1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22
23static const char receive_pack_usage[] = "git receive-pack <git-dir>";
24
25enum deny_action {
26 DENY_UNCONFIGURED,
27 DENY_IGNORE,
28 DENY_WARN,
29 DENY_REFUSE,
30 DENY_UPDATE_INSTEAD
31};
32
33static int deny_deletes;
34static int deny_non_fast_forwards;
35static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37static int receive_fsck_objects = -1;
38static int transfer_fsck_objects = -1;
39static int receive_unpack_limit = -1;
40static int transfer_unpack_limit = -1;
41static int advertise_atomic_push = 1;
42static int unpack_limit = 100;
43static int report_status;
44static int use_sideband;
45static int use_atomic;
46static int quiet;
47static int prefer_ofs_delta = 1;
48static int auto_update_server_info;
49static int auto_gc = 1;
50static int fix_thin = 1;
51static int stateless_rpc;
52static const char *service_dir;
53static const char *head_name;
54static void *head_name_to_free;
55static int sent_capabilities;
56static int shallow_update;
57static const char *alt_shallow_file;
58static struct strbuf push_cert = STRBUF_INIT;
59static unsigned char push_cert_sha1[20];
60static struct signature_check sigcheck;
61static const char *push_cert_nonce;
62static const char *cert_nonce_seed;
63
64static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65static const char *NONCE_BAD = "BAD";
66static const char *NONCE_MISSING = "MISSING";
67static const char *NONCE_OK = "OK";
68static const char *NONCE_SLOP = "SLOP";
69static const char *nonce_status;
70static long nonce_stamp_slop;
71static unsigned long nonce_stamp_slop_limit;
72static struct ref_transaction *transaction;
73
74static enum deny_action parse_deny_action(const char *var, const char *value)
75{
76 if (value) {
77 if (!strcasecmp(value, "ignore"))
78 return DENY_IGNORE;
79 if (!strcasecmp(value, "warn"))
80 return DENY_WARN;
81 if (!strcasecmp(value, "refuse"))
82 return DENY_REFUSE;
83 if (!strcasecmp(value, "updateinstead"))
84 return DENY_UPDATE_INSTEAD;
85 }
86 if (git_config_bool(var, value))
87 return DENY_REFUSE;
88 return DENY_IGNORE;
89}
90
91static int receive_pack_config(const char *var, const char *value, void *cb)
92{
93 int status = parse_hide_refs_config(var, value, "receive");
94
95 if (status)
96 return status;
97
98 if (strcmp(var, "receive.denydeletes") == 0) {
99 deny_deletes = git_config_bool(var, value);
100 return 0;
101 }
102
103 if (strcmp(var, "receive.denynonfastforwards") == 0) {
104 deny_non_fast_forwards = git_config_bool(var, value);
105 return 0;
106 }
107
108 if (strcmp(var, "receive.unpacklimit") == 0) {
109 receive_unpack_limit = git_config_int(var, value);
110 return 0;
111 }
112
113 if (strcmp(var, "transfer.unpacklimit") == 0) {
114 transfer_unpack_limit = git_config_int(var, value);
115 return 0;
116 }
117
118 if (strcmp(var, "receive.fsckobjects") == 0) {
119 receive_fsck_objects = git_config_bool(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "transfer.fsckobjects") == 0) {
124 transfer_fsck_objects = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (!strcmp(var, "receive.denycurrentbranch")) {
129 deny_current_branch = parse_deny_action(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.denydeletecurrent") == 0) {
134 deny_delete_current = parse_deny_action(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139 prefer_ofs_delta = git_config_bool(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.updateserverinfo") == 0) {
144 auto_update_server_info = git_config_bool(var, value);
145 return 0;
146 }
147
148 if (strcmp(var, "receive.autogc") == 0) {
149 auto_gc = git_config_bool(var, value);
150 return 0;
151 }
152
153 if (strcmp(var, "receive.shallowupdate") == 0) {
154 shallow_update = git_config_bool(var, value);
155 return 0;
156 }
157
158 if (strcmp(var, "receive.certnonceseed") == 0)
159 return git_config_string(&cert_nonce_seed, var, value);
160
161 if (strcmp(var, "receive.certnonceslop") == 0) {
162 nonce_stamp_slop_limit = git_config_ulong(var, value);
163 return 0;
164 }
165
166 if (strcmp(var, "receive.advertiseatomic") == 0) {
167 advertise_atomic_push = git_config_bool(var, value);
168 return 0;
169 }
170
171 return git_default_config(var, value, cb);
172}
173
174static void show_ref(const char *path, const unsigned char *sha1)
175{
176 if (ref_is_hidden(path))
177 return;
178
179 if (sent_capabilities) {
180 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
181 } else {
182 struct strbuf cap = STRBUF_INIT;
183
184 strbuf_addstr(&cap,
185 "report-status delete-refs side-band-64k quiet");
186 if (advertise_atomic_push)
187 strbuf_addstr(&cap, " atomic");
188 if (prefer_ofs_delta)
189 strbuf_addstr(&cap, " ofs-delta");
190 if (push_cert_nonce)
191 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193 packet_write(1, "%s %s%c%s\n",
194 sha1_to_hex(sha1), path, 0, cap.buf);
195 strbuf_release(&cap);
196 sent_capabilities = 1;
197 }
198}
199
200static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
201{
202 path = strip_namespace(path);
203 /*
204 * Advertise refs outside our current namespace as ".have"
205 * refs, so that the client can use them to minimize data
206 * transfer but will otherwise ignore them. This happens to
207 * cover ".have" that are thrown in by add_one_alternate_ref()
208 * to mark histories that are complete in our alternates as
209 * well.
210 */
211 if (!path)
212 path = ".have";
213 show_ref(path, sha1);
214 return 0;
215}
216
217static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
218{
219 show_ref(".have", sha1);
220}
221
222static void collect_one_alternate_ref(const struct ref *ref, void *data)
223{
224 struct sha1_array *sa = data;
225 sha1_array_append(sa, ref->old_sha1);
226}
227
228static void write_head_info(void)
229{
230 struct sha1_array sa = SHA1_ARRAY_INIT;
231 for_each_alternate_ref(collect_one_alternate_ref, &sa);
232 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
233 sha1_array_clear(&sa);
234 for_each_ref(show_ref_cb, NULL);
235 if (!sent_capabilities)
236 show_ref("capabilities^{}", null_sha1);
237
238 advertise_shallow_grafts(1);
239
240 /* EOF */
241 packet_flush(1);
242}
243
244struct command {
245 struct command *next;
246 const char *error_string;
247 unsigned int skip_update:1,
248 did_not_exist:1;
249 int index;
250 unsigned char old_sha1[20];
251 unsigned char new_sha1[20];
252 char ref_name[FLEX_ARRAY]; /* more */
253};
254
255static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
256static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
257
258static void report_message(const char *prefix, const char *err, va_list params)
259{
260 int sz = strlen(prefix);
261 char msg[4096];
262
263 strncpy(msg, prefix, sz);
264 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
265 if (sz > (sizeof(msg) - 1))
266 sz = sizeof(msg) - 1;
267 msg[sz++] = '\n';
268
269 if (use_sideband)
270 send_sideband(1, 2, msg, sz, use_sideband);
271 else
272 xwrite(2, msg, sz);
273}
274
275static void rp_warning(const char *err, ...)
