1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "object-store.h"
29#include "protocol.h"
30#include "commit-reach.h"
31static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35};
36enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43};
44static int deny_deletes;
46static int deny_non_fast_forwards;
47static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49static int receive_fsck_objects = -1;
50static int transfer_fsck_objects = -1;
51static struct strbuf fsck_msg_types = STRBUF_INIT;
52static int receive_unpack_limit = -1;
53static int transfer_unpack_limit = -1;
54static int advertise_atomic_push = 1;
55static int advertise_push_options;
56static int unpack_limit = 100;
57static off_t max_input_size;
58static int report_status;
59static int use_sideband;
60static int use_atomic;
61static int use_push_options;
62static int quiet;
63static int prefer_ofs_delta = 1;
64static int auto_update_server_info;
65static int auto_gc = 1;
66static int reject_thin;
67static int stateless_rpc;
68static const char *service_dir;
69static const char *head_name;
70static void *head_name_to_free;
71static int sent_capabilities;
72static int shallow_update;
73static const char *alt_shallow_file;
74static struct strbuf push_cert = STRBUF_INIT;
75static struct object_id push_cert_oid;
76static struct signature_check sigcheck;
77static const char *push_cert_nonce;
78static const char *cert_nonce_seed;
79static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81static const char *NONCE_BAD = "BAD";
82static const char *NONCE_MISSING = "MISSING";
83static const char *NONCE_OK = "OK";
84static const char *NONCE_SLOP = "SLOP";
85static const char *nonce_status;
86static long nonce_stamp_slop;
87static timestamp_t nonce_stamp_slop_limit;
88static struct ref_transaction *transaction;
89static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94} use_keepalive;
95static int keepalive_in_sec = 5;
96static struct tmp_objdir *tmp_objdir;
98static enum deny_action parse_deny_action(const char *var, const char *value)
100{
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114}
115static int receive_pack_config(const char *var, const char *value, void *cb)
117{
118 int status = parse_hide_refs_config(var, value, "receive");
119 if (status)
121 return status;
122 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230 return git_default_config(var, value, cb);
232}
233static void show_ref(const char *path, const struct object_id *oid)
235{
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257}
258static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261{
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264 if (ref_is_hidden(path, path_full))
266 return 0;
267 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282}
283static void show_one_alternate_ref(const struct object_id *oid,
285 void *data)
286{
287 struct oidset *seen = data;
288 if (oidset_insert(seen, oid))
290 return;
291 show_ref(".have", oid);
293}
294static void write_head_info(void)
296{
297 static struct oidset seen = OIDSET_INIT;
298 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304 advertise_shallow_grafts(1);
306 /* EOF */
308 packet_flush(1);
309}
310struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320};
321static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324static void report_message(const char *prefix, const char *err, va_list params)
326{
327 int sz;
328 char msg[4096];
329 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340}
341static void rp_warning(const char *err, ...)
343{
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348}
349static void rp_error(const char *err, ...)
351{
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356}
357static int copy_to_sideband(int in, int out, void *arg)
359{
360 char data[128];
361 int keepalive_active = 0;
362 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367 while (1) {
369 ssize_t sz;
370 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419}
420#define HMAC_BLOCK_SIZE 64
422static void hmac_sha1(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426{
427 unsigned char key[HMAC_BLOCK_SIZE];
428 unsigned char k_ipad[HMAC_BLOCK_SIZE];
429 unsigned char k_opad[HMAC_BLOCK_SIZE];
430 int i;
431 git_SHA_CTX ctx;
432 /* RFC 2104 2. (1) */
434 memset(key, '\0', HMAC_BLOCK_SIZE);
435 if (HMAC_BLOCK_SIZE < key_len) {
436 git_SHA1_Init(&ctx);
437 git_SHA1_Update(&ctx, key_in, key_len);
438 git_SHA1_Final(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448 /* RFC 2104 2. (3) & (4) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
452 git_SHA1_Update(&ctx, text, text_len);
453 git_SHA1_Final(out, &ctx);
454 /* RFC 2104 2. (6) & (7) */
456 git_SHA1_Init(&ctx);
457 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
458 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
459 git_SHA1_Final(out, &ctx);
460}
461static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463{
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char sha1[GIT_SHA1_RAWSZ];
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
469 strbuf_release(&buf);
470 /* RFC 2104 5. HMAC-SHA1-80 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
473 return strbuf_detach(&buf, NULL);
474}
475/*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483{
484 int key_len = strlen(key);
485 const char *line = msg;
486 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502}
503static const char *check_nonce(const char *buf, size_t len)
505{
506 char *nonce = find_header(buf, len, "nonce", NULL);
507 timestamp_t stamp, ostamp;
508 char *bohmac, *expect = NULL;
509 const char *retval = NONCE_BAD;
510 if (!nonce) {
512 retval = NONCE_MISSING;
513 goto leave;
514 } else if (!push_cert_nonce) {
515 retval = NONCE_UNSOLICITED;
516 goto leave;
517 } else if (!strcmp(push_cert_nonce, nonce)) {
518 retval = NONCE_OK;
519 goto leave;
520 }
521 if (!stateless_rpc) {
523 /* returned nonce MUST match what we gave out earlier */
524 retval = NONCE_BAD;
525 goto leave;
526 }
527 /*
529 * In stateless mode, we may be receiving a nonce issued by
530 * another instance of the server that serving the same
531 * repository, and the timestamps may not match, but the
532 * nonce-seed and dir should match, so we can recompute and
533 * report the time slop.
534 *
535 * In addition, when a nonce issued by another instance has
536 * timestamp within receive.certnonceslop seconds, we pretend
537 * as if we issued that nonce when reporting to the hook.
538 */
539 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
541 if (*nonce <= '0' || '9' < *nonce) {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545 stamp = parse_timestamp(nonce, &bohmac, 10);
546 if (bohmac == nonce || bohmac[0] != '-') {
547 retval = NONCE_BAD;
548 goto leave;
549 }
550 expect = prepare_push_cert_nonce(service_dir, stamp);
552 if (strcmp(expect, nonce)) {
553 /* Not what we would have signed earlier */
554 retval = NONCE_BAD;
555 goto leave;
556 }
557 /*
559 * By how many seconds is this nonce stale? Negative value
560 * would mean it was issued by another server with its clock
561 * skewed in the future.
