1#include "builtin.h"
2#include "config.h"
3#include "lockfile.h"
4#include "pack.h"
5#include "refs.h"
6#include "pkt-line.h"
7#include "sideband.h"
8#include "run-command.h"
9#include "exec_cmd.h"
10#include "commit.h"
11#include "object.h"
12#include "remote.h"
13#include "connect.h"
14#include "transport.h"
15#include "string-list.h"
16#include "sha1-array.h"
17#include "connected.h"
18#include "argv-array.h"
19#include "version.h"
20#include "tag.h"
21#include "gpg-interface.h"
22#include "sigchain.h"
23#include "fsck.h"
24#include "tmp-objdir.h"
25#include "oidset.h"
26static const char * const receive_pack_usage[] = {
28 N_("git receive-pack <git-dir>"),
29 NULL
30};
31enum deny_action {
33 DENY_UNCONFIGURED,
34 DENY_IGNORE,
35 DENY_WARN,
36 DENY_REFUSE,
37 DENY_UPDATE_INSTEAD
38};
39static int deny_deletes;
41static int deny_non_fast_forwards;
42static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
43static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
44static int receive_fsck_objects = -1;
45static int transfer_fsck_objects = -1;
46static struct strbuf fsck_msg_types = STRBUF_INIT;
47static int receive_unpack_limit = -1;
48static int transfer_unpack_limit = -1;
49static int advertise_atomic_push = 1;
50static int advertise_push_options;
51static int unpack_limit = 100;
52static off_t max_input_size;
53static int report_status;
54static int use_sideband;
55static int use_atomic;
56static int use_push_options;
57static int quiet;
58static int prefer_ofs_delta = 1;
59static int auto_update_server_info;
60static int auto_gc = 1;
61static int reject_thin;
62static int stateless_rpc;
63static const char *service_dir;
64static const char *head_name;
65static void *head_name_to_free;
66static int sent_capabilities;
67static int shallow_update;
68static const char *alt_shallow_file;
69static struct strbuf push_cert = STRBUF_INIT;
70static unsigned char push_cert_sha1[20];
71static struct signature_check sigcheck;
72static const char *push_cert_nonce;
73static const char *cert_nonce_seed;
74static const char *NONCE_UNSOLICITED = "UNSOLICITED";
76static const char *NONCE_BAD = "BAD";
77static const char *NONCE_MISSING = "MISSING";
78static const char *NONCE_OK = "OK";
79static const char *NONCE_SLOP = "SLOP";
80static const char *nonce_status;
81static long nonce_stamp_slop;
82static timestamp_t nonce_stamp_slop_limit;
83static struct ref_transaction *transaction;
84static enum {
86 KEEPALIVE_NEVER = 0,
87 KEEPALIVE_AFTER_NUL,
88 KEEPALIVE_ALWAYS
89} use_keepalive;
90static int keepalive_in_sec = 5;
91static struct tmp_objdir *tmp_objdir;
93static enum deny_action parse_deny_action(const char *var, const char *value)
95{
96 if (value) {
97 if (!strcasecmp(value, "ignore"))
98 return DENY_IGNORE;
99 if (!strcasecmp(value, "warn"))
100 return DENY_WARN;
101 if (!strcasecmp(value, "refuse"))
102 return DENY_REFUSE;
103 if (!strcasecmp(value, "updateinstead"))
104 return DENY_UPDATE_INSTEAD;
105 }
106 if (git_config_bool(var, value))
107 return DENY_REFUSE;
108 return DENY_IGNORE;
109}
110static int receive_pack_config(const char *var, const char *value, void *cb)
112{
113 int status = parse_hide_refs_config(var, value, "receive");
114 if (status)
116 return status;
117 if (strcmp(var, "receive.denydeletes") == 0) {
119 deny_deletes = git_config_bool(var, value);
120 return 0;
121 }
122 if (strcmp(var, "receive.denynonfastforwards") == 0) {
124 deny_non_fast_forwards = git_config_bool(var, value);
125 return 0;
126 }
127 if (strcmp(var, "receive.unpacklimit") == 0) {
129 receive_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132 if (strcmp(var, "transfer.unpacklimit") == 0) {
134 transfer_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137 if (strcmp(var, "receive.fsck.skiplist") == 0) {
139 const char *path;
140 if (git_config_pathname(&path, var, value))
142 return 1;
143 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
144 fsck_msg_types.len ? ',' : '=', path);
145 free((char *)path);
146 return 0;
147 }
148 if (skip_prefix(var, "receive.fsck.", &var)) {
150 if (is_valid_msg_type(var, value))
151 strbuf_addf(&fsck_msg_types, "%c%s=%s",
152 fsck_msg_types.len ? ',' : '=', var, value);
153 else
154 warning("Skipping unknown msg id '%s'", var);
155 return 0;
156 }
157 if (strcmp(var, "receive.fsckobjects") == 0) {
159 receive_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162 if (strcmp(var, "transfer.fsckobjects") == 0) {
164 transfer_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167 if (!strcmp(var, "receive.denycurrentbranch")) {
169 deny_current_branch = parse_deny_action(var, value);
170 return 0;
171 }
172 if (strcmp(var, "receive.denydeletecurrent") == 0) {
174 deny_delete_current = parse_deny_action(var, value);
175 return 0;
176 }
177 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
179 prefer_ofs_delta = git_config_bool(var, value);
180 return 0;
181 }
182 if (strcmp(var, "receive.updateserverinfo") == 0) {
184 auto_update_server_info = git_config_bool(var, value);
185 return 0;
186 }
187 if (strcmp(var, "receive.autogc") == 0) {
189 auto_gc = git_config_bool(var, value);
190 return 0;
191 }
192 if (strcmp(var, "receive.shallowupdate") == 0) {
194 shallow_update = git_config_bool(var, value);
195 return 0;
196 }
197 if (strcmp(var, "receive.certnonceseed") == 0)
199 return git_config_string(&cert_nonce_seed, var, value);
200 if (strcmp(var, "receive.certnonceslop") == 0) {
202 nonce_stamp_slop_limit = git_config_ulong(var, value);
203 return 0;
204 }
205 if (strcmp(var, "receive.advertiseatomic") == 0) {
207 advertise_atomic_push = git_config_bool(var, value);
208 return 0;
209 }
210 if (strcmp(var, "receive.advertisepushoptions") == 0) {
212 advertise_push_options = git_config_bool(var, value);
213 return 0;
214 }
215 if (strcmp(var, "receive.keepalive") == 0) {
217 keepalive_in_sec = git_config_int(var, value);
218 return 0;
219 }
220 if (strcmp(var, "receive.maxinputsize") == 0) {
222 max_input_size = git_config_int64(var, value);
223 return 0;
224 }
225 return git_default_config(var, value, cb);
227}
228static void show_ref(const char *path, const struct object_id *oid)
230{
231 if (sent_capabilities) {
232 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
233 } else {
234 struct strbuf cap = STRBUF_INIT;
235 strbuf_addstr(&cap,
237 "report-status delete-refs side-band-64k quiet");
238 if (advertise_atomic_push)
239 strbuf_addstr(&cap, " atomic");
240 if (prefer_ofs_delta)
241 strbuf_addstr(&cap, " ofs-delta");
242 if (push_cert_nonce)
243 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
244 if (advertise_push_options)
245 strbuf_addstr(&cap, " push-options");
246 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
247 packet_write_fmt(1, "%s %s%c%s\n",
248 oid_to_hex(oid), path, 0, cap.buf);
249 strbuf_release(&cap);
250 sent_capabilities = 1;
251 }
252}
253static int show_ref_cb(const char *path_full, const struct object_id *oid,
255 int flag, void *data)
256{
257 struct oidset *seen = data;
258 const char *path = strip_namespace(path_full);
259 if (ref_is_hidden(path, path_full))
261 return 0;
262 /*
264 * Advertise refs outside our current namespace as ".have"
265 * refs, so that the client can use them to minimize data
266 * transfer but will otherwise ignore them.