276{
277 va_list params;
278 va_start(params, err);
279 report_message("warning: ", err, params);
280 va_end(params);
281}
282
283static void rp_error(const char *err, ...)
284{
285 va_list params;
286 va_start(params, err);
287 report_message("error: ", err, params);
288 va_end(params);
289}
290
291static int copy_to_sideband(int in, int out, void *arg)
292{
293 char data[128];
294 while (1) {
295 ssize_t sz = xread(in, data, sizeof(data));
296 if (sz <= 0)
297 break;
298 send_sideband(1, 2, data, sz, use_sideband);
299 }
300 close(in);
301 return 0;
302}
303
304#define HMAC_BLOCK_SIZE 64
305
306static void hmac_sha1(unsigned char *out,
307 const char *key_in, size_t key_len,
308 const char *text, size_t text_len)
309{
310 unsigned char key[HMAC_BLOCK_SIZE];
311 unsigned char k_ipad[HMAC_BLOCK_SIZE];
312 unsigned char k_opad[HMAC_BLOCK_SIZE];
313 int i;
314 git_SHA_CTX ctx;
315
316 /* RFC 2104 2. (1) */
317 memset(key, '\0', HMAC_BLOCK_SIZE);
318 if (HMAC_BLOCK_SIZE < key_len) {
319 git_SHA1_Init(&ctx);
320 git_SHA1_Update(&ctx, key_in, key_len);
321 git_SHA1_Final(key, &ctx);
322 } else {
323 memcpy(key, key_in, key_len);
324 }
325
326 /* RFC 2104 2. (2) & (5) */
327 for (i = 0; i < sizeof(key); i++) {
328 k_ipad[i] = key[i] ^ 0x36;
329 k_opad[i] = key[i] ^ 0x5c;
330 }
331
332 /* RFC 2104 2. (3) & (4) */
333 git_SHA1_Init(&ctx);
334 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
335 git_SHA1_Update(&ctx, text, text_len);
336 git_SHA1_Final(out, &ctx);
337
338 /* RFC 2104 2. (6) & (7) */
339 git_SHA1_Init(&ctx);
340 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
341 git_SHA1_Update(&ctx, out, 20);
342 git_SHA1_Final(out, &ctx);
343}
344
345static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
346{
347 struct strbuf buf = STRBUF_INIT;
348 unsigned char sha1[20];
349
350 strbuf_addf(&buf, "%s:%lu", path, stamp);
351 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
352 strbuf_release(&buf);
353
354 /* RFC 2104 5. HMAC-SHA1-80 */
355 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
356 return strbuf_detach(&buf, NULL);
357}
358
359/*
360 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
361 * after dropping "_commit" from its name and possibly moving it out
362 * of commit.c
363 */
364static char *find_header(const char *msg, size_t len, const char *key)
365{
366 int key_len = strlen(key);
367 const char *line = msg;
368
369 while (line && line < msg + len) {
370 const char *eol = strchrnul(line, '\n');
371
372 if ((msg + len <= eol) || line == eol)
373 return NULL;
374 if (line + key_len < eol &&
375 !memcmp(line, key, key_len) && line[key_len] == ' ') {
376 int offset = key_len + 1;
377 return xmemdupz(line + offset, (eol - line) - offset);
378 }
379 line = *eol ? eol + 1 : NULL;
380 }
381 return NULL;
382}
383
384static const char *check_nonce(const char *buf, size_t len)
385{
386 char *nonce = find_header(buf, len, "nonce");
387 unsigned long stamp, ostamp;
388 char *bohmac, *expect = NULL;
389 const char *retval = NONCE_BAD;
390
391 if (!nonce) {
392 retval = NONCE_MISSING;
393 goto leave;
394 } else if (!push_cert_nonce) {
395 retval = NONCE_UNSOLICITED;
396 goto leave;
397 } else if (!strcmp(push_cert_nonce, nonce)) {
398 retval = NONCE_OK;
399 goto leave;
400 }
401
402 if (!stateless_rpc) {
403 /* returned nonce MUST match what we gave out earlier */
404 retval = NONCE_BAD;
405 goto leave;
406 }
407
408 /*
409 * In stateless mode, we may be receiving a nonce issued by
410 * another instance of the server that serving the same
411 * repository, and the timestamps may not match, but the
412 * nonce-seed and dir should match, so we can recompute and
413 * report the time slop.
414 *
415 * In addition, when a nonce issued by another instance has
416 * timestamp within receive.certnonceslop seconds, we pretend
417 * as if we issued that nonce when reporting to the hook.
418 */
419
420 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
421 if (*nonce <= '0' || '9' < *nonce) {
422 retval = NONCE_BAD;
423 goto leave;
424 }
425 stamp = strtoul(nonce, &bohmac, 10);
426 if (bohmac == nonce || bohmac[0] != '-') {
427 retval = NONCE_BAD;
428 goto leave;
429 }
430
431 expect = prepare_push_cert_nonce(service_dir, stamp);
432 if (strcmp(expect, nonce)) {
433 /* Not what we would have signed earlier */
434 retval = NONCE_BAD;
435 goto leave;
436 }
437
438 /*
439 * By how many seconds is this nonce stale? Negative value
440 * would mean it was issued by another server with its clock
441 * skewed in the future.
442 */
443 ostamp = strtoul(push_cert_nonce, NULL, 10);
444 nonce_stamp_slop = (long)ostamp - (long)stamp;
445
446 if (nonce_stamp_slop_limit &&
447 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
448 /*
449 * Pretend as if the received nonce (which passes the
450 * HMAC check, so it is not a forged by third-party)
451 * is what we issued.
