]> git.ipfire.org Git - thirdparty/git.git/blame_incremental - builtin/receive-pack.c
projects / thirdparty / git.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
The sixth batch
[thirdparty/git.git] / builtin / receive-pack.c
... / ...
CommitLineData
1#define USE_THE_REPOSITORY_VARIABLE
2#define DISABLE_SIGN_COMPARE_WARNINGS
3
4#include "builtin.h"
5#include "abspath.h"
6
7#include "config.h"
8#include "environment.h"
9#include "gettext.h"
10#include "hex.h"
11#include "lockfile.h"
12#include "pack.h"
13#include "refs.h"
14#include "pkt-line.h"
15#include "sideband.h"
16#include "run-command.h"
17#include "hook.h"
18#include "exec-cmd.h"
19#include "commit.h"
20#include "object.h"
21#include "remote.h"
22#include "connect.h"
23#include "string-list.h"
24#include "oid-array.h"
25#include "connected.h"
26#include "strvec.h"
27#include "version.h"
28#include "gpg-interface.h"
29#include "sigchain.h"
30#include "fsck.h"
31#include "tmp-objdir.h"
32#include "oidset.h"
33#include "packfile.h"
34#include "object-file.h"
35#include "object-name.h"
36#include "object-store.h"
37#include "path.h"
38#include "protocol.h"
39#include "commit-reach.h"
40#include "server-info.h"
41#include "trace.h"
42#include "trace2.h"
43#include "worktree.h"
44#include "shallow.h"
45#include "parse-options.h"
46
47static const char * const receive_pack_usage[] = {
48 N_("git receive-pack <git-dir>"),
49 NULL
50};
51
52enum deny_action {
53 DENY_UNCONFIGURED,
54 DENY_IGNORE,
55 DENY_WARN,
56 DENY_REFUSE,
57 DENY_UPDATE_INSTEAD
58};
59
60static int deny_deletes;
61static int deny_non_fast_forwards;
62static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
63static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
64static int receive_fsck_objects = -1;
65static int transfer_fsck_objects = -1;
66static struct strbuf fsck_msg_types = STRBUF_INIT;
67static int receive_unpack_limit = -1;
68static int transfer_unpack_limit = -1;
69static int advertise_atomic_push = 1;
70static int advertise_push_options;
71static int advertise_sid;
72static int unpack_limit = 100;
73static off_t max_input_size;
74static int report_status;
75static int report_status_v2;
76static int use_sideband;
77static int use_atomic;
78static int use_push_options;
79static int quiet;
80static int prefer_ofs_delta = 1;
81static int auto_update_server_info;
82static int auto_gc = 1;
83static int reject_thin;
84static int skip_connectivity_check;
85static int stateless_rpc;
86static const char *service_dir;
87static const char *head_name;
88static void *head_name_to_free;
89static int sent_capabilities;
90static int shallow_update;
91static const char *alt_shallow_file;
92static struct strbuf push_cert = STRBUF_INIT;
93static struct object_id push_cert_oid;
94static struct signature_check sigcheck;
95static const char *push_cert_nonce;
96static char *cert_nonce_seed;
97static struct strvec hidden_refs = STRVEC_INIT;
98
99static const char *NONCE_UNSOLICITED = "UNSOLICITED";
100static const char *NONCE_BAD = "BAD";
101static const char *NONCE_MISSING = "MISSING";
102static const char *NONCE_OK = "OK";
103static const char *NONCE_SLOP = "SLOP";
104static const char *nonce_status;
105static long nonce_stamp_slop;
106static timestamp_t nonce_stamp_slop_limit;
107static struct ref_transaction *transaction;
108
109static enum {
110 KEEPALIVE_NEVER = 0,
111 KEEPALIVE_AFTER_NUL,
112 KEEPALIVE_ALWAYS
113} use_keepalive;
114static int keepalive_in_sec = 5;
115
116static struct tmp_objdir *tmp_objdir;
117
118static struct proc_receive_ref {
119 unsigned int want_add:1,
120 want_delete:1,
121 want_modify:1,
122 negative_ref:1;
123 char *ref_prefix;
124 struct proc_receive_ref *next;
125} *proc_receive_ref;
126
127static void proc_receive_ref_append(const char *prefix);
128
129static enum deny_action parse_deny_action(const char *var, const char *value)
130{
131 if (value) {
132 if (!strcasecmp(value, "ignore"))
133 return DENY_IGNORE;
134 if (!strcasecmp(value, "warn"))
135 return DENY_WARN;
136 if (!strcasecmp(value, "refuse"))
137 return DENY_REFUSE;
138 if (!strcasecmp(value, "updateinstead"))
139 return DENY_UPDATE_INSTEAD;
140 }
141 if (git_config_bool(var, value))
142 return DENY_REFUSE;
143 return DENY_IGNORE;
144}
145
146static int receive_pack_config(const char *var, const char *value,
147 const struct config_context *ctx, void *cb)
148{
149 const char *msg_id;
150 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
151
152 if (status)
153 return status;
154
155 if (strcmp(var, "receive.denydeletes") == 0) {
156 deny_deletes = git_config_bool(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "receive.denynonfastforwards") == 0) {
161 deny_non_fast_forwards = git_config_bool(var, value);
162 return 0;
163 }
164
165 if (strcmp(var, "receive.unpacklimit") == 0) {
166 receive_unpack_limit = git_config_int(var, value, ctx->kvi);
167 return 0;
168 }
169
170 if (strcmp(var, "transfer.unpacklimit") == 0) {
171 transfer_unpack_limit = git_config_int(var, value, ctx->kvi);
172 return 0;
173 }
174
175 if (strcmp(var, "receive.fsck.skiplist") == 0) {
176 char *path;
177
178 if (git_config_pathname(&path, var, value))
179 return -1;
180 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
181 fsck_msg_types.len ? ',' : '=', path);
182 free(path);
183 return 0;
184 }
185
186 if (skip_prefix(var, "receive.fsck.", &msg_id)) {
187 if (!value)
188 return config_error_nonbool(var);
189 if (is_valid_msg_type(msg_id, value))
190 strbuf_addf(&fsck_msg_types, "%c%s=%s",
191 fsck_msg_types.len ? ',' : '=', msg_id, value);
192 else
193 warning("skipping unknown msg id '%s'", msg_id);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.fsckobjects") == 0) {
198 receive_fsck_objects = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "transfer.fsckobjects") == 0) {
203 transfer_fsck_objects = git_config_bool(var, value);
204 return 0;
205 }
206
207 if (!strcmp(var, "receive.denycurrentbranch")) {
208 deny_current_branch = parse_deny_action(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.denydeletecurrent") == 0) {
213 deny_delete_current = parse_deny_action(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
218 prefer_ofs_delta = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.updateserverinfo") == 0) {
223 auto_update_server_info = git_config_bool(var, value);
224 return 0;
225 }
226
227 if (strcmp(var, "receive.autogc") == 0) {
228 auto_gc = git_config_bool(var, value);
229 return 0;
230 }
231
232 if (strcmp(var, "receive.shallowupdate") == 0) {
233 shallow_update = git_config_bool(var, value);
234 return 0;
235 }
236
237 if (strcmp(var, "receive.certnonceseed") == 0)
238 return git_config_string(&cert_nonce_seed, var, value);
239
240 if (strcmp(var, "receive.certnonceslop") == 0) {
241 nonce_stamp_slop_limit = git_config_ulong(var, value, ctx->kvi);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.advertiseatomic") == 0) {
246 advertise_atomic_push = git_config_bool(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.advertisepushoptions") == 0) {
251 advertise_push_options = git_config_bool(var, value);
252 return 0;
253 }
254
255 if (strcmp(var, "receive.keepalive") == 0) {
256 keepalive_in_sec = git_config_int(var, value, ctx->kvi);
257 return 0;
258 }
259
260 if (strcmp(var, "receive.maxinputsize") == 0) {
261 max_input_size = git_config_int64(var, value, ctx->kvi);
262 return 0;
263 }
264
265 if (strcmp(var, "receive.procreceiverefs") == 0) {
266 if (!value)
267 return config_error_nonbool(var);
268 proc_receive_ref_append(value);
269 return 0;
270 }
271
272 if (strcmp(var, "transfer.advertisesid") == 0) {
273 advertise_sid = git_config_bool(var, value);
274 return 0;
275 }
276
277 return git_default_config(var, value, ctx, cb);
278}
279
280static void show_ref(const char *path, const struct object_id *oid)
281{
282 if (sent_capabilities) {
283 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
284 } else {
285 struct strbuf cap = STRBUF_INIT;
286
287 strbuf_addstr(&cap,
288 "report-status report-status-v2 delete-refs side-band-64k quiet");
289 if (advertise_atomic_push)
290 strbuf_addstr(&cap, " atomic");
291 if (prefer_ofs_delta)
292 strbuf_addstr(&cap, " ofs-delta");
293 if (push_cert_nonce)
294 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
295 if (advertise_push_options)
296 strbuf_addstr(&cap, " push-options");
297 if (advertise_sid)
298 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
299 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
300 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
301 packet_write_fmt(1, "%s %s%c%s\n",
302 oid_to_hex(oid), path, 0, cap.buf);
303 strbuf_release(&cap);
304 sent_capabilities = 1;
305 }
306}
307
308static int show_ref_cb(const char *path_full, const char *referent UNUSED, const struct object_id *oid,
309 int flag UNUSED, void *data)
310{
311 struct oidset *seen = data;
312 const char *path = strip_namespace(path_full);
313
314 if (ref_is_hidden(path, path_full, &hidden_refs))
315 return 0;
316
317 /*
318 * Advertise refs outside our current namespace as ".have"
319 * refs, so that the client can use them to minimize data
320 * transfer but will otherwise ignore them.
321 */
322 if (!path) {
323 if (oidset_insert(seen, oid))
324 return 0;
325 path = ".have";
326 } else {
327 oidset_insert(seen, oid);
328 }
329 show_ref(path, oid);
330 return 0;
331}
332
333static void show_one_alternate_ref(const struct object_id *oid,
334 void *data)
335{
336 struct oidset *seen = data;
337
338 if (oidset_insert(seen, oid))
339 return;
340
341 show_ref(".have", oid);
342}
343
344static void write_head_info(void)
345{
346 static struct oidset seen = OIDSET_INIT;
347 struct strvec excludes_vector = STRVEC_INIT;
348 const char **exclude_patterns;
349
350 /*
351 * We need access to the reference names both with and without their
352 * namespace and thus cannot use `refs_for_each_namespaced_ref()`. We
353 * thus have to adapt exclude patterns to carry the namespace prefix
354 * ourselves.
