1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22
23static const char receive_pack_usage[] = "git receive-pack <git-dir>";
24
25enum deny_action {
26 DENY_UNCONFIGURED,
27 DENY_IGNORE,
28 DENY_WARN,
29 DENY_REFUSE,
30 DENY_UPDATE_INSTEAD
31};
32
33static int deny_deletes;
34static int deny_non_fast_forwards;
35static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37static int receive_fsck_objects = -1;
38static int transfer_fsck_objects = -1;
39static int receive_unpack_limit = -1;
40static int transfer_unpack_limit = -1;
41static int advertise_atomic_push = 1;
42static int unpack_limit = 100;
43static int report_status;
44static int use_sideband;
45static int use_atomic;
46static int quiet;
47static int prefer_ofs_delta = 1;
48static int auto_update_server_info;
49static int auto_gc = 1;
50static int fix_thin = 1;
51static int stateless_rpc;
52static const char *service_dir;
53static const char *head_name;
54static void *head_name_to_free;
55static int sent_capabilities;
56static int shallow_update;
57static const char *alt_shallow_file;
58static struct strbuf push_cert = STRBUF_INIT;
59static unsigned char push_cert_sha1[20];
60static struct signature_check sigcheck;
61static const char *push_cert_nonce;
62static const char *cert_nonce_seed;
63
64static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65static const char *NONCE_BAD = "BAD";
66static const char *NONCE_MISSING = "MISSING";
67static const char *NONCE_OK = "OK";
68static const char *NONCE_SLOP = "SLOP";
69static const char *nonce_status;
70static long nonce_stamp_slop;
71static unsigned long nonce_stamp_slop_limit;
72static struct ref_transaction *transaction;
73
74static enum deny_action parse_deny_action(const char *var, const char *value)
75{
76 if (value) {
77 if (!strcasecmp(value, "ignore"))
78 return DENY_IGNORE;
79 if (!strcasecmp(value, "warn"))
80 return DENY_WARN;
81 if (!strcasecmp(value, "refuse"))
82 return DENY_REFUSE;
83 if (!strcasecmp(value, "updateinstead"))
84 return DENY_UPDATE_INSTEAD;
85 }
86 if (git_config_bool(var, value))
87 return DENY_REFUSE;
88 return DENY_IGNORE;
89}
90
91static int receive_pack_config(const char *var, const char *value, void *cb)
92{
93 int status = parse_hide_refs_config(var, value, "receive");
94
95 if (status)
96 return status;
97
98 if (strcmp(var, "receive.denydeletes") == 0) {
99 deny_deletes = git_config_bool(var, value);
100 return 0;
101 }
102
103 if (strcmp(var, "receive.denynonfastforwards") == 0) {
104 deny_non_fast_forwards = git_config_bool(var, value);
105 return 0;
106 }
107
108 if (strcmp(var, "receive.unpacklimit") == 0) {
109 receive_unpack_limit = git_config_int(var, value);
110 return 0;
111 }
112
113 if (strcmp(var, "transfer.unpacklimit") == 0) {
114 transfer_unpack_limit = git_config_int(var, value);
115 return 0;
116 }
117
118 if (strcmp(var, "receive.fsckobjects") == 0) {
119 receive_fsck_objects = git_config_bool(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "transfer.fsckobjects") == 0) {
124 transfer_fsck_objects = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (!strcmp(var, "receive.denycurrentbranch")) {
129 deny_current_branch = parse_deny_action(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.denydeletecurrent") == 0) {
134 deny_delete_current = parse_deny_action(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139 prefer_ofs_delta = git_config_bool(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.updateserverinfo") == 0) {
144 auto_update_server_info = git_config_bool(var, value);
145 return 0;
146 }
147
148 if (strcmp(var, "receive.autogc") == 0) {
149 auto_gc = git_config_bool(var, value);
150 return 0;
151 }
152
153 if (strcmp(var, "receive.shallowupdate") == 0) {
154 shallow_update = git_config_bool(var, value);
155 return 0;
156 }
157
158 if (strcmp(var, "receive.certnonceseed") == 0)
159 return git_config_string(&cert_nonce_seed, var, value);
160
161 if (strcmp(var, "receive.certnonceslop") == 0) {
162 nonce_stamp_slop_limit = git_config_ulong(var, value);
163 return 0;
164 }
165
166 if (strcmp(var, "receive.advertiseatomic") == 0) {
167 advertise_atomic_push = git_config_bool(var, value);
168 return 0;
169 }
170
171 return git_default_config(var, value, cb);
172}
173
174static void show_ref(const char *path, const unsigned char *sha1)
175{
176 if (ref_is_hidden(path))
177 return;
178
179 if (sent_capabilities) {
180 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
181 } else {
182 struct strbuf cap = STRBUF_INIT;
183
184 strbuf_addstr(&cap,
185 "report-status delete-refs side-band-64k quiet");
186 if (advertise_atomic_push)
187 strbuf_addstr(&cap, " atomic");
188 if (prefer_ofs_delta)
189 strbuf_addstr(&cap, " ofs-delta");
190 if (push_cert_nonce)
191 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193 packet_write(1, "%s %s%c%s\n",
194 sha1_to_hex(sha1), path, 0, cap.buf);
195 strbuf_release(&cap);
196 sent_capabilities = 1;
197 }
198}
199
200static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
201{
202 path = strip_namespace(path);
203 /*
204 * Advertise refs outside our current namespace as ".have"
205 * refs, so that the client can use them to minimize data
206 * transfer but will otherwise ignore them. This happens to
207 * cover ".have" that are thrown in by add_one_alternate_ref()
208 * to mark histories that are complete in our alternates as
209 * well.
210 */
211 if (!path)
212 path = ".have";
213 show_ref(path, sha1);
214 return 0;
215}
216
217static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
218{
219 show_ref(".have", sha1);
220}
221
222static void collect_one_alternate_ref(const struct ref *ref, void *data)
223{
224 struct sha1_array *sa = data;
225 sha1_array_append(sa, ref->old_sha1);
226}
227
228static void write_head_info(void)
229{
230 struct sha1_array sa = SHA1_ARRAY_INIT;
231 for_each_alternate_ref(collect_one_alternate_ref, &sa);
232 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
233 sha1_array_clear(&sa);
234 for_each_ref(show_ref_cb, NULL);
235 if (!sent_capabilities)
236 show_ref("capabilities^{}", null_sha1);
237
238 advertise_shallow_grafts(1);
239
240 /* EOF */
241 packet_flush(1);
242}
243
244struct command {
245 struct command *next;
246 const char *error_string;
247 unsigned int skip_update:1,
248 did_not_exist:1;
249 int index;
250 unsigned char old_sha1[20];
251 unsigned char new_sha1[20];
252 char ref_name[FLEX_ARRAY]; /* more */
253};
254
255static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
256static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
257
258static void report_message(const char *prefix, const char *err, va_list params)
259{
260 int sz = strlen(prefix);
261 char msg[4096];
262
263 strncpy(msg, prefix, sz);
264 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
265 if (sz > (sizeof(msg) - 1))
266 sz = sizeof(msg) - 1;
267 msg[sz++] = '\n';
268
269 if (use_sideband)
270 send_sideband(1, 2, msg, sz, use_sideband);
271 else
272 xwrite(2, msg, sz);
273}
274
275static void rp_warning(const char *err, ...)
