1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
27};
28enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
35};
36static int deny_deletes;
38static int deny_non_fast_forwards;
39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41static int receive_fsck_objects = -1;
42static int transfer_fsck_objects = -1;
43static struct strbuf fsck_msg_types = STRBUF_INIT;
44static int receive_unpack_limit = -1;
45static int transfer_unpack_limit = -1;
46static int advertise_atomic_push = 1;
47static int advertise_push_options;
48static int unpack_limit = 100;
49static off_t max_input_size;
50static int report_status;
51static int use_sideband;
52static int use_atomic;
53static int use_push_options;
54static int quiet;
55static int prefer_ofs_delta = 1;
56static int auto_update_server_info;
57static int auto_gc = 1;
58static int reject_thin;
59static int stateless_rpc;
60static const char *service_dir;
61static const char *head_name;
62static void *head_name_to_free;
63static int sent_capabilities;
64static int shallow_update;
65static const char *alt_shallow_file;
66static struct strbuf push_cert = STRBUF_INIT;
67static unsigned char push_cert_sha1[20];
68static struct signature_check sigcheck;
69static const char *push_cert_nonce;
70static const char *cert_nonce_seed;
71static const char *NONCE_UNSOLICITED = "UNSOLICITED";
73static const char *NONCE_BAD = "BAD";
74static const char *NONCE_MISSING = "MISSING";
75static const char *NONCE_OK = "OK";
76static const char *NONCE_SLOP = "SLOP";
77static const char *nonce_status;
78static long nonce_stamp_slop;
79static unsigned long nonce_stamp_slop_limit;
80static struct ref_transaction *transaction;
81static enum {
83 KEEPALIVE_NEVER = 0,
84 KEEPALIVE_AFTER_NUL,
85 KEEPALIVE_ALWAYS
86} use_keepalive;
87static int keepalive_in_sec = 5;
88static enum deny_action parse_deny_action(const char *var, const char *value)
90{
91 if (value) {
92 if (!strcasecmp(value, "ignore"))
93 return DENY_IGNORE;
94 if (!strcasecmp(value, "warn"))
95 return DENY_WARN;
96 if (!strcasecmp(value, "refuse"))
97 return DENY_REFUSE;
98 if (!strcasecmp(value, "updateinstead"))
99 return DENY_UPDATE_INSTEAD;
100 }
101 if (git_config_bool(var, value))
102 return DENY_REFUSE;
103 return DENY_IGNORE;
104}
105static int receive_pack_config(const char *var, const char *value, void *cb)
107{
108 int status = parse_hide_refs_config(var, value, "receive");
109 if (status)
111 return status;
112 if (strcmp(var, "receive.denydeletes") == 0) {
114 deny_deletes = git_config_bool(var, value);
115 return 0;
116 }
117 if (strcmp(var, "receive.denynonfastforwards") == 0) {
119 deny_non_fast_forwards = git_config_bool(var, value);
120 return 0;
121 }
122 if (strcmp(var, "receive.unpacklimit") == 0) {
124 receive_unpack_limit = git_config_int(var, value);
125 return 0;
126 }
127 if (strcmp(var, "transfer.unpacklimit") == 0) {
129 transfer_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132 if (strcmp(var, "receive.fsck.skiplist") == 0) {
134 const char *path;
135 if (git_config_pathname(&path, var, value))
137 return 1;
138 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
139 fsck_msg_types.len ? ',' : '=', path);
140 free((char *)path);
141 return 0;
142 }
143 if (skip_prefix(var, "receive.fsck.", &var)) {
145 if (is_valid_msg_type(var, value))
146 strbuf_addf(&fsck_msg_types, "%c%s=%s",
147 fsck_msg_types.len ? ',' : '=', var, value);
148 else
149 warning("Skipping unknown msg id '%s'", var);
150 return 0;
151 }
152 if (strcmp(var, "receive.fsckobjects") == 0) {
154 receive_fsck_objects = git_config_bool(var, value);
155 return 0;
156 }
157 if (strcmp(var, "transfer.fsckobjects") == 0) {
159 transfer_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162 if (!strcmp(var, "receive.denycurrentbranch")) {
164 deny_current_branch = parse_deny_action(var, value);
165 return 0;
166 }
167 if (strcmp(var, "receive.denydeletecurrent") == 0) {
169 deny_delete_current = parse_deny_action(var, value);
170 return 0;
171 }
172 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
174 prefer_ofs_delta = git_config_bool(var, value);
175 return 0;
176 }
177 if (strcmp(var, "receive.updateserverinfo") == 0) {
179 auto_update_server_info = git_config_bool(var, value);
180 return 0;
181 }
182 if (strcmp(var, "receive.autogc") == 0) {
184 auto_gc = git_config_bool(var, value);
185 return 0;
186 }
187 if (strcmp(var, "receive.shallowupdate") == 0) {
189 shallow_update = git_config_bool(var, value);
190 return 0;
191 }
192 if (strcmp(var, "receive.certnonceseed") == 0)
194 return git_config_string(&cert_nonce_seed, var, value);
195 if (strcmp(var, "receive.certnonceslop") == 0) {
197 nonce_stamp_slop_limit = git_config_ulong(var, value);
198 return 0;
199 }
200 if (strcmp(var, "receive.advertiseatomic") == 0) {
202 advertise_atomic_push = git_config_bool(var, value);
203 return 0;
204 }
205 if (strcmp(var, "receive.advertisepushoptions") == 0) {
207 advertise_push_options = git_config_bool(var, value);
208 return 0;
209 }
210 if (strcmp(var, "receive.keepalive") == 0) {
212 keepalive_in_sec = git_config_int(var, value);
213 return 0;
214 }
215 if (strcmp(var, "receive.maxinputsize") == 0) {
217 max_input_size = git_config_int64(var, value);
218 return 0;
219 }
220 return git_default_config(var, value, cb);
222}
223static void show_ref(const char *path, const unsigned char *sha1)
225{
226 if (sent_capabilities) {
227 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
228 } else {
229 struct strbuf cap = STRBUF_INIT;
230 strbuf_addstr(&cap,
232 "report-status delete-refs side-band-64k quiet");
233 if (advertise_atomic_push)
234 strbuf_addstr(&cap, " atomic");
235 if (prefer_ofs_delta)
236 strbuf_addstr(&cap, " ofs-delta");
237 if (push_cert_nonce)
238 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
239 if (advertise_push_options)
240 strbuf_addstr(&cap, " push-options");
241 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
242 packet_write(1, "%s %s%c%s\n",
243 sha1_to_hex(sha1), path, 0, cap.buf);
244 strbuf_release(&cap);
245 sent_capabilities = 1;
246 }
247}
248static int show_ref_cb(const char *path_full, const struct object_id *oid,
250 int flag, void *unused)
251{
252 const char *path = strip_namespace(path_full);
253 if (ref_is_hidden(path, path_full))
255 return 0;
256 /*
258 * Advertise refs outside our current namespace as ".have"
259 * refs, so that the client can use them to minimize data
260 * transfer but will otherwise ignore them. This happens to
261 * cover ".have" that are thrown in by add_one_alternate_ref()
262 * to mark histories that are complete in our alternates as
263 * well.
