1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30static const char * const receive_pack_usage[] = {
32 N_("git receive-pack <git-dir>"),
33 NULL
34};
35enum deny_action {
37 DENY_UNCONFIGURED,
38 DENY_IGNORE,
39 DENY_WARN,
40 DENY_REFUSE,
41 DENY_UPDATE_INSTEAD
42};
43static int deny_deletes;
45static int deny_non_fast_forwards;
46static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
47static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
48static int receive_fsck_objects = -1;
49static int transfer_fsck_objects = -1;
50static struct strbuf fsck_msg_types = STRBUF_INIT;
51static int receive_unpack_limit = -1;
52static int transfer_unpack_limit = -1;
53static int advertise_atomic_push = 1;
54static int advertise_push_options;
55static int unpack_limit = 100;
56static off_t max_input_size;
57static int report_status;
58static int use_sideband;
59static int use_atomic;
60static int use_push_options;
61static int quiet;
62static int prefer_ofs_delta = 1;
63static int auto_update_server_info;
64static int auto_gc = 1;
65static int reject_thin;
66static int stateless_rpc;
67static const char *service_dir;
68static const char *head_name;
69static void *head_name_to_free;
70static int sent_capabilities;
71static int shallow_update;
72static const char *alt_shallow_file;
73static struct strbuf push_cert = STRBUF_INIT;
74static struct object_id push_cert_oid;
75static struct signature_check sigcheck;
76static const char *push_cert_nonce;
77static const char *cert_nonce_seed;
78static const char *NONCE_UNSOLICITED = "UNSOLICITED";
80static const char *NONCE_BAD = "BAD";
81static const char *NONCE_MISSING = "MISSING";
82static const char *NONCE_OK = "OK";
83static const char *NONCE_SLOP = "SLOP";
84static const char *nonce_status;
85static long nonce_stamp_slop;
86static timestamp_t nonce_stamp_slop_limit;
87static struct ref_transaction *transaction;
88static enum {
90 KEEPALIVE_NEVER = 0,
91 KEEPALIVE_AFTER_NUL,
92 KEEPALIVE_ALWAYS
93} use_keepalive;
94static int keepalive_in_sec = 5;
95static struct tmp_objdir *tmp_objdir;
97static enum deny_action parse_deny_action(const char *var, const char *value)
99{
100 if (value) {
101 if (!strcasecmp(value, "ignore"))
102 return DENY_IGNORE;
103 if (!strcasecmp(value, "warn"))
104 return DENY_WARN;
105 if (!strcasecmp(value, "refuse"))
106 return DENY_REFUSE;
107 if (!strcasecmp(value, "updateinstead"))
108 return DENY_UPDATE_INSTEAD;
109 }
110 if (git_config_bool(var, value))
111 return DENY_REFUSE;
112 return DENY_IGNORE;
113}
114static int receive_pack_config(const char *var, const char *value, void *cb)
116{
117 int status = parse_hide_refs_config(var, value, "receive");
118 if (status)
120 return status;
121 if (strcmp(var, "receive.denydeletes") == 0) {
123 deny_deletes = git_config_bool(var, value);
124 return 0;
125 }
126 if (strcmp(var, "receive.denynonfastforwards") == 0) {
128 deny_non_fast_forwards = git_config_bool(var, value);
129 return 0;
130 }
131 if (strcmp(var, "receive.unpacklimit") == 0) {
133 receive_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136 if (strcmp(var, "transfer.unpacklimit") == 0) {
138 transfer_unpack_limit = git_config_int(var, value);
139 return 0;
140 }
141 if (strcmp(var, "receive.fsck.skiplist") == 0) {
143 const char *path;
144 if (git_config_pathname(&path, var, value))
146 return 1;
147 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
148 fsck_msg_types.len ? ',' : '=', path);
149 free((char *)path);
150 return 0;
151 }
152 if (skip_prefix(var, "receive.fsck.", &var)) {
154 if (is_valid_msg_type(var, value))
155 strbuf_addf(&fsck_msg_types, "%c%s=%s",
156 fsck_msg_types.len ? ',' : '=', var, value);
157 else
158 warning("Skipping unknown msg id '%s'", var);
159 return 0;
160 }
161 if (strcmp(var, "receive.fsckobjects") == 0) {
163 receive_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166 if (strcmp(var, "transfer.fsckobjects") == 0) {
168 transfer_fsck_objects = git_config_bool(var, value);
169 return 0;
170 }
171 if (!strcmp(var, "receive.denycurrentbranch")) {
173 deny_current_branch = parse_deny_action(var, value);
174 return 0;
175 }
176 if (strcmp(var, "receive.denydeletecurrent") == 0) {
178 deny_delete_current = parse_deny_action(var, value);
179 return 0;
180 }
181 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
183 prefer_ofs_delta = git_config_bool(var, value);
184 return 0;
185 }
186 if (strcmp(var, "receive.updateserverinfo") == 0) {
188 auto_update_server_info = git_config_bool(var, value);
189 return 0;
190 }
191 if (strcmp(var, "receive.autogc") == 0) {
193 auto_gc = git_config_bool(var, value);
194 return 0;
195 }
196 if (strcmp(var, "receive.shallowupdate") == 0) {
198 shallow_update = git_config_bool(var, value);
199 return 0;
200 }
201 if (strcmp(var, "receive.certnonceseed") == 0)
203 return git_config_string(&cert_nonce_seed, var, value);
204 if (strcmp(var, "receive.certnonceslop") == 0) {
206 nonce_stamp_slop_limit = git_config_ulong(var, value);
207 return 0;
208 }
209 if (strcmp(var, "receive.advertiseatomic") == 0) {
211 advertise_atomic_push = git_config_bool(var, value);
212 return 0;
213 }
214 if (strcmp(var, "receive.advertisepushoptions") == 0) {
216 advertise_push_options = git_config_bool(var, value);
217 return 0;
218 }
219 if (strcmp(var, "receive.keepalive") == 0) {
221 keepalive_in_sec = git_config_int(var, value);
222 return 0;
223 }
224 if (strcmp(var, "receive.maxinputsize") == 0) {
226 max_input_size = git_config_int64(var, value);
227 return 0;
228 }
229 return git_default_config(var, value, cb);
231}
232static void show_ref(const char *path, const struct object_id *oid)
234{
235 if (sent_capabilities) {
236 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
237 } else {
238 struct strbuf cap = STRBUF_INIT;
239 strbuf_addstr(&cap,
241 "report-status delete-refs side-band-64k quiet");
242 if (advertise_atomic_push)
243 strbuf_addstr(&cap, " atomic");
244 if (prefer_ofs_delta)
245 strbuf_addstr(&cap, " ofs-delta");
246 if (push_cert_nonce)
247 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
248 if (advertise_push_options)
249 strbuf_addstr(&cap, " push-options");
250 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
251 packet_write_fmt(1, "%s %s%c%s\n",
252 oid_to_hex(oid), path, 0, cap.buf);
253 strbuf_release(&cap);
254 sent_capabilities = 1;
255 }
256}
257static int show_ref_cb(const char *path_full, const struct object_id *oid,
259 int flag, void *data)
260{
261 struct oidset *seen = data;
262 const char *path = strip_namespace(path_full);
263 if (ref_is_hidden(path, path_full))
265 return 0;
266 /*
268 * Advertise refs outside our current namespace as ".have"
269 * refs, so that the client can use them to minimize data
270 * transfer but will otherwise ignore them.
