1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24
25static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28};
29
30enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36};
37
38static int deny_deletes;
39static int deny_non_fast_forwards;
40static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42static int receive_fsck_objects = -1;
43static int transfer_fsck_objects = -1;
44static struct strbuf fsck_msg_types = STRBUF_INIT;
45static int receive_unpack_limit = -1;
46static int transfer_unpack_limit = -1;
47static int advertise_atomic_push = 1;
48static int advertise_push_options;
49static int unpack_limit = 100;
50static off_t max_input_size;
51static int report_status;
52static int use_sideband;
53static int use_atomic;
54static int use_push_options;
55static int quiet;
56static int prefer_ofs_delta = 1;
57static int auto_update_server_info;
58static int auto_gc = 1;
59static int reject_thin;
60static int stateless_rpc;
61static const char *service_dir;
62static const char *head_name;
63static void *head_name_to_free;
64static int sent_capabilities;
65static int shallow_update;
66static const char *alt_shallow_file;
67static struct strbuf push_cert = STRBUF_INIT;
68static unsigned char push_cert_sha1[20];
69static struct signature_check sigcheck;
70static const char *push_cert_nonce;
71static const char *cert_nonce_seed;
72
73static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74static const char *NONCE_BAD = "BAD";
75static const char *NONCE_MISSING = "MISSING";
76static const char *NONCE_OK = "OK";
77static const char *NONCE_SLOP = "SLOP";
78static const char *nonce_status;
79static long nonce_stamp_slop;
80static unsigned long nonce_stamp_slop_limit;
81static struct ref_transaction *transaction;
82
83static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87} use_keepalive;
88static int keepalive_in_sec = 5;
89
90static struct tmp_objdir *tmp_objdir;
91
92static enum deny_action parse_deny_action(const char *var, const char *value)
93{
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107}
108
109static int receive_pack_config(const char *var, const char *value, void *cb)
110{
111 int status = parse_hide_refs_config(var, value, "receive");
112
113 if (status)
114 return status;
115
116 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125
126 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138
139 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146
147 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155
156 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165
166 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198
199 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213
214 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218
219 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223
224 return git_default_config(var, value, cb);
225}
226
227static void show_ref(const char *path, const unsigned char *sha1)
228{
229 if (sent_capabilities) {
230 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233
234 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write_fmt(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250}
251
252static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254{
255 const char *path = strip_namespace(path_full);
256
257 if (ref_is_hidden(path, path_full))
258 return 0;
259
260 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272}
273
274static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275{
276 show_ref(".have", sha1);
277 return 0;
278}
279
280static void collect_one_alternate_ref(const struct ref *ref, void *data)
281{
282 struct sha1_array *sa = data;
283 sha1_array_append(sa, ref->old_oid.hash);
284}
285
286static void write_head_info(void)
287{
288 struct sha1_array sa = SHA1_ARRAY_INIT;
289
290 for_each_alternate_ref(collect_one_alternate_ref, &sa);
291 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
292 sha1_array_clear(&sa);
293 for_each_ref(show_ref_cb, NULL);
294 if (!sent_capabilities)
295 show_ref("capabilities^{}", null_sha1);
296
297 advertise_shallow_grafts(1);
298
299 /* EOF */
300 packet_flush(1);
301}
302
303struct command {
304 struct command *next;
305 const char *error_string;
306 unsigned int skip_update:1,
307 did_not_exist:1;
308 int index;
309 unsigned char old_sha1[20];
310 unsigned char new_sha1[20];
311 char ref_name[FLEX_ARRAY]; /* more */
312};
313
314static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
315static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
316
317static void report_message(const char *prefix, const char *err, va_list params)
318{
319 int sz;
320 char msg[4096];
321
322 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
323 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
324 if (sz > (sizeof(msg) - 1))
325 sz = sizeof(msg) - 1;
326 msg[sz++] = '\n';
327
328 if (use_sideband)
329 send_sideband(1, 2, msg, sz, use_sideband);
330 else
331 xwrite(2, msg, sz);
332}
333
334static void rp_warning(const char *err, ...)
335{
336 va_list params;
337 va_start(params, err);
338 report_message("warning: ", err, params);
339 va_end(params);
340}
341
342static void rp_error(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("error: ", err, params);
347 va_end(params);
348}
349
350static int copy_to_sideband(int in, int out, void *arg)
351{
352 char data[128];
353 int keepalive_active = 0;
354
355 if (keepalive_in_sec <= 0)
356 use_keepalive = KEEPALIVE_NEVER;
357 if (use_keepalive == KEEPALIVE_ALWAYS)
358 keepalive_active = 1;
359
360 while (1) {
361 ssize_t sz;
362
363 if (keepalive_active) {
364 struct pollfd pfd;
365 int ret;
366
367 pfd.fd = in;
368 pfd.events = POLLIN;
369 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
370
371 if (ret < 0) {
372 if (errno == EINTR)
373 continue;
374 else
375 break;
376 } else if (ret == 0) {
377 /* no data; send a keepalive packet */
378 static const char buf[] = "0005\1";
379 write_or_die(1, buf, sizeof(buf) - 1);
380 continue;
381 } /* else there is actual data to read */
382 }
383
384 sz = xread(in, data, sizeof(data));
385 if (sz <= 0)
386 break;
387
388 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
389 const char *p = memchr(data, '\0', sz);
390 if (p) {
391 /*
392 * The NUL tells us to start sending keepalives. Make
393 * sure we send any other data we read along
394 * with it.
395 */
396 keepalive_active = 1;
397 send_sideband(1, 2, data, p - data, use_sideband);
398 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
399 continue;
400 }
401 }
402
403 /*
404 * Either we're not looking for a NUL signal, or we didn't see
405 * it yet; just pass along the data.
