1#include "builtin.h"
2#include "config.h"
3#include "lockfile.h"
4#include "pack.h"
5#include "refs.h"
6#include "pkt-line.h"
7#include "sideband.h"
8#include "run-command.h"
9#include "exec_cmd.h"
10#include "commit.h"
11#include "object.h"
12#include "remote.h"
13#include "connect.h"
14#include "transport.h"
15#include "string-list.h"
16#include "sha1-array.h"
17#include "connected.h"
18#include "argv-array.h"
19#include "version.h"
20#include "tag.h"
21#include "gpg-interface.h"
22#include "sigchain.h"
23#include "fsck.h"
24#include "tmp-objdir.h"
25#include "oidset.h"
26static const char * const receive_pack_usage[] = {
28 N_("git receive-pack <git-dir>"),
29 NULL
30};
31enum deny_action {
33 DENY_UNCONFIGURED,
34 DENY_IGNORE,
35 DENY_WARN,
36 DENY_REFUSE,
37 DENY_UPDATE_INSTEAD
38};
39static int deny_deletes;
41static int deny_non_fast_forwards;
42static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
43static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
44static int receive_fsck_objects = -1;
45static int transfer_fsck_objects = -1;
46static struct strbuf fsck_msg_types = STRBUF_INIT;
47static int receive_unpack_limit = -1;
48static int transfer_unpack_limit = -1;
49static int advertise_atomic_push = 1;
50static int advertise_push_options;
51static int unpack_limit = 100;
52static off_t max_input_size;
53static int report_status;
54static int use_sideband;
55static int use_atomic;
56static int use_push_options;
57static int quiet;
58static int prefer_ofs_delta = 1;
59static int auto_update_server_info;
60static int auto_gc = 1;
61static int reject_thin;
62static int stateless_rpc;
63static const char *service_dir;
64static const char *head_name;
65static void *head_name_to_free;
66static int sent_capabilities;
67static int shallow_update;
68static const char *alt_shallow_file;
69static struct strbuf push_cert = STRBUF_INIT;
70static unsigned char push_cert_sha1[20];
71static struct signature_check sigcheck;
72static const char *push_cert_nonce;
73static const char *cert_nonce_seed;
74static const char *NONCE_UNSOLICITED = "UNSOLICITED";
76static const char *NONCE_BAD = "BAD";
77static const char *NONCE_MISSING = "MISSING";
78static const char *NONCE_OK = "OK";
79static const char *NONCE_SLOP = "SLOP";
80static const char *nonce_status;
81static long nonce_stamp_slop;
82static unsigned long nonce_stamp_slop_limit;
83static struct ref_transaction *transaction;
84static enum {
86 KEEPALIVE_NEVER = 0,
87 KEEPALIVE_AFTER_NUL,
88 KEEPALIVE_ALWAYS
89} use_keepalive;
90static int keepalive_in_sec = 5;
91static struct tmp_objdir *tmp_objdir;
93static enum deny_action parse_deny_action(const char *var, const char *value)
95{
96 if (value) {
97 if (!strcasecmp(value, "ignore"))
98 return DENY_IGNORE;
99 if (!strcasecmp(value, "warn"))
100 return DENY_WARN;
101 if (!strcasecmp(value, "refuse"))
102 return DENY_REFUSE;
103 if (!strcasecmp(value, "updateinstead"))
104 return DENY_UPDATE_INSTEAD;
105 }
106 if (git_config_bool(var, value))
107 return DENY_REFUSE;
108 return DENY_IGNORE;
109}
110static int receive_pack_config(const char *var, const char *value, void *cb)
112{
113 int status = parse_hide_refs_config(var, value, "receive");
114 if (status)
116 return status;
117 if (strcmp(var, "receive.denydeletes") == 0) {
119 deny_deletes = git_config_bool(var, value);
120 return 0;
121 }
122 if (strcmp(var, "receive.denynonfastforwards") == 0) {
124 deny_non_fast_forwards = git_config_bool(var, value);
125 return 0;
126 }
127 if (strcmp(var, "receive.unpacklimit") == 0) {
129 receive_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132 if (strcmp(var, "transfer.unpacklimit") == 0) {
134 transfer_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137 if (strcmp(var, "receive.fsck.skiplist") == 0) {
139 const char *path;
140 if (git_config_pathname(&path, var, value))
142 return 1;
143 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
144 fsck_msg_types.len ? ',' : '=', path);
145 free((char *)path);
146 return 0;
147 }
148 if (skip_prefix(var, "receive.fsck.", &var)) {
150 if (is_valid_msg_type(var, value))
151 strbuf_addf(&fsck_msg_types, "%c%s=%s",
152 fsck_msg_types.len ? ',' : '=', var, value);
153 else
154 warning("Skipping unknown msg id '%s'", var);
155 return 0;
156 }
157 if (strcmp(var, "receive.fsckobjects") == 0) {
159 receive_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162 if (strcmp(var, "transfer.fsckobjects") == 0) {
164 transfer_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167 if (!strcmp(var, "receive.denycurrentbranch")) {
169 deny_current_branch = parse_deny_action(var, value);
170 return 0;
171 }
172 if (strcmp(var, "receive.denydeletecurrent") == 0) {
174 deny_delete_current = parse_deny_action(var, value);
175 return 0;
176 }
177 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
179 prefer_ofs_delta = git_config_bool(var, value);
180 return 0;
181 }
182 if (strcmp(var, "receive.updateserverinfo") == 0) {
184 auto_update_server_info = git_config_bool(var, value);
185 return 0;
186 }
187 if (strcmp(var, "receive.autogc") == 0) {
189 auto_gc = git_config_bool(var, value);
190 return 0;
191 }
192 if (strcmp(var, "receive.shallowupdate") == 0) {
194 shallow_update = git_config_bool(var, value);
195 return 0;
196 }
197 if (strcmp(var, "receive.certnonceseed") == 0)
199 return git_config_string(&cert_nonce_seed, var, value);
200 if (strcmp(var, "receive.certnonceslop") == 0) {
202 nonce_stamp_slop_limit = git_config_ulong(var, value);
203 return 0;
204 }
205 if (strcmp(var, "receive.advertiseatomic") == 0) {
207 advertise_atomic_push = git_config_bool(var, value);
208 return 0;
209 }
210 if (strcmp(var, "receive.advertisepushoptions") == 0) {
212 advertise_push_options = git_config_bool(var, value);
213 return 0;
214 }
215 if (strcmp(var, "receive.keepalive") == 0) {
217 keepalive_in_sec = git_config_int(var, value);
218 return 0;
219 }
220 if (strcmp(var, "receive.maxinputsize") == 0) {
222 max_input_size = git_config_int64(var, value);
223 return 0;
224 }
225 return git_default_config(var, value, cb);
227}
228static void show_ref(const char *path, const struct object_id *oid)
230{
231 if (sent_capabilities) {
232 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
233 } else {
234 struct strbuf cap = STRBUF_INIT;
235 strbuf_addstr(&cap,
237 "report-status delete-refs side-band-64k quiet");
238 if (advertise_atomic_push)
239 strbuf_addstr(&cap, " atomic");
240 if (prefer_ofs_delta)
241 strbuf_addstr(&cap, " ofs-delta");
242 if (push_cert_nonce)
243 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
244 if (advertise_push_options)
245 strbuf_addstr(&cap, " push-options");
246 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
247 packet_write_fmt(1, "%s %s%c%s\n",
248 oid_to_hex(oid), path, 0, cap.buf);
249 strbuf_release(&cap);
250 sent_capabilities = 1;
251 }
252}
253static int show_ref_cb(const char *path_full, const struct object_id *oid,
255 int flag, void *data)
256{
257 struct oidset *seen = data;
258 const char *path = strip_namespace(path_full);
259 if (ref_is_hidden(path, path_full))
261 return 0;
262 /*
264 * Advertise refs outside our current namespace as ".have"
265 * refs, so that the client can use them to minimize data
266 * transfer but will otherwise ignore them.
