1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28};
29enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36};
37static int deny_deletes;
39static int deny_non_fast_forwards;
40static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42static int receive_fsck_objects = -1;
43static int transfer_fsck_objects = -1;
44static struct strbuf fsck_msg_types = STRBUF_INIT;
45static int receive_unpack_limit = -1;
46static int transfer_unpack_limit = -1;
47static int advertise_atomic_push = 1;
48static int advertise_push_options;
49static int unpack_limit = 100;
50static off_t max_input_size;
51static int report_status;
52static int use_sideband;
53static int use_atomic;
54static int use_push_options;
55static int quiet;
56static int prefer_ofs_delta = 1;
57static int auto_update_server_info;
58static int auto_gc = 1;
59static int reject_thin;
60static int stateless_rpc;
61static const char *service_dir;
62static const char *head_name;
63static void *head_name_to_free;
64static int sent_capabilities;
65static int shallow_update;
66static const char *alt_shallow_file;
67static struct strbuf push_cert = STRBUF_INIT;
68static unsigned char push_cert_sha1[20];
69static struct signature_check sigcheck;
70static const char *push_cert_nonce;
71static const char *cert_nonce_seed;
72static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74static const char *NONCE_BAD = "BAD";
75static const char *NONCE_MISSING = "MISSING";
76static const char *NONCE_OK = "OK";
77static const char *NONCE_SLOP = "SLOP";
78static const char *nonce_status;
79static long nonce_stamp_slop;
80static unsigned long nonce_stamp_slop_limit;
81static struct ref_transaction *transaction;
82static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87} use_keepalive;
88static int keepalive_in_sec = 5;
89static struct tmp_objdir *tmp_objdir;
91static enum deny_action parse_deny_action(const char *var, const char *value)
93{
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107}
108static int receive_pack_config(const char *var, const char *value, void *cb)
110{
111 int status = parse_hide_refs_config(var, value, "receive");
112 if (status)
114 return status;
115 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223 return git_default_config(var, value, cb);
225}
226static void show_ref(const char *path, const unsigned char *sha1)
228{
229 if (sent_capabilities) {
230 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write_fmt(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250}
251static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254{
255 const char *path = strip_namespace(path_full);
256 if (ref_is_hidden(path, path_full))
258 return 0;
259 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272}
273static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275{
276 show_ref(".have", sha1);
277 return 0;
278}
279static void collect_one_alternate_ref(const struct ref *ref, void *data)
281{
282 struct sha1_array *sa = data;
283 sha1_array_append(sa, ref->old_oid.hash);
284}
285static void write_head_info(void)
287{
288 struct sha1_array sa = SHA1_ARRAY_INIT;
289 for_each_alternate_ref(collect_one_alternate_ref, &sa);
291 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
292 sha1_array_clear(&sa);
293 for_each_ref(show_ref_cb, NULL);
294 if (!sent_capabilities)
295 show_ref("capabilities^{}", null_sha1);
296 advertise_shallow_grafts(1);
298 /* EOF */
300 packet_flush(1);
301}
302struct command {
304 struct command *next;
305 const char *error_string;
306 unsigned int skip_update:1,
307 did_not_exist:1;
308 int index;
309 unsigned char old_sha1[20];
310 unsigned char new_sha1[20];
311 char ref_name[FLEX_ARRAY]; /* more */
312};
313static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
315static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
316static void report_message(const char *prefix, const char *err, va_list params)
318{
319 int sz;
320 char msg[4096];
321 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
323 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
324 if (sz > (sizeof(msg) - 1))
325 sz = sizeof(msg) - 1;
326 msg[sz++] = '\n';
327 if (use_sideband)
329 send_sideband(1, 2, msg, sz, use_sideband);
330 else
331 xwrite(2, msg, sz);
332}
333static void rp_warning(const char *err, ...)
335{
336 va_list params;
337 va_start(params, err);
338 report_message("warning: ", err, params);
339 va_end(params);
340}
341static void rp_error(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("error: ", err, params);
347 va_end(params);
348}
349static int copy_to_sideband(int in, int out, void *arg)
351{
352 char data[128];
353 int keepalive_active = 0;
354 if (keepalive_in_sec <= 0)
356 use_keepalive = KEEPALIVE_NEVER;
357 if (use_keepalive == KEEPALIVE_ALWAYS)
358 keepalive_active = 1;
359 while (1) {
361 ssize_t sz;
362 if (keepalive_active) {
364 struct pollfd pfd;
365 int ret;
366 pfd.fd = in;
368 pfd.events = POLLIN;
369 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
370 if (ret < 0) {
372 if (errno == EINTR)
373 continue;
374 else
375 break;
376 } else if (ret == 0) {
377 /* no data; send a keepalive packet */
378 static const char buf[] = "0005\1";
379 write_or_die(1, buf, sizeof(buf) - 1);
380 continue;
381 } /* else there is actual data to read */
382 }
383 sz = xread(in, data, sizeof(data));
385 if (sz <= 0)
386 break;
387 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
389 const char *p = memchr(data, '\0', sz);
390 if (p) {
391 /*
392 * The NUL tells us to start sending keepalives. Make
393 * sure we send any other data we read along
394 * with it.
395 */
396 keepalive_active = 1;
397 send_sideband(1, 2, data, p - data, use_sideband);
398 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
399 continue;
400 }
401 }
402 /*
404 * Either we're not looking for a NUL signal, or we didn't see
405 * it yet; just pass along the data.
