]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Git 2.35.8
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "hook.h"
11 #include "exec-cmd.h"
12 #include "commit.h"
13 #include "object.h"
14 #include "remote.h"
15 #include "connect.h"
16 #include "string-list.h"
17 #include "oid-array.h"
18 #include "connected.h"
19 #include "strvec.h"
20 #include "version.h"
21 #include "tag.h"
22 #include "gpg-interface.h"
23 #include "sigchain.h"
24 #include "fsck.h"
25 #include "tmp-objdir.h"
26 #include "oidset.h"
27 #include "packfile.h"
28 #include "object-store.h"
29 #include "protocol.h"
30 #include "commit-reach.h"
31 #include "worktree.h"
32 #include "shallow.h"
33
34 static const char * const receive_pack_usage[] = {
35 N_("git receive-pack <git-dir>"),
36 NULL
37 };
38
39 enum deny_action {
40 DENY_UNCONFIGURED,
41 DENY_IGNORE,
42 DENY_WARN,
43 DENY_REFUSE,
44 DENY_UPDATE_INSTEAD
45 };
46
47 static int deny_deletes;
48 static int deny_non_fast_forwards;
49 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
50 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
51 static int receive_fsck_objects = -1;
52 static int transfer_fsck_objects = -1;
53 static struct strbuf fsck_msg_types = STRBUF_INIT;
54 static int receive_unpack_limit = -1;
55 static int transfer_unpack_limit = -1;
56 static int advertise_atomic_push = 1;
57 static int advertise_push_options;
58 static int advertise_sid;
59 static int unpack_limit = 100;
60 static off_t max_input_size;
61 static int report_status;
62 static int report_status_v2;
63 static int use_sideband;
64 static int use_atomic;
65 static int use_push_options;
66 static int quiet;
67 static int prefer_ofs_delta = 1;
68 static int auto_update_server_info;
69 static int auto_gc = 1;
70 static int reject_thin;
71 static int stateless_rpc;
72 static const char *service_dir;
73 static const char *head_name;
74 static void *head_name_to_free;
75 static int sent_capabilities;
76 static int shallow_update;
77 static const char *alt_shallow_file;
78 static struct strbuf push_cert = STRBUF_INIT;
79 static struct object_id push_cert_oid;
80 static struct signature_check sigcheck;
81 static const char *push_cert_nonce;
82 static const char *cert_nonce_seed;
83
84 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
85 static const char *NONCE_BAD = "BAD";
86 static const char *NONCE_MISSING = "MISSING";
87 static const char *NONCE_OK = "OK";
88 static const char *NONCE_SLOP = "SLOP";
89 static const char *nonce_status;
90 static long nonce_stamp_slop;
91 static timestamp_t nonce_stamp_slop_limit;
92 static struct ref_transaction *transaction;
93
94 static enum {
95 KEEPALIVE_NEVER = 0,
96 KEEPALIVE_AFTER_NUL,
97 KEEPALIVE_ALWAYS
98 } use_keepalive;
99 static int keepalive_in_sec = 5;
100
101 static struct tmp_objdir *tmp_objdir;
102
103 static struct proc_receive_ref {
104 unsigned int want_add:1,
105 want_delete:1,
106 want_modify:1,
107 negative_ref:1;
108 char *ref_prefix;
109 struct proc_receive_ref *next;
110 } *proc_receive_ref;
111
112 static void proc_receive_ref_append(const char *prefix);
113
114 static enum deny_action parse_deny_action(const char *var, const char *value)
115 {
116 if (value) {
117 if (!strcasecmp(value, "ignore"))
118 return DENY_IGNORE;
119 if (!strcasecmp(value, "warn"))
120 return DENY_WARN;
121 if (!strcasecmp(value, "refuse"))
122 return DENY_REFUSE;
123 if (!strcasecmp(value, "updateinstead"))
124 return DENY_UPDATE_INSTEAD;
125 }
126 if (git_config_bool(var, value))
127 return DENY_REFUSE;
128 return DENY_IGNORE;
129 }
130
131 static int receive_pack_config(const char *var, const char *value, void *cb)
132 {
133 int status = parse_hide_refs_config(var, value, "receive");
134
135 if (status)
136 return status;
137
138 status = git_gpg_config(var, value, NULL);
139 if (status)
140 return status;
141
142 if (strcmp(var, "receive.denydeletes") == 0) {
143 deny_deletes = git_config_bool(var, value);
144 return 0;
145 }
146
147 if (strcmp(var, "receive.denynonfastforwards") == 0) {
148 deny_non_fast_forwards = git_config_bool(var, value);
149 return 0;
150 }
151
152 if (strcmp(var, "receive.unpacklimit") == 0) {
153 receive_unpack_limit = git_config_int(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "transfer.unpacklimit") == 0) {
158 transfer_unpack_limit = git_config_int(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsck.skiplist") == 0) {
163 const char *path;
164
165 if (git_config_pathname(&path, var, value))
166 return 1;
167 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
168 fsck_msg_types.len ? ',' : '=', path);
169 free((char *)path);
170 return 0;
171 }
172
173 if (skip_prefix(var, "receive.fsck.", &var)) {
174 if (is_valid_msg_type(var, value))
175 strbuf_addf(&fsck_msg_types, "%c%s=%s",
176 fsck_msg_types.len ? ',' : '=', var, value);
177 else
178 warning("skipping unknown msg id '%s'", var);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.fsckobjects") == 0) {
183 receive_fsck_objects = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "transfer.fsckobjects") == 0) {
188 transfer_fsck_objects = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (!strcmp(var, "receive.denycurrentbranch")) {
193 deny_current_branch = parse_deny_action(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.denydeletecurrent") == 0) {
198 deny_delete_current = parse_deny_action(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
203 prefer_ofs_delta = git_config_bool(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.updateserverinfo") == 0) {
208 auto_update_server_info = git_config_bool(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.autogc") == 0) {
213 auto_gc = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.shallowupdate") == 0) {
218 shallow_update = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.certnonceseed") == 0)
223 return git_config_string(&cert_nonce_seed, var, value);
224
225 if (strcmp(var, "receive.certnonceslop") == 0) {
226 nonce_stamp_slop_limit = git_config_ulong(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.advertiseatomic") == 0) {
231 advertise_atomic_push = git_config_bool(var, value);
232 return 0;
233 }
234
235 if (strcmp(var, "receive.advertisepushoptions") == 0) {
236 advertise_push_options = git_config_bool(var, value);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.keepalive") == 0) {
241 keepalive_in_sec = git_config_int(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.maxinputsize") == 0) {
246 max_input_size = git_config_int64(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.procreceiverefs") == 0) {
251 if (!value)
252 return config_error_nonbool(var);
253 proc_receive_ref_append(value);
254 return 0;
255 }
256
257 if (strcmp(var, "transfer.advertisesid") == 0) {
258 advertise_sid = git_config_bool(var, value);
259 return 0;
260 }
261
262 return git_default_config(var, value, cb);
263 }
264
265 static void show_ref(const char *path, const struct object_id *oid)
266 {
267 if (sent_capabilities) {
268 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
269 } else {
270 struct strbuf cap = STRBUF_INIT;
271
272 strbuf_addstr(&cap,
273 "report-status report-status-v2 delete-refs side-band-64k quiet");
274 if (advertise_atomic_push)
275 strbuf_addstr(&cap, " atomic");
276 if (prefer_ofs_delta)
277 strbuf_addstr(&cap, " ofs-delta");
278 if (push_cert_nonce)
279 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
280 if (advertise_push_options)
281 strbuf_addstr(&cap, " push-options");
282 if (advertise_sid)
283 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
284 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
285 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
286 packet_write_fmt(1, "%s %s%c%s\n",
287 oid_to_hex(oid), path, 0, cap.buf);
288 strbuf_release(&cap);
289 sent_capabilities = 1;
290 }
291 }
292
293 static int show_ref_cb(const char *path_full, const struct object_id *oid,
294 int flag, void *data)
295 {
296 struct oidset *seen = data;
297 const char *path = strip_namespace(path_full);
298
299 if (ref_is_hidden(path, path_full))
300 return 0;
301
302 /*
303 * Advertise refs outside our current namespace as ".have"
304 * refs, so that the client can use them to minimize data
305 * transfer but will otherwise ignore them.
306 */
307 if (!path) {
308 if (oidset_insert(seen, oid))
309 return 0;
310 path = ".have";
311 } else {
312 oidset_insert(seen, oid);
313 }
314 show_ref(path, oid);
315 return 0;
316 }
317
318 static void show_one_alternate_ref(const struct object_id *oid,
319 void *data)
320 {
321 struct oidset *seen = data;
322
323 if (oidset_insert(seen, oid))
324 return;
325
326 show_ref(".have", oid);
327 }
328
329 static void write_head_info(void)
330 {
331 static struct oidset seen = OIDSET_INIT;
332
333 for_each_ref(show_ref_cb, &seen);
334 for_each_alternate_ref(show_one_alternate_ref, &seen);
335 oidset_clear(&seen);
336 if (!sent_capabilities)
337 show_ref("capabilities^{}", null_oid());
338
339 advertise_shallow_grafts(1);
340
341 /* EOF */
342 packet_flush(1);
343 }
344
345 #define RUN_PROC_RECEIVE_SCHEDULED 1
346 #define RUN_PROC_RECEIVE_RETURNED 2
347 struct command {
348 struct command *next;
349 const char *error_string;
350 struct ref_push_report *report;
351 unsigned int skip_update:1,
352 did_not_exist:1,
353 run_proc_receive:2;
354 int index;
355 struct object_id old_oid;
356 struct object_id new_oid;
357 char ref_name[FLEX_ARRAY]; /* more */
358 };
359
360 static void proc_receive_ref_append(const char *prefix)
361 {
362 struct proc_receive_ref *ref_pattern;
363 char *p;
364 int len;
365
366 CALLOC_ARRAY(ref_pattern, 1);
367 p = strchr(prefix, ':');
368 if (p) {
369 while (prefix < p) {
370 if (*prefix == 'a')
371 ref_pattern->want_add = 1;
372 else if (*prefix == 'd')
373 ref_pattern->want_delete = 1;
374 else if (*prefix == 'm')
375 ref_pattern->want_modify = 1;
376 else if (*prefix == '!')
