send-pack.con commit rebase -p: error out if --signoff is given (b79966a)
   1#include "builtin.h"
   2#include "config.h"
   3#include "commit.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "remote.h"
   9#include "connect.h"
  10#include "send-pack.h"
  11#include "quote.h"
  12#include "transport.h"
  13#include "version.h"
  14#include "sha1-array.h"
  15#include "gpg-interface.h"
  16#include "cache.h"
  17
  18int option_parse_push_signed(const struct option *opt,
  19                             const char *arg, int unset)
  20{
  21        if (unset) {
  22                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
  23                return 0;
  24        }
  25        switch (git_parse_maybe_bool(arg)) {
  26        case 1:
  27                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_ALWAYS;
  28                return 0;
  29        case 0:
  30                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
  31                return 0;
  32        }
  33        if (!strcasecmp("if-asked", arg)) {
  34                *(int *)(opt->value) = SEND_PACK_PUSH_CERT_IF_ASKED;
  35                return 0;
  36        }
  37        die("bad %s argument: %s", opt->long_name, arg);
  38}
  39
  40static void feed_object(const unsigned char *sha1, FILE *fh, int negative)
  41{
  42        if (negative && !has_sha1_file(sha1))
  43                return;
  44
  45        if (negative)
  46                putc('^', fh);
  47        fputs(sha1_to_hex(sha1), fh);
  48        putc('\n', fh);
  49}
  50
  51/*
  52 * Make a pack stream and spit it out into file descriptor fd
  53 */
  54static int pack_objects(int fd, struct ref *refs, struct oid_array *extra, struct send_pack_args *args)
  55{
  56        /*
  57         * The child becomes pack-objects --revs; we feed
  58         * the revision parameters to it via its stdin and
  59         * let its stdout go back to the other end.
  60         */
  61        struct child_process po = CHILD_PROCESS_INIT;
  62        FILE *po_in;
  63        int i;
  64        int rc;
  65
  66        argv_array_push(&po.args, "pack-objects");
  67        argv_array_push(&po.args, "--all-progress-implied");
  68        argv_array_push(&po.args, "--revs");
  69        argv_array_push(&po.args, "--stdout");
  70        if (args->use_thin_pack)
  71                argv_array_push(&po.args, "--thin");
  72        if (args->use_ofs_delta)
  73                argv_array_push(&po.args, "--delta-base-offset");
  74        if (args->quiet || !args->progress)
  75                argv_array_push(&po.args, "-q");
  76        if (args->progress)
  77                argv_array_push(&po.args, "--progress");
  78        if (is_repository_shallow())
  79                argv_array_push(&po.args, "--shallow");
  80        po.in = -1;
  81        po.out = args->stateless_rpc ? -1 : fd;
  82        po.git_cmd = 1;
  83        if (start_command(&po))
  84                die_errno("git pack-objects failed");
  85
  86        /*
  87         * We feed the pack-objects we just spawned with revision
  88         * parameters by writing to the pipe.
  89         */
  90        po_in = xfdopen(po.in, "w");
  91        for (i = 0; i < extra->nr; i++)
  92                feed_object(extra->oid[i].hash, po_in, 1);
  93
  94        while (refs) {
  95                if (!is_null_oid(&refs->old_oid))
  96                        feed_object(refs->old_oid.hash, po_in, 1);
  97                if (!is_null_oid(&refs->new_oid))
  98                        feed_object(refs->new_oid.hash, po_in, 0);
  99                refs = refs->next;
 100        }
 101
 102        fflush(po_in);
 103        if (ferror(po_in))
 104                die_errno("error writing to pack-objects");
 105        fclose(po_in);
 106
 107        if (args->stateless_rpc) {
 108                char *buf = xmalloc(LARGE_PACKET_MAX);
 109                while (1) {
 110                        ssize_t n = xread(po.out, buf, LARGE_PACKET_MAX);
 111                        if (n <= 0)
 112                                break;
 113                        send_sideband(fd, -1, buf, n, LARGE_PACKET_MAX);
 114                }
 115                free(buf);
 116                close(po.out);
 117                po.out = -1;
 118        }
 119
 120        rc = finish_command(&po);
 121        if (rc) {
 122                /*
 123                 * For a normal non-zero exit, we assume pack-objects wrote
 124                 * something useful to stderr. For death by signal, though,
 125                 * we should mention it to the user. The exception is SIGPIPE
 126                 * (141), because that's a normal occurrence if the remote end
 127                 * hangs up (and we'll report that by trying to read the unpack
 128                 * status).
