]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'ab/object-file-api-updates'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "hook.h"
11 #include "exec-cmd.h"
12 #include "commit.h"
13 #include "object.h"
14 #include "remote.h"
15 #include "connect.h"
16 #include "string-list.h"
17 #include "oid-array.h"
18 #include "connected.h"
19 #include "strvec.h"
20 #include "version.h"
21 #include "tag.h"
22 #include "gpg-interface.h"
23 #include "sigchain.h"
24 #include "fsck.h"
25 #include "tmp-objdir.h"
26 #include "oidset.h"
27 #include "packfile.h"
28 #include "object-store.h"
29 #include "protocol.h"
30 #include "commit-reach.h"
31 #include "worktree.h"
32 #include "shallow.h"
33
34 static const char * const receive_pack_usage[] = {
35 N_("git receive-pack <git-dir>"),
36 NULL
37 };
38
39 enum deny_action {
40 DENY_UNCONFIGURED,
41 DENY_IGNORE,
42 DENY_WARN,
43 DENY_REFUSE,
44 DENY_UPDATE_INSTEAD
45 };
46
47 static int deny_deletes;
48 static int deny_non_fast_forwards;
49 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
50 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
51 static int receive_fsck_objects = -1;
52 static int transfer_fsck_objects = -1;
53 static struct strbuf fsck_msg_types = STRBUF_INIT;
54 static int receive_unpack_limit = -1;
55 static int transfer_unpack_limit = -1;
56 static int advertise_atomic_push = 1;
57 static int advertise_push_options;
58 static int advertise_sid;
59 static int unpack_limit = 100;
60 static off_t max_input_size;
61 static int report_status;
62 static int report_status_v2;
63 static int use_sideband;
64 static int use_atomic;
65 static int use_push_options;
66 static int quiet;
67 static int prefer_ofs_delta = 1;
68 static int auto_update_server_info;
69 static int auto_gc = 1;
70 static int reject_thin;
71 static int stateless_rpc;
72 static const char *service_dir;
73 static const char *head_name;
74 static void *head_name_to_free;
75 static int sent_capabilities;
76 static int shallow_update;
77 static const char *alt_shallow_file;
78 static struct strbuf push_cert = STRBUF_INIT;
79 static struct object_id push_cert_oid;
80 static struct signature_check sigcheck;
81 static const char *push_cert_nonce;
82 static const char *cert_nonce_seed;
83
84 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
85 static const char *NONCE_BAD = "BAD";
86 static const char *NONCE_MISSING = "MISSING";
87 static const char *NONCE_OK = "OK";
88 static const char *NONCE_SLOP = "SLOP";
89 static const char *nonce_status;
90 static long nonce_stamp_slop;
91 static timestamp_t nonce_stamp_slop_limit;
92 static struct ref_transaction *transaction;
93
94 static enum {
95 KEEPALIVE_NEVER = 0,
96 KEEPALIVE_AFTER_NUL,
97 KEEPALIVE_ALWAYS
98 } use_keepalive;
99 static int keepalive_in_sec = 5;
100
101 static struct tmp_objdir *tmp_objdir;
102
103 static struct proc_receive_ref {
104 unsigned int want_add:1,
105 want_delete:1,
106 want_modify:1,
107 negative_ref:1;
108 char *ref_prefix;
109 struct proc_receive_ref *next;
110 } *proc_receive_ref;
111
112 static void proc_receive_ref_append(const char *prefix);
113
114 static enum deny_action parse_deny_action(const char *var, const char *value)
115 {
116 if (value) {
117 if (!strcasecmp(value, "ignore"))
118 return DENY_IGNORE;
119 if (!strcasecmp(value, "warn"))
120 return DENY_WARN;
121 if (!strcasecmp(value, "refuse"))
122 return DENY_REFUSE;
123 if (!strcasecmp(value, "updateinstead"))
124 return DENY_UPDATE_INSTEAD;
125 }
126 if (git_config_bool(var, value))
127 return DENY_REFUSE;
128 return DENY_IGNORE;
129 }
130
131 static int receive_pack_config(const char *var, const char *value, void *cb)
132 {
133 int status = parse_hide_refs_config(var, value, "receive");
134
135 if (status)
136 return status;
137
138 status = git_gpg_config(var, value, NULL);
139 if (status)
140 return status;
141
142 if (strcmp(var, "receive.denydeletes") == 0) {
143 deny_deletes = git_config_bool(var, value);
144 return 0;
145 }
146
147 if (strcmp(var, "receive.denynonfastforwards") == 0) {
148 deny_non_fast_forwards = git_config_bool(var, value);
149 return 0;
150 }
151
152 if (strcmp(var, "receive.unpacklimit") == 0) {
153 receive_unpack_limit = git_config_int(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "transfer.unpacklimit") == 0) {
158 transfer_unpack_limit = git_config_int(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsck.skiplist") == 0) {
163 const char *path;
164
165 if (git_config_pathname(&path, var, value))
166 return 1;
167 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
168 fsck_msg_types.len ? ',' : '=', path);
169 free((char *)path);
170 return 0;
171 }
172
173 if (skip_prefix(var, "receive.fsck.", &var)) {
174 if (is_valid_msg_type(var, value))
175 strbuf_addf(&fsck_msg_types, "%c%s=%s",
176 fsck_msg_types.len ? ',' : '=', var, value);
177 else
178 warning("skipping unknown msg id '%s'", var);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.fsckobjects") == 0) {
183 receive_fsck_objects = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "transfer.fsckobjects") == 0) {
188 transfer_fsck_objects = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (!strcmp(var, "receive.denycurrentbranch")) {
193 deny_current_branch = parse_deny_action(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.denydeletecurrent") == 0) {
198 deny_delete_current = parse_deny_action(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
203 prefer_ofs_delta = git_config_bool(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.updateserverinfo") == 0) {
208 auto_update_server_info = git_config_bool(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.autogc") == 0) {
213 auto_gc = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.shallowupdate") == 0) {
218 shallow_update = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.certnonceseed") == 0)
223 return git_config_string(&cert_nonce_seed, var, value);
224
225 if (strcmp(var, "receive.certnonceslop") == 0) {
226 nonce_stamp_slop_limit = git_config_ulong(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.advertiseatomic") == 0) {
231 advertise_atomic_push = git_config_bool(var, value);
232 return 0;
233 }
234
235 if (strcmp(var, "receive.advertisepushoptions") == 0) {
236 advertise_push_options = git_config_bool(var, value);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.keepalive") == 0) {
241 keepalive_in_sec = git_config_int(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.maxinputsize") == 0) {
246 max_input_size = git_config_int64(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.procreceiverefs") == 0) {
251 if (!value)
252 return config_error_nonbool(var);
253 proc_receive_ref_append(value);
254 return 0;
255 }
256
257 if (strcmp(var, "transfer.advertisesid") == 0) {
258 advertise_sid = git_config_bool(var, value);
259 return 0;
260 }
261
262 return git_default_config(var, value, cb);
263 }
264
265 static void show_ref(const char *path, const struct object_id *oid)
266 {
267 if (sent_capabilities) {
268 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
269 } else {
270 struct strbuf cap = STRBUF_INIT;
271
272 strbuf_addstr(&cap,
273 "report-status report-status-v2 delete-refs side-band-64k quiet");
274 if (advertise_atomic_push)
275 strbuf_addstr(&cap, " atomic");
276 if (prefer_ofs_delta)
277 strbuf_addstr(&cap, " ofs-delta");
278 if (push_cert_nonce)
279 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
280 if (advertise_push_options)
281 strbuf_addstr(&cap, " push-options");
282 if (advertise_sid)
283 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
284 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
285 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
286 packet_write_fmt(1, "%s %s%c%s\n",
287 oid_to_hex(oid), path, 0, cap.buf);
288 strbuf_release(&cap);
289 sent_capabilities = 1;
290 }
291 }
292
293 static int show_ref_cb(const char *path_full, const struct object_id *oid,
294 int flag, void *data)
295 {
296 struct oidset *seen = data;
297 const char *path = strip_namespace(path_full);
298
299 if (ref_is_hidden(path, path_full))
300 return 0;
301
302 /*
303 * Advertise refs outside our current namespace as ".have"
304 * refs, so that the client can use them to minimize data
305 * transfer but will otherwise ignore them.
