]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'gs/commit-graph-path-filter'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "oid-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31 #include "shallow.h"
32
33 static const char * const receive_pack_usage[] = {
34 N_("git receive-pack <git-dir>"),
35 NULL
36 };
37
38 enum deny_action {
39 DENY_UNCONFIGURED,
40 DENY_IGNORE,
41 DENY_WARN,
42 DENY_REFUSE,
43 DENY_UPDATE_INSTEAD
44 };
45
46 static int deny_deletes;
47 static int deny_non_fast_forwards;
48 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
49 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
50 static int receive_fsck_objects = -1;
51 static int transfer_fsck_objects = -1;
52 static struct strbuf fsck_msg_types = STRBUF_INIT;
53 static int receive_unpack_limit = -1;
54 static int transfer_unpack_limit = -1;
55 static int advertise_atomic_push = 1;
56 static int advertise_push_options;
57 static int unpack_limit = 100;
58 static off_t max_input_size;
59 static int report_status;
60 static int use_sideband;
61 static int use_atomic;
62 static int use_push_options;
63 static int quiet;
64 static int prefer_ofs_delta = 1;
65 static int auto_update_server_info;
66 static int auto_gc = 1;
67 static int reject_thin;
68 static int stateless_rpc;
69 static const char *service_dir;
70 static const char *head_name;
71 static void *head_name_to_free;
72 static int sent_capabilities;
73 static int shallow_update;
74 static const char *alt_shallow_file;
75 static struct strbuf push_cert = STRBUF_INIT;
76 static struct object_id push_cert_oid;
77 static struct signature_check sigcheck;
78 static const char *push_cert_nonce;
79 static const char *cert_nonce_seed;
80
81 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
82 static const char *NONCE_BAD = "BAD";
83 static const char *NONCE_MISSING = "MISSING";
84 static const char *NONCE_OK = "OK";
85 static const char *NONCE_SLOP = "SLOP";
86 static const char *nonce_status;
87 static long nonce_stamp_slop;
88 static timestamp_t nonce_stamp_slop_limit;
89 static struct ref_transaction *transaction;
90
91 static enum {
92 KEEPALIVE_NEVER = 0,
93 KEEPALIVE_AFTER_NUL,
94 KEEPALIVE_ALWAYS
95 } use_keepalive;
96 static int keepalive_in_sec = 5;
97
98 static struct tmp_objdir *tmp_objdir;
99
100 static enum deny_action parse_deny_action(const char *var, const char *value)
101 {
102 if (value) {
103 if (!strcasecmp(value, "ignore"))
104 return DENY_IGNORE;
105 if (!strcasecmp(value, "warn"))
106 return DENY_WARN;
107 if (!strcasecmp(value, "refuse"))
108 return DENY_REFUSE;
109 if (!strcasecmp(value, "updateinstead"))
110 return DENY_UPDATE_INSTEAD;
111 }
112 if (git_config_bool(var, value))
113 return DENY_REFUSE;
114 return DENY_IGNORE;
115 }
116
117 static int receive_pack_config(const char *var, const char *value, void *cb)
118 {
119 int status = parse_hide_refs_config(var, value, "receive");
120
121 if (status)
122 return status;
123
124 if (strcmp(var, "receive.denydeletes") == 0) {
125 deny_deletes = git_config_bool(var, value);
126 return 0;
127 }
128
129 if (strcmp(var, "receive.denynonfastforwards") == 0) {
130 deny_non_fast_forwards = git_config_bool(var, value);
131 return 0;
132 }
133
134 if (strcmp(var, "receive.unpacklimit") == 0) {
135 receive_unpack_limit = git_config_int(var, value);
136 return 0;
137 }
138
139 if (strcmp(var, "transfer.unpacklimit") == 0) {
140 transfer_unpack_limit = git_config_int(var, value);
141 return 0;
142 }
143
144 if (strcmp(var, "receive.fsck.skiplist") == 0) {
145 const char *path;
146
147 if (git_config_pathname(&path, var, value))
148 return 1;
149 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
150 fsck_msg_types.len ? ',' : '=', path);
151 free((char *)path);
152 return 0;
153 }
154
155 if (skip_prefix(var, "receive.fsck.", &var)) {
156 if (is_valid_msg_type(var, value))
157 strbuf_addf(&fsck_msg_types, "%c%s=%s",
158 fsck_msg_types.len ? ',' : '=', var, value);
159 else
160 warning("Skipping unknown msg id '%s'", var);
161 return 0;
162 }
163
164 if (strcmp(var, "receive.fsckobjects") == 0) {
165 receive_fsck_objects = git_config_bool(var, value);
166 return 0;
167 }
168
169 if (strcmp(var, "transfer.fsckobjects") == 0) {
170 transfer_fsck_objects = git_config_bool(var, value);
171 return 0;
172 }
173
174 if (!strcmp(var, "receive.denycurrentbranch")) {
175 deny_current_branch = parse_deny_action(var, value);
176 return 0;
177 }
178
179 if (strcmp(var, "receive.denydeletecurrent") == 0) {
180 deny_delete_current = parse_deny_action(var, value);
181 return 0;
182 }
183
184 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
185 prefer_ofs_delta = git_config_bool(var, value);
186 return 0;
187 }
188
189 if (strcmp(var, "receive.updateserverinfo") == 0) {
190 auto_update_server_info = git_config_bool(var, value);
191 return 0;
192 }
193
194 if (strcmp(var, "receive.autogc") == 0) {
195 auto_gc = git_config_bool(var, value);
196 return 0;
197 }
198
199 if (strcmp(var, "receive.shallowupdate") == 0) {
200 shallow_update = git_config_bool(var, value);
201 return 0;
202 }
203
204 if (strcmp(var, "receive.certnonceseed") == 0)
205 return git_config_string(&cert_nonce_seed, var, value);
206
207 if (strcmp(var, "receive.certnonceslop") == 0) {
208 nonce_stamp_slop_limit = git_config_ulong(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.advertiseatomic") == 0) {
213 advertise_atomic_push = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.advertisepushoptions") == 0) {
218 advertise_push_options = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.keepalive") == 0) {
223 keepalive_in_sec = git_config_int(var, value);
224 return 0;
225 }
226
227 if (strcmp(var, "receive.maxinputsize") == 0) {
228 max_input_size = git_config_int64(var, value);
229 return 0;
230 }
231
232 return git_default_config(var, value, cb);
233 }
234
235 static void show_ref(const char *path, const struct object_id *oid)
236 {
237 if (sent_capabilities) {
238 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
239 } else {
240 struct strbuf cap = STRBUF_INIT;
241
242 strbuf_addstr(&cap,
243 "report-status delete-refs side-band-64k quiet");
244 if (advertise_atomic_push)
245 strbuf_addstr(&cap, " atomic");
246 if (prefer_ofs_delta)
247 strbuf_addstr(&cap, " ofs-delta");
248 if (push_cert_nonce)
249 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
250 if (advertise_push_options)
251 strbuf_addstr(&cap, " push-options");
252 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
253 packet_write_fmt(1, "%s %s%c%s\n",
254 oid_to_hex(oid), path, 0, cap.buf);
255 strbuf_release(&cap);
256 sent_capabilities = 1;
257 }
258 }
259
260 static int show_ref_cb(const char *path_full, const struct object_id *oid,
261 int flag, void *data)
262 {
263 struct oidset *seen = data;
264 const char *path = strip_namespace(path_full);
265
266 if (ref_is_hidden(path, path_full))
267 return 0;
268
269 /*
270 * Advertise refs outside our current namespace as ".have"
271 * refs, so that the client can use them to minimize data
272 * transfer but will otherwise ignore them.
