builtin / receive-pack.con commit add -p: improve error messages (4bdd6e7)
   1#include "builtin.h"
   2#include "config.h"
   3#include "lockfile.h"
   4#include "pack.h"
   5#include "refs.h"
   6#include "pkt-line.h"
   7#include "sideband.h"
   8#include "run-command.h"
   9#include "exec_cmd.h"
  10#include "commit.h"
  11#include "object.h"
  12#include "remote.h"
  13#include "connect.h"
  14#include "transport.h"
  15#include "string-list.h"
  16#include "sha1-array.h"
  17#include "connected.h"
  18#include "argv-array.h"
  19#include "version.h"
  20#include "tag.h"
  21#include "gpg-interface.h"
  22#include "sigchain.h"
  23#include "fsck.h"
  24#include "tmp-objdir.h"
  25#include "oidset.h"
  26#include "packfile.h"
  27#include "protocol.h"
  28
  29static const char * const receive_pack_usage[] = {
  30        N_("git receive-pack <git-dir>"),
  31        NULL
  32};
  33
  34enum deny_action {
  35        DENY_UNCONFIGURED,
  36        DENY_IGNORE,
  37        DENY_WARN,
  38        DENY_REFUSE,
  39        DENY_UPDATE_INSTEAD
  40};
  41
  42static int deny_deletes;
  43static int deny_non_fast_forwards;
  44static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  45static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  46static int receive_fsck_objects = -1;
  47static int transfer_fsck_objects = -1;
  48static struct strbuf fsck_msg_types = STRBUF_INIT;
  49static int receive_unpack_limit = -1;
  50static int transfer_unpack_limit = -1;
  51static int advertise_atomic_push = 1;
  52static int advertise_push_options;
  53static int unpack_limit = 100;
  54static off_t max_input_size;
  55static int report_status;
  56static int use_sideband;
  57static int use_atomic;
  58static int use_push_options;
  59static int quiet;
  60static int prefer_ofs_delta = 1;
  61static int auto_update_server_info;
  62static int auto_gc = 1;
  63static int reject_thin;
  64static int stateless_rpc;
  65static const char *service_dir;
  66static const char *head_name;
  67static void *head_name_to_free;
  68static int sent_capabilities;
  69static int shallow_update;
  70static const char *alt_shallow_file;
  71static struct strbuf push_cert = STRBUF_INIT;
  72static unsigned char push_cert_sha1[20];
  73static struct signature_check sigcheck;
  74static const char *push_cert_nonce;
  75static const char *cert_nonce_seed;
  76
  77static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  78static const char *NONCE_BAD = "BAD";
  79static const char *NONCE_MISSING = "MISSING";
  80static const char *NONCE_OK = "OK";
  81static const char *NONCE_SLOP = "SLOP";
  82static const char *nonce_status;
  83static long nonce_stamp_slop;
  84static timestamp_t nonce_stamp_slop_limit;
  85static struct ref_transaction *transaction;
  86
  87static enum {
  88        KEEPALIVE_NEVER = 0,
  89        KEEPALIVE_AFTER_NUL,
  90        KEEPALIVE_ALWAYS
  91} use_keepalive;
  92static int keepalive_in_sec = 5;
  93
  94static struct tmp_objdir *tmp_objdir;
  95
  96static enum deny_action parse_deny_action(const char *var, const char *value)
  97{
  98        if (value) {
  99                if (!strcasecmp(value, "ignore"))
 100                        return DENY_IGNORE;
 101                if (!strcasecmp(value, "warn"))
 102                        return DENY_WARN;
 103                if (!strcasecmp(value, "refuse"))
 104                        return DENY_REFUSE;
 105                if (!strcasecmp(value, "updateinstead"))
 106                        return DENY_UPDATE_INSTEAD;
 107        }
 108        if (git_config_bool(var, value))
 109                return DENY_REFUSE;
 110        return DENY_IGNORE;
 111}
 112
 113static int receive_pack_config(const char *var, const char *value, void *cb)
 114{
 115        int status = parse_hide_refs_config(var, value, "receive");
 116
 117        if (status)
 118                return status;
 119
 120        if (strcmp(var, "receive.denydeletes") == 0) {
 121                deny_deletes = git_config_bool(var, value);
 122                return 0;
 123        }
 124
 125        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 126                deny_non_fast_forwards = git_config_bool(var, value);
 127                return 0;
 128        }
 129
 130        if (strcmp(var, "receive.unpacklimit") == 0) {
 131                receive_unpack_limit = git_config_int(var, value);
 132                return 0;
 133        }
 134
 135        if (strcmp(var, "transfer.unpacklimit") == 0) {
 136                transfer_unpack_limit = git_config_int(var, value);
 137                return 0;
 138        }
 139
 140        if (strcmp(var, "receive.fsck.skiplist") == 0) {
 141                const char *path;
 142
 143                if (git_config_pathname(&path, var, value))
 144                        return 1;
 145                strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
 146                        fsck_msg_types.len ? ',' : '=', path);
 147                free((char *)path);
 148                return 0;
 149        }
 150
 151        if (skip_prefix(var, "receive.fsck.", &var)) {
 152                if (is_valid_msg_type(var, value))
 153                        strbuf_addf(&fsck_msg_types, "%c%s=%s",
 154                                fsck_msg_types.len ? ',' : '=', var, value);
 155                else
 156                        warning("Skipping unknown msg id '%s'", var);
 157                return 0;
 158        }
 159
 160        if (strcmp(var, "receive.fsckobjects") == 0) {
 161                receive_fsck_objects = git_config_bool(var, value);
 162                return 0;
 163        }
 164
 165        if (strcmp(var, "transfer.fsckobjects") == 0) {
 166                transfer_fsck_objects = git_config_bool(var, value);
 167                return 0;
 168        }
 169
 170        if (!strcmp(var, "receive.denycurrentbranch")) {
 171                deny_current_branch = parse_deny_action(var, value);
 172                return 0;
 173        }
 174
 175        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 176                deny_delete_current = parse_deny_action(var, value);
 177                return 0;
 178        }
 179
 180        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 181                prefer_ofs_delta = git_config_bool(var, value);
 182                return 0;
 183        }
 184
 185        if (strcmp(var, "receive.updateserverinfo") == 0) {
 186                auto_update_server_info = git_config_bool(var, value);
 187                return 0;
 188        }
 189
 190        if (strcmp(var, "receive.autogc") == 0) {
 191                auto_gc = git_config_bool(var, value);
 192                return 0;
 193        }
 194
 195        if (strcmp(var, "receive.shallowupdate") == 0) {
 196                shallow_update = git_config_bool(var, value);
 197                return 0;
 198        }
 199
 200        if (strcmp(var, "receive.certnonceseed") == 0)
 201                return git_config_string(&cert_nonce_seed, var, value);
 202
 203        if (strcmp(var, "receive.certnonceslop") == 0) {
 204                nonce_stamp_slop_limit = git_config_ulong(var, value);
 205                return 0;
 206        }
 207
 208        if (strcmp(var, "receive.advertiseatomic") == 0) {
 209                advertise_atomic_push = git_config_bool(var, value);
 210                return 0;
 211        }
 212
 213        if (strcmp(var, "receive.advertisepushoptions") == 0) {
 214                advertise_push_options = git_config_bool(var, value);
 215                return 0;
 216        }
 217
 218        if (strcmp(var, "receive.keepalive") == 0) {
 219                keepalive_in_sec = git_config_int(var, value);
 220                return 0;
 221        }
 222
 223        if (strcmp(var, "receive.maxinputsize") == 0) {
 224                max_input_size = git_config_int64(var, value);
 225                return 0;
 226        }
 227
 228        return git_default_config(var, value, cb);
 229}
 230
 231static void show_ref(const char *path, const struct object_id *oid)
 232{
 233        if (sent_capabilities) {
 234                packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
 235        } else {
 236                struct strbuf cap = STRBUF_INIT;
 237
 238                strbuf_addstr(&cap,
 239                              "report-status delete-refs side-band-64k quiet");
 240                if (advertise_atomic_push)
 241                        strbuf_addstr(&cap, " atomic");
 242                if (prefer_ofs_delta)
 243                        strbuf_addstr(&cap, " ofs-delta");
 244                if (push_cert_nonce)
 245                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 246                if (advertise_push_options)
 247                        strbuf_addstr(&cap, " push-options");
 248                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 249                packet_write_fmt(1, "%s %s%c%s\n",
 250                             oid_to_hex(oid), path, 0, cap.buf);
 251                strbuf_release(&cap);
 252                sent_capabilities = 1;
 253        }
 254}
 255
 256static int show_ref_cb(const char *path_full, const struct object_id *oid,
 257                       int flag, void *data)
 258{
 259        struct oidset *seen = data;
 260        const char *path = strip_namespace(path_full);
 261
 262        if (ref_is_hidden(path, path_full))
 263                return 0;
 264
 265        /*
 266         * Advertise refs outside our current namespace as ".have"
 267         * refs, so that the client can use them to minimize data
 268         * transfer but will otherwise ignore them.