264 */
265 if (!path)
266 path = ".have";
267 show_ref(path, oid->hash);
268 return 0;
269}
270static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
272{
273 show_ref(".have", sha1);
274 return 0;
275}
276static void collect_one_alternate_ref(const struct ref *ref, void *data)
278{
279 struct sha1_array *sa = data;
280 sha1_array_append(sa, ref->old_oid.hash);
281}
282static void write_head_info(void)
284{
285 struct sha1_array sa = SHA1_ARRAY_INIT;
286 for_each_alternate_ref(collect_one_alternate_ref, &sa);
288 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
289 sha1_array_clear(&sa);
290 for_each_ref(show_ref_cb, NULL);
291 if (!sent_capabilities)
292 show_ref("capabilities^{}", null_sha1);
293 advertise_shallow_grafts(1);
295 /* EOF */
297 packet_flush(1);
298}
299struct command {
301 struct command *next;
302 const char *error_string;
303 unsigned int skip_update:1,
304 did_not_exist:1;
305 int index;
306 unsigned char old_sha1[20];
307 unsigned char new_sha1[20];
308 char ref_name[FLEX_ARRAY]; /* more */
309};
310static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
312static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
313static void report_message(const char *prefix, const char *err, va_list params)
315{
316 int sz;
317 char msg[4096];
318 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
320 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
321 if (sz > (sizeof(msg) - 1))
322 sz = sizeof(msg) - 1;
323 msg[sz++] = '\n';
324 if (use_sideband)
326 send_sideband(1, 2, msg, sz, use_sideband);
327 else
328 xwrite(2, msg, sz);
329}
330static void rp_warning(const char *err, ...)
332{
333 va_list params;
334 va_start(params, err);
335 report_message("warning: ", err, params);
336 va_end(params);
337}
338static void rp_error(const char *err, ...)
340{
341 va_list params;
342 va_start(params, err);
343 report_message("error: ", err, params);
344 va_end(params);
345}
346static int copy_to_sideband(int in, int out, void *arg)
348{
349 char data[128];
350 int keepalive_active = 0;
351 if (keepalive_in_sec <= 0)
353 use_keepalive = KEEPALIVE_NEVER;
354 if (use_keepalive == KEEPALIVE_ALWAYS)
355 keepalive_active = 1;
356 while (1) {
358 ssize_t sz;
359 if (keepalive_active) {
361 struct pollfd pfd;
362 int ret;
363 pfd.fd = in;
365 pfd.events = POLLIN;
366 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
367 if (ret < 0) {
369 if (errno == EINTR)
370 continue;
371 else
372 break;
373 } else if (ret == 0) {
374 /* no data; send a keepalive packet */
375 static const char buf[] = "0005\1";
376 write_or_die(1, buf, sizeof(buf) - 1);
377 continue;
378 } /* else there is actual data to read */
379 }
380 sz = xread(in, data, sizeof(data));
382 if (sz <= 0)
383 break;
384 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
386 const char *p = memchr(data, '\0', sz);
387 if (p) {
388 /*
389 * The NUL tells us to start sending keepalives. Make
390 * sure we send any other data we read along
391 * with it.
392 */
393 keepalive_active = 1;
394 send_sideband(1, 2, data, p - data, use_sideband);
395 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
396 continue;
397 }
398 }
399 /*
401 * Either we're not looking for a NUL signal, or we didn't see
402 * it yet; just pass along the data.
403 */
404 send_sideband(1, 2, data, sz, use_sideband);
405 }
406 close(in);
407 return 0;
408}
409#define HMAC_BLOCK_SIZE 64
411static void hmac_sha1(unsigned char *out,
413 const char *key_in, size_t key_len,
414 const char *text, size_t text_len)
415{
416 unsigned char key[HMAC_BLOCK_SIZE];
417 unsigned char k_ipad[HMAC_BLOCK_SIZE];
418 unsigned char k_opad[HMAC_BLOCK_SIZE];
419 int i;
420 git_SHA_CTX ctx;
421 /* RFC 2104 2. (1) */
423 memset(key, '\0', HMAC_BLOCK_SIZE);
424 if (HMAC_BLOCK_SIZE < key_len) {
425 git_SHA1_Init(&ctx);
426 git_SHA1_Update(&ctx, key_in, key_len);
427 git_SHA1_Final(key, &ctx);
428 } else {
429 memcpy(key, key_in, key_len);
430 }
431 /* RFC 2104 2. (2) & (5) */
433 for (i = 0; i < sizeof(key); i++) {
434 k_ipad[i] = key[i] ^ 0x36;
435 k_opad[i] = key[i] ^ 0x5c;
436 }
437 /* RFC 2104 2. (3) & (4) */
439 git_SHA1_Init(&ctx);
440 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
441 git_SHA1_Update(&ctx, text, text_len);
442 git_SHA1_Final(out, &ctx);
443 /* RFC 2104 2. (6) & (7) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
447 git_SHA1_Update(&ctx, out, 20);
448 git_SHA1_Final(out, &ctx);
449}
450static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
452{
453 struct strbuf buf = STRBUF_INIT;
454 unsigned char sha1[20];
455 strbuf_addf(&buf, "%s:%lu", path, stamp);
457 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
458 strbuf_release(&buf);
459 /* RFC 2104 5. HMAC-SHA1-80 */
461 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
462 return strbuf_detach(&buf, NULL);
463}
464/*
466 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
467 * after dropping "_commit" from its name and possibly moving it out
468 * of commit.c
469 */
470static char *find_header(const char *msg, size_t len, const char *key)
471{
472 int key_len = strlen(key);
473 const char *line = msg;
474 while (line && line < msg + len) {
476 const char *eol = strchrnul(line, '\n');
477 if ((msg + len <= eol) || line == eol)
479 return NULL;
480 if (line + key_len < eol &&
481 !memcmp(line, key, key_len) && line[key_len] == ' ') {
482 int offset = key_len + 1;
483 return xmemdupz(line + offset, (eol - line) - offset);
484 }
485 line = *eol ? eol + 1 : NULL;
486 }
487 return NULL;
488}
489static const char *check_nonce(const char *buf, size_t len)
491{
492 char *nonce = find_header(buf, len, "nonce");
493 unsigned long stamp, ostamp;
494 char *bohmac, *expect = NULL;
495 const char *retval = NONCE_BAD;
496 if (!nonce) {
498 retval = NONCE_MISSING;
499 goto leave;
500 } else if (!push_cert_nonce) {
501 retval = NONCE_UNSOLICITED;
502 goto leave;
503 } else if (!strcmp(push_cert_nonce, nonce)) {
504 retval = NONCE_OK;
505 goto leave;
506 }
507 if (!stateless_rpc) {
509 /* returned nonce MUST match what we gave out earlier */
510 retval = NONCE_BAD;
511 goto leave;
512 }
513 /*
515 * In stateless mode, we may be receiving a nonce issued by
516 * another instance of the server that serving the same
517 * repository, and the timestamps may not match, but the
518 * nonce-seed and dir should match, so we can recompute and
519 * report the time slop.
520 *
521 * In addition, when a nonce issued by another instance has
522 * timestamp within receive.certnonceslop seconds, we pretend
523 * as if we issued that nonce when reporting to the hook.
