLIN;
376 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
377 if (ret < 0) {
379 if (errno == EINTR)
380 continue;
381 else
382 break;
383 } else if (ret == 0) {
384 /* no data; send a keepalive packet */
385 static const char buf[] = "0005\1";
386 write_or_die(1, buf, sizeof(buf) - 1);
387 continue;
388 } /* else there is actual data to read */
389 }
390 sz = xread(in, data, sizeof(data));
392 if (sz <= 0)
393 break;
394 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
396 const char *p = memchr(data, '\0', sz);
397 if (p) {
398 /*
399 * The NUL tells us to start sending keepalives. Make
400 * sure we send any other data we read along
401 * with it.
402 */
403 keepalive_active = 1;
404 send_sideband(1, 2, data, p - data, use_sideband);
405 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
406 continue;
407 }
408 }
409 /*
411 * Either we're not looking for a NUL signal, or we didn't see
412 * it yet; just pass along the data.
413 */
414 send_sideband(1, 2, data, sz, use_sideband);
415 }
416 close(in);
417 return 0;
418}
419#define HMAC_BLOCK_SIZE 64
421static void hmac_sha1(unsigned char *out,
423 const char *key_in, size_t key_len,
424 const char *text, size_t text_len)
425{
426 unsigned char key[HMAC_BLOCK_SIZE];
427 unsigned char k_ipad[HMAC_BLOCK_SIZE];
428 unsigned char k_opad[HMAC_BLOCK_SIZE];
429 int i;
430 git_SHA_CTX ctx;
431 /* RFC 2104 2. (1) */
433 memset(key, '\0', HMAC_BLOCK_SIZE);
434 if (HMAC_BLOCK_SIZE < key_len) {
435 git_SHA1_Init(&ctx);
436 git_SHA1_Update(&ctx, key_in, key_len);
437 git_SHA1_Final(key, &ctx);
438 } else {
439 memcpy(key, key_in, key_len);
440 }
441 /* RFC 2104 2. (2) & (5) */
443 for (i = 0; i < sizeof(key); i++) {
444 k_ipad[i] = key[i] ^ 0x36;
445 k_opad[i] = key[i] ^ 0x5c;
446 }
447 /* RFC 2104 2. (3) & (4) */
449 git_SHA1_Init(&ctx);
450 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
451 git_SHA1_Update(&ctx, text, text_len);
452 git_SHA1_Final(out, &ctx);
453 /* RFC 2104 2. (6) & (7) */
455 git_SHA1_Init(&ctx);
456 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
457 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
458 git_SHA1_Final(out, &ctx);
459}
460static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462{
463 struct strbuf buf = STRBUF_INIT;
464 unsigned char sha1[GIT_SHA1_RAWSZ];
465 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
468 strbuf_release(&buf);
469 /* RFC 2104 5. HMAC-SHA1-80 */
471 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
472 return strbuf_detach(&buf, NULL);
473}
474/*
476 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
477 * after dropping "_commit" from its name and possibly moving it out
478 * of commit.c
479 */
480static char *find_header(const char *msg, size_t len, const char *key,
481 const char **next_line)
482{
483 int key_len = strlen(key);
484 const char *line = msg;
485 while (line && line < msg + len) {
487 const char *eol = strchrnul(line, '\n');
488 if ((msg + len <= eol) || line == eol)
490 return NULL;
491 if (line + key_len < eol &&
492 !memcmp(line, key, key_len) && line[key_len] == ' ') {
493 int offset = key_len + 1;
494 if (next_line)
495 *next_line = *eol ? eol + 1 : eol;
496 return xmemdupz(line + offset, (eol - line) - offset);
497 }
498 line = *eol ? eol + 1 : NULL;
499 }
500 return NULL;
501}
502static const char *check_nonce(const char *buf, size_t len)
504{
505 char *nonce = find_header(buf, len, "nonce", NULL);
506 timestamp_t stamp, ostamp;
507 char *bohmac, *expect = NULL;
508 const char *retval = NONCE_BAD;
509 if (!nonce) {
511 retval = NONCE_MISSING;
512 goto leave;
513 } else if (!push_cert_nonce) {
514 retval = NONCE_UNSOLICITED;
515 goto leave;
516 } else if (!strcmp(push_cert_nonce, nonce)) {
517 retval = NONCE_OK;
518 goto leave;
519 }
520 if (!stateless_rpc) {
522 /* returned nonce MUST match what we gave out earlier */
523 retval = NONCE_BAD;
524 goto leave;
525 }
526 /*
528 * In stateless mode, we may be receiving a nonce issued by
529 * another instance of the server that serving the same
530 * repository, and the timestamps may not match, but the
531 * nonce-seed and dir should match, so we can recompute and
532 * report the time slop.
533 *
534 * In addition, when a nonce issued by another instance has
535 * timestamp within receive.certnonceslop seconds, we pretend
536 * as if we issued that nonce when reporting to the hook.
537 */
538 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
540 if (*nonce <= '0' || '9' < *nonce) {
541 retval = NONCE_BAD;
542 goto leave;
543 }
544 stamp = parse_timestamp(nonce, &bohmac, 10);
545 if (bohmac == nonce || bohmac[0] != '-') {
546 retval = NONCE_BAD;
547 goto leave;
548 }
549 expect = prepare_push_cert_nonce(service_dir, stamp);
551 if (strcmp(expect, nonce)) {
552 /* Not what we would have signed earlier */
553 retval = NONCE_BAD;
554 goto leave;
555 }
556 /*
558 * By how many seconds is this nonce stale? Negative value
559 * would mean it was issued by another server with its clock
560 * skewed in the future.
561 */
562 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
563 nonce_stamp_slop = (long)ostamp - (long)stamp;
564 if (nonce_stamp_slop_limit &&
566 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
567 /*
568 * Pretend as if the received nonce (which passes the
569 * HMAC check, so it is not a forged by third-party)
570 * is what we issued.
571 */
572 free((void *)push_cert_nonce);
573 push_cert_nonce = xstrdup(nonce);
574 retval = NONCE_OK;
575 } else {
576 retval = NONCE_SLOP;
577 }
578leave:
580 free(nonce);
581 free(expect);
582 return retval;
583}
584/*
586 * Return 1 if there is no push_cert or if the push options in push_cert are
587 * the same as those in the argument; 0 otherwise.