267 */
268 if (!path) {
269 if (oidset_insert(seen, oid))
270 return 0;
271 path = ".have";
272 } else {
273 oidset_insert(seen, oid);
274 }
275 show_ref(path, oid);
276 return 0;
277}
278static void show_one_alternate_ref(const char *refname,
280 const struct object_id *oid,
281 void *data)
282{
283 struct oidset *seen = data;
284 if (oidset_insert(seen, oid))
286 return;
287 show_ref(".have", oid);
289}
290static void write_head_info(void)
292{
293 static struct oidset seen = OIDSET_INIT;
294 for_each_ref(show_ref_cb, &seen);
296 for_each_alternate_ref(show_one_alternate_ref, &seen);
297 oidset_clear(&seen);
298 if (!sent_capabilities)
299 show_ref("capabilities^{}", &null_oid);
300 advertise_shallow_grafts(1);
302 /* EOF */
304 packet_flush(1);
305}
306struct command {
308 struct command *next;
309 const char *error_string;
310 unsigned int skip_update:1,
311 did_not_exist:1;
312 int index;
313 struct object_id old_oid;
314 struct object_id new_oid;
315 char ref_name[FLEX_ARRAY]; /* more */
316};
317static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
319static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
320static void report_message(const char *prefix, const char *err, va_list params)
322{
323 int sz;
324 char msg[4096];
325 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
327 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
328 if (sz > (sizeof(msg) - 1))
329 sz = sizeof(msg) - 1;
330 msg[sz++] = '\n';
331 if (use_sideband)
333 send_sideband(1, 2, msg, sz, use_sideband);
334 else
335 xwrite(2, msg, sz);
336}
337static void rp_warning(const char *err, ...)
339{
340 va_list params;
341 va_start(params, err);
342 report_message("warning: ", err, params);
343 va_end(params);
344}
345static void rp_error(const char *err, ...)
347{
348 va_list params;
349 va_start(params, err);
350 report_message("error: ", err, params);
351 va_end(params);
352}
353static int copy_to_sideband(int in, int out, void *arg)
355{
356 char data[128];
357 int keepalive_active = 0;
358 if (keepalive_in_sec <= 0)
360 use_keepalive = KEEPALIVE_NEVER;
361 if (use_keepalive == KEEPALIVE_ALWAYS)
362 keepalive_active = 1;
363 while (1) {
365 ssize_t sz;
366 if (keepalive_active) {
368 struct pollfd pfd;
369 int ret;
370 pfd.fd = in;
372 pfd.events = POLLIN;
373 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
374 if (ret < 0) {
376 if (errno == EINTR)
377 continue;
378 else
379 break;
380 } else if (ret == 0) {
381 /* no data; send a keepalive packet */
382 static const char buf[] = "0005\1";
383 write_or_die(1, buf, sizeof(buf) - 1);
384 continue;
385 } /* else there is actual data to read */
386 }
387 sz = xread(in, data, sizeof(data));
389 if (sz <= 0)
390 break;
391 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
393 const char *p = memchr(data, '\0', sz);
394 if (p) {
395 /*
396 * The NUL tells us to start sending keepalives. Make
397 * sure we send any other data we read along
398 * with it.
399 */
400 keepalive_active = 1;
401 send_sideband(1, 2, data, p - data, use_sideband);
402 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
403 continue;
404 }
405 }
406 /*
408 * Either we're not looking for a NUL signal, or we didn't see
409 * it yet; just pass along the data.
410 */
411 send_sideband(1, 2, data, sz, use_sideband);
412 }
413 close(in);
414 return 0;
415}
416#define HMAC_BLOCK_SIZE 64
418static void hmac_sha1(unsigned char *out,
420 const char *key_in, size_t key_len,
421 const char *text, size_t text_len)
422{
423 unsigned char key[HMAC_BLOCK_SIZE];
424 unsigned char k_ipad[HMAC_BLOCK_SIZE];
425 unsigned char k_opad[HMAC_BLOCK_SIZE];
426 int i;
427 git_SHA_CTX ctx;
428 /* RFC 2104 2. (1) */
430 memset(key, '\0', HMAC_BLOCK_SIZE);
431 if (HMAC_BLOCK_SIZE < key_len) {
432 git_SHA1_Init(&ctx);
433 git_SHA1_Update(&ctx, key_in, key_len);
434 git_SHA1_Final(key, &ctx);
435 } else {
436 memcpy(key, key_in, key_len);
437 }
438 /* RFC 2104 2. (2) & (5) */
440 for (i = 0; i < sizeof(key); i++) {
441 k_ipad[i] = key[i] ^ 0x36;
442 k_opad[i] = key[i] ^ 0x5c;
443 }
444 /* RFC 2104 2. (3) & (4) */
446 git_SHA1_Init(&ctx);
447 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
448 git_SHA1_Update(&ctx, text, text_len);
449 git_SHA1_Final(out, &ctx);
450 /* RFC 2104 2. (6) & (7) */
452 git_SHA1_Init(&ctx);
453 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
454 git_SHA1_Update(&ctx, out, 20);
455 git_SHA1_Final(out, &ctx);
456}
457static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
459{
460 struct strbuf buf = STRBUF_INIT;
461 unsigned char sha1[20];
462 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
464 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
465 strbuf_release(&buf);
466 /* RFC 2104 5. HMAC-SHA1-80 */
468 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
469 return strbuf_detach(&buf, NULL);
470}
471/*
473 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
474 * after dropping "_commit" from its name and possibly moving it out
475 * of commit.c
476 */
477static char *find_header(const char *msg, size_t len, const char *key,
478 const char **next_line)
479{
480 int key_len = strlen(key);
481 const char *line = msg;
482 while (line && line < msg + len) {
484 const char *eol = strchrnul(line, '\n');
485 if ((msg + len <= eol) || line == eol)
487 return NULL;
488 if (line + key_len < eol &&
489 !memcmp(line, key, key_len) && line[key_len] == ' ') {
490 int offset = key_len + 1;
491 if (next_line)
492 *next_line = *eol ? eol + 1 : eol;
493 return xmemdupz(line + offset, (eol - line) - offset);
494 }
495 line = *eol ? eol + 1 : NULL;
496 }
497 return NULL;
498}
499static const char *check_nonce(const char *buf, size_t len)
501{
502 char *nonce = find_header(buf, len, "nonce", NULL);
503 timestamp_t stamp, ostamp;
504 char *bohmac, *expect = NULL;
505 const char *retval = NONCE_BAD;
506 if (!nonce) {
508 retval = NONCE_MISSING;
509 goto leave;
510 } else if (!push_cert_nonce) {
511 retval = NONCE_UNSOLICITED;
512 goto leave;
513 } else if (!strcmp(push_cert_nonce, nonce)) {
514 retval = NONCE_OK;
515 goto leave;
516 }
517 if (!stateless_rpc) {
519 /* returned nonce MUST match what we gave out earlier */
520 retval = NONCE_BAD;
521 goto leave;
522 }
523 /*
525 * In stateless mode, we may be receiving a nonce issued by
526 * another instance of the server that serving the same
527 * repository, and the timestamps may not match, but the
528 * nonce-seed and dir should match, so we can recompute and
529 * report the time slop.