524 */
525 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
527 if (*nonce <= '0' || '9' < *nonce) {
528 retval = NONCE_BAD;
529 goto leave;
530 }
531 stamp = strtoul(nonce, &bohmac, 10);
532 if (bohmac == nonce || bohmac[0] != '-') {
533 retval = NONCE_BAD;
534 goto leave;
535 }
536 expect = prepare_push_cert_nonce(service_dir, stamp);
538 if (strcmp(expect, nonce)) {
539 /* Not what we would have signed earlier */
540 retval = NONCE_BAD;
541 goto leave;
542 }
543 /*
545 * By how many seconds is this nonce stale? Negative value
546 * would mean it was issued by another server with its clock
547 * skewed in the future.
548 */
549 ostamp = strtoul(push_cert_nonce, NULL, 10);
550 nonce_stamp_slop = (long)ostamp - (long)stamp;
551 if (nonce_stamp_slop_limit &&
553 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
554 /*
555 * Pretend as if the received nonce (which passes the
556 * HMAC check, so it is not a forged by third-party)
557 * is what we issued.
558 */
559 free((void *)push_cert_nonce);
560 push_cert_nonce = xstrdup(nonce);
561 retval = NONCE_OK;
562 } else {
563 retval = NONCE_SLOP;
564 }
565leave:
567 free(nonce);
568 free(expect);
569 return retval;
570}
571static void prepare_push_cert_sha1(struct child_process *proc)
573{
574 static int already_done;
575 if (!push_cert.len)
577 return;
578 if (!already_done) {
580 struct strbuf gpg_output = STRBUF_INIT;
581 struct strbuf gpg_status = STRBUF_INIT;
582 int bogs /* beginning_of_gpg_sig */;
583 already_done = 1;
585 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
586 hashclr(push_cert_sha1);
587 memset(&sigcheck, '\0', sizeof(sigcheck));
589 sigcheck.result = 'N';
590 bogs = parse_signature(push_cert.buf, push_cert.len);
592 if (verify_signed_buffer(push_cert.buf, bogs,
593 push_cert.buf + bogs, push_cert.len - bogs,
594 &gpg_output, &gpg_status) < 0) {
595 ; /* error running gpg */
596 } else {
597 sigcheck.payload = push_cert.buf;
598 sigcheck.gpg_output = gpg_output.buf;
599 sigcheck.gpg_status = gpg_status.buf;
600 parse_gpg_output(&sigcheck);
601 }
602 strbuf_release(&gpg_output);
604 strbuf_release(&gpg_status);
605 nonce_status = check_nonce(push_cert.buf, bogs);
606 }
607 if (!is_null_sha1(push_cert_sha1)) {
608 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
609 sha1_to_hex(push_cert_sha1));
610 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
611 sigcheck.signer ? sigcheck.signer : "");
612 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
613 sigcheck.key ? sigcheck.key : "");
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
615 sigcheck.result);
616 if (push_cert_nonce) {
617 argv_array_pushf(&proc->env_array,
618 "GIT_PUSH_CERT_NONCE=%s",
619 push_cert_nonce);
620 argv_array_pushf(&proc->env_array,
621 "GIT_PUSH_CERT_NONCE_STATUS=%s",
622 nonce_status);
623 if (nonce_status == NONCE_SLOP)
624 argv_array_pushf(&proc->env_array,
625 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
626 nonce_stamp_slop);
627 }
628 }
629}
630struct receive_hook_feed_state {
632 struct command *cmd;
633 int skip_broken;
634 struct strbuf buf;
635 const struct string_list *push_options;
636};
637typedef int (*feed_fn)(void *, const char **, size_t *);
639static int run_and_feed_hook(const char *hook_name, feed_fn feed,
640 struct receive_hook_feed_state *feed_state)
641{
642 struct child_process proc = CHILD_PROCESS_INIT;
643 struct async muxer;
644 const char *argv[2];
645 int code;
646 argv[0] = find_hook(hook_name);
648 if (!argv[0])
649 return 0;
650 argv[1] = NULL;
652 proc.argv = argv;
654 proc.in = -1;
655 proc.stdout_to_stderr = 1;
656 if (feed_state->push_options) {
657 int i;
658 for (i = 0; i < feed_state->push_options->nr; i++)
659 argv_array_pushf(&proc.env_array,
660 "GIT_PUSH_OPTION_%d=%s", i,
661 feed_state->push_options->items[i].string);
662 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
663 feed_state->push_options->nr);
664 } else
665 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
666 if (use_sideband) {
668 memset(&muxer, 0, sizeof(muxer));
669 muxer.proc = copy_to_sideband;
670 muxer.in = -1;
671 code = start_async(&muxer);
672 if (code)
673 return code;
674 proc.err = muxer.in;
675 }
676 prepare_push_cert_sha1(&proc);
678 code = start_command(&proc);
680 if (code) {
681 if (use_sideband)
682 finish_async(&muxer);
683 return code;
684 }
685 sigchain_push(SIGPIPE, SIG_IGN);
687 while (1) {
689 const char *buf;
690 size_t n;
691 if (feed(feed_state, &buf, &n))
692 break;
693 if (write_in_full(proc.in, buf, n) != n)
694 break;
695 }
696 close(proc.in);
697 if (use_sideband)
698 finish_async(&muxer);
699 sigchain_pop(SIGPIPE);
701 return finish_command(&proc);
703}
704static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
706{
707 struct receive_hook_feed_state *state = state_;
708 struct command *cmd = state->cmd;
709 while (cmd &&
711 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
712 cmd = cmd->next;
713 if (!cmd)
714 return -1; /* EOF */
715 strbuf_reset(&state->buf);
716 strbuf_addf(&state->buf, "%s %s %s\n",
717 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
718 cmd->ref_name);
719 state->cmd = cmd->next;
720 if (bufp) {
721 *bufp = state->buf.buf;
722 *sizep = state->buf.len;
723 }
724 return 0;
725}
726static int run_receive_hook(struct command *commands,
728 const char *hook_name,
729 int skip_broken,
730 const struct string_list *push_options)
731{
732 struct receive_hook_feed_state state;
733 int status;
734 strbuf_init(&state.buf, 0);
736 state.cmd = commands;
737 state.skip_broken = skip_broken;
738 if (feed_receive_hook(&state, NULL, NULL))
739 return 0;
740 state.cmd = commands;
741 state.push_options = push_options;
742 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
743 strbuf_release(&state.buf);
744 return status;
745}
746static int run_update_hook(struct command *cmd)
748{
749 const char *argv[5];
750 struct child_process proc = CHILD_PROCESS_INIT;
751 int code;
752 argv[0] = find_hook("update");
754 if (!argv[0])
755 return 0;
756 argv[1] = cmd->ref_name;
758 argv[2] = sha1_to_hex(cmd->old_sha1);
759 argv[3] = sha1_to_hex(cmd->new_sha1);
760 argv[4] = NULL;
761 proc.no_stdin = 1;
763 proc.stdout_to_stderr = 1;
764 proc.err = use_sideband ? -1 : 0;
765 proc.argv = argv;
766 code = start_command(&proc);
768 if (code)
769 return code;
770 if (use_sideband)
771 copy_to_sideband(proc.err, -1, NULL);
772 return finish_command(&proc);
773}
774static int is_ref_checked_out(const char *ref)
776{
777 if (is_bare_repository())
778 return 0;
779 if (!head_name)
781 return 0;
782 return !strcmp(head_name, ref);
783}
784static char *refuse_unconfigured_deny_msg =
786 N_("By default, updating the current branch in a non-bare repository\n"
787 "is denied, because it will make the index and work tree inconsistent\n"
788 "with what you pushed, and will require 'git reset --hard' to match\n"
