1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23
24static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
27};
28
29enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
35};
36
37static int deny_deletes;
38static int deny_non_fast_forwards;
39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41static int receive_fsck_objects = -1;
42static int transfer_fsck_objects = -1;
43static struct strbuf fsck_msg_types = STRBUF_INIT;
44static int receive_unpack_limit = -1;
45static int transfer_unpack_limit = -1;
46static int advertise_atomic_push = 1;
47static int unpack_limit = 100;
48static int report_status;
49static int use_sideband;
50static int use_atomic;
51static int quiet;
52static int prefer_ofs_delta = 1;
53static int auto_update_server_info;
54static int auto_gc = 1;
55static int reject_thin;
56static int stateless_rpc;
57static const char *service_dir;
58static const char *head_name;
59static void *head_name_to_free;
60static int sent_capabilities;
61static int shallow_update;
62static const char *alt_shallow_file;
63static struct strbuf push_cert = STRBUF_INIT;
64static unsigned char push_cert_sha1[20];
65static struct signature_check sigcheck;
66static const char *push_cert_nonce;
67static const char *cert_nonce_seed;
68
69static const char *NONCE_UNSOLICITED = "UNSOLICITED";
70static const char *NONCE_BAD = "BAD";
71static const char *NONCE_MISSING = "MISSING";
72static const char *NONCE_OK = "OK";
73static const char *NONCE_SLOP = "SLOP";
74static const char *nonce_status;
75static long nonce_stamp_slop;
76static unsigned long nonce_stamp_slop_limit;
77static struct ref_transaction *transaction;
78
79static enum deny_action parse_deny_action(const char *var, const char *value)
80{
81 if (value) {
82 if (!strcasecmp(value, "ignore"))
83 return DENY_IGNORE;
84 if (!strcasecmp(value, "warn"))
85 return DENY_WARN;
86 if (!strcasecmp(value, "refuse"))
87 return DENY_REFUSE;
88 if (!strcasecmp(value, "updateinstead"))
89 return DENY_UPDATE_INSTEAD;
90 }
91 if (git_config_bool(var, value))
92 return DENY_REFUSE;
93 return DENY_IGNORE;
94}
95
96static int receive_pack_config(const char *var, const char *value, void *cb)
97{
98 int status = parse_hide_refs_config(var, value, "receive");
99
100 if (status)
101 return status;
102
103 if (strcmp(var, "receive.denydeletes") == 0) {
104 deny_deletes = git_config_bool(var, value);
105 return 0;
106 }
107
108 if (strcmp(var, "receive.denynonfastforwards") == 0) {
109 deny_non_fast_forwards = git_config_bool(var, value);
110 return 0;
111 }
112
113 if (strcmp(var, "receive.unpacklimit") == 0) {
114 receive_unpack_limit = git_config_int(var, value);
115 return 0;
116 }
117
118 if (strcmp(var, "transfer.unpacklimit") == 0) {
119 transfer_unpack_limit = git_config_int(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "receive.fsck.skiplist") == 0) {
124 const char *path;
125
126 if (git_config_pathname(&path, var, value))
127 return 1;
128 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
129 fsck_msg_types.len ? ',' : '=', path);
130 free((char *)path);
131 return 0;
132 }
133
134 if (skip_prefix(var, "receive.fsck.", &var)) {
135 if (is_valid_msg_type(var, value))
136 strbuf_addf(&fsck_msg_types, "%c%s=%s",
137 fsck_msg_types.len ? ',' : '=', var, value);
138 else
139 warning("Skipping unknown msg id '%s'", var);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsckobjects") == 0) {
144 receive_fsck_objects = git_config_bool(var, value);
145 return 0;
146 }
147
148 if (strcmp(var, "transfer.fsckobjects") == 0) {
149 transfer_fsck_objects = git_config_bool(var, value);
150 return 0;
151 }
152
153 if (!strcmp(var, "receive.denycurrentbranch")) {
154 deny_current_branch = parse_deny_action(var, value);
155 return 0;
156 }
157
158 if (strcmp(var, "receive.denydeletecurrent") == 0) {
159 deny_delete_current = parse_deny_action(var, value);
160 return 0;
161 }
162
163 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
164 prefer_ofs_delta = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "receive.updateserverinfo") == 0) {
169 auto_update_server_info = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (strcmp(var, "receive.autogc") == 0) {
174 auto_gc = git_config_bool(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.shallowupdate") == 0) {
179 shallow_update = git_config_bool(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "receive.certnonceseed") == 0)
184 return git_config_string(&cert_nonce_seed, var, value);
185
186 if (strcmp(var, "receive.certnonceslop") == 0) {
187 nonce_stamp_slop_limit = git_config_ulong(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.advertiseatomic") == 0) {
192 advertise_atomic_push = git_config_bool(var, value);
193 return 0;
194 }
195
196 return git_default_config(var, value, cb);
197}
198
199static void show_ref(const char *path, const unsigned char *sha1)
200{
201 if (sent_capabilities) {
202 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
203 } else {
204 struct strbuf cap = STRBUF_INIT;
205
206 strbuf_addstr(&cap,
207 "report-status delete-refs side-band-64k quiet");
208 if (advertise_atomic_push)
209 strbuf_addstr(&cap, " atomic");
210 if (prefer_ofs_delta)
211 strbuf_addstr(&cap, " ofs-delta");
212 if (push_cert_nonce)
213 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
214 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
215 packet_write(1, "%s %s%c%s\n",
216 sha1_to_hex(sha1), path, 0, cap.buf);
217 strbuf_release(&cap);
218 sent_capabilities = 1;
219 }
220}
221
222static int show_ref_cb(const char *path_full, const struct object_id *oid,
223 int flag, void *unused)
224{
225 const char *path = strip_namespace(path_full);
226
227 if (ref_is_hidden(path, path_full))
228 return 0;
229
230 /*
231 * Advertise refs outside our current namespace as ".have"
232 * refs, so that the client can use them to minimize data
233 * transfer but will otherwise ignore them. This happens to
234 * cover ".have" that are thrown in by add_one_alternate_ref()
235 * to mark histories that are complete in our alternates as
236 * well.
