]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'rs/daemon-plug-child-leak' into maint
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23
24 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
25
26 enum deny_action {
27 DENY_UNCONFIGURED,
28 DENY_IGNORE,
29 DENY_WARN,
30 DENY_REFUSE,
31 DENY_UPDATE_INSTEAD
32 };
33
34 static int deny_deletes;
35 static int deny_non_fast_forwards;
36 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
37 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
38 static int receive_fsck_objects = -1;
39 static int transfer_fsck_objects = -1;
40 static struct strbuf fsck_msg_types = STRBUF_INIT;
41 static int receive_unpack_limit = -1;
42 static int transfer_unpack_limit = -1;
43 static int advertise_atomic_push = 1;
44 static int unpack_limit = 100;
45 static int report_status;
46 static int use_sideband;
47 static int use_atomic;
48 static int quiet;
49 static int prefer_ofs_delta = 1;
50 static int auto_update_server_info;
51 static int auto_gc = 1;
52 static int fix_thin = 1;
53 static int stateless_rpc;
54 static const char *service_dir;
55 static const char *head_name;
56 static void *head_name_to_free;
57 static int sent_capabilities;
58 static int shallow_update;
59 static const char *alt_shallow_file;
60 static struct strbuf push_cert = STRBUF_INIT;
61 static unsigned char push_cert_sha1[20];
62 static struct signature_check sigcheck;
63 static const char *push_cert_nonce;
64 static const char *cert_nonce_seed;
65
66 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
67 static const char *NONCE_BAD = "BAD";
68 static const char *NONCE_MISSING = "MISSING";
69 static const char *NONCE_OK = "OK";
70 static const char *NONCE_SLOP = "SLOP";
71 static const char *nonce_status;
72 static long nonce_stamp_slop;
73 static unsigned long nonce_stamp_slop_limit;
74 static struct ref_transaction *transaction;
75
76 static enum deny_action parse_deny_action(const char *var, const char *value)
77 {
78 if (value) {
79 if (!strcasecmp(value, "ignore"))
80 return DENY_IGNORE;
81 if (!strcasecmp(value, "warn"))
82 return DENY_WARN;
83 if (!strcasecmp(value, "refuse"))
84 return DENY_REFUSE;
85 if (!strcasecmp(value, "updateinstead"))
86 return DENY_UPDATE_INSTEAD;
87 }
88 if (git_config_bool(var, value))
89 return DENY_REFUSE;
90 return DENY_IGNORE;
91 }
92
93 static int receive_pack_config(const char *var, const char *value, void *cb)
94 {
95 int status = parse_hide_refs_config(var, value, "receive");
96
97 if (status)
98 return status;
99
100 if (strcmp(var, "receive.denydeletes") == 0) {
101 deny_deletes = git_config_bool(var, value);
102 return 0;
103 }
104
105 if (strcmp(var, "receive.denynonfastforwards") == 0) {
106 deny_non_fast_forwards = git_config_bool(var, value);
107 return 0;
108 }
109
110 if (strcmp(var, "receive.unpacklimit") == 0) {
111 receive_unpack_limit = git_config_int(var, value);
112 return 0;
113 }
114
115 if (strcmp(var, "transfer.unpacklimit") == 0) {
116 transfer_unpack_limit = git_config_int(var, value);
117 return 0;
118 }
119
120 if (strcmp(var, "receive.fsck.skiplist") == 0) {
121 const char *path;
122
123 if (git_config_pathname(&path, var, value))
124 return 1;
125 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
126 fsck_msg_types.len ? ',' : '=', path);
127 free((char *)path);
128 return 0;
129 }
130
131 if (skip_prefix(var, "receive.fsck.", &var)) {
132 if (is_valid_msg_type(var, value))
133 strbuf_addf(&fsck_msg_types, "%c%s=%s",
134 fsck_msg_types.len ? ',' : '=', var, value);
135 else
136 warning("Skipping unknown msg id '%s'", var);
137 return 0;
138 }
139
140 if (strcmp(var, "receive.fsckobjects") == 0) {
141 receive_fsck_objects = git_config_bool(var, value);
142 return 0;
143 }
144
145 if (strcmp(var, "transfer.fsckobjects") == 0) {
146 transfer_fsck_objects = git_config_bool(var, value);
147 return 0;
148 }
149
150 if (!strcmp(var, "receive.denycurrentbranch")) {
151 deny_current_branch = parse_deny_action(var, value);
152 return 0;
153 }
154
155 if (strcmp(var, "receive.denydeletecurrent") == 0) {
156 deny_delete_current = parse_deny_action(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
161 prefer_ofs_delta = git_config_bool(var, value);
162 return 0;
163 }
164
165 if (strcmp(var, "receive.updateserverinfo") == 0) {
166 auto_update_server_info = git_config_bool(var, value);
167 return 0;
168 }
169
170 if (strcmp(var, "receive.autogc") == 0) {
171 auto_gc = git_config_bool(var, value);
172 return 0;
173 }
174
175 if (strcmp(var, "receive.shallowupdate") == 0) {
176 shallow_update = git_config_bool(var, value);
177 return 0;
178 }
179
180 if (strcmp(var, "receive.certnonceseed") == 0)
181 return git_config_string(&cert_nonce_seed, var, value);
182
183 if (strcmp(var, "receive.certnonceslop") == 0) {
184 nonce_stamp_slop_limit = git_config_ulong(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.advertiseatomic") == 0) {
189 advertise_atomic_push = git_config_bool(var, value);
190 return 0;
191 }
192
193 return git_default_config(var, value, cb);
194 }
195
196 static void show_ref(const char *path, const unsigned char *sha1)
197 {
198 if (ref_is_hidden(path))
199 return;
200
201 if (sent_capabilities) {
202 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
203 } else {
204 struct strbuf cap = STRBUF_INIT;
205
206 strbuf_addstr(&cap,
207 "report-status delete-refs side-band-64k quiet");
208 if (advertise_atomic_push)
209 strbuf_addstr(&cap, " atomic");
210 if (prefer_ofs_delta)
211 strbuf_addstr(&cap, " ofs-delta");
212 if (push_cert_nonce)
213 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
214 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
215 packet_write(1, "%s %s%c%s\n",
216 sha1_to_hex(sha1), path, 0, cap.buf);
217 strbuf_release(&cap);
218 sent_capabilities = 1;
219 }
220 }
221
222 static int show_ref_cb(const char *path, const struct object_id *oid, int flag, void *unused)
223 {
224 path = strip_namespace(path);
225 /*
226 * Advertise refs outside our current namespace as ".have"
227 * refs, so that the client can use them to minimize data
228 * transfer but will otherwise ignore them. This happens to
229 * cover ".have" that are thrown in by add_one_alternate_ref()
230 * to mark histories that are complete in our alternates as
231 * well.