588 */
589static int check_cert_push_options(const struct string_list *push_options)
590{
591 const char *buf = push_cert.buf;
592 int len = push_cert.len;
593 char *option;
595 const char *next_line;
596 int options_seen = 0;
597 int retval = 1;
599 if (!len)
601 return 1;
602 while ((option = find_header(buf, len, "push-option", &next_line))) {
604 len -= (next_line - buf);
605 buf = next_line;
606 options_seen++;
607 if (options_seen > push_options->nr
608 || strcmp(option,
609 push_options->items[options_seen - 1].string)) {
610 retval = 0;
611 goto leave;
612 }
613 free(option);
614 }
615 if (options_seen != push_options->nr)
617 retval = 0;
618leave:
620 free(option);
621 return retval;
622}
623static void prepare_push_cert_sha1(struct child_process *proc)
625{
626 static int already_done;
627 if (!push_cert.len)
629 return;
630 if (!already_done) {
632 int bogs /* beginning_of_gpg_sig */;
633 already_done = 1;
635 if (write_object_file(push_cert.buf, push_cert.len, "blob",
636 &push_cert_oid))
637 oidclr(&push_cert_oid);
638 memset(&sigcheck, '\0', sizeof(sigcheck));
640 bogs = parse_signature(push_cert.buf, push_cert.len);
642 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
643 push_cert.len - bogs, &sigcheck);
644 nonce_status = check_nonce(push_cert.buf, bogs);
646 }
647 if (!is_null_oid(&push_cert_oid)) {
648 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
649 oid_to_hex(&push_cert_oid));
650 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
651 sigcheck.signer ? sigcheck.signer : "");
652 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
653 sigcheck.key ? sigcheck.key : "");
654 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
655 sigcheck.result);
656 if (push_cert_nonce) {
657 argv_array_pushf(&proc->env_array,
658 "GIT_PUSH_CERT_NONCE=%s",
659 push_cert_nonce);
660 argv_array_pushf(&proc->env_array,
661 "GIT_PUSH_CERT_NONCE_STATUS=%s",
662 nonce_status);
663 if (nonce_status == NONCE_SLOP)
664 argv_array_pushf(&proc->env_array,
665 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
666 nonce_stamp_slop);
667 }
668 }
669}
670struct receive_hook_feed_state {
672 struct command *cmd;
673 int skip_broken;
674 struct strbuf buf;
675 const struct string_list *push_options;
676};
677typedef int (*feed_fn)(void *, const char **, size_t *);
679static int run_and_feed_hook(const char *hook_name, feed_fn feed,
680 struct receive_hook_feed_state *feed_state)
681{
682 struct child_process proc = CHILD_PROCESS_INIT;
683 struct async muxer;
684 const char *argv[2];
685 int code;
686 argv[0] = find_hook(hook_name);
688 if (!argv[0])
689 return 0;
690 argv[1] = NULL;
692 proc.argv = argv;
694 proc.in = -1;
695 proc.stdout_to_stderr = 1;
696 if (feed_state->push_options) {
697 int i;
698 for (i = 0; i < feed_state->push_options->nr; i++)
699 argv_array_pushf(&proc.env_array,
700 "GIT_PUSH_OPTION_%d=%s", i,
701 feed_state->push_options->items[i].string);
702 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
703 feed_state->push_options->nr);
704 } else
705 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
706 if (tmp_objdir)
708 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
709 if (use_sideband) {
711 memset(&muxer, 0, sizeof(muxer));
712 muxer.proc = copy_to_sideband;
713 muxer.in = -1;
714 code = start_async(&muxer);
715 if (code)
716 return code;
717 proc.err = muxer.in;
718 }
719 prepare_push_cert_sha1(&proc);
721 code = start_command(&proc);
723 if (code) {
724 if (use_sideband)
725 finish_async(&muxer);
726 return code;
727 }
728 sigchain_push(SIGPIPE, SIG_IGN);
730 while (1) {
732 const char *buf;
733 size_t n;
734 if (feed(feed_state, &buf, &n))
735 break;
736 if (write_in_full(proc.in, buf, n) < 0)
737 break;
738 }
739 close(proc.in);
740 if (use_sideband)
741 finish_async(&muxer);
742 sigchain_pop(SIGPIPE);
744 return finish_command(&proc);
746}
747static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
749{
750 struct receive_hook_feed_state *state = state_;
751 struct command *cmd = state->cmd;
752 while (cmd &&
754 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
755 cmd = cmd->next;
756 if (!cmd)
757 return -1; /* EOF */
758 strbuf_reset(&state->buf);
759 strbuf_addf(&state->buf, "%s %s %s\n",
760 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
761 cmd->ref_name);
762 state->cmd = cmd->next;
763 if (bufp) {
764 *bufp = state->buf.buf;
765 *sizep = state->buf.len;
766 }
767 return 0;
768}
769static int run_receive_hook(struct command *commands,
771 const char *hook_name,
772 int skip_broken,
773 const struct string_list *push_options)
774{
775 struct receive_hook_feed_state state;
776 int status;
777 strbuf_init(&state.buf, 0);
779 state.cmd = commands;
780 state.skip_broken = skip_broken;
781 if (feed_receive_hook(&state, NULL, NULL))
782 return 0;
783 state.cmd = commands;
784 state.push_options = push_options;
785 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
786 strbuf_release(&state.buf);
787 return status;
788}
789static int run_update_hook(struct command *cmd)
791{
792 const char *argv[5];
793 struct child_process proc = CHILD_PROCESS_INIT;
794 int code;
795 argv[0] = find_hook("update");
797 if (!argv[0])
798 return 0;
799 argv[1] = cmd->ref_name;
801 argv[2] = oid_to_hex(&cmd->old_oid);
802 argv[3] = oid_to_hex(&cmd->new_oid);
803 argv[4] = NULL;
804 proc.no_stdin = 1;
806 proc.stdout_to_stderr = 1;
807 proc.err = use_sideband ? -1 : 0;
808 proc.argv = argv;
809 code = start_command(&proc);
811 if (code)
812 return code;
813 if (use_sideband)
814 copy_to_sideband(proc.err, -1, NULL);
815 return finish_command(&proc);
816}
817static int is_ref_checked_out(const char *ref)
819{
820 if (is_bare_repository())
821 return 0;
