1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30static const char * const receive_pack_usage[] = {
32 N_("git receive-pack <git-dir>"),
33 NULL
34};
35enum deny_action {
37 DENY_UNCONFIGURED,
38 DENY_IGNORE,
39 DENY_WARN,
40 DENY_REFUSE,
41 DENY_UPDATE_INSTEAD
42};
43static int deny_deletes;
45static int deny_non_fast_forwards;
46static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
47static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
48static int receive_fsck_objects = -1;
49static int transfer_fsck_objects = -1;
50static struct strbuf fsck_msg_types = STRBUF_INIT;
51static int receive_unpack_limit = -1;
52static int transfer_unpack_limit = -1;
53static int advertise_atomic_push = 1;
54static int advertise_push_options;
55static int unpack_limit = 100;
56static off_t max_input_size;
57static int report_status;
58static int use_sideband;
59static int use_atomic;
60static int use_push_options;
61static int quiet;
62static int prefer_ofs_delta = 1;
63static int auto_update_server_info;
64static int auto_gc = 1;
65static int reject_thin;
66static int stateless_rpc;
67static const char *service_dir;
68static const char *head_name;
69static void *head_name_to_free;
70static int sent_capabilities;
71static int shallow_update;
72static const char *alt_shallow_file;
73static struct strbuf push_cert = STRBUF_INIT;
74static struct object_id push_cert_oid;
75static struct signature_check sigcheck;
76static const char *push_cert_nonce;
77static const char *cert_nonce_seed;
78static const char *NONCE_UNSOLICITED = "UNSOLICITED";
80static const char *NONCE_BAD = "BAD";
81static const char *NONCE_MISSING = "MISSING";
82static const char *NONCE_OK = "OK";
83static const char *NONCE_SLOP = "SLOP";
84static const char *nonce_status;
85static long nonce_stamp_slop;
86static timestamp_t nonce_stamp_slop_limit;
87static struct ref_transaction *transaction;
88static enum {
90 KEEPALIVE_NEVER = 0,
91 KEEPALIVE_AFTER_NUL,
92 KEEPALIVE_ALWAYS
93} use_keepalive;
94static int keepalive_in_sec = 5;
95static struct tmp_objdir *tmp_objdir;
97static enum deny_action parse_deny_action(const char *var, const char *value)
99{
100 if (value) {
101 if (!strcasecmp(value, "ignore"))
102 return DENY_IGNORE;
103 if (!strcasecmp(value, "warn"))
104 return DENY_WARN;
105 if (!strcasecmp(value, "refuse"))
106 return DENY_REFUSE;
107 if (!strcasecmp(value, "updateinstead"))
108 return DENY_UPDATE_INSTEAD;
109 }
110 if (git_config_bool(var, value))
111 return DENY_REFUSE;
112 return DENY_IGNORE;
113}
114static int receive_pack_config(const char *var, const char *value, void *cb)
116{
117 int status = parse_hide_refs_config(var, value, "receive");
118 if (status)
120 return status;
121 if (strcmp(var, "receive.denydeletes") == 0) {
123 deny_deletes = git_config_bool(var, value);
124 return 0;
125 }
126 if (strcmp(var, "receive.denynonfastforwards") == 0) {
128 deny_non_fast_forwards = git_config_bool(var, value);
129 return 0;
130 }
131 if (strcmp(var, "receive.unpacklimit") == 0) {
133 receive_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136 if (strcmp(var, "transfer.unpacklimit") == 0) {
138 transfer_unpack_limit = git_config_int(var, value);
139 return 0;
140 }
141 if (strcmp(var, "receive.fsck.skiplist") == 0) {
143 const char *path;
144 if (git_config_pathname(&path, var, value))
146 return 1;
147 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
148 fsck_msg_types.len ? ',' : '=', path);
149 free((char *)path);
150 return 0;
151 }
152 if (skip_prefix(var, "receive.fsck.", &var)) {
154 if (is_valid_msg_type(var, value))
155 strbuf_addf(&fsck_msg_types, "%c%s=%s",
156 fsck_msg_types.len ? ',' : '=', var, value);
157 else
158 warning("Skipping unknown msg id '%s'", var);
159 return 0;
160 }
161 if (strcmp(var, "receive.fsckobjects") == 0) {
163 receive_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166 if (strcmp(var, "transfer.fsckobjects") == 0) {
168 transfer_fsck_objects = git_config_bool(var, value);
169 return 0;
170 }
171 if (!strcmp(var, "receive.denycurrentbranch")) {
173 deny_current_branch = parse_deny_action(var, value);
174 return 0;
175 }
176 if (strcmp(var, "receive.denydeletecurrent") == 0) {
178 deny_delete_current = parse_deny_action(var, value);
179 return 0;
180 }
181 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
183 prefer_ofs_delta = git_config_bool(var, value);
184 return 0;
185 }
186 if (strcmp(var, "receive.updateserverinfo") == 0) {
188 auto_update_server_info = git_config_bool(var, value);
189 return 0;
190 }
191 if (strcmp(var, "receive.autogc") == 0) {
193 auto_gc = git_config_bool(var, value);
194 return 0;
195 }
196 if (strcmp(var, "receive.shallowupdate") == 0) {
198 shallow_update = git_config_bool(var, value);
199 return 0;
200 }
201 if (strcmp(var, "receive.certnonceseed") == 0)
203 return git_config_string(&cert_nonce_seed, var, value);
204 if (strcmp(var, "receive.certnonceslop") == 0) {
206 nonce_stamp_slop_limit = git_config_ulong(var, value);
207 return 0;
208 }
209 if (strcmp(var, "receive.advertiseatomic") == 0) {
211 advertise_atomic_push = git_config_bool(var, value);
212 return 0;
213 }
214 if (strcmp(var, "receive.advertisepushoptions") == 0) {
216 advertise_push_options = git_config_bool(var, value);
217 return 0;
218 }
219 if (strcmp(var, "receive.keepalive") == 0) {
221 keepalive_in_sec = git_config_int(var, value);
222 return 0;
223 }
224 if (strcmp(var, "receive.maxinputsize") == 0) {
226 max_input_size = git_config_int64(var, value);
227 return 0;
228 }
229 return git_default_config(var, value, cb);
231}
232static void show_ref(const char *path, const struct object_id *oid)
234{
235 if (sent_capabilities) {
236 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
237 } else {
238 struct strbuf cap = STRBUF_INIT;
239 strbuf_addstr(&cap,
241 "report-status delete-refs side-band-64k quiet");
242 if (advertise_atomic_push)
243 strbuf_addstr(&cap, " atomic");
244 if (prefer_ofs_delta)
245 strbuf_addstr(&cap, " ofs-delta");
246 if (push_cert_nonce)
247 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
248 if (advertise_push_options)
249 strbuf_addstr(&cap, " push-options");
250 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
251 packet_write_fmt(1, "%s %s%c%s\n",
252 oid_to_hex(oid), path, 0, cap.buf);
253 strbuf_release(&cap);
254 sent_capabilities = 1;
255 }
256}
257static int show_ref_cb(const char *path_full, const struct object_id *oid,
259 int flag, void *data)
260{
261 struct oidset *seen = data;
262 const char *path = strip_namespace(path_full);
263 if (ref_is_hidden(path, path_full))
265 return 0;
266 /*
268 * Advertise refs outside our current namespace as ".have"
269 * refs, so that the client can use them to minimize data
270 * transfer but will otherwise ignore them.
