6cdd2c6b59f70a63ef01311cec7854960ca92735
   1#include "builtin.h"
   2#include "lockfile.h"
   3#include "pack.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "exec_cmd.h"
   9#include "commit.h"
  10#include "object.h"
  11#include "remote.h"
  12#include "connect.h"
  13#include "transport.h"
  14#include "string-list.h"
  15#include "sha1-array.h"
  16#include "connected.h"
  17#include "argv-array.h"
  18#include "version.h"
  19#include "tag.h"
  20#include "gpg-interface.h"
  21#include "sigchain.h"
  22#include "fsck.h"
  23
  24static const char * const receive_pack_usage[] = {
  25        N_("git receive-pack <git-dir>"),
  26        NULL
  27};
  28
  29enum deny_action {
  30        DENY_UNCONFIGURED,
  31        DENY_IGNORE,
  32        DENY_WARN,
  33        DENY_REFUSE,
  34        DENY_UPDATE_INSTEAD
  35};
  36
  37static int deny_deletes;
  38static int deny_non_fast_forwards;
  39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  41static int receive_fsck_objects = -1;
  42static int transfer_fsck_objects = -1;
  43static struct strbuf fsck_msg_types = STRBUF_INIT;
  44static int receive_unpack_limit = -1;
  45static int transfer_unpack_limit = -1;
  46static int advertise_atomic_push = 1;
  47static int unpack_limit = 100;
  48static int report_status;
  49static int use_sideband;
  50static int use_atomic;
  51static int quiet;
  52static int prefer_ofs_delta = 1;
  53static int auto_update_server_info;
  54static int auto_gc = 1;
  55static int reject_thin;
  56static int stateless_rpc;
  57static const char *service_dir;
  58static const char *head_name;
  59static void *head_name_to_free;
  60static int sent_capabilities;
  61static int shallow_update;
  62static const char *alt_shallow_file;
  63static struct strbuf push_cert = STRBUF_INIT;
  64static unsigned char push_cert_sha1[20];
  65static struct signature_check sigcheck;
  66static const char *push_cert_nonce;
  67static const char *cert_nonce_seed;
  68
  69static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  70static const char *NONCE_BAD = "BAD";
  71static const char *NONCE_MISSING = "MISSING";
  72static const char *NONCE_OK = "OK";
  73static const char *NONCE_SLOP = "SLOP";
  74static const char *nonce_status;
  75static long nonce_stamp_slop;
  76static unsigned long nonce_stamp_slop_limit;
  77static struct ref_transaction *transaction;
  78
  79static enum deny_action parse_deny_action(const char *var, const char *value)
  80{
  81        if (value) {
  82                if (!strcasecmp(value, "ignore"))
  83                        return DENY_IGNORE;
  84                if (!strcasecmp(value, "warn"))
  85                        return DENY_WARN;
  86                if (!strcasecmp(value, "refuse"))
  87                        return DENY_REFUSE;
  88                if (!strcasecmp(value, "updateinstead"))
  89                        return DENY_UPDATE_INSTEAD;
  90        }
  91        if (git_config_bool(var, value))
  92                return DENY_REFUSE;
  93        return DENY_IGNORE;
  94}
  95
  96static int receive_pack_config(const char *var, const char *value, void *cb)
  97{
  98        int status = parse_hide_refs_config(var, value, "receive");
  99
 100        if (status)
 101                return status;
 102
 103        if (strcmp(var, "receive.denydeletes") == 0) {
 104                deny_deletes = git_config_bool(var, value);
 105                return 0;
 106        }
 107
 108        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 109                deny_non_fast_forwards = git_config_bool(var, value);
 110                return 0;
 111        }
 112
 113        if (strcmp(var, "receive.unpacklimit") == 0) {
 114                receive_unpack_limit = git_config_int(var, value);
 115                return 0;
 116        }
 117
 118        if (strcmp(var, "transfer.unpacklimit") == 0) {
 119                transfer_unpack_limit = git_config_int(var, value);
 120                return 0;
 121        }
 122
 123        if (strcmp(var, "receive.fsck.skiplist") == 0) {
 124                const char *path;
 125
 126                if (git_config_pathname(&path, var, value))
 127                        return 1;
 128                strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
 129                        fsck_msg_types.len ? ',' : '=', path);
 130                free((char *)path);
 131                return 0;
 132        }
 133
 134        if (skip_prefix(var, "receive.fsck.", &var)) {
 135                if (is_valid_msg_type(var, value))
 136                        strbuf_addf(&fsck_msg_types, "%c%s=%s",
 137                                fsck_msg_types.len ? ',' : '=', var, value);
 138                else
 139                        warning("Skipping unknown msg id '%s'", var);
 140                return 0;
 141        }
 142
 143        if (strcmp(var, "receive.fsckobjects") == 0) {
 144                receive_fsck_objects = git_config_bool(var, value);
 145                return 0;
 146        }
 147
 148        if (strcmp(var, "transfer.fsckobjects") == 0) {
 149                transfer_fsck_objects = git_config_bool(var, value);
 150                return 0;
 151        }
 152
 153        if (!strcmp(var, "receive.denycurrentbranch")) {
 154                deny_current_branch = parse_deny_action(var, value);
 155                return 0;
 156        }
 157
 158        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 159                deny_delete_current = parse_deny_action(var, value);
 160                return 0;
 161        }
 162
 163        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 164                prefer_ofs_delta = git_config_bool(var, value);
 165                return 0;
 166        }
 167
 168        if (strcmp(var, "receive.updateserverinfo") == 0) {
 169                auto_update_server_info = git_config_bool(var, value);
 170                return 0;
 171        }
 172
 173        if (strcmp(var, "receive.autogc") == 0) {
 174                auto_gc = git_config_bool(var, value);
 175                return 0;
 176        }
 177
 178        if (strcmp(var, "receive.shallowupdate") == 0) {
 179                shallow_update = git_config_bool(var, value);
 180                return 0;
 181        }
 182
 183        if (strcmp(var, "receive.certnonceseed") == 0)
 184                return git_config_string(&cert_nonce_seed, var, value);
 185
 186        if (strcmp(var, "receive.certnonceslop") == 0) {
 187                nonce_stamp_slop_limit = git_config_ulong(var, value);
 188                return 0;
 189        }
 190
 191        if (strcmp(var, "receive.advertiseatomic") == 0) {
 192                advertise_atomic_push = git_config_bool(var, value);
 193                return 0;
 194        }
 195
 196        return git_default_config(var, value, cb);
 197}
 198
 199static void show_ref(const char *path, const unsigned char *sha1)
 200{
 201        if (sent_capabilities) {
 202                packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
 203        } else {
 204                struct strbuf cap = STRBUF_INIT;
 205
 206                strbuf_addstr(&cap,
 207                              "report-status delete-refs side-band-64k quiet");
 208                if (advertise_atomic_push)
 209                        strbuf_addstr(&cap, " atomic");
 210                if (prefer_ofs_delta)
 211                        strbuf_addstr(&cap, " ofs-delta");
 212                if (push_cert_nonce)
 213                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 214                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 215                packet_write(1, "%s %s%c%s\n",
 216                             sha1_to_hex(sha1), path, 0, cap.buf);
 217                strbuf_release(&cap);
 218                sent_capabilities = 1;
 219        }
 220}
 221
 222static int show_ref_cb(const char *path_full, const struct object_id *oid,
 223                       int flag, void *unused)
 224{
 225        const char *path = strip_namespace(path_full);
 226
 227        if (ref_is_hidden(path, path_full))
 228                return 0;
 229
 230        /*
 231         * Advertise refs outside our current namespace as ".have"
 232         * refs, so that the client can use them to minimize data
 233         * transfer but will otherwise ignore them. This happens to
 234         * cover ".have" that are thrown in by add_one_alternate_ref()
 235         * to mark histories that are complete in our alternates as
 236         * well.
