]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'en/fetch-negotiation-default-fix'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "hook.h"
11 #include "exec-cmd.h"
12 #include "commit.h"
13 #include "object.h"
14 #include "remote.h"
15 #include "connect.h"
16 #include "string-list.h"
17 #include "oid-array.h"
18 #include "connected.h"
19 #include "strvec.h"
20 #include "version.h"
21 #include "tag.h"
22 #include "gpg-interface.h"
23 #include "sigchain.h"
24 #include "fsck.h"
25 #include "tmp-objdir.h"
26 #include "oidset.h"
27 #include "packfile.h"
28 #include "object-store.h"
29 #include "protocol.h"
30 #include "commit-reach.h"
31 #include "worktree.h"
32 #include "shallow.h"
33
34 static const char * const receive_pack_usage[] = {
35 N_("git receive-pack <git-dir>"),
36 NULL
37 };
38
39 enum deny_action {
40 DENY_UNCONFIGURED,
41 DENY_IGNORE,
42 DENY_WARN,
43 DENY_REFUSE,
44 DENY_UPDATE_INSTEAD
45 };
46
47 static int deny_deletes;
48 static int deny_non_fast_forwards;
49 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
50 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
51 static int receive_fsck_objects = -1;
52 static int transfer_fsck_objects = -1;
53 static struct strbuf fsck_msg_types = STRBUF_INIT;
54 static int receive_unpack_limit = -1;
55 static int transfer_unpack_limit = -1;
56 static int advertise_atomic_push = 1;
57 static int advertise_push_options;
58 static int advertise_sid;
59 static int unpack_limit = 100;
60 static off_t max_input_size;
61 static int report_status;
62 static int report_status_v2;
63 static int use_sideband;
64 static int use_atomic;
65 static int use_push_options;
66 static int quiet;
67 static int prefer_ofs_delta = 1;
68 static int auto_update_server_info;
69 static int auto_gc = 1;
70 static int reject_thin;
71 static int stateless_rpc;
72 static const char *service_dir;
73 static const char *head_name;
74 static void *head_name_to_free;
75 static int sent_capabilities;
76 static int shallow_update;
77 static const char *alt_shallow_file;
78 static struct strbuf push_cert = STRBUF_INIT;
79 static struct object_id push_cert_oid;
80 static struct signature_check sigcheck;
81 static const char *push_cert_nonce;
82 static const char *cert_nonce_seed;
83
84 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
85 static const char *NONCE_BAD = "BAD";
86 static const char *NONCE_MISSING = "MISSING";
87 static const char *NONCE_OK = "OK";
88 static const char *NONCE_SLOP = "SLOP";
89 static const char *nonce_status;
90 static long nonce_stamp_slop;
91 static timestamp_t nonce_stamp_slop_limit;
92 static struct ref_transaction *transaction;
93
94 static enum {
95 KEEPALIVE_NEVER = 0,
96 KEEPALIVE_AFTER_NUL,
97 KEEPALIVE_ALWAYS
98 } use_keepalive;
99 static int keepalive_in_sec = 5;
100
101 static struct tmp_objdir *tmp_objdir;
102
103 static struct proc_receive_ref {
104 unsigned int want_add:1,
105 want_delete:1,
106 want_modify:1,
107 negative_ref:1;
108 char *ref_prefix;
109 struct proc_receive_ref *next;
110 } *proc_receive_ref;
111
112 static void proc_receive_ref_append(const char *prefix);
113
114 static enum deny_action parse_deny_action(const char *var, const char *value)
115 {
116 if (value) {
117 if (!strcasecmp(value, "ignore"))
118 return DENY_IGNORE;
119 if (!strcasecmp(value, "warn"))
120 return DENY_WARN;
121 if (!strcasecmp(value, "refuse"))
122 return DENY_REFUSE;
123 if (!strcasecmp(value, "updateinstead"))
124 return DENY_UPDATE_INSTEAD;
125 }
126 if (git_config_bool(var, value))
127 return DENY_REFUSE;
128 return DENY_IGNORE;
129 }
130
131 static int receive_pack_config(const char *var, const char *value, void *cb)
132 {
133 int status = parse_hide_refs_config(var, value, "receive");
134
135 if (status)
136 return status;
137
138 status = git_gpg_config(var, value, NULL);
139 if (status)
140 return status;
141
142 if (strcmp(var, "receive.denydeletes") == 0) {
143 deny_deletes = git_config_bool(var, value);
144 return 0;
145 }
146
147 if (strcmp(var, "receive.denynonfastforwards") == 0) {
148 deny_non_fast_forwards = git_config_bool(var, value);
149 return 0;
150 }
151
152 if (strcmp(var, "receive.unpacklimit") == 0) {
153 receive_unpack_limit = git_config_int(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "transfer.unpacklimit") == 0) {
158 transfer_unpack_limit = git_config_int(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsck.skiplist") == 0) {
163 const char *path;
164
165 if (git_config_pathname(&path, var, value))
166 return 1;
167 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
168 fsck_msg_types.len ? ',' : '=', path);
169 free((char *)path);
170 return 0;
171 }
172
173 if (skip_prefix(var, "receive.fsck.", &var)) {
174 if (is_valid_msg_type(var, value))
175 strbuf_addf(&fsck_msg_types, "%c%s=%s",
176 fsck_msg_types.len ? ',' : '=', var, value);
177 else
178 warning("skipping unknown msg id '%s'", var);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.fsckobjects") == 0) {
183 receive_fsck_objects = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "transfer.fsckobjects") == 0) {
188 transfer_fsck_objects = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (!strcmp(var, "receive.denycurrentbranch")) {
193 deny_current_branch = parse_deny_action(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.denydeletecurrent") == 0) {
198 deny_delete_current = parse_deny_action(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
203 prefer_ofs_delta = git_config_bool(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.updateserverinfo") == 0) {
208 auto_update_server_info = git_config_bool(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.autogc") == 0) {
213 auto_gc = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.shallowupdate") == 0) {
218 shallow_update = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.certnonceseed") == 0)
223 return git_config_string(&cert_nonce_seed, var, value);
224
225 if (strcmp(var, "receive.certnonceslop") == 0) {
226 nonce_stamp_slop_limit = git_config_ulong(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.advertiseatomic") == 0) {
231 advertise_atomic_push = git_config_bool(var, value);
232 return 0;
233 }
234
235 if (strcmp(var, "receive.advertisepushoptions") == 0) {
236 advertise_push_options = git_config_bool(var, value);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.keepalive") == 0) {
241 keepalive_in_sec = git_config_int(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.maxinputsize") == 0) {
246 max_input_size = git_config_int64(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.procreceiverefs") == 0) {
251 if (!value)
252 return config_error_nonbool(var);
253 proc_receive_ref_append(value);
254 return 0;
255 }
256
257 if (strcmp(var, "transfer.advertisesid") == 0) {
258 advertise_sid = git_config_bool(var, value);
259 return 0;
260 }
261
262 return git_default_config(var, value, cb);
263 }
264
265 static void show_ref(const char *path, const struct object_id *oid)
266 {
267 if (sent_capabilities) {
268 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
269 } else {
270 struct strbuf cap = STRBUF_INIT;
271
272 strbuf_addstr(&cap,
273 "report-status report-status-v2 delete-refs side-band-64k quiet");
274 if (advertise_atomic_push)
275 strbuf_addstr(&cap, " atomic");
276 if (prefer_ofs_delta)
277 strbuf_addstr(&cap, " ofs-delta");
278 if (push_cert_nonce)
279 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
280 if (advertise_push_options)
281 strbuf_addstr(&cap, " push-options");
282 if (advertise_sid)
283 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
284 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
285 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
286 packet_write_fmt(1, "%s %s%c%s\n",
287 oid_to_hex(oid), path, 0, cap.buf);
288 strbuf_release(&cap);
289 sent_capabilities = 1;
290 }
291 }
292
293 static int show_ref_cb(const char *path_full, const struct object_id *oid,
294 int flag, void *data)
295 {
296 struct oidset *seen = data;
297 const char *path = strip_namespace(path_full);
298
299 if (ref_is_hidden(path, path_full))
300 return 0;
301
302 /*
303 * Advertise refs outside our current namespace as ".have"
304 * refs, so that the client can use them to minimize data
305 * transfer but will otherwise ignore them.
306 */
307 if (!path) {
308 if (oidset_insert(seen, oid))
309 return 0;
310 path = ".have";
311 } else {
312 oidset_insert(seen, oid);
313 }
314 show_ref(path, oid);
315 return 0;
316 }
317
318 static void show_one_alternate_ref(const struct object_id *oid,
319 void *data)
320 {
321 struct oidset *seen = data;
322
323 if (oidset_insert(seen, oid))
324 return;
325
326 show_ref(".have", oid);
327 }
328
329 static void write_head_info(void)
330 {
331 static struct oidset seen = OIDSET_INIT;
332
333 for_each_ref(show_ref_cb, &seen);
334 for_each_alternate_ref(show_one_alternate_ref, &seen);
335 oidset_clear(&seen);
336 if (!sent_capabilities)
337 show_ref("capabilities^{}", null_oid());
338
339 advertise_shallow_grafts(1);
340
341 /* EOF */
342 packet_flush(1);
343 }
344
345 #define RUN_PROC_RECEIVE_SCHEDULED 1
346 #define RUN_PROC_RECEIVE_RETURNED 2
347 struct command {
348 struct command *next;
349 const char *error_string;
350 struct ref_push_report *report;
351 unsigned int skip_update:1,
352 did_not_exist:1,
353 run_proc_receive:2;
354 int index;
355 struct object_id old_oid;
356 struct object_id new_oid;
357 char ref_name[FLEX_ARRAY]; /* more */
358 };
359
360 static void proc_receive_ref_append(const char *prefix)
361 {
362 struct proc_receive_ref *ref_pattern;
363 char *p;
364 int len;
365
366 CALLOC_ARRAY(ref_pattern, 1);
367 p = strchr(prefix, ':');
368 if (p) {
369 while (prefix < p) {
370 if (*prefix == 'a')
371 ref_pattern->want_add = 1;
372 else if (*prefix == 'd')
373 ref_pattern->want_delete = 1;
374 else if (*prefix == 'm')
375 ref_pattern->want_modify = 1;
376 else if (*prefix == '!')