406 */
407 send_sideband(1, 2, data, sz, use_sideband);
408 }
409 close(in);
410 return 0;
411}
412#define HMAC_BLOCK_SIZE 64
414static void hmac_sha1(unsigned char *out,
416 const char *key_in, size_t key_len,
417 const char *text, size_t text_len)
418{
419 unsigned char key[HMAC_BLOCK_SIZE];
420 unsigned char k_ipad[HMAC_BLOCK_SIZE];
421 unsigned char k_opad[HMAC_BLOCK_SIZE];
422 int i;
423 git_SHA_CTX ctx;
424 /* RFC 2104 2. (1) */
426 memset(key, '\0', HMAC_BLOCK_SIZE);
427 if (HMAC_BLOCK_SIZE < key_len) {
428 git_SHA1_Init(&ctx);
429 git_SHA1_Update(&ctx, key_in, key_len);
430 git_SHA1_Final(key, &ctx);
431 } else {
432 memcpy(key, key_in, key_len);
433 }
434 /* RFC 2104 2. (2) & (5) */
436 for (i = 0; i < sizeof(key); i++) {
437 k_ipad[i] = key[i] ^ 0x36;
438 k_opad[i] = key[i] ^ 0x5c;
439 }
440 /* RFC 2104 2. (3) & (4) */
442 git_SHA1_Init(&ctx);
443 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
444 git_SHA1_Update(&ctx, text, text_len);
445 git_SHA1_Final(out, &ctx);
446 /* RFC 2104 2. (6) & (7) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
450 git_SHA1_Update(&ctx, out, 20);
451 git_SHA1_Final(out, &ctx);
452}
453static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
455{
456 struct strbuf buf = STRBUF_INIT;
457 unsigned char sha1[20];
458 strbuf_addf(&buf, "%s:%lu", path, stamp);
460 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
461 strbuf_release(&buf);
462 /* RFC 2104 5. HMAC-SHA1-80 */
464 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
465 return strbuf_detach(&buf, NULL);
466}
467/*
469 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
470 * after dropping "_commit" from its name and possibly moving it out
471 * of commit.c
472 */
473static char *find_header(const char *msg, size_t len, const char *key,
474 const char **next_line)
475{
476 int key_len = strlen(key);
477 const char *line = msg;
478 while (line && line < msg + len) {
480 const char *eol = strchrnul(line, '\n');
481 if ((msg + len <= eol) || line == eol)
483 return NULL;
484 if (line + key_len < eol &&
485 !memcmp(line, key, key_len) && line[key_len] == ' ') {
486 int offset = key_len + 1;
487 if (next_line)
488 *next_line = *eol ? eol + 1 : eol;
489 return xmemdupz(line + offset, (eol - line) - offset);
490 }
491 line = *eol ? eol + 1 : NULL;
492 }
493 return NULL;
494}
495static const char *check_nonce(const char *buf, size_t len)
497{
498 char *nonce = find_header(buf, len, "nonce", NULL);
499 unsigned long stamp, ostamp;
500 char *bohmac, *expect = NULL;
501 const char *retval = NONCE_BAD;
502 if (!nonce) {
504 retval = NONCE_MISSING;
505 goto leave;
506 } else if (!push_cert_nonce) {
507 retval = NONCE_UNSOLICITED;
508 goto leave;
509 } else if (!strcmp(push_cert_nonce, nonce)) {
510 retval = NONCE_OK;
511 goto leave;
512 }
513 if (!stateless_rpc) {
515 /* returned nonce MUST match what we gave out earlier */
516 retval = NONCE_BAD;
517 goto leave;
518 }
519 /*
521 * In stateless mode, we may be receiving a nonce issued by
522 * another instance of the server that serving the same
523 * repository, and the timestamps may not match, but the
524 * nonce-seed and dir should match, so we can recompute and
525 * report the time slop.
526 *
527 * In addition, when a nonce issued by another instance has
528 * timestamp within receive.certnonceslop seconds, we pretend
529 * as if we issued that nonce when reporting to the hook.
530 */
531 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
533 if (*nonce <= '0' || '9' < *nonce) {
534 retval = NONCE_BAD;
535 goto leave;
536 }
537 stamp = strtoul(nonce, &bohmac, 10);
538 if (bohmac == nonce || bohmac[0] != '-') {
539 retval = NONCE_BAD;
540 goto leave;
541 }
542 expect = prepare_push_cert_nonce(service_dir, stamp);
544 if (strcmp(expect, nonce)) {
545 /* Not what we would have signed earlier */
546 retval = NONCE_BAD;
547 goto leave;
548 }
549 /*
551 * By how many seconds is this nonce stale? Negative value
552 * would mean it was issued by another server with its clock
553 * skewed in the future.
554 */
555 ostamp = strtoul(push_cert_nonce, NULL, 10);
556 nonce_stamp_slop = (long)ostamp - (long)stamp;
557 if (nonce_stamp_slop_limit &&
559 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
560 /*
561 * Pretend as if the received nonce (which passes the
562 * HMAC check, so it is not a forged by third-party)
563 * is what we issued.
564 */
565 free((void *)push_cert_nonce);
566 push_cert_nonce = xstrdup(nonce);
567 retval = NONCE_OK;
568 } else {
569 retval = NONCE_SLOP;
570 }
571leave:
573 free(nonce);
574 free(expect);
575 return retval;
576}
577/*
579 * Return 1 if there is no push_cert or if the push options in push_cert are
580 * the same as those in the argument; 0 otherwise.
581 */
582static int check_cert_push_options(const struct string_list *push_options)
583{
584 const char *buf = push_cert.buf;
585 int len = push_cert.len;
586 char *option;
588 const char *next_line;
589 int options_seen = 0;
590 int retval = 1;
592 if (!len)
594 return 1;
595 while ((option = find_header(buf, len, "push-option", &next_line))) {
597 len -= (next_line - buf);
598 buf = next_line;
599 options_seen++;
600 if (options_seen > push_options->nr
601 || strcmp(option,
602 push_options->items[options_seen - 1].string)) {
603 retval = 0;
604 goto leave;
605 }
606 free(option);
607 }
608 if (options_seen != push_options->nr)
610 retval = 0;
611leave:
613 free(option);
614 return retval;
615}
616static void prepare_push_cert_sha1(struct child_process *proc)
618{
619 static int already_done;
620 if (!push_cert.len)
622 return;
623 if (!already_done) {
625 struct strbuf gpg_output = STRBUF_INIT;
626 struct strbuf gpg_status = STRBUF_INIT;
627 int bogs /* beginning_of_gpg_sig */;
628 already_done = 1;
630 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
631 hashclr(push_cert_sha1);
632 memset(&sigcheck, '\0', sizeof(sigcheck));
634 sigcheck.result = 'N';
635 bogs = parse_signature(push_cert.buf, push_cert.len);
637 if (verify_signed_buffer(push_cert.buf, bogs,
638 push_cert.buf + bogs, push_cert.len - bogs,
639 &gpg_output, &gpg_status) < 0) {
640 ; /* error running gpg */
641 } else {
642 sigcheck.payload = push_cert.buf;
643 sigcheck.gpg_output = gpg_output.buf;
644 sigcheck.gpg_status = gpg_status.buf;
645 parse_gpg_output(&sigcheck);
646 }
647 strbuf_release(&gpg_output);
649 strbuf_release(&gpg_status);
650 nonce_status = check_nonce(push_cert.buf, bogs);
651 }
652 if (!is_null_sha1(push_cert_sha1)) {
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
654 sha1_to_hex(push_cert_sha1));
655 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
656 sigcheck.signer ? sigcheck.signer : "");
657 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
658 sigcheck.key ? sigcheck.key : "");
659 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
660 sigcheck.result);
661 if (push_cert_nonce) {
662 argv_array_pushf(&proc->env_array,
663 "GIT_PUSH_CERT_NONCE=%s",
