1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "string-list.h"
16#include "sha1-array.h"
17#include "connected.h"
18#include "argv-array.h"
19#include "version.h"
20#include "tag.h"
21#include "gpg-interface.h"
22#include "sigchain.h"
23#include "fsck.h"
24#include "tmp-objdir.h"
25#include "oidset.h"
26#include "packfile.h"
27#include "object-store.h"
28#include "protocol.h"
29#include "commit-reach.h"
30
31static const char * const receive_pack_usage[] = {
32 N_("git receive-pack <git-dir>"),
33 NULL
34};
35
36enum deny_action {
37 DENY_UNCONFIGURED,
38 DENY_IGNORE,
39 DENY_WARN,
40 DENY_REFUSE,
41 DENY_UPDATE_INSTEAD
42};
43
44static int deny_deletes;
45static int deny_non_fast_forwards;
46static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
47static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
48static int receive_fsck_objects = -1;
49static int transfer_fsck_objects = -1;
50static struct strbuf fsck_msg_types = STRBUF_INIT;
51static int receive_unpack_limit = -1;
52static int transfer_unpack_limit = -1;
53static int advertise_atomic_push = 1;
54static int advertise_push_options;
55static int unpack_limit = 100;
56static off_t max_input_size;
57static int report_status;
58static int use_sideband;
59static int use_atomic;
60static int use_push_options;
61static int quiet;
62static int prefer_ofs_delta = 1;
63static int auto_update_server_info;
64static int auto_gc = 1;
65static int reject_thin;
66static int stateless_rpc;
67static const char *service_dir;
68static const char *head_name;
69static void *head_name_to_free;
70static int sent_capabilities;
71static int shallow_update;
72static const char *alt_shallow_file;
73static struct strbuf push_cert = STRBUF_INIT;
74static struct object_id push_cert_oid;
75static struct signature_check sigcheck;
76static const char *push_cert_nonce;
77static const char *cert_nonce_seed;
78
79static const char *NONCE_UNSOLICITED = "UNSOLICITED";
80static const char *NONCE_BAD = "BAD";
81static const char *NONCE_MISSING = "MISSING";
82static const char *NONCE_OK = "OK";
83static const char *NONCE_SLOP = "SLOP";
84static const char *nonce_status;
85static long nonce_stamp_slop;
86static timestamp_t nonce_stamp_slop_limit;
87static struct ref_transaction *transaction;
88
89static enum {
90 KEEPALIVE_NEVER = 0,
91 KEEPALIVE_AFTER_NUL,
92 KEEPALIVE_ALWAYS
93} use_keepalive;
94static int keepalive_in_sec = 5;
95
96static struct tmp_objdir *tmp_objdir;
97
98static enum deny_action parse_deny_action(const char *var, const char *value)
99{
100 if (value) {
101 if (!strcasecmp(value, "ignore"))
102 return DENY_IGNORE;
103 if (!strcasecmp(value, "warn"))
104 return DENY_WARN;
105 if (!strcasecmp(value, "refuse"))
106 return DENY_REFUSE;
107 if (!strcasecmp(value, "updateinstead"))
108 return DENY_UPDATE_INSTEAD;
109 }
110 if (git_config_bool(var, value))
111 return DENY_REFUSE;
112 return DENY_IGNORE;
113}
114
115static int receive_pack_config(const char *var, const char *value, void *cb)
116{
117 int status = parse_hide_refs_config(var, value, "receive");
118
119 if (status)
120 return status;
121
122 if (strcmp(var, "receive.denydeletes") == 0) {
123 deny_deletes = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.denynonfastforwards") == 0) {
128 deny_non_fast_forwards = git_config_bool(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "receive.unpacklimit") == 0) {
133 receive_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "transfer.unpacklimit") == 0) {
138 transfer_unpack_limit = git_config_int(var, value);
139 return 0;
140 }
141
142 if (strcmp(var, "receive.fsck.skiplist") == 0) {
143 const char *path;
144
145 if (git_config_pathname(&path, var, value))
146 return 1;
147 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
148 fsck_msg_types.len ? ',' : '=', path);
149 free((char *)path);
150 return 0;
151 }
152
153 if (skip_prefix(var, "receive.fsck.", &var)) {
154 if (is_valid_msg_type(var, value))
155 strbuf_addf(&fsck_msg_types, "%c%s=%s",
156 fsck_msg_types.len ? ',' : '=', var, value);
157 else
158 warning("Skipping unknown msg id '%s'", var);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsckobjects") == 0) {
163 receive_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (strcmp(var, "transfer.fsckobjects") == 0) {
168 transfer_fsck_objects = git_config_bool(var, value);
169 return 0;
170 }
171
172 if (!strcmp(var, "receive.denycurrentbranch")) {
173 deny_current_branch = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "receive.denydeletecurrent") == 0) {
178 deny_delete_current = parse_deny_action(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
183 prefer_ofs_delta = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.updateserverinfo") == 0) {
188 auto_update_server_info = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.autogc") == 0) {
193 auto_gc = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.shallowupdate") == 0) {
198 shallow_update = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "receive.certnonceseed") == 0)
203 return git_config_string(&cert_nonce_seed, var, value);
204
205 if (strcmp(var, "receive.certnonceslop") == 0) {
206 nonce_stamp_slop_limit = git_config_ulong(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertiseatomic") == 0) {
211 advertise_atomic_push = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.advertisepushoptions") == 0) {
216 advertise_push_options = git_config_bool(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.keepalive") == 0) {
221 keepalive_in_sec = git_config_int(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.maxinputsize") == 0) {
226 max_input_size = git_config_int64(var, value);
227 return 0;
228 }
229
230 return git_default_config(var, value, cb);
231}
232
233static void show_ref(const char *path, const struct object_id *oid)
234{
235 if (sent_capabilities) {
236 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
237 } else {
238 struct strbuf cap = STRBUF_INIT;
239
240 strbuf_addstr(&cap,
241 "report-status delete-refs side-band-64k quiet");
242 if (advertise_atomic_push)
243 strbuf_addstr(&cap, " atomic");
244 if (prefer_ofs_delta)
245 strbuf_addstr(&cap, " ofs-delta");
246 if (push_cert_nonce)
247 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
248 if (advertise_push_options)
249 strbuf_addstr(&cap, " push-options");
250 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
251 packet_write_fmt(1, "%s %s%c%s\n",
252 oid_to_hex(oid), path, 0, cap.buf);
253 strbuf_release(&cap);
254 sent_capabilities = 1;
255 }
256}
257
258static int show_ref_cb(const char *path_full, const struct object_id *oid,
259 int flag, void *data)
260{
261 struct oidset *seen = data;
262 const char *path = strip_namespace(path_full);
263
264 if (ref_is_hidden(path, path_full))
265 return 0;
266
267 /*
268 * Advertise refs outside our current namespace as ".have"
269 * refs, so that the client can use them to minimize data
270 * transfer but will otherwise ignore them.