377 ref_pattern->negative_ref = 1;
378 prefix++;
379 }
380 prefix++;
381 } else {
382 ref_pattern->want_add = 1;
383 ref_pattern->want_delete = 1;
384 ref_pattern->want_modify = 1;
385 }
386 len = strlen(prefix);
387 while (len && prefix[len - 1] == '/')
388 len--;
389 ref_pattern->ref_prefix = xmemdupz(prefix, len);
390 if (!proc_receive_ref) {
391 proc_receive_ref = ref_pattern;
392 } else {
393 struct proc_receive_ref *end;
394
395 end = proc_receive_ref;
396 while (end->next)
397 end = end->next;
398 end->next = ref_pattern;
399 }
400 }
401
402 static int proc_receive_ref_matches(struct command *cmd)
403 {
404 struct proc_receive_ref *p;
405
406 if (!proc_receive_ref)
407 return 0;
408
409 for (p = proc_receive_ref; p; p = p->next) {
410 const char *match = p->ref_prefix;
411 const char *remains;
412
413 if (!p->want_add && is_null_oid(&cmd->old_oid))
414 continue;
415 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
416 continue;
417 else if (!p->want_modify &&
418 !is_null_oid(&cmd->old_oid) &&
419 !is_null_oid(&cmd->new_oid))
420 continue;
421
422 if (skip_prefix(cmd->ref_name, match, &remains) &&
423 (!*remains || *remains == '/')) {
424 if (!p->negative_ref)
425 return 1;
426 } else if (p->negative_ref) {
427 return 1;
428 }
429 }
430 return 0;
431 }
432
433 static void report_message(const char *prefix, const char *err, va_list params)
434 {
435 int sz;
436 char msg[4096];
437
438 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
439 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
440 if (sz > (sizeof(msg) - 1))
441 sz = sizeof(msg) - 1;
442 msg[sz++] = '\n';
443
444 if (use_sideband)
445 send_sideband(1, 2, msg, sz, use_sideband);
446 else
447 xwrite(2, msg, sz);
448 }
449
450 __attribute__((format (printf, 1, 2)))
451 static void rp_warning(const char *err, ...)
452 {
453 va_list params;
454 va_start(params, err);
455 report_message("warning: ", err, params);
456 va_end(params);
457 }
458
459 __attribute__((format (printf, 1, 2)))
460 static void rp_error(const char *err, ...)
461 {
462 va_list params;
463 va_start(params, err);
464 report_message("error: ", err, params);
465 va_end(params);
466 }
467
468 static int copy_to_sideband(int in, int out, void *arg)
469 {
470 char data[128];
471 int keepalive_active = 0;
472
473 if (keepalive_in_sec <= 0)
474 use_keepalive = KEEPALIVE_NEVER;
475 if (use_keepalive == KEEPALIVE_ALWAYS)
476 keepalive_active = 1;
477
478 while (1) {
479 ssize_t sz;
480
481 if (keepalive_active) {
482 struct pollfd pfd;
483 int ret;
484
485 pfd.fd = in;
486 pfd.events = POLLIN;
487 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
488
489 if (ret < 0) {
490 if (errno == EINTR)
491 continue;
492 else
493 break;
494 } else if (ret == 0) {
495 /* no data; send a keepalive packet */
496 static const char buf[] = "0005\1";
497 write_or_die(1, buf, sizeof(buf) - 1);
498 continue;
499 } /* else there is actual data to read */
500 }
501
502 sz = xread(in, data, sizeof(data));
503 if (sz <= 0)
504 break;
505
506 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
507 const char *p = memchr(data, '\0', sz);
508 if (p) {
509 /*
510 * The NUL tells us to start sending keepalives. Make
511 * sure we send any other data we read along
512 * with it.
513 */
514 keepalive_active = 1;
515 send_sideband(1, 2, data, p - data, use_sideband);
516 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
517 continue;
518 }
519 }
520
521 /*
522 * Either we're not looking for a NUL signal, or we didn't see
523 * it yet; just pass along the data.
524 */
525 send_sideband(1, 2, data, sz, use_sideband);
526 }
527 close(in);
528 return 0;
529 }
530
531 static void hmac_hash(unsigned char *out,
532 const char *key_in, size_t key_len,
533 const char *text, size_t text_len)
534 {
535 unsigned char key[GIT_MAX_BLKSZ];
536 unsigned char k_ipad[GIT_MAX_BLKSZ];
537 unsigned char k_opad[GIT_MAX_BLKSZ];
538 int i;
539 git_hash_ctx ctx;
540
541 /* RFC 2104 2. (1) */
542 memset(key, '\0', GIT_MAX_BLKSZ);
543 if (the_hash_algo->blksz < key_len) {
544 the_hash_algo->init_fn(&ctx);
545 the_hash_algo->update_fn(&ctx, key_in, key_len);
546 the_hash_algo->final_fn(key, &ctx);
547 } else {
548 memcpy(key, key_in, key_len);
549 }
550
551 /* RFC 2104 2. (2) & (5) */
552 for (i = 0; i < sizeof(key); i++) {
553 k_ipad[i] = key[i] ^ 0x36;
554 k_opad[i] = key[i] ^ 0x5c;
555 }
556
557 /* RFC 2104 2. (3) & (4) */
558 the_hash_algo->init_fn(&ctx);
559 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
560 the_hash_algo->update_fn(&ctx, text, text_len);
561 the_hash_algo->final_fn(out, &ctx);
562
563 /* RFC 2104 2. (6) & (7) */
564 the_hash_algo->init_fn(&ctx);
565 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
566 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
567 the_hash_algo->final_fn(out, &ctx);
568 }
569
570 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
571 {
572 struct strbuf buf = STRBUF_INIT;
573 unsigned char hash[GIT_MAX_RAWSZ];
574
575 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
576 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
577 strbuf_release(&buf);
578
579 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
580 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
581 return strbuf_detach(&buf, NULL);
582 }
583
584 static char *find_header(const char *msg, size_t len, const char *key,
585 const char **next_line)
586 {
587 size_t out_len;
588 const char *val = find_header_mem(msg, len, key, &out_len);
589
590 if (!val)
591 return NULL;
592
593 if (next_line)
594 *next_line = val + out_len + 1;
595
596 return xmemdupz(val, out_len);
597 }
598
599 /*
600 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
601 * This operation is guaranteed to run in constant time to avoid leaking data.
602 */
603 static int constant_memequal(const char *a, const char *b, size_t n)
604 {
605 int res = 0;
606 size_t i;
607
608 for (i = 0; i < n; i++)
609 res |= a[i] ^ b[i];
610 return res;
611 }
612
613 static const char *check_nonce(const char *buf, size_t len)
614 {
615 char *nonce = find_header(buf, len, "nonce", NULL);
616 timestamp_t stamp, ostamp;
617 char *bohmac, *expect = NULL;
618 const char *retval = NONCE_BAD;
619 size_t noncelen;
620
621 if (!nonce) {
622 retval = NONCE_MISSING;
623 goto leave;
624 } else if (!push_cert_nonce) {
625 retval = NONCE_UNSOLICITED;
626 goto leave;
627 } else if (!strcmp(push_cert_nonce, nonce)) {
628 retval = NONCE_OK;
629 goto leave;
630 }
631
632 if (!stateless_rpc) {
633 /* returned nonce MUST match what we gave out earlier */
634 retval = NONCE_BAD;
635 goto leave;
636 }
637
638 /*
639 * In stateless mode, we may be receiving a nonce issued by
640 * another instance of the server that serving the same
641 * repository, and the timestamps may not match, but the
642 * nonce-seed and dir should match, so we can recompute and
643 * report the time slop.
644 *
645 * In addition, when a nonce issued by another instance has
646 * timestamp within receive.certnonceslop seconds, we pretend
647 * as if we issued that nonce when reporting to the hook.
648 */
649
650 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
651 if (*nonce <= '0' || '9' < *nonce) {
652 retval = NONCE_BAD;
653 goto leave;
654 }
655 stamp = parse_timestamp(nonce, &bohmac, 10);
656 if (bohmac == nonce || bohmac[0] != '-') {
657 retval = NONCE_BAD;
658 goto leave;
659 }
660
661 noncelen = strlen(nonce);
662 expect = prepare_push_cert_nonce(service_dir, stamp);
663 if (noncelen != strlen(expect)) {
664 /* This is not even the right size. */
665 retval = NONCE_BAD;
666 goto leave;
667 }
668 if (constant_memequal(expect, nonce, noncelen)) {
669 /* Not what we would have signed earlier */
670 retval = NONCE_BAD;
671 goto leave;
672 }
673
674 /*
675 * By how many seconds is this nonce stale? Negative value
676 * would mean it was issued by another server with its clock
677 * skewed in the future.
678 */
679 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
680 nonce_stamp_slop = (long)ostamp - (long)stamp;
681
682 if (nonce_stamp_slop_limit &&
683 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
684 /*
685 * Pretend as if the received nonce (which passes the
686 * HMAC check, so it is not a forged by third-party)
687 * is what we issued.
688 */
689 free((void *)push_cert_nonce);
690 push_cert_nonce = xstrdup(nonce);
691 retval = NONCE_OK;
692 } else {
693 retval = NONCE_SLOP;
694 }
695
696 leave:
697 free(nonce);
698 free(expect);
699 return retval;
700 }
701
702 /*
703 * Return 1 if there is no push_cert or if the push options in push_cert are
704 * the same as those in the argument; 0 otherwise.
