1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30#include "commit-reach.h"
31
32static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35};
36
37enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43};
44
45static int deny_deletes;
46static int deny_non_fast_forwards;
47static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49static int receive_fsck_objects = -1;
50static int transfer_fsck_objects = -1;
51static struct strbuf fsck_msg_types = STRBUF_INIT;
52static int receive_unpack_limit = -1;
53static int transfer_unpack_limit = -1;
54static int advertise_atomic_push = 1;
55static int advertise_push_options;
56static int unpack_limit = 100;
57static off_t max_input_size;
58static int report_status;
59static int use_sideband;
60static int use_atomic;
61static int use_push_options;
62static int quiet;
63static int prefer_ofs_delta = 1;
64static int auto_update_server_info;
65static int auto_gc = 1;
66static int reject_thin;
67static int stateless_rpc;
68static const char *service_dir;
69static const char *head_name;
70static void *head_name_to_free;
71static int sent_capabilities;
72static int shallow_update;
73static const char *alt_shallow_file;
74static struct strbuf push_cert = STRBUF_INIT;
75static struct object_id push_cert_oid;
76static struct signature_check sigcheck;
77static const char *push_cert_nonce;
78static const char *cert_nonce_seed;
79
80static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81static const char *NONCE_BAD = "BAD";
82static const char *NONCE_MISSING = "MISSING";
83static const char *NONCE_OK = "OK";
84static const char *NONCE_SLOP = "SLOP";
85static const char *nonce_status;
86static long nonce_stamp_slop;
87static timestamp_t nonce_stamp_slop_limit;
88static struct ref_transaction *transaction;
89
90static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94} use_keepalive;
95static int keepalive_in_sec = 5;
96
97static struct tmp_objdir *tmp_objdir;
98
99static enum deny_action parse_deny_action(const char *var, const char *value)
100{
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114}
115
116static int receive_pack_config(const char *var, const char *value, void *cb)
117{
118 int status = parse_hide_refs_config(var, value, "receive");
119
120 if (status)
121 return status;
122
123 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145
146 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153
154 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205
206 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225
226 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230
231 return git_default_config(var, value, cb);
232}
233
234static void show_ref(const char *path, const struct object_id *oid)
235{
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240
241 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257}
258
259static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261{
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264
265 if (ref_is_hidden(path, path_full))
266 return 0;
267
268 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282}
283
284static void show_one_alternate_ref(const char *refname,
285 const struct object_id *oid,
286 void *data)
287{
288 struct oidset *seen = data;
289
290 if (oidset_insert(seen, oid))
291 return;
292
293 show_ref(".have", oid);
294}
295
296static void write_head_info(void)
297{
298 static struct oidset seen = OIDSET_INIT;
299
300 for_each_ref(show_ref_cb, &seen);
301 for_each_alternate_ref(show_one_alternate_ref, &seen);
302 oidset_clear(&seen);
303 if (!sent_capabilities)
304 show_ref("capabilities^{}", &null_oid);
305
306 advertise_shallow_grafts(1);
307
308 /* EOF */
309 packet_flush(1);
310}
311
312struct command {
313 struct command *next;
314 const char *error_string;
315 unsigned int skip_update:1,
316 did_not_exist:1;
317 int index;
318 struct object_id old_oid;
319 struct object_id new_oid;
320 char ref_name[FLEX_ARRAY]; /* more */
321};
322
323static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
324static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
325
326static void report_message(const char *prefix, const char *err, va_list params)
327{
328 int sz;
329 char msg[4096];
330
331 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
332 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
333 if (sz > (sizeof(msg) - 1))
334 sz = sizeof(msg) - 1;
335 msg[sz++] = '\n';
336
337 if (use_sideband)
338 send_sideband(1, 2, msg, sz, use_sideband);
339 else
340 xwrite(2, msg, sz);
341}
342
343static void rp_warning(const char *err, ...)
344{
345 va_list params;
346 va_start(params, err);
347 report_message("warning: ", err, params);
348 va_end(params);
349}
350
351static void rp_error(const char *err, ...)
352{
353 va_list params;
354 va_start(params, err);
355 report_message("error: ", err, params);
356 va_end(params);
357}
358
359static int copy_to_sideband(int in, int out, void *arg)
360{
361 char data[128];
362 int keepalive_active = 0;
363
364 if (keepalive_in_sec <= 0)
365 use_keepalive = KEEPALIVE_NEVER;
366 if (use_keepalive == KEEPALIVE_ALWAYS)
367 keepalive_active = 1;
368
369 while (1) {
370 ssize_t sz;
371
372 if (keepalive_active) {
373 struct pollfd pfd;
374 int ret;
375
376 pfd.fd = in;
377 pfd.events = POLLIN;
378 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
379
380 if (ret < 0) {
381 if (errno == EINTR)
382 continue;
383 else
384 break;
385 } else if (ret == 0) {
386 /* no data; send a keepalive packet */
387 static const char buf[] = "0005\1";
388 write_or_die(1, buf, sizeof(buf) - 1);
389 continue;
390 } /* else there is actual data to read */
391 }
392
393 sz = xread(in, data, sizeof(data));
394 if (sz <= 0)
395 break;
396
397 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
398 const char *p = memchr(data, '\0', sz);
399 if (p) {
400 /*
401 * The NUL tells us to start sending keepalives. Make
402 * sure we send any other data we read along
403 * with it.
404 */
405 keepalive_active = 1;
406 send_sideband(1, 2, data, p - data, use_sideband);
407 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
408 continue;
409 }
410 }
411
412 /*
413 * Either we're not looking for a NUL signal, or we didn't see
414 * it yet; just pass along the data.