271 */
272 if (!path) {
273 if (oidset_insert(seen, oid))
274 return 0;
275 path = ".have";
276 } else {
277 oidset_insert(seen, oid);
278 }
279 show_ref(path, oid);
280 return 0;
281}
282static void show_one_alternate_ref(const char *refname,
284 const struct object_id *oid,
285 void *data)
286{
287 struct oidset *seen = data;
288 if (oidset_insert(seen, oid))
290 return;
291 show_ref(".have", oid);
293}
294static void write_head_info(void)
296{
297 static struct oidset seen = OIDSET_INIT;
298 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304 advertise_shallow_grafts(1);
306 /* EOF */
308 packet_flush(1);
309}
310struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320};
321static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324static void report_message(const char *prefix, const char *err, va_list params)
326{
327 int sz;
328 char msg[4096];
329 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340}
341static void rp_warning(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348}
349static void rp_error(const char *err, ...)
351{
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356}
357static int copy_to_sideband(int in, int out, void *arg)
359{
360 char data[128];
361 int keepalive_active = 0;
362 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367 while (1) {
369 ssize_t sz;
370 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419}
420#define HMAC_BLOCK_SIZE 64
422static void hmac_sha1(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426{
427 unsigned char key[HMAC_BLOCK_SIZE];
428 unsigned char k_ipad[HMAC_BLOCK_SIZE];
429 unsigned char k_opad[HMAC_BLOCK_SIZE];
430 int i;
431 git_SHA_CTX ctx;
432 /* RFC 2104 2. (1) */
434 memset(key, '\0', HMAC_BLOCK_SIZE);
435 if (HMAC_BLOCK_SIZE < key_len) {
436 git_SHA1_Init(&ctx);
437 git_SHA1_Update(&ctx, key_in, key_len);
438 git_SHA1_Final(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448 /* RFC 2104 2. (3) & (4) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
452 git_SHA1_Update(&ctx, text, text_len);
453 git_SHA1_Final(out, &ctx);
454 /* RFC 2104 2. (6) & (7) */
456 git_SHA1_Init(&ctx);
457 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
458 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
459 git_SHA1_Final(out, &ctx);
460}
461static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463{
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char sha1[GIT_SHA1_RAWSZ];
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
469 strbuf_release(&buf);
470 /* RFC 2104 5. HMAC-SHA1-80 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
473 return strbuf_detach(&buf, NULL);
474}
475/*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483{
484 int key_len = strlen(key);
485 const char *line = msg;
486 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502}
503static const char *check_nonce(const char *buf, size_t len)
505{
506 char *nonce = find_header(buf, len, "nonce", NULL);
507 timestamp_t stamp, ostamp;
508 char *bohmac, *expect = NULL;
509 const char *retval = NONCE_BAD;
510 if (!nonce) {
512 retval = NONCE_MISSING;
513 goto leave;
514 } else if (!push_cert_nonce) {
515 retval = NONCE_UNSOLICITED;
516 goto leave;
517 } else if (!strcmp(push_cert_nonce, nonce)) {
518 retval = NONCE_OK;
519 goto leave;
520 }
521 if (!stateless_rpc) {
523 /* returned nonce MUST match what we gave out earlier */
524 retval = NONCE_BAD;
525 goto leave;
526 }
527 /*
529 * In stateless mode, we may be receiving a nonce issued by
530 * another instance of the server that serving the same
531 * repository, and the timestamps may not match, but the
532 * nonce-seed and dir should match, so we can recompute and
533 * report the time slop.
534 *
535 * In addition, when a nonce issued by another instance has
536 * timestamp within receive.certnonceslop seconds, we pretend
537 * as if we issued that nonce when reporting to the hook.
538 */
539 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
541 if (*nonce <= '0' || '9' < *nonce) {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545 stamp = parse_timestamp(nonce, &bohmac, 10);
546 if (bohmac == nonce || bohmac[0] != '-') {
547 retval = NONCE_BAD;
548 goto leave;
549 }
550 expect = prepare_push_cert_nonce(service_dir, stamp);
552 if (strcmp(expect, nonce)) {
553 /* Not what we would have signed earlier */
554 retval = NONCE_BAD;
555 goto leave;
556 }
557 /*
559 * By how many seconds is this nonce stale? Negative value
560 * would mean it was issued by another server with its clock
561 * skewed in the future.
562 */
563 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
564 nonce_stamp_slop = (long)ostamp - (long)stamp;
565 if (nonce_stamp_slop_limit &&
567 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
568 /*
569 * Pretend as if the received nonce (which passes the
570 * HMAC check, so it is not a forged by third-party)
571 * is what we issued.
572 */
573 free((void *)push_cert_nonce);
574 push_cert_nonce = xstrdup(nonce);
575 retval = NONCE_OK;
576 } else {
577 retval = NONCE_SLOP;
578 }
579leave:
581 free(nonce);
582 free(expect);
583 return retval;
584}
585/*
587 * Return 1 if there is no push_cert or if the push options in push_cert are
588 * the same as those in the argument; 0 otherwise.