271 */
272 if (!path) {
273 if (oidset_insert(seen, oid))
274 return 0;
275 path = ".have";
276 } else {
277 oidset_insert(seen, oid);
278 }
279 show_ref(path, oid);
280 return 0;
281}
282
283static void show_one_alternate_ref(const struct object_id *oid,
284 void *data)
285{
286 struct oidset *seen = data;
287
288 if (oidset_insert(seen, oid))
289 return;
290
291 show_ref(".have", oid);
292}
293
294static void write_head_info(void)
295{
296 static struct oidset seen = OIDSET_INIT;
297
298 for_each_ref(show_ref_cb, &seen);
299 for_each_alternate_ref(show_one_alternate_ref, &seen);
300 oidset_clear(&seen);
301 if (!sent_capabilities)
302 show_ref("capabilities^{}", &null_oid);
303
304 advertise_shallow_grafts(1);
305
306 /* EOF */
307 packet_flush(1);
308}
309
310struct command {
311 struct command *next;
312 const char *error_string;
313 unsigned int skip_update:1,
314 did_not_exist:1;
315 int index;
316 struct object_id old_oid;
317 struct object_id new_oid;
318 char ref_name[FLEX_ARRAY]; /* more */
319};
320
321static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
322static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
323
324static void report_message(const char *prefix, const char *err, va_list params)
325{
326 int sz;
327 char msg[4096];
328
329 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
330 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
331 if (sz > (sizeof(msg) - 1))
332 sz = sizeof(msg) - 1;
333 msg[sz++] = '\n';
334
335 if (use_sideband)
336 send_sideband(1, 2, msg, sz, use_sideband);
337 else
338 xwrite(2, msg, sz);
339}
340
341static void rp_warning(const char *err, ...)
342{
343 va_list params;
344 va_start(params, err);
345 report_message("warning: ", err, params);
346 va_end(params);
347}
348
349static void rp_error(const char *err, ...)
350{
351 va_list params;
352 va_start(params, err);
353 report_message("error: ", err, params);
354 va_end(params);
355}
356
357static int copy_to_sideband(int in, int out, void *arg)
358{
359 char data[128];
360 int keepalive_active = 0;
361
362 if (keepalive_in_sec <= 0)
363 use_keepalive = KEEPALIVE_NEVER;
364 if (use_keepalive == KEEPALIVE_ALWAYS)
365 keepalive_active = 1;
366
367 while (1) {
368 ssize_t sz;
369
370 if (keepalive_active) {
371 struct pollfd pfd;
372 int ret;
373
374 pfd.fd = in;
375 pfd.events = POLLIN;
376 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
377
378 if (ret < 0) {
379 if (errno == EINTR)
380 continue;
381 else
382 break;
383 } else if (ret == 0) {
384 /* no data; send a keepalive packet */
385 static const char buf[] = "0005\1";
386 write_or_die(1, buf, sizeof(buf) - 1);
387 continue;
388 } /* else there is actual data to read */
389 }
390
391 sz = xread(in, data, sizeof(data));
392 if (sz <= 0)
393 break;
394
395 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
396 const char *p = memchr(data, '\0', sz);
397 if (p) {
398 /*
399 * The NUL tells us to start sending keepalives. Make
400 * sure we send any other data we read along
401 * with it.
402 */
403 keepalive_active = 1;
404 send_sideband(1, 2, data, p - data, use_sideband);
405 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
406 continue;
407 }
408 }
409
410 /*
411 * Either we're not looking for a NUL signal, or we didn't see
412 * it yet; just pass along the data.
413 */
414 send_sideband(1, 2, data, sz, use_sideband);
415 }
416 close(in);
417 return 0;
418}
419
420#define HMAC_BLOCK_SIZE 64
421
422static void hmac_sha1(unsigned char *out,
423 const char *key_in, size_t key_len,
424 const char *text, size_t text_len)
425{
426 unsigned char key[HMAC_BLOCK_SIZE];
427 unsigned char k_ipad[HMAC_BLOCK_SIZE];
428 unsigned char k_opad[HMAC_BLOCK_SIZE];
429 int i;
430 git_SHA_CTX ctx;
431
432 /* RFC 2104 2. (1) */
433 memset(key, '\0', HMAC_BLOCK_SIZE);
434 if (HMAC_BLOCK_SIZE < key_len) {
435 git_SHA1_Init(&ctx);
436 git_SHA1_Update(&ctx, key_in, key_len);
437 git_SHA1_Final(key, &ctx);
438 } else {
439 memcpy(key, key_in, key_len);
440 }
441
442 /* RFC 2104 2. (2) & (5) */
443 for (i = 0; i < sizeof(key); i++) {
444 k_ipad[i] = key[i] ^ 0x36;
445 k_opad[i] = key[i] ^ 0x5c;
446 }
447
448 /* RFC 2104 2. (3) & (4) */
449 git_SHA1_Init(&ctx);
450 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
451 git_SHA1_Update(&ctx, text, text_len);
452 git_SHA1_Final(out, &ctx);
453
454 /* RFC 2104 2. (6) & (7) */
455 git_SHA1_Init(&ctx);
456 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
457 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
458 git_SHA1_Final(out, &ctx);
459}
460
461static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462{
463 struct strbuf buf = STRBUF_INIT;
464 unsigned char sha1[GIT_SHA1_RAWSZ];
465
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
468 strbuf_release(&buf);
469
470 /* RFC 2104 5. HMAC-SHA1-80 */
471 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
472 return strbuf_detach(&buf, NULL);
473}
474
475/*
476 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
477 * after dropping "_commit" from its name and possibly moving it out
478 * of commit.c
479 */
480static char *find_header(const char *msg, size_t len, const char *key,
481 const char **next_line)
482{
483 int key_len = strlen(key);
484 const char *line = msg;
485
486 while (line && line < msg + len) {
487 const char *eol = strchrnul(line, '\n');
488
489 if ((msg + len <= eol) || line == eol)
490 return NULL;
491 if (line + key_len < eol &&
492 !memcmp(line, key, key_len) && line[key_len] == ' ') {
493 int offset = key_len + 1;
494 if (next_line)
495 *next_line = *eol ? eol + 1 : eol;
496 return xmemdupz(line + offset, (eol - line) - offset);
497 }
498 line = *eol ? eol + 1 : NULL;
499 }
500 return NULL;
501}
502
503static const char *check_nonce(const char *buf, size_t len)
504{
505 char *nonce = find_header(buf, len, "nonce", NULL);
506 timestamp_t stamp, ostamp;
507 char *bohmac, *expect = NULL;
508 const char *retval = NONCE_BAD;
509
510 if (!nonce) {
511 retval = NONCE_MISSING;
512 goto leave;
513 } else if (!push_cert_nonce) {
514 retval = NONCE_UNSOLICITED;
515 goto leave;
516 } else if (!strcmp(push_cert_nonce, nonce)) {
517 retval = NONCE_OK;
518 goto leave;
519 }
520
521 if (!stateless_rpc) {
522 /* returned nonce MUST match what we gave out earlier */
523 retval = NONCE_BAD;
524 goto leave;
525 }
526
527 /*
528 * In stateless mode, we may be receiving a nonce issued by
529 * another instance of the server that serving the same
530 * repository, and the timestamps may not match, but the
531 * nonce-seed and dir should match, so we can recompute and
532 * report the time slop.
533 *
534 * In addition, when a nonce issued by another instance has
535 * timestamp within receive.certnonceslop seconds, we pretend
536 * as if we issued that nonce when reporting to the hook.
537 */
538
539 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
540 if (*nonce <= '0' || '9' < *nonce) {
541 retval = NONCE_BAD;
542 goto leave;
543 }
544 stamp = parse_timestamp(nonce, &bohmac, 10);
545 if (bohmac == nonce || bohmac[0] != '-') {
546 retval = NONCE_BAD;
547 goto leave;
548 }
549
550 expect = prepare_push_cert_nonce(service_dir, stamp);
551 if (strcmp(expect, nonce)) {
552 /* Not what we would have signed earlier */
553 retval = NONCE_BAD;
554 goto leave;
555 }
556
557 /*
558 * By how many seconds is this nonce stale? Negative value
559 * would mean it was issued by another server with its clock
560 * skewed in the future.
561 */
562 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
563 nonce_stamp_slop = (long)ostamp - (long)stamp;
564
565 if (nonce_stamp_slop_limit &&
566 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
567 /*
568 * Pretend as if the received nonce (which passes the
569 * HMAC check, so it is not a forged by third-party)
570 * is what we issued.
