1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22
23static const char receive_pack_usage[] = "git receive-pack <git-dir>";
24
25enum deny_action {
26 DENY_UNCONFIGURED,
27 DENY_IGNORE,
28 DENY_WARN,
29 DENY_REFUSE,
30 DENY_UPDATE_INSTEAD
31};
32
33static int deny_deletes;
34static int deny_non_fast_forwards;
35static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37static int receive_fsck_objects = -1;
38static int transfer_fsck_objects = -1;
39static int receive_unpack_limit = -1;
40static int transfer_unpack_limit = -1;
41static int advertise_atomic_push = 1;
42static int unpack_limit = 100;
43static int report_status;
44static int use_sideband;
45static int use_atomic;
46static int quiet;
47static int prefer_ofs_delta = 1;
48static int auto_update_server_info;
49static int auto_gc = 1;
50static int fix_thin = 1;
51static int stateless_rpc;
52static const char *service_dir;
53static const char *head_name;
54static void *head_name_to_free;
55static int sent_capabilities;
56static int shallow_update;
57static const char *alt_shallow_file;
58static struct strbuf push_cert = STRBUF_INIT;
59static unsigned char push_cert_sha1[20];
60static struct signature_check sigcheck;
61static const char *push_cert_nonce;
62static const char *cert_nonce_seed;
63
64static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65static const char *NONCE_BAD = "BAD";
66static const char *NONCE_MISSING = "MISSING";
67static const char *NONCE_OK = "OK";
68static const char *NONCE_SLOP = "SLOP";
69static const char *nonce_status;
70static long nonce_stamp_slop;
71static unsigned long nonce_stamp_slop_limit;
72static struct ref_transaction *transaction;
73
74static enum deny_action parse_deny_action(const char *var, const char *value)
75{
76 if (value) {
77 if (!strcasecmp(value, "ignore"))
78 return DENY_IGNORE;
79 if (!strcasecmp(value, "warn"))
80 return DENY_WARN;
81 if (!strcasecmp(value, "refuse"))
82 return DENY_REFUSE;
83 if (!strcasecmp(value, "updateinstead"))
84 return DENY_UPDATE_INSTEAD;
85 }
86 if (git_config_bool(var, value))
87 return DENY_REFUSE;
88 return DENY_IGNORE;
89}
90
91static int receive_pack_config(const char *var, const char *value, void *cb)
92{
93 int status = parse_hide_refs_config(var, value, "receive");
94
95 if (status)
96 return status;
97
98 if (strcmp(var, "receive.denydeletes") == 0) {
99 deny_deletes = git_config_bool(var, value);
100 return 0;
101 }
102
103 if (strcmp(var, "receive.denynonfastforwards") == 0) {
104 deny_non_fast_forwards = git_config_bool(var, value);
105 return 0;
106 }
107
108 if (strcmp(var, "receive.unpacklimit") == 0) {
109 receive_unpack_limit = git_config_int(var, value);
110 return 0;
111 }
112
113 if (strcmp(var, "transfer.unpacklimit") == 0) {
114 transfer_unpack_limit = git_config_int(var, value);
115 return 0;
116 }
117
118 if (strcmp(var, "receive.fsckobjects") == 0) {
119 receive_fsck_objects = git_config_bool(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "transfer.fsckobjects") == 0) {
124 transfer_fsck_objects = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (!strcmp(var, "receive.denycurrentbranch")) {
129 deny_current_branch = parse_deny_action(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.denydeletecurrent") == 0) {
134 deny_delete_current = parse_deny_action(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139 prefer_ofs_delta = git_config_bool(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.updateserverinfo") == 0) {
144 auto_update_server_info = git_config_bool(var, value);
145 return 0;
146 }
147
148 if (strcmp(var, "receive.autogc") == 0) {
149 auto_gc = git_config_bool(var, value);
150 return 0;
151 }
152
153 if (strcmp(var, "receive.shallowupdate") == 0) {
154 shallow_update = git_config_bool(var, value);
155 return 0;
156 }
157
158 if (strcmp(var, "receive.certnonceseed") == 0)
159 return git_config_string(&cert_nonce_seed, var, value);
160
161 if (strcmp(var, "receive.certnonceslop") == 0) {
162 nonce_stamp_slop_limit = git_config_ulong(var, value);
163 return 0;
164 }
165
166 if (strcmp(var, "receive.advertiseatomic") == 0) {
167 advertise_atomic_push = git_config_bool(var, value);
168 return 0;
169 }
170
171 return git_default_config(var, value, cb);
172}
173
174static void show_ref(const char *path, const unsigned char *sha1)
175{
176 if (ref_is_hidden(path))
177 return;
178
179 if (sent_capabilities) {
180 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
181 } else {
182 struct strbuf cap = STRBUF_INIT;
183
184 strbuf_addstr(&cap,
185 "report-status delete-refs side-band-64k quiet");
186 if (advertise_atomic_push)
187 strbuf_addstr(&cap, " atomic");
188 if (prefer_ofs_delta)
189 strbuf_addstr(&cap, " ofs-delta");
190 if (push_cert_nonce)
191 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193 packet_write(1, "%s %s%c%s\n",
194 sha1_to_hex(sha1), path, 0, cap.buf);
195 strbuf_release(&cap);
196 sent_capabilities = 1;
197 }
198}
199
200static int show_ref_cb(const char *path, const struct object_id *oid, int flag, void *unused)
201{
202 path = strip_namespace(path);
203 /*
204 * Advertise refs outside our current namespace as ".have"
205 * refs, so that the client can use them to minimize data
206 * transfer but will otherwise ignore them. This happens to
207 * cover ".have" that are thrown in by add_one_alternate_ref()
208 * to mark histories that are complete in our alternates as
209 * well.
210 */
211 if (!path)
212 path = ".have";
213 show_ref(path, oid->hash);
214 return 0;
215}
216
217static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
218{
219 show_ref(".have", sha1);
220}
221
222static void collect_one_alternate_ref(const struct ref *ref, void *data)
223{
224 struct sha1_array *sa = data;
225 sha1_array_append(sa, ref->old_sha1);
226}
227
228static void write_head_info(void)
229{
230 struct sha1_array sa = SHA1_ARRAY_INIT;
231
232 for_each_alternate_ref(collect_one_alternate_ref, &sa);
233 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
234 sha1_array_clear(&sa);
235 for_each_ref(show_ref_cb, NULL);
236 if (!sent_capabilities)
237 show_ref("capabilities^{}", null_sha1);
238
239 advertise_shallow_grafts(1);
240
241 /* EOF */
242 packet_flush(1);
243}
244
245struct command {
246 struct command *next;
247 const char *error_string;
248 unsigned int skip_update:1,
249 did_not_exist:1;
250 int index;
251 unsigned char old_sha1[20];
252 unsigned char new_sha1[20];
253 char ref_name[FLEX_ARRAY]; /* more */
254};
255
256static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
257static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
258
259static void report_message(const char *prefix, const char *err, va_list params)
260{
261 int sz = strlen(prefix);
262 char msg[4096];
263
264 strncpy(msg, prefix, sz);
265 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
266 if (sz > (sizeof(msg) - 1))
267 sz = sizeof(msg) - 1;
268 msg[sz++] = '\n';
269
270 if (use_sideband)
271 send_sideband(1, 2, msg, sz, use_sideband);
272 else
273 xwrite(2, msg, sz);
274}
275
276static void rp_warning(const char *err, ...)