406 */
407 send_sideband(1, 2, data, sz, use_sideband);
408 }
409 close(in);
410 return 0;
411}
412
413#define HMAC_BLOCK_SIZE 64
414
415static void hmac_sha1(unsigned char *out,
416 const char *key_in, size_t key_len,
417 const char *text, size_t text_len)
418{
419 unsigned char key[HMAC_BLOCK_SIZE];
420 unsigned char k_ipad[HMAC_BLOCK_SIZE];
421 unsigned char k_opad[HMAC_BLOCK_SIZE];
422 int i;
423 git_SHA_CTX ctx;
424
425 /* RFC 2104 2. (1) */
426 memset(key, '\0', HMAC_BLOCK_SIZE);
427 if (HMAC_BLOCK_SIZE < key_len) {
428 git_SHA1_Init(&ctx);
429 git_SHA1_Update(&ctx, key_in, key_len);
430 git_SHA1_Final(key, &ctx);
431 } else {
432 memcpy(key, key_in, key_len);
433 }
434
435 /* RFC 2104 2. (2) & (5) */
436 for (i = 0; i < sizeof(key); i++) {
437 k_ipad[i] = key[i] ^ 0x36;
438 k_opad[i] = key[i] ^ 0x5c;
439 }
440
441 /* RFC 2104 2. (3) & (4) */
442 git_SHA1_Init(&ctx);
443 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
444 git_SHA1_Update(&ctx, text, text_len);
445 git_SHA1_Final(out, &ctx);
446
447 /* RFC 2104 2. (6) & (7) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
450 git_SHA1_Update(&ctx, out, 20);
451 git_SHA1_Final(out, &ctx);
452}
453
454static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
455{
456 struct strbuf buf = STRBUF_INIT;
457 unsigned char sha1[20];
458
459 strbuf_addf(&buf, "%s:%lu", path, stamp);
460 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
461 strbuf_release(&buf);
462
463 /* RFC 2104 5. HMAC-SHA1-80 */
464 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
465 return strbuf_detach(&buf, NULL);
466}
467
468/*
469 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
470 * after dropping "_commit" from its name and possibly moving it out
471 * of commit.c
472 */
473static char *find_header(const char *msg, size_t len, const char *key,
474 const char **next_line)
475{
476 int key_len = strlen(key);
477 const char *line = msg;
478
479 while (line && line < msg + len) {
480 const char *eol = strchrnul(line, '\n');
481
482 if ((msg + len <= eol) || line == eol)
483 return NULL;
484 if (line + key_len < eol &&
485 !memcmp(line, key, key_len) && line[key_len] == ' ') {
486 int offset = key_len + 1;
487 if (next_line)
488 *next_line = *eol ? eol + 1 : eol;
489 return xmemdupz(line + offset, (eol - line) - offset);
490 }
491 line = *eol ? eol + 1 : NULL;
492 }
493 return NULL;
494}
495
496static const char *check_nonce(const char *buf, size_t len)
497{
498 char *nonce = find_header(buf, len, "nonce", NULL);
499 unsigned long stamp, ostamp;
500 char *bohmac, *expect = NULL;
501 const char *retval = NONCE_BAD;
502
503 if (!nonce) {
504 retval = NONCE_MISSING;
505 goto leave;
506 } else if (!push_cert_nonce) {
507 retval = NONCE_UNSOLICITED;
508 goto leave;
509 } else if (!strcmp(push_cert_nonce, nonce)) {
510 retval = NONCE_OK;
511 goto leave;
512 }
513
514 if (!stateless_rpc) {
515 /* returned nonce MUST match what we gave out earlier */
516 retval = NONCE_BAD;
517 goto leave;
518 }
519
520 /*
521 * In stateless mode, we may be receiving a nonce issued by
522 * another instance of the server that serving the same
523 * repository, and the timestamps may not match, but the
524 * nonce-seed and dir should match, so we can recompute and
525 * report the time slop.
526 *
527 * In addition, when a nonce issued by another instance has
528 * timestamp within receive.certnonceslop seconds, we pretend
529 * as if we issued that nonce when reporting to the hook.
530 */
531
532 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
533 if (*nonce <= '0' || '9' < *nonce) {
534 retval = NONCE_BAD;
535 goto leave;
536 }
537 stamp = strtoul(nonce, &bohmac, 10);
538 if (bohmac == nonce || bohmac[0] != '-') {
539 retval = NONCE_BAD;
540 goto leave;
541 }
542
543 expect = prepare_push_cert_nonce(service_dir, stamp);
544 if (strcmp(expect, nonce)) {
545 /* Not what we would have signed earlier */
546 retval = NONCE_BAD;
547 goto leave;
548 }
549
550 /*
551 * By how many seconds is this nonce stale? Negative value
552 * would mean it was issued by another server with its clock
553 * skewed in the future.
554 */
555 ostamp = strtoul(push_cert_nonce, NULL, 10);
556 nonce_stamp_slop = (long)ostamp - (long)stamp;
557
558 if (nonce_stamp_slop_limit &&
559 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
560 /*
561 * Pretend as if the received nonce (which passes the
562 * HMAC check, so it is not a forged by third-party)
563 * is what we issued.
564 */
565 free((void *)push_cert_nonce);
566 push_cert_nonce = xstrdup(nonce);
567 retval = NONCE_OK;
568 } else {
569 retval = NONCE_SLOP;
570 }
571
572leave:
573 free(nonce);
574 free(expect);
575 return retval;
576}
577
578/*
579 * Return 1 if there is no push_cert or if the push options in push_cert are
580 * the same as those in the argument; 0 otherwise.
581 */
582static int check_cert_push_options(const struct string_list *push_options)
583{
584 const char *buf = push_cert.buf;
585 int len = push_cert.len;
586
587 char *option;
588 const char *next_line;
589 int options_seen = 0;
590
591 int retval = 1;
592
593 if (!len)
594 return 1;
595
596 while ((option = find_header(buf, len, "push-option", &next_line))) {
597 len -= (next_line - buf);
598 buf = next_line;
599 options_seen++;
600 if (options_seen > push_options->nr
601 || strcmp(option,
602 push_options->items[options_seen - 1].string)) {
603 retval = 0;
604 goto leave;
605 }
606 free(option);
607 }
608
609 if (options_seen != push_options->nr)
610 retval = 0;
611
612leave:
613 free(option);
614 return retval;
615}
616
617static void prepare_push_cert_sha1(struct child_process *proc)
618{
619 static int already_done;
620
621 if (!push_cert.len)
622 return;
623
624 if (!already_done) {
625 struct strbuf gpg_output = STRBUF_INIT;
626 struct strbuf gpg_status = STRBUF_INIT;
627 int bogs /* beginning_of_gpg_sig */;
628
629 already_done = 1;
630 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
631 hashclr(push_cert_sha1);
632
633 memset(&sigcheck, '\0', sizeof(sigcheck));
634 sigcheck.result = 'N';
635
636 bogs = parse_signature(push_cert.buf, push_cert.len);
637 if (verify_signed_buffer(push_cert.buf, bogs,
638 push_cert.buf + bogs, push_cert.len - bogs,
639 &gpg_output, &gpg_status) < 0) {
640 ; /* error running gpg */
641 } else {
642 sigcheck.payload = push_cert.buf;
643 sigcheck.gpg_output = gpg_output.buf;
644 sigcheck.gpg_status = gpg_status.buf;
645 parse_gpg_output(&sigcheck);
646 }
647
648 strbuf_release(&gpg_output);
649 strbuf_release(&gpg_status);
650 nonce_status = check_nonce(push_cert.buf, bogs);
651 }
652 if (!is_null_sha1(push_cert_sha1)) {
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
654 sha1_to_hex(push_cert_sha1));
655 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
656 sigcheck.signer ? sigcheck.signer : "");
657 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
658 sigcheck.key ? sigcheck.key : "");
659 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
660 sigcheck.result);
661 if (push_cert_nonce) {
662 argv_array_pushf(&proc->env_array,
663 "GIT_PUSH_CERT_NONCE=%s",
