]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'ar/t2024-checkout-output-fix'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "environment.h"
6 #include "gettext.h"
7 #include "hex.h"
8 #include "lockfile.h"
9 #include "pack.h"
10 #include "refs.h"
11 #include "pkt-line.h"
12 #include "sideband.h"
13 #include "run-command.h"
14 #include "hook.h"
15 #include "exec-cmd.h"
16 #include "commit.h"
17 #include "object.h"
18 #include "remote.h"
19 #include "connect.h"
20 #include "string-list.h"
21 #include "oid-array.h"
22 #include "connected.h"
23 #include "strvec.h"
24 #include "version.h"
25 #include "tag.h"
26 #include "gpg-interface.h"
27 #include "sigchain.h"
28 #include "fsck.h"
29 #include "tmp-objdir.h"
30 #include "oidset.h"
31 #include "packfile.h"
32 #include "object-store.h"
33 #include "protocol.h"
34 #include "commit-reach.h"
35 #include "worktree.h"
36 #include "shallow.h"
37 #include "parse-options.h"
38 #include "wrapper.h"
39
40 static const char * const receive_pack_usage[] = {
41 N_("git receive-pack <git-dir>"),
42 NULL
43 };
44
45 enum deny_action {
46 DENY_UNCONFIGURED,
47 DENY_IGNORE,
48 DENY_WARN,
49 DENY_REFUSE,
50 DENY_UPDATE_INSTEAD
51 };
52
53 static int deny_deletes;
54 static int deny_non_fast_forwards;
55 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
56 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
57 static int receive_fsck_objects = -1;
58 static int transfer_fsck_objects = -1;
59 static struct strbuf fsck_msg_types = STRBUF_INIT;
60 static int receive_unpack_limit = -1;
61 static int transfer_unpack_limit = -1;
62 static int advertise_atomic_push = 1;
63 static int advertise_push_options;
64 static int advertise_sid;
65 static int unpack_limit = 100;
66 static off_t max_input_size;
67 static int report_status;
68 static int report_status_v2;
69 static int use_sideband;
70 static int use_atomic;
71 static int use_push_options;
72 static int quiet;
73 static int prefer_ofs_delta = 1;
74 static int auto_update_server_info;
75 static int auto_gc = 1;
76 static int reject_thin;
77 static int stateless_rpc;
78 static const char *service_dir;
79 static const char *head_name;
80 static void *head_name_to_free;
81 static int sent_capabilities;
82 static int shallow_update;
83 static const char *alt_shallow_file;
84 static struct strbuf push_cert = STRBUF_INIT;
85 static struct object_id push_cert_oid;
86 static struct signature_check sigcheck;
87 static const char *push_cert_nonce;
88 static const char *cert_nonce_seed;
89 static struct string_list hidden_refs = STRING_LIST_INIT_DUP;
90
91 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
92 static const char *NONCE_BAD = "BAD";
93 static const char *NONCE_MISSING = "MISSING";
94 static const char *NONCE_OK = "OK";
95 static const char *NONCE_SLOP = "SLOP";
96 static const char *nonce_status;
97 static long nonce_stamp_slop;
98 static timestamp_t nonce_stamp_slop_limit;
99 static struct ref_transaction *transaction;
100
101 static enum {
102 KEEPALIVE_NEVER = 0,
103 KEEPALIVE_AFTER_NUL,
104 KEEPALIVE_ALWAYS
105 } use_keepalive;
106 static int keepalive_in_sec = 5;
107
108 static struct tmp_objdir *tmp_objdir;
109
110 static struct proc_receive_ref {
111 unsigned int want_add:1,
112 want_delete:1,
113 want_modify:1,
114 negative_ref:1;
115 char *ref_prefix;
116 struct proc_receive_ref *next;
117 } *proc_receive_ref;
118
119 static void proc_receive_ref_append(const char *prefix);
120
121 static enum deny_action parse_deny_action(const char *var, const char *value)
122 {
123 if (value) {
124 if (!strcasecmp(value, "ignore"))
125 return DENY_IGNORE;
126 if (!strcasecmp(value, "warn"))
127 return DENY_WARN;
128 if (!strcasecmp(value, "refuse"))
129 return DENY_REFUSE;
130 if (!strcasecmp(value, "updateinstead"))
131 return DENY_UPDATE_INSTEAD;
132 }
133 if (git_config_bool(var, value))
134 return DENY_REFUSE;
135 return DENY_IGNORE;
136 }
137
138 static int receive_pack_config(const char *var, const char *value, void *cb)
139 {
140 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
141
142 if (status)
143 return status;
144
145 if (strcmp(var, "receive.denydeletes") == 0) {
146 deny_deletes = git_config_bool(var, value);
147 return 0;
148 }
149
150 if (strcmp(var, "receive.denynonfastforwards") == 0) {
151 deny_non_fast_forwards = git_config_bool(var, value);
152 return 0;
153 }
154
155 if (strcmp(var, "receive.unpacklimit") == 0) {
156 receive_unpack_limit = git_config_int(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "transfer.unpacklimit") == 0) {
161 transfer_unpack_limit = git_config_int(var, value);
162 return 0;
163 }
164
165 if (strcmp(var, "receive.fsck.skiplist") == 0) {
166 const char *path;
167
168 if (git_config_pathname(&path, var, value))
169 return 1;
170 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
171 fsck_msg_types.len ? ',' : '=', path);
172 free((char *)path);
173 return 0;
174 }
175
176 if (skip_prefix(var, "receive.fsck.", &var)) {
177 if (is_valid_msg_type(var, value))
178 strbuf_addf(&fsck_msg_types, "%c%s=%s",
179 fsck_msg_types.len ? ',' : '=', var, value);
180 else
181 warning("skipping unknown msg id '%s'", var);
182 return 0;
183 }
184
185 if (strcmp(var, "receive.fsckobjects") == 0) {
186 receive_fsck_objects = git_config_bool(var, value);
187 return 0;
188 }
189
190 if (strcmp(var, "transfer.fsckobjects") == 0) {
191 transfer_fsck_objects = git_config_bool(var, value);
192 return 0;
193 }
194
195 if (!strcmp(var, "receive.denycurrentbranch")) {
196 deny_current_branch = parse_deny_action(var, value);
197 return 0;
198 }
199
200 if (strcmp(var, "receive.denydeletecurrent") == 0) {
201 deny_delete_current = parse_deny_action(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
206 prefer_ofs_delta = git_config_bool(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.updateserverinfo") == 0) {
211 auto_update_server_info = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.autogc") == 0) {
216 auto_gc = git_config_bool(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.shallowupdate") == 0) {
221 shallow_update = git_config_bool(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.certnonceseed") == 0)
226 return git_config_string(&cert_nonce_seed, var, value);
227
228 if (strcmp(var, "receive.certnonceslop") == 0) {
229 nonce_stamp_slop_limit = git_config_ulong(var, value);
230 return 0;
231 }
232
233 if (strcmp(var, "receive.advertiseatomic") == 0) {
234 advertise_atomic_push = git_config_bool(var, value);
235 return 0;
236 }
237
238 if (strcmp(var, "receive.advertisepushoptions") == 0) {
239 advertise_push_options = git_config_bool(var, value);
240 return 0;
241 }
242
243 if (strcmp(var, "receive.keepalive") == 0) {
244 keepalive_in_sec = git_config_int(var, value);
245 return 0;
246 }
247
248 if (strcmp(var, "receive.maxinputsize") == 0) {
249 max_input_size = git_config_int64(var, value);
250 return 0;
251 }
252
253 if (strcmp(var, "receive.procreceiverefs") == 0) {
254 if (!value)
255 return config_error_nonbool(var);
256 proc_receive_ref_append(value);
257 return 0;
258 }
259
260 if (strcmp(var, "transfer.advertisesid") == 0) {
261 advertise_sid = git_config_bool(var, value);
262 return 0;
263 }
264
265 return git_default_config(var, value, cb);
266 }
267
268 static void show_ref(const char *path, const struct object_id *oid)
269 {
270 if (sent_capabilities) {
271 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
272 } else {
273 struct strbuf cap = STRBUF_INIT;
274
275 strbuf_addstr(&cap,
276 "report-status report-status-v2 delete-refs side-band-64k quiet");
277 if (advertise_atomic_push)
278 strbuf_addstr(&cap, " atomic");
279 if (prefer_ofs_delta)
280 strbuf_addstr(&cap, " ofs-delta");
281 if (push_cert_nonce)
282 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
283 if (advertise_push_options)
284 strbuf_addstr(&cap, " push-options");
285 if (advertise_sid)
286 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
287 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
288 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
289 packet_write_fmt(1, "%s %s%c%s\n",
290 oid_to_hex(oid), path, 0, cap.buf);
291 strbuf_release(&cap);
292 sent_capabilities = 1;
293 }
294 }
295
296 static int show_ref_cb(const char *path_full, const struct object_id *oid,
297 int flag UNUSED, void *data)
298 {
299 struct oidset *seen = data;
300 const char *path = strip_namespace(path_full);
301
302 if (ref_is_hidden(path, path_full, &hidden_refs))
303 return 0;
304
305 /*
306 * Advertise refs outside our current namespace as ".have"
307 * refs, so that the client can use them to minimize data
308 * transfer but will otherwise ignore them.
