1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23
24static const char receive_pack_usage[] = "git receive-pack <git-dir>";
25
26enum deny_action {
27 DENY_UNCONFIGURED,
28 DENY_IGNORE,
29 DENY_WARN,
30 DENY_REFUSE,
31 DENY_UPDATE_INSTEAD
32};
33
34static int deny_deletes;
35static int deny_non_fast_forwards;
36static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
37static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
38static int receive_fsck_objects = -1;
39static int transfer_fsck_objects = -1;
40static struct strbuf fsck_msg_types = STRBUF_INIT;
41static int receive_unpack_limit = -1;
42static int transfer_unpack_limit = -1;
43static int advertise_atomic_push = 1;
44static int unpack_limit = 100;
45static int report_status;
46static int use_sideband;
47static int use_atomic;
48static int quiet;
49static int prefer_ofs_delta = 1;
50static int auto_update_server_info;
51static int auto_gc = 1;
52static int fix_thin = 1;
53static int stateless_rpc;
54static const char *service_dir;
55static const char *head_name;
56static void *head_name_to_free;
57static int sent_capabilities;
58static int shallow_update;
59static const char *alt_shallow_file;
60static struct strbuf push_cert = STRBUF_INIT;
61static unsigned char push_cert_sha1[20];
62static struct signature_check sigcheck;
63static const char *push_cert_nonce;
64static const char *cert_nonce_seed;
65
66static const char *NONCE_UNSOLICITED = "UNSOLICITED";
67static const char *NONCE_BAD = "BAD";
68static const char *NONCE_MISSING = "MISSING";
69static const char *NONCE_OK = "OK";
70static const char *NONCE_SLOP = "SLOP";
71static const char *nonce_status;
72static long nonce_stamp_slop;
73static unsigned long nonce_stamp_slop_limit;
74static struct ref_transaction *transaction;
75
76static enum deny_action parse_deny_action(const char *var, const char *value)
77{
78 if (value) {
79 if (!strcasecmp(value, "ignore"))
80 return DENY_IGNORE;
81 if (!strcasecmp(value, "warn"))
82 return DENY_WARN;
83 if (!strcasecmp(value, "refuse"))
84 return DENY_REFUSE;
85 if (!strcasecmp(value, "updateinstead"))
86 return DENY_UPDATE_INSTEAD;
87 }
88 if (git_config_bool(var, value))
89 return DENY_REFUSE;
90 return DENY_IGNORE;
91}
92
93static int receive_pack_config(const char *var, const char *value, void *cb)
94{
95 int status = parse_hide_refs_config(var, value, "receive");
96
97 if (status)
98 return status;
99
100 if (strcmp(var, "receive.denydeletes") == 0) {
101 deny_deletes = git_config_bool(var, value);
102 return 0;
103 }
104
105 if (strcmp(var, "receive.denynonfastforwards") == 0) {
106 deny_non_fast_forwards = git_config_bool(var, value);
107 return 0;
108 }
109
110 if (strcmp(var, "receive.unpacklimit") == 0) {
111 receive_unpack_limit = git_config_int(var, value);
112 return 0;
113 }
114
115 if (strcmp(var, "transfer.unpacklimit") == 0) {
116 transfer_unpack_limit = git_config_int(var, value);
117 return 0;
118 }
119
120 if (strcmp(var, "receive.fsck.skiplist") == 0) {
121 const char *path;
122
123 if (git_config_pathname(&path, var, value))
124 return 1;
125 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
126 fsck_msg_types.len ? ',' : '=', path);
127 free((char *)path);
128 return 0;
129 }
130
131 if (skip_prefix(var, "receive.fsck.", &var)) {
132 if (is_valid_msg_type(var, value))
133 strbuf_addf(&fsck_msg_types, "%c%s=%s",
134 fsck_msg_types.len ? ',' : '=', var, value);
135 else
136 warning("Skipping unknown msg id '%s'", var);
137 return 0;
138 }
139
140 if (strcmp(var, "receive.fsckobjects") == 0) {
141 receive_fsck_objects = git_config_bool(var, value);
142 return 0;
143 }
144
145 if (strcmp(var, "transfer.fsckobjects") == 0) {
146 transfer_fsck_objects = git_config_bool(var, value);
147 return 0;
148 }
149
150 if (!strcmp(var, "receive.denycurrentbranch")) {
151 deny_current_branch = parse_deny_action(var, value);
152 return 0;
153 }
154
155 if (strcmp(var, "receive.denydeletecurrent") == 0) {
156 deny_delete_current = parse_deny_action(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
161 prefer_ofs_delta = git_config_bool(var, value);
162 return 0;
163 }
164
165 if (strcmp(var, "receive.updateserverinfo") == 0) {
166 auto_update_server_info = git_config_bool(var, value);
167 return 0;
168 }
169
170 if (strcmp(var, "receive.autogc") == 0) {
171 auto_gc = git_config_bool(var, value);
172 return 0;
173 }
174
175 if (strcmp(var, "receive.shallowupdate") == 0) {
176 shallow_update = git_config_bool(var, value);
177 return 0;
178 }
179
180 if (strcmp(var, "receive.certnonceseed") == 0)
181 return git_config_string(&cert_nonce_seed, var, value);
182
183 if (strcmp(var, "receive.certnonceslop") == 0) {
184 nonce_stamp_slop_limit = git_config_ulong(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.advertiseatomic") == 0) {
189 advertise_atomic_push = git_config_bool(var, value);
190 return 0;
191 }
192
193 return git_default_config(var, value, cb);
194}
195
196static void show_ref(const char *path, const unsigned char *sha1)
197{
198 if (sent_capabilities) {
199 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
200 } else {
201 struct strbuf cap = STRBUF_INIT;
202
203 strbuf_addstr(&cap,
204 "report-status delete-refs side-band-64k quiet");
205 if (advertise_atomic_push)
206 strbuf_addstr(&cap, " atomic");
207 if (prefer_ofs_delta)
208 strbuf_addstr(&cap, " ofs-delta");
209 if (push_cert_nonce)
210 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
211 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
212 packet_write(1, "%s %s%c%s\n",
213 sha1_to_hex(sha1), path, 0, cap.buf);
214 strbuf_release(&cap);
215 sent_capabilities = 1;
216 }
217}
218
219static int show_ref_cb(const char *path_full, const struct object_id *oid,
220 int flag, void *unused)
221{
222 const char *path = strip_namespace(path_full);
223
224 if (ref_is_hidden(path, path_full))
225 return 0;
226
227 /*
228 * Advertise refs outside our current namespace as ".have"
229 * refs, so that the client can use them to minimize data
230 * transfer but will otherwise ignore them. This happens to
231 * cover ".have" that are thrown in by add_one_alternate_ref()
232 * to mark histories that are complete in our alternates as
233 * well.