237 */
238 if (!path)
239 path = ".have";
240 show_ref(path, oid->hash);
241 return 0;
242}
243
244static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
245{
246 show_ref(".have", sha1);
247}
248
249static void collect_one_alternate_ref(const struct ref *ref, void *data)
250{
251 struct sha1_array *sa = data;
252 sha1_array_append(sa, ref->old_oid.hash);
253}
254
255static void write_head_info(void)
256{
257 struct sha1_array sa = SHA1_ARRAY_INIT;
258
259 for_each_alternate_ref(collect_one_alternate_ref, &sa);
260 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
261 sha1_array_clear(&sa);
262 for_each_ref(show_ref_cb, NULL);
263 if (!sent_capabilities)
264 show_ref("capabilities^{}", null_sha1);
265
266 advertise_shallow_grafts(1);
267
268 /* EOF */
269 packet_flush(1);
270}
271
272struct command {
273 struct command *next;
274 const char *error_string;
275 unsigned int skip_update:1,
276 did_not_exist:1;
277 int index;
278 unsigned char old_sha1[20];
279 unsigned char new_sha1[20];
280 char ref_name[FLEX_ARRAY]; /* more */
281};
282
283static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
284static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
285
286static void report_message(const char *prefix, const char *err, va_list params)
287{
288 int sz;
289 char msg[4096];
290
291 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
292 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
293 if (sz > (sizeof(msg) - 1))
294 sz = sizeof(msg) - 1;
295 msg[sz++] = '\n';
296
297 if (use_sideband)
298 send_sideband(1, 2, msg, sz, use_sideband);
299 else
300 xwrite(2, msg, sz);
301}
302
303static void rp_warning(const char *err, ...)
304{
305 va_list params;
306 va_start(params, err);
307 report_message("warning: ", err, params);
308 va_end(params);
309}
310
311static void rp_error(const char *err, ...)
312{
313 va_list params;
314 va_start(params, err);
315 report_message("error: ", err, params);
316 va_end(params);
317}
318
319static int copy_to_sideband(int in, int out, void *arg)
320{
321 char data[128];
322 while (1) {
323 ssize_t sz = xread(in, data, sizeof(data));
324 if (sz <= 0)
325 break;
326 send_sideband(1, 2, data, sz, use_sideband);
327 }
328 close(in);
329 return 0;
330}
331
332#define HMAC_BLOCK_SIZE 64
333
334static void hmac_sha1(unsigned char *out,
335 const char *key_in, size_t key_len,
336 const char *text, size_t text_len)
337{
338 unsigned char key[HMAC_BLOCK_SIZE];
339 unsigned char k_ipad[HMAC_BLOCK_SIZE];
340 unsigned char k_opad[HMAC_BLOCK_SIZE];
341 int i;
342 git_SHA_CTX ctx;
343
344 /* RFC 2104 2. (1) */
345 memset(key, '\0', HMAC_BLOCK_SIZE);
346 if (HMAC_BLOCK_SIZE < key_len) {
347 git_SHA1_Init(&ctx);
348 git_SHA1_Update(&ctx, key_in, key_len);
349 git_SHA1_Final(key, &ctx);
350 } else {
351 memcpy(key, key_in, key_len);
352 }
353
354 /* RFC 2104 2. (2) & (5) */
355 for (i = 0; i < sizeof(key); i++) {
356 k_ipad[i] = key[i] ^ 0x36;
357 k_opad[i] = key[i] ^ 0x5c;
358 }
359
360 /* RFC 2104 2. (3) & (4) */
361 git_SHA1_Init(&ctx);
362 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
363 git_SHA1_Update(&ctx, text, text_len);
364 git_SHA1_Final(out, &ctx);
365
366 /* RFC 2104 2. (6) & (7) */
367 git_SHA1_Init(&ctx);
368 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
369 git_SHA1_Update(&ctx, out, 20);
370 git_SHA1_Final(out, &ctx);
371}
372
373static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
374{
375 struct strbuf buf = STRBUF_INIT;
376 unsigned char sha1[20];
377
378 strbuf_addf(&buf, "%s:%lu", path, stamp);
379 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
380 strbuf_release(&buf);
381
382 /* RFC 2104 5. HMAC-SHA1-80 */
383 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
384 return strbuf_detach(&buf, NULL);
385}
386
387/*
388 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
389 * after dropping "_commit" from its name and possibly moving it out
390 * of commit.c
391 */
392static char *find_header(const char *msg, size_t len, const char *key)
393{
394 int key_len = strlen(key);
395 const char *line = msg;
396
397 while (line && line < msg + len) {
398 const char *eol = strchrnul(line, '\n');
399
400 if ((msg + len <= eol) || line == eol)
401 return NULL;
402 if (line + key_len < eol &&
403 !memcmp(line, key, key_len) && line[key_len] == ' ') {
404 int offset = key_len + 1;
405 return xmemdupz(line + offset, (eol - line) - offset);
406 }
407 line = *eol ? eol + 1 : NULL;
408 }
409 return NULL;
410}
411
412static const char *check_nonce(const char *buf, size_t len)
413{
414 char *nonce = find_header(buf, len, "nonce");
415 unsigned long stamp, ostamp;
416 char *bohmac, *expect = NULL;
417 const char *retval = NONCE_BAD;
418
419 if (!nonce) {
420 retval = NONCE_MISSING;
421 goto leave;
422 } else if (!push_cert_nonce) {
423 retval = NONCE_UNSOLICITED;
424 goto leave;
425 } else if (!strcmp(push_cert_nonce, nonce)) {
426 retval = NONCE_OK;
427 goto leave;
428 }
429
430 if (!stateless_rpc) {
431 /* returned nonce MUST match what we gave out earlier */
432 retval = NONCE_BAD;
433 goto leave;
434 }
435
436 /*
437 * In stateless mode, we may be receiving a nonce issued by
438 * another instance of the server that serving the same
439 * repository, and the timestamps may not match, but the
440 * nonce-seed and dir should match, so we can recompute and
441 * report the time slop.
442 *
443 * In addition, when a nonce issued by another instance has
444 * timestamp within receive.certnonceslop seconds, we pretend
445 * as if we issued that nonce when reporting to the hook.
446 */
447
448 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
449 if (*nonce <= '0' || '9' < *nonce) {
450 retval = NONCE_BAD;
451 goto leave;
452 }
453 stamp = strtoul(nonce, &bohmac, 10);
454 if (bohmac == nonce || bohmac[0] != '-') {
455 retval = NONCE_BAD;
456 goto leave;
457 }
458
459 expect = prepare_push_cert_nonce(service_dir, stamp);
460 if (strcmp(expect, nonce)) {
461 /* Not what we would have signed earlier */
462 retval = NONCE_BAD;
463 goto leave;
464 }
465
466 /*
467 * By how many seconds is this nonce stale? Negative value
468 * would mean it was issued by another server with its clock
469 * skewed in the future.
470 */
471 ostamp = strtoul(push_cert_nonce, NULL, 10);
472 nonce_stamp_slop = (long)ostamp - (long)stamp;
473
474 if (nonce_stamp_slop_limit &&
475 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
476 /*
477 * Pretend as if the received nonce (which passes the
478 * HMAC check, so it is not a forged by third-party)
479 * is what we issued.
