]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'jt/commit-graph-plug-memleak'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "oid-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31
32 static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35 };
36
37 enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43 };
44
45 static int deny_deletes;
46 static int deny_non_fast_forwards;
47 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49 static int receive_fsck_objects = -1;
50 static int transfer_fsck_objects = -1;
51 static struct strbuf fsck_msg_types = STRBUF_INIT;
52 static int receive_unpack_limit = -1;
53 static int transfer_unpack_limit = -1;
54 static int advertise_atomic_push = 1;
55 static int advertise_push_options;
56 static int unpack_limit = 100;
57 static off_t max_input_size;
58 static int report_status;
59 static int use_sideband;
60 static int use_atomic;
61 static int use_push_options;
62 static int quiet;
63 static int prefer_ofs_delta = 1;
64 static int auto_update_server_info;
65 static int auto_gc = 1;
66 static int reject_thin;
67 static int stateless_rpc;
68 static const char *service_dir;
69 static const char *head_name;
70 static void *head_name_to_free;
71 static int sent_capabilities;
72 static int shallow_update;
73 static const char *alt_shallow_file;
74 static struct strbuf push_cert = STRBUF_INIT;
75 static struct object_id push_cert_oid;
76 static struct signature_check sigcheck;
77 static const char *push_cert_nonce;
78 static const char *cert_nonce_seed;
79
80 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81 static const char *NONCE_BAD = "BAD";
82 static const char *NONCE_MISSING = "MISSING";
83 static const char *NONCE_OK = "OK";
84 static const char *NONCE_SLOP = "SLOP";
85 static const char *nonce_status;
86 static long nonce_stamp_slop;
87 static timestamp_t nonce_stamp_slop_limit;
88 static struct ref_transaction *transaction;
89
90 static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94 } use_keepalive;
95 static int keepalive_in_sec = 5;
96
97 static struct tmp_objdir *tmp_objdir;
98
99 static enum deny_action parse_deny_action(const char *var, const char *value)
100 {
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114 }
115
116 static int receive_pack_config(const char *var, const char *value, void *cb)
117 {
118 int status = parse_hide_refs_config(var, value, "receive");
119
120 if (status)
121 return status;
122
123 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145
146 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153
154 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205
206 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225
226 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230
231 return git_default_config(var, value, cb);
232 }
233
234 static void show_ref(const char *path, const struct object_id *oid)
235 {
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240
241 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257 }
258
259 static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261 {
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264
265 if (ref_is_hidden(path, path_full))
266 return 0;
267
268 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282 }
283
284 static void show_one_alternate_ref(const struct object_id *oid,
285 void *data)
286 {
287 struct oidset *seen = data;
288
289 if (oidset_insert(seen, oid))
290 return;
291
292 show_ref(".have", oid);
293 }
294
295 static void write_head_info(void)
296 {
297 static struct oidset seen = OIDSET_INIT;
298
299 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304
305 advertise_shallow_grafts(1);
306
307 /* EOF */
308 packet_flush(1);
309 }
310
311 struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320 };
321
322 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324
325 static void report_message(const char *prefix, const char *err, va_list params)
326 {
327 int sz;
328 char msg[4096];
329
330 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335
336 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340 }
341
342 static void rp_warning(const char *err, ...)
343 {
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348 }
349
350 static void rp_error(const char *err, ...)
351 {
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356 }
357
358 static int copy_to_sideband(int in, int out, void *arg)
359 {
360 char data[128];
361 int keepalive_active = 0;
362
363 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367
368 while (1) {
369 ssize_t sz;
370
371 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374
375 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378
379 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391
392 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395
396 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410
411 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419 }
420
421 static void hmac(unsigned char *out,
422 const char *key_in, size_t key_len,
423 const char *text, size_t text_len)
424 {
425 unsigned char key[GIT_MAX_BLKSZ];
426 unsigned char k_ipad[GIT_MAX_BLKSZ];
427 unsigned char k_opad[GIT_MAX_BLKSZ];
428 int i;
429 git_hash_ctx ctx;
430
431 /* RFC 2104 2. (1) */
432 memset(key, '\0', GIT_MAX_BLKSZ);
433 if (the_hash_algo->blksz < key_len) {
434 the_hash_algo->init_fn(&ctx);
435 the_hash_algo->update_fn(&ctx, key_in, key_len);
436 the_hash_algo->final_fn(key, &ctx);
437 } else {
438 memcpy(key, key_in, key_len);
439 }
440
441 /* RFC 2104 2. (2) & (5) */
442 for (i = 0; i < sizeof(key); i++) {
443 k_ipad[i] = key[i] ^ 0x36;
444 k_opad[i] = key[i] ^ 0x5c;
445 }
446
447 /* RFC 2104 2. (3) & (4) */
448 the_hash_algo->init_fn(&ctx);
449 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
450 the_hash_algo->update_fn(&ctx, text, text_len);
451 the_hash_algo->final_fn(out, &ctx);
452
453 /* RFC 2104 2. (6) & (7) */
454 the_hash_algo->init_fn(&ctx);
455 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
456 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
457 the_hash_algo->final_fn(out, &ctx);
458 }
459
460 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
461 {
462 struct strbuf buf = STRBUF_INIT;
463 unsigned char hash[GIT_MAX_RAWSZ];
464
465 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
466 hmac(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
467 strbuf_release(&buf);
468
469 /* RFC 2104 5. HMAC-SHA1-80 */
470 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
471 return strbuf_detach(&buf, NULL);
472 }
473
474 /*
475 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
476 * after dropping "_commit" from its name and possibly moving it out
477 * of commit.c
478 */
479 static char *find_header(const char *msg, size_t len, const char *key,
480 const char **next_line)
481 {
482 int key_len = strlen(key);
483 const char *line = msg;
484
485 while (line && line < msg + len) {
486 const char *eol = strchrnul(line, '\n');
487
488 if ((msg + len <= eol) || line == eol)
489 return NULL;
490 if (line + key_len < eol &&
491 !memcmp(line, key, key_len) && line[key_len] == ' ') {
492 int offset = key_len + 1;
493 if (next_line)
494 *next_line = *eol ? eol + 1 : eol;
495 return xmemdupz(line + offset, (eol - line) - offset);
496 }
497 line = *eol ? eol + 1 : NULL;
498 }
499 return NULL;
500 }
501
502 /*
503 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
504 * This operation is guaranteed to run in constant time to avoid leaking data.