 237         */
 238        if (!path)
 239                path = ".have";
 240        show_ref(path, oid->hash);
 241        return 0;
 242}
 243
 244static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
 245{
 246        show_ref(".have", sha1);
 247}
 248
 249static void collect_one_alternate_ref(const struct ref *ref, void *data)
 250{
 251        struct sha1_array *sa = data;
 252        sha1_array_append(sa, ref->old_oid.hash);
 253}
 254
 255static void write_head_info(void)
 256{
 257        struct sha1_array sa = SHA1_ARRAY_INIT;
 258
 259        for_each_alternate_ref(collect_one_alternate_ref, &sa);
 260        sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
 261        sha1_array_clear(&sa);
 262        for_each_ref(show_ref_cb, NULL);
 263        if (!sent_capabilities)
 264                show_ref("capabilities^{}", null_sha1);
 265
 266        advertise_shallow_grafts(1);
 267
 268        /* EOF */
 269        packet_flush(1);
 270}
 271
 272struct command {
 273        struct command *next;
 274        const char *error_string;
 275        unsigned int skip_update:1,
 276                     did_not_exist:1;
 277        int index;
 278        unsigned char old_sha1[20];
 279        unsigned char new_sha1[20];
 280        char ref_name[FLEX_ARRAY]; /* more */
 281};
 282
 283static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 284static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 285
 286static void report_message(const char *prefix, const char *err, va_list params)
 287{
 288        int sz;
 289        char msg[4096];
 290
 291        sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
 292        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 293        if (sz > (sizeof(msg) - 1))
 294                sz = sizeof(msg) - 1;
 295        msg[sz++] = '\n';
 296
 297        if (use_sideband)
 298                send_sideband(1, 2, msg, sz, use_sideband);
 299        else
 300                xwrite(2, msg, sz);
 301}
 302
 303static void rp_warning(const char *err, ...)
 304{
 305        va_list params;
 306        va_start(params, err);
 307        report_message("warning: ", err, params);
 308        va_end(params);
 309}
 310
 311static void rp_error(const char *err, ...)
 312{
 313        va_list params;
 314        va_start(params, err);
 315        report_message("error: ", err, params);
 316        va_end(params);
 317}
 318
 319static int copy_to_sideband(int in, int out, void *arg)
 320{
 321        char data[128];
 322        while (1) {
 323                ssize_t sz = xread(in, data, sizeof(data));
 324                if (sz <= 0)
 325                        break;
 326                send_sideband(1, 2, data, sz, use_sideband);
 327        }
 328        close(in);
 329        return 0;
 330}
 331
 332#define HMAC_BLOCK_SIZE 64
 333
 334static void hmac_sha1(unsigned char *out,
 335                      const char *key_in, size_t key_len,
 336                      const char *text, size_t text_len)
 337{
 338        unsigned char key[HMAC_BLOCK_SIZE];
 339        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 340        unsigned char k_opad[HMAC_BLOCK_SIZE];
 341        int i;
 342        git_SHA_CTX ctx;
 343
 344        /* RFC 2104 2. (1) */
 345        memset(key, '\0', HMAC_BLOCK_SIZE);
 346        if (HMAC_BLOCK_SIZE < key_len) {
 347                git_SHA1_Init(&ctx);
 348                git_SHA1_Update(&ctx, key_in, key_len);
 349                git_SHA1_Final(key, &ctx);
 350        } else {
 351                memcpy(key, key_in, key_len);
 352        }
 353
 354        /* RFC 2104 2. (2) & (5) */
 355        for (i = 0; i < sizeof(key); i++) {
 356                k_ipad[i] = key[i] ^ 0x36;
 357                k_opad[i] = key[i] ^ 0x5c;
 358        }
 359
 360        /* RFC 2104 2. (3) & (4) */
 361        git_SHA1_Init(&ctx);
 362        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 363        git_SHA1_Update(&ctx, text, text_len);
 364        git_SHA1_Final(out, &ctx);
 365
 366        /* RFC 2104 2. (6) & (7) */
 367        git_SHA1_Init(&ctx);
 368        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 369        git_SHA1_Update(&ctx, out, 20);
 370        git_SHA1_Final(out, &ctx);
 371}
 372
 373static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
 374{
 375        struct strbuf buf = STRBUF_INIT;
 376        unsigned char sha1[20];
 377
 378        strbuf_addf(&buf, "%s:%lu", path, stamp);
 379        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 380        strbuf_release(&buf);
 381
 382        /* RFC 2104 5. HMAC-SHA1-80 */
 383        strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
 384        return strbuf_detach(&buf, NULL);
 385}
 386
 387/*
 388 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 389 * after dropping "_commit" from its name and possibly moving it out
 390 * of commit.c
 391 */
 392static char *find_header(const char *msg, size_t len, const char *key)
 393{
 394        int key_len = strlen(key);
 395        const char *line = msg;
 396
 397        while (line && line < msg + len) {
 398                const char *eol = strchrnul(line, '\n');
 399
 400                if ((msg + len <= eol) || line == eol)
 401                        return NULL;
 402                if (line + key_len < eol &&
 403                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 404                        int offset = key_len + 1;
 405                        return xmemdupz(line + offset, (eol - line) - offset);
 406                }
 407                line = *eol ? eol + 1 : NULL;
 408        }
 409        return NULL;
 410}
 411
 412static const char *check_nonce(const char *buf, size_t len)
 413{
 414        char *nonce = find_header(buf, len, "nonce");
 415        unsigned long stamp, ostamp;
 416        char *bohmac, *expect = NULL;
 417        const char *retval = NONCE_BAD;
 418
 419        if (!nonce) {
 420                retval = NONCE_MISSING;
 421                goto leave;
 422        } else if (!push_cert_nonce) {
 423                retval = NONCE_UNSOLICITED;
 424                goto leave;
 425        } else if (!strcmp(push_cert_nonce, nonce)) {
 426                retval = NONCE_OK;
 427                goto leave;
 428        }
 429
 430        if (!stateless_rpc) {
 431                /* returned nonce MUST match what we gave out earlier */
 432                retval = NONCE_BAD;
 433                goto leave;
 434        }
 435
 436        /*
 437         * In stateless mode, we may be receiving a nonce issued by
 438         * another instance of the server that serving the same
 439         * repository, and the timestamps may not match, but the
 440         * nonce-seed and dir should match, so we can recompute and
 441         * report the time slop.
 442         *
 443         * In addition, when a nonce issued by another instance has
 444         * timestamp within receive.certnonceslop seconds, we pretend
 445         * as if we issued that nonce when reporting to the hook.
 446         */
 447
 448        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 449        if (*nonce <= '0' || '9' < *nonce) {
 450                retval = NONCE_BAD;
 451                goto leave;
 452        }
 453        stamp = strtoul(nonce, &bohmac, 10);
 454        if (bohmac == nonce || bohmac[0] != '-') {
 455                retval = NONCE_BAD;
 456                goto leave;
 457        }
 458
 459        expect = prepare_push_cert_nonce(service_dir, stamp);
 460        if (strcmp(expect, nonce)) {
 461                /* Not what we would have signed earlier */
 462                retval = NONCE_BAD;
 463                goto leave;
 464        }
 465
 466        /*
 467         * By how many seconds is this nonce stale?  Negative value
 468         * would mean it was issued by another server with its clock
 469         * skewed in the future.