415 */
416 send_sideband(1, 2, data, sz, use_sideband);
417 }
418 close(in);
419 return 0;
420}
421
422#define HMAC_BLOCK_SIZE 64
423
424static void hmac_sha1(unsigned char *out,
425 const char *key_in, size_t key_len,
426 const char *text, size_t text_len)
427{
428 unsigned char key[HMAC_BLOCK_SIZE];
429 unsigned char k_ipad[HMAC_BLOCK_SIZE];
430 unsigned char k_opad[HMAC_BLOCK_SIZE];
431 int i;
432 git_SHA_CTX ctx;
433
434 /* RFC 2104 2. (1) */
435 memset(key, '\0', HMAC_BLOCK_SIZE);
436 if (HMAC_BLOCK_SIZE < key_len) {
437 git_SHA1_Init(&ctx);
438 git_SHA1_Update(&ctx, key_in, key_len);
439 git_SHA1_Final(key, &ctx);
440 } else {
441 memcpy(key, key_in, key_len);
442 }
443
444 /* RFC 2104 2. (2) & (5) */
445 for (i = 0; i < sizeof(key); i++) {
446 k_ipad[i] = key[i] ^ 0x36;
447 k_opad[i] = key[i] ^ 0x5c;
448 }
449
450 /* RFC 2104 2. (3) & (4) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
453 git_SHA1_Update(&ctx, text, text_len);
454 git_SHA1_Final(out, &ctx);
455
456 /* RFC 2104 2. (6) & (7) */
457 git_SHA1_Init(&ctx);
458 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
459 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
460 git_SHA1_Final(out, &ctx);
461}
462
463static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
464{
465 struct strbuf buf = STRBUF_INIT;
466 unsigned char sha1[GIT_SHA1_RAWSZ];
467
468 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
469 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
470 strbuf_release(&buf);
471
472 /* RFC 2104 5. HMAC-SHA1-80 */
473 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
474 return strbuf_detach(&buf, NULL);
475}
476
477/*
478 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
479 * after dropping "_commit" from its name and possibly moving it out
480 * of commit.c
481 */
482static char *find_header(const char *msg, size_t len, const char *key,
483 const char **next_line)
484{
485 int key_len = strlen(key);
486 const char *line = msg;
487
488 while (line && line < msg + len) {
489 const char *eol = strchrnul(line, '\n');
490
491 if ((msg + len <= eol) || line == eol)
492 return NULL;
493 if (line + key_len < eol &&
494 !memcmp(line, key, key_len) && line[key_len] == ' ') {
495 int offset = key_len + 1;
496 if (next_line)
497 *next_line = *eol ? eol + 1 : eol;
498 return xmemdupz(line + offset, (eol - line) - offset);
499 }
500 line = *eol ? eol + 1 : NULL;
501 }
502 return NULL;
503}
504
505static const char *check_nonce(const char *buf, size_t len)
506{
507 char *nonce = find_header(buf, len, "nonce", NULL);
508 timestamp_t stamp, ostamp;
509 char *bohmac, *expect = NULL;
510 const char *retval = NONCE_BAD;
511
512 if (!nonce) {
513 retval = NONCE_MISSING;
514 goto leave;
515 } else if (!push_cert_nonce) {
516 retval = NONCE_UNSOLICITED;
517 goto leave;
518 } else if (!strcmp(push_cert_nonce, nonce)) {
519 retval = NONCE_OK;
520 goto leave;
521 }
522
523 if (!stateless_rpc) {
524 /* returned nonce MUST match what we gave out earlier */
525 retval = NONCE_BAD;
526 goto leave;
527 }
528
529 /*
530 * In stateless mode, we may be receiving a nonce issued by
531 * another instance of the server that serving the same
532 * repository, and the timestamps may not match, but the
533 * nonce-seed and dir should match, so we can recompute and
534 * report the time slop.
535 *
536 * In addition, when a nonce issued by another instance has
537 * timestamp within receive.certnonceslop seconds, we pretend
538 * as if we issued that nonce when reporting to the hook.
539 */
540
541 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
542 if (*nonce <= '0' || '9' < *nonce) {
543 retval = NONCE_BAD;
544 goto leave;
545 }
546 stamp = parse_timestamp(nonce, &bohmac, 10);
547 if (bohmac == nonce || bohmac[0] != '-') {
548 retval = NONCE_BAD;
549 goto leave;
550 }
551
552 expect = prepare_push_cert_nonce(service_dir, stamp);
553 if (strcmp(expect, nonce)) {
554 /* Not what we would have signed earlier */
555 retval = NONCE_BAD;
556 goto leave;
557 }
558
559 /*
560 * By how many seconds is this nonce stale? Negative value
561 * would mean it was issued by another server with its clock
562 * skewed in the future.
563 */
564 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
565 nonce_stamp_slop = (long)ostamp - (long)stamp;
566
567 if (nonce_stamp_slop_limit &&
568 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
569 /*
570 * Pretend as if the received nonce (which passes the
571 * HMAC check, so it is not a forged by third-party)
572 * is what we issued.
573 */
574 free((void *)push_cert_nonce);
575 push_cert_nonce = xstrdup(nonce);
576 retval = NONCE_OK;
577 } else {
578 retval = NONCE_SLOP;
579 }
580
581leave:
582 free(nonce);
583 free(expect);
584 return retval;
585}
586
587/*
588 * Return 1 if there is no push_cert or if the push options in push_cert are
589 * the same as those in the argument; 0 otherwise.
590 */
591static int check_cert_push_options(const struct string_list *push_options)
592{
593 const char *buf = push_cert.buf;
594 int len = push_cert.len;
595
596 char *option;
597 const char *next_line;
598 int options_seen = 0;
599
600 int retval = 1;
601
602 if (!len)
603 return 1;
604
605 while ((option = find_header(buf, len, "push-option", &next_line))) {
606 len -= (next_line - buf);
607 buf = next_line;
608 options_seen++;
609 if (options_seen > push_options->nr
610 || strcmp(option,
611 push_options->items[options_seen - 1].string)) {
612 retval = 0;
613 goto leave;
614 }
615 free(option);
616 }
617
618 if (options_seen != push_options->nr)
619 retval = 0;
620
621leave:
622 free(option);
623 return retval;
624}
625
626static void prepare_push_cert_sha1(struct child_process *proc)
627{
628 static int already_done;
629
630 if (!push_cert.len)
631 return;
632
633 if (!already_done) {
634 struct strbuf gpg_output = STRBUF_INIT;
635 struct strbuf gpg_status = STRBUF_INIT;
636 int bogs /* beginning_of_gpg_sig */;
637
638 already_done = 1;
639 if (write_object_file(push_cert.buf, push_cert.len, "blob",
640 &push_cert_oid))
641 oidclr(&push_cert_oid);
642
643 memset(&sigcheck, '\0', sizeof(sigcheck));
644 sigcheck.result = 'N';
645
646 bogs = parse_signature(push_cert.buf, push_cert.len);
647 if (verify_signed_buffer(push_cert.buf, bogs,
648 push_cert.buf + bogs, push_cert.len - bogs,
649 &gpg_output, &gpg_status) < 0) {
650 ; /* error running gpg */
651 } else {
652 sigcheck.payload = push_cert.buf;
653 sigcheck.gpg_output = gpg_output.buf;
654 sigcheck.gpg_status = gpg_status.buf;
655 parse_gpg_output(&sigcheck);
656 }
657
658 strbuf_release(&gpg_output);
659 strbuf_release(&gpg_status);
660 nonce_status = check_nonce(push_cert.buf, bogs);
661 }
662 if (!is_null_oid(&push_cert_oid)) {
663 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
664 oid_to_hex(&push_cert_oid));
665 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
666 sigcheck.signer ? sigcheck.signer : "");
667 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
668 sigcheck.key ? sigcheck.key : "");
669 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
670 sigcheck.result);
671 if (push_cert_nonce) {
672 argv_array_pushf(&proc->env_array,
673 "GIT_PUSH_CERT_NONCE=%s",
674 push_cert_nonce);
