1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23
24static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
27};
28
29enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
35};
36
37static int deny_deletes;
38static int deny_non_fast_forwards;
39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41static int receive_fsck_objects = -1;
42static int transfer_fsck_objects = -1;
43static struct strbuf fsck_msg_types = STRBUF_INIT;
44static int receive_unpack_limit = -1;
45static int transfer_unpack_limit = -1;
46static int advertise_atomic_push = 1;
47static int advertise_push_options;
48static int unpack_limit = 100;
49static int report_status;
50static int use_sideband;
51static int use_atomic;
52static int use_push_options;
53static int quiet;
54static int prefer_ofs_delta = 1;
55static int auto_update_server_info;
56static int auto_gc = 1;
57static int reject_thin;
58static int stateless_rpc;
59static const char *service_dir;
60static const char *head_name;
61static void *head_name_to_free;
62static int sent_capabilities;
63static int shallow_update;
64static const char *alt_shallow_file;
65static struct strbuf push_cert = STRBUF_INIT;
66static unsigned char push_cert_sha1[20];
67static struct signature_check sigcheck;
68static const char *push_cert_nonce;
69static const char *cert_nonce_seed;
70
71static const char *NONCE_UNSOLICITED = "UNSOLICITED";
72static const char *NONCE_BAD = "BAD";
73static const char *NONCE_MISSING = "MISSING";
74static const char *NONCE_OK = "OK";
75static const char *NONCE_SLOP = "SLOP";
76static const char *nonce_status;
77static long nonce_stamp_slop;
78static unsigned long nonce_stamp_slop_limit;
79static struct ref_transaction *transaction;
80
81static enum {
82 KEEPALIVE_NEVER = 0,
83 KEEPALIVE_AFTER_NUL,
84 KEEPALIVE_ALWAYS
85} use_keepalive;
86static int keepalive_in_sec = 5;
87
88static enum deny_action parse_deny_action(const char *var, const char *value)
89{
90 if (value) {
91 if (!strcasecmp(value, "ignore"))
92 return DENY_IGNORE;
93 if (!strcasecmp(value, "warn"))
94 return DENY_WARN;
95 if (!strcasecmp(value, "refuse"))
96 return DENY_REFUSE;
97 if (!strcasecmp(value, "updateinstead"))
98 return DENY_UPDATE_INSTEAD;
99 }
100 if (git_config_bool(var, value))
101 return DENY_REFUSE;
102 return DENY_IGNORE;
103}
104
105static int receive_pack_config(const char *var, const char *value, void *cb)
106{
107 int status = parse_hide_refs_config(var, value, "receive");
108
109 if (status)
110 return status;
111
112 if (strcmp(var, "receive.denydeletes") == 0) {
113 deny_deletes = git_config_bool(var, value);
114 return 0;
115 }
116
117 if (strcmp(var, "receive.denynonfastforwards") == 0) {
118 deny_non_fast_forwards = git_config_bool(var, value);
119 return 0;
120 }
121
122 if (strcmp(var, "receive.unpacklimit") == 0) {
123 receive_unpack_limit = git_config_int(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "transfer.unpacklimit") == 0) {
128 transfer_unpack_limit = git_config_int(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "receive.fsck.skiplist") == 0) {
133 const char *path;
134
135 if (git_config_pathname(&path, var, value))
136 return 1;
137 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
138 fsck_msg_types.len ? ',' : '=', path);
139 free((char *)path);
140 return 0;
141 }
142
143 if (skip_prefix(var, "receive.fsck.", &var)) {
144 if (is_valid_msg_type(var, value))
145 strbuf_addf(&fsck_msg_types, "%c%s=%s",
146 fsck_msg_types.len ? ',' : '=', var, value);
147 else
148 warning("Skipping unknown msg id '%s'", var);
149 return 0;
150 }
151
152 if (strcmp(var, "receive.fsckobjects") == 0) {
153 receive_fsck_objects = git_config_bool(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "transfer.fsckobjects") == 0) {
158 transfer_fsck_objects = git_config_bool(var, value);
159 return 0;
160 }
161
162 if (!strcmp(var, "receive.denycurrentbranch")) {
163 deny_current_branch = parse_deny_action(var, value);
164 return 0;
165 }
166
167 if (strcmp(var, "receive.denydeletecurrent") == 0) {
168 deny_delete_current = parse_deny_action(var, value);
169 return 0;
170 }
171
172 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
173 prefer_ofs_delta = git_config_bool(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "receive.updateserverinfo") == 0) {
178 auto_update_server_info = git_config_bool(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.autogc") == 0) {
183 auto_gc = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.shallowupdate") == 0) {
188 shallow_update = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.certnonceseed") == 0)
193 return git_config_string(&cert_nonce_seed, var, value);
194
195 if (strcmp(var, "receive.certnonceslop") == 0) {
196 nonce_stamp_slop_limit = git_config_ulong(var, value);
197 return 0;
198 }
199
200 if (strcmp(var, "receive.advertiseatomic") == 0) {
201 advertise_atomic_push = git_config_bool(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "receive.advertisepushoptions") == 0) {
206 advertise_push_options = git_config_bool(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.keepalive") == 0) {
211 keepalive_in_sec = git_config_int(var, value);
212 return 0;
213 }
214
215 return git_default_config(var, value, cb);
216}
217
218static void show_ref(const char *path, const unsigned char *sha1)
219{
220 if (sent_capabilities) {
221 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
222 } else {
223 struct strbuf cap = STRBUF_INIT;
224
225 strbuf_addstr(&cap,
226 "report-status delete-refs side-band-64k quiet");
227 if (advertise_atomic_push)
228 strbuf_addstr(&cap, " atomic");
229 if (prefer_ofs_delta)
230 strbuf_addstr(&cap, " ofs-delta");
231 if (push_cert_nonce)
232 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
233 if (advertise_push_options)
234 strbuf_addstr(&cap, " push-options");
235 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
236 packet_write(1, "%s %s%c%s\n",
237 sha1_to_hex(sha1), path, 0, cap.buf);
238 strbuf_release(&cap);
239 sent_capabilities = 1;
240 }
241}
242
243static int show_ref_cb(const char *path_full, const struct object_id *oid,
244 int flag, void *unused)
245{
246 const char *path = strip_namespace(path_full);
247
248 if (ref_is_hidden(path, path_full))
249 return 0;
250
251 /*
252 * Advertise refs outside our current namespace as ".have"
253 * refs, so that the client can use them to minimize data
254 * transfer but will otherwise ignore them. This happens to
255 * cover ".have" that are thrown in by add_one_alternate_ref()
256 * to mark histories that are complete in our alternates as
257 * well.