530 *
531 * In addition, when a nonce issued by another instance has
532 * timestamp within receive.certnonceslop seconds, we pretend
533 * as if we issued that nonce when reporting to the hook.
534 */
535 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
537 if (*nonce <= '0' || '9' < *nonce) {
538 retval = NONCE_BAD;
539 goto leave;
540 }
541 stamp = parse_timestamp(nonce, &bohmac, 10);
542 if (bohmac == nonce || bohmac[0] != '-') {
543 retval = NONCE_BAD;
544 goto leave;
545 }
546 expect = prepare_push_cert_nonce(service_dir, stamp);
548 if (strcmp(expect, nonce)) {
549 /* Not what we would have signed earlier */
550 retval = NONCE_BAD;
551 goto leave;
552 }
553 /*
555 * By how many seconds is this nonce stale? Negative value
556 * would mean it was issued by another server with its clock
557 * skewed in the future.
558 */
559 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
560 nonce_stamp_slop = (long)ostamp - (long)stamp;
561 if (nonce_stamp_slop_limit &&
563 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
564 /*
565 * Pretend as if the received nonce (which passes the
566 * HMAC check, so it is not a forged by third-party)
567 * is what we issued.
568 */
569 free((void *)push_cert_nonce);
570 push_cert_nonce = xstrdup(nonce);
571 retval = NONCE_OK;
572 } else {
573 retval = NONCE_SLOP;
574 }
575leave:
577 free(nonce);
578 free(expect);
579 return retval;
580}
581/*
583 * Return 1 if there is no push_cert or if the push options in push_cert are
584 * the same as those in the argument; 0 otherwise.
585 */
586static int check_cert_push_options(const struct string_list *push_options)
587{
588 const char *buf = push_cert.buf;
589 int len = push_cert.len;
590 char *option;
592 const char *next_line;
593 int options_seen = 0;
594 int retval = 1;
596 if (!len)
598 return 1;
599 while ((option = find_header(buf, len, "push-option", &next_line))) {
601 len -= (next_line - buf);
602 buf = next_line;
603 options_seen++;
604 if (options_seen > push_options->nr
605 || strcmp(option,
606 push_options->items[options_seen - 1].string)) {
607 retval = 0;
608 goto leave;
609 }
610 free(option);
611 }
612 if (options_seen != push_options->nr)
614 retval = 0;
615leave:
617 free(option);
618 return retval;
619}
620static void prepare_push_cert_sha1(struct child_process *proc)
622{
623 static int already_done;
624 if (!push_cert.len)
626 return;
627 if (!already_done) {
629 struct strbuf gpg_output = STRBUF_INIT;
630 struct strbuf gpg_status = STRBUF_INIT;
631 int bogs /* beginning_of_gpg_sig */;
632 already_done = 1;
634 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
635 hashclr(push_cert_sha1);
636 memset(&sigcheck, '\0', sizeof(sigcheck));
638 sigcheck.result = 'N';
639 bogs = parse_signature(push_cert.buf, push_cert.len);
641 if (verify_signed_buffer(push_cert.buf, bogs,
642 push_cert.buf + bogs, push_cert.len - bogs,
643 &gpg_output, &gpg_status) < 0) {
644 ; /* error running gpg */
645 } else {
646 sigcheck.payload = push_cert.buf;
647 sigcheck.gpg_output = gpg_output.buf;
648 sigcheck.gpg_status = gpg_status.buf;
649 parse_gpg_output(&sigcheck);
650 }
651 strbuf_release(&gpg_output);
653 strbuf_release(&gpg_status);
654 nonce_status = check_nonce(push_cert.buf, bogs);
655 }
656 if (!is_null_sha1(push_cert_sha1)) {
657 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
658 sha1_to_hex(push_cert_sha1));
659 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
660 sigcheck.signer ? sigcheck.signer : "");
661 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
662 sigcheck.key ? sigcheck.key : "");
663 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
664 sigcheck.result);
665 if (push_cert_nonce) {
666 argv_array_pushf(&proc->env_array,
667 "GIT_PUSH_CERT_NONCE=%s",
668 push_cert_nonce);
669 argv_array_pushf(&proc->env_array,
670 "GIT_PUSH_CERT_NONCE_STATUS=%s",
671 nonce_status);
672 if (nonce_status == NONCE_SLOP)
673 argv_array_pushf(&proc->env_array,
674 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
675 nonce_stamp_slop);
676 }
677 }
678}
679struct receive_hook_feed_state {
681 struct command *cmd;
682 int skip_broken;
683 struct strbuf buf;
684 const struct string_list *push_options;
685};
686typedef int (*feed_fn)(void *, const char **, size_t *);
688static int run_and_feed_hook(const char *hook_name, feed_fn feed,
689 struct receive_hook_feed_state *feed_state)
690{
691 struct child_process proc = CHILD_PROCESS_INIT;
692 struct async muxer;
693 const char *argv[2];
694 int code;
695 argv[0] = find_hook(hook_name);
697 if (!argv[0])
698 return 0;
699 argv[1] = NULL;
701 proc.argv = argv;
703 proc.in = -1;
704 proc.stdout_to_stderr = 1;
705 if (feed_state->push_options) {
706 int i;
707 for (i = 0; i < feed_state->push_options->nr; i++)
708 argv_array_pushf(&proc.env_array,
709 "GIT_PUSH_OPTION_%d=%s", i,
710 feed_state->push_options->items[i].string);
711 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
712 feed_state->push_options->nr);
713 } else
714 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
715 if (tmp_objdir)
717 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
718 if (use_sideband) {
720 memset(&muxer, 0, sizeof(muxer));
721 muxer.proc = copy_to_sideband;
722 muxer.in = -1;
723 code = start_async(&muxer);
724 if (code)
725 return code;
726 proc.err = muxer.in;
727 }
728 prepare_push_cert_sha1(&proc);
730 code = start_command(&proc);
732 if (code) {
733 if (use_sideband)
734 finish_async(&muxer);
735 return code;
736 }
737 sigchain_push(SIGPIPE, SIG_IGN);
739 while (1) {
741 const char *buf;
742 size_t n;
743 if (feed(feed_state, &buf, &n))
744 break;
745 if (write_in_full(proc.in, buf, n) != n)
746 break;
747 }
748 close(proc.in);
749 if (use_sideband)
750 finish_async(&muxer);
751 sigchain_pop(SIGPIPE);
753 return finish_command(&proc);
755}
756static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
758{
759 struct receive_hook_feed_state *state = state_;
760 struct command *cmd = state->cmd;
761 while (cmd &&
763 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
764 cmd = cmd->next;
765 if (!cmd)
766 return -1; /* EOF */
767 strbuf_reset(&state->buf);
768 strbuf_addf(&state->buf, "%s %s %s\n",
769 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
770 cmd->ref_name);
771 state->cmd = cmd->next;
772 if (bufp) {
773 *bufp = state->buf.buf;
774 *sizep = state->buf.len;
775 }
776 return 0;
777}
778static int run_receive_hook(struct command *commands,
780 const char *hook_name,
781 int skip_broken,
782 const struct string_list *push_options)
783{
784 struct receive_hook_feed_state state;
785 int status;
786 strbuf_init(&state.buf, 0);
788 state.cmd = commands;
789 state.skip_broken = skip_broken;
790 if (feed_receive_hook(&state, NULL, NULL))
791 return 0;
