1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30
31static const char * const receive_pack_usage[] = {
32 N_("git receive-pack <git-dir>"),
33 NULL
34};
35
36enum deny_action {
37 DENY_UNCONFIGURED,
38 DENY_IGNORE,
39 DENY_WARN,
40 DENY_REFUSE,
41 DENY_UPDATE_INSTEAD
42};
43
44static int deny_deletes;
45static int deny_non_fast_forwards;
46static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
47static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
48static int receive_fsck_objects = -1;
49static int transfer_fsck_objects = -1;
50static struct strbuf fsck_msg_types = STRBUF_INIT;
51static int receive_unpack_limit = -1;
52static int transfer_unpack_limit = -1;
53static int advertise_atomic_push = 1;
54static int advertise_push_options;
55static int unpack_limit = 100;
56static off_t max_input_size;
57static int report_status;
58static int use_sideband;
59static int use_atomic;
60static int use_push_options;
61static int quiet;
62static int prefer_ofs_delta = 1;
63static int auto_update_server_info;
64static int auto_gc = 1;
65static int reject_thin;
66static int stateless_rpc;
67static const char *service_dir;
68static const char *head_name;
69static void *head_name_to_free;
70static int sent_capabilities;
71static int shallow_update;
72static const char *alt_shallow_file;
73static struct strbuf push_cert = STRBUF_INIT;
74static struct object_id push_cert_oid;
75static struct signature_check sigcheck;
76static const char *push_cert_nonce;
77static const char *cert_nonce_seed;
78
79static const char *NONCE_UNSOLICITED = "UNSOLICITED";
80static const char *NONCE_BAD = "BAD";
81static const char *NONCE_MISSING = "MISSING";
82static const char *NONCE_OK = "OK";
83static const char *NONCE_SLOP = "SLOP";
84static const char *nonce_status;
85static long nonce_stamp_slop;
86static timestamp_t nonce_stamp_slop_limit;
87static struct ref_transaction *transaction;
88
89static enum {
90 KEEPALIVE_NEVER = 0,
91 KEEPALIVE_AFTER_NUL,
92 KEEPALIVE_ALWAYS
93} use_keepalive;
94static int keepalive_in_sec = 5;
95
96static struct tmp_objdir *tmp_objdir;
97
98static enum deny_action parse_deny_action(const char *var, const char *value)
99{
100 if (value) {
101 if (!strcasecmp(value, "ignore"))
102 return DENY_IGNORE;
103 if (!strcasecmp(value, "warn"))
104 return DENY_WARN;
105 if (!strcasecmp(value, "refuse"))
106 return DENY_REFUSE;
107 if (!strcasecmp(value, "updateinstead"))
108 return DENY_UPDATE_INSTEAD;
109 }
110 if (git_config_bool(var, value))
111 return DENY_REFUSE;
112 return DENY_IGNORE;
113}
114
115static int receive_pack_config(const char *var, const char *value, void *cb)
116{
117 int status = parse_hide_refs_config(var, value, "receive");
118
119 if (status)
120 return status;
121
122 if (strcmp(var, "receive.denydeletes") == 0) {
123 deny_deletes = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.denynonfastforwards") == 0) {
128 deny_non_fast_forwards = git_config_bool(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "receive.unpacklimit") == 0) {
133 receive_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "transfer.unpacklimit") == 0) {
138 transfer_unpack_limit = git_config_int(var, value);
139 return 0;
140 }
141
142 if (strcmp(var, "receive.fsck.skiplist") == 0) {
143 const char *path;
144
145 if (git_config_pathname(&path, var, value))
146 return 1;
147 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
148 fsck_msg_types.len ? ',' : '=', path);
149 free((char *)path);
150 return 0;
151 }
152
153 if (skip_prefix(var, "receive.fsck.", &var)) {
154 if (is_valid_msg_type(var, value))
155 strbuf_addf(&fsck_msg_types, "%c%s=%s",
156 fsck_msg_types.len ? ',' : '=', var, value);
157 else
158 warning("Skipping unknown msg id '%s'", var);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsckobjects") == 0) {
163 receive_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (strcmp(var, "transfer.fsckobjects") == 0) {
168 transfer_fsck_objects = git_config_bool(var, value);
169 return 0;
170 }
171
172 if (!strcmp(var, "receive.denycurrentbranch")) {
173 deny_current_branch = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "receive.denydeletecurrent") == 0) {
178 deny_delete_current = parse_deny_action(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
183 prefer_ofs_delta = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.updateserverinfo") == 0) {
188 auto_update_server_info = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.autogc") == 0) {
193 auto_gc = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.shallowupdate") == 0) {
198 shallow_update = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "receive.certnonceseed") == 0)
203 return git_config_string(&cert_nonce_seed, var, value);
204
205 if (strcmp(var, "receive.certnonceslop") == 0) {
206 nonce_stamp_slop_limit = git_config_ulong(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertiseatomic") == 0) {
211 advertise_atomic_push = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.advertisepushoptions") == 0) {
216 advertise_push_options = git_config_bool(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.keepalive") == 0) {
221 keepalive_in_sec = git_config_int(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.maxinputsize") == 0) {
226 max_input_size = git_config_int64(var, value);
227 return 0;
228 }
229
230 return git_default_config(var, value, cb);
231}
232
233static void show_ref(const char *path, const struct object_id *oid)
234{
235 if (sent_capabilities) {
236 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
237 } else {
238 struct strbuf cap = STRBUF_INIT;
239
240 strbuf_addstr(&cap,
241 "report-status delete-refs side-band-64k quiet");
242 if (advertise_atomic_push)
243 strbuf_addstr(&cap, " atomic");
244 if (prefer_ofs_delta)
245 strbuf_addstr(&cap, " ofs-delta");
246 if (push_cert_nonce)
247 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
248 if (advertise_push_options)
249 strbuf_addstr(&cap, " push-options");
250 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
251 packet_write_fmt(1, "%s %s%c%s\n",
252 oid_to_hex(oid), path, 0, cap.buf);
253 strbuf_release(&cap);
254 sent_capabilities = 1;
255 }
256}
257
258static int show_ref_cb(const char *path_full, const struct object_id *oid,
259 int flag, void *data)
260{
261 struct oidset *seen = data;
262 const char *path = strip_namespace(path_full);
263
264 if (ref_is_hidden(path, path_full))
265 return 0;
266
267 /*
268 * Advertise refs outside our current namespace as ".have"
269 * refs, so that the client can use them to minimize data
270 * transfer but will otherwise ignore them.
271 */
272 if (!path) {
273 if (oidset_insert(seen, oid))
274 return 0;
275 path = ".have";
276 } else {
277 oidset_insert(seen, oid);
278 }
279 show_ref(path, oid);
280 return 0;
281}
282
283static void show_one_alternate_ref(const char *refname,
284 const struct object_id *oid,
285 void *data)
286{
287 struct oidset *seen = data;
288
289 if (oidset_insert(seen, oid))
290 return;
291
292 show_ref(".have", oid);
293}
294
295static void write_head_info(void)
296{
297 static struct oidset seen = OIDSET_INIT;
298
299 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304
305 advertise_shallow_grafts(1);
306
307 /* EOF */
308 packet_flush(1);
309}
310
311struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320};
321
322static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324
325static void report_message(const char *prefix, const char *err, va_list params)
326{
327 int sz;
328 char msg[4096];
329
330 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335
336 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340}
341
342static void rp_warning(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348}
349
350static void rp_error(const char *err, ...)
