1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24
25static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28};
29
30enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36};
37
38static int deny_deletes;
39static int deny_non_fast_forwards;
40static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42static int receive_fsck_objects = -1;
43static int transfer_fsck_objects = -1;
44static struct strbuf fsck_msg_types = STRBUF_INIT;
45static int receive_unpack_limit = -1;
46static int transfer_unpack_limit = -1;
47static int advertise_atomic_push = 1;
48static int advertise_push_options;
49static int unpack_limit = 100;
50static off_t max_input_size;
51static int report_status;
52static int use_sideband;
53static int use_atomic;
54static int use_push_options;
55static int quiet;
56static int prefer_ofs_delta = 1;
57static int auto_update_server_info;
58static int auto_gc = 1;
59static int reject_thin;
60static int stateless_rpc;
61static const char *service_dir;
62static const char *head_name;
63static void *head_name_to_free;
64static int sent_capabilities;
65static int shallow_update;
66static const char *alt_shallow_file;
67static struct strbuf push_cert = STRBUF_INIT;
68static unsigned char push_cert_sha1[20];
69static struct signature_check sigcheck;
70static const char *push_cert_nonce;
71static const char *cert_nonce_seed;
72
73static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74static const char *NONCE_BAD = "BAD";
75static const char *NONCE_MISSING = "MISSING";
76static const char *NONCE_OK = "OK";
77static const char *NONCE_SLOP = "SLOP";
78static const char *nonce_status;
79static long nonce_stamp_slop;
80static unsigned long nonce_stamp_slop_limit;
81static struct ref_transaction *transaction;
82
83static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87} use_keepalive;
88static int keepalive_in_sec = 5;
89
90static struct tmp_objdir *tmp_objdir;
91
92static enum deny_action parse_deny_action(const char *var, const char *value)
93{
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107}
108
109static int receive_pack_config(const char *var, const char *value, void *cb)
110{
111 int status = parse_hide_refs_config(var, value, "receive");
112
113 if (status)
114 return status;
115
116 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125
126 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138
139 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146
147 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155
156 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165
166 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198
199 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213
214 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218
219 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223
224 return git_default_config(var, value, cb);
225}
226
227static void show_ref(const char *path, const unsigned char *sha1)
228{
229 if (sent_capabilities) {
230 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233
234 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250}
251
252static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254{
255 const char *path = strip_namespace(path_full);
256
257 if (ref_is_hidden(path, path_full))
258 return 0;
259
260 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272}
273
274static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275{
276 show_ref(".have", sha1);
277 return 0;
278}
279
280static void collect_one_alternate_ref(const struct ref *ref, void *data)
281{
282 struct sha1_array *sa = data;
283 sha1_array_append(sa, ref->old_oid.hash);
284}
285
286static void write_head_info(void)
287{
288 struct sha1_array sa = SHA1_ARRAY_INIT;
289
290 for_each_alternate_ref(collect_one_alternate_ref, &sa);
291 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
292 sha1_array_clear(&sa);
293 for_each_ref(show_ref_cb, NULL);
294 if (!sent_capabilities)
295 show_ref("capabilities^{}", null_sha1);
296
297 advertise_shallow_grafts(1);
298
299 /* EOF */
300 packet_flush(1);
301}
302
303struct command {
304 struct command *next;
305 const char *error_string;
306 unsigned int skip_update:1,
307 did_not_exist:1;
308 int index;
309 unsigned char old_sha1[20];
310 unsigned char new_sha1[20];
311 char ref_name[FLEX_ARRAY]; /* more */
312};
313
314static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
315static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
316
317static void report_message(const char *prefix, const char *err, va_list params)
318{
319 int sz;
320 char msg[4096];
321
322 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
323 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
324 if (sz > (sizeof(msg) - 1))
325 sz = sizeof(msg) - 1;
326 msg[sz++] = '\n';
327
328 if (use_sideband)
329 send_sideband(1, 2, msg, sz, use_sideband);
330 else
331 xwrite(2, msg, sz);
332}
333
334static void rp_warning(const char *err, ...)
335{
336 va_list params;
337 va_start(params, err);
338 report_message("warning: ", err, params);
339 va_end(params);
340}
341
342static void rp_error(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("error: ", err, params);
347 va_end(params);
348}
349
350static int copy_to_sideband(int in, int out, void *arg)
351{
352 char data[128];
353 int keepalive_active = 0;
354
355 if (keepalive_in_sec <= 0)
356 use_keepalive = KEEPALIVE_NEVER;
357 if (use_keepalive == KEEPALIVE_ALWAYS)
358 keepalive_active = 1;
359
360 while (1) {
361 ssize_t sz;
362
363 if (keepalive_active) {
364 struct pollfd pfd;
365 int ret;
366
367 pfd.fd = in;
368 pfd.events = POLLIN;
369 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
370
371 if (ret < 0) {
372 if (errno == EINTR)
373 continue;
374 else
375 break;
376 } else if (ret == 0) {
377 /* no data; send a keepalive packet */
378 static const char buf[] = "0005\1";
379 write_or_die(1, buf, sizeof(buf) - 1);
380 continue;
381 } /* else there is actual data to read */
382 }
383
384 sz = xread(in, data, sizeof(data));
385 if (sz <= 0)
386 break;
387
388 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
389 const char *p = memchr(data, '\0', sz);
390 if (p) {
391 /*
392 * The NUL tells us to start sending keepalives. Make
393 * sure we send any other data we read along
394 * with it.
395 */
396 keepalive_active = 1;
397 send_sideband(1, 2, data, p - data, use_sideband);
398 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
399 continue;
400 }
401 }
402
403 /*
404 * Either we're not looking for a NUL signal, or we didn't see
405 * it yet; just pass along the data.