664 push_cert_nonce);
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE_STATUS=%s",
667 nonce_status);
668 if (nonce_status == NONCE_SLOP)
669 argv_array_pushf(&proc->env_array,
670 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
671 nonce_stamp_slop);
672 }
673 }
674}
675struct receive_hook_feed_state {
677 struct command *cmd;
678 int skip_broken;
679 struct strbuf buf;
680 const struct string_list *push_options;
681};
682typedef int (*feed_fn)(void *, const char **, size_t *);
684static int run_and_feed_hook(const char *hook_name, feed_fn feed,
685 struct receive_hook_feed_state *feed_state)
686{
687 struct child_process proc = CHILD_PROCESS_INIT;
688 struct async muxer;
689 const char *argv[2];
690 int code;
691 argv[0] = find_hook(hook_name);
693 if (!argv[0])
694 return 0;
695 argv[1] = NULL;
697 proc.argv = argv;
699 proc.in = -1;
700 proc.stdout_to_stderr = 1;
701 if (feed_state->push_options) {
702 int i;
703 for (i = 0; i < feed_state->push_options->nr; i++)
704 argv_array_pushf(&proc.env_array,
705 "GIT_PUSH_OPTION_%d=%s", i,
706 feed_state->push_options->items[i].string);
707 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
708 feed_state->push_options->nr);
709 } else
710 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
711 if (tmp_objdir)
713 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
714 if (use_sideband) {
716 memset(&muxer, 0, sizeof(muxer));
717 muxer.proc = copy_to_sideband;
718 muxer.in = -1;
719 code = start_async(&muxer);
720 if (code)
721 return code;
722 proc.err = muxer.in;
723 }
724 prepare_push_cert_sha1(&proc);
726 code = start_command(&proc);
728 if (code) {
729 if (use_sideband)
730 finish_async(&muxer);
731 return code;
732 }
733 sigchain_push(SIGPIPE, SIG_IGN);
735 while (1) {
737 const char *buf;
738 size_t n;
739 if (feed(feed_state, &buf, &n))
740 break;
741 if (write_in_full(proc.in, buf, n) != n)
742 break;
743 }
744 close(proc.in);
745 if (use_sideband)
746 finish_async(&muxer);
747 sigchain_pop(SIGPIPE);
749 return finish_command(&proc);
751}
752static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
754{
755 struct receive_hook_feed_state *state = state_;
756 struct command *cmd = state->cmd;
757 while (cmd &&
759 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
760 cmd = cmd->next;
761 if (!cmd)
762 return -1; /* EOF */
763 strbuf_reset(&state->buf);
764 strbuf_addf(&state->buf, "%s %s %s\n",
765 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
766 cmd->ref_name);
767 state->cmd = cmd->next;
768 if (bufp) {
769 *bufp = state->buf.buf;
770 *sizep = state->buf.len;
771 }
772 return 0;
773}
774static int run_receive_hook(struct command *commands,
776 const char *hook_name,
777 int skip_broken,
778 const struct string_list *push_options)
779{
780 struct receive_hook_feed_state state;
781 int status;
782 strbuf_init(&state.buf, 0);
784 state.cmd = commands;
785 state.skip_broken = skip_broken;
786 if (feed_receive_hook(&state, NULL, NULL))
787 return 0;
788 state.cmd = commands;
789 state.push_options = push_options;
790 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
791 strbuf_release(&state.buf);
792 return status;
793}
794static int run_update_hook(struct command *cmd)
796{
797 const char *argv[5];
798 struct child_process proc = CHILD_PROCESS_INIT;
799 int code;
800 argv[0] = find_hook("update");
802 if (!argv[0])
803 return 0;
804 argv[1] = cmd->ref_name;
806 argv[2] = sha1_to_hex(cmd->old_sha1);
807 argv[3] = sha1_to_hex(cmd->new_sha1);
808 argv[4] = NULL;
809 proc.no_stdin = 1;
811 proc.stdout_to_stderr = 1;
812 proc.err = use_sideband ? -1 : 0;
813 proc.argv = argv;
814 proc.env = tmp_objdir_env(tmp_objdir);
815 code = start_command(&proc);
817 if (code)
818 return code;
819 if (use_sideband)
820 copy_to_sideband(proc.err, -1, NULL);
821 return finish_command(&proc);
822}
823static int is_ref_checked_out(const char *ref)
825{
826 if (is_bare_repository())
827 return 0;
828 if (!head_name)
830 return 0;
831 return !strcmp(head_name, ref);
832}
833static char *refuse_unconfigured_deny_msg =
835 N_("By default, updating the current branch in a non-bare repository\n"
836 "is denied, because it will make the index and work tree inconsistent\n"
837 "with what you pushed, and will require 'git reset --hard' to match\n"
838 "the work tree to HEAD.\n"
839 "\n"
840 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
841 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
842 "its current branch; however, this is not recommended unless you\n"
843 "arranged to update its work tree to match what you pushed in some\n"
844 "other way.\n"
845 "\n"
846 "To squelch this message and still keep the default behaviour, set\n"
847 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
848static void refuse_unconfigured_deny(void)
850{
851 rp_error("%s", _(refuse_unconfigured_deny_msg));
852}
853static char *refuse_unconfigured_deny_delete_current_msg =
855 N_("By default, deleting the current branch is denied, because the next\n"
856 "'git clone' won't result in any file checked out, causing confusion.\n"
857 "\n"
858 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
859 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
860 "current branch, with or without a warning message.\n"
861 "\n"
862 "To squelch this message, you can set it to 'refuse'.");
863static void refuse_unconfigured_deny_delete_current(void)
865{
866 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
867}
868static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
870static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
871{
872 static struct lock_file shallow_lock;
873 struct sha1_array extra = SHA1_ARRAY_INIT;
874 struct check_connected_options opt = CHECK_CONNECTED_INIT;
875 uint32_t mask = 1 << (cmd->index % 32);
876 int i;
877 trace_printf_key(&trace_shallow,
879 "shallow: update_shallow_ref %s\n", cmd->ref_name);
880 for (i = 0; i < si->shallow->nr; i++)
881 if (si->used_shallow[i] &&
882 (si->used_shallow[i][cmd->index / 32] & mask) &&
883 !delayed_reachability_test(si, i))
884 sha1_array_append(&extra, si->shallow->sha1[i]);
885 opt.env = tmp_objdir_env(tmp_objdir);
887 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
888 if (check_connected(command_singleton_iterator, cmd, &opt)) {
889 rollback_lock_file(&shallow_lock);
890 sha1_array_clear(&extra);
891 return -1;
892 }
893 commit_lock_file(&shallow_lock);
895 /*
897 * Make sure setup_alternate_shallow() for the next ref does
898 * not lose these new roots..
899 */
900 for (i = 0; i < extra.nr; i++)
901 register_shallow(extra.sha1[i]);
902 si->shallow_ref[cmd->index] = 0;
904 sha1_array_clear(&extra);
905 return 0;
906}
907/*
909 * NEEDSWORK: we should consolidate various implementions of "are we
910 * on an unborn branch?" test into one, and make the unified one more
911 * robust. !get_sha1() based check used here and elsewhere would not
912 * allow us to tell an unborn branch from corrupt ref, for example.
