1#include "builtin.h"
2#include "config.h"
3#include "lockfile.h"
4#include "pack.h"
5#include "refs.h"
6#include "pkt-line.h"
7#include "sideband.h"
8#include "run-command.h"
9#include "exec_cmd.h"
10#include "commit.h"
11#include "object.h"
12#include "remote.h"
13#include "connect.h"
14#include "transport.h"
15#include "string-list.h"
16#include "sha1-array.h"
17#include "connected.h"
18#include "argv-array.h"
19#include "version.h"
20#include "tag.h"
21#include "gpg-interface.h"
22#include "sigchain.h"
23#include "fsck.h"
24#include "tmp-objdir.h"
25#include "oidset.h"
26#include "packfile.h"
27#include "protocol.h"
28static const char * const receive_pack_usage[] = {
30 N_("git receive-pack <git-dir>"),
31 NULL
32};
33enum deny_action {
35 DENY_UNCONFIGURED,
36 DENY_IGNORE,
37 DENY_WARN,
38 DENY_REFUSE,
39 DENY_UPDATE_INSTEAD
40};
41static int deny_deletes;
43static int deny_non_fast_forwards;
44static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
45static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
46static int receive_fsck_objects = -1;
47static int transfer_fsck_objects = -1;
48static struct strbuf fsck_msg_types = STRBUF_INIT;
49static int receive_unpack_limit = -1;
50static int transfer_unpack_limit = -1;
51static int advertise_atomic_push = 1;
52static int advertise_push_options;
53static int unpack_limit = 100;
54static off_t max_input_size;
55static int report_status;
56static int use_sideband;
57static int use_atomic;
58static int use_push_options;
59static int quiet;
60static int prefer_ofs_delta = 1;
61static int auto_update_server_info;
62static int auto_gc = 1;
63static int reject_thin;
64static int stateless_rpc;
65static const char *service_dir;
66static const char *head_name;
67static void *head_name_to_free;
68static int sent_capabilities;
69static int shallow_update;
70static const char *alt_shallow_file;
71static struct strbuf push_cert = STRBUF_INIT;
72static unsigned char push_cert_sha1[20];
73static struct signature_check sigcheck;
74static const char *push_cert_nonce;
75static const char *cert_nonce_seed;
76static const char *NONCE_UNSOLICITED = "UNSOLICITED";
78static const char *NONCE_BAD = "BAD";
79static const char *NONCE_MISSING = "MISSING";
80static const char *NONCE_OK = "OK";
81static const char *NONCE_SLOP = "SLOP";
82static const char *nonce_status;
83static long nonce_stamp_slop;
84static timestamp_t nonce_stamp_slop_limit;
85static struct ref_transaction *transaction;
86static enum {
88 KEEPALIVE_NEVER = 0,
89 KEEPALIVE_AFTER_NUL,
90 KEEPALIVE_ALWAYS
91} use_keepalive;
92static int keepalive_in_sec = 5;
93static struct tmp_objdir *tmp_objdir;
95static enum deny_action parse_deny_action(const char *var, const char *value)
97{
98 if (value) {
99 if (!strcasecmp(value, "ignore"))
100 return DENY_IGNORE;
101 if (!strcasecmp(value, "warn"))
102 return DENY_WARN;
103 if (!strcasecmp(value, "refuse"))
104 return DENY_REFUSE;
105 if (!strcasecmp(value, "updateinstead"))
106 return DENY_UPDATE_INSTEAD;
107 }
108 if (git_config_bool(var, value))
109 return DENY_REFUSE;
110 return DENY_IGNORE;
111}
112static int receive_pack_config(const char *var, const char *value, void *cb)
114{
115 int status = parse_hide_refs_config(var, value, "receive");
116 if (status)
118 return status;
119 if (strcmp(var, "receive.denydeletes") == 0) {
121 deny_deletes = git_config_bool(var, value);
122 return 0;
123 }
124 if (strcmp(var, "receive.denynonfastforwards") == 0) {
126 deny_non_fast_forwards = git_config_bool(var, value);
127 return 0;
128 }
129 if (strcmp(var, "receive.unpacklimit") == 0) {
131 receive_unpack_limit = git_config_int(var, value);
132 return 0;
133 }
134 if (strcmp(var, "transfer.unpacklimit") == 0) {
136 transfer_unpack_limit = git_config_int(var, value);
137 return 0;
138 }
139 if (strcmp(var, "receive.fsck.skiplist") == 0) {
141 const char *path;
142 if (git_config_pathname(&path, var, value))
144 return 1;
145 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
146 fsck_msg_types.len ? ',' : '=', path);
147 free((char *)path);
148 return 0;
149 }
150 if (skip_prefix(var, "receive.fsck.", &var)) {
152 if (is_valid_msg_type(var, value))
153 strbuf_addf(&fsck_msg_types, "%c%s=%s",
154 fsck_msg_types.len ? ',' : '=', var, value);
155 else
156 warning("Skipping unknown msg id '%s'", var);
157 return 0;
158 }
159 if (strcmp(var, "receive.fsckobjects") == 0) {
161 receive_fsck_objects = git_config_bool(var, value);
162 return 0;
163 }
164 if (strcmp(var, "transfer.fsckobjects") == 0) {
166 transfer_fsck_objects = git_config_bool(var, value);
167 return 0;
168 }
169 if (!strcmp(var, "receive.denycurrentbranch")) {
171 deny_current_branch = parse_deny_action(var, value);
172 return 0;
173 }
174 if (strcmp(var, "receive.denydeletecurrent") == 0) {
176 deny_delete_current = parse_deny_action(var, value);
177 return 0;
178 }
179 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
181 prefer_ofs_delta = git_config_bool(var, value);
182 return 0;
183 }
184 if (strcmp(var, "receive.updateserverinfo") == 0) {
186 auto_update_server_info = git_config_bool(var, value);
187 return 0;
188 }
189 if (strcmp(var, "receive.autogc") == 0) {
191 auto_gc = git_config_bool(var, value);
192 return 0;
193 }
194 if (strcmp(var, "receive.shallowupdate") == 0) {
196 shallow_update = git_config_bool(var, value);
197 return 0;
198 }
199 if (strcmp(var, "receive.certnonceseed") == 0)
201 return git_config_string(&cert_nonce_seed, var, value);
202 if (strcmp(var, "receive.certnonceslop") == 0) {
204 nonce_stamp_slop_limit = git_config_ulong(var, value);
205 return 0;
206 }
207 if (strcmp(var, "receive.advertiseatomic") == 0) {
209 advertise_atomic_push = git_config_bool(var, value);
210 return 0;
211 }
212 if (strcmp(var, "receive.advertisepushoptions") == 0) {
214 advertise_push_options = git_config_bool(var, value);
215 return 0;
216 }
217 if (strcmp(var, "receive.keepalive") == 0) {
219 keepalive_in_sec = git_config_int(var, value);
220 return 0;
221 }
222 if (strcmp(var, "receive.maxinputsize") == 0) {
224 max_input_size = git_config_int64(var, value);
225 return 0;
226 }
227 return git_default_config(var, value, cb);
229}
230static void show_ref(const char *path, const struct object_id *oid)
232{
233 if (sent_capabilities) {
234 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
235 } else {
236 struct strbuf cap = STRBUF_INIT;
237 strbuf_addstr(&cap,
239 "report-status delete-refs side-band-64k quiet");
240 if (advertise_atomic_push)
241 strbuf_addstr(&cap, " atomic");
242 if (prefer_ofs_delta)
243 strbuf_addstr(&cap, " ofs-delta");
244 if (push_cert_nonce)
245 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
246 if (advertise_push_options)
247 strbuf_addstr(&cap, " push-options");
248 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
249 packet_write_fmt(1, "%s %s%c%s\n",
250 oid_to_hex(oid), path, 0, cap.buf);
251 strbuf_release(&cap);
252 sent_capabilities = 1;
253 }
254}
255static int show_ref_cb(const char *path_full, const struct object_id *oid,
257 int flag, void *data)
258{
259 struct oidset *seen = data;
260 const char *path = strip_namespace(path_full);
261 if (ref_is_hidden(path, path_full))
263 return 0;
264 /*
266 * Advertise refs outside our current namespace as ".have"
267 * refs, so that the client can use them to minimize data
268 * transfer but will otherwise ignore them.
