c23b0cce8607e8361a603cc23803eed6562b85cd
1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24#include "oidset.h"
25static const char * const receive_pack_usage[] = {
27 N_("git receive-pack <git-dir>"),
28 NULL
29};
30enum deny_action {
32 DENY_UNCONFIGURED,
33 DENY_IGNORE,
34 DENY_WARN,
35 DENY_REFUSE,
36 DENY_UPDATE_INSTEAD
37};
38static int deny_deletes;
40static int deny_non_fast_forwards;
41static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
42static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
43static int receive_fsck_objects = -1;
44static int transfer_fsck_objects = -1;
45static struct strbuf fsck_msg_types = STRBUF_INIT;
46static int receive_unpack_limit = -1;
47static int transfer_unpack_limit = -1;
48static int advertise_atomic_push = 1;
49static int advertise_push_options;
50static int unpack_limit = 100;
51static off_t max_input_size;
52static int report_status;
53static int use_sideband;
54static int use_atomic;
55static int use_push_options;
56static int quiet;
57static int prefer_ofs_delta = 1;
58static int auto_update_server_info;
59static int auto_gc = 1;
60static int reject_thin;
61static int stateless_rpc;
62static const char *service_dir;
63static const char *head_name;
64static void *head_name_to_free;
65static int sent_capabilities;
66static int shallow_update;
67static const char *alt_shallow_file;
68static struct strbuf push_cert = STRBUF_INIT;
69static unsigned char push_cert_sha1[20];
70static struct signature_check sigcheck;
71static const char *push_cert_nonce;
72static const char *cert_nonce_seed;
73static const char *NONCE_UNSOLICITED = "UNSOLICITED";
75static const char *NONCE_BAD = "BAD";
76static const char *NONCE_MISSING = "MISSING";
77static const char *NONCE_OK = "OK";
78static const char *NONCE_SLOP = "SLOP";
79static const char *nonce_status;
80static long nonce_stamp_slop;
81static unsigned long nonce_stamp_slop_limit;
82static struct ref_transaction *transaction;
83static enum {
85 KEEPALIVE_NEVER = 0,
86 KEEPALIVE_AFTER_NUL,
87 KEEPALIVE_ALWAYS
88} use_keepalive;
89static int keepalive_in_sec = 5;
90static struct tmp_objdir *tmp_objdir;
92static enum deny_action parse_deny_action(const char *var, const char *value)
94{
95 if (value) {
96 if (!strcasecmp(value, "ignore"))
97 return DENY_IGNORE;
98 if (!strcasecmp(value, "warn"))
99 return DENY_WARN;
100 if (!strcasecmp(value, "refuse"))
101 return DENY_REFUSE;
102 if (!strcasecmp(value, "updateinstead"))
103 return DENY_UPDATE_INSTEAD;
104 }
105 if (git_config_bool(var, value))
106 return DENY_REFUSE;
107 return DENY_IGNORE;
108}
109static int receive_pack_config(const char *var, const char *value, void *cb)
111{
112 int status = parse_hide_refs_config(var, value, "receive");
113 if (status)
115 return status;
116 if (strcmp(var, "receive.denydeletes") == 0) {
118 deny_deletes = git_config_bool(var, value);
119 return 0;
120 }
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
123 deny_non_fast_forwards = git_config_bool(var, value);
124 return 0;
125 }
126 if (strcmp(var, "receive.unpacklimit") == 0) {
128 receive_unpack_limit = git_config_int(var, value);
129 return 0;
130 }
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
133 transfer_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
138 const char *path;
139 if (git_config_pathname(&path, var, value))
141 return 1;
142 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
143 fsck_msg_types.len ? ',' : '=', path);
144 free((char *)path);
145 return 0;
146 }
147 if (skip_prefix(var, "receive.fsck.", &var)) {
149 if (is_valid_msg_type(var, value))
150 strbuf_addf(&fsck_msg_types, "%c%s=%s",
151 fsck_msg_types.len ? ',' : '=', var, value);
152 else
153 warning("Skipping unknown msg id '%s'", var);
154 return 0;
155 }
156 if (strcmp(var, "receive.fsckobjects") == 0) {
158 receive_fsck_objects = git_config_bool(var, value);
159 return 0;
160 }
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
163 transfer_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166 if (!strcmp(var, "receive.denycurrentbranch")) {
168 deny_current_branch = parse_deny_action(var, value);
169 return 0;
170 }
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
173 deny_delete_current = parse_deny_action(var, value);
174 return 0;
175 }
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
178 prefer_ofs_delta = git_config_bool(var, value);
179 return 0;
180 }
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
183 auto_update_server_info = git_config_bool(var, value);
184 return 0;
185 }
186 if (strcmp(var, "receive.autogc") == 0) {
188 auto_gc = git_config_bool(var, value);
189 return 0;
190 }
191 if (strcmp(var, "receive.shallowupdate") == 0) {
193 shallow_update = git_config_bool(var, value);
194 return 0;
195 }
196 if (strcmp(var, "receive.certnonceseed") == 0)
198 return git_config_string(&cert_nonce_seed, var, value);
199 if (strcmp(var, "receive.certnonceslop") == 0) {
201 nonce_stamp_slop_limit = git_config_ulong(var, value);
202 return 0;
203 }
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
206 advertise_atomic_push = git_config_bool(var, value);
207 return 0;
208 }
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
211 advertise_push_options = git_config_bool(var, value);
212 return 0;
213 }
214 if (strcmp(var, "receive.keepalive") == 0) {
216 keepalive_in_sec = git_config_int(var, value);
217 return 0;
218 }
219 if (strcmp(var, "receive.maxinputsize") == 0) {
221 max_input_size = git_config_int64(var, value);
222 return 0;
223 }
224 return git_default_config(var, value, cb);
226}
227static void show_ref(const char *path, const unsigned char *sha1)
229{
230 if (sent_capabilities) {
231 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
232 } else {
233 struct strbuf cap = STRBUF_INIT;
234 strbuf_addstr(&cap,
236 "report-status delete-refs side-band-64k quiet");
237 if (advertise_atomic_push)
238 strbuf_addstr(&cap, " atomic");
239 if (prefer_ofs_delta)
240 strbuf_addstr(&cap, " ofs-delta");
241 if (push_cert_nonce)
242 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
243 if (advertise_push_options)
244 strbuf_addstr(&cap, " push-options");
245 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
246 packet_write_fmt(1, "%s %s%c%s\n",
247 sha1_to_hex(sha1), path, 0, cap.buf);
248 strbuf_release(&cap);
249 sent_capabilities = 1;
250 }
251}
252static int show_ref_cb(const char *path_full, const struct object_id *oid,
254 int flag, void *data)
255{
256 struct oidset *seen = data;
257 const char *path = strip_namespace(path_full);
258 if (ref_is_hidden(path, path_full))
260 return 0;
261 /*
263 * Advertise refs outside our current namespace as ".have"
264 * refs, so that the client can use them to minimize data
265 * transfer but will otherwise ignore them.