306 */
307 if (!path) {
308 if (oidset_insert(seen, oid))
309 return 0;
310 path = ".have";
311 } else {
312 oidset_insert(seen, oid);
313 }
314 show_ref(path, oid);
315 return 0;
316 }
317
318 static void show_one_alternate_ref(const struct object_id *oid,
319 void *data)
320 {
321 struct oidset *seen = data;
322
323 if (oidset_insert(seen, oid))
324 return;
325
326 show_ref(".have", oid);
327 }
328
329 static void write_head_info(void)
330 {
331 static struct oidset seen = OIDSET_INIT;
332
333 for_each_ref(show_ref_cb, &seen);
334 for_each_alternate_ref(show_one_alternate_ref, &seen);
335 oidset_clear(&seen);
336 if (!sent_capabilities)
337 show_ref("capabilities^{}", null_oid());
338
339 advertise_shallow_grafts(1);
340
341 /* EOF */
342 packet_flush(1);
343 }
344
345 #define RUN_PROC_RECEIVE_SCHEDULED 1
346 #define RUN_PROC_RECEIVE_RETURNED 2
347 struct command {
348 struct command *next;
349 const char *error_string;
350 struct ref_push_report *report;
351 unsigned int skip_update:1,
352 did_not_exist:1,
353 run_proc_receive:2;
354 int index;
355 struct object_id old_oid;
356 struct object_id new_oid;
357 char ref_name[FLEX_ARRAY]; /* more */
358 };
359
360 static void proc_receive_ref_append(const char *prefix)
361 {
362 struct proc_receive_ref *ref_pattern;
363 char *p;
364 int len;
365
366 CALLOC_ARRAY(ref_pattern, 1);
367 p = strchr(prefix, ':');
368 if (p) {
369 while (prefix < p) {
370 if (*prefix == 'a')
371 ref_pattern->want_add = 1;
372 else if (*prefix == 'd')
373 ref_pattern->want_delete = 1;
374 else if (*prefix == 'm')
375 ref_pattern->want_modify = 1;
376 else if (*prefix == '!')
377 ref_pattern->negative_ref = 1;
378 prefix++;
379 }
380 prefix++;
381 } else {
382 ref_pattern->want_add = 1;
383 ref_pattern->want_delete = 1;
384 ref_pattern->want_modify = 1;
385 }
386 len = strlen(prefix);
387 while (len && prefix[len - 1] == '/')
388 len--;
389 ref_pattern->ref_prefix = xmemdupz(prefix, len);
390 if (!proc_receive_ref) {
391 proc_receive_ref = ref_pattern;
392 } else {
393 struct proc_receive_ref *end;
394
395 end = proc_receive_ref;
396 while (end->next)
397 end = end->next;
398 end->next = ref_pattern;
399 }
400 }
401
402 static int proc_receive_ref_matches(struct command *cmd)
403 {
404 struct proc_receive_ref *p;
405
406 if (!proc_receive_ref)
407 return 0;
408
409 for (p = proc_receive_ref; p; p = p->next) {
410 const char *match = p->ref_prefix;
411 const char *remains;
412
413 if (!p->want_add && is_null_oid(&cmd->old_oid))
414 continue;
415 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
416 continue;
417 else if (!p->want_modify &&
418 !is_null_oid(&cmd->old_oid) &&
419 !is_null_oid(&cmd->new_oid))
420 continue;
421
422 if (skip_prefix(cmd->ref_name, match, &remains) &&
423 (!*remains || *remains == '/')) {
424 if (!p->negative_ref)
425 return 1;
426 } else if (p->negative_ref) {
427 return 1;
428 }
429 }
430 return 0;
431 }
432
433 static void report_message(const char *prefix, const char *err, va_list params)
434 {
435 int sz;
436 char msg[4096];
437
438 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
439 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
440 if (sz > (sizeof(msg) - 1))
441 sz = sizeof(msg) - 1;
442 msg[sz++] = '\n';
443
444 if (use_sideband)
445 send_sideband(1, 2, msg, sz, use_sideband);
446 else
447 xwrite(2, msg, sz);
448 }
449
450 __attribute__((format (printf, 1, 2)))
451 static void rp_warning(const char *err, ...)
452 {
453 va_list params;
454 va_start(params, err);
455 report_message("warning: ", err, params);
456 va_end(params);
457 }
458
459 __attribute__((format (printf, 1, 2)))
460 static void rp_error(const char *err, ...)
461 {
462 va_list params;
463 va_start(params, err);
464 report_message("error: ", err, params);
465 va_end(params);
466 }
467
468 static int copy_to_sideband(int in, int out, void *arg)
469 {
470 char data[128];
471 int keepalive_active = 0;
472
473 if (keepalive_in_sec <= 0)
474 use_keepalive = KEEPALIVE_NEVER;
475 if (use_keepalive == KEEPALIVE_ALWAYS)
476 keepalive_active = 1;
477
478 while (1) {
479 ssize_t sz;
480
481 if (keepalive_active) {
482 struct pollfd pfd;
483 int ret;
484
485 pfd.fd = in;
486 pfd.events = POLLIN;
487 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
488
489 if (ret < 0) {
490 if (errno == EINTR)
491 continue;
492 else
493 break;
494 } else if (ret == 0) {
495 /* no data; send a keepalive packet */
496 static const char buf[] = "0005\1";
497 write_or_die(1, buf, sizeof(buf) - 1);
498 continue;
499 } /* else there is actual data to read */
500 }
501
502 sz = xread(in, data, sizeof(data));
503 if (sz <= 0)
504 break;
505
506 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
507 const char *p = memchr(data, '\0', sz);
508 if (p) {
509 /*
510 * The NUL tells us to start sending keepalives. Make
511 * sure we send any other data we read along
512 * with it.
513 */
514 keepalive_active = 1;
515 send_sideband(1, 2, data, p - data, use_sideband);
516 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
517 continue;
518 }
519 }
520
521 /*
522 * Either we're not looking for a NUL signal, or we didn't see
523 * it yet; just pass along the data.
524 */
525 send_sideband(1, 2, data, sz, use_sideband);
526 }
527 close(in);
528 return 0;
529 }
530
531 static void hmac_hash(unsigned char *out,
532 const char *key_in, size_t key_len,
533 const char *text, size_t text_len)
534 {
535 unsigned char key[GIT_MAX_BLKSZ];
536 unsigned char k_ipad[GIT_MAX_BLKSZ];
537 unsigned char k_opad[GIT_MAX_BLKSZ];
538 int i;
539 git_hash_ctx ctx;
540
541 /* RFC 2104 2. (1) */
542 memset(key, '\0', GIT_MAX_BLKSZ);
543 if (the_hash_algo->blksz < key_len) {
544 the_hash_algo->init_fn(&ctx);
545 the_hash_algo->update_fn(&ctx, key_in, key_len);
546 the_hash_algo->final_fn(key, &ctx);
547 } else {
548 memcpy(key, key_in, key_len);
549 }
550
551 /* RFC 2104 2. (2) & (5) */
552 for (i = 0; i < sizeof(key); i++) {
553 k_ipad[i] = key[i] ^ 0x36;
554 k_opad[i] = key[i] ^ 0x5c;
555 }
556
557 /* RFC 2104 2. (3) & (4) */
558 the_hash_algo->init_fn(&ctx);
559 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
560 the_hash_algo->update_fn(&ctx, text, text_len);
561 the_hash_algo->final_fn(out, &ctx);
562
563 /* RFC 2104 2. (6) & (7) */
564 the_hash_algo->init_fn(&ctx);
565 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
566 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
567 the_hash_algo->final_fn(out, &ctx);
568 }
569
570 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
571 {
572 struct strbuf buf = STRBUF_INIT;
573 unsigned char hash[GIT_MAX_RAWSZ];
574
575 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
576 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
577 strbuf_release(&buf);
578
579 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
580 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
581 return strbuf_detach(&buf, NULL);
582 }
583
584 static char *find_header(const char *msg, size_t len, const char *key,
585 const char **next_line)
586 {
587 size_t out_len;
588 const char *val = find_header_mem(msg, len, key, &out_len);
589
590 if (!val)
591 return NULL;
592
593 if (next_line)
594 *next_line = val + out_len + 1;
595
596 return xmemdupz(val, out_len);
597 }
598
599 /*
600 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
601 * This operation is guaranteed to run in constant time to avoid leaking data.
602 */
603 static int constant_memequal(const char *a, const char *b, size_t n)
604 {
605 int res = 0;
606 size_t i;
607
608 for (i = 0; i < n; i++)
609 res |= a[i] ^ b[i];
610 return res;
611 }
612
613 static const char *check_nonce(const char *buf, size_t len)
614 {
615 char *nonce = find_header(buf, len, "nonce", NULL);
616 timestamp_t stamp, ostamp;
617 char *bohmac, *expect = NULL;
618 const char *retval = NONCE_BAD;
619 size_t noncelen;
620
621 if (!nonce) {
622 retval = NONCE_MISSING;
623 goto leave;
624 } else if (!push_cert_nonce) {
625 retval = NONCE_UNSOLICITED;
626 goto leave;
627 } else if (!strcmp(push_cert_nonce, nonce)) {
628 retval = NONCE_OK;
629 goto leave;
630 }
631
632 if (!stateless_rpc) {
633 /* returned nonce MUST match what we gave out earlier */
634 retval = NONCE_BAD;
635 goto leave;
636 }
637
638 /*
639 * In stateless mode, we may be receiving a nonce issued by
640 * another instance of the server that serving the same
641 * repository, and the timestamps may not match, but the
642 * nonce-seed and dir should match, so we can recompute and
643 * report the time slop.