355 */
356 exclude_patterns = get_namespaced_exclude_patterns(
357 hidden_refs_to_excludes(&hidden_refs),
358 get_git_namespace(), &excludes_vector);
359
360 refs_for_each_fullref_in(get_main_ref_store(the_repository), "",
361 exclude_patterns, show_ref_cb, &seen);
362 for_each_alternate_ref(show_one_alternate_ref, &seen);
363
364 oidset_clear(&seen);
365 strvec_clear(&excludes_vector);
366
367 if (!sent_capabilities)
368 show_ref("capabilities^{}", null_oid(the_hash_algo));
369
370 advertise_shallow_grafts(1);
371
372 /* EOF */
373 packet_flush(1);
374}
375
376#define RUN_PROC_RECEIVE_SCHEDULED 1
377#define RUN_PROC_RECEIVE_RETURNED 2
378struct command {
379 struct command *next;
380 const char *error_string;
381 char *error_string_owned;
382 struct ref_push_report *report;
383 unsigned int skip_update:1,
384 did_not_exist:1,
385 run_proc_receive:2;
386 int index;
387 struct object_id old_oid;
388 struct object_id new_oid;
389 char ref_name[FLEX_ARRAY]; /* more */
390};
391
392static void proc_receive_ref_append(const char *prefix)
393{
394 struct proc_receive_ref *ref_pattern;
395 char *p;
396 int len;
397
398 CALLOC_ARRAY(ref_pattern, 1);
399 p = strchr(prefix, ':');
400 if (p) {
401 while (prefix < p) {
402 if (*prefix == 'a')
403 ref_pattern->want_add = 1;
404 else if (*prefix == 'd')
405 ref_pattern->want_delete = 1;
406 else if (*prefix == 'm')
407 ref_pattern->want_modify = 1;
408 else if (*prefix == '!')
409 ref_pattern->negative_ref = 1;
410 prefix++;
411 }
412 prefix++;
413 } else {
414 ref_pattern->want_add = 1;
415 ref_pattern->want_delete = 1;
416 ref_pattern->want_modify = 1;
417 }
418 len = strlen(prefix);
419 while (len && prefix[len - 1] == '/')
420 len--;
421 ref_pattern->ref_prefix = xmemdupz(prefix, len);
422 if (!proc_receive_ref) {
423 proc_receive_ref = ref_pattern;
424 } else {
425 struct proc_receive_ref *end;
426
427 end = proc_receive_ref;
428 while (end->next)
429 end = end->next;
430 end->next = ref_pattern;
431 }
432}
433
434static int proc_receive_ref_matches(struct command *cmd)
435{
436 struct proc_receive_ref *p;
437
438 if (!proc_receive_ref)
439 return 0;
440
441 for (p = proc_receive_ref; p; p = p->next) {
442 const char *match = p->ref_prefix;
443 const char *remains;
444
445 if (!p->want_add && is_null_oid(&cmd->old_oid))
446 continue;
447 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
448 continue;
449 else if (!p->want_modify &&
450 !is_null_oid(&cmd->old_oid) &&
451 !is_null_oid(&cmd->new_oid))
452 continue;
453
454 if (skip_prefix(cmd->ref_name, match, &remains) &&
455 (!*remains || *remains == '/')) {
456 if (!p->negative_ref)
457 return 1;
458 } else if (p->negative_ref) {
459 return 1;
460 }
461 }
462 return 0;
463}
464
465static void report_message(const char *prefix, const char *err, va_list params)
466{
467 int sz;
468 char msg[4096];
469
470 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
471 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
472 if (sz > (sizeof(msg) - 1))
473 sz = sizeof(msg) - 1;
474 msg[sz++] = '\n';
475
476 if (use_sideband)
477 send_sideband(1, 2, msg, sz, use_sideband);
478 else
479 xwrite(2, msg, sz);
480}
481
482__attribute__((format (printf, 1, 2)))
483static void rp_warning(const char *err, ...)
484{
485 va_list params;
486 va_start(params, err);
487 report_message("warning: ", err, params);
488 va_end(params);
489}
490
491__attribute__((format (printf, 1, 2)))
492static void rp_error(const char *err, ...)
493{
494 va_list params;
495 va_start(params, err);
496 report_message("error: ", err, params);
497 va_end(params);
498}
499
500static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
501{
502 char data[128];
503 int keepalive_active = 0;
504
505 if (keepalive_in_sec <= 0)
506 use_keepalive = KEEPALIVE_NEVER;
507 if (use_keepalive == KEEPALIVE_ALWAYS)
508 keepalive_active = 1;
509
510 while (1) {
511 ssize_t sz;
512
513 if (keepalive_active) {
514 struct pollfd pfd;
515 int ret;
516
517 pfd.fd = in;
518 pfd.events = POLLIN;
519 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
520
521 if (ret < 0) {
522 if (errno == EINTR)
523 continue;
524 else
525 break;
526 } else if (ret == 0) {
527 /* no data; send a keepalive packet */
528 static const char buf[] = "0005\1";
529 write_or_die(1, buf, sizeof(buf) - 1);
530 continue;
531 } /* else there is actual data to read */
532 }
533
534 sz = xread(in, data, sizeof(data));
535 if (sz <= 0)
536 break;
537
538 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
539 const char *p = memchr(data, '\0', sz);
540 if (p) {
541 /*
542 * The NUL tells us to start sending keepalives. Make
543 * sure we send any other data we read along
544 * with it.
545 */
546 keepalive_active = 1;
547 send_sideband(1, 2, data, p - data, use_sideband);
548 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
549 continue;
550 }
551 }
552
553 /*
554 * Either we're not looking for a NUL signal, or we didn't see
555 * it yet; just pass along the data.
556 */
557 send_sideband(1, 2, data, sz, use_sideband);
558 }
559 close(in);
560 return 0;
561}
562
563static void hmac_hash(unsigned char *out,
564 const char *key_in, size_t key_len,
565 const char *text, size_t text_len)
566{
567 unsigned char key[GIT_MAX_BLKSZ];
568 unsigned char k_ipad[GIT_MAX_BLKSZ];
569 unsigned char k_opad[GIT_MAX_BLKSZ];
570 int i;
571 struct git_hash_ctx ctx;
572
573 /* RFC 2104 2. (1) */
574 memset(key, '\0', GIT_MAX_BLKSZ);
575 if (the_hash_algo->blksz < key_len) {
576 the_hash_algo->init_fn(&ctx);
577 git_hash_update(&ctx, key_in, key_len);
578 git_hash_final(key, &ctx);
579 } else {
580 memcpy(key, key_in, key_len);
581 }
582
583 /* RFC 2104 2. (2) & (5) */
584 for (i = 0; i < sizeof(key); i++) {
585 k_ipad[i] = key[i] ^ 0x36;
586 k_opad[i] = key[i] ^ 0x5c;
587 }
588
589 /* RFC 2104 2. (3) & (4) */
590 the_hash_algo->init_fn(&ctx);
591 git_hash_update(&ctx, k_ipad, sizeof(k_ipad));
592 git_hash_update(&ctx, text, text_len);
593 git_hash_final(out, &ctx);
594
595 /* RFC 2104 2. (6) & (7) */
596 the_hash_algo->init_fn(&ctx);
597 git_hash_update(&ctx, k_opad, sizeof(k_opad));
598 git_hash_update(&ctx, out, the_hash_algo->rawsz);
599 git_hash_final(out, &ctx);
600}
601
602static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
603{
604 struct strbuf buf = STRBUF_INIT;
605 unsigned char hash[GIT_MAX_RAWSZ];
606
607 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
608 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
609 strbuf_release(&buf);
610
611 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
612 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
613 return strbuf_detach(&buf, NULL);
614}
615
616/*
617 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
618 * This operation is guaranteed to run in constant time to avoid leaking data.
619 */
620static int constant_memequal(const char *a, const char *b, size_t n)
621{
622 int res = 0;
623 size_t i;
624
625 for (i = 0; i < n; i++)
626 res |= a[i] ^ b[i];
627 return res;
628}
629
630static const char *check_nonce(const char *buf)
631{
632 size_t noncelen;
633 const char *found = find_commit_header(buf, "nonce", &noncelen);
634 char *nonce = found ? xmemdupz(found, noncelen) : NULL;
635 timestamp_t stamp, ostamp;
636 char *bohmac, *expect = NULL;
637 const char *retval = NONCE_BAD;
638
639 if (!nonce) {
640 retval = NONCE_MISSING;
641 goto leave;
642 } else if (!push_cert_nonce) {
643 retval = NONCE_UNSOLICITED;
644 goto leave;
645 } else if (!strcmp(push_cert_nonce, nonce)) {
646 retval = NONCE_OK;
647 goto leave;
648 }
649
650 if (!stateless_rpc) {
651 /* returned nonce MUST match what we gave out earlier */
652 retval = NONCE_BAD;
653 goto leave;
654 }
655
656 /*
657 * In stateless mode, we may be receiving a nonce issued by
658 * another instance of the server that serving the same
659 * repository, and the timestamps may not match, but the
660 * nonce-seed and dir should match, so we can recompute and
661 * report the time slop.
662 *
663 * In addition, when a nonce issued by another instance has
664 * timestamp within receive.certnonceslop seconds, we pretend
665 * as if we issued that nonce when reporting to the hook.
666 */
667
668 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
669 if (*nonce <= '0' || '9' < *nonce) {
670 retval = NONCE_BAD;
671 goto leave;
672 }
673 stamp = parse_timestamp(nonce, &bohmac, 10);
674 if (bohmac == nonce || bohmac[0] != '-') {
675 retval = NONCE_BAD;
676 goto leave;
677 }
678
679 expect = prepare_push_cert_nonce(service_dir, stamp);
680 if (noncelen != strlen(expect)) {
681 /* This is not even the right size. */
682 retval = NONCE_BAD;
683 goto leave;
684 }
685 if (constant_memequal(expect, nonce, noncelen)) {
686 /* Not what we would have signed earlier */
687 retval = NONCE_BAD;
688 goto leave;
689 }
690
691 /*
692 * By how many seconds is this nonce stale? Negative value
693 * would mean it was issued by another server with its clock
694 * skewed in the future.