664 push_cert_nonce);
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE_STATUS=%s",
667 nonce_status);
668 if (nonce_status == NONCE_SLOP)
669 argv_array_pushf(&proc->env_array,
670 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
671 nonce_stamp_slop);
672 }
673 }
674}
675
676struct receive_hook_feed_state {
677 struct command *cmd;
678 int skip_broken;
679 struct strbuf buf;
680 const struct string_list *push_options;
681};
682
683typedef int (*feed_fn)(void *, const char **, size_t *);
684static int run_and_feed_hook(const char *hook_name, feed_fn feed,
685 struct receive_hook_feed_state *feed_state)
686{
687 struct child_process proc = CHILD_PROCESS_INIT;
688 struct async muxer;
689 const char *argv[2];
690 int code;
691
692 argv[0] = find_hook(hook_name);
693 if (!argv[0])
694 return 0;
695
696 argv[1] = NULL;
697
698 proc.argv = argv;
699 proc.in = -1;
700 proc.stdout_to_stderr = 1;
701 if (feed_state->push_options) {
702 int i;
703 for (i = 0; i < feed_state->push_options->nr; i++)
704 argv_array_pushf(&proc.env_array,
705 "GIT_PUSH_OPTION_%d=%s", i,
706 feed_state->push_options->items[i].string);
707 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
708 feed_state->push_options->nr);
709 } else
710 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
711
712 if (tmp_objdir)
713 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
714
715 if (use_sideband) {
716 memset(&muxer, 0, sizeof(muxer));
717 muxer.proc = copy_to_sideband;
718 muxer.in = -1;
719 code = start_async(&muxer);
720 if (code)
721 return code;
722 proc.err = muxer.in;
723 }
724
725 prepare_push_cert_sha1(&proc);
726
727 code = start_command(&proc);
728 if (code) {
729 if (use_sideband)
730 finish_async(&muxer);
731 return code;
732 }
733
734 sigchain_push(SIGPIPE, SIG_IGN);
735
736 while (1) {
737 const char *buf;
738 size_t n;
739 if (feed(feed_state, &buf, &n))
740 break;
741 if (write_in_full(proc.in, buf, n) != n)
742 break;
743 }
744 close(proc.in);
745 if (use_sideband)
746 finish_async(&muxer);
747
748 sigchain_pop(SIGPIPE);
749
750 return finish_command(&proc);
751}
752
753static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
754{
755 struct receive_hook_feed_state *state = state_;
756 struct command *cmd = state->cmd;
757
758 while (cmd &&
759 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
760 cmd = cmd->next;
761 if (!cmd)
762 return -1; /* EOF */
763 strbuf_reset(&state->buf);
764 strbuf_addf(&state->buf, "%s %s %s\n",
765 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
766 cmd->ref_name);
767 state->cmd = cmd->next;
768 if (bufp) {
769 *bufp = state->buf.buf;
770 *sizep = state->buf.len;
771 }
772 return 0;
773}
774
775static int run_receive_hook(struct command *commands,
776 const char *hook_name,
777 int skip_broken,
778 const struct string_list *push_options)
779{
780 struct receive_hook_feed_state state;
781 int status;
782
783 strbuf_init(&state.buf, 0);
784 state.cmd = commands;
785 state.skip_broken = skip_broken;
786 if (feed_receive_hook(&state, NULL, NULL))
787 return 0;
788 state.cmd = commands;
789 state.push_options = push_options;
790 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
791 strbuf_release(&state.buf);
792 return status;
793}
794
795static int run_update_hook(struct command *cmd)
796{
797 const char *argv[5];
798 struct child_process proc = CHILD_PROCESS_INIT;
799 int code;
800
801 argv[0] = find_hook("update");
802 if (!argv[0])
803 return 0;
804
805 argv[1] = cmd->ref_name;
806 argv[2] = sha1_to_hex(cmd->old_sha1);
807 argv[3] = sha1_to_hex(cmd->new_sha1);
808 argv[4] = NULL;
809
810 proc.no_stdin = 1;
811 proc.stdout_to_stderr = 1;
812 proc.err = use_sideband ? -1 : 0;
813 proc.argv = argv;
814 proc.env = tmp_objdir_env(tmp_objdir);
815
816 code = start_command(&proc);
817 if (code)
818 return code;
819 if (use_sideband)
820 copy_to_sideband(proc.err, -1, NULL);
821 return finish_command(&proc);
822}
823
824static int is_ref_checked_out(const char *ref)
825{
826 if (is_bare_repository())
827 return 0;
828
829 if (!head_name)
830 return 0;
831 return !strcmp(head_name, ref);
832}
833
834static char *refuse_unconfigured_deny_msg =
835 N_("By default, updating the current branch in a non-bare repository\n"
836 "is denied, because it will make the index and work tree inconsistent\n"
837 "with what you pushed, and will require 'git reset --hard' to match\n"
838 "the work tree to HEAD.\n"
839 "\n"
840 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
841 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
842 "its current branch; however, this is not recommended unless you\n"
843 "arranged to update its work tree to match what you pushed in some\n"
844 "other way.\n"
845 "\n"
846 "To squelch this message and still keep the default behaviour, set\n"
847 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
848
849static void refuse_unconfigured_deny(void)
850{
851 rp_error("%s", _(refuse_unconfigured_deny_msg));
852}
853
854static char *refuse_unconfigured_deny_delete_current_msg =
855 N_("By default, deleting the current branch is denied, because the next\n"
856 "'git clone' won't result in any file checked out, causing confusion.\n"
857 "\n"
858 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
859 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
860 "current branch, with or without a warning message.\n"
861 "\n"
862 "To squelch this message, you can set it to 'refuse'.");
863
864static void refuse_unconfigured_deny_delete_current(void)
865{
866 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
867}
868
869static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
870static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
871{
872 static struct lock_file shallow_lock;
873 struct sha1_array extra = SHA1_ARRAY_INIT;
874 struct check_connected_options opt = CHECK_CONNECTED_INIT;
875 uint32_t mask = 1 << (cmd->index % 32);
876 int i;
877
878 trace_printf_key(&trace_shallow,
879 "shallow: update_shallow_ref %s\n", cmd->ref_name);
880 for (i = 0; i < si->shallow->nr; i++)
881 if (si->used_shallow[i] &&
882 (si->used_shallow[i][cmd->index / 32] & mask) &&
883 !delayed_reachability_test(si, i))
884 sha1_array_append(&extra, si->shallow->sha1[i]);
885
886 opt.env = tmp_objdir_env(tmp_objdir);
887 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
888 if (check_connected(command_singleton_iterator, cmd, &opt)) {
889 rollback_lock_file(&shallow_lock);
890 sha1_array_clear(&extra);
891 return -1;
892 }
893
894 commit_lock_file(&shallow_lock);
895
896 /*
897 * Make sure setup_alternate_shallow() for the next ref does
898 * not lose these new roots..
899 */
900 for (i = 0; i < extra.nr; i++)
901 register_shallow(extra.sha1[i]);
902
903 si->shallow_ref[cmd->index] = 0;
904 sha1_array_clear(&extra);
905 return 0;
906}
907
908/*
909 * NEEDSWORK: we should consolidate various implementions of "are we
910 * on an unborn branch?" test into one, and make the unified one more
911 * robust. !get_sha1() based check used here and elsewhere would not
912 * allow us to tell an unborn branch from corrupt ref, for example.
