]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'mk/doc-gitfile-more' into maint-2.43
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "environment.h"
6 #include "gettext.h"
7 #include "hex.h"
8 #include "lockfile.h"
9 #include "pack.h"
10 #include "refs.h"
11 #include "pkt-line.h"
12 #include "sideband.h"
13 #include "run-command.h"
14 #include "hook.h"
15 #include "exec-cmd.h"
16 #include "commit.h"
17 #include "object.h"
18 #include "remote.h"
19 #include "connect.h"
20 #include "string-list.h"
21 #include "oid-array.h"
22 #include "connected.h"
23 #include "strvec.h"
24 #include "version.h"
25 #include "tag.h"
26 #include "gpg-interface.h"
27 #include "sigchain.h"
28 #include "fsck.h"
29 #include "tmp-objdir.h"
30 #include "oidset.h"
31 #include "packfile.h"
32 #include "object-name.h"
33 #include "object-store-ll.h"
34 #include "path.h"
35 #include "protocol.h"
36 #include "commit-reach.h"
37 #include "server-info.h"
38 #include "trace.h"
39 #include "trace2.h"
40 #include "worktree.h"
41 #include "shallow.h"
42 #include "parse-options.h"
43
44 static const char * const receive_pack_usage[] = {
45 N_("git receive-pack <git-dir>"),
46 NULL
47 };
48
49 enum deny_action {
50 DENY_UNCONFIGURED,
51 DENY_IGNORE,
52 DENY_WARN,
53 DENY_REFUSE,
54 DENY_UPDATE_INSTEAD
55 };
56
57 static int deny_deletes;
58 static int deny_non_fast_forwards;
59 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
60 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
61 static int receive_fsck_objects = -1;
62 static int transfer_fsck_objects = -1;
63 static struct strbuf fsck_msg_types = STRBUF_INIT;
64 static int receive_unpack_limit = -1;
65 static int transfer_unpack_limit = -1;
66 static int advertise_atomic_push = 1;
67 static int advertise_push_options;
68 static int advertise_sid;
69 static int unpack_limit = 100;
70 static off_t max_input_size;
71 static int report_status;
72 static int report_status_v2;
73 static int use_sideband;
74 static int use_atomic;
75 static int use_push_options;
76 static int quiet;
77 static int prefer_ofs_delta = 1;
78 static int auto_update_server_info;
79 static int auto_gc = 1;
80 static int reject_thin;
81 static int stateless_rpc;
82 static const char *service_dir;
83 static const char *head_name;
84 static void *head_name_to_free;
85 static int sent_capabilities;
86 static int shallow_update;
87 static const char *alt_shallow_file;
88 static struct strbuf push_cert = STRBUF_INIT;
89 static struct object_id push_cert_oid;
90 static struct signature_check sigcheck;
91 static const char *push_cert_nonce;
92 static const char *cert_nonce_seed;
93 static struct strvec hidden_refs = STRVEC_INIT;
94
95 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
96 static const char *NONCE_BAD = "BAD";
97 static const char *NONCE_MISSING = "MISSING";
98 static const char *NONCE_OK = "OK";
99 static const char *NONCE_SLOP = "SLOP";
100 static const char *nonce_status;
101 static long nonce_stamp_slop;
102 static timestamp_t nonce_stamp_slop_limit;
103 static struct ref_transaction *transaction;
104
105 static enum {
106 KEEPALIVE_NEVER = 0,
107 KEEPALIVE_AFTER_NUL,
108 KEEPALIVE_ALWAYS
109 } use_keepalive;
110 static int keepalive_in_sec = 5;
111
112 static struct tmp_objdir *tmp_objdir;
113
114 static struct proc_receive_ref {
115 unsigned int want_add:1,
116 want_delete:1,
117 want_modify:1,
118 negative_ref:1;
119 char *ref_prefix;
120 struct proc_receive_ref *next;
121 } *proc_receive_ref;
122
123 static void proc_receive_ref_append(const char *prefix);
124
125 static enum deny_action parse_deny_action(const char *var, const char *value)
126 {
127 if (value) {
128 if (!strcasecmp(value, "ignore"))
129 return DENY_IGNORE;
130 if (!strcasecmp(value, "warn"))
131 return DENY_WARN;
132 if (!strcasecmp(value, "refuse"))
133 return DENY_REFUSE;
134 if (!strcasecmp(value, "updateinstead"))
135 return DENY_UPDATE_INSTEAD;
136 }
137 if (git_config_bool(var, value))
138 return DENY_REFUSE;
139 return DENY_IGNORE;
140 }
141
142 static int receive_pack_config(const char *var, const char *value,
143 const struct config_context *ctx, void *cb)
144 {
145 const char *msg_id;
146 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
147
148 if (status)
149 return status;
150
151 if (strcmp(var, "receive.denydeletes") == 0) {
152 deny_deletes = git_config_bool(var, value);
153 return 0;
154 }
155
156 if (strcmp(var, "receive.denynonfastforwards") == 0) {
157 deny_non_fast_forwards = git_config_bool(var, value);
158 return 0;
159 }
160
161 if (strcmp(var, "receive.unpacklimit") == 0) {
162 receive_unpack_limit = git_config_int(var, value, ctx->kvi);
163 return 0;
164 }
165
166 if (strcmp(var, "transfer.unpacklimit") == 0) {
167 transfer_unpack_limit = git_config_int(var, value, ctx->kvi);
168 return 0;
169 }
170
171 if (strcmp(var, "receive.fsck.skiplist") == 0) {
172 const char *path;
173
174 if (git_config_pathname(&path, var, value))
175 return 1;
176 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
177 fsck_msg_types.len ? ',' : '=', path);
178 free((char *)path);
179 return 0;
180 }
181
182 if (skip_prefix(var, "receive.fsck.", &msg_id)) {
183 if (!value)
184 return config_error_nonbool(var);
185 if (is_valid_msg_type(msg_id, value))
186 strbuf_addf(&fsck_msg_types, "%c%s=%s",
187 fsck_msg_types.len ? ',' : '=', msg_id, value);
188 else
189 warning("skipping unknown msg id '%s'", msg_id);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.fsckobjects") == 0) {
194 receive_fsck_objects = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "transfer.fsckobjects") == 0) {
199 transfer_fsck_objects = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (!strcmp(var, "receive.denycurrentbranch")) {
204 deny_current_branch = parse_deny_action(var, value);
205 return 0;
206 }
207
208 if (strcmp(var, "receive.denydeletecurrent") == 0) {
209 deny_delete_current = parse_deny_action(var, value);
210 return 0;
211 }
212
213 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
214 prefer_ofs_delta = git_config_bool(var, value);
215 return 0;
216 }
217
218 if (strcmp(var, "receive.updateserverinfo") == 0) {
219 auto_update_server_info = git_config_bool(var, value);
220 return 0;
221 }
222
223 if (strcmp(var, "receive.autogc") == 0) {
224 auto_gc = git_config_bool(var, value);
225 return 0;
226 }
227
228 if (strcmp(var, "receive.shallowupdate") == 0) {
229 shallow_update = git_config_bool(var, value);
230 return 0;
231 }
232
233 if (strcmp(var, "receive.certnonceseed") == 0)
234 return git_config_string(&cert_nonce_seed, var, value);
235
236 if (strcmp(var, "receive.certnonceslop") == 0) {
237 nonce_stamp_slop_limit = git_config_ulong(var, value, ctx->kvi);
238 return 0;
239 }
240
241 if (strcmp(var, "receive.advertiseatomic") == 0) {
242 advertise_atomic_push = git_config_bool(var, value);
243 return 0;
244 }
245
246 if (strcmp(var, "receive.advertisepushoptions") == 0) {
247 advertise_push_options = git_config_bool(var, value);
248 return 0;
249 }
250
251 if (strcmp(var, "receive.keepalive") == 0) {
252 keepalive_in_sec = git_config_int(var, value, ctx->kvi);
253 return 0;
254 }
255
256 if (strcmp(var, "receive.maxinputsize") == 0) {
257 max_input_size = git_config_int64(var, value, ctx->kvi);
258 return 0;
259 }
260
261 if (strcmp(var, "receive.procreceiverefs") == 0) {
262 if (!value)
263 return config_error_nonbool(var);
264 proc_receive_ref_append(value);
265 return 0;
266 }
267
268 if (strcmp(var, "transfer.advertisesid") == 0) {
269 advertise_sid = git_config_bool(var, value);
270 return 0;
271 }
272
273 return git_default_config(var, value, ctx, cb);
274 }
275
276 static void show_ref(const char *path, const struct object_id *oid)
277 {
278 if (sent_capabilities) {
279 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
280 } else {
281 struct strbuf cap = STRBUF_INIT;
282
283 strbuf_addstr(&cap,
284 "report-status report-status-v2 delete-refs side-band-64k quiet");
285 if (advertise_atomic_push)
286 strbuf_addstr(&cap, " atomic");
287 if (prefer_ofs_delta)
288 strbuf_addstr(&cap, " ofs-delta");
289 if (push_cert_nonce)
290 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
291 if (advertise_push_options)
292 strbuf_addstr(&cap, " push-options");
293 if (advertise_sid)
294 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
295 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
296 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
297 packet_write_fmt(1, "%s %s%c%s\n",
298 oid_to_hex(oid), path, 0, cap.buf);
299 strbuf_release(&cap);
300 sent_capabilities = 1;
301 }
302 }
303
304 static int show_ref_cb(const char *path_full, const struct object_id *oid,
305 int flag UNUSED, void *data)
306 {
307 struct oidset *seen = data;
308 const char *path = strip_namespace(path_full);
309
310 if (ref_is_hidden(path, path_full, &hidden_refs))
311 return 0;
312
313 /*
314 * Advertise refs outside our current namespace as ".have"
315 * refs, so that the client can use them to minimize data
316 * transfer but will otherwise ignore them.