267 */
268 if (!path) {
269 if (oidset_insert(seen, oid))
270 return 0;
271 path = ".have";
272 } else {
273 oidset_insert(seen, oid);
274 }
275 show_ref(path, oid);
276 return 0;
277}
278static void show_one_alternate_ref(const char *refname,
280 const struct object_id *oid,
281 void *data)
282{
283 struct oidset *seen = data;
284 if (oidset_insert(seen, oid))
286 return;
287 show_ref(".have", oid);
289}
290static void write_head_info(void)
292{
293 static struct oidset seen = OIDSET_INIT;
294 for_each_ref(show_ref_cb, &seen);
296 for_each_alternate_ref(show_one_alternate_ref, &seen);
297 oidset_clear(&seen);
298 if (!sent_capabilities)
299 show_ref("capabilities^{}", &null_oid);
300 advertise_shallow_grafts(1);
302 /* EOF */
304 packet_flush(1);
305}
306struct command {
308 struct command *next;
309 const char *error_string;
310 unsigned int skip_update:1,
311 did_not_exist:1;
312 int index;
313 struct object_id old_oid;
314 struct object_id new_oid;
315 char ref_name[FLEX_ARRAY]; /* more */
316};
317static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
319static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
320static void report_message(const char *prefix, const char *err, va_list params)
322{
323 int sz;
324 char msg[4096];
325 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
327 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
328 if (sz > (sizeof(msg) - 1))
329 sz = sizeof(msg) - 1;
330 msg[sz++] = '\n';
331 if (use_sideband)
333 send_sideband(1, 2, msg, sz, use_sideband);
334 else
335 xwrite(2, msg, sz);
336}
337static void rp_warning(const char *err, ...)
339{
340 va_list params;
341 va_start(params, err);
342 report_message("warning: ", err, params);
343 va_end(params);
344}
345static void rp_error(const char *err, ...)
347{
348 va_list params;
349 va_start(params, err);
350 report_message("error: ", err, params);
351 va_end(params);
352}
353static int copy_to_sideband(int in, int out, void *arg)
355{
356 char data[128];
357 int keepalive_active = 0;
358 if (keepalive_in_sec <= 0)
360 use_keepalive = KEEPALIVE_NEVER;
361 if (use_keepalive == KEEPALIVE_ALWAYS)
362 keepalive_active = 1;
363 while (1) {
365 ssize_t sz;
366 if (keepalive_active) {
368 struct pollfd pfd;
369 int ret;
370 pfd.fd = in;
372 pfd.events = POLLIN;
373 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
374 if (ret < 0) {
376 if (errno == EINTR)
377 continue;
378 else
379 break;
380 } else if (ret == 0) {
381 /* no data; send a keepalive packet */
382 static const char buf[] = "0005\1";
383 write_or_die(1, buf, sizeof(buf) - 1);
384 continue;
385 } /* else there is actual data to read */
386 }
387 sz = xread(in, data, sizeof(data));
389 if (sz <= 0)
390 break;
391 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
393 const char *p = memchr(data, '\0', sz);
394 if (p) {
395 /*
396 * The NUL tells us to start sending keepalives. Make
397 * sure we send any other data we read along
398 * with it.
399 */
400 keepalive_active = 1;
401 send_sideband(1, 2, data, p - data, use_sideband);
402 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
403 continue;
404 }
405 }
406 /*
408 * Either we're not looking for a NUL signal, or we didn't see
409 * it yet; just pass along the data.
410 */
411 send_sideband(1, 2, data, sz, use_sideband);
412 }
413 close(in);
414 return 0;
415}
416#define HMAC_BLOCK_SIZE 64
418static void hmac_sha1(unsigned char *out,
420 const char *key_in, size_t key_len,
421 const char *text, size_t text_len)
422{
423 unsigned char key[HMAC_BLOCK_SIZE];
424 unsigned char k_ipad[HMAC_BLOCK_SIZE];
425 unsigned char k_opad[HMAC_BLOCK_SIZE];
426 int i;
427 git_SHA_CTX ctx;
428 /* RFC 2104 2. (1) */
430 memset(key, '\0', HMAC_BLOCK_SIZE);
431 if (HMAC_BLOCK_SIZE < key_len) {
432 git_SHA1_Init(&ctx);
433 git_SHA1_Update(&ctx, key_in, key_len);
434 git_SHA1_Final(key, &ctx);
435 } else {
436 memcpy(key, key_in, key_len);
437 }
438 /* RFC 2104 2. (2) & (5) */
440 for (i = 0; i < sizeof(key); i++) {
441 k_ipad[i] = key[i] ^ 0x36;
442 k_opad[i] = key[i] ^ 0x5c;
443 }
444 /* RFC 2104 2. (3) & (4) */
446 git_SHA1_Init(&ctx);
447 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
448 git_SHA1_Update(&ctx, text, text_len);
449 git_SHA1_Final(out, &ctx);
450 /* RFC 2104 2. (6) & (7) */
452 git_SHA1_Init(&ctx);
453 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
454 git_SHA1_Update(&ctx, out, 20);
455 git_SHA1_Final(out, &ctx);
456}
457static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
459{
460 struct strbuf buf = STRBUF_INIT;
461 unsigned char sha1[20];
462 strbuf_addf(&buf, "%s:%lu", path, stamp);
464 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
465 strbuf_release(&buf);
466 /* RFC 2104 5. HMAC-SHA1-80 */
468 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
469 return strbuf_detach(&buf, NULL);
470}
471/*
473 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
474 * after dropping "_commit" from its name and possibly moving it out
475 * of commit.c
476 */
477static char *find_header(const char *msg, size_t len, const char *key)
478{
479 int key_len = strlen(key);
480 const char *line = msg;
481 while (line && line < msg + len) {
483 const char *eol = strchrnul(line, '\n');
484 if ((msg + len <= eol) || line == eol)
486 return NULL;
487 if (line + key_len < eol &&
488 !memcmp(line, key, key_len) && line[key_len] == ' ') {
489 int offset = key_len + 1;
490 return xmemdupz(line + offset, (eol - line) - offset);
491 }
492 line = *eol ? eol + 1 : NULL;
493 }
494 return NULL;
495}
496static const char *check_nonce(const char *buf, size_t len)
498{
499 char *nonce = find_header(buf, len, "nonce");
500 unsigned long stamp, ostamp;
501 char *bohmac, *expect = NULL;
502 const char *retval = NONCE_BAD;
503 if (!nonce) {
505 retval = NONCE_MISSING;
506 goto leave;
507 } else if (!push_cert_nonce) {
508 retval = NONCE_UNSOLICITED;
509 goto leave;
510 } else if (!strcmp(push_cert_nonce, nonce)) {
511 retval = NONCE_OK;
512 goto leave;
513 }
514 if (!stateless_rpc) {
516 /* returned nonce MUST match what we gave out earlier */
517 retval = NONCE_BAD;
518 goto leave;
519 }
520 /*
522 * In stateless mode, we may be receiving a nonce issued by
523 * another instance of the server that serving the same
524 * repository, and the timestamps may not match, but the
525 * nonce-seed and dir should match, so we can recompute and
526 * report the time slop.