705 */
706 static int check_cert_push_options(const struct string_list *push_options)
707 {
708 const char *buf = push_cert.buf;
709 int len = push_cert.len;
710
711 char *option;
712 const char *next_line;
713 int options_seen = 0;
714
715 int retval = 1;
716
717 if (!len)
718 return 1;
719
720 while ((option = find_header(buf, len, "push-option", &next_line))) {
721 len -= (next_line - buf);
722 buf = next_line;
723 options_seen++;
724 if (options_seen > push_options->nr
725 || strcmp(option,
726 push_options->items[options_seen - 1].string)) {
727 retval = 0;
728 goto leave;
729 }
730 free(option);
731 }
732
733 if (options_seen != push_options->nr)
734 retval = 0;
735
736 leave:
737 free(option);
738 return retval;
739 }
740
741 static void prepare_push_cert_sha1(struct child_process *proc)
742 {
743 static int already_done;
744
745 if (!push_cert.len)
746 return;
747
748 if (!already_done) {
749 int bogs /* beginning_of_gpg_sig */;
750
751 already_done = 1;
752 if (write_object_file(push_cert.buf, push_cert.len, "blob",
753 &push_cert_oid))
754 oidclr(&push_cert_oid);
755
756 memset(&sigcheck, '\0', sizeof(sigcheck));
757
758 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
759 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
760 sigcheck.payload_len = bogs;
761 check_signature(&sigcheck, push_cert.buf + bogs,
762 push_cert.len - bogs);
763
764 nonce_status = check_nonce(push_cert.buf, bogs);
765 }
766 if (!is_null_oid(&push_cert_oid)) {
767 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
768 oid_to_hex(&push_cert_oid));
769 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
770 sigcheck.signer ? sigcheck.signer : "");
771 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
772 sigcheck.key ? sigcheck.key : "");
773 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
774 sigcheck.result);
775 if (push_cert_nonce) {
776 strvec_pushf(&proc->env_array,
777 "GIT_PUSH_CERT_NONCE=%s",
778 push_cert_nonce);
779 strvec_pushf(&proc->env_array,
780 "GIT_PUSH_CERT_NONCE_STATUS=%s",
781 nonce_status);
782 if (nonce_status == NONCE_SLOP)
783 strvec_pushf(&proc->env_array,
784 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
785 nonce_stamp_slop);
786 }
787 }
788 }
789
790 struct receive_hook_feed_state {
791 struct command *cmd;
792 struct ref_push_report *report;
793 int skip_broken;
794 struct strbuf buf;
795 const struct string_list *push_options;
796 };
797
798 typedef int (*feed_fn)(void *, const char **, size_t *);
799 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
800 struct receive_hook_feed_state *feed_state)
801 {
802 struct child_process proc = CHILD_PROCESS_INIT;
803 struct async muxer;
804 int code;
805 const char *hook_path = find_hook(hook_name);
806
807 if (!hook_path)
808 return 0;
809
810 strvec_push(&proc.args, hook_path);
811 proc.in = -1;
812 proc.stdout_to_stderr = 1;
813 proc.trace2_hook_name = hook_name;
814
815 if (feed_state->push_options) {
816 int i;
817 for (i = 0; i < feed_state->push_options->nr; i++)
818 strvec_pushf(&proc.env_array,
819 "GIT_PUSH_OPTION_%d=%s", i,
820 feed_state->push_options->items[i].string);
821 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
822 feed_state->push_options->nr);
823 } else
824 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
825
826 if (tmp_objdir)
827 strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
828
829 if (use_sideband) {
830 memset(&muxer, 0, sizeof(muxer));
831 muxer.proc = copy_to_sideband;
832 muxer.in = -1;
833 code = start_async(&muxer);
834 if (code)
835 return code;
836 proc.err = muxer.in;
837 }
838
839 prepare_push_cert_sha1(&proc);
840
841 code = start_command(&proc);
842 if (code) {
843 if (use_sideband)
844 finish_async(&muxer);
845 return code;
846 }
847
848 sigchain_push(SIGPIPE, SIG_IGN);
849
850 while (1) {
851 const char *buf;
852 size_t n;
853 if (feed(feed_state, &buf, &n))
854 break;
855 if (write_in_full(proc.in, buf, n) < 0)
856 break;
857 }
858 close(proc.in);
859 if (use_sideband)
860 finish_async(&muxer);
861
862 sigchain_pop(SIGPIPE);
863
864 return finish_command(&proc);
865 }
866
867 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
868 {
869 struct receive_hook_feed_state *state = state_;
870 struct command *cmd = state->cmd;
871
872 while (cmd &&
873 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
874 cmd = cmd->next;
875 if (!cmd)
876 return -1; /* EOF */
877 if (!bufp)
878 return 0; /* OK, can feed something. */
879 strbuf_reset(&state->buf);
880 if (!state->report)
881 state->report = cmd->report;
882 if (state->report) {
883 struct object_id *old_oid;
884 struct object_id *new_oid;
885 const char *ref_name;
886
887 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
888 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
889 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
890 strbuf_addf(&state->buf, "%s %s %s\n",
891 oid_to_hex(old_oid), oid_to_hex(new_oid),
892 ref_name);
893 state->report = state->report->next;
894 if (!state->report)
895 state->cmd = cmd->next;
896 } else {
897 strbuf_addf(&state->buf, "%s %s %s\n",
898 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
899 cmd->ref_name);
900 state->cmd = cmd->next;
901 }
902 if (bufp) {
903 *bufp = state->buf.buf;
904 *sizep = state->buf.len;
905 }
906 return 0;
907 }
908
909 static int run_receive_hook(struct command *commands,
910 const char *hook_name,
911 int skip_broken,
912 const struct string_list *push_options)
913 {
914 struct receive_hook_feed_state state;
915 int status;
916
917 strbuf_init(&state.buf, 0);
918 state.cmd = commands;
919 state.skip_broken = skip_broken;
920 state.report = NULL;
921 if (feed_receive_hook(&state, NULL, NULL))
922 return 0;
923 state.cmd = commands;
924 state.push_options = push_options;
925 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
926 strbuf_release(&state.buf);
927 return status;
928 }
929
930 static int run_update_hook(struct command *cmd)
931 {
932 struct child_process proc = CHILD_PROCESS_INIT;
933 int code;
934 const char *hook_path = find_hook("update");
935
936 if (!hook_path)
937 return 0;
938
939 strvec_push(&proc.args, hook_path);
940 strvec_push(&proc.args, cmd->ref_name);
941 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
942 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
943
944 proc.no_stdin = 1;
945 proc.stdout_to_stderr = 1;
946 proc.err = use_sideband ? -1 : 0;
947 proc.trace2_hook_name = "update";
948
949 code = start_command(&proc);
950 if (code)
951 return code;
952 if (use_sideband)
953 copy_to_sideband(proc.err, -1, NULL);
954 return finish_command(&proc);
955 }
956
957 static struct command *find_command_by_refname(struct command *list,
958 const char *refname)
959 {
960 for (; list; list = list->next)
961 if (!strcmp(list->ref_name, refname))
962 return list;
963 return NULL;
964 }
965
966 static int read_proc_receive_report(struct packet_reader *reader,
967 struct command *commands,
968 struct strbuf *errmsg)
969 {
970 struct command *cmd;
971 struct command *hint = NULL;
972 struct ref_push_report *report = NULL;
973 int new_report = 0;
974 int code = 0;
975 int once = 0;
976 int response = 0;
977
978 for (;;) {
979 struct object_id old_oid, new_oid;
980 const char *head;
981 const char *refname;
982 char *p;
983 enum packet_read_status status;
984
985 status = packet_reader_read(reader);
986 if (status != PACKET_READ_NORMAL) {
987 /* Check whether proc-receive exited abnormally */
988 if (status == PACKET_READ_EOF && !response) {
989 strbuf_addstr(errmsg, "proc-receive exited abnormally");
990 return -1;
991 }
992 break;
993 }
994 response++;
995
996 head = reader->line;
997 p = strchr(head, ' ');
998 if (!p) {
999 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1000 code = -1;
1001 continue;
1002 }
1003 *p++ = '\0';
1004 if (!strcmp(head, "option")) {
1005 const char *key, *val;
1006
1007 if (!hint || !(report || new_report)) {
1008 if (!once++)
1009 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1010 code = -1;
1011 continue;
1012 }
1013 if (new_report) {
1014 if (!hint->report) {
1015 CALLOC_ARRAY(hint->report, 1);
1016 report = hint->report;
1017 } else {
1018 report = hint->report;
1019 while (report->next)
1020 report = report->next;
1021 report->next = xcalloc(1, sizeof(struct ref_push_report));
1022 report = report->next;
1023 }
1024 new_report = 0;
1025 }
1026 key = p;
1027 p = strchr(key, ' ');
1028 if (p)
1029 *p++ = '\0';
1030 val = p;
1031 if (!strcmp(key, "refname"))
1032 report->ref_name = xstrdup_or_null(val);
1033 else if (!strcmp(key, "old-oid") && val &&
1034 !parse_oid_hex(val, &old_oid, &val))
1035 report->old_oid = oiddup(&old_oid);
1036 else if (!strcmp(key, "new-oid") && val &&
1037 !parse_oid_hex(val, &new_oid, &val))
1038 report->new_oid = oiddup(&new_oid);
1039 else if (!strcmp(key, "forced-update"))
1040 report->forced_update = 1;