377 ref_pattern->negative_ref = 1;
378 prefix++;
379 }
380 prefix++;
381 } else {
382 ref_pattern->want_add = 1;
383 ref_pattern->want_delete = 1;
384 ref_pattern->want_modify = 1;
385 }
386 len = strlen(prefix);
387 while (len && prefix[len - 1] == '/')
388 len--;
389 ref_pattern->ref_prefix = xmemdupz(prefix, len);
390 if (!proc_receive_ref) {
391 proc_receive_ref = ref_pattern;
392 } else {
393 struct proc_receive_ref *end;
394
395 end = proc_receive_ref;
396 while (end->next)
397 end = end->next;
398 end->next = ref_pattern;
399 }
400 }
401
402 static int proc_receive_ref_matches(struct command *cmd)
403 {
404 struct proc_receive_ref *p;
405
406 if (!proc_receive_ref)
407 return 0;
408
409 for (p = proc_receive_ref; p; p = p->next) {
410 const char *match = p->ref_prefix;
411 const char *remains;
412
413 if (!p->want_add && is_null_oid(&cmd->old_oid))
414 continue;
415 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
416 continue;
417 else if (!p->want_modify &&
418 !is_null_oid(&cmd->old_oid) &&
419 !is_null_oid(&cmd->new_oid))
420 continue;
421
422 if (skip_prefix(cmd->ref_name, match, &remains) &&
423 (!*remains || *remains == '/')) {
424 if (!p->negative_ref)
425 return 1;
426 } else if (p->negative_ref) {
427 return 1;
428 }
429 }
430 return 0;
431 }
432
433 static void report_message(const char *prefix, const char *err, va_list params)
434 {
435 int sz;
436 char msg[4096];
437
438 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
439 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
440 if (sz > (sizeof(msg) - 1))
441 sz = sizeof(msg) - 1;
442 msg[sz++] = '\n';
443
444 if (use_sideband)
445 send_sideband(1, 2, msg, sz, use_sideband);
446 else
447 xwrite(2, msg, sz);
448 }
449
450 __attribute__((format (printf, 1, 2)))
451 static void rp_warning(const char *err, ...)
452 {
453 va_list params;
454 va_start(params, err);
455 report_message("warning: ", err, params);
456 va_end(params);
457 }
458
459 __attribute__((format (printf, 1, 2)))
460 static void rp_error(const char *err, ...)
461 {
462 va_list params;
463 va_start(params, err);
464 report_message("error: ", err, params);
465 va_end(params);
466 }
467
468 static int copy_to_sideband(int in, int out, void *arg)
469 {
470 char data[128];
471 int keepalive_active = 0;
472
473 if (keepalive_in_sec <= 0)
474 use_keepalive = KEEPALIVE_NEVER;
475 if (use_keepalive == KEEPALIVE_ALWAYS)
476 keepalive_active = 1;
477
478 while (1) {
479 ssize_t sz;
480
481 if (keepalive_active) {
482 struct pollfd pfd;
483 int ret;
484
485 pfd.fd = in;
486 pfd.events = POLLIN;
487 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
488
489 if (ret < 0) {
490 if (errno == EINTR)
491 continue;
492 else
493 break;
494 } else if (ret == 0) {
495 /* no data; send a keepalive packet */
496 static const char buf[] = "0005\1";
497 write_or_die(1, buf, sizeof(buf) - 1);
498 continue;
499 } /* else there is actual data to read */
500 }
501
502 sz = xread(in, data, sizeof(data));
503 if (sz <= 0)
504 break;
505
506 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
507 const char *p = memchr(data, '\0', sz);
508 if (p) {
509 /*
510 * The NUL tells us to start sending keepalives. Make
511 * sure we send any other data we read along
512 * with it.
513 */
514 keepalive_active = 1;
515 send_sideband(1, 2, data, p - data, use_sideband);
516 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
517 continue;
518 }
519 }
520
521 /*
522 * Either we're not looking for a NUL signal, or we didn't see
523 * it yet; just pass along the data.
524 */
525 send_sideband(1, 2, data, sz, use_sideband);
526 }
527 close(in);
528 return 0;
529 }
530
531 static void hmac_hash(unsigned char *out,
532 const char *key_in, size_t key_len,
533 const char *text, size_t text_len)
534 {
535 unsigned char key[GIT_MAX_BLKSZ];
536 unsigned char k_ipad[GIT_MAX_BLKSZ];
537 unsigned char k_opad[GIT_MAX_BLKSZ];
538 int i;
539 git_hash_ctx ctx;
540
541 /* RFC 2104 2. (1) */
542 memset(key, '\0', GIT_MAX_BLKSZ);
543 if (the_hash_algo->blksz < key_len) {
544 the_hash_algo->init_fn(&ctx);
545 the_hash_algo->update_fn(&ctx, key_in, key_len);
546 the_hash_algo->final_fn(key, &ctx);
547 } else {
548 memcpy(key, key_in, key_len);
549 }
550
551 /* RFC 2104 2. (2) & (5) */
552 for (i = 0; i < sizeof(key); i++) {
553 k_ipad[i] = key[i] ^ 0x36;
554 k_opad[i] = key[i] ^ 0x5c;
555 }
556
557 /* RFC 2104 2. (3) & (4) */
558 the_hash_algo->init_fn(&ctx);
559 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
560 the_hash_algo->update_fn(&ctx, text, text_len);
561 the_hash_algo->final_fn(out, &ctx);
562
563 /* RFC 2104 2. (6) & (7) */
564 the_hash_algo->init_fn(&ctx);
565 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
566 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
567 the_hash_algo->final_fn(out, &ctx);
568 }
569
570 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
571 {
572 struct strbuf buf = STRBUF_INIT;
573 unsigned char hash[GIT_MAX_RAWSZ];
574
575 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
576 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
577 strbuf_release(&buf);
578
579 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
580 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
581 return strbuf_detach(&buf, NULL);
582 }
583
584 /*
585 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
586 * after dropping "_commit" from its name and possibly moving it out
587 * of commit.c
588 */
589 static char *find_header(const char *msg, size_t len, const char *key,
590 const char **next_line)
591 {
592 int key_len = strlen(key);
593 const char *line = msg;
594
595 while (line && line < msg + len) {
596 const char *eol = strchrnul(line, '\n');
597
598 if ((msg + len <= eol) || line == eol)
599 return NULL;
600 if (line + key_len < eol &&
601 !memcmp(line, key, key_len) && line[key_len] == ' ') {
602 int offset = key_len + 1;
603 if (next_line)
604 *next_line = *eol ? eol + 1 : eol;
605 return xmemdupz(line + offset, (eol - line) - offset);
606 }
607 line = *eol ? eol + 1 : NULL;
608 }
609 return NULL;
610 }
611
612 /*
613 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
614 * This operation is guaranteed to run in constant time to avoid leaking data.
615 */
616 static int constant_memequal(const char *a, const char *b, size_t n)
617 {
618 int res = 0;
619 size_t i;
620
621 for (i = 0; i < n; i++)
622 res |= a[i] ^ b[i];
623 return res;
624 }
625
626 static const char *check_nonce(const char *buf, size_t len)
627 {
628 char *nonce = find_header(buf, len, "nonce", NULL);
629 timestamp_t stamp, ostamp;
630 char *bohmac, *expect = NULL;
631 const char *retval = NONCE_BAD;
632 size_t noncelen;
633
634 if (!nonce) {
635 retval = NONCE_MISSING;
636 goto leave;
637 } else if (!push_cert_nonce) {
638 retval = NONCE_UNSOLICITED;
639 goto leave;
640 } else if (!strcmp(push_cert_nonce, nonce)) {
641 retval = NONCE_OK;
642 goto leave;
643 }
644
645 if (!stateless_rpc) {
646 /* returned nonce MUST match what we gave out earlier */
647 retval = NONCE_BAD;
648 goto leave;
649 }
650
651 /*
652 * In stateless mode, we may be receiving a nonce issued by
653 * another instance of the server that serving the same
654 * repository, and the timestamps may not match, but the
655 * nonce-seed and dir should match, so we can recompute and
656 * report the time slop.
657 *
658 * In addition, when a nonce issued by another instance has
659 * timestamp within receive.certnonceslop seconds, we pretend
660 * as if we issued that nonce when reporting to the hook.
661 */
662
663 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
664 if (*nonce <= '0' || '9' < *nonce) {
665 retval = NONCE_BAD;
666 goto leave;
667 }
668 stamp = parse_timestamp(nonce, &bohmac, 10);
669 if (bohmac == nonce || bohmac[0] != '-') {
670 retval = NONCE_BAD;
671 goto leave;
672 }
673
674 noncelen = strlen(nonce);
675 expect = prepare_push_cert_nonce(service_dir, stamp);
676 if (noncelen != strlen(expect)) {
677 /* This is not even the right size. */
678 retval = NONCE_BAD;
679 goto leave;
680 }
681 if (constant_memequal(expect, nonce, noncelen)) {
682 /* Not what we would have signed earlier */
683 retval = NONCE_BAD;
684 goto leave;
685 }
686
687 /*
688 * By how many seconds is this nonce stale? Negative value
689 * would mean it was issued by another server with its clock
690 * skewed in the future.
691 */
692 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
693 nonce_stamp_slop = (long)ostamp - (long)stamp;
694
695 if (nonce_stamp_slop_limit &&
696 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
697 /*
698 * Pretend as if the received nonce (which passes the
699 * HMAC check, so it is not a forged by third-party)
700 * is what we issued.