232 */
233 if (!path)
234 path = ".have";
235 show_ref(path, oid->hash);
236 return 0;
237 }
238
239 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
240 {
241 show_ref(".have", sha1);
242 }
243
244 static void collect_one_alternate_ref(const struct ref *ref, void *data)
245 {
246 struct sha1_array *sa = data;
247 sha1_array_append(sa, ref->old_sha1);
248 }
249
250 static void write_head_info(void)
251 {
252 struct sha1_array sa = SHA1_ARRAY_INIT;
253
254 for_each_alternate_ref(collect_one_alternate_ref, &sa);
255 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
256 sha1_array_clear(&sa);
257 for_each_ref(show_ref_cb, NULL);
258 if (!sent_capabilities)
259 show_ref("capabilities^{}", null_sha1);
260
261 advertise_shallow_grafts(1);
262
263 /* EOF */
264 packet_flush(1);
265 }
266
267 struct command {
268 struct command *next;
269 const char *error_string;
270 unsigned int skip_update:1,
271 did_not_exist:1;
272 int index;
273 unsigned char old_sha1[20];
274 unsigned char new_sha1[20];
275 char ref_name[FLEX_ARRAY]; /* more */
276 };
277
278 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
279 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
280
281 static void report_message(const char *prefix, const char *err, va_list params)
282 {
283 int sz = strlen(prefix);
284 char msg[4096];
285
286 strncpy(msg, prefix, sz);
287 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
288 if (sz > (sizeof(msg) - 1))
289 sz = sizeof(msg) - 1;
290 msg[sz++] = '\n';
291
292 if (use_sideband)
293 send_sideband(1, 2, msg, sz, use_sideband);
294 else
295 xwrite(2, msg, sz);
296 }
297
298 static void rp_warning(const char *err, ...)
299 {
300 va_list params;
301 va_start(params, err);
302 report_message("warning: ", err, params);
303 va_end(params);
304 }
305
306 static void rp_error(const char *err, ...)
307 {
308 va_list params;
309 va_start(params, err);
310 report_message("error: ", err, params);
311 va_end(params);
312 }
313
314 static int copy_to_sideband(int in, int out, void *arg)
315 {
316 char data[128];
317 while (1) {
318 ssize_t sz = xread(in, data, sizeof(data));
319 if (sz <= 0)
320 break;
321 send_sideband(1, 2, data, sz, use_sideband);
322 }
323 close(in);
324 return 0;
325 }
326
327 #define HMAC_BLOCK_SIZE 64
328
329 static void hmac_sha1(unsigned char *out,
330 const char *key_in, size_t key_len,
331 const char *text, size_t text_len)
332 {
333 unsigned char key[HMAC_BLOCK_SIZE];
334 unsigned char k_ipad[HMAC_BLOCK_SIZE];
335 unsigned char k_opad[HMAC_BLOCK_SIZE];
336 int i;
337 git_SHA_CTX ctx;
338
339 /* RFC 2104 2. (1) */
340 memset(key, '\0', HMAC_BLOCK_SIZE);
341 if (HMAC_BLOCK_SIZE < key_len) {
342 git_SHA1_Init(&ctx);
343 git_SHA1_Update(&ctx, key_in, key_len);
344 git_SHA1_Final(key, &ctx);
345 } else {
346 memcpy(key, key_in, key_len);
347 }
348
349 /* RFC 2104 2. (2) & (5) */
350 for (i = 0; i < sizeof(key); i++) {
351 k_ipad[i] = key[i] ^ 0x36;
352 k_opad[i] = key[i] ^ 0x5c;
353 }
354
355 /* RFC 2104 2. (3) & (4) */
356 git_SHA1_Init(&ctx);
357 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
358 git_SHA1_Update(&ctx, text, text_len);
359 git_SHA1_Final(out, &ctx);
360
361 /* RFC 2104 2. (6) & (7) */
362 git_SHA1_Init(&ctx);
363 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
364 git_SHA1_Update(&ctx, out, 20);
365 git_SHA1_Final(out, &ctx);
366 }
367
368 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
369 {
370 struct strbuf buf = STRBUF_INIT;
371 unsigned char sha1[20];
372
373 strbuf_addf(&buf, "%s:%lu", path, stamp);
374 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
375 strbuf_release(&buf);
376
377 /* RFC 2104 5. HMAC-SHA1-80 */
378 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
379 return strbuf_detach(&buf, NULL);
380 }
381
382 /*
383 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
384 * after dropping "_commit" from its name and possibly moving it out
385 * of commit.c
386 */
387 static char *find_header(const char *msg, size_t len, const char *key)
388 {
389 int key_len = strlen(key);
390 const char *line = msg;
391
392 while (line && line < msg + len) {
393 const char *eol = strchrnul(line, '\n');
394
395 if ((msg + len <= eol) || line == eol)
396 return NULL;
397 if (line + key_len < eol &&
398 !memcmp(line, key, key_len) && line[key_len] == ' ') {
399 int offset = key_len + 1;
400 return xmemdupz(line + offset, (eol - line) - offset);
401 }
402 line = *eol ? eol + 1 : NULL;
403 }
404 return NULL;
405 }
406
407 static const char *check_nonce(const char *buf, size_t len)
408 {
409 char *nonce = find_header(buf, len, "nonce");
410 unsigned long stamp, ostamp;
411 char *bohmac, *expect = NULL;
412 const char *retval = NONCE_BAD;
413
414 if (!nonce) {
415 retval = NONCE_MISSING;
416 goto leave;
417 } else if (!push_cert_nonce) {
418 retval = NONCE_UNSOLICITED;
419 goto leave;
420 } else if (!strcmp(push_cert_nonce, nonce)) {
421 retval = NONCE_OK;
422 goto leave;
423 }
424
425 if (!stateless_rpc) {
426 /* returned nonce MUST match what we gave out earlier */
427 retval = NONCE_BAD;
428 goto leave;
429 }
430
431 /*
432 * In stateless mode, we may be receiving a nonce issued by
433 * another instance of the server that serving the same
434 * repository, and the timestamps may not match, but the
435 * nonce-seed and dir should match, so we can recompute and
436 * report the time slop.
437 *
438 * In addition, when a nonce issued by another instance has
439 * timestamp within receive.certnonceslop seconds, we pretend
440 * as if we issued that nonce when reporting to the hook.
441 */
442
443 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
444 if (*nonce <= '0' || '9' < *nonce) {
445 retval = NONCE_BAD;
446 goto leave;
447 }
448 stamp = strtoul(nonce, &bohmac, 10);
449 if (bohmac == nonce || bohmac[0] != '-') {
450 retval = NONCE_BAD;
451 goto leave;
452 }
453
454 expect = prepare_push_cert_nonce(service_dir, stamp);
455 if (strcmp(expect, nonce)) {
456 /* Not what we would have signed earlier */
457 retval = NONCE_BAD;
458 goto leave;
459 }
460
461 /*
462 * By how many seconds is this nonce stale? Negative value
463 * would mean it was issued by another server with its clock
464 * skewed in the future.
