]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
t9117: prefer test_path_* helper functions
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "environment.h"
6 #include "gettext.h"
7 #include "hex.h"
8 #include "lockfile.h"
9 #include "pack.h"
10 #include "refs.h"
11 #include "pkt-line.h"
12 #include "sideband.h"
13 #include "run-command.h"
14 #include "hook.h"
15 #include "exec-cmd.h"
16 #include "commit.h"
17 #include "object.h"
18 #include "remote.h"
19 #include "connect.h"
20 #include "string-list.h"
21 #include "oid-array.h"
22 #include "connected.h"
23 #include "strvec.h"
24 #include "version.h"
25 #include "gpg-interface.h"
26 #include "sigchain.h"
27 #include "fsck.h"
28 #include "tmp-objdir.h"
29 #include "oidset.h"
30 #include "packfile.h"
31 #include "object-name.h"
32 #include "object-store-ll.h"
33 #include "path.h"
34 #include "protocol.h"
35 #include "commit-reach.h"
36 #include "server-info.h"
37 #include "trace.h"
38 #include "trace2.h"
39 #include "worktree.h"
40 #include "shallow.h"
41 #include "parse-options.h"
42
43 static const char * const receive_pack_usage[] = {
44 N_("git receive-pack <git-dir>"),
45 NULL
46 };
47
48 enum deny_action {
49 DENY_UNCONFIGURED,
50 DENY_IGNORE,
51 DENY_WARN,
52 DENY_REFUSE,
53 DENY_UPDATE_INSTEAD
54 };
55
56 static int deny_deletes;
57 static int deny_non_fast_forwards;
58 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
59 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
60 static int receive_fsck_objects = -1;
61 static int transfer_fsck_objects = -1;
62 static struct strbuf fsck_msg_types = STRBUF_INIT;
63 static int receive_unpack_limit = -1;
64 static int transfer_unpack_limit = -1;
65 static int advertise_atomic_push = 1;
66 static int advertise_push_options;
67 static int advertise_sid;
68 static int unpack_limit = 100;
69 static off_t max_input_size;
70 static int report_status;
71 static int report_status_v2;
72 static int use_sideband;
73 static int use_atomic;
74 static int use_push_options;
75 static int quiet;
76 static int prefer_ofs_delta = 1;
77 static int auto_update_server_info;
78 static int auto_gc = 1;
79 static int reject_thin;
80 static int stateless_rpc;
81 static const char *service_dir;
82 static const char *head_name;
83 static void *head_name_to_free;
84 static int sent_capabilities;
85 static int shallow_update;
86 static const char *alt_shallow_file;
87 static struct strbuf push_cert = STRBUF_INIT;
88 static struct object_id push_cert_oid;
89 static struct signature_check sigcheck;
90 static const char *push_cert_nonce;
91 static const char *cert_nonce_seed;
92 static struct strvec hidden_refs = STRVEC_INIT;
93
94 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
95 static const char *NONCE_BAD = "BAD";
96 static const char *NONCE_MISSING = "MISSING";
97 static const char *NONCE_OK = "OK";
98 static const char *NONCE_SLOP = "SLOP";
99 static const char *nonce_status;
100 static long nonce_stamp_slop;
101 static timestamp_t nonce_stamp_slop_limit;
102 static struct ref_transaction *transaction;
103
104 static enum {
105 KEEPALIVE_NEVER = 0,
106 KEEPALIVE_AFTER_NUL,
107 KEEPALIVE_ALWAYS
108 } use_keepalive;
109 static int keepalive_in_sec = 5;
110
111 static struct tmp_objdir *tmp_objdir;
112
113 static struct proc_receive_ref {
114 unsigned int want_add:1,
115 want_delete:1,
116 want_modify:1,
117 negative_ref:1;
118 char *ref_prefix;
119 struct proc_receive_ref *next;
120 } *proc_receive_ref;
121
122 static void proc_receive_ref_append(const char *prefix);
123
124 static enum deny_action parse_deny_action(const char *var, const char *value)
125 {
126 if (value) {
127 if (!strcasecmp(value, "ignore"))
128 return DENY_IGNORE;
129 if (!strcasecmp(value, "warn"))
130 return DENY_WARN;
131 if (!strcasecmp(value, "refuse"))
132 return DENY_REFUSE;
133 if (!strcasecmp(value, "updateinstead"))
134 return DENY_UPDATE_INSTEAD;
135 }
136 if (git_config_bool(var, value))
137 return DENY_REFUSE;
138 return DENY_IGNORE;
139 }
140
141 static int receive_pack_config(const char *var, const char *value,
142 const struct config_context *ctx, void *cb)
143 {
144 const char *msg_id;
145 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
146
147 if (status)
148 return status;
149
150 if (strcmp(var, "receive.denydeletes") == 0) {
151 deny_deletes = git_config_bool(var, value);
152 return 0;
153 }
154
155 if (strcmp(var, "receive.denynonfastforwards") == 0) {
156 deny_non_fast_forwards = git_config_bool(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "receive.unpacklimit") == 0) {
161 receive_unpack_limit = git_config_int(var, value, ctx->kvi);
162 return 0;
163 }
164
165 if (strcmp(var, "transfer.unpacklimit") == 0) {
166 transfer_unpack_limit = git_config_int(var, value, ctx->kvi);
167 return 0;
168 }
169
170 if (strcmp(var, "receive.fsck.skiplist") == 0) {
171 const char *path;
172
173 if (git_config_pathname(&path, var, value))
174 return 1;
175 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
176 fsck_msg_types.len ? ',' : '=', path);
177 free((char *)path);
178 return 0;
179 }
180
181 if (skip_prefix(var, "receive.fsck.", &msg_id)) {
182 if (!value)
183 return config_error_nonbool(var);
184 if (is_valid_msg_type(msg_id, value))
185 strbuf_addf(&fsck_msg_types, "%c%s=%s",
186 fsck_msg_types.len ? ',' : '=', msg_id, value);
187 else
188 warning("skipping unknown msg id '%s'", msg_id);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.fsckobjects") == 0) {
193 receive_fsck_objects = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "transfer.fsckobjects") == 0) {
198 transfer_fsck_objects = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (!strcmp(var, "receive.denycurrentbranch")) {
203 deny_current_branch = parse_deny_action(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.denydeletecurrent") == 0) {
208 deny_delete_current = parse_deny_action(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
213 prefer_ofs_delta = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.updateserverinfo") == 0) {
218 auto_update_server_info = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.autogc") == 0) {
223 auto_gc = git_config_bool(var, value);
224 return 0;
225 }
226
227 if (strcmp(var, "receive.shallowupdate") == 0) {
228 shallow_update = git_config_bool(var, value);
229 return 0;
230 }
231
232 if (strcmp(var, "receive.certnonceseed") == 0)
233 return git_config_string(&cert_nonce_seed, var, value);
234
235 if (strcmp(var, "receive.certnonceslop") == 0) {
236 nonce_stamp_slop_limit = git_config_ulong(var, value, ctx->kvi);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.advertiseatomic") == 0) {
241 advertise_atomic_push = git_config_bool(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.advertisepushoptions") == 0) {
246 advertise_push_options = git_config_bool(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.keepalive") == 0) {
251 keepalive_in_sec = git_config_int(var, value, ctx->kvi);
252 return 0;
253 }
254
255 if (strcmp(var, "receive.maxinputsize") == 0) {
256 max_input_size = git_config_int64(var, value, ctx->kvi);
257 return 0;
258 }
259
260 if (strcmp(var, "receive.procreceiverefs") == 0) {
261 if (!value)
262 return config_error_nonbool(var);
263 proc_receive_ref_append(value);
264 return 0;
265 }
266
267 if (strcmp(var, "transfer.advertisesid") == 0) {
268 advertise_sid = git_config_bool(var, value);
269 return 0;
270 }
271
272 return git_default_config(var, value, ctx, cb);
273 }
274
275 static void show_ref(const char *path, const struct object_id *oid)
276 {
277 if (sent_capabilities) {
278 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
279 } else {
280 struct strbuf cap = STRBUF_INIT;
281
282 strbuf_addstr(&cap,
283 "report-status report-status-v2 delete-refs side-band-64k quiet");
284 if (advertise_atomic_push)
285 strbuf_addstr(&cap, " atomic");
286 if (prefer_ofs_delta)
287 strbuf_addstr(&cap, " ofs-delta");
288 if (push_cert_nonce)
289 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
290 if (advertise_push_options)
291 strbuf_addstr(&cap, " push-options");
292 if (advertise_sid)
293 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
294 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
295 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
296 packet_write_fmt(1, "%s %s%c%s\n",
297 oid_to_hex(oid), path, 0, cap.buf);
298 strbuf_release(&cap);
299 sent_capabilities = 1;
300 }
301 }
302
303 static int show_ref_cb(const char *path_full, const struct object_id *oid,
304 int flag UNUSED, void *data)
305 {
306 struct oidset *seen = data;
307 const char *path = strip_namespace(path_full);
308
309 if (ref_is_hidden(path, path_full, &hidden_refs))
310 return 0;
311
312 /*
313 * Advertise refs outside our current namespace as ".have"
314 * refs, so that the client can use them to minimize data
315 * transfer but will otherwise ignore them.