589 */
590static int check_cert_push_options(const struct string_list *push_options)
591{
592 const char *buf = push_cert.buf;
593 int len = push_cert.len;
594 char *option;
596 const char *next_line;
597 int options_seen = 0;
598 int retval = 1;
600 if (!len)
602 return 1;
603 while ((option = find_header(buf, len, "push-option", &next_line))) {
605 len -= (next_line - buf);
606 buf = next_line;
607 options_seen++;
608 if (options_seen > push_options->nr
609 || strcmp(option,
610 push_options->items[options_seen - 1].string)) {
611 retval = 0;
612 goto leave;
613 }
614 free(option);
615 }
616 if (options_seen != push_options->nr)
618 retval = 0;
619leave:
621 free(option);
622 return retval;
623}
624static void prepare_push_cert_sha1(struct child_process *proc)
626{
627 static int already_done;
628 if (!push_cert.len)
630 return;
631 if (!already_done) {
633 struct strbuf gpg_output = STRBUF_INIT;
634 struct strbuf gpg_status = STRBUF_INIT;
635 int bogs /* beginning_of_gpg_sig */;
636 already_done = 1;
638 if (write_object_file(push_cert.buf, push_cert.len, "blob",
639 &push_cert_oid))
640 oidclr(&push_cert_oid);
641 memset(&sigcheck, '\0', sizeof(sigcheck));
643 sigcheck.result = 'N';
644 bogs = parse_signature(push_cert.buf, push_cert.len);
646 if (verify_signed_buffer(push_cert.buf, bogs,
647 push_cert.buf + bogs, push_cert.len - bogs,
648 &gpg_output, &gpg_status) < 0) {
649 ; /* error running gpg */
650 } else {
651 sigcheck.payload = push_cert.buf;
652 sigcheck.gpg_output = gpg_output.buf;
653 sigcheck.gpg_status = gpg_status.buf;
654 parse_gpg_output(&sigcheck);
655 }
656 strbuf_release(&gpg_output);
658 strbuf_release(&gpg_status);
659 nonce_status = check_nonce(push_cert.buf, bogs);
660 }
661 if (!is_null_oid(&push_cert_oid)) {
662 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
663 oid_to_hex(&push_cert_oid));
664 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
665 sigcheck.signer ? sigcheck.signer : "");
666 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
667 sigcheck.key ? sigcheck.key : "");
668 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
669 sigcheck.result);
670 if (push_cert_nonce) {
671 argv_array_pushf(&proc->env_array,
672 "GIT_PUSH_CERT_NONCE=%s",
673 push_cert_nonce);
674 argv_array_pushf(&proc->env_array,
675 "GIT_PUSH_CERT_NONCE_STATUS=%s",
676 nonce_status);
677 if (nonce_status == NONCE_SLOP)
678 argv_array_pushf(&proc->env_array,
679 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
680 nonce_stamp_slop);
681 }
682 }
683}
684struct receive_hook_feed_state {
686 struct command *cmd;
687 int skip_broken;
688 struct strbuf buf;
689 const struct string_list *push_options;
690};
691typedef int (*feed_fn)(void *, const char **, size_t *);
693static int run_and_feed_hook(const char *hook_name, feed_fn feed,
694 struct receive_hook_feed_state *feed_state)
695{
696 struct child_process proc = CHILD_PROCESS_INIT;
697 struct async muxer;
698 const char *argv[2];
699 int code;
700 argv[0] = find_hook(hook_name);
702 if (!argv[0])
703 return 0;
704 argv[1] = NULL;
706 proc.argv = argv;
708 proc.in = -1;
709 proc.stdout_to_stderr = 1;
710 if (feed_state->push_options) {
711 int i;
712 for (i = 0; i < feed_state->push_options->nr; i++)
713 argv_array_pushf(&proc.env_array,
714 "GIT_PUSH_OPTION_%d=%s", i,
715 feed_state->push_options->items[i].string);
716 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
717 feed_state->push_options->nr);
718 } else
719 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
720 if (tmp_objdir)
722 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
723 if (use_sideband) {
725 memset(&muxer, 0, sizeof(muxer));
726 muxer.proc = copy_to_sideband;
727 muxer.in = -1;
728 code = start_async(&muxer);
729 if (code)
730 return code;
731 proc.err = muxer.in;
732 }
733 prepare_push_cert_sha1(&proc);
735 code = start_command(&proc);
737 if (code) {
738 if (use_sideband)
739 finish_async(&muxer);
740 return code;
741 }
742 sigchain_push(SIGPIPE, SIG_IGN);
744 while (1) {
746 const char *buf;
747 size_t n;
748 if (feed(feed_state, &buf, &n))
749 break;
750 if (write_in_full(proc.in, buf, n) < 0)
751 break;
752 }
753 close(proc.in);
754 if (use_sideband)
755 finish_async(&muxer);
756 sigchain_pop(SIGPIPE);
758 return finish_command(&proc);
760}
761static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
763{
764 struct receive_hook_feed_state *state = state_;
765 struct command *cmd = state->cmd;
766 while (cmd &&
768 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
769 cmd = cmd->next;
770 if (!cmd)
771 return -1; /* EOF */
772 strbuf_reset(&state->buf);
773 strbuf_addf(&state->buf, "%s %s %s\n",
774 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
775 cmd->ref_name);
776 state->cmd = cmd->next;
777 if (bufp) {
778 *bufp = state->buf.buf;
779 *sizep = state->buf.len;
780 }
781 return 0;
782}
783static int run_receive_hook(struct command *commands,
785 const char *hook_name,
786 int skip_broken,
787 const struct string_list *push_options)
788{
789 struct receive_hook_feed_state state;
790 int status;
791 strbuf_init(&state.buf, 0);
793 state.cmd = commands;
794 state.skip_broken = skip_broken;
795 if (feed_receive_hook(&state, NULL, NULL))
796 return 0;
797 state.cmd = commands;
798 state.push_options = push_options;
799 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
800 strbuf_release(&state.buf);
801 return status;
802}
803static int run_update_hook(struct command *cmd)
805{
806 const char *argv[5];
807 struct child_process proc = CHILD_PROCESS_INIT;
808 int code;
809 argv[0] = find_hook("update");
811 if (!argv[0])
812 return 0;
813 argv[1] = cmd->ref_name;
815 argv[2] = oid_to_hex(&cmd->old_oid);
816 argv[3] = oid_to_hex(&cmd->new_oid);
817 argv[4] = NULL;
818 proc.no_stdin = 1;
820 proc.stdout_to_stderr = 1;
821 proc.err = use_sideband ? -1 : 0;
822 proc.argv = argv;
823 code = start_command(&proc);
825 if (code)
826 return code;
827 if (use_sideband)
828 copy_to_sideband(proc.err, -1, NULL);
829 return finish_command(&proc);
830}
831static int is_ref_checked_out(const char *ref)
833{
834 if (is_bare_repository())
835 return 0;
836 if (!head_name)
838 return 0;
839 return !strcmp(head_name, ref);
840}
841static char *refuse_unconfigured_deny_msg =
843 N_("By default, updating the current branch in a non-bare repository\n"
844 "is denied, because it will make the index and work tree inconsistent\n"
845 "with what you pushed, and will require 'git reset --hard' to match\n"
846 "the work tree to HEAD.\n"
847 "\n"
848 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
849 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
850 "its current branch; however, this is not recommended unless you\n"
851 "arranged to update its work tree to match what you pushed in some\n"
852 "other way.\n"
853 "\n"
854 "To squelch this message and still keep the default behaviour, set\n"
855 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
856static void refuse_unconfigured_deny(void)
858{
859 rp_error("%s", _(refuse_unconfigured_deny_msg));
860}
861static char *refuse_unconfigured_deny_delete_current_msg =
863 N_("By default, deleting the current branch is denied, because the next\n"
864 "'git clone' won't result in any file checked out, causing confusion.\n"
865 "\n"
866 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
867 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
868 "current branch, with or without a warning message.\n"
869 "\n"
870 "To squelch this message, you can set it to 'refuse'.");
871static void refuse_unconfigured_deny_delete_current(void)
873{
874 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
875}
876static int command_singleton_iterator(void *cb_data, struct object_id *oid);
878static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
879{
880 struct lock_file shallow_lock = LOCK_INIT;
881 struct oid_array extra = OID_ARRAY_INIT;
882 struct check_connected_options opt = CHECK_CONNECTED_INIT;
883 uint32_t mask = 1 << (cmd->index % 32);
884 int i;
885 trace_printf_key(&trace_shallow,
887 "shallow: update_shallow_ref %s\n", cmd->ref_name);
888 for (i = 0; i < si->shallow->nr; i++)
889 if (si->used_shallow[i] &&
890 (si->used_shallow[i][cmd->index / 32] & mask) &&
891 !delayed_reachability_test(si, i))
892 oid_array_append(&extra, &si->shallow->oid[i]);
893 opt.env = tmp_objdir_env(tmp_objdir);
895 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
896 if (check_connected(command_singleton_iterator, cmd, &opt)) {
897 rollback_lock_file(&shallow_lock);
898 oid_array_clear(&extra);
899 return -1;
900 }
901 commit_lock_file(&shallow_lock);
903 /*
905 * Make sure setup_alternate_shallow() for the next ref does
906 * not lose these new roots..
