]> git.ipfire.org Git - thirdparty/git.git/blame - send-pack.c
signed push: add "pushee" header to push certificate
[thirdparty/git.git] / send-pack.c
CommitLineData
f5d942e1
NTND
1#include "builtin.h"
2#include "commit.h"
3#include "refs.h"
4#include "pkt-line.h"
5#include "sideband.h"
6#include "run-command.h"
7#include "remote.h"
47a59185 8#include "connect.h"
f5d942e1
NTND
9#include "send-pack.h"
10#include "quote.h"
11#include "transport.h"
12#include "version.h"
13eb4626 13#include "sha1-array.h"
a85b377d 14#include "gpg-interface.h"
f5d942e1
NTND
15
16static int feed_object(const unsigned char *sha1, int fd, int negative)
17{
18 char buf[42];
19
20 if (negative && !has_sha1_file(sha1))
21 return 1;
22
23 memcpy(buf + negative, sha1_to_hex(sha1), 40);
24 if (negative)
25 buf[0] = '^';
26 buf[40 + negative] = '\n';
27 return write_or_whine(fd, buf, 41 + negative, "send-pack: send refs");
28}
29
30/*
31 * Make a pack stream and spit it out into file descriptor fd
32 */
13eb4626 33static int pack_objects(int fd, struct ref *refs, struct sha1_array *extra, struct send_pack_args *args)
f5d942e1
NTND
34{
35 /*
36 * The child becomes pack-objects --revs; we feed
37 * the revision parameters to it via its stdin and
38 * let its stdout go back to the other end.
39 */
40 const char *argv[] = {
41 "pack-objects",
42 "--all-progress-implied",
43 "--revs",
44 "--stdout",
45 NULL,
46 NULL,
47 NULL,
48 NULL,
49 NULL,
50 };
51 struct child_process po;
52 int i;
53
54 i = 4;
55 if (args->use_thin_pack)
56 argv[i++] = "--thin";
57 if (args->use_ofs_delta)
58 argv[i++] = "--delta-base-offset";
59 if (args->quiet || !args->progress)
60 argv[i++] = "-q";
61 if (args->progress)
62 argv[i++] = "--progress";
63 memset(&po, 0, sizeof(po));
64 po.argv = argv;
65 po.in = -1;
66 po.out = args->stateless_rpc ? -1 : fd;
67 po.git_cmd = 1;
68 if (start_command(&po))
69 die_errno("git pack-objects failed");
70
71 /*
72 * We feed the pack-objects we just spawned with revision
73 * parameters by writing to the pipe.
74 */
75 for (i = 0; i < extra->nr; i++)
13eb4626 76 if (!feed_object(extra->sha1[i], po.in, 1))
f5d942e1
NTND
77 break;
78
79 while (refs) {
80 if (!is_null_sha1(refs->old_sha1) &&
81 !feed_object(refs->old_sha1, po.in, 1))
82 break;
83 if (!is_null_sha1(refs->new_sha1) &&
84 !feed_object(refs->new_sha1, po.in, 0))
85 break;
86 refs = refs->next;
87 }
88
89 close(po.in);
90
91 if (args->stateless_rpc) {
92 char *buf = xmalloc(LARGE_PACKET_MAX);
93 while (1) {
94 ssize_t n = xread(po.out, buf, LARGE_PACKET_MAX);
95 if (n <= 0)
96 break;
97 send_sideband(fd, -1, buf, n, LARGE_PACKET_MAX);
98 }
99 free(buf);
100 close(po.out);
101 po.out = -1;
102 }
103
104 if (finish_command(&po))
105 return -1;
106 return 0;
107}
108
109static int receive_status(int in, struct ref *refs)
110{
111 struct ref *hint;
f5d942e1 112 int ret = 0;
74543a04 113 char *line = packet_read_line(in, NULL);