695 */
696 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
697 nonce_stamp_slop = (long)ostamp - (long)stamp;
698
699 if (nonce_stamp_slop_limit &&
700 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
701 /*
702 * Pretend as if the received nonce (which passes the
703 * HMAC check, so it is not a forged by third-party)
704 * is what we issued.
705 */
706 free((void *)push_cert_nonce);
707 push_cert_nonce = xstrdup(nonce);
708 retval = NONCE_OK;
709 } else {
710 retval = NONCE_SLOP;
711 }
712
713leave:
714 free(nonce);
715 free(expect);
716 return retval;
717}
718
719/*
720 * Return 1 if there is no push_cert or if the push options in push_cert are
721 * the same as those in the argument; 0 otherwise.
722 */
723static int check_cert_push_options(const struct string_list *push_options)
724{
725 const char *buf = push_cert.buf;
726
727 const char *option;
728 size_t optionlen;
729 int options_seen = 0;
730
731 int retval = 1;
732
733 if (!*buf)
734 return 1;
735
736 while ((option = find_commit_header(buf, "push-option", &optionlen))) {
737 buf = option + optionlen + 1;
738 options_seen++;
739 if (options_seen > push_options->nr
740 || xstrncmpz(push_options->items[options_seen - 1].string,
741 option, optionlen))
742 return 0;
743 }
744
745 if (options_seen != push_options->nr)
746 retval = 0;
747
748 return retval;
749}
750
751static void prepare_push_cert_sha1(struct child_process *proc)
752{
753 static int already_done;
754
755 if (!push_cert.len)
756 return;
757
758 if (!already_done) {
759 int bogs /* beginning_of_gpg_sig */;
760
761 already_done = 1;
762 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
763 &push_cert_oid))
764 oidclr(&push_cert_oid, the_repository->hash_algo);
765
766 memset(&sigcheck, '\0', sizeof(sigcheck));
767
768 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
769 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
770 sigcheck.payload_len = bogs;
771 check_signature(&sigcheck, push_cert.buf + bogs,
772 push_cert.len - bogs);
773
774 nonce_status = check_nonce(sigcheck.payload);
775 }
776 if (!is_null_oid(&push_cert_oid)) {
777 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
778 oid_to_hex(&push_cert_oid));
779 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
780 sigcheck.signer ? sigcheck.signer : "");
781 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
782 sigcheck.key ? sigcheck.key : "");
783 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
784 sigcheck.result);
785 if (push_cert_nonce) {
786 strvec_pushf(&proc->env,
787 "GIT_PUSH_CERT_NONCE=%s",
788 push_cert_nonce);
789 strvec_pushf(&proc->env,
790 "GIT_PUSH_CERT_NONCE_STATUS=%s",
791 nonce_status);
792 if (nonce_status == NONCE_SLOP)
793 strvec_pushf(&proc->env,
794 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
795 nonce_stamp_slop);
796 }
797 }
798}
799
800struct receive_hook_feed_state {
801 struct command *cmd;
802 struct ref_push_report *report;
803 int skip_broken;
804 struct strbuf buf;
805 const struct string_list *push_options;
806};
807
808typedef int (*feed_fn)(void *, const char **, size_t *);
809static int run_and_feed_hook(const char *hook_name, feed_fn feed,
810 struct receive_hook_feed_state *feed_state)
811{
812 struct child_process proc = CHILD_PROCESS_INIT;
813 struct async muxer;
814 int code;
815 const char *hook_path = find_hook(the_repository, hook_name);
816
817 if (!hook_path)
818 return 0;
819
820 strvec_push(&proc.args, hook_path);
821 proc.in = -1;
822 proc.stdout_to_stderr = 1;
823 proc.trace2_hook_name = hook_name;
824
825 if (feed_state->push_options) {
826 size_t i;
827 for (i = 0; i < feed_state->push_options->nr; i++)
828 strvec_pushf(&proc.env,
829 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
830 (uintmax_t)i,
831 feed_state->push_options->items[i].string);
832 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
833 (uintmax_t)feed_state->push_options->nr);
834 } else
835 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
836
837 if (tmp_objdir)
838 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
839
840 if (use_sideband) {
841 memset(&muxer, 0, sizeof(muxer));
842 muxer.proc = copy_to_sideband;
843 muxer.in = -1;
844 code = start_async(&muxer);
845 if (code)
846 return code;
847 proc.err = muxer.in;
848 }
849
850 prepare_push_cert_sha1(&proc);
851
852 code = start_command(&proc);
853 if (code) {
854 if (use_sideband)
855 finish_async(&muxer);
856 return code;
857 }
858
859 sigchain_push(SIGPIPE, SIG_IGN);
860
861 while (1) {
862 const char *buf;
863 size_t n;
864 if (feed(feed_state, &buf, &n))
865 break;
866 if (write_in_full(proc.in, buf, n) < 0)
867 break;
868 }
869 close(proc.in);
870 if (use_sideband)
871 finish_async(&muxer);
872
873 sigchain_pop(SIGPIPE);
874
875 return finish_command(&proc);
876}
877
878static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
879{
880 struct receive_hook_feed_state *state = state_;
881 struct command *cmd = state->cmd;
882
883 while (cmd &&
884 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
885 cmd = cmd->next;
886 if (!cmd)
887 return -1; /* EOF */
888 if (!bufp)
889 return 0; /* OK, can feed something. */
890 strbuf_reset(&state->buf);
891 if (!state->report)
892 state->report = cmd->report;
893 if (state->report) {
894 struct object_id *old_oid;
895 struct object_id *new_oid;
896 const char *ref_name;
897
898 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
899 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
900 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
901 strbuf_addf(&state->buf, "%s %s %s\n",
902 oid_to_hex(old_oid), oid_to_hex(new_oid),
903 ref_name);
904 state->report = state->report->next;
905 if (!state->report)
906 state->cmd = cmd->next;
907 } else {
908 strbuf_addf(&state->buf, "%s %s %s\n",
909 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
910 cmd->ref_name);
911 state->cmd = cmd->next;
912 }
913 if (bufp) {
914 *bufp = state->buf.buf;
915 *sizep = state->buf.len;
916 }
917 return 0;
918}
919
920static int run_receive_hook(struct command *commands,
921 const char *hook_name,
922 int skip_broken,
923 const struct string_list *push_options)
924{
925 struct receive_hook_feed_state state;
926 int status;
927
928 strbuf_init(&state.buf, 0);
929 state.cmd = commands;
930 state.skip_broken = skip_broken;
931 state.report = NULL;
932 if (feed_receive_hook(&state, NULL, NULL))
933 return 0;
934 state.cmd = commands;
935 state.push_options = push_options;
936 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
937 strbuf_release(&state.buf);
938 return status;
939}
940
941static int run_update_hook(struct command *cmd)
942{
943 struct child_process proc = CHILD_PROCESS_INIT;
944 int code;
945 const char *hook_path = find_hook(the_repository, "update");
946
947 if (!hook_path)
948 return 0;
949
950 strvec_push(&proc.args, hook_path);
951 strvec_push(&proc.args, cmd->ref_name);
952 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
953 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
954
955 proc.no_stdin = 1;
956 proc.stdout_to_stderr = 1;
957 proc.err = use_sideband ? -1 : 0;
958 proc.trace2_hook_name = "update";
959
960 code = start_command(&proc);
961 if (code)
962 return code;
963 if (use_sideband)
964 copy_to_sideband(proc.err, -1, NULL);
965 return finish_command(&proc);
966}
967
968static struct command *find_command_by_refname(struct command *list,
969 const char *refname)
970{
971 for (; list; list = list->next)
972 if (!strcmp(list->ref_name, refname))
973 return list;
974 return NULL;
975}
976
977static int read_proc_receive_report(struct packet_reader *reader,
978 struct command *commands,
979 struct strbuf *errmsg)
980{
981 struct command *cmd;
982 struct command *hint = NULL;
983 struct ref_push_report *report = NULL;
984 int new_report = 0;
985 int code = 0;
986 int once = 0;
987 int response = 0;
988
989 for (;;) {
990 struct object_id old_oid, new_oid;
991 const char *head;
992 const char *refname;
993 char *p;
994 enum packet_read_status status;
995
996 status = packet_reader_read(reader);
997 if (status != PACKET_READ_NORMAL) {
998 /* Check whether proc-receive exited abnormally */
999 if (status == PACKET_READ_EOF && !response) {
1000 strbuf_addstr(errmsg, "proc-receive exited abnormally");
1001 return -1;
1002 }
1003 break;
1004 }
1005 response++;
1006
1007 head = reader->line;
1008 p = strchr(head, ' ');
1009 if (!p) {
1010 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1011 code = -1;
1012 continue;
1013 }
1014 *p++ = '\0';
1015 if (!strcmp(head, "option")) {
1016 const char *key, *val;
1017
1018 if (!hint || !(report || new_report)) {
1019 if (!once++)
1020 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1021 code = -1;
1022 continue;
1023 }
1024 if (new_report) {
1025 if (!hint->report) {
1026 CALLOC_ARRAY(hint->report, 1);
1027 report = hint->report;
1028 } else {
1029 report = hint->report;
1030 while (report->next)
1031 report = report->next;
1032 report->next = xcalloc(1, sizeof(struct ref_push_report));
1033 report = report->next;
1034 }
1035 new_report = 0;
1036 }
1037 key = p;
1038 p = strchr(key, ' ');
1039 if (p)
1040 *p++ = '\0';
1041 val = p;
1042 if (!strcmp(key, "refname"))
1043 report->ref_name = xstrdup_or_null(val);