480 */
481 free((void *)push_cert_nonce);
482 push_cert_nonce = xstrdup(nonce);
483 retval = NONCE_OK;
484 } else {
485 retval = NONCE_SLOP;
486 }
487
488leave:
489 free(nonce);
490 free(expect);
491 return retval;
492}
493
494static void prepare_push_cert_sha1(struct child_process *proc)
495{
496 static int already_done;
497
498 if (!push_cert.len)
499 return;
500
501 if (!already_done) {
502 struct strbuf gpg_output = STRBUF_INIT;
503 struct strbuf gpg_status = STRBUF_INIT;
504 int bogs /* beginning_of_gpg_sig */;
505
506 already_done = 1;
507 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
508 hashclr(push_cert_sha1);
509
510 memset(&sigcheck, '\0', sizeof(sigcheck));
511 sigcheck.result = 'N';
512
513 bogs = parse_signature(push_cert.buf, push_cert.len);
514 if (verify_signed_buffer(push_cert.buf, bogs,
515 push_cert.buf + bogs, push_cert.len - bogs,
516 &gpg_output, &gpg_status) < 0) {
517 ; /* error running gpg */
518 } else {
519 sigcheck.payload = push_cert.buf;
520 sigcheck.gpg_output = gpg_output.buf;
521 sigcheck.gpg_status = gpg_status.buf;
522 parse_gpg_output(&sigcheck);
523 }
524
525 strbuf_release(&gpg_output);
526 strbuf_release(&gpg_status);
527 nonce_status = check_nonce(push_cert.buf, bogs);
528 }
529 if (!is_null_sha1(push_cert_sha1)) {
530 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
531 sha1_to_hex(push_cert_sha1));
532 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
533 sigcheck.signer ? sigcheck.signer : "");
534 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
535 sigcheck.key ? sigcheck.key : "");
536 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
537 sigcheck.result);
538 if (push_cert_nonce) {
539 argv_array_pushf(&proc->env_array,
540 "GIT_PUSH_CERT_NONCE=%s",
541 push_cert_nonce);
542 argv_array_pushf(&proc->env_array,
543 "GIT_PUSH_CERT_NONCE_STATUS=%s",
544 nonce_status);
545 if (nonce_status == NONCE_SLOP)
546 argv_array_pushf(&proc->env_array,
547 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
548 nonce_stamp_slop);
549 }
550 }
551}
552
553typedef int (*feed_fn)(void *, const char **, size_t *);
554static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
555{
556 struct child_process proc = CHILD_PROCESS_INIT;
557 struct async muxer;
558 const char *argv[2];
559 int code;
560
561 argv[0] = find_hook(hook_name);
562 if (!argv[0])
563 return 0;
564
565 argv[1] = NULL;
566
567 proc.argv = argv;
568 proc.in = -1;
569 proc.stdout_to_stderr = 1;
570
571 if (use_sideband) {
572 memset(&muxer, 0, sizeof(muxer));
573 muxer.proc = copy_to_sideband;
574 muxer.in = -1;
575 code = start_async(&muxer);
576 if (code)
577 return code;
578 proc.err = muxer.in;
579 }
580
581 prepare_push_cert_sha1(&proc);
582
583 code = start_command(&proc);
584 if (code) {
585 if (use_sideband)
586 finish_async(&muxer);
587 return code;
588 }
589
590 sigchain_push(SIGPIPE, SIG_IGN);
591
592 while (1) {
593 const char *buf;
594 size_t n;
595 if (feed(feed_state, &buf, &n))
596 break;
597 if (write_in_full(proc.in, buf, n) != n)
598 break;
599 }
600 close(proc.in);
601 if (use_sideband)
602 finish_async(&muxer);
603
604 sigchain_pop(SIGPIPE);
605
606 return finish_command(&proc);
607}
608
609struct receive_hook_feed_state {
610 struct command *cmd;
611 int skip_broken;
612 struct strbuf buf;
613};
614
615static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
616{
617 struct receive_hook_feed_state *state = state_;
618 struct command *cmd = state->cmd;
619
620 while (cmd &&
621 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
622 cmd = cmd->next;
623 if (!cmd)
624 return -1; /* EOF */
625 strbuf_reset(&state->buf);
626 strbuf_addf(&state->buf, "%s %s %s\n",
627 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
628 cmd->ref_name);
629 state->cmd = cmd->next;
630 if (bufp) {
631 *bufp = state->buf.buf;
632 *sizep = state->buf.len;
633 }
634 return 0;
635}
636
637static int run_receive_hook(struct command *commands, const char *hook_name,
638 int skip_broken)
639{
640 struct receive_hook_feed_state state;
641 int status;
642
643 strbuf_init(&state.buf, 0);
644 state.cmd = commands;
645 state.skip_broken = skip_broken;
646 if (feed_receive_hook(&state, NULL, NULL))
647 return 0;
648 state.cmd = commands;
649 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
650 strbuf_release(&state.buf);
651 return status;
652}
653
654static int run_update_hook(struct command *cmd)
655{
656 const char *argv[5];
657 struct child_process proc = CHILD_PROCESS_INIT;
658 int code;
659
660 argv[0] = find_hook("update");
661 if (!argv[0])
662 return 0;
663
664 argv[1] = cmd->ref_name;
665 argv[2] = sha1_to_hex(cmd->old_sha1);
666 argv[3] = sha1_to_hex(cmd->new_sha1);
667 argv[4] = NULL;
668
669 proc.no_stdin = 1;
670 proc.stdout_to_stderr = 1;
671 proc.err = use_sideband ? -1 : 0;
672 proc.argv = argv;
673
674 code = start_command(&proc);
675 if (code)
676 return code;
677 if (use_sideband)
678 copy_to_sideband(proc.err, -1, NULL);
679 return finish_command(&proc);
680}
681
682static int is_ref_checked_out(const char *ref)
683{
684 if (is_bare_repository())
685 return 0;
686
687 if (!head_name)
688 return 0;
689 return !strcmp(head_name, ref);
690}
691
692static char *refuse_unconfigured_deny_msg[] = {
693 "By default, updating the current branch in a non-bare repository",
694 "is denied, because it will make the index and work tree inconsistent",
695 "with what you pushed, and will require 'git reset --hard' to match",
696 "the work tree to HEAD.",
697 "",
698 "You can set 'receive.denyCurrentBranch' configuration variable to",
699 "'ignore' or 'warn' in the remote repository to allow pushing into",
700 "its current branch; however, this is not recommended unless you",
701 "arranged to update its work tree to match what you pushed in some",
702 "other way.",
703 "",
704 "To squelch this message and still keep the default behaviour, set",
705 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
706};
707
708static void refuse_unconfigured_deny(void)
709{
710 int i;
711 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
712 rp_error("%s", refuse_unconfigured_deny_msg[i]);
713}
714
715static char *refuse_unconfigured_deny_delete_current_msg[] = {
716 "By default, deleting the current branch is denied, because the next",
717 "'git clone' won't result in any file checked out, causing confusion.",
718 "",
719 "You can set 'receive.denyDeleteCurrent' configuration variable to",
720 "'warn' or 'ignore' in the remote repository to allow deleting the",
721 "current branch, with or without a warning message.",
722 "",
723 "To squelch this message, you can set it to 'refuse'."