913 * For the purpose of fixing "deploy-to-update does not work when
914 * pushing into an empty repository" issue, this should suffice for
915 * now.
916 */
917static int head_has_history(void)
918{
919 unsigned char sha1[20];
920
921 return !get_sha1("HEAD", sha1);
922}
923
924static const char *push_to_deploy(unsigned char *sha1,
925 struct argv_array *env,
926 const char *work_tree)
927{
928 const char *update_refresh[] = {
929 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
930 };
931 const char *diff_files[] = {
932 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
933 };
934 const char *diff_index[] = {
935 "diff-index", "--quiet", "--cached", "--ignore-submodules",
936 NULL, "--", NULL
937 };
938 const char *read_tree[] = {
939 "read-tree", "-u", "-m", NULL, NULL
940 };
941 struct child_process child = CHILD_PROCESS_INIT;
942
943 child.argv = update_refresh;
944 child.env = env->argv;
945 child.dir = work_tree;
946 child.no_stdin = 1;
947 child.stdout_to_stderr = 1;
948 child.git_cmd = 1;
949 if (run_command(&child))
950 return "Up-to-date check failed";
951
952 /* run_command() does not clean up completely; reinitialize */
953 child_process_init(&child);
954 child.argv = diff_files;
955 child.env = env->argv;
956 child.dir = work_tree;
957 child.no_stdin = 1;
958 child.stdout_to_stderr = 1;
959 child.git_cmd = 1;
960 if (run_command(&child))
961 return "Working directory has unstaged changes";
962
963 /* diff-index with either HEAD or an empty tree */
964 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
965
966 child_process_init(&child);
967 child.argv = diff_index;
968 child.env = env->argv;
969 child.no_stdin = 1;
970 child.no_stdout = 1;
971 child.stdout_to_stderr = 0;
972 child.git_cmd = 1;
973 if (run_command(&child))
974 return "Working directory has staged changes";
975
976 read_tree[3] = sha1_to_hex(sha1);
977 child_process_init(&child);
978 child.argv = read_tree;
979 child.env = env->argv;
980 child.dir = work_tree;
981 child.no_stdin = 1;
982 child.no_stdout = 1;
983 child.stdout_to_stderr = 0;
984 child.git_cmd = 1;
985 if (run_command(&child))
986 return "Could not update working tree to new HEAD";
987
988 return NULL;
989}
990
991static const char *push_to_checkout_hook = "push-to-checkout";
992
993static const char *push_to_checkout(unsigned char *sha1,
994 struct argv_array *env,
995 const char *work_tree)
996{
997 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
998 if (run_hook_le(env->argv, push_to_checkout_hook,
999 sha1_to_hex(sha1), NULL))
1000 return "push-to-checkout hook declined";
1001 else
1002 return NULL;
1003}
1004
1005static const char *update_worktree(unsigned char *sha1)
1006{
1007 const char *retval;
1008 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1009 struct argv_array env = ARGV_ARRAY_INIT;
1010
1011 if (is_bare_repository())
1012 return "denyCurrentBranch = updateInstead needs a worktree";
1013
1014 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1015
1016 if (!find_hook(push_to_checkout_hook))
1017 retval = push_to_deploy(sha1, &env, work_tree);
1018 else
1019 retval = push_to_checkout(sha1, &env, work_tree);
1020
1021 argv_array_clear(&env);
1022 return retval;
1023}
1024
1025static const char *update(struct command *cmd, struct shallow_info *si)
1026{
1027 const char *name = cmd->ref_name;
1028 struct strbuf namespaced_name_buf = STRBUF_INIT;
1029 const char *namespaced_name, *ret;
1030 unsigned char *old_sha1 = cmd->old_sha1;
1031 unsigned char *new_sha1 = cmd->new_sha1;
1032
1033 /* only refs/... are allowed */
1034 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1035 rp_error("refusing to create funny ref '%s' remotely", name);
1036 return "funny refname";
1037 }
1038
1039 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1040 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1041
1042 if (is_ref_checked_out(namespaced_name)) {
1043 switch (deny_current_branch) {
1044 case DENY_IGNORE:
1045 break;
1046 case DENY_WARN:
1047 rp_warning("updating the current branch");
1048 break;
1049 case DENY_REFUSE:
1050 case DENY_UNCONFIGURED:
1051 rp_error("refusing to update checked out branch: %s", name);
1052 if (deny_current_branch == DENY_UNCONFIGURED)
1053 refuse_unconfigured_deny();
1054 return "branch is currently checked out";
1055 case DENY_UPDATE_INSTEAD:
1056 ret = update_worktree(new_sha1);
1057 if (ret)
1058 return ret;
1059 break;
1060 }
1061 }
1062
1063 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1064 error("unpack should have generated %s, "
1065 "but I can't find it!", sha1_to_hex(new_sha1));
1066 return "bad pack";
1067 }
1068
1069 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1070 if (deny_deletes && starts_with(name, "refs/heads/")) {
1071 rp_error("denying ref deletion for %s", name);
1072 return "deletion prohibited";
1073 }
1074
1075 if (head_name && !strcmp(namespaced_name, head_name)) {
1076 switch (deny_delete_current) {
1077 case DENY_IGNORE:
1078 break;
1079 case DENY_WARN:
1080 rp_warning("deleting the current branch");
1081 break;
1082 case DENY_REFUSE:
1083 case DENY_UNCONFIGURED:
1084 case DENY_UPDATE_INSTEAD:
1085 if (deny_delete_current == DENY_UNCONFIGURED)
1086 refuse_unconfigured_deny_delete_current();
1087 rp_error("refusing to delete the current branch: %s", name);
1088 return "deletion of the current branch prohibited";
1089 default:
1090 return "Invalid denyDeleteCurrent setting";
1091 }
1092 }
1093 }
1094
1095 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1096 !is_null_sha1(old_sha1) &&
1097 starts_with(name, "refs/heads/")) {
1098 struct object *old_object, *new_object;
1099 struct commit *old_commit, *new_commit;
1100
1101 old_object = parse_object(old_sha1);
1102 new_object = parse_object(new_sha1);
1103
1104 if (!old_object || !new_object ||
1105 old_object->type != OBJ_COMMIT ||
1106 new_object->type != OBJ_COMMIT) {
1107 error("bad sha1 objects for %s", name);
1108 return "bad ref";
1109 }
1110 old_commit = (struct commit *)old_object;
1111 new_commit = (struct commit *)new_object;
1112 if (!in_merge_bases(old_commit, new_commit)) {
1113 rp_error("denying non-fast-forward %s"
1114 " (you should pull first)", name);
1115 return "non-fast-forward";
1116 }
1117 }
1118 if (run_update_hook(cmd)) {
1119 rp_error("hook declined to update %s", name);
1120 return "hook declined";
1121 }
1122
1123 if (is_null_sha1(new_sha1)) {
1124 struct strbuf err = STRBUF_INIT;
1125 if (!parse_object(old_sha1)) {
1126 old_sha1 = NULL;
1127 if (ref_exists(name)) {
1128 rp_warning("Allowing deletion of corrupt ref.");