1044 else if (!strcmp(key, "old-oid") && val &&
1045 !parse_oid_hex(val, &old_oid, &val))
1046 report->old_oid = oiddup(&old_oid);
1047 else if (!strcmp(key, "new-oid") && val &&
1048 !parse_oid_hex(val, &new_oid, &val))
1049 report->new_oid = oiddup(&new_oid);
1050 else if (!strcmp(key, "forced-update"))
1051 report->forced_update = 1;
1052 else if (!strcmp(key, "fall-through"))
1053 /* Fall through, let 'receive-pack' to execute it. */
1054 hint->run_proc_receive = 0;
1055 continue;
1056 }
1057
1058 report = NULL;
1059 new_report = 0;
1060 refname = p;
1061 p = strchr(refname, ' ');
1062 if (p)
1063 *p++ = '\0';
1064 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1065 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1066 head, refname);
1067 code = -1;
1068 continue;
1069 }
1070
1071 /* first try searching at our hint, falling back to all refs */
1072 if (hint)
1073 hint = find_command_by_refname(hint, refname);
1074 if (!hint)
1075 hint = find_command_by_refname(commands, refname);
1076 if (!hint) {
1077 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1078 refname);
1079 code = -1;
1080 continue;
1081 }
1082 if (!hint->run_proc_receive) {
1083 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1084 refname);
1085 code = -1;
1086 continue;
1087 }
1088 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1089 if (!strcmp(head, "ng")) {
1090 if (p)
1091 hint->error_string = hint->error_string_owned = xstrdup(p);
1092 else
1093 hint->error_string = "failed";
1094 code = -1;
1095 continue;
1096 }
1097 new_report = 1;
1098 }
1099
1100 for (cmd = commands; cmd; cmd = cmd->next)
1101 if (cmd->run_proc_receive && !cmd->error_string &&
1102 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1103 cmd->error_string = "proc-receive failed to report status";
1104 code = -1;
1105 }
1106 return code;
1107}
1108
1109static int run_proc_receive_hook(struct command *commands,
1110 const struct string_list *push_options)
1111{
1112 struct child_process proc = CHILD_PROCESS_INIT;
1113 struct async muxer;
1114 struct command *cmd;
1115 struct packet_reader reader;
1116 struct strbuf cap = STRBUF_INIT;
1117 struct strbuf errmsg = STRBUF_INIT;
1118 int hook_use_push_options = 0;
1119 int version = 0;
1120 int code;
1121 const char *hook_path = find_hook(the_repository, "proc-receive");
1122
1123 if (!hook_path) {
1124 rp_error("cannot find hook 'proc-receive'");
1125 return -1;
1126 }
1127
1128 strvec_push(&proc.args, hook_path);
1129 proc.in = -1;
1130 proc.out = -1;
1131 proc.trace2_hook_name = "proc-receive";
1132
1133 if (use_sideband) {
1134 memset(&muxer, 0, sizeof(muxer));
1135 muxer.proc = copy_to_sideband;
1136 muxer.in = -1;
1137 code = start_async(&muxer);
1138 if (code)
1139 return code;
1140 proc.err = muxer.in;
1141 } else {
1142 proc.err = 0;
1143 }
1144
1145 code = start_command(&proc);
1146 if (code) {
1147 if (use_sideband)
1148 finish_async(&muxer);
1149 return code;
1150 }
1151
1152 sigchain_push(SIGPIPE, SIG_IGN);
1153
1154 /* Version negotiaton */
1155 packet_reader_init(&reader, proc.out, NULL, 0,
1156 PACKET_READ_CHOMP_NEWLINE |
1157 PACKET_READ_GENTLE_ON_EOF);
1158 if (use_atomic)
1159 strbuf_addstr(&cap, " atomic");
1160 if (use_push_options)
1161 strbuf_addstr(&cap, " push-options");
1162 if (cap.len) {
1163 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1164 strbuf_release(&cap);
1165 } else {
1166 code = packet_write_fmt_gently(proc.in, "version=1\n");
1167 }
1168 if (!code)
1169 code = packet_flush_gently(proc.in);
1170
1171 if (!code)
1172 for (;;) {
1173 int linelen;
1174 enum packet_read_status status;
1175
1176 status = packet_reader_read(&reader);
1177 if (status != PACKET_READ_NORMAL) {
1178 /* Check whether proc-receive exited abnormally */
1179 if (status == PACKET_READ_EOF)
1180 code = -1;
1181 break;
1182 }
1183
1184 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1185 version = atoi(reader.line + 8);
1186 linelen = strlen(reader.line);
1187 if (linelen < reader.pktlen) {
1188 const char *feature_list = reader.line + linelen + 1;
1189 if (parse_feature_request(feature_list, "push-options"))
1190 hook_use_push_options = 1;
1191 }
1192 }
1193 }
1194
1195 if (code) {
1196 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1197 goto cleanup;
1198 }
1199
1200 switch (version) {
1201 case 0:
1202 /* fallthrough */
1203 case 1:
1204 break;
1205 default:
1206 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1207 version);
1208 code = -1;
1209 goto cleanup;
1210 }
1211
1212 /* Send commands */
1213 for (cmd = commands; cmd; cmd = cmd->next) {
1214 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1215 continue;
1216 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1217 oid_to_hex(&cmd->old_oid),
1218 oid_to_hex(&cmd->new_oid),
1219 cmd->ref_name);
1220 if (code)
1221 break;
1222 }
1223 if (!code)
1224 code = packet_flush_gently(proc.in);
1225 if (code) {
1226 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1227 goto cleanup;
1228 }
1229
1230 /* Send push options */
1231 if (hook_use_push_options) {
1232 struct string_list_item *item;
1233
1234 for_each_string_list_item(item, push_options) {
1235 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1236 if (code)
1237 break;
1238 }
1239 if (!code)
1240 code = packet_flush_gently(proc.in);
1241 if (code) {
1242 strbuf_addstr(&errmsg,
1243 "fail to write push-options to proc-receive hook");
1244 goto cleanup;
1245 }
1246 }
1247
1248 /* Read result from proc-receive */
1249 code = read_proc_receive_report(&reader, commands, &errmsg);
1250
1251cleanup:
1252 close(proc.in);
1253 close(proc.out);
1254 if (use_sideband)
1255 finish_async(&muxer);
1256 if (finish_command(&proc))
1257 code = -1;
1258 if (errmsg.len >0) {
1259 char *p = errmsg.buf;
1260
1261 p += errmsg.len - 1;
1262 if (*p == '\n')
1263 *p = '\0';
1264 rp_error("%s", errmsg.buf);
1265 strbuf_release(&errmsg);
1266 }
1267 sigchain_pop(SIGPIPE);
1268
1269 return code;
1270}
1271
1272static const char *refuse_unconfigured_deny_msg =
1273 N_("By default, updating the current branch in a non-bare repository\n"
1274 "is denied, because it will make the index and work tree inconsistent\n"
1275 "with what you pushed, and will require 'git reset --hard' to match\n"
1276 "the work tree to HEAD.\n"
1277 "\n"
1278 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1279 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1280 "its current branch; however, this is not recommended unless you\n"
1281 "arranged to update its work tree to match what you pushed in some\n"
1282 "other way.\n"
1283 "\n"
1284 "To squelch this message and still keep the default behaviour, set\n"
1285 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1286
1287static void refuse_unconfigured_deny(void)
1288{
1289 rp_error("%s", _(refuse_unconfigured_deny_msg));
1290}
1291
1292static const char *refuse_unconfigured_deny_delete_current_msg =
1293 N_("By default, deleting the current branch is denied, because the next\n"
1294 "'git clone' won't result in any file checked out, causing confusion.\n"
1295 "\n"
1296 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1297 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1298 "current branch, with or without a warning message.\n"
1299 "\n"
1300 "To squelch this message, you can set it to 'refuse'.");
1301
1302static void refuse_unconfigured_deny_delete_current(void)
1303{
1304 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1305}
1306
1307static const struct object_id *command_singleton_iterator(void *cb_data);
1308static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1309{
1310 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1311 struct oid_array extra = OID_ARRAY_INIT;
1312 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1313 uint32_t mask = 1 << (cmd->index % 32);
1314 int i;
1315
1316 trace_printf_key(&trace_shallow,
1317 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1318 for (i = 0; i < si->shallow->nr; i++)
1319 if (si->used_shallow[i] &&
1320 (si->used_shallow[i][cmd->index / 32] & mask) &&
1321 !delayed_reachability_test(si, i))
1322 oid_array_append(&extra, &si->shallow->oid[i]);
1323
1324 opt.env = tmp_objdir_env(tmp_objdir);
1325 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1326 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1327 rollback_shallow_file(the_repository, &shallow_lock);
1328 oid_array_clear(&extra);
1329 return -1;
1330 }
1331
1332 commit_shallow_file(the_repository, &shallow_lock);
1333
1334 /*
1335 * Make sure setup_alternate_shallow() for the next ref does
1336 * not lose these new roots..
1337 */
1338 for (i = 0; i < extra.nr; i++)
1339 register_shallow(the_repository, &extra.oid[i]);
1340
1341 si->shallow_ref[cmd->index] = 0;
1342 oid_array_clear(&extra);
1343 return 0;
1344}
1345
1346/*
1347 * NEEDSWORK: we should consolidate various implementations of "are we
1348 * on an unborn branch?" test into one, and make the unified one more
1349 * robust. !get_sha1() based check used here and elsewhere would not
1350 * allow us to tell an unborn branch from corrupt ref, for example.
1351 * For the purpose of fixing "deploy-to-update does not work when
1352 * pushing into an empty repository" issue, this should suffice for
1353 * now.