266 */
267 if (!path) {
268 if (oidset_insert(seen, oid))
269 return 0;
270 path = ".have";
271 }
272 show_ref(path, oid->hash);
273 return 0;
274}
275static void show_one_alternate_ref(const char *refname,
277 const struct object_id *oid,
278 void *data)
279{
280 struct oidset *seen = data;
281 if (oidset_insert(seen, oid))
283 return;
284 show_ref(".have", oid->hash);
286}
287static void write_head_info(void)
289{
290 static struct oidset seen = OIDSET_INIT;
291 for_each_alternate_ref(show_one_alternate_ref, &seen);
293 oidset_clear(&seen);
294 for_each_ref(show_ref_cb, &seen);
295 if (!sent_capabilities)
296 show_ref("capabilities^{}", null_sha1);
297 advertise_shallow_grafts(1);
299 /* EOF */
301 packet_flush(1);
302}
303struct command {
305 struct command *next;
306 const char *error_string;
307 unsigned int skip_update:1,
308 did_not_exist:1;
309 int index;
310 unsigned char old_sha1[20];
311 unsigned char new_sha1[20];
312 char ref_name[FLEX_ARRAY]; /* more */
313};
314static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
316static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
317static void report_message(const char *prefix, const char *err, va_list params)
319{
320 int sz;
321 char msg[4096];
322 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
324 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
325 if (sz > (sizeof(msg) - 1))
326 sz = sizeof(msg) - 1;
327 msg[sz++] = '\n';
328 if (use_sideband)
330 send_sideband(1, 2, msg, sz, use_sideband);
331 else
332 xwrite(2, msg, sz);
333}
334static void rp_warning(const char *err, ...)
336{
337 va_list params;
338 va_start(params, err);
339 report_message("warning: ", err, params);
340 va_end(params);
341}
342static void rp_error(const char *err, ...)
344{
345 va_list params;
346 va_start(params, err);
347 report_message("error: ", err, params);
348 va_end(params);
349}
350static int copy_to_sideband(int in, int out, void *arg)
352{
353 char data[128];
354 int keepalive_active = 0;
355 if (keepalive_in_sec <= 0)
357 use_keepalive = KEEPALIVE_NEVER;
358 if (use_keepalive == KEEPALIVE_ALWAYS)
359 keepalive_active = 1;
360 while (1) {
362 ssize_t sz;
363 if (keepalive_active) {
365 struct pollfd pfd;
366 int ret;
367 pfd.fd = in;
369 pfd.events = POLLIN;
370 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
371 if (ret < 0) {
373 if (errno == EINTR)
374 continue;
375 else
376 break;
377 } else if (ret == 0) {
378 /* no data; send a keepalive packet */
379 static const char buf[] = "0005\1";
380 write_or_die(1, buf, sizeof(buf) - 1);
381 continue;
382 } /* else there is actual data to read */
383 }
384 sz = xread(in, data, sizeof(data));
386 if (sz <= 0)
387 break;
388 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
390 const char *p = memchr(data, '\0', sz);
391 if (p) {
392 /*
393 * The NUL tells us to start sending keepalives. Make
394 * sure we send any other data we read along
395 * with it.
396 */
397 keepalive_active = 1;
398 send_sideband(1, 2, data, p - data, use_sideband);
399 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
400 continue;
401 }
402 }
403 /*
405 * Either we're not looking for a NUL signal, or we didn't see
406 * it yet; just pass along the data.
407 */
408 send_sideband(1, 2, data, sz, use_sideband);
409 }
410 close(in);
411 return 0;
412}
413#define HMAC_BLOCK_SIZE 64
415static void hmac_sha1(unsigned char *out,
417 const char *key_in, size_t key_len,
418 const char *text, size_t text_len)
419{
420 unsigned char key[HMAC_BLOCK_SIZE];
421 unsigned char k_ipad[HMAC_BLOCK_SIZE];
422 unsigned char k_opad[HMAC_BLOCK_SIZE];
423 int i;
424 git_SHA_CTX ctx;
425 /* RFC 2104 2. (1) */
427 memset(key, '\0', HMAC_BLOCK_SIZE);
428 if (HMAC_BLOCK_SIZE < key_len) {
429 git_SHA1_Init(&ctx);
430 git_SHA1_Update(&ctx, key_in, key_len);
431 git_SHA1_Final(key, &ctx);
432 } else {
433 memcpy(key, key_in, key_len);
434 }
435 /* RFC 2104 2. (2) & (5) */
437 for (i = 0; i < sizeof(key); i++) {
438 k_ipad[i] = key[i] ^ 0x36;
439 k_opad[i] = key[i] ^ 0x5c;
440 }
441 /* RFC 2104 2. (3) & (4) */
443 git_SHA1_Init(&ctx);
444 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
445 git_SHA1_Update(&ctx, text, text_len);
446 git_SHA1_Final(out, &ctx);
447 /* RFC 2104 2. (6) & (7) */
449 git_SHA1_Init(&ctx);
450 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
451 git_SHA1_Update(&ctx, out, 20);
452 git_SHA1_Final(out, &ctx);
453}
454static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
456{
457 struct strbuf buf = STRBUF_INIT;
458 unsigned char sha1[20];
459 strbuf_addf(&buf, "%s:%lu", path, stamp);
461 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
462 strbuf_release(&buf);
463 /* RFC 2104 5. HMAC-SHA1-80 */
465 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
466 return strbuf_detach(&buf, NULL);
467}
468/*
470 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
471 * after dropping "_commit" from its name and possibly moving it out
472 * of commit.c
473 */
474static char *find_header(const char *msg, size_t len, const char *key)
475{
476 int key_len = strlen(key);
477 const char *line = msg;
478 while (line && line < msg + len) {
480 const char *eol = strchrnul(line, '\n');
481 if ((msg + len <= eol) || line == eol)
483 return NULL;
484 if (line + key_len < eol &&
485 !memcmp(line, key, key_len) && line[key_len] == ' ') {
486 int offset = key_len + 1;
487 return xmemdupz(line + offset, (eol - line) - offset);
488 }
489 line = *eol ? eol + 1 : NULL;
490 }
491 return NULL;
492}
493static const char *check_nonce(const char *buf, size_t len)
495{
496 char *nonce = find_header(buf, len, "nonce");
497 unsigned long stamp, ostamp;
498 char *bohmac, *expect = NULL;
499 const char *retval = NONCE_BAD;
500 if (!nonce) {
502 retval = NONCE_MISSING;
503 goto leave;
504 } else if (!push_cert_nonce) {
505 retval = NONCE_UNSOLICITED;
506 goto leave;
507 } else if (!strcmp(push_cert_nonce, nonce)) {
508 retval = NONCE_OK;
509 goto leave;
510 }
511 if (!stateless_rpc) {
513 /* returned nonce MUST match what we gave out earlier */
514 retval = NONCE_BAD;
515 goto leave;
516 }
517 /*
519 * In stateless mode, we may be receiving a nonce issued by
520 * another instance of the server that serving the same
521 * repository, and the timestamps may not match, but the
522 * nonce-seed and dir should match, so we can recompute and
523 * report the time slop.
524 *
525 * In addition, when a nonce issued by another instance has
526 * timestamp within receive.certnonceslop seconds, we pretend
527 * as if we issued that nonce when reporting to the hook.