 269         */
 270        if (!path) {
 271                if (oidset_insert(seen, oid))
 272                        return 0;
 273                path = ".have";
 274        } else {
 275                oidset_insert(seen, oid);
 276        }
 277        show_ref(path, oid);
 278        return 0;
 279}
 280
 281static void show_one_alternate_ref(const char *refname,
 282                                   const struct object_id *oid,
 283                                   void *data)
 284{
 285        struct oidset *seen = data;
 286
 287        if (oidset_insert(seen, oid))
 288                return;
 289
 290        show_ref(".have", oid);
 291}
 292
 293static void write_head_info(void)
 294{
 295        static struct oidset seen = OIDSET_INIT;
 296
 297        for_each_ref(show_ref_cb, &seen);
 298        for_each_alternate_ref(show_one_alternate_ref, &seen);
 299        oidset_clear(&seen);
 300        if (!sent_capabilities)
 301                show_ref("capabilities^{}", &null_oid);
 302
 303        advertise_shallow_grafts(1);
 304
 305        /* EOF */
 306        packet_flush(1);
 307}
 308
 309struct command {
 310        struct command *next;
 311        const char *error_string;
 312        unsigned int skip_update:1,
 313                     did_not_exist:1;
 314        int index;
 315        struct object_id old_oid;
 316        struct object_id new_oid;
 317        char ref_name[FLEX_ARRAY]; /* more */
 318};
 319
 320static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 321static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 322
 323static void report_message(const char *prefix, const char *err, va_list params)
 324{
 325        int sz;
 326        char msg[4096];
 327
 328        sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
 329        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 330        if (sz > (sizeof(msg) - 1))
 331                sz = sizeof(msg) - 1;
 332        msg[sz++] = '\n';
 333
 334        if (use_sideband)
 335                send_sideband(1, 2, msg, sz, use_sideband);
 336        else
 337                xwrite(2, msg, sz);
 338}
 339
 340static void rp_warning(const char *err, ...)
 341{
 342        va_list params;
 343        va_start(params, err);
 344        report_message("warning: ", err, params);
 345        va_end(params);
 346}
 347
 348static void rp_error(const char *err, ...)
 349{
 350        va_list params;
 351        va_start(params, err);
 352        report_message("error: ", err, params);
 353        va_end(params);
 354}
 355
 356static int copy_to_sideband(int in, int out, void *arg)
 357{
 358        char data[128];
 359        int keepalive_active = 0;
 360
 361        if (keepalive_in_sec <= 0)
 362                use_keepalive = KEEPALIVE_NEVER;
 363        if (use_keepalive == KEEPALIVE_ALWAYS)
 364                keepalive_active = 1;
 365
 366        while (1) {
 367                ssize_t sz;
 368
 369                if (keepalive_active) {
 370                        struct pollfd pfd;
 371                        int ret;
 372
 373                        pfd.fd = in;
 374                        pfd.events = POLLIN;
 375                        ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
 376
 377                        if (ret < 0) {
 378                                if (errno == EINTR)
 379                                        continue;
 380                                else
 381                                        break;
 382                        } else if (ret == 0) {
 383                                /* no data; send a keepalive packet */
 384                                static const char buf[] = "0005\1";
 385                                write_or_die(1, buf, sizeof(buf) - 1);
 386                                continue;
 387                        } /* else there is actual data to read */
 388                }
 389
 390                sz = xread(in, data, sizeof(data));
 391                if (sz <= 0)
 392                        break;
 393
 394                if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
 395                        const char *p = memchr(data, '\0', sz);
 396                        if (p) {
 397                                /*
 398                                 * The NUL tells us to start sending keepalives. Make
 399                                 * sure we send any other data we read along
 400                                 * with it.
 401                                 */
 402                                keepalive_active = 1;
 403                                send_sideband(1, 2, data, p - data, use_sideband);
 404                                send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
 405                                continue;
 406                        }
 407                }
 408
 409                /*
 410                 * Either we're not looking for a NUL signal, or we didn't see
 411                 * it yet; just pass along the data.
 412                 */
 413                send_sideband(1, 2, data, sz, use_sideband);
 414        }
 415        close(in);
 416        return 0;
 417}
 418
 419#define HMAC_BLOCK_SIZE 64
 420
 421static void hmac_sha1(unsigned char *out,
 422                      const char *key_in, size_t key_len,
 423                      const char *text, size_t text_len)
 424{
 425        unsigned char key[HMAC_BLOCK_SIZE];
 426        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 427        unsigned char k_opad[HMAC_BLOCK_SIZE];
 428        int i;
 429        git_SHA_CTX ctx;
 430
 431        /* RFC 2104 2. (1) */
 432        memset(key, '\0', HMAC_BLOCK_SIZE);
 433        if (HMAC_BLOCK_SIZE < key_len) {
 434                git_SHA1_Init(&ctx);
 435                git_SHA1_Update(&ctx, key_in, key_len);
 436                git_SHA1_Final(key, &ctx);
 437        } else {
 438                memcpy(key, key_in, key_len);
 439        }
 440
 441        /* RFC 2104 2. (2) & (5) */
 442        for (i = 0; i < sizeof(key); i++) {
 443                k_ipad[i] = key[i] ^ 0x36;
 444                k_opad[i] = key[i] ^ 0x5c;
 445        }
 446
 447        /* RFC 2104 2. (3) & (4) */
 448        git_SHA1_Init(&ctx);
 449        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 450        git_SHA1_Update(&ctx, text, text_len);
 451        git_SHA1_Final(out, &ctx);
 452
 453        /* RFC 2104 2. (6) & (7) */
 454        git_SHA1_Init(&ctx);
 455        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 456        git_SHA1_Update(&ctx, out, 20);
 457        git_SHA1_Final(out, &ctx);
 458}
 459
 460static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
 461{
 462        struct strbuf buf = STRBUF_INIT;
 463        unsigned char sha1[20];
 464
 465        strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
 466        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 467        strbuf_release(&buf);
 468
 469        /* RFC 2104 5. HMAC-SHA1-80 */
 470        strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
 471        return strbuf_detach(&buf, NULL);
 472}
 473
 474/*
 475 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 476 * after dropping "_commit" from its name and possibly moving it out
 477 * of commit.c
 478 */
 479static char *find_header(const char *msg, size_t len, const char *key,
 480                         const char **next_line)
 481{
 482        int key_len = strlen(key);
 483        const char *line = msg;
 484
 485        while (line && line < msg + len) {
 486                const char *eol = strchrnul(line, '\n');
 487
 488                if ((msg + len <= eol) || line == eol)
 489                        return NULL;
 490                if (line + key_len < eol &&
 491                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 492                        int offset = key_len + 1;
 493                        if (next_line)
 494                                *next_line = *eol ? eol + 1 : eol;
 495                        return xmemdupz(line + offset, (eol - line) - offset);
 496                }
 497                line = *eol ? eol + 1 : NULL;
 498        }
 499        return NULL;
 500}
 501
 502static const char *check_nonce(const char *buf, size_t len)
 503{
 504        char *nonce = find_header(buf, len, "nonce", NULL);
 505        timestamp_t stamp, ostamp;
 506        char *bohmac, *expect = NULL;
 507        const char *retval = NONCE_BAD;
 508
 509        if (!nonce) {
 510                retval = NONCE_MISSING;
 511                goto leave;
 512        } else if (!push_cert_nonce) {
 513                retval = NONCE_UNSOLICITED;
 514                goto leave;
 515        } else if (!strcmp(push_cert_nonce, nonce)) {
 516                retval = NONCE_OK;
 517                goto leave;
 518        }
 519
 520        if (!stateless_rpc) {
 521                /* returned nonce MUST match what we gave out earlier */
 522                retval = NONCE_BAD;
 523                goto leave;
 524        }
 525
 526        /*
 527         * In stateless mode, we may be receiving a nonce issued by
 528         * another instance of the server that serving the same
 529         * repository, and the timestamps may not match, but the
 530         * nonce-seed and dir should match, so we can recompute and
 531         * report the time slop.