 470         */
 471        ostamp = strtoul(push_cert_nonce, NULL, 10);
 472        nonce_stamp_slop = (long)ostamp - (long)stamp;
 473
 474        if (nonce_stamp_slop_limit &&
 475            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 476                /*
 477                 * Pretend as if the received nonce (which passes the
 478                 * HMAC check, so it is not a forged by third-party)
 479                 * is what we issued.
 480                 */
 481                free((void *)push_cert_nonce);
 482                push_cert_nonce = xstrdup(nonce);
 483                retval = NONCE_OK;
 484        } else {
 485                retval = NONCE_SLOP;
 486        }
 487
 488leave:
 489        free(nonce);
 490        free(expect);
 491        return retval;
 492}
 493
 494static void prepare_push_cert_sha1(struct child_process *proc)
 495{
 496        static int already_done;
 497
 498        if (!push_cert.len)
 499                return;
 500
 501        if (!already_done) {
 502                struct strbuf gpg_output = STRBUF_INIT;
 503                struct strbuf gpg_status = STRBUF_INIT;
 504                int bogs /* beginning_of_gpg_sig */;
 505
 506                already_done = 1;
 507                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 508                        hashclr(push_cert_sha1);
 509
 510                memset(&sigcheck, '\0', sizeof(sigcheck));
 511                sigcheck.result = 'N';
 512
 513                bogs = parse_signature(push_cert.buf, push_cert.len);
 514                if (verify_signed_buffer(push_cert.buf, bogs,
 515                                         push_cert.buf + bogs, push_cert.len - bogs,
 516                                         &gpg_output, &gpg_status) < 0) {
 517                        ; /* error running gpg */
 518                } else {
 519                        sigcheck.payload = push_cert.buf;
 520                        sigcheck.gpg_output = gpg_output.buf;
 521                        sigcheck.gpg_status = gpg_status.buf;
 522                        parse_gpg_output(&sigcheck);
 523                }
 524
 525                strbuf_release(&gpg_output);
 526                strbuf_release(&gpg_status);
 527                nonce_status = check_nonce(push_cert.buf, bogs);
 528        }
 529        if (!is_null_sha1(push_cert_sha1)) {
 530                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 531                                 sha1_to_hex(push_cert_sha1));
 532                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 533                                 sigcheck.signer ? sigcheck.signer : "");
 534                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 535                                 sigcheck.key ? sigcheck.key : "");
 536                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 537                                 sigcheck.result);
 538                if (push_cert_nonce) {
 539                        argv_array_pushf(&proc->env_array,
 540                                         "GIT_PUSH_CERT_NONCE=%s",
 541                                         push_cert_nonce);
 542                        argv_array_pushf(&proc->env_array,
 543                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 544                                         nonce_status);
 545                        if (nonce_status == NONCE_SLOP)
 546                                argv_array_pushf(&proc->env_array,
 547                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 548                                                 nonce_stamp_slop);
 549                }
 550        }
 551}
 552
 553struct receive_hook_feed_state {
 554        struct command *cmd;
 555        int skip_broken;
 556        struct strbuf buf;
 557        const struct string_list *push_options;
 558};
 559
 560typedef int (*feed_fn)(void *, const char **, size_t *);
 561static int run_and_feed_hook(const char *hook_name, feed_fn feed,
 562                             struct receive_hook_feed_state *feed_state)
 563{
 564        struct child_process proc = CHILD_PROCESS_INIT;
 565        struct async muxer;
 566        const char *argv[2];
 567        int code;
 568
 569        argv[0] = find_hook(hook_name);
 570        if (!argv[0])
 571                return 0;
 572
 573        argv[1] = NULL;
 574
 575        proc.argv = argv;
 576        proc.in = -1;
 577        proc.stdout_to_stderr = 1;
 578        if (feed_state->push_options) {
 579                int i;
 580                for (i = 0; i < feed_state->push_options->nr; i++)
 581                        argv_array_pushf(&proc.env_array,
 582                                "GIT_PUSH_OPTION_%d=%s", i,
 583                                feed_state->push_options->items[i].string);
 584                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
 585                                 feed_state->push_options->nr);
 586        } else
 587                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
 588
 589        if (use_sideband) {
 590                memset(&muxer, 0, sizeof(muxer));
 591                muxer.proc = copy_to_sideband;
 592                muxer.in = -1;
 593                code = start_async(&muxer);
 594                if (code)
 595                        return code;
 596                proc.err = muxer.in;
 597        }
 598
 599        prepare_push_cert_sha1(&proc);
 600
 601        code = start_command(&proc);
 602        if (code) {
 603                if (use_sideband)
 604                        finish_async(&muxer);
 605                return code;
 606        }
 607
 608        sigchain_push(SIGPIPE, SIG_IGN);
 609
 610        while (1) {
 611                const char *buf;
 612                size_t n;
 613                if (feed(feed_state, &buf, &n))
 614                        break;
 615                if (write_in_full(proc.in, buf, n) != n)
 616                        break;
 617        }
 618        close(proc.in);
 619        if (use_sideband)
 620                finish_async(&muxer);
 621
 622        sigchain_pop(SIGPIPE);
 623
 624        return finish_command(&proc);
 625}
 626
 627static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 628{
 629        struct receive_hook_feed_state *state = state_;
 630        struct command *cmd = state->cmd;
 631
 632        while (cmd &&
 633               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 634                cmd = cmd->next;
 635        if (!cmd)
 636                return -1; /* EOF */
 637        strbuf_reset(&state->buf);
 638        strbuf_addf(&state->buf, "%s %s %s\n",
 639                    sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
 640                    cmd->ref_name);
 641        state->cmd = cmd->next;
 642        if (bufp) {
 643                *bufp = state->buf.buf;
 644                *sizep = state->buf.len;
 645        }
 646        return 0;
 647}
 648
 649static int run_receive_hook(struct command *commands,
 650                            const char *hook_name,
 651                            int skip_broken,
 652                            const struct string_list *push_options)
 653{
 654        struct receive_hook_feed_state state;
 655        int status;
 656
 657        strbuf_init(&state.buf, 0);
 658        state.cmd = commands;
 659        state.skip_broken = skip_broken;
 660        if (feed_receive_hook(&state, NULL, NULL))
 661                return 0;
 662        state.cmd = commands;
 663        state.push_options = push_options;
 664        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 665        strbuf_release(&state.buf);
 666        return status;
 667}
 668
 669static int run_update_hook(struct command *cmd)
 670{
 671        const char *argv[5];
 672        struct child_process proc = CHILD_PROCESS_INIT;
 673        int code;
 674
 675        argv[0] = find_hook("update");
 676        if (!argv[0])
 677                return 0;
 678
 679        argv[1] = cmd->ref_name;
 680        argv[2] = sha1_to_hex(cmd->old_sha1);
 681        argv[3] = sha1_to_hex(cmd->new_sha1);
 682        argv[4] = NULL;
 683
 684        proc.no_stdin = 1;
 685        proc.stdout_to_stderr = 1;
 686        proc.err = use_sideband ? -1 : 0;
 687        proc.argv = argv;
 688
 689        code = start_command(&proc);
 690        if (code)
 691                return code;
 692        if (use_sideband)
 693                copy_to_sideband(proc.err, -1, NULL);
 694        return finish_command(&proc);
 695}
 696
 697static int is_ref_checked_out(const char *ref)
 698{
 699        if (is_bare_repository())
 700                return 0;
 701
 702        if (!head_name)
 703                return 0;
 704        return !strcmp(head_name, ref);
 705}
 706
 707static char *refuse_unconfigured_deny_msg[] = {
 708        "By default, updating the current branch in a non-bare repository",
 709        "is denied, because it will make the index and work tree inconsistent",
 710        "with what you pushed, and will require 'git reset --hard' to match",
 711        "the work tree to HEAD.",
 712        "",
 713        "You can set 'receive.denyCurrentBranch' configuration variable to",
 714        "'ignore' or 'warn' in the remote repository to allow pushing into",
 715        "its current branch; however, this is not recommended unless you",
 716        "arranged to update its work tree to match what you pushed in some",
 717        "other way.",
 718        "",
 719        "To squelch this message and still keep the default behaviour, set",
 720        "'receive.denyCurrentBranch' configuration variable to 'refuse'."