571 */
572 free((void *)push_cert_nonce);
573 push_cert_nonce = xstrdup(nonce);
574 retval = NONCE_OK;
575 } else {
576 retval = NONCE_SLOP;
577 }
578
579leave:
580 free(nonce);
581 free(expect);
582 return retval;
583}
584
585/*
586 * Return 1 if there is no push_cert or if the push options in push_cert are
587 * the same as those in the argument; 0 otherwise.
588 */
589static int check_cert_push_options(const struct string_list *push_options)
590{
591 const char *buf = push_cert.buf;
592 int len = push_cert.len;
593
594 char *option;
595 const char *next_line;
596 int options_seen = 0;
597
598 int retval = 1;
599
600 if (!len)
601 return 1;
602
603 while ((option = find_header(buf, len, "push-option", &next_line))) {
604 len -= (next_line - buf);
605 buf = next_line;
606 options_seen++;
607 if (options_seen > push_options->nr
608 || strcmp(option,
609 push_options->items[options_seen - 1].string)) {
610 retval = 0;
611 goto leave;
612 }
613 free(option);
614 }
615
616 if (options_seen != push_options->nr)
617 retval = 0;
618
619leave:
620 free(option);
621 return retval;
622}
623
624static void prepare_push_cert_sha1(struct child_process *proc)
625{
626 static int already_done;
627
628 if (!push_cert.len)
629 return;
630
631 if (!already_done) {
632 int bogs /* beginning_of_gpg_sig */;
633
634 already_done = 1;
635 if (write_object_file(push_cert.buf, push_cert.len, "blob",
636 &push_cert_oid))
637 oidclr(&push_cert_oid);
638
639 memset(&sigcheck, '\0', sizeof(sigcheck));
640
641 bogs = parse_signature(push_cert.buf, push_cert.len);
642 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
643 push_cert.len - bogs, &sigcheck);
644
645 nonce_status = check_nonce(push_cert.buf, bogs);
646 }
647 if (!is_null_oid(&push_cert_oid)) {
648 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
649 oid_to_hex(&push_cert_oid));
650 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
651 sigcheck.signer ? sigcheck.signer : "");
652 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
653 sigcheck.key ? sigcheck.key : "");
654 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
655 sigcheck.result);
656 if (push_cert_nonce) {
657 argv_array_pushf(&proc->env_array,
658 "GIT_PUSH_CERT_NONCE=%s",
659 push_cert_nonce);
660 argv_array_pushf(&proc->env_array,
661 "GIT_PUSH_CERT_NONCE_STATUS=%s",
662 nonce_status);
663 if (nonce_status == NONCE_SLOP)
664 argv_array_pushf(&proc->env_array,
665 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
666 nonce_stamp_slop);
667 }
668 }
669}
670
671struct receive_hook_feed_state {
672 struct command *cmd;
673 int skip_broken;
674 struct strbuf buf;
675 const struct string_list *push_options;
676};
677
678typedef int (*feed_fn)(void *, const char **, size_t *);
679static int run_and_feed_hook(const char *hook_name, feed_fn feed,
680 struct receive_hook_feed_state *feed_state)
681{
682 struct child_process proc = CHILD_PROCESS_INIT;
683 struct async muxer;
684 const char *argv[2];
685 int code;
686
687 argv[0] = find_hook(hook_name);
688 if (!argv[0])
689 return 0;
690
691 argv[1] = NULL;
692
693 proc.argv = argv;
694 proc.in = -1;
695 proc.stdout_to_stderr = 1;
696 proc.trace2_hook_name = hook_name;
697
698 if (feed_state->push_options) {
699 int i;
700 for (i = 0; i < feed_state->push_options->nr; i++)
701 argv_array_pushf(&proc.env_array,
702 "GIT_PUSH_OPTION_%d=%s", i,
703 feed_state->push_options->items[i].string);
704 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
705 feed_state->push_options->nr);
706 } else
707 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
708
709 if (tmp_objdir)
710 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
711
712 if (use_sideband) {
713 memset(&muxer, 0, sizeof(muxer));
714 muxer.proc = copy_to_sideband;
715 muxer.in = -1;
716 code = start_async(&muxer);
717 if (code)
718 return code;
719 proc.err = muxer.in;
720 }
721
722 prepare_push_cert_sha1(&proc);
723
724 code = start_command(&proc);
725 if (code) {
726 if (use_sideband)
727 finish_async(&muxer);
728 return code;
729 }
730
731 sigchain_push(SIGPIPE, SIG_IGN);
732
733 while (1) {
734 const char *buf;
735 size_t n;
736 if (feed(feed_state, &buf, &n))
737 break;
738 if (write_in_full(proc.in, buf, n) < 0)
739 break;
740 }
741 close(proc.in);
742 if (use_sideband)
743 finish_async(&muxer);
744
745 sigchain_pop(SIGPIPE);
746
747 return finish_command(&proc);
748}
749
750static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
751{
752 struct receive_hook_feed_state *state = state_;
753 struct command *cmd = state->cmd;
754
755 while (cmd &&
756 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
757 cmd = cmd->next;
758 if (!cmd)
759 return -1; /* EOF */
760 strbuf_reset(&state->buf);
761 strbuf_addf(&state->buf, "%s %s %s\n",
762 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
763 cmd->ref_name);
764 state->cmd = cmd->next;
765 if (bufp) {
766 *bufp = state->buf.buf;
767 *sizep = state->buf.len;
768 }
769 return 0;
770}
771
772static int run_receive_hook(struct command *commands,
773 const char *hook_name,
774 int skip_broken,
775 const struct string_list *push_options)
776{
777 struct receive_hook_feed_state state;
778 int status;
779
780 strbuf_init(&state.buf, 0);
781 state.cmd = commands;
782 state.skip_broken = skip_broken;
783 if (feed_receive_hook(&state, NULL, NULL))
784 return 0;
785 state.cmd = commands;
786 state.push_options = push_options;
787 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
788 strbuf_release(&state.buf);
789 return status;
790}
791
792static int run_update_hook(struct command *cmd)
793{
794 const char *argv[5];
795 struct child_process proc = CHILD_PROCESS_INIT;
796 int code;
797
798 argv[0] = find_hook("update");
799 if (!argv[0])
800 return 0;
801
802 argv[1] = cmd->ref_name;
803 argv[2] = oid_to_hex(&cmd->old_oid);
804 argv[3] = oid_to_hex(&cmd->new_oid);
805 argv[4] = NULL;
806
807 proc.no_stdin = 1;
808 proc.stdout_to_stderr = 1;
809 proc.err = use_sideband ? -1 : 0;
810 proc.argv = argv;
811 proc.trace2_hook_name = "update";
812
813 code = start_command(&proc);
814 if (code)
815 return code;
816 if (use_sideband)
817 copy_to_sideband(proc.err, -1, NULL);
818 return finish_command(&proc);
819}
820
821static int is_ref_checked_out(const char *ref)
822{
823 if (is_bare_repository())
824 return 0;
825
826 if (!head_name)
827 return 0;
828 return !strcmp(head_name, ref);
829}
830
831static char *refuse_unconfigured_deny_msg =
832 N_("By default, updating the current branch in a non-bare repository\n"
833 "is denied, because it will make the index and work tree inconsistent\n"
834 "with what you pushed, and will require 'git reset --hard' to match\n"
835 "the work tree to HEAD.\n"
836 "\n"
837 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
838 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
839 "its current branch; however, this is not recommended unless you\n"
840 "arranged to update its work tree to match what you pushed in some\n"
841 "other way.\n"
842 "\n"
843 "To squelch this message and still keep the default behaviour, set\n"
844 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
845
846static void refuse_unconfigured_deny(void)
847{
848 rp_error("%s", _(refuse_unconfigured_deny_msg));
849}
850
851static char *refuse_unconfigured_deny_delete_current_msg =
852 N_("By default, deleting the current branch is denied, because the next\n"
853 "'git clone' won't result in any file checked out, causing confusion.\n"
854 "\n"
855 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
856 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
857 "current branch, with or without a warning message.\n"
858 "\n"
859 "To squelch this message, you can set it to 'refuse'.");
860
861static void refuse_unconfigured_deny_delete_current(void)
862{
863 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
864}
865
866static int command_singleton_iterator(void *cb_data, struct object_id *oid);
867static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
868{
869 struct lock_file shallow_lock = LOCK_INIT;
870 struct oid_array extra = OID_ARRAY_INIT;
871 struct check_connected_options opt = CHECK_CONNECTED_INIT;
872 uint32_t mask = 1 << (cmd->index % 32);
873 int i;
874
875 trace_printf_key(&trace_shallow,
876 "shallow: update_shallow_ref %s\n", cmd->ref_name);
877 for (i = 0; i < si->shallow->nr; i++)
878 if (si->used_shallow[i] &&
879 (si->used_shallow[i][cmd->index / 32] & mask) &&
880 !delayed_reachability_test(si, i))
881 oid_array_append(&extra, &si->shallow->oid[i]);
882
883 opt.env = tmp_objdir_env(tmp_objdir);
884 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
885 if (check_connected(command_singleton_iterator, cmd, &opt)) {
886 rollback_lock_file(&shallow_lock);
887 oid_array_clear(&extra);
888 return -1;
889 }
890
891 commit_lock_file(&shallow_lock);
892
893 /*
894 * Make sure setup_alternate_shallow() for the next ref does
895 * not lose these new roots..