822 if (!head_name)
824 return 0;
825 return !strcmp(head_name, ref);
826}
827static char *refuse_unconfigured_deny_msg =
829 N_("By default, updating the current branch in a non-bare repository\n"
830 "is denied, because it will make the index and work tree inconsistent\n"
831 "with what you pushed, and will require 'git reset --hard' to match\n"
832 "the work tree to HEAD.\n"
833 "\n"
834 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
835 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
836 "its current branch; however, this is not recommended unless you\n"
837 "arranged to update its work tree to match what you pushed in some\n"
838 "other way.\n"
839 "\n"
840 "To squelch this message and still keep the default behaviour, set\n"
841 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
842static void refuse_unconfigured_deny(void)
844{
845 rp_error("%s", _(refuse_unconfigured_deny_msg));
846}
847static char *refuse_unconfigured_deny_delete_current_msg =
849 N_("By default, deleting the current branch is denied, because the next\n"
850 "'git clone' won't result in any file checked out, causing confusion.\n"
851 "\n"
852 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
853 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
854 "current branch, with or without a warning message.\n"
855 "\n"
856 "To squelch this message, you can set it to 'refuse'.");
857static void refuse_unconfigured_deny_delete_current(void)
859{
860 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
861}
862static int command_singleton_iterator(void *cb_data, struct object_id *oid);
864static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
865{
866 struct lock_file shallow_lock = LOCK_INIT;
867 struct oid_array extra = OID_ARRAY_INIT;
868 struct check_connected_options opt = CHECK_CONNECTED_INIT;
869 uint32_t mask = 1 << (cmd->index % 32);
870 int i;
871 trace_printf_key(&trace_shallow,
873 "shallow: update_shallow_ref %s\n", cmd->ref_name);
874 for (i = 0; i < si->shallow->nr; i++)
875 if (si->used_shallow[i] &&
876 (si->used_shallow[i][cmd->index / 32] & mask) &&
877 !delayed_reachability_test(si, i))
878 oid_array_append(&extra, &si->shallow->oid[i]);
879 opt.env = tmp_objdir_env(tmp_objdir);
881 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
882 if (check_connected(command_singleton_iterator, cmd, &opt)) {
883 rollback_lock_file(&shallow_lock);
884 oid_array_clear(&extra);
885 return -1;
886 }
887 commit_lock_file(&shallow_lock);
889 /*
891 * Make sure setup_alternate_shallow() for the next ref does
892 * not lose these new roots..
893 */
894 for (i = 0; i < extra.nr; i++)
895 register_shallow(&extra.oid[i]);
896 si->shallow_ref[cmd->index] = 0;
898 oid_array_clear(&extra);
899 return 0;
900}
901/*
903 * NEEDSWORK: we should consolidate various implementions of "are we
904 * on an unborn branch?" test into one, and make the unified one more
905 * robust. !get_sha1() based check used here and elsewhere would not
906 * allow us to tell an unborn branch from corrupt ref, for example.
907 * For the purpose of fixing "deploy-to-update does not work when
908 * pushing into an empty repository" issue, this should suffice for
909 * now.
910 */
911static int head_has_history(void)
912{
913 struct object_id oid;
914 return !get_oid("HEAD", &oid);
916}
917static const char *push_to_deploy(unsigned char *sha1,
919 struct argv_array *env,
920 const char *work_tree)
921{
922 const char *update_refresh[] = {
923 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
924 };
925 const char *diff_files[] = {
926 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
927 };
928 const char *diff_index[] = {
929 "diff-index", "--quiet", "--cached", "--ignore-submodules",
930 NULL, "--", NULL
931 };
932 const char *read_tree[] = {
933 "read-tree", "-u", "-m", NULL, NULL
934 };
935 struct child_process child = CHILD_PROCESS_INIT;
936 child.argv = update_refresh;
938 child.env = env->argv;
939 child.dir = work_tree;
940 child.no_stdin = 1;
941 child.stdout_to_stderr = 1;
942 child.git_cmd = 1;
943 if (run_command(&child))
944 return "Up-to-date check failed";
945 /* run_command() does not clean up completely; reinitialize */
947 child_process_init(&child);
948 child.argv = diff_files;
949 child.env = env->argv;
950 child.dir = work_tree;
951 child.no_stdin = 1;
952 child.stdout_to_stderr = 1;
953 child.git_cmd = 1;
954 if (run_command(&child))
955 return "Working directory has unstaged changes";
956 /* diff-index with either HEAD or an empty tree */
958 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
959 child_process_init(&child);
961 child.argv = diff_index;
962 child.env = env->argv;
963 child.no_stdin = 1;
964 child.no_stdout = 1;
965 child.stdout_to_stderr = 0;
966 child.git_cmd = 1;
967 if (run_command(&child))
968 return "Working directory has staged changes";
969 read_tree[3] = sha1_to_hex(sha1);
971 child_process_init(&child);
972 child.argv = read_tree;
973 child.env = env->argv;
974 child.dir = work_tree;
975 child.no_stdin = 1;
976 child.no_stdout = 1;
977 child.stdout_to_stderr = 0;
978 child.git_cmd = 1;
979 if (run_command(&child))
980 return "Could not update working tree to new HEAD";
981 return NULL;
983}
984static const char *push_to_checkout_hook = "push-to-checkout";
986static const char *push_to_checkout(unsigned char *sha1,
988 struct argv_array *env,
989 const char *work_tree)
990{
991 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
992 if (run_hook_le(env->argv, push_to_checkout_hook,
993 sha1_to_hex(sha1), NULL))
994 return "push-to-checkout hook declined";
995 else
996 return NULL;
997}
998static const char *update_worktree(unsigned char *sha1)
1000{
1001 const char *retval;
