1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24#include "oidset.h"
25static const char * const receive_pack_usage[] = {
27 N_("git receive-pack <git-dir>"),
28 NULL
29};
30enum deny_action {
32 DENY_UNCONFIGURED,
33 DENY_IGNORE,
34 DENY_WARN,
35 DENY_REFUSE,
36 DENY_UPDATE_INSTEAD
37};
38static int deny_deletes;
40static int deny_non_fast_forwards;
41static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
42static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
43static int receive_fsck_objects = -1;
44static int transfer_fsck_objects = -1;
45static struct strbuf fsck_msg_types = STRBUF_INIT;
46static int receive_unpack_limit = -1;
47static int transfer_unpack_limit = -1;
48static int advertise_atomic_push = 1;
49static int advertise_push_options;
50static int unpack_limit = 100;
51static off_t max_input_size;
52static int report_status;
53static int use_sideband;
54static int use_atomic;
55static int use_push_options;
56static int quiet;
57static int prefer_ofs_delta = 1;
58static int auto_update_server_info;
59static int auto_gc = 1;
60static int reject_thin;
61static int stateless_rpc;
62static const char *service_dir;
63static const char *head_name;
64static void *head_name_to_free;
65static int sent_capabilities;
66static int shallow_update;
67static const char *alt_shallow_file;
68static struct strbuf push_cert = STRBUF_INIT;
69static unsigned char push_cert_sha1[20];
70static struct signature_check sigcheck;
71static const char *push_cert_nonce;
72static const char *cert_nonce_seed;
73static const char *NONCE_UNSOLICITED = "UNSOLICITED";
75static const char *NONCE_BAD = "BAD";
76static const char *NONCE_MISSING = "MISSING";
77static const char *NONCE_OK = "OK";
78static const char *NONCE_SLOP = "SLOP";
79static const char *nonce_status;
80static long nonce_stamp_slop;
81static unsigned long nonce_stamp_slop_limit;
82static struct ref_transaction *transaction;
83static enum {
85 KEEPALIVE_NEVER = 0,
86 KEEPALIVE_AFTER_NUL,
87 KEEPALIVE_ALWAYS
88} use_keepalive;
89static int keepalive_in_sec = 5;
90static struct tmp_objdir *tmp_objdir;
92static enum deny_action parse_deny_action(const char *var, const char *value)
94{
95 if (value) {
96 if (!strcasecmp(value, "ignore"))
97 return DENY_IGNORE;
98 if (!strcasecmp(value, "warn"))
99 return DENY_WARN;
100 if (!strcasecmp(value, "refuse"))
101 return DENY_REFUSE;
102 if (!strcasecmp(value, "updateinstead"))
103 return DENY_UPDATE_INSTEAD;
104 }
105 if (git_config_bool(var, value))
106 return DENY_REFUSE;
107 return DENY_IGNORE;
108}
109static int receive_pack_config(const char *var, const char *value, void *cb)
111{
112 int status = parse_hide_refs_config(var, value, "receive");
113 if (status)
115 return status;
116 if (strcmp(var, "receive.denydeletes") == 0) {
118 deny_deletes = git_config_bool(var, value);
119 return 0;
120 }
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
123 deny_non_fast_forwards = git_config_bool(var, value);
124 return 0;
125 }
126 if (strcmp(var, "receive.unpacklimit") == 0) {
128 receive_unpack_limit = git_config_int(var, value);
129 return 0;
130 }
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
133 transfer_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
138 const char *path;
139 if (git_config_pathname(&path, var, value))
141 return 1;
142 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
143 fsck_msg_types.len ? ',' : '=', path);
144 free((char *)path);
145 return 0;
146 }
147 if (skip_prefix(var, "receive.fsck.", &var)) {
149 if (is_valid_msg_type(var, value))
150 strbuf_addf(&fsck_msg_types, "%c%s=%s",
151 fsck_msg_types.len ? ',' : '=', var, value);
152 else
153 warning("Skipping unknown msg id '%s'", var);
154 return 0;
155 }
156 if (strcmp(var, "receive.fsckobjects") == 0) {
158 receive_fsck_objects = git_config_bool(var, value);
159 return 0;
160 }
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
163 transfer_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166 if (!strcmp(var, "receive.denycurrentbranch")) {
168 deny_current_branch = parse_deny_action(var, value);
169 return 0;
170 }
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
173 deny_delete_current = parse_deny_action(var, value);
174 return 0;
175 }
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
178 prefer_ofs_delta = git_config_bool(var, value);
179 return 0;
180 }
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
183 auto_update_server_info = git_config_bool(var, value);
184 return 0;
185 }
186 if (strcmp(var, "receive.autogc") == 0) {
188 auto_gc = git_config_bool(var, value);
189 return 0;
190 }
191 if (strcmp(var, "receive.shallowupdate") == 0) {
193 shallow_update = git_config_bool(var, value);
194 return 0;
195 }
196 if (strcmp(var, "receive.certnonceseed") == 0)
198 return git_config_string(&cert_nonce_seed, var, value);
199 if (strcmp(var, "receive.certnonceslop") == 0) {
201 nonce_stamp_slop_limit = git_config_ulong(var, value);
202 return 0;
203 }
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
206 advertise_atomic_push = git_config_bool(var, value);
207 return 0;
208 }
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
211 advertise_push_options = git_config_bool(var, value);
212 return 0;
213 }
214 if (strcmp(var, "receive.keepalive") == 0) {
216 keepalive_in_sec = git_config_int(var, value);
217 return 0;
218 }
219 if (strcmp(var, "receive.maxinputsize") == 0) {
221 max_input_size = git_config_int64(var, value);
222 return 0;
223 }
224 return git_default_config(var, value, cb);
226}
227static void show_ref(const char *path, const struct object_id *oid)
229{
230 if (sent_capabilities) {
231 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
232 } else {
233 struct strbuf cap = STRBUF_INIT;
234 strbuf_addstr(&cap,
236 "report-status delete-refs side-band-64k quiet");
237 if (advertise_atomic_push)
238 strbuf_addstr(&cap, " atomic");
239 if (prefer_ofs_delta)
240 strbuf_addstr(&cap, " ofs-delta");
241 if (push_cert_nonce)
242 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
243 if (advertise_push_options)
244 strbuf_addstr(&cap, " push-options");
245 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
246 packet_write_fmt(1, "%s %s%c%s\n",
247 oid_to_hex(oid), path, 0, cap.buf);
248 strbuf_release(&cap);
249 sent_capabilities = 1;
250 }
251}
252static int show_ref_cb(const char *path_full, const struct object_id *oid,
254 int flag, void *data)
255{
256 struct oidset *seen = data;
257 const char *path = strip_namespace(path_full);
258 if (ref_is_hidden(path, path_full))
260 return 0;
261 /*
263 * Advertise refs outside our current namespace as ".have"
264 * refs, so that the client can use them to minimize data
265 * transfer but will otherwise ignore them.