316 */
317 if (!path) {
318 if (oidset_insert(seen, oid))
319 return 0;
320 path = ".have";
321 } else {
322 oidset_insert(seen, oid);
323 }
324 show_ref(path, oid);
325 return 0;
326 }
327
328 static void show_one_alternate_ref(const struct object_id *oid,
329 void *data)
330 {
331 struct oidset *seen = data;
332
333 if (oidset_insert(seen, oid))
334 return;
335
336 show_ref(".have", oid);
337 }
338
339 static void write_head_info(void)
340 {
341 static struct oidset seen = OIDSET_INIT;
342
343 refs_for_each_fullref_in(get_main_ref_store(the_repository), "",
344 hidden_refs_to_excludes(&hidden_refs),
345 show_ref_cb, &seen);
346 for_each_alternate_ref(show_one_alternate_ref, &seen);
347 oidset_clear(&seen);
348 if (!sent_capabilities)
349 show_ref("capabilities^{}", null_oid());
350
351 advertise_shallow_grafts(1);
352
353 /* EOF */
354 packet_flush(1);
355 }
356
357 #define RUN_PROC_RECEIVE_SCHEDULED 1
358 #define RUN_PROC_RECEIVE_RETURNED 2
359 struct command {
360 struct command *next;
361 const char *error_string;
362 struct ref_push_report *report;
363 unsigned int skip_update:1,
364 did_not_exist:1,
365 run_proc_receive:2;
366 int index;
367 struct object_id old_oid;
368 struct object_id new_oid;
369 char ref_name[FLEX_ARRAY]; /* more */
370 };
371
372 static void proc_receive_ref_append(const char *prefix)
373 {
374 struct proc_receive_ref *ref_pattern;
375 char *p;
376 int len;
377
378 CALLOC_ARRAY(ref_pattern, 1);
379 p = strchr(prefix, ':');
380 if (p) {
381 while (prefix < p) {
382 if (*prefix == 'a')
383 ref_pattern->want_add = 1;
384 else if (*prefix == 'd')
385 ref_pattern->want_delete = 1;
386 else if (*prefix == 'm')
387 ref_pattern->want_modify = 1;
388 else if (*prefix == '!')
389 ref_pattern->negative_ref = 1;
390 prefix++;
391 }
392 prefix++;
393 } else {
394 ref_pattern->want_add = 1;
395 ref_pattern->want_delete = 1;
396 ref_pattern->want_modify = 1;
397 }
398 len = strlen(prefix);
399 while (len && prefix[len - 1] == '/')
400 len--;
401 ref_pattern->ref_prefix = xmemdupz(prefix, len);
402 if (!proc_receive_ref) {
403 proc_receive_ref = ref_pattern;
404 } else {
405 struct proc_receive_ref *end;
406
407 end = proc_receive_ref;
408 while (end->next)
409 end = end->next;
410 end->next = ref_pattern;
411 }
412 }
413
414 static int proc_receive_ref_matches(struct command *cmd)
415 {
416 struct proc_receive_ref *p;
417
418 if (!proc_receive_ref)
419 return 0;
420
421 for (p = proc_receive_ref; p; p = p->next) {
422 const char *match = p->ref_prefix;
423 const char *remains;
424
425 if (!p->want_add && is_null_oid(&cmd->old_oid))
426 continue;
427 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
428 continue;
429 else if (!p->want_modify &&
430 !is_null_oid(&cmd->old_oid) &&
431 !is_null_oid(&cmd->new_oid))
432 continue;
433
434 if (skip_prefix(cmd->ref_name, match, &remains) &&
435 (!*remains || *remains == '/')) {
436 if (!p->negative_ref)
437 return 1;
438 } else if (p->negative_ref) {
439 return 1;
440 }
441 }
442 return 0;
443 }
444
445 static void report_message(const char *prefix, const char *err, va_list params)
446 {
447 int sz;
448 char msg[4096];
449
450 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
451 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
452 if (sz > (sizeof(msg) - 1))
453 sz = sizeof(msg) - 1;
454 msg[sz++] = '\n';
455
456 if (use_sideband)
457 send_sideband(1, 2, msg, sz, use_sideband);
458 else
459 xwrite(2, msg, sz);
460 }
461
462 __attribute__((format (printf, 1, 2)))
463 static void rp_warning(const char *err, ...)
464 {
465 va_list params;
466 va_start(params, err);
467 report_message("warning: ", err, params);
468 va_end(params);
469 }
470
471 __attribute__((format (printf, 1, 2)))
472 static void rp_error(const char *err, ...)
473 {
474 va_list params;
475 va_start(params, err);
476 report_message("error: ", err, params);
477 va_end(params);
478 }
479
480 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
481 {
482 char data[128];
483 int keepalive_active = 0;
484
485 if (keepalive_in_sec <= 0)
486 use_keepalive = KEEPALIVE_NEVER;
487 if (use_keepalive == KEEPALIVE_ALWAYS)
488 keepalive_active = 1;
489
490 while (1) {
491 ssize_t sz;
492
493 if (keepalive_active) {
494 struct pollfd pfd;
495 int ret;
496
497 pfd.fd = in;
498 pfd.events = POLLIN;
499 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
500
501 if (ret < 0) {
502 if (errno == EINTR)
503 continue;
504 else
505 break;
506 } else if (ret == 0) {
507 /* no data; send a keepalive packet */
508 static const char buf[] = "0005\1";
509 write_or_die(1, buf, sizeof(buf) - 1);
510 continue;
511 } /* else there is actual data to read */
512 }
513
514 sz = xread(in, data, sizeof(data));
515 if (sz <= 0)
516 break;
517
518 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
519 const char *p = memchr(data, '\0', sz);
520 if (p) {
521 /*
522 * The NUL tells us to start sending keepalives. Make
523 * sure we send any other data we read along
524 * with it.
525 */
526 keepalive_active = 1;
527 send_sideband(1, 2, data, p - data, use_sideband);
528 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
529 continue;
530 }
531 }
532
533 /*
534 * Either we're not looking for a NUL signal, or we didn't see
535 * it yet; just pass along the data.
536 */
537 send_sideband(1, 2, data, sz, use_sideband);
538 }
539 close(in);
540 return 0;
541 }
542
543 static void hmac_hash(unsigned char *out,
544 const char *key_in, size_t key_len,
545 const char *text, size_t text_len)
546 {
547 unsigned char key[GIT_MAX_BLKSZ];
548 unsigned char k_ipad[GIT_MAX_BLKSZ];
549 unsigned char k_opad[GIT_MAX_BLKSZ];
550 int i;
551 git_hash_ctx ctx;
552
553 /* RFC 2104 2. (1) */
554 memset(key, '\0', GIT_MAX_BLKSZ);
555 if (the_hash_algo->blksz < key_len) {
556 the_hash_algo->init_fn(&ctx);
557 the_hash_algo->update_fn(&ctx, key_in, key_len);
558 the_hash_algo->final_fn(key, &ctx);
559 } else {
560 memcpy(key, key_in, key_len);
561 }
562
563 /* RFC 2104 2. (2) & (5) */
564 for (i = 0; i < sizeof(key); i++) {
565 k_ipad[i] = key[i] ^ 0x36;
566 k_opad[i] = key[i] ^ 0x5c;
567 }
568
569 /* RFC 2104 2. (3) & (4) */
570 the_hash_algo->init_fn(&ctx);
571 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
572 the_hash_algo->update_fn(&ctx, text, text_len);
573 the_hash_algo->final_fn(out, &ctx);
574
575 /* RFC 2104 2. (6) & (7) */
576 the_hash_algo->init_fn(&ctx);
577 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
578 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
579 the_hash_algo->final_fn(out, &ctx);
580 }
581
582 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
583 {
584 struct strbuf buf = STRBUF_INIT;
585 unsigned char hash[GIT_MAX_RAWSZ];
586
587 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
588 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
589 strbuf_release(&buf);
590
591 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
592 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
593 return strbuf_detach(&buf, NULL);
594 }
595
596 /*
597 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
598 * This operation is guaranteed to run in constant time to avoid leaking data.
599 */
600 static int constant_memequal(const char *a, const char *b, size_t n)
601 {
602 int res = 0;
603 size_t i;
604
605 for (i = 0; i < n; i++)
606 res |= a[i] ^ b[i];
607 return res;
608 }
609
610 static const char *check_nonce(const char *buf)
611 {
612 size_t noncelen;
613 const char *found = find_commit_header(buf, "nonce", &noncelen);
614 char *nonce = found ? xmemdupz(found, noncelen) : NULL;
615 timestamp_t stamp, ostamp;
616 char *bohmac, *expect = NULL;
617 const char *retval = NONCE_BAD;
618
619 if (!nonce) {
620 retval = NONCE_MISSING;
621 goto leave;
622 } else if (!push_cert_nonce) {
623 retval = NONCE_UNSOLICITED;
624 goto leave;
625 } else if (!strcmp(push_cert_nonce, nonce)) {
626 retval = NONCE_OK;
627 goto leave;
628 }
629
630 if (!stateless_rpc) {
631 /* returned nonce MUST match what we gave out earlier */
632 retval = NONCE_BAD;
633 goto leave;
634 }
635
636 /*
637 * In stateless mode, we may be receiving a nonce issued by
638 * another instance of the server that serving the same
639 * repository, and the timestamps may not match, but the
640 * nonce-seed and dir should match, so we can recompute and
641 * report the time slop.
642 *
643 * In addition, when a nonce issued by another instance has
644 * timestamp within receive.certnonceslop seconds, we pretend
645 * as if we issued that nonce when reporting to the hook.
646 */
647
648 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
649 if (*nonce <= '0' || '9' < *nonce) {
650 retval = NONCE_BAD;
651 goto leave;
652 }
653 stamp = parse_timestamp(nonce, &bohmac, 10);
654 if (bohmac == nonce || bohmac[0] != '-') {
655 retval = NONCE_BAD;
656 goto leave;
657 }
658
659 expect = prepare_push_cert_nonce(service_dir, stamp);
660 if (noncelen != strlen(expect)) {
661 /* This is not even the right size. */
662 retval = NONCE_BAD;
663 goto leave;
664 }
665 if (constant_memequal(expect, nonce, noncelen)) {
666 /* Not what we would have signed earlier */
667 retval = NONCE_BAD;
668 goto leave;
669 }
670
671 /*
672 * By how many seconds is this nonce stale? Negative value
673 * would mean it was issued by another server with its clock
674 * skewed in the future.
675 */
676 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
677 nonce_stamp_slop = (long)ostamp - (long)stamp;
678
679 if (nonce_stamp_slop_limit &&
680 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
681 /*
682 * Pretend as if the received nonce (which passes the
683 * HMAC check, so it is not a forged by third-party)
684 * is what we issued.