406 */
407 send_sideband(1, 2, data, sz, use_sideband);
408 }
409 close(in);
410 return 0;
411}
412
413#define HMAC_BLOCK_SIZE 64
414
415static void hmac_sha1(unsigned char *out,
416 const char *key_in, size_t key_len,
417 const char *text, size_t text_len)
418{
419 unsigned char key[HMAC_BLOCK_SIZE];
420 unsigned char k_ipad[HMAC_BLOCK_SIZE];
421 unsigned char k_opad[HMAC_BLOCK_SIZE];
422 int i;
423 git_SHA_CTX ctx;
424
425 /* RFC 2104 2. (1) */
426 memset(key, '\0', HMAC_BLOCK_SIZE);
427 if (HMAC_BLOCK_SIZE < key_len) {
428 git_SHA1_Init(&ctx);
429 git_SHA1_Update(&ctx, key_in, key_len);
430 git_SHA1_Final(key, &ctx);
431 } else {
432 memcpy(key, key_in, key_len);
433 }
434
435 /* RFC 2104 2. (2) & (5) */
436 for (i = 0; i < sizeof(key); i++) {
437 k_ipad[i] = key[i] ^ 0x36;
438 k_opad[i] = key[i] ^ 0x5c;
439 }
440
441 /* RFC 2104 2. (3) & (4) */
442 git_SHA1_Init(&ctx);
443 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
444 git_SHA1_Update(&ctx, text, text_len);
445 git_SHA1_Final(out, &ctx);
446
447 /* RFC 2104 2. (6) & (7) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
450 git_SHA1_Update(&ctx, out, 20);
451 git_SHA1_Final(out, &ctx);
452}
453
454static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
455{
456 struct strbuf buf = STRBUF_INIT;
457 unsigned char sha1[20];
458
459 strbuf_addf(&buf, "%s:%lu", path, stamp);
460 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
461 strbuf_release(&buf);
462
463 /* RFC 2104 5. HMAC-SHA1-80 */
464 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
465 return strbuf_detach(&buf, NULL);
466}
467
468/*
469 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
470 * after dropping "_commit" from its name and possibly moving it out
471 * of commit.c
472 */
473static char *find_header(const char *msg, size_t len, const char *key)
474{
475 int key_len = strlen(key);
476 const char *line = msg;
477
478 while (line && line < msg + len) {
479 const char *eol = strchrnul(line, '\n');
480
481 if ((msg + len <= eol) || line == eol)
482 return NULL;
483 if (line + key_len < eol &&
484 !memcmp(line, key, key_len) && line[key_len] == ' ') {
485 int offset = key_len + 1;
486 return xmemdupz(line + offset, (eol - line) - offset);
487 }
488 line = *eol ? eol + 1 : NULL;
489 }
490 return NULL;
491}
492
493static const char *check_nonce(const char *buf, size_t len)
494{
495 char *nonce = find_header(buf, len, "nonce");
496 unsigned long stamp, ostamp;
497 char *bohmac, *expect = NULL;
498 const char *retval = NONCE_BAD;
499
500 if (!nonce) {
501 retval = NONCE_MISSING;
502 goto leave;
503 } else if (!push_cert_nonce) {
504 retval = NONCE_UNSOLICITED;
505 goto leave;
506 } else if (!strcmp(push_cert_nonce, nonce)) {
507 retval = NONCE_OK;
508 goto leave;
509 }
510
511 if (!stateless_rpc) {
512 /* returned nonce MUST match what we gave out earlier */
513 retval = NONCE_BAD;
514 goto leave;
515 }
516
517 /*
518 * In stateless mode, we may be receiving a nonce issued by
519 * another instance of the server that serving the same
520 * repository, and the timestamps may not match, but the
521 * nonce-seed and dir should match, so we can recompute and
522 * report the time slop.
523 *
524 * In addition, when a nonce issued by another instance has
525 * timestamp within receive.certnonceslop seconds, we pretend
526 * as if we issued that nonce when reporting to the hook.
527 */
528
529 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
530 if (*nonce <= '0' || '9' < *nonce) {
531 retval = NONCE_BAD;
532 goto leave;
533 }
534 stamp = strtoul(nonce, &bohmac, 10);
535 if (bohmac == nonce || bohmac[0] != '-') {
536 retval = NONCE_BAD;
537 goto leave;
538 }
539
540 expect = prepare_push_cert_nonce(service_dir, stamp);
541 if (strcmp(expect, nonce)) {
542 /* Not what we would have signed earlier */
543 retval = NONCE_BAD;
544 goto leave;
545 }
546
547 /*
548 * By how many seconds is this nonce stale? Negative value
549 * would mean it was issued by another server with its clock
550 * skewed in the future.
551 */
552 ostamp = strtoul(push_cert_nonce, NULL, 10);
553 nonce_stamp_slop = (long)ostamp - (long)stamp;
554
555 if (nonce_stamp_slop_limit &&
556 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
557 /*
558 * Pretend as if the received nonce (which passes the
559 * HMAC check, so it is not a forged by third-party)
560 * is what we issued.
561 */
562 free((void *)push_cert_nonce);
563 push_cert_nonce = xstrdup(nonce);
564 retval = NONCE_OK;
565 } else {
566 retval = NONCE_SLOP;
567 }
568
569leave:
570 free(nonce);
571 free(expect);
572 return retval;
573}
574
575static void prepare_push_cert_sha1(struct child_process *proc)
576{
577 static int already_done;
578
579 if (!push_cert.len)
580 return;
581
582 if (!already_done) {
583 struct strbuf gpg_output = STRBUF_INIT;
584 struct strbuf gpg_status = STRBUF_INIT;
585 int bogs /* beginning_of_gpg_sig */;
586
587 already_done = 1;
588 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
589 hashclr(push_cert_sha1);
590
591 memset(&sigcheck, '\0', sizeof(sigcheck));
592 sigcheck.result = 'N';
593
594 bogs = parse_signature(push_cert.buf, push_cert.len);
595 if (verify_signed_buffer(push_cert.buf, bogs,
596 push_cert.buf + bogs, push_cert.len - bogs,
597 &gpg_output, &gpg_status) < 0) {
598 ; /* error running gpg */
599 } else {
600 sigcheck.payload = push_cert.buf;
601 sigcheck.gpg_output = gpg_output.buf;
602 sigcheck.gpg_status = gpg_status.buf;
603 parse_gpg_output(&sigcheck);
604 }
605
606 strbuf_release(&gpg_output);
607 strbuf_release(&gpg_status);
608 nonce_status = check_nonce(push_cert.buf, bogs);
609 }
610 if (!is_null_sha1(push_cert_sha1)) {
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
612 sha1_to_hex(push_cert_sha1));
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
614 sigcheck.signer ? sigcheck.signer : "");
615 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
616 sigcheck.key ? sigcheck.key : "");
617 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
618 sigcheck.result);
619 if (push_cert_nonce) {
620 argv_array_pushf(&proc->env_array,
621 "GIT_PUSH_CERT_NONCE=%s",
622 push_cert_nonce);
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_STATUS=%s",
625 nonce_status);
626 if (nonce_status == NONCE_SLOP)
627 argv_array_pushf(&proc->env_array,
628 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
629 nonce_stamp_slop);
630 }
631 }
632}
633
634struct receive_hook_feed_state {
635 struct command *cmd;
636 int skip_broken;
637 struct strbuf buf;
638 const struct string_list *push_options;
639};
640
641typedef int (*feed_fn)(void *, const char **, size_t *);
642static int run_and_feed_hook(const char *hook_name, feed_fn feed,