269 */
270 if (!path) {
271 if (oidset_insert(seen, oid))
272 return 0;
273 path = ".have";
274 } else {
275 oidset_insert(seen, oid);
276 }
277 show_ref(path, oid);
278 return 0;
279}
280static void show_one_alternate_ref(const char *refname,
282 const struct object_id *oid,
283 void *data)
284{
285 struct oidset *seen = data;
286 if (oidset_insert(seen, oid))
288 return;
289 show_ref(".have", oid);
291}
292static void write_head_info(void)
294{
295 static struct oidset seen = OIDSET_INIT;
296 for_each_ref(show_ref_cb, &seen);
298 for_each_alternate_ref(show_one_alternate_ref, &seen);
299 oidset_clear(&seen);
300 if (!sent_capabilities)
301 show_ref("capabilities^{}", &null_oid);
302 advertise_shallow_grafts(1);
304 /* EOF */
306 packet_flush(1);
307}
308struct command {
310 struct command *next;
311 const char *error_string;
312 unsigned int skip_update:1,
313 did_not_exist:1;
314 int index;
315 struct object_id old_oid;
316 struct object_id new_oid;
317 char ref_name[FLEX_ARRAY]; /* more */
318};
319static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
321static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
322static void report_message(const char *prefix, const char *err, va_list params)
324{
325 int sz;
326 char msg[4096];
327 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
329 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
330 if (sz > (sizeof(msg) - 1))
331 sz = sizeof(msg) - 1;
332 msg[sz++] = '\n';
333 if (use_sideband)
335 send_sideband(1, 2, msg, sz, use_sideband);
336 else
337 xwrite(2, msg, sz);
338}
339static void rp_warning(const char *err, ...)
341{
342 va_list params;
343 va_start(params, err);
344 report_message("warning: ", err, params);
345 va_end(params);
346}
347static void rp_error(const char *err, ...)
349{
350 va_list params;
351 va_start(params, err);
352 report_message("error: ", err, params);
353 va_end(params);
354}
355static int copy_to_sideband(int in, int out, void *arg)
357{
358 char data[128];
359 int keepalive_active = 0;
360 if (keepalive_in_sec <= 0)
362 use_keepalive = KEEPALIVE_NEVER;
363 if (use_keepalive == KEEPALIVE_ALWAYS)
364 keepalive_active = 1;
365 while (1) {
367 ssize_t sz;
368 if (keepalive_active) {
370 struct pollfd pfd;
371 int ret;
372 pfd.fd = in;
374 pfd.events = POLLIN;
375 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
376 if (ret < 0) {
378 if (errno == EINTR)
379 continue;
380 else
381 break;
382 } else if (ret == 0) {
383 /* no data; send a keepalive packet */
384 static const char buf[] = "0005\1";
385 write_or_die(1, buf, sizeof(buf) - 1);
386 continue;
387 } /* else there is actual data to read */
388 }
389 sz = xread(in, data, sizeof(data));
391 if (sz <= 0)
392 break;
393 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
395 const char *p = memchr(data, '\0', sz);
396 if (p) {
397 /*
398 * The NUL tells us to start sending keepalives. Make
399 * sure we send any other data we read along
400 * with it.
401 */
402 keepalive_active = 1;
403 send_sideband(1, 2, data, p - data, use_sideband);
404 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
405 continue;
406 }
407 }
408 /*
410 * Either we're not looking for a NUL signal, or we didn't see
411 * it yet; just pass along the data.
412 */
413 send_sideband(1, 2, data, sz, use_sideband);
414 }
415 close(in);
416 return 0;
417}
418#define HMAC_BLOCK_SIZE 64
420static void hmac_sha1(unsigned char *out,
422 const char *key_in, size_t key_len,
423 const char *text, size_t text_len)
424{
425 unsigned char key[HMAC_BLOCK_SIZE];
426 unsigned char k_ipad[HMAC_BLOCK_SIZE];
427 unsigned char k_opad[HMAC_BLOCK_SIZE];
428 int i;
429 git_SHA_CTX ctx;
430 /* RFC 2104 2. (1) */
432 memset(key, '\0', HMAC_BLOCK_SIZE);
433 if (HMAC_BLOCK_SIZE < key_len) {
434 git_SHA1_Init(&ctx);
435 git_SHA1_Update(&ctx, key_in, key_len);
436 git_SHA1_Final(key, &ctx);
437 } else {
438 memcpy(key, key_in, key_len);
439 }
440 /* RFC 2104 2. (2) & (5) */
442 for (i = 0; i < sizeof(key); i++) {
443 k_ipad[i] = key[i] ^ 0x36;
444 k_opad[i] = key[i] ^ 0x5c;
445 }
446 /* RFC 2104 2. (3) & (4) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
450 git_SHA1_Update(&ctx, text, text_len);
451 git_SHA1_Final(out, &ctx);
452 /* RFC 2104 2. (6) & (7) */
454 git_SHA1_Init(&ctx);
455 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
456 git_SHA1_Update(&ctx, out, 20);
457 git_SHA1_Final(out, &ctx);
458}
459static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
461{
462 struct strbuf buf = STRBUF_INIT;
463 unsigned char sha1[20];
464 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
466 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
467 strbuf_release(&buf);
468 /* RFC 2104 5. HMAC-SHA1-80 */
470 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
471 return strbuf_detach(&buf, NULL);
472}
473/*
475 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
476 * after dropping "_commit" from its name and possibly moving it out
477 * of commit.c
478 */
479static char *find_header(const char *msg, size_t len, const char *key,
480 const char **next_line)
481{
482 int key_len = strlen(key);
483 const char *line = msg;
484 while (line && line < msg + len) {
486 const char *eol = strchrnul(line, '\n');
487 if ((msg + len <= eol) || line == eol)
489 return NULL;
490 if (line + key_len < eol &&
491 !memcmp(line, key, key_len) && line[key_len] == ' ') {
492 int offset = key_len + 1;
493 if (next_line)
494 *next_line = *eol ? eol + 1 : eol;
495 return xmemdupz(line + offset, (eol - line) - offset);
496 }
497 line = *eol ? eol + 1 : NULL;
498 }
499 return NULL;
500}
501static const char *check_nonce(const char *buf, size_t len)
503{
504 char *nonce = find_header(buf, len, "nonce", NULL);
505 timestamp_t stamp, ostamp;
506 char *bohmac, *expect = NULL;
507 const char *retval = NONCE_BAD;
508 if (!nonce) {
510 retval = NONCE_MISSING;
511 goto leave;
512 } else if (!push_cert_nonce) {
513 retval = NONCE_UNSOLICITED;
514 goto leave;
515 } else if (!strcmp(push_cert_nonce, nonce)) {
516 retval = NONCE_OK;
517 goto leave;
518 }
519 if (!stateless_rpc) {
521 /* returned nonce MUST match what we gave out earlier */
522 retval = NONCE_BAD;
523 goto leave;
524 }
525 /*
527 * In stateless mode, we may be receiving a nonce issued by
528 * another instance of the server that serving the same
529 * repository, and the timestamps may not match, but the
530 * nonce-seed and dir should match, so we can recompute and
531 * report the time slop.