724};
725
726static void refuse_unconfigured_deny_delete_current(void)
727{
728 int i;
729 for (i = 0;
730 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
731 i++)
732 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
733}
734
735static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
736static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
737{
738 static struct lock_file shallow_lock;
739 struct sha1_array extra = SHA1_ARRAY_INIT;
740 const char *alt_file;
741 uint32_t mask = 1 << (cmd->index % 32);
742 int i;
743
744 trace_printf_key(&trace_shallow,
745 "shallow: update_shallow_ref %s\n", cmd->ref_name);
746 for (i = 0; i < si->shallow->nr; i++)
747 if (si->used_shallow[i] &&
748 (si->used_shallow[i][cmd->index / 32] & mask) &&
749 !delayed_reachability_test(si, i))
750 sha1_array_append(&extra, si->shallow->sha1[i]);
751
752 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
753 if (check_shallow_connected(command_singleton_iterator,
754 0, cmd, alt_file)) {
755 rollback_lock_file(&shallow_lock);
756 sha1_array_clear(&extra);
757 return -1;
758 }
759
760 commit_lock_file(&shallow_lock);
761
762 /*
763 * Make sure setup_alternate_shallow() for the next ref does
764 * not lose these new roots..
765 */
766 for (i = 0; i < extra.nr; i++)
767 register_shallow(extra.sha1[i]);
768
769 si->shallow_ref[cmd->index] = 0;
770 sha1_array_clear(&extra);
771 return 0;
772}
773
774/*
775 * NEEDSWORK: we should consolidate various implementions of "are we
776 * on an unborn branch?" test into one, and make the unified one more
777 * robust. !get_sha1() based check used here and elsewhere would not
778 * allow us to tell an unborn branch from corrupt ref, for example.
779 * For the purpose of fixing "deploy-to-update does not work when
780 * pushing into an empty repository" issue, this should suffice for
781 * now.
782 */
783static int head_has_history(void)
784{
785 unsigned char sha1[20];
786
787 return !get_sha1("HEAD", sha1);
788}
789
790static const char *push_to_deploy(unsigned char *sha1,
791 struct argv_array *env,
792 const char *work_tree)
793{
794 const char *update_refresh[] = {
795 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
796 };
797 const char *diff_files[] = {
798 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
799 };
800 const char *diff_index[] = {
801 "diff-index", "--quiet", "--cached", "--ignore-submodules",
802 NULL, "--", NULL
803 };
804 const char *read_tree[] = {
805 "read-tree", "-u", "-m", NULL, NULL
806 };
807 struct child_process child = CHILD_PROCESS_INIT;
808
809 child.argv = update_refresh;
810 child.env = env->argv;
811 child.dir = work_tree;
812 child.no_stdin = 1;
813 child.stdout_to_stderr = 1;
814 child.git_cmd = 1;
815 if (run_command(&child))
816 return "Up-to-date check failed";
817
818 /* run_command() does not clean up completely; reinitialize */
819 child_process_init(&child);
820 child.argv = diff_files;
821 child.env = env->argv;
822 child.dir = work_tree;
823 child.no_stdin = 1;
824 child.stdout_to_stderr = 1;
825 child.git_cmd = 1;
826 if (run_command(&child))
827 return "Working directory has unstaged changes";
828
829 /* diff-index with either HEAD or an empty tree */
830 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
831
832 child_process_init(&child);
833 child.argv = diff_index;
834 child.env = env->argv;
835 child.no_stdin = 1;
836 child.no_stdout = 1;
837 child.stdout_to_stderr = 0;
838 child.git_cmd = 1;
839 if (run_command(&child))
840 return "Working directory has staged changes";
841
842 read_tree[3] = sha1_to_hex(sha1);
843 child_process_init(&child);
844 child.argv = read_tree;
845 child.env = env->argv;
846 child.dir = work_tree;
847 child.no_stdin = 1;
848 child.no_stdout = 1;
849 child.stdout_to_stderr = 0;
850 child.git_cmd = 1;
851 if (run_command(&child))
852 return "Could not update working tree to new HEAD";
853
854 return NULL;
855}
856
857static const char *push_to_checkout_hook = "push-to-checkout";
858
859static const char *push_to_checkout(unsigned char *sha1,
860 struct argv_array *env,
861 const char *work_tree)
862{
863 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
864 if (run_hook_le(env->argv, push_to_checkout_hook,
865 sha1_to_hex(sha1), NULL))
866 return "push-to-checkout hook declined";
867 else
868 return NULL;
869}
870
871static const char *update_worktree(unsigned char *sha1)
872{
873 const char *retval;
874 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
875 struct argv_array env = ARGV_ARRAY_INIT;
876
877 if (is_bare_repository())
878 return "denyCurrentBranch = updateInstead needs a worktree";
879
880 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
881
882 if (!find_hook(push_to_checkout_hook))
883 retval = push_to_deploy(sha1, &env, work_tree);
884 else
885 retval = push_to_checkout(sha1, &env, work_tree);
886
887 argv_array_clear(&env);
888 return retval;
889}
890
891static const char *update(struct command *cmd, struct shallow_info *si)
892{
893 const char *name = cmd->ref_name;
894 struct strbuf namespaced_name_buf = STRBUF_INIT;
895 const char *namespaced_name, *ret;
896 unsigned char *old_sha1 = cmd->old_sha1;
897 unsigned char *new_sha1 = cmd->new_sha1;
898
899 /* only refs/... are allowed */
900 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
901 rp_error("refusing to create funny ref '%s' remotely", name);
902 return "funny refname";
903 }
904
905 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
906 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
907
908 if (is_ref_checked_out(namespaced_name)) {
909 switch (deny_current_branch) {
910 case DENY_IGNORE:
911 break;
912 case DENY_WARN:
913 rp_warning("updating the current branch");
914 break;
915 case DENY_REFUSE:
916 case DENY_UNCONFIGURED:
917 rp_error("refusing to update checked out branch: %s", name);
918 if (deny_current_branch == DENY_UNCONFIGURED)
919 refuse_unconfigured_deny();
920 return "branch is currently checked out";
921 case DENY_UPDATE_INSTEAD:
922 ret = update_worktree(new_sha1);
923 if (ret)
924 return ret;
925 break;
926 }
927 }
928
929 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
930 error("unpack should have generated %s, "
931 "but I can't find it!", sha1_to_hex(new_sha1));
932 return "bad pack";
933 }
934
935 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
936 if (deny_deletes && starts_with(name, "refs/heads/")) {
937 rp_error("denying ref deletion for %s", name);
