builtin / receive-pack.con commit sequencer: do not die() in do_pick_commit() (dbfad03)
   1#include "builtin.h"
   2#include "lockfile.h"
   3#include "pack.h"
   4#include "refs.h"
   5#include "pkt-line.h"
   6#include "sideband.h"
   7#include "run-command.h"
   8#include "exec_cmd.h"
   9#include "commit.h"
  10#include "object.h"
  11#include "remote.h"
  12#include "connect.h"
  13#include "transport.h"
  14#include "string-list.h"
  15#include "sha1-array.h"
  16#include "connected.h"
  17#include "argv-array.h"
  18#include "version.h"
  19#include "tag.h"
  20#include "gpg-interface.h"
  21#include "sigchain.h"
  22#include "fsck.h"
  23
  24static const char * const receive_pack_usage[] = {
  25        N_("git receive-pack <git-dir>"),
  26        NULL
  27};
  28
  29enum deny_action {
  30        DENY_UNCONFIGURED,
  31        DENY_IGNORE,
  32        DENY_WARN,
  33        DENY_REFUSE,
  34        DENY_UPDATE_INSTEAD
  35};
  36
  37static int deny_deletes;
  38static int deny_non_fast_forwards;
  39static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
  40static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
  41static int receive_fsck_objects = -1;
  42static int transfer_fsck_objects = -1;
  43static struct strbuf fsck_msg_types = STRBUF_INIT;
  44static int receive_unpack_limit = -1;
  45static int transfer_unpack_limit = -1;
  46static int advertise_atomic_push = 1;
  47static int advertise_push_options;
  48static int unpack_limit = 100;
  49static int report_status;
  50static int use_sideband;
  51static int use_atomic;
  52static int use_push_options;
  53static int quiet;
  54static int prefer_ofs_delta = 1;
  55static int auto_update_server_info;
  56static int auto_gc = 1;
  57static int reject_thin;
  58static int stateless_rpc;
  59static const char *service_dir;
  60static const char *head_name;
  61static void *head_name_to_free;
  62static int sent_capabilities;
  63static int shallow_update;
  64static const char *alt_shallow_file;
  65static struct strbuf push_cert = STRBUF_INIT;
  66static unsigned char push_cert_sha1[20];
  67static struct signature_check sigcheck;
  68static const char *push_cert_nonce;
  69static const char *cert_nonce_seed;
  70
  71static const char *NONCE_UNSOLICITED = "UNSOLICITED";
  72static const char *NONCE_BAD = "BAD";
  73static const char *NONCE_MISSING = "MISSING";
  74static const char *NONCE_OK = "OK";
  75static const char *NONCE_SLOP = "SLOP";
  76static const char *nonce_status;
  77static long nonce_stamp_slop;
  78static unsigned long nonce_stamp_slop_limit;
  79static struct ref_transaction *transaction;
  80
  81static enum {
  82        KEEPALIVE_NEVER = 0,
  83        KEEPALIVE_AFTER_NUL,
  84        KEEPALIVE_ALWAYS
  85} use_keepalive;
  86static int keepalive_in_sec = 5;
  87
  88static enum deny_action parse_deny_action(const char *var, const char *value)
  89{
  90        if (value) {
  91                if (!strcasecmp(value, "ignore"))
  92                        return DENY_IGNORE;
  93                if (!strcasecmp(value, "warn"))
  94                        return DENY_WARN;
  95                if (!strcasecmp(value, "refuse"))
  96                        return DENY_REFUSE;
  97                if (!strcasecmp(value, "updateinstead"))
  98                        return DENY_UPDATE_INSTEAD;
  99        }
 100        if (git_config_bool(var, value))
 101                return DENY_REFUSE;
 102        return DENY_IGNORE;
 103}
 104
 105static int receive_pack_config(const char *var, const char *value, void *cb)
 106{
 107        int status = parse_hide_refs_config(var, value, "receive");
 108
 109        if (status)
 110                return status;
 111
 112        if (strcmp(var, "receive.denydeletes") == 0) {
 113                deny_deletes = git_config_bool(var, value);
 114                return 0;
 115        }
 116
 117        if (strcmp(var, "receive.denynonfastforwards") == 0) {
 118                deny_non_fast_forwards = git_config_bool(var, value);
 119                return 0;
 120        }
 121
 122        if (strcmp(var, "receive.unpacklimit") == 0) {
 123                receive_unpack_limit = git_config_int(var, value);
 124                return 0;
 125        }
 126
 127        if (strcmp(var, "transfer.unpacklimit") == 0) {
 128                transfer_unpack_limit = git_config_int(var, value);
 129                return 0;
 130        }
 131
 132        if (strcmp(var, "receive.fsck.skiplist") == 0) {
 133                const char *path;
 134
 135                if (git_config_pathname(&path, var, value))
 136                        return 1;
 137                strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
 138                        fsck_msg_types.len ? ',' : '=', path);
 139                free((char *)path);
 140                return 0;
 141        }
 142
 143        if (skip_prefix(var, "receive.fsck.", &var)) {
 144                if (is_valid_msg_type(var, value))
 145                        strbuf_addf(&fsck_msg_types, "%c%s=%s",
 146                                fsck_msg_types.len ? ',' : '=', var, value);
 147                else
 148                        warning("Skipping unknown msg id '%s'", var);
 149                return 0;
 150        }
 151
 152        if (strcmp(var, "receive.fsckobjects") == 0) {
 153                receive_fsck_objects = git_config_bool(var, value);
 154                return 0;
 155        }
 156
 157        if (strcmp(var, "transfer.fsckobjects") == 0) {
 158                transfer_fsck_objects = git_config_bool(var, value);
 159                return 0;
 160        }
 161
 162        if (!strcmp(var, "receive.denycurrentbranch")) {
 163                deny_current_branch = parse_deny_action(var, value);
 164                return 0;
 165        }
 166
 167        if (strcmp(var, "receive.denydeletecurrent") == 0) {
 168                deny_delete_current = parse_deny_action(var, value);
 169                return 0;
 170        }
 171
 172        if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
 173                prefer_ofs_delta = git_config_bool(var, value);
 174                return 0;
 175        }
 176
 177        if (strcmp(var, "receive.updateserverinfo") == 0) {
 178                auto_update_server_info = git_config_bool(var, value);
 179                return 0;
 180        }
 181
 182        if (strcmp(var, "receive.autogc") == 0) {
 183                auto_gc = git_config_bool(var, value);
 184                return 0;
 185        }
 186
 187        if (strcmp(var, "receive.shallowupdate") == 0) {
 188                shallow_update = git_config_bool(var, value);
 189                return 0;
 190        }
 191
 192        if (strcmp(var, "receive.certnonceseed") == 0)
 193                return git_config_string(&cert_nonce_seed, var, value);
 194
 195        if (strcmp(var, "receive.certnonceslop") == 0) {
 196                nonce_stamp_slop_limit = git_config_ulong(var, value);
 197                return 0;
 198        }
 199
 200        if (strcmp(var, "receive.advertiseatomic") == 0) {
 201                advertise_atomic_push = git_config_bool(var, value);
 202                return 0;
 203        }
 204
 205        if (strcmp(var, "receive.advertisepushoptions") == 0) {
 206                advertise_push_options = git_config_bool(var, value);
 207                return 0;
 208        }
 209
 210        if (strcmp(var, "receive.keepalive") == 0) {
 211                keepalive_in_sec = git_config_int(var, value);
 212                return 0;
 213        }
 214
 215        return git_default_config(var, value, cb);
 216}
 217
 218static void show_ref(const char *path, const unsigned char *sha1)
 219{
 220        if (sent_capabilities) {
 221                packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
 222        } else {
 223                struct strbuf cap = STRBUF_INIT;
 224
 225                strbuf_addstr(&cap,
 226                              "report-status delete-refs side-band-64k quiet");
 227                if (advertise_atomic_push)
 228                        strbuf_addstr(&cap, " atomic");
 229                if (prefer_ofs_delta)
 230                        strbuf_addstr(&cap, " ofs-delta");
 231                if (push_cert_nonce)
 232                        strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
 233                if (advertise_push_options)
 234                        strbuf_addstr(&cap, " push-options");
 235                strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
 236                packet_write(1, "%s %s%c%s\n",
 237                             sha1_to_hex(sha1), path, 0, cap.buf);
 238                strbuf_release(&cap);
 239                sent_capabilities = 1;
 240        }
 241}
 242
 243static int show_ref_cb(const char *path_full, const struct object_id *oid,
 244                       int flag, void *unused)
 245{
 246        const char *path = strip_namespace(path_full);
 247
 248        if (ref_is_hidden(path, path_full))
 249                return 0;
 250
 251        /*
 252         * Advertise refs outside our current namespace as ".have"
 253         * refs, so that the client can use them to minimize data
 254         * transfer but will otherwise ignore them. This happens to
 255         * cover ".have" that are thrown in by add_one_alternate_ref()
 256         * to mark histories that are complete in our alternates as
 257         * well.