276{
277 va_list params;
278 va_start(params, err);
279 report_message("warning: ", err, params);
280 va_end(params);
281}
282
283static void rp_error(const char *err, ...)
284{
285 va_list params;
286 va_start(params, err);
287 report_message("error: ", err, params);
288 va_end(params);
289}
290
291static int copy_to_sideband(int in, int out, void *arg)
292{
293 char data[128];
294 while (1) {
295 ssize_t sz = xread(in, data, sizeof(data));
296 if (sz <= 0)
297 break;
298 send_sideband(1, 2, data, sz, use_sideband);
299 }
300 close(in);
301 return 0;
302}
303
304#define HMAC_BLOCK_SIZE 64
305
306static void hmac_sha1(unsigned char *out,
307 const char *key_in, size_t key_len,
308 const char *text, size_t text_len)
309{
310 unsigned char key[HMAC_BLOCK_SIZE];
311 unsigned char k_ipad[HMAC_BLOCK_SIZE];
312 unsigned char k_opad[HMAC_BLOCK_SIZE];
313 int i;
314 git_SHA_CTX ctx;
315
316 /* RFC 2104 2. (1) */
317 memset(key, '\0', HMAC_BLOCK_SIZE);
318 if (HMAC_BLOCK_SIZE < key_len) {
319 git_SHA1_Init(&ctx);
320 git_SHA1_Update(&ctx, key_in, key_len);
321 git_SHA1_Final(key, &ctx);
322 } else {
323 memcpy(key, key_in, key_len);
324 }
325
326 /* RFC 2104 2. (2) & (5) */
327 for (i = 0; i < sizeof(key); i++) {
328 k_ipad[i] = key[i] ^ 0x36;
329 k_opad[i] = key[i] ^ 0x5c;
330 }
331
332 /* RFC 2104 2. (3) & (4) */
333 git_SHA1_Init(&ctx);
334 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
335 git_SHA1_Update(&ctx, text, text_len);
336 git_SHA1_Final(out, &ctx);
337
338 /* RFC 2104 2. (6) & (7) */
339 git_SHA1_Init(&ctx);
340 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
341 git_SHA1_Update(&ctx, out, 20);
342 git_SHA1_Final(out, &ctx);
343}
344
345static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
346{
347 struct strbuf buf = STRBUF_INIT;
348 unsigned char sha1[20];
349
350 strbuf_addf(&buf, "%s:%lu", path, stamp);
351 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
352 strbuf_release(&buf);
353
354 /* RFC 2104 5. HMAC-SHA1-80 */
355 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
356 return strbuf_detach(&buf, NULL);
357}
358
359/*
360 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
361 * after dropping "_commit" from its name and possibly moving it out
362 * of commit.c
363 */
364static char *find_header(const char *msg, size_t len, const char *key)
365{
366 int key_len = strlen(key);
367 const char *line = msg;
368
369 while (line && line < msg + len) {
370 const char *eol = strchrnul(line, '\n');
371
372 if ((msg + len <= eol) || line == eol)
373 return NULL;
374 if (line + key_len < eol &&
375 !memcmp(line, key, key_len) && line[key_len] == ' ') {
376 int offset = key_len + 1;
377 return xmemdupz(line + offset, (eol - line) - offset);
378 }
379 line = *eol ? eol + 1 : NULL;
380 }
381 return NULL;
382}
383
384static const char *check_nonce(const char *buf, size_t len)
385{
386 char *nonce = find_header(buf, len, "nonce");
387 unsigned long stamp, ostamp;
388 char *bohmac, *expect = NULL;
389 const char *retval = NONCE_BAD;
390
391 if (!nonce) {
392 retval = NONCE_MISSING;
393 goto leave;
394 } else if (!push_cert_nonce) {
395 retval = NONCE_UNSOLICITED;
396 goto leave;
397 } else if (!strcmp(push_cert_nonce, nonce)) {
398 retval = NONCE_OK;
399 goto leave;
400 }
401
402 if (!stateless_rpc) {
403 /* returned nonce MUST match what we gave out earlier */
404 retval = NONCE_BAD;
405 goto leave;
406 }
407
408 /*
409 * In stateless mode, we may be receiving a nonce issued by
410 * another instance of the server that serving the same
411 * repository, and the timestamps may not match, but the
412 * nonce-seed and dir should match, so we can recompute and
413 * report the time slop.
414 *
415 * In addition, when a nonce issued by another instance has
416 * timestamp within receive.certnonceslop seconds, we pretend
417 * as if we issued that nonce when reporting to the hook.
418 */
419
420 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
421 if (*nonce <= '0' || '9' < *nonce) {
422 retval = NONCE_BAD;
423 goto leave;
424 }
425 stamp = strtoul(nonce, &bohmac, 10);
426 if (bohmac == nonce || bohmac[0] != '-') {
427 retval = NONCE_BAD;
428 goto leave;
429 }
430
431 expect = prepare_push_cert_nonce(service_dir, stamp);
432 if (strcmp(expect, nonce)) {
433 /* Not what we would have signed earlier */
434 retval = NONCE_BAD;
435 goto leave;
436 }
437
438 /*
439 * By how many seconds is this nonce stale? Negative value
440 * would mean it was issued by another server with its clock
441 * skewed in the future.
442 */
443 ostamp = strtoul(push_cert_nonce, NULL, 10);
444 nonce_stamp_slop = (long)ostamp - (long)stamp;
445
446 if (nonce_stamp_slop_limit &&
447 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
448 /*
449 * Pretend as if the received nonce (which passes the
450 * HMAC check, so it is not a forged by third-party)
451 * is what we issued.