1002 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1003 struct argv_array env = ARGV_ARRAY_INIT;
1004 if (is_bare_repository())
1006 return "denyCurrentBranch = updateInstead needs a worktree";
1007 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1009 if (!find_hook(push_to_checkout_hook))
1011 retval = push_to_deploy(sha1, &env, work_tree);
1012 else
1013 retval = push_to_checkout(sha1, &env, work_tree);
1014 argv_array_clear(&env);
1016 return retval;
1017}
1018static const char *update(struct command *cmd, struct shallow_info *si)
1020{
1021 const char *name = cmd->ref_name;
1022 struct strbuf namespaced_name_buf = STRBUF_INIT;
1023 static char *namespaced_name;
1024 const char *ret;
1025 struct object_id *old_oid = &cmd->old_oid;
1026 struct object_id *new_oid = &cmd->new_oid;
1027 /* only refs/... are allowed */
1029 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1030 rp_error("refusing to create funny ref '%s' remotely", name);
1031 return "funny refname";
1032 }
1033 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1035 free(namespaced_name);
1036 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1037 if (is_ref_checked_out(namespaced_name)) {
1039 switch (deny_current_branch) {
1040 case DENY_IGNORE:
1041 break;
1042 case DENY_WARN:
1043 rp_warning("updating the current branch");
1044 break;
1045 case DENY_REFUSE:
1046 case DENY_UNCONFIGURED:
1047 rp_error("refusing to update checked out branch: %s", name);
1048 if (deny_current_branch == DENY_UNCONFIGURED)
1049 refuse_unconfigured_deny();
1050 return "branch is currently checked out";
1051 case DENY_UPDATE_INSTEAD:
1052 ret = update_worktree(new_oid->hash);
1053 if (ret)
1054 return ret;
1055 break;
1056 }
1057 }
1058 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1060 error("unpack should have generated %s, "
1061 "but I can't find it!", oid_to_hex(new_oid));
1062 return "bad pack";
1063 }
1064 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1066 if (deny_deletes && starts_with(name, "refs/heads/")) {
1067 rp_error("denying ref deletion for %s", name);
1068 return "deletion prohibited";
1069 }
1070 if (head_name && !strcmp(namespaced_name, head_name)) {
1072 switch (deny_delete_current) {
1073 case DENY_IGNORE:
1074 break;
1075 case DENY_WARN:
1076 rp_warning("deleting the current branch");
1077 break;
1078 case DENY_REFUSE:
1079 case DENY_UNCONFIGURED:
1080 case DENY_UPDATE_INSTEAD:
1081 if (deny_delete_current == DENY_UNCONFIGURED)
1082 refuse_unconfigured_deny_delete_current();
1083 rp_error("refusing to delete the current branch: %s", name);
1084 return "deletion of the current branch prohibited";
1085 default:
1086 return "Invalid denyDeleteCurrent setting";
1087 }
1088 }
1089 }
1090 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1092 !is_null_oid(old_oid) &&
1093 starts_with(name, "refs/heads/")) {
1094 struct object *old_object, *new_object;
1095 struct commit *old_commit, *new_commit;
1096 old_object = parse_object(old_oid);
1098 new_object = parse_object(new_oid);
1099 if (!old_object || !new_object ||
1101 old_object->type != OBJ_COMMIT ||
1102 new_object->type != OBJ_COMMIT) {
1103 error("bad sha1 objects for %s", name);
1104 return "bad ref";
1105 }
1106 old_commit = (struct commit *)old_object;
1107 new_commit = (struct commit *)new_object;
1108 if (!in_merge_bases(old_commit, new_commit)) {
1109 rp_error("denying non-fast-forward %s"
1110 " (you should pull first)", name);
1111 return "non-fast-forward";
1112 }
1113 }
1114 if (run_update_hook(cmd)) {
1115 rp_error("hook declined to update %s", name);
1116 return "hook declined";
1117 }
1118 if (is_null_oid(new_oid)) {
1120 struct strbuf err = STRBUF_INIT;
1121 if (!parse_object(old_oid)) {
1122 old_oid = NULL;
1123 if (ref_exists(name)) {
1124 rp_warning("Allowing deletion of corrupt ref.");
1125 } else {
1126 rp_warning("Deleting a non-existent ref.");
1127 cmd->did_not_exist = 1;
1128 }
1129 }
1130 if (ref_transaction_delete(transaction,
1131 namespaced_name,
1132 old_oid,
1133 0, "push", &err)) {
1134 rp_error("%s", err.buf);
1135 strbuf_release(&err);
1136 return "failed to delete";
1137 }
1138 strbuf_release(&err);
1139 return NULL; /* good */
1140 }
1141 else {
1142 struct strbuf err = STRBUF_INIT;
1143 if (shallow_update && si->shallow_ref[cmd->index] &&
1144 update_shallow_ref(cmd, si))
1145 return "shallow error";
1146 if (ref_transaction_update(transaction,
1148 namespaced_name,
1149 new_oid, old_oid,
1150 0, "push",
1151 &err)) {
1152 rp_error("%s", err.buf);
1153 strbuf_release(&err);
1154 return "failed to update ref";
1156 }
1157 strbuf_release(&err);
1158 return NULL; /* good */
1160 }
1161}
1162static void run_update_post_hook(struct command *commands)
1164{
1165 struct command *cmd;
1166 struct child_process proc = CHILD_PROCESS_INIT;
1167 const char *hook;
1168 hook = find_hook("post-update");
1170 if (!hook)
1171 return;
1172 for (cmd = commands; cmd; cmd = cmd->next) {
1174 if (cmd->error_string || cmd->did_not_exist)
1175 continue;
1176 if (!proc.args.argc)
1177 argv_array_push(&proc.args, hook);
1178 argv_array_push(&proc.args, cmd->ref_name);
1179 }
1180 if (!proc.args.argc)
1181 return;
1182 proc.no_stdin = 1;
1184 proc.stdout_to_stderr = 1;
1185 proc.err = use_sideband ? -1 : 0;
1186 if (!start_command(&proc)) {
1188 if (use_sideband)
1189 copy_to_sideband(proc.err, -1, NULL);
1190 finish_command(&proc);
1191 }
1192}
1193static void check_aliased_update(struct command *cmd, struct string_list *list)
1195{
1196 struct strbuf buf = STRBUF_INIT;
1197 const char *dst_name;
1198 struct string_list_item *item;
1199 struct command *dst_cmd;
1200 int flag;
1201 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1203 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1204 strbuf_release(&buf);