1354 */
1355static int head_has_history(void)
1356{
1357 struct object_id oid;
1358
1359 return !repo_get_oid(the_repository, "HEAD", &oid);
1360}
1361
1362static const char *push_to_deploy(unsigned char *sha1,
1363 struct strvec *env,
1364 const char *work_tree)
1365{
1366 struct child_process child = CHILD_PROCESS_INIT;
1367
1368 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1369 "--refresh", NULL);
1370 strvec_pushv(&child.env, env->v);
1371 child.dir = work_tree;
1372 child.no_stdin = 1;
1373 child.stdout_to_stderr = 1;
1374 child.git_cmd = 1;
1375 if (run_command(&child))
1376 return "Up-to-date check failed";
1377
1378 /* run_command() does not clean up completely; reinitialize */
1379 child_process_init(&child);
1380 strvec_pushl(&child.args, "diff-files", "--quiet",
1381 "--ignore-submodules", "--", NULL);
1382 strvec_pushv(&child.env, env->v);
1383 child.dir = work_tree;
1384 child.no_stdin = 1;
1385 child.stdout_to_stderr = 1;
1386 child.git_cmd = 1;
1387 if (run_command(&child))
1388 return "Working directory has unstaged changes";
1389
1390 child_process_init(&child);
1391 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1392 "--ignore-submodules",
1393 /* diff-index with either HEAD or an empty tree */
1394 head_has_history() ? "HEAD" : empty_tree_oid_hex(the_repository->hash_algo),
1395 "--", NULL);
1396 strvec_pushv(&child.env, env->v);
1397 child.no_stdin = 1;
1398 child.no_stdout = 1;
1399 child.stdout_to_stderr = 0;
1400 child.git_cmd = 1;
1401 if (run_command(&child))
1402 return "Working directory has staged changes";
1403
1404 child_process_init(&child);
1405 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1406 NULL);
1407 strvec_pushv(&child.env, env->v);
1408 child.dir = work_tree;
1409 child.no_stdin = 1;
1410 child.no_stdout = 1;
1411 child.stdout_to_stderr = 0;
1412 child.git_cmd = 1;
1413 if (run_command(&child))
1414 return "Could not update working tree to new HEAD";
1415
1416 return NULL;
1417}
1418
1419static const char *push_to_checkout_hook = "push-to-checkout";
1420
1421static const char *push_to_checkout(unsigned char *hash,
1422 int *invoked_hook,
1423 struct strvec *env,
1424 const char *work_tree)
1425{
1426 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1427 opt.invoked_hook = invoked_hook;
1428
1429 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1430 strvec_pushv(&opt.env, env->v);
1431 strvec_push(&opt.args, hash_to_hex(hash));
1432 if (run_hooks_opt(the_repository, push_to_checkout_hook, &opt))
1433 return "push-to-checkout hook declined";
1434 else
1435 return NULL;
1436}
1437
1438static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1439{
1440 const char *retval;
1441 char *git_dir;
1442 struct strvec env = STRVEC_INIT;
1443 int invoked_hook;
1444
1445 if (!worktree || !worktree->path)
1446 BUG("worktree->path must be non-NULL");
1447
1448 if (worktree->is_bare)
1449 return "denyCurrentBranch = updateInstead needs a worktree";
1450 git_dir = get_worktree_git_dir(worktree);
1451
1452 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1453
1454 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1455 if (!invoked_hook)
1456 retval = push_to_deploy(sha1, &env, worktree->path);
1457
1458 strvec_clear(&env);
1459 free(git_dir);
1460 return retval;
1461}
1462
1463static const char *update(struct command *cmd, struct shallow_info *si)
1464{
1465 const char *name = cmd->ref_name;
1466 struct strbuf namespaced_name_buf = STRBUF_INIT;
1467 static char *namespaced_name;
1468 const char *ret;
1469 struct object_id *old_oid = &cmd->old_oid;
1470 struct object_id *new_oid = &cmd->new_oid;
1471 int do_update_worktree = 0;
1472 struct worktree **worktrees = get_worktrees();
1473 const struct worktree *worktree =
1474 find_shared_symref(worktrees, "HEAD", name);
1475
1476 /* only refs/... are allowed */
1477 if (!starts_with(name, "refs/") ||
1478 check_refname_format(name + 5, is_null_oid(new_oid) ?
1479 REFNAME_ALLOW_ONELEVEL : 0)) {
1480 rp_error("refusing to update funny ref '%s' remotely", name);
1481 ret = "funny refname";
1482 goto out;
1483 }
1484
1485 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1486 free(namespaced_name);
1487 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1488
1489 if (worktree && !worktree->is_bare) {
1490 switch (deny_current_branch) {
1491 case DENY_IGNORE:
1492 break;
1493 case DENY_WARN:
1494 rp_warning("updating the current branch");
1495 break;
1496 case DENY_REFUSE:
1497 case DENY_UNCONFIGURED:
1498 rp_error("refusing to update checked out branch: %s", name);
1499 if (deny_current_branch == DENY_UNCONFIGURED)
1500 refuse_unconfigured_deny();
1501 ret = "branch is currently checked out";
1502 goto out;
1503 case DENY_UPDATE_INSTEAD:
1504 /* pass -- let other checks intervene first */
1505 do_update_worktree = 1;
1506 break;
1507 }
1508 }
1509
1510 if (!is_null_oid(new_oid) &&
1511 !has_object(the_repository, new_oid,
1512 HAS_OBJECT_RECHECK_PACKED | HAS_OBJECT_FETCH_PROMISOR)) {
1513 error("unpack should have generated %s, "
1514 "but I can't find it!", oid_to_hex(new_oid));
1515 ret = "bad pack";
1516 goto out;
1517 }
1518
1519 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1520 if (deny_deletes && starts_with(name, "refs/heads/")) {
1521 rp_error("denying ref deletion for %s", name);
1522 ret = "deletion prohibited";
1523 goto out;
1524 }
1525
1526 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1527 switch (deny_delete_current) {
1528 case DENY_IGNORE:
1529 break;
1530 case DENY_WARN:
1531 rp_warning("deleting the current branch");
1532 break;
1533 case DENY_REFUSE:
1534 case DENY_UNCONFIGURED:
1535 case DENY_UPDATE_INSTEAD:
1536 if (deny_delete_current == DENY_UNCONFIGURED)
1537 refuse_unconfigured_deny_delete_current();
1538 rp_error("refusing to delete the current branch: %s", name);
1539 ret = "deletion of the current branch prohibited";
1540 goto out;
1541 default:
1542 ret = "Invalid denyDeleteCurrent setting";
1543 goto out;
1544 }
1545 }
1546 }
1547
1548 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1549 !is_null_oid(old_oid) &&
1550 starts_with(name, "refs/heads/")) {
1551 struct object *old_object, *new_object;
1552 struct commit *old_commit, *new_commit;
1553 int ret2;
1554
1555 old_object = parse_object(the_repository, old_oid);
1556 new_object = parse_object(the_repository, new_oid);
1557
1558 if (!old_object || !new_object ||
1559 old_object->type != OBJ_COMMIT ||
1560 new_object->type != OBJ_COMMIT) {
1561 error("bad sha1 objects for %s", name);
1562 ret = "bad ref";
1563 goto out;
1564 }
1565 old_commit = (struct commit *)old_object;
1566 new_commit = (struct commit *)new_object;
1567 ret2 = repo_in_merge_bases(the_repository, old_commit, new_commit);
1568 if (ret2 < 0)
1569 exit(128);
1570 if (!ret2) {
1571 rp_error("denying non-fast-forward %s"
1572 " (you should pull first)", name);
1573 ret = "non-fast-forward";
1574 goto out;
1575 }
1576 }
1577 if (run_update_hook(cmd)) {
1578 rp_error("hook declined to update %s", name);
1579 ret = "hook declined";
1580 goto out;
1581 }
1582
1583 if (do_update_worktree) {
1584 ret = update_worktree(new_oid->hash, worktree);
1585 if (ret)
1586 goto out;
1587 }
1588
1589 if (is_null_oid(new_oid)) {
1590 struct strbuf err = STRBUF_INIT;
1591 if (!parse_object(the_repository, old_oid)) {
1592 old_oid = NULL;
1593 if (refs_ref_exists(get_main_ref_store(the_repository), name)) {
1594 rp_warning("allowing deletion of corrupt ref");
1595 } else {
1596 rp_warning("deleting a non-existent ref");
1597 cmd->did_not_exist = 1;
1598 }
1599 }
1600 if (ref_transaction_delete(transaction,
1601 namespaced_name,
1602 old_oid,
1603 NULL, 0,
1604 "push", &err)) {
1605 rp_error("%s", err.buf);
1606 ret = "failed to delete";
1607 } else {
1608 ret = NULL; /* good */
1609 }
1610 strbuf_release(&err);
1611 }
1612 else {
1613 struct strbuf err = STRBUF_INIT;
1614 if (shallow_update && si->shallow_ref[cmd->index] &&
1615 update_shallow_ref(cmd, si)) {
1616 ret = "shallow error";
1617 goto out;
1618 }
1619
1620 if (ref_transaction_update(transaction,
1621 namespaced_name,
1622 new_oid, old_oid,
1623 NULL, NULL,
1624 0, "push",
1625 &err)) {
1626 rp_error("%s", err.buf);
1627 ret = "failed to update ref";
1628 } else {
1629 ret = NULL; /* good */
1630 }
1631 strbuf_release(&err);
1632 }
1633
1634out:
1635 free_worktrees(worktrees);
1636 return ret;
1637}
1638
1639static void run_update_post_hook(struct command *commands)
1640{
1641 struct command *cmd;
1642 struct child_process proc = CHILD_PROCESS_INIT;
1643 const char *hook;
1644
1645 hook = find_hook(the_repository, "post-update");
1646 if (!hook)
1647 return;
1648
1649 for (cmd = commands; cmd; cmd = cmd->next) {
1650 if (cmd->error_string || cmd->did_not_exist)
1651 continue;
1652 if (!proc.args.nr)
1653 strvec_push(&proc.args, hook);
1654 strvec_push(&proc.args, cmd->ref_name);
1655 }
1656 if (!proc.args.nr)
1657 return;
1658
1659 proc.no_stdin = 1;
1660 proc.stdout_to_stderr = 1;
1661 proc.err = use_sideband ? -1 : 0;
1662 proc.trace2_hook_name = "post-update";
1663
1664 if (!start_command(&proc)) {
1665 if (use_sideband)
1666 copy_to_sideband(proc.err, -1, NULL);
1667 finish_command(&proc);
1668 }
1669}
1670
1671static void check_aliased_update_internal(struct command *cmd,
1672 struct string_list *list,
1673 const char *dst_name, int flag)
