builtin / receive-pack.con commit upload-pack: optionally allow fetching reachable sha1 (68ee628)
   1#include "builtin.h"
   2#include "lockfile.h"
   3#include "pack.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "exec_cmd.h"
   9#include "commit.h"
  10#include "object.h"
  11#include "remote.h"
  12#include "connect.h"
  13#include "transport.h"
  14#include "string-list.h"
  15#include "sha1-array.h"
  16#include "connected.h"
  17#include "argv-array.h"
  18#include "version.h"
  19#include "tag.h"
  20#include "gpg-interface.h"
  21#include "sigchain.h"
  22
  23static const char receive_pack_usage[] = "git receive-pack <git-dir>";
  24
  25enum deny_action {
  26        DENY_UNCONFIGURED,
  27        DENY_IGNORE,
  28        DENY_WARN,
  29        DENY_REFUSE,
  30        DENY_UPDATE_INSTEAD
  31};
  32
  33static int deny_deletes;
  34static int deny_non_fast_forwards;
  35static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  36static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  37static int receive_fsck_objects = -1;
  38static int transfer_fsck_objects = -1;
  39static int receive_unpack_limit = -1;
  40static int transfer_unpack_limit = -1;
  41static int advertise_atomic_push = 1;
  42static int unpack_limit = 100;
  43static int report_status;
  44static int use_sideband;
  45static int use_atomic;
  46static int quiet;
  47static int prefer_ofs_delta = 1;
  48static int auto_update_server_info;
  49static int auto_gc = 1;
  50static int fix_thin = 1;
  51static int stateless_rpc;
  52static const char *service_dir;
  53static const char *head_name;
  54static void *head_name_to_free;
  55static int sent_capabilities;
  56static int shallow_update;
  57static const char *alt_shallow_file;
  58static struct strbuf push_cert = STRBUF_INIT;
  59static unsigned char push_cert_sha1[20];
  60static struct signature_check sigcheck;
  61static const char *push_cert_nonce;
  62static const char *cert_nonce_seed;
  63
  64static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  65static const char *NONCE_BAD = "BAD";
  66static const char *NONCE_MISSING = "MISSING";
  67static const char *NONCE_OK = "OK";
  68static const char *NONCE_SLOP = "SLOP";
  69static const char *nonce_status;
  70static long nonce_stamp_slop;
  71static unsigned long nonce_stamp_slop_limit;
  72static struct ref_transaction *transaction;
  73
  74static enum deny_action parse_deny_action(const char *var, const char *value)
  75{
  76        if (value) {
  77                if (!strcasecmp(value, "ignore"))
  78                        return DENY_IGNORE;
  79                if (!strcasecmp(value, "warn"))
  80                        return DENY_WARN;
  81                if (!strcasecmp(value, "refuse"))
  82                        return DENY_REFUSE;
  83                if (!strcasecmp(value, "updateinstead"))
  84                        return DENY_UPDATE_INSTEAD;
  85        }
  86        if (git_config_bool(var, value))
  87                return DENY_REFUSE;
  88        return DENY_IGNORE;
  89}
  90
  91static int receive_pack_config(const char *var, const char *value, void *cb)
  92{
  93        int status = parse_hide_refs_config(var, value, "receive");
  94
  95        if (status)
  96                return status;
  97
  98        if (strcmp(var, "receive.denydeletes") == 0) {
  99                deny_deletes = git_config_bool(var, value);
 100                return 0;
 101        }
 102
 103        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 104                deny_non_fast_forwards = git_config_bool(var, value);
 105                return 0;
 106        }
 107
 108        if (strcmp(var, "receive.unpacklimit") == 0) {
 109                receive_unpack_limit = git_config_int(var, value);
 110                return 0;
 111        }
 112
 113        if (strcmp(var, "transfer.unpacklimit") == 0) {
 114                transfer_unpack_limit = git_config_int(var, value);
 115                return 0;
 116        }
 117
 118        if (strcmp(var, "receive.fsckobjects") == 0) {
 119                receive_fsck_objects = git_config_bool(var, value);
 120                return 0;
 121        }
 122
 123        if (strcmp(var, "transfer.fsckobjects") == 0) {
 124                transfer_fsck_objects = git_config_bool(var, value);
 125                return 0;
 126        }
 127
 128        if (!strcmp(var, "receive.denycurrentbranch")) {
 129                deny_current_branch = parse_deny_action(var, value);
 130                return 0;
 131        }
 132
 133        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 134                deny_delete_current = parse_deny_action(var, value);
 135                return 0;
 136        }
 137
 138        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 139                prefer_ofs_delta = git_config_bool(var, value);
 140                return 0;
 141        }
 142
 143        if (strcmp(var, "receive.updateserverinfo") == 0) {
 144                auto_update_server_info = git_config_bool(var, value);
 145                return 0;
 146        }
 147
 148        if (strcmp(var, "receive.autogc") == 0) {
 149                auto_gc = git_config_bool(var, value);
 150                return 0;
 151        }
 152
 153        if (strcmp(var, "receive.shallowupdate") == 0) {
 154                shallow_update = git_config_bool(var, value);
 155                return 0;
 156        }
 157
 158        if (strcmp(var, "receive.certnonceseed") == 0)
 159                return git_config_string(&cert_nonce_seed, var, value);
 160
 161        if (strcmp(var, "receive.certnonceslop") == 0) {
 162                nonce_stamp_slop_limit = git_config_ulong(var, value);
 163                return 0;
 164        }
 165
 166        if (strcmp(var, "receive.advertiseatomic") == 0) {
 167                advertise_atomic_push = git_config_bool(var, value);
 168                return 0;
 169        }
 170
 171        return git_default_config(var, value, cb);
 172}
 173
 174static void show_ref(const char *path, const unsigned char *sha1)
 175{
 176        if (ref_is_hidden(path))
 177                return;
 178
 179        if (sent_capabilities) {
 180                packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
 181        } else {
 182                struct strbuf cap = STRBUF_INIT;
 183
 184                strbuf_addstr(&cap,
 185                              "report-status delete-refs side-band-64k quiet");
 186                if (advertise_atomic_push)
 187                        strbuf_addstr(&cap, " atomic");
 188                if (prefer_ofs_delta)
 189                        strbuf_addstr(&cap, " ofs-delta");
 190                if (push_cert_nonce)
 191                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 192                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 193                packet_write(1, "%s %s%c%s\n",
 194                             sha1_to_hex(sha1), path, 0, cap.buf);
 195                strbuf_release(&cap);
 196                sent_capabilities = 1;
 197        }
 198}
 199
 200static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
 201{
 202        path = strip_namespace(path);
 203        /*
 204         * Advertise refs outside our current namespace as ".have"
 205         * refs, so that the client can use them to minimize data
 206         * transfer but will otherwise ignore them. This happens to
 207         * cover ".have" that are thrown in by add_one_alternate_ref()
 208         * to mark histories that are complete in our alternates as
 209         * well.