266 */
267 if (!path) {
268 if (oidset_insert(seen, oid))
269 return 0;
270 path = ".have";
271 } else {
272 oidset_insert(seen, oid);
273 }
274 show_ref(path, oid);
275 return 0;
276}
277static void show_one_alternate_ref(const char *refname,
279 const struct object_id *oid,
280 void *data)
281{
282 struct oidset *seen = data;
283 if (oidset_insert(seen, oid))
285 return;
286 show_ref(".have", oid);
288}
289static void write_head_info(void)
291{
292 static struct oidset seen = OIDSET_INIT;
293 for_each_ref(show_ref_cb, &seen);
295 for_each_alternate_ref(show_one_alternate_ref, &seen);
296 oidset_clear(&seen);
297 if (!sent_capabilities)
298 show_ref("capabilities^{}", &null_oid);
299 advertise_shallow_grafts(1);
301 /* EOF */
303 packet_flush(1);
304}
305struct command {
307 struct command *next;
308 const char *error_string;
309 unsigned int skip_update:1,
310 did_not_exist:1;
311 int index;
312 struct object_id old_oid;
313 struct object_id new_oid;
314 char ref_name[FLEX_ARRAY]; /* more */
315};
316static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
318static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
319static void report_message(const char *prefix, const char *err, va_list params)
321{
322 int sz;
323 char msg[4096];
324 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
326 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
327 if (sz > (sizeof(msg) - 1))
328 sz = sizeof(msg) - 1;
329 msg[sz++] = '\n';
330 if (use_sideband)
332 send_sideband(1, 2, msg, sz, use_sideband);
333 else
334 xwrite(2, msg, sz);
335}
336static void rp_warning(const char *err, ...)
338{
339 va_list params;
340 va_start(params, err);
341 report_message("warning: ", err, params);
342 va_end(params);
343}
344static void rp_error(const char *err, ...)
346{
347 va_list params;
348 va_start(params, err);
349 report_message("error: ", err, params);
350 va_end(params);
351}
352static int copy_to_sideband(int in, int out, void *arg)
354{
355 char data[128];
356 int keepalive_active = 0;
357 if (keepalive_in_sec <= 0)
359 use_keepalive = KEEPALIVE_NEVER;
360 if (use_keepalive == KEEPALIVE_ALWAYS)
361 keepalive_active = 1;
362 while (1) {
364 ssize_t sz;
365 if (keepalive_active) {
367 struct pollfd pfd;
368 int ret;
369 pfd.fd = in;
371 pfd.events = POLLIN;
372 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
373 if (ret < 0) {
375 if (errno == EINTR)
376 continue;
377 else
378 break;
379 } else if (ret == 0) {
380 /* no data; send a keepalive packet */
381 static const char buf[] = "0005\1";
382 write_or_die(1, buf, sizeof(buf) - 1);
383 continue;
384 } /* else there is actual data to read */
385 }
386 sz = xread(in, data, sizeof(data));
388 if (sz <= 0)
389 break;
390 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
392 const char *p = memchr(data, '\0', sz);
393 if (p) {
394 /*
395 * The NUL tells us to start sending keepalives. Make
396 * sure we send any other data we read along
397 * with it.
398 */
399 keepalive_active = 1;
400 send_sideband(1, 2, data, p - data, use_sideband);
401 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
402 continue;
403 }
404 }
405 /*
407 * Either we're not looking for a NUL signal, or we didn't see
408 * it yet; just pass along the data.
409 */
410 send_sideband(1, 2, data, sz, use_sideband);
411 }
412 close(in);
413 return 0;
414}
415#define HMAC_BLOCK_SIZE 64
417static void hmac_sha1(unsigned char *out,
419 const char *key_in, size_t key_len,
420 const char *text, size_t text_len)
421{
422 unsigned char key[HMAC_BLOCK_SIZE];
423 unsigned char k_ipad[HMAC_BLOCK_SIZE];
424 unsigned char k_opad[HMAC_BLOCK_SIZE];
425 int i;
426 git_SHA_CTX ctx;
427 /* RFC 2104 2. (1) */
429 memset(key, '\0', HMAC_BLOCK_SIZE);
430 if (HMAC_BLOCK_SIZE < key_len) {
431 git_SHA1_Init(&ctx);
432 git_SHA1_Update(&ctx, key_in, key_len);
433 git_SHA1_Final(key, &ctx);
434 } else {
435 memcpy(key, key_in, key_len);
436 }
437 /* RFC 2104 2. (2) & (5) */
439 for (i = 0; i < sizeof(key); i++) {
440 k_ipad[i] = key[i] ^ 0x36;
441 k_opad[i] = key[i] ^ 0x5c;
442 }
443 /* RFC 2104 2. (3) & (4) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
447 git_SHA1_Update(&ctx, text, text_len);
448 git_SHA1_Final(out, &ctx);
449 /* RFC 2104 2. (6) & (7) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
453 git_SHA1_Update(&ctx, out, 20);
454 git_SHA1_Final(out, &ctx);
455}
456static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
458{
459 struct strbuf buf = STRBUF_INIT;
460 unsigned char sha1[20];
461 strbuf_addf(&buf, "%s:%lu", path, stamp);
463 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
464 strbuf_release(&buf);
465 /* RFC 2104 5. HMAC-SHA1-80 */
467 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
468 return strbuf_detach(&buf, NULL);
469}
470/*
472 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
473 * after dropping "_commit" from its name and possibly moving it out
474 * of commit.c
475 */
476static char *find_header(const char *msg, size_t len, const char *key)
477{
478 int key_len = strlen(key);
479 const char *line = msg;
480 while (line && line < msg + len) {
482 const char *eol = strchrnul(line, '\n');
483 if ((msg + len <= eol) || line == eol)
485 return NULL;
486 if (line + key_len < eol &&
487 !memcmp(line, key, key_len) && line[key_len] == ' ') {
488 int offset = key_len + 1;
489 return xmemdupz(line + offset, (eol - line) - offset);
490 }
491 line = *eol ? eol + 1 : NULL;
492 }
493 return NULL;
494}
495static const char *check_nonce(const char *buf, size_t len)
497{
498 char *nonce = find_header(buf, len, "nonce");
499 unsigned long stamp, ostamp;
500 char *bohmac, *expect = NULL;
501 const char *retval = NONCE_BAD;
502 if (!nonce) {
504 retval = NONCE_MISSING;
505 goto leave;
506 } else if (!push_cert_nonce) {
507 retval = NONCE_UNSOLICITED;
508 goto leave;
509 } else if (!strcmp(push_cert_nonce, nonce)) {
510 retval = NONCE_OK;
511 goto leave;
512 }
513 if (!stateless_rpc) {
515 /* returned nonce MUST match what we gave out earlier */
516 retval = NONCE_BAD;
517 goto leave;
518 }
519 /*
521 * In stateless mode, we may be receiving a nonce issued by
522 * another instance of the server that serving the same
523 * repository, and the timestamps may not match, but the
524 * nonce-seed and dir should match, so we can recompute and
525 * report the time slop.
526 *
527 * In addition, when a nonce issued by another instance has
528 * timestamp within receive.certnonceslop seconds, we pretend
529 * as if we issued that nonce when reporting to the hook.