685 */
686 free((void *)push_cert_nonce);
687 push_cert_nonce = xstrdup(nonce);
688 retval = NONCE_OK;
689 } else {
690 retval = NONCE_SLOP;
691 }
692
693 leave:
694 free(nonce);
695 free(expect);
696 return retval;
697 }
698
699 /*
700 * Return 1 if there is no push_cert or if the push options in push_cert are
701 * the same as those in the argument; 0 otherwise.
702 */
703 static int check_cert_push_options(const struct string_list *push_options)
704 {
705 const char *buf = push_cert.buf;
706
707 const char *option;
708 size_t optionlen;
709 int options_seen = 0;
710
711 int retval = 1;
712
713 if (!*buf)
714 return 1;
715
716 while ((option = find_commit_header(buf, "push-option", &optionlen))) {
717 buf = option + optionlen + 1;
718 options_seen++;
719 if (options_seen > push_options->nr
720 || xstrncmpz(push_options->items[options_seen - 1].string,
721 option, optionlen))
722 return 0;
723 }
724
725 if (options_seen != push_options->nr)
726 retval = 0;
727
728 return retval;
729 }
730
731 static void prepare_push_cert_sha1(struct child_process *proc)
732 {
733 static int already_done;
734
735 if (!push_cert.len)
736 return;
737
738 if (!already_done) {
739 int bogs /* beginning_of_gpg_sig */;
740
741 already_done = 1;
742 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
743 &push_cert_oid))
744 oidclr(&push_cert_oid);
745
746 memset(&sigcheck, '\0', sizeof(sigcheck));
747
748 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
749 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
750 sigcheck.payload_len = bogs;
751 check_signature(&sigcheck, push_cert.buf + bogs,
752 push_cert.len - bogs);
753
754 nonce_status = check_nonce(sigcheck.payload);
755 }
756 if (!is_null_oid(&push_cert_oid)) {
757 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
758 oid_to_hex(&push_cert_oid));
759 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
760 sigcheck.signer ? sigcheck.signer : "");
761 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
762 sigcheck.key ? sigcheck.key : "");
763 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
764 sigcheck.result);
765 if (push_cert_nonce) {
766 strvec_pushf(&proc->env,
767 "GIT_PUSH_CERT_NONCE=%s",
768 push_cert_nonce);
769 strvec_pushf(&proc->env,
770 "GIT_PUSH_CERT_NONCE_STATUS=%s",
771 nonce_status);
772 if (nonce_status == NONCE_SLOP)
773 strvec_pushf(&proc->env,
774 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
775 nonce_stamp_slop);
776 }
777 }
778 }
779
780 struct receive_hook_feed_state {
781 struct command *cmd;
782 struct ref_push_report *report;
783 int skip_broken;
784 struct strbuf buf;
785 const struct string_list *push_options;
786 };
787
788 typedef int (*feed_fn)(void *, const char **, size_t *);
789 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
790 struct receive_hook_feed_state *feed_state)
791 {
792 struct child_process proc = CHILD_PROCESS_INIT;
793 struct async muxer;
794 int code;
795 const char *hook_path = find_hook(hook_name);
796
797 if (!hook_path)
798 return 0;
799
800 strvec_push(&proc.args, hook_path);
801 proc.in = -1;
802 proc.stdout_to_stderr = 1;
803 proc.trace2_hook_name = hook_name;
804
805 if (feed_state->push_options) {
806 size_t i;
807 for (i = 0; i < feed_state->push_options->nr; i++)
808 strvec_pushf(&proc.env,
809 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
810 (uintmax_t)i,
811 feed_state->push_options->items[i].string);
812 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
813 (uintmax_t)feed_state->push_options->nr);
814 } else
815 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
816
817 if (tmp_objdir)
818 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
819
820 if (use_sideband) {
821 memset(&muxer, 0, sizeof(muxer));
822 muxer.proc = copy_to_sideband;
823 muxer.in = -1;
824 code = start_async(&muxer);
825 if (code)
826 return code;
827 proc.err = muxer.in;
828 }
829
830 prepare_push_cert_sha1(&proc);
831
832 code = start_command(&proc);
833 if (code) {
834 if (use_sideband)
835 finish_async(&muxer);
836 return code;
837 }
838
839 sigchain_push(SIGPIPE, SIG_IGN);
840
841 while (1) {
842 const char *buf;
843 size_t n;
844 if (feed(feed_state, &buf, &n))
845 break;
846 if (write_in_full(proc.in, buf, n) < 0)
847 break;
848 }
849 close(proc.in);
850 if (use_sideband)
851 finish_async(&muxer);
852
853 sigchain_pop(SIGPIPE);
854
855 return finish_command(&proc);
856 }
857
858 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
859 {
860 struct receive_hook_feed_state *state = state_;
861 struct command *cmd = state->cmd;
862
863 while (cmd &&
864 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
865 cmd = cmd->next;
866 if (!cmd)
867 return -1; /* EOF */
868 if (!bufp)
869 return 0; /* OK, can feed something. */
870 strbuf_reset(&state->buf);
871 if (!state->report)
872 state->report = cmd->report;
873 if (state->report) {
874 struct object_id *old_oid;
875 struct object_id *new_oid;
876 const char *ref_name;
877
878 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
879 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
880 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
881 strbuf_addf(&state->buf, "%s %s %s\n",
882 oid_to_hex(old_oid), oid_to_hex(new_oid),
883 ref_name);
884 state->report = state->report->next;
885 if (!state->report)
886 state->cmd = cmd->next;
887 } else {
888 strbuf_addf(&state->buf, "%s %s %s\n",
889 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
890 cmd->ref_name);
891 state->cmd = cmd->next;
892 }
893 if (bufp) {
894 *bufp = state->buf.buf;
895 *sizep = state->buf.len;
896 }
897 return 0;
898 }
899
900 static int run_receive_hook(struct command *commands,
901 const char *hook_name,
902 int skip_broken,
903 const struct string_list *push_options)
904 {
905 struct receive_hook_feed_state state;
906 int status;
907
908 strbuf_init(&state.buf, 0);
909 state.cmd = commands;
910 state.skip_broken = skip_broken;
911 state.report = NULL;
912 if (feed_receive_hook(&state, NULL, NULL))
913 return 0;
914 state.cmd = commands;
915 state.push_options = push_options;
916 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
917 strbuf_release(&state.buf);
918 return status;
919 }
920
921 static int run_update_hook(struct command *cmd)
922 {
923 struct child_process proc = CHILD_PROCESS_INIT;
924 int code;
925 const char *hook_path = find_hook("update");
926
927 if (!hook_path)
928 return 0;
929
930 strvec_push(&proc.args, hook_path);
931 strvec_push(&proc.args, cmd->ref_name);
932 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
933 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
934
935 proc.no_stdin = 1;
936 proc.stdout_to_stderr = 1;
937 proc.err = use_sideband ? -1 : 0;
938 proc.trace2_hook_name = "update";
939
940 code = start_command(&proc);
941 if (code)
942 return code;
943 if (use_sideband)
944 copy_to_sideband(proc.err, -1, NULL);
945 return finish_command(&proc);
946 }
947
948 static struct command *find_command_by_refname(struct command *list,
949 const char *refname)
950 {
951 for (; list; list = list->next)
952 if (!strcmp(list->ref_name, refname))
953 return list;
954 return NULL;
955 }
956
957 static int read_proc_receive_report(struct packet_reader *reader,
958 struct command *commands,
959 struct strbuf *errmsg)
960 {
961 struct command *cmd;
962 struct command *hint = NULL;
963 struct ref_push_report *report = NULL;
964 int new_report = 0;
965 int code = 0;
966 int once = 0;
967 int response = 0;
968
969 for (;;) {
970 struct object_id old_oid, new_oid;
971 const char *head;
972 const char *refname;
973 char *p;
974 enum packet_read_status status;
975
976 status = packet_reader_read(reader);
977 if (status != PACKET_READ_NORMAL) {
978 /* Check whether proc-receive exited abnormally */
979 if (status == PACKET_READ_EOF && !response) {
980 strbuf_addstr(errmsg, "proc-receive exited abnormally");
981 return -1;
982 }
983 break;
984 }
985 response++;
986
987 head = reader->line;
988 p = strchr(head, ' ');
989 if (!p) {
990 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
991 code = -1;
992 continue;
993 }
994 *p++ = '\0';
995 if (!strcmp(head, "option")) {
996 const char *key, *val;
997
998 if (!hint || !(report || new_report)) {
999 if (!once++)
1000 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1001 code = -1;
1002 continue;
1003 }
1004 if (new_report) {
1005 if (!hint->report) {
1006 CALLOC_ARRAY(hint->report, 1);
1007 report = hint->report;
1008 } else {
1009 report = hint->report;
1010 while (report->next)
1011 report = report->next;
1012 report->next = xcalloc(1, sizeof(struct ref_push_report));
1013 report = report->next;
1014 }
1015 new_report = 0;
1016 }
1017 key = p;
1018 p = strchr(key, ' ');
1019 if (p)
1020 *p++ = '\0';
1021 val = p;
1022 if (!strcmp(key, "refname"))
1023 report->ref_name = xstrdup_or_null(val);
1024 else if (!strcmp(key, "old-oid") && val &&
1025 !parse_oid_hex(val, &old_oid, &val))
1026 report->old_oid = oiddup(&old_oid);
1027 else if (!strcmp(key, "new-oid") && val &&