792 state.cmd = commands;
793 state.push_options = push_options;
794 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
795 strbuf_release(&state.buf);
796 return status;
797}
798static int run_update_hook(struct command *cmd)
800{
801 const char *argv[5];
802 struct child_process proc = CHILD_PROCESS_INIT;
803 int code;
804 argv[0] = find_hook("update");
806 if (!argv[0])
807 return 0;
808 argv[1] = cmd->ref_name;
810 argv[2] = oid_to_hex(&cmd->old_oid);
811 argv[3] = oid_to_hex(&cmd->new_oid);
812 argv[4] = NULL;
813 proc.no_stdin = 1;
815 proc.stdout_to_stderr = 1;
816 proc.err = use_sideband ? -1 : 0;
817 proc.argv = argv;
818 code = start_command(&proc);
820 if (code)
821 return code;
822 if (use_sideband)
823 copy_to_sideband(proc.err, -1, NULL);
824 return finish_command(&proc);
825}
826static int is_ref_checked_out(const char *ref)
828{
829 if (is_bare_repository())
830 return 0;
831 if (!head_name)
833 return 0;
834 return !strcmp(head_name, ref);
835}
836static char *refuse_unconfigured_deny_msg =
838 N_("By default, updating the current branch in a non-bare repository\n"
839 "is denied, because it will make the index and work tree inconsistent\n"
840 "with what you pushed, and will require 'git reset --hard' to match\n"
841 "the work tree to HEAD.\n"
842 "\n"
843 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
844 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
845 "its current branch; however, this is not recommended unless you\n"
846 "arranged to update its work tree to match what you pushed in some\n"
847 "other way.\n"
848 "\n"
849 "To squelch this message and still keep the default behaviour, set\n"
850 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
851static void refuse_unconfigured_deny(void)
853{
854 rp_error("%s", _(refuse_unconfigured_deny_msg));
855}
856static char *refuse_unconfigured_deny_delete_current_msg =
858 N_("By default, deleting the current branch is denied, because the next\n"
859 "'git clone' won't result in any file checked out, causing confusion.\n"
860 "\n"
861 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
862 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
863 "current branch, with or without a warning message.\n"
864 "\n"
865 "To squelch this message, you can set it to 'refuse'.");
866static void refuse_unconfigured_deny_delete_current(void)
868{
869 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
870}
871static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
873static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
874{
875 static struct lock_file shallow_lock;
876 struct oid_array extra = OID_ARRAY_INIT;
877 struct check_connected_options opt = CHECK_CONNECTED_INIT;
878 uint32_t mask = 1 << (cmd->index % 32);
879 int i;
880 trace_printf_key(&trace_shallow,
882 "shallow: update_shallow_ref %s\n", cmd->ref_name);
883 for (i = 0; i < si->shallow->nr; i++)
884 if (si->used_shallow[i] &&
885 (si->used_shallow[i][cmd->index / 32] & mask) &&
886 !delayed_reachability_test(si, i))
887 oid_array_append(&extra, &si->shallow->oid[i]);
888 opt.env = tmp_objdir_env(tmp_objdir);
890 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
891 if (check_connected(command_singleton_iterator, cmd, &opt)) {
892 rollback_lock_file(&shallow_lock);
893 oid_array_clear(&extra);
894 return -1;
895 }
896 commit_lock_file(&shallow_lock);
898 /*
900 * Make sure setup_alternate_shallow() for the next ref does
901 * not lose these new roots..
902 */
903 for (i = 0; i < extra.nr; i++)
904 register_shallow(&extra.oid[i]);
905 si->shallow_ref[cmd->index] = 0;
907 oid_array_clear(&extra);
908 return 0;
909}
910/*
912 * NEEDSWORK: we should consolidate various implementions of "are we
913 * on an unborn branch?" test into one, and make the unified one more
914 * robust. !get_sha1() based check used here and elsewhere would not
915 * allow us to tell an unborn branch from corrupt ref, for example.
916 * For the purpose of fixing "deploy-to-update does not work when
917 * pushing into an empty repository" issue, this should suffice for
918 * now.
919 */
920static int head_has_history(void)
921{
922 unsigned char sha1[20];
923 return !get_sha1("HEAD", sha1);
925}
926static const char *push_to_deploy(unsigned char *sha1,
928 struct argv_array *env,
929 const char *work_tree)
930{
931 const char *update_refresh[] = {
932 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
933 };
934 const char *diff_files[] = {
935 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
936 };
937 const char *diff_index[] = {
938 "diff-index", "--quiet", "--cached", "--ignore-submodules",
939 NULL, "--", NULL
940 };
941 const char *read_tree[] = {
942 "read-tree", "-u", "-m", NULL, NULL
943 };
944 struct child_process child = CHILD_PROCESS_INIT;
945 child.argv = update_refresh;
947 child.env = env->argv;
948 child.dir = work_tree;
949 child.no_stdin = 1;
950 child.stdout_to_stderr = 1;
951 child.git_cmd = 1;
952 if (run_command(&child))
953 return "Up-to-date check failed";
954 /* run_command() does not clean up completely; reinitialize */
956 child_process_init(&child);
957 child.argv = diff_files;
958 child.env = env->argv;
959 child.dir = work_tree;
960 child.no_stdin = 1;
961 child.stdout_to_stderr = 1;
962 child.git_cmd = 1;
963 if (run_command(&child))
964 return "Working directory has unstaged changes";
965 /* diff-index with either HEAD or an empty tree */
967 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
968 child_process_init(&child);
970 child.argv = diff_index;
971 child.env = env->argv;
972 child.no_stdin = 1;
973 child.no_stdout = 1;
974 child.stdout_to_stderr = 0;
975 child.git_cmd = 1;
976 if (run_command(&child))
977 return "Working directory has staged changes";
978 read_tree[3] = sha1_to_hex(sha1);
980 child_process_init(&child);
981 child.argv = read_tree;
982 child.env = env->argv;
983 child.dir = work_tree;
984 child.no_stdin = 1;
985 child.no_stdout = 1;
986 child.stdout_to_stderr = 0;
987 child.git_cmd = 1;
988 if (run_command(&child))
989 return "Could not update working tree to new HEAD";
990 return NULL;
992}
993static const char *push_to_checkout_hook = "push-to-checkout";
995static const char *push_to_checkout(unsigned char *sha1,
997 struct argv_array *env,
998 const char *work_tree)
999{
1000 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1001 if (run_hook_le(env->argv, push_to_checkout_hook,
1002 sha1_to_hex(sha1), NULL))
1003 return "push-to-checkout hook declined";
1004 else
1005 return NULL;
1006}
1007static const char *update_worktree(unsigned char *sha1)
1009{
1010 const char *retval;
1011 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1012 struct argv_array env = ARGV_ARRAY_INIT;
1013 if (is_bare_repository())