530 */
531 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
533 if (*nonce <= '0' || '9' < *nonce) {
534 retval = NONCE_BAD;
535 goto leave;
536 }
537 stamp = strtoul(nonce, &bohmac, 10);
538 if (bohmac == nonce || bohmac[0] != '-') {
539 retval = NONCE_BAD;
540 goto leave;
541 }
542 expect = prepare_push_cert_nonce(service_dir, stamp);
544 if (strcmp(expect, nonce)) {
545 /* Not what we would have signed earlier */
546 retval = NONCE_BAD;
547 goto leave;
548 }
549 /*
551 * By how many seconds is this nonce stale? Negative value
552 * would mean it was issued by another server with its clock
553 * skewed in the future.
554 */
555 ostamp = strtoul(push_cert_nonce, NULL, 10);
556 nonce_stamp_slop = (long)ostamp - (long)stamp;
557 if (nonce_stamp_slop_limit &&
559 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
560 /*
561 * Pretend as if the received nonce (which passes the
562 * HMAC check, so it is not a forged by third-party)
563 * is what we issued.
564 */
565 free((void *)push_cert_nonce);
566 push_cert_nonce = xstrdup(nonce);
567 retval = NONCE_OK;
568 } else {
569 retval = NONCE_SLOP;
570 }
571leave:
573 free(nonce);
574 free(expect);
575 return retval;
576}
577static void prepare_push_cert_sha1(struct child_process *proc)
579{
580 static int already_done;
581 if (!push_cert.len)
583 return;
584 if (!already_done) {
586 struct strbuf gpg_output = STRBUF_INIT;
587 struct strbuf gpg_status = STRBUF_INIT;
588 int bogs /* beginning_of_gpg_sig */;
589 already_done = 1;
591 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
592 hashclr(push_cert_sha1);
593 memset(&sigcheck, '\0', sizeof(sigcheck));
595 sigcheck.result = 'N';
596 bogs = parse_signature(push_cert.buf, push_cert.len);
598 if (verify_signed_buffer(push_cert.buf, bogs,
599 push_cert.buf + bogs, push_cert.len - bogs,
600 &gpg_output, &gpg_status) < 0) {
601 ; /* error running gpg */
602 } else {
603 sigcheck.payload = push_cert.buf;
604 sigcheck.gpg_output = gpg_output.buf;
605 sigcheck.gpg_status = gpg_status.buf;
606 parse_gpg_output(&sigcheck);
607 }
608 strbuf_release(&gpg_output);
610 strbuf_release(&gpg_status);
611 nonce_status = check_nonce(push_cert.buf, bogs);
612 }
613 if (!is_null_sha1(push_cert_sha1)) {
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
615 sha1_to_hex(push_cert_sha1));
616 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
617 sigcheck.signer ? sigcheck.signer : "");
618 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
619 sigcheck.key ? sigcheck.key : "");
620 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
621 sigcheck.result);
622 if (push_cert_nonce) {
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE=%s",
625 push_cert_nonce);
626 argv_array_pushf(&proc->env_array,
627 "GIT_PUSH_CERT_NONCE_STATUS=%s",
628 nonce_status);
629 if (nonce_status == NONCE_SLOP)
630 argv_array_pushf(&proc->env_array,
631 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
632 nonce_stamp_slop);
633 }
634 }
635}
636struct receive_hook_feed_state {
638 struct command *cmd;
639 int skip_broken;
640 struct strbuf buf;
641 const struct string_list *push_options;
642};
643typedef int (*feed_fn)(void *, const char **, size_t *);
645static int run_and_feed_hook(const char *hook_name, feed_fn feed,
646 struct receive_hook_feed_state *feed_state)
647{
648 struct child_process proc = CHILD_PROCESS_INIT;
649 struct async muxer;
650 const char *argv[2];
651 int code;
652 argv[0] = find_hook(hook_name);
654 if (!argv[0])
655 return 0;
656 argv[1] = NULL;
658 proc.argv = argv;
660 proc.in = -1;
661 proc.stdout_to_stderr = 1;
662 if (feed_state->push_options) {
663 int i;
664 for (i = 0; i < feed_state->push_options->nr; i++)
665 argv_array_pushf(&proc.env_array,
666 "GIT_PUSH_OPTION_%d=%s", i,
667 feed_state->push_options->items[i].string);
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
669 feed_state->push_options->nr);
670 } else
671 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
672 if (tmp_objdir)
674 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
675 if (use_sideband) {
677 memset(&muxer, 0, sizeof(muxer));
678 muxer.proc = copy_to_sideband;
679 muxer.in = -1;
680 code = start_async(&muxer);
681 if (code)
682 return code;
683 proc.err = muxer.in;
684 }
685 prepare_push_cert_sha1(&proc);
687 code = start_command(&proc);
689 if (code) {
690 if (use_sideband)
691 finish_async(&muxer);
692 return code;
693 }
694 sigchain_push(SIGPIPE, SIG_IGN);
696 while (1) {
698 const char *buf;
699 size_t n;
700 if (feed(feed_state, &buf, &n))
701 break;
702 if (write_in_full(proc.in, buf, n) != n)
703 break;
704 }
705 close(proc.in);
706 if (use_sideband)
707 finish_async(&muxer);
708 sigchain_pop(SIGPIPE);
710 return finish_command(&proc);
712}
713static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
715{
716 struct receive_hook_feed_state *state = state_;
717 struct command *cmd = state->cmd;
718 while (cmd &&
720 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
721 cmd = cmd->next;
722 if (!cmd)
723 return -1; /* EOF */
724 strbuf_reset(&state->buf);
725 strbuf_addf(&state->buf, "%s %s %s\n",
726 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
727 cmd->ref_name);
728 state->cmd = cmd->next;
729 if (bufp) {
730 *bufp = state->buf.buf;
731 *sizep = state->buf.len;
732 }
733 return 0;
734}
735static int run_receive_hook(struct command *commands,
737 const char *hook_name,
738 int skip_broken,
739 const struct string_list *push_options)
740{
741 struct receive_hook_feed_state state;
742 int status;
743 strbuf_init(&state.buf, 0);
745 state.cmd = commands;
746 state.skip_broken = skip_broken;
747 if (feed_receive_hook(&state, NULL, NULL))
748 return 0;
749 state.cmd = commands;
750 state.push_options = push_options;
751 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
752 strbuf_release(&state.buf);
753 return status;
754}
755static int run_update_hook(struct command *cmd)
757{
758 const char *argv[5];
759 struct child_process proc = CHILD_PROCESS_INIT;
760 int code;
761 argv[0] = find_hook("update");
763 if (!argv[0])
764 return 0;
765 argv[1] = cmd->ref_name;
767 argv[2] = oid_to_hex(&cmd->old_oid);
768 argv[3] = oid_to_hex(&cmd->new_oid);
769 argv[4] = NULL;
770 proc.no_stdin = 1;
772 proc.stdout_to_stderr = 1;
773 proc.err = use_sideband ? -1 : 0;
774 proc.argv = argv;
775 code = start_command(&proc);
777 if (code)
778 return code;
779 if (use_sideband)
780 copy_to_sideband(proc.err, -1, NULL);
781 return finish_command(&proc);
782}
783static int is_ref_checked_out(const char *ref)
785{
786 if (is_bare_repository())
787 return 0;
788 if (!head_name)
790 return 0;
791 return !strcmp(head_name, ref);
792}
793static char *refuse_unconfigured_deny_msg =
795 N_("By default, updating the current branch in a non-bare repository\n"
796 "is denied, because it will make the index and work tree inconsistent\n"
797 "with what you pushed, and will require 'git reset --hard' to match\n"
798 "the work tree to HEAD.\n"
799 "\n"
800 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
801 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
802 "its current branch; however, this is not recommended unless you\n"
803 "arranged to update its work tree to match what you pushed in some\n"
804 "other way.\n"
805 "\n"
806 "To squelch this message and still keep the default behaviour, set\n"
807 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
808static void refuse_unconfigured_deny(void)
810{
811 rp_error("%s", _(refuse_unconfigured_deny_msg));
812}
813static char *refuse_unconfigured_deny_delete_current_msg =
815 N_("By default, deleting the current branch is denied, because the next\n"
816 "'git clone' won't result in any file checked out, causing confusion.\n"
817 "\n"
818 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
819 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
820 "current branch, with or without a warning message.\n"
821 "\n"
822 "To squelch this message, you can set it to 'refuse'.");
823static void refuse_unconfigured_deny_delete_current(void)
825{
826 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
827}
828static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
830static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
831{
832 static struct lock_file shallow_lock;
833 struct oid_array extra = OID_ARRAY_INIT;
834 struct check_connected_options opt = CHECK_CONNECTED_INIT;
835 uint32_t mask = 1 << (cmd->index % 32);
836 int i;
837 trace_printf_key(&trace_shallow,
839 "shallow: update_shallow_ref %s\n", cmd->ref_name);
840 for (i = 0; i < si->shallow->nr; i++)
841 if (si->used_shallow[i] &&
842 (si->used_shallow[i][cmd->index / 32] & mask) &&
843 !delayed_reachability_test(si, i))
844 oid_array_append(&extra, &si->shallow->oid[i]);
845 opt.env = tmp_objdir_env(tmp_objdir);
847 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
848 if (check_connected(command_singleton_iterator, cmd, &opt)) {
849 rollback_lock_file(&shallow_lock);
850 oid_array_clear(&extra);
851 return -1;
852 }
853 commit_lock_file(&shallow_lock);
855 /*
857 * Make sure setup_alternate_shallow() for the next ref does
858 * not lose these new roots..
