builtin / receive-pack.con commit Merge branch 'sb/hex-object-name-is-at-most-41-bytes-long' (4f5a427)
   1#include "builtin.h"
   2#include "lockfile.h"
   3#include "pack.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "exec_cmd.h"
   9#include "commit.h"
  10#include "object.h"
  11#include "remote.h"
  12#include "connect.h"
  13#include "transport.h"
  14#include "string-list.h"
  15#include "sha1-array.h"
  16#include "connected.h"
  17#include "argv-array.h"
  18#include "version.h"
  19#include "tag.h"
  20#include "gpg-interface.h"
  21#include "sigchain.h"
  22
  23static const char receive_pack_usage[] = "git receive-pack <git-dir>";
  24
  25enum deny_action {
  26        DENY_UNCONFIGURED,
  27        DENY_IGNORE,
  28        DENY_WARN,
  29        DENY_REFUSE,
  30        DENY_UPDATE_INSTEAD
  31};
  32
  33static int deny_deletes;
  34static int deny_non_fast_forwards;
  35static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  36static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  37static int receive_fsck_objects = -1;
  38static int transfer_fsck_objects = -1;
  39static int receive_unpack_limit = -1;
  40static int transfer_unpack_limit = -1;
  41static int advertise_atomic_push = 1;
  42static int unpack_limit = 100;
  43static int report_status;
  44static int use_sideband;
  45static int use_atomic;
  46static int quiet;
  47static int prefer_ofs_delta = 1;
  48static int auto_update_server_info;
  49static int auto_gc = 1;
  50static int fix_thin = 1;
  51static int stateless_rpc;
  52static const char *service_dir;
  53static const char *head_name;
  54static void *head_name_to_free;
  55static int sent_capabilities;
  56static int shallow_update;
  57static const char *alt_shallow_file;
  58static struct strbuf push_cert = STRBUF_INIT;
  59static unsigned char push_cert_sha1[20];
  60static struct signature_check sigcheck;
  61static const char *push_cert_nonce;
  62static const char *cert_nonce_seed;
  63
  64static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  65static const char *NONCE_BAD = "BAD";
  66static const char *NONCE_MISSING = "MISSING";
  67static const char *NONCE_OK = "OK";
  68static const char *NONCE_SLOP = "SLOP";
  69static const char *nonce_status;
  70static long nonce_stamp_slop;
  71static unsigned long nonce_stamp_slop_limit;
  72static struct ref_transaction *transaction;
  73
  74static enum deny_action parse_deny_action(const char *var, const char *value)
  75{
  76        if (value) {
  77                if (!strcasecmp(value, "ignore"))
  78                        return DENY_IGNORE;
  79                if (!strcasecmp(value, "warn"))
  80                        return DENY_WARN;
  81                if (!strcasecmp(value, "refuse"))
  82                        return DENY_REFUSE;
  83                if (!strcasecmp(value, "updateinstead"))
  84                        return DENY_UPDATE_INSTEAD;
  85        }
  86        if (git_config_bool(var, value))
  87                return DENY_REFUSE;
  88        return DENY_IGNORE;
  89}
  90
  91static int receive_pack_config(const char *var, const char *value, void *cb)
  92{
  93        int status = parse_hide_refs_config(var, value, "receive");
  94
  95        if (status)
  96                return status;
  97
  98        if (strcmp(var, "receive.denydeletes") == 0) {
  99                deny_deletes = git_config_bool(var, value);
 100                return 0;
 101        }
 102
 103        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 104                deny_non_fast_forwards = git_config_bool(var, value);
 105                return 0;
 106        }
 107
 108        if (strcmp(var, "receive.unpacklimit") == 0) {
 109                receive_unpack_limit = git_config_int(var, value);
 110                return 0;
 111        }
 112
 113        if (strcmp(var, "transfer.unpacklimit") == 0) {
 114                transfer_unpack_limit = git_config_int(var, value);
 115                return 0;
 116        }
 117
 118        if (strcmp(var, "receive.fsckobjects") == 0) {
 119                receive_fsck_objects = git_config_bool(var, value);
 120                return 0;
 121        }
 122
 123        if (strcmp(var, "transfer.fsckobjects") == 0) {
 124                transfer_fsck_objects = git_config_bool(var, value);
 125                return 0;
 126        }
 127
 128        if (!strcmp(var, "receive.denycurrentbranch")) {
 129                deny_current_branch = parse_deny_action(var, value);
 130                return 0;
 131        }
 132
 133        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 134                deny_delete_current = parse_deny_action(var, value);
 135                return 0;
 136        }
 137
 138        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 139                prefer_ofs_delta = git_config_bool(var, value);
 140                return 0;
 141        }
 142
 143        if (strcmp(var, "receive.updateserverinfo") == 0) {
 144                auto_update_server_info = git_config_bool(var, value);
 145                return 0;
 146        }
 147
 148        if (strcmp(var, "receive.autogc") == 0) {
 149                auto_gc = git_config_bool(var, value);
 150                return 0;
 151        }
 152
 153        if (strcmp(var, "receive.shallowupdate") == 0) {
 154                shallow_update = git_config_bool(var, value);
 155                return 0;
 156        }
 157
 158        if (strcmp(var, "receive.certnonceseed") == 0)
 159                return git_config_string(&cert_nonce_seed, var, value);
 160
 161        if (strcmp(var, "receive.certnonceslop") == 0) {
 162                nonce_stamp_slop_limit = git_config_ulong(var, value);
 163                return 0;
 164        }
 165
 166        if (strcmp(var, "receive.advertiseatomic") == 0) {
 167                advertise_atomic_push = git_config_bool(var, value);
 168                return 0;
 169        }
 170
 171        return git_default_config(var, value, cb);
 172}
 173
 174static void show_ref(const char *path, const unsigned char *sha1)
 175{
 176        if (ref_is_hidden(path))
 177                return;
 178
 179        if (sent_capabilities) {
 180                packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
 181        } else {
 182                struct strbuf cap = STRBUF_INIT;
 183
 184                strbuf_addstr(&cap,
 185                              "report-status delete-refs side-band-64k quiet");
 186                if (advertise_atomic_push)
 187                        strbuf_addstr(&cap, " atomic");
 188                if (prefer_ofs_delta)
 189                        strbuf_addstr(&cap, " ofs-delta");
 190                if (push_cert_nonce)
 191                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 192                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 193                packet_write(1, "%s %s%c%s\n",
 194                             sha1_to_hex(sha1), path, 0, cap.buf);
 195                strbuf_release(&cap);
 196                sent_capabilities = 1;
 197        }
 198}
 199
 200static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
 201{
 202        path = strip_namespace(path);
 203        /*
 204         * Advertise refs outside our current namespace as ".have"
 205         * refs, so that the client can use them to minimize data
 206         * transfer but will otherwise ignore them. This happens to
 207         * cover ".have" that are thrown in by add_one_alternate_ref()
 208         * to mark histories that are complete in our alternates as
 209         * well.