 532         *
 533         * In addition, when a nonce issued by another instance has
 534         * timestamp within receive.certnonceslop seconds, we pretend
 535         * as if we issued that nonce when reporting to the hook.
 536         */
 537
 538        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 539        if (*nonce <= '0' || '9' < *nonce) {
 540                retval = NONCE_BAD;
 541                goto leave;
 542        }
 543        stamp = parse_timestamp(nonce, &bohmac, 10);
 544        if (bohmac == nonce || bohmac[0] != '-') {
 545                retval = NONCE_BAD;
 546                goto leave;
 547        }
 548
 549        expect = prepare_push_cert_nonce(service_dir, stamp);
 550        if (strcmp(expect, nonce)) {
 551                /* Not what we would have signed earlier */
 552                retval = NONCE_BAD;
 553                goto leave;
 554        }
 555
 556        /*
 557         * By how many seconds is this nonce stale?  Negative value
 558         * would mean it was issued by another server with its clock
 559         * skewed in the future.
 560         */
 561        ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
 562        nonce_stamp_slop = (long)ostamp - (long)stamp;
 563
 564        if (nonce_stamp_slop_limit &&
 565            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 566                /*
 567                 * Pretend as if the received nonce (which passes the
 568                 * HMAC check, so it is not a forged by third-party)
 569                 * is what we issued.
 570                 */
 571                free((void *)push_cert_nonce);
 572                push_cert_nonce = xstrdup(nonce);
 573                retval = NONCE_OK;
 574        } else {
 575                retval = NONCE_SLOP;
 576        }
 577
 578leave:
 579        free(nonce);
 580        free(expect);
 581        return retval;
 582}
 583
 584/*
 585 * Return 1 if there is no push_cert or if the push options in push_cert are
 586 * the same as those in the argument; 0 otherwise.
 587 */
 588static int check_cert_push_options(const struct string_list *push_options)
 589{
 590        const char *buf = push_cert.buf;
 591        int len = push_cert.len;
 592
 593        char *option;
 594        const char *next_line;
 595        int options_seen = 0;
 596
 597        int retval = 1;
 598
 599        if (!len)
 600                return 1;
 601
 602        while ((option = find_header(buf, len, "push-option", &next_line))) {
 603                len -= (next_line - buf);
 604                buf = next_line;
 605                options_seen++;
 606                if (options_seen > push_options->nr
 607                    || strcmp(option,
 608                              push_options->items[options_seen - 1].string)) {
 609                        retval = 0;
 610                        goto leave;
 611                }
 612                free(option);
 613        }
 614
 615        if (options_seen != push_options->nr)
 616                retval = 0;
 617
 618leave:
 619        free(option);
 620        return retval;
 621}
 622
 623static void prepare_push_cert_sha1(struct child_process *proc)
 624{
 625        static int already_done;
 626
 627        if (!push_cert.len)
 628                return;
 629
 630        if (!already_done) {
 631                struct strbuf gpg_output = STRBUF_INIT;
 632                struct strbuf gpg_status = STRBUF_INIT;
 633                int bogs /* beginning_of_gpg_sig */;
 634
 635                already_done = 1;
 636                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 637                        hashclr(push_cert_sha1);
 638
 639                memset(&sigcheck, '\0', sizeof(sigcheck));
 640                sigcheck.result = 'N';
 641
 642                bogs = parse_signature(push_cert.buf, push_cert.len);
 643                if (verify_signed_buffer(push_cert.buf, bogs,
 644                                         push_cert.buf + bogs, push_cert.len - bogs,
 645                                         &gpg_output, &gpg_status) < 0) {
 646                        ; /* error running gpg */
 647                } else {
 648                        sigcheck.payload = push_cert.buf;
 649                        sigcheck.gpg_output = gpg_output.buf;
 650                        sigcheck.gpg_status = gpg_status.buf;
 651                        parse_gpg_output(&sigcheck);
 652                }
 653
 654                strbuf_release(&gpg_output);
 655                strbuf_release(&gpg_status);
 656                nonce_status = check_nonce(push_cert.buf, bogs);
 657        }
 658        if (!is_null_sha1(push_cert_sha1)) {
 659                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 660                                 sha1_to_hex(push_cert_sha1));
 661                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 662                                 sigcheck.signer ? sigcheck.signer : "");
 663                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 664                                 sigcheck.key ? sigcheck.key : "");
 665                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 666                                 sigcheck.result);
 667                if (push_cert_nonce) {
 668                        argv_array_pushf(&proc->env_array,
 669                                         "GIT_PUSH_CERT_NONCE=%s",
 670                                         push_cert_nonce);
 671                        argv_array_pushf(&proc->env_array,
 672                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 673                                         nonce_status);
 674                        if (nonce_status == NONCE_SLOP)
 675                                argv_array_pushf(&proc->env_array,
 676                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 677                                                 nonce_stamp_slop);
 678                }
 679        }
 680}
 681
 682struct receive_hook_feed_state {
 683        struct command *cmd;
 684        int skip_broken;
 685        struct strbuf buf;
 686        const struct string_list *push_options;
 687};
 688
 689typedef int (*feed_fn)(void *, const char **, size_t *);
 690static int run_and_feed_hook(const char *hook_name, feed_fn feed,
 691                             struct receive_hook_feed_state *feed_state)
 692{
 693        struct child_process proc = CHILD_PROCESS_INIT;
 694        struct async muxer;
 695        const char *argv[2];
 696        int code;
 697
 698        argv[0] = find_hook(hook_name);
 699        if (!argv[0])
 700                return 0;
 701
 702        argv[1] = NULL;
 703
 704        proc.argv = argv;
 705        proc.in = -1;
 706        proc.stdout_to_stderr = 1;
 707        if (feed_state->push_options) {
 708                int i;
 709                for (i = 0; i < feed_state->push_options->nr; i++)
 710                        argv_array_pushf(&proc.env_array,
 711                                "GIT_PUSH_OPTION_%d=%s", i,
 712                                feed_state->push_options->items[i].string);
 713                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
 714                                 feed_state->push_options->nr);
 715        } else
 716                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
 717
 718        if (tmp_objdir)
 719                argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
 720
 721        if (use_sideband) {
 722                memset(&muxer, 0, sizeof(muxer));
 723                muxer.proc = copy_to_sideband;
 724                muxer.in = -1;
 725                code = start_async(&muxer);
 726                if (code)
 727                        return code;
 728                proc.err = muxer.in;
 729        }
 730
 731        prepare_push_cert_sha1(&proc);
 732
 733        code = start_command(&proc);
 734        if (code) {
 735                if (use_sideband)
 736                        finish_async(&muxer);
 737                return code;
 738        }
 739
 740        sigchain_push(SIGPIPE, SIG_IGN);
 741
 742        while (1) {
 743                const char *buf;
 744                size_t n;
 745                if (feed(feed_state, &buf, &n))
 746                        break;
 747                if (write_in_full(proc.in, buf, n) < 0)
 748                        break;
 749        }
 750        close(proc.in);
 751        if (use_sideband)
 752                finish_async(&muxer);
 753
 754        sigchain_pop(SIGPIPE);
 755
 756        return finish_command(&proc);
 757}
 758
 759static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 760{
 761        struct receive_hook_feed_state *state = state_;
 762        struct command *cmd = state->cmd;
 763
 764        while (cmd &&
 765               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 766                cmd = cmd->next;
 767        if (!cmd)
 768                return -1; /* EOF */
 769        strbuf_reset(&state->buf);
 770        strbuf_addf(&state->buf, "%s %s %s\n",
 771                    oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
 772                    cmd->ref_name);
 773        state->cmd = cmd->next;
 774        if (bufp) {
 775                *bufp = state->buf.buf;
 776                *sizep = state->buf.len;
 777        }
 778        return 0;
 779}
 780