562 */
563 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
564 nonce_stamp_slop = (long)ostamp - (long)stamp;
565 if (nonce_stamp_slop_limit &&
567 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
568 /*
569 * Pretend as if the received nonce (which passes the
570 * HMAC check, so it is not a forged by third-party)
571 * is what we issued.
572 */
573 free((void *)push_cert_nonce);
574 push_cert_nonce = xstrdup(nonce);
575 retval = NONCE_OK;
576 } else {
577 retval = NONCE_SLOP;
578 }
579leave:
581 free(nonce);
582 free(expect);
583 return retval;
584}
585/*
587 * Return 1 if there is no push_cert or if the push options in push_cert are
588 * the same as those in the argument; 0 otherwise.
589 */
590static int check_cert_push_options(const struct string_list *push_options)
591{
592 const char *buf = push_cert.buf;
593 int len = push_cert.len;
594 char *option;
596 const char *next_line;
597 int options_seen = 0;
598 int retval = 1;
600 if (!len)
602 return 1;
603 while ((option = find_header(buf, len, "push-option", &next_line))) {
605 len -= (next_line - buf);
606 buf = next_line;
607 options_seen++;
608 if (options_seen > push_options->nr
609 || strcmp(option,
610 push_options->items[options_seen - 1].string)) {
611 retval = 0;
612 goto leave;
613 }
614 free(option);
615 }
616 if (options_seen != push_options->nr)
618 retval = 0;
619leave:
621 free(option);
622 return retval;
623}
624static void prepare_push_cert_sha1(struct child_process *proc)
626{
627 static int already_done;
628 if (!push_cert.len)
630 return;
631 if (!already_done) {
633 int bogs /* beginning_of_gpg_sig */;
634 already_done = 1;
636 if (write_object_file(push_cert.buf, push_cert.len, "blob",
637 &push_cert_oid))
638 oidclr(&push_cert_oid);
639 memset(&sigcheck, '\0', sizeof(sigcheck));
641 bogs = parse_signature(push_cert.buf, push_cert.len);
643 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
644 push_cert.len - bogs, &sigcheck);
645 nonce_status = check_nonce(push_cert.buf, bogs);
647 }
648 if (!is_null_oid(&push_cert_oid)) {
649 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
650 oid_to_hex(&push_cert_oid));
651 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
652 sigcheck.signer ? sigcheck.signer : "");
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
654 sigcheck.key ? sigcheck.key : "");
655 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
656 sigcheck.result);
657 if (push_cert_nonce) {
658 argv_array_pushf(&proc->env_array,
659 "GIT_PUSH_CERT_NONCE=%s",
660 push_cert_nonce);
661 argv_array_pushf(&proc->env_array,
662 "GIT_PUSH_CERT_NONCE_STATUS=%s",
663 nonce_status);
664 if (nonce_status == NONCE_SLOP)
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
667 nonce_stamp_slop);
668 }
669 }
670}
671struct receive_hook_feed_state {
673 struct command *cmd;
674 int skip_broken;
675 struct strbuf buf;
676 const struct string_list *push_options;
677};
678typedef int (*feed_fn)(void *, const char **, size_t *);
680static int run_and_feed_hook(const char *hook_name, feed_fn feed,
681 struct receive_hook_feed_state *feed_state)
682{
683 struct child_process proc = CHILD_PROCESS_INIT;
684 struct async muxer;
685 const char *argv[2];
686 int code;
687 argv[0] = find_hook(hook_name);
689 if (!argv[0])
690 return 0;
691 argv[1] = NULL;
693 proc.argv = argv;
695 proc.in = -1;
696 proc.stdout_to_stderr = 1;
697 proc.trace2_hook_name = hook_name;
698 if (feed_state->push_options) {
700 int i;
701 for (i = 0; i < feed_state->push_options->nr; i++)
702 argv_array_pushf(&proc.env_array,
703 "GIT_PUSH_OPTION_%d=%s", i,
704 feed_state->push_options->items[i].string);
705 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
706 feed_state->push_options->nr);
707 } else
708 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
709 if (tmp_objdir)
711 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
712 if (use_sideband) {
714 memset(&muxer, 0, sizeof(muxer));
715 muxer.proc = copy_to_sideband;
716 muxer.in = -1;
717 code = start_async(&muxer);
718 if (code)
719 return code;
720 proc.err = muxer.in;
721 }
722 prepare_push_cert_sha1(&proc);
724 code = start_command(&proc);
726 if (code) {
727 if (use_sideband)
728 finish_async(&muxer);
729 return code;
730 }
731 sigchain_push(SIGPIPE, SIG_IGN);
733 while (1) {
735 const char *buf;
736 size_t n;
737 if (feed(feed_state, &buf, &n))
738 break;
739 if (write_in_full(proc.in, buf, n) < 0)
740 break;
741 }
742 close(proc.in);
743 if (use_sideband)
744 finish_async(&muxer);
745 sigchain_pop(SIGPIPE);
747 return finish_command(&proc);
749}
750static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
752{
753 struct receive_hook_feed_state *state = state_;
754 struct command *cmd = state->cmd;
755 while (cmd &&
757 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
758 cmd = cmd->next;
759 if (!cmd)
760 return -1; /* EOF */
761 strbuf_reset(&state->buf);
762 strbuf_addf(&state->buf, "%s %s %s\n",
763 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
764 cmd->ref_name);
765 state->cmd = cmd->next;
766 if (bufp) {
767 *bufp = state->buf.buf;
768 *sizep = state->buf.len;
769 }
770 return 0;
771}
772static int run_receive_hook(struct command *commands,
774 const char *hook_name,
775 int skip_broken,
776 const struct string_list *push_options)
777{
778 struct receive_hook_feed_state state;
779 int status;
780 strbuf_init(&state.buf, 0);
782 state.cmd = commands;
783 state.skip_broken = skip_broken;
784 if (feed_receive_hook(&state, NULL, NULL))
785 return 0;
786 state.cmd = commands;
787 state.push_options = push_options;
788 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
789 strbuf_release(&state.buf);
790 return status;
791}
792static int run_update_hook(struct command *cmd)
794{
795 const char *argv[5];
796 struct child_process proc = CHILD_PROCESS_INIT;
797 int code;
798 argv[0] = find_hook("update");
800 if (!argv[0])
801 return 0;
802 argv[1] = cmd->ref_name;