896 */
897 for (i = 0; i < extra.nr; i++)
898 register_shallow(the_repository, &extra.oid[i]);
899
900 si->shallow_ref[cmd->index] = 0;
901 oid_array_clear(&extra);
902 return 0;
903}
904
905/*
906 * NEEDSWORK: we should consolidate various implementions of "are we
907 * on an unborn branch?" test into one, and make the unified one more
908 * robust. !get_sha1() based check used here and elsewhere would not
909 * allow us to tell an unborn branch from corrupt ref, for example.
910 * For the purpose of fixing "deploy-to-update does not work when
911 * pushing into an empty repository" issue, this should suffice for
912 * now.
913 */
914static int head_has_history(void)
915{
916 struct object_id oid;
917
918 return !get_oid("HEAD", &oid);
919}
920
921static const char *push_to_deploy(unsigned char *sha1,
922 struct argv_array *env,
923 const char *work_tree)
924{
925 const char *update_refresh[] = {
926 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
927 };
928 const char *diff_files[] = {
929 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
930 };
931 const char *diff_index[] = {
932 "diff-index", "--quiet", "--cached", "--ignore-submodules",
933 NULL, "--", NULL
934 };
935 const char *read_tree[] = {
936 "read-tree", "-u", "-m", NULL, NULL
937 };
938 struct child_process child = CHILD_PROCESS_INIT;
939
940 child.argv = update_refresh;
941 child.env = env->argv;
942 child.dir = work_tree;
943 child.no_stdin = 1;
944 child.stdout_to_stderr = 1;
945 child.git_cmd = 1;
946 if (run_command(&child))
947 return "Up-to-date check failed";
948
949 /* run_command() does not clean up completely; reinitialize */
950 child_process_init(&child);
951 child.argv = diff_files;
952 child.env = env->argv;
953 child.dir = work_tree;
954 child.no_stdin = 1;
955 child.stdout_to_stderr = 1;
956 child.git_cmd = 1;
957 if (run_command(&child))
958 return "Working directory has unstaged changes";
959
960 /* diff-index with either HEAD or an empty tree */
961 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
962
963 child_process_init(&child);
964 child.argv = diff_index;
965 child.env = env->argv;
966 child.no_stdin = 1;
967 child.no_stdout = 1;
968 child.stdout_to_stderr = 0;
969 child.git_cmd = 1;
970 if (run_command(&child))
971 return "Working directory has staged changes";
972
973 read_tree[3] = sha1_to_hex(sha1);
974 child_process_init(&child);
975 child.argv = read_tree;
976 child.env = env->argv;
977 child.dir = work_tree;
978 child.no_stdin = 1;
979 child.no_stdout = 1;
980 child.stdout_to_stderr = 0;
981 child.git_cmd = 1;
982 if (run_command(&child))
983 return "Could not update working tree to new HEAD";
984
985 return NULL;
986}
987
988static const char *push_to_checkout_hook = "push-to-checkout";
989
990static const char *push_to_checkout(unsigned char *sha1,
991 struct argv_array *env,
992 const char *work_tree)
993{
994 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
995 if (run_hook_le(env->argv, push_to_checkout_hook,
996 sha1_to_hex(sha1), NULL))
997 return "push-to-checkout hook declined";
998 else
999 return NULL;
1000}
1001
1002static const char *update_worktree(unsigned char *sha1)
1003{
1004 const char *retval;
1005 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1006 struct argv_array env = ARGV_ARRAY_INIT;
1007
1008 if (is_bare_repository())
1009 return "denyCurrentBranch = updateInstead needs a worktree";
1010
1011 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1012
1013 if (!find_hook(push_to_checkout_hook))
1014 retval = push_to_deploy(sha1, &env, work_tree);
1015 else
1016 retval = push_to_checkout(sha1, &env, work_tree);
1017
1018 argv_array_clear(&env);
1019 return retval;
1020}
1021
1022static const char *update(struct command *cmd, struct shallow_info *si)
1023{
1024 const char *name = cmd->ref_name;
1025 struct strbuf namespaced_name_buf = STRBUF_INIT;
1026 static char *namespaced_name;
1027 const char *ret;
1028 struct object_id *old_oid = &cmd->old_oid;
1029 struct object_id *new_oid = &cmd->new_oid;
1030 int do_update_worktree = 0;
1031
1032 /* only refs/... are allowed */
1033 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1034 rp_error("refusing to create funny ref '%s' remotely", name);
1035 return "funny refname";
1036 }
1037
1038 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1039 free(namespaced_name);
1040 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1041
1042 if (is_ref_checked_out(namespaced_name)) {
1043 switch (deny_current_branch) {
1044 case DENY_IGNORE:
1045 break;
1046 case DENY_WARN:
1047 rp_warning("updating the current branch");
1048 break;
1049 case DENY_REFUSE:
1050 case DENY_UNCONFIGURED:
1051 rp_error("refusing to update checked out branch: %s", name);
1052 if (deny_current_branch == DENY_UNCONFIGURED)
1053 refuse_unconfigured_deny();
1054 return "branch is currently checked out";
1055 case DENY_UPDATE_INSTEAD:
1056 /* pass -- let other checks intervene first */
1057 do_update_worktree = 1;
1058 break;
1059 }
1060 }
1061
1062 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1063 error("unpack should have generated %s, "
1064 "but I can't find it!", oid_to_hex(new_oid));
1065 return "bad pack";
1066 }
1067
1068 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1069 if (deny_deletes && starts_with(name, "refs/heads/")) {
1070 rp_error("denying ref deletion for %s", name);
1071 return "deletion prohibited";
1072 }
1073
1074 if (head_name && !strcmp(namespaced_name, head_name)) {
1075 switch (deny_delete_current) {
1076 case DENY_IGNORE:
1077 break;
1078 case DENY_WARN:
1079 rp_warning("deleting the current branch");
1080 break;
1081 case DENY_REFUSE:
1082 case DENY_UNCONFIGURED:
1083 case DENY_UPDATE_INSTEAD:
1084 if (deny_delete_current == DENY_UNCONFIGURED)
1085 refuse_unconfigured_deny_delete_current();
1086 rp_error("refusing to delete the current branch: %s", name);