271 */
272 if (!path) {
273 if (oidset_insert(seen, oid))
274 return 0;
275 path = ".have";
276 } else {
277 oidset_insert(seen, oid);
278 }
279 show_ref(path, oid);
280 return 0;
281}
282static void show_one_alternate_ref(const char *refname,
284 const struct object_id *oid,
285 void *data)
286{
287 struct oidset *seen = data;
288 if (oidset_insert(seen, oid))
290 return;
291 show_ref(".have", oid);
293}
294static void write_head_info(void)
296{
297 static struct oidset seen = OIDSET_INIT;
298 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304 advertise_shallow_grafts(1);
306 /* EOF */
308 packet_flush(1);
309}
310struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320};
321static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324static void report_message(const char *prefix, const char *err, va_list params)
326{
327 int sz;
328 char msg[4096];
329 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340}
341static void rp_warning(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348}
349static void rp_error(const char *err, ...)
351{
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356}
357static int copy_to_sideband(int in, int out, void *arg)
359{
360 char data[128];
361 int keepalive_active = 0;
362 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367 while (1) {
369 ssize_t sz;
370 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419}
420#define HMAC_BLOCK_SIZE 64
422static void hmac_sha1(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426{
427 unsigned char key[HMAC_BLOCK_SIZE];
428 unsigned char k_ipad[HMAC_BLOCK_SIZE];
429 unsigned char k_opad[HMAC_BLOCK_SIZE];
430 int i;
431 git_SHA_CTX ctx;
432 /* RFC 2104 2. (1) */
434 memset(key, '\0', HMAC_BLOCK_SIZE);
435 if (HMAC_BLOCK_SIZE < key_len) {
436 git_SHA1_Init(&ctx);
437 git_SHA1_Update(&ctx, key_in, key_len);
438 git_SHA1_Final(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448 /* RFC 2104 2. (3) & (4) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
452 git_SHA1_Update(&ctx, text, text_len);
453 git_SHA1_Final(out, &ctx);
454 /* RFC 2104 2. (6) & (7) */
456 git_SHA1_Init(&ctx);
457 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
458 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
459 git_SHA1_Final(out, &ctx);
460}
461static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463{
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char sha1[GIT_SHA1_RAWSZ];
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
469 strbuf_release(&buf);
470 /* RFC 2104 5. HMAC-SHA1-80 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
473 return strbuf_detach(&buf, NULL);
474}
475/*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483{
484 int key_len = strlen(key);
485 const char *line = msg;
486 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502}
503static const char *check_nonce(const char *buf, size_t len)
505{
506 char *nonce = find_header(buf, len, "nonce", NULL);
507 timestamp_t stamp, ostamp;
508 char *bohmac, *expect = NULL;
509 const char *retval = NONCE_BAD;
510 if (!nonce) {
512 retval = NONCE_MISSING;
513 goto leave;
514 } else if (!push_cert_nonce) {
515 retval = NONCE_UNSOLICITED;
516 goto leave;
517 } else if (!strcmp(push_cert_nonce, nonce)) {
518 retval = NONCE_OK;
519 goto leave;
520 }
521 if (!stateless_rpc) {
523 /* returned nonce MUST match what we gave out earlier */
524 retval = NONCE_BAD;
525 goto leave;
526 }
527 /*
529 * In stateless mode, we may be receiving a nonce issued by
530 * another instance of the server that serving the same
531 * repository, and the timestamps may not match, but the
532 * nonce-seed and dir should match, so we can recompute and
533 * report the time slop.
534 *
535 * In addition, when a nonce issued by another instance has
536 * timestamp within receive.certnonceslop seconds, we pretend
537 * as if we issued that nonce when reporting to the hook.
538 */
539 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
541 if (*nonce <= '0' || '9' < *nonce) {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545 stamp = parse_timestamp(nonce, &bohmac, 10);
546 if (bohmac == nonce || bohmac[0] != '-') {
547 retval = NONCE_BAD;
548 goto leave;
549 }
550 expect = prepare_push_cert_nonce(service_dir, stamp);
552 if (strcmp(expect, nonce)) {
553 /* Not what we would have signed earlier */
554 retval = NONCE_BAD;
555 goto leave;
556 }
557 /*
559 * By how many seconds is this nonce stale? Negative value
560 * would mean it was issued by another server with its clock
561 * skewed in the future.
562 */
563 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
564 nonce_stamp_slop = (long)ostamp - (long)stamp;
565 if (nonce_stamp_slop_limit &&
567 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
568 /*
569 * Pretend as if the received nonce (which passes the
570 * HMAC check, so it is not a forged by third-party)
571 * is what we issued.
572 */
573 free((void *)push_cert_nonce);
574 push_cert_nonce = xstrdup(nonce);
575 retval = NONCE_OK;
576 } else {
577 retval = NONCE_SLOP;
578 }
579leave:
581 free(nonce);
582 free(expect);
583 return retval;
584}
585/*
587 * Return 1 if there is no push_cert or if the push options in push_cert are
588 * the same as those in the argument; 0 otherwise.
