]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
connected: refactor iterator to return next object ID directly
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "oid-array.h"
17 #include "connected.h"
18 #include "strvec.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31 #include "shallow.h"
32
33 static const char * const receive_pack_usage[] = {
34 N_("git receive-pack <git-dir>"),
35 NULL
36 };
37
38 enum deny_action {
39 DENY_UNCONFIGURED,
40 DENY_IGNORE,
41 DENY_WARN,
42 DENY_REFUSE,
43 DENY_UPDATE_INSTEAD
44 };
45
46 static int deny_deletes;
47 static int deny_non_fast_forwards;
48 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
49 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
50 static int receive_fsck_objects = -1;
51 static int transfer_fsck_objects = -1;
52 static struct strbuf fsck_msg_types = STRBUF_INIT;
53 static int receive_unpack_limit = -1;
54 static int transfer_unpack_limit = -1;
55 static int advertise_atomic_push = 1;
56 static int advertise_push_options;
57 static int advertise_sid;
58 static int unpack_limit = 100;
59 static off_t max_input_size;
60 static int report_status;
61 static int report_status_v2;
62 static int use_sideband;
63 static int use_atomic;
64 static int use_push_options;
65 static int quiet;
66 static int prefer_ofs_delta = 1;
67 static int auto_update_server_info;
68 static int auto_gc = 1;
69 static int reject_thin;
70 static int stateless_rpc;
71 static const char *service_dir;
72 static const char *head_name;
73 static void *head_name_to_free;
74 static int sent_capabilities;
75 static int shallow_update;
76 static const char *alt_shallow_file;
77 static struct strbuf push_cert = STRBUF_INIT;
78 static struct object_id push_cert_oid;
79 static struct signature_check sigcheck;
80 static const char *push_cert_nonce;
81 static const char *cert_nonce_seed;
82
83 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
84 static const char *NONCE_BAD = "BAD";
85 static const char *NONCE_MISSING = "MISSING";
86 static const char *NONCE_OK = "OK";
87 static const char *NONCE_SLOP = "SLOP";
88 static const char *nonce_status;
89 static long nonce_stamp_slop;
90 static timestamp_t nonce_stamp_slop_limit;
91 static struct ref_transaction *transaction;
92
93 static enum {
94 KEEPALIVE_NEVER = 0,
95 KEEPALIVE_AFTER_NUL,
96 KEEPALIVE_ALWAYS
97 } use_keepalive;
98 static int keepalive_in_sec = 5;
99
100 static struct tmp_objdir *tmp_objdir;
101
102 static struct proc_receive_ref {
103 unsigned int want_add:1,
104 want_delete:1,
105 want_modify:1,
106 negative_ref:1;
107 char *ref_prefix;
108 struct proc_receive_ref *next;
109 } *proc_receive_ref;
110
111 static void proc_receive_ref_append(const char *prefix);
112
113 static enum deny_action parse_deny_action(const char *var, const char *value)
114 {
115 if (value) {
116 if (!strcasecmp(value, "ignore"))
117 return DENY_IGNORE;
118 if (!strcasecmp(value, "warn"))
119 return DENY_WARN;
120 if (!strcasecmp(value, "refuse"))
121 return DENY_REFUSE;
122 if (!strcasecmp(value, "updateinstead"))
123 return DENY_UPDATE_INSTEAD;
124 }
125 if (git_config_bool(var, value))
126 return DENY_REFUSE;
127 return DENY_IGNORE;
128 }
129
130 static int receive_pack_config(const char *var, const char *value, void *cb)
131 {
132 int status = parse_hide_refs_config(var, value, "receive");
133
134 if (status)
135 return status;
136
137 if (strcmp(var, "receive.denydeletes") == 0) {
138 deny_deletes = git_config_bool(var, value);
139 return 0;
140 }
141
142 if (strcmp(var, "receive.denynonfastforwards") == 0) {
143 deny_non_fast_forwards = git_config_bool(var, value);
144 return 0;
145 }
146
147 if (strcmp(var, "receive.unpacklimit") == 0) {
148 receive_unpack_limit = git_config_int(var, value);
149 return 0;
150 }
151
152 if (strcmp(var, "transfer.unpacklimit") == 0) {
153 transfer_unpack_limit = git_config_int(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "receive.fsck.skiplist") == 0) {
158 const char *path;
159
160 if (git_config_pathname(&path, var, value))
161 return 1;
162 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
163 fsck_msg_types.len ? ',' : '=', path);
164 free((char *)path);
165 return 0;
166 }
167
168 if (skip_prefix(var, "receive.fsck.", &var)) {
169 if (is_valid_msg_type(var, value))
170 strbuf_addf(&fsck_msg_types, "%c%s=%s",
171 fsck_msg_types.len ? ',' : '=', var, value);
172 else
173 warning("Skipping unknown msg id '%s'", var);
174 return 0;
175 }
176
177 if (strcmp(var, "receive.fsckobjects") == 0) {
178 receive_fsck_objects = git_config_bool(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "transfer.fsckobjects") == 0) {
183 transfer_fsck_objects = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (!strcmp(var, "receive.denycurrentbranch")) {
188 deny_current_branch = parse_deny_action(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.denydeletecurrent") == 0) {
193 deny_delete_current = parse_deny_action(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
198 prefer_ofs_delta = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "receive.updateserverinfo") == 0) {
203 auto_update_server_info = git_config_bool(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.autogc") == 0) {
208 auto_gc = git_config_bool(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.shallowupdate") == 0) {
213 shallow_update = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.certnonceseed") == 0)
218 return git_config_string(&cert_nonce_seed, var, value);
219
220 if (strcmp(var, "receive.certnonceslop") == 0) {
221 nonce_stamp_slop_limit = git_config_ulong(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.advertiseatomic") == 0) {
226 advertise_atomic_push = git_config_bool(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.advertisepushoptions") == 0) {
231 advertise_push_options = git_config_bool(var, value);
232 return 0;
233 }
234
235 if (strcmp(var, "receive.keepalive") == 0) {
236 keepalive_in_sec = git_config_int(var, value);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.maxinputsize") == 0) {
241 max_input_size = git_config_int64(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.procreceiverefs") == 0) {
246 if (!value)
247 return config_error_nonbool(var);
248 proc_receive_ref_append(value);
249 return 0;
250 }
251
252 if (strcmp(var, "transfer.advertisesid") == 0) {
253 advertise_sid = git_config_bool(var, value);
254 return 0;
255 }
256
257 return git_default_config(var, value, cb);
258 }
259
260 static void show_ref(const char *path, const struct object_id *oid)
261 {
262 if (sent_capabilities) {
263 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
264 } else {
265 struct strbuf cap = STRBUF_INIT;
266
267 strbuf_addstr(&cap,
268 "report-status report-status-v2 delete-refs side-band-64k quiet");
269 if (advertise_atomic_push)
270 strbuf_addstr(&cap, " atomic");
271 if (prefer_ofs_delta)
272 strbuf_addstr(&cap, " ofs-delta");
273 if (push_cert_nonce)
274 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
275 if (advertise_push_options)
276 strbuf_addstr(&cap, " push-options");
277 if (advertise_sid)
278 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
279 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
280 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
281 packet_write_fmt(1, "%s %s%c%s\n",
282 oid_to_hex(oid), path, 0, cap.buf);
283 strbuf_release(&cap);
284 sent_capabilities = 1;
285 }
286 }
287
288 static int show_ref_cb(const char *path_full, const struct object_id *oid,
289 int flag, void *data)
290 {
291 struct oidset *seen = data;
292 const char *path = strip_namespace(path_full);
293
294 if (ref_is_hidden(path, path_full))
295 return 0;
296
297 /*
298 * Advertise refs outside our current namespace as ".have"
299 * refs, so that the client can use them to minimize data
300 * transfer but will otherwise ignore them.
301 */
302 if (!path) {
303 if (oidset_insert(seen, oid))
304 return 0;
305 path = ".have";
306 } else {
307 oidset_insert(seen, oid);
308 }
309 show_ref(path, oid);
310 return 0;
311 }
312
313 static void show_one_alternate_ref(const struct object_id *oid,
314 void *data)
315 {
316 struct oidset *seen = data;
317
318 if (oidset_insert(seen, oid))
319 return;
320
321 show_ref(".have", oid);
322 }
323
324 static void write_head_info(void)
325 {
326 static struct oidset seen = OIDSET_INIT;
327
328 for_each_ref(show_ref_cb, &seen);
329 for_each_alternate_ref(show_one_alternate_ref, &seen);
330 oidset_clear(&seen);
331 if (!sent_capabilities)
332 show_ref("capabilities^{}", null_oid());
333
334 advertise_shallow_grafts(1);
335
336 /* EOF */
337 packet_flush(1);
338 }
339
340 #define RUN_PROC_RECEIVE_SCHEDULED 1
341 #define RUN_PROC_RECEIVE_RETURNED 2
342 struct command {
343 struct command *next;
344 const char *error_string;
345 struct ref_push_report *report;
346 unsigned int skip_update:1,
347 did_not_exist:1,
348 run_proc_receive:2;
349 int index;
350 struct object_id old_oid;
351 struct object_id new_oid;
352 char ref_name[FLEX_ARRAY]; /* more */
353 };
354
355 static void proc_receive_ref_append(const char *prefix)
356 {
357 struct proc_receive_ref *ref_pattern;
358 char *p;
359 int len;
360
361 CALLOC_ARRAY(ref_pattern, 1);
362 p = strchr(prefix, ':');
363 if (p) {
364 while (prefix < p) {
365 if (*prefix == 'a')
366 ref_pattern->want_add = 1;
367 else if (*prefix == 'd')
368 ref_pattern->want_delete = 1;
369 else if (*prefix == 'm')
370 ref_pattern->want_modify = 1;
371 else if (*prefix == '!')
