]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'kk/complete-diff-color-moved'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "sha1-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31
32 static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35 };
36
37 enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43 };
44
45 static int deny_deletes;
46 static int deny_non_fast_forwards;
47 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49 static int receive_fsck_objects = -1;
50 static int transfer_fsck_objects = -1;
51 static struct strbuf fsck_msg_types = STRBUF_INIT;
52 static int receive_unpack_limit = -1;
53 static int transfer_unpack_limit = -1;
54 static int advertise_atomic_push = 1;
55 static int advertise_push_options;
56 static int unpack_limit = 100;
57 static off_t max_input_size;
58 static int report_status;
59 static int use_sideband;
60 static int use_atomic;
61 static int use_push_options;
62 static int quiet;
63 static int prefer_ofs_delta = 1;
64 static int auto_update_server_info;
65 static int auto_gc = 1;
66 static int reject_thin;
67 static int stateless_rpc;
68 static const char *service_dir;
69 static const char *head_name;
70 static void *head_name_to_free;
71 static int sent_capabilities;
72 static int shallow_update;
73 static const char *alt_shallow_file;
74 static struct strbuf push_cert = STRBUF_INIT;
75 static struct object_id push_cert_oid;
76 static struct signature_check sigcheck;
77 static const char *push_cert_nonce;
78 static const char *cert_nonce_seed;
79
80 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81 static const char *NONCE_BAD = "BAD";
82 static const char *NONCE_MISSING = "MISSING";
83 static const char *NONCE_OK = "OK";
84 static const char *NONCE_SLOP = "SLOP";
85 static const char *nonce_status;
86 static long nonce_stamp_slop;
87 static timestamp_t nonce_stamp_slop_limit;
88 static struct ref_transaction *transaction;
89
90 static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94 } use_keepalive;
95 static int keepalive_in_sec = 5;
96
97 static struct tmp_objdir *tmp_objdir;
98
99 static enum deny_action parse_deny_action(const char *var, const char *value)
100 {
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114 }
115
116 static int receive_pack_config(const char *var, const char *value, void *cb)
117 {
118 int status = parse_hide_refs_config(var, value, "receive");
119
120 if (status)
121 return status;
122
123 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145
146 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153
154 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205
206 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225
226 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230
231 return git_default_config(var, value, cb);
232 }
233
234 static void show_ref(const char *path, const struct object_id *oid)
235 {
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240
241 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257 }
258
259 static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261 {
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264
265 if (ref_is_hidden(path, path_full))
266 return 0;
267
268 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282 }
283
284 static void show_one_alternate_ref(const struct object_id *oid,
285 void *data)
286 {
287 struct oidset *seen = data;
288
289 if (oidset_insert(seen, oid))
290 return;
291
292 show_ref(".have", oid);
293 }
294
295 static void write_head_info(void)
296 {
297 static struct oidset seen = OIDSET_INIT;
298
299 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304
305 advertise_shallow_grafts(1);
306
307 /* EOF */
308 packet_flush(1);
309 }
310
311 struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320 };
321
322 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324
325 static void report_message(const char *prefix, const char *err, va_list params)
326 {
327 int sz;
328 char msg[4096];
329
330 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335
336 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340 }
341
342 static void rp_warning(const char *err, ...)
343 {
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348 }
349
350 static void rp_error(const char *err, ...)
351 {
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356 }
357
358 static int copy_to_sideband(int in, int out, void *arg)
359 {
360 char data[128];
361 int keepalive_active = 0;
362
363 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367
368 while (1) {
369 ssize_t sz;
370
371 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374
375 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378
379 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391
392 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395
396 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410
411 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419 }
420
421 static void hmac(unsigned char *out,
422 const char *key_in, size_t key_len,
423 const char *text, size_t text_len)
424 {
425 unsigned char key[GIT_MAX_BLKSZ];
426 unsigned char k_ipad[GIT_MAX_BLKSZ];
427 unsigned char k_opad[GIT_MAX_BLKSZ];
428 int i;
429 git_hash_ctx ctx;
430
431 /* RFC 2104 2. (1) */
432 memset(key, '\0', GIT_MAX_BLKSZ);
433 if (the_hash_algo->blksz < key_len) {
434 the_hash_algo->init_fn(&ctx);
435 the_hash_algo->update_fn(&ctx, key_in, key_len);
436 the_hash_algo->final_fn(key, &ctx);
437 } else {
438 memcpy(key, key_in, key_len);
439 }
440
441 /* RFC 2104 2. (2) & (5) */
442 for (i = 0; i < sizeof(key); i++) {
443 k_ipad[i] = key[i] ^ 0x36;
444 k_opad[i] = key[i] ^ 0x5c;
445 }
446
447 /* RFC 2104 2. (3) & (4) */
448 the_hash_algo->init_fn(&ctx);
449 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
450 the_hash_algo->update_fn(&ctx, text, text_len);
451 the_hash_algo->final_fn(out, &ctx);
452
453 /* RFC 2104 2. (6) & (7) */
454 the_hash_algo->init_fn(&ctx);
455 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
456 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
457 the_hash_algo->final_fn(out, &ctx);
458 }
459
460 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
461 {
462 struct strbuf buf = STRBUF_INIT;
463 unsigned char hash[GIT_MAX_RAWSZ];
464
465 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
466 hmac(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
467 strbuf_release(&buf);
468
469 /* RFC 2104 5. HMAC-SHA1-80 */
470 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
471 return strbuf_detach(&buf, NULL);
472 }
473
474 /*
475 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
476 * after dropping "_commit" from its name and possibly moving it out
477 * of commit.c
478 */
479 static char *find_header(const char *msg, size_t len, const char *key,
480 const char **next_line)
481 {
482 int key_len = strlen(key);
483 const char *line = msg;
484
485 while (line && line < msg + len) {
486 const char *eol = strchrnul(line, '\n');
487
488 if ((msg + len <= eol) || line == eol)
489 return NULL;
490 if (line + key_len < eol &&
491 !memcmp(line, key, key_len) && line[key_len] == ' ') {
492 int offset = key_len + 1;
493 if (next_line)
494 *next_line = *eol ? eol + 1 : eol;
495 return xmemdupz(line + offset, (eol - line) - offset);
496 }
497 line = *eol ? eol + 1 : NULL;
498 }
499 return NULL;
500 }
501
502 static const char *check_nonce(const char *buf, size_t len)
503 {
504 char *nonce = find_header(buf, len, "nonce", NULL);
505 timestamp_t stamp, ostamp;
506 char *bohmac, *expect = NULL;
507 const char *retval = NONCE_BAD;
508
509 if (!nonce) {
510 retval = NONCE_MISSING;
511 goto leave;
512 } else if (!push_cert_nonce) {
513 retval = NONCE_UNSOLICITED;
514 goto leave;
515 } else if (!strcmp(push_cert_nonce, nonce)) {
516 retval = NONCE_OK;
517 goto leave;
518 }
519
520 if (!stateless_rpc) {
521 /* returned nonce MUST match what we gave out earlier */
522 retval = NONCE_BAD;
523 goto leave;
524 }
525
526 /*
527 * In stateless mode, we may be receiving a nonce issued by
528 * another instance of the server that serving the same
529 * repository, and the timestamps may not match, but the
530 * nonce-seed and dir should match, so we can recompute and
531 * report the time slop.