 210         */
 211        if (!path)
 212                path = ".have";
 213        show_ref(path, sha1);
 214        return 0;
 215}
 216
 217static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
 218{
 219        show_ref(".have", sha1);
 220}
 221
 222static void collect_one_alternate_ref(const struct ref *ref, void *data)
 223{
 224        struct sha1_array *sa = data;
 225        sha1_array_append(sa, ref->old_sha1);
 226}
 227
 228static void write_head_info(void)
 229{
 230        struct sha1_array sa = SHA1_ARRAY_INIT;
 231        for_each_alternate_ref(collect_one_alternate_ref, &sa);
 232        sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
 233        sha1_array_clear(&sa);
 234        for_each_ref(show_ref_cb, NULL);
 235        if (!sent_capabilities)
 236                show_ref("capabilities^{}", null_sha1);
 237
 238        advertise_shallow_grafts(1);
 239
 240        /* EOF */
 241        packet_flush(1);
 242}
 243
 244struct command {
 245        struct command *next;
 246        const char *error_string;
 247        unsigned int skip_update:1,
 248                     did_not_exist:1;
 249        int index;
 250        unsigned char old_sha1[20];
 251        unsigned char new_sha1[20];
 252        char ref_name[FLEX_ARRAY]; /* more */
 253};
 254
 255static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 256static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 257
 258static void report_message(const char *prefix, const char *err, va_list params)
 259{
 260        int sz = strlen(prefix);
 261        char msg[4096];
 262
 263        strncpy(msg, prefix, sz);
 264        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 265        if (sz > (sizeof(msg) - 1))
 266                sz = sizeof(msg) - 1;
 267        msg[sz++] = '\n';
 268
 269        if (use_sideband)
 270                send_sideband(1, 2, msg, sz, use_sideband);
 271        else
 272                xwrite(2, msg, sz);
 273}
 274
 275static void rp_warning(const char *err, ...)
 276{
 277        va_list params;
 278        va_start(params, err);
 279        report_message("warning: ", err, params);
 280        va_end(params);
 281}
 282
 283static void rp_error(const char *err, ...)
 284{
 285        va_list params;
 286        va_start(params, err);
 287        report_message("error: ", err, params);
 288        va_end(params);
 289}
 290
 291static int copy_to_sideband(int in, int out, void *arg)
 292{
 293        char data[128];
 294        while (1) {
 295                ssize_t sz = xread(in, data, sizeof(data));
 296                if (sz <= 0)
 297                        break;
 298                send_sideband(1, 2, data, sz, use_sideband);
 299        }
 300        close(in);
 301        return 0;
 302}
 303
 304#define HMAC_BLOCK_SIZE 64
 305
 306static void hmac_sha1(unsigned char *out,
 307                      const char *key_in, size_t key_len,
 308                      const char *text, size_t text_len)
 309{
 310        unsigned char key[HMAC_BLOCK_SIZE];
 311        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 312        unsigned char k_opad[HMAC_BLOCK_SIZE];
 313        int i;
 314        git_SHA_CTX ctx;
 315
 316        /* RFC 2104 2. (1) */
 317        memset(key, '\0', HMAC_BLOCK_SIZE);
 318        if (HMAC_BLOCK_SIZE < key_len) {
 319                git_SHA1_Init(&ctx);
 320                git_SHA1_Update(&ctx, key_in, key_len);
 321                git_SHA1_Final(key, &ctx);
 322        } else {
 323                memcpy(key, key_in, key_len);
 324        }
 325
 326        /* RFC 2104 2. (2) & (5) */
 327        for (i = 0; i < sizeof(key); i++) {
 328                k_ipad[i] = key[i] ^ 0x36;
 329                k_opad[i] = key[i] ^ 0x5c;
 330        }
 331
 332        /* RFC 2104 2. (3) & (4) */
 333        git_SHA1_Init(&ctx);
 334        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 335        git_SHA1_Update(&ctx, text, text_len);
 336        git_SHA1_Final(out, &ctx);
 337
 338        /* RFC 2104 2. (6) & (7) */
 339        git_SHA1_Init(&ctx);
 340        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 341        git_SHA1_Update(&ctx, out, 20);
 342        git_SHA1_Final(out, &ctx);
 343}
 344
 345static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
 346{
 347        struct strbuf buf = STRBUF_INIT;
 348        unsigned char sha1[20];
 349
 350        strbuf_addf(&buf, "%s:%lu", path, stamp);
 351        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 352        strbuf_release(&buf);
 353
 354        /* RFC 2104 5. HMAC-SHA1-80 */
 355        strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
 356        return strbuf_detach(&buf, NULL);
 357}
 358
 359/*
 360 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 361 * after dropping "_commit" from its name and possibly moving it out
 362 * of commit.c
 363 */
 364static char *find_header(const char *msg, size_t len, const char *key)
 365{
 366        int key_len = strlen(key);
 367        const char *line = msg;
 368
 369        while (line && line < msg + len) {
 370                const char *eol = strchrnul(line, '\n');
 371
 372                if ((msg + len <= eol) || line == eol)
 373                        return NULL;
 374                if (line + key_len < eol &&
 375                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 376                        int offset = key_len + 1;
 377                        return xmemdupz(line + offset, (eol - line) - offset);
 378                }
 379                line = *eol ? eol + 1 : NULL;
 380        }
 381        return NULL;
 382}
 383
 384static const char *check_nonce(const char *buf, size_t len)
 385{
 386        char *nonce = find_header(buf, len, "nonce");
 387        unsigned long stamp, ostamp;
 388        char *bohmac, *expect = NULL;
 389        const char *retval = NONCE_BAD;
 390
 391        if (!nonce) {
 392                retval = NONCE_MISSING;
 393                goto leave;
 394        } else if (!push_cert_nonce) {
 395                retval = NONCE_UNSOLICITED;
 396                goto leave;
 397        } else if (!strcmp(push_cert_nonce, nonce)) {
 398                retval = NONCE_OK;
 399                goto leave;
 400        }
 401
 402        if (!stateless_rpc) {
 403                /* returned nonce MUST match what we gave out earlier */
 404                retval = NONCE_BAD;
 405                goto leave;
 406        }
 407
 408        /*
 409         * In stateless mode, we may be receiving a nonce issued by
 410         * another instance of the server that serving the same
 411         * repository, and the timestamps may not match, but the
 412         * nonce-seed and dir should match, so we can recompute and
 413         * report the time slop.
 414         *
 415         * In addition, when a nonce issued by another instance has
 416         * timestamp within receive.certnonceslop seconds, we pretend
 417         * as if we issued that nonce when reporting to the hook.
 418         */
 419
 420        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 421        if (*nonce <= '0' || '9' < *nonce) {
 422                retval = NONCE_BAD;
 423                goto leave;
 424        }
 425        stamp = strtoul(nonce, &bohmac, 10);
 426        if (bohmac == nonce || bohmac[0] != '-') {
 427                retval = NONCE_BAD;
 428                goto leave;
 429        }
 430
 431        expect = prepare_push_cert_nonce(service_dir, stamp);
 432        if (strcmp(expect, nonce)) {
 433                /* Not what we would have signed earlier */
 434                retval = NONCE_BAD;
 435                goto leave;
 436        }
 437
 438        /*
 439         * By how many seconds is this nonce stale?  Negative value
 440         * would mean it was issued by another server with its clock
 441         * skewed in the future.