1205 if (!(flag & REF_ISSYMREF))
1207 return;
1208 if (!dst_name) {
1210 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1211 cmd->skip_update = 1;
1212 cmd->error_string = "broken symref";
1213 return;
1214 }
1215 dst_name = strip_namespace(dst_name);
1216 if ((item = string_list_lookup(list, dst_name)) == NULL)
1218 return;
1219 cmd->skip_update = 1;
1221 dst_cmd = (struct command *) item->util;
1223 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1225 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1226 return;
1227 dst_cmd->skip_update = 1;
1229 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1231 " its target '%s' (%s..%s)",
1232 cmd->ref_name,
1233 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1234 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1235 dst_cmd->ref_name,
1236 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1237 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1238 cmd->error_string = dst_cmd->error_string =
1240 "inconsistent aliased update";
1241}
1242static void check_aliased_updates(struct command *commands)
1244{
1245 struct command *cmd;
1246 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1247 for (cmd = commands; cmd; cmd = cmd->next) {
1249 struct string_list_item *item =
1250 string_list_append(&ref_list, cmd->ref_name);
1251 item->util = (void *)cmd;
1252 }
1253 string_list_sort(&ref_list);
1254 for (cmd = commands; cmd; cmd = cmd->next) {
1256 if (!cmd->error_string)
1257 check_aliased_update(cmd, &ref_list);
1258 }
1259 string_list_clear(&ref_list, 0);
1261}
1262static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1264{
1265 struct command **cmd_list = cb_data;
1266 struct command *cmd = *cmd_list;
1267 if (!cmd || is_null_oid(&cmd->new_oid))
1269 return -1; /* end of list */
1270 *cmd_list = NULL; /* this returns only one */
1271 oidcpy(oid, &cmd->new_oid);
1272 return 0;
1273}
1274static void set_connectivity_errors(struct command *commands,
1276 struct shallow_info *si)
1277{
1278 struct command *cmd;
1279 for (cmd = commands; cmd; cmd = cmd->next) {
1281 struct command *singleton = cmd;
1282 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1283 if (shallow_update && si->shallow_ref[cmd->index])
1285 /* to be checked in update_shallow_ref() */
1286 continue;
1287 opt.env = tmp_objdir_env(tmp_objdir);
1289 if (!check_connected(command_singleton_iterator, &singleton,
1290 &opt))
1291 continue;
1292 cmd->error_string = "missing necessary objects";
1294 }
1295}
1296struct iterate_data {
1298 struct command *cmds;
1299 struct shallow_info *si;
1300};
1301static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1303{
1304 struct iterate_data *data = cb_data;
1305 struct command **cmd_list = &data->cmds;
1306 struct command *cmd = *cmd_list;
1307 for (; cmd; cmd = cmd->next) {
1309 if (shallow_update && data->si->shallow_ref[cmd->index])
1310 /* to be checked in update_shallow_ref() */
1311 continue;
1312 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1313 oidcpy(oid, &cmd->new_oid);
1314 *cmd_list = cmd->next;
1315 return 0;
1316 }
1317 }
1318 *cmd_list = NULL;
1319 return -1; /* end of list */
1320}
1321static void reject_updates_to_hidden(struct command *commands)
1323{
1324 struct strbuf refname_full = STRBUF_INIT;
1325 size_t prefix_len;
1326 struct command *cmd;
1327 strbuf_addstr(&refname_full, get_git_namespace());
1329 prefix_len = refname_full.len;
1330 for (cmd = commands; cmd; cmd = cmd->next) {
1332 if (cmd->error_string)
1333 continue;
1334 strbuf_setlen(&refname_full, prefix_len);
1336 strbuf_addstr(&refname_full, cmd->ref_name);
1337 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1339 continue;
1340 if (is_null_oid(&cmd->new_oid))
1341 cmd->error_string = "deny deleting a hidden ref";
1342 else
1343 cmd->error_string = "deny updating a hidden ref";
1344 }
1345 strbuf_release(&refname_full);
1347}
1348static int should_process_cmd(struct command *cmd)
1350{
1351 return !cmd->error_string && !cmd->skip_update;
1352}
1353static void warn_if_skipped_connectivity_check(struct command *commands,
1355 struct shallow_info *si)
1356{
1357 struct command *cmd;
1358 int checked_connectivity = 1;
1359 for (cmd = commands; cmd; cmd = cmd->next) {
1361 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1362 error("BUG: connectivity check has not been run on ref %s",
1363 cmd->ref_name);
1364 checked_connectivity = 0;
1365 }
1366 }
1367 if (!checked_connectivity)
1368 BUG("connectivity check skipped???");
1369}
1370static void execute_commands_non_atomic(struct command *commands,
1372 struct shallow_info *si)
1373{
1374 struct command *cmd;
1375 struct strbuf err = STRBUF_INIT;
1376 for (cmd = commands; cmd; cmd = cmd->next) {
1378 if (!should_process_cmd(cmd))
1379 continue;
1380 transaction = ref_transaction_begin(&err);
1382 if (!transaction) {
1383 rp_error("%s", err.buf);
1384 strbuf_reset(&err);
1385 cmd->error_string = "transaction failed to start";
1386 continue;
1387 }
1388 cmd->error_string = update(cmd, si);
1390 if (!cmd->error_string
1392 && ref_transaction_commit(transaction, &err)) {
1393 rp_error("%s", err.buf);
1394 strbuf_reset(&err);
1395 cmd->error_string = "failed to update ref";
1396 }
1397 ref_transaction_free(transaction);
1398 }
1399 strbuf_release(&err);
1400}
1401static void execute_commands_atomic(struct command *commands,
1403 struct shallow_info *si)
1404{
1405 struct command *cmd;
1406 struct strbuf err = STRBUF_INIT;
1407 const char *reported_error = "atomic push failure";
1408 transaction = ref_transaction_begin(&err);
1410 if (!transaction) {
1411 rp_error("%s", err.buf);
1412 strbuf_reset(&err);