372 ref_pattern->negative_ref = 1;
373 prefix++;
374 }
375 prefix++;
376 } else {
377 ref_pattern->want_add = 1;
378 ref_pattern->want_delete = 1;
379 ref_pattern->want_modify = 1;
380 }
381 len = strlen(prefix);
382 while (len && prefix[len - 1] == '/')
383 len--;
384 ref_pattern->ref_prefix = xmemdupz(prefix, len);
385 if (!proc_receive_ref) {
386 proc_receive_ref = ref_pattern;
387 } else {
388 struct proc_receive_ref *end;
389
390 end = proc_receive_ref;
391 while (end->next)
392 end = end->next;
393 end->next = ref_pattern;
394 }
395 }
396
397 static int proc_receive_ref_matches(struct command *cmd)
398 {
399 struct proc_receive_ref *p;
400
401 if (!proc_receive_ref)
402 return 0;
403
404 for (p = proc_receive_ref; p; p = p->next) {
405 const char *match = p->ref_prefix;
406 const char *remains;
407
408 if (!p->want_add && is_null_oid(&cmd->old_oid))
409 continue;
410 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
411 continue;
412 else if (!p->want_modify &&
413 !is_null_oid(&cmd->old_oid) &&
414 !is_null_oid(&cmd->new_oid))
415 continue;
416
417 if (skip_prefix(cmd->ref_name, match, &remains) &&
418 (!*remains || *remains == '/')) {
419 if (!p->negative_ref)
420 return 1;
421 } else if (p->negative_ref) {
422 return 1;
423 }
424 }
425 return 0;
426 }
427
428 static void report_message(const char *prefix, const char *err, va_list params)
429 {
430 int sz;
431 char msg[4096];
432
433 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
434 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
435 if (sz > (sizeof(msg) - 1))
436 sz = sizeof(msg) - 1;
437 msg[sz++] = '\n';
438
439 if (use_sideband)
440 send_sideband(1, 2, msg, sz, use_sideband);
441 else
442 xwrite(2, msg, sz);
443 }
444
445 __attribute__((format (printf, 1, 2)))
446 static void rp_warning(const char *err, ...)
447 {
448 va_list params;
449 va_start(params, err);
450 report_message("warning: ", err, params);
451 va_end(params);
452 }
453
454 __attribute__((format (printf, 1, 2)))
455 static void rp_error(const char *err, ...)
456 {
457 va_list params;
458 va_start(params, err);
459 report_message("error: ", err, params);
460 va_end(params);
461 }
462
463 static int copy_to_sideband(int in, int out, void *arg)
464 {
465 char data[128];
466 int keepalive_active = 0;
467
468 if (keepalive_in_sec <= 0)
469 use_keepalive = KEEPALIVE_NEVER;
470 if (use_keepalive == KEEPALIVE_ALWAYS)
471 keepalive_active = 1;
472
473 while (1) {
474 ssize_t sz;
475
476 if (keepalive_active) {
477 struct pollfd pfd;
478 int ret;
479
480 pfd.fd = in;
481 pfd.events = POLLIN;
482 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
483
484 if (ret < 0) {
485 if (errno == EINTR)
486 continue;
487 else
488 break;
489 } else if (ret == 0) {
490 /* no data; send a keepalive packet */
491 static const char buf[] = "0005\1";
492 write_or_die(1, buf, sizeof(buf) - 1);
493 continue;
494 } /* else there is actual data to read */
495 }
496
497 sz = xread(in, data, sizeof(data));
498 if (sz <= 0)
499 break;
500
501 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
502 const char *p = memchr(data, '\0', sz);
503 if (p) {
504 /*
505 * The NUL tells us to start sending keepalives. Make
506 * sure we send any other data we read along
507 * with it.
508 */
509 keepalive_active = 1;
510 send_sideband(1, 2, data, p - data, use_sideband);
511 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
512 continue;
513 }
514 }
515
516 /*
517 * Either we're not looking for a NUL signal, or we didn't see
518 * it yet; just pass along the data.
519 */
520 send_sideband(1, 2, data, sz, use_sideband);
521 }
522 close(in);
523 return 0;
524 }
525
526 static void hmac_hash(unsigned char *out,
527 const char *key_in, size_t key_len,
528 const char *text, size_t text_len)
529 {
530 unsigned char key[GIT_MAX_BLKSZ];
531 unsigned char k_ipad[GIT_MAX_BLKSZ];
532 unsigned char k_opad[GIT_MAX_BLKSZ];
533 int i;
534 git_hash_ctx ctx;
535
536 /* RFC 2104 2. (1) */
537 memset(key, '\0', GIT_MAX_BLKSZ);
538 if (the_hash_algo->blksz < key_len) {
539 the_hash_algo->init_fn(&ctx);
540 the_hash_algo->update_fn(&ctx, key_in, key_len);
541 the_hash_algo->final_fn(key, &ctx);
542 } else {
543 memcpy(key, key_in, key_len);
544 }
545
546 /* RFC 2104 2. (2) & (5) */
547 for (i = 0; i < sizeof(key); i++) {
548 k_ipad[i] = key[i] ^ 0x36;
549 k_opad[i] = key[i] ^ 0x5c;
550 }
551
552 /* RFC 2104 2. (3) & (4) */
553 the_hash_algo->init_fn(&ctx);
554 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
555 the_hash_algo->update_fn(&ctx, text, text_len);
556 the_hash_algo->final_fn(out, &ctx);
557
558 /* RFC 2104 2. (6) & (7) */
559 the_hash_algo->init_fn(&ctx);
560 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
561 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
562 the_hash_algo->final_fn(out, &ctx);
563 }
564
565 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
566 {
567 struct strbuf buf = STRBUF_INIT;
568 unsigned char hash[GIT_MAX_RAWSZ];
569
570 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
571 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
572 strbuf_release(&buf);
573
574 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
575 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
576 return strbuf_detach(&buf, NULL);
577 }
578
579 /*
580 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
581 * after dropping "_commit" from its name and possibly moving it out
582 * of commit.c
583 */
584 static char *find_header(const char *msg, size_t len, const char *key,
585 const char **next_line)
586 {
587 int key_len = strlen(key);
588 const char *line = msg;
589
590 while (line && line < msg + len) {
591 const char *eol = strchrnul(line, '\n');
592
593 if ((msg + len <= eol) || line == eol)
594 return NULL;
595 if (line + key_len < eol &&
596 !memcmp(line, key, key_len) && line[key_len] == ' ') {
597 int offset = key_len + 1;
598 if (next_line)
599 *next_line = *eol ? eol + 1 : eol;
600 return xmemdupz(line + offset, (eol - line) - offset);
601 }
602 line = *eol ? eol + 1 : NULL;
603 }
604 return NULL;
605 }
606
607 /*
608 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
609 * This operation is guaranteed to run in constant time to avoid leaking data.
610 */
611 static int constant_memequal(const char *a, const char *b, size_t n)
612 {
613 int res = 0;
614 size_t i;
615
616 for (i = 0; i < n; i++)
617 res |= a[i] ^ b[i];
618 return res;
619 }
620
621 static const char *check_nonce(const char *buf, size_t len)
622 {
623 char *nonce = find_header(buf, len, "nonce", NULL);
624 timestamp_t stamp, ostamp;
625 char *bohmac, *expect = NULL;
626 const char *retval = NONCE_BAD;
627 size_t noncelen;
628
629 if (!nonce) {
630 retval = NONCE_MISSING;
631 goto leave;
632 } else if (!push_cert_nonce) {
633 retval = NONCE_UNSOLICITED;
634 goto leave;
635 } else if (!strcmp(push_cert_nonce, nonce)) {
636 retval = NONCE_OK;
637 goto leave;
638 }
639
640 if (!stateless_rpc) {
641 /* returned nonce MUST match what we gave out earlier */
642 retval = NONCE_BAD;
643 goto leave;
644 }
645
646 /*
647 * In stateless mode, we may be receiving a nonce issued by
648 * another instance of the server that serving the same
649 * repository, and the timestamps may not match, but the
650 * nonce-seed and dir should match, so we can recompute and
651 * report the time slop.
652 *
653 * In addition, when a nonce issued by another instance has
654 * timestamp within receive.certnonceslop seconds, we pretend
655 * as if we issued that nonce when reporting to the hook.
656 */
657
658 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
659 if (*nonce <= '0' || '9' < *nonce) {
660 retval = NONCE_BAD;
661 goto leave;
662 }
663 stamp = parse_timestamp(nonce, &bohmac, 10);
664 if (bohmac == nonce || bohmac[0] != '-') {
665 retval = NONCE_BAD;
666 goto leave;
667 }
668
669 noncelen = strlen(nonce);
670 expect = prepare_push_cert_nonce(service_dir, stamp);
671 if (noncelen != strlen(expect)) {
672 /* This is not even the right size. */
673 retval = NONCE_BAD;
674 goto leave;
675 }
676 if (constant_memequal(expect, nonce, noncelen)) {
677 /* Not what we would have signed earlier */
678 retval = NONCE_BAD;
679 goto leave;
680 }
681
682 /*
683 * By how many seconds is this nonce stale? Negative value
684 * would mean it was issued by another server with its clock
685 * skewed in the future.
686 */
687 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
688 nonce_stamp_slop = (long)ostamp - (long)stamp;
689
690 if (nonce_stamp_slop_limit &&
691 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
692 /*
693 * Pretend as if the received nonce (which passes the
694 * HMAC check, so it is not a forged by third-party)
695 * is what we issued.
696 */
697 free((void *)push_cert_nonce);
698 push_cert_nonce = xstrdup(nonce);
699 retval = NONCE_OK;
700 } else {
701 retval = NONCE_SLOP;
702 }
703
704 leave:
705 free(nonce);
706 free(expect);
707 return retval;
708 }
709
710 /*
711 * Return 1 if there is no push_cert or if the push options in push_cert are
712 * the same as those in the argument; 0 otherwise.
