1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
27};
28enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
35};
36static int deny_deletes;
38static int deny_non_fast_forwards;
39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41static int receive_fsck_objects = -1;
42static int transfer_fsck_objects = -1;
43static struct strbuf fsck_msg_types = STRBUF_INIT;
44static int receive_unpack_limit = -1;
45static int transfer_unpack_limit = -1;
46static int advertise_atomic_push = 1;
47static int advertise_push_options;
48static int unpack_limit = 100;
49static off_t max_input_size;
50static int report_status;
51static int use_sideband;
52static int use_atomic;
53static int use_push_options;
54static int quiet;
55static int prefer_ofs_delta = 1;
56static int auto_update_server_info;
57static int auto_gc = 1;
58static int reject_thin;
59static int stateless_rpc;
60static const char *service_dir;
61static const char *head_name;
62static void *head_name_to_free;
63static int sent_capabilities;
64static int shallow_update;
65static const char *alt_shallow_file;
66static struct strbuf push_cert = STRBUF_INIT;
67static unsigned char push_cert_sha1[20];
68static struct signature_check sigcheck;
69static const char *push_cert_nonce;
70static const char *cert_nonce_seed;
71static const char *NONCE_UNSOLICITED = "UNSOLICITED";
73static const char *NONCE_BAD = "BAD";
74static const char *NONCE_MISSING = "MISSING";
75static const char *NONCE_OK = "OK";
76static const char *NONCE_SLOP = "SLOP";
77static const char *nonce_status;
78static long nonce_stamp_slop;
79static unsigned long nonce_stamp_slop_limit;
80static struct ref_transaction *transaction;
81static enum {
83 KEEPALIVE_NEVER = 0,
84 KEEPALIVE_AFTER_NUL,
85 KEEPALIVE_ALWAYS
86} use_keepalive;
87static int keepalive_in_sec = 5;
88static enum deny_action parse_deny_action(const char *var, const char *value)
90{
91 if (value) {
92 if (!strcasecmp(value, "ignore"))
93 return DENY_IGNORE;
94 if (!strcasecmp(value, "warn"))
95 return DENY_WARN;
96 if (!strcasecmp(value, "refuse"))
97 return DENY_REFUSE;
98 if (!strcasecmp(value, "updateinstead"))
99 return DENY_UPDATE_INSTEAD;
100 }
101 if (git_config_bool(var, value))
102 return DENY_REFUSE;
103 return DENY_IGNORE;
104}
105static int receive_pack_config(const char *var, const char *value, void *cb)
107{
108 int status = parse_hide_refs_config(var, value, "receive");
109 if (status)
111 return status;
112 if (strcmp(var, "receive.denydeletes") == 0) {
114 deny_deletes = git_config_bool(var, value);
115 return 0;
116 }
117 if (strcmp(var, "receive.denynonfastforwards") == 0) {
119 deny_non_fast_forwards = git_config_bool(var, value);
120 return 0;
121 }
122 if (strcmp(var, "receive.unpacklimit") == 0) {
124 receive_unpack_limit = git_config_int(var, value);
125 return 0;
126 }
127 if (strcmp(var, "transfer.unpacklimit") == 0) {
129 transfer_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132 if (strcmp(var, "receive.fsck.skiplist") == 0) {
134 const char *path;
135 if (git_config_pathname(&path, var, value))
137 return 1;
138 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
139 fsck_msg_types.len ? ',' : '=', path);
140 free((char *)path);
141 return 0;
142 }
143 if (skip_prefix(var, "receive.fsck.", &var)) {
145 if (is_valid_msg_type(var, value))
146 strbuf_addf(&fsck_msg_types, "%c%s=%s",
147 fsck_msg_types.len ? ',' : '=', var, value);
148 else
149 warning("Skipping unknown msg id '%s'", var);
150 return 0;
151 }
152 if (strcmp(var, "receive.fsckobjects") == 0) {
154 receive_fsck_objects = git_config_bool(var, value);
155 return 0;
156 }
157 if (strcmp(var, "transfer.fsckobjects") == 0) {
159 transfer_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162 if (!strcmp(var, "receive.denycurrentbranch")) {
164 deny_current_branch = parse_deny_action(var, value);
165 return 0;
166 }
167 if (strcmp(var, "receive.denydeletecurrent") == 0) {
169 deny_delete_current = parse_deny_action(var, value);
170 return 0;
171 }
172 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
174 prefer_ofs_delta = git_config_bool(var, value);
175 return 0;
176 }
177 if (strcmp(var, "receive.updateserverinfo") == 0) {
179 auto_update_server_info = git_config_bool(var, value);
180 return 0;
181 }
182 if (strcmp(var, "receive.autogc") == 0) {
184 auto_gc = git_config_bool(var, value);
185 return 0;
186 }
187 if (strcmp(var, "receive.shallowupdate") == 0) {
189 shallow_update = git_config_bool(var, value);
190 return 0;
191 }
192 if (strcmp(var, "receive.certnonceseed") == 0)
194 return git_config_string(&cert_nonce_seed, var, value);
195 if (strcmp(var, "receive.certnonceslop") == 0) {
197 nonce_stamp_slop_limit = git_config_ulong(var, value);
198 return 0;
199 }
200 if (strcmp(var, "receive.advertiseatomic") == 0) {
202 advertise_atomic_push = git_config_bool(var, value);
203 return 0;
204 }
205 if (strcmp(var, "receive.advertisepushoptions") == 0) {
207 advertise_push_options = git_config_bool(var, value);
208 return 0;
209 }
210 if (strcmp(var, "receive.keepalive") == 0) {
212 keepalive_in_sec = git_config_int(var, value);
213 return 0;
214 }
215 if (strcmp(var, "receive.maxinputsize") == 0) {
217 max_input_size = git_config_int64(var, value);
218 return 0;
219 }
220 return git_default_config(var, value, cb);
222}
223static void show_ref(const char *path, const unsigned char *sha1)
225{
226 if (sent_capabilities) {
227 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
228 } else {
229 struct strbuf cap = STRBUF_INIT;
230 strbuf_addstr(&cap,
232 "report-status delete-refs side-band-64k quiet");
233 if (advertise_atomic_push)
234 strbuf_addstr(&cap, " atomic");
235 if (prefer_ofs_delta)
236 strbuf_addstr(&cap, " ofs-delta");
237 if (push_cert_nonce)
238 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
239 if (advertise_push_options)
240 strbuf_addstr(&cap, " push-options");
241 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
242 packet_write(1, "%s %s%c%s\n",
243 sha1_to_hex(sha1), path, 0, cap.buf);
244 strbuf_release(&cap);
245 sent_capabilities = 1;
246 }
247}
248static int show_ref_cb(const char *path_full, const struct object_id *oid,
250 int flag, void *unused)
251{
252 const char *path = strip_namespace(path_full);
253 if (ref_is_hidden(path, path_full))
255 return 0;
256 /*
258 * Advertise refs outside our current namespace as ".have"
259 * refs, so that the client can use them to minimize data
260 * transfer but will otherwise ignore them. This happens to
261 * cover ".have" that are thrown in by add_one_alternate_ref()
262 * to mark histories that are complete in our alternates as
263 * well.