643 struct receive_hook_feed_state *feed_state)
644{
645 struct child_process proc = CHILD_PROCESS_INIT;
646 struct async muxer;
647 const char *argv[2];
648 int code;
649
650 argv[0] = find_hook(hook_name);
651 if (!argv[0])
652 return 0;
653
654 argv[1] = NULL;
655
656 proc.argv = argv;
657 proc.in = -1;
658 proc.stdout_to_stderr = 1;
659 if (feed_state->push_options) {
660 int i;
661 for (i = 0; i < feed_state->push_options->nr; i++)
662 argv_array_pushf(&proc.env_array,
663 "GIT_PUSH_OPTION_%d=%s", i,
664 feed_state->push_options->items[i].string);
665 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
666 feed_state->push_options->nr);
667 } else
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
669
670 if (tmp_objdir)
671 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
672
673 if (use_sideband) {
674 memset(&muxer, 0, sizeof(muxer));
675 muxer.proc = copy_to_sideband;
676 muxer.in = -1;
677 code = start_async(&muxer);
678 if (code)
679 return code;
680 proc.err = muxer.in;
681 }
682
683 prepare_push_cert_sha1(&proc);
684
685 code = start_command(&proc);
686 if (code) {
687 if (use_sideband)
688 finish_async(&muxer);
689 return code;
690 }
691
692 sigchain_push(SIGPIPE, SIG_IGN);
693
694 while (1) {
695 const char *buf;
696 size_t n;
697 if (feed(feed_state, &buf, &n))
698 break;
699 if (write_in_full(proc.in, buf, n) != n)
700 break;
701 }
702 close(proc.in);
703 if (use_sideband)
704 finish_async(&muxer);
705
706 sigchain_pop(SIGPIPE);
707
708 return finish_command(&proc);
709}
710
711static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
712{
713 struct receive_hook_feed_state *state = state_;
714 struct command *cmd = state->cmd;
715
716 while (cmd &&
717 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
718 cmd = cmd->next;
719 if (!cmd)
720 return -1; /* EOF */
721 strbuf_reset(&state->buf);
722 strbuf_addf(&state->buf, "%s %s %s\n",
723 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
724 cmd->ref_name);
725 state->cmd = cmd->next;
726 if (bufp) {
727 *bufp = state->buf.buf;
728 *sizep = state->buf.len;
729 }
730 return 0;
731}
732
733static int run_receive_hook(struct command *commands,
734 const char *hook_name,
735 int skip_broken,
736 const struct string_list *push_options)
737{
738 struct receive_hook_feed_state state;
739 int status;
740
741 strbuf_init(&state.buf, 0);
742 state.cmd = commands;
743 state.skip_broken = skip_broken;
744 if (feed_receive_hook(&state, NULL, NULL))
745 return 0;
746 state.cmd = commands;
747 state.push_options = push_options;
748 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
749 strbuf_release(&state.buf);
750 return status;
751}
752
753static int run_update_hook(struct command *cmd)
754{
755 const char *argv[5];
756 struct child_process proc = CHILD_PROCESS_INIT;
757 int code;
758
759 argv[0] = find_hook("update");
760 if (!argv[0])
761 return 0;
762
763 argv[1] = cmd->ref_name;
764 argv[2] = sha1_to_hex(cmd->old_sha1);
765 argv[3] = sha1_to_hex(cmd->new_sha1);
766 argv[4] = NULL;
767
768 proc.no_stdin = 1;
769 proc.stdout_to_stderr = 1;
770 proc.err = use_sideband ? -1 : 0;
771 proc.argv = argv;
772 proc.env = tmp_objdir_env(tmp_objdir);
773
774 code = start_command(&proc);
775 if (code)
776 return code;
777 if (use_sideband)
778 copy_to_sideband(proc.err, -1, NULL);
779 return finish_command(&proc);
780}
781
782static int is_ref_checked_out(const char *ref)
783{
784 if (is_bare_repository())
785 return 0;
786
787 if (!head_name)
788 return 0;
789 return !strcmp(head_name, ref);
790}
791
792static char *refuse_unconfigured_deny_msg =
793 N_("By default, updating the current branch in a non-bare repository\n"
794 "is denied, because it will make the index and work tree inconsistent\n"
795 "with what you pushed, and will require 'git reset --hard' to match\n"
796 "the work tree to HEAD.\n"
797 "\n"
798 "You can set 'receive.denyCurrentBranch' configuration variable to\n"
799 "'ignore' or 'warn' in the remote repository to allow pushing into\n"
800 "its current branch; however, this is not recommended unless you\n"
801 "arranged to update its work tree to match what you pushed in some\n"
802 "other way.\n"
803 "\n"
804 "To squelch this message and still keep the default behaviour, set\n"
805 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
806
807static void refuse_unconfigured_deny(void)
808{
809 rp_error("%s", _(refuse_unconfigured_deny_msg));
810}
811
812static char *refuse_unconfigured_deny_delete_current_msg =
813 N_("By default, deleting the current branch is denied, because the next\n"
814 "'git clone' won't result in any file checked out, causing confusion.\n"
815 "\n"
816 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
817 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
818 "current branch, with or without a warning message.\n"
819 "\n"
820 "To squelch this message, you can set it to 'refuse'.");
821
822static void refuse_unconfigured_deny_delete_current(void)
823{
824 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
825}
826
827static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
828static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
829{
830 static struct lock_file shallow_lock;
831 struct sha1_array extra = SHA1_ARRAY_INIT;
832 struct check_connected_options opt = CHECK_CONNECTED_INIT;
833 uint32_t mask = 1 << (cmd->index % 32);
834 int i;
835
836 trace_printf_key(&trace_shallow,
837 "shallow: update_shallow_ref %s\n", cmd->ref_name);
838 for (i = 0; i < si->shallow->nr; i++)
839 if (si->used_shallow[i] &&
840 (si->used_shallow[i][cmd->index / 32] & mask) &&
841 !delayed_reachability_test(si, i))
842 sha1_array_append(&extra, si->shallow->sha1[i]);
843
844 opt.env = tmp_objdir_env(tmp_objdir);
845 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
846 if (check_connected(command_singleton_iterator, cmd, &opt)) {
847 rollback_lock_file(&shallow_lock);
848 sha1_array_clear(&extra);
849 return -1;
850 }
851
852 commit_lock_file(&shallow_lock);
853
854 /*
855 * Make sure setup_alternate_shallow() for the next ref does
856 * not lose these new roots..
857 */
858 for (i = 0; i < extra.nr; i++)
859 register_shallow(extra.sha1[i]);
860
861 si->shallow_ref[cmd->index] = 0;
862 sha1_array_clear(&extra);
863 return 0;
864}
865
866/*
867 * NEEDSWORK: we should consolidate various implementions of "are we
868 * on an unborn branch?" test into one, and make the unified one more
869 * robust. !get_sha1() based check used here and elsewhere would not
870 * allow us to tell an unborn branch from corrupt ref, for example.
871 * For the purpose of fixing "deploy-to-update does not work when
872 * pushing into an empty repository" issue, this should suffice for
873 * now.