465 */
466 ostamp = strtoul(push_cert_nonce, NULL, 10);
467 nonce_stamp_slop = (long)ostamp - (long)stamp;
468
469 if (nonce_stamp_slop_limit &&
470 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
471 /*
472 * Pretend as if the received nonce (which passes the
473 * HMAC check, so it is not a forged by third-party)
474 * is what we issued.
475 */
476 free((void *)push_cert_nonce);
477 push_cert_nonce = xstrdup(nonce);
478 retval = NONCE_OK;
479 } else {
480 retval = NONCE_SLOP;
481 }
482
483 leave:
484 free(nonce);
485 free(expect);
486 return retval;
487 }
488
489 static void prepare_push_cert_sha1(struct child_process *proc)
490 {
491 static int already_done;
492
493 if (!push_cert.len)
494 return;
495
496 if (!already_done) {
497 struct strbuf gpg_output = STRBUF_INIT;
498 struct strbuf gpg_status = STRBUF_INIT;
499 int bogs /* beginning_of_gpg_sig */;
500
501 already_done = 1;
502 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
503 hashclr(push_cert_sha1);
504
505 memset(&sigcheck, '\0', sizeof(sigcheck));
506 sigcheck.result = 'N';
507
508 bogs = parse_signature(push_cert.buf, push_cert.len);
509 if (verify_signed_buffer(push_cert.buf, bogs,
510 push_cert.buf + bogs, push_cert.len - bogs,
511 &gpg_output, &gpg_status) < 0) {
512 ; /* error running gpg */
513 } else {
514 sigcheck.payload = push_cert.buf;
515 sigcheck.gpg_output = gpg_output.buf;
516 sigcheck.gpg_status = gpg_status.buf;
517 parse_gpg_output(&sigcheck);
518 }
519
520 strbuf_release(&gpg_output);
521 strbuf_release(&gpg_status);
522 nonce_status = check_nonce(push_cert.buf, bogs);
523 }
524 if (!is_null_sha1(push_cert_sha1)) {
525 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
526 sha1_to_hex(push_cert_sha1));
527 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
528 sigcheck.signer ? sigcheck.signer : "");
529 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
530 sigcheck.key ? sigcheck.key : "");
531 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
532 sigcheck.result);
533 if (push_cert_nonce) {
534 argv_array_pushf(&proc->env_array,
535 "GIT_PUSH_CERT_NONCE=%s",
536 push_cert_nonce);
537 argv_array_pushf(&proc->env_array,
538 "GIT_PUSH_CERT_NONCE_STATUS=%s",
539 nonce_status);
540 if (nonce_status == NONCE_SLOP)
541 argv_array_pushf(&proc->env_array,
542 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
543 nonce_stamp_slop);
544 }
545 }
546 }
547
548 typedef int (*feed_fn)(void *, const char **, size_t *);
549 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
550 {
551 struct child_process proc = CHILD_PROCESS_INIT;
552 struct async muxer;
553 const char *argv[2];
554 int code;
555
556 argv[0] = find_hook(hook_name);
557 if (!argv[0])
558 return 0;
559
560 argv[1] = NULL;
561
562 proc.argv = argv;
563 proc.in = -1;
564 proc.stdout_to_stderr = 1;
565
566 if (use_sideband) {
567 memset(&muxer, 0, sizeof(muxer));
568 muxer.proc = copy_to_sideband;
569 muxer.in = -1;
570 code = start_async(&muxer);
571 if (code)
572 return code;
573 proc.err = muxer.in;
574 }
575
576 prepare_push_cert_sha1(&proc);
577
578 code = start_command(&proc);
579 if (code) {
580 if (use_sideband)
581 finish_async(&muxer);
582 return code;
583 }
584
585 sigchain_push(SIGPIPE, SIG_IGN);
586
587 while (1) {
588 const char *buf;
589 size_t n;
590 if (feed(feed_state, &buf, &n))
591 break;
592 if (write_in_full(proc.in, buf, n) != n)
593 break;
594 }
595 close(proc.in);
596 if (use_sideband)
597 finish_async(&muxer);
598
599 sigchain_pop(SIGPIPE);
600
601 return finish_command(&proc);
602 }
603
604 struct receive_hook_feed_state {
605 struct command *cmd;
606 int skip_broken;
607 struct strbuf buf;
608 };
609
610 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
611 {
612 struct receive_hook_feed_state *state = state_;
613 struct command *cmd = state->cmd;
614
615 while (cmd &&
616 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
617 cmd = cmd->next;
618 if (!cmd)
619 return -1; /* EOF */
620 strbuf_reset(&state->buf);
621 strbuf_addf(&state->buf, "%s %s %s\n",
622 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
623 cmd->ref_name);
624 state->cmd = cmd->next;
625 if (bufp) {
626 *bufp = state->buf.buf;
627 *sizep = state->buf.len;
628 }
629 return 0;
630 }
631
632 static int run_receive_hook(struct command *commands, const char *hook_name,
633 int skip_broken)
634 {
635 struct receive_hook_feed_state state;
636 int status;
637
638 strbuf_init(&state.buf, 0);
639 state.cmd = commands;
640 state.skip_broken = skip_broken;
641 if (feed_receive_hook(&state, NULL, NULL))
642 return 0;
643 state.cmd = commands;
644 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
645 strbuf_release(&state.buf);
646 return status;
647 }
648
649 static int run_update_hook(struct command *cmd)
650 {
651 const char *argv[5];
652 struct child_process proc = CHILD_PROCESS_INIT;
653 int code;
654
655 argv[0] = find_hook("update");
656 if (!argv[0])
657 return 0;
658
659 argv[1] = cmd->ref_name;
660 argv[2] = sha1_to_hex(cmd->old_sha1);
661 argv[3] = sha1_to_hex(cmd->new_sha1);
662 argv[4] = NULL;
663
664 proc.no_stdin = 1;
665 proc.stdout_to_stderr = 1;
666 proc.err = use_sideband ? -1 : 0;
667 proc.argv = argv;
668
669 code = start_command(&proc);
670 if (code)
671 return code;
672 if (use_sideband)
673 copy_to_sideband(proc.err, -1, NULL);
674 return finish_command(&proc);
675 }
676
677 static int is_ref_checked_out(const char *ref)
678 {
679 if (is_bare_repository())
680 return 0;
681
682 if (!head_name)
683 return 0;
684 return !strcmp(head_name, ref);
685 }
686
687 static char *refuse_unconfigured_deny_msg[] = {
688 "By default, updating the current branch in a non-bare repository",
689 "is denied, because it will make the index and work tree inconsistent",
690 "with what you pushed, and will require 'git reset --hard' to match",
691 "the work tree to HEAD.",
692 "",
693 "You can set 'receive.denyCurrentBranch' configuration variable to",
694 "'ignore' or 'warn' in the remote repository to allow pushing into",
695 "its current branch; however, this is not recommended unless you",
696 "arranged to update its work tree to match what you pushed in some",
697 "other way.",
698 "",
699 "To squelch this message and still keep the default behaviour, set",
700 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
701 };
702
703 static void refuse_unconfigured_deny(void)
704 {
705 int i;
706 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
707 rp_error("%s", refuse_unconfigured_deny_msg[i]);
708 }
709
710 static char *refuse_unconfigured_deny_delete_current_msg[] = {
711 "By default, deleting the current branch is denied, because the next",
712 "'git clone' won't result in any file checked out, causing confusion.",
713 "",
714 "You can set 'receive.denyDeleteCurrent' configuration variable to",
715 "'warn' or 'ignore' in the remote repository to allow deleting the",
716 "current branch, with or without a warning message.",
717 "",
718 "To squelch this message, you can set it to 'refuse'."