1015 return "denyCurrentBranch = updateInstead needs a worktree";
1016 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1018 if (!find_hook(push_to_checkout_hook))
1020 retval = push_to_deploy(sha1, &env, work_tree);
1021 else
1022 retval = push_to_checkout(sha1, &env, work_tree);
1023 argv_array_clear(&env);
1025 return retval;
1026}
1027static const char *update(struct command *cmd, struct shallow_info *si)
1029{
1030 const char *name = cmd->ref_name;
1031 struct strbuf namespaced_name_buf = STRBUF_INIT;
1032 static char *namespaced_name;
1033 const char *ret;
1034 struct object_id *old_oid = &cmd->old_oid;
1035 struct object_id *new_oid = &cmd->new_oid;
1036 /* only refs/... are allowed */
1038 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1039 rp_error("refusing to create funny ref '%s' remotely", name);
1040 return "funny refname";
1041 }
1042 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1044 free(namespaced_name);
1045 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1046 if (is_ref_checked_out(namespaced_name)) {
1048 switch (deny_current_branch) {
1049 case DENY_IGNORE:
1050 break;
1051 case DENY_WARN:
1052 rp_warning("updating the current branch");
1053 break;
1054 case DENY_REFUSE:
1055 case DENY_UNCONFIGURED:
1056 rp_error("refusing to update checked out branch: %s", name);
1057 if (deny_current_branch == DENY_UNCONFIGURED)
1058 refuse_unconfigured_deny();
1059 return "branch is currently checked out";
1060 case DENY_UPDATE_INSTEAD:
1061 ret = update_worktree(new_oid->hash);
1062 if (ret)
1063 return ret;
1064 break;
1065 }
1066 }
1067 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1069 error("unpack should have generated %s, "
1070 "but I can't find it!", oid_to_hex(new_oid));
1071 return "bad pack";
1072 }
1073 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1075 if (deny_deletes && starts_with(name, "refs/heads/")) {
1076 rp_error("denying ref deletion for %s", name);
1077 return "deletion prohibited";
1078 }
1079 if (head_name && !strcmp(namespaced_name, head_name)) {
1081 switch (deny_delete_current) {
1082 case DENY_IGNORE:
1083 break;
1084 case DENY_WARN:
1085 rp_warning("deleting the current branch");
1086 break;
1087 case DENY_REFUSE:
1088 case DENY_UNCONFIGURED:
1089 case DENY_UPDATE_INSTEAD:
1090 if (deny_delete_current == DENY_UNCONFIGURED)
1091 refuse_unconfigured_deny_delete_current();
1092 rp_error("refusing to delete the current branch: %s", name);
1093 return "deletion of the current branch prohibited";
1094 default:
1095 return "Invalid denyDeleteCurrent setting";
1096 }
1097 }
1098 }
1099 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1101 !is_null_oid(old_oid) &&
1102 starts_with(name, "refs/heads/")) {
1103 struct object *old_object, *new_object;
1104 struct commit *old_commit, *new_commit;
1105 old_object = parse_object(old_oid);
1107 new_object = parse_object(new_oid);
1108 if (!old_object || !new_object ||
1110 old_object->type != OBJ_COMMIT ||
1111 new_object->type != OBJ_COMMIT) {
1112 error("bad sha1 objects for %s", name);
1113 return "bad ref";
1114 }
1115 old_commit = (struct commit *)old_object;
1116 new_commit = (struct commit *)new_object;
1117 if (!in_merge_bases(old_commit, new_commit)) {
1118 rp_error("denying non-fast-forward %s"
1119 " (you should pull first)", name);
1120 return "non-fast-forward";
1121 }
1122 }
1123 if (run_update_hook(cmd)) {
1124 rp_error("hook declined to update %s", name);
1125 return "hook declined";
1126 }
1127 if (is_null_oid(new_oid)) {
1129 struct strbuf err = STRBUF_INIT;
1130 if (!parse_object(old_oid)) {
1131 old_oid = NULL;
1132 if (ref_exists(name)) {
1133 rp_warning("Allowing deletion of corrupt ref.");
1134 } else {
1135 rp_warning("Deleting a non-existent ref.");
1136 cmd->did_not_exist = 1;
1137 }
1138 }
1139 if (ref_transaction_delete(transaction,
1140 namespaced_name,
1141 old_oid->hash,
1142 0, "push", &err)) {
1143 rp_error("%s", err.buf);
1144 strbuf_release(&err);
1145 return "failed to delete";
1146 }
1147 strbuf_release(&err);
1148 return NULL; /* good */
1149 }
1150 else {
1151 struct strbuf err = STRBUF_INIT;
1152 if (shallow_update && si->shallow_ref[cmd->index] &&
1153 update_shallow_ref(cmd, si))
1154 return "shallow error";
1155 if (ref_transaction_update(transaction,
1157 namespaced_name,
1158 new_oid->hash, old_oid->hash,
1159 0, "push",
1160 &err)) {
1161 rp_error("%s", err.buf);
1162 strbuf_release(&err);
1163 return "failed to update ref";
1165 }
1166 strbuf_release(&err);
1167 return NULL; /* good */
1169 }
1170}
1171static void run_update_post_hook(struct command *commands)
1173{
1174 struct command *cmd;
1175 struct child_process proc = CHILD_PROCESS_INIT;
1176 const char *hook;
1177 hook = find_hook("post-update");
1179 if (!hook)
1180 return;
1181 for (cmd = commands; cmd; cmd = cmd->next) {
1183 if (cmd->error_string || cmd->did_not_exist)
1184 continue;
1185 if (!proc.args.argc)
1186 argv_array_push(&proc.args, hook);
1187 argv_array_push(&proc.args, cmd->ref_name);
1188 }
1189 if (!proc.args.argc)
1190 return;
1191 proc.no_stdin = 1;
1193 proc.stdout_to_stderr = 1;
1194 proc.err = use_sideband ? -1 : 0;
1195 if (!start_command(&proc)) {
1197 if (use_sideband)
1198 copy_to_sideband(proc.err, -1, NULL);
1199 finish_command(&proc);
1200 }
1201}
1202static void check_aliased_update(struct command *cmd, struct string_list *list)
1204{
1205 struct strbuf buf = STRBUF_INIT;
1206 const char *dst_name;
1207 struct string_list_item *item;
1208 struct command *dst_cmd;
1209 unsigned char sha1[GIT_MAX_RAWSZ];
1210 int flag;
1211 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1213 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1214 strbuf_release(&buf);
1215 if (!(flag & REF_ISSYMREF))
1217 return;
1218 if (!dst_name) {
1220 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1221 cmd->skip_update = 1;
1222 cmd->error_string = "broken symref";
1223 return;
1224 }
1225 dst_name = strip_namespace(dst_name);
1226 if ((item = string_list_lookup(list, dst_name)) == NULL)
1228 return;
1229 cmd->skip_update = 1;
1231 dst_cmd = (struct command *) item->util;
1233 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1235 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1236 return;
1237 dst_cmd->skip_update = 1;
1239 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1241 " its target '%s' (%s..%s)",
1242 cmd->ref_name,
1243 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1244 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1245 dst_cmd->ref_name,
1246 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1247 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1248 cmd->error_string = dst_cmd->error_string =
1250 "inconsistent aliased update";
1251}