234 */
235 if (!path)
236 path = ".have";
237 show_ref(path, oid->hash);
238 return 0;
239}
240
241static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
242{
243 show_ref(".have", sha1);
244}
245
246static void collect_one_alternate_ref(const struct ref *ref, void *data)
247{
248 struct sha1_array *sa = data;
249 sha1_array_append(sa, ref->old_oid.hash);
250}
251
252static void write_head_info(void)
253{
254 struct sha1_array sa = SHA1_ARRAY_INIT;
255
256 for_each_alternate_ref(collect_one_alternate_ref, &sa);
257 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
258 sha1_array_clear(&sa);
259 for_each_ref(show_ref_cb, NULL);
260 if (!sent_capabilities)
261 show_ref("capabilities^{}", null_sha1);
262
263 advertise_shallow_grafts(1);
264
265 /* EOF */
266 packet_flush(1);
267}
268
269struct command {
270 struct command *next;
271 const char *error_string;
272 unsigned int skip_update:1,
273 did_not_exist:1;
274 int index;
275 unsigned char old_sha1[20];
276 unsigned char new_sha1[20];
277 char ref_name[FLEX_ARRAY]; /* more */
278};
279
280static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
281static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
282
283static void report_message(const char *prefix, const char *err, va_list params)
284{
285 int sz;
286 char msg[4096];
287
288 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
289 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
290 if (sz > (sizeof(msg) - 1))
291 sz = sizeof(msg) - 1;
292 msg[sz++] = '\n';
293
294 if (use_sideband)
295 send_sideband(1, 2, msg, sz, use_sideband);
296 else
297 xwrite(2, msg, sz);
298}
299
300static void rp_warning(const char *err, ...)
301{
302 va_list params;
303 va_start(params, err);
304 report_message("warning: ", err, params);
305 va_end(params);
306}
307
308static void rp_error(const char *err, ...)
309{
310 va_list params;
311 va_start(params, err);
312 report_message("error: ", err, params);
313 va_end(params);
314}
315
316static int copy_to_sideband(int in, int out, void *arg)
317{
318 char data[128];
319 while (1) {
320 ssize_t sz = xread(in, data, sizeof(data));
321 if (sz <= 0)
322 break;
323 send_sideband(1, 2, data, sz, use_sideband);
324 }
325 close(in);
326 return 0;
327}
328
329#define HMAC_BLOCK_SIZE 64
330
331static void hmac_sha1(unsigned char *out,
332 const char *key_in, size_t key_len,
333 const char *text, size_t text_len)
334{
335 unsigned char key[HMAC_BLOCK_SIZE];
336 unsigned char k_ipad[HMAC_BLOCK_SIZE];
337 unsigned char k_opad[HMAC_BLOCK_SIZE];
338 int i;
339 git_SHA_CTX ctx;
340
341 /* RFC 2104 2. (1) */
342 memset(key, '\0', HMAC_BLOCK_SIZE);
343 if (HMAC_BLOCK_SIZE < key_len) {
344 git_SHA1_Init(&ctx);
345 git_SHA1_Update(&ctx, key_in, key_len);
346 git_SHA1_Final(key, &ctx);
347 } else {
348 memcpy(key, key_in, key_len);
349 }
350
351 /* RFC 2104 2. (2) & (5) */
352 for (i = 0; i < sizeof(key); i++) {
353 k_ipad[i] = key[i] ^ 0x36;
354 k_opad[i] = key[i] ^ 0x5c;
355 }
356
357 /* RFC 2104 2. (3) & (4) */
358 git_SHA1_Init(&ctx);
359 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
360 git_SHA1_Update(&ctx, text, text_len);
361 git_SHA1_Final(out, &ctx);
362
363 /* RFC 2104 2. (6) & (7) */
364 git_SHA1_Init(&ctx);
365 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
366 git_SHA1_Update(&ctx, out, 20);
367 git_SHA1_Final(out, &ctx);
368}
369
370static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
371{
372 struct strbuf buf = STRBUF_INIT;
373 unsigned char sha1[20];
374
375 strbuf_addf(&buf, "%s:%lu", path, stamp);
376 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
377 strbuf_release(&buf);
378
379 /* RFC 2104 5. HMAC-SHA1-80 */
380 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
381 return strbuf_detach(&buf, NULL);
382}
383
384/*
385 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
386 * after dropping "_commit" from its name and possibly moving it out
387 * of commit.c
388 */
389static char *find_header(const char *msg, size_t len, const char *key)
390{
391 int key_len = strlen(key);
392 const char *line = msg;
393
394 while (line && line < msg + len) {
395 const char *eol = strchrnul(line, '\n');
396
397 if ((msg + len <= eol) || line == eol)
398 return NULL;
399 if (line + key_len < eol &&
400 !memcmp(line, key, key_len) && line[key_len] == ' ') {
401 int offset = key_len + 1;
402 return xmemdupz(line + offset, (eol - line) - offset);
403 }
404 line = *eol ? eol + 1 : NULL;
405 }
406 return NULL;
407}
408
409static const char *check_nonce(const char *buf, size_t len)
410{
411 char *nonce = find_header(buf, len, "nonce");
412 unsigned long stamp, ostamp;
413 char *bohmac, *expect = NULL;
414 const char *retval = NONCE_BAD;
415
416 if (!nonce) {
417 retval = NONCE_MISSING;
418 goto leave;
419 } else if (!push_cert_nonce) {
420 retval = NONCE_UNSOLICITED;
421 goto leave;
422 } else if (!strcmp(push_cert_nonce, nonce)) {
423 retval = NONCE_OK;
424 goto leave;
425 }
426
427 if (!stateless_rpc) {
428 /* returned nonce MUST match what we gave out earlier */
429 retval = NONCE_BAD;
430 goto leave;
431 }
432
433 /*
434 * In stateless mode, we may be receiving a nonce issued by
435 * another instance of the server that serving the same
436 * repository, and the timestamps may not match, but the
437 * nonce-seed and dir should match, so we can recompute and
438 * report the time slop.
439 *
440 * In addition, when a nonce issued by another instance has
441 * timestamp within receive.certnonceslop seconds, we pretend
442 * as if we issued that nonce when reporting to the hook.
443 */
444
445 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
446 if (*nonce <= '0' || '9' < *nonce) {
447 retval = NONCE_BAD;
448 goto leave;
449 }
450 stamp = strtoul(nonce, &bohmac, 10);
451 if (bohmac == nonce || bohmac[0] != '-') {
452 retval = NONCE_BAD;
453 goto leave;
454 }
455
456 expect = prepare_push_cert_nonce(service_dir, stamp);
457 if (strcmp(expect, nonce)) {
458 /* Not what we would have signed earlier */
459 retval = NONCE_BAD;
460 goto leave;
461 }
462
463 /*
464 * By how many seconds is this nonce stale? Negative value
465 * would mean it was issued by another server with its clock
466 * skewed in the future.