675 argv_array_pushf(&proc->env_array,
676 "GIT_PUSH_CERT_NONCE_STATUS=%s",
677 nonce_status);
678 if (nonce_status == NONCE_SLOP)
679 argv_array_pushf(&proc->env_array,
680 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
681 nonce_stamp_slop);
682 }
683 }
684}
685
686struct receive_hook_feed_state {
687 struct command *cmd;
688 int skip_broken;
689 struct strbuf buf;
690 const struct string_list *push_options;
691};
692
693typedef int (*feed_fn)(void *, const char **, size_t *);
694static int run_and_feed_hook(const char *hook_name, feed_fn feed,
695 struct receive_hook_feed_state *feed_state)
696{
697 struct child_process proc = CHILD_PROCESS_INIT;
698 struct async muxer;
699 const char *argv[2];
700 int code;
701
702 argv[0] = find_hook(hook_name);
703 if (!argv[0])
704 return 0;
705
706 argv[1] = NULL;
707
708 proc.argv = argv;
709 proc.in = -1;
710 proc.stdout_to_stderr = 1;
711 if (feed_state->push_options) {
712 int i;
713 for (i = 0; i < feed_state->push_options->nr; i++)
714 argv_array_pushf(&proc.env_array,
715 "GIT_PUSH_OPTION_%d=%s", i,
716 feed_state->push_options->items[i].string);
717 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
718 feed_state->push_options->nr);
719 } else
720 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
721
722 if (tmp_objdir)
723 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
724
725 if (use_sideband) {
726 memset(&muxer, 0, sizeof(muxer));
727 muxer.proc = copy_to_sideband;
728 muxer.in = -1;
729 code = start_async(&muxer);
730 if (code)
731 return code;
732 proc.err = muxer.in;
733 }
734
735 prepare_push_cert_sha1(&proc);
736
737 code = start_command(&proc);
738 if (code) {
739 if (use_sideband)
740 finish_async(&muxer);
741 return code;
742 }
743
744 sigchain_push(SIGPIPE, SIG_IGN);
745
746 while (1) {
747 const char *buf;
748 size_t n;
749 if (feed(feed_state, &buf, &n))
750 break;
751 if (write_in_full(proc.in, buf, n) < 0)
752 break;
753 }
754 close(proc.in);
755 if (use_sideband)
756 finish_async(&muxer);
757
758 sigchain_pop(SIGPIPE);
759
760 return finish_command(&proc);
761}
762
763static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
764{
765 struct receive_hook_feed_state *state = state_;
766 struct command *cmd = state->cmd;
767
768 while (cmd &&
769 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
770 cmd = cmd->next;
771 if (!cmd)
772 return -1; /* EOF */
773 strbuf_reset(&state->buf);
774 strbuf_addf(&state->buf, "%s %s %s\n",
775 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
776 cmd->ref_name);
777 state->cmd = cmd->next;
778 if (bufp) {
779 *bufp = state->buf.buf;
780 *sizep = state->buf.len;
781 }
782 return 0;
783}
784
785static int run_receive_hook(struct command *commands,
786 const char *hook_name,
787 int skip_broken,
788 const struct string_list *push_options)
789{
790 struct receive_hook_feed_state state;
791 int status;
792
793 strbuf_init(&state.buf, 0);
794 state.cmd = commands;
795 state.skip_broken = skip_broken;
796 if (feed_receive_hook(&state, NULL, NULL))
797 return 0;
798 state.cmd = commands;
799 state.push_options = push_options;
800 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
801 strbuf_release(&state.buf);
802 return status;
803}
804
805static int run_update_hook(struct command *cmd)
806{
807 const char *argv[5];
808 struct child_process proc = CHILD_PROCESS_INIT;
809 int code;
810
811 argv[0] = find_hook("update");
812 if (!argv[0])
813 return 0;
814
815 argv[1] = cmd->ref_name;
816 argv[2] = oid_to_hex(&cmd->old_oid);
817 argv[3] = oid_to_hex(&cmd->new_oid);
818 argv[4] = NULL;
819
820 proc.no_stdin = 1;
821 proc.stdout_to_stderr = 1;
822 proc.err = use_sideband ? -1 : 0;
823 proc.argv = argv;
824
825 code = start_command(&proc);
826 if (code)
827 return code;
828 if (use_sideband)
829 copy_to_sideband(proc.err, -1, NULL);
830 return finish_command(&proc);
831}
832
833static int is_ref_checked_out(const char *ref)
834{
835 if (is_bare_repository())
836 return 0;
837
838 if (!head_name)
839 return 0;
840 return !strcmp(head_name, ref);
841}
842
843static char *refuse_unconfigured_deny_msg =
844 N_("By default, updating the current branch in a non-bare repository\n"
845 "is denied, because it will make the index and work tree inconsistent\n"
846 "with what you pushed, and will require 'git reset --hard' to match\n"
847 "the work tree to HEAD.\n"
848 "\n"
849 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
850 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
851 "its current branch; however, this is not recommended unless you\n"
852 "arranged to update its work tree to match what you pushed in some\n"
853 "other way.\n"
854 "\n"
855 "To squelch this message and still keep the default behaviour, set\n"
856 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
857
858static void refuse_unconfigured_deny(void)
859{
860 rp_error("%s", _(refuse_unconfigured_deny_msg));
861}
862
863static char *refuse_unconfigured_deny_delete_current_msg =
864 N_("By default, deleting the current branch is denied, because the next\n"
865 "'git clone' won't result in any file checked out, causing confusion.\n"
866 "\n"
867 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
868 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
869 "current branch, with or without a warning message.\n"
870 "\n"
871 "To squelch this message, you can set it to 'refuse'.");
872
873static void refuse_unconfigured_deny_delete_current(void)
874{
875 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
876}
877
878static int command_singleton_iterator(void *cb_data, struct object_id *oid);
879static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
880{
881 struct lock_file shallow_lock = LOCK_INIT;
882 struct oid_array extra = OID_ARRAY_INIT;
883 struct check_connected_options opt = CHECK_CONNECTED_INIT;
884 uint32_t mask = 1 << (cmd->index % 32);
885 int i;
886
887 trace_printf_key(&trace_shallow,
888 "shallow: update_shallow_ref %s\n", cmd->ref_name);
889 for (i = 0; i < si->shallow->nr; i++)
890 if (si->used_shallow[i] &&
891 (si->used_shallow[i][cmd->index / 32] & mask) &&
892 !delayed_reachability_test(si, i))
893 oid_array_append(&extra, &si->shallow->oid[i]);
894
895 opt.env = tmp_objdir_env(tmp_objdir);
896 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
897 if (check_connected(command_singleton_iterator, cmd, &opt)) {
898 rollback_lock_file(&shallow_lock);
899 oid_array_clear(&extra);
900 return -1;
901 }
902
903 commit_lock_file(&shallow_lock);
904
905 /*
906 * Make sure setup_alternate_shallow() for the next ref does
907 * not lose these new roots..
908 */
909 for (i = 0; i < extra.nr; i++)
910 register_shallow(the_repository, &extra.oid[i]);
911
912 si->shallow_ref[cmd->index] = 0;
913 oid_array_clear(&extra);
914 return 0;
915}
916
917/*
918 * NEEDSWORK: we should consolidate various implementions of "are we
919 * on an unborn branch?" test into one, and make the unified one more
920 * robust. !get_sha1() based check used here and elsewhere would not
921 * allow us to tell an unborn branch from corrupt ref, for example.
922 * For the purpose of fixing "deploy-to-update does not work when
923 * pushing into an empty repository" issue, this should suffice for
924 * now.
