builtin / receive-pack.con commit Merge branch 'mh/reflog-expire' into mh/ref-trans-value-check (61c9475)
   1#include "builtin.h"
   2#include "lockfile.h"
   3#include "pack.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "exec_cmd.h"
   9#include "commit.h"
  10#include "object.h"
  11#include "remote.h"
  12#include "connect.h"
  13#include "transport.h"
  14#include "string-list.h"
  15#include "sha1-array.h"
  16#include "connected.h"
  17#include "argv-array.h"
  18#include "version.h"
  19#include "tag.h"
  20#include "gpg-interface.h"
  21#include "sigchain.h"
  22
  23static const char receive_pack_usage[] = "git receive-pack <git-dir>";
  24
  25enum deny_action {
  26        DENY_UNCONFIGURED,
  27        DENY_IGNORE,
  28        DENY_WARN,
  29        DENY_REFUSE,
  30        DENY_UPDATE_INSTEAD
  31};
  32
  33static int deny_deletes;
  34static int deny_non_fast_forwards;
  35static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  36static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  37static int receive_fsck_objects = -1;
  38static int transfer_fsck_objects = -1;
  39static int receive_unpack_limit = -1;
  40static int transfer_unpack_limit = -1;
  41static int unpack_limit = 100;
  42static int report_status;
  43static int use_sideband;
  44static int quiet;
  45static int prefer_ofs_delta = 1;
  46static int auto_update_server_info;
  47static int auto_gc = 1;
  48static int fix_thin = 1;
  49static int stateless_rpc;
  50static const char *service_dir;
  51static const char *head_name;
  52static void *head_name_to_free;
  53static int sent_capabilities;
  54static int shallow_update;
  55static const char *alt_shallow_file;
  56static struct strbuf push_cert = STRBUF_INIT;
  57static unsigned char push_cert_sha1[20];
  58static struct signature_check sigcheck;
  59static const char *push_cert_nonce;
  60static const char *cert_nonce_seed;
  61
  62static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  63static const char *NONCE_BAD = "BAD";
  64static const char *NONCE_MISSING = "MISSING";
  65static const char *NONCE_OK = "OK";
  66static const char *NONCE_SLOP = "SLOP";
  67static const char *nonce_status;
  68static long nonce_stamp_slop;
  69static unsigned long nonce_stamp_slop_limit;
  70
  71static enum deny_action parse_deny_action(const char *var, const char *value)
  72{
  73        if (value) {
  74                if (!strcasecmp(value, "ignore"))
  75                        return DENY_IGNORE;
  76                if (!strcasecmp(value, "warn"))
  77                        return DENY_WARN;
  78                if (!strcasecmp(value, "refuse"))
  79                        return DENY_REFUSE;
  80                if (!strcasecmp(value, "updateinstead"))
  81                        return DENY_UPDATE_INSTEAD;
  82        }
  83        if (git_config_bool(var, value))
  84                return DENY_REFUSE;
  85        return DENY_IGNORE;
  86}
  87
  88static int receive_pack_config(const char *var, const char *value, void *cb)
  89{
  90        int status = parse_hide_refs_config(var, value, "receive");
  91
  92        if (status)
  93                return status;
  94
  95        if (strcmp(var, "receive.denydeletes") == 0) {
  96                deny_deletes = git_config_bool(var, value);
  97                return 0;
  98        }
  99
 100        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 101                deny_non_fast_forwards = git_config_bool(var, value);
 102                return 0;
 103        }
 104
 105        if (strcmp(var, "receive.unpacklimit") == 0) {
 106                receive_unpack_limit = git_config_int(var, value);
 107                return 0;
 108        }
 109
 110        if (strcmp(var, "transfer.unpacklimit") == 0) {
 111                transfer_unpack_limit = git_config_int(var, value);
 112                return 0;
 113        }
 114
 115        if (strcmp(var, "receive.fsckobjects") == 0) {
 116                receive_fsck_objects = git_config_bool(var, value);
 117                return 0;
 118        }
 119
 120        if (strcmp(var, "transfer.fsckobjects") == 0) {
 121                transfer_fsck_objects = git_config_bool(var, value);
 122                return 0;
 123        }
 124
 125        if (!strcmp(var, "receive.denycurrentbranch")) {
 126                deny_current_branch = parse_deny_action(var, value);
 127                return 0;
 128        }
 129
 130        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 131                deny_delete_current = parse_deny_action(var, value);
 132                return 0;
 133        }
 134
 135        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 136                prefer_ofs_delta = git_config_bool(var, value);
 137                return 0;
 138        }
 139
 140        if (strcmp(var, "receive.updateserverinfo") == 0) {
 141                auto_update_server_info = git_config_bool(var, value);
 142                return 0;
 143        }
 144
 145        if (strcmp(var, "receive.autogc") == 0) {
 146                auto_gc = git_config_bool(var, value);
 147                return 0;
 148        }
 149
 150        if (strcmp(var, "receive.shallowupdate") == 0) {
 151                shallow_update = git_config_bool(var, value);
 152                return 0;
 153        }
 154
 155        if (strcmp(var, "receive.certnonceseed") == 0)
 156                return git_config_string(&cert_nonce_seed, var, value);
 157
 158        if (strcmp(var, "receive.certnonceslop") == 0) {
 159                nonce_stamp_slop_limit = git_config_ulong(var, value);
 160                return 0;
 161        }
 162
 163        return git_default_config(var, value, cb);
 164}
 165
 166static void show_ref(const char *path, const unsigned char *sha1)
 167{
 168        if (ref_is_hidden(path))
 169                return;
 170
 171        if (sent_capabilities) {
 172                packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
 173        } else {
 174                struct strbuf cap = STRBUF_INIT;
 175
 176                strbuf_addstr(&cap,
 177                              "report-status delete-refs side-band-64k quiet");
 178                if (prefer_ofs_delta)
 179                        strbuf_addstr(&cap, " ofs-delta");
 180                if (push_cert_nonce)
 181                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 182                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 183                packet_write(1, "%s %s%c%s\n",
 184                             sha1_to_hex(sha1), path, 0, cap.buf);
 185                strbuf_release(&cap);
 186                sent_capabilities = 1;
 187        }
 188}
 189
 190static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
 191{
 192        path = strip_namespace(path);
 193        /*
 194         * Advertise refs outside our current namespace as ".have"
 195         * refs, so that the client can use them to minimize data
 196         * transfer but will otherwise ignore them. This happens to
 197         * cover ".have" that are thrown in by add_one_alternate_ref()
 198         * to mark histories that are complete in our alternates as
 199         * well.