317 */
318 if (!path) {
319 if (oidset_insert(seen, oid))
320 return 0;
321 path = ".have";
322 } else {
323 oidset_insert(seen, oid);
324 }
325 show_ref(path, oid);
326 return 0;
327 }
328
329 static void show_one_alternate_ref(const struct object_id *oid,
330 void *data)
331 {
332 struct oidset *seen = data;
333
334 if (oidset_insert(seen, oid))
335 return;
336
337 show_ref(".have", oid);
338 }
339
340 static void write_head_info(void)
341 {
342 static struct oidset seen = OIDSET_INIT;
343
344 refs_for_each_fullref_in(get_main_ref_store(the_repository), "",
345 hidden_refs_to_excludes(&hidden_refs),
346 show_ref_cb, &seen);
347 for_each_alternate_ref(show_one_alternate_ref, &seen);
348 oidset_clear(&seen);
349 if (!sent_capabilities)
350 show_ref("capabilities^{}", null_oid());
351
352 advertise_shallow_grafts(1);
353
354 /* EOF */
355 packet_flush(1);
356 }
357
358 #define RUN_PROC_RECEIVE_SCHEDULED 1
359 #define RUN_PROC_RECEIVE_RETURNED 2
360 struct command {
361 struct command *next;
362 const char *error_string;
363 struct ref_push_report *report;
364 unsigned int skip_update:1,
365 did_not_exist:1,
366 run_proc_receive:2;
367 int index;
368 struct object_id old_oid;
369 struct object_id new_oid;
370 char ref_name[FLEX_ARRAY]; /* more */
371 };
372
373 static void proc_receive_ref_append(const char *prefix)
374 {
375 struct proc_receive_ref *ref_pattern;
376 char *p;
377 int len;
378
379 CALLOC_ARRAY(ref_pattern, 1);
380 p = strchr(prefix, ':');
381 if (p) {
382 while (prefix < p) {
383 if (*prefix == 'a')
384 ref_pattern->want_add = 1;
385 else if (*prefix == 'd')
386 ref_pattern->want_delete = 1;
387 else if (*prefix == 'm')
388 ref_pattern->want_modify = 1;
389 else if (*prefix == '!')
390 ref_pattern->negative_ref = 1;
391 prefix++;
392 }
393 prefix++;
394 } else {
395 ref_pattern->want_add = 1;
396 ref_pattern->want_delete = 1;
397 ref_pattern->want_modify = 1;
398 }
399 len = strlen(prefix);
400 while (len && prefix[len - 1] == '/')
401 len--;
402 ref_pattern->ref_prefix = xmemdupz(prefix, len);
403 if (!proc_receive_ref) {
404 proc_receive_ref = ref_pattern;
405 } else {
406 struct proc_receive_ref *end;
407
408 end = proc_receive_ref;
409 while (end->next)
410 end = end->next;
411 end->next = ref_pattern;
412 }
413 }
414
415 static int proc_receive_ref_matches(struct command *cmd)
416 {
417 struct proc_receive_ref *p;
418
419 if (!proc_receive_ref)
420 return 0;
421
422 for (p = proc_receive_ref; p; p = p->next) {
423 const char *match = p->ref_prefix;
424 const char *remains;
425
426 if (!p->want_add && is_null_oid(&cmd->old_oid))
427 continue;
428 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
429 continue;
430 else if (!p->want_modify &&
431 !is_null_oid(&cmd->old_oid) &&
432 !is_null_oid(&cmd->new_oid))
433 continue;
434
435 if (skip_prefix(cmd->ref_name, match, &remains) &&
436 (!*remains || *remains == '/')) {
437 if (!p->negative_ref)
438 return 1;
439 } else if (p->negative_ref) {
440 return 1;
441 }
442 }
443 return 0;
444 }
445
446 static void report_message(const char *prefix, const char *err, va_list params)
447 {
448 int sz;
449 char msg[4096];
450
451 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
452 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
453 if (sz > (sizeof(msg) - 1))
454 sz = sizeof(msg) - 1;
455 msg[sz++] = '\n';
456
457 if (use_sideband)
458 send_sideband(1, 2, msg, sz, use_sideband);
459 else
460 xwrite(2, msg, sz);
461 }
462
463 __attribute__((format (printf, 1, 2)))
464 static void rp_warning(const char *err, ...)
465 {
466 va_list params;
467 va_start(params, err);
468 report_message("warning: ", err, params);
469 va_end(params);
470 }
471
472 __attribute__((format (printf, 1, 2)))
473 static void rp_error(const char *err, ...)
474 {
475 va_list params;
476 va_start(params, err);
477 report_message("error: ", err, params);
478 va_end(params);
479 }
480
481 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
482 {
483 char data[128];
484 int keepalive_active = 0;
485
486 if (keepalive_in_sec <= 0)
487 use_keepalive = KEEPALIVE_NEVER;
488 if (use_keepalive == KEEPALIVE_ALWAYS)
489 keepalive_active = 1;
490
491 while (1) {
492 ssize_t sz;
493
494 if (keepalive_active) {
495 struct pollfd pfd;
496 int ret;
497
498 pfd.fd = in;
499 pfd.events = POLLIN;
500 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
501
502 if (ret < 0) {
503 if (errno == EINTR)
504 continue;
505 else
506 break;
507 } else if (ret == 0) {
508 /* no data; send a keepalive packet */
509 static const char buf[] = "0005\1";
510 write_or_die(1, buf, sizeof(buf) - 1);
511 continue;
512 } /* else there is actual data to read */
513 }
514
515 sz = xread(in, data, sizeof(data));
516 if (sz <= 0)
517 break;
518
519 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
520 const char *p = memchr(data, '\0', sz);
521 if (p) {
522 /*
523 * The NUL tells us to start sending keepalives. Make
524 * sure we send any other data we read along
525 * with it.
526 */
527 keepalive_active = 1;
528 send_sideband(1, 2, data, p - data, use_sideband);
529 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
530 continue;
531 }
532 }
533
534 /*
535 * Either we're not looking for a NUL signal, or we didn't see
536 * it yet; just pass along the data.
537 */
538 send_sideband(1, 2, data, sz, use_sideband);
539 }
540 close(in);
541 return 0;
542 }
543
544 static void hmac_hash(unsigned char *out,
545 const char *key_in, size_t key_len,
546 const char *text, size_t text_len)
547 {
548 unsigned char key[GIT_MAX_BLKSZ];
549 unsigned char k_ipad[GIT_MAX_BLKSZ];
550 unsigned char k_opad[GIT_MAX_BLKSZ];
551 int i;
552 git_hash_ctx ctx;
553
554 /* RFC 2104 2. (1) */
555 memset(key, '\0', GIT_MAX_BLKSZ);
556 if (the_hash_algo->blksz < key_len) {
557 the_hash_algo->init_fn(&ctx);
558 the_hash_algo->update_fn(&ctx, key_in, key_len);
559 the_hash_algo->final_fn(key, &ctx);
560 } else {
561 memcpy(key, key_in, key_len);
562 }
563
564 /* RFC 2104 2. (2) & (5) */
565 for (i = 0; i < sizeof(key); i++) {
566 k_ipad[i] = key[i] ^ 0x36;
567 k_opad[i] = key[i] ^ 0x5c;
568 }
569
570 /* RFC 2104 2. (3) & (4) */
571 the_hash_algo->init_fn(&ctx);
572 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
573 the_hash_algo->update_fn(&ctx, text, text_len);
574 the_hash_algo->final_fn(out, &ctx);
575
576 /* RFC 2104 2. (6) & (7) */
577 the_hash_algo->init_fn(&ctx);
578 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
579 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
580 the_hash_algo->final_fn(out, &ctx);
581 }
582
583 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
584 {
585 struct strbuf buf = STRBUF_INIT;
586 unsigned char hash[GIT_MAX_RAWSZ];
587
588 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
589 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
590 strbuf_release(&buf);
591
592 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
593 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
594 return strbuf_detach(&buf, NULL);
595 }
596
597 static char *find_header(const char *msg, size_t len, const char *key,
598 const char **next_line)
599 {
600 size_t out_len;
601 const char *val = find_header_mem(msg, len, key, &out_len);
602
603 if (!val)
604 return NULL;
605
606 if (next_line)
607 *next_line = val + out_len + 1;
608
609 return xmemdupz(val, out_len);
610 }
611
612 /*
613 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
614 * This operation is guaranteed to run in constant time to avoid leaking data.
615 */
616 static int constant_memequal(const char *a, const char *b, size_t n)
617 {
618 int res = 0;
619 size_t i;
620
621 for (i = 0; i < n; i++)
622 res |= a[i] ^ b[i];
623 return res;
624 }
625
626 static const char *check_nonce(const char *buf, size_t len)
627 {
628 char *nonce = find_header(buf, len, "nonce", NULL);
629 timestamp_t stamp, ostamp;
630 char *bohmac, *expect = NULL;
631 const char *retval = NONCE_BAD;
632 size_t noncelen;
633
634 if (!nonce) {
635 retval = NONCE_MISSING;
636 goto leave;
637 } else if (!push_cert_nonce) {
638 retval = NONCE_UNSOLICITED;
639 goto leave;
640 } else if (!strcmp(push_cert_nonce, nonce)) {
641 retval = NONCE_OK;
642 goto leave;
643 }
644
645 if (!stateless_rpc) {
646 /* returned nonce MUST match what we gave out earlier */
647 retval = NONCE_BAD;
648 goto leave;
649 }
650
651 /*
652 * In stateless mode, we may be receiving a nonce issued by
653 * another instance of the server that serving the same
654 * repository, and the timestamps may not match, but the
655 * nonce-seed and dir should match, so we can recompute and
656 * report the time slop.
657 *
658 * In addition, when a nonce issued by another instance has
659 * timestamp within receive.certnonceslop seconds, we pretend
660 * as if we issued that nonce when reporting to the hook.
