1#include "builtin.h"
2#include "lockfile.h"
3#include "pack.h"
4#include "refs.h"
5#include "pkt-line.h"
6#include "sideband.h"
7#include "run-command.h"
8#include "exec_cmd.h"
9#include "commit.h"
10#include "object.h"
11#include "remote.h"
12#include "connect.h"
13#include "transport.h"
14#include "string-list.h"
15#include "sha1-array.h"
16#include "connected.h"
17#include "argv-array.h"
18#include "version.h"
19#include "tag.h"
20#include "gpg-interface.h"
21#include "sigchain.h"
22#include "fsck.h"
23#include "tmp-objdir.h"
24#include "oidset.h"
25
26static const char * const receive_pack_usage[] = {
27 N_("git receive-pack <git-dir>"),
28 NULL
29};
30
31enum deny_action {
32 DENY_UNCONFIGURED,
33 DENY_IGNORE,
34 DENY_WARN,
35 DENY_REFUSE,
36 DENY_UPDATE_INSTEAD
37};
38
39static int deny_deletes;
40static int deny_non_fast_forwards;
41static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
42static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
43static int receive_fsck_objects = -1;
44static int transfer_fsck_objects = -1;
45static struct strbuf fsck_msg_types = STRBUF_INIT;
46static int receive_unpack_limit = -1;
47static int transfer_unpack_limit = -1;
48static int advertise_atomic_push = 1;
49static int advertise_push_options;
50static int unpack_limit = 100;
51static off_t max_input_size;
52static int report_status;
53static int use_sideband;
54static int use_atomic;
55static int use_push_options;
56static int quiet;
57static int prefer_ofs_delta = 1;
58static int auto_update_server_info;
59static int auto_gc = 1;
60static int reject_thin;
61static int stateless_rpc;
62static const char *service_dir;
63static const char *head_name;
64static void *head_name_to_free;
65static int sent_capabilities;
66static int shallow_update;
67static const char *alt_shallow_file;
68static struct strbuf push_cert = STRBUF_INIT;
69static unsigned char push_cert_sha1[20];
70static struct signature_check sigcheck;
71static const char *push_cert_nonce;
72static const char *cert_nonce_seed;
73
74static const char *NONCE_UNSOLICITED = "UNSOLICITED";
75static const char *NONCE_BAD = "BAD";
76static const char *NONCE_MISSING = "MISSING";
77static const char *NONCE_OK = "OK";
78static const char *NONCE_SLOP = "SLOP";
79static const char *nonce_status;
80static long nonce_stamp_slop;
81static unsigned long nonce_stamp_slop_limit;
82static struct ref_transaction *transaction;
83
84static enum {
85 KEEPALIVE_NEVER = 0,
86 KEEPALIVE_AFTER_NUL,
87 KEEPALIVE_ALWAYS
88} use_keepalive;
89static int keepalive_in_sec = 5;
90
91static struct tmp_objdir *tmp_objdir;
92
93static enum deny_action parse_deny_action(const char *var, const char *value)
94{
95 if (value) {
96 if (!strcasecmp(value, "ignore"))
97 return DENY_IGNORE;
98 if (!strcasecmp(value, "warn"))
99 return DENY_WARN;
100 if (!strcasecmp(value, "refuse"))
101 return DENY_REFUSE;
102 if (!strcasecmp(value, "updateinstead"))
103 return DENY_UPDATE_INSTEAD;
104 }
105 if (git_config_bool(var, value))
106 return DENY_REFUSE;
107 return DENY_IGNORE;
108}
109
110static int receive_pack_config(const char *var, const char *value, void *cb)
111{
112 int status = parse_hide_refs_config(var, value, "receive");
113
114 if (status)
115 return status;
116
117 if (strcmp(var, "receive.denydeletes") == 0) {
118 deny_deletes = git_config_bool(var, value);
119 return 0;
120 }
121
122 if (strcmp(var, "receive.denynonfastforwards") == 0) {
123 deny_non_fast_forwards = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.unpacklimit") == 0) {
128 receive_unpack_limit = git_config_int(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "transfer.unpacklimit") == 0) {
133 transfer_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "receive.fsck.skiplist") == 0) {
138 const char *path;
139
140 if (git_config_pathname(&path, var, value))
141 return 1;
142 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
143 fsck_msg_types.len ? ',' : '=', path);
144 free((char *)path);
145 return 0;
146 }
147
148 if (skip_prefix(var, "receive.fsck.", &var)) {
149 if (is_valid_msg_type(var, value))
150 strbuf_addf(&fsck_msg_types, "%c%s=%s",
151 fsck_msg_types.len ? ',' : '=', var, value);
152 else
153 warning("Skipping unknown msg id '%s'", var);
154 return 0;
155 }
156
157 if (strcmp(var, "receive.fsckobjects") == 0) {
158 receive_fsck_objects = git_config_bool(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "transfer.fsckobjects") == 0) {
163 transfer_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (!strcmp(var, "receive.denycurrentbranch")) {
168 deny_current_branch = parse_deny_action(var, value);
169 return 0;
170 }
171
172 if (strcmp(var, "receive.denydeletecurrent") == 0) {
173 deny_delete_current = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
178 prefer_ofs_delta = git_config_bool(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.updateserverinfo") == 0) {
183 auto_update_server_info = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.autogc") == 0) {
188 auto_gc = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.shallowupdate") == 0) {
193 shallow_update = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.certnonceseed") == 0)
198 return git_config_string(&cert_nonce_seed, var, value);
199
200 if (strcmp(var, "receive.certnonceslop") == 0) {
201 nonce_stamp_slop_limit = git_config_ulong(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "receive.advertiseatomic") == 0) {
206 advertise_atomic_push = git_config_bool(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertisepushoptions") == 0) {
211 advertise_push_options = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.keepalive") == 0) {
216 keepalive_in_sec = git_config_int(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.maxinputsize") == 0) {
221 max_input_size = git_config_int64(var, value);
222 return 0;
223 }
224
225 return git_default_config(var, value, cb);
226}
227
228static void show_ref(const char *path, const unsigned char *sha1)
229{
230 if (sent_capabilities) {
231 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
232 } else {
233 struct strbuf cap = STRBUF_INIT;
234
235 strbuf_addstr(&cap,
236 "report-status delete-refs side-band-64k quiet");
237 if (advertise_atomic_push)
238 strbuf_addstr(&cap, " atomic");
239 if (prefer_ofs_delta)
240 strbuf_addstr(&cap, " ofs-delta");
241 if (push_cert_nonce)
242 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
243 if (advertise_push_options)
244 strbuf_addstr(&cap, " push-options");
245 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
246 packet_write_fmt(1, "%s %s%c%s\n",
247 sha1_to_hex(sha1), path, 0, cap.buf);
248 strbuf_release(&cap);
249 sent_capabilities = 1;
250 }
251}
252
253static int show_ref_cb(const char *path_full, const struct object_id *oid,
254 int flag, void *data)
255{
256 struct oidset *seen = data;
257 const char *path = strip_namespace(path_full);
258
259 if (ref_is_hidden(path, path_full))
260 return 0;
261
262 /*
263 * Advertise refs outside our current namespace as ".have"
264 * refs, so that the client can use them to minimize data
265 * transfer but will otherwise ignore them.