 200         */
 201        if (!path)
 202                path = ".have";
 203        show_ref(path, sha1);
 204        return 0;
 205}
 206
 207static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
 208{
 209        show_ref(".have", sha1);
 210}
 211
 212static void collect_one_alternate_ref(const struct ref *ref, void *data)
 213{
 214        struct sha1_array *sa = data;
 215        sha1_array_append(sa, ref->old_sha1);
 216}
 217
 218static void write_head_info(void)
 219{
 220        struct sha1_array sa = SHA1_ARRAY_INIT;
 221        for_each_alternate_ref(collect_one_alternate_ref, &sa);
 222        sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
 223        sha1_array_clear(&sa);
 224        for_each_ref(show_ref_cb, NULL);
 225        if (!sent_capabilities)
 226                show_ref("capabilities^{}", null_sha1);
 227
 228        advertise_shallow_grafts(1);
 229
 230        /* EOF */
 231        packet_flush(1);
 232}
 233
 234struct command {
 235        struct command *next;
 236        const char *error_string;
 237        unsigned int skip_update:1,
 238                     did_not_exist:1;
 239        int index;
 240        unsigned char old_sha1[20];
 241        unsigned char new_sha1[20];
 242        char ref_name[FLEX_ARRAY]; /* more */
 243};
 244
 245static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 246static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 247
 248static void report_message(const char *prefix, const char *err, va_list params)
 249{
 250        int sz = strlen(prefix);
 251        char msg[4096];
 252
 253        strncpy(msg, prefix, sz);
 254        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 255        if (sz > (sizeof(msg) - 1))
 256                sz = sizeof(msg) - 1;
 257        msg[sz++] = '\n';
 258
 259        if (use_sideband)
 260                send_sideband(1, 2, msg, sz, use_sideband);
 261        else
 262                xwrite(2, msg, sz);
 263}
 264
 265static void rp_warning(const char *err, ...)
 266{
 267        va_list params;
 268        va_start(params, err);
 269        report_message("warning: ", err, params);
 270        va_end(params);
 271}
 272
 273static void rp_error(const char *err, ...)
 274{
 275        va_list params;
 276        va_start(params, err);
 277        report_message("error: ", err, params);
 278        va_end(params);
 279}
 280
 281static int copy_to_sideband(int in, int out, void *arg)
 282{
 283        char data[128];
 284        while (1) {
 285                ssize_t sz = xread(in, data, sizeof(data));
 286                if (sz <= 0)
 287                        break;
 288                send_sideband(1, 2, data, sz, use_sideband);
 289        }
 290        close(in);
 291        return 0;
 292}
 293
 294#define HMAC_BLOCK_SIZE 64
 295
 296static void hmac_sha1(unsigned char *out,
 297                      const char *key_in, size_t key_len,
 298                      const char *text, size_t text_len)
 299{
 300        unsigned char key[HMAC_BLOCK_SIZE];
 301        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 302        unsigned char k_opad[HMAC_BLOCK_SIZE];
 303        int i;
 304        git_SHA_CTX ctx;
 305
 306        /* RFC 2104 2. (1) */
 307        memset(key, '\0', HMAC_BLOCK_SIZE);
 308        if (HMAC_BLOCK_SIZE < key_len) {
 309                git_SHA1_Init(&ctx);
 310                git_SHA1_Update(&ctx, key_in, key_len);
 311                git_SHA1_Final(key, &ctx);
 312        } else {
 313                memcpy(key, key_in, key_len);
 314        }
 315
 316        /* RFC 2104 2. (2) & (5) */
 317        for (i = 0; i < sizeof(key); i++) {
 318                k_ipad[i] = key[i] ^ 0x36;
 319                k_opad[i] = key[i] ^ 0x5c;
 320        }
 321
 322        /* RFC 2104 2. (3) & (4) */
 323        git_SHA1_Init(&ctx);
 324        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 325        git_SHA1_Update(&ctx, text, text_len);
 326        git_SHA1_Final(out, &ctx);
 327
 328        /* RFC 2104 2. (6) & (7) */
 329        git_SHA1_Init(&ctx);
 330        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 331        git_SHA1_Update(&ctx, out, 20);
 332        git_SHA1_Final(out, &ctx);
 333}
 334
 335static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
 336{
 337        struct strbuf buf = STRBUF_INIT;
 338        unsigned char sha1[20];
 339
 340        strbuf_addf(&buf, "%s:%lu", path, stamp);
 341        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 342        strbuf_release(&buf);
 343
 344        /* RFC 2104 5. HMAC-SHA1-80 */
 345        strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
 346        return strbuf_detach(&buf, NULL);
 347}
 348
 349/*
 350 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 351 * after dropping "_commit" from its name and possibly moving it out
 352 * of commit.c
 353 */
 354static char *find_header(const char *msg, size_t len, const char *key)
 355{
 356        int key_len = strlen(key);
 357        const char *line = msg;
 358
 359        while (line && line < msg + len) {
 360                const char *eol = strchrnul(line, '\n');
 361
 362                if ((msg + len <= eol) || line == eol)
 363                        return NULL;
 364                if (line + key_len < eol &&
 365                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 366                        int offset = key_len + 1;
 367                        return xmemdupz(line + offset, (eol - line) - offset);
 368                }
 369                line = *eol ? eol + 1 : NULL;
 370        }
 371        return NULL;
 372}
 373
 374static const char *check_nonce(const char *buf, size_t len)
 375{
 376        char *nonce = find_header(buf, len, "nonce");
 377        unsigned long stamp, ostamp;
 378        char *bohmac, *expect = NULL;
 379        const char *retval = NONCE_BAD;
 380
 381        if (!nonce) {
 382                retval = NONCE_MISSING;
 383                goto leave;
 384        } else if (!push_cert_nonce) {
 385                retval = NONCE_UNSOLICITED;
 386                goto leave;
 387        } else if (!strcmp(push_cert_nonce, nonce)) {
 388                retval = NONCE_OK;
 389                goto leave;
 390        }
 391
 392        if (!stateless_rpc) {
 393                /* returned nonce MUST match what we gave out earlier */
 394                retval = NONCE_BAD;
 395                goto leave;
 396        }
 397
 398        /*
 399         * In stateless mode, we may be receiving a nonce issued by
 400         * another instance of the server that serving the same
 401         * repository, and the timestamps may not match, but the
 402         * nonce-seed and dir should match, so we can recompute and
 403         * report the time slop.
 404         *
 405         * In addition, when a nonce issued by another instance has
 406         * timestamp within receive.certnonceslop seconds, we pretend
 407         * as if we issued that nonce when reporting to the hook.