258 */
259 if (!path)
260 path = ".have";
261 show_ref(path, oid->hash);
262 return 0;
263}
264
265static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
266{
267 show_ref(".have", sha1);
268}
269
270static void collect_one_alternate_ref(const struct ref *ref, void *data)
271{
272 struct sha1_array *sa = data;
273 sha1_array_append(sa, ref->old_oid.hash);
274}
275
276static void write_head_info(void)
277{
278 struct sha1_array sa = SHA1_ARRAY_INIT;
279
280 for_each_alternate_ref(collect_one_alternate_ref, &sa);
281 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
282 sha1_array_clear(&sa);
283 for_each_ref(show_ref_cb, NULL);
284 if (!sent_capabilities)
285 show_ref("capabilities^{}", null_sha1);
286
287 advertise_shallow_grafts(1);
288
289 /* EOF */
290 packet_flush(1);
291}
292
293struct command {
294 struct command *next;
295 const char *error_string;
296 unsigned int skip_update:1,
297 did_not_exist:1;
298 int index;
299 unsigned char old_sha1[20];
300 unsigned char new_sha1[20];
301 char ref_name[FLEX_ARRAY]; /* more */
302};
303
304static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
305static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
306
307static void report_message(const char *prefix, const char *err, va_list params)
308{
309 int sz;
310 char msg[4096];
311
312 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
313 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
314 if (sz > (sizeof(msg) - 1))
315 sz = sizeof(msg) - 1;
316 msg[sz++] = '\n';
317
318 if (use_sideband)
319 send_sideband(1, 2, msg, sz, use_sideband);
320 else
321 xwrite(2, msg, sz);
322}
323
324static void rp_warning(const char *err, ...)
325{
326 va_list params;
327 va_start(params, err);
328 report_message("warning: ", err, params);
329 va_end(params);
330}
331
332static void rp_error(const char *err, ...)
333{
334 va_list params;
335 va_start(params, err);
336 report_message("error: ", err, params);
337 va_end(params);
338}
339
340static int copy_to_sideband(int in, int out, void *arg)
341{
342 char data[128];
343 int keepalive_active = 0;
344
345 if (keepalive_in_sec <= 0)
346 use_keepalive = KEEPALIVE_NEVER;
347 if (use_keepalive == KEEPALIVE_ALWAYS)
348 keepalive_active = 1;
349
350 while (1) {
351 ssize_t sz;
352
353 if (keepalive_active) {
354 struct pollfd pfd;
355 int ret;
356
357 pfd.fd = in;
358 pfd.events = POLLIN;
359 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
360
361 if (ret < 0) {
362 if (errno == EINTR)
363 continue;
364 else
365 break;
366 } else if (ret == 0) {
367 /* no data; send a keepalive packet */
368 static const char buf[] = "0005\1";
369 write_or_die(1, buf, sizeof(buf) - 1);
370 continue;
371 } /* else there is actual data to read */
372 }
373
374 sz = xread(in, data, sizeof(data));
375 if (sz <= 0)
376 break;
377
378 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
379 const char *p = memchr(data, '\0', sz);
380 if (p) {
381 /*
382 * The NUL tells us to start sending keepalives. Make
383 * sure we send any other data we read along
384 * with it.
385 */
386 keepalive_active = 1;
387 send_sideband(1, 2, data, p - data, use_sideband);
388 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
389 continue;
390 }
391 }
392
393 /*
394 * Either we're not looking for a NUL signal, or we didn't see
395 * it yet; just pass along the data.
396 */
397 send_sideband(1, 2, data, sz, use_sideband);
398 }
399 close(in);
400 return 0;
401}
402
403#define HMAC_BLOCK_SIZE 64
404
405static void hmac_sha1(unsigned char *out,
406 const char *key_in, size_t key_len,
407 const char *text, size_t text_len)
408{
409 unsigned char key[HMAC_BLOCK_SIZE];
410 unsigned char k_ipad[HMAC_BLOCK_SIZE];
411 unsigned char k_opad[HMAC_BLOCK_SIZE];
412 int i;
413 git_SHA_CTX ctx;
414
415 /* RFC 2104 2. (1) */
416 memset(key, '\0', HMAC_BLOCK_SIZE);
417 if (HMAC_BLOCK_SIZE < key_len) {
418 git_SHA1_Init(&ctx);
419 git_SHA1_Update(&ctx, key_in, key_len);
420 git_SHA1_Final(key, &ctx);
421 } else {
422 memcpy(key, key_in, key_len);
423 }
424
425 /* RFC 2104 2. (2) & (5) */
426 for (i = 0; i < sizeof(key); i++) {
427 k_ipad[i] = key[i] ^ 0x36;
428 k_opad[i] = key[i] ^ 0x5c;
429 }
430
431 /* RFC 2104 2. (3) & (4) */
432 git_SHA1_Init(&ctx);
433 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
434 git_SHA1_Update(&ctx, text, text_len);
435 git_SHA1_Final(out, &ctx);
436
437 /* RFC 2104 2. (6) & (7) */
438 git_SHA1_Init(&ctx);
439 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
440 git_SHA1_Update(&ctx, out, 20);
441 git_SHA1_Final(out, &ctx);
442}
443
444static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
445{
446 struct strbuf buf = STRBUF_INIT;
447 unsigned char sha1[20];
448
449 strbuf_addf(&buf, "%s:%lu", path, stamp);
450 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
451 strbuf_release(&buf);
452
453 /* RFC 2104 5. HMAC-SHA1-80 */
454 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
455 return strbuf_detach(&buf, NULL);
456}
457
458/*
459 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
460 * after dropping "_commit" from its name and possibly moving it out
461 * of commit.c
462 */
463static char *find_header(const char *msg, size_t len, const char *key)
464{
465 int key_len = strlen(key);
466 const char *line = msg;
467
468 while (line && line < msg + len) {
469 const char *eol = strchrnul(line, '\n');
470
471 if ((msg + len <= eol) || line == eol)
472 return NULL;
473 if (line + key_len < eol &&
474 !memcmp(line, key, key_len) && line[key_len] == ' ') {
475 int offset = key_len + 1;
476 return xmemdupz(line + offset, (eol - line) - offset);
477 }
478 line = *eol ? eol + 1 : NULL;
479 }
480 return NULL;
481}
482
483static const char *check_nonce(const char *buf, size_t len)
484{
485 char *nonce = find_header(buf, len, "nonce");
486 unsigned long stamp, ostamp;
487 char *bohmac, *expect = NULL;
488 const char *retval = NONCE_BAD;
489
490 if (!nonce) {
491 retval = NONCE_MISSING;
492 goto leave;
493 } else if (!push_cert_nonce) {
494 retval = NONCE_UNSOLICITED;
495 goto leave;
496 } else if (!strcmp(push_cert_nonce, nonce)) {
497 retval = NONCE_OK;
498 goto leave;
499 }
500
501 if (!stateless_rpc) {
502 /* returned nonce MUST match what we gave out earlier */
503 retval = NONCE_BAD;
504 goto leave;
505 }
506
507 /*
508 * In stateless mode, we may be receiving a nonce issued by
509 * another instance of the server that serving the same
510 * repository, and the timestamps may not match, but the
511 * nonce-seed and dir should match, so we can recompute and
512 * report the time slop.
513 *
514 * In addition, when a nonce issued by another instance has
515 * timestamp within receive.certnonceslop seconds, we pretend
516 * as if we issued that nonce when reporting to the hook.
517 */
518
519 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
520 if (*nonce <= '0' || '9' < *nonce) {
521 retval = NONCE_BAD;
522 goto leave;
523 }
524 stamp = strtoul(nonce, &bohmac, 10);
525 if (bohmac == nonce || bohmac[0] != '-') {
526 retval = NONCE_BAD;
527 goto leave;
528 }
529
530 expect = prepare_push_cert_nonce(service_dir, stamp);
531 if (strcmp(expect, nonce)) {
532 /* Not what we would have signed earlier */
533 retval = NONCE_BAD;
534 goto leave;
535 }
536
537 /*
538 * By how many seconds is this nonce stale? Negative value
539 * would mean it was issued by another server with its clock
540 * skewed in the future.