713 */
714 static int check_cert_push_options(const struct string_list *push_options)
715 {
716 const char *buf = push_cert.buf;
717 int len = push_cert.len;
718
719 char *option;
720 const char *next_line;
721 int options_seen = 0;
722
723 int retval = 1;
724
725 if (!len)
726 return 1;
727
728 while ((option = find_header(buf, len, "push-option", &next_line))) {
729 len -= (next_line - buf);
730 buf = next_line;
731 options_seen++;
732 if (options_seen > push_options->nr
733 || strcmp(option,
734 push_options->items[options_seen - 1].string)) {
735 retval = 0;
736 goto leave;
737 }
738 free(option);
739 }
740
741 if (options_seen != push_options->nr)
742 retval = 0;
743
744 leave:
745 free(option);
746 return retval;
747 }
748
749 static void prepare_push_cert_sha1(struct child_process *proc)
750 {
751 static int already_done;
752
753 if (!push_cert.len)
754 return;
755
756 if (!already_done) {
757 int bogs /* beginning_of_gpg_sig */;
758
759 already_done = 1;
760 if (write_object_file(push_cert.buf, push_cert.len, "blob",
761 &push_cert_oid))
762 oidclr(&push_cert_oid);
763
764 memset(&sigcheck, '\0', sizeof(sigcheck));
765
766 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
767 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
768 push_cert.len - bogs, &sigcheck);
769
770 nonce_status = check_nonce(push_cert.buf, bogs);
771 }
772 if (!is_null_oid(&push_cert_oid)) {
773 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
774 oid_to_hex(&push_cert_oid));
775 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
776 sigcheck.signer ? sigcheck.signer : "");
777 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
778 sigcheck.key ? sigcheck.key : "");
779 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
780 sigcheck.result);
781 if (push_cert_nonce) {
782 strvec_pushf(&proc->env_array,
783 "GIT_PUSH_CERT_NONCE=%s",
784 push_cert_nonce);
785 strvec_pushf(&proc->env_array,
786 "GIT_PUSH_CERT_NONCE_STATUS=%s",
787 nonce_status);
788 if (nonce_status == NONCE_SLOP)
789 strvec_pushf(&proc->env_array,
790 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
791 nonce_stamp_slop);
792 }
793 }
794 }
795
796 struct receive_hook_feed_state {
797 struct command *cmd;
798 struct ref_push_report *report;
799 int skip_broken;
800 struct strbuf buf;
801 const struct string_list *push_options;
802 };
803
804 typedef int (*feed_fn)(void *, const char **, size_t *);
805 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
806 struct receive_hook_feed_state *feed_state)
807 {
808 struct child_process proc = CHILD_PROCESS_INIT;
809 struct async muxer;
810 const char *argv[2];
811 int code;
812
813 argv[0] = find_hook(hook_name);
814 if (!argv[0])
815 return 0;
816
817 argv[1] = NULL;
818
819 proc.argv = argv;
820 proc.in = -1;
821 proc.stdout_to_stderr = 1;
822 proc.trace2_hook_name = hook_name;
823
824 if (feed_state->push_options) {
825 int i;
826 for (i = 0; i < feed_state->push_options->nr; i++)
827 strvec_pushf(&proc.env_array,
828 "GIT_PUSH_OPTION_%d=%s", i,
829 feed_state->push_options->items[i].string);
830 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
831 feed_state->push_options->nr);
832 } else
833 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
834
835 if (tmp_objdir)
836 strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
837
838 if (use_sideband) {
839 memset(&muxer, 0, sizeof(muxer));
840 muxer.proc = copy_to_sideband;
841 muxer.in = -1;
842 code = start_async(&muxer);
843 if (code)
844 return code;
845 proc.err = muxer.in;
846 }
847
848 prepare_push_cert_sha1(&proc);
849
850 code = start_command(&proc);
851 if (code) {
852 if (use_sideband)
853 finish_async(&muxer);
854 return code;
855 }
856
857 sigchain_push(SIGPIPE, SIG_IGN);
858
859 while (1) {
860 const char *buf;
861 size_t n;
862 if (feed(feed_state, &buf, &n))
863 break;
864 if (write_in_full(proc.in, buf, n) < 0)
865 break;
866 }
867 close(proc.in);
868 if (use_sideband)
869 finish_async(&muxer);
870
871 sigchain_pop(SIGPIPE);
872
873 return finish_command(&proc);
874 }
875
876 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
877 {
878 struct receive_hook_feed_state *state = state_;
879 struct command *cmd = state->cmd;
880
881 while (cmd &&
882 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
883 cmd = cmd->next;
884 if (!cmd)
885 return -1; /* EOF */
886 if (!bufp)
887 return 0; /* OK, can feed something. */
888 strbuf_reset(&state->buf);
889 if (!state->report)
890 state->report = cmd->report;
891 if (state->report) {
892 struct object_id *old_oid;
893 struct object_id *new_oid;
894 const char *ref_name;
895
896 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
897 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
898 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
899 strbuf_addf(&state->buf, "%s %s %s\n",
900 oid_to_hex(old_oid), oid_to_hex(new_oid),
901 ref_name);
902 state->report = state->report->next;
903 if (!state->report)
904 state->cmd = cmd->next;
905 } else {
906 strbuf_addf(&state->buf, "%s %s %s\n",
907 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
908 cmd->ref_name);
909 state->cmd = cmd->next;
910 }
911 if (bufp) {
912 *bufp = state->buf.buf;
913 *sizep = state->buf.len;
914 }
915 return 0;
916 }
917
918 static int run_receive_hook(struct command *commands,
919 const char *hook_name,
920 int skip_broken,
921 const struct string_list *push_options)
922 {
923 struct receive_hook_feed_state state;
924 int status;
925
926 strbuf_init(&state.buf, 0);
927 state.cmd = commands;
928 state.skip_broken = skip_broken;
929 state.report = NULL;
930 if (feed_receive_hook(&state, NULL, NULL))
931 return 0;
932 state.cmd = commands;
933 state.push_options = push_options;
934 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
935 strbuf_release(&state.buf);
936 return status;
937 }
938
939 static int run_update_hook(struct command *cmd)
940 {
941 const char *argv[5];
942 struct child_process proc = CHILD_PROCESS_INIT;
943 int code;
944
945 argv[0] = find_hook("update");
946 if (!argv[0])
947 return 0;
948
949 argv[1] = cmd->ref_name;
950 argv[2] = oid_to_hex(&cmd->old_oid);
951 argv[3] = oid_to_hex(&cmd->new_oid);
952 argv[4] = NULL;
953
954 proc.no_stdin = 1;
955 proc.stdout_to_stderr = 1;
956 proc.err = use_sideband ? -1 : 0;
957 proc.argv = argv;
958 proc.trace2_hook_name = "update";
959
960 code = start_command(&proc);
961 if (code)
962 return code;
963 if (use_sideband)
964 copy_to_sideband(proc.err, -1, NULL);
965 return finish_command(&proc);
966 }
967
968 static struct command *find_command_by_refname(struct command *list,
969 const char *refname)
970 {
971 for (; list; list = list->next)
972 if (!strcmp(list->ref_name, refname))
973 return list;
974 return NULL;
975 }
976
977 static int read_proc_receive_report(struct packet_reader *reader,
978 struct command *commands,
979 struct strbuf *errmsg)
980 {
981 struct command *cmd;
982 struct command *hint = NULL;
983 struct ref_push_report *report = NULL;
984 int new_report = 0;
985 int code = 0;
986 int once = 0;
987 int response = 0;
988
989 for (;;) {
990 struct object_id old_oid, new_oid;
991 const char *head;
992 const char *refname;
993 char *p;
994 enum packet_read_status status;
995
996 status = packet_reader_read(reader);
997 if (status != PACKET_READ_NORMAL) {
998 /* Check whether proc-receive exited abnormally */
999 if (status == PACKET_READ_EOF && !response) {
1000 strbuf_addstr(errmsg, "proc-receive exited abnormally");
1001 return -1;
1002 }
1003 break;
1004 }
1005 response++;
1006
1007 head = reader->line;
1008 p = strchr(head, ' ');
1009 if (!p) {
1010 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1011 code = -1;
1012 continue;
1013 }
1014 *p++ = '\0';
1015 if (!strcmp(head, "option")) {
1016 const char *key, *val;
1017
1018 if (!hint || !(report || new_report)) {
1019 if (!once++)
1020 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1021 code = -1;
1022 continue;
1023 }
1024 if (new_report) {
1025 if (!hint->report) {
1026 CALLOC_ARRAY(hint->report, 1);
1027 report = hint->report;
1028 } else {
1029 report = hint->report;
1030 while (report->next)
1031 report = report->next;
1032 report->next = xcalloc(1, sizeof(struct ref_push_report));
1033 report = report->next;
1034 }
1035 new_report = 0;
1036 }
1037 key = p;
1038 p = strchr(key, ' ');
1039 if (p)
1040 *p++ = '\0';
1041 val = p;
1042 if (!strcmp(key, "refname"))
1043 report->ref_name = xstrdup_or_null(val);
1044 else if (!strcmp(key, "old-oid") && val &&
1045 !parse_oid_hex(val, &old_oid, &val))
1046 report->old_oid = oiddup(&old_oid);
1047 else if (!strcmp(key, "new-oid") && val &&
1048 !parse_oid_hex(val, &new_oid, &val))
1049 report->new_oid = oiddup(&new_oid);
1050 else if (!strcmp(key, "forced-update"))
1051 report->forced_update = 1;
1052 else if (!strcmp(key, "fall-through"))