532 *
533 * In addition, when a nonce issued by another instance has
534 * timestamp within receive.certnonceslop seconds, we pretend
535 * as if we issued that nonce when reporting to the hook.
536 */
537 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
539 if (*nonce <= '0' || '9' < *nonce) {
540 retval = NONCE_BAD;
541 goto leave;
542 }
543 stamp = parse_timestamp(nonce, &bohmac, 10);
544 if (bohmac == nonce || bohmac[0] != '-') {
545 retval = NONCE_BAD;
546 goto leave;
547 }
548 expect = prepare_push_cert_nonce(service_dir, stamp);
550 if (strcmp(expect, nonce)) {
551 /* Not what we would have signed earlier */
552 retval = NONCE_BAD;
553 goto leave;
554 }
555 /*
557 * By how many seconds is this nonce stale? Negative value
558 * would mean it was issued by another server with its clock
559 * skewed in the future.
560 */
561 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
562 nonce_stamp_slop = (long)ostamp - (long)stamp;
563 if (nonce_stamp_slop_limit &&
565 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
566 /*
567 * Pretend as if the received nonce (which passes the
568 * HMAC check, so it is not a forged by third-party)
569 * is what we issued.
570 */
571 free((void *)push_cert_nonce);
572 push_cert_nonce = xstrdup(nonce);
573 retval = NONCE_OK;
574 } else {
575 retval = NONCE_SLOP;
576 }
577leave:
579 free(nonce);
580 free(expect);
581 return retval;
582}
583/*
585 * Return 1 if there is no push_cert or if the push options in push_cert are
586 * the same as those in the argument; 0 otherwise.
587 */
588static int check_cert_push_options(const struct string_list *push_options)
589{
590 const char *buf = push_cert.buf;
591 int len = push_cert.len;
592 char *option;
594 const char *next_line;
595 int options_seen = 0;
596 int retval = 1;
598 if (!len)
600 return 1;
601 while ((option = find_header(buf, len, "push-option", &next_line))) {
603 len -= (next_line - buf);
604 buf = next_line;
605 options_seen++;
606 if (options_seen > push_options->nr
607 || strcmp(option,
608 push_options->items[options_seen - 1].string)) {
609 retval = 0;
610 goto leave;
611 }
612 free(option);
613 }
614 if (options_seen != push_options->nr)
616 retval = 0;
617leave:
619 free(option);
620 return retval;
621}
622static void prepare_push_cert_sha1(struct child_process *proc)
624{
625 static int already_done;
626 if (!push_cert.len)
628 return;
629 if (!already_done) {
631 struct strbuf gpg_output = STRBUF_INIT;
632 struct strbuf gpg_status = STRBUF_INIT;
633 int bogs /* beginning_of_gpg_sig */;
634 already_done = 1;
636 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
637 hashclr(push_cert_sha1);
638 memset(&sigcheck, '\0', sizeof(sigcheck));
640 sigcheck.result = 'N';
641 bogs = parse_signature(push_cert.buf, push_cert.len);
643 if (verify_signed_buffer(push_cert.buf, bogs,
644 push_cert.buf + bogs, push_cert.len - bogs,
645 &gpg_output, &gpg_status) < 0) {
646 ; /* error running gpg */
647 } else {
648 sigcheck.payload = push_cert.buf;
649 sigcheck.gpg_output = gpg_output.buf;
650 sigcheck.gpg_status = gpg_status.buf;
651 parse_gpg_output(&sigcheck);
652 }
653 strbuf_release(&gpg_output);
655 strbuf_release(&gpg_status);
656 nonce_status = check_nonce(push_cert.buf, bogs);
657 }
658 if (!is_null_sha1(push_cert_sha1)) {
659 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
660 sha1_to_hex(push_cert_sha1));
661 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
662 sigcheck.signer ? sigcheck.signer : "");
663 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
664 sigcheck.key ? sigcheck.key : "");
665 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
666 sigcheck.result);
667 if (push_cert_nonce) {
668 argv_array_pushf(&proc->env_array,
669 "GIT_PUSH_CERT_NONCE=%s",
670 push_cert_nonce);
671 argv_array_pushf(&proc->env_array,
672 "GIT_PUSH_CERT_NONCE_STATUS=%s",
673 nonce_status);
674 if (nonce_status == NONCE_SLOP)
675 argv_array_pushf(&proc->env_array,
676 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
677 nonce_stamp_slop);
678 }
679 }
680}
681struct receive_hook_feed_state {
683 struct command *cmd;
684 int skip_broken;
685 struct strbuf buf;
686 const struct string_list *push_options;
687};
688typedef int (*feed_fn)(void *, const char **, size_t *);
690static int run_and_feed_hook(const char *hook_name, feed_fn feed,
691 struct receive_hook_feed_state *feed_state)
692{
693 struct child_process proc = CHILD_PROCESS_INIT;
694 struct async muxer;
695 const char *argv[2];
696 int code;
697 argv[0] = find_hook(hook_name);
699 if (!argv[0])
700 return 0;
701 argv[1] = NULL;
703 proc.argv = argv;
705 proc.in = -1;
706 proc.stdout_to_stderr = 1;
707 if (feed_state->push_options) {
708 int i;
709 for (i = 0; i < feed_state->push_options->nr; i++)
710 argv_array_pushf(&proc.env_array,
711 "GIT_PUSH_OPTION_%d=%s", i,
712 feed_state->push_options->items[i].string);
713 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
714 feed_state->push_options->nr);
715 } else
716 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
717 if (tmp_objdir)
719 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
720 if (use_sideband) {
722 memset(&muxer, 0, sizeof(muxer));
723 muxer.proc = copy_to_sideband;
724 muxer.in = -1;
725 code = start_async(&muxer);
726 if (code)
727 return code;
728 proc.err = muxer.in;
729 }
730 prepare_push_cert_sha1(&proc);
732 code = start_command(&proc);
734 if (code) {
735 if (use_sideband)
736 finish_async(&muxer);
737 return code;
738 }
739 sigchain_push(SIGPIPE, SIG_IGN);
741 while (1) {
743 const char *buf;
744 size_t n;
745 if (feed(feed_state, &buf, &n))
746 break;
747 if (write_in_full(proc.in, buf, n) < 0)
748 break;
749 }
750 close(proc.in);
751 if (use_sideband)
752 finish_async(&muxer);
753 sigchain_pop(SIGPIPE);
755 return finish_command(&proc);
757}
758static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
760{
761 struct receive_hook_feed_state *state = state_;
762 struct command *cmd = state->cmd;
763 while (cmd &&
765 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
766 cmd = cmd->next;
767 if (!cmd)
768 return -1; /* EOF */
769 strbuf_reset(&state->buf);
770 strbuf_addf(&state->buf, "%s %s %s\n",
771 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
772 cmd->ref_name);
773 state->cmd = cmd->next;
774 if (bufp) {
775 *bufp = state->buf.buf;
776 *sizep = state->buf.len;
777 }
778 return 0;
779}
780static int run_receive_hook(struct command *commands,
782 const char *hook_name,
783 int skip_broken,
784 const struct string_list *push_options)
785{
786 struct receive_hook_feed_state state;
787 int status;
788 strbuf_init(&state.buf, 0);
790 state.cmd = commands;
791 state.skip_broken = skip_broken;
792 if (feed_receive_hook(&state, NULL, NULL))
793 return 0;