938 return "deletion prohibited";
939 }
940
941 if (head_name && !strcmp(namespaced_name, head_name)) {
942 switch (deny_delete_current) {
943 case DENY_IGNORE:
944 break;
945 case DENY_WARN:
946 rp_warning("deleting the current branch");
947 break;
948 case DENY_REFUSE:
949 case DENY_UNCONFIGURED:
950 case DENY_UPDATE_INSTEAD:
951 if (deny_delete_current == DENY_UNCONFIGURED)
952 refuse_unconfigured_deny_delete_current();
953 rp_error("refusing to delete the current branch: %s", name);
954 return "deletion of the current branch prohibited";
955 default:
956 return "Invalid denyDeleteCurrent setting";
957 }
958 }
959 }
960
961 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
962 !is_null_sha1(old_sha1) &&
963 starts_with(name, "refs/heads/")) {
964 struct object *old_object, *new_object;
965 struct commit *old_commit, *new_commit;
966
967 old_object = parse_object(old_sha1);
968 new_object = parse_object(new_sha1);
969
970 if (!old_object || !new_object ||
971 old_object->type != OBJ_COMMIT ||
972 new_object->type != OBJ_COMMIT) {
973 error("bad sha1 objects for %s", name);
974 return "bad ref";
975 }
976 old_commit = (struct commit *)old_object;
977 new_commit = (struct commit *)new_object;
978 if (!in_merge_bases(old_commit, new_commit)) {
979 rp_error("denying non-fast-forward %s"
980 " (you should pull first)", name);
981 return "non-fast-forward";
982 }
983 }
984 if (run_update_hook(cmd)) {
985 rp_error("hook declined to update %s", name);
986 return "hook declined";
987 }
988
989 if (is_null_sha1(new_sha1)) {
990 struct strbuf err = STRBUF_INIT;
991 if (!parse_object(old_sha1)) {
992 old_sha1 = NULL;
993 if (ref_exists(name)) {
994 rp_warning("Allowing deletion of corrupt ref.");
995 } else {
996 rp_warning("Deleting a non-existent ref.");
997 cmd->did_not_exist = 1;
998 }
999 }
1000 if (ref_transaction_delete(transaction,
1001 namespaced_name,
1002 old_sha1,
1003 0, "push", &err)) {
1004 rp_error("%s", err.buf);
1005 strbuf_release(&err);
1006 return "failed to delete";
1007 }
1008 strbuf_release(&err);
1009 return NULL; /* good */
1010 }
1011 else {
1012 struct strbuf err = STRBUF_INIT;
1013 if (shallow_update && si->shallow_ref[cmd->index] &&
1014 update_shallow_ref(cmd, si))
1015 return "shallow error";
1016
1017 if (ref_transaction_update(transaction,
1018 namespaced_name,
1019 new_sha1, old_sha1,
1020 0, "push",
1021 &err)) {
1022 rp_error("%s", err.buf);
1023 strbuf_release(&err);
1024
1025 return "failed to update ref";
1026 }
1027 strbuf_release(&err);
1028
1029 return NULL; /* good */
1030 }
1031}
1032
1033static void run_update_post_hook(struct command *commands)
1034{
1035 struct command *cmd;
1036 int argc;
1037 struct child_process proc = CHILD_PROCESS_INIT;
1038 const char *hook;
1039
1040 hook = find_hook("post-update");
1041 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1042 if (cmd->error_string || cmd->did_not_exist)
1043 continue;
1044 argc++;
1045 }
1046 if (!argc || !hook)
1047 return;
1048
1049 argv_array_push(&proc.args, hook);
1050 for (cmd = commands; cmd; cmd = cmd->next) {
1051 if (cmd->error_string || cmd->did_not_exist)
1052 continue;
1053 argv_array_push(&proc.args, cmd->ref_name);
1054 }
1055
1056 proc.no_stdin = 1;
1057 proc.stdout_to_stderr = 1;
1058 proc.err = use_sideband ? -1 : 0;
1059
1060 if (!start_command(&proc)) {
1061 if (use_sideband)
1062 copy_to_sideband(proc.err, -1, NULL);
1063 finish_command(&proc);
1064 }
1065}
1066
1067static void check_aliased_update(struct command *cmd, struct string_list *list)
1068{
1069 struct strbuf buf = STRBUF_INIT;
1070 const char *dst_name;
1071 struct string_list_item *item;
1072 struct command *dst_cmd;
1073 unsigned char sha1[GIT_SHA1_RAWSZ];
1074 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1075 cmd_newh[GIT_SHA1_HEXSZ + 1],
1076 dst_oldh[GIT_SHA1_HEXSZ + 1],
1077 dst_newh[GIT_SHA1_HEXSZ + 1];
1078 int flag;
1079
1080 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1081 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1082 strbuf_release(&buf);
1083
1084 if (!(flag & REF_ISSYMREF))
1085 return;
1086
1087 if (!dst_name) {
1088 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1089 cmd->skip_update = 1;
1090 cmd->error_string = "broken symref";
1091 return;
1092 }
1093 dst_name = strip_namespace(dst_name);
1094
1095 if ((item = string_list_lookup(list, dst_name)) == NULL)
1096 return;
1097
1098 cmd->skip_update = 1;
1099
1100 dst_cmd = (struct command *) item->util;
1101
1102 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1103 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1104 return;
1105
1106 dst_cmd->skip_update = 1;
1107
1108 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1109 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1110 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1111 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1112 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1113 " its target '%s' (%s..%s)",
1114 cmd->ref_name, cmd_oldh, cmd_newh,
1115 dst_cmd->ref_name, dst_oldh, dst_newh);
1116
1117 cmd->error_string = dst_cmd->error_string =
1118 "inconsistent aliased update";
1119}
1120
1121static void check_aliased_updates(struct command *commands)
1122{
1123 struct command *cmd;
1124 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1125
1126 for (cmd = commands; cmd; cmd = cmd->next) {
1127 struct string_list_item *item =
1128 string_list_append(&ref_list, cmd->ref_name);
1129 item->util = (void *)cmd;
1130 }
1131 string_list_sort(&ref_list);
1132
1133 for (cmd = commands; cmd; cmd = cmd->next) {
1134 if (!cmd->error_string)
1135 check_aliased_update(cmd, &ref_list);
1136 }
1137
1138 string_list_clear(&ref_list, 0);
1139}
1140
1141static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1142{
1143 struct command **cmd_list = cb_data;
1144 struct command *cmd = *cmd_list;
1145
1146 if (!cmd || is_null_sha1(cmd->new_sha1))
1147 return -1; /* end of list */
1148 *cmd_list = NULL; /* this returns only one */
1149 hashcpy(sha1, cmd->new_sha1);
1150 return 0;
1151}
1152
1153static void set_connectivity_errors(struct command *commands,
1154 struct shallow_info *si)
1155{
1156 struct command *cmd;
1157
1158 for (cmd = commands; cmd; cmd = cmd->next) {
1159 struct command *singleton = cmd;
1160 if (shallow_update && si->shallow_ref[cmd->index])
1161 /* to be checked in update_shallow_ref() */
1162 continue;