644 *
645 * In addition, when a nonce issued by another instance has
646 * timestamp within receive.certnonceslop seconds, we pretend
647 * as if we issued that nonce when reporting to the hook.
648 */
649
650 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
651 if (*nonce <= '0' || '9' < *nonce) {
652 retval = NONCE_BAD;
653 goto leave;
654 }
655 stamp = parse_timestamp(nonce, &bohmac, 10);
656 if (bohmac == nonce || bohmac[0] != '-') {
657 retval = NONCE_BAD;
658 goto leave;
659 }
660
661 noncelen = strlen(nonce);
662 expect = prepare_push_cert_nonce(service_dir, stamp);
663 if (noncelen != strlen(expect)) {
664 /* This is not even the right size. */
665 retval = NONCE_BAD;
666 goto leave;
667 }
668 if (constant_memequal(expect, nonce, noncelen)) {
669 /* Not what we would have signed earlier */
670 retval = NONCE_BAD;
671 goto leave;
672 }
673
674 /*
675 * By how many seconds is this nonce stale? Negative value
676 * would mean it was issued by another server with its clock
677 * skewed in the future.
678 */
679 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
680 nonce_stamp_slop = (long)ostamp - (long)stamp;
681
682 if (nonce_stamp_slop_limit &&
683 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
684 /*
685 * Pretend as if the received nonce (which passes the
686 * HMAC check, so it is not a forged by third-party)
687 * is what we issued.
688 */
689 free((void *)push_cert_nonce);
690 push_cert_nonce = xstrdup(nonce);
691 retval = NONCE_OK;
692 } else {
693 retval = NONCE_SLOP;
694 }
695
696 leave:
697 free(nonce);
698 free(expect);
699 return retval;
700 }
701
702 /*
703 * Return 1 if there is no push_cert or if the push options in push_cert are
704 * the same as those in the argument; 0 otherwise.
705 */
706 static int check_cert_push_options(const struct string_list *push_options)
707 {
708 const char *buf = push_cert.buf;
709 int len = push_cert.len;
710
711 char *option;
712 const char *next_line;
713 int options_seen = 0;
714
715 int retval = 1;
716
717 if (!len)
718 return 1;
719
720 while ((option = find_header(buf, len, "push-option", &next_line))) {
721 len -= (next_line - buf);
722 buf = next_line;
723 options_seen++;
724 if (options_seen > push_options->nr
725 || strcmp(option,
726 push_options->items[options_seen - 1].string)) {
727 retval = 0;
728 goto leave;
729 }
730 free(option);
731 }
732
733 if (options_seen != push_options->nr)
734 retval = 0;
735
736 leave:
737 free(option);
738 return retval;
739 }
740
741 static void prepare_push_cert_sha1(struct child_process *proc)
742 {
743 static int already_done;
744
745 if (!push_cert.len)
746 return;
747
748 if (!already_done) {
749 int bogs /* beginning_of_gpg_sig */;
750
751 already_done = 1;
752 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
753 &push_cert_oid))
754 oidclr(&push_cert_oid);
755
756 memset(&sigcheck, '\0', sizeof(sigcheck));
757
758 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
759 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
760 sigcheck.payload_len = bogs;
761 check_signature(&sigcheck, push_cert.buf + bogs,
762 push_cert.len - bogs);
763
764 nonce_status = check_nonce(push_cert.buf, bogs);
765 }
766 if (!is_null_oid(&push_cert_oid)) {
767 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
768 oid_to_hex(&push_cert_oid));
769 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
770 sigcheck.signer ? sigcheck.signer : "");
771 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
772 sigcheck.key ? sigcheck.key : "");
773 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
774 sigcheck.result);
775 if (push_cert_nonce) {
776 strvec_pushf(&proc->env_array,
777 "GIT_PUSH_CERT_NONCE=%s",
778 push_cert_nonce);
779 strvec_pushf(&proc->env_array,
780 "GIT_PUSH_CERT_NONCE_STATUS=%s",
781 nonce_status);
782 if (nonce_status == NONCE_SLOP)
783 strvec_pushf(&proc->env_array,
784 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
785 nonce_stamp_slop);
786 }
787 }
788 }
789
790 struct receive_hook_feed_state {
791 struct command *cmd;
792 struct ref_push_report *report;
793 int skip_broken;
794 struct strbuf buf;
795 const struct string_list *push_options;
796 };
797
798 typedef int (*feed_fn)(void *, const char **, size_t *);
799 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
800 struct receive_hook_feed_state *feed_state)
801 {
802 struct child_process proc = CHILD_PROCESS_INIT;
803 struct async muxer;
804 int code;
805 const char *hook_path = find_hook(hook_name);
806
807 if (!hook_path)
808 return 0;
809
810 strvec_push(&proc.args, hook_path);
811 proc.in = -1;
812 proc.stdout_to_stderr = 1;
813 proc.trace2_hook_name = hook_name;
814
815 if (feed_state->push_options) {
816 int i;
817 for (i = 0; i < feed_state->push_options->nr; i++)
818 strvec_pushf(&proc.env_array,
819 "GIT_PUSH_OPTION_%d=%s", i,
820 feed_state->push_options->items[i].string);
821 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
822 feed_state->push_options->nr);
823 } else
824 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
825
826 if (tmp_objdir)
827 strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
828
829 if (use_sideband) {
830 memset(&muxer, 0, sizeof(muxer));
831 muxer.proc = copy_to_sideband;
832 muxer.in = -1;
833 code = start_async(&muxer);
834 if (code)
835 return code;
836 proc.err = muxer.in;
837 }
838
839 prepare_push_cert_sha1(&proc);
840
841 code = start_command(&proc);
842 if (code) {
843 if (use_sideband)
844 finish_async(&muxer);
845 return code;
846 }
847
848 sigchain_push(SIGPIPE, SIG_IGN);
849
850 while (1) {
851 const char *buf;
852 size_t n;
853 if (feed(feed_state, &buf, &n))
854 break;
855 if (write_in_full(proc.in, buf, n) < 0)
856 break;
857 }
858 close(proc.in);
859 if (use_sideband)
860 finish_async(&muxer);
861
862 sigchain_pop(SIGPIPE);
863
864 return finish_command(&proc);
865 }
866
867 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
868 {
869 struct receive_hook_feed_state *state = state_;
870 struct command *cmd = state->cmd;
871
872 while (cmd &&
873 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
874 cmd = cmd->next;
875 if (!cmd)
876 return -1; /* EOF */
877 if (!bufp)
878 return 0; /* OK, can feed something. */
879 strbuf_reset(&state->buf);
880 if (!state->report)
881 state->report = cmd->report;
882 if (state->report) {
883 struct object_id *old_oid;
884 struct object_id *new_oid;
885 const char *ref_name;
886
887 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
888 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
889 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
890 strbuf_addf(&state->buf, "%s %s %s\n",
891 oid_to_hex(old_oid), oid_to_hex(new_oid),
892 ref_name);
893 state->report = state->report->next;
894 if (!state->report)
895 state->cmd = cmd->next;
896 } else {
897 strbuf_addf(&state->buf, "%s %s %s\n",
898 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
899 cmd->ref_name);
900 state->cmd = cmd->next;
901 }
902 if (bufp) {
903 *bufp = state->buf.buf;
904 *sizep = state->buf.len;
905 }
906 return 0;
907 }
908
909 static int run_receive_hook(struct command *commands,
910 const char *hook_name,
911 int skip_broken,
912 const struct string_list *push_options)
913 {
914 struct receive_hook_feed_state state;
915 int status;
916
917 strbuf_init(&state.buf, 0);
918 state.cmd = commands;
919 state.skip_broken = skip_broken;
920 state.report = NULL;
921 if (feed_receive_hook(&state, NULL, NULL))
922 return 0;
923 state.cmd = commands;
924 state.push_options = push_options;
925 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
926 strbuf_release(&state.buf);
927 return status;
928 }
929
930 static int run_update_hook(struct command *cmd)
931 {
932 struct child_process proc = CHILD_PROCESS_INIT;
933 int code;
934 const char *hook_path = find_hook("update");
935
936 if (!hook_path)
937 return 0;
938
939 strvec_push(&proc.args, hook_path);
940 strvec_push(&proc.args, cmd->ref_name);
941 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
942 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
943
944 proc.no_stdin = 1;
945 proc.stdout_to_stderr = 1;