589 */
590static int check_cert_push_options(const struct string_list *push_options)
591{
592 const char *buf = push_cert.buf;
593 int len = push_cert.len;
594 char *option;
596 const char *next_line;
597 int options_seen = 0;
598 int retval = 1;
600 if (!len)
602 return 1;
603 while ((option = find_header(buf, len, "push-option", &next_line))) {
605 len -= (next_line - buf);
606 buf = next_line;
607 options_seen++;
608 if (options_seen > push_options->nr
609 || strcmp(option,
610 push_options->items[options_seen - 1].string)) {
611 retval = 0;
612 goto leave;
613 }
614 free(option);
615 }
616 if (options_seen != push_options->nr)
618 retval = 0;
619leave:
621 free(option);
622 return retval;
623}
624static void prepare_push_cert_sha1(struct child_process *proc)
626{
627 static int already_done;
628 if (!push_cert.len)
630 return;
631 if (!already_done) {
633 int bogs /* beginning_of_gpg_sig */;
634 already_done = 1;
636 if (write_object_file(push_cert.buf, push_cert.len, "blob",
637 &push_cert_oid))
638 oidclr(&push_cert_oid);
639 memset(&sigcheck, '\0', sizeof(sigcheck));
641 bogs = parse_signature(push_cert.buf, push_cert.len);
643 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
644 push_cert.len - bogs, &sigcheck);
645 nonce_status = check_nonce(push_cert.buf, bogs);
647 }
648 if (!is_null_oid(&push_cert_oid)) {
649 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
650 oid_to_hex(&push_cert_oid));
651 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
652 sigcheck.signer ? sigcheck.signer : "");
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
654 sigcheck.key ? sigcheck.key : "");
655 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
656 sigcheck.result);
657 if (push_cert_nonce) {
658 argv_array_pushf(&proc->env_array,
659 "GIT_PUSH_CERT_NONCE=%s",
660 push_cert_nonce);
661 argv_array_pushf(&proc->env_array,
662 "GIT_PUSH_CERT_NONCE_STATUS=%s",
663 nonce_status);
664 if (nonce_status == NONCE_SLOP)
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
667 nonce_stamp_slop);
668 }
669 }
670}
671struct receive_hook_feed_state {
673 struct command *cmd;
674 int skip_broken;
675 struct strbuf buf;
676 const struct string_list *push_options;
677};
678typedef int (*feed_fn)(void *, const char **, size_t *);
680static int run_and_feed_hook(const char *hook_name, feed_fn feed,
681 struct receive_hook_feed_state *feed_state)
682{
683 struct child_process proc = CHILD_PROCESS_INIT;
684 struct async muxer;
685 const char *argv[2];
686 int code;
687 argv[0] = find_hook(hook_name);
689 if (!argv[0])
690 return 0;
691 argv[1] = NULL;
693 proc.argv = argv;
695 proc.in = -1;
696 proc.stdout_to_stderr = 1;
697 if (feed_state->push_options) {
698 int i;
699 for (i = 0; i < feed_state->push_options->nr; i++)
700 argv_array_pushf(&proc.env_array,
701 "GIT_PUSH_OPTION_%d=%s", i,
702 feed_state->push_options->items[i].string);
703 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
704 feed_state->push_options->nr);
705 } else
706 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
707 if (tmp_objdir)
709 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
710 if (use_sideband) {
712 memset(&muxer, 0, sizeof(muxer));
713 muxer.proc = copy_to_sideband;
714 muxer.in = -1;
715 code = start_async(&muxer);
716 if (code)
717 return code;
718 proc.err = muxer.in;
719 }
720 prepare_push_cert_sha1(&proc);
722 code = start_command(&proc);
724 if (code) {
725 if (use_sideband)
726 finish_async(&muxer);
727 return code;
728 }
729 sigchain_push(SIGPIPE, SIG_IGN);
731 while (1) {
733 const char *buf;
734 size_t n;
735 if (feed(feed_state, &buf, &n))
736 break;
737 if (write_in_full(proc.in, buf, n) < 0)
738 break;
739 }
740 close(proc.in);
741 if (use_sideband)
742 finish_async(&muxer);
743 sigchain_pop(SIGPIPE);
745 return finish_command(&proc);
747}
748static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
750{
751 struct receive_hook_feed_state *state = state_;
752 struct command *cmd = state->cmd;
753 while (cmd &&
755 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
756 cmd = cmd->next;
757 if (!cmd)
758 return -1; /* EOF */
759 strbuf_reset(&state->buf);
760 strbuf_addf(&state->buf, "%s %s %s\n",
761 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
762 cmd->ref_name);
763 state->cmd = cmd->next;
764 if (bufp) {
765 *bufp = state->buf.buf;
766 *sizep = state->buf.len;
767 }
768 return 0;
769}
770static int run_receive_hook(struct command *commands,
772 const char *hook_name,
773 int skip_broken,
774 const struct string_list *push_options)
775{
776 struct receive_hook_feed_state state;
777 int status;
778 strbuf_init(&state.buf, 0);
780 state.cmd = commands;
781 state.skip_broken = skip_broken;
782 if (feed_receive_hook(&state, NULL, NULL))
783 return 0;
784 state.cmd = commands;
785 state.push_options = push_options;
786 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
787 strbuf_release(&state.buf);
788 return status;
789}
790static int run_update_hook(struct command *cmd)
792{
793 const char *argv[5];
794 struct child_process proc = CHILD_PROCESS_INIT;
795 int code;
796 argv[0] = find_hook("update");
798 if (!argv[0])
799 return 0;
800 argv[1] = cmd->ref_name;
802 argv[2] = oid_to_hex(&cmd->old_oid);
803 argv[3] = oid_to_hex(&cmd->new_oid);
804 argv[4] = NULL;
805 proc.no_stdin = 1;
807 proc.stdout_to_stderr = 1;
808 proc.err = use_sideband ? -1 : 0;
809 proc.argv = argv;
810 code = start_command(&proc);
812 if (code)
813 return code;
814 if (use_sideband)
815 copy_to_sideband(proc.err, -1, NULL);
816 return finish_command(&proc);
817}
818static int is_ref_checked_out(const char *ref)
820{
821 if (is_bare_repository())
822 return 0;
823 if (!head_name)
825 return 0;
826 return !strcmp(head_name, ref);
827}
828static char *refuse_unconfigured_deny_msg =
830 N_("By default, updating the current branch in a non-bare repository\n"
831 "is denied, because it will make the index and work tree inconsistent\n"
832 "with what you pushed, and will require 'git reset --hard' to match\n"
833 "the work tree to HEAD.\n"
834 "\n"
835 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
836 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
837 "its current branch; however, this is not recommended unless you\n"
838 "arranged to update its work tree to match what you pushed in some\n"
839 "other way.\n"
840 "\n"
841 "To squelch this message and still keep the default behaviour, set\n"
842 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
843static void refuse_unconfigured_deny(void)
845{
846 rp_error("%s", _(refuse_unconfigured_deny_msg));
847}
848static char *refuse_unconfigured_deny_delete_current_msg =
850 N_("By default, deleting the current branch is denied, because the next\n"
851 "'git clone' won't result in any file checked out, causing confusion.\n"
852 "\n"
853 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
854 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
855 "current branch, with or without a warning message.\n"
856 "\n"
857 "To squelch this message, you can set it to 'refuse'.");
858static void refuse_unconfigured_deny_delete_current(void)
860{
861 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
862}
863static int command_singleton_iterator(void *cb_data, struct object_id *oid);
865static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
866{
867 struct lock_file shallow_lock = LOCK_INIT;
868 struct oid_array extra = OID_ARRAY_INIT;
869 struct check_connected_options opt = CHECK_CONNECTED_INIT;
870 uint32_t mask = 1 << (cmd->index % 32);
871 int i;
872 trace_printf_key(&trace_shallow,
874 "shallow: update_shallow_ref %s\n", cmd->ref_name);
875 for (i = 0; i < si->shallow->nr; i++)
876 if (si->used_shallow[i] &&
877 (si->used_shallow[i][cmd->index / 32] & mask) &&
878 !delayed_reachability_test(si, i))
879 oid_array_append(&extra, &si->shallow->oid[i]);
880 opt.env = tmp_objdir_env(tmp_objdir);
882 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
883 if (check_connected(command_singleton_iterator, cmd, &opt)) {
884 rollback_lock_file(&shallow_lock);
885 oid_array_clear(&extra);
886 return -1;
887 }
888 commit_lock_file(&shallow_lock);
890 /*
892 * Make sure setup_alternate_shallow() for the next ref does
893 * not lose these new roots..