789 "the work tree to HEAD.\n"
790 "\n"
791 "You can set 'receive.denyCurrentBranch' configuration variable to\n"
792 "'ignore' or 'warn' in the remote repository to allow pushing into\n"
793 "its current branch; however, this is not recommended unless you\n"
794 "arranged to update its work tree to match what you pushed in some\n"
795 "other way.\n"
796 "\n"
797 "To squelch this message and still keep the default behaviour, set\n"
798 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
799static void refuse_unconfigured_deny(void)
801{
802 rp_error("%s", _(refuse_unconfigured_deny_msg));
803}
804static char *refuse_unconfigured_deny_delete_current_msg =
806 N_("By default, deleting the current branch is denied, because the next\n"
807 "'git clone' won't result in any file checked out, causing confusion.\n"
808 "\n"
809 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
810 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
811 "current branch, with or without a warning message.\n"
812 "\n"
813 "To squelch this message, you can set it to 'refuse'.");
814static void refuse_unconfigured_deny_delete_current(void)
816{
817 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
818}
819static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
821static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
822{
823 static struct lock_file shallow_lock;
824 struct sha1_array extra = SHA1_ARRAY_INIT;
825 struct check_connected_options opt = CHECK_CONNECTED_INIT;
826 uint32_t mask = 1 << (cmd->index % 32);
827 int i;
828 trace_printf_key(&trace_shallow,
830 "shallow: update_shallow_ref %s\n", cmd->ref_name);
831 for (i = 0; i < si->shallow->nr; i++)
832 if (si->used_shallow[i] &&
833 (si->used_shallow[i][cmd->index / 32] & mask) &&
834 !delayed_reachability_test(si, i))
835 sha1_array_append(&extra, si->shallow->sha1[i]);
836 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
838 if (check_connected(command_singleton_iterator, cmd, &opt)) {
839 rollback_lock_file(&shallow_lock);
840 sha1_array_clear(&extra);
841 return -1;
842 }
843 commit_lock_file(&shallow_lock);
845 /*
847 * Make sure setup_alternate_shallow() for the next ref does
848 * not lose these new roots..
849 */
850 for (i = 0; i < extra.nr; i++)
851 register_shallow(extra.sha1[i]);
852 si->shallow_ref[cmd->index] = 0;
854 sha1_array_clear(&extra);
855 return 0;
856}
857/*
859 * NEEDSWORK: we should consolidate various implementions of "are we
860 * on an unborn branch?" test into one, and make the unified one more
861 * robust. !get_sha1() based check used here and elsewhere would not
862 * allow us to tell an unborn branch from corrupt ref, for example.
863 * For the purpose of fixing "deploy-to-update does not work when
864 * pushing into an empty repository" issue, this should suffice for
865 * now.
866 */
867static int head_has_history(void)
868{
869 unsigned char sha1[20];
870 return !get_sha1("HEAD", sha1);
872}
873static const char *push_to_deploy(unsigned char *sha1,
875 struct argv_array *env,
876 const char *work_tree)
877{
878 const char *update_refresh[] = {
879 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
880 };
881 const char *diff_files[] = {
882 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
883 };
884 const char *diff_index[] = {
885 "diff-index", "--quiet", "--cached", "--ignore-submodules",
886 NULL, "--", NULL
887 };
888 const char *read_tree[] = {
889 "read-tree", "-u", "-m", NULL, NULL
890 };
891 struct child_process child = CHILD_PROCESS_INIT;
892 child.argv = update_refresh;
894 child.env = env->argv;
895 child.dir = work_tree;
896 child.no_stdin = 1;
897 child.stdout_to_stderr = 1;
898 child.git_cmd = 1;
899 if (run_command(&child))
900 return "Up-to-date check failed";
901 /* run_command() does not clean up completely; reinitialize */
903 child_process_init(&child);
904 child.argv = diff_files;
905 child.env = env->argv;
906 child.dir = work_tree;
907 child.no_stdin = 1;
908 child.stdout_to_stderr = 1;
909 child.git_cmd = 1;
910 if (run_command(&child))
911 return "Working directory has unstaged changes";
912 /* diff-index with either HEAD or an empty tree */
914 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
915 child_process_init(&child);
917 child.argv = diff_index;
918 child.env = env->argv;
919 child.no_stdin = 1;
920 child.no_stdout = 1;
921 child.stdout_to_stderr = 0;
922 child.git_cmd = 1;
923 if (run_command(&child))
924 return "Working directory has staged changes";
925 read_tree[3] = sha1_to_hex(sha1);
927 child_process_init(&child);
928 child.argv = read_tree;
929 child.env = env->argv;
930 child.dir = work_tree;
931 child.no_stdin = 1;
932 child.no_stdout = 1;
933 child.stdout_to_stderr = 0;
934 child.git_cmd = 1;
935 if (run_command(&child))
936 return "Could not update working tree to new HEAD";
937 return NULL;
939}
940static const char *push_to_checkout_hook = "push-to-checkout";
942static const char *push_to_checkout(unsigned char *sha1,
944 struct argv_array *env,
945 const char *work_tree)
946{
947 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
948 if (run_hook_le(env->argv, push_to_checkout_hook,
949 sha1_to_hex(sha1), NULL))
950 return "push-to-checkout hook declined";
951 else
952 return NULL;
953}
954static const char *update_worktree(unsigned char *sha1)
956{
957 const char *retval;
958 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
959 struct argv_array env = ARGV_ARRAY_INIT;
960 if (is_bare_repository())
962 return "denyCurrentBranch = updateInstead needs a worktree";
963 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
965 if (!find_hook(push_to_checkout_hook))
967 retval = push_to_deploy(sha1, &env, work_tree);
968 else
969 retval = push_to_checkout(sha1, &env, work_tree);
970 argv_array_clear(&env);
972 return retval;
973}
974static const char *update(struct command *cmd, struct shallow_info *si)
976{
977 const char *name = cmd->ref_name;
978 struct strbuf namespaced_name_buf = STRBUF_INIT;
979 const char *namespaced_name, *ret;
980 unsigned char *old_sha1 = cmd->old_sha1;
981 unsigned char *new_sha1 = cmd->new_sha1;
982 /* only refs/... are allowed */
984 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
985 rp_error("refusing to create funny ref '%s' remotely", name);
986 return "funny refname";
987 }
988 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
990 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
991 if (is_ref_checked_out(namespaced_name)) {
993 switch (deny_current_branch) {
994 case DENY_IGNORE:
995 break;
996 case DENY_WARN:
997 rp_warning("updating the current branch");
998 break;
999 case DENY_REFUSE:
1000 case DENY_UNCONFIGURED:
1001 rp_error("refusing to update checked out branch: %s", name);
1002 if (deny_current_branch == DENY_UNCONFIGURED)
1003 refuse_unconfigured_deny();
1004 return "branch is currently checked out";