505 */
506 static int constant_memequal(const char *a, const char *b, size_t n)
507 {
508 int res = 0;
509 size_t i;
510
511 for (i = 0; i < n; i++)
512 res |= a[i] ^ b[i];
513 return res;
514 }
515
516 static const char *check_nonce(const char *buf, size_t len)
517 {
518 char *nonce = find_header(buf, len, "nonce", NULL);
519 timestamp_t stamp, ostamp;
520 char *bohmac, *expect = NULL;
521 const char *retval = NONCE_BAD;
522 size_t noncelen;
523
524 if (!nonce) {
525 retval = NONCE_MISSING;
526 goto leave;
527 } else if (!push_cert_nonce) {
528 retval = NONCE_UNSOLICITED;
529 goto leave;
530 } else if (!strcmp(push_cert_nonce, nonce)) {
531 retval = NONCE_OK;
532 goto leave;
533 }
534
535 if (!stateless_rpc) {
536 /* returned nonce MUST match what we gave out earlier */
537 retval = NONCE_BAD;
538 goto leave;
539 }
540
541 /*
542 * In stateless mode, we may be receiving a nonce issued by
543 * another instance of the server that serving the same
544 * repository, and the timestamps may not match, but the
545 * nonce-seed and dir should match, so we can recompute and
546 * report the time slop.
547 *
548 * In addition, when a nonce issued by another instance has
549 * timestamp within receive.certnonceslop seconds, we pretend
550 * as if we issued that nonce when reporting to the hook.
551 */
552
553 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
554 if (*nonce <= '0' || '9' < *nonce) {
555 retval = NONCE_BAD;
556 goto leave;
557 }
558 stamp = parse_timestamp(nonce, &bohmac, 10);
559 if (bohmac == nonce || bohmac[0] != '-') {
560 retval = NONCE_BAD;
561 goto leave;
562 }
563
564 noncelen = strlen(nonce);
565 expect = prepare_push_cert_nonce(service_dir, stamp);
566 if (noncelen != strlen(expect)) {
567 /* This is not even the right size. */
568 retval = NONCE_BAD;
569 goto leave;
570 }
571 if (constant_memequal(expect, nonce, noncelen)) {
572 /* Not what we would have signed earlier */
573 retval = NONCE_BAD;
574 goto leave;
575 }
576
577 /*
578 * By how many seconds is this nonce stale? Negative value
579 * would mean it was issued by another server with its clock
580 * skewed in the future.
581 */
582 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
583 nonce_stamp_slop = (long)ostamp - (long)stamp;
584
585 if (nonce_stamp_slop_limit &&
586 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
587 /*
588 * Pretend as if the received nonce (which passes the
589 * HMAC check, so it is not a forged by third-party)
590 * is what we issued.
591 */
592 free((void *)push_cert_nonce);
593 push_cert_nonce = xstrdup(nonce);
594 retval = NONCE_OK;
595 } else {
596 retval = NONCE_SLOP;
597 }
598
599 leave:
600 free(nonce);
601 free(expect);
602 return retval;
603 }
604
605 /*
606 * Return 1 if there is no push_cert or if the push options in push_cert are
607 * the same as those in the argument; 0 otherwise.
608 */
609 static int check_cert_push_options(const struct string_list *push_options)
610 {
611 const char *buf = push_cert.buf;
612 int len = push_cert.len;
613
614 char *option;
615 const char *next_line;
616 int options_seen = 0;
617
618 int retval = 1;
619
620 if (!len)
621 return 1;
622
623 while ((option = find_header(buf, len, "push-option", &next_line))) {
624 len -= (next_line - buf);
625 buf = next_line;
626 options_seen++;
627 if (options_seen > push_options->nr
628 || strcmp(option,
629 push_options->items[options_seen - 1].string)) {
630 retval = 0;
631 goto leave;
632 }
633 free(option);
634 }
635
636 if (options_seen != push_options->nr)
637 retval = 0;
638
639 leave:
640 free(option);
641 return retval;
642 }
643
644 static void prepare_push_cert_sha1(struct child_process *proc)
645 {
646 static int already_done;
647
648 if (!push_cert.len)
649 return;
650
651 if (!already_done) {
652 int bogs /* beginning_of_gpg_sig */;
653
654 already_done = 1;
655 if (write_object_file(push_cert.buf, push_cert.len, "blob",
656 &push_cert_oid))
657 oidclr(&push_cert_oid);
658
659 memset(&sigcheck, '\0', sizeof(sigcheck));
660
661 bogs = parse_signature(push_cert.buf, push_cert.len);
662 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
663 push_cert.len - bogs, &sigcheck);
664
665 nonce_status = check_nonce(push_cert.buf, bogs);
666 }
667 if (!is_null_oid(&push_cert_oid)) {
668 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
669 oid_to_hex(&push_cert_oid));
670 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
671 sigcheck.signer ? sigcheck.signer : "");
672 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
673 sigcheck.key ? sigcheck.key : "");
674 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
675 sigcheck.result);
676 if (push_cert_nonce) {
677 argv_array_pushf(&proc->env_array,
678 "GIT_PUSH_CERT_NONCE=%s",
679 push_cert_nonce);
680 argv_array_pushf(&proc->env_array,
681 "GIT_PUSH_CERT_NONCE_STATUS=%s",
682 nonce_status);
683 if (nonce_status == NONCE_SLOP)
684 argv_array_pushf(&proc->env_array,
685 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
686 nonce_stamp_slop);
687 }
688 }
689 }
690
691 struct receive_hook_feed_state {
692 struct command *cmd;
693 int skip_broken;
694 struct strbuf buf;
695 const struct string_list *push_options;
696 };
697
698 typedef int (*feed_fn)(void *, const char **, size_t *);
699 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
700 struct receive_hook_feed_state *feed_state)
701 {
702 struct child_process proc = CHILD_PROCESS_INIT;
703 struct async muxer;
704 const char *argv[2];
705 int code;
706
707 argv[0] = find_hook(hook_name);
708 if (!argv[0])
709 return 0;
710
711 argv[1] = NULL;
712
713 proc.argv = argv;
714 proc.in = -1;
715 proc.stdout_to_stderr = 1;
716 proc.trace2_hook_name = hook_name;
717
718 if (feed_state->push_options) {
719 int i;
720 for (i = 0; i < feed_state->push_options->nr; i++)
721 argv_array_pushf(&proc.env_array,
722 "GIT_PUSH_OPTION_%d=%s", i,
723 feed_state->push_options->items[i].string);
724 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