894 */
895 for (i = 0; i < extra.nr; i++)
896 register_shallow(the_repository, &extra.oid[i]);
897 si->shallow_ref[cmd->index] = 0;
899 oid_array_clear(&extra);
900 return 0;
901}
902/*
904 * NEEDSWORK: we should consolidate various implementions of "are we
905 * on an unborn branch?" test into one, and make the unified one more
906 * robust. !get_sha1() based check used here and elsewhere would not
907 * allow us to tell an unborn branch from corrupt ref, for example.
908 * For the purpose of fixing "deploy-to-update does not work when
909 * pushing into an empty repository" issue, this should suffice for
910 * now.
911 */
912static int head_has_history(void)
913{
914 struct object_id oid;
915 return !get_oid("HEAD", &oid);
917}
918static const char *push_to_deploy(unsigned char *sha1,
920 struct argv_array *env,
921 const char *work_tree)
922{
923 const char *update_refresh[] = {
924 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
925 };
926 const char *diff_files[] = {
927 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
928 };
929 const char *diff_index[] = {
930 "diff-index", "--quiet", "--cached", "--ignore-submodules",
931 NULL, "--", NULL
932 };
933 const char *read_tree[] = {
934 "read-tree", "-u", "-m", NULL, NULL
935 };
936 struct child_process child = CHILD_PROCESS_INIT;
937 child.argv = update_refresh;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.stdout_to_stderr = 1;
943 child.git_cmd = 1;
944 if (run_command(&child))
945 return "Up-to-date check failed";
946 /* run_command() does not clean up completely; reinitialize */
948 child_process_init(&child);
949 child.argv = diff_files;
950 child.env = env->argv;
951 child.dir = work_tree;
952 child.no_stdin = 1;
953 child.stdout_to_stderr = 1;
954 child.git_cmd = 1;
955 if (run_command(&child))
956 return "Working directory has unstaged changes";
957 /* diff-index with either HEAD or an empty tree */
959 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
960 child_process_init(&child);
962 child.argv = diff_index;
963 child.env = env->argv;
964 child.no_stdin = 1;
965 child.no_stdout = 1;
966 child.stdout_to_stderr = 0;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has staged changes";
970 read_tree[3] = sha1_to_hex(sha1);
972 child_process_init(&child);
973 child.argv = read_tree;
974 child.env = env->argv;
975 child.dir = work_tree;
976 child.no_stdin = 1;
977 child.no_stdout = 1;
978 child.stdout_to_stderr = 0;
979 child.git_cmd = 1;
980 if (run_command(&child))
981 return "Could not update working tree to new HEAD";
982 return NULL;
984}
985static const char *push_to_checkout_hook = "push-to-checkout";
987static const char *push_to_checkout(unsigned char *sha1,
989 struct argv_array *env,
990 const char *work_tree)
991{
992 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
993 if (run_hook_le(env->argv, push_to_checkout_hook,
994 sha1_to_hex(sha1), NULL))
995 return "push-to-checkout hook declined";
996 else
997 return NULL;
998}
999static const char *update_worktree(unsigned char *sha1)
1001{
1002 const char *retval;
1003 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1004 struct argv_array env = ARGV_ARRAY_INIT;
1005 if (is_bare_repository())
1007 return "denyCurrentBranch = updateInstead needs a worktree";
1008 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1010 if (!find_hook(push_to_checkout_hook))
1012 retval = push_to_deploy(sha1, &env, work_tree);
1013 else
1014 retval = push_to_checkout(sha1, &env, work_tree);
1015 argv_array_clear(&env);
1017 return retval;
1018}
1019static const char *update(struct command *cmd, struct shallow_info *si)
1021{
1022 const char *name = cmd->ref_name;
1023 struct strbuf namespaced_name_buf = STRBUF_INIT;
1024 static char *namespaced_name;
1025 const char *ret;
1026 struct object_id *old_oid = &cmd->old_oid;
1027 struct object_id *new_oid = &cmd->new_oid;
1028 /* only refs/... are allowed */
1030 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1031 rp_error("refusing to create funny ref '%s' remotely", name);
1032 return "funny refname";
1033 }
1034 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1036 free(namespaced_name);
1037 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1038 if (is_ref_checked_out(namespaced_name)) {
1040 switch (deny_current_branch) {
1041 case DENY_IGNORE:
1042 break;
1043 case DENY_WARN:
1044 rp_warning("updating the current branch");
1045 break;
1046 case DENY_REFUSE:
1047 case DENY_UNCONFIGURED:
1048 rp_error("refusing to update checked out branch: %s", name);
1049 if (deny_current_branch == DENY_UNCONFIGURED)
1050 refuse_unconfigured_deny();
1051 return "branch is currently checked out";
1052 case DENY_UPDATE_INSTEAD:
1053 ret = update_worktree(new_oid->hash);
1054 if (ret)
1055 return ret;
1056 break;
1057 }
1058 }
1059 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1061 error("unpack should have generated %s, "
1062 "but I can't find it!", oid_to_hex(new_oid));
1063 return "bad pack";
1064 }
1065 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1067 if (deny_deletes && starts_with(name, "refs/heads/")) {
1068 rp_error("denying ref deletion for %s", name);
1069 return "deletion prohibited";
1070 }
1071 if (head_name && !strcmp(namespaced_name, head_name)) {
1073 switch (deny_delete_current) {
1074 case DENY_IGNORE:
1075 break;
1076 case DENY_WARN:
1077 rp_warning("deleting the current branch");
1078 break;
1079 case DENY_REFUSE:
1080 case DENY_UNCONFIGURED:
1081 case DENY_UPDATE_INSTEAD:
1082 if (deny_delete_current == DENY_UNCONFIGURED)
1083 refuse_unconfigured_deny_delete_current();
1084 rp_error("refusing to delete the current branch: %s", name);
1085 return "deletion of the current branch prohibited";
1086 default:
1087 return "Invalid denyDeleteCurrent setting";
1088 }
1089 }
1090 }
1091 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1093 !is_null_oid(old_oid) &&
1094 starts_with(name, "refs/heads/")) {
1095 struct object *old_object, *new_object;
1096 struct commit *old_commit, *new_commit;
1097 old_object = parse_object(the_repository, old_oid);
1099 new_object = parse_object(the_repository, new_oid);
1100 if (!old_object || !new_object ||
1102 old_object->type != OBJ_COMMIT ||
1103 new_object->type != OBJ_COMMIT) {
1104 error("bad sha1 objects for %s", name);
1105 return "bad ref";
1106 }
1107 old_commit = (struct commit *)old_object;
1108 new_commit = (struct commit *)new_object;
1109 if (!in_merge_bases(old_commit, new_commit)) {
1110 rp_error("denying non-fast-forward %s"