 781static int run_receive_hook(struct command *commands,
 782                            const char *hook_name,
 783                            int skip_broken,
 784                            const struct string_list *push_options)
 785{
 786        struct receive_hook_feed_state state;
 787        int status;
 788
 789        strbuf_init(&state.buf, 0);
 790        state.cmd = commands;
 791        state.skip_broken = skip_broken;
 792        if (feed_receive_hook(&state, NULL, NULL))
 793                return 0;
 794        state.cmd = commands;
 795        state.push_options = push_options;
 796        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 797        strbuf_release(&state.buf);
 798        return status;
 799}
 800
 801static int run_update_hook(struct command *cmd)
 802{
 803        const char *argv[5];
 804        struct child_process proc = CHILD_PROCESS_INIT;
 805        int code;
 806
 807        argv[0] = find_hook("update");
 808        if (!argv[0])
 809                return 0;
 810
 811        argv[1] = cmd->ref_name;
 812        argv[2] = oid_to_hex(&cmd->old_oid);
 813        argv[3] = oid_to_hex(&cmd->new_oid);
 814        argv[4] = NULL;
 815
 816        proc.no_stdin = 1;
 817        proc.stdout_to_stderr = 1;
 818        proc.err = use_sideband ? -1 : 0;
 819        proc.argv = argv;
 820
 821        code = start_command(&proc);
 822        if (code)
 823                return code;
 824        if (use_sideband)
 825                copy_to_sideband(proc.err, -1, NULL);
 826        return finish_command(&proc);
 827}
 828
 829static int is_ref_checked_out(const char *ref)
 830{
 831        if (is_bare_repository())
 832                return 0;
 833
 834        if (!head_name)
 835                return 0;
 836        return !strcmp(head_name, ref);
 837}
 838
 839static char *refuse_unconfigured_deny_msg =
 840        N_("By default, updating the current branch in a non-bare repository\n"
 841           "is denied, because it will make the index and work tree inconsistent\n"
 842           "with what you pushed, and will require 'git reset --hard' to match\n"
 843           "the work tree to HEAD.\n"
 844           "\n"
 845           "You can set the 'receive.denyCurrentBranch' configuration variable\n"
 846           "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
 847           "its current branch; however, this is not recommended unless you\n"
 848           "arranged to update its work tree to match what you pushed in some\n"
 849           "other way.\n"
 850           "\n"
 851           "To squelch this message and still keep the default behaviour, set\n"
 852           "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
 853
 854static void refuse_unconfigured_deny(void)
 855{
 856        rp_error("%s", _(refuse_unconfigured_deny_msg));
 857}
 858
 859static char *refuse_unconfigured_deny_delete_current_msg =
 860        N_("By default, deleting the current branch is denied, because the next\n"
 861           "'git clone' won't result in any file checked out, causing confusion.\n"
 862           "\n"
 863           "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
 864           "'warn' or 'ignore' in the remote repository to allow deleting the\n"
 865           "current branch, with or without a warning message.\n"
 866           "\n"
 867           "To squelch this message, you can set it to 'refuse'.");
 868
 869static void refuse_unconfigured_deny_delete_current(void)
 870{
 871        rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
 872}
 873
 874static int command_singleton_iterator(void *cb_data, struct object_id *oid);
 875static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 876{
 877        static struct lock_file shallow_lock;
 878        struct oid_array extra = OID_ARRAY_INIT;
 879        struct check_connected_options opt = CHECK_CONNECTED_INIT;
 880        uint32_t mask = 1 << (cmd->index % 32);
 881        int i;
 882
 883        trace_printf_key(&trace_shallow,
 884                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 885        for (i = 0; i < si->shallow->nr; i++)
 886                if (si->used_shallow[i] &&
 887                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 888                    !delayed_reachability_test(si, i))
 889                        oid_array_append(&extra, &si->shallow->oid[i]);
 890
 891        opt.env = tmp_objdir_env(tmp_objdir);
 892        setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
 893        if (check_connected(command_singleton_iterator, cmd, &opt)) {
 894                rollback_lock_file(&shallow_lock);
 895                oid_array_clear(&extra);
 896                return -1;
 897        }
 898
 899        commit_lock_file(&shallow_lock);
 900
 901        /*
 902         * Make sure setup_alternate_shallow() for the next ref does
 903         * not lose these new roots..
 904         */
 905        for (i = 0; i < extra.nr; i++)
 906                register_shallow(&extra.oid[i]);
 907
 908        si->shallow_ref[cmd->index] = 0;
 909        oid_array_clear(&extra);
 910        return 0;
 911}
 912
 913/*
 914 * NEEDSWORK: we should consolidate various implementions of "are we
 915 * on an unborn branch?" test into one, and make the unified one more
 916 * robust. !get_sha1() based check used here and elsewhere would not
 917 * allow us to tell an unborn branch from corrupt ref, for example.
 918 * For the purpose of fixing "deploy-to-update does not work when
 919 * pushing into an empty repository" issue, this should suffice for
 920 * now.
 921 */
 922static int head_has_history(void)
 923{
 924        struct object_id oid;
 925
 926        return !get_oid("HEAD", &oid);
 927}
 928
 929static const char *push_to_deploy(unsigned char *sha1,
 930                                  struct argv_array *env,
 931                                  const char *work_tree)
 932{
 933        const char *update_refresh[] = {
 934                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 935        };
 936        const char *diff_files[] = {
 937                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 938        };
 939        const char *diff_index[] = {
 940                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 941                NULL, "--", NULL
 942        };
 943        const char *read_tree[] = {
 944                "read-tree", "-u", "-m", NULL, NULL
 945        };
 946        struct child_process child = CHILD_PROCESS_INIT;
 947
 948        child.argv = update_refresh;
 949        child.env = env->argv;
 950        child.dir = work_tree;
 951        child.no_stdin = 1;
 952        child.stdout_to_stderr = 1;
 953        child.git_cmd = 1;
 954        if (run_command(&child))
 955                return "Up-to-date check failed";
 956
 957        /* run_command() does not clean up completely; reinitialize */
 958        child_process_init(&child);
 959        child.argv = diff_files;
 960        child.env = env->argv;
 961        child.dir = work_tree;
 962        child.no_stdin = 1;
 963        child.stdout_to_stderr = 1;
 964        child.git_cmd = 1;
 965        if (run_command(&child))
 966                return "Working directory has unstaged changes";
 967
 968        /* diff-index with either HEAD or an empty tree */
 969        diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
 970
 971        child_process_init(&child);
 972        child.argv = diff_index;
 973        child.env = env->argv;
 974        child.no_stdin = 1;
 975        child.no_stdout = 1;
 976        child.stdout_to_stderr = 0;
 977        child.git_cmd = 1;
 978        if (run_command(&child))
 979                return "Working directory has staged changes";
 980
 981        read_tree[3] = sha1_to_hex(sha1);
 982        child_process_init(&child);
 983        child.argv = read_tree;
 984        child.env = env->argv;
 985        child.dir = work_tree;
 986        child.no_stdin = 1;
 987        child.no_stdout = 1;
 988        child.stdout_to_stderr = 0;
 989        child.git_cmd = 1;
 990        if (run_command(&child))
 991                return "Could not update working tree to new HEAD";
 992
 993        return NULL;
 994}
 995
 996static const char *push_to_checkout_hook = "push-to-checkout";
 997
 998static const char *push_to_checkout(unsigned char *sha1,
 999                                    struct argv_array *env,
1000                                    const char *work_tree)
1001{
1002        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1003        if (run_hook_le(env->argv, push_to_checkout_hook,
1004                        sha1_to_hex(sha1), NULL))
1005                return "push-to-checkout hook declined";
1006        else
1007                return NULL;
1008}
1009
1010static const char *update_worktree(unsigned char *sha1)
1011{
1012        const char *retval;
1013        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1014        struct argv_array env = ARGV_ARRAY_INIT;
1015
1016        if (is_bare_repository())
1017                return "denyCurrentBranch = updateInstead needs a worktree";
1018
1019        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1020
1021        if (!find_hook(push_to_checkout_hook))
1022                retval = push_to_deploy(sha1, &env, work_tree);
1023        else
1024                retval = push_to_checkout(sha1, &env, work_tree);
1025
1026        argv_array_clear(&env);