1028 !parse_oid_hex(val, &new_oid, &val))
1029 report->new_oid = oiddup(&new_oid);
1030 else if (!strcmp(key, "forced-update"))
1031 report->forced_update = 1;
1032 else if (!strcmp(key, "fall-through"))
1033 /* Fall through, let 'receive-pack' to execute it. */
1034 hint->run_proc_receive = 0;
1035 continue;
1036 }
1037
1038 report = NULL;
1039 new_report = 0;
1040 refname = p;
1041 p = strchr(refname, ' ');
1042 if (p)
1043 *p++ = '\0';
1044 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1045 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1046 head, refname);
1047 code = -1;
1048 continue;
1049 }
1050
1051 /* first try searching at our hint, falling back to all refs */
1052 if (hint)
1053 hint = find_command_by_refname(hint, refname);
1054 if (!hint)
1055 hint = find_command_by_refname(commands, refname);
1056 if (!hint) {
1057 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1058 refname);
1059 code = -1;
1060 continue;
1061 }
1062 if (!hint->run_proc_receive) {
1063 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1064 refname);
1065 code = -1;
1066 continue;
1067 }
1068 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1069 if (!strcmp(head, "ng")) {
1070 if (p)
1071 hint->error_string = xstrdup(p);
1072 else
1073 hint->error_string = "failed";
1074 code = -1;
1075 continue;
1076 }
1077 new_report = 1;
1078 }
1079
1080 for (cmd = commands; cmd; cmd = cmd->next)
1081 if (cmd->run_proc_receive && !cmd->error_string &&
1082 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1083 cmd->error_string = "proc-receive failed to report status";
1084 code = -1;
1085 }
1086 return code;
1087 }
1088
1089 static int run_proc_receive_hook(struct command *commands,
1090 const struct string_list *push_options)
1091 {
1092 struct child_process proc = CHILD_PROCESS_INIT;
1093 struct async muxer;
1094 struct command *cmd;
1095 struct packet_reader reader;
1096 struct strbuf cap = STRBUF_INIT;
1097 struct strbuf errmsg = STRBUF_INIT;
1098 int hook_use_push_options = 0;
1099 int version = 0;
1100 int code;
1101 const char *hook_path = find_hook("proc-receive");
1102
1103 if (!hook_path) {
1104 rp_error("cannot find hook 'proc-receive'");
1105 return -1;
1106 }
1107
1108 strvec_push(&proc.args, hook_path);
1109 proc.in = -1;
1110 proc.out = -1;
1111 proc.trace2_hook_name = "proc-receive";
1112
1113 if (use_sideband) {
1114 memset(&muxer, 0, sizeof(muxer));
1115 muxer.proc = copy_to_sideband;
1116 muxer.in = -1;
1117 code = start_async(&muxer);
1118 if (code)
1119 return code;
1120 proc.err = muxer.in;
1121 } else {
1122 proc.err = 0;
1123 }
1124
1125 code = start_command(&proc);
1126 if (code) {
1127 if (use_sideband)
1128 finish_async(&muxer);
1129 return code;
1130 }
1131
1132 sigchain_push(SIGPIPE, SIG_IGN);
1133
1134 /* Version negotiaton */
1135 packet_reader_init(&reader, proc.out, NULL, 0,
1136 PACKET_READ_CHOMP_NEWLINE |
1137 PACKET_READ_GENTLE_ON_EOF);
1138 if (use_atomic)
1139 strbuf_addstr(&cap, " atomic");
1140 if (use_push_options)
1141 strbuf_addstr(&cap, " push-options");
1142 if (cap.len) {
1143 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1144 strbuf_release(&cap);
1145 } else {
1146 code = packet_write_fmt_gently(proc.in, "version=1\n");
1147 }
1148 if (!code)
1149 code = packet_flush_gently(proc.in);
1150
1151 if (!code)
1152 for (;;) {
1153 int linelen;
1154 enum packet_read_status status;
1155
1156 status = packet_reader_read(&reader);
1157 if (status != PACKET_READ_NORMAL) {
1158 /* Check whether proc-receive exited abnormally */
1159 if (status == PACKET_READ_EOF)
1160 code = -1;
1161 break;
1162 }
1163
1164 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1165 version = atoi(reader.line + 8);
1166 linelen = strlen(reader.line);
1167 if (linelen < reader.pktlen) {
1168 const char *feature_list = reader.line + linelen + 1;
1169 if (parse_feature_request(feature_list, "push-options"))
1170 hook_use_push_options = 1;
1171 }
1172 }
1173 }
1174
1175 if (code) {
1176 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1177 goto cleanup;
1178 }
1179
1180 switch (version) {
1181 case 0:
1182 /* fallthrough */
1183 case 1:
1184 break;
1185 default:
1186 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1187 version);
1188 code = -1;
1189 goto cleanup;
1190 }
1191
1192 /* Send commands */
1193 for (cmd = commands; cmd; cmd = cmd->next) {
1194 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1195 continue;
1196 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1197 oid_to_hex(&cmd->old_oid),
1198 oid_to_hex(&cmd->new_oid),
1199 cmd->ref_name);
1200 if (code)
1201 break;
1202 }
1203 if (!code)
1204 code = packet_flush_gently(proc.in);
1205 if (code) {
1206 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1207 goto cleanup;
1208 }
1209
1210 /* Send push options */
1211 if (hook_use_push_options) {
1212 struct string_list_item *item;
1213
1214 for_each_string_list_item(item, push_options) {
1215 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1216 if (code)
1217 break;
1218 }
1219 if (!code)
1220 code = packet_flush_gently(proc.in);
1221 if (code) {
1222 strbuf_addstr(&errmsg,
1223 "fail to write push-options to proc-receive hook");
1224 goto cleanup;
1225 }
1226 }
1227
1228 /* Read result from proc-receive */
1229 code = read_proc_receive_report(&reader, commands, &errmsg);
1230
1231 cleanup:
1232 close(proc.in);
1233 close(proc.out);
1234 if (use_sideband)
1235 finish_async(&muxer);
1236 if (finish_command(&proc))
1237 code = -1;
1238 if (errmsg.len >0) {
1239 char *p = errmsg.buf;
1240
1241 p += errmsg.len - 1;
1242 if (*p == '\n')
1243 *p = '\0';
1244 rp_error("%s", errmsg.buf);
1245 strbuf_release(&errmsg);
1246 }
1247 sigchain_pop(SIGPIPE);
1248
1249 return code;
1250 }
1251
1252 static char *refuse_unconfigured_deny_msg =
1253 N_("By default, updating the current branch in a non-bare repository\n"
1254 "is denied, because it will make the index and work tree inconsistent\n"
1255 "with what you pushed, and will require 'git reset --hard' to match\n"
1256 "the work tree to HEAD.\n"
1257 "\n"
1258 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1259 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1260 "its current branch; however, this is not recommended unless you\n"
1261 "arranged to update its work tree to match what you pushed in some\n"
1262 "other way.\n"
1263 "\n"
1264 "To squelch this message and still keep the default behaviour, set\n"
1265 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1266
1267 static void refuse_unconfigured_deny(void)
1268 {
1269 rp_error("%s", _(refuse_unconfigured_deny_msg));
1270 }
1271
1272 static char *refuse_unconfigured_deny_delete_current_msg =
1273 N_("By default, deleting the current branch is denied, because the next\n"
1274 "'git clone' won't result in any file checked out, causing confusion.\n"
1275 "\n"
1276 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1277 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1278 "current branch, with or without a warning message.\n"
1279 "\n"
1280 "To squelch this message, you can set it to 'refuse'.");
1281
1282 static void refuse_unconfigured_deny_delete_current(void)
1283 {
1284 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1285 }
1286
1287 static const struct object_id *command_singleton_iterator(void *cb_data);
1288 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1289 {
1290 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1291 struct oid_array extra = OID_ARRAY_INIT;
1292 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1293 uint32_t mask = 1 << (cmd->index % 32);
1294 int i;
1295
1296 trace_printf_key(&trace_shallow,
1297 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1298 for (i = 0; i < si->shallow->nr; i++)
1299 if (si->used_shallow[i] &&
1300 (si->used_shallow[i][cmd->index / 32] & mask) &&
1301 !delayed_reachability_test(si, i))
1302 oid_array_append(&extra, &si->shallow->oid[i]);
1303
1304 opt.env = tmp_objdir_env(tmp_objdir);
1305 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1306 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1307 rollback_shallow_file(the_repository, &shallow_lock);
1308 oid_array_clear(&extra);
1309 return -1;
1310 }
1311
1312 commit_shallow_file(the_repository, &shallow_lock);
1313
1314 /*
1315 * Make sure setup_alternate_shallow() for the next ref does
1316 * not lose these new roots..
1317 */
1318 for (i = 0; i < extra.nr; i++)
1319 register_shallow(the_repository, &extra.oid[i]);
1320
1321 si->shallow_ref[cmd->index] = 0;
1322 oid_array_clear(&extra);
1323 return 0;
1324 }
1325
1326 /*
1327 * NEEDSWORK: we should consolidate various implementions of "are we
1328 * on an unborn branch?" test into one, and make the unified one more
1329 * robust. !get_sha1() based check used here and elsewhere would not
1330 * allow us to tell an unborn branch from corrupt ref, for example.
1331 * For the purpose of fixing "deploy-to-update does not work when
1332 * pushing into an empty repository" issue, this should suffice for
1333 * now.