527 *
528 * In addition, when a nonce issued by another instance has
529 * timestamp within receive.certnonceslop seconds, we pretend
530 * as if we issued that nonce when reporting to the hook.
531 */
532 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
534 if (*nonce <= '0' || '9' < *nonce) {
535 retval = NONCE_BAD;
536 goto leave;
537 }
538 stamp = strtoul(nonce, &bohmac, 10);
539 if (bohmac == nonce || bohmac[0] != '-') {
540 retval = NONCE_BAD;
541 goto leave;
542 }
543 expect = prepare_push_cert_nonce(service_dir, stamp);
545 if (strcmp(expect, nonce)) {
546 /* Not what we would have signed earlier */
547 retval = NONCE_BAD;
548 goto leave;
549 }
550 /*
552 * By how many seconds is this nonce stale? Negative value
553 * would mean it was issued by another server with its clock
554 * skewed in the future.
555 */
556 ostamp = strtoul(push_cert_nonce, NULL, 10);
557 nonce_stamp_slop = (long)ostamp - (long)stamp;
558 if (nonce_stamp_slop_limit &&
560 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
561 /*
562 * Pretend as if the received nonce (which passes the
563 * HMAC check, so it is not a forged by third-party)
564 * is what we issued.
565 */
566 free((void *)push_cert_nonce);
567 push_cert_nonce = xstrdup(nonce);
568 retval = NONCE_OK;
569 } else {
570 retval = NONCE_SLOP;
571 }
572leave:
574 free(nonce);
575 free(expect);
576 return retval;
577}
578static void prepare_push_cert_sha1(struct child_process *proc)
580{
581 static int already_done;
582 if (!push_cert.len)
584 return;
585 if (!already_done) {
587 struct strbuf gpg_output = STRBUF_INIT;
588 struct strbuf gpg_status = STRBUF_INIT;
589 int bogs /* beginning_of_gpg_sig */;
590 already_done = 1;
592 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
593 hashclr(push_cert_sha1);
594 memset(&sigcheck, '\0', sizeof(sigcheck));
596 sigcheck.result = 'N';
597 bogs = parse_signature(push_cert.buf, push_cert.len);
599 if (verify_signed_buffer(push_cert.buf, bogs,
600 push_cert.buf + bogs, push_cert.len - bogs,
601 &gpg_output, &gpg_status) < 0) {
602 ; /* error running gpg */
603 } else {
604 sigcheck.payload = push_cert.buf;
605 sigcheck.gpg_output = gpg_output.buf;
606 sigcheck.gpg_status = gpg_status.buf;
607 parse_gpg_output(&sigcheck);
608 }
609 strbuf_release(&gpg_output);
611 strbuf_release(&gpg_status);
612 nonce_status = check_nonce(push_cert.buf, bogs);
613 }
614 if (!is_null_sha1(push_cert_sha1)) {
615 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
616 sha1_to_hex(push_cert_sha1));
617 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
618 sigcheck.signer ? sigcheck.signer : "");
619 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
620 sigcheck.key ? sigcheck.key : "");
621 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
622 sigcheck.result);
623 if (push_cert_nonce) {
624 argv_array_pushf(&proc->env_array,
625 "GIT_PUSH_CERT_NONCE=%s",
626 push_cert_nonce);
627 argv_array_pushf(&proc->env_array,
628 "GIT_PUSH_CERT_NONCE_STATUS=%s",
629 nonce_status);
630 if (nonce_status == NONCE_SLOP)
631 argv_array_pushf(&proc->env_array,
632 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
633 nonce_stamp_slop);
634 }
635 }
636}
637struct receive_hook_feed_state {
639 struct command *cmd;
640 int skip_broken;
641 struct strbuf buf;
642 const struct string_list *push_options;
643};
644typedef int (*feed_fn)(void *, const char **, size_t *);
646static int run_and_feed_hook(const char *hook_name, feed_fn feed,
647 struct receive_hook_feed_state *feed_state)
648{
649 struct child_process proc = CHILD_PROCESS_INIT;
650 struct async muxer;
651 const char *argv[2];
652 int code;
653 argv[0] = find_hook(hook_name);
655 if (!argv[0])
656 return 0;
657 argv[1] = NULL;
659 proc.argv = argv;
661 proc.in = -1;
662 proc.stdout_to_stderr = 1;
663 if (feed_state->push_options) {
664 int i;
665 for (i = 0; i < feed_state->push_options->nr; i++)
666 argv_array_pushf(&proc.env_array,
667 "GIT_PUSH_OPTION_%d=%s", i,
668 feed_state->push_options->items[i].string);
669 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
670 feed_state->push_options->nr);
671 } else
672 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
673 if (tmp_objdir)
675 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
676 if (use_sideband) {
678 memset(&muxer, 0, sizeof(muxer));
679 muxer.proc = copy_to_sideband;
680 muxer.in = -1;
681 code = start_async(&muxer);
682 if (code)
683 return code;
684 proc.err = muxer.in;
685 }
686 prepare_push_cert_sha1(&proc);
688 code = start_command(&proc);
690 if (code) {
691 if (use_sideband)
692 finish_async(&muxer);
693 return code;
694 }
695 sigchain_push(SIGPIPE, SIG_IGN);
697 while (1) {
699 const char *buf;
700 size_t n;
701 if (feed(feed_state, &buf, &n))
702 break;
703 if (write_in_full(proc.in, buf, n) != n)
704 break;
705 }
706 close(proc.in);
707 if (use_sideband)
708 finish_async(&muxer);
709 sigchain_pop(SIGPIPE);
711 return finish_command(&proc);
713}
714static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
716{
717 struct receive_hook_feed_state *state = state_;
718 struct command *cmd = state->cmd;
719 while (cmd &&
721 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
722 cmd = cmd->next;
723 if (!cmd)
724 return -1; /* EOF */
725 strbuf_reset(&state->buf);
726 strbuf_addf(&state->buf, "%s %s %s\n",
727 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
728 cmd->ref_name);
729 state->cmd = cmd->next;
730 if (bufp) {
731 *bufp = state->buf.buf;
732 *sizep = state->buf.len;
733 }
734 return 0;
735}
736static int run_receive_hook(struct command *commands,
738 const char *hook_name,
739 int skip_broken,
740 const struct string_list *push_options)
741{
742 struct receive_hook_feed_state state;
743 int status;
744 strbuf_init(&state.buf, 0);
746 state.cmd = commands;
747 state.skip_broken = skip_broken;
748 if (feed_receive_hook(&state, NULL, NULL))
749 return 0;
750 state.cmd = commands;
751 state.push_options = push_options;
752 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
753 strbuf_release(&state.buf);
754 return status;
755}
756static int run_update_hook(struct command *cmd)
758{
759 const char *argv[5];
760 struct child_process proc = CHILD_PROCESS_INIT;
761 int code;
762 argv[0] = find_hook("update");
764 if (!argv[0])
765 return 0;
766 argv[1] = cmd->ref_name;
768 argv[2] = oid_to_hex(&cmd->old_oid);
769 argv[3] = oid_to_hex(&cmd->new_oid);
770 argv[4] = NULL;
771 proc.no_stdin = 1;
773 proc.stdout_to_stderr = 1;
774 proc.err = use_sideband ? -1 : 0;
775 proc.argv = argv;