 210         */
 211        if (!path)
 212                path = ".have";
 213        show_ref(path, sha1);
 214        return 0;
 215}
 216
 217static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
 218{
 219        show_ref(".have", sha1);
 220}
 221
 222static void collect_one_alternate_ref(const struct ref *ref, void *data)
 223{
 224        struct sha1_array *sa = data;
 225        sha1_array_append(sa, ref->old_sha1);
 226}
 227
 228static void write_head_info(void)
 229{
 230        struct sha1_array sa = SHA1_ARRAY_INIT;
 231        for_each_alternate_ref(collect_one_alternate_ref, &sa);
 232        sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
 233        sha1_array_clear(&sa);
 234        for_each_ref(show_ref_cb, NULL);
 235        if (!sent_capabilities)
 236                show_ref("capabilities^{}", null_sha1);
 237
 238        advertise_shallow_grafts(1);
 239
 240        /* EOF */
 241        packet_flush(1);
 242}
 243
 244struct command {
 245        struct command *next;
 246        const char *error_string;
 247        unsigned int skip_update:1,
 248                     did_not_exist:1;
 249        int index;
 250        unsigned char old_sha1[20];
 251        unsigned char new_sha1[20];
 252        char ref_name[FLEX_ARRAY]; /* more */
 253};
 254
 255static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 256static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 257
 258static void report_message(const char *prefix, const char *err, va_list params)
 259{
 260        int sz = strlen(prefix);
 261        char msg[4096];
 262
 263        strncpy(msg, prefix, sz);
 264        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 265        if (sz > (sizeof(msg) - 1))
 266                sz = sizeof(msg) - 1;
 267        msg[sz++] = '\n';
 268
 269        if (use_sideband)
 270                send_sideband(1, 2, msg, sz, use_sideband);
 271        else
 272                xwrite(2, msg, sz);
 273}
 274
 275static void rp_warning(const char *err, ...)
 276{
 277        va_list params;
 278        va_start(params, err);
 279        report_message("warning: ", err, params);
 280        va_end(params);
 281}
 282
 283static void rp_error(const char *err, ...)
 284{
 285        va_list params;
 286        va_start(params, err);
 287        report_message("error: ", err, params);
 288        va_end(params);
 289}
 290
 291static int copy_to_sideband(int in, int out, void *arg)
 292{
 293        char data[128];
 294        while (1) {
 295                ssize_t sz = xread(in, data, sizeof(data));
 296                if (sz <= 0)
 297                        break;
 298                send_sideband(1, 2, data, sz, use_sideband);
 299        }
 300        close(in);
 301        return 0;
 302}
 303
 304#define HMAC_BLOCK_SIZE 64
 305
 306static void hmac_sha1(unsigned char *out,
 307                      const char *key_in, size_t key_len,
 308                      const char *text, size_t text_len)
 309{
 310        unsigned char key[HMAC_BLOCK_SIZE];
 311        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 312        unsigned char k_opad[HMAC_BLOCK_SIZE];
 313        int i;
 314        git_SHA_CTX ctx;
 315
 316        /* RFC 2104 2. (1) */
 317        memset(key, '\0', HMAC_BLOCK_SIZE);
 318        if (HMAC_BLOCK_SIZE < key_len) {
 319                git_SHA1_Init(&ctx);
 320                git_SHA1_Update(&ctx, key_in, key_len);
 321                git_SHA1_Final(key, &ctx);
 322        } else {
 323                memcpy(key, key_in, key_len);
 324        }
 325
 326        /* RFC 2104 2. (2) & (5) */
 327        for (i = 0; i < sizeof(key); i++) {
 328                k_ipad[i] = key[i] ^ 0x36;
 329                k_opad[i] = key[i] ^ 0x5c;
 330        }
 331
 332        /* RFC 2104 2. (3) & (4) */
 333        git_SHA1_Init(&ctx);
 334        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 335        git_SHA1_Update(&ctx, text, text_len);
 336        git_SHA1_Final(out, &ctx);
 337
 338        /* RFC 2104 2. (6) & (7) */
 339        git_SHA1_Init(&ctx);
 340        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 341        git_SHA1_Update(&ctx, out, 20);
 342        git_SHA1_Final(out, &ctx);
 343}
 344
 345static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
 346{
 347        struct strbuf buf = STRBUF_INIT;
 348        unsigned char sha1[20];
 349
 350        strbuf_addf(&buf, "%s:%lu", path, stamp);
 351        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 352        strbuf_release(&buf);
 353
 354        /* RFC 2104 5. HMAC-SHA1-80 */
 355        strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
 356        return strbuf_detach(&buf, NULL);
 357}
 358
 359/*
 360 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 361 * after dropping "_commit" from its name and possibly moving it out
 362 * of commit.c
 363 */
 364static char *find_header(const char *msg, size_t len, const char *key)
 365{
 366        int key_len = strlen(key);
 367        const char *line = msg;
 368
 369        while (line && line < msg + len) {
 370                const char *eol = strchrnul(line, '\n');
 371
 372                if ((msg + len <= eol) || line == eol)
 373                        return NULL;
 374                if (line + key_len < eol &&
 375                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 376                        int offset = key_len + 1;
 377                        return xmemdupz(line + offset, (eol - line) - offset);
 378                }
 379                line = *eol ? eol + 1 : NULL;
 380        }
 381        return NULL;
 382}
 383
 384static const char *check_nonce(const char *buf, size_t len)
 385{
 386        char *nonce = find_header(buf, len, "nonce");
 387        unsigned long stamp, ostamp;
 388        char *bohmac, *expect = NULL;
 389        const char *retval = NONCE_BAD;
 390
 391        if (!nonce) {
 392                retval = NONCE_MISSING;
 393                goto leave;
 394        } else if (!push_cert_nonce) {
 395                retval = NONCE_UNSOLICITED;
 396                goto leave;
 397        } else if (!strcmp(push_cert_nonce, nonce)) {
 398                retval = NONCE_OK;
 399                goto leave;
 400        }
 401
 402        if (!stateless_rpc) {
 403                /* returned nonce MUST match what we gave out earlier */
 404                retval = NONCE_BAD;
 405                goto leave;
 406        }
 407
 408        /*
 409         * In stateless mode, we may be receiving a nonce issued by
 410         * another instance of the server that serving the same
 411         * repository, and the timestamps may not match, but the
 412         * nonce-seed and dir should match, so we can recompute and
 413         * report the time slop.
 414         *
 415         * In addition, when a nonce issued by another instance has
 416         * timestamp within receive.certnonceslop seconds, we pretend
 417         * as if we issued that nonce when reporting to the hook.
 418         */
 419
 420        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 421        if (*nonce <= '0' || '9' < *nonce) {
 422                retval = NONCE_BAD;
 423                goto leave;
 424        }
 425        stamp = strtoul(nonce, &bohmac, 10);
 426        if (bohmac == nonce || bohmac[0] != '-') {
 427                retval = NONCE_BAD;
 428                goto leave;
 429        }
 430
 431        expect = prepare_push_cert_nonce(service_dir, stamp);
 432        if (strcmp(expect, nonce)) {
 433                /* Not what we would have signed earlier */
 434                retval = NONCE_BAD;
 435                goto leave;
 436        }
 437
 438        /*
 439         * By how many seconds is this nonce stale?  Negative value
 440         * would mean it was issued by another server with its clock
 441         * skewed in the future.