351{
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356}
357
358static int copy_to_sideband(int in, int out, void *arg)
359{
360 char data[128];
361 int keepalive_active = 0;
362
363 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367
368 while (1) {
369 ssize_t sz;
370
371 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374
375 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378
379 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391
392 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395
396 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410
411 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419}
420
421#define HMAC_BLOCK_SIZE 64
422
423static void hmac_sha1(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426{
427 unsigned char key[HMAC_BLOCK_SIZE];
428 unsigned char k_ipad[HMAC_BLOCK_SIZE];
429 unsigned char k_opad[HMAC_BLOCK_SIZE];
430 int i;
431 git_SHA_CTX ctx;
432
433 /* RFC 2104 2. (1) */
434 memset(key, '\0', HMAC_BLOCK_SIZE);
435 if (HMAC_BLOCK_SIZE < key_len) {
436 git_SHA1_Init(&ctx);
437 git_SHA1_Update(&ctx, key_in, key_len);
438 git_SHA1_Final(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442
443 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448
449 /* RFC 2104 2. (3) & (4) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
452 git_SHA1_Update(&ctx, text, text_len);
453 git_SHA1_Final(out, &ctx);
454
455 /* RFC 2104 2. (6) & (7) */
456 git_SHA1_Init(&ctx);
457 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
458 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
459 git_SHA1_Final(out, &ctx);
460}
461
462static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463{
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char sha1[GIT_SHA1_RAWSZ];
466
467 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
469 strbuf_release(&buf);
470
471 /* RFC 2104 5. HMAC-SHA1-80 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
473 return strbuf_detach(&buf, NULL);
474}
475
476/*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483{
484 int key_len = strlen(key);
485 const char *line = msg;
486
487 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489
490 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502}
503
504static const char *check_nonce(const char *buf, size_t len)
505{
506 char *nonce = find_header(buf, len, "nonce", NULL);
507 timestamp_t stamp, ostamp;
508 char *bohmac, *expect = NULL;
509 const char *retval = NONCE_BAD;
510
511 if (!nonce) {
512 retval = NONCE_MISSING;
513 goto leave;
514 } else if (!push_cert_nonce) {
515 retval = NONCE_UNSOLICITED;
516 goto leave;
517 } else if (!strcmp(push_cert_nonce, nonce)) {
518 retval = NONCE_OK;
519 goto leave;
520 }
521
522 if (!stateless_rpc) {
523 /* returned nonce MUST match what we gave out earlier */
524 retval = NONCE_BAD;
525 goto leave;
526 }
527
528 /*
529 * In stateless mode, we may be receiving a nonce issued by
530 * another instance of the server that serving the same
531 * repository, and the timestamps may not match, but the
532 * nonce-seed and dir should match, so we can recompute and
533 * report the time slop.
534 *
535 * In addition, when a nonce issued by another instance has
536 * timestamp within receive.certnonceslop seconds, we pretend
537 * as if we issued that nonce when reporting to the hook.
538 */
539
540 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
541 if (*nonce <= '0' || '9' < *nonce) {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545 stamp = parse_timestamp(nonce, &bohmac, 10);
546 if (bohmac == nonce || bohmac[0] != '-') {
547 retval = NONCE_BAD;
548 goto leave;
549 }
550
551 expect = prepare_push_cert_nonce(service_dir, stamp);
552 if (strcmp(expect, nonce)) {
553 /* Not what we would have signed earlier */
554 retval = NONCE_BAD;
555 goto leave;
556 }
557
558 /*
559 * By how many seconds is this nonce stale? Negative value
560 * would mean it was issued by another server with its clock
561 * skewed in the future.
562 */
563 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
564 nonce_stamp_slop = (long)ostamp - (long)stamp;
565
566 if (nonce_stamp_slop_limit &&
567 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
568 /*
569 * Pretend as if the received nonce (which passes the
570 * HMAC check, so it is not a forged by third-party)
571 * is what we issued.
572 */
573 free((void *)push_cert_nonce);
574 push_cert_nonce = xstrdup(nonce);
575 retval = NONCE_OK;
576 } else {
577 retval = NONCE_SLOP;
578 }
579
580leave:
581 free(nonce);
582 free(expect);
583 return retval;
584}
585
586/*
587 * Return 1 if there is no push_cert or if the push options in push_cert are
588 * the same as those in the argument; 0 otherwise.
589 */
590static int check_cert_push_options(const struct string_list *push_options)
591{
592 const char *buf = push_cert.buf;
593 int len = push_cert.len;
594
595 char *option;
596 const char *next_line;
597 int options_seen = 0;
598
599 int retval = 1;
600
601 if (!len)
602 return 1;
603
604 while ((option = find_header(buf, len, "push-option", &next_line))) {
605 len -= (next_line - buf);
606 buf = next_line;
607 options_seen++;
608 if (options_seen > push_options->nr
609 || strcmp(option,
610 push_options->items[options_seen - 1].string)) {
611 retval = 0;
612 goto leave;
613 }
614 free(option);
615 }
616
617 if (options_seen != push_options->nr)
618 retval = 0;
619
620leave:
621 free(option);
622 return retval;
623}
624
625static void prepare_push_cert_sha1(struct child_process *proc)
626{
627 static int already_done;
628
629 if (!push_cert.len)
630 return;
631
632 if (!already_done) {
633 int bogs /* beginning_of_gpg_sig */;
634
635 already_done = 1;
636 if (write_object_file(push_cert.buf, push_cert.len, "blob",
637 &push_cert_oid))
638 oidclr(&push_cert_oid);
639
640 memset(&sigcheck, '\0', sizeof(sigcheck));
641
642 bogs = parse_signature(push_cert.buf, push_cert.len);
643 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
644 push_cert.len - bogs, &sigcheck);
645
646 nonce_status = check_nonce(push_cert.buf, bogs);
647 }
648 if (!is_null_oid(&push_cert_oid)) {
649 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
650 oid_to_hex(&push_cert_oid));
651 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
652 sigcheck.signer ? sigcheck.signer : "");
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
654 sigcheck.key ? sigcheck.key : "");
655 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
656 sigcheck.result);
657 if (push_cert_nonce) {
658 argv_array_pushf(&proc->env_array,
659 "GIT_PUSH_CERT_NONCE=%s",
660 push_cert_nonce);
661 argv_array_pushf(&proc->env_array,
662 "GIT_PUSH_CERT_NONCE_STATUS=%s",
663 nonce_status);
664 if (nonce_status == NONCE_SLOP)
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
667 nonce_stamp_slop);
668 }
669 }
670}