874 */
875static int head_has_history(void)
876{
877 unsigned char sha1[20];
878
879 return !get_sha1("HEAD", sha1);
880}
881
882static const char *push_to_deploy(unsigned char *sha1,
883 struct argv_array *env,
884 const char *work_tree)
885{
886 const char *update_refresh[] = {
887 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
888 };
889 const char *diff_files[] = {
890 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
891 };
892 const char *diff_index[] = {
893 "diff-index", "--quiet", "--cached", "--ignore-submodules",
894 NULL, "--", NULL
895 };
896 const char *read_tree[] = {
897 "read-tree", "-u", "-m", NULL, NULL
898 };
899 struct child_process child = CHILD_PROCESS_INIT;
900
901 child.argv = update_refresh;
902 child.env = env->argv;
903 child.dir = work_tree;
904 child.no_stdin = 1;
905 child.stdout_to_stderr = 1;
906 child.git_cmd = 1;
907 if (run_command(&child))
908 return "Up-to-date check failed";
909
910 /* run_command() does not clean up completely; reinitialize */
911 child_process_init(&child);
912 child.argv = diff_files;
913 child.env = env->argv;
914 child.dir = work_tree;
915 child.no_stdin = 1;
916 child.stdout_to_stderr = 1;
917 child.git_cmd = 1;
918 if (run_command(&child))
919 return "Working directory has unstaged changes";
920
921 /* diff-index with either HEAD or an empty tree */
922 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
923
924 child_process_init(&child);
925 child.argv = diff_index;
926 child.env = env->argv;
927 child.no_stdin = 1;
928 child.no_stdout = 1;
929 child.stdout_to_stderr = 0;
930 child.git_cmd = 1;
931 if (run_command(&child))
932 return "Working directory has staged changes";
933
934 read_tree[3] = sha1_to_hex(sha1);
935 child_process_init(&child);
936 child.argv = read_tree;
937 child.env = env->argv;
938 child.dir = work_tree;
939 child.no_stdin = 1;
940 child.no_stdout = 1;
941 child.stdout_to_stderr = 0;
942 child.git_cmd = 1;
943 if (run_command(&child))
944 return "Could not update working tree to new HEAD";
945
946 return NULL;
947}
948
949static const char *push_to_checkout_hook = "push-to-checkout";
950
951static const char *push_to_checkout(unsigned char *sha1,
952 struct argv_array *env,
953 const char *work_tree)
954{
955 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
956 if (run_hook_le(env->argv, push_to_checkout_hook,
957 sha1_to_hex(sha1), NULL))
958 return "push-to-checkout hook declined";
959 else
960 return NULL;
961}
962
963static const char *update_worktree(unsigned char *sha1)
964{
965 const char *retval;
966 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
967 struct argv_array env = ARGV_ARRAY_INIT;
968
969 if (is_bare_repository())
970 return "denyCurrentBranch = updateInstead needs a worktree";
971
972 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
973
974 if (!find_hook(push_to_checkout_hook))
975 retval = push_to_deploy(sha1, &env, work_tree);
976 else
977 retval = push_to_checkout(sha1, &env, work_tree);
978
979 argv_array_clear(&env);
980 return retval;
981}
982
983static const char *update(struct command *cmd, struct shallow_info *si)
984{
985 const char *name = cmd->ref_name;
986 struct strbuf namespaced_name_buf = STRBUF_INIT;
987 const char *namespaced_name, *ret;
988 unsigned char *old_sha1 = cmd->old_sha1;
989 unsigned char *new_sha1 = cmd->new_sha1;
990
991 /* only refs/... are allowed */
992 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
993 rp_error("refusing to create funny ref '%s' remotely", name);
994 return "funny refname";
995 }
996
997 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
998 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
999
1000 if (is_ref_checked_out(namespaced_name)) {
1001 switch (deny_current_branch) {
1002 case DENY_IGNORE:
1003 break;
1004 case DENY_WARN:
1005 rp_warning("updating the current branch");
1006 break;
1007 case DENY_REFUSE:
1008 case DENY_UNCONFIGURED:
1009 rp_error("refusing to update checked out branch: %s", name);
1010 if (deny_current_branch == DENY_UNCONFIGURED)
1011 refuse_unconfigured_deny();
1012 return "branch is currently checked out";
1013 case DENY_UPDATE_INSTEAD:
1014 ret = update_worktree(new_sha1);
1015 if (ret)
1016 return ret;
1017 break;
1018 }
1019 }
1020
1021 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1022 error("unpack should have generated %s, "
1023 "but I can't find it!", sha1_to_hex(new_sha1));
1024 return "bad pack";
1025 }
1026
1027 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1028 if (deny_deletes && starts_with(name, "refs/heads/")) {
1029 rp_error("denying ref deletion for %s", name);
1030 return "deletion prohibited";
1031 }
1032
1033 if (head_name && !strcmp(namespaced_name, head_name)) {
1034 switch (deny_delete_current) {
1035 case DENY_IGNORE:
1036 break;
1037 case DENY_WARN:
1038 rp_warning("deleting the current branch");
1039 break;
1040 case DENY_REFUSE:
1041 case DENY_UNCONFIGURED:
1042 case DENY_UPDATE_INSTEAD:
1043 if (deny_delete_current == DENY_UNCONFIGURED)
1044 refuse_unconfigured_deny_delete_current();
1045 rp_error("refusing to delete the current branch: %s", name);
1046 return "deletion of the current branch prohibited";
1047 default:
1048 return "Invalid denyDeleteCurrent setting";
1049 }
1050 }
1051 }
1052
1053 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1054 !is_null_sha1(old_sha1) &&
1055 starts_with(name, "refs/heads/")) {
1056 struct object *old_object, *new_object;
1057 struct commit *old_commit, *new_commit;
1058
1059 old_object = parse_object(old_sha1);
1060 new_object = parse_object(new_sha1);
1061
1062 if (!old_object || !new_object ||
1063 old_object->type != OBJ_COMMIT ||
1064 new_object->type != OBJ_COMMIT) {
1065 error("bad sha1 objects for %s", name);
1066 return "bad ref";
1067 }
1068 old_commit = (struct commit *)old_object;
1069 new_commit = (struct commit *)new_object;
1070 if (!in_merge_bases(old_commit, new_commit)) {
1071 rp_error("denying non-fast-forward %s"
1072 " (you should pull first)", name);
1073 return "non-fast-forward";
1074 }
1075 }
1076 if (run_update_hook(cmd)) {
1077 rp_error("hook declined to update %s", name);
1078 return "hook declined";
1079 }
1080
1081 if (is_null_sha1(new_sha1)) {
1082 struct strbuf err = STRBUF_INIT;
1083 if (!parse_object(old_sha1)) {
1084 old_sha1 = NULL;
1085 if (ref_exists(name)) {
1086 rp_warning("Allowing deletion of corrupt ref.");
1087 } else {
1088 rp_warning("Deleting a non-existent ref.");
1089 cmd->did_not_exist = 1;
1090 }
1091 }
1092 if (ref_transaction_delete(transaction,
1093 namespaced_name,
1094 old_sha1,