452 */
453 free((void *)push_cert_nonce);
454 push_cert_nonce = xstrdup(nonce);
455 retval = NONCE_OK;
456 } else {
457 retval = NONCE_SLOP;
458 }
459
460leave:
461 free(nonce);
462 free(expect);
463 return retval;
464}
465
466static void prepare_push_cert_sha1(struct child_process *proc)
467{
468 static int already_done;
469
470 if (!push_cert.len)
471 return;
472
473 if (!already_done) {
474 struct strbuf gpg_output = STRBUF_INIT;
475 struct strbuf gpg_status = STRBUF_INIT;
476 int bogs /* beginning_of_gpg_sig */;
477
478 already_done = 1;
479 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
480 hashclr(push_cert_sha1);
481
482 memset(&sigcheck, '\0', sizeof(sigcheck));
483 sigcheck.result = 'N';
484
485 bogs = parse_signature(push_cert.buf, push_cert.len);
486 if (verify_signed_buffer(push_cert.buf, bogs,
487 push_cert.buf + bogs, push_cert.len - bogs,
488 &gpg_output, &gpg_status) < 0) {
489 ; /* error running gpg */
490 } else {
491 sigcheck.payload = push_cert.buf;
492 sigcheck.gpg_output = gpg_output.buf;
493 sigcheck.gpg_status = gpg_status.buf;
494 parse_gpg_output(&sigcheck);
495 }
496
497 strbuf_release(&gpg_output);
498 strbuf_release(&gpg_status);
499 nonce_status = check_nonce(push_cert.buf, bogs);
500 }
501 if (!is_null_sha1(push_cert_sha1)) {
502 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
503 sha1_to_hex(push_cert_sha1));
504 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
505 sigcheck.signer ? sigcheck.signer : "");
506 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
507 sigcheck.key ? sigcheck.key : "");
508 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
509 sigcheck.result);
510 if (push_cert_nonce) {
511 argv_array_pushf(&proc->env_array,
512 "GIT_PUSH_CERT_NONCE=%s",
513 push_cert_nonce);
514 argv_array_pushf(&proc->env_array,
515 "GIT_PUSH_CERT_NONCE_STATUS=%s",
516 nonce_status);
517 if (nonce_status == NONCE_SLOP)
518 argv_array_pushf(&proc->env_array,
519 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
520 nonce_stamp_slop);
521 }
522 }
523}
524
525typedef int (*feed_fn)(void *, const char **, size_t *);
526static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
527{
528 struct child_process proc = CHILD_PROCESS_INIT;
529 struct async muxer;
530 const char *argv[2];
531 int code;
532
533 argv[0] = find_hook(hook_name);
534 if (!argv[0])
535 return 0;
536
537 argv[1] = NULL;
538
539 proc.argv = argv;
540 proc.in = -1;
541 proc.stdout_to_stderr = 1;
542
543 if (use_sideband) {
544 memset(&muxer, 0, sizeof(muxer));
545 muxer.proc = copy_to_sideband;
546 muxer.in = -1;
547 code = start_async(&muxer);
548 if (code)
549 return code;
550 proc.err = muxer.in;
551 }
552
553 prepare_push_cert_sha1(&proc);
554
555 code = start_command(&proc);
556 if (code) {
557 if (use_sideband)
558 finish_async(&muxer);
559 return code;
560 }
561
562 sigchain_push(SIGPIPE, SIG_IGN);
563
564 while (1) {
565 const char *buf;
566 size_t n;
567 if (feed(feed_state, &buf, &n))
568 break;
569 if (write_in_full(proc.in, buf, n) != n)
570 break;
571 }
572 close(proc.in);
573 if (use_sideband)
574 finish_async(&muxer);
575
576 sigchain_pop(SIGPIPE);
577
578 return finish_command(&proc);
579}
580
581struct receive_hook_feed_state {
582 struct command *cmd;
583 int skip_broken;
584 struct strbuf buf;
585};
586
587static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
588{
589 struct receive_hook_feed_state *state = state_;
590 struct command *cmd = state->cmd;
591
592 while (cmd &&
593 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
594 cmd = cmd->next;
595 if (!cmd)
596 return -1; /* EOF */
597 strbuf_reset(&state->buf);
598 strbuf_addf(&state->buf, "%s %s %s\n",
599 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
600 cmd->ref_name);
601 state->cmd = cmd->next;
602 if (bufp) {
603 *bufp = state->buf.buf;
604 *sizep = state->buf.len;
605 }
606 return 0;
607}
608
609static int run_receive_hook(struct command *commands, const char *hook_name,
610 int skip_broken)
611{
612 struct receive_hook_feed_state state;
613 int status;
614
615 strbuf_init(&state.buf, 0);
616 state.cmd = commands;
617 state.skip_broken = skip_broken;
618 if (feed_receive_hook(&state, NULL, NULL))
619 return 0;
620 state.cmd = commands;
621 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
622 strbuf_release(&state.buf);
623 return status;
624}
625
626static int run_update_hook(struct command *cmd)
627{
628 const char *argv[5];
629 struct child_process proc = CHILD_PROCESS_INIT;
630 int code;
631
632 argv[0] = find_hook("update");
633 if (!argv[0])
634 return 0;
635
636 argv[1] = cmd->ref_name;
637 argv[2] = sha1_to_hex(cmd->old_sha1);
638 argv[3] = sha1_to_hex(cmd->new_sha1);
639 argv[4] = NULL;
640
641 proc.no_stdin = 1;
642 proc.stdout_to_stderr = 1;
643 proc.err = use_sideband ? -1 : 0;
644 proc.argv = argv;
645
646 code = start_command(&proc);
647 if (code)
648 return code;
649 if (use_sideband)
650 copy_to_sideband(proc.err, -1, NULL);
651 return finish_command(&proc);
652}
653
654static int is_ref_checked_out(const char *ref)
655{
656 if (is_bare_repository())
657 return 0;
658
659 if (!head_name)
660 return 0;
661 return !strcmp(head_name, ref);
662}
663
664static char *refuse_unconfigured_deny_msg[] = {
665 "By default, updating the current branch in a non-bare repository",
666 "is denied, because it will make the index and work tree inconsistent",
667 "with what you pushed, and will require 'git reset --hard' to match",
668 "the work tree to HEAD.",
669 "",
670 "You can set 'receive.denyCurrentBranch' configuration variable to",
671 "'ignore' or 'warn' in the remote repository to allow pushing into",
672 "its current branch; however, this is not recommended unless you",
673 "arranged to update its work tree to match what you pushed in some",
674 "other way.",
675 "",
676 "To squelch this message and still keep the default behaviour, set",
677 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
678};
679
680static void refuse_unconfigured_deny(void)
681{
682 int i;
683 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
684 rp_error("%s", refuse_unconfigured_deny_msg[i]);
685}
686
687static char *refuse_unconfigured_deny_delete_current_msg[] = {
688 "By default, deleting the current branch is denied, because the next",
689 "'git clone' won't result in any file checked out, causing confusion.",
690 "",
691 "You can set 'receive.denyDeleteCurrent' configuration variable to",
692 "'warn' or 'ignore' in the remote repository to allow deleting the",
693 "current branch, with or without a warning message.",
694 "",
695 "To squelch this message, you can set it to 'refuse'."