528 */
529 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
531 if (*nonce <= '0' || '9' < *nonce) {
532 retval = NONCE_BAD;
533 goto leave;
534 }
535 stamp = strtoul(nonce, &bohmac, 10);
536 if (bohmac == nonce || bohmac[0] != '-') {
537 retval = NONCE_BAD;
538 goto leave;
539 }
540 expect = prepare_push_cert_nonce(service_dir, stamp);
542 if (strcmp(expect, nonce)) {
543 /* Not what we would have signed earlier */
544 retval = NONCE_BAD;
545 goto leave;
546 }
547 /*
549 * By how many seconds is this nonce stale? Negative value
550 * would mean it was issued by another server with its clock
551 * skewed in the future.
552 */
553 ostamp = strtoul(push_cert_nonce, NULL, 10);
554 nonce_stamp_slop = (long)ostamp - (long)stamp;
555 if (nonce_stamp_slop_limit &&
557 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
558 /*
559 * Pretend as if the received nonce (which passes the
560 * HMAC check, so it is not a forged by third-party)
561 * is what we issued.
562 */
563 free((void *)push_cert_nonce);
564 push_cert_nonce = xstrdup(nonce);
565 retval = NONCE_OK;
566 } else {
567 retval = NONCE_SLOP;
568 }
569leave:
571 free(nonce);
572 free(expect);
573 return retval;
574}
575static void prepare_push_cert_sha1(struct child_process *proc)
577{
578 static int already_done;
579 if (!push_cert.len)
581 return;
582 if (!already_done) {
584 struct strbuf gpg_output = STRBUF_INIT;
585 struct strbuf gpg_status = STRBUF_INIT;
586 int bogs /* beginning_of_gpg_sig */;
587 already_done = 1;
589 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
590 hashclr(push_cert_sha1);
591 memset(&sigcheck, '\0', sizeof(sigcheck));
593 sigcheck.result = 'N';
594 bogs = parse_signature(push_cert.buf, push_cert.len);
596 if (verify_signed_buffer(push_cert.buf, bogs,
597 push_cert.buf + bogs, push_cert.len - bogs,
598 &gpg_output, &gpg_status) < 0) {
599 ; /* error running gpg */
600 } else {
601 sigcheck.payload = push_cert.buf;
602 sigcheck.gpg_output = gpg_output.buf;
603 sigcheck.gpg_status = gpg_status.buf;
604 parse_gpg_output(&sigcheck);
605 }
606 strbuf_release(&gpg_output);
608 strbuf_release(&gpg_status);
609 nonce_status = check_nonce(push_cert.buf, bogs);
610 }
611 if (!is_null_sha1(push_cert_sha1)) {
612 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
613 sha1_to_hex(push_cert_sha1));
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
615 sigcheck.signer ? sigcheck.signer : "");
616 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
617 sigcheck.key ? sigcheck.key : "");
618 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
619 sigcheck.result);
620 if (push_cert_nonce) {
621 argv_array_pushf(&proc->env_array,
622 "GIT_PUSH_CERT_NONCE=%s",
623 push_cert_nonce);
624 argv_array_pushf(&proc->env_array,
625 "GIT_PUSH_CERT_NONCE_STATUS=%s",
626 nonce_status);
627 if (nonce_status == NONCE_SLOP)
628 argv_array_pushf(&proc->env_array,
629 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
630 nonce_stamp_slop);
631 }
632 }
633}
634struct receive_hook_feed_state {
636 struct command *cmd;
637 int skip_broken;
638 struct strbuf buf;
639 const struct string_list *push_options;
640};
641typedef int (*feed_fn)(void *, const char **, size_t *);
643static int run_and_feed_hook(const char *hook_name, feed_fn feed,
644 struct receive_hook_feed_state *feed_state)
645{
646 struct child_process proc = CHILD_PROCESS_INIT;
647 struct async muxer;
648 const char *argv[2];
649 int code;
650 argv[0] = find_hook(hook_name);
652 if (!argv[0])
653 return 0;
654 argv[1] = NULL;
656 proc.argv = argv;
658 proc.in = -1;
659 proc.stdout_to_stderr = 1;
660 if (feed_state->push_options) {
661 int i;
662 for (i = 0; i < feed_state->push_options->nr; i++)
663 argv_array_pushf(&proc.env_array,
664 "GIT_PUSH_OPTION_%d=%s", i,
665 feed_state->push_options->items[i].string);
666 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
667 feed_state->push_options->nr);
668 } else
669 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
670 if (tmp_objdir)
672 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
673 if (use_sideband) {
675 memset(&muxer, 0, sizeof(muxer));
676 muxer.proc = copy_to_sideband;
677 muxer.in = -1;
678 code = start_async(&muxer);
679 if (code)
680 return code;
681 proc.err = muxer.in;
682 }
683 prepare_push_cert_sha1(&proc);
685 code = start_command(&proc);
687 if (code) {
688 if (use_sideband)
689 finish_async(&muxer);
690 return code;
691 }
692 sigchain_push(SIGPIPE, SIG_IGN);
694 while (1) {
696 const char *buf;
697 size_t n;
698 if (feed(feed_state, &buf, &n))
699 break;
700 if (write_in_full(proc.in, buf, n) != n)
701 break;
702 }
703 close(proc.in);
704 if (use_sideband)
705 finish_async(&muxer);
706 sigchain_pop(SIGPIPE);
708 return finish_command(&proc);
710}
711static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
713{
714 struct receive_hook_feed_state *state = state_;
715 struct command *cmd = state->cmd;
716 while (cmd &&
718 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
719 cmd = cmd->next;
720 if (!cmd)
721 return -1; /* EOF */
722 strbuf_reset(&state->buf);
723 strbuf_addf(&state->buf, "%s %s %s\n",
724 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
725 cmd->ref_name);
726 state->cmd = cmd->next;
727 if (bufp) {
728 *bufp = state->buf.buf;
729 *sizep = state->buf.len;
730 }
731 return 0;
732}
733static int run_receive_hook(struct command *commands,
735 const char *hook_name,
736 int skip_broken,
737 const struct string_list *push_options)
738{
739 struct receive_hook_feed_state state;
740 int status;
741 strbuf_init(&state.buf, 0);
743 state.cmd = commands;
744 state.skip_broken = skip_broken;
745 if (feed_receive_hook(&state, NULL, NULL))
746 return 0;
747 state.cmd = commands;
748 state.push_options = push_options;
749 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
750 strbuf_release(&state.buf);
751 return status;
752}
753static int run_update_hook(struct command *cmd)
755{
756 const char *argv[5];
757 struct child_process proc = CHILD_PROCESS_INIT;
758 int code;
759 argv[0] = find_hook("update");
761 if (!argv[0])
762 return 0;
763 argv[1] = cmd->ref_name;
765 argv[2] = sha1_to_hex(cmd->old_sha1);
766 argv[3] = sha1_to_hex(cmd->new_sha1);
767 argv[4] = NULL;
768 proc.no_stdin = 1;
770 proc.stdout_to_stderr = 1;
771 proc.err = use_sideband ? -1 : 0;
772 proc.argv = argv;
773 proc.env = tmp_objdir_env(tmp_objdir);
774 code = start_command(&proc);
776 if (code)
777 return code;
778 if (use_sideband)
779 copy_to_sideband(proc.err, -1, NULL);