859 */
860 for (i = 0; i < extra.nr; i++)
861 register_shallow(extra.oid[i].hash);
862 si->shallow_ref[cmd->index] = 0;
864 oid_array_clear(&extra);
865 return 0;
866}
867/*
869 * NEEDSWORK: we should consolidate various implementions of "are we
870 * on an unborn branch?" test into one, and make the unified one more
871 * robust. !get_sha1() based check used here and elsewhere would not
872 * allow us to tell an unborn branch from corrupt ref, for example.
873 * For the purpose of fixing "deploy-to-update does not work when
874 * pushing into an empty repository" issue, this should suffice for
875 * now.
876 */
877static int head_has_history(void)
878{
879 unsigned char sha1[20];
880 return !get_sha1("HEAD", sha1);
882}
883static const char *push_to_deploy(unsigned char *sha1,
885 struct argv_array *env,
886 const char *work_tree)
887{
888 const char *update_refresh[] = {
889 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
890 };
891 const char *diff_files[] = {
892 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
893 };
894 const char *diff_index[] = {
895 "diff-index", "--quiet", "--cached", "--ignore-submodules",
896 NULL, "--", NULL
897 };
898 const char *read_tree[] = {
899 "read-tree", "-u", "-m", NULL, NULL
900 };
901 struct child_process child = CHILD_PROCESS_INIT;
902 child.argv = update_refresh;
904 child.env = env->argv;
905 child.dir = work_tree;
906 child.no_stdin = 1;
907 child.stdout_to_stderr = 1;
908 child.git_cmd = 1;
909 if (run_command(&child))
910 return "Up-to-date check failed";
911 /* run_command() does not clean up completely; reinitialize */
913 child_process_init(&child);
914 child.argv = diff_files;
915 child.env = env->argv;
916 child.dir = work_tree;
917 child.no_stdin = 1;
918 child.stdout_to_stderr = 1;
919 child.git_cmd = 1;
920 if (run_command(&child))
921 return "Working directory has unstaged changes";
922 /* diff-index with either HEAD or an empty tree */
924 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
925 child_process_init(&child);
927 child.argv = diff_index;
928 child.env = env->argv;
929 child.no_stdin = 1;
930 child.no_stdout = 1;
931 child.stdout_to_stderr = 0;
932 child.git_cmd = 1;
933 if (run_command(&child))
934 return "Working directory has staged changes";
935 read_tree[3] = sha1_to_hex(sha1);
937 child_process_init(&child);
938 child.argv = read_tree;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.no_stdout = 1;
943 child.stdout_to_stderr = 0;
944 child.git_cmd = 1;
945 if (run_command(&child))
946 return "Could not update working tree to new HEAD";
947 return NULL;
949}
950static const char *push_to_checkout_hook = "push-to-checkout";
952static const char *push_to_checkout(unsigned char *sha1,
954 struct argv_array *env,
955 const char *work_tree)
956{
957 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
958 if (run_hook_le(env->argv, push_to_checkout_hook,
959 sha1_to_hex(sha1), NULL))
960 return "push-to-checkout hook declined";
961 else
962 return NULL;
963}
964static const char *update_worktree(unsigned char *sha1)
966{
967 const char *retval;
968 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
969 struct argv_array env = ARGV_ARRAY_INIT;
970 if (is_bare_repository())
972 return "denyCurrentBranch = updateInstead needs a worktree";
973 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
975 if (!find_hook(push_to_checkout_hook))
977 retval = push_to_deploy(sha1, &env, work_tree);
978 else
979 retval = push_to_checkout(sha1, &env, work_tree);
980 argv_array_clear(&env);
982 return retval;
983}
984static const char *update(struct command *cmd, struct shallow_info *si)
986{
987 const char *name = cmd->ref_name;
988 struct strbuf namespaced_name_buf = STRBUF_INIT;
989 static char *namespaced_name;
990 const char *ret;
991 struct object_id *old_oid = &cmd->old_oid;
992 struct object_id *new_oid = &cmd->new_oid;
993 /* only refs/... are allowed */
995 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
996 rp_error("refusing to create funny ref '%s' remotely", name);
997 return "funny refname";
998 }
999 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1001 free(namespaced_name);
1002 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1003 if (is_ref_checked_out(namespaced_name)) {
1005 switch (deny_current_branch) {
1006 case DENY_IGNORE:
1007 break;
1008 case DENY_WARN:
1009 rp_warning("updating the current branch");
1010 break;
1011 case DENY_REFUSE:
1012 case DENY_UNCONFIGURED:
1013 rp_error("refusing to update checked out branch: %s", name);
1014 if (deny_current_branch == DENY_UNCONFIGURED)
1015 refuse_unconfigured_deny();
1016 return "branch is currently checked out";
1017 case DENY_UPDATE_INSTEAD:
1018 ret = update_worktree(new_oid->hash);
1019 if (ret)
1020 return ret;
1021 break;
1022 }
1023 }
1024 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1026 error("unpack should have generated %s, "
1027 "but I can't find it!", oid_to_hex(new_oid));
1028 return "bad pack";
1029 }
1030 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1032 if (deny_deletes && starts_with(name, "refs/heads/")) {
1033 rp_error("denying ref deletion for %s", name);
1034 return "deletion prohibited";
1035 }
1036 if (head_name && !strcmp(namespaced_name, head_name)) {
1038 switch (deny_delete_current) {
1039 case DENY_IGNORE:
1040 break;
1041 case DENY_WARN:
1042 rp_warning("deleting the current branch");
1043 break;
1044 case DENY_REFUSE:
1045 case DENY_UNCONFIGURED:
1046 case DENY_UPDATE_INSTEAD:
1047 if (deny_delete_current == DENY_UNCONFIGURED)
1048 refuse_unconfigured_deny_delete_current();