1252static void check_aliased_updates(struct command *commands)
1254{
1255 struct command *cmd;
1256 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1257 for (cmd = commands; cmd; cmd = cmd->next) {
1259 struct string_list_item *item =
1260 string_list_append(&ref_list, cmd->ref_name);
1261 item->util = (void *)cmd;
1262 }
1263 string_list_sort(&ref_list);
1264 for (cmd = commands; cmd; cmd = cmd->next) {
1266 if (!cmd->error_string)
1267 check_aliased_update(cmd, &ref_list);
1268 }
1269 string_list_clear(&ref_list, 0);
1271}
1272static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1274{
1275 struct command **cmd_list = cb_data;
1276 struct command *cmd = *cmd_list;
1277 if (!cmd || is_null_oid(&cmd->new_oid))
1279 return -1; /* end of list */
1280 *cmd_list = NULL; /* this returns only one */
1281 hashcpy(sha1, cmd->new_oid.hash);
1282 return 0;
1283}
1284static void set_connectivity_errors(struct command *commands,
1286 struct shallow_info *si)
1287{
1288 struct command *cmd;
1289 for (cmd = commands; cmd; cmd = cmd->next) {
1291 struct command *singleton = cmd;
1292 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1293 if (shallow_update && si->shallow_ref[cmd->index])
1295 /* to be checked in update_shallow_ref() */
1296 continue;
1297 opt.env = tmp_objdir_env(tmp_objdir);
1299 if (!check_connected(command_singleton_iterator, &singleton,
1300 &opt))
1301 continue;
1302 cmd->error_string = "missing necessary objects";
1304 }
1305}
1306struct iterate_data {
1308 struct command *cmds;
1309 struct shallow_info *si;
1310};
1311static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1313{
1314 struct iterate_data *data = cb_data;
1315 struct command **cmd_list = &data->cmds;
1316 struct command *cmd = *cmd_list;
1317 for (; cmd; cmd = cmd->next) {
1319 if (shallow_update && data->si->shallow_ref[cmd->index])
1320 /* to be checked in update_shallow_ref() */
1321 continue;
1322 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1323 hashcpy(sha1, cmd->new_oid.hash);
1324 *cmd_list = cmd->next;
1325 return 0;
1326 }
1327 }
1328 *cmd_list = NULL;
1329 return -1; /* end of list */
1330}
1331static void reject_updates_to_hidden(struct command *commands)
1333{
1334 struct strbuf refname_full = STRBUF_INIT;
1335 size_t prefix_len;
1336 struct command *cmd;
1337 strbuf_addstr(&refname_full, get_git_namespace());
1339 prefix_len = refname_full.len;
1340 for (cmd = commands; cmd; cmd = cmd->next) {
1342 if (cmd->error_string)
1343 continue;
1344 strbuf_setlen(&refname_full, prefix_len);
1346 strbuf_addstr(&refname_full, cmd->ref_name);
1347 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1349 continue;
1350 if (is_null_oid(&cmd->new_oid))
1351 cmd->error_string = "deny deleting a hidden ref";
1352 else
1353 cmd->error_string = "deny updating a hidden ref";
1354 }
1355 strbuf_release(&refname_full);
1357}
1358static int should_process_cmd(struct command *cmd)
1360{
1361 return !cmd->error_string && !cmd->skip_update;
1362}
1363static void warn_if_skipped_connectivity_check(struct command *commands,
1365 struct shallow_info *si)
1366{
1367 struct command *cmd;
1368 int checked_connectivity = 1;
1369 for (cmd = commands; cmd; cmd = cmd->next) {
1371 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1372 error("BUG: connectivity check has not been run on ref %s",
1373 cmd->ref_name);
1374 checked_connectivity = 0;
1375 }
1376 }
1377 if (!checked_connectivity)
1378 die("BUG: connectivity check skipped???");
1379}
1380static void execute_commands_non_atomic(struct command *commands,
1382 struct shallow_info *si)
1383{
1384 struct command *cmd;
1385 struct strbuf err = STRBUF_INIT;
1386 for (cmd = commands; cmd; cmd = cmd->next) {
1388 if (!should_process_cmd(cmd))
1389 continue;
1390 transaction = ref_transaction_begin(&err);
1392 if (!transaction) {
1393 rp_error("%s", err.buf);
1394 strbuf_reset(&err);
1395 cmd->error_string = "transaction failed to start";
1396 continue;
1397 }
1398 cmd->error_string = update(cmd, si);
1400 if (!cmd->error_string
1402 && ref_transaction_commit(transaction, &err)) {
1403 rp_error("%s", err.buf);
1404 strbuf_reset(&err);
1405 cmd->error_string = "failed to update ref";
1406 }
1407 ref_transaction_free(transaction);
1408 }
1409 strbuf_release(&err);
1410}
1411static void execute_commands_atomic(struct command *commands,
1413 struct shallow_info *si)
1414{
1415 struct command *cmd;
1416 struct strbuf err = STRBUF_INIT;
1417 const char *reported_error = "atomic push failure";
1418 transaction = ref_transaction_begin(&err);
1420 if (!transaction) {
1421 rp_error("%s", err.buf);
1422 strbuf_reset(&err);
1423 reported_error = "transaction failed to start";
1424 goto failure;
1425 }
1426 for (cmd = commands; cmd; cmd = cmd->next) {
1428 if (!should_process_cmd(cmd))
1429 continue;
1430 cmd->error_string = update(cmd, si);
1432 if (cmd->error_string)
1434 goto failure;
1435 }
1436 if (ref_transaction_commit(transaction, &err)) {
1438 rp_error("%s", err.buf);
1439 reported_error = "atomic transaction failed";
1440 goto failure;
1441 }
1442 goto cleanup;
1443failure:
1445 for (cmd = commands; cmd; cmd = cmd->next)
1446 if (!cmd->error_string)
1447 cmd->error_string = reported_error;
1448cleanup:
1450 ref_transaction_free(transaction);
1451 strbuf_release(&err);
1452}
1453static void execute_commands(struct command *commands,
1455 const char *unpacker_error,
1456 struct shallow_info *si,
1457 const struct string_list *push_options)
1458{
1459 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1460 struct command *cmd;
1461 struct object_id oid;
1462 struct iterate_data data;
1463 struct async muxer;
1464 int err_fd = 0;
1465 if (unpacker_error) {
1467 for (cmd = commands; cmd; cmd = cmd->next)
1468 cmd->error_string = "unpacker error";
1469 return;
1470 }
1471 if (use_sideband) {
1473 memset(&muxer, 0, sizeof(muxer));
1474 muxer.proc = copy_to_sideband;
1475 muxer.in = -1;
1476 if (!start_async(&muxer))
1477 err_fd = muxer.in;
1478 /* ...else, continue without relaying sideband */
1479 }
1480 data.cmds = commands;
1482 data.si = si;
1483 opt.err_fd = err_fd;
1484 opt.progress = err_fd && !quiet;
1485 opt.env = tmp_objdir_env(tmp_objdir);
1486 if (check_connected(iterate_receive_command_list, &data, &opt))
1487 set_connectivity_errors(commands, si);
1488 if (use_sideband)
1490 finish_async(&muxer);
1491 reject_updates_to_hidden(commands);
1493 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1495 for (cmd = commands; cmd; cmd = cmd->next) {
1496 if (!cmd->error_string)
1497 cmd->error_string = "pre-receive hook declined";
1498 }
1499 return;
1500 }
1501 /*
1503 * Now we'll start writing out refs, which means the objects need
1504 * to be in their final positions so that other processes can see them.