452 */
453 free((void *)push_cert_nonce);
454 push_cert_nonce = xstrdup(nonce);
455 retval = NONCE_OK;
456 } else {
457 retval = NONCE_SLOP;
458 }
459
460leave:
461 free(nonce);
462 free(expect);
463 return retval;
464}
465
466static void prepare_push_cert_sha1(struct child_process *proc)
467{
468 static int already_done;
469
470 if (!push_cert.len)
471 return;
472
473 if (!already_done) {
474 struct strbuf gpg_output = STRBUF_INIT;
475 struct strbuf gpg_status = STRBUF_INIT;
476 int bogs /* beginning_of_gpg_sig */;
477
478 already_done = 1;
479 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
480 hashclr(push_cert_sha1);
481
482 memset(&sigcheck, '\0', sizeof(sigcheck));
483 sigcheck.result = 'N';
484
485 bogs = parse_signature(push_cert.buf, push_cert.len);
486 if (verify_signed_buffer(push_cert.buf, bogs,
487 push_cert.buf + bogs, push_cert.len - bogs,
488 &gpg_output, &gpg_status) < 0) {
489 ; /* error running gpg */
490 } else {
491 sigcheck.payload = push_cert.buf;
492 sigcheck.gpg_output = gpg_output.buf;
493 sigcheck.gpg_status = gpg_status.buf;
494 parse_gpg_output(&sigcheck);
495 }
496
497 strbuf_release(&gpg_output);
498 strbuf_release(&gpg_status);
499 nonce_status = check_nonce(push_cert.buf, bogs);
500 }
501 if (!is_null_sha1(push_cert_sha1)) {
502 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
503 sha1_to_hex(push_cert_sha1));
504 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
505 sigcheck.signer ? sigcheck.signer : "");
506 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
507 sigcheck.key ? sigcheck.key : "");
508 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
509 sigcheck.result);
510 if (push_cert_nonce) {
511 argv_array_pushf(&proc->env_array,
512 "GIT_PUSH_CERT_NONCE=%s",
513 push_cert_nonce);
514 argv_array_pushf(&proc->env_array,
515 "GIT_PUSH_CERT_NONCE_STATUS=%s",
516 nonce_status);
517 if (nonce_status == NONCE_SLOP)
518 argv_array_pushf(&proc->env_array,
519 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
520 nonce_stamp_slop);
521 }
522 }
523}
524
525typedef int (*feed_fn)(void *, const char **, size_t *);
526static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
527{
528 struct child_process proc = CHILD_PROCESS_INIT;
529 struct async muxer;
530 const char *argv[2];
531 int code;
532
533 argv[0] = find_hook(hook_name);
534 if (!argv[0])
535 return 0;
536
537 argv[1] = NULL;
538
539 proc.argv = argv;
540 proc.in = -1;
541 proc.stdout_to_stderr = 1;
542
543 if (use_sideband) {
544 memset(&muxer, 0, sizeof(muxer));
545 muxer.proc = copy_to_sideband;
546 muxer.in = -1;
547 code = start_async(&muxer);
548 if (code)
549 return code;
550 proc.err = muxer.in;
551 }
552
553 prepare_push_cert_sha1(&proc);
554
555 code = start_command(&proc);
556 if (code) {
557 if (use_sideband)
558 finish_async(&muxer);
559 return code;
560 }
561
562 sigchain_push(SIGPIPE, SIG_IGN);
563
564 while (1) {
565 const char *buf;
566 size_t n;
567 if (feed(feed_state, &buf, &n))
568 break;
569 if (write_in_full(proc.in, buf, n) != n)
570 break;
571 }
572 close(proc.in);
573 if (use_sideband)
574 finish_async(&muxer);
575
576 sigchain_pop(SIGPIPE);
577
578 return finish_command(&proc);
579}
580
581struct receive_hook_feed_state {
582 struct command *cmd;
583 int skip_broken;
584 struct strbuf buf;
585};
586
587static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
588{
589 struct receive_hook_feed_state *state = state_;
590 struct command *cmd = state->cmd;
591
592 while (cmd &&
593 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
594 cmd = cmd->next;
595 if (!cmd)
596 return -1; /* EOF */
597 strbuf_reset(&state->buf);
598 strbuf_addf(&state->buf, "%s %s %s\n",
599 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
600 cmd->ref_name);
601 state->cmd = cmd->next;
602 if (bufp) {
603 *bufp = state->buf.buf;
604 *sizep = state->buf.len;
605 }
606 return 0;
607}
608
609static int run_receive_hook(struct command *commands, const char *hook_name,
610 int skip_broken)
611{
612 struct receive_hook_feed_state state;
613 int status;
614
615 strbuf_init(&state.buf, 0);
616 state.cmd = commands;
617 state.skip_broken = skip_broken;
618 if (feed_receive_hook(&state, NULL, NULL))
619 return 0;
620 state.cmd = commands;
621 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
622 strbuf_release(&state.buf);
623 return status;
624}
625
626static int run_update_hook(struct command *cmd)
627{
628 const char *argv[5];
629 struct child_process proc = CHILD_PROCESS_INIT;
630 int code;
631
632 argv[0] = find_hook("update");
633 if (!argv[0])
634 return 0;
635
636 argv[1] = cmd->ref_name;
637 argv[2] = sha1_to_hex(cmd->old_sha1);
638 argv[3] = sha1_to_hex(cmd->new_sha1);
639 argv[4] = NULL;
640
641 proc.no_stdin = 1;
642 proc.stdout_to_stderr = 1;
643 proc.err = use_sideband ? -1 : 0;
644 proc.argv = argv;
645
646 code = start_command(&proc);
647 if (code)
648 return code;
649 if (use_sideband)
650 copy_to_sideband(proc.err, -1, NULL);
651 return finish_command(&proc);
652}
653
654static int is_ref_checked_out(const char *ref)
655{
656 if (is_bare_repository())
657 return 0;
658
659 if (!head_name)
660 return 0;
661 return !strcmp(head_name, ref);
662}
663
664static char *refuse_unconfigured_deny_msg[] = {
665 "By default, updating the current branch in a non-bare repository",
666 "is denied, because it will make the index and work tree inconsistent",
667 "with what you pushed, and will require 'git reset --hard' to match",
668 "the work tree to HEAD.",
669 "",
670 "You can set 'receive.denyCurrentBranch' configuration variable to",
671 "'ignore' or 'warn' in the remote repository to allow pushing into",
672 "its current branch; however, this is not recommended unless you",
673 "arranged to update its work tree to match what you pushed in some",
674 "other way.",
675 "",
676 "To squelch this message and still keep the default behaviour, set",
677 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
678};
679
680static void refuse_unconfigured_deny(void)
681{
682 int i;
683 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
684 rp_error("%s", refuse_unconfigured_deny_msg[i]);
685}
686
687static char *refuse_unconfigured_deny_delete_current_msg[] = {
688 "By default, deleting the current branch is denied, because the next",
689 "'git clone' won't result in any file checked out, causing confusion.",
690 "",
691 "You can set 'receive.denyDeleteCurrent' configuration variable to",
692 "'warn' or 'ignore' in the remote repository to allow deleting the",
693 "current branch, with or without a warning message.",
694 "",
695 "To squelch this message, you can set it to 'refuse'."