467 */
468 ostamp = strtoul(push_cert_nonce, NULL, 10);
469 nonce_stamp_slop = (long)ostamp - (long)stamp;
470
471 if (nonce_stamp_slop_limit &&
472 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
473 /*
474 * Pretend as if the received nonce (which passes the
475 * HMAC check, so it is not a forged by third-party)
476 * is what we issued.
477 */
478 free((void *)push_cert_nonce);
479 push_cert_nonce = xstrdup(nonce);
480 retval = NONCE_OK;
481 } else {
482 retval = NONCE_SLOP;
483 }
484
485leave:
486 free(nonce);
487 free(expect);
488 return retval;
489}
490
491static void prepare_push_cert_sha1(struct child_process *proc)
492{
493 static int already_done;
494
495 if (!push_cert.len)
496 return;
497
498 if (!already_done) {
499 struct strbuf gpg_output = STRBUF_INIT;
500 struct strbuf gpg_status = STRBUF_INIT;
501 int bogs /* beginning_of_gpg_sig */;
502
503 already_done = 1;
504 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
505 hashclr(push_cert_sha1);
506
507 memset(&sigcheck, '\0', sizeof(sigcheck));
508 sigcheck.result = 'N';
509
510 bogs = parse_signature(push_cert.buf, push_cert.len);
511 if (verify_signed_buffer(push_cert.buf, bogs,
512 push_cert.buf + bogs, push_cert.len - bogs,
513 &gpg_output, &gpg_status) < 0) {
514 ; /* error running gpg */
515 } else {
516 sigcheck.payload = push_cert.buf;
517 sigcheck.gpg_output = gpg_output.buf;
518 sigcheck.gpg_status = gpg_status.buf;
519 parse_gpg_output(&sigcheck);
520 }
521
522 strbuf_release(&gpg_output);
523 strbuf_release(&gpg_status);
524 nonce_status = check_nonce(push_cert.buf, bogs);
525 }
526 if (!is_null_sha1(push_cert_sha1)) {
527 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
528 sha1_to_hex(push_cert_sha1));
529 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
530 sigcheck.signer ? sigcheck.signer : "");
531 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
532 sigcheck.key ? sigcheck.key : "");
533 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
534 sigcheck.result);
535 if (push_cert_nonce) {
536 argv_array_pushf(&proc->env_array,
537 "GIT_PUSH_CERT_NONCE=%s",
538 push_cert_nonce);
539 argv_array_pushf(&proc->env_array,
540 "GIT_PUSH_CERT_NONCE_STATUS=%s",
541 nonce_status);
542 if (nonce_status == NONCE_SLOP)
543 argv_array_pushf(&proc->env_array,
544 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
545 nonce_stamp_slop);
546 }
547 }
548}
549
550typedef int (*feed_fn)(void *, const char **, size_t *);
551static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
552{
553 struct child_process proc = CHILD_PROCESS_INIT;
554 struct async muxer;
555 const char *argv[2];
556 int code;
557
558 argv[0] = find_hook(hook_name);
559 if (!argv[0])
560 return 0;
561
562 argv[1] = NULL;
563
564 proc.argv = argv;
565 proc.in = -1;
566 proc.stdout_to_stderr = 1;
567
568 if (use_sideband) {
569 memset(&muxer, 0, sizeof(muxer));
570 muxer.proc = copy_to_sideband;
571 muxer.in = -1;
572 code = start_async(&muxer);
573 if (code)
574 return code;
575 proc.err = muxer.in;
576 }
577
578 prepare_push_cert_sha1(&proc);
579
580 code = start_command(&proc);
581 if (code) {
582 if (use_sideband)
583 finish_async(&muxer);
584 return code;
585 }
586
587 sigchain_push(SIGPIPE, SIG_IGN);
588
589 while (1) {
590 const char *buf;
591 size_t n;
592 if (feed(feed_state, &buf, &n))
593 break;
594 if (write_in_full(proc.in, buf, n) != n)
595 break;
596 }
597 close(proc.in);
598 if (use_sideband)
599 finish_async(&muxer);
600
601 sigchain_pop(SIGPIPE);
602
603 return finish_command(&proc);
604}
605
606struct receive_hook_feed_state {
607 struct command *cmd;
608 int skip_broken;
609 struct strbuf buf;
610};
611
612static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
613{
614 struct receive_hook_feed_state *state = state_;
615 struct command *cmd = state->cmd;
616
617 while (cmd &&
618 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
619 cmd = cmd->next;
620 if (!cmd)
621 return -1; /* EOF */
622 strbuf_reset(&state->buf);
623 strbuf_addf(&state->buf, "%s %s %s\n",
624 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
625 cmd->ref_name);
626 state->cmd = cmd->next;
627 if (bufp) {
628 *bufp = state->buf.buf;
629 *sizep = state->buf.len;
630 }
631 return 0;
632}
633
634static int run_receive_hook(struct command *commands, const char *hook_name,
635 int skip_broken)
636{
637 struct receive_hook_feed_state state;
638 int status;
639
640 strbuf_init(&state.buf, 0);
641 state.cmd = commands;
642 state.skip_broken = skip_broken;
643 if (feed_receive_hook(&state, NULL, NULL))
644 return 0;
645 state.cmd = commands;
646 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
647 strbuf_release(&state.buf);
648 return status;
649}
650
651static int run_update_hook(struct command *cmd)
652{
653 const char *argv[5];
654 struct child_process proc = CHILD_PROCESS_INIT;
655 int code;
656
657 argv[0] = find_hook("update");
658 if (!argv[0])
659 return 0;
660
661 argv[1] = cmd->ref_name;
662 argv[2] = sha1_to_hex(cmd->old_sha1);
663 argv[3] = sha1_to_hex(cmd->new_sha1);
664 argv[4] = NULL;
665
666 proc.no_stdin = 1;
667 proc.stdout_to_stderr = 1;
668 proc.err = use_sideband ? -1 : 0;
669 proc.argv = argv;
670
671 code = start_command(&proc);
672 if (code)
673 return code;
674 if (use_sideband)
675 copy_to_sideband(proc.err, -1, NULL);
676 return finish_command(&proc);
677}
678
679static int is_ref_checked_out(const char *ref)
680{
681 if (is_bare_repository())
682 return 0;
683
684 if (!head_name)
685 return 0;
686 return !strcmp(head_name, ref);
687}
688
689static char *refuse_unconfigured_deny_msg[] = {
690 "By default, updating the current branch in a non-bare repository",
691 "is denied, because it will make the index and work tree inconsistent",
692 "with what you pushed, and will require 'git reset --hard' to match",
693 "the work tree to HEAD.",
694 "",
695 "You can set 'receive.denyCurrentBranch' configuration variable to",
696 "'ignore' or 'warn' in the remote repository to allow pushing into",
697 "its current branch; however, this is not recommended unless you",
698 "arranged to update its work tree to match what you pushed in some",
699 "other way.",
700 "",
701 "To squelch this message and still keep the default behaviour, set",
702 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
703};
704
705static void refuse_unconfigured_deny(void)
706{
707 int i;
708 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
709 rp_error("%s", refuse_unconfigured_deny_msg[i]);
710}
711
712static char *refuse_unconfigured_deny_delete_current_msg[] = {
713 "By default, deleting the current branch is denied, because the next",
714 "'git clone' won't result in any file checked out, causing confusion.",
715 "",
716 "You can set 'receive.denyDeleteCurrent' configuration variable to",
717 "'warn' or 'ignore' in the remote repository to allow deleting the",
718 "current branch, with or without a warning message.",
719 "",
720 "To squelch this message, you can set it to 'refuse'."