 129                 */
 130                if (rc > 128 && rc != 141)
 131                        error("pack-objects died of signal %d", rc - 128);
 132                return -1;
 133        }
 134        return 0;
 135}
 136
 137static int receive_unpack_status(int in)
 138{
 139        const char *line = packet_read_line(in, NULL);
 140        if (!skip_prefix(line, "unpack ", &line))
 141                return error(_("unable to parse remote unpack status: %s"), line);
 142        if (strcmp(line, "ok"))
 143                return error(_("remote unpack failed: %s"), line);
 144        return 0;
 145}
 146
 147static int receive_status(int in, struct ref *refs)
 148{
 149        struct ref *hint;
 150        int ret;
 151
 152        hint = NULL;
 153        ret = receive_unpack_status(in);
 154        while (1) {
 155                char *refname;
 156                char *msg;
 157                char *line = packet_read_line(in, NULL);
 158                if (!line)
 159                        break;
 160                if (!starts_with(line, "ok ") && !starts_with(line, "ng ")) {
 161                        error("invalid ref status from remote: %s", line);
 162                        ret = -1;
 163                        break;
 164                }
 165
 166                refname = line + 3;
 167                msg = strchr(refname, ' ');
 168                if (msg)
 169                        *msg++ = '\0';
 170
 171                /* first try searching at our hint, falling back to all refs */
 172                if (hint)
 173                        hint = find_ref_by_name(hint, refname);
 174                if (!hint)
 175                        hint = find_ref_by_name(refs, refname);
 176                if (!hint) {
 177                        warning("remote reported status on unknown ref: %s",
 178                                        refname);
 179                        continue;
 180                }
 181                if (hint->status != REF_STATUS_EXPECTING_REPORT) {
 182                        warning("remote reported status on unexpected ref: %s",
 183                                        refname);
 184                        continue;
 185                }
 186
 187                if (line[0] == 'o' && line[1] == 'k')
 188                        hint->status = REF_STATUS_OK;
 189                else {
 190                        hint->status = REF_STATUS_REMOTE_REJECT;
 191                        ret = -1;
 192                }
 193                hint->remote_status = xstrdup_or_null(msg);
 194                /* start our next search from the next ref */
 195                hint = hint->next;
 196        }
 197        return ret;
 198}
 199
 200static int sideband_demux(int in, int out, void *data)
 201{
 202        int *fd = data, ret;
 203#ifdef NO_PTHREADS
 204        close(fd[1]);
 205#endif
 206        ret = recv_sideband("send-pack", fd[0], out);
 207        close(out);
 208        return ret;
 209}
 210
 211static int advertise_shallow_grafts_cb(const struct commit_graft *graft, void *cb)
 212{
 213        struct strbuf *sb = cb;
 214        if (graft->nr_parent == -1)
 215                packet_buf_write(sb, "shallow %s\n", oid_to_hex(&graft->oid));
 216        return 0;
 217}
 218
 219static void advertise_shallow_grafts_buf(struct strbuf *sb)
 220{
 221        if (!is_repository_shallow())
 222                return;
 223        for_each_commit_graft(advertise_shallow_grafts_cb, sb);
 224}
 225
 226#define CHECK_REF_NO_PUSH -1
 227#define CHECK_REF_STATUS_REJECTED -2
 228#define CHECK_REF_UPTODATE -3
 229static int check_to_send_update(const struct ref *ref, const struct send_pack_args *args)
 230{
 231        if (!ref->peer_ref && !args->send_mirror)
 232                return CHECK_REF_NO_PUSH;
 233
 234        /* Check for statuses set by set_ref_status_for_push() */
 235        switch (ref->status) {
 236        case REF_STATUS_REJECT_NONFASTFORWARD:
 237        case REF_STATUS_REJECT_ALREADY_EXISTS:
 238        case REF_STATUS_REJECT_FETCH_FIRST:
 239        case REF_STATUS_REJECT_NEEDS_FORCE:
 240        case REF_STATUS_REJECT_STALE:
 241        case REF_STATUS_REJECT_NODELETE:
 242                return CHECK_REF_STATUS_REJECTED;
 243        case REF_STATUS_UPTODATE:
 244                return CHECK_REF_UPTODATE;
 245        default:
 246                return 0;
 247        }
 248}
 249
 250/*
 251 * the beginning of the next line, or the end of buffer.
 252 *
 253 * NEEDSWORK: perhaps move this to git-compat-util.h or somewhere and
 254 * convert many similar uses found by "git grep -A4 memchr".