 442         */
 443        ostamp = strtoul(push_cert_nonce, NULL, 10);
 444        nonce_stamp_slop = (long)ostamp - (long)stamp;
 445
 446        if (nonce_stamp_slop_limit &&
 447            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 448                /*
 449                 * Pretend as if the received nonce (which passes the
 450                 * HMAC check, so it is not a forged by third-party)
 451                 * is what we issued.
 452                 */
 453                free((void *)push_cert_nonce);
 454                push_cert_nonce = xstrdup(nonce);
 455                retval = NONCE_OK;
 456        } else {
 457                retval = NONCE_SLOP;
 458        }
 459
 460leave:
 461        free(nonce);
 462        free(expect);
 463        return retval;
 464}
 465
 466static void prepare_push_cert_sha1(struct child_process *proc)
 467{
 468        static int already_done;
 469
 470        if (!push_cert.len)
 471                return;
 472
 473        if (!already_done) {
 474                struct strbuf gpg_output = STRBUF_INIT;
 475                struct strbuf gpg_status = STRBUF_INIT;
 476                int bogs /* beginning_of_gpg_sig */;
 477
 478                already_done = 1;
 479                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 480                        hashclr(push_cert_sha1);
 481
 482                memset(&sigcheck, '\0', sizeof(sigcheck));
 483                sigcheck.result = 'N';
 484
 485                bogs = parse_signature(push_cert.buf, push_cert.len);
 486                if (verify_signed_buffer(push_cert.buf, bogs,
 487                                         push_cert.buf + bogs, push_cert.len - bogs,
 488                                         &gpg_output, &gpg_status) < 0) {
 489                        ; /* error running gpg */
 490                } else {
 491                        sigcheck.payload = push_cert.buf;
 492                        sigcheck.gpg_output = gpg_output.buf;
 493                        sigcheck.gpg_status = gpg_status.buf;
 494                        parse_gpg_output(&sigcheck);
 495                }
 496
 497                strbuf_release(&gpg_output);
 498                strbuf_release(&gpg_status);
 499                nonce_status = check_nonce(push_cert.buf, bogs);
 500        }
 501        if (!is_null_sha1(push_cert_sha1)) {
 502                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 503                                 sha1_to_hex(push_cert_sha1));
 504                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 505                                 sigcheck.signer ? sigcheck.signer : "");
 506                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 507                                 sigcheck.key ? sigcheck.key : "");
 508                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 509                                 sigcheck.result);
 510                if (push_cert_nonce) {
 511                        argv_array_pushf(&proc->env_array,
 512                                         "GIT_PUSH_CERT_NONCE=%s",
 513                                         push_cert_nonce);
 514                        argv_array_pushf(&proc->env_array,
 515                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 516                                         nonce_status);
 517                        if (nonce_status == NONCE_SLOP)
 518                                argv_array_pushf(&proc->env_array,
 519                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 520                                                 nonce_stamp_slop);
 521                }
 522        }
 523}
 524
 525typedef int (*feed_fn)(void *, const char **, size_t *);
 526static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
 527{
 528        struct child_process proc = CHILD_PROCESS_INIT;
 529        struct async muxer;
 530        const char *argv[2];
 531        int code;
 532
 533        argv[0] = find_hook(hook_name);
 534        if (!argv[0])
 535                return 0;
 536
 537        argv[1] = NULL;
 538
 539        proc.argv = argv;
 540        proc.in = -1;
 541        proc.stdout_to_stderr = 1;
 542
 543        if (use_sideband) {
 544                memset(&muxer, 0, sizeof(muxer));
 545                muxer.proc = copy_to_sideband;
 546                muxer.in = -1;
 547                code = start_async(&muxer);
 548                if (code)
 549                        return code;
 550                proc.err = muxer.in;
 551        }
 552
 553        prepare_push_cert_sha1(&proc);
 554
 555        code = start_command(&proc);
 556        if (code) {
 557                if (use_sideband)
 558                        finish_async(&muxer);
 559                return code;
 560        }
 561
 562        sigchain_push(SIGPIPE, SIG_IGN);
 563
 564        while (1) {
 565                const char *buf;
 566                size_t n;
 567                if (feed(feed_state, &buf, &n))
 568                        break;
 569                if (write_in_full(proc.in, buf, n) != n)
 570                        break;
 571        }
 572        close(proc.in);
 573        if (use_sideband)
 574                finish_async(&muxer);
 575
 576        sigchain_pop(SIGPIPE);
 577
 578        return finish_command(&proc);
 579}
 580
 581struct receive_hook_feed_state {
 582        struct command *cmd;
 583        int skip_broken;
 584        struct strbuf buf;
 585};
 586
 587static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 588{
 589        struct receive_hook_feed_state *state = state_;
 590        struct command *cmd = state->cmd;
 591
 592        while (cmd &&
 593               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 594                cmd = cmd->next;
 595        if (!cmd)
 596                return -1; /* EOF */
 597        strbuf_reset(&state->buf);
 598        strbuf_addf(&state->buf, "%s %s %s\n",
 599                    sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
 600                    cmd->ref_name);
 601        state->cmd = cmd->next;
 602        if (bufp) {
 603                *bufp = state->buf.buf;
 604                *sizep = state->buf.len;
 605        }
 606        return 0;
 607}
 608
 609static int run_receive_hook(struct command *commands, const char *hook_name,
 610                            int skip_broken)
 611{
 612        struct receive_hook_feed_state state;
 613        int status;
 614
 615        strbuf_init(&state.buf, 0);
 616        state.cmd = commands;
 617        state.skip_broken = skip_broken;
 618        if (feed_receive_hook(&state, NULL, NULL))
 619                return 0;
 620        state.cmd = commands;
 621        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 622        strbuf_release(&state.buf);
 623        return status;
 624}
 625
 626static int run_update_hook(struct command *cmd)
 627{
 628        const char *argv[5];
 629        struct child_process proc = CHILD_PROCESS_INIT;
 630        int code;
 631
 632        argv[0] = find_hook("update");
 633        if (!argv[0])
 634                return 0;
 635
 636        argv[1] = cmd->ref_name;
 637        argv[2] = sha1_to_hex(cmd->old_sha1);
 638        argv[3] = sha1_to_hex(cmd->new_sha1);
 639        argv[4] = NULL;
 640
 641        proc.no_stdin = 1;
 642        proc.stdout_to_stderr = 1;
 643        proc.err = use_sideband ? -1 : 0;
 644        proc.argv = argv;
 645
 646        code = start_command(&proc);
 647        if (code)
 648                return code;
 649        if (use_sideband)
 650                copy_to_sideband(proc.err, -1, NULL);
 651        return finish_command(&proc);
 652}
 653
 654static int is_ref_checked_out(const char *ref)
 655{
 656        if (is_bare_repository())
 657                return 0;
 658
 659        if (!head_name)
 660                return 0;
 661        return !strcmp(head_name, ref);
 662}
 663
 664static char *refuse_unconfigured_deny_msg[] = {
 665        "By default, updating the current branch in a non-bare repository",
 666        "is denied, because it will make the index and work tree inconsistent",
 667        "with what you pushed, and will require 'git reset --hard' to match",
 668        "the work tree to HEAD.",
 669        "",
 670        "You can set 'receive.denyCurrentBranch' configuration variable to",
 671        "'ignore' or 'warn' in the remote repository to allow pushing into",
 672        "its current branch; however, this is not recommended unless you",
 673        "arranged to update its work tree to match what you pushed in some",
 674        "other way.",
 675        "",
 676        "To squelch this message and still keep the default behaviour, set",
 677        "'receive.denyCurrentBranch' configuration variable to 'refuse'."