661 */
662
663 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
664 if (*nonce <= '0' || '9' < *nonce) {
665 retval = NONCE_BAD;
666 goto leave;
667 }
668 stamp = parse_timestamp(nonce, &bohmac, 10);
669 if (bohmac == nonce || bohmac[0] != '-') {
670 retval = NONCE_BAD;
671 goto leave;
672 }
673
674 noncelen = strlen(nonce);
675 expect = prepare_push_cert_nonce(service_dir, stamp);
676 if (noncelen != strlen(expect)) {
677 /* This is not even the right size. */
678 retval = NONCE_BAD;
679 goto leave;
680 }
681 if (constant_memequal(expect, nonce, noncelen)) {
682 /* Not what we would have signed earlier */
683 retval = NONCE_BAD;
684 goto leave;
685 }
686
687 /*
688 * By how many seconds is this nonce stale? Negative value
689 * would mean it was issued by another server with its clock
690 * skewed in the future.
691 */
692 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
693 nonce_stamp_slop = (long)ostamp - (long)stamp;
694
695 if (nonce_stamp_slop_limit &&
696 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
697 /*
698 * Pretend as if the received nonce (which passes the
699 * HMAC check, so it is not a forged by third-party)
700 * is what we issued.
701 */
702 free((void *)push_cert_nonce);
703 push_cert_nonce = xstrdup(nonce);
704 retval = NONCE_OK;
705 } else {
706 retval = NONCE_SLOP;
707 }
708
709 leave:
710 free(nonce);
711 free(expect);
712 return retval;
713 }
714
715 /*
716 * Return 1 if there is no push_cert or if the push options in push_cert are
717 * the same as those in the argument; 0 otherwise.
718 */
719 static int check_cert_push_options(const struct string_list *push_options)
720 {
721 const char *buf = push_cert.buf;
722 int len = push_cert.len;
723
724 char *option;
725 const char *next_line;
726 int options_seen = 0;
727
728 int retval = 1;
729
730 if (!len)
731 return 1;
732
733 while ((option = find_header(buf, len, "push-option", &next_line))) {
734 len -= (next_line - buf);
735 buf = next_line;
736 options_seen++;
737 if (options_seen > push_options->nr
738 || strcmp(option,
739 push_options->items[options_seen - 1].string)) {
740 retval = 0;
741 goto leave;
742 }
743 free(option);
744 }
745
746 if (options_seen != push_options->nr)
747 retval = 0;
748
749 leave:
750 free(option);
751 return retval;
752 }
753
754 static void prepare_push_cert_sha1(struct child_process *proc)
755 {
756 static int already_done;
757
758 if (!push_cert.len)
759 return;
760
761 if (!already_done) {
762 int bogs /* beginning_of_gpg_sig */;
763
764 already_done = 1;
765 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
766 &push_cert_oid))
767 oidclr(&push_cert_oid);
768
769 memset(&sigcheck, '\0', sizeof(sigcheck));
770
771 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
772 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
773 sigcheck.payload_len = bogs;
774 check_signature(&sigcheck, push_cert.buf + bogs,
775 push_cert.len - bogs);
776
777 nonce_status = check_nonce(push_cert.buf, bogs);
778 }
779 if (!is_null_oid(&push_cert_oid)) {
780 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
781 oid_to_hex(&push_cert_oid));
782 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
783 sigcheck.signer ? sigcheck.signer : "");
784 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
785 sigcheck.key ? sigcheck.key : "");
786 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
787 sigcheck.result);
788 if (push_cert_nonce) {
789 strvec_pushf(&proc->env,
790 "GIT_PUSH_CERT_NONCE=%s",
791 push_cert_nonce);
792 strvec_pushf(&proc->env,
793 "GIT_PUSH_CERT_NONCE_STATUS=%s",
794 nonce_status);
795 if (nonce_status == NONCE_SLOP)
796 strvec_pushf(&proc->env,
797 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
798 nonce_stamp_slop);
799 }
800 }
801 }
802
803 struct receive_hook_feed_state {
804 struct command *cmd;
805 struct ref_push_report *report;
806 int skip_broken;
807 struct strbuf buf;
808 const struct string_list *push_options;
809 };
810
811 typedef int (*feed_fn)(void *, const char **, size_t *);
812 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
813 struct receive_hook_feed_state *feed_state)
814 {
815 struct child_process proc = CHILD_PROCESS_INIT;
816 struct async muxer;
817 int code;
818 const char *hook_path = find_hook(hook_name);
819
820 if (!hook_path)
821 return 0;
822
823 strvec_push(&proc.args, hook_path);
824 proc.in = -1;
825 proc.stdout_to_stderr = 1;
826 proc.trace2_hook_name = hook_name;
827
828 if (feed_state->push_options) {
829 size_t i;
830 for (i = 0; i < feed_state->push_options->nr; i++)
831 strvec_pushf(&proc.env,
832 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
833 (uintmax_t)i,
834 feed_state->push_options->items[i].string);
835 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
836 (uintmax_t)feed_state->push_options->nr);
837 } else
838 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
839
840 if (tmp_objdir)
841 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
842
843 if (use_sideband) {
844 memset(&muxer, 0, sizeof(muxer));
845 muxer.proc = copy_to_sideband;
846 muxer.in = -1;
847 code = start_async(&muxer);
848 if (code)
849 return code;
850 proc.err = muxer.in;
851 }
852
853 prepare_push_cert_sha1(&proc);
854
855 code = start_command(&proc);
856 if (code) {
857 if (use_sideband)
858 finish_async(&muxer);
859 return code;
860 }
861
862 sigchain_push(SIGPIPE, SIG_IGN);
863
864 while (1) {
865 const char *buf;
866 size_t n;
867 if (feed(feed_state, &buf, &n))
868 break;
869 if (write_in_full(proc.in, buf, n) < 0)
870 break;
871 }
872 close(proc.in);
873 if (use_sideband)
874 finish_async(&muxer);
875
876 sigchain_pop(SIGPIPE);
877
878 return finish_command(&proc);
879 }
880
881 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
882 {
883 struct receive_hook_feed_state *state = state_;
884 struct command *cmd = state->cmd;
885
886 while (cmd &&
887 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
888 cmd = cmd->next;
889 if (!cmd)
890 return -1; /* EOF */
891 if (!bufp)
892 return 0; /* OK, can feed something. */
893 strbuf_reset(&state->buf);
894 if (!state->report)
895 state->report = cmd->report;
896 if (state->report) {
897 struct object_id *old_oid;
898 struct object_id *new_oid;
899 const char *ref_name;
900
901 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
902 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
903 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
904 strbuf_addf(&state->buf, "%s %s %s\n",
905 oid_to_hex(old_oid), oid_to_hex(new_oid),
906 ref_name);
907 state->report = state->report->next;
908 if (!state->report)
909 state->cmd = cmd->next;
910 } else {
911 strbuf_addf(&state->buf, "%s %s %s\n",
912 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
913 cmd->ref_name);
914 state->cmd = cmd->next;
915 }
916 if (bufp) {
917 *bufp = state->buf.buf;
918 *sizep = state->buf.len;
919 }
920 return 0;
921 }
922
923 static int run_receive_hook(struct command *commands,
924 const char *hook_name,
925 int skip_broken,
926 const struct string_list *push_options)
927 {
928 struct receive_hook_feed_state state;
929 int status;
930
931 strbuf_init(&state.buf, 0);
932 state.cmd = commands;
933 state.skip_broken = skip_broken;
934 state.report = NULL;
935 if (feed_receive_hook(&state, NULL, NULL))
936 return 0;
937 state.cmd = commands;
938 state.push_options = push_options;
939 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
940 strbuf_release(&state.buf);
941 return status;
942 }
943
944 static int run_update_hook(struct command *cmd)
945 {
946 struct child_process proc = CHILD_PROCESS_INIT;
947 int code;
948 const char *hook_path = find_hook("update");
949
950 if (!hook_path)
951 return 0;
952
953 strvec_push(&proc.args, hook_path);
954 strvec_push(&proc.args, cmd->ref_name);
955 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
956 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
957
958 proc.no_stdin = 1;
959 proc.stdout_to_stderr = 1;
960 proc.err = use_sideband ? -1 : 0;
961 proc.trace2_hook_name = "update";
962
963 code = start_command(&proc);
964 if (code)
965 return code;
966 if (use_sideband)
967 copy_to_sideband(proc.err, -1, NULL);
968 return finish_command(&proc);
969 }
970
971 static struct command *find_command_by_refname(struct command *list,
972 const char *refname)
973 {
974 for (; list; list = list->next)
975 if (!strcmp(list->ref_name, refname))
976 return list;
977 return NULL;
978 }
979
980 static int read_proc_receive_report(struct packet_reader *reader,
981 struct command *commands,
982 struct strbuf *errmsg)
983 {
984 struct command *cmd;
985 struct command *hint = NULL;
986 struct ref_push_report *report = NULL;
987 int new_report = 0;
988 int code = 0;
989 int once = 0;
990 int response = 0;
991
992 for (;;) {
993 struct object_id old_oid, new_oid;
994 const char *head;
995 const char *refname;
996 char *p;
997 enum packet_read_status status;
998
999 status = packet_reader_read(reader);
1000 if (status != PACKET_READ_NORMAL) {
1001 /* Check whether proc-receive exited abnormally */
1002 if (status == PACKET_READ_EOF && !response) {
1003 strbuf_addstr(errmsg, "proc-receive exited abnormally");
1004 return -1;
1005 }
1006 break;
1007 }
1008 response++;
1009
1010 head = reader->line;
1011 p = strchr(head, ' ');
1012 if (!p) {
1013 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1014 code = -1;
1015 continue;
1016 }
1017 *p++ = '\0';
1018 if (!strcmp(head, "option")) {
1019 const char *key, *val;
1020
1021 if (!hint || !(report || new_report)) {
1022 if (!once++)
1023 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1024 code = -1;
1025 continue;
1026 }
1027 if (new_report) {
1028 if (!hint->report) {