780 return finish_command(&proc);
781}
782static int is_ref_checked_out(const char *ref)
784{
785 if (is_bare_repository())
786 return 0;
787 if (!head_name)
789 return 0;
790 return !strcmp(head_name, ref);
791}
792static char *refuse_unconfigured_deny_msg =
794 N_("By default, updating the current branch in a non-bare repository\n"
795 "is denied, because it will make the index and work tree inconsistent\n"
796 "with what you pushed, and will require 'git reset --hard' to match\n"
797 "the work tree to HEAD.\n"
798 "\n"
799 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
800 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
801 "its current branch; however, this is not recommended unless you\n"
802 "arranged to update its work tree to match what you pushed in some\n"
803 "other way.\n"
804 "\n"
805 "To squelch this message and still keep the default behaviour, set\n"
806 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
807static void refuse_unconfigured_deny(void)
809{
810 rp_error("%s", _(refuse_unconfigured_deny_msg));
811}
812static char *refuse_unconfigured_deny_delete_current_msg =
814 N_("By default, deleting the current branch is denied, because the next\n"
815 "'git clone' won't result in any file checked out, causing confusion.\n"
816 "\n"
817 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
818 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
819 "current branch, with or without a warning message.\n"
820 "\n"
821 "To squelch this message, you can set it to 'refuse'.");
822static void refuse_unconfigured_deny_delete_current(void)
824{
825 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
826}
827static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
829static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
830{
831 static struct lock_file shallow_lock;
832 struct sha1_array extra = SHA1_ARRAY_INIT;
833 struct check_connected_options opt = CHECK_CONNECTED_INIT;
834 uint32_t mask = 1 << (cmd->index % 32);
835 int i;
836 trace_printf_key(&trace_shallow,
838 "shallow: update_shallow_ref %s\n", cmd->ref_name);
839 for (i = 0; i < si->shallow->nr; i++)
840 if (si->used_shallow[i] &&
841 (si->used_shallow[i][cmd->index / 32] & mask) &&
842 !delayed_reachability_test(si, i))
843 sha1_array_append(&extra, si->shallow->sha1[i]);
844 opt.env = tmp_objdir_env(tmp_objdir);
846 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
847 if (check_connected(command_singleton_iterator, cmd, &opt)) {
848 rollback_lock_file(&shallow_lock);
849 sha1_array_clear(&extra);
850 return -1;
851 }
852 commit_lock_file(&shallow_lock);
854 /*
856 * Make sure setup_alternate_shallow() for the next ref does
857 * not lose these new roots..
858 */
859 for (i = 0; i < extra.nr; i++)
860 register_shallow(extra.sha1[i]);
861 si->shallow_ref[cmd->index] = 0;
863 sha1_array_clear(&extra);
864 return 0;
865}
866/*
868 * NEEDSWORK: we should consolidate various implementions of "are we
869 * on an unborn branch?" test into one, and make the unified one more
870 * robust. !get_sha1() based check used here and elsewhere would not
871 * allow us to tell an unborn branch from corrupt ref, for example.
872 * For the purpose of fixing "deploy-to-update does not work when
873 * pushing into an empty repository" issue, this should suffice for
874 * now.
875 */
876static int head_has_history(void)
877{
878 unsigned char sha1[20];
879 return !get_sha1("HEAD", sha1);
881}
882static const char *push_to_deploy(unsigned char *sha1,
884 struct argv_array *env,
885 const char *work_tree)
886{
887 const char *update_refresh[] = {
888 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
889 };
890 const char *diff_files[] = {
891 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
892 };
893 const char *diff_index[] = {
894 "diff-index", "--quiet", "--cached", "--ignore-submodules",
895 NULL, "--", NULL
896 };
897 const char *read_tree[] = {
898 "read-tree", "-u", "-m", NULL, NULL
899 };
900 struct child_process child = CHILD_PROCESS_INIT;
901 child.argv = update_refresh;
903 child.env = env->argv;
904 child.dir = work_tree;
905 child.no_stdin = 1;
906 child.stdout_to_stderr = 1;
907 child.git_cmd = 1;
908 if (run_command(&child))
909 return "Up-to-date check failed";
910 /* run_command() does not clean up completely; reinitialize */
912 child_process_init(&child);
913 child.argv = diff_files;
914 child.env = env->argv;
915 child.dir = work_tree;
916 child.no_stdin = 1;
917 child.stdout_to_stderr = 1;
918 child.git_cmd = 1;
919 if (run_command(&child))
920 return "Working directory has unstaged changes";
921 /* diff-index with either HEAD or an empty tree */
923 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
924 child_process_init(&child);
926 child.argv = diff_index;
927 child.env = env->argv;
928 child.no_stdin = 1;
929 child.no_stdout = 1;
930 child.stdout_to_stderr = 0;
931 child.git_cmd = 1;
932 if (run_command(&child))
933 return "Working directory has staged changes";
934 read_tree[3] = sha1_to_hex(sha1);
936 child_process_init(&child);
937 child.argv = read_tree;
938 child.env = env->argv;
939 child.dir = work_tree;
940 child.no_stdin = 1;
941 child.no_stdout = 1;
942 child.stdout_to_stderr = 0;
943 child.git_cmd = 1;
944 if (run_command(&child))
945 return "Could not update working tree to new HEAD";
946 return NULL;
948}
949static const char *push_to_checkout_hook = "push-to-checkout";
951static const char *push_to_checkout(unsigned char *sha1,
953 struct argv_array *env,
954 const char *work_tree)
955{
956 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
957 if (run_hook_le(env->argv, push_to_checkout_hook,
958 sha1_to_hex(sha1), NULL))
959 return "push-to-checkout hook declined";
960 else
961 return NULL;
962}
963static const char *update_worktree(unsigned char *sha1)
965{
966 const char *retval;
967 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
968 struct argv_array env = ARGV_ARRAY_INIT;
969 if (is_bare_repository())
971 return "denyCurrentBranch = updateInstead needs a worktree";
972 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
974 if (!find_hook(push_to_checkout_hook))
976 retval = push_to_deploy(sha1, &env, work_tree);
977 else
978 retval = push_to_checkout(sha1, &env, work_tree);
979 argv_array_clear(&env);
981 return retval;
982}
983static const char *update(struct command *cmd, struct shallow_info *si)
985{
986 const char *name = cmd->ref_name;
987 struct strbuf namespaced_name_buf = STRBUF_INIT;
988 const char *namespaced_name, *ret;