701 */
702 free((void *)push_cert_nonce);
703 push_cert_nonce = xstrdup(nonce);
704 retval = NONCE_OK;
705 } else {
706 retval = NONCE_SLOP;
707 }
708
709 leave:
710 free(nonce);
711 free(expect);
712 return retval;
713 }
714
715 /*
716 * Return 1 if there is no push_cert or if the push options in push_cert are
717 * the same as those in the argument; 0 otherwise.
718 */
719 static int check_cert_push_options(const struct string_list *push_options)
720 {
721 const char *buf = push_cert.buf;
722 int len = push_cert.len;
723
724 char *option;
725 const char *next_line;
726 int options_seen = 0;
727
728 int retval = 1;
729
730 if (!len)
731 return 1;
732
733 while ((option = find_header(buf, len, "push-option", &next_line))) {
734 len -= (next_line - buf);
735 buf = next_line;
736 options_seen++;
737 if (options_seen > push_options->nr
738 || strcmp(option,
739 push_options->items[options_seen - 1].string)) {
740 retval = 0;
741 goto leave;
742 }
743 free(option);
744 }
745
746 if (options_seen != push_options->nr)
747 retval = 0;
748
749 leave:
750 free(option);
751 return retval;
752 }
753
754 static void prepare_push_cert_sha1(struct child_process *proc)
755 {
756 static int already_done;
757
758 if (!push_cert.len)
759 return;
760
761 if (!already_done) {
762 int bogs /* beginning_of_gpg_sig */;
763
764 already_done = 1;
765 if (write_object_file(push_cert.buf, push_cert.len, "blob",
766 &push_cert_oid))
767 oidclr(&push_cert_oid);
768
769 memset(&sigcheck, '\0', sizeof(sigcheck));
770
771 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
772 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
773 sigcheck.payload_len = bogs;
774 check_signature(&sigcheck, push_cert.buf + bogs,
775 push_cert.len - bogs);
776
777 nonce_status = check_nonce(push_cert.buf, bogs);
778 }
779 if (!is_null_oid(&push_cert_oid)) {
780 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
781 oid_to_hex(&push_cert_oid));
782 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
783 sigcheck.signer ? sigcheck.signer : "");
784 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
785 sigcheck.key ? sigcheck.key : "");
786 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
787 sigcheck.result);
788 if (push_cert_nonce) {
789 strvec_pushf(&proc->env_array,
790 "GIT_PUSH_CERT_NONCE=%s",
791 push_cert_nonce);
792 strvec_pushf(&proc->env_array,
793 "GIT_PUSH_CERT_NONCE_STATUS=%s",
794 nonce_status);
795 if (nonce_status == NONCE_SLOP)
796 strvec_pushf(&proc->env_array,
797 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
798 nonce_stamp_slop);
799 }
800 }
801 }
802
803 struct receive_hook_feed_state {
804 struct command *cmd;
805 struct ref_push_report *report;
806 int skip_broken;
807 struct strbuf buf;
808 const struct string_list *push_options;
809 };
810
811 typedef int (*feed_fn)(void *, const char **, size_t *);
812 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
813 struct receive_hook_feed_state *feed_state)
814 {
815 struct child_process proc = CHILD_PROCESS_INIT;
816 struct async muxer;
817 int code;
818 const char *hook_path = find_hook(hook_name);
819
820 if (!hook_path)
821 return 0;
822
823 strvec_push(&proc.args, hook_path);
824 proc.in = -1;
825 proc.stdout_to_stderr = 1;
826 proc.trace2_hook_name = hook_name;
827
828 if (feed_state->push_options) {
829 int i;
830 for (i = 0; i < feed_state->push_options->nr; i++)
831 strvec_pushf(&proc.env_array,
832 "GIT_PUSH_OPTION_%d=%s", i,
833 feed_state->push_options->items[i].string);
834 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
835 feed_state->push_options->nr);
836 } else
837 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
838
839 if (tmp_objdir)
840 strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
841
842 if (use_sideband) {
843 memset(&muxer, 0, sizeof(muxer));
844 muxer.proc = copy_to_sideband;
845 muxer.in = -1;
846 code = start_async(&muxer);
847 if (code)
848 return code;
849 proc.err = muxer.in;
850 }
851
852 prepare_push_cert_sha1(&proc);
853
854 code = start_command(&proc);
855 if (code) {
856 if (use_sideband)
857 finish_async(&muxer);
858 return code;
859 }
860
861 sigchain_push(SIGPIPE, SIG_IGN);
862
863 while (1) {
864 const char *buf;
865 size_t n;
866 if (feed(feed_state, &buf, &n))
867 break;
868 if (write_in_full(proc.in, buf, n) < 0)
869 break;
870 }
871 close(proc.in);
872 if (use_sideband)
873 finish_async(&muxer);
874
875 sigchain_pop(SIGPIPE);
876
877 return finish_command(&proc);
878 }
879
880 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
881 {
882 struct receive_hook_feed_state *state = state_;
883 struct command *cmd = state->cmd;
884
885 while (cmd &&
886 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
887 cmd = cmd->next;
888 if (!cmd)
889 return -1; /* EOF */
890 if (!bufp)
891 return 0; /* OK, can feed something. */
892 strbuf_reset(&state->buf);
893 if (!state->report)
894 state->report = cmd->report;
895 if (state->report) {
896 struct object_id *old_oid;
897 struct object_id *new_oid;
898 const char *ref_name;
899
900 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
901 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
902 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
903 strbuf_addf(&state->buf, "%s %s %s\n",
904 oid_to_hex(old_oid), oid_to_hex(new_oid),
905 ref_name);
906 state->report = state->report->next;
907 if (!state->report)
908 state->cmd = cmd->next;
909 } else {
910 strbuf_addf(&state->buf, "%s %s %s\n",
911 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
912 cmd->ref_name);
913 state->cmd = cmd->next;
914 }
915 if (bufp) {
916 *bufp = state->buf.buf;
917 *sizep = state->buf.len;
918 }
919 return 0;
920 }
921
922 static int run_receive_hook(struct command *commands,
923 const char *hook_name,
924 int skip_broken,
925 const struct string_list *push_options)
926 {
927 struct receive_hook_feed_state state;
928 int status;
929
930 strbuf_init(&state.buf, 0);
931 state.cmd = commands;
932 state.skip_broken = skip_broken;
933 state.report = NULL;
934 if (feed_receive_hook(&state, NULL, NULL))
935 return 0;
936 state.cmd = commands;
937 state.push_options = push_options;
938 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
939 strbuf_release(&state.buf);
940 return status;
941 }
942
943 static int run_update_hook(struct command *cmd)
944 {
945 struct child_process proc = CHILD_PROCESS_INIT;
946 int code;
947 const char *hook_path = find_hook("update");
948
949 if (!hook_path)
950 return 0;
951
952 strvec_push(&proc.args, hook_path);
953 strvec_push(&proc.args, cmd->ref_name);
954 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
955 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
956
957 proc.no_stdin = 1;
958 proc.stdout_to_stderr = 1;
959 proc.err = use_sideband ? -1 : 0;
960 proc.trace2_hook_name = "update";
961
962 code = start_command(&proc);
963 if (code)
964 return code;
965 if (use_sideband)
966 copy_to_sideband(proc.err, -1, NULL);
967 return finish_command(&proc);
968 }
969
970 static struct command *find_command_by_refname(struct command *list,
971 const char *refname)
972 {
973 for (; list; list = list->next)
974 if (!strcmp(list->ref_name, refname))
975 return list;
976 return NULL;
977 }
978
979 static int read_proc_receive_report(struct packet_reader *reader,
980 struct command *commands,
981 struct strbuf *errmsg)
982 {
983 struct command *cmd;
984 struct command *hint = NULL;
985 struct ref_push_report *report = NULL;
986 int new_report = 0;
987 int code = 0;
988 int once = 0;
989 int response = 0;
990
991 for (;;) {
992 struct object_id old_oid, new_oid;
993 const char *head;
994 const char *refname;
995 char *p;
996 enum packet_read_status status;
997
998 status = packet_reader_read(reader);
999 if (status != PACKET_READ_NORMAL) {
1000 /* Check whether proc-receive exited abnormally */
1001 if (status == PACKET_READ_EOF && !response) {
1002 strbuf_addstr(errmsg, "proc-receive exited abnormally");
1003 return -1;
1004 }
1005 break;
1006 }
1007 response++;
1008
1009 head = reader->line;
1010 p = strchr(head, ' ');
1011 if (!p) {
1012 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1013 code = -1;
1014 continue;
1015 }
1016 *p++ = '\0';
1017 if (!strcmp(head, "option")) {
1018 const char *key, *val;
1019
1020 if (!hint || !(report || new_report)) {
1021 if (!once++)
1022 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1023 code = -1;
1024 continue;
1025 }
1026 if (new_report) {
1027 if (!hint->report) {
1028 CALLOC_ARRAY(hint->report, 1);
1029 report = hint->report;
1030 } else {
1031 report = hint->report;
1032 while (report->next)
1033 report = report->next;
1034 report->next = xcalloc(1, sizeof(struct ref_push_report));
1035 report = report->next;
1036 }
1037 new_report = 0;
1038 }
1039 key = p;
1040 p = strchr(key, ' ');
1041 if (p)
1042 *p++ = '\0';
1043 val = p;
1044 if (!strcmp(key, "refname"))
1045 report->ref_name = xstrdup_or_null(val);
1046 else if (!strcmp(key, "old-oid") && val &&
1047 !parse_oid_hex(val, &old_oid, &val))
1048 report->old_oid = oiddup(&old_oid);