1505 */
1506 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1507 for (cmd = commands; cmd; cmd = cmd->next) {
1508 if (!cmd->error_string)
1509 cmd->error_string = "unable to migrate objects to permanent storage";
1510 }
1511 return;
1512 }
1513 tmp_objdir = NULL;
1514 check_aliased_updates(commands);
1516 free(head_name_to_free);
1518 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1519 if (use_atomic)
1521 execute_commands_atomic(commands, si);
1522 else
1523 execute_commands_non_atomic(commands, si);
1524 if (shallow_update)
1526 warn_if_skipped_connectivity_check(commands, si);
1527}
1528static struct command **queue_command(struct command **tail,
1530 const char *line,
1531 int linelen)
1532{
1533 struct object_id old_oid, new_oid;
1534 struct command *cmd;
1535 const char *refname;
1536 int reflen;
1537 const char *p;
1538 if (parse_oid_hex(line, &old_oid, &p) ||
1540 *p++ != ' ' ||
1541 parse_oid_hex(p, &new_oid, &p) ||
1542 *p++ != ' ')
1543 die("protocol error: expected old/new/ref, got '%s'", line);
1544 refname = p;
1546 reflen = linelen - (p - line);
1547 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1548 oidcpy(&cmd->old_oid, &old_oid);
1549 oidcpy(&cmd->new_oid, &new_oid);
1550 *tail = cmd;
1551 return &cmd->next;
1552}
1553static void queue_commands_from_cert(struct command **tail,
1555 struct strbuf *push_cert)
1556{
1557 const char *boc, *eoc;
1558 if (*tail)
1560 die("protocol error: got both push certificate and unsigned commands");
1561 boc = strstr(push_cert->buf, "\n\n");
1563 if (!boc)
1564 die("malformed push certificate %.*s", 100, push_cert->buf);
1565 else
1566 boc += 2;
1567 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1568 while (boc < eoc) {
1570 const char *eol = memchr(boc, '\n', eoc - boc);
1571 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1572 boc = eol ? eol + 1 : eoc;
1573 }
1574}
1575static struct command *read_head_info(struct oid_array *shallow)
1577{
1578 struct command *commands = NULL;
1579 struct command **p = &commands;
1580 for (;;) {
1581 char *line;
1582 int len, linelen;
1583 line = packet_read_line(0, &len);
1585 if (!line)
1586 break;
1587 if (len > 8 && starts_with(line, "shallow ")) {
1589 struct object_id oid;
1590 if (get_oid_hex(line + 8, &oid))
1591 die("protocol error: expected shallow sha, got '%s'",
1592 line + 8);
1593 oid_array_append(shallow, &oid);
1594 continue;
1595 }
1596 linelen = strlen(line);
1598 if (linelen < len) {
1599 const char *feature_list = line + linelen + 1;
1600 if (parse_feature_request(feature_list, "report-status"))
1601 report_status = 1;
1602 if (parse_feature_request(feature_list, "side-band-64k"))
1603 use_sideband = LARGE_PACKET_MAX;
1604 if (parse_feature_request(feature_list, "quiet"))
1605 quiet = 1;
1606 if (advertise_atomic_push
1607 && parse_feature_request(feature_list, "atomic"))
1608 use_atomic = 1;
1609 if (advertise_push_options
1610 && parse_feature_request(feature_list, "push-options"))
1611 use_push_options = 1;
1612 }
1613 if (!strcmp(line, "push-cert")) {
1615 int true_flush = 0;
1616 char certbuf[1024];
1617 for (;;) {
1619 len = packet_read(0, NULL, NULL,
1620 certbuf, sizeof(certbuf), 0);
1621 if (!len) {
1622 true_flush = 1;
1623 break;
1624 }
1625 if (!strcmp(certbuf, "push-cert-end\n"))
1626 break; /* end of cert */
1627 strbuf_addstr(&push_cert, certbuf);
1628 }
1629 if (true_flush)
1631 break;
1632 continue;
1633 }
1634 p = queue_command(p, line, linelen);
1636 }
1637 if (push_cert.len)
1639 queue_commands_from_cert(p, &push_cert);
1640 return commands;
1642}
1643static void read_push_options(struct string_list *options)
1645{
1646 while (1) {
1647 char *line;
1648 int len;
1649 line = packet_read_line(0, &len);
1651 if (!line)
1653 break;
1654 string_list_append(options, line);
1656 }
1657}
1658static const char *parse_pack_header(struct pack_header *hdr)
1660{
1661 switch (read_pack_header(0, hdr)) {
1662 case PH_ERROR_EOF:
1663 return "eof before pack header was fully read";
1664 case PH_ERROR_PACK_SIGNATURE:
1666 return "protocol error (pack signature mismatch detected)";
1667 case PH_ERROR_PROTOCOL:
1669 return "protocol error (pack version unsupported)";
1670 default:
1672 return "unknown error in parse_pack_header";
1673 case 0:
1675 return NULL;
1676 }
1677}
1678static const char *pack_lockfile;
1680static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1682{
1683 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1684 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1685}
1686static const char *unpack(int err_fd, struct shallow_info *si)
1688{
1689 struct pack_header hdr;
1690 const char *hdr_err;
1691 int status;
1692 struct child_process child = CHILD_PROCESS_INIT;
1693 int fsck_objects = (receive_fsck_objects >= 0
1694 ? receive_fsck_objects
1695 : transfer_fsck_objects >= 0
1696 ? transfer_fsck_objects
1697 : 0);
1698 hdr_err = parse_pack_header(&hdr);
1700 if (hdr_err) {
1701 if (err_fd > 0)
1702 close(err_fd);
1703 return hdr_err;
1704 }
1705 if (si->nr_ours || si->nr_theirs) {
1707 alt_shallow_file = setup_temporary_shallow(si->shallow);
1708 argv_array_push(&child.args, "--shallow-file");
1709 argv_array_push(&child.args, alt_shallow_file);
1710 }
1711 tmp_objdir = tmp_objdir_create();
1713 if (!tmp_objdir) {
1714 if (err_fd > 0)
1715 close(err_fd);
1716 return "unable to create temporary object directory";
1717 }
1718 child.env = tmp_objdir_env(tmp_objdir);
1719 /*
1721 * Normally we just pass the tmp_objdir environment to the child
1722 * processes that do the heavy lifting, but we may need to see these
1723 * objects ourselves to set up shallow information.
1724 */
1725 tmp_objdir_add_as_alternate(tmp_objdir);
1726 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1728 argv_array_push(&child.args, "unpack-objects");
1729 push_header_arg(&child.args, &hdr);
1730 if (quiet)
1731 argv_array_push(&child.args, "-q");
1732 if (fsck_objects)
1733 argv_array_pushf(&child.args, "--strict%s",
1734 fsck_msg_types.buf);
1735 if (max_input_size)
1736 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1737 (uintmax_t)max_input_size);
1738 child.no_stdout = 1;
1739 child.err = err_fd;
1740 child.git_cmd = 1;
1741 status = run_command(&child);
1742 if (status)
1743 return "unpack-objects abnormal exit";
1744 } else {
1745 char hostname[HOST_NAME_MAX + 1];
1746 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1748 push_header_arg(&child.args, &hdr);
1749 if (xgethostname(hostname, sizeof(hostname)))
1751 xsnprintf(hostname, sizeof(hostname), "localhost");
1752 argv_array_pushf(&child.args,
1753 "--keep=receive-pack %"PRIuMAX" on %s",
1754 (uintmax_t)getpid(),
1755 hostname);
1756 if (!quiet && err_fd)
1758 argv_array_push(&child.args, "--show-resolving-progress");
1759 if (use_sideband)
1760 argv_array_push(&child.args, "--report-end-of-input");
1761 if (fsck_objects)
1762 argv_array_pushf(&child.args, "--strict%s",
1763 fsck_msg_types.buf);
1764 if (!reject_thin)
1765 argv_array_push(&child.args, "--fix-thin");
1766 if (max_input_size)
1767 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1768 (uintmax_t)max_input_size);
1769 child.out = -1;
1770 child.err = err_fd;
1771 child.git_cmd = 1;
1772 status = start_command(&child);
1773 if (status)
1774 return "index-pack fork failed";
1775 pack_lockfile = index_pack_lockfile(child.out);
1776 close(child.out);
1777 status = finish_command(&child);
1778 if (status)
1779 return "index-pack abnormal exit";
1780 reprepare_packed_git();
1781 }
1782 return NULL;
1783}
1784static const char *unpack_with_sideband(struct shallow_info *si)
1786{
1787 struct async muxer;
1788 const char *ret;
1789 if (!use_sideband)
1791 return unpack(0, si);
1792 use_keepalive = KEEPALIVE_AFTER_NUL;
1794 memset(&muxer, 0, sizeof(muxer));
1795 muxer.proc = copy_to_sideband;
1796 muxer.in = -1;
1797 if (start_async(&muxer))
1798 return NULL;
1799 ret = unpack(muxer.in, si);
1801 finish_async(&muxer);
1803 return ret;
1804}
1805static void prepare_shallow_update(struct command *commands,
1807 struct shallow_info *si)
1808{
1809 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1810 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1812 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1813 si->need_reachability_test =
1815 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1816 si->reachable =
1817 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1818 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1819 for (i = 0; i < si->nr_ours; i++)
1821 si->need_reachability_test[si->ours[i]] = 1;
1822 for (i = 0; i < si->shallow->nr; i++) {
1824 if (!si->used_shallow[i])
1825 continue;
1826 for (j = 0; j < bitmap_size; j++) {
1827 if (!si->used_shallow[i][j])
1828 continue;
1829 si->need_reachability_test[i]++;
1830 for (k = 0; k < 32; k++)
1831 if (si->used_shallow[i][j] & (1U << k))
1832 si->shallow_ref[j * 32 + k]++;
1833 }
1834 /*
1836 * true for those associated with some refs and belong
1837 * in "ours" list aka "step 7 not done yet"
1838 */
1839 si->need_reachability_test[i] =
1840 si->need_reachability_test[i] > 1;
1841 }
1842 /*
1844 * keep hooks happy by forcing a temporary shallow file via
1845 * env variable because we can't add --shallow-file to every
1846 * command. check_everything_connected() will be done with
1847 * true .git/shallow though.