989 unsigned char *old_sha1 = cmd->old_sha1;
990 unsigned char *new_sha1 = cmd->new_sha1;
991 /* only refs/... are allowed */
993 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
994 rp_error("refusing to create funny ref '%s' remotely", name);
995 return "funny refname";
996 }
997 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
999 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1000 if (is_ref_checked_out(namespaced_name)) {
1002 switch (deny_current_branch) {
1003 case DENY_IGNORE:
1004 break;
1005 case DENY_WARN:
1006 rp_warning("updating the current branch");
1007 break;
1008 case DENY_REFUSE:
1009 case DENY_UNCONFIGURED:
1010 rp_error("refusing to update checked out branch: %s", name);
1011 if (deny_current_branch == DENY_UNCONFIGURED)
1012 refuse_unconfigured_deny();
1013 return "branch is currently checked out";
1014 case DENY_UPDATE_INSTEAD:
1015 ret = update_worktree(new_sha1);
1016 if (ret)
1017 return ret;
1018 break;
1019 }
1020 }
1021 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1023 error("unpack should have generated %s, "
1024 "but I can't find it!", sha1_to_hex(new_sha1));
1025 return "bad pack";
1026 }
1027 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1029 if (deny_deletes && starts_with(name, "refs/heads/")) {
1030 rp_error("denying ref deletion for %s", name);
1031 return "deletion prohibited";
1032 }
1033 if (head_name && !strcmp(namespaced_name, head_name)) {
1035 switch (deny_delete_current) {
1036 case DENY_IGNORE:
1037 break;
1038 case DENY_WARN:
1039 rp_warning("deleting the current branch");
1040 break;
1041 case DENY_REFUSE:
1042 case DENY_UNCONFIGURED:
1043 case DENY_UPDATE_INSTEAD:
1044 if (deny_delete_current == DENY_UNCONFIGURED)
1045 refuse_unconfigured_deny_delete_current();
1046 rp_error("refusing to delete the current branch: %s", name);
1047 return "deletion of the current branch prohibited";
1048 default:
1049 return "Invalid denyDeleteCurrent setting";
1050 }
1051 }
1052 }
1053 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1055 !is_null_sha1(old_sha1) &&
1056 starts_with(name, "refs/heads/")) {
1057 struct object *old_object, *new_object;
1058 struct commit *old_commit, *new_commit;
1059 old_object = parse_object(old_sha1);
1061 new_object = parse_object(new_sha1);
1062 if (!old_object || !new_object ||
1064 old_object->type != OBJ_COMMIT ||
1065 new_object->type != OBJ_COMMIT) {
1066 error("bad sha1 objects for %s", name);
1067 return "bad ref";
1068 }
1069 old_commit = (struct commit *)old_object;
1070 new_commit = (struct commit *)new_object;
1071 if (!in_merge_bases(old_commit, new_commit)) {
1072 rp_error("denying non-fast-forward %s"
1073 " (you should pull first)", name);
1074 return "non-fast-forward";
1075 }
1076 }
1077 if (run_update_hook(cmd)) {
1078 rp_error("hook declined to update %s", name);
1079 return "hook declined";
1080 }
1081 if (is_null_sha1(new_sha1)) {
1083 struct strbuf err = STRBUF_INIT;
1084 if (!parse_object(old_sha1)) {
1085 old_sha1 = NULL;
1086 if (ref_exists(name)) {
1087 rp_warning("Allowing deletion of corrupt ref.");
1088 } else {
1089 rp_warning("Deleting a non-existent ref.");
1090 cmd->did_not_exist = 1;
1091 }
1092 }
1093 if (ref_transaction_delete(transaction,
1094 namespaced_name,
1095 old_sha1,
1096 0, "push", &err)) {
1097 rp_error("%s", err.buf);
1098 strbuf_release(&err);
1099 return "failed to delete";
1100 }
1101 strbuf_release(&err);
1102 return NULL; /* good */
1103 }
1104 else {
1105 struct strbuf err = STRBUF_INIT;
1106 if (shallow_update && si->shallow_ref[cmd->index] &&
1107 update_shallow_ref(cmd, si))
1108 return "shallow error";
1109 if (ref_transaction_update(transaction,
1111 namespaced_name,
1112 new_sha1, old_sha1,
1113 0, "push",
1114 &err)) {
1115 rp_error("%s", err.buf);
1116 strbuf_release(&err);
1117 return "failed to update ref";
1119 }
1120 strbuf_release(&err);
1121 return NULL; /* good */
1123 }
1124}
1125static void run_update_post_hook(struct command *commands)
1127{
1128 struct command *cmd;
1129 int argc;
1130 struct child_process proc = CHILD_PROCESS_INIT;
1131 const char *hook;
1132 hook = find_hook("post-update");
1134 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1135 if (cmd->error_string || cmd->did_not_exist)
1136 continue;
1137 argc++;
1138 }
1139 if (!argc || !hook)
1140 return;
1141 argv_array_push(&proc.args, hook);
1143 for (cmd = commands; cmd; cmd = cmd->next) {
1144 if (cmd->error_string || cmd->did_not_exist)
1145 continue;
1146 argv_array_push(&proc.args, cmd->ref_name);
1147 }
1148 proc.no_stdin = 1;
1150 proc.stdout_to_stderr = 1;
1151 proc.err = use_sideband ? -1 : 0;
1152 if (!start_command(&proc)) {
1154 if (use_sideband)
1155 copy_to_sideband(proc.err, -1, NULL);
1156 finish_command(&proc);
1157 }
1158}
1159static void check_aliased_update(struct command *cmd, struct string_list *list)
1161{
1162 struct strbuf buf = STRBUF_INIT;
1163 const char *dst_name;
1164 struct string_list_item *item;
1165 struct command *dst_cmd;
1166 unsigned char sha1[GIT_SHA1_RAWSZ];
1167 int flag;
1168 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1170 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1171 strbuf_release(&buf);
1172 if (!(flag & REF_ISSYMREF))
1174 return;
1175 if (!dst_name) {
1177 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1178 cmd->skip_update = 1;
1179 cmd->error_string = "broken symref";
1180 return;
1181 }
1182 dst_name = strip_namespace(dst_name);
1183 if ((item = string_list_lookup(list, dst_name)) == NULL)
1185 return;
1186 cmd->skip_update = 1;
1188 dst_cmd = (struct command *) item->util;
1190 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1192 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1193 return;
1194 dst_cmd->skip_update = 1;
1196 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1198 " its target '%s' (%s..%s)",
1199 cmd->ref_name,
1200 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1201 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1202 dst_cmd->ref_name,
1203 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1204 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1205 cmd->error_string = dst_cmd->error_string =
1207 "inconsistent aliased update";
1208}
1209static void check_aliased_updates(struct command *commands)
1211{
1212 struct command *cmd;
1213 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1214 for (cmd = commands; cmd; cmd = cmd->next) {
1216 struct string_list_item *item =