925 */
926static int head_has_history(void)
927{
928 struct object_id oid;
929
930 return !get_oid("HEAD", &oid);
931}
932
933static const char *push_to_deploy(unsigned char *sha1,
934 struct argv_array *env,
935 const char *work_tree)
936{
937 const char *update_refresh[] = {
938 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
939 };
940 const char *diff_files[] = {
941 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
942 };
943 const char *diff_index[] = {
944 "diff-index", "--quiet", "--cached", "--ignore-submodules",
945 NULL, "--", NULL
946 };
947 const char *read_tree[] = {
948 "read-tree", "-u", "-m", NULL, NULL
949 };
950 struct child_process child = CHILD_PROCESS_INIT;
951
952 child.argv = update_refresh;
953 child.env = env->argv;
954 child.dir = work_tree;
955 child.no_stdin = 1;
956 child.stdout_to_stderr = 1;
957 child.git_cmd = 1;
958 if (run_command(&child))
959 return "Up-to-date check failed";
960
961 /* run_command() does not clean up completely; reinitialize */
962 child_process_init(&child);
963 child.argv = diff_files;
964 child.env = env->argv;
965 child.dir = work_tree;
966 child.no_stdin = 1;
967 child.stdout_to_stderr = 1;
968 child.git_cmd = 1;
969 if (run_command(&child))
970 return "Working directory has unstaged changes";
971
972 /* diff-index with either HEAD or an empty tree */
973 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
974
975 child_process_init(&child);
976 child.argv = diff_index;
977 child.env = env->argv;
978 child.no_stdin = 1;
979 child.no_stdout = 1;
980 child.stdout_to_stderr = 0;
981 child.git_cmd = 1;
982 if (run_command(&child))
983 return "Working directory has staged changes";
984
985 read_tree[3] = sha1_to_hex(sha1);
986 child_process_init(&child);
987 child.argv = read_tree;
988 child.env = env->argv;
989 child.dir = work_tree;
990 child.no_stdin = 1;
991 child.no_stdout = 1;
992 child.stdout_to_stderr = 0;
993 child.git_cmd = 1;
994 if (run_command(&child))
995 return "Could not update working tree to new HEAD";
996
997 return NULL;
998}
999
1000static const char *push_to_checkout_hook = "push-to-checkout";
1001
1002static const char *push_to_checkout(unsigned char *sha1,
1003 struct argv_array *env,
1004 const char *work_tree)
1005{
1006 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1007 if (run_hook_le(env->argv, push_to_checkout_hook,
1008 sha1_to_hex(sha1), NULL))
1009 return "push-to-checkout hook declined";
1010 else
1011 return NULL;
1012}
1013
1014static const char *update_worktree(unsigned char *sha1)
1015{
1016 const char *retval;
1017 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1018 struct argv_array env = ARGV_ARRAY_INIT;
1019
1020 if (is_bare_repository())
1021 return "denyCurrentBranch = updateInstead needs a worktree";
1022
1023 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1024
1025 if (!find_hook(push_to_checkout_hook))
1026 retval = push_to_deploy(sha1, &env, work_tree);
1027 else
1028 retval = push_to_checkout(sha1, &env, work_tree);
1029
1030 argv_array_clear(&env);
1031 return retval;
1032}
1033
1034static const char *update(struct command *cmd, struct shallow_info *si)
1035{
1036 const char *name = cmd->ref_name;
1037 struct strbuf namespaced_name_buf = STRBUF_INIT;
1038 static char *namespaced_name;
1039 const char *ret;
1040 struct object_id *old_oid = &cmd->old_oid;
1041 struct object_id *new_oid = &cmd->new_oid;
1042
1043 /* only refs/... are allowed */
1044 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1045 rp_error("refusing to create funny ref '%s' remotely", name);
1046 return "funny refname";
1047 }
1048
1049 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1050 free(namespaced_name);
1051 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1052
1053 if (is_ref_checked_out(namespaced_name)) {
1054 switch (deny_current_branch) {
1055 case DENY_IGNORE:
1056 break;
1057 case DENY_WARN:
1058 rp_warning("updating the current branch");
1059 break;
1060 case DENY_REFUSE:
1061 case DENY_UNCONFIGURED:
1062 rp_error("refusing to update checked out branch: %s", name);
1063 if (deny_current_branch == DENY_UNCONFIGURED)
1064 refuse_unconfigured_deny();
1065 return "branch is currently checked out";
1066 case DENY_UPDATE_INSTEAD:
1067 ret = update_worktree(new_oid->hash);
1068 if (ret)
1069 return ret;
1070 break;
1071 }
1072 }
1073
1074 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1075 error("unpack should have generated %s, "
1076 "but I can't find it!", oid_to_hex(new_oid));
1077 return "bad pack";
1078 }
1079
1080 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1081 if (deny_deletes && starts_with(name, "refs/heads/")) {
1082 rp_error("denying ref deletion for %s", name);
1083 return "deletion prohibited";
1084 }
1085
1086 if (head_name && !strcmp(namespaced_name, head_name)) {
1087 switch (deny_delete_current) {
1088 case DENY_IGNORE:
1089 break;
1090 case DENY_WARN:
1091 rp_warning("deleting the current branch");
1092 break;
1093 case DENY_REFUSE:
1094 case DENY_UNCONFIGURED:
1095 case DENY_UPDATE_INSTEAD:
1096 if (deny_delete_current == DENY_UNCONFIGURED)
1097 refuse_unconfigured_deny_delete_current();
1098 rp_error("refusing to delete the current branch: %s", name);
1099 return "deletion of the current branch prohibited";
1100 default:
1101 return "Invalid denyDeleteCurrent setting";
1102 }
1103 }
1104 }
1105
1106 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1107 !is_null_oid(old_oid) &&
1108 starts_with(name, "refs/heads/")) {
1109 struct object *old_object, *new_object;
1110 struct commit *old_commit, *new_commit;
1111
1112 old_object = parse_object(the_repository, old_oid);
1113 new_object = parse_object(the_repository, new_oid);
1114
1115 if (!old_object || !new_object ||
1116 old_object->type != OBJ_COMMIT ||
1117 new_object->type != OBJ_COMMIT) {
1118 error("bad sha1 objects for %s", name);
1119 return "bad ref";
1120 }
1121 old_commit = (struct commit *)old_object;
1122 new_commit = (struct commit *)new_object;
1123 if (!in_merge_bases(old_commit, new_commit)) {
1124 rp_error("denying non-fast-forward %s"
1125 " (you should pull first)", name);
1126 return "non-fast-forward";
1127 }
1128 }
1129 if (run_update_hook(cmd)) {
1130 rp_error("hook declined to update %s", name);
1131 return "hook declined";
1132 }
1133
1134 if (is_null_oid(new_oid)) {
1135 struct strbuf err = STRBUF_INIT;
1136 if (!parse_object(the_repository, old_oid)) {
1137 old_oid = NULL;
1138 if (ref_exists(name)) {
1139 rp_warning("Allowing deletion of corrupt ref.");
1140 } else {