907 */
908 for (i = 0; i < extra.nr; i++)
909 register_shallow(the_repository, &extra.oid[i]);
910 si->shallow_ref[cmd->index] = 0;
912 oid_array_clear(&extra);
913 return 0;
914}
915/*
917 * NEEDSWORK: we should consolidate various implementions of "are we
918 * on an unborn branch?" test into one, and make the unified one more
919 * robust. !get_sha1() based check used here and elsewhere would not
920 * allow us to tell an unborn branch from corrupt ref, for example.
921 * For the purpose of fixing "deploy-to-update does not work when
922 * pushing into an empty repository" issue, this should suffice for
923 * now.
924 */
925static int head_has_history(void)
926{
927 struct object_id oid;
928 return !get_oid("HEAD", &oid);
930}
931static const char *push_to_deploy(unsigned char *sha1,
933 struct argv_array *env,
934 const char *work_tree)
935{
936 const char *update_refresh[] = {
937 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
938 };
939 const char *diff_files[] = {
940 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
941 };
942 const char *diff_index[] = {
943 "diff-index", "--quiet", "--cached", "--ignore-submodules",
944 NULL, "--", NULL
945 };
946 const char *read_tree[] = {
947 "read-tree", "-u", "-m", NULL, NULL
948 };
949 struct child_process child = CHILD_PROCESS_INIT;
950 child.argv = update_refresh;
952 child.env = env->argv;
953 child.dir = work_tree;
954 child.no_stdin = 1;
955 child.stdout_to_stderr = 1;
956 child.git_cmd = 1;
957 if (run_command(&child))
958 return "Up-to-date check failed";
959 /* run_command() does not clean up completely; reinitialize */
961 child_process_init(&child);
962 child.argv = diff_files;
963 child.env = env->argv;
964 child.dir = work_tree;
965 child.no_stdin = 1;
966 child.stdout_to_stderr = 1;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has unstaged changes";
970 /* diff-index with either HEAD or an empty tree */
972 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
973 child_process_init(&child);
975 child.argv = diff_index;
976 child.env = env->argv;
977 child.no_stdin = 1;
978 child.no_stdout = 1;
979 child.stdout_to_stderr = 0;
980 child.git_cmd = 1;
981 if (run_command(&child))
982 return "Working directory has staged changes";
983 read_tree[3] = sha1_to_hex(sha1);
985 child_process_init(&child);
986 child.argv = read_tree;
987 child.env = env->argv;
988 child.dir = work_tree;
989 child.no_stdin = 1;
990 child.no_stdout = 1;
991 child.stdout_to_stderr = 0;
992 child.git_cmd = 1;
993 if (run_command(&child))
994 return "Could not update working tree to new HEAD";
995 return NULL;
997}
998static const char *push_to_checkout_hook = "push-to-checkout";
1000static const char *push_to_checkout(unsigned char *sha1,
1002 struct argv_array *env,
1003 const char *work_tree)
1004{
1005 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1006 if (run_hook_le(env->argv, push_to_checkout_hook,
1007 sha1_to_hex(sha1), NULL))
1008 return "push-to-checkout hook declined";
1009 else
1010 return NULL;
1011}
1012static const char *update_worktree(unsigned char *sha1)
1014{
1015 const char *retval;
1016 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1017 struct argv_array env = ARGV_ARRAY_INIT;
1018 if (is_bare_repository())
1020 return "denyCurrentBranch = updateInstead needs a worktree";
1021 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1023 if (!find_hook(push_to_checkout_hook))
1025 retval = push_to_deploy(sha1, &env, work_tree);
1026 else
1027 retval = push_to_checkout(sha1, &env, work_tree);
1028 argv_array_clear(&env);
1030 return retval;
1031}
1032static const char *update(struct command *cmd, struct shallow_info *si)
1034{
1035 const char *name = cmd->ref_name;
1036 struct strbuf namespaced_name_buf = STRBUF_INIT;
1037 static char *namespaced_name;
1038 const char *ret;
1039 struct object_id *old_oid = &cmd->old_oid;
1040 struct object_id *new_oid = &cmd->new_oid;
1041 /* only refs/... are allowed */
1043 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1044 rp_error("refusing to create funny ref '%s' remotely", name);
1045 return "funny refname";
1046 }
1047 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1049 free(namespaced_name);
1050 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1051 if (is_ref_checked_out(namespaced_name)) {
1053 switch (deny_current_branch) {
1054 case DENY_IGNORE:
1055 break;
1056 case DENY_WARN:
1057 rp_warning("updating the current branch");
1058 break;
1059 case DENY_REFUSE:
1060 case DENY_UNCONFIGURED:
1061 rp_error("refusing to update checked out branch: %s", name);
1062 if (deny_current_branch == DENY_UNCONFIGURED)
1063 refuse_unconfigured_deny();
1064 return "branch is currently checked out";
1065 case DENY_UPDATE_INSTEAD:
1066 ret = update_worktree(new_oid->hash);
1067 if (ret)
1068 return ret;
1069 break;
1070 }
1071 }
1072 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1074 error("unpack should have generated %s, "
1075 "but I can't find it!", oid_to_hex(new_oid));
1076 return "bad pack";
1077 }
1078 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1080 if (deny_deletes && starts_with(name, "refs/heads/")) {
1081 rp_error("denying ref deletion for %s", name);
1082 return "deletion prohibited";
1083 }
1084 if (head_name && !strcmp(namespaced_name, head_name)) {
1086 switch (deny_delete_current) {
1087 case DENY_IGNORE:
1088 break;
1089 case DENY_WARN:
1090 rp_warning("deleting the current branch");
1091 break;
1092 case DENY_REFUSE:
1093 case DENY_UNCONFIGURED:
1094 case DENY_UPDATE_INSTEAD:
1095 if (deny_delete_current == DENY_UNCONFIGURED)
1096 refuse_unconfigured_deny_delete_current();
1097 rp_error("refusing to delete the current branch: %s", name);
1098 return "deletion of the current branch prohibited";
1099 default:
1100 return "Invalid denyDeleteCurrent setting";
1101 }
1102 }
1103 }
1104 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1106 !is_null_oid(old_oid) &&
1107 starts_with(name, "refs/heads/")) {
1108 struct object *old_object, *new_object;
1109 struct commit *old_commit, *new_commit;
1110 old_object = parse_object(old_oid);
1112 new_object = parse_object(new_oid);
1113 if (!old_object || !new_object ||
1115 old_object->type != OBJ_COMMIT ||
1116 new_object->type != OBJ_COMMIT) {
1117 error("bad sha1 objects for %s", name);
1118 return "bad ref";
1119 }
1120 old_commit = (struct commit *)old_object;
1121 new_commit = (struct commit *)new_object;
1122 if (!in_merge_bases(old_commit, new_commit)) {