309 */
310 if (!path) {
311 if (oidset_insert(seen, oid))
312 return 0;
313 path = ".have";
314 } else {
315 oidset_insert(seen, oid);
316 }
317 show_ref(path, oid);
318 return 0;
319 }
320
321 static void show_one_alternate_ref(const struct object_id *oid,
322 void *data)
323 {
324 struct oidset *seen = data;
325
326 if (oidset_insert(seen, oid))
327 return;
328
329 show_ref(".have", oid);
330 }
331
332 static void write_head_info(void)
333 {
334 static struct oidset seen = OIDSET_INIT;
335
336 for_each_ref(show_ref_cb, &seen);
337 for_each_alternate_ref(show_one_alternate_ref, &seen);
338 oidset_clear(&seen);
339 if (!sent_capabilities)
340 show_ref("capabilities^{}", null_oid());
341
342 advertise_shallow_grafts(1);
343
344 /* EOF */
345 packet_flush(1);
346 }
347
348 #define RUN_PROC_RECEIVE_SCHEDULED 1
349 #define RUN_PROC_RECEIVE_RETURNED 2
350 struct command {
351 struct command *next;
352 const char *error_string;
353 struct ref_push_report *report;
354 unsigned int skip_update:1,
355 did_not_exist:1,
356 run_proc_receive:2;
357 int index;
358 struct object_id old_oid;
359 struct object_id new_oid;
360 char ref_name[FLEX_ARRAY]; /* more */
361 };
362
363 static void proc_receive_ref_append(const char *prefix)
364 {
365 struct proc_receive_ref *ref_pattern;
366 char *p;
367 int len;
368
369 CALLOC_ARRAY(ref_pattern, 1);
370 p = strchr(prefix, ':');
371 if (p) {
372 while (prefix < p) {
373 if (*prefix == 'a')
374 ref_pattern->want_add = 1;
375 else if (*prefix == 'd')
376 ref_pattern->want_delete = 1;
377 else if (*prefix == 'm')
378 ref_pattern->want_modify = 1;
379 else if (*prefix == '!')
380 ref_pattern->negative_ref = 1;
381 prefix++;
382 }
383 prefix++;
384 } else {
385 ref_pattern->want_add = 1;
386 ref_pattern->want_delete = 1;
387 ref_pattern->want_modify = 1;
388 }
389 len = strlen(prefix);
390 while (len && prefix[len - 1] == '/')
391 len--;
392 ref_pattern->ref_prefix = xmemdupz(prefix, len);
393 if (!proc_receive_ref) {
394 proc_receive_ref = ref_pattern;
395 } else {
396 struct proc_receive_ref *end;
397
398 end = proc_receive_ref;
399 while (end->next)
400 end = end->next;
401 end->next = ref_pattern;
402 }
403 }
404
405 static int proc_receive_ref_matches(struct command *cmd)
406 {
407 struct proc_receive_ref *p;
408
409 if (!proc_receive_ref)
410 return 0;
411
412 for (p = proc_receive_ref; p; p = p->next) {
413 const char *match = p->ref_prefix;
414 const char *remains;
415
416 if (!p->want_add && is_null_oid(&cmd->old_oid))
417 continue;
418 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
419 continue;
420 else if (!p->want_modify &&
421 !is_null_oid(&cmd->old_oid) &&
422 !is_null_oid(&cmd->new_oid))
423 continue;
424
425 if (skip_prefix(cmd->ref_name, match, &remains) &&
426 (!*remains || *remains == '/')) {
427 if (!p->negative_ref)
428 return 1;
429 } else if (p->negative_ref) {
430 return 1;
431 }
432 }
433 return 0;
434 }
435
436 static void report_message(const char *prefix, const char *err, va_list params)
437 {
438 int sz;
439 char msg[4096];
440
441 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
442 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
443 if (sz > (sizeof(msg) - 1))
444 sz = sizeof(msg) - 1;
445 msg[sz++] = '\n';
446
447 if (use_sideband)
448 send_sideband(1, 2, msg, sz, use_sideband);
449 else
450 xwrite(2, msg, sz);
451 }
452
453 __attribute__((format (printf, 1, 2)))
454 static void rp_warning(const char *err, ...)
455 {
456 va_list params;
457 va_start(params, err);
458 report_message("warning: ", err, params);
459 va_end(params);
460 }
461
462 __attribute__((format (printf, 1, 2)))
463 static void rp_error(const char *err, ...)
464 {
465 va_list params;
466 va_start(params, err);
467 report_message("error: ", err, params);
468 va_end(params);
469 }
470
471 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
472 {
473 char data[128];
474 int keepalive_active = 0;
475
476 if (keepalive_in_sec <= 0)
477 use_keepalive = KEEPALIVE_NEVER;
478 if (use_keepalive == KEEPALIVE_ALWAYS)
479 keepalive_active = 1;
480
481 while (1) {
482 ssize_t sz;
483
484 if (keepalive_active) {
485 struct pollfd pfd;
486 int ret;
487
488 pfd.fd = in;
489 pfd.events = POLLIN;
490 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
491
492 if (ret < 0) {
493 if (errno == EINTR)
494 continue;
495 else
496 break;
497 } else if (ret == 0) {
498 /* no data; send a keepalive packet */
499 static const char buf[] = "0005\1";
500 write_or_die(1, buf, sizeof(buf) - 1);
501 continue;
502 } /* else there is actual data to read */
503 }
504
505 sz = xread(in, data, sizeof(data));
506 if (sz <= 0)
507 break;
508
509 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
510 const char *p = memchr(data, '\0', sz);
511 if (p) {
512 /*
513 * The NUL tells us to start sending keepalives. Make
514 * sure we send any other data we read along
515 * with it.
516 */
517 keepalive_active = 1;
518 send_sideband(1, 2, data, p - data, use_sideband);
519 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
520 continue;
521 }
522 }
523
524 /*
525 * Either we're not looking for a NUL signal, or we didn't see
526 * it yet; just pass along the data.
527 */
528 send_sideband(1, 2, data, sz, use_sideband);
529 }
530 close(in);
531 return 0;
532 }
533
534 static void hmac_hash(unsigned char *out,
535 const char *key_in, size_t key_len,
536 const char *text, size_t text_len)
537 {
538 unsigned char key[GIT_MAX_BLKSZ];
539 unsigned char k_ipad[GIT_MAX_BLKSZ];
540 unsigned char k_opad[GIT_MAX_BLKSZ];
541 int i;
542 git_hash_ctx ctx;
543
544 /* RFC 2104 2. (1) */
545 memset(key, '\0', GIT_MAX_BLKSZ);
546 if (the_hash_algo->blksz < key_len) {
547 the_hash_algo->init_fn(&ctx);
548 the_hash_algo->update_fn(&ctx, key_in, key_len);
549 the_hash_algo->final_fn(key, &ctx);
550 } else {
551 memcpy(key, key_in, key_len);
552 }
553
554 /* RFC 2104 2. (2) & (5) */
555 for (i = 0; i < sizeof(key); i++) {
556 k_ipad[i] = key[i] ^ 0x36;
557 k_opad[i] = key[i] ^ 0x5c;
558 }
559
560 /* RFC 2104 2. (3) & (4) */
561 the_hash_algo->init_fn(&ctx);
562 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
563 the_hash_algo->update_fn(&ctx, text, text_len);
564 the_hash_algo->final_fn(out, &ctx);
565
566 /* RFC 2104 2. (6) & (7) */
567 the_hash_algo->init_fn(&ctx);
568 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
569 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
570 the_hash_algo->final_fn(out, &ctx);
571 }
572
573 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
574 {
575 struct strbuf buf = STRBUF_INIT;
576 unsigned char hash[GIT_MAX_RAWSZ];
577
578 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
579 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
580 strbuf_release(&buf);
581
582 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
583 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
584 return strbuf_detach(&buf, NULL);
585 }
586
587 static char *find_header(const char *msg, size_t len, const char *key,
588 const char **next_line)
589 {
590 size_t out_len;
591 const char *val = find_header_mem(msg, len, key, &out_len);
592
593 if (!val)
594 return NULL;
595
596 if (next_line)
597 *next_line = val + out_len + 1;
598
599 return xmemdupz(val, out_len);
600 }
601
602 /*
603 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
604 * This operation is guaranteed to run in constant time to avoid leaking data.
605 */
606 static int constant_memequal(const char *a, const char *b, size_t n)
607 {
608 int res = 0;
609 size_t i;
610
611 for (i = 0; i < n; i++)
612 res |= a[i] ^ b[i];
613 return res;
614 }
615
616 static const char *check_nonce(const char *buf, size_t len)
617 {
618 char *nonce = find_header(buf, len, "nonce", NULL);
619 timestamp_t stamp, ostamp;
620 char *bohmac, *expect = NULL;
621 const char *retval = NONCE_BAD;
622 size_t noncelen;
623
624 if (!nonce) {
625 retval = NONCE_MISSING;
626 goto leave;
627 } else if (!push_cert_nonce) {
628 retval = NONCE_UNSOLICITED;
629 goto leave;
630 } else if (!strcmp(push_cert_nonce, nonce)) {
631 retval = NONCE_OK;
632 goto leave;
633 }
634
635 if (!stateless_rpc) {
636 /* returned nonce MUST match what we gave out earlier */
637 retval = NONCE_BAD;
638 goto leave;
639 }
640
641 /*
642 * In stateless mode, we may be receiving a nonce issued by
643 * another instance of the server that serving the same
644 * repository, and the timestamps may not match, but the
645 * nonce-seed and dir should match, so we can recompute and
646 * report the time slop.
647 *
648 * In addition, when a nonce issued by another instance has
649 * timestamp within receive.certnonceslop seconds, we pretend
650 * as if we issued that nonce when reporting to the hook.
651 */
652
653 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
654 if (*nonce <= '0' || '9' < *nonce) {
655 retval = NONCE_BAD;
656 goto leave;
657 }
658 stamp = parse_timestamp(nonce, &bohmac, 10);
659 if (bohmac == nonce || bohmac[0] != '-') {
660 retval = NONCE_BAD;
661 goto leave;
662 }
663
664 noncelen = strlen(nonce);
665 expect = prepare_push_cert_nonce(service_dir, stamp);
666 if (noncelen != strlen(expect)) {
667 /* This is not even the right size. */
668 retval = NONCE_BAD;
669 goto leave;
670 }
671 if (constant_memequal(expect, nonce, noncelen)) {
672 /* Not what we would have signed earlier */
673 retval = NONCE_BAD;
674 goto leave;
675 }
676
677 /*
678 * By how many seconds is this nonce stale? Negative value
679 * would mean it was issued by another server with its clock
680 * skewed in the future.