541 */
542 ostamp = strtoul(push_cert_nonce, NULL, 10);
543 nonce_stamp_slop = (long)ostamp - (long)stamp;
544
545 if (nonce_stamp_slop_limit &&
546 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
547 /*
548 * Pretend as if the received nonce (which passes the
549 * HMAC check, so it is not a forged by third-party)
550 * is what we issued.
551 */
552 free((void *)push_cert_nonce);
553 push_cert_nonce = xstrdup(nonce);
554 retval = NONCE_OK;
555 } else {
556 retval = NONCE_SLOP;
557 }
558
559leave:
560 free(nonce);
561 free(expect);
562 return retval;
563}
564
565static void prepare_push_cert_sha1(struct child_process *proc)
566{
567 static int already_done;
568
569 if (!push_cert.len)
570 return;
571
572 if (!already_done) {
573 struct strbuf gpg_output = STRBUF_INIT;
574 struct strbuf gpg_status = STRBUF_INIT;
575 int bogs /* beginning_of_gpg_sig */;
576
577 already_done = 1;
578 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
579 hashclr(push_cert_sha1);
580
581 memset(&sigcheck, '\0', sizeof(sigcheck));
582 sigcheck.result = 'N';
583
584 bogs = parse_signature(push_cert.buf, push_cert.len);
585 if (verify_signed_buffer(push_cert.buf, bogs,
586 push_cert.buf + bogs, push_cert.len - bogs,
587 &gpg_output, &gpg_status) < 0) {
588 ; /* error running gpg */
589 } else {
590 sigcheck.payload = push_cert.buf;
591 sigcheck.gpg_output = gpg_output.buf;
592 sigcheck.gpg_status = gpg_status.buf;
593 parse_gpg_output(&sigcheck);
594 }
595
596 strbuf_release(&gpg_output);
597 strbuf_release(&gpg_status);
598 nonce_status = check_nonce(push_cert.buf, bogs);
599 }
600 if (!is_null_sha1(push_cert_sha1)) {
601 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
602 sha1_to_hex(push_cert_sha1));
603 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
604 sigcheck.signer ? sigcheck.signer : "");
605 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
606 sigcheck.key ? sigcheck.key : "");
607 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
608 sigcheck.result);
609 if (push_cert_nonce) {
610 argv_array_pushf(&proc->env_array,
611 "GIT_PUSH_CERT_NONCE=%s",
612 push_cert_nonce);
613 argv_array_pushf(&proc->env_array,
614 "GIT_PUSH_CERT_NONCE_STATUS=%s",
615 nonce_status);
616 if (nonce_status == NONCE_SLOP)
617 argv_array_pushf(&proc->env_array,
618 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
619 nonce_stamp_slop);
620 }
621 }
622}
623
624struct receive_hook_feed_state {
625 struct command *cmd;
626 int skip_broken;
627 struct strbuf buf;
628 const struct string_list *push_options;
629};
630
631typedef int (*feed_fn)(void *, const char **, size_t *);
632static int run_and_feed_hook(const char *hook_name, feed_fn feed,
633 struct receive_hook_feed_state *feed_state)
634{
635 struct child_process proc = CHILD_PROCESS_INIT;
636 struct async muxer;
637 const char *argv[2];
638 int code;
639
640 argv[0] = find_hook(hook_name);
641 if (!argv[0])
642 return 0;
643
644 argv[1] = NULL;
645
646 proc.argv = argv;
647 proc.in = -1;
648 proc.stdout_to_stderr = 1;
649 if (feed_state->push_options) {
650 int i;
651 for (i = 0; i < feed_state->push_options->nr; i++)
652 argv_array_pushf(&proc.env_array,
653 "GIT_PUSH_OPTION_%d=%s", i,
654 feed_state->push_options->items[i].string);
655 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
656 feed_state->push_options->nr);
657 } else
658 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
659
660 if (use_sideband) {
661 memset(&muxer, 0, sizeof(muxer));
662 muxer.proc = copy_to_sideband;
663 muxer.in = -1;
664 code = start_async(&muxer);
665 if (code)
666 return code;
667 proc.err = muxer.in;
668 }
669
670 prepare_push_cert_sha1(&proc);
671
672 code = start_command(&proc);
673 if (code) {
674 if (use_sideband)
675 finish_async(&muxer);
676 return code;
677 }
678
679 sigchain_push(SIGPIPE, SIG_IGN);
680
681 while (1) {
682 const char *buf;
683 size_t n;
684 if (feed(feed_state, &buf, &n))
685 break;
686 if (write_in_full(proc.in, buf, n) != n)
687 break;
688 }
689 close(proc.in);
690 if (use_sideband)
691 finish_async(&muxer);
692
693 sigchain_pop(SIGPIPE);
694
695 return finish_command(&proc);
696}
697
698static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
699{
700 struct receive_hook_feed_state *state = state_;
701 struct command *cmd = state->cmd;
702
703 while (cmd &&
704 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
705 cmd = cmd->next;
706 if (!cmd)
707 return -1; /* EOF */
708 strbuf_reset(&state->buf);
709 strbuf_addf(&state->buf, "%s %s %s\n",
710 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
711 cmd->ref_name);
712 state->cmd = cmd->next;
713 if (bufp) {
714 *bufp = state->buf.buf;
715 *sizep = state->buf.len;
716 }
717 return 0;
718}
719
720static int run_receive_hook(struct command *commands,
721 const char *hook_name,
722 int skip_broken,
723 const struct string_list *push_options)
724{
725 struct receive_hook_feed_state state;
726 int status;
727
728 strbuf_init(&state.buf, 0);
729 state.cmd = commands;
730 state.skip_broken = skip_broken;
731 if (feed_receive_hook(&state, NULL, NULL))
732 return 0;
733 state.cmd = commands;
734 state.push_options = push_options;
735 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
736 strbuf_release(&state.buf);
737 return status;
738}
739
740static int run_update_hook(struct command *cmd)
741{
742 const char *argv[5];
743 struct child_process proc = CHILD_PROCESS_INIT;
744 int code;
745
746 argv[0] = find_hook("update");
747 if (!argv[0])
748 return 0;
749
750 argv[1] = cmd->ref_name;
751 argv[2] = sha1_to_hex(cmd->old_sha1);
752 argv[3] = sha1_to_hex(cmd->new_sha1);
753 argv[4] = NULL;
754
755 proc.no_stdin = 1;
756 proc.stdout_to_stderr = 1;
757 proc.err = use_sideband ? -1 : 0;
758 proc.argv = argv;
759
760 code = start_command(&proc);
761 if (code)
762 return code;
763 if (use_sideband)
764 copy_to_sideband(proc.err, -1, NULL);
765 return finish_command(&proc);
766}
767
768static int is_ref_checked_out(const char *ref)
769{
770 if (is_bare_repository())
771 return 0;
772
773 if (!head_name)
774 return 0;
775 return !strcmp(head_name, ref);
776}
777
778static char *refuse_unconfigured_deny_msg[] = {
779 "By default, updating the current branch in a non-bare repository",
780 "is denied, because it will make the index and work tree inconsistent",
781 "with what you pushed, and will require 'git reset --hard' to match",
782 "the work tree to HEAD.",
783 "",
784 "You can set 'receive.denyCurrentBranch' configuration variable to",
785 "'ignore' or 'warn' in the remote repository to allow pushing into",
786 "its current branch; however, this is not recommended unless you",
787 "arranged to update its work tree to match what you pushed in some",
788 "other way.",
789 "",
790 "To squelch this message and still keep the default behaviour, set",
791 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
792};
793
794static void refuse_unconfigured_deny(void)
795{
796 int i;
797 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
798 rp_error("%s", refuse_unconfigured_deny_msg[i]);
799}
800
801static char *refuse_unconfigured_deny_delete_current_msg[] = {
802 "By default, deleting the current branch is denied, because the next",
803 "'git clone' won't result in any file checked out, causing confusion.",
804 "",
805 "You can set 'receive.denyDeleteCurrent' configuration variable to",
806 "'warn' or 'ignore' in the remote repository to allow deleting the",
807 "current branch, with or without a warning message.",
808 "",
809 "To squelch this message, you can set it to 'refuse'."