1334 */
1335 static int head_has_history(void)
1336 {
1337 struct object_id oid;
1338
1339 return !repo_get_oid(the_repository, "HEAD", &oid);
1340 }
1341
1342 static const char *push_to_deploy(unsigned char *sha1,
1343 struct strvec *env,
1344 const char *work_tree)
1345 {
1346 struct child_process child = CHILD_PROCESS_INIT;
1347
1348 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1349 "--refresh", NULL);
1350 strvec_pushv(&child.env, env->v);
1351 child.dir = work_tree;
1352 child.no_stdin = 1;
1353 child.stdout_to_stderr = 1;
1354 child.git_cmd = 1;
1355 if (run_command(&child))
1356 return "Up-to-date check failed";
1357
1358 /* run_command() does not clean up completely; reinitialize */
1359 child_process_init(&child);
1360 strvec_pushl(&child.args, "diff-files", "--quiet",
1361 "--ignore-submodules", "--", NULL);
1362 strvec_pushv(&child.env, env->v);
1363 child.dir = work_tree;
1364 child.no_stdin = 1;
1365 child.stdout_to_stderr = 1;
1366 child.git_cmd = 1;
1367 if (run_command(&child))
1368 return "Working directory has unstaged changes";
1369
1370 child_process_init(&child);
1371 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1372 "--ignore-submodules",
1373 /* diff-index with either HEAD or an empty tree */
1374 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1375 "--", NULL);
1376 strvec_pushv(&child.env, env->v);
1377 child.no_stdin = 1;
1378 child.no_stdout = 1;
1379 child.stdout_to_stderr = 0;
1380 child.git_cmd = 1;
1381 if (run_command(&child))
1382 return "Working directory has staged changes";
1383
1384 child_process_init(&child);
1385 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1386 NULL);
1387 strvec_pushv(&child.env, env->v);
1388 child.dir = work_tree;
1389 child.no_stdin = 1;
1390 child.no_stdout = 1;
1391 child.stdout_to_stderr = 0;
1392 child.git_cmd = 1;
1393 if (run_command(&child))
1394 return "Could not update working tree to new HEAD";
1395
1396 return NULL;
1397 }
1398
1399 static const char *push_to_checkout_hook = "push-to-checkout";
1400
1401 static const char *push_to_checkout(unsigned char *hash,
1402 int *invoked_hook,
1403 struct strvec *env,
1404 const char *work_tree)
1405 {
1406 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1407 opt.invoked_hook = invoked_hook;
1408
1409 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1410 strvec_pushv(&opt.env, env->v);
1411 strvec_push(&opt.args, hash_to_hex(hash));
1412 if (run_hooks_opt(push_to_checkout_hook, &opt))
1413 return "push-to-checkout hook declined";
1414 else
1415 return NULL;
1416 }
1417
1418 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1419 {
1420 const char *retval, *git_dir;
1421 struct strvec env = STRVEC_INIT;
1422 int invoked_hook;
1423
1424 if (!worktree || !worktree->path)
1425 BUG("worktree->path must be non-NULL");
1426
1427 if (worktree->is_bare)
1428 return "denyCurrentBranch = updateInstead needs a worktree";
1429 git_dir = get_worktree_git_dir(worktree);
1430
1431 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1432
1433 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1434 if (!invoked_hook)
1435 retval = push_to_deploy(sha1, &env, worktree->path);
1436
1437 strvec_clear(&env);
1438 return retval;
1439 }
1440
1441 static const char *update(struct command *cmd, struct shallow_info *si)
1442 {
1443 const char *name = cmd->ref_name;
1444 struct strbuf namespaced_name_buf = STRBUF_INIT;
1445 static char *namespaced_name;
1446 const char *ret;
1447 struct object_id *old_oid = &cmd->old_oid;
1448 struct object_id *new_oid = &cmd->new_oid;
1449 int do_update_worktree = 0;
1450 struct worktree **worktrees = get_worktrees();
1451 const struct worktree *worktree =
1452 find_shared_symref(worktrees, "HEAD", name);
1453
1454 /* only refs/... are allowed */
1455 if (!starts_with(name, "refs/") ||
1456 check_refname_format(name + 5, is_null_oid(new_oid) ?
1457 REFNAME_ALLOW_ONELEVEL : 0)) {
1458 rp_error("refusing to update funny ref '%s' remotely", name);
1459 ret = "funny refname";
1460 goto out;
1461 }
1462
1463 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1464 free(namespaced_name);
1465 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1466
1467 if (worktree && !worktree->is_bare) {
1468 switch (deny_current_branch) {
1469 case DENY_IGNORE:
1470 break;
1471 case DENY_WARN:
1472 rp_warning("updating the current branch");
1473 break;
1474 case DENY_REFUSE:
1475 case DENY_UNCONFIGURED:
1476 rp_error("refusing to update checked out branch: %s", name);
1477 if (deny_current_branch == DENY_UNCONFIGURED)
1478 refuse_unconfigured_deny();
1479 ret = "branch is currently checked out";
1480 goto out;
1481 case DENY_UPDATE_INSTEAD:
1482 /* pass -- let other checks intervene first */
1483 do_update_worktree = 1;
1484 break;
1485 }
1486 }
1487
1488 if (!is_null_oid(new_oid) && !repo_has_object_file(the_repository, new_oid)) {
1489 error("unpack should have generated %s, "
1490 "but I can't find it!", oid_to_hex(new_oid));
1491 ret = "bad pack";
1492 goto out;
1493 }
1494
1495 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1496 if (deny_deletes && starts_with(name, "refs/heads/")) {
1497 rp_error("denying ref deletion for %s", name);
1498 ret = "deletion prohibited";
1499 goto out;
1500 }
1501
1502 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1503 switch (deny_delete_current) {
1504 case DENY_IGNORE:
1505 break;
1506 case DENY_WARN:
1507 rp_warning("deleting the current branch");
1508 break;
1509 case DENY_REFUSE:
1510 case DENY_UNCONFIGURED:
1511 case DENY_UPDATE_INSTEAD:
1512 if (deny_delete_current == DENY_UNCONFIGURED)
1513 refuse_unconfigured_deny_delete_current();
1514 rp_error("refusing to delete the current branch: %s", name);
1515 ret = "deletion of the current branch prohibited";
1516 goto out;
1517 default:
1518 ret = "Invalid denyDeleteCurrent setting";
1519 goto out;
1520 }
1521 }
1522 }
1523
1524 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1525 !is_null_oid(old_oid) &&
1526 starts_with(name, "refs/heads/")) {
1527 struct object *old_object, *new_object;
1528 struct commit *old_commit, *new_commit;
1529
1530 old_object = parse_object(the_repository, old_oid);
1531 new_object = parse_object(the_repository, new_oid);
1532
1533 if (!old_object || !new_object ||
1534 old_object->type != OBJ_COMMIT ||
1535 new_object->type != OBJ_COMMIT) {
1536 error("bad sha1 objects for %s", name);
1537 ret = "bad ref";
1538 goto out;
1539 }
1540 old_commit = (struct commit *)old_object;
1541 new_commit = (struct commit *)new_object;
1542 if (!repo_in_merge_bases(the_repository, old_commit, new_commit)) {
1543 rp_error("denying non-fast-forward %s"
1544 " (you should pull first)", name);
1545 ret = "non-fast-forward";
1546 goto out;
1547 }
1548 }
1549 if (run_update_hook(cmd)) {
1550 rp_error("hook declined to update %s", name);
1551 ret = "hook declined";
1552 goto out;
1553 }
1554
1555 if (do_update_worktree) {
1556 ret = update_worktree(new_oid->hash, worktree);
1557 if (ret)
1558 goto out;
1559 }
1560
1561 if (is_null_oid(new_oid)) {
1562 struct strbuf err = STRBUF_INIT;
1563 if (!parse_object(the_repository, old_oid)) {
1564 old_oid = NULL;
1565 if (ref_exists(name)) {
1566 rp_warning("allowing deletion of corrupt ref");
1567 } else {
1568 rp_warning("deleting a non-existent ref");
1569 cmd->did_not_exist = 1;
1570 }
1571 }
1572 if (ref_transaction_delete(transaction,
1573 namespaced_name,
1574 old_oid,
1575 0, "push", &err)) {
1576 rp_error("%s", err.buf);
1577 ret = "failed to delete";
1578 } else {
1579 ret = NULL; /* good */
1580 }
1581 strbuf_release(&err);
1582 }
1583 else {
1584 struct strbuf err = STRBUF_INIT;
1585 if (shallow_update && si->shallow_ref[cmd->index] &&
1586 update_shallow_ref(cmd, si)) {
1587 ret = "shallow error";
1588 goto out;
1589 }
1590
1591 if (ref_transaction_update(transaction,
1592 namespaced_name,
1593 new_oid, old_oid,
1594 0, "push",
1595 &err)) {
1596 rp_error("%s", err.buf);
1597 ret = "failed to update ref";
1598 } else {
1599 ret = NULL; /* good */
1600 }
1601 strbuf_release(&err);
1602 }
1603
1604 out:
1605 free_worktrees(worktrees);
1606 return ret;
1607 }
1608
1609 static void run_update_post_hook(struct command *commands)
1610 {
1611 struct command *cmd;
1612 struct child_process proc = CHILD_PROCESS_INIT;
1613 const char *hook;
1614
1615 hook = find_hook("post-update");
1616 if (!hook)
1617 return;
1618
1619 for (cmd = commands; cmd; cmd = cmd->next) {
1620 if (cmd->error_string || cmd->did_not_exist)
1621 continue;
1622 if (!proc.args.nr)
1623 strvec_push(&proc.args, hook);
1624 strvec_push(&proc.args, cmd->ref_name);
1625 }
1626 if (!proc.args.nr)
1627 return;
1628
1629 proc.no_stdin = 1;
1630 proc.stdout_to_stderr = 1;
1631 proc.err = use_sideband ? -1 : 0;
1632 proc.trace2_hook_name = "post-update";
1633
1634 if (!start_command(&proc)) {
1635 if (use_sideband)
1636 copy_to_sideband(proc.err, -1, NULL);
1637 finish_command(&proc);
1638 }
1639 }
1640
1641 static void check_aliased_update_internal(struct command *cmd,
1642 struct string_list *list,
1643 const char *dst_name, int flag)
1644 {
1645 struct string_list_item *item;