725 feed_state->push_options->nr);
726 } else
727 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
728
729 if (tmp_objdir)
730 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
731
732 if (use_sideband) {
733 memset(&muxer, 0, sizeof(muxer));
734 muxer.proc = copy_to_sideband;
735 muxer.in = -1;
736 code = start_async(&muxer);
737 if (code)
738 return code;
739 proc.err = muxer.in;
740 }
741
742 prepare_push_cert_sha1(&proc);
743
744 code = start_command(&proc);
745 if (code) {
746 if (use_sideband)
747 finish_async(&muxer);
748 return code;
749 }
750
751 sigchain_push(SIGPIPE, SIG_IGN);
752
753 while (1) {
754 const char *buf;
755 size_t n;
756 if (feed(feed_state, &buf, &n))
757 break;
758 if (write_in_full(proc.in, buf, n) < 0)
759 break;
760 }
761 close(proc.in);
762 if (use_sideband)
763 finish_async(&muxer);
764
765 sigchain_pop(SIGPIPE);
766
767 return finish_command(&proc);
768 }
769
770 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
771 {
772 struct receive_hook_feed_state *state = state_;
773 struct command *cmd = state->cmd;
774
775 while (cmd &&
776 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
777 cmd = cmd->next;
778 if (!cmd)
779 return -1; /* EOF */
780 strbuf_reset(&state->buf);
781 strbuf_addf(&state->buf, "%s %s %s\n",
782 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
783 cmd->ref_name);
784 state->cmd = cmd->next;
785 if (bufp) {
786 *bufp = state->buf.buf;
787 *sizep = state->buf.len;
788 }
789 return 0;
790 }
791
792 static int run_receive_hook(struct command *commands,
793 const char *hook_name,
794 int skip_broken,
795 const struct string_list *push_options)
796 {
797 struct receive_hook_feed_state state;
798 int status;
799
800 strbuf_init(&state.buf, 0);
801 state.cmd = commands;
802 state.skip_broken = skip_broken;
803 if (feed_receive_hook(&state, NULL, NULL))
804 return 0;
805 state.cmd = commands;
806 state.push_options = push_options;
807 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
808 strbuf_release(&state.buf);
809 return status;
810 }
811
812 static int run_update_hook(struct command *cmd)
813 {
814 const char *argv[5];
815 struct child_process proc = CHILD_PROCESS_INIT;
816 int code;
817
818 argv[0] = find_hook("update");
819 if (!argv[0])
820 return 0;
821
822 argv[1] = cmd->ref_name;
823 argv[2] = oid_to_hex(&cmd->old_oid);
824 argv[3] = oid_to_hex(&cmd->new_oid);
825 argv[4] = NULL;
826
827 proc.no_stdin = 1;
828 proc.stdout_to_stderr = 1;
829 proc.err = use_sideband ? -1 : 0;
830 proc.argv = argv;
831 proc.trace2_hook_name = "update";
832
833 code = start_command(&proc);
834 if (code)
835 return code;
836 if (use_sideband)
837 copy_to_sideband(proc.err, -1, NULL);
838 return finish_command(&proc);
839 }
840
841 static char *refuse_unconfigured_deny_msg =
842 N_("By default, updating the current branch in a non-bare repository\n"
843 "is denied, because it will make the index and work tree inconsistent\n"
844 "with what you pushed, and will require 'git reset --hard' to match\n"
845 "the work tree to HEAD.\n"
846 "\n"
847 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
848 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
849 "its current branch; however, this is not recommended unless you\n"
850 "arranged to update its work tree to match what you pushed in some\n"
851 "other way.\n"
852 "\n"
853 "To squelch this message and still keep the default behaviour, set\n"
854 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
855
856 static void refuse_unconfigured_deny(void)
857 {
858 rp_error("%s", _(refuse_unconfigured_deny_msg));
859 }
860
861 static char *refuse_unconfigured_deny_delete_current_msg =
862 N_("By default, deleting the current branch is denied, because the next\n"
863 "'git clone' won't result in any file checked out, causing confusion.\n"
864 "\n"
865 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
866 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
867 "current branch, with or without a warning message.\n"
868 "\n"
869 "To squelch this message, you can set it to 'refuse'.");
870
871 static void refuse_unconfigured_deny_delete_current(void)
872 {
873 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
874 }
875
876 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
877 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
878 {
879 struct lock_file shallow_lock = LOCK_INIT;
880 struct oid_array extra = OID_ARRAY_INIT;
881 struct check_connected_options opt = CHECK_CONNECTED_INIT;
882 uint32_t mask = 1 << (cmd->index % 32);
883 int i;
884
885 trace_printf_key(&trace_shallow,
886 "shallow: update_shallow_ref %s\n", cmd->ref_name);
887 for (i = 0; i < si->shallow->nr; i++)
888 if (si->used_shallow[i] &&
889 (si->used_shallow[i][cmd->index / 32] & mask) &&
890 !delayed_reachability_test(si, i))
891 oid_array_append(&extra, &si->shallow->oid[i]);
892
893 opt.env = tmp_objdir_env(tmp_objdir);
894 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
895 if (check_connected(command_singleton_iterator, cmd, &opt)) {
896 rollback_shallow_file(the_repository, &shallow_lock);
897 oid_array_clear(&extra);
898 return -1;
899 }
900
901 commit_shallow_file(the_repository, &shallow_lock);
902
903 /*
904 * Make sure setup_alternate_shallow() for the next ref does
905 * not lose these new roots..
906 */
907 for (i = 0; i < extra.nr; i++)
908 register_shallow(the_repository, &extra.oid[i]);
909
910 si->shallow_ref[cmd->index] = 0;
911 oid_array_clear(&extra);
912 return 0;
913 }
914
915 /*
916 * NEEDSWORK: we should consolidate various implementions of "are we
917 * on an unborn branch?" test into one, and make the unified one more
918 * robust. !get_sha1() based check used here and elsewhere would not
919 * allow us to tell an unborn branch from corrupt ref, for example.
920 * For the purpose of fixing "deploy-to-update does not work when
921 * pushing into an empty repository" issue, this should suffice for
922 * now.