1111 " (you should pull first)", name);
1112 return "non-fast-forward";
1113 }
1114 }
1115 if (run_update_hook(cmd)) {
1116 rp_error("hook declined to update %s", name);
1117 return "hook declined";
1118 }
1119 if (is_null_oid(new_oid)) {
1121 struct strbuf err = STRBUF_INIT;
1122 if (!parse_object(the_repository, old_oid)) {
1123 old_oid = NULL;
1124 if (ref_exists(name)) {
1125 rp_warning("Allowing deletion of corrupt ref.");
1126 } else {
1127 rp_warning("Deleting a non-existent ref.");
1128 cmd->did_not_exist = 1;
1129 }
1130 }
1131 if (ref_transaction_delete(transaction,
1132 namespaced_name,
1133 old_oid,
1134 0, "push", &err)) {
1135 rp_error("%s", err.buf);
1136 strbuf_release(&err);
1137 return "failed to delete";
1138 }
1139 strbuf_release(&err);
1140 return NULL; /* good */
1141 }
1142 else {
1143 struct strbuf err = STRBUF_INIT;
1144 if (shallow_update && si->shallow_ref[cmd->index] &&
1145 update_shallow_ref(cmd, si))
1146 return "shallow error";
1147 if (ref_transaction_update(transaction,
1149 namespaced_name,
1150 new_oid, old_oid,
1151 0, "push",
1152 &err)) {
1153 rp_error("%s", err.buf);
1154 strbuf_release(&err);
1155 return "failed to update ref";
1157 }
1158 strbuf_release(&err);
1159 return NULL; /* good */
1161 }
1162}
1163static void run_update_post_hook(struct command *commands)
1165{
1166 struct command *cmd;
1167 struct child_process proc = CHILD_PROCESS_INIT;
1168 const char *hook;
1169 hook = find_hook("post-update");
1171 if (!hook)
1172 return;
1173 for (cmd = commands; cmd; cmd = cmd->next) {
1175 if (cmd->error_string || cmd->did_not_exist)
1176 continue;
1177 if (!proc.args.argc)
1178 argv_array_push(&proc.args, hook);
1179 argv_array_push(&proc.args, cmd->ref_name);
1180 }
1181 if (!proc.args.argc)
1182 return;
1183 proc.no_stdin = 1;
1185 proc.stdout_to_stderr = 1;
1186 proc.err = use_sideband ? -1 : 0;
1187 if (!start_command(&proc)) {
1189 if (use_sideband)
1190 copy_to_sideband(proc.err, -1, NULL);
1191 finish_command(&proc);
1192 }
1193}
1194static void check_aliased_update(struct command *cmd, struct string_list *list)
1196{
1197 struct strbuf buf = STRBUF_INIT;
1198 const char *dst_name;
1199 struct string_list_item *item;
1200 struct command *dst_cmd;
1201 int flag;
1202 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1204 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1205 strbuf_release(&buf);
1206 if (!(flag & REF_ISSYMREF))
1208 return;
1209 if (!dst_name) {
1211 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1212 cmd->skip_update = 1;
1213 cmd->error_string = "broken symref";
1214 return;
1215 }
1216 dst_name = strip_namespace(dst_name);
1217 if ((item = string_list_lookup(list, dst_name)) == NULL)
1219 return;
1220 cmd->skip_update = 1;
1222 dst_cmd = (struct command *) item->util;
1224 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1226 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1227 return;
1228 dst_cmd->skip_update = 1;
1230 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1232 " its target '%s' (%s..%s)",
1233 cmd->ref_name,
1234 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1235 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1236 dst_cmd->ref_name,
1237 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1238 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1239 cmd->error_string = dst_cmd->error_string =
1241 "inconsistent aliased update";
1242}
1243static void check_aliased_updates(struct command *commands)
1245{
1246 struct command *cmd;
1247 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1248 for (cmd = commands; cmd; cmd = cmd->next) {
1250 struct string_list_item *item =
1251 string_list_append(&ref_list, cmd->ref_name);
1252 item->util = (void *)cmd;
1253 }
1254 string_list_sort(&ref_list);
1255 for (cmd = commands; cmd; cmd = cmd->next) {
1257 if (!cmd->error_string)
1258 check_aliased_update(cmd, &ref_list);
1259 }
1260 string_list_clear(&ref_list, 0);
1262}
1263static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1265{
1266 struct command **cmd_list = cb_data;
1267 struct command *cmd = *cmd_list;
1268 if (!cmd || is_null_oid(&cmd->new_oid))
1270 return -1; /* end of list */
1271 *cmd_list = NULL; /* this returns only one */
1272 oidcpy(oid, &cmd->new_oid);
1273 return 0;
1274}
1275static void set_connectivity_errors(struct command *commands,
1277 struct shallow_info *si)
1278{
1279 struct command *cmd;
1280 for (cmd = commands; cmd; cmd = cmd->next) {
1282 struct command *singleton = cmd;
1283 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1284 if (shallow_update && si->shallow_ref[cmd->index])
1286 /* to be checked in update_shallow_ref() */
1287 continue;
1288 opt.env = tmp_objdir_env(tmp_objdir);
1290 if (!check_connected(command_singleton_iterator, &singleton,
1291 &opt))
1292 continue;
1293 cmd->error_string = "missing necessary objects";
1295 }
1296}
1297struct iterate_data {
1299 struct command *cmds;
1300 struct shallow_info *si;
1301};
1302static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1304{
1305 struct iterate_data *data = cb_data;
1306 struct command **cmd_list = &data->cmds;
1307 struct command *cmd = *cmd_list;
1308 for (; cmd; cmd = cmd->next) {
1310 if (shallow_update && data->si->shallow_ref[cmd->index])
1311 /* to be checked in update_shallow_ref() */
1312 continue;
1313 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1314 oidcpy(oid, &cmd->new_oid);
1315 *cmd_list = cmd->next;
1316 return 0;
1317 }
1318 }
1319 *cmd_list = NULL;
1320 return -1; /* end of list */
1321}
1322static void reject_updates_to_hidden(struct command *commands)
1324{
1325 struct strbuf refname_full = STRBUF_INIT;
1326 size_t prefix_len;
1327 struct command *cmd;
1328 strbuf_addstr(&refname_full, get_git_namespace());
1330 prefix_len = refname_full.len;
1331 for (cmd = commands; cmd; cmd = cmd->next) {
1333 if (cmd->error_string)
1334 continue;
1335 strbuf_setlen(&refname_full, prefix_len);
1337 strbuf_addstr(&refname_full, cmd->ref_name);
1338 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1340 continue;
1341 if (is_null_oid(&cmd->new_oid))
1342 cmd->error_string = "deny deleting a hidden ref";
1343 else
1344 cmd->error_string = "deny updating a hidden ref";
1345 }
1346 strbuf_release(&refname_full);
1348}
1349static int should_process_cmd(struct command *cmd)
1351{
1352 return !cmd->error_string && !cmd->skip_update;
1353}
1354static void warn_if_skipped_connectivity_check(struct command *commands,
1356 struct shallow_info *si)