946 proc.err = use_sideband ? -1 : 0;
947 proc.trace2_hook_name = "update";
948
949 code = start_command(&proc);
950 if (code)
951 return code;
952 if (use_sideband)
953 copy_to_sideband(proc.err, -1, NULL);
954 return finish_command(&proc);
955 }
956
957 static struct command *find_command_by_refname(struct command *list,
958 const char *refname)
959 {
960 for (; list; list = list->next)
961 if (!strcmp(list->ref_name, refname))
962 return list;
963 return NULL;
964 }
965
966 static int read_proc_receive_report(struct packet_reader *reader,
967 struct command *commands,
968 struct strbuf *errmsg)
969 {
970 struct command *cmd;
971 struct command *hint = NULL;
972 struct ref_push_report *report = NULL;
973 int new_report = 0;
974 int code = 0;
975 int once = 0;
976 int response = 0;
977
978 for (;;) {
979 struct object_id old_oid, new_oid;
980 const char *head;
981 const char *refname;
982 char *p;
983 enum packet_read_status status;
984
985 status = packet_reader_read(reader);
986 if (status != PACKET_READ_NORMAL) {
987 /* Check whether proc-receive exited abnormally */
988 if (status == PACKET_READ_EOF && !response) {
989 strbuf_addstr(errmsg, "proc-receive exited abnormally");
990 return -1;
991 }
992 break;
993 }
994 response++;
995
996 head = reader->line;
997 p = strchr(head, ' ');
998 if (!p) {
999 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1000 code = -1;
1001 continue;
1002 }
1003 *p++ = '\0';
1004 if (!strcmp(head, "option")) {
1005 const char *key, *val;
1006
1007 if (!hint || !(report || new_report)) {
1008 if (!once++)
1009 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1010 code = -1;
1011 continue;
1012 }
1013 if (new_report) {
1014 if (!hint->report) {
1015 CALLOC_ARRAY(hint->report, 1);
1016 report = hint->report;
1017 } else {
1018 report = hint->report;
1019 while (report->next)
1020 report = report->next;
1021 report->next = xcalloc(1, sizeof(struct ref_push_report));
1022 report = report->next;
1023 }
1024 new_report = 0;
1025 }
1026 key = p;
1027 p = strchr(key, ' ');
1028 if (p)
1029 *p++ = '\0';
1030 val = p;
1031 if (!strcmp(key, "refname"))
1032 report->ref_name = xstrdup_or_null(val);
1033 else if (!strcmp(key, "old-oid") && val &&
1034 !parse_oid_hex(val, &old_oid, &val))
1035 report->old_oid = oiddup(&old_oid);
1036 else if (!strcmp(key, "new-oid") && val &&
1037 !parse_oid_hex(val, &new_oid, &val))
1038 report->new_oid = oiddup(&new_oid);
1039 else if (!strcmp(key, "forced-update"))
1040 report->forced_update = 1;
1041 else if (!strcmp(key, "fall-through"))
1042 /* Fall through, let 'receive-pack' to execute it. */
1043 hint->run_proc_receive = 0;
1044 continue;
1045 }
1046
1047 report = NULL;
1048 new_report = 0;
1049 refname = p;
1050 p = strchr(refname, ' ');
1051 if (p)
1052 *p++ = '\0';
1053 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1054 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1055 head, refname);
1056 code = -1;
1057 continue;
1058 }
1059
1060 /* first try searching at our hint, falling back to all refs */
1061 if (hint)
1062 hint = find_command_by_refname(hint, refname);
1063 if (!hint)
1064 hint = find_command_by_refname(commands, refname);
1065 if (!hint) {
1066 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1067 refname);
1068 code = -1;
1069 continue;
1070 }
1071 if (!hint->run_proc_receive) {
1072 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1073 refname);
1074 code = -1;
1075 continue;
1076 }
1077 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1078 if (!strcmp(head, "ng")) {
1079 if (p)
1080 hint->error_string = xstrdup(p);
1081 else
1082 hint->error_string = "failed";
1083 code = -1;
1084 continue;
1085 }
1086 new_report = 1;
1087 }
1088
1089 for (cmd = commands; cmd; cmd = cmd->next)
1090 if (cmd->run_proc_receive && !cmd->error_string &&
1091 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1092 cmd->error_string = "proc-receive failed to report status";
1093 code = -1;
1094 }
1095 return code;
1096 }
1097
1098 static int run_proc_receive_hook(struct command *commands,
1099 const struct string_list *push_options)
1100 {
1101 struct child_process proc = CHILD_PROCESS_INIT;
1102 struct async muxer;
1103 struct command *cmd;
1104 struct packet_reader reader;
1105 struct strbuf cap = STRBUF_INIT;
1106 struct strbuf errmsg = STRBUF_INIT;
1107 int hook_use_push_options = 0;
1108 int version = 0;
1109 int code;
1110 const char *hook_path = find_hook("proc-receive");
1111
1112 if (!hook_path) {
1113 rp_error("cannot find hook 'proc-receive'");
1114 return -1;
1115 }
1116
1117 strvec_push(&proc.args, hook_path);
1118 proc.in = -1;
1119 proc.out = -1;
1120 proc.trace2_hook_name = "proc-receive";
1121
1122 if (use_sideband) {
1123 memset(&muxer, 0, sizeof(muxer));
1124 muxer.proc = copy_to_sideband;
1125 muxer.in = -1;
1126 code = start_async(&muxer);
1127 if (code)
1128 return code;
1129 proc.err = muxer.in;
1130 } else {
1131 proc.err = 0;
1132 }
1133
1134 code = start_command(&proc);
1135 if (code) {
1136 if (use_sideband)
1137 finish_async(&muxer);
1138 return code;
1139 }
1140
1141 sigchain_push(SIGPIPE, SIG_IGN);
1142
1143 /* Version negotiaton */
1144 packet_reader_init(&reader, proc.out, NULL, 0,
1145 PACKET_READ_CHOMP_NEWLINE |
1146 PACKET_READ_GENTLE_ON_EOF);
1147 if (use_atomic)
1148 strbuf_addstr(&cap, " atomic");
1149 if (use_push_options)
1150 strbuf_addstr(&cap, " push-options");
1151 if (cap.len) {
1152 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1153 strbuf_release(&cap);
1154 } else {
1155 code = packet_write_fmt_gently(proc.in, "version=1\n");
1156 }
1157 if (!code)
1158 code = packet_flush_gently(proc.in);
1159
1160 if (!code)
1161 for (;;) {
1162 int linelen;
1163 enum packet_read_status status;
1164
1165 status = packet_reader_read(&reader);
1166 if (status != PACKET_READ_NORMAL) {
1167 /* Check whether proc-receive exited abnormally */
1168 if (status == PACKET_READ_EOF)
1169 code = -1;
1170 break;
1171 }
1172
1173 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1174 version = atoi(reader.line + 8);
1175 linelen = strlen(reader.line);
1176 if (linelen < reader.pktlen) {
1177 const char *feature_list = reader.line + linelen + 1;
1178 if (parse_feature_request(feature_list, "push-options"))
1179 hook_use_push_options = 1;
1180 }
1181 }
1182 }
1183
1184 if (code) {
1185 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1186 goto cleanup;
1187 }
1188
1189 switch (version) {
1190 case 0:
1191 /* fallthrough */
1192 case 1:
1193 break;
1194 default:
1195 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1196 version);
1197 code = -1;
1198 goto cleanup;
1199 }
1200
1201 /* Send commands */
1202 for (cmd = commands; cmd; cmd = cmd->next) {
1203 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1204 continue;
1205 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1206 oid_to_hex(&cmd->old_oid),
1207 oid_to_hex(&cmd->new_oid),
1208 cmd->ref_name);
1209 if (code)
1210 break;
1211 }
1212 if (!code)
1213 code = packet_flush_gently(proc.in);
1214 if (code) {
1215 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1216 goto cleanup;
1217 }
1218
1219 /* Send push options */
1220 if (hook_use_push_options) {
1221 struct string_list_item *item;
1222
1223 for_each_string_list_item(item, push_options) {
1224 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1225 if (code)
1226 break;
1227 }
1228 if (!code)
1229 code = packet_flush_gently(proc.in);
1230 if (code) {
1231 strbuf_addstr(&errmsg,
1232 "fail to write push-options to proc-receive hook");
1233 goto cleanup;
1234 }
1235 }
1236
1237 /* Read result from proc-receive */
1238 code = read_proc_receive_report(&reader, commands, &errmsg);
1239
1240 cleanup:
1241 close(proc.in);
1242 close(proc.out);
1243 if (use_sideband)
1244 finish_async(&muxer);
1245 if (finish_command(&proc))
1246 code = -1;
1247 if (errmsg.len >0) {
1248 char *p = errmsg.buf;
1249
1250 p += errmsg.len - 1;
1251 if (*p == '\n')
1252 *p = '\0';
1253 rp_error("%s", errmsg.buf);
1254 strbuf_release(&errmsg);
1255 }
1256 sigchain_pop(SIGPIPE);
1257
1258 return code;
1259 }
1260