1217 string_list_append(&ref_list, cmd->ref_name);
1218 item->util = (void *)cmd;
1219 }
1220 string_list_sort(&ref_list);
1221 for (cmd = commands; cmd; cmd = cmd->next) {
1223 if (!cmd->error_string)
1224 check_aliased_update(cmd, &ref_list);
1225 }
1226 string_list_clear(&ref_list, 0);
1228}
1229static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1231{
1232 struct command **cmd_list = cb_data;
1233 struct command *cmd = *cmd_list;
1234 if (!cmd || is_null_sha1(cmd->new_sha1))
1236 return -1; /* end of list */
1237 *cmd_list = NULL; /* this returns only one */
1238 hashcpy(sha1, cmd->new_sha1);
1239 return 0;
1240}
1241static void set_connectivity_errors(struct command *commands,
1243 struct shallow_info *si)
1244{
1245 struct command *cmd;
1246 for (cmd = commands; cmd; cmd = cmd->next) {
1248 struct command *singleton = cmd;
1249 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1250 if (shallow_update && si->shallow_ref[cmd->index])
1252 /* to be checked in update_shallow_ref() */
1253 continue;
1254 opt.env = tmp_objdir_env(tmp_objdir);
1256 if (!check_connected(command_singleton_iterator, &singleton,
1257 &opt))
1258 continue;
1259 cmd->error_string = "missing necessary objects";
1261 }
1262}
1263struct iterate_data {
1265 struct command *cmds;
1266 struct shallow_info *si;
1267};
1268static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1270{
1271 struct iterate_data *data = cb_data;
1272 struct command **cmd_list = &data->cmds;
1273 struct command *cmd = *cmd_list;
1274 for (; cmd; cmd = cmd->next) {
1276 if (shallow_update && data->si->shallow_ref[cmd->index])
1277 /* to be checked in update_shallow_ref() */
1278 continue;
1279 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1280 hashcpy(sha1, cmd->new_sha1);
1281 *cmd_list = cmd->next;
1282 return 0;
1283 }
1284 }
1285 *cmd_list = NULL;
1286 return -1; /* end of list */
1287}
1288static void reject_updates_to_hidden(struct command *commands)
1290{
1291 struct strbuf refname_full = STRBUF_INIT;
1292 size_t prefix_len;
1293 struct command *cmd;
1294 strbuf_addstr(&refname_full, get_git_namespace());
1296 prefix_len = refname_full.len;
1297 for (cmd = commands; cmd; cmd = cmd->next) {
1299 if (cmd->error_string)
1300 continue;
1301 strbuf_setlen(&refname_full, prefix_len);
1303 strbuf_addstr(&refname_full, cmd->ref_name);
1304 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1306 continue;
1307 if (is_null_sha1(cmd->new_sha1))
1308 cmd->error_string = "deny deleting a hidden ref";
1309 else
1310 cmd->error_string = "deny updating a hidden ref";
1311 }
1312 strbuf_release(&refname_full);
1314}
1315static int should_process_cmd(struct command *cmd)
1317{
1318 return !cmd->error_string && !cmd->skip_update;
1319}
1320static void warn_if_skipped_connectivity_check(struct command *commands,
1322 struct shallow_info *si)
1323{
1324 struct command *cmd;
1325 int checked_connectivity = 1;
1326 for (cmd = commands; cmd; cmd = cmd->next) {
1328 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1329 error("BUG: connectivity check has not been run on ref %s",
1330 cmd->ref_name);
1331 checked_connectivity = 0;
1332 }
1333 }
1334 if (!checked_connectivity)
1335 die("BUG: connectivity check skipped???");
1336}
1337static void execute_commands_non_atomic(struct command *commands,
1339 struct shallow_info *si)
1340{
1341 struct command *cmd;
1342 struct strbuf err = STRBUF_INIT;
1343 for (cmd = commands; cmd; cmd = cmd->next) {
1345 if (!should_process_cmd(cmd))
1346 continue;
1347 transaction = ref_transaction_begin(&err);
1349 if (!transaction) {
1350 rp_error("%s", err.buf);
1351 strbuf_reset(&err);
1352 cmd->error_string = "transaction failed to start";
1353 continue;
1354 }
1355 cmd->error_string = update(cmd, si);
1357 if (!cmd->error_string
1359 && ref_transaction_commit(transaction, &err)) {
1360 rp_error("%s", err.buf);
1361 strbuf_reset(&err);
1362 cmd->error_string = "failed to update ref";
1363 }
1364 ref_transaction_free(transaction);
1365 }
1366 strbuf_release(&err);
1367}
1368static void execute_commands_atomic(struct command *commands,
1370 struct shallow_info *si)
1371{
1372 struct command *cmd;
1373 struct strbuf err = STRBUF_INIT;
1374 const char *reported_error = "atomic push failure";
1375 transaction = ref_transaction_begin(&err);
1377 if (!transaction) {
1378 rp_error("%s", err.buf);
1379 strbuf_reset(&err);
1380 reported_error = "transaction failed to start";
1381 goto failure;
1382 }
1383 for (cmd = commands; cmd; cmd = cmd->next) {
1385 if (!should_process_cmd(cmd))
1386 continue;
1387 cmd->error_string = update(cmd, si);
1389 if (cmd->error_string)
1391 goto failure;
1392 }
1393 if (ref_transaction_commit(transaction, &err)) {
1395 rp_error("%s", err.buf);
1396 reported_error = "atomic transaction failed";
1397 goto failure;
1398 }
1399 goto cleanup;
1400failure:
1402 for (cmd = commands; cmd; cmd = cmd->next)
1403 if (!cmd->error_string)
1404 cmd->error_string = reported_error;
1405cleanup:
1407 ref_transaction_free(transaction);
1408 strbuf_release(&err);
1409}
1410static void execute_commands(struct command *commands,
1412 const char *unpacker_error,
1413 struct shallow_info *si,
1414 const struct string_list *push_options)
1415{
1416 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1417 struct command *cmd;
1418 unsigned char sha1[20];
1419 struct iterate_data data;
1420 struct async muxer;
1421 int err_fd = 0;
1422 if (unpacker_error) {
1424 for (cmd = commands; cmd; cmd = cmd->next)
1425 cmd->error_string = "unpacker error";
1426 return;
1427 }
1428 if (use_sideband) {
1430 memset(&muxer, 0, sizeof(muxer));
1431 muxer.proc = copy_to_sideband;
1432 muxer.in = -1;
1433 if (!start_async(&muxer))
1434 err_fd = muxer.in;
1435 /* ...else, continue without relaying sideband */
1436 }
1437 data.cmds = commands;
1439 data.si = si;
1440 opt.err_fd = err_fd;
1441 opt.progress = err_fd && !quiet;
1442 opt.env = tmp_objdir_env(tmp_objdir);
1443 if (check_connected(iterate_receive_command_list, &data, &opt))
1444 set_connectivity_errors(commands, si);
1445 if (use_sideband)
1447 finish_async(&muxer);
1448 reject_updates_to_hidden(commands);
1450 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1452 for (cmd = commands; cmd; cmd = cmd->next) {
1453 if (!cmd->error_string)
1454 cmd->error_string = "pre-receive hook declined";
1455 }
1456 return;
1457 }
1458 /*
1460 * Now we'll start writing out refs, which means the objects need
1461 * to be in their final positions so that other processes can see them.