1029 CALLOC_ARRAY(hint->report, 1);
1030 report = hint->report;
1031 } else {
1032 report = hint->report;
1033 while (report->next)
1034 report = report->next;
1035 report->next = xcalloc(1, sizeof(struct ref_push_report));
1036 report = report->next;
1037 }
1038 new_report = 0;
1039 }
1040 key = p;
1041 p = strchr(key, ' ');
1042 if (p)
1043 *p++ = '\0';
1044 val = p;
1045 if (!strcmp(key, "refname"))
1046 report->ref_name = xstrdup_or_null(val);
1047 else if (!strcmp(key, "old-oid") && val &&
1048 !parse_oid_hex(val, &old_oid, &val))
1049 report->old_oid = oiddup(&old_oid);
1050 else if (!strcmp(key, "new-oid") && val &&
1051 !parse_oid_hex(val, &new_oid, &val))
1052 report->new_oid = oiddup(&new_oid);
1053 else if (!strcmp(key, "forced-update"))
1054 report->forced_update = 1;
1055 else if (!strcmp(key, "fall-through"))
1056 /* Fall through, let 'receive-pack' to execute it. */
1057 hint->run_proc_receive = 0;
1058 continue;
1059 }
1060
1061 report = NULL;
1062 new_report = 0;
1063 refname = p;
1064 p = strchr(refname, ' ');
1065 if (p)
1066 *p++ = '\0';
1067 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1068 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1069 head, refname);
1070 code = -1;
1071 continue;
1072 }
1073
1074 /* first try searching at our hint, falling back to all refs */
1075 if (hint)
1076 hint = find_command_by_refname(hint, refname);
1077 if (!hint)
1078 hint = find_command_by_refname(commands, refname);
1079 if (!hint) {
1080 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1081 refname);
1082 code = -1;
1083 continue;
1084 }
1085 if (!hint->run_proc_receive) {
1086 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1087 refname);
1088 code = -1;
1089 continue;
1090 }
1091 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1092 if (!strcmp(head, "ng")) {
1093 if (p)
1094 hint->error_string = xstrdup(p);
1095 else
1096 hint->error_string = "failed";
1097 code = -1;
1098 continue;
1099 }
1100 new_report = 1;
1101 }
1102
1103 for (cmd = commands; cmd; cmd = cmd->next)
1104 if (cmd->run_proc_receive && !cmd->error_string &&
1105 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1106 cmd->error_string = "proc-receive failed to report status";
1107 code = -1;
1108 }
1109 return code;
1110 }
1111
1112 static int run_proc_receive_hook(struct command *commands,
1113 const struct string_list *push_options)
1114 {
1115 struct child_process proc = CHILD_PROCESS_INIT;
1116 struct async muxer;
1117 struct command *cmd;
1118 struct packet_reader reader;
1119 struct strbuf cap = STRBUF_INIT;
1120 struct strbuf errmsg = STRBUF_INIT;
1121 int hook_use_push_options = 0;
1122 int version = 0;
1123 int code;
1124 const char *hook_path = find_hook("proc-receive");
1125
1126 if (!hook_path) {
1127 rp_error("cannot find hook 'proc-receive'");
1128 return -1;
1129 }
1130
1131 strvec_push(&proc.args, hook_path);
1132 proc.in = -1;
1133 proc.out = -1;
1134 proc.trace2_hook_name = "proc-receive";
1135
1136 if (use_sideband) {
1137 memset(&muxer, 0, sizeof(muxer));
1138 muxer.proc = copy_to_sideband;
1139 muxer.in = -1;
1140 code = start_async(&muxer);
1141 if (code)
1142 return code;
1143 proc.err = muxer.in;
1144 } else {
1145 proc.err = 0;
1146 }
1147
1148 code = start_command(&proc);
1149 if (code) {
1150 if (use_sideband)
1151 finish_async(&muxer);
1152 return code;
1153 }
1154
1155 sigchain_push(SIGPIPE, SIG_IGN);
1156
1157 /* Version negotiaton */
1158 packet_reader_init(&reader, proc.out, NULL, 0,
1159 PACKET_READ_CHOMP_NEWLINE |
1160 PACKET_READ_GENTLE_ON_EOF);
1161 if (use_atomic)
1162 strbuf_addstr(&cap, " atomic");
1163 if (use_push_options)
1164 strbuf_addstr(&cap, " push-options");
1165 if (cap.len) {
1166 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1167 strbuf_release(&cap);
1168 } else {
1169 code = packet_write_fmt_gently(proc.in, "version=1\n");
1170 }
1171 if (!code)
1172 code = packet_flush_gently(proc.in);
1173
1174 if (!code)
1175 for (;;) {
1176 int linelen;
1177 enum packet_read_status status;
1178
1179 status = packet_reader_read(&reader);
1180 if (status != PACKET_READ_NORMAL) {
1181 /* Check whether proc-receive exited abnormally */
1182 if (status == PACKET_READ_EOF)
1183 code = -1;
1184 break;
1185 }
1186
1187 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1188 version = atoi(reader.line + 8);
1189 linelen = strlen(reader.line);
1190 if (linelen < reader.pktlen) {
1191 const char *feature_list = reader.line + linelen + 1;
1192 if (parse_feature_request(feature_list, "push-options"))
1193 hook_use_push_options = 1;
1194 }
1195 }
1196 }
1197
1198 if (code) {
1199 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1200 goto cleanup;
1201 }
1202
1203 switch (version) {
1204 case 0:
1205 /* fallthrough */
1206 case 1:
1207 break;
1208 default:
1209 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1210 version);
1211 code = -1;
1212 goto cleanup;
1213 }
1214
1215 /* Send commands */
1216 for (cmd = commands; cmd; cmd = cmd->next) {
1217 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1218 continue;
1219 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1220 oid_to_hex(&cmd->old_oid),
1221 oid_to_hex(&cmd->new_oid),
1222 cmd->ref_name);
1223 if (code)
1224 break;
1225 }
1226 if (!code)
1227 code = packet_flush_gently(proc.in);
1228 if (code) {
1229 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1230 goto cleanup;
1231 }
1232
1233 /* Send push options */
1234 if (hook_use_push_options) {
1235 struct string_list_item *item;
1236
1237 for_each_string_list_item(item, push_options) {
1238 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1239 if (code)
1240 break;
1241 }
1242 if (!code)
1243 code = packet_flush_gently(proc.in);
1244 if (code) {
1245 strbuf_addstr(&errmsg,
1246 "fail to write push-options to proc-receive hook");
1247 goto cleanup;
1248 }
1249 }
1250
1251 /* Read result from proc-receive */
1252 code = read_proc_receive_report(&reader, commands, &errmsg);
1253
1254 cleanup:
1255 close(proc.in);
1256 close(proc.out);
1257 if (use_sideband)
1258 finish_async(&muxer);
1259 if (finish_command(&proc))
1260 code = -1;
1261 if (errmsg.len >0) {
1262 char *p = errmsg.buf;
1263
1264 p += errmsg.len - 1;
1265 if (*p == '\n')
1266 *p = '\0';
1267 rp_error("%s", errmsg.buf);
1268 strbuf_release(&errmsg);
1269 }
1270 sigchain_pop(SIGPIPE);
1271
1272 return code;
1273 }
1274
1275 static char *refuse_unconfigured_deny_msg =
1276 N_("By default, updating the current branch in a non-bare repository\n"
1277 "is denied, because it will make the index and work tree inconsistent\n"
1278 "with what you pushed, and will require 'git reset --hard' to match\n"
1279 "the work tree to HEAD.\n"
1280 "\n"
1281 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1282 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1283 "its current branch; however, this is not recommended unless you\n"
1284 "arranged to update its work tree to match what you pushed in some\n"
1285 "other way.\n"
1286 "\n"
1287 "To squelch this message and still keep the default behaviour, set\n"
1288 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1289
1290 static void refuse_unconfigured_deny(void)
1291 {
1292 rp_error("%s", _(refuse_unconfigured_deny_msg));
1293 }
1294
1295 static char *refuse_unconfigured_deny_delete_current_msg =
1296 N_("By default, deleting the current branch is denied, because the next\n"
1297 "'git clone' won't result in any file checked out, causing confusion.\n"
1298 "\n"
1299 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1300 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1301 "current branch, with or without a warning message.\n"
1302 "\n"
1303 "To squelch this message, you can set it to 'refuse'.");
1304
1305 static void refuse_unconfigured_deny_delete_current(void)
1306 {
1307 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1308 }
1309
1310 static const struct object_id *command_singleton_iterator(void *cb_data);
1311 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1312 {
1313 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1314 struct oid_array extra = OID_ARRAY_INIT;
1315 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1316 uint32_t mask = 1 << (cmd->index % 32);
1317 int i;
1318
1319 trace_printf_key(&trace_shallow,
1320 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1321 for (i = 0; i < si->shallow->nr; i++)
1322 if (si->used_shallow[i] &&
1323 (si->used_shallow[i][cmd->index / 32] & mask) &&
1324 !delayed_reachability_test(si, i))
1325 oid_array_append(&extra, &si->shallow->oid[i]);
1326
1327 opt.env = tmp_objdir_env(tmp_objdir);
1328 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1329 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1330 rollback_shallow_file(the_repository, &shallow_lock);
1331 oid_array_clear(&extra);
1332 return -1;
1333 }
1334
1335 commit_shallow_file(the_repository, &shallow_lock);
1336
1337 /*
1338 * Make sure setup_alternate_shallow() for the next ref does
1339 * not lose these new roots..
1340 */
1341 for (i = 0; i < extra.nr; i++)
1342 register_shallow(the_repository, &extra.oid[i]);
1343
1344 si->shallow_ref[cmd->index] = 0;
1345 oid_array_clear(&extra);
1346 return 0;
1347 }
1348
1349 /*
1350 * NEEDSWORK: we should consolidate various implementions of "are we
1351 * on an unborn branch?" test into one, and make the unified one more
1352 * robust. !get_sha1() based check used here and elsewhere would not
1353 * allow us to tell an unborn branch from corrupt ref, for example.
1354 * For the purpose of fixing "deploy-to-update does not work when
1355 * pushing into an empty repository" issue, this should suffice for
1356 * now.