 678};
 679
 680static void refuse_unconfigured_deny(void)
 681{
 682        int i;
 683        for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
 684                rp_error("%s", refuse_unconfigured_deny_msg[i]);
 685}
 686
 687static char *refuse_unconfigured_deny_delete_current_msg[] = {
 688        "By default, deleting the current branch is denied, because the next",
 689        "'git clone' won't result in any file checked out, causing confusion.",
 690        "",
 691        "You can set 'receive.denyDeleteCurrent' configuration variable to",
 692        "'warn' or 'ignore' in the remote repository to allow deleting the",
 693        "current branch, with or without a warning message.",
 694        "",
 695        "To squelch this message, you can set it to 'refuse'."
 696};
 697
 698static void refuse_unconfigured_deny_delete_current(void)
 699{
 700        int i;
 701        for (i = 0;
 702             i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
 703             i++)
 704                rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
 705}
 706
 707static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 708static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 709{
 710        static struct lock_file shallow_lock;
 711        struct sha1_array extra = SHA1_ARRAY_INIT;
 712        const char *alt_file;
 713        uint32_t mask = 1 << (cmd->index % 32);
 714        int i;
 715
 716        trace_printf_key(&trace_shallow,
 717                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 718        for (i = 0; i < si->shallow->nr; i++)
 719                if (si->used_shallow[i] &&
 720                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 721                    !delayed_reachability_test(si, i))
 722                        sha1_array_append(&extra, si->shallow->sha1[i]);
 723
 724        setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
 725        if (check_shallow_connected(command_singleton_iterator,
 726                                    0, cmd, alt_file)) {
 727                rollback_lock_file(&shallow_lock);
 728                sha1_array_clear(&extra);
 729                return -1;
 730        }
 731
 732        commit_lock_file(&shallow_lock);
 733
 734        /*
 735         * Make sure setup_alternate_shallow() for the next ref does
 736         * not lose these new roots..
 737         */
 738        for (i = 0; i < extra.nr; i++)
 739                register_shallow(extra.sha1[i]);
 740
 741        si->shallow_ref[cmd->index] = 0;
 742        sha1_array_clear(&extra);
 743        return 0;
 744}
 745
 746/*
 747 * NEEDSWORK: we should consolidate various implementions of "are we
 748 * on an unborn branch?" test into one, and make the unified one more
 749 * robust. !get_sha1() based check used here and elsewhere would not
 750 * allow us to tell an unborn branch from corrupt ref, for example.
 751 * For the purpose of fixing "deploy-to-update does not work when
 752 * pushing into an empty repository" issue, this should suffice for
 753 * now.
 754 */
 755static int head_has_history(void)
 756{
 757        unsigned char sha1[20];
 758
 759        return !get_sha1("HEAD", sha1);
 760}
 761
 762static const char *push_to_deploy(unsigned char *sha1,
 763                                  struct argv_array *env,
 764                                  const char *work_tree)
 765{
 766        const char *update_refresh[] = {
 767                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 768        };
 769        const char *diff_files[] = {
 770                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 771        };
 772        const char *diff_index[] = {
 773                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 774                NULL, "--", NULL
 775        };
 776        const char *read_tree[] = {
 777                "read-tree", "-u", "-m", NULL, NULL
 778        };
 779        struct child_process child = CHILD_PROCESS_INIT;
 780
 781        child.argv = update_refresh;
 782        child.env = env->argv;
 783        child.dir = work_tree;
 784        child.no_stdin = 1;
 785        child.stdout_to_stderr = 1;
 786        child.git_cmd = 1;
 787        if (run_command(&child))
 788                return "Up-to-date check failed";
 789
 790        /* run_command() does not clean up completely; reinitialize */
 791        child_process_init(&child);
 792        child.argv = diff_files;
 793        child.env = env->argv;
 794        child.dir = work_tree;
 795        child.no_stdin = 1;
 796        child.stdout_to_stderr = 1;
 797        child.git_cmd = 1;
 798        if (run_command(&child))
 799                return "Working directory has unstaged changes";
 800
 801        /* diff-index with either HEAD or an empty tree */
 802        diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
 803
 804        child_process_init(&child);
 805        child.argv = diff_index;
 806        child.env = env->argv;
 807        child.no_stdin = 1;
 808        child.no_stdout = 1;
 809        child.stdout_to_stderr = 0;
 810        child.git_cmd = 1;
 811        if (run_command(&child))
 812                return "Working directory has staged changes";
 813
 814        read_tree[3] = sha1_to_hex(sha1);
 815        child_process_init(&child);
 816        child.argv = read_tree;
 817        child.env = env->argv;
 818        child.dir = work_tree;
 819        child.no_stdin = 1;
 820        child.no_stdout = 1;
 821        child.stdout_to_stderr = 0;
 822        child.git_cmd = 1;
 823        if (run_command(&child))
 824                return "Could not update working tree to new HEAD";
 825
 826        return NULL;
 827}
 828
 829static const char *push_to_checkout_hook = "push-to-checkout";
 830
 831static const char *push_to_checkout(unsigned char *sha1,
 832                                    struct argv_array *env,
 833                                    const char *work_tree)
 834{
 835        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
 836        if (run_hook_le(env->argv, push_to_checkout_hook,
 837                        sha1_to_hex(sha1), NULL))
 838                return "push-to-checkout hook declined";
 839        else
 840                return NULL;
 841}
 842
 843static const char *update_worktree(unsigned char *sha1)
 844{
 845        const char *retval;
 846        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
 847        struct argv_array env = ARGV_ARRAY_INIT;
 848
 849        if (is_bare_repository())
 850                return "denyCurrentBranch = updateInstead needs a worktree";
 851
 852        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
 853
 854        if (!find_hook(push_to_checkout_hook))
 855                retval = push_to_deploy(sha1, &env, work_tree);
 856        else
 857                retval = push_to_checkout(sha1, &env, work_tree);
 858
 859        argv_array_clear(&env);
 860        return retval;
 861}
 862
 863static const char *update(struct command *cmd, struct shallow_info *si)
 864{
 865        const char *name = cmd->ref_name;
 866        struct strbuf namespaced_name_buf = STRBUF_INIT;
 867        const char *namespaced_name, *ret;
 868        unsigned char *old_sha1 = cmd->old_sha1;
 869        unsigned char *new_sha1 = cmd->new_sha1;
 870
 871        /* only refs/... are allowed */
 872        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
 873                rp_error("refusing to create funny ref '%s' remotely", name);
 874                return "funny refname";
 875        }
 876
 877        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
 878        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
 879
 880        if (is_ref_checked_out(namespaced_name)) {
 881                switch (deny_current_branch) {
 882                case DENY_IGNORE:
 883                        break;
 884                case DENY_WARN:
 885                        rp_warning("updating the current branch");
 886                        break;
 887                case DENY_REFUSE:
 888                case DENY_UNCONFIGURED:
 889                        rp_error("refusing to update checked out branch: %s", name);
 890                        if (deny_current_branch == DENY_UNCONFIGURED)
 891                                refuse_unconfigured_deny();
 892                        return "branch is currently checked out";
 893                case DENY_UPDATE_INSTEAD:
 894                        ret = update_worktree(new_sha1);
 895                        if (ret)
 896                                return ret;
 897                        break;
 898                }
 899        }
 900
 901        if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
 902                error("unpack should have generated %s, "
 903                      "but I can't find it!", sha1_to_hex(new_sha1));
 904                return "bad pack";
 905        }
 906
 907        if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