671
672struct receive_hook_feed_state {
673 struct command *cmd;
674 int skip_broken;
675 struct strbuf buf;
676 const struct string_list *push_options;
677};
678
679typedef int (*feed_fn)(void *, const char **, size_t *);
680static int run_and_feed_hook(const char *hook_name, feed_fn feed,
681 struct receive_hook_feed_state *feed_state)
682{
683 struct child_process proc = CHILD_PROCESS_INIT;
684 struct async muxer;
685 const char *argv[2];
686 int code;
687
688 argv[0] = find_hook(hook_name);
689 if (!argv[0])
690 return 0;
691
692 argv[1] = NULL;
693
694 proc.argv = argv;
695 proc.in = -1;
696 proc.stdout_to_stderr = 1;
697 if (feed_state->push_options) {
698 int i;
699 for (i = 0; i < feed_state->push_options->nr; i++)
700 argv_array_pushf(&proc.env_array,
701 "GIT_PUSH_OPTION_%d=%s", i,
702 feed_state->push_options->items[i].string);
703 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
704 feed_state->push_options->nr);
705 } else
706 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
707
708 if (tmp_objdir)
709 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
710
711 if (use_sideband) {
712 memset(&muxer, 0, sizeof(muxer));
713 muxer.proc = copy_to_sideband;
714 muxer.in = -1;
715 code = start_async(&muxer);
716 if (code)
717 return code;
718 proc.err = muxer.in;
719 }
720
721 prepare_push_cert_sha1(&proc);
722
723 code = start_command(&proc);
724 if (code) {
725 if (use_sideband)
726 finish_async(&muxer);
727 return code;
728 }
729
730 sigchain_push(SIGPIPE, SIG_IGN);
731
732 while (1) {
733 const char *buf;
734 size_t n;
735 if (feed(feed_state, &buf, &n))
736 break;
737 if (write_in_full(proc.in, buf, n) < 0)
738 break;
739 }
740 close(proc.in);
741 if (use_sideband)
742 finish_async(&muxer);
743
744 sigchain_pop(SIGPIPE);
745
746 return finish_command(&proc);
747}
748
749static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
750{
751 struct receive_hook_feed_state *state = state_;
752 struct command *cmd = state->cmd;
753
754 while (cmd &&
755 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
756 cmd = cmd->next;
757 if (!cmd)
758 return -1; /* EOF */
759 strbuf_reset(&state->buf);
760 strbuf_addf(&state->buf, "%s %s %s\n",
761 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
762 cmd->ref_name);
763 state->cmd = cmd->next;
764 if (bufp) {
765 *bufp = state->buf.buf;
766 *sizep = state->buf.len;
767 }
768 return 0;
769}
770
771static int run_receive_hook(struct command *commands,
772 const char *hook_name,
773 int skip_broken,
774 const struct string_list *push_options)
775{
776 struct receive_hook_feed_state state;
777 int status;
778
779 strbuf_init(&state.buf, 0);
780 state.cmd = commands;
781 state.skip_broken = skip_broken;
782 if (feed_receive_hook(&state, NULL, NULL))
783 return 0;
784 state.cmd = commands;
785 state.push_options = push_options;
786 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
787 strbuf_release(&state.buf);
788 return status;
789}
790
791static int run_update_hook(struct command *cmd)
792{
793 const char *argv[5];
794 struct child_process proc = CHILD_PROCESS_INIT;
795 int code;
796
797 argv[0] = find_hook("update");
798 if (!argv[0])
799 return 0;
800
801 argv[1] = cmd->ref_name;
802 argv[2] = oid_to_hex(&cmd->old_oid);
803 argv[3] = oid_to_hex(&cmd->new_oid);
804 argv[4] = NULL;
805
806 proc.no_stdin = 1;
807 proc.stdout_to_stderr = 1;
808 proc.err = use_sideband ? -1 : 0;
809 proc.argv = argv;
810
811 code = start_command(&proc);
812 if (code)
813 return code;
814 if (use_sideband)
815 copy_to_sideband(proc.err, -1, NULL);
816 return finish_command(&proc);
817}
818
819static int is_ref_checked_out(const char *ref)
820{
821 if (is_bare_repository())
822 return 0;
823
824 if (!head_name)
825 return 0;
826 return !strcmp(head_name, ref);
827}
828
829static char *refuse_unconfigured_deny_msg =
830 N_("By default, updating the current branch in a non-bare repository\n"
831 "is denied, because it will make the index and work tree inconsistent\n"
832 "with what you pushed, and will require 'git reset --hard' to match\n"
833 "the work tree to HEAD.\n"
834 "\n"
835 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
836 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
837 "its current branch; however, this is not recommended unless you\n"
838 "arranged to update its work tree to match what you pushed in some\n"
839 "other way.\n"
840 "\n"
841 "To squelch this message and still keep the default behaviour, set\n"
842 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
843
844static void refuse_unconfigured_deny(void)
845{
846 rp_error("%s", _(refuse_unconfigured_deny_msg));
847}
848
849static char *refuse_unconfigured_deny_delete_current_msg =
850 N_("By default, deleting the current branch is denied, because the next\n"
851 "'git clone' won't result in any file checked out, causing confusion.\n"
852 "\n"
853 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
854 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
855 "current branch, with or without a warning message.\n"
856 "\n"
857 "To squelch this message, you can set it to 'refuse'.");
858
859static void refuse_unconfigured_deny_delete_current(void)
860{
861 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
862}
863
864static int command_singleton_iterator(void *cb_data, struct object_id *oid);
865static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
866{
867 struct lock_file shallow_lock = LOCK_INIT;
868 struct oid_array extra = OID_ARRAY_INIT;
869 struct check_connected_options opt = CHECK_CONNECTED_INIT;
870 uint32_t mask = 1 << (cmd->index % 32);
871 int i;
872
873 trace_printf_key(&trace_shallow,
874 "shallow: update_shallow_ref %s\n", cmd->ref_name);
875 for (i = 0; i < si->shallow->nr; i++)
876 if (si->used_shallow[i] &&
877 (si->used_shallow[i][cmd->index / 32] & mask) &&
878 !delayed_reachability_test(si, i))
879 oid_array_append(&extra, &si->shallow->oid[i]);
880
881 opt.env = tmp_objdir_env(tmp_objdir);
882 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
883 if (check_connected(command_singleton_iterator, cmd, &opt)) {
884 rollback_lock_file(&shallow_lock);
885 oid_array_clear(&extra);
886 return -1;
887 }
888
889 commit_lock_file(&shallow_lock);
890
891 /*
892 * Make sure setup_alternate_shallow() for the next ref does
893 * not lose these new roots..
894 */
895 for (i = 0; i < extra.nr; i++)
896 register_shallow(the_repository, &extra.oid[i]);
897
898 si->shallow_ref[cmd->index] = 0;
899 oid_array_clear(&extra);
900 return 0;
901}
902
903/*
904 * NEEDSWORK: we should consolidate various implementions of "are we
905 * on an unborn branch?" test into one, and make the unified one more
906 * robust. !get_sha1() based check used here and elsewhere would not
907 * allow us to tell an unborn branch from corrupt ref, for example.