1646 struct command *dst_cmd;
1647
1648 if (!(flag & REF_ISSYMREF))
1649 return;
1650
1651 if (!dst_name) {
1652 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1653 cmd->skip_update = 1;
1654 cmd->error_string = "broken symref";
1655 return;
1656 }
1657 dst_name = strip_namespace(dst_name);
1658
1659 if (!(item = string_list_lookup(list, dst_name)))
1660 return;
1661
1662 cmd->skip_update = 1;
1663
1664 dst_cmd = (struct command *) item->util;
1665
1666 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1667 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1668 return;
1669
1670 dst_cmd->skip_update = 1;
1671
1672 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1673 " its target '%s' (%s..%s)",
1674 cmd->ref_name,
1675 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1676 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1677 dst_cmd->ref_name,
1678 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1679 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1680
1681 cmd->error_string = dst_cmd->error_string =
1682 "inconsistent aliased update";
1683 }
1684
1685 static void check_aliased_update(struct command *cmd, struct string_list *list)
1686 {
1687 struct strbuf buf = STRBUF_INIT;
1688 const char *dst_name;
1689 int flag;
1690
1691 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1692 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1693 check_aliased_update_internal(cmd, list, dst_name, flag);
1694 strbuf_release(&buf);
1695 }
1696
1697 static void check_aliased_updates(struct command *commands)
1698 {
1699 struct command *cmd;
1700 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1701
1702 for (cmd = commands; cmd; cmd = cmd->next) {
1703 struct string_list_item *item =
1704 string_list_append(&ref_list, cmd->ref_name);
1705 item->util = (void *)cmd;
1706 }
1707 string_list_sort(&ref_list);
1708
1709 for (cmd = commands; cmd; cmd = cmd->next) {
1710 if (!cmd->error_string)
1711 check_aliased_update(cmd, &ref_list);
1712 }
1713
1714 string_list_clear(&ref_list, 0);
1715 }
1716
1717 static const struct object_id *command_singleton_iterator(void *cb_data)
1718 {
1719 struct command **cmd_list = cb_data;
1720 struct command *cmd = *cmd_list;
1721
1722 if (!cmd || is_null_oid(&cmd->new_oid))
1723 return NULL;
1724 *cmd_list = NULL; /* this returns only one */
1725 return &cmd->new_oid;
1726 }
1727
1728 static void set_connectivity_errors(struct command *commands,
1729 struct shallow_info *si)
1730 {
1731 struct command *cmd;
1732
1733 for (cmd = commands; cmd; cmd = cmd->next) {
1734 struct command *singleton = cmd;
1735 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1736
1737 if (shallow_update && si->shallow_ref[cmd->index])
1738 /* to be checked in update_shallow_ref() */
1739 continue;
1740
1741 opt.env = tmp_objdir_env(tmp_objdir);
1742 if (!check_connected(command_singleton_iterator, &singleton,
1743 &opt))
1744 continue;
1745
1746 cmd->error_string = "missing necessary objects";
1747 }
1748 }
1749
1750 struct iterate_data {
1751 struct command *cmds;
1752 struct shallow_info *si;
1753 };
1754
1755 static const struct object_id *iterate_receive_command_list(void *cb_data)
1756 {
1757 struct iterate_data *data = cb_data;
1758 struct command **cmd_list = &data->cmds;
1759 struct command *cmd = *cmd_list;
1760
1761 for (; cmd; cmd = cmd->next) {
1762 if (shallow_update && data->si->shallow_ref[cmd->index])
1763 /* to be checked in update_shallow_ref() */
1764 continue;
1765 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1766 *cmd_list = cmd->next;
1767 return &cmd->new_oid;
1768 }
1769 }
1770 return NULL;
1771 }
1772
1773 static void reject_updates_to_hidden(struct command *commands)
1774 {
1775 struct strbuf refname_full = STRBUF_INIT;
1776 size_t prefix_len;
1777 struct command *cmd;
1778
1779 strbuf_addstr(&refname_full, get_git_namespace());
1780 prefix_len = refname_full.len;
1781
1782 for (cmd = commands; cmd; cmd = cmd->next) {
1783 if (cmd->error_string)
1784 continue;
1785
1786 strbuf_setlen(&refname_full, prefix_len);
1787 strbuf_addstr(&refname_full, cmd->ref_name);
1788
1789 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1790 continue;
1791 if (is_null_oid(&cmd->new_oid))
1792 cmd->error_string = "deny deleting a hidden ref";
1793 else
1794 cmd->error_string = "deny updating a hidden ref";
1795 }
1796
1797 strbuf_release(&refname_full);
1798 }
1799
1800 static int should_process_cmd(struct command *cmd)
1801 {
1802 return !cmd->error_string && !cmd->skip_update;
1803 }
1804
1805 static void BUG_if_skipped_connectivity_check(struct command *commands,
1806 struct shallow_info *si)
1807 {
1808 struct command *cmd;
1809
1810 for (cmd = commands; cmd; cmd = cmd->next) {
1811 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1812 bug("connectivity check has not been run on ref %s",
1813 cmd->ref_name);
1814 }
1815 BUG_if_bug("connectivity check skipped???");
1816 }
1817
1818 static void execute_commands_non_atomic(struct command *commands,
1819 struct shallow_info *si)
1820 {
1821 struct command *cmd;
1822 struct strbuf err = STRBUF_INIT;
1823
1824 for (cmd = commands; cmd; cmd = cmd->next) {
1825 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1826 continue;
1827
1828 transaction = ref_transaction_begin(&err);
1829 if (!transaction) {
1830 rp_error("%s", err.buf);
1831 strbuf_reset(&err);
1832 cmd->error_string = "transaction failed to start";
1833 continue;
1834 }
1835
1836 cmd->error_string = update(cmd, si);
1837
1838 if (!cmd->error_string
1839 && ref_transaction_commit(transaction, &err)) {
1840 rp_error("%s", err.buf);
1841 strbuf_reset(&err);
1842 cmd->error_string = "failed to update ref";
1843 }
1844 ref_transaction_free(transaction);
1845 }
1846 strbuf_release(&err);
1847 }
1848
1849 static void execute_commands_atomic(struct command *commands,
1850 struct shallow_info *si)
1851 {
1852 struct command *cmd;
1853 struct strbuf err = STRBUF_INIT;
1854 const char *reported_error = "atomic push failure";
1855
1856 transaction = ref_transaction_begin(&err);
1857 if (!transaction) {
1858 rp_error("%s", err.buf);
1859 strbuf_reset(&err);
1860 reported_error = "transaction failed to start";
1861 goto failure;
1862 }
1863
1864 for (cmd = commands; cmd; cmd = cmd->next) {
1865 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1866 continue;
1867
1868 cmd->error_string = update(cmd, si);
1869
1870 if (cmd->error_string)
1871 goto failure;
1872 }
1873
1874 if (ref_transaction_commit(transaction, &err)) {
1875 rp_error("%s", err.buf);
1876 reported_error = "atomic transaction failed";
1877 goto failure;
1878 }
1879 goto cleanup;
1880
1881 failure:
1882 for (cmd = commands; cmd; cmd = cmd->next)
1883 if (!cmd->error_string)
1884 cmd->error_string = reported_error;
1885
1886 cleanup:
1887 ref_transaction_free(transaction);
1888 strbuf_release(&err);
1889 }
1890
1891 static void execute_commands(struct command *commands,
1892 const char *unpacker_error,
1893 struct shallow_info *si,
1894 const struct string_list *push_options)
1895 {
1896 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1897 struct command *cmd;
1898 struct iterate_data data;
1899 struct async muxer;
1900 int err_fd = 0;
1901 int run_proc_receive = 0;
1902
1903 if (unpacker_error) {
1904 for (cmd = commands; cmd; cmd = cmd->next)
1905 cmd->error_string = "unpacker error";
1906 return;
1907 }
1908
1909 if (use_sideband) {
1910 memset(&muxer, 0, sizeof(muxer));
1911 muxer.proc = copy_to_sideband;
1912 muxer.in = -1;
1913 if (!start_async(&muxer))
1914 err_fd = muxer.in;
1915 /* ...else, continue without relaying sideband */
1916 }
1917
1918 data.cmds = commands;
1919 data.si = si;
1920 opt.err_fd = err_fd;
1921 opt.progress = err_fd && !quiet;
1922 opt.env = tmp_objdir_env(tmp_objdir);
1923 opt.exclude_hidden_refs_section = "receive";
1924
1925 if (check_connected(iterate_receive_command_list, &data, &opt))
1926 set_connectivity_errors(commands, si);
1927
1928 if (use_sideband)
1929 finish_async(&muxer);
1930
1931 reject_updates_to_hidden(commands);
1932
1933 /*
1934 * Try to find commands that have special prefix in their reference names,
1935 * and mark them to run an external "proc-receive" hook later.
1936 */
1937 if (proc_receive_ref) {
1938 for (cmd = commands; cmd; cmd = cmd->next) {
1939 if (!should_process_cmd(cmd))
1940 continue;
1941
1942 if (proc_receive_ref_matches(cmd)) {
1943 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1944 run_proc_receive = 1;
1945 }
1946 }
1947 }
1948
1949 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1950 for (cmd = commands; cmd; cmd = cmd->next) {
1951 if (!cmd->error_string)
1952 cmd->error_string = "pre-receive hook declined";
1953 }
1954 return;
1955 }
1956
1957 /*
1958 * If there is no command ready to run, should return directly to destroy
1959 * temporary data in the quarantine area.
1960 */
1961 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1962 ; /* nothing */
1963 if (!cmd)
1964 return;
1965
1966 /*
1967 * Now we'll start writing out refs, which means the objects need
1968 * to be in their final positions so that other processes can see them.