264 */
265 if (!path)
266 path = ".have";
267 show_ref(path, oid->hash);
268 return 0;
269}
270static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
272{
273 show_ref(".have", sha1);
274}
275static void collect_one_alternate_ref(const struct ref *ref, void *data)
277{
278 struct sha1_array *sa = data;
279 sha1_array_append(sa, ref->old_oid.hash);
280}
281static void write_head_info(void)
283{
284 struct sha1_array sa = SHA1_ARRAY_INIT;
285 for_each_alternate_ref(collect_one_alternate_ref, &sa);
287 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
288 sha1_array_clear(&sa);
289 for_each_ref(show_ref_cb, NULL);
290 if (!sent_capabilities)
291 show_ref("capabilities^{}", null_sha1);
292 advertise_shallow_grafts(1);
294 /* EOF */
296 packet_flush(1);
297}
298struct command {
300 struct command *next;
301 const char *error_string;
302 unsigned int skip_update:1,
303 did_not_exist:1;
304 int index;
305 unsigned char old_sha1[20];
306 unsigned char new_sha1[20];
307 char ref_name[FLEX_ARRAY]; /* more */
308};
309static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
311static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
312static void report_message(const char *prefix, const char *err, va_list params)
314{
315 int sz;
316 char msg[4096];
317 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
319 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
320 if (sz > (sizeof(msg) - 1))
321 sz = sizeof(msg) - 1;
322 msg[sz++] = '\n';
323 if (use_sideband)
325 send_sideband(1, 2, msg, sz, use_sideband);
326 else
327 xwrite(2, msg, sz);
328}
329static void rp_warning(const char *err, ...)
331{
332 va_list params;
333 va_start(params, err);
334 report_message("warning: ", err, params);
335 va_end(params);
336}
337static void rp_error(const char *err, ...)
339{
340 va_list params;
341 va_start(params, err);
342 report_message("error: ", err, params);
343 va_end(params);
344}
345static int copy_to_sideband(int in, int out, void *arg)
347{
348 char data[128];
349 int keepalive_active = 0;
350 if (keepalive_in_sec <= 0)
352 use_keepalive = KEEPALIVE_NEVER;
353 if (use_keepalive == KEEPALIVE_ALWAYS)
354 keepalive_active = 1;
355 while (1) {
357 ssize_t sz;
358 if (keepalive_active) {
360 struct pollfd pfd;
361 int ret;
362 pfd.fd = in;
364 pfd.events = POLLIN;
365 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
366 if (ret < 0) {
368 if (errno == EINTR)
369 continue;
370 else
371 break;
372 } else if (ret == 0) {
373 /* no data; send a keepalive packet */
374 static const char buf[] = "0005\1";
375 write_or_die(1, buf, sizeof(buf) - 1);
376 continue;
377 } /* else there is actual data to read */
378 }
379 sz = xread(in, data, sizeof(data));
381 if (sz <= 0)
382 break;
383 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
385 const char *p = memchr(data, '\0', sz);
386 if (p) {
387 /*
388 * The NUL tells us to start sending keepalives. Make
389 * sure we send any other data we read along
390 * with it.
391 */
392 keepalive_active = 1;
393 send_sideband(1, 2, data, p - data, use_sideband);
394 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
395 continue;
396 }
397 }
398 /*
400 * Either we're not looking for a NUL signal, or we didn't see
401 * it yet; just pass along the data.
402 */
403 send_sideband(1, 2, data, sz, use_sideband);
404 }
405 close(in);
406 return 0;
407}
408#define HMAC_BLOCK_SIZE 64
410static void hmac_sha1(unsigned char *out,
412 const char *key_in, size_t key_len,
413 const char *text, size_t text_len)
414{
415 unsigned char key[HMAC_BLOCK_SIZE];
416 unsigned char k_ipad[HMAC_BLOCK_SIZE];
417 unsigned char k_opad[HMAC_BLOCK_SIZE];
418 int i;
419 git_SHA_CTX ctx;
420 /* RFC 2104 2. (1) */
422 memset(key, '\0', HMAC_BLOCK_SIZE);
423 if (HMAC_BLOCK_SIZE < key_len) {
424 git_SHA1_Init(&ctx);
425 git_SHA1_Update(&ctx, key_in, key_len);
426 git_SHA1_Final(key, &ctx);
427 } else {
428 memcpy(key, key_in, key_len);
429 }
430 /* RFC 2104 2. (2) & (5) */
432 for (i = 0; i < sizeof(key); i++) {
433 k_ipad[i] = key[i] ^ 0x36;
434 k_opad[i] = key[i] ^ 0x5c;
435 }
436 /* RFC 2104 2. (3) & (4) */
438 git_SHA1_Init(&ctx);
439 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
440 git_SHA1_Update(&ctx, text, text_len);
441 git_SHA1_Final(out, &ctx);
442 /* RFC 2104 2. (6) & (7) */
444 git_SHA1_Init(&ctx);
445 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
446 git_SHA1_Update(&ctx, out, 20);
447 git_SHA1_Final(out, &ctx);
448}
449static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
451{
452 struct strbuf buf = STRBUF_INIT;
453 unsigned char sha1[20];
454 strbuf_addf(&buf, "%s:%lu", path, stamp);
456 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
457 strbuf_release(&buf);
458 /* RFC 2104 5. HMAC-SHA1-80 */
460 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
461 return strbuf_detach(&buf, NULL);
462}
463/*
465 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
466 * after dropping "_commit" from its name and possibly moving it out
467 * of commit.c
468 */
469static char *find_header(const char *msg, size_t len, const char *key)
470{
471 int key_len = strlen(key);
472 const char *line = msg;
473 while (line && line < msg + len) {
475 const char *eol = strchrnul(line, '\n');
476 if ((msg + len <= eol) || line == eol)
478 return NULL;
479 if (line + key_len < eol &&
480 !memcmp(line, key, key_len) && line[key_len] == ' ') {
481 int offset = key_len + 1;
482 return xmemdupz(line + offset, (eol - line) - offset);
483 }
484 line = *eol ? eol + 1 : NULL;
485 }
486 return NULL;
487}
488static const char *check_nonce(const char *buf, size_t len)
490{
491 char *nonce = find_header(buf, len, "nonce");
492 unsigned long stamp, ostamp;
493 char *bohmac, *expect = NULL;
494 const char *retval = NONCE_BAD;
495 if (!nonce) {
497 retval = NONCE_MISSING;
498 goto leave;
499 } else if (!push_cert_nonce) {
500 retval = NONCE_UNSOLICITED;
501 goto leave;
502 } else if (!strcmp(push_cert_nonce, nonce)) {
503 retval = NONCE_OK;
504 goto leave;
505 }
506 if (!stateless_rpc) {
508 /* returned nonce MUST match what we gave out earlier */
509 retval = NONCE_BAD;
510 goto leave;
511 }
512 /*
514 * In stateless mode, we may be receiving a nonce issued by
515 * another instance of the server that serving the same
516 * repository, and the timestamps may not match, but the
517 * nonce-seed and dir should match, so we can recompute and
518 * report the time slop.
519 *
520 * In addition, when a nonce issued by another instance has
521 * timestamp within receive.certnonceslop seconds, we pretend
522 * as if we issued that nonce when reporting to the hook.