913 * For the purpose of fixing "deploy-to-update does not work when
914 * pushing into an empty repository" issue, this should suffice for
915 * now.
916 */
917static int head_has_history(void)
918{
919 unsigned char sha1[20];
920 return !get_sha1("HEAD", sha1);
922}
923static const char *push_to_deploy(unsigned char *sha1,
925 struct argv_array *env,
926 const char *work_tree)
927{
928 const char *update_refresh[] = {
929 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
930 };
931 const char *diff_files[] = {
932 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
933 };
934 const char *diff_index[] = {
935 "diff-index", "--quiet", "--cached", "--ignore-submodules",
936 NULL, "--", NULL
937 };
938 const char *read_tree[] = {
939 "read-tree", "-u", "-m", NULL, NULL
940 };
941 struct child_process child = CHILD_PROCESS_INIT;
942 child.argv = update_refresh;
944 child.env = env->argv;
945 child.dir = work_tree;
946 child.no_stdin = 1;
947 child.stdout_to_stderr = 1;
948 child.git_cmd = 1;
949 if (run_command(&child))
950 return "Up-to-date check failed";
951 /* run_command() does not clean up completely; reinitialize */
953 child_process_init(&child);
954 child.argv = diff_files;
955 child.env = env->argv;
956 child.dir = work_tree;
957 child.no_stdin = 1;
958 child.stdout_to_stderr = 1;
959 child.git_cmd = 1;
960 if (run_command(&child))
961 return "Working directory has unstaged changes";
962 /* diff-index with either HEAD or an empty tree */
964 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
965 child_process_init(&child);
967 child.argv = diff_index;
968 child.env = env->argv;
969 child.no_stdin = 1;
970 child.no_stdout = 1;
971 child.stdout_to_stderr = 0;
972 child.git_cmd = 1;
973 if (run_command(&child))
974 return "Working directory has staged changes";
975 read_tree[3] = sha1_to_hex(sha1);
977 child_process_init(&child);
978 child.argv = read_tree;
979 child.env = env->argv;
980 child.dir = work_tree;
981 child.no_stdin = 1;
982 child.no_stdout = 1;
983 child.stdout_to_stderr = 0;
984 child.git_cmd = 1;
985 if (run_command(&child))
986 return "Could not update working tree to new HEAD";
987 return NULL;
989}
990static const char *push_to_checkout_hook = "push-to-checkout";
992static const char *push_to_checkout(unsigned char *sha1,
994 struct argv_array *env,
995 const char *work_tree)
996{
997 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
998 if (run_hook_le(env->argv, push_to_checkout_hook,
999 sha1_to_hex(sha1), NULL))
1000 return "push-to-checkout hook declined";
1001 else
1002 return NULL;
1003}
1004static const char *update_worktree(unsigned char *sha1)
1006{
1007 const char *retval;
1008 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1009 struct argv_array env = ARGV_ARRAY_INIT;
1010 if (is_bare_repository())
1012 return "denyCurrentBranch = updateInstead needs a worktree";
1013 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1015 if (!find_hook(push_to_checkout_hook))
1017 retval = push_to_deploy(sha1, &env, work_tree);
1018 else
1019 retval = push_to_checkout(sha1, &env, work_tree);
1020 argv_array_clear(&env);
1022 return retval;
1023}
1024static const char *update(struct command *cmd, struct shallow_info *si)
1026{
1027 const char *name = cmd->ref_name;
1028 struct strbuf namespaced_name_buf = STRBUF_INIT;
1029 const char *namespaced_name, *ret;
1030 unsigned char *old_sha1 = cmd->old_sha1;
1031 unsigned char *new_sha1 = cmd->new_sha1;
1032 /* only refs/... are allowed */
1034 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1035 rp_error("refusing to create funny ref '%s' remotely", name);
1036 return "funny refname";
1037 }
1038 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1040 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1041 if (is_ref_checked_out(namespaced_name)) {
1043 switch (deny_current_branch) {
1044 case DENY_IGNORE:
1045 break;
1046 case DENY_WARN:
1047 rp_warning("updating the current branch");
1048 break;
1049 case DENY_REFUSE:
1050 case DENY_UNCONFIGURED:
1051 rp_error("refusing to update checked out branch: %s", name);
1052 if (deny_current_branch == DENY_UNCONFIGURED)
1053 refuse_unconfigured_deny();
1054 return "branch is currently checked out";
1055 case DENY_UPDATE_INSTEAD:
1056 ret = update_worktree(new_sha1);
1057 if (ret)
1058 return ret;
1059 break;
1060 }
1061 }
1062 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1064 error("unpack should have generated %s, "
1065 "but I can't find it!", sha1_to_hex(new_sha1));
1066 return "bad pack";
1067 }
1068 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1070 if (deny_deletes && starts_with(name, "refs/heads/")) {
1071 rp_error("denying ref deletion for %s", name);
1072 return "deletion prohibited";
1073 }
1074 if (head_name && !strcmp(namespaced_name, head_name)) {
1076 switch (deny_delete_current) {
1077 case DENY_IGNORE:
1078 break;
1079 case DENY_WARN:
1080 rp_warning("deleting the current branch");
1081 break;
1082 case DENY_REFUSE:
1083 case DENY_UNCONFIGURED:
1084 case DENY_UPDATE_INSTEAD:
1085 if (deny_delete_current == DENY_UNCONFIGURED)
1086 refuse_unconfigured_deny_delete_current();
1087 rp_error("refusing to delete the current branch: %s", name);
1088 return "deletion of the current branch prohibited";
1089 default:
1090 return "Invalid denyDeleteCurrent setting";
1091 }
1092 }
1093 }
1094 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1096 !is_null_sha1(old_sha1) &&
1097 starts_with(name, "refs/heads/")) {
1098 struct object *old_object, *new_object;
1099 struct commit *old_commit, *new_commit;
1100 old_object = parse_object(old_sha1);
1102 new_object = parse_object(new_sha1);
1103 if (!old_object || !new_object ||
1105 old_object->type != OBJ_COMMIT ||
1106 new_object->type != OBJ_COMMIT) {
1107 error("bad sha1 objects for %s", name);
1108 return "bad ref";
1109 }
1110 old_commit = (struct commit *)old_object;
1111 new_commit = (struct commit *)new_object;
1112 if (!in_merge_bases(old_commit, new_commit)) {
1113 rp_error("denying non-fast-forward %s"
1114 " (you should pull first)", name);
1115 return "non-fast-forward";
1116 }
1117 }
1118 if (run_update_hook(cmd)) {
1119 rp_error("hook declined to update %s", name);
1120 return "hook declined";
1121 }
1122 if (is_null_sha1(new_sha1)) {
1124 struct strbuf err = STRBUF_INIT;
1125 if (!parse_object(old_sha1)) {
1126 old_sha1 = NULL;