273 */
274 if (!path) {
275 if (oidset_insert(seen, oid))
276 return 0;
277 path = ".have";
278 } else {
279 oidset_insert(seen, oid);
280 }
281 show_ref(path, oid);
282 return 0;
283 }
284
285 static void show_one_alternate_ref(const struct object_id *oid,
286 void *data)
287 {
288 struct oidset *seen = data;
289
290 if (oidset_insert(seen, oid))
291 return;
292
293 show_ref(".have", oid);
294 }
295
296 static void write_head_info(void)
297 {
298 static struct oidset seen = OIDSET_INIT;
299
300 for_each_ref(show_ref_cb, &seen);
301 for_each_alternate_ref(show_one_alternate_ref, &seen);
302 oidset_clear(&seen);
303 if (!sent_capabilities)
304 show_ref("capabilities^{}", &null_oid);
305
306 advertise_shallow_grafts(1);
307
308 /* EOF */
309 packet_flush(1);
310 }
311
312 struct command {
313 struct command *next;
314 const char *error_string;
315 unsigned int skip_update:1,
316 did_not_exist:1;
317 int index;
318 struct object_id old_oid;
319 struct object_id new_oid;
320 char ref_name[FLEX_ARRAY]; /* more */
321 };
322
323 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
324 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
325
326 static void report_message(const char *prefix, const char *err, va_list params)
327 {
328 int sz;
329 char msg[4096];
330
331 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
332 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
333 if (sz > (sizeof(msg) - 1))
334 sz = sizeof(msg) - 1;
335 msg[sz++] = '\n';
336
337 if (use_sideband)
338 send_sideband(1, 2, msg, sz, use_sideband);
339 else
340 xwrite(2, msg, sz);
341 }
342
343 static void rp_warning(const char *err, ...)
344 {
345 va_list params;
346 va_start(params, err);
347 report_message("warning: ", err, params);
348 va_end(params);
349 }
350
351 static void rp_error(const char *err, ...)
352 {
353 va_list params;
354 va_start(params, err);
355 report_message("error: ", err, params);
356 va_end(params);
357 }
358
359 static int copy_to_sideband(int in, int out, void *arg)
360 {
361 char data[128];
362 int keepalive_active = 0;
363
364 if (keepalive_in_sec <= 0)
365 use_keepalive = KEEPALIVE_NEVER;
366 if (use_keepalive == KEEPALIVE_ALWAYS)
367 keepalive_active = 1;
368
369 while (1) {
370 ssize_t sz;
371
372 if (keepalive_active) {
373 struct pollfd pfd;
374 int ret;
375
376 pfd.fd = in;
377 pfd.events = POLLIN;
378 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
379
380 if (ret < 0) {
381 if (errno == EINTR)
382 continue;
383 else
384 break;
385 } else if (ret == 0) {
386 /* no data; send a keepalive packet */
387 static const char buf[] = "0005\1";
388 write_or_die(1, buf, sizeof(buf) - 1);
389 continue;
390 } /* else there is actual data to read */
391 }
392
393 sz = xread(in, data, sizeof(data));
394 if (sz <= 0)
395 break;
396
397 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
398 const char *p = memchr(data, '\0', sz);
399 if (p) {
400 /*
401 * The NUL tells us to start sending keepalives. Make
402 * sure we send any other data we read along
403 * with it.
404 */
405 keepalive_active = 1;
406 send_sideband(1, 2, data, p - data, use_sideband);
407 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
408 continue;
409 }
410 }
411
412 /*
413 * Either we're not looking for a NUL signal, or we didn't see
414 * it yet; just pass along the data.
415 */
416 send_sideband(1, 2, data, sz, use_sideband);
417 }
418 close(in);
419 return 0;
420 }
421
422 static void hmac_hash(unsigned char *out,
423 const char *key_in, size_t key_len,
424 const char *text, size_t text_len)
425 {
426 unsigned char key[GIT_MAX_BLKSZ];
427 unsigned char k_ipad[GIT_MAX_BLKSZ];
428 unsigned char k_opad[GIT_MAX_BLKSZ];
429 int i;
430 git_hash_ctx ctx;
431
432 /* RFC 2104 2. (1) */
433 memset(key, '\0', GIT_MAX_BLKSZ);
434 if (the_hash_algo->blksz < key_len) {
435 the_hash_algo->init_fn(&ctx);
436 the_hash_algo->update_fn(&ctx, key_in, key_len);
437 the_hash_algo->final_fn(key, &ctx);
438 } else {
439 memcpy(key, key_in, key_len);
440 }
441
442 /* RFC 2104 2. (2) & (5) */
443 for (i = 0; i < sizeof(key); i++) {
444 k_ipad[i] = key[i] ^ 0x36;
445 k_opad[i] = key[i] ^ 0x5c;
446 }
447
448 /* RFC 2104 2. (3) & (4) */
449 the_hash_algo->init_fn(&ctx);
450 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
451 the_hash_algo->update_fn(&ctx, text, text_len);
452 the_hash_algo->final_fn(out, &ctx);
453
454 /* RFC 2104 2. (6) & (7) */
455 the_hash_algo->init_fn(&ctx);
456 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
457 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
458 the_hash_algo->final_fn(out, &ctx);
459 }
460
461 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462 {
463 struct strbuf buf = STRBUF_INIT;
464 unsigned char hash[GIT_MAX_RAWSZ];
465
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
468 strbuf_release(&buf);
469
470 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
471 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
472 return strbuf_detach(&buf, NULL);
473 }
474
475 /*
476 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
477 * after dropping "_commit" from its name and possibly moving it out
478 * of commit.c
479 */
480 static char *find_header(const char *msg, size_t len, const char *key,
481 const char **next_line)
482 {
483 int key_len = strlen(key);
484 const char *line = msg;
485
486 while (line && line < msg + len) {
487 const char *eol = strchrnul(line, '\n');
488
489 if ((msg + len <= eol) || line == eol)
490 return NULL;
491 if (line + key_len < eol &&
492 !memcmp(line, key, key_len) && line[key_len] == ' ') {
493 int offset = key_len + 1;
494 if (next_line)
495 *next_line = *eol ? eol + 1 : eol;
496 return xmemdupz(line + offset, (eol - line) - offset);
497 }
498 line = *eol ? eol + 1 : NULL;
499 }
500 return NULL;
501 }
502
503 /*
504 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
505 * This operation is guaranteed to run in constant time to avoid leaking data.
506 */
507 static int constant_memequal(const char *a, const char *b, size_t n)
508 {
509 int res = 0;
510 size_t i;
511
512 for (i = 0; i < n; i++)
513 res |= a[i] ^ b[i];
514 return res;
515 }
516
517 static const char *check_nonce(const char *buf, size_t len)
518 {
519 char *nonce = find_header(buf, len, "nonce", NULL);
520 timestamp_t stamp, ostamp;
521 char *bohmac, *expect = NULL;
522 const char *retval = NONCE_BAD;
523 size_t noncelen;
524
525 if (!nonce) {
526 retval = NONCE_MISSING;
527 goto leave;
528 } else if (!push_cert_nonce) {
529 retval = NONCE_UNSOLICITED;
530 goto leave;
531 } else if (!strcmp(push_cert_nonce, nonce)) {
532 retval = NONCE_OK;
533 goto leave;
534 }
535
536 if (!stateless_rpc) {
537 /* returned nonce MUST match what we gave out earlier */
538 retval = NONCE_BAD;
539 goto leave;
540 }
541
542 /*
543 * In stateless mode, we may be receiving a nonce issued by
544 * another instance of the server that serving the same
545 * repository, and the timestamps may not match, but the
546 * nonce-seed and dir should match, so we can recompute and
547 * report the time slop.
548 *
549 * In addition, when a nonce issued by another instance has
550 * timestamp within receive.certnonceslop seconds, we pretend
551 * as if we issued that nonce when reporting to the hook.