923 */
924 static int head_has_history(void)
925 {
926 struct object_id oid;
927
928 return !get_oid("HEAD", &oid);
929 }
930
931 static const char *push_to_deploy(unsigned char *sha1,
932 struct argv_array *env,
933 const char *work_tree)
934 {
935 const char *update_refresh[] = {
936 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
937 };
938 const char *diff_files[] = {
939 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
940 };
941 const char *diff_index[] = {
942 "diff-index", "--quiet", "--cached", "--ignore-submodules",
943 NULL, "--", NULL
944 };
945 const char *read_tree[] = {
946 "read-tree", "-u", "-m", NULL, NULL
947 };
948 struct child_process child = CHILD_PROCESS_INIT;
949
950 child.argv = update_refresh;
951 child.env = env->argv;
952 child.dir = work_tree;
953 child.no_stdin = 1;
954 child.stdout_to_stderr = 1;
955 child.git_cmd = 1;
956 if (run_command(&child))
957 return "Up-to-date check failed";
958
959 /* run_command() does not clean up completely; reinitialize */
960 child_process_init(&child);
961 child.argv = diff_files;
962 child.env = env->argv;
963 child.dir = work_tree;
964 child.no_stdin = 1;
965 child.stdout_to_stderr = 1;
966 child.git_cmd = 1;
967 if (run_command(&child))
968 return "Working directory has unstaged changes";
969
970 /* diff-index with either HEAD or an empty tree */
971 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
972
973 child_process_init(&child);
974 child.argv = diff_index;
975 child.env = env->argv;
976 child.no_stdin = 1;
977 child.no_stdout = 1;
978 child.stdout_to_stderr = 0;
979 child.git_cmd = 1;
980 if (run_command(&child))
981 return "Working directory has staged changes";
982
983 read_tree[3] = hash_to_hex(sha1);
984 child_process_init(&child);
985 child.argv = read_tree;
986 child.env = env->argv;
987 child.dir = work_tree;
988 child.no_stdin = 1;
989 child.no_stdout = 1;
990 child.stdout_to_stderr = 0;
991 child.git_cmd = 1;
992 if (run_command(&child))
993 return "Could not update working tree to new HEAD";
994
995 return NULL;
996 }
997
998 static const char *push_to_checkout_hook = "push-to-checkout";
999
1000 static const char *push_to_checkout(unsigned char *hash,
1001 struct argv_array *env,
1002 const char *work_tree)
1003 {
1004 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1005 if (run_hook_le(env->argv, push_to_checkout_hook,
1006 hash_to_hex(hash), NULL))
1007 return "push-to-checkout hook declined";
1008 else
1009 return NULL;
1010 }
1011
1012 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1013 {
1014 const char *retval, *work_tree, *git_dir = NULL;
1015 struct argv_array env = ARGV_ARRAY_INIT;
1016
1017 if (worktree && worktree->path)
1018 work_tree = worktree->path;
1019 else if (git_work_tree_cfg)
1020 work_tree = git_work_tree_cfg;
1021 else
1022 work_tree = "..";
1023
1024 if (is_bare_repository())
1025 return "denyCurrentBranch = updateInstead needs a worktree";
1026 if (worktree)
1027 git_dir = get_worktree_git_dir(worktree);
1028 if (!git_dir)
1029 git_dir = get_git_dir();
1030
1031 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1032
1033 if (!find_hook(push_to_checkout_hook))
1034 retval = push_to_deploy(sha1, &env, work_tree);
1035 else
1036 retval = push_to_checkout(sha1, &env, work_tree);
1037
1038 argv_array_clear(&env);
1039 return retval;
1040 }
1041
1042 static const char *update(struct command *cmd, struct shallow_info *si)
1043 {
1044 const char *name = cmd->ref_name;
1045 struct strbuf namespaced_name_buf = STRBUF_INIT;
1046 static char *namespaced_name;
1047 const char *ret;
1048 struct object_id *old_oid = &cmd->old_oid;
1049 struct object_id *new_oid = &cmd->new_oid;
1050 int do_update_worktree = 0;
1051 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1052
1053 /* only refs/... are allowed */
1054 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1055 rp_error("refusing to create funny ref '%s' remotely", name);
1056 return "funny refname";
1057 }
1058
1059 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1060 free(namespaced_name);
1061 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1062
1063 if (worktree) {
1064 switch (deny_current_branch) {
1065 case DENY_IGNORE:
1066 break;
1067 case DENY_WARN:
1068 rp_warning("updating the current branch");
1069 break;
1070 case DENY_REFUSE:
1071 case DENY_UNCONFIGURED:
1072 rp_error("refusing to update checked out branch: %s", name);
1073 if (deny_current_branch == DENY_UNCONFIGURED)
1074 refuse_unconfigured_deny();
1075 return "branch is currently checked out";
1076 case DENY_UPDATE_INSTEAD:
1077 /* pass -- let other checks intervene first */
1078 do_update_worktree = 1;
1079 break;
1080 }
1081 }
1082
1083 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1084 error("unpack should have generated %s, "
1085 "but I can't find it!", oid_to_hex(new_oid));
1086 return "bad pack";
1087 }
1088
1089 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1090 if (deny_deletes && starts_with(name, "refs/heads/")) {
1091 rp_error("denying ref deletion for %s", name);
1092 return "deletion prohibited";
1093 }
1094
1095 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1096 switch (deny_delete_current) {
1097 case DENY_IGNORE:
1098 break;
1099 case DENY_WARN:
1100 rp_warning("deleting the current branch");
1101 break;
1102 case DENY_REFUSE:
1103 case DENY_UNCONFIGURED:
1104 case DENY_UPDATE_INSTEAD:
1105 if (deny_delete_current == DENY_UNCONFIGURED)
1106 refuse_unconfigured_deny_delete_current();
1107 rp_error("refusing to delete the current branch: %s", name);
1108 return "deletion of the current branch prohibited";
1109 default:
1110 return "Invalid denyDeleteCurrent setting";
1111 }
1112 }
1113 }
1114
1115 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1116 !is_null_oid(old_oid) &&
1117 starts_with(name, "refs/heads/")) {
1118 struct object *old_object, *new_object;
1119 struct commit *old_commit, *new_commit;
1120
1121 old_object = parse_object(the_repository, old_oid);
1122 new_object = parse_object(the_repository, new_oid);
1123
1124 if (!old_object || !new_object ||
1125 old_object->type != OBJ_COMMIT ||
1126 new_object->type != OBJ_COMMIT) {
1127 error("bad sha1 objects for %s", name);
1128 return "bad ref";
1129 }
1130 old_commit = (struct commit *)old_object;
1131 new_commit = (struct commit *)new_object;
1132 if (!in_merge_bases(old_commit, new_commit)) {
1133 rp_error("denying non-fast-forward %s"
1134 " (you should pull first)", name);
1135 return "non-fast-forward";
1136 }
1137 }
1138 if (run_update_hook(cmd)) {
1139 rp_error("hook declined to update %s", name);
1140 return "hook declined";
1141 }
1142
1143 if (do_update_worktree) {
1144 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1145 if (ret)
1146 return ret;
1147 }
1148
1149 if (is_null_oid(new_oid)) {