1357{
1358 struct command *cmd;
1359 int checked_connectivity = 1;
1360 for (cmd = commands; cmd; cmd = cmd->next) {
1362 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1363 error("BUG: connectivity check has not been run on ref %s",
1364 cmd->ref_name);
1365 checked_connectivity = 0;
1366 }
1367 }
1368 if (!checked_connectivity)
1369 BUG("connectivity check skipped???");
1370}
1371static void execute_commands_non_atomic(struct command *commands,
1373 struct shallow_info *si)
1374{
1375 struct command *cmd;
1376 struct strbuf err = STRBUF_INIT;
1377 for (cmd = commands; cmd; cmd = cmd->next) {
1379 if (!should_process_cmd(cmd))
1380 continue;
1381 transaction = ref_transaction_begin(&err);
1383 if (!transaction) {
1384 rp_error("%s", err.buf);
1385 strbuf_reset(&err);
1386 cmd->error_string = "transaction failed to start";
1387 continue;
1388 }
1389 cmd->error_string = update(cmd, si);
1391 if (!cmd->error_string
1393 && ref_transaction_commit(transaction, &err)) {
1394 rp_error("%s", err.buf);
1395 strbuf_reset(&err);
1396 cmd->error_string = "failed to update ref";
1397 }
1398 ref_transaction_free(transaction);
1399 }
1400 strbuf_release(&err);
1401}
1402static void execute_commands_atomic(struct command *commands,
1404 struct shallow_info *si)
1405{
1406 struct command *cmd;
1407 struct strbuf err = STRBUF_INIT;
1408 const char *reported_error = "atomic push failure";
1409 transaction = ref_transaction_begin(&err);
1411 if (!transaction) {
1412 rp_error("%s", err.buf);
1413 strbuf_reset(&err);
1414 reported_error = "transaction failed to start";
1415 goto failure;
1416 }
1417 for (cmd = commands; cmd; cmd = cmd->next) {
1419 if (!should_process_cmd(cmd))
1420 continue;
1421 cmd->error_string = update(cmd, si);
1423 if (cmd->error_string)
1425 goto failure;
1426 }
1427 if (ref_transaction_commit(transaction, &err)) {
1429 rp_error("%s", err.buf);
1430 reported_error = "atomic transaction failed";
1431 goto failure;
1432 }
1433 goto cleanup;
1434failure:
1436 for (cmd = commands; cmd; cmd = cmd->next)
1437 if (!cmd->error_string)
1438 cmd->error_string = reported_error;
1439cleanup:
1441 ref_transaction_free(transaction);
1442 strbuf_release(&err);
1443}
1444static void execute_commands(struct command *commands,
1446 const char *unpacker_error,
1447 struct shallow_info *si,
1448 const struct string_list *push_options)
1449{
1450 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1451 struct command *cmd;
1452 struct iterate_data data;
1453 struct async muxer;
1454 int err_fd = 0;
1455 if (unpacker_error) {
1457 for (cmd = commands; cmd; cmd = cmd->next)
1458 cmd->error_string = "unpacker error";
1459 return;
1460 }
1461 if (use_sideband) {
1463 memset(&muxer, 0, sizeof(muxer));
1464 muxer.proc = copy_to_sideband;
1465 muxer.in = -1;
1466 if (!start_async(&muxer))
1467 err_fd = muxer.in;
1468 /* ...else, continue without relaying sideband */
1469 }
1470 data.cmds = commands;
1472 data.si = si;
1473 opt.err_fd = err_fd;
1474 opt.progress = err_fd && !quiet;
1475 opt.env = tmp_objdir_env(tmp_objdir);
1476 if (check_connected(iterate_receive_command_list, &data, &opt))
1477 set_connectivity_errors(commands, si);
1478 if (use_sideband)
1480 finish_async(&muxer);
1481 reject_updates_to_hidden(commands);
1483 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1485 for (cmd = commands; cmd; cmd = cmd->next) {
1486 if (!cmd->error_string)
1487 cmd->error_string = "pre-receive hook declined";
1488 }
1489 return;
1490 }
1491 /*
1493 * Now we'll start writing out refs, which means the objects need
1494 * to be in their final positions so that other processes can see them.
1495 */
1496 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1497 for (cmd = commands; cmd; cmd = cmd->next) {
1498 if (!cmd->error_string)
1499 cmd->error_string = "unable to migrate objects to permanent storage";
1500 }
1501 return;
1502 }
1503 tmp_objdir = NULL;
1504 check_aliased_updates(commands);
1506 free(head_name_to_free);
1508 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1509 if (use_atomic)
1511 execute_commands_atomic(commands, si);
1512 else
1513 execute_commands_non_atomic(commands, si);
1514 if (shallow_update)
1516 warn_if_skipped_connectivity_check(commands, si);
1517}
1518static struct command **queue_command(struct command **tail,
1520 const char *line,
1521 int linelen)
1522{
1523 struct object_id old_oid, new_oid;
1524 struct command *cmd;
1525 const char *refname;
1526 int reflen;
1527 const char *p;
1528 if (parse_oid_hex(line, &old_oid, &p) ||
1530 *p++ != ' ' ||
1531 parse_oid_hex(p, &new_oid, &p) ||
1532 *p++ != ' ')
1533 die("protocol error: expected old/new/ref, got '%s'", line);
1534 refname = p;
1536 reflen = linelen - (p - line);
1537 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1538 oidcpy(&cmd->old_oid, &old_oid);
1539 oidcpy(&cmd->new_oid, &new_oid);
1540 *tail = cmd;
1541 return &cmd->next;
1542}
1543static void queue_commands_from_cert(struct command **tail,
1545 struct strbuf *push_cert)
1546{
1547 const char *boc, *eoc;
1548 if (*tail)
1550 die("protocol error: got both push certificate and unsigned commands");
1551 boc = strstr(push_cert->buf, "\n\n");
1553 if (!boc)
1554 die("malformed push certificate %.*s", 100, push_cert->buf);
1555 else
1556 boc += 2;
1557 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1558 while (boc < eoc) {
1560 const char *eol = memchr(boc, '\n', eoc - boc);
1561 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1562 boc = eol ? eol + 1 : eoc;
1563 }
1564}
1565static struct command *read_head_info(struct oid_array *shallow)
1567{
1568 struct command *commands = NULL;
1569 struct command **p = &commands;
1570 for (;;) {
1571 char *line;
1572 int len, linelen;
1573 line = packet_read_line(0, &len);
1575 if (!line)
1576 break;
1577 if (len > 8 && starts_with(line, "shallow ")) {
1579 struct object_id oid;
1580 if (get_oid_hex(line + 8, &oid))
1581 die("protocol error: expected shallow sha, got '%s'",
1582 line + 8);
1583 oid_array_append(shallow, &oid);
1584 continue;
1585 }
1586 linelen = strlen(line);
1588 if (linelen < len) {
1589 const char *feature_list = line + linelen + 1;
1590 if (parse_feature_request(feature_list, "report-status"))
1591 report_status = 1;
1592 if (parse_feature_request(feature_list, "side-band-64k"))
1593 use_sideband = LARGE_PACKET_MAX;
1594 if (parse_feature_request(feature_list, "quiet"))
1595 quiet = 1;
1596 if (advertise_atomic_push
1597 && parse_feature_request(feature_list, "atomic"))