552 */
553
554 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
555 if (*nonce <= '0' || '9' < *nonce) {
556 retval = NONCE_BAD;
557 goto leave;
558 }
559 stamp = parse_timestamp(nonce, &bohmac, 10);
560 if (bohmac == nonce || bohmac[0] != '-') {
561 retval = NONCE_BAD;
562 goto leave;
563 }
564
565 noncelen = strlen(nonce);
566 expect = prepare_push_cert_nonce(service_dir, stamp);
567 if (noncelen != strlen(expect)) {
568 /* This is not even the right size. */
569 retval = NONCE_BAD;
570 goto leave;
571 }
572 if (constant_memequal(expect, nonce, noncelen)) {
573 /* Not what we would have signed earlier */
574 retval = NONCE_BAD;
575 goto leave;
576 }
577
578 /*
579 * By how many seconds is this nonce stale? Negative value
580 * would mean it was issued by another server with its clock
581 * skewed in the future.
582 */
583 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
584 nonce_stamp_slop = (long)ostamp - (long)stamp;
585
586 if (nonce_stamp_slop_limit &&
587 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
588 /*
589 * Pretend as if the received nonce (which passes the
590 * HMAC check, so it is not a forged by third-party)
591 * is what we issued.
592 */
593 free((void *)push_cert_nonce);
594 push_cert_nonce = xstrdup(nonce);
595 retval = NONCE_OK;
596 } else {
597 retval = NONCE_SLOP;
598 }
599
600 leave:
601 free(nonce);
602 free(expect);
603 return retval;
604 }
605
606 /*
607 * Return 1 if there is no push_cert or if the push options in push_cert are
608 * the same as those in the argument; 0 otherwise.
609 */
610 static int check_cert_push_options(const struct string_list *push_options)
611 {
612 const char *buf = push_cert.buf;
613 int len = push_cert.len;
614
615 char *option;
616 const char *next_line;
617 int options_seen = 0;
618
619 int retval = 1;
620
621 if (!len)
622 return 1;
623
624 while ((option = find_header(buf, len, "push-option", &next_line))) {
625 len -= (next_line - buf);
626 buf = next_line;
627 options_seen++;
628 if (options_seen > push_options->nr
629 || strcmp(option,
630 push_options->items[options_seen - 1].string)) {
631 retval = 0;
632 goto leave;
633 }
634 free(option);
635 }
636
637 if (options_seen != push_options->nr)
638 retval = 0;
639
640 leave:
641 free(option);
642 return retval;
643 }
644
645 static void prepare_push_cert_sha1(struct child_process *proc)
646 {
647 static int already_done;
648
649 if (!push_cert.len)
650 return;
651
652 if (!already_done) {
653 int bogs /* beginning_of_gpg_sig */;
654
655 already_done = 1;
656 if (write_object_file(push_cert.buf, push_cert.len, "blob",
657 &push_cert_oid))
658 oidclr(&push_cert_oid);
659
660 memset(&sigcheck, '\0', sizeof(sigcheck));
661
662 bogs = parse_signature(push_cert.buf, push_cert.len);
663 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
664 push_cert.len - bogs, &sigcheck);
665
666 nonce_status = check_nonce(push_cert.buf, bogs);
667 }
668 if (!is_null_oid(&push_cert_oid)) {
669 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
670 oid_to_hex(&push_cert_oid));
671 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
672 sigcheck.signer ? sigcheck.signer : "");
673 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
674 sigcheck.key ? sigcheck.key : "");
675 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
676 sigcheck.result);
677 if (push_cert_nonce) {
678 argv_array_pushf(&proc->env_array,
679 "GIT_PUSH_CERT_NONCE=%s",
680 push_cert_nonce);
681 argv_array_pushf(&proc->env_array,
682 "GIT_PUSH_CERT_NONCE_STATUS=%s",
683 nonce_status);
684 if (nonce_status == NONCE_SLOP)
685 argv_array_pushf(&proc->env_array,
686 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
687 nonce_stamp_slop);
688 }
689 }
690 }
691
692 struct receive_hook_feed_state {
693 struct command *cmd;
694 int skip_broken;
695 struct strbuf buf;
696 const struct string_list *push_options;
697 };
698
699 typedef int (*feed_fn)(void *, const char **, size_t *);
700 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
701 struct receive_hook_feed_state *feed_state)
702 {
703 struct child_process proc = CHILD_PROCESS_INIT;
704 struct async muxer;
705 const char *argv[2];
706 int code;
707
708 argv[0] = find_hook(hook_name);
709 if (!argv[0])
710 return 0;
711
712 argv[1] = NULL;
713
714 proc.argv = argv;
715 proc.in = -1;
716 proc.stdout_to_stderr = 1;
717 proc.trace2_hook_name = hook_name;
718
719 if (feed_state->push_options) {
720 int i;
721 for (i = 0; i < feed_state->push_options->nr; i++)
722 argv_array_pushf(&proc.env_array,
723 "GIT_PUSH_OPTION_%d=%s", i,
724 feed_state->push_options->items[i].string);
725 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
726 feed_state->push_options->nr);
727 } else
728 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
729
730 if (tmp_objdir)
731 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
732
733 if (use_sideband) {
734 memset(&muxer, 0, sizeof(muxer));
735 muxer.proc = copy_to_sideband;
736 muxer.in = -1;
737 code = start_async(&muxer);
738 if (code)
739 return code;
740 proc.err = muxer.in;
741 }
742
743 prepare_push_cert_sha1(&proc);
744
745 code = start_command(&proc);
746 if (code) {
747 if (use_sideband)
748 finish_async(&muxer);
749 return code;
750 }
751
752 sigchain_push(SIGPIPE, SIG_IGN);
753
754 while (1) {
755 const char *buf;
756 size_t n;
757 if (feed(feed_state, &buf, &n))
758 break;
759 if (write_in_full(proc.in, buf, n) < 0)
760 break;
761 }
762 close(proc.in);
763 if (use_sideband)
764 finish_async(&muxer);
765
766 sigchain_pop(SIGPIPE);
767
768 return finish_command(&proc);
769 }
770
771 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
772 {
773 struct receive_hook_feed_state *state = state_;
774 struct command *cmd = state->cmd;
775
776 while (cmd &&
777 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
778 cmd = cmd->next;
779 if (!cmd)
780 return -1; /* EOF */
781 strbuf_reset(&state->buf);
782 strbuf_addf(&state->buf, "%s %s %s\n",
783 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
784 cmd->ref_name);
785 state->cmd = cmd->next;
786 if (bufp) {
787 *bufp = state->buf.buf;
788 *sizep = state->buf.len;
789 }
790 return 0;
791 }
792
793 static int run_receive_hook(struct command *commands,
794 const char *hook_name,
795 int skip_broken,
796 const struct string_list *push_options)
797 {
798 struct receive_hook_feed_state state;
799 int status;
800
801 strbuf_init(&state.buf, 0);
802 state.cmd = commands;
803 state.skip_broken = skip_broken;
804 if (feed_receive_hook(&state, NULL, NULL))
805 return 0;
806 state.cmd = commands;
807 state.push_options = push_options;
808 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
809 strbuf_release(&state.buf);
810 return status;
811 }
812
813 static int run_update_hook(struct command *cmd)
814 {
815 const char *argv[5];
816 struct child_process proc = CHILD_PROCESS_INIT;
817 int code;
818
819 argv[0] = find_hook("update");
820 if (!argv[0])
821 return 0;
822
823 argv[1] = cmd->ref_name;
824 argv[2] = oid_to_hex(&cmd->old_oid);
825 argv[3] = oid_to_hex(&cmd->new_oid);
826 argv[4] = NULL;
827
828 proc.no_stdin = 1;
829 proc.stdout_to_stderr = 1;
830 proc.err = use_sideband ? -1 : 0;
831 proc.argv = argv;
832 proc.trace2_hook_name = "update";
833
834 code = start_command(&proc);
835 if (code)
836 return code;
837 if (use_sideband)
838 copy_to_sideband(proc.err, -1, NULL);
839 return finish_command(&proc);
840 }
841
842 static char *refuse_unconfigured_deny_msg =
843 N_("By default, updating the current branch in a non-bare repository\n"
844 "is denied, because it will make the index and work tree inconsistent\n"
845 "with what you pushed, and will require 'git reset --hard' to match\n"
846 "the work tree to HEAD.\n"
847 "\n"
848 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
849 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
850 "its current branch; however, this is not recommended unless you\n"
851 "arranged to update its work tree to match what you pushed in some\n"
852 "other way.\n"
853 "\n"
854 "To squelch this message and still keep the default behaviour, set\n"
855 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
856
857 static void refuse_unconfigured_deny(void)
858 {
859 rp_error("%s", _(refuse_unconfigured_deny_msg));
860 }
861
862 static char *refuse_unconfigured_deny_delete_current_msg =
863 N_("By default, deleting the current branch is denied, because the next\n"
864 "'git clone' won't result in any file checked out, causing confusion.\n"
865 "\n"
866 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
867 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
868 "current branch, with or without a warning message.\n"
869 "\n"
870 "To squelch this message, you can set it to 'refuse'.");
871
872 static void refuse_unconfigured_deny_delete_current(void)
873 {
874 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
875 }
876
877 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
878 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
879 {
880 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
881 struct oid_array extra = OID_ARRAY_INIT;
882 struct check_connected_options opt = CHECK_CONNECTED_INIT;
883 uint32_t mask = 1 << (cmd->index % 32);
884 int i;
885
886 trace_printf_key(&trace_shallow,
887 "shallow: update_shallow_ref %s\n", cmd->ref_name);
888 for (i = 0; i < si->shallow->nr; i++)
889 if (si->used_shallow[i] &&
890 (si->used_shallow[i][cmd->index / 32] & mask) &&
891 !delayed_reachability_test(si, i))
892 oid_array_append(&extra, &si->shallow->oid[i]);
893
894 opt.env = tmp_objdir_env(tmp_objdir);
895 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
896 if (check_connected(command_singleton_iterator, cmd, &opt)) {
897 rollback_shallow_file(the_repository, &shallow_lock);
898 oid_array_clear(&extra);
899 return -1;
900 }
901
902 commit_shallow_file(the_repository, &shallow_lock);
903
904 /*
905 * Make sure setup_alternate_shallow() for the next ref does
906 * not lose these new roots..