1053 /* Fall through, let 'receive-pack' to execute it. */
1054 hint->run_proc_receive = 0;
1055 continue;
1056 }
1057
1058 report = NULL;
1059 new_report = 0;
1060 refname = p;
1061 p = strchr(refname, ' ');
1062 if (p)
1063 *p++ = '\0';
1064 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1065 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1066 head, refname);
1067 code = -1;
1068 continue;
1069 }
1070
1071 /* first try searching at our hint, falling back to all refs */
1072 if (hint)
1073 hint = find_command_by_refname(hint, refname);
1074 if (!hint)
1075 hint = find_command_by_refname(commands, refname);
1076 if (!hint) {
1077 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1078 refname);
1079 code = -1;
1080 continue;
1081 }
1082 if (!hint->run_proc_receive) {
1083 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1084 refname);
1085 code = -1;
1086 continue;
1087 }
1088 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1089 if (!strcmp(head, "ng")) {
1090 if (p)
1091 hint->error_string = xstrdup(p);
1092 else
1093 hint->error_string = "failed";
1094 code = -1;
1095 continue;
1096 }
1097 new_report = 1;
1098 }
1099
1100 for (cmd = commands; cmd; cmd = cmd->next)
1101 if (cmd->run_proc_receive && !cmd->error_string &&
1102 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1103 cmd->error_string = "proc-receive failed to report status";
1104 code = -1;
1105 }
1106 return code;
1107 }
1108
1109 static int run_proc_receive_hook(struct command *commands,
1110 const struct string_list *push_options)
1111 {
1112 struct child_process proc = CHILD_PROCESS_INIT;
1113 struct async muxer;
1114 struct command *cmd;
1115 const char *argv[2];
1116 struct packet_reader reader;
1117 struct strbuf cap = STRBUF_INIT;
1118 struct strbuf errmsg = STRBUF_INIT;
1119 int hook_use_push_options = 0;
1120 int version = 0;
1121 int code;
1122
1123 argv[0] = find_hook("proc-receive");
1124 if (!argv[0]) {
1125 rp_error("cannot find hook 'proc-receive'");
1126 return -1;
1127 }
1128 argv[1] = NULL;
1129
1130 proc.argv = argv;
1131 proc.in = -1;
1132 proc.out = -1;
1133 proc.trace2_hook_name = "proc-receive";
1134
1135 if (use_sideband) {
1136 memset(&muxer, 0, sizeof(muxer));
1137 muxer.proc = copy_to_sideband;
1138 muxer.in = -1;
1139 code = start_async(&muxer);
1140 if (code)
1141 return code;
1142 proc.err = muxer.in;
1143 } else {
1144 proc.err = 0;
1145 }
1146
1147 code = start_command(&proc);
1148 if (code) {
1149 if (use_sideband)
1150 finish_async(&muxer);
1151 return code;
1152 }
1153
1154 sigchain_push(SIGPIPE, SIG_IGN);
1155
1156 /* Version negotiaton */
1157 packet_reader_init(&reader, proc.out, NULL, 0,
1158 PACKET_READ_CHOMP_NEWLINE |
1159 PACKET_READ_GENTLE_ON_EOF);
1160 if (use_atomic)
1161 strbuf_addstr(&cap, " atomic");
1162 if (use_push_options)
1163 strbuf_addstr(&cap, " push-options");
1164 if (cap.len) {
1165 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1166 strbuf_release(&cap);
1167 } else {
1168 code = packet_write_fmt_gently(proc.in, "version=1\n");
1169 }
1170 if (!code)
1171 code = packet_flush_gently(proc.in);
1172
1173 if (!code)
1174 for (;;) {
1175 int linelen;
1176 enum packet_read_status status;
1177
1178 status = packet_reader_read(&reader);
1179 if (status != PACKET_READ_NORMAL) {
1180 /* Check whether proc-receive exited abnormally */
1181 if (status == PACKET_READ_EOF)
1182 code = -1;
1183 break;
1184 }
1185
1186 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1187 version = atoi(reader.line + 8);
1188 linelen = strlen(reader.line);
1189 if (linelen < reader.pktlen) {
1190 const char *feature_list = reader.line + linelen + 1;
1191 if (parse_feature_request(feature_list, "push-options"))
1192 hook_use_push_options = 1;
1193 }
1194 }
1195 }
1196
1197 if (code) {
1198 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1199 goto cleanup;
1200 }
1201
1202 switch (version) {
1203 case 0:
1204 /* fallthrough */
1205 case 1:
1206 break;
1207 default:
1208 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1209 version);
1210 code = -1;
1211 goto cleanup;
1212 }
1213
1214 /* Send commands */
1215 for (cmd = commands; cmd; cmd = cmd->next) {
1216 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1217 continue;
1218 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1219 oid_to_hex(&cmd->old_oid),
1220 oid_to_hex(&cmd->new_oid),
1221 cmd->ref_name);
1222 if (code)
1223 break;
1224 }
1225 if (!code)
1226 code = packet_flush_gently(proc.in);
1227 if (code) {
1228 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1229 goto cleanup;
1230 }
1231
1232 /* Send push options */
1233 if (hook_use_push_options) {
1234 struct string_list_item *item;
1235
1236 for_each_string_list_item(item, push_options) {
1237 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1238 if (code)
1239 break;
1240 }
1241 if (!code)
1242 code = packet_flush_gently(proc.in);
1243 if (code) {
1244 strbuf_addstr(&errmsg,
1245 "fail to write push-options to proc-receive hook");
1246 goto cleanup;
1247 }
1248 }
1249
1250 /* Read result from proc-receive */
1251 code = read_proc_receive_report(&reader, commands, &errmsg);
1252
1253 cleanup:
1254 close(proc.in);
1255 close(proc.out);
1256 if (use_sideband)
1257 finish_async(&muxer);
1258 if (finish_command(&proc))
1259 code = -1;
1260 if (errmsg.len >0) {
1261 char *p = errmsg.buf;
1262
1263 p += errmsg.len - 1;
1264 if (*p == '\n')
1265 *p = '\0';
1266 rp_error("%s", errmsg.buf);
1267 strbuf_release(&errmsg);
1268 }
1269 sigchain_pop(SIGPIPE);
1270
1271 return code;
1272 }
1273
1274 static char *refuse_unconfigured_deny_msg =
1275 N_("By default, updating the current branch in a non-bare repository\n"
1276 "is denied, because it will make the index and work tree inconsistent\n"
1277 "with what you pushed, and will require 'git reset --hard' to match\n"
1278 "the work tree to HEAD.\n"
1279 "\n"
1280 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1281 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1282 "its current branch; however, this is not recommended unless you\n"
1283 "arranged to update its work tree to match what you pushed in some\n"
1284 "other way.\n"
1285 "\n"
1286 "To squelch this message and still keep the default behaviour, set\n"
1287 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1288
1289 static void refuse_unconfigured_deny(void)
1290 {
1291 rp_error("%s", _(refuse_unconfigured_deny_msg));
1292 }
1293
1294 static char *refuse_unconfigured_deny_delete_current_msg =
1295 N_("By default, deleting the current branch is denied, because the next\n"
1296 "'git clone' won't result in any file checked out, causing confusion.\n"
1297 "\n"
1298 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1299 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1300 "current branch, with or without a warning message.\n"
1301 "\n"
1302 "To squelch this message, you can set it to 'refuse'.");
1303
1304 static void refuse_unconfigured_deny_delete_current(void)
1305 {
1306 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1307 }
1308
1309 static const struct object_id *command_singleton_iterator(void *cb_data);
1310 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1311 {
1312 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1313 struct oid_array extra = OID_ARRAY_INIT;
1314 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1315 uint32_t mask = 1 << (cmd->index % 32);
1316 int i;
1317
1318 trace_printf_key(&trace_shallow,
1319 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1320 for (i = 0; i < si->shallow->nr; i++)
1321 if (si->used_shallow[i] &&
1322 (si->used_shallow[i][cmd->index / 32] & mask) &&
1323 !delayed_reachability_test(si, i))
1324 oid_array_append(&extra, &si->shallow->oid[i]);
1325
1326 opt.env = tmp_objdir_env(tmp_objdir);
1327 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1328 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1329 rollback_shallow_file(the_repository, &shallow_lock);
1330 oid_array_clear(&extra);
1331 return -1;
1332 }
1333
1334 commit_shallow_file(the_repository, &shallow_lock);
1335
1336 /*
1337 * Make sure setup_alternate_shallow() for the next ref does
1338 * not lose these new roots..
1339 */
1340 for (i = 0; i < extra.nr; i++)
1341 register_shallow(the_repository, &extra.oid[i]);
1342
1343 si->shallow_ref[cmd->index] = 0;
1344 oid_array_clear(&extra);
1345 return 0;
1346 }
1347
1348 /*
1349 * NEEDSWORK: we should consolidate various implementions of "are we
1350 * on an unborn branch?" test into one, and make the unified one more
1351 * robust. !get_sha1() based check used here and elsewhere would not
1352 * allow us to tell an unborn branch from corrupt ref, for example.
1353 * For the purpose of fixing "deploy-to-update does not work when
1354 * pushing into an empty repository" issue, this should suffice for
1355 * now.