696};
697
698static void refuse_unconfigured_deny_delete_current(void)
699{
700 int i;
701 for (i = 0;
702 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
703 i++)
704 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
705}
706
707static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
708static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
709{
710 static struct lock_file shallow_lock;
711 struct sha1_array extra = SHA1_ARRAY_INIT;
712 const char *alt_file;
713 uint32_t mask = 1 << (cmd->index % 32);
714 int i;
715
716 trace_printf_key(&trace_shallow,
717 "shallow: update_shallow_ref %s\n", cmd->ref_name);
718 for (i = 0; i < si->shallow->nr; i++)
719 if (si->used_shallow[i] &&
720 (si->used_shallow[i][cmd->index / 32] & mask) &&
721 !delayed_reachability_test(si, i))
722 sha1_array_append(&extra, si->shallow->sha1[i]);
723
724 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
725 if (check_shallow_connected(command_singleton_iterator,
726 0, cmd, alt_file)) {
727 rollback_lock_file(&shallow_lock);
728 sha1_array_clear(&extra);
729 return -1;
730 }
731
732 commit_lock_file(&shallow_lock);
733
734 /*
735 * Make sure setup_alternate_shallow() for the next ref does
736 * not lose these new roots..
737 */
738 for (i = 0; i < extra.nr; i++)
739 register_shallow(extra.sha1[i]);
740
741 si->shallow_ref[cmd->index] = 0;
742 sha1_array_clear(&extra);
743 return 0;
744}
745
746static const char *push_to_deploy(unsigned char *sha1,
747 struct argv_array *env,
748 const char *work_tree)
749{
750 const char *update_refresh[] = {
751 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
752 };
753 const char *diff_files[] = {
754 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
755 };
756 const char *diff_index[] = {
757 "diff-index", "--quiet", "--cached", "--ignore-submodules",
758 "HEAD", "--", NULL
759 };
760 const char *read_tree[] = {
761 "read-tree", "-u", "-m", NULL, NULL
762 };
763 struct child_process child = CHILD_PROCESS_INIT;
764
765 child.argv = update_refresh;
766 child.env = env->argv;
767 child.dir = work_tree;
768 child.no_stdin = 1;
769 child.stdout_to_stderr = 1;
770 child.git_cmd = 1;
771 if (run_command(&child))
772 return "Up-to-date check failed";
773
774 /* run_command() does not clean up completely; reinitialize */
775 child_process_init(&child);
776 child.argv = diff_files;
777 child.env = env->argv;
778 child.dir = work_tree;
779 child.no_stdin = 1;
780 child.stdout_to_stderr = 1;
781 child.git_cmd = 1;
782 if (run_command(&child))
783 return "Working directory has unstaged changes";
784
785 child_process_init(&child);
786 child.argv = diff_index;
787 child.env = env->argv;
788 child.no_stdin = 1;
789 child.no_stdout = 1;
790 child.stdout_to_stderr = 0;
791 child.git_cmd = 1;
792 if (run_command(&child))
793 return "Working directory has staged changes";
794
795 read_tree[3] = sha1_to_hex(sha1);
796 child_process_init(&child);
797 child.argv = read_tree;
798 child.env = env->argv;
799 child.dir = work_tree;
800 child.no_stdin = 1;
801 child.no_stdout = 1;
802 child.stdout_to_stderr = 0;
803 child.git_cmd = 1;
804 if (run_command(&child))
805 return "Could not update working tree to new HEAD";
806
807 return NULL;
808}
809
810static const char *push_to_checkout_hook = "push-to-checkout";
811
812static const char *push_to_checkout(unsigned char *sha1,
813 struct argv_array *env,
814 const char *work_tree)
815{
816 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
817 if (run_hook_le(env->argv, push_to_checkout_hook,
818 sha1_to_hex(sha1), NULL))
819 return "push-to-checkout hook declined";
820 else
821 return NULL;
822}
823
824static const char *update_worktree(unsigned char *sha1)
825{
826 const char *retval;
827 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
828 struct argv_array env = ARGV_ARRAY_INIT;
829
830 if (is_bare_repository())
831 return "denyCurrentBranch = updateInstead needs a worktree";
832
833 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
834
835 if (!find_hook(push_to_checkout_hook))
836 retval = push_to_deploy(sha1, &env, work_tree);
837 else
838 retval = push_to_checkout(sha1, &env, work_tree);
839
840 argv_array_clear(&env);
841 return retval;
842}
843
844static const char *update(struct command *cmd, struct shallow_info *si)
845{
846 const char *name = cmd->ref_name;
847 struct strbuf namespaced_name_buf = STRBUF_INIT;
848 const char *namespaced_name, *ret;
849 unsigned char *old_sha1 = cmd->old_sha1;
850 unsigned char *new_sha1 = cmd->new_sha1;
851
852 /* only refs/... are allowed */
853 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
854 rp_error("refusing to create funny ref '%s' remotely", name);
855 return "funny refname";
856 }
857
858 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
859 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
860
861 if (is_ref_checked_out(namespaced_name)) {
862 switch (deny_current_branch) {
863 case DENY_IGNORE:
864 break;
865 case DENY_WARN:
866 rp_warning("updating the current branch");
867 break;
868 case DENY_REFUSE:
869 case DENY_UNCONFIGURED:
870 rp_error("refusing to update checked out branch: %s", name);
871 if (deny_current_branch == DENY_UNCONFIGURED)
872 refuse_unconfigured_deny();
873 return "branch is currently checked out";
874 case DENY_UPDATE_INSTEAD:
875 ret = update_worktree(new_sha1);
876 if (ret)
877 return ret;
878 break;
879 }
880 }
881
882 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
883 error("unpack should have generated %s, "
884 "but I can't find it!", sha1_to_hex(new_sha1));
885 return "bad pack";
886 }
887
888 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
889 if (deny_deletes && starts_with(name, "refs/heads/")) {
890 rp_error("denying ref deletion for %s", name);
891 return "deletion prohibited";
892 }
893
894 if (!strcmp(namespaced_name, head_name)) {
895 switch (deny_delete_current) {
896 case DENY_IGNORE:
897 break;
898 case DENY_WARN:
899 rp_warning("deleting the current branch");
900 break;
901 case DENY_REFUSE:
902 case DENY_UNCONFIGURED:
903 case DENY_UPDATE_INSTEAD:
904 if (deny_delete_current == DENY_UNCONFIGURED)
905 refuse_unconfigured_deny_delete_current();