1027        return retval;
1028}
1029
1030static const char *update(struct command *cmd, struct shallow_info *si)
1031{
1032        const char *name = cmd->ref_name;
1033        struct strbuf namespaced_name_buf = STRBUF_INIT;
1034        static char *namespaced_name;
1035        const char *ret;
1036        struct object_id *old_oid = &cmd->old_oid;
1037        struct object_id *new_oid = &cmd->new_oid;
1038
1039        /* only refs/... are allowed */
1040        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1041                rp_error("refusing to create funny ref '%s' remotely", name);
1042                return "funny refname";
1043        }
1044
1045        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1046        free(namespaced_name);
1047        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1048
1049        if (is_ref_checked_out(namespaced_name)) {
1050                switch (deny_current_branch) {
1051                case DENY_IGNORE:
1052                        break;
1053                case DENY_WARN:
1054                        rp_warning("updating the current branch");
1055                        break;
1056                case DENY_REFUSE:
1057                case DENY_UNCONFIGURED:
1058                        rp_error("refusing to update checked out branch: %s", name);
1059                        if (deny_current_branch == DENY_UNCONFIGURED)
1060                                refuse_unconfigured_deny();
1061                        return "branch is currently checked out";
1062                case DENY_UPDATE_INSTEAD:
1063                        ret = update_worktree(new_oid->hash);
1064                        if (ret)
1065                                return ret;
1066                        break;
1067                }
1068        }
1069
1070        if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1071                error("unpack should have generated %s, "
1072                      "but I can't find it!", oid_to_hex(new_oid));
1073                return "bad pack";
1074        }
1075
1076        if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1077                if (deny_deletes && starts_with(name, "refs/heads/")) {
1078                        rp_error("denying ref deletion for %s", name);
1079                        return "deletion prohibited";
1080                }
1081
1082                if (head_name && !strcmp(namespaced_name, head_name)) {
1083                        switch (deny_delete_current) {
1084                        case DENY_IGNORE:
1085                                break;
1086                        case DENY_WARN:
1087                                rp_warning("deleting the current branch");
1088                                break;
1089                        case DENY_REFUSE:
1090                        case DENY_UNCONFIGURED:
1091                        case DENY_UPDATE_INSTEAD:
1092                                if (deny_delete_current == DENY_UNCONFIGURED)
1093                                        refuse_unconfigured_deny_delete_current();
1094                                rp_error("refusing to delete the current branch: %s", name);
1095                                return "deletion of the current branch prohibited";
1096                        default:
1097                                return "Invalid denyDeleteCurrent setting";
1098                        }
1099                }
1100        }
1101
1102        if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1103            !is_null_oid(old_oid) &&
1104            starts_with(name, "refs/heads/")) {
1105                struct object *old_object, *new_object;
1106                struct commit *old_commit, *new_commit;
1107
1108                old_object = parse_object(old_oid);
1109                new_object = parse_object(new_oid);
1110
1111                if (!old_object || !new_object ||
1112                    old_object->type != OBJ_COMMIT ||
1113                    new_object->type != OBJ_COMMIT) {
1114                        error("bad sha1 objects for %s", name);
1115                        return "bad ref";
1116                }
1117                old_commit = (struct commit *)old_object;
1118                new_commit = (struct commit *)new_object;
1119                if (!in_merge_bases(old_commit, new_commit)) {
1120                        rp_error("denying non-fast-forward %s"
1121                                 " (you should pull first)", name);
1122                        return "non-fast-forward";
1123                }
1124        }
1125        if (run_update_hook(cmd)) {
1126                rp_error("hook declined to update %s", name);
1127                return "hook declined";
1128        }
1129
1130        if (is_null_oid(new_oid)) {
1131                struct strbuf err = STRBUF_INIT;
1132                if (!parse_object(old_oid)) {
1133                        old_oid = NULL;
1134                        if (ref_exists(name)) {
1135                                rp_warning("Allowing deletion of corrupt ref.");
1136                        } else {
1137                                rp_warning("Deleting a non-existent ref.");
1138                                cmd->did_not_exist = 1;
1139                        }
1140                }
1141                if (ref_transaction_delete(transaction,
1142                                           namespaced_name,
1143                                           old_oid,
1144                                           0, "push", &err)) {
1145                        rp_error("%s", err.buf);
1146                        strbuf_release(&err);
1147                        return "failed to delete";
1148                }
1149                strbuf_release(&err);
1150                return NULL; /* good */
1151        }
1152        else {
1153                struct strbuf err = STRBUF_INIT;
1154                if (shallow_update && si->shallow_ref[cmd->index] &&
1155                    update_shallow_ref(cmd, si))
1156                        return "shallow error";
1157
1158                if (ref_transaction_update(transaction,
1159                                           namespaced_name,
1160                                           new_oid, old_oid,
1161                                           0, "push",
1162                                           &err)) {
1163                        rp_error("%s", err.buf);
1164                        strbuf_release(&err);
1165
1166                        return "failed to update ref";
1167                }
1168                strbuf_release(&err);
1169
1170                return NULL; /* good */
1171        }
1172}
1173
1174static void run_update_post_hook(struct command *commands)
1175{
1176        struct command *cmd;
1177        struct child_process proc = CHILD_PROCESS_INIT;
1178        const char *hook;
1179
1180        hook = find_hook("post-update");
1181        if (!hook)
1182                return;
1183
1184        for (cmd = commands; cmd; cmd = cmd->next) {
1185                if (cmd->error_string || cmd->did_not_exist)
1186                        continue;
1187                if (!proc.args.argc)
1188                        argv_array_push(&proc.args, hook);
1189                argv_array_push(&proc.args, cmd->ref_name);
1190        }
1191        if (!proc.args.argc)
1192                return;
1193
1194        proc.no_stdin = 1;
1195        proc.stdout_to_stderr = 1;
1196        proc.err = use_sideband ? -1 : 0;
1197
1198        if (!start_command(&proc)) {
1199                if (use_sideband)
1200                        copy_to_sideband(proc.err, -1, NULL);
1201                finish_command(&proc);
1202        }
1203}
1204
1205static void check_aliased_update(struct command *cmd, struct string_list *list)
1206{
1207        struct strbuf buf = STRBUF_INIT;
1208        const char *dst_name;
1209        struct string_list_item *item;
1210        struct command *dst_cmd;
1211        int flag;
1212
1213        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1214        dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1215        strbuf_release(&buf);
1216
1217        if (!(flag & REF_ISSYMREF))
1218                return;
1219
1220        if (!dst_name) {
1221                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1222                cmd->skip_update = 1;
1223                cmd->error_string = "broken symref";
1224                return;
1225        }
1226        dst_name = strip_namespace(dst_name);
1227
1228        if ((item = string_list_lookup(list, dst_name)) == NULL)
1229                return;
1230
1231        cmd->skip_update = 1;
1232
1233        dst_cmd = (struct command *) item->util;
1234
1235        if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1236            !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1237                return;
1238
1239        dst_cmd->skip_update = 1;
1240
1241        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1242                 " its target '%s' (%s..%s)",
1243                 cmd->ref_name,
1244                 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1245                 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1246                 dst_cmd->ref_name,
1247                 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1248                 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1249