532 *
533 * In addition, when a nonce issued by another instance has
534 * timestamp within receive.certnonceslop seconds, we pretend
535 * as if we issued that nonce when reporting to the hook.
536 */
537
538 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
539 if (*nonce <= '0' || '9' < *nonce) {
540 retval = NONCE_BAD;
541 goto leave;
542 }
543 stamp = parse_timestamp(nonce, &bohmac, 10);
544 if (bohmac == nonce || bohmac[0] != '-') {
545 retval = NONCE_BAD;
546 goto leave;
547 }
548
549 expect = prepare_push_cert_nonce(service_dir, stamp);
550 if (strcmp(expect, nonce)) {
551 /* Not what we would have signed earlier */
552 retval = NONCE_BAD;
553 goto leave;
554 }
555
556 /*
557 * By how many seconds is this nonce stale? Negative value
558 * would mean it was issued by another server with its clock
559 * skewed in the future.
560 */
561 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
562 nonce_stamp_slop = (long)ostamp - (long)stamp;
563
564 if (nonce_stamp_slop_limit &&
565 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
566 /*
567 * Pretend as if the received nonce (which passes the
568 * HMAC check, so it is not a forged by third-party)
569 * is what we issued.
570 */
571 free((void *)push_cert_nonce);
572 push_cert_nonce = xstrdup(nonce);
573 retval = NONCE_OK;
574 } else {
575 retval = NONCE_SLOP;
576 }
577
578 leave:
579 free(nonce);
580 free(expect);
581 return retval;
582 }
583
584 /*
585 * Return 1 if there is no push_cert or if the push options in push_cert are
586 * the same as those in the argument; 0 otherwise.
587 */
588 static int check_cert_push_options(const struct string_list *push_options)
589 {
590 const char *buf = push_cert.buf;
591 int len = push_cert.len;
592
593 char *option;
594 const char *next_line;
595 int options_seen = 0;
596
597 int retval = 1;
598
599 if (!len)
600 return 1;
601
602 while ((option = find_header(buf, len, "push-option", &next_line))) {
603 len -= (next_line - buf);
604 buf = next_line;
605 options_seen++;
606 if (options_seen > push_options->nr
607 || strcmp(option,
608 push_options->items[options_seen - 1].string)) {
609 retval = 0;
610 goto leave;
611 }
612 free(option);
613 }
614
615 if (options_seen != push_options->nr)
616 retval = 0;
617
618 leave:
619 free(option);
620 return retval;
621 }
622
623 static void prepare_push_cert_sha1(struct child_process *proc)
624 {
625 static int already_done;
626
627 if (!push_cert.len)
628 return;
629
630 if (!already_done) {
631 int bogs /* beginning_of_gpg_sig */;
632
633 already_done = 1;
634 if (write_object_file(push_cert.buf, push_cert.len, "blob",
635 &push_cert_oid))
636 oidclr(&push_cert_oid);
637
638 memset(&sigcheck, '\0', sizeof(sigcheck));
639
640 bogs = parse_signature(push_cert.buf, push_cert.len);
641 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
642 push_cert.len - bogs, &sigcheck);
643
644 nonce_status = check_nonce(push_cert.buf, bogs);
645 }
646 if (!is_null_oid(&push_cert_oid)) {
647 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
648 oid_to_hex(&push_cert_oid));
649 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
650 sigcheck.signer ? sigcheck.signer : "");
651 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
652 sigcheck.key ? sigcheck.key : "");
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
654 sigcheck.result);
655 if (push_cert_nonce) {
656 argv_array_pushf(&proc->env_array,
657 "GIT_PUSH_CERT_NONCE=%s",
658 push_cert_nonce);
659 argv_array_pushf(&proc->env_array,
660 "GIT_PUSH_CERT_NONCE_STATUS=%s",
661 nonce_status);
662 if (nonce_status == NONCE_SLOP)
663 argv_array_pushf(&proc->env_array,
664 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
665 nonce_stamp_slop);
666 }
667 }
668 }
669
670 struct receive_hook_feed_state {
671 struct command *cmd;
672 int skip_broken;
673 struct strbuf buf;
674 const struct string_list *push_options;
675 };
676
677 typedef int (*feed_fn)(void *, const char **, size_t *);
678 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
679 struct receive_hook_feed_state *feed_state)
680 {
681 struct child_process proc = CHILD_PROCESS_INIT;
682 struct async muxer;
683 const char *argv[2];
684 int code;
685
686 argv[0] = find_hook(hook_name);
687 if (!argv[0])
688 return 0;
689
690 argv[1] = NULL;
691
692 proc.argv = argv;
693 proc.in = -1;
694 proc.stdout_to_stderr = 1;
695 proc.trace2_hook_name = hook_name;
696
697 if (feed_state->push_options) {
698 int i;
699 for (i = 0; i < feed_state->push_options->nr; i++)
700 argv_array_pushf(&proc.env_array,
701 "GIT_PUSH_OPTION_%d=%s", i,
702 feed_state->push_options->items[i].string);
703 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
704 feed_state->push_options->nr);
705 } else
706 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
707
708 if (tmp_objdir)
709 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
710
711 if (use_sideband) {
712 memset(&muxer, 0, sizeof(muxer));
713 muxer.proc = copy_to_sideband;
714 muxer.in = -1;
715 code = start_async(&muxer);
716 if (code)
717 return code;
718 proc.err = muxer.in;
719 }
720
721 prepare_push_cert_sha1(&proc);
722
723 code = start_command(&proc);
724 if (code) {
725 if (use_sideband)
726 finish_async(&muxer);
727 return code;
728 }
729
730 sigchain_push(SIGPIPE, SIG_IGN);
731
732 while (1) {
733 const char *buf;
734 size_t n;
735 if (feed(feed_state, &buf, &n))
736 break;
737 if (write_in_full(proc.in, buf, n) < 0)
738 break;
739 }
740 close(proc.in);
741 if (use_sideband)
742 finish_async(&muxer);
743
744 sigchain_pop(SIGPIPE);
745
746 return finish_command(&proc);
747 }
748
749 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
750 {
751 struct receive_hook_feed_state *state = state_;
752 struct command *cmd = state->cmd;
753
754 while (cmd &&
755 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
756 cmd = cmd->next;
757 if (!cmd)
758 return -1; /* EOF */
759 strbuf_reset(&state->buf);
760 strbuf_addf(&state->buf, "%s %s %s\n",
761 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
762 cmd->ref_name);
763 state->cmd = cmd->next;
764 if (bufp) {
765 *bufp = state->buf.buf;
766 *sizep = state->buf.len;
767 }
768 return 0;
769 }
770
771 static int run_receive_hook(struct command *commands,
772 const char *hook_name,
773 int skip_broken,
774 const struct string_list *push_options)