1087 return "deletion of the current branch prohibited";
1088 default:
1089 return "Invalid denyDeleteCurrent setting";
1090 }
1091 }
1092 }
1093
1094 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1095 !is_null_oid(old_oid) &&
1096 starts_with(name, "refs/heads/")) {
1097 struct object *old_object, *new_object;
1098 struct commit *old_commit, *new_commit;
1099
1100 old_object = parse_object(the_repository, old_oid);
1101 new_object = parse_object(the_repository, new_oid);
1102
1103 if (!old_object || !new_object ||
1104 old_object->type != OBJ_COMMIT ||
1105 new_object->type != OBJ_COMMIT) {
1106 error("bad sha1 objects for %s", name);
1107 return "bad ref";
1108 }
1109 old_commit = (struct commit *)old_object;
1110 new_commit = (struct commit *)new_object;
1111 if (!in_merge_bases(old_commit, new_commit)) {
1112 rp_error("denying non-fast-forward %s"
1113 " (you should pull first)", name);
1114 return "non-fast-forward";
1115 }
1116 }
1117 if (run_update_hook(cmd)) {
1118 rp_error("hook declined to update %s", name);
1119 return "hook declined";
1120 }
1121
1122 if (do_update_worktree) {
1123 ret = update_worktree(new_oid->hash);
1124 if (ret)
1125 return ret;
1126 }
1127
1128 if (is_null_oid(new_oid)) {
1129 struct strbuf err = STRBUF_INIT;
1130 if (!parse_object(the_repository, old_oid)) {
1131 old_oid = NULL;
1132 if (ref_exists(name)) {
1133 rp_warning("Allowing deletion of corrupt ref.");
1134 } else {
1135 rp_warning("Deleting a non-existent ref.");
1136 cmd->did_not_exist = 1;
1137 }
1138 }
1139 if (ref_transaction_delete(transaction,
1140 namespaced_name,
1141 old_oid,
1142 0, "push", &err)) {
1143 rp_error("%s", err.buf);
1144 strbuf_release(&err);
1145 return "failed to delete";
1146 }
1147 strbuf_release(&err);
1148 return NULL; /* good */
1149 }
1150 else {
1151 struct strbuf err = STRBUF_INIT;
1152 if (shallow_update && si->shallow_ref[cmd->index] &&
1153 update_shallow_ref(cmd, si))
1154 return "shallow error";
1155
1156 if (ref_transaction_update(transaction,
1157 namespaced_name,
1158 new_oid, old_oid,
1159 0, "push",
1160 &err)) {
1161 rp_error("%s", err.buf);
1162 strbuf_release(&err);
1163
1164 return "failed to update ref";
1165 }
1166 strbuf_release(&err);
1167
1168 return NULL; /* good */
1169 }
1170}
1171
1172static void run_update_post_hook(struct command *commands)
1173{
1174 struct command *cmd;
1175 struct child_process proc = CHILD_PROCESS_INIT;
1176 const char *hook;
1177
1178 hook = find_hook("post-update");
1179 if (!hook)
1180 return;
1181
1182 for (cmd = commands; cmd; cmd = cmd->next) {
1183 if (cmd->error_string || cmd->did_not_exist)
1184 continue;
1185 if (!proc.args.argc)
1186 argv_array_push(&proc.args, hook);
1187 argv_array_push(&proc.args, cmd->ref_name);
1188 }
1189 if (!proc.args.argc)
1190 return;
1191
1192 proc.no_stdin = 1;
1193 proc.stdout_to_stderr = 1;
1194 proc.err = use_sideband ? -1 : 0;
1195 proc.trace2_hook_name = "post-update";
1196
1197 if (!start_command(&proc)) {
1198 if (use_sideband)
1199 copy_to_sideband(proc.err, -1, NULL);
1200 finish_command(&proc);
1201 }
1202}
1203
1204static void check_aliased_update_internal(struct command *cmd,
1205 struct string_list *list,
1206 const char *dst_name, int flag)
1207{
1208 struct string_list_item *item;
1209 struct command *dst_cmd;
1210
1211 if (!(flag & REF_ISSYMREF))
1212 return;
1213
1214 if (!dst_name) {
1215 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1216 cmd->skip_update = 1;
1217 cmd->error_string = "broken symref";
1218 return;
1219 }
1220 dst_name = strip_namespace(dst_name);
1221
1222 if ((item = string_list_lookup(list, dst_name)) == NULL)
1223 return;
1224
1225 cmd->skip_update = 1;
1226
1227 dst_cmd = (struct command *) item->util;
1228
1229 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1230 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1231 return;
1232
1233 dst_cmd->skip_update = 1;
1234
1235 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1236 " its target '%s' (%s..%s)",
1237 cmd->ref_name,
1238 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1239 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1240 dst_cmd->ref_name,
1241 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1242 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1243
1244 cmd->error_string = dst_cmd->error_string =
1245 "inconsistent aliased update";
1246}
1247
1248static void check_aliased_update(struct command *cmd, struct string_list *list)
1249{
1250 struct strbuf buf = STRBUF_INIT;
1251 const char *dst_name;
1252 int flag;
1253
1254 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1255 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1256 check_aliased_update_internal(cmd, list, dst_name, flag);
1257 strbuf_release(&buf);
1258}
1259
1260static void check_aliased_updates(struct command *commands)
1261{
1262 struct command *cmd;
1263 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1264
1265 for (cmd = commands; cmd; cmd = cmd->next) {
1266 struct string_list_item *item =
1267 string_list_append(&ref_list, cmd->ref_name);
1268 item->util = (void *)cmd;
1269 }
1270 string_list_sort(&ref_list);
1271
1272 for (cmd = commands; cmd; cmd = cmd->next) {
1273 if (!cmd->error_string)
1274 check_aliased_update(cmd, &ref_list);
1275 }
1276
1277 string_list_clear(&ref_list, 0);
1278}
1279
1280static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1281{
1282 struct command **cmd_list = cb_data;
1283 struct command *cmd = *cmd_list;
1284
1285 if (!cmd || is_null_oid(&cmd->new_oid))
1286 return -1; /* end of list */
1287 *cmd_list = NULL; /* this returns only one */
1288 oidcpy(oid, &cmd->new_oid);
1289 return 0;
1290}
1291
1292static void set_connectivity_errors(struct command *commands,
1293 struct shallow_info *si)
1294{
1295 struct command *cmd;
1296
1297 for (cmd = commands; cmd; cmd = cmd->next) {