1049 rp_error("refusing to delete the current branch: %s", name);
1050 return "deletion of the current branch prohibited";
1051 default:
1052 return "Invalid denyDeleteCurrent setting";
1053 }
1054 }
1055 }
1056 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1058 !is_null_oid(old_oid) &&
1059 starts_with(name, "refs/heads/")) {
1060 struct object *old_object, *new_object;
1061 struct commit *old_commit, *new_commit;
1062 old_object = parse_object(old_oid->hash);
1064 new_object = parse_object(new_oid->hash);
1065 if (!old_object || !new_object ||
1067 old_object->type != OBJ_COMMIT ||
1068 new_object->type != OBJ_COMMIT) {
1069 error("bad sha1 objects for %s", name);
1070 return "bad ref";
1071 }
1072 old_commit = (struct commit *)old_object;
1073 new_commit = (struct commit *)new_object;
1074 if (!in_merge_bases(old_commit, new_commit)) {
1075 rp_error("denying non-fast-forward %s"
1076 " (you should pull first)", name);
1077 return "non-fast-forward";
1078 }
1079 }
1080 if (run_update_hook(cmd)) {
1081 rp_error("hook declined to update %s", name);
1082 return "hook declined";
1083 }
1084 if (is_null_oid(new_oid)) {
1086 struct strbuf err = STRBUF_INIT;
1087 if (!parse_object(old_oid->hash)) {
1088 old_oid = NULL;
1089 if (ref_exists(name)) {
1090 rp_warning("Allowing deletion of corrupt ref.");
1091 } else {
1092 rp_warning("Deleting a non-existent ref.");
1093 cmd->did_not_exist = 1;
1094 }
1095 }
1096 if (ref_transaction_delete(transaction,
1097 namespaced_name,
1098 old_oid->hash,
1099 0, "push", &err)) {
1100 rp_error("%s", err.buf);
1101 strbuf_release(&err);
1102 return "failed to delete";
1103 }
1104 strbuf_release(&err);
1105 return NULL; /* good */
1106 }
1107 else {
1108 struct strbuf err = STRBUF_INIT;
1109 if (shallow_update && si->shallow_ref[cmd->index] &&
1110 update_shallow_ref(cmd, si))
1111 return "shallow error";
1112 if (ref_transaction_update(transaction,
1114 namespaced_name,
1115 new_oid->hash, old_oid->hash,
1116 0, "push",
1117 &err)) {
1118 rp_error("%s", err.buf);
1119 strbuf_release(&err);
1120 return "failed to update ref";
1122 }
1123 strbuf_release(&err);
1124 return NULL; /* good */
1126 }
1127}
1128static void run_update_post_hook(struct command *commands)
1130{
1131 struct command *cmd;
1132 struct child_process proc = CHILD_PROCESS_INIT;
1133 const char *hook;
1134 hook = find_hook("post-update");
1136 if (!hook)
1137 return;
1138 for (cmd = commands; cmd; cmd = cmd->next) {
1140 if (cmd->error_string || cmd->did_not_exist)
1141 continue;
1142 if (!proc.args.argc)
1143 argv_array_push(&proc.args, hook);
1144 argv_array_push(&proc.args, cmd->ref_name);
1145 }
1146 if (!proc.args.argc)
1147 return;
1148 proc.no_stdin = 1;
1150 proc.stdout_to_stderr = 1;
1151 proc.err = use_sideband ? -1 : 0;
1152 if (!start_command(&proc)) {
1154 if (use_sideband)
1155 copy_to_sideband(proc.err, -1, NULL);
1156 finish_command(&proc);
1157 }
1158}
1159static void check_aliased_update(struct command *cmd, struct string_list *list)
1161{
1162 struct strbuf buf = STRBUF_INIT;
1163 const char *dst_name;
1164 struct string_list_item *item;
1165 struct command *dst_cmd;
1166 unsigned char sha1[GIT_MAX_RAWSZ];
1167 int flag;
1168 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1170 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1171 strbuf_release(&buf);
1172 if (!(flag & REF_ISSYMREF))
1174 return;
1175 if (!dst_name) {
1177 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1178 cmd->skip_update = 1;
1179 cmd->error_string = "broken symref";
1180 return;
1181 }
1182 dst_name = strip_namespace(dst_name);
1183 if ((item = string_list_lookup(list, dst_name)) == NULL)
1185 return;
1186 cmd->skip_update = 1;
1188 dst_cmd = (struct command *) item->util;
1190 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1192 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1193 return;
1194 dst_cmd->skip_update = 1;
1196 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1198 " its target '%s' (%s..%s)",
1199 cmd->ref_name,
1200 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1201 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1202 dst_cmd->ref_name,
1203 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1204 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1205 cmd->error_string = dst_cmd->error_string =
1207 "inconsistent aliased update";
1208}
1209static void check_aliased_updates(struct command *commands)
1211{
1212 struct command *cmd;
1213 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1214 for (cmd = commands; cmd; cmd = cmd->next) {
1216 struct string_list_item *item =
1217 string_list_append(&ref_list, cmd->ref_name);
1218 item->util = (void *)cmd;
1219 }
1220 string_list_sort(&ref_list);
1221 for (cmd = commands; cmd; cmd = cmd->next) {
1223 if (!cmd->error_string)
1224 check_aliased_update(cmd, &ref_list);
1225 }
1226 string_list_clear(&ref_list, 0);
1228}
1229static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1231{
1232 struct command **cmd_list = cb_data;
1233 struct command *cmd = *cmd_list;
1234 if (!cmd || is_null_oid(&cmd->new_oid))
1236 return -1; /* end of list */
1237 *cmd_list = NULL; /* this returns only one */
1238 hashcpy(sha1, cmd->new_oid.hash);
1239 return 0;
1240}
1241static void set_connectivity_errors(struct command *commands,
1243 struct shallow_info *si)
1244{
1245 struct command *cmd;
1246 for (cmd = commands; cmd; cmd = cmd->next) {
1248 struct command *singleton = cmd;
1249 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1250 if (shallow_update && si->shallow_ref[cmd->index])