1150 struct strbuf err = STRBUF_INIT;
1151 if (!parse_object(the_repository, old_oid)) {
1152 old_oid = NULL;
1153 if (ref_exists(name)) {
1154 rp_warning("Allowing deletion of corrupt ref.");
1155 } else {
1156 rp_warning("Deleting a non-existent ref.");
1157 cmd->did_not_exist = 1;
1158 }
1159 }
1160 if (ref_transaction_delete(transaction,
1161 namespaced_name,
1162 old_oid,
1163 0, "push", &err)) {
1164 rp_error("%s", err.buf);
1165 strbuf_release(&err);
1166 return "failed to delete";
1167 }
1168 strbuf_release(&err);
1169 return NULL; /* good */
1170 }
1171 else {
1172 struct strbuf err = STRBUF_INIT;
1173 if (shallow_update && si->shallow_ref[cmd->index] &&
1174 update_shallow_ref(cmd, si))
1175 return "shallow error";
1176
1177 if (ref_transaction_update(transaction,
1178 namespaced_name,
1179 new_oid, old_oid,
1180 0, "push",
1181 &err)) {
1182 rp_error("%s", err.buf);
1183 strbuf_release(&err);
1184
1185 return "failed to update ref";
1186 }
1187 strbuf_release(&err);
1188
1189 return NULL; /* good */
1190 }
1191 }
1192
1193 static void run_update_post_hook(struct command *commands)
1194 {
1195 struct command *cmd;
1196 struct child_process proc = CHILD_PROCESS_INIT;
1197 const char *hook;
1198
1199 hook = find_hook("post-update");
1200 if (!hook)
1201 return;
1202
1203 for (cmd = commands; cmd; cmd = cmd->next) {
1204 if (cmd->error_string || cmd->did_not_exist)
1205 continue;
1206 if (!proc.args.argc)
1207 argv_array_push(&proc.args, hook);
1208 argv_array_push(&proc.args, cmd->ref_name);
1209 }
1210 if (!proc.args.argc)
1211 return;
1212
1213 proc.no_stdin = 1;
1214 proc.stdout_to_stderr = 1;
1215 proc.err = use_sideband ? -1 : 0;
1216 proc.trace2_hook_name = "post-update";
1217
1218 if (!start_command(&proc)) {
1219 if (use_sideband)
1220 copy_to_sideband(proc.err, -1, NULL);
1221 finish_command(&proc);
1222 }
1223 }
1224
1225 static void check_aliased_update_internal(struct command *cmd,
1226 struct string_list *list,
1227 const char *dst_name, int flag)
1228 {
1229 struct string_list_item *item;
1230 struct command *dst_cmd;
1231
1232 if (!(flag & REF_ISSYMREF))
1233 return;
1234
1235 if (!dst_name) {
1236 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1237 cmd->skip_update = 1;
1238 cmd->error_string = "broken symref";
1239 return;
1240 }
1241 dst_name = strip_namespace(dst_name);
1242
1243 if ((item = string_list_lookup(list, dst_name)) == NULL)
1244 return;
1245
1246 cmd->skip_update = 1;
1247
1248 dst_cmd = (struct command *) item->util;
1249
1250 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1251 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1252 return;
1253
1254 dst_cmd->skip_update = 1;
1255
1256 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1257 " its target '%s' (%s..%s)",
1258 cmd->ref_name,
1259 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1260 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1261 dst_cmd->ref_name,
1262 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1263 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1264
1265 cmd->error_string = dst_cmd->error_string =
1266 "inconsistent aliased update";
1267 }
1268
1269 static void check_aliased_update(struct command *cmd, struct string_list *list)
1270 {
1271 struct strbuf buf = STRBUF_INIT;
1272 const char *dst_name;
1273 int flag;
1274
1275 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1276 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1277 check_aliased_update_internal(cmd, list, dst_name, flag);
1278 strbuf_release(&buf);
1279 }
1280
1281 static void check_aliased_updates(struct command *commands)
1282 {
1283 struct command *cmd;
1284 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1285
1286 for (cmd = commands; cmd; cmd = cmd->next) {
1287 struct string_list_item *item =
1288 string_list_append(&ref_list, cmd->ref_name);
1289 item->util = (void *)cmd;
1290 }
1291 string_list_sort(&ref_list);
1292
1293 for (cmd = commands; cmd; cmd = cmd->next) {
1294 if (!cmd->error_string)
1295 check_aliased_update(cmd, &ref_list);
1296 }
1297
1298 string_list_clear(&ref_list, 0);
1299 }
1300
1301 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1302 {
1303 struct command **cmd_list = cb_data;
1304 struct command *cmd = *cmd_list;
1305
1306 if (!cmd || is_null_oid(&cmd->new_oid))
1307 return -1; /* end of list */
1308 *cmd_list = NULL; /* this returns only one */
1309 oidcpy(oid, &cmd->new_oid);
1310 return 0;
1311 }
1312
1313 static void set_connectivity_errors(struct command *commands,
1314 struct shallow_info *si)
1315 {
1316 struct command *cmd;
1317
1318 for (cmd = commands; cmd; cmd = cmd->next) {
1319 struct command *singleton = cmd;
1320 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1321
1322 if (shallow_update && si->shallow_ref[cmd->index])
1323 /* to be checked in update_shallow_ref() */
1324 continue;
1325
1326 opt.env = tmp_objdir_env(tmp_objdir);
1327 if (!check_connected(command_singleton_iterator, &singleton,
1328 &opt))
1329 continue;
1330
1331 cmd->error_string = "missing necessary objects";
1332 }
1333 }
1334
1335 struct iterate_data {
1336 struct command *cmds;
1337 struct shallow_info *si;
1338 };
1339
1340 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1341 {
1342 struct iterate_data *data = cb_data;
1343 struct command **cmd_list = &data->cmds;
1344 struct command *cmd = *cmd_list;
1345
1346 for (; cmd; cmd = cmd->next) {
1347 if (shallow_update && data->si->shallow_ref[cmd->index])
1348 /* to be checked in update_shallow_ref() */
1349 continue;
1350 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1351 oidcpy(oid, &cmd->new_oid);
1352 *cmd_list = cmd->next;
1353 return 0;
1354 }
1355 }
1356 *cmd_list = NULL;
1357 return -1; /* end of list */
1358 }
1359
1360 static void reject_updates_to_hidden(struct command *commands)
1361 {
1362 struct strbuf refname_full = STRBUF_INIT;
1363 size_t prefix_len;
1364 struct command *cmd;
1365
1366 strbuf_addstr(&refname_full, get_git_namespace());
1367 prefix_len = refname_full.len;
1368
1369 for (cmd = commands; cmd; cmd = cmd->next) {
1370 if (cmd->error_string)
1371 continue;
1372
1373 strbuf_setlen(&refname_full, prefix_len);
1374 strbuf_addstr(&refname_full, cmd->ref_name);
1375
1376 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1377 continue;
1378 if (is_null_oid(&cmd->new_oid))
1379 cmd->error_string = "deny deleting a hidden ref";
1380 else
1381 cmd->error_string = "deny updating a hidden ref";
1382 }
1383
1384 strbuf_release(&refname_full);
1385 }
1386
1387 static int should_process_cmd(struct command *cmd)
1388 {
1389 return !cmd->error_string && !cmd->skip_update;
1390 }
1391
1392 static void warn_if_skipped_connectivity_check(struct command *commands,
1393 struct shallow_info *si)
1394 {
1395 struct command *cmd;
1396 int checked_connectivity = 1;