696};
697
698static void refuse_unconfigured_deny_delete_current(void)
699{
700 int i;
701 for (i = 0;
702 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
703 i++)
704 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
705}
706
707static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
708static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
709{
710 static struct lock_file shallow_lock;
711 struct sha1_array extra = SHA1_ARRAY_INIT;
712 const char *alt_file;
713 uint32_t mask = 1 << (cmd->index % 32);
714 int i;
715
716 trace_printf_key(&trace_shallow,
717 "shallow: update_shallow_ref %s\n", cmd->ref_name);
718 for (i = 0; i < si->shallow->nr; i++)
719 if (si->used_shallow[i] &&
720 (si->used_shallow[i][cmd->index / 32] & mask) &&
721 !delayed_reachability_test(si, i))
722 sha1_array_append(&extra, si->shallow->sha1[i]);
723
724 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
725 if (check_shallow_connected(command_singleton_iterator,
726 0, cmd, alt_file)) {
727 rollback_lock_file(&shallow_lock);
728 sha1_array_clear(&extra);
729 return -1;
730 }
731
732 commit_lock_file(&shallow_lock);
733
734 /*
735 * Make sure setup_alternate_shallow() for the next ref does
736 * not lose these new roots..
737 */
738 for (i = 0; i < extra.nr; i++)
739 register_shallow(extra.sha1[i]);
740
741 si->shallow_ref[cmd->index] = 0;
742 sha1_array_clear(&extra);
743 return 0;
744}
745
746static const char *update_worktree(unsigned char *sha1)
747{
748 const char *update_refresh[] = {
749 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
750 };
751 const char *diff_files[] = {
752 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
753 };
754 const char *diff_index[] = {
755 "diff-index", "--quiet", "--cached", "--ignore-submodules",
756 "HEAD", "--", NULL
757 };
758 const char *read_tree[] = {
759 "read-tree", "-u", "-m", NULL, NULL
760 };
761 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
762 struct argv_array env = ARGV_ARRAY_INIT;
763 struct child_process child = CHILD_PROCESS_INIT;
764
765 if (is_bare_repository())
766 return "denyCurrentBranch = updateInstead needs a worktree";
767
768 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
769
770 child.argv = update_refresh;
771 child.env = env.argv;
772 child.dir = work_tree;
773 child.no_stdin = 1;
774 child.stdout_to_stderr = 1;
775 child.git_cmd = 1;
776 if (run_command(&child)) {
777 argv_array_clear(&env);
778 return "Up-to-date check failed";
779 }
780
781 /* run_command() does not clean up completely; reinitialize */
782 child_process_init(&child);
783 child.argv = diff_files;
784 child.env = env.argv;
785 child.dir = work_tree;
786 child.no_stdin = 1;
787 child.stdout_to_stderr = 1;
788 child.git_cmd = 1;
789 if (run_command(&child)) {
790 argv_array_clear(&env);
791 return "Working directory has unstaged changes";
792 }
793
794 child_process_init(&child);
795 child.argv = diff_index;
796 child.env = env.argv;
797 child.no_stdin = 1;
798 child.no_stdout = 1;
799 child.stdout_to_stderr = 0;
800 child.git_cmd = 1;
801 if (run_command(&child)) {
802 argv_array_clear(&env);
803 return "Working directory has staged changes";
804 }
805
806 read_tree[3] = sha1_to_hex(sha1);
807 child_process_init(&child);
808 child.argv = read_tree;
809 child.env = env.argv;
810 child.dir = work_tree;
811 child.no_stdin = 1;
812 child.no_stdout = 1;
813 child.stdout_to_stderr = 0;
814 child.git_cmd = 1;
815 if (run_command(&child)) {
816 argv_array_clear(&env);
817 return "Could not update working tree to new HEAD";
818 }
819
820 argv_array_clear(&env);
821 return NULL;
822}
823
824static const char *update(struct command *cmd, struct shallow_info *si)
825{
826 const char *name = cmd->ref_name;
827 struct strbuf namespaced_name_buf = STRBUF_INIT;
828 const char *namespaced_name, *ret;
829 unsigned char *old_sha1 = cmd->old_sha1;
830 unsigned char *new_sha1 = cmd->new_sha1;
831
832 /* only refs/... are allowed */
833 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
834 rp_error("refusing to create funny ref '%s' remotely", name);
835 return "funny refname";
836 }
837
838 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
839 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
840
841 if (is_ref_checked_out(namespaced_name)) {
842 switch (deny_current_branch) {
843 case DENY_IGNORE:
844 break;
845 case DENY_WARN:
846 rp_warning("updating the current branch");
847 break;
848 case DENY_REFUSE:
849 case DENY_UNCONFIGURED:
850 rp_error("refusing to update checked out branch: %s", name);
851 if (deny_current_branch == DENY_UNCONFIGURED)
852 refuse_unconfigured_deny();
853 return "branch is currently checked out";
854 case DENY_UPDATE_INSTEAD:
855 ret = update_worktree(new_sha1);
856 if (ret)
857 return ret;
858 break;
859 }
860 }
861
862 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
863 error("unpack should have generated %s, "
864 "but I can't find it!", sha1_to_hex(new_sha1));
865 return "bad pack";
866 }
867
868 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
869 if (deny_deletes && starts_with(name, "refs/heads/")) {
870 rp_error("denying ref deletion for %s", name);
871 return "deletion prohibited";
872 }
873
874 if (!strcmp(namespaced_name, head_name)) {
875 switch (deny_delete_current) {
876 case DENY_IGNORE:
877 break;
878 case DENY_WARN:
879 rp_warning("deleting the current branch");
880 break;
881 case DENY_REFUSE:
882 case DENY_UNCONFIGURED:
883 case DENY_UPDATE_INSTEAD:
884 if (deny_delete_current == DENY_UNCONFIGURED)
885 refuse_unconfigured_deny_delete_current();
886 rp_error("refusing to delete the current branch: %s", name);
887 return "deletion of the current branch prohibited";
888 default:
889 return "Invalid denyDeleteCurrent setting";
890 }
891 }
892 }
893
894 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
895 !is_null_sha1(old_sha1) &&
896 starts_with(name, "refs/heads/")) {
897 struct object *old_object, *new_object;
898 struct commit *old_commit, *new_commit;
899