1123 rp_error("denying non-fast-forward %s"
1124 " (you should pull first)", name);
1125 return "non-fast-forward";
1126 }
1127 }
1128 if (run_update_hook(cmd)) {
1129 rp_error("hook declined to update %s", name);
1130 return "hook declined";
1131 }
1132 if (is_null_oid(new_oid)) {
1134 struct strbuf err = STRBUF_INIT;
1135 if (!parse_object(old_oid)) {
1136 old_oid = NULL;
1137 if (ref_exists(name)) {
1138 rp_warning("Allowing deletion of corrupt ref.");
1139 } else {
1140 rp_warning("Deleting a non-existent ref.");
1141 cmd->did_not_exist = 1;
1142 }
1143 }
1144 if (ref_transaction_delete(transaction,
1145 namespaced_name,
1146 old_oid,
1147 0, "push", &err)) {
1148 rp_error("%s", err.buf);
1149 strbuf_release(&err);
1150 return "failed to delete";
1151 }
1152 strbuf_release(&err);
1153 return NULL; /* good */
1154 }
1155 else {
1156 struct strbuf err = STRBUF_INIT;
1157 if (shallow_update && si->shallow_ref[cmd->index] &&
1158 update_shallow_ref(cmd, si))
1159 return "shallow error";
1160 if (ref_transaction_update(transaction,
1162 namespaced_name,
1163 new_oid, old_oid,
1164 0, "push",
1165 &err)) {
1166 rp_error("%s", err.buf);
1167 strbuf_release(&err);
1168 return "failed to update ref";
1170 }
1171 strbuf_release(&err);
1172 return NULL; /* good */
1174 }
1175}
1176static void run_update_post_hook(struct command *commands)
1178{
1179 struct command *cmd;
1180 struct child_process proc = CHILD_PROCESS_INIT;
1181 const char *hook;
1182 hook = find_hook("post-update");
1184 if (!hook)
1185 return;
1186 for (cmd = commands; cmd; cmd = cmd->next) {
1188 if (cmd->error_string || cmd->did_not_exist)
1189 continue;
1190 if (!proc.args.argc)
1191 argv_array_push(&proc.args, hook);
1192 argv_array_push(&proc.args, cmd->ref_name);
1193 }
1194 if (!proc.args.argc)
1195 return;
1196 proc.no_stdin = 1;
1198 proc.stdout_to_stderr = 1;
1199 proc.err = use_sideband ? -1 : 0;
1200 if (!start_command(&proc)) {
1202 if (use_sideband)
1203 copy_to_sideband(proc.err, -1, NULL);
1204 finish_command(&proc);
1205 }
1206}
1207static void check_aliased_update(struct command *cmd, struct string_list *list)
1209{
1210 struct strbuf buf = STRBUF_INIT;
1211 const char *dst_name;
1212 struct string_list_item *item;
1213 struct command *dst_cmd;
1214 int flag;
1215 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1217 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1218 strbuf_release(&buf);
1219 if (!(flag & REF_ISSYMREF))
1221 return;
1222 if (!dst_name) {
1224 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1225 cmd->skip_update = 1;
1226 cmd->error_string = "broken symref";
1227 return;
1228 }
1229 dst_name = strip_namespace(dst_name);
1230 if ((item = string_list_lookup(list, dst_name)) == NULL)
1232 return;
1233 cmd->skip_update = 1;
1235 dst_cmd = (struct command *) item->util;
1237 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1239 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1240 return;
1241 dst_cmd->skip_update = 1;
1243 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1245 " its target '%s' (%s..%s)",
1246 cmd->ref_name,
1247 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1248 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1249 dst_cmd->ref_name,
1250 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1251 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1252 cmd->error_string = dst_cmd->error_string =
1254 "inconsistent aliased update";
1255}
1256static void check_aliased_updates(struct command *commands)
1258{
1259 struct command *cmd;
1260 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1261 for (cmd = commands; cmd; cmd = cmd->next) {
1263 struct string_list_item *item =
1264 string_list_append(&ref_list, cmd->ref_name);
1265 item->util = (void *)cmd;
1266 }
1267 string_list_sort(&ref_list);
1268 for (cmd = commands; cmd; cmd = cmd->next) {
1270 if (!cmd->error_string)
1271 check_aliased_update(cmd, &ref_list);
1272 }
1273 string_list_clear(&ref_list, 0);
1275}
1276static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1278{
1279 struct command **cmd_list = cb_data;
1280 struct command *cmd = *cmd_list;
1281 if (!cmd || is_null_oid(&cmd->new_oid))
1283 return -1; /* end of list */
1284 *cmd_list = NULL; /* this returns only one */
1285 oidcpy(oid, &cmd->new_oid);
1286 return 0;
1287}
1288static void set_connectivity_errors(struct command *commands,
1290 struct shallow_info *si)
1291{
1292 struct command *cmd;
1293 for (cmd = commands; cmd; cmd = cmd->next) {
1295 struct command *singleton = cmd;
1296 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1297 if (shallow_update && si->shallow_ref[cmd->index])
1299 /* to be checked in update_shallow_ref() */
1300 continue;
1301 opt.env = tmp_objdir_env(tmp_objdir);
1303 if (!check_connected(command_singleton_iterator, &singleton,
1304 &opt))
1305 continue;
1306 cmd->error_string = "missing necessary objects";
1308 }
1309}
1310struct iterate_data {
1312 struct command *cmds;
1313 struct shallow_info *si;
1314};
1315static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1317{
1318 struct iterate_data *data = cb_data;
1319 struct command **cmd_list = &data->cmds;
1320 struct command *cmd = *cmd_list;
1321 for (; cmd; cmd = cmd->next) {
1323 if (shallow_update && data->si->shallow_ref[cmd->index])
1324 /* to be checked in update_shallow_ref() */
1325 continue;
1326 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1327 oidcpy(oid, &cmd->new_oid);
1328 *cmd_list = cmd->next;
1329 return 0;
1330 }
1331 }
1332 *cmd_list = NULL;
1333 return -1; /* end of list */
1334}
1335static void reject_updates_to_hidden(struct command *commands)
1337{
1338 struct strbuf refname_full = STRBUF_INIT;
1339 size_t prefix_len;
1340 struct command *cmd;
1341 strbuf_addstr(&refname_full, get_git_namespace());
1343 prefix_len = refname_full.len;
1344 for (cmd = commands; cmd; cmd = cmd->next) {
1346 if (cmd->error_string)
1347 continue;
1348 strbuf_setlen(&refname_full, prefix_len);
1350 strbuf_addstr(&refname_full, cmd->ref_name);
1351 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1353 continue;
1354 if (is_null_oid(&cmd->new_oid))
1355 cmd->error_string = "deny deleting a hidden ref";
1356 else
1357 cmd->error_string = "deny updating a hidden ref";
1358 }
1359 strbuf_release(&refname_full);
1361}
1362static int should_process_cmd(struct command *cmd)
1364{
1365 return !cmd->error_string && !cmd->skip_update;
1366}
1367static void warn_if_skipped_connectivity_check(struct command *commands,
1369 struct shallow_info *si)