277{
278 va_list params;
279 va_start(params, err);
280 report_message("warning: ", err, params);
281 va_end(params);
282}
283
284static void rp_error(const char *err, ...)
285{
286 va_list params;
287 va_start(params, err);
288 report_message("error: ", err, params);
289 va_end(params);
290}
291
292static int copy_to_sideband(int in, int out, void *arg)
293{
294 char data[128];
295 while (1) {
296 ssize_t sz = xread(in, data, sizeof(data));
297 if (sz <= 0)
298 break;
299 send_sideband(1, 2, data, sz, use_sideband);
300 }
301 close(in);
302 return 0;
303}
304
305#define HMAC_BLOCK_SIZE 64
306
307static void hmac_sha1(unsigned char *out,
308 const char *key_in, size_t key_len,
309 const char *text, size_t text_len)
310{
311 unsigned char key[HMAC_BLOCK_SIZE];
312 unsigned char k_ipad[HMAC_BLOCK_SIZE];
313 unsigned char k_opad[HMAC_BLOCK_SIZE];
314 int i;
315 git_SHA_CTX ctx;
316
317 /* RFC 2104 2. (1) */
318 memset(key, '\0', HMAC_BLOCK_SIZE);
319 if (HMAC_BLOCK_SIZE < key_len) {
320 git_SHA1_Init(&ctx);
321 git_SHA1_Update(&ctx, key_in, key_len);
322 git_SHA1_Final(key, &ctx);
323 } else {
324 memcpy(key, key_in, key_len);
325 }
326
327 /* RFC 2104 2. (2) & (5) */
328 for (i = 0; i < sizeof(key); i++) {
329 k_ipad[i] = key[i] ^ 0x36;
330 k_opad[i] = key[i] ^ 0x5c;
331 }
332
333 /* RFC 2104 2. (3) & (4) */
334 git_SHA1_Init(&ctx);
335 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
336 git_SHA1_Update(&ctx, text, text_len);
337 git_SHA1_Final(out, &ctx);
338
339 /* RFC 2104 2. (6) & (7) */
340 git_SHA1_Init(&ctx);
341 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
342 git_SHA1_Update(&ctx, out, 20);
343 git_SHA1_Final(out, &ctx);
344}
345
346static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
347{
348 struct strbuf buf = STRBUF_INIT;
349 unsigned char sha1[20];
350
351 strbuf_addf(&buf, "%s:%lu", path, stamp);
352 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
353 strbuf_release(&buf);
354
355 /* RFC 2104 5. HMAC-SHA1-80 */
356 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
357 return strbuf_detach(&buf, NULL);
358}
359
360/*
361 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
362 * after dropping "_commit" from its name and possibly moving it out
363 * of commit.c
364 */
365static char *find_header(const char *msg, size_t len, const char *key)
366{
367 int key_len = strlen(key);
368 const char *line = msg;
369
370 while (line && line < msg + len) {
371 const char *eol = strchrnul(line, '\n');
372
373 if ((msg + len <= eol) || line == eol)
374 return NULL;
375 if (line + key_len < eol &&
376 !memcmp(line, key, key_len) && line[key_len] == ' ') {
377 int offset = key_len + 1;
378 return xmemdupz(line + offset, (eol - line) - offset);
379 }
380 line = *eol ? eol + 1 : NULL;
381 }
382 return NULL;
383}
384
385static const char *check_nonce(const char *buf, size_t len)
386{
387 char *nonce = find_header(buf, len, "nonce");
388 unsigned long stamp, ostamp;
389 char *bohmac, *expect = NULL;
390 const char *retval = NONCE_BAD;
391
392 if (!nonce) {
393 retval = NONCE_MISSING;
394 goto leave;
395 } else if (!push_cert_nonce) {
396 retval = NONCE_UNSOLICITED;
397 goto leave;
398 } else if (!strcmp(push_cert_nonce, nonce)) {
399 retval = NONCE_OK;
400 goto leave;
401 }
402
403 if (!stateless_rpc) {
404 /* returned nonce MUST match what we gave out earlier */
405 retval = NONCE_BAD;
406 goto leave;
407 }
408
409 /*
410 * In stateless mode, we may be receiving a nonce issued by
411 * another instance of the server that serving the same
412 * repository, and the timestamps may not match, but the
413 * nonce-seed and dir should match, so we can recompute and
414 * report the time slop.
415 *
416 * In addition, when a nonce issued by another instance has
417 * timestamp within receive.certnonceslop seconds, we pretend
418 * as if we issued that nonce when reporting to the hook.
419 */
420
421 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
422 if (*nonce <= '0' || '9' < *nonce) {
423 retval = NONCE_BAD;
424 goto leave;
425 }
426 stamp = strtoul(nonce, &bohmac, 10);
427 if (bohmac == nonce || bohmac[0] != '-') {
428 retval = NONCE_BAD;
429 goto leave;
430 }
431
432 expect = prepare_push_cert_nonce(service_dir, stamp);
433 if (strcmp(expect, nonce)) {
434 /* Not what we would have signed earlier */
435 retval = NONCE_BAD;
436 goto leave;
437 }
438
439 /*
440 * By how many seconds is this nonce stale? Negative value
441 * would mean it was issued by another server with its clock
442 * skewed in the future.
443 */
444 ostamp = strtoul(push_cert_nonce, NULL, 10);
445 nonce_stamp_slop = (long)ostamp - (long)stamp;
446
447 if (nonce_stamp_slop_limit &&
448 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
449 /*
450 * Pretend as if the received nonce (which passes the
451 * HMAC check, so it is not a forged by third-party)
452 * is what we issued.