 258         */
 259        if (!path)
 260                path = ".have";
 261        show_ref(path, oid->hash);
 262        return 0;
 263}
 264
 265static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
 266{
 267        show_ref(".have", sha1);
 268}
 269
 270static void collect_one_alternate_ref(const struct ref *ref, void *data)
 271{
 272        struct sha1_array *sa = data;
 273        sha1_array_append(sa, ref->old_oid.hash);
 274}
 275
 276static void write_head_info(void)
 277{
 278        struct sha1_array sa = SHA1_ARRAY_INIT;
 279
 280        for_each_alternate_ref(collect_one_alternate_ref, &sa);
 281        sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
 282        sha1_array_clear(&sa);
 283        for_each_ref(show_ref_cb, NULL);
 284        if (!sent_capabilities)
 285                show_ref("capabilities^{}", null_sha1);
 286
 287        advertise_shallow_grafts(1);
 288
 289        /* EOF */
 290        packet_flush(1);
 291}
 292
 293struct command {
 294        struct command *next;
 295        const char *error_string;
 296        unsigned int skip_update:1,
 297                     did_not_exist:1;
 298        int index;
 299        unsigned char old_sha1[20];
 300        unsigned char new_sha1[20];
 301        char ref_name[FLEX_ARRAY]; /* more */
 302};
 303
 304static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
 305static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
 306
 307static void report_message(const char *prefix, const char *err, va_list params)
 308{
 309        int sz;
 310        char msg[4096];
 311
 312        sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
 313        sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
 314        if (sz > (sizeof(msg) - 1))
 315                sz = sizeof(msg) - 1;
 316        msg[sz++] = '\n';
 317
 318        if (use_sideband)
 319                send_sideband(1, 2, msg, sz, use_sideband);
 320        else
 321                xwrite(2, msg, sz);
 322}
 323
 324static void rp_warning(const char *err, ...)
 325{
 326        va_list params;
 327        va_start(params, err);
 328        report_message("warning: ", err, params);
 329        va_end(params);
 330}
 331
 332static void rp_error(const char *err, ...)
 333{
 334        va_list params;
 335        va_start(params, err);
 336        report_message("error: ", err, params);
 337        va_end(params);
 338}
 339
 340static int copy_to_sideband(int in, int out, void *arg)
 341{
 342        char data[128];
 343        int keepalive_active = 0;
 344
 345        if (keepalive_in_sec <= 0)
 346                use_keepalive = KEEPALIVE_NEVER;
 347        if (use_keepalive == KEEPALIVE_ALWAYS)
 348                keepalive_active = 1;
 349
 350        while (1) {
 351                ssize_t sz;
 352
 353                if (keepalive_active) {
 354                        struct pollfd pfd;
 355                        int ret;
 356
 357                        pfd.fd = in;
 358                        pfd.events = POLLIN;
 359                        ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
 360
 361                        if (ret < 0) {
 362                                if (errno == EINTR)
 363                                        continue;
 364                                else
 365                                        break;
 366                        } else if (ret == 0) {
 367                                /* no data; send a keepalive packet */
 368                                static const char buf[] = "0005\1";
 369                                write_or_die(1, buf, sizeof(buf) - 1);
 370                                continue;
 371                        } /* else there is actual data to read */
 372                }
 373
 374                sz = xread(in, data, sizeof(data));
 375                if (sz <= 0)
 376                        break;
 377
 378                if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
 379                        const char *p = memchr(data, '\0', sz);
 380                        if (p) {
 381                                /*
 382                                 * The NUL tells us to start sending keepalives. Make
 383                                 * sure we send any other data we read along
 384                                 * with it.
 385                                 */
 386                                keepalive_active = 1;
 387                                send_sideband(1, 2, data, p - data, use_sideband);
 388                                send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
 389                                continue;
 390                        }
 391                }
 392
 393                /*
 394                 * Either we're not looking for a NUL signal, or we didn't see
 395                 * it yet; just pass along the data.
 396                 */
 397                send_sideband(1, 2, data, sz, use_sideband);
 398        }
 399        close(in);
 400        return 0;
 401}
 402
 403#define HMAC_BLOCK_SIZE 64
 404
 405static void hmac_sha1(unsigned char *out,
 406                      const char *key_in, size_t key_len,
 407                      const char *text, size_t text_len)
 408{
 409        unsigned char key[HMAC_BLOCK_SIZE];
 410        unsigned char k_ipad[HMAC_BLOCK_SIZE];
 411        unsigned char k_opad[HMAC_BLOCK_SIZE];
 412        int i;
 413        git_SHA_CTX ctx;
 414
 415        /* RFC 2104 2. (1) */
 416        memset(key, '\0', HMAC_BLOCK_SIZE);
 417        if (HMAC_BLOCK_SIZE < key_len) {
 418                git_SHA1_Init(&ctx);
 419                git_SHA1_Update(&ctx, key_in, key_len);
 420                git_SHA1_Final(key, &ctx);
 421        } else {
 422                memcpy(key, key_in, key_len);
 423        }
 424
 425        /* RFC 2104 2. (2) & (5) */
 426        for (i = 0; i < sizeof(key); i++) {
 427                k_ipad[i] = key[i] ^ 0x36;
 428                k_opad[i] = key[i] ^ 0x5c;
 429        }
 430
 431        /* RFC 2104 2. (3) & (4) */
 432        git_SHA1_Init(&ctx);
 433        git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
 434        git_SHA1_Update(&ctx, text, text_len);
 435        git_SHA1_Final(out, &ctx);
 436
 437        /* RFC 2104 2. (6) & (7) */
 438        git_SHA1_Init(&ctx);
 439        git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
 440        git_SHA1_Update(&ctx, out, 20);
 441        git_SHA1_Final(out, &ctx);
 442}
 443
 444static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
 445{
 446        struct strbuf buf = STRBUF_INIT;
 447        unsigned char sha1[20];
 448
 449        strbuf_addf(&buf, "%s:%lu", path, stamp);
 450        hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
 451        strbuf_release(&buf);
 452
 453        /* RFC 2104 5. HMAC-SHA1-80 */
 454        strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
 455        return strbuf_detach(&buf, NULL);
 456}
 457
 458/*
 459 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
 460 * after dropping "_commit" from its name and possibly moving it out
 461 * of commit.c
 462 */
 463static char *find_header(const char *msg, size_t len, const char *key)
 464{
 465        int key_len = strlen(key);
 466        const char *line = msg;
 467
 468        while (line && line < msg + len) {
 469                const char *eol = strchrnul(line, '\n');
 470
 471                if ((msg + len <= eol) || line == eol)
 472                        return NULL;
 473                if (line + key_len < eol &&
 474                    !memcmp(line, key, key_len) && line[key_len] == ' ') {
 475                        int offset = key_len + 1;
 476                        return xmemdupz(line + offset, (eol - line) - offset);
 477                }
 478                line = *eol ? eol + 1 : NULL;
 479        }
 480        return NULL;
 481}
 482
 483static const char *check_nonce(const char *buf, size_t len)
 484{
 485        char *nonce = find_header(buf, len, "nonce");
 486        unsigned long stamp, ostamp;
 487        char *bohmac, *expect = NULL;
 488        const char *retval = NONCE_BAD;
 489
 490        if (!nonce) {
 491                retval = NONCE_MISSING;
 492                goto leave;
 493        } else if (!push_cert_nonce) {
 494                retval = NONCE_UNSOLICITED;
 495                goto leave;
 496        } else if (!strcmp(push_cert_nonce, nonce)) {
 497                retval = NONCE_OK;
 498                goto leave;
 499        }
 500
 501        if (!stateless_rpc) {
 502                /* returned nonce MUST match what we gave out earlier */
 503                retval = NONCE_BAD;
 504                goto leave;
 505        }
 506
 507        /*
 508         * In stateless mode, we may be receiving a nonce issued by
 509         * another instance of the server that serving the same
 510         * repository, and the timestamps may not match, but the
 511         * nonce-seed and dir should match, so we can recompute and
 512         * report the time slop.