1129 } else {
1130 rp_warning("Deleting a non-existent ref.");
1131 cmd->did_not_exist = 1;
1132 }
1133 }
1134 if (ref_transaction_delete(transaction,
1135 namespaced_name,
1136 old_sha1,
1137 0, "push", &err)) {
1138 rp_error("%s", err.buf);
1139 strbuf_release(&err);
1140 return "failed to delete";
1141 }
1142 strbuf_release(&err);
1143 return NULL; /* good */
1144 }
1145 else {
1146 struct strbuf err = STRBUF_INIT;
1147 if (shallow_update && si->shallow_ref[cmd->index] &&
1148 update_shallow_ref(cmd, si))
1149 return "shallow error";
1150
1151 if (ref_transaction_update(transaction,
1152 namespaced_name,
1153 new_sha1, old_sha1,
1154 0, "push",
1155 &err)) {
1156 rp_error("%s", err.buf);
1157 strbuf_release(&err);
1158
1159 return "failed to update ref";
1160 }
1161 strbuf_release(&err);
1162
1163 return NULL; /* good */
1164 }
1165}
1166
1167static void run_update_post_hook(struct command *commands)
1168{
1169 struct command *cmd;
1170 struct child_process proc = CHILD_PROCESS_INIT;
1171 const char *hook;
1172
1173 hook = find_hook("post-update");
1174 if (!hook)
1175 return;
1176
1177 for (cmd = commands; cmd; cmd = cmd->next) {
1178 if (cmd->error_string || cmd->did_not_exist)
1179 continue;
1180 if (!proc.args.argc)
1181 argv_array_push(&proc.args, hook);
1182 argv_array_push(&proc.args, cmd->ref_name);
1183 }
1184 if (!proc.args.argc)
1185 return;
1186
1187 proc.no_stdin = 1;
1188 proc.stdout_to_stderr = 1;
1189 proc.err = use_sideband ? -1 : 0;
1190
1191 if (!start_command(&proc)) {
1192 if (use_sideband)
1193 copy_to_sideband(proc.err, -1, NULL);
1194 finish_command(&proc);
1195 }
1196}
1197
1198static void check_aliased_update(struct command *cmd, struct string_list *list)
1199{
1200 struct strbuf buf = STRBUF_INIT;
1201 const char *dst_name;
1202 struct string_list_item *item;
1203 struct command *dst_cmd;
1204 unsigned char sha1[GIT_SHA1_RAWSZ];
1205 int flag;
1206
1207 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1208 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1209 strbuf_release(&buf);
1210
1211 if (!(flag & REF_ISSYMREF))
1212 return;
1213
1214 if (!dst_name) {
1215 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1216 cmd->skip_update = 1;
1217 cmd->error_string = "broken symref";
1218 return;
1219 }
1220 dst_name = strip_namespace(dst_name);
1221
1222 if ((item = string_list_lookup(list, dst_name)) == NULL)
1223 return;
1224
1225 cmd->skip_update = 1;
1226
1227 dst_cmd = (struct command *) item->util;
1228
1229 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1230 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1231 return;
1232
1233 dst_cmd->skip_update = 1;
1234
1235 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1236 " its target '%s' (%s..%s)",
1237 cmd->ref_name,
1238 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1239 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1240 dst_cmd->ref_name,
1241 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1242 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1243
1244 cmd->error_string = dst_cmd->error_string =
1245 "inconsistent aliased update";
1246}
1247
1248static void check_aliased_updates(struct command *commands)
1249{
1250 struct command *cmd;
1251 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1252
1253 for (cmd = commands; cmd; cmd = cmd->next) {
1254 struct string_list_item *item =
1255 string_list_append(&ref_list, cmd->ref_name);
1256 item->util = (void *)cmd;
1257 }
1258 string_list_sort(&ref_list);
1259
1260 for (cmd = commands; cmd; cmd = cmd->next) {
1261 if (!cmd->error_string)
1262 check_aliased_update(cmd, &ref_list);
1263 }
1264
1265 string_list_clear(&ref_list, 0);
1266}
1267
1268static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1269{
1270 struct command **cmd_list = cb_data;
1271 struct command *cmd = *cmd_list;
1272
1273 if (!cmd || is_null_sha1(cmd->new_sha1))
1274 return -1; /* end of list */
1275 *cmd_list = NULL; /* this returns only one */
1276 hashcpy(sha1, cmd->new_sha1);
1277 return 0;
1278}
1279
1280static void set_connectivity_errors(struct command *commands,
1281 struct shallow_info *si)
1282{
1283 struct command *cmd;
1284
1285 for (cmd = commands; cmd; cmd = cmd->next) {
1286 struct command *singleton = cmd;
1287 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1288
1289 if (shallow_update && si->shallow_ref[cmd->index])
1290 /* to be checked in update_shallow_ref() */
1291 continue;
1292
1293 opt.env = tmp_objdir_env(tmp_objdir);
1294 if (!check_connected(command_singleton_iterator, &singleton,
1295 &opt))
1296 continue;
1297
1298 cmd->error_string = "missing necessary objects";
1299 }
1300}
1301
1302struct iterate_data {
1303 struct command *cmds;
1304 struct shallow_info *si;
1305};
1306
1307static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1308{
1309 struct iterate_data *data = cb_data;
1310 struct command **cmd_list = &data->cmds;
1311 struct command *cmd = *cmd_list;
1312
1313 for (; cmd; cmd = cmd->next) {
1314 if (shallow_update && data->si->shallow_ref[cmd->index])
1315 /* to be checked in update_shallow_ref() */
1316 continue;
1317 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1318 hashcpy(sha1, cmd->new_sha1);
1319 *cmd_list = cmd->next;
1320 return 0;
1321 }
1322 }
1323 *cmd_list = NULL;
1324 return -1; /* end of list */
1325}
1326
1327static void reject_updates_to_hidden(struct command *commands)
1328{
1329 struct strbuf refname_full = STRBUF_INIT;
1330 size_t prefix_len;
1331 struct command *cmd;
1332
1333 strbuf_addstr(&refname_full, get_git_namespace());
1334 prefix_len = refname_full.len;
1335
1336 for (cmd = commands; cmd; cmd = cmd->next) {
1337 if (cmd->error_string)
1338 continue;
1339
1340 strbuf_setlen(&refname_full, prefix_len);
1341 strbuf_addstr(&refname_full, cmd->ref_name);
1342
1343 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1344 continue;
1345 if (is_null_sha1(cmd->new_sha1))
1346 cmd->error_string = "deny deleting a hidden ref";
1347 else
1348 cmd->error_string = "deny updating a hidden ref";
1349 }
1350
1351 strbuf_release(&refname_full);
1352}
1353
1354static int should_process_cmd(struct command *cmd)
1355{
1356 return !cmd->error_string && !cmd->skip_update;
1357}
1358
1359static void warn_if_skipped_connectivity_check(struct command *commands,
1360 struct shallow_info *si)
1361{
1362 struct command *cmd;
1363 int checked_connectivity = 1;
1364
1365 for (cmd = commands; cmd; cmd = cmd->next) {
1366 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1367 error("BUG: connectivity check has not been run on ref %s",