1356 */
1357 static int head_has_history(void)
1358 {
1359 struct object_id oid;
1360
1361 return !get_oid("HEAD", &oid);
1362 }
1363
1364 static const char *push_to_deploy(unsigned char *sha1,
1365 struct strvec *env,
1366 const char *work_tree)
1367 {
1368 const char *update_refresh[] = {
1369 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
1370 };
1371 const char *diff_files[] = {
1372 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
1373 };
1374 const char *diff_index[] = {
1375 "diff-index", "--quiet", "--cached", "--ignore-submodules",
1376 NULL, "--", NULL
1377 };
1378 const char *read_tree[] = {
1379 "read-tree", "-u", "-m", NULL, NULL
1380 };
1381 struct child_process child = CHILD_PROCESS_INIT;
1382
1383 child.argv = update_refresh;
1384 child.env = env->v;
1385 child.dir = work_tree;
1386 child.no_stdin = 1;
1387 child.stdout_to_stderr = 1;
1388 child.git_cmd = 1;
1389 if (run_command(&child))
1390 return "Up-to-date check failed";
1391
1392 /* run_command() does not clean up completely; reinitialize */
1393 child_process_init(&child);
1394 child.argv = diff_files;
1395 child.env = env->v;
1396 child.dir = work_tree;
1397 child.no_stdin = 1;
1398 child.stdout_to_stderr = 1;
1399 child.git_cmd = 1;
1400 if (run_command(&child))
1401 return "Working directory has unstaged changes";
1402
1403 /* diff-index with either HEAD or an empty tree */
1404 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
1405
1406 child_process_init(&child);
1407 child.argv = diff_index;
1408 child.env = env->v;
1409 child.no_stdin = 1;
1410 child.no_stdout = 1;
1411 child.stdout_to_stderr = 0;
1412 child.git_cmd = 1;
1413 if (run_command(&child))
1414 return "Working directory has staged changes";
1415
1416 read_tree[3] = hash_to_hex(sha1);
1417 child_process_init(&child);
1418 child.argv = read_tree;
1419 child.env = env->v;
1420 child.dir = work_tree;
1421 child.no_stdin = 1;
1422 child.no_stdout = 1;
1423 child.stdout_to_stderr = 0;
1424 child.git_cmd = 1;
1425 if (run_command(&child))
1426 return "Could not update working tree to new HEAD";
1427
1428 return NULL;
1429 }
1430
1431 static const char *push_to_checkout_hook = "push-to-checkout";
1432
1433 static const char *push_to_checkout(unsigned char *hash,
1434 struct strvec *env,
1435 const char *work_tree)
1436 {
1437 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1438 if (run_hook_le(env->v, push_to_checkout_hook,
1439 hash_to_hex(hash), NULL))
1440 return "push-to-checkout hook declined";
1441 else
1442 return NULL;
1443 }
1444
1445 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1446 {
1447 const char *retval, *work_tree, *git_dir = NULL;
1448 struct strvec env = STRVEC_INIT;
1449
1450 if (worktree && worktree->path)
1451 work_tree = worktree->path;
1452 else if (git_work_tree_cfg)
1453 work_tree = git_work_tree_cfg;
1454 else
1455 work_tree = "..";
1456
1457 if (is_bare_repository())
1458 return "denyCurrentBranch = updateInstead needs a worktree";
1459 if (worktree)
1460 git_dir = get_worktree_git_dir(worktree);
1461 if (!git_dir)
1462 git_dir = get_git_dir();
1463
1464 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1465
1466 if (!find_hook(push_to_checkout_hook))
1467 retval = push_to_deploy(sha1, &env, work_tree);
1468 else
1469 retval = push_to_checkout(sha1, &env, work_tree);
1470
1471 strvec_clear(&env);
1472 return retval;
1473 }
1474
1475 static const char *update(struct command *cmd, struct shallow_info *si)
1476 {
1477 const char *name = cmd->ref_name;
1478 struct strbuf namespaced_name_buf = STRBUF_INIT;
1479 static char *namespaced_name;
1480 const char *ret;
1481 struct object_id *old_oid = &cmd->old_oid;
1482 struct object_id *new_oid = &cmd->new_oid;
1483 int do_update_worktree = 0;
1484 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1485
1486 /* only refs/... are allowed */
1487 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1488 rp_error("refusing to create funny ref '%s' remotely", name);
1489 return "funny refname";
1490 }
1491
1492 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1493 free(namespaced_name);
1494 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1495
1496 if (worktree) {
1497 switch (deny_current_branch) {
1498 case DENY_IGNORE:
1499 break;
1500 case DENY_WARN:
1501 rp_warning("updating the current branch");
1502 break;
1503 case DENY_REFUSE:
1504 case DENY_UNCONFIGURED:
1505 rp_error("refusing to update checked out branch: %s", name);
1506 if (deny_current_branch == DENY_UNCONFIGURED)
1507 refuse_unconfigured_deny();
1508 return "branch is currently checked out";
1509 case DENY_UPDATE_INSTEAD:
1510 /* pass -- let other checks intervene first */
1511 do_update_worktree = 1;
1512 break;
1513 }
1514 }
1515
1516 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1517 error("unpack should have generated %s, "
1518 "but I can't find it!", oid_to_hex(new_oid));
1519 return "bad pack";
1520 }
1521
1522 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1523 if (deny_deletes && starts_with(name, "refs/heads/")) {
1524 rp_error("denying ref deletion for %s", name);
1525 return "deletion prohibited";
1526 }
1527
1528 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1529 switch (deny_delete_current) {
1530 case DENY_IGNORE:
1531 break;
1532 case DENY_WARN:
1533 rp_warning("deleting the current branch");
1534 break;
1535 case DENY_REFUSE:
1536 case DENY_UNCONFIGURED:
1537 case DENY_UPDATE_INSTEAD:
1538 if (deny_delete_current == DENY_UNCONFIGURED)
1539 refuse_unconfigured_deny_delete_current();
1540 rp_error("refusing to delete the current branch: %s", name);
1541 return "deletion of the current branch prohibited";
1542 default:
1543 return "Invalid denyDeleteCurrent setting";
1544 }
1545 }
1546 }
1547
1548 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1549 !is_null_oid(old_oid) &&
1550 starts_with(name, "refs/heads/")) {
1551 struct object *old_object, *new_object;
1552 struct commit *old_commit, *new_commit;
1553
1554 old_object = parse_object(the_repository, old_oid);
1555 new_object = parse_object(the_repository, new_oid);
1556
1557 if (!old_object || !new_object ||
1558 old_object->type != OBJ_COMMIT ||
1559 new_object->type != OBJ_COMMIT) {
1560 error("bad sha1 objects for %s", name);
1561 return "bad ref";
1562 }
1563 old_commit = (struct commit *)old_object;
1564 new_commit = (struct commit *)new_object;
1565 if (!in_merge_bases(old_commit, new_commit)) {
1566 rp_error("denying non-fast-forward %s"
1567 " (you should pull first)", name);
1568 return "non-fast-forward";
1569 }
1570 }
1571 if (run_update_hook(cmd)) {
1572 rp_error("hook declined to update %s", name);
1573 return "hook declined";
1574 }
1575
1576 if (do_update_worktree) {
1577 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1578 if (ret)
1579 return ret;
1580 }
1581
1582 if (is_null_oid(new_oid)) {
1583 struct strbuf err = STRBUF_INIT;
1584 if (!parse_object(the_repository, old_oid)) {
1585 old_oid = NULL;
1586 if (ref_exists(name)) {
1587 rp_warning("Allowing deletion of corrupt ref.");
1588 } else {
1589 rp_warning("Deleting a non-existent ref.");
1590 cmd->did_not_exist = 1;
1591 }
1592 }
1593 if (ref_transaction_delete(transaction,
1594 namespaced_name,
1595 old_oid,
1596 0, "push", &err)) {
1597 rp_error("%s", err.buf);
1598 strbuf_release(&err);
1599 return "failed to delete";
1600 }
1601 strbuf_release(&err);
1602 return NULL; /* good */
1603 }
1604 else {
1605 struct strbuf err = STRBUF_INIT;
1606 if (shallow_update && si->shallow_ref[cmd->index] &&
1607 update_shallow_ref(cmd, si))
1608 return "shallow error";
1609
1610 if (ref_transaction_update(transaction,
1611 namespaced_name,
1612 new_oid, old_oid,
1613 0, "push",
1614 &err)) {
1615 rp_error("%s", err.buf);
1616 strbuf_release(&err);
1617
1618 return "failed to update ref";
1619 }
1620 strbuf_release(&err);
1621
1622 return NULL; /* good */
1623 }
1624 }
1625
1626 static void run_update_post_hook(struct command *commands)
1627 {
1628 struct command *cmd;
1629 struct child_process proc = CHILD_PROCESS_INIT;
1630 const char *hook;
1631
1632 hook = find_hook("post-update");
1633 if (!hook)
1634 return;
1635
1636 for (cmd = commands; cmd; cmd = cmd->next) {
1637 if (cmd->error_string || cmd->did_not_exist)
1638 continue;
1639 if (!proc.args.nr)
1640 strvec_push(&proc.args, hook);
1641 strvec_push(&proc.args, cmd->ref_name);
1642 }
1643 if (!proc.args.nr)
1644 return;
1645
1646 proc.no_stdin = 1;
1647 proc.stdout_to_stderr = 1;
1648 proc.err = use_sideband ? -1 : 0;
1649 proc.trace2_hook_name = "post-update";
1650
1651 if (!start_command(&proc)) {
1652 if (use_sideband)
1653 copy_to_sideband(proc.err, -1, NULL);
1654 finish_command(&proc);
1655 }
1656 }
1657
1658 static void check_aliased_update_internal(struct command *cmd,
1659 struct string_list *list,
1660 const char *dst_name, int flag)
1661 {
1662 struct string_list_item *item;
1663 struct command *dst_cmd;