775 {
776 struct receive_hook_feed_state state;
777 int status;
778
779 strbuf_init(&state.buf, 0);
780 state.cmd = commands;
781 state.skip_broken = skip_broken;
782 if (feed_receive_hook(&state, NULL, NULL))
783 return 0;
784 state.cmd = commands;
785 state.push_options = push_options;
786 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
787 strbuf_release(&state.buf);
788 return status;
789 }
790
791 static int run_update_hook(struct command *cmd)
792 {
793 const char *argv[5];
794 struct child_process proc = CHILD_PROCESS_INIT;
795 int code;
796
797 argv[0] = find_hook("update");
798 if (!argv[0])
799 return 0;
800
801 argv[1] = cmd->ref_name;
802 argv[2] = oid_to_hex(&cmd->old_oid);
803 argv[3] = oid_to_hex(&cmd->new_oid);
804 argv[4] = NULL;
805
806 proc.no_stdin = 1;
807 proc.stdout_to_stderr = 1;
808 proc.err = use_sideband ? -1 : 0;
809 proc.argv = argv;
810 proc.trace2_hook_name = "update";
811
812 code = start_command(&proc);
813 if (code)
814 return code;
815 if (use_sideband)
816 copy_to_sideband(proc.err, -1, NULL);
817 return finish_command(&proc);
818 }
819
820 static char *refuse_unconfigured_deny_msg =
821 N_("By default, updating the current branch in a non-bare repository\n"
822 "is denied, because it will make the index and work tree inconsistent\n"
823 "with what you pushed, and will require 'git reset --hard' to match\n"
824 "the work tree to HEAD.\n"
825 "\n"
826 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
827 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
828 "its current branch; however, this is not recommended unless you\n"
829 "arranged to update its work tree to match what you pushed in some\n"
830 "other way.\n"
831 "\n"
832 "To squelch this message and still keep the default behaviour, set\n"
833 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
834
835 static void refuse_unconfigured_deny(void)
836 {
837 rp_error("%s", _(refuse_unconfigured_deny_msg));
838 }
839
840 static char *refuse_unconfigured_deny_delete_current_msg =
841 N_("By default, deleting the current branch is denied, because the next\n"
842 "'git clone' won't result in any file checked out, causing confusion.\n"
843 "\n"
844 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
845 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
846 "current branch, with or without a warning message.\n"
847 "\n"
848 "To squelch this message, you can set it to 'refuse'.");
849
850 static void refuse_unconfigured_deny_delete_current(void)
851 {
852 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
853 }
854
855 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
856 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
857 {
858 struct lock_file shallow_lock = LOCK_INIT;
859 struct oid_array extra = OID_ARRAY_INIT;
860 struct check_connected_options opt = CHECK_CONNECTED_INIT;
861 uint32_t mask = 1 << (cmd->index % 32);
862 int i;
863
864 trace_printf_key(&trace_shallow,
865 "shallow: update_shallow_ref %s\n", cmd->ref_name);
866 for (i = 0; i < si->shallow->nr; i++)
867 if (si->used_shallow[i] &&
868 (si->used_shallow[i][cmd->index / 32] & mask) &&
869 !delayed_reachability_test(si, i))
870 oid_array_append(&extra, &si->shallow->oid[i]);
871
872 opt.env = tmp_objdir_env(tmp_objdir);
873 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
874 if (check_connected(command_singleton_iterator, cmd, &opt)) {
875 rollback_lock_file(&shallow_lock);
876 oid_array_clear(&extra);
877 return -1;
878 }
879
880 commit_lock_file(&shallow_lock);
881
882 /*
883 * Make sure setup_alternate_shallow() for the next ref does
884 * not lose these new roots..
885 */
886 for (i = 0; i < extra.nr; i++)
887 register_shallow(the_repository, &extra.oid[i]);
888
889 si->shallow_ref[cmd->index] = 0;
890 oid_array_clear(&extra);
891 return 0;
892 }
893
894 /*
895 * NEEDSWORK: we should consolidate various implementions of "are we
896 * on an unborn branch?" test into one, and make the unified one more
897 * robust. !get_sha1() based check used here and elsewhere would not
898 * allow us to tell an unborn branch from corrupt ref, for example.
899 * For the purpose of fixing "deploy-to-update does not work when
900 * pushing into an empty repository" issue, this should suffice for
901 * now.
902 */
903 static int head_has_history(void)
904 {
905 struct object_id oid;
906
907 return !get_oid("HEAD", &oid);
908 }
909
910 static const char *push_to_deploy(unsigned char *sha1,
911 struct argv_array *env,
912 const char *work_tree)
913 {
914 const char *update_refresh[] = {
915 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
916 };
917 const char *diff_files[] = {
918 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
919 };
920 const char *diff_index[] = {
921 "diff-index", "--quiet", "--cached", "--ignore-submodules",
922 NULL, "--", NULL
923 };
924 const char *read_tree[] = {
925 "read-tree", "-u", "-m", NULL, NULL
926 };
927 struct child_process child = CHILD_PROCESS_INIT;
928
929 child.argv = update_refresh;
930 child.env = env->argv;
931 child.dir = work_tree;
932 child.no_stdin = 1;
933 child.stdout_to_stderr = 1;
934 child.git_cmd = 1;
935 if (run_command(&child))
936 return "Up-to-date check failed";
937
938 /* run_command() does not clean up completely; reinitialize */
939 child_process_init(&child);
940 child.argv = diff_files;
941 child.env = env->argv;
942 child.dir = work_tree;
943 child.no_stdin = 1;
944 child.stdout_to_stderr = 1;
945 child.git_cmd = 1;
946 if (run_command(&child))
947 return "Working directory has unstaged changes";
948
949 /* diff-index with either HEAD or an empty tree */
950 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
951
952 child_process_init(&child);
953 child.argv = diff_index;
954 child.env = env->argv;
955 child.no_stdin = 1;
956 child.no_stdout = 1;
957 child.stdout_to_stderr = 0;
958 child.git_cmd = 1;
959 if (run_command(&child))
960 return "Working directory has staged changes";
961
962 read_tree[3] = hash_to_hex(sha1);
963 child_process_init(&child);
964 child.argv = read_tree;
965 child.env = env->argv;
966 child.dir = work_tree;
967 child.no_stdin = 1;
968 child.no_stdout = 1;
969 child.stdout_to_stderr = 0;
970 child.git_cmd = 1;
971 if (run_command(&child))
972 return "Could not update working tree to new HEAD";