1368 cmd->ref_name);
1369 checked_connectivity = 0;
1370 }
1371 }
1372 if (!checked_connectivity)
1373 die("BUG: connectivity check skipped???");
1374}
1375
1376static void execute_commands_non_atomic(struct command *commands,
1377 struct shallow_info *si)
1378{
1379 struct command *cmd;
1380 struct strbuf err = STRBUF_INIT;
1381
1382 for (cmd = commands; cmd; cmd = cmd->next) {
1383 if (!should_process_cmd(cmd))
1384 continue;
1385
1386 transaction = ref_transaction_begin(&err);
1387 if (!transaction) {
1388 rp_error("%s", err.buf);
1389 strbuf_reset(&err);
1390 cmd->error_string = "transaction failed to start";
1391 continue;
1392 }
1393
1394 cmd->error_string = update(cmd, si);
1395
1396 if (!cmd->error_string
1397 && ref_transaction_commit(transaction, &err)) {
1398 rp_error("%s", err.buf);
1399 strbuf_reset(&err);
1400 cmd->error_string = "failed to update ref";
1401 }
1402 ref_transaction_free(transaction);
1403 }
1404 strbuf_release(&err);
1405}
1406
1407static void execute_commands_atomic(struct command *commands,
1408 struct shallow_info *si)
1409{
1410 struct command *cmd;
1411 struct strbuf err = STRBUF_INIT;
1412 const char *reported_error = "atomic push failure";
1413
1414 transaction = ref_transaction_begin(&err);
1415 if (!transaction) {
1416 rp_error("%s", err.buf);
1417 strbuf_reset(&err);
1418 reported_error = "transaction failed to start";
1419 goto failure;
1420 }
1421
1422 for (cmd = commands; cmd; cmd = cmd->next) {
1423 if (!should_process_cmd(cmd))
1424 continue;
1425
1426 cmd->error_string = update(cmd, si);
1427
1428 if (cmd->error_string)
1429 goto failure;
1430 }
1431
1432 if (ref_transaction_commit(transaction, &err)) {
1433 rp_error("%s", err.buf);
1434 reported_error = "atomic transaction failed";
1435 goto failure;
1436 }
1437 goto cleanup;
1438
1439failure:
1440 for (cmd = commands; cmd; cmd = cmd->next)
1441 if (!cmd->error_string)
1442 cmd->error_string = reported_error;
1443
1444cleanup:
1445 ref_transaction_free(transaction);
1446 strbuf_release(&err);
1447}
1448
1449static void execute_commands(struct command *commands,
1450 const char *unpacker_error,
1451 struct shallow_info *si,
1452 const struct string_list *push_options)
1453{
1454 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1455 struct command *cmd;
1456 unsigned char sha1[20];
1457 struct iterate_data data;
1458 struct async muxer;
1459 int err_fd = 0;
1460
1461 if (unpacker_error) {
1462 for (cmd = commands; cmd; cmd = cmd->next)
1463 cmd->error_string = "unpacker error";
1464 return;
1465 }
1466
1467 if (use_sideband) {
1468 memset(&muxer, 0, sizeof(muxer));
1469 muxer.proc = copy_to_sideband;
1470 muxer.in = -1;
1471 if (!start_async(&muxer))
1472 err_fd = muxer.in;
1473 /* ...else, continue without relaying sideband */
1474 }
1475
1476 data.cmds = commands;
1477 data.si = si;
1478 opt.err_fd = err_fd;
1479 opt.progress = err_fd && !quiet;
1480 opt.env = tmp_objdir_env(tmp_objdir);
1481 if (check_connected(iterate_receive_command_list, &data, &opt))
1482 set_connectivity_errors(commands, si);
1483
1484 if (use_sideband)
1485 finish_async(&muxer);
1486
1487 reject_updates_to_hidden(commands);
1488
1489 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1490 for (cmd = commands; cmd; cmd = cmd->next) {
1491 if (!cmd->error_string)
1492 cmd->error_string = "pre-receive hook declined";
1493 }
1494 return;
1495 }
1496
1497 /*
1498 * Now we'll start writing out refs, which means the objects need
1499 * to be in their final positions so that other processes can see them.
1500 */
1501 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1502 for (cmd = commands; cmd; cmd = cmd->next) {
1503 if (!cmd->error_string)
1504 cmd->error_string = "unable to migrate objects to permanent storage";
1505 }
1506 return;
1507 }
1508 tmp_objdir = NULL;
1509
1510 check_aliased_updates(commands);
1511
1512 free(head_name_to_free);
1513 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1514
1515 if (use_atomic)
1516 execute_commands_atomic(commands, si);
1517 else
1518 execute_commands_non_atomic(commands, si);
1519
1520 if (shallow_update)
1521 warn_if_skipped_connectivity_check(commands, si);
1522}
1523
1524static struct command **queue_command(struct command **tail,
1525 const char *line,
1526 int linelen)
1527{
1528 unsigned char old_sha1[20], new_sha1[20];
1529 struct command *cmd;
1530 const char *refname;
1531 int reflen;
1532
1533 if (linelen < 83 ||
1534 line[40] != ' ' ||
1535 line[81] != ' ' ||
1536 get_sha1_hex(line, old_sha1) ||
1537 get_sha1_hex(line + 41, new_sha1))
1538 die("protocol error: expected old/new/ref, got '%s'", line);
1539
1540 refname = line + 82;
1541 reflen = linelen - 82;
1542 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1543 hashcpy(cmd->old_sha1, old_sha1);
1544 hashcpy(cmd->new_sha1, new_sha1);
1545 *tail = cmd;
1546 return &cmd->next;
1547}
1548
1549static void queue_commands_from_cert(struct command **tail,
1550 struct strbuf *push_cert)
1551{
1552 const char *boc, *eoc;
1553
1554 if (*tail)
1555 die("protocol error: got both push certificate and unsigned commands");
1556
1557 boc = strstr(push_cert->buf, "\n\n");
1558 if (!boc)
1559 die("malformed push certificate %.*s", 100, push_cert->buf);
1560 else
1561 boc += 2;
1562 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1563
1564 while (boc < eoc) {
1565 const char *eol = memchr(boc, '\n', eoc - boc);
1566 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1567 boc = eol ? eol + 1 : eoc;
1568 }
1569}
1570
1571static struct command *read_head_info(struct sha1_array *shallow)
1572{
1573 struct command *commands = NULL;
1574 struct command **p = &commands;
1575 for (;;) {
1576 char *line;
1577 int len, linelen;
1578
1579 line = packet_read_line(0, &len);
1580 if (!line)
1581 break;
1582
1583 if (len == 48 && starts_with(line, "shallow ")) {
1584 unsigned char sha1[20];
1585 if (get_sha1_hex(line + 8, sha1))
1586 die("protocol error: expected shallow sha, got '%s'",
1587 line + 8);
1588 sha1_array_append(shallow, sha1);
1589 continue;
1590 }
1591
1592 linelen = strlen(line);
1593 if (linelen < len) {
1594 const char *feature_list = line + linelen + 1;
1595 if (parse_feature_request(feature_list, "report-status"))
1596 report_status = 1;
1597 if (parse_feature_request(feature_list, "side-band-64k"))
1598 use_sideband = LARGE_PACKET_MAX;
1599 if (parse_feature_request(feature_list, "quiet"))
1600 quiet = 1;
1601 if (advertise_atomic_push
1602 && parse_feature_request(feature_list, "atomic"))