266 */
267 if (!path) {
268 if (oidset_insert(seen, oid))
269 return 0;
270 path = ".have";
271 } else {
272 oidset_insert(seen, oid);
273 }
274 show_ref(path, oid->hash);
275 return 0;
276}
277
278static void show_one_alternate_ref(const char *refname,
279 const struct object_id *oid,
280 void *data)
281{
282 struct oidset *seen = data;
283
284 if (oidset_insert(seen, oid))
285 return;
286
287 show_ref(".have", oid->hash);
288}
289
290static void write_head_info(void)
291{
292 static struct oidset seen = OIDSET_INIT;
293
294 for_each_ref(show_ref_cb, &seen);
295 for_each_alternate_ref(show_one_alternate_ref, &seen);
296 oidset_clear(&seen);
297 if (!sent_capabilities)
298 show_ref("capabilities^{}", null_sha1);
299
300 advertise_shallow_grafts(1);
301
302 /* EOF */
303 packet_flush(1);
304}
305
306struct command {
307 struct command *next;
308 const char *error_string;
309 unsigned int skip_update:1,
310 did_not_exist:1;
311 int index;
312 unsigned char old_sha1[20];
313 unsigned char new_sha1[20];
314 char ref_name[FLEX_ARRAY]; /* more */
315};
316
317static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
318static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
319
320static void report_message(const char *prefix, const char *err, va_list params)
321{
322 int sz;
323 char msg[4096];
324
325 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
326 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
327 if (sz > (sizeof(msg) - 1))
328 sz = sizeof(msg) - 1;
329 msg[sz++] = '\n';
330
331 if (use_sideband)
332 send_sideband(1, 2, msg, sz, use_sideband);
333 else
334 xwrite(2, msg, sz);
335}
336
337static void rp_warning(const char *err, ...)
338{
339 va_list params;
340 va_start(params, err);
341 report_message("warning: ", err, params);
342 va_end(params);
343}
344
345static void rp_error(const char *err, ...)
346{
347 va_list params;
348 va_start(params, err);
349 report_message("error: ", err, params);
350 va_end(params);
351}
352
353static int copy_to_sideband(int in, int out, void *arg)
354{
355 char data[128];
356 int keepalive_active = 0;
357
358 if (keepalive_in_sec <= 0)
359 use_keepalive = KEEPALIVE_NEVER;
360 if (use_keepalive == KEEPALIVE_ALWAYS)
361 keepalive_active = 1;
362
363 while (1) {
364 ssize_t sz;
365
366 if (keepalive_active) {
367 struct pollfd pfd;
368 int ret;
369
370 pfd.fd = in;
371 pfd.events = POLLIN;
372 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
373
374 if (ret < 0) {
375 if (errno == EINTR)
376 continue;
377 else
378 break;
379 } else if (ret == 0) {
380 /* no data; send a keepalive packet */
381 static const char buf[] = "0005\1";
382 write_or_die(1, buf, sizeof(buf) - 1);
383 continue;
384 } /* else there is actual data to read */
385 }
386
387 sz = xread(in, data, sizeof(data));
388 if (sz <= 0)
389 break;
390
391 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
392 const char *p = memchr(data, '\0', sz);
393 if (p) {
394 /*
395 * The NUL tells us to start sending keepalives. Make
396 * sure we send any other data we read along
397 * with it.
398 */
399 keepalive_active = 1;
400 send_sideband(1, 2, data, p - data, use_sideband);
401 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
402 continue;
403 }
404 }
405
406 /*
407 * Either we're not looking for a NUL signal, or we didn't see
408 * it yet; just pass along the data.
409 */
410 send_sideband(1, 2, data, sz, use_sideband);
411 }
412 close(in);
413 return 0;
414}
415
416#define HMAC_BLOCK_SIZE 64
417
418static void hmac_sha1(unsigned char *out,
419 const char *key_in, size_t key_len,
420 const char *text, size_t text_len)
421{
422 unsigned char key[HMAC_BLOCK_SIZE];
423 unsigned char k_ipad[HMAC_BLOCK_SIZE];
424 unsigned char k_opad[HMAC_BLOCK_SIZE];
425 int i;
426 git_SHA_CTX ctx;
427
428 /* RFC 2104 2. (1) */
429 memset(key, '\0', HMAC_BLOCK_SIZE);
430 if (HMAC_BLOCK_SIZE < key_len) {
431 git_SHA1_Init(&ctx);
432 git_SHA1_Update(&ctx, key_in, key_len);
433 git_SHA1_Final(key, &ctx);
434 } else {
435 memcpy(key, key_in, key_len);
436 }
437
438 /* RFC 2104 2. (2) & (5) */
439 for (i = 0; i < sizeof(key); i++) {
440 k_ipad[i] = key[i] ^ 0x36;
441 k_opad[i] = key[i] ^ 0x5c;
442 }
443
444 /* RFC 2104 2. (3) & (4) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
447 git_SHA1_Update(&ctx, text, text_len);
448 git_SHA1_Final(out, &ctx);
449
450 /* RFC 2104 2. (6) & (7) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
453 git_SHA1_Update(&ctx, out, 20);
454 git_SHA1_Final(out, &ctx);
455}
456
457static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
458{
459 struct strbuf buf = STRBUF_INIT;
460 unsigned char sha1[20];
461
462 strbuf_addf(&buf, "%s:%lu", path, stamp);
463 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
464 strbuf_release(&buf);
465
466 /* RFC 2104 5. HMAC-SHA1-80 */
467 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
468 return strbuf_detach(&buf, NULL);
469}
470
471/*
472 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
473 * after dropping "_commit" from its name and possibly moving it out
474 * of commit.c
475 */
476static char *find_header(const char *msg, size_t len, const char *key)
477{
478 int key_len = strlen(key);
479 const char *line = msg;
480
481 while (line && line < msg + len) {
482 const char *eol = strchrnul(line, '\n');
483
484 if ((msg + len <= eol) || line == eol)
485 return NULL;
486 if (line + key_len < eol &&
487 !memcmp(line, key, key_len) && line[key_len] == ' ') {
488 int offset = key_len + 1;
489 return xmemdupz(line + offset, (eol - line) - offset);
490 }
491 line = *eol ? eol + 1 : NULL;
492 }
493 return NULL;
494}
495
496static const char *check_nonce(const char *buf, size_t len)
497{
498 char *nonce = find_header(buf, len, "nonce");
499 unsigned long stamp, ostamp;
500 char *bohmac, *expect = NULL;
501 const char *retval = NONCE_BAD;
502
503 if (!nonce) {
504 retval = NONCE_MISSING;
505 goto leave;
506 } else if (!push_cert_nonce) {
507 retval = NONCE_UNSOLICITED;
508 goto leave;
509 } else if (!strcmp(push_cert_nonce, nonce)) {
510 retval = NONCE_OK;
511 goto leave;
512 }
513
514 if (!stateless_rpc) {
515 /* returned nonce MUST match what we gave out earlier */
516 retval = NONCE_BAD;
517 goto leave;
518 }
519
520 /*
521 * In stateless mode, we may be receiving a nonce issued by
522 * another instance of the server that serving the same
523 * repository, and the timestamps may not match, but the
524 * nonce-seed and dir should match, so we can recompute and
525 * report the time slop.
526 *
527 * In addition, when a nonce issued by another instance has
528 * timestamp within receive.certnonceslop seconds, we pretend
529 * as if we issued that nonce when reporting to the hook.