810};
811
812static void refuse_unconfigured_deny_delete_current(void)
813{
814 int i;
815 for (i = 0;
816 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
817 i++)
818 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
819}
820
821static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
822static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
823{
824 static struct lock_file shallow_lock;
825 struct sha1_array extra = SHA1_ARRAY_INIT;
826 struct check_connected_options opt = CHECK_CONNECTED_INIT;
827 uint32_t mask = 1 << (cmd->index % 32);
828 int i;
829
830 trace_printf_key(&trace_shallow,
831 "shallow: update_shallow_ref %s\n", cmd->ref_name);
832 for (i = 0; i < si->shallow->nr; i++)
833 if (si->used_shallow[i] &&
834 (si->used_shallow[i][cmd->index / 32] & mask) &&
835 !delayed_reachability_test(si, i))
836 sha1_array_append(&extra, si->shallow->sha1[i]);
837
838 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
839 if (check_connected(command_singleton_iterator, cmd, &opt)) {
840 rollback_lock_file(&shallow_lock);
841 sha1_array_clear(&extra);
842 return -1;
843 }
844
845 commit_lock_file(&shallow_lock);
846
847 /*
848 * Make sure setup_alternate_shallow() for the next ref does
849 * not lose these new roots..
850 */
851 for (i = 0; i < extra.nr; i++)
852 register_shallow(extra.sha1[i]);
853
854 si->shallow_ref[cmd->index] = 0;
855 sha1_array_clear(&extra);
856 return 0;
857}
858
859/*
860 * NEEDSWORK: we should consolidate various implementions of "are we
861 * on an unborn branch?" test into one, and make the unified one more
862 * robust. !get_sha1() based check used here and elsewhere would not
863 * allow us to tell an unborn branch from corrupt ref, for example.
864 * For the purpose of fixing "deploy-to-update does not work when
865 * pushing into an empty repository" issue, this should suffice for
866 * now.
867 */
868static int head_has_history(void)
869{
870 unsigned char sha1[20];
871
872 return !get_sha1("HEAD", sha1);
873}
874
875static const char *push_to_deploy(unsigned char *sha1,
876 struct argv_array *env,
877 const char *work_tree)
878{
879 const char *update_refresh[] = {
880 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
881 };
882 const char *diff_files[] = {
883 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
884 };
885 const char *diff_index[] = {
886 "diff-index", "--quiet", "--cached", "--ignore-submodules",
887 NULL, "--", NULL
888 };
889 const char *read_tree[] = {
890 "read-tree", "-u", "-m", NULL, NULL
891 };
892 struct child_process child = CHILD_PROCESS_INIT;
893
894 child.argv = update_refresh;
895 child.env = env->argv;
896 child.dir = work_tree;
897 child.no_stdin = 1;
898 child.stdout_to_stderr = 1;
899 child.git_cmd = 1;
900 if (run_command(&child))
901 return "Up-to-date check failed";
902
903 /* run_command() does not clean up completely; reinitialize */
904 child_process_init(&child);
905 child.argv = diff_files;
906 child.env = env->argv;
907 child.dir = work_tree;
908 child.no_stdin = 1;
909 child.stdout_to_stderr = 1;
910 child.git_cmd = 1;
911 if (run_command(&child))
912 return "Working directory has unstaged changes";
913
914 /* diff-index with either HEAD or an empty tree */
915 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
916
917 child_process_init(&child);
918 child.argv = diff_index;
919 child.env = env->argv;
920 child.no_stdin = 1;
921 child.no_stdout = 1;
922 child.stdout_to_stderr = 0;
923 child.git_cmd = 1;
924 if (run_command(&child))
925 return "Working directory has staged changes";
926
927 read_tree[3] = sha1_to_hex(sha1);
928 child_process_init(&child);
929 child.argv = read_tree;
930 child.env = env->argv;
931 child.dir = work_tree;
932 child.no_stdin = 1;
933 child.no_stdout = 1;
934 child.stdout_to_stderr = 0;
935 child.git_cmd = 1;
936 if (run_command(&child))
937 return "Could not update working tree to new HEAD";
938
939 return NULL;
940}
941
942static const char *push_to_checkout_hook = "push-to-checkout";
943
944static const char *push_to_checkout(unsigned char *sha1,
945 struct argv_array *env,
946 const char *work_tree)
947{
948 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
949 if (run_hook_le(env->argv, push_to_checkout_hook,
950 sha1_to_hex(sha1), NULL))
951 return "push-to-checkout hook declined";
952 else
953 return NULL;
954}
955
956static const char *update_worktree(unsigned char *sha1)
957{
958 const char *retval;
959 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
960 struct argv_array env = ARGV_ARRAY_INIT;
961
962 if (is_bare_repository())
963 return "denyCurrentBranch = updateInstead needs a worktree";
964
965 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
966
967 if (!find_hook(push_to_checkout_hook))
968 retval = push_to_deploy(sha1, &env, work_tree);
969 else
970 retval = push_to_checkout(sha1, &env, work_tree);
971
972 argv_array_clear(&env);
973 return retval;
974}
975
976static const char *update(struct command *cmd, struct shallow_info *si)
977{
978 const char *name = cmd->ref_name;
979 struct strbuf namespaced_name_buf = STRBUF_INIT;
980 const char *namespaced_name, *ret;
981 unsigned char *old_sha1 = cmd->old_sha1;
982 unsigned char *new_sha1 = cmd->new_sha1;
983
984 /* only refs/... are allowed */
985 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
986 rp_error("refusing to create funny ref '%s' remotely", name);
987 return "funny refname";
988 }
989
990 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
991 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
992
993 if (is_ref_checked_out(namespaced_name)) {
994 switch (deny_current_branch) {
995 case DENY_IGNORE:
996 break;
997 case DENY_WARN:
998 rp_warning("updating the current branch");
999 break;
1000 case DENY_REFUSE:
1001 case DENY_UNCONFIGURED:
1002 rp_error("refusing to update checked out branch: %s", name);
1003 if (deny_current_branch == DENY_UNCONFIGURED)
1004 refuse_unconfigured_deny();
1005 return "branch is currently checked out";
1006 case DENY_UPDATE_INSTEAD:
1007 ret = update_worktree(new_sha1);
1008 if (ret)
1009 return ret;
1010 break;
1011 }
1012 }
1013
1014 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1015 error("unpack should have generated %s, "
1016 "but I can't find it!", sha1_to_hex(new_sha1));
1017 return "bad pack";
1018 }
1019
1020 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1021 if (deny_deletes && starts_with(name, "refs/heads/")) {
1022 rp_error("denying ref deletion for %s", name);
1023 return "deletion prohibited";
1024 }
1025
1026 if (head_name && !strcmp(namespaced_name, head_name)) {
1027 switch (deny_delete_current) {
1028 case DENY_IGNORE:
1029 break;
1030 case DENY_WARN:
1031 rp_warning("deleting the current branch");
1032 break;