1252 /* to be checked in update_shallow_ref() */
1253 continue;
1254 opt.env = tmp_objdir_env(tmp_objdir);
1256 if (!check_connected(command_singleton_iterator, &singleton,
1257 &opt))
1258 continue;
1259 cmd->error_string = "missing necessary objects";
1261 }
1262}
1263struct iterate_data {
1265 struct command *cmds;
1266 struct shallow_info *si;
1267};
1268static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1270{
1271 struct iterate_data *data = cb_data;
1272 struct command **cmd_list = &data->cmds;
1273 struct command *cmd = *cmd_list;
1274 for (; cmd; cmd = cmd->next) {
1276 if (shallow_update && data->si->shallow_ref[cmd->index])
1277 /* to be checked in update_shallow_ref() */
1278 continue;
1279 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1280 hashcpy(sha1, cmd->new_oid.hash);
1281 *cmd_list = cmd->next;
1282 return 0;
1283 }
1284 }
1285 *cmd_list = NULL;
1286 return -1; /* end of list */
1287}
1288static void reject_updates_to_hidden(struct command *commands)
1290{
1291 struct strbuf refname_full = STRBUF_INIT;
1292 size_t prefix_len;
1293 struct command *cmd;
1294 strbuf_addstr(&refname_full, get_git_namespace());
1296 prefix_len = refname_full.len;
1297 for (cmd = commands; cmd; cmd = cmd->next) {
1299 if (cmd->error_string)
1300 continue;
1301 strbuf_setlen(&refname_full, prefix_len);
1303 strbuf_addstr(&refname_full, cmd->ref_name);
1304 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1306 continue;
1307 if (is_null_oid(&cmd->new_oid))
1308 cmd->error_string = "deny deleting a hidden ref";
1309 else
1310 cmd->error_string = "deny updating a hidden ref";
1311 }
1312 strbuf_release(&refname_full);
1314}
1315static int should_process_cmd(struct command *cmd)
1317{
1318 return !cmd->error_string && !cmd->skip_update;
1319}
1320static void warn_if_skipped_connectivity_check(struct command *commands,
1322 struct shallow_info *si)
1323{
1324 struct command *cmd;
1325 int checked_connectivity = 1;
1326 for (cmd = commands; cmd; cmd = cmd->next) {
1328 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1329 error("BUG: connectivity check has not been run on ref %s",
1330 cmd->ref_name);
1331 checked_connectivity = 0;
1332 }
1333 }
1334 if (!checked_connectivity)
1335 die("BUG: connectivity check skipped???");
1336}
1337static void execute_commands_non_atomic(struct command *commands,
1339 struct shallow_info *si)
1340{
1341 struct command *cmd;
1342 struct strbuf err = STRBUF_INIT;
1343 for (cmd = commands; cmd; cmd = cmd->next) {
1345 if (!should_process_cmd(cmd))
1346 continue;
1347 transaction = ref_transaction_begin(&err);
1349 if (!transaction) {
1350 rp_error("%s", err.buf);
1351 strbuf_reset(&err);
1352 cmd->error_string = "transaction failed to start";
1353 continue;
1354 }
1355 cmd->error_string = update(cmd, si);
1357 if (!cmd->error_string
1359 && ref_transaction_commit(transaction, &err)) {
1360 rp_error("%s", err.buf);
1361 strbuf_reset(&err);
1362 cmd->error_string = "failed to update ref";
1363 }
1364 ref_transaction_free(transaction);
1365 }
1366 strbuf_release(&err);
1367}
1368static void execute_commands_atomic(struct command *commands,
1370 struct shallow_info *si)
1371{
1372 struct command *cmd;
1373 struct strbuf err = STRBUF_INIT;
1374 const char *reported_error = "atomic push failure";
1375 transaction = ref_transaction_begin(&err);
1377 if (!transaction) {
1378 rp_error("%s", err.buf);
1379 strbuf_reset(&err);
1380 reported_error = "transaction failed to start";
1381 goto failure;
1382 }
1383 for (cmd = commands; cmd; cmd = cmd->next) {
1385 if (!should_process_cmd(cmd))
1386 continue;
1387 cmd->error_string = update(cmd, si);
1389 if (cmd->error_string)
1391 goto failure;
1392 }
1393 if (ref_transaction_commit(transaction, &err)) {
1395 rp_error("%s", err.buf);
1396 reported_error = "atomic transaction failed";
1397 goto failure;
1398 }
1399 goto cleanup;
1400failure:
1402 for (cmd = commands; cmd; cmd = cmd->next)
1403 if (!cmd->error_string)
1404 cmd->error_string = reported_error;
1405cleanup:
1407 ref_transaction_free(transaction);
1408 strbuf_release(&err);
1409}
1410static void execute_commands(struct command *commands,
1412 const char *unpacker_error,
1413 struct shallow_info *si,
1414 const struct string_list *push_options)
1415{
1416 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1417 struct command *cmd;
1418 struct object_id oid;
1419 struct iterate_data data;
1420 struct async muxer;
1421 int err_fd = 0;
1422 if (unpacker_error) {
1424 for (cmd = commands; cmd; cmd = cmd->next)
1425 cmd->error_string = "unpacker error";
1426 return;
1427 }
1428 if (use_sideband) {
1430 memset(&muxer, 0, sizeof(muxer));
1431 muxer.proc = copy_to_sideband;
1432 muxer.in = -1;
1433 if (!start_async(&muxer))
1434 err_fd = muxer.in;
1435 /* ...else, continue without relaying sideband */
1436 }
1437 data.cmds = commands;
1439 data.si = si;
1440 opt.err_fd = err_fd;
1441 opt.progress = err_fd && !quiet;
1442 opt.env = tmp_objdir_env(tmp_objdir);
1443 if (check_connected(iterate_receive_command_list, &data, &opt))
1444 set_connectivity_errors(commands, si);
1445 if (use_sideband)
1447 finish_async(&muxer);
1448 reject_updates_to_hidden(commands);
1450 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1452 for (cmd = commands; cmd; cmd = cmd->next) {
1453 if (!cmd->error_string)
1454 cmd->error_string = "pre-receive hook declined";
1455 }
1456 return;
1457 }
1458 /*
1460 * Now we'll start writing out refs, which means the objects need
1461 * to be in their final positions so that other processes can see them.