1005 case DENY_UPDATE_INSTEAD:
1006 ret = update_worktree(new_sha1);
1007 if (ret)
1008 return ret;
1009 break;
1010 }
1011 }
1012 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1014 error("unpack should have generated %s, "
1015 "but I can't find it!", sha1_to_hex(new_sha1));
1016 return "bad pack";
1017 }
1018 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1020 if (deny_deletes && starts_with(name, "refs/heads/")) {
1021 rp_error("denying ref deletion for %s", name);
1022 return "deletion prohibited";
1023 }
1024 if (head_name && !strcmp(namespaced_name, head_name)) {
1026 switch (deny_delete_current) {
1027 case DENY_IGNORE:
1028 break;
1029 case DENY_WARN:
1030 rp_warning("deleting the current branch");
1031 break;
1032 case DENY_REFUSE:
1033 case DENY_UNCONFIGURED:
1034 case DENY_UPDATE_INSTEAD:
1035 if (deny_delete_current == DENY_UNCONFIGURED)
1036 refuse_unconfigured_deny_delete_current();
1037 rp_error("refusing to delete the current branch: %s", name);
1038 return "deletion of the current branch prohibited";
1039 default:
1040 return "Invalid denyDeleteCurrent setting";
1041 }
1042 }
1043 }
1044 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1046 !is_null_sha1(old_sha1) &&
1047 starts_with(name, "refs/heads/")) {
1048 struct object *old_object, *new_object;
1049 struct commit *old_commit, *new_commit;
1050 old_object = parse_object(old_sha1);
1052 new_object = parse_object(new_sha1);
1053 if (!old_object || !new_object ||
1055 old_object->type != OBJ_COMMIT ||
1056 new_object->type != OBJ_COMMIT) {
1057 error("bad sha1 objects for %s", name);
1058 return "bad ref";
1059 }
1060 old_commit = (struct commit *)old_object;
1061 new_commit = (struct commit *)new_object;
1062 if (!in_merge_bases(old_commit, new_commit)) {
1063 rp_error("denying non-fast-forward %s"
1064 " (you should pull first)", name);
1065 return "non-fast-forward";
1066 }
1067 }
1068 if (run_update_hook(cmd)) {
1069 rp_error("hook declined to update %s", name);
1070 return "hook declined";
1071 }
1072 if (is_null_sha1(new_sha1)) {
1074 struct strbuf err = STRBUF_INIT;
1075 if (!parse_object(old_sha1)) {
1076 old_sha1 = NULL;
1077 if (ref_exists(name)) {
1078 rp_warning("Allowing deletion of corrupt ref.");
1079 } else {
1080 rp_warning("Deleting a non-existent ref.");
1081 cmd->did_not_exist = 1;
1082 }
1083 }
1084 if (ref_transaction_delete(transaction,
1085 namespaced_name,
1086 old_sha1,
1087 0, "push", &err)) {
1088 rp_error("%s", err.buf);
1089 strbuf_release(&err);
1090 return "failed to delete";
1091 }
1092 strbuf_release(&err);
1093 return NULL; /* good */
1094 }
1095 else {
1096 struct strbuf err = STRBUF_INIT;
1097 if (shallow_update && si->shallow_ref[cmd->index] &&
1098 update_shallow_ref(cmd, si))
1099 return "shallow error";
1100 if (ref_transaction_update(transaction,
1102 namespaced_name,
1103 new_sha1, old_sha1,
1104 0, "push",
1105 &err)) {
1106 rp_error("%s", err.buf);
1107 strbuf_release(&err);
1108 return "failed to update ref";
1110 }
1111 strbuf_release(&err);
1112 return NULL; /* good */
1114 }
1115}
1116static void run_update_post_hook(struct command *commands)
1118{
1119 struct command *cmd;
1120 int argc;
1121 struct child_process proc = CHILD_PROCESS_INIT;
1122 const char *hook;
1123 hook = find_hook("post-update");
1125 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1126 if (cmd->error_string || cmd->did_not_exist)
1127 continue;
1128 argc++;
1129 }
1130 if (!argc || !hook)
1131 return;
1132 argv_array_push(&proc.args, hook);
1134 for (cmd = commands; cmd; cmd = cmd->next) {
1135 if (cmd->error_string || cmd->did_not_exist)
1136 continue;
1137 argv_array_push(&proc.args, cmd->ref_name);
1138 }
1139 proc.no_stdin = 1;
1141 proc.stdout_to_stderr = 1;
1142 proc.err = use_sideband ? -1 : 0;
1143 if (!start_command(&proc)) {
1145 if (use_sideband)
1146 copy_to_sideband(proc.err, -1, NULL);
1147 finish_command(&proc);
1148 }
1149}
1150static void check_aliased_update(struct command *cmd, struct string_list *list)
1152{
1153 struct strbuf buf = STRBUF_INIT;
1154 const char *dst_name;
1155 struct string_list_item *item;
1156 struct command *dst_cmd;
1157 unsigned char sha1[GIT_SHA1_RAWSZ];
1158 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1159 cmd_newh[GIT_SHA1_HEXSZ + 1],
1160 dst_oldh[GIT_SHA1_HEXSZ + 1],
1161 dst_newh[GIT_SHA1_HEXSZ + 1];
1162 int flag;
1163 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1165 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1166 strbuf_release(&buf);
1167 if (!(flag & REF_ISSYMREF))
1169 return;
1170 if (!dst_name) {
1172 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1173 cmd->skip_update = 1;
1174 cmd->error_string = "broken symref";
1175 return;
1176 }
1177 dst_name = strip_namespace(dst_name);
1178 if ((item = string_list_lookup(list, dst_name)) == NULL)
1180 return;
1181 cmd->skip_update = 1;
1183 dst_cmd = (struct command *) item->util;
1185 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1187 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1188 return;
1189 dst_cmd->skip_update = 1;
1191 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1193 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1194 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1195 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1196 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1197 " its target '%s' (%s..%s)",
1198 cmd->ref_name, cmd_oldh, cmd_newh,
1199 dst_cmd->ref_name, dst_oldh, dst_newh);
1200 cmd->error_string = dst_cmd->error_string =
1202 "inconsistent aliased update";
1203}
1204static void check_aliased_updates(struct command *commands)
1206{
1207 struct command *cmd;
1208 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1209 for (cmd = commands; cmd; cmd = cmd->next) {
1211 struct string_list_item *item =
1212 string_list_append(&ref_list, cmd->ref_name);
1213 item->util = (void *)cmd;
1214 }
1215 string_list_sort(&ref_list);
1216 for (cmd = commands; cmd; cmd = cmd->next) {
1218 if (!cmd->error_string)
1219 check_aliased_update(cmd, &ref_list);
1220 }
1221 string_list_clear(&ref_list, 0);
1223}
1224static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1226{
1227 struct command **cmd_list = cb_data;
1228 struct command *cmd = *cmd_list;
1229 if (!cmd || is_null_sha1(cmd->new_sha1))
1231 return -1; /* end of list */
1232 *cmd_list = NULL; /* this returns only one */
1233 hashcpy(sha1, cmd->new_sha1);
1234 return 0;
1235}
1236static void set_connectivity_errors(struct command *commands,
1238 struct shallow_info *si)
1239{
1240 struct command *cmd;
1241 for (cmd = commands; cmd; cmd = cmd->next) {
1243 struct command *singleton = cmd;
1244 if (shallow_update && si->shallow_ref[cmd->index])
1245 /* to be checked in update_shallow_ref() */
1246 continue;
1247 if (!check_connected(command_singleton_iterator, &singleton,