523 */
524 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
526 if (*nonce <= '0' || '9' < *nonce) {
527 retval = NONCE_BAD;
528 goto leave;
529 }
530 stamp = strtoul(nonce, &bohmac, 10);
531 if (bohmac == nonce || bohmac[0] != '-') {
532 retval = NONCE_BAD;
533 goto leave;
534 }
535 expect = prepare_push_cert_nonce(service_dir, stamp);
537 if (strcmp(expect, nonce)) {
538 /* Not what we would have signed earlier */
539 retval = NONCE_BAD;
540 goto leave;
541 }
542 /*
544 * By how many seconds is this nonce stale? Negative value
545 * would mean it was issued by another server with its clock
546 * skewed in the future.
547 */
548 ostamp = strtoul(push_cert_nonce, NULL, 10);
549 nonce_stamp_slop = (long)ostamp - (long)stamp;
550 if (nonce_stamp_slop_limit &&
552 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
553 /*
554 * Pretend as if the received nonce (which passes the
555 * HMAC check, so it is not a forged by third-party)
556 * is what we issued.
557 */
558 free((void *)push_cert_nonce);
559 push_cert_nonce = xstrdup(nonce);
560 retval = NONCE_OK;
561 } else {
562 retval = NONCE_SLOP;
563 }
564leave:
566 free(nonce);
567 free(expect);
568 return retval;
569}
570static void prepare_push_cert_sha1(struct child_process *proc)
572{
573 static int already_done;
574 if (!push_cert.len)
576 return;
577 if (!already_done) {
579 struct strbuf gpg_output = STRBUF_INIT;
580 struct strbuf gpg_status = STRBUF_INIT;
581 int bogs /* beginning_of_gpg_sig */;
582 already_done = 1;
584 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
585 hashclr(push_cert_sha1);
586 memset(&sigcheck, '\0', sizeof(sigcheck));
588 sigcheck.result = 'N';
589 bogs = parse_signature(push_cert.buf, push_cert.len);
591 if (verify_signed_buffer(push_cert.buf, bogs,
592 push_cert.buf + bogs, push_cert.len - bogs,
593 &gpg_output, &gpg_status) < 0) {
594 ; /* error running gpg */
595 } else {
596 sigcheck.payload = push_cert.buf;
597 sigcheck.gpg_output = gpg_output.buf;
598 sigcheck.gpg_status = gpg_status.buf;
599 parse_gpg_output(&sigcheck);
600 }
601 strbuf_release(&gpg_output);
603 strbuf_release(&gpg_status);
604 nonce_status = check_nonce(push_cert.buf, bogs);
605 }
606 if (!is_null_sha1(push_cert_sha1)) {
607 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
608 sha1_to_hex(push_cert_sha1));
609 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
610 sigcheck.signer ? sigcheck.signer : "");
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
612 sigcheck.key ? sigcheck.key : "");
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
614 sigcheck.result);
615 if (push_cert_nonce) {
616 argv_array_pushf(&proc->env_array,
617 "GIT_PUSH_CERT_NONCE=%s",
618 push_cert_nonce);
619 argv_array_pushf(&proc->env_array,
620 "GIT_PUSH_CERT_NONCE_STATUS=%s",
621 nonce_status);
622 if (nonce_status == NONCE_SLOP)
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
625 nonce_stamp_slop);
626 }
627 }
628}
629struct receive_hook_feed_state {
631 struct command *cmd;
632 int skip_broken;
633 struct strbuf buf;
634 const struct string_list *push_options;
635};
636typedef int (*feed_fn)(void *, const char **, size_t *);
638static int run_and_feed_hook(const char *hook_name, feed_fn feed,
639 struct receive_hook_feed_state *feed_state)
640{
641 struct child_process proc = CHILD_PROCESS_INIT;
642 struct async muxer;
643 const char *argv[2];
644 int code;
645 argv[0] = find_hook(hook_name);
647 if (!argv[0])
648 return 0;
649 argv[1] = NULL;
651 proc.argv = argv;
653 proc.in = -1;
654 proc.stdout_to_stderr = 1;
655 if (feed_state->push_options) {
656 int i;
657 for (i = 0; i < feed_state->push_options->nr; i++)
658 argv_array_pushf(&proc.env_array,
659 "GIT_PUSH_OPTION_%d=%s", i,
660 feed_state->push_options->items[i].string);
661 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
662 feed_state->push_options->nr);
663 } else
664 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
665 if (use_sideband) {
667 memset(&muxer, 0, sizeof(muxer));
668 muxer.proc = copy_to_sideband;
669 muxer.in = -1;
670 code = start_async(&muxer);
671 if (code)
672 return code;
673 proc.err = muxer.in;
674 }
675 prepare_push_cert_sha1(&proc);
677 code = start_command(&proc);
679 if (code) {
680 if (use_sideband)
681 finish_async(&muxer);
682 return code;
683 }
684 sigchain_push(SIGPIPE, SIG_IGN);
686 while (1) {
688 const char *buf;
689 size_t n;
690 if (feed(feed_state, &buf, &n))
691 break;
692 if (write_in_full(proc.in, buf, n) != n)
693 break;
694 }
695 close(proc.in);
696 if (use_sideband)
697 finish_async(&muxer);
698 sigchain_pop(SIGPIPE);
700 return finish_command(&proc);
702}
703static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
705{
706 struct receive_hook_feed_state *state = state_;
707 struct command *cmd = state->cmd;
708 while (cmd &&
710 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
711 cmd = cmd->next;
712 if (!cmd)
713 return -1; /* EOF */
714 strbuf_reset(&state->buf);
715 strbuf_addf(&state->buf, "%s %s %s\n",
716 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
717 cmd->ref_name);
718 state->cmd = cmd->next;
719 if (bufp) {
720 *bufp = state->buf.buf;
721 *sizep = state->buf.len;
722 }
723 return 0;
724}
725static int run_receive_hook(struct command *commands,
727 const char *hook_name,
728 int skip_broken,
729 const struct string_list *push_options)
730{
731 struct receive_hook_feed_state state;
732 int status;
733 strbuf_init(&state.buf, 0);
735 state.cmd = commands;
736 state.skip_broken = skip_broken;
737 if (feed_receive_hook(&state, NULL, NULL))
738 return 0;
739 state.cmd = commands;
740 state.push_options = push_options;
741 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
742 strbuf_release(&state.buf);
743 return status;
744}
745static int run_update_hook(struct command *cmd)
747{
748 const char *argv[5];
749 struct child_process proc = CHILD_PROCESS_INIT;
750 int code;
751 argv[0] = find_hook("update");
753 if (!argv[0])
754 return 0;
755 argv[1] = cmd->ref_name;
757 argv[2] = sha1_to_hex(cmd->old_sha1);
758 argv[3] = sha1_to_hex(cmd->new_sha1);
759 argv[4] = NULL;
760 proc.no_stdin = 1;
762 proc.stdout_to_stderr = 1;
763 proc.err = use_sideband ? -1 : 0;
764 proc.argv = argv;
765 code = start_command(&proc);
767 if (code)
768 return code;
769 if (use_sideband)
770 copy_to_sideband(proc.err, -1, NULL);
771 return finish_command(&proc);
772}
773static int is_ref_checked_out(const char *ref)
775{
776 if (is_bare_repository())
777 return 0;
778 if (!head_name)
780 return 0;
781 return !strcmp(head_name, ref);
782}
783static char *refuse_unconfigured_deny_msg =
785 N_("By default, updating the current branch in a non-bare repository\n"
786 "is denied, because it will make the index and work tree inconsistent\n"
787 "with what you pushed, and will require 'git reset --hard' to match\n"
788 "the work tree to HEAD.\n"