1261 static char *refuse_unconfigured_deny_msg =
1262 N_("By default, updating the current branch in a non-bare repository\n"
1263 "is denied, because it will make the index and work tree inconsistent\n"
1264 "with what you pushed, and will require 'git reset --hard' to match\n"
1265 "the work tree to HEAD.\n"
1266 "\n"
1267 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1268 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1269 "its current branch; however, this is not recommended unless you\n"
1270 "arranged to update its work tree to match what you pushed in some\n"
1271 "other way.\n"
1272 "\n"
1273 "To squelch this message and still keep the default behaviour, set\n"
1274 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1275
1276 static void refuse_unconfigured_deny(void)
1277 {
1278 rp_error("%s", _(refuse_unconfigured_deny_msg));
1279 }
1280
1281 static char *refuse_unconfigured_deny_delete_current_msg =
1282 N_("By default, deleting the current branch is denied, because the next\n"
1283 "'git clone' won't result in any file checked out, causing confusion.\n"
1284 "\n"
1285 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1286 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1287 "current branch, with or without a warning message.\n"
1288 "\n"
1289 "To squelch this message, you can set it to 'refuse'.");
1290
1291 static void refuse_unconfigured_deny_delete_current(void)
1292 {
1293 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1294 }
1295
1296 static const struct object_id *command_singleton_iterator(void *cb_data);
1297 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1298 {
1299 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1300 struct oid_array extra = OID_ARRAY_INIT;
1301 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1302 uint32_t mask = 1 << (cmd->index % 32);
1303 int i;
1304
1305 trace_printf_key(&trace_shallow,
1306 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1307 for (i = 0; i < si->shallow->nr; i++)
1308 if (si->used_shallow[i] &&
1309 (si->used_shallow[i][cmd->index / 32] & mask) &&
1310 !delayed_reachability_test(si, i))
1311 oid_array_append(&extra, &si->shallow->oid[i]);
1312
1313 opt.env = tmp_objdir_env(tmp_objdir);
1314 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1315 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1316 rollback_shallow_file(the_repository, &shallow_lock);
1317 oid_array_clear(&extra);
1318 return -1;
1319 }
1320
1321 commit_shallow_file(the_repository, &shallow_lock);
1322
1323 /*
1324 * Make sure setup_alternate_shallow() for the next ref does
1325 * not lose these new roots..
1326 */
1327 for (i = 0; i < extra.nr; i++)
1328 register_shallow(the_repository, &extra.oid[i]);
1329
1330 si->shallow_ref[cmd->index] = 0;
1331 oid_array_clear(&extra);
1332 return 0;
1333 }
1334
1335 /*
1336 * NEEDSWORK: we should consolidate various implementions of "are we
1337 * on an unborn branch?" test into one, and make the unified one more
1338 * robust. !get_sha1() based check used here and elsewhere would not
1339 * allow us to tell an unborn branch from corrupt ref, for example.
1340 * For the purpose of fixing "deploy-to-update does not work when
1341 * pushing into an empty repository" issue, this should suffice for
1342 * now.
1343 */
1344 static int head_has_history(void)
1345 {
1346 struct object_id oid;
1347
1348 return !get_oid("HEAD", &oid);
1349 }
1350
1351 static const char *push_to_deploy(unsigned char *sha1,
1352 struct strvec *env,
1353 const char *work_tree)
1354 {
1355 struct child_process child = CHILD_PROCESS_INIT;
1356
1357 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1358 "--refresh", NULL);
1359 strvec_pushv(&child.env_array, env->v);
1360 child.dir = work_tree;
1361 child.no_stdin = 1;
1362 child.stdout_to_stderr = 1;
1363 child.git_cmd = 1;
1364 if (run_command(&child))
1365 return "Up-to-date check failed";
1366
1367 /* run_command() does not clean up completely; reinitialize */
1368 child_process_init(&child);
1369 strvec_pushl(&child.args, "diff-files", "--quiet",
1370 "--ignore-submodules", "--", NULL);
1371 strvec_pushv(&child.env_array, env->v);
1372 child.dir = work_tree;
1373 child.no_stdin = 1;
1374 child.stdout_to_stderr = 1;
1375 child.git_cmd = 1;
1376 if (run_command(&child))
1377 return "Working directory has unstaged changes";
1378
1379 child_process_init(&child);
1380 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1381 "--ignore-submodules",
1382 /* diff-index with either HEAD or an empty tree */
1383 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1384 "--", NULL);
1385 strvec_pushv(&child.env_array, env->v);
1386 child.no_stdin = 1;
1387 child.no_stdout = 1;
1388 child.stdout_to_stderr = 0;
1389 child.git_cmd = 1;
1390 if (run_command(&child))
1391 return "Working directory has staged changes";
1392
1393 child_process_init(&child);
1394 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1395 NULL);
1396 strvec_pushv(&child.env_array, env->v);
1397 child.dir = work_tree;
1398 child.no_stdin = 1;
1399 child.no_stdout = 1;
1400 child.stdout_to_stderr = 0;
1401 child.git_cmd = 1;
1402 if (run_command(&child))
1403 return "Could not update working tree to new HEAD";
1404
1405 return NULL;
1406 }
1407
1408 static const char *push_to_checkout_hook = "push-to-checkout";
1409
1410 static const char *push_to_checkout(unsigned char *hash,
1411 struct strvec *env,
1412 const char *work_tree)
1413 {
1414 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1415
1416 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1417 strvec_pushv(&opt.env, env->v);
1418 strvec_push(&opt.args, hash_to_hex(hash));
1419 if (run_hooks_opt(push_to_checkout_hook, &opt))
1420 return "push-to-checkout hook declined";
1421 else
1422 return NULL;
1423 }
1424
1425 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1426 {
1427 const char *retval, *git_dir;
1428 struct strvec env = STRVEC_INIT;
1429
1430 if (!worktree || !worktree->path)
1431 BUG("worktree->path must be non-NULL");
1432
1433 if (worktree->is_bare)
1434 return "denyCurrentBranch = updateInstead needs a worktree";
1435 git_dir = get_worktree_git_dir(worktree);
1436
1437 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1438
1439 if (!hook_exists(push_to_checkout_hook))
1440 retval = push_to_deploy(sha1, &env, worktree->path);
1441 else
1442 retval = push_to_checkout(sha1, &env, worktree->path);
1443
1444 strvec_clear(&env);
1445 return retval;
1446 }
1447
1448 static const char *update(struct command *cmd, struct shallow_info *si)
1449 {
1450 const char *name = cmd->ref_name;
1451 struct strbuf namespaced_name_buf = STRBUF_INIT;
1452 static char *namespaced_name;
1453 const char *ret;
1454 struct object_id *old_oid = &cmd->old_oid;
1455 struct object_id *new_oid = &cmd->new_oid;
1456 int do_update_worktree = 0;
1457 struct worktree **worktrees = get_worktrees();
1458 const struct worktree *worktree =
1459 find_shared_symref(worktrees, "HEAD", name);
1460
1461 /* only refs/... are allowed */
1462 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1463 rp_error("refusing to create funny ref '%s' remotely", name);
1464 ret = "funny refname";
1465 goto out;
1466 }
1467
1468 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1469 free(namespaced_name);
1470 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1471
1472 if (worktree && !worktree->is_bare) {
1473 switch (deny_current_branch) {
1474 case DENY_IGNORE:
1475 break;
1476 case DENY_WARN:
1477 rp_warning("updating the current branch");
1478 break;
1479 case DENY_REFUSE:
1480 case DENY_UNCONFIGURED:
1481 rp_error("refusing to update checked out branch: %s", name);
1482 if (deny_current_branch == DENY_UNCONFIGURED)
1483 refuse_unconfigured_deny();
1484 ret = "branch is currently checked out";
1485 goto out;
1486 case DENY_UPDATE_INSTEAD:
1487 /* pass -- let other checks intervene first */
1488 do_update_worktree = 1;
1489 break;
1490 }
1491 }
1492
1493 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1494 error("unpack should have generated %s, "
1495 "but I can't find it!", oid_to_hex(new_oid));