1298 struct command *singleton = cmd;
1299 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1300
1301 if (shallow_update && si->shallow_ref[cmd->index])
1302 /* to be checked in update_shallow_ref() */
1303 continue;
1304
1305 opt.env = tmp_objdir_env(tmp_objdir);
1306 if (!check_connected(command_singleton_iterator, &singleton,
1307 &opt))
1308 continue;
1309
1310 cmd->error_string = "missing necessary objects";
1311 }
1312}
1313
1314struct iterate_data {
1315 struct command *cmds;
1316 struct shallow_info *si;
1317};
1318
1319static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1320{
1321 struct iterate_data *data = cb_data;
1322 struct command **cmd_list = &data->cmds;
1323 struct command *cmd = *cmd_list;
1324
1325 for (; cmd; cmd = cmd->next) {
1326 if (shallow_update && data->si->shallow_ref[cmd->index])
1327 /* to be checked in update_shallow_ref() */
1328 continue;
1329 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1330 oidcpy(oid, &cmd->new_oid);
1331 *cmd_list = cmd->next;
1332 return 0;
1333 }
1334 }
1335 *cmd_list = NULL;
1336 return -1; /* end of list */
1337}
1338
1339static void reject_updates_to_hidden(struct command *commands)
1340{
1341 struct strbuf refname_full = STRBUF_INIT;
1342 size_t prefix_len;
1343 struct command *cmd;
1344
1345 strbuf_addstr(&refname_full, get_git_namespace());
1346 prefix_len = refname_full.len;
1347
1348 for (cmd = commands; cmd; cmd = cmd->next) {
1349 if (cmd->error_string)
1350 continue;
1351
1352 strbuf_setlen(&refname_full, prefix_len);
1353 strbuf_addstr(&refname_full, cmd->ref_name);
1354
1355 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1356 continue;
1357 if (is_null_oid(&cmd->new_oid))
1358 cmd->error_string = "deny deleting a hidden ref";
1359 else
1360 cmd->error_string = "deny updating a hidden ref";
1361 }
1362
1363 strbuf_release(&refname_full);
1364}
1365
1366static int should_process_cmd(struct command *cmd)
1367{
1368 return !cmd->error_string && !cmd->skip_update;
1369}
1370
1371static void warn_if_skipped_connectivity_check(struct command *commands,
1372 struct shallow_info *si)
1373{
1374 struct command *cmd;
1375 int checked_connectivity = 1;
1376
1377 for (cmd = commands; cmd; cmd = cmd->next) {
1378 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1379 error("BUG: connectivity check has not been run on ref %s",
1380 cmd->ref_name);
1381 checked_connectivity = 0;
1382 }
1383 }
1384 if (!checked_connectivity)
1385 BUG("connectivity check skipped???");
1386}
1387
1388static void execute_commands_non_atomic(struct command *commands,
1389 struct shallow_info *si)
1390{
1391 struct command *cmd;
1392 struct strbuf err = STRBUF_INIT;
1393
1394 for (cmd = commands; cmd; cmd = cmd->next) {
1395 if (!should_process_cmd(cmd))
1396 continue;
1397
1398 transaction = ref_transaction_begin(&err);
1399 if (!transaction) {
1400 rp_error("%s", err.buf);
1401 strbuf_reset(&err);
1402 cmd->error_string = "transaction failed to start";
1403 continue;
1404 }
1405
1406 cmd->error_string = update(cmd, si);
1407
1408 if (!cmd->error_string
1409 && ref_transaction_commit(transaction, &err)) {
1410 rp_error("%s", err.buf);
1411 strbuf_reset(&err);
1412 cmd->error_string = "failed to update ref";
1413 }
1414 ref_transaction_free(transaction);
1415 }
1416 strbuf_release(&err);
1417}
1418
1419static void execute_commands_atomic(struct command *commands,
1420 struct shallow_info *si)
1421{
1422 struct command *cmd;
1423 struct strbuf err = STRBUF_INIT;
1424 const char *reported_error = "atomic push failure";
1425
1426 transaction = ref_transaction_begin(&err);
1427 if (!transaction) {
1428 rp_error("%s", err.buf);
1429 strbuf_reset(&err);
1430 reported_error = "transaction failed to start";
1431 goto failure;
1432 }
1433
1434 for (cmd = commands; cmd; cmd = cmd->next) {
1435 if (!should_process_cmd(cmd))
1436 continue;
1437
1438 cmd->error_string = update(cmd, si);
1439
1440 if (cmd->error_string)
1441 goto failure;
1442 }
1443
1444 if (ref_transaction_commit(transaction, &err)) {
1445 rp_error("%s", err.buf);
1446 reported_error = "atomic transaction failed";
1447 goto failure;
1448 }
1449 goto cleanup;
1450
1451failure:
1452 for (cmd = commands; cmd; cmd = cmd->next)
1453 if (!cmd->error_string)
1454 cmd->error_string = reported_error;
1455
1456cleanup:
1457 ref_transaction_free(transaction);
1458 strbuf_release(&err);
1459}
1460
1461static void execute_commands(struct command *commands,
1462 const char *unpacker_error,
1463 struct shallow_info *si,
1464 const struct string_list *push_options)
1465{
1466 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1467 struct command *cmd;
1468 struct iterate_data data;
1469 struct async muxer;
1470 int err_fd = 0;
1471
1472 if (unpacker_error) {
1473 for (cmd = commands; cmd; cmd = cmd->next)
1474 cmd->error_string = "unpacker error";
1475 return;
1476 }
1477
1478 if (use_sideband) {
1479 memset(&muxer, 0, sizeof(muxer));
1480 muxer.proc = copy_to_sideband;
1481 muxer.in = -1;
1482 if (!start_async(&muxer))
1483 err_fd = muxer.in;
1484 /* ...else, continue without relaying sideband */
1485 }
1486
1487 data.cmds = commands;
1488 data.si = si;
1489 opt.err_fd = err_fd;
1490 opt.progress = err_fd && !quiet;
1491 opt.env = tmp_objdir_env(tmp_objdir);
1492 if (check_connected(iterate_receive_command_list, &data, &opt))
1493 set_connectivity_errors(commands, si);
1494
1495 if (use_sideband)
1496 finish_async(&muxer);
1497
1498 reject_updates_to_hidden(commands);
1499
1500 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1501 for (cmd = commands; cmd; cmd = cmd->next) {
1502 if (!cmd->error_string)
1503 cmd->error_string = "pre-receive hook declined";
1504 }
1505 return;
1506 }
1507
1508 /*
1509 * Now we'll start writing out refs, which means the objects need
1510 * to be in their final positions so that other processes can see them.