908 * For the purpose of fixing "deploy-to-update does not work when
909 * pushing into an empty repository" issue, this should suffice for
910 * now.
911 */
912static int head_has_history(void)
913{
914 struct object_id oid;
915
916 return !get_oid("HEAD", &oid);
917}
918
919static const char *push_to_deploy(unsigned char *sha1,
920 struct argv_array *env,
921 const char *work_tree)
922{
923 const char *update_refresh[] = {
924 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
925 };
926 const char *diff_files[] = {
927 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
928 };
929 const char *diff_index[] = {
930 "diff-index", "--quiet", "--cached", "--ignore-submodules",
931 NULL, "--", NULL
932 };
933 const char *read_tree[] = {
934 "read-tree", "-u", "-m", NULL, NULL
935 };
936 struct child_process child = CHILD_PROCESS_INIT;
937
938 child.argv = update_refresh;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.stdout_to_stderr = 1;
943 child.git_cmd = 1;
944 if (run_command(&child))
945 return "Up-to-date check failed";
946
947 /* run_command() does not clean up completely; reinitialize */
948 child_process_init(&child);
949 child.argv = diff_files;
950 child.env = env->argv;
951 child.dir = work_tree;
952 child.no_stdin = 1;
953 child.stdout_to_stderr = 1;
954 child.git_cmd = 1;
955 if (run_command(&child))
956 return "Working directory has unstaged changes";
957
958 /* diff-index with either HEAD or an empty tree */
959 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
960
961 child_process_init(&child);
962 child.argv = diff_index;
963 child.env = env->argv;
964 child.no_stdin = 1;
965 child.no_stdout = 1;
966 child.stdout_to_stderr = 0;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has staged changes";
970
971 read_tree[3] = sha1_to_hex(sha1);
972 child_process_init(&child);
973 child.argv = read_tree;
974 child.env = env->argv;
975 child.dir = work_tree;
976 child.no_stdin = 1;
977 child.no_stdout = 1;
978 child.stdout_to_stderr = 0;
979 child.git_cmd = 1;
980 if (run_command(&child))
981 return "Could not update working tree to new HEAD";
982
983 return NULL;
984}
985
986static const char *push_to_checkout_hook = "push-to-checkout";
987
988static const char *push_to_checkout(unsigned char *sha1,
989 struct argv_array *env,
990 const char *work_tree)
991{
992 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
993 if (run_hook_le(env->argv, push_to_checkout_hook,
994 sha1_to_hex(sha1), NULL))
995 return "push-to-checkout hook declined";
996 else
997 return NULL;
998}
999
1000static const char *update_worktree(unsigned char *sha1)
1001{
1002 const char *retval;
1003 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1004 struct argv_array env = ARGV_ARRAY_INIT;
1005
1006 if (is_bare_repository())
1007 return "denyCurrentBranch = updateInstead needs a worktree";
1008
1009 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1010
1011 if (!find_hook(push_to_checkout_hook))
1012 retval = push_to_deploy(sha1, &env, work_tree);
1013 else
1014 retval = push_to_checkout(sha1, &env, work_tree);
1015
1016 argv_array_clear(&env);
1017 return retval;
1018}
1019
1020static const char *update(struct command *cmd, struct shallow_info *si)
1021{
1022 const char *name = cmd->ref_name;
1023 struct strbuf namespaced_name_buf = STRBUF_INIT;
1024 static char *namespaced_name;
1025 const char *ret;
1026 struct object_id *old_oid = &cmd->old_oid;
1027 struct object_id *new_oid = &cmd->new_oid;
1028
1029 /* only refs/... are allowed */
1030 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1031 rp_error("refusing to create funny ref '%s' remotely", name);
1032 return "funny refname";
1033 }
1034
1035 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1036 free(namespaced_name);
1037 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1038
1039 if (is_ref_checked_out(namespaced_name)) {
1040 switch (deny_current_branch) {
1041 case DENY_IGNORE:
1042 break;
1043 case DENY_WARN:
1044 rp_warning("updating the current branch");
1045 break;
1046 case DENY_REFUSE:
1047 case DENY_UNCONFIGURED:
1048 rp_error("refusing to update checked out branch: %s", name);
1049 if (deny_current_branch == DENY_UNCONFIGURED)
1050 refuse_unconfigured_deny();
1051 return "branch is currently checked out";
1052 case DENY_UPDATE_INSTEAD:
1053 ret = update_worktree(new_oid->hash);
1054 if (ret)
1055 return ret;
1056 break;
1057 }
1058 }
1059
1060 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1061 error("unpack should have generated %s, "
1062 "but I can't find it!", oid_to_hex(new_oid));
1063 return "bad pack";
1064 }
1065
1066 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1067 if (deny_deletes && starts_with(name, "refs/heads/")) {
1068 rp_error("denying ref deletion for %s", name);
1069 return "deletion prohibited";
1070 }
1071
1072 if (head_name && !strcmp(namespaced_name, head_name)) {
1073 switch (deny_delete_current) {
1074 case DENY_IGNORE:
1075 break;
1076 case DENY_WARN:
1077 rp_warning("deleting the current branch");
1078 break;
1079 case DENY_REFUSE:
1080 case DENY_UNCONFIGURED:
1081 case DENY_UPDATE_INSTEAD:
1082 if (deny_delete_current == DENY_UNCONFIGURED)
1083 refuse_unconfigured_deny_delete_current();
1084 rp_error("refusing to delete the current branch: %s", name);
1085 return "deletion of the current branch prohibited";
1086 default:
1087 return "Invalid denyDeleteCurrent setting";
1088 }
1089 }
1090 }
1091
1092 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1093 !is_null_oid(old_oid) &&
1094 starts_with(name, "refs/heads/")) {
1095 struct object *old_object, *new_object;
1096 struct commit *old_commit, *new_commit;
1097
1098 old_object = parse_object(old_oid);
1099 new_object = parse_object(new_oid);
1100
1101 if (!old_object || !new_object ||
1102 old_object->type != OBJ_COMMIT ||
1103 new_object->type != OBJ_COMMIT) {
1104 error("bad sha1 objects for %s", name);
1105 return "bad ref";
1106 }
1107 old_commit = (struct commit *)old_object;
1108 new_commit = (struct commit *)new_object;
1109 if (!in_merge_bases(old_commit, new_commit)) {
1110 rp_error("denying non-fast-forward %s"
1111 " (you should pull first)", name);
1112 return "non-fast-forward";
1113 }
1114 }
1115 if (run_update_hook(cmd)) {
1116 rp_error("hook declined to update %s", name);
1117 return "hook declined";
1118 }
1119
1120 if (is_null_oid(new_oid)) {
1121 struct strbuf err = STRBUF_INIT;
1122 if (!parse_object(old_oid)) {
1123 old_oid = NULL;
1124 if (ref_exists(name)) {
1125 rp_warning("Allowing deletion of corrupt ref.");