721};
722
723static void refuse_unconfigured_deny_delete_current(void)
724{
725 int i;
726 for (i = 0;
727 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
728 i++)
729 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
730}
731
732static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
733static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
734{
735 static struct lock_file shallow_lock;
736 struct sha1_array extra = SHA1_ARRAY_INIT;
737 const char *alt_file;
738 uint32_t mask = 1 << (cmd->index % 32);
739 int i;
740
741 trace_printf_key(&trace_shallow,
742 "shallow: update_shallow_ref %s\n", cmd->ref_name);
743 for (i = 0; i < si->shallow->nr; i++)
744 if (si->used_shallow[i] &&
745 (si->used_shallow[i][cmd->index / 32] & mask) &&
746 !delayed_reachability_test(si, i))
747 sha1_array_append(&extra, si->shallow->sha1[i]);
748
749 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
750 if (check_shallow_connected(command_singleton_iterator,
751 0, cmd, alt_file)) {
752 rollback_lock_file(&shallow_lock);
753 sha1_array_clear(&extra);
754 return -1;
755 }
756
757 commit_lock_file(&shallow_lock);
758
759 /*
760 * Make sure setup_alternate_shallow() for the next ref does
761 * not lose these new roots..
762 */
763 for (i = 0; i < extra.nr; i++)
764 register_shallow(extra.sha1[i]);
765
766 si->shallow_ref[cmd->index] = 0;
767 sha1_array_clear(&extra);
768 return 0;
769}
770
771/*
772 * NEEDSWORK: we should consolidate various implementions of "are we
773 * on an unborn branch?" test into one, and make the unified one more
774 * robust. !get_sha1() based check used here and elsewhere would not
775 * allow us to tell an unborn branch from corrupt ref, for example.
776 * For the purpose of fixing "deploy-to-update does not work when
777 * pushing into an empty repository" issue, this should suffice for
778 * now.
779 */
780static int head_has_history(void)
781{
782 unsigned char sha1[20];
783
784 return !get_sha1("HEAD", sha1);
785}
786
787static const char *push_to_deploy(unsigned char *sha1,
788 struct argv_array *env,
789 const char *work_tree)
790{
791 const char *update_refresh[] = {
792 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
793 };
794 const char *diff_files[] = {
795 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
796 };
797 const char *diff_index[] = {
798 "diff-index", "--quiet", "--cached", "--ignore-submodules",
799 NULL, "--", NULL
800 };
801 const char *read_tree[] = {
802 "read-tree", "-u", "-m", NULL, NULL
803 };
804 struct child_process child = CHILD_PROCESS_INIT;
805
806 child.argv = update_refresh;
807 child.env = env->argv;
808 child.dir = work_tree;
809 child.no_stdin = 1;
810 child.stdout_to_stderr = 1;
811 child.git_cmd = 1;
812 if (run_command(&child))
813 return "Up-to-date check failed";
814
815 /* run_command() does not clean up completely; reinitialize */
816 child_process_init(&child);
817 child.argv = diff_files;
818 child.env = env->argv;
819 child.dir = work_tree;
820 child.no_stdin = 1;
821 child.stdout_to_stderr = 1;
822 child.git_cmd = 1;
823 if (run_command(&child))
824 return "Working directory has unstaged changes";
825
826 /* diff-index with either HEAD or an empty tree */
827 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
828
829 child_process_init(&child);
830 child.argv = diff_index;
831 child.env = env->argv;
832 child.no_stdin = 1;
833 child.no_stdout = 1;
834 child.stdout_to_stderr = 0;
835 child.git_cmd = 1;
836 if (run_command(&child))
837 return "Working directory has staged changes";
838
839 read_tree[3] = sha1_to_hex(sha1);
840 child_process_init(&child);
841 child.argv = read_tree;
842 child.env = env->argv;
843 child.dir = work_tree;
844 child.no_stdin = 1;
845 child.no_stdout = 1;
846 child.stdout_to_stderr = 0;
847 child.git_cmd = 1;
848 if (run_command(&child))
849 return "Could not update working tree to new HEAD";
850
851 return NULL;
852}
853
854static const char *push_to_checkout_hook = "push-to-checkout";
855
856static const char *push_to_checkout(unsigned char *sha1,
857 struct argv_array *env,
858 const char *work_tree)
859{
860 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
861 if (run_hook_le(env->argv, push_to_checkout_hook,
862 sha1_to_hex(sha1), NULL))
863 return "push-to-checkout hook declined";
864 else
865 return NULL;
866}
867
868static const char *update_worktree(unsigned char *sha1)
869{
870 const char *retval;
871 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
872 struct argv_array env = ARGV_ARRAY_INIT;
873
874 if (is_bare_repository())
875 return "denyCurrentBranch = updateInstead needs a worktree";
876
877 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
878
879 if (!find_hook(push_to_checkout_hook))
880 retval = push_to_deploy(sha1, &env, work_tree);
881 else
882 retval = push_to_checkout(sha1, &env, work_tree);
883
884 argv_array_clear(&env);
885 return retval;
886}
887
888static const char *update(struct command *cmd, struct shallow_info *si)
889{
890 const char *name = cmd->ref_name;
891 struct strbuf namespaced_name_buf = STRBUF_INIT;
892 const char *namespaced_name, *ret;
893 unsigned char *old_sha1 = cmd->old_sha1;
894 unsigned char *new_sha1 = cmd->new_sha1;
895
896 /* only refs/... are allowed */
897 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
898 rp_error("refusing to create funny ref '%s' remotely", name);
899 return "funny refname";
900 }
901
902 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
903 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
904
905 if (is_ref_checked_out(namespaced_name)) {
906 switch (deny_current_branch) {
907 case DENY_IGNORE:
908 break;
909 case DENY_WARN:
910 rp_warning("updating the current branch");
911 break;
912 case DENY_REFUSE:
913 case DENY_UNCONFIGURED:
914 rp_error("refusing to update checked out branch: %s", name);
915 if (deny_current_branch == DENY_UNCONFIGURED)
916 refuse_unconfigured_deny();
917 return "branch is currently checked out";
918 case DENY_UPDATE_INSTEAD:
919 ret = update_worktree(new_sha1);
920 if (ret)
921 return ret;
922 break;
923 }
924 }
925
926 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
927 error("unpack should have generated %s, "
928 "but I can't find it!", sha1_to_hex(new_sha1));
929 return "bad pack";
930 }
931
932 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
933 if (deny_deletes && starts_with(name, "refs/heads/")) {
934 rp_error("denying ref deletion for %s", name);