900 old_object = parse_object(old_sha1);
901 new_object = parse_object(new_sha1);
902
903 if (!old_object || !new_object ||
904 old_object->type != OBJ_COMMIT ||
905 new_object->type != OBJ_COMMIT) {
906 error("bad sha1 objects for %s", name);
907 return "bad ref";
908 }
909 old_commit = (struct commit *)old_object;
910 new_commit = (struct commit *)new_object;
911 if (!in_merge_bases(old_commit, new_commit)) {
912 rp_error("denying non-fast-forward %s"
913 " (you should pull first)", name);
914 return "non-fast-forward";
915 }
916 }
917 if (run_update_hook(cmd)) {
918 rp_error("hook declined to update %s", name);
919 return "hook declined";
920 }
921
922 if (is_null_sha1(new_sha1)) {
923 struct strbuf err = STRBUF_INIT;
924 if (!parse_object(old_sha1)) {
925 old_sha1 = NULL;
926 if (ref_exists(name)) {
927 rp_warning("Allowing deletion of corrupt ref.");
928 } else {
929 rp_warning("Deleting a non-existent ref.");
930 cmd->did_not_exist = 1;
931 }
932 }
933 if (ref_transaction_delete(transaction,
934 namespaced_name,
935 old_sha1,
936 0, old_sha1 != NULL,
937 "push", &err)) {
938 rp_error("%s", err.buf);
939 strbuf_release(&err);
940 return "failed to delete";
941 }
942 strbuf_release(&err);
943 return NULL; /* good */
944 }
945 else {
946 struct strbuf err = STRBUF_INIT;
947 if (shallow_update && si->shallow_ref[cmd->index] &&
948 update_shallow_ref(cmd, si))
949 return "shallow error";
950
951 if (ref_transaction_update(transaction,
952 namespaced_name,
953 new_sha1, old_sha1,
954 0, 1, "push",
955 &err)) {
956 rp_error("%s", err.buf);
957 strbuf_release(&err);
958
959 return "failed to update ref";
960 }
961 strbuf_release(&err);
962
963 return NULL; /* good */
964 }
965}
966
967static void run_update_post_hook(struct command *commands)
968{
969 struct command *cmd;
970 int argc;
971 const char **argv;
972 struct child_process proc = CHILD_PROCESS_INIT;
973 char *hook;
974
975 hook = find_hook("post-update");
976 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
977 if (cmd->error_string || cmd->did_not_exist)
978 continue;
979 argc++;
980 }
981 if (!argc || !hook)
982 return;
983
984 argv = xmalloc(sizeof(*argv) * (2 + argc));
985 argv[0] = hook;
986
987 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
988 if (cmd->error_string || cmd->did_not_exist)
989 continue;
990 argv[argc] = xstrdup(cmd->ref_name);
991 argc++;
992 }
993 argv[argc] = NULL;
994
995 proc.no_stdin = 1;
996 proc.stdout_to_stderr = 1;
997 proc.err = use_sideband ? -1 : 0;
998 proc.argv = argv;
999
1000 if (!start_command(&proc)) {
1001 if (use_sideband)
1002 copy_to_sideband(proc.err, -1, NULL);
1003 finish_command(&proc);
1004 }
1005}
1006
1007static void check_aliased_update(struct command *cmd, struct string_list *list)
1008{
1009 struct strbuf buf = STRBUF_INIT;
1010 const char *dst_name;
1011 struct string_list_item *item;
1012 struct command *dst_cmd;
1013 unsigned char sha1[20];
1014 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1015 int flag;
1016
1017 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1018 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1019 strbuf_release(&buf);
1020
1021 if (!(flag & REF_ISSYMREF))
1022 return;
1023
1024 dst_name = strip_namespace(dst_name);
1025 if (!dst_name) {
1026 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1027 cmd->skip_update = 1;
1028 cmd->error_string = "broken symref";
1029 return;
1030 }
1031
1032 if ((item = string_list_lookup(list, dst_name)) == NULL)
1033 return;
1034
1035 cmd->skip_update = 1;
1036
1037 dst_cmd = (struct command *) item->util;
1038
1039 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1040 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1041 return;
1042
1043 dst_cmd->skip_update = 1;
1044
1045 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1046 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1047 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1048 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1049 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1050 " its target '%s' (%s..%s)",
1051 cmd->ref_name, cmd_oldh, cmd_newh,
1052 dst_cmd->ref_name, dst_oldh, dst_newh);
1053
1054 cmd->error_string = dst_cmd->error_string =
1055 "inconsistent aliased update";
1056}
1057
1058static void check_aliased_updates(struct command *commands)
1059{
1060 struct command *cmd;
1061 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1062
1063 for (cmd = commands; cmd; cmd = cmd->next) {
1064 struct string_list_item *item =
1065 string_list_append(&ref_list, cmd->ref_name);
1066 item->util = (void *)cmd;
1067 }
1068 string_list_sort(&ref_list);
1069
1070 for (cmd = commands; cmd; cmd = cmd->next) {
1071 if (!cmd->error_string)
1072 check_aliased_update(cmd, &ref_list);
1073 }
1074
1075 string_list_clear(&ref_list, 0);
1076}
1077
1078static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1079{
1080 struct command **cmd_list = cb_data;
1081 struct command *cmd = *cmd_list;
1082
1083 if (!cmd || is_null_sha1(cmd->new_sha1))
1084 return -1; /* end of list */
1085 *cmd_list = NULL; /* this returns only one */
1086 hashcpy(sha1, cmd->new_sha1);
1087 return 0;
1088}
1089
1090static void set_connectivity_errors(struct command *commands,
1091 struct shallow_info *si)
1092{
1093 struct command *cmd;
1094
1095 for (cmd = commands; cmd; cmd = cmd->next) {
1096 struct command *singleton = cmd;
1097 if (shallow_update && si->shallow_ref[cmd->index])
1098 /* to be checked in update_shallow_ref() */
1099 continue;
1100 if (!check_everything_connected(command_singleton_iterator,
1101 0, &singleton))
1102 continue;
1103 cmd->error_string = "missing necessary objects";
1104 }
1105}
1106
1107struct iterate_data {
1108 struct command *cmds;
1109 struct shallow_info *si;
1110};
1111
1112static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1113{
1114 struct iterate_data *data = cb_data;
1115 struct command **cmd_list = &data->cmds;
1116 struct command *cmd = *cmd_list;
1117
1118 for (; cmd; cmd = cmd->next) {