1496 ret = "bad pack";
1497 goto out;
1498 }
1499
1500 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1501 if (deny_deletes && starts_with(name, "refs/heads/")) {
1502 rp_error("denying ref deletion for %s", name);
1503 ret = "deletion prohibited";
1504 goto out;
1505 }
1506
1507 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1508 switch (deny_delete_current) {
1509 case DENY_IGNORE:
1510 break;
1511 case DENY_WARN:
1512 rp_warning("deleting the current branch");
1513 break;
1514 case DENY_REFUSE:
1515 case DENY_UNCONFIGURED:
1516 case DENY_UPDATE_INSTEAD:
1517 if (deny_delete_current == DENY_UNCONFIGURED)
1518 refuse_unconfigured_deny_delete_current();
1519 rp_error("refusing to delete the current branch: %s", name);
1520 ret = "deletion of the current branch prohibited";
1521 goto out;
1522 default:
1523 ret = "Invalid denyDeleteCurrent setting";
1524 goto out;
1525 }
1526 }
1527 }
1528
1529 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1530 !is_null_oid(old_oid) &&
1531 starts_with(name, "refs/heads/")) {
1532 struct object *old_object, *new_object;
1533 struct commit *old_commit, *new_commit;
1534
1535 old_object = parse_object(the_repository, old_oid);
1536 new_object = parse_object(the_repository, new_oid);
1537
1538 if (!old_object || !new_object ||
1539 old_object->type != OBJ_COMMIT ||
1540 new_object->type != OBJ_COMMIT) {
1541 error("bad sha1 objects for %s", name);
1542 ret = "bad ref";
1543 goto out;
1544 }
1545 old_commit = (struct commit *)old_object;
1546 new_commit = (struct commit *)new_object;
1547 if (!in_merge_bases(old_commit, new_commit)) {
1548 rp_error("denying non-fast-forward %s"
1549 " (you should pull first)", name);
1550 ret = "non-fast-forward";
1551 goto out;
1552 }
1553 }
1554 if (run_update_hook(cmd)) {
1555 rp_error("hook declined to update %s", name);
1556 ret = "hook declined";
1557 goto out;
1558 }
1559
1560 if (do_update_worktree) {
1561 ret = update_worktree(new_oid->hash, worktree);
1562 if (ret)
1563 goto out;
1564 }
1565
1566 if (is_null_oid(new_oid)) {
1567 struct strbuf err = STRBUF_INIT;
1568 if (!parse_object(the_repository, old_oid)) {
1569 old_oid = NULL;
1570 if (ref_exists(name)) {
1571 rp_warning("allowing deletion of corrupt ref");
1572 } else {
1573 rp_warning("deleting a non-existent ref");
1574 cmd->did_not_exist = 1;
1575 }
1576 }
1577 if (ref_transaction_delete(transaction,
1578 namespaced_name,
1579 old_oid,
1580 0, "push", &err)) {
1581 rp_error("%s", err.buf);
1582 ret = "failed to delete";
1583 } else {
1584 ret = NULL; /* good */
1585 }
1586 strbuf_release(&err);
1587 }
1588 else {
1589 struct strbuf err = STRBUF_INIT;
1590 if (shallow_update && si->shallow_ref[cmd->index] &&
1591 update_shallow_ref(cmd, si)) {
1592 ret = "shallow error";
1593 goto out;
1594 }
1595
1596 if (ref_transaction_update(transaction,
1597 namespaced_name,
1598 new_oid, old_oid,
1599 0, "push",
1600 &err)) {
1601 rp_error("%s", err.buf);
1602 ret = "failed to update ref";
1603 } else {
1604 ret = NULL; /* good */
1605 }
1606 strbuf_release(&err);
1607 }
1608
1609 out:
1610 free_worktrees(worktrees);
1611 return ret;
1612 }
1613
1614 static void run_update_post_hook(struct command *commands)
1615 {
1616 struct command *cmd;
1617 struct child_process proc = CHILD_PROCESS_INIT;
1618 const char *hook;
1619
1620 hook = find_hook("post-update");
1621 if (!hook)
1622 return;
1623
1624 for (cmd = commands; cmd; cmd = cmd->next) {
1625 if (cmd->error_string || cmd->did_not_exist)
1626 continue;
1627 if (!proc.args.nr)
1628 strvec_push(&proc.args, hook);
1629 strvec_push(&proc.args, cmd->ref_name);
1630 }
1631 if (!proc.args.nr)
1632 return;
1633
1634 proc.no_stdin = 1;
1635 proc.stdout_to_stderr = 1;
1636 proc.err = use_sideband ? -1 : 0;
1637 proc.trace2_hook_name = "post-update";
1638
1639 if (!start_command(&proc)) {
1640 if (use_sideband)
1641 copy_to_sideband(proc.err, -1, NULL);
1642 finish_command(&proc);
1643 }
1644 }
1645
1646 static void check_aliased_update_internal(struct command *cmd,
1647 struct string_list *list,
1648 const char *dst_name, int flag)
1649 {
1650 struct string_list_item *item;
1651 struct command *dst_cmd;
1652
1653 if (!(flag & REF_ISSYMREF))
1654 return;
1655
1656 if (!dst_name) {
1657 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1658 cmd->skip_update = 1;
1659 cmd->error_string = "broken symref";
1660 return;
1661 }
1662 dst_name = strip_namespace(dst_name);
1663
1664 if ((item = string_list_lookup(list, dst_name)) == NULL)
1665 return;
1666
1667 cmd->skip_update = 1;
1668
1669 dst_cmd = (struct command *) item->util;
1670
1671 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1672 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1673 return;
1674
1675 dst_cmd->skip_update = 1;
1676
1677 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1678 " its target '%s' (%s..%s)",
1679 cmd->ref_name,
1680 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1681 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1682 dst_cmd->ref_name,
1683 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1684 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1685
1686 cmd->error_string = dst_cmd->error_string =
1687 "inconsistent aliased update";
1688 }
1689
1690 static void check_aliased_update(struct command *cmd, struct string_list *list)
1691 {
1692 struct strbuf buf = STRBUF_INIT;
1693 const char *dst_name;
1694 int flag;
1695
1696 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1697 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1698 check_aliased_update_internal(cmd, list, dst_name, flag);
1699 strbuf_release(&buf);
1700 }
1701
1702 static void check_aliased_updates(struct command *commands)
1703 {
1704 struct command *cmd;
1705 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1706
1707 for (cmd = commands; cmd; cmd = cmd->next) {
1708 struct string_list_item *item =
1709 string_list_append(&ref_list, cmd->ref_name);
1710 item->util = (void *)cmd;
1711 }
1712 string_list_sort(&ref_list);
1713
1714 for (cmd = commands; cmd; cmd = cmd->next) {
1715 if (!cmd->error_string)
1716 check_aliased_update(cmd, &ref_list);
1717 }
1718
1719 string_list_clear(&ref_list, 0);
1720 }
1721
1722 static const struct object_id *command_singleton_iterator(void *cb_data)
1723 {
1724 struct command **cmd_list = cb_data;
1725 struct command *cmd = *cmd_list;
1726
1727 if (!cmd || is_null_oid(&cmd->new_oid))
1728 return NULL;
1729 *cmd_list = NULL; /* this returns only one */
1730 return &cmd->new_oid;
1731 }
1732
1733 static void set_connectivity_errors(struct command *commands,
1734 struct shallow_info *si)
1735 {
1736 struct command *cmd;
1737
1738 for (cmd = commands; cmd; cmd = cmd->next) {
1739 struct command *singleton = cmd;
1740 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1741
1742 if (shallow_update && si->shallow_ref[cmd->index])
1743 /* to be checked in update_shallow_ref() */
1744 continue;
1745
1746 opt.env = tmp_objdir_env(tmp_objdir);
1747 if (!check_connected(command_singleton_iterator, &singleton,
1748 &opt))
1749 continue;
1750
1751 cmd->error_string = "missing necessary objects";
1752 }
1753 }
1754
1755 struct iterate_data {
1756 struct command *cmds;
1757 struct shallow_info *si;
1758 };
1759
1760 static const struct object_id *iterate_receive_command_list(void *cb_data)
1761 {
1762 struct iterate_data *data = cb_data;
1763 struct command **cmd_list = &data->cmds;
1764 struct command *cmd = *cmd_list;
1765
1766 for (; cmd; cmd = cmd->next) {
1767 if (shallow_update && data->si->shallow_ref[cmd->index])
1768 /* to be checked in update_shallow_ref() */
1769 continue;
1770 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1771 *cmd_list = cmd->next;
1772 return &cmd->new_oid;
1773 }
1774 }
1775 return NULL;
1776 }
1777
1778 static void reject_updates_to_hidden(struct command *commands)
1779 {
1780 struct strbuf refname_full = STRBUF_INIT;
1781 size_t prefix_len;
1782 struct command *cmd;
1783
1784 strbuf_addstr(&refname_full, get_git_namespace());
1785 prefix_len = refname_full.len;
1786
1787 for (cmd = commands; cmd; cmd = cmd->next) {