 408         */
 409
 410        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 411        if (*nonce <= '0' || '9' < *nonce) {
 412                retval = NONCE_BAD;
 413                goto leave;
 414        }
 415        stamp = strtoul(nonce, &bohmac, 10);
 416        if (bohmac == nonce || bohmac[0] != '-') {
 417                retval = NONCE_BAD;
 418                goto leave;
 419        }
 420
 421        expect = prepare_push_cert_nonce(service_dir, stamp);
 422        if (strcmp(expect, nonce)) {
 423                /* Not what we would have signed earlier */
 424                retval = NONCE_BAD;
 425                goto leave;
 426        }
 427
 428        /*
 429         * By how many seconds is this nonce stale?  Negative value
 430         * would mean it was issued by another server with its clock
 431         * skewed in the future.
 432         */
 433        ostamp = strtoul(push_cert_nonce, NULL, 10);
 434        nonce_stamp_slop = (long)ostamp - (long)stamp;
 435
 436        if (nonce_stamp_slop_limit &&
 437            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 438                /*
 439                 * Pretend as if the received nonce (which passes the
 440                 * HMAC check, so it is not a forged by third-party)
 441                 * is what we issued.
 442                 */
 443                free((void *)push_cert_nonce);
 444                push_cert_nonce = xstrdup(nonce);
 445                retval = NONCE_OK;
 446        } else {
 447                retval = NONCE_SLOP;
 448        }
 449
 450leave:
 451        free(nonce);
 452        free(expect);
 453        return retval;
 454}
 455
 456static void prepare_push_cert_sha1(struct child_process *proc)
 457{
 458        static int already_done;
 459
 460        if (!push_cert.len)
 461                return;
 462
 463        if (!already_done) {
 464                struct strbuf gpg_output = STRBUF_INIT;
 465                struct strbuf gpg_status = STRBUF_INIT;
 466                int bogs /* beginning_of_gpg_sig */;
 467
 468                already_done = 1;
 469                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 470                        hashclr(push_cert_sha1);
 471
 472                memset(&sigcheck, '\0', sizeof(sigcheck));
 473                sigcheck.result = 'N';
 474
 475                bogs = parse_signature(push_cert.buf, push_cert.len);
 476                if (verify_signed_buffer(push_cert.buf, bogs,
 477                                         push_cert.buf + bogs, push_cert.len - bogs,
 478                                         &gpg_output, &gpg_status) < 0) {
 479                        ; /* error running gpg */
 480                } else {
 481                        sigcheck.payload = push_cert.buf;
 482                        sigcheck.gpg_output = gpg_output.buf;
 483                        sigcheck.gpg_status = gpg_status.buf;
 484                        parse_gpg_output(&sigcheck);
 485                }
 486
 487                strbuf_release(&gpg_output);
 488                strbuf_release(&gpg_status);
 489                nonce_status = check_nonce(push_cert.buf, bogs);
 490        }
 491        if (!is_null_sha1(push_cert_sha1)) {
 492                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 493                                 sha1_to_hex(push_cert_sha1));
 494                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 495                                 sigcheck.signer ? sigcheck.signer : "");
 496                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 497                                 sigcheck.key ? sigcheck.key : "");
 498                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 499                                 sigcheck.result);
 500                if (push_cert_nonce) {
 501                        argv_array_pushf(&proc->env_array,
 502                                         "GIT_PUSH_CERT_NONCE=%s",
 503                                         push_cert_nonce);
 504                        argv_array_pushf(&proc->env_array,
 505                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 506                                         nonce_status);
 507                        if (nonce_status == NONCE_SLOP)
 508                                argv_array_pushf(&proc->env_array,
 509                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 510                                                 nonce_stamp_slop);
 511                }
 512        }
 513}
 514
 515typedef int (*feed_fn)(void *, const char **, size_t *);
 516static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
 517{
 518        struct child_process proc = CHILD_PROCESS_INIT;
 519        struct async muxer;
 520        const char *argv[2];
 521        int code;
 522
 523        argv[0] = find_hook(hook_name);
 524        if (!argv[0])
 525                return 0;
 526
 527        argv[1] = NULL;
 528
 529        proc.argv = argv;
 530        proc.in = -1;
 531        proc.stdout_to_stderr = 1;
 532
 533        if (use_sideband) {
 534                memset(&muxer, 0, sizeof(muxer));
 535                muxer.proc = copy_to_sideband;
 536                muxer.in = -1;
 537                code = start_async(&muxer);
 538                if (code)
 539                        return code;
 540                proc.err = muxer.in;
 541        }
 542
 543        prepare_push_cert_sha1(&proc);
 544
 545        code = start_command(&proc);
 546        if (code) {
 547                if (use_sideband)
 548                        finish_async(&muxer);
 549                return code;
 550        }
 551
 552        sigchain_push(SIGPIPE, SIG_IGN);
 553
 554        while (1) {
 555                const char *buf;
 556                size_t n;
 557                if (feed(feed_state, &buf, &n))
 558                        break;
 559                if (write_in_full(proc.in, buf, n) != n)
 560                        break;
 561        }
 562        close(proc.in);
 563        if (use_sideband)
 564                finish_async(&muxer);
 565
 566        sigchain_pop(SIGPIPE);
 567
 568        return finish_command(&proc);
 569}
 570
 571struct receive_hook_feed_state {
 572        struct command *cmd;
 573        int skip_broken;
 574        struct strbuf buf;
 575};
 576
 577static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 578{
 579        struct receive_hook_feed_state *state = state_;
 580        struct command *cmd = state->cmd;
 581
 582        while (cmd &&
 583               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 584                cmd = cmd->next;
 585        if (!cmd)
 586                return -1; /* EOF */
 587        strbuf_reset(&state->buf);
 588        strbuf_addf(&state->buf, "%s %s %s\n",
 589                    sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
 590                    cmd->ref_name);
 591        state->cmd = cmd->next;
 592        if (bufp) {
 593                *bufp = state->buf.buf;
 594                *sizep = state->buf.len;
 595        }
 596        return 0;
 597}
 598
 599static int run_receive_hook(struct command *commands, const char *hook_name,
 600                            int skip_broken)
 601{
 602        struct receive_hook_feed_state state;
 603        int status;
 604
 605        strbuf_init(&state.buf, 0);
 606        state.cmd = commands;
 607        state.skip_broken = skip_broken;
 608        if (feed_receive_hook(&state, NULL, NULL))
 609                return 0;
 610        state.cmd = commands;
 611        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 612        strbuf_release(&state.buf);
 613        return status;
 614}
 615
 616static int run_update_hook(struct command *cmd)
 617{
 618        const char *argv[5];
 619        struct child_process proc = CHILD_PROCESS_INIT;
 620        int code;
 621
 622        argv[0] = find_hook("update");
 623        if (!argv[0])
 624                return 0;
 625
 626        argv[1] = cmd->ref_name;
 627        argv[2] = sha1_to_hex(cmd->old_sha1);
 628        argv[3] = sha1_to_hex(cmd->new_sha1);
 629        argv[4] = NULL;
 630
 631        proc.no_stdin = 1;
 632        proc.stdout_to_stderr = 1;
 633        proc.err = use_sideband ? -1 : 0;
 634        proc.argv = argv;
 635
 636        code = start_command(&proc);
 637        if (code)
 638                return code;
 639        if (use_sideband)
 640                copy_to_sideband(proc.err, -1, NULL);
 641        return finish_command(&proc);
 642}
 643
 644static int is_ref_checked_out(const char *ref)
 645{
 646        if (is_bare_repository())
 647                return 0;
 648
 649        if (!head_name)
 650                return 0;
 651        return !strcmp(head_name, ref);
 652}
 653
 654static char *refuse_unconfigured_deny_msg[] = {
 655        "By default, updating the current branch in a non-bare repository",
 656        "is denied, because it will make the index and work tree inconsistent",
 657        "with what you pushed, and will require 'git reset --hard' to match",
 658        "the work tree to HEAD.",
 659        "",
 660        "You can set 'receive.denyCurrentBranch' configuration variable to",
 661        "'ignore' or 'warn' in the remote repository to allow pushing into",
 662        "its current branch; however, this is not recommended unless you",
 663        "arranged to update its work tree to match what you pushed in some",
 664        "other way.",
 665        "",
 666        "To squelch this message and still keep the default behaviour, set",
 667        "'receive.denyCurrentBranch' configuration variable to 'refuse'."