789 "\n"
790 "You can set 'receive.denyCurrentBranch' configuration variable to\n"
791 "'ignore' or 'warn' in the remote repository to allow pushing into\n"
792 "its current branch; however, this is not recommended unless you\n"
793 "arranged to update its work tree to match what you pushed in some\n"
794 "other way.\n"
795 "\n"
796 "To squelch this message and still keep the default behaviour, set\n"
797 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
798static void refuse_unconfigured_deny(void)
800{
801 rp_error("%s", _(refuse_unconfigured_deny_msg));
802}
803static char *refuse_unconfigured_deny_delete_current_msg =
805 N_("By default, deleting the current branch is denied, because the next\n"
806 "'git clone' won't result in any file checked out, causing confusion.\n"
807 "\n"
808 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
809 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
810 "current branch, with or without a warning message.\n"
811 "\n"
812 "To squelch this message, you can set it to 'refuse'.");
813static void refuse_unconfigured_deny_delete_current(void)
815{
816 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
817}
818static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
820static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
821{
822 static struct lock_file shallow_lock;
823 struct sha1_array extra = SHA1_ARRAY_INIT;
824 struct check_connected_options opt = CHECK_CONNECTED_INIT;
825 uint32_t mask = 1 << (cmd->index % 32);
826 int i;
827 trace_printf_key(&trace_shallow,
829 "shallow: update_shallow_ref %s\n", cmd->ref_name);
830 for (i = 0; i < si->shallow->nr; i++)
831 if (si->used_shallow[i] &&
832 (si->used_shallow[i][cmd->index / 32] & mask) &&
833 !delayed_reachability_test(si, i))
834 sha1_array_append(&extra, si->shallow->sha1[i]);
835 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
837 if (check_connected(command_singleton_iterator, cmd, &opt)) {
838 rollback_lock_file(&shallow_lock);
839 sha1_array_clear(&extra);
840 return -1;
841 }
842 commit_lock_file(&shallow_lock);
844 /*
846 * Make sure setup_alternate_shallow() for the next ref does
847 * not lose these new roots..
848 */
849 for (i = 0; i < extra.nr; i++)
850 register_shallow(extra.sha1[i]);
851 si->shallow_ref[cmd->index] = 0;
853 sha1_array_clear(&extra);
854 return 0;
855}
856/*
858 * NEEDSWORK: we should consolidate various implementions of "are we
859 * on an unborn branch?" test into one, and make the unified one more
860 * robust. !get_sha1() based check used here and elsewhere would not
861 * allow us to tell an unborn branch from corrupt ref, for example.
862 * For the purpose of fixing "deploy-to-update does not work when
863 * pushing into an empty repository" issue, this should suffice for
864 * now.
865 */
866static int head_has_history(void)
867{
868 unsigned char sha1[20];
869 return !get_sha1("HEAD", sha1);
871}
872static const char *push_to_deploy(unsigned char *sha1,
874 struct argv_array *env,
875 const char *work_tree)
876{
877 const char *update_refresh[] = {
878 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
879 };
880 const char *diff_files[] = {
881 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
882 };
883 const char *diff_index[] = {
884 "diff-index", "--quiet", "--cached", "--ignore-submodules",
885 NULL, "--", NULL
886 };
887 const char *read_tree[] = {
888 "read-tree", "-u", "-m", NULL, NULL
889 };
890 struct child_process child = CHILD_PROCESS_INIT;
891 child.argv = update_refresh;
893 child.env = env->argv;
894 child.dir = work_tree;
895 child.no_stdin = 1;
896 child.stdout_to_stderr = 1;
897 child.git_cmd = 1;
898 if (run_command(&child))
899 return "Up-to-date check failed";
900 /* run_command() does not clean up completely; reinitialize */
902 child_process_init(&child);
903 child.argv = diff_files;
904 child.env = env->argv;
905 child.dir = work_tree;
906 child.no_stdin = 1;
907 child.stdout_to_stderr = 1;
908 child.git_cmd = 1;
909 if (run_command(&child))
910 return "Working directory has unstaged changes";
911 /* diff-index with either HEAD or an empty tree */
913 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
914 child_process_init(&child);
916 child.argv = diff_index;
917 child.env = env->argv;
918 child.no_stdin = 1;
919 child.no_stdout = 1;
920 child.stdout_to_stderr = 0;
921 child.git_cmd = 1;
922 if (run_command(&child))
923 return "Working directory has staged changes";
924 read_tree[3] = sha1_to_hex(sha1);
926 child_process_init(&child);
927 child.argv = read_tree;
928 child.env = env->argv;
929 child.dir = work_tree;
930 child.no_stdin = 1;
931 child.no_stdout = 1;
932 child.stdout_to_stderr = 0;
933 child.git_cmd = 1;
934 if (run_command(&child))
935 return "Could not update working tree to new HEAD";
936 return NULL;
938}
939static const char *push_to_checkout_hook = "push-to-checkout";
941static const char *push_to_checkout(unsigned char *sha1,
943 struct argv_array *env,
944 const char *work_tree)
945{
946 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
947 if (run_hook_le(env->argv, push_to_checkout_hook,
948 sha1_to_hex(sha1), NULL))
949 return "push-to-checkout hook declined";
950 else
951 return NULL;
952}
953static const char *update_worktree(unsigned char *sha1)
955{
956 const char *retval;
957 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
958 struct argv_array env = ARGV_ARRAY_INIT;
959 if (is_bare_repository())
961 return "denyCurrentBranch = updateInstead needs a worktree";
962 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
964 if (!find_hook(push_to_checkout_hook))
966 retval = push_to_deploy(sha1, &env, work_tree);
967 else
968 retval = push_to_checkout(sha1, &env, work_tree);
969 argv_array_clear(&env);
971 return retval;
972}
973static const char *update(struct command *cmd, struct shallow_info *si)
975{
976 const char *name = cmd->ref_name;
977 struct strbuf namespaced_name_buf = STRBUF_INIT;
978 const char *namespaced_name, *ret;
979 unsigned char *old_sha1 = cmd->old_sha1;
980 unsigned char *new_sha1 = cmd->new_sha1;
981 /* only refs/... are allowed */
983 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
984 rp_error("refusing to create funny ref '%s' remotely", name);
985 return "funny refname";
986 }
987 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
989 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
990 if (is_ref_checked_out(namespaced_name)) {
992 switch (deny_current_branch) {
993 case DENY_IGNORE:
994 break;
995 case DENY_WARN:
996 rp_warning("updating the current branch");
997 break;
998 case DENY_REFUSE:
999 case DENY_UNCONFIGURED:
1000 rp_error("refusing to update checked out branch: %s", name);
1001 if (deny_current_branch == DENY_UNCONFIGURED)
1002 refuse_unconfigured_deny();
1003 return "branch is currently checked out";
1004 case DENY_UPDATE_INSTEAD:
1005 ret = update_worktree(new_sha1);
1006 if (ret)
1007 return ret;
1008 break;
1009 }
1010 }
1011 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1013 error("unpack should have generated %s, "
1014 "but I can't find it!", sha1_to_hex(new_sha1));
1015 return "bad pack";
1016 }
1017 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1019 if (deny_deletes && starts_with(name, "refs/heads/")) {
1020 rp_error("denying ref deletion for %s", name);
1021 return "deletion prohibited";
1022 }
1023 if (head_name && !strcmp(namespaced_name, head_name)) {
1025 switch (deny_delete_current) {
1026 case DENY_IGNORE:
1027 break;
1028 case DENY_WARN:
1029 rp_warning("deleting the current branch");
1030 break;
1031 case DENY_REFUSE:
1032 case DENY_UNCONFIGURED:
1033 case DENY_UPDATE_INSTEAD:
1034 if (deny_delete_current == DENY_UNCONFIGURED)
1035 refuse_unconfigured_deny_delete_current();
1036 rp_error("refusing to delete the current branch: %s", name);
1037 return "deletion of the current branch prohibited";
1038 default:
1039 return "Invalid denyDeleteCurrent setting";
1040 }
1041 }
1042 }
1043 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1045 !is_null_sha1(old_sha1) &&
1046 starts_with(name, "refs/heads/")) {
1047 struct object *old_object, *new_object;
1048 struct commit *old_commit, *new_commit;
1049 old_object = parse_object(old_sha1);
1051 new_object = parse_object(new_sha1);
1052 if (!old_object || !new_object ||
1054 old_object->type != OBJ_COMMIT ||
1055 new_object->type != OBJ_COMMIT) {
1056 error("bad sha1 objects for %s", name);
1057 return "bad ref";
1058 }
1059 old_commit = (struct commit *)old_object;
1060 new_commit = (struct commit *)new_object;
1061 if (!in_merge_bases(old_commit, new_commit)) {
1062 rp_error("denying non-fast-forward %s"
1063 " (you should pull first)", name);
1064 return "non-fast-forward";
1065 }
1066 }
1067 if (run_update_hook(cmd)) {
1068 rp_error("hook declined to update %s", name);
1069 return "hook declined";
1070 }
1071 if (is_null_sha1(new_sha1)) {
1073 struct strbuf err = STRBUF_INIT;
1074 if (!parse_object(old_sha1)) {
1075 old_sha1 = NULL;
1076 if (ref_exists(name)) {
1077 rp_warning("Allowing deletion of corrupt ref.");
1078 } else {
1079 rp_warning("Deleting a non-existent ref.");
1080 cmd->did_not_exist = 1;
1081 }
1082 }
1083 if (ref_transaction_delete(transaction,
1084 namespaced_name,
1085 old_sha1,
1086 0, "push", &err)) {
1087 rp_error("%s", err.buf);
1088 strbuf_release(&err);
1089 return "failed to delete";
1090 }
1091 strbuf_release(&err);
1092 return NULL; /* good */
1093 }
1094 else {
1095 struct strbuf err = STRBUF_INIT;
1096 if (shallow_update && si->shallow_ref[cmd->index] &&
1097 update_shallow_ref(cmd, si))
1098 return "shallow error";
1099 if (ref_transaction_update(transaction,
1101 namespaced_name,
1102 new_sha1, old_sha1,
1103 0, "push",
1104 &err)) {
1105 rp_error("%s", err.buf);
1106 strbuf_release(&err);
1107 return "failed to update ref";
1109 }
1110 strbuf_release(&err);
1111 return NULL; /* good */
1113 }
1114}
1115static void run_update_post_hook(struct command *commands)
1117{
1118 struct command *cmd;
1119 int argc;
1120 struct child_process proc = CHILD_PROCESS_INIT;
1121 const char *hook;
1122 hook = find_hook("post-update");
1124 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1125 if (cmd->error_string || cmd->did_not_exist)
1126 continue;
1127 argc++;
1128 }
1129 if (!argc || !hook)
1130 return;
1131 argv_array_push(&proc.args, hook);
1133 for (cmd = commands; cmd; cmd = cmd->next) {
1134 if (cmd->error_string || cmd->did_not_exist)
1135 continue;
1136 argv_array_push(&proc.args, cmd->ref_name);
1137 }
1138 proc.no_stdin = 1;
1140 proc.stdout_to_stderr = 1;
1141 proc.err = use_sideband ? -1 : 0;
1142 if (!start_command(&proc)) {
1144 if (use_sideband)
1145 copy_to_sideband(proc.err, -1, NULL);
1146 finish_command(&proc);
1147 }
1148}
1149static void check_aliased_update(struct command *cmd, struct string_list *list)
1151{
1152 struct strbuf buf = STRBUF_INIT;
1153 const char *dst_name;
1154 struct string_list_item *item;
1155 struct command *dst_cmd;
1156 unsigned char sha1[GIT_SHA1_RAWSZ];
1157 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1158 cmd_newh[GIT_SHA1_HEXSZ + 1],
1159 dst_oldh[GIT_SHA1_HEXSZ + 1],
1160 dst_newh[GIT_SHA1_HEXSZ + 1];
1161 int flag;
1162 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1164 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1165 strbuf_release(&buf);
1166 if (!(flag & REF_ISSYMREF))
1168 return;
1169 if (!dst_name) {
1171 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1172 cmd->skip_update = 1;
1173 cmd->error_string = "broken symref";
1174 return;
1175 }
1176 dst_name = strip_namespace(dst_name);
1177 if ((item = string_list_lookup(list, dst_name)) == NULL)
1179 return;
1180 cmd->skip_update = 1;
1182 dst_cmd = (struct command *) item->util;
1184 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1186 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1187 return;
1188 dst_cmd->skip_update = 1;
1190 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1192 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1193 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1194 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1195 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1196 " its target '%s' (%s..%s)",
1197 cmd->ref_name, cmd_oldh, cmd_newh,
1198 dst_cmd->ref_name, dst_oldh, dst_newh);
1199 cmd->error_string = dst_cmd->error_string =
1201 "inconsistent aliased update";
1202}
1203static void check_aliased_updates(struct command *commands)
1205{
1206 struct command *cmd;
1207 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1208 for (cmd = commands; cmd; cmd = cmd->next) {
1210 struct string_list_item *item =
1211 string_list_append(&ref_list, cmd->ref_name);
1212 item->util = (void *)cmd;
1213 }
1214 string_list_sort(&ref_list);
1215 for (cmd = commands; cmd; cmd = cmd->next) {
1217 if (!cmd->error_string)
1218 check_aliased_update(cmd, &ref_list);
1219 }
1220 string_list_clear(&ref_list, 0);
1222}
1223static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1225{
1226 struct command **cmd_list = cb_data;
1227 struct command *cmd = *cmd_list;
1228 if (!cmd || is_null_sha1(cmd->new_sha1))
1230 return -1; /* end of list */
1231 *cmd_list = NULL; /* this returns only one */
1232 hashcpy(sha1, cmd->new_sha1);
1233 return 0;
1234}
1235static void set_connectivity_errors(struct command *commands,
1237 struct shallow_info *si)
1238{
1239 struct command *cmd;
1240 for (cmd = commands; cmd; cmd = cmd->next) {
1242 struct command *singleton = cmd;
1243 if (shallow_update && si->shallow_ref[cmd->index])
1244 /* to be checked in update_shallow_ref() */
1245 continue;
1246 if (!check_connected(command_singleton_iterator, &singleton,
1247 NULL))