1788 if (cmd->error_string)
1789 continue;
1790
1791 strbuf_setlen(&refname_full, prefix_len);
1792 strbuf_addstr(&refname_full, cmd->ref_name);
1793
1794 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1795 continue;
1796 if (is_null_oid(&cmd->new_oid))
1797 cmd->error_string = "deny deleting a hidden ref";
1798 else
1799 cmd->error_string = "deny updating a hidden ref";
1800 }
1801
1802 strbuf_release(&refname_full);
1803 }
1804
1805 static int should_process_cmd(struct command *cmd)
1806 {
1807 return !cmd->error_string && !cmd->skip_update;
1808 }
1809
1810 static void warn_if_skipped_connectivity_check(struct command *commands,
1811 struct shallow_info *si)
1812 {
1813 struct command *cmd;
1814 int checked_connectivity = 1;
1815
1816 for (cmd = commands; cmd; cmd = cmd->next) {
1817 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1818 error("BUG: connectivity check has not been run on ref %s",
1819 cmd->ref_name);
1820 checked_connectivity = 0;
1821 }
1822 }
1823 if (!checked_connectivity)
1824 BUG("connectivity check skipped???");
1825 }
1826
1827 static void execute_commands_non_atomic(struct command *commands,
1828 struct shallow_info *si)
1829 {
1830 struct command *cmd;
1831 struct strbuf err = STRBUF_INIT;
1832
1833 for (cmd = commands; cmd; cmd = cmd->next) {
1834 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1835 continue;
1836
1837 transaction = ref_transaction_begin(&err);
1838 if (!transaction) {
1839 rp_error("%s", err.buf);
1840 strbuf_reset(&err);
1841 cmd->error_string = "transaction failed to start";
1842 continue;
1843 }
1844
1845 cmd->error_string = update(cmd, si);
1846
1847 if (!cmd->error_string
1848 && ref_transaction_commit(transaction, &err)) {
1849 rp_error("%s", err.buf);
1850 strbuf_reset(&err);
1851 cmd->error_string = "failed to update ref";
1852 }
1853 ref_transaction_free(transaction);
1854 }
1855 strbuf_release(&err);
1856 }
1857
1858 static void execute_commands_atomic(struct command *commands,
1859 struct shallow_info *si)
1860 {
1861 struct command *cmd;
1862 struct strbuf err = STRBUF_INIT;
1863 const char *reported_error = "atomic push failure";
1864
1865 transaction = ref_transaction_begin(&err);
1866 if (!transaction) {
1867 rp_error("%s", err.buf);
1868 strbuf_reset(&err);
1869 reported_error = "transaction failed to start";
1870 goto failure;
1871 }
1872
1873 for (cmd = commands; cmd; cmd = cmd->next) {
1874 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1875 continue;
1876
1877 cmd->error_string = update(cmd, si);
1878
1879 if (cmd->error_string)
1880 goto failure;
1881 }
1882
1883 if (ref_transaction_commit(transaction, &err)) {
1884 rp_error("%s", err.buf);
1885 reported_error = "atomic transaction failed";
1886 goto failure;
1887 }
1888 goto cleanup;
1889
1890 failure:
1891 for (cmd = commands; cmd; cmd = cmd->next)
1892 if (!cmd->error_string)
1893 cmd->error_string = reported_error;
1894
1895 cleanup:
1896 ref_transaction_free(transaction);
1897 strbuf_release(&err);
1898 }
1899
1900 static void execute_commands(struct command *commands,
1901 const char *unpacker_error,
1902 struct shallow_info *si,
1903 const struct string_list *push_options)
1904 {
1905 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1906 struct command *cmd;
1907 struct iterate_data data;
1908 struct async muxer;
1909 int err_fd = 0;
1910 int run_proc_receive = 0;
1911
1912 if (unpacker_error) {
1913 for (cmd = commands; cmd; cmd = cmd->next)
1914 cmd->error_string = "unpacker error";
1915 return;
1916 }
1917
1918 if (use_sideband) {
1919 memset(&muxer, 0, sizeof(muxer));
1920 muxer.proc = copy_to_sideband;
1921 muxer.in = -1;
1922 if (!start_async(&muxer))
1923 err_fd = muxer.in;
1924 /* ...else, continue without relaying sideband */
1925 }
1926
1927 data.cmds = commands;
1928 data.si = si;
1929 opt.err_fd = err_fd;
1930 opt.progress = err_fd && !quiet;
1931 opt.env = tmp_objdir_env(tmp_objdir);
1932 if (check_connected(iterate_receive_command_list, &data, &opt))
1933 set_connectivity_errors(commands, si);
1934
1935 if (use_sideband)
1936 finish_async(&muxer);
1937
1938 reject_updates_to_hidden(commands);
1939
1940 /*
1941 * Try to find commands that have special prefix in their reference names,
1942 * and mark them to run an external "proc-receive" hook later.
1943 */
1944 if (proc_receive_ref) {
1945 for (cmd = commands; cmd; cmd = cmd->next) {
1946 if (!should_process_cmd(cmd))
1947 continue;
1948
1949 if (proc_receive_ref_matches(cmd)) {
1950 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1951 run_proc_receive = 1;
1952 }
1953 }
1954 }
1955
1956 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1957 for (cmd = commands; cmd; cmd = cmd->next) {
1958 if (!cmd->error_string)
1959 cmd->error_string = "pre-receive hook declined";
1960 }
1961 return;
1962 }
1963
1964 /*
1965 * If there is no command ready to run, should return directly to destroy
1966 * temporary data in the quarantine area.
1967 */
1968 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1969 ; /* nothing */
1970 if (!cmd)
1971 return;
1972
1973 /*
1974 * Now we'll start writing out refs, which means the objects need
1975 * to be in their final positions so that other processes can see them.
1976 */
1977 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1978 for (cmd = commands; cmd; cmd = cmd->next) {
1979 if (!cmd->error_string)
1980 cmd->error_string = "unable to migrate objects to permanent storage";
1981 }
1982 return;
1983 }
1984 tmp_objdir = NULL;
1985
1986 check_aliased_updates(commands);
1987
1988 free(head_name_to_free);
1989 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1990
1991 if (run_proc_receive &&
1992 run_proc_receive_hook(commands, push_options))
1993 for (cmd = commands; cmd; cmd = cmd->next)
1994 if (!cmd->error_string &&
1995 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1996 (cmd->run_proc_receive || use_atomic))
1997 cmd->error_string = "fail to run proc-receive hook";
1998
1999 if (use_atomic)
2000 execute_commands_atomic(commands, si);
2001 else
2002 execute_commands_non_atomic(commands, si);
2003
2004 if (shallow_update)
2005 warn_if_skipped_connectivity_check(commands, si);
2006 }
2007
2008 static struct command **queue_command(struct command **tail,
2009 const char *line,
2010 int linelen)
2011 {
2012 struct object_id old_oid, new_oid;
2013 struct command *cmd;
2014 const char *refname;
2015 int reflen;
2016 const char *p;
2017
2018 if (parse_oid_hex(line, &old_oid, &p) ||
2019 *p++ != ' ' ||
2020 parse_oid_hex(p, &new_oid, &p) ||
2021 *p++ != ' ')
2022 die("protocol error: expected old/new/ref, got '%s'", line);
2023
2024 refname = p;
2025 reflen = linelen - (p - line);
2026 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2027 oidcpy(&cmd->old_oid, &old_oid);
2028 oidcpy(&cmd->new_oid, &new_oid);
2029 *tail = cmd;
2030 return &cmd->next;
2031 }
2032
2033 static void queue_commands_from_cert(struct command **tail,
2034 struct strbuf *push_cert)
2035 {
2036 const char *boc, *eoc;
2037
2038 if (*tail)
2039 die("protocol error: got both push certificate and unsigned commands");
2040
2041 boc = strstr(push_cert->buf, "\n\n");
2042 if (!boc)
2043 die("malformed push certificate %.*s", 100, push_cert->buf);
2044 else
2045 boc += 2;
2046 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2047
2048 while (boc < eoc) {
2049 const char *eol = memchr(boc, '\n', eoc - boc);
2050 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2051 boc = eol ? eol + 1 : eoc;
2052 }
2053 }
2054
2055 static struct command *read_head_info(struct packet_reader *reader,
2056 struct oid_array *shallow)
2057 {
2058 struct command *commands = NULL;
2059 struct command **p = &commands;
2060 for (;;) {
2061 int linelen;
2062
2063 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2064 break;
2065
2066 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2067 struct object_id oid;
2068 if (get_oid_hex(reader->line + 8, &oid))
2069 die("protocol error: expected shallow sha, got '%s'",
2070 reader->line + 8);
2071 oid_array_append(shallow, &oid);
2072 continue;
2073 }
2074
2075 linelen = strlen(reader->line);