 908                if (deny_deletes && starts_with(name, "refs/heads/")) {
 909                        rp_error("denying ref deletion for %s", name);
 910                        return "deletion prohibited";
 911                }
 912
 913                if (!strcmp(namespaced_name, head_name)) {
 914                        switch (deny_delete_current) {
 915                        case DENY_IGNORE:
 916                                break;
 917                        case DENY_WARN:
 918                                rp_warning("deleting the current branch");
 919                                break;
 920                        case DENY_REFUSE:
 921                        case DENY_UNCONFIGURED:
 922                        case DENY_UPDATE_INSTEAD:
 923                                if (deny_delete_current == DENY_UNCONFIGURED)
 924                                        refuse_unconfigured_deny_delete_current();
 925                                rp_error("refusing to delete the current branch: %s", name);
 926                                return "deletion of the current branch prohibited";
 927                        default:
 928                                return "Invalid denyDeleteCurrent setting";
 929                        }
 930                }
 931        }
 932
 933        if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
 934            !is_null_sha1(old_sha1) &&
 935            starts_with(name, "refs/heads/")) {
 936                struct object *old_object, *new_object;
 937                struct commit *old_commit, *new_commit;
 938
 939                old_object = parse_object(old_sha1);
 940                new_object = parse_object(new_sha1);
 941
 942                if (!old_object || !new_object ||
 943                    old_object->type != OBJ_COMMIT ||
 944                    new_object->type != OBJ_COMMIT) {
 945                        error("bad sha1 objects for %s", name);
 946                        return "bad ref";
 947                }
 948                old_commit = (struct commit *)old_object;
 949                new_commit = (struct commit *)new_object;
 950                if (!in_merge_bases(old_commit, new_commit)) {
 951                        rp_error("denying non-fast-forward %s"
 952                                 " (you should pull first)", name);
 953                        return "non-fast-forward";
 954                }
 955        }
 956        if (run_update_hook(cmd)) {
 957                rp_error("hook declined to update %s", name);
 958                return "hook declined";
 959        }
 960
 961        if (is_null_sha1(new_sha1)) {
 962                struct strbuf err = STRBUF_INIT;
 963                if (!parse_object(old_sha1)) {
 964                        old_sha1 = NULL;
 965                        if (ref_exists(name)) {
 966                                rp_warning("Allowing deletion of corrupt ref.");
 967                        } else {
 968                                rp_warning("Deleting a non-existent ref.");
 969                                cmd->did_not_exist = 1;
 970                        }
 971                }
 972                if (ref_transaction_delete(transaction,
 973                                           namespaced_name,
 974                                           old_sha1,
 975                                           0, "push", &err)) {
 976                        rp_error("%s", err.buf);
 977                        strbuf_release(&err);
 978                        return "failed to delete";
 979                }
 980                strbuf_release(&err);
 981                return NULL; /* good */
 982        }
 983        else {
 984                struct strbuf err = STRBUF_INIT;
 985                if (shallow_update && si->shallow_ref[cmd->index] &&
 986                    update_shallow_ref(cmd, si))
 987                        return "shallow error";
 988
 989                if (ref_transaction_update(transaction,
 990                                           namespaced_name,
 991                                           new_sha1, old_sha1,
 992                                           0, "push",
 993                                           &err)) {
 994                        rp_error("%s", err.buf);
 995                        strbuf_release(&err);
 996
 997                        return "failed to update ref";
 998                }
 999                strbuf_release(&err);
1000
1001                return NULL; /* good */
1002        }
1003}
1004
1005static void run_update_post_hook(struct command *commands)
1006{
1007        struct command *cmd;
1008        int argc;
1009        const char **argv;
1010        struct child_process proc = CHILD_PROCESS_INIT;
1011        char *hook;
1012
1013        hook = find_hook("post-update");
1014        for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1015                if (cmd->error_string || cmd->did_not_exist)
1016                        continue;
1017                argc++;
1018        }
1019        if (!argc || !hook)
1020                return;
1021
1022        argv = xmalloc(sizeof(*argv) * (2 + argc));
1023        argv[0] = hook;
1024
1025        for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1026                if (cmd->error_string || cmd->did_not_exist)
1027                        continue;
1028                argv[argc] = xstrdup(cmd->ref_name);
1029                argc++;
1030        }
1031        argv[argc] = NULL;
1032
1033        proc.no_stdin = 1;
1034        proc.stdout_to_stderr = 1;
1035        proc.err = use_sideband ? -1 : 0;
1036        proc.argv = argv;
1037
1038        if (!start_command(&proc)) {
1039                if (use_sideband)
1040                        copy_to_sideband(proc.err, -1, NULL);
1041                finish_command(&proc);
1042        }
1043}
1044
1045static void check_aliased_update(struct command *cmd, struct string_list *list)
1046{
1047        struct strbuf buf = STRBUF_INIT;
1048        const char *dst_name;
1049        struct string_list_item *item;
1050        struct command *dst_cmd;
1051        unsigned char sha1[20];
1052        char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1053        int flag;
1054
1055        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1056        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1057        strbuf_release(&buf);
1058
1059        if (!(flag & REF_ISSYMREF))
1060                return;
1061
1062        dst_name = strip_namespace(dst_name);
1063        if (!dst_name) {
1064                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1065                cmd->skip_update = 1;
1066                cmd->error_string = "broken symref";
1067                return;
1068        }
1069
1070        if ((item = string_list_lookup(list, dst_name)) == NULL)
1071                return;
1072
1073        cmd->skip_update = 1;
1074
1075        dst_cmd = (struct command *) item->util;
1076
1077        if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1078            !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1079                return;
1080
1081        dst_cmd->skip_update = 1;
1082
1083        strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1084        strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1085        strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1086        strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1087        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1088                 " its target '%s' (%s..%s)",
1089                 cmd->ref_name, cmd_oldh, cmd_newh,
1090                 dst_cmd->ref_name, dst_oldh, dst_newh);
1091
1092        cmd->error_string = dst_cmd->error_string =
1093                "inconsistent aliased update";
1094}
1095
1096static void check_aliased_updates(struct command *commands)
1097{
1098        struct command *cmd;
1099        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1100
1101        for (cmd = commands; cmd; cmd = cmd->next) {
1102                struct string_list_item *item =
1103                        string_list_append(&ref_list, cmd->ref_name);
1104                item->util = (void *)cmd;
1105        }
1106        string_list_sort(&ref_list);
1107
1108        for (cmd = commands; cmd; cmd = cmd->next) {
1109                if (!cmd->error_string)
1110                        check_aliased_update(cmd, &ref_list);
1111        }
1112
1113        string_list_clear(&ref_list, 0);
1114}
1115
1116static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1117{
1118        struct command **cmd_list = cb_data;
1119        struct command *cmd = *cmd_list;
1120
1121        if (!cmd || is_null_sha1(cmd->new_sha1))
1122                return -1; /* end of list */
1123        *cmd_list = NULL; /* this returns only one */
1124        hashcpy(sha1, cmd->new_sha1);
1125        return 0;
1126}
1127
1128static void set_connectivity_errors(struct command *commands,