1397
1398 for (cmd = commands; cmd; cmd = cmd->next) {
1399 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1400 error("BUG: connectivity check has not been run on ref %s",
1401 cmd->ref_name);
1402 checked_connectivity = 0;
1403 }
1404 }
1405 if (!checked_connectivity)
1406 BUG("connectivity check skipped???");
1407 }
1408
1409 static void execute_commands_non_atomic(struct command *commands,
1410 struct shallow_info *si)
1411 {
1412 struct command *cmd;
1413 struct strbuf err = STRBUF_INIT;
1414
1415 for (cmd = commands; cmd; cmd = cmd->next) {
1416 if (!should_process_cmd(cmd))
1417 continue;
1418
1419 transaction = ref_transaction_begin(&err);
1420 if (!transaction) {
1421 rp_error("%s", err.buf);
1422 strbuf_reset(&err);
1423 cmd->error_string = "transaction failed to start";
1424 continue;
1425 }
1426
1427 cmd->error_string = update(cmd, si);
1428
1429 if (!cmd->error_string
1430 && ref_transaction_commit(transaction, &err)) {
1431 rp_error("%s", err.buf);
1432 strbuf_reset(&err);
1433 cmd->error_string = "failed to update ref";
1434 }
1435 ref_transaction_free(transaction);
1436 }
1437 strbuf_release(&err);
1438 }
1439
1440 static void execute_commands_atomic(struct command *commands,
1441 struct shallow_info *si)
1442 {
1443 struct command *cmd;
1444 struct strbuf err = STRBUF_INIT;
1445 const char *reported_error = "atomic push failure";
1446
1447 transaction = ref_transaction_begin(&err);
1448 if (!transaction) {
1449 rp_error("%s", err.buf);
1450 strbuf_reset(&err);
1451 reported_error = "transaction failed to start";
1452 goto failure;
1453 }
1454
1455 for (cmd = commands; cmd; cmd = cmd->next) {
1456 if (!should_process_cmd(cmd))
1457 continue;
1458
1459 cmd->error_string = update(cmd, si);
1460
1461 if (cmd->error_string)
1462 goto failure;
1463 }
1464
1465 if (ref_transaction_commit(transaction, &err)) {
1466 rp_error("%s", err.buf);
1467 reported_error = "atomic transaction failed";
1468 goto failure;
1469 }
1470 goto cleanup;
1471
1472 failure:
1473 for (cmd = commands; cmd; cmd = cmd->next)
1474 if (!cmd->error_string)
1475 cmd->error_string = reported_error;
1476
1477 cleanup:
1478 ref_transaction_free(transaction);
1479 strbuf_release(&err);
1480 }
1481
1482 static void execute_commands(struct command *commands,
1483 const char *unpacker_error,
1484 struct shallow_info *si,
1485 const struct string_list *push_options)
1486 {
1487 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1488 struct command *cmd;
1489 struct iterate_data data;
1490 struct async muxer;
1491 int err_fd = 0;
1492
1493 if (unpacker_error) {
1494 for (cmd = commands; cmd; cmd = cmd->next)
1495 cmd->error_string = "unpacker error";
1496 return;
1497 }
1498
1499 if (use_sideband) {
1500 memset(&muxer, 0, sizeof(muxer));
1501 muxer.proc = copy_to_sideband;
1502 muxer.in = -1;
1503 if (!start_async(&muxer))
1504 err_fd = muxer.in;
1505 /* ...else, continue without relaying sideband */
1506 }
1507
1508 data.cmds = commands;
1509 data.si = si;
1510 opt.err_fd = err_fd;
1511 opt.progress = err_fd && !quiet;
1512 opt.env = tmp_objdir_env(tmp_objdir);
1513 if (check_connected(iterate_receive_command_list, &data, &opt))
1514 set_connectivity_errors(commands, si);
1515
1516 if (use_sideband)
1517 finish_async(&muxer);
1518
1519 reject_updates_to_hidden(commands);
1520
1521 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1522 for (cmd = commands; cmd; cmd = cmd->next) {
1523 if (!cmd->error_string)
1524 cmd->error_string = "pre-receive hook declined";
1525 }
1526 return;
1527 }
1528
1529 /*
1530 * Now we'll start writing out refs, which means the objects need
1531 * to be in their final positions so that other processes can see them.
1532 */
1533 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1534 for (cmd = commands; cmd; cmd = cmd->next) {
1535 if (!cmd->error_string)
1536 cmd->error_string = "unable to migrate objects to permanent storage";
1537 }
1538 return;
1539 }
1540 tmp_objdir = NULL;
1541
1542 check_aliased_updates(commands);
1543
1544 free(head_name_to_free);
1545 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1546
1547 if (use_atomic)
1548 execute_commands_atomic(commands, si);
1549 else
1550 execute_commands_non_atomic(commands, si);
1551
1552 if (shallow_update)
1553 warn_if_skipped_connectivity_check(commands, si);
1554 }
1555
1556 static struct command **queue_command(struct command **tail,
1557 const char *line,
1558 int linelen)
1559 {
1560 struct object_id old_oid, new_oid;
1561 struct command *cmd;
1562 const char *refname;
1563 int reflen;
1564 const char *p;
1565
1566 if (parse_oid_hex(line, &old_oid, &p) ||
1567 *p++ != ' ' ||
1568 parse_oid_hex(p, &new_oid, &p) ||
1569 *p++ != ' ')
1570 die("protocol error: expected old/new/ref, got '%s'", line);
1571
1572 refname = p;
1573 reflen = linelen - (p - line);
1574 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1575 oidcpy(&cmd->old_oid, &old_oid);
1576 oidcpy(&cmd->new_oid, &new_oid);
1577 *tail = cmd;
1578 return &cmd->next;
1579 }
1580
1581 static void queue_commands_from_cert(struct command **tail,
1582 struct strbuf *push_cert)
1583 {
1584 const char *boc, *eoc;
1585
1586 if (*tail)
1587 die("protocol error: got both push certificate and unsigned commands");
1588
1589 boc = strstr(push_cert->buf, "\n\n");
1590 if (!boc)
1591 die("malformed push certificate %.*s", 100, push_cert->buf);
1592 else
1593 boc += 2;
1594 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1595
1596 while (boc < eoc) {
1597 const char *eol = memchr(boc, '\n', eoc - boc);
1598 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1599 boc = eol ? eol + 1 : eoc;
1600 }
1601 }
1602
1603 static struct command *read_head_info(struct packet_reader *reader,
1604 struct oid_array *shallow)
1605 {
1606 struct command *commands = NULL;
1607 struct command **p = &commands;
1608 for (;;) {
1609 int linelen;
1610
1611 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1612 break;
1613
1614 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1615 struct object_id oid;
1616 if (get_oid_hex(reader->line + 8, &oid))
1617 die("protocol error: expected shallow sha, got '%s'",
1618 reader->line + 8);
1619 oid_array_append(shallow, &oid);
1620 continue;
1621 }
1622
1623 linelen = strlen(reader->line);
1624 if (linelen < reader->pktlen) {
1625 const char *feature_list = reader->line + linelen + 1;
1626 if (parse_feature_request(feature_list, "report-status"))
1627 report_status = 1;
1628 if (parse_feature_request(feature_list, "side-band-64k"))
1629 use_sideband = LARGE_PACKET_MAX;
1630 if (parse_feature_request(feature_list, "quiet"))
1631 quiet = 1;
1632 if (advertise_atomic_push
1633 && parse_feature_request(feature_list, "atomic"))
1634 use_atomic = 1;
1635 if (advertise_push_options
1636 && parse_feature_request(feature_list, "push-options"))