1049 else if (!strcmp(key, "new-oid") && val &&
1050 !parse_oid_hex(val, &new_oid, &val))
1051 report->new_oid = oiddup(&new_oid);
1052 else if (!strcmp(key, "forced-update"))
1053 report->forced_update = 1;
1054 else if (!strcmp(key, "fall-through"))
1055 /* Fall through, let 'receive-pack' to execute it. */
1056 hint->run_proc_receive = 0;
1057 continue;
1058 }
1059
1060 report = NULL;
1061 new_report = 0;
1062 refname = p;
1063 p = strchr(refname, ' ');
1064 if (p)
1065 *p++ = '\0';
1066 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1067 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1068 head, refname);
1069 code = -1;
1070 continue;
1071 }
1072
1073 /* first try searching at our hint, falling back to all refs */
1074 if (hint)
1075 hint = find_command_by_refname(hint, refname);
1076 if (!hint)
1077 hint = find_command_by_refname(commands, refname);
1078 if (!hint) {
1079 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1080 refname);
1081 code = -1;
1082 continue;
1083 }
1084 if (!hint->run_proc_receive) {
1085 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1086 refname);
1087 code = -1;
1088 continue;
1089 }
1090 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1091 if (!strcmp(head, "ng")) {
1092 if (p)
1093 hint->error_string = xstrdup(p);
1094 else
1095 hint->error_string = "failed";
1096 code = -1;
1097 continue;
1098 }
1099 new_report = 1;
1100 }
1101
1102 for (cmd = commands; cmd; cmd = cmd->next)
1103 if (cmd->run_proc_receive && !cmd->error_string &&
1104 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1105 cmd->error_string = "proc-receive failed to report status";
1106 code = -1;
1107 }
1108 return code;
1109 }
1110
1111 static int run_proc_receive_hook(struct command *commands,
1112 const struct string_list *push_options)
1113 {
1114 struct child_process proc = CHILD_PROCESS_INIT;
1115 struct async muxer;
1116 struct command *cmd;
1117 struct packet_reader reader;
1118 struct strbuf cap = STRBUF_INIT;
1119 struct strbuf errmsg = STRBUF_INIT;
1120 int hook_use_push_options = 0;
1121 int version = 0;
1122 int code;
1123 const char *hook_path = find_hook("proc-receive");
1124
1125 if (!hook_path) {
1126 rp_error("cannot find hook 'proc-receive'");
1127 return -1;
1128 }
1129
1130 strvec_push(&proc.args, hook_path);
1131 proc.in = -1;
1132 proc.out = -1;
1133 proc.trace2_hook_name = "proc-receive";
1134
1135 if (use_sideband) {
1136 memset(&muxer, 0, sizeof(muxer));
1137 muxer.proc = copy_to_sideband;
1138 muxer.in = -1;
1139 code = start_async(&muxer);
1140 if (code)
1141 return code;
1142 proc.err = muxer.in;
1143 } else {
1144 proc.err = 0;
1145 }
1146
1147 code = start_command(&proc);
1148 if (code) {
1149 if (use_sideband)
1150 finish_async(&muxer);
1151 return code;
1152 }
1153
1154 sigchain_push(SIGPIPE, SIG_IGN);
1155
1156 /* Version negotiaton */
1157 packet_reader_init(&reader, proc.out, NULL, 0,
1158 PACKET_READ_CHOMP_NEWLINE |
1159 PACKET_READ_GENTLE_ON_EOF);
1160 if (use_atomic)
1161 strbuf_addstr(&cap, " atomic");
1162 if (use_push_options)
1163 strbuf_addstr(&cap, " push-options");
1164 if (cap.len) {
1165 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1166 strbuf_release(&cap);
1167 } else {
1168 code = packet_write_fmt_gently(proc.in, "version=1\n");
1169 }
1170 if (!code)
1171 code = packet_flush_gently(proc.in);
1172
1173 if (!code)
1174 for (;;) {
1175 int linelen;
1176 enum packet_read_status status;
1177
1178 status = packet_reader_read(&reader);
1179 if (status != PACKET_READ_NORMAL) {
1180 /* Check whether proc-receive exited abnormally */
1181 if (status == PACKET_READ_EOF)
1182 code = -1;
1183 break;
1184 }
1185
1186 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1187 version = atoi(reader.line + 8);
1188 linelen = strlen(reader.line);
1189 if (linelen < reader.pktlen) {
1190 const char *feature_list = reader.line + linelen + 1;
1191 if (parse_feature_request(feature_list, "push-options"))
1192 hook_use_push_options = 1;
1193 }
1194 }
1195 }
1196
1197 if (code) {
1198 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1199 goto cleanup;
1200 }
1201
1202 switch (version) {
1203 case 0:
1204 /* fallthrough */
1205 case 1:
1206 break;
1207 default:
1208 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1209 version);
1210 code = -1;
1211 goto cleanup;
1212 }
1213
1214 /* Send commands */
1215 for (cmd = commands; cmd; cmd = cmd->next) {
1216 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1217 continue;
1218 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1219 oid_to_hex(&cmd->old_oid),
1220 oid_to_hex(&cmd->new_oid),
1221 cmd->ref_name);
1222 if (code)
1223 break;
1224 }
1225 if (!code)
1226 code = packet_flush_gently(proc.in);
1227 if (code) {
1228 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1229 goto cleanup;
1230 }
1231
1232 /* Send push options */
1233 if (hook_use_push_options) {
1234 struct string_list_item *item;
1235
1236 for_each_string_list_item(item, push_options) {
1237 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1238 if (code)
1239 break;
1240 }
1241 if (!code)
1242 code = packet_flush_gently(proc.in);
1243 if (code) {
1244 strbuf_addstr(&errmsg,
1245 "fail to write push-options to proc-receive hook");
1246 goto cleanup;
1247 }
1248 }
1249
1250 /* Read result from proc-receive */
1251 code = read_proc_receive_report(&reader, commands, &errmsg);
1252
1253 cleanup:
1254 close(proc.in);
1255 close(proc.out);
1256 if (use_sideband)
1257 finish_async(&muxer);
1258 if (finish_command(&proc))
1259 code = -1;
1260 if (errmsg.len >0) {
1261 char *p = errmsg.buf;
1262
1263 p += errmsg.len - 1;
1264 if (*p == '\n')
1265 *p = '\0';
1266 rp_error("%s", errmsg.buf);
1267 strbuf_release(&errmsg);
1268 }
1269 sigchain_pop(SIGPIPE);
1270
1271 return code;
1272 }
1273
1274 static char *refuse_unconfigured_deny_msg =
1275 N_("By default, updating the current branch in a non-bare repository\n"
1276 "is denied, because it will make the index and work tree inconsistent\n"
1277 "with what you pushed, and will require 'git reset --hard' to match\n"
1278 "the work tree to HEAD.\n"
1279 "\n"
1280 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1281 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1282 "its current branch; however, this is not recommended unless you\n"
1283 "arranged to update its work tree to match what you pushed in some\n"
1284 "other way.\n"
1285 "\n"
1286 "To squelch this message and still keep the default behaviour, set\n"
1287 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1288
1289 static void refuse_unconfigured_deny(void)
1290 {
1291 rp_error("%s", _(refuse_unconfigured_deny_msg));
1292 }
1293
1294 static char *refuse_unconfigured_deny_delete_current_msg =
1295 N_("By default, deleting the current branch is denied, because the next\n"
1296 "'git clone' won't result in any file checked out, causing confusion.\n"
1297 "\n"
1298 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1299 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1300 "current branch, with or without a warning message.\n"
1301 "\n"
1302 "To squelch this message, you can set it to 'refuse'.");
1303
1304 static void refuse_unconfigured_deny_delete_current(void)
1305 {
1306 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1307 }
1308
1309 static const struct object_id *command_singleton_iterator(void *cb_data);
1310 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1311 {
1312 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1313 struct oid_array extra = OID_ARRAY_INIT;
1314 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1315 uint32_t mask = 1 << (cmd->index % 32);
1316 int i;
1317
1318 trace_printf_key(&trace_shallow,
1319 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1320 for (i = 0; i < si->shallow->nr; i++)
1321 if (si->used_shallow[i] &&
1322 (si->used_shallow[i][cmd->index / 32] & mask) &&
1323 !delayed_reachability_test(si, i))
1324 oid_array_append(&extra, &si->shallow->oid[i]);
1325
1326 opt.env = tmp_objdir_env(tmp_objdir);
1327 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1328 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1329 rollback_shallow_file(the_repository, &shallow_lock);
1330 oid_array_clear(&extra);
1331 return -1;
1332 }
1333
1334 commit_shallow_file(the_repository, &shallow_lock);
1335
1336 /*
1337 * Make sure setup_alternate_shallow() for the next ref does
1338 * not lose these new roots..
1339 */
1340 for (i = 0; i < extra.nr; i++)
1341 register_shallow(the_repository, &extra.oid[i]);
1342
1343 si->shallow_ref[cmd->index] = 0;
1344 oid_array_clear(&extra);
1345 return 0;
1346 }
1347
1348 /*
1349 * NEEDSWORK: we should consolidate various implementions of "are we
1350 * on an unborn branch?" test into one, and make the unified one more
1351 * robust. !get_sha1() based check used here and elsewhere would not
1352 * allow us to tell an unborn branch from corrupt ref, for example.
1353 * For the purpose of fixing "deploy-to-update does not work when
1354 * pushing into an empty repository" issue, this should suffice for
1355 * now.