1129                                    struct shallow_info *si)
1130{
1131        struct command *cmd;
1132
1133        for (cmd = commands; cmd; cmd = cmd->next) {
1134                struct command *singleton = cmd;
1135                if (shallow_update && si->shallow_ref[cmd->index])
1136                        /* to be checked in update_shallow_ref() */
1137                        continue;
1138                if (!check_everything_connected(command_singleton_iterator,
1139                                                0, &singleton))
1140                        continue;
1141                cmd->error_string = "missing necessary objects";
1142        }
1143}
1144
1145struct iterate_data {
1146        struct command *cmds;
1147        struct shallow_info *si;
1148};
1149
1150static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1151{
1152        struct iterate_data *data = cb_data;
1153        struct command **cmd_list = &data->cmds;
1154        struct command *cmd = *cmd_list;
1155
1156        for (; cmd; cmd = cmd->next) {
1157                if (shallow_update && data->si->shallow_ref[cmd->index])
1158                        /* to be checked in update_shallow_ref() */
1159                        continue;
1160                if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1161                        hashcpy(sha1, cmd->new_sha1);
1162                        *cmd_list = cmd->next;
1163                        return 0;
1164                }
1165        }
1166        *cmd_list = NULL;
1167        return -1; /* end of list */
1168}
1169
1170static void reject_updates_to_hidden(struct command *commands)
1171{
1172        struct command *cmd;
1173
1174        for (cmd = commands; cmd; cmd = cmd->next) {
1175                if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1176                        continue;
1177                if (is_null_sha1(cmd->new_sha1))
1178                        cmd->error_string = "deny deleting a hidden ref";
1179                else
1180                        cmd->error_string = "deny updating a hidden ref";
1181        }
1182}
1183
1184static int should_process_cmd(struct command *cmd)
1185{
1186        return !cmd->error_string && !cmd->skip_update;
1187}
1188
1189static void warn_if_skipped_connectivity_check(struct command *commands,
1190                                               struct shallow_info *si)
1191{
1192        struct command *cmd;
1193        int checked_connectivity = 1;
1194
1195        for (cmd = commands; cmd; cmd = cmd->next) {
1196                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1197                        error("BUG: connectivity check has not been run on ref %s",
1198                              cmd->ref_name);
1199                        checked_connectivity = 0;
1200                }
1201        }
1202        if (!checked_connectivity)
1203                die("BUG: connectivity check skipped???");
1204}
1205
1206static void execute_commands_non_atomic(struct command *commands,
1207                                        struct shallow_info *si)
1208{
1209        struct command *cmd;
1210        struct strbuf err = STRBUF_INIT;
1211
1212        for (cmd = commands; cmd; cmd = cmd->next) {
1213                if (!should_process_cmd(cmd))
1214                        continue;
1215
1216                transaction = ref_transaction_begin(&err);
1217                if (!transaction) {
1218                        rp_error("%s", err.buf);
1219                        strbuf_reset(&err);
1220                        cmd->error_string = "transaction failed to start";
1221                        continue;
1222                }
1223
1224                cmd->error_string = update(cmd, si);
1225
1226                if (!cmd->error_string
1227                    && ref_transaction_commit(transaction, &err)) {
1228                        rp_error("%s", err.buf);
1229                        strbuf_reset(&err);
1230                        cmd->error_string = "failed to update ref";
1231                }
1232                ref_transaction_free(transaction);
1233        }
1234        strbuf_release(&err);
1235}
1236
1237static void execute_commands_atomic(struct command *commands,
1238                                        struct shallow_info *si)
1239{
1240        struct command *cmd;
1241        struct strbuf err = STRBUF_INIT;
1242        const char *reported_error = "atomic push failure";
1243
1244        transaction = ref_transaction_begin(&err);
1245        if (!transaction) {
1246                rp_error("%s", err.buf);
1247                strbuf_reset(&err);
1248                reported_error = "transaction failed to start";
1249                goto failure;
1250        }
1251
1252        for (cmd = commands; cmd; cmd = cmd->next) {
1253                if (!should_process_cmd(cmd))
1254                        continue;
1255
1256                cmd->error_string = update(cmd, si);
1257
1258                if (cmd->error_string)
1259                        goto failure;
1260        }
1261
1262        if (ref_transaction_commit(transaction, &err)) {
1263                rp_error("%s", err.buf);
1264                reported_error = "atomic transaction failed";
1265                goto failure;
1266        }
1267        goto cleanup;
1268
1269failure:
1270        for (cmd = commands; cmd; cmd = cmd->next)
1271                if (!cmd->error_string)
1272                        cmd->error_string = reported_error;
1273
1274cleanup:
1275        ref_transaction_free(transaction);
1276        strbuf_release(&err);
1277}
1278
1279static void execute_commands(struct command *commands,
1280                             const char *unpacker_error,
1281                             struct shallow_info *si)
1282{
1283        struct command *cmd;
1284        unsigned char sha1[20];
1285        struct iterate_data data;
1286
1287        if (unpacker_error) {
1288                for (cmd = commands; cmd; cmd = cmd->next)
1289                        cmd->error_string = "unpacker error";
1290                return;
1291        }
1292
1293        data.cmds = commands;
1294        data.si = si;
1295        if (check_everything_connected(iterate_receive_command_list, 0, &data))
1296                set_connectivity_errors(commands, si);
1297
1298        reject_updates_to_hidden(commands);
1299
1300        if (run_receive_hook(commands, "pre-receive", 0)) {
1301                for (cmd = commands; cmd; cmd = cmd->next) {
1302                        if (!cmd->error_string)
1303                                cmd->error_string = "pre-receive hook declined";
1304                }
1305                return;
1306        }
1307
1308        check_aliased_updates(commands);
1309
1310        free(head_name_to_free);
1311        head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1312
1313        if (use_atomic)
1314                execute_commands_atomic(commands, si);
1315        else
1316                execute_commands_non_atomic(commands, si);
1317
1318        if (shallow_update)
1319                warn_if_skipped_connectivity_check(commands, si);
1320}
1321
1322static struct command **queue_command(struct command **tail,
1323                                      const char *line,
1324                                      int linelen)
1325{
1326        unsigned char old_sha1[20], new_sha1[20];
1327        struct command *cmd;
1328        const char *refname;
1329        int reflen;
1330
1331        if (linelen < 83 ||
1332            line[40] != ' ' ||
1333            line[81] != ' ' ||
1334            get_sha1_hex(line, old_sha1) ||
1335            get_sha1_hex(line + 41, new_sha1))
1336                die("protocol error: expected old/new/ref, got '%s'", line);
1337
1338        refname = line + 82;
1339        reflen = linelen - 82;
1340        cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1341        hashcpy(cmd->old_sha1, old_sha1);
1342        hashcpy(cmd->new_sha1, new_sha1);
1343        memcpy(cmd->ref_name, refname, reflen);
1344        cmd->ref_name[reflen] = '\0';
1345        *tail = cmd;
1346        return &cmd->next;
1347}
1348
1349static void queue_commands_from_cert(struct command **tail,
1350                                     struct strbuf *push_cert)
1351{
1352        const char *boc, *eoc;
1353
1354        if (*tail)
1355                die("protocol error: got both push certificate and unsigned commands");
1356
1357        boc = strstr(push_cert->buf, "\n\n");
1358        if (!boc)
1359                die("malformed push certificate %.*s", 100, push_cert->buf);
1360        else
1361                boc += 2;
1362        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1363
1364        while (boc < eoc) {
1365                const char *eol = memchr(boc, '\n', eoc - boc);
1366                tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1367                boc = eol ? eol + 1 : eoc;
1368        }
1369}
1370
1371static struct command *read_head_info(struct sha1_array *shallow)