1664
1665 if (!(flag & REF_ISSYMREF))
1666 return;
1667
1668 if (!dst_name) {
1669 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1670 cmd->skip_update = 1;
1671 cmd->error_string = "broken symref";
1672 return;
1673 }
1674 dst_name = strip_namespace(dst_name);
1675
1676 if ((item = string_list_lookup(list, dst_name)) == NULL)
1677 return;
1678
1679 cmd->skip_update = 1;
1680
1681 dst_cmd = (struct command *) item->util;
1682
1683 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1684 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1685 return;
1686
1687 dst_cmd->skip_update = 1;
1688
1689 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1690 " its target '%s' (%s..%s)",
1691 cmd->ref_name,
1692 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1693 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1694 dst_cmd->ref_name,
1695 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1696 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1697
1698 cmd->error_string = dst_cmd->error_string =
1699 "inconsistent aliased update";
1700 }
1701
1702 static void check_aliased_update(struct command *cmd, struct string_list *list)
1703 {
1704 struct strbuf buf = STRBUF_INIT;
1705 const char *dst_name;
1706 int flag;
1707
1708 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1709 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1710 check_aliased_update_internal(cmd, list, dst_name, flag);
1711 strbuf_release(&buf);
1712 }
1713
1714 static void check_aliased_updates(struct command *commands)
1715 {
1716 struct command *cmd;
1717 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1718
1719 for (cmd = commands; cmd; cmd = cmd->next) {
1720 struct string_list_item *item =
1721 string_list_append(&ref_list, cmd->ref_name);
1722 item->util = (void *)cmd;
1723 }
1724 string_list_sort(&ref_list);
1725
1726 for (cmd = commands; cmd; cmd = cmd->next) {
1727 if (!cmd->error_string)
1728 check_aliased_update(cmd, &ref_list);
1729 }
1730
1731 string_list_clear(&ref_list, 0);
1732 }
1733
1734 static const struct object_id *command_singleton_iterator(void *cb_data)
1735 {
1736 struct command **cmd_list = cb_data;
1737 struct command *cmd = *cmd_list;
1738
1739 if (!cmd || is_null_oid(&cmd->new_oid))
1740 return NULL;
1741 *cmd_list = NULL; /* this returns only one */
1742 return &cmd->new_oid;
1743 }
1744
1745 static void set_connectivity_errors(struct command *commands,
1746 struct shallow_info *si)
1747 {
1748 struct command *cmd;
1749
1750 for (cmd = commands; cmd; cmd = cmd->next) {
1751 struct command *singleton = cmd;
1752 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1753
1754 if (shallow_update && si->shallow_ref[cmd->index])
1755 /* to be checked in update_shallow_ref() */
1756 continue;
1757
1758 opt.env = tmp_objdir_env(tmp_objdir);
1759 if (!check_connected(command_singleton_iterator, &singleton,
1760 &opt))
1761 continue;
1762
1763 cmd->error_string = "missing necessary objects";
1764 }
1765 }
1766
1767 struct iterate_data {
1768 struct command *cmds;
1769 struct shallow_info *si;
1770 };
1771
1772 static const struct object_id *iterate_receive_command_list(void *cb_data)
1773 {
1774 struct iterate_data *data = cb_data;
1775 struct command **cmd_list = &data->cmds;
1776 struct command *cmd = *cmd_list;
1777
1778 for (; cmd; cmd = cmd->next) {
1779 if (shallow_update && data->si->shallow_ref[cmd->index])
1780 /* to be checked in update_shallow_ref() */
1781 continue;
1782 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1783 *cmd_list = cmd->next;
1784 return &cmd->new_oid;
1785 }
1786 }
1787 return NULL;
1788 }
1789
1790 static void reject_updates_to_hidden(struct command *commands)
1791 {
1792 struct strbuf refname_full = STRBUF_INIT;
1793 size_t prefix_len;
1794 struct command *cmd;
1795
1796 strbuf_addstr(&refname_full, get_git_namespace());
1797 prefix_len = refname_full.len;
1798
1799 for (cmd = commands; cmd; cmd = cmd->next) {
1800 if (cmd->error_string)
1801 continue;
1802
1803 strbuf_setlen(&refname_full, prefix_len);
1804 strbuf_addstr(&refname_full, cmd->ref_name);
1805
1806 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1807 continue;
1808 if (is_null_oid(&cmd->new_oid))
1809 cmd->error_string = "deny deleting a hidden ref";
1810 else
1811 cmd->error_string = "deny updating a hidden ref";
1812 }
1813
1814 strbuf_release(&refname_full);
1815 }
1816
1817 static int should_process_cmd(struct command *cmd)
1818 {
1819 return !cmd->error_string && !cmd->skip_update;
1820 }
1821
1822 static void warn_if_skipped_connectivity_check(struct command *commands,
1823 struct shallow_info *si)
1824 {
1825 struct command *cmd;
1826 int checked_connectivity = 1;
1827
1828 for (cmd = commands; cmd; cmd = cmd->next) {
1829 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1830 error("BUG: connectivity check has not been run on ref %s",
1831 cmd->ref_name);
1832 checked_connectivity = 0;
1833 }
1834 }
1835 if (!checked_connectivity)
1836 BUG("connectivity check skipped???");
1837 }
1838
1839 static void execute_commands_non_atomic(struct command *commands,
1840 struct shallow_info *si)
1841 {
1842 struct command *cmd;
1843 struct strbuf err = STRBUF_INIT;
1844
1845 for (cmd = commands; cmd; cmd = cmd->next) {
1846 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1847 continue;
1848
1849 transaction = ref_transaction_begin(&err);
1850 if (!transaction) {
1851 rp_error("%s", err.buf);
1852 strbuf_reset(&err);
1853 cmd->error_string = "transaction failed to start";
1854 continue;
1855 }
1856
1857 cmd->error_string = update(cmd, si);
1858
1859 if (!cmd->error_string
1860 && ref_transaction_commit(transaction, &err)) {
1861 rp_error("%s", err.buf);
1862 strbuf_reset(&err);
1863 cmd->error_string = "failed to update ref";
1864 }
1865 ref_transaction_free(transaction);
1866 }
1867 strbuf_release(&err);
1868 }
1869
1870 static void execute_commands_atomic(struct command *commands,
1871 struct shallow_info *si)
1872 {
1873 struct command *cmd;
1874 struct strbuf err = STRBUF_INIT;
1875 const char *reported_error = "atomic push failure";
1876
1877 transaction = ref_transaction_begin(&err);
1878 if (!transaction) {
1879 rp_error("%s", err.buf);
1880 strbuf_reset(&err);
1881 reported_error = "transaction failed to start";
1882 goto failure;
1883 }
1884
1885 for (cmd = commands; cmd; cmd = cmd->next) {
1886 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1887 continue;
1888
1889 cmd->error_string = update(cmd, si);
1890
1891 if (cmd->error_string)
1892 goto failure;
1893 }
1894
1895 if (ref_transaction_commit(transaction, &err)) {
1896 rp_error("%s", err.buf);
1897 reported_error = "atomic transaction failed";
1898 goto failure;
1899 }
1900 goto cleanup;
1901
1902 failure:
1903 for (cmd = commands; cmd; cmd = cmd->next)
1904 if (!cmd->error_string)
1905 cmd->error_string = reported_error;
1906
1907 cleanup:
1908 ref_transaction_free(transaction);
1909 strbuf_release(&err);
1910 }
1911
1912 static void execute_commands(struct command *commands,
1913 const char *unpacker_error,
1914 struct shallow_info *si,
1915 const struct string_list *push_options)
1916 {
1917 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1918 struct command *cmd;
1919 struct iterate_data data;
1920 struct async muxer;
1921 int err_fd = 0;
1922 int run_proc_receive = 0;
1923
1924 if (unpacker_error) {
1925 for (cmd = commands; cmd; cmd = cmd->next)
1926 cmd->error_string = "unpacker error";
1927 return;
1928 }
1929
1930 if (use_sideband) {
1931 memset(&muxer, 0, sizeof(muxer));
1932 muxer.proc = copy_to_sideband;
1933 muxer.in = -1;
1934 if (!start_async(&muxer))
1935 err_fd = muxer.in;
1936 /* ...else, continue without relaying sideband */
1937 }
1938
1939 data.cmds = commands;
1940 data.si = si;
1941 opt.err_fd = err_fd;
1942 opt.progress = err_fd && !quiet;
1943 opt.env = tmp_objdir_env(tmp_objdir);
1944 if (check_connected(iterate_receive_command_list, &data, &opt))
1945 set_connectivity_errors(commands, si);
1946
1947 if (use_sideband)
1948 finish_async(&muxer);
1949
1950 reject_updates_to_hidden(commands);
1951
1952 /*
1953 * Try to find commands that have special prefix in their reference names,
1954 * and mark them to run an external "proc-receive" hook later.
1955 */
1956 if (proc_receive_ref) {
1957 for (cmd = commands; cmd; cmd = cmd->next) {
1958 if (!should_process_cmd(cmd))
1959 continue;
1960
1961 if (proc_receive_ref_matches(cmd)) {
1962 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1963 run_proc_receive = 1;
1964 }
1965 }
1966 }
1967
1968 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1969 for (cmd = commands; cmd; cmd = cmd->next) {
1970 if (!cmd->error_string)
1971 cmd->error_string = "pre-receive hook declined";
1972 }
1973 return;
1974 }
1975
1976 /*
1977 * Now we'll start writing out refs, which means the objects need
1978 * to be in their final positions so that other processes can see them.