719 };
720
721 static void refuse_unconfigured_deny_delete_current(void)
722 {
723 int i;
724 for (i = 0;
725 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
726 i++)
727 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
728 }
729
730 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
731 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
732 {
733 static struct lock_file shallow_lock;
734 struct sha1_array extra = SHA1_ARRAY_INIT;
735 const char *alt_file;
736 uint32_t mask = 1 << (cmd->index % 32);
737 int i;
738
739 trace_printf_key(&trace_shallow,
740 "shallow: update_shallow_ref %s\n", cmd->ref_name);
741 for (i = 0; i < si->shallow->nr; i++)
742 if (si->used_shallow[i] &&
743 (si->used_shallow[i][cmd->index / 32] & mask) &&
744 !delayed_reachability_test(si, i))
745 sha1_array_append(&extra, si->shallow->sha1[i]);
746
747 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
748 if (check_shallow_connected(command_singleton_iterator,
749 0, cmd, alt_file)) {
750 rollback_lock_file(&shallow_lock);
751 sha1_array_clear(&extra);
752 return -1;
753 }
754
755 commit_lock_file(&shallow_lock);
756
757 /*
758 * Make sure setup_alternate_shallow() for the next ref does
759 * not lose these new roots..
760 */
761 for (i = 0; i < extra.nr; i++)
762 register_shallow(extra.sha1[i]);
763
764 si->shallow_ref[cmd->index] = 0;
765 sha1_array_clear(&extra);
766 return 0;
767 }
768
769 /*
770 * NEEDSWORK: we should consolidate various implementions of "are we
771 * on an unborn branch?" test into one, and make the unified one more
772 * robust. !get_sha1() based check used here and elsewhere would not
773 * allow us to tell an unborn branch from corrupt ref, for example.
774 * For the purpose of fixing "deploy-to-update does not work when
775 * pushing into an empty repository" issue, this should suffice for
776 * now.
777 */
778 static int head_has_history(void)
779 {
780 unsigned char sha1[20];
781
782 return !get_sha1("HEAD", sha1);
783 }
784
785 static const char *push_to_deploy(unsigned char *sha1,
786 struct argv_array *env,
787 const char *work_tree)
788 {
789 const char *update_refresh[] = {
790 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
791 };
792 const char *diff_files[] = {
793 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
794 };
795 const char *diff_index[] = {
796 "diff-index", "--quiet", "--cached", "--ignore-submodules",
797 NULL, "--", NULL
798 };
799 const char *read_tree[] = {
800 "read-tree", "-u", "-m", NULL, NULL
801 };
802 struct child_process child = CHILD_PROCESS_INIT;
803
804 child.argv = update_refresh;
805 child.env = env->argv;
806 child.dir = work_tree;
807 child.no_stdin = 1;
808 child.stdout_to_stderr = 1;
809 child.git_cmd = 1;
810 if (run_command(&child))
811 return "Up-to-date check failed";
812
813 /* run_command() does not clean up completely; reinitialize */
814 child_process_init(&child);
815 child.argv = diff_files;
816 child.env = env->argv;
817 child.dir = work_tree;
818 child.no_stdin = 1;
819 child.stdout_to_stderr = 1;
820 child.git_cmd = 1;
821 if (run_command(&child))
822 return "Working directory has unstaged changes";
823
824 /* diff-index with either HEAD or an empty tree */
825 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
826
827 child_process_init(&child);
828 child.argv = diff_index;
829 child.env = env->argv;
830 child.no_stdin = 1;
831 child.no_stdout = 1;
832 child.stdout_to_stderr = 0;
833 child.git_cmd = 1;
834 if (run_command(&child))
835 return "Working directory has staged changes";
836
837 read_tree[3] = sha1_to_hex(sha1);
838 child_process_init(&child);
839 child.argv = read_tree;
840 child.env = env->argv;
841 child.dir = work_tree;
842 child.no_stdin = 1;
843 child.no_stdout = 1;
844 child.stdout_to_stderr = 0;
845 child.git_cmd = 1;
846 if (run_command(&child))
847 return "Could not update working tree to new HEAD";
848
849 return NULL;
850 }
851
852 static const char *push_to_checkout_hook = "push-to-checkout";
853
854 static const char *push_to_checkout(unsigned char *sha1,
855 struct argv_array *env,
856 const char *work_tree)
857 {
858 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
859 if (run_hook_le(env->argv, push_to_checkout_hook,
860 sha1_to_hex(sha1), NULL))
861 return "push-to-checkout hook declined";
862 else
863 return NULL;
864 }
865
866 static const char *update_worktree(unsigned char *sha1)
867 {
868 const char *retval;
869 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
870 struct argv_array env = ARGV_ARRAY_INIT;
871
872 if (is_bare_repository())
873 return "denyCurrentBranch = updateInstead needs a worktree";
874
875 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
876
877 if (!find_hook(push_to_checkout_hook))
878 retval = push_to_deploy(sha1, &env, work_tree);
879 else
880 retval = push_to_checkout(sha1, &env, work_tree);
881
882 argv_array_clear(&env);
883 return retval;
884 }
885
886 static const char *update(struct command *cmd, struct shallow_info *si)
887 {
888 const char *name = cmd->ref_name;
889 struct strbuf namespaced_name_buf = STRBUF_INIT;
890 const char *namespaced_name, *ret;
891 unsigned char *old_sha1 = cmd->old_sha1;
892 unsigned char *new_sha1 = cmd->new_sha1;
893
894 /* only refs/... are allowed */
895 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
896 rp_error("refusing to create funny ref '%s' remotely", name);
897 return "funny refname";
898 }
899
900 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
901 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
902
903 if (is_ref_checked_out(namespaced_name)) {
904 switch (deny_current_branch) {
905 case DENY_IGNORE:
906 break;
907 case DENY_WARN:
908 rp_warning("updating the current branch");
909 break;
910 case DENY_REFUSE:
911 case DENY_UNCONFIGURED:
912 rp_error("refusing to update checked out branch: %s", name);
913 if (deny_current_branch == DENY_UNCONFIGURED)
914 refuse_unconfigured_deny();
915 return "branch is currently checked out";
916 case DENY_UPDATE_INSTEAD:
917 ret = update_worktree(new_sha1);
918 if (ret)
919 return ret;
920 break;
921 }
922 }
923
924 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
925 error("unpack should have generated %s, "
926 "but I can't find it!", sha1_to_hex(new_sha1));
927 return "bad pack";
928 }
929
930 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