1041 else if (!strcmp(key, "fall-through"))
1042 /* Fall through, let 'receive-pack' to execute it. */
1043 hint->run_proc_receive = 0;
1044 continue;
1045 }
1046
1047 report = NULL;
1048 new_report = 0;
1049 refname = p;
1050 p = strchr(refname, ' ');
1051 if (p)
1052 *p++ = '\0';
1053 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1054 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1055 head, refname);
1056 code = -1;
1057 continue;
1058 }
1059
1060 /* first try searching at our hint, falling back to all refs */
1061 if (hint)
1062 hint = find_command_by_refname(hint, refname);
1063 if (!hint)
1064 hint = find_command_by_refname(commands, refname);
1065 if (!hint) {
1066 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1067 refname);
1068 code = -1;
1069 continue;
1070 }
1071 if (!hint->run_proc_receive) {
1072 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1073 refname);
1074 code = -1;
1075 continue;
1076 }
1077 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1078 if (!strcmp(head, "ng")) {
1079 if (p)
1080 hint->error_string = xstrdup(p);
1081 else
1082 hint->error_string = "failed";
1083 code = -1;
1084 continue;
1085 }
1086 new_report = 1;
1087 }
1088
1089 for (cmd = commands; cmd; cmd = cmd->next)
1090 if (cmd->run_proc_receive && !cmd->error_string &&
1091 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1092 cmd->error_string = "proc-receive failed to report status";
1093 code = -1;
1094 }
1095 return code;
1096 }
1097
1098 static int run_proc_receive_hook(struct command *commands,
1099 const struct string_list *push_options)
1100 {
1101 struct child_process proc = CHILD_PROCESS_INIT;
1102 struct async muxer;
1103 struct command *cmd;
1104 struct packet_reader reader;
1105 struct strbuf cap = STRBUF_INIT;
1106 struct strbuf errmsg = STRBUF_INIT;
1107 int hook_use_push_options = 0;
1108 int version = 0;
1109 int code;
1110 const char *hook_path = find_hook("proc-receive");
1111
1112 if (!hook_path) {
1113 rp_error("cannot find hook 'proc-receive'");
1114 return -1;
1115 }
1116
1117 strvec_push(&proc.args, hook_path);
1118 proc.in = -1;
1119 proc.out = -1;
1120 proc.trace2_hook_name = "proc-receive";
1121
1122 if (use_sideband) {
1123 memset(&muxer, 0, sizeof(muxer));
1124 muxer.proc = copy_to_sideband;
1125 muxer.in = -1;
1126 code = start_async(&muxer);
1127 if (code)
1128 return code;
1129 proc.err = muxer.in;
1130 } else {
1131 proc.err = 0;
1132 }
1133
1134 code = start_command(&proc);
1135 if (code) {
1136 if (use_sideband)
1137 finish_async(&muxer);
1138 return code;
1139 }
1140
1141 sigchain_push(SIGPIPE, SIG_IGN);
1142
1143 /* Version negotiaton */
1144 packet_reader_init(&reader, proc.out, NULL, 0,
1145 PACKET_READ_CHOMP_NEWLINE |
1146 PACKET_READ_GENTLE_ON_EOF);
1147 if (use_atomic)
1148 strbuf_addstr(&cap, " atomic");
1149 if (use_push_options)
1150 strbuf_addstr(&cap, " push-options");
1151 if (cap.len) {
1152 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1153 strbuf_release(&cap);
1154 } else {
1155 code = packet_write_fmt_gently(proc.in, "version=1\n");
1156 }
1157 if (!code)
1158 code = packet_flush_gently(proc.in);
1159
1160 if (!code)
1161 for (;;) {
1162 int linelen;
1163 enum packet_read_status status;
1164
1165 status = packet_reader_read(&reader);
1166 if (status != PACKET_READ_NORMAL) {
1167 /* Check whether proc-receive exited abnormally */
1168 if (status == PACKET_READ_EOF)
1169 code = -1;
1170 break;
1171 }
1172
1173 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1174 version = atoi(reader.line + 8);
1175 linelen = strlen(reader.line);
1176 if (linelen < reader.pktlen) {
1177 const char *feature_list = reader.line + linelen + 1;
1178 if (parse_feature_request(feature_list, "push-options"))
1179 hook_use_push_options = 1;
1180 }
1181 }
1182 }
1183
1184 if (code) {
1185 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1186 goto cleanup;
1187 }
1188
1189 switch (version) {
1190 case 0:
1191 /* fallthrough */
1192 case 1:
1193 break;
1194 default:
1195 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1196 version);
1197 code = -1;
1198 goto cleanup;
1199 }
1200
1201 /* Send commands */
1202 for (cmd = commands; cmd; cmd = cmd->next) {
1203 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1204 continue;
1205 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1206 oid_to_hex(&cmd->old_oid),
1207 oid_to_hex(&cmd->new_oid),
1208 cmd->ref_name);
1209 if (code)
1210 break;
1211 }
1212 if (!code)
1213 code = packet_flush_gently(proc.in);
1214 if (code) {
1215 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1216 goto cleanup;
1217 }
1218
1219 /* Send push options */
1220 if (hook_use_push_options) {
1221 struct string_list_item *item;
1222
1223 for_each_string_list_item(item, push_options) {
1224 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1225 if (code)
1226 break;
1227 }
1228 if (!code)
1229 code = packet_flush_gently(proc.in);
1230 if (code) {
1231 strbuf_addstr(&errmsg,
1232 "fail to write push-options to proc-receive hook");
1233 goto cleanup;
1234 }
1235 }
1236
1237 /* Read result from proc-receive */
1238 code = read_proc_receive_report(&reader, commands, &errmsg);
1239
1240 cleanup:
1241 close(proc.in);
1242 close(proc.out);
1243 if (use_sideband)
1244 finish_async(&muxer);
1245 if (finish_command(&proc))
1246 code = -1;
1247 if (errmsg.len >0) {
1248 char *p = errmsg.buf;
1249
1250 p += errmsg.len - 1;
1251 if (*p == '\n')
1252 *p = '\0';
1253 rp_error("%s", errmsg.buf);
1254 strbuf_release(&errmsg);
1255 }
1256 sigchain_pop(SIGPIPE);
1257
1258 return code;
1259 }
1260
1261 static char *refuse_unconfigured_deny_msg =
1262 N_("By default, updating the current branch in a non-bare repository\n"
1263 "is denied, because it will make the index and work tree inconsistent\n"
1264 "with what you pushed, and will require 'git reset --hard' to match\n"
1265 "the work tree to HEAD.\n"
1266 "\n"
1267 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1268 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1269 "its current branch; however, this is not recommended unless you\n"
1270 "arranged to update its work tree to match what you pushed in some\n"
1271 "other way.\n"
1272 "\n"
1273 "To squelch this message and still keep the default behaviour, set\n"
1274 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1275
1276 static void refuse_unconfigured_deny(void)
1277 {
1278 rp_error("%s", _(refuse_unconfigured_deny_msg));
1279 }
1280
1281 static char *refuse_unconfigured_deny_delete_current_msg =
1282 N_("By default, deleting the current branch is denied, because the next\n"
1283 "'git clone' won't result in any file checked out, causing confusion.\n"
1284 "\n"
1285 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1286 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1287 "current branch, with or without a warning message.\n"
1288 "\n"
1289 "To squelch this message, you can set it to 'refuse'.");
1290
1291 static void refuse_unconfigured_deny_delete_current(void)
1292 {
1293 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1294 }
1295
1296 static const struct object_id *command_singleton_iterator(void *cb_data);
1297 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1298 {
1299 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1300 struct oid_array extra = OID_ARRAY_INIT;
1301 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1302 uint32_t mask = 1 << (cmd->index % 32);
1303 int i;
1304
1305 trace_printf_key(&trace_shallow,
1306 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1307 for (i = 0; i < si->shallow->nr; i++)
1308 if (si->used_shallow[i] &&
1309 (si->used_shallow[i][cmd->index / 32] & mask) &&
1310 !delayed_reachability_test(si, i))
1311 oid_array_append(&extra, &si->shallow->oid[i]);
1312
1313 opt.env = tmp_objdir_env(tmp_objdir);
1314 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1315 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1316 rollback_shallow_file(the_repository, &shallow_lock);
1317 oid_array_clear(&extra);
1318 return -1;
1319 }
1320
1321 commit_shallow_file(the_repository, &shallow_lock);
1322
1323 /*
1324 * Make sure setup_alternate_shallow() for the next ref does
1325 * not lose these new roots..
1326 */
1327 for (i = 0; i < extra.nr; i++)
1328 register_shallow(the_repository, &extra.oid[i]);
1329
1330 si->shallow_ref[cmd->index] = 0;
1331 oid_array_clear(&extra);
1332 return 0;
1333 }
1334
1335 /*
1336 * NEEDSWORK: we should consolidate various implementions of "are we
1337 * on an unborn branch?" test into one, and make the unified one more
1338 * robust. !get_sha1() based check used here and elsewhere would not
1339 * allow us to tell an unborn branch from corrupt ref, for example.
1340 * For the purpose of fixing "deploy-to-update does not work when
1341 * pushing into an empty repository" issue, this should suffice for
1342 * now.