 442         */
 443        ostamp = strtoul(push_cert_nonce, NULL, 10);
 444        nonce_stamp_slop = (long)ostamp - (long)stamp;
 445
 446        if (nonce_stamp_slop_limit &&
 447            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 448                /*
 449                 * Pretend as if the received nonce (which passes the
 450                 * HMAC check, so it is not a forged by third-party)
 451                 * is what we issued.
 452                 */
 453                free((void *)push_cert_nonce);
 454                push_cert_nonce = xstrdup(nonce);
 455                retval = NONCE_OK;
 456        } else {
 457                retval = NONCE_SLOP;
 458        }
 459
 460leave:
 461        free(nonce);
 462        free(expect);
 463        return retval;
 464}
 465
 466static void prepare_push_cert_sha1(struct child_process *proc)
 467{
 468        static int already_done;
 469
 470        if (!push_cert.len)
 471                return;
 472
 473        if (!already_done) {
 474                struct strbuf gpg_output = STRBUF_INIT;
 475                struct strbuf gpg_status = STRBUF_INIT;
 476                int bogs /* beginning_of_gpg_sig */;
 477
 478                already_done = 1;
 479                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 480                        hashclr(push_cert_sha1);
 481
 482                memset(&sigcheck, '\0', sizeof(sigcheck));
 483                sigcheck.result = 'N';
 484
 485                bogs = parse_signature(push_cert.buf, push_cert.len);
 486                if (verify_signed_buffer(push_cert.buf, bogs,
 487                                         push_cert.buf + bogs, push_cert.len - bogs,
 488                                         &gpg_output, &gpg_status) < 0) {
 489                        ; /* error running gpg */
 490                } else {
 491                        sigcheck.payload = push_cert.buf;
 492                        sigcheck.gpg_output = gpg_output.buf;
 493                        sigcheck.gpg_status = gpg_status.buf;
 494                        parse_gpg_output(&sigcheck);
 495                }
 496
 497                strbuf_release(&gpg_output);
 498                strbuf_release(&gpg_status);
 499                nonce_status = check_nonce(push_cert.buf, bogs);
 500        }
 501        if (!is_null_sha1(push_cert_sha1)) {
 502                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 503                                 sha1_to_hex(push_cert_sha1));
 504                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 505                                 sigcheck.signer ? sigcheck.signer : "");
 506                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 507                                 sigcheck.key ? sigcheck.key : "");
 508                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 509                                 sigcheck.result);
 510                if (push_cert_nonce) {
 511                        argv_array_pushf(&proc->env_array,
 512                                         "GIT_PUSH_CERT_NONCE=%s",
 513                                         push_cert_nonce);
 514                        argv_array_pushf(&proc->env_array,
 515                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 516                                         nonce_status);
 517                        if (nonce_status == NONCE_SLOP)
 518                                argv_array_pushf(&proc->env_array,
 519                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 520                                                 nonce_stamp_slop);
 521                }
 522        }
 523}
 524
 525typedef int (*feed_fn)(void *, const char **, size_t *);
 526static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
 527{
 528        struct child_process proc = CHILD_PROCESS_INIT;
 529        struct async muxer;
 530        const char *argv[2];
 531        int code;
 532
 533        argv[0] = find_hook(hook_name);
 534        if (!argv[0])
 535                return 0;
 536
 537        argv[1] = NULL;
 538
 539        proc.argv = argv;
 540        proc.in = -1;
 541        proc.stdout_to_stderr = 1;
 542
 543        if (use_sideband) {
 544                memset(&muxer, 0, sizeof(muxer));
 545                muxer.proc = copy_to_sideband;
 546                muxer.in = -1;
 547                code = start_async(&muxer);
 548                if (code)
 549                        return code;
 550                proc.err = muxer.in;
 551        }
 552
 553        prepare_push_cert_sha1(&proc);
 554
 555        code = start_command(&proc);
 556        if (code) {
 557                if (use_sideband)
 558                        finish_async(&muxer);
 559                return code;
 560        }
 561
 562        sigchain_push(SIGPIPE, SIG_IGN);
 563
 564        while (1) {
 565                const char *buf;
 566                size_t n;
 567                if (feed(feed_state, &buf, &n))
 568                        break;
 569                if (write_in_full(proc.in, buf, n) != n)
 570                        break;
 571        }
 572        close(proc.in);
 573        if (use_sideband)
 574                finish_async(&muxer);
 575
 576        sigchain_pop(SIGPIPE);
 577
 578        return finish_command(&proc);
 579}
 580
 581struct receive_hook_feed_state {
 582        struct command *cmd;
 583        int skip_broken;
 584        struct strbuf buf;
 585};
 586
 587static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 588{
 589        struct receive_hook_feed_state *state = state_;
 590        struct command *cmd = state->cmd;
 591
 592        while (cmd &&
 593               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 594                cmd = cmd->next;
 595        if (!cmd)
 596                return -1; /* EOF */
 597        strbuf_reset(&state->buf);
 598        strbuf_addf(&state->buf, "%s %s %s\n",
 599                    sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
 600                    cmd->ref_name);
 601        state->cmd = cmd->next;
 602        if (bufp) {
 603                *bufp = state->buf.buf;
 604                *sizep = state->buf.len;
 605        }
 606        return 0;
 607}
 608
 609static int run_receive_hook(struct command *commands, const char *hook_name,
 610                            int skip_broken)
 611{
 612        struct receive_hook_feed_state state;
 613        int status;
 614
 615        strbuf_init(&state.buf, 0);
 616        state.cmd = commands;
 617        state.skip_broken = skip_broken;
 618        if (feed_receive_hook(&state, NULL, NULL))
 619                return 0;
 620        state.cmd = commands;
 621        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 622        strbuf_release(&state.buf);
 623        return status;
 624}
 625
 626static int run_update_hook(struct command *cmd)
 627{
 628        const char *argv[5];
 629        struct child_process proc = CHILD_PROCESS_INIT;
 630        int code;
 631
 632        argv[0] = find_hook("update");
 633        if (!argv[0])
 634                return 0;
 635
 636        argv[1] = cmd->ref_name;
 637        argv[2] = sha1_to_hex(cmd->old_sha1);
 638        argv[3] = sha1_to_hex(cmd->new_sha1);
 639        argv[4] = NULL;
 640
 641        proc.no_stdin = 1;
 642        proc.stdout_to_stderr = 1;
 643        proc.err = use_sideband ? -1 : 0;
 644        proc.argv = argv;
 645
 646        code = start_command(&proc);
 647        if (code)
 648                return code;
 649        if (use_sideband)
 650                copy_to_sideband(proc.err, -1, NULL);
 651        return finish_command(&proc);
 652}
 653
 654static int is_ref_checked_out(const char *ref)
 655{
 656        if (is_bare_repository())
 657                return 0;
 658
 659        if (!head_name)
 660                return 0;
 661        return !strcmp(head_name, ref);
 662}
 663
 664static char *refuse_unconfigured_deny_msg[] = {
 665        "By default, updating the current branch in a non-bare repository",
 666        "is denied, because it will make the index and work tree inconsistent",
 667        "with what you pushed, and will require 'git reset --hard' to match",
 668        "the work tree to HEAD.",
 669        "",
 670        "You can set 'receive.denyCurrentBranch' configuration variable to",
 671        "'ignore' or 'warn' in the remote repository to allow pushing into",
 672        "its current branch; however, this is not recommended unless you",
 673        "arranged to update its work tree to match what you pushed in some",
 674        "other way.",
 675        "",
 676        "To squelch this message and still keep the default behaviour, set",
 677        "'receive.denyCurrentBranch' configuration variable to 'refuse'."