 721};
 722
 723static void refuse_unconfigured_deny(void)
 724{
 725        int i;
 726        for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
 727                rp_error("%s", refuse_unconfigured_deny_msg[i]);
 728}
 729
 730static char *refuse_unconfigured_deny_delete_current_msg[] = {
 731        "By default, deleting the current branch is denied, because the next",
 732        "'git clone' won't result in any file checked out, causing confusion.",
 733        "",
 734        "You can set 'receive.denyDeleteCurrent' configuration variable to",
 735        "'warn' or 'ignore' in the remote repository to allow deleting the",
 736        "current branch, with or without a warning message.",
 737        "",
 738        "To squelch this message, you can set it to 'refuse'."
 739};
 740
 741static void refuse_unconfigured_deny_delete_current(void)
 742{
 743        int i;
 744        for (i = 0;
 745             i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
 746             i++)
 747                rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
 748}
 749
 750static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 751static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 752{
 753        static struct lock_file shallow_lock;
 754        struct sha1_array extra = SHA1_ARRAY_INIT;
 755        const char *alt_file;
 756        uint32_t mask = 1 << (cmd->index % 32);
 757        int i;
 758
 759        trace_printf_key(&trace_shallow,
 760                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 761        for (i = 0; i < si->shallow->nr; i++)
 762                if (si->used_shallow[i] &&
 763                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 764                    !delayed_reachability_test(si, i))
 765                        sha1_array_append(&extra, si->shallow->sha1[i]);
 766
 767        setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
 768        if (check_shallow_connected(command_singleton_iterator,
 769                                    0, cmd, alt_file)) {
 770                rollback_lock_file(&shallow_lock);
 771                sha1_array_clear(&extra);
 772                return -1;
 773        }
 774
 775        commit_lock_file(&shallow_lock);
 776
 777        /*
 778         * Make sure setup_alternate_shallow() for the next ref does
 779         * not lose these new roots..
 780         */
 781        for (i = 0; i < extra.nr; i++)
 782                register_shallow(extra.sha1[i]);
 783
 784        si->shallow_ref[cmd->index] = 0;
 785        sha1_array_clear(&extra);
 786        return 0;
 787}
 788
 789/*
 790 * NEEDSWORK: we should consolidate various implementions of "are we
 791 * on an unborn branch?" test into one, and make the unified one more
 792 * robust. !get_sha1() based check used here and elsewhere would not
 793 * allow us to tell an unborn branch from corrupt ref, for example.
 794 * For the purpose of fixing "deploy-to-update does not work when
 795 * pushing into an empty repository" issue, this should suffice for
 796 * now.
 797 */
 798static int head_has_history(void)
 799{
 800        unsigned char sha1[20];
 801
 802        return !get_sha1("HEAD", sha1);
 803}
 804
 805static const char *push_to_deploy(unsigned char *sha1,
 806                                  struct argv_array *env,
 807                                  const char *work_tree)
 808{
 809        const char *update_refresh[] = {
 810                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 811        };
 812        const char *diff_files[] = {
 813                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 814        };
 815        const char *diff_index[] = {
 816                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 817                NULL, "--", NULL
 818        };
 819        const char *read_tree[] = {
 820                "read-tree", "-u", "-m", NULL, NULL
 821        };
 822        struct child_process child = CHILD_PROCESS_INIT;
 823
 824        child.argv = update_refresh;
 825        child.env = env->argv;
 826        child.dir = work_tree;
 827        child.no_stdin = 1;
 828        child.stdout_to_stderr = 1;
 829        child.git_cmd = 1;
 830        if (run_command(&child))
 831                return "Up-to-date check failed";
 832
 833        /* run_command() does not clean up completely; reinitialize */
 834        child_process_init(&child);
 835        child.argv = diff_files;
 836        child.env = env->argv;
 837        child.dir = work_tree;
 838        child.no_stdin = 1;
 839        child.stdout_to_stderr = 1;
 840        child.git_cmd = 1;
 841        if (run_command(&child))
 842                return "Working directory has unstaged changes";
 843
 844        /* diff-index with either HEAD or an empty tree */
 845        diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
 846
 847        child_process_init(&child);
 848        child.argv = diff_index;
 849        child.env = env->argv;
 850        child.no_stdin = 1;
 851        child.no_stdout = 1;
 852        child.stdout_to_stderr = 0;
 853        child.git_cmd = 1;
 854        if (run_command(&child))
 855                return "Working directory has staged changes";
 856
 857        read_tree[3] = sha1_to_hex(sha1);
 858        child_process_init(&child);
 859        child.argv = read_tree;
 860        child.env = env->argv;
 861        child.dir = work_tree;
 862        child.no_stdin = 1;
 863        child.no_stdout = 1;
 864        child.stdout_to_stderr = 0;
 865        child.git_cmd = 1;
 866        if (run_command(&child))
 867                return "Could not update working tree to new HEAD";
 868
 869        return NULL;
 870}
 871
 872static const char *push_to_checkout_hook = "push-to-checkout";
 873
 874static const char *push_to_checkout(unsigned char *sha1,
 875                                    struct argv_array *env,
 876                                    const char *work_tree)
 877{
 878        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
 879        if (run_hook_le(env->argv, push_to_checkout_hook,
 880                        sha1_to_hex(sha1), NULL))
 881                return "push-to-checkout hook declined";
 882        else
 883                return NULL;
 884}
 885
 886static const char *update_worktree(unsigned char *sha1)
 887{
 888        const char *retval;
 889        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
 890        struct argv_array env = ARGV_ARRAY_INIT;
 891
 892        if (is_bare_repository())
 893                return "denyCurrentBranch = updateInstead needs a worktree";
 894
 895        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
 896
 897        if (!find_hook(push_to_checkout_hook))
 898                retval = push_to_deploy(sha1, &env, work_tree);
 899        else
 900                retval = push_to_checkout(sha1, &env, work_tree);
 901
 902        argv_array_clear(&env);
 903        return retval;
 904}
 905
 906static const char *update(struct command *cmd, struct shallow_info *si)
 907{
 908        const char *name = cmd->ref_name;
 909        struct strbuf namespaced_name_buf = STRBUF_INIT;
 910        const char *namespaced_name, *ret;
 911        unsigned char *old_sha1 = cmd->old_sha1;
 912        unsigned char *new_sha1 = cmd->new_sha1;
 913
 914        /* only refs/... are allowed */
 915        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
 916                rp_error("refusing to create funny ref '%s' remotely", name);
 917                return "funny refname";
 918        }
 919
 920        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
 921        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
 922
 923        if (is_ref_checked_out(namespaced_name)) {
 924                switch (deny_current_branch) {
 925                case DENY_IGNORE:
 926                        break;
 927                case DENY_WARN:
 928                        rp_warning("updating the current branch");
 929                        break;
 930                case DENY_REFUSE:
 931                case DENY_UNCONFIGURED:
 932                        rp_error("refusing to update checked out branch: %s", name);
 933                        if (deny_current_branch == DENY_UNCONFIGURED)
 934                                refuse_unconfigured_deny();
 935                        return "branch is currently checked out";
 936                case DENY_UPDATE_INSTEAD:
 937                        ret = update_worktree(new_sha1);
 938                        if (ret)
 939                                return ret;
 940                        break;
 941                }
 942        }
 943
 944        if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
 945                error("unpack should have generated %s, "
 946                      "but I can't find it!", sha1_to_hex(new_sha1));
 947                return "bad pack";
 948        }
 949
 950        if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
 951                if (deny_deletes && starts_with(name, "refs/heads/")) {
 952                        rp_error("denying ref deletion for %s", name);