1343 */
1344 static int head_has_history(void)
1345 {
1346 struct object_id oid;
1347
1348 return !get_oid("HEAD", &oid);
1349 }
1350
1351 static const char *push_to_deploy(unsigned char *sha1,
1352 struct strvec *env,
1353 const char *work_tree)
1354 {
1355 struct child_process child = CHILD_PROCESS_INIT;
1356
1357 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1358 "--refresh", NULL);
1359 strvec_pushv(&child.env_array, env->v);
1360 child.dir = work_tree;
1361 child.no_stdin = 1;
1362 child.stdout_to_stderr = 1;
1363 child.git_cmd = 1;
1364 if (run_command(&child))
1365 return "Up-to-date check failed";
1366
1367 /* run_command() does not clean up completely; reinitialize */
1368 child_process_init(&child);
1369 strvec_pushl(&child.args, "diff-files", "--quiet",
1370 "--ignore-submodules", "--", NULL);
1371 strvec_pushv(&child.env_array, env->v);
1372 child.dir = work_tree;
1373 child.no_stdin = 1;
1374 child.stdout_to_stderr = 1;
1375 child.git_cmd = 1;
1376 if (run_command(&child))
1377 return "Working directory has unstaged changes";
1378
1379 child_process_init(&child);
1380 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1381 "--ignore-submodules",
1382 /* diff-index with either HEAD or an empty tree */
1383 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1384 "--", NULL);
1385 strvec_pushv(&child.env_array, env->v);
1386 child.no_stdin = 1;
1387 child.no_stdout = 1;
1388 child.stdout_to_stderr = 0;
1389 child.git_cmd = 1;
1390 if (run_command(&child))
1391 return "Working directory has staged changes";
1392
1393 child_process_init(&child);
1394 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1395 NULL);
1396 strvec_pushv(&child.env_array, env->v);
1397 child.dir = work_tree;
1398 child.no_stdin = 1;
1399 child.no_stdout = 1;
1400 child.stdout_to_stderr = 0;
1401 child.git_cmd = 1;
1402 if (run_command(&child))
1403 return "Could not update working tree to new HEAD";
1404
1405 return NULL;
1406 }
1407
1408 static const char *push_to_checkout_hook = "push-to-checkout";
1409
1410 static const char *push_to_checkout(unsigned char *hash,
1411 struct strvec *env,
1412 const char *work_tree)
1413 {
1414 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1415
1416 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1417 strvec_pushv(&opt.env, env->v);
1418 strvec_push(&opt.args, hash_to_hex(hash));
1419 if (run_hooks_opt(push_to_checkout_hook, &opt))
1420 return "push-to-checkout hook declined";
1421 else
1422 return NULL;
1423 }
1424
1425 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1426 {
1427 const char *retval, *git_dir;
1428 struct strvec env = STRVEC_INIT;
1429
1430 if (!worktree || !worktree->path)
1431 BUG("worktree->path must be non-NULL");
1432
1433 if (worktree->is_bare)
1434 return "denyCurrentBranch = updateInstead needs a worktree";
1435 git_dir = get_worktree_git_dir(worktree);
1436
1437 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1438
1439 if (!hook_exists(push_to_checkout_hook))
1440 retval = push_to_deploy(sha1, &env, worktree->path);
1441 else
1442 retval = push_to_checkout(sha1, &env, worktree->path);
1443
1444 strvec_clear(&env);
1445 return retval;
1446 }
1447
1448 static const char *update(struct command *cmd, struct shallow_info *si)
1449 {
1450 const char *name = cmd->ref_name;
1451 struct strbuf namespaced_name_buf = STRBUF_INIT;
1452 static char *namespaced_name;
1453 const char *ret;
1454 struct object_id *old_oid = &cmd->old_oid;
1455 struct object_id *new_oid = &cmd->new_oid;
1456 int do_update_worktree = 0;
1457 struct worktree **worktrees = get_worktrees();
1458 const struct worktree *worktree =
1459 find_shared_symref(worktrees, "HEAD", name);
1460
1461 /* only refs/... are allowed */
1462 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1463 rp_error("refusing to create funny ref '%s' remotely", name);
1464 ret = "funny refname";
1465 goto out;
1466 }
1467
1468 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1469 free(namespaced_name);
1470 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1471
1472 if (worktree && !worktree->is_bare) {
1473 switch (deny_current_branch) {
1474 case DENY_IGNORE:
1475 break;
1476 case DENY_WARN:
1477 rp_warning("updating the current branch");
1478 break;
1479 case DENY_REFUSE:
1480 case DENY_UNCONFIGURED:
1481 rp_error("refusing to update checked out branch: %s", name);
1482 if (deny_current_branch == DENY_UNCONFIGURED)
1483 refuse_unconfigured_deny();
1484 ret = "branch is currently checked out";
1485 goto out;
1486 case DENY_UPDATE_INSTEAD:
1487 /* pass -- let other checks intervene first */
1488 do_update_worktree = 1;
1489 break;
1490 }
1491 }
1492
1493 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1494 error("unpack should have generated %s, "
1495 "but I can't find it!", oid_to_hex(new_oid));
1496 ret = "bad pack";
1497 goto out;
1498 }
1499
1500 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1501 if (deny_deletes && starts_with(name, "refs/heads/")) {
1502 rp_error("denying ref deletion for %s", name);
1503 ret = "deletion prohibited";
1504 goto out;
1505 }
1506
1507 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1508 switch (deny_delete_current) {
1509 case DENY_IGNORE:
1510 break;
1511 case DENY_WARN:
1512 rp_warning("deleting the current branch");
1513 break;
1514 case DENY_REFUSE:
1515 case DENY_UNCONFIGURED:
1516 case DENY_UPDATE_INSTEAD:
1517 if (deny_delete_current == DENY_UNCONFIGURED)
1518 refuse_unconfigured_deny_delete_current();
1519 rp_error("refusing to delete the current branch: %s", name);
1520 ret = "deletion of the current branch prohibited";
1521 goto out;
1522 default:
1523 ret = "Invalid denyDeleteCurrent setting";
1524 goto out;
1525 }
1526 }
1527 }
1528
1529 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1530 !is_null_oid(old_oid) &&
1531 starts_with(name, "refs/heads/")) {
1532 struct object *old_object, *new_object;
1533 struct commit *old_commit, *new_commit;
1534
1535 old_object = parse_object(the_repository, old_oid);
1536 new_object = parse_object(the_repository, new_oid);
1537
1538 if (!old_object || !new_object ||
1539 old_object->type != OBJ_COMMIT ||
1540 new_object->type != OBJ_COMMIT) {
1541 error("bad sha1 objects for %s", name);
1542 ret = "bad ref";
1543 goto out;
1544 }
1545 old_commit = (struct commit *)old_object;
1546 new_commit = (struct commit *)new_object;
1547 if (!in_merge_bases(old_commit, new_commit)) {
1548 rp_error("denying non-fast-forward %s"
1549 " (you should pull first)", name);
1550 ret = "non-fast-forward";
1551 goto out;
1552 }
1553 }
1554 if (run_update_hook(cmd)) {
1555 rp_error("hook declined to update %s", name);
1556 ret = "hook declined";
1557 goto out;
1558 }
1559
1560 if (do_update_worktree) {
1561 ret = update_worktree(new_oid->hash, worktree);
1562 if (ret)
1563 goto out;
1564 }
1565
1566 if (is_null_oid(new_oid)) {
1567 struct strbuf err = STRBUF_INIT;
1568 if (!parse_object(the_repository, old_oid)) {
1569 old_oid = NULL;
1570 if (ref_exists(name)) {
1571 rp_warning("allowing deletion of corrupt ref");
1572 } else {
1573 rp_warning("deleting a non-existent ref");
1574 cmd->did_not_exist = 1;
1575 }
1576 }
1577 if (ref_transaction_delete(transaction,
1578 namespaced_name,
1579 old_oid,
1580 0, "push", &err)) {
1581 rp_error("%s", err.buf);
1582 ret = "failed to delete";
1583 } else {
1584 ret = NULL; /* good */
1585 }
1586 strbuf_release(&err);
1587 }
1588 else {
1589 struct strbuf err = STRBUF_INIT;
1590 if (shallow_update && si->shallow_ref[cmd->index] &&
1591 update_shallow_ref(cmd, si)) {
1592 ret = "shallow error";
1593 goto out;
1594 }
1595
1596 if (ref_transaction_update(transaction,
1597 namespaced_name,
1598 new_oid, old_oid,
1599 0, "push",
1600 &err)) {
1601 rp_error("%s", err.buf);
1602 ret = "failed to update ref";
1603 } else {
1604 ret = NULL; /* good */
1605 }
1606 strbuf_release(&err);
1607 }
1608
1609 out:
1610 free_worktrees(worktrees);
1611 return ret;
1612 }
1613
1614 static void run_update_post_hook(struct command *commands)
1615 {
1616 struct command *cmd;
1617 struct child_process proc = CHILD_PROCESS_INIT;
1618 const char *hook;
1619
1620 hook = find_hook("post-update");
1621 if (!hook)
1622 return;
1623
1624 for (cmd = commands; cmd; cmd = cmd->next) {
1625 if (cmd->error_string || cmd->did_not_exist)
1626 continue;
1627 if (!proc.args.nr)
1628 strvec_push(&proc.args, hook);
1629 strvec_push(&proc.args, cmd->ref_name);
1630 }
1631 if (!proc.args.nr)
1632 return;
1633
1634 proc.no_stdin = 1;
1635 proc.stdout_to_stderr = 1;
1636 proc.err = use_sideband ? -1 : 0;
1637 proc.trace2_hook_name = "post-update";
1638
1639 if (!start_command(&proc)) {
1640 if (use_sideband)
1641 copy_to_sideband(proc.err, -1, NULL);
1642 finish_command(&proc);
1643 }
1644 }
1645
1646 static void check_aliased_update_internal(struct command *cmd,
1647 struct string_list *list,
1648 const char *dst_name, int flag)
1649 {
1650 struct string_list_item *item;