1127 if (ref_exists(name)) {
1128 rp_warning("Allowing deletion of corrupt ref.");
1129 } else {
1130 rp_warning("Deleting a non-existent ref.");
1131 cmd->did_not_exist = 1;
1132 }
1133 }
1134 if (ref_transaction_delete(transaction,
1135 namespaced_name,
1136 old_sha1,
1137 0, "push", &err)) {
1138 rp_error("%s", err.buf);
1139 strbuf_release(&err);
1140 return "failed to delete";
1141 }
1142 strbuf_release(&err);
1143 return NULL; /* good */
1144 }
1145 else {
1146 struct strbuf err = STRBUF_INIT;
1147 if (shallow_update && si->shallow_ref[cmd->index] &&
1148 update_shallow_ref(cmd, si))
1149 return "shallow error";
1150 if (ref_transaction_update(transaction,
1152 namespaced_name,
1153 new_sha1, old_sha1,
1154 0, "push",
1155 &err)) {
1156 rp_error("%s", err.buf);
1157 strbuf_release(&err);
1158 return "failed to update ref";
1160 }
1161 strbuf_release(&err);
1162 return NULL; /* good */
1164 }
1165}
1166static void run_update_post_hook(struct command *commands)
1168{
1169 struct command *cmd;
1170 struct child_process proc = CHILD_PROCESS_INIT;
1171 const char *hook;
1172 hook = find_hook("post-update");
1174 if (!hook)
1175 return;
1176 for (cmd = commands; cmd; cmd = cmd->next) {
1178 if (cmd->error_string || cmd->did_not_exist)
1179 continue;
1180 if (!proc.args.argc)
1181 argv_array_push(&proc.args, hook);
1182 argv_array_push(&proc.args, cmd->ref_name);
1183 }
1184 if (!proc.args.argc)
1185 return;
1186 proc.no_stdin = 1;
1188 proc.stdout_to_stderr = 1;
1189 proc.err = use_sideband ? -1 : 0;
1190 if (!start_command(&proc)) {
1192 if (use_sideband)
1193 copy_to_sideband(proc.err, -1, NULL);
1194 finish_command(&proc);
1195 }
1196}
1197static void check_aliased_update(struct command *cmd, struct string_list *list)
1199{
1200 struct strbuf buf = STRBUF_INIT;
1201 const char *dst_name;
1202 struct string_list_item *item;
1203 struct command *dst_cmd;
1204 unsigned char sha1[GIT_SHA1_RAWSZ];
1205 int flag;
1206 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1208 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1209 strbuf_release(&buf);
1210 if (!(flag & REF_ISSYMREF))
1212 return;
1213 if (!dst_name) {
1215 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1216 cmd->skip_update = 1;
1217 cmd->error_string = "broken symref";
1218 return;
1219 }
1220 dst_name = strip_namespace(dst_name);
1221 if ((item = string_list_lookup(list, dst_name)) == NULL)
1223 return;
1224 cmd->skip_update = 1;
1226 dst_cmd = (struct command *) item->util;
1228 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1230 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1231 return;
1232 dst_cmd->skip_update = 1;
1234 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1236 " its target '%s' (%s..%s)",
1237 cmd->ref_name,
1238 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1239 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1240 dst_cmd->ref_name,
1241 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1242 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1243 cmd->error_string = dst_cmd->error_string =
1245 "inconsistent aliased update";
1246}
1247static void check_aliased_updates(struct command *commands)
1249{
1250 struct command *cmd;
1251 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1252 for (cmd = commands; cmd; cmd = cmd->next) {
1254 struct string_list_item *item =
1255 string_list_append(&ref_list, cmd->ref_name);
1256 item->util = (void *)cmd;
1257 }
1258 string_list_sort(&ref_list);
1259 for (cmd = commands; cmd; cmd = cmd->next) {
1261 if (!cmd->error_string)
1262 check_aliased_update(cmd, &ref_list);
1263 }
1264 string_list_clear(&ref_list, 0);
1266}
1267static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1269{
1270 struct command **cmd_list = cb_data;
1271 struct command *cmd = *cmd_list;
1272 if (!cmd || is_null_sha1(cmd->new_sha1))
1274 return -1; /* end of list */
1275 *cmd_list = NULL; /* this returns only one */
1276 hashcpy(sha1, cmd->new_sha1);
1277 return 0;
1278}
1279static void set_connectivity_errors(struct command *commands,
1281 struct shallow_info *si)
1282{
1283 struct command *cmd;
1284 for (cmd = commands; cmd; cmd = cmd->next) {
1286 struct command *singleton = cmd;
1287 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1288 if (shallow_update && si->shallow_ref[cmd->index])
1290 /* to be checked in update_shallow_ref() */
1291 continue;
1292 opt.env = tmp_objdir_env(tmp_objdir);
1294 if (!check_connected(command_singleton_iterator, &singleton,
1295 &opt))
1296 continue;
1297 cmd->error_string = "missing necessary objects";
1299 }
1300}
1301struct iterate_data {
1303 struct command *cmds;
1304 struct shallow_info *si;
1305};
1306static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1308{
1309 struct iterate_data *data = cb_data;
1310 struct command **cmd_list = &data->cmds;
1311 struct command *cmd = *cmd_list;
1312 for (; cmd; cmd = cmd->next) {
1314 if (shallow_update && data->si->shallow_ref[cmd->index])
1315 /* to be checked in update_shallow_ref() */
1316 continue;
1317 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1318 hashcpy(sha1, cmd->new_sha1);
1319 *cmd_list = cmd->next;
1320 return 0;
1321 }
1322 }
1323 *cmd_list = NULL;
1324 return -1; /* end of list */
1325}
1326static void reject_updates_to_hidden(struct command *commands)
1328{
1329 struct strbuf refname_full = STRBUF_INIT;
1330 size_t prefix_len;
1331 struct command *cmd;
1332 strbuf_addstr(&refname_full, get_git_namespace());
1334 prefix_len = refname_full.len;
1335 for (cmd = commands; cmd; cmd = cmd->next) {
1337 if (cmd->error_string)
1338 continue;
1339 strbuf_setlen(&refname_full, prefix_len);
1341 strbuf_addstr(&refname_full, cmd->ref_name);
1342 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1344 continue;
1345 if (is_null_sha1(cmd->new_sha1))
1346 cmd->error_string = "deny deleting a hidden ref";
1347 else
1348 cmd->error_string = "deny updating a hidden ref";
1349 }
1350 strbuf_release(&refname_full);
1352}
1353static int should_process_cmd(struct command *cmd)
1355{
1356 return !cmd->error_string && !cmd->skip_update;
1357}
1358static void warn_if_skipped_connectivity_check(struct command *commands,
1360 struct shallow_info *si)
1361{
1362 struct command *cmd;
1363 int checked_connectivity = 1;
1364 for (cmd = commands; cmd; cmd = cmd->next) {
1366 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1367 error("BUG: connectivity check has not been run on ref %s",