1969 */
1970 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1971 for (cmd = commands; cmd; cmd = cmd->next) {
1972 if (!cmd->error_string)
1973 cmd->error_string = "unable to migrate objects to permanent storage";
1974 }
1975 return;
1976 }
1977 tmp_objdir = NULL;
1978
1979 check_aliased_updates(commands);
1980
1981 free(head_name_to_free);
1982 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1983
1984 if (run_proc_receive &&
1985 run_proc_receive_hook(commands, push_options))
1986 for (cmd = commands; cmd; cmd = cmd->next)
1987 if (!cmd->error_string &&
1988 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1989 (cmd->run_proc_receive || use_atomic))
1990 cmd->error_string = "fail to run proc-receive hook";
1991
1992 if (use_atomic)
1993 execute_commands_atomic(commands, si);
1994 else
1995 execute_commands_non_atomic(commands, si);
1996
1997 if (shallow_update)
1998 BUG_if_skipped_connectivity_check(commands, si);
1999 }
2000
2001 static struct command **queue_command(struct command **tail,
2002 const char *line,
2003 int linelen)
2004 {
2005 struct object_id old_oid, new_oid;
2006 struct command *cmd;
2007 const char *refname;
2008 int reflen;
2009 const char *p;
2010
2011 if (parse_oid_hex(line, &old_oid, &p) ||
2012 *p++ != ' ' ||
2013 parse_oid_hex(p, &new_oid, &p) ||
2014 *p++ != ' ')
2015 die("protocol error: expected old/new/ref, got '%s'", line);
2016
2017 refname = p;
2018 reflen = linelen - (p - line);
2019 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2020 oidcpy(&cmd->old_oid, &old_oid);
2021 oidcpy(&cmd->new_oid, &new_oid);
2022 *tail = cmd;
2023 return &cmd->next;
2024 }
2025
2026 static void free_commands(struct command *commands)
2027 {
2028 while (commands) {
2029 struct command *next = commands->next;
2030
2031 free(commands);
2032 commands = next;
2033 }
2034 }
2035
2036 static void queue_commands_from_cert(struct command **tail,
2037 struct strbuf *push_cert)
2038 {
2039 const char *boc, *eoc;
2040
2041 if (*tail)
2042 die("protocol error: got both push certificate and unsigned commands");
2043
2044 boc = strstr(push_cert->buf, "\n\n");
2045 if (!boc)
2046 die("malformed push certificate %.*s", 100, push_cert->buf);
2047 else
2048 boc += 2;
2049 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2050
2051 while (boc < eoc) {
2052 const char *eol = memchr(boc, '\n', eoc - boc);
2053 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2054 boc = eol ? eol + 1 : eoc;
2055 }
2056 }
2057
2058 static struct command *read_head_info(struct packet_reader *reader,
2059 struct oid_array *shallow)
2060 {
2061 struct command *commands = NULL;
2062 struct command **p = &commands;
2063 for (;;) {
2064 int linelen;
2065
2066 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2067 break;
2068
2069 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2070 struct object_id oid;
2071 if (get_oid_hex(reader->line + 8, &oid))
2072 die("protocol error: expected shallow sha, got '%s'",
2073 reader->line + 8);
2074 oid_array_append(shallow, &oid);
2075 continue;
2076 }
2077
2078 linelen = strlen(reader->line);
2079 if (linelen < reader->pktlen) {
2080 const char *feature_list = reader->line + linelen + 1;
2081 const char *hash = NULL;
2082 const char *client_sid;
2083 size_t len = 0;
2084 if (parse_feature_request(feature_list, "report-status"))
2085 report_status = 1;
2086 if (parse_feature_request(feature_list, "report-status-v2"))
2087 report_status_v2 = 1;
2088 if (parse_feature_request(feature_list, "side-band-64k"))
2089 use_sideband = LARGE_PACKET_MAX;
2090 if (parse_feature_request(feature_list, "quiet"))
2091 quiet = 1;
2092 if (advertise_atomic_push
2093 && parse_feature_request(feature_list, "atomic"))
2094 use_atomic = 1;
2095 if (advertise_push_options
2096 && parse_feature_request(feature_list, "push-options"))
2097 use_push_options = 1;
2098 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2099 if (!hash) {
2100 hash = hash_algos[GIT_HASH_SHA1].name;
2101 len = strlen(hash);
2102 }
2103 if (xstrncmpz(the_hash_algo->name, hash, len))
2104 die("error: unsupported object format '%s'", hash);
2105 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2106 if (client_sid) {
2107 char *sid = xstrndup(client_sid, len);
2108 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2109 free(sid);
2110 }
2111 }
2112
2113 if (!strcmp(reader->line, "push-cert")) {
2114 int true_flush = 0;
2115 int saved_options = reader->options;
2116 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2117
2118 for (;;) {
2119 packet_reader_read(reader);
2120 if (reader->status == PACKET_READ_FLUSH) {
2121 true_flush = 1;
2122 break;
2123 }
2124 if (reader->status != PACKET_READ_NORMAL) {
2125 die("protocol error: got an unexpected packet");
2126 }
2127 if (!strcmp(reader->line, "push-cert-end\n"))
2128 break; /* end of cert */
2129 strbuf_addstr(&push_cert, reader->line);
2130 }
2131 reader->options = saved_options;
2132
2133 if (true_flush)
2134 break;
2135 continue;
2136 }
2137
2138 p = queue_command(p, reader->line, linelen);
2139 }
2140
2141 if (push_cert.len)
2142 queue_commands_from_cert(p, &push_cert);
2143
2144 return commands;
2145 }
2146
2147 static void read_push_options(struct packet_reader *reader,
2148 struct string_list *options)
2149 {
2150 while (1) {
2151 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2152 break;
2153
2154 string_list_append(options, reader->line);
2155 }
2156 }
2157
2158 static const char *parse_pack_header(struct pack_header *hdr)
2159 {
2160 switch (read_pack_header(0, hdr)) {
2161 case PH_ERROR_EOF:
2162 return "eof before pack header was fully read";
2163
2164 case PH_ERROR_PACK_SIGNATURE:
2165 return "protocol error (pack signature mismatch detected)";
2166
2167 case PH_ERROR_PROTOCOL:
2168 return "protocol error (pack version unsupported)";
2169
2170 default:
2171 return "unknown error in parse_pack_header";
2172
2173 case 0:
2174 return NULL;
2175 }
2176 }
2177
2178 static struct tempfile *pack_lockfile;
2179
2180 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2181 {
2182 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2183 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2184 }
2185
2186 static const char *unpack(int err_fd, struct shallow_info *si)
2187 {
2188 struct pack_header hdr;
2189 const char *hdr_err;
2190 int status;
2191 struct child_process child = CHILD_PROCESS_INIT;
2192 int fsck_objects = (receive_fsck_objects >= 0
2193 ? receive_fsck_objects
2194 : transfer_fsck_objects >= 0
2195 ? transfer_fsck_objects
2196 : 0);
2197
2198 hdr_err = parse_pack_header(&hdr);
2199 if (hdr_err) {
2200 if (err_fd > 0)
2201 close(err_fd);
2202 return hdr_err;
2203 }
2204
2205 if (si->nr_ours || si->nr_theirs) {
2206 alt_shallow_file = setup_temporary_shallow(si->shallow);
2207 strvec_push(&child.args, "--shallow-file");
2208 strvec_push(&child.args, alt_shallow_file);
2209 }
2210
2211 tmp_objdir = tmp_objdir_create("incoming");
2212 if (!tmp_objdir) {
2213 if (err_fd > 0)
2214 close(err_fd);
2215 return "unable to create temporary object directory";
2216 }
2217 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2218
2219 /*
2220 * Normally we just pass the tmp_objdir environment to the child
2221 * processes that do the heavy lifting, but we may need to see these
2222 * objects ourselves to set up shallow information.
2223 */
2224 tmp_objdir_add_as_alternate(tmp_objdir);
2225
2226 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2227 strvec_push(&child.args, "unpack-objects");
2228 push_header_arg(&child.args, &hdr);
2229 if (quiet)
2230 strvec_push(&child.args, "-q");
2231 if (fsck_objects)
2232 strvec_pushf(&child.args, "--strict%s",
2233 fsck_msg_types.buf);
2234 if (max_input_size)
2235 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2236 (uintmax_t)max_input_size);
2237 child.no_stdout = 1;
2238 child.err = err_fd;
2239 child.git_cmd = 1;
2240 status = run_command(&child);
2241 if (status)
2242 return "unpack-objects abnormal exit";
2243 } else {
2244 char hostname[HOST_NAME_MAX + 1];
2245 char *lockfile;
2246
2247 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2248 push_header_arg(&child.args, &hdr);
2249
2250 if (xgethostname(hostname, sizeof(hostname)))
2251 xsnprintf(hostname, sizeof(hostname), "localhost");
2252 strvec_pushf(&child.args,
2253 "--keep=receive-pack %"PRIuMAX" on %s",
2254 (uintmax_t)getpid(),
2255 hostname);
2256
2257 if (!quiet && err_fd)
2258 strvec_push(&child.args, "--show-resolving-progress");
2259 if (use_sideband)
2260 strvec_push(&child.args, "--report-end-of-input");
2261 if (fsck_objects)
2262 strvec_pushf(&child.args, "--strict%s",
2263 fsck_msg_types.buf);
2264 if (!reject_thin)
2265 strvec_push(&child.args, "--fix-thin");
2266 if (max_input_size)
2267 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2268 (uintmax_t)max_input_size);
2269 child.out = -1;
2270 child.err = err_fd;
2271 child.git_cmd = 1;
2272 status = start_command(&child);
2273 if (status)
2274 return "index-pack fork failed";
2275
2276 lockfile = index_pack_lockfile(child.out, NULL);
2277 if (lockfile) {
2278 pack_lockfile = register_tempfile(lockfile);
2279 free(lockfile);
2280 }
2281 close(child.out);
2282
2283 status = finish_command(&child);
2284 if (status)
2285 return "index-pack abnormal exit";
2286 reprepare_packed_git(the_repository);
2287 }
2288 return NULL;
2289 }
2290
2291 static const char *unpack_with_sideband(struct shallow_info *si)
2292 {
2293 struct async muxer;
2294 const char *ret;
2295
2296 if (!use_sideband)
2297 return unpack(0, si);
2298
2299 use_keepalive = KEEPALIVE_AFTER_NUL;
2300 memset(&muxer, 0, sizeof(muxer));
2301 muxer.proc = copy_to_sideband;
2302 muxer.in = -1;
2303 if (start_async(&muxer))
2304 return NULL;
2305
2306 ret = unpack(muxer.in, si);
2307
2308 finish_async(&muxer);
2309 return ret;
2310 }
2311
2312 static void prepare_shallow_update(struct shallow_info *si)
2313 {
2314 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2315
2316 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2317 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2318
2319 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2320 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2321 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2322
2323 for (i = 0; i < si->nr_ours; i++)
2324 si->need_reachability_test[si->ours[i]] = 1;
2325
2326 for (i = 0; i < si->shallow->nr; i++) {
2327 if (!si->used_shallow[i])
2328 continue;
2329 for (j = 0; j < bitmap_size; j++) {
2330 if (!si->used_shallow[i][j])
2331 continue;
2332 si->need_reachability_test[i]++;
2333 for (k = 0; k < 32; k++)
2334 if (si->used_shallow[i][j] & (1U << k))
2335 si->shallow_ref[j * 32 + k]++;
2336 }
2337
2338 /*
2339 * true for those associated with some refs and belong
2340 * in "ours" list aka "step 7 not done yet"
2341 */
2342 si->need_reachability_test[i] =
2343 si->need_reachability_test[i] > 1;
2344 }
2345
2346 /*
2347 * keep hooks happy by forcing a temporary shallow file via
2348 * env variable because we can't add --shallow-file to every
2349 * command. check_connected() will be done with
2350 * true .git/shallow though.