1357 */
1358 static int head_has_history(void)
1359 {
1360 struct object_id oid;
1361
1362 return !repo_get_oid(the_repository, "HEAD", &oid);
1363 }
1364
1365 static const char *push_to_deploy(unsigned char *sha1,
1366 struct strvec *env,
1367 const char *work_tree)
1368 {
1369 struct child_process child = CHILD_PROCESS_INIT;
1370
1371 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1372 "--refresh", NULL);
1373 strvec_pushv(&child.env, env->v);
1374 child.dir = work_tree;
1375 child.no_stdin = 1;
1376 child.stdout_to_stderr = 1;
1377 child.git_cmd = 1;
1378 if (run_command(&child))
1379 return "Up-to-date check failed";
1380
1381 /* run_command() does not clean up completely; reinitialize */
1382 child_process_init(&child);
1383 strvec_pushl(&child.args, "diff-files", "--quiet",
1384 "--ignore-submodules", "--", NULL);
1385 strvec_pushv(&child.env, env->v);
1386 child.dir = work_tree;
1387 child.no_stdin = 1;
1388 child.stdout_to_stderr = 1;
1389 child.git_cmd = 1;
1390 if (run_command(&child))
1391 return "Working directory has unstaged changes";
1392
1393 child_process_init(&child);
1394 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1395 "--ignore-submodules",
1396 /* diff-index with either HEAD or an empty tree */
1397 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1398 "--", NULL);
1399 strvec_pushv(&child.env, env->v);
1400 child.no_stdin = 1;
1401 child.no_stdout = 1;
1402 child.stdout_to_stderr = 0;
1403 child.git_cmd = 1;
1404 if (run_command(&child))
1405 return "Working directory has staged changes";
1406
1407 child_process_init(&child);
1408 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1409 NULL);
1410 strvec_pushv(&child.env, env->v);
1411 child.dir = work_tree;
1412 child.no_stdin = 1;
1413 child.no_stdout = 1;
1414 child.stdout_to_stderr = 0;
1415 child.git_cmd = 1;
1416 if (run_command(&child))
1417 return "Could not update working tree to new HEAD";
1418
1419 return NULL;
1420 }
1421
1422 static const char *push_to_checkout_hook = "push-to-checkout";
1423
1424 static const char *push_to_checkout(unsigned char *hash,
1425 int *invoked_hook,
1426 struct strvec *env,
1427 const char *work_tree)
1428 {
1429 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1430 opt.invoked_hook = invoked_hook;
1431
1432 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1433 strvec_pushv(&opt.env, env->v);
1434 strvec_push(&opt.args, hash_to_hex(hash));
1435 if (run_hooks_opt(push_to_checkout_hook, &opt))
1436 return "push-to-checkout hook declined";
1437 else
1438 return NULL;
1439 }
1440
1441 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1442 {
1443 const char *retval, *git_dir;
1444 struct strvec env = STRVEC_INIT;
1445 int invoked_hook;
1446
1447 if (!worktree || !worktree->path)
1448 BUG("worktree->path must be non-NULL");
1449
1450 if (worktree->is_bare)
1451 return "denyCurrentBranch = updateInstead needs a worktree";
1452 git_dir = get_worktree_git_dir(worktree);
1453
1454 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1455
1456 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1457 if (!invoked_hook)
1458 retval = push_to_deploy(sha1, &env, worktree->path);
1459
1460 strvec_clear(&env);
1461 return retval;
1462 }
1463
1464 static const char *update(struct command *cmd, struct shallow_info *si)
1465 {
1466 const char *name = cmd->ref_name;
1467 struct strbuf namespaced_name_buf = STRBUF_INIT;
1468 static char *namespaced_name;
1469 const char *ret;
1470 struct object_id *old_oid = &cmd->old_oid;
1471 struct object_id *new_oid = &cmd->new_oid;
1472 int do_update_worktree = 0;
1473 struct worktree **worktrees = get_worktrees();
1474 const struct worktree *worktree =
1475 find_shared_symref(worktrees, "HEAD", name);
1476
1477 /* only refs/... are allowed */
1478 if (!starts_with(name, "refs/") ||
1479 check_refname_format(name + 5, is_null_oid(new_oid) ?
1480 REFNAME_ALLOW_ONELEVEL : 0)) {
1481 rp_error("refusing to update funny ref '%s' remotely", name);
1482 ret = "funny refname";
1483 goto out;
1484 }
1485
1486 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1487 free(namespaced_name);
1488 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1489
1490 if (worktree && !worktree->is_bare) {
1491 switch (deny_current_branch) {
1492 case DENY_IGNORE:
1493 break;
1494 case DENY_WARN:
1495 rp_warning("updating the current branch");
1496 break;
1497 case DENY_REFUSE:
1498 case DENY_UNCONFIGURED:
1499 rp_error("refusing to update checked out branch: %s", name);
1500 if (deny_current_branch == DENY_UNCONFIGURED)
1501 refuse_unconfigured_deny();
1502 ret = "branch is currently checked out";
1503 goto out;
1504 case DENY_UPDATE_INSTEAD:
1505 /* pass -- let other checks intervene first */
1506 do_update_worktree = 1;
1507 break;
1508 }
1509 }
1510
1511 if (!is_null_oid(new_oid) && !repo_has_object_file(the_repository, new_oid)) {
1512 error("unpack should have generated %s, "
1513 "but I can't find it!", oid_to_hex(new_oid));
1514 ret = "bad pack";
1515 goto out;
1516 }
1517
1518 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1519 if (deny_deletes && starts_with(name, "refs/heads/")) {
1520 rp_error("denying ref deletion for %s", name);
1521 ret = "deletion prohibited";
1522 goto out;
1523 }
1524
1525 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1526 switch (deny_delete_current) {
1527 case DENY_IGNORE:
1528 break;
1529 case DENY_WARN:
1530 rp_warning("deleting the current branch");
1531 break;
1532 case DENY_REFUSE:
1533 case DENY_UNCONFIGURED:
1534 case DENY_UPDATE_INSTEAD:
1535 if (deny_delete_current == DENY_UNCONFIGURED)
1536 refuse_unconfigured_deny_delete_current();
1537 rp_error("refusing to delete the current branch: %s", name);
1538 ret = "deletion of the current branch prohibited";
1539 goto out;
1540 default:
1541 ret = "Invalid denyDeleteCurrent setting";
1542 goto out;
1543 }
1544 }
1545 }
1546
1547 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1548 !is_null_oid(old_oid) &&
1549 starts_with(name, "refs/heads/")) {
1550 struct object *old_object, *new_object;
1551 struct commit *old_commit, *new_commit;
1552
1553 old_object = parse_object(the_repository, old_oid);
1554 new_object = parse_object(the_repository, new_oid);
1555
1556 if (!old_object || !new_object ||
1557 old_object->type != OBJ_COMMIT ||
1558 new_object->type != OBJ_COMMIT) {
1559 error("bad sha1 objects for %s", name);
1560 ret = "bad ref";
1561 goto out;
1562 }
1563 old_commit = (struct commit *)old_object;
1564 new_commit = (struct commit *)new_object;
1565 if (!repo_in_merge_bases(the_repository, old_commit, new_commit)) {
1566 rp_error("denying non-fast-forward %s"
1567 " (you should pull first)", name);
1568 ret = "non-fast-forward";
1569 goto out;
1570 }
1571 }
1572 if (run_update_hook(cmd)) {
1573 rp_error("hook declined to update %s", name);
1574 ret = "hook declined";
1575 goto out;
1576 }
1577
1578 if (do_update_worktree) {
1579 ret = update_worktree(new_oid->hash, worktree);
1580 if (ret)
1581 goto out;
1582 }
1583
1584 if (is_null_oid(new_oid)) {
1585 struct strbuf err = STRBUF_INIT;
1586 if (!parse_object(the_repository, old_oid)) {
1587 old_oid = NULL;
1588 if (ref_exists(name)) {
1589 rp_warning("allowing deletion of corrupt ref");
1590 } else {
1591 rp_warning("deleting a non-existent ref");
1592 cmd->did_not_exist = 1;
1593 }
1594 }
1595 if (ref_transaction_delete(transaction,
1596 namespaced_name,
1597 old_oid,
1598 0, "push", &err)) {
1599 rp_error("%s", err.buf);
1600 ret = "failed to delete";
1601 } else {
1602 ret = NULL; /* good */
1603 }
1604 strbuf_release(&err);
1605 }
1606 else {
1607 struct strbuf err = STRBUF_INIT;
1608 if (shallow_update && si->shallow_ref[cmd->index] &&
1609 update_shallow_ref(cmd, si)) {
1610 ret = "shallow error";
1611 goto out;
1612 }
1613
1614 if (ref_transaction_update(transaction,
1615 namespaced_name,
1616 new_oid, old_oid,
1617 0, "push",
1618 &err)) {
1619 rp_error("%s", err.buf);
1620 ret = "failed to update ref";
1621 } else {
1622 ret = NULL; /* good */
1623 }
1624 strbuf_release(&err);
1625 }
1626
1627 out:
1628 free_worktrees(worktrees);
1629 return ret;
1630 }
1631
1632 static void run_update_post_hook(struct command *commands)
1633 {
1634 struct command *cmd;
1635 struct child_process proc = CHILD_PROCESS_INIT;
1636 const char *hook;
1637
1638 hook = find_hook("post-update");
1639 if (!hook)
1640 return;
1641
1642 for (cmd = commands; cmd; cmd = cmd->next) {
1643 if (cmd->error_string || cmd->did_not_exist)
1644 continue;
1645 if (!proc.args.nr)
1646 strvec_push(&proc.args, hook);
1647 strvec_push(&proc.args, cmd->ref_name);
1648 }
1649 if (!proc.args.nr)
1650 return;
1651
1652 proc.no_stdin = 1;
1653 proc.stdout_to_stderr = 1;
1654 proc.err = use_sideband ? -1 : 0;
1655 proc.trace2_hook_name = "post-update";
1656
1657 if (!start_command(&proc)) {
1658 if (use_sideband)
1659 copy_to_sideband(proc.err, -1, NULL);
1660 finish_command(&proc);
1661 }
1662 }
1663
1664 static void check_aliased_update_internal(struct command *cmd,
1665 struct string_list *list,
1666 const char *dst_name, int flag)
1667 {
1668 struct string_list_item *item;