530 */
531
532 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
533 if (*nonce <= '0' || '9' < *nonce) {
534 retval = NONCE_BAD;
535 goto leave;
536 }
537 stamp = strtoul(nonce, &bohmac, 10);
538 if (bohmac == nonce || bohmac[0] != '-') {
539 retval = NONCE_BAD;
540 goto leave;
541 }
542
543 expect = prepare_push_cert_nonce(service_dir, stamp);
544 if (strcmp(expect, nonce)) {
545 /* Not what we would have signed earlier */
546 retval = NONCE_BAD;
547 goto leave;
548 }
549
550 /*
551 * By how many seconds is this nonce stale? Negative value
552 * would mean it was issued by another server with its clock
553 * skewed in the future.
554 */
555 ostamp = strtoul(push_cert_nonce, NULL, 10);
556 nonce_stamp_slop = (long)ostamp - (long)stamp;
557
558 if (nonce_stamp_slop_limit &&
559 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
560 /*
561 * Pretend as if the received nonce (which passes the
562 * HMAC check, so it is not a forged by third-party)
563 * is what we issued.
564 */
565 free((void *)push_cert_nonce);
566 push_cert_nonce = xstrdup(nonce);
567 retval = NONCE_OK;
568 } else {
569 retval = NONCE_SLOP;
570 }
571
572leave:
573 free(nonce);
574 free(expect);
575 return retval;
576}
577
578static void prepare_push_cert_sha1(struct child_process *proc)
579{
580 static int already_done;
581
582 if (!push_cert.len)
583 return;
584
585 if (!already_done) {
586 struct strbuf gpg_output = STRBUF_INIT;
587 struct strbuf gpg_status = STRBUF_INIT;
588 int bogs /* beginning_of_gpg_sig */;
589
590 already_done = 1;
591 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
592 hashclr(push_cert_sha1);
593
594 memset(&sigcheck, '\0', sizeof(sigcheck));
595 sigcheck.result = 'N';
596
597 bogs = parse_signature(push_cert.buf, push_cert.len);
598 if (verify_signed_buffer(push_cert.buf, bogs,
599 push_cert.buf + bogs, push_cert.len - bogs,
600 &gpg_output, &gpg_status) < 0) {
601 ; /* error running gpg */
602 } else {
603 sigcheck.payload = push_cert.buf;
604 sigcheck.gpg_output = gpg_output.buf;
605 sigcheck.gpg_status = gpg_status.buf;
606 parse_gpg_output(&sigcheck);
607 }
608
609 strbuf_release(&gpg_output);
610 strbuf_release(&gpg_status);
611 nonce_status = check_nonce(push_cert.buf, bogs);
612 }
613 if (!is_null_sha1(push_cert_sha1)) {
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
615 sha1_to_hex(push_cert_sha1));
616 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
617 sigcheck.signer ? sigcheck.signer : "");
618 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
619 sigcheck.key ? sigcheck.key : "");
620 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
621 sigcheck.result);
622 if (push_cert_nonce) {
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE=%s",
625 push_cert_nonce);
626 argv_array_pushf(&proc->env_array,
627 "GIT_PUSH_CERT_NONCE_STATUS=%s",
628 nonce_status);
629 if (nonce_status == NONCE_SLOP)
630 argv_array_pushf(&proc->env_array,
631 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
632 nonce_stamp_slop);
633 }
634 }
635}
636
637struct receive_hook_feed_state {
638 struct command *cmd;
639 int skip_broken;
640 struct strbuf buf;
641 const struct string_list *push_options;
642};
643
644typedef int (*feed_fn)(void *, const char **, size_t *);
645static int run_and_feed_hook(const char *hook_name, feed_fn feed,
646 struct receive_hook_feed_state *feed_state)
647{
648 struct child_process proc = CHILD_PROCESS_INIT;
649 struct async muxer;
650 const char *argv[2];
651 int code;
652
653 argv[0] = find_hook(hook_name);
654 if (!argv[0])
655 return 0;
656
657 argv[1] = NULL;
658
659 proc.argv = argv;
660 proc.in = -1;
661 proc.stdout_to_stderr = 1;
662 if (feed_state->push_options) {
663 int i;
664 for (i = 0; i < feed_state->push_options->nr; i++)
665 argv_array_pushf(&proc.env_array,
666 "GIT_PUSH_OPTION_%d=%s", i,
667 feed_state->push_options->items[i].string);
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
669 feed_state->push_options->nr);
670 } else
671 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
672
673 if (tmp_objdir)
674 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
675
676 if (use_sideband) {
677 memset(&muxer, 0, sizeof(muxer));
678 muxer.proc = copy_to_sideband;
679 muxer.in = -1;
680 code = start_async(&muxer);
681 if (code)
682 return code;
683 proc.err = muxer.in;
684 }
685
686 prepare_push_cert_sha1(&proc);
687
688 code = start_command(&proc);
689 if (code) {
690 if (use_sideband)
691 finish_async(&muxer);
692 return code;
693 }
694
695 sigchain_push(SIGPIPE, SIG_IGN);
696
697 while (1) {
698 const char *buf;
699 size_t n;
700 if (feed(feed_state, &buf, &n))
701 break;
702 if (write_in_full(proc.in, buf, n) != n)
703 break;
704 }
705 close(proc.in);
706 if (use_sideband)
707 finish_async(&muxer);
708
709 sigchain_pop(SIGPIPE);
710
711 return finish_command(&proc);
712}
713
714static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
715{
716 struct receive_hook_feed_state *state = state_;
717 struct command *cmd = state->cmd;
718
719 while (cmd &&
720 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
721 cmd = cmd->next;
722 if (!cmd)
723 return -1; /* EOF */
724 strbuf_reset(&state->buf);
725 strbuf_addf(&state->buf, "%s %s %s\n",
726 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
727 cmd->ref_name);
728 state->cmd = cmd->next;
729 if (bufp) {
730 *bufp = state->buf.buf;
731 *sizep = state->buf.len;
732 }
733 return 0;
734}
735
736static int run_receive_hook(struct command *commands,
737 const char *hook_name,
738 int skip_broken,
739 const struct string_list *push_options)
740{
741 struct receive_hook_feed_state state;
742 int status;
743
744 strbuf_init(&state.buf, 0);
745 state.cmd = commands;
746 state.skip_broken = skip_broken;
747 if (feed_receive_hook(&state, NULL, NULL))
748 return 0;
749 state.cmd = commands;
750 state.push_options = push_options;
751 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
752 strbuf_release(&state.buf);
753 return status;
754}
755
756static int run_update_hook(struct command *cmd)
757{
758 const char *argv[5];
759 struct child_process proc = CHILD_PROCESS_INIT;
760 int code;
761
762 argv[0] = find_hook("update");
763 if (!argv[0])
764 return 0;
765
766 argv[1] = cmd->ref_name;
767 argv[2] = sha1_to_hex(cmd->old_sha1);
768 argv[3] = sha1_to_hex(cmd->new_sha1);
769 argv[4] = NULL;
770
771 proc.no_stdin = 1;
772 proc.stdout_to_stderr = 1;
773 proc.err = use_sideband ? -1 : 0;
774 proc.argv = argv;
775 proc.env = tmp_objdir_env(tmp_objdir);
776
777 code = start_command(&proc);
778 if (code)
779 return code;
780 if (use_sideband)
781 copy_to_sideband(proc.err, -1, NULL);
782 return finish_command(&proc);
783}
784
785static int is_ref_checked_out(const char *ref)
786{
787 if (is_bare_repository())
788 return 0;
789
790 if (!head_name)
791 return 0;
792 return !strcmp(head_name, ref);
793}
794
795static char *refuse_unconfigured_deny_msg =
796 N_("By default, updating the current branch in a non-bare repository\n"
797 "is denied, because it will make the index and work tree inconsistent\n"
798 "with what you pushed, and will require 'git reset --hard' to match\n"
799 "the work tree to HEAD.\n"
800 "\n"
801 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
802 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
803 "its current branch; however, this is not recommended unless you\n"
804 "arranged to update its work tree to match what you pushed in some\n"
805 "other way.\n"
806 "\n"
807 "To squelch this message and still keep the default behaviour, set\n"
808 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
809
810static void refuse_unconfigured_deny(void)
811{
812 rp_error("%s", _(refuse_unconfigured_deny_msg));
813}
814
815static char *refuse_unconfigured_deny_delete_current_msg =
816 N_("By default, deleting the current branch is denied, because the next\n"
817 "'git clone' won't result in any file checked out, causing confusion.\n"
818 "\n"
819 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
820 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
821 "current branch, with or without a warning message.\n"
822 "\n"
823 "To squelch this message, you can set it to 'refuse'.");
824
825static void refuse_unconfigured_deny_delete_current(void)
826{
827 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
828}
829
830static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
831static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
832{
833 static struct lock_file shallow_lock;
834 struct sha1_array extra = SHA1_ARRAY_INIT;
835 struct check_connected_options opt = CHECK_CONNECTED_INIT;
836 uint32_t mask = 1 << (cmd->index % 32);
837 int i;
838
839 trace_printf_key(&trace_shallow,
840 "shallow: update_shallow_ref %s\n", cmd->ref_name);
841 for (i = 0; i < si->shallow->nr; i++)
842 if (si->used_shallow[i] &&
843 (si->used_shallow[i][cmd->index / 32] & mask) &&
844 !delayed_reachability_test(si, i))
845 sha1_array_append(&extra, si->shallow->sha1[i]);
846
847 opt.env = tmp_objdir_env(tmp_objdir);
848 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
849 if (check_connected(command_singleton_iterator, cmd, &opt)) {
850 rollback_lock_file(&shallow_lock);
851 sha1_array_clear(&extra);
852 return -1;
853 }
854
855 commit_lock_file(&shallow_lock);
856
857 /*
858 * Make sure setup_alternate_shallow() for the next ref does
859 * not lose these new roots..