1033 case DENY_REFUSE:
1034 case DENY_UNCONFIGURED:
1035 case DENY_UPDATE_INSTEAD:
1036 if (deny_delete_current == DENY_UNCONFIGURED)
1037 refuse_unconfigured_deny_delete_current();
1038 rp_error("refusing to delete the current branch: %s", name);
1039 return "deletion of the current branch prohibited";
1040 default:
1041 return "Invalid denyDeleteCurrent setting";
1042 }
1043 }
1044 }
1045
1046 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1047 !is_null_sha1(old_sha1) &&
1048 starts_with(name, "refs/heads/")) {
1049 struct object *old_object, *new_object;
1050 struct commit *old_commit, *new_commit;
1051
1052 old_object = parse_object(old_sha1);
1053 new_object = parse_object(new_sha1);
1054
1055 if (!old_object || !new_object ||
1056 old_object->type != OBJ_COMMIT ||
1057 new_object->type != OBJ_COMMIT) {
1058 error("bad sha1 objects for %s", name);
1059 return "bad ref";
1060 }
1061 old_commit = (struct commit *)old_object;
1062 new_commit = (struct commit *)new_object;
1063 if (!in_merge_bases(old_commit, new_commit)) {
1064 rp_error("denying non-fast-forward %s"
1065 " (you should pull first)", name);
1066 return "non-fast-forward";
1067 }
1068 }
1069 if (run_update_hook(cmd)) {
1070 rp_error("hook declined to update %s", name);
1071 return "hook declined";
1072 }
1073
1074 if (is_null_sha1(new_sha1)) {
1075 struct strbuf err = STRBUF_INIT;
1076 if (!parse_object(old_sha1)) {
1077 old_sha1 = NULL;
1078 if (ref_exists(name)) {
1079 rp_warning("Allowing deletion of corrupt ref.");
1080 } else {
1081 rp_warning("Deleting a non-existent ref.");
1082 cmd->did_not_exist = 1;
1083 }
1084 }
1085 if (ref_transaction_delete(transaction,
1086 namespaced_name,
1087 old_sha1,
1088 0, "push", &err)) {
1089 rp_error("%s", err.buf);
1090 strbuf_release(&err);
1091 return "failed to delete";
1092 }
1093 strbuf_release(&err);
1094 return NULL; /* good */
1095 }
1096 else {
1097 struct strbuf err = STRBUF_INIT;
1098 if (shallow_update && si->shallow_ref[cmd->index] &&
1099 update_shallow_ref(cmd, si))
1100 return "shallow error";
1101
1102 if (ref_transaction_update(transaction,
1103 namespaced_name,
1104 new_sha1, old_sha1,
1105 0, "push",
1106 &err)) {
1107 rp_error("%s", err.buf);
1108 strbuf_release(&err);
1109
1110 return "failed to update ref";
1111 }
1112 strbuf_release(&err);
1113
1114 return NULL; /* good */
1115 }
1116}
1117
1118static void run_update_post_hook(struct command *commands)
1119{
1120 struct command *cmd;
1121 int argc;
1122 struct child_process proc = CHILD_PROCESS_INIT;
1123 const char *hook;
1124
1125 hook = find_hook("post-update");
1126 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1127 if (cmd->error_string || cmd->did_not_exist)
1128 continue;
1129 argc++;
1130 }
1131 if (!argc || !hook)
1132 return;
1133
1134 argv_array_push(&proc.args, hook);
1135 for (cmd = commands; cmd; cmd = cmd->next) {
1136 if (cmd->error_string || cmd->did_not_exist)
1137 continue;
1138 argv_array_push(&proc.args, cmd->ref_name);
1139 }
1140
1141 proc.no_stdin = 1;
1142 proc.stdout_to_stderr = 1;
1143 proc.err = use_sideband ? -1 : 0;
1144
1145 if (!start_command(&proc)) {
1146 if (use_sideband)
1147 copy_to_sideband(proc.err, -1, NULL);
1148 finish_command(&proc);
1149 }
1150}
1151
1152static void check_aliased_update(struct command *cmd, struct string_list *list)
1153{
1154 struct strbuf buf = STRBUF_INIT;
1155 const char *dst_name;
1156 struct string_list_item *item;
1157 struct command *dst_cmd;
1158 unsigned char sha1[GIT_SHA1_RAWSZ];
1159 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1160 cmd_newh[GIT_SHA1_HEXSZ + 1],
1161 dst_oldh[GIT_SHA1_HEXSZ + 1],
1162 dst_newh[GIT_SHA1_HEXSZ + 1];
1163 int flag;
1164
1165 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1166 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1167 strbuf_release(&buf);
1168
1169 if (!(flag & REF_ISSYMREF))
1170 return;
1171
1172 if (!dst_name) {
1173 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1174 cmd->skip_update = 1;
1175 cmd->error_string = "broken symref";
1176 return;
1177 }
1178 dst_name = strip_namespace(dst_name);
1179
1180 if ((item = string_list_lookup(list, dst_name)) == NULL)
1181 return;
1182
1183 cmd->skip_update = 1;
1184
1185 dst_cmd = (struct command *) item->util;
1186
1187 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1188 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1189 return;
1190
1191 dst_cmd->skip_update = 1;
1192
1193 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1194 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1195 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1196 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1197 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1198 " its target '%s' (%s..%s)",
1199 cmd->ref_name, cmd_oldh, cmd_newh,
1200 dst_cmd->ref_name, dst_oldh, dst_newh);
1201
1202 cmd->error_string = dst_cmd->error_string =
1203 "inconsistent aliased update";
1204}
1205
1206static void check_aliased_updates(struct command *commands)
1207{
1208 struct command *cmd;
1209 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1210
1211 for (cmd = commands; cmd; cmd = cmd->next) {
1212 struct string_list_item *item =
1213 string_list_append(&ref_list, cmd->ref_name);
1214 item->util = (void *)cmd;
1215 }
1216 string_list_sort(&ref_list);
1217
1218 for (cmd = commands; cmd; cmd = cmd->next) {
1219 if (!cmd->error_string)
1220 check_aliased_update(cmd, &ref_list);
1221 }
1222
1223 string_list_clear(&ref_list, 0);
1224}
1225
1226static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1227{
1228 struct command **cmd_list = cb_data;
1229 struct command *cmd = *cmd_list;
1230
1231 if (!cmd || is_null_sha1(cmd->new_sha1))
1232 return -1; /* end of list */
1233 *cmd_list = NULL; /* this returns only one */
1234 hashcpy(sha1, cmd->new_sha1);
1235 return 0;
1236}
1237
1238static void set_connectivity_errors(struct command *commands,
1239 struct shallow_info *si)
1240{
1241 struct command *cmd;
1242
1243 for (cmd = commands; cmd; cmd = cmd->next) {
1244 struct command *singleton = cmd;
1245 if (shallow_update && si->shallow_ref[cmd->index])
1246 /* to be checked in update_shallow_ref() */
1247 continue;
1248 if (!check_connected(command_singleton_iterator, &singleton,
1249 NULL))
1250 continue;
1251 cmd->error_string = "missing necessary objects";
1252 }
1253}
1254
1255struct iterate_data {
1256 struct command *cmds;
1257 struct shallow_info *si;
1258};
1259
1260static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1261{
1262 struct iterate_data *data = cb_data;
1263 struct command **cmd_list = &data->cmds;
1264 struct command *cmd = *cmd_list;
1265
1266 for (; cmd; cmd = cmd->next) {
1267 if (shallow_update && data->si->shallow_ref[cmd->index])