1368 cmd->ref_name);
1369 checked_connectivity = 0;
1370 }
1371 }
1372 if (!checked_connectivity)
1373 die("BUG: connectivity check skipped???");
1374}
1375static void execute_commands_non_atomic(struct command *commands,
1377 struct shallow_info *si)
1378{
1379 struct command *cmd;
1380 struct strbuf err = STRBUF_INIT;
1381 for (cmd = commands; cmd; cmd = cmd->next) {
1383 if (!should_process_cmd(cmd))
1384 continue;
1385 transaction = ref_transaction_begin(&err);
1387 if (!transaction) {
1388 rp_error("%s", err.buf);
1389 strbuf_reset(&err);
1390 cmd->error_string = "transaction failed to start";
1391 continue;
1392 }
1393 cmd->error_string = update(cmd, si);
1395 if (!cmd->error_string
1397 && ref_transaction_commit(transaction, &err)) {
1398 rp_error("%s", err.buf);
1399 strbuf_reset(&err);
1400 cmd->error_string = "failed to update ref";
1401 }
1402 ref_transaction_free(transaction);
1403 }
1404 strbuf_release(&err);
1405}
1406static void execute_commands_atomic(struct command *commands,
1408 struct shallow_info *si)
1409{
1410 struct command *cmd;
1411 struct strbuf err = STRBUF_INIT;
1412 const char *reported_error = "atomic push failure";
1413 transaction = ref_transaction_begin(&err);
1415 if (!transaction) {
1416 rp_error("%s", err.buf);
1417 strbuf_reset(&err);
1418 reported_error = "transaction failed to start";
1419 goto failure;
1420 }
1421 for (cmd = commands; cmd; cmd = cmd->next) {
1423 if (!should_process_cmd(cmd))
1424 continue;
1425 cmd->error_string = update(cmd, si);
1427 if (cmd->error_string)
1429 goto failure;
1430 }
1431 if (ref_transaction_commit(transaction, &err)) {
1433 rp_error("%s", err.buf);
1434 reported_error = "atomic transaction failed";
1435 goto failure;
1436 }
1437 goto cleanup;
1438failure:
1440 for (cmd = commands; cmd; cmd = cmd->next)
1441 if (!cmd->error_string)
1442 cmd->error_string = reported_error;
1443cleanup:
1445 ref_transaction_free(transaction);
1446 strbuf_release(&err);
1447}
1448static void execute_commands(struct command *commands,
1450 const char *unpacker_error,
1451 struct shallow_info *si,
1452 const struct string_list *push_options)
1453{
1454 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1455 struct command *cmd;
1456 unsigned char sha1[20];
1457 struct iterate_data data;
1458 struct async muxer;
1459 int err_fd = 0;
1460 if (unpacker_error) {
1462 for (cmd = commands; cmd; cmd = cmd->next)
1463 cmd->error_string = "unpacker error";
1464 return;
1465 }
1466 if (use_sideband) {
1468 memset(&muxer, 0, sizeof(muxer));
1469 muxer.proc = copy_to_sideband;
1470 muxer.in = -1;
1471 if (!start_async(&muxer))
1472 err_fd = muxer.in;
1473 /* ...else, continue without relaying sideband */
1474 }
1475 data.cmds = commands;
1477 data.si = si;
1478 opt.err_fd = err_fd;
1479 opt.progress = err_fd && !quiet;
1480 opt.env = tmp_objdir_env(tmp_objdir);
1481 if (check_connected(iterate_receive_command_list, &data, &opt))
1482 set_connectivity_errors(commands, si);
1483 if (use_sideband)
1485 finish_async(&muxer);
1486 reject_updates_to_hidden(commands);
1488 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1490 for (cmd = commands; cmd; cmd = cmd->next) {
1491 if (!cmd->error_string)
1492 cmd->error_string = "pre-receive hook declined";
1493 }
1494 return;
1495 }
1496 /*
1498 * Now we'll start writing out refs, which means the objects need
1499 * to be in their final positions so that other processes can see them.
1500 */
1501 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1502 for (cmd = commands; cmd; cmd = cmd->next) {
1503 if (!cmd->error_string)
1504 cmd->error_string = "unable to migrate objects to permanent storage";
1505 }
1506 return;
1507 }
1508 tmp_objdir = NULL;
1509 check_aliased_updates(commands);
1511 free(head_name_to_free);
1513 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1514 if (use_atomic)
1516 execute_commands_atomic(commands, si);
1517 else
1518 execute_commands_non_atomic(commands, si);
1519 if (shallow_update)
1521 warn_if_skipped_connectivity_check(commands, si);
1522}
1523static struct command **queue_command(struct command **tail,
1525 const char *line,
1526 int linelen)
1527{
1528 unsigned char old_sha1[20], new_sha1[20];
1529 struct command *cmd;
1530 const char *refname;
1531 int reflen;
1532 if (linelen < 83 ||
1534 line[40] != ' ' ||
1535 line[81] != ' ' ||
1536 get_sha1_hex(line, old_sha1) ||
1537 get_sha1_hex(line + 41, new_sha1))
1538 die("protocol error: expected old/new/ref, got '%s'", line);
1539 refname = line + 82;
1541 reflen = linelen - 82;
1542 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1543 hashcpy(cmd->old_sha1, old_sha1);
1544 hashcpy(cmd->new_sha1, new_sha1);
1545 *tail = cmd;
1546 return &cmd->next;
1547}
1548static void queue_commands_from_cert(struct command **tail,
1550 struct strbuf *push_cert)
1551{
1552 const char *boc, *eoc;
1553 if (*tail)
1555 die("protocol error: got both push certificate and unsigned commands");
1556 boc = strstr(push_cert->buf, "\n\n");
1558 if (!boc)
1559 die("malformed push certificate %.*s", 100, push_cert->buf);
1560 else
1561 boc += 2;
1562 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1563 while (boc < eoc) {
1565 const char *eol = memchr(boc, '\n', eoc - boc);
1566 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1567 boc = eol ? eol + 1 : eoc;
1568 }
1569}
1570static struct command *read_head_info(struct sha1_array *shallow)
1572{
1573 struct command *commands = NULL;
1574 struct command **p = &commands;
1575 for (;;) {
1576 char *line;
1577 int len, linelen;
1578 line = packet_read_line(0, &len);
1580 if (!line)
1581 break;
1582 if (len == 48 && starts_with(line, "shallow ")) {
1584 unsigned char sha1[20];
1585 if (get_sha1_hex(line + 8, sha1))
1586 die("protocol error: expected shallow sha, got '%s'",
1587 line + 8);
1588 sha1_array_append(shallow, sha1);
1589 continue;
1590 }
1591 linelen = strlen(line);
1593 if (linelen < len) {
1594 const char *feature_list = line + linelen + 1;
1595 if (parse_feature_request(feature_list, "report-status"))
1596 report_status = 1;
1597 if (parse_feature_request(feature_list, "side-band-64k"))
1598 use_sideband = LARGE_PACKET_MAX;
1599 if (parse_feature_request(feature_list, "quiet"))
1600 quiet = 1;
1601 if (advertise_atomic_push
1602 && parse_feature_request(feature_list, "atomic"))