681 */
682 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
683 nonce_stamp_slop = (long)ostamp - (long)stamp;
684
685 if (nonce_stamp_slop_limit &&
686 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
687 /*
688 * Pretend as if the received nonce (which passes the
689 * HMAC check, so it is not a forged by third-party)
690 * is what we issued.
691 */
692 free((void *)push_cert_nonce);
693 push_cert_nonce = xstrdup(nonce);
694 retval = NONCE_OK;
695 } else {
696 retval = NONCE_SLOP;
697 }
698
699 leave:
700 free(nonce);
701 free(expect);
702 return retval;
703 }
704
705 /*
706 * Return 1 if there is no push_cert or if the push options in push_cert are
707 * the same as those in the argument; 0 otherwise.
708 */
709 static int check_cert_push_options(const struct string_list *push_options)
710 {
711 const char *buf = push_cert.buf;
712 int len = push_cert.len;
713
714 char *option;
715 const char *next_line;
716 int options_seen = 0;
717
718 int retval = 1;
719
720 if (!len)
721 return 1;
722
723 while ((option = find_header(buf, len, "push-option", &next_line))) {
724 len -= (next_line - buf);
725 buf = next_line;
726 options_seen++;
727 if (options_seen > push_options->nr
728 || strcmp(option,
729 push_options->items[options_seen - 1].string)) {
730 retval = 0;
731 goto leave;
732 }
733 free(option);
734 }
735
736 if (options_seen != push_options->nr)
737 retval = 0;
738
739 leave:
740 free(option);
741 return retval;
742 }
743
744 static void prepare_push_cert_sha1(struct child_process *proc)
745 {
746 static int already_done;
747
748 if (!push_cert.len)
749 return;
750
751 if (!already_done) {
752 int bogs /* beginning_of_gpg_sig */;
753
754 already_done = 1;
755 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
756 &push_cert_oid))
757 oidclr(&push_cert_oid);
758
759 memset(&sigcheck, '\0', sizeof(sigcheck));
760
761 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
762 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
763 sigcheck.payload_len = bogs;
764 check_signature(&sigcheck, push_cert.buf + bogs,
765 push_cert.len - bogs);
766
767 nonce_status = check_nonce(push_cert.buf, bogs);
768 }
769 if (!is_null_oid(&push_cert_oid)) {
770 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
771 oid_to_hex(&push_cert_oid));
772 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
773 sigcheck.signer ? sigcheck.signer : "");
774 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
775 sigcheck.key ? sigcheck.key : "");
776 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
777 sigcheck.result);
778 if (push_cert_nonce) {
779 strvec_pushf(&proc->env,
780 "GIT_PUSH_CERT_NONCE=%s",
781 push_cert_nonce);
782 strvec_pushf(&proc->env,
783 "GIT_PUSH_CERT_NONCE_STATUS=%s",
784 nonce_status);
785 if (nonce_status == NONCE_SLOP)
786 strvec_pushf(&proc->env,
787 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
788 nonce_stamp_slop);
789 }
790 }
791 }
792
793 struct receive_hook_feed_state {
794 struct command *cmd;
795 struct ref_push_report *report;
796 int skip_broken;
797 struct strbuf buf;
798 const struct string_list *push_options;
799 };
800
801 typedef int (*feed_fn)(void *, const char **, size_t *);
802 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
803 struct receive_hook_feed_state *feed_state)
804 {
805 struct child_process proc = CHILD_PROCESS_INIT;
806 struct async muxer;
807 int code;
808 const char *hook_path = find_hook(hook_name);
809
810 if (!hook_path)
811 return 0;
812
813 strvec_push(&proc.args, hook_path);
814 proc.in = -1;
815 proc.stdout_to_stderr = 1;
816 proc.trace2_hook_name = hook_name;
817
818 if (feed_state->push_options) {
819 size_t i;
820 for (i = 0; i < feed_state->push_options->nr; i++)
821 strvec_pushf(&proc.env,
822 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
823 (uintmax_t)i,
824 feed_state->push_options->items[i].string);
825 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
826 (uintmax_t)feed_state->push_options->nr);
827 } else
828 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
829
830 if (tmp_objdir)
831 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
832
833 if (use_sideband) {
834 memset(&muxer, 0, sizeof(muxer));
835 muxer.proc = copy_to_sideband;
836 muxer.in = -1;
837 code = start_async(&muxer);
838 if (code)
839 return code;
840 proc.err = muxer.in;
841 }
842
843 prepare_push_cert_sha1(&proc);
844
845 code = start_command(&proc);
846 if (code) {
847 if (use_sideband)
848 finish_async(&muxer);
849 return code;
850 }
851
852 sigchain_push(SIGPIPE, SIG_IGN);
853
854 while (1) {
855 const char *buf;
856 size_t n;
857 if (feed(feed_state, &buf, &n))
858 break;
859 if (write_in_full(proc.in, buf, n) < 0)
860 break;
861 }
862 close(proc.in);
863 if (use_sideband)
864 finish_async(&muxer);
865
866 sigchain_pop(SIGPIPE);
867
868 return finish_command(&proc);
869 }
870
871 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
872 {
873 struct receive_hook_feed_state *state = state_;
874 struct command *cmd = state->cmd;
875
876 while (cmd &&
877 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
878 cmd = cmd->next;
879 if (!cmd)
880 return -1; /* EOF */
881 if (!bufp)
882 return 0; /* OK, can feed something. */
883 strbuf_reset(&state->buf);
884 if (!state->report)
885 state->report = cmd->report;
886 if (state->report) {
887 struct object_id *old_oid;
888 struct object_id *new_oid;
889 const char *ref_name;
890
891 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
892 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
893 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
894 strbuf_addf(&state->buf, "%s %s %s\n",
895 oid_to_hex(old_oid), oid_to_hex(new_oid),
896 ref_name);
897 state->report = state->report->next;
898 if (!state->report)
899 state->cmd = cmd->next;
900 } else {
901 strbuf_addf(&state->buf, "%s %s %s\n",
902 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
903 cmd->ref_name);
904 state->cmd = cmd->next;
905 }
906 if (bufp) {
907 *bufp = state->buf.buf;
908 *sizep = state->buf.len;
909 }
910 return 0;
911 }
912
913 static int run_receive_hook(struct command *commands,
914 const char *hook_name,
915 int skip_broken,
916 const struct string_list *push_options)
917 {
918 struct receive_hook_feed_state state;
919 int status;
920
921 strbuf_init(&state.buf, 0);
922 state.cmd = commands;
923 state.skip_broken = skip_broken;
924 state.report = NULL;
925 if (feed_receive_hook(&state, NULL, NULL))
926 return 0;
927 state.cmd = commands;
928 state.push_options = push_options;
929 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
930 strbuf_release(&state.buf);
931 return status;
932 }
933
934 static int run_update_hook(struct command *cmd)
935 {
936 struct child_process proc = CHILD_PROCESS_INIT;
937 int code;
938 const char *hook_path = find_hook("update");
939
940 if (!hook_path)
941 return 0;
942
943 strvec_push(&proc.args, hook_path);
944 strvec_push(&proc.args, cmd->ref_name);
945 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
946 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
947
948 proc.no_stdin = 1;
949 proc.stdout_to_stderr = 1;
950 proc.err = use_sideband ? -1 : 0;
951 proc.trace2_hook_name = "update";
952
953 code = start_command(&proc);
954 if (code)
955 return code;
956 if (use_sideband)
957 copy_to_sideband(proc.err, -1, NULL);
958 return finish_command(&proc);
959 }
960
961 static struct command *find_command_by_refname(struct command *list,
962 const char *refname)
963 {
964 for (; list; list = list->next)
965 if (!strcmp(list->ref_name, refname))
966 return list;
967 return NULL;
968 }
969
970 static int read_proc_receive_report(struct packet_reader *reader,
971 struct command *commands,
972 struct strbuf *errmsg)
973 {
974 struct command *cmd;
975 struct command *hint = NULL;
976 struct ref_push_report *report = NULL;
977 int new_report = 0;
978 int code = 0;
979 int once = 0;
980 int response = 0;
981
982 for (;;) {
983 struct object_id old_oid, new_oid;
984 const char *head;
985 const char *refname;
986 char *p;
987 enum packet_read_status status;
988
989 status = packet_reader_read(reader);
990 if (status != PACKET_READ_NORMAL) {
991 /* Check whether proc-receive exited abnormally */
992 if (status == PACKET_READ_EOF && !response) {
993 strbuf_addstr(errmsg, "proc-receive exited abnormally");
994 return -1;
995 }
996 break;
997 }
998 response++;
999
1000 head = reader->line;
1001 p = strchr(head, ' ');
1002 if (!p) {
1003 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1004 code = -1;
1005 continue;
1006 }
1007 *p++ = '\0';
1008 if (!strcmp(head, "option")) {
1009 const char *key, *val;
1010
1011 if (!hint || !(report || new_report)) {
1012 if (!once++)
1013 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1014 code = -1;
1015 continue;
1016 }
1017 if (new_report) {
1018 if (!hint->report) {
1019 CALLOC_ARRAY(hint->report, 1);
1020 report = hint->report;
1021 } else {
1022 report = hint->report;
1023 while (report->next)
1024 report = report->next;
1025 report->next = xcalloc(1, sizeof(struct ref_push_report));
1026 report = report->next;
1027 }
1028 new_report = 0;
1029 }
1030 key = p;
1031 p = strchr(key, ' ');
1032 if (p)
1033 *p++ = '\0';
1034 val = p;
1035 if (!strcmp(key, "refname"))