931 if (deny_deletes && starts_with(name, "refs/heads/")) {
932 rp_error("denying ref deletion for %s", name);
933 return "deletion prohibited";
934 }
935
936 if (head_name && !strcmp(namespaced_name, head_name)) {
937 switch (deny_delete_current) {
938 case DENY_IGNORE:
939 break;
940 case DENY_WARN:
941 rp_warning("deleting the current branch");
942 break;
943 case DENY_REFUSE:
944 case DENY_UNCONFIGURED:
945 case DENY_UPDATE_INSTEAD:
946 if (deny_delete_current == DENY_UNCONFIGURED)
947 refuse_unconfigured_deny_delete_current();
948 rp_error("refusing to delete the current branch: %s", name);
949 return "deletion of the current branch prohibited";
950 default:
951 return "Invalid denyDeleteCurrent setting";
952 }
953 }
954 }
955
956 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
957 !is_null_sha1(old_sha1) &&
958 starts_with(name, "refs/heads/")) {
959 struct object *old_object, *new_object;
960 struct commit *old_commit, *new_commit;
961
962 old_object = parse_object(old_sha1);
963 new_object = parse_object(new_sha1);
964
965 if (!old_object || !new_object ||
966 old_object->type != OBJ_COMMIT ||
967 new_object->type != OBJ_COMMIT) {
968 error("bad sha1 objects for %s", name);
969 return "bad ref";
970 }
971 old_commit = (struct commit *)old_object;
972 new_commit = (struct commit *)new_object;
973 if (!in_merge_bases(old_commit, new_commit)) {
974 rp_error("denying non-fast-forward %s"
975 " (you should pull first)", name);
976 return "non-fast-forward";
977 }
978 }
979 if (run_update_hook(cmd)) {
980 rp_error("hook declined to update %s", name);
981 return "hook declined";
982 }
983
984 if (is_null_sha1(new_sha1)) {
985 struct strbuf err = STRBUF_INIT;
986 if (!parse_object(old_sha1)) {
987 old_sha1 = NULL;
988 if (ref_exists(name)) {
989 rp_warning("Allowing deletion of corrupt ref.");
990 } else {
991 rp_warning("Deleting a non-existent ref.");
992 cmd->did_not_exist = 1;
993 }
994 }
995 if (ref_transaction_delete(transaction,
996 namespaced_name,
997 old_sha1,
998 0, "push", &err)) {
999 rp_error("%s", err.buf);
1000 strbuf_release(&err);
1001 return "failed to delete";
1002 }
1003 strbuf_release(&err);
1004 return NULL; /* good */
1005 }
1006 else {
1007 struct strbuf err = STRBUF_INIT;
1008 if (shallow_update && si->shallow_ref[cmd->index] &&
1009 update_shallow_ref(cmd, si))
1010 return "shallow error";
1011
1012 if (ref_transaction_update(transaction,
1013 namespaced_name,
1014 new_sha1, old_sha1,
1015 0, "push",
1016 &err)) {
1017 rp_error("%s", err.buf);
1018 strbuf_release(&err);
1019
1020 return "failed to update ref";
1021 }
1022 strbuf_release(&err);
1023
1024 return NULL; /* good */
1025 }
1026 }
1027
1028 static void run_update_post_hook(struct command *commands)
1029 {
1030 struct command *cmd;
1031 int argc;
1032 const char **argv;
1033 struct child_process proc = CHILD_PROCESS_INIT;
1034 const char *hook;
1035
1036 hook = find_hook("post-update");
1037 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1038 if (cmd->error_string || cmd->did_not_exist)
1039 continue;
1040 argc++;
1041 }
1042 if (!argc || !hook)
1043 return;
1044
1045 argv = xmalloc(sizeof(*argv) * (2 + argc));
1046 argv[0] = hook;
1047
1048 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1049 if (cmd->error_string || cmd->did_not_exist)
1050 continue;
1051 argv[argc] = xstrdup(cmd->ref_name);
1052 argc++;
1053 }
1054 argv[argc] = NULL;
1055
1056 proc.no_stdin = 1;
1057 proc.stdout_to_stderr = 1;
1058 proc.err = use_sideband ? -1 : 0;
1059 proc.argv = argv;
1060
1061 if (!start_command(&proc)) {
1062 if (use_sideband)
1063 copy_to_sideband(proc.err, -1, NULL);
1064 finish_command(&proc);
1065 }
1066 }
1067
1068 static void check_aliased_update(struct command *cmd, struct string_list *list)
1069 {
1070 struct strbuf buf = STRBUF_INIT;
1071 const char *dst_name;
1072 struct string_list_item *item;
1073 struct command *dst_cmd;
1074 unsigned char sha1[20];
1075 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1076 int flag;
1077
1078 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1079 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1080 strbuf_release(&buf);
1081
1082 if (!(flag & REF_ISSYMREF))
1083 return;
1084
1085 dst_name = strip_namespace(dst_name);
1086 if (!dst_name) {
1087 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1088 cmd->skip_update = 1;
1089 cmd->error_string = "broken symref";
1090 return;
1091 }
1092
1093 if ((item = string_list_lookup(list, dst_name)) == NULL)
1094 return;
1095
1096 cmd->skip_update = 1;
1097
1098 dst_cmd = (struct command *) item->util;
1099
1100 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1101 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1102 return;
1103
1104 dst_cmd->skip_update = 1;
1105
1106 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1107 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1108 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1109 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1110 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1111 " its target '%s' (%s..%s)",
1112 cmd->ref_name, cmd_oldh, cmd_newh,
1113 dst_cmd->ref_name, dst_oldh, dst_newh);
1114
1115 cmd->error_string = dst_cmd->error_string =
1116 "inconsistent aliased update";
1117 }
1118
1119 static void check_aliased_updates(struct command *commands)
1120 {
1121 struct command *cmd;
1122 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1123
1124 for (cmd = commands; cmd; cmd = cmd->next) {
1125 struct string_list_item *item =
1126 string_list_append(&ref_list, cmd->ref_name);
1127 item->util = (void *)cmd;
1128 }
1129 string_list_sort(&ref_list);
1130
1131 for (cmd = commands; cmd; cmd = cmd->next) {
1132 if (!cmd->error_string)
1133 check_aliased_update(cmd, &ref_list);
1134 }
1135
1136 string_list_clear(&ref_list, 0);
1137 }
1138
1139 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1140 {
1141 struct command **cmd_list = cb_data;
1142 struct command *cmd = *cmd_list;
1143
1144 if (!cmd || is_null_sha1(cmd->new_sha1))
1145 return -1; /* end of list */
1146 *cmd_list = NULL; /* this returns only one */
1147 hashcpy(sha1, cmd->new_sha1);
1148 return 0;
1149 }
1150
1151 static void set_connectivity_errors(struct command *commands,
1152 struct shallow_info *si)
1153 {
1154 struct command *cmd;
1155
1156 for (cmd = commands; cmd; cmd = cmd->next) {