794 state.cmd = commands;
795 state.push_options = push_options;
796 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
797 strbuf_release(&state.buf);
798 return status;
799}
800static int run_update_hook(struct command *cmd)
802{
803 const char *argv[5];
804 struct child_process proc = CHILD_PROCESS_INIT;
805 int code;
806 argv[0] = find_hook("update");
808 if (!argv[0])
809 return 0;
810 argv[1] = cmd->ref_name;
812 argv[2] = oid_to_hex(&cmd->old_oid);
813 argv[3] = oid_to_hex(&cmd->new_oid);
814 argv[4] = NULL;
815 proc.no_stdin = 1;
817 proc.stdout_to_stderr = 1;
818 proc.err = use_sideband ? -1 : 0;
819 proc.argv = argv;
820 code = start_command(&proc);
822 if (code)
823 return code;
824 if (use_sideband)
825 copy_to_sideband(proc.err, -1, NULL);
826 return finish_command(&proc);
827}
828static int is_ref_checked_out(const char *ref)
830{
831 if (is_bare_repository())
832 return 0;
833 if (!head_name)
835 return 0;
836 return !strcmp(head_name, ref);
837}
838static char *refuse_unconfigured_deny_msg =
840 N_("By default, updating the current branch in a non-bare repository\n"
841 "is denied, because it will make the index and work tree inconsistent\n"
842 "with what you pushed, and will require 'git reset --hard' to match\n"
843 "the work tree to HEAD.\n"
844 "\n"
845 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
846 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
847 "its current branch; however, this is not recommended unless you\n"
848 "arranged to update its work tree to match what you pushed in some\n"
849 "other way.\n"
850 "\n"
851 "To squelch this message and still keep the default behaviour, set\n"
852 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
853static void refuse_unconfigured_deny(void)
855{
856 rp_error("%s", _(refuse_unconfigured_deny_msg));
857}
858static char *refuse_unconfigured_deny_delete_current_msg =
860 N_("By default, deleting the current branch is denied, because the next\n"
861 "'git clone' won't result in any file checked out, causing confusion.\n"
862 "\n"
863 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
864 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
865 "current branch, with or without a warning message.\n"
866 "\n"
867 "To squelch this message, you can set it to 'refuse'.");
868static void refuse_unconfigured_deny_delete_current(void)
870{
871 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
872}
873static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
875static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
876{
877 static struct lock_file shallow_lock;
878 struct oid_array extra = OID_ARRAY_INIT;
879 struct check_connected_options opt = CHECK_CONNECTED_INIT;
880 uint32_t mask = 1 << (cmd->index % 32);
881 int i;
882 trace_printf_key(&trace_shallow,
884 "shallow: update_shallow_ref %s\n", cmd->ref_name);
885 for (i = 0; i < si->shallow->nr; i++)
886 if (si->used_shallow[i] &&
887 (si->used_shallow[i][cmd->index / 32] & mask) &&
888 !delayed_reachability_test(si, i))
889 oid_array_append(&extra, &si->shallow->oid[i]);
890 opt.env = tmp_objdir_env(tmp_objdir);
892 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
893 if (check_connected(command_singleton_iterator, cmd, &opt)) {
894 rollback_lock_file(&shallow_lock);
895 oid_array_clear(&extra);
896 return -1;
897 }
898 commit_lock_file(&shallow_lock);
900 /*
902 * Make sure setup_alternate_shallow() for the next ref does
903 * not lose these new roots..
904 */
905 for (i = 0; i < extra.nr; i++)
906 register_shallow(&extra.oid[i]);
907 si->shallow_ref[cmd->index] = 0;
909 oid_array_clear(&extra);
910 return 0;
911}
912/*
914 * NEEDSWORK: we should consolidate various implementions of "are we
915 * on an unborn branch?" test into one, and make the unified one more
916 * robust. !get_sha1() based check used here and elsewhere would not
917 * allow us to tell an unborn branch from corrupt ref, for example.
918 * For the purpose of fixing "deploy-to-update does not work when
919 * pushing into an empty repository" issue, this should suffice for
920 * now.
921 */
922static int head_has_history(void)
923{
924 struct object_id oid;
925 return !get_oid("HEAD", &oid);
927}
928static const char *push_to_deploy(unsigned char *sha1,
930 struct argv_array *env,
931 const char *work_tree)
932{
933 const char *update_refresh[] = {
934 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
935 };
936 const char *diff_files[] = {
937 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
938 };
939 const char *diff_index[] = {
940 "diff-index", "--quiet", "--cached", "--ignore-submodules",
941 NULL, "--", NULL
942 };
943 const char *read_tree[] = {
944 "read-tree", "-u", "-m", NULL, NULL
945 };
946 struct child_process child = CHILD_PROCESS_INIT;
947 child.argv = update_refresh;
949 child.env = env->argv;
950 child.dir = work_tree;
951 child.no_stdin = 1;
952 child.stdout_to_stderr = 1;
953 child.git_cmd = 1;
954 if (run_command(&child))
955 return "Up-to-date check failed";
956 /* run_command() does not clean up completely; reinitialize */
958 child_process_init(&child);
959 child.argv = diff_files;
960 child.env = env->argv;
961 child.dir = work_tree;
962 child.no_stdin = 1;
963 child.stdout_to_stderr = 1;
964 child.git_cmd = 1;
965 if (run_command(&child))
966 return "Working directory has unstaged changes";
967 /* diff-index with either HEAD or an empty tree */
969 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
970 child_process_init(&child);
972 child.argv = diff_index;
973 child.env = env->argv;
974 child.no_stdin = 1;
975 child.no_stdout = 1;
976 child.stdout_to_stderr = 0;
977 child.git_cmd = 1;
978 if (run_command(&child))
979 return "Working directory has staged changes";
980 read_tree[3] = sha1_to_hex(sha1);
982 child_process_init(&child);
983 child.argv = read_tree;
984 child.env = env->argv;
985 child.dir = work_tree;
986 child.no_stdin = 1;
987 child.no_stdout = 1;
988 child.stdout_to_stderr = 0;
989 child.git_cmd = 1;
990 if (run_command(&child))
991 return "Could not update working tree to new HEAD";
992 return NULL;
994}
995static const char *push_to_checkout_hook = "push-to-checkout";
997static const char *push_to_checkout(unsigned char *sha1,
999 struct argv_array *env,
1000 const char *work_tree)
1001{
1002 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1003 if (run_hook_le(env->argv, push_to_checkout_hook,
1004 sha1_to_hex(sha1), NULL))
1005 return "push-to-checkout hook declined";
1006 else
1007 return NULL;
1008}
1009static const char *update_worktree(unsigned char *sha1)
1011{
1012 const char *retval;
1013 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1014 struct argv_array env = ARGV_ARRAY_INIT;
1015 if (is_bare_repository())