860 */
861 for (i = 0; i < extra.nr; i++)
862 register_shallow(extra.sha1[i]);
863
864 si->shallow_ref[cmd->index] = 0;
865 sha1_array_clear(&extra);
866 return 0;
867}
868
869/*
870 * NEEDSWORK: we should consolidate various implementions of "are we
871 * on an unborn branch?" test into one, and make the unified one more
872 * robust. !get_sha1() based check used here and elsewhere would not
873 * allow us to tell an unborn branch from corrupt ref, for example.
874 * For the purpose of fixing "deploy-to-update does not work when
875 * pushing into an empty repository" issue, this should suffice for
876 * now.
877 */
878static int head_has_history(void)
879{
880 unsigned char sha1[20];
881
882 return !get_sha1("HEAD", sha1);
883}
884
885static const char *push_to_deploy(unsigned char *sha1,
886 struct argv_array *env,
887 const char *work_tree)
888{
889 const char *update_refresh[] = {
890 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
891 };
892 const char *diff_files[] = {
893 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
894 };
895 const char *diff_index[] = {
896 "diff-index", "--quiet", "--cached", "--ignore-submodules",
897 NULL, "--", NULL
898 };
899 const char *read_tree[] = {
900 "read-tree", "-u", "-m", NULL, NULL
901 };
902 struct child_process child = CHILD_PROCESS_INIT;
903
904 child.argv = update_refresh;
905 child.env = env->argv;
906 child.dir = work_tree;
907 child.no_stdin = 1;
908 child.stdout_to_stderr = 1;
909 child.git_cmd = 1;
910 if (run_command(&child))
911 return "Up-to-date check failed";
912
913 /* run_command() does not clean up completely; reinitialize */
914 child_process_init(&child);
915 child.argv = diff_files;
916 child.env = env->argv;
917 child.dir = work_tree;
918 child.no_stdin = 1;
919 child.stdout_to_stderr = 1;
920 child.git_cmd = 1;
921 if (run_command(&child))
922 return "Working directory has unstaged changes";
923
924 /* diff-index with either HEAD or an empty tree */
925 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
926
927 child_process_init(&child);
928 child.argv = diff_index;
929 child.env = env->argv;
930 child.no_stdin = 1;
931 child.no_stdout = 1;
932 child.stdout_to_stderr = 0;
933 child.git_cmd = 1;
934 if (run_command(&child))
935 return "Working directory has staged changes";
936
937 read_tree[3] = sha1_to_hex(sha1);
938 child_process_init(&child);
939 child.argv = read_tree;
940 child.env = env->argv;
941 child.dir = work_tree;
942 child.no_stdin = 1;
943 child.no_stdout = 1;
944 child.stdout_to_stderr = 0;
945 child.git_cmd = 1;
946 if (run_command(&child))
947 return "Could not update working tree to new HEAD";
948
949 return NULL;
950}
951
952static const char *push_to_checkout_hook = "push-to-checkout";
953
954static const char *push_to_checkout(unsigned char *sha1,
955 struct argv_array *env,
956 const char *work_tree)
957{
958 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
959 if (run_hook_le(env->argv, push_to_checkout_hook,
960 sha1_to_hex(sha1), NULL))
961 return "push-to-checkout hook declined";
962 else
963 return NULL;
964}
965
966static const char *update_worktree(unsigned char *sha1)
967{
968 const char *retval;
969 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
970 struct argv_array env = ARGV_ARRAY_INIT;
971
972 if (is_bare_repository())
973 return "denyCurrentBranch = updateInstead needs a worktree";
974
975 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
976
977 if (!find_hook(push_to_checkout_hook))
978 retval = push_to_deploy(sha1, &env, work_tree);
979 else
980 retval = push_to_checkout(sha1, &env, work_tree);
981
982 argv_array_clear(&env);
983 return retval;
984}
985
986static const char *update(struct command *cmd, struct shallow_info *si)
987{
988 const char *name = cmd->ref_name;
989 struct strbuf namespaced_name_buf = STRBUF_INIT;
990 const char *namespaced_name, *ret;
991 unsigned char *old_sha1 = cmd->old_sha1;
992 unsigned char *new_sha1 = cmd->new_sha1;
993
994 /* only refs/... are allowed */
995 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
996 rp_error("refusing to create funny ref '%s' remotely", name);
997 return "funny refname";
998 }
999
1000 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1001 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1002
1003 if (is_ref_checked_out(namespaced_name)) {
1004 switch (deny_current_branch) {
1005 case DENY_IGNORE:
1006 break;
1007 case DENY_WARN:
1008 rp_warning("updating the current branch");
1009 break;
1010 case DENY_REFUSE:
1011 case DENY_UNCONFIGURED:
1012 rp_error("refusing to update checked out branch: %s", name);
1013 if (deny_current_branch == DENY_UNCONFIGURED)
1014 refuse_unconfigured_deny();
1015 return "branch is currently checked out";
1016 case DENY_UPDATE_INSTEAD:
1017 ret = update_worktree(new_sha1);
1018 if (ret)
1019 return ret;
1020 break;
1021 }
1022 }
1023
1024 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1025 error("unpack should have generated %s, "
1026 "but I can't find it!", sha1_to_hex(new_sha1));
1027 return "bad pack";
1028 }
1029
1030 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1031 if (deny_deletes && starts_with(name, "refs/heads/")) {
1032 rp_error("denying ref deletion for %s", name);
1033 return "deletion prohibited";
1034 }
1035
1036 if (head_name && !strcmp(namespaced_name, head_name)) {
1037 switch (deny_delete_current) {
1038 case DENY_IGNORE:
1039 break;
1040 case DENY_WARN:
1041 rp_warning("deleting the current branch");
1042 break;
1043 case DENY_REFUSE:
1044 case DENY_UNCONFIGURED:
1045 case DENY_UPDATE_INSTEAD:
1046 if (deny_delete_current == DENY_UNCONFIGURED)
1047 refuse_unconfigured_deny_delete_current();
1048 rp_error("refusing to delete the current branch: %s", name);