1141 rp_warning("Deleting a non-existent ref.");
1142 cmd->did_not_exist = 1;
1143 }
1144 }
1145 if (ref_transaction_delete(transaction,
1146 namespaced_name,
1147 old_oid,
1148 0, "push", &err)) {
1149 rp_error("%s", err.buf);
1150 strbuf_release(&err);
1151 return "failed to delete";
1152 }
1153 strbuf_release(&err);
1154 return NULL; /* good */
1155 }
1156 else {
1157 struct strbuf err = STRBUF_INIT;
1158 if (shallow_update && si->shallow_ref[cmd->index] &&
1159 update_shallow_ref(cmd, si))
1160 return "shallow error";
1161
1162 if (ref_transaction_update(transaction,
1163 namespaced_name,
1164 new_oid, old_oid,
1165 0, "push",
1166 &err)) {
1167 rp_error("%s", err.buf);
1168 strbuf_release(&err);
1169
1170 return "failed to update ref";
1171 }
1172 strbuf_release(&err);
1173
1174 return NULL; /* good */
1175 }
1176}
1177
1178static void run_update_post_hook(struct command *commands)
1179{
1180 struct command *cmd;
1181 struct child_process proc = CHILD_PROCESS_INIT;
1182 const char *hook;
1183
1184 hook = find_hook("post-update");
1185 if (!hook)
1186 return;
1187
1188 for (cmd = commands; cmd; cmd = cmd->next) {
1189 if (cmd->error_string || cmd->did_not_exist)
1190 continue;
1191 if (!proc.args.argc)
1192 argv_array_push(&proc.args, hook);
1193 argv_array_push(&proc.args, cmd->ref_name);
1194 }
1195 if (!proc.args.argc)
1196 return;
1197
1198 proc.no_stdin = 1;
1199 proc.stdout_to_stderr = 1;
1200 proc.err = use_sideband ? -1 : 0;
1201
1202 if (!start_command(&proc)) {
1203 if (use_sideband)
1204 copy_to_sideband(proc.err, -1, NULL);
1205 finish_command(&proc);
1206 }
1207}
1208
1209static void check_aliased_update(struct command *cmd, struct string_list *list)
1210{
1211 struct strbuf buf = STRBUF_INIT;
1212 const char *dst_name;
1213 struct string_list_item *item;
1214 struct command *dst_cmd;
1215 int flag;
1216
1217 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1218 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1219 strbuf_release(&buf);
1220
1221 if (!(flag & REF_ISSYMREF))
1222 return;
1223
1224 if (!dst_name) {
1225 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1226 cmd->skip_update = 1;
1227 cmd->error_string = "broken symref";
1228 return;
1229 }
1230 dst_name = strip_namespace(dst_name);
1231
1232 if ((item = string_list_lookup(list, dst_name)) == NULL)
1233 return;
1234
1235 cmd->skip_update = 1;
1236
1237 dst_cmd = (struct command *) item->util;
1238
1239 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1240 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1241 return;
1242
1243 dst_cmd->skip_update = 1;
1244
1245 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1246 " its target '%s' (%s..%s)",
1247 cmd->ref_name,
1248 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1249 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1250 dst_cmd->ref_name,
1251 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1252 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1253
1254 cmd->error_string = dst_cmd->error_string =
1255 "inconsistent aliased update";
1256}
1257
1258static void check_aliased_updates(struct command *commands)
1259{
1260 struct command *cmd;
1261 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1262
1263 for (cmd = commands; cmd; cmd = cmd->next) {
1264 struct string_list_item *item =
1265 string_list_append(&ref_list, cmd->ref_name);
1266 item->util = (void *)cmd;
1267 }
1268 string_list_sort(&ref_list);
1269
1270 for (cmd = commands; cmd; cmd = cmd->next) {
1271 if (!cmd->error_string)
1272 check_aliased_update(cmd, &ref_list);
1273 }
1274
1275 string_list_clear(&ref_list, 0);
1276}
1277
1278static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1279{
1280 struct command **cmd_list = cb_data;
1281 struct command *cmd = *cmd_list;
1282
1283 if (!cmd || is_null_oid(&cmd->new_oid))
1284 return -1; /* end of list */
1285 *cmd_list = NULL; /* this returns only one */
1286 oidcpy(oid, &cmd->new_oid);
1287 return 0;
1288}
1289
1290static void set_connectivity_errors(struct command *commands,
1291 struct shallow_info *si)
1292{
1293 struct command *cmd;
1294
1295 for (cmd = commands; cmd; cmd = cmd->next) {
1296 struct command *singleton = cmd;
1297 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1298
1299 if (shallow_update && si->shallow_ref[cmd->index])
1300 /* to be checked in update_shallow_ref() */
1301 continue;
1302
1303 opt.env = tmp_objdir_env(tmp_objdir);
1304 if (!check_connected(command_singleton_iterator, &singleton,
1305 &opt))
1306 continue;
1307
1308 cmd->error_string = "missing necessary objects";
1309 }
1310}
1311
1312struct iterate_data {
1313 struct command *cmds;
1314 struct shallow_info *si;
1315};
1316
1317static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1318{
1319 struct iterate_data *data = cb_data;
1320 struct command **cmd_list = &data->cmds;
1321 struct command *cmd = *cmd_list;
1322
1323 for (; cmd; cmd = cmd->next) {
1324 if (shallow_update && data->si->shallow_ref[cmd->index])
1325 /* to be checked in update_shallow_ref() */
1326 continue;
1327 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1328 oidcpy(oid, &cmd->new_oid);
1329 *cmd_list = cmd->next;
1330 return 0;
1331 }
1332 }
1333 *cmd_list = NULL;
1334 return -1; /* end of list */
1335}
1336
1337static void reject_updates_to_hidden(struct command *commands)
1338{
1339 struct strbuf refname_full = STRBUF_INIT;
1340 size_t prefix_len;
1341 struct command *cmd;
1342
1343 strbuf_addstr(&refname_full, get_git_namespace());
1344 prefix_len = refname_full.len;
1345
1346 for (cmd = commands; cmd; cmd = cmd->next) {
1347 if (cmd->error_string)
1348 continue;
1349
1350 strbuf_setlen(&refname_full, prefix_len);
1351 strbuf_addstr(&refname_full, cmd->ref_name);
1352
1353 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1354 continue;
1355 if (is_null_oid(&cmd->new_oid))
1356 cmd->error_string = "deny deleting a hidden ref";
1357 else
1358 cmd->error_string = "deny updating a hidden ref";
1359 }
1360
1361 strbuf_release(&refname_full);
1362}
1363
1364static int should_process_cmd(struct command *cmd)
1365{
1366 return !cmd->error_string && !cmd->skip_update;
1367}
1368
1369static void warn_if_skipped_connectivity_check(struct command *commands,
1370 struct shallow_info *si)
1371{
1372 struct command *cmd;
1373 int checked_connectivity = 1;
1374
1375 for (cmd = commands; cmd; cmd = cmd->next) {
1376 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1377 error("BUG: connectivity check has not been run on ref %s",
1378 cmd->ref_name);
1379 checked_connectivity = 0;