1017 return "denyCurrentBranch = updateInstead needs a worktree";
1018 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1020 if (!find_hook(push_to_checkout_hook))
1022 retval = push_to_deploy(sha1, &env, work_tree);
1023 else
1024 retval = push_to_checkout(sha1, &env, work_tree);
1025 argv_array_clear(&env);
1027 return retval;
1028}
1029static const char *update(struct command *cmd, struct shallow_info *si)
1031{
1032 const char *name = cmd->ref_name;
1033 struct strbuf namespaced_name_buf = STRBUF_INIT;
1034 static char *namespaced_name;
1035 const char *ret;
1036 struct object_id *old_oid = &cmd->old_oid;
1037 struct object_id *new_oid = &cmd->new_oid;
1038 /* only refs/... are allowed */
1040 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1041 rp_error("refusing to create funny ref '%s' remotely", name);
1042 return "funny refname";
1043 }
1044 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1046 free(namespaced_name);
1047 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1048 if (is_ref_checked_out(namespaced_name)) {
1050 switch (deny_current_branch) {
1051 case DENY_IGNORE:
1052 break;
1053 case DENY_WARN:
1054 rp_warning("updating the current branch");
1055 break;
1056 case DENY_REFUSE:
1057 case DENY_UNCONFIGURED:
1058 rp_error("refusing to update checked out branch: %s", name);
1059 if (deny_current_branch == DENY_UNCONFIGURED)
1060 refuse_unconfigured_deny();
1061 return "branch is currently checked out";
1062 case DENY_UPDATE_INSTEAD:
1063 ret = update_worktree(new_oid->hash);
1064 if (ret)
1065 return ret;
1066 break;
1067 }
1068 }
1069 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1071 error("unpack should have generated %s, "
1072 "but I can't find it!", oid_to_hex(new_oid));
1073 return "bad pack";
1074 }
1075 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1077 if (deny_deletes && starts_with(name, "refs/heads/")) {
1078 rp_error("denying ref deletion for %s", name);
1079 return "deletion prohibited";
1080 }
1081 if (head_name && !strcmp(namespaced_name, head_name)) {
1083 switch (deny_delete_current) {
1084 case DENY_IGNORE:
1085 break;
1086 case DENY_WARN:
1087 rp_warning("deleting the current branch");
1088 break;
1089 case DENY_REFUSE:
1090 case DENY_UNCONFIGURED:
1091 case DENY_UPDATE_INSTEAD:
1092 if (deny_delete_current == DENY_UNCONFIGURED)
1093 refuse_unconfigured_deny_delete_current();
1094 rp_error("refusing to delete the current branch: %s", name);
1095 return "deletion of the current branch prohibited";
1096 default:
1097 return "Invalid denyDeleteCurrent setting";
1098 }
1099 }
1100 }
1101 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1103 !is_null_oid(old_oid) &&
1104 starts_with(name, "refs/heads/")) {
1105 struct object *old_object, *new_object;
1106 struct commit *old_commit, *new_commit;
1107 old_object = parse_object(old_oid);
1109 new_object = parse_object(new_oid);
1110 if (!old_object || !new_object ||
1112 old_object->type != OBJ_COMMIT ||
1113 new_object->type != OBJ_COMMIT) {
1114 error("bad sha1 objects for %s", name);
1115 return "bad ref";
1116 }
1117 old_commit = (struct commit *)old_object;
1118 new_commit = (struct commit *)new_object;
1119 if (!in_merge_bases(old_commit, new_commit)) {
1120 rp_error("denying non-fast-forward %s"
1121 " (you should pull first)", name);
1122 return "non-fast-forward";
1123 }
1124 }
1125 if (run_update_hook(cmd)) {
1126 rp_error("hook declined to update %s", name);
1127 return "hook declined";
1128 }
1129 if (is_null_oid(new_oid)) {
1131 struct strbuf err = STRBUF_INIT;
1132 if (!parse_object(old_oid)) {
1133 old_oid = NULL;
1134 if (ref_exists(name)) {
1135 rp_warning("Allowing deletion of corrupt ref.");
1136 } else {
1137 rp_warning("Deleting a non-existent ref.");
1138 cmd->did_not_exist = 1;
1139 }
1140 }
1141 if (ref_transaction_delete(transaction,
1142 namespaced_name,
1143 old_oid ? old_oid->hash : NULL,
1144 0, "push", &err)) {
1145 rp_error("%s", err.buf);
1146 strbuf_release(&err);
1147 return "failed to delete";
1148 }
1149 strbuf_release(&err);
1150 return NULL; /* good */
1151 }
1152 else {
1153 struct strbuf err = STRBUF_INIT;
1154 if (shallow_update && si->shallow_ref[cmd->index] &&
1155 update_shallow_ref(cmd, si))
1156 return "shallow error";
1157 if (ref_transaction_update(transaction,
1159 namespaced_name,
1160 new_oid->hash, old_oid->hash,
1161 0, "push",
1162 &err)) {
1163 rp_error("%s", err.buf);
1164 strbuf_release(&err);
1165 return "failed to update ref";
1167 }
1168 strbuf_release(&err);
1169 return NULL; /* good */
1171 }
1172}
1173static void run_update_post_hook(struct command *commands)
1175{
1176 struct command *cmd;
1177 struct child_process proc = CHILD_PROCESS_INIT;
1178 const char *hook;
1179 hook = find_hook("post-update");
1181 if (!hook)
1182 return;
1183 for (cmd = commands; cmd; cmd = cmd->next) {
1185 if (cmd->error_string || cmd->did_not_exist)
1186 continue;
1187 if (!proc.args.argc)
1188 argv_array_push(&proc.args, hook);
1189 argv_array_push(&proc.args, cmd->ref_name);
1190 }
1191 if (!proc.args.argc)
1192 return;
1193 proc.no_stdin = 1;
1195 proc.stdout_to_stderr = 1;
1196 proc.err = use_sideband ? -1 : 0;
1197 if (!start_command(&proc)) {
1199 if (use_sideband)
1200 copy_to_sideband(proc.err, -1, NULL);
1201 finish_command(&proc);
1202 }
1203}
1204static void check_aliased_update(struct command *cmd, struct string_list *list)
1206{
1207 struct strbuf buf = STRBUF_INIT;
1208 const char *dst_name;
1209 struct string_list_item *item;
1210 struct command *dst_cmd;
1211 unsigned char sha1[GIT_MAX_RAWSZ];
1212 int flag;
1213 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1215 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1216 strbuf_release(&buf);
1217 if (!(flag & REF_ISSYMREF))
1219 return;
1220 if (!dst_name) {
1222 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1223 cmd->skip_update = 1;
1224 cmd->error_string = "broken symref";
1225 return;
1226 }
1227 dst_name = strip_namespace(dst_name);
1228 if ((item = string_list_lookup(list, dst_name)) == NULL)
1230 return;
1231 cmd->skip_update = 1;
1233 dst_cmd = (struct command *) item->util;
1235 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1237 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1238 return;
1239 dst_cmd->skip_update = 1;
1241 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1243 " its target '%s' (%s..%s)",
1244 cmd->ref_name,
1245 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1246 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1247 dst_cmd->ref_name,
1248 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1249 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1250 cmd->error_string = dst_cmd->error_string =
1252 "inconsistent aliased update";
1253}