776 code = start_command(&proc);
778 if (code)
779 return code;
780 if (use_sideband)
781 copy_to_sideband(proc.err, -1, NULL);
782 return finish_command(&proc);
783}
784static int is_ref_checked_out(const char *ref)
786{
787 if (is_bare_repository())
788 return 0;
789 if (!head_name)
791 return 0;
792 return !strcmp(head_name, ref);
793}
794static char *refuse_unconfigured_deny_msg =
796 N_("By default, updating the current branch in a non-bare repository\n"
797 "is denied, because it will make the index and work tree inconsistent\n"
798 "with what you pushed, and will require 'git reset --hard' to match\n"
799 "the work tree to HEAD.\n"
800 "\n"
801 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
802 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
803 "its current branch; however, this is not recommended unless you\n"
804 "arranged to update its work tree to match what you pushed in some\n"
805 "other way.\n"
806 "\n"
807 "To squelch this message and still keep the default behaviour, set\n"
808 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
809static void refuse_unconfigured_deny(void)
811{
812 rp_error("%s", _(refuse_unconfigured_deny_msg));
813}
814static char *refuse_unconfigured_deny_delete_current_msg =
816 N_("By default, deleting the current branch is denied, because the next\n"
817 "'git clone' won't result in any file checked out, causing confusion.\n"
818 "\n"
819 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
820 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
821 "current branch, with or without a warning message.\n"
822 "\n"
823 "To squelch this message, you can set it to 'refuse'.");
824static void refuse_unconfigured_deny_delete_current(void)
826{
827 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
828}
829static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
831static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
832{
833 static struct lock_file shallow_lock;
834 struct oid_array extra = OID_ARRAY_INIT;
835 struct check_connected_options opt = CHECK_CONNECTED_INIT;
836 uint32_t mask = 1 << (cmd->index % 32);
837 int i;
838 trace_printf_key(&trace_shallow,
840 "shallow: update_shallow_ref %s\n", cmd->ref_name);
841 for (i = 0; i < si->shallow->nr; i++)
842 if (si->used_shallow[i] &&
843 (si->used_shallow[i][cmd->index / 32] & mask) &&
844 !delayed_reachability_test(si, i))
845 oid_array_append(&extra, &si->shallow->oid[i]);
846 opt.env = tmp_objdir_env(tmp_objdir);
848 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
849 if (check_connected(command_singleton_iterator, cmd, &opt)) {
850 rollback_lock_file(&shallow_lock);
851 oid_array_clear(&extra);
852 return -1;
853 }
854 commit_lock_file(&shallow_lock);
856 /*
858 * Make sure setup_alternate_shallow() for the next ref does
859 * not lose these new roots..
860 */
861 for (i = 0; i < extra.nr; i++)
862 register_shallow(extra.oid[i].hash);
863 si->shallow_ref[cmd->index] = 0;
865 oid_array_clear(&extra);
866 return 0;
867}
868/*
870 * NEEDSWORK: we should consolidate various implementions of "are we
871 * on an unborn branch?" test into one, and make the unified one more
872 * robust. !get_sha1() based check used here and elsewhere would not
873 * allow us to tell an unborn branch from corrupt ref, for example.
874 * For the purpose of fixing "deploy-to-update does not work when
875 * pushing into an empty repository" issue, this should suffice for
876 * now.
877 */
878static int head_has_history(void)
879{
880 unsigned char sha1[20];
881 return !get_sha1("HEAD", sha1);
883}
884static const char *push_to_deploy(unsigned char *sha1,
886 struct argv_array *env,
887 const char *work_tree)
888{
889 const char *update_refresh[] = {
890 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
891 };
892 const char *diff_files[] = {
893 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
894 };
895 const char *diff_index[] = {
896 "diff-index", "--quiet", "--cached", "--ignore-submodules",
897 NULL, "--", NULL
898 };
899 const char *read_tree[] = {
900 "read-tree", "-u", "-m", NULL, NULL
901 };
902 struct child_process child = CHILD_PROCESS_INIT;
903 child.argv = update_refresh;
905 child.env = env->argv;
906 child.dir = work_tree;
907 child.no_stdin = 1;
908 child.stdout_to_stderr = 1;
909 child.git_cmd = 1;
910 if (run_command(&child))
911 return "Up-to-date check failed";
912 /* run_command() does not clean up completely; reinitialize */
914 child_process_init(&child);
915 child.argv = diff_files;
916 child.env = env->argv;
917 child.dir = work_tree;
918 child.no_stdin = 1;
919 child.stdout_to_stderr = 1;
920 child.git_cmd = 1;
921 if (run_command(&child))
922 return "Working directory has unstaged changes";
923 /* diff-index with either HEAD or an empty tree */
925 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
926 child_process_init(&child);
928 child.argv = diff_index;
929 child.env = env->argv;
930 child.no_stdin = 1;
931 child.no_stdout = 1;
932 child.stdout_to_stderr = 0;
933 child.git_cmd = 1;
934 if (run_command(&child))
935 return "Working directory has staged changes";
936 read_tree[3] = sha1_to_hex(sha1);
938 child_process_init(&child);
939 child.argv = read_tree;
940 child.env = env->argv;
941 child.dir = work_tree;
942 child.no_stdin = 1;
943 child.no_stdout = 1;
944 child.stdout_to_stderr = 0;
945 child.git_cmd = 1;
946 if (run_command(&child))
947 return "Could not update working tree to new HEAD";
948 return NULL;
950}
951static const char *push_to_checkout_hook = "push-to-checkout";
953static const char *push_to_checkout(unsigned char *sha1,
955 struct argv_array *env,
956 const char *work_tree)
957{
958 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
959 if (run_hook_le(env->argv, push_to_checkout_hook,
960 sha1_to_hex(sha1), NULL))
961 return "push-to-checkout hook declined";
962 else
963 return NULL;
964}
965static const char *update_worktree(unsigned char *sha1)
967{
968 const char *retval;
969 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
970 struct argv_array env = ARGV_ARRAY_INIT;
971 if (is_bare_repository())
973 return "denyCurrentBranch = updateInstead needs a worktree";
974 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
976 if (!find_hook(push_to_checkout_hook))
978 retval = push_to_deploy(sha1, &env, work_tree);
979 else
980 retval = push_to_checkout(sha1, &env, work_tree);
981 argv_array_clear(&env);
983 return retval;
984}
985static const char *update(struct command *cmd, struct shallow_info *si)
987{