1248 continue;
1249 cmd->error_string = "missing necessary objects";
1250 }
1251}
1252struct iterate_data {
1254 struct command *cmds;
1255 struct shallow_info *si;
1256};
1257static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1259{
1260 struct iterate_data *data = cb_data;
1261 struct command **cmd_list = &data->cmds;
1262 struct command *cmd = *cmd_list;
1263 for (; cmd; cmd = cmd->next) {
1265 if (shallow_update && data->si->shallow_ref[cmd->index])
1266 /* to be checked in update_shallow_ref() */
1267 continue;
1268 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1269 hashcpy(sha1, cmd->new_sha1);
1270 *cmd_list = cmd->next;
1271 return 0;
1272 }
1273 }
1274 *cmd_list = NULL;
1275 return -1; /* end of list */
1276}
1277static void reject_updates_to_hidden(struct command *commands)
1279{
1280 struct strbuf refname_full = STRBUF_INIT;
1281 size_t prefix_len;
1282 struct command *cmd;
1283 strbuf_addstr(&refname_full, get_git_namespace());
1285 prefix_len = refname_full.len;
1286 for (cmd = commands; cmd; cmd = cmd->next) {
1288 if (cmd->error_string)
1289 continue;
1290 strbuf_setlen(&refname_full, prefix_len);
1292 strbuf_addstr(&refname_full, cmd->ref_name);
1293 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1295 continue;
1296 if (is_null_sha1(cmd->new_sha1))
1297 cmd->error_string = "deny deleting a hidden ref";
1298 else
1299 cmd->error_string = "deny updating a hidden ref";
1300 }
1301 strbuf_release(&refname_full);
1303}
1304static int should_process_cmd(struct command *cmd)
1306{
1307 return !cmd->error_string && !cmd->skip_update;
1308}
1309static void warn_if_skipped_connectivity_check(struct command *commands,
1311 struct shallow_info *si)
1312{
1313 struct command *cmd;
1314 int checked_connectivity = 1;
1315 for (cmd = commands; cmd; cmd = cmd->next) {
1317 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1318 error("BUG: connectivity check has not been run on ref %s",
1319 cmd->ref_name);
1320 checked_connectivity = 0;
1321 }
1322 }
1323 if (!checked_connectivity)
1324 die("BUG: connectivity check skipped???");
1325}
1326static void execute_commands_non_atomic(struct command *commands,
1328 struct shallow_info *si)
1329{
1330 struct command *cmd;
1331 struct strbuf err = STRBUF_INIT;
1332 for (cmd = commands; cmd; cmd = cmd->next) {
1334 if (!should_process_cmd(cmd))
1335 continue;
1336 transaction = ref_transaction_begin(&err);
1338 if (!transaction) {
1339 rp_error("%s", err.buf);
1340 strbuf_reset(&err);
1341 cmd->error_string = "transaction failed to start";
1342 continue;
1343 }
1344 cmd->error_string = update(cmd, si);
1346 if (!cmd->error_string
1348 && ref_transaction_commit(transaction, &err)) {
1349 rp_error("%s", err.buf);
1350 strbuf_reset(&err);
1351 cmd->error_string = "failed to update ref";
1352 }
1353 ref_transaction_free(transaction);
1354 }
1355 strbuf_release(&err);
1356}
1357static void execute_commands_atomic(struct command *commands,
1359 struct shallow_info *si)
1360{
1361 struct command *cmd;
1362 struct strbuf err = STRBUF_INIT;
1363 const char *reported_error = "atomic push failure";
1364 transaction = ref_transaction_begin(&err);
1366 if (!transaction) {
1367 rp_error("%s", err.buf);
1368 strbuf_reset(&err);
1369 reported_error = "transaction failed to start";
1370 goto failure;
1371 }
1372 for (cmd = commands; cmd; cmd = cmd->next) {
1374 if (!should_process_cmd(cmd))
1375 continue;
1376 cmd->error_string = update(cmd, si);
1378 if (cmd->error_string)
1380 goto failure;
1381 }
1382 if (ref_transaction_commit(transaction, &err)) {
1384 rp_error("%s", err.buf);
1385 reported_error = "atomic transaction failed";
1386 goto failure;
1387 }
1388 goto cleanup;
1389failure:
1391 for (cmd = commands; cmd; cmd = cmd->next)
1392 if (!cmd->error_string)
1393 cmd->error_string = reported_error;
1394cleanup:
1396 ref_transaction_free(transaction);
1397 strbuf_release(&err);
1398}
1399static void execute_commands(struct command *commands,
1401 const char *unpacker_error,
1402 struct shallow_info *si,
1403 const struct string_list *push_options)
1404{
1405 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1406 struct command *cmd;
1407 unsigned char sha1[20];
1408 struct iterate_data data;
1409 struct async muxer;
1410 int err_fd = 0;
1411 if (unpacker_error) {
1413 for (cmd = commands; cmd; cmd = cmd->next)
1414 cmd->error_string = "unpacker error";
1415 return;
1416 }
1417 if (use_sideband) {
1419 memset(&muxer, 0, sizeof(muxer));
1420 muxer.proc = copy_to_sideband;
1421 muxer.in = -1;
1422 if (!start_async(&muxer))
1423 err_fd = muxer.in;
1424 /* ...else, continue without relaying sideband */
1425 }
1426 data.cmds = commands;
1428 data.si = si;
1429 opt.err_fd = err_fd;
1430 opt.progress = err_fd && !quiet;
1431 if (check_connected(iterate_receive_command_list, &data, &opt))
1432 set_connectivity_errors(commands, si);
1433 if (use_sideband)
1435 finish_async(&muxer);
1436 reject_updates_to_hidden(commands);
1438 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1440 for (cmd = commands; cmd; cmd = cmd->next) {
1441 if (!cmd->error_string)
1442 cmd->error_string = "pre-receive hook declined";
1443 }
1444 return;
1445 }
1446 check_aliased_updates(commands);
1448 free(head_name_to_free);
1450 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1451 if (use_atomic)
1453 execute_commands_atomic(commands, si);
1454 else
1455 execute_commands_non_atomic(commands, si);
1456 if (shallow_update)
1458 warn_if_skipped_connectivity_check(commands, si);
1459}
1460static struct command **queue_command(struct command **tail,
1462 const char *line,
1463 int linelen)
1464{
1465 unsigned char old_sha1[20], new_sha1[20];
1466 struct command *cmd;
1467 const char *refname;
1468 int reflen;
1469 if (linelen < 83 ||
1471 line[40] != ' ' ||
1472 line[81] != ' ' ||
1473 get_sha1_hex(line, old_sha1) ||
1474 get_sha1_hex(line + 41, new_sha1))
1475 die("protocol error: expected old/new/ref, got '%s'", line);
1476 refname = line + 82;
1478 reflen = linelen - 82;
1479 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1480 hashcpy(cmd->old_sha1, old_sha1);
1481 hashcpy(cmd->new_sha1, new_sha1);
1482 *tail = cmd;
1483 return &cmd->next;
1484}
1485static void queue_commands_from_cert(struct command **tail,
1487 struct strbuf *push_cert)
1488{
1489 const char *boc, *eoc;
1490 if (*tail)
1492 die("protocol error: got both push certificate and unsigned commands");
1493 boc = strstr(push_cert->buf, "\n\n");
1495 if (!boc)
1496 die("malformed push certificate %.*s", 100, push_cert->buf);
1497 else
1498 boc += 2;
1499 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1500 while (boc < eoc) {
1502 const char *eol = memchr(boc, '\n', eoc - boc);
1503 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1504 boc = eol ? eol + 1 : eoc;
1505 }
1506}
1507static struct command *read_head_info(struct sha1_array *shallow)