1462 */
1463 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1464 for (cmd = commands; cmd; cmd = cmd->next) {
1465 if (!cmd->error_string)
1466 cmd->error_string = "unable to migrate objects to permanent storage";
1467 }
1468 return;
1469 }
1470 tmp_objdir = NULL;
1471 check_aliased_updates(commands);
1473 free(head_name_to_free);
1475 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1476 if (use_atomic)
1478 execute_commands_atomic(commands, si);
1479 else
1480 execute_commands_non_atomic(commands, si);
1481 if (shallow_update)
1483 warn_if_skipped_connectivity_check(commands, si);
1484}
1485static struct command **queue_command(struct command **tail,
1487 const char *line,
1488 int linelen)
1489{
1490 struct object_id old_oid, new_oid;
1491 struct command *cmd;
1492 const char *refname;
1493 int reflen;
1494 const char *p;
1495 if (parse_oid_hex(line, &old_oid, &p) ||
1497 *p++ != ' ' ||
1498 parse_oid_hex(p, &new_oid, &p) ||
1499 *p++ != ' ')
1500 die("protocol error: expected old/new/ref, got '%s'", line);
1501 refname = p;
1503 reflen = linelen - (p - line);
1504 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1505 oidcpy(&cmd->old_oid, &old_oid);
1506 oidcpy(&cmd->new_oid, &new_oid);
1507 *tail = cmd;
1508 return &cmd->next;
1509}
1510static void queue_commands_from_cert(struct command **tail,
1512 struct strbuf *push_cert)
1513{
1514 const char *boc, *eoc;
1515 if (*tail)
1517 die("protocol error: got both push certificate and unsigned commands");
1518 boc = strstr(push_cert->buf, "\n\n");
1520 if (!boc)
1521 die("malformed push certificate %.*s", 100, push_cert->buf);
1522 else
1523 boc += 2;
1524 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1525 while (boc < eoc) {
1527 const char *eol = memchr(boc, '\n', eoc - boc);
1528 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1529 boc = eol ? eol + 1 : eoc;
1530 }
1531}
1532static struct command *read_head_info(struct oid_array *shallow)
1534{
1535 struct command *commands = NULL;
1536 struct command **p = &commands;
1537 for (;;) {
1538 char *line;
1539 int len, linelen;
1540 line = packet_read_line(0, &len);
1542 if (!line)
1543 break;
1544 if (len > 8 && starts_with(line, "shallow ")) {
1546 struct object_id oid;
1547 if (get_oid_hex(line + 8, &oid))
1548 die("protocol error: expected shallow sha, got '%s'",
1549 line + 8);
1550 oid_array_append(shallow, &oid);
1551 continue;
1552 }
1553 linelen = strlen(line);
1555 if (linelen < len) {
1556 const char *feature_list = line + linelen + 1;
1557 if (parse_feature_request(feature_list, "report-status"))
1558 report_status = 1;
1559 if (parse_feature_request(feature_list, "side-band-64k"))
1560 use_sideband = LARGE_PACKET_MAX;
1561 if (parse_feature_request(feature_list, "quiet"))
1562 quiet = 1;
1563 if (advertise_atomic_push
1564 && parse_feature_request(feature_list, "atomic"))
1565 use_atomic = 1;
1566 if (advertise_push_options
1567 && parse_feature_request(feature_list, "push-options"))
1568 use_push_options = 1;
1569 }
1570 if (!strcmp(line, "push-cert")) {
1572 int true_flush = 0;
1573 char certbuf[1024];
1574 for (;;) {
1576 len = packet_read(0, NULL, NULL,
1577 certbuf, sizeof(certbuf), 0);
1578 if (!len) {
1579 true_flush = 1;
1580 break;
1581 }
1582 if (!strcmp(certbuf, "push-cert-end\n"))
1583 break; /* end of cert */
1584 strbuf_addstr(&push_cert, certbuf);
1585 }
1586 if (true_flush)
1588 break;
1589 continue;
1590 }
1591 p = queue_command(p, line, linelen);
1593 }
1594 if (push_cert.len)
1596 queue_commands_from_cert(p, &push_cert);
1597 return commands;
1599}
1600static void read_push_options(struct string_list *options)
1602{
1603 while (1) {
1604 char *line;
1605 int len;
1606 line = packet_read_line(0, &len);
1608 if (!line)
1610 break;
1611 string_list_append(options, line);
1613 }
1614}
1615static const char *parse_pack_header(struct pack_header *hdr)
1617{
1618 switch (read_pack_header(0, hdr)) {
1619 case PH_ERROR_EOF:
1620 return "eof before pack header was fully read";
1621 case PH_ERROR_PACK_SIGNATURE:
1623 return "protocol error (pack signature mismatch detected)";
1624 case PH_ERROR_PROTOCOL:
1626 return "protocol error (pack version unsupported)";
1627 default:
1629 return "unknown error in parse_pack_header";
1630 case 0:
1632 return NULL;
1633 }
1634}
1635static const char *pack_lockfile;
1637static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1639{
1640 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1641 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1642}
1643static const char *unpack(int err_fd, struct shallow_info *si)
1645{
1646 struct pack_header hdr;
1647 const char *hdr_err;
1648 int status;
1649 struct child_process child = CHILD_PROCESS_INIT;
1650 int fsck_objects = (receive_fsck_objects >= 0
1651 ? receive_fsck_objects
1652 : transfer_fsck_objects >= 0
1653 ? transfer_fsck_objects
1654 : 0);
1655 hdr_err = parse_pack_header(&hdr);
1657 if (hdr_err) {
1658 if (err_fd > 0)
1659 close(err_fd);
1660 return hdr_err;
1661 }
1662 if (si->nr_ours || si->nr_theirs) {
1664 alt_shallow_file = setup_temporary_shallow(si->shallow);
1665 argv_array_push(&child.args, "--shallow-file");
1666 argv_array_push(&child.args, alt_shallow_file);
1667 }
1668 tmp_objdir = tmp_objdir_create();
1670 if (!tmp_objdir) {
1671 if (err_fd > 0)
1672 close(err_fd);
1673 return "unable to create temporary object directory";
1674 }
1675 child.env = tmp_objdir_env(tmp_objdir);
1676 /*
1678 * Normally we just pass the tmp_objdir environment to the child
1679 * processes that do the heavy lifting, but we may need to see these
1680 * objects ourselves to set up shallow information.
1681 */
1682 tmp_objdir_add_as_alternate(tmp_objdir);
1683 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1685 argv_array_push(&child.args, "unpack-objects");
1686 push_header_arg(&child.args, &hdr);
1687 if (quiet)
1688 argv_array_push(&child.args, "-q");
1689 if (fsck_objects)
1690 argv_array_pushf(&child.args, "--strict%s",
1691 fsck_msg_types.buf);
1692 if (max_input_size)
1693 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1694 (uintmax_t)max_input_size);
1695 child.no_stdout = 1;
1696 child.err = err_fd;
1697 child.git_cmd = 1;
1698 status = run_command(&child);
1699 if (status)
1700 return "unpack-objects abnormal exit";
1701 } else {
1702 char hostname[HOST_NAME_MAX + 1];
1703 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1705 push_header_arg(&child.args, &hdr);
1706 if (xgethostname(hostname, sizeof(hostname)))
1708 xsnprintf(hostname, sizeof(hostname), "localhost");
1709 argv_array_pushf(&child.args,
1710 "--keep=receive-pack %"PRIuMAX" on %s",
1711 (uintmax_t)getpid(),
1712 hostname);
1713 if (!quiet && err_fd)
1715 argv_array_push(&child.args, "--show-resolving-progress");
1716 if (use_sideband)
1717 argv_array_push(&child.args, "--report-end-of-input");
1718 if (fsck_objects)
1719 argv_array_pushf(&child.args, "--strict%s",
1720 fsck_msg_types.buf);
1721 if (!reject_thin)
1722 argv_array_push(&child.args, "--fix-thin");
1723 if (max_input_size)
1724 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1725 (uintmax_t)max_input_size);
1726 child.out = -1;
1727 child.err = err_fd;
1728 child.git_cmd = 1;
1729 status = start_command(&child);
1730 if (status)
1731 return "index-pack fork failed";
1732 pack_lockfile = index_pack_lockfile(child.out);
1733 close(child.out);
1734 status = finish_command(&child);
1735 if (status)
1736 return "index-pack abnormal exit";
1737 reprepare_packed_git();
1738 }
1739 return NULL;
1740}
1741static const char *unpack_with_sideband(struct shallow_info *si)
1743{
1744 struct async muxer;
1745 const char *ret;
1746 if (!use_sideband)
1748 return unpack(0, si);
1749 use_keepalive = KEEPALIVE_AFTER_NUL;
1751 memset(&muxer, 0, sizeof(muxer));
1752 muxer.proc = copy_to_sideband;
1753 muxer.in = -1;
1754 if (start_async(&muxer))
1755 return NULL;
1756 ret = unpack(muxer.in, si);
1758 finish_async(&muxer);
1760 return ret;
1761}
1762static void prepare_shallow_update(struct command *commands,
1764 struct shallow_info *si)
1765{
1766 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1767 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1769 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1770 si->need_reachability_test =
1772 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1773 si->reachable =
1774 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1775 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1776 for (i = 0; i < si->nr_ours; i++)
1778 si->need_reachability_test[si->ours[i]] = 1;
1779 for (i = 0; i < si->shallow->nr; i++) {
1781 if (!si->used_shallow[i])
1782 continue;
1783 for (j = 0; j < bitmap_size; j++) {
1784 if (!si->used_shallow[i][j])
1785 continue;
1786 si->need_reachability_test[i]++;
1787 for (k = 0; k < 32; k++)
1788 if (si->used_shallow[i][j] & (1U << k))
1789 si->shallow_ref[j * 32 + k]++;
1790 }
1791 /*
1793 * true for those associated with some refs and belong
1794 * in "ours" list aka "step 7 not done yet"
1795 */
1796 si->need_reachability_test[i] =
1797 si->need_reachability_test[i] > 1;
1798 }
1799 /*
1801 * keep hooks happy by forcing a temporary shallow file via
1802 * env variable because we can't add --shallow-file to every
1803 * command. check_everything_connected() will be done with
1804 * true .git/shallow though.