1248 NULL))
1249 continue;
1250 cmd->error_string = "missing necessary objects";
1251 }
1252}
1253struct iterate_data {
1255 struct command *cmds;
1256 struct shallow_info *si;
1257};
1258static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1260{
1261 struct iterate_data *data = cb_data;
1262 struct command **cmd_list = &data->cmds;
1263 struct command *cmd = *cmd_list;
1264 for (; cmd; cmd = cmd->next) {
1266 if (shallow_update && data->si->shallow_ref[cmd->index])
1267 /* to be checked in update_shallow_ref() */
1268 continue;
1269 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1270 hashcpy(sha1, cmd->new_sha1);
1271 *cmd_list = cmd->next;
1272 return 0;
1273 }
1274 }
1275 *cmd_list = NULL;
1276 return -1; /* end of list */
1277}
1278static void reject_updates_to_hidden(struct command *commands)
1280{
1281 struct strbuf refname_full = STRBUF_INIT;
1282 size_t prefix_len;
1283 struct command *cmd;
1284 strbuf_addstr(&refname_full, get_git_namespace());
1286 prefix_len = refname_full.len;
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1289 if (cmd->error_string)
1290 continue;
1291 strbuf_setlen(&refname_full, prefix_len);
1293 strbuf_addstr(&refname_full, cmd->ref_name);
1294 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1296 continue;
1297 if (is_null_sha1(cmd->new_sha1))
1298 cmd->error_string = "deny deleting a hidden ref";
1299 else
1300 cmd->error_string = "deny updating a hidden ref";
1301 }
1302 strbuf_release(&refname_full);
1304}
1305static int should_process_cmd(struct command *cmd)
1307{
1308 return !cmd->error_string && !cmd->skip_update;
1309}
1310static void warn_if_skipped_connectivity_check(struct command *commands,
1312 struct shallow_info *si)
1313{
1314 struct command *cmd;
1315 int checked_connectivity = 1;
1316 for (cmd = commands; cmd; cmd = cmd->next) {
1318 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1319 error("BUG: connectivity check has not been run on ref %s",
1320 cmd->ref_name);
1321 checked_connectivity = 0;
1322 }
1323 }
1324 if (!checked_connectivity)
1325 die("BUG: connectivity check skipped???");
1326}
1327static void execute_commands_non_atomic(struct command *commands,
1329 struct shallow_info *si)
1330{
1331 struct command *cmd;
1332 struct strbuf err = STRBUF_INIT;
1333 for (cmd = commands; cmd; cmd = cmd->next) {
1335 if (!should_process_cmd(cmd))
1336 continue;
1337 transaction = ref_transaction_begin(&err);
1339 if (!transaction) {
1340 rp_error("%s", err.buf);
1341 strbuf_reset(&err);
1342 cmd->error_string = "transaction failed to start";
1343 continue;
1344 }
1345 cmd->error_string = update(cmd, si);
1347 if (!cmd->error_string
1349 && ref_transaction_commit(transaction, &err)) {
1350 rp_error("%s", err.buf);
1351 strbuf_reset(&err);
1352 cmd->error_string = "failed to update ref";
1353 }
1354 ref_transaction_free(transaction);
1355 }
1356 strbuf_release(&err);
1357}
1358static void execute_commands_atomic(struct command *commands,
1360 struct shallow_info *si)
1361{
1362 struct command *cmd;
1363 struct strbuf err = STRBUF_INIT;
1364 const char *reported_error = "atomic push failure";
1365 transaction = ref_transaction_begin(&err);
1367 if (!transaction) {
1368 rp_error("%s", err.buf);
1369 strbuf_reset(&err);
1370 reported_error = "transaction failed to start";
1371 goto failure;
1372 }
1373 for (cmd = commands; cmd; cmd = cmd->next) {
1375 if (!should_process_cmd(cmd))
1376 continue;
1377 cmd->error_string = update(cmd, si);
1379 if (cmd->error_string)
1381 goto failure;
1382 }
1383 if (ref_transaction_commit(transaction, &err)) {
1385 rp_error("%s", err.buf);
1386 reported_error = "atomic transaction failed";
1387 goto failure;
1388 }
1389 goto cleanup;
1390failure:
1392 for (cmd = commands; cmd; cmd = cmd->next)
1393 if (!cmd->error_string)
1394 cmd->error_string = reported_error;
1395cleanup:
1397 ref_transaction_free(transaction);
1398 strbuf_release(&err);
1399}
1400static void execute_commands(struct command *commands,
1402 const char *unpacker_error,
1403 struct shallow_info *si,
1404 const struct string_list *push_options)
1405{
1406 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1407 struct command *cmd;
1408 unsigned char sha1[20];
1409 struct iterate_data data;
1410 struct async muxer;
1411 int err_fd = 0;
1412 if (unpacker_error) {
1414 for (cmd = commands; cmd; cmd = cmd->next)
1415 cmd->error_string = "unpacker error";
1416 return;
1417 }
1418 if (use_sideband) {
1420 memset(&muxer, 0, sizeof(muxer));
1421 muxer.proc = copy_to_sideband;
1422 muxer.in = -1;
1423 if (!start_async(&muxer))
1424 err_fd = muxer.in;
1425 /* ...else, continue without relaying sideband */
1426 }
1427 data.cmds = commands;
1429 data.si = si;
1430 opt.err_fd = err_fd;
1431 opt.progress = err_fd && !quiet;
1432 if (check_connected(iterate_receive_command_list, &data, &opt))
1433 set_connectivity_errors(commands, si);
1434 if (use_sideband)
1436 finish_async(&muxer);
1437 reject_updates_to_hidden(commands);
1439 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1441 for (cmd = commands; cmd; cmd = cmd->next) {
1442 if (!cmd->error_string)
1443 cmd->error_string = "pre-receive hook declined";
1444 }
1445 return;
1446 }
1447 check_aliased_updates(commands);
1449 free(head_name_to_free);
1451 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1452 if (use_atomic)
1454 execute_commands_atomic(commands, si);
1455 else
1456 execute_commands_non_atomic(commands, si);
1457 if (shallow_update)
1459 warn_if_skipped_connectivity_check(commands, si);
1460}
1461static struct command **queue_command(struct command **tail,
1463 const char *line,
1464 int linelen)
1465{
1466 unsigned char old_sha1[20], new_sha1[20];
1467 struct command *cmd;
1468 const char *refname;
1469 int reflen;
1470 if (linelen < 83 ||
1472 line[40] != ' ' ||
1473 line[81] != ' ' ||
1474 get_sha1_hex(line, old_sha1) ||
1475 get_sha1_hex(line + 41, new_sha1))
1476 die("protocol error: expected old/new/ref, got '%s'", line);
1477 refname = line + 82;
1479 reflen = linelen - 82;
1480 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1481 hashcpy(cmd->old_sha1, old_sha1);
1482 hashcpy(cmd->new_sha1, new_sha1);
1483 *tail = cmd;
1484 return &cmd->next;
1485}
1486static void queue_commands_from_cert(struct command **tail,
1488 struct strbuf *push_cert)
1489{
1490 const char *boc, *eoc;
1491 if (*tail)
1493 die("protocol error: got both push certificate and unsigned commands");
1494 boc = strstr(push_cert->buf, "\n\n");
1496 if (!boc)
1497 die("malformed push certificate %.*s", 100, push_cert->buf);
1498 else
1499 boc += 2;
1500 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1501 while (boc < eoc) {
1503 const char *eol = memchr(boc, '\n', eoc - boc);
1504 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1505 boc = eol ? eol + 1 : eoc;
1506 }
1507}