1637 use_push_options = 1;
1638 }
1639
1640 if (!strcmp(reader->line, "push-cert")) {
1641 int true_flush = 0;
1642 int saved_options = reader->options;
1643 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1644
1645 for (;;) {
1646 packet_reader_read(reader);
1647 if (reader->status == PACKET_READ_FLUSH) {
1648 true_flush = 1;
1649 break;
1650 }
1651 if (reader->status != PACKET_READ_NORMAL) {
1652 die("protocol error: got an unexpected packet");
1653 }
1654 if (!strcmp(reader->line, "push-cert-end\n"))
1655 break; /* end of cert */
1656 strbuf_addstr(&push_cert, reader->line);
1657 }
1658 reader->options = saved_options;
1659
1660 if (true_flush)
1661 break;
1662 continue;
1663 }
1664
1665 p = queue_command(p, reader->line, linelen);
1666 }
1667
1668 if (push_cert.len)
1669 queue_commands_from_cert(p, &push_cert);
1670
1671 return commands;
1672 }
1673
1674 static void read_push_options(struct packet_reader *reader,
1675 struct string_list *options)
1676 {
1677 while (1) {
1678 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1679 break;
1680
1681 string_list_append(options, reader->line);
1682 }
1683 }
1684
1685 static const char *parse_pack_header(struct pack_header *hdr)
1686 {
1687 switch (read_pack_header(0, hdr)) {
1688 case PH_ERROR_EOF:
1689 return "eof before pack header was fully read";
1690
1691 case PH_ERROR_PACK_SIGNATURE:
1692 return "protocol error (pack signature mismatch detected)";
1693
1694 case PH_ERROR_PROTOCOL:
1695 return "protocol error (pack version unsupported)";
1696
1697 default:
1698 return "unknown error in parse_pack_header";
1699
1700 case 0:
1701 return NULL;
1702 }
1703 }
1704
1705 static const char *pack_lockfile;
1706
1707 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1708 {
1709 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1710 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1711 }
1712
1713 static const char *unpack(int err_fd, struct shallow_info *si)
1714 {
1715 struct pack_header hdr;
1716 const char *hdr_err;
1717 int status;
1718 struct child_process child = CHILD_PROCESS_INIT;
1719 int fsck_objects = (receive_fsck_objects >= 0
1720 ? receive_fsck_objects
1721 : transfer_fsck_objects >= 0
1722 ? transfer_fsck_objects
1723 : 0);
1724
1725 hdr_err = parse_pack_header(&hdr);
1726 if (hdr_err) {
1727 if (err_fd > 0)
1728 close(err_fd);
1729 return hdr_err;
1730 }
1731
1732 if (si->nr_ours || si->nr_theirs) {
1733 alt_shallow_file = setup_temporary_shallow(si->shallow);
1734 argv_array_push(&child.args, "--shallow-file");
1735 argv_array_push(&child.args, alt_shallow_file);
1736 }
1737
1738 tmp_objdir = tmp_objdir_create();
1739 if (!tmp_objdir) {
1740 if (err_fd > 0)
1741 close(err_fd);
1742 return "unable to create temporary object directory";
1743 }
1744 child.env = tmp_objdir_env(tmp_objdir);
1745
1746 /*
1747 * Normally we just pass the tmp_objdir environment to the child
1748 * processes that do the heavy lifting, but we may need to see these
1749 * objects ourselves to set up shallow information.
1750 */
1751 tmp_objdir_add_as_alternate(tmp_objdir);
1752
1753 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1754 argv_array_push(&child.args, "unpack-objects");
1755 push_header_arg(&child.args, &hdr);
1756 if (quiet)
1757 argv_array_push(&child.args, "-q");
1758 if (fsck_objects)
1759 argv_array_pushf(&child.args, "--strict%s",
1760 fsck_msg_types.buf);
1761 if (max_input_size)
1762 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1763 (uintmax_t)max_input_size);
1764 child.no_stdout = 1;
1765 child.err = err_fd;
1766 child.git_cmd = 1;
1767 status = run_command(&child);
1768 if (status)
1769 return "unpack-objects abnormal exit";
1770 } else {
1771 char hostname[HOST_NAME_MAX + 1];
1772
1773 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1774 push_header_arg(&child.args, &hdr);
1775
1776 if (xgethostname(hostname, sizeof(hostname)))
1777 xsnprintf(hostname, sizeof(hostname), "localhost");
1778 argv_array_pushf(&child.args,
1779 "--keep=receive-pack %"PRIuMAX" on %s",
1780 (uintmax_t)getpid(),
1781 hostname);
1782
1783 if (!quiet && err_fd)
1784 argv_array_push(&child.args, "--show-resolving-progress");
1785 if (use_sideband)
1786 argv_array_push(&child.args, "--report-end-of-input");
1787 if (fsck_objects)
1788 argv_array_pushf(&child.args, "--strict%s",
1789 fsck_msg_types.buf);
1790 if (!reject_thin)
1791 argv_array_push(&child.args, "--fix-thin");
1792 if (max_input_size)
1793 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1794 (uintmax_t)max_input_size);
1795 child.out = -1;
1796 child.err = err_fd;
1797 child.git_cmd = 1;
1798 status = start_command(&child);
1799 if (status)
1800 return "index-pack fork failed";
1801 pack_lockfile = index_pack_lockfile(child.out);
1802 close(child.out);
1803 status = finish_command(&child);
1804 if (status)
1805 return "index-pack abnormal exit";
1806 reprepare_packed_git(the_repository);
1807 }
1808 return NULL;
1809 }
1810
1811 static const char *unpack_with_sideband(struct shallow_info *si)
1812 {
1813 struct async muxer;
1814 const char *ret;
1815
1816 if (!use_sideband)
1817 return unpack(0, si);
1818
1819 use_keepalive = KEEPALIVE_AFTER_NUL;
1820 memset(&muxer, 0, sizeof(muxer));
1821 muxer.proc = copy_to_sideband;
1822 muxer.in = -1;
1823 if (start_async(&muxer))
1824 return NULL;
1825
1826 ret = unpack(muxer.in, si);
1827
1828 finish_async(&muxer);
1829 return ret;
1830 }
1831
1832 static void prepare_shallow_update(struct shallow_info *si)
1833 {
1834 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1835
1836 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1837 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1838
1839 si->need_reachability_test =
1840 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1841 si->reachable =
1842 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1843 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1844
1845 for (i = 0; i < si->nr_ours; i++)
1846 si->need_reachability_test[si->ours[i]] = 1;
1847
1848 for (i = 0; i < si->shallow->nr; i++) {
1849 if (!si->used_shallow[i])
1850 continue;
1851 for (j = 0; j < bitmap_size; j++) {
1852 if (!si->used_shallow[i][j])
1853 continue;
1854 si->need_reachability_test[i]++;
1855 for (k = 0; k < 32; k++)
1856 if (si->used_shallow[i][j] & (1U << k))
1857 si->shallow_ref[j * 32 + k]++;
1858 }
1859
1860 /*
1861 * true for those associated with some refs and belong
1862 * in "ours" list aka "step 7 not done yet"
1863 */
1864 si->need_reachability_test[i] =
1865 si->need_reachability_test[i] > 1;
1866 }
1867
1868 /*
1869 * keep hooks happy by forcing a temporary shallow file via
1870 * env variable because we can't add --shallow-file to every
1871 * command. check_connected() will be done with
1872 * true .git/shallow though.