1157 struct command *singleton = cmd;
1158 if (shallow_update && si->shallow_ref[cmd->index])
1159 /* to be checked in update_shallow_ref() */
1160 continue;
1161 if (!check_everything_connected(command_singleton_iterator,
1162 0, &singleton))
1163 continue;
1164 cmd->error_string = "missing necessary objects";
1165 }
1166 }
1167
1168 struct iterate_data {
1169 struct command *cmds;
1170 struct shallow_info *si;
1171 };
1172
1173 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1174 {
1175 struct iterate_data *data = cb_data;
1176 struct command **cmd_list = &data->cmds;
1177 struct command *cmd = *cmd_list;
1178
1179 for (; cmd; cmd = cmd->next) {
1180 if (shallow_update && data->si->shallow_ref[cmd->index])
1181 /* to be checked in update_shallow_ref() */
1182 continue;
1183 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1184 hashcpy(sha1, cmd->new_sha1);
1185 *cmd_list = cmd->next;
1186 return 0;
1187 }
1188 }
1189 *cmd_list = NULL;
1190 return -1; /* end of list */
1191 }
1192
1193 static void reject_updates_to_hidden(struct command *commands)
1194 {
1195 struct command *cmd;
1196
1197 for (cmd = commands; cmd; cmd = cmd->next) {
1198 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1199 continue;
1200 if (is_null_sha1(cmd->new_sha1))
1201 cmd->error_string = "deny deleting a hidden ref";
1202 else
1203 cmd->error_string = "deny updating a hidden ref";
1204 }
1205 }
1206
1207 static int should_process_cmd(struct command *cmd)
1208 {
1209 return !cmd->error_string && !cmd->skip_update;
1210 }
1211
1212 static void warn_if_skipped_connectivity_check(struct command *commands,
1213 struct shallow_info *si)
1214 {
1215 struct command *cmd;
1216 int checked_connectivity = 1;
1217
1218 for (cmd = commands; cmd; cmd = cmd->next) {
1219 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1220 error("BUG: connectivity check has not been run on ref %s",
1221 cmd->ref_name);
1222 checked_connectivity = 0;
1223 }
1224 }
1225 if (!checked_connectivity)
1226 die("BUG: connectivity check skipped???");
1227 }
1228
1229 static void execute_commands_non_atomic(struct command *commands,
1230 struct shallow_info *si)
1231 {
1232 struct command *cmd;
1233 struct strbuf err = STRBUF_INIT;
1234
1235 for (cmd = commands; cmd; cmd = cmd->next) {
1236 if (!should_process_cmd(cmd))
1237 continue;
1238
1239 transaction = ref_transaction_begin(&err);
1240 if (!transaction) {
1241 rp_error("%s", err.buf);
1242 strbuf_reset(&err);
1243 cmd->error_string = "transaction failed to start";
1244 continue;
1245 }
1246
1247 cmd->error_string = update(cmd, si);
1248
1249 if (!cmd->error_string
1250 && ref_transaction_commit(transaction, &err)) {
1251 rp_error("%s", err.buf);
1252 strbuf_reset(&err);
1253 cmd->error_string = "failed to update ref";
1254 }
1255 ref_transaction_free(transaction);
1256 }
1257 strbuf_release(&err);
1258 }
1259
1260 static void execute_commands_atomic(struct command *commands,
1261 struct shallow_info *si)
1262 {
1263 struct command *cmd;
1264 struct strbuf err = STRBUF_INIT;
1265 const char *reported_error = "atomic push failure";
1266
1267 transaction = ref_transaction_begin(&err);
1268 if (!transaction) {
1269 rp_error("%s", err.buf);
1270 strbuf_reset(&err);
1271 reported_error = "transaction failed to start";
1272 goto failure;
1273 }
1274
1275 for (cmd = commands; cmd; cmd = cmd->next) {
1276 if (!should_process_cmd(cmd))
1277 continue;
1278
1279 cmd->error_string = update(cmd, si);
1280
1281 if (cmd->error_string)
1282 goto failure;
1283 }
1284
1285 if (ref_transaction_commit(transaction, &err)) {
1286 rp_error("%s", err.buf);
1287 reported_error = "atomic transaction failed";
1288 goto failure;
1289 }
1290 goto cleanup;
1291
1292 failure:
1293 for (cmd = commands; cmd; cmd = cmd->next)
1294 if (!cmd->error_string)
1295 cmd->error_string = reported_error;
1296
1297 cleanup:
1298 ref_transaction_free(transaction);
1299 strbuf_release(&err);
1300 }
1301
1302 static void execute_commands(struct command *commands,
1303 const char *unpacker_error,
1304 struct shallow_info *si)
1305 {
1306 struct command *cmd;
1307 unsigned char sha1[20];
1308 struct iterate_data data;
1309
1310 if (unpacker_error) {
1311 for (cmd = commands; cmd; cmd = cmd->next)
1312 cmd->error_string = "unpacker error";
1313 return;
1314 }
1315
1316 data.cmds = commands;
1317 data.si = si;
1318 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1319 set_connectivity_errors(commands, si);
1320
1321 reject_updates_to_hidden(commands);
1322
1323 if (run_receive_hook(commands, "pre-receive", 0)) {
1324 for (cmd = commands; cmd; cmd = cmd->next) {
1325 if (!cmd->error_string)
1326 cmd->error_string = "pre-receive hook declined";
1327 }
1328 return;
1329 }
1330
1331 check_aliased_updates(commands);
1332
1333 free(head_name_to_free);
1334 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1335
1336 if (use_atomic)
1337 execute_commands_atomic(commands, si);
1338 else
1339 execute_commands_non_atomic(commands, si);
1340
1341 if (shallow_update)
1342 warn_if_skipped_connectivity_check(commands, si);
1343 }
1344
1345 static struct command **queue_command(struct command **tail,
1346 const char *line,
1347 int linelen)
1348 {
1349 unsigned char old_sha1[20], new_sha1[20];
1350 struct command *cmd;
1351 const char *refname;
1352 int reflen;
1353
1354 if (linelen < 83 ||
1355 line[40] != ' ' ||
1356 line[81] != ' ' ||
1357 get_sha1_hex(line, old_sha1) ||
1358 get_sha1_hex(line + 41, new_sha1))
1359 die("protocol error: expected old/new/ref, got '%s'", line);
1360
1361 refname = line + 82;
1362 reflen = linelen - 82;
1363 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1364 hashcpy(cmd->old_sha1, old_sha1);
1365 hashcpy(cmd->new_sha1, new_sha1);
1366 memcpy(cmd->ref_name, refname, reflen);
1367 cmd->ref_name[reflen] = '\0';
1368 *tail = cmd;
1369 return &cmd->next;
1370 }
1371
1372 static void queue_commands_from_cert(struct command **tail,
1373 struct strbuf *push_cert)
1374 {
1375 const char *boc, *eoc;
1376
1377 if (*tail)
1378 die("protocol error: got both push certificate and unsigned commands");
1379
1380 boc = strstr(push_cert->buf, "\n\n");
1381 if (!boc)
1382 die("malformed push certificate %.*s", 100, push_cert->buf);
1383 else
1384 boc += 2;
1385 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1386
1387 while (boc < eoc) {
1388 const char *eol = memchr(boc, '\n', eoc - boc);