1848 */
1849 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1850}
1851static void update_shallow_info(struct command *commands,
1853 struct shallow_info *si,
1854 struct oid_array *ref)
1855{
1856 struct command *cmd;
1857 int *ref_status;
1858 remove_nonexistent_theirs_shallow(si);
1859 if (!si->nr_ours && !si->nr_theirs) {
1860 shallow_update = 0;
1861 return;
1862 }
1863 for (cmd = commands; cmd; cmd = cmd->next) {
1865 if (is_null_oid(&cmd->new_oid))
1866 continue;
1867 oid_array_append(ref, &cmd->new_oid);
1868 cmd->index = ref->nr - 1;
1869 }
1870 si->ref = ref;
1871 if (shallow_update) {
1873 prepare_shallow_update(commands, si);
1874 return;
1875 }
1876 ALLOC_ARRAY(ref_status, ref->nr);
1878 assign_shallow_commits_to_refs(si, NULL, ref_status);
1879 for (cmd = commands; cmd; cmd = cmd->next) {
1880 if (is_null_oid(&cmd->new_oid))
1881 continue;
1882 if (ref_status[cmd->index]) {
1883 cmd->error_string = "shallow update not allowed";
1884 cmd->skip_update = 1;
1885 }
1886 }
1887 free(ref_status);
1888}
1889static void report(struct command *commands, const char *unpack_status)
1891{
1892 struct command *cmd;
1893 struct strbuf buf = STRBUF_INIT;
1894 packet_buf_write(&buf, "unpack %s\n",
1896 unpack_status ? unpack_status : "ok");
1897 for (cmd = commands; cmd; cmd = cmd->next) {
1898 if (!cmd->error_string)
1899 packet_buf_write(&buf, "ok %s\n",
1900 cmd->ref_name);
1901 else
1902 packet_buf_write(&buf, "ng %s %s\n",
1903 cmd->ref_name, cmd->error_string);
1904 }
1905 packet_buf_flush(&buf);
1906 if (use_sideband)
1908 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1909 else
1910 write_or_die(1, buf.buf, buf.len);
1911 strbuf_release(&buf);
1912}
1913static int delete_only(struct command *commands)
1915{
1916 struct command *cmd;
1917 for (cmd = commands; cmd; cmd = cmd->next) {
1918 if (!is_null_oid(&cmd->new_oid))
1919 return 0;
1920 }
1921 return 1;
1922}
1923int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1925{
1926 int advertise_refs = 0;
1927 struct command *commands;
1928 struct oid_array shallow = OID_ARRAY_INIT;
1929 struct oid_array ref = OID_ARRAY_INIT;
1930 struct shallow_info si;
1931 struct option options[] = {
1933 OPT__QUIET(&quiet, N_("quiet")),
1934 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1935 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1936 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1937 OPT_END()
1938 };
1939 packet_trace_identity("receive-pack");
1941 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1943 if (argc > 1)
1945 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1946 if (argc == 0)
1947 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1948 service_dir = argv[0];
1950 setup_path();
1952 if (!enter_repo(service_dir, 0))
1954 die("'%s' does not appear to be a git repository", service_dir);
1955 git_config(receive_pack_config, NULL);
1957 if (cert_nonce_seed)
1958 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1959 if (0 <= transfer_unpack_limit)
1961 unpack_limit = transfer_unpack_limit;
1962 else if (0 <= receive_unpack_limit)
1963 unpack_limit = receive_unpack_limit;
1964 if (advertise_refs || !stateless_rpc) {
1966 write_head_info();
1967 }
1968 if (advertise_refs)
1969 return 0;
1970 if ((commands = read_head_info(&shallow)) != NULL) {
1972 const char *unpack_status = NULL;
1973 struct string_list push_options = STRING_LIST_INIT_DUP;
1974 if (use_push_options)
1976 read_push_options(&push_options);
1977 if (!check_cert_push_options(&push_options)) {
1978 struct command *cmd;
1979 for (cmd = commands; cmd; cmd = cmd->next)
1980 cmd->error_string = "inconsistent push options";
1981 }
1982 prepare_shallow_info(&si, &shallow);
1984 if (!si.nr_ours && !si.nr_theirs)
1985 shallow_update = 0;
1986 if (!delete_only(commands)) {
1987 unpack_status = unpack_with_sideband(&si);
1988 update_shallow_info(commands, &si, &ref);
1989 }
1990 use_keepalive = KEEPALIVE_ALWAYS;
1991 execute_commands(commands, unpack_status, &si,
1992 &push_options);
1993 if (pack_lockfile)
1994 unlink_or_warn(pack_lockfile);
1995 if (report_status)
1996 report(commands, unpack_status);
1997 run_receive_hook(commands, "post-receive", 1,
1998 &push_options);
1999 run_update_post_hook(commands);
2000 string_list_clear(&push_options, 0);
2001 if (auto_gc) {
2002 const char *argv_gc_auto[] = {
2003 "gc", "--auto", "--quiet", NULL,
2004 };
2005 struct child_process proc = CHILD_PROCESS_INIT;
2006 proc.no_stdin = 1;
2008 proc.stdout_to_stderr = 1;
2009 proc.err = use_sideband ? -1 : 0;
2010 proc.git_cmd = 1;
2011 proc.argv = argv_gc_auto;
2012 close_all_packs();
2014 if (!start_command(&proc)) {
2015 if (use_sideband)
2016 copy_to_sideband(proc.err, -1, NULL);
2017 finish_command(&proc);
2018 }
2019 }
2020 if (auto_update_server_info)
2021 update_server_info(0);
2022 clear_shallow_info(&si);
2023 }
2024 if (use_sideband)
2025 packet_flush(1);
2026 oid_array_clear(&shallow);
2027 oid_array_clear(&ref);
2028 free((void *)push_cert_nonce);
2029 return 0;
2030}