1126 } else {
1127 rp_warning("Deleting a non-existent ref.");
1128 cmd->did_not_exist = 1;
1129 }
1130 }
1131 if (ref_transaction_delete(transaction,
1132 namespaced_name,
1133 old_oid,
1134 0, "push", &err)) {
1135 rp_error("%s", err.buf);
1136 strbuf_release(&err);
1137 return "failed to delete";
1138 }
1139 strbuf_release(&err);
1140 return NULL; /* good */
1141 }
1142 else {
1143 struct strbuf err = STRBUF_INIT;
1144 if (shallow_update && si->shallow_ref[cmd->index] &&
1145 update_shallow_ref(cmd, si))
1146 return "shallow error";
1147
1148 if (ref_transaction_update(transaction,
1149 namespaced_name,
1150 new_oid, old_oid,
1151 0, "push",
1152 &err)) {
1153 rp_error("%s", err.buf);
1154 strbuf_release(&err);
1155
1156 return "failed to update ref";
1157 }
1158 strbuf_release(&err);
1159
1160 return NULL; /* good */
1161 }
1162}
1163
1164static void run_update_post_hook(struct command *commands)
1165{
1166 struct command *cmd;
1167 struct child_process proc = CHILD_PROCESS_INIT;
1168 const char *hook;
1169
1170 hook = find_hook("post-update");
1171 if (!hook)
1172 return;
1173
1174 for (cmd = commands; cmd; cmd = cmd->next) {
1175 if (cmd->error_string || cmd->did_not_exist)
1176 continue;
1177 if (!proc.args.argc)
1178 argv_array_push(&proc.args, hook);
1179 argv_array_push(&proc.args, cmd->ref_name);
1180 }
1181 if (!proc.args.argc)
1182 return;
1183
1184 proc.no_stdin = 1;
1185 proc.stdout_to_stderr = 1;
1186 proc.err = use_sideband ? -1 : 0;
1187
1188 if (!start_command(&proc)) {
1189 if (use_sideband)
1190 copy_to_sideband(proc.err, -1, NULL);
1191 finish_command(&proc);
1192 }
1193}
1194
1195static void check_aliased_update(struct command *cmd, struct string_list *list)
1196{
1197 struct strbuf buf = STRBUF_INIT;
1198 const char *dst_name;
1199 struct string_list_item *item;
1200 struct command *dst_cmd;
1201 int flag;
1202
1203 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1204 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1205 strbuf_release(&buf);
1206
1207 if (!(flag & REF_ISSYMREF))
1208 return;
1209
1210 if (!dst_name) {
1211 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1212 cmd->skip_update = 1;
1213 cmd->error_string = "broken symref";
1214 return;
1215 }
1216 dst_name = strip_namespace(dst_name);
1217
1218 if ((item = string_list_lookup(list, dst_name)) == NULL)
1219 return;
1220
1221 cmd->skip_update = 1;
1222
1223 dst_cmd = (struct command *) item->util;
1224
1225 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1226 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1227 return;
1228
1229 dst_cmd->skip_update = 1;
1230
1231 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1232 " its target '%s' (%s..%s)",
1233 cmd->ref_name,
1234 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1235 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1236 dst_cmd->ref_name,
1237 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1238 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1239
1240 cmd->error_string = dst_cmd->error_string =
1241 "inconsistent aliased update";
1242}
1243
1244static void check_aliased_updates(struct command *commands)
1245{
1246 struct command *cmd;
1247 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1248
1249 for (cmd = commands; cmd; cmd = cmd->next) {
1250 struct string_list_item *item =
1251 string_list_append(&ref_list, cmd->ref_name);
1252 item->util = (void *)cmd;
1253 }
1254 string_list_sort(&ref_list);
1255
1256 for (cmd = commands; cmd; cmd = cmd->next) {
1257 if (!cmd->error_string)
1258 check_aliased_update(cmd, &ref_list);
1259 }
1260
1261 string_list_clear(&ref_list, 0);
1262}
1263
1264static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1265{
1266 struct command **cmd_list = cb_data;
1267 struct command *cmd = *cmd_list;
1268
1269 if (!cmd || is_null_oid(&cmd->new_oid))
1270 return -1; /* end of list */
1271 *cmd_list = NULL; /* this returns only one */
1272 oidcpy(oid, &cmd->new_oid);
1273 return 0;
1274}
1275
1276static void set_connectivity_errors(struct command *commands,
1277 struct shallow_info *si)
1278{
1279 struct command *cmd;
1280
1281 for (cmd = commands; cmd; cmd = cmd->next) {
1282 struct command *singleton = cmd;
1283 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1284
1285 if (shallow_update && si->shallow_ref[cmd->index])
1286 /* to be checked in update_shallow_ref() */
1287 continue;
1288
1289 opt.env = tmp_objdir_env(tmp_objdir);
1290 if (!check_connected(command_singleton_iterator, &singleton,
1291 &opt))
1292 continue;
1293
1294 cmd->error_string = "missing necessary objects";
1295 }
1296}
1297
1298struct iterate_data {
1299 struct command *cmds;
1300 struct shallow_info *si;
1301};
1302
1303static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1304{
1305 struct iterate_data *data = cb_data;
1306 struct command **cmd_list = &data->cmds;
1307 struct command *cmd = *cmd_list;
1308
1309 for (; cmd; cmd = cmd->next) {
1310 if (shallow_update && data->si->shallow_ref[cmd->index])
1311 /* to be checked in update_shallow_ref() */
1312 continue;
1313 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1314 oidcpy(oid, &cmd->new_oid);
1315 *cmd_list = cmd->next;
1316 return 0;
1317 }
1318 }
1319 *cmd_list = NULL;
1320 return -1; /* end of list */
1321}
1322
1323static void reject_updates_to_hidden(struct command *commands)
1324{
1325 struct strbuf refname_full = STRBUF_INIT;
1326 size_t prefix_len;
1327 struct command *cmd;
1328
1329 strbuf_addstr(&refname_full, get_git_namespace());
1330 prefix_len = refname_full.len;
1331
1332 for (cmd = commands; cmd; cmd = cmd->next) {
1333 if (cmd->error_string)
1334 continue;
1335
1336 strbuf_setlen(&refname_full, prefix_len);
1337 strbuf_addstr(&refname_full, cmd->ref_name);
1338
1339 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1340 continue;
1341 if (is_null_oid(&cmd->new_oid))
1342 cmd->error_string = "deny deleting a hidden ref";
1343 else
1344 cmd->error_string = "deny updating a hidden ref";
1345 }
1346
1347 strbuf_release(&refname_full);
1348}
1349
1350static int should_process_cmd(struct command *cmd)
1351{
1352 return !cmd->error_string && !cmd->skip_update;
1353}
1354
1355static void warn_if_skipped_connectivity_check(struct command *commands,
1356 struct shallow_info *si)
1357{
1358 struct command *cmd;
1359 int checked_connectivity = 1;
1360
1361 for (cmd = commands; cmd; cmd = cmd->next) {
1362 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1363 error("BUG: connectivity check has not been run on ref %s",
1364 cmd->ref_name);