 678};
 679
 680static void refuse_unconfigured_deny(void)
 681{
 682        int i;
 683        for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
 684                rp_error("%s", refuse_unconfigured_deny_msg[i]);
 685}
 686
 687static char *refuse_unconfigured_deny_delete_current_msg[] = {
 688        "By default, deleting the current branch is denied, because the next",
 689        "'git clone' won't result in any file checked out, causing confusion.",
 690        "",
 691        "You can set 'receive.denyDeleteCurrent' configuration variable to",
 692        "'warn' or 'ignore' in the remote repository to allow deleting the",
 693        "current branch, with or without a warning message.",
 694        "",
 695        "To squelch this message, you can set it to 'refuse'."
 696};
 697
 698static void refuse_unconfigured_deny_delete_current(void)
 699{
 700        int i;
 701        for (i = 0;
 702             i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
 703             i++)
 704                rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
 705}
 706
 707static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 708static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 709{
 710        static struct lock_file shallow_lock;
 711        struct sha1_array extra = SHA1_ARRAY_INIT;
 712        const char *alt_file;
 713        uint32_t mask = 1 << (cmd->index % 32);
 714        int i;
 715
 716        trace_printf_key(&trace_shallow,
 717                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 718        for (i = 0; i < si->shallow->nr; i++)
 719                if (si->used_shallow[i] &&
 720                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 721                    !delayed_reachability_test(si, i))
 722                        sha1_array_append(&extra, si->shallow->sha1[i]);
 723
 724        setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
 725        if (check_shallow_connected(command_singleton_iterator,
 726                                    0, cmd, alt_file)) {
 727                rollback_lock_file(&shallow_lock);
 728                sha1_array_clear(&extra);
 729                return -1;
 730        }
 731
 732        commit_lock_file(&shallow_lock);
 733
 734        /*
 735         * Make sure setup_alternate_shallow() for the next ref does
 736         * not lose these new roots..
 737         */
 738        for (i = 0; i < extra.nr; i++)
 739                register_shallow(extra.sha1[i]);
 740
 741        si->shallow_ref[cmd->index] = 0;
 742        sha1_array_clear(&extra);
 743        return 0;
 744}
 745
 746static const char *push_to_deploy(unsigned char *sha1,
 747                                  struct argv_array *env,
 748                                  const char *work_tree)
 749{
 750        const char *update_refresh[] = {
 751                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 752        };
 753        const char *diff_files[] = {
 754                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 755        };
 756        const char *diff_index[] = {
 757                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 758                "HEAD", "--", NULL
 759        };
 760        const char *read_tree[] = {
 761                "read-tree", "-u", "-m", NULL, NULL
 762        };
 763        struct child_process child = CHILD_PROCESS_INIT;
 764
 765        child.argv = update_refresh;
 766        child.env = env->argv;
 767        child.dir = work_tree;
 768        child.no_stdin = 1;
 769        child.stdout_to_stderr = 1;
 770        child.git_cmd = 1;
 771        if (run_command(&child))
 772                return "Up-to-date check failed";
 773
 774        /* run_command() does not clean up completely; reinitialize */
 775        child_process_init(&child);
 776        child.argv = diff_files;
 777        child.env = env->argv;
 778        child.dir = work_tree;
 779        child.no_stdin = 1;
 780        child.stdout_to_stderr = 1;
 781        child.git_cmd = 1;
 782        if (run_command(&child))
 783                return "Working directory has unstaged changes";
 784
 785        child_process_init(&child);
 786        child.argv = diff_index;
 787        child.env = env->argv;
 788        child.no_stdin = 1;
 789        child.no_stdout = 1;
 790        child.stdout_to_stderr = 0;
 791        child.git_cmd = 1;
 792        if (run_command(&child))
 793                return "Working directory has staged changes";
 794
 795        read_tree[3] = sha1_to_hex(sha1);
 796        child_process_init(&child);
 797        child.argv = read_tree;
 798        child.env = env->argv;
 799        child.dir = work_tree;
 800        child.no_stdin = 1;
 801        child.no_stdout = 1;
 802        child.stdout_to_stderr = 0;
 803        child.git_cmd = 1;
 804        if (run_command(&child))
 805                return "Could not update working tree to new HEAD";
 806
 807        return NULL;
 808}
 809
 810static const char *push_to_checkout_hook = "push-to-checkout";
 811
 812static const char *push_to_checkout(unsigned char *sha1,
 813                                    struct argv_array *env,
 814                                    const char *work_tree)
 815{
 816        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
 817        if (run_hook_le(env->argv, push_to_checkout_hook,
 818                        sha1_to_hex(sha1), NULL))
 819                return "push-to-checkout hook declined";
 820        else
 821                return NULL;
 822}
 823
 824static const char *update_worktree(unsigned char *sha1)
 825{
 826        const char *retval;
 827        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
 828        struct argv_array env = ARGV_ARRAY_INIT;
 829
 830        if (is_bare_repository())
 831                return "denyCurrentBranch = updateInstead needs a worktree";
 832
 833        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
 834
 835        if (!find_hook(push_to_checkout_hook))
 836                retval = push_to_deploy(sha1, &env, work_tree);
 837        else
 838                retval = push_to_checkout(sha1, &env, work_tree);
 839
 840        argv_array_clear(&env);
 841        return retval;
 842}
 843
 844static const char *update(struct command *cmd, struct shallow_info *si)
 845{
 846        const char *name = cmd->ref_name;
 847        struct strbuf namespaced_name_buf = STRBUF_INIT;
 848        const char *namespaced_name, *ret;
 849        unsigned char *old_sha1 = cmd->old_sha1;
 850        unsigned char *new_sha1 = cmd->new_sha1;
 851
 852        /* only refs/... are allowed */
 853        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
 854                rp_error("refusing to create funny ref '%s' remotely", name);
 855                return "funny refname";
 856        }
 857
 858        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
 859        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
 860
 861        if (is_ref_checked_out(namespaced_name)) {
 862                switch (deny_current_branch) {
 863                case DENY_IGNORE:
 864                        break;
 865                case DENY_WARN:
 866                        rp_warning("updating the current branch");
 867                        break;
 868                case DENY_REFUSE:
 869                case DENY_UNCONFIGURED:
 870                        rp_error("refusing to update checked out branch: %s", name);
 871                        if (deny_current_branch == DENY_UNCONFIGURED)
 872                                refuse_unconfigured_deny();
 873                        return "branch is currently checked out";
 874                case DENY_UPDATE_INSTEAD:
 875                        ret = update_worktree(new_sha1);
 876                        if (ret)
 877                                return ret;
 878                        break;
 879                }
 880        }
 881
 882        if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
 883                error("unpack should have generated %s, "
 884                      "but I can't find it!", sha1_to_hex(new_sha1));
 885                return "bad pack";
 886        }
 887
 888        if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
 889                if (deny_deletes && starts_with(name, "refs/heads/")) {
 890                        rp_error("denying ref deletion for %s", name);
 891                        return "deletion prohibited";
 892                }
 893
 894                if (!strcmp(namespaced_name, head_name)) {
 895                        switch (deny_delete_current) {
 896                        case DENY_IGNORE:
 897                                break;
 898                        case DENY_WARN:
 899                                rp_warning("deleting the current branch");