1036 report->ref_name = xstrdup_or_null(val);
1037 else if (!strcmp(key, "old-oid") && val &&
1038 !parse_oid_hex(val, &old_oid, &val))
1039 report->old_oid = oiddup(&old_oid);
1040 else if (!strcmp(key, "new-oid") && val &&
1041 !parse_oid_hex(val, &new_oid, &val))
1042 report->new_oid = oiddup(&new_oid);
1043 else if (!strcmp(key, "forced-update"))
1044 report->forced_update = 1;
1045 else if (!strcmp(key, "fall-through"))
1046 /* Fall through, let 'receive-pack' to execute it. */
1047 hint->run_proc_receive = 0;
1048 continue;
1049 }
1050
1051 report = NULL;
1052 new_report = 0;
1053 refname = p;
1054 p = strchr(refname, ' ');
1055 if (p)
1056 *p++ = '\0';
1057 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1058 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1059 head, refname);
1060 code = -1;
1061 continue;
1062 }
1063
1064 /* first try searching at our hint, falling back to all refs */
1065 if (hint)
1066 hint = find_command_by_refname(hint, refname);
1067 if (!hint)
1068 hint = find_command_by_refname(commands, refname);
1069 if (!hint) {
1070 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1071 refname);
1072 code = -1;
1073 continue;
1074 }
1075 if (!hint->run_proc_receive) {
1076 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1077 refname);
1078 code = -1;
1079 continue;
1080 }
1081 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1082 if (!strcmp(head, "ng")) {
1083 if (p)
1084 hint->error_string = xstrdup(p);
1085 else
1086 hint->error_string = "failed";
1087 code = -1;
1088 continue;
1089 }
1090 new_report = 1;
1091 }
1092
1093 for (cmd = commands; cmd; cmd = cmd->next)
1094 if (cmd->run_proc_receive && !cmd->error_string &&
1095 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1096 cmd->error_string = "proc-receive failed to report status";
1097 code = -1;
1098 }
1099 return code;
1100 }
1101
1102 static int run_proc_receive_hook(struct command *commands,
1103 const struct string_list *push_options)
1104 {
1105 struct child_process proc = CHILD_PROCESS_INIT;
1106 struct async muxer;
1107 struct command *cmd;
1108 struct packet_reader reader;
1109 struct strbuf cap = STRBUF_INIT;
1110 struct strbuf errmsg = STRBUF_INIT;
1111 int hook_use_push_options = 0;
1112 int version = 0;
1113 int code;
1114 const char *hook_path = find_hook("proc-receive");
1115
1116 if (!hook_path) {
1117 rp_error("cannot find hook 'proc-receive'");
1118 return -1;
1119 }
1120
1121 strvec_push(&proc.args, hook_path);
1122 proc.in = -1;
1123 proc.out = -1;
1124 proc.trace2_hook_name = "proc-receive";
1125
1126 if (use_sideband) {
1127 memset(&muxer, 0, sizeof(muxer));
1128 muxer.proc = copy_to_sideband;
1129 muxer.in = -1;
1130 code = start_async(&muxer);
1131 if (code)
1132 return code;
1133 proc.err = muxer.in;
1134 } else {
1135 proc.err = 0;
1136 }
1137
1138 code = start_command(&proc);
1139 if (code) {
1140 if (use_sideband)
1141 finish_async(&muxer);
1142 return code;
1143 }
1144
1145 sigchain_push(SIGPIPE, SIG_IGN);
1146
1147 /* Version negotiaton */
1148 packet_reader_init(&reader, proc.out, NULL, 0,
1149 PACKET_READ_CHOMP_NEWLINE |
1150 PACKET_READ_GENTLE_ON_EOF);
1151 if (use_atomic)
1152 strbuf_addstr(&cap, " atomic");
1153 if (use_push_options)
1154 strbuf_addstr(&cap, " push-options");
1155 if (cap.len) {
1156 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1157 strbuf_release(&cap);
1158 } else {
1159 code = packet_write_fmt_gently(proc.in, "version=1\n");
1160 }
1161 if (!code)
1162 code = packet_flush_gently(proc.in);
1163
1164 if (!code)
1165 for (;;) {
1166 int linelen;
1167 enum packet_read_status status;
1168
1169 status = packet_reader_read(&reader);
1170 if (status != PACKET_READ_NORMAL) {
1171 /* Check whether proc-receive exited abnormally */
1172 if (status == PACKET_READ_EOF)
1173 code = -1;
1174 break;
1175 }
1176
1177 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1178 version = atoi(reader.line + 8);
1179 linelen = strlen(reader.line);
1180 if (linelen < reader.pktlen) {
1181 const char *feature_list = reader.line + linelen + 1;
1182 if (parse_feature_request(feature_list, "push-options"))
1183 hook_use_push_options = 1;
1184 }
1185 }
1186 }
1187
1188 if (code) {
1189 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1190 goto cleanup;
1191 }
1192
1193 switch (version) {
1194 case 0:
1195 /* fallthrough */
1196 case 1:
1197 break;
1198 default:
1199 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1200 version);
1201 code = -1;
1202 goto cleanup;
1203 }
1204
1205 /* Send commands */
1206 for (cmd = commands; cmd; cmd = cmd->next) {
1207 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1208 continue;
1209 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1210 oid_to_hex(&cmd->old_oid),
1211 oid_to_hex(&cmd->new_oid),
1212 cmd->ref_name);
1213 if (code)
1214 break;
1215 }
1216 if (!code)
1217 code = packet_flush_gently(proc.in);
1218 if (code) {
1219 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1220 goto cleanup;
1221 }
1222
1223 /* Send push options */
1224 if (hook_use_push_options) {
1225 struct string_list_item *item;
1226
1227 for_each_string_list_item(item, push_options) {
1228 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1229 if (code)
1230 break;
1231 }
1232 if (!code)
1233 code = packet_flush_gently(proc.in);
1234 if (code) {
1235 strbuf_addstr(&errmsg,
1236 "fail to write push-options to proc-receive hook");
1237 goto cleanup;
1238 }
1239 }
1240
1241 /* Read result from proc-receive */
1242 code = read_proc_receive_report(&reader, commands, &errmsg);
1243
1244 cleanup:
1245 close(proc.in);
1246 close(proc.out);
1247 if (use_sideband)
1248 finish_async(&muxer);
1249 if (finish_command(&proc))
1250 code = -1;
1251 if (errmsg.len >0) {
1252 char *p = errmsg.buf;
1253
1254 p += errmsg.len - 1;
1255 if (*p == '\n')
1256 *p = '\0';
1257 rp_error("%s", errmsg.buf);
1258 strbuf_release(&errmsg);
1259 }
1260 sigchain_pop(SIGPIPE);
1261
1262 return code;
1263 }
1264
1265 static char *refuse_unconfigured_deny_msg =
1266 N_("By default, updating the current branch in a non-bare repository\n"
1267 "is denied, because it will make the index and work tree inconsistent\n"
1268 "with what you pushed, and will require 'git reset --hard' to match\n"
1269 "the work tree to HEAD.\n"
1270 "\n"
1271 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1272 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1273 "its current branch; however, this is not recommended unless you\n"
1274 "arranged to update its work tree to match what you pushed in some\n"
1275 "other way.\n"
1276 "\n"
1277 "To squelch this message and still keep the default behaviour, set\n"
1278 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1279
1280 static void refuse_unconfigured_deny(void)
1281 {
1282 rp_error("%s", _(refuse_unconfigured_deny_msg));
1283 }
1284
1285 static char *refuse_unconfigured_deny_delete_current_msg =
1286 N_("By default, deleting the current branch is denied, because the next\n"
1287 "'git clone' won't result in any file checked out, causing confusion.\n"
1288 "\n"
1289 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1290 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1291 "current branch, with or without a warning message.\n"
1292 "\n"
1293 "To squelch this message, you can set it to 'refuse'.");
1294
1295 static void refuse_unconfigured_deny_delete_current(void)
1296 {
1297 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1298 }
1299
1300 static const struct object_id *command_singleton_iterator(void *cb_data);
1301 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1302 {
1303 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1304 struct oid_array extra = OID_ARRAY_INIT;
1305 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1306 uint32_t mask = 1 << (cmd->index % 32);
1307 int i;
1308
1309 trace_printf_key(&trace_shallow,
1310 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1311 for (i = 0; i < si->shallow->nr; i++)
1312 if (si->used_shallow[i] &&
1313 (si->used_shallow[i][cmd->index / 32] & mask) &&
1314 !delayed_reachability_test(si, i))
1315 oid_array_append(&extra, &si->shallow->oid[i]);
1316
1317 opt.env = tmp_objdir_env(tmp_objdir);
1318 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1319 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1320 rollback_shallow_file(the_repository, &shallow_lock);
1321 oid_array_clear(&extra);
1322 return -1;
1323 }
1324
1325 commit_shallow_file(the_repository, &shallow_lock);
1326
1327 /*
1328 * Make sure setup_alternate_shallow() for the next ref does
1329 * not lose these new roots..
1330 */
1331 for (i = 0; i < extra.nr; i++)
1332 register_shallow(the_repository, &extra.oid[i]);
1333
1334 si->shallow_ref[cmd->index] = 0;
1335 oid_array_clear(&extra);
1336 return 0;
1337 }
1338
1339 /*
1340 * NEEDSWORK: we should consolidate various implementions of "are we
1341 * on an unborn branch?" test into one, and make the unified one more
1342 * robust. !get_sha1() based check used here and elsewhere would not
1343 * allow us to tell an unborn branch from corrupt ref, for example.
1344 * For the purpose of fixing "deploy-to-update does not work when
1345 * pushing into an empty repository" issue, this should suffice for
1346 * now.