1669 struct command *dst_cmd;
1670
1671 if (!(flag & REF_ISSYMREF))
1672 return;
1673
1674 if (!dst_name) {
1675 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1676 cmd->skip_update = 1;
1677 cmd->error_string = "broken symref";
1678 return;
1679 }
1680 dst_name = strip_namespace(dst_name);
1681
1682 if (!(item = string_list_lookup(list, dst_name)))
1683 return;
1684
1685 cmd->skip_update = 1;
1686
1687 dst_cmd = (struct command *) item->util;
1688
1689 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1690 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1691 return;
1692
1693 dst_cmd->skip_update = 1;
1694
1695 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1696 " its target '%s' (%s..%s)",
1697 cmd->ref_name,
1698 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1699 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1700 dst_cmd->ref_name,
1701 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1702 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1703
1704 cmd->error_string = dst_cmd->error_string =
1705 "inconsistent aliased update";
1706 }
1707
1708 static void check_aliased_update(struct command *cmd, struct string_list *list)
1709 {
1710 struct strbuf buf = STRBUF_INIT;
1711 const char *dst_name;
1712 int flag;
1713
1714 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1715 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1716 check_aliased_update_internal(cmd, list, dst_name, flag);
1717 strbuf_release(&buf);
1718 }
1719
1720 static void check_aliased_updates(struct command *commands)
1721 {
1722 struct command *cmd;
1723 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1724
1725 for (cmd = commands; cmd; cmd = cmd->next) {
1726 struct string_list_item *item =
1727 string_list_append(&ref_list, cmd->ref_name);
1728 item->util = (void *)cmd;
1729 }
1730 string_list_sort(&ref_list);
1731
1732 for (cmd = commands; cmd; cmd = cmd->next) {
1733 if (!cmd->error_string)
1734 check_aliased_update(cmd, &ref_list);
1735 }
1736
1737 string_list_clear(&ref_list, 0);
1738 }
1739
1740 static const struct object_id *command_singleton_iterator(void *cb_data)
1741 {
1742 struct command **cmd_list = cb_data;
1743 struct command *cmd = *cmd_list;
1744
1745 if (!cmd || is_null_oid(&cmd->new_oid))
1746 return NULL;
1747 *cmd_list = NULL; /* this returns only one */
1748 return &cmd->new_oid;
1749 }
1750
1751 static void set_connectivity_errors(struct command *commands,
1752 struct shallow_info *si)
1753 {
1754 struct command *cmd;
1755
1756 for (cmd = commands; cmd; cmd = cmd->next) {
1757 struct command *singleton = cmd;
1758 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1759
1760 if (shallow_update && si->shallow_ref[cmd->index])
1761 /* to be checked in update_shallow_ref() */
1762 continue;
1763
1764 opt.env = tmp_objdir_env(tmp_objdir);
1765 if (!check_connected(command_singleton_iterator, &singleton,
1766 &opt))
1767 continue;
1768
1769 cmd->error_string = "missing necessary objects";
1770 }
1771 }
1772
1773 struct iterate_data {
1774 struct command *cmds;
1775 struct shallow_info *si;
1776 };
1777
1778 static const struct object_id *iterate_receive_command_list(void *cb_data)
1779 {
1780 struct iterate_data *data = cb_data;
1781 struct command **cmd_list = &data->cmds;
1782 struct command *cmd = *cmd_list;
1783
1784 for (; cmd; cmd = cmd->next) {
1785 if (shallow_update && data->si->shallow_ref[cmd->index])
1786 /* to be checked in update_shallow_ref() */
1787 continue;
1788 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1789 *cmd_list = cmd->next;
1790 return &cmd->new_oid;
1791 }
1792 }
1793 return NULL;
1794 }
1795
1796 static void reject_updates_to_hidden(struct command *commands)
1797 {
1798 struct strbuf refname_full = STRBUF_INIT;
1799 size_t prefix_len;
1800 struct command *cmd;
1801
1802 strbuf_addstr(&refname_full, get_git_namespace());
1803 prefix_len = refname_full.len;
1804
1805 for (cmd = commands; cmd; cmd = cmd->next) {
1806 if (cmd->error_string)
1807 continue;
1808
1809 strbuf_setlen(&refname_full, prefix_len);
1810 strbuf_addstr(&refname_full, cmd->ref_name);
1811
1812 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1813 continue;
1814 if (is_null_oid(&cmd->new_oid))
1815 cmd->error_string = "deny deleting a hidden ref";
1816 else
1817 cmd->error_string = "deny updating a hidden ref";
1818 }
1819
1820 strbuf_release(&refname_full);
1821 }
1822
1823 static int should_process_cmd(struct command *cmd)
1824 {
1825 return !cmd->error_string && !cmd->skip_update;
1826 }
1827
1828 static void BUG_if_skipped_connectivity_check(struct command *commands,
1829 struct shallow_info *si)
1830 {
1831 struct command *cmd;
1832
1833 for (cmd = commands; cmd; cmd = cmd->next) {
1834 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1835 bug("connectivity check has not been run on ref %s",
1836 cmd->ref_name);
1837 }
1838 BUG_if_bug("connectivity check skipped???");
1839 }
1840
1841 static void execute_commands_non_atomic(struct command *commands,
1842 struct shallow_info *si)
1843 {
1844 struct command *cmd;
1845 struct strbuf err = STRBUF_INIT;
1846
1847 for (cmd = commands; cmd; cmd = cmd->next) {
1848 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1849 continue;
1850
1851 transaction = ref_transaction_begin(&err);
1852 if (!transaction) {
1853 rp_error("%s", err.buf);
1854 strbuf_reset(&err);
1855 cmd->error_string = "transaction failed to start";
1856 continue;
1857 }
1858
1859 cmd->error_string = update(cmd, si);
1860
1861 if (!cmd->error_string
1862 && ref_transaction_commit(transaction, &err)) {
1863 rp_error("%s", err.buf);
1864 strbuf_reset(&err);
1865 cmd->error_string = "failed to update ref";
1866 }
1867 ref_transaction_free(transaction);
1868 }
1869 strbuf_release(&err);
1870 }
1871
1872 static void execute_commands_atomic(struct command *commands,
1873 struct shallow_info *si)
1874 {
1875 struct command *cmd;
1876 struct strbuf err = STRBUF_INIT;
1877 const char *reported_error = "atomic push failure";
1878
1879 transaction = ref_transaction_begin(&err);
1880 if (!transaction) {
1881 rp_error("%s", err.buf);
1882 strbuf_reset(&err);
1883 reported_error = "transaction failed to start";
1884 goto failure;
1885 }
1886
1887 for (cmd = commands; cmd; cmd = cmd->next) {
1888 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1889 continue;
1890
1891 cmd->error_string = update(cmd, si);
1892
1893 if (cmd->error_string)
1894 goto failure;
1895 }
1896
1897 if (ref_transaction_commit(transaction, &err)) {
1898 rp_error("%s", err.buf);
1899 reported_error = "atomic transaction failed";
1900 goto failure;
1901 }
1902 goto cleanup;
1903
1904 failure:
1905 for (cmd = commands; cmd; cmd = cmd->next)
1906 if (!cmd->error_string)
1907 cmd->error_string = reported_error;
1908
1909 cleanup:
1910 ref_transaction_free(transaction);
1911 strbuf_release(&err);
1912 }
1913
1914 static void execute_commands(struct command *commands,
1915 const char *unpacker_error,
1916 struct shallow_info *si,
1917 const struct string_list *push_options)
1918 {
1919 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1920 struct command *cmd;
1921 struct iterate_data data;
1922 struct async muxer;
1923 int err_fd = 0;
1924 int run_proc_receive = 0;
1925
1926 if (unpacker_error) {
1927 for (cmd = commands; cmd; cmd = cmd->next)
1928 cmd->error_string = "unpacker error";
1929 return;
1930 }
1931
1932 if (use_sideband) {
1933 memset(&muxer, 0, sizeof(muxer));
1934 muxer.proc = copy_to_sideband;
1935 muxer.in = -1;
1936 if (!start_async(&muxer))
1937 err_fd = muxer.in;
1938 /* ...else, continue without relaying sideband */
1939 }
1940
1941 data.cmds = commands;
1942 data.si = si;
1943 opt.err_fd = err_fd;
1944 opt.progress = err_fd && !quiet;
1945 opt.env = tmp_objdir_env(tmp_objdir);
1946 opt.exclude_hidden_refs_section = "receive";
1947
1948 if (check_connected(iterate_receive_command_list, &data, &opt))
1949 set_connectivity_errors(commands, si);
1950
1951 if (use_sideband)
1952 finish_async(&muxer);
1953
1954 reject_updates_to_hidden(commands);
1955
1956 /*
1957 * Try to find commands that have special prefix in their reference names,
1958 * and mark them to run an external "proc-receive" hook later.
1959 */
1960 if (proc_receive_ref) {
1961 for (cmd = commands; cmd; cmd = cmd->next) {
1962 if (!should_process_cmd(cmd))
1963 continue;
1964
1965 if (proc_receive_ref_matches(cmd)) {
1966 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1967 run_proc_receive = 1;
1968 }
1969 }
1970 }
1971
1972 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1973 for (cmd = commands; cmd; cmd = cmd->next) {
1974 if (!cmd->error_string)
1975 cmd->error_string = "pre-receive hook declined";
1976 }
1977 return;
1978 }
1979
1980 /*
1981 * If there is no command ready to run, should return directly to destroy
1982 * temporary data in the quarantine area.
1983 */
1984 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1985 ; /* nothing */
1986 if (!cmd)
1987 return;
1988
1989 /*
1990 * Now we'll start writing out refs, which means the objects need
1991 * to be in their final positions so that other processes can see them.