1462 */
1463 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1464 for (cmd = commands; cmd; cmd = cmd->next) {
1465 if (!cmd->error_string)
1466 cmd->error_string = "unable to migrate objects to permanent storage";
1467 }
1468 return;
1469 }
1470 tmp_objdir = NULL;
1471 check_aliased_updates(commands);
1473 free(head_name_to_free);
1475 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1476 if (use_atomic)
1478 execute_commands_atomic(commands, si);
1479 else
1480 execute_commands_non_atomic(commands, si);
1481 if (shallow_update)
1483 warn_if_skipped_connectivity_check(commands, si);
1484}
1485static struct command **queue_command(struct command **tail,
1487 const char *line,
1488 int linelen)
1489{
1490 unsigned char old_sha1[20], new_sha1[20];
1491 struct command *cmd;
1492 const char *refname;
1493 int reflen;
1494 if (linelen < 83 ||
1496 line[40] != ' ' ||
1497 line[81] != ' ' ||
1498 get_sha1_hex(line, old_sha1) ||
1499 get_sha1_hex(line + 41, new_sha1))
1500 die("protocol error: expected old/new/ref, got '%s'", line);
1501 refname = line + 82;
1503 reflen = linelen - 82;
1504 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1505 hashcpy(cmd->old_sha1, old_sha1);
1506 hashcpy(cmd->new_sha1, new_sha1);
1507 *tail = cmd;
1508 return &cmd->next;
1509}
1510static void queue_commands_from_cert(struct command **tail,
1512 struct strbuf *push_cert)
1513{
1514 const char *boc, *eoc;
1515 if (*tail)
1517 die("protocol error: got both push certificate and unsigned commands");
1518 boc = strstr(push_cert->buf, "\n\n");
1520 if (!boc)
1521 die("malformed push certificate %.*s", 100, push_cert->buf);
1522 else
1523 boc += 2;
1524 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1525 while (boc < eoc) {
1527 const char *eol = memchr(boc, '\n', eoc - boc);
1528 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1529 boc = eol ? eol + 1 : eoc;
1530 }
1531}
1532static struct command *read_head_info(struct sha1_array *shallow)
1534{
1535 struct command *commands = NULL;
1536 struct command **p = &commands;
1537 for (;;) {
1538 char *line;
1539 int len, linelen;
1540 line = packet_read_line(0, &len);
1542 if (!line)
1543 break;
1544 if (len == 48 && starts_with(line, "shallow ")) {
1546 unsigned char sha1[20];
1547 if (get_sha1_hex(line + 8, sha1))
1548 die("protocol error: expected shallow sha, got '%s'",
1549 line + 8);
1550 sha1_array_append(shallow, sha1);
1551 continue;
1552 }
1553 linelen = strlen(line);
1555 if (linelen < len) {
1556 const char *feature_list = line + linelen + 1;
1557 if (parse_feature_request(feature_list, "report-status"))
1558 report_status = 1;
1559 if (parse_feature_request(feature_list, "side-band-64k"))
1560 use_sideband = LARGE_PACKET_MAX;
1561 if (parse_feature_request(feature_list, "quiet"))
1562 quiet = 1;
1563 if (advertise_atomic_push
1564 && parse_feature_request(feature_list, "atomic"))
1565 use_atomic = 1;
1566 if (advertise_push_options
1567 && parse_feature_request(feature_list, "push-options"))
1568 use_push_options = 1;
1569 }
1570 if (!strcmp(line, "push-cert")) {
1572 int true_flush = 0;
1573 char certbuf[1024];
1574 for (;;) {
1576 len = packet_read(0, NULL, NULL,
1577 certbuf, sizeof(certbuf), 0);
1578 if (!len) {
1579 true_flush = 1;
1580 break;
1581 }
1582 if (!strcmp(certbuf, "push-cert-end\n"))
1583 break; /* end of cert */
1584 strbuf_addstr(&push_cert, certbuf);
1585 }
1586 if (true_flush)
1588 break;
1589 continue;
1590 }
1591 p = queue_command(p, line, linelen);
1593 }
1594 if (push_cert.len)
1596 queue_commands_from_cert(p, &push_cert);
1597 return commands;
1599}
1600static void read_push_options(struct string_list *options)
1602{
1603 while (1) {
1604 char *line;
1605 int len;
1606 line = packet_read_line(0, &len);
1608 if (!line)
1610 break;
1611 string_list_append(options, line);
1613 }
1614}
1615static const char *parse_pack_header(struct pack_header *hdr)
1617{
1618 switch (read_pack_header(0, hdr)) {
1619 case PH_ERROR_EOF:
1620 return "eof before pack header was fully read";
1621 case PH_ERROR_PACK_SIGNATURE:
1623 return "protocol error (pack signature mismatch detected)";
1624 case PH_ERROR_PROTOCOL:
1626 return "protocol error (pack version unsupported)";
1627 default:
1629 return "unknown error in parse_pack_header";
1630 case 0:
1632 return NULL;
1633 }
1634}
1635static const char *pack_lockfile;
1637static const char *unpack(int err_fd, struct shallow_info *si)
1639{
1640 struct pack_header hdr;
1641 const char *hdr_err;
1642 int status;
1643 char hdr_arg[38];
1644 struct child_process child = CHILD_PROCESS_INIT;
1645 int fsck_objects = (receive_fsck_objects >= 0
1646 ? receive_fsck_objects
1647 : transfer_fsck_objects >= 0
1648 ? transfer_fsck_objects
1649 : 0);
1650 hdr_err = parse_pack_header(&hdr);
1652 if (hdr_err) {
1653 if (err_fd > 0)
1654 close(err_fd);
1655 return hdr_err;
1656 }
1657 snprintf(hdr_arg, sizeof(hdr_arg),
1658 "--pack_header=%"PRIu32",%"PRIu32,
1659 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1660 if (si->nr_ours || si->nr_theirs) {
1662 alt_shallow_file = setup_temporary_shallow(si->shallow);
1663 argv_array_push(&child.args, "--shallow-file");
1664 argv_array_push(&child.args, alt_shallow_file);
1665 }
1666 tmp_objdir = tmp_objdir_create();
1668 if (!tmp_objdir)
1669 return "unable to create temporary object directory";
1670 child.env = tmp_objdir_env(tmp_objdir);
1671 /*
1673 * Normally we just pass the tmp_objdir environment to the child
1674 * processes that do the heavy lifting, but we may need to see these
1675 * objects ourselves to set up shallow information.
1676 */
1677 tmp_objdir_add_as_alternate(tmp_objdir);
1678 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1680 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1681 if (quiet)
1682 argv_array_push(&child.args, "-q");
1683 if (fsck_objects)
1684 argv_array_pushf(&child.args, "--strict%s",
1685 fsck_msg_types.buf);
1686 if (max_input_size)
1687 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1688 (uintmax_t)max_input_size);
1689 child.no_stdout = 1;
1690 child.err = err_fd;
1691 child.git_cmd = 1;
1692 status = run_command(&child);
1693 if (status)
1694 return "unpack-objects abnormal exit";
1695 } else {
1696 char hostname[256];
1697 argv_array_pushl(&child.args, "index-pack",
1699 "--stdin", hdr_arg, NULL);
1700 if (gethostname(hostname, sizeof(hostname)))
1702 xsnprintf(hostname, sizeof(hostname), "localhost");
1703 argv_array_pushf(&child.args,
1704 "--keep=receive-pack %"PRIuMAX" on %s",
1705 (uintmax_t)getpid(),
1706 hostname);
1707 if (!quiet && err_fd)
1709 argv_array_push(&child.args, "--show-resolving-progress");
1710 if (use_sideband)
1711 argv_array_push(&child.args, "--report-end-of-input");
1712 if (fsck_objects)
1713 argv_array_pushf(&child.args, "--strict%s",
1714 fsck_msg_types.buf);
1715 if (!reject_thin)
1716 argv_array_push(&child.args, "--fix-thin");
1717 if (max_input_size)
1718 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1719 (uintmax_t)max_input_size);
1720 child.out = -1;
1721 child.err = err_fd;
1722 child.git_cmd = 1;
1723 status = start_command(&child);
1724 if (status)
1725 return "index-pack fork failed";
1726 pack_lockfile = index_pack_lockfile(child.out);
1727 close(child.out);
1728 status = finish_command(&child);
1729 if (status)
1730 return "index-pack abnormal exit";
1731 reprepare_packed_git();
1732 }
1733 return NULL;
1734}
1735static const char *unpack_with_sideband(struct shallow_info *si)
1737{
1738 struct async muxer;
1739 const char *ret;
1740 if (!use_sideband)
1742 return unpack(0, si);
1743 use_keepalive = KEEPALIVE_AFTER_NUL;
1745 memset(&muxer, 0, sizeof(muxer));
1746 muxer.proc = copy_to_sideband;
1747 muxer.in = -1;
1748 if (start_async(&muxer))
1749 return NULL;
1750 ret = unpack(muxer.in, si);
1752 finish_async(&muxer);
1754 return ret;
1755}
1756static void prepare_shallow_update(struct command *commands,
1758 struct shallow_info *si)
1759{
1760 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1761 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1763 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1764 si->need_reachability_test =
1766 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1767 si->reachable =
1768 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1769 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1770 for (i = 0; i < si->nr_ours; i++)
1772 si->need_reachability_test[si->ours[i]] = 1;
1773 for (i = 0; i < si->shallow->nr; i++) {
1775 if (!si->used_shallow[i])
1776 continue;
1777 for (j = 0; j < bitmap_size; j++) {
1778 if (!si->used_shallow[i][j])
1779 continue;
1780 si->need_reachability_test[i]++;
1781 for (k = 0; k < 32; k++)
1782 if (si->used_shallow[i][j] & (1U << k))
1783 si->shallow_ref[j * 32 + k]++;
1784 }
1785 /*
1787 * true for those associated with some refs and belong
1788 * in "ours" list aka "step 7 not done yet"
1789 */
1790 si->need_reachability_test[i] =
1791 si->need_reachability_test[i] > 1;
1792 }
1793 /*
1795 * keep hooks happy by forcing a temporary shallow file via
1796 * env variable because we can't add --shallow-file to every
1797 * command. check_everything_connected() will be done with
1798 * true .git/shallow though.