1347 */
1348 static int head_has_history(void)
1349 {
1350 struct object_id oid;
1351
1352 return !repo_get_oid(the_repository, "HEAD", &oid);
1353 }
1354
1355 static const char *push_to_deploy(unsigned char *sha1,
1356 struct strvec *env,
1357 const char *work_tree)
1358 {
1359 struct child_process child = CHILD_PROCESS_INIT;
1360
1361 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1362 "--refresh", NULL);
1363 strvec_pushv(&child.env, env->v);
1364 child.dir = work_tree;
1365 child.no_stdin = 1;
1366 child.stdout_to_stderr = 1;
1367 child.git_cmd = 1;
1368 if (run_command(&child))
1369 return "Up-to-date check failed";
1370
1371 /* run_command() does not clean up completely; reinitialize */
1372 child_process_init(&child);
1373 strvec_pushl(&child.args, "diff-files", "--quiet",
1374 "--ignore-submodules", "--", NULL);
1375 strvec_pushv(&child.env, env->v);
1376 child.dir = work_tree;
1377 child.no_stdin = 1;
1378 child.stdout_to_stderr = 1;
1379 child.git_cmd = 1;
1380 if (run_command(&child))
1381 return "Working directory has unstaged changes";
1382
1383 child_process_init(&child);
1384 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1385 "--ignore-submodules",
1386 /* diff-index with either HEAD or an empty tree */
1387 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1388 "--", NULL);
1389 strvec_pushv(&child.env, env->v);
1390 child.no_stdin = 1;
1391 child.no_stdout = 1;
1392 child.stdout_to_stderr = 0;
1393 child.git_cmd = 1;
1394 if (run_command(&child))
1395 return "Working directory has staged changes";
1396
1397 child_process_init(&child);
1398 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1399 NULL);
1400 strvec_pushv(&child.env, env->v);
1401 child.dir = work_tree;
1402 child.no_stdin = 1;
1403 child.no_stdout = 1;
1404 child.stdout_to_stderr = 0;
1405 child.git_cmd = 1;
1406 if (run_command(&child))
1407 return "Could not update working tree to new HEAD";
1408
1409 return NULL;
1410 }
1411
1412 static const char *push_to_checkout_hook = "push-to-checkout";
1413
1414 static const char *push_to_checkout(unsigned char *hash,
1415 int *invoked_hook,
1416 struct strvec *env,
1417 const char *work_tree)
1418 {
1419 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1420 opt.invoked_hook = invoked_hook;
1421
1422 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1423 strvec_pushv(&opt.env, env->v);
1424 strvec_push(&opt.args, hash_to_hex(hash));
1425 if (run_hooks_opt(push_to_checkout_hook, &opt))
1426 return "push-to-checkout hook declined";
1427 else
1428 return NULL;
1429 }
1430
1431 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1432 {
1433 const char *retval, *git_dir;
1434 struct strvec env = STRVEC_INIT;
1435 int invoked_hook;
1436
1437 if (!worktree || !worktree->path)
1438 BUG("worktree->path must be non-NULL");
1439
1440 if (worktree->is_bare)
1441 return "denyCurrentBranch = updateInstead needs a worktree";
1442 git_dir = get_worktree_git_dir(worktree);
1443
1444 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1445
1446 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1447 if (!invoked_hook)
1448 retval = push_to_deploy(sha1, &env, worktree->path);
1449
1450 strvec_clear(&env);
1451 return retval;
1452 }
1453
1454 static const char *update(struct command *cmd, struct shallow_info *si)
1455 {
1456 const char *name = cmd->ref_name;
1457 struct strbuf namespaced_name_buf = STRBUF_INIT;
1458 static char *namespaced_name;
1459 const char *ret;
1460 struct object_id *old_oid = &cmd->old_oid;
1461 struct object_id *new_oid = &cmd->new_oid;
1462 int do_update_worktree = 0;
1463 struct worktree **worktrees = get_worktrees();
1464 const struct worktree *worktree =
1465 find_shared_symref(worktrees, "HEAD", name);
1466
1467 /* only refs/... are allowed */
1468 if (!starts_with(name, "refs/") ||
1469 check_refname_format(name + 5, is_null_oid(new_oid) ?
1470 REFNAME_ALLOW_ONELEVEL : 0)) {
1471 rp_error("refusing to update funny ref '%s' remotely", name);
1472 ret = "funny refname";
1473 goto out;
1474 }
1475
1476 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1477 free(namespaced_name);
1478 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1479
1480 if (worktree && !worktree->is_bare) {
1481 switch (deny_current_branch) {
1482 case DENY_IGNORE:
1483 break;
1484 case DENY_WARN:
1485 rp_warning("updating the current branch");
1486 break;
1487 case DENY_REFUSE:
1488 case DENY_UNCONFIGURED:
1489 rp_error("refusing to update checked out branch: %s", name);
1490 if (deny_current_branch == DENY_UNCONFIGURED)
1491 refuse_unconfigured_deny();
1492 ret = "branch is currently checked out";
1493 goto out;
1494 case DENY_UPDATE_INSTEAD:
1495 /* pass -- let other checks intervene first */
1496 do_update_worktree = 1;
1497 break;
1498 }
1499 }
1500
1501 if (!is_null_oid(new_oid) && !repo_has_object_file(the_repository, new_oid)) {
1502 error("unpack should have generated %s, "
1503 "but I can't find it!", oid_to_hex(new_oid));
1504 ret = "bad pack";
1505 goto out;
1506 }
1507
1508 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1509 if (deny_deletes && starts_with(name, "refs/heads/")) {
1510 rp_error("denying ref deletion for %s", name);
1511 ret = "deletion prohibited";
1512 goto out;
1513 }
1514
1515 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1516 switch (deny_delete_current) {
1517 case DENY_IGNORE:
1518 break;
1519 case DENY_WARN:
1520 rp_warning("deleting the current branch");
1521 break;
1522 case DENY_REFUSE:
1523 case DENY_UNCONFIGURED:
1524 case DENY_UPDATE_INSTEAD:
1525 if (deny_delete_current == DENY_UNCONFIGURED)
1526 refuse_unconfigured_deny_delete_current();
1527 rp_error("refusing to delete the current branch: %s", name);
1528 ret = "deletion of the current branch prohibited";
1529 goto out;
1530 default:
1531 ret = "Invalid denyDeleteCurrent setting";
1532 goto out;
1533 }
1534 }
1535 }
1536
1537 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1538 !is_null_oid(old_oid) &&
1539 starts_with(name, "refs/heads/")) {
1540 struct object *old_object, *new_object;
1541 struct commit *old_commit, *new_commit;
1542
1543 old_object = parse_object(the_repository, old_oid);
1544 new_object = parse_object(the_repository, new_oid);
1545
1546 if (!old_object || !new_object ||
1547 old_object->type != OBJ_COMMIT ||
1548 new_object->type != OBJ_COMMIT) {
1549 error("bad sha1 objects for %s", name);
1550 ret = "bad ref";
1551 goto out;
1552 }
1553 old_commit = (struct commit *)old_object;
1554 new_commit = (struct commit *)new_object;
1555 if (!repo_in_merge_bases(the_repository, old_commit, new_commit)) {
1556 rp_error("denying non-fast-forward %s"
1557 " (you should pull first)", name);
1558 ret = "non-fast-forward";
1559 goto out;
1560 }
1561 }
1562 if (run_update_hook(cmd)) {
1563 rp_error("hook declined to update %s", name);
1564 ret = "hook declined";
1565 goto out;
1566 }
1567
1568 if (do_update_worktree) {
1569 ret = update_worktree(new_oid->hash, worktree);
1570 if (ret)
1571 goto out;
1572 }
1573
1574 if (is_null_oid(new_oid)) {
1575 struct strbuf err = STRBUF_INIT;
1576 if (!parse_object(the_repository, old_oid)) {
1577 old_oid = NULL;
1578 if (ref_exists(name)) {
1579 rp_warning("allowing deletion of corrupt ref");
1580 } else {
1581 rp_warning("deleting a non-existent ref");
1582 cmd->did_not_exist = 1;
1583 }
1584 }
1585 if (ref_transaction_delete(transaction,
1586 namespaced_name,
1587 old_oid,
1588 0, "push", &err)) {
1589 rp_error("%s", err.buf);
1590 ret = "failed to delete";
1591 } else {
1592 ret = NULL; /* good */
1593 }
1594 strbuf_release(&err);
1595 }
1596 else {
1597 struct strbuf err = STRBUF_INIT;
1598 if (shallow_update && si->shallow_ref[cmd->index] &&
1599 update_shallow_ref(cmd, si)) {
1600 ret = "shallow error";
1601 goto out;
1602 }
1603
1604 if (ref_transaction_update(transaction,
1605 namespaced_name,
1606 new_oid, old_oid,
1607 0, "push",
1608 &err)) {
1609 rp_error("%s", err.buf);
1610 ret = "failed to update ref";
1611 } else {
1612 ret = NULL; /* good */
1613 }
1614 strbuf_release(&err);
1615 }
1616
1617 out:
1618 free_worktrees(worktrees);
1619 return ret;
1620 }
1621
1622 static void run_update_post_hook(struct command *commands)
1623 {
1624 struct command *cmd;
1625 struct child_process proc = CHILD_PROCESS_INIT;
1626 const char *hook;
1627
1628 hook = find_hook("post-update");
1629 if (!hook)
1630 return;
1631
1632 for (cmd = commands; cmd; cmd = cmd->next) {
1633 if (cmd->error_string || cmd->did_not_exist)
1634 continue;
1635 if (!proc.args.nr)
1636 strvec_push(&proc.args, hook);
1637 strvec_push(&proc.args, cmd->ref_name);
1638 }
1639 if (!proc.args.nr)
1640 return;
1641
1642 proc.no_stdin = 1;
1643 proc.stdout_to_stderr = 1;
1644 proc.err = use_sideband ? -1 : 0;
1645 proc.trace2_hook_name = "post-update";
1646
1647 if (!start_command(&proc)) {
1648 if (use_sideband)
1649 copy_to_sideband(proc.err, -1, NULL);
1650 finish_command(&proc);
1651 }
1652 }
1653
1654 static void check_aliased_update_internal(struct command *cmd,
1655 struct string_list *list,
1656 const char *dst_name, int flag)
1657 {
1658 struct string_list_item *item;