1372{
1373        struct command *commands = NULL;
1374        struct command **p = &commands;
1375        for (;;) {
1376                char *line;
1377                int len, linelen;
1378
1379                line = packet_read_line(0, &len);
1380                if (!line)
1381                        break;
1382
1383                if (len == 48 && starts_with(line, "shallow ")) {
1384                        unsigned char sha1[20];
1385                        if (get_sha1_hex(line + 8, sha1))
1386                                die("protocol error: expected shallow sha, got '%s'",
1387                                    line + 8);
1388                        sha1_array_append(shallow, sha1);
1389                        continue;
1390                }
1391
1392                linelen = strlen(line);
1393                if (linelen < len) {
1394                        const char *feature_list = line + linelen + 1;
1395                        if (parse_feature_request(feature_list, "report-status"))
1396                                report_status = 1;
1397                        if (parse_feature_request(feature_list, "side-band-64k"))
1398                                use_sideband = LARGE_PACKET_MAX;
1399                        if (parse_feature_request(feature_list, "quiet"))
1400                                quiet = 1;
1401                        if (advertise_atomic_push
1402                            && parse_feature_request(feature_list, "atomic"))
1403                                use_atomic = 1;
1404                }
1405
1406                if (!strcmp(line, "push-cert")) {
1407                        int true_flush = 0;
1408                        char certbuf[1024];
1409
1410                        for (;;) {
1411                                len = packet_read(0, NULL, NULL,
1412                                                  certbuf, sizeof(certbuf), 0);
1413                                if (!len) {
1414                                        true_flush = 1;
1415                                        break;
1416                                }
1417                                if (!strcmp(certbuf, "push-cert-end\n"))
1418                                        break; /* end of cert */
1419                                strbuf_addstr(&push_cert, certbuf);
1420                        }
1421
1422                        if (true_flush)
1423                                break;
1424                        continue;
1425                }
1426
1427                p = queue_command(p, line, linelen);
1428        }
1429
1430        if (push_cert.len)
1431                queue_commands_from_cert(p, &push_cert);
1432
1433        return commands;
1434}
1435
1436static const char *parse_pack_header(struct pack_header *hdr)
1437{
1438        switch (read_pack_header(0, hdr)) {
1439        case PH_ERROR_EOF:
1440                return "eof before pack header was fully read";
1441
1442        case PH_ERROR_PACK_SIGNATURE:
1443                return "protocol error (pack signature mismatch detected)";
1444
1445        case PH_ERROR_PROTOCOL:
1446                return "protocol error (pack version unsupported)";
1447
1448        default:
1449                return "unknown error in parse_pack_header";
1450
1451        case 0:
1452                return NULL;
1453        }
1454}
1455
1456static const char *pack_lockfile;
1457
1458static const char *unpack(int err_fd, struct shallow_info *si)
1459{
1460        struct pack_header hdr;
1461        const char *hdr_err;
1462        int status;
1463        char hdr_arg[38];
1464        struct child_process child = CHILD_PROCESS_INIT;
1465        int fsck_objects = (receive_fsck_objects >= 0
1466                            ? receive_fsck_objects
1467                            : transfer_fsck_objects >= 0
1468                            ? transfer_fsck_objects
1469                            : 0);
1470
1471        hdr_err = parse_pack_header(&hdr);
1472        if (hdr_err) {
1473                if (err_fd > 0)
1474                        close(err_fd);
1475                return hdr_err;
1476        }
1477        snprintf(hdr_arg, sizeof(hdr_arg),
1478                        "--pack_header=%"PRIu32",%"PRIu32,
1479                        ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1480
1481        if (si->nr_ours || si->nr_theirs) {
1482                alt_shallow_file = setup_temporary_shallow(si->shallow);
1483                argv_array_push(&child.args, "--shallow-file");
1484                argv_array_push(&child.args, alt_shallow_file);
1485        }
1486
1487        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1488                argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1489                if (quiet)
1490                        argv_array_push(&child.args, "-q");
1491                if (fsck_objects)
1492                        argv_array_push(&child.args, "--strict");
1493                child.no_stdout = 1;
1494                child.err = err_fd;
1495                child.git_cmd = 1;
1496                status = run_command(&child);
1497                if (status)
1498                        return "unpack-objects abnormal exit";
1499        } else {
1500                int s;
1501                char keep_arg[256];
1502
1503                s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1504                if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1505                        strcpy(keep_arg + s, "localhost");
1506
1507                argv_array_pushl(&child.args, "index-pack",
1508                                 "--stdin", hdr_arg, keep_arg, NULL);
1509                if (fsck_objects)
1510                        argv_array_push(&child.args, "--strict");
1511                if (fix_thin)
1512                        argv_array_push(&child.args, "--fix-thin");
1513                child.out = -1;
1514                child.err = err_fd;
1515                child.git_cmd = 1;
1516                status = start_command(&child);
1517                if (status)
1518                        return "index-pack fork failed";
1519                pack_lockfile = index_pack_lockfile(child.out);
1520                close(child.out);
1521                status = finish_command(&child);
1522                if (status)
1523                        return "index-pack abnormal exit";
1524                reprepare_packed_git();
1525        }
1526        return NULL;
1527}
1528
1529static const char *unpack_with_sideband(struct shallow_info *si)
1530{
1531        struct async muxer;
1532        const char *ret;
1533
1534        if (!use_sideband)
1535                return unpack(0, si);
1536
1537        memset(&muxer, 0, sizeof(muxer));
1538        muxer.proc = copy_to_sideband;
1539        muxer.in = -1;
1540        if (start_async(&muxer))
1541                return NULL;
1542
1543        ret = unpack(muxer.in, si);
1544
1545        finish_async(&muxer);
1546        return ret;
1547}
1548
1549static void prepare_shallow_update(struct command *commands,
1550                                   struct shallow_info *si)
1551{
1552        int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1553
1554        si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1555                                   si->shallow->nr);
1556        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1557
1558        si->need_reachability_test =
1559                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1560        si->reachable =
1561                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1562        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1563
1564        for (i = 0; i < si->nr_ours; i++)
1565                si->need_reachability_test[si->ours[i]] = 1;
1566
1567        for (i = 0; i < si->shallow->nr; i++) {
1568                if (!si->used_shallow[i])
1569                        continue;
1570                for (j = 0; j < bitmap_size; j++) {
1571                        if (!si->used_shallow[i][j])
1572                                continue;
1573                        si->need_reachability_test[i]++;
1574                        for (k = 0; k < 32; k++)
1575                                if (si->used_shallow[i][j] & (1 << k))
1576                                        si->shallow_ref[j * 32 + k]++;
1577                }
1578
1579                /*
1580                 * true for those associated with some refs and belong
1581                 * in "ours" list aka "step 7 not done yet"
1582                 */
1583                si->need_reachability_test[i] =
1584                        si->need_reachability_test[i] > 1;
1585        }
1586
1587        /*
1588         * keep hooks happy by forcing a temporary shallow file via
1589         * env variable because we can't add --shallow-file to every
1590         * command. check_everything_connected() will be done with
1591         * true .git/shallow though.