 668};
 669
 670static void refuse_unconfigured_deny(void)
 671{
 672        int i;
 673        for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
 674                rp_error("%s", refuse_unconfigured_deny_msg[i]);
 675}
 676
 677static char *refuse_unconfigured_deny_delete_current_msg[] = {
 678        "By default, deleting the current branch is denied, because the next",
 679        "'git clone' won't result in any file checked out, causing confusion.",
 680        "",
 681        "You can set 'receive.denyDeleteCurrent' configuration variable to",
 682        "'warn' or 'ignore' in the remote repository to allow deleting the",
 683        "current branch, with or without a warning message.",
 684        "",
 685        "To squelch this message, you can set it to 'refuse'."
 686};
 687
 688static void refuse_unconfigured_deny_delete_current(void)
 689{
 690        int i;
 691        for (i = 0;
 692             i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
 693             i++)
 694                rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
 695}
 696
 697static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 698static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 699{
 700        static struct lock_file shallow_lock;
 701        struct sha1_array extra = SHA1_ARRAY_INIT;
 702        const char *alt_file;
 703        uint32_t mask = 1 << (cmd->index % 32);
 704        int i;
 705
 706        trace_printf_key(&trace_shallow,
 707                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 708        for (i = 0; i < si->shallow->nr; i++)
 709                if (si->used_shallow[i] &&
 710                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 711                    !delayed_reachability_test(si, i))
 712                        sha1_array_append(&extra, si->shallow->sha1[i]);
 713
 714        setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
 715        if (check_shallow_connected(command_singleton_iterator,
 716                                    0, cmd, alt_file)) {
 717                rollback_lock_file(&shallow_lock);
 718                sha1_array_clear(&extra);
 719                return -1;
 720        }
 721
 722        commit_lock_file(&shallow_lock);
 723
 724        /*
 725         * Make sure setup_alternate_shallow() for the next ref does
 726         * not lose these new roots..
 727         */
 728        for (i = 0; i < extra.nr; i++)
 729                register_shallow(extra.sha1[i]);
 730
 731        si->shallow_ref[cmd->index] = 0;
 732        sha1_array_clear(&extra);
 733        return 0;
 734}
 735
 736static const char *update_worktree(unsigned char *sha1)
 737{
 738        const char *update_refresh[] = {
 739                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 740        };
 741        const char *diff_files[] = {
 742                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 743        };
 744        const char *diff_index[] = {
 745                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 746                "HEAD", "--", NULL
 747        };
 748        const char *read_tree[] = {
 749                "read-tree", "-u", "-m", NULL, NULL
 750        };
 751        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
 752        struct argv_array env = ARGV_ARRAY_INIT;
 753        struct child_process child = CHILD_PROCESS_INIT;
 754
 755        if (is_bare_repository())
 756                return "denyCurrentBranch = updateInstead needs a worktree";
 757
 758        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
 759
 760        child.argv = update_refresh;
 761        child.env = env.argv;
 762        child.dir = work_tree;
 763        child.no_stdin = 1;
 764        child.stdout_to_stderr = 1;
 765        child.git_cmd = 1;
 766        if (run_command(&child)) {
 767                argv_array_clear(&env);
 768                return "Up-to-date check failed";
 769        }
 770
 771        /* run_command() does not clean up completely; reinitialize */
 772        child_process_init(&child);
 773        child.argv = diff_files;
 774        child.env = env.argv;
 775        child.dir = work_tree;
 776        child.no_stdin = 1;
 777        child.stdout_to_stderr = 1;
 778        child.git_cmd = 1;
 779        if (run_command(&child)) {
 780                argv_array_clear(&env);
 781                return "Working directory has unstaged changes";
 782        }
 783
 784        child_process_init(&child);
 785        child.argv = diff_index;
 786        child.env = env.argv;
 787        child.no_stdin = 1;
 788        child.no_stdout = 1;
 789        child.stdout_to_stderr = 0;
 790        child.git_cmd = 1;
 791        if (run_command(&child)) {
 792                argv_array_clear(&env);
 793                return "Working directory has staged changes";
 794        }
 795
 796        read_tree[3] = sha1_to_hex(sha1);
 797        child_process_init(&child);
 798        child.argv = read_tree;
 799        child.env = env.argv;
 800        child.dir = work_tree;
 801        child.no_stdin = 1;
 802        child.no_stdout = 1;
 803        child.stdout_to_stderr = 0;
 804        child.git_cmd = 1;
 805        if (run_command(&child)) {
 806                argv_array_clear(&env);
 807                return "Could not update working tree to new HEAD";
 808        }
 809
 810        argv_array_clear(&env);
 811        return NULL;
 812}
 813
 814static const char *update(struct command *cmd, struct shallow_info *si)
 815{
 816        const char *name = cmd->ref_name;
 817        struct strbuf namespaced_name_buf = STRBUF_INIT;
 818        const char *namespaced_name, *ret;
 819        unsigned char *old_sha1 = cmd->old_sha1;
 820        unsigned char *new_sha1 = cmd->new_sha1;
 821
 822        /* only refs/... are allowed */
 823        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
 824                rp_error("refusing to create funny ref '%s' remotely", name);
 825                return "funny refname";
 826        }
 827
 828        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
 829        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
 830
 831        if (is_ref_checked_out(namespaced_name)) {
 832                switch (deny_current_branch) {
 833                case DENY_IGNORE:
 834                        break;
 835                case DENY_WARN:
 836                        rp_warning("updating the current branch");
 837                        break;
 838                case DENY_REFUSE:
 839                case DENY_UNCONFIGURED:
 840                        rp_error("refusing to update checked out branch: %s", name);
 841                        if (deny_current_branch == DENY_UNCONFIGURED)
 842                                refuse_unconfigured_deny();
 843                        return "branch is currently checked out";
 844                case DENY_UPDATE_INSTEAD:
 845                        ret = update_worktree(new_sha1);
 846                        if (ret)
 847                                return ret;
 848                        break;
 849                }
 850        }
 851
 852        if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
 853                error("unpack should have generated %s, "
 854                      "but I can't find it!", sha1_to_hex(new_sha1));
 855                return "bad pack";
 856        }
 857
 858        if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
 859                if (deny_deletes && starts_with(name, "refs/heads/")) {
 860                        rp_error("denying ref deletion for %s", name);
 861                        return "deletion prohibited";
 862                }
 863
 864                if (!strcmp(namespaced_name, head_name)) {
 865                        switch (deny_delete_current) {