907 */
908 for (i = 0; i < extra.nr; i++)
909 register_shallow(the_repository, &extra.oid[i]);
910
911 si->shallow_ref[cmd->index] = 0;
912 oid_array_clear(&extra);
913 return 0;
914 }
915
916 /*
917 * NEEDSWORK: we should consolidate various implementions of "are we
918 * on an unborn branch?" test into one, and make the unified one more
919 * robust. !get_sha1() based check used here and elsewhere would not
920 * allow us to tell an unborn branch from corrupt ref, for example.
921 * For the purpose of fixing "deploy-to-update does not work when
922 * pushing into an empty repository" issue, this should suffice for
923 * now.
924 */
925 static int head_has_history(void)
926 {
927 struct object_id oid;
928
929 return !get_oid("HEAD", &oid);
930 }
931
932 static const char *push_to_deploy(unsigned char *sha1,
933 struct argv_array *env,
934 const char *work_tree)
935 {
936 const char *update_refresh[] = {
937 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
938 };
939 const char *diff_files[] = {
940 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
941 };
942 const char *diff_index[] = {
943 "diff-index", "--quiet", "--cached", "--ignore-submodules",
944 NULL, "--", NULL
945 };
946 const char *read_tree[] = {
947 "read-tree", "-u", "-m", NULL, NULL
948 };
949 struct child_process child = CHILD_PROCESS_INIT;
950
951 child.argv = update_refresh;
952 child.env = env->argv;
953 child.dir = work_tree;
954 child.no_stdin = 1;
955 child.stdout_to_stderr = 1;
956 child.git_cmd = 1;
957 if (run_command(&child))
958 return "Up-to-date check failed";
959
960 /* run_command() does not clean up completely; reinitialize */
961 child_process_init(&child);
962 child.argv = diff_files;
963 child.env = env->argv;
964 child.dir = work_tree;
965 child.no_stdin = 1;
966 child.stdout_to_stderr = 1;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has unstaged changes";
970
971 /* diff-index with either HEAD or an empty tree */
972 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
973
974 child_process_init(&child);
975 child.argv = diff_index;
976 child.env = env->argv;
977 child.no_stdin = 1;
978 child.no_stdout = 1;
979 child.stdout_to_stderr = 0;
980 child.git_cmd = 1;
981 if (run_command(&child))
982 return "Working directory has staged changes";
983
984 read_tree[3] = hash_to_hex(sha1);
985 child_process_init(&child);
986 child.argv = read_tree;
987 child.env = env->argv;
988 child.dir = work_tree;
989 child.no_stdin = 1;
990 child.no_stdout = 1;
991 child.stdout_to_stderr = 0;
992 child.git_cmd = 1;
993 if (run_command(&child))
994 return "Could not update working tree to new HEAD";
995
996 return NULL;
997 }
998
999 static const char *push_to_checkout_hook = "push-to-checkout";
1000
1001 static const char *push_to_checkout(unsigned char *hash,
1002 struct argv_array *env,
1003 const char *work_tree)
1004 {
1005 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1006 if (run_hook_le(env->argv, push_to_checkout_hook,
1007 hash_to_hex(hash), NULL))
1008 return "push-to-checkout hook declined";
1009 else
1010 return NULL;
1011 }
1012
1013 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1014 {
1015 const char *retval, *work_tree, *git_dir = NULL;
1016 struct argv_array env = ARGV_ARRAY_INIT;
1017
1018 if (worktree && worktree->path)
1019 work_tree = worktree->path;
1020 else if (git_work_tree_cfg)
1021 work_tree = git_work_tree_cfg;
1022 else
1023 work_tree = "..";
1024
1025 if (is_bare_repository())
1026 return "denyCurrentBranch = updateInstead needs a worktree";
1027 if (worktree)
1028 git_dir = get_worktree_git_dir(worktree);
1029 if (!git_dir)
1030 git_dir = get_git_dir();
1031
1032 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1033
1034 if (!find_hook(push_to_checkout_hook))
1035 retval = push_to_deploy(sha1, &env, work_tree);
1036 else
1037 retval = push_to_checkout(sha1, &env, work_tree);
1038
1039 argv_array_clear(&env);
1040 return retval;
1041 }
1042
1043 static const char *update(struct command *cmd, struct shallow_info *si)
1044 {
1045 const char *name = cmd->ref_name;
1046 struct strbuf namespaced_name_buf = STRBUF_INIT;
1047 static char *namespaced_name;
1048 const char *ret;
1049 struct object_id *old_oid = &cmd->old_oid;
1050 struct object_id *new_oid = &cmd->new_oid;
1051 int do_update_worktree = 0;
1052 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1053
1054 /* only refs/... are allowed */
1055 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1056 rp_error("refusing to create funny ref '%s' remotely", name);
1057 return "funny refname";
1058 }
1059
1060 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1061 free(namespaced_name);
1062 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1063
1064 if (worktree) {
1065 switch (deny_current_branch) {
1066 case DENY_IGNORE:
1067 break;
1068 case DENY_WARN:
1069 rp_warning("updating the current branch");
1070 break;
1071 case DENY_REFUSE:
1072 case DENY_UNCONFIGURED:
1073 rp_error("refusing to update checked out branch: %s", name);
1074 if (deny_current_branch == DENY_UNCONFIGURED)
1075 refuse_unconfigured_deny();
1076 return "branch is currently checked out";
1077 case DENY_UPDATE_INSTEAD:
1078 /* pass -- let other checks intervene first */
1079 do_update_worktree = 1;
1080 break;
1081 }
1082 }
1083
1084 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1085 error("unpack should have generated %s, "
1086 "but I can't find it!", oid_to_hex(new_oid));
1087 return "bad pack";
1088 }
1089
1090 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1091 if (deny_deletes && starts_with(name, "refs/heads/")) {
1092 rp_error("denying ref deletion for %s", name);
1093 return "deletion prohibited";
1094 }
1095
1096 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1097 switch (deny_delete_current) {
1098 case DENY_IGNORE:
1099 break;
1100 case DENY_WARN:
1101 rp_warning("deleting the current branch");
1102 break;
1103 case DENY_REFUSE:
1104 case DENY_UNCONFIGURED:
1105 case DENY_UPDATE_INSTEAD:
1106 if (deny_delete_current == DENY_UNCONFIGURED)
1107 refuse_unconfigured_deny_delete_current();
1108 rp_error("refusing to delete the current branch: %s", name);
1109 return "deletion of the current branch prohibited";
1110 default:
1111 return "Invalid denyDeleteCurrent setting";
1112 }
1113 }
1114 }
1115
1116 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1117 !is_null_oid(old_oid) &&
1118 starts_with(name, "refs/heads/")) {
1119 struct object *old_object, *new_object;
1120 struct commit *old_commit, *new_commit;
1121
1122 old_object = parse_object(the_repository, old_oid);
1123 new_object = parse_object(the_repository, new_oid);
1124
1125 if (!old_object || !new_object ||
1126 old_object->type != OBJ_COMMIT ||
1127 new_object->type != OBJ_COMMIT) {
1128 error("bad sha1 objects for %s", name);
1129 return "bad ref";
1130 }
1131 old_commit = (struct commit *)old_object;
1132 new_commit = (struct commit *)new_object;
1133 if (!in_merge_bases(old_commit, new_commit)) {
1134 rp_error("denying non-fast-forward %s"
1135 " (you should pull first)", name);
1136 return "non-fast-forward";
1137 }
1138 }
1139 if (run_update_hook(cmd)) {
1140 rp_error("hook declined to update %s", name);
1141 return "hook declined";
1142 }
1143
1144 if (do_update_worktree) {
1145 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1146 if (ret)
1147 return ret;
1148 }
1149
1150 if (is_null_oid(new_oid)) {
1151 struct strbuf err = STRBUF_INIT;
1152 if (!parse_object(the_repository, old_oid)) {
1153 old_oid = NULL;
1154 if (ref_exists(name)) {
1155 rp_warning("Allowing deletion of corrupt ref.");
1156 } else {
1157 rp_warning("Deleting a non-existent ref.");
1158 cmd->did_not_exist = 1;
1159 }
1160 }
1161 if (ref_transaction_delete(transaction,
1162 namespaced_name,
1163 old_oid,
1164 0, "push", &err)) {
1165 rp_error("%s", err.buf);
1166 strbuf_release(&err);
1167 return "failed to delete";
1168 }
1169 strbuf_release(&err);
1170 return NULL; /* good */
1171 }
1172 else {
1173 struct strbuf err = STRBUF_INIT;
1174 if (shallow_update && si->shallow_ref[cmd->index] &&
1175 update_shallow_ref(cmd, si))
1176 return "shallow error";
1177
1178 if (ref_transaction_update(transaction,
1179 namespaced_name,
1180 new_oid, old_oid,
1181 0, "push",
1182 &err)) {
1183 rp_error("%s", err.buf);
1184 strbuf_release(&err);
1185
1186 return "failed to update ref";
1187 }
1188 strbuf_release(&err);
1189
1190 return NULL; /* good */
1191 }
1192 }
1193
1194 static void run_update_post_hook(struct command *commands)
1195 {
1196 struct command *cmd;
1197 struct child_process proc = CHILD_PROCESS_INIT;
1198 const char *hook;
1199
1200 hook = find_hook("post-update");
1201 if (!hook)
1202 return;
1203
1204 for (cmd = commands; cmd; cmd = cmd->next) {
1205 if (cmd->error_string || cmd->did_not_exist)
1206 continue;
1207 if (!proc.args.argc)
1208 argv_array_push(&proc.args, hook);
1209 argv_array_push(&proc.args, cmd->ref_name);
1210 }
1211 if (!proc.args.argc)
1212 return;
1213
1214 proc.no_stdin = 1;
1215 proc.stdout_to_stderr = 1;
1216 proc.err = use_sideband ? -1 : 0;
1217 proc.trace2_hook_name = "post-update";
1218
1219 if (!start_command(&proc)) {
1220 if (use_sideband)
1221 copy_to_sideband(proc.err, -1, NULL);
1222 finish_command(&proc);
1223 }
1224 }
1225
1226 static void check_aliased_update_internal(struct command *cmd,
1227 struct string_list *list,
1228 const char *dst_name, int flag)
1229 {
1230 struct string_list_item *item;
1231 struct command *dst_cmd;
1232
1233 if (!(flag & REF_ISSYMREF))
1234 return;
1235
1236 if (!dst_name) {
1237 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1238 cmd->skip_update = 1;
1239 cmd->error_string = "broken symref";
1240 return;
1241 }
1242 dst_name = strip_namespace(dst_name);
1243
1244 if ((item = string_list_lookup(list, dst_name)) == NULL)
1245 return;
1246
1247 cmd->skip_update = 1;
1248
1249 dst_cmd = (struct command *) item->util;
1250
1251 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1252 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1253 return;
1254
1255 dst_cmd->skip_update = 1;
1256
1257 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1258 " its target '%s' (%s..%s)",
1259 cmd->ref_name,
1260 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1261 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1262 dst_cmd->ref_name,
1263 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1264 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1265
1266 cmd->error_string = dst_cmd->error_string =
1267 "inconsistent aliased update";
1268 }
1269
1270 static void check_aliased_update(struct command *cmd, struct string_list *list)
1271 {
1272 struct strbuf buf = STRBUF_INIT;
1273 const char *dst_name;
1274 int flag;
1275
1276 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1277 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1278 check_aliased_update_internal(cmd, list, dst_name, flag);
1279 strbuf_release(&buf);
1280 }
1281
1282 static void check_aliased_updates(struct command *commands)
1283 {
1284 struct command *cmd;
1285 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1286
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1288 struct string_list_item *item =
1289 string_list_append(&ref_list, cmd->ref_name);
1290 item->util = (void *)cmd;
1291 }
1292 string_list_sort(&ref_list);
1293
1294 for (cmd = commands; cmd; cmd = cmd->next) {
1295 if (!cmd->error_string)
1296 check_aliased_update(cmd, &ref_list);
1297 }
1298
1299 string_list_clear(&ref_list, 0);
1300 }
1301
1302 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1303 {
1304 struct command **cmd_list = cb_data;
1305 struct command *cmd = *cmd_list;
1306
1307 if (!cmd || is_null_oid(&cmd->new_oid))
1308 return -1; /* end of list */
1309 *cmd_list = NULL; /* this returns only one */
1310 oidcpy(oid, &cmd->new_oid);
1311 return 0;
1312 }
1313
1314 static void set_connectivity_errors(struct command *commands,
1315 struct shallow_info *si)