1799 */
1800 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1801}
1802static void update_shallow_info(struct command *commands,
1804 struct shallow_info *si,
1805 struct sha1_array *ref)
1806{
1807 struct command *cmd;
1808 int *ref_status;
1809 remove_nonexistent_theirs_shallow(si);
1810 if (!si->nr_ours && !si->nr_theirs) {
1811 shallow_update = 0;
1812 return;
1813 }
1814 for (cmd = commands; cmd; cmd = cmd->next) {
1816 if (is_null_sha1(cmd->new_sha1))
1817 continue;
1818 sha1_array_append(ref, cmd->new_sha1);
1819 cmd->index = ref->nr - 1;
1820 }
1821 si->ref = ref;
1822 if (shallow_update) {
1824 prepare_shallow_update(commands, si);
1825 return;
1826 }
1827 ALLOC_ARRAY(ref_status, ref->nr);
1829 assign_shallow_commits_to_refs(si, NULL, ref_status);
1830 for (cmd = commands; cmd; cmd = cmd->next) {
1831 if (is_null_sha1(cmd->new_sha1))
1832 continue;
1833 if (ref_status[cmd->index]) {
1834 cmd->error_string = "shallow update not allowed";
1835 cmd->skip_update = 1;
1836 }
1837 }
1838 free(ref_status);
1839}
1840static void report(struct command *commands, const char *unpack_status)
1842{
1843 struct command *cmd;
1844 struct strbuf buf = STRBUF_INIT;
1845 packet_buf_write(&buf, "unpack %s\n",
1847 unpack_status ? unpack_status : "ok");
1848 for (cmd = commands; cmd; cmd = cmd->next) {
1849 if (!cmd->error_string)
1850 packet_buf_write(&buf, "ok %s\n",
1851 cmd->ref_name);
1852 else
1853 packet_buf_write(&buf, "ng %s %s\n",
1854 cmd->ref_name, cmd->error_string);
1855 }
1856 packet_buf_flush(&buf);
1857 if (use_sideband)
1859 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1860 else
1861 write_or_die(1, buf.buf, buf.len);
1862 strbuf_release(&buf);
1863}
1864static int delete_only(struct command *commands)
1866{
1867 struct command *cmd;
1868 for (cmd = commands; cmd; cmd = cmd->next) {
1869 if (!is_null_sha1(cmd->new_sha1))
1870 return 0;
1871 }
1872 return 1;
1873}
1874int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1876{
1877 int advertise_refs = 0;
1878 struct command *commands;
1879 struct sha1_array shallow = SHA1_ARRAY_INIT;
1880 struct sha1_array ref = SHA1_ARRAY_INIT;
1881 struct shallow_info si;
1882 struct option options[] = {
1884 OPT__QUIET(&quiet, N_("quiet")),
1885 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1886 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1887 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1888 OPT_END()
1889 };
1890 packet_trace_identity("receive-pack");
1892 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1894 if (argc > 1)
1896 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1897 if (argc == 0)
1898 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1899 service_dir = argv[0];
1901 setup_path();
1903 if (!enter_repo(service_dir, 0))
1905 die("'%s' does not appear to be a git repository", service_dir);
1906 git_config(receive_pack_config, NULL);
1908 if (cert_nonce_seed)
1909 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1910 if (0 <= transfer_unpack_limit)
1912 unpack_limit = transfer_unpack_limit;
1913 else if (0 <= receive_unpack_limit)
1914 unpack_limit = receive_unpack_limit;
1915 if (advertise_refs || !stateless_rpc) {
1917 write_head_info();
1918 }
1919 if (advertise_refs)
1920 return 0;
1921 if ((commands = read_head_info(&shallow)) != NULL) {
1923 const char *unpack_status = NULL;
1924 struct string_list push_options = STRING_LIST_INIT_DUP;
1925 if (use_push_options)
1927 read_push_options(&push_options);
1928 prepare_shallow_info(&si, &shallow);
1930 if (!si.nr_ours && !si.nr_theirs)
1931 shallow_update = 0;
1932 if (!delete_only(commands)) {
1933 unpack_status = unpack_with_sideband(&si);
1934 update_shallow_info(commands, &si, &ref);
1935 }
1936 use_keepalive = KEEPALIVE_ALWAYS;
1937 execute_commands(commands, unpack_status, &si,
1938 &push_options);
1939 if (pack_lockfile)
1940 unlink_or_warn(pack_lockfile);
1941 if (report_status)
1942 report(commands, unpack_status);
1943 run_receive_hook(commands, "post-receive", 1,
1944 &push_options);
1945 run_update_post_hook(commands);
1946 string_list_clear(&push_options, 0);
1947 if (auto_gc) {
1948 const char *argv_gc_auto[] = {
1949 "gc", "--auto", "--quiet", NULL,
1950 };
1951 struct child_process proc = CHILD_PROCESS_INIT;
1952 proc.no_stdin = 1;
1954 proc.stdout_to_stderr = 1;
1955 proc.err = use_sideband ? -1 : 0;
1956 proc.git_cmd = 1;
1957 proc.argv = argv_gc_auto;
1958 close_all_packs();
1960 if (!start_command(&proc)) {
1961 if (use_sideband)
1962 copy_to_sideband(proc.err, -1, NULL);
1963 finish_command(&proc);
1964 }
1965 }
1966 if (auto_update_server_info)
1967 update_server_info(0);
1968 clear_shallow_info(&si);
1969 }
1970 if (use_sideband)
1971 packet_flush(1);
1972 sha1_array_clear(&shallow);
1973 sha1_array_clear(&ref);
1974 free((void *)push_cert_nonce);
1975 return 0;
1976}