804 argv[2] = oid_to_hex(&cmd->old_oid);
805 argv[3] = oid_to_hex(&cmd->new_oid);
806 argv[4] = NULL;
807 proc.no_stdin = 1;
809 proc.stdout_to_stderr = 1;
810 proc.err = use_sideband ? -1 : 0;
811 proc.argv = argv;
812 proc.trace2_hook_name = "update";
813 code = start_command(&proc);
815 if (code)
816 return code;
817 if (use_sideband)
818 copy_to_sideband(proc.err, -1, NULL);
819 return finish_command(&proc);
820}
821static int is_ref_checked_out(const char *ref)
823{
824 if (is_bare_repository())
825 return 0;
826 if (!head_name)
828 return 0;
829 return !strcmp(head_name, ref);
830}
831static char *refuse_unconfigured_deny_msg =
833 N_("By default, updating the current branch in a non-bare repository\n"
834 "is denied, because it will make the index and work tree inconsistent\n"
835 "with what you pushed, and will require 'git reset --hard' to match\n"
836 "the work tree to HEAD.\n"
837 "\n"
838 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
839 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
840 "its current branch; however, this is not recommended unless you\n"
841 "arranged to update its work tree to match what you pushed in some\n"
842 "other way.\n"
843 "\n"
844 "To squelch this message and still keep the default behaviour, set\n"
845 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
846static void refuse_unconfigured_deny(void)
848{
849 rp_error("%s", _(refuse_unconfigured_deny_msg));
850}
851static char *refuse_unconfigured_deny_delete_current_msg =
853 N_("By default, deleting the current branch is denied, because the next\n"
854 "'git clone' won't result in any file checked out, causing confusion.\n"
855 "\n"
856 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
857 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
858 "current branch, with or without a warning message.\n"
859 "\n"
860 "To squelch this message, you can set it to 'refuse'.");
861static void refuse_unconfigured_deny_delete_current(void)
863{
864 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
865}
866static int command_singleton_iterator(void *cb_data, struct object_id *oid);
868static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
869{
870 struct lock_file shallow_lock = LOCK_INIT;
871 struct oid_array extra = OID_ARRAY_INIT;
872 struct check_connected_options opt = CHECK_CONNECTED_INIT;
873 uint32_t mask = 1 << (cmd->index % 32);
874 int i;
875 trace_printf_key(&trace_shallow,
877 "shallow: update_shallow_ref %s\n", cmd->ref_name);
878 for (i = 0; i < si->shallow->nr; i++)
879 if (si->used_shallow[i] &&
880 (si->used_shallow[i][cmd->index / 32] & mask) &&
881 !delayed_reachability_test(si, i))
882 oid_array_append(&extra, &si->shallow->oid[i]);
883 opt.env = tmp_objdir_env(tmp_objdir);
885 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
886 if (check_connected(command_singleton_iterator, cmd, &opt)) {
887 rollback_lock_file(&shallow_lock);
888 oid_array_clear(&extra);
889 return -1;
890 }
891 commit_lock_file(&shallow_lock);
893 /*
895 * Make sure setup_alternate_shallow() for the next ref does
896 * not lose these new roots..
897 */
898 for (i = 0; i < extra.nr; i++)
899 register_shallow(the_repository, &extra.oid[i]);
900 si->shallow_ref[cmd->index] = 0;
902 oid_array_clear(&extra);
903 return 0;
904}
905/*
907 * NEEDSWORK: we should consolidate various implementions of "are we
908 * on an unborn branch?" test into one, and make the unified one more
909 * robust. !get_sha1() based check used here and elsewhere would not
910 * allow us to tell an unborn branch from corrupt ref, for example.
911 * For the purpose of fixing "deploy-to-update does not work when
912 * pushing into an empty repository" issue, this should suffice for
913 * now.
914 */
915static int head_has_history(void)
916{
917 struct object_id oid;
918 return !get_oid("HEAD", &oid);
920}
921static const char *push_to_deploy(unsigned char *sha1,
923 struct argv_array *env,
924 const char *work_tree)
925{
926 const char *update_refresh[] = {
927 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
928 };
929 const char *diff_files[] = {
930 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
931 };
932 const char *diff_index[] = {
933 "diff-index", "--quiet", "--cached", "--ignore-submodules",
934 NULL, "--", NULL
935 };
936 const char *read_tree[] = {
937 "read-tree", "-u", "-m", NULL, NULL
938 };
939 struct child_process child = CHILD_PROCESS_INIT;
940 child.argv = update_refresh;
942 child.env = env->argv;
943 child.dir = work_tree;
944 child.no_stdin = 1;
945 child.stdout_to_stderr = 1;
946 child.git_cmd = 1;
947 if (run_command(&child))
948 return "Up-to-date check failed";
949 /* run_command() does not clean up completely; reinitialize */
951 child_process_init(&child);
952 child.argv = diff_files;
953 child.env = env->argv;
954 child.dir = work_tree;
955 child.no_stdin = 1;
956 child.stdout_to_stderr = 1;
957 child.git_cmd = 1;
958 if (run_command(&child))
959 return "Working directory has unstaged changes";
960 /* diff-index with either HEAD or an empty tree */
962 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
963 child_process_init(&child);
965 child.argv = diff_index;
966 child.env = env->argv;
967 child.no_stdin = 1;
968 child.no_stdout = 1;
969 child.stdout_to_stderr = 0;
970 child.git_cmd = 1;
971 if (run_command(&child))
972 return "Working directory has staged changes";
973 read_tree[3] = sha1_to_hex(sha1);
975 child_process_init(&child);
976 child.argv = read_tree;
977 child.env = env->argv;
978 child.dir = work_tree;
979 child.no_stdin = 1;
980 child.no_stdout = 1;
981 child.stdout_to_stderr = 0;
982 child.git_cmd = 1;
983 if (run_command(&child))
984 return "Could not update working tree to new HEAD";
985 return NULL;
987}
988static const char *push_to_checkout_hook = "push-to-checkout";
990static const char *push_to_checkout(unsigned char *sha1,
992 struct argv_array *env,
993 const char *work_tree)
994{