453 */
454 free((void *)push_cert_nonce);
455 push_cert_nonce = xstrdup(nonce);
456 retval = NONCE_OK;
457 } else {
458 retval = NONCE_SLOP;
459 }
460
461leave:
462 free(nonce);
463 free(expect);
464 return retval;
465}
466
467static void prepare_push_cert_sha1(struct child_process *proc)
468{
469 static int already_done;
470
471 if (!push_cert.len)
472 return;
473
474 if (!already_done) {
475 struct strbuf gpg_output = STRBUF_INIT;
476 struct strbuf gpg_status = STRBUF_INIT;
477 int bogs /* beginning_of_gpg_sig */;
478
479 already_done = 1;
480 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
481 hashclr(push_cert_sha1);
482
483 memset(&sigcheck, '\0', sizeof(sigcheck));
484 sigcheck.result = 'N';
485
486 bogs = parse_signature(push_cert.buf, push_cert.len);
487 if (verify_signed_buffer(push_cert.buf, bogs,
488 push_cert.buf + bogs, push_cert.len - bogs,
489 &gpg_output, &gpg_status) < 0) {
490 ; /* error running gpg */
491 } else {
492 sigcheck.payload = push_cert.buf;
493 sigcheck.gpg_output = gpg_output.buf;
494 sigcheck.gpg_status = gpg_status.buf;
495 parse_gpg_output(&sigcheck);
496 }
497
498 strbuf_release(&gpg_output);
499 strbuf_release(&gpg_status);
500 nonce_status = check_nonce(push_cert.buf, bogs);
501 }
502 if (!is_null_sha1(push_cert_sha1)) {
503 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
504 sha1_to_hex(push_cert_sha1));
505 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
506 sigcheck.signer ? sigcheck.signer : "");
507 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
508 sigcheck.key ? sigcheck.key : "");
509 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
510 sigcheck.result);
511 if (push_cert_nonce) {
512 argv_array_pushf(&proc->env_array,
513 "GIT_PUSH_CERT_NONCE=%s",
514 push_cert_nonce);
515 argv_array_pushf(&proc->env_array,
516 "GIT_PUSH_CERT_NONCE_STATUS=%s",
517 nonce_status);
518 if (nonce_status == NONCE_SLOP)
519 argv_array_pushf(&proc->env_array,
520 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
521 nonce_stamp_slop);
522 }
523 }
524}
525
526typedef int (*feed_fn)(void *, const char **, size_t *);
527static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
528{
529 struct child_process proc = CHILD_PROCESS_INIT;
530 struct async muxer;
531 const char *argv[2];
532 int code;
533
534 argv[0] = find_hook(hook_name);
535 if (!argv[0])
536 return 0;
537
538 argv[1] = NULL;
539
540 proc.argv = argv;
541 proc.in = -1;
542 proc.stdout_to_stderr = 1;
543
544 if (use_sideband) {
545 memset(&muxer, 0, sizeof(muxer));
546 muxer.proc = copy_to_sideband;
547 muxer.in = -1;
548 code = start_async(&muxer);
549 if (code)
550 return code;
551 proc.err = muxer.in;
552 }
553
554 prepare_push_cert_sha1(&proc);
555
556 code = start_command(&proc);
557 if (code) {
558 if (use_sideband)
559 finish_async(&muxer);
560 return code;
561 }
562
563 sigchain_push(SIGPIPE, SIG_IGN);
564
565 while (1) {
566 const char *buf;
567 size_t n;
568 if (feed(feed_state, &buf, &n))
569 break;
570 if (write_in_full(proc.in, buf, n) != n)
571 break;
572 }
573 close(proc.in);
574 if (use_sideband)
575 finish_async(&muxer);
576
577 sigchain_pop(SIGPIPE);
578
579 return finish_command(&proc);
580}
581
582struct receive_hook_feed_state {
583 struct command *cmd;
584 int skip_broken;
585 struct strbuf buf;
586};
587
588static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
589{
590 struct receive_hook_feed_state *state = state_;
591 struct command *cmd = state->cmd;
592
593 while (cmd &&
594 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
595 cmd = cmd->next;
596 if (!cmd)
597 return -1; /* EOF */
598 strbuf_reset(&state->buf);
599 strbuf_addf(&state->buf, "%s %s %s\n",
600 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
601 cmd->ref_name);
602 state->cmd = cmd->next;
603 if (bufp) {
604 *bufp = state->buf.buf;
605 *sizep = state->buf.len;
606 }
607 return 0;
608}
609
610static int run_receive_hook(struct command *commands, const char *hook_name,
611 int skip_broken)
612{
613 struct receive_hook_feed_state state;
614 int status;
615
616 strbuf_init(&state.buf, 0);
617 state.cmd = commands;
618 state.skip_broken = skip_broken;
619 if (feed_receive_hook(&state, NULL, NULL))
620 return 0;
621 state.cmd = commands;
622 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
623 strbuf_release(&state.buf);
624 return status;
625}
626
627static int run_update_hook(struct command *cmd)
628{
629 const char *argv[5];
630 struct child_process proc = CHILD_PROCESS_INIT;
631 int code;
632
633 argv[0] = find_hook("update");
634 if (!argv[0])
635 return 0;
636
637 argv[1] = cmd->ref_name;
638 argv[2] = sha1_to_hex(cmd->old_sha1);
639 argv[3] = sha1_to_hex(cmd->new_sha1);
640 argv[4] = NULL;
641
642 proc.no_stdin = 1;
643 proc.stdout_to_stderr = 1;
644 proc.err = use_sideband ? -1 : 0;
645 proc.argv = argv;
646
647 code = start_command(&proc);
648 if (code)
649 return code;
650 if (use_sideband)
651 copy_to_sideband(proc.err, -1, NULL);
652 return finish_command(&proc);
653}
654
655static int is_ref_checked_out(const char *ref)
656{
657 if (is_bare_repository())
658 return 0;
659
660 if (!head_name)
661 return 0;
662 return !strcmp(head_name, ref);
663}
664
665static char *refuse_unconfigured_deny_msg[] = {
666 "By default, updating the current branch in a non-bare repository",
667 "is denied, because it will make the index and work tree inconsistent",
668 "with what you pushed, and will require 'git reset --hard' to match",
669 "the work tree to HEAD.",
670 "",
671 "You can set 'receive.denyCurrentBranch' configuration variable to",
672 "'ignore' or 'warn' in the remote repository to allow pushing into",
673 "its current branch; however, this is not recommended unless you",
674 "arranged to update its work tree to match what you pushed in some",
675 "other way.",
676 "",
677 "To squelch this message and still keep the default behaviour, set",
678 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
679};
680
681static void refuse_unconfigured_deny(void)
682{
683 int i;
684 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
685 rp_error("%s", refuse_unconfigured_deny_msg[i]);
686}
687
688static char *refuse_unconfigured_deny_delete_current_msg[] = {
689 "By default, deleting the current branch is denied, because the next",
690 "'git clone' won't result in any file checked out, causing confusion.",
691 "",
692 "You can set 'receive.denyDeleteCurrent' configuration variable to",
693 "'warn' or 'ignore' in the remote repository to allow deleting the",
694 "current branch, with or without a warning message.",
695 "",
696 "To squelch this message, you can set it to 'refuse'."