1356 */
1357 static int head_has_history(void)
1358 {
1359 struct object_id oid;
1360
1361 return !get_oid("HEAD", &oid);
1362 }
1363
1364 static const char *push_to_deploy(unsigned char *sha1,
1365 struct strvec *env,
1366 const char *work_tree)
1367 {
1368 struct child_process child = CHILD_PROCESS_INIT;
1369
1370 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1371 "--refresh", NULL);
1372 strvec_pushv(&child.env_array, env->v);
1373 child.dir = work_tree;
1374 child.no_stdin = 1;
1375 child.stdout_to_stderr = 1;
1376 child.git_cmd = 1;
1377 if (run_command(&child))
1378 return "Up-to-date check failed";
1379
1380 /* run_command() does not clean up completely; reinitialize */
1381 child_process_init(&child);
1382 strvec_pushl(&child.args, "diff-files", "--quiet",
1383 "--ignore-submodules", "--", NULL);
1384 strvec_pushv(&child.env_array, env->v);
1385 child.dir = work_tree;
1386 child.no_stdin = 1;
1387 child.stdout_to_stderr = 1;
1388 child.git_cmd = 1;
1389 if (run_command(&child))
1390 return "Working directory has unstaged changes";
1391
1392 child_process_init(&child);
1393 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1394 "--ignore-submodules",
1395 /* diff-index with either HEAD or an empty tree */
1396 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1397 "--", NULL);
1398 strvec_pushv(&child.env_array, env->v);
1399 child.no_stdin = 1;
1400 child.no_stdout = 1;
1401 child.stdout_to_stderr = 0;
1402 child.git_cmd = 1;
1403 if (run_command(&child))
1404 return "Working directory has staged changes";
1405
1406 child_process_init(&child);
1407 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1408 NULL);
1409 strvec_pushv(&child.env_array, env->v);
1410 child.dir = work_tree;
1411 child.no_stdin = 1;
1412 child.no_stdout = 1;
1413 child.stdout_to_stderr = 0;
1414 child.git_cmd = 1;
1415 if (run_command(&child))
1416 return "Could not update working tree to new HEAD";
1417
1418 return NULL;
1419 }
1420
1421 static const char *push_to_checkout_hook = "push-to-checkout";
1422
1423 static const char *push_to_checkout(unsigned char *hash,
1424 struct strvec *env,
1425 const char *work_tree)
1426 {
1427 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1428 if (run_hook_le(env->v, push_to_checkout_hook,
1429 hash_to_hex(hash), NULL))
1430 return "push-to-checkout hook declined";
1431 else
1432 return NULL;
1433 }
1434
1435 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1436 {
1437 const char *retval, *git_dir;
1438 struct strvec env = STRVEC_INIT;
1439
1440 if (!worktree || !worktree->path)
1441 BUG("worktree->path must be non-NULL");
1442
1443 if (worktree->is_bare)
1444 return "denyCurrentBranch = updateInstead needs a worktree";
1445 git_dir = get_worktree_git_dir(worktree);
1446
1447 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1448
1449 if (!hook_exists(push_to_checkout_hook))
1450 retval = push_to_deploy(sha1, &env, worktree->path);
1451 else
1452 retval = push_to_checkout(sha1, &env, worktree->path);
1453
1454 strvec_clear(&env);
1455 return retval;
1456 }
1457
1458 static const char *update(struct command *cmd, struct shallow_info *si)
1459 {
1460 const char *name = cmd->ref_name;
1461 struct strbuf namespaced_name_buf = STRBUF_INIT;
1462 static char *namespaced_name;
1463 const char *ret;
1464 struct object_id *old_oid = &cmd->old_oid;
1465 struct object_id *new_oid = &cmd->new_oid;
1466 int do_update_worktree = 0;
1467 struct worktree **worktrees = get_worktrees();
1468 const struct worktree *worktree =
1469 find_shared_symref(worktrees, "HEAD", name);
1470
1471 /* only refs/... are allowed */
1472 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1473 rp_error("refusing to create funny ref '%s' remotely", name);
1474 ret = "funny refname";
1475 goto out;
1476 }
1477
1478 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1479 free(namespaced_name);
1480 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1481
1482 if (worktree && !worktree->is_bare) {
1483 switch (deny_current_branch) {
1484 case DENY_IGNORE:
1485 break;
1486 case DENY_WARN:
1487 rp_warning("updating the current branch");
1488 break;
1489 case DENY_REFUSE:
1490 case DENY_UNCONFIGURED:
1491 rp_error("refusing to update checked out branch: %s", name);
1492 if (deny_current_branch == DENY_UNCONFIGURED)
1493 refuse_unconfigured_deny();
1494 ret = "branch is currently checked out";
1495 goto out;
1496 case DENY_UPDATE_INSTEAD:
1497 /* pass -- let other checks intervene first */
1498 do_update_worktree = 1;
1499 break;
1500 }
1501 }
1502
1503 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1504 error("unpack should have generated %s, "
1505 "but I can't find it!", oid_to_hex(new_oid));
1506 ret = "bad pack";
1507 goto out;
1508 }
1509
1510 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1511 if (deny_deletes && starts_with(name, "refs/heads/")) {
1512 rp_error("denying ref deletion for %s", name);
1513 ret = "deletion prohibited";
1514 goto out;
1515 }
1516
1517 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1518 switch (deny_delete_current) {
1519 case DENY_IGNORE:
1520 break;
1521 case DENY_WARN:
1522 rp_warning("deleting the current branch");
1523 break;
1524 case DENY_REFUSE:
1525 case DENY_UNCONFIGURED:
1526 case DENY_UPDATE_INSTEAD:
1527 if (deny_delete_current == DENY_UNCONFIGURED)
1528 refuse_unconfigured_deny_delete_current();
1529 rp_error("refusing to delete the current branch: %s", name);
1530 ret = "deletion of the current branch prohibited";
1531 goto out;
1532 default:
1533 ret = "Invalid denyDeleteCurrent setting";
1534 goto out;
1535 }
1536 }
1537 }
1538
1539 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1540 !is_null_oid(old_oid) &&
1541 starts_with(name, "refs/heads/")) {
1542 struct object *old_object, *new_object;
1543 struct commit *old_commit, *new_commit;
1544
1545 old_object = parse_object(the_repository, old_oid);
1546 new_object = parse_object(the_repository, new_oid);
1547
1548 if (!old_object || !new_object ||
1549 old_object->type != OBJ_COMMIT ||
1550 new_object->type != OBJ_COMMIT) {
1551 error("bad sha1 objects for %s", name);
1552 ret = "bad ref";
1553 goto out;
1554 }
1555 old_commit = (struct commit *)old_object;
1556 new_commit = (struct commit *)new_object;
1557 if (!in_merge_bases(old_commit, new_commit)) {
1558 rp_error("denying non-fast-forward %s"
1559 " (you should pull first)", name);
1560 ret = "non-fast-forward";
1561 goto out;
1562 }
1563 }
1564 if (run_update_hook(cmd)) {
1565 rp_error("hook declined to update %s", name);
1566 ret = "hook declined";
1567 goto out;
1568 }
1569
1570 if (do_update_worktree) {
1571 ret = update_worktree(new_oid->hash, worktree);
1572 if (ret)
1573 goto out;
1574 }
1575
1576 if (is_null_oid(new_oid)) {
1577 struct strbuf err = STRBUF_INIT;
1578 if (!parse_object(the_repository, old_oid)) {
1579 old_oid = NULL;
1580 if (ref_exists(name)) {
1581 rp_warning("allowing deletion of corrupt ref");
1582 } else {
1583 rp_warning("deleting a non-existent ref");
1584 cmd->did_not_exist = 1;
1585 }
1586 }
1587 if (ref_transaction_delete(transaction,
1588 namespaced_name,
1589 old_oid,
1590 0, "push", &err)) {
1591 rp_error("%s", err.buf);
1592 ret = "failed to delete";
1593 } else {
1594 ret = NULL; /* good */
1595 }
1596 strbuf_release(&err);
1597 }
1598 else {
1599 struct strbuf err = STRBUF_INIT;
1600 if (shallow_update && si->shallow_ref[cmd->index] &&
1601 update_shallow_ref(cmd, si)) {
1602 ret = "shallow error";
1603 goto out;
1604 }
1605
1606 if (ref_transaction_update(transaction,
1607 namespaced_name,
1608 new_oid, old_oid,
1609 0, "push",
1610 &err)) {
1611 rp_error("%s", err.buf);
1612 ret = "failed to update ref";
1613 } else {
1614 ret = NULL; /* good */
1615 }
1616 strbuf_release(&err);
1617 }
1618
1619 out:
1620 free_worktrees(worktrees);
1621 return ret;
1622 }
1623
1624 static void run_update_post_hook(struct command *commands)
1625 {
1626 struct command *cmd;
1627 struct child_process proc = CHILD_PROCESS_INIT;
1628 const char *hook;
1629
1630 hook = find_hook("post-update");
1631 if (!hook)
1632 return;
1633
1634 for (cmd = commands; cmd; cmd = cmd->next) {
1635 if (cmd->error_string || cmd->did_not_exist)
1636 continue;
1637 if (!proc.args.nr)
1638 strvec_push(&proc.args, hook);
1639 strvec_push(&proc.args, cmd->ref_name);
1640 }
1641 if (!proc.args.nr)
1642 return;
1643
1644 proc.no_stdin = 1;
1645 proc.stdout_to_stderr = 1;
1646 proc.err = use_sideband ? -1 : 0;
1647 proc.trace2_hook_name = "post-update";
1648
1649 if (!start_command(&proc)) {
1650 if (use_sideband)
1651 copy_to_sideband(proc.err, -1, NULL);
1652 finish_command(&proc);
1653 }
1654 }
1655
1656 static void check_aliased_update_internal(struct command *cmd,
1657 struct string_list *list,
1658 const char *dst_name, int flag)
1659 {
1660 struct string_list_item *item;
1661 struct command *dst_cmd;
1662
1663 if (!(flag & REF_ISSYMREF))