935 return "deletion prohibited";
936 }
937
938 if (head_name && !strcmp(namespaced_name, head_name)) {
939 switch (deny_delete_current) {
940 case DENY_IGNORE:
941 break;
942 case DENY_WARN:
943 rp_warning("deleting the current branch");
944 break;
945 case DENY_REFUSE:
946 case DENY_UNCONFIGURED:
947 case DENY_UPDATE_INSTEAD:
948 if (deny_delete_current == DENY_UNCONFIGURED)
949 refuse_unconfigured_deny_delete_current();
950 rp_error("refusing to delete the current branch: %s", name);
951 return "deletion of the current branch prohibited";
952 default:
953 return "Invalid denyDeleteCurrent setting";
954 }
955 }
956 }
957
958 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
959 !is_null_sha1(old_sha1) &&
960 starts_with(name, "refs/heads/")) {
961 struct object *old_object, *new_object;
962 struct commit *old_commit, *new_commit;
963
964 old_object = parse_object(old_sha1);
965 new_object = parse_object(new_sha1);
966
967 if (!old_object || !new_object ||
968 old_object->type != OBJ_COMMIT ||
969 new_object->type != OBJ_COMMIT) {
970 error("bad sha1 objects for %s", name);
971 return "bad ref";
972 }
973 old_commit = (struct commit *)old_object;
974 new_commit = (struct commit *)new_object;
975 if (!in_merge_bases(old_commit, new_commit)) {
976 rp_error("denying non-fast-forward %s"
977 " (you should pull first)", name);
978 return "non-fast-forward";
979 }
980 }
981 if (run_update_hook(cmd)) {
982 rp_error("hook declined to update %s", name);
983 return "hook declined";
984 }
985
986 if (is_null_sha1(new_sha1)) {
987 struct strbuf err = STRBUF_INIT;
988 if (!parse_object(old_sha1)) {
989 old_sha1 = NULL;
990 if (ref_exists(name)) {
991 rp_warning("Allowing deletion of corrupt ref.");
992 } else {
993 rp_warning("Deleting a non-existent ref.");
994 cmd->did_not_exist = 1;
995 }
996 }
997 if (ref_transaction_delete(transaction,
998 namespaced_name,
999 old_sha1,
1000 0, "push", &err)) {
1001 rp_error("%s", err.buf);
1002 strbuf_release(&err);
1003 return "failed to delete";
1004 }
1005 strbuf_release(&err);
1006 return NULL; /* good */
1007 }
1008 else {
1009 struct strbuf err = STRBUF_INIT;
1010 if (shallow_update && si->shallow_ref[cmd->index] &&
1011 update_shallow_ref(cmd, si))
1012 return "shallow error";
1013
1014 if (ref_transaction_update(transaction,
1015 namespaced_name,
1016 new_sha1, old_sha1,
1017 0, "push",
1018 &err)) {
1019 rp_error("%s", err.buf);
1020 strbuf_release(&err);
1021
1022 return "failed to update ref";
1023 }
1024 strbuf_release(&err);
1025
1026 return NULL; /* good */
1027 }
1028}
1029
1030static void run_update_post_hook(struct command *commands)
1031{
1032 struct command *cmd;
1033 int argc;
1034 struct child_process proc = CHILD_PROCESS_INIT;
1035 const char *hook;
1036
1037 hook = find_hook("post-update");
1038 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1039 if (cmd->error_string || cmd->did_not_exist)
1040 continue;
1041 argc++;
1042 }
1043 if (!argc || !hook)
1044 return;
1045
1046 argv_array_push(&proc.args, hook);
1047 for (cmd = commands; cmd; cmd = cmd->next) {
1048 if (cmd->error_string || cmd->did_not_exist)
1049 continue;
1050 argv_array_push(&proc.args, cmd->ref_name);
1051 }
1052
1053 proc.no_stdin = 1;
1054 proc.stdout_to_stderr = 1;
1055 proc.err = use_sideband ? -1 : 0;
1056
1057 if (!start_command(&proc)) {
1058 if (use_sideband)
1059 copy_to_sideband(proc.err, -1, NULL);
1060 finish_command(&proc);
1061 }
1062}
1063
1064static void check_aliased_update(struct command *cmd, struct string_list *list)
1065{
1066 struct strbuf buf = STRBUF_INIT;
1067 const char *dst_name;
1068 struct string_list_item *item;
1069 struct command *dst_cmd;
1070 unsigned char sha1[GIT_SHA1_RAWSZ];
1071 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1072 cmd_newh[GIT_SHA1_HEXSZ + 1],
1073 dst_oldh[GIT_SHA1_HEXSZ + 1],
1074 dst_newh[GIT_SHA1_HEXSZ + 1];
1075 int flag;
1076
1077 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1078 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1079 strbuf_release(&buf);
1080
1081 if (!(flag & REF_ISSYMREF))
1082 return;
1083
1084 dst_name = strip_namespace(dst_name);
1085 if (!dst_name) {
1086 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1087 cmd->skip_update = 1;
1088 cmd->error_string = "broken symref";
1089 return;
1090 }
1091
1092 if ((item = string_list_lookup(list, dst_name)) == NULL)
1093 return;
1094
1095 cmd->skip_update = 1;
1096
1097 dst_cmd = (struct command *) item->util;
1098
1099 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1100 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1101 return;
1102
1103 dst_cmd->skip_update = 1;
1104
1105 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1106 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1107 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1108 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1109 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1110 " its target '%s' (%s..%s)",
1111 cmd->ref_name, cmd_oldh, cmd_newh,
1112 dst_cmd->ref_name, dst_oldh, dst_newh);
1113
1114 cmd->error_string = dst_cmd->error_string =
1115 "inconsistent aliased update";
1116}
1117
1118static void check_aliased_updates(struct command *commands)
1119{
1120 struct command *cmd;
1121 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1122
1123 for (cmd = commands; cmd; cmd = cmd->next) {
1124 struct string_list_item *item =
1125 string_list_append(&ref_list, cmd->ref_name);
1126 item->util = (void *)cmd;
1127 }
1128 string_list_sort(&ref_list);
1129
1130 for (cmd = commands; cmd; cmd = cmd->next) {
1131 if (!cmd->error_string)
1132 check_aliased_update(cmd, &ref_list);
1133 }
1134
1135 string_list_clear(&ref_list, 0);
1136}
1137
1138static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1139{
1140 struct command **cmd_list = cb_data;
1141 struct command *cmd = *cmd_list;
1142
1143 if (!cmd || is_null_sha1(cmd->new_sha1))
1144 return -1; /* end of list */
1145 *cmd_list = NULL; /* this returns only one */
1146 hashcpy(sha1, cmd->new_sha1);
1147 return 0;
1148}
1149
1150static void set_connectivity_errors(struct command *commands,
1151 struct shallow_info *si)
1152{
1153 struct command *cmd;
1154
1155 for (cmd = commands; cmd; cmd = cmd->next) {
1156 struct command *singleton = cmd;
1157 if (shallow_update && si->shallow_ref[cmd->index])
1158 /* to be checked in update_shallow_ref() */
1159 continue;
1160 if (!check_everything_connected(command_singleton_iterator,