 513         *
 514         * In addition, when a nonce issued by another instance has
 515         * timestamp within receive.certnonceslop seconds, we pretend
 516         * as if we issued that nonce when reporting to the hook.
 517         */
 518
 519        /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
 520        if (*nonce <= '0' || '9' < *nonce) {
 521                retval = NONCE_BAD;
 522                goto leave;
 523        }
 524        stamp = strtoul(nonce, &bohmac, 10);
 525        if (bohmac == nonce || bohmac[0] != '-') {
 526                retval = NONCE_BAD;
 527                goto leave;
 528        }
 529
 530        expect = prepare_push_cert_nonce(service_dir, stamp);
 531        if (strcmp(expect, nonce)) {
 532                /* Not what we would have signed earlier */
 533                retval = NONCE_BAD;
 534                goto leave;
 535        }
 536
 537        /*
 538         * By how many seconds is this nonce stale?  Negative value
 539         * would mean it was issued by another server with its clock
 540         * skewed in the future.
 541         */
 542        ostamp = strtoul(push_cert_nonce, NULL, 10);
 543        nonce_stamp_slop = (long)ostamp - (long)stamp;
 544
 545        if (nonce_stamp_slop_limit &&
 546            labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
 547                /*
 548                 * Pretend as if the received nonce (which passes the
 549                 * HMAC check, so it is not a forged by third-party)
 550                 * is what we issued.
 551                 */
 552                free((void *)push_cert_nonce);
 553                push_cert_nonce = xstrdup(nonce);
 554                retval = NONCE_OK;
 555        } else {
 556                retval = NONCE_SLOP;
 557        }
 558
 559leave:
 560        free(nonce);
 561        free(expect);
 562        return retval;
 563}
 564
 565static void prepare_push_cert_sha1(struct child_process *proc)
 566{
 567        static int already_done;
 568
 569        if (!push_cert.len)
 570                return;
 571
 572        if (!already_done) {
 573                struct strbuf gpg_output = STRBUF_INIT;
 574                struct strbuf gpg_status = STRBUF_INIT;
 575                int bogs /* beginning_of_gpg_sig */;
 576
 577                already_done = 1;
 578                if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
 579                        hashclr(push_cert_sha1);
 580
 581                memset(&sigcheck, '\0', sizeof(sigcheck));
 582                sigcheck.result = 'N';
 583
 584                bogs = parse_signature(push_cert.buf, push_cert.len);
 585                if (verify_signed_buffer(push_cert.buf, bogs,
 586                                         push_cert.buf + bogs, push_cert.len - bogs,
 587                                         &gpg_output, &gpg_status) < 0) {
 588                        ; /* error running gpg */
 589                } else {
 590                        sigcheck.payload = push_cert.buf;
 591                        sigcheck.gpg_output = gpg_output.buf;
 592                        sigcheck.gpg_status = gpg_status.buf;
 593                        parse_gpg_output(&sigcheck);
 594                }
 595
 596                strbuf_release(&gpg_output);
 597                strbuf_release(&gpg_status);
 598                nonce_status = check_nonce(push_cert.buf, bogs);
 599        }
 600        if (!is_null_sha1(push_cert_sha1)) {
 601                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
 602                                 sha1_to_hex(push_cert_sha1));
 603                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
 604                                 sigcheck.signer ? sigcheck.signer : "");
 605                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
 606                                 sigcheck.key ? sigcheck.key : "");
 607                argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
 608                                 sigcheck.result);
 609                if (push_cert_nonce) {
 610                        argv_array_pushf(&proc->env_array,
 611                                         "GIT_PUSH_CERT_NONCE=%s",
 612                                         push_cert_nonce);
 613                        argv_array_pushf(&proc->env_array,
 614                                         "GIT_PUSH_CERT_NONCE_STATUS=%s",
 615                                         nonce_status);
 616                        if (nonce_status == NONCE_SLOP)
 617                                argv_array_pushf(&proc->env_array,
 618                                                 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
 619                                                 nonce_stamp_slop);
 620                }
 621        }
 622}
 623
 624struct receive_hook_feed_state {
 625        struct command *cmd;
 626        int skip_broken;
 627        struct strbuf buf;
 628        const struct string_list *push_options;
 629};
 630
 631typedef int (*feed_fn)(void *, const char **, size_t *);
 632static int run_and_feed_hook(const char *hook_name, feed_fn feed,
 633                             struct receive_hook_feed_state *feed_state)
 634{
 635        struct child_process proc = CHILD_PROCESS_INIT;
 636        struct async muxer;
 637        const char *argv[2];
 638        int code;
 639
 640        argv[0] = find_hook(hook_name);
 641        if (!argv[0])
 642                return 0;
 643
 644        argv[1] = NULL;
 645
 646        proc.argv = argv;
 647        proc.in = -1;
 648        proc.stdout_to_stderr = 1;
 649        if (feed_state->push_options) {
 650                int i;
 651                for (i = 0; i < feed_state->push_options->nr; i++)
 652                        argv_array_pushf(&proc.env_array,
 653                                "GIT_PUSH_OPTION_%d=%s", i,
 654                                feed_state->push_options->items[i].string);
 655                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
 656                                 feed_state->push_options->nr);
 657        } else
 658                argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
 659
 660        if (use_sideband) {
 661                memset(&muxer, 0, sizeof(muxer));
 662                muxer.proc = copy_to_sideband;
 663                muxer.in = -1;
 664                code = start_async(&muxer);
 665                if (code)
 666                        return code;
 667                proc.err = muxer.in;
 668        }
 669
 670        prepare_push_cert_sha1(&proc);
 671
 672        code = start_command(&proc);
 673        if (code) {
 674                if (use_sideband)
 675                        finish_async(&muxer);
 676                return code;
 677        }
 678
 679        sigchain_push(SIGPIPE, SIG_IGN);
 680
 681        while (1) {
 682                const char *buf;
 683                size_t n;
 684                if (feed(feed_state, &buf, &n))
 685                        break;
 686                if (write_in_full(proc.in, buf, n) != n)
 687                        break;
 688        }
 689        close(proc.in);
 690        if (use_sideband)
 691                finish_async(&muxer);
 692
 693        sigchain_pop(SIGPIPE);
 694
 695        return finish_command(&proc);
 696}
 697
 698static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
 699{
 700        struct receive_hook_feed_state *state = state_;
 701        struct command *cmd = state->cmd;
 702
 703        while (cmd &&
 704               state->skip_broken && (cmd->error_string || cmd->did_not_exist))
 705                cmd = cmd->next;
 706        if (!cmd)
 707                return -1; /* EOF */
 708        strbuf_reset(&state->buf);
 709        strbuf_addf(&state->buf, "%s %s %s\n",
 710                    sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
 711                    cmd->ref_name);
 712        state->cmd = cmd->next;
 713        if (bufp) {
 714                *bufp = state->buf.buf;
 715                *sizep = state->buf.len;
 716        }
 717        return 0;
 718}
 719
 720static int run_receive_hook(struct command *commands,
 721                            const char *hook_name,
 722                            int skip_broken,
 723                            const struct string_list *push_options)
 724{
 725        struct receive_hook_feed_state state;
 726        int status;
 727
 728        strbuf_init(&state.buf, 0);
 729        state.cmd = commands;
 730        state.skip_broken = skip_broken;
 731        if (feed_receive_hook(&state, NULL, NULL))
 732                return 0;
 733        state.cmd = commands;
 734        state.push_options = push_options;
 735        status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
 736        strbuf_release(&state.buf);
 737        return status;
 738}
 739
 740static int run_update_hook(struct command *cmd)
 741{
 742        const char *argv[5];
 743        struct child_process proc = CHILD_PROCESS_INIT;
 744        int code;
 745
 746        argv[0] = find_hook("update");
 747        if (!argv[0])
 748                return 0;
 749
 750        argv[1] = cmd->ref_name;
 751        argv[2] = sha1_to_hex(cmd->old_sha1);
 752        argv[3] = sha1_to_hex(cmd->new_sha1);
 753        argv[4] = NULL;
 754
 755        proc.no_stdin = 1;
 756        proc.stdout_to_stderr = 1;
 757        proc.err = use_sideband ? -1 : 0;
 758        proc.argv = argv;
 759
 760        code = start_command(&proc);
 761        if (code)
 762                return code;
 763        if (use_sideband)
 764                copy_to_sideband(proc.err, -1, NULL);
 765        return finish_command(&proc);
 766}
 767
 768static int is_ref_checked_out(const char *ref)
 769{
 770        if (is_bare_repository())
 771                return 0;
 772
 773        if (!head_name)
 774                return 0;
 775        return !strcmp(head_name, ref);
 776}
 777
 778static char *refuse_unconfigured_deny_msg[] = {
 779        "By default, updating the current branch in a non-bare repository",
 780        "is denied, because it will make the index and work tree inconsistent",
 781        "with what you pushed, and will require 'git reset --hard' to match",
 782        "the work tree to HEAD.",
 783        "",
 784        "You can set 'receive.denyCurrentBranch' configuration variable to",
 785        "'ignore' or 'warn' in the remote repository to allow pushing into",
 786        "its current branch; however, this is not recommended unless you",
 787        "arranged to update its work tree to match what you pushed in some",
 788        "other way.",
 789        "",
 790        "To squelch this message and still keep the default behaviour, set",
 791        "'receive.denyCurrentBranch' configuration variable to 'refuse'."