2351 */
2352 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2353 }
2354
2355 static void update_shallow_info(struct command *commands,
2356 struct shallow_info *si,
2357 struct oid_array *ref)
2358 {
2359 struct command *cmd;
2360 int *ref_status;
2361 remove_nonexistent_theirs_shallow(si);
2362 if (!si->nr_ours && !si->nr_theirs) {
2363 shallow_update = 0;
2364 return;
2365 }
2366
2367 for (cmd = commands; cmd; cmd = cmd->next) {
2368 if (is_null_oid(&cmd->new_oid))
2369 continue;
2370 oid_array_append(ref, &cmd->new_oid);
2371 cmd->index = ref->nr - 1;
2372 }
2373 si->ref = ref;
2374
2375 if (shallow_update) {
2376 prepare_shallow_update(si);
2377 return;
2378 }
2379
2380 ALLOC_ARRAY(ref_status, ref->nr);
2381 assign_shallow_commits_to_refs(si, NULL, ref_status);
2382 for (cmd = commands; cmd; cmd = cmd->next) {
2383 if (is_null_oid(&cmd->new_oid))
2384 continue;
2385 if (ref_status[cmd->index]) {
2386 cmd->error_string = "shallow update not allowed";
2387 cmd->skip_update = 1;
2388 }
2389 }
2390 free(ref_status);
2391 }
2392
2393 static void report(struct command *commands, const char *unpack_status)
2394 {
2395 struct command *cmd;
2396 struct strbuf buf = STRBUF_INIT;
2397
2398 packet_buf_write(&buf, "unpack %s\n",
2399 unpack_status ? unpack_status : "ok");
2400 for (cmd = commands; cmd; cmd = cmd->next) {
2401 if (!cmd->error_string)
2402 packet_buf_write(&buf, "ok %s\n",
2403 cmd->ref_name);
2404 else
2405 packet_buf_write(&buf, "ng %s %s\n",
2406 cmd->ref_name, cmd->error_string);
2407 }
2408 packet_buf_flush(&buf);
2409
2410 if (use_sideband)
2411 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2412 else
2413 write_or_die(1, buf.buf, buf.len);
2414 strbuf_release(&buf);
2415 }
2416
2417 static void report_v2(struct command *commands, const char *unpack_status)
2418 {
2419 struct command *cmd;
2420 struct strbuf buf = STRBUF_INIT;
2421 struct ref_push_report *report;
2422
2423 packet_buf_write(&buf, "unpack %s\n",
2424 unpack_status ? unpack_status : "ok");
2425 for (cmd = commands; cmd; cmd = cmd->next) {
2426 int count = 0;
2427
2428 if (cmd->error_string) {
2429 packet_buf_write(&buf, "ng %s %s\n",
2430 cmd->ref_name,
2431 cmd->error_string);
2432 continue;
2433 }
2434 packet_buf_write(&buf, "ok %s\n",
2435 cmd->ref_name);
2436 for (report = cmd->report; report; report = report->next) {
2437 if (count++ > 0)
2438 packet_buf_write(&buf, "ok %s\n",
2439 cmd->ref_name);
2440 if (report->ref_name)
2441 packet_buf_write(&buf, "option refname %s\n",
2442 report->ref_name);
2443 if (report->old_oid)
2444 packet_buf_write(&buf, "option old-oid %s\n",
2445 oid_to_hex(report->old_oid));
2446 if (report->new_oid)
2447 packet_buf_write(&buf, "option new-oid %s\n",
2448 oid_to_hex(report->new_oid));
2449 if (report->forced_update)
2450 packet_buf_write(&buf, "option forced-update\n");
2451 }
2452 }
2453 packet_buf_flush(&buf);
2454
2455 if (use_sideband)
2456 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2457 else
2458 write_or_die(1, buf.buf, buf.len);
2459 strbuf_release(&buf);
2460 }
2461
2462 static int delete_only(struct command *commands)
2463 {
2464 struct command *cmd;
2465 for (cmd = commands; cmd; cmd = cmd->next) {
2466 if (!is_null_oid(&cmd->new_oid))
2467 return 0;
2468 }
2469 return 1;
2470 }
2471
2472 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2473 {
2474 int advertise_refs = 0;
2475 struct command *commands;
2476 struct oid_array shallow = OID_ARRAY_INIT;
2477 struct oid_array ref = OID_ARRAY_INIT;
2478 struct shallow_info si;
2479 struct packet_reader reader;
2480
2481 struct option options[] = {
2482 OPT__QUIET(&quiet, N_("quiet")),
2483 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2484 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2485 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2486 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2487 OPT_END()
2488 };
2489
2490 packet_trace_identity("receive-pack");
2491
2492 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2493
2494 if (argc > 1)
2495 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2496 if (argc == 0)
2497 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2498
2499 service_dir = argv[0];
2500
2501 setup_path();
2502
2503 if (!enter_repo(service_dir, 0))
2504 die("'%s' does not appear to be a git repository", service_dir);
2505
2506 git_config(receive_pack_config, NULL);
2507 if (cert_nonce_seed)
2508 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2509
2510 if (0 <= receive_unpack_limit)
2511 unpack_limit = receive_unpack_limit;
2512 else if (0 <= transfer_unpack_limit)
2513 unpack_limit = transfer_unpack_limit;
2514
2515 switch (determine_protocol_version_server()) {
2516 case protocol_v2:
2517 /*
2518 * push support for protocol v2 has not been implemented yet,
2519 * so ignore the request to use v2 and fallback to using v0.
2520 */
2521 break;
2522 case protocol_v1:
2523 /*
2524 * v1 is just the original protocol with a version string,
2525 * so just fall through after writing the version string.
2526 */
2527 if (advertise_refs || !stateless_rpc)
2528 packet_write_fmt(1, "version 1\n");
2529
2530 /* fallthrough */
2531 case protocol_v0:
2532 break;
2533 case protocol_unknown_version:
2534 BUG("unknown protocol version");
2535 }
2536
2537 if (advertise_refs || !stateless_rpc) {
2538 write_head_info();
2539 }
2540 if (advertise_refs)
2541 return 0;
2542
2543 packet_reader_init(&reader, 0, NULL, 0,
2544 PACKET_READ_CHOMP_NEWLINE |
2545 PACKET_READ_DIE_ON_ERR_PACKET);
2546
2547 if ((commands = read_head_info(&reader, &shallow))) {
2548 const char *unpack_status = NULL;
2549 struct string_list push_options = STRING_LIST_INIT_DUP;
2550
2551 if (use_push_options)
2552 read_push_options(&reader, &push_options);
2553 if (!check_cert_push_options(&push_options)) {
2554 struct command *cmd;
2555 for (cmd = commands; cmd; cmd = cmd->next)
2556 cmd->error_string = "inconsistent push options";
2557 }
2558
2559 prepare_shallow_info(&si, &shallow);
2560 if (!si.nr_ours && !si.nr_theirs)
2561 shallow_update = 0;
2562 if (!delete_only(commands)) {
2563 unpack_status = unpack_with_sideband(&si);
2564 update_shallow_info(commands, &si, &ref);
2565 }
2566 use_keepalive = KEEPALIVE_ALWAYS;
2567 execute_commands(commands, unpack_status, &si,
2568 &push_options);
2569 delete_tempfile(&pack_lockfile);
2570 sigchain_push(SIGPIPE, SIG_IGN);
2571 if (report_status_v2)
2572 report_v2(commands, unpack_status);
2573 else if (report_status)
2574 report(commands, unpack_status);
2575 sigchain_pop(SIGPIPE);
2576 run_receive_hook(commands, "post-receive", 1,
2577 &push_options);
2578 run_update_post_hook(commands);
2579 free_commands(commands);
2580 string_list_clear(&push_options, 0);
2581 if (auto_gc) {
2582 struct child_process proc = CHILD_PROCESS_INIT;
2583
2584 proc.no_stdin = 1;
2585 proc.stdout_to_stderr = 1;
2586 proc.err = use_sideband ? -1 : 0;
2587 proc.git_cmd = proc.close_object_store = 1;
2588 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2589 NULL);
2590
2591 if (!start_command(&proc)) {
2592 if (use_sideband)
2593 copy_to_sideband(proc.err, -1, NULL);
2594 finish_command(&proc);
2595 }
2596 }
2597 if (auto_update_server_info)
2598 update_server_info(0);
2599 clear_shallow_info(&si);
2600 }
2601 if (use_sideband)
2602 packet_flush(1);
2603 oid_array_clear(&shallow);
2604 oid_array_clear(&ref);
2605 strvec_clear(&hidden_refs);
2606 free((void *)push_cert_nonce);
2607 return 0;
2608 }
Unnamed repository; edit this file 'description' to name the repository.