 900                                break;
 901                        case DENY_REFUSE:
 902                        case DENY_UNCONFIGURED:
 903                        case DENY_UPDATE_INSTEAD:
 904                                if (deny_delete_current == DENY_UNCONFIGURED)
 905                                        refuse_unconfigured_deny_delete_current();
 906                                rp_error("refusing to delete the current branch: %s", name);
 907                                return "deletion of the current branch prohibited";
 908                        default:
 909                                return "Invalid denyDeleteCurrent setting";
 910                        }
 911                }
 912        }
 913
 914        if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
 915            !is_null_sha1(old_sha1) &&
 916            starts_with(name, "refs/heads/")) {
 917                struct object *old_object, *new_object;
 918                struct commit *old_commit, *new_commit;
 919
 920                old_object = parse_object(old_sha1);
 921                new_object = parse_object(new_sha1);
 922
 923                if (!old_object || !new_object ||
 924                    old_object->type != OBJ_COMMIT ||
 925                    new_object->type != OBJ_COMMIT) {
 926                        error("bad sha1 objects for %s", name);
 927                        return "bad ref";
 928                }
 929                old_commit = (struct commit *)old_object;
 930                new_commit = (struct commit *)new_object;
 931                if (!in_merge_bases(old_commit, new_commit)) {
 932                        rp_error("denying non-fast-forward %s"
 933                                 " (you should pull first)", name);
 934                        return "non-fast-forward";
 935                }
 936        }
 937        if (run_update_hook(cmd)) {
 938                rp_error("hook declined to update %s", name);
 939                return "hook declined";
 940        }
 941
 942        if (is_null_sha1(new_sha1)) {
 943                struct strbuf err = STRBUF_INIT;
 944                if (!parse_object(old_sha1)) {
 945                        old_sha1 = NULL;
 946                        if (ref_exists(name)) {
 947                                rp_warning("Allowing deletion of corrupt ref.");
 948                        } else {
 949                                rp_warning("Deleting a non-existent ref.");
 950                                cmd->did_not_exist = 1;
 951                        }
 952                }
 953                if (ref_transaction_delete(transaction,
 954                                           namespaced_name,
 955                                           old_sha1,
 956                                           0, old_sha1 != NULL,
 957                                           "push", &err)) {
 958                        rp_error("%s", err.buf);
 959                        strbuf_release(&err);
 960                        return "failed to delete";
 961                }
 962                strbuf_release(&err);
 963                return NULL; /* good */
 964        }
 965        else {
 966                struct strbuf err = STRBUF_INIT;
 967                if (shallow_update && si->shallow_ref[cmd->index] &&
 968                    update_shallow_ref(cmd, si))
 969                        return "shallow error";
 970
 971                if (ref_transaction_update(transaction,
 972                                           namespaced_name,
 973                                           new_sha1, old_sha1,
 974                                           0, 1, "push",
 975                                           &err)) {
 976                        rp_error("%s", err.buf);
 977                        strbuf_release(&err);
 978
 979                        return "failed to update ref";
 980                }
 981                strbuf_release(&err);
 982
 983                return NULL; /* good */
 984        }
 985}
 986
 987static void run_update_post_hook(struct command *commands)
 988{
 989        struct command *cmd;
 990        int argc;
 991        const char **argv;
 992        struct child_process proc = CHILD_PROCESS_INIT;
 993        char *hook;
 994
 995        hook = find_hook("post-update");
 996        for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
 997                if (cmd->error_string || cmd->did_not_exist)
 998                        continue;
 999                argc++;
1000        }
1001        if (!argc || !hook)
1002                return;
1003
1004        argv = xmalloc(sizeof(*argv) * (2 + argc));
1005        argv[0] = hook;
1006
1007        for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1008                if (cmd->error_string || cmd->did_not_exist)
1009                        continue;
1010                argv[argc] = xstrdup(cmd->ref_name);
1011                argc++;
1012        }
1013        argv[argc] = NULL;
1014
1015        proc.no_stdin = 1;
1016        proc.stdout_to_stderr = 1;
1017        proc.err = use_sideband ? -1 : 0;
1018        proc.argv = argv;
1019
1020        if (!start_command(&proc)) {
1021                if (use_sideband)
1022                        copy_to_sideband(proc.err, -1, NULL);
1023                finish_command(&proc);
1024        }
1025}
1026
1027static void check_aliased_update(struct command *cmd, struct string_list *list)
1028{
1029        struct strbuf buf = STRBUF_INIT;
1030        const char *dst_name;
1031        struct string_list_item *item;
1032        struct command *dst_cmd;
1033        unsigned char sha1[20];
1034        char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1035        int flag;
1036
1037        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1038        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1039        strbuf_release(&buf);
1040
1041        if (!(flag & REF_ISSYMREF))
1042                return;
1043
1044        dst_name = strip_namespace(dst_name);
1045        if (!dst_name) {
1046                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1047                cmd->skip_update = 1;
1048                cmd->error_string = "broken symref";
1049                return;
1050        }
1051
1052        if ((item = string_list_lookup(list, dst_name)) == NULL)
1053                return;
1054
1055        cmd->skip_update = 1;
1056
1057        dst_cmd = (struct command *) item->util;
1058
1059        if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1060            !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1061                return;
1062
1063        dst_cmd->skip_update = 1;
1064
1065        strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1066        strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1067        strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1068        strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1069        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1070                 " its target '%s' (%s..%s)",
1071                 cmd->ref_name, cmd_oldh, cmd_newh,
1072                 dst_cmd->ref_name, dst_oldh, dst_newh);
1073
1074        cmd->error_string = dst_cmd->error_string =
1075                "inconsistent aliased update";
1076}
1077
1078static void check_aliased_updates(struct command *commands)
1079{
1080        struct command *cmd;
1081        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1082
1083        for (cmd = commands; cmd; cmd = cmd->next) {
1084                struct string_list_item *item =
1085                        string_list_append(&ref_list, cmd->ref_name);
1086                item->util = (void *)cmd;
1087        }
1088        string_list_sort(&ref_list);
1089
1090        for (cmd = commands; cmd; cmd = cmd->next) {
1091                if (!cmd->error_string)
1092                        check_aliased_update(cmd, &ref_list);
1093        }
1094
1095        string_list_clear(&ref_list, 0);
1096}
1097
1098static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1099{
1100        struct command **cmd_list = cb_data;
1101        struct command *cmd = *cmd_list;
1102
1103        if (!cmd || is_null_sha1(cmd->new_sha1))
1104                return -1; /* end of list */
1105        *cmd_list = NULL; /* this returns only one */
1106        hashcpy(sha1, cmd->new_sha1);
1107        return 0;
1108}
1109
1110static void set_connectivity_errors(struct command *commands,
1111                                    struct shallow_info *si)
1112{
1113        struct command *cmd;
1114
1115        for (cmd = commands; cmd; cmd = cmd->next) {
1116                struct command *singleton = cmd;
1117                if (shallow_update && si->shallow_ref[cmd->index])