1370{
1371 struct command *cmd;
1372 int checked_connectivity = 1;
1373 for (cmd = commands; cmd; cmd = cmd->next) {
1375 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1376 error("BUG: connectivity check has not been run on ref %s",
1377 cmd->ref_name);
1378 checked_connectivity = 0;
1379 }
1380 }
1381 if (!checked_connectivity)
1382 BUG("connectivity check skipped???");
1383}
1384static void execute_commands_non_atomic(struct command *commands,
1386 struct shallow_info *si)
1387{
1388 struct command *cmd;
1389 struct strbuf err = STRBUF_INIT;
1390 for (cmd = commands; cmd; cmd = cmd->next) {
1392 if (!should_process_cmd(cmd))
1393 continue;
1394 transaction = ref_transaction_begin(&err);
1396 if (!transaction) {
1397 rp_error("%s", err.buf);
1398 strbuf_reset(&err);
1399 cmd->error_string = "transaction failed to start";
1400 continue;
1401 }
1402 cmd->error_string = update(cmd, si);
1404 if (!cmd->error_string
1406 && ref_transaction_commit(transaction, &err)) {
1407 rp_error("%s", err.buf);
1408 strbuf_reset(&err);
1409 cmd->error_string = "failed to update ref";
1410 }
1411 ref_transaction_free(transaction);
1412 }
1413 strbuf_release(&err);
1414}
1415static void execute_commands_atomic(struct command *commands,
1417 struct shallow_info *si)
1418{
1419 struct command *cmd;
1420 struct strbuf err = STRBUF_INIT;
1421 const char *reported_error = "atomic push failure";
1422 transaction = ref_transaction_begin(&err);
1424 if (!transaction) {
1425 rp_error("%s", err.buf);
1426 strbuf_reset(&err);
1427 reported_error = "transaction failed to start";
1428 goto failure;
1429 }
1430 for (cmd = commands; cmd; cmd = cmd->next) {
1432 if (!should_process_cmd(cmd))
1433 continue;
1434 cmd->error_string = update(cmd, si);
1436 if (cmd->error_string)
1438 goto failure;
1439 }
1440 if (ref_transaction_commit(transaction, &err)) {
1442 rp_error("%s", err.buf);
1443 reported_error = "atomic transaction failed";
1444 goto failure;
1445 }
1446 goto cleanup;
1447failure:
1449 for (cmd = commands; cmd; cmd = cmd->next)
1450 if (!cmd->error_string)
1451 cmd->error_string = reported_error;
1452cleanup:
1454 ref_transaction_free(transaction);
1455 strbuf_release(&err);
1456}
1457static void execute_commands(struct command *commands,
1459 const char *unpacker_error,
1460 struct shallow_info *si,
1461 const struct string_list *push_options)
1462{
1463 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1464 struct command *cmd;
1465 struct iterate_data data;
1466 struct async muxer;
1467 int err_fd = 0;
1468 if (unpacker_error) {
1470 for (cmd = commands; cmd; cmd = cmd->next)
1471 cmd->error_string = "unpacker error";
1472 return;
1473 }
1474 if (use_sideband) {
1476 memset(&muxer, 0, sizeof(muxer));
1477 muxer.proc = copy_to_sideband;
1478 muxer.in = -1;
1479 if (!start_async(&muxer))
1480 err_fd = muxer.in;
1481 /* ...else, continue without relaying sideband */
1482 }
1483 data.cmds = commands;
1485 data.si = si;
1486 opt.err_fd = err_fd;
1487 opt.progress = err_fd && !quiet;
1488 opt.env = tmp_objdir_env(tmp_objdir);
1489 if (check_connected(iterate_receive_command_list, &data, &opt))
1490 set_connectivity_errors(commands, si);
1491 if (use_sideband)
1493 finish_async(&muxer);
1494 reject_updates_to_hidden(commands);
1496 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1498 for (cmd = commands; cmd; cmd = cmd->next) {
1499 if (!cmd->error_string)
1500 cmd->error_string = "pre-receive hook declined";
1501 }
1502 return;
1503 }
1504 /*
1506 * Now we'll start writing out refs, which means the objects need
1507 * to be in their final positions so that other processes can see them.
1508 */
1509 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1510 for (cmd = commands; cmd; cmd = cmd->next) {
1511 if (!cmd->error_string)
1512 cmd->error_string = "unable to migrate objects to permanent storage";
1513 }
1514 return;
1515 }
1516 tmp_objdir = NULL;
1517 check_aliased_updates(commands);
1519 free(head_name_to_free);
1521 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1522 if (use_atomic)
1524 execute_commands_atomic(commands, si);
1525 else
1526 execute_commands_non_atomic(commands, si);
1527 if (shallow_update)
1529 warn_if_skipped_connectivity_check(commands, si);
1530}
1531static struct command **queue_command(struct command **tail,
1533 const char *line,
1534 int linelen)
1535{
1536 struct object_id old_oid, new_oid;
1537 struct command *cmd;
1538 const char *refname;
1539 int reflen;
1540 const char *p;
1541 if (parse_oid_hex(line, &old_oid, &p) ||
1543 *p++ != ' ' ||
1544 parse_oid_hex(p, &new_oid, &p) ||
1545 *p++ != ' ')
1546 die("protocol error: expected old/new/ref, got '%s'", line);
1547 refname = p;
1549 reflen = linelen - (p - line);
1550 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1551 oidcpy(&cmd->old_oid, &old_oid);
1552 oidcpy(&cmd->new_oid, &new_oid);
1553 *tail = cmd;
1554 return &cmd->next;
1555}
1556static void queue_commands_from_cert(struct command **tail,
1558 struct strbuf *push_cert)
1559{
1560 const char *boc, *eoc;
1561 if (*tail)
1563 die("protocol error: got both push certificate and unsigned commands");
1564 boc = strstr(push_cert->buf, "\n\n");
1566 if (!boc)
1567 die("malformed push certificate %.*s", 100, push_cert->buf);
1568 else
1569 boc += 2;
1570 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1571 while (boc < eoc) {
1573 const char *eol = memchr(boc, '\n', eoc - boc);
1574 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1575 boc = eol ? eol + 1 : eoc;
1576 }
1577}
1578static struct command *read_head_info(struct oid_array *shallow)
1580{
1581 struct command *commands = NULL;
1582 struct command **p = &commands;
1583 for (;;) {
1584 char *line;
1585 int len, linelen;
1586 line = packet_read_line(0, &len);
1588 if (!line)
1589 break;
1590 if (len > 8 && starts_with(line, "shallow ")) {
1592 struct object_id oid;
1593 if (get_oid_hex(line + 8, &oid))
1594 die("protocol error: expected shallow sha, got '%s'",
1595 line + 8);
1596 oid_array_append(shallow, &oid);
1597 continue;
1598 }
1599 linelen = strlen(line);
1601 if (linelen < len) {
1602 const char *feature_list = line + linelen + 1;
1603 if (parse_feature_request(feature_list, "report-status"))
1604 report_status = 1;
1605 if (parse_feature_request(feature_list, "side-band-64k"))
1606 use_sideband = LARGE_PACKET_MAX;
1607 if (parse_feature_request(feature_list, "quiet"))
1608 quiet = 1;
1609 if (advertise_atomic_push
1610 && parse_feature_request(feature_list, "atomic"))