1119 if (shallow_update && data->si->shallow_ref[cmd->index])
1120 /* to be checked in update_shallow_ref() */
1121 continue;
1122 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1123 hashcpy(sha1, cmd->new_sha1);
1124 *cmd_list = cmd->next;
1125 return 0;
1126 }
1127 }
1128 *cmd_list = NULL;
1129 return -1; /* end of list */
1130}
1131
1132static void reject_updates_to_hidden(struct command *commands)
1133{
1134 struct command *cmd;
1135
1136 for (cmd = commands; cmd; cmd = cmd->next) {
1137 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1138 continue;
1139 if (is_null_sha1(cmd->new_sha1))
1140 cmd->error_string = "deny deleting a hidden ref";
1141 else
1142 cmd->error_string = "deny updating a hidden ref";
1143 }
1144}
1145
1146static int should_process_cmd(struct command *cmd)
1147{
1148 return !cmd->error_string && !cmd->skip_update;
1149}
1150
1151static void warn_if_skipped_connectivity_check(struct command *commands,
1152 struct shallow_info *si)
1153{
1154 struct command *cmd;
1155 int checked_connectivity = 1;
1156
1157 for (cmd = commands; cmd; cmd = cmd->next) {
1158 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1159 error("BUG: connectivity check has not been run on ref %s",
1160 cmd->ref_name);
1161 checked_connectivity = 0;
1162 }
1163 }
1164 if (!checked_connectivity)
1165 die("BUG: connectivity check skipped???");
1166}
1167
1168static void execute_commands_non_atomic(struct command *commands,
1169 struct shallow_info *si)
1170{
1171 struct command *cmd;
1172 struct strbuf err = STRBUF_INIT;
1173
1174 for (cmd = commands; cmd; cmd = cmd->next) {
1175 if (!should_process_cmd(cmd))
1176 continue;
1177
1178 transaction = ref_transaction_begin(&err);
1179 if (!transaction) {
1180 rp_error("%s", err.buf);
1181 strbuf_reset(&err);
1182 cmd->error_string = "transaction failed to start";
1183 continue;
1184 }
1185
1186 cmd->error_string = update(cmd, si);
1187
1188 if (!cmd->error_string
1189 && ref_transaction_commit(transaction, &err)) {
1190 rp_error("%s", err.buf);
1191 strbuf_reset(&err);
1192 cmd->error_string = "failed to update ref";
1193 }
1194 ref_transaction_free(transaction);
1195 }
1196 strbuf_release(&err);
1197}
1198
1199static void execute_commands_atomic(struct command *commands,
1200 struct shallow_info *si)
1201{
1202 struct command *cmd;
1203 struct strbuf err = STRBUF_INIT;
1204 const char *reported_error = "atomic push failure";
1205
1206 transaction = ref_transaction_begin(&err);
1207 if (!transaction) {
1208 rp_error("%s", err.buf);
1209 strbuf_reset(&err);
1210 reported_error = "transaction failed to start";
1211 goto failure;
1212 }
1213
1214 for (cmd = commands; cmd; cmd = cmd->next) {
1215 if (!should_process_cmd(cmd))
1216 continue;
1217
1218 cmd->error_string = update(cmd, si);
1219
1220 if (cmd->error_string)
1221 goto failure;
1222 }
1223
1224 if (ref_transaction_commit(transaction, &err)) {
1225 rp_error("%s", err.buf);
1226 reported_error = "atomic transaction failed";
1227 goto failure;
1228 }
1229 goto cleanup;
1230
1231failure:
1232 for (cmd = commands; cmd; cmd = cmd->next)
1233 if (!cmd->error_string)
1234 cmd->error_string = reported_error;
1235
1236cleanup:
1237 ref_transaction_free(transaction);
1238 strbuf_release(&err);
1239}
1240
1241static void execute_commands(struct command *commands,
1242 const char *unpacker_error,
1243 struct shallow_info *si)
1244{
1245 struct command *cmd;
1246 unsigned char sha1[20];
1247 struct iterate_data data;
1248
1249 if (unpacker_error) {
1250 for (cmd = commands; cmd; cmd = cmd->next)
1251 cmd->error_string = "unpacker error";
1252 return;
1253 }
1254
1255 data.cmds = commands;
1256 data.si = si;
1257 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1258 set_connectivity_errors(commands, si);
1259
1260 reject_updates_to_hidden(commands);
1261
1262 if (run_receive_hook(commands, "pre-receive", 0)) {
1263 for (cmd = commands; cmd; cmd = cmd->next) {
1264 if (!cmd->error_string)
1265 cmd->error_string = "pre-receive hook declined";
1266 }
1267 return;
1268 }
1269
1270 check_aliased_updates(commands);
1271
1272 free(head_name_to_free);
1273 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1274
1275 if (use_atomic)
1276 execute_commands_atomic(commands, si);
1277 else
1278 execute_commands_non_atomic(commands, si);
1279
1280 if (shallow_update)
1281 warn_if_skipped_connectivity_check(commands, si);
1282}
1283
1284static struct command **queue_command(struct command **tail,
1285 const char *line,
1286 int linelen)
1287{
1288 unsigned char old_sha1[20], new_sha1[20];
1289 struct command *cmd;
1290 const char *refname;
1291 int reflen;
1292
1293 if (linelen < 83 ||
1294 line[40] != ' ' ||
1295 line[81] != ' ' ||
1296 get_sha1_hex(line, old_sha1) ||
1297 get_sha1_hex(line + 41, new_sha1))
1298 die("protocol error: expected old/new/ref, got '%s'", line);
1299
1300 refname = line + 82;
1301 reflen = linelen - 82;
1302 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1303 hashcpy(cmd->old_sha1, old_sha1);
1304 hashcpy(cmd->new_sha1, new_sha1);
1305 memcpy(cmd->ref_name, refname, reflen);
1306 cmd->ref_name[reflen] = '\0';
1307 *tail = cmd;
1308 return &cmd->next;
1309}
1310
1311static void queue_commands_from_cert(struct command **tail,
1312 struct strbuf *push_cert)
1313{
1314 const char *boc, *eoc;
1315
1316 if (*tail)
1317 die("protocol error: got both push certificate and unsigned commands");
1318
1319 boc = strstr(push_cert->buf, "\n\n");
1320 if (!boc)
1321 die("malformed push certificate %.*s", 100, push_cert->buf);
1322 else
1323 boc += 2;
1324 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1325
1326 while (boc < eoc) {
1327 const char *eol = memchr(boc, '\n', eoc - boc);
1328 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1329 boc = eol ? eol + 1 : eoc;
1330 }
1331}
1332
1333static struct command *read_head_info(struct sha1_array *shallow)
1334{
1335 struct command *commands = NULL;
1336 struct command **p = &commands;
1337 for (;;) {