1979 */
1980 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1981 for (cmd = commands; cmd; cmd = cmd->next) {
1982 if (!cmd->error_string)
1983 cmd->error_string = "unable to migrate objects to permanent storage";
1984 }
1985 return;
1986 }
1987 tmp_objdir = NULL;
1988
1989 check_aliased_updates(commands);
1990
1991 free(head_name_to_free);
1992 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1993
1994 if (run_proc_receive &&
1995 run_proc_receive_hook(commands, push_options))
1996 for (cmd = commands; cmd; cmd = cmd->next)
1997 if (!cmd->error_string &&
1998 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1999 (cmd->run_proc_receive || use_atomic))
2000 cmd->error_string = "fail to run proc-receive hook";
2001
2002 if (use_atomic)
2003 execute_commands_atomic(commands, si);
2004 else
2005 execute_commands_non_atomic(commands, si);
2006
2007 if (shallow_update)
2008 warn_if_skipped_connectivity_check(commands, si);
2009 }
2010
2011 static struct command **queue_command(struct command **tail,
2012 const char *line,
2013 int linelen)
2014 {
2015 struct object_id old_oid, new_oid;
2016 struct command *cmd;
2017 const char *refname;
2018 int reflen;
2019 const char *p;
2020
2021 if (parse_oid_hex(line, &old_oid, &p) ||
2022 *p++ != ' ' ||
2023 parse_oid_hex(p, &new_oid, &p) ||
2024 *p++ != ' ')
2025 die("protocol error: expected old/new/ref, got '%s'", line);
2026
2027 refname = p;
2028 reflen = linelen - (p - line);
2029 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2030 oidcpy(&cmd->old_oid, &old_oid);
2031 oidcpy(&cmd->new_oid, &new_oid);
2032 *tail = cmd;
2033 return &cmd->next;
2034 }
2035
2036 static void queue_commands_from_cert(struct command **tail,
2037 struct strbuf *push_cert)
2038 {
2039 const char *boc, *eoc;
2040
2041 if (*tail)
2042 die("protocol error: got both push certificate and unsigned commands");
2043
2044 boc = strstr(push_cert->buf, "\n\n");
2045 if (!boc)
2046 die("malformed push certificate %.*s", 100, push_cert->buf);
2047 else
2048 boc += 2;
2049 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2050
2051 while (boc < eoc) {
2052 const char *eol = memchr(boc, '\n', eoc - boc);
2053 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2054 boc = eol ? eol + 1 : eoc;
2055 }
2056 }
2057
2058 static struct command *read_head_info(struct packet_reader *reader,
2059 struct oid_array *shallow)
2060 {
2061 struct command *commands = NULL;
2062 struct command **p = &commands;
2063 for (;;) {
2064 int linelen;
2065
2066 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2067 break;
2068
2069 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2070 struct object_id oid;
2071 if (get_oid_hex(reader->line + 8, &oid))
2072 die("protocol error: expected shallow sha, got '%s'",
2073 reader->line + 8);
2074 oid_array_append(shallow, &oid);
2075 continue;
2076 }
2077
2078 linelen = strlen(reader->line);
2079 if (linelen < reader->pktlen) {
2080 const char *feature_list = reader->line + linelen + 1;
2081 const char *hash = NULL;
2082 const char *client_sid;
2083 int len = 0;
2084 if (parse_feature_request(feature_list, "report-status"))
2085 report_status = 1;
2086 if (parse_feature_request(feature_list, "report-status-v2"))
2087 report_status_v2 = 1;
2088 if (parse_feature_request(feature_list, "side-band-64k"))
2089 use_sideband = LARGE_PACKET_MAX;
2090 if (parse_feature_request(feature_list, "quiet"))
2091 quiet = 1;
2092 if (advertise_atomic_push
2093 && parse_feature_request(feature_list, "atomic"))
2094 use_atomic = 1;
2095 if (advertise_push_options
2096 && parse_feature_request(feature_list, "push-options"))
2097 use_push_options = 1;
2098 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2099 if (!hash) {
2100 hash = hash_algos[GIT_HASH_SHA1].name;
2101 len = strlen(hash);
2102 }
2103 if (xstrncmpz(the_hash_algo->name, hash, len))
2104 die("error: unsupported object format '%s'", hash);
2105 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2106 if (client_sid) {
2107 char *sid = xstrndup(client_sid, len);
2108 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2109 free(sid);
2110 }
2111 }
2112
2113 if (!strcmp(reader->line, "push-cert")) {
2114 int true_flush = 0;
2115 int saved_options = reader->options;
2116 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2117
2118 for (;;) {
2119 packet_reader_read(reader);
2120 if (reader->status == PACKET_READ_FLUSH) {
2121 true_flush = 1;
2122 break;
2123 }
2124 if (reader->status != PACKET_READ_NORMAL) {
2125 die("protocol error: got an unexpected packet");
2126 }
2127 if (!strcmp(reader->line, "push-cert-end\n"))
2128 break; /* end of cert */
2129 strbuf_addstr(&push_cert, reader->line);
2130 }
2131 reader->options = saved_options;
2132
2133 if (true_flush)
2134 break;
2135 continue;
2136 }
2137
2138 p = queue_command(p, reader->line, linelen);
2139 }
2140
2141 if (push_cert.len)
2142 queue_commands_from_cert(p, &push_cert);
2143
2144 return commands;
2145 }
2146
2147 static void read_push_options(struct packet_reader *reader,
2148 struct string_list *options)
2149 {
2150 while (1) {
2151 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2152 break;
2153
2154 string_list_append(options, reader->line);
2155 }
2156 }
2157
2158 static const char *parse_pack_header(struct pack_header *hdr)
2159 {
2160 switch (read_pack_header(0, hdr)) {
2161 case PH_ERROR_EOF:
2162 return "eof before pack header was fully read";
2163
2164 case PH_ERROR_PACK_SIGNATURE:
2165 return "protocol error (pack signature mismatch detected)";
2166
2167 case PH_ERROR_PROTOCOL:
2168 return "protocol error (pack version unsupported)";
2169
2170 default:
2171 return "unknown error in parse_pack_header";
2172
2173 case 0:
2174 return NULL;
2175 }
2176 }
2177
2178 static const char *pack_lockfile;
2179
2180 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2181 {
2182 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2183 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2184 }
2185
2186 static const char *unpack(int err_fd, struct shallow_info *si)
2187 {
2188 struct pack_header hdr;
2189 const char *hdr_err;
2190 int status;
2191 struct child_process child = CHILD_PROCESS_INIT;
2192 int fsck_objects = (receive_fsck_objects >= 0
2193 ? receive_fsck_objects
2194 : transfer_fsck_objects >= 0
2195 ? transfer_fsck_objects
2196 : 0);
2197
2198 hdr_err = parse_pack_header(&hdr);
2199 if (hdr_err) {
2200 if (err_fd > 0)
2201 close(err_fd);
2202 return hdr_err;
2203 }
2204
2205 if (si->nr_ours || si->nr_theirs) {
2206 alt_shallow_file = setup_temporary_shallow(si->shallow);
2207 strvec_push(&child.args, "--shallow-file");
2208 strvec_push(&child.args, alt_shallow_file);
2209 }
2210
2211 tmp_objdir = tmp_objdir_create();
2212 if (!tmp_objdir) {
2213 if (err_fd > 0)
2214 close(err_fd);
2215 return "unable to create temporary object directory";
2216 }
2217 child.env = tmp_objdir_env(tmp_objdir);
2218
2219 /*
2220 * Normally we just pass the tmp_objdir environment to the child
2221 * processes that do the heavy lifting, but we may need to see these
2222 * objects ourselves to set up shallow information.
2223 */
2224 tmp_objdir_add_as_alternate(tmp_objdir);
2225
2226 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2227 strvec_push(&child.args, "unpack-objects");
2228 push_header_arg(&child.args, &hdr);
2229 if (quiet)
2230 strvec_push(&child.args, "-q");
2231 if (fsck_objects)
2232 strvec_pushf(&child.args, "--strict%s",
2233 fsck_msg_types.buf);
2234 if (max_input_size)
2235 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2236 (uintmax_t)max_input_size);
2237 child.no_stdout = 1;
2238 child.err = err_fd;
2239 child.git_cmd = 1;
2240 status = run_command(&child);
2241 if (status)
2242 return "unpack-objects abnormal exit";
2243 } else {
2244 char hostname[HOST_NAME_MAX + 1];
2245
2246 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2247 push_header_arg(&child.args, &hdr);
2248
2249 if (xgethostname(hostname, sizeof(hostname)))
2250 xsnprintf(hostname, sizeof(hostname), "localhost");
2251 strvec_pushf(&child.args,
2252 "--keep=receive-pack %"PRIuMAX" on %s",
2253 (uintmax_t)getpid(),
2254 hostname);
2255
2256 if (!quiet && err_fd)
2257 strvec_push(&child.args, "--show-resolving-progress");
2258 if (use_sideband)
2259 strvec_push(&child.args, "--report-end-of-input");
2260 if (fsck_objects)
2261 strvec_pushf(&child.args, "--strict%s",
2262 fsck_msg_types.buf);
2263 if (!reject_thin)
2264 strvec_push(&child.args, "--fix-thin");
2265 if (max_input_size)
2266 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2267 (uintmax_t)max_input_size);
2268 child.out = -1;
2269 child.err = err_fd;
2270 child.git_cmd = 1;
2271 status = start_command(&child);
2272 if (status)
2273 return "index-pack fork failed";
2274 pack_lockfile = index_pack_lockfile(child.out, NULL);
2275 close(child.out);
2276 status = finish_command(&child);
2277 if (status)
2278 return "index-pack abnormal exit";
2279 reprepare_packed_git(the_repository);
2280 }
2281 return NULL;
2282 }
2283
2284 static const char *unpack_with_sideband(struct shallow_info *si)
2285 {
2286 struct async muxer;
2287 const char *ret;
2288
2289 if (!use_sideband)
2290 return unpack(0, si);
2291
2292 use_keepalive = KEEPALIVE_AFTER_NUL;
2293 memset(&muxer, 0, sizeof(muxer));
2294 muxer.proc = copy_to_sideband;
2295 muxer.in = -1;
2296 if (start_async(&muxer))
2297 return NULL;
2298
2299 ret = unpack(muxer.in, si);
2300
2301 finish_async(&muxer);
2302 return ret;
2303 }
2304
2305 static void prepare_shallow_update(struct shallow_info *si)
2306 {
2307 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2308
2309 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2310 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2311
2312 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2313 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2314 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2315
2316 for (i = 0; i < si->nr_ours; i++)
2317 si->need_reachability_test[si->ours[i]] = 1;
2318
2319 for (i = 0; i < si->shallow->nr; i++) {
2320 if (!si->used_shallow[i])
2321 continue;
2322 for (j = 0; j < bitmap_size; j++) {
2323 if (!si->used_shallow[i][j])
2324 continue;
2325 si->need_reachability_test[i]++;
2326 for (k = 0; k < 32; k++)
2327 if (si->used_shallow[i][j] & (1U << k))
2328 si->shallow_ref[j * 32 + k]++;
2329 }
2330
2331 /*
2332 * true for those associated with some refs and belong
2333 * in "ours" list aka "step 7 not done yet"
2334 */
2335 si->need_reachability_test[i] =
2336 si->need_reachability_test[i] > 1;
2337 }
2338
2339 /*
2340 * keep hooks happy by forcing a temporary shallow file via
2341 * env variable because we can't add --shallow-file to every
2342 * command. check_connected() will be done with
2343 * true .git/shallow though.