1598 use_atomic = 1;
1599 if (advertise_push_options
1600 && parse_feature_request(feature_list, "push-options"))
1601 use_push_options = 1;
1602 }
1603 if (!strcmp(line, "push-cert")) {
1605 int true_flush = 0;
1606 char certbuf[1024];
1607 for (;;) {
1609 len = packet_read(0, NULL, NULL,
1610 certbuf, sizeof(certbuf), 0);
1611 if (!len) {
1612 true_flush = 1;
1613 break;
1614 }
1615 if (!strcmp(certbuf, "push-cert-end\n"))
1616 break; /* end of cert */
1617 strbuf_addstr(&push_cert, certbuf);
1618 }
1619 if (true_flush)
1621 break;
1622 continue;
1623 }
1624 p = queue_command(p, line, linelen);
1626 }
1627 if (push_cert.len)
1629 queue_commands_from_cert(p, &push_cert);
1630 return commands;
1632}
1633static void read_push_options(struct string_list *options)
1635{
1636 while (1) {
1637 char *line;
1638 int len;
1639 line = packet_read_line(0, &len);
1641 if (!line)
1643 break;
1644 string_list_append(options, line);
1646 }
1647}
1648static const char *parse_pack_header(struct pack_header *hdr)
1650{
1651 switch (read_pack_header(0, hdr)) {
1652 case PH_ERROR_EOF:
1653 return "eof before pack header was fully read";
1654 case PH_ERROR_PACK_SIGNATURE:
1656 return "protocol error (pack signature mismatch detected)";
1657 case PH_ERROR_PROTOCOL:
1659 return "protocol error (pack version unsupported)";
1660 default:
1662 return "unknown error in parse_pack_header";
1663 case 0:
1665 return NULL;
1666 }
1667}
1668static const char *pack_lockfile;
1670static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1672{
1673 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1674 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1675}
1676static const char *unpack(int err_fd, struct shallow_info *si)
1678{
1679 struct pack_header hdr;
1680 const char *hdr_err;
1681 int status;
1682 struct child_process child = CHILD_PROCESS_INIT;
1683 int fsck_objects = (receive_fsck_objects >= 0
1684 ? receive_fsck_objects
1685 : transfer_fsck_objects >= 0
1686 ? transfer_fsck_objects
1687 : 0);
1688 hdr_err = parse_pack_header(&hdr);
1690 if (hdr_err) {
1691 if (err_fd > 0)
1692 close(err_fd);
1693 return hdr_err;
1694 }
1695 if (si->nr_ours || si->nr_theirs) {
1697 alt_shallow_file = setup_temporary_shallow(si->shallow);
1698 argv_array_push(&child.args, "--shallow-file");
1699 argv_array_push(&child.args, alt_shallow_file);
1700 }
1701 tmp_objdir = tmp_objdir_create();
1703 if (!tmp_objdir) {
1704 if (err_fd > 0)
1705 close(err_fd);
1706 return "unable to create temporary object directory";
1707 }
1708 child.env = tmp_objdir_env(tmp_objdir);
1709 /*
1711 * Normally we just pass the tmp_objdir environment to the child
1712 * processes that do the heavy lifting, but we may need to see these
1713 * objects ourselves to set up shallow information.
1714 */
1715 tmp_objdir_add_as_alternate(tmp_objdir);
1716 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1718 argv_array_push(&child.args, "unpack-objects");
1719 push_header_arg(&child.args, &hdr);
1720 if (quiet)
1721 argv_array_push(&child.args, "-q");
1722 if (fsck_objects)
1723 argv_array_pushf(&child.args, "--strict%s",
1724 fsck_msg_types.buf);
1725 if (max_input_size)
1726 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1727 (uintmax_t)max_input_size);
1728 child.no_stdout = 1;
1729 child.err = err_fd;
1730 child.git_cmd = 1;
1731 status = run_command(&child);
1732 if (status)
1733 return "unpack-objects abnormal exit";
1734 } else {
1735 char hostname[HOST_NAME_MAX + 1];
1736 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1738 push_header_arg(&child.args, &hdr);
1739 if (xgethostname(hostname, sizeof(hostname)))
1741 xsnprintf(hostname, sizeof(hostname), "localhost");
1742 argv_array_pushf(&child.args,
1743 "--keep=receive-pack %"PRIuMAX" on %s",
1744 (uintmax_t)getpid(),
1745 hostname);
1746 if (!quiet && err_fd)
1748 argv_array_push(&child.args, "--show-resolving-progress");
1749 if (use_sideband)
1750 argv_array_push(&child.args, "--report-end-of-input");
1751 if (fsck_objects)
1752 argv_array_pushf(&child.args, "--strict%s",
1753 fsck_msg_types.buf);
1754 if (!reject_thin)
1755 argv_array_push(&child.args, "--fix-thin");
1756 if (max_input_size)
1757 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1758 (uintmax_t)max_input_size);
1759 child.out = -1;
1760 child.err = err_fd;
1761 child.git_cmd = 1;
1762 status = start_command(&child);
1763 if (status)
1764 return "index-pack fork failed";
1765 pack_lockfile = index_pack_lockfile(child.out);
1766 close(child.out);
1767 status = finish_command(&child);
1768 if (status)
1769 return "index-pack abnormal exit";
1770 reprepare_packed_git(the_repository);
1771 }
1772 return NULL;
1773}
1774static const char *unpack_with_sideband(struct shallow_info *si)
1776{
1777 struct async muxer;
1778 const char *ret;
1779 if (!use_sideband)
1781 return unpack(0, si);
1782 use_keepalive = KEEPALIVE_AFTER_NUL;
1784 memset(&muxer, 0, sizeof(muxer));
1785 muxer.proc = copy_to_sideband;
1786 muxer.in = -1;
1787 if (start_async(&muxer))
1788 return NULL;
1789 ret = unpack(muxer.in, si);
1791 finish_async(&muxer);
1793 return ret;
1794}
1795static void prepare_shallow_update(struct command *commands,
1797 struct shallow_info *si)
1798{
1799 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1800 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1802 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1803 si->need_reachability_test =
1805 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1806 si->reachable =
1807 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1808 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1809 for (i = 0; i < si->nr_ours; i++)
1811 si->need_reachability_test[si->ours[i]] = 1;
1812 for (i = 0; i < si->shallow->nr; i++) {
1814 if (!si->used_shallow[i])
1815 continue;
1816 for (j = 0; j < bitmap_size; j++) {
1817 if (!si->used_shallow[i][j])
1818 continue;
1819 si->need_reachability_test[i]++;
1820 for (k = 0; k < 32; k++)
1821 if (si->used_shallow[i][j] & (1U << k))
1822 si->shallow_ref[j * 32 + k]++;
1823 }
1824 /*
1826 * true for those associated with some refs and belong
1827 * in "ours" list aka "step 7 not done yet"
1828 */
1829 si->need_reachability_test[i] =
1830 si->need_reachability_test[i] > 1;
1831 }
1832 /*
1834 * keep hooks happy by forcing a temporary shallow file via
1835 * env variable because we can't add --shallow-file to every
1836 * command. check_everything_connected() will be done with
1837 * true .git/shallow though.