1603 use_atomic = 1;
1604 if (advertise_push_options
1605 && parse_feature_request(feature_list, "push-options"))
1606 use_push_options = 1;
1607 }
1608 if (!strcmp(line, "push-cert")) {
1610 int true_flush = 0;
1611 char certbuf[1024];
1612 for (;;) {
1614 len = packet_read(0, NULL, NULL,
1615 certbuf, sizeof(certbuf), 0);
1616 if (!len) {
1617 true_flush = 1;
1618 break;
1619 }
1620 if (!strcmp(certbuf, "push-cert-end\n"))
1621 break; /* end of cert */
1622 strbuf_addstr(&push_cert, certbuf);
1623 }
1624 if (true_flush)
1626 break;
1627 continue;
1628 }
1629 p = queue_command(p, line, linelen);
1631 }
1632 if (push_cert.len)
1634 queue_commands_from_cert(p, &push_cert);
1635 return commands;
1637}
1638static void read_push_options(struct string_list *options)
1640{
1641 while (1) {
1642 char *line;
1643 int len;
1644 line = packet_read_line(0, &len);
1646 if (!line)
1648 break;
1649 string_list_append(options, line);
1651 }
1652}
1653static const char *parse_pack_header(struct pack_header *hdr)
1655{
1656 switch (read_pack_header(0, hdr)) {
1657 case PH_ERROR_EOF:
1658 return "eof before pack header was fully read";
1659 case PH_ERROR_PACK_SIGNATURE:
1661 return "protocol error (pack signature mismatch detected)";
1662 case PH_ERROR_PROTOCOL:
1664 return "protocol error (pack version unsupported)";
1665 default:
1667 return "unknown error in parse_pack_header";
1668 case 0:
1670 return NULL;
1671 }
1672}
1673static const char *pack_lockfile;
1675static const char *unpack(int err_fd, struct shallow_info *si)
1677{
1678 struct pack_header hdr;
1679 const char *hdr_err;
1680 int status;
1681 char hdr_arg[38];
1682 struct child_process child = CHILD_PROCESS_INIT;
1683 int fsck_objects = (receive_fsck_objects >= 0
1684 ? receive_fsck_objects
1685 : transfer_fsck_objects >= 0
1686 ? transfer_fsck_objects
1687 : 0);
1688 hdr_err = parse_pack_header(&hdr);
1690 if (hdr_err) {
1691 if (err_fd > 0)
1692 close(err_fd);
1693 return hdr_err;
1694 }
1695 snprintf(hdr_arg, sizeof(hdr_arg),
1696 "--pack_header=%"PRIu32",%"PRIu32,
1697 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1698 if (si->nr_ours || si->nr_theirs) {
1700 alt_shallow_file = setup_temporary_shallow(si->shallow);
1701 argv_array_push(&child.args, "--shallow-file");
1702 argv_array_push(&child.args, alt_shallow_file);
1703 }
1704 tmp_objdir = tmp_objdir_create();
1706 if (!tmp_objdir) {
1707 if (err_fd > 0)
1708 close(err_fd);
1709 return "unable to create temporary object directory";
1710 }
1711 child.env = tmp_objdir_env(tmp_objdir);
1712 /*
1714 * Normally we just pass the tmp_objdir environment to the child
1715 * processes that do the heavy lifting, but we may need to see these
1716 * objects ourselves to set up shallow information.
1717 */
1718 tmp_objdir_add_as_alternate(tmp_objdir);
1719 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1721 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1722 if (quiet)
1723 argv_array_push(&child.args, "-q");
1724 if (fsck_objects)
1725 argv_array_pushf(&child.args, "--strict%s",
1726 fsck_msg_types.buf);
1727 if (max_input_size)
1728 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1729 (uintmax_t)max_input_size);
1730 child.no_stdout = 1;
1731 child.err = err_fd;
1732 child.git_cmd = 1;
1733 status = run_command(&child);
1734 if (status)
1735 return "unpack-objects abnormal exit";
1736 } else {
1737 char hostname[256];
1738 argv_array_pushl(&child.args, "index-pack",
1740 "--stdin", hdr_arg, NULL);
1741 if (gethostname(hostname, sizeof(hostname)))
1743 xsnprintf(hostname, sizeof(hostname), "localhost");
1744 argv_array_pushf(&child.args,
1745 "--keep=receive-pack %"PRIuMAX" on %s",
1746 (uintmax_t)getpid(),
1747 hostname);
1748 if (!quiet && err_fd)
1750 argv_array_push(&child.args, "--show-resolving-progress");
1751 if (use_sideband)
1752 argv_array_push(&child.args, "--report-end-of-input");
1753 if (fsck_objects)
1754 argv_array_pushf(&child.args, "--strict%s",
1755 fsck_msg_types.buf);
1756 if (!reject_thin)
1757 argv_array_push(&child.args, "--fix-thin");
1758 if (max_input_size)
1759 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1760 (uintmax_t)max_input_size);
1761 child.out = -1;
1762 child.err = err_fd;
1763 child.git_cmd = 1;
1764 status = start_command(&child);
1765 if (status)
1766 return "index-pack fork failed";
1767 pack_lockfile = index_pack_lockfile(child.out);
1768 close(child.out);
1769 status = finish_command(&child);
1770 if (status)
1771 return "index-pack abnormal exit";
1772 reprepare_packed_git();
1773 }
1774 return NULL;
1775}
1776static const char *unpack_with_sideband(struct shallow_info *si)
1778{
1779 struct async muxer;
1780 const char *ret;
1781 if (!use_sideband)
1783 return unpack(0, si);
1784 use_keepalive = KEEPALIVE_AFTER_NUL;
1786 memset(&muxer, 0, sizeof(muxer));
1787 muxer.proc = copy_to_sideband;
1788 muxer.in = -1;
1789 if (start_async(&muxer))
1790 return NULL;
1791 ret = unpack(muxer.in, si);
1793 finish_async(&muxer);
1795 return ret;
1796}
1797static void prepare_shallow_update(struct command *commands,
1799 struct shallow_info *si)
1800{
1801 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1802 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1804 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1805 si->need_reachability_test =
1807 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1808 si->reachable =
1809 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1810 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1811 for (i = 0; i < si->nr_ours; i++)
1813 si->need_reachability_test[si->ours[i]] = 1;
1814 for (i = 0; i < si->shallow->nr; i++) {
1816 if (!si->used_shallow[i])
1817 continue;
1818 for (j = 0; j < bitmap_size; j++) {
1819 if (!si->used_shallow[i][j])
1820 continue;
1821 si->need_reachability_test[i]++;
1822 for (k = 0; k < 32; k++)
1823 if (si->used_shallow[i][j] & (1U << k))
1824 si->shallow_ref[j * 32 + k]++;
1825 }
1826 /*
1828 * true for those associated with some refs and belong
1829 * in "ours" list aka "step 7 not done yet"
1830 */
1831 si->need_reachability_test[i] =
1832 si->need_reachability_test[i] > 1;
1833 }
1834 /*
1836 * keep hooks happy by forcing a temporary shallow file via
1837 * env variable because we can't add --shallow-file to every
1838 * command. check_everything_connected() will be done with
1839 * true .git/shallow though.