1118                        /* to be checked in update_shallow_ref() */
1119                        continue;
1120                if (!check_everything_connected(command_singleton_iterator,
1121                                                0, &singleton))
1122                        continue;
1123                cmd->error_string = "missing necessary objects";
1124        }
1125}
1126
1127struct iterate_data {
1128        struct command *cmds;
1129        struct shallow_info *si;
1130};
1131
1132static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1133{
1134        struct iterate_data *data = cb_data;
1135        struct command **cmd_list = &data->cmds;
1136        struct command *cmd = *cmd_list;
1137
1138        for (; cmd; cmd = cmd->next) {
1139                if (shallow_update && data->si->shallow_ref[cmd->index])
1140                        /* to be checked in update_shallow_ref() */
1141                        continue;
1142                if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1143                        hashcpy(sha1, cmd->new_sha1);
1144                        *cmd_list = cmd->next;
1145                        return 0;
1146                }
1147        }
1148        *cmd_list = NULL;
1149        return -1; /* end of list */
1150}
1151
1152static void reject_updates_to_hidden(struct command *commands)
1153{
1154        struct command *cmd;
1155
1156        for (cmd = commands; cmd; cmd = cmd->next) {
1157                if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1158                        continue;
1159                if (is_null_sha1(cmd->new_sha1))
1160                        cmd->error_string = "deny deleting a hidden ref";
1161                else
1162                        cmd->error_string = "deny updating a hidden ref";
1163        }
1164}
1165
1166static int should_process_cmd(struct command *cmd)
1167{
1168        return !cmd->error_string && !cmd->skip_update;
1169}
1170
1171static void warn_if_skipped_connectivity_check(struct command *commands,
1172                                               struct shallow_info *si)
1173{
1174        struct command *cmd;
1175        int checked_connectivity = 1;
1176
1177        for (cmd = commands; cmd; cmd = cmd->next) {
1178                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1179                        error("BUG: connectivity check has not been run on ref %s",
1180                              cmd->ref_name);
1181                        checked_connectivity = 0;
1182                }
1183        }
1184        if (!checked_connectivity)
1185                die("BUG: connectivity check skipped???");
1186}
1187
1188static void execute_commands_non_atomic(struct command *commands,
1189                                        struct shallow_info *si)
1190{
1191        struct command *cmd;
1192        struct strbuf err = STRBUF_INIT;
1193
1194        for (cmd = commands; cmd; cmd = cmd->next) {
1195                if (!should_process_cmd(cmd))
1196                        continue;
1197
1198                transaction = ref_transaction_begin(&err);
1199                if (!transaction) {
1200                        rp_error("%s", err.buf);
1201                        strbuf_reset(&err);
1202                        cmd->error_string = "transaction failed to start";
1203                        continue;
1204                }
1205
1206                cmd->error_string = update(cmd, si);
1207
1208                if (!cmd->error_string
1209                    && ref_transaction_commit(transaction, &err)) {
1210                        rp_error("%s", err.buf);
1211                        strbuf_reset(&err);
1212                        cmd->error_string = "failed to update ref";
1213                }
1214                ref_transaction_free(transaction);
1215        }
1216        strbuf_release(&err);
1217}
1218
1219static void execute_commands_atomic(struct command *commands,
1220                                        struct shallow_info *si)
1221{
1222        struct command *cmd;
1223        struct strbuf err = STRBUF_INIT;
1224        const char *reported_error = "atomic push failure";
1225
1226        transaction = ref_transaction_begin(&err);
1227        if (!transaction) {
1228                rp_error("%s", err.buf);
1229                strbuf_reset(&err);
1230                reported_error = "transaction failed to start";
1231                goto failure;
1232        }
1233
1234        for (cmd = commands; cmd; cmd = cmd->next) {
1235                if (!should_process_cmd(cmd))
1236                        continue;
1237
1238                cmd->error_string = update(cmd, si);
1239
1240                if (cmd->error_string)
1241                        goto failure;
1242        }
1243
1244        if (ref_transaction_commit(transaction, &err)) {
1245                rp_error("%s", err.buf);
1246                reported_error = "atomic transaction failed";
1247                goto failure;
1248        }
1249        goto cleanup;
1250
1251failure:
1252        for (cmd = commands; cmd; cmd = cmd->next)
1253                if (!cmd->error_string)
1254                        cmd->error_string = reported_error;
1255
1256cleanup:
1257        ref_transaction_free(transaction);
1258        strbuf_release(&err);
1259}
1260
1261static void execute_commands(struct command *commands,
1262                             const char *unpacker_error,
1263                             struct shallow_info *si)
1264{
1265        struct command *cmd;
1266        unsigned char sha1[20];
1267        struct iterate_data data;
1268
1269        if (unpacker_error) {
1270                for (cmd = commands; cmd; cmd = cmd->next)
1271                        cmd->error_string = "unpacker error";
1272                return;
1273        }
1274
1275        data.cmds = commands;
1276        data.si = si;
1277        if (check_everything_connected(iterate_receive_command_list, 0, &data))
1278                set_connectivity_errors(commands, si);
1279
1280        reject_updates_to_hidden(commands);
1281
1282        if (run_receive_hook(commands, "pre-receive", 0)) {
1283                for (cmd = commands; cmd; cmd = cmd->next) {
1284                        if (!cmd->error_string)
1285                                cmd->error_string = "pre-receive hook declined";
1286                }
1287                return;
1288        }
1289
1290        check_aliased_updates(commands);
1291
1292        free(head_name_to_free);
1293        head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1294
1295        if (use_atomic)
1296                execute_commands_atomic(commands, si);
1297        else
1298                execute_commands_non_atomic(commands, si);
1299
1300        if (shallow_update)
1301                warn_if_skipped_connectivity_check(commands, si);
1302}
1303
1304static struct command **queue_command(struct command **tail,
1305                                      const char *line,
1306                                      int linelen)
1307{
1308        unsigned char old_sha1[20], new_sha1[20];
1309        struct command *cmd;
1310        const char *refname;
1311        int reflen;
1312
1313        if (linelen < 83 ||
1314            line[40] != ' ' ||
1315            line[81] != ' ' ||
1316            get_sha1_hex(line, old_sha1) ||
1317            get_sha1_hex(line + 41, new_sha1))
1318                die("protocol error: expected old/new/ref, got '%s'", line);
1319
1320        refname = line + 82;
1321        reflen = linelen - 82;
1322        cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1323        hashcpy(cmd->old_sha1, old_sha1);
1324        hashcpy(cmd->new_sha1, new_sha1);
1325        memcpy(cmd->ref_name, refname, reflen);
1326        cmd->ref_name[reflen] = '\0';
1327        *tail = cmd;
1328        return &cmd->next;
1329}
1330
1331static void queue_commands_from_cert(struct command **tail,
1332                                     struct strbuf *push_cert)
1333{
1334        const char *boc, *eoc;
1335
1336        if (*tail)
1337                die("protocol error: got both push certificate and unsigned commands");
1338
1339        boc = strstr(push_cert->buf, "\n\n");
1340        if (!boc)
1341                die("malformed push certificate %.*s", 100, push_cert->buf);
1342        else
1343                boc += 2;
1344        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1345
1346        while (boc < eoc) {
1347                const char *eol = memchr(boc, '\n', eoc - boc);
1348                tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1349                boc = eol ? eol + 1 : eoc;
1350        }
1351}
1352
1353static struct command *read_head_info(struct sha1_array *shallow)
1354{
1355        struct command *commands = NULL;
1356        struct command **p = &commands;
1357        for (;;) {
1358                char *line;