1838 */
1839 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1840}
1841static void update_shallow_info(struct command *commands,
1843 struct shallow_info *si,
1844 struct oid_array *ref)
1845{
1846 struct command *cmd;
1847 int *ref_status;
1848 remove_nonexistent_theirs_shallow(si);
1849 if (!si->nr_ours && !si->nr_theirs) {
1850 shallow_update = 0;
1851 return;
1852 }
1853 for (cmd = commands; cmd; cmd = cmd->next) {
1855 if (is_null_oid(&cmd->new_oid))
1856 continue;
1857 oid_array_append(ref, &cmd->new_oid);
1858 cmd->index = ref->nr - 1;
1859 }
1860 si->ref = ref;
1861 if (shallow_update) {
1863 prepare_shallow_update(commands, si);
1864 return;
1865 }
1866 ALLOC_ARRAY(ref_status, ref->nr);
1868 assign_shallow_commits_to_refs(si, NULL, ref_status);
1869 for (cmd = commands; cmd; cmd = cmd->next) {
1870 if (is_null_oid(&cmd->new_oid))
1871 continue;
1872 if (ref_status[cmd->index]) {
1873 cmd->error_string = "shallow update not allowed";
1874 cmd->skip_update = 1;
1875 }
1876 }
1877 free(ref_status);
1878}
1879static void report(struct command *commands, const char *unpack_status)
1881{
1882 struct command *cmd;
1883 struct strbuf buf = STRBUF_INIT;
1884 packet_buf_write(&buf, "unpack %s\n",
1886 unpack_status ? unpack_status : "ok");
1887 for (cmd = commands; cmd; cmd = cmd->next) {
1888 if (!cmd->error_string)
1889 packet_buf_write(&buf, "ok %s\n",
1890 cmd->ref_name);
1891 else
1892 packet_buf_write(&buf, "ng %s %s\n",
1893 cmd->ref_name, cmd->error_string);
1894 }
1895 packet_buf_flush(&buf);
1896 if (use_sideband)
1898 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1899 else
1900 write_or_die(1, buf.buf, buf.len);
1901 strbuf_release(&buf);
1902}
1903static int delete_only(struct command *commands)
1905{
1906 struct command *cmd;
1907 for (cmd = commands; cmd; cmd = cmd->next) {
1908 if (!is_null_oid(&cmd->new_oid))
1909 return 0;
1910 }
1911 return 1;
1912}
1913int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1915{
1916 int advertise_refs = 0;
1917 struct command *commands;
1918 struct oid_array shallow = OID_ARRAY_INIT;
1919 struct oid_array ref = OID_ARRAY_INIT;
1920 struct shallow_info si;
1921 struct option options[] = {
1923 OPT__QUIET(&quiet, N_("quiet")),
1924 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1925 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1926 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1927 OPT_END()
1928 };
1929 packet_trace_identity("receive-pack");
1931 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1933 if (argc > 1)
1935 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1936 if (argc == 0)
1937 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1938 service_dir = argv[0];
1940 setup_path();
1942 if (!enter_repo(service_dir, 0))
1944 die("'%s' does not appear to be a git repository", service_dir);
1945 git_config(receive_pack_config, NULL);
1947 if (cert_nonce_seed)
1948 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1949 if (0 <= transfer_unpack_limit)
1951 unpack_limit = transfer_unpack_limit;
1952 else if (0 <= receive_unpack_limit)
1953 unpack_limit = receive_unpack_limit;
1954 switch (determine_protocol_version_server()) {
1956 case protocol_v2:
1957 /*
1958 * push support for protocol v2 has not been implemented yet,
1959 * so ignore the request to use v2 and fallback to using v0.
1960 */
1961 break;
1962 case protocol_v1:
1963 /*
1964 * v1 is just the original protocol with a version string,
1965 * so just fall through after writing the version string.
1966 */
1967 if (advertise_refs || !stateless_rpc)
1968 packet_write_fmt(1, "version 1\n");
1969 /* fallthrough */
1971 case protocol_v0:
1972 break;
1973 case protocol_unknown_version:
1974 BUG("unknown protocol version");
1975 }
1976 if (advertise_refs || !stateless_rpc) {
1978 write_head_info();
1979 }
1980 if (advertise_refs)
1981 return 0;
1982 if ((commands = read_head_info(&shallow)) != NULL) {
1984 const char *unpack_status = NULL;
1985 struct string_list push_options = STRING_LIST_INIT_DUP;
1986 if (use_push_options)
1988 read_push_options(&push_options);
1989 if (!check_cert_push_options(&push_options)) {
1990 struct command *cmd;
1991 for (cmd = commands; cmd; cmd = cmd->next)
1992 cmd->error_string = "inconsistent push options";
1993 }
1994 prepare_shallow_info(&si, &shallow);
1996 if (!si.nr_ours && !si.nr_theirs)
1997 shallow_update = 0;
1998 if (!delete_only(commands)) {
1999 unpack_status = unpack_with_sideband(&si);
2000 update_shallow_info(commands, &si, &ref);
2001 }
2002 use_keepalive = KEEPALIVE_ALWAYS;
2003 execute_commands(commands, unpack_status, &si,
2004 &push_options);
2005 if (pack_lockfile)
2006 unlink_or_warn(pack_lockfile);
2007 if (report_status)
2008 report(commands, unpack_status);
2009 run_receive_hook(commands, "post-receive", 1,
2010 &push_options);
2011 run_update_post_hook(commands);
2012 string_list_clear(&push_options, 0);
2013 if (auto_gc) {
2014 const char *argv_gc_auto[] = {
2015 "gc", "--auto", "--quiet", NULL,
2016 };
2017 struct child_process proc = CHILD_PROCESS_INIT;
2018 proc.no_stdin = 1;
2020 proc.stdout_to_stderr = 1;
2021 proc.err = use_sideband ? -1 : 0;
2022 proc.git_cmd = 1;
2023 proc.argv = argv_gc_auto;
2024 close_all_packs(the_repository->objects);
2026 if (!start_command(&proc)) {
2027 if (use_sideband)
2028 copy_to_sideband(proc.err, -1, NULL);
2029 finish_command(&proc);
2030 }
2031 }
2032 if (auto_update_server_info)
2033 update_server_info(0);
2034 clear_shallow_info(&si);
2035 }
2036 if (use_sideband)
2037 packet_flush(1);
2038 oid_array_clear(&shallow);
2039 oid_array_clear(&ref);
2040 free((void *)push_cert_nonce);
2041 return 0;
2042}