1338 char *line;
1339 int len, linelen;
1340
1341 line = packet_read_line(0, &len);
1342 if (!line)
1343 break;
1344
1345 if (len == 48 && starts_with(line, "shallow ")) {
1346 unsigned char sha1[20];
1347 if (get_sha1_hex(line + 8, sha1))
1348 die("protocol error: expected shallow sha, got '%s'",
1349 line + 8);
1350 sha1_array_append(shallow, sha1);
1351 continue;
1352 }
1353
1354 linelen = strlen(line);
1355 if (linelen < len) {
1356 const char *feature_list = line + linelen + 1;
1357 if (parse_feature_request(feature_list, "report-status"))
1358 report_status = 1;
1359 if (parse_feature_request(feature_list, "side-band-64k"))
1360 use_sideband = LARGE_PACKET_MAX;
1361 if (parse_feature_request(feature_list, "quiet"))
1362 quiet = 1;
1363 if (advertise_atomic_push
1364 && parse_feature_request(feature_list, "atomic"))
1365 use_atomic = 1;
1366 }
1367
1368 if (!strcmp(line, "push-cert")) {
1369 int true_flush = 0;
1370 char certbuf[1024];
1371
1372 for (;;) {
1373 len = packet_read(0, NULL, NULL,
1374 certbuf, sizeof(certbuf), 0);
1375 if (!len) {
1376 true_flush = 1;
1377 break;
1378 }
1379 if (!strcmp(certbuf, "push-cert-end\n"))
1380 break; /* end of cert */
1381 strbuf_addstr(&push_cert, certbuf);
1382 }
1383
1384 if (true_flush)
1385 break;
1386 continue;
1387 }
1388
1389 p = queue_command(p, line, linelen);
1390 }
1391
1392 if (push_cert.len)
1393 queue_commands_from_cert(p, &push_cert);
1394
1395 return commands;
1396}
1397
1398static const char *parse_pack_header(struct pack_header *hdr)
1399{
1400 switch (read_pack_header(0, hdr)) {
1401 case PH_ERROR_EOF:
1402 return "eof before pack header was fully read";
1403
1404 case PH_ERROR_PACK_SIGNATURE:
1405 return "protocol error (pack signature mismatch detected)";
1406
1407 case PH_ERROR_PROTOCOL:
1408 return "protocol error (pack version unsupported)";
1409
1410 default:
1411 return "unknown error in parse_pack_header";
1412
1413 case 0:
1414 return NULL;
1415 }
1416}
1417
1418static const char *pack_lockfile;
1419
1420static const char *unpack(int err_fd, struct shallow_info *si)
1421{
1422 struct pack_header hdr;
1423 const char *hdr_err;
1424 int status;
1425 char hdr_arg[38];
1426 struct child_process child = CHILD_PROCESS_INIT;
1427 int fsck_objects = (receive_fsck_objects >= 0
1428 ? receive_fsck_objects
1429 : transfer_fsck_objects >= 0
1430 ? transfer_fsck_objects
1431 : 0);
1432
1433 hdr_err = parse_pack_header(&hdr);
1434 if (hdr_err) {
1435 if (err_fd > 0)
1436 close(err_fd);
1437 return hdr_err;
1438 }
1439 snprintf(hdr_arg, sizeof(hdr_arg),
1440 "--pack_header=%"PRIu32",%"PRIu32,
1441 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1442
1443 if (si->nr_ours || si->nr_theirs) {
1444 alt_shallow_file = setup_temporary_shallow(si->shallow);
1445 argv_array_push(&child.args, "--shallow-file");
1446 argv_array_push(&child.args, alt_shallow_file);
1447 }
1448
1449 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1450 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1451 if (quiet)
1452 argv_array_push(&child.args, "-q");
1453 if (fsck_objects)
1454 argv_array_push(&child.args, "--strict");
1455 child.no_stdout = 1;
1456 child.err = err_fd;
1457 child.git_cmd = 1;
1458 status = run_command(&child);
1459 if (status)
1460 return "unpack-objects abnormal exit";
1461 } else {
1462 int s;
1463 char keep_arg[256];
1464
1465 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1466 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1467 strcpy(keep_arg + s, "localhost");
1468
1469 argv_array_pushl(&child.args, "index-pack",
1470 "--stdin", hdr_arg, keep_arg, NULL);
1471 if (fsck_objects)
1472 argv_array_push(&child.args, "--strict");
1473 if (fix_thin)
1474 argv_array_push(&child.args, "--fix-thin");
1475 child.out = -1;
1476 child.err = err_fd;
1477 child.git_cmd = 1;
1478 status = start_command(&child);
1479 if (status)
1480 return "index-pack fork failed";
1481 pack_lockfile = index_pack_lockfile(child.out);
1482 close(child.out);
1483 status = finish_command(&child);
1484 if (status)
1485 return "index-pack abnormal exit";
1486 reprepare_packed_git();
1487 }
1488 return NULL;
1489}
1490
1491static const char *unpack_with_sideband(struct shallow_info *si)
1492{
1493 struct async muxer;
1494 const char *ret;
1495
1496 if (!use_sideband)
1497 return unpack(0, si);
1498
1499 memset(&muxer, 0, sizeof(muxer));
1500 muxer.proc = copy_to_sideband;
1501 muxer.in = -1;
1502 if (start_async(&muxer))
1503 return NULL;
1504
1505 ret = unpack(muxer.in, si);
1506
1507 finish_async(&muxer);
1508 return ret;
1509}
1510
1511static void prepare_shallow_update(struct command *commands,
1512 struct shallow_info *si)
1513{
1514 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1515
1516 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1517 si->shallow->nr);
1518 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1519
1520 si->need_reachability_test =
1521 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1522 si->reachable =
1523 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1524 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1525
1526 for (i = 0; i < si->nr_ours; i++)
1527 si->need_reachability_test[si->ours[i]] = 1;
1528
1529 for (i = 0; i < si->shallow->nr; i++) {
1530 if (!si->used_shallow[i])
1531 continue;
1532 for (j = 0; j < bitmap_size; j++) {
1533 if (!si->used_shallow[i][j])
1534 continue;
1535 si->need_reachability_test[i]++;
1536 for (k = 0; k < 32; k++)
1537 if (si->used_shallow[i][j] & (1 << k))
1538 si->shallow_ref[j * 32 + k]++;
1539 }
1540
1541 /*
1542 * true for those associated with some refs and belong
1543 * in "ours" list aka "step 7 not done yet"
1544 */
1545 si->need_reachability_test[i] =
1546 si->need_reachability_test[i] > 1;
1547 }
1548
1549 /*
1550 * keep hooks happy by forcing a temporary shallow file via
1551 * env variable because we can't add --shallow-file to every
1552 * command. check_everything_connected() will be done with
1553 * true .git/shallow though.