1380 }
1381 }
1382 if (!checked_connectivity)
1383 BUG("connectivity check skipped???");
1384}
1385
1386static void execute_commands_non_atomic(struct command *commands,
1387 struct shallow_info *si)
1388{
1389 struct command *cmd;
1390 struct strbuf err = STRBUF_INIT;
1391
1392 for (cmd = commands; cmd; cmd = cmd->next) {
1393 if (!should_process_cmd(cmd))
1394 continue;
1395
1396 transaction = ref_transaction_begin(&err);
1397 if (!transaction) {
1398 rp_error("%s", err.buf);
1399 strbuf_reset(&err);
1400 cmd->error_string = "transaction failed to start";
1401 continue;
1402 }
1403
1404 cmd->error_string = update(cmd, si);
1405
1406 if (!cmd->error_string
1407 && ref_transaction_commit(transaction, &err)) {
1408 rp_error("%s", err.buf);
1409 strbuf_reset(&err);
1410 cmd->error_string = "failed to update ref";
1411 }
1412 ref_transaction_free(transaction);
1413 }
1414 strbuf_release(&err);
1415}
1416
1417static void execute_commands_atomic(struct command *commands,
1418 struct shallow_info *si)
1419{
1420 struct command *cmd;
1421 struct strbuf err = STRBUF_INIT;
1422 const char *reported_error = "atomic push failure";
1423
1424 transaction = ref_transaction_begin(&err);
1425 if (!transaction) {
1426 rp_error("%s", err.buf);
1427 strbuf_reset(&err);
1428 reported_error = "transaction failed to start";
1429 goto failure;
1430 }
1431
1432 for (cmd = commands; cmd; cmd = cmd->next) {
1433 if (!should_process_cmd(cmd))
1434 continue;
1435
1436 cmd->error_string = update(cmd, si);
1437
1438 if (cmd->error_string)
1439 goto failure;
1440 }
1441
1442 if (ref_transaction_commit(transaction, &err)) {
1443 rp_error("%s", err.buf);
1444 reported_error = "atomic transaction failed";
1445 goto failure;
1446 }
1447 goto cleanup;
1448
1449failure:
1450 for (cmd = commands; cmd; cmd = cmd->next)
1451 if (!cmd->error_string)
1452 cmd->error_string = reported_error;
1453
1454cleanup:
1455 ref_transaction_free(transaction);
1456 strbuf_release(&err);
1457}
1458
1459static void execute_commands(struct command *commands,
1460 const char *unpacker_error,
1461 struct shallow_info *si,
1462 const struct string_list *push_options)
1463{
1464 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1465 struct command *cmd;
1466 struct iterate_data data;
1467 struct async muxer;
1468 int err_fd = 0;
1469
1470 if (unpacker_error) {
1471 for (cmd = commands; cmd; cmd = cmd->next)
1472 cmd->error_string = "unpacker error";
1473 return;
1474 }
1475
1476 if (use_sideband) {
1477 memset(&muxer, 0, sizeof(muxer));
1478 muxer.proc = copy_to_sideband;
1479 muxer.in = -1;
1480 if (!start_async(&muxer))
1481 err_fd = muxer.in;
1482 /* ...else, continue without relaying sideband */
1483 }
1484
1485 data.cmds = commands;
1486 data.si = si;
1487 opt.err_fd = err_fd;
1488 opt.progress = err_fd && !quiet;
1489 opt.env = tmp_objdir_env(tmp_objdir);
1490 if (check_connected(iterate_receive_command_list, &data, &opt))
1491 set_connectivity_errors(commands, si);
1492
1493 if (use_sideband)
1494 finish_async(&muxer);
1495
1496 reject_updates_to_hidden(commands);
1497
1498 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1499 for (cmd = commands; cmd; cmd = cmd->next) {
1500 if (!cmd->error_string)
1501 cmd->error_string = "pre-receive hook declined";
1502 }
1503 return;
1504 }
1505
1506 /*
1507 * Now we'll start writing out refs, which means the objects need
1508 * to be in their final positions so that other processes can see them.
1509 */
1510 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1511 for (cmd = commands; cmd; cmd = cmd->next) {
1512 if (!cmd->error_string)
1513 cmd->error_string = "unable to migrate objects to permanent storage";
1514 }
1515 return;
1516 }
1517 tmp_objdir = NULL;
1518
1519 check_aliased_updates(commands);
1520
1521 free(head_name_to_free);
1522 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1523
1524 if (use_atomic)
1525 execute_commands_atomic(commands, si);
1526 else
1527 execute_commands_non_atomic(commands, si);
1528
1529 if (shallow_update)
1530 warn_if_skipped_connectivity_check(commands, si);
1531}
1532
1533static struct command **queue_command(struct command **tail,
1534 const char *line,
1535 int linelen)
1536{
1537 struct object_id old_oid, new_oid;
1538 struct command *cmd;
1539 const char *refname;
1540 int reflen;
1541 const char *p;
1542
1543 if (parse_oid_hex(line, &old_oid, &p) ||
1544 *p++ != ' ' ||
1545 parse_oid_hex(p, &new_oid, &p) ||
1546 *p++ != ' ')
1547 die("protocol error: expected old/new/ref, got '%s'", line);
1548
1549 refname = p;
1550 reflen = linelen - (p - line);
1551 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1552 oidcpy(&cmd->old_oid, &old_oid);
1553 oidcpy(&cmd->new_oid, &new_oid);
1554 *tail = cmd;
1555 return &cmd->next;
1556}
1557
1558static void queue_commands_from_cert(struct command **tail,
1559 struct strbuf *push_cert)
1560{
1561 const char *boc, *eoc;
1562
1563 if (*tail)
1564 die("protocol error: got both push certificate and unsigned commands");
1565
1566 boc = strstr(push_cert->buf, "\n\n");
1567 if (!boc)
1568 die("malformed push certificate %.*s", 100, push_cert->buf);
1569 else
1570 boc += 2;
1571 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1572
1573 while (boc < eoc) {
1574 const char *eol = memchr(boc, '\n', eoc - boc);
1575 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1576 boc = eol ? eol + 1 : eoc;
1577 }
1578}
1579
1580static struct command *read_head_info(struct oid_array *shallow)
1581{
1582 struct command *commands = NULL;
1583 struct command **p = &commands;
1584 for (;;) {
1585 char *line;
1586 int len, linelen;
1587
1588 line = packet_read_line(0, &len);
1589 if (!line)
1590 break;
1591
1592 if (len > 8 && starts_with(line, "shallow ")) {
1593 struct object_id oid;
1594 if (get_oid_hex(line + 8, &oid))
1595 die("protocol error: expected shallow sha, got '%s'",
1596 line + 8);
1597 oid_array_append(shallow, &oid);
1598 continue;
1599 }
1600
1601 linelen = strlen(line);
1602 if (linelen < len) {
1603 const char *feature_list = line + linelen + 1;
1604 if (parse_feature_request(feature_list, "report-status"))
1605 report_status = 1;
1606 if (parse_feature_request(feature_list, "side-band-64k"))
1607 use_sideband = LARGE_PACKET_MAX;
1608 if (parse_feature_request(feature_list, "quiet"))
1609 quiet = 1;
1610 if (advertise_atomic_push
1611 && parse_feature_request(feature_list, "atomic"))
1612 use_atomic = 1;
1613 if (advertise_push_options
1614 && parse_feature_request(feature_list, "push-options"))
1615 use_push_options = 1;