988 const char *name = cmd->ref_name;
989 struct strbuf namespaced_name_buf = STRBUF_INIT;
990 const char *namespaced_name, *ret;
991 struct object_id *old_oid = &cmd->old_oid;
992 struct object_id *new_oid = &cmd->new_oid;
993 /* only refs/... are allowed */
995 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
996 rp_error("refusing to create funny ref '%s' remotely", name);
997 return "funny refname";
998 }
999 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1001 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1002 if (is_ref_checked_out(namespaced_name)) {
1004 switch (deny_current_branch) {
1005 case DENY_IGNORE:
1006 break;
1007 case DENY_WARN:
1008 rp_warning("updating the current branch");
1009 break;
1010 case DENY_REFUSE:
1011 case DENY_UNCONFIGURED:
1012 rp_error("refusing to update checked out branch: %s", name);
1013 if (deny_current_branch == DENY_UNCONFIGURED)
1014 refuse_unconfigured_deny();
1015 return "branch is currently checked out";
1016 case DENY_UPDATE_INSTEAD:
1017 ret = update_worktree(new_oid->hash);
1018 if (ret)
1019 return ret;
1020 break;
1021 }
1022 }
1023 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1025 error("unpack should have generated %s, "
1026 "but I can't find it!", oid_to_hex(new_oid));
1027 return "bad pack";
1028 }
1029 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1031 if (deny_deletes && starts_with(name, "refs/heads/")) {
1032 rp_error("denying ref deletion for %s", name);
1033 return "deletion prohibited";
1034 }
1035 if (head_name && !strcmp(namespaced_name, head_name)) {
1037 switch (deny_delete_current) {
1038 case DENY_IGNORE:
1039 break;
1040 case DENY_WARN:
1041 rp_warning("deleting the current branch");
1042 break;
1043 case DENY_REFUSE:
1044 case DENY_UNCONFIGURED:
1045 case DENY_UPDATE_INSTEAD:
1046 if (deny_delete_current == DENY_UNCONFIGURED)
1047 refuse_unconfigured_deny_delete_current();
1048 rp_error("refusing to delete the current branch: %s", name);
1049 return "deletion of the current branch prohibited";
1050 default:
1051 return "Invalid denyDeleteCurrent setting";
1052 }
1053 }
1054 }
1055 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1057 !is_null_oid(old_oid) &&
1058 starts_with(name, "refs/heads/")) {
1059 struct object *old_object, *new_object;
1060 struct commit *old_commit, *new_commit;
1061 old_object = parse_object(old_oid->hash);
1063 new_object = parse_object(new_oid->hash);
1064 if (!old_object || !new_object ||
1066 old_object->type != OBJ_COMMIT ||
1067 new_object->type != OBJ_COMMIT) {
1068 error("bad sha1 objects for %s", name);
1069 return "bad ref";
1070 }
1071 old_commit = (struct commit *)old_object;
1072 new_commit = (struct commit *)new_object;
1073 if (!in_merge_bases(old_commit, new_commit)) {
1074 rp_error("denying non-fast-forward %s"
1075 " (you should pull first)", name);
1076 return "non-fast-forward";
1077 }
1078 }
1079 if (run_update_hook(cmd)) {
1080 rp_error("hook declined to update %s", name);
1081 return "hook declined";
1082 }
1083 if (is_null_oid(new_oid)) {
1085 struct strbuf err = STRBUF_INIT;
1086 if (!parse_object(old_oid->hash)) {
1087 old_oid = NULL;
1088 if (ref_exists(name)) {
1089 rp_warning("Allowing deletion of corrupt ref.");
1090 } else {
1091 rp_warning("Deleting a non-existent ref.");
1092 cmd->did_not_exist = 1;
1093 }
1094 }
1095 if (ref_transaction_delete(transaction,
1096 namespaced_name,
1097 old_oid->hash,
1098 0, "push", &err)) {
1099 rp_error("%s", err.buf);
1100 strbuf_release(&err);
1101 return "failed to delete";
1102 }
1103 strbuf_release(&err);
1104 return NULL; /* good */
1105 }
1106 else {
1107 struct strbuf err = STRBUF_INIT;
1108 if (shallow_update && si->shallow_ref[cmd->index] &&
1109 update_shallow_ref(cmd, si))
1110 return "shallow error";
1111 if (ref_transaction_update(transaction,
1113 namespaced_name,
1114 new_oid->hash, old_oid->hash,
1115 0, "push",
1116 &err)) {
1117 rp_error("%s", err.buf);
1118 strbuf_release(&err);
1119 return "failed to update ref";
1121 }
1122 strbuf_release(&err);
1123 return NULL; /* good */
1125 }
1126}
1127static void run_update_post_hook(struct command *commands)
1129{
1130 struct command *cmd;
1131 struct child_process proc = CHILD_PROCESS_INIT;
1132 const char *hook;
1133 hook = find_hook("post-update");
1135 if (!hook)
1136 return;
1137 for (cmd = commands; cmd; cmd = cmd->next) {
1139 if (cmd->error_string || cmd->did_not_exist)
1140 continue;
1141 if (!proc.args.argc)
1142 argv_array_push(&proc.args, hook);
1143 argv_array_push(&proc.args, cmd->ref_name);
1144 }
1145 if (!proc.args.argc)
1146 return;
1147 proc.no_stdin = 1;
1149 proc.stdout_to_stderr = 1;
1150 proc.err = use_sideband ? -1 : 0;
1151 if (!start_command(&proc)) {
1153 if (use_sideband)
1154 copy_to_sideband(proc.err, -1, NULL);
1155 finish_command(&proc);
1156 }
1157}
1158static void check_aliased_update(struct command *cmd, struct string_list *list)
1160{
1161 struct strbuf buf = STRBUF_INIT;
1162 const char *dst_name;
1163 struct string_list_item *item;
1164 struct command *dst_cmd;
1165 unsigned char sha1[GIT_MAX_RAWSZ];
1166 int flag;
1167 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1169 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1170 strbuf_release(&buf);
1171 if (!(flag & REF_ISSYMREF))
1173 return;
1174 if (!dst_name) {
1176 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1177 cmd->skip_update = 1;
1178 cmd->error_string = "broken symref";
1179 return;
1180 }
1181 dst_name = strip_namespace(dst_name);
1182 if ((item = string_list_lookup(list, dst_name)) == NULL)
1184 return;
1185 cmd->skip_update = 1;
1187 dst_cmd = (struct command *) item->util;
1189 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1191 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1192 return;
1193 dst_cmd->skip_update = 1;
1195 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1197 " its target '%s' (%s..%s)",
1198 cmd->ref_name,
1199 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1200 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1201 dst_cmd->ref_name,
1202 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1203 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1204 cmd->error_string = dst_cmd->error_string =
1206 "inconsistent aliased update";
1207}
1208static void check_aliased_updates(struct command *commands)
1210{
1211 struct command *cmd;
1212 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1213 for (cmd = commands; cmd; cmd = cmd->next) {
1215 struct string_list_item *item =