1049 return "deletion of the current branch prohibited";
1050 default:
1051 return "Invalid denyDeleteCurrent setting";
1052 }
1053 }
1054 }
1055
1056 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1057 !is_null_sha1(old_sha1) &&
1058 starts_with(name, "refs/heads/")) {
1059 struct object *old_object, *new_object;
1060 struct commit *old_commit, *new_commit;
1061
1062 old_object = parse_object(old_sha1);
1063 new_object = parse_object(new_sha1);
1064
1065 if (!old_object || !new_object ||
1066 old_object->type != OBJ_COMMIT ||
1067 new_object->type != OBJ_COMMIT) {
1068 error("bad sha1 objects for %s", name);
1069 return "bad ref";
1070 }
1071 old_commit = (struct commit *)old_object;
1072 new_commit = (struct commit *)new_object;
1073 if (!in_merge_bases(old_commit, new_commit)) {
1074 rp_error("denying non-fast-forward %s"
1075 " (you should pull first)", name);
1076 return "non-fast-forward";
1077 }
1078 }
1079 if (run_update_hook(cmd)) {
1080 rp_error("hook declined to update %s", name);
1081 return "hook declined";
1082 }
1083
1084 if (is_null_sha1(new_sha1)) {
1085 struct strbuf err = STRBUF_INIT;
1086 if (!parse_object(old_sha1)) {
1087 old_sha1 = NULL;
1088 if (ref_exists(name)) {
1089 rp_warning("Allowing deletion of corrupt ref.");
1090 } else {
1091 rp_warning("Deleting a non-existent ref.");
1092 cmd->did_not_exist = 1;
1093 }
1094 }
1095 if (ref_transaction_delete(transaction,
1096 namespaced_name,
1097 old_sha1,
1098 0, "push", &err)) {
1099 rp_error("%s", err.buf);
1100 strbuf_release(&err);
1101 return "failed to delete";
1102 }
1103 strbuf_release(&err);
1104 return NULL; /* good */
1105 }
1106 else {
1107 struct strbuf err = STRBUF_INIT;
1108 if (shallow_update && si->shallow_ref[cmd->index] &&
1109 update_shallow_ref(cmd, si))
1110 return "shallow error";
1111
1112 if (ref_transaction_update(transaction,
1113 namespaced_name,
1114 new_sha1, old_sha1,
1115 0, "push",
1116 &err)) {
1117 rp_error("%s", err.buf);
1118 strbuf_release(&err);
1119
1120 return "failed to update ref";
1121 }
1122 strbuf_release(&err);
1123
1124 return NULL; /* good */
1125 }
1126}
1127
1128static void run_update_post_hook(struct command *commands)
1129{
1130 struct command *cmd;
1131 int argc;
1132 struct child_process proc = CHILD_PROCESS_INIT;
1133 const char *hook;
1134
1135 hook = find_hook("post-update");
1136 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1137 if (cmd->error_string || cmd->did_not_exist)
1138 continue;
1139 argc++;
1140 }
1141 if (!argc || !hook)
1142 return;
1143
1144 argv_array_push(&proc.args, hook);
1145 for (cmd = commands; cmd; cmd = cmd->next) {
1146 if (cmd->error_string || cmd->did_not_exist)
1147 continue;
1148 argv_array_push(&proc.args, cmd->ref_name);
1149 }
1150
1151 proc.no_stdin = 1;
1152 proc.stdout_to_stderr = 1;
1153 proc.err = use_sideband ? -1 : 0;
1154
1155 if (!start_command(&proc)) {
1156 if (use_sideband)
1157 copy_to_sideband(proc.err, -1, NULL);
1158 finish_command(&proc);
1159 }
1160}
1161
1162static void check_aliased_update(struct command *cmd, struct string_list *list)
1163{
1164 struct strbuf buf = STRBUF_INIT;
1165 const char *dst_name;
1166 struct string_list_item *item;
1167 struct command *dst_cmd;
1168 unsigned char sha1[GIT_SHA1_RAWSZ];
1169 int flag;
1170
1171 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1172 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1173 strbuf_release(&buf);
1174
1175 if (!(flag & REF_ISSYMREF))
1176 return;
1177
1178 if (!dst_name) {
1179 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1180 cmd->skip_update = 1;
1181 cmd->error_string = "broken symref";
1182 return;
1183 }
1184 dst_name = strip_namespace(dst_name);
1185
1186 if ((item = string_list_lookup(list, dst_name)) == NULL)
1187 return;
1188
1189 cmd->skip_update = 1;
1190
1191 dst_cmd = (struct command *) item->util;
1192
1193 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1194 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1195 return;
1196
1197 dst_cmd->skip_update = 1;
1198
1199 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1200 " its target '%s' (%s..%s)",
1201 cmd->ref_name,
1202 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1203 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1204 dst_cmd->ref_name,
1205 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1206 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1207
1208 cmd->error_string = dst_cmd->error_string =
1209 "inconsistent aliased update";
1210}
1211
1212static void check_aliased_updates(struct command *commands)
1213{
1214 struct command *cmd;
1215 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1216
1217 for (cmd = commands; cmd; cmd = cmd->next) {
1218 struct string_list_item *item =
1219 string_list_append(&ref_list, cmd->ref_name);
1220 item->util = (void *)cmd;
1221 }
1222 string_list_sort(&ref_list);
1223
1224 for (cmd = commands; cmd; cmd = cmd->next) {
1225 if (!cmd->error_string)
1226 check_aliased_update(cmd, &ref_list);
1227 }
1228
1229 string_list_clear(&ref_list, 0);
1230}
1231
1232static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1233{
1234 struct command **cmd_list = cb_data;
1235 struct command *cmd = *cmd_list;
1236
1237 if (!cmd || is_null_sha1(cmd->new_sha1))
1238 return -1; /* end of list */
1239 *cmd_list = NULL; /* this returns only one */
1240 hashcpy(sha1, cmd->new_sha1);
1241 return 0;
1242}
1243
1244static void set_connectivity_errors(struct command *commands,
1245 struct shallow_info *si)
1246{
1247 struct command *cmd;
1248
1249 for (cmd = commands; cmd; cmd = cmd->next) {
1250 struct command *singleton = cmd;
1251 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1252
1253 if (shallow_update && si->shallow_ref[cmd->index])