906 rp_error("refusing to delete the current branch: %s", name);
907 return "deletion of the current branch prohibited";
908 default:
909 return "Invalid denyDeleteCurrent setting";
910 }
911 }
912 }
913
914 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
915 !is_null_sha1(old_sha1) &&
916 starts_with(name, "refs/heads/")) {
917 struct object *old_object, *new_object;
918 struct commit *old_commit, *new_commit;
919
920 old_object = parse_object(old_sha1);
921 new_object = parse_object(new_sha1);
922
923 if (!old_object || !new_object ||
924 old_object->type != OBJ_COMMIT ||
925 new_object->type != OBJ_COMMIT) {
926 error("bad sha1 objects for %s", name);
927 return "bad ref";
928 }
929 old_commit = (struct commit *)old_object;
930 new_commit = (struct commit *)new_object;
931 if (!in_merge_bases(old_commit, new_commit)) {
932 rp_error("denying non-fast-forward %s"
933 " (you should pull first)", name);
934 return "non-fast-forward";
935 }
936 }
937 if (run_update_hook(cmd)) {
938 rp_error("hook declined to update %s", name);
939 return "hook declined";
940 }
941
942 if (is_null_sha1(new_sha1)) {
943 struct strbuf err = STRBUF_INIT;
944 if (!parse_object(old_sha1)) {
945 old_sha1 = NULL;
946 if (ref_exists(name)) {
947 rp_warning("Allowing deletion of corrupt ref.");
948 } else {
949 rp_warning("Deleting a non-existent ref.");
950 cmd->did_not_exist = 1;
951 }
952 }
953 if (ref_transaction_delete(transaction,
954 namespaced_name,
955 old_sha1,
956 0, old_sha1 != NULL,
957 "push", &err)) {
958 rp_error("%s", err.buf);
959 strbuf_release(&err);
960 return "failed to delete";
961 }
962 strbuf_release(&err);
963 return NULL; /* good */
964 }
965 else {
966 struct strbuf err = STRBUF_INIT;
967 if (shallow_update && si->shallow_ref[cmd->index] &&
968 update_shallow_ref(cmd, si))
969 return "shallow error";
970
971 if (ref_transaction_update(transaction,
972 namespaced_name,
973 new_sha1, old_sha1,
974 0, 1, "push",
975 &err)) {
976 rp_error("%s", err.buf);
977 strbuf_release(&err);
978
979 return "failed to update ref";
980 }
981 strbuf_release(&err);
982
983 return NULL; /* good */
984 }
985}
986
987static void run_update_post_hook(struct command *commands)
988{
989 struct command *cmd;
990 int argc;
991 const char **argv;
992 struct child_process proc = CHILD_PROCESS_INIT;
993 char *hook;
994
995 hook = find_hook("post-update");
996 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
997 if (cmd->error_string || cmd->did_not_exist)
998 continue;
999 argc++;
1000 }
1001 if (!argc || !hook)
1002 return;
1003
1004 argv = xmalloc(sizeof(*argv) * (2 + argc));
1005 argv[0] = hook;
1006
1007 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1008 if (cmd->error_string || cmd->did_not_exist)
1009 continue;
1010 argv[argc] = xstrdup(cmd->ref_name);
1011 argc++;
1012 }
1013 argv[argc] = NULL;
1014
1015 proc.no_stdin = 1;
1016 proc.stdout_to_stderr = 1;
1017 proc.err = use_sideband ? -1 : 0;
1018 proc.argv = argv;
1019
1020 if (!start_command(&proc)) {
1021 if (use_sideband)
1022 copy_to_sideband(proc.err, -1, NULL);
1023 finish_command(&proc);
1024 }
1025}
1026
1027static void check_aliased_update(struct command *cmd, struct string_list *list)
1028{
1029 struct strbuf buf = STRBUF_INIT;
1030 const char *dst_name;
1031 struct string_list_item *item;
1032 struct command *dst_cmd;
1033 unsigned char sha1[20];
1034 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1035 int flag;
1036
1037 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1038 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1039 strbuf_release(&buf);
1040
1041 if (!(flag & REF_ISSYMREF))
1042 return;
1043
1044 dst_name = strip_namespace(dst_name);
1045 if (!dst_name) {
1046 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1047 cmd->skip_update = 1;
1048 cmd->error_string = "broken symref";
1049 return;
1050 }
1051
1052 if ((item = string_list_lookup(list, dst_name)) == NULL)
1053 return;
1054
1055 cmd->skip_update = 1;
1056
1057 dst_cmd = (struct command *) item->util;
1058
1059 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1060 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1061 return;
1062
1063 dst_cmd->skip_update = 1;
1064
1065 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1066 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1067 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1068 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1069 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1070 " its target '%s' (%s..%s)",
1071 cmd->ref_name, cmd_oldh, cmd_newh,
1072 dst_cmd->ref_name, dst_oldh, dst_newh);
1073
1074 cmd->error_string = dst_cmd->error_string =
1075 "inconsistent aliased update";
1076}
1077
1078static void check_aliased_updates(struct command *commands)
1079{
1080 struct command *cmd;
1081 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1082
1083 for (cmd = commands; cmd; cmd = cmd->next) {
1084 struct string_list_item *item =
1085 string_list_append(&ref_list, cmd->ref_name);
1086 item->util = (void *)cmd;
1087 }
1088 string_list_sort(&ref_list);
1089
1090 for (cmd = commands; cmd; cmd = cmd->next) {
1091 if (!cmd->error_string)
1092 check_aliased_update(cmd, &ref_list);
1093 }
1094
1095 string_list_clear(&ref_list, 0);
1096}
1097
1098static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1099{
1100 struct command **cmd_list = cb_data;
1101 struct command *cmd = *cmd_list;
1102
1103 if (!cmd || is_null_sha1(cmd->new_sha1))
1104 return -1; /* end of list */
1105 *cmd_list = NULL; /* this returns only one */
1106 hashcpy(sha1, cmd->new_sha1);
1107 return 0;
1108}
1109
1110static void set_connectivity_errors(struct command *commands,
1111 struct shallow_info *si)
1112{
1113 struct command *cmd;
1114
1115 for (cmd = commands; cmd; cmd = cmd->next) {
1116 struct command *singleton = cmd;
1117 if (shallow_update && si->shallow_ref[cmd->index])
1118 /* to be checked in update_shallow_ref() */
1119 continue;
1120 if (!check_everything_connected(command_singleton_iterator,
1121 0, &singleton))
1122 continue;
1123 cmd->error_string = "missing necessary objects";
1124 }
1125}
1126