1216 string_list_append(&ref_list, cmd->ref_name);
1217 item->util = (void *)cmd;
1218 }
1219 string_list_sort(&ref_list);
1220 for (cmd = commands; cmd; cmd = cmd->next) {
1222 if (!cmd->error_string)
1223 check_aliased_update(cmd, &ref_list);
1224 }
1225 string_list_clear(&ref_list, 0);
1227}
1228static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1230{
1231 struct command **cmd_list = cb_data;
1232 struct command *cmd = *cmd_list;
1233 if (!cmd || is_null_oid(&cmd->new_oid))
1235 return -1; /* end of list */
1236 *cmd_list = NULL; /* this returns only one */
1237 hashcpy(sha1, cmd->new_oid.hash);
1238 return 0;
1239}
1240static void set_connectivity_errors(struct command *commands,
1242 struct shallow_info *si)
1243{
1244 struct command *cmd;
1245 for (cmd = commands; cmd; cmd = cmd->next) {
1247 struct command *singleton = cmd;
1248 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1249 if (shallow_update && si->shallow_ref[cmd->index])
1251 /* to be checked in update_shallow_ref() */
1252 continue;
1253 opt.env = tmp_objdir_env(tmp_objdir);
1255 if (!check_connected(command_singleton_iterator, &singleton,
1256 &opt))
1257 continue;
1258 cmd->error_string = "missing necessary objects";
1260 }
1261}
1262struct iterate_data {
1264 struct command *cmds;
1265 struct shallow_info *si;
1266};
1267static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1269{
1270 struct iterate_data *data = cb_data;
1271 struct command **cmd_list = &data->cmds;
1272 struct command *cmd = *cmd_list;
1273 for (; cmd; cmd = cmd->next) {
1275 if (shallow_update && data->si->shallow_ref[cmd->index])
1276 /* to be checked in update_shallow_ref() */
1277 continue;
1278 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1279 hashcpy(sha1, cmd->new_oid.hash);
1280 *cmd_list = cmd->next;
1281 return 0;
1282 }
1283 }
1284 *cmd_list = NULL;
1285 return -1; /* end of list */
1286}
1287static void reject_updates_to_hidden(struct command *commands)
1289{
1290 struct strbuf refname_full = STRBUF_INIT;
1291 size_t prefix_len;
1292 struct command *cmd;
1293 strbuf_addstr(&refname_full, get_git_namespace());
1295 prefix_len = refname_full.len;
1296 for (cmd = commands; cmd; cmd = cmd->next) {
1298 if (cmd->error_string)
1299 continue;
1300 strbuf_setlen(&refname_full, prefix_len);
1302 strbuf_addstr(&refname_full, cmd->ref_name);
1303 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1305 continue;
1306 if (is_null_oid(&cmd->new_oid))
1307 cmd->error_string = "deny deleting a hidden ref";
1308 else
1309 cmd->error_string = "deny updating a hidden ref";
1310 }
1311 strbuf_release(&refname_full);
1313}
1314static int should_process_cmd(struct command *cmd)
1316{
1317 return !cmd->error_string && !cmd->skip_update;
1318}
1319static void warn_if_skipped_connectivity_check(struct command *commands,
1321 struct shallow_info *si)
1322{
1323 struct command *cmd;
1324 int checked_connectivity = 1;
1325 for (cmd = commands; cmd; cmd = cmd->next) {
1327 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1328 error("BUG: connectivity check has not been run on ref %s",
1329 cmd->ref_name);
1330 checked_connectivity = 0;
1331 }
1332 }
1333 if (!checked_connectivity)
1334 die("BUG: connectivity check skipped???");
1335}
1336static void execute_commands_non_atomic(struct command *commands,
1338 struct shallow_info *si)
1339{
1340 struct command *cmd;
1341 struct strbuf err = STRBUF_INIT;
1342 for (cmd = commands; cmd; cmd = cmd->next) {
1344 if (!should_process_cmd(cmd))
1345 continue;
1346 transaction = ref_transaction_begin(&err);
1348 if (!transaction) {
1349 rp_error("%s", err.buf);
1350 strbuf_reset(&err);
1351 cmd->error_string = "transaction failed to start";
1352 continue;
1353 }
1354 cmd->error_string = update(cmd, si);
1356 if (!cmd->error_string
1358 && ref_transaction_commit(transaction, &err)) {
1359 rp_error("%s", err.buf);
1360 strbuf_reset(&err);
1361 cmd->error_string = "failed to update ref";
1362 }
1363 ref_transaction_free(transaction);
1364 }
1365 strbuf_release(&err);
1366}
1367static void execute_commands_atomic(struct command *commands,
1369 struct shallow_info *si)
1370{
1371 struct command *cmd;
1372 struct strbuf err = STRBUF_INIT;
1373 const char *reported_error = "atomic push failure";
1374 transaction = ref_transaction_begin(&err);
1376 if (!transaction) {
1377 rp_error("%s", err.buf);
1378 strbuf_reset(&err);
1379 reported_error = "transaction failed to start";
1380 goto failure;
1381 }
1382 for (cmd = commands; cmd; cmd = cmd->next) {
1384 if (!should_process_cmd(cmd))
1385 continue;
1386 cmd->error_string = update(cmd, si);
1388 if (cmd->error_string)
1390 goto failure;
1391 }
1392 if (ref_transaction_commit(transaction, &err)) {
1394 rp_error("%s", err.buf);
1395 reported_error = "atomic transaction failed";
1396 goto failure;
1397 }
1398 goto cleanup;
1399failure:
1401 for (cmd = commands; cmd; cmd = cmd->next)
1402 if (!cmd->error_string)
1403 cmd->error_string = reported_error;
1404cleanup:
1406 ref_transaction_free(transaction);
1407 strbuf_release(&err);
1408}
1409static void execute_commands(struct command *commands,
1411 const char *unpacker_error,
1412 struct shallow_info *si,
1413 const struct string_list *push_options)
1414{
1415 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1416 struct command *cmd;
1417 struct object_id oid;
1418 struct iterate_data data;
1419 struct async muxer;
1420 int err_fd = 0;
1421 if (unpacker_error) {
1423 for (cmd = commands; cmd; cmd = cmd->next)
1424 cmd->error_string = "unpacker error";
1425 return;
1426 }
1427 if (use_sideband) {
1429 memset(&muxer, 0, sizeof(muxer));
1430 muxer.proc = copy_to_sideband;
1431 muxer.in = -1;
1432 if (!start_async(&muxer))
1433 err_fd = muxer.in;
1434 /* ...else, continue without relaying sideband */
1435 }
1436 data.cmds = commands;
1438 data.si = si;
1439 opt.err_fd = err_fd;
1440 opt.progress = err_fd && !quiet;
1441 opt.env = tmp_objdir_env(tmp_objdir);
1442 if (check_connected(iterate_receive_command_list, &data, &opt))
1443 set_connectivity_errors(commands, si);
1444 if (use_sideband)
1446 finish_async(&muxer);
1447 reject_updates_to_hidden(commands);
1449 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1451 for (cmd = commands; cmd; cmd = cmd->next) {
1452 if (!cmd->error_string)
1453 cmd->error_string = "pre-receive hook declined";
1454 }
1455 return;
1456 }
1457 /*
1459 * Now we'll start writing out refs, which means the objects need
1460 * to be in their final positions so that other processes can see them.