1254 /* to be checked in update_shallow_ref() */
1255 continue;
1256
1257 opt.env = tmp_objdir_env(tmp_objdir);
1258 if (!check_connected(command_singleton_iterator, &singleton,
1259 &opt))
1260 continue;
1261
1262 cmd->error_string = "missing necessary objects";
1263 }
1264}
1265
1266struct iterate_data {
1267 struct command *cmds;
1268 struct shallow_info *si;
1269};
1270
1271static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1272{
1273 struct iterate_data *data = cb_data;
1274 struct command **cmd_list = &data->cmds;
1275 struct command *cmd = *cmd_list;
1276
1277 for (; cmd; cmd = cmd->next) {
1278 if (shallow_update && data->si->shallow_ref[cmd->index])
1279 /* to be checked in update_shallow_ref() */
1280 continue;
1281 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1282 hashcpy(sha1, cmd->new_sha1);
1283 *cmd_list = cmd->next;
1284 return 0;
1285 }
1286 }
1287 *cmd_list = NULL;
1288 return -1; /* end of list */
1289}
1290
1291static void reject_updates_to_hidden(struct command *commands)
1292{
1293 struct strbuf refname_full = STRBUF_INIT;
1294 size_t prefix_len;
1295 struct command *cmd;
1296
1297 strbuf_addstr(&refname_full, get_git_namespace());
1298 prefix_len = refname_full.len;
1299
1300 for (cmd = commands; cmd; cmd = cmd->next) {
1301 if (cmd->error_string)
1302 continue;
1303
1304 strbuf_setlen(&refname_full, prefix_len);
1305 strbuf_addstr(&refname_full, cmd->ref_name);
1306
1307 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1308 continue;
1309 if (is_null_sha1(cmd->new_sha1))
1310 cmd->error_string = "deny deleting a hidden ref";
1311 else
1312 cmd->error_string = "deny updating a hidden ref";
1313 }
1314
1315 strbuf_release(&refname_full);
1316}
1317
1318static int should_process_cmd(struct command *cmd)
1319{
1320 return !cmd->error_string && !cmd->skip_update;
1321}
1322
1323static void warn_if_skipped_connectivity_check(struct command *commands,
1324 struct shallow_info *si)
1325{
1326 struct command *cmd;
1327 int checked_connectivity = 1;
1328
1329 for (cmd = commands; cmd; cmd = cmd->next) {
1330 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1331 error("BUG: connectivity check has not been run on ref %s",
1332 cmd->ref_name);
1333 checked_connectivity = 0;
1334 }
1335 }
1336 if (!checked_connectivity)
1337 die("BUG: connectivity check skipped???");
1338}
1339
1340static void execute_commands_non_atomic(struct command *commands,
1341 struct shallow_info *si)
1342{
1343 struct command *cmd;
1344 struct strbuf err = STRBUF_INIT;
1345
1346 for (cmd = commands; cmd; cmd = cmd->next) {
1347 if (!should_process_cmd(cmd))
1348 continue;
1349
1350 transaction = ref_transaction_begin(&err);
1351 if (!transaction) {
1352 rp_error("%s", err.buf);
1353 strbuf_reset(&err);
1354 cmd->error_string = "transaction failed to start";
1355 continue;
1356 }
1357
1358 cmd->error_string = update(cmd, si);
1359
1360 if (!cmd->error_string
1361 && ref_transaction_commit(transaction, &err)) {
1362 rp_error("%s", err.buf);
1363 strbuf_reset(&err);
1364 cmd->error_string = "failed to update ref";
1365 }
1366 ref_transaction_free(transaction);
1367 }
1368 strbuf_release(&err);
1369}
1370
1371static void execute_commands_atomic(struct command *commands,
1372 struct shallow_info *si)
1373{
1374 struct command *cmd;
1375 struct strbuf err = STRBUF_INIT;
1376 const char *reported_error = "atomic push failure";
1377
1378 transaction = ref_transaction_begin(&err);
1379 if (!transaction) {
1380 rp_error("%s", err.buf);
1381 strbuf_reset(&err);
1382 reported_error = "transaction failed to start";
1383 goto failure;
1384 }
1385
1386 for (cmd = commands; cmd; cmd = cmd->next) {
1387 if (!should_process_cmd(cmd))
1388 continue;
1389
1390 cmd->error_string = update(cmd, si);
1391
1392 if (cmd->error_string)
1393 goto failure;
1394 }
1395
1396 if (ref_transaction_commit(transaction, &err)) {
1397 rp_error("%s", err.buf);
1398 reported_error = "atomic transaction failed";
1399 goto failure;
1400 }
1401 goto cleanup;
1402
1403failure:
1404 for (cmd = commands; cmd; cmd = cmd->next)
1405 if (!cmd->error_string)
1406 cmd->error_string = reported_error;
1407
1408cleanup:
1409 ref_transaction_free(transaction);
1410 strbuf_release(&err);
1411}
1412
1413static void execute_commands(struct command *commands,
1414 const char *unpacker_error,
1415 struct shallow_info *si,
1416 const struct string_list *push_options)
1417{
1418 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1419 struct command *cmd;
1420 unsigned char sha1[20];
1421 struct iterate_data data;
1422 struct async muxer;
1423 int err_fd = 0;
1424
1425 if (unpacker_error) {
1426 for (cmd = commands; cmd; cmd = cmd->next)
1427 cmd->error_string = "unpacker error";
1428 return;
1429 }
1430
1431 if (use_sideband) {
1432 memset(&muxer, 0, sizeof(muxer));
1433 muxer.proc = copy_to_sideband;
1434 muxer.in = -1;
1435 if (!start_async(&muxer))
1436 err_fd = muxer.in;
1437 /* ...else, continue without relaying sideband */
1438 }
1439
1440 data.cmds = commands;
1441 data.si = si;
1442 opt.err_fd = err_fd;
1443 opt.progress = err_fd && !quiet;
1444 opt.env = tmp_objdir_env(tmp_objdir);
1445 if (check_connected(iterate_receive_command_list, &data, &opt))
1446 set_connectivity_errors(commands, si);
1447
1448 if (use_sideband)
1449 finish_async(&muxer);
1450
1451 reject_updates_to_hidden(commands);
1452
1453 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1454 for (cmd = commands; cmd; cmd = cmd->next) {
1455 if (!cmd->error_string)
1456 cmd->error_string = "pre-receive hook declined";
1457 }
1458 return;
1459 }
1460
1461 /*
1462 * Now we'll start writing out refs, which means the objects need
1463 * to be in their final positions so that other processes can see them.