1095 0, "push", &err)) {
1096 rp_error("%s", err.buf);
1097 strbuf_release(&err);
1098 return "failed to delete";
1099 }
1100 strbuf_release(&err);
1101 return NULL; /* good */
1102 }
1103 else {
1104 struct strbuf err = STRBUF_INIT;
1105 if (shallow_update && si->shallow_ref[cmd->index] &&
1106 update_shallow_ref(cmd, si))
1107 return "shallow error";
1108
1109 if (ref_transaction_update(transaction,
1110 namespaced_name,
1111 new_sha1, old_sha1,
1112 0, "push",
1113 &err)) {
1114 rp_error("%s", err.buf);
1115 strbuf_release(&err);
1116
1117 return "failed to update ref";
1118 }
1119 strbuf_release(&err);
1120
1121 return NULL; /* good */
1122 }
1123}
1124
1125static void run_update_post_hook(struct command *commands)
1126{
1127 struct command *cmd;
1128 int argc;
1129 struct child_process proc = CHILD_PROCESS_INIT;
1130 const char *hook;
1131
1132 hook = find_hook("post-update");
1133 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1134 if (cmd->error_string || cmd->did_not_exist)
1135 continue;
1136 argc++;
1137 }
1138 if (!argc || !hook)
1139 return;
1140
1141 argv_array_push(&proc.args, hook);
1142 for (cmd = commands; cmd; cmd = cmd->next) {
1143 if (cmd->error_string || cmd->did_not_exist)
1144 continue;
1145 argv_array_push(&proc.args, cmd->ref_name);
1146 }
1147
1148 proc.no_stdin = 1;
1149 proc.stdout_to_stderr = 1;
1150 proc.err = use_sideband ? -1 : 0;
1151
1152 if (!start_command(&proc)) {
1153 if (use_sideband)
1154 copy_to_sideband(proc.err, -1, NULL);
1155 finish_command(&proc);
1156 }
1157}
1158
1159static void check_aliased_update(struct command *cmd, struct string_list *list)
1160{
1161 struct strbuf buf = STRBUF_INIT;
1162 const char *dst_name;
1163 struct string_list_item *item;
1164 struct command *dst_cmd;
1165 unsigned char sha1[GIT_SHA1_RAWSZ];
1166 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1167 cmd_newh[GIT_SHA1_HEXSZ + 1],
1168 dst_oldh[GIT_SHA1_HEXSZ + 1],
1169 dst_newh[GIT_SHA1_HEXSZ + 1];
1170 int flag;
1171
1172 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1173 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1174 strbuf_release(&buf);
1175
1176 if (!(flag & REF_ISSYMREF))
1177 return;
1178
1179 if (!dst_name) {
1180 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1181 cmd->skip_update = 1;
1182 cmd->error_string = "broken symref";
1183 return;
1184 }
1185 dst_name = strip_namespace(dst_name);
1186
1187 if ((item = string_list_lookup(list, dst_name)) == NULL)
1188 return;
1189
1190 cmd->skip_update = 1;
1191
1192 dst_cmd = (struct command *) item->util;
1193
1194 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1195 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1196 return;
1197
1198 dst_cmd->skip_update = 1;
1199
1200 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1201 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1202 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1203 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1204 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1205 " its target '%s' (%s..%s)",
1206 cmd->ref_name, cmd_oldh, cmd_newh,
1207 dst_cmd->ref_name, dst_oldh, dst_newh);
1208
1209 cmd->error_string = dst_cmd->error_string =
1210 "inconsistent aliased update";
1211}
1212
1213static void check_aliased_updates(struct command *commands)
1214{
1215 struct command *cmd;
1216 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1217
1218 for (cmd = commands; cmd; cmd = cmd->next) {
1219 struct string_list_item *item =
1220 string_list_append(&ref_list, cmd->ref_name);
1221 item->util = (void *)cmd;
1222 }
1223 string_list_sort(&ref_list);
1224
1225 for (cmd = commands; cmd; cmd = cmd->next) {
1226 if (!cmd->error_string)
1227 check_aliased_update(cmd, &ref_list);
1228 }
1229
1230 string_list_clear(&ref_list, 0);
1231}
1232
1233static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1234{
1235 struct command **cmd_list = cb_data;
1236 struct command *cmd = *cmd_list;
1237
1238 if (!cmd || is_null_sha1(cmd->new_sha1))
1239 return -1; /* end of list */
1240 *cmd_list = NULL; /* this returns only one */
1241 hashcpy(sha1, cmd->new_sha1);
1242 return 0;
1243}
1244
1245static void set_connectivity_errors(struct command *commands,
1246 struct shallow_info *si)
1247{
1248 struct command *cmd;
1249
1250 for (cmd = commands; cmd; cmd = cmd->next) {
1251 struct command *singleton = cmd;
1252 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1253
1254 if (shallow_update && si->shallow_ref[cmd->index])
1255 /* to be checked in update_shallow_ref() */
1256 continue;
1257
1258 opt.env = tmp_objdir_env(tmp_objdir);
1259 if (!check_connected(command_singleton_iterator, &singleton,
1260 &opt))
1261 continue;
1262
1263 cmd->error_string = "missing necessary objects";
1264 }
1265}
1266
1267struct iterate_data {
1268 struct command *cmds;
1269 struct shallow_info *si;
1270};
1271
1272static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1273{
1274 struct iterate_data *data = cb_data;
1275 struct command **cmd_list = &data->cmds;
1276 struct command *cmd = *cmd_list;
1277
1278 for (; cmd; cmd = cmd->next) {
1279 if (shallow_update && data->si->shallow_ref[cmd->index])
1280 /* to be checked in update_shallow_ref() */
1281 continue;
1282 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1283 hashcpy(sha1, cmd->new_sha1);
1284 *cmd_list = cmd->next;
1285 return 0;
1286 }
1287 }
1288 *cmd_list = NULL;
1289 return -1; /* end of list */
1290}
1291
1292static void reject_updates_to_hidden(struct command *commands)
1293{
1294 struct strbuf refname_full = STRBUF_INIT;
1295 size_t prefix_len;
1296 struct command *cmd;
1297
1298 strbuf_addstr(&refname_full, get_git_namespace());
1299 prefix_len = refname_full.len;
1300
1301 for (cmd = commands; cmd; cmd = cmd->next) {
1302 if (cmd->error_string)
1303 continue;
1304
1305 strbuf_setlen(&refname_full, prefix_len);
1306 strbuf_addstr(&refname_full, cmd->ref_name);
1307
1308 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1309 continue;
1310 if (is_null_sha1(cmd->new_sha1))
1311 cmd->error_string = "deny deleting a hidden ref";
1312 else
1313 cmd->error_string = "deny updating a hidden ref";
1314 }
1315
1316 strbuf_release(&refname_full);
1317}
1318
1319static int should_process_cmd(struct command *cmd)
1320{
1321 return !cmd->error_string && !cmd->skip_update;
1322}
1323
1324static void warn_if_skipped_connectivity_check(struct command *commands,
1325 struct shallow_info *si)
1326{
1327 struct command *cmd;
1328 int checked_connectivity = 1;
1329
1330 for (cmd = commands; cmd; cmd = cmd->next) {