1254static void check_aliased_updates(struct command *commands)
1256{
1257 struct command *cmd;
1258 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1259 for (cmd = commands; cmd; cmd = cmd->next) {
1261 struct string_list_item *item =
1262 string_list_append(&ref_list, cmd->ref_name);
1263 item->util = (void *)cmd;
1264 }
1265 string_list_sort(&ref_list);
1266 for (cmd = commands; cmd; cmd = cmd->next) {
1268 if (!cmd->error_string)
1269 check_aliased_update(cmd, &ref_list);
1270 }
1271 string_list_clear(&ref_list, 0);
1273}
1274static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1276{
1277 struct command **cmd_list = cb_data;
1278 struct command *cmd = *cmd_list;
1279 if (!cmd || is_null_oid(&cmd->new_oid))
1281 return -1; /* end of list */
1282 *cmd_list = NULL; /* this returns only one */
1283 hashcpy(sha1, cmd->new_oid.hash);
1284 return 0;
1285}
1286static void set_connectivity_errors(struct command *commands,
1288 struct shallow_info *si)
1289{
1290 struct command *cmd;
1291 for (cmd = commands; cmd; cmd = cmd->next) {
1293 struct command *singleton = cmd;
1294 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1295 if (shallow_update && si->shallow_ref[cmd->index])
1297 /* to be checked in update_shallow_ref() */
1298 continue;
1299 opt.env = tmp_objdir_env(tmp_objdir);
1301 if (!check_connected(command_singleton_iterator, &singleton,
1302 &opt))
1303 continue;
1304 cmd->error_string = "missing necessary objects";
1306 }
1307}
1308struct iterate_data {
1310 struct command *cmds;
1311 struct shallow_info *si;
1312};
1313static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1315{
1316 struct iterate_data *data = cb_data;
1317 struct command **cmd_list = &data->cmds;
1318 struct command *cmd = *cmd_list;
1319 for (; cmd; cmd = cmd->next) {
1321 if (shallow_update && data->si->shallow_ref[cmd->index])
1322 /* to be checked in update_shallow_ref() */
1323 continue;
1324 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1325 hashcpy(sha1, cmd->new_oid.hash);
1326 *cmd_list = cmd->next;
1327 return 0;
1328 }
1329 }
1330 *cmd_list = NULL;
1331 return -1; /* end of list */
1332}
1333static void reject_updates_to_hidden(struct command *commands)
1335{
1336 struct strbuf refname_full = STRBUF_INIT;
1337 size_t prefix_len;
1338 struct command *cmd;
1339 strbuf_addstr(&refname_full, get_git_namespace());
1341 prefix_len = refname_full.len;
1342 for (cmd = commands; cmd; cmd = cmd->next) {
1344 if (cmd->error_string)
1345 continue;
1346 strbuf_setlen(&refname_full, prefix_len);
1348 strbuf_addstr(&refname_full, cmd->ref_name);
1349 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1351 continue;
1352 if (is_null_oid(&cmd->new_oid))
1353 cmd->error_string = "deny deleting a hidden ref";
1354 else
1355 cmd->error_string = "deny updating a hidden ref";
1356 }
1357 strbuf_release(&refname_full);
1359}
1360static int should_process_cmd(struct command *cmd)
1362{
1363 return !cmd->error_string && !cmd->skip_update;
1364}
1365static void warn_if_skipped_connectivity_check(struct command *commands,
1367 struct shallow_info *si)
1368{
1369 struct command *cmd;
1370 int checked_connectivity = 1;
1371 for (cmd = commands; cmd; cmd = cmd->next) {
1373 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1374 error("BUG: connectivity check has not been run on ref %s",
1375 cmd->ref_name);
1376 checked_connectivity = 0;
1377 }
1378 }
1379 if (!checked_connectivity)
1380 die("BUG: connectivity check skipped???");
1381}
1382static void execute_commands_non_atomic(struct command *commands,
1384 struct shallow_info *si)
1385{
1386 struct command *cmd;
1387 struct strbuf err = STRBUF_INIT;
1388 for (cmd = commands; cmd; cmd = cmd->next) {
1390 if (!should_process_cmd(cmd))
1391 continue;
1392 transaction = ref_transaction_begin(&err);
1394 if (!transaction) {
1395 rp_error("%s", err.buf);
1396 strbuf_reset(&err);
1397 cmd->error_string = "transaction failed to start";
1398 continue;
1399 }
1400 cmd->error_string = update(cmd, si);
1402 if (!cmd->error_string
1404 && ref_transaction_commit(transaction, &err)) {
1405 rp_error("%s", err.buf);
1406 strbuf_reset(&err);
1407 cmd->error_string = "failed to update ref";
1408 }
1409 ref_transaction_free(transaction);
1410 }
1411 strbuf_release(&err);
1412}
1413static void execute_commands_atomic(struct command *commands,
1415 struct shallow_info *si)
1416{
1417 struct command *cmd;
1418 struct strbuf err = STRBUF_INIT;
1419 const char *reported_error = "atomic push failure";
1420 transaction = ref_transaction_begin(&err);
1422 if (!transaction) {
1423 rp_error("%s", err.buf);
1424 strbuf_reset(&err);
1425 reported_error = "transaction failed to start";
1426 goto failure;
1427 }
1428 for (cmd = commands; cmd; cmd = cmd->next) {
1430 if (!should_process_cmd(cmd))
1431 continue;
1432 cmd->error_string = update(cmd, si);
1434 if (cmd->error_string)
1436 goto failure;
1437 }
1438 if (ref_transaction_commit(transaction, &err)) {
1440 rp_error("%s", err.buf);
1441 reported_error = "atomic transaction failed";
1442 goto failure;
1443 }
1444 goto cleanup;
1445failure:
1447 for (cmd = commands; cmd; cmd = cmd->next)
1448 if (!cmd->error_string)
1449 cmd->error_string = reported_error;
1450cleanup:
1452 ref_transaction_free(transaction);
1453 strbuf_release(&err);
1454}
1455static void execute_commands(struct command *commands,
1457 const char *unpacker_error,
1458 struct shallow_info *si,
1459 const struct string_list *push_options)
1460{
1461 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1462 struct command *cmd;
1463 struct object_id oid;
1464 struct iterate_data data;
1465 struct async muxer;
1466 int err_fd = 0;
1467 if (unpacker_error) {
1469 for (cmd = commands; cmd; cmd = cmd->next)
1470 cmd->error_string = "unpacker error";
1471 return;
1472 }
1473 if (use_sideband) {
1475 memset(&muxer, 0, sizeof(muxer));
1476 muxer.proc = copy_to_sideband;
1477 muxer.in = -1;
1478 if (!start_async(&muxer))
1479 err_fd = muxer.in;
1480 /* ...else, continue without relaying sideband */
1481 }
1482 data.cmds = commands;
1484 data.si = si;
1485 opt.err_fd = err_fd;
1486 opt.progress = err_fd && !quiet;
1487 opt.env = tmp_objdir_env(tmp_objdir);
1488 if (check_connected(iterate_receive_command_list, &data, &opt))
1489 set_connectivity_errors(commands, si);
1490 if (use_sideband)
1492 finish_async(&muxer);
1493 reject_updates_to_hidden(commands);
1495 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1497 for (cmd = commands; cmd; cmd = cmd->next) {
1498 if (!cmd->error_string)
1499 cmd->error_string = "pre-receive hook declined";
1500 }
1501 return;
1502 }
1503 /*
1505 * Now we'll start writing out refs, which means the objects need
1506 * to be in their final positions so that other processes can see them.