697};
698
699static void refuse_unconfigured_deny_delete_current(void)
700{
701 int i;
702 for (i = 0;
703 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
704 i++)
705 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
706}
707
708static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
709static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
710{
711 static struct lock_file shallow_lock;
712 struct sha1_array extra = SHA1_ARRAY_INIT;
713 const char *alt_file;
714 uint32_t mask = 1 << (cmd->index % 32);
715 int i;
716
717 trace_printf_key(&trace_shallow,
718 "shallow: update_shallow_ref %s\n", cmd->ref_name);
719 for (i = 0; i < si->shallow->nr; i++)
720 if (si->used_shallow[i] &&
721 (si->used_shallow[i][cmd->index / 32] & mask) &&
722 !delayed_reachability_test(si, i))
723 sha1_array_append(&extra, si->shallow->sha1[i]);
724
725 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
726 if (check_shallow_connected(command_singleton_iterator,
727 0, cmd, alt_file)) {
728 rollback_lock_file(&shallow_lock);
729 sha1_array_clear(&extra);
730 return -1;
731 }
732
733 commit_lock_file(&shallow_lock);
734
735 /*
736 * Make sure setup_alternate_shallow() for the next ref does
737 * not lose these new roots..
738 */
739 for (i = 0; i < extra.nr; i++)
740 register_shallow(extra.sha1[i]);
741
742 si->shallow_ref[cmd->index] = 0;
743 sha1_array_clear(&extra);
744 return 0;
745}
746
747/*
748 * NEEDSWORK: we should consolidate various implementions of "are we
749 * on an unborn branch?" test into one, and make the unified one more
750 * robust. !get_sha1() based check used here and elsewhere would not
751 * allow us to tell an unborn branch from corrupt ref, for example.
752 * For the purpose of fixing "deploy-to-update does not work when
753 * pushing into an empty repository" issue, this should suffice for
754 * now.
755 */
756static int head_has_history(void)
757{
758 unsigned char sha1[20];
759
760 return !get_sha1("HEAD", sha1);
761}
762
763static const char *push_to_deploy(unsigned char *sha1,
764 struct argv_array *env,
765 const char *work_tree)
766{
767 const char *update_refresh[] = {
768 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
769 };
770 const char *diff_files[] = {
771 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
772 };
773 const char *diff_index[] = {
774 "diff-index", "--quiet", "--cached", "--ignore-submodules",
775 NULL, "--", NULL
776 };
777 const char *read_tree[] = {
778 "read-tree", "-u", "-m", NULL, NULL
779 };
780 struct child_process child = CHILD_PROCESS_INIT;
781
782 child.argv = update_refresh;
783 child.env = env->argv;
784 child.dir = work_tree;
785 child.no_stdin = 1;
786 child.stdout_to_stderr = 1;
787 child.git_cmd = 1;
788 if (run_command(&child))
789 return "Up-to-date check failed";
790
791 /* run_command() does not clean up completely; reinitialize */
792 child_process_init(&child);
793 child.argv = diff_files;
794 child.env = env->argv;
795 child.dir = work_tree;
796 child.no_stdin = 1;
797 child.stdout_to_stderr = 1;
798 child.git_cmd = 1;
799 if (run_command(&child))
800 return "Working directory has unstaged changes";
801
802 /* diff-index with either HEAD or an empty tree */
803 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
804
805 child_process_init(&child);
806 child.argv = diff_index;
807 child.env = env->argv;
808 child.no_stdin = 1;
809 child.no_stdout = 1;
810 child.stdout_to_stderr = 0;
811 child.git_cmd = 1;
812 if (run_command(&child))
813 return "Working directory has staged changes";
814
815 read_tree[3] = sha1_to_hex(sha1);
816 child_process_init(&child);
817 child.argv = read_tree;
818 child.env = env->argv;
819 child.dir = work_tree;
820 child.no_stdin = 1;
821 child.no_stdout = 1;
822 child.stdout_to_stderr = 0;
823 child.git_cmd = 1;
824 if (run_command(&child))
825 return "Could not update working tree to new HEAD";
826
827 return NULL;
828}
829
830static const char *push_to_checkout_hook = "push-to-checkout";
831
832static const char *push_to_checkout(unsigned char *sha1,
833 struct argv_array *env,
834 const char *work_tree)
835{
836 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
837 if (run_hook_le(env->argv, push_to_checkout_hook,
838 sha1_to_hex(sha1), NULL))
839 return "push-to-checkout hook declined";
840 else
841 return NULL;
842}
843
844static const char *update_worktree(unsigned char *sha1)
845{
846 const char *retval;
847 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
848 struct argv_array env = ARGV_ARRAY_INIT;
849
850 if (is_bare_repository())
851 return "denyCurrentBranch = updateInstead needs a worktree";
852
853 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
854
855 if (!find_hook(push_to_checkout_hook))
856 retval = push_to_deploy(sha1, &env, work_tree);
857 else
858 retval = push_to_checkout(sha1, &env, work_tree);
859
860 argv_array_clear(&env);
861 return retval;
862}
863
864static const char *update(struct command *cmd, struct shallow_info *si)
865{
866 const char *name = cmd->ref_name;
867 struct strbuf namespaced_name_buf = STRBUF_INIT;
868 const char *namespaced_name, *ret;
869 unsigned char *old_sha1 = cmd->old_sha1;
870 unsigned char *new_sha1 = cmd->new_sha1;
871
872 /* only refs/... are allowed */
873 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
874 rp_error("refusing to create funny ref '%s' remotely", name);
875 return "funny refname";
876 }
877
878 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
879 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
880
881 if (is_ref_checked_out(namespaced_name)) {
882 switch (deny_current_branch) {
883 case DENY_IGNORE:
884 break;
885 case DENY_WARN:
886 rp_warning("updating the current branch");
887 break;
888 case DENY_REFUSE:
889 case DENY_UNCONFIGURED:
890 rp_error("refusing to update checked out branch: %s", name);
891 if (deny_current_branch == DENY_UNCONFIGURED)
892 refuse_unconfigured_deny();
893 return "branch is currently checked out";
894 case DENY_UPDATE_INSTEAD:
895 ret = update_worktree(new_sha1);
896 if (ret)
897 return ret;
898 break;
899 }
900 }
901
902 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
903 error("unpack should have generated %s, "
904 "but I can't find it!", sha1_to_hex(new_sha1));
905 return "bad pack";
906 }
907
908 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