1389 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1390 boc = eol ? eol + 1 : eoc;
1391 }
1392 }
1393
1394 static struct command *read_head_info(struct sha1_array *shallow)
1395 {
1396 struct command *commands = NULL;
1397 struct command **p = &commands;
1398 for (;;) {
1399 char *line;
1400 int len, linelen;
1401
1402 line = packet_read_line(0, &len);
1403 if (!line)
1404 break;
1405
1406 if (len == 48 && starts_with(line, "shallow ")) {
1407 unsigned char sha1[20];
1408 if (get_sha1_hex(line + 8, sha1))
1409 die("protocol error: expected shallow sha, got '%s'",
1410 line + 8);
1411 sha1_array_append(shallow, sha1);
1412 continue;
1413 }
1414
1415 linelen = strlen(line);
1416 if (linelen < len) {
1417 const char *feature_list = line + linelen + 1;
1418 if (parse_feature_request(feature_list, "report-status"))
1419 report_status = 1;
1420 if (parse_feature_request(feature_list, "side-band-64k"))
1421 use_sideband = LARGE_PACKET_MAX;
1422 if (parse_feature_request(feature_list, "quiet"))
1423 quiet = 1;
1424 if (advertise_atomic_push
1425 && parse_feature_request(feature_list, "atomic"))
1426 use_atomic = 1;
1427 }
1428
1429 if (!strcmp(line, "push-cert")) {
1430 int true_flush = 0;
1431 char certbuf[1024];
1432
1433 for (;;) {
1434 len = packet_read(0, NULL, NULL,
1435 certbuf, sizeof(certbuf), 0);
1436 if (!len) {
1437 true_flush = 1;
1438 break;
1439 }
1440 if (!strcmp(certbuf, "push-cert-end\n"))
1441 break; /* end of cert */
1442 strbuf_addstr(&push_cert, certbuf);
1443 }
1444
1445 if (true_flush)
1446 break;
1447 continue;
1448 }
1449
1450 p = queue_command(p, line, linelen);
1451 }
1452
1453 if (push_cert.len)
1454 queue_commands_from_cert(p, &push_cert);
1455
1456 return commands;
1457 }
1458
1459 static const char *parse_pack_header(struct pack_header *hdr)
1460 {
1461 switch (read_pack_header(0, hdr)) {
1462 case PH_ERROR_EOF:
1463 return "eof before pack header was fully read";
1464
1465 case PH_ERROR_PACK_SIGNATURE:
1466 return "protocol error (pack signature mismatch detected)";
1467
1468 case PH_ERROR_PROTOCOL:
1469 return "protocol error (pack version unsupported)";
1470
1471 default:
1472 return "unknown error in parse_pack_header";
1473
1474 case 0:
1475 return NULL;
1476 }
1477 }
1478
1479 static const char *pack_lockfile;
1480
1481 static const char *unpack(int err_fd, struct shallow_info *si)
1482 {
1483 struct pack_header hdr;
1484 const char *hdr_err;
1485 int status;
1486 char hdr_arg[38];
1487 struct child_process child = CHILD_PROCESS_INIT;
1488 int fsck_objects = (receive_fsck_objects >= 0
1489 ? receive_fsck_objects
1490 : transfer_fsck_objects >= 0
1491 ? transfer_fsck_objects
1492 : 0);
1493
1494 hdr_err = parse_pack_header(&hdr);
1495 if (hdr_err) {
1496 if (err_fd > 0)
1497 close(err_fd);
1498 return hdr_err;
1499 }
1500 snprintf(hdr_arg, sizeof(hdr_arg),
1501 "--pack_header=%"PRIu32",%"PRIu32,
1502 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1503
1504 if (si->nr_ours || si->nr_theirs) {
1505 alt_shallow_file = setup_temporary_shallow(si->shallow);
1506 argv_array_push(&child.args, "--shallow-file");
1507 argv_array_push(&child.args, alt_shallow_file);
1508 }
1509
1510 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1511 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1512 if (quiet)
1513 argv_array_push(&child.args, "-q");
1514 if (fsck_objects)
1515 argv_array_pushf(&child.args, "--strict%s",
1516 fsck_msg_types.buf);
1517 child.no_stdout = 1;
1518 child.err = err_fd;
1519 child.git_cmd = 1;
1520 status = run_command(&child);
1521 if (status)
1522 return "unpack-objects abnormal exit";
1523 } else {
1524 int s;
1525 char keep_arg[256];
1526
1527 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1528 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1529 strcpy(keep_arg + s, "localhost");
1530
1531 argv_array_pushl(&child.args, "index-pack",
1532 "--stdin", hdr_arg, keep_arg, NULL);
1533 if (fsck_objects)
1534 argv_array_pushf(&child.args, "--strict%s",
1535 fsck_msg_types.buf);
1536 if (fix_thin)
1537 argv_array_push(&child.args, "--fix-thin");
1538 child.out = -1;
1539 child.err = err_fd;
1540 child.git_cmd = 1;
1541 status = start_command(&child);
1542 if (status)
1543 return "index-pack fork failed";
1544 pack_lockfile = index_pack_lockfile(child.out);
1545 close(child.out);
1546 status = finish_command(&child);
1547 if (status)
1548 return "index-pack abnormal exit";
1549 reprepare_packed_git();
1550 }
1551 return NULL;
1552 }
1553
1554 static const char *unpack_with_sideband(struct shallow_info *si)
1555 {
1556 struct async muxer;
1557 const char *ret;
1558
1559 if (!use_sideband)
1560 return unpack(0, si);
1561
1562 memset(&muxer, 0, sizeof(muxer));
1563 muxer.proc = copy_to_sideband;
1564 muxer.in = -1;
1565 if (start_async(&muxer))
1566 return NULL;
1567
1568 ret = unpack(muxer.in, si);
1569
1570 finish_async(&muxer);
1571 return ret;
1572 }
1573
1574 static void prepare_shallow_update(struct command *commands,
1575 struct shallow_info *si)
1576 {
1577 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1578
1579 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1580 si->shallow->nr);
1581 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1582
1583 si->need_reachability_test =
1584 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1585 si->reachable =
1586 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1587 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1588
1589 for (i = 0; i < si->nr_ours; i++)
1590 si->need_reachability_test[si->ours[i]] = 1;
1591
1592 for (i = 0; i < si->shallow->nr; i++) {
1593 if (!si->used_shallow[i])
1594 continue;
1595 for (j = 0; j < bitmap_size; j++) {
1596 if (!si->used_shallow[i][j])
1597 continue;
1598 si->need_reachability_test[i]++;
1599 for (k = 0; k < 32; k++)
1600 if (si->used_shallow[i][j] & (1 << k))
1601 si->shallow_ref[j * 32 + k]++;
1602 }
1603
1604 /*
1605 * true for those associated with some refs and belong
1606 * in "ours" list aka "step 7 not done yet"
1607 */
1608 si->need_reachability_test[i] =
1609 si->need_reachability_test[i] > 1;
1610 }
1611
1612 /*
1613 * keep hooks happy by forcing a temporary shallow file via
1614 * env variable because we can't add --shallow-file to every
1615 * command. check_everything_connected() will be done with
1616 * true .git/shallow though.