1511 */
1512 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1513 for (cmd = commands; cmd; cmd = cmd->next) {
1514 if (!cmd->error_string)
1515 cmd->error_string = "unable to migrate objects to permanent storage";
1516 }
1517 return;
1518 }
1519 tmp_objdir = NULL;
1520
1521 check_aliased_updates(commands);
1522
1523 free(head_name_to_free);
1524 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1525
1526 if (use_atomic)
1527 execute_commands_atomic(commands, si);
1528 else
1529 execute_commands_non_atomic(commands, si);
1530
1531 if (shallow_update)
1532 warn_if_skipped_connectivity_check(commands, si);
1533}
1534
1535static struct command **queue_command(struct command **tail,
1536 const char *line,
1537 int linelen)
1538{
1539 struct object_id old_oid, new_oid;
1540 struct command *cmd;
1541 const char *refname;
1542 int reflen;
1543 const char *p;
1544
1545 if (parse_oid_hex(line, &old_oid, &p) ||
1546 *p++ != ' ' ||
1547 parse_oid_hex(p, &new_oid, &p) ||
1548 *p++ != ' ')
1549 die("protocol error: expected old/new/ref, got '%s'", line);
1550
1551 refname = p;
1552 reflen = linelen - (p - line);
1553 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1554 oidcpy(&cmd->old_oid, &old_oid);
1555 oidcpy(&cmd->new_oid, &new_oid);
1556 *tail = cmd;
1557 return &cmd->next;
1558}
1559
1560static void queue_commands_from_cert(struct command **tail,
1561 struct strbuf *push_cert)
1562{
1563 const char *boc, *eoc;
1564
1565 if (*tail)
1566 die("protocol error: got both push certificate and unsigned commands");
1567
1568 boc = strstr(push_cert->buf, "\n\n");
1569 if (!boc)
1570 die("malformed push certificate %.*s", 100, push_cert->buf);
1571 else
1572 boc += 2;
1573 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1574
1575 while (boc < eoc) {
1576 const char *eol = memchr(boc, '\n', eoc - boc);
1577 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1578 boc = eol ? eol + 1 : eoc;
1579 }
1580}
1581
1582static struct command *read_head_info(struct packet_reader *reader,
1583 struct oid_array *shallow)
1584{
1585 struct command *commands = NULL;
1586 struct command **p = &commands;
1587 for (;;) {
1588 int linelen;
1589
1590 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1591 break;
1592
1593 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1594 struct object_id oid;
1595 if (get_oid_hex(reader->line + 8, &oid))
1596 die("protocol error: expected shallow sha, got '%s'",
1597 reader->line + 8);
1598 oid_array_append(shallow, &oid);
1599 continue;
1600 }
1601
1602 linelen = strlen(reader->line);
1603 if (linelen < reader->pktlen) {
1604 const char *feature_list = reader->line + linelen + 1;
1605 if (parse_feature_request(feature_list, "report-status"))
1606 report_status = 1;
1607 if (parse_feature_request(feature_list, "side-band-64k"))
1608 use_sideband = LARGE_PACKET_MAX;
1609 if (parse_feature_request(feature_list, "quiet"))
1610 quiet = 1;
1611 if (advertise_atomic_push
1612 && parse_feature_request(feature_list, "atomic"))
1613 use_atomic = 1;
1614 if (advertise_push_options
1615 && parse_feature_request(feature_list, "push-options"))
1616 use_push_options = 1;
1617 }
1618
1619 if (!strcmp(reader->line, "push-cert")) {
1620 int true_flush = 0;
1621 int saved_options = reader->options;
1622 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1623
1624 for (;;) {
1625 packet_reader_read(reader);
1626 if (reader->status == PACKET_READ_FLUSH) {
1627 true_flush = 1;
1628 break;
1629 }
1630 if (reader->status != PACKET_READ_NORMAL) {
1631 die("protocol error: got an unexpected packet");
1632 }
1633 if (!strcmp(reader->line, "push-cert-end\n"))
1634 break; /* end of cert */
1635 strbuf_addstr(&push_cert, reader->line);
1636 }
1637 reader->options = saved_options;
1638
1639 if (true_flush)
1640 break;
1641 continue;
1642 }
1643
1644 p = queue_command(p, reader->line, linelen);
1645 }
1646
1647 if (push_cert.len)
1648 queue_commands_from_cert(p, &push_cert);
1649
1650 return commands;
1651}
1652
1653static void read_push_options(struct packet_reader *reader,
1654 struct string_list *options)
1655{
1656 while (1) {
1657 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1658 break;
1659
1660 string_list_append(options, reader->line);
1661 }
1662}
1663
1664static const char *parse_pack_header(struct pack_header *hdr)
1665{
1666 switch (read_pack_header(0, hdr)) {
1667 case PH_ERROR_EOF:
1668 return "eof before pack header was fully read";
1669
1670 case PH_ERROR_PACK_SIGNATURE:
1671 return "protocol error (pack signature mismatch detected)";
1672
1673 case PH_ERROR_PROTOCOL:
1674 return "protocol error (pack version unsupported)";
1675
1676 default:
1677 return "unknown error in parse_pack_header";
1678
1679 case 0:
1680 return NULL;
1681 }
1682}
1683
1684static const char *pack_lockfile;
1685
1686static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1687{
1688 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1689 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1690}
1691
1692static const char *unpack(int err_fd, struct shallow_info *si)
1693{
1694 struct pack_header hdr;
1695 const char *hdr_err;
1696 int status;
1697 struct child_process child = CHILD_PROCESS_INIT;
1698 int fsck_objects = (receive_fsck_objects >= 0
1699 ? receive_fsck_objects
1700 : transfer_fsck_objects >= 0
1701 ? transfer_fsck_objects
1702 : 0);
1703
1704 hdr_err = parse_pack_header(&hdr);
1705 if (hdr_err) {
1706 if (err_fd > 0)
1707 close(err_fd);
1708 return hdr_err;
1709 }
1710
1711 if (si->nr_ours || si->nr_theirs) {
1712 alt_shallow_file = setup_temporary_shallow(si->shallow);
1713 argv_array_push(&child.args, "--shallow-file");
1714 argv_array_push(&child.args, alt_shallow_file);
1715 }
1716
1717 tmp_objdir = tmp_objdir_create();
1718 if (!tmp_objdir) {
1719 if (err_fd > 0)
1720 close(err_fd);
1721 return "unable to create temporary object directory";
1722 }
1723 child.env = tmp_objdir_env(tmp_objdir);
1724
1725 /*
1726 * Normally we just pass the tmp_objdir environment to the child
1727 * processes that do the heavy lifting, but we may need to see these
1728 * objects ourselves to set up shallow information.
1729 */
1730 tmp_objdir_add_as_alternate(tmp_objdir);
1731
1732 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1733 argv_array_push(&child.args, "unpack-objects");
1734 push_header_arg(&child.args, &hdr);
1735 if (quiet)
1736 argv_array_push(&child.args, "-q");
1737 if (fsck_objects)
1738 argv_array_pushf(&child.args, "--strict%s",
1739 fsck_msg_types.buf);
1740 if (max_input_size)
1741 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1742 (uintmax_t)max_input_size);
1743 child.no_stdout = 1;
1744 child.err = err_fd;
1745 child.git_cmd = 1;
1746 status = run_command(&child);
1747 if (status)
1748 return "unpack-objects abnormal exit";
1749 } else {
1750 char hostname[HOST_NAME_MAX + 1];
1751
1752 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1753 push_header_arg(&child.args, &hdr);
1754
1755 if (xgethostname(hostname, sizeof(hostname)))
1756 xsnprintf(hostname, sizeof(hostname), "localhost");
1757 argv_array_pushf(&child.args,
1758 "--keep=receive-pack %"PRIuMAX" on %s",
1759 (uintmax_t)getpid(),
1760 hostname);
1761
1762 if (!quiet && err_fd)
1763 argv_array_push(&child.args, "--show-resolving-progress");
1764 if (use_sideband)
1765 argv_array_push(&child.args, "--report-end-of-input");
1766 if (fsck_objects)
1767 argv_array_pushf(&child.args, "--strict%s",
1768 fsck_msg_types.buf);
1769 if (!reject_thin)
1770 argv_array_push(&child.args, "--fix-thin");
1771 if (max_input_size)
1772 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1773 (uintmax_t)max_input_size);
1774 child.out = -1;
1775 child.err = err_fd;
1776 child.git_cmd = 1;
1777 status = start_command(&child);
1778 if (status)
1779 return "index-pack fork failed";
1780 pack_lockfile = index_pack_lockfile(child.out);
1781 close(child.out);
1782 status = finish_command(&child);
1783 if (status)
1784 return "index-pack abnormal exit";
1785 reprepare_packed_git(the_repository);
1786 }
1787 return NULL;
1788}
1789
1790static const char *unpack_with_sideband(struct shallow_info *si)
1791{
1792 struct async muxer;
1793 const char *ret;
1794
1795 if (!use_sideband)
1796 return unpack(0, si);
1797
1798 use_keepalive = KEEPALIVE_AFTER_NUL;
1799 memset(&muxer, 0, sizeof(muxer));
1800 muxer.proc = copy_to_sideband;
1801 muxer.in = -1;
1802 if (start_async(&muxer))
1803 return NULL;
1804
1805 ret = unpack(muxer.in, si);
1806
1807 finish_async(&muxer);
1808 return ret;
1809}
1810
1811static void prepare_shallow_update(struct shallow_info *si)
1812{
1813 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1814
1815 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1816 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1817
1818 si->need_reachability_test =
1819 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1820 si->reachable =
1821 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1822 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1823
1824 for (i = 0; i < si->nr_ours; i++)
1825 si->need_reachability_test[si->ours[i]] = 1;
1826
1827 for (i = 0; i < si->shallow->nr; i++) {
1828 if (!si->used_shallow[i])
1829 continue;
1830 for (j = 0; j < bitmap_size; j++) {
1831 if (!si->used_shallow[i][j])
1832 continue;
1833 si->need_reachability_test[i]++;
1834 for (k = 0; k < 32; k++)
1835 if (si->used_shallow[i][j] & (1U << k))
1836 si->shallow_ref[j * 32 + k]++;
1837 }
1838
1839 /*
1840 * true for those associated with some refs and belong
1841 * in "ours" list aka "step 7 not done yet"
1842 */
1843 si->need_reachability_test[i] =
1844 si->need_reachability_test[i] > 1;
1845 }
1846
1847 /*
1848 * keep hooks happy by forcing a temporary shallow file via
1849 * env variable because we can't add --shallow-file to every
1850 * command. check_connected() will be done with
1851 * true .git/shallow though.