1659 struct command *dst_cmd;
1660
1661 if (!(flag & REF_ISSYMREF))
1662 return;
1663
1664 if (!dst_name) {
1665 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1666 cmd->skip_update = 1;
1667 cmd->error_string = "broken symref";
1668 return;
1669 }
1670 dst_name = strip_namespace(dst_name);
1671
1672 if (!(item = string_list_lookup(list, dst_name)))
1673 return;
1674
1675 cmd->skip_update = 1;
1676
1677 dst_cmd = (struct command *) item->util;
1678
1679 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1680 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1681 return;
1682
1683 dst_cmd->skip_update = 1;
1684
1685 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1686 " its target '%s' (%s..%s)",
1687 cmd->ref_name,
1688 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1689 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1690 dst_cmd->ref_name,
1691 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1692 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1693
1694 cmd->error_string = dst_cmd->error_string =
1695 "inconsistent aliased update";
1696 }
1697
1698 static void check_aliased_update(struct command *cmd, struct string_list *list)
1699 {
1700 struct strbuf buf = STRBUF_INIT;
1701 const char *dst_name;
1702 int flag;
1703
1704 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1705 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1706 check_aliased_update_internal(cmd, list, dst_name, flag);
1707 strbuf_release(&buf);
1708 }
1709
1710 static void check_aliased_updates(struct command *commands)
1711 {
1712 struct command *cmd;
1713 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1714
1715 for (cmd = commands; cmd; cmd = cmd->next) {
1716 struct string_list_item *item =
1717 string_list_append(&ref_list, cmd->ref_name);
1718 item->util = (void *)cmd;
1719 }
1720 string_list_sort(&ref_list);
1721
1722 for (cmd = commands; cmd; cmd = cmd->next) {
1723 if (!cmd->error_string)
1724 check_aliased_update(cmd, &ref_list);
1725 }
1726
1727 string_list_clear(&ref_list, 0);
1728 }
1729
1730 static const struct object_id *command_singleton_iterator(void *cb_data)
1731 {
1732 struct command **cmd_list = cb_data;
1733 struct command *cmd = *cmd_list;
1734
1735 if (!cmd || is_null_oid(&cmd->new_oid))
1736 return NULL;
1737 *cmd_list = NULL; /* this returns only one */
1738 return &cmd->new_oid;
1739 }
1740
1741 static void set_connectivity_errors(struct command *commands,
1742 struct shallow_info *si)
1743 {
1744 struct command *cmd;
1745
1746 for (cmd = commands; cmd; cmd = cmd->next) {
1747 struct command *singleton = cmd;
1748 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1749
1750 if (shallow_update && si->shallow_ref[cmd->index])
1751 /* to be checked in update_shallow_ref() */
1752 continue;
1753
1754 opt.env = tmp_objdir_env(tmp_objdir);
1755 if (!check_connected(command_singleton_iterator, &singleton,
1756 &opt))
1757 continue;
1758
1759 cmd->error_string = "missing necessary objects";
1760 }
1761 }
1762
1763 struct iterate_data {
1764 struct command *cmds;
1765 struct shallow_info *si;
1766 };
1767
1768 static const struct object_id *iterate_receive_command_list(void *cb_data)
1769 {
1770 struct iterate_data *data = cb_data;
1771 struct command **cmd_list = &data->cmds;
1772 struct command *cmd = *cmd_list;
1773
1774 for (; cmd; cmd = cmd->next) {
1775 if (shallow_update && data->si->shallow_ref[cmd->index])
1776 /* to be checked in update_shallow_ref() */
1777 continue;
1778 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1779 *cmd_list = cmd->next;
1780 return &cmd->new_oid;
1781 }
1782 }
1783 return NULL;
1784 }
1785
1786 static void reject_updates_to_hidden(struct command *commands)
1787 {
1788 struct strbuf refname_full = STRBUF_INIT;
1789 size_t prefix_len;
1790 struct command *cmd;
1791
1792 strbuf_addstr(&refname_full, get_git_namespace());
1793 prefix_len = refname_full.len;
1794
1795 for (cmd = commands; cmd; cmd = cmd->next) {
1796 if (cmd->error_string)
1797 continue;
1798
1799 strbuf_setlen(&refname_full, prefix_len);
1800 strbuf_addstr(&refname_full, cmd->ref_name);
1801
1802 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1803 continue;
1804 if (is_null_oid(&cmd->new_oid))
1805 cmd->error_string = "deny deleting a hidden ref";
1806 else
1807 cmd->error_string = "deny updating a hidden ref";
1808 }
1809
1810 strbuf_release(&refname_full);
1811 }
1812
1813 static int should_process_cmd(struct command *cmd)
1814 {
1815 return !cmd->error_string && !cmd->skip_update;
1816 }
1817
1818 static void BUG_if_skipped_connectivity_check(struct command *commands,
1819 struct shallow_info *si)
1820 {
1821 struct command *cmd;
1822
1823 for (cmd = commands; cmd; cmd = cmd->next) {
1824 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1825 bug("connectivity check has not been run on ref %s",
1826 cmd->ref_name);
1827 }
1828 BUG_if_bug("connectivity check skipped???");
1829 }
1830
1831 static void execute_commands_non_atomic(struct command *commands,
1832 struct shallow_info *si)
1833 {
1834 struct command *cmd;
1835 struct strbuf err = STRBUF_INIT;
1836
1837 for (cmd = commands; cmd; cmd = cmd->next) {
1838 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1839 continue;
1840
1841 transaction = ref_transaction_begin(&err);
1842 if (!transaction) {
1843 rp_error("%s", err.buf);
1844 strbuf_reset(&err);
1845 cmd->error_string = "transaction failed to start";
1846 continue;
1847 }
1848
1849 cmd->error_string = update(cmd, si);
1850
1851 if (!cmd->error_string
1852 && ref_transaction_commit(transaction, &err)) {
1853 rp_error("%s", err.buf);
1854 strbuf_reset(&err);
1855 cmd->error_string = "failed to update ref";
1856 }
1857 ref_transaction_free(transaction);
1858 }
1859 strbuf_release(&err);
1860 }
1861
1862 static void execute_commands_atomic(struct command *commands,
1863 struct shallow_info *si)
1864 {
1865 struct command *cmd;
1866 struct strbuf err = STRBUF_INIT;
1867 const char *reported_error = "atomic push failure";
1868
1869 transaction = ref_transaction_begin(&err);
1870 if (!transaction) {
1871 rp_error("%s", err.buf);
1872 strbuf_reset(&err);
1873 reported_error = "transaction failed to start";
1874 goto failure;
1875 }
1876
1877 for (cmd = commands; cmd; cmd = cmd->next) {
1878 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1879 continue;
1880
1881 cmd->error_string = update(cmd, si);
1882
1883 if (cmd->error_string)
1884 goto failure;
1885 }
1886
1887 if (ref_transaction_commit(transaction, &err)) {
1888 rp_error("%s", err.buf);
1889 reported_error = "atomic transaction failed";
1890 goto failure;
1891 }
1892 goto cleanup;
1893
1894 failure:
1895 for (cmd = commands; cmd; cmd = cmd->next)
1896 if (!cmd->error_string)
1897 cmd->error_string = reported_error;
1898
1899 cleanup:
1900 ref_transaction_free(transaction);
1901 strbuf_release(&err);
1902 }
1903
1904 static void execute_commands(struct command *commands,
1905 const char *unpacker_error,
1906 struct shallow_info *si,
1907 const struct string_list *push_options)
1908 {
1909 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1910 struct command *cmd;
1911 struct iterate_data data;
1912 struct async muxer;
1913 int err_fd = 0;
1914 int run_proc_receive = 0;
1915
1916 if (unpacker_error) {
1917 for (cmd = commands; cmd; cmd = cmd->next)
1918 cmd->error_string = "unpacker error";
1919 return;
1920 }
1921
1922 if (use_sideband) {
1923 memset(&muxer, 0, sizeof(muxer));
1924 muxer.proc = copy_to_sideband;
1925 muxer.in = -1;
1926 if (!start_async(&muxer))
1927 err_fd = muxer.in;
1928 /* ...else, continue without relaying sideband */
1929 }
1930
1931 data.cmds = commands;
1932 data.si = si;
1933 opt.err_fd = err_fd;
1934 opt.progress = err_fd && !quiet;
1935 opt.env = tmp_objdir_env(tmp_objdir);
1936 opt.exclude_hidden_refs_section = "receive";
1937
1938 if (check_connected(iterate_receive_command_list, &data, &opt))
1939 set_connectivity_errors(commands, si);
1940
1941 if (use_sideband)
1942 finish_async(&muxer);
1943
1944 reject_updates_to_hidden(commands);
1945
1946 /*
1947 * Try to find commands that have special prefix in their reference names,
1948 * and mark them to run an external "proc-receive" hook later.
1949 */
1950 if (proc_receive_ref) {
1951 for (cmd = commands; cmd; cmd = cmd->next) {
1952 if (!should_process_cmd(cmd))
1953 continue;
1954
1955 if (proc_receive_ref_matches(cmd)) {
1956 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1957 run_proc_receive = 1;
1958 }
1959 }
1960 }
1961
1962 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1963 for (cmd = commands; cmd; cmd = cmd->next) {
1964 if (!cmd->error_string)
1965 cmd->error_string = "pre-receive hook declined";
1966 }
1967 return;
1968 }
1969
1970 /*
1971 * If there is no command ready to run, should return directly to destroy
1972 * temporary data in the quarantine area.
1973 */
1974 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1975 ; /* nothing */
1976 if (!cmd)
1977 return;
1978
1979 /*
1980 * Now we'll start writing out refs, which means the objects need
1981 * to be in their final positions so that other processes can see them.