2344 */
2345 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2346 }
2347
2348 static void update_shallow_info(struct command *commands,
2349 struct shallow_info *si,
2350 struct oid_array *ref)
2351 {
2352 struct command *cmd;
2353 int *ref_status;
2354 remove_nonexistent_theirs_shallow(si);
2355 if (!si->nr_ours && !si->nr_theirs) {
2356 shallow_update = 0;
2357 return;
2358 }
2359
2360 for (cmd = commands; cmd; cmd = cmd->next) {
2361 if (is_null_oid(&cmd->new_oid))
2362 continue;
2363 oid_array_append(ref, &cmd->new_oid);
2364 cmd->index = ref->nr - 1;
2365 }
2366 si->ref = ref;
2367
2368 if (shallow_update) {
2369 prepare_shallow_update(si);
2370 return;
2371 }
2372
2373 ALLOC_ARRAY(ref_status, ref->nr);
2374 assign_shallow_commits_to_refs(si, NULL, ref_status);
2375 for (cmd = commands; cmd; cmd = cmd->next) {
2376 if (is_null_oid(&cmd->new_oid))
2377 continue;
2378 if (ref_status[cmd->index]) {
2379 cmd->error_string = "shallow update not allowed";
2380 cmd->skip_update = 1;
2381 }
2382 }
2383 free(ref_status);
2384 }
2385
2386 static void report(struct command *commands, const char *unpack_status)
2387 {
2388 struct command *cmd;
2389 struct strbuf buf = STRBUF_INIT;
2390
2391 packet_buf_write(&buf, "unpack %s\n",
2392 unpack_status ? unpack_status : "ok");
2393 for (cmd = commands; cmd; cmd = cmd->next) {
2394 if (!cmd->error_string)
2395 packet_buf_write(&buf, "ok %s\n",
2396 cmd->ref_name);
2397 else
2398 packet_buf_write(&buf, "ng %s %s\n",
2399 cmd->ref_name, cmd->error_string);
2400 }
2401 packet_buf_flush(&buf);
2402
2403 if (use_sideband)
2404 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2405 else
2406 write_or_die(1, buf.buf, buf.len);
2407 strbuf_release(&buf);
2408 }
2409
2410 static void report_v2(struct command *commands, const char *unpack_status)
2411 {
2412 struct command *cmd;
2413 struct strbuf buf = STRBUF_INIT;
2414 struct ref_push_report *report;
2415
2416 packet_buf_write(&buf, "unpack %s\n",
2417 unpack_status ? unpack_status : "ok");
2418 for (cmd = commands; cmd; cmd = cmd->next) {
2419 int count = 0;
2420
2421 if (cmd->error_string) {
2422 packet_buf_write(&buf, "ng %s %s\n",
2423 cmd->ref_name,
2424 cmd->error_string);
2425 continue;
2426 }
2427 packet_buf_write(&buf, "ok %s\n",
2428 cmd->ref_name);
2429 for (report = cmd->report; report; report = report->next) {
2430 if (count++ > 0)
2431 packet_buf_write(&buf, "ok %s\n",
2432 cmd->ref_name);
2433 if (report->ref_name)
2434 packet_buf_write(&buf, "option refname %s\n",
2435 report->ref_name);
2436 if (report->old_oid)
2437 packet_buf_write(&buf, "option old-oid %s\n",
2438 oid_to_hex(report->old_oid));
2439 if (report->new_oid)
2440 packet_buf_write(&buf, "option new-oid %s\n",
2441 oid_to_hex(report->new_oid));
2442 if (report->forced_update)
2443 packet_buf_write(&buf, "option forced-update\n");
2444 }
2445 }
2446 packet_buf_flush(&buf);
2447
2448 if (use_sideband)
2449 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2450 else
2451 write_or_die(1, buf.buf, buf.len);
2452 strbuf_release(&buf);
2453 }
2454
2455 static int delete_only(struct command *commands)
2456 {
2457 struct command *cmd;
2458 for (cmd = commands; cmd; cmd = cmd->next) {
2459 if (!is_null_oid(&cmd->new_oid))
2460 return 0;
2461 }
2462 return 1;
2463 }
2464
2465 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2466 {
2467 int advertise_refs = 0;
2468 struct command *commands;
2469 struct oid_array shallow = OID_ARRAY_INIT;
2470 struct oid_array ref = OID_ARRAY_INIT;
2471 struct shallow_info si;
2472 struct packet_reader reader;
2473
2474 struct option options[] = {
2475 OPT__QUIET(&quiet, N_("quiet")),
2476 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2477 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
2478 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2479 OPT_END()
2480 };
2481
2482 packet_trace_identity("receive-pack");
2483
2484 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2485
2486 if (argc > 1)
2487 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
2488 if (argc == 0)
2489 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
2490
2491 service_dir = argv[0];
2492
2493 setup_path();
2494
2495 if (!enter_repo(service_dir, 0))
2496 die("'%s' does not appear to be a git repository", service_dir);
2497
2498 git_config(receive_pack_config, NULL);
2499 if (cert_nonce_seed)
2500 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2501
2502 if (0 <= transfer_unpack_limit)
2503 unpack_limit = transfer_unpack_limit;
2504 else if (0 <= receive_unpack_limit)
2505 unpack_limit = receive_unpack_limit;
2506
2507 switch (determine_protocol_version_server()) {
2508 case protocol_v2:
2509 /*
2510 * push support for protocol v2 has not been implemented yet,
2511 * so ignore the request to use v2 and fallback to using v0.
2512 */
2513 break;
2514 case protocol_v1:
2515 /*
2516 * v1 is just the original protocol with a version string,
2517 * so just fall through after writing the version string.
2518 */
2519 if (advertise_refs || !stateless_rpc)
2520 packet_write_fmt(1, "version 1\n");
2521
2522 /* fallthrough */
2523 case protocol_v0:
2524 break;
2525 case protocol_unknown_version:
2526 BUG("unknown protocol version");
2527 }
2528
2529 if (advertise_refs || !stateless_rpc) {
2530 write_head_info();
2531 }
2532 if (advertise_refs)
2533 return 0;
2534
2535 packet_reader_init(&reader, 0, NULL, 0,
2536 PACKET_READ_CHOMP_NEWLINE |
2537 PACKET_READ_DIE_ON_ERR_PACKET);
2538
2539 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2540 const char *unpack_status = NULL;
2541 struct string_list push_options = STRING_LIST_INIT_DUP;
2542
2543 if (use_push_options)
2544 read_push_options(&reader, &push_options);
2545 if (!check_cert_push_options(&push_options)) {
2546 struct command *cmd;
2547 for (cmd = commands; cmd; cmd = cmd->next)
2548 cmd->error_string = "inconsistent push options";
2549 }
2550
2551 prepare_shallow_info(&si, &shallow);
2552 if (!si.nr_ours && !si.nr_theirs)
2553 shallow_update = 0;
2554 if (!delete_only(commands)) {
2555 unpack_status = unpack_with_sideband(&si);
2556 update_shallow_info(commands, &si, &ref);
2557 }
2558 use_keepalive = KEEPALIVE_ALWAYS;
2559 execute_commands(commands, unpack_status, &si,
2560 &push_options);
2561 if (pack_lockfile)
2562 unlink_or_warn(pack_lockfile);
2563 if (report_status_v2)
2564 report_v2(commands, unpack_status);
2565 else if (report_status)
2566 report(commands, unpack_status);
2567 run_receive_hook(commands, "post-receive", 1,
2568 &push_options);
2569 run_update_post_hook(commands);
2570 string_list_clear(&push_options, 0);
2571 if (auto_gc) {
2572 const char *argv_gc_auto[] = {
2573 "gc", "--auto", "--quiet", NULL,
2574 };
2575 struct child_process proc = CHILD_PROCESS_INIT;
2576
2577 proc.no_stdin = 1;
2578 proc.stdout_to_stderr = 1;
2579 proc.err = use_sideband ? -1 : 0;
2580 proc.git_cmd = 1;
2581 proc.argv = argv_gc_auto;
2582
2583 close_object_store(the_repository->objects);
2584 if (!start_command(&proc)) {
2585 if (use_sideband)
2586 copy_to_sideband(proc.err, -1, NULL);
2587 finish_command(&proc);
2588 }
2589 }
2590 if (auto_update_server_info)
2591 update_server_info(0);
2592 clear_shallow_info(&si);
2593 }
2594 if (use_sideband)
2595 packet_flush(1);
2596 oid_array_clear(&shallow);
2597 oid_array_clear(&ref);
2598 free((void *)push_cert_nonce);
2599 return 0;
2600 }
Unnamed repository; edit this file 'description' to name the repository.