973
974 return NULL;
975 }
976
977 static const char *push_to_checkout_hook = "push-to-checkout";
978
979 static const char *push_to_checkout(unsigned char *hash,
980 struct argv_array *env,
981 const char *work_tree)
982 {
983 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
984 if (run_hook_le(env->argv, push_to_checkout_hook,
985 hash_to_hex(hash), NULL))
986 return "push-to-checkout hook declined";
987 else
988 return NULL;
989 }
990
991 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
992 {
993 const char *retval, *work_tree, *git_dir = NULL;
994 struct argv_array env = ARGV_ARRAY_INIT;
995
996 if (worktree && worktree->path)
997 work_tree = worktree->path;
998 else if (git_work_tree_cfg)
999 work_tree = git_work_tree_cfg;
1000 else
1001 work_tree = "..";
1002
1003 if (is_bare_repository())
1004 return "denyCurrentBranch = updateInstead needs a worktree";
1005 if (worktree)
1006 git_dir = get_worktree_git_dir(worktree);
1007 if (!git_dir)
1008 git_dir = get_git_dir();
1009
1010 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1011
1012 if (!find_hook(push_to_checkout_hook))
1013 retval = push_to_deploy(sha1, &env, work_tree);
1014 else
1015 retval = push_to_checkout(sha1, &env, work_tree);
1016
1017 argv_array_clear(&env);
1018 return retval;
1019 }
1020
1021 static const char *update(struct command *cmd, struct shallow_info *si)
1022 {
1023 const char *name = cmd->ref_name;
1024 struct strbuf namespaced_name_buf = STRBUF_INIT;
1025 static char *namespaced_name;
1026 const char *ret;
1027 struct object_id *old_oid = &cmd->old_oid;
1028 struct object_id *new_oid = &cmd->new_oid;
1029 int do_update_worktree = 0;
1030 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1031
1032 /* only refs/... are allowed */
1033 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1034 rp_error("refusing to create funny ref '%s' remotely", name);
1035 return "funny refname";
1036 }
1037
1038 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1039 free(namespaced_name);
1040 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1041
1042 if (worktree) {
1043 switch (deny_current_branch) {
1044 case DENY_IGNORE:
1045 break;
1046 case DENY_WARN:
1047 rp_warning("updating the current branch");
1048 break;
1049 case DENY_REFUSE:
1050 case DENY_UNCONFIGURED:
1051 rp_error("refusing to update checked out branch: %s", name);
1052 if (deny_current_branch == DENY_UNCONFIGURED)
1053 refuse_unconfigured_deny();
1054 return "branch is currently checked out";
1055 case DENY_UPDATE_INSTEAD:
1056 /* pass -- let other checks intervene first */
1057 do_update_worktree = 1;
1058 break;
1059 }
1060 }
1061
1062 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1063 error("unpack should have generated %s, "
1064 "but I can't find it!", oid_to_hex(new_oid));
1065 return "bad pack";
1066 }
1067
1068 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1069 if (deny_deletes && starts_with(name, "refs/heads/")) {
1070 rp_error("denying ref deletion for %s", name);
1071 return "deletion prohibited";
1072 }
1073
1074 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1075 switch (deny_delete_current) {
1076 case DENY_IGNORE:
1077 break;
1078 case DENY_WARN:
1079 rp_warning("deleting the current branch");
1080 break;
1081 case DENY_REFUSE:
1082 case DENY_UNCONFIGURED:
1083 case DENY_UPDATE_INSTEAD:
1084 if (deny_delete_current == DENY_UNCONFIGURED)
1085 refuse_unconfigured_deny_delete_current();
1086 rp_error("refusing to delete the current branch: %s", name);
1087 return "deletion of the current branch prohibited";
1088 default:
1089 return "Invalid denyDeleteCurrent setting";
1090 }
1091 }
1092 }
1093
1094 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1095 !is_null_oid(old_oid) &&
1096 starts_with(name, "refs/heads/")) {
1097 struct object *old_object, *new_object;
1098 struct commit *old_commit, *new_commit;
1099
1100 old_object = parse_object(the_repository, old_oid);
1101 new_object = parse_object(the_repository, new_oid);
1102
1103 if (!old_object || !new_object ||
1104 old_object->type != OBJ_COMMIT ||
1105 new_object->type != OBJ_COMMIT) {
1106 error("bad sha1 objects for %s", name);
1107 return "bad ref";
1108 }
1109 old_commit = (struct commit *)old_object;
1110 new_commit = (struct commit *)new_object;
1111 if (!in_merge_bases(old_commit, new_commit)) {
1112 rp_error("denying non-fast-forward %s"
1113 " (you should pull first)", name);
1114 return "non-fast-forward";
1115 }
1116 }
1117 if (run_update_hook(cmd)) {
1118 rp_error("hook declined to update %s", name);
1119 return "hook declined";
1120 }
1121
1122 if (do_update_worktree) {
1123 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1124 if (ret)
1125 return ret;
1126 }
1127
1128 if (is_null_oid(new_oid)) {
1129 struct strbuf err = STRBUF_INIT;
1130 if (!parse_object(the_repository, old_oid)) {
1131 old_oid = NULL;
1132 if (ref_exists(name)) {
1133 rp_warning("Allowing deletion of corrupt ref.");
1134 } else {
1135 rp_warning("Deleting a non-existent ref.");
1136 cmd->did_not_exist = 1;
1137 }
1138 }
1139 if (ref_transaction_delete(transaction,
1140 namespaced_name,
1141 old_oid,
1142 0, "push", &err)) {
1143 rp_error("%s", err.buf);
1144 strbuf_release(&err);
1145 return "failed to delete";
1146 }
1147 strbuf_release(&err);
1148 return NULL; /* good */
1149 }
1150 else {
1151 struct strbuf err = STRBUF_INIT;
1152 if (shallow_update && si->shallow_ref[cmd->index] &&
1153 update_shallow_ref(cmd, si))
1154 return "shallow error";
1155
1156 if (ref_transaction_update(transaction,
1157 namespaced_name,
1158 new_oid, old_oid,
1159 0, "push",
1160 &err)) {
1161 rp_error("%s", err.buf);
1162 strbuf_release(&err);
1163
1164 return "failed to update ref";
1165 }
1166 strbuf_release(&err);
1167
1168 return NULL; /* good */
1169 }
1170 }
1171
1172 static void run_update_post_hook(struct command *commands)
1173 {
1174 struct command *cmd;
1175 struct child_process proc = CHILD_PROCESS_INIT;
1176 const char *hook;
1177
1178 hook = find_hook("post-update");
1179 if (!hook)
1180 return;
1181
1182 for (cmd = commands; cmd; cmd = cmd->next) {
1183 if (cmd->error_string || cmd->did_not_exist)
1184 continue;
1185 if (!proc.args.argc)
1186 argv_array_push(&proc.args, hook);
1187 argv_array_push(&proc.args, cmd->ref_name);
1188 }