1982 */
1983 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1984 for (cmd = commands; cmd; cmd = cmd->next) {
1985 if (!cmd->error_string)
1986 cmd->error_string = "unable to migrate objects to permanent storage";
1987 }
1988 return;
1989 }
1990 tmp_objdir = NULL;
1991
1992 check_aliased_updates(commands);
1993
1994 free(head_name_to_free);
1995 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1996
1997 if (run_proc_receive &&
1998 run_proc_receive_hook(commands, push_options))
1999 for (cmd = commands; cmd; cmd = cmd->next)
2000 if (!cmd->error_string &&
2001 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2002 (cmd->run_proc_receive || use_atomic))
2003 cmd->error_string = "fail to run proc-receive hook";
2004
2005 if (use_atomic)
2006 execute_commands_atomic(commands, si);
2007 else
2008 execute_commands_non_atomic(commands, si);
2009
2010 if (shallow_update)
2011 BUG_if_skipped_connectivity_check(commands, si);
2012 }
2013
2014 static struct command **queue_command(struct command **tail,
2015 const char *line,
2016 int linelen)
2017 {
2018 struct object_id old_oid, new_oid;
2019 struct command *cmd;
2020 const char *refname;
2021 int reflen;
2022 const char *p;
2023
2024 if (parse_oid_hex(line, &old_oid, &p) ||
2025 *p++ != ' ' ||
2026 parse_oid_hex(p, &new_oid, &p) ||
2027 *p++ != ' ')
2028 die("protocol error: expected old/new/ref, got '%s'", line);
2029
2030 refname = p;
2031 reflen = linelen - (p - line);
2032 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2033 oidcpy(&cmd->old_oid, &old_oid);
2034 oidcpy(&cmd->new_oid, &new_oid);
2035 *tail = cmd;
2036 return &cmd->next;
2037 }
2038
2039 static void free_commands(struct command *commands)
2040 {
2041 while (commands) {
2042 struct command *next = commands->next;
2043
2044 free(commands);
2045 commands = next;
2046 }
2047 }
2048
2049 static void queue_commands_from_cert(struct command **tail,
2050 struct strbuf *push_cert)
2051 {
2052 const char *boc, *eoc;
2053
2054 if (*tail)
2055 die("protocol error: got both push certificate and unsigned commands");
2056
2057 boc = strstr(push_cert->buf, "\n\n");
2058 if (!boc)
2059 die("malformed push certificate %.*s", 100, push_cert->buf);
2060 else
2061 boc += 2;
2062 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2063
2064 while (boc < eoc) {
2065 const char *eol = memchr(boc, '\n', eoc - boc);
2066 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2067 boc = eol ? eol + 1 : eoc;
2068 }
2069 }
2070
2071 static struct command *read_head_info(struct packet_reader *reader,
2072 struct oid_array *shallow)
2073 {
2074 struct command *commands = NULL;
2075 struct command **p = &commands;
2076 for (;;) {
2077 int linelen;
2078
2079 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2080 break;
2081
2082 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2083 struct object_id oid;
2084 if (get_oid_hex(reader->line + 8, &oid))
2085 die("protocol error: expected shallow sha, got '%s'",
2086 reader->line + 8);
2087 oid_array_append(shallow, &oid);
2088 continue;
2089 }
2090
2091 linelen = strlen(reader->line);
2092 if (linelen < reader->pktlen) {
2093 const char *feature_list = reader->line + linelen + 1;
2094 const char *hash = NULL;
2095 const char *client_sid;
2096 int len = 0;
2097 if (parse_feature_request(feature_list, "report-status"))
2098 report_status = 1;
2099 if (parse_feature_request(feature_list, "report-status-v2"))
2100 report_status_v2 = 1;
2101 if (parse_feature_request(feature_list, "side-band-64k"))
2102 use_sideband = LARGE_PACKET_MAX;
2103 if (parse_feature_request(feature_list, "quiet"))
2104 quiet = 1;
2105 if (advertise_atomic_push
2106 && parse_feature_request(feature_list, "atomic"))
2107 use_atomic = 1;
2108 if (advertise_push_options
2109 && parse_feature_request(feature_list, "push-options"))
2110 use_push_options = 1;
2111 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2112 if (!hash) {
2113 hash = hash_algos[GIT_HASH_SHA1].name;
2114 len = strlen(hash);
2115 }
2116 if (xstrncmpz(the_hash_algo->name, hash, len))
2117 die("error: unsupported object format '%s'", hash);
2118 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2119 if (client_sid) {
2120 char *sid = xstrndup(client_sid, len);
2121 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2122 free(sid);
2123 }
2124 }
2125
2126 if (!strcmp(reader->line, "push-cert")) {
2127 int true_flush = 0;
2128 int saved_options = reader->options;
2129 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2130
2131 for (;;) {
2132 packet_reader_read(reader);
2133 if (reader->status == PACKET_READ_FLUSH) {
2134 true_flush = 1;
2135 break;
2136 }
2137 if (reader->status != PACKET_READ_NORMAL) {
2138 die("protocol error: got an unexpected packet");
2139 }
2140 if (!strcmp(reader->line, "push-cert-end\n"))
2141 break; /* end of cert */
2142 strbuf_addstr(&push_cert, reader->line);
2143 }
2144 reader->options = saved_options;
2145
2146 if (true_flush)
2147 break;
2148 continue;
2149 }
2150
2151 p = queue_command(p, reader->line, linelen);
2152 }
2153
2154 if (push_cert.len)
2155 queue_commands_from_cert(p, &push_cert);
2156
2157 return commands;
2158 }
2159
2160 static void read_push_options(struct packet_reader *reader,
2161 struct string_list *options)
2162 {
2163 while (1) {
2164 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2165 break;
2166
2167 string_list_append(options, reader->line);
2168 }
2169 }
2170
2171 static const char *parse_pack_header(struct pack_header *hdr)
2172 {
2173 switch (read_pack_header(0, hdr)) {
2174 case PH_ERROR_EOF:
2175 return "eof before pack header was fully read";
2176
2177 case PH_ERROR_PACK_SIGNATURE:
2178 return "protocol error (pack signature mismatch detected)";
2179
2180 case PH_ERROR_PROTOCOL:
2181 return "protocol error (pack version unsupported)";
2182
2183 default:
2184 return "unknown error in parse_pack_header";
2185
2186 case 0:
2187 return NULL;
2188 }
2189 }
2190
2191 static struct tempfile *pack_lockfile;
2192
2193 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2194 {
2195 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2196 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2197 }
2198
2199 static const char *unpack(int err_fd, struct shallow_info *si)
2200 {
2201 struct pack_header hdr;
2202 const char *hdr_err;
2203 int status;
2204 struct child_process child = CHILD_PROCESS_INIT;
2205 int fsck_objects = (receive_fsck_objects >= 0
2206 ? receive_fsck_objects
2207 : transfer_fsck_objects >= 0
2208 ? transfer_fsck_objects
2209 : 0);
2210
2211 hdr_err = parse_pack_header(&hdr);
2212 if (hdr_err) {
2213 if (err_fd > 0)
2214 close(err_fd);
2215 return hdr_err;
2216 }
2217
2218 if (si->nr_ours || si->nr_theirs) {
2219 alt_shallow_file = setup_temporary_shallow(si->shallow);
2220 strvec_push(&child.args, "--shallow-file");
2221 strvec_push(&child.args, alt_shallow_file);
2222 }
2223
2224 tmp_objdir = tmp_objdir_create("incoming");
2225 if (!tmp_objdir) {
2226 if (err_fd > 0)
2227 close(err_fd);
2228 return "unable to create temporary object directory";
2229 }
2230 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2231
2232 /*
2233 * Normally we just pass the tmp_objdir environment to the child
2234 * processes that do the heavy lifting, but we may need to see these
2235 * objects ourselves to set up shallow information.
2236 */
2237 tmp_objdir_add_as_alternate(tmp_objdir);
2238
2239 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2240 strvec_push(&child.args, "unpack-objects");
2241 push_header_arg(&child.args, &hdr);
2242 if (quiet)
2243 strvec_push(&child.args, "-q");
2244 if (fsck_objects)
2245 strvec_pushf(&child.args, "--strict%s",
2246 fsck_msg_types.buf);
2247 if (max_input_size)
2248 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2249 (uintmax_t)max_input_size);
2250 child.no_stdout = 1;
2251 child.err = err_fd;
2252 child.git_cmd = 1;
2253 status = run_command(&child);
2254 if (status)
2255 return "unpack-objects abnormal exit";
2256 } else {
2257 char hostname[HOST_NAME_MAX + 1];
2258 char *lockfile;
2259
2260 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2261 push_header_arg(&child.args, &hdr);
2262
2263 if (xgethostname(hostname, sizeof(hostname)))
2264 xsnprintf(hostname, sizeof(hostname), "localhost");
2265 strvec_pushf(&child.args,
2266 "--keep=receive-pack %"PRIuMAX" on %s",
2267 (uintmax_t)getpid(),
2268 hostname);
2269
2270 if (!quiet && err_fd)
2271 strvec_push(&child.args, "--show-resolving-progress");
2272 if (use_sideband)
2273 strvec_push(&child.args, "--report-end-of-input");
2274 if (fsck_objects)
2275 strvec_pushf(&child.args, "--strict%s",
2276 fsck_msg_types.buf);
2277 if (!reject_thin)
2278 strvec_push(&child.args, "--fix-thin");
2279 if (max_input_size)
2280 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2281 (uintmax_t)max_input_size);
2282 child.out = -1;
2283 child.err = err_fd;
2284 child.git_cmd = 1;
2285 status = start_command(&child);
2286 if (status)
2287 return "index-pack fork failed";
2288
2289 lockfile = index_pack_lockfile(child.out, NULL);
2290 if (lockfile) {
2291 pack_lockfile = register_tempfile(lockfile);
2292 free(lockfile);
2293 }
2294 close(child.out);
2295
2296 status = finish_command(&child);
2297 if (status)
2298 return "index-pack abnormal exit";
2299 reprepare_packed_git(the_repository);
2300 }
2301 return NULL;
2302 }
2303
2304 static const char *unpack_with_sideband(struct shallow_info *si)
2305 {
2306 struct async muxer;
2307 const char *ret;
2308
2309 if (!use_sideband)
2310 return unpack(0, si);
2311
2312 use_keepalive = KEEPALIVE_AFTER_NUL;
2313 memset(&muxer, 0, sizeof(muxer));
2314 muxer.proc = copy_to_sideband;
2315 muxer.in = -1;
2316 if (start_async(&muxer))
2317 return NULL;
2318
2319 ret = unpack(muxer.in, si);
2320
2321 finish_async(&muxer);
2322 return ret;
2323 }
2324
2325 static void prepare_shallow_update(struct shallow_info *si)
2326 {
2327 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2328
2329 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2330 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2331
2332 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2333 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2334 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2335
2336 for (i = 0; i < si->nr_ours; i++)
2337 si->need_reachability_test[si->ours[i]] = 1;
2338
2339 for (i = 0; i < si->shallow->nr; i++) {
2340 if (!si->used_shallow[i])
2341 continue;
2342 for (j = 0; j < bitmap_size; j++) {
2343 if (!si->used_shallow[i][j])
2344 continue;
2345 si->need_reachability_test[i]++;
2346 for (k = 0; k < 32; k++)
2347 if (si->used_shallow[i][j] & (1U << k))
2348 si->shallow_ref[j * 32 + k]++;
2349 }
2350
2351 /*
2352 * true for those associated with some refs and belong
2353 * in "ours" list aka "step 7 not done yet"
2354 */
2355 si->need_reachability_test[i] =
2356 si->need_reachability_test[i] > 1;
2357 }
2358
2359 /*
2360 * keep hooks happy by forcing a temporary shallow file via
2361 * env variable because we can't add --shallow-file to every
2362 * command. check_connected() will be done with
2363 * true .git/shallow though.