1316 {
1317 struct command *cmd;
1318
1319 for (cmd = commands; cmd; cmd = cmd->next) {
1320 struct command *singleton = cmd;
1321 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1322
1323 if (shallow_update && si->shallow_ref[cmd->index])
1324 /* to be checked in update_shallow_ref() */
1325 continue;
1326
1327 opt.env = tmp_objdir_env(tmp_objdir);
1328 if (!check_connected(command_singleton_iterator, &singleton,
1329 &opt))
1330 continue;
1331
1332 cmd->error_string = "missing necessary objects";
1333 }
1334 }
1335
1336 struct iterate_data {
1337 struct command *cmds;
1338 struct shallow_info *si;
1339 };
1340
1341 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1342 {
1343 struct iterate_data *data = cb_data;
1344 struct command **cmd_list = &data->cmds;
1345 struct command *cmd = *cmd_list;
1346
1347 for (; cmd; cmd = cmd->next) {
1348 if (shallow_update && data->si->shallow_ref[cmd->index])
1349 /* to be checked in update_shallow_ref() */
1350 continue;
1351 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1352 oidcpy(oid, &cmd->new_oid);
1353 *cmd_list = cmd->next;
1354 return 0;
1355 }
1356 }
1357 *cmd_list = NULL;
1358 return -1; /* end of list */
1359 }
1360
1361 static void reject_updates_to_hidden(struct command *commands)
1362 {
1363 struct strbuf refname_full = STRBUF_INIT;
1364 size_t prefix_len;
1365 struct command *cmd;
1366
1367 strbuf_addstr(&refname_full, get_git_namespace());
1368 prefix_len = refname_full.len;
1369
1370 for (cmd = commands; cmd; cmd = cmd->next) {
1371 if (cmd->error_string)
1372 continue;
1373
1374 strbuf_setlen(&refname_full, prefix_len);
1375 strbuf_addstr(&refname_full, cmd->ref_name);
1376
1377 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1378 continue;
1379 if (is_null_oid(&cmd->new_oid))
1380 cmd->error_string = "deny deleting a hidden ref";
1381 else
1382 cmd->error_string = "deny updating a hidden ref";
1383 }
1384
1385 strbuf_release(&refname_full);
1386 }
1387
1388 static int should_process_cmd(struct command *cmd)
1389 {
1390 return !cmd->error_string && !cmd->skip_update;
1391 }
1392
1393 static void warn_if_skipped_connectivity_check(struct command *commands,
1394 struct shallow_info *si)
1395 {
1396 struct command *cmd;
1397 int checked_connectivity = 1;
1398
1399 for (cmd = commands; cmd; cmd = cmd->next) {
1400 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1401 error("BUG: connectivity check has not been run on ref %s",
1402 cmd->ref_name);
1403 checked_connectivity = 0;
1404 }
1405 }
1406 if (!checked_connectivity)
1407 BUG("connectivity check skipped???");
1408 }
1409
1410 static void execute_commands_non_atomic(struct command *commands,
1411 struct shallow_info *si)
1412 {
1413 struct command *cmd;
1414 struct strbuf err = STRBUF_INIT;
1415
1416 for (cmd = commands; cmd; cmd = cmd->next) {
1417 if (!should_process_cmd(cmd))
1418 continue;
1419
1420 transaction = ref_transaction_begin(&err);
1421 if (!transaction) {
1422 rp_error("%s", err.buf);
1423 strbuf_reset(&err);
1424 cmd->error_string = "transaction failed to start";
1425 continue;
1426 }
1427
1428 cmd->error_string = update(cmd, si);
1429
1430 if (!cmd->error_string
1431 && ref_transaction_commit(transaction, &err)) {
1432 rp_error("%s", err.buf);
1433 strbuf_reset(&err);
1434 cmd->error_string = "failed to update ref";
1435 }
1436 ref_transaction_free(transaction);
1437 }
1438 strbuf_release(&err);
1439 }
1440
1441 static void execute_commands_atomic(struct command *commands,
1442 struct shallow_info *si)
1443 {
1444 struct command *cmd;
1445 struct strbuf err = STRBUF_INIT;
1446 const char *reported_error = "atomic push failure";
1447
1448 transaction = ref_transaction_begin(&err);
1449 if (!transaction) {
1450 rp_error("%s", err.buf);
1451 strbuf_reset(&err);
1452 reported_error = "transaction failed to start";
1453 goto failure;
1454 }
1455
1456 for (cmd = commands; cmd; cmd = cmd->next) {
1457 if (!should_process_cmd(cmd))
1458 continue;
1459
1460 cmd->error_string = update(cmd, si);
1461
1462 if (cmd->error_string)
1463 goto failure;
1464 }
1465
1466 if (ref_transaction_commit(transaction, &err)) {
1467 rp_error("%s", err.buf);
1468 reported_error = "atomic transaction failed";
1469 goto failure;
1470 }
1471 goto cleanup;
1472
1473 failure:
1474 for (cmd = commands; cmd; cmd = cmd->next)
1475 if (!cmd->error_string)
1476 cmd->error_string = reported_error;
1477
1478 cleanup:
1479 ref_transaction_free(transaction);
1480 strbuf_release(&err);
1481 }
1482
1483 static void execute_commands(struct command *commands,
1484 const char *unpacker_error,
1485 struct shallow_info *si,
1486 const struct string_list *push_options)
1487 {
1488 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1489 struct command *cmd;
1490 struct iterate_data data;
1491 struct async muxer;
1492 int err_fd = 0;
1493
1494 if (unpacker_error) {
1495 for (cmd = commands; cmd; cmd = cmd->next)
1496 cmd->error_string = "unpacker error";
1497 return;
1498 }
1499
1500 if (use_sideband) {
1501 memset(&muxer, 0, sizeof(muxer));
1502 muxer.proc = copy_to_sideband;
1503 muxer.in = -1;
1504 if (!start_async(&muxer))
1505 err_fd = muxer.in;
1506 /* ...else, continue without relaying sideband */
1507 }
1508
1509 data.cmds = commands;
1510 data.si = si;
1511 opt.err_fd = err_fd;
1512 opt.progress = err_fd && !quiet;
1513 opt.env = tmp_objdir_env(tmp_objdir);
1514 if (check_connected(iterate_receive_command_list, &data, &opt))
1515 set_connectivity_errors(commands, si);
1516
1517 if (use_sideband)
1518 finish_async(&muxer);
1519
1520 reject_updates_to_hidden(commands);
1521
1522 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1523 for (cmd = commands; cmd; cmd = cmd->next) {
1524 if (!cmd->error_string)
1525 cmd->error_string = "pre-receive hook declined";
1526 }
1527 return;
1528 }
1529
1530 /*
1531 * Now we'll start writing out refs, which means the objects need
1532 * to be in their final positions so that other processes can see them.