1461 */
1462 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1463 for (cmd = commands; cmd; cmd = cmd->next) {
1464 if (!cmd->error_string)
1465 cmd->error_string = "unable to migrate objects to permanent storage";
1466 }
1467 return;
1468 }
1469 tmp_objdir = NULL;
1470 check_aliased_updates(commands);
1472 free(head_name_to_free);
1474 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1475 if (use_atomic)
1477 execute_commands_atomic(commands, si);
1478 else
1479 execute_commands_non_atomic(commands, si);
1480 if (shallow_update)
1482 warn_if_skipped_connectivity_check(commands, si);
1483}
1484static struct command **queue_command(struct command **tail,
1486 const char *line,
1487 int linelen)
1488{
1489 struct object_id old_oid, new_oid;
1490 struct command *cmd;
1491 const char *refname;
1492 int reflen;
1493 const char *p;
1494 if (parse_oid_hex(line, &old_oid, &p) ||
1496 *p++ != ' ' ||
1497 parse_oid_hex(p, &new_oid, &p) ||
1498 *p++ != ' ')
1499 die("protocol error: expected old/new/ref, got '%s'", line);
1500 refname = p;
1502 reflen = linelen - (p - line);
1503 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1504 oidcpy(&cmd->old_oid, &old_oid);
1505 oidcpy(&cmd->new_oid, &new_oid);
1506 *tail = cmd;
1507 return &cmd->next;
1508}
1509static void queue_commands_from_cert(struct command **tail,
1511 struct strbuf *push_cert)
1512{
1513 const char *boc, *eoc;
1514 if (*tail)
1516 die("protocol error: got both push certificate and unsigned commands");
1517 boc = strstr(push_cert->buf, "\n\n");
1519 if (!boc)
1520 die("malformed push certificate %.*s", 100, push_cert->buf);
1521 else
1522 boc += 2;
1523 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1524 while (boc < eoc) {
1526 const char *eol = memchr(boc, '\n', eoc - boc);
1527 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1528 boc = eol ? eol + 1 : eoc;
1529 }
1530}
1531static struct command *read_head_info(struct oid_array *shallow)
1533{
1534 struct command *commands = NULL;
1535 struct command **p = &commands;
1536 for (;;) {
1537 char *line;
1538 int len, linelen;
1539 line = packet_read_line(0, &len);
1541 if (!line)
1542 break;
1543 if (len > 8 && starts_with(line, "shallow ")) {
1545 struct object_id oid;
1546 if (get_oid_hex(line + 8, &oid))
1547 die("protocol error: expected shallow sha, got '%s'",
1548 line + 8);
1549 oid_array_append(shallow, &oid);
1550 continue;
1551 }
1552 linelen = strlen(line);
1554 if (linelen < len) {
1555 const char *feature_list = line + linelen + 1;
1556 if (parse_feature_request(feature_list, "report-status"))
1557 report_status = 1;
1558 if (parse_feature_request(feature_list, "side-band-64k"))
1559 use_sideband = LARGE_PACKET_MAX;
1560 if (parse_feature_request(feature_list, "quiet"))
1561 quiet = 1;
1562 if (advertise_atomic_push
1563 && parse_feature_request(feature_list, "atomic"))
1564 use_atomic = 1;
1565 if (advertise_push_options
1566 && parse_feature_request(feature_list, "push-options"))
1567 use_push_options = 1;
1568 }
1569 if (!strcmp(line, "push-cert")) {
1571 int true_flush = 0;
1572 char certbuf[1024];
1573 for (;;) {
1575 len = packet_read(0, NULL, NULL,
1576 certbuf, sizeof(certbuf), 0);
1577 if (!len) {
1578 true_flush = 1;
1579 break;
1580 }
1581 if (!strcmp(certbuf, "push-cert-end\n"))
1582 break; /* end of cert */
1583 strbuf_addstr(&push_cert, certbuf);
1584 }
1585 if (true_flush)
1587 break;
1588 continue;
1589 }
1590 p = queue_command(p, line, linelen);
1592 }
1593 if (push_cert.len)
1595 queue_commands_from_cert(p, &push_cert);
1596 return commands;
1598}
1599static void read_push_options(struct string_list *options)
1601{
1602 while (1) {
1603 char *line;
1604 int len;
1605 line = packet_read_line(0, &len);
1607 if (!line)
1609 break;
1610 string_list_append(options, line);
1612 }
1613}
1614static const char *parse_pack_header(struct pack_header *hdr)
1616{
1617 switch (read_pack_header(0, hdr)) {
1618 case PH_ERROR_EOF:
1619 return "eof before pack header was fully read";
1620 case PH_ERROR_PACK_SIGNATURE:
1622 return "protocol error (pack signature mismatch detected)";
1623 case PH_ERROR_PROTOCOL:
1625 return "protocol error (pack version unsupported)";
1626 default:
1628 return "unknown error in parse_pack_header";
1629 case 0:
1631 return NULL;
1632 }
1633}
1634static const char *pack_lockfile;
1636static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1638{
1639 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1640 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1641}
1642static const char *unpack(int err_fd, struct shallow_info *si)
1644{
1645 struct pack_header hdr;
1646 const char *hdr_err;
1647 int status;
1648 struct child_process child = CHILD_PROCESS_INIT;
1649 int fsck_objects = (receive_fsck_objects >= 0
1650 ? receive_fsck_objects
1651 : transfer_fsck_objects >= 0
1652 ? transfer_fsck_objects
1653 : 0);
1654 hdr_err = parse_pack_header(&hdr);
1656 if (hdr_err) {
1657 if (err_fd > 0)
1658 close(err_fd);
1659 return hdr_err;
1660 }
1661 if (si->nr_ours || si->nr_theirs) {
1663 alt_shallow_file = setup_temporary_shallow(si->shallow);
1664 argv_array_push(&child.args, "--shallow-file");
1665 argv_array_push(&child.args, alt_shallow_file);
1666 }
1667 tmp_objdir = tmp_objdir_create();
1669 if (!tmp_objdir) {
1670 if (err_fd > 0)
1671 close(err_fd);
1672 return "unable to create temporary object directory";
1673 }
1674 child.env = tmp_objdir_env(tmp_objdir);
1675 /*
1677 * Normally we just pass the tmp_objdir environment to the child
1678 * processes that do the heavy lifting, but we may need to see these
1679 * objects ourselves to set up shallow information.
1680 */
1681 tmp_objdir_add_as_alternate(tmp_objdir);
1682 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1684 argv_array_push(&child.args, "unpack-objects");
1685 push_header_arg(&child.args, &hdr);
1686 if (quiet)
1687 argv_array_push(&child.args, "-q");
1688 if (fsck_objects)
1689 argv_array_pushf(&child.args, "--strict%s",
1690 fsck_msg_types.buf);
1691 if (max_input_size)
1692 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1693 (uintmax_t)max_input_size);
1694 child.no_stdout = 1;
1695 child.err = err_fd;
1696 child.git_cmd = 1;
1697 status = run_command(&child);
1698 if (status)
1699 return "unpack-objects abnormal exit";
1700 } else {
1701 char hostname[HOST_NAME_MAX + 1];
1702 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1704 push_header_arg(&child.args, &hdr);
1705 if (xgethostname(hostname, sizeof(hostname)))
1707 xsnprintf(hostname, sizeof(hostname), "localhost");
1708 argv_array_pushf(&child.args,
1709 "--keep=receive-pack %"PRIuMAX" on %s",
1710 (uintmax_t)getpid(),
1711 hostname);
1712 if (!quiet && err_fd)
1714 argv_array_push(&child.args, "--show-resolving-progress");
1715 if (use_sideband)
1716 argv_array_push(&child.args, "--report-end-of-input");
1717 if (fsck_objects)
1718 argv_array_pushf(&child.args, "--strict%s",
1719 fsck_msg_types.buf);
1720 if (!reject_thin)
1721 argv_array_push(&child.args, "--fix-thin");
1722 if (max_input_size)
1723 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1724 (uintmax_t)max_input_size);
1725 child.out = -1;
1726 child.err = err_fd;
1727 child.git_cmd = 1;
1728 status = start_command(&child);
1729 if (status)
1730 return "index-pack fork failed";
1731 pack_lockfile = index_pack_lockfile(child.out);
1732 close(child.out);
1733 status = finish_command(&child);
1734 if (status)
1735 return "index-pack abnormal exit";
1736 reprepare_packed_git();
1737 }
1738 return NULL;
1739}
1740static const char *unpack_with_sideband(struct shallow_info *si)
1742{
1743 struct async muxer;
1744 const char *ret;
1745 if (!use_sideband)
1747 return unpack(0, si);
1748 use_keepalive = KEEPALIVE_AFTER_NUL;
1750 memset(&muxer, 0, sizeof(muxer));
1751 muxer.proc = copy_to_sideband;
1752 muxer.in = -1;
1753 if (start_async(&muxer))
1754 return NULL;
1755 ret = unpack(muxer.in, si);
1757 finish_async(&muxer);
1759 return ret;
1760}
1761static void prepare_shallow_update(struct command *commands,
1763 struct shallow_info *si)
1764{
1765 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1766 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1768 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1769 si->need_reachability_test =
1771 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1772 si->reachable =
1773 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1774 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1775 for (i = 0; i < si->nr_ours; i++)
1777 si->need_reachability_test[si->ours[i]] = 1;
1778 for (i = 0; i < si->shallow->nr; i++) {
1780 if (!si->used_shallow[i])
1781 continue;
1782 for (j = 0; j < bitmap_size; j++) {
1783 if (!si->used_shallow[i][j])
1784 continue;
1785 si->need_reachability_test[i]++;
1786 for (k = 0; k < 32; k++)
1787 if (si->used_shallow[i][j] & (1U << k))
1788 si->shallow_ref[j * 32 + k]++;
1789 }
1790 /*
1792 * true for those associated with some refs and belong
1793 * in "ours" list aka "step 7 not done yet"
1794 */
1795 si->need_reachability_test[i] =
1796 si->need_reachability_test[i] > 1;
1797 }
1798 /*
1800 * keep hooks happy by forcing a temporary shallow file via
1801 * env variable because we can't add --shallow-file to every
1802 * command. check_everything_connected() will be done with
1803 * true .git/shallow though.