 953                        return "deletion prohibited";
 954                }
 955
 956                if (head_name && !strcmp(namespaced_name, head_name)) {
 957                        switch (deny_delete_current) {
 958                        case DENY_IGNORE:
 959                                break;
 960                        case DENY_WARN:
 961                                rp_warning("deleting the current branch");
 962                                break;
 963                        case DENY_REFUSE:
 964                        case DENY_UNCONFIGURED:
 965                        case DENY_UPDATE_INSTEAD:
 966                                if (deny_delete_current == DENY_UNCONFIGURED)
 967                                        refuse_unconfigured_deny_delete_current();
 968                                rp_error("refusing to delete the current branch: %s", name);
 969                                return "deletion of the current branch prohibited";
 970                        default:
 971                                return "Invalid denyDeleteCurrent setting";
 972                        }
 973                }
 974        }
 975
 976        if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
 977            !is_null_sha1(old_sha1) &&
 978            starts_with(name, "refs/heads/")) {
 979                struct object *old_object, *new_object;
 980                struct commit *old_commit, *new_commit;
 981
 982                old_object = parse_object(old_sha1);
 983                new_object = parse_object(new_sha1);
 984
 985                if (!old_object || !new_object ||
 986                    old_object->type != OBJ_COMMIT ||
 987                    new_object->type != OBJ_COMMIT) {
 988                        error("bad sha1 objects for %s", name);
 989                        return "bad ref";
 990                }
 991                old_commit = (struct commit *)old_object;
 992                new_commit = (struct commit *)new_object;
 993                if (!in_merge_bases(old_commit, new_commit)) {
 994                        rp_error("denying non-fast-forward %s"
 995                                 " (you should pull first)", name);
 996                        return "non-fast-forward";
 997                }
 998        }
 999        if (run_update_hook(cmd)) {
1000                rp_error("hook declined to update %s", name);
1001                return "hook declined";
1002        }
1003
1004        if (is_null_sha1(new_sha1)) {
1005                struct strbuf err = STRBUF_INIT;
1006                if (!parse_object(old_sha1)) {
1007                        old_sha1 = NULL;
1008                        if (ref_exists(name)) {
1009                                rp_warning("Allowing deletion of corrupt ref.");
1010                        } else {
1011                                rp_warning("Deleting a non-existent ref.");
1012                                cmd->did_not_exist = 1;
1013                        }
1014                }
1015                if (ref_transaction_delete(transaction,
1016                                           namespaced_name,
1017                                           old_sha1,
1018                                           0, "push", &err)) {
1019                        rp_error("%s", err.buf);
1020                        strbuf_release(&err);
1021                        return "failed to delete";
1022                }
1023                strbuf_release(&err);
1024                return NULL; /* good */
1025        }
1026        else {
1027                struct strbuf err = STRBUF_INIT;
1028                if (shallow_update && si->shallow_ref[cmd->index] &&
1029                    update_shallow_ref(cmd, si))
1030                        return "shallow error";
1031
1032                if (ref_transaction_update(transaction,
1033                                           namespaced_name,
1034                                           new_sha1, old_sha1,
1035                                           0, "push",
1036                                           &err)) {
1037                        rp_error("%s", err.buf);
1038                        strbuf_release(&err);
1039
1040                        return "failed to update ref";
1041                }
1042                strbuf_release(&err);
1043
1044                return NULL; /* good */
1045        }
1046}
1047
1048static void run_update_post_hook(struct command *commands)
1049{
1050        struct command *cmd;
1051        int argc;
1052        struct child_process proc = CHILD_PROCESS_INIT;
1053        const char *hook;
1054
1055        hook = find_hook("post-update");
1056        for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1057                if (cmd->error_string || cmd->did_not_exist)
1058                        continue;
1059                argc++;
1060        }
1061        if (!argc || !hook)
1062                return;
1063
1064        argv_array_push(&proc.args, hook);
1065        for (cmd = commands; cmd; cmd = cmd->next) {
1066                if (cmd->error_string || cmd->did_not_exist)
1067                        continue;
1068                argv_array_push(&proc.args, cmd->ref_name);
1069        }
1070
1071        proc.no_stdin = 1;
1072        proc.stdout_to_stderr = 1;
1073        proc.err = use_sideband ? -1 : 0;
1074
1075        if (!start_command(&proc)) {
1076                if (use_sideband)
1077                        copy_to_sideband(proc.err, -1, NULL);
1078                finish_command(&proc);
1079        }
1080}
1081
1082static void check_aliased_update(struct command *cmd, struct string_list *list)
1083{
1084        struct strbuf buf = STRBUF_INIT;
1085        const char *dst_name;
1086        struct string_list_item *item;
1087        struct command *dst_cmd;
1088        unsigned char sha1[GIT_SHA1_RAWSZ];
1089        char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1090             cmd_newh[GIT_SHA1_HEXSZ + 1],
1091             dst_oldh[GIT_SHA1_HEXSZ + 1],
1092             dst_newh[GIT_SHA1_HEXSZ + 1];
1093        int flag;
1094
1095        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1096        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1097        strbuf_release(&buf);
1098
1099        if (!(flag & REF_ISSYMREF))
1100                return;
1101
1102        if (!dst_name) {
1103                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1104                cmd->skip_update = 1;
1105                cmd->error_string = "broken symref";
1106                return;
1107        }
1108        dst_name = strip_namespace(dst_name);
1109
1110        if ((item = string_list_lookup(list, dst_name)) == NULL)
1111                return;
1112
1113        cmd->skip_update = 1;
1114
1115        dst_cmd = (struct command *) item->util;
1116
1117        if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1118            !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1119                return;
1120
1121        dst_cmd->skip_update = 1;
1122
1123        find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1124        find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1125        find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1126        find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1127        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1128                 " its target '%s' (%s..%s)",
1129                 cmd->ref_name, cmd_oldh, cmd_newh,
1130                 dst_cmd->ref_name, dst_oldh, dst_newh);
1131
1132        cmd->error_string = dst_cmd->error_string =
1133                "inconsistent aliased update";
1134}
1135
1136static void check_aliased_updates(struct command *commands)
1137{
1138        struct command *cmd;
1139        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1140
1141        for (cmd = commands; cmd; cmd = cmd->next) {
1142                struct string_list_item *item =
1143                        string_list_append(&ref_list, cmd->ref_name);
1144                item->util = (void *)cmd;
1145        }
1146        string_list_sort(&ref_list);
1147
1148        for (cmd = commands; cmd; cmd = cmd->next) {
1149                if (!cmd->error_string)
1150                        check_aliased_update(cmd, &ref_list);
1151        }
1152
1153        string_list_clear(&ref_list, 0);
1154}
1155
1156static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1157{
1158        struct command **cmd_list = cb_data;
1159        struct command *cmd = *cmd_list;
1160
1161        if (!cmd || is_null_sha1(cmd->new_sha1))
1162                return -1; /* end of list */
1163        *cmd_list = NULL; /* this returns only one */
1164        hashcpy(sha1, cmd->new_sha1);
1165        return 0;
1166}
1167
1168static void set_connectivity_errors(struct command *commands,
1169                                    struct shallow_info *si)
1170{
1171        struct command *cmd;
1172
1173        for (cmd = commands; cmd; cmd = cmd->next) {
1174                struct command *singleton = cmd;
1175                if (shallow_update && si->shallow_ref[cmd->index])
1176                        /* to be checked in update_shallow_ref() */