1508static struct command *read_head_info(struct sha1_array *shallow)
1510{
1511 struct command *commands = NULL;
1512 struct command **p = &commands;
1513 for (;;) {
1514 char *line;
1515 int len, linelen;
1516 line = packet_read_line(0, &len);
1518 if (!line)
1519 break;
1520 if (len == 48 && starts_with(line, "shallow ")) {
1522 unsigned char sha1[20];
1523 if (get_sha1_hex(line + 8, sha1))
1524 die("protocol error: expected shallow sha, got '%s'",
1525 line + 8);
1526 sha1_array_append(shallow, sha1);
1527 continue;
1528 }
1529 linelen = strlen(line);
1531 if (linelen < len) {
1532 const char *feature_list = line + linelen + 1;
1533 if (parse_feature_request(feature_list, "report-status"))
1534 report_status = 1;
1535 if (parse_feature_request(feature_list, "side-band-64k"))
1536 use_sideband = LARGE_PACKET_MAX;
1537 if (parse_feature_request(feature_list, "quiet"))
1538 quiet = 1;
1539 if (advertise_atomic_push
1540 && parse_feature_request(feature_list, "atomic"))
1541 use_atomic = 1;
1542 if (advertise_push_options
1543 && parse_feature_request(feature_list, "push-options"))
1544 use_push_options = 1;
1545 }
1546 if (!strcmp(line, "push-cert")) {
1548 int true_flush = 0;
1549 char certbuf[1024];
1550 for (;;) {
1552 len = packet_read(0, NULL, NULL,
1553 certbuf, sizeof(certbuf), 0);
1554 if (!len) {
1555 true_flush = 1;
1556 break;
1557 }
1558 if (!strcmp(certbuf, "push-cert-end\n"))
1559 break; /* end of cert */
1560 strbuf_addstr(&push_cert, certbuf);
1561 }
1562 if (true_flush)
1564 break;
1565 continue;
1566 }
1567 p = queue_command(p, line, linelen);
1569 }
1570 if (push_cert.len)
1572 queue_commands_from_cert(p, &push_cert);
1573 return commands;
1575}
1576static void read_push_options(struct string_list *options)
1578{
1579 while (1) {
1580 char *line;
1581 int len;
1582 line = packet_read_line(0, &len);
1584 if (!line)
1586 break;
1587 string_list_append(options, line);
1589 }
1590}
1591static const char *parse_pack_header(struct pack_header *hdr)
1593{
1594 switch (read_pack_header(0, hdr)) {
1595 case PH_ERROR_EOF:
1596 return "eof before pack header was fully read";
1597 case PH_ERROR_PACK_SIGNATURE:
1599 return "protocol error (pack signature mismatch detected)";
1600 case PH_ERROR_PROTOCOL:
1602 return "protocol error (pack version unsupported)";
1603 default:
1605 return "unknown error in parse_pack_header";
1606 case 0:
1608 return NULL;
1609 }
1610}
1611static const char *pack_lockfile;
1613static const char *unpack(int err_fd, struct shallow_info *si)
1615{
1616 struct pack_header hdr;
1617 const char *hdr_err;
1618 int status;
1619 char hdr_arg[38];
1620 struct child_process child = CHILD_PROCESS_INIT;
1621 int fsck_objects = (receive_fsck_objects >= 0
1622 ? receive_fsck_objects
1623 : transfer_fsck_objects >= 0
1624 ? transfer_fsck_objects
1625 : 0);
1626 hdr_err = parse_pack_header(&hdr);
1628 if (hdr_err) {
1629 if (err_fd > 0)
1630 close(err_fd);
1631 return hdr_err;
1632 }
1633 snprintf(hdr_arg, sizeof(hdr_arg),
1634 "--pack_header=%"PRIu32",%"PRIu32,
1635 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1636 if (si->nr_ours || si->nr_theirs) {
1638 alt_shallow_file = setup_temporary_shallow(si->shallow);
1639 argv_array_push(&child.args, "--shallow-file");
1640 argv_array_push(&child.args, alt_shallow_file);
1641 }
1642 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1644 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1645 if (quiet)
1646 argv_array_push(&child.args, "-q");
1647 if (fsck_objects)
1648 argv_array_pushf(&child.args, "--strict%s",
1649 fsck_msg_types.buf);
1650 if (max_input_size)
1651 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1652 (uintmax_t)max_input_size);
1653 child.no_stdout = 1;
1654 child.err = err_fd;
1655 child.git_cmd = 1;
1656 status = run_command(&child);
1657 if (status)
1658 return "unpack-objects abnormal exit";
1659 } else {
1660 char hostname[256];
1661 argv_array_pushl(&child.args, "index-pack",
1663 "--stdin", hdr_arg, NULL);
1664 if (gethostname(hostname, sizeof(hostname)))
1666 xsnprintf(hostname, sizeof(hostname), "localhost");
1667 argv_array_pushf(&child.args,
1668 "--keep=receive-pack %"PRIuMAX" on %s",
1669 (uintmax_t)getpid(),
1670 hostname);
1671 if (!quiet && err_fd)
1673 argv_array_push(&child.args, "--show-resolving-progress");
1674 if (use_sideband)
1675 argv_array_push(&child.args, "--report-end-of-input");
1676 if (fsck_objects)
1677 argv_array_pushf(&child.args, "--strict%s",
1678 fsck_msg_types.buf);
1679 if (!reject_thin)
1680 argv_array_push(&child.args, "--fix-thin");
1681 if (max_input_size)
1682 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1683 (uintmax_t)max_input_size);
1684 child.out = -1;
1685 child.err = err_fd;
1686 child.git_cmd = 1;
1687 status = start_command(&child);
1688 if (status)
1689 return "index-pack fork failed";
1690 pack_lockfile = index_pack_lockfile(child.out);
1691 close(child.out);
1692 status = finish_command(&child);
1693 if (status)
1694 return "index-pack abnormal exit";
1695 reprepare_packed_git();
1696 }
1697 return NULL;
1698}
1699static const char *unpack_with_sideband(struct shallow_info *si)
1701{
1702 struct async muxer;
1703 const char *ret;
1704 if (!use_sideband)
1706 return unpack(0, si);
1707 use_keepalive = KEEPALIVE_AFTER_NUL;
1709 memset(&muxer, 0, sizeof(muxer));
1710 muxer.proc = copy_to_sideband;
1711 muxer.in = -1;
1712 if (start_async(&muxer))
1713 return NULL;
1714 ret = unpack(muxer.in, si);
1716 finish_async(&muxer);
1718 return ret;
1719}
1720static void prepare_shallow_update(struct command *commands,
1722 struct shallow_info *si)
1723{
1724 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1725 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1727 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1728 si->need_reachability_test =
1730 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1731 si->reachable =
1732 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1733 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1734 for (i = 0; i < si->nr_ours; i++)
1736 si->need_reachability_test[si->ours[i]] = 1;
1737 for (i = 0; i < si->shallow->nr; i++) {
1739 if (!si->used_shallow[i])
1740 continue;
1741 for (j = 0; j < bitmap_size; j++) {
1742 if (!si->used_shallow[i][j])
1743 continue;
1744 si->need_reachability_test[i]++;
1745 for (k = 0; k < 32; k++)
1746 if (si->used_shallow[i][j] & (1U << k))
1747 si->shallow_ref[j * 32 + k]++;
1748 }
1749 /*
1751 * true for those associated with some refs and belong
1752 * in "ours" list aka "step 7 not done yet"
1753 */
1754 si->need_reachability_test[i] =
1755 si->need_reachability_test[i] > 1;
1756 }
1757 /*
1759 * keep hooks happy by forcing a temporary shallow file via
1760 * env variable because we can't add --shallow-file to every
1761 * command. check_everything_connected() will be done with
1762 * true .git/shallow though.