 866                        case DENY_IGNORE:
 867                                break;
 868                        case DENY_WARN:
 869                                rp_warning("deleting the current branch");
 870                                break;
 871                        case DENY_REFUSE:
 872                        case DENY_UNCONFIGURED:
 873                        case DENY_UPDATE_INSTEAD:
 874                                if (deny_delete_current == DENY_UNCONFIGURED)
 875                                        refuse_unconfigured_deny_delete_current();
 876                                rp_error("refusing to delete the current branch: %s", name);
 877                                return "deletion of the current branch prohibited";
 878                        default:
 879                                return "Invalid denyDeleteCurrent setting";
 880                        }
 881                }
 882        }
 883
 884        if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
 885            !is_null_sha1(old_sha1) &&
 886            starts_with(name, "refs/heads/")) {
 887                struct object *old_object, *new_object;
 888                struct commit *old_commit, *new_commit;
 889
 890                old_object = parse_object(old_sha1);
 891                new_object = parse_object(new_sha1);
 892
 893                if (!old_object || !new_object ||
 894                    old_object->type != OBJ_COMMIT ||
 895                    new_object->type != OBJ_COMMIT) {
 896                        error("bad sha1 objects for %s", name);
 897                        return "bad ref";
 898                }
 899                old_commit = (struct commit *)old_object;
 900                new_commit = (struct commit *)new_object;
 901                if (!in_merge_bases(old_commit, new_commit)) {
 902                        rp_error("denying non-fast-forward %s"
 903                                 " (you should pull first)", name);
 904                        return "non-fast-forward";
 905                }
 906        }
 907        if (run_update_hook(cmd)) {
 908                rp_error("hook declined to update %s", name);
 909                return "hook declined";
 910        }
 911
 912        if (is_null_sha1(new_sha1)) {
 913                if (!parse_object(old_sha1)) {
 914                        old_sha1 = NULL;
 915                        if (ref_exists(name)) {
 916                                rp_warning("Allowing deletion of corrupt ref.");
 917                        } else {
 918                                rp_warning("Deleting a non-existent ref.");
 919                                cmd->did_not_exist = 1;
 920                        }
 921                }
 922                if (delete_ref(namespaced_name, old_sha1, 0)) {
 923                        rp_error("failed to delete %s", name);
 924                        return "failed to delete";
 925                }
 926                return NULL; /* good */
 927        }
 928        else {
 929                struct strbuf err = STRBUF_INIT;
 930                struct ref_transaction *transaction;
 931
 932                if (shallow_update && si->shallow_ref[cmd->index] &&
 933                    update_shallow_ref(cmd, si))
 934                        return "shallow error";
 935
 936                transaction = ref_transaction_begin(&err);
 937                if (!transaction ||
 938                    ref_transaction_update(transaction, namespaced_name,
 939                                           new_sha1, old_sha1, 0, 1, "push",
 940                                           &err) ||
 941                    ref_transaction_commit(transaction, &err)) {
 942                        ref_transaction_free(transaction);
 943
 944                        rp_error("%s", err.buf);
 945                        strbuf_release(&err);
 946                        return "failed to update ref";
 947                }
 948
 949                ref_transaction_free(transaction);
 950                strbuf_release(&err);
 951                return NULL; /* good */
 952        }
 953}
 954
 955static void run_update_post_hook(struct command *commands)
 956{
 957        struct command *cmd;
 958        int argc;
 959        const char **argv;
 960        struct child_process proc = CHILD_PROCESS_INIT;
 961        char *hook;
 962
 963        hook = find_hook("post-update");
 964        for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
 965                if (cmd->error_string || cmd->did_not_exist)
 966                        continue;
 967                argc++;
 968        }
 969        if (!argc || !hook)
 970                return;
 971
 972        argv = xmalloc(sizeof(*argv) * (2 + argc));
 973        argv[0] = hook;
 974
 975        for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
 976                if (cmd->error_string || cmd->did_not_exist)
 977                        continue;
 978                argv[argc] = xstrdup(cmd->ref_name);
 979                argc++;
 980        }
 981        argv[argc] = NULL;
 982
 983        proc.no_stdin = 1;
 984        proc.stdout_to_stderr = 1;
 985        proc.err = use_sideband ? -1 : 0;
 986        proc.argv = argv;
 987
 988        if (!start_command(&proc)) {
 989                if (use_sideband)
 990                        copy_to_sideband(proc.err, -1, NULL);
 991                finish_command(&proc);
 992        }
 993}
 994
 995static void check_aliased_update(struct command *cmd, struct string_list *list)
 996{
 997        struct strbuf buf = STRBUF_INIT;
 998        const char *dst_name;
 999        struct string_list_item *item;
1000        struct command *dst_cmd;
1001        unsigned char sha1[20];
1002        char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1003        int flag;
1004
1005        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1006        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1007        strbuf_release(&buf);
1008
1009        if (!(flag & REF_ISSYMREF))
1010                return;
1011
1012        dst_name = strip_namespace(dst_name);
1013        if (!dst_name) {
1014                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1015                cmd->skip_update = 1;
1016                cmd->error_string = "broken symref";
1017                return;
1018        }
1019
1020        if ((item = string_list_lookup(list, dst_name)) == NULL)
1021                return;
1022
1023        cmd->skip_update = 1;
1024
1025        dst_cmd = (struct command *) item->util;
1026
1027        if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1028            !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1029                return;
1030
1031        dst_cmd->skip_update = 1;
1032
1033        strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1034        strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1035        strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1036        strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1037        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1038                 " its target '%s' (%s..%s)",
1039                 cmd->ref_name, cmd_oldh, cmd_newh,
1040                 dst_cmd->ref_name, dst_oldh, dst_newh);
1041
1042        cmd->error_string = dst_cmd->error_string =
1043                "inconsistent aliased update";
1044}
1045
1046static void check_aliased_updates(struct command *commands)
1047{
1048        struct command *cmd;
1049        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1050
1051        for (cmd = commands; cmd; cmd = cmd->next) {
1052                struct string_list_item *item =
1053                        string_list_append(&ref_list, cmd->ref_name);
1054                item->util = (void *)cmd;
1055        }
1056        string_list_sort(&ref_list);