1464 */
1465 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1466 for (cmd = commands; cmd; cmd = cmd->next) {
1467 if (!cmd->error_string)
1468 cmd->error_string = "unable to migrate objects to permanent storage";
1469 }
1470 return;
1471 }
1472 tmp_objdir = NULL;
1473
1474 check_aliased_updates(commands);
1475
1476 free(head_name_to_free);
1477 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1478
1479 if (use_atomic)
1480 execute_commands_atomic(commands, si);
1481 else
1482 execute_commands_non_atomic(commands, si);
1483
1484 if (shallow_update)
1485 warn_if_skipped_connectivity_check(commands, si);
1486}
1487
1488static struct command **queue_command(struct command **tail,
1489 const char *line,
1490 int linelen)
1491{
1492 unsigned char old_sha1[20], new_sha1[20];
1493 struct command *cmd;
1494 const char *refname;
1495 int reflen;
1496
1497 if (linelen < 83 ||
1498 line[40] != ' ' ||
1499 line[81] != ' ' ||
1500 get_sha1_hex(line, old_sha1) ||
1501 get_sha1_hex(line + 41, new_sha1))
1502 die("protocol error: expected old/new/ref, got '%s'", line);
1503
1504 refname = line + 82;
1505 reflen = linelen - 82;
1506 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1507 hashcpy(cmd->old_sha1, old_sha1);
1508 hashcpy(cmd->new_sha1, new_sha1);
1509 *tail = cmd;
1510 return &cmd->next;
1511}
1512
1513static void queue_commands_from_cert(struct command **tail,
1514 struct strbuf *push_cert)
1515{
1516 const char *boc, *eoc;
1517
1518 if (*tail)
1519 die("protocol error: got both push certificate and unsigned commands");
1520
1521 boc = strstr(push_cert->buf, "\n\n");
1522 if (!boc)
1523 die("malformed push certificate %.*s", 100, push_cert->buf);
1524 else
1525 boc += 2;
1526 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1527
1528 while (boc < eoc) {
1529 const char *eol = memchr(boc, '\n', eoc - boc);
1530 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1531 boc = eol ? eol + 1 : eoc;
1532 }
1533}
1534
1535static struct command *read_head_info(struct sha1_array *shallow)
1536{
1537 struct command *commands = NULL;
1538 struct command **p = &commands;
1539 for (;;) {
1540 char *line;
1541 int len, linelen;
1542
1543 line = packet_read_line(0, &len);
1544 if (!line)
1545 break;
1546
1547 if (len == 48 && starts_with(line, "shallow ")) {
1548 unsigned char sha1[20];
1549 if (get_sha1_hex(line + 8, sha1))
1550 die("protocol error: expected shallow sha, got '%s'",
1551 line + 8);
1552 sha1_array_append(shallow, sha1);
1553 continue;
1554 }
1555
1556 linelen = strlen(line);
1557 if (linelen < len) {
1558 const char *feature_list = line + linelen + 1;
1559 if (parse_feature_request(feature_list, "report-status"))
1560 report_status = 1;
1561 if (parse_feature_request(feature_list, "side-band-64k"))
1562 use_sideband = LARGE_PACKET_MAX;
1563 if (parse_feature_request(feature_list, "quiet"))
1564 quiet = 1;
1565 if (advertise_atomic_push
1566 && parse_feature_request(feature_list, "atomic"))
1567 use_atomic = 1;
1568 if (advertise_push_options
1569 && parse_feature_request(feature_list, "push-options"))
1570 use_push_options = 1;
1571 }
1572
1573 if (!strcmp(line, "push-cert")) {
1574 int true_flush = 0;
1575 char certbuf[1024];
1576
1577 for (;;) {
1578 len = packet_read(0, NULL, NULL,
1579 certbuf, sizeof(certbuf), 0);
1580 if (!len) {
1581 true_flush = 1;
1582 break;
1583 }
1584 if (!strcmp(certbuf, "push-cert-end\n"))
1585 break; /* end of cert */
1586 strbuf_addstr(&push_cert, certbuf);
1587 }
1588
1589 if (true_flush)
1590 break;
1591 continue;
1592 }
1593
1594 p = queue_command(p, line, linelen);
1595 }
1596
1597 if (push_cert.len)
1598 queue_commands_from_cert(p, &push_cert);
1599
1600 return commands;
1601}
1602
1603static void read_push_options(struct string_list *options)
1604{
1605 while (1) {
1606 char *line;
1607 int len;
1608
1609 line = packet_read_line(0, &len);
1610
1611 if (!line)
1612 break;
1613
1614 string_list_append(options, line);
1615 }
1616}
1617
1618static const char *parse_pack_header(struct pack_header *hdr)
1619{
1620 switch (read_pack_header(0, hdr)) {
1621 case PH_ERROR_EOF:
1622 return "eof before pack header was fully read";
1623
1624 case PH_ERROR_PACK_SIGNATURE:
1625 return "protocol error (pack signature mismatch detected)";
1626
1627 case PH_ERROR_PROTOCOL:
1628 return "protocol error (pack version unsupported)";
1629
1630 default:
1631 return "unknown error in parse_pack_header";
1632
1633 case 0:
1634 return NULL;
1635 }
1636}
1637
1638static const char *pack_lockfile;
1639
1640static const char *unpack(int err_fd, struct shallow_info *si)
1641{
1642 struct pack_header hdr;
1643 const char *hdr_err;
1644 int status;
1645 char hdr_arg[38];
1646 struct child_process child = CHILD_PROCESS_INIT;
1647 int fsck_objects = (receive_fsck_objects >= 0
1648 ? receive_fsck_objects
1649 : transfer_fsck_objects >= 0
1650 ? transfer_fsck_objects
1651 : 0);
1652
1653 hdr_err = parse_pack_header(&hdr);
1654 if (hdr_err) {
1655 if (err_fd > 0)
1656 close(err_fd);
1657 return hdr_err;
1658 }
1659 snprintf(hdr_arg, sizeof(hdr_arg),
1660 "--pack_header=%"PRIu32",%"PRIu32,
1661 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1662
1663 if (si->nr_ours || si->nr_theirs) {
1664 alt_shallow_file = setup_temporary_shallow(si->shallow);
1665 argv_array_push(&child.args, "--shallow-file");
1666 argv_array_push(&child.args, alt_shallow_file);
1667 }
1668
1669 tmp_objdir = tmp_objdir_create();
1670 if (!tmp_objdir)
1671 return "unable to create temporary object directory";
1672 child.env = tmp_objdir_env(tmp_objdir);
1673
1674 /*
1675 * Normally we just pass the tmp_objdir environment to the child
1676 * processes that do the heavy lifting, but we may need to see these
1677 * objects ourselves to set up shallow information.
1678 */
1679 tmp_objdir_add_as_alternate(tmp_objdir);
1680
1681 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1682 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1683 if (quiet)
1684 argv_array_push(&child.args, "-q");
1685 if (fsck_objects)
1686 argv_array_pushf(&child.args, "--strict%s",
1687 fsck_msg_types.buf);
1688 if (max_input_size)
1689 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1690 (uintmax_t)max_input_size);
1691 child.no_stdout = 1;
1692 child.err = err_fd;
1693 child.git_cmd = 1;
1694 status = run_command(&child);
1695 if (status)
1696 return "unpack-objects abnormal exit";
1697 } else {
1698 char hostname[256];
1699
1700 argv_array_pushl(&child.args, "index-pack",
1701 "--stdin", hdr_arg, NULL);
1702
1703 if (gethostname(hostname, sizeof(hostname)))
1704 xsnprintf(hostname, sizeof(hostname), "localhost");
1705 argv_array_pushf(&child.args,
1706 "--keep=receive-pack %"PRIuMAX" on %s",
1707 (uintmax_t)getpid(),
1708 hostname);
1709
1710 if (!quiet && err_fd)
1711 argv_array_push(&child.args, "--show-resolving-progress");
1712 if (use_sideband)
1713 argv_array_push(&child.args, "--report-end-of-input");
1714 if (fsck_objects)
1715 argv_array_pushf(&child.args, "--strict%s",
1716 fsck_msg_types.buf);
1717 if (!reject_thin)
1718 argv_array_push(&child.args, "--fix-thin");
1719 if (max_input_size)
1720 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1721 (uintmax_t)max_input_size);
1722 child.out = -1;
1723 child.err = err_fd;
1724 child.git_cmd = 1;
1725 status = start_command(&child);
1726 if (status)
1727 return "index-pack fork failed";
1728 pack_lockfile = index_pack_lockfile(child.out);
1729 close(child.out);
1730 status = finish_command(&child);
1731 if (status)
1732 return "index-pack abnormal exit";
1733 reprepare_packed_git();
1734 }
1735 return NULL;
1736}
1737
1738static const char *unpack_with_sideband(struct shallow_info *si)
1739{
1740 struct async muxer;
1741 const char *ret;
1742
1743 if (!use_sideband)
1744 return unpack(0, si);
1745
1746 use_keepalive = KEEPALIVE_AFTER_NUL;
1747 memset(&muxer, 0, sizeof(muxer));
1748 muxer.proc = copy_to_sideband;
1749 muxer.in = -1;
1750 if (start_async(&muxer))
1751 return NULL;
1752
1753 ret = unpack(muxer.in, si);
1754
1755 finish_async(&muxer);
1756 return ret;
1757}
1758
1759static void prepare_shallow_update(struct command *commands,
1760 struct shallow_info *si)
1761{
1762 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1763
1764 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1765 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1766
1767 si->need_reachability_test =
1768 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1769 si->reachable =
1770 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1771 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1772
1773 for (i = 0; i < si->nr_ours; i++)
1774 si->need_reachability_test[si->ours[i]] = 1;
1775
1776 for (i = 0; i < si->shallow->nr; i++) {
1777 if (!si->used_shallow[i])
1778 continue;
1779 for (j = 0; j < bitmap_size; j++) {
1780 if (!si->used_shallow[i][j])
1781 continue;
1782 si->need_reachability_test[i]++;
1783 for (k = 0; k < 32; k++)
1784 if (si->used_shallow[i][j] & (1U << k))
1785 si->shallow_ref[j * 32 + k]++;
1786 }
1787
1788 /*
1789 * true for those associated with some refs and belong
1790 * in "ours" list aka "step 7 not done yet"
1791 */
1792 si->need_reachability_test[i] =
1793 si->need_reachability_test[i] > 1;
1794 }
1795
1796 /*
1797 * keep hooks happy by forcing a temporary shallow file via
1798 * env variable because we can't add --shallow-file to every
1799 * command. check_everything_connected() will be done with
1800 * true .git/shallow though.