2364 */
2365 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2366 }
2367
2368 static void update_shallow_info(struct command *commands,
2369 struct shallow_info *si,
2370 struct oid_array *ref)
2371 {
2372 struct command *cmd;
2373 int *ref_status;
2374 remove_nonexistent_theirs_shallow(si);
2375 if (!si->nr_ours && !si->nr_theirs) {
2376 shallow_update = 0;
2377 return;
2378 }
2379
2380 for (cmd = commands; cmd; cmd = cmd->next) {
2381 if (is_null_oid(&cmd->new_oid))
2382 continue;
2383 oid_array_append(ref, &cmd->new_oid);
2384 cmd->index = ref->nr - 1;
2385 }
2386 si->ref = ref;
2387
2388 if (shallow_update) {
2389 prepare_shallow_update(si);
2390 return;
2391 }
2392
2393 ALLOC_ARRAY(ref_status, ref->nr);
2394 assign_shallow_commits_to_refs(si, NULL, ref_status);
2395 for (cmd = commands; cmd; cmd = cmd->next) {
2396 if (is_null_oid(&cmd->new_oid))
2397 continue;
2398 if (ref_status[cmd->index]) {
2399 cmd->error_string = "shallow update not allowed";
2400 cmd->skip_update = 1;
2401 }
2402 }
2403 free(ref_status);
2404 }
2405
2406 static void report(struct command *commands, const char *unpack_status)
2407 {
2408 struct command *cmd;
2409 struct strbuf buf = STRBUF_INIT;
2410
2411 packet_buf_write(&buf, "unpack %s\n",
2412 unpack_status ? unpack_status : "ok");
2413 for (cmd = commands; cmd; cmd = cmd->next) {
2414 if (!cmd->error_string)
2415 packet_buf_write(&buf, "ok %s\n",
2416 cmd->ref_name);
2417 else
2418 packet_buf_write(&buf, "ng %s %s\n",
2419 cmd->ref_name, cmd->error_string);
2420 }
2421 packet_buf_flush(&buf);
2422
2423 if (use_sideband)
2424 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2425 else
2426 write_or_die(1, buf.buf, buf.len);
2427 strbuf_release(&buf);
2428 }
2429
2430 static void report_v2(struct command *commands, const char *unpack_status)
2431 {
2432 struct command *cmd;
2433 struct strbuf buf = STRBUF_INIT;
2434 struct ref_push_report *report;
2435
2436 packet_buf_write(&buf, "unpack %s\n",
2437 unpack_status ? unpack_status : "ok");
2438 for (cmd = commands; cmd; cmd = cmd->next) {
2439 int count = 0;
2440
2441 if (cmd->error_string) {
2442 packet_buf_write(&buf, "ng %s %s\n",
2443 cmd->ref_name,
2444 cmd->error_string);
2445 continue;
2446 }
2447 packet_buf_write(&buf, "ok %s\n",
2448 cmd->ref_name);
2449 for (report = cmd->report; report; report = report->next) {
2450 if (count++ > 0)
2451 packet_buf_write(&buf, "ok %s\n",
2452 cmd->ref_name);
2453 if (report->ref_name)
2454 packet_buf_write(&buf, "option refname %s\n",
2455 report->ref_name);
2456 if (report->old_oid)
2457 packet_buf_write(&buf, "option old-oid %s\n",
2458 oid_to_hex(report->old_oid));
2459 if (report->new_oid)
2460 packet_buf_write(&buf, "option new-oid %s\n",
2461 oid_to_hex(report->new_oid));
2462 if (report->forced_update)
2463 packet_buf_write(&buf, "option forced-update\n");
2464 }
2465 }
2466 packet_buf_flush(&buf);
2467
2468 if (use_sideband)
2469 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2470 else
2471 write_or_die(1, buf.buf, buf.len);
2472 strbuf_release(&buf);
2473 }
2474
2475 static int delete_only(struct command *commands)
2476 {
2477 struct command *cmd;
2478 for (cmd = commands; cmd; cmd = cmd->next) {
2479 if (!is_null_oid(&cmd->new_oid))
2480 return 0;
2481 }
2482 return 1;
2483 }
2484
2485 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2486 {
2487 int advertise_refs = 0;
2488 struct command *commands;
2489 struct oid_array shallow = OID_ARRAY_INIT;
2490 struct oid_array ref = OID_ARRAY_INIT;
2491 struct shallow_info si;
2492 struct packet_reader reader;
2493
2494 struct option options[] = {
2495 OPT__QUIET(&quiet, N_("quiet")),
2496 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2497 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2498 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2499 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2500 OPT_END()
2501 };
2502
2503 packet_trace_identity("receive-pack");
2504
2505 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2506
2507 if (argc > 1)
2508 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2509 if (argc == 0)
2510 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2511
2512 service_dir = argv[0];
2513
2514 setup_path();
2515
2516 if (!enter_repo(service_dir, 0))
2517 die("'%s' does not appear to be a git repository", service_dir);
2518
2519 git_config(receive_pack_config, NULL);
2520 if (cert_nonce_seed)
2521 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2522
2523 if (0 <= transfer_unpack_limit)
2524 unpack_limit = transfer_unpack_limit;
2525 else if (0 <= receive_unpack_limit)
2526 unpack_limit = receive_unpack_limit;
2527
2528 switch (determine_protocol_version_server()) {
2529 case protocol_v2:
2530 /*
2531 * push support for protocol v2 has not been implemented yet,
2532 * so ignore the request to use v2 and fallback to using v0.
2533 */
2534 break;
2535 case protocol_v1:
2536 /*
2537 * v1 is just the original protocol with a version string,
2538 * so just fall through after writing the version string.
2539 */
2540 if (advertise_refs || !stateless_rpc)
2541 packet_write_fmt(1, "version 1\n");
2542
2543 /* fallthrough */
2544 case protocol_v0:
2545 break;
2546 case protocol_unknown_version:
2547 BUG("unknown protocol version");
2548 }
2549
2550 if (advertise_refs || !stateless_rpc) {
2551 write_head_info();
2552 }
2553 if (advertise_refs)
2554 return 0;
2555
2556 packet_reader_init(&reader, 0, NULL, 0,
2557 PACKET_READ_CHOMP_NEWLINE |
2558 PACKET_READ_DIE_ON_ERR_PACKET);
2559
2560 if ((commands = read_head_info(&reader, &shallow))) {
2561 const char *unpack_status = NULL;
2562 struct string_list push_options = STRING_LIST_INIT_DUP;
2563
2564 if (use_push_options)
2565 read_push_options(&reader, &push_options);
2566 if (!check_cert_push_options(&push_options)) {
2567 struct command *cmd;
2568 for (cmd = commands; cmd; cmd = cmd->next)
2569 cmd->error_string = "inconsistent push options";
2570 }
2571
2572 prepare_shallow_info(&si, &shallow);
2573 if (!si.nr_ours && !si.nr_theirs)
2574 shallow_update = 0;
2575 if (!delete_only(commands)) {
2576 unpack_status = unpack_with_sideband(&si);
2577 update_shallow_info(commands, &si, &ref);
2578 }
2579 use_keepalive = KEEPALIVE_ALWAYS;
2580 execute_commands(commands, unpack_status, &si,
2581 &push_options);
2582 delete_tempfile(&pack_lockfile);
2583 sigchain_push(SIGPIPE, SIG_IGN);
2584 if (report_status_v2)
2585 report_v2(commands, unpack_status);
2586 else if (report_status)
2587 report(commands, unpack_status);
2588 sigchain_pop(SIGPIPE);
2589 run_receive_hook(commands, "post-receive", 1,
2590 &push_options);
2591 run_update_post_hook(commands);
2592 free_commands(commands);
2593 string_list_clear(&push_options, 0);
2594 if (auto_gc) {
2595 struct child_process proc = CHILD_PROCESS_INIT;
2596
2597 proc.no_stdin = 1;
2598 proc.stdout_to_stderr = 1;
2599 proc.err = use_sideband ? -1 : 0;
2600 proc.git_cmd = proc.close_object_store = 1;
2601 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2602 NULL);
2603
2604 if (!start_command(&proc)) {
2605 if (use_sideband)
2606 copy_to_sideband(proc.err, -1, NULL);
2607 finish_command(&proc);
2608 }
2609 }
2610 if (auto_update_server_info)
2611 update_server_info(0);
2612 clear_shallow_info(&si);
2613 }
2614 if (use_sideband)
2615 packet_flush(1);
2616 oid_array_clear(&shallow);
2617 oid_array_clear(&ref);
2618 string_list_clear(&hidden_refs, 0);
2619 free((void *)push_cert_nonce);
2620 return 0;
2621 }
Unnamed repository; edit this file 'description' to name the repository.