 792};
 793
 794static void refuse_unconfigured_deny(void)
 795{
 796        int i;
 797        for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
 798                rp_error("%s", refuse_unconfigured_deny_msg[i]);
 799}
 800
 801static char *refuse_unconfigured_deny_delete_current_msg[] = {
 802        "By default, deleting the current branch is denied, because the next",
 803        "'git clone' won't result in any file checked out, causing confusion.",
 804        "",
 805        "You can set 'receive.denyDeleteCurrent' configuration variable to",
 806        "'warn' or 'ignore' in the remote repository to allow deleting the",
 807        "current branch, with or without a warning message.",
 808        "",
 809        "To squelch this message, you can set it to 'refuse'."
 810};
 811
 812static void refuse_unconfigured_deny_delete_current(void)
 813{
 814        int i;
 815        for (i = 0;
 816             i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
 817             i++)
 818                rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
 819}
 820
 821static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
 822static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
 823{
 824        static struct lock_file shallow_lock;
 825        struct sha1_array extra = SHA1_ARRAY_INIT;
 826        struct check_connected_options opt = CHECK_CONNECTED_INIT;
 827        uint32_t mask = 1 << (cmd->index % 32);
 828        int i;
 829
 830        trace_printf_key(&trace_shallow,
 831                         "shallow: update_shallow_ref %s\n", cmd->ref_name);
 832        for (i = 0; i < si->shallow->nr; i++)
 833                if (si->used_shallow[i] &&
 834                    (si->used_shallow[i][cmd->index / 32] & mask) &&
 835                    !delayed_reachability_test(si, i))
 836                        sha1_array_append(&extra, si->shallow->sha1[i]);
 837
 838        setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
 839        if (check_connected(command_singleton_iterator, cmd, &opt)) {
 840                rollback_lock_file(&shallow_lock);
 841                sha1_array_clear(&extra);
 842                return -1;
 843        }
 844
 845        commit_lock_file(&shallow_lock);
 846
 847        /*
 848         * Make sure setup_alternate_shallow() for the next ref does
 849         * not lose these new roots..
 850         */
 851        for (i = 0; i < extra.nr; i++)
 852                register_shallow(extra.sha1[i]);
 853
 854        si->shallow_ref[cmd->index] = 0;
 855        sha1_array_clear(&extra);
 856        return 0;
 857}
 858
 859/*
 860 * NEEDSWORK: we should consolidate various implementions of "are we
 861 * on an unborn branch?" test into one, and make the unified one more
 862 * robust. !get_sha1() based check used here and elsewhere would not
 863 * allow us to tell an unborn branch from corrupt ref, for example.
 864 * For the purpose of fixing "deploy-to-update does not work when
 865 * pushing into an empty repository" issue, this should suffice for
 866 * now.
 867 */
 868static int head_has_history(void)
 869{
 870        unsigned char sha1[20];
 871
 872        return !get_sha1("HEAD", sha1);
 873}
 874
 875static const char *push_to_deploy(unsigned char *sha1,
 876                                  struct argv_array *env,
 877                                  const char *work_tree)
 878{
 879        const char *update_refresh[] = {
 880                "update-index", "-q", "--ignore-submodules", "--refresh", NULL
 881        };
 882        const char *diff_files[] = {
 883                "diff-files", "--quiet", "--ignore-submodules", "--", NULL
 884        };
 885        const char *diff_index[] = {
 886                "diff-index", "--quiet", "--cached", "--ignore-submodules",
 887                NULL, "--", NULL
 888        };
 889        const char *read_tree[] = {
 890                "read-tree", "-u", "-m", NULL, NULL
 891        };
 892        struct child_process child = CHILD_PROCESS_INIT;
 893
 894        child.argv = update_refresh;
 895        child.env = env->argv;
 896        child.dir = work_tree;
 897        child.no_stdin = 1;
 898        child.stdout_to_stderr = 1;
 899        child.git_cmd = 1;
 900        if (run_command(&child))
 901                return "Up-to-date check failed";
 902
 903        /* run_command() does not clean up completely; reinitialize */
 904        child_process_init(&child);
 905        child.argv = diff_files;
 906        child.env = env->argv;
 907        child.dir = work_tree;
 908        child.no_stdin = 1;
 909        child.stdout_to_stderr = 1;
 910        child.git_cmd = 1;
 911        if (run_command(&child))
 912                return "Working directory has unstaged changes";
 913
 914        /* diff-index with either HEAD or an empty tree */
 915        diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
 916
 917        child_process_init(&child);
 918        child.argv = diff_index;
 919        child.env = env->argv;
 920        child.no_stdin = 1;
 921        child.no_stdout = 1;
 922        child.stdout_to_stderr = 0;
 923        child.git_cmd = 1;
 924        if (run_command(&child))
 925                return "Working directory has staged changes";
 926
 927        read_tree[3] = sha1_to_hex(sha1);
 928        child_process_init(&child);
 929        child.argv = read_tree;
 930        child.env = env->argv;
 931        child.dir = work_tree;
 932        child.no_stdin = 1;
 933        child.no_stdout = 1;
 934        child.stdout_to_stderr = 0;
 935        child.git_cmd = 1;
 936        if (run_command(&child))
 937                return "Could not update working tree to new HEAD";
 938
 939        return NULL;
 940}
 941
 942static const char *push_to_checkout_hook = "push-to-checkout";
 943
 944static const char *push_to_checkout(unsigned char *sha1,
 945                                    struct argv_array *env,
 946                                    const char *work_tree)
 947{
 948        argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
 949        if (run_hook_le(env->argv, push_to_checkout_hook,
 950                        sha1_to_hex(sha1), NULL))
 951                return "push-to-checkout hook declined";
 952        else
 953                return NULL;
 954}
 955
 956static const char *update_worktree(unsigned char *sha1)
 957{
 958        const char *retval;
 959        const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
 960        struct argv_array env = ARGV_ARRAY_INIT;
 961
 962        if (is_bare_repository())
 963                return "denyCurrentBranch = updateInstead needs a worktree";
 964
 965        argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
 966
 967        if (!find_hook(push_to_checkout_hook))
 968                retval = push_to_deploy(sha1, &env, work_tree);
 969        else
 970                retval = push_to_checkout(sha1, &env, work_tree);
 971
 972        argv_array_clear(&env);
 973        return retval;
 974}
 975
 976static const char *update(struct command *cmd, struct shallow_info *si)
 977{
 978        const char *name = cmd->ref_name;
 979        struct strbuf namespaced_name_buf = STRBUF_INIT;
 980        const char *namespaced_name, *ret;
 981        unsigned char *old_sha1 = cmd->old_sha1;
 982        unsigned char *new_sha1 = cmd->new_sha1;
 983
 984        /* only refs/... are allowed */
 985        if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
 986                rp_error("refusing to create funny ref '%s' remotely", name);
 987                return "funny refname";
 988        }
 989
 990        strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
 991        namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
 992
 993        if (is_ref_checked_out(namespaced_name)) {
 994                switch (deny_current_branch) {
 995                case DENY_IGNORE:
 996                        break;
 997                case DENY_WARN:
 998                        rp_warning("updating the current branch");
 999                        break;
1000                case DENY_REFUSE:
1001                case DENY_UNCONFIGURED:
1002                        rp_error("refusing to update checked out branch: %s", name);
1003                        if (deny_current_branch == DENY_UNCONFIGURED)
1004                                refuse_unconfigured_deny();
1005                        return "branch is currently checked out";
1006                case DENY_UPDATE_INSTEAD:
1007                        ret = update_worktree(new_sha1);
1008                        if (ret)
1009                                return ret;
1010                        break;
1011                }
1012        }
1013
1014        if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1015                error("unpack should have generated %s, "
1016                      "but I can't find it!", sha1_to_hex(new_sha1));
1017                return "bad pack";
1018        }
1019
1020        if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1021                if (deny_deletes && starts_with(name, "refs/heads/")) {
1022                        rp_error("denying ref deletion for %s", name);
1023                        return "deletion prohibited";
1024                }
1025
1026                if (head_name && !strcmp(namespaced_name, head_name)) {
1027                        switch (deny_delete_current) {
1028                        case DENY_IGNORE:
1029                                break;
1030                        case DENY_WARN:
1031                                rp_warning("deleting the current branch");
1032                                break;
1033                        case DENY_REFUSE:
1034                        case DENY_UNCONFIGURED:
1035                        case DENY_UPDATE_INSTEAD:
1036                                if (deny_delete_current == DENY_UNCONFIGURED)
1037                                        refuse_unconfigured_deny_delete_current();
1038                                rp_error("refusing to delete the current branch: %s", name);
1039                                return "deletion of the current branch prohibited";
1040                        default:
1041                                return "Invalid denyDeleteCurrent setting";
1042                        }
1043                }
1044        }
1045
1046        if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1047            !is_null_sha1(old_sha1) &&
1048            starts_with(name, "refs/heads/")) {
1049                struct object *old_object, *new_object;
1050                struct commit *old_commit, *new_commit;
1051
1052                old_object = parse_object(old_sha1);
1053                new_object = parse_object(new_sha1);
1054
1055                if (!old_object || !new_object ||
1056                    old_object->type != OBJ_COMMIT ||
1057                    new_object->type != OBJ_COMMIT) {
1058                        error("bad sha1 objects for %s", name);
1059                        return "bad ref";
1060                }
1061                old_commit = (struct commit *)old_object;
1062                new_commit = (struct commit *)new_object;
1063                if (!in_merge_bases(old_commit, new_commit)) {
1064                        rp_error("denying non-fast-forward %s"
1065                                 " (you should pull first)", name);
1066                        return "non-fast-forward";
1067                }
1068        }
1069        if (run_update_hook(cmd)) {
1070                rp_error("hook declined to update %s", name);
1071                return "hook declined";
1072        }
1073
1074        if (is_null_sha1(new_sha1)) {
1075                struct strbuf err = STRBUF_INIT;
1076                if (!parse_object(old_sha1)) {
1077                        old_sha1 = NULL;
1078                        if (ref_exists(name)) {
1079                                rp_warning("Allowing deletion of corrupt ref.");
1080                        } else {
1081                                rp_warning("Deleting a non-existent ref.");
1082                                cmd->did_not_exist = 1;
1083                        }
1084                }
1085                if (ref_transaction_delete(transaction,
1086                                           namespaced_name,
1087                                           old_sha1,
1088                                           0, "push", &err)) {
1089                        rp_error("%s", err.buf);
1090                        strbuf_release(&err);
1091                        return "failed to delete";
1092                }
1093                strbuf_release(&err);
1094                return NULL; /* good */
1095        }
1096        else {
1097                struct strbuf err = STRBUF_INIT;
1098                if (shallow_update && si->shallow_ref[cmd->index] &&
1099                    update_shallow_ref(cmd, si))
1100                        return "shallow error";
1101
1102                if (ref_transaction_update(transaction,
1103                                           namespaced_name,
1104                                           new_sha1, old_sha1,
1105                                           0, "push",
1106                                           &err)) {
1107                        rp_error("%s", err.buf);
1108                        strbuf_release(&err);
1109
1110                        return "failed to update ref";
1111                }
1112                strbuf_release(&err);
1113
1114                return NULL; /* good */
1115        }
1116}
1117
1118static void run_update_post_hook(struct command *commands)
1119{
1120        struct command *cmd;
1121        int argc;
1122        struct child_process proc = CHILD_PROCESS_INIT;
1123        const char *hook;
1124
1125        hook = find_hook("post-update");
1126        for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1127                if (cmd->error_string || cmd->did_not_exist)
1128                        continue;
1129                argc++;
1130        }
1131        if (!argc || !hook)
1132                return;
1133
1134        argv_array_push(&proc.args, hook);
1135        for (cmd = commands; cmd; cmd = cmd->next) {
1136                if (cmd->error_string || cmd->did_not_exist)
1137                        continue;
1138                argv_array_push(&proc.args, cmd->ref_name);
1139        }
1140
1141        proc.no_stdin = 1;
1142        proc.stdout_to_stderr = 1;
1143        proc.err = use_sideband ? -1 : 0;
1144
1145        if (!start_command(&proc)) {
1146                if (use_sideband)
1147                        copy_to_sideband(proc.err, -1, NULL);
1148                finish_command(&proc);
1149        }
1150}
1151
1152static void check_aliased_update(struct command *cmd, struct string_list *list)
1153{
1154        struct strbuf buf = STRBUF_INIT;
1155        const char *dst_name;
1156        struct string_list_item *item;
1157        struct command *dst_cmd;
1158        unsigned char sha1[GIT_SHA1_RAWSZ];
1159        char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1160             cmd_newh[GIT_SHA1_HEXSZ + 1],
1161             dst_oldh[GIT_SHA1_HEXSZ + 1],
1162             dst_newh[GIT_SHA1_HEXSZ + 1];
1163        int flag;
1164
1165        strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1166        dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1167        strbuf_release(&buf);
1168
1169        if (!(flag & REF_ISSYMREF))
1170                return;
1171
1172        if (!dst_name) {
1173                rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1174                cmd->skip_update = 1;
1175                cmd->error_string = "broken symref";
1176                return;
1177        }
1178        dst_name = strip_namespace(dst_name);
1179
1180        if ((item = string_list_lookup(list, dst_name)) == NULL)
1181                return;
1182
1183        cmd->skip_update = 1;
1184
1185        dst_cmd = (struct command *) item->util;
1186
1187        if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1188            !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1189                return;
1190
1191        dst_cmd->skip_update = 1;
1192
1193        find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1194        find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1195        find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1196        find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1197        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1198                 " its target '%s' (%s..%s)",
1199                 cmd->ref_name, cmd_oldh, cmd_newh,
1200                 dst_cmd->ref_name, dst_oldh, dst_newh);
1201
1202        cmd->error_string = dst_cmd->error_string =
1203                "inconsistent aliased update";
1204}
1205
1206static void check_aliased_updates(struct command *commands)
1207{
1208        struct command *cmd;
1209        struct string_list ref_list = STRING_LIST_INIT_NODUP;
1210
1211        for (cmd = commands; cmd; cmd = cmd->next) {
1212                struct string_list_item *item =
1213                        string_list_append(&ref_list, cmd->ref_name);
1214                item->util = (void *)cmd;
1215        }
1216        string_list_sort(&ref_list);
1217
1218        for (cmd = commands; cmd; cmd = cmd->next) {
1219                if (!cmd->error_string)
1220                        check_aliased_update(cmd, &ref_list);
1221        }
1222
1223        string_list_clear(&ref_list, 0);
1224}
1225
1226static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1227{
1228        struct command **cmd_list = cb_data;
1229        struct command *cmd = *cmd_list;
1230
1231        if (!cmd || is_null_sha1(cmd->new_sha1))
1232                return -1; /* end of list */
1233        *cmd_list = NULL; /* this returns only one */
1234        hashcpy(sha1, cmd->new_sha1);
1235        return 0;
1236}
1237
1238static void set_connectivity_errors(struct command *commands,
1239                                    struct shallow_info *si)
1240{
1241        struct command *cmd;
1242
1243        for (cmd = commands; cmd; cmd = cmd->next) {
1244                struct command *singleton = cmd;
1245                if (shallow_update && si->shallow_ref[cmd->index])
1246                        /* to be checked in update_shallow_ref() */
1247                        continue;
1248                if (!check_connected(command_singleton_iterator, &singleton,
1249                                     NULL))
1250                        continue;
1251                cmd->error_string = "missing necessary objects";
1252        }
1253}
1254
1255struct iterate_data {
1256        struct command *cmds;
1257        struct shallow_info *si;
1258};
1259
1260static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1261{
1262        struct iterate_data *data = cb_data;
1263        struct command **cmd_list = &data->cmds;
1264        struct command *cmd = *cmd_list;
1265
1266        for (; cmd; cmd = cmd->next) {