1331 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1332 error("BUG: connectivity check has not been run on ref %s",
1333 cmd->ref_name);
1334 checked_connectivity = 0;
1335 }
1336 }
1337 if (!checked_connectivity)
1338 die("BUG: connectivity check skipped???");
1339}
1340
1341static void execute_commands_non_atomic(struct command *commands,
1342 struct shallow_info *si)
1343{
1344 struct command *cmd;
1345 struct strbuf err = STRBUF_INIT;
1346
1347 for (cmd = commands; cmd; cmd = cmd->next) {
1348 if (!should_process_cmd(cmd))
1349 continue;
1350
1351 transaction = ref_transaction_begin(&err);
1352 if (!transaction) {
1353 rp_error("%s", err.buf);
1354 strbuf_reset(&err);
1355 cmd->error_string = "transaction failed to start";
1356 continue;
1357 }
1358
1359 cmd->error_string = update(cmd, si);
1360
1361 if (!cmd->error_string
1362 && ref_transaction_commit(transaction, &err)) {
1363 rp_error("%s", err.buf);
1364 strbuf_reset(&err);
1365 cmd->error_string = "failed to update ref";
1366 }
1367 ref_transaction_free(transaction);
1368 }
1369 strbuf_release(&err);
1370}
1371
1372static void execute_commands_atomic(struct command *commands,
1373 struct shallow_info *si)
1374{
1375 struct command *cmd;
1376 struct strbuf err = STRBUF_INIT;
1377 const char *reported_error = "atomic push failure";
1378
1379 transaction = ref_transaction_begin(&err);
1380 if (!transaction) {
1381 rp_error("%s", err.buf);
1382 strbuf_reset(&err);
1383 reported_error = "transaction failed to start";
1384 goto failure;
1385 }
1386
1387 for (cmd = commands; cmd; cmd = cmd->next) {
1388 if (!should_process_cmd(cmd))
1389 continue;
1390
1391 cmd->error_string = update(cmd, si);
1392
1393 if (cmd->error_string)
1394 goto failure;
1395 }
1396
1397 if (ref_transaction_commit(transaction, &err)) {
1398 rp_error("%s", err.buf);
1399 reported_error = "atomic transaction failed";
1400 goto failure;
1401 }
1402 goto cleanup;
1403
1404failure:
1405 for (cmd = commands; cmd; cmd = cmd->next)
1406 if (!cmd->error_string)
1407 cmd->error_string = reported_error;
1408
1409cleanup:
1410 ref_transaction_free(transaction);
1411 strbuf_release(&err);
1412}
1413
1414static void execute_commands(struct command *commands,
1415 const char *unpacker_error,
1416 struct shallow_info *si,
1417 const struct string_list *push_options)
1418{
1419 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1420 struct command *cmd;
1421 unsigned char sha1[20];
1422 struct iterate_data data;
1423 struct async muxer;
1424 int err_fd = 0;
1425
1426 if (unpacker_error) {
1427 for (cmd = commands; cmd; cmd = cmd->next)
1428 cmd->error_string = "unpacker error";
1429 return;
1430 }
1431
1432 if (use_sideband) {
1433 memset(&muxer, 0, sizeof(muxer));
1434 muxer.proc = copy_to_sideband;
1435 muxer.in = -1;
1436 if (!start_async(&muxer))
1437 err_fd = muxer.in;
1438 /* ...else, continue without relaying sideband */
1439 }
1440
1441 data.cmds = commands;
1442 data.si = si;
1443 opt.err_fd = err_fd;
1444 opt.progress = err_fd && !quiet;
1445 opt.env = tmp_objdir_env(tmp_objdir);
1446 if (check_connected(iterate_receive_command_list, &data, &opt))
1447 set_connectivity_errors(commands, si);
1448
1449 if (use_sideband)
1450 finish_async(&muxer);
1451
1452 reject_updates_to_hidden(commands);
1453
1454 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1455 for (cmd = commands; cmd; cmd = cmd->next) {
1456 if (!cmd->error_string)
1457 cmd->error_string = "pre-receive hook declined";
1458 }
1459 return;
1460 }
1461
1462 /*
1463 * Now we'll start writing out refs, which means the objects need
1464 * to be in their final positions so that other processes can see them.
1465 */
1466 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1467 for (cmd = commands; cmd; cmd = cmd->next) {
1468 if (!cmd->error_string)
1469 cmd->error_string = "unable to migrate objects to permanent storage";
1470 }
1471 return;
1472 }
1473 tmp_objdir = NULL;
1474
1475 check_aliased_updates(commands);
1476
1477 free(head_name_to_free);
1478 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1479
1480 if (use_atomic)
1481 execute_commands_atomic(commands, si);
1482 else
1483 execute_commands_non_atomic(commands, si);
1484
1485 if (shallow_update)
1486 warn_if_skipped_connectivity_check(commands, si);
1487}
1488
1489static struct command **queue_command(struct command **tail,
1490 const char *line,
1491 int linelen)
1492{
1493 unsigned char old_sha1[20], new_sha1[20];
1494 struct command *cmd;
1495 const char *refname;
1496 int reflen;
1497
1498 if (linelen < 83 ||
1499 line[40] != ' ' ||
1500 line[81] != ' ' ||
1501 get_sha1_hex(line, old_sha1) ||
1502 get_sha1_hex(line + 41, new_sha1))
1503 die("protocol error: expected old/new/ref, got '%s'", line);
1504
1505 refname = line + 82;
1506 reflen = linelen - 82;
1507 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1508 hashcpy(cmd->old_sha1, old_sha1);
1509 hashcpy(cmd->new_sha1, new_sha1);
1510 *tail = cmd;
1511 return &cmd->next;
1512}
1513
1514static void queue_commands_from_cert(struct command **tail,
1515 struct strbuf *push_cert)
1516{
1517 const char *boc, *eoc;
1518
1519 if (*tail)
1520 die("protocol error: got both push certificate and unsigned commands");
1521
1522 boc = strstr(push_cert->buf, "\n\n");
1523 if (!boc)
1524 die("malformed push certificate %.*s", 100, push_cert->buf);
1525 else
1526 boc += 2;
1527 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1528
1529 while (boc < eoc) {
1530 const char *eol = memchr(boc, '\n', eoc - boc);
1531 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1532 boc = eol ? eol + 1 : eoc;
1533 }
1534}
1535
1536static struct command *read_head_info(struct sha1_array *shallow)
1537{
1538 struct command *commands = NULL;
1539 struct command **p = &commands;
1540 for (;;) {
1541 char *line;
1542 int len, linelen;
1543
1544 line = packet_read_line(0, &len);
1545 if (!line)
1546 break;
1547
1548 if (len == 48 && starts_with(line, "shallow ")) {
1549 unsigned char sha1[20];
1550 if (get_sha1_hex(line + 8, sha1))
1551 die("protocol error: expected shallow sha, got '%s'",
1552 line + 8);
1553 sha1_array_append(shallow, sha1);
1554 continue;
1555 }
1556
1557 linelen = strlen(line);
1558 if (linelen < len) {
1559 const char *feature_list = line + linelen + 1;
1560 if (parse_feature_request(feature_list, "report-status"))
1561 report_status = 1;
1562 if (parse_feature_request(feature_list, "side-band-64k"))
1563 use_sideband = LARGE_PACKET_MAX;
1564 if (parse_feature_request(feature_list, "quiet"))
1565 quiet = 1;
1566 if (advertise_atomic_push