1992 */
1993 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1994 for (cmd = commands; cmd; cmd = cmd->next) {
1995 if (!cmd->error_string)
1996 cmd->error_string = "unable to migrate objects to permanent storage";
1997 }
1998 return;
1999 }
2000 tmp_objdir = NULL;
2001
2002 check_aliased_updates(commands);
2003
2004 free(head_name_to_free);
2005 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
2006
2007 if (run_proc_receive &&
2008 run_proc_receive_hook(commands, push_options))
2009 for (cmd = commands; cmd; cmd = cmd->next)
2010 if (!cmd->error_string &&
2011 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2012 (cmd->run_proc_receive || use_atomic))
2013 cmd->error_string = "fail to run proc-receive hook";
2014
2015 if (use_atomic)
2016 execute_commands_atomic(commands, si);
2017 else
2018 execute_commands_non_atomic(commands, si);
2019
2020 if (shallow_update)
2021 BUG_if_skipped_connectivity_check(commands, si);
2022 }
2023
2024 static struct command **queue_command(struct command **tail,
2025 const char *line,
2026 int linelen)
2027 {
2028 struct object_id old_oid, new_oid;
2029 struct command *cmd;
2030 const char *refname;
2031 int reflen;
2032 const char *p;
2033
2034 if (parse_oid_hex(line, &old_oid, &p) ||
2035 *p++ != ' ' ||
2036 parse_oid_hex(p, &new_oid, &p) ||
2037 *p++ != ' ')
2038 die("protocol error: expected old/new/ref, got '%s'", line);
2039
2040 refname = p;
2041 reflen = linelen - (p - line);
2042 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2043 oidcpy(&cmd->old_oid, &old_oid);
2044 oidcpy(&cmd->new_oid, &new_oid);
2045 *tail = cmd;
2046 return &cmd->next;
2047 }
2048
2049 static void free_commands(struct command *commands)
2050 {
2051 while (commands) {
2052 struct command *next = commands->next;
2053
2054 free(commands);
2055 commands = next;
2056 }
2057 }
2058
2059 static void queue_commands_from_cert(struct command **tail,
2060 struct strbuf *push_cert)
2061 {
2062 const char *boc, *eoc;
2063
2064 if (*tail)
2065 die("protocol error: got both push certificate and unsigned commands");
2066
2067 boc = strstr(push_cert->buf, "\n\n");
2068 if (!boc)
2069 die("malformed push certificate %.*s", 100, push_cert->buf);
2070 else
2071 boc += 2;
2072 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2073
2074 while (boc < eoc) {
2075 const char *eol = memchr(boc, '\n', eoc - boc);
2076 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2077 boc = eol ? eol + 1 : eoc;
2078 }
2079 }
2080
2081 static struct command *read_head_info(struct packet_reader *reader,
2082 struct oid_array *shallow)
2083 {
2084 struct command *commands = NULL;
2085 struct command **p = &commands;
2086 for (;;) {
2087 int linelen;
2088
2089 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2090 break;
2091
2092 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2093 struct object_id oid;
2094 if (get_oid_hex(reader->line + 8, &oid))
2095 die("protocol error: expected shallow sha, got '%s'",
2096 reader->line + 8);
2097 oid_array_append(shallow, &oid);
2098 continue;
2099 }
2100
2101 linelen = strlen(reader->line);
2102 if (linelen < reader->pktlen) {
2103 const char *feature_list = reader->line + linelen + 1;
2104 const char *hash = NULL;
2105 const char *client_sid;
2106 size_t len = 0;
2107 if (parse_feature_request(feature_list, "report-status"))
2108 report_status = 1;
2109 if (parse_feature_request(feature_list, "report-status-v2"))
2110 report_status_v2 = 1;
2111 if (parse_feature_request(feature_list, "side-band-64k"))
2112 use_sideband = LARGE_PACKET_MAX;
2113 if (parse_feature_request(feature_list, "quiet"))
2114 quiet = 1;
2115 if (advertise_atomic_push
2116 && parse_feature_request(feature_list, "atomic"))
2117 use_atomic = 1;
2118 if (advertise_push_options
2119 && parse_feature_request(feature_list, "push-options"))
2120 use_push_options = 1;
2121 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2122 if (!hash) {
2123 hash = hash_algos[GIT_HASH_SHA1].name;
2124 len = strlen(hash);
2125 }
2126 if (xstrncmpz(the_hash_algo->name, hash, len))
2127 die("error: unsupported object format '%s'", hash);
2128 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2129 if (client_sid) {
2130 char *sid = xstrndup(client_sid, len);
2131 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2132 free(sid);
2133 }
2134 }
2135
2136 if (!strcmp(reader->line, "push-cert")) {
2137 int true_flush = 0;
2138 int saved_options = reader->options;
2139 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2140
2141 for (;;) {
2142 packet_reader_read(reader);
2143 if (reader->status == PACKET_READ_FLUSH) {
2144 true_flush = 1;
2145 break;
2146 }
2147 if (reader->status != PACKET_READ_NORMAL) {
2148 die("protocol error: got an unexpected packet");
2149 }
2150 if (!strcmp(reader->line, "push-cert-end\n"))
2151 break; /* end of cert */
2152 strbuf_addstr(&push_cert, reader->line);
2153 }
2154 reader->options = saved_options;
2155
2156 if (true_flush)
2157 break;
2158 continue;
2159 }
2160
2161 p = queue_command(p, reader->line, linelen);
2162 }
2163
2164 if (push_cert.len)
2165 queue_commands_from_cert(p, &push_cert);
2166
2167 return commands;
2168 }
2169
2170 static void read_push_options(struct packet_reader *reader,
2171 struct string_list *options)
2172 {
2173 while (1) {
2174 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2175 break;
2176
2177 string_list_append(options, reader->line);
2178 }
2179 }
2180
2181 static const char *parse_pack_header(struct pack_header *hdr)
2182 {
2183 switch (read_pack_header(0, hdr)) {
2184 case PH_ERROR_EOF:
2185 return "eof before pack header was fully read";
2186
2187 case PH_ERROR_PACK_SIGNATURE:
2188 return "protocol error (pack signature mismatch detected)";
2189
2190 case PH_ERROR_PROTOCOL:
2191 return "protocol error (pack version unsupported)";
2192
2193 default:
2194 return "unknown error in parse_pack_header";
2195
2196 case 0:
2197 return NULL;
2198 }
2199 }
2200
2201 static struct tempfile *pack_lockfile;
2202
2203 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2204 {
2205 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2206 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2207 }
2208
2209 static const char *unpack(int err_fd, struct shallow_info *si)
2210 {
2211 struct pack_header hdr;
2212 const char *hdr_err;
2213 int status;
2214 struct child_process child = CHILD_PROCESS_INIT;
2215 int fsck_objects = (receive_fsck_objects >= 0
2216 ? receive_fsck_objects
2217 : transfer_fsck_objects >= 0
2218 ? transfer_fsck_objects
2219 : 0);
2220
2221 hdr_err = parse_pack_header(&hdr);
2222 if (hdr_err) {
2223 if (err_fd > 0)
2224 close(err_fd);
2225 return hdr_err;
2226 }
2227
2228 if (si->nr_ours || si->nr_theirs) {
2229 alt_shallow_file = setup_temporary_shallow(si->shallow);
2230 strvec_push(&child.args, "--shallow-file");
2231 strvec_push(&child.args, alt_shallow_file);
2232 }
2233
2234 tmp_objdir = tmp_objdir_create("incoming");
2235 if (!tmp_objdir) {
2236 if (err_fd > 0)
2237 close(err_fd);
2238 return "unable to create temporary object directory";
2239 }
2240 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2241
2242 /*
2243 * Normally we just pass the tmp_objdir environment to the child
2244 * processes that do the heavy lifting, but we may need to see these
2245 * objects ourselves to set up shallow information.
2246 */
2247 tmp_objdir_add_as_alternate(tmp_objdir);
2248
2249 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2250 strvec_push(&child.args, "unpack-objects");
2251 push_header_arg(&child.args, &hdr);
2252 if (quiet)
2253 strvec_push(&child.args, "-q");
2254 if (fsck_objects)
2255 strvec_pushf(&child.args, "--strict%s",
2256 fsck_msg_types.buf);
2257 if (max_input_size)
2258 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2259 (uintmax_t)max_input_size);
2260 child.no_stdout = 1;
2261 child.err = err_fd;
2262 child.git_cmd = 1;
2263 status = run_command(&child);
2264 if (status)
2265 return "unpack-objects abnormal exit";
2266 } else {
2267 char hostname[HOST_NAME_MAX + 1];
2268 char *lockfile;
2269
2270 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2271 push_header_arg(&child.args, &hdr);
2272
2273 if (xgethostname(hostname, sizeof(hostname)))
2274 xsnprintf(hostname, sizeof(hostname), "localhost");
2275 strvec_pushf(&child.args,
2276 "--keep=receive-pack %"PRIuMAX" on %s",
2277 (uintmax_t)getpid(),
2278 hostname);
2279
2280 if (!quiet && err_fd)
2281 strvec_push(&child.args, "--show-resolving-progress");
2282 if (use_sideband)
2283 strvec_push(&child.args, "--report-end-of-input");
2284 if (fsck_objects)
2285 strvec_pushf(&child.args, "--strict%s",
2286 fsck_msg_types.buf);
2287 if (!reject_thin)
2288 strvec_push(&child.args, "--fix-thin");
2289 if (max_input_size)
2290 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2291 (uintmax_t)max_input_size);
2292 child.out = -1;
2293 child.err = err_fd;
2294 child.git_cmd = 1;
2295 status = start_command(&child);
2296 if (status)
2297 return "index-pack fork failed";
2298
2299 lockfile = index_pack_lockfile(child.out, NULL);
2300 if (lockfile) {
2301 pack_lockfile = register_tempfile(lockfile);
2302 free(lockfile);
2303 }
2304 close(child.out);
2305
2306 status = finish_command(&child);
2307 if (status)
2308 return "index-pack abnormal exit";
2309 reprepare_packed_git(the_repository);
2310 }
2311 return NULL;
2312 }
2313
2314 static const char *unpack_with_sideband(struct shallow_info *si)
2315 {
2316 struct async muxer;
2317 const char *ret;
2318
2319 if (!use_sideband)
2320 return unpack(0, si);
2321
2322 use_keepalive = KEEPALIVE_AFTER_NUL;
2323 memset(&muxer, 0, sizeof(muxer));
2324 muxer.proc = copy_to_sideband;
2325 muxer.in = -1;
2326 if (start_async(&muxer))
2327 return NULL;
2328
2329 ret = unpack(muxer.in, si);
2330
2331 finish_async(&muxer);
2332 return ret;
2333 }
2334
2335 static void prepare_shallow_update(struct shallow_info *si)
2336 {
2337 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2338
2339 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2340 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2341
2342 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2343 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2344 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2345
2346 for (i = 0; i < si->nr_ours; i++)
2347 si->need_reachability_test[si->ours[i]] = 1;
2348
2349 for (i = 0; i < si->shallow->nr; i++) {
2350 if (!si->used_shallow[i])
2351 continue;
2352 for (j = 0; j < bitmap_size; j++) {
2353 if (!si->used_shallow[i][j])
2354 continue;
2355 si->need_reachability_test[i]++;
2356 for (k = 0; k < 32; k++)
2357 if (si->used_shallow[i][j] & (1U << k))
2358 si->shallow_ref[j * 32 + k]++;
2359 }
2360
2361 /*
2362 * true for those associated with some refs and belong
2363 * in "ours" list aka "step 7 not done yet"
2364 */
2365 si->need_reachability_test[i] =
2366 si->need_reachability_test[i] > 1;
2367 }
2368
2369 /*
2370 * keep hooks happy by forcing a temporary shallow file via
2371 * env variable because we can't add --shallow-file to every
2372 * command. check_connected() will be done with
2373 * true .git/shallow though.