1189 if (!proc.args.argc)
1190 return;
1191
1192 proc.no_stdin = 1;
1193 proc.stdout_to_stderr = 1;
1194 proc.err = use_sideband ? -1 : 0;
1195 proc.trace2_hook_name = "post-update";
1196
1197 if (!start_command(&proc)) {
1198 if (use_sideband)
1199 copy_to_sideband(proc.err, -1, NULL);
1200 finish_command(&proc);
1201 }
1202 }
1203
1204 static void check_aliased_update_internal(struct command *cmd,
1205 struct string_list *list,
1206 const char *dst_name, int flag)
1207 {
1208 struct string_list_item *item;
1209 struct command *dst_cmd;
1210
1211 if (!(flag & REF_ISSYMREF))
1212 return;
1213
1214 if (!dst_name) {
1215 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1216 cmd->skip_update = 1;
1217 cmd->error_string = "broken symref";
1218 return;
1219 }
1220 dst_name = strip_namespace(dst_name);
1221
1222 if ((item = string_list_lookup(list, dst_name)) == NULL)
1223 return;
1224
1225 cmd->skip_update = 1;
1226
1227 dst_cmd = (struct command *) item->util;
1228
1229 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1230 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1231 return;
1232
1233 dst_cmd->skip_update = 1;
1234
1235 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1236 " its target '%s' (%s..%s)",
1237 cmd->ref_name,
1238 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1239 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1240 dst_cmd->ref_name,
1241 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1242 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1243
1244 cmd->error_string = dst_cmd->error_string =
1245 "inconsistent aliased update";
1246 }
1247
1248 static void check_aliased_update(struct command *cmd, struct string_list *list)
1249 {
1250 struct strbuf buf = STRBUF_INIT;
1251 const char *dst_name;
1252 int flag;
1253
1254 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1255 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1256 check_aliased_update_internal(cmd, list, dst_name, flag);
1257 strbuf_release(&buf);
1258 }
1259
1260 static void check_aliased_updates(struct command *commands)
1261 {
1262 struct command *cmd;
1263 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1264
1265 for (cmd = commands; cmd; cmd = cmd->next) {
1266 struct string_list_item *item =
1267 string_list_append(&ref_list, cmd->ref_name);
1268 item->util = (void *)cmd;
1269 }
1270 string_list_sort(&ref_list);
1271
1272 for (cmd = commands; cmd; cmd = cmd->next) {
1273 if (!cmd->error_string)
1274 check_aliased_update(cmd, &ref_list);
1275 }
1276
1277 string_list_clear(&ref_list, 0);
1278 }
1279
1280 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1281 {
1282 struct command **cmd_list = cb_data;
1283 struct command *cmd = *cmd_list;
1284
1285 if (!cmd || is_null_oid(&cmd->new_oid))
1286 return -1; /* end of list */
1287 *cmd_list = NULL; /* this returns only one */
1288 oidcpy(oid, &cmd->new_oid);
1289 return 0;
1290 }
1291
1292 static void set_connectivity_errors(struct command *commands,
1293 struct shallow_info *si)
1294 {
1295 struct command *cmd;
1296
1297 for (cmd = commands; cmd; cmd = cmd->next) {
1298 struct command *singleton = cmd;
1299 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1300
1301 if (shallow_update && si->shallow_ref[cmd->index])
1302 /* to be checked in update_shallow_ref() */
1303 continue;
1304
1305 opt.env = tmp_objdir_env(tmp_objdir);
1306 if (!check_connected(command_singleton_iterator, &singleton,
1307 &opt))
1308 continue;
1309
1310 cmd->error_string = "missing necessary objects";
1311 }
1312 }
1313
1314 struct iterate_data {
1315 struct command *cmds;
1316 struct shallow_info *si;
1317 };
1318
1319 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1320 {
1321 struct iterate_data *data = cb_data;
1322 struct command **cmd_list = &data->cmds;
1323 struct command *cmd = *cmd_list;
1324
1325 for (; cmd; cmd = cmd->next) {
1326 if (shallow_update && data->si->shallow_ref[cmd->index])
1327 /* to be checked in update_shallow_ref() */
1328 continue;
1329 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1330 oidcpy(oid, &cmd->new_oid);
1331 *cmd_list = cmd->next;
1332 return 0;
1333 }
1334 }
1335 *cmd_list = NULL;
1336 return -1; /* end of list */
1337 }
1338
1339 static void reject_updates_to_hidden(struct command *commands)
1340 {
1341 struct strbuf refname_full = STRBUF_INIT;
1342 size_t prefix_len;
1343 struct command *cmd;
1344
1345 strbuf_addstr(&refname_full, get_git_namespace());
1346 prefix_len = refname_full.len;
1347
1348 for (cmd = commands; cmd; cmd = cmd->next) {
1349 if (cmd->error_string)
1350 continue;
1351
1352 strbuf_setlen(&refname_full, prefix_len);
1353 strbuf_addstr(&refname_full, cmd->ref_name);
1354
1355 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1356 continue;
1357 if (is_null_oid(&cmd->new_oid))
1358 cmd->error_string = "deny deleting a hidden ref";
1359 else
1360 cmd->error_string = "deny updating a hidden ref";
1361 }
1362
1363 strbuf_release(&refname_full);
1364 }
1365
1366 static int should_process_cmd(struct command *cmd)
1367 {
1368 return !cmd->error_string && !cmd->skip_update;
1369 }
1370
1371 static void warn_if_skipped_connectivity_check(struct command *commands,
1372 struct shallow_info *si)
1373 {
1374 struct command *cmd;
1375 int checked_connectivity = 1;
1376
1377 for (cmd = commands; cmd; cmd = cmd->next) {
1378 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1379 error("BUG: connectivity check has not been run on ref %s",
1380 cmd->ref_name);
1381 checked_connectivity = 0;
1382 }
1383 }
1384 if (!checked_connectivity)
1385 BUG("connectivity check skipped???");
1386 }
1387
1388 static void execute_commands_non_atomic(struct command *commands,
1389 struct shallow_info *si)
1390 {
1391 struct command *cmd;
1392 struct strbuf err = STRBUF_INIT;
1393
1394 for (cmd = commands; cmd; cmd = cmd->next) {
1395 if (!should_process_cmd(cmd))
1396 continue;
1397
1398 transaction = ref_transaction_begin(&err);
1399 if (!transaction) {
1400 rp_error("%s", err.buf);
1401 strbuf_reset(&err);
1402 cmd->error_string = "transaction failed to start";
1403 continue;
1404 }
1405
1406 cmd->error_string = update(cmd, si);
1407
1408 if (!cmd->error_string
1409 && ref_transaction_commit(transaction, &err)) {
1410 rp_error("%s", err.buf);
1411 strbuf_reset(&err);