995 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
996 if (run_hook_le(env->argv, push_to_checkout_hook,
997 sha1_to_hex(sha1), NULL))
998 return "push-to-checkout hook declined";
999 else
1000 return NULL;
1001}
1002static const char *update_worktree(unsigned char *sha1)
1004{
1005 const char *retval;
1006 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1007 struct argv_array env = ARGV_ARRAY_INIT;
1008 if (is_bare_repository())
1010 return "denyCurrentBranch = updateInstead needs a worktree";
1011 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1013 if (!find_hook(push_to_checkout_hook))
1015 retval = push_to_deploy(sha1, &env, work_tree);
1016 else
1017 retval = push_to_checkout(sha1, &env, work_tree);
1018 argv_array_clear(&env);
1020 return retval;
1021}
1022static const char *update(struct command *cmd, struct shallow_info *si)
1024{
1025 const char *name = cmd->ref_name;
1026 struct strbuf namespaced_name_buf = STRBUF_INIT;
1027 static char *namespaced_name;
1028 const char *ret;
1029 struct object_id *old_oid = &cmd->old_oid;
1030 struct object_id *new_oid = &cmd->new_oid;
1031 int do_update_worktree = 0;
1032 /* only refs/... are allowed */
1034 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1035 rp_error("refusing to create funny ref '%s' remotely", name);
1036 return "funny refname";
1037 }
1038 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1040 free(namespaced_name);
1041 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1042 if (is_ref_checked_out(namespaced_name)) {
1044 switch (deny_current_branch) {
1045 case DENY_IGNORE:
1046 break;
1047 case DENY_WARN:
1048 rp_warning("updating the current branch");
1049 break;
1050 case DENY_REFUSE:
1051 case DENY_UNCONFIGURED:
1052 rp_error("refusing to update checked out branch: %s", name);
1053 if (deny_current_branch == DENY_UNCONFIGURED)
1054 refuse_unconfigured_deny();
1055 return "branch is currently checked out";
1056 case DENY_UPDATE_INSTEAD:
1057 /* pass -- let other checks intervene first */
1058 do_update_worktree = 1;
1059 break;
1060 }
1061 }
1062 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1064 error("unpack should have generated %s, "
1065 "but I can't find it!", oid_to_hex(new_oid));
1066 return "bad pack";
1067 }
1068 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1070 if (deny_deletes && starts_with(name, "refs/heads/")) {
1071 rp_error("denying ref deletion for %s", name);
1072 return "deletion prohibited";
1073 }
1074 if (head_name && !strcmp(namespaced_name, head_name)) {
1076 switch (deny_delete_current) {
1077 case DENY_IGNORE:
1078 break;
1079 case DENY_WARN:
1080 rp_warning("deleting the current branch");
1081 break;
1082 case DENY_REFUSE:
1083 case DENY_UNCONFIGURED:
1084 case DENY_UPDATE_INSTEAD:
1085 if (deny_delete_current == DENY_UNCONFIGURED)
1086 refuse_unconfigured_deny_delete_current();
1087 rp_error("refusing to delete the current branch: %s", name);
1088 return "deletion of the current branch prohibited";
1089 default:
1090 return "Invalid denyDeleteCurrent setting";
1091 }
1092 }
1093 }
1094 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1096 !is_null_oid(old_oid) &&
1097 starts_with(name, "refs/heads/")) {
1098 struct object *old_object, *new_object;
1099 struct commit *old_commit, *new_commit;
1100 old_object = parse_object(the_repository, old_oid);
1102 new_object = parse_object(the_repository, new_oid);
1103 if (!old_object || !new_object ||
1105 old_object->type != OBJ_COMMIT ||
1106 new_object->type != OBJ_COMMIT) {
1107 error("bad sha1 objects for %s", name);
1108 return "bad ref";
1109 }
1110 old_commit = (struct commit *)old_object;
1111 new_commit = (struct commit *)new_object;
1112 if (!in_merge_bases(old_commit, new_commit)) {
1113 rp_error("denying non-fast-forward %s"
1114 " (you should pull first)", name);
1115 return "non-fast-forward";
1116 }
1117 }
1118 if (run_update_hook(cmd)) {
1119 rp_error("hook declined to update %s", name);
1120 return "hook declined";
1121 }
1122 if (do_update_worktree) {
1124 ret = update_worktree(new_oid->hash);
1125 if (ret)
1126 return ret;
1127 }
1128 if (is_null_oid(new_oid)) {
1130 struct strbuf err = STRBUF_INIT;
1131 if (!parse_object(the_repository, old_oid)) {
1132 old_oid = NULL;
1133 if (ref_exists(name)) {
1134 rp_warning("Allowing deletion of corrupt ref.");
1135 } else {
1136 rp_warning("Deleting a non-existent ref.");
1137 cmd->did_not_exist = 1;
1138 }
1139 }
1140 if (ref_transaction_delete(transaction,
1141 namespaced_name,
1142 old_oid,
1143 0, "push", &err)) {
1144 rp_error("%s", err.buf);
1145 strbuf_release(&err);
1146 return "failed to delete";
1147 }
1148 strbuf_release(&err);
1149 return NULL; /* good */
1150 }
1151 else {
1152 struct strbuf err = STRBUF_INIT;
1153 if (shallow_update && si->shallow_ref[cmd->index] &&
1154 update_shallow_ref(cmd, si))
1155 return "shallow error";
1156 if (ref_transaction_update(transaction,
1158 namespaced_name,
1159 new_oid, old_oid,
1160 0, "push",
1161 &err)) {
1162 rp_error("%s", err.buf);
1163 strbuf_release(&err);
1164 return "failed to update ref";
1166 }
1167 strbuf_release(&err);
1168 return NULL; /* good */
1170 }
1171}
1172static void run_update_post_hook(struct command *commands)
1174{
1175 struct command *cmd;
1176 struct child_process proc = CHILD_PROCESS_INIT;
1177 const char *hook;
1178 hook = find_hook("post-update");
1180 if (!hook)
1181 return;
1182 for (cmd = commands; cmd; cmd = cmd->next) {
1184 if (cmd->error_string || cmd->did_not_exist)
1185 continue;
1186 if (!proc.args.argc)
1187 argv_array_push(&proc.args, hook);
1188 argv_array_push(&proc.args, cmd->ref_name);
1189 }
1190 if (!proc.args.argc)
1191 return;
1192 proc.no_stdin = 1;
1194 proc.stdout_to_stderr = 1;
1195 proc.err = use_sideband ? -1 : 0;
1196 proc.trace2_hook_name = "post-update";
1197 if (!start_command(&proc)) {
1199 if (use_sideband)
1200 copy_to_sideband(proc.err, -1, NULL);
1201 finish_command(&proc);