1177                        continue;
1178                if (!check_everything_connected(command_singleton_iterator,
1179                                                0, &singleton))
1180                        continue;
1181                cmd->error_string = "missing necessary objects";
1182        }
1183}
1184
1185struct iterate_data {
1186        struct command *cmds;
1187        struct shallow_info *si;
1188};
1189
1190static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1191{
1192        struct iterate_data *data = cb_data;
1193        struct command **cmd_list = &data->cmds;
1194        struct command *cmd = *cmd_list;
1195
1196        for (; cmd; cmd = cmd->next) {
1197                if (shallow_update && data->si->shallow_ref[cmd->index])
1198                        /* to be checked in update_shallow_ref() */
1199                        continue;
1200                if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1201                        hashcpy(sha1, cmd->new_sha1);
1202                        *cmd_list = cmd->next;
1203                        return 0;
1204                }
1205        }
1206        *cmd_list = NULL;
1207        return -1; /* end of list */
1208}
1209
1210static void reject_updates_to_hidden(struct command *commands)
1211{
1212        struct strbuf refname_full = STRBUF_INIT;
1213        size_t prefix_len;
1214        struct command *cmd;
1215
1216        strbuf_addstr(&refname_full, get_git_namespace());
1217        prefix_len = refname_full.len;
1218
1219        for (cmd = commands; cmd; cmd = cmd->next) {
1220                if (cmd->error_string)
1221                        continue;
1222
1223                strbuf_setlen(&refname_full, prefix_len);
1224                strbuf_addstr(&refname_full, cmd->ref_name);
1225
1226                if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1227                        continue;
1228                if (is_null_sha1(cmd->new_sha1))
1229                        cmd->error_string = "deny deleting a hidden ref";
1230                else
1231                        cmd->error_string = "deny updating a hidden ref";
1232        }
1233
1234        strbuf_release(&refname_full);
1235}
1236
1237static int should_process_cmd(struct command *cmd)
1238{
1239        return !cmd->error_string && !cmd->skip_update;
1240}
1241
1242static void warn_if_skipped_connectivity_check(struct command *commands,
1243                                               struct shallow_info *si)
1244{
1245        struct command *cmd;
1246        int checked_connectivity = 1;
1247
1248        for (cmd = commands; cmd; cmd = cmd->next) {
1249                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1250                        error("BUG: connectivity check has not been run on ref %s",
1251                              cmd->ref_name);
1252                        checked_connectivity = 0;
1253                }
1254        }
1255        if (!checked_connectivity)
1256                die("BUG: connectivity check skipped???");
1257}
1258
1259static void execute_commands_non_atomic(struct command *commands,
1260                                        struct shallow_info *si)
1261{
1262        struct command *cmd;
1263        struct strbuf err = STRBUF_INIT;
1264
1265        for (cmd = commands; cmd; cmd = cmd->next) {
1266                if (!should_process_cmd(cmd))
1267                        continue;
1268
1269                transaction = ref_transaction_begin(&err);
1270                if (!transaction) {
1271                        rp_error("%s", err.buf);
1272                        strbuf_reset(&err);
1273                        cmd->error_string = "transaction failed to start";
1274                        continue;
1275                }
1276
1277                cmd->error_string = update(cmd, si);
1278
1279                if (!cmd->error_string
1280                    && ref_transaction_commit(transaction, &err)) {
1281                        rp_error("%s", err.buf);
1282                        strbuf_reset(&err);
1283                        cmd->error_string = "failed to update ref";
1284                }
1285                ref_transaction_free(transaction);
1286        }
1287        strbuf_release(&err);
1288}
1289
1290static void execute_commands_atomic(struct command *commands,
1291                                        struct shallow_info *si)
1292{
1293        struct command *cmd;
1294        struct strbuf err = STRBUF_INIT;
1295        const char *reported_error = "atomic push failure";
1296
1297        transaction = ref_transaction_begin(&err);
1298        if (!transaction) {
1299                rp_error("%s", err.buf);
1300                strbuf_reset(&err);
1301                reported_error = "transaction failed to start";
1302                goto failure;
1303        }
1304
1305        for (cmd = commands; cmd; cmd = cmd->next) {
1306                if (!should_process_cmd(cmd))
1307                        continue;
1308
1309                cmd->error_string = update(cmd, si);
1310
1311                if (cmd->error_string)
1312                        goto failure;
1313        }
1314
1315        if (ref_transaction_commit(transaction, &err)) {
1316                rp_error("%s", err.buf);
1317                reported_error = "atomic transaction failed";
1318                goto failure;
1319        }
1320        goto cleanup;
1321
1322failure:
1323        for (cmd = commands; cmd; cmd = cmd->next)
1324                if (!cmd->error_string)
1325                        cmd->error_string = reported_error;
1326
1327cleanup:
1328        ref_transaction_free(transaction);
1329        strbuf_release(&err);
1330}
1331
1332static void execute_commands(struct command *commands,
1333                             const char *unpacker_error,
1334                             struct shallow_info *si,
1335                             const struct string_list *push_options)
1336{
1337        struct command *cmd;
1338        unsigned char sha1[20];
1339        struct iterate_data data;
1340
1341        if (unpacker_error) {
1342                for (cmd = commands; cmd; cmd = cmd->next)
1343                        cmd->error_string = "unpacker error";
1344                return;
1345        }
1346
1347        data.cmds = commands;
1348        data.si = si;
1349        if (check_everything_connected(iterate_receive_command_list, 0, &data))
1350                set_connectivity_errors(commands, si);
1351
1352        reject_updates_to_hidden(commands);
1353
1354        if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1355                for (cmd = commands; cmd; cmd = cmd->next) {
1356                        if (!cmd->error_string)
1357                                cmd->error_string = "pre-receive hook declined";
1358                }
1359                return;
1360        }
1361
1362        check_aliased_updates(commands);
1363
1364        free(head_name_to_free);
1365        head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1366
1367        if (use_atomic)
1368                execute_commands_atomic(commands, si);
1369        else
1370                execute_commands_non_atomic(commands, si);
1371
1372        if (shallow_update)
1373                warn_if_skipped_connectivity_check(commands, si);
1374}
1375
1376static struct command **queue_command(struct command **tail,
1377                                      const char *line,
1378                                      int linelen)
1379{
1380        unsigned char old_sha1[20], new_sha1[20];
1381        struct command *cmd;
1382        const char *refname;
1383        int reflen;
1384
1385        if (linelen < 83 ||
1386            line[40] != ' ' ||
1387            line[81] != ' ' ||
1388            get_sha1_hex(line, old_sha1) ||
1389            get_sha1_hex(line + 41, new_sha1))
1390                die("protocol error: expected old/new/ref, got '%s'", line);
1391
1392        refname = line + 82;
1393        reflen = linelen - 82;
1394        cmd = xcalloc(1, st_add3(sizeof(struct command), reflen, 1));
1395        hashcpy(cmd->old_sha1, old_sha1);
1396        hashcpy(cmd->new_sha1, new_sha1);
1397        memcpy(cmd->ref_name, refname, reflen);
1398        cmd->ref_name[reflen] = '\0';
1399        *tail = cmd;
1400        return &cmd->next;
1401}
1402
1403static void queue_commands_from_cert(struct command **tail,
1404                                     struct strbuf *push_cert)
1405{
1406        const char *boc, *eoc;
1407
1408        if (*tail)
1409                die("protocol error: got both push certificate and unsigned commands");
1410
1411        boc = strstr(push_cert->buf, "\n\n");
1412        if (!boc)
1413                die("malformed push certificate %.*s", 100, push_cert->buf);
1414        else
1415                boc += 2;
1416        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1417
1418        while (boc < eoc) {
1419                const char *eol = memchr(boc, '\n', eoc - boc);
1420                tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1421                boc = eol ? eol + 1 : eoc;
1422        }
1423}
1424
1425static struct command *read_head_info(struct sha1_array *shallow)