1533 */
1534 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1535 for (cmd = commands; cmd; cmd = cmd->next) {
1536 if (!cmd->error_string)
1537 cmd->error_string = "unable to migrate objects to permanent storage";
1538 }
1539 return;
1540 }
1541 tmp_objdir = NULL;
1542
1543 check_aliased_updates(commands);
1544
1545 free(head_name_to_free);
1546 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1547
1548 if (use_atomic)
1549 execute_commands_atomic(commands, si);
1550 else
1551 execute_commands_non_atomic(commands, si);
1552
1553 if (shallow_update)
1554 warn_if_skipped_connectivity_check(commands, si);
1555 }
1556
1557 static struct command **queue_command(struct command **tail,
1558 const char *line,
1559 int linelen)
1560 {
1561 struct object_id old_oid, new_oid;
1562 struct command *cmd;
1563 const char *refname;
1564 int reflen;
1565 const char *p;
1566
1567 if (parse_oid_hex(line, &old_oid, &p) ||
1568 *p++ != ' ' ||
1569 parse_oid_hex(p, &new_oid, &p) ||
1570 *p++ != ' ')
1571 die("protocol error: expected old/new/ref, got '%s'", line);
1572
1573 refname = p;
1574 reflen = linelen - (p - line);
1575 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1576 oidcpy(&cmd->old_oid, &old_oid);
1577 oidcpy(&cmd->new_oid, &new_oid);
1578 *tail = cmd;
1579 return &cmd->next;
1580 }
1581
1582 static void queue_commands_from_cert(struct command **tail,
1583 struct strbuf *push_cert)
1584 {
1585 const char *boc, *eoc;
1586
1587 if (*tail)
1588 die("protocol error: got both push certificate and unsigned commands");
1589
1590 boc = strstr(push_cert->buf, "\n\n");
1591 if (!boc)
1592 die("malformed push certificate %.*s", 100, push_cert->buf);
1593 else
1594 boc += 2;
1595 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1596
1597 while (boc < eoc) {
1598 const char *eol = memchr(boc, '\n', eoc - boc);
1599 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1600 boc = eol ? eol + 1 : eoc;
1601 }
1602 }
1603
1604 static struct command *read_head_info(struct packet_reader *reader,
1605 struct oid_array *shallow)
1606 {
1607 struct command *commands = NULL;
1608 struct command **p = &commands;
1609 for (;;) {
1610 int linelen;
1611
1612 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1613 break;
1614
1615 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1616 struct object_id oid;
1617 if (get_oid_hex(reader->line + 8, &oid))
1618 die("protocol error: expected shallow sha, got '%s'",
1619 reader->line + 8);
1620 oid_array_append(shallow, &oid);
1621 continue;
1622 }
1623
1624 linelen = strlen(reader->line);
1625 if (linelen < reader->pktlen) {
1626 const char *feature_list = reader->line + linelen + 1;
1627 if (parse_feature_request(feature_list, "report-status"))
1628 report_status = 1;
1629 if (parse_feature_request(feature_list, "side-band-64k"))
1630 use_sideband = LARGE_PACKET_MAX;
1631 if (parse_feature_request(feature_list, "quiet"))
1632 quiet = 1;
1633 if (advertise_atomic_push
1634 && parse_feature_request(feature_list, "atomic"))
1635 use_atomic = 1;
1636 if (advertise_push_options
1637 && parse_feature_request(feature_list, "push-options"))
1638 use_push_options = 1;
1639 }
1640
1641 if (!strcmp(reader->line, "push-cert")) {
1642 int true_flush = 0;
1643 int saved_options = reader->options;
1644 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1645
1646 for (;;) {
1647 packet_reader_read(reader);
1648 if (reader->status == PACKET_READ_FLUSH) {
1649 true_flush = 1;
1650 break;
1651 }
1652 if (reader->status != PACKET_READ_NORMAL) {
1653 die("protocol error: got an unexpected packet");
1654 }
1655 if (!strcmp(reader->line, "push-cert-end\n"))
1656 break; /* end of cert */
1657 strbuf_addstr(&push_cert, reader->line);
1658 }
1659 reader->options = saved_options;
1660
1661 if (true_flush)
1662 break;
1663 continue;
1664 }
1665
1666 p = queue_command(p, reader->line, linelen);
1667 }
1668
1669 if (push_cert.len)
1670 queue_commands_from_cert(p, &push_cert);
1671
1672 return commands;
1673 }
1674
1675 static void read_push_options(struct packet_reader *reader,
1676 struct string_list *options)
1677 {
1678 while (1) {
1679 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1680 break;
1681
1682 string_list_append(options, reader->line);
1683 }
1684 }
1685
1686 static const char *parse_pack_header(struct pack_header *hdr)
1687 {
1688 switch (read_pack_header(0, hdr)) {
1689 case PH_ERROR_EOF:
1690 return "eof before pack header was fully read";
1691
1692 case PH_ERROR_PACK_SIGNATURE:
1693 return "protocol error (pack signature mismatch detected)";
1694
1695 case PH_ERROR_PROTOCOL:
1696 return "protocol error (pack version unsupported)";
1697
1698 default:
1699 return "unknown error in parse_pack_header";
1700
1701 case 0:
1702 return NULL;
1703 }
1704 }
1705
1706 static const char *pack_lockfile;
1707
1708 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1709 {
1710 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1711 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1712 }
1713
1714 static const char *unpack(int err_fd, struct shallow_info *si)
1715 {
1716 struct pack_header hdr;
1717 const char *hdr_err;
1718 int status;
1719 struct child_process child = CHILD_PROCESS_INIT;
1720 int fsck_objects = (receive_fsck_objects >= 0
1721 ? receive_fsck_objects
1722 : transfer_fsck_objects >= 0
1723 ? transfer_fsck_objects
1724 : 0);
1725
1726 hdr_err = parse_pack_header(&hdr);
1727 if (hdr_err) {
1728 if (err_fd > 0)
1729 close(err_fd);
1730 return hdr_err;
1731 }
1732
1733 if (si->nr_ours || si->nr_theirs) {
1734 alt_shallow_file = setup_temporary_shallow(si->shallow);
1735 argv_array_push(&child.args, "--shallow-file");
1736 argv_array_push(&child.args, alt_shallow_file);
1737 }
1738
1739 tmp_objdir = tmp_objdir_create();
1740 if (!tmp_objdir) {
1741 if (err_fd > 0)
1742 close(err_fd);
1743 return "unable to create temporary object directory";
1744 }
1745 child.env = tmp_objdir_env(tmp_objdir);
1746
1747 /*
1748 * Normally we just pass the tmp_objdir environment to the child
1749 * processes that do the heavy lifting, but we may need to see these
1750 * objects ourselves to set up shallow information.
1751 */
1752 tmp_objdir_add_as_alternate(tmp_objdir);
1753
1754 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1755 argv_array_push(&child.args, "unpack-objects");
1756 push_header_arg(&child.args, &hdr);
1757 if (quiet)
1758 argv_array_push(&child.args, "-q");
1759 if (fsck_objects)
1760 argv_array_pushf(&child.args, "--strict%s",
1761 fsck_msg_types.buf);
1762 if (max_input_size)
1763 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1764 (uintmax_t)max_input_size);
1765 child.no_stdout = 1;
1766 child.err = err_fd;
1767 child.git_cmd = 1;
1768 status = run_command(&child);
1769 if (status)
1770 return "unpack-objects abnormal exit";
1771 } else {
1772 char hostname[HOST_NAME_MAX + 1];
1773
1774 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1775 push_header_arg(&child.args, &hdr);
1776
1777 if (xgethostname(hostname, sizeof(hostname)))
1778 xsnprintf(hostname, sizeof(hostname), "localhost");
1779 argv_array_pushf(&child.args,
1780 "--keep=receive-pack %"PRIuMAX" on %s",
1781 (uintmax_t)getpid(),
1782 hostname);
1783
1784 if (!quiet && err_fd)
1785 argv_array_push(&child.args, "--show-resolving-progress");
1786 if (use_sideband)
1787 argv_array_push(&child.args, "--report-end-of-input");
1788 if (fsck_objects)
1789 argv_array_pushf(&child.args, "--strict%s",
1790 fsck_msg_types.buf);
1791 if (!reject_thin)
1792 argv_array_push(&child.args, "--fix-thin");
1793 if (max_input_size)
1794 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1795 (uintmax_t)max_input_size);
1796 child.out = -1;
1797 child.err = err_fd;
1798 child.git_cmd = 1;
1799 status = start_command(&child);
1800 if (status)
1801 return "index-pack fork failed";
1802 pack_lockfile = index_pack_lockfile(child.out);
1803 close(child.out);
1804 status = finish_command(&child);
1805 if (status)
1806 return "index-pack abnormal exit";
1807 reprepare_packed_git(the_repository);
1808 }
1809 return NULL;
1810 }
1811
1812 static const char *unpack_with_sideband(struct shallow_info *si)
1813 {
1814 struct async muxer;
1815 const char *ret;
1816
1817 if (!use_sideband)
1818 return unpack(0, si);
1819
1820 use_keepalive = KEEPALIVE_AFTER_NUL;
1821 memset(&muxer, 0, sizeof(muxer));
1822 muxer.proc = copy_to_sideband;
1823 muxer.in = -1;
1824 if (start_async(&muxer))
1825 return NULL;
1826
1827 ret = unpack(muxer.in, si);
1828
1829 finish_async(&muxer);
1830 return ret;
1831 }
1832
1833 static void prepare_shallow_update(struct shallow_info *si)
1834 {
1835 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1836
1837 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1838 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1839
1840 si->need_reachability_test =
1841 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1842 si->reachable =
1843 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1844 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1845
1846 for (i = 0; i < si->nr_ours; i++)
1847 si->need_reachability_test[si->ours[i]] = 1;
1848
1849 for (i = 0; i < si->shallow->nr; i++) {
1850 if (!si->used_shallow[i])
1851 continue;
1852 for (j = 0; j < bitmap_size; j++) {
1853 if (!si->used_shallow[i][j])
1854 continue;
1855 si->need_reachability_test[i]++;
1856 for (k = 0; k < 32; k++)
1857 if (si->used_shallow[i][j] & (1U << k))
1858 si->shallow_ref[j * 32 + k]++;
1859 }
1860
1861 /*
1862 * true for those associated with some refs and belong
1863 * in "ours" list aka "step 7 not done yet"
1864 */
1865 si->need_reachability_test[i] =
1866 si->need_reachability_test[i] > 1;
1867 }
1868
1869 /*
1870 * keep hooks happy by forcing a temporary shallow file via
1871 * env variable because we can't add --shallow-file to every
1872 * command. check_connected() will be done with
1873 * true .git/shallow though.