1202 }
1203}
1204static void check_aliased_update(struct command *cmd, struct string_list *list)
1206{
1207 struct strbuf buf = STRBUF_INIT;
1208 const char *dst_name;
1209 struct string_list_item *item;
1210 struct command *dst_cmd;
1211 int flag;
1212 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1214 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1215 strbuf_release(&buf);
1216 if (!(flag & REF_ISSYMREF))
1218 return;
1219 if (!dst_name) {
1221 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1222 cmd->skip_update = 1;
1223 cmd->error_string = "broken symref";
1224 return;
1225 }
1226 dst_name = strip_namespace(dst_name);
1227 if ((item = string_list_lookup(list, dst_name)) == NULL)
1229 return;
1230 cmd->skip_update = 1;
1232 dst_cmd = (struct command *) item->util;
1234 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1236 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1237 return;
1238 dst_cmd->skip_update = 1;
1240 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1242 " its target '%s' (%s..%s)",
1243 cmd->ref_name,
1244 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1245 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1246 dst_cmd->ref_name,
1247 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1248 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1249 cmd->error_string = dst_cmd->error_string =
1251 "inconsistent aliased update";
1252}
1253static void check_aliased_updates(struct command *commands)
1255{
1256 struct command *cmd;
1257 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1258 for (cmd = commands; cmd; cmd = cmd->next) {
1260 struct string_list_item *item =
1261 string_list_append(&ref_list, cmd->ref_name);
1262 item->util = (void *)cmd;
1263 }
1264 string_list_sort(&ref_list);
1265 for (cmd = commands; cmd; cmd = cmd->next) {
1267 if (!cmd->error_string)
1268 check_aliased_update(cmd, &ref_list);
1269 }
1270 string_list_clear(&ref_list, 0);
1272}
1273static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1275{
1276 struct command **cmd_list = cb_data;
1277 struct command *cmd = *cmd_list;
1278 if (!cmd || is_null_oid(&cmd->new_oid))
1280 return -1; /* end of list */
1281 *cmd_list = NULL; /* this returns only one */
1282 oidcpy(oid, &cmd->new_oid);
1283 return 0;
1284}
1285static void set_connectivity_errors(struct command *commands,
1287 struct shallow_info *si)
1288{
1289 struct command *cmd;
1290 for (cmd = commands; cmd; cmd = cmd->next) {
1292 struct command *singleton = cmd;
1293 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1294 if (shallow_update && si->shallow_ref[cmd->index])
1296 /* to be checked in update_shallow_ref() */
1297 continue;
1298 opt.env = tmp_objdir_env(tmp_objdir);
1300 if (!check_connected(command_singleton_iterator, &singleton,
1301 &opt))
1302 continue;
1303 cmd->error_string = "missing necessary objects";
1305 }
1306}
1307struct iterate_data {
1309 struct command *cmds;
1310 struct shallow_info *si;
1311};
1312static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1314{
1315 struct iterate_data *data = cb_data;
1316 struct command **cmd_list = &data->cmds;
1317 struct command *cmd = *cmd_list;
1318 for (; cmd; cmd = cmd->next) {
1320 if (shallow_update && data->si->shallow_ref[cmd->index])
1321 /* to be checked in update_shallow_ref() */
1322 continue;
1323 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1324 oidcpy(oid, &cmd->new_oid);
1325 *cmd_list = cmd->next;
1326 return 0;
1327 }
1328 }
1329 *cmd_list = NULL;
1330 return -1; /* end of list */
1331}
1332static void reject_updates_to_hidden(struct command *commands)
1334{
1335 struct strbuf refname_full = STRBUF_INIT;
1336 size_t prefix_len;
1337 struct command *cmd;
1338 strbuf_addstr(&refname_full, get_git_namespace());
1340 prefix_len = refname_full.len;
1341 for (cmd = commands; cmd; cmd = cmd->next) {
1343 if (cmd->error_string)
1344 continue;
1345 strbuf_setlen(&refname_full, prefix_len);
1347 strbuf_addstr(&refname_full, cmd->ref_name);
1348 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1350 continue;
1351 if (is_null_oid(&cmd->new_oid))
1352 cmd->error_string = "deny deleting a hidden ref";
1353 else
1354 cmd->error_string = "deny updating a hidden ref";
1355 }
1356 strbuf_release(&refname_full);
1358}
1359static int should_process_cmd(struct command *cmd)
1361{
1362 return !cmd->error_string && !cmd->skip_update;
1363}
1364static void warn_if_skipped_connectivity_check(struct command *commands,
1366 struct shallow_info *si)
1367{
1368 struct command *cmd;
1369 int checked_connectivity = 1;
1370 for (cmd = commands; cmd; cmd = cmd->next) {
1372 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1373 error("BUG: connectivity check has not been run on ref %s",
1374 cmd->ref_name);
1375 checked_connectivity = 0;
1376 }
1377 }
1378 if (!checked_connectivity)
1379 BUG("connectivity check skipped???");
1380}
1381static void execute_commands_non_atomic(struct command *commands,
1383 struct shallow_info *si)
1384{
1385 struct command *cmd;
1386 struct strbuf err = STRBUF_INIT;
1387 for (cmd = commands; cmd; cmd = cmd->next) {
1389 if (!should_process_cmd(cmd))
1390 continue;
1391 transaction = ref_transaction_begin(&err);
1393 if (!transaction) {
1394 rp_error("%s", err.buf);
1395 strbuf_reset(&err);
1396 cmd->error_string = "transaction failed to start";
1397 continue;
1398 }
1399 cmd->error_string = update(cmd, si);
1401 if (!cmd->error_string
1403 && ref_transaction_commit(transaction, &err)) {
1404 rp_error("%s", err.buf);
1405 strbuf_reset(&err);
1406 cmd->error_string = "failed to update ref";
1407 }
1408 ref_transaction_free(transaction);
1409 }
1410 strbuf_release(&err);
1411}
1412static void execute_commands_atomic(struct command *commands,
1414 struct shallow_info *si)
1415{
1416 struct command *cmd;
1417 struct strbuf err = STRBUF_INIT;
1418 const char *reported_error = "atomic push failure";