1664 return;
1665
1666 if (!dst_name) {
1667 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1668 cmd->skip_update = 1;
1669 cmd->error_string = "broken symref";
1670 return;
1671 }
1672 dst_name = strip_namespace(dst_name);
1673
1674 if ((item = string_list_lookup(list, dst_name)) == NULL)
1675 return;
1676
1677 cmd->skip_update = 1;
1678
1679 dst_cmd = (struct command *) item->util;
1680
1681 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1682 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1683 return;
1684
1685 dst_cmd->skip_update = 1;
1686
1687 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1688 " its target '%s' (%s..%s)",
1689 cmd->ref_name,
1690 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1691 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1692 dst_cmd->ref_name,
1693 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1694 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1695
1696 cmd->error_string = dst_cmd->error_string =
1697 "inconsistent aliased update";
1698 }
1699
1700 static void check_aliased_update(struct command *cmd, struct string_list *list)
1701 {
1702 struct strbuf buf = STRBUF_INIT;
1703 const char *dst_name;
1704 int flag;
1705
1706 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1707 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1708 check_aliased_update_internal(cmd, list, dst_name, flag);
1709 strbuf_release(&buf);
1710 }
1711
1712 static void check_aliased_updates(struct command *commands)
1713 {
1714 struct command *cmd;
1715 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1716
1717 for (cmd = commands; cmd; cmd = cmd->next) {
1718 struct string_list_item *item =
1719 string_list_append(&ref_list, cmd->ref_name);
1720 item->util = (void *)cmd;
1721 }
1722 string_list_sort(&ref_list);
1723
1724 for (cmd = commands; cmd; cmd = cmd->next) {
1725 if (!cmd->error_string)
1726 check_aliased_update(cmd, &ref_list);
1727 }
1728
1729 string_list_clear(&ref_list, 0);
1730 }
1731
1732 static const struct object_id *command_singleton_iterator(void *cb_data)
1733 {
1734 struct command **cmd_list = cb_data;
1735 struct command *cmd = *cmd_list;
1736
1737 if (!cmd || is_null_oid(&cmd->new_oid))
1738 return NULL;
1739 *cmd_list = NULL; /* this returns only one */
1740 return &cmd->new_oid;
1741 }
1742
1743 static void set_connectivity_errors(struct command *commands,
1744 struct shallow_info *si)
1745 {
1746 struct command *cmd;
1747
1748 for (cmd = commands; cmd; cmd = cmd->next) {
1749 struct command *singleton = cmd;
1750 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1751
1752 if (shallow_update && si->shallow_ref[cmd->index])
1753 /* to be checked in update_shallow_ref() */
1754 continue;
1755
1756 opt.env = tmp_objdir_env(tmp_objdir);
1757 if (!check_connected(command_singleton_iterator, &singleton,
1758 &opt))
1759 continue;
1760
1761 cmd->error_string = "missing necessary objects";
1762 }
1763 }
1764
1765 struct iterate_data {
1766 struct command *cmds;
1767 struct shallow_info *si;
1768 };
1769
1770 static const struct object_id *iterate_receive_command_list(void *cb_data)
1771 {
1772 struct iterate_data *data = cb_data;
1773 struct command **cmd_list = &data->cmds;
1774 struct command *cmd = *cmd_list;
1775
1776 for (; cmd; cmd = cmd->next) {
1777 if (shallow_update && data->si->shallow_ref[cmd->index])
1778 /* to be checked in update_shallow_ref() */
1779 continue;
1780 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1781 *cmd_list = cmd->next;
1782 return &cmd->new_oid;
1783 }
1784 }
1785 return NULL;
1786 }
1787
1788 static void reject_updates_to_hidden(struct command *commands)
1789 {
1790 struct strbuf refname_full = STRBUF_INIT;
1791 size_t prefix_len;
1792 struct command *cmd;
1793
1794 strbuf_addstr(&refname_full, get_git_namespace());
1795 prefix_len = refname_full.len;
1796
1797 for (cmd = commands; cmd; cmd = cmd->next) {
1798 if (cmd->error_string)
1799 continue;
1800
1801 strbuf_setlen(&refname_full, prefix_len);
1802 strbuf_addstr(&refname_full, cmd->ref_name);
1803
1804 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1805 continue;
1806 if (is_null_oid(&cmd->new_oid))
1807 cmd->error_string = "deny deleting a hidden ref";
1808 else
1809 cmd->error_string = "deny updating a hidden ref";
1810 }
1811
1812 strbuf_release(&refname_full);
1813 }
1814
1815 static int should_process_cmd(struct command *cmd)
1816 {
1817 return !cmd->error_string && !cmd->skip_update;
1818 }
1819
1820 static void warn_if_skipped_connectivity_check(struct command *commands,
1821 struct shallow_info *si)
1822 {
1823 struct command *cmd;
1824 int checked_connectivity = 1;
1825
1826 for (cmd = commands; cmd; cmd = cmd->next) {
1827 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1828 error("BUG: connectivity check has not been run on ref %s",
1829 cmd->ref_name);
1830 checked_connectivity = 0;
1831 }
1832 }
1833 if (!checked_connectivity)
1834 BUG("connectivity check skipped???");
1835 }
1836
1837 static void execute_commands_non_atomic(struct command *commands,
1838 struct shallow_info *si)
1839 {
1840 struct command *cmd;
1841 struct strbuf err = STRBUF_INIT;
1842
1843 for (cmd = commands; cmd; cmd = cmd->next) {
1844 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1845 continue;
1846
1847 transaction = ref_transaction_begin(&err);
1848 if (!transaction) {
1849 rp_error("%s", err.buf);
1850 strbuf_reset(&err);
1851 cmd->error_string = "transaction failed to start";
1852 continue;
1853 }
1854
1855 cmd->error_string = update(cmd, si);
1856
1857 if (!cmd->error_string
1858 && ref_transaction_commit(transaction, &err)) {
1859 rp_error("%s", err.buf);
1860 strbuf_reset(&err);
1861 cmd->error_string = "failed to update ref";
1862 }
1863 ref_transaction_free(transaction);
1864 }
1865 strbuf_release(&err);
1866 }
1867
1868 static void execute_commands_atomic(struct command *commands,
1869 struct shallow_info *si)
1870 {
1871 struct command *cmd;
1872 struct strbuf err = STRBUF_INIT;
1873 const char *reported_error = "atomic push failure";
1874
1875 transaction = ref_transaction_begin(&err);
1876 if (!transaction) {
1877 rp_error("%s", err.buf);
1878 strbuf_reset(&err);
1879 reported_error = "transaction failed to start";
1880 goto failure;
1881 }
1882
1883 for (cmd = commands; cmd; cmd = cmd->next) {
1884 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1885 continue;
1886
1887 cmd->error_string = update(cmd, si);
1888
1889 if (cmd->error_string)
1890 goto failure;
1891 }
1892
1893 if (ref_transaction_commit(transaction, &err)) {
1894 rp_error("%s", err.buf);
1895 reported_error = "atomic transaction failed";
1896 goto failure;
1897 }
1898 goto cleanup;
1899
1900 failure:
1901 for (cmd = commands; cmd; cmd = cmd->next)
1902 if (!cmd->error_string)
1903 cmd->error_string = reported_error;
1904
1905 cleanup:
1906 ref_transaction_free(transaction);
1907 strbuf_release(&err);
1908 }
1909
1910 static void execute_commands(struct command *commands,
1911 const char *unpacker_error,
1912 struct shallow_info *si,
1913 const struct string_list *push_options)
1914 {
1915 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1916 struct command *cmd;
1917 struct iterate_data data;
1918 struct async muxer;
1919 int err_fd = 0;
1920 int run_proc_receive = 0;
1921
1922 if (unpacker_error) {
1923 for (cmd = commands; cmd; cmd = cmd->next)
1924 cmd->error_string = "unpacker error";
1925 return;
1926 }
1927
1928 if (use_sideband) {
1929 memset(&muxer, 0, sizeof(muxer));
1930 muxer.proc = copy_to_sideband;
1931 muxer.in = -1;
1932 if (!start_async(&muxer))
1933 err_fd = muxer.in;
1934 /* ...else, continue without relaying sideband */
1935 }
1936
1937 data.cmds = commands;
1938 data.si = si;
1939 opt.err_fd = err_fd;
1940 opt.progress = err_fd && !quiet;
1941 opt.env = tmp_objdir_env(tmp_objdir);
1942 if (check_connected(iterate_receive_command_list, &data, &opt))
1943 set_connectivity_errors(commands, si);
1944
1945 if (use_sideband)
1946 finish_async(&muxer);
1947
1948 reject_updates_to_hidden(commands);
1949
1950 /*
1951 * Try to find commands that have special prefix in their reference names,
1952 * and mark them to run an external "proc-receive" hook later.
1953 */
1954 if (proc_receive_ref) {
1955 for (cmd = commands; cmd; cmd = cmd->next) {
1956 if (!should_process_cmd(cmd))
1957 continue;
1958
1959 if (proc_receive_ref_matches(cmd)) {
1960 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1961 run_proc_receive = 1;
1962 }
1963 }
1964 }
1965
1966 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1967 for (cmd = commands; cmd; cmd = cmd->next) {
1968 if (!cmd->error_string)
1969 cmd->error_string = "pre-receive hook declined";
1970 }
1971 return;
1972 }
1973
1974 /*
1975 * Now we'll start writing out refs, which means the objects need
1976 * to be in their final positions so that other processes can see them.