1250        cmd->error_string = dst_cmd->error_string =
1251                "inconsistent aliased update";
1252}
1253
1254static void check_aliased_updates(struct command *commands)
1255{
1256        struct command *cmd;
1257        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1258
1259        for (cmd = commands; cmd; cmd = cmd->next) {
1260                struct string_list_item *item =
1261                        string_list_append(&ref_list, cmd->ref_name);
1262                item->util = (void *)cmd;
1263        }
1264        string_list_sort(&ref_list);
1265
1266        for (cmd = commands; cmd; cmd = cmd->next) {
1267                if (!cmd->error_string)
1268                        check_aliased_update(cmd, &ref_list);
1269        }
1270
1271        string_list_clear(&ref_list, 0);
1272}
1273
1274static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1275{
1276        struct command **cmd_list = cb_data;
1277        struct command *cmd = *cmd_list;
1278
1279        if (!cmd || is_null_oid(&cmd->new_oid))
1280                return -1; /* end of list */
1281        *cmd_list = NULL; /* this returns only one */
1282        oidcpy(oid, &cmd->new_oid);
1283        return 0;
1284}
1285
1286static void set_connectivity_errors(struct command *commands,
1287                                    struct shallow_info *si)
1288{
1289        struct command *cmd;
1290
1291        for (cmd = commands; cmd; cmd = cmd->next) {
1292                struct command *singleton = cmd;
1293                struct check_connected_options opt = CHECK_CONNECTED_INIT;
1294
1295                if (shallow_update && si->shallow_ref[cmd->index])
1296                        /* to be checked in update_shallow_ref() */
1297                        continue;
1298
1299                opt.env = tmp_objdir_env(tmp_objdir);
1300                if (!check_connected(command_singleton_iterator, &singleton,
1301                                     &opt))
1302                        continue;
1303
1304                cmd->error_string = "missing necessary objects";
1305        }
1306}
1307
1308struct iterate_data {
1309        struct command *cmds;
1310        struct shallow_info *si;
1311};
1312
1313static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1314{
1315        struct iterate_data *data = cb_data;
1316        struct command **cmd_list = &data->cmds;
1317        struct command *cmd = *cmd_list;
1318
1319        for (; cmd; cmd = cmd->next) {
1320                if (shallow_update && data->si->shallow_ref[cmd->index])
1321                        /* to be checked in update_shallow_ref() */
1322                        continue;
1323                if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1324                        oidcpy(oid, &cmd->new_oid);
1325                        *cmd_list = cmd->next;
1326                        return 0;
1327                }
1328        }
1329        *cmd_list = NULL;
1330        return -1; /* end of list */
1331}
1332
1333static void reject_updates_to_hidden(struct command *commands)
1334{
1335        struct strbuf refname_full = STRBUF_INIT;
1336        size_t prefix_len;
1337        struct command *cmd;
1338
1339        strbuf_addstr(&refname_full, get_git_namespace());
1340        prefix_len = refname_full.len;
1341
1342        for (cmd = commands; cmd; cmd = cmd->next) {
1343                if (cmd->error_string)
1344                        continue;
1345
1346                strbuf_setlen(&refname_full, prefix_len);
1347                strbuf_addstr(&refname_full, cmd->ref_name);
1348
1349                if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1350                        continue;
1351                if (is_null_oid(&cmd->new_oid))
1352                        cmd->error_string = "deny deleting a hidden ref";
1353                else
1354                        cmd->error_string = "deny updating a hidden ref";
1355        }
1356
1357        strbuf_release(&refname_full);
1358}
1359
1360static int should_process_cmd(struct command *cmd)
1361{
1362        return !cmd->error_string && !cmd->skip_update;
1363}
1364
1365static void warn_if_skipped_connectivity_check(struct command *commands,
1366                                               struct shallow_info *si)
1367{
1368        struct command *cmd;
1369        int checked_connectivity = 1;
1370
1371        for (cmd = commands; cmd; cmd = cmd->next) {
1372                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1373                        error("BUG: connectivity check has not been run on ref %s",
1374                              cmd->ref_name);
1375                        checked_connectivity = 0;
1376                }
1377        }
1378        if (!checked_connectivity)
1379                die("BUG: connectivity check skipped???");
1380}
1381
1382static void execute_commands_non_atomic(struct command *commands,
1383                                        struct shallow_info *si)
1384{
1385        struct command *cmd;
1386        struct strbuf err = STRBUF_INIT;
1387
1388        for (cmd = commands; cmd; cmd = cmd->next) {
1389                if (!should_process_cmd(cmd))
1390                        continue;
1391
1392                transaction = ref_transaction_begin(&err);
1393                if (!transaction) {
1394                        rp_error("%s", err.buf);
1395                        strbuf_reset(&err);
1396                        cmd->error_string = "transaction failed to start";
1397                        continue;
1398                }
1399
1400                cmd->error_string = update(cmd, si);
1401
1402                if (!cmd->error_string
1403                    && ref_transaction_commit(transaction, &err)) {
1404                        rp_error("%s", err.buf);
1405                        strbuf_reset(&err);
1406                        cmd->error_string = "failed to update ref";
1407                }
1408                ref_transaction_free(transaction);
1409        }
1410        strbuf_release(&err);
1411}
1412
1413static void execute_commands_atomic(struct command *commands,
1414                                        struct shallow_info *si)
1415{
1416        struct command *cmd;
1417        struct strbuf err = STRBUF_INIT;
1418        const char *reported_error = "atomic push failure";
1419
1420        transaction = ref_transaction_begin(&err);
1421        if (!transaction) {
1422                rp_error("%s", err.buf);
1423                strbuf_reset(&err);
1424                reported_error = "transaction failed to start";
1425                goto failure;
1426        }
1427
1428        for (cmd = commands; cmd; cmd = cmd->next) {
1429                if (!should_process_cmd(cmd))
1430                        continue;
1431
1432                cmd->error_string = update(cmd, si);
1433
1434                if (cmd->error_string)
1435                        goto failure;
1436        }
1437
1438        if (ref_transaction_commit(transaction, &err)) {
1439                rp_error("%s", err.buf);
1440                reported_error = "atomic transaction failed";
1441                goto failure;
1442        }
1443        goto cleanup;
1444
1445failure:
1446        for (cmd = commands; cmd; cmd = cmd->next)
1447                if (!cmd->error_string)
1448                        cmd->error_string = reported_error;
1449
1450cleanup:
1451        ref_transaction_free(transaction);
1452        strbuf_release(&err);
1453}
1454
1455static void execute_commands(struct command *commands,
1456                             const char *unpacker_error,
1457                             struct shallow_info *si,
1458                             const struct string_list *push_options)
1459{
1460        struct check_connected_options opt = CHECK_CONNECTED_INIT;
1461        struct command *cmd;
1462        struct iterate_data data;
1463        struct async muxer;
1464        int err_fd = 0;
1465
1466        if (unpacker_error) {
1467                for (cmd = commands; cmd; cmd = cmd->next)
1468                        cmd->error_string = "unpacker error";
1469                return;
1470        }
1471
1472        if (use_sideband) {
1473                memset(&muxer, 0, sizeof(muxer));
1474                muxer.proc = copy_to_sideband;
1475                muxer.in = -1;
1476                if (!start_async(&muxer))
1477                        err_fd = muxer.in;
1478                /* ...else, continue without relaying sideband */
1479        }
1480
1481        data.cmds = commands;
1482        data.si = si;
1483        opt.err_fd = err_fd;
1484        opt.progress = err_fd && !quiet;
1485        opt.env = tmp_objdir_env(tmp_objdir);
1486        if (check_connected(iterate_receive_command_list, &data, &opt))
1487                set_connectivity_errors(commands, si);
1488
1489        if (use_sideband)
1490                finish_async(&muxer);
1491
1492        reject_updates_to_hidden(commands);
1493
1494        if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1495                for (cmd = commands; cmd; cmd = cmd->next) {
1496                        if (!cmd->error_string)
1497                                cmd->error_string = "pre-receive hook declined";
1498                }
1499                return;
1500        }
1501
1502        /*
1503         * Now we'll start writing out refs, which means the objects need
1504         * to be in their final positions so that other processes can see them.