1267                if (shallow_update && data->si->shallow_ref[cmd->index])
1268                        /* to be checked in update_shallow_ref() */
1269                        continue;
1270                if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1271                        hashcpy(sha1, cmd->new_sha1);
1272                        *cmd_list = cmd->next;
1273                        return 0;
1274                }
1275        }
1276        *cmd_list = NULL;
1277        return -1; /* end of list */
1278}
1279
1280static void reject_updates_to_hidden(struct command *commands)
1281{
1282        struct strbuf refname_full = STRBUF_INIT;
1283        size_t prefix_len;
1284        struct command *cmd;
1285
1286        strbuf_addstr(&refname_full, get_git_namespace());
1287        prefix_len = refname_full.len;
1288
1289        for (cmd = commands; cmd; cmd = cmd->next) {
1290                if (cmd->error_string)
1291                        continue;
1292
1293                strbuf_setlen(&refname_full, prefix_len);
1294                strbuf_addstr(&refname_full, cmd->ref_name);
1295
1296                if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1297                        continue;
1298                if (is_null_sha1(cmd->new_sha1))
1299                        cmd->error_string = "deny deleting a hidden ref";
1300                else
1301                        cmd->error_string = "deny updating a hidden ref";
1302        }
1303
1304        strbuf_release(&refname_full);
1305}
1306
1307static int should_process_cmd(struct command *cmd)
1308{
1309        return !cmd->error_string && !cmd->skip_update;
1310}
1311
1312static void warn_if_skipped_connectivity_check(struct command *commands,
1313                                               struct shallow_info *si)
1314{
1315        struct command *cmd;
1316        int checked_connectivity = 1;
1317
1318        for (cmd = commands; cmd; cmd = cmd->next) {
1319                if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1320                        error("BUG: connectivity check has not been run on ref %s",
1321                              cmd->ref_name);
1322                        checked_connectivity = 0;
1323                }
1324        }
1325        if (!checked_connectivity)
1326                die("BUG: connectivity check skipped???");
1327}
1328
1329static void execute_commands_non_atomic(struct command *commands,
1330                                        struct shallow_info *si)
1331{
1332        struct command *cmd;
1333        struct strbuf err = STRBUF_INIT;
1334
1335        for (cmd = commands; cmd; cmd = cmd->next) {
1336                if (!should_process_cmd(cmd))
1337                        continue;
1338
1339                transaction = ref_transaction_begin(&err);
1340                if (!transaction) {
1341                        rp_error("%s", err.buf);
1342                        strbuf_reset(&err);
1343                        cmd->error_string = "transaction failed to start";
1344                        continue;
1345                }
1346
1347                cmd->error_string = update(cmd, si);
1348
1349                if (!cmd->error_string
1350                    && ref_transaction_commit(transaction, &err)) {
1351                        rp_error("%s", err.buf);
1352                        strbuf_reset(&err);
1353                        cmd->error_string = "failed to update ref";
1354                }
1355                ref_transaction_free(transaction);
1356        }
1357        strbuf_release(&err);
1358}
1359
1360static void execute_commands_atomic(struct command *commands,
1361                                        struct shallow_info *si)
1362{
1363        struct command *cmd;
1364        struct strbuf err = STRBUF_INIT;
1365        const char *reported_error = "atomic push failure";
1366
1367        transaction = ref_transaction_begin(&err);
1368        if (!transaction) {
1369                rp_error("%s", err.buf);
1370                strbuf_reset(&err);
1371                reported_error = "transaction failed to start";
1372                goto failure;
1373        }
1374
1375        for (cmd = commands; cmd; cmd = cmd->next) {
1376                if (!should_process_cmd(cmd))
1377                        continue;
1378
1379                cmd->error_string = update(cmd, si);
1380
1381                if (cmd->error_string)
1382                        goto failure;
1383        }
1384
1385        if (ref_transaction_commit(transaction, &err)) {
1386                rp_error("%s", err.buf);
1387                reported_error = "atomic transaction failed";
1388                goto failure;
1389        }
1390        goto cleanup;
1391
1392failure:
1393        for (cmd = commands; cmd; cmd = cmd->next)
1394                if (!cmd->error_string)
1395                        cmd->error_string = reported_error;
1396
1397cleanup:
1398        ref_transaction_free(transaction);
1399        strbuf_release(&err);
1400}
1401
1402static void execute_commands(struct command *commands,
1403                             const char *unpacker_error,
1404                             struct shallow_info *si,
1405                             const struct string_list *push_options)
1406{
1407        struct check_connected_options opt = CHECK_CONNECTED_INIT;
1408        struct command *cmd;
1409        unsigned char sha1[20];
1410        struct iterate_data data;
1411        struct async muxer;
1412        int err_fd = 0;
1413
1414        if (unpacker_error) {
1415                for (cmd = commands; cmd; cmd = cmd->next)
1416                        cmd->error_string = "unpacker error";
1417                return;
1418        }
1419
1420        if (use_sideband) {
1421                memset(&muxer, 0, sizeof(muxer));
1422                muxer.proc = copy_to_sideband;
1423                muxer.in = -1;
1424                if (!start_async(&muxer))
1425                        err_fd = muxer.in;
1426                /* ...else, continue without relaying sideband */
1427        }
1428
1429        data.cmds = commands;
1430        data.si = si;
1431        opt.err_fd = err_fd;
1432        opt.progress = err_fd && !quiet;
1433        if (check_connected(iterate_receive_command_list, &data, &opt))
1434                set_connectivity_errors(commands, si);
1435
1436        if (use_sideband)
1437                finish_async(&muxer);
1438
1439        reject_updates_to_hidden(commands);
1440
1441        if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1442                for (cmd = commands; cmd; cmd = cmd->next) {
1443                        if (!cmd->error_string)
1444                                cmd->error_string = "pre-receive hook declined";
1445                }
1446                return;
1447        }
1448
1449        check_aliased_updates(commands);
1450
1451        free(head_name_to_free);
1452        head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1453
1454        if (use_atomic)
1455                execute_commands_atomic(commands, si);
1456        else
1457                execute_commands_non_atomic(commands, si);
1458
1459        if (shallow_update)
1460                warn_if_skipped_connectivity_check(commands, si);
1461}
1462
1463static struct command **queue_command(struct command **tail,
1464                                      const char *line,
1465                                      int linelen)
1466{
1467        unsigned char old_sha1[20], new_sha1[20];
1468        struct command *cmd;
1469        const char *refname;
1470        int reflen;
1471
1472        if (linelen < 83 ||
1473            line[40] != ' ' ||
1474            line[81] != ' ' ||
1475            get_sha1_hex(line, old_sha1) ||
1476            get_sha1_hex(line + 41, new_sha1))
1477                die("protocol error: expected old/new/ref, got '%s'", line);
1478
1479        refname = line + 82;
1480        reflen = linelen - 82;
1481        FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1482        hashcpy(cmd->old_sha1, old_sha1);
1483        hashcpy(cmd->new_sha1, new_sha1);
1484        *tail = cmd;
1485        return &cmd->next;
1486}
1487
1488static void queue_commands_from_cert(struct command **tail,
1489                                     struct strbuf *push_cert)
1490{
1491        const char *boc, *eoc;
1492
1493        if (*tail)
1494                die("protocol error: got both push certificate and unsigned commands");
1495
1496        boc = strstr(push_cert->buf, "\n\n");
1497        if (!boc)
1498                die("malformed push certificate %.*s", 100, push_cert->buf);
1499        else
1500                boc += 2;
1501        eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1502
1503        while (boc < eoc) {
1504                const char *eol = memchr(boc, '\n', eoc - boc);
1505                tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1506                boc = eol ? eol + 1 : eoc;
1507        }
1508}
1509
1510static struct command *read_head_info(struct sha1_array *shallow)
1511{
1512        struct command *commands = NULL;
1513        struct command **p = &commands;
1514        for (;;) {
1515                char *line;
1516                int len, linelen;
1517
1518                line = packet_read_line(0, &len);
1519                if (!line)
1520                        break;
1521
1522                if (len == 48 && starts_with(line, "shallow ")) {
1523                        unsigned char sha1[20];
1524                        if (get_sha1_hex(line + 8, sha1))