1163 if (!check_everything_connected(command_singleton_iterator,
1164 0, &singleton))
1165 continue;
1166 cmd->error_string = "missing necessary objects";
1167 }
1168}
1169
1170struct iterate_data {
1171 struct command *cmds;
1172 struct shallow_info *si;
1173};
1174
1175static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1176{
1177 struct iterate_data *data = cb_data;
1178 struct command **cmd_list = &data->cmds;
1179 struct command *cmd = *cmd_list;
1180
1181 for (; cmd; cmd = cmd->next) {
1182 if (shallow_update && data->si->shallow_ref[cmd->index])
1183 /* to be checked in update_shallow_ref() */
1184 continue;
1185 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1186 hashcpy(sha1, cmd->new_sha1);
1187 *cmd_list = cmd->next;
1188 return 0;
1189 }
1190 }
1191 *cmd_list = NULL;
1192 return -1; /* end of list */
1193}
1194
1195static void reject_updates_to_hidden(struct command *commands)
1196{
1197 struct strbuf refname_full = STRBUF_INIT;
1198 size_t prefix_len;
1199 struct command *cmd;
1200
1201 strbuf_addstr(&refname_full, get_git_namespace());
1202 prefix_len = refname_full.len;
1203
1204 for (cmd = commands; cmd; cmd = cmd->next) {
1205 if (cmd->error_string)
1206 continue;
1207
1208 strbuf_setlen(&refname_full, prefix_len);
1209 strbuf_addstr(&refname_full, cmd->ref_name);
1210
1211 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1212 continue;
1213 if (is_null_sha1(cmd->new_sha1))
1214 cmd->error_string = "deny deleting a hidden ref";
1215 else
1216 cmd->error_string = "deny updating a hidden ref";
1217 }
1218
1219 strbuf_release(&refname_full);
1220}
1221
1222static int should_process_cmd(struct command *cmd)
1223{
1224 return !cmd->error_string && !cmd->skip_update;
1225}
1226
1227static void warn_if_skipped_connectivity_check(struct command *commands,
1228 struct shallow_info *si)
1229{
1230 struct command *cmd;
1231 int checked_connectivity = 1;
1232
1233 for (cmd = commands; cmd; cmd = cmd->next) {
1234 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1235 error("BUG: connectivity check has not been run on ref %s",
1236 cmd->ref_name);
1237 checked_connectivity = 0;
1238 }
1239 }
1240 if (!checked_connectivity)
1241 die("BUG: connectivity check skipped???");
1242}
1243
1244static void execute_commands_non_atomic(struct command *commands,
1245 struct shallow_info *si)
1246{
1247 struct command *cmd;
1248 struct strbuf err = STRBUF_INIT;
1249
1250 for (cmd = commands; cmd; cmd = cmd->next) {
1251 if (!should_process_cmd(cmd))
1252 continue;
1253
1254 transaction = ref_transaction_begin(&err);
1255 if (!transaction) {
1256 rp_error("%s", err.buf);
1257 strbuf_reset(&err);
1258 cmd->error_string = "transaction failed to start";
1259 continue;
1260 }
1261
1262 cmd->error_string = update(cmd, si);
1263
1264 if (!cmd->error_string
1265 && ref_transaction_commit(transaction, &err)) {
1266 rp_error("%s", err.buf);
1267 strbuf_reset(&err);
1268 cmd->error_string = "failed to update ref";
1269 }
1270 ref_transaction_free(transaction);
1271 }
1272 strbuf_release(&err);
1273}
1274
1275static void execute_commands_atomic(struct command *commands,
1276 struct shallow_info *si)
1277{
1278 struct command *cmd;
1279 struct strbuf err = STRBUF_INIT;
1280 const char *reported_error = "atomic push failure";
1281
1282 transaction = ref_transaction_begin(&err);
1283 if (!transaction) {
1284 rp_error("%s", err.buf);
1285 strbuf_reset(&err);
1286 reported_error = "transaction failed to start";
1287 goto failure;
1288 }
1289
1290 for (cmd = commands; cmd; cmd = cmd->next) {
1291 if (!should_process_cmd(cmd))
1292 continue;
1293
1294 cmd->error_string = update(cmd, si);
1295
1296 if (cmd->error_string)
1297 goto failure;
1298 }
1299
1300 if (ref_transaction_commit(transaction, &err)) {
1301 rp_error("%s", err.buf);
1302 reported_error = "atomic transaction failed";
1303 goto failure;
1304 }
1305 goto cleanup;
1306
1307failure:
1308 for (cmd = commands; cmd; cmd = cmd->next)
1309 if (!cmd->error_string)
1310 cmd->error_string = reported_error;
1311
1312cleanup:
1313 ref_transaction_free(transaction);
1314 strbuf_release(&err);
1315}
1316
1317static void execute_commands(struct command *commands,
1318 const char *unpacker_error,
1319 struct shallow_info *si)
1320{
1321 struct command *cmd;
1322 unsigned char sha1[20];
1323 struct iterate_data data;
1324
1325 if (unpacker_error) {
1326 for (cmd = commands; cmd; cmd = cmd->next)
1327 cmd->error_string = "unpacker error";
1328 return;
1329 }
1330
1331 data.cmds = commands;
1332 data.si = si;
1333 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1334 set_connectivity_errors(commands, si);
1335
1336 reject_updates_to_hidden(commands);
1337
1338 if (run_receive_hook(commands, "pre-receive", 0)) {
1339 for (cmd = commands; cmd; cmd = cmd->next) {
1340 if (!cmd->error_string)
1341 cmd->error_string = "pre-receive hook declined";
1342 }
1343 return;
1344 }
1345
1346 check_aliased_updates(commands);
1347
1348 free(head_name_to_free);
1349 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1350
1351 if (use_atomic)
1352 execute_commands_atomic(commands, si);
1353 else
1354 execute_commands_non_atomic(commands, si);
1355
1356 if (shallow_update)
1357 warn_if_skipped_connectivity_check(commands, si);
1358}
1359
1360static struct command **queue_command(struct command **tail,
1361 const char *line,
1362 int linelen)
1363{
1364 unsigned char old_sha1[20], new_sha1[20];
1365 struct command *cmd;
1366 const char *refname;
1367 int reflen;
1368
1369 if (linelen < 83 ||
1370 line[40] != ' ' ||
1371 line[81] != ' ' ||
1372 get_sha1_hex(line, old_sha1) ||
1373 get_sha1_hex(line + 41, new_sha1))
1374 die("protocol error: expected old/new/ref, got '%s'", line);
1375
1376 refname = line + 82;
1377 reflen = linelen - 82;
1378 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1379 hashcpy(cmd->old_sha1, old_sha1);
1380 hashcpy(cmd->new_sha1, new_sha1);
1381 *tail = cmd;
1382 return &cmd->next;
1383}
1384
1385static void queue_commands_from_cert(struct command **tail,
1386 struct strbuf *push_cert)
1387{
1388 const char *boc, *eoc;
1389
1390 if (*tail)
1391 die("protocol error: got both push certificate and unsigned commands");
1392
1393 boc = strstr(push_cert->buf, "\n\n");
1394 if (!boc)
1395 die("malformed push certificate %.*s", 100, push_cert->buf);
1396 else
1397 boc += 2;
1398 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1399
1400 while (boc < eoc) {