1674{
1675 struct string_list_item *item;
1676 struct command *dst_cmd;
1677
1678 if (!(flag & REF_ISSYMREF))
1679 return;
1680
1681 if (!dst_name) {
1682 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1683 cmd->skip_update = 1;
1684 cmd->error_string = "broken symref";
1685 return;
1686 }
1687 dst_name = strip_namespace(dst_name);
1688
1689 if (!(item = string_list_lookup(list, dst_name)))
1690 return;
1691
1692 cmd->skip_update = 1;
1693
1694 dst_cmd = (struct command *) item->util;
1695
1696 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1697 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1698 return;
1699
1700 dst_cmd->skip_update = 1;
1701
1702 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1703 " its target '%s' (%s..%s)",
1704 cmd->ref_name,
1705 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1706 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1707 dst_cmd->ref_name,
1708 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1709 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1710
1711 cmd->error_string = dst_cmd->error_string =
1712 "inconsistent aliased update";
1713}
1714
1715static void check_aliased_update(struct command *cmd, struct string_list *list)
1716{
1717 struct strbuf buf = STRBUF_INIT;
1718 const char *dst_name;
1719 int flag;
1720
1721 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1722 dst_name = refs_resolve_ref_unsafe(get_main_ref_store(the_repository),
1723 buf.buf, 0, NULL, &flag);
1724 check_aliased_update_internal(cmd, list, dst_name, flag);
1725 strbuf_release(&buf);
1726}
1727
1728static void check_aliased_updates(struct command *commands)
1729{
1730 struct command *cmd;
1731 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1732
1733 for (cmd = commands; cmd; cmd = cmd->next) {
1734 struct string_list_item *item =
1735 string_list_append(&ref_list, cmd->ref_name);
1736 item->util = (void *)cmd;
1737 }
1738 string_list_sort(&ref_list);
1739
1740 for (cmd = commands; cmd; cmd = cmd->next) {
1741 if (!cmd->error_string)
1742 check_aliased_update(cmd, &ref_list);
1743 }
1744
1745 string_list_clear(&ref_list, 0);
1746}
1747
1748static const struct object_id *command_singleton_iterator(void *cb_data)
1749{
1750 struct command **cmd_list = cb_data;
1751 struct command *cmd = *cmd_list;
1752
1753 if (!cmd || is_null_oid(&cmd->new_oid))
1754 return NULL;
1755 *cmd_list = NULL; /* this returns only one */
1756 return &cmd->new_oid;
1757}
1758
1759static void set_connectivity_errors(struct command *commands,
1760 struct shallow_info *si)
1761{
1762 struct command *cmd;
1763
1764 for (cmd = commands; cmd; cmd = cmd->next) {
1765 struct command *singleton = cmd;
1766 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1767
1768 if (shallow_update && si->shallow_ref[cmd->index])
1769 /* to be checked in update_shallow_ref() */
1770 continue;
1771
1772 opt.env = tmp_objdir_env(tmp_objdir);
1773 if (!check_connected(command_singleton_iterator, &singleton,
1774 &opt))
1775 continue;
1776
1777 cmd->error_string = "missing necessary objects";
1778 }
1779}
1780
1781struct iterate_data {
1782 struct command *cmds;
1783 struct shallow_info *si;
1784};
1785
1786static const struct object_id *iterate_receive_command_list(void *cb_data)
1787{
1788 struct iterate_data *data = cb_data;
1789 struct command **cmd_list = &data->cmds;
1790 struct command *cmd = *cmd_list;
1791
1792 for (; cmd; cmd = cmd->next) {
1793 if (shallow_update && data->si->shallow_ref[cmd->index])
1794 /* to be checked in update_shallow_ref() */
1795 continue;
1796 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1797 *cmd_list = cmd->next;
1798 return &cmd->new_oid;
1799 }
1800 }
1801 return NULL;
1802}
1803
1804static void reject_updates_to_hidden(struct command *commands)
1805{
1806 struct strbuf refname_full = STRBUF_INIT;
1807 size_t prefix_len;
1808 struct command *cmd;
1809
1810 strbuf_addstr(&refname_full, get_git_namespace());
1811 prefix_len = refname_full.len;
1812
1813 for (cmd = commands; cmd; cmd = cmd->next) {
1814 if (cmd->error_string)
1815 continue;
1816
1817 strbuf_setlen(&refname_full, prefix_len);
1818 strbuf_addstr(&refname_full, cmd->ref_name);
1819
1820 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1821 continue;
1822 if (is_null_oid(&cmd->new_oid))
1823 cmd->error_string = "deny deleting a hidden ref";
1824 else
1825 cmd->error_string = "deny updating a hidden ref";
1826 }
1827
1828 strbuf_release(&refname_full);
1829}
1830
1831static int should_process_cmd(struct command *cmd)
1832{
1833 return !cmd->error_string && !cmd->skip_update;
1834}
1835
1836static void BUG_if_skipped_connectivity_check(struct command *commands,
1837 struct shallow_info *si)
1838{
1839 struct command *cmd;
1840
1841 for (cmd = commands; cmd; cmd = cmd->next) {
1842 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1843 bug("connectivity check has not been run on ref %s",
1844 cmd->ref_name);
1845 }
1846 BUG_if_bug("connectivity check skipped???");
1847}
1848
1849static void execute_commands_non_atomic(struct command *commands,
1850 struct shallow_info *si)
1851{
1852 struct command *cmd;
1853 struct strbuf err = STRBUF_INIT;
1854
1855 for (cmd = commands; cmd; cmd = cmd->next) {
1856 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1857 continue;
1858
1859 transaction = ref_store_transaction_begin(get_main_ref_store(the_repository),
1860 0, &err);
1861 if (!transaction) {
1862 rp_error("%s", err.buf);
1863 strbuf_reset(&err);
1864 cmd->error_string = "transaction failed to start";
1865 continue;
1866 }
1867
1868 cmd->error_string = update(cmd, si);
1869
1870 if (!cmd->error_string
1871 && ref_transaction_commit(transaction, &err)) {
1872 rp_error("%s", err.buf);
1873 strbuf_reset(&err);
1874 cmd->error_string = "failed to update ref";
1875 }
1876 ref_transaction_free(transaction);
1877 }
1878 strbuf_release(&err);
1879}
1880
1881static void execute_commands_atomic(struct command *commands,
1882 struct shallow_info *si)
1883{
1884 struct command *cmd;
1885 struct strbuf err = STRBUF_INIT;
1886 const char *reported_error = "atomic push failure";
1887
1888 transaction = ref_store_transaction_begin(get_main_ref_store(the_repository),
1889 0, &err);
1890 if (!transaction) {
1891 rp_error("%s", err.buf);
1892 strbuf_reset(&err);
1893 reported_error = "transaction failed to start";
1894 goto failure;
1895 }
1896
1897 for (cmd = commands; cmd; cmd = cmd->next) {
1898 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1899 continue;
1900
1901 cmd->error_string = update(cmd, si);
1902
1903 if (cmd->error_string)
1904 goto failure;
1905 }
1906
1907 if (ref_transaction_commit(transaction, &err)) {
1908 rp_error("%s", err.buf);
1909 reported_error = "atomic transaction failed";
1910 goto failure;
1911 }
1912 goto cleanup;
1913
1914failure:
1915 for (cmd = commands; cmd; cmd = cmd->next)
1916 if (!cmd->error_string)
1917 cmd->error_string = reported_error;
1918
1919cleanup:
1920 ref_transaction_free(transaction);
1921 strbuf_release(&err);
1922}
1923
1924static void execute_commands(struct command *commands,
1925 const char *unpacker_error,
1926 struct shallow_info *si,
1927 const struct string_list *push_options)
1928{
1929 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1930 struct command *cmd;
1931 struct iterate_data data;
1932 struct async muxer;
1933 int err_fd = 0;
1934 int run_proc_receive = 0;
1935
1936 if (unpacker_error) {
1937 for (cmd = commands; cmd; cmd = cmd->next)
1938 cmd->error_string = "unpacker error";
1939 return;
1940 }
1941
1942 if (!skip_connectivity_check) {
1943 if (use_sideband) {
1944 memset(&muxer, 0, sizeof(muxer));
1945 muxer.proc = copy_to_sideband;
1946 muxer.in = -1;
1947 if (!start_async(&muxer))
1948 err_fd = muxer.in;
1949 /* ...else, continue without relaying sideband */
1950 }
1951
1952 data.cmds = commands;
1953 data.si = si;
1954 opt.err_fd = err_fd;
1955 opt.progress = err_fd && !quiet;
1956 opt.env = tmp_objdir_env(tmp_objdir);
1957 opt.exclude_hidden_refs_section = "receive";
1958
1959 if (check_connected(iterate_receive_command_list, &data, &opt))
1960 set_connectivity_errors(commands, si);
1961
1962 if (use_sideband)
1963 finish_async(&muxer);
1964 }
1965
1966 reject_updates_to_hidden(commands);
1967
1968 /*
1969 * Try to find commands that have special prefix in their reference names,
1970 * and mark them to run an external "proc-receive" hook later.
1971 */
1972 if (proc_receive_ref) {
1973 for (cmd = commands; cmd; cmd = cmd->next) {
1974 if (!should_process_cmd(cmd))
1975 continue;
1976
1977 if (proc_receive_ref_matches(cmd)) {
1978 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1979 run_proc_receive = 1;
1980 }
1981 }
1982 }
1983
1984 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1985 for (cmd = commands; cmd; cmd = cmd->next) {
1986 if (!cmd->error_string)
1987 cmd->error_string = "pre-receive hook declined";
1988 }
1989 return;
1990 }
1991
1992 /*
1993 * If there is no command ready to run, should return directly to destroy
1994 * temporary data in the quarantine area.
1995 */
1996 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1997 ; /* nothing */
1998 if (!cmd)
1999 return;
2000
2001 /*
2002 * Now we'll start writing out refs, which means the objects need
2003 * to be in their final positions so that other processes can see them.