1509{
1510 struct command *commands = NULL;
1511 struct command **p = &commands;
1512 for (;;) {
1513 char *line;
1514 int len, linelen;
1515 line = packet_read_line(0, &len);
1517 if (!line)
1518 break;
1519 if (len == 48 && starts_with(line, "shallow ")) {
1521 unsigned char sha1[20];
1522 if (get_sha1_hex(line + 8, sha1))
1523 die("protocol error: expected shallow sha, got '%s'",
1524 line + 8);
1525 sha1_array_append(shallow, sha1);
1526 continue;
1527 }
1528 linelen = strlen(line);
1530 if (linelen < len) {
1531 const char *feature_list = line + linelen + 1;
1532 if (parse_feature_request(feature_list, "report-status"))
1533 report_status = 1;
1534 if (parse_feature_request(feature_list, "side-band-64k"))
1535 use_sideband = LARGE_PACKET_MAX;
1536 if (parse_feature_request(feature_list, "quiet"))
1537 quiet = 1;
1538 if (advertise_atomic_push
1539 && parse_feature_request(feature_list, "atomic"))
1540 use_atomic = 1;
1541 if (advertise_push_options
1542 && parse_feature_request(feature_list, "push-options"))
1543 use_push_options = 1;
1544 }
1545 if (!strcmp(line, "push-cert")) {
1547 int true_flush = 0;
1548 char certbuf[1024];
1549 for (;;) {
1551 len = packet_read(0, NULL, NULL,
1552 certbuf, sizeof(certbuf), 0);
1553 if (!len) {
1554 true_flush = 1;
1555 break;
1556 }
1557 if (!strcmp(certbuf, "push-cert-end\n"))
1558 break; /* end of cert */
1559 strbuf_addstr(&push_cert, certbuf);
1560 }
1561 if (true_flush)
1563 break;
1564 continue;
1565 }
1566 p = queue_command(p, line, linelen);
1568 }
1569 if (push_cert.len)
1571 queue_commands_from_cert(p, &push_cert);
1572 return commands;
1574}
1575static void read_push_options(struct string_list *options)
1577{
1578 while (1) {
1579 char *line;
1580 int len;
1581 line = packet_read_line(0, &len);
1583 if (!line)
1585 break;
1586 string_list_append(options, line);
1588 }
1589}
1590static const char *parse_pack_header(struct pack_header *hdr)
1592{
1593 switch (read_pack_header(0, hdr)) {
1594 case PH_ERROR_EOF:
1595 return "eof before pack header was fully read";
1596 case PH_ERROR_PACK_SIGNATURE:
1598 return "protocol error (pack signature mismatch detected)";
1599 case PH_ERROR_PROTOCOL:
1601 return "protocol error (pack version unsupported)";
1602 default:
1604 return "unknown error in parse_pack_header";
1605 case 0:
1607 return NULL;
1608 }
1609}
1610static const char *pack_lockfile;
1612static const char *unpack(int err_fd, struct shallow_info *si)
1614{
1615 struct pack_header hdr;
1616 const char *hdr_err;
1617 int status;
1618 char hdr_arg[38];
1619 struct child_process child = CHILD_PROCESS_INIT;
1620 int fsck_objects = (receive_fsck_objects >= 0
1621 ? receive_fsck_objects
1622 : transfer_fsck_objects >= 0
1623 ? transfer_fsck_objects
1624 : 0);
1625 hdr_err = parse_pack_header(&hdr);
1627 if (hdr_err) {
1628 if (err_fd > 0)
1629 close(err_fd);
1630 return hdr_err;
1631 }
1632 snprintf(hdr_arg, sizeof(hdr_arg),
1633 "--pack_header=%"PRIu32",%"PRIu32,
1634 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1635 if (si->nr_ours || si->nr_theirs) {
1637 alt_shallow_file = setup_temporary_shallow(si->shallow);
1638 argv_array_push(&child.args, "--shallow-file");
1639 argv_array_push(&child.args, alt_shallow_file);
1640 }
1641 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1643 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1644 if (quiet)
1645 argv_array_push(&child.args, "-q");
1646 if (fsck_objects)
1647 argv_array_pushf(&child.args, "--strict%s",
1648 fsck_msg_types.buf);
1649 if (max_input_size)
1650 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1651 (uintmax_t)max_input_size);
1652 child.no_stdout = 1;
1653 child.err = err_fd;
1654 child.git_cmd = 1;
1655 status = run_command(&child);
1656 if (status)
1657 return "unpack-objects abnormal exit";
1658 } else {
1659 char hostname[256];
1660 argv_array_pushl(&child.args, "index-pack",
1662 "--stdin", hdr_arg, NULL);
1663 if (gethostname(hostname, sizeof(hostname)))
1665 xsnprintf(hostname, sizeof(hostname), "localhost");
1666 argv_array_pushf(&child.args,
1667 "--keep=receive-pack %"PRIuMAX" on %s",
1668 (uintmax_t)getpid(),
1669 hostname);
1670 if (!quiet && err_fd)
1672 argv_array_push(&child.args, "--show-resolving-progress");
1673 if (use_sideband)
1674 argv_array_push(&child.args, "--report-end-of-input");
1675 if (fsck_objects)
1676 argv_array_pushf(&child.args, "--strict%s",
1677 fsck_msg_types.buf);
1678 if (!reject_thin)
1679 argv_array_push(&child.args, "--fix-thin");
1680 if (max_input_size)
1681 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1682 (uintmax_t)max_input_size);
1683 child.out = -1;
1684 child.err = err_fd;
1685 child.git_cmd = 1;
1686 status = start_command(&child);
1687 if (status)
1688 return "index-pack fork failed";
1689 pack_lockfile = index_pack_lockfile(child.out);
1690 close(child.out);
1691 status = finish_command(&child);
1692 if (status)
1693 return "index-pack abnormal exit";
1694 reprepare_packed_git();
1695 }
1696 return NULL;
1697}
1698static const char *unpack_with_sideband(struct shallow_info *si)
1700{
1701 struct async muxer;
1702 const char *ret;
1703 if (!use_sideband)
1705 return unpack(0, si);
1706 use_keepalive = KEEPALIVE_AFTER_NUL;
1708 memset(&muxer, 0, sizeof(muxer));
1709 muxer.proc = copy_to_sideband;
1710 muxer.in = -1;
1711 if (start_async(&muxer))
1712 return NULL;
1713 ret = unpack(muxer.in, si);
1715 finish_async(&muxer);
1717 return ret;
1718}
1719static void prepare_shallow_update(struct command *commands,
1721 struct shallow_info *si)
1722{
1723 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1724 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1726 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1727 si->need_reachability_test =
1729 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1730 si->reachable =
1731 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1732 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1733 for (i = 0; i < si->nr_ours; i++)
1735 si->need_reachability_test[si->ours[i]] = 1;
1736 for (i = 0; i < si->shallow->nr; i++) {
1738 if (!si->used_shallow[i])
1739 continue;
1740 for (j = 0; j < bitmap_size; j++) {
1741 if (!si->used_shallow[i][j])
1742 continue;
1743 si->need_reachability_test[i]++;
1744 for (k = 0; k < 32; k++)
1745 if (si->used_shallow[i][j] & (1U << k))
1746 si->shallow_ref[j * 32 + k]++;
1747 }
1748 /*
1750 * true for those associated with some refs and belong
1751 * in "ours" list aka "step 7 not done yet"
1752 */
1753 si->need_reachability_test[i] =
1754 si->need_reachability_test[i] > 1;
1755 }
1756 /*
1758 * keep hooks happy by forcing a temporary shallow file via
1759 * env variable because we can't add --shallow-file to every
1760 * command. check_everything_connected() will be done with
1761 * true .git/shallow though.