1413 reported_error = "transaction failed to start";
1414 goto failure;
1415 }
1416 for (cmd = commands; cmd; cmd = cmd->next) {
1418 if (!should_process_cmd(cmd))
1419 continue;
1420 cmd->error_string = update(cmd, si);
1422 if (cmd->error_string)
1424 goto failure;
1425 }
1426 if (ref_transaction_commit(transaction, &err)) {
1428 rp_error("%s", err.buf);
1429 reported_error = "atomic transaction failed";
1430 goto failure;
1431 }
1432 goto cleanup;
1433failure:
1435 for (cmd = commands; cmd; cmd = cmd->next)
1436 if (!cmd->error_string)
1437 cmd->error_string = reported_error;
1438cleanup:
1440 ref_transaction_free(transaction);
1441 strbuf_release(&err);
1442}
1443static void execute_commands(struct command *commands,
1445 const char *unpacker_error,
1446 struct shallow_info *si,
1447 const struct string_list *push_options)
1448{
1449 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1450 struct command *cmd;
1451 struct iterate_data data;
1452 struct async muxer;
1453 int err_fd = 0;
1454 if (unpacker_error) {
1456 for (cmd = commands; cmd; cmd = cmd->next)
1457 cmd->error_string = "unpacker error";
1458 return;
1459 }
1460 if (use_sideband) {
1462 memset(&muxer, 0, sizeof(muxer));
1463 muxer.proc = copy_to_sideband;
1464 muxer.in = -1;
1465 if (!start_async(&muxer))
1466 err_fd = muxer.in;
1467 /* ...else, continue without relaying sideband */
1468 }
1469 data.cmds = commands;
1471 data.si = si;
1472 opt.err_fd = err_fd;
1473 opt.progress = err_fd && !quiet;
1474 opt.env = tmp_objdir_env(tmp_objdir);
1475 if (check_connected(iterate_receive_command_list, &data, &opt))
1476 set_connectivity_errors(commands, si);
1477 if (use_sideband)
1479 finish_async(&muxer);
1480 reject_updates_to_hidden(commands);
1482 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1484 for (cmd = commands; cmd; cmd = cmd->next) {
1485 if (!cmd->error_string)
1486 cmd->error_string = "pre-receive hook declined";
1487 }
1488 return;
1489 }
1490 /*
1492 * Now we'll start writing out refs, which means the objects need
1493 * to be in their final positions so that other processes can see them.
1494 */
1495 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1496 for (cmd = commands; cmd; cmd = cmd->next) {
1497 if (!cmd->error_string)
1498 cmd->error_string = "unable to migrate objects to permanent storage";
1499 }
1500 return;
1501 }
1502 tmp_objdir = NULL;
1503 check_aliased_updates(commands);
1505 free(head_name_to_free);
1507 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1508 if (use_atomic)
1510 execute_commands_atomic(commands, si);
1511 else
1512 execute_commands_non_atomic(commands, si);
1513 if (shallow_update)
1515 warn_if_skipped_connectivity_check(commands, si);
1516}
1517static struct command **queue_command(struct command **tail,
1519 const char *line,
1520 int linelen)
1521{
1522 struct object_id old_oid, new_oid;
1523 struct command *cmd;
1524 const char *refname;
1525 int reflen;
1526 const char *p;
1527 if (parse_oid_hex(line, &old_oid, &p) ||
1529 *p++ != ' ' ||
1530 parse_oid_hex(p, &new_oid, &p) ||
1531 *p++ != ' ')
1532 die("protocol error: expected old/new/ref, got '%s'", line);
1533 refname = p;
1535 reflen = linelen - (p - line);
1536 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1537 oidcpy(&cmd->old_oid, &old_oid);
1538 oidcpy(&cmd->new_oid, &new_oid);
1539 *tail = cmd;
1540 return &cmd->next;
1541}
1542static void queue_commands_from_cert(struct command **tail,
1544 struct strbuf *push_cert)
1545{
1546 const char *boc, *eoc;
1547 if (*tail)
1549 die("protocol error: got both push certificate and unsigned commands");
1550 boc = strstr(push_cert->buf, "\n\n");
1552 if (!boc)
1553 die("malformed push certificate %.*s", 100, push_cert->buf);
1554 else
1555 boc += 2;
1556 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1557 while (boc < eoc) {
1559 const char *eol = memchr(boc, '\n', eoc - boc);
1560 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1561 boc = eol ? eol + 1 : eoc;
1562 }
1563}
1564static struct command *read_head_info(struct oid_array *shallow)
1566{
1567 struct command *commands = NULL;
1568 struct command **p = &commands;
1569 for (;;) {
1570 char *line;
1571 int len, linelen;
1572 line = packet_read_line(0, &len);
1574 if (!line)
1575 break;
1576 if (len > 8 && starts_with(line, "shallow ")) {
1578 struct object_id oid;
1579 if (get_oid_hex(line + 8, &oid))
1580 die("protocol error: expected shallow sha, got '%s'",
1581 line + 8);
1582 oid_array_append(shallow, &oid);
1583 continue;
1584 }
1585 linelen = strlen(line);
1587 if (linelen < len) {
1588 const char *feature_list = line + linelen + 1;
1589 if (parse_feature_request(feature_list, "report-status"))
1590 report_status = 1;
1591 if (parse_feature_request(feature_list, "side-band-64k"))
1592 use_sideband = LARGE_PACKET_MAX;
1593 if (parse_feature_request(feature_list, "quiet"))
1594 quiet = 1;
1595 if (advertise_atomic_push
1596 && parse_feature_request(feature_list, "atomic"))
1597 use_atomic = 1;
1598 if (advertise_push_options
1599 && parse_feature_request(feature_list, "push-options"))
1600 use_push_options = 1;
1601 }
1602 if (!strcmp(line, "push-cert")) {
1604 int true_flush = 0;
1605 char certbuf[1024];
1606 for (;;) {
1608 len = packet_read(0, NULL, NULL,
1609 certbuf, sizeof(certbuf), 0);
1610 if (!len) {
1611 true_flush = 1;
1612 break;
1613 }
1614 if (!strcmp(certbuf, "push-cert-end\n"))
1615 break; /* end of cert */
1616 strbuf_addstr(&push_cert, certbuf);
1617 }
1618 if (true_flush)
1620 break;
1621 continue;
1622 }
1623 p = queue_command(p, line, linelen);
1625 }
1626 if (push_cert.len)
1628 queue_commands_from_cert(p, &push_cert);
1629 return commands;
1631}
1632static void read_push_options(struct string_list *options)