1611 use_atomic = 1;
1612 if (advertise_push_options
1613 && parse_feature_request(feature_list, "push-options"))
1614 use_push_options = 1;
1615 }
1616 if (!strcmp(line, "push-cert")) {
1618 int true_flush = 0;
1619 char certbuf[1024];
1620 for (;;) {
1622 len = packet_read(0, NULL, NULL,
1623 certbuf, sizeof(certbuf), 0);
1624 if (!len) {
1625 true_flush = 1;
1626 break;
1627 }
1628 if (!strcmp(certbuf, "push-cert-end\n"))
1629 break; /* end of cert */
1630 strbuf_addstr(&push_cert, certbuf);
1631 }
1632 if (true_flush)
1634 break;
1635 continue;
1636 }
1637 p = queue_command(p, line, linelen);
1639 }
1640 if (push_cert.len)
1642 queue_commands_from_cert(p, &push_cert);
1643 return commands;
1645}
1646static void read_push_options(struct string_list *options)
1648{
1649 while (1) {
1650 char *line;
1651 int len;
1652 line = packet_read_line(0, &len);
1654 if (!line)
1656 break;
1657 string_list_append(options, line);
1659 }
1660}
1661static const char *parse_pack_header(struct pack_header *hdr)
1663{
1664 switch (read_pack_header(0, hdr)) {
1665 case PH_ERROR_EOF:
1666 return "eof before pack header was fully read";
1667 case PH_ERROR_PACK_SIGNATURE:
1669 return "protocol error (pack signature mismatch detected)";
1670 case PH_ERROR_PROTOCOL:
1672 return "protocol error (pack version unsupported)";
1673 default:
1675 return "unknown error in parse_pack_header";
1676 case 0:
1678 return NULL;
1679 }
1680}
1681static const char *pack_lockfile;
1683static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1685{
1686 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1687 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1688}
1689static const char *unpack(int err_fd, struct shallow_info *si)
1691{
1692 struct pack_header hdr;
1693 const char *hdr_err;
1694 int status;
1695 struct child_process child = CHILD_PROCESS_INIT;
1696 int fsck_objects = (receive_fsck_objects >= 0
1697 ? receive_fsck_objects
1698 : transfer_fsck_objects >= 0
1699 ? transfer_fsck_objects
1700 : 0);
1701 hdr_err = parse_pack_header(&hdr);
1703 if (hdr_err) {
1704 if (err_fd > 0)
1705 close(err_fd);
1706 return hdr_err;
1707 }
1708 if (si->nr_ours || si->nr_theirs) {
1710 alt_shallow_file = setup_temporary_shallow(si->shallow);
1711 argv_array_push(&child.args, "--shallow-file");
1712 argv_array_push(&child.args, alt_shallow_file);
1713 }
1714 tmp_objdir = tmp_objdir_create();
1716 if (!tmp_objdir) {
1717 if (err_fd > 0)
1718 close(err_fd);
1719 return "unable to create temporary object directory";
1720 }
1721 child.env = tmp_objdir_env(tmp_objdir);
1722 /*
1724 * Normally we just pass the tmp_objdir environment to the child
1725 * processes that do the heavy lifting, but we may need to see these
1726 * objects ourselves to set up shallow information.
1727 */
1728 tmp_objdir_add_as_alternate(tmp_objdir);
1729 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1731 argv_array_push(&child.args, "unpack-objects");
1732 push_header_arg(&child.args, &hdr);
1733 if (quiet)
1734 argv_array_push(&child.args, "-q");
1735 if (fsck_objects)
1736 argv_array_pushf(&child.args, "--strict%s",
1737 fsck_msg_types.buf);
1738 if (max_input_size)
1739 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1740 (uintmax_t)max_input_size);
1741 child.no_stdout = 1;
1742 child.err = err_fd;
1743 child.git_cmd = 1;
1744 status = run_command(&child);
1745 if (status)
1746 return "unpack-objects abnormal exit";
1747 } else {
1748 char hostname[HOST_NAME_MAX + 1];
1749 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1751 push_header_arg(&child.args, &hdr);
1752 if (xgethostname(hostname, sizeof(hostname)))
1754 xsnprintf(hostname, sizeof(hostname), "localhost");
1755 argv_array_pushf(&child.args,
1756 "--keep=receive-pack %"PRIuMAX" on %s",
1757 (uintmax_t)getpid(),
1758 hostname);
1759 if (!quiet && err_fd)
1761 argv_array_push(&child.args, "--show-resolving-progress");
1762 if (use_sideband)
1763 argv_array_push(&child.args, "--report-end-of-input");
1764 if (fsck_objects)
1765 argv_array_pushf(&child.args, "--strict%s",
1766 fsck_msg_types.buf);
1767 if (!reject_thin)
1768 argv_array_push(&child.args, "--fix-thin");
1769 if (max_input_size)
1770 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1771 (uintmax_t)max_input_size);
1772 child.out = -1;
1773 child.err = err_fd;
1774 child.git_cmd = 1;
1775 status = start_command(&child);
1776 if (status)
1777 return "index-pack fork failed";
1778 pack_lockfile = index_pack_lockfile(child.out);
1779 close(child.out);
1780 status = finish_command(&child);
1781 if (status)
1782 return "index-pack abnormal exit";
1783 reprepare_packed_git(the_repository);
1784 }
1785 return NULL;
1786}
1787static const char *unpack_with_sideband(struct shallow_info *si)
1789{
1790 struct async muxer;
1791 const char *ret;
1792 if (!use_sideband)
1794 return unpack(0, si);
1795 use_keepalive = KEEPALIVE_AFTER_NUL;
1797 memset(&muxer, 0, sizeof(muxer));
1798 muxer.proc = copy_to_sideband;
1799 muxer.in = -1;
1800 if (start_async(&muxer))
1801 return NULL;
1802 ret = unpack(muxer.in, si);
1804 finish_async(&muxer);
1806 return ret;
1807}
1808static void prepare_shallow_update(struct command *commands,
1810 struct shallow_info *si)
1811{
1812 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1813 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1815 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1816 si->need_reachability_test =
1818 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1819 si->reachable =
1820 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1821 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1822 for (i = 0; i < si->nr_ours; i++)
1824 si->need_reachability_test[si->ours[i]] = 1;
1825 for (i = 0; i < si->shallow->nr; i++) {
1827 if (!si->used_shallow[i])
1828 continue;
1829 for (j = 0; j < bitmap_size; j++) {
1830 if (!si->used_shallow[i][j])
1831 continue;
1832 si->need_reachability_test[i]++;
1833 for (k = 0; k < 32; k++)
1834 if (si->used_shallow[i][j] & (1U << k))
1835 si->shallow_ref[j * 32 + k]++;
1836 }
1837 /*
1839 * true for those associated with some refs and belong
1840 * in "ours" list aka "step 7 not done yet"
1841 */
1842 si->need_reachability_test[i] =
1843 si->need_reachability_test[i] > 1;
1844 }
1845 /*
1847 * keep hooks happy by forcing a temporary shallow file via
1848 * env variable because we can't add --shallow-file to every
1849 * command. check_everything_connected() will be done with
1850 * true .git/shallow though.