1762 */
1763 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1764}
1765static void update_shallow_info(struct command *commands,
1767 struct shallow_info *si,
1768 struct sha1_array *ref)
1769{
1770 struct command *cmd;
1771 int *ref_status;
1772 remove_nonexistent_theirs_shallow(si);
1773 if (!si->nr_ours && !si->nr_theirs) {
1774 shallow_update = 0;
1775 return;
1776 }
1777 for (cmd = commands; cmd; cmd = cmd->next) {
1779 if (is_null_sha1(cmd->new_sha1))
1780 continue;
1781 sha1_array_append(ref, cmd->new_sha1);
1782 cmd->index = ref->nr - 1;
1783 }
1784 si->ref = ref;
1785 if (shallow_update) {
1787 prepare_shallow_update(commands, si);
1788 return;
1789 }
1790 ALLOC_ARRAY(ref_status, ref->nr);
1792 assign_shallow_commits_to_refs(si, NULL, ref_status);
1793 for (cmd = commands; cmd; cmd = cmd->next) {
1794 if (is_null_sha1(cmd->new_sha1))
1795 continue;
1796 if (ref_status[cmd->index]) {
1797 cmd->error_string = "shallow update not allowed";
1798 cmd->skip_update = 1;
1799 }
1800 }
1801 free(ref_status);
1802}
1803static void report(struct command *commands, const char *unpack_status)
1805{
1806 struct command *cmd;
1807 struct strbuf buf = STRBUF_INIT;
1808 packet_buf_write(&buf, "unpack %s\n",
1810 unpack_status ? unpack_status : "ok");
1811 for (cmd = commands; cmd; cmd = cmd->next) {
1812 if (!cmd->error_string)
1813 packet_buf_write(&buf, "ok %s\n",
1814 cmd->ref_name);
1815 else
1816 packet_buf_write(&buf, "ng %s %s\n",
1817 cmd->ref_name, cmd->error_string);
1818 }
1819 packet_buf_flush(&buf);
1820 if (use_sideband)
1822 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1823 else
1824 write_or_die(1, buf.buf, buf.len);
1825 strbuf_release(&buf);
1826}
1827static int delete_only(struct command *commands)
1829{
1830 struct command *cmd;
1831 for (cmd = commands; cmd; cmd = cmd->next) {
1832 if (!is_null_sha1(cmd->new_sha1))
1833 return 0;
1834 }
1835 return 1;
1836}
1837int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1839{
1840 int advertise_refs = 0;
1841 struct command *commands;
1842 struct sha1_array shallow = SHA1_ARRAY_INIT;
1843 struct sha1_array ref = SHA1_ARRAY_INIT;
1844 struct shallow_info si;
1845 struct option options[] = {
1847 OPT__QUIET(&quiet, N_("quiet")),
1848 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1849 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1850 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1851 OPT_END()
1852 };
1853 packet_trace_identity("receive-pack");
1855 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1857 if (argc > 1)
1859 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1860 if (argc == 0)
1861 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1862 service_dir = argv[0];
1864 setup_path();
1866 if (!enter_repo(service_dir, 0))
1868 die("'%s' does not appear to be a git repository", service_dir);
1869 git_config(receive_pack_config, NULL);
1871 if (cert_nonce_seed)
1872 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1873 if (0 <= transfer_unpack_limit)
1875 unpack_limit = transfer_unpack_limit;
1876 else if (0 <= receive_unpack_limit)
1877 unpack_limit = receive_unpack_limit;
1878 if (advertise_refs || !stateless_rpc) {
1880 write_head_info();
1881 }
1882 if (advertise_refs)
1883 return 0;
1884 if ((commands = read_head_info(&shallow)) != NULL) {
1886 const char *unpack_status = NULL;
1887 struct string_list push_options = STRING_LIST_INIT_DUP;
1888 if (use_push_options)
1890 read_push_options(&push_options);
1891 prepare_shallow_info(&si, &shallow);
1893 if (!si.nr_ours && !si.nr_theirs)
1894 shallow_update = 0;
1895 if (!delete_only(commands)) {
1896 unpack_status = unpack_with_sideband(&si);
1897 update_shallow_info(commands, &si, &ref);
1898 }
1899 use_keepalive = KEEPALIVE_ALWAYS;
1900 execute_commands(commands, unpack_status, &si,
1901 &push_options);
1902 if (pack_lockfile)
1903 unlink_or_warn(pack_lockfile);
1904 if (report_status)
1905 report(commands, unpack_status);
1906 run_receive_hook(commands, "post-receive", 1,
1907 &push_options);
1908 run_update_post_hook(commands);
1909 if (push_options.nr)
1910 string_list_clear(&push_options, 0);
1911 if (auto_gc) {
1912 const char *argv_gc_auto[] = {
1913 "gc", "--auto", "--quiet", NULL,
1914 };
1915 struct child_process proc = CHILD_PROCESS_INIT;
1916 proc.no_stdin = 1;
1918 proc.stdout_to_stderr = 1;
1919 proc.err = use_sideband ? -1 : 0;
1920 proc.git_cmd = 1;
1921 proc.argv = argv_gc_auto;
1922 close_all_packs();
1924 if (!start_command(&proc)) {
1925 if (use_sideband)
1926 copy_to_sideband(proc.err, -1, NULL);
1927 finish_command(&proc);
1928 }
1929 }
1930 if (auto_update_server_info)
1931 update_server_info(0);
1932 clear_shallow_info(&si);
1933 }
1934 if (use_sideband)
1935 packet_flush(1);
1936 sha1_array_clear(&shallow);
1937 sha1_array_clear(&ref);
1938 free((void *)push_cert_nonce);
1939 return 0;
1940}