1634{
1635 while (1) {
1636 char *line;
1637 int len;
1638 line = packet_read_line(0, &len);
1640 if (!line)
1642 break;
1643 string_list_append(options, line);
1645 }
1646}
1647static const char *parse_pack_header(struct pack_header *hdr)
1649{
1650 switch (read_pack_header(0, hdr)) {
1651 case PH_ERROR_EOF:
1652 return "eof before pack header was fully read";
1653 case PH_ERROR_PACK_SIGNATURE:
1655 return "protocol error (pack signature mismatch detected)";
1656 case PH_ERROR_PROTOCOL:
1658 return "protocol error (pack version unsupported)";
1659 default:
1661 return "unknown error in parse_pack_header";
1662 case 0:
1664 return NULL;
1665 }
1666}
1667static const char *pack_lockfile;
1669static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1671{
1672 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1673 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1674}
1675static const char *unpack(int err_fd, struct shallow_info *si)
1677{
1678 struct pack_header hdr;
1679 const char *hdr_err;
1680 int status;
1681 struct child_process child = CHILD_PROCESS_INIT;
1682 int fsck_objects = (receive_fsck_objects >= 0
1683 ? receive_fsck_objects
1684 : transfer_fsck_objects >= 0
1685 ? transfer_fsck_objects
1686 : 0);
1687 hdr_err = parse_pack_header(&hdr);
1689 if (hdr_err) {
1690 if (err_fd > 0)
1691 close(err_fd);
1692 return hdr_err;
1693 }
1694 if (si->nr_ours || si->nr_theirs) {
1696 alt_shallow_file = setup_temporary_shallow(si->shallow);
1697 argv_array_push(&child.args, "--shallow-file");
1698 argv_array_push(&child.args, alt_shallow_file);
1699 }
1700 tmp_objdir = tmp_objdir_create();
1702 if (!tmp_objdir) {
1703 if (err_fd > 0)
1704 close(err_fd);
1705 return "unable to create temporary object directory";
1706 }
1707 child.env = tmp_objdir_env(tmp_objdir);
1708 /*
1710 * Normally we just pass the tmp_objdir environment to the child
1711 * processes that do the heavy lifting, but we may need to see these
1712 * objects ourselves to set up shallow information.
1713 */
1714 tmp_objdir_add_as_alternate(tmp_objdir);
1715 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1717 argv_array_push(&child.args, "unpack-objects");
1718 push_header_arg(&child.args, &hdr);
1719 if (quiet)
1720 argv_array_push(&child.args, "-q");
1721 if (fsck_objects)
1722 argv_array_pushf(&child.args, "--strict%s",
1723 fsck_msg_types.buf);
1724 if (max_input_size)
1725 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1726 (uintmax_t)max_input_size);
1727 child.no_stdout = 1;
1728 child.err = err_fd;
1729 child.git_cmd = 1;
1730 status = run_command(&child);
1731 if (status)
1732 return "unpack-objects abnormal exit";
1733 } else {
1734 char hostname[HOST_NAME_MAX + 1];
1735 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1737 push_header_arg(&child.args, &hdr);
1738 if (xgethostname(hostname, sizeof(hostname)))
1740 xsnprintf(hostname, sizeof(hostname), "localhost");
1741 argv_array_pushf(&child.args,
1742 "--keep=receive-pack %"PRIuMAX" on %s",
1743 (uintmax_t)getpid(),
1744 hostname);
1745 if (!quiet && err_fd)
1747 argv_array_push(&child.args, "--show-resolving-progress");
1748 if (use_sideband)
1749 argv_array_push(&child.args, "--report-end-of-input");
1750 if (fsck_objects)
1751 argv_array_pushf(&child.args, "--strict%s",
1752 fsck_msg_types.buf);
1753 if (!reject_thin)
1754 argv_array_push(&child.args, "--fix-thin");
1755 if (max_input_size)
1756 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1757 (uintmax_t)max_input_size);
1758 child.out = -1;
1759 child.err = err_fd;
1760 child.git_cmd = 1;
1761 status = start_command(&child);
1762 if (status)
1763 return "index-pack fork failed";
1764 pack_lockfile = index_pack_lockfile(child.out);
1765 close(child.out);
1766 status = finish_command(&child);
1767 if (status)
1768 return "index-pack abnormal exit";
1769 reprepare_packed_git(the_repository);
1770 }
1771 return NULL;
1772}
1773static const char *unpack_with_sideband(struct shallow_info *si)
1775{
1776 struct async muxer;
1777 const char *ret;
1778 if (!use_sideband)
1780 return unpack(0, si);
1781 use_keepalive = KEEPALIVE_AFTER_NUL;
1783 memset(&muxer, 0, sizeof(muxer));
1784 muxer.proc = copy_to_sideband;
1785 muxer.in = -1;
1786 if (start_async(&muxer))
1787 return NULL;
1788 ret = unpack(muxer.in, si);
1790 finish_async(&muxer);
1792 return ret;
1793}
1794static void prepare_shallow_update(struct command *commands,
1796 struct shallow_info *si)
1797{
1798 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1799 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1801 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1802 si->need_reachability_test =
1804 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1805 si->reachable =
1806 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1807 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1808 for (i = 0; i < si->nr_ours; i++)
1810 si->need_reachability_test[si->ours[i]] = 1;
1811 for (i = 0; i < si->shallow->nr; i++) {
1813 if (!si->used_shallow[i])
1814 continue;
1815 for (j = 0; j < bitmap_size; j++) {
1816 if (!si->used_shallow[i][j])
1817 continue;
1818 si->need_reachability_test[i]++;
1819 for (k = 0; k < 32; k++)
1820 if (si->used_shallow[i][j] & (1U << k))
1821 si->shallow_ref[j * 32 + k]++;
1822 }
1823 /*
1825 * true for those associated with some refs and belong
1826 * in "ours" list aka "step 7 not done yet"
1827 */
1828 si->need_reachability_test[i] =
1829 si->need_reachability_test[i] > 1;
1830 }
1831 /*
1833 * keep hooks happy by forcing a temporary shallow file via
1834 * env variable because we can't add --shallow-file to every
1835 * command. check_everything_connected() will be done with
1836 * true .git/shallow though.