1365 checked_connectivity = 0;
1366 }
1367 }
1368 if (!checked_connectivity)
1369 BUG("connectivity check skipped???");
1370}
1371
1372static void execute_commands_non_atomic(struct command *commands,
1373 struct shallow_info *si)
1374{
1375 struct command *cmd;
1376 struct strbuf err = STRBUF_INIT;
1377
1378 for (cmd = commands; cmd; cmd = cmd->next) {
1379 if (!should_process_cmd(cmd))
1380 continue;
1381
1382 transaction = ref_transaction_begin(&err);
1383 if (!transaction) {
1384 rp_error("%s", err.buf);
1385 strbuf_reset(&err);
1386 cmd->error_string = "transaction failed to start";
1387 continue;
1388 }
1389
1390 cmd->error_string = update(cmd, si);
1391
1392 if (!cmd->error_string
1393 && ref_transaction_commit(transaction, &err)) {
1394 rp_error("%s", err.buf);
1395 strbuf_reset(&err);
1396 cmd->error_string = "failed to update ref";
1397 }
1398 ref_transaction_free(transaction);
1399 }
1400 strbuf_release(&err);
1401}
1402
1403static void execute_commands_atomic(struct command *commands,
1404 struct shallow_info *si)
1405{
1406 struct command *cmd;
1407 struct strbuf err = STRBUF_INIT;
1408 const char *reported_error = "atomic push failure";
1409
1410 transaction = ref_transaction_begin(&err);
1411 if (!transaction) {
1412 rp_error("%s", err.buf);
1413 strbuf_reset(&err);
1414 reported_error = "transaction failed to start";
1415 goto failure;
1416 }
1417
1418 for (cmd = commands; cmd; cmd = cmd->next) {
1419 if (!should_process_cmd(cmd))
1420 continue;
1421
1422 cmd->error_string = update(cmd, si);
1423
1424 if (cmd->error_string)
1425 goto failure;
1426 }
1427
1428 if (ref_transaction_commit(transaction, &err)) {
1429 rp_error("%s", err.buf);
1430 reported_error = "atomic transaction failed";
1431 goto failure;
1432 }
1433 goto cleanup;
1434
1435failure:
1436 for (cmd = commands; cmd; cmd = cmd->next)
1437 if (!cmd->error_string)
1438 cmd->error_string = reported_error;
1439
1440cleanup:
1441 ref_transaction_free(transaction);
1442 strbuf_release(&err);
1443}
1444
1445static void execute_commands(struct command *commands,
1446 const char *unpacker_error,
1447 struct shallow_info *si,
1448 const struct string_list *push_options)
1449{
1450 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1451 struct command *cmd;
1452 struct iterate_data data;
1453 struct async muxer;
1454 int err_fd = 0;
1455
1456 if (unpacker_error) {
1457 for (cmd = commands; cmd; cmd = cmd->next)
1458 cmd->error_string = "unpacker error";
1459 return;
1460 }
1461
1462 if (use_sideband) {
1463 memset(&muxer, 0, sizeof(muxer));
1464 muxer.proc = copy_to_sideband;
1465 muxer.in = -1;
1466 if (!start_async(&muxer))
1467 err_fd = muxer.in;
1468 /* ...else, continue without relaying sideband */
1469 }
1470
1471 data.cmds = commands;
1472 data.si = si;
1473 opt.err_fd = err_fd;
1474 opt.progress = err_fd && !quiet;
1475 opt.env = tmp_objdir_env(tmp_objdir);
1476 if (check_connected(iterate_receive_command_list, &data, &opt))
1477 set_connectivity_errors(commands, si);
1478
1479 if (use_sideband)
1480 finish_async(&muxer);
1481
1482 reject_updates_to_hidden(commands);
1483
1484 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1485 for (cmd = commands; cmd; cmd = cmd->next) {
1486 if (!cmd->error_string)
1487 cmd->error_string = "pre-receive hook declined";
1488 }
1489 return;
1490 }
1491
1492 /*
1493 * Now we'll start writing out refs, which means the objects need
1494 * to be in their final positions so that other processes can see them.
1495 */
1496 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1497 for (cmd = commands; cmd; cmd = cmd->next) {
1498 if (!cmd->error_string)
1499 cmd->error_string = "unable to migrate objects to permanent storage";
1500 }
1501 return;
1502 }
1503 tmp_objdir = NULL;
1504
1505 check_aliased_updates(commands);
1506
1507 free(head_name_to_free);
1508 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1509
1510 if (use_atomic)
1511 execute_commands_atomic(commands, si);
1512 else
1513 execute_commands_non_atomic(commands, si);
1514
1515 if (shallow_update)
1516 warn_if_skipped_connectivity_check(commands, si);
1517}
1518
1519static struct command **queue_command(struct command **tail,
1520 const char *line,
1521 int linelen)
1522{
1523 struct object_id old_oid, new_oid;
1524 struct command *cmd;
1525 const char *refname;
1526 int reflen;
1527 const char *p;
1528
1529 if (parse_oid_hex(line, &old_oid, &p) ||
1530 *p++ != ' ' ||
1531 parse_oid_hex(p, &new_oid, &p) ||
1532 *p++ != ' ')
1533 die("protocol error: expected old/new/ref, got '%s'", line);
1534
1535 refname = p;
1536 reflen = linelen - (p - line);
1537 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1538 oidcpy(&cmd->old_oid, &old_oid);
1539 oidcpy(&cmd->new_oid, &new_oid);
1540 *tail = cmd;
1541 return &cmd->next;
1542}
1543
1544static void queue_commands_from_cert(struct command **tail,
1545 struct strbuf *push_cert)
1546{
1547 const char *boc, *eoc;
1548
1549 if (*tail)
1550 die("protocol error: got both push certificate and unsigned commands");
1551
1552 boc = strstr(push_cert->buf, "\n\n");
1553 if (!boc)
1554 die("malformed push certificate %.*s", 100, push_cert->buf);
1555 else
1556 boc += 2;
1557 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1558
1559 while (boc < eoc) {
1560 const char *eol = memchr(boc, '\n', eoc - boc);
1561 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1562 boc = eol ? eol + 1 : eoc;
1563 }
1564}
1565
1566static struct command *read_head_info(struct oid_array *shallow)
1567{
1568 struct command *commands = NULL;
1569 struct command **p = &commands;
1570 for (;;) {
1571 char *line;
1572 int len, linelen;
1573
1574 line = packet_read_line(0, &len);
1575 if (!line)
1576 break;
1577
1578 if (len > 8 && starts_with(line, "shallow ")) {
1579 struct object_id oid;
1580 if (get_oid_hex(line + 8, &oid))
1581 die("protocol error: expected shallow sha, got '%s'",
1582 line + 8);
1583 oid_array_append(shallow, &oid);
1584 continue;
1585 }
1586
1587 linelen = strlen(line);
1588 if (linelen < len) {
1589 const char *feature_list = line + linelen + 1;
1590 if (parse_feature_request(feature_list, "report-status"))
1591 report_status = 1;
1592 if (parse_feature_request(feature_list, "side-band-64k"))
1593 use_sideband = LARGE_PACKET_MAX;
1594 if (parse_feature_request(feature_list, "quiet"))
1595 quiet = 1;
1596 if (advertise_atomic_push
1597 && parse_feature_request(feature_list, "atomic"))
1598 use_atomic = 1;
1599 if (advertise_push_options
1600 && parse_feature_request(feature_list, "push-options"))
1601 use_push_options = 1;