1505         */
1506        if (tmp_objdir_migrate(tmp_objdir) < 0) {
1507                for (cmd = commands; cmd; cmd = cmd->next) {
1508                        if (!cmd->error_string)
1509                                cmd->error_string = "unable to migrate objects to permanent storage";
1510                }
1511                return;
1512        }
1513        tmp_objdir = NULL;
1514
1515        check_aliased_updates(commands);
1516
1517        free(head_name_to_free);
1518        head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1519
1520        if (use_atomic)
1521                execute_commands_atomic(commands, si);
1522        else
1523                execute_commands_non_atomic(commands, si);
1524
1525        if (shallow_update)
1526                warn_if_skipped_connectivity_check(commands, si);
1527}
1528
1529static struct command **queue_command(struct command **tail,
1530                                      const char *line,
1531                                      int linelen)
1532{
1533        struct object_id old_oid, new_oid;
1534        struct command *cmd;
1535        const char *refname;
1536        int reflen;
1537        const char *p;
1538
1539        if (parse_oid_hex(line, &old_oid, &p) ||
1540            *p++ != ' ' ||
1541            parse_oid_hex(p, &new_oid, &p) ||
1542            *p++ != ' ')
1543                die("protocol error: expected old/new/ref, got '%s'", line);
1544
1545        refname = p;
1546        reflen = linelen - (p - line);
1547        FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1548        oidcpy(&cmd->old_oid, &old_oid);
1549        oidcpy(&cmd->new_oid, &new_oid);
1550        *tail = cmd;
1551        return &cmd->next;
1552}
1553
1554static void queue_commands_from_cert(struct command **tail,
1555                                     struct strbuf *push_cert)
1556{
1557        const char *boc, *eoc;
1558
1559        if (*tail)
1560                die("protocol error: got both push certificate and unsigned commands");
1561
1562        boc = strstr(push_cert->buf, "\n\n");
1563        if (!boc)
1564                die("malformed push certificate %.*s", 100, push_cert->buf);
1565        else
1566                boc += 2;
1567        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1568
1569        while (boc < eoc) {
1570                const char *eol = memchr(boc, '\n', eoc - boc);
1571                tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1572                boc = eol ? eol + 1 : eoc;
1573        }
1574}
1575
1576static struct command *read_head_info(struct oid_array *shallow)
1577{
1578        struct command *commands = NULL;
1579        struct command **p = &commands;
1580        for (;;) {
1581                char *line;
1582                int len, linelen;
1583
1584                line = packet_read_line(0, &len);
1585                if (!line)
1586                        break;
1587
1588                if (len > 8 && starts_with(line, "shallow ")) {
1589                        struct object_id oid;
1590                        if (get_oid_hex(line + 8, &oid))
1591                                die("protocol error: expected shallow sha, got '%s'",
1592                                    line + 8);
1593                        oid_array_append(shallow, &oid);
1594                        continue;
1595                }
1596
1597                linelen = strlen(line);
1598                if (linelen < len) {
1599                        const char *feature_list = line + linelen + 1;
1600                        if (parse_feature_request(feature_list, "report-status"))
1601                                report_status = 1;
1602                        if (parse_feature_request(feature_list, "side-band-64k"))
1603                                use_sideband = LARGE_PACKET_MAX;
1604                        if (parse_feature_request(feature_list, "quiet"))
1605                                quiet = 1;
1606                        if (advertise_atomic_push
1607                            && parse_feature_request(feature_list, "atomic"))
1608                                use_atomic = 1;
1609                        if (advertise_push_options
1610                            && parse_feature_request(feature_list, "push-options"))
1611                                use_push_options = 1;
1612                }
1613
1614                if (!strcmp(line, "push-cert")) {
1615                        int true_flush = 0;
1616                        char certbuf[1024];
1617
1618                        for (;;) {
1619                                len = packet_read(0, NULL, NULL,
1620                                                  certbuf, sizeof(certbuf), 0);
1621                                if (!len) {
1622                                        true_flush = 1;
1623                                        break;
1624                                }
1625                                if (!strcmp(certbuf, "push-cert-end\n"))
1626                                        break; /* end of cert */
1627                                strbuf_addstr(&push_cert, certbuf);
1628                        }
1629
1630                        if (true_flush)
1631                                break;
1632                        continue;
1633                }
1634
1635                p = queue_command(p, line, linelen);
1636        }
1637
1638        if (push_cert.len)
1639                queue_commands_from_cert(p, &push_cert);
1640
1641        return commands;
1642}
1643
1644static void read_push_options(struct string_list *options)
1645{
1646        while (1) {
1647                char *line;
1648                int len;
1649
1650                line = packet_read_line(0, &len);
1651
1652                if (!line)
1653                        break;
1654
1655                string_list_append(options, line);
1656        }
1657}
1658
1659static const char *parse_pack_header(struct pack_header *hdr)
1660{
1661        switch (read_pack_header(0, hdr)) {
1662        case PH_ERROR_EOF:
1663                return "eof before pack header was fully read";
1664
1665        case PH_ERROR_PACK_SIGNATURE:
1666                return "protocol error (pack signature mismatch detected)";
1667
1668        case PH_ERROR_PROTOCOL:
1669                return "protocol error (pack version unsupported)";
1670
1671        default:
1672                return "unknown error in parse_pack_header";
1673
1674        case 0:
1675                return NULL;
1676        }
1677}
1678
1679static const char *pack_lockfile;
1680
1681static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1682{
1683        argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1684                        ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1685}
1686
1687static const char *unpack(int err_fd, struct shallow_info *si)
1688{
1689        struct pack_header hdr;
1690        const char *hdr_err;
1691        int status;
1692        struct child_process child = CHILD_PROCESS_INIT;
1693        int fsck_objects = (receive_fsck_objects >= 0
1694                            ? receive_fsck_objects
1695                            : transfer_fsck_objects >= 0
1696                            ? transfer_fsck_objects
1697                            : 0);
1698
1699        hdr_err = parse_pack_header(&hdr);
1700        if (hdr_err) {
1701                if (err_fd > 0)
1702                        close(err_fd);
1703                return hdr_err;
1704        }
1705
1706        if (si->nr_ours || si->nr_theirs) {
1707                alt_shallow_file = setup_temporary_shallow(si->shallow);
1708                argv_array_push(&child.args, "--shallow-file");
1709                argv_array_push(&child.args, alt_shallow_file);
1710        }
1711
1712        tmp_objdir = tmp_objdir_create();
1713        if (!tmp_objdir) {
1714                if (err_fd > 0)
1715                        close(err_fd);
1716                return "unable to create temporary object directory";
1717        }
1718        child.env = tmp_objdir_env(tmp_objdir);
1719
1720        /*
1721         * Normally we just pass the tmp_objdir environment to the child
1722         * processes that do the heavy lifting, but we may need to see these
1723         * objects ourselves to set up shallow information.
1724         */
1725        tmp_objdir_add_as_alternate(tmp_objdir);
1726
1727        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1728                argv_array_push(&child.args, "unpack-objects");
1729                push_header_arg(&child.args, &hdr);
1730                if (quiet)
1731                        argv_array_push(&child.args, "-q");
1732                if (fsck_objects)
1733                        argv_array_pushf(&child.args, "--strict%s",
1734                                fsck_msg_types.buf);
1735                if (max_input_size)
1736                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1737                                (uintmax_t)max_input_size);
1738                child.no_stdout = 1;
1739                child.err = err_fd;
1740                child.git_cmd = 1;
1741                status = run_command(&child);
1742                if (status)
1743                        return "unpack-objects abnormal exit";
1744        } else {
1745                char hostname[HOST_NAME_MAX + 1];
1746
1747                argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1748                push_header_arg(&child.args, &hdr);
1749
1750                if (xgethostname(hostname, sizeof(hostname)))
1751                        xsnprintf(hostname, sizeof(hostname), "localhost");
1752                argv_array_pushf(&child.args,
1753                                 "--keep=receive-pack %"PRIuMAX" on %s",
1754                                 (uintmax_t)getpid(),
1755                                 hostname);
1756
1757                if (!quiet && err_fd)
1758                        argv_array_push(&child.args, "--show-resolving-progress");
1759                if (use_sideband)
1760                        argv_array_push(&child.args, "--report-end-of-input");
1761                if (fsck_objects)
1762                        argv_array_pushf(&child.args, "--strict%s",
1763                                fsck_msg_types.buf);
1764                if (!reject_thin)
1765                        argv_array_push(&child.args, "--fix-thin");
1766                if (max_input_size)
1767                        argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1768                                (uintmax_t)max_input_size);
1769                child.out = -1;
1770                child.err = err_fd;
1771                child.git_cmd = 1;
1772                status = start_command(&child);
1773                if (status)
1774                        return "index-pack fork failed";
1775                pack_lockfile = index_pack_lockfile(child.out);
1776                close(child.out);
1777                status = finish_command(&child);
1778                if (status)
1779                        return "index-pack abnormal exit";
1780                reprepare_packed_git();
1781        }
1782        return NULL;
1783}
1784
1785static const char *unpack_with_sideband(struct shallow_info *si)
1786{
1787        struct async muxer;
1788        const char *ret;
1789
1790        if (!use_sideband)
1791                return unpack(0, si);
1792
1793        use_keepalive = KEEPALIVE_AFTER_NUL;
1794        memset(&muxer, 0, sizeof(muxer));
1795        muxer.proc = copy_to_sideband;
1796        muxer.in = -1;
1797        if (start_async(&muxer))
1798                return NULL;
1799
1800        ret = unpack(muxer.in, si);
1801
1802        finish_async(&muxer);
1803        return ret;
1804}
1805
1806static void prepare_shallow_update(struct command *commands,
1807                                   struct shallow_info *si)
1808{
1809        int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1810
1811        ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1812        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1813
1814        si->need_reachability_test =
1815                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1816        si->reachable =
1817                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1818        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1819
1820        for (i = 0; i < si->nr_ours; i++)
1821                si->need_reachability_test[si->ours[i]] = 1;
1822
1823        for (i = 0; i < si->shallow->nr; i++) {
1824                if (!si->used_shallow[i])
1825                        continue;
1826                for (j = 0; j < bitmap_size; j++) {
1827                        if (!si->used_shallow[i][j])
1828                                continue;
1829                        si->need_reachability_test[i]++;
1830                        for (k = 0; k < 32; k++)
1831                                if (si->used_shallow[i][j] & (1U << k))
1832                                        si->shallow_ref[j * 32 + k]++;
1833                }
1834
1835                /*
1836                 * true for those associated with some refs and belong
1837                 * in "ours" list aka "step 7 not done yet"
1838                 */
1839                si->need_reachability_test[i] =
1840                        si->need_reachability_test[i] > 1;
1841        }
1842
1843        /*
1844         * keep hooks happy by forcing a temporary shallow file via
1845         * env variable because we can't add --shallow-file to every
1846         * command. check_everything_connected() will be done with
1847         * true .git/shallow though.