1763 */
1764 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1765}
1766static void update_shallow_info(struct command *commands,
1768 struct shallow_info *si,
1769 struct sha1_array *ref)
1770{
1771 struct command *cmd;
1772 int *ref_status;
1773 remove_nonexistent_theirs_shallow(si);
1774 if (!si->nr_ours && !si->nr_theirs) {
1775 shallow_update = 0;
1776 return;
1777 }
1778 for (cmd = commands; cmd; cmd = cmd->next) {
1780 if (is_null_sha1(cmd->new_sha1))
1781 continue;
1782 sha1_array_append(ref, cmd->new_sha1);
1783 cmd->index = ref->nr - 1;
1784 }
1785 si->ref = ref;
1786 if (shallow_update) {
1788 prepare_shallow_update(commands, si);
1789 return;
1790 }
1791 ALLOC_ARRAY(ref_status, ref->nr);
1793 assign_shallow_commits_to_refs(si, NULL, ref_status);
1794 for (cmd = commands; cmd; cmd = cmd->next) {
1795 if (is_null_sha1(cmd->new_sha1))
1796 continue;
1797 if (ref_status[cmd->index]) {
1798 cmd->error_string = "shallow update not allowed";
1799 cmd->skip_update = 1;
1800 }
1801 }
1802 free(ref_status);
1803}
1804static void report(struct command *commands, const char *unpack_status)
1806{
1807 struct command *cmd;
1808 struct strbuf buf = STRBUF_INIT;
1809 packet_buf_write(&buf, "unpack %s\n",
1811 unpack_status ? unpack_status : "ok");
1812 for (cmd = commands; cmd; cmd = cmd->next) {
1813 if (!cmd->error_string)
1814 packet_buf_write(&buf, "ok %s\n",
1815 cmd->ref_name);
1816 else
1817 packet_buf_write(&buf, "ng %s %s\n",
1818 cmd->ref_name, cmd->error_string);
1819 }
1820 packet_buf_flush(&buf);
1821 if (use_sideband)
1823 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1824 else
1825 write_or_die(1, buf.buf, buf.len);
1826 strbuf_release(&buf);
1827}
1828static int delete_only(struct command *commands)
1830{
1831 struct command *cmd;
1832 for (cmd = commands; cmd; cmd = cmd->next) {
1833 if (!is_null_sha1(cmd->new_sha1))
1834 return 0;
1835 }
1836 return 1;
1837}
1838int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1840{
1841 int advertise_refs = 0;
1842 struct command *commands;
1843 struct sha1_array shallow = SHA1_ARRAY_INIT;
1844 struct sha1_array ref = SHA1_ARRAY_INIT;
1845 struct shallow_info si;
1846 struct option options[] = {
1848 OPT__QUIET(&quiet, N_("quiet")),
1849 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1850 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1851 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1852 OPT_END()
1853 };
1854 packet_trace_identity("receive-pack");
1856 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1858 if (argc > 1)
1860 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1861 if (argc == 0)
1862 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1863 service_dir = argv[0];
1865 setup_path();
1867 if (!enter_repo(service_dir, 0))
1869 die("'%s' does not appear to be a git repository", service_dir);
1870 git_config(receive_pack_config, NULL);
1872 if (cert_nonce_seed)
1873 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1874 if (0 <= transfer_unpack_limit)
1876 unpack_limit = transfer_unpack_limit;
1877 else if (0 <= receive_unpack_limit)
1878 unpack_limit = receive_unpack_limit;
1879 if (advertise_refs || !stateless_rpc) {
1881 write_head_info();
1882 }
1883 if (advertise_refs)
1884 return 0;
1885 if ((commands = read_head_info(&shallow)) != NULL) {
1887 const char *unpack_status = NULL;
1888 struct string_list push_options = STRING_LIST_INIT_DUP;
1889 if (use_push_options)
1891 read_push_options(&push_options);
1892 prepare_shallow_info(&si, &shallow);
1894 if (!si.nr_ours && !si.nr_theirs)
1895 shallow_update = 0;
1896 if (!delete_only(commands)) {
1897 unpack_status = unpack_with_sideband(&si);
1898 update_shallow_info(commands, &si, &ref);
1899 }
1900 use_keepalive = KEEPALIVE_ALWAYS;
1901 execute_commands(commands, unpack_status, &si,
1902 &push_options);
1903 if (pack_lockfile)
1904 unlink_or_warn(pack_lockfile);
1905 if (report_status)
1906 report(commands, unpack_status);
1907 run_receive_hook(commands, "post-receive", 1,
1908 &push_options);
1909 run_update_post_hook(commands);
1910 if (push_options.nr)
1911 string_list_clear(&push_options, 0);
1912 if (auto_gc) {
1913 const char *argv_gc_auto[] = {
1914 "gc", "--auto", "--quiet", NULL,
1915 };
1916 struct child_process proc = CHILD_PROCESS_INIT;
1917 proc.no_stdin = 1;
1919 proc.stdout_to_stderr = 1;
1920 proc.err = use_sideband ? -1 : 0;
1921 proc.git_cmd = 1;
1922 proc.argv = argv_gc_auto;
1923 close_all_packs();
1925 if (!start_command(&proc)) {
1926 if (use_sideband)
1927 copy_to_sideband(proc.err, -1, NULL);
1928 finish_command(&proc);
1929 }
1930 }
1931 if (auto_update_server_info)
1932 update_server_info(0);
1933 clear_shallow_info(&si);
1934 }
1935 if (use_sideband)
1936 packet_flush(1);
1937 sha1_array_clear(&shallow);
1938 sha1_array_clear(&ref);
1939 free((void *)push_cert_nonce);
1940 return 0;
1941}