909 if (deny_deletes && starts_with(name, "refs/heads/")) {
910 rp_error("denying ref deletion for %s", name);
911 return "deletion prohibited";
912 }
913
914 if (!strcmp(namespaced_name, head_name)) {
915 switch (deny_delete_current) {
916 case DENY_IGNORE:
917 break;
918 case DENY_WARN:
919 rp_warning("deleting the current branch");
920 break;
921 case DENY_REFUSE:
922 case DENY_UNCONFIGURED:
923 case DENY_UPDATE_INSTEAD:
924 if (deny_delete_current == DENY_UNCONFIGURED)
925 refuse_unconfigured_deny_delete_current();
926 rp_error("refusing to delete the current branch: %s", name);
927 return "deletion of the current branch prohibited";
928 default:
929 return "Invalid denyDeleteCurrent setting";
930 }
931 }
932 }
933
934 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
935 !is_null_sha1(old_sha1) &&
936 starts_with(name, "refs/heads/")) {
937 struct object *old_object, *new_object;
938 struct commit *old_commit, *new_commit;
939
940 old_object = parse_object(old_sha1);
941 new_object = parse_object(new_sha1);
942
943 if (!old_object || !new_object ||
944 old_object->type != OBJ_COMMIT ||
945 new_object->type != OBJ_COMMIT) {
946 error("bad sha1 objects for %s", name);
947 return "bad ref";
948 }
949 old_commit = (struct commit *)old_object;
950 new_commit = (struct commit *)new_object;
951 if (!in_merge_bases(old_commit, new_commit)) {
952 rp_error("denying non-fast-forward %s"
953 " (you should pull first)", name);
954 return "non-fast-forward";
955 }
956 }
957 if (run_update_hook(cmd)) {
958 rp_error("hook declined to update %s", name);
959 return "hook declined";
960 }
961
962 if (is_null_sha1(new_sha1)) {
963 struct strbuf err = STRBUF_INIT;
964 if (!parse_object(old_sha1)) {
965 old_sha1 = NULL;
966 if (ref_exists(name)) {
967 rp_warning("Allowing deletion of corrupt ref.");
968 } else {
969 rp_warning("Deleting a non-existent ref.");
970 cmd->did_not_exist = 1;
971 }
972 }
973 if (ref_transaction_delete(transaction,
974 namespaced_name,
975 old_sha1,
976 0, "push", &err)) {
977 rp_error("%s", err.buf);
978 strbuf_release(&err);
979 return "failed to delete";
980 }
981 strbuf_release(&err);
982 return NULL; /* good */
983 }
984 else {
985 struct strbuf err = STRBUF_INIT;
986 if (shallow_update && si->shallow_ref[cmd->index] &&
987 update_shallow_ref(cmd, si))
988 return "shallow error";
989
990 if (ref_transaction_update(transaction,
991 namespaced_name,
992 new_sha1, old_sha1,
993 0, "push",
994 &err)) {
995 rp_error("%s", err.buf);
996 strbuf_release(&err);
997
998 return "failed to update ref";
999 }
1000 strbuf_release(&err);
1001
1002 return NULL; /* good */
1003 }
1004}
1005
1006static void run_update_post_hook(struct command *commands)
1007{
1008 struct command *cmd;
1009 int argc;
1010 const char **argv;
1011 struct child_process proc = CHILD_PROCESS_INIT;
1012 const char *hook;
1013
1014 hook = find_hook("post-update");
1015 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1016 if (cmd->error_string || cmd->did_not_exist)
1017 continue;
1018 argc++;
1019 }
1020 if (!argc || !hook)
1021 return;
1022
1023 argv = xmalloc(sizeof(*argv) * (2 + argc));
1024 argv[0] = hook;
1025
1026 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1027 if (cmd->error_string || cmd->did_not_exist)
1028 continue;
1029 argv[argc] = xstrdup(cmd->ref_name);
1030 argc++;
1031 }
1032 argv[argc] = NULL;
1033
1034 proc.no_stdin = 1;
1035 proc.stdout_to_stderr = 1;
1036 proc.err = use_sideband ? -1 : 0;
1037 proc.argv = argv;
1038
1039 if (!start_command(&proc)) {
1040 if (use_sideband)
1041 copy_to_sideband(proc.err, -1, NULL);
1042 finish_command(&proc);
1043 }
1044}
1045
1046static void check_aliased_update(struct command *cmd, struct string_list *list)
1047{
1048 struct strbuf buf = STRBUF_INIT;
1049 const char *dst_name;
1050 struct string_list_item *item;
1051 struct command *dst_cmd;
1052 unsigned char sha1[20];
1053 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1054 int flag;
1055
1056 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1057 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1058 strbuf_release(&buf);
1059
1060 if (!(flag & REF_ISSYMREF))
1061 return;
1062
1063 dst_name = strip_namespace(dst_name);
1064 if (!dst_name) {
1065 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1066 cmd->skip_update = 1;
1067 cmd->error_string = "broken symref";
1068 return;
1069 }
1070
1071 if ((item = string_list_lookup(list, dst_name)) == NULL)
1072 return;
1073
1074 cmd->skip_update = 1;
1075
1076 dst_cmd = (struct command *) item->util;
1077
1078 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1079 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1080 return;
1081
1082 dst_cmd->skip_update = 1;
1083
1084 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1085 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1086 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1087 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1088 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1089 " its target '%s' (%s..%s)",
1090 cmd->ref_name, cmd_oldh, cmd_newh,
1091 dst_cmd->ref_name, dst_oldh, dst_newh);
1092
1093 cmd->error_string = dst_cmd->error_string =
1094 "inconsistent aliased update";
1095}
1096
1097static void check_aliased_updates(struct command *commands)
1098{
1099 struct command *cmd;
1100 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1101
1102 for (cmd = commands; cmd; cmd = cmd->next) {
1103 struct string_list_item *item =
1104 string_list_append(&ref_list, cmd->ref_name);
1105 item->util = (void *)cmd;
1106 }
1107 string_list_sort(&ref_list);
1108
1109 for (cmd = commands; cmd; cmd = cmd->next) {
1110 if (!cmd->error_string)
1111 check_aliased_update(cmd, &ref_list);
1112 }
1113
1114 string_list_clear(&ref_list, 0);
1115}
1116
1117static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1118{
1119 struct command **cmd_list = cb_data;
1120 struct command *cmd = *cmd_list;
1121
1122 if (!cmd || is_null_sha1(cmd->new_sha1))
1123 return -1; /* end of list */
1124 *cmd_list = NULL; /* this returns only one */
1125 hashcpy(sha1, cmd->new_sha1);
1126 return 0;
1127}
1128
1129static void set_connectivity_errors(struct command *commands,
1130 struct shallow_info *si)
1131{
1132 struct command *cmd;
1133
1134 for (cmd = commands; cmd; cmd = cmd->next) {