 255 */
 256static const char *next_line(const char *line, size_t len)
 257{
 258        const char *nl = memchr(line, '\n', len);
 259        if (!nl)
 260                return line + len; /* incomplete line */
 261        return nl + 1;
 262}
 263
 264static int generate_push_cert(struct strbuf *req_buf,
 265                              const struct ref *remote_refs,
 266                              struct send_pack_args *args,
 267                              const char *cap_string,
 268                              const char *push_cert_nonce)
 269{
 270        const struct ref *ref;
 271        struct string_list_item *item;
 272        char *signing_key = xstrdup(get_signing_key());
 273        const char *cp, *np;
 274        struct strbuf cert = STRBUF_INIT;
 275        int update_seen = 0;
 276
 277        strbuf_addstr(&cert, "certificate version 0.1\n");
 278        strbuf_addf(&cert, "pusher %s ", signing_key);
 279        datestamp(&cert);
 280        strbuf_addch(&cert, '\n');
 281        if (args->url && *args->url) {
 282                char *anon_url = transport_anonymize_url(args->url);
 283                strbuf_addf(&cert, "pushee %s\n", anon_url);
 284                free(anon_url);
 285        }
 286        if (push_cert_nonce[0])
 287                strbuf_addf(&cert, "nonce %s\n", push_cert_nonce);
 288        if (args->push_options)
 289                for_each_string_list_item(item, args->push_options)
 290                        strbuf_addf(&cert, "push-option %s\n", item->string);
 291        strbuf_addstr(&cert, "\n");
 292
 293        for (ref = remote_refs; ref; ref = ref->next) {
 294                if (check_to_send_update(ref, args) < 0)
 295                        continue;
 296                update_seen = 1;
 297                strbuf_addf(&cert, "%s %s %s\n",
 298                            oid_to_hex(&ref->old_oid),
 299                            oid_to_hex(&ref->new_oid),
 300                            ref->name);
 301        }
 302        if (!update_seen)
 303                goto free_return;
 304
 305        if (sign_buffer(&cert, &cert, signing_key))
 306                die(_("failed to sign the push certificate"));
 307
 308        packet_buf_write(req_buf, "push-cert%c%s", 0, cap_string);
 309        for (cp = cert.buf; cp < cert.buf + cert.len; cp = np) {
 310                np = next_line(cp, cert.buf + cert.len - cp);
 311                packet_buf_write(req_buf,
 312                                 "%.*s", (int)(np - cp), cp);
 313        }
 314        packet_buf_write(req_buf, "push-cert-end\n");
 315
 316free_return:
 317        free(signing_key);
 318        strbuf_release(&cert);
 319        return update_seen;
 320}
 321
 322
 323static int atomic_push_failure(struct send_pack_args *args,
 324                               struct ref *remote_refs,
 325                               struct ref *failing_ref)
 326{
 327        struct ref *ref;
 328        /* Mark other refs as failed */
 329        for (ref = remote_refs; ref; ref = ref->next) {
 330                if (!ref->peer_ref && !args->send_mirror)
 331                        continue;
 332
 333                switch (ref->status) {
 334                case REF_STATUS_EXPECTING_REPORT:
 335                        ref->status = REF_STATUS_ATOMIC_PUSH_FAILED;
 336                        continue;
 337                default:
 338                        break; /* do nothing */
 339                }
 340        }
 341        return error("atomic push failed for ref %s. status: %d\n",
 342                     failing_ref->name, failing_ref->status);
 343}
 344
 345#define NONCE_LEN_LIMIT 256
 346
 347static void reject_invalid_nonce(const char *nonce, int len)
 348{
 349        int i = 0;
 350
 351        if (NONCE_LEN_LIMIT <= len)
 352                die("the receiving end asked to sign an invalid nonce <%.*s>",
 353                    len, nonce);
 354
 355        for (i = 0; i < len; i++) {
 356                int ch = nonce[i] & 0xFF;
 357                if (isalnum(ch) ||
 358                    ch == '-' || ch == '.' ||
 359                    ch == '/' || ch == '+' ||
 360                    ch == '=' || ch == '_')
 361                        continue;
 362                die("the receiving end asked to sign an invalid nonce <%.*s>",
 363                    len, nonce);
 364        }
 365}
 366
 367int send_pack(struct send_pack_args *args,
 368              int fd[], struct child_process *conn,
 369              struct ref *remote_refs,
 370              struct oid_array *extra_have)
 371{
 372        int in = fd[0];
 373        int out = fd[1];
 374        struct strbuf req_buf = STRBUF_INIT;
 375        struct strbuf cap_buf = STRBUF_INIT;
 376        struct ref *ref;
 377        int need_pack_data = 0;
 378        int allow_deleting_refs = 0;