1804 */
1805 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1806}
1807static void update_shallow_info(struct command *commands,
1809 struct shallow_info *si,
1810 struct oid_array *ref)
1811{
1812 struct command *cmd;
1813 int *ref_status;
1814 remove_nonexistent_theirs_shallow(si);
1815 if (!si->nr_ours && !si->nr_theirs) {
1816 shallow_update = 0;
1817 return;
1818 }
1819 for (cmd = commands; cmd; cmd = cmd->next) {
1821 if (is_null_oid(&cmd->new_oid))
1822 continue;
1823 oid_array_append(ref, &cmd->new_oid);
1824 cmd->index = ref->nr - 1;
1825 }
1826 si->ref = ref;
1827 if (shallow_update) {
1829 prepare_shallow_update(commands, si);
1830 return;
1831 }
1832 ALLOC_ARRAY(ref_status, ref->nr);
1834 assign_shallow_commits_to_refs(si, NULL, ref_status);
1835 for (cmd = commands; cmd; cmd = cmd->next) {
1836 if (is_null_oid(&cmd->new_oid))
1837 continue;
1838 if (ref_status[cmd->index]) {
1839 cmd->error_string = "shallow update not allowed";
1840 cmd->skip_update = 1;
1841 }
1842 }
1843 free(ref_status);
1844}
1845static void report(struct command *commands, const char *unpack_status)
1847{
1848 struct command *cmd;
1849 struct strbuf buf = STRBUF_INIT;
1850 packet_buf_write(&buf, "unpack %s\n",
1852 unpack_status ? unpack_status : "ok");
1853 for (cmd = commands; cmd; cmd = cmd->next) {
1854 if (!cmd->error_string)
1855 packet_buf_write(&buf, "ok %s\n",
1856 cmd->ref_name);
1857 else
1858 packet_buf_write(&buf, "ng %s %s\n",
1859 cmd->ref_name, cmd->error_string);
1860 }
1861 packet_buf_flush(&buf);
1862 if (use_sideband)
1864 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1865 else
1866 write_or_die(1, buf.buf, buf.len);
1867 strbuf_release(&buf);
1868}
1869static int delete_only(struct command *commands)
1871{
1872 struct command *cmd;
1873 for (cmd = commands; cmd; cmd = cmd->next) {
1874 if (!is_null_oid(&cmd->new_oid))
1875 return 0;
1876 }
1877 return 1;
1878}
1879int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1881{
1882 int advertise_refs = 0;
1883 struct command *commands;
1884 struct oid_array shallow = OID_ARRAY_INIT;
1885 struct oid_array ref = OID_ARRAY_INIT;
1886 struct shallow_info si;
1887 struct option options[] = {
1889 OPT__QUIET(&quiet, N_("quiet")),
1890 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1891 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1892 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1893 OPT_END()
1894 };
1895 packet_trace_identity("receive-pack");
1897 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1899 if (argc > 1)
1901 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1902 if (argc == 0)
1903 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1904 service_dir = argv[0];
1906 setup_path();
1908 if (!enter_repo(service_dir, 0))
1910 die("'%s' does not appear to be a git repository", service_dir);
1911 git_config(receive_pack_config, NULL);
1913 if (cert_nonce_seed)
1914 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1915 if (0 <= transfer_unpack_limit)
1917 unpack_limit = transfer_unpack_limit;
1918 else if (0 <= receive_unpack_limit)
1919 unpack_limit = receive_unpack_limit;
1920 if (advertise_refs || !stateless_rpc) {
1922 write_head_info();
1923 }
1924 if (advertise_refs)
1925 return 0;
1926 if ((commands = read_head_info(&shallow)) != NULL) {
1928 const char *unpack_status = NULL;
1929 struct string_list push_options = STRING_LIST_INIT_DUP;
1930 if (use_push_options)
1932 read_push_options(&push_options);
1933 prepare_shallow_info(&si, &shallow);
1935 if (!si.nr_ours && !si.nr_theirs)
1936 shallow_update = 0;
1937 if (!delete_only(commands)) {
1938 unpack_status = unpack_with_sideband(&si);
1939 update_shallow_info(commands, &si, &ref);
1940 }
1941 use_keepalive = KEEPALIVE_ALWAYS;
1942 execute_commands(commands, unpack_status, &si,
1943 &push_options);
1944 if (pack_lockfile)
1945 unlink_or_warn(pack_lockfile);
1946 if (report_status)
1947 report(commands, unpack_status);
1948 run_receive_hook(commands, "post-receive", 1,
1949 &push_options);
1950 run_update_post_hook(commands);
1951 string_list_clear(&push_options, 0);
1952 if (auto_gc) {
1953 const char *argv_gc_auto[] = {
1954 "gc", "--auto", "--quiet", NULL,
1955 };
1956 struct child_process proc = CHILD_PROCESS_INIT;
1957 proc.no_stdin = 1;
1959 proc.stdout_to_stderr = 1;
1960 proc.err = use_sideband ? -1 : 0;
1961 proc.git_cmd = 1;
1962 proc.argv = argv_gc_auto;
1963 close_all_packs();
1965 if (!start_command(&proc)) {
1966 if (use_sideband)
1967 copy_to_sideband(proc.err, -1, NULL);
1968 finish_command(&proc);
1969 }
1970 }
1971 if (auto_update_server_info)
1972 update_server_info(0);
1973 clear_shallow_info(&si);
1974 }
1975 if (use_sideband)
1976 packet_flush(1);
1977 oid_array_clear(&shallow);
1978 oid_array_clear(&ref);
1979 free((void *)push_cert_nonce);
1980 return 0;
1981}