1426{
1427        struct command *commands = NULL;
1428        struct command **p = &commands;
1429        for (;;) {
1430                char *line;
1431                int len, linelen;
1432
1433                line = packet_read_line(0, &len);
1434                if (!line)
1435                        break;
1436
1437                if (len == 48 && starts_with(line, "shallow ")) {
1438                        unsigned char sha1[20];
1439                        if (get_sha1_hex(line + 8, sha1))
1440                                die("protocol error: expected shallow sha, got '%s'",
1441                                    line + 8);
1442                        sha1_array_append(shallow, sha1);
1443                        continue;
1444                }
1445
1446                linelen = strlen(line);
1447                if (linelen < len) {
1448                        const char *feature_list = line + linelen + 1;
1449                        if (parse_feature_request(feature_list, "report-status"))
1450                                report_status = 1;
1451                        if (parse_feature_request(feature_list, "side-band-64k"))
1452                                use_sideband = LARGE_PACKET_MAX;
1453                        if (parse_feature_request(feature_list, "quiet"))
1454                                quiet = 1;
1455                        if (advertise_atomic_push
1456                            && parse_feature_request(feature_list, "atomic"))
1457                                use_atomic = 1;
1458                }
1459
1460                if (!strcmp(line, "push-cert")) {
1461                        int true_flush = 0;
1462                        char certbuf[1024];
1463
1464                        for (;;) {
1465                                len = packet_read(0, NULL, NULL,
1466                                                  certbuf, sizeof(certbuf), 0);
1467                                if (!len) {
1468                                        true_flush = 1;
1469                                        break;
1470                                }
1471                                if (!strcmp(certbuf, "push-cert-end\n"))
1472                                        break; /* end of cert */
1473                                strbuf_addstr(&push_cert, certbuf);
1474                        }
1475
1476                        if (true_flush)
1477                                break;
1478                        continue;
1479                }
1480
1481                p = queue_command(p, line, linelen);
1482        }
1483
1484        if (push_cert.len)
1485                queue_commands_from_cert(p, &push_cert);
1486
1487        return commands;
1488}
1489
1490static const char *parse_pack_header(struct pack_header *hdr)
1491{
1492        switch (read_pack_header(0, hdr)) {
1493        case PH_ERROR_EOF:
1494                return "eof before pack header was fully read";
1495
1496        case PH_ERROR_PACK_SIGNATURE:
1497                return "protocol error (pack signature mismatch detected)";
1498
1499        case PH_ERROR_PROTOCOL:
1500                return "protocol error (pack version unsupported)";
1501
1502        default:
1503                return "unknown error in parse_pack_header";
1504
1505        case 0:
1506                return NULL;
1507        }
1508}
1509
1510static const char *pack_lockfile;
1511
1512static const char *unpack(int err_fd, struct shallow_info *si)
1513{
1514        struct pack_header hdr;
1515        const char *hdr_err;
1516        int status;
1517        char hdr_arg[38];
1518        struct child_process child = CHILD_PROCESS_INIT;
1519        int fsck_objects = (receive_fsck_objects >= 0
1520                            ? receive_fsck_objects
1521                            : transfer_fsck_objects >= 0
1522                            ? transfer_fsck_objects
1523                            : 0);
1524
1525        hdr_err = parse_pack_header(&hdr);
1526        if (hdr_err) {
1527                if (err_fd > 0)
1528                        close(err_fd);
1529                return hdr_err;
1530        }
1531        snprintf(hdr_arg, sizeof(hdr_arg),
1532                        "--pack_header=%"PRIu32",%"PRIu32,
1533                        ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1534
1535        if (si->nr_ours || si->nr_theirs) {
1536                alt_shallow_file = setup_temporary_shallow(si->shallow);
1537                argv_array_push(&child.args, "--shallow-file");
1538                argv_array_push(&child.args, alt_shallow_file);
1539        }
1540
1541        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1542                argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1543                if (quiet)
1544                        argv_array_push(&child.args, "-q");
1545                if (fsck_objects)
1546                        argv_array_pushf(&child.args, "--strict%s",
1547                                fsck_msg_types.buf);
1548                child.no_stdout = 1;
1549                child.err = err_fd;
1550                child.git_cmd = 1;
1551                status = run_command(&child);
1552                if (status)
1553                        return "unpack-objects abnormal exit";
1554        } else {
1555                char hostname[256];
1556
1557                argv_array_pushl(&child.args, "index-pack",
1558                                 "--stdin", hdr_arg, NULL);
1559
1560                if (gethostname(hostname, sizeof(hostname)))
1561                        xsnprintf(hostname, sizeof(hostname), "localhost");
1562                argv_array_pushf(&child.args,
1563                                 "--keep=receive-pack %"PRIuMAX" on %s",
1564                                 (uintmax_t)getpid(),
1565                                 hostname);
1566
1567                if (fsck_objects)
1568                        argv_array_pushf(&child.args, "--strict%s",
1569                                fsck_msg_types.buf);
1570                if (!reject_thin)
1571                        argv_array_push(&child.args, "--fix-thin");
1572                child.out = -1;
1573                child.err = err_fd;
1574                child.git_cmd = 1;
1575                status = start_command(&child);
1576                if (status)
1577                        return "index-pack fork failed";
1578                pack_lockfile = index_pack_lockfile(child.out);
1579                close(child.out);
1580                status = finish_command(&child);
1581                if (status)
1582                        return "index-pack abnormal exit";
1583                reprepare_packed_git();
1584        }
1585        return NULL;
1586}
1587
1588static const char *unpack_with_sideband(struct shallow_info *si)
1589{
1590        struct async muxer;
1591        const char *ret;
1592
1593        if (!use_sideband)
1594                return unpack(0, si);
1595
1596        memset(&muxer, 0, sizeof(muxer));
1597        muxer.proc = copy_to_sideband;
1598        muxer.in = -1;
1599        if (start_async(&muxer))
1600                return NULL;
1601
1602        ret = unpack(muxer.in, si);
1603
1604        finish_async(&muxer);
1605        return ret;
1606}
1607
1608static void prepare_shallow_update(struct command *commands,
1609                                   struct shallow_info *si)
1610{
1611        int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1612
1613        ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1614        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1615
1616        si->need_reachability_test =
1617                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1618        si->reachable =
1619                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1620        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1621
1622        for (i = 0; i < si->nr_ours; i++)
1623                si->need_reachability_test[si->ours[i]] = 1;
1624
1625        for (i = 0; i < si->shallow->nr; i++) {
1626                if (!si->used_shallow[i])
1627                        continue;
1628                for (j = 0; j < bitmap_size; j++) {
1629                        if (!si->used_shallow[i][j])
1630                                continue;
1631                        si->need_reachability_test[i]++;
1632                        for (k = 0; k < 32; k++)
1633                                if (si->used_shallow[i][j] & (1U << k))
1634                                        si->shallow_ref[j * 32 + k]++;
1635                }
1636
1637                /*
1638                 * true for those associated with some refs and belong
1639                 * in "ours" list aka "step 7 not done yet"
1640                 */
1641                si->need_reachability_test[i] =
1642                        si->need_reachability_test[i] > 1;
1643        }
1644
1645        /*
1646         * keep hooks happy by forcing a temporary shallow file via
1647         * env variable because we can't add --shallow-file to every
1648         * command. check_everything_connected() will be done with
1649         * true .git/shallow though.