1851 */
1852 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1853}
1854static void update_shallow_info(struct command *commands,
1856 struct shallow_info *si,
1857 struct oid_array *ref)
1858{
1859 struct command *cmd;
1860 int *ref_status;
1861 remove_nonexistent_theirs_shallow(si);
1862 if (!si->nr_ours && !si->nr_theirs) {
1863 shallow_update = 0;
1864 return;
1865 }
1866 for (cmd = commands; cmd; cmd = cmd->next) {
1868 if (is_null_oid(&cmd->new_oid))
1869 continue;
1870 oid_array_append(ref, &cmd->new_oid);
1871 cmd->index = ref->nr - 1;
1872 }
1873 si->ref = ref;
1874 if (shallow_update) {
1876 prepare_shallow_update(commands, si);
1877 return;
1878 }
1879 ALLOC_ARRAY(ref_status, ref->nr);
1881 assign_shallow_commits_to_refs(si, NULL, ref_status);
1882 for (cmd = commands; cmd; cmd = cmd->next) {
1883 if (is_null_oid(&cmd->new_oid))
1884 continue;
1885 if (ref_status[cmd->index]) {
1886 cmd->error_string = "shallow update not allowed";
1887 cmd->skip_update = 1;
1888 }
1889 }
1890 free(ref_status);
1891}
1892static void report(struct command *commands, const char *unpack_status)
1894{
1895 struct command *cmd;
1896 struct strbuf buf = STRBUF_INIT;
1897 packet_buf_write(&buf, "unpack %s\n",
1899 unpack_status ? unpack_status : "ok");
1900 for (cmd = commands; cmd; cmd = cmd->next) {
1901 if (!cmd->error_string)
1902 packet_buf_write(&buf, "ok %s\n",
1903 cmd->ref_name);
1904 else
1905 packet_buf_write(&buf, "ng %s %s\n",
1906 cmd->ref_name, cmd->error_string);
1907 }
1908 packet_buf_flush(&buf);
1909 if (use_sideband)
1911 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1912 else
1913 write_or_die(1, buf.buf, buf.len);
1914 strbuf_release(&buf);
1915}
1916static int delete_only(struct command *commands)
1918{
1919 struct command *cmd;
1920 for (cmd = commands; cmd; cmd = cmd->next) {
1921 if (!is_null_oid(&cmd->new_oid))
1922 return 0;
1923 }
1924 return 1;
1925}
1926int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1928{
1929 int advertise_refs = 0;
1930 struct command *commands;
1931 struct oid_array shallow = OID_ARRAY_INIT;
1932 struct oid_array ref = OID_ARRAY_INIT;
1933 struct shallow_info si;
1934 struct option options[] = {
1936 OPT__QUIET(&quiet, N_("quiet")),
1937 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1938 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1939 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1940 OPT_END()
1941 };
1942 packet_trace_identity("receive-pack");
1944 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1946 if (argc > 1)
1948 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1949 if (argc == 0)
1950 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1951 service_dir = argv[0];
1953 setup_path();
1955 if (!enter_repo(service_dir, 0))
1957 die("'%s' does not appear to be a git repository", service_dir);
1958 git_config(receive_pack_config, NULL);
1960 if (cert_nonce_seed)
1961 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1962 if (0 <= transfer_unpack_limit)
1964 unpack_limit = transfer_unpack_limit;
1965 else if (0 <= receive_unpack_limit)
1966 unpack_limit = receive_unpack_limit;
1967 switch (determine_protocol_version_server()) {
1969 case protocol_v2:
1970 /*
1971 * push support for protocol v2 has not been implemented yet,
1972 * so ignore the request to use v2 and fallback to using v0.
1973 */
1974 break;
1975 case protocol_v1:
1976 /*
1977 * v1 is just the original protocol with a version string,
1978 * so just fall through after writing the version string.
1979 */
1980 if (advertise_refs || !stateless_rpc)
1981 packet_write_fmt(1, "version 1\n");
1982 /* fallthrough */
1984 case protocol_v0:
1985 break;
1986 case protocol_unknown_version:
1987 BUG("unknown protocol version");
1988 }
1989 if (advertise_refs || !stateless_rpc) {
1991 write_head_info();
1992 }
1993 if (advertise_refs)
1994 return 0;
1995 if ((commands = read_head_info(&shallow)) != NULL) {
1997 const char *unpack_status = NULL;
1998 struct string_list push_options = STRING_LIST_INIT_DUP;
1999 if (use_push_options)
2001 read_push_options(&push_options);
2002 if (!check_cert_push_options(&push_options)) {
2003 struct command *cmd;
2004 for (cmd = commands; cmd; cmd = cmd->next)
2005 cmd->error_string = "inconsistent push options";
2006 }
2007 prepare_shallow_info(&si, &shallow);
2009 if (!si.nr_ours && !si.nr_theirs)
2010 shallow_update = 0;
2011 if (!delete_only(commands)) {
2012 unpack_status = unpack_with_sideband(&si);
2013 update_shallow_info(commands, &si, &ref);
2014 }
2015 use_keepalive = KEEPALIVE_ALWAYS;
2016 execute_commands(commands, unpack_status, &si,
2017 &push_options);
2018 if (pack_lockfile)
2019 unlink_or_warn(pack_lockfile);
2020 if (report_status)
2021 report(commands, unpack_status);
2022 run_receive_hook(commands, "post-receive", 1,
2023 &push_options);
2024 run_update_post_hook(commands);
2025 string_list_clear(&push_options, 0);
2026 if (auto_gc) {
2027 const char *argv_gc_auto[] = {
2028 "gc", "--auto", "--quiet", NULL,
2029 };
2030 struct child_process proc = CHILD_PROCESS_INIT;
2031 proc.no_stdin = 1;
2033 proc.stdout_to_stderr = 1;
2034 proc.err = use_sideband ? -1 : 0;
2035 proc.git_cmd = 1;
2036 proc.argv = argv_gc_auto;
2037 close_all_packs(the_repository->objects);
2039 if (!start_command(&proc)) {
2040 if (use_sideband)
2041 copy_to_sideband(proc.err, -1, NULL);
2042 finish_command(&proc);
2043 }
2044 }
2045 if (auto_update_server_info)
2046 update_server_info(0);
2047 clear_shallow_info(&si);
2048 }
2049 if (use_sideband)
2050 packet_flush(1);
2051 oid_array_clear(&shallow);
2052 oid_array_clear(&ref);
2053 free((void *)push_cert_nonce);
2054 return 0;
2055}