1127struct iterate_data {
1128 struct command *cmds;
1129 struct shallow_info *si;
1130};
1131
1132static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1133{
1134 struct iterate_data *data = cb_data;
1135 struct command **cmd_list = &data->cmds;
1136 struct command *cmd = *cmd_list;
1137
1138 for (; cmd; cmd = cmd->next) {
1139 if (shallow_update && data->si->shallow_ref[cmd->index])
1140 /* to be checked in update_shallow_ref() */
1141 continue;
1142 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1143 hashcpy(sha1, cmd->new_sha1);
1144 *cmd_list = cmd->next;
1145 return 0;
1146 }
1147 }
1148 *cmd_list = NULL;
1149 return -1; /* end of list */
1150}
1151
1152static void reject_updates_to_hidden(struct command *commands)
1153{
1154 struct command *cmd;
1155
1156 for (cmd = commands; cmd; cmd = cmd->next) {
1157 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1158 continue;
1159 if (is_null_sha1(cmd->new_sha1))
1160 cmd->error_string = "deny deleting a hidden ref";
1161 else
1162 cmd->error_string = "deny updating a hidden ref";
1163 }
1164}
1165
1166static int should_process_cmd(struct command *cmd)
1167{
1168 return !cmd->error_string && !cmd->skip_update;
1169}
1170
1171static void warn_if_skipped_connectivity_check(struct command *commands,
1172 struct shallow_info *si)
1173{
1174 struct command *cmd;
1175 int checked_connectivity = 1;
1176
1177 for (cmd = commands; cmd; cmd = cmd->next) {
1178 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1179 error("BUG: connectivity check has not been run on ref %s",
1180 cmd->ref_name);
1181 checked_connectivity = 0;
1182 }
1183 }
1184 if (!checked_connectivity)
1185 die("BUG: connectivity check skipped???");
1186}
1187
1188static void execute_commands_non_atomic(struct command *commands,
1189 struct shallow_info *si)
1190{
1191 struct command *cmd;
1192 struct strbuf err = STRBUF_INIT;
1193
1194 for (cmd = commands; cmd; cmd = cmd->next) {
1195 if (!should_process_cmd(cmd))
1196 continue;
1197
1198 transaction = ref_transaction_begin(&err);
1199 if (!transaction) {
1200 rp_error("%s", err.buf);
1201 strbuf_reset(&err);
1202 cmd->error_string = "transaction failed to start";
1203 continue;
1204 }
1205
1206 cmd->error_string = update(cmd, si);
1207
1208 if (!cmd->error_string
1209 && ref_transaction_commit(transaction, &err)) {
1210 rp_error("%s", err.buf);
1211 strbuf_reset(&err);
1212 cmd->error_string = "failed to update ref";
1213 }
1214 ref_transaction_free(transaction);
1215 }
1216 strbuf_release(&err);
1217}
1218
1219static void execute_commands_atomic(struct command *commands,
1220 struct shallow_info *si)
1221{
1222 struct command *cmd;
1223 struct strbuf err = STRBUF_INIT;
1224 const char *reported_error = "atomic push failure";
1225
1226 transaction = ref_transaction_begin(&err);
1227 if (!transaction) {
1228 rp_error("%s", err.buf);
1229 strbuf_reset(&err);
1230 reported_error = "transaction failed to start";
1231 goto failure;
1232 }
1233
1234 for (cmd = commands; cmd; cmd = cmd->next) {
1235 if (!should_process_cmd(cmd))
1236 continue;
1237
1238 cmd->error_string = update(cmd, si);
1239
1240 if (cmd->error_string)
1241 goto failure;
1242 }
1243
1244 if (ref_transaction_commit(transaction, &err)) {
1245 rp_error("%s", err.buf);
1246 reported_error = "atomic transaction failed";
1247 goto failure;
1248 }
1249 goto cleanup;
1250
1251failure:
1252 for (cmd = commands; cmd; cmd = cmd->next)
1253 if (!cmd->error_string)
1254 cmd->error_string = reported_error;
1255
1256cleanup:
1257 ref_transaction_free(transaction);
1258 strbuf_release(&err);
1259}
1260
1261static void execute_commands(struct command *commands,
1262 const char *unpacker_error,
1263 struct shallow_info *si)
1264{
1265 struct command *cmd;
1266 unsigned char sha1[20];
1267 struct iterate_data data;
1268
1269 if (unpacker_error) {
1270 for (cmd = commands; cmd; cmd = cmd->next)
1271 cmd->error_string = "unpacker error";
1272 return;
1273 }
1274
1275 data.cmds = commands;
1276 data.si = si;
1277 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1278 set_connectivity_errors(commands, si);
1279
1280 reject_updates_to_hidden(commands);
1281
1282 if (run_receive_hook(commands, "pre-receive", 0)) {
1283 for (cmd = commands; cmd; cmd = cmd->next) {
1284 if (!cmd->error_string)
1285 cmd->error_string = "pre-receive hook declined";
1286 }
1287 return;
1288 }
1289
1290 check_aliased_updates(commands);
1291
1292 free(head_name_to_free);
1293 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1294
1295 if (use_atomic)
1296 execute_commands_atomic(commands, si);
1297 else
1298 execute_commands_non_atomic(commands, si);
1299
1300 if (shallow_update)
1301 warn_if_skipped_connectivity_check(commands, si);
1302}
1303
1304static struct command **queue_command(struct command **tail,
1305 const char *line,
1306 int linelen)
1307{
1308 unsigned char old_sha1[20], new_sha1[20];
1309 struct command *cmd;
1310 const char *refname;
1311 int reflen;
1312
1313 if (linelen < 83 ||
1314 line[40] != ' ' ||
1315 line[81] != ' ' ||
1316 get_sha1_hex(line, old_sha1) ||
1317 get_sha1_hex(line + 41, new_sha1))
1318 die("protocol error: expected old/new/ref, got '%s'", line);
1319
1320 refname = line + 82;
1321 reflen = linelen - 82;
1322 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1323 hashcpy(cmd->old_sha1, old_sha1);
1324 hashcpy(cmd->new_sha1, new_sha1);
1325 memcpy(cmd->ref_name, refname, reflen);
1326 cmd->ref_name[reflen] = '\0';
1327 *tail = cmd;
1328 return &cmd->next;
1329}
1330
1331static void queue_commands_from_cert(struct command **tail,
1332 struct strbuf *push_cert)
1333{
1334 const char *boc, *eoc;
1335
1336 if (*tail)
1337 die("protocol error: got both push certificate and unsigned commands");
1338
1339 boc = strstr(push_cert->buf, "\n\n");
1340 if (!boc)
1341 die("malformed push certificate %.*s", 100, push_cert->buf);
1342 else
1343 boc += 2;
1344 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1345
1346 while (boc < eoc) {
1347 const char *eol = memchr(boc, '\n', eoc - boc);
1348 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1349 boc = eol ? eol + 1 : eoc;
1350 }
1351}
1352