1650         */
1651        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1652}
1653
1654static void update_shallow_info(struct command *commands,
1655                                struct shallow_info *si,
1656                                struct sha1_array *ref)
1657{
1658        struct command *cmd;
1659        int *ref_status;
1660        remove_nonexistent_theirs_shallow(si);
1661        if (!si->nr_ours && !si->nr_theirs) {
1662                shallow_update = 0;
1663                return;
1664        }
1665
1666        for (cmd = commands; cmd; cmd = cmd->next) {
1667                if (is_null_sha1(cmd->new_sha1))
1668                        continue;
1669                sha1_array_append(ref, cmd->new_sha1);
1670                cmd->index = ref->nr - 1;
1671        }
1672        si->ref = ref;
1673
1674        if (shallow_update) {
1675                prepare_shallow_update(commands, si);
1676                return;
1677        }
1678
1679        ALLOC_ARRAY(ref_status, ref->nr);
1680        assign_shallow_commits_to_refs(si, NULL, ref_status);
1681        for (cmd = commands; cmd; cmd = cmd->next) {
1682                if (is_null_sha1(cmd->new_sha1))
1683                        continue;
1684                if (ref_status[cmd->index]) {
1685                        cmd->error_string = "shallow update not allowed";
1686                        cmd->skip_update = 1;
1687                }
1688        }
1689        free(ref_status);
1690}
1691
1692static void report(struct command *commands, const char *unpack_status)
1693{
1694        struct command *cmd;
1695        struct strbuf buf = STRBUF_INIT;
1696
1697        packet_buf_write(&buf, "unpack %s\n",
1698                         unpack_status ? unpack_status : "ok");
1699        for (cmd = commands; cmd; cmd = cmd->next) {
1700                if (!cmd->error_string)
1701                        packet_buf_write(&buf, "ok %s\n",
1702                                         cmd->ref_name);
1703                else
1704                        packet_buf_write(&buf, "ng %s %s\n",
1705                                         cmd->ref_name, cmd->error_string);
1706        }
1707        packet_buf_flush(&buf);
1708
1709        if (use_sideband)
1710                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1711        else
1712                write_or_die(1, buf.buf, buf.len);
1713        strbuf_release(&buf);
1714}
1715
1716static int delete_only(struct command *commands)
1717{
1718        struct command *cmd;
1719        for (cmd = commands; cmd; cmd = cmd->next) {
1720                if (!is_null_sha1(cmd->new_sha1))
1721                        return 0;
1722        }
1723        return 1;
1724}
1725
1726int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1727{
1728        int advertise_refs = 0;
1729        struct command *commands;
1730        struct sha1_array shallow = SHA1_ARRAY_INIT;
1731        struct sha1_array ref = SHA1_ARRAY_INIT;
1732        struct shallow_info si;
1733
1734        struct option options[] = {
1735                OPT__QUIET(&quiet, N_("quiet")),
1736                OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1737                OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1738                OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1739                OPT_END()
1740        };
1741
1742        packet_trace_identity("receive-pack");
1743
1744        argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1745
1746        if (argc > 1)
1747                usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1748        if (argc == 0)
1749                usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1750
1751        service_dir = argv[0];
1752
1753        setup_path();
1754
1755        if (!enter_repo(service_dir, 0))
1756                die("'%s' does not appear to be a git repository", service_dir);
1757
1758        git_config(receive_pack_config, NULL);
1759        if (cert_nonce_seed)
1760                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1761
1762        if (0 <= transfer_unpack_limit)
1763                unpack_limit = transfer_unpack_limit;
1764        else if (0 <= receive_unpack_limit)
1765                unpack_limit = receive_unpack_limit;
1766
1767        if (advertise_refs || !stateless_rpc) {
1768                write_head_info();
1769        }
1770        if (advertise_refs)
1771                return 0;
1772
1773        if ((commands = read_head_info(&shallow)) != NULL) {
1774                const char *unpack_status = NULL;
1775                struct string_list push_options = STRING_LIST_INIT_DUP;
1776
1777                prepare_shallow_info(&si, &shallow);
1778                if (!si.nr_ours && !si.nr_theirs)
1779                        shallow_update = 0;
1780                if (!delete_only(commands)) {
1781                        unpack_status = unpack_with_sideband(&si);
1782                        update_shallow_info(commands, &si, &ref);
1783                }
1784                execute_commands(commands, unpack_status, &si,
1785                                 &push_options);
1786                if (pack_lockfile)
1787                        unlink_or_warn(pack_lockfile);
1788                if (report_status)
1789                        report(commands, unpack_status);
1790                run_receive_hook(commands, "post-receive", 1,
1791                                 &push_options);
1792                run_update_post_hook(commands);
1793                if (push_options.nr)
1794                        string_list_clear(&push_options, 0);
1795                if (auto_gc) {
1796                        const char *argv_gc_auto[] = {
1797                                "gc", "--auto", "--quiet", NULL,
1798                        };
1799                        struct child_process proc = CHILD_PROCESS_INIT;
1800
1801                        proc.no_stdin = 1;
1802                        proc.stdout_to_stderr = 1;
1803                        proc.err = use_sideband ? -1 : 0;
1804                        proc.git_cmd = 1;
1805                        proc.argv = argv_gc_auto;
1806
1807                        close_all_packs();
1808                        if (!start_command(&proc)) {
1809                                if (use_sideband)
1810                                        copy_to_sideband(proc.err, -1, NULL);
1811                                finish_command(&proc);
1812                        }
1813                }
1814                if (auto_update_server_info)
1815                        update_server_info(0);
1816                clear_shallow_info(&si);
1817        }
1818        if (use_sideband)
1819                packet_flush(1);
1820        sha1_array_clear(&shallow);
1821        sha1_array_clear(&ref);
1822        free((void *)push_cert_nonce);
1823        return 0;
1824}