1977 */
1978 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1979 for (cmd = commands; cmd; cmd = cmd->next) {
1980 if (!cmd->error_string)
1981 cmd->error_string = "unable to migrate objects to permanent storage";
1982 }
1983 return;
1984 }
1985 tmp_objdir = NULL;
1986
1987 check_aliased_updates(commands);
1988
1989 free(head_name_to_free);
1990 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1991
1992 if (run_proc_receive &&
1993 run_proc_receive_hook(commands, push_options))
1994 for (cmd = commands; cmd; cmd = cmd->next)
1995 if (!cmd->error_string &&
1996 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1997 (cmd->run_proc_receive || use_atomic))
1998 cmd->error_string = "fail to run proc-receive hook";
1999
2000 if (use_atomic)
2001 execute_commands_atomic(commands, si);
2002 else
2003 execute_commands_non_atomic(commands, si);
2004
2005 if (shallow_update)
2006 warn_if_skipped_connectivity_check(commands, si);
2007 }
2008
2009 static struct command **queue_command(struct command **tail,
2010 const char *line,
2011 int linelen)
2012 {
2013 struct object_id old_oid, new_oid;
2014 struct command *cmd;
2015 const char *refname;
2016 int reflen;
2017 const char *p;
2018
2019 if (parse_oid_hex(line, &old_oid, &p) ||
2020 *p++ != ' ' ||
2021 parse_oid_hex(p, &new_oid, &p) ||
2022 *p++ != ' ')
2023 die("protocol error: expected old/new/ref, got '%s'", line);
2024
2025 refname = p;
2026 reflen = linelen - (p - line);
2027 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2028 oidcpy(&cmd->old_oid, &old_oid);
2029 oidcpy(&cmd->new_oid, &new_oid);
2030 *tail = cmd;
2031 return &cmd->next;
2032 }
2033
2034 static void queue_commands_from_cert(struct command **tail,
2035 struct strbuf *push_cert)
2036 {
2037 const char *boc, *eoc;
2038
2039 if (*tail)
2040 die("protocol error: got both push certificate and unsigned commands");
2041
2042 boc = strstr(push_cert->buf, "\n\n");
2043 if (!boc)
2044 die("malformed push certificate %.*s", 100, push_cert->buf);
2045 else
2046 boc += 2;
2047 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2048
2049 while (boc < eoc) {
2050 const char *eol = memchr(boc, '\n', eoc - boc);
2051 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2052 boc = eol ? eol + 1 : eoc;
2053 }
2054 }
2055
2056 static struct command *read_head_info(struct packet_reader *reader,
2057 struct oid_array *shallow)
2058 {
2059 struct command *commands = NULL;
2060 struct command **p = &commands;
2061 for (;;) {
2062 int linelen;
2063
2064 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2065 break;
2066
2067 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2068 struct object_id oid;
2069 if (get_oid_hex(reader->line + 8, &oid))
2070 die("protocol error: expected shallow sha, got '%s'",
2071 reader->line + 8);
2072 oid_array_append(shallow, &oid);
2073 continue;
2074 }
2075
2076 linelen = strlen(reader->line);
2077 if (linelen < reader->pktlen) {
2078 const char *feature_list = reader->line + linelen + 1;
2079 const char *hash = NULL;
2080 const char *client_sid;
2081 int len = 0;
2082 if (parse_feature_request(feature_list, "report-status"))
2083 report_status = 1;
2084 if (parse_feature_request(feature_list, "report-status-v2"))
2085 report_status_v2 = 1;
2086 if (parse_feature_request(feature_list, "side-band-64k"))
2087 use_sideband = LARGE_PACKET_MAX;
2088 if (parse_feature_request(feature_list, "quiet"))
2089 quiet = 1;
2090 if (advertise_atomic_push
2091 && parse_feature_request(feature_list, "atomic"))
2092 use_atomic = 1;
2093 if (advertise_push_options
2094 && parse_feature_request(feature_list, "push-options"))
2095 use_push_options = 1;
2096 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2097 if (!hash) {
2098 hash = hash_algos[GIT_HASH_SHA1].name;
2099 len = strlen(hash);
2100 }
2101 if (xstrncmpz(the_hash_algo->name, hash, len))
2102 die("error: unsupported object format '%s'", hash);
2103 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2104 if (client_sid) {
2105 char *sid = xstrndup(client_sid, len);
2106 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2107 free(sid);
2108 }
2109 }
2110
2111 if (!strcmp(reader->line, "push-cert")) {
2112 int true_flush = 0;
2113 int saved_options = reader->options;
2114 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2115
2116 for (;;) {
2117 packet_reader_read(reader);
2118 if (reader->status == PACKET_READ_FLUSH) {
2119 true_flush = 1;
2120 break;
2121 }
2122 if (reader->status != PACKET_READ_NORMAL) {
2123 die("protocol error: got an unexpected packet");
2124 }
2125 if (!strcmp(reader->line, "push-cert-end\n"))
2126 break; /* end of cert */
2127 strbuf_addstr(&push_cert, reader->line);
2128 }
2129 reader->options = saved_options;
2130
2131 if (true_flush)
2132 break;
2133 continue;
2134 }
2135
2136 p = queue_command(p, reader->line, linelen);
2137 }
2138
2139 if (push_cert.len)
2140 queue_commands_from_cert(p, &push_cert);
2141
2142 return commands;
2143 }
2144
2145 static void read_push_options(struct packet_reader *reader,
2146 struct string_list *options)
2147 {
2148 while (1) {
2149 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2150 break;
2151
2152 string_list_append(options, reader->line);
2153 }
2154 }
2155
2156 static const char *parse_pack_header(struct pack_header *hdr)
2157 {
2158 switch (read_pack_header(0, hdr)) {
2159 case PH_ERROR_EOF:
2160 return "eof before pack header was fully read";
2161
2162 case PH_ERROR_PACK_SIGNATURE:
2163 return "protocol error (pack signature mismatch detected)";
2164
2165 case PH_ERROR_PROTOCOL:
2166 return "protocol error (pack version unsupported)";
2167
2168 default:
2169 return "unknown error in parse_pack_header";
2170
2171 case 0:
2172 return NULL;
2173 }
2174 }
2175
2176 static const char *pack_lockfile;
2177
2178 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2179 {
2180 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2181 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2182 }
2183
2184 static const char *unpack(int err_fd, struct shallow_info *si)
2185 {
2186 struct pack_header hdr;
2187 const char *hdr_err;
2188 int status;
2189 struct child_process child = CHILD_PROCESS_INIT;
2190 int fsck_objects = (receive_fsck_objects >= 0
2191 ? receive_fsck_objects
2192 : transfer_fsck_objects >= 0
2193 ? transfer_fsck_objects
2194 : 0);
2195
2196 hdr_err = parse_pack_header(&hdr);
2197 if (hdr_err) {
2198 if (err_fd > 0)
2199 close(err_fd);
2200 return hdr_err;
2201 }
2202
2203 if (si->nr_ours || si->nr_theirs) {
2204 alt_shallow_file = setup_temporary_shallow(si->shallow);
2205 strvec_push(&child.args, "--shallow-file");
2206 strvec_push(&child.args, alt_shallow_file);
2207 }
2208
2209 tmp_objdir = tmp_objdir_create("incoming");
2210 if (!tmp_objdir) {
2211 if (err_fd > 0)
2212 close(err_fd);
2213 return "unable to create temporary object directory";
2214 }
2215 if (tmp_objdir)
2216 strvec_pushv(&child.env_array, tmp_objdir_env(tmp_objdir));
2217
2218 /*
2219 * Normally we just pass the tmp_objdir environment to the child
2220 * processes that do the heavy lifting, but we may need to see these
2221 * objects ourselves to set up shallow information.
2222 */
2223 tmp_objdir_add_as_alternate(tmp_objdir);
2224
2225 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2226 strvec_push(&child.args, "unpack-objects");
2227 push_header_arg(&child.args, &hdr);
2228 if (quiet)
2229 strvec_push(&child.args, "-q");
2230 if (fsck_objects)
2231 strvec_pushf(&child.args, "--strict%s",
2232 fsck_msg_types.buf);
2233 if (max_input_size)
2234 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2235 (uintmax_t)max_input_size);
2236 child.no_stdout = 1;
2237 child.err = err_fd;
2238 child.git_cmd = 1;
2239 status = run_command(&child);
2240 if (status)
2241 return "unpack-objects abnormal exit";
2242 } else {
2243 char hostname[HOST_NAME_MAX + 1];
2244
2245 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2246 push_header_arg(&child.args, &hdr);
2247
2248 if (xgethostname(hostname, sizeof(hostname)))
2249 xsnprintf(hostname, sizeof(hostname), "localhost");
2250 strvec_pushf(&child.args,
2251 "--keep=receive-pack %"PRIuMAX" on %s",
2252 (uintmax_t)getpid(),
2253 hostname);
2254
2255 if (!quiet && err_fd)
2256 strvec_push(&child.args, "--show-resolving-progress");
2257 if (use_sideband)
2258 strvec_push(&child.args, "--report-end-of-input");
2259 if (fsck_objects)
2260 strvec_pushf(&child.args, "--strict%s",
2261 fsck_msg_types.buf);
2262 if (!reject_thin)
2263 strvec_push(&child.args, "--fix-thin");
2264 if (max_input_size)
2265 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2266 (uintmax_t)max_input_size);
2267 child.out = -1;
2268 child.err = err_fd;
2269 child.git_cmd = 1;
2270 status = start_command(&child);
2271 if (status)
2272 return "index-pack fork failed";
2273 pack_lockfile = index_pack_lockfile(child.out, NULL);
2274 close(child.out);
2275 status = finish_command(&child);
2276 if (status)
2277 return "index-pack abnormal exit";
2278 reprepare_packed_git(the_repository);
2279 }
2280 return NULL;
2281 }
2282
2283 static const char *unpack_with_sideband(struct shallow_info *si)
2284 {
2285 struct async muxer;
2286 const char *ret;
2287
2288 if (!use_sideband)
2289 return unpack(0, si);
2290
2291 use_keepalive = KEEPALIVE_AFTER_NUL;
2292 memset(&muxer, 0, sizeof(muxer));
2293 muxer.proc = copy_to_sideband;
2294 muxer.in = -1;
2295 if (start_async(&muxer))
2296 return NULL;
2297
2298 ret = unpack(muxer.in, si);
2299
2300 finish_async(&muxer);
2301 return ret;
2302 }
2303
2304 static void prepare_shallow_update(struct shallow_info *si)
2305 {
2306 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2307
2308 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2309 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2310
2311 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2312 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2313 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2314
2315 for (i = 0; i < si->nr_ours; i++)
2316 si->need_reachability_test[si->ours[i]] = 1;
2317
2318 for (i = 0; i < si->shallow->nr; i++) {
2319 if (!si->used_shallow[i])
2320 continue;
2321 for (j = 0; j < bitmap_size; j++) {
2322 if (!si->used_shallow[i][j])
2323 continue;
2324 si->need_reachability_test[i]++;
2325 for (k = 0; k < 32; k++)
2326 if (si->used_shallow[i][j] & (1U << k))
2327 si->shallow_ref[j * 32 + k]++;
2328 }
2329
2330 /*
2331 * true for those associated with some refs and belong
2332 * in "ours" list aka "step 7 not done yet"
2333 */
2334 si->need_reachability_test[i] =
2335 si->need_reachability_test[i] > 1;
2336 }
2337
2338 /*
2339 * keep hooks happy by forcing a temporary shallow file via
2340 * env variable because we can't add --shallow-file to every
2341 * command. check_connected() will be done with
2342 * true .git/shallow though.