1567 && parse_feature_request(feature_list, "atomic"))
1568 use_atomic = 1;
1569 if (advertise_push_options
1570 && parse_feature_request(feature_list, "push-options"))
1571 use_push_options = 1;
1572 }
1573
1574 if (!strcmp(line, "push-cert")) {
1575 int true_flush = 0;
1576 char certbuf[1024];
1577
1578 for (;;) {
1579 len = packet_read(0, NULL, NULL,
1580 certbuf, sizeof(certbuf), 0);
1581 if (!len) {
1582 true_flush = 1;
1583 break;
1584 }
1585 if (!strcmp(certbuf, "push-cert-end\n"))
1586 break; /* end of cert */
1587 strbuf_addstr(&push_cert, certbuf);
1588 }
1589
1590 if (true_flush)
1591 break;
1592 continue;
1593 }
1594
1595 p = queue_command(p, line, linelen);
1596 }
1597
1598 if (push_cert.len)
1599 queue_commands_from_cert(p, &push_cert);
1600
1601 return commands;
1602}
1603
1604static void read_push_options(struct string_list *options)
1605{
1606 while (1) {
1607 char *line;
1608 int len;
1609
1610 line = packet_read_line(0, &len);
1611
1612 if (!line)
1613 break;
1614
1615 string_list_append(options, line);
1616 }
1617}
1618
1619static const char *parse_pack_header(struct pack_header *hdr)
1620{
1621 switch (read_pack_header(0, hdr)) {
1622 case PH_ERROR_EOF:
1623 return "eof before pack header was fully read";
1624
1625 case PH_ERROR_PACK_SIGNATURE:
1626 return "protocol error (pack signature mismatch detected)";
1627
1628 case PH_ERROR_PROTOCOL:
1629 return "protocol error (pack version unsupported)";
1630
1631 default:
1632 return "unknown error in parse_pack_header";
1633
1634 case 0:
1635 return NULL;
1636 }
1637}
1638
1639static const char *pack_lockfile;
1640
1641static const char *unpack(int err_fd, struct shallow_info *si)
1642{
1643 struct pack_header hdr;
1644 const char *hdr_err;
1645 int status;
1646 char hdr_arg[38];
1647 struct child_process child = CHILD_PROCESS_INIT;
1648 int fsck_objects = (receive_fsck_objects >= 0
1649 ? receive_fsck_objects
1650 : transfer_fsck_objects >= 0
1651 ? transfer_fsck_objects
1652 : 0);
1653
1654 hdr_err = parse_pack_header(&hdr);
1655 if (hdr_err) {
1656 if (err_fd > 0)
1657 close(err_fd);
1658 return hdr_err;
1659 }
1660 snprintf(hdr_arg, sizeof(hdr_arg),
1661 "--pack_header=%"PRIu32",%"PRIu32,
1662 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1663
1664 if (si->nr_ours || si->nr_theirs) {
1665 alt_shallow_file = setup_temporary_shallow(si->shallow);
1666 argv_array_push(&child.args, "--shallow-file");
1667 argv_array_push(&child.args, alt_shallow_file);
1668 }
1669
1670 tmp_objdir = tmp_objdir_create();
1671 if (!tmp_objdir)
1672 return "unable to create temporary object directory";
1673 child.env = tmp_objdir_env(tmp_objdir);
1674
1675 /*
1676 * Normally we just pass the tmp_objdir environment to the child
1677 * processes that do the heavy lifting, but we may need to see these
1678 * objects ourselves to set up shallow information.
1679 */
1680 tmp_objdir_add_as_alternate(tmp_objdir);
1681
1682 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1683 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1684 if (quiet)
1685 argv_array_push(&child.args, "-q");
1686 if (fsck_objects)
1687 argv_array_pushf(&child.args, "--strict%s",
1688 fsck_msg_types.buf);
1689 if (max_input_size)
1690 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1691 (uintmax_t)max_input_size);
1692 child.no_stdout = 1;
1693 child.err = err_fd;
1694 child.git_cmd = 1;
1695 status = run_command(&child);
1696 if (status)
1697 return "unpack-objects abnormal exit";
1698 } else {
1699 char hostname[256];
1700
1701 argv_array_pushl(&child.args, "index-pack",
1702 "--stdin", hdr_arg, NULL);
1703
1704 if (gethostname(hostname, sizeof(hostname)))
1705 xsnprintf(hostname, sizeof(hostname), "localhost");
1706 argv_array_pushf(&child.args,
1707 "--keep=receive-pack %"PRIuMAX" on %s",
1708 (uintmax_t)getpid(),
1709 hostname);
1710
1711 if (!quiet && err_fd)
1712 argv_array_push(&child.args, "--show-resolving-progress");
1713 if (use_sideband)
1714 argv_array_push(&child.args, "--report-end-of-input");
1715 if (fsck_objects)
1716 argv_array_pushf(&child.args, "--strict%s",
1717 fsck_msg_types.buf);
1718 if (!reject_thin)
1719 argv_array_push(&child.args, "--fix-thin");
1720 if (max_input_size)
1721 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1722 (uintmax_t)max_input_size);
1723 child.out = -1;
1724 child.err = err_fd;
1725 child.git_cmd = 1;
1726 status = start_command(&child);
1727 if (status)
1728 return "index-pack fork failed";
1729 pack_lockfile = index_pack_lockfile(child.out);
1730 close(child.out);
1731 status = finish_command(&child);
1732 if (status)
1733 return "index-pack abnormal exit";
1734 reprepare_packed_git();
1735 }
1736 return NULL;
1737}
1738
1739static const char *unpack_with_sideband(struct shallow_info *si)
1740{
1741 struct async muxer;
1742 const char *ret;
1743
1744 if (!use_sideband)
1745 return unpack(0, si);
1746
1747 use_keepalive = KEEPALIVE_AFTER_NUL;
1748 memset(&muxer, 0, sizeof(muxer));
1749 muxer.proc = copy_to_sideband;
1750 muxer.in = -1;
1751 if (start_async(&muxer))
1752 return NULL;
1753
1754 ret = unpack(muxer.in, si);
1755
1756 finish_async(&muxer);
1757 return ret;
1758}
1759
1760static void prepare_shallow_update(struct command *commands,
1761 struct shallow_info *si)
1762{
1763 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1764
1765 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1766 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1767
1768 si->need_reachability_test =
1769 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1770 si->reachable =
1771 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1772 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1773
1774 for (i = 0; i < si->nr_ours; i++)
1775 si->need_reachability_test[si->ours[i]] = 1;
1776
1777 for (i = 0; i < si->shallow->nr; i++) {
1778 if (!si->used_shallow[i])
1779 continue;
1780 for (j = 0; j < bitmap_size; j++) {
1781 if (!si->used_shallow[i][j])
1782 continue;
1783 si->need_reachability_test[i]++;
1784 for (k = 0; k < 32; k++)
1785 if (si->used_shallow[i][j] & (1U << k))
1786 si->shallow_ref[j * 32 + k]++;
1787 }
1788
1789 /*
1790 * true for those associated with some refs and belong
1791 * in "ours" list aka "step 7 not done yet"
1792 */
1793 si->need_reachability_test[i] =
1794 si->need_reachability_test[i] > 1;
1795 }
1796
1797 /*
1798 * keep hooks happy by forcing a temporary shallow file via
1799 * env variable because we can't add --shallow-file to every
1800 * command. check_everything_connected() will be done with
1801 * true .git/shallow though.