1801 */
1802 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1803}
1804
1805static void update_shallow_info(struct command *commands,
1806 struct shallow_info *si,
1807 struct sha1_array *ref)
1808{
1809 struct command *cmd;
1810 int *ref_status;
1811 remove_nonexistent_theirs_shallow(si);
1812 if (!si->nr_ours && !si->nr_theirs) {
1813 shallow_update = 0;
1814 return;
1815 }
1816
1817 for (cmd = commands; cmd; cmd = cmd->next) {
1818 if (is_null_sha1(cmd->new_sha1))
1819 continue;
1820 sha1_array_append(ref, cmd->new_sha1);
1821 cmd->index = ref->nr - 1;
1822 }
1823 si->ref = ref;
1824
1825 if (shallow_update) {
1826 prepare_shallow_update(commands, si);
1827 return;
1828 }
1829
1830 ALLOC_ARRAY(ref_status, ref->nr);
1831 assign_shallow_commits_to_refs(si, NULL, ref_status);
1832 for (cmd = commands; cmd; cmd = cmd->next) {
1833 if (is_null_sha1(cmd->new_sha1))
1834 continue;
1835 if (ref_status[cmd->index]) {
1836 cmd->error_string = "shallow update not allowed";
1837 cmd->skip_update = 1;
1838 }
1839 }
1840 free(ref_status);
1841}
1842
1843static void report(struct command *commands, const char *unpack_status)
1844{
1845 struct command *cmd;
1846 struct strbuf buf = STRBUF_INIT;
1847
1848 packet_buf_write(&buf, "unpack %s\n",
1849 unpack_status ? unpack_status : "ok");
1850 for (cmd = commands; cmd; cmd = cmd->next) {
1851 if (!cmd->error_string)
1852 packet_buf_write(&buf, "ok %s\n",
1853 cmd->ref_name);
1854 else
1855 packet_buf_write(&buf, "ng %s %s\n",
1856 cmd->ref_name, cmd->error_string);
1857 }
1858 packet_buf_flush(&buf);
1859
1860 if (use_sideband)
1861 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1862 else
1863 write_or_die(1, buf.buf, buf.len);
1864 strbuf_release(&buf);
1865}
1866
1867static int delete_only(struct command *commands)
1868{
1869 struct command *cmd;
1870 for (cmd = commands; cmd; cmd = cmd->next) {
1871 if (!is_null_sha1(cmd->new_sha1))
1872 return 0;
1873 }
1874 return 1;
1875}
1876
1877int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1878{
1879 int advertise_refs = 0;
1880 struct command *commands;
1881 struct sha1_array shallow = SHA1_ARRAY_INIT;
1882 struct sha1_array ref = SHA1_ARRAY_INIT;
1883 struct shallow_info si;
1884
1885 struct option options[] = {
1886 OPT__QUIET(&quiet, N_("quiet")),
1887 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1888 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1889 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1890 OPT_END()
1891 };
1892
1893 packet_trace_identity("receive-pack");
1894
1895 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1896
1897 if (argc > 1)
1898 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1899 if (argc == 0)
1900 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1901
1902 service_dir = argv[0];
1903
1904 setup_path();
1905
1906 if (!enter_repo(service_dir, 0))
1907 die("'%s' does not appear to be a git repository", service_dir);
1908
1909 git_config(receive_pack_config, NULL);
1910 if (cert_nonce_seed)
1911 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1912
1913 if (0 <= transfer_unpack_limit)
1914 unpack_limit = transfer_unpack_limit;
1915 else if (0 <= receive_unpack_limit)
1916 unpack_limit = receive_unpack_limit;
1917
1918 if (advertise_refs || !stateless_rpc) {
1919 write_head_info();
1920 }
1921 if (advertise_refs)
1922 return 0;
1923
1924 if ((commands = read_head_info(&shallow)) != NULL) {
1925 const char *unpack_status = NULL;
1926 struct string_list push_options = STRING_LIST_INIT_DUP;
1927
1928 if (use_push_options)
1929 read_push_options(&push_options);
1930
1931 prepare_shallow_info(&si, &shallow);
1932 if (!si.nr_ours && !si.nr_theirs)
1933 shallow_update = 0;
1934 if (!delete_only(commands)) {
1935 unpack_status = unpack_with_sideband(&si);
1936 update_shallow_info(commands, &si, &ref);
1937 }
1938 use_keepalive = KEEPALIVE_ALWAYS;
1939 execute_commands(commands, unpack_status, &si,
1940 &push_options);
1941 if (pack_lockfile)
1942 unlink_or_warn(pack_lockfile);
1943 if (report_status)
1944 report(commands, unpack_status);
1945 run_receive_hook(commands, "post-receive", 1,
1946 &push_options);
1947 run_update_post_hook(commands);
1948 string_list_clear(&push_options, 0);
1949 if (auto_gc) {
1950 const char *argv_gc_auto[] = {
1951 "gc", "--auto", "--quiet", NULL,
1952 };
1953 struct child_process proc = CHILD_PROCESS_INIT;
1954
1955 proc.no_stdin = 1;
1956 proc.stdout_to_stderr = 1;
1957 proc.err = use_sideband ? -1 : 0;
1958 proc.git_cmd = 1;
1959 proc.argv = argv_gc_auto;
1960
1961 close_all_packs();
1962 if (!start_command(&proc)) {
1963 if (use_sideband)
1964 copy_to_sideband(proc.err, -1, NULL);
1965 finish_command(&proc);
1966 }
1967 }
1968 if (auto_update_server_info)
1969 update_server_info(0);
1970 clear_shallow_info(&si);
1971 }
1972 if (use_sideband)
1973 packet_flush(1);
1974 sha1_array_clear(&shallow);
1975 sha1_array_clear(&ref);
1976 free((void *)push_cert_nonce);
1977 return 0;
1978}