1873 */
1874 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1875 }
1876
1877 static void update_shallow_info(struct command *commands,
1878 struct shallow_info *si,
1879 struct oid_array *ref)
1880 {
1881 struct command *cmd;
1882 int *ref_status;
1883 remove_nonexistent_theirs_shallow(si);
1884 if (!si->nr_ours && !si->nr_theirs) {
1885 shallow_update = 0;
1886 return;
1887 }
1888
1889 for (cmd = commands; cmd; cmd = cmd->next) {
1890 if (is_null_oid(&cmd->new_oid))
1891 continue;
1892 oid_array_append(ref, &cmd->new_oid);
1893 cmd->index = ref->nr - 1;
1894 }
1895 si->ref = ref;
1896
1897 if (shallow_update) {
1898 prepare_shallow_update(si);
1899 return;
1900 }
1901
1902 ALLOC_ARRAY(ref_status, ref->nr);
1903 assign_shallow_commits_to_refs(si, NULL, ref_status);
1904 for (cmd = commands; cmd; cmd = cmd->next) {
1905 if (is_null_oid(&cmd->new_oid))
1906 continue;
1907 if (ref_status[cmd->index]) {
1908 cmd->error_string = "shallow update not allowed";
1909 cmd->skip_update = 1;
1910 }
1911 }
1912 free(ref_status);
1913 }
1914
1915 static void report(struct command *commands, const char *unpack_status)
1916 {
1917 struct command *cmd;
1918 struct strbuf buf = STRBUF_INIT;
1919
1920 packet_buf_write(&buf, "unpack %s\n",
1921 unpack_status ? unpack_status : "ok");
1922 for (cmd = commands; cmd; cmd = cmd->next) {
1923 if (!cmd->error_string)
1924 packet_buf_write(&buf, "ok %s\n",
1925 cmd->ref_name);
1926 else
1927 packet_buf_write(&buf, "ng %s %s\n",
1928 cmd->ref_name, cmd->error_string);
1929 }
1930 packet_buf_flush(&buf);
1931
1932 if (use_sideband)
1933 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1934 else
1935 write_or_die(1, buf.buf, buf.len);
1936 strbuf_release(&buf);
1937 }
1938
1939 static int delete_only(struct command *commands)
1940 {
1941 struct command *cmd;
1942 for (cmd = commands; cmd; cmd = cmd->next) {
1943 if (!is_null_oid(&cmd->new_oid))
1944 return 0;
1945 }
1946 return 1;
1947 }
1948
1949 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1950 {
1951 int advertise_refs = 0;
1952 struct command *commands;
1953 struct oid_array shallow = OID_ARRAY_INIT;
1954 struct oid_array ref = OID_ARRAY_INIT;
1955 struct shallow_info si;
1956 struct packet_reader reader;
1957
1958 struct option options[] = {
1959 OPT__QUIET(&quiet, N_("quiet")),
1960 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1961 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1962 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1963 OPT_END()
1964 };
1965
1966 packet_trace_identity("receive-pack");
1967
1968 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1969
1970 if (argc > 1)
1971 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1972 if (argc == 0)
1973 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1974
1975 service_dir = argv[0];
1976
1977 setup_path();
1978
1979 if (!enter_repo(service_dir, 0))
1980 die("'%s' does not appear to be a git repository", service_dir);
1981
1982 git_config(receive_pack_config, NULL);
1983 if (cert_nonce_seed)
1984 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1985
1986 if (0 <= transfer_unpack_limit)
1987 unpack_limit = transfer_unpack_limit;
1988 else if (0 <= receive_unpack_limit)
1989 unpack_limit = receive_unpack_limit;
1990
1991 switch (determine_protocol_version_server()) {
1992 case protocol_v2:
1993 /*
1994 * push support for protocol v2 has not been implemented yet,
1995 * so ignore the request to use v2 and fallback to using v0.
1996 */
1997 break;
1998 case protocol_v1:
1999 /*
2000 * v1 is just the original protocol with a version string,
2001 * so just fall through after writing the version string.
2002 */
2003 if (advertise_refs || !stateless_rpc)
2004 packet_write_fmt(1, "version 1\n");
2005
2006 /* fallthrough */
2007 case protocol_v0:
2008 break;
2009 case protocol_unknown_version:
2010 BUG("unknown protocol version");
2011 }
2012
2013 if (advertise_refs || !stateless_rpc) {
2014 write_head_info();
2015 }
2016 if (advertise_refs)
2017 return 0;
2018
2019 packet_reader_init(&reader, 0, NULL, 0,
2020 PACKET_READ_CHOMP_NEWLINE |
2021 PACKET_READ_DIE_ON_ERR_PACKET);
2022
2023 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2024 const char *unpack_status = NULL;
2025 struct string_list push_options = STRING_LIST_INIT_DUP;
2026
2027 if (use_push_options)
2028 read_push_options(&reader, &push_options);
2029 if (!check_cert_push_options(&push_options)) {
2030 struct command *cmd;
2031 for (cmd = commands; cmd; cmd = cmd->next)
2032 cmd->error_string = "inconsistent push options";
2033 }
2034
2035 prepare_shallow_info(&si, &shallow);
2036 if (!si.nr_ours && !si.nr_theirs)
2037 shallow_update = 0;
2038 if (!delete_only(commands)) {
2039 unpack_status = unpack_with_sideband(&si);
2040 update_shallow_info(commands, &si, &ref);
2041 }
2042 use_keepalive = KEEPALIVE_ALWAYS;
2043 execute_commands(commands, unpack_status, &si,
2044 &push_options);
2045 if (pack_lockfile)
2046 unlink_or_warn(pack_lockfile);
2047 if (report_status)
2048 report(commands, unpack_status);
2049 run_receive_hook(commands, "post-receive", 1,
2050 &push_options);
2051 run_update_post_hook(commands);
2052 string_list_clear(&push_options, 0);
2053 if (auto_gc) {
2054 const char *argv_gc_auto[] = {
2055 "gc", "--auto", "--quiet", NULL,
2056 };
2057 struct child_process proc = CHILD_PROCESS_INIT;
2058
2059 proc.no_stdin = 1;
2060 proc.stdout_to_stderr = 1;
2061 proc.err = use_sideband ? -1 : 0;
2062 proc.git_cmd = 1;
2063 proc.argv = argv_gc_auto;
2064
2065 close_object_store(the_repository->objects);
2066 if (!start_command(&proc)) {
2067 if (use_sideband)
2068 copy_to_sideband(proc.err, -1, NULL);
2069 finish_command(&proc);
2070 }
2071 }
2072 if (auto_update_server_info)
2073 update_server_info(0);
2074 clear_shallow_info(&si);
2075 }
2076 if (use_sideband)
2077 packet_flush(1);
2078 oid_array_clear(&shallow);
2079 oid_array_clear(&ref);
2080 free((void *)push_cert_nonce);
2081 return 0;
2082 }
Unnamed repository; edit this file 'description' to name the repository.