1616 }
1617
1618 if (!strcmp(line, "push-cert")) {
1619 int true_flush = 0;
1620 char certbuf[1024];
1621
1622 for (;;) {
1623 len = packet_read(0, NULL, NULL,
1624 certbuf, sizeof(certbuf), 0);
1625 if (!len) {
1626 true_flush = 1;
1627 break;
1628 }
1629 if (!strcmp(certbuf, "push-cert-end\n"))
1630 break; /* end of cert */
1631 strbuf_addstr(&push_cert, certbuf);
1632 }
1633
1634 if (true_flush)
1635 break;
1636 continue;
1637 }
1638
1639 p = queue_command(p, line, linelen);
1640 }
1641
1642 if (push_cert.len)
1643 queue_commands_from_cert(p, &push_cert);
1644
1645 return commands;
1646}
1647
1648static void read_push_options(struct string_list *options)
1649{
1650 while (1) {
1651 char *line;
1652 int len;
1653
1654 line = packet_read_line(0, &len);
1655
1656 if (!line)
1657 break;
1658
1659 string_list_append(options, line);
1660 }
1661}
1662
1663static const char *parse_pack_header(struct pack_header *hdr)
1664{
1665 switch (read_pack_header(0, hdr)) {
1666 case PH_ERROR_EOF:
1667 return "eof before pack header was fully read";
1668
1669 case PH_ERROR_PACK_SIGNATURE:
1670 return "protocol error (pack signature mismatch detected)";
1671
1672 case PH_ERROR_PROTOCOL:
1673 return "protocol error (pack version unsupported)";
1674
1675 default:
1676 return "unknown error in parse_pack_header";
1677
1678 case 0:
1679 return NULL;
1680 }
1681}
1682
1683static const char *pack_lockfile;
1684
1685static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1686{
1687 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1688 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1689}
1690
1691static const char *unpack(int err_fd, struct shallow_info *si)
1692{
1693 struct pack_header hdr;
1694 const char *hdr_err;
1695 int status;
1696 struct child_process child = CHILD_PROCESS_INIT;
1697 int fsck_objects = (receive_fsck_objects >= 0
1698 ? receive_fsck_objects
1699 : transfer_fsck_objects >= 0
1700 ? transfer_fsck_objects
1701 : 0);
1702
1703 hdr_err = parse_pack_header(&hdr);
1704 if (hdr_err) {
1705 if (err_fd > 0)
1706 close(err_fd);
1707 return hdr_err;
1708 }
1709
1710 if (si->nr_ours || si->nr_theirs) {
1711 alt_shallow_file = setup_temporary_shallow(si->shallow);
1712 argv_array_push(&child.args, "--shallow-file");
1713 argv_array_push(&child.args, alt_shallow_file);
1714 }
1715
1716 tmp_objdir = tmp_objdir_create();
1717 if (!tmp_objdir) {
1718 if (err_fd > 0)
1719 close(err_fd);
1720 return "unable to create temporary object directory";
1721 }
1722 child.env = tmp_objdir_env(tmp_objdir);
1723
1724 /*
1725 * Normally we just pass the tmp_objdir environment to the child
1726 * processes that do the heavy lifting, but we may need to see these
1727 * objects ourselves to set up shallow information.
1728 */
1729 tmp_objdir_add_as_alternate(tmp_objdir);
1730
1731 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1732 argv_array_push(&child.args, "unpack-objects");
1733 push_header_arg(&child.args, &hdr);
1734 if (quiet)
1735 argv_array_push(&child.args, "-q");
1736 if (fsck_objects)
1737 argv_array_pushf(&child.args, "--strict%s",
1738 fsck_msg_types.buf);
1739 if (max_input_size)
1740 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1741 (uintmax_t)max_input_size);
1742 child.no_stdout = 1;
1743 child.err = err_fd;
1744 child.git_cmd = 1;
1745 status = run_command(&child);
1746 if (status)
1747 return "unpack-objects abnormal exit";
1748 } else {
1749 char hostname[HOST_NAME_MAX + 1];
1750
1751 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1752 push_header_arg(&child.args, &hdr);
1753
1754 if (xgethostname(hostname, sizeof(hostname)))
1755 xsnprintf(hostname, sizeof(hostname), "localhost");
1756 argv_array_pushf(&child.args,
1757 "--keep=receive-pack %"PRIuMAX" on %s",
1758 (uintmax_t)getpid(),
1759 hostname);
1760
1761 if (!quiet && err_fd)
1762 argv_array_push(&child.args, "--show-resolving-progress");
1763 if (use_sideband)
1764 argv_array_push(&child.args, "--report-end-of-input");
1765 if (fsck_objects)
1766 argv_array_pushf(&child.args, "--strict%s",
1767 fsck_msg_types.buf);
1768 if (!reject_thin)
1769 argv_array_push(&child.args, "--fix-thin");
1770 if (max_input_size)
1771 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1772 (uintmax_t)max_input_size);
1773 child.out = -1;
1774 child.err = err_fd;
1775 child.git_cmd = 1;
1776 status = start_command(&child);
1777 if (status)
1778 return "index-pack fork failed";
1779 pack_lockfile = index_pack_lockfile(child.out);
1780 close(child.out);
1781 status = finish_command(&child);
1782 if (status)
1783 return "index-pack abnormal exit";
1784 reprepare_packed_git(the_repository);
1785 }
1786 return NULL;
1787}
1788
1789static const char *unpack_with_sideband(struct shallow_info *si)
1790{
1791 struct async muxer;
1792 const char *ret;
1793
1794 if (!use_sideband)
1795 return unpack(0, si);
1796
1797 use_keepalive = KEEPALIVE_AFTER_NUL;
1798 memset(&muxer, 0, sizeof(muxer));
1799 muxer.proc = copy_to_sideband;
1800 muxer.in = -1;
1801 if (start_async(&muxer))
1802 return NULL;
1803
1804 ret = unpack(muxer.in, si);
1805
1806 finish_async(&muxer);
1807 return ret;
1808}
1809
1810static void prepare_shallow_update(struct command *commands,
1811 struct shallow_info *si)
1812{
1813 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1814
1815 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1816 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1817
1818 si->need_reachability_test =
1819 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1820 si->reachable =
1821 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1822 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1823
1824 for (i = 0; i < si->nr_ours; i++)
1825 si->need_reachability_test[si->ours[i]] = 1;
1826
1827 for (i = 0; i < si->shallow->nr; i++) {
1828 if (!si->used_shallow[i])
1829 continue;
1830 for (j = 0; j < bitmap_size; j++) {
1831 if (!si->used_shallow[i][j])
1832 continue;
1833 si->need_reachability_test[i]++;
1834 for (k = 0; k < 32; k++)
1835 if (si->used_shallow[i][j] & (1U << k))
1836 si->shallow_ref[j * 32 + k]++;
1837 }
1838
1839 /*
1840 * true for those associated with some refs and belong
1841 * in "ours" list aka "step 7 not done yet"
1842 */
1843 si->need_reachability_test[i] =
1844 si->need_reachability_test[i] > 1;
1845 }
1846
1847 /*
1848 * keep hooks happy by forcing a temporary shallow file via
1849 * env variable because we can't add --shallow-file to every
1850 * command. check_everything_connected() will be done with
1851 * true .git/shallow though.