1617 */
1618 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1619 }
1620
1621 static void update_shallow_info(struct command *commands,
1622 struct shallow_info *si,
1623 struct sha1_array *ref)
1624 {
1625 struct command *cmd;
1626 int *ref_status;
1627 remove_nonexistent_theirs_shallow(si);
1628 if (!si->nr_ours && !si->nr_theirs) {
1629 shallow_update = 0;
1630 return;
1631 }
1632
1633 for (cmd = commands; cmd; cmd = cmd->next) {
1634 if (is_null_sha1(cmd->new_sha1))
1635 continue;
1636 sha1_array_append(ref, cmd->new_sha1);
1637 cmd->index = ref->nr - 1;
1638 }
1639 si->ref = ref;
1640
1641 if (shallow_update) {
1642 prepare_shallow_update(commands, si);
1643 return;
1644 }
1645
1646 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1647 assign_shallow_commits_to_refs(si, NULL, ref_status);
1648 for (cmd = commands; cmd; cmd = cmd->next) {
1649 if (is_null_sha1(cmd->new_sha1))
1650 continue;
1651 if (ref_status[cmd->index]) {
1652 cmd->error_string = "shallow update not allowed";
1653 cmd->skip_update = 1;
1654 }
1655 }
1656 free(ref_status);
1657 }
1658
1659 static void report(struct command *commands, const char *unpack_status)
1660 {
1661 struct command *cmd;
1662 struct strbuf buf = STRBUF_INIT;
1663
1664 packet_buf_write(&buf, "unpack %s\n",
1665 unpack_status ? unpack_status : "ok");
1666 for (cmd = commands; cmd; cmd = cmd->next) {
1667 if (!cmd->error_string)
1668 packet_buf_write(&buf, "ok %s\n",
1669 cmd->ref_name);
1670 else
1671 packet_buf_write(&buf, "ng %s %s\n",
1672 cmd->ref_name, cmd->error_string);
1673 }
1674 packet_buf_flush(&buf);
1675
1676 if (use_sideband)
1677 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1678 else
1679 write_or_die(1, buf.buf, buf.len);
1680 strbuf_release(&buf);
1681 }
1682
1683 static int delete_only(struct command *commands)
1684 {
1685 struct command *cmd;
1686 for (cmd = commands; cmd; cmd = cmd->next) {
1687 if (!is_null_sha1(cmd->new_sha1))
1688 return 0;
1689 }
1690 return 1;
1691 }
1692
1693 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1694 {
1695 int advertise_refs = 0;
1696 int i;
1697 struct command *commands;
1698 struct sha1_array shallow = SHA1_ARRAY_INIT;
1699 struct sha1_array ref = SHA1_ARRAY_INIT;
1700 struct shallow_info si;
1701
1702 packet_trace_identity("receive-pack");
1703
1704 argv++;
1705 for (i = 1; i < argc; i++) {
1706 const char *arg = *argv++;
1707
1708 if (*arg == '-') {
1709 if (!strcmp(arg, "--quiet")) {
1710 quiet = 1;
1711 continue;
1712 }
1713
1714 if (!strcmp(arg, "--advertise-refs")) {
1715 advertise_refs = 1;
1716 continue;
1717 }
1718 if (!strcmp(arg, "--stateless-rpc")) {
1719 stateless_rpc = 1;
1720 continue;
1721 }
1722 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1723 fix_thin = 0;
1724 continue;
1725 }
1726
1727 usage(receive_pack_usage);
1728 }
1729 if (service_dir)
1730 usage(receive_pack_usage);
1731 service_dir = arg;
1732 }
1733 if (!service_dir)
1734 usage(receive_pack_usage);
1735
1736 setup_path();
1737
1738 if (!enter_repo(service_dir, 0))
1739 die("'%s' does not appear to be a git repository", service_dir);
1740
1741 git_config(receive_pack_config, NULL);
1742 if (cert_nonce_seed)
1743 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1744
1745 if (0 <= transfer_unpack_limit)
1746 unpack_limit = transfer_unpack_limit;
1747 else if (0 <= receive_unpack_limit)
1748 unpack_limit = receive_unpack_limit;
1749
1750 if (advertise_refs || !stateless_rpc) {
1751 write_head_info();
1752 }
1753 if (advertise_refs)
1754 return 0;
1755
1756 if ((commands = read_head_info(&shallow)) != NULL) {
1757 const char *unpack_status = NULL;
1758
1759 prepare_shallow_info(&si, &shallow);
1760 if (!si.nr_ours && !si.nr_theirs)
1761 shallow_update = 0;
1762 if (!delete_only(commands)) {
1763 unpack_status = unpack_with_sideband(&si);
1764 update_shallow_info(commands, &si, &ref);
1765 }
1766 execute_commands(commands, unpack_status, &si);
1767 if (pack_lockfile)
1768 unlink_or_warn(pack_lockfile);
1769 if (report_status)
1770 report(commands, unpack_status);
1771 run_receive_hook(commands, "post-receive", 1);
1772 run_update_post_hook(commands);
1773 if (auto_gc) {
1774 const char *argv_gc_auto[] = {
1775 "gc", "--auto", "--quiet", NULL,
1776 };
1777 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1778 run_command_v_opt(argv_gc_auto, opt);
1779 }
1780 if (auto_update_server_info)
1781 update_server_info(0);
1782 clear_shallow_info(&si);
1783 }
1784 if (use_sideband)
1785 packet_flush(1);
1786 sha1_array_clear(&shallow);
1787 sha1_array_clear(&ref);
1788 free((void *)push_cert_nonce);
1789 return 0;
1790 }
Unnamed repository; edit this file 'description' to name the repository.