2004 */
2005 if (tmp_objdir_migrate(tmp_objdir) < 0) {
2006 for (cmd = commands; cmd; cmd = cmd->next) {
2007 if (!cmd->error_string)
2008 cmd->error_string = "unable to migrate objects to permanent storage";
2009 }
2010 return;
2011 }
2012 tmp_objdir = NULL;
2013
2014 check_aliased_updates(commands);
2015
2016 free(head_name_to_free);
2017 head_name = head_name_to_free = refs_resolve_refdup(get_main_ref_store(the_repository),
2018 "HEAD", 0, NULL,
2019 NULL);
2020
2021 if (run_proc_receive &&
2022 run_proc_receive_hook(commands, push_options))
2023 for (cmd = commands; cmd; cmd = cmd->next)
2024 if (!cmd->error_string &&
2025 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2026 (cmd->run_proc_receive || use_atomic))
2027 cmd->error_string = "fail to run proc-receive hook";
2028
2029 if (use_atomic)
2030 execute_commands_atomic(commands, si);
2031 else
2032 execute_commands_non_atomic(commands, si);
2033
2034 if (shallow_update)
2035 BUG_if_skipped_connectivity_check(commands, si);
2036}
2037
2038static struct command **queue_command(struct command **tail,
2039 const char *line,
2040 int linelen)
2041{
2042 struct object_id old_oid, new_oid;
2043 struct command *cmd;
2044 const char *refname;
2045 int reflen;
2046 const char *p;
2047
2048 if (parse_oid_hex(line, &old_oid, &p) ||
2049 *p++ != ' ' ||
2050 parse_oid_hex(p, &new_oid, &p) ||
2051 *p++ != ' ')
2052 die("protocol error: expected old/new/ref, got '%s'", line);
2053
2054 refname = p;
2055 reflen = linelen - (p - line);
2056 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2057 oidcpy(&cmd->old_oid, &old_oid);
2058 oidcpy(&cmd->new_oid, &new_oid);
2059 *tail = cmd;
2060 return &cmd->next;
2061}
2062
2063static void free_commands(struct command *commands)
2064{
2065 while (commands) {
2066 struct command *next = commands->next;
2067
2068 ref_push_report_free(commands->report);
2069 free(commands->error_string_owned);
2070 free(commands);
2071 commands = next;
2072 }
2073}
2074
2075static void queue_commands_from_cert(struct command **tail,
2076 struct strbuf *push_cert)
2077{
2078 const char *boc, *eoc;
2079
2080 if (*tail)
2081 die("protocol error: got both push certificate and unsigned commands");
2082
2083 boc = strstr(push_cert->buf, "\n\n");
2084 if (!boc)
2085 die("malformed push certificate %.*s", 100, push_cert->buf);
2086 else
2087 boc += 2;
2088 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2089
2090 while (boc < eoc) {
2091 const char *eol = memchr(boc, '\n', eoc - boc);
2092 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2093 boc = eol ? eol + 1 : eoc;
2094 }
2095}
2096
2097static struct command *read_head_info(struct packet_reader *reader,
2098 struct oid_array *shallow)
2099{
2100 struct command *commands = NULL;
2101 struct command **p = &commands;
2102 for (;;) {
2103 int linelen;
2104
2105 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2106 break;
2107
2108 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2109 struct object_id oid;
2110 if (get_oid_hex(reader->line + 8, &oid))
2111 die("protocol error: expected shallow sha, got '%s'",
2112 reader->line + 8);
2113 oid_array_append(shallow, &oid);
2114 continue;
2115 }
2116
2117 linelen = strlen(reader->line);
2118 if (linelen < reader->pktlen) {
2119 const char *feature_list = reader->line + linelen + 1;
2120 const char *hash = NULL;
2121 const char *client_sid;
2122 size_t len = 0;
2123 if (parse_feature_request(feature_list, "report-status"))
2124 report_status = 1;
2125 if (parse_feature_request(feature_list, "report-status-v2"))
2126 report_status_v2 = 1;
2127 if (parse_feature_request(feature_list, "side-band-64k"))
2128 use_sideband = LARGE_PACKET_MAX;
2129 if (parse_feature_request(feature_list, "quiet"))
2130 quiet = 1;
2131 if (advertise_atomic_push
2132 && parse_feature_request(feature_list, "atomic"))
2133 use_atomic = 1;
2134 if (advertise_push_options
2135 && parse_feature_request(feature_list, "push-options"))
2136 use_push_options = 1;
2137 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2138 if (!hash) {
2139 hash = hash_algos[GIT_HASH_SHA1].name;
2140 len = strlen(hash);
2141 }
2142 if (xstrncmpz(the_hash_algo->name, hash, len))
2143 die("error: unsupported object format '%s'", hash);
2144 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2145 if (client_sid) {
2146 char *sid = xstrndup(client_sid, len);
2147 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2148 free(sid);
2149 }
2150 }
2151
2152 if (!strcmp(reader->line, "push-cert")) {
2153 int true_flush = 0;
2154 int saved_options = reader->options;
2155 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2156
2157 for (;;) {
2158 packet_reader_read(reader);
2159 if (reader->status == PACKET_READ_FLUSH) {
2160 true_flush = 1;
2161 break;
2162 }
2163 if (reader->status != PACKET_READ_NORMAL) {
2164 die("protocol error: got an unexpected packet");
2165 }
2166 if (!strcmp(reader->line, "push-cert-end\n"))
2167 break; /* end of cert */
2168 strbuf_addstr(&push_cert, reader->line);
2169 }
2170 reader->options = saved_options;
2171
2172 if (true_flush)
2173 break;
2174 continue;
2175 }
2176
2177 p = queue_command(p, reader->line, linelen);
2178 }
2179
2180 if (push_cert.len)
2181 queue_commands_from_cert(p, &push_cert);
2182
2183 return commands;
2184}
2185
2186static void read_push_options(struct packet_reader *reader,
2187 struct string_list *options)
2188{
2189 while (1) {
2190 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2191 break;
2192
2193 string_list_append(options, reader->line);
2194 }
2195}
2196
2197static const char *parse_pack_header(struct pack_header *hdr)
2198{
2199 switch (read_pack_header(0, hdr)) {
2200 case PH_ERROR_EOF:
2201 return "eof before pack header was fully read";
2202
2203 case PH_ERROR_PACK_SIGNATURE:
2204 return "protocol error (pack signature mismatch detected)";
2205
2206 case PH_ERROR_PROTOCOL:
2207 return "protocol error (pack version unsupported)";
2208
2209 default:
2210 return "unknown error in parse_pack_header";
2211
2212 case 0:
2213 return NULL;
2214 }
2215}
2216
2217static struct tempfile *pack_lockfile;
2218
2219static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2220{
2221 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2222 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2223}
2224
2225static const char *unpack(int err_fd, struct shallow_info *si)
2226{
2227 struct pack_header hdr;
2228 const char *hdr_err;
2229 int status;
2230 struct child_process child = CHILD_PROCESS_INIT;
2231 int fsck_objects = (receive_fsck_objects >= 0
2232 ? receive_fsck_objects
2233 : transfer_fsck_objects >= 0
2234 ? transfer_fsck_objects
2235 : 0);
2236
2237 hdr_err = parse_pack_header(&hdr);
2238 if (hdr_err) {
2239 if (err_fd > 0)
2240 close(err_fd);
2241 return hdr_err;
2242 }
2243
2244 if (si->nr_ours || si->nr_theirs) {
2245 alt_shallow_file = setup_temporary_shallow(si->shallow);
2246 strvec_push(&child.args, "--shallow-file");
2247 strvec_push(&child.args, alt_shallow_file);
2248 }
2249
2250 tmp_objdir = tmp_objdir_create(the_repository, "incoming");
2251 if (!tmp_objdir) {
2252 if (err_fd > 0)
2253 close(err_fd);
2254 return "unable to create temporary object directory";
2255 }
2256 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2257
2258 /*
2259 * Normally we just pass the tmp_objdir environment to the child
2260 * processes that do the heavy lifting, but we may need to see these
2261 * objects ourselves to set up shallow information.
2262 */
2263 tmp_objdir_add_as_alternate(tmp_objdir);
2264
2265 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2266 strvec_push(&child.args, "unpack-objects");
2267 push_header_arg(&child.args, &hdr);
2268 if (quiet)
2269 strvec_push(&child.args, "-q");
2270 if (fsck_objects)
2271 strvec_pushf(&child.args, "--strict%s",
2272 fsck_msg_types.buf);
2273 if (max_input_size)
2274 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2275 (uintmax_t)max_input_size);
2276 child.no_stdout = 1;
2277 child.err = err_fd;
2278 child.git_cmd = 1;
2279 status = run_command(&child);
2280 if (status)
2281 return "unpack-objects abnormal exit";
2282 } else {
2283 char hostname[HOST_NAME_MAX + 1];
2284 char *lockfile;
2285
2286 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2287 push_header_arg(&child.args, &hdr);
2288
2289 if (xgethostname(hostname, sizeof(hostname)))
2290 xsnprintf(hostname, sizeof(hostname), "localhost");
2291 strvec_pushf(&child.args,
2292 "--keep=receive-pack %"PRIuMAX" on %s",
2293 (uintmax_t)getpid(),
2294 hostname);
2295
2296 if (!quiet && err_fd)
2297 strvec_push(&child.args, "--show-resolving-progress");
2298 if (use_sideband)
2299 strvec_push(&child.args, "--report-end-of-input");
2300 if (fsck_objects)
2301 strvec_pushf(&child.args, "--strict%s",
2302 fsck_msg_types.buf);
2303 if (!reject_thin)
2304 strvec_push(&child.args, "--fix-thin");
2305 if (max_input_size)
2306 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2307 (uintmax_t)max_input_size);
2308 child.out = -1;
2309 child.err = err_fd;
2310 child.git_cmd = 1;
2311 status = start_command(&child);
2312 if (status)
2313 return "index-pack fork failed";
2314
2315 lockfile = index_pack_lockfile(the_repository, child.out, NULL);
2316 if (lockfile) {
2317 pack_lockfile = register_tempfile(lockfile);
2318 free(lockfile);
2319 }
2320 close(child.out);
2321
2322 status = finish_command(&child);
2323 if (status)
2324 return "index-pack abnormal exit";
2325 reprepare_packed_git(the_repository);
2326 }
2327 return NULL;
2328}
2329
2330static const char *unpack_with_sideband(struct shallow_info *si)
2331{
2332 struct async muxer;
2333 const char *ret;
2334
2335 if (!use_sideband)
2336 return unpack(0, si);
2337
2338 use_keepalive = KEEPALIVE_AFTER_NUL;
2339 memset(&muxer, 0, sizeof(muxer));
2340 muxer.proc = copy_to_sideband;
2341 muxer.in = -1;
2342 if (start_async(&muxer))
2343 return NULL;
2344
2345 ret = unpack(muxer.in, si);
2346
2347 finish_async(&muxer);
2348 return ret;
2349}
2350
2351static void prepare_shallow_update(struct shallow_info *si)
2352{
2353 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2354
2355 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2356 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2357
2358 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2359 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2360 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2361
2362 for (i = 0; i < si->nr_ours; i++)
2363 si->need_reachability_test[si->ours[i]] = 1;
2364
2365 for (i = 0; i < si->shallow->nr; i++) {
2366 if (!si->used_shallow[i])
2367 continue;
2368 for (j = 0; j < bitmap_size; j++) {
2369 if (!si->used_shallow[i][j])
2370 continue;
2371 si->need_reachability_test[i]++;
2372 for (k = 0; k < 32; k++)
2373 if (si->used_shallow[i][j] & (1U << k))
2374 si->shallow_ref[j * 32 + k]++;
2375 }
2376
2377 /*
2378 * true for those associated with some refs and belong
2379 * in "ours" list aka "step 7 not done yet"
2380 */
2381 si->need_reachability_test[i] =
2382 si->need_reachability_test[i] > 1;
2383 }
2384
2385 /*
2386 * keep hooks happy by forcing a temporary shallow file via
2387 * env variable because we can't add --shallow-file to every
2388 * command. check_connected() will be done with
2389 * true .git/shallow though.