1419 transaction = ref_transaction_begin(&err);
1421 if (!transaction) {
1422 rp_error("%s", err.buf);
1423 strbuf_reset(&err);
1424 reported_error = "transaction failed to start";
1425 goto failure;
1426 }
1427 for (cmd = commands; cmd; cmd = cmd->next) {
1429 if (!should_process_cmd(cmd))
1430 continue;
1431 cmd->error_string = update(cmd, si);
1433 if (cmd->error_string)
1435 goto failure;
1436 }
1437 if (ref_transaction_commit(transaction, &err)) {
1439 rp_error("%s", err.buf);
1440 reported_error = "atomic transaction failed";
1441 goto failure;
1442 }
1443 goto cleanup;
1444failure:
1446 for (cmd = commands; cmd; cmd = cmd->next)
1447 if (!cmd->error_string)
1448 cmd->error_string = reported_error;
1449cleanup:
1451 ref_transaction_free(transaction);
1452 strbuf_release(&err);
1453}
1454static void execute_commands(struct command *commands,
1456 const char *unpacker_error,
1457 struct shallow_info *si,
1458 const struct string_list *push_options)
1459{
1460 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1461 struct command *cmd;
1462 struct iterate_data data;
1463 struct async muxer;
1464 int err_fd = 0;
1465 if (unpacker_error) {
1467 for (cmd = commands; cmd; cmd = cmd->next)
1468 cmd->error_string = "unpacker error";
1469 return;
1470 }
1471 if (use_sideband) {
1473 memset(&muxer, 0, sizeof(muxer));
1474 muxer.proc = copy_to_sideband;
1475 muxer.in = -1;
1476 if (!start_async(&muxer))
1477 err_fd = muxer.in;
1478 /* ...else, continue without relaying sideband */
1479 }
1480 data.cmds = commands;
1482 data.si = si;
1483 opt.err_fd = err_fd;
1484 opt.progress = err_fd && !quiet;
1485 opt.env = tmp_objdir_env(tmp_objdir);
1486 if (check_connected(iterate_receive_command_list, &data, &opt))
1487 set_connectivity_errors(commands, si);
1488 if (use_sideband)
1490 finish_async(&muxer);
1491 reject_updates_to_hidden(commands);
1493 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1495 for (cmd = commands; cmd; cmd = cmd->next) {
1496 if (!cmd->error_string)
1497 cmd->error_string = "pre-receive hook declined";
1498 }
1499 return;
1500 }
1501 /*
1503 * Now we'll start writing out refs, which means the objects need
1504 * to be in their final positions so that other processes can see them.
1505 */
1506 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1507 for (cmd = commands; cmd; cmd = cmd->next) {
1508 if (!cmd->error_string)
1509 cmd->error_string = "unable to migrate objects to permanent storage";
1510 }
1511 return;
1512 }
1513 tmp_objdir = NULL;
1514 check_aliased_updates(commands);
1516 free(head_name_to_free);
1518 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1519 if (use_atomic)
1521 execute_commands_atomic(commands, si);
1522 else
1523 execute_commands_non_atomic(commands, si);
1524 if (shallow_update)
1526 warn_if_skipped_connectivity_check(commands, si);
1527}
1528static struct command **queue_command(struct command **tail,
1530 const char *line,
1531 int linelen)
1532{
1533 struct object_id old_oid, new_oid;
1534 struct command *cmd;
1535 const char *refname;
1536 int reflen;
1537 const char *p;
1538 if (parse_oid_hex(line, &old_oid, &p) ||
1540 *p++ != ' ' ||
1541 parse_oid_hex(p, &new_oid, &p) ||
1542 *p++ != ' ')
1543 die("protocol error: expected old/new/ref, got '%s'", line);
1544 refname = p;
1546 reflen = linelen - (p - line);
1547 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1548 oidcpy(&cmd->old_oid, &old_oid);
1549 oidcpy(&cmd->new_oid, &new_oid);
1550 *tail = cmd;
1551 return &cmd->next;
1552}
1553static void queue_commands_from_cert(struct command **tail,
1555 struct strbuf *push_cert)
1556{
1557 const char *boc, *eoc;
1558 if (*tail)
1560 die("protocol error: got both push certificate and unsigned commands");
1561 boc = strstr(push_cert->buf, "\n\n");
1563 if (!boc)
1564 die("malformed push certificate %.*s", 100, push_cert->buf);
1565 else
1566 boc += 2;
1567 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1568 while (boc < eoc) {
1570 const char *eol = memchr(boc, '\n', eoc - boc);
1571 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1572 boc = eol ? eol + 1 : eoc;
1573 }
1574}
1575static struct command *read_head_info(struct packet_reader *reader,
1577 struct oid_array *shallow)
1578{
1579 struct command *commands = NULL;
1580 struct command **p = &commands;
1581 for (;;) {
1582 int linelen;
1583 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1585 break;
1586 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1588 struct object_id oid;
1589 if (get_oid_hex(reader->line + 8, &oid))
1590 die("protocol error: expected shallow sha, got '%s'",
1591 reader->line + 8);
1592 oid_array_append(shallow, &oid);
1593 continue;
1594 }
1595 linelen = strlen(reader->line);
1597 if (linelen < reader->pktlen) {
1598 const char *feature_list = reader->line + linelen + 1;
1599 if (parse_feature_request(feature_list, "report-status"))
1600 report_status = 1;
1601 if (parse_feature_request(feature_list, "side-band-64k"))
1602 use_sideband = LARGE_PACKET_MAX;
1603 if (parse_feature_request(feature_list, "quiet"))
1604 quiet = 1;
1605 if (advertise_atomic_push
1606 && parse_feature_request(feature_list, "atomic"))
1607 use_atomic = 1;
1608 if (advertise_push_options
1609 && parse_feature_request(feature_list, "push-options"))
1610 use_push_options = 1;
1611 }
1612 if (!strcmp(reader->line, "push-cert")) {
1614 int true_flush = 0;
1615 int saved_options = reader->options;
1616 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1617 for (;;) {
1619 packet_reader_read(reader);
1620 if (reader->status == PACKET_READ_FLUSH) {
1621 true_flush = 1;
1622 break;
1623 }
1624 if (reader->status != PACKET_READ_NORMAL) {
1625 die("protocol error: got an unexpected packet");
1626 }
1627 if (!strcmp(reader->line, "push-cert-end\n"))
1628 break; /* end of cert */
1629 strbuf_addstr(&push_cert, reader->line);
1630 }
1631 reader->options = saved_options;
1632 if (true_flush)
1634 break;
1635 continue;
1636 }