 379        int status_report = 0;
 380        int use_sideband = 0;
 381        int quiet_supported = 0;
 382        int agent_supported = 0;
 383        int use_atomic = 0;
 384        int atomic_supported = 0;
 385        int use_push_options = 0;
 386        int push_options_supported = 0;
 387        unsigned cmds_sent = 0;
 388        int ret;
 389        struct async demux;
 390        const char *push_cert_nonce = NULL;
 391
 392        /* Does the other end support the reporting? */
 393        if (server_supports("report-status"))
 394                status_report = 1;
 395        if (server_supports("delete-refs"))
 396                allow_deleting_refs = 1;
 397        if (server_supports("ofs-delta"))
 398                args->use_ofs_delta = 1;
 399        if (server_supports("side-band-64k"))
 400                use_sideband = 1;
 401        if (server_supports("quiet"))
 402                quiet_supported = 1;
 403        if (server_supports("agent"))
 404                agent_supported = 1;
 405        if (server_supports("no-thin"))
 406                args->use_thin_pack = 0;
 407        if (server_supports("atomic"))
 408                atomic_supported = 1;
 409        if (server_supports("push-options"))
 410                push_options_supported = 1;
 411
 412        if (args->push_cert != SEND_PACK_PUSH_CERT_NEVER) {
 413                int len;
 414                push_cert_nonce = server_feature_value("push-cert", &len);
 415                if (push_cert_nonce) {
 416                        reject_invalid_nonce(push_cert_nonce, len);
 417                        push_cert_nonce = xmemdupz(push_cert_nonce, len);
 418                } else if (args->push_cert == SEND_PACK_PUSH_CERT_ALWAYS) {
 419                        die(_("the receiving end does not support --signed push"));
 420                } else if (args->push_cert == SEND_PACK_PUSH_CERT_IF_ASKED) {
 421                        warning(_("not sending a push certificate since the"
 422                                  " receiving end does not support --signed"
 423                                  " push"));
 424                }
 425        }
 426
 427        if (!remote_refs) {
 428                fprintf(stderr, "No refs in common and none specified; doing nothing.\n"
 429                        "Perhaps you should specify a branch such as 'master'.\n");
 430                return 0;
 431        }
 432        if (args->atomic && !atomic_supported)
 433                die(_("the receiving end does not support --atomic push"));
 434
 435        use_atomic = atomic_supported && args->atomic;
 436
 437        if (args->push_options && !push_options_supported)
 438                die(_("the receiving end does not support push options"));
 439
 440        use_push_options = push_options_supported && args->push_options;
 441
 442        if (status_report)
 443                strbuf_addstr(&cap_buf, " report-status");
 444        if (use_sideband)
 445                strbuf_addstr(&cap_buf, " side-band-64k");
 446        if (quiet_supported && (args->quiet || !args->progress))
 447                strbuf_addstr(&cap_buf, " quiet");
 448        if (use_atomic)
 449                strbuf_addstr(&cap_buf, " atomic");
 450        if (use_push_options)
 451                strbuf_addstr(&cap_buf, " push-options");
 452        if (agent_supported)
 453                strbuf_addf(&cap_buf, " agent=%s", git_user_agent_sanitized());
 454
 455        /*
 456         * NEEDSWORK: why does delete-refs have to be so specific to
 457         * send-pack machinery that set_ref_status_for_push() cannot
 458         * set this bit for us???
 459         */
 460        for (ref = remote_refs; ref; ref = ref->next)
 461                if (ref->deletion && !allow_deleting_refs)
 462                        ref->status = REF_STATUS_REJECT_NODELETE;
 463
 464        if (!args->dry_run)
 465                advertise_shallow_grafts_buf(&req_buf);
 466
 467        if (!args->dry_run && push_cert_nonce)
 468                cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
 469                                               cap_buf.buf, push_cert_nonce);
 470
 471        /*
 472         * Clear the status for each ref and see if we need to send
 473         * the pack data.
 474         */
 475        for (ref = remote_refs; ref; ref = ref->next) {
 476                switch (check_to_send_update(ref, args)) {
 477                case 0: /* no error */
 478                        break;
 479                case CHECK_REF_STATUS_REJECTED:
 480                        /*
 481                         * When we know the server would reject a ref update if
 482                         * we were to send it and we're trying to send the refs
 483                         * atomically, abort the whole operation.