2390 */
2391 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2392}
2393
2394static void update_shallow_info(struct command *commands,
2395 struct shallow_info *si,
2396 struct oid_array *ref)
2397{
2398 struct command *cmd;
2399 int *ref_status;
2400 remove_nonexistent_theirs_shallow(si);
2401 if (!si->nr_ours && !si->nr_theirs) {
2402 shallow_update = 0;
2403 return;
2404 }
2405
2406 for (cmd = commands; cmd; cmd = cmd->next) {
2407 if (is_null_oid(&cmd->new_oid))
2408 continue;
2409 oid_array_append(ref, &cmd->new_oid);
2410 cmd->index = ref->nr - 1;
2411 }
2412 si->ref = ref;
2413
2414 if (shallow_update) {
2415 prepare_shallow_update(si);
2416 return;
2417 }
2418
2419 ALLOC_ARRAY(ref_status, ref->nr);
2420 assign_shallow_commits_to_refs(si, NULL, ref_status);
2421 for (cmd = commands; cmd; cmd = cmd->next) {
2422 if (is_null_oid(&cmd->new_oid))
2423 continue;
2424 if (ref_status[cmd->index]) {
2425 cmd->error_string = "shallow update not allowed";
2426 cmd->skip_update = 1;
2427 }
2428 }
2429 free(ref_status);
2430}
2431
2432static void report(struct command *commands, const char *unpack_status)
2433{
2434 struct command *cmd;
2435 struct strbuf buf = STRBUF_INIT;
2436
2437 packet_buf_write(&buf, "unpack %s\n",
2438 unpack_status ? unpack_status : "ok");
2439 for (cmd = commands; cmd; cmd = cmd->next) {
2440 if (!cmd->error_string)
2441 packet_buf_write(&buf, "ok %s\n",
2442 cmd->ref_name);
2443 else
2444 packet_buf_write(&buf, "ng %s %s\n",
2445 cmd->ref_name, cmd->error_string);
2446 }
2447 packet_buf_flush(&buf);
2448
2449 if (use_sideband)
2450 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2451 else
2452 write_or_die(1, buf.buf, buf.len);
2453 strbuf_release(&buf);
2454}
2455
2456static void report_v2(struct command *commands, const char *unpack_status)
2457{
2458 struct command *cmd;
2459 struct strbuf buf = STRBUF_INIT;
2460 struct ref_push_report *report;
2461
2462 packet_buf_write(&buf, "unpack %s\n",
2463 unpack_status ? unpack_status : "ok");
2464 for (cmd = commands; cmd; cmd = cmd->next) {
2465 int count = 0;
2466
2467 if (cmd->error_string) {
2468 packet_buf_write(&buf, "ng %s %s\n",
2469 cmd->ref_name,
2470 cmd->error_string);
2471 continue;
2472 }
2473 packet_buf_write(&buf, "ok %s\n",
2474 cmd->ref_name);
2475 for (report = cmd->report; report; report = report->next) {
2476 if (count++ > 0)
2477 packet_buf_write(&buf, "ok %s\n",
2478 cmd->ref_name);
2479 if (report->ref_name)
2480 packet_buf_write(&buf, "option refname %s\n",
2481 report->ref_name);
2482 if (report->old_oid)
2483 packet_buf_write(&buf, "option old-oid %s\n",
2484 oid_to_hex(report->old_oid));
2485 if (report->new_oid)
2486 packet_buf_write(&buf, "option new-oid %s\n",
2487 oid_to_hex(report->new_oid));
2488 if (report->forced_update)
2489 packet_buf_write(&buf, "option forced-update\n");
2490 }
2491 }
2492 packet_buf_flush(&buf);
2493
2494 if (use_sideband)
2495 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2496 else
2497 write_or_die(1, buf.buf, buf.len);
2498 strbuf_release(&buf);
2499}
2500
2501static int delete_only(struct command *commands)
2502{
2503 struct command *cmd;
2504 for (cmd = commands; cmd; cmd = cmd->next) {
2505 if (!is_null_oid(&cmd->new_oid))
2506 return 0;
2507 }
2508 return 1;
2509}
2510
2511int cmd_receive_pack(int argc,
2512 const char **argv,
2513 const char *prefix,
2514 struct repository *repo UNUSED)
2515{
2516 int advertise_refs = 0;
2517 struct command *commands;
2518 struct oid_array shallow = OID_ARRAY_INIT;
2519 struct oid_array ref = OID_ARRAY_INIT;
2520 struct shallow_info si;
2521 struct packet_reader reader;
2522
2523 struct option options[] = {
2524 OPT__QUIET(&quiet, N_("quiet")),
2525 OPT_HIDDEN_BOOL(0, "skip-connectivity-check", &skip_connectivity_check, NULL),
2526 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2527 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2528 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2529 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2530 OPT_END()
2531 };
2532
2533 packet_trace_identity("receive-pack");
2534
2535 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2536
2537 if (argc > 1)
2538 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2539 if (argc == 0)
2540 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2541
2542 service_dir = argv[0];
2543
2544 setup_path();
2545
2546 if (!enter_repo(service_dir, 0))
2547 die("'%s' does not appear to be a git repository", service_dir);
2548
2549 git_config(receive_pack_config, NULL);
2550 if (cert_nonce_seed)
2551 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2552
2553 if (0 <= receive_unpack_limit)
2554 unpack_limit = receive_unpack_limit;
2555 else if (0 <= transfer_unpack_limit)
2556 unpack_limit = transfer_unpack_limit;
2557
2558 switch (determine_protocol_version_server()) {
2559 case protocol_v2:
2560 /*
2561 * push support for protocol v2 has not been implemented yet,
2562 * so ignore the request to use v2 and fallback to using v0.
2563 */
2564 break;
2565 case protocol_v1:
2566 /*
2567 * v1 is just the original protocol with a version string,
2568 * so just fall through after writing the version string.
2569 */
2570 if (advertise_refs || !stateless_rpc)
2571 packet_write_fmt(1, "version 1\n");
2572
2573 /* fallthrough */
2574 case protocol_v0:
2575 break;
2576 case protocol_unknown_version:
2577 BUG("unknown protocol version");
2578 }
2579
2580 if (advertise_refs || !stateless_rpc) {
2581 write_head_info();
2582 }
2583 if (advertise_refs)
2584 return 0;
2585
2586 packet_reader_init(&reader, 0, NULL, 0,
2587 PACKET_READ_CHOMP_NEWLINE |
2588 PACKET_READ_DIE_ON_ERR_PACKET);
2589
2590 if ((commands = read_head_info(&reader, &shallow))) {
2591 const char *unpack_status = NULL;
2592 struct string_list push_options = STRING_LIST_INIT_DUP;
2593
2594 if (use_push_options)
2595 read_push_options(&reader, &push_options);
2596 if (!check_cert_push_options(&push_options)) {
2597 struct command *cmd;
2598 for (cmd = commands; cmd; cmd = cmd->next)
2599 cmd->error_string = "inconsistent push options";
2600 }
2601
2602 prepare_shallow_info(&si, &shallow);
2603 if (!si.nr_ours && !si.nr_theirs)
2604 shallow_update = 0;
2605 if (!delete_only(commands)) {
2606 unpack_status = unpack_with_sideband(&si);
2607 update_shallow_info(commands, &si, &ref);
2608 }
2609 use_keepalive = KEEPALIVE_ALWAYS;
2610 execute_commands(commands, unpack_status, &si,
2611 &push_options);
2612 delete_tempfile(&pack_lockfile);
2613 sigchain_push(SIGPIPE, SIG_IGN);
2614 if (report_status_v2)
2615 report_v2(commands, unpack_status);
2616 else if (report_status)
2617 report(commands, unpack_status);
2618 sigchain_pop(SIGPIPE);
2619 run_receive_hook(commands, "post-receive", 1,
2620 &push_options);
2621 run_update_post_hook(commands);
2622 free_commands(commands);
2623 string_list_clear(&push_options, 0);
2624 if (auto_gc) {
2625 struct child_process proc = CHILD_PROCESS_INIT;
2626
2627 if (prepare_auto_maintenance(1, &proc)) {
2628 proc.no_stdin = 1;
2629 proc.stdout_to_stderr = 1;
2630 proc.err = use_sideband ? -1 : 0;
2631
2632 if (!start_command(&proc)) {
2633 if (use_sideband)
2634 copy_to_sideband(proc.err, -1, NULL);
2635 finish_command(&proc);
2636 }
2637 }
2638 }
2639 if (auto_update_server_info)
2640 update_server_info(the_repository, 0);
2641 clear_shallow_info(&si);
2642 }
2643 if (use_sideband)
2644 packet_flush(1);
2645 oid_array_clear(&shallow);
2646 oid_array_clear(&ref);
2647 strvec_clear(&hidden_refs);
2648 free((void *)push_cert_nonce);
2649 return 0;
2650}
Unnamed repository; edit this file 'description' to name the repository.