59556548 114 if (!starts_with(line, "unpack "))
f5d942e1 115 return error("did not receive remote status");
819b929d 116 if (strcmp(line, "unpack ok")) {
f5d942e1
NTND
117 error("unpack failed: %s", line + 7);
118 ret = -1;
119 }
120 hint = NULL;
121 while (1) {
122 char *refname;
123 char *msg;
74543a04
JK
124 line = packet_read_line(in, NULL);
125 if (!line)
f5d942e1 126 break;
59556548 127 if (!starts_with(line, "ok ") && !starts_with(line, "ng ")) {
8f9e3e49 128 error("invalid ref status from remote: %s", line);
f5d942e1
NTND
129 ret = -1;
130 break;
131 }
132
f5d942e1
NTND
133 refname = line + 3;
134 msg = strchr(refname, ' ');
135 if (msg)
136 *msg++ = '\0';
137
138 /* first try searching at our hint, falling back to all refs */
139 if (hint)
140 hint = find_ref_by_name(hint, refname);
141 if (!hint)
142 hint = find_ref_by_name(refs, refname);
143 if (!hint) {
144 warning("remote reported status on unknown ref: %s",
145 refname);
146 continue;
147 }
148 if (hint->status != REF_STATUS_EXPECTING_REPORT) {
149 warning("remote reported status on unexpected ref: %s",
150 refname);
151 continue;
152 }
153
154 if (line[0] == 'o' && line[1] == 'k')
155 hint->status = REF_STATUS_OK;
156 else {
157 hint->status = REF_STATUS_REMOTE_REJECT;
158 ret = -1;
159 }
160 if (msg)
161 hint->remote_status = xstrdup(msg);
162 /* start our next search from the next ref */
163 hint = hint->next;
164 }
165 return ret;
166}
167
168static int sideband_demux(int in, int out, void *data)
169{
170 int *fd = data, ret;
171#ifdef NO_PTHREADS
172 close(fd[1]);
173#endif
174 ret = recv_sideband("send-pack", fd[0], out);
175 close(out);
176 return ret;
177}
178
f2c681cf
NTND
179static int advertise_shallow_grafts_cb(const struct commit_graft *graft, void *cb)
180{
181 struct strbuf *sb = cb;
182 if (graft->nr_parent == -1)
183 packet_buf_write(sb, "shallow %s\n", sha1_to_hex(graft->sha1));
184 return 0;
185}
186
16a2743c 187static void advertise_shallow_grafts_buf(struct strbuf *sb)
f2c681cf
NTND
188{
189 if (!is_repository_shallow())
190 return;
191 for_each_commit_graft(advertise_shallow_grafts_cb, sb);
192}
193
e40671a3
JH
194static int ref_update_to_be_sent(const struct ref *ref, const struct send_pack_args *args)
195{
196 if (!ref->peer_ref && !args->send_mirror)
197 return 0;
198
199 /* Check for statuses set by set_ref_status_for_push() */
200 switch (ref->status) {
201 case REF_STATUS_REJECT_NONFASTFORWARD:
202 case REF_STATUS_REJECT_ALREADY_EXISTS:
203 case REF_STATUS_REJECT_FETCH_FIRST:
204 case REF_STATUS_REJECT_NEEDS_FORCE:
205 case REF_STATUS_REJECT_STALE:
206 case REF_STATUS_REJECT_NODELETE:
207 case REF_STATUS_UPTODATE:
208 return 0;
209 default:
210 return 1;
211 }
212}
213
a85b377d
JH
214/*
215 * the beginning of the next line, or the end of buffer.
216 *
217 * NEEDSWORK: perhaps move this to git-compat-util.h or somewhere and
218 * convert many similar uses found by "git grep -A4 memchr".