1268 /* to be checked in update_shallow_ref() */
1269 continue;
1270 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1271 hashcpy(sha1, cmd->new_sha1);
1272 *cmd_list = cmd->next;
1273 return 0;
1274 }
1275 }
1276 *cmd_list = NULL;
1277 return -1; /* end of list */
1278}
1279
1280static void reject_updates_to_hidden(struct command *commands)
1281{
1282 struct strbuf refname_full = STRBUF_INIT;
1283 size_t prefix_len;
1284 struct command *cmd;
1285
1286 strbuf_addstr(&refname_full, get_git_namespace());
1287 prefix_len = refname_full.len;
1288
1289 for (cmd = commands; cmd; cmd = cmd->next) {
1290 if (cmd->error_string)
1291 continue;
1292
1293 strbuf_setlen(&refname_full, prefix_len);
1294 strbuf_addstr(&refname_full, cmd->ref_name);
1295
1296 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1297 continue;
1298 if (is_null_sha1(cmd->new_sha1))
1299 cmd->error_string = "deny deleting a hidden ref";
1300 else
1301 cmd->error_string = "deny updating a hidden ref";
1302 }
1303
1304 strbuf_release(&refname_full);
1305}
1306
1307static int should_process_cmd(struct command *cmd)
1308{
1309 return !cmd->error_string && !cmd->skip_update;
1310}
1311
1312static void warn_if_skipped_connectivity_check(struct command *commands,
1313 struct shallow_info *si)
1314{
1315 struct command *cmd;
1316 int checked_connectivity = 1;
1317
1318 for (cmd = commands; cmd; cmd = cmd->next) {
1319 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1320 error("BUG: connectivity check has not been run on ref %s",
1321 cmd->ref_name);
1322 checked_connectivity = 0;
1323 }
1324 }
1325 if (!checked_connectivity)
1326 die("BUG: connectivity check skipped???");
1327}
1328
1329static void execute_commands_non_atomic(struct command *commands,
1330 struct shallow_info *si)
1331{
1332 struct command *cmd;
1333 struct strbuf err = STRBUF_INIT;
1334
1335 for (cmd = commands; cmd; cmd = cmd->next) {
1336 if (!should_process_cmd(cmd))
1337 continue;
1338
1339 transaction = ref_transaction_begin(&err);
1340 if (!transaction) {
1341 rp_error("%s", err.buf);
1342 strbuf_reset(&err);
1343 cmd->error_string = "transaction failed to start";
1344 continue;
1345 }
1346
1347 cmd->error_string = update(cmd, si);
1348
1349 if (!cmd->error_string
1350 && ref_transaction_commit(transaction, &err)) {
1351 rp_error("%s", err.buf);
1352 strbuf_reset(&err);
1353 cmd->error_string = "failed to update ref";
1354 }
1355 ref_transaction_free(transaction);
1356 }
1357 strbuf_release(&err);
1358}
1359
1360static void execute_commands_atomic(struct command *commands,
1361 struct shallow_info *si)
1362{
1363 struct command *cmd;
1364 struct strbuf err = STRBUF_INIT;
1365 const char *reported_error = "atomic push failure";
1366
1367 transaction = ref_transaction_begin(&err);
1368 if (!transaction) {
1369 rp_error("%s", err.buf);
1370 strbuf_reset(&err);
1371 reported_error = "transaction failed to start";
1372 goto failure;
1373 }
1374
1375 for (cmd = commands; cmd; cmd = cmd->next) {
1376 if (!should_process_cmd(cmd))
1377 continue;
1378
1379 cmd->error_string = update(cmd, si);
1380
1381 if (cmd->error_string)
1382 goto failure;
1383 }
1384
1385 if (ref_transaction_commit(transaction, &err)) {
1386 rp_error("%s", err.buf);
1387 reported_error = "atomic transaction failed";
1388 goto failure;
1389 }
1390 goto cleanup;
1391
1392failure:
1393 for (cmd = commands; cmd; cmd = cmd->next)
1394 if (!cmd->error_string)
1395 cmd->error_string = reported_error;
1396
1397cleanup:
1398 ref_transaction_free(transaction);
1399 strbuf_release(&err);
1400}
1401
1402static void execute_commands(struct command *commands,
1403 const char *unpacker_error,
1404 struct shallow_info *si,
1405 const struct string_list *push_options)
1406{
1407 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1408 struct command *cmd;
1409 unsigned char sha1[20];
1410 struct iterate_data data;
1411 struct async muxer;
1412 int err_fd = 0;
1413
1414 if (unpacker_error) {
1415 for (cmd = commands; cmd; cmd = cmd->next)
1416 cmd->error_string = "unpacker error";
1417 return;
1418 }
1419
1420 if (use_sideband) {
1421 memset(&muxer, 0, sizeof(muxer));
1422 muxer.proc = copy_to_sideband;
1423 muxer.in = -1;
1424 if (!start_async(&muxer))
1425 err_fd = muxer.in;
1426 /* ...else, continue without relaying sideband */
1427 }
1428
1429 data.cmds = commands;
1430 data.si = si;
1431 opt.err_fd = err_fd;
1432 opt.progress = err_fd && !quiet;
1433 if (check_connected(iterate_receive_command_list, &data, &opt))
1434 set_connectivity_errors(commands, si);
1435
1436 if (use_sideband)
1437 finish_async(&muxer);
1438
1439 reject_updates_to_hidden(commands);
1440
1441 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1442 for (cmd = commands; cmd; cmd = cmd->next) {
1443 if (!cmd->error_string)
1444 cmd->error_string = "pre-receive hook declined";
1445 }
1446 return;
1447 }
1448
1449 check_aliased_updates(commands);
1450
1451 free(head_name_to_free);
1452 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1453
1454 if (use_atomic)
1455 execute_commands_atomic(commands, si);
1456 else
1457 execute_commands_non_atomic(commands, si);
1458
1459 if (shallow_update)
1460 warn_if_skipped_connectivity_check(commands, si);
1461}
1462
1463static struct command **queue_command(struct command **tail,
1464 const char *line,
1465 int linelen)
1466{
1467 unsigned char old_sha1[20], new_sha1[20];
1468 struct command *cmd;
1469 const char *refname;
1470 int reflen;
1471
1472 if (linelen < 83 ||
1473 line[40] != ' ' ||
1474 line[81] != ' ' ||
1475 get_sha1_hex(line, old_sha1) ||
1476 get_sha1_hex(line + 41, new_sha1))
1477 die("protocol error: expected old/new/ref, got '%s'", line);
1478
1479 refname = line + 82;
1480 reflen = linelen - 82;
1481 cmd = xcalloc(1, st_add3(sizeof(struct command), reflen, 1));
1482 hashcpy(cmd->old_sha1, old_sha1);
1483 hashcpy(cmd->new_sha1, new_sha1);
1484 memcpy(cmd->ref_name, refname, reflen);
1485 cmd->ref_name[reflen] = '\0';
1486 *tail = cmd;
1487 return &cmd->next;
1488}
1489
1490static void queue_commands_from_cert(struct command **tail,
1491 struct strbuf *push_cert)
1492{
1493 const char *boc, *eoc;
1494
1495 if (*tail)
1496 die("protocol error: got both push certificate and unsigned commands");
1497
1498 boc = strstr(push_cert->buf, "\n\n");
1499 if (!boc)
1500 die("malformed push certificate %.*s", 100, push_cert->buf);
1501 else
1502 boc += 2;
1503 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1504
1505 while (boc < eoc) {
1506 const char *eol = memchr(boc, '\n', eoc - boc);
1507 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1508 boc = eol ? eol + 1 : eoc;
1509 }
1510}
1511
1512static struct command *read_head_info(struct sha1_array *shallow)
1513{
1514 struct command *commands = NULL;