1651 struct command *dst_cmd;
1652
1653 if (!(flag & REF_ISSYMREF))
1654 return;
1655
1656 if (!dst_name) {
1657 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1658 cmd->skip_update = 1;
1659 cmd->error_string = "broken symref";
1660 return;
1661 }
1662 dst_name = strip_namespace(dst_name);
1663
1664 if ((item = string_list_lookup(list, dst_name)) == NULL)
1665 return;
1666
1667 cmd->skip_update = 1;
1668
1669 dst_cmd = (struct command *) item->util;
1670
1671 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1672 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1673 return;
1674
1675 dst_cmd->skip_update = 1;
1676
1677 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1678 " its target '%s' (%s..%s)",
1679 cmd->ref_name,
1680 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1681 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1682 dst_cmd->ref_name,
1683 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1684 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1685
1686 cmd->error_string = dst_cmd->error_string =
1687 "inconsistent aliased update";
1688 }
1689
1690 static void check_aliased_update(struct command *cmd, struct string_list *list)
1691 {
1692 struct strbuf buf = STRBUF_INIT;
1693 const char *dst_name;
1694 int flag;
1695
1696 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1697 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1698 check_aliased_update_internal(cmd, list, dst_name, flag);
1699 strbuf_release(&buf);
1700 }
1701
1702 static void check_aliased_updates(struct command *commands)
1703 {
1704 struct command *cmd;
1705 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1706
1707 for (cmd = commands; cmd; cmd = cmd->next) {
1708 struct string_list_item *item =
1709 string_list_append(&ref_list, cmd->ref_name);
1710 item->util = (void *)cmd;
1711 }
1712 string_list_sort(&ref_list);
1713
1714 for (cmd = commands; cmd; cmd = cmd->next) {
1715 if (!cmd->error_string)
1716 check_aliased_update(cmd, &ref_list);
1717 }
1718
1719 string_list_clear(&ref_list, 0);
1720 }
1721
1722 static const struct object_id *command_singleton_iterator(void *cb_data)
1723 {
1724 struct command **cmd_list = cb_data;
1725 struct command *cmd = *cmd_list;
1726
1727 if (!cmd || is_null_oid(&cmd->new_oid))
1728 return NULL;
1729 *cmd_list = NULL; /* this returns only one */
1730 return &cmd->new_oid;
1731 }
1732
1733 static void set_connectivity_errors(struct command *commands,
1734 struct shallow_info *si)
1735 {
1736 struct command *cmd;
1737
1738 for (cmd = commands; cmd; cmd = cmd->next) {
1739 struct command *singleton = cmd;
1740 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1741
1742 if (shallow_update && si->shallow_ref[cmd->index])
1743 /* to be checked in update_shallow_ref() */
1744 continue;
1745
1746 opt.env = tmp_objdir_env(tmp_objdir);
1747 if (!check_connected(command_singleton_iterator, &singleton,
1748 &opt))
1749 continue;
1750
1751 cmd->error_string = "missing necessary objects";
1752 }
1753 }
1754
1755 struct iterate_data {
1756 struct command *cmds;
1757 struct shallow_info *si;
1758 };
1759
1760 static const struct object_id *iterate_receive_command_list(void *cb_data)
1761 {
1762 struct iterate_data *data = cb_data;
1763 struct command **cmd_list = &data->cmds;
1764 struct command *cmd = *cmd_list;
1765
1766 for (; cmd; cmd = cmd->next) {
1767 if (shallow_update && data->si->shallow_ref[cmd->index])
1768 /* to be checked in update_shallow_ref() */
1769 continue;
1770 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1771 *cmd_list = cmd->next;
1772 return &cmd->new_oid;
1773 }
1774 }
1775 return NULL;
1776 }
1777
1778 static void reject_updates_to_hidden(struct command *commands)
1779 {
1780 struct strbuf refname_full = STRBUF_INIT;
1781 size_t prefix_len;
1782 struct command *cmd;
1783
1784 strbuf_addstr(&refname_full, get_git_namespace());
1785 prefix_len = refname_full.len;
1786
1787 for (cmd = commands; cmd; cmd = cmd->next) {
1788 if (cmd->error_string)
1789 continue;
1790
1791 strbuf_setlen(&refname_full, prefix_len);
1792 strbuf_addstr(&refname_full, cmd->ref_name);
1793
1794 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1795 continue;
1796 if (is_null_oid(&cmd->new_oid))
1797 cmd->error_string = "deny deleting a hidden ref";
1798 else
1799 cmd->error_string = "deny updating a hidden ref";
1800 }
1801
1802 strbuf_release(&refname_full);
1803 }
1804
1805 static int should_process_cmd(struct command *cmd)
1806 {
1807 return !cmd->error_string && !cmd->skip_update;
1808 }
1809
1810 static void warn_if_skipped_connectivity_check(struct command *commands,
1811 struct shallow_info *si)
1812 {
1813 struct command *cmd;
1814 int checked_connectivity = 1;
1815
1816 for (cmd = commands; cmd; cmd = cmd->next) {
1817 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1818 error("BUG: connectivity check has not been run on ref %s",
1819 cmd->ref_name);
1820 checked_connectivity = 0;
1821 }
1822 }
1823 if (!checked_connectivity)
1824 BUG("connectivity check skipped???");
1825 }
1826
1827 static void execute_commands_non_atomic(struct command *commands,
1828 struct shallow_info *si)
1829 {
1830 struct command *cmd;
1831 struct strbuf err = STRBUF_INIT;
1832
1833 for (cmd = commands; cmd; cmd = cmd->next) {
1834 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1835 continue;
1836
1837 transaction = ref_transaction_begin(&err);
1838 if (!transaction) {
1839 rp_error("%s", err.buf);
1840 strbuf_reset(&err);
1841 cmd->error_string = "transaction failed to start";
1842 continue;
1843 }
1844
1845 cmd->error_string = update(cmd, si);
1846
1847 if (!cmd->error_string
1848 && ref_transaction_commit(transaction, &err)) {
1849 rp_error("%s", err.buf);
1850 strbuf_reset(&err);
1851 cmd->error_string = "failed to update ref";
1852 }
1853 ref_transaction_free(transaction);
1854 }
1855 strbuf_release(&err);
1856 }
1857
1858 static void execute_commands_atomic(struct command *commands,
1859 struct shallow_info *si)
1860 {
1861 struct command *cmd;
1862 struct strbuf err = STRBUF_INIT;
1863 const char *reported_error = "atomic push failure";
1864
1865 transaction = ref_transaction_begin(&err);
1866 if (!transaction) {
1867 rp_error("%s", err.buf);
1868 strbuf_reset(&err);
1869 reported_error = "transaction failed to start";
1870 goto failure;
1871 }
1872
1873 for (cmd = commands; cmd; cmd = cmd->next) {
1874 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1875 continue;
1876
1877 cmd->error_string = update(cmd, si);
1878
1879 if (cmd->error_string)
1880 goto failure;
1881 }
1882
1883 if (ref_transaction_commit(transaction, &err)) {
1884 rp_error("%s", err.buf);
1885 reported_error = "atomic transaction failed";
1886 goto failure;
1887 }
1888 goto cleanup;
1889
1890 failure:
1891 for (cmd = commands; cmd; cmd = cmd->next)
1892 if (!cmd->error_string)
1893 cmd->error_string = reported_error;
1894
1895 cleanup:
1896 ref_transaction_free(transaction);
1897 strbuf_release(&err);
1898 }
1899
1900 static void execute_commands(struct command *commands,
1901 const char *unpacker_error,
1902 struct shallow_info *si,
1903 const struct string_list *push_options)
1904 {
1905 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1906 struct command *cmd;
1907 struct iterate_data data;
1908 struct async muxer;
1909 int err_fd = 0;
1910 int run_proc_receive = 0;
1911
1912 if (unpacker_error) {
1913 for (cmd = commands; cmd; cmd = cmd->next)
1914 cmd->error_string = "unpacker error";
1915 return;
1916 }
1917
1918 if (use_sideband) {
1919 memset(&muxer, 0, sizeof(muxer));
1920 muxer.proc = copy_to_sideband;
1921 muxer.in = -1;
1922 if (!start_async(&muxer))
1923 err_fd = muxer.in;
1924 /* ...else, continue without relaying sideband */
1925 }
1926
1927 data.cmds = commands;
1928 data.si = si;
1929 opt.err_fd = err_fd;
1930 opt.progress = err_fd && !quiet;
1931 opt.env = tmp_objdir_env(tmp_objdir);
1932 if (check_connected(iterate_receive_command_list, &data, &opt))
1933 set_connectivity_errors(commands, si);
1934
1935 if (use_sideband)
1936 finish_async(&muxer);
1937
1938 reject_updates_to_hidden(commands);
1939
1940 /*
1941 * Try to find commands that have special prefix in their reference names,
1942 * and mark them to run an external "proc-receive" hook later.
1943 */
1944 if (proc_receive_ref) {
1945 for (cmd = commands; cmd; cmd = cmd->next) {
1946 if (!should_process_cmd(cmd))
1947 continue;
1948
1949 if (proc_receive_ref_matches(cmd)) {
1950 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1951 run_proc_receive = 1;
1952 }
1953 }
1954 }
1955
1956 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1957 for (cmd = commands; cmd; cmd = cmd->next) {
1958 if (!cmd->error_string)
1959 cmd->error_string = "pre-receive hook declined";
1960 }
1961 return;
1962 }
1963
1964 /*
1965 * Now we'll start writing out refs, which means the objects need
1966 * to be in their final positions so that other processes can see them.