1401 const char *eol = memchr(boc, '\n', eoc - boc);
1402 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1403 boc = eol ? eol + 1 : eoc;
1404 }
1405}
1406
1407static struct command *read_head_info(struct sha1_array *shallow)
1408{
1409 struct command *commands = NULL;
1410 struct command **p = &commands;
1411 for (;;) {
1412 char *line;
1413 int len, linelen;
1414
1415 line = packet_read_line(0, &len);
1416 if (!line)
1417 break;
1418
1419 if (len == 48 && starts_with(line, "shallow ")) {
1420 unsigned char sha1[20];
1421 if (get_sha1_hex(line + 8, sha1))
1422 die("protocol error: expected shallow sha, got '%s'",
1423 line + 8);
1424 sha1_array_append(shallow, sha1);
1425 continue;
1426 }
1427
1428 linelen = strlen(line);
1429 if (linelen < len) {
1430 const char *feature_list = line + linelen + 1;
1431 if (parse_feature_request(feature_list, "report-status"))
1432 report_status = 1;
1433 if (parse_feature_request(feature_list, "side-band-64k"))
1434 use_sideband = LARGE_PACKET_MAX;
1435 if (parse_feature_request(feature_list, "quiet"))
1436 quiet = 1;
1437 if (advertise_atomic_push
1438 && parse_feature_request(feature_list, "atomic"))
1439 use_atomic = 1;
1440 }
1441
1442 if (!strcmp(line, "push-cert")) {
1443 int true_flush = 0;
1444 char certbuf[1024];
1445
1446 for (;;) {
1447 len = packet_read(0, NULL, NULL,
1448 certbuf, sizeof(certbuf), 0);
1449 if (!len) {
1450 true_flush = 1;
1451 break;
1452 }
1453 if (!strcmp(certbuf, "push-cert-end\n"))
1454 break; /* end of cert */
1455 strbuf_addstr(&push_cert, certbuf);
1456 }
1457
1458 if (true_flush)
1459 break;
1460 continue;
1461 }
1462
1463 p = queue_command(p, line, linelen);
1464 }
1465
1466 if (push_cert.len)
1467 queue_commands_from_cert(p, &push_cert);
1468
1469 return commands;
1470}
1471
1472static const char *parse_pack_header(struct pack_header *hdr)
1473{
1474 switch (read_pack_header(0, hdr)) {
1475 case PH_ERROR_EOF:
1476 return "eof before pack header was fully read";
1477
1478 case PH_ERROR_PACK_SIGNATURE:
1479 return "protocol error (pack signature mismatch detected)";
1480
1481 case PH_ERROR_PROTOCOL:
1482 return "protocol error (pack version unsupported)";
1483
1484 default:
1485 return "unknown error in parse_pack_header";
1486
1487 case 0:
1488 return NULL;
1489 }
1490}
1491
1492static const char *pack_lockfile;
1493
1494static const char *unpack(int err_fd, struct shallow_info *si)
1495{
1496 struct pack_header hdr;
1497 const char *hdr_err;
1498 int status;
1499 char hdr_arg[38];
1500 struct child_process child = CHILD_PROCESS_INIT;
1501 int fsck_objects = (receive_fsck_objects >= 0
1502 ? receive_fsck_objects
1503 : transfer_fsck_objects >= 0
1504 ? transfer_fsck_objects
1505 : 0);
1506
1507 hdr_err = parse_pack_header(&hdr);
1508 if (hdr_err) {
1509 if (err_fd > 0)
1510 close(err_fd);
1511 return hdr_err;
1512 }
1513 snprintf(hdr_arg, sizeof(hdr_arg),
1514 "--pack_header=%"PRIu32",%"PRIu32,
1515 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1516
1517 if (si->nr_ours || si->nr_theirs) {
1518 alt_shallow_file = setup_temporary_shallow(si->shallow);
1519 argv_array_push(&child.args, "--shallow-file");
1520 argv_array_push(&child.args, alt_shallow_file);
1521 }
1522
1523 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1524 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1525 if (quiet)
1526 argv_array_push(&child.args, "-q");
1527 if (fsck_objects)
1528 argv_array_pushf(&child.args, "--strict%s",
1529 fsck_msg_types.buf);
1530 child.no_stdout = 1;
1531 child.err = err_fd;
1532 child.git_cmd = 1;
1533 status = run_command(&child);
1534 if (status)
1535 return "unpack-objects abnormal exit";
1536 } else {
1537 char hostname[256];
1538
1539 argv_array_pushl(&child.args, "index-pack",
1540 "--stdin", hdr_arg, NULL);
1541
1542 if (gethostname(hostname, sizeof(hostname)))
1543 xsnprintf(hostname, sizeof(hostname), "localhost");
1544 argv_array_pushf(&child.args,
1545 "--keep=receive-pack %"PRIuMAX" on %s",
1546 (uintmax_t)getpid(),
1547 hostname);
1548
1549 if (fsck_objects)
1550 argv_array_pushf(&child.args, "--strict%s",
1551 fsck_msg_types.buf);
1552 if (!reject_thin)
1553 argv_array_push(&child.args, "--fix-thin");
1554 child.out = -1;
1555 child.err = err_fd;
1556 child.git_cmd = 1;
1557 status = start_command(&child);
1558 if (status)
1559 return "index-pack fork failed";
1560 pack_lockfile = index_pack_lockfile(child.out);
1561 close(child.out);
1562 status = finish_command(&child);
1563 if (status)
1564 return "index-pack abnormal exit";
1565 reprepare_packed_git();
1566 }
1567 return NULL;
1568}
1569
1570static const char *unpack_with_sideband(struct shallow_info *si)
1571{
1572 struct async muxer;
1573 const char *ret;
1574
1575 if (!use_sideband)
1576 return unpack(0, si);
1577
1578 memset(&muxer, 0, sizeof(muxer));
1579 muxer.proc = copy_to_sideband;
1580 muxer.in = -1;
1581 if (start_async(&muxer))
1582 return NULL;
1583
1584 ret = unpack(muxer.in, si);
1585
1586 finish_async(&muxer);
1587 return ret;
1588}
1589
1590static void prepare_shallow_update(struct command *commands,
1591 struct shallow_info *si)
1592{
1593 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1594
1595 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1596 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1597
1598 si->need_reachability_test =
1599 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1600 si->reachable =
1601 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1602 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1603
1604 for (i = 0; i < si->nr_ours; i++)
1605 si->need_reachability_test[si->ours[i]] = 1;
1606
1607 for (i = 0; i < si->shallow->nr; i++) {
1608 if (!si->used_shallow[i])
1609 continue;
1610 for (j = 0; j < bitmap_size; j++) {
1611 if (!si->used_shallow[i][j])
1612 continue;
1613 si->need_reachability_test[i]++;
1614 for (k = 0; k < 32; k++)
1615 if (si->used_shallow[i][j] & (1U << k))
1616 si->shallow_ref[j * 32 + k]++;
1617 }
1618
1619 /*
1620 * true for those associated with some refs and belong
1621 * in "ours" list aka "step 7 not done yet"
1622 */
1623 si->need_reachability_test[i] =
1624 si->need_reachability_test[i] > 1;
1625 }
1626
1627 /*
1628 * keep hooks happy by forcing a temporary shallow file via
1629 * env variable because we can't add --shallow-file to every
1630 * command. check_everything_connected() will be done with
1631 * true .git/shallow though.