 484                         */
 485                        if (use_atomic) {
 486                                strbuf_release(&req_buf);
 487                                strbuf_release(&cap_buf);
 488                                return atomic_push_failure(args, remote_refs, ref);
 489                        }
 490                        /* else fallthrough */
 491                default:
 492                        continue;
 493                }
 494                if (!ref->deletion)
 495                        need_pack_data = 1;
 496
 497                if (args->dry_run || !status_report)
 498                        ref->status = REF_STATUS_OK;
 499                else
 500                        ref->status = REF_STATUS_EXPECTING_REPORT;
 501        }
 502
 503        /*
 504         * Finally, tell the other end!
 505         */
 506        for (ref = remote_refs; ref; ref = ref->next) {
 507                char *old_hex, *new_hex;
 508
 509                if (args->dry_run || push_cert_nonce)
 510                        continue;
 511
 512                if (check_to_send_update(ref, args) < 0)
 513                        continue;
 514
 515                old_hex = oid_to_hex(&ref->old_oid);
 516                new_hex = oid_to_hex(&ref->new_oid);
 517                if (!cmds_sent) {
 518                        packet_buf_write(&req_buf,
 519                                         "%s %s %s%c%s",
 520                                         old_hex, new_hex, ref->name, 0,
 521                                         cap_buf.buf);
 522                        cmds_sent = 1;
 523                } else {
 524                        packet_buf_write(&req_buf, "%s %s %s",
 525                                         old_hex, new_hex, ref->name);
 526                }
 527        }
 528
 529        if (use_push_options) {
 530                struct string_list_item *item;
 531
 532                packet_buf_flush(&req_buf);
 533                for_each_string_list_item(item, args->push_options)
 534                        packet_buf_write(&req_buf, "%s", item->string);
 535        }
 536
 537        if (args->stateless_rpc) {
 538                if (!args->dry_run && (cmds_sent || is_repository_shallow())) {
 539                        packet_buf_flush(&req_buf);
 540                        send_sideband(out, -1, req_buf.buf, req_buf.len, LARGE_PACKET_MAX);
 541                }
 542        } else {
 543                write_or_die(out, req_buf.buf, req_buf.len);
 544                packet_flush(out);
 545        }
 546        strbuf_release(&req_buf);
 547        strbuf_release(&cap_buf);
 548
 549        if (use_sideband && cmds_sent) {
 550                memset(&demux, 0, sizeof(demux));
 551                demux.proc = sideband_demux;
 552                demux.data = fd;
 553                demux.out = -1;
 554                demux.isolate_sigpipe = 1;
 555                if (start_async(&demux))
 556                        die("send-pack: unable to fork off sideband demultiplexer");
 557                in = demux.out;
 558        }
 559
 560        if (need_pack_data && cmds_sent) {
 561                if (pack_objects(out, remote_refs, extra_have, args) < 0) {
 562                        for (ref = remote_refs; ref; ref = ref->next)
 563                                ref->status = REF_STATUS_NONE;
 564                        if (args->stateless_rpc)
 565                                close(out);
 566                        if (git_connection_is_socket(conn))
 567                                shutdown(fd[0], SHUT_WR);
 568
 569                        /*
 570                         * Do not even bother with the return value; we know we
 571                         * are failing, and just want the error() side effects.
 572                         */
 573                        if (status_report)
 574                                receive_unpack_status(in);
 575
 576                        if (use_sideband) {
 577                                close(demux.out);
 578                                finish_async(&demux);
 579                        }
 580                        fd[1] = -1;
 581                        return -1;
 582                }
 583                if (!args->stateless_rpc)
 584                        /* Closed by pack_objects() via start_command() */
 585                        fd[1] = -1;
 586        }
 587        if (args->stateless_rpc && cmds_sent)
 588                packet_flush(out);
 589
 590        if (status_report && cmds_sent)
 591                ret = receive_status(in, remote_refs);
 592        else
 593                ret = 0;
 594        if (args->stateless_rpc)
 595                packet_flush(out);
 596
 597        if (use_sideband && cmds_sent) {
 598                close(demux.out);
 599                if (finish_async(&demux)) {
 600                        error("error in sideband demultiplexer");
 601                        ret = -1;
 602                }
 603        }
 604
 605        if (ret < 0)
 606                return ret;
 607
 608        if (args->porcelain)
 609                return 0;
 610
 611        for (ref = remote_refs; ref; ref = ref->next) {
 612                switch (ref->status) {
 613                case REF_STATUS_NONE:
 614                case REF_STATUS_UPTODATE:
 615                case REF_STATUS_OK:
 616                        break;
 617                default:
 618                        return -1;
 619                }
 620        }
 621        return 0;
 622}