1353static struct command *read_head_info(struct sha1_array *shallow)
1354{
1355 struct command *commands = NULL;
1356 struct command **p = &commands;
1357 for (;;) {
1358 char *line;
1359 int len, linelen;
1360
1361 line = packet_read_line(0, &len);
1362 if (!line)
1363 break;
1364
1365 if (len == 48 && starts_with(line, "shallow ")) {
1366 unsigned char sha1[20];
1367 if (get_sha1_hex(line + 8, sha1))
1368 die("protocol error: expected shallow sha, got '%s'",
1369 line + 8);
1370 sha1_array_append(shallow, sha1);
1371 continue;
1372 }
1373
1374 linelen = strlen(line);
1375 if (linelen < len) {
1376 const char *feature_list = line + linelen + 1;
1377 if (parse_feature_request(feature_list, "report-status"))
1378 report_status = 1;
1379 if (parse_feature_request(feature_list, "side-band-64k"))
1380 use_sideband = LARGE_PACKET_MAX;
1381 if (parse_feature_request(feature_list, "quiet"))
1382 quiet = 1;
1383 if (advertise_atomic_push
1384 && parse_feature_request(feature_list, "atomic"))
1385 use_atomic = 1;
1386 }
1387
1388 if (!strcmp(line, "push-cert")) {
1389 int true_flush = 0;
1390 char certbuf[1024];
1391
1392 for (;;) {
1393 len = packet_read(0, NULL, NULL,
1394 certbuf, sizeof(certbuf), 0);
1395 if (!len) {
1396 true_flush = 1;
1397 break;
1398 }
1399 if (!strcmp(certbuf, "push-cert-end\n"))
1400 break; /* end of cert */
1401 strbuf_addstr(&push_cert, certbuf);
1402 }
1403
1404 if (true_flush)
1405 break;
1406 continue;
1407 }
1408
1409 p = queue_command(p, line, linelen);
1410 }
1411
1412 if (push_cert.len)
1413 queue_commands_from_cert(p, &push_cert);
1414
1415 return commands;
1416}
1417
1418static const char *parse_pack_header(struct pack_header *hdr)
1419{
1420 switch (read_pack_header(0, hdr)) {
1421 case PH_ERROR_EOF:
1422 return "eof before pack header was fully read";
1423
1424 case PH_ERROR_PACK_SIGNATURE:
1425 return "protocol error (pack signature mismatch detected)";
1426
1427 case PH_ERROR_PROTOCOL:
1428 return "protocol error (pack version unsupported)";
1429
1430 default:
1431 return "unknown error in parse_pack_header";
1432
1433 case 0:
1434 return NULL;
1435 }
1436}
1437
1438static const char *pack_lockfile;
1439
1440static const char *unpack(int err_fd, struct shallow_info *si)
1441{
1442 struct pack_header hdr;
1443 const char *hdr_err;
1444 int status;
1445 char hdr_arg[38];
1446 struct child_process child = CHILD_PROCESS_INIT;
1447 int fsck_objects = (receive_fsck_objects >= 0
1448 ? receive_fsck_objects
1449 : transfer_fsck_objects >= 0
1450 ? transfer_fsck_objects
1451 : 0);
1452
1453 hdr_err = parse_pack_header(&hdr);
1454 if (hdr_err) {
1455 if (err_fd > 0)
1456 close(err_fd);
1457 return hdr_err;
1458 }
1459 snprintf(hdr_arg, sizeof(hdr_arg),
1460 "--pack_header=%"PRIu32",%"PRIu32,
1461 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1462
1463 if (si->nr_ours || si->nr_theirs) {
1464 alt_shallow_file = setup_temporary_shallow(si->shallow);
1465 argv_array_push(&child.args, "--shallow-file");
1466 argv_array_push(&child.args, alt_shallow_file);
1467 }
1468
1469 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1470 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1471 if (quiet)
1472 argv_array_push(&child.args, "-q");
1473 if (fsck_objects)
1474 argv_array_push(&child.args, "--strict");
1475 child.no_stdout = 1;
1476 child.err = err_fd;
1477 child.git_cmd = 1;
1478 status = run_command(&child);
1479 if (status)
1480 return "unpack-objects abnormal exit";
1481 } else {
1482 int s;
1483 char keep_arg[256];
1484
1485 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1486 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1487 strcpy(keep_arg + s, "localhost");
1488
1489 argv_array_pushl(&child.args, "index-pack",
1490 "--stdin", hdr_arg, keep_arg, NULL);
1491 if (fsck_objects)
1492 argv_array_push(&child.args, "--strict");
1493 if (fix_thin)
1494 argv_array_push(&child.args, "--fix-thin");
1495 child.out = -1;
1496 child.err = err_fd;
1497 child.git_cmd = 1;
1498 status = start_command(&child);
1499 if (status)
1500 return "index-pack fork failed";
1501 pack_lockfile = index_pack_lockfile(child.out);
1502 close(child.out);
1503 status = finish_command(&child);
1504 if (status)
1505 return "index-pack abnormal exit";
1506 reprepare_packed_git();
1507 }
1508 return NULL;
1509}
1510
1511static const char *unpack_with_sideband(struct shallow_info *si)
1512{
1513 struct async muxer;
1514 const char *ret;
1515
1516 if (!use_sideband)
1517 return unpack(0, si);
1518
1519 memset(&muxer, 0, sizeof(muxer));
1520 muxer.proc = copy_to_sideband;
1521 muxer.in = -1;
1522 if (start_async(&muxer))
1523 return NULL;
1524
1525 ret = unpack(muxer.in, si);
1526
1527 finish_async(&muxer);
1528 return ret;
1529}
1530
1531static void prepare_shallow_update(struct command *commands,
1532 struct shallow_info *si)
1533{
1534 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1535
1536 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1537 si->shallow->nr);
1538 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1539
1540 si->need_reachability_test =
1541 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1542 si->reachable =
1543 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1544 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1545
1546 for (i = 0; i < si->nr_ours; i++)
1547 si->need_reachability_test[si->ours[i]] = 1;
1548
1549 for (i = 0; i < si->shallow->nr; i++) {
1550 if (!si->used_shallow[i])
1551 continue;
1552 for (j = 0; j < bitmap_size; j++) {
1553 if (!si->used_shallow[i][j])
1554 continue;
1555 si->need_reachability_test[i]++;
1556 for (k = 0; k < 32; k++)
1557 if (si->used_shallow[i][j] & (1 << k))
1558 si->shallow_ref[j * 32 + k]++;
1559 }
1560
1561 /*
1562 * true for those associated with some refs and belong
1563 * in "ours" list aka "step 7 not done yet"
1564 */
1565 si->need_reachability_test[i] =
1566 si->need_reachability_test[i] > 1;
1567 }
1568
1569 /*
1570 * keep hooks happy by forcing a temporary shallow file via
1571 * env variable because we can't add --shallow-file to every
1572 * command. check_everything_connected() will be done with
1573 * true .git/shallow though.