1632 */
1633 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1634}
1635
1636static void update_shallow_info(struct command *commands,
1637 struct shallow_info *si,
1638 struct sha1_array *ref)
1639{
1640 struct command *cmd;
1641 int *ref_status;
1642 remove_nonexistent_theirs_shallow(si);
1643 if (!si->nr_ours && !si->nr_theirs) {
1644 shallow_update = 0;
1645 return;
1646 }
1647
1648 for (cmd = commands; cmd; cmd = cmd->next) {
1649 if (is_null_sha1(cmd->new_sha1))
1650 continue;
1651 sha1_array_append(ref, cmd->new_sha1);
1652 cmd->index = ref->nr - 1;
1653 }
1654 si->ref = ref;
1655
1656 if (shallow_update) {
1657 prepare_shallow_update(commands, si);
1658 return;
1659 }
1660
1661 ALLOC_ARRAY(ref_status, ref->nr);
1662 assign_shallow_commits_to_refs(si, NULL, ref_status);
1663 for (cmd = commands; cmd; cmd = cmd->next) {
1664 if (is_null_sha1(cmd->new_sha1))
1665 continue;
1666 if (ref_status[cmd->index]) {
1667 cmd->error_string = "shallow update not allowed";
1668 cmd->skip_update = 1;
1669 }
1670 }
1671 free(ref_status);
1672}
1673
1674static void report(struct command *commands, const char *unpack_status)
1675{
1676 struct command *cmd;
1677 struct strbuf buf = STRBUF_INIT;
1678
1679 packet_buf_write(&buf, "unpack %s\n",
1680 unpack_status ? unpack_status : "ok");
1681 for (cmd = commands; cmd; cmd = cmd->next) {
1682 if (!cmd->error_string)
1683 packet_buf_write(&buf, "ok %s\n",
1684 cmd->ref_name);
1685 else
1686 packet_buf_write(&buf, "ng %s %s\n",
1687 cmd->ref_name, cmd->error_string);
1688 }
1689 packet_buf_flush(&buf);
1690
1691 if (use_sideband)
1692 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1693 else
1694 write_or_die(1, buf.buf, buf.len);
1695 strbuf_release(&buf);
1696}
1697
1698static int delete_only(struct command *commands)
1699{
1700 struct command *cmd;
1701 for (cmd = commands; cmd; cmd = cmd->next) {
1702 if (!is_null_sha1(cmd->new_sha1))
1703 return 0;
1704 }
1705 return 1;
1706}
1707
1708int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1709{
1710 int advertise_refs = 0;
1711 struct command *commands;
1712 struct sha1_array shallow = SHA1_ARRAY_INIT;
1713 struct sha1_array ref = SHA1_ARRAY_INIT;
1714 struct shallow_info si;
1715
1716 struct option options[] = {
1717 OPT__QUIET(&quiet, N_("quiet")),
1718 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1719 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1720 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1721 OPT_END()
1722 };
1723
1724 packet_trace_identity("receive-pack");
1725
1726 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1727
1728 if (argc > 1)
1729 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1730 if (argc == 0)
1731 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1732
1733 service_dir = argv[0];
1734
1735 setup_path();
1736
1737 if (!enter_repo(service_dir, 0))
1738 die("'%s' does not appear to be a git repository", service_dir);
1739
1740 git_config(receive_pack_config, NULL);
1741 if (cert_nonce_seed)
1742 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1743
1744 if (0 <= transfer_unpack_limit)
1745 unpack_limit = transfer_unpack_limit;
1746 else if (0 <= receive_unpack_limit)
1747 unpack_limit = receive_unpack_limit;
1748
1749 if (advertise_refs || !stateless_rpc) {
1750 write_head_info();
1751 }
1752 if (advertise_refs)
1753 return 0;
1754
1755 if ((commands = read_head_info(&shallow)) != NULL) {
1756 const char *unpack_status = NULL;
1757
1758 prepare_shallow_info(&si, &shallow);
1759 if (!si.nr_ours && !si.nr_theirs)
1760 shallow_update = 0;
1761 if (!delete_only(commands)) {
1762 unpack_status = unpack_with_sideband(&si);
1763 update_shallow_info(commands, &si, &ref);
1764 }
1765 execute_commands(commands, unpack_status, &si);
1766 if (pack_lockfile)
1767 unlink_or_warn(pack_lockfile);
1768 if (report_status)
1769 report(commands, unpack_status);
1770 run_receive_hook(commands, "post-receive", 1);
1771 run_update_post_hook(commands);
1772 if (auto_gc) {
1773 const char *argv_gc_auto[] = {
1774 "gc", "--auto", "--quiet", NULL,
1775 };
1776 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1777 close_all_packs();
1778 run_command_v_opt(argv_gc_auto, opt);
1779 }
1780 if (auto_update_server_info)
1781 update_server_info(0);
1782 clear_shallow_info(&si);
1783 }
1784 if (use_sideband)
1785 packet_flush(1);
1786 sha1_array_clear(&shallow);
1787 sha1_array_clear(&ref);
1788 free((void *)push_cert_nonce);
1789 return 0;
1790}