1967 */
1968 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1969 for (cmd = commands; cmd; cmd = cmd->next) {
1970 if (!cmd->error_string)
1971 cmd->error_string = "unable to migrate objects to permanent storage";
1972 }
1973 return;
1974 }
1975 tmp_objdir = NULL;
1976
1977 check_aliased_updates(commands);
1978
1979 free(head_name_to_free);
1980 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1981
1982 if (run_proc_receive &&
1983 run_proc_receive_hook(commands, push_options))
1984 for (cmd = commands; cmd; cmd = cmd->next)
1985 if (!cmd->error_string &&
1986 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1987 (cmd->run_proc_receive || use_atomic))
1988 cmd->error_string = "fail to run proc-receive hook";
1989
1990 if (use_atomic)
1991 execute_commands_atomic(commands, si);
1992 else
1993 execute_commands_non_atomic(commands, si);
1994
1995 if (shallow_update)
1996 warn_if_skipped_connectivity_check(commands, si);
1997 }
1998
1999 static struct command **queue_command(struct command **tail,
2000 const char *line,
2001 int linelen)
2002 {
2003 struct object_id old_oid, new_oid;
2004 struct command *cmd;
2005 const char *refname;
2006 int reflen;
2007 const char *p;
2008
2009 if (parse_oid_hex(line, &old_oid, &p) ||
2010 *p++ != ' ' ||
2011 parse_oid_hex(p, &new_oid, &p) ||
2012 *p++ != ' ')
2013 die("protocol error: expected old/new/ref, got '%s'", line);
2014
2015 refname = p;
2016 reflen = linelen - (p - line);
2017 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2018 oidcpy(&cmd->old_oid, &old_oid);
2019 oidcpy(&cmd->new_oid, &new_oid);
2020 *tail = cmd;
2021 return &cmd->next;
2022 }
2023
2024 static void queue_commands_from_cert(struct command **tail,
2025 struct strbuf *push_cert)
2026 {
2027 const char *boc, *eoc;
2028
2029 if (*tail)
2030 die("protocol error: got both push certificate and unsigned commands");
2031
2032 boc = strstr(push_cert->buf, "\n\n");
2033 if (!boc)
2034 die("malformed push certificate %.*s", 100, push_cert->buf);
2035 else
2036 boc += 2;
2037 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2038
2039 while (boc < eoc) {
2040 const char *eol = memchr(boc, '\n', eoc - boc);
2041 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2042 boc = eol ? eol + 1 : eoc;
2043 }
2044 }
2045
2046 static struct command *read_head_info(struct packet_reader *reader,
2047 struct oid_array *shallow)
2048 {
2049 struct command *commands = NULL;
2050 struct command **p = &commands;
2051 for (;;) {
2052 int linelen;
2053
2054 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2055 break;
2056
2057 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2058 struct object_id oid;
2059 if (get_oid_hex(reader->line + 8, &oid))
2060 die("protocol error: expected shallow sha, got '%s'",
2061 reader->line + 8);
2062 oid_array_append(shallow, &oid);
2063 continue;
2064 }
2065
2066 linelen = strlen(reader->line);
2067 if (linelen < reader->pktlen) {
2068 const char *feature_list = reader->line + linelen + 1;
2069 const char *hash = NULL;
2070 const char *client_sid;
2071 int len = 0;
2072 if (parse_feature_request(feature_list, "report-status"))
2073 report_status = 1;
2074 if (parse_feature_request(feature_list, "report-status-v2"))
2075 report_status_v2 = 1;
2076 if (parse_feature_request(feature_list, "side-band-64k"))
2077 use_sideband = LARGE_PACKET_MAX;
2078 if (parse_feature_request(feature_list, "quiet"))
2079 quiet = 1;
2080 if (advertise_atomic_push
2081 && parse_feature_request(feature_list, "atomic"))
2082 use_atomic = 1;
2083 if (advertise_push_options
2084 && parse_feature_request(feature_list, "push-options"))
2085 use_push_options = 1;
2086 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2087 if (!hash) {
2088 hash = hash_algos[GIT_HASH_SHA1].name;
2089 len = strlen(hash);
2090 }
2091 if (xstrncmpz(the_hash_algo->name, hash, len))
2092 die("error: unsupported object format '%s'", hash);
2093 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2094 if (client_sid) {
2095 char *sid = xstrndup(client_sid, len);
2096 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2097 free(sid);
2098 }
2099 }
2100
2101 if (!strcmp(reader->line, "push-cert")) {
2102 int true_flush = 0;
2103 int saved_options = reader->options;
2104 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2105
2106 for (;;) {
2107 packet_reader_read(reader);
2108 if (reader->status == PACKET_READ_FLUSH) {
2109 true_flush = 1;
2110 break;
2111 }
2112 if (reader->status != PACKET_READ_NORMAL) {
2113 die("protocol error: got an unexpected packet");
2114 }
2115 if (!strcmp(reader->line, "push-cert-end\n"))
2116 break; /* end of cert */
2117 strbuf_addstr(&push_cert, reader->line);
2118 }
2119 reader->options = saved_options;
2120
2121 if (true_flush)
2122 break;
2123 continue;
2124 }
2125
2126 p = queue_command(p, reader->line, linelen);
2127 }
2128
2129 if (push_cert.len)
2130 queue_commands_from_cert(p, &push_cert);
2131
2132 return commands;
2133 }
2134
2135 static void read_push_options(struct packet_reader *reader,
2136 struct string_list *options)
2137 {
2138 while (1) {
2139 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2140 break;
2141
2142 string_list_append(options, reader->line);
2143 }
2144 }
2145
2146 static const char *parse_pack_header(struct pack_header *hdr)
2147 {
2148 switch (read_pack_header(0, hdr)) {
2149 case PH_ERROR_EOF:
2150 return "eof before pack header was fully read";
2151
2152 case PH_ERROR_PACK_SIGNATURE:
2153 return "protocol error (pack signature mismatch detected)";
2154
2155 case PH_ERROR_PROTOCOL:
2156 return "protocol error (pack version unsupported)";
2157
2158 default:
2159 return "unknown error in parse_pack_header";
2160
2161 case 0:
2162 return NULL;
2163 }
2164 }
2165
2166 static const char *pack_lockfile;
2167
2168 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2169 {
2170 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2171 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2172 }
2173
2174 static const char *unpack(int err_fd, struct shallow_info *si)
2175 {
2176 struct pack_header hdr;
2177 const char *hdr_err;
2178 int status;
2179 struct child_process child = CHILD_PROCESS_INIT;
2180 int fsck_objects = (receive_fsck_objects >= 0
2181 ? receive_fsck_objects
2182 : transfer_fsck_objects >= 0
2183 ? transfer_fsck_objects
2184 : 0);
2185
2186 hdr_err = parse_pack_header(&hdr);
2187 if (hdr_err) {
2188 if (err_fd > 0)
2189 close(err_fd);
2190 return hdr_err;
2191 }
2192
2193 if (si->nr_ours || si->nr_theirs) {
2194 alt_shallow_file = setup_temporary_shallow(si->shallow);
2195 strvec_push(&child.args, "--shallow-file");
2196 strvec_push(&child.args, alt_shallow_file);
2197 }
2198
2199 tmp_objdir = tmp_objdir_create("incoming");
2200 if (!tmp_objdir) {
2201 if (err_fd > 0)
2202 close(err_fd);
2203 return "unable to create temporary object directory";
2204 }
2205 if (tmp_objdir)
2206 strvec_pushv(&child.env_array, tmp_objdir_env(tmp_objdir));
2207
2208 /*
2209 * Normally we just pass the tmp_objdir environment to the child
2210 * processes that do the heavy lifting, but we may need to see these
2211 * objects ourselves to set up shallow information.
2212 */
2213 tmp_objdir_add_as_alternate(tmp_objdir);
2214
2215 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2216 strvec_push(&child.args, "unpack-objects");
2217 push_header_arg(&child.args, &hdr);
2218 if (quiet)
2219 strvec_push(&child.args, "-q");
2220 if (fsck_objects)
2221 strvec_pushf(&child.args, "--strict%s",
2222 fsck_msg_types.buf);
2223 if (max_input_size)
2224 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2225 (uintmax_t)max_input_size);
2226 child.no_stdout = 1;
2227 child.err = err_fd;
2228 child.git_cmd = 1;
2229 status = run_command(&child);
2230 if (status)
2231 return "unpack-objects abnormal exit";
2232 } else {
2233 char hostname[HOST_NAME_MAX + 1];
2234
2235 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2236 push_header_arg(&child.args, &hdr);
2237
2238 if (xgethostname(hostname, sizeof(hostname)))
2239 xsnprintf(hostname, sizeof(hostname), "localhost");
2240 strvec_pushf(&child.args,
2241 "--keep=receive-pack %"PRIuMAX" on %s",
2242 (uintmax_t)getpid(),
2243 hostname);
2244
2245 if (!quiet && err_fd)
2246 strvec_push(&child.args, "--show-resolving-progress");
2247 if (use_sideband)
2248 strvec_push(&child.args, "--report-end-of-input");
2249 if (fsck_objects)
2250 strvec_pushf(&child.args, "--strict%s",
2251 fsck_msg_types.buf);
2252 if (!reject_thin)
2253 strvec_push(&child.args, "--fix-thin");
2254 if (max_input_size)
2255 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2256 (uintmax_t)max_input_size);
2257 child.out = -1;
2258 child.err = err_fd;
2259 child.git_cmd = 1;
2260 status = start_command(&child);
2261 if (status)
2262 return "index-pack fork failed";
2263 pack_lockfile = index_pack_lockfile(child.out, NULL);
2264 close(child.out);
2265 status = finish_command(&child);
2266 if (status)
2267 return "index-pack abnormal exit";
2268 reprepare_packed_git(the_repository);
2269 }
2270 return NULL;
2271 }
2272
2273 static const char *unpack_with_sideband(struct shallow_info *si)
2274 {
2275 struct async muxer;
2276 const char *ret;
2277
2278 if (!use_sideband)
2279 return unpack(0, si);
2280
2281 use_keepalive = KEEPALIVE_AFTER_NUL;
2282 memset(&muxer, 0, sizeof(muxer));
2283 muxer.proc = copy_to_sideband;
2284 muxer.in = -1;
2285 if (start_async(&muxer))
2286 return NULL;
2287
2288 ret = unpack(muxer.in, si);
2289
2290 finish_async(&muxer);
2291 return ret;
2292 }
2293
2294 static void prepare_shallow_update(struct shallow_info *si)
2295 {
2296 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2297
2298 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2299 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2300
2301 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2302 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2303 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2304
2305 for (i = 0; i < si->nr_ours; i++)
2306 si->need_reachability_test[si->ours[i]] = 1;
2307
2308 for (i = 0; i < si->shallow->nr; i++) {
2309 if (!si->used_shallow[i])
2310 continue;
2311 for (j = 0; j < bitmap_size; j++) {
2312 if (!si->used_shallow[i][j])
2313 continue;
2314 si->need_reachability_test[i]++;
2315 for (k = 0; k < 32; k++)
2316 if (si->used_shallow[i][j] & (1U << k))
2317 si->shallow_ref[j * 32 + k]++;
2318 }
2319
2320 /*
2321 * true for those associated with some refs and belong
2322 * in "ours" list aka "step 7 not done yet"
2323 */
2324 si->need_reachability_test[i] =
2325 si->need_reachability_test[i] > 1;
2326 }
2327
2328 /*
2329 * keep hooks happy by forcing a temporary shallow file via
2330 * env variable because we can't add --shallow-file to every
2331 * command. check_connected() will be done with
2332 * true .git/shallow though.