1602 }
1603
1604 if (!strcmp(line, "push-cert")) {
1605 int true_flush = 0;
1606 char certbuf[1024];
1607
1608 for (;;) {
1609 len = packet_read(0, NULL, NULL,
1610 certbuf, sizeof(certbuf), 0);
1611 if (!len) {
1612 true_flush = 1;
1613 break;
1614 }
1615 if (!strcmp(certbuf, "push-cert-end\n"))
1616 break; /* end of cert */
1617 strbuf_addstr(&push_cert, certbuf);
1618 }
1619
1620 if (true_flush)
1621 break;
1622 continue;
1623 }
1624
1625 p = queue_command(p, line, linelen);
1626 }
1627
1628 if (push_cert.len)
1629 queue_commands_from_cert(p, &push_cert);
1630
1631 return commands;
1632}
1633
1634static void read_push_options(struct string_list *options)
1635{
1636 while (1) {
1637 char *line;
1638 int len;
1639
1640 line = packet_read_line(0, &len);
1641
1642 if (!line)
1643 break;
1644
1645 string_list_append(options, line);
1646 }
1647}
1648
1649static const char *parse_pack_header(struct pack_header *hdr)
1650{
1651 switch (read_pack_header(0, hdr)) {
1652 case PH_ERROR_EOF:
1653 return "eof before pack header was fully read";
1654
1655 case PH_ERROR_PACK_SIGNATURE:
1656 return "protocol error (pack signature mismatch detected)";
1657
1658 case PH_ERROR_PROTOCOL:
1659 return "protocol error (pack version unsupported)";
1660
1661 default:
1662 return "unknown error in parse_pack_header";
1663
1664 case 0:
1665 return NULL;
1666 }
1667}
1668
1669static const char *pack_lockfile;
1670
1671static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1672{
1673 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1674 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1675}
1676
1677static const char *unpack(int err_fd, struct shallow_info *si)
1678{
1679 struct pack_header hdr;
1680 const char *hdr_err;
1681 int status;
1682 struct child_process child = CHILD_PROCESS_INIT;
1683 int fsck_objects = (receive_fsck_objects >= 0
1684 ? receive_fsck_objects
1685 : transfer_fsck_objects >= 0
1686 ? transfer_fsck_objects
1687 : 0);
1688
1689 hdr_err = parse_pack_header(&hdr);
1690 if (hdr_err) {
1691 if (err_fd > 0)
1692 close(err_fd);
1693 return hdr_err;
1694 }
1695
1696 if (si->nr_ours || si->nr_theirs) {
1697 alt_shallow_file = setup_temporary_shallow(si->shallow);
1698 argv_array_push(&child.args, "--shallow-file");
1699 argv_array_push(&child.args, alt_shallow_file);
1700 }
1701
1702 tmp_objdir = tmp_objdir_create();
1703 if (!tmp_objdir) {
1704 if (err_fd > 0)
1705 close(err_fd);
1706 return "unable to create temporary object directory";
1707 }
1708 child.env = tmp_objdir_env(tmp_objdir);
1709
1710 /*
1711 * Normally we just pass the tmp_objdir environment to the child
1712 * processes that do the heavy lifting, but we may need to see these
1713 * objects ourselves to set up shallow information.
1714 */
1715 tmp_objdir_add_as_alternate(tmp_objdir);
1716
1717 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1718 argv_array_push(&child.args, "unpack-objects");
1719 push_header_arg(&child.args, &hdr);
1720 if (quiet)
1721 argv_array_push(&child.args, "-q");
1722 if (fsck_objects)
1723 argv_array_pushf(&child.args, "--strict%s",
1724 fsck_msg_types.buf);
1725 if (max_input_size)
1726 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1727 (uintmax_t)max_input_size);
1728 child.no_stdout = 1;
1729 child.err = err_fd;
1730 child.git_cmd = 1;
1731 status = run_command(&child);
1732 if (status)
1733 return "unpack-objects abnormal exit";
1734 } else {
1735 char hostname[HOST_NAME_MAX + 1];
1736
1737 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1738 push_header_arg(&child.args, &hdr);
1739
1740 if (xgethostname(hostname, sizeof(hostname)))
1741 xsnprintf(hostname, sizeof(hostname), "localhost");
1742 argv_array_pushf(&child.args,
1743 "--keep=receive-pack %"PRIuMAX" on %s",
1744 (uintmax_t)getpid(),
1745 hostname);
1746
1747 if (!quiet && err_fd)
1748 argv_array_push(&child.args, "--show-resolving-progress");
1749 if (use_sideband)
1750 argv_array_push(&child.args, "--report-end-of-input");
1751 if (fsck_objects)
1752 argv_array_pushf(&child.args, "--strict%s",
1753 fsck_msg_types.buf);
1754 if (!reject_thin)
1755 argv_array_push(&child.args, "--fix-thin");
1756 if (max_input_size)
1757 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1758 (uintmax_t)max_input_size);
1759 child.out = -1;
1760 child.err = err_fd;
1761 child.git_cmd = 1;
1762 status = start_command(&child);
1763 if (status)
1764 return "index-pack fork failed";
1765 pack_lockfile = index_pack_lockfile(child.out);
1766 close(child.out);
1767 status = finish_command(&child);
1768 if (status)
1769 return "index-pack abnormal exit";
1770 reprepare_packed_git(the_repository);
1771 }
1772 return NULL;
1773}
1774
1775static const char *unpack_with_sideband(struct shallow_info *si)
1776{
1777 struct async muxer;
1778 const char *ret;
1779
1780 if (!use_sideband)
1781 return unpack(0, si);
1782
1783 use_keepalive = KEEPALIVE_AFTER_NUL;
1784 memset(&muxer, 0, sizeof(muxer));
1785 muxer.proc = copy_to_sideband;
1786 muxer.in = -1;
1787 if (start_async(&muxer))
1788 return NULL;
1789
1790 ret = unpack(muxer.in, si);
1791
1792 finish_async(&muxer);
1793 return ret;
1794}
1795
1796static void prepare_shallow_update(struct command *commands,
1797 struct shallow_info *si)
1798{
1799 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1800
1801 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1802 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1803
1804 si->need_reachability_test =
1805 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1806 si->reachable =
1807 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1808 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1809
1810 for (i = 0; i < si->nr_ours; i++)
1811 si->need_reachability_test[si->ours[i]] = 1;
1812
1813 for (i = 0; i < si->shallow->nr; i++) {
1814 if (!si->used_shallow[i])
1815 continue;
1816 for (j = 0; j < bitmap_size; j++) {
1817 if (!si->used_shallow[i][j])
1818 continue;
1819 si->need_reachability_test[i]++;
1820 for (k = 0; k < 32; k++)
1821 if (si->used_shallow[i][j] & (1U << k))
1822 si->shallow_ref[j * 32 + k]++;
1823 }
1824
1825 /*
1826 * true for those associated with some refs and belong
1827 * in "ours" list aka "step 7 not done yet"
1828 */
1829 si->need_reachability_test[i] =
1830 si->need_reachability_test[i] > 1;
1831 }
1832
1833 /*
1834 * keep hooks happy by forcing a temporary shallow file via
1835 * env variable because we can't add --shallow-file to every
1836 * command. check_everything_connected() will be done with
1837 * true .git/shallow though.