1057
1058        for (cmd = commands; cmd; cmd = cmd->next) {
1059                if (!cmd->error_string)
1060                        check_aliased_update(cmd, &ref_list);
1061        }
1062
1063        string_list_clear(&ref_list, 0);
1064}
1065
1066static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1067{
1068        struct command **cmd_list = cb_data;
1069        struct command *cmd = *cmd_list;
1070
1071        if (!cmd || is_null_sha1(cmd->new_sha1))
1072                return -1; /* end of list */
1073        *cmd_list = NULL; /* this returns only one */
1074        hashcpy(sha1, cmd->new_sha1);
1075        return 0;
1076}
1077
1078static void set_connectivity_errors(struct command *commands,
1079                                    struct shallow_info *si)
1080{
1081        struct command *cmd;
1082
1083        for (cmd = commands; cmd; cmd = cmd->next) {
1084                struct command *singleton = cmd;
1085                if (shallow_update && si->shallow_ref[cmd->index])
1086                        /* to be checked in update_shallow_ref() */
1087                        continue;
1088                if (!check_everything_connected(command_singleton_iterator,
1089                                                0, &singleton))
1090                        continue;
1091                cmd->error_string = "missing necessary objects";
1092        }
1093}
1094
1095struct iterate_data {
1096        struct command *cmds;
1097        struct shallow_info *si;
1098};
1099
1100static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1101{
1102        struct iterate_data *data = cb_data;
1103        struct command **cmd_list = &data->cmds;
1104        struct command *cmd = *cmd_list;
1105
1106        for (; cmd; cmd = cmd->next) {
1107                if (shallow_update && data->si->shallow_ref[cmd->index])
1108                        /* to be checked in update_shallow_ref() */
1109                        continue;
1110                if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1111                        hashcpy(sha1, cmd->new_sha1);
1112                        *cmd_list = cmd->next;
1113                        return 0;
1114                }
1115        }
1116        *cmd_list = NULL;
1117        return -1; /* end of list */
1118}
1119
1120static void reject_updates_to_hidden(struct command *commands)
1121{
1122        struct command *cmd;
1123
1124        for (cmd = commands; cmd; cmd = cmd->next) {
1125                if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1126                        continue;
1127                if (is_null_sha1(cmd->new_sha1))
1128                        cmd->error_string = "deny deleting a hidden ref";
1129                else
1130                        cmd->error_string = "deny updating a hidden ref";
1131        }
1132}
1133
1134static void execute_commands(struct command *commands,
1135                             const char *unpacker_error,
1136                             struct shallow_info *si)
1137{
1138        int checked_connectivity;
1139        struct command *cmd;
1140        unsigned char sha1[20];
1141        struct iterate_data data;
1142
1143        if (unpacker_error) {
1144                for (cmd = commands; cmd; cmd = cmd->next)
1145                        cmd->error_string = "unpacker error";
1146                return;
1147        }
1148
1149        data.cmds = commands;
1150        data.si = si;
1151        if (check_everything_connected(iterate_receive_command_list, 0, &data))
1152                set_connectivity_errors(commands, si);
1153
1154        reject_updates_to_hidden(commands);
1155
1156        if (run_receive_hook(commands, "pre-receive", 0)) {
1157                for (cmd = commands; cmd; cmd = cmd->next) {
1158                        if (!cmd->error_string)
1159                                cmd->error_string = "pre-receive hook declined";
1160                }
1161                return;
1162        }
1163
1164        check_aliased_updates(commands);
1165
1166        free(head_name_to_free);
1167        head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1168
1169        checked_connectivity = 1;
1170        for (cmd = commands; cmd; cmd = cmd->next) {
1171                if (cmd->error_string)
1172                        continue;
1173
1174                if (cmd->skip_update)
1175                        continue;
1176
1177                cmd->error_string = update(cmd, si);
1178                if (shallow_update && !cmd->error_string &&
1179                    si->shallow_ref[cmd->index]) {
1180                        error("BUG: connectivity check has not been run on ref %s",
1181                              cmd->ref_name);
1182                        checked_connectivity = 0;
1183                }
1184        }
1185
1186        if (shallow_update && !checked_connectivity)
1187                error("BUG: run 'git fsck' for safety.\n"
1188                      "If there are errors, try to remove "
1189                      "the reported refs above");
1190}
1191
1192static struct command **queue_command(struct command **tail,
1193                                      const char *line,
1194                                      int linelen)
1195{
1196        unsigned char old_sha1[20], new_sha1[20];
1197        struct command *cmd;
1198        const char *refname;
1199        int reflen;
1200
1201        if (linelen < 83 ||
1202            line[40] != ' ' ||
1203            line[81] != ' ' ||
1204            get_sha1_hex(line, old_sha1) ||
1205            get_sha1_hex(line + 41, new_sha1))
1206                die("protocol error: expected old/new/ref, got '%s'", line);
1207
1208        refname = line + 82;
1209        reflen = linelen - 82;
1210        cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1211        hashcpy(cmd->old_sha1, old_sha1);
1212        hashcpy(cmd->new_sha1, new_sha1);
1213        memcpy(cmd->ref_name, refname, reflen);
1214        cmd->ref_name[reflen] = '\0';
1215        *tail = cmd;
1216        return &cmd->next;
1217}
1218
1219static void queue_commands_from_cert(struct command **tail,
1220                                     struct strbuf *push_cert)
1221{
1222        const char *boc, *eoc;
1223
1224        if (*tail)
1225                die("protocol error: got both push certificate and unsigned commands");
1226
1227        boc = strstr(push_cert->buf, "\n\n");
1228        if (!boc)
1229                die("malformed push certificate %.*s", 100, push_cert->buf);
1230        else
1231                boc += 2;
1232        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1233
1234        while (boc < eoc) {
1235                const char *eol = memchr(boc, '\n', eoc - boc);
1236                tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1237                boc = eol ? eol + 1 : eoc;
1238        }
1239}
1240
1241static struct command *read_head_info(struct sha1_array *shallow)
1242{
1243        struct command *commands = NULL;
1244        struct command **p = &commands;
1245        for (;;) {
1246                char *line;
1247                int len, linelen;
1248
1249                line = packet_read_line(0, &len);
1250                if (!line)
1251                        break;
1252
1253                if (len == 48 && starts_with(line, "shallow ")) {
1254                        unsigned char sha1[20];
1255                        if (get_sha1_hex(line + 8, sha1))
1256                                die("protocol error: expected shallow sha, got '%s'",
1257                                    line + 8);
1258                        sha1_array_append(shallow, sha1);
1259                        continue;
1260                }
1261
1262                linelen = strlen(line);
1263                if (linelen < len) {
1264                        const char *feature_list = line + linelen + 1;