1848         */
1849        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1850}
1851
1852static void update_shallow_info(struct command *commands,
1853                                struct shallow_info *si,
1854                                struct oid_array *ref)
1855{
1856        struct command *cmd;
1857        int *ref_status;
1858        remove_nonexistent_theirs_shallow(si);
1859        if (!si->nr_ours && !si->nr_theirs) {
1860                shallow_update = 0;
1861                return;
1862        }
1863
1864        for (cmd = commands; cmd; cmd = cmd->next) {
1865                if (is_null_oid(&cmd->new_oid))
1866                        continue;
1867                oid_array_append(ref, &cmd->new_oid);
1868                cmd->index = ref->nr - 1;
1869        }
1870        si->ref = ref;
1871
1872        if (shallow_update) {
1873                prepare_shallow_update(commands, si);
1874                return;
1875        }
1876
1877        ALLOC_ARRAY(ref_status, ref->nr);
1878        assign_shallow_commits_to_refs(si, NULL, ref_status);
1879        for (cmd = commands; cmd; cmd = cmd->next) {
1880                if (is_null_oid(&cmd->new_oid))
1881                        continue;
1882                if (ref_status[cmd->index]) {
1883                        cmd->error_string = "shallow update not allowed";
1884                        cmd->skip_update = 1;
1885                }
1886        }
1887        free(ref_status);
1888}
1889
1890static void report(struct command *commands, const char *unpack_status)
1891{
1892        struct command *cmd;
1893        struct strbuf buf = STRBUF_INIT;
1894
1895        packet_buf_write(&buf, "unpack %s\n",
1896                         unpack_status ? unpack_status : "ok");
1897        for (cmd = commands; cmd; cmd = cmd->next) {
1898                if (!cmd->error_string)
1899                        packet_buf_write(&buf, "ok %s\n",
1900                                         cmd->ref_name);
1901                else
1902                        packet_buf_write(&buf, "ng %s %s\n",
1903                                         cmd->ref_name, cmd->error_string);
1904        }
1905        packet_buf_flush(&buf);
1906
1907        if (use_sideband)
1908                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1909        else
1910                write_or_die(1, buf.buf, buf.len);
1911        strbuf_release(&buf);
1912}
1913
1914static int delete_only(struct command *commands)
1915{
1916        struct command *cmd;
1917        for (cmd = commands; cmd; cmd = cmd->next) {
1918                if (!is_null_oid(&cmd->new_oid))
1919                        return 0;
1920        }
1921        return 1;
1922}
1923
1924int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1925{
1926        int advertise_refs = 0;
1927        struct command *commands;
1928        struct oid_array shallow = OID_ARRAY_INIT;
1929        struct oid_array ref = OID_ARRAY_INIT;
1930        struct shallow_info si;
1931
1932        struct option options[] = {
1933                OPT__QUIET(&quiet, N_("quiet")),
1934                OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1935                OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1936                OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1937                OPT_END()
1938        };
1939
1940        packet_trace_identity("receive-pack");
1941
1942        argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1943
1944        if (argc > 1)
1945                usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1946        if (argc == 0)
1947                usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1948
1949        service_dir = argv[0];
1950
1951        setup_path();
1952
1953        if (!enter_repo(service_dir, 0))
1954                die("'%s' does not appear to be a git repository", service_dir);
1955
1956        git_config(receive_pack_config, NULL);
1957        if (cert_nonce_seed)
1958                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1959
1960        if (0 <= transfer_unpack_limit)
1961                unpack_limit = transfer_unpack_limit;
1962        else if (0 <= receive_unpack_limit)
1963                unpack_limit = receive_unpack_limit;
1964
1965        switch (determine_protocol_version_server()) {
1966        case protocol_v1:
1967                /*
1968                 * v1 is just the original protocol with a version string,
1969                 * so just fall through after writing the version string.
1970                 */
1971                if (advertise_refs || !stateless_rpc)
1972                        packet_write_fmt(1, "version 1\n");
1973
1974                /* fallthrough */
1975        case protocol_v0:
1976                break;
1977        case protocol_unknown_version:
1978                BUG("unknown protocol version");
1979        }
1980
1981        if (advertise_refs || !stateless_rpc) {
1982                write_head_info();
1983        }
1984        if (advertise_refs)
1985                return 0;
1986
1987        if ((commands = read_head_info(&shallow)) != NULL) {
1988                const char *unpack_status = NULL;
1989                struct string_list push_options = STRING_LIST_INIT_DUP;
1990
1991                if (use_push_options)
1992                        read_push_options(&push_options);
1993                if (!check_cert_push_options(&push_options)) {
1994                        struct command *cmd;
1995                        for (cmd = commands; cmd; cmd = cmd->next)
1996                                cmd->error_string = "inconsistent push options";
1997                }
1998
1999                prepare_shallow_info(&si, &shallow);
2000                if (!si.nr_ours && !si.nr_theirs)
2001                        shallow_update = 0;
2002                if (!delete_only(commands)) {
2003                        unpack_status = unpack_with_sideband(&si);
2004                        update_shallow_info(commands, &si, &ref);
2005                }
2006                use_keepalive = KEEPALIVE_ALWAYS;
2007                execute_commands(commands, unpack_status, &si,
2008                                 &push_options);
2009                if (pack_lockfile)
2010                        unlink_or_warn(pack_lockfile);
2011                if (report_status)
2012                        report(commands, unpack_status);
2013                run_receive_hook(commands, "post-receive", 1,
2014                                 &push_options);
2015                run_update_post_hook(commands);
2016                string_list_clear(&push_options, 0);
2017                if (auto_gc) {
2018                        const char *argv_gc_auto[] = {
2019                                "gc", "--auto", "--quiet", NULL,
2020                        };
2021                        struct child_process proc = CHILD_PROCESS_INIT;
2022
2023                        proc.no_stdin = 1;
2024                        proc.stdout_to_stderr = 1;
2025                        proc.err = use_sideband ? -1 : 0;
2026                        proc.git_cmd = 1;
2027                        proc.argv = argv_gc_auto;
2028
2029                        close_all_packs();
2030                        if (!start_command(&proc)) {
2031                                if (use_sideband)
2032                                        copy_to_sideband(proc.err, -1, NULL);
2033                                finish_command(&proc);
2034                        }
2035                }
2036                if (auto_update_server_info)
2037                        update_server_info(0);
2038                clear_shallow_info(&si);
2039        }
2040        if (use_sideband)
2041                packet_flush(1);
2042        oid_array_clear(&shallow);
2043        oid_array_clear(&ref);
2044        free((void *)push_cert_nonce);
2045        return 0;
2046}