1507 */
1508 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1509 for (cmd = commands; cmd; cmd = cmd->next) {
1510 if (!cmd->error_string)
1511 cmd->error_string = "unable to migrate objects to permanent storage";
1512 }
1513 return;
1514 }
1515 tmp_objdir = NULL;
1516 check_aliased_updates(commands);
1518 free(head_name_to_free);
1520 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1521 if (use_atomic)
1523 execute_commands_atomic(commands, si);
1524 else
1525 execute_commands_non_atomic(commands, si);
1526 if (shallow_update)
1528 warn_if_skipped_connectivity_check(commands, si);
1529}
1530static struct command **queue_command(struct command **tail,
1532 const char *line,
1533 int linelen)
1534{
1535 struct object_id old_oid, new_oid;
1536 struct command *cmd;
1537 const char *refname;
1538 int reflen;
1539 const char *p;
1540 if (parse_oid_hex(line, &old_oid, &p) ||
1542 *p++ != ' ' ||
1543 parse_oid_hex(p, &new_oid, &p) ||
1544 *p++ != ' ')
1545 die("protocol error: expected old/new/ref, got '%s'", line);
1546 refname = p;
1548 reflen = linelen - (p - line);
1549 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1550 oidcpy(&cmd->old_oid, &old_oid);
1551 oidcpy(&cmd->new_oid, &new_oid);
1552 *tail = cmd;
1553 return &cmd->next;
1554}
1555static void queue_commands_from_cert(struct command **tail,
1557 struct strbuf *push_cert)
1558{
1559 const char *boc, *eoc;
1560 if (*tail)
1562 die("protocol error: got both push certificate and unsigned commands");
1563 boc = strstr(push_cert->buf, "\n\n");
1565 if (!boc)
1566 die("malformed push certificate %.*s", 100, push_cert->buf);
1567 else
1568 boc += 2;
1569 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1570 while (boc < eoc) {
1572 const char *eol = memchr(boc, '\n', eoc - boc);
1573 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1574 boc = eol ? eol + 1 : eoc;
1575 }
1576}
1577static struct command *read_head_info(struct oid_array *shallow)
1579{
1580 struct command *commands = NULL;
1581 struct command **p = &commands;
1582 for (;;) {
1583 char *line;
1584 int len, linelen;
1585 line = packet_read_line(0, &len);
1587 if (!line)
1588 break;
1589 if (len > 8 && starts_with(line, "shallow ")) {
1591 struct object_id oid;
1592 if (get_oid_hex(line + 8, &oid))
1593 die("protocol error: expected shallow sha, got '%s'",
1594 line + 8);
1595 oid_array_append(shallow, &oid);
1596 continue;
1597 }
1598 linelen = strlen(line);
1600 if (linelen < len) {
1601 const char *feature_list = line + linelen + 1;
1602 if (parse_feature_request(feature_list, "report-status"))
1603 report_status = 1;
1604 if (parse_feature_request(feature_list, "side-band-64k"))
1605 use_sideband = LARGE_PACKET_MAX;
1606 if (parse_feature_request(feature_list, "quiet"))
1607 quiet = 1;
1608 if (advertise_atomic_push
1609 && parse_feature_request(feature_list, "atomic"))
1610 use_atomic = 1;
1611 if (advertise_push_options
1612 && parse_feature_request(feature_list, "push-options"))
1613 use_push_options = 1;
1614 }
1615 if (!strcmp(line, "push-cert")) {
1617 int true_flush = 0;
1618 char certbuf[1024];
1619 for (;;) {
1621 len = packet_read(0, NULL, NULL,
1622 certbuf, sizeof(certbuf), 0);
1623 if (!len) {
1624 true_flush = 1;
1625 break;
1626 }
1627 if (!strcmp(certbuf, "push-cert-end\n"))
1628 break; /* end of cert */
1629 strbuf_addstr(&push_cert, certbuf);
1630 }
1631 if (true_flush)
1633 break;
1634 continue;
1635 }
1636 p = queue_command(p, line, linelen);
1638 }
1639 if (push_cert.len)
1641 queue_commands_from_cert(p, &push_cert);
1642 return commands;
1644}
1645static void read_push_options(struct string_list *options)
1647{
1648 while (1) {
1649 char *line;
1650 int len;
1651 line = packet_read_line(0, &len);
1653 if (!line)
1655 break;
1656 string_list_append(options, line);
1658 }
1659}
1660static const char *parse_pack_header(struct pack_header *hdr)
1662{
1663 switch (read_pack_header(0, hdr)) {
1664 case PH_ERROR_EOF:
1665 return "eof before pack header was fully read";
1666 case PH_ERROR_PACK_SIGNATURE:
1668 return "protocol error (pack signature mismatch detected)";
1669 case PH_ERROR_PROTOCOL:
1671 return "protocol error (pack version unsupported)";
1672 default:
1674 return "unknown error in parse_pack_header";
1675 case 0:
1677 return NULL;
1678 }
1679}
1680static const char *pack_lockfile;
1682static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1684{
1685 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1686 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1687}
1688static const char *unpack(int err_fd, struct shallow_info *si)
1690{
1691 struct pack_header hdr;
1692 const char *hdr_err;
1693 int status;
1694 struct child_process child = CHILD_PROCESS_INIT;
1695 int fsck_objects = (receive_fsck_objects >= 0
1696 ? receive_fsck_objects
1697 : transfer_fsck_objects >= 0
1698 ? transfer_fsck_objects
1699 : 0);
1700 hdr_err = parse_pack_header(&hdr);
1702 if (hdr_err) {
1703 if (err_fd > 0)
1704 close(err_fd);
1705 return hdr_err;
1706 }
1707 if (si->nr_ours || si->nr_theirs) {
1709 alt_shallow_file = setup_temporary_shallow(si->shallow);
1710 argv_array_push(&child.args, "--shallow-file");
1711 argv_array_push(&child.args, alt_shallow_file);
1712 }
1713 tmp_objdir = tmp_objdir_create();
1715 if (!tmp_objdir) {
1716 if (err_fd > 0)
1717 close(err_fd);
1718 return "unable to create temporary object directory";
1719 }
1720 child.env = tmp_objdir_env(tmp_objdir);
1721 /*
1723 * Normally we just pass the tmp_objdir environment to the child
1724 * processes that do the heavy lifting, but we may need to see these
1725 * objects ourselves to set up shallow information.
1726 */
1727 tmp_objdir_add_as_alternate(tmp_objdir);
1728 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1730 argv_array_push(&child.args, "unpack-objects");
1731 push_header_arg(&child.args, &hdr);
1732 if (quiet)
1733 argv_array_push(&child.args, "-q");
1734 if (fsck_objects)
1735 argv_array_pushf(&child.args, "--strict%s",
1736 fsck_msg_types.buf);
1737 if (max_input_size)
1738 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1739 (uintmax_t)max_input_size);
1740 child.no_stdout = 1;
1741 child.err = err_fd;
1742 child.git_cmd = 1;
1743 status = run_command(&child);
1744 if (status)
1745 return "unpack-objects abnormal exit";
1746 } else {
1747 char hostname[HOST_NAME_MAX + 1];
1748 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1750 push_header_arg(&child.args, &hdr);
1751 if (xgethostname(hostname, sizeof(hostname)))
1753 xsnprintf(hostname, sizeof(hostname), "localhost");
1754 argv_array_pushf(&child.args,
1755 "--keep=receive-pack %"PRIuMAX" on %s",
1756 (uintmax_t)getpid(),
1757 hostname);
1758 if (!quiet && err_fd)
1760 argv_array_push(&child.args, "--show-resolving-progress");
1761 if (use_sideband)
1762 argv_array_push(&child.args, "--report-end-of-input");
1763 if (fsck_objects)
1764 argv_array_pushf(&child.args, "--strict%s",
1765 fsck_msg_types.buf);
1766 if (!reject_thin)
1767 argv_array_push(&child.args, "--fix-thin");
1768 if (max_input_size)
1769 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1770 (uintmax_t)max_input_size);
1771 child.out = -1;
1772 child.err = err_fd;
1773 child.git_cmd = 1;
1774 status = start_command(&child);
1775 if (status)
1776 return "index-pack fork failed";
1777 pack_lockfile = index_pack_lockfile(child.out);
1778 close(child.out);
1779 status = finish_command(&child);
1780 if (status)
1781 return "index-pack abnormal exit";
1782 reprepare_packed_git();
1783 }
1784 return NULL;
1785}
1786static const char *unpack_with_sideband(struct shallow_info *si)
1788{
1789 struct async muxer;
1790 const char *ret;
1791 if (!use_sideband)
1793 return unpack(0, si);
1794 use_keepalive = KEEPALIVE_AFTER_NUL;
1796 memset(&muxer, 0, sizeof(muxer));
1797 muxer.proc = copy_to_sideband;
1798 muxer.in = -1;
1799 if (start_async(&muxer))
1800 return NULL;
1801 ret = unpack(muxer.in, si);
1803 finish_async(&muxer);
1805 return ret;
1806}
1807static void prepare_shallow_update(struct command *commands,
1809 struct shallow_info *si)
1810{
1811 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1812 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1814 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1815 si->need_reachability_test =
1817 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1818 si->reachable =
1819 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1820 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1821 for (i = 0; i < si->nr_ours; i++)
1823 si->need_reachability_test[si->ours[i]] = 1;
1824 for (i = 0; i < si->shallow->nr; i++) {
1826 if (!si->used_shallow[i])
1827 continue;
1828 for (j = 0; j < bitmap_size; j++) {
1829 if (!si->used_shallow[i][j])
1830 continue;
1831 si->need_reachability_test[i]++;
1832 for (k = 0; k < 32; k++)
1833 if (si->used_shallow[i][j] & (1U << k))
1834 si->shallow_ref[j * 32 + k]++;
1835 }
1836 /*
1838 * true for those associated with some refs and belong
1839 * in "ours" list aka "step 7 not done yet"
1840 */
1841 si->need_reachability_test[i] =
1842 si->need_reachability_test[i] > 1;
1843 }
1844 /*
1846 * keep hooks happy by forcing a temporary shallow file via
1847 * env variable because we can't add --shallow-file to every
1848 * command. check_everything_connected() will be done with
1849 * true .git/shallow though.