1574 */
1575 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1576}
1577
1578static void update_shallow_info(struct command *commands,
1579 struct shallow_info *si,
1580 struct sha1_array *ref)
1581{
1582 struct command *cmd;
1583 int *ref_status;
1584 remove_nonexistent_theirs_shallow(si);
1585 if (!si->nr_ours && !si->nr_theirs) {
1586 shallow_update = 0;
1587 return;
1588 }
1589
1590 for (cmd = commands; cmd; cmd = cmd->next) {
1591 if (is_null_sha1(cmd->new_sha1))
1592 continue;
1593 sha1_array_append(ref, cmd->new_sha1);
1594 cmd->index = ref->nr - 1;
1595 }
1596 si->ref = ref;
1597
1598 if (shallow_update) {
1599 prepare_shallow_update(commands, si);
1600 return;
1601 }
1602
1603 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1604 assign_shallow_commits_to_refs(si, NULL, ref_status);
1605 for (cmd = commands; cmd; cmd = cmd->next) {
1606 if (is_null_sha1(cmd->new_sha1))
1607 continue;
1608 if (ref_status[cmd->index]) {
1609 cmd->error_string = "shallow update not allowed";
1610 cmd->skip_update = 1;
1611 }
1612 }
1613 free(ref_status);
1614}
1615
1616static void report(struct command *commands, const char *unpack_status)
1617{
1618 struct command *cmd;
1619 struct strbuf buf = STRBUF_INIT;
1620
1621 packet_buf_write(&buf, "unpack %s\n",
1622 unpack_status ? unpack_status : "ok");
1623 for (cmd = commands; cmd; cmd = cmd->next) {
1624 if (!cmd->error_string)
1625 packet_buf_write(&buf, "ok %s\n",
1626 cmd->ref_name);
1627 else
1628 packet_buf_write(&buf, "ng %s %s\n",
1629 cmd->ref_name, cmd->error_string);
1630 }
1631 packet_buf_flush(&buf);
1632
1633 if (use_sideband)
1634 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1635 else
1636 write_or_die(1, buf.buf, buf.len);
1637 strbuf_release(&buf);
1638}
1639
1640static int delete_only(struct command *commands)
1641{
1642 struct command *cmd;
1643 for (cmd = commands; cmd; cmd = cmd->next) {
1644 if (!is_null_sha1(cmd->new_sha1))
1645 return 0;
1646 }
1647 return 1;
1648}
1649
1650int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1651{
1652 int advertise_refs = 0;
1653 int i;
1654 struct command *commands;
1655 struct sha1_array shallow = SHA1_ARRAY_INIT;
1656 struct sha1_array ref = SHA1_ARRAY_INIT;
1657 struct shallow_info si;
1658
1659 packet_trace_identity("receive-pack");
1660
1661 argv++;
1662 for (i = 1; i < argc; i++) {
1663 const char *arg = *argv++;
1664
1665 if (*arg == '-') {
1666 if (!strcmp(arg, "--quiet")) {
1667 quiet = 1;
1668 continue;
1669 }
1670
1671 if (!strcmp(arg, "--advertise-refs")) {
1672 advertise_refs = 1;
1673 continue;
1674 }
1675 if (!strcmp(arg, "--stateless-rpc")) {
1676 stateless_rpc = 1;
1677 continue;
1678 }
1679 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1680 fix_thin = 0;
1681 continue;
1682 }
1683
1684 usage(receive_pack_usage);
1685 }
1686 if (service_dir)
1687 usage(receive_pack_usage);
1688 service_dir = arg;
1689 }
1690 if (!service_dir)
1691 usage(receive_pack_usage);
1692
1693 setup_path();
1694
1695 if (!enter_repo(service_dir, 0))
1696 die("'%s' does not appear to be a git repository", service_dir);
1697
1698 git_config(receive_pack_config, NULL);
1699 if (cert_nonce_seed)
1700 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1701
1702 if (0 <= transfer_unpack_limit)
1703 unpack_limit = transfer_unpack_limit;
1704 else if (0 <= receive_unpack_limit)
1705 unpack_limit = receive_unpack_limit;
1706
1707 if (advertise_refs || !stateless_rpc) {
1708 write_head_info();
1709 }
1710 if (advertise_refs)
1711 return 0;
1712
1713 if ((commands = read_head_info(&shallow)) != NULL) {
1714 const char *unpack_status = NULL;
1715
1716 prepare_shallow_info(&si, &shallow);
1717 if (!si.nr_ours && !si.nr_theirs)
1718 shallow_update = 0;
1719 if (!delete_only(commands)) {
1720 unpack_status = unpack_with_sideband(&si);
1721 update_shallow_info(commands, &si, &ref);
1722 }
1723 execute_commands(commands, unpack_status, &si);
1724 if (pack_lockfile)
1725 unlink_or_warn(pack_lockfile);
1726 if (report_status)
1727 report(commands, unpack_status);
1728 run_receive_hook(commands, "post-receive", 1);
1729 run_update_post_hook(commands);
1730 if (auto_gc) {
1731 const char *argv_gc_auto[] = {
1732 "gc", "--auto", "--quiet", NULL,
1733 };
1734 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1735 run_command_v_opt(argv_gc_auto, opt);
1736 }
1737 if (auto_update_server_info)
1738 update_server_info(0);
1739 clear_shallow_info(&si);
1740 }
1741 if (use_sideband)
1742 packet_flush(1);
1743 sha1_array_clear(&shallow);
1744 sha1_array_clear(&ref);
1745 free((void *)push_cert_nonce);
1746 return 0;
1747}