1161 0, &singleton))
1162 continue;
1163 cmd->error_string = "missing necessary objects";
1164 }
1165}
1166
1167struct iterate_data {
1168 struct command *cmds;
1169 struct shallow_info *si;
1170};
1171
1172static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1173{
1174 struct iterate_data *data = cb_data;
1175 struct command **cmd_list = &data->cmds;
1176 struct command *cmd = *cmd_list;
1177
1178 for (; cmd; cmd = cmd->next) {
1179 if (shallow_update && data->si->shallow_ref[cmd->index])
1180 /* to be checked in update_shallow_ref() */
1181 continue;
1182 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1183 hashcpy(sha1, cmd->new_sha1);
1184 *cmd_list = cmd->next;
1185 return 0;
1186 }
1187 }
1188 *cmd_list = NULL;
1189 return -1; /* end of list */
1190}
1191
1192static void reject_updates_to_hidden(struct command *commands)
1193{
1194 struct strbuf refname_full = STRBUF_INIT;
1195 size_t prefix_len;
1196 struct command *cmd;
1197
1198 strbuf_addstr(&refname_full, get_git_namespace());
1199 prefix_len = refname_full.len;
1200
1201 for (cmd = commands; cmd; cmd = cmd->next) {
1202 if (cmd->error_string)
1203 continue;
1204
1205 strbuf_setlen(&refname_full, prefix_len);
1206 strbuf_addstr(&refname_full, cmd->ref_name);
1207
1208 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1209 continue;
1210 if (is_null_sha1(cmd->new_sha1))
1211 cmd->error_string = "deny deleting a hidden ref";
1212 else
1213 cmd->error_string = "deny updating a hidden ref";
1214 }
1215
1216 strbuf_release(&refname_full);
1217}
1218
1219static int should_process_cmd(struct command *cmd)
1220{
1221 return !cmd->error_string && !cmd->skip_update;
1222}
1223
1224static void warn_if_skipped_connectivity_check(struct command *commands,
1225 struct shallow_info *si)
1226{
1227 struct command *cmd;
1228 int checked_connectivity = 1;
1229
1230 for (cmd = commands; cmd; cmd = cmd->next) {
1231 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1232 error("BUG: connectivity check has not been run on ref %s",
1233 cmd->ref_name);
1234 checked_connectivity = 0;
1235 }
1236 }
1237 if (!checked_connectivity)
1238 die("BUG: connectivity check skipped???");
1239}
1240
1241static void execute_commands_non_atomic(struct command *commands,
1242 struct shallow_info *si)
1243{
1244 struct command *cmd;
1245 struct strbuf err = STRBUF_INIT;
1246
1247 for (cmd = commands; cmd; cmd = cmd->next) {
1248 if (!should_process_cmd(cmd))
1249 continue;
1250
1251 transaction = ref_transaction_begin(&err);
1252 if (!transaction) {
1253 rp_error("%s", err.buf);
1254 strbuf_reset(&err);
1255 cmd->error_string = "transaction failed to start";
1256 continue;
1257 }
1258
1259 cmd->error_string = update(cmd, si);
1260
1261 if (!cmd->error_string
1262 && ref_transaction_commit(transaction, &err)) {
1263 rp_error("%s", err.buf);
1264 strbuf_reset(&err);
1265 cmd->error_string = "failed to update ref";
1266 }
1267 ref_transaction_free(transaction);
1268 }
1269 strbuf_release(&err);
1270}
1271
1272static void execute_commands_atomic(struct command *commands,
1273 struct shallow_info *si)
1274{
1275 struct command *cmd;
1276 struct strbuf err = STRBUF_INIT;
1277 const char *reported_error = "atomic push failure";
1278
1279 transaction = ref_transaction_begin(&err);
1280 if (!transaction) {
1281 rp_error("%s", err.buf);
1282 strbuf_reset(&err);
1283 reported_error = "transaction failed to start";
1284 goto failure;
1285 }
1286
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1288 if (!should_process_cmd(cmd))
1289 continue;
1290
1291 cmd->error_string = update(cmd, si);
1292
1293 if (cmd->error_string)
1294 goto failure;
1295 }
1296
1297 if (ref_transaction_commit(transaction, &err)) {
1298 rp_error("%s", err.buf);
1299 reported_error = "atomic transaction failed";
1300 goto failure;
1301 }
1302 goto cleanup;
1303
1304failure:
1305 for (cmd = commands; cmd; cmd = cmd->next)
1306 if (!cmd->error_string)
1307 cmd->error_string = reported_error;
1308
1309cleanup:
1310 ref_transaction_free(transaction);
1311 strbuf_release(&err);
1312}
1313
1314static void execute_commands(struct command *commands,
1315 const char *unpacker_error,
1316 struct shallow_info *si)
1317{
1318 struct command *cmd;
1319 unsigned char sha1[20];
1320 struct iterate_data data;
1321
1322 if (unpacker_error) {
1323 for (cmd = commands; cmd; cmd = cmd->next)
1324 cmd->error_string = "unpacker error";
1325 return;
1326 }
1327
1328 data.cmds = commands;
1329 data.si = si;
1330 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1331 set_connectivity_errors(commands, si);
1332
1333 reject_updates_to_hidden(commands);
1334
1335 if (run_receive_hook(commands, "pre-receive", 0)) {
1336 for (cmd = commands; cmd; cmd = cmd->next) {
1337 if (!cmd->error_string)
1338 cmd->error_string = "pre-receive hook declined";
1339 }
1340 return;
1341 }
1342
1343 check_aliased_updates(commands);
1344
1345 free(head_name_to_free);
1346 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1347
1348 if (use_atomic)
1349 execute_commands_atomic(commands, si);
1350 else
1351 execute_commands_non_atomic(commands, si);
1352
1353 if (shallow_update)
1354 warn_if_skipped_connectivity_check(commands, si);
1355}
1356
1357static struct command **queue_command(struct command **tail,
1358 const char *line,
1359 int linelen)
1360{
1361 unsigned char old_sha1[20], new_sha1[20];
1362 struct command *cmd;
1363 const char *refname;
1364 int reflen;
1365
1366 if (linelen < 83 ||
1367 line[40] != ' ' ||
1368 line[81] != ' ' ||
1369 get_sha1_hex(line, old_sha1) ||
1370 get_sha1_hex(line + 41, new_sha1))
1371 die("protocol error: expected old/new/ref, got '%s'", line);
1372
1373 refname = line + 82;
1374 reflen = linelen - 82;
1375 cmd = xcalloc(1, st_add3(sizeof(struct command), reflen, 1));
1376 hashcpy(cmd->old_sha1, old_sha1);
1377 hashcpy(cmd->new_sha1, new_sha1);
1378 memcpy(cmd->ref_name, refname, reflen);
1379 cmd->ref_name[reflen] = '\0';
1380 *tail = cmd;
1381 return &cmd->next;
1382}
1383
1384static void queue_commands_from_cert(struct command **tail,
1385 struct strbuf *push_cert)
1386{
1387 const char *boc, *eoc;
1388
1389 if (*tail)
1390 die("protocol error: got both push certificate and unsigned commands");
1391
1392 boc = strstr(push_cert->buf, "\n\n");
1393 if (!boc)
1394 die("malformed push certificate %.*s", 100, push_cert->buf);
1395 else
1396 boc += 2;
1397 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1398