1359                int len, linelen;
1360
1361                line = packet_read_line(0, &len);
1362                if (!line)
1363                        break;
1364
1365                if (len == 48 && starts_with(line, "shallow ")) {
1366                        unsigned char sha1[20];
1367                        if (get_sha1_hex(line + 8, sha1))
1368                                die("protocol error: expected shallow sha, got '%s'",
1369                                    line + 8);
1370                        sha1_array_append(shallow, sha1);
1371                        continue;
1372                }
1373
1374                linelen = strlen(line);
1375                if (linelen < len) {
1376                        const char *feature_list = line + linelen + 1;
1377                        if (parse_feature_request(feature_list, "report-status"))
1378                                report_status = 1;
1379                        if (parse_feature_request(feature_list, "side-band-64k"))
1380                                use_sideband = LARGE_PACKET_MAX;
1381                        if (parse_feature_request(feature_list, "quiet"))
1382                                quiet = 1;
1383                        if (advertise_atomic_push
1384                            && parse_feature_request(feature_list, "atomic"))
1385                                use_atomic = 1;
1386                }
1387
1388                if (!strcmp(line, "push-cert")) {
1389                        int true_flush = 0;
1390                        char certbuf[1024];
1391
1392                        for (;;) {
1393                                len = packet_read(0, NULL, NULL,
1394                                                  certbuf, sizeof(certbuf), 0);
1395                                if (!len) {
1396                                        true_flush = 1;
1397                                        break;
1398                                }
1399                                if (!strcmp(certbuf, "push-cert-end\n"))
1400                                        break; /* end of cert */
1401                                strbuf_addstr(&push_cert, certbuf);
1402                        }
1403
1404                        if (true_flush)
1405                                break;
1406                        continue;
1407                }
1408
1409                p = queue_command(p, line, linelen);
1410        }
1411
1412        if (push_cert.len)
1413                queue_commands_from_cert(p, &push_cert);
1414
1415        return commands;
1416}
1417
1418static const char *parse_pack_header(struct pack_header *hdr)
1419{
1420        switch (read_pack_header(0, hdr)) {
1421        case PH_ERROR_EOF:
1422                return "eof before pack header was fully read";
1423
1424        case PH_ERROR_PACK_SIGNATURE:
1425                return "protocol error (pack signature mismatch detected)";
1426
1427        case PH_ERROR_PROTOCOL:
1428                return "protocol error (pack version unsupported)";
1429
1430        default:
1431                return "unknown error in parse_pack_header";
1432
1433        case 0:
1434                return NULL;
1435        }
1436}
1437
1438static const char *pack_lockfile;
1439
1440static const char *unpack(int err_fd, struct shallow_info *si)
1441{
1442        struct pack_header hdr;
1443        const char *hdr_err;
1444        int status;
1445        char hdr_arg[38];
1446        struct child_process child = CHILD_PROCESS_INIT;
1447        int fsck_objects = (receive_fsck_objects >= 0
1448                            ? receive_fsck_objects
1449                            : transfer_fsck_objects >= 0
1450                            ? transfer_fsck_objects
1451                            : 0);
1452
1453        hdr_err = parse_pack_header(&hdr);
1454        if (hdr_err) {
1455                if (err_fd > 0)
1456                        close(err_fd);
1457                return hdr_err;
1458        }
1459        snprintf(hdr_arg, sizeof(hdr_arg),
1460                        "--pack_header=%"PRIu32",%"PRIu32,
1461                        ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1462
1463        if (si->nr_ours || si->nr_theirs) {
1464                alt_shallow_file = setup_temporary_shallow(si->shallow);
1465                argv_array_push(&child.args, "--shallow-file");
1466                argv_array_push(&child.args, alt_shallow_file);
1467        }
1468
1469        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1470                argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1471                if (quiet)
1472                        argv_array_push(&child.args, "-q");
1473                if (fsck_objects)
1474                        argv_array_push(&child.args, "--strict");
1475                child.no_stdout = 1;
1476                child.err = err_fd;
1477                child.git_cmd = 1;
1478                status = run_command(&child);
1479                if (status)
1480                        return "unpack-objects abnormal exit";
1481        } else {
1482                int s;
1483                char keep_arg[256];
1484
1485                s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1486                if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1487                        strcpy(keep_arg + s, "localhost");
1488
1489                argv_array_pushl(&child.args, "index-pack",
1490                                 "--stdin", hdr_arg, keep_arg, NULL);
1491                if (fsck_objects)
1492                        argv_array_push(&child.args, "--strict");
1493                if (fix_thin)
1494                        argv_array_push(&child.args, "--fix-thin");
1495                child.out = -1;
1496                child.err = err_fd;
1497                child.git_cmd = 1;
1498                status = start_command(&child);
1499                if (status)
1500                        return "index-pack fork failed";
1501                pack_lockfile = index_pack_lockfile(child.out);
1502                close(child.out);
1503                status = finish_command(&child);
1504                if (status)
1505                        return "index-pack abnormal exit";
1506                reprepare_packed_git();
1507        }
1508        return NULL;
1509}
1510
1511static const char *unpack_with_sideband(struct shallow_info *si)
1512{
1513        struct async muxer;
1514        const char *ret;
1515
1516        if (!use_sideband)
1517                return unpack(0, si);
1518
1519        memset(&muxer, 0, sizeof(muxer));
1520        muxer.proc = copy_to_sideband;
1521        muxer.in = -1;
1522        if (start_async(&muxer))
1523                return NULL;
1524
1525        ret = unpack(muxer.in, si);
1526
1527        finish_async(&muxer);
1528        return ret;
1529}
1530
1531static void prepare_shallow_update(struct command *commands,
1532                                   struct shallow_info *si)
1533{
1534        int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1535
1536        si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1537                                   si->shallow->nr);
1538        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1539
1540        si->need_reachability_test =
1541                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1542        si->reachable =
1543                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1544        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1545
1546        for (i = 0; i < si->nr_ours; i++)
1547                si->need_reachability_test[si->ours[i]] = 1;
1548
1549        for (i = 0; i < si->shallow->nr; i++) {
1550                if (!si->used_shallow[i])
1551                        continue;
1552                for (j = 0; j < bitmap_size; j++) {
1553                        if (!si->used_shallow[i][j])
1554                                continue;
1555                        si->need_reachability_test[i]++;
1556                        for (k = 0; k < 32; k++)
1557                                if (si->used_shallow[i][j] & (1 << k))
1558                                        si->shallow_ref[j * 32 + k]++;
1559                }
1560
1561                /*
1562                 * true for those associated with some refs and belong
1563                 * in "ours" list aka "step 7 not done yet"
1564                 */
1565                si->need_reachability_test[i] =
1566                        si->need_reachability_test[i] > 1;
1567        }
1568
1569        /*
1570         * keep hooks happy by forcing a temporary shallow file via
1571         * env variable because we can't add --shallow-file to every
1572         * command. check_everything_connected() will be done with
1573         * true .git/shallow though.