1603 use_atomic = 1;
1604 if (advertise_push_options
1605 && parse_feature_request(feature_list, "push-options"))
1606 use_push_options = 1;
1607 }
1608
1609 if (!strcmp(line, "push-cert")) {
1610 int true_flush = 0;
1611 char certbuf[1024];
1612
1613 for (;;) {
1614 len = packet_read(0, NULL, NULL,
1615 certbuf, sizeof(certbuf), 0);
1616 if (!len) {
1617 true_flush = 1;
1618 break;
1619 }
1620 if (!strcmp(certbuf, "push-cert-end\n"))
1621 break; /* end of cert */
1622 strbuf_addstr(&push_cert, certbuf);
1623 }
1624
1625 if (true_flush)
1626 break;
1627 continue;
1628 }
1629
1630 p = queue_command(p, line, linelen);
1631 }
1632
1633 if (push_cert.len)
1634 queue_commands_from_cert(p, &push_cert);
1635
1636 return commands;
1637}
1638
1639static void read_push_options(struct string_list *options)
1640{
1641 while (1) {
1642 char *line;
1643 int len;
1644
1645 line = packet_read_line(0, &len);
1646
1647 if (!line)
1648 break;
1649
1650 string_list_append(options, line);
1651 }
1652}
1653
1654static const char *parse_pack_header(struct pack_header *hdr)
1655{
1656 switch (read_pack_header(0, hdr)) {
1657 case PH_ERROR_EOF:
1658 return "eof before pack header was fully read";
1659
1660 case PH_ERROR_PACK_SIGNATURE:
1661 return "protocol error (pack signature mismatch detected)";
1662
1663 case PH_ERROR_PROTOCOL:
1664 return "protocol error (pack version unsupported)";
1665
1666 default:
1667 return "unknown error in parse_pack_header";
1668
1669 case 0:
1670 return NULL;
1671 }
1672}
1673
1674static const char *pack_lockfile;
1675
1676static const char *unpack(int err_fd, struct shallow_info *si)
1677{
1678 struct pack_header hdr;
1679 const char *hdr_err;
1680 int status;
1681 char hdr_arg[38];
1682 struct child_process child = CHILD_PROCESS_INIT;
1683 int fsck_objects = (receive_fsck_objects >= 0
1684 ? receive_fsck_objects
1685 : transfer_fsck_objects >= 0
1686 ? transfer_fsck_objects
1687 : 0);
1688
1689 hdr_err = parse_pack_header(&hdr);
1690 if (hdr_err) {
1691 if (err_fd > 0)
1692 close(err_fd);
1693 return hdr_err;
1694 }
1695 snprintf(hdr_arg, sizeof(hdr_arg),
1696 "--pack_header=%"PRIu32",%"PRIu32,
1697 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1698
1699 if (si->nr_ours || si->nr_theirs) {
1700 alt_shallow_file = setup_temporary_shallow(si->shallow);
1701 argv_array_push(&child.args, "--shallow-file");
1702 argv_array_push(&child.args, alt_shallow_file);
1703 }
1704
1705 tmp_objdir = tmp_objdir_create();
1706 if (!tmp_objdir) {
1707 if (err_fd > 0)
1708 close(err_fd);
1709 return "unable to create temporary object directory";
1710 }
1711 child.env = tmp_objdir_env(tmp_objdir);
1712
1713 /*
1714 * Normally we just pass the tmp_objdir environment to the child
1715 * processes that do the heavy lifting, but we may need to see these
1716 * objects ourselves to set up shallow information.
1717 */
1718 tmp_objdir_add_as_alternate(tmp_objdir);
1719
1720 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1721 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1722 if (quiet)
1723 argv_array_push(&child.args, "-q");
1724 if (fsck_objects)
1725 argv_array_pushf(&child.args, "--strict%s",
1726 fsck_msg_types.buf);
1727 if (max_input_size)
1728 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1729 (uintmax_t)max_input_size);
1730 child.no_stdout = 1;
1731 child.err = err_fd;
1732 child.git_cmd = 1;
1733 status = run_command(&child);
1734 if (status)
1735 return "unpack-objects abnormal exit";
1736 } else {
1737 char hostname[256];
1738
1739 argv_array_pushl(&child.args, "index-pack",
1740 "--stdin", hdr_arg, NULL);
1741
1742 if (gethostname(hostname, sizeof(hostname)))
1743 xsnprintf(hostname, sizeof(hostname), "localhost");
1744 argv_array_pushf(&child.args,
1745 "--keep=receive-pack %"PRIuMAX" on %s",
1746 (uintmax_t)getpid(),
1747 hostname);
1748
1749 if (!quiet && err_fd)
1750 argv_array_push(&child.args, "--show-resolving-progress");
1751 if (use_sideband)
1752 argv_array_push(&child.args, "--report-end-of-input");
1753 if (fsck_objects)
1754 argv_array_pushf(&child.args, "--strict%s",
1755 fsck_msg_types.buf);
1756 if (!reject_thin)
1757 argv_array_push(&child.args, "--fix-thin");
1758 if (max_input_size)
1759 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1760 (uintmax_t)max_input_size);
1761 child.out = -1;
1762 child.err = err_fd;
1763 child.git_cmd = 1;
1764 status = start_command(&child);
1765 if (status)
1766 return "index-pack fork failed";
1767 pack_lockfile = index_pack_lockfile(child.out);
1768 close(child.out);
1769 status = finish_command(&child);
1770 if (status)
1771 return "index-pack abnormal exit";
1772 reprepare_packed_git();
1773 }
1774 return NULL;
1775}
1776
1777static const char *unpack_with_sideband(struct shallow_info *si)
1778{
1779 struct async muxer;
1780 const char *ret;
1781
1782 if (!use_sideband)
1783 return unpack(0, si);
1784
1785 use_keepalive = KEEPALIVE_AFTER_NUL;
1786 memset(&muxer, 0, sizeof(muxer));
1787 muxer.proc = copy_to_sideband;
1788 muxer.in = -1;
1789 if (start_async(&muxer))
1790 return NULL;
1791
1792 ret = unpack(muxer.in, si);
1793
1794 finish_async(&muxer);
1795 return ret;
1796}
1797
1798static void prepare_shallow_update(struct command *commands,
1799 struct shallow_info *si)
1800{
1801 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1802
1803 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1804 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1805
1806 si->need_reachability_test =
1807 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1808 si->reachable =
1809 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1810 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1811
1812 for (i = 0; i < si->nr_ours; i++)
1813 si->need_reachability_test[si->ours[i]] = 1;
1814
1815 for (i = 0; i < si->shallow->nr; i++) {
1816 if (!si->used_shallow[i])
1817 continue;
1818 for (j = 0; j < bitmap_size; j++) {
1819 if (!si->used_shallow[i][j])
1820 continue;
1821 si->need_reachability_test[i]++;
1822 for (k = 0; k < 32; k++)
1823 if (si->used_shallow[i][j] & (1U << k))
1824 si->shallow_ref[j * 32 + k]++;
1825 }
1826
1827 /*
1828 * true for those associated with some refs and belong
1829 * in "ours" list aka "step 7 not done yet"
1830 */
1831 si->need_reachability_test[i] =
1832 si->need_reachability_test[i] > 1;
1833 }
1834
1835 /*
1836 * keep hooks happy by forcing a temporary shallow file via
1837 * env variable because we can't add --shallow-file to every
1838 * command. check_everything_connected() will be done with
1839 * true .git/shallow though.