1135 struct command *singleton = cmd;
1136 if (shallow_update && si->shallow_ref[cmd->index])
1137 /* to be checked in update_shallow_ref() */
1138 continue;
1139 if (!check_everything_connected(command_singleton_iterator,
1140 0, &singleton))
1141 continue;
1142 cmd->error_string = "missing necessary objects";
1143 }
1144}
1145
1146struct iterate_data {
1147 struct command *cmds;
1148 struct shallow_info *si;
1149};
1150
1151static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1152{
1153 struct iterate_data *data = cb_data;
1154 struct command **cmd_list = &data->cmds;
1155 struct command *cmd = *cmd_list;
1156
1157 for (; cmd; cmd = cmd->next) {
1158 if (shallow_update && data->si->shallow_ref[cmd->index])
1159 /* to be checked in update_shallow_ref() */
1160 continue;
1161 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1162 hashcpy(sha1, cmd->new_sha1);
1163 *cmd_list = cmd->next;
1164 return 0;
1165 }
1166 }
1167 *cmd_list = NULL;
1168 return -1; /* end of list */
1169}
1170
1171static void reject_updates_to_hidden(struct command *commands)
1172{
1173 struct command *cmd;
1174
1175 for (cmd = commands; cmd; cmd = cmd->next) {
1176 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1177 continue;
1178 if (is_null_sha1(cmd->new_sha1))
1179 cmd->error_string = "deny deleting a hidden ref";
1180 else
1181 cmd->error_string = "deny updating a hidden ref";
1182 }
1183}
1184
1185static int should_process_cmd(struct command *cmd)
1186{
1187 return !cmd->error_string && !cmd->skip_update;
1188}
1189
1190static void warn_if_skipped_connectivity_check(struct command *commands,
1191 struct shallow_info *si)
1192{
1193 struct command *cmd;
1194 int checked_connectivity = 1;
1195
1196 for (cmd = commands; cmd; cmd = cmd->next) {
1197 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1198 error("BUG: connectivity check has not been run on ref %s",
1199 cmd->ref_name);
1200 checked_connectivity = 0;
1201 }
1202 }
1203 if (!checked_connectivity)
1204 die("BUG: connectivity check skipped???");
1205}
1206
1207static void execute_commands_non_atomic(struct command *commands,
1208 struct shallow_info *si)
1209{
1210 struct command *cmd;
1211 struct strbuf err = STRBUF_INIT;
1212
1213 for (cmd = commands; cmd; cmd = cmd->next) {
1214 if (!should_process_cmd(cmd))
1215 continue;
1216
1217 transaction = ref_transaction_begin(&err);
1218 if (!transaction) {
1219 rp_error("%s", err.buf);
1220 strbuf_reset(&err);
1221 cmd->error_string = "transaction failed to start";
1222 continue;
1223 }
1224
1225 cmd->error_string = update(cmd, si);
1226
1227 if (!cmd->error_string
1228 && ref_transaction_commit(transaction, &err)) {
1229 rp_error("%s", err.buf);
1230 strbuf_reset(&err);
1231 cmd->error_string = "failed to update ref";
1232 }
1233 ref_transaction_free(transaction);
1234 }
1235 strbuf_release(&err);
1236}
1237
1238static void execute_commands_atomic(struct command *commands,
1239 struct shallow_info *si)
1240{
1241 struct command *cmd;
1242 struct strbuf err = STRBUF_INIT;
1243 const char *reported_error = "atomic push failure";
1244
1245 transaction = ref_transaction_begin(&err);
1246 if (!transaction) {
1247 rp_error("%s", err.buf);
1248 strbuf_reset(&err);
1249 reported_error = "transaction failed to start";
1250 goto failure;
1251 }
1252
1253 for (cmd = commands; cmd; cmd = cmd->next) {
1254 if (!should_process_cmd(cmd))
1255 continue;
1256
1257 cmd->error_string = update(cmd, si);
1258
1259 if (cmd->error_string)
1260 goto failure;
1261 }
1262
1263 if (ref_transaction_commit(transaction, &err)) {
1264 rp_error("%s", err.buf);
1265 reported_error = "atomic transaction failed";
1266 goto failure;
1267 }
1268 goto cleanup;
1269
1270failure:
1271 for (cmd = commands; cmd; cmd = cmd->next)
1272 if (!cmd->error_string)
1273 cmd->error_string = reported_error;
1274
1275cleanup:
1276 ref_transaction_free(transaction);
1277 strbuf_release(&err);
1278}
1279
1280static void execute_commands(struct command *commands,
1281 const char *unpacker_error,
1282 struct shallow_info *si)
1283{
1284 struct command *cmd;
1285 unsigned char sha1[20];
1286 struct iterate_data data;
1287
1288 if (unpacker_error) {
1289 for (cmd = commands; cmd; cmd = cmd->next)
1290 cmd->error_string = "unpacker error";
1291 return;
1292 }
1293
1294 data.cmds = commands;
1295 data.si = si;
1296 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1297 set_connectivity_errors(commands, si);
1298
1299 reject_updates_to_hidden(commands);
1300
1301 if (run_receive_hook(commands, "pre-receive", 0)) {
1302 for (cmd = commands; cmd; cmd = cmd->next) {
1303 if (!cmd->error_string)
1304 cmd->error_string = "pre-receive hook declined";
1305 }
1306 return;
1307 }
1308
1309 check_aliased_updates(commands);
1310
1311 free(head_name_to_free);
1312 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1313
1314 if (use_atomic)
1315 execute_commands_atomic(commands, si);
1316 else
1317 execute_commands_non_atomic(commands, si);
1318
1319 if (shallow_update)
1320 warn_if_skipped_connectivity_check(commands, si);
1321}
1322
1323static struct command **queue_command(struct command **tail,
1324 const char *line,
1325 int linelen)
1326{
1327 unsigned char old_sha1[20], new_sha1[20];
1328 struct command *cmd;
1329 const char *refname;
1330 int reflen;
1331
1332 if (linelen < 83 ||
1333 line[40] != ' ' ||
1334 line[81] != ' ' ||
1335 get_sha1_hex(line, old_sha1) ||
1336 get_sha1_hex(line + 41, new_sha1))
1337 die("protocol error: expected old/new/ref, got '%s'", line);
1338
1339 refname = line + 82;
1340 reflen = linelen - 82;
1341 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1342 hashcpy(cmd->old_sha1, old_sha1);
1343 hashcpy(cmd->new_sha1, new_sha1);
1344 memcpy(cmd->ref_name, refname, reflen);
1345 cmd->ref_name[reflen] = '\0';
1346 *tail = cmd;
1347 return &cmd->next;
1348}
1349
1350static void queue_commands_from_cert(struct command **tail,
1351 struct strbuf *push_cert)
1352{
1353 const char *boc, *eoc;
1354
1355 if (*tail)
1356 die("protocol error: got both push certificate and unsigned commands");
1357
1358 boc = strstr(push_cert->buf, "\n\n");
1359 if (!boc)
1360 die("malformed push certificate %.*s", 100, push_cert->buf);
1361 else
1362 boc += 2;
1363 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1364
1365 while (boc < eoc) {