1265                        if (parse_feature_request(feature_list, "report-status"))
1266                                report_status = 1;
1267                        if (parse_feature_request(feature_list, "side-band-64k"))
1268                                use_sideband = LARGE_PACKET_MAX;
1269                        if (parse_feature_request(feature_list, "quiet"))
1270                                quiet = 1;
1271                }
1272
1273                if (!strcmp(line, "push-cert")) {
1274                        int true_flush = 0;
1275                        char certbuf[1024];
1276
1277                        for (;;) {
1278                                len = packet_read(0, NULL, NULL,
1279                                                  certbuf, sizeof(certbuf), 0);
1280                                if (!len) {
1281                                        true_flush = 1;
1282                                        break;
1283                                }
1284                                if (!strcmp(certbuf, "push-cert-end\n"))
1285                                        break; /* end of cert */
1286                                strbuf_addstr(&push_cert, certbuf);
1287                        }
1288
1289                        if (true_flush)
1290                                break;
1291                        continue;
1292                }
1293
1294                p = queue_command(p, line, linelen);
1295        }
1296
1297        if (push_cert.len)
1298                queue_commands_from_cert(p, &push_cert);
1299
1300        return commands;
1301}
1302
1303static const char *parse_pack_header(struct pack_header *hdr)
1304{
1305        switch (read_pack_header(0, hdr)) {
1306        case PH_ERROR_EOF:
1307                return "eof before pack header was fully read";
1308
1309        case PH_ERROR_PACK_SIGNATURE:
1310                return "protocol error (pack signature mismatch detected)";
1311
1312        case PH_ERROR_PROTOCOL:
1313                return "protocol error (pack version unsupported)";
1314
1315        default:
1316                return "unknown error in parse_pack_header";
1317
1318        case 0:
1319                return NULL;
1320        }
1321}
1322
1323static const char *pack_lockfile;
1324
1325static const char *unpack(int err_fd, struct shallow_info *si)
1326{
1327        struct pack_header hdr;
1328        const char *hdr_err;
1329        int status;
1330        char hdr_arg[38];
1331        struct child_process child = CHILD_PROCESS_INIT;
1332        int fsck_objects = (receive_fsck_objects >= 0
1333                            ? receive_fsck_objects
1334                            : transfer_fsck_objects >= 0
1335                            ? transfer_fsck_objects
1336                            : 0);
1337
1338        hdr_err = parse_pack_header(&hdr);
1339        if (hdr_err) {
1340                if (err_fd > 0)
1341                        close(err_fd);
1342                return hdr_err;
1343        }
1344        snprintf(hdr_arg, sizeof(hdr_arg),
1345                        "--pack_header=%"PRIu32",%"PRIu32,
1346                        ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1347
1348        if (si->nr_ours || si->nr_theirs) {
1349                alt_shallow_file = setup_temporary_shallow(si->shallow);
1350                argv_array_push(&child.args, "--shallow-file");
1351                argv_array_push(&child.args, alt_shallow_file);
1352        }
1353
1354        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1355                argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1356                if (quiet)
1357                        argv_array_push(&child.args, "-q");
1358                if (fsck_objects)
1359                        argv_array_push(&child.args, "--strict");
1360                child.no_stdout = 1;
1361                child.err = err_fd;
1362                child.git_cmd = 1;
1363                status = run_command(&child);
1364                if (status)
1365                        return "unpack-objects abnormal exit";
1366        } else {
1367                int s;
1368                char keep_arg[256];
1369
1370                s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1371                if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1372                        strcpy(keep_arg + s, "localhost");
1373
1374                argv_array_pushl(&child.args, "index-pack",
1375                                 "--stdin", hdr_arg, keep_arg, NULL);
1376                if (fsck_objects)
1377                        argv_array_push(&child.args, "--strict");
1378                if (fix_thin)
1379                        argv_array_push(&child.args, "--fix-thin");
1380                child.out = -1;
1381                child.err = err_fd;
1382                child.git_cmd = 1;
1383                status = start_command(&child);
1384                if (status)
1385                        return "index-pack fork failed";
1386                pack_lockfile = index_pack_lockfile(child.out);
1387                close(child.out);
1388                status = finish_command(&child);
1389                if (status)
1390                        return "index-pack abnormal exit";
1391                reprepare_packed_git();
1392        }
1393        return NULL;
1394}
1395
1396static const char *unpack_with_sideband(struct shallow_info *si)
1397{
1398        struct async muxer;
1399        const char *ret;
1400
1401        if (!use_sideband)
1402                return unpack(0, si);
1403
1404        memset(&muxer, 0, sizeof(muxer));
1405        muxer.proc = copy_to_sideband;
1406        muxer.in = -1;
1407        if (start_async(&muxer))
1408                return NULL;
1409
1410        ret = unpack(muxer.in, si);
1411
1412        finish_async(&muxer);
1413        return ret;
1414}
1415
1416static void prepare_shallow_update(struct command *commands,
1417                                   struct shallow_info *si)
1418{
1419        int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1420
1421        si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1422                                   si->shallow->nr);
1423        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1424
1425        si->need_reachability_test =
1426                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1427        si->reachable =
1428                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1429        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1430
1431        for (i = 0; i < si->nr_ours; i++)
1432                si->need_reachability_test[si->ours[i]] = 1;
1433
1434        for (i = 0; i < si->shallow->nr; i++) {
1435                if (!si->used_shallow[i])
1436                        continue;
1437                for (j = 0; j < bitmap_size; j++) {
1438                        if (!si->used_shallow[i][j])
1439                                continue;
1440                        si->need_reachability_test[i]++;
1441                        for (k = 0; k < 32; k++)
1442                                if (si->used_shallow[i][j] & (1 << k))
1443                                        si->shallow_ref[j * 32 + k]++;
1444                }
1445
1446                /*
1447                 * true for those associated with some refs and belong
1448                 * in "ours" list aka "step 7 not done yet"
1449                 */
1450                si->need_reachability_test[i] =
1451                        si->need_reachability_test[i] > 1;
1452        }
1453
1454        /*
1455         * keep hooks happy by forcing a temporary shallow file via
1456         * env variable because we can't add --shallow-file to every
1457         * command. check_everything_connected() will be done with
1458         * true .git/shallow though.