1412 cmd->error_string = "failed to update ref";
1413 }
1414 ref_transaction_free(transaction);
1415 }
1416 strbuf_release(&err);
1417 }
1418
1419 static void execute_commands_atomic(struct command *commands,
1420 struct shallow_info *si)
1421 {
1422 struct command *cmd;
1423 struct strbuf err = STRBUF_INIT;
1424 const char *reported_error = "atomic push failure";
1425
1426 transaction = ref_transaction_begin(&err);
1427 if (!transaction) {
1428 rp_error("%s", err.buf);
1429 strbuf_reset(&err);
1430 reported_error = "transaction failed to start";
1431 goto failure;
1432 }
1433
1434 for (cmd = commands; cmd; cmd = cmd->next) {
1435 if (!should_process_cmd(cmd))
1436 continue;
1437
1438 cmd->error_string = update(cmd, si);
1439
1440 if (cmd->error_string)
1441 goto failure;
1442 }
1443
1444 if (ref_transaction_commit(transaction, &err)) {
1445 rp_error("%s", err.buf);
1446 reported_error = "atomic transaction failed";
1447 goto failure;
1448 }
1449 goto cleanup;
1450
1451 failure:
1452 for (cmd = commands; cmd; cmd = cmd->next)
1453 if (!cmd->error_string)
1454 cmd->error_string = reported_error;
1455
1456 cleanup:
1457 ref_transaction_free(transaction);
1458 strbuf_release(&err);
1459 }
1460
1461 static void execute_commands(struct command *commands,
1462 const char *unpacker_error,
1463 struct shallow_info *si,
1464 const struct string_list *push_options)
1465 {
1466 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1467 struct command *cmd;
1468 struct iterate_data data;
1469 struct async muxer;
1470 int err_fd = 0;
1471
1472 if (unpacker_error) {
1473 for (cmd = commands; cmd; cmd = cmd->next)
1474 cmd->error_string = "unpacker error";
1475 return;
1476 }
1477
1478 if (use_sideband) {
1479 memset(&muxer, 0, sizeof(muxer));
1480 muxer.proc = copy_to_sideband;
1481 muxer.in = -1;
1482 if (!start_async(&muxer))
1483 err_fd = muxer.in;
1484 /* ...else, continue without relaying sideband */
1485 }
1486
1487 data.cmds = commands;
1488 data.si = si;
1489 opt.err_fd = err_fd;
1490 opt.progress = err_fd && !quiet;
1491 opt.env = tmp_objdir_env(tmp_objdir);
1492 if (check_connected(iterate_receive_command_list, &data, &opt))
1493 set_connectivity_errors(commands, si);
1494
1495 if (use_sideband)
1496 finish_async(&muxer);
1497
1498 reject_updates_to_hidden(commands);
1499
1500 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1501 for (cmd = commands; cmd; cmd = cmd->next) {
1502 if (!cmd->error_string)
1503 cmd->error_string = "pre-receive hook declined";
1504 }
1505 return;
1506 }
1507
1508 /*
1509 * Now we'll start writing out refs, which means the objects need
1510 * to be in their final positions so that other processes can see them.
1511 */
1512 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1513 for (cmd = commands; cmd; cmd = cmd->next) {
1514 if (!cmd->error_string)
1515 cmd->error_string = "unable to migrate objects to permanent storage";
1516 }
1517 return;
1518 }
1519 tmp_objdir = NULL;
1520
1521 check_aliased_updates(commands);
1522
1523 free(head_name_to_free);
1524 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1525
1526 if (use_atomic)
1527 execute_commands_atomic(commands, si);
1528 else
1529 execute_commands_non_atomic(commands, si);
1530
1531 if (shallow_update)
1532 warn_if_skipped_connectivity_check(commands, si);
1533 }
1534
1535 static struct command **queue_command(struct command **tail,
1536 const char *line,
1537 int linelen)
1538 {
1539 struct object_id old_oid, new_oid;
1540 struct command *cmd;
1541 const char *refname;
1542 int reflen;
1543 const char *p;
1544
1545 if (parse_oid_hex(line, &old_oid, &p) ||
1546 *p++ != ' ' ||
1547 parse_oid_hex(p, &new_oid, &p) ||
1548 *p++ != ' ')
1549 die("protocol error: expected old/new/ref, got '%s'", line);
1550
1551 refname = p;
1552 reflen = linelen - (p - line);
1553 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1554 oidcpy(&cmd->old_oid, &old_oid);
1555 oidcpy(&cmd->new_oid, &new_oid);
1556 *tail = cmd;
1557 return &cmd->next;
1558 }
1559
1560 static void queue_commands_from_cert(struct command **tail,
1561 struct strbuf *push_cert)
1562 {
1563 const char *boc, *eoc;
1564
1565 if (*tail)
1566 die("protocol error: got both push certificate and unsigned commands");
1567
1568 boc = strstr(push_cert->buf, "\n\n");
1569 if (!boc)
1570 die("malformed push certificate %.*s", 100, push_cert->buf);
1571 else
1572 boc += 2;
1573 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1574
1575 while (boc < eoc) {
1576 const char *eol = memchr(boc, '\n', eoc - boc);
1577 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1578 boc = eol ? eol + 1 : eoc;
1579 }
1580 }
1581
1582 static struct command *read_head_info(struct packet_reader *reader,
1583 struct oid_array *shallow)
1584 {
1585 struct command *commands = NULL;
1586 struct command **p = &commands;
1587 for (;;) {
1588 int linelen;
1589
1590 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1591 break;
1592
1593 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1594 struct object_id oid;
1595 if (get_oid_hex(reader->line + 8, &oid))
1596 die("protocol error: expected shallow sha, got '%s'",
1597 reader->line + 8);
1598 oid_array_append(shallow, &oid);
1599 continue;
1600 }
1601
1602 linelen = strlen(reader->line);
1603 if (linelen < reader->pktlen) {
1604 const char *feature_list = reader->line + linelen + 1;
1605 if (parse_feature_request(feature_list, "report-status"))
1606 report_status = 1;
1607 if (parse_feature_request(feature_list, "side-band-64k"))
1608 use_sideband = LARGE_PACKET_MAX;
1609 if (parse_feature_request(feature_list, "quiet"))
1610 quiet = 1;
1611 if (advertise_atomic_push
1612 && parse_feature_request(feature_list, "atomic"))
1613 use_atomic = 1;
1614 if (advertise_push_options
1615 && parse_feature_request(feature_list, "push-options"))
1616 use_push_options = 1;
1617 }
1618
1619 if (!strcmp(reader->line, "push-cert")) {
1620 int true_flush = 0;
1621 int saved_options = reader->options;
1622 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1623
1624 for (;;) {
1625 packet_reader_read(reader);
1626 if (reader->status == PACKET_READ_FLUSH) {
1627 true_flush = 1;
1628 break;
1629 }
1630 if (reader->status != PACKET_READ_NORMAL) {
1631 die("protocol error: got an unexpected packet");
1632 }