1366 const char *eol = memchr(boc, '\n', eoc - boc);
1367 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1368 boc = eol ? eol + 1 : eoc;
1369 }
1370}
1371
1372static struct command *read_head_info(struct sha1_array *shallow)
1373{
1374 struct command *commands = NULL;
1375 struct command **p = &commands;
1376 for (;;) {
1377 char *line;
1378 int len, linelen;
1379
1380 line = packet_read_line(0, &len);
1381 if (!line)
1382 break;
1383
1384 if (len == 48 && starts_with(line, "shallow ")) {
1385 unsigned char sha1[20];
1386 if (get_sha1_hex(line + 8, sha1))
1387 die("protocol error: expected shallow sha, got '%s'",
1388 line + 8);
1389 sha1_array_append(shallow, sha1);
1390 continue;
1391 }
1392
1393 linelen = strlen(line);
1394 if (linelen < len) {
1395 const char *feature_list = line + linelen + 1;
1396 if (parse_feature_request(feature_list, "report-status"))
1397 report_status = 1;
1398 if (parse_feature_request(feature_list, "side-band-64k"))
1399 use_sideband = LARGE_PACKET_MAX;
1400 if (parse_feature_request(feature_list, "quiet"))
1401 quiet = 1;
1402 if (advertise_atomic_push
1403 && parse_feature_request(feature_list, "atomic"))
1404 use_atomic = 1;
1405 }
1406
1407 if (!strcmp(line, "push-cert")) {
1408 int true_flush = 0;
1409 char certbuf[1024];
1410
1411 for (;;) {
1412 len = packet_read(0, NULL, NULL,
1413 certbuf, sizeof(certbuf), 0);
1414 if (!len) {
1415 true_flush = 1;
1416 break;
1417 }
1418 if (!strcmp(certbuf, "push-cert-end\n"))
1419 break; /* end of cert */
1420 strbuf_addstr(&push_cert, certbuf);
1421 }
1422
1423 if (true_flush)
1424 break;
1425 continue;
1426 }
1427
1428 p = queue_command(p, line, linelen);
1429 }
1430
1431 if (push_cert.len)
1432 queue_commands_from_cert(p, &push_cert);
1433
1434 return commands;
1435}
1436
1437static const char *parse_pack_header(struct pack_header *hdr)
1438{
1439 switch (read_pack_header(0, hdr)) {
1440 case PH_ERROR_EOF:
1441 return "eof before pack header was fully read";
1442
1443 case PH_ERROR_PACK_SIGNATURE:
1444 return "protocol error (pack signature mismatch detected)";
1445
1446 case PH_ERROR_PROTOCOL:
1447 return "protocol error (pack version unsupported)";
1448
1449 default:
1450 return "unknown error in parse_pack_header";
1451
1452 case 0:
1453 return NULL;
1454 }
1455}
1456
1457static const char *pack_lockfile;
1458
1459static const char *unpack(int err_fd, struct shallow_info *si)
1460{
1461 struct pack_header hdr;
1462 const char *hdr_err;
1463 int status;
1464 char hdr_arg[38];
1465 struct child_process child = CHILD_PROCESS_INIT;
1466 int fsck_objects = (receive_fsck_objects >= 0
1467 ? receive_fsck_objects
1468 : transfer_fsck_objects >= 0
1469 ? transfer_fsck_objects
1470 : 0);
1471
1472 hdr_err = parse_pack_header(&hdr);
1473 if (hdr_err) {
1474 if (err_fd > 0)
1475 close(err_fd);
1476 return hdr_err;
1477 }
1478 snprintf(hdr_arg, sizeof(hdr_arg),
1479 "--pack_header=%"PRIu32",%"PRIu32,
1480 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1481
1482 if (si->nr_ours || si->nr_theirs) {
1483 alt_shallow_file = setup_temporary_shallow(si->shallow);
1484 argv_array_push(&child.args, "--shallow-file");
1485 argv_array_push(&child.args, alt_shallow_file);
1486 }
1487
1488 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1489 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1490 if (quiet)
1491 argv_array_push(&child.args, "-q");
1492 if (fsck_objects)
1493 argv_array_push(&child.args, "--strict");
1494 child.no_stdout = 1;
1495 child.err = err_fd;
1496 child.git_cmd = 1;
1497 status = run_command(&child);
1498 if (status)
1499 return "unpack-objects abnormal exit";
1500 } else {
1501 int s;
1502 char keep_arg[256];
1503
1504 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1505 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1506 strcpy(keep_arg + s, "localhost");
1507
1508 argv_array_pushl(&child.args, "index-pack",
1509 "--stdin", hdr_arg, keep_arg, NULL);
1510 if (fsck_objects)
1511 argv_array_push(&child.args, "--strict");
1512 if (fix_thin)
1513 argv_array_push(&child.args, "--fix-thin");
1514 child.out = -1;
1515 child.err = err_fd;
1516 child.git_cmd = 1;
1517 status = start_command(&child);
1518 if (status)
1519 return "index-pack fork failed";
1520 pack_lockfile = index_pack_lockfile(child.out);
1521 close(child.out);
1522 status = finish_command(&child);
1523 if (status)
1524 return "index-pack abnormal exit";
1525 reprepare_packed_git();
1526 }
1527 return NULL;
1528}
1529
1530static const char *unpack_with_sideband(struct shallow_info *si)
1531{
1532 struct async muxer;
1533 const char *ret;
1534
1535 if (!use_sideband)
1536 return unpack(0, si);
1537
1538 memset(&muxer, 0, sizeof(muxer));
1539 muxer.proc = copy_to_sideband;
1540 muxer.in = -1;
1541 if (start_async(&muxer))
1542 return NULL;
1543
1544 ret = unpack(muxer.in, si);
1545
1546 finish_async(&muxer);
1547 return ret;
1548}
1549
1550static void prepare_shallow_update(struct command *commands,
1551 struct shallow_info *si)
1552{
1553 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1554
1555 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1556 si->shallow->nr);
1557 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1558
1559 si->need_reachability_test =
1560 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1561 si->reachable =
1562 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1563 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1564
1565 for (i = 0; i < si->nr_ours; i++)
1566 si->need_reachability_test[si->ours[i]] = 1;
1567
1568 for (i = 0; i < si->shallow->nr; i++) {
1569 if (!si->used_shallow[i])
1570 continue;
1571 for (j = 0; j < bitmap_size; j++) {
1572 if (!si->used_shallow[i][j])
1573 continue;
1574 si->need_reachability_test[i]++;
1575 for (k = 0; k < 32; k++)
1576 if (si->used_shallow[i][j] & (1 << k))
1577 si->shallow_ref[j * 32 + k]++;
1578 }
1579
1580 /*
1581 * true for those associated with some refs and belong
1582 * in "ours" list aka "step 7 not done yet"
1583 */
1584 si->need_reachability_test[i] =
1585 si->need_reachability_test[i] > 1;
1586 }
1587
1588 /*
1589 * keep hooks happy by forcing a temporary shallow file via
1590 * env variable because we can't add --shallow-file to every
1591 * command. check_everything_connected() will be done with
1592 * true .git/shallow though.