1554 */
1555 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1556}
1557
1558static void update_shallow_info(struct command *commands,
1559 struct shallow_info *si,
1560 struct sha1_array *ref)
1561{
1562 struct command *cmd;
1563 int *ref_status;
1564 remove_nonexistent_theirs_shallow(si);
1565 if (!si->nr_ours && !si->nr_theirs) {
1566 shallow_update = 0;
1567 return;
1568 }
1569
1570 for (cmd = commands; cmd; cmd = cmd->next) {
1571 if (is_null_sha1(cmd->new_sha1))
1572 continue;
1573 sha1_array_append(ref, cmd->new_sha1);
1574 cmd->index = ref->nr - 1;
1575 }
1576 si->ref = ref;
1577
1578 if (shallow_update) {
1579 prepare_shallow_update(commands, si);
1580 return;
1581 }
1582
1583 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1584 assign_shallow_commits_to_refs(si, NULL, ref_status);
1585 for (cmd = commands; cmd; cmd = cmd->next) {
1586 if (is_null_sha1(cmd->new_sha1))
1587 continue;
1588 if (ref_status[cmd->index]) {
1589 cmd->error_string = "shallow update not allowed";
1590 cmd->skip_update = 1;
1591 }
1592 }
1593 free(ref_status);
1594}
1595
1596static void report(struct command *commands, const char *unpack_status)
1597{
1598 struct command *cmd;
1599 struct strbuf buf = STRBUF_INIT;
1600
1601 packet_buf_write(&buf, "unpack %s\n",
1602 unpack_status ? unpack_status : "ok");
1603 for (cmd = commands; cmd; cmd = cmd->next) {
1604 if (!cmd->error_string)
1605 packet_buf_write(&buf, "ok %s\n",
1606 cmd->ref_name);
1607 else
1608 packet_buf_write(&buf, "ng %s %s\n",
1609 cmd->ref_name, cmd->error_string);
1610 }
1611 packet_buf_flush(&buf);
1612
1613 if (use_sideband)
1614 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1615 else
1616 write_or_die(1, buf.buf, buf.len);
1617 strbuf_release(&buf);
1618}
1619
1620static int delete_only(struct command *commands)
1621{
1622 struct command *cmd;
1623 for (cmd = commands; cmd; cmd = cmd->next) {
1624 if (!is_null_sha1(cmd->new_sha1))
1625 return 0;
1626 }
1627 return 1;
1628}
1629
1630int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1631{
1632 int advertise_refs = 0;
1633 int i;
1634 struct command *commands;
1635 struct sha1_array shallow = SHA1_ARRAY_INIT;
1636 struct sha1_array ref = SHA1_ARRAY_INIT;
1637 struct shallow_info si;
1638
1639 packet_trace_identity("receive-pack");
1640
1641 argv++;
1642 for (i = 1; i < argc; i++) {
1643 const char *arg = *argv++;
1644
1645 if (*arg == '-') {
1646 if (!strcmp(arg, "--quiet")) {
1647 quiet = 1;
1648 continue;
1649 }
1650
1651 if (!strcmp(arg, "--advertise-refs")) {
1652 advertise_refs = 1;
1653 continue;
1654 }
1655 if (!strcmp(arg, "--stateless-rpc")) {
1656 stateless_rpc = 1;
1657 continue;
1658 }
1659 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1660 fix_thin = 0;
1661 continue;
1662 }
1663
1664 usage(receive_pack_usage);
1665 }
1666 if (service_dir)
1667 usage(receive_pack_usage);
1668 service_dir = arg;
1669 }
1670 if (!service_dir)
1671 usage(receive_pack_usage);
1672
1673 setup_path();
1674
1675 if (!enter_repo(service_dir, 0))
1676 die("'%s' does not appear to be a git repository", service_dir);
1677
1678 git_config(receive_pack_config, NULL);
1679 if (cert_nonce_seed)
1680 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1681
1682 if (0 <= transfer_unpack_limit)
1683 unpack_limit = transfer_unpack_limit;
1684 else if (0 <= receive_unpack_limit)
1685 unpack_limit = receive_unpack_limit;
1686
1687 if (advertise_refs || !stateless_rpc) {
1688 write_head_info();
1689 }
1690 if (advertise_refs)
1691 return 0;
1692
1693 if ((commands = read_head_info(&shallow)) != NULL) {
1694 const char *unpack_status = NULL;
1695
1696 prepare_shallow_info(&si, &shallow);
1697 if (!si.nr_ours && !si.nr_theirs)
1698 shallow_update = 0;
1699 if (!delete_only(commands)) {
1700 unpack_status = unpack_with_sideband(&si);
1701 update_shallow_info(commands, &si, &ref);
1702 }
1703 execute_commands(commands, unpack_status, &si);
1704 if (pack_lockfile)
1705 unlink_or_warn(pack_lockfile);
1706 if (report_status)
1707 report(commands, unpack_status);
1708 run_receive_hook(commands, "post-receive", 1);
1709 run_update_post_hook(commands);
1710 if (auto_gc) {
1711 const char *argv_gc_auto[] = {
1712 "gc", "--auto", "--quiet", NULL,
1713 };
1714 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1715 run_command_v_opt(argv_gc_auto, opt);
1716 }
1717 if (auto_update_server_info)
1718 update_server_info(0);
1719 clear_shallow_info(&si);
1720 }
1721 if (use_sideband)
1722 packet_flush(1);
1723 sha1_array_clear(&shallow);
1724 sha1_array_clear(&ref);
1725 free((void *)push_cert_nonce);
1726 return 0;
1727}