1850 */
1851 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1852}
1853static void update_shallow_info(struct command *commands,
1855 struct shallow_info *si,
1856 struct oid_array *ref)
1857{
1858 struct command *cmd;
1859 int *ref_status;
1860 remove_nonexistent_theirs_shallow(si);
1861 if (!si->nr_ours && !si->nr_theirs) {
1862 shallow_update = 0;
1863 return;
1864 }
1865 for (cmd = commands; cmd; cmd = cmd->next) {
1867 if (is_null_oid(&cmd->new_oid))
1868 continue;
1869 oid_array_append(ref, &cmd->new_oid);
1870 cmd->index = ref->nr - 1;
1871 }
1872 si->ref = ref;
1873 if (shallow_update) {
1875 prepare_shallow_update(commands, si);
1876 return;
1877 }
1878 ALLOC_ARRAY(ref_status, ref->nr);
1880 assign_shallow_commits_to_refs(si, NULL, ref_status);
1881 for (cmd = commands; cmd; cmd = cmd->next) {
1882 if (is_null_oid(&cmd->new_oid))
1883 continue;
1884 if (ref_status[cmd->index]) {
1885 cmd->error_string = "shallow update not allowed";
1886 cmd->skip_update = 1;
1887 }
1888 }
1889 free(ref_status);
1890}
1891static void report(struct command *commands, const char *unpack_status)
1893{
1894 struct command *cmd;
1895 struct strbuf buf = STRBUF_INIT;
1896 packet_buf_write(&buf, "unpack %s\n",
1898 unpack_status ? unpack_status : "ok");
1899 for (cmd = commands; cmd; cmd = cmd->next) {
1900 if (!cmd->error_string)
1901 packet_buf_write(&buf, "ok %s\n",
1902 cmd->ref_name);
1903 else
1904 packet_buf_write(&buf, "ng %s %s\n",
1905 cmd->ref_name, cmd->error_string);
1906 }
1907 packet_buf_flush(&buf);
1908 if (use_sideband)
1910 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1911 else
1912 write_or_die(1, buf.buf, buf.len);
1913 strbuf_release(&buf);
1914}
1915static int delete_only(struct command *commands)
1917{
1918 struct command *cmd;
1919 for (cmd = commands; cmd; cmd = cmd->next) {
1920 if (!is_null_oid(&cmd->new_oid))
1921 return 0;
1922 }
1923 return 1;
1924}
1925int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1927{
1928 int advertise_refs = 0;
1929 struct command *commands;
1930 struct oid_array shallow = OID_ARRAY_INIT;
1931 struct oid_array ref = OID_ARRAY_INIT;
1932 struct shallow_info si;
1933 struct option options[] = {
1935 OPT__QUIET(&quiet, N_("quiet")),
1936 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1937 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1938 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1939 OPT_END()
1940 };
1941 packet_trace_identity("receive-pack");
1943 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1945 if (argc > 1)
1947 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1948 if (argc == 0)
1949 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1950 service_dir = argv[0];
1952 setup_path();
1954 if (!enter_repo(service_dir, 0))
1956 die("'%s' does not appear to be a git repository", service_dir);
1957 git_config(receive_pack_config, NULL);
1959 if (cert_nonce_seed)
1960 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1961 if (0 <= transfer_unpack_limit)
1963 unpack_limit = transfer_unpack_limit;
1964 else if (0 <= receive_unpack_limit)
1965 unpack_limit = receive_unpack_limit;
1966 switch (determine_protocol_version_server()) {
1968 case protocol_v1:
1969 /*
1970 * v1 is just the original protocol with a version string,
1971 * so just fall through after writing the version string.
1972 */
1973 if (advertise_refs || !stateless_rpc)
1974 packet_write_fmt(1, "version 1\n");
1975 /* fallthrough */
1977 case protocol_v0:
1978 break;
1979 case protocol_unknown_version:
1980 BUG("unknown protocol version");
1981 }
1982 if (advertise_refs || !stateless_rpc) {
1984 write_head_info();
1985 }
1986 if (advertise_refs)
1987 return 0;
1988 if ((commands = read_head_info(&shallow)) != NULL) {
1990 const char *unpack_status = NULL;
1991 struct string_list push_options = STRING_LIST_INIT_DUP;
1992 if (use_push_options)
1994 read_push_options(&push_options);
1995 if (!check_cert_push_options(&push_options)) {
1996 struct command *cmd;
1997 for (cmd = commands; cmd; cmd = cmd->next)
1998 cmd->error_string = "inconsistent push options";
1999 }
2000 prepare_shallow_info(&si, &shallow);
2002 if (!si.nr_ours && !si.nr_theirs)
2003 shallow_update = 0;
2004 if (!delete_only(commands)) {
2005 unpack_status = unpack_with_sideband(&si);
2006 update_shallow_info(commands, &si, &ref);
2007 }
2008 use_keepalive = KEEPALIVE_ALWAYS;
2009 execute_commands(commands, unpack_status, &si,
2010 &push_options);
2011 if (pack_lockfile)
2012 unlink_or_warn(pack_lockfile);
2013 if (report_status)
2014 report(commands, unpack_status);
2015 run_receive_hook(commands, "post-receive", 1,
2016 &push_options);
2017 run_update_post_hook(commands);
2018 string_list_clear(&push_options, 0);
2019 if (auto_gc) {
2020 const char *argv_gc_auto[] = {
2021 "gc", "--auto", "--quiet", NULL,
2022 };
2023 struct child_process proc = CHILD_PROCESS_INIT;
2024 proc.no_stdin = 1;
2026 proc.stdout_to_stderr = 1;
2027 proc.err = use_sideband ? -1 : 0;
2028 proc.git_cmd = 1;
2029 proc.argv = argv_gc_auto;
2030 close_all_packs();
2032 if (!start_command(&proc)) {
2033 if (use_sideband)
2034 copy_to_sideband(proc.err, -1, NULL);
2035 finish_command(&proc);
2036 }
2037 }
2038 if (auto_update_server_info)
2039 update_server_info(0);
2040 clear_shallow_info(&si);
2041 }
2042 if (use_sideband)
2043 packet_flush(1);
2044 oid_array_clear(&shallow);
2045 oid_array_clear(&ref);
2046 free((void *)push_cert_nonce);
2047 return 0;
2048}