219 */
220static const char *next_line(const char *line, size_t len)
221{
222 const char *nl = memchr(line, '\n', len);
223 if (!nl)
224 return line + len; /* incomplete line */
225 return nl + 1;
226}
227
20a7558f
JH
228static int generate_push_cert(struct strbuf *req_buf,
229 const struct ref *remote_refs,
230 struct send_pack_args *args,
231 const char *cap_string)
a85b377d
JH
232{
233 const struct ref *ref;
234 char stamp[60];
235 char *signing_key = xstrdup(get_signing_key());
236 const char *cp, *np;
237 struct strbuf cert = STRBUF_INIT;
238 int update_seen = 0;
239
240 datestamp(stamp, sizeof(stamp));
241 strbuf_addf(&cert, "certificate version 0.1\n");
242 strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp);
9be89160
JH
243 if (args->url && *args->url) {
244 char *anon_url = transport_anonymize_url(args->url);
245 strbuf_addf(&cert, "pushee %s\n", anon_url);
246 free(anon_url);
247 }
a85b377d
JH
248 strbuf_addstr(&cert, "\n");
249
250 for (ref = remote_refs; ref; ref = ref->next) {
251 if (!ref_update_to_be_sent(ref, args))
252 continue;
253 update_seen = 1;
254 strbuf_addf(&cert, "%s %s %s\n",
255 sha1_to_hex(ref->old_sha1),
256 sha1_to_hex(ref->new_sha1),
257 ref->name);
258 }
259 if (!update_seen)
260 goto free_return;
261
262 if (sign_buffer(&cert, &cert, signing_key))
263 die(_("failed to sign the push certificate"));
264
20a7558f 265 packet_buf_write(req_buf, "push-cert%c%s", 0, cap_string);
a85b377d
JH
266 for (cp = cert.buf; cp < cert.buf + cert.len; cp = np) {
267 np = next_line(cp, cert.buf + cert.len - cp);
268 packet_buf_write(req_buf,
269 "%.*s", (int)(np - cp), cp);
270 }
271 packet_buf_write(req_buf, "push-cert-end\n");
272
273free_return:
274 free(signing_key);
275 strbuf_release(&cert);
20a7558f 276 return update_seen;
a85b377d
JH
277}
278
f5d942e1
NTND
279int send_pack(struct send_pack_args *args,
280 int fd[], struct child_process *conn,
281 struct ref *remote_refs,
13eb4626 282 struct sha1_array *extra_have)
f5d942e1
NTND
283{
284 int in = fd[0];
285 int out = fd[1];
286 struct strbuf req_buf = STRBUF_INIT;
887f3533 287 struct strbuf cap_buf = STRBUF_INIT;
f5d942e1 288 struct ref *ref;
ab2b0c90 289 int need_pack_data = 0;
f5d942e1
NTND
290 int allow_deleting_refs = 0;
291 int status_report = 0;
292 int use_sideband = 0;
293 int quiet_supported = 0;
294 int agent_supported = 0;
295 unsigned cmds_sent = 0;
296 int ret;
297 struct async demux;
298
299 /* Does the other end support the reporting? */
300 if (server_supports("report-status"))
301 status_report = 1;
302 if (server_supports("delete-refs"))
303 allow_deleting_refs = 1;
304 if (server_supports("ofs-delta"))
305 args->use_ofs_delta = 1;
306 if (server_supports("side-band-64k"))
307 use_sideband = 1;
308 if (server_supports("quiet"))
309 quiet_supported = 1;
310 if (server_supports("agent"))
311 agent_supported = 1;
1ba98a79
CMN
312 if (server_supports("no-thin"))
313 args->use_thin_pack = 0;
a85b377d
JH
314 if (args->push_cert && !server_supports("push-cert"))
315 die(_("the receiving end does not support --signed push"));
f5d942e1
NTND
316
317 if (!remote_refs) {
318 fprintf(stderr, "No refs in common and none specified; doing nothing.\n"
319 "Perhaps you should specify a branch such as 'master'.\n");
320 return 0;
321 }
322
887f3533
JH
323 if (status_report)
324 strbuf_addstr(&cap_buf, " report-status");
325 if (use_sideband)
326 strbuf_addstr(&cap_buf, " side-band-64k");
327 if (quiet_supported && (args->quiet || !args->progress))
328 strbuf_addstr(&cap_buf, " quiet");
329 if (agent_supported)
330 strbuf_addf(&cap_buf, " agent=%s", git_user_agent_sanitized());
331
621b0599
JH
332 /*
333 * NEEDSWORK: why does delete-refs have to be so specific to
334 * send-pack machinery that set_ref_status_for_push() cannot
335 * set this bit for us???