2343 */
2344 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2345 }
2346
2347 static void update_shallow_info(struct command *commands,
2348 struct shallow_info *si,
2349 struct oid_array *ref)
2350 {
2351 struct command *cmd;
2352 int *ref_status;
2353 remove_nonexistent_theirs_shallow(si);
2354 if (!si->nr_ours && !si->nr_theirs) {
2355 shallow_update = 0;
2356 return;
2357 }
2358
2359 for (cmd = commands; cmd; cmd = cmd->next) {
2360 if (is_null_oid(&cmd->new_oid))
2361 continue;
2362 oid_array_append(ref, &cmd->new_oid);
2363 cmd->index = ref->nr - 1;
2364 }
2365 si->ref = ref;
2366
2367 if (shallow_update) {
2368 prepare_shallow_update(si);
2369 return;
2370 }
2371
2372 ALLOC_ARRAY(ref_status, ref->nr);
2373 assign_shallow_commits_to_refs(si, NULL, ref_status);
2374 for (cmd = commands; cmd; cmd = cmd->next) {
2375 if (is_null_oid(&cmd->new_oid))
2376 continue;
2377 if (ref_status[cmd->index]) {
2378 cmd->error_string = "shallow update not allowed";
2379 cmd->skip_update = 1;
2380 }
2381 }
2382 free(ref_status);
2383 }
2384
2385 static void report(struct command *commands, const char *unpack_status)
2386 {
2387 struct command *cmd;
2388 struct strbuf buf = STRBUF_INIT;
2389
2390 packet_buf_write(&buf, "unpack %s\n",
2391 unpack_status ? unpack_status : "ok");
2392 for (cmd = commands; cmd; cmd = cmd->next) {
2393 if (!cmd->error_string)
2394 packet_buf_write(&buf, "ok %s\n",
2395 cmd->ref_name);
2396 else
2397 packet_buf_write(&buf, "ng %s %s\n",
2398 cmd->ref_name, cmd->error_string);
2399 }
2400 packet_buf_flush(&buf);
2401
2402 if (use_sideband)
2403 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2404 else
2405 write_or_die(1, buf.buf, buf.len);
2406 strbuf_release(&buf);
2407 }
2408
2409 static void report_v2(struct command *commands, const char *unpack_status)
2410 {
2411 struct command *cmd;
2412 struct strbuf buf = STRBUF_INIT;
2413 struct ref_push_report *report;
2414
2415 packet_buf_write(&buf, "unpack %s\n",
2416 unpack_status ? unpack_status : "ok");
2417 for (cmd = commands; cmd; cmd = cmd->next) {
2418 int count = 0;
2419
2420 if (cmd->error_string) {
2421 packet_buf_write(&buf, "ng %s %s\n",
2422 cmd->ref_name,
2423 cmd->error_string);
2424 continue;
2425 }
2426 packet_buf_write(&buf, "ok %s\n",
2427 cmd->ref_name);
2428 for (report = cmd->report; report; report = report->next) {
2429 if (count++ > 0)
2430 packet_buf_write(&buf, "ok %s\n",
2431 cmd->ref_name);
2432 if (report->ref_name)
2433 packet_buf_write(&buf, "option refname %s\n",
2434 report->ref_name);
2435 if (report->old_oid)
2436 packet_buf_write(&buf, "option old-oid %s\n",
2437 oid_to_hex(report->old_oid));
2438 if (report->new_oid)
2439 packet_buf_write(&buf, "option new-oid %s\n",
2440 oid_to_hex(report->new_oid));
2441 if (report->forced_update)
2442 packet_buf_write(&buf, "option forced-update\n");
2443 }
2444 }
2445 packet_buf_flush(&buf);
2446
2447 if (use_sideband)
2448 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2449 else
2450 write_or_die(1, buf.buf, buf.len);
2451 strbuf_release(&buf);
2452 }
2453
2454 static int delete_only(struct command *commands)
2455 {
2456 struct command *cmd;
2457 for (cmd = commands; cmd; cmd = cmd->next) {
2458 if (!is_null_oid(&cmd->new_oid))
2459 return 0;
2460 }
2461 return 1;
2462 }
2463
2464 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2465 {
2466 int advertise_refs = 0;
2467 struct command *commands;
2468 struct oid_array shallow = OID_ARRAY_INIT;
2469 struct oid_array ref = OID_ARRAY_INIT;
2470 struct shallow_info si;
2471 struct packet_reader reader;
2472
2473 struct option options[] = {
2474 OPT__QUIET(&quiet, N_("quiet")),
2475 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2476 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2477 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2478 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2479 OPT_END()
2480 };
2481
2482 packet_trace_identity("receive-pack");
2483
2484 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2485
2486 if (argc > 1)
2487 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2488 if (argc == 0)
2489 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2490
2491 service_dir = argv[0];
2492
2493 setup_path();
2494
2495 if (!enter_repo(service_dir, 0))
2496 die("'%s' does not appear to be a git repository", service_dir);
2497
2498 git_config(receive_pack_config, NULL);
2499 if (cert_nonce_seed)
2500 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2501
2502 if (0 <= transfer_unpack_limit)
2503 unpack_limit = transfer_unpack_limit;
2504 else if (0 <= receive_unpack_limit)
2505 unpack_limit = receive_unpack_limit;
2506
2507 switch (determine_protocol_version_server()) {
2508 case protocol_v2:
2509 /*
2510 * push support for protocol v2 has not been implemented yet,
2511 * so ignore the request to use v2 and fallback to using v0.
2512 */
2513 break;
2514 case protocol_v1:
2515 /*
2516 * v1 is just the original protocol with a version string,
2517 * so just fall through after writing the version string.
2518 */
2519 if (advertise_refs || !stateless_rpc)
2520 packet_write_fmt(1, "version 1\n");
2521
2522 /* fallthrough */
2523 case protocol_v0:
2524 break;
2525 case protocol_unknown_version:
2526 BUG("unknown protocol version");
2527 }
2528
2529 if (advertise_refs || !stateless_rpc) {
2530 write_head_info();
2531 }
2532 if (advertise_refs)
2533 return 0;
2534
2535 packet_reader_init(&reader, 0, NULL, 0,
2536 PACKET_READ_CHOMP_NEWLINE |
2537 PACKET_READ_DIE_ON_ERR_PACKET);
2538
2539 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2540 const char *unpack_status = NULL;
2541 struct string_list push_options = STRING_LIST_INIT_DUP;
2542
2543 if (use_push_options)
2544 read_push_options(&reader, &push_options);
2545 if (!check_cert_push_options(&push_options)) {
2546 struct command *cmd;
2547 for (cmd = commands; cmd; cmd = cmd->next)
2548 cmd->error_string = "inconsistent push options";
2549 }
2550
2551 prepare_shallow_info(&si, &shallow);
2552 if (!si.nr_ours && !si.nr_theirs)
2553 shallow_update = 0;
2554 if (!delete_only(commands)) {
2555 unpack_status = unpack_with_sideband(&si);
2556 update_shallow_info(commands, &si, &ref);
2557 }
2558 use_keepalive = KEEPALIVE_ALWAYS;
2559 execute_commands(commands, unpack_status, &si,
2560 &push_options);
2561 if (pack_lockfile)
2562 unlink_or_warn(pack_lockfile);
2563 sigchain_push(SIGPIPE, SIG_IGN);
2564 if (report_status_v2)
2565 report_v2(commands, unpack_status);
2566 else if (report_status)
2567 report(commands, unpack_status);
2568 sigchain_pop(SIGPIPE);
2569 run_receive_hook(commands, "post-receive", 1,
2570 &push_options);
2571 run_update_post_hook(commands);
2572 string_list_clear(&push_options, 0);
2573 if (auto_gc) {
2574 struct child_process proc = CHILD_PROCESS_INIT;
2575
2576 proc.no_stdin = 1;
2577 proc.stdout_to_stderr = 1;
2578 proc.err = use_sideband ? -1 : 0;
2579 proc.git_cmd = proc.close_object_store = 1;
2580 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2581 NULL);
2582
2583 if (!start_command(&proc)) {
2584 if (use_sideband)
2585 copy_to_sideband(proc.err, -1, NULL);
2586 finish_command(&proc);
2587 }
2588 }
2589 if (auto_update_server_info)
2590 update_server_info(0);
2591 clear_shallow_info(&si);
2592 }
2593 if (use_sideband)
2594 packet_flush(1);
2595 oid_array_clear(&shallow);
2596 oid_array_clear(&ref);
2597 free((void *)push_cert_nonce);
2598 return 0;
2599 }
Unnamed repository; edit this file 'description' to name the repository.