1802 */
1803 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1804}
1805
1806static void update_shallow_info(struct command *commands,
1807 struct shallow_info *si,
1808 struct sha1_array *ref)
1809{
1810 struct command *cmd;
1811 int *ref_status;
1812 remove_nonexistent_theirs_shallow(si);
1813 if (!si->nr_ours && !si->nr_theirs) {
1814 shallow_update = 0;
1815 return;
1816 }
1817
1818 for (cmd = commands; cmd; cmd = cmd->next) {
1819 if (is_null_sha1(cmd->new_sha1))
1820 continue;
1821 sha1_array_append(ref, cmd->new_sha1);
1822 cmd->index = ref->nr - 1;
1823 }
1824 si->ref = ref;
1825
1826 if (shallow_update) {
1827 prepare_shallow_update(commands, si);
1828 return;
1829 }
1830
1831 ALLOC_ARRAY(ref_status, ref->nr);
1832 assign_shallow_commits_to_refs(si, NULL, ref_status);
1833 for (cmd = commands; cmd; cmd = cmd->next) {
1834 if (is_null_sha1(cmd->new_sha1))
1835 continue;
1836 if (ref_status[cmd->index]) {
1837 cmd->error_string = "shallow update not allowed";
1838 cmd->skip_update = 1;
1839 }
1840 }
1841 free(ref_status);
1842}
1843
1844static void report(struct command *commands, const char *unpack_status)
1845{
1846 struct command *cmd;
1847 struct strbuf buf = STRBUF_INIT;
1848
1849 packet_buf_write(&buf, "unpack %s\n",
1850 unpack_status ? unpack_status : "ok");
1851 for (cmd = commands; cmd; cmd = cmd->next) {
1852 if (!cmd->error_string)
1853 packet_buf_write(&buf, "ok %s\n",
1854 cmd->ref_name);
1855 else
1856 packet_buf_write(&buf, "ng %s %s\n",
1857 cmd->ref_name, cmd->error_string);
1858 }
1859 packet_buf_flush(&buf);
1860
1861 if (use_sideband)
1862 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1863 else
1864 write_or_die(1, buf.buf, buf.len);
1865 strbuf_release(&buf);
1866}
1867
1868static int delete_only(struct command *commands)
1869{
1870 struct command *cmd;
1871 for (cmd = commands; cmd; cmd = cmd->next) {
1872 if (!is_null_sha1(cmd->new_sha1))
1873 return 0;
1874 }
1875 return 1;
1876}
1877
1878int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1879{
1880 int advertise_refs = 0;
1881 struct command *commands;
1882 struct sha1_array shallow = SHA1_ARRAY_INIT;
1883 struct sha1_array ref = SHA1_ARRAY_INIT;
1884 struct shallow_info si;
1885
1886 struct option options[] = {
1887 OPT__QUIET(&quiet, N_("quiet")),
1888 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1889 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1890 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1891 OPT_END()
1892 };
1893
1894 packet_trace_identity("receive-pack");
1895
1896 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1897
1898 if (argc > 1)
1899 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1900 if (argc == 0)
1901 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1902
1903 service_dir = argv[0];
1904
1905 setup_path();
1906
1907 if (!enter_repo(service_dir, 0))
1908 die("'%s' does not appear to be a git repository", service_dir);
1909
1910 git_config(receive_pack_config, NULL);
1911 if (cert_nonce_seed)
1912 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1913
1914 if (0 <= transfer_unpack_limit)
1915 unpack_limit = transfer_unpack_limit;
1916 else if (0 <= receive_unpack_limit)
1917 unpack_limit = receive_unpack_limit;
1918
1919 if (advertise_refs || !stateless_rpc) {
1920 write_head_info();
1921 }
1922 if (advertise_refs)
1923 return 0;
1924
1925 if ((commands = read_head_info(&shallow)) != NULL) {
1926 const char *unpack_status = NULL;
1927 struct string_list push_options = STRING_LIST_INIT_DUP;
1928
1929 if (use_push_options)
1930 read_push_options(&push_options);
1931
1932 prepare_shallow_info(&si, &shallow);
1933 if (!si.nr_ours && !si.nr_theirs)
1934 shallow_update = 0;
1935 if (!delete_only(commands)) {
1936 unpack_status = unpack_with_sideband(&si);
1937 update_shallow_info(commands, &si, &ref);
1938 }
1939 use_keepalive = KEEPALIVE_ALWAYS;
1940 execute_commands(commands, unpack_status, &si,
1941 &push_options);
1942 if (pack_lockfile)
1943 unlink_or_warn(pack_lockfile);
1944 if (report_status)
1945 report(commands, unpack_status);
1946 run_receive_hook(commands, "post-receive", 1,
1947 &push_options);
1948 run_update_post_hook(commands);
1949 if (push_options.nr)
1950 string_list_clear(&push_options, 0);
1951 if (auto_gc) {
1952 const char *argv_gc_auto[] = {
1953 "gc", "--auto", "--quiet", NULL,
1954 };
1955 struct child_process proc = CHILD_PROCESS_INIT;
1956
1957 proc.no_stdin = 1;
1958 proc.stdout_to_stderr = 1;
1959 proc.err = use_sideband ? -1 : 0;
1960 proc.git_cmd = 1;
1961 proc.argv = argv_gc_auto;
1962
1963 close_all_packs();
1964 if (!start_command(&proc)) {
1965 if (use_sideband)
1966 copy_to_sideband(proc.err, -1, NULL);
1967 finish_command(&proc);
1968 }
1969 }
1970 if (auto_update_server_info)
1971 update_server_info(0);
1972 clear_shallow_info(&si);
1973 }
1974 if (use_sideband)
1975 packet_flush(1);
1976 sha1_array_clear(&shallow);
1977 sha1_array_clear(&ref);
1978 free((void *)push_cert_nonce);
1979 return 0;
1980}