1852 */
1853 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1854}
1855
1856static void update_shallow_info(struct command *commands,
1857 struct shallow_info *si,
1858 struct oid_array *ref)
1859{
1860 struct command *cmd;
1861 int *ref_status;
1862 remove_nonexistent_theirs_shallow(si);
1863 if (!si->nr_ours && !si->nr_theirs) {
1864 shallow_update = 0;
1865 return;
1866 }
1867
1868 for (cmd = commands; cmd; cmd = cmd->next) {
1869 if (is_null_oid(&cmd->new_oid))
1870 continue;
1871 oid_array_append(ref, &cmd->new_oid);
1872 cmd->index = ref->nr - 1;
1873 }
1874 si->ref = ref;
1875
1876 if (shallow_update) {
1877 prepare_shallow_update(si);
1878 return;
1879 }
1880
1881 ALLOC_ARRAY(ref_status, ref->nr);
1882 assign_shallow_commits_to_refs(si, NULL, ref_status);
1883 for (cmd = commands; cmd; cmd = cmd->next) {
1884 if (is_null_oid(&cmd->new_oid))
1885 continue;
1886 if (ref_status[cmd->index]) {
1887 cmd->error_string = "shallow update not allowed";
1888 cmd->skip_update = 1;
1889 }
1890 }
1891 free(ref_status);
1892}
1893
1894static void report(struct command *commands, const char *unpack_status)
1895{
1896 struct command *cmd;
1897 struct strbuf buf = STRBUF_INIT;
1898
1899 packet_buf_write(&buf, "unpack %s\n",
1900 unpack_status ? unpack_status : "ok");
1901 for (cmd = commands; cmd; cmd = cmd->next) {
1902 if (!cmd->error_string)
1903 packet_buf_write(&buf, "ok %s\n",
1904 cmd->ref_name);
1905 else
1906 packet_buf_write(&buf, "ng %s %s\n",
1907 cmd->ref_name, cmd->error_string);
1908 }
1909 packet_buf_flush(&buf);
1910
1911 if (use_sideband)
1912 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1913 else
1914 write_or_die(1, buf.buf, buf.len);
1915 strbuf_release(&buf);
1916}
1917
1918static int delete_only(struct command *commands)
1919{
1920 struct command *cmd;
1921 for (cmd = commands; cmd; cmd = cmd->next) {
1922 if (!is_null_oid(&cmd->new_oid))
1923 return 0;
1924 }
1925 return 1;
1926}
1927
1928int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1929{
1930 int advertise_refs = 0;
1931 struct command *commands;
1932 struct oid_array shallow = OID_ARRAY_INIT;
1933 struct oid_array ref = OID_ARRAY_INIT;
1934 struct shallow_info si;
1935 struct packet_reader reader;
1936
1937 struct option options[] = {
1938 OPT__QUIET(&quiet, N_("quiet")),
1939 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1940 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1941 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1942 OPT_END()
1943 };
1944
1945 packet_trace_identity("receive-pack");
1946
1947 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1948
1949 if (argc > 1)
1950 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1951 if (argc == 0)
1952 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1953
1954 service_dir = argv[0];
1955
1956 setup_path();
1957
1958 if (!enter_repo(service_dir, 0))
1959 die("'%s' does not appear to be a git repository", service_dir);
1960
1961 git_config(receive_pack_config, NULL);
1962 if (cert_nonce_seed)
1963 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1964
1965 if (0 <= transfer_unpack_limit)
1966 unpack_limit = transfer_unpack_limit;
1967 else if (0 <= receive_unpack_limit)
1968 unpack_limit = receive_unpack_limit;
1969
1970 switch (determine_protocol_version_server()) {
1971 case protocol_v2:
1972 /*
1973 * push support for protocol v2 has not been implemented yet,
1974 * so ignore the request to use v2 and fallback to using v0.
1975 */
1976 break;
1977 case protocol_v1:
1978 /*
1979 * v1 is just the original protocol with a version string,
1980 * so just fall through after writing the version string.
1981 */
1982 if (advertise_refs || !stateless_rpc)
1983 packet_write_fmt(1, "version 1\n");
1984
1985 /* fallthrough */
1986 case protocol_v0:
1987 break;
1988 case protocol_unknown_version:
1989 BUG("unknown protocol version");
1990 }
1991
1992 if (advertise_refs || !stateless_rpc) {
1993 write_head_info();
1994 }
1995 if (advertise_refs)
1996 return 0;
1997
1998 packet_reader_init(&reader, 0, NULL, 0,
1999 PACKET_READ_CHOMP_NEWLINE |
2000 PACKET_READ_DIE_ON_ERR_PACKET);
2001
2002 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2003 const char *unpack_status = NULL;
2004 struct string_list push_options = STRING_LIST_INIT_DUP;
2005
2006 if (use_push_options)
2007 read_push_options(&reader, &push_options);
2008 if (!check_cert_push_options(&push_options)) {
2009 struct command *cmd;
2010 for (cmd = commands; cmd; cmd = cmd->next)
2011 cmd->error_string = "inconsistent push options";
2012 }
2013
2014 prepare_shallow_info(&si, &shallow);
2015 if (!si.nr_ours && !si.nr_theirs)
2016 shallow_update = 0;
2017 if (!delete_only(commands)) {
2018 unpack_status = unpack_with_sideband(&si);
2019 update_shallow_info(commands, &si, &ref);
2020 }
2021 use_keepalive = KEEPALIVE_ALWAYS;
2022 execute_commands(commands, unpack_status, &si,
2023 &push_options);
2024 if (pack_lockfile)
2025 unlink_or_warn(pack_lockfile);
2026 if (report_status)
2027 report(commands, unpack_status);
2028 run_receive_hook(commands, "post-receive", 1,
2029 &push_options);
2030 run_update_post_hook(commands);
2031 string_list_clear(&push_options, 0);
2032 if (auto_gc) {
2033 const char *argv_gc_auto[] = {
2034 "gc", "--auto", "--quiet", NULL,
2035 };
2036 struct child_process proc = CHILD_PROCESS_INIT;
2037
2038 proc.no_stdin = 1;
2039 proc.stdout_to_stderr = 1;
2040 proc.err = use_sideband ? -1 : 0;
2041 proc.git_cmd = 1;
2042 proc.argv = argv_gc_auto;
2043
2044 close_object_store(the_repository->objects);
2045 if (!start_command(&proc)) {
2046 if (use_sideband)
2047 copy_to_sideband(proc.err, -1, NULL);
2048 finish_command(&proc);
2049 }
2050 }
2051 if (auto_update_server_info)
2052 update_server_info(0);
2053 clear_shallow_info(&si);
2054 }
2055 if (use_sideband)
2056 packet_flush(1);
2057 oid_array_clear(&shallow);
2058 oid_array_clear(&ref);
2059 free((void *)push_cert_nonce);
2060 return 0;
2061}