1874 */
1875 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1876 }
1877
1878 static void update_shallow_info(struct command *commands,
1879 struct shallow_info *si,
1880 struct oid_array *ref)
1881 {
1882 struct command *cmd;
1883 int *ref_status;
1884 remove_nonexistent_theirs_shallow(si);
1885 if (!si->nr_ours && !si->nr_theirs) {
1886 shallow_update = 0;
1887 return;
1888 }
1889
1890 for (cmd = commands; cmd; cmd = cmd->next) {
1891 if (is_null_oid(&cmd->new_oid))
1892 continue;
1893 oid_array_append(ref, &cmd->new_oid);
1894 cmd->index = ref->nr - 1;
1895 }
1896 si->ref = ref;
1897
1898 if (shallow_update) {
1899 prepare_shallow_update(si);
1900 return;
1901 }
1902
1903 ALLOC_ARRAY(ref_status, ref->nr);
1904 assign_shallow_commits_to_refs(si, NULL, ref_status);
1905 for (cmd = commands; cmd; cmd = cmd->next) {
1906 if (is_null_oid(&cmd->new_oid))
1907 continue;
1908 if (ref_status[cmd->index]) {
1909 cmd->error_string = "shallow update not allowed";
1910 cmd->skip_update = 1;
1911 }
1912 }
1913 free(ref_status);
1914 }
1915
1916 static void report(struct command *commands, const char *unpack_status)
1917 {
1918 struct command *cmd;
1919 struct strbuf buf = STRBUF_INIT;
1920
1921 packet_buf_write(&buf, "unpack %s\n",
1922 unpack_status ? unpack_status : "ok");
1923 for (cmd = commands; cmd; cmd = cmd->next) {
1924 if (!cmd->error_string)
1925 packet_buf_write(&buf, "ok %s\n",
1926 cmd->ref_name);
1927 else
1928 packet_buf_write(&buf, "ng %s %s\n",
1929 cmd->ref_name, cmd->error_string);
1930 }
1931 packet_buf_flush(&buf);
1932
1933 if (use_sideband)
1934 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1935 else
1936 write_or_die(1, buf.buf, buf.len);
1937 strbuf_release(&buf);
1938 }
1939
1940 static int delete_only(struct command *commands)
1941 {
1942 struct command *cmd;
1943 for (cmd = commands; cmd; cmd = cmd->next) {
1944 if (!is_null_oid(&cmd->new_oid))
1945 return 0;
1946 }
1947 return 1;
1948 }
1949
1950 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1951 {
1952 int advertise_refs = 0;
1953 struct command *commands;
1954 struct oid_array shallow = OID_ARRAY_INIT;
1955 struct oid_array ref = OID_ARRAY_INIT;
1956 struct shallow_info si;
1957 struct packet_reader reader;
1958
1959 struct option options[] = {
1960 OPT__QUIET(&quiet, N_("quiet")),
1961 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1962 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1963 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1964 OPT_END()
1965 };
1966
1967 packet_trace_identity("receive-pack");
1968
1969 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1970
1971 if (argc > 1)
1972 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1973 if (argc == 0)
1974 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1975
1976 service_dir = argv[0];
1977
1978 setup_path();
1979
1980 if (!enter_repo(service_dir, 0))
1981 die("'%s' does not appear to be a git repository", service_dir);
1982
1983 git_config(receive_pack_config, NULL);
1984 if (cert_nonce_seed)
1985 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1986
1987 if (0 <= transfer_unpack_limit)
1988 unpack_limit = transfer_unpack_limit;
1989 else if (0 <= receive_unpack_limit)
1990 unpack_limit = receive_unpack_limit;
1991
1992 switch (determine_protocol_version_server()) {
1993 case protocol_v2:
1994 /*
1995 * push support for protocol v2 has not been implemented yet,
1996 * so ignore the request to use v2 and fallback to using v0.
1997 */
1998 break;
1999 case protocol_v1:
2000 /*
2001 * v1 is just the original protocol with a version string,
2002 * so just fall through after writing the version string.
2003 */
2004 if (advertise_refs || !stateless_rpc)
2005 packet_write_fmt(1, "version 1\n");
2006
2007 /* fallthrough */
2008 case protocol_v0:
2009 break;
2010 case protocol_unknown_version:
2011 BUG("unknown protocol version");
2012 }
2013
2014 if (advertise_refs || !stateless_rpc) {
2015 write_head_info();
2016 }
2017 if (advertise_refs)
2018 return 0;
2019
2020 packet_reader_init(&reader, 0, NULL, 0,
2021 PACKET_READ_CHOMP_NEWLINE |
2022 PACKET_READ_DIE_ON_ERR_PACKET);
2023
2024 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2025 const char *unpack_status = NULL;
2026 struct string_list push_options = STRING_LIST_INIT_DUP;
2027
2028 if (use_push_options)
2029 read_push_options(&reader, &push_options);
2030 if (!check_cert_push_options(&push_options)) {
2031 struct command *cmd;
2032 for (cmd = commands; cmd; cmd = cmd->next)
2033 cmd->error_string = "inconsistent push options";
2034 }
2035
2036 prepare_shallow_info(&si, &shallow);
2037 if (!si.nr_ours && !si.nr_theirs)
2038 shallow_update = 0;
2039 if (!delete_only(commands)) {
2040 unpack_status = unpack_with_sideband(&si);
2041 update_shallow_info(commands, &si, &ref);
2042 }
2043 use_keepalive = KEEPALIVE_ALWAYS;
2044 execute_commands(commands, unpack_status, &si,
2045 &push_options);
2046 if (pack_lockfile)
2047 unlink_or_warn(pack_lockfile);
2048 if (report_status)
2049 report(commands, unpack_status);
2050 run_receive_hook(commands, "post-receive", 1,
2051 &push_options);
2052 run_update_post_hook(commands);
2053 string_list_clear(&push_options, 0);
2054 if (auto_gc) {
2055 const char *argv_gc_auto[] = {
2056 "gc", "--auto", "--quiet", NULL,
2057 };
2058 struct child_process proc = CHILD_PROCESS_INIT;
2059
2060 proc.no_stdin = 1;
2061 proc.stdout_to_stderr = 1;
2062 proc.err = use_sideband ? -1 : 0;
2063 proc.git_cmd = 1;
2064 proc.argv = argv_gc_auto;
2065
2066 close_object_store(the_repository->objects);
2067 if (!start_command(&proc)) {
2068 if (use_sideband)
2069 copy_to_sideband(proc.err, -1, NULL);
2070 finish_command(&proc);
2071 }
2072 }
2073 if (auto_update_server_info)
2074 update_server_info(0);
2075 clear_shallow_info(&si);
2076 }
2077 if (use_sideband)
2078 packet_flush(1);
2079 oid_array_clear(&shallow);
2080 oid_array_clear(&ref);
2081 free((void *)push_cert_nonce);
2082 return 0;
2083 }
Unnamed repository; edit this file 'description' to name the repository.