1515 struct command **p = &commands;
1516 for (;;) {
1517 char *line;
1518 int len, linelen;
1519
1520 line = packet_read_line(0, &len);
1521 if (!line)
1522 break;
1523
1524 if (len == 48 && starts_with(line, "shallow ")) {
1525 unsigned char sha1[20];
1526 if (get_sha1_hex(line + 8, sha1))
1527 die("protocol error: expected shallow sha, got '%s'",
1528 line + 8);
1529 sha1_array_append(shallow, sha1);
1530 continue;
1531 }
1532
1533 linelen = strlen(line);
1534 if (linelen < len) {
1535 const char *feature_list = line + linelen + 1;
1536 if (parse_feature_request(feature_list, "report-status"))
1537 report_status = 1;
1538 if (parse_feature_request(feature_list, "side-band-64k"))
1539 use_sideband = LARGE_PACKET_MAX;
1540 if (parse_feature_request(feature_list, "quiet"))
1541 quiet = 1;
1542 if (advertise_atomic_push
1543 && parse_feature_request(feature_list, "atomic"))
1544 use_atomic = 1;
1545 if (advertise_push_options
1546 && parse_feature_request(feature_list, "push-options"))
1547 use_push_options = 1;
1548 }
1549
1550 if (!strcmp(line, "push-cert")) {
1551 int true_flush = 0;
1552 char certbuf[1024];
1553
1554 for (;;) {
1555 len = packet_read(0, NULL, NULL,
1556 certbuf, sizeof(certbuf), 0);
1557 if (!len) {
1558 true_flush = 1;
1559 break;
1560 }
1561 if (!strcmp(certbuf, "push-cert-end\n"))
1562 break; /* end of cert */
1563 strbuf_addstr(&push_cert, certbuf);
1564 }
1565
1566 if (true_flush)
1567 break;
1568 continue;
1569 }
1570
1571 p = queue_command(p, line, linelen);
1572 }
1573
1574 if (push_cert.len)
1575 queue_commands_from_cert(p, &push_cert);
1576
1577 return commands;
1578}
1579
1580static void read_push_options(struct string_list *options)
1581{
1582 while (1) {
1583 char *line;
1584 int len;
1585
1586 line = packet_read_line(0, &len);
1587
1588 if (!line)
1589 break;
1590
1591 string_list_append(options, line);
1592 }
1593}
1594
1595static const char *parse_pack_header(struct pack_header *hdr)
1596{
1597 switch (read_pack_header(0, hdr)) {
1598 case PH_ERROR_EOF:
1599 return "eof before pack header was fully read";
1600
1601 case PH_ERROR_PACK_SIGNATURE:
1602 return "protocol error (pack signature mismatch detected)";
1603
1604 case PH_ERROR_PROTOCOL:
1605 return "protocol error (pack version unsupported)";
1606
1607 default:
1608 return "unknown error in parse_pack_header";
1609
1610 case 0:
1611 return NULL;
1612 }
1613}
1614
1615static const char *pack_lockfile;
1616
1617static const char *unpack(int err_fd, struct shallow_info *si)
1618{
1619 struct pack_header hdr;
1620 const char *hdr_err;
1621 int status;
1622 char hdr_arg[38];
1623 struct child_process child = CHILD_PROCESS_INIT;
1624 int fsck_objects = (receive_fsck_objects >= 0
1625 ? receive_fsck_objects
1626 : transfer_fsck_objects >= 0
1627 ? transfer_fsck_objects
1628 : 0);
1629
1630 hdr_err = parse_pack_header(&hdr);
1631 if (hdr_err) {
1632 if (err_fd > 0)
1633 close(err_fd);
1634 return hdr_err;
1635 }
1636 snprintf(hdr_arg, sizeof(hdr_arg),
1637 "--pack_header=%"PRIu32",%"PRIu32,
1638 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1639
1640 if (si->nr_ours || si->nr_theirs) {
1641 alt_shallow_file = setup_temporary_shallow(si->shallow);
1642 argv_array_push(&child.args, "--shallow-file");
1643 argv_array_push(&child.args, alt_shallow_file);
1644 }
1645
1646 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1647 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1648 if (quiet)
1649 argv_array_push(&child.args, "-q");
1650 if (fsck_objects)
1651 argv_array_pushf(&child.args, "--strict%s",
1652 fsck_msg_types.buf);
1653 child.no_stdout = 1;
1654 child.err = err_fd;
1655 child.git_cmd = 1;
1656 status = run_command(&child);
1657 if (status)
1658 return "unpack-objects abnormal exit";
1659 } else {
1660 char hostname[256];
1661
1662 argv_array_pushl(&child.args, "index-pack",
1663 "--stdin", hdr_arg, NULL);
1664
1665 if (gethostname(hostname, sizeof(hostname)))
1666 xsnprintf(hostname, sizeof(hostname), "localhost");
1667 argv_array_pushf(&child.args,
1668 "--keep=receive-pack %"PRIuMAX" on %s",
1669 (uintmax_t)getpid(),
1670 hostname);
1671
1672 if (!quiet && err_fd)
1673 argv_array_push(&child.args, "--show-resolving-progress");
1674 if (use_sideband)
1675 argv_array_push(&child.args, "--report-end-of-input");
1676 if (fsck_objects)
1677 argv_array_pushf(&child.args, "--strict%s",
1678 fsck_msg_types.buf);
1679 if (!reject_thin)
1680 argv_array_push(&child.args, "--fix-thin");
1681 child.out = -1;
1682 child.err = err_fd;
1683 child.git_cmd = 1;
1684 status = start_command(&child);
1685 if (status)
1686 return "index-pack fork failed";
1687 pack_lockfile = index_pack_lockfile(child.out);
1688 close(child.out);
1689 status = finish_command(&child);
1690 if (status)
1691 return "index-pack abnormal exit";
1692 reprepare_packed_git();
1693 }
1694 return NULL;
1695}
1696
1697static const char *unpack_with_sideband(struct shallow_info *si)
1698{
1699 struct async muxer;
1700 const char *ret;
1701
1702 if (!use_sideband)
1703 return unpack(0, si);
1704
1705 use_keepalive = KEEPALIVE_AFTER_NUL;
1706 memset(&muxer, 0, sizeof(muxer));
1707 muxer.proc = copy_to_sideband;
1708 muxer.in = -1;
1709 if (start_async(&muxer))
1710 return NULL;
1711
1712 ret = unpack(muxer.in, si);
1713
1714 finish_async(&muxer);
1715 return ret;
1716}
1717
1718static void prepare_shallow_update(struct command *commands,
1719 struct shallow_info *si)
1720{
1721 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1722
1723 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1724 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1725
1726 si->need_reachability_test =
1727 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1728 si->reachable =
1729 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1730 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1731
1732 for (i = 0; i < si->nr_ours; i++)
1733 si->need_reachability_test[si->ours[i]] = 1;
1734
1735 for (i = 0; i < si->shallow->nr; i++) {
1736 if (!si->used_shallow[i])
1737 continue;
1738 for (j = 0; j < bitmap_size; j++) {
1739 if (!si->used_shallow[i][j])
1740 continue;
1741 si->need_reachability_test[i]++;
1742 for (k = 0; k < 32; k++)
1743 if (si->used_shallow[i][j] & (1U << k))
1744 si->shallow_ref[j * 32 + k]++;
1745 }
1746
1747 /*
1748 * true for those associated with some refs and belong
1749 * in "ours" list aka "step 7 not done yet"
1750 */
1751 si->need_reachability_test[i] =
1752 si->need_reachability_test[i] > 1;
1753 }
1754
1755 /*
1756 * keep hooks happy by forcing a temporary shallow file via
1757 * env variable because we can't add --shallow-file to every
1758 * command. check_everything_connected() will be done with
1759 * true .git/shallow though.