1525                                die("protocol error: expected shallow sha, got '%s'",
1526                                    line + 8);
1527                        sha1_array_append(shallow, sha1);
1528                        continue;
1529                }
1530
1531                linelen = strlen(line);
1532                if (linelen < len) {
1533                        const char *feature_list = line + linelen + 1;
1534                        if (parse_feature_request(feature_list, "report-status"))
1535                                report_status = 1;
1536                        if (parse_feature_request(feature_list, "side-band-64k"))
1537                                use_sideband = LARGE_PACKET_MAX;
1538                        if (parse_feature_request(feature_list, "quiet"))
1539                                quiet = 1;
1540                        if (advertise_atomic_push
1541                            && parse_feature_request(feature_list, "atomic"))
1542                                use_atomic = 1;
1543                        if (advertise_push_options
1544                            && parse_feature_request(feature_list, "push-options"))
1545                                use_push_options = 1;
1546                }
1547
1548                if (!strcmp(line, "push-cert")) {
1549                        int true_flush = 0;
1550                        char certbuf[1024];
1551
1552                        for (;;) {
1553                                len = packet_read(0, NULL, NULL,
1554                                                  certbuf, sizeof(certbuf), 0);
1555                                if (!len) {
1556                                        true_flush = 1;
1557                                        break;
1558                                }
1559                                if (!strcmp(certbuf, "push-cert-end\n"))
1560                                        break; /* end of cert */
1561                                strbuf_addstr(&push_cert, certbuf);
1562                        }
1563
1564                        if (true_flush)
1565                                break;
1566                        continue;
1567                }
1568
1569                p = queue_command(p, line, linelen);
1570        }
1571
1572        if (push_cert.len)
1573                queue_commands_from_cert(p, &push_cert);
1574
1575        return commands;
1576}
1577
1578static void read_push_options(struct string_list *options)
1579{
1580        while (1) {
1581                char *line;
1582                int len;
1583
1584                line = packet_read_line(0, &len);
1585
1586                if (!line)
1587                        break;
1588
1589                string_list_append(options, line);
1590        }
1591}
1592
1593static const char *parse_pack_header(struct pack_header *hdr)
1594{
1595        switch (read_pack_header(0, hdr)) {
1596        case PH_ERROR_EOF:
1597                return "eof before pack header was fully read";
1598
1599        case PH_ERROR_PACK_SIGNATURE:
1600                return "protocol error (pack signature mismatch detected)";
1601
1602        case PH_ERROR_PROTOCOL:
1603                return "protocol error (pack version unsupported)";
1604
1605        default:
1606                return "unknown error in parse_pack_header";
1607
1608        case 0:
1609                return NULL;
1610        }
1611}
1612
1613static const char *pack_lockfile;
1614
1615static const char *unpack(int err_fd, struct shallow_info *si)
1616{
1617        struct pack_header hdr;
1618        const char *hdr_err;
1619        int status;
1620        char hdr_arg[38];
1621        struct child_process child = CHILD_PROCESS_INIT;
1622        int fsck_objects = (receive_fsck_objects >= 0
1623                            ? receive_fsck_objects
1624                            : transfer_fsck_objects >= 0
1625                            ? transfer_fsck_objects
1626                            : 0);
1627
1628        hdr_err = parse_pack_header(&hdr);
1629        if (hdr_err) {
1630                if (err_fd > 0)
1631                        close(err_fd);
1632                return hdr_err;
1633        }
1634        snprintf(hdr_arg, sizeof(hdr_arg),
1635                        "--pack_header=%"PRIu32",%"PRIu32,
1636                        ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1637
1638        if (si->nr_ours || si->nr_theirs) {
1639                alt_shallow_file = setup_temporary_shallow(si->shallow);
1640                argv_array_push(&child.args, "--shallow-file");
1641                argv_array_push(&child.args, alt_shallow_file);
1642        }
1643
1644        if (ntohl(hdr.hdr_entries) < unpack_limit) {
1645                argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1646                if (quiet)
1647                        argv_array_push(&child.args, "-q");
1648                if (fsck_objects)
1649                        argv_array_pushf(&child.args, "--strict%s",
1650                                fsck_msg_types.buf);
1651                child.no_stdout = 1;
1652                child.err = err_fd;
1653                child.git_cmd = 1;
1654                status = run_command(&child);
1655                if (status)
1656                        return "unpack-objects abnormal exit";
1657        } else {
1658                char hostname[256];
1659
1660                argv_array_pushl(&child.args, "index-pack",
1661                                 "--stdin", hdr_arg, NULL);
1662
1663                if (gethostname(hostname, sizeof(hostname)))
1664                        xsnprintf(hostname, sizeof(hostname), "localhost");
1665                argv_array_pushf(&child.args,
1666                                 "--keep=receive-pack %"PRIuMAX" on %s",
1667                                 (uintmax_t)getpid(),
1668                                 hostname);
1669
1670                if (!quiet && err_fd)
1671                        argv_array_push(&child.args, "--show-resolving-progress");
1672                if (use_sideband)
1673                        argv_array_push(&child.args, "--report-end-of-input");
1674                if (fsck_objects)
1675                        argv_array_pushf(&child.args, "--strict%s",
1676                                fsck_msg_types.buf);
1677                if (!reject_thin)
1678                        argv_array_push(&child.args, "--fix-thin");
1679                child.out = -1;
1680                child.err = err_fd;
1681                child.git_cmd = 1;
1682                status = start_command(&child);
1683                if (status)
1684                        return "index-pack fork failed";
1685                pack_lockfile = index_pack_lockfile(child.out);
1686                close(child.out);
1687                status = finish_command(&child);
1688                if (status)
1689                        return "index-pack abnormal exit";
1690                reprepare_packed_git();
1691        }
1692        return NULL;
1693}
1694
1695static const char *unpack_with_sideband(struct shallow_info *si)
1696{
1697        struct async muxer;
1698        const char *ret;
1699
1700        if (!use_sideband)
1701                return unpack(0, si);
1702
1703        use_keepalive = KEEPALIVE_AFTER_NUL;
1704        memset(&muxer, 0, sizeof(muxer));
1705        muxer.proc = copy_to_sideband;
1706        muxer.in = -1;
1707        if (start_async(&muxer))
1708                return NULL;
1709
1710        ret = unpack(muxer.in, si);
1711
1712        finish_async(&muxer);
1713        return ret;
1714}
1715
1716static void prepare_shallow_update(struct command *commands,
1717                                   struct shallow_info *si)
1718{
1719        int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1720
1721        ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1722        assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1723
1724        si->need_reachability_test =
1725                xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1726        si->reachable =
1727                xcalloc(si->shallow->nr, sizeof(*si->reachable));
1728        si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1729
1730        for (i = 0; i < si->nr_ours; i++)
1731                si->need_reachability_test[si->ours[i]] = 1;
1732
1733        for (i = 0; i < si->shallow->nr; i++) {
1734                if (!si->used_shallow[i])
1735                        continue;
1736                for (j = 0; j < bitmap_size; j++) {
1737                        if (!si->used_shallow[i][j])
1738                                continue;
1739                        si->need_reachability_test[i]++;
1740                        for (k = 0; k < 32; k++)
1741                                if (si->used_shallow[i][j] & (1U << k))
1742                                        si->shallow_ref[j * 32 + k]++;
1743                }
1744
1745                /*
1746                 * true for those associated with some refs and belong
1747                 * in "ours" list aka "step 7 not done yet"
1748                 */
1749                si->need_reachability_test[i] =
1750                        si->need_reachability_test[i] > 1;
1751        }
1752
1753        /*
1754         * keep hooks happy by forcing a temporary shallow file via
1755         * env variable because we can't add --shallow-file to every
1756         * command. check_everything_connected() will be done with
1757         * true .git/shallow though.