336 */
337 for (ref = remote_refs; ref; ref = ref->next)
338 if (ref->deletion && !allow_deleting_refs)
339 ref->status = REF_STATUS_REJECT_NODELETE;
340
5dbd7676 341 if (!args->dry_run)
f2c681cf 342 advertise_shallow_grafts_buf(&req_buf);
5dbd7676 343
a85b377d 344 if (!args->dry_run && args->push_cert)
20a7558f
JH
345 cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
346 cap_buf.buf);
a85b377d 347
f5d942e1 348 /*
b783aa71
JH
349 * Clear the status for each ref and see if we need to send
350 * the pack data.
f5d942e1 351 */
f5d942e1 352 for (ref = remote_refs; ref; ref = ref->next) {
e40671a3 353 if (!ref_update_to_be_sent(ref, args))
f5d942e1
NTND
354 continue;
355
f5d942e1 356 if (!ref->deletion)
ab2b0c90 357 need_pack_data = 1;
f5d942e1 358
b783aa71 359 if (args->dry_run || !status_report)
f5d942e1 360 ref->status = REF_STATUS_OK;
b783aa71
JH
361 else
362 ref->status = REF_STATUS_EXPECTING_REPORT;
363 }
364
365 /*
366 * Finally, tell the other end!
367 */
368 for (ref = remote_refs; ref; ref = ref->next) {
369 char *old_hex, *new_hex;
370
4adf569d 371 if (args->dry_run || args->push_cert)
b783aa71
JH
372 continue;
373
374 if (!ref_update_to_be_sent(ref, args))
375 continue;
376
377 old_hex = sha1_to_hex(ref->old_sha1);
378 new_hex = sha1_to_hex(ref->new_sha1);
c67072b9 379 if (!cmds_sent) {
b783aa71
JH
380 packet_buf_write(&req_buf,
381 "%s %s %s%c%s",
382 old_hex, new_hex, ref->name, 0,
383 cap_buf.buf);
c67072b9
JH
384 cmds_sent = 1;
385 } else {
b783aa71
JH
386 packet_buf_write(&req_buf, "%s %s %s",
387 old_hex, new_hex, ref->name);
c67072b9 388 }
f5d942e1
NTND
389 }
390
391 if (args->stateless_rpc) {
f2c681cf 392 if (!args->dry_run && (cmds_sent || is_repository_shallow())) {
f5d942e1
NTND
393 packet_buf_flush(&req_buf);
394 send_sideband(out, -1, req_buf.buf, req_buf.len, LARGE_PACKET_MAX);
395 }
396 } else {
cdf4fb8e 397 write_or_die(out, req_buf.buf, req_buf.len);
f5d942e1
NTND
398 packet_flush(out);
399 }
400 strbuf_release(&req_buf);
887f3533 401 strbuf_release(&cap_buf);
f5d942e1
NTND
402
403 if (use_sideband && cmds_sent) {
404 memset(&demux, 0, sizeof(demux));
405 demux.proc = sideband_demux;
406 demux.data = fd;
407 demux.out = -1;
408 if (start_async(&demux))
409 die("send-pack: unable to fork off sideband demultiplexer");
410 in = demux.out;
411 }
412
ab2b0c90 413 if (need_pack_data && cmds_sent) {
f5d942e1
NTND
414 if (pack_objects(out, remote_refs, extra_have, args) < 0) {
415 for (ref = remote_refs; ref; ref = ref->next)
416 ref->status = REF_STATUS_NONE;
417 if (args->stateless_rpc)
418 close(out);
419 if (git_connection_is_socket(conn))
420 shutdown(fd[0], SHUT_WR);
421 if (use_sideband)
422 finish_async(&demux);
37cb1dd6 423 fd[1] = -1;
f5d942e1
NTND
424 return -1;
425 }
37cb1dd6
JL
426 if (!args->stateless_rpc)
427 /* Closed by pack_objects() via start_command() */
428 fd[1] = -1;
f5d942e1
NTND
429 }
430 if (args->stateless_rpc && cmds_sent)
431 packet_flush(out);
432
433 if (status_report && cmds_sent)
434 ret = receive_status(in, remote_refs);
435 else
436 ret = 0;
437 if (args->stateless_rpc)
438 packet_flush(out);
439
440 if (use_sideband && cmds_sent) {
441 if (finish_async(&demux)) {
442 error("error in sideband demultiplexer");
443 ret = -1;
444 }
445 close(demux.out);
446 }
447
448 if (ret < 0)
449 return ret;
450
451 if (args->porcelain)
452 return 0;
453
454 for (ref = remote_refs; ref; ref = ref->next) {
455 switch (ref->status) {
456 case REF_STATUS_NONE:
457 case REF_STATUS_UPTODATE:
458 case REF_STATUS_OK:
459 break;
460 default:
461 return -1;
462 }
463 }
464 return 0;
465}