1633 if (!strcmp(reader->line, "push-cert-end\n"))
1634 break; /* end of cert */
1635 strbuf_addstr(&push_cert, reader->line);
1636 }
1637 reader->options = saved_options;
1638
1639 if (true_flush)
1640 break;
1641 continue;
1642 }
1643
1644 p = queue_command(p, reader->line, linelen);
1645 }
1646
1647 if (push_cert.len)
1648 queue_commands_from_cert(p, &push_cert);
1649
1650 return commands;
1651 }
1652
1653 static void read_push_options(struct packet_reader *reader,
1654 struct string_list *options)
1655 {
1656 while (1) {
1657 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1658 break;
1659
1660 string_list_append(options, reader->line);
1661 }
1662 }
1663
1664 static const char *parse_pack_header(struct pack_header *hdr)
1665 {
1666 switch (read_pack_header(0, hdr)) {
1667 case PH_ERROR_EOF:
1668 return "eof before pack header was fully read";
1669
1670 case PH_ERROR_PACK_SIGNATURE:
1671 return "protocol error (pack signature mismatch detected)";
1672
1673 case PH_ERROR_PROTOCOL:
1674 return "protocol error (pack version unsupported)";
1675
1676 default:
1677 return "unknown error in parse_pack_header";
1678
1679 case 0:
1680 return NULL;
1681 }
1682 }
1683
1684 static const char *pack_lockfile;
1685
1686 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1687 {
1688 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1689 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1690 }
1691
1692 static const char *unpack(int err_fd, struct shallow_info *si)
1693 {
1694 struct pack_header hdr;
1695 const char *hdr_err;
1696 int status;
1697 struct child_process child = CHILD_PROCESS_INIT;
1698 int fsck_objects = (receive_fsck_objects >= 0
1699 ? receive_fsck_objects
1700 : transfer_fsck_objects >= 0
1701 ? transfer_fsck_objects
1702 : 0);
1703
1704 hdr_err = parse_pack_header(&hdr);
1705 if (hdr_err) {
1706 if (err_fd > 0)
1707 close(err_fd);
1708 return hdr_err;
1709 }
1710
1711 if (si->nr_ours || si->nr_theirs) {
1712 alt_shallow_file = setup_temporary_shallow(si->shallow);
1713 argv_array_push(&child.args, "--shallow-file");
1714 argv_array_push(&child.args, alt_shallow_file);
1715 }
1716
1717 tmp_objdir = tmp_objdir_create();
1718 if (!tmp_objdir) {
1719 if (err_fd > 0)
1720 close(err_fd);
1721 return "unable to create temporary object directory";
1722 }
1723 child.env = tmp_objdir_env(tmp_objdir);
1724
1725 /*
1726 * Normally we just pass the tmp_objdir environment to the child
1727 * processes that do the heavy lifting, but we may need to see these
1728 * objects ourselves to set up shallow information.
1729 */
1730 tmp_objdir_add_as_alternate(tmp_objdir);
1731
1732 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1733 argv_array_push(&child.args, "unpack-objects");
1734 push_header_arg(&child.args, &hdr);
1735 if (quiet)
1736 argv_array_push(&child.args, "-q");
1737 if (fsck_objects)
1738 argv_array_pushf(&child.args, "--strict%s",
1739 fsck_msg_types.buf);
1740 if (max_input_size)
1741 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1742 (uintmax_t)max_input_size);
1743 child.no_stdout = 1;
1744 child.err = err_fd;
1745 child.git_cmd = 1;
1746 status = run_command(&child);
1747 if (status)
1748 return "unpack-objects abnormal exit";
1749 } else {
1750 char hostname[HOST_NAME_MAX + 1];
1751
1752 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1753 push_header_arg(&child.args, &hdr);
1754
1755 if (xgethostname(hostname, sizeof(hostname)))
1756 xsnprintf(hostname, sizeof(hostname), "localhost");
1757 argv_array_pushf(&child.args,
1758 "--keep=receive-pack %"PRIuMAX" on %s",
1759 (uintmax_t)getpid(),
1760 hostname);
1761
1762 if (!quiet && err_fd)
1763 argv_array_push(&child.args, "--show-resolving-progress");
1764 if (use_sideband)
1765 argv_array_push(&child.args, "--report-end-of-input");
1766 if (fsck_objects)
1767 argv_array_pushf(&child.args, "--strict%s",
1768 fsck_msg_types.buf);
1769 if (!reject_thin)
1770 argv_array_push(&child.args, "--fix-thin");
1771 if (max_input_size)
1772 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1773 (uintmax_t)max_input_size);
1774 child.out = -1;
1775 child.err = err_fd;
1776 child.git_cmd = 1;
1777 status = start_command(&child);
1778 if (status)
1779 return "index-pack fork failed";
1780 pack_lockfile = index_pack_lockfile(child.out);
1781 close(child.out);
1782 status = finish_command(&child);
1783 if (status)
1784 return "index-pack abnormal exit";
1785 reprepare_packed_git(the_repository);
1786 }
1787 return NULL;
1788 }
1789
1790 static const char *unpack_with_sideband(struct shallow_info *si)
1791 {
1792 struct async muxer;
1793 const char *ret;
1794
1795 if (!use_sideband)
1796 return unpack(0, si);
1797
1798 use_keepalive = KEEPALIVE_AFTER_NUL;
1799 memset(&muxer, 0, sizeof(muxer));
1800 muxer.proc = copy_to_sideband;
1801 muxer.in = -1;
1802 if (start_async(&muxer))
1803 return NULL;
1804
1805 ret = unpack(muxer.in, si);
1806
1807 finish_async(&muxer);
1808 return ret;
1809 }
1810
1811 static void prepare_shallow_update(struct shallow_info *si)
1812 {
1813 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1814
1815 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1816 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1817
1818 si->need_reachability_test =
1819 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1820 si->reachable =
1821 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1822 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1823
1824 for (i = 0; i < si->nr_ours; i++)
1825 si->need_reachability_test[si->ours[i]] = 1;
1826
1827 for (i = 0; i < si->shallow->nr; i++) {
1828 if (!si->used_shallow[i])
1829 continue;
1830 for (j = 0; j < bitmap_size; j++) {
1831 if (!si->used_shallow[i][j])
1832 continue;
1833 si->need_reachability_test[i]++;
1834 for (k = 0; k < 32; k++)
1835 if (si->used_shallow[i][j] & (1U << k))
1836 si->shallow_ref[j * 32 + k]++;
1837 }
1838
1839 /*
1840 * true for those associated with some refs and belong
1841 * in "ours" list aka "step 7 not done yet"
1842 */
1843 si->need_reachability_test[i] =
1844 si->need_reachability_test[i] > 1;
1845 }
1846
1847 /*
1848 * keep hooks happy by forcing a temporary shallow file via
1849 * env variable because we can't add --shallow-file to every
1850 * command. check_connected() will be done with
1851 * true .git/shallow though.