1758         */
1759        setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1760}
1761
1762static void update_shallow_info(struct command *commands,
1763                                struct shallow_info *si,
1764                                struct sha1_array *ref)
1765{
1766        struct command *cmd;
1767        int *ref_status;
1768        remove_nonexistent_theirs_shallow(si);
1769        if (!si->nr_ours && !si->nr_theirs) {
1770                shallow_update = 0;
1771                return;
1772        }
1773
1774        for (cmd = commands; cmd; cmd = cmd->next) {
1775                if (is_null_sha1(cmd->new_sha1))
1776                        continue;
1777                sha1_array_append(ref, cmd->new_sha1);
1778                cmd->index = ref->nr - 1;
1779        }
1780        si->ref = ref;
1781
1782        if (shallow_update) {
1783                prepare_shallow_update(commands, si);
1784                return;
1785        }
1786
1787        ALLOC_ARRAY(ref_status, ref->nr);
1788        assign_shallow_commits_to_refs(si, NULL, ref_status);
1789        for (cmd = commands; cmd; cmd = cmd->next) {
1790                if (is_null_sha1(cmd->new_sha1))
1791                        continue;
1792                if (ref_status[cmd->index]) {
1793                        cmd->error_string = "shallow update not allowed";
1794                        cmd->skip_update = 1;
1795                }
1796        }
1797        free(ref_status);
1798}
1799
1800static void report(struct command *commands, const char *unpack_status)
1801{
1802        struct command *cmd;
1803        struct strbuf buf = STRBUF_INIT;
1804
1805        packet_buf_write(&buf, "unpack %s\n",
1806                         unpack_status ? unpack_status : "ok");
1807        for (cmd = commands; cmd; cmd = cmd->next) {
1808                if (!cmd->error_string)
1809                        packet_buf_write(&buf, "ok %s\n",
1810                                         cmd->ref_name);
1811                else
1812                        packet_buf_write(&buf, "ng %s %s\n",
1813                                         cmd->ref_name, cmd->error_string);
1814        }
1815        packet_buf_flush(&buf);
1816
1817        if (use_sideband)
1818                send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1819        else
1820                write_or_die(1, buf.buf, buf.len);
1821        strbuf_release(&buf);
1822}
1823
1824static int delete_only(struct command *commands)
1825{
1826        struct command *cmd;
1827        for (cmd = commands; cmd; cmd = cmd->next) {
1828                if (!is_null_sha1(cmd->new_sha1))
1829                        return 0;
1830        }
1831        return 1;
1832}
1833
1834int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1835{
1836        int advertise_refs = 0;
1837        struct command *commands;
1838        struct sha1_array shallow = SHA1_ARRAY_INIT;
1839        struct sha1_array ref = SHA1_ARRAY_INIT;
1840        struct shallow_info si;
1841
1842        struct option options[] = {
1843                OPT__QUIET(&quiet, N_("quiet")),
1844                OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1845                OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1846                OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1847                OPT_END()
1848        };
1849
1850        packet_trace_identity("receive-pack");
1851
1852        argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1853
1854        if (argc > 1)
1855                usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1856        if (argc == 0)
1857                usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1858
1859        service_dir = argv[0];
1860
1861        setup_path();
1862
1863        if (!enter_repo(service_dir, 0))
1864                die("'%s' does not appear to be a git repository", service_dir);
1865
1866        git_config(receive_pack_config, NULL);
1867        if (cert_nonce_seed)
1868                push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1869
1870        if (0 <= transfer_unpack_limit)
1871                unpack_limit = transfer_unpack_limit;
1872        else if (0 <= receive_unpack_limit)
1873                unpack_limit = receive_unpack_limit;
1874
1875        if (advertise_refs || !stateless_rpc) {
1876                write_head_info();
1877        }
1878        if (advertise_refs)
1879                return 0;
1880
1881        if ((commands = read_head_info(&shallow)) != NULL) {
1882                const char *unpack_status = NULL;
1883                struct string_list push_options = STRING_LIST_INIT_DUP;
1884
1885                if (use_push_options)
1886                        read_push_options(&push_options);
1887
1888                prepare_shallow_info(&si, &shallow);
1889                if (!si.nr_ours && !si.nr_theirs)
1890                        shallow_update = 0;
1891                if (!delete_only(commands)) {
1892                        unpack_status = unpack_with_sideband(&si);
1893                        update_shallow_info(commands, &si, &ref);
1894                }
1895                use_keepalive = KEEPALIVE_ALWAYS;
1896                execute_commands(commands, unpack_status, &si,
1897                                 &push_options);
1898                if (pack_lockfile)
1899                        unlink_or_warn(pack_lockfile);
1900                if (report_status)
1901                        report(commands, unpack_status);
1902                run_receive_hook(commands, "post-receive", 1,
1903                                 &push_options);
1904                run_update_post_hook(commands);
1905                if (push_options.nr)
1906                        string_list_clear(&push_options, 0);
1907                if (auto_gc) {
1908                        const char *argv_gc_auto[] = {
1909                                "gc", "--auto", "--quiet", NULL,
1910                        };
1911                        struct child_process proc = CHILD_PROCESS_INIT;
1912
1913                        proc.no_stdin = 1;
1914                        proc.stdout_to_stderr = 1;
1915                        proc.err = use_sideband ? -1 : 0;
1916                        proc.git_cmd = 1;
1917                        proc.argv = argv_gc_auto;
1918
1919                        close_all_packs();
1920                        if (!start_command(&proc)) {
1921                                if (use_sideband)
1922                                        copy_to_sideband(proc.err, -1, NULL);
1923                                finish_command(&proc);
1924                        }
1925                }
1926                if (auto_update_server_info)
1927                        update_server_info(0);
1928                clear_shallow_info(&si);
1929        }
1930        if (use_sideband)
1931                packet_flush(1);
1932        sha1_array_clear(&shallow);
1933        sha1_array_clear(&ref);
1934        free((void *)push_cert_nonce);
1935        return 0;
1936}