2374 */
2375 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2376 }
2377
2378 static void update_shallow_info(struct command *commands,
2379 struct shallow_info *si,
2380 struct oid_array *ref)
2381 {
2382 struct command *cmd;
2383 int *ref_status;
2384 remove_nonexistent_theirs_shallow(si);
2385 if (!si->nr_ours && !si->nr_theirs) {
2386 shallow_update = 0;
2387 return;
2388 }
2389
2390 for (cmd = commands; cmd; cmd = cmd->next) {
2391 if (is_null_oid(&cmd->new_oid))
2392 continue;
2393 oid_array_append(ref, &cmd->new_oid);
2394 cmd->index = ref->nr - 1;
2395 }
2396 si->ref = ref;
2397
2398 if (shallow_update) {
2399 prepare_shallow_update(si);
2400 return;
2401 }
2402
2403 ALLOC_ARRAY(ref_status, ref->nr);
2404 assign_shallow_commits_to_refs(si, NULL, ref_status);
2405 for (cmd = commands; cmd; cmd = cmd->next) {
2406 if (is_null_oid(&cmd->new_oid))
2407 continue;
2408 if (ref_status[cmd->index]) {
2409 cmd->error_string = "shallow update not allowed";
2410 cmd->skip_update = 1;
2411 }
2412 }
2413 free(ref_status);
2414 }
2415
2416 static void report(struct command *commands, const char *unpack_status)
2417 {
2418 struct command *cmd;
2419 struct strbuf buf = STRBUF_INIT;
2420
2421 packet_buf_write(&buf, "unpack %s\n",
2422 unpack_status ? unpack_status : "ok");
2423 for (cmd = commands; cmd; cmd = cmd->next) {
2424 if (!cmd->error_string)
2425 packet_buf_write(&buf, "ok %s\n",
2426 cmd->ref_name);
2427 else
2428 packet_buf_write(&buf, "ng %s %s\n",
2429 cmd->ref_name, cmd->error_string);
2430 }
2431 packet_buf_flush(&buf);
2432
2433 if (use_sideband)
2434 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2435 else
2436 write_or_die(1, buf.buf, buf.len);
2437 strbuf_release(&buf);
2438 }
2439
2440 static void report_v2(struct command *commands, const char *unpack_status)
2441 {
2442 struct command *cmd;
2443 struct strbuf buf = STRBUF_INIT;
2444 struct ref_push_report *report;
2445
2446 packet_buf_write(&buf, "unpack %s\n",
2447 unpack_status ? unpack_status : "ok");
2448 for (cmd = commands; cmd; cmd = cmd->next) {
2449 int count = 0;
2450
2451 if (cmd->error_string) {
2452 packet_buf_write(&buf, "ng %s %s\n",
2453 cmd->ref_name,
2454 cmd->error_string);
2455 continue;
2456 }
2457 packet_buf_write(&buf, "ok %s\n",
2458 cmd->ref_name);
2459 for (report = cmd->report; report; report = report->next) {
2460 if (count++ > 0)
2461 packet_buf_write(&buf, "ok %s\n",
2462 cmd->ref_name);
2463 if (report->ref_name)
2464 packet_buf_write(&buf, "option refname %s\n",
2465 report->ref_name);
2466 if (report->old_oid)
2467 packet_buf_write(&buf, "option old-oid %s\n",
2468 oid_to_hex(report->old_oid));
2469 if (report->new_oid)
2470 packet_buf_write(&buf, "option new-oid %s\n",
2471 oid_to_hex(report->new_oid));
2472 if (report->forced_update)
2473 packet_buf_write(&buf, "option forced-update\n");
2474 }
2475 }
2476 packet_buf_flush(&buf);
2477
2478 if (use_sideband)
2479 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2480 else
2481 write_or_die(1, buf.buf, buf.len);
2482 strbuf_release(&buf);
2483 }
2484
2485 static int delete_only(struct command *commands)
2486 {
2487 struct command *cmd;
2488 for (cmd = commands; cmd; cmd = cmd->next) {
2489 if (!is_null_oid(&cmd->new_oid))
2490 return 0;
2491 }
2492 return 1;
2493 }
2494
2495 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2496 {
2497 int advertise_refs = 0;
2498 struct command *commands;
2499 struct oid_array shallow = OID_ARRAY_INIT;
2500 struct oid_array ref = OID_ARRAY_INIT;
2501 struct shallow_info si;
2502 struct packet_reader reader;
2503
2504 struct option options[] = {
2505 OPT__QUIET(&quiet, N_("quiet")),
2506 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2507 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2508 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2509 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2510 OPT_END()
2511 };
2512
2513 packet_trace_identity("receive-pack");
2514
2515 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2516
2517 if (argc > 1)
2518 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2519 if (argc == 0)
2520 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2521
2522 service_dir = argv[0];
2523
2524 setup_path();
2525
2526 if (!enter_repo(service_dir, 0))
2527 die("'%s' does not appear to be a git repository", service_dir);
2528
2529 git_config(receive_pack_config, NULL);
2530 if (cert_nonce_seed)
2531 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2532
2533 if (0 <= receive_unpack_limit)
2534 unpack_limit = receive_unpack_limit;
2535 else if (0 <= transfer_unpack_limit)
2536 unpack_limit = transfer_unpack_limit;
2537
2538 switch (determine_protocol_version_server()) {
2539 case protocol_v2:
2540 /*
2541 * push support for protocol v2 has not been implemented yet,
2542 * so ignore the request to use v2 and fallback to using v0.
2543 */
2544 break;
2545 case protocol_v1:
2546 /*
2547 * v1 is just the original protocol with a version string,
2548 * so just fall through after writing the version string.
2549 */
2550 if (advertise_refs || !stateless_rpc)
2551 packet_write_fmt(1, "version 1\n");
2552
2553 /* fallthrough */
2554 case protocol_v0:
2555 break;
2556 case protocol_unknown_version:
2557 BUG("unknown protocol version");
2558 }
2559
2560 if (advertise_refs || !stateless_rpc) {
2561 write_head_info();
2562 }
2563 if (advertise_refs)
2564 return 0;
2565
2566 packet_reader_init(&reader, 0, NULL, 0,
2567 PACKET_READ_CHOMP_NEWLINE |
2568 PACKET_READ_DIE_ON_ERR_PACKET);
2569
2570 if ((commands = read_head_info(&reader, &shallow))) {
2571 const char *unpack_status = NULL;
2572 struct string_list push_options = STRING_LIST_INIT_DUP;
2573
2574 if (use_push_options)
2575 read_push_options(&reader, &push_options);
2576 if (!check_cert_push_options(&push_options)) {
2577 struct command *cmd;
2578 for (cmd = commands; cmd; cmd = cmd->next)
2579 cmd->error_string = "inconsistent push options";
2580 }
2581
2582 prepare_shallow_info(&si, &shallow);
2583 if (!si.nr_ours && !si.nr_theirs)
2584 shallow_update = 0;
2585 if (!delete_only(commands)) {
2586 unpack_status = unpack_with_sideband(&si);
2587 update_shallow_info(commands, &si, &ref);
2588 }
2589 use_keepalive = KEEPALIVE_ALWAYS;
2590 execute_commands(commands, unpack_status, &si,
2591 &push_options);
2592 delete_tempfile(&pack_lockfile);
2593 sigchain_push(SIGPIPE, SIG_IGN);
2594 if (report_status_v2)
2595 report_v2(commands, unpack_status);
2596 else if (report_status)
2597 report(commands, unpack_status);
2598 sigchain_pop(SIGPIPE);
2599 run_receive_hook(commands, "post-receive", 1,
2600 &push_options);
2601 run_update_post_hook(commands);
2602 free_commands(commands);
2603 string_list_clear(&push_options, 0);
2604 if (auto_gc) {
2605 struct child_process proc = CHILD_PROCESS_INIT;
2606
2607 proc.no_stdin = 1;
2608 proc.stdout_to_stderr = 1;
2609 proc.err = use_sideband ? -1 : 0;
2610 proc.git_cmd = proc.close_object_store = 1;
2611 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2612 NULL);
2613
2614 if (!start_command(&proc)) {
2615 if (use_sideband)
2616 copy_to_sideband(proc.err, -1, NULL);
2617 finish_command(&proc);
2618 }
2619 }
2620 if (auto_update_server_info)
2621 update_server_info(0);
2622 clear_shallow_info(&si);
2623 }
2624 if (use_sideband)
2625 packet_flush(1);
2626 oid_array_clear(&shallow);
2627 oid_array_clear(&ref);
2628 strvec_clear(&hidden_refs);
2629 free((void *)push_cert_nonce);
2630 return 0;
2631 }
Unnamed repository; edit this file 'description' to name the repository.