1399 while (boc < eoc) {
1400 const char *eol = memchr(boc, '\n', eoc - boc);
1401 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1402 boc = eol ? eol + 1 : eoc;
1403 }
1404}
1405
1406static struct command *read_head_info(struct sha1_array *shallow)
1407{
1408 struct command *commands = NULL;
1409 struct command **p = &commands;
1410 for (;;) {
1411 char *line;
1412 int len, linelen;
1413
1414 line = packet_read_line(0, &len);
1415 if (!line)
1416 break;
1417
1418 if (len == 48 && starts_with(line, "shallow ")) {
1419 unsigned char sha1[20];
1420 if (get_sha1_hex(line + 8, sha1))
1421 die("protocol error: expected shallow sha, got '%s'",
1422 line + 8);
1423 sha1_array_append(shallow, sha1);
1424 continue;
1425 }
1426
1427 linelen = strlen(line);
1428 if (linelen < len) {
1429 const char *feature_list = line + linelen + 1;
1430 if (parse_feature_request(feature_list, "report-status"))
1431 report_status = 1;
1432 if (parse_feature_request(feature_list, "side-band-64k"))
1433 use_sideband = LARGE_PACKET_MAX;
1434 if (parse_feature_request(feature_list, "quiet"))
1435 quiet = 1;
1436 if (advertise_atomic_push
1437 && parse_feature_request(feature_list, "atomic"))
1438 use_atomic = 1;
1439 }
1440
1441 if (!strcmp(line, "push-cert")) {
1442 int true_flush = 0;
1443 char certbuf[1024];
1444
1445 for (;;) {
1446 len = packet_read(0, NULL, NULL,
1447 certbuf, sizeof(certbuf), 0);
1448 if (!len) {
1449 true_flush = 1;
1450 break;
1451 }
1452 if (!strcmp(certbuf, "push-cert-end\n"))
1453 break; /* end of cert */
1454 strbuf_addstr(&push_cert, certbuf);
1455 }
1456
1457 if (true_flush)
1458 break;
1459 continue;
1460 }
1461
1462 p = queue_command(p, line, linelen);
1463 }
1464
1465 if (push_cert.len)
1466 queue_commands_from_cert(p, &push_cert);
1467
1468 return commands;
1469}
1470
1471static const char *parse_pack_header(struct pack_header *hdr)
1472{
1473 switch (read_pack_header(0, hdr)) {
1474 case PH_ERROR_EOF:
1475 return "eof before pack header was fully read";
1476
1477 case PH_ERROR_PACK_SIGNATURE:
1478 return "protocol error (pack signature mismatch detected)";
1479
1480 case PH_ERROR_PROTOCOL:
1481 return "protocol error (pack version unsupported)";
1482
1483 default:
1484 return "unknown error in parse_pack_header";
1485
1486 case 0:
1487 return NULL;
1488 }
1489}
1490
1491static const char *pack_lockfile;
1492
1493static const char *unpack(int err_fd, struct shallow_info *si)
1494{
1495 struct pack_header hdr;
1496 const char *hdr_err;
1497 int status;
1498 char hdr_arg[38];
1499 struct child_process child = CHILD_PROCESS_INIT;
1500 int fsck_objects = (receive_fsck_objects >= 0
1501 ? receive_fsck_objects
1502 : transfer_fsck_objects >= 0
1503 ? transfer_fsck_objects
1504 : 0);
1505
1506 hdr_err = parse_pack_header(&hdr);
1507 if (hdr_err) {
1508 if (err_fd > 0)
1509 close(err_fd);
1510 return hdr_err;
1511 }
1512 snprintf(hdr_arg, sizeof(hdr_arg),
1513 "--pack_header=%"PRIu32",%"PRIu32,
1514 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1515
1516 if (si->nr_ours || si->nr_theirs) {
1517 alt_shallow_file = setup_temporary_shallow(si->shallow);
1518 argv_array_push(&child.args, "--shallow-file");
1519 argv_array_push(&child.args, alt_shallow_file);
1520 }
1521
1522 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1523 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1524 if (quiet)
1525 argv_array_push(&child.args, "-q");
1526 if (fsck_objects)
1527 argv_array_pushf(&child.args, "--strict%s",
1528 fsck_msg_types.buf);
1529 child.no_stdout = 1;
1530 child.err = err_fd;
1531 child.git_cmd = 1;
1532 status = run_command(&child);
1533 if (status)
1534 return "unpack-objects abnormal exit";
1535 } else {
1536 char hostname[256];
1537
1538 argv_array_pushl(&child.args, "index-pack",
1539 "--stdin", hdr_arg, NULL);
1540
1541 if (gethostname(hostname, sizeof(hostname)))
1542 xsnprintf(hostname, sizeof(hostname), "localhost");
1543 argv_array_pushf(&child.args,
1544 "--keep=receive-pack %"PRIuMAX" on %s",
1545 (uintmax_t)getpid(),
1546 hostname);
1547
1548 if (fsck_objects)
1549 argv_array_pushf(&child.args, "--strict%s",
1550 fsck_msg_types.buf);
1551 if (fix_thin)
1552 argv_array_push(&child.args, "--fix-thin");
1553 child.out = -1;
1554 child.err = err_fd;
1555 child.git_cmd = 1;
1556 status = start_command(&child);
1557 if (status)
1558 return "index-pack fork failed";
1559 pack_lockfile = index_pack_lockfile(child.out);
1560 close(child.out);
1561 status = finish_command(&child);
1562 if (status)
1563 return "index-pack abnormal exit";
1564 reprepare_packed_git();
1565 }
1566 return NULL;
1567}
1568
1569static const char *unpack_with_sideband(struct shallow_info *si)
1570{
1571 struct async muxer;
1572 const char *ret;
1573
1574 if (!use_sideband)
1575 return unpack(0, si);
1576
1577 memset(&muxer, 0, sizeof(muxer));
1578 muxer.proc = copy_to_sideband;
1579 muxer.in = -1;
1580 if (start_async(&muxer))
1581 return NULL;
1582
1583 ret = unpack(muxer.in, si);
1584
1585 finish_async(&muxer);
1586 return ret;
1587}
1588
1589static void prepare_shallow_update(struct command *commands,
1590 struct shallow_info *si)
1591{
1592 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1593
1594 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1595 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1596
1597 si->need_reachability_test =
1598 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1599 si->reachable =
1600 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1601 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1602
1603 for (i = 0; i < si->nr_ours; i++)
1604 si->need_reachability_test[si->ours[i]] = 1;
1605
1606 for (i = 0; i < si->shallow->nr; i++) {
1607 if (!si->used_shallow[i])
1608 continue;
1609 for (j = 0; j < bitmap_size; j++) {
1610 if (!si->used_shallow[i][j])
1611 continue;
1612 si->need_reachability_test[i]++;
1613 for (k = 0; k < 32; k++)
1614 if (si->used_shallow[i][j] & (1U << k))
1615 si->shallow_ref[j * 32 + k]++;
1616 }
1617
1618 /*
1619 * true for those associated with some refs and belong
1620 * in "ours" list aka "step 7 not done yet"
1621 */
1622 si->need_reachability_test[i] =
1623 si->need_reachability_test[i] > 1;
1624 }
1625
1626 /*
1627 * keep hooks happy by forcing a temporary shallow file via
1628 * env variable because we can't add --shallow-file to every
1629 * command. check_everything_connected() will be done with
1630 * true .git/shallow though.