1840 */
1841 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1842}
1843static void update_shallow_info(struct command *commands,
1845 struct shallow_info *si,
1846 struct sha1_array *ref)
1847{
1848 struct command *cmd;
1849 int *ref_status;
1850 remove_nonexistent_theirs_shallow(si);
1851 if (!si->nr_ours && !si->nr_theirs) {
1852 shallow_update = 0;
1853 return;
1854 }
1855 for (cmd = commands; cmd; cmd = cmd->next) {
1857 if (is_null_sha1(cmd->new_sha1))
1858 continue;
1859 sha1_array_append(ref, cmd->new_sha1);
1860 cmd->index = ref->nr - 1;
1861 }
1862 si->ref = ref;
1863 if (shallow_update) {
1865 prepare_shallow_update(commands, si);
1866 return;
1867 }
1868 ALLOC_ARRAY(ref_status, ref->nr);
1870 assign_shallow_commits_to_refs(si, NULL, ref_status);
1871 for (cmd = commands; cmd; cmd = cmd->next) {
1872 if (is_null_sha1(cmd->new_sha1))
1873 continue;
1874 if (ref_status[cmd->index]) {
1875 cmd->error_string = "shallow update not allowed";
1876 cmd->skip_update = 1;
1877 }
1878 }
1879 free(ref_status);
1880}
1881static void report(struct command *commands, const char *unpack_status)
1883{
1884 struct command *cmd;
1885 struct strbuf buf = STRBUF_INIT;
1886 packet_buf_write(&buf, "unpack %s\n",
1888 unpack_status ? unpack_status : "ok");
1889 for (cmd = commands; cmd; cmd = cmd->next) {
1890 if (!cmd->error_string)
1891 packet_buf_write(&buf, "ok %s\n",
1892 cmd->ref_name);
1893 else
1894 packet_buf_write(&buf, "ng %s %s\n",
1895 cmd->ref_name, cmd->error_string);
1896 }
1897 packet_buf_flush(&buf);
1898 if (use_sideband)
1900 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1901 else
1902 write_or_die(1, buf.buf, buf.len);
1903 strbuf_release(&buf);
1904}
1905static int delete_only(struct command *commands)
1907{
1908 struct command *cmd;
1909 for (cmd = commands; cmd; cmd = cmd->next) {
1910 if (!is_null_sha1(cmd->new_sha1))
1911 return 0;
1912 }
1913 return 1;
1914}
1915int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1917{
1918 int advertise_refs = 0;
1919 struct command *commands;
1920 struct sha1_array shallow = SHA1_ARRAY_INIT;
1921 struct sha1_array ref = SHA1_ARRAY_INIT;
1922 struct shallow_info si;
1923 struct option options[] = {
1925 OPT__QUIET(&quiet, N_("quiet")),
1926 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1927 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1928 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1929 OPT_END()
1930 };
1931 packet_trace_identity("receive-pack");
1933 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1935 if (argc > 1)
1937 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1938 if (argc == 0)
1939 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1940 service_dir = argv[0];
1942 setup_path();
1944 if (!enter_repo(service_dir, 0))
1946 die("'%s' does not appear to be a git repository", service_dir);
1947 git_config(receive_pack_config, NULL);
1949 if (cert_nonce_seed)
1950 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1951 if (0 <= transfer_unpack_limit)
1953 unpack_limit = transfer_unpack_limit;
1954 else if (0 <= receive_unpack_limit)
1955 unpack_limit = receive_unpack_limit;
1956 if (advertise_refs || !stateless_rpc) {
1958 write_head_info();
1959 }
1960 if (advertise_refs)
1961 return 0;
1962 if ((commands = read_head_info(&shallow)) != NULL) {
1964 const char *unpack_status = NULL;
1965 struct string_list push_options = STRING_LIST_INIT_DUP;
1966 if (use_push_options)
1968 read_push_options(&push_options);
1969 if (!check_cert_push_options(&push_options)) {
1970 struct command *cmd;
1971 for (cmd = commands; cmd; cmd = cmd->next)
1972 cmd->error_string = "inconsistent push options";
1973 }
1974 prepare_shallow_info(&si, &shallow);
1976 if (!si.nr_ours && !si.nr_theirs)
1977 shallow_update = 0;
1978 if (!delete_only(commands)) {
1979 unpack_status = unpack_with_sideband(&si);
1980 update_shallow_info(commands, &si, &ref);
1981 }
1982 use_keepalive = KEEPALIVE_ALWAYS;
1983 execute_commands(commands, unpack_status, &si,
1984 &push_options);
1985 if (pack_lockfile)
1986 unlink_or_warn(pack_lockfile);
1987 if (report_status)
1988 report(commands, unpack_status);
1989 run_receive_hook(commands, "post-receive", 1,
1990 &push_options);
1991 run_update_post_hook(commands);
1992 string_list_clear(&push_options, 0);
1993 if (auto_gc) {
1994 const char *argv_gc_auto[] = {
1995 "gc", "--auto", "--quiet", NULL,
1996 };
1997 struct child_process proc = CHILD_PROCESS_INIT;
1998 proc.no_stdin = 1;
2000 proc.stdout_to_stderr = 1;
2001 proc.err = use_sideband ? -1 : 0;
2002 proc.git_cmd = 1;
2003 proc.argv = argv_gc_auto;
2004 close_all_packs();
2006 if (!start_command(&proc)) {
2007 if (use_sideband)
2008 copy_to_sideband(proc.err, -1, NULL);
2009 finish_command(&proc);
2010 }
2011 }
2012 if (auto_update_server_info)
2013 update_server_info(0);
2014 clear_shallow_info(&si);
2015 }
2016 if (use_sideband)
2017 packet_flush(1);
2018 sha1_array_clear(&shallow);
2019 sha1_array_clear(&ref);
2020 free((void *)push_cert_nonce);
2021 return 0;
2022}