1593 */
1594 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1595}
1596
1597static void update_shallow_info(struct command *commands,
1598 struct shallow_info *si,
1599 struct sha1_array *ref)
1600{
1601 struct command *cmd;
1602 int *ref_status;
1603 remove_nonexistent_theirs_shallow(si);
1604 if (!si->nr_ours && !si->nr_theirs) {
1605 shallow_update = 0;
1606 return;
1607 }
1608
1609 for (cmd = commands; cmd; cmd = cmd->next) {
1610 if (is_null_sha1(cmd->new_sha1))
1611 continue;
1612 sha1_array_append(ref, cmd->new_sha1);
1613 cmd->index = ref->nr - 1;
1614 }
1615 si->ref = ref;
1616
1617 if (shallow_update) {
1618 prepare_shallow_update(commands, si);
1619 return;
1620 }
1621
1622 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1623 assign_shallow_commits_to_refs(si, NULL, ref_status);
1624 for (cmd = commands; cmd; cmd = cmd->next) {
1625 if (is_null_sha1(cmd->new_sha1))
1626 continue;
1627 if (ref_status[cmd->index]) {
1628 cmd->error_string = "shallow update not allowed";
1629 cmd->skip_update = 1;
1630 }
1631 }
1632 free(ref_status);
1633}
1634
1635static void report(struct command *commands, const char *unpack_status)
1636{
1637 struct command *cmd;
1638 struct strbuf buf = STRBUF_INIT;
1639
1640 packet_buf_write(&buf, "unpack %s\n",
1641 unpack_status ? unpack_status : "ok");
1642 for (cmd = commands; cmd; cmd = cmd->next) {
1643 if (!cmd->error_string)
1644 packet_buf_write(&buf, "ok %s\n",
1645 cmd->ref_name);
1646 else
1647 packet_buf_write(&buf, "ng %s %s\n",
1648 cmd->ref_name, cmd->error_string);
1649 }
1650 packet_buf_flush(&buf);
1651
1652 if (use_sideband)
1653 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1654 else
1655 write_or_die(1, buf.buf, buf.len);
1656 strbuf_release(&buf);
1657}
1658
1659static int delete_only(struct command *commands)
1660{
1661 struct command *cmd;
1662 for (cmd = commands; cmd; cmd = cmd->next) {
1663 if (!is_null_sha1(cmd->new_sha1))
1664 return 0;
1665 }
1666 return 1;
1667}
1668
1669int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1670{
1671 int advertise_refs = 0;
1672 int i;
1673 struct command *commands;
1674 struct sha1_array shallow = SHA1_ARRAY_INIT;
1675 struct sha1_array ref = SHA1_ARRAY_INIT;
1676 struct shallow_info si;
1677
1678 packet_trace_identity("receive-pack");
1679
1680 argv++;
1681 for (i = 1; i < argc; i++) {
1682 const char *arg = *argv++;
1683
1684 if (*arg == '-') {
1685 if (!strcmp(arg, "--quiet")) {
1686 quiet = 1;
1687 continue;
1688 }
1689
1690 if (!strcmp(arg, "--advertise-refs")) {
1691 advertise_refs = 1;
1692 continue;
1693 }
1694 if (!strcmp(arg, "--stateless-rpc")) {
1695 stateless_rpc = 1;
1696 continue;
1697 }
1698 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1699 fix_thin = 0;
1700 continue;
1701 }
1702
1703 usage(receive_pack_usage);
1704 }
1705 if (service_dir)
1706 usage(receive_pack_usage);
1707 service_dir = arg;
1708 }
1709 if (!service_dir)
1710 usage(receive_pack_usage);
1711
1712 setup_path();
1713
1714 if (!enter_repo(service_dir, 0))
1715 die("'%s' does not appear to be a git repository", service_dir);
1716
1717 git_config(receive_pack_config, NULL);
1718 if (cert_nonce_seed)
1719 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1720
1721 if (0 <= transfer_unpack_limit)
1722 unpack_limit = transfer_unpack_limit;
1723 else if (0 <= receive_unpack_limit)
1724 unpack_limit = receive_unpack_limit;
1725
1726 if (advertise_refs || !stateless_rpc) {
1727 write_head_info();
1728 }
1729 if (advertise_refs)
1730 return 0;
1731
1732 if ((commands = read_head_info(&shallow)) != NULL) {
1733 const char *unpack_status = NULL;
1734
1735 prepare_shallow_info(&si, &shallow);
1736 if (!si.nr_ours && !si.nr_theirs)
1737 shallow_update = 0;
1738 if (!delete_only(commands)) {
1739 unpack_status = unpack_with_sideband(&si);
1740 update_shallow_info(commands, &si, &ref);
1741 }
1742 execute_commands(commands, unpack_status, &si);
1743 if (pack_lockfile)
1744 unlink_or_warn(pack_lockfile);
1745 if (report_status)
1746 report(commands, unpack_status);
1747 run_receive_hook(commands, "post-receive", 1);
1748 run_update_post_hook(commands);
1749 if (auto_gc) {
1750 const char *argv_gc_auto[] = {
1751 "gc", "--auto", "--quiet", NULL,
1752 };
1753 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1754 run_command_v_opt(argv_gc_auto, opt);
1755 }
1756 if (auto_update_server_info)
1757 update_server_info(0);
1758 clear_shallow_info(&si);
1759 }
1760 if (use_sideband)
1761 packet_flush(1);
1762 sha1_array_clear(&shallow);
1763 sha1_array_clear(&ref);
1764 free((void *)push_cert_nonce);
1765 return 0;
1766}