1840 */
1841 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1842}
1843
1844static void update_shallow_info(struct command *commands,
1845 struct shallow_info *si,
1846 struct sha1_array *ref)
1847{
1848 struct command *cmd;
1849 int *ref_status;
1850 remove_nonexistent_theirs_shallow(si);
1851 if (!si->nr_ours && !si->nr_theirs) {
1852 shallow_update = 0;
1853 return;
1854 }
1855
1856 for (cmd = commands; cmd; cmd = cmd->next) {
1857 if (is_null_sha1(cmd->new_sha1))
1858 continue;
1859 sha1_array_append(ref, cmd->new_sha1);
1860 cmd->index = ref->nr - 1;
1861 }
1862 si->ref = ref;
1863
1864 if (shallow_update) {
1865 prepare_shallow_update(commands, si);
1866 return;
1867 }
1868
1869 ALLOC_ARRAY(ref_status, ref->nr);
1870 assign_shallow_commits_to_refs(si, NULL, ref_status);
1871 for (cmd = commands; cmd; cmd = cmd->next) {
1872 if (is_null_sha1(cmd->new_sha1))
1873 continue;
1874 if (ref_status[cmd->index]) {
1875 cmd->error_string = "shallow update not allowed";
1876 cmd->skip_update = 1;
1877 }
1878 }
1879 free(ref_status);
1880}
1881
1882static void report(struct command *commands, const char *unpack_status)
1883{
1884 struct command *cmd;
1885 struct strbuf buf = STRBUF_INIT;
1886
1887 packet_buf_write(&buf, "unpack %s\n",
1888 unpack_status ? unpack_status : "ok");
1889 for (cmd = commands; cmd; cmd = cmd->next) {
1890 if (!cmd->error_string)
1891 packet_buf_write(&buf, "ok %s\n",
1892 cmd->ref_name);
1893 else
1894 packet_buf_write(&buf, "ng %s %s\n",
1895 cmd->ref_name, cmd->error_string);
1896 }
1897 packet_buf_flush(&buf);
1898
1899 if (use_sideband)
1900 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1901 else
1902 write_or_die(1, buf.buf, buf.len);
1903 strbuf_release(&buf);
1904}
1905
1906static int delete_only(struct command *commands)
1907{
1908 struct command *cmd;
1909 for (cmd = commands; cmd; cmd = cmd->next) {
1910 if (!is_null_sha1(cmd->new_sha1))
1911 return 0;
1912 }
1913 return 1;
1914}
1915
1916int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1917{
1918 int advertise_refs = 0;
1919 struct command *commands;
1920 struct sha1_array shallow = SHA1_ARRAY_INIT;
1921 struct sha1_array ref = SHA1_ARRAY_INIT;
1922 struct shallow_info si;
1923
1924 struct option options[] = {
1925 OPT__QUIET(&quiet, N_("quiet")),
1926 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1927 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1928 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1929 OPT_END()
1930 };
1931
1932 packet_trace_identity("receive-pack");
1933
1934 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1935
1936 if (argc > 1)
1937 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1938 if (argc == 0)
1939 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1940
1941 service_dir = argv[0];
1942
1943 setup_path();
1944
1945 if (!enter_repo(service_dir, 0))
1946 die("'%s' does not appear to be a git repository", service_dir);
1947
1948 git_config(receive_pack_config, NULL);
1949 if (cert_nonce_seed)
1950 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1951
1952 if (0 <= transfer_unpack_limit)
1953 unpack_limit = transfer_unpack_limit;
1954 else if (0 <= receive_unpack_limit)
1955 unpack_limit = receive_unpack_limit;
1956
1957 if (advertise_refs || !stateless_rpc) {
1958 write_head_info();
1959 }
1960 if (advertise_refs)
1961 return 0;
1962
1963 if ((commands = read_head_info(&shallow)) != NULL) {
1964 const char *unpack_status = NULL;
1965 struct string_list push_options = STRING_LIST_INIT_DUP;
1966
1967 if (use_push_options)
1968 read_push_options(&push_options);
1969 if (!check_cert_push_options(&push_options)) {
1970 struct command *cmd;
1971 for (cmd = commands; cmd; cmd = cmd->next)
1972 cmd->error_string = "inconsistent push options";
1973 }
1974
1975 prepare_shallow_info(&si, &shallow);
1976 if (!si.nr_ours && !si.nr_theirs)
1977 shallow_update = 0;
1978 if (!delete_only(commands)) {
1979 unpack_status = unpack_with_sideband(&si);
1980 update_shallow_info(commands, &si, &ref);
1981 }
1982 use_keepalive = KEEPALIVE_ALWAYS;
1983 execute_commands(commands, unpack_status, &si,
1984 &push_options);
1985 if (pack_lockfile)
1986 unlink_or_warn(pack_lockfile);
1987 if (report_status)
1988 report(commands, unpack_status);
1989 run_receive_hook(commands, "post-receive", 1,
1990 &push_options);
1991 run_update_post_hook(commands);
1992 string_list_clear(&push_options, 0);
1993 if (auto_gc) {
1994 const char *argv_gc_auto[] = {
1995 "gc", "--auto", "--quiet", NULL,
1996 };
1997 struct child_process proc = CHILD_PROCESS_INIT;
1998
1999 proc.no_stdin = 1;
2000 proc.stdout_to_stderr = 1;
2001 proc.err = use_sideband ? -1 : 0;
2002 proc.git_cmd = 1;
2003 proc.argv = argv_gc_auto;
2004
2005 close_all_packs();
2006 if (!start_command(&proc)) {
2007 if (use_sideband)
2008 copy_to_sideband(proc.err, -1, NULL);
2009 finish_command(&proc);
2010 }
2011 }
2012 if (auto_update_server_info)
2013 update_server_info(0);
2014 clear_shallow_info(&si);
2015 }
2016 if (use_sideband)
2017 packet_flush(1);
2018 sha1_array_clear(&shallow);
2019 sha1_array_clear(&ref);
2020 free((void *)push_cert_nonce);
2021 return 0;
2022}