1805 */
1806 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1807}
1808static void update_shallow_info(struct command *commands,
1810 struct shallow_info *si,
1811 struct oid_array *ref)
1812{
1813 struct command *cmd;
1814 int *ref_status;
1815 remove_nonexistent_theirs_shallow(si);
1816 if (!si->nr_ours && !si->nr_theirs) {
1817 shallow_update = 0;
1818 return;
1819 }
1820 for (cmd = commands; cmd; cmd = cmd->next) {
1822 if (is_null_oid(&cmd->new_oid))
1823 continue;
1824 oid_array_append(ref, &cmd->new_oid);
1825 cmd->index = ref->nr - 1;
1826 }
1827 si->ref = ref;
1828 if (shallow_update) {
1830 prepare_shallow_update(commands, si);
1831 return;
1832 }
1833 ALLOC_ARRAY(ref_status, ref->nr);
1835 assign_shallow_commits_to_refs(si, NULL, ref_status);
1836 for (cmd = commands; cmd; cmd = cmd->next) {
1837 if (is_null_oid(&cmd->new_oid))
1838 continue;
1839 if (ref_status[cmd->index]) {
1840 cmd->error_string = "shallow update not allowed";
1841 cmd->skip_update = 1;
1842 }
1843 }
1844 free(ref_status);
1845}
1846static void report(struct command *commands, const char *unpack_status)
1848{
1849 struct command *cmd;
1850 struct strbuf buf = STRBUF_INIT;
1851 packet_buf_write(&buf, "unpack %s\n",
1853 unpack_status ? unpack_status : "ok");
1854 for (cmd = commands; cmd; cmd = cmd->next) {
1855 if (!cmd->error_string)
1856 packet_buf_write(&buf, "ok %s\n",
1857 cmd->ref_name);
1858 else
1859 packet_buf_write(&buf, "ng %s %s\n",
1860 cmd->ref_name, cmd->error_string);
1861 }
1862 packet_buf_flush(&buf);
1863 if (use_sideband)
1865 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1866 else
1867 write_or_die(1, buf.buf, buf.len);
1868 strbuf_release(&buf);
1869}
1870static int delete_only(struct command *commands)
1872{
1873 struct command *cmd;
1874 for (cmd = commands; cmd; cmd = cmd->next) {
1875 if (!is_null_oid(&cmd->new_oid))
1876 return 0;
1877 }
1878 return 1;
1879}
1880int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1882{
1883 int advertise_refs = 0;
1884 struct command *commands;
1885 struct oid_array shallow = OID_ARRAY_INIT;
1886 struct oid_array ref = OID_ARRAY_INIT;
1887 struct shallow_info si;
1888 struct option options[] = {
1890 OPT__QUIET(&quiet, N_("quiet")),
1891 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1892 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1893 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1894 OPT_END()
1895 };
1896 packet_trace_identity("receive-pack");
1898 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1900 if (argc > 1)
1902 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1903 if (argc == 0)
1904 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1905 service_dir = argv[0];
1907 setup_path();
1909 if (!enter_repo(service_dir, 0))
1911 die("'%s' does not appear to be a git repository", service_dir);
1912 git_config(receive_pack_config, NULL);
1914 if (cert_nonce_seed)
1915 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1916 if (0 <= transfer_unpack_limit)
1918 unpack_limit = transfer_unpack_limit;
1919 else if (0 <= receive_unpack_limit)
1920 unpack_limit = receive_unpack_limit;
1921 if (advertise_refs || !stateless_rpc) {
1923 write_head_info();
1924 }
1925 if (advertise_refs)
1926 return 0;
1927 if ((commands = read_head_info(&shallow)) != NULL) {
1929 const char *unpack_status = NULL;
1930 struct string_list push_options = STRING_LIST_INIT_DUP;
1931 if (use_push_options)
1933 read_push_options(&push_options);
1934 prepare_shallow_info(&si, &shallow);
1936 if (!si.nr_ours && !si.nr_theirs)
1937 shallow_update = 0;
1938 if (!delete_only(commands)) {
1939 unpack_status = unpack_with_sideband(&si);
1940 update_shallow_info(commands, &si, &ref);
1941 }
1942 use_keepalive = KEEPALIVE_ALWAYS;
1943 execute_commands(commands, unpack_status, &si,
1944 &push_options);
1945 if (pack_lockfile)
1946 unlink_or_warn(pack_lockfile);
1947 if (report_status)
1948 report(commands, unpack_status);
1949 run_receive_hook(commands, "post-receive", 1,
1950 &push_options);
1951 run_update_post_hook(commands);
1952 string_list_clear(&push_options, 0);
1953 if (auto_gc) {
1954 const char *argv_gc_auto[] = {
1955 "gc", "--auto", "--quiet", NULL,
1956 };
1957 struct child_process proc = CHILD_PROCESS_INIT;
1958 proc.no_stdin = 1;
1960 proc.stdout_to_stderr = 1;
1961 proc.err = use_sideband ? -1 : 0;
1962 proc.git_cmd = 1;
1963 proc.argv = argv_gc_auto;
1964 close_all_packs();
1966 if (!start_command(&proc)) {
1967 if (use_sideband)
1968 copy_to_sideband(proc.err, -1, NULL);
1969 finish_command(&proc);
1970 }
1971 }
1972 if (auto_update_server_info)
1973 update_server_info(0);
1974 clear_shallow_info(&si);
1975 }
1976 if (use_sideband)
1977 packet_flush(1);
1978 oid_array_clear(&shallow);
1979 oid_array_clear(&ref);
1980 free((void *)push_cert_nonce);
1981 return 0;
1982}