1837 */
1838 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1839}
1840static void update_shallow_info(struct command *commands,
1842 struct shallow_info *si,
1843 struct oid_array *ref)
1844{
1845 struct command *cmd;
1846 int *ref_status;
1847 remove_nonexistent_theirs_shallow(si);
1848 if (!si->nr_ours && !si->nr_theirs) {
1849 shallow_update = 0;
1850 return;
1851 }
1852 for (cmd = commands; cmd; cmd = cmd->next) {
1854 if (is_null_oid(&cmd->new_oid))
1855 continue;
1856 oid_array_append(ref, &cmd->new_oid);
1857 cmd->index = ref->nr - 1;
1858 }
1859 si->ref = ref;
1860 if (shallow_update) {
1862 prepare_shallow_update(commands, si);
1863 return;
1864 }
1865 ALLOC_ARRAY(ref_status, ref->nr);
1867 assign_shallow_commits_to_refs(si, NULL, ref_status);
1868 for (cmd = commands; cmd; cmd = cmd->next) {
1869 if (is_null_oid(&cmd->new_oid))
1870 continue;
1871 if (ref_status[cmd->index]) {
1872 cmd->error_string = "shallow update not allowed";
1873 cmd->skip_update = 1;
1874 }
1875 }
1876 free(ref_status);
1877}
1878static void report(struct command *commands, const char *unpack_status)
1880{
1881 struct command *cmd;
1882 struct strbuf buf = STRBUF_INIT;
1883 packet_buf_write(&buf, "unpack %s\n",
1885 unpack_status ? unpack_status : "ok");
1886 for (cmd = commands; cmd; cmd = cmd->next) {
1887 if (!cmd->error_string)
1888 packet_buf_write(&buf, "ok %s\n",
1889 cmd->ref_name);
1890 else
1891 packet_buf_write(&buf, "ng %s %s\n",
1892 cmd->ref_name, cmd->error_string);
1893 }
1894 packet_buf_flush(&buf);
1895 if (use_sideband)
1897 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1898 else
1899 write_or_die(1, buf.buf, buf.len);
1900 strbuf_release(&buf);
1901}
1902static int delete_only(struct command *commands)
1904{
1905 struct command *cmd;
1906 for (cmd = commands; cmd; cmd = cmd->next) {
1907 if (!is_null_oid(&cmd->new_oid))
1908 return 0;
1909 }
1910 return 1;
1911}
1912int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1914{
1915 int advertise_refs = 0;
1916 struct command *commands;
1917 struct oid_array shallow = OID_ARRAY_INIT;
1918 struct oid_array ref = OID_ARRAY_INIT;
1919 struct shallow_info si;
1920 struct option options[] = {
1922 OPT__QUIET(&quiet, N_("quiet")),
1923 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1924 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1925 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1926 OPT_END()
1927 };
1928 packet_trace_identity("receive-pack");
1930 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1932 if (argc > 1)
1934 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1935 if (argc == 0)
1936 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1937 service_dir = argv[0];
1939 setup_path();
1941 if (!enter_repo(service_dir, 0))
1943 die("'%s' does not appear to be a git repository", service_dir);
1944 git_config(receive_pack_config, NULL);
1946 if (cert_nonce_seed)
1947 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1948 if (0 <= transfer_unpack_limit)
1950 unpack_limit = transfer_unpack_limit;
1951 else if (0 <= receive_unpack_limit)
1952 unpack_limit = receive_unpack_limit;
1953 switch (determine_protocol_version_server()) {
1955 case protocol_v2:
1956 /*
1957 * push support for protocol v2 has not been implemented yet,
1958 * so ignore the request to use v2 and fallback to using v0.
1959 */
1960 break;
1961 case protocol_v1:
1962 /*
1963 * v1 is just the original protocol with a version string,
1964 * so just fall through after writing the version string.
1965 */
1966 if (advertise_refs || !stateless_rpc)
1967 packet_write_fmt(1, "version 1\n");
1968 /* fallthrough */
1970 case protocol_v0:
1971 break;
1972 case protocol_unknown_version:
1973 BUG("unknown protocol version");
1974 }
1975 if (advertise_refs || !stateless_rpc) {
1977 write_head_info();
1978 }
1979 if (advertise_refs)
1980 return 0;
1981 if ((commands = read_head_info(&shallow)) != NULL) {
1983 const char *unpack_status = NULL;
1984 struct string_list push_options = STRING_LIST_INIT_DUP;
1985 if (use_push_options)
1987 read_push_options(&push_options);
1988 if (!check_cert_push_options(&push_options)) {
1989 struct command *cmd;
1990 for (cmd = commands; cmd; cmd = cmd->next)
1991 cmd->error_string = "inconsistent push options";
1992 }
1993 prepare_shallow_info(&si, &shallow);
1995 if (!si.nr_ours && !si.nr_theirs)
1996 shallow_update = 0;
1997 if (!delete_only(commands)) {
1998 unpack_status = unpack_with_sideband(&si);
1999 update_shallow_info(commands, &si, &ref);
2000 }
2001 use_keepalive = KEEPALIVE_ALWAYS;
2002 execute_commands(commands, unpack_status, &si,
2003 &push_options);
2004 if (pack_lockfile)
2005 unlink_or_warn(pack_lockfile);
2006 if (report_status)
2007 report(commands, unpack_status);
2008 run_receive_hook(commands, "post-receive", 1,
2009 &push_options);
2010 run_update_post_hook(commands);
2011 string_list_clear(&push_options, 0);
2012 if (auto_gc) {
2013 const char *argv_gc_auto[] = {
2014 "gc", "--auto", "--quiet", NULL,
2015 };
2016 struct child_process proc = CHILD_PROCESS_INIT;
2017 proc.no_stdin = 1;
2019 proc.stdout_to_stderr = 1;
2020 proc.err = use_sideband ? -1 : 0;
2021 proc.git_cmd = 1;
2022 proc.argv = argv_gc_auto;
2023 close_all_packs(the_repository->objects);
2025 if (!start_command(&proc)) {
2026 if (use_sideband)
2027 copy_to_sideband(proc.err, -1, NULL);
2028 finish_command(&proc);
2029 }
2030 }
2031 if (auto_update_server_info)
2032 update_server_info(0);
2033 clear_shallow_info(&si);
2034 }
2035 if (use_sideband)
2036 packet_flush(1);
2037 oid_array_clear(&shallow);
2038 oid_array_clear(&ref);
2039 free((void *)push_cert_nonce);
2040 return 0;
2041}