1637 p = queue_command(p, reader->line, linelen);
1639 }
1640 if (push_cert.len)
1642 queue_commands_from_cert(p, &push_cert);
1643 return commands;
1645}
1646static void read_push_options(struct packet_reader *reader,
1648 struct string_list *options)
1649{
1650 while (1) {
1651 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1652 break;
1653 string_list_append(options, reader->line);
1655 }
1656}
1657static const char *parse_pack_header(struct pack_header *hdr)
1659{
1660 switch (read_pack_header(0, hdr)) {
1661 case PH_ERROR_EOF:
1662 return "eof before pack header was fully read";
1663 case PH_ERROR_PACK_SIGNATURE:
1665 return "protocol error (pack signature mismatch detected)";
1666 case PH_ERROR_PROTOCOL:
1668 return "protocol error (pack version unsupported)";
1669 default:
1671 return "unknown error in parse_pack_header";
1672 case 0:
1674 return NULL;
1675 }
1676}
1677static const char *pack_lockfile;
1679static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1681{
1682 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1683 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1684}
1685static const char *unpack(int err_fd, struct shallow_info *si)
1687{
1688 struct pack_header hdr;
1689 const char *hdr_err;
1690 int status;
1691 struct child_process child = CHILD_PROCESS_INIT;
1692 int fsck_objects = (receive_fsck_objects >= 0
1693 ? receive_fsck_objects
1694 : transfer_fsck_objects >= 0
1695 ? transfer_fsck_objects
1696 : 0);
1697 hdr_err = parse_pack_header(&hdr);
1699 if (hdr_err) {
1700 if (err_fd > 0)
1701 close(err_fd);
1702 return hdr_err;
1703 }
1704 if (si->nr_ours || si->nr_theirs) {
1706 alt_shallow_file = setup_temporary_shallow(si->shallow);
1707 argv_array_push(&child.args, "--shallow-file");
1708 argv_array_push(&child.args, alt_shallow_file);
1709 }
1710 tmp_objdir = tmp_objdir_create();
1712 if (!tmp_objdir) {
1713 if (err_fd > 0)
1714 close(err_fd);
1715 return "unable to create temporary object directory";
1716 }
1717 child.env = tmp_objdir_env(tmp_objdir);
1718 /*
1720 * Normally we just pass the tmp_objdir environment to the child
1721 * processes that do the heavy lifting, but we may need to see these
1722 * objects ourselves to set up shallow information.
1723 */
1724 tmp_objdir_add_as_alternate(tmp_objdir);
1725 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1727 argv_array_push(&child.args, "unpack-objects");
1728 push_header_arg(&child.args, &hdr);
1729 if (quiet)
1730 argv_array_push(&child.args, "-q");
1731 if (fsck_objects)
1732 argv_array_pushf(&child.args, "--strict%s",
1733 fsck_msg_types.buf);
1734 if (max_input_size)
1735 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1736 (uintmax_t)max_input_size);
1737 child.no_stdout = 1;
1738 child.err = err_fd;
1739 child.git_cmd = 1;
1740 status = run_command(&child);
1741 if (status)
1742 return "unpack-objects abnormal exit";
1743 } else {
1744 char hostname[HOST_NAME_MAX + 1];
1745 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1747 push_header_arg(&child.args, &hdr);
1748 if (xgethostname(hostname, sizeof(hostname)))
1750 xsnprintf(hostname, sizeof(hostname), "localhost");
1751 argv_array_pushf(&child.args,
1752 "--keep=receive-pack %"PRIuMAX" on %s",
1753 (uintmax_t)getpid(),
1754 hostname);
1755 if (!quiet && err_fd)
1757 argv_array_push(&child.args, "--show-resolving-progress");
1758 if (use_sideband)
1759 argv_array_push(&child.args, "--report-end-of-input");
1760 if (fsck_objects)
1761 argv_array_pushf(&child.args, "--strict%s",
1762 fsck_msg_types.buf);
1763 if (!reject_thin)
1764 argv_array_push(&child.args, "--fix-thin");
1765 if (max_input_size)
1766 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1767 (uintmax_t)max_input_size);
1768 child.out = -1;
1769 child.err = err_fd;
1770 child.git_cmd = 1;
1771 status = start_command(&child);
1772 if (status)
1773 return "index-pack fork failed";
1774 pack_lockfile = index_pack_lockfile(child.out);
1775 close(child.out);
1776 status = finish_command(&child);
1777 if (status)
1778 return "index-pack abnormal exit";
1779 reprepare_packed_git(the_repository);
1780 }
1781 return NULL;
1782}
1783static const char *unpack_with_sideband(struct shallow_info *si)
1785{
1786 struct async muxer;
1787 const char *ret;
1788 if (!use_sideband)
1790 return unpack(0, si);
1791 use_keepalive = KEEPALIVE_AFTER_NUL;
1793 memset(&muxer, 0, sizeof(muxer));
1794 muxer.proc = copy_to_sideband;
1795 muxer.in = -1;
1796 if (start_async(&muxer))
1797 return NULL;
1798 ret = unpack(muxer.in, si);
1800 finish_async(&muxer);
1802 return ret;
1803}
1804static void prepare_shallow_update(struct command *commands,
1806 struct shallow_info *si)
1807{
1808 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1809 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1811 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1812 si->need_reachability_test =
1814 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1815 si->reachable =
1816 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1817 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1818 for (i = 0; i < si->nr_ours; i++)
1820 si->need_reachability_test[si->ours[i]] = 1;
1821 for (i = 0; i < si->shallow->nr; i++) {
1823 if (!si->used_shallow[i])
1824 continue;
1825 for (j = 0; j < bitmap_size; j++) {
1826 if (!si->used_shallow[i][j])
1827 continue;
1828 si->need_reachability_test[i]++;
1829 for (k = 0; k < 32; k++)
1830 if (si->used_shallow[i][j] & (1U << k))
1831 si->shallow_ref[j * 32 + k]++;
1832 }
1833 /*
1835 * true for those associated with some refs and belong
1836 * in "ours" list aka "step 7 not done yet"
1837 */
1838 si->need_reachability_test[i] =
1839 si->need_reachability_test[i] > 1;
1840 }
1841 /*
1843 * keep hooks happy by forcing a temporary shallow file via
1844 * env variable because we can't add --shallow-file to every
1845 * command. check_connected() will be done with
1846 * true .git/shallow though.