1760 */
1761 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1762}
1763
1764static void update_shallow_info(struct command *commands,
1765 struct shallow_info *si,
1766 struct sha1_array *ref)
1767{
1768 struct command *cmd;
1769 int *ref_status;
1770 remove_nonexistent_theirs_shallow(si);
1771 if (!si->nr_ours && !si->nr_theirs) {
1772 shallow_update = 0;
1773 return;
1774 }
1775
1776 for (cmd = commands; cmd; cmd = cmd->next) {
1777 if (is_null_sha1(cmd->new_sha1))
1778 continue;
1779 sha1_array_append(ref, cmd->new_sha1);
1780 cmd->index = ref->nr - 1;
1781 }
1782 si->ref = ref;
1783
1784 if (shallow_update) {
1785 prepare_shallow_update(commands, si);
1786 return;
1787 }
1788
1789 ALLOC_ARRAY(ref_status, ref->nr);
1790 assign_shallow_commits_to_refs(si, NULL, ref_status);
1791 for (cmd = commands; cmd; cmd = cmd->next) {
1792 if (is_null_sha1(cmd->new_sha1))
1793 continue;
1794 if (ref_status[cmd->index]) {
1795 cmd->error_string = "shallow update not allowed";
1796 cmd->skip_update = 1;
1797 }
1798 }
1799 free(ref_status);
1800}
1801
1802static void report(struct command *commands, const char *unpack_status)
1803{
1804 struct command *cmd;
1805 struct strbuf buf = STRBUF_INIT;
1806
1807 packet_buf_write(&buf, "unpack %s\n",
1808 unpack_status ? unpack_status : "ok");
1809 for (cmd = commands; cmd; cmd = cmd->next) {
1810 if (!cmd->error_string)
1811 packet_buf_write(&buf, "ok %s\n",
1812 cmd->ref_name);
1813 else
1814 packet_buf_write(&buf, "ng %s %s\n",
1815 cmd->ref_name, cmd->error_string);
1816 }
1817 packet_buf_flush(&buf);
1818
1819 if (use_sideband)
1820 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1821 else
1822 write_or_die(1, buf.buf, buf.len);
1823 strbuf_release(&buf);
1824}
1825
1826static int delete_only(struct command *commands)
1827{
1828 struct command *cmd;
1829 for (cmd = commands; cmd; cmd = cmd->next) {
1830 if (!is_null_sha1(cmd->new_sha1))
1831 return 0;
1832 }
1833 return 1;
1834}
1835
1836int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1837{
1838 int advertise_refs = 0;
1839 struct command *commands;
1840 struct sha1_array shallow = SHA1_ARRAY_INIT;
1841 struct sha1_array ref = SHA1_ARRAY_INIT;
1842 struct shallow_info si;
1843
1844 struct option options[] = {
1845 OPT__QUIET(&quiet, N_("quiet")),
1846 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1847 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1848 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1849 OPT_END()
1850 };
1851
1852 packet_trace_identity("receive-pack");
1853
1854 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1855
1856 if (argc > 1)
1857 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1858 if (argc == 0)
1859 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1860
1861 service_dir = argv[0];
1862
1863 setup_path();
1864
1865 if (!enter_repo(service_dir, 0))
1866 die("'%s' does not appear to be a git repository", service_dir);
1867
1868 git_config(receive_pack_config, NULL);
1869 if (cert_nonce_seed)
1870 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1871
1872 if (0 <= transfer_unpack_limit)
1873 unpack_limit = transfer_unpack_limit;
1874 else if (0 <= receive_unpack_limit)
1875 unpack_limit = receive_unpack_limit;
1876
1877 if (advertise_refs || !stateless_rpc) {
1878 write_head_info();
1879 }
1880 if (advertise_refs)
1881 return 0;
1882
1883 if ((commands = read_head_info(&shallow)) != NULL) {
1884 const char *unpack_status = NULL;
1885 struct string_list push_options = STRING_LIST_INIT_DUP;
1886
1887 if (use_push_options)
1888 read_push_options(&push_options);
1889
1890 prepare_shallow_info(&si, &shallow);
1891 if (!si.nr_ours && !si.nr_theirs)
1892 shallow_update = 0;
1893 if (!delete_only(commands)) {
1894 unpack_status = unpack_with_sideband(&si);
1895 update_shallow_info(commands, &si, &ref);
1896 }
1897 use_keepalive = KEEPALIVE_ALWAYS;
1898 execute_commands(commands, unpack_status, &si,
1899 &push_options);
1900 if (pack_lockfile)
1901 unlink_or_warn(pack_lockfile);
1902 if (report_status)
1903 report(commands, unpack_status);
1904 run_receive_hook(commands, "post-receive", 1,
1905 &push_options);
1906 run_update_post_hook(commands);
1907 if (push_options.nr)
1908 string_list_clear(&push_options, 0);
1909 if (auto_gc) {
1910 const char *argv_gc_auto[] = {
1911 "gc", "--auto", "--quiet", NULL,
1912 };
1913 struct child_process proc = CHILD_PROCESS_INIT;
1914
1915 proc.no_stdin = 1;
1916 proc.stdout_to_stderr = 1;
1917 proc.err = use_sideband ? -1 : 0;
1918 proc.git_cmd = 1;
1919 proc.argv = argv_gc_auto;
1920
1921 close_all_packs();
1922 if (!start_command(&proc)) {
1923 if (use_sideband)
1924 copy_to_sideband(proc.err, -1, NULL);
1925 finish_command(&proc);
1926 }
1927 }
1928 if (auto_update_server_info)
1929 update_server_info(0);
1930 clear_shallow_info(&si);
1931 }
1932 if (use_sideband)
1933 packet_flush(1);
1934 sha1_array_clear(&shallow);
1935 sha1_array_clear(&ref);
1936 free((void *)push_cert_nonce);
1937 return 0;
1938}