1574         */
1575        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1576}
1577
1578static void update_shallow_info(struct command *commands,
1579                                struct shallow_info *si,
1580                                struct sha1_array *ref)
1581{
1582        struct command *cmd;
1583        int *ref_status;
1584        remove_nonexistent_theirs_shallow(si);
1585        if (!si->nr_ours && !si->nr_theirs) {
1586                shallow_update = 0;
1587                return;
1588        }
1589
1590        for (cmd = commands; cmd; cmd = cmd->next) {
1591                if (is_null_sha1(cmd->new_sha1))
1592                        continue;
1593                sha1_array_append(ref, cmd->new_sha1);
1594                cmd->index = ref->nr - 1;
1595        }
1596        si->ref = ref;
1597
1598        if (shallow_update) {
1599                prepare_shallow_update(commands, si);
1600                return;
1601        }
1602
1603        ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1604        assign_shallow_commits_to_refs(si, NULL, ref_status);
1605        for (cmd = commands; cmd; cmd = cmd->next) {
1606                if (is_null_sha1(cmd->new_sha1))
1607                        continue;
1608                if (ref_status[cmd->index]) {
1609                        cmd->error_string = "shallow update not allowed";
1610                        cmd->skip_update = 1;
1611                }
1612        }
1613        free(ref_status);
1614}
1615
1616static void report(struct command *commands, const char *unpack_status)
1617{
1618        struct command *cmd;
1619        struct strbuf buf = STRBUF_INIT;
1620
1621        packet_buf_write(&buf, "unpack %s\n",
1622                         unpack_status ? unpack_status : "ok");
1623        for (cmd = commands; cmd; cmd = cmd->next) {
1624                if (!cmd->error_string)
1625                        packet_buf_write(&buf, "ok %s\n",
1626                                         cmd->ref_name);
1627                else
1628                        packet_buf_write(&buf, "ng %s %s\n",
1629                                         cmd->ref_name, cmd->error_string);
1630        }
1631        packet_buf_flush(&buf);
1632
1633        if (use_sideband)
1634                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1635        else
1636                write_or_die(1, buf.buf, buf.len);
1637        strbuf_release(&buf);
1638}
1639
1640static int delete_only(struct command *commands)
1641{
1642        struct command *cmd;
1643        for (cmd = commands; cmd; cmd = cmd->next) {
1644                if (!is_null_sha1(cmd->new_sha1))
1645                        return 0;
1646        }
1647        return 1;
1648}
1649
1650int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1651{
1652        int advertise_refs = 0;
1653        int i;
1654        struct command *commands;
1655        struct sha1_array shallow = SHA1_ARRAY_INIT;
1656        struct sha1_array ref = SHA1_ARRAY_INIT;
1657        struct shallow_info si;
1658
1659        packet_trace_identity("receive-pack");
1660
1661        argv++;
1662        for (i = 1; i < argc; i++) {
1663                const char *arg = *argv++;
1664
1665                if (*arg == '-') {
1666                        if (!strcmp(arg, "--quiet")) {
1667                                quiet = 1;
1668                                continue;
1669                        }
1670
1671                        if (!strcmp(arg, "--advertise-refs")) {
1672                                advertise_refs = 1;
1673                                continue;
1674                        }
1675                        if (!strcmp(arg, "--stateless-rpc")) {
1676                                stateless_rpc = 1;
1677                                continue;
1678                        }
1679                        if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1680                                fix_thin = 0;
1681                                continue;
1682                        }
1683
1684                        usage(receive_pack_usage);
1685                }
1686                if (service_dir)
1687                        usage(receive_pack_usage);
1688                service_dir = arg;
1689        }
1690        if (!service_dir)
1691                usage(receive_pack_usage);
1692
1693        setup_path();
1694
1695        if (!enter_repo(service_dir, 0))
1696                die("'%s' does not appear to be a git repository", service_dir);
1697
1698        git_config(receive_pack_config, NULL);
1699        if (cert_nonce_seed)
1700                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1701
1702        if (0 <= transfer_unpack_limit)
1703                unpack_limit = transfer_unpack_limit;
1704        else if (0 <= receive_unpack_limit)
1705                unpack_limit = receive_unpack_limit;
1706
1707        if (advertise_refs || !stateless_rpc) {
1708                write_head_info();
1709        }
1710        if (advertise_refs)
1711                return 0;
1712
1713        if ((commands = read_head_info(&shallow)) != NULL) {
1714                const char *unpack_status = NULL;
1715
1716                prepare_shallow_info(&si, &shallow);
1717                if (!si.nr_ours && !si.nr_theirs)
1718                        shallow_update = 0;
1719                if (!delete_only(commands)) {
1720                        unpack_status = unpack_with_sideband(&si);
1721                        update_shallow_info(commands, &si, &ref);
1722                }
1723                execute_commands(commands, unpack_status, &si);
1724                if (pack_lockfile)
1725                        unlink_or_warn(pack_lockfile);
1726                if (report_status)
1727                        report(commands, unpack_status);
1728                run_receive_hook(commands, "post-receive", 1);
1729                run_update_post_hook(commands);
1730                if (auto_gc) {
1731                        const char *argv_gc_auto[] = {
1732                                "gc", "--auto", "--quiet", NULL,
1733                        };
1734                        int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1735                        run_command_v_opt(argv_gc_auto, opt);
1736                }
1737                if (auto_update_server_info)
1738                        update_server_info(0);
1739                clear_shallow_info(&si);
1740        }
1741        if (use_sideband)
1742                packet_flush(1);
1743        sha1_array_clear(&shallow);
1744        sha1_array_clear(&ref);
1745        free((void *)push_cert_nonce);
1746        return 0;
1747}