1847 */
1848 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1849}
1850static void update_shallow_info(struct command *commands,
1852 struct shallow_info *si,
1853 struct oid_array *ref)
1854{
1855 struct command *cmd;
1856 int *ref_status;
1857 remove_nonexistent_theirs_shallow(si);
1858 if (!si->nr_ours && !si->nr_theirs) {
1859 shallow_update = 0;
1860 return;
1861 }
1862 for (cmd = commands; cmd; cmd = cmd->next) {
1864 if (is_null_oid(&cmd->new_oid))
1865 continue;
1866 oid_array_append(ref, &cmd->new_oid);
1867 cmd->index = ref->nr - 1;
1868 }
1869 si->ref = ref;
1870 if (shallow_update) {
1872 prepare_shallow_update(commands, si);
1873 return;
1874 }
1875 ALLOC_ARRAY(ref_status, ref->nr);
1877 assign_shallow_commits_to_refs(si, NULL, ref_status);
1878 for (cmd = commands; cmd; cmd = cmd->next) {
1879 if (is_null_oid(&cmd->new_oid))
1880 continue;
1881 if (ref_status[cmd->index]) {
1882 cmd->error_string = "shallow update not allowed";
1883 cmd->skip_update = 1;
1884 }
1885 }
1886 free(ref_status);
1887}
1888static void report(struct command *commands, const char *unpack_status)
1890{
1891 struct command *cmd;
1892 struct strbuf buf = STRBUF_INIT;
1893 packet_buf_write(&buf, "unpack %s\n",
1895 unpack_status ? unpack_status : "ok");
1896 for (cmd = commands; cmd; cmd = cmd->next) {
1897 if (!cmd->error_string)
1898 packet_buf_write(&buf, "ok %s\n",
1899 cmd->ref_name);
1900 else
1901 packet_buf_write(&buf, "ng %s %s\n",
1902 cmd->ref_name, cmd->error_string);
1903 }
1904 packet_buf_flush(&buf);
1905 if (use_sideband)
1907 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1908 else
1909 write_or_die(1, buf.buf, buf.len);
1910 strbuf_release(&buf);
1911}
1912static int delete_only(struct command *commands)
1914{
1915 struct command *cmd;
1916 for (cmd = commands; cmd; cmd = cmd->next) {
1917 if (!is_null_oid(&cmd->new_oid))
1918 return 0;
1919 }
1920 return 1;
1921}
1922int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1924{
1925 int advertise_refs = 0;
1926 struct command *commands;
1927 struct oid_array shallow = OID_ARRAY_INIT;
1928 struct oid_array ref = OID_ARRAY_INIT;
1929 struct shallow_info si;
1930 struct packet_reader reader;
1931 struct option options[] = {
1933 OPT__QUIET(&quiet, N_("quiet")),
1934 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1935 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1936 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1937 OPT_END()
1938 };
1939 packet_trace_identity("receive-pack");
1941 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1943 if (argc > 1)
1945 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1946 if (argc == 0)
1947 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1948 service_dir = argv[0];
1950 setup_path();
1952 if (!enter_repo(service_dir, 0))
1954 die("'%s' does not appear to be a git repository", service_dir);
1955 git_config(receive_pack_config, NULL);
1957 if (cert_nonce_seed)
1958 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1959 if (0 <= transfer_unpack_limit)
1961 unpack_limit = transfer_unpack_limit;
1962 else if (0 <= receive_unpack_limit)
1963 unpack_limit = receive_unpack_limit;
1964 switch (determine_protocol_version_server()) {
1966 case protocol_v2:
1967 /*
1968 * push support for protocol v2 has not been implemented yet,
1969 * so ignore the request to use v2 and fallback to using v0.
1970 */
1971 break;
1972 case protocol_v1:
1973 /*
1974 * v1 is just the original protocol with a version string,
1975 * so just fall through after writing the version string.
1976 */
1977 if (advertise_refs || !stateless_rpc)
1978 packet_write_fmt(1, "version 1\n");
1979 /* fallthrough */
1981 case protocol_v0:
1982 break;
1983 case protocol_unknown_version:
1984 BUG("unknown protocol version");
1985 }
1986 if (advertise_refs || !stateless_rpc) {
1988 write_head_info();
1989 }
1990 if (advertise_refs)
1991 return 0;
1992 packet_reader_init(&reader, 0, NULL, 0,
1994 PACKET_READ_CHOMP_NEWLINE |
1995 PACKET_READ_DIE_ON_ERR_PACKET);
1996 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
1998 const char *unpack_status = NULL;
1999 struct string_list push_options = STRING_LIST_INIT_DUP;
2000 if (use_push_options)
2002 read_push_options(&reader, &push_options);
2003 if (!check_cert_push_options(&push_options)) {
2004 struct command *cmd;
2005 for (cmd = commands; cmd; cmd = cmd->next)
2006 cmd->error_string = "inconsistent push options";
2007 }
2008 prepare_shallow_info(&si, &shallow);
2010 if (!si.nr_ours && !si.nr_theirs)
2011 shallow_update = 0;
2012 if (!delete_only(commands)) {
2013 unpack_status = unpack_with_sideband(&si);
2014 update_shallow_info(commands, &si, &ref);
2015 }
2016 use_keepalive = KEEPALIVE_ALWAYS;
2017 execute_commands(commands, unpack_status, &si,
2018 &push_options);
2019 if (pack_lockfile)
2020 unlink_or_warn(pack_lockfile);
2021 if (report_status)
2022 report(commands, unpack_status);
2023 run_receive_hook(commands, "post-receive", 1,
2024 &push_options);
2025 run_update_post_hook(commands);
2026 string_list_clear(&push_options, 0);
2027 if (auto_gc) {
2028 const char *argv_gc_auto[] = {
2029 "gc", "--auto", "--quiet", NULL,
2030 };
2031 struct child_process proc = CHILD_PROCESS_INIT;
2032 proc.no_stdin = 1;
2034 proc.stdout_to_stderr = 1;
2035 proc.err = use_sideband ? -1 : 0;
2036 proc.git_cmd = 1;
2037 proc.argv = argv_gc_auto;
2038 close_all_packs(the_repository->objects);
2040 if (!start_command(&proc)) {
2041 if (use_sideband)
2042 copy_to_sideband(proc.err, -1, NULL);
2043 finish_command(&proc);
2044 }
2045 }
2046 if (auto_update_server_info)
2047 update_server_info(0);
2048 clear_shallow_info(&si);
2049 }
2050 if (use_sideband)
2051 packet_flush(1);
2052 oid_array_clear(&shallow);
2053 oid_array_clear(&ref);
2054 free((void *)push_cert_nonce);
2055 return 0;
2056}