1631 */
1632 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1633}
1634
1635static void update_shallow_info(struct command *commands,
1636 struct shallow_info *si,
1637 struct sha1_array *ref)
1638{
1639 struct command *cmd;
1640 int *ref_status;
1641 remove_nonexistent_theirs_shallow(si);
1642 if (!si->nr_ours && !si->nr_theirs) {
1643 shallow_update = 0;
1644 return;
1645 }
1646
1647 for (cmd = commands; cmd; cmd = cmd->next) {
1648 if (is_null_sha1(cmd->new_sha1))
1649 continue;
1650 sha1_array_append(ref, cmd->new_sha1);
1651 cmd->index = ref->nr - 1;
1652 }
1653 si->ref = ref;
1654
1655 if (shallow_update) {
1656 prepare_shallow_update(commands, si);
1657 return;
1658 }
1659
1660 ALLOC_ARRAY(ref_status, ref->nr);
1661 assign_shallow_commits_to_refs(si, NULL, ref_status);
1662 for (cmd = commands; cmd; cmd = cmd->next) {
1663 if (is_null_sha1(cmd->new_sha1))
1664 continue;
1665 if (ref_status[cmd->index]) {
1666 cmd->error_string = "shallow update not allowed";
1667 cmd->skip_update = 1;
1668 }
1669 }
1670 free(ref_status);
1671}
1672
1673static void report(struct command *commands, const char *unpack_status)
1674{
1675 struct command *cmd;
1676 struct strbuf buf = STRBUF_INIT;
1677
1678 packet_buf_write(&buf, "unpack %s\n",
1679 unpack_status ? unpack_status : "ok");
1680 for (cmd = commands; cmd; cmd = cmd->next) {
1681 if (!cmd->error_string)
1682 packet_buf_write(&buf, "ok %s\n",
1683 cmd->ref_name);
1684 else
1685 packet_buf_write(&buf, "ng %s %s\n",
1686 cmd->ref_name, cmd->error_string);
1687 }
1688 packet_buf_flush(&buf);
1689
1690 if (use_sideband)
1691 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1692 else
1693 write_or_die(1, buf.buf, buf.len);
1694 strbuf_release(&buf);
1695}
1696
1697static int delete_only(struct command *commands)
1698{
1699 struct command *cmd;
1700 for (cmd = commands; cmd; cmd = cmd->next) {
1701 if (!is_null_sha1(cmd->new_sha1))
1702 return 0;
1703 }
1704 return 1;
1705}
1706
1707int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1708{
1709 int advertise_refs = 0;
1710 int i;
1711 struct command *commands;
1712 struct sha1_array shallow = SHA1_ARRAY_INIT;
1713 struct sha1_array ref = SHA1_ARRAY_INIT;
1714 struct shallow_info si;
1715
1716 packet_trace_identity("receive-pack");
1717
1718 argv++;
1719 for (i = 1; i < argc; i++) {
1720 const char *arg = *argv++;
1721
1722 if (*arg == '-') {
1723 if (!strcmp(arg, "--quiet")) {
1724 quiet = 1;
1725 continue;
1726 }
1727
1728 if (!strcmp(arg, "--advertise-refs")) {
1729 advertise_refs = 1;
1730 continue;
1731 }
1732 if (!strcmp(arg, "--stateless-rpc")) {
1733 stateless_rpc = 1;
1734 continue;
1735 }
1736 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1737 fix_thin = 0;
1738 continue;
1739 }
1740
1741 usage(receive_pack_usage);
1742 }
1743 if (service_dir)
1744 usage(receive_pack_usage);
1745 service_dir = arg;
1746 }
1747 if (!service_dir)
1748 usage(receive_pack_usage);
1749
1750 setup_path();
1751
1752 if (!enter_repo(service_dir, 0))
1753 die("'%s' does not appear to be a git repository", service_dir);
1754
1755 git_config(receive_pack_config, NULL);
1756 if (cert_nonce_seed)
1757 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1758
1759 if (0 <= transfer_unpack_limit)
1760 unpack_limit = transfer_unpack_limit;
1761 else if (0 <= receive_unpack_limit)
1762 unpack_limit = receive_unpack_limit;
1763
1764 if (advertise_refs || !stateless_rpc) {
1765 write_head_info();
1766 }
1767 if (advertise_refs)
1768 return 0;
1769
1770 if ((commands = read_head_info(&shallow)) != NULL) {
1771 const char *unpack_status = NULL;
1772
1773 prepare_shallow_info(&si, &shallow);
1774 if (!si.nr_ours && !si.nr_theirs)
1775 shallow_update = 0;
1776 if (!delete_only(commands)) {
1777 unpack_status = unpack_with_sideband(&si);
1778 update_shallow_info(commands, &si, &ref);
1779 }
1780 execute_commands(commands, unpack_status, &si);
1781 if (pack_lockfile)
1782 unlink_or_warn(pack_lockfile);
1783 if (report_status)
1784 report(commands, unpack_status);
1785 run_receive_hook(commands, "post-receive", 1);
1786 run_update_post_hook(commands);
1787 if (auto_gc) {
1788 const char *argv_gc_auto[] = {
1789 "gc", "--auto", "--quiet", NULL,
1790 };
1791 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1792 close_all_packs();
1793 run_command_v_opt(argv_gc_auto, opt);
1794 }
1795 if (auto_update_server_info)
1796 update_server_info(0);
1797 clear_shallow_info(&si);
1798 }
1799 if (use_sideband)
1800 packet_flush(1);
1801 sha1_array_clear(&shallow);
1802 sha1_array_clear(&ref);
1803 free((void *)push_cert_nonce);
1804 return 0;
1805}