2333 */
2334 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2335 }
2336
2337 static void update_shallow_info(struct command *commands,
2338 struct shallow_info *si,
2339 struct oid_array *ref)
2340 {
2341 struct command *cmd;
2342 int *ref_status;
2343 remove_nonexistent_theirs_shallow(si);
2344 if (!si->nr_ours && !si->nr_theirs) {
2345 shallow_update = 0;
2346 return;
2347 }
2348
2349 for (cmd = commands; cmd; cmd = cmd->next) {
2350 if (is_null_oid(&cmd->new_oid))
2351 continue;
2352 oid_array_append(ref, &cmd->new_oid);
2353 cmd->index = ref->nr - 1;
2354 }
2355 si->ref = ref;
2356
2357 if (shallow_update) {
2358 prepare_shallow_update(si);
2359 return;
2360 }
2361
2362 ALLOC_ARRAY(ref_status, ref->nr);
2363 assign_shallow_commits_to_refs(si, NULL, ref_status);
2364 for (cmd = commands; cmd; cmd = cmd->next) {
2365 if (is_null_oid(&cmd->new_oid))
2366 continue;
2367 if (ref_status[cmd->index]) {
2368 cmd->error_string = "shallow update not allowed";
2369 cmd->skip_update = 1;
2370 }
2371 }
2372 free(ref_status);
2373 }
2374
2375 static void report(struct command *commands, const char *unpack_status)
2376 {
2377 struct command *cmd;
2378 struct strbuf buf = STRBUF_INIT;
2379
2380 packet_buf_write(&buf, "unpack %s\n",
2381 unpack_status ? unpack_status : "ok");
2382 for (cmd = commands; cmd; cmd = cmd->next) {
2383 if (!cmd->error_string)
2384 packet_buf_write(&buf, "ok %s\n",
2385 cmd->ref_name);
2386 else
2387 packet_buf_write(&buf, "ng %s %s\n",
2388 cmd->ref_name, cmd->error_string);
2389 }
2390 packet_buf_flush(&buf);
2391
2392 if (use_sideband)
2393 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2394 else
2395 write_or_die(1, buf.buf, buf.len);
2396 strbuf_release(&buf);
2397 }
2398
2399 static void report_v2(struct command *commands, const char *unpack_status)
2400 {
2401 struct command *cmd;
2402 struct strbuf buf = STRBUF_INIT;
2403 struct ref_push_report *report;
2404
2405 packet_buf_write(&buf, "unpack %s\n",
2406 unpack_status ? unpack_status : "ok");
2407 for (cmd = commands; cmd; cmd = cmd->next) {
2408 int count = 0;
2409
2410 if (cmd->error_string) {
2411 packet_buf_write(&buf, "ng %s %s\n",
2412 cmd->ref_name,
2413 cmd->error_string);
2414 continue;
2415 }
2416 packet_buf_write(&buf, "ok %s\n",
2417 cmd->ref_name);
2418 for (report = cmd->report; report; report = report->next) {
2419 if (count++ > 0)
2420 packet_buf_write(&buf, "ok %s\n",
2421 cmd->ref_name);
2422 if (report->ref_name)
2423 packet_buf_write(&buf, "option refname %s\n",
2424 report->ref_name);
2425 if (report->old_oid)
2426 packet_buf_write(&buf, "option old-oid %s\n",
2427 oid_to_hex(report->old_oid));
2428 if (report->new_oid)
2429 packet_buf_write(&buf, "option new-oid %s\n",
2430 oid_to_hex(report->new_oid));
2431 if (report->forced_update)
2432 packet_buf_write(&buf, "option forced-update\n");
2433 }
2434 }
2435 packet_buf_flush(&buf);
2436
2437 if (use_sideband)
2438 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2439 else
2440 write_or_die(1, buf.buf, buf.len);
2441 strbuf_release(&buf);
2442 }
2443
2444 static int delete_only(struct command *commands)
2445 {
2446 struct command *cmd;
2447 for (cmd = commands; cmd; cmd = cmd->next) {
2448 if (!is_null_oid(&cmd->new_oid))
2449 return 0;
2450 }
2451 return 1;
2452 }
2453
2454 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2455 {
2456 int advertise_refs = 0;
2457 struct command *commands;
2458 struct oid_array shallow = OID_ARRAY_INIT;
2459 struct oid_array ref = OID_ARRAY_INIT;
2460 struct shallow_info si;
2461 struct packet_reader reader;
2462
2463 struct option options[] = {
2464 OPT__QUIET(&quiet, N_("quiet")),
2465 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2466 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2467 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2468 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2469 OPT_END()
2470 };
2471
2472 packet_trace_identity("receive-pack");
2473
2474 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2475
2476 if (argc > 1)
2477 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2478 if (argc == 0)
2479 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2480
2481 service_dir = argv[0];
2482
2483 setup_path();
2484
2485 if (!enter_repo(service_dir, 0))
2486 die("'%s' does not appear to be a git repository", service_dir);
2487
2488 git_config(receive_pack_config, NULL);
2489 if (cert_nonce_seed)
2490 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2491
2492 if (0 <= transfer_unpack_limit)
2493 unpack_limit = transfer_unpack_limit;
2494 else if (0 <= receive_unpack_limit)
2495 unpack_limit = receive_unpack_limit;
2496
2497 switch (determine_protocol_version_server()) {
2498 case protocol_v2:
2499 /*
2500 * push support for protocol v2 has not been implemented yet,
2501 * so ignore the request to use v2 and fallback to using v0.
2502 */
2503 break;
2504 case protocol_v1:
2505 /*
2506 * v1 is just the original protocol with a version string,
2507 * so just fall through after writing the version string.
2508 */
2509 if (advertise_refs || !stateless_rpc)
2510 packet_write_fmt(1, "version 1\n");
2511
2512 /* fallthrough */
2513 case protocol_v0:
2514 break;
2515 case protocol_unknown_version:
2516 BUG("unknown protocol version");
2517 }
2518
2519 if (advertise_refs || !stateless_rpc) {
2520 write_head_info();
2521 }
2522 if (advertise_refs)
2523 return 0;
2524
2525 packet_reader_init(&reader, 0, NULL, 0,
2526 PACKET_READ_CHOMP_NEWLINE |
2527 PACKET_READ_DIE_ON_ERR_PACKET);
2528
2529 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2530 const char *unpack_status = NULL;
2531 struct string_list push_options = STRING_LIST_INIT_DUP;
2532
2533 if (use_push_options)
2534 read_push_options(&reader, &push_options);
2535 if (!check_cert_push_options(&push_options)) {
2536 struct command *cmd;
2537 for (cmd = commands; cmd; cmd = cmd->next)
2538 cmd->error_string = "inconsistent push options";
2539 }
2540
2541 prepare_shallow_info(&si, &shallow);
2542 if (!si.nr_ours && !si.nr_theirs)
2543 shallow_update = 0;
2544 if (!delete_only(commands)) {
2545 unpack_status = unpack_with_sideband(&si);
2546 update_shallow_info(commands, &si, &ref);
2547 }
2548 use_keepalive = KEEPALIVE_ALWAYS;
2549 execute_commands(commands, unpack_status, &si,
2550 &push_options);
2551 if (pack_lockfile)
2552 unlink_or_warn(pack_lockfile);
2553 sigchain_push(SIGPIPE, SIG_IGN);
2554 if (report_status_v2)
2555 report_v2(commands, unpack_status);
2556 else if (report_status)
2557 report(commands, unpack_status);
2558 sigchain_pop(SIGPIPE);
2559 run_receive_hook(commands, "post-receive", 1,
2560 &push_options);
2561 run_update_post_hook(commands);
2562 string_list_clear(&push_options, 0);
2563 if (auto_gc) {
2564 struct child_process proc = CHILD_PROCESS_INIT;
2565
2566 proc.no_stdin = 1;
2567 proc.stdout_to_stderr = 1;
2568 proc.err = use_sideband ? -1 : 0;
2569 proc.git_cmd = proc.close_object_store = 1;
2570 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2571 NULL);
2572
2573 if (!start_command(&proc)) {
2574 if (use_sideband)
2575 copy_to_sideband(proc.err, -1, NULL);
2576 finish_command(&proc);
2577 }
2578 }
2579 if (auto_update_server_info)
2580 update_server_info(0);
2581 clear_shallow_info(&si);
2582 }
2583 if (use_sideband)
2584 packet_flush(1);
2585 oid_array_clear(&shallow);
2586 oid_array_clear(&ref);
2587 free((void *)push_cert_nonce);
2588 return 0;
2589 }
Unnamed repository; edit this file 'description' to name the repository.