1459         */
1460        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1461}
1462
1463static void update_shallow_info(struct command *commands,
1464                                struct shallow_info *si,
1465                                struct sha1_array *ref)
1466{
1467        struct command *cmd;
1468        int *ref_status;
1469        remove_nonexistent_theirs_shallow(si);
1470        if (!si->nr_ours && !si->nr_theirs) {
1471                shallow_update = 0;
1472                return;
1473        }
1474
1475        for (cmd = commands; cmd; cmd = cmd->next) {
1476                if (is_null_sha1(cmd->new_sha1))
1477                        continue;
1478                sha1_array_append(ref, cmd->new_sha1);
1479                cmd->index = ref->nr - 1;
1480        }
1481        si->ref = ref;
1482
1483        if (shallow_update) {
1484                prepare_shallow_update(commands, si);
1485                return;
1486        }
1487
1488        ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1489        assign_shallow_commits_to_refs(si, NULL, ref_status);
1490        for (cmd = commands; cmd; cmd = cmd->next) {
1491                if (is_null_sha1(cmd->new_sha1))
1492                        continue;
1493                if (ref_status[cmd->index]) {
1494                        cmd->error_string = "shallow update not allowed";
1495                        cmd->skip_update = 1;
1496                }
1497        }
1498        free(ref_status);
1499}
1500
1501static void report(struct command *commands, const char *unpack_status)
1502{
1503        struct command *cmd;
1504        struct strbuf buf = STRBUF_INIT;
1505
1506        packet_buf_write(&buf, "unpack %s\n",
1507                         unpack_status ? unpack_status : "ok");
1508        for (cmd = commands; cmd; cmd = cmd->next) {
1509                if (!cmd->error_string)
1510                        packet_buf_write(&buf, "ok %s\n",
1511                                         cmd->ref_name);
1512                else
1513                        packet_buf_write(&buf, "ng %s %s\n",
1514                                         cmd->ref_name, cmd->error_string);
1515        }
1516        packet_buf_flush(&buf);
1517
1518        if (use_sideband)
1519                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1520        else
1521                write_or_die(1, buf.buf, buf.len);
1522        strbuf_release(&buf);
1523}
1524
1525static int delete_only(struct command *commands)
1526{
1527        struct command *cmd;
1528        for (cmd = commands; cmd; cmd = cmd->next) {
1529                if (!is_null_sha1(cmd->new_sha1))
1530                        return 0;
1531        }
1532        return 1;
1533}
1534
1535int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1536{
1537        int advertise_refs = 0;
1538        int i;
1539        struct command *commands;
1540        struct sha1_array shallow = SHA1_ARRAY_INIT;
1541        struct sha1_array ref = SHA1_ARRAY_INIT;
1542        struct shallow_info si;
1543
1544        packet_trace_identity("receive-pack");
1545
1546        argv++;
1547        for (i = 1; i < argc; i++) {
1548                const char *arg = *argv++;
1549
1550                if (*arg == '-') {
1551                        if (!strcmp(arg, "--quiet")) {
1552                                quiet = 1;
1553                                continue;
1554                        }
1555
1556                        if (!strcmp(arg, "--advertise-refs")) {
1557                                advertise_refs = 1;
1558                                continue;
1559                        }
1560                        if (!strcmp(arg, "--stateless-rpc")) {
1561                                stateless_rpc = 1;
1562                                continue;
1563                        }
1564                        if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1565                                fix_thin = 0;
1566                                continue;
1567                        }
1568
1569                        usage(receive_pack_usage);
1570                }
1571                if (service_dir)
1572                        usage(receive_pack_usage);
1573                service_dir = arg;
1574        }
1575        if (!service_dir)
1576                usage(receive_pack_usage);
1577
1578        setup_path();
1579
1580        if (!enter_repo(service_dir, 0))
1581                die("'%s' does not appear to be a git repository", service_dir);
1582
1583        git_config(receive_pack_config, NULL);
1584        if (cert_nonce_seed)
1585                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1586
1587        if (0 <= transfer_unpack_limit)
1588                unpack_limit = transfer_unpack_limit;
1589        else if (0 <= receive_unpack_limit)
1590                unpack_limit = receive_unpack_limit;
1591
1592        if (advertise_refs || !stateless_rpc) {
1593                write_head_info();
1594        }
1595        if (advertise_refs)
1596                return 0;
1597
1598        if ((commands = read_head_info(&shallow)) != NULL) {
1599                const char *unpack_status = NULL;
1600
1601                prepare_shallow_info(&si, &shallow);
1602                if (!si.nr_ours && !si.nr_theirs)
1603                        shallow_update = 0;
1604                if (!delete_only(commands)) {
1605                        unpack_status = unpack_with_sideband(&si);
1606                        update_shallow_info(commands, &si, &ref);
1607                }
1608                execute_commands(commands, unpack_status, &si);
1609                if (pack_lockfile)
1610                        unlink_or_warn(pack_lockfile);
1611                if (report_status)
1612                        report(commands, unpack_status);
1613                run_receive_hook(commands, "post-receive", 1);
1614                run_update_post_hook(commands);
1615                if (auto_gc) {
1616                        const char *argv_gc_auto[] = {
1617                                "gc", "--auto", "--quiet", NULL,
1618                        };
1619                        int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1620                        run_command_v_opt(argv_gc_auto, opt);
1621                }
1622                if (auto_update_server_info)
1623                        update_server_info(0);
1624                clear_shallow_info(&si);
1625        }
1626        if (use_sideband)
1627                packet_flush(1);
1628        sha1_array_clear(&shallow);
1629        sha1_array_clear(&ref);
1630        free((void *)push_cert_nonce);
1631        return 0;
1632}