1592         */
1593        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1594}
1595
1596static void update_shallow_info(struct command *commands,
1597                                struct shallow_info *si,
1598                                struct sha1_array *ref)
1599{
1600        struct command *cmd;
1601        int *ref_status;
1602        remove_nonexistent_theirs_shallow(si);
1603        if (!si->nr_ours && !si->nr_theirs) {
1604                shallow_update = 0;
1605                return;
1606        }
1607
1608        for (cmd = commands; cmd; cmd = cmd->next) {
1609                if (is_null_sha1(cmd->new_sha1))
1610                        continue;
1611                sha1_array_append(ref, cmd->new_sha1);
1612                cmd->index = ref->nr - 1;
1613        }
1614        si->ref = ref;
1615
1616        if (shallow_update) {
1617                prepare_shallow_update(commands, si);
1618                return;
1619        }
1620
1621        ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1622        assign_shallow_commits_to_refs(si, NULL, ref_status);
1623        for (cmd = commands; cmd; cmd = cmd->next) {
1624                if (is_null_sha1(cmd->new_sha1))
1625                        continue;
1626                if (ref_status[cmd->index]) {
1627                        cmd->error_string = "shallow update not allowed";
1628                        cmd->skip_update = 1;
1629                }
1630        }
1631        free(ref_status);
1632}
1633
1634static void report(struct command *commands, const char *unpack_status)
1635{
1636        struct command *cmd;
1637        struct strbuf buf = STRBUF_INIT;
1638
1639        packet_buf_write(&buf, "unpack %s\n",
1640                         unpack_status ? unpack_status : "ok");
1641        for (cmd = commands; cmd; cmd = cmd->next) {
1642                if (!cmd->error_string)
1643                        packet_buf_write(&buf, "ok %s\n",
1644                                         cmd->ref_name);
1645                else
1646                        packet_buf_write(&buf, "ng %s %s\n",
1647                                         cmd->ref_name, cmd->error_string);
1648        }
1649        packet_buf_flush(&buf);
1650
1651        if (use_sideband)
1652                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1653        else
1654                write_or_die(1, buf.buf, buf.len);
1655        strbuf_release(&buf);
1656}
1657
1658static int delete_only(struct command *commands)
1659{
1660        struct command *cmd;
1661        for (cmd = commands; cmd; cmd = cmd->next) {
1662                if (!is_null_sha1(cmd->new_sha1))
1663                        return 0;
1664        }
1665        return 1;
1666}
1667
1668int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1669{
1670        int advertise_refs = 0;
1671        int i;
1672        struct command *commands;
1673        struct sha1_array shallow = SHA1_ARRAY_INIT;
1674        struct sha1_array ref = SHA1_ARRAY_INIT;
1675        struct shallow_info si;
1676
1677        packet_trace_identity("receive-pack");
1678
1679        argv++;
1680        for (i = 1; i < argc; i++) {
1681                const char *arg = *argv++;
1682
1683                if (*arg == '-') {
1684                        if (!strcmp(arg, "--quiet")) {
1685                                quiet = 1;
1686                                continue;
1687                        }
1688
1689                        if (!strcmp(arg, "--advertise-refs")) {
1690                                advertise_refs = 1;
1691                                continue;
1692                        }
1693                        if (!strcmp(arg, "--stateless-rpc")) {
1694                                stateless_rpc = 1;
1695                                continue;
1696                        }
1697                        if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1698                                fix_thin = 0;
1699                                continue;
1700                        }
1701
1702                        usage(receive_pack_usage);
1703                }
1704                if (service_dir)
1705                        usage(receive_pack_usage);
1706                service_dir = arg;
1707        }
1708        if (!service_dir)
1709                usage(receive_pack_usage);
1710
1711        setup_path();
1712
1713        if (!enter_repo(service_dir, 0))
1714                die("'%s' does not appear to be a git repository", service_dir);
1715
1716        git_config(receive_pack_config, NULL);
1717        if (cert_nonce_seed)
1718                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1719
1720        if (0 <= transfer_unpack_limit)
1721                unpack_limit = transfer_unpack_limit;
1722        else if (0 <= receive_unpack_limit)
1723                unpack_limit = receive_unpack_limit;
1724
1725        if (advertise_refs || !stateless_rpc) {
1726                write_head_info();
1727        }
1728        if (advertise_refs)
1729                return 0;
1730
1731        if ((commands = read_head_info(&shallow)) != NULL) {
1732                const char *unpack_status = NULL;
1733
1734                prepare_shallow_info(&si, &shallow);
1735                if (!si.nr_ours && !si.nr_theirs)
1736                        shallow_update = 0;
1737                if (!delete_only(commands)) {
1738                        unpack_status = unpack_with_sideband(&si);
1739                        update_shallow_info(commands, &si, &ref);
1740                }
1741                execute_commands(commands, unpack_status, &si);
1742                if (pack_lockfile)
1743                        unlink_or_warn(pack_lockfile);
1744                if (report_status)
1745                        report(commands, unpack_status);
1746                run_receive_hook(commands, "post-receive", 1);
1747                run_update_post_hook(commands);
1748                if (auto_gc) {
1749                        const char *argv_gc_auto[] = {
1750                                "gc", "--auto", "--quiet", NULL,
1751                        };
1752                        int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1753                        run_command_v_opt(argv_gc_auto, opt);
1754                }
1755                if (auto_update_server_info)
1756                        update_server_info(0);
1757                clear_shallow_info(&si);
1758        }
1759        if (use_sideband)
1760                packet_flush(1);
1761        sha1_array_clear(&shallow);
1762        sha1_array_clear(&ref);
1763        free((void *)push_cert_nonce);
1764        return 0;
1765}