1852 */
1853 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1854}
1855
1856static void update_shallow_info(struct command *commands,
1857 struct shallow_info *si,
1858 struct oid_array *ref)
1859{
1860 struct command *cmd;
1861 int *ref_status;
1862 remove_nonexistent_theirs_shallow(si);
1863 if (!si->nr_ours && !si->nr_theirs) {
1864 shallow_update = 0;
1865 return;
1866 }
1867
1868 for (cmd = commands; cmd; cmd = cmd->next) {
1869 if (is_null_oid(&cmd->new_oid))
1870 continue;
1871 oid_array_append(ref, &cmd->new_oid);
1872 cmd->index = ref->nr - 1;
1873 }
1874 si->ref = ref;
1875
1876 if (shallow_update) {
1877 prepare_shallow_update(commands, si);
1878 return;
1879 }
1880
1881 ALLOC_ARRAY(ref_status, ref->nr);
1882 assign_shallow_commits_to_refs(si, NULL, ref_status);
1883 for (cmd = commands; cmd; cmd = cmd->next) {
1884 if (is_null_oid(&cmd->new_oid))
1885 continue;
1886 if (ref_status[cmd->index]) {
1887 cmd->error_string = "shallow update not allowed";
1888 cmd->skip_update = 1;
1889 }
1890 }
1891 free(ref_status);
1892}
1893
1894static void report(struct command *commands, const char *unpack_status)
1895{
1896 struct command *cmd;
1897 struct strbuf buf = STRBUF_INIT;
1898
1899 packet_buf_write(&buf, "unpack %s\n",
1900 unpack_status ? unpack_status : "ok");
1901 for (cmd = commands; cmd; cmd = cmd->next) {
1902 if (!cmd->error_string)
1903 packet_buf_write(&buf, "ok %s\n",
1904 cmd->ref_name);
1905 else
1906 packet_buf_write(&buf, "ng %s %s\n",
1907 cmd->ref_name, cmd->error_string);
1908 }
1909 packet_buf_flush(&buf);
1910
1911 if (use_sideband)
1912 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1913 else
1914 write_or_die(1, buf.buf, buf.len);
1915 strbuf_release(&buf);
1916}
1917
1918static int delete_only(struct command *commands)
1919{
1920 struct command *cmd;
1921 for (cmd = commands; cmd; cmd = cmd->next) {
1922 if (!is_null_oid(&cmd->new_oid))
1923 return 0;
1924 }
1925 return 1;
1926}
1927
1928int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1929{
1930 int advertise_refs = 0;
1931 struct command *commands;
1932 struct oid_array shallow = OID_ARRAY_INIT;
1933 struct oid_array ref = OID_ARRAY_INIT;
1934 struct shallow_info si;
1935
1936 struct option options[] = {
1937 OPT__QUIET(&quiet, N_("quiet")),
1938 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1939 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1940 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1941 OPT_END()
1942 };
1943
1944 packet_trace_identity("receive-pack");
1945
1946 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1947
1948 if (argc > 1)
1949 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1950 if (argc == 0)
1951 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1952
1953 service_dir = argv[0];
1954
1955 setup_path();
1956
1957 if (!enter_repo(service_dir, 0))
1958 die("'%s' does not appear to be a git repository", service_dir);
1959
1960 git_config(receive_pack_config, NULL);
1961 if (cert_nonce_seed)
1962 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1963
1964 if (0 <= transfer_unpack_limit)
1965 unpack_limit = transfer_unpack_limit;
1966 else if (0 <= receive_unpack_limit)
1967 unpack_limit = receive_unpack_limit;
1968
1969 switch (determine_protocol_version_server()) {
1970 case protocol_v2:
1971 /*
1972 * push support for protocol v2 has not been implemented yet,
1973 * so ignore the request to use v2 and fallback to using v0.
1974 */
1975 break;
1976 case protocol_v1:
1977 /*
1978 * v1 is just the original protocol with a version string,
1979 * so just fall through after writing the version string.
1980 */
1981 if (advertise_refs || !stateless_rpc)
1982 packet_write_fmt(1, "version 1\n");
1983
1984 /* fallthrough */
1985 case protocol_v0:
1986 break;
1987 case protocol_unknown_version:
1988 BUG("unknown protocol version");
1989 }
1990
1991 if (advertise_refs || !stateless_rpc) {
1992 write_head_info();
1993 }
1994 if (advertise_refs)
1995 return 0;
1996
1997 if ((commands = read_head_info(&shallow)) != NULL) {
1998 const char *unpack_status = NULL;
1999 struct string_list push_options = STRING_LIST_INIT_DUP;
2000
2001 if (use_push_options)
2002 read_push_options(&push_options);
2003 if (!check_cert_push_options(&push_options)) {
2004 struct command *cmd;
2005 for (cmd = commands; cmd; cmd = cmd->next)
2006 cmd->error_string = "inconsistent push options";
2007 }
2008
2009 prepare_shallow_info(&si, &shallow);
2010 if (!si.nr_ours && !si.nr_theirs)
2011 shallow_update = 0;
2012 if (!delete_only(commands)) {
2013 unpack_status = unpack_with_sideband(&si);
2014 update_shallow_info(commands, &si, &ref);
2015 }
2016 use_keepalive = KEEPALIVE_ALWAYS;
2017 execute_commands(commands, unpack_status, &si,
2018 &push_options);
2019 if (pack_lockfile)
2020 unlink_or_warn(pack_lockfile);
2021 if (report_status)
2022 report(commands, unpack_status);
2023 run_receive_hook(commands, "post-receive", 1,
2024 &push_options);
2025 run_update_post_hook(commands);
2026 string_list_clear(&push_options, 0);
2027 if (auto_gc) {
2028 const char *argv_gc_auto[] = {
2029 "gc", "--auto", "--quiet", NULL,
2030 };
2031 struct child_process proc = CHILD_PROCESS_INIT;
2032
2033 proc.no_stdin = 1;
2034 proc.stdout_to_stderr = 1;
2035 proc.err = use_sideband ? -1 : 0;
2036 proc.git_cmd = 1;
2037 proc.argv = argv_gc_auto;
2038
2039 close_all_packs(the_repository->objects);
2040 if (!start_command(&proc)) {
2041 if (use_sideband)
2042 copy_to_sideband(proc.err, -1, NULL);
2043 finish_command(&proc);
2044 }
2045 }
2046 if (auto_update_server_info)
2047 update_server_info(0);
2048 clear_shallow_info(&si);
2049 }
2050 if (use_sideband)
2051 packet_flush(1);
2052 oid_array_clear(&shallow);
2053 oid_array_clear(&ref);
2054 free((void *)push_cert_nonce);
2055 return 0;
2056}