1838 */
1839 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1840}
1841
1842static void update_shallow_info(struct command *commands,
1843 struct shallow_info *si,
1844 struct oid_array *ref)
1845{
1846 struct command *cmd;
1847 int *ref_status;
1848 remove_nonexistent_theirs_shallow(si);
1849 if (!si->nr_ours && !si->nr_theirs) {
1850 shallow_update = 0;
1851 return;
1852 }
1853
1854 for (cmd = commands; cmd; cmd = cmd->next) {
1855 if (is_null_oid(&cmd->new_oid))
1856 continue;
1857 oid_array_append(ref, &cmd->new_oid);
1858 cmd->index = ref->nr - 1;
1859 }
1860 si->ref = ref;
1861
1862 if (shallow_update) {
1863 prepare_shallow_update(commands, si);
1864 return;
1865 }
1866
1867 ALLOC_ARRAY(ref_status, ref->nr);
1868 assign_shallow_commits_to_refs(si, NULL, ref_status);
1869 for (cmd = commands; cmd; cmd = cmd->next) {
1870 if (is_null_oid(&cmd->new_oid))
1871 continue;
1872 if (ref_status[cmd->index]) {
1873 cmd->error_string = "shallow update not allowed";
1874 cmd->skip_update = 1;
1875 }
1876 }
1877 free(ref_status);
1878}
1879
1880static void report(struct command *commands, const char *unpack_status)
1881{
1882 struct command *cmd;
1883 struct strbuf buf = STRBUF_INIT;
1884
1885 packet_buf_write(&buf, "unpack %s\n",
1886 unpack_status ? unpack_status : "ok");
1887 for (cmd = commands; cmd; cmd = cmd->next) {
1888 if (!cmd->error_string)
1889 packet_buf_write(&buf, "ok %s\n",
1890 cmd->ref_name);
1891 else
1892 packet_buf_write(&buf, "ng %s %s\n",
1893 cmd->ref_name, cmd->error_string);
1894 }
1895 packet_buf_flush(&buf);
1896
1897 if (use_sideband)
1898 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1899 else
1900 write_or_die(1, buf.buf, buf.len);
1901 strbuf_release(&buf);
1902}
1903
1904static int delete_only(struct command *commands)
1905{
1906 struct command *cmd;
1907 for (cmd = commands; cmd; cmd = cmd->next) {
1908 if (!is_null_oid(&cmd->new_oid))
1909 return 0;
1910 }
1911 return 1;
1912}
1913
1914int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1915{
1916 int advertise_refs = 0;
1917 struct command *commands;
1918 struct oid_array shallow = OID_ARRAY_INIT;
1919 struct oid_array ref = OID_ARRAY_INIT;
1920 struct shallow_info si;
1921
1922 struct option options[] = {
1923 OPT__QUIET(&quiet, N_("quiet")),
1924 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1925 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1926 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1927 OPT_END()
1928 };
1929
1930 packet_trace_identity("receive-pack");
1931
1932 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1933
1934 if (argc > 1)
1935 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1936 if (argc == 0)
1937 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1938
1939 service_dir = argv[0];
1940
1941 setup_path();
1942
1943 if (!enter_repo(service_dir, 0))
1944 die("'%s' does not appear to be a git repository", service_dir);
1945
1946 git_config(receive_pack_config, NULL);
1947 if (cert_nonce_seed)
1948 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1949
1950 if (0 <= transfer_unpack_limit)
1951 unpack_limit = transfer_unpack_limit;
1952 else if (0 <= receive_unpack_limit)
1953 unpack_limit = receive_unpack_limit;
1954
1955 switch (determine_protocol_version_server()) {
1956 case protocol_v2:
1957 /*
1958 * push support for protocol v2 has not been implemented yet,
1959 * so ignore the request to use v2 and fallback to using v0.
1960 */
1961 break;
1962 case protocol_v1:
1963 /*
1964 * v1 is just the original protocol with a version string,
1965 * so just fall through after writing the version string.
1966 */
1967 if (advertise_refs || !stateless_rpc)
1968 packet_write_fmt(1, "version 1\n");
1969
1970 /* fallthrough */
1971 case protocol_v0:
1972 break;
1973 case protocol_unknown_version:
1974 BUG("unknown protocol version");
1975 }
1976
1977 if (advertise_refs || !stateless_rpc) {
1978 write_head_info();
1979 }
1980 if (advertise_refs)
1981 return 0;
1982
1983 if ((commands = read_head_info(&shallow)) != NULL) {
1984 const char *unpack_status = NULL;
1985 struct string_list push_options = STRING_LIST_INIT_DUP;
1986
1987 if (use_push_options)
1988 read_push_options(&push_options);
1989 if (!check_cert_push_options(&push_options)) {
1990 struct command *cmd;
1991 for (cmd = commands; cmd; cmd = cmd->next)
1992 cmd->error_string = "inconsistent push options";
1993 }
1994
1995 prepare_shallow_info(&si, &shallow);
1996 if (!si.nr_ours && !si.nr_theirs)
1997 shallow_update = 0;
1998 if (!delete_only(commands)) {
1999 unpack_status = unpack_with_sideband(&si);
2000 update_shallow_info(commands, &si, &ref);
2001 }
2002 use_keepalive = KEEPALIVE_ALWAYS;
2003 execute_commands(commands, unpack_status, &si,
2004 &push_options);
2005 if (pack_lockfile)
2006 unlink_or_warn(pack_lockfile);
2007 if (report_status)
2008 report(commands, unpack_status);
2009 run_receive_hook(commands, "post-receive", 1,
2010 &push_options);
2011 run_update_post_hook(commands);
2012 string_list_clear(&push_options, 0);
2013 if (auto_gc) {
2014 const char *argv_gc_auto[] = {
2015 "gc", "--auto", "--quiet", NULL,
2016 };
2017 struct child_process proc = CHILD_PROCESS_INIT;
2018
2019 proc.no_stdin = 1;
2020 proc.stdout_to_stderr = 1;
2021 proc.err = use_sideband ? -1 : 0;
2022 proc.git_cmd = 1;
2023 proc.argv = argv_gc_auto;
2024
2025 close_all_packs(the_repository->objects);
2026 if (!start_command(&proc)) {
2027 if (use_sideband)
2028 copy_to_sideband(proc.err, -1, NULL);
2029 finish_command(&proc);
2030 }
2031 }
2032 if (auto_update_server_info)
2033 update_server_info(0);
2034 clear_shallow_info(&si);
2035 }
2036 if (use_sideband)
2037 packet_flush(1);
2038 oid_array_clear(&shallow);
2039 oid_array_clear(&ref);
2040 free((void *)push_cert_nonce);
2041 return 0;
2042}