1852 */
1853 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1854 }
1855
1856 static void update_shallow_info(struct command *commands,
1857 struct shallow_info *si,
1858 struct oid_array *ref)
1859 {
1860 struct command *cmd;
1861 int *ref_status;
1862 remove_nonexistent_theirs_shallow(si);
1863 if (!si->nr_ours && !si->nr_theirs) {
1864 shallow_update = 0;
1865 return;
1866 }
1867
1868 for (cmd = commands; cmd; cmd = cmd->next) {
1869 if (is_null_oid(&cmd->new_oid))
1870 continue;
1871 oid_array_append(ref, &cmd->new_oid);
1872 cmd->index = ref->nr - 1;
1873 }
1874 si->ref = ref;
1875
1876 if (shallow_update) {
1877 prepare_shallow_update(si);
1878 return;
1879 }
1880
1881 ALLOC_ARRAY(ref_status, ref->nr);
1882 assign_shallow_commits_to_refs(si, NULL, ref_status);
1883 for (cmd = commands; cmd; cmd = cmd->next) {
1884 if (is_null_oid(&cmd->new_oid))
1885 continue;
1886 if (ref_status[cmd->index]) {
1887 cmd->error_string = "shallow update not allowed";
1888 cmd->skip_update = 1;
1889 }
1890 }
1891 free(ref_status);
1892 }
1893
1894 static void report(struct command *commands, const char *unpack_status)
1895 {
1896 struct command *cmd;
1897 struct strbuf buf = STRBUF_INIT;
1898
1899 packet_buf_write(&buf, "unpack %s\n",
1900 unpack_status ? unpack_status : "ok");
1901 for (cmd = commands; cmd; cmd = cmd->next) {
1902 if (!cmd->error_string)
1903 packet_buf_write(&buf, "ok %s\n",
1904 cmd->ref_name);
1905 else
1906 packet_buf_write(&buf, "ng %s %s\n",
1907 cmd->ref_name, cmd->error_string);
1908 }
1909 packet_buf_flush(&buf);
1910
1911 if (use_sideband)
1912 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1913 else
1914 write_or_die(1, buf.buf, buf.len);
1915 strbuf_release(&buf);
1916 }
1917
1918 static int delete_only(struct command *commands)
1919 {
1920 struct command *cmd;
1921 for (cmd = commands; cmd; cmd = cmd->next) {
1922 if (!is_null_oid(&cmd->new_oid))
1923 return 0;
1924 }
1925 return 1;
1926 }
1927
1928 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1929 {
1930 int advertise_refs = 0;
1931 struct command *commands;
1932 struct oid_array shallow = OID_ARRAY_INIT;
1933 struct oid_array ref = OID_ARRAY_INIT;
1934 struct shallow_info si;
1935 struct packet_reader reader;
1936
1937 struct option options[] = {
1938 OPT__QUIET(&quiet, N_("quiet")),
1939 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1940 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1941 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1942 OPT_END()
1943 };
1944
1945 packet_trace_identity("receive-pack");
1946
1947 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1948
1949 if (argc > 1)
1950 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1951 if (argc == 0)
1952 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1953
1954 service_dir = argv[0];
1955
1956 setup_path();
1957
1958 if (!enter_repo(service_dir, 0))
1959 die("'%s' does not appear to be a git repository", service_dir);
1960
1961 git_config(receive_pack_config, NULL);
1962 if (cert_nonce_seed)
1963 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1964
1965 if (0 <= transfer_unpack_limit)
1966 unpack_limit = transfer_unpack_limit;
1967 else if (0 <= receive_unpack_limit)
1968 unpack_limit = receive_unpack_limit;
1969
1970 switch (determine_protocol_version_server()) {
1971 case protocol_v2:
1972 /*
1973 * push support for protocol v2 has not been implemented yet,
1974 * so ignore the request to use v2 and fallback to using v0.
1975 */
1976 break;
1977 case protocol_v1:
1978 /*
1979 * v1 is just the original protocol with a version string,
1980 * so just fall through after writing the version string.
1981 */
1982 if (advertise_refs || !stateless_rpc)
1983 packet_write_fmt(1, "version 1\n");
1984
1985 /* fallthrough */
1986 case protocol_v0:
1987 break;
1988 case protocol_unknown_version:
1989 BUG("unknown protocol version");
1990 }
1991
1992 if (advertise_refs || !stateless_rpc) {
1993 write_head_info();
1994 }
1995 if (advertise_refs)
1996 return 0;
1997
1998 packet_reader_init(&reader, 0, NULL, 0,
1999 PACKET_READ_CHOMP_NEWLINE |
2000 PACKET_READ_DIE_ON_ERR_PACKET);
2001
2002 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2003 const char *unpack_status = NULL;
2004 struct string_list push_options = STRING_LIST_INIT_DUP;
2005
2006 if (use_push_options)
2007 read_push_options(&reader, &push_options);
2008 if (!check_cert_push_options(&push_options)) {
2009 struct command *cmd;
2010 for (cmd = commands; cmd; cmd = cmd->next)
2011 cmd->error_string = "inconsistent push options";
2012 }
2013
2014 prepare_shallow_info(&si, &shallow);
2015 if (!si.nr_ours && !si.nr_theirs)
2016 shallow_update = 0;
2017 if (!delete_only(commands)) {
2018 unpack_status = unpack_with_sideband(&si);
2019 update_shallow_info(commands, &si, &ref);
2020 }
2021 use_keepalive = KEEPALIVE_ALWAYS;
2022 execute_commands(commands, unpack_status, &si,
2023 &push_options);
2024 if (pack_lockfile)
2025 unlink_or_warn(pack_lockfile);
2026 if (report_status)
2027 report(commands, unpack_status);
2028 run_receive_hook(commands, "post-receive", 1,
2029 &push_options);
2030 run_update_post_hook(commands);
2031 string_list_clear(&push_options, 0);
2032 if (auto_gc) {
2033 const char *argv_gc_auto[] = {
2034 "gc", "--auto", "--quiet", NULL,
2035 };
2036 struct child_process proc = CHILD_PROCESS_INIT;
2037
2038 proc.no_stdin = 1;
2039 proc.stdout_to_stderr = 1;
2040 proc.err = use_sideband ? -1 : 0;
2041 proc.git_cmd = 1;
2042 proc.argv = argv_gc_auto;
2043
2044 close_object_store(the_repository->objects);
2045 if (!start_command(&proc)) {
2046 if (use_sideband)
2047 copy_to_sideband(proc.err, -1, NULL);
2048 finish_command(&proc);
2049 }
2050 }
2051 if (auto_update_server_info)
2052 update_server_info(0);
2053 clear_shallow_info(&si);
2054 }
2055 if (use_sideband)
2056 packet_flush(1);
2057 oid_array_clear(&shallow);
2058 oid_array_clear(&ref);
2059 free((void *)push_cert_nonce);
2060 return 0;
2061 }
Unnamed repository; edit this file 'description' to name the repository.