2076 if (linelen < reader->pktlen) {
2077 const char *feature_list = reader->line + linelen + 1;
2078 const char *hash = NULL;
2079 const char *client_sid;
2080 int len = 0;
2081 if (parse_feature_request(feature_list, "report-status"))
2082 report_status = 1;
2083 if (parse_feature_request(feature_list, "report-status-v2"))
2084 report_status_v2 = 1;
2085 if (parse_feature_request(feature_list, "side-band-64k"))
2086 use_sideband = LARGE_PACKET_MAX;
2087 if (parse_feature_request(feature_list, "quiet"))
2088 quiet = 1;
2089 if (advertise_atomic_push
2090 && parse_feature_request(feature_list, "atomic"))
2091 use_atomic = 1;
2092 if (advertise_push_options
2093 && parse_feature_request(feature_list, "push-options"))
2094 use_push_options = 1;
2095 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2096 if (!hash) {
2097 hash = hash_algos[GIT_HASH_SHA1].name;
2098 len = strlen(hash);
2099 }
2100 if (xstrncmpz(the_hash_algo->name, hash, len))
2101 die("error: unsupported object format '%s'", hash);
2102 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2103 if (client_sid) {
2104 char *sid = xstrndup(client_sid, len);
2105 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2106 free(sid);
2107 }
2108 }
2109
2110 if (!strcmp(reader->line, "push-cert")) {
2111 int true_flush = 0;
2112 int saved_options = reader->options;
2113 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2114
2115 for (;;) {
2116 packet_reader_read(reader);
2117 if (reader->status == PACKET_READ_FLUSH) {
2118 true_flush = 1;
2119 break;
2120 }
2121 if (reader->status != PACKET_READ_NORMAL) {
2122 die("protocol error: got an unexpected packet");
2123 }
2124 if (!strcmp(reader->line, "push-cert-end\n"))
2125 break; /* end of cert */
2126 strbuf_addstr(&push_cert, reader->line);
2127 }
2128 reader->options = saved_options;
2129
2130 if (true_flush)
2131 break;
2132 continue;
2133 }
2134
2135 p = queue_command(p, reader->line, linelen);
2136 }
2137
2138 if (push_cert.len)
2139 queue_commands_from_cert(p, &push_cert);
2140
2141 return commands;
2142 }
2143
2144 static void read_push_options(struct packet_reader *reader,
2145 struct string_list *options)
2146 {
2147 while (1) {
2148 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2149 break;
2150
2151 string_list_append(options, reader->line);
2152 }
2153 }
2154
2155 static const char *parse_pack_header(struct pack_header *hdr)
2156 {
2157 switch (read_pack_header(0, hdr)) {
2158 case PH_ERROR_EOF:
2159 return "eof before pack header was fully read";
2160
2161 case PH_ERROR_PACK_SIGNATURE:
2162 return "protocol error (pack signature mismatch detected)";
2163
2164 case PH_ERROR_PROTOCOL:
2165 return "protocol error (pack version unsupported)";
2166
2167 default:
2168 return "unknown error in parse_pack_header";
2169
2170 case 0:
2171 return NULL;
2172 }
2173 }
2174
2175 static const char *pack_lockfile;
2176
2177 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2178 {
2179 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2180 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2181 }
2182
2183 static const char *unpack(int err_fd, struct shallow_info *si)
2184 {
2185 struct pack_header hdr;
2186 const char *hdr_err;
2187 int status;
2188 struct child_process child = CHILD_PROCESS_INIT;
2189 int fsck_objects = (receive_fsck_objects >= 0
2190 ? receive_fsck_objects
2191 : transfer_fsck_objects >= 0
2192 ? transfer_fsck_objects
2193 : 0);
2194
2195 hdr_err = parse_pack_header(&hdr);
2196 if (hdr_err) {
2197 if (err_fd > 0)
2198 close(err_fd);
2199 return hdr_err;
2200 }
2201
2202 if (si->nr_ours || si->nr_theirs) {
2203 alt_shallow_file = setup_temporary_shallow(si->shallow);
2204 strvec_push(&child.args, "--shallow-file");
2205 strvec_push(&child.args, alt_shallow_file);
2206 }
2207
2208 tmp_objdir = tmp_objdir_create("incoming");
2209 if (!tmp_objdir) {
2210 if (err_fd > 0)
2211 close(err_fd);
2212 return "unable to create temporary object directory";
2213 }
2214 if (tmp_objdir)
2215 strvec_pushv(&child.env_array, tmp_objdir_env(tmp_objdir));
2216
2217 /*
2218 * Normally we just pass the tmp_objdir environment to the child
2219 * processes that do the heavy lifting, but we may need to see these
2220 * objects ourselves to set up shallow information.
2221 */
2222 tmp_objdir_add_as_alternate(tmp_objdir);
2223
2224 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2225 strvec_push(&child.args, "unpack-objects");
2226 push_header_arg(&child.args, &hdr);
2227 if (quiet)
2228 strvec_push(&child.args, "-q");
2229 if (fsck_objects)
2230 strvec_pushf(&child.args, "--strict%s",
2231 fsck_msg_types.buf);
2232 if (max_input_size)
2233 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2234 (uintmax_t)max_input_size);
2235 child.no_stdout = 1;
2236 child.err = err_fd;
2237 child.git_cmd = 1;
2238 status = run_command(&child);
2239 if (status)
2240 return "unpack-objects abnormal exit";
2241 } else {
2242 char hostname[HOST_NAME_MAX + 1];
2243
2244 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2245 push_header_arg(&child.args, &hdr);
2246
2247 if (xgethostname(hostname, sizeof(hostname)))
2248 xsnprintf(hostname, sizeof(hostname), "localhost");
2249 strvec_pushf(&child.args,
2250 "--keep=receive-pack %"PRIuMAX" on %s",
2251 (uintmax_t)getpid(),
2252 hostname);
2253
2254 if (!quiet && err_fd)
2255 strvec_push(&child.args, "--show-resolving-progress");
2256 if (use_sideband)
2257 strvec_push(&child.args, "--report-end-of-input");
2258 if (fsck_objects)
2259 strvec_pushf(&child.args, "--strict%s",
2260 fsck_msg_types.buf);
2261 if (!reject_thin)
2262 strvec_push(&child.args, "--fix-thin");
2263 if (max_input_size)
2264 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2265 (uintmax_t)max_input_size);
2266 child.out = -1;
2267 child.err = err_fd;
2268 child.git_cmd = 1;
2269 status = start_command(&child);
2270 if (status)
2271 return "index-pack fork failed";
2272 pack_lockfile = index_pack_lockfile(child.out, NULL);
2273 close(child.out);
2274 status = finish_command(&child);
2275 if (status)
2276 return "index-pack abnormal exit";
2277 reprepare_packed_git(the_repository);
2278 }
2279 return NULL;
2280 }
2281
2282 static const char *unpack_with_sideband(struct shallow_info *si)
2283 {
2284 struct async muxer;
2285 const char *ret;
2286
2287 if (!use_sideband)
2288 return unpack(0, si);
2289
2290 use_keepalive = KEEPALIVE_AFTER_NUL;
2291 memset(&muxer, 0, sizeof(muxer));
2292 muxer.proc = copy_to_sideband;
2293 muxer.in = -1;
2294 if (start_async(&muxer))
2295 return NULL;
2296
2297 ret = unpack(muxer.in, si);
2298
2299 finish_async(&muxer);
2300 return ret;
2301 }
2302
2303 static void prepare_shallow_update(struct shallow_info *si)
2304 {
2305 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2306
2307 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2308 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2309
2310 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2311 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2312 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2313
2314 for (i = 0; i < si->nr_ours; i++)
2315 si->need_reachability_test[si->ours[i]] = 1;
2316
2317 for (i = 0; i < si->shallow->nr; i++) {
2318 if (!si->used_shallow[i])
2319 continue;
2320 for (j = 0; j < bitmap_size; j++) {
2321 if (!si->used_shallow[i][j])
2322 continue;
2323 si->need_reachability_test[i]++;
2324 for (k = 0; k < 32; k++)
2325 if (si->used_shallow[i][j] & (1U << k))
2326 si->shallow_ref[j * 32 + k]++;
2327 }
2328
2329 /*
2330 * true for those associated with some refs and belong
2331 * in "ours" list aka "step 7 not done yet"
2332 */
2333 si->need_reachability_test[i] =
2334 si->need_reachability_test[i] > 1;
2335 }
2336
2337 /*
2338 * keep hooks happy by forcing a temporary shallow file via
2339 * env variable because we can't add --shallow-file to every
2340 * command. check_connected() will be done with
2341 * true .git/shallow though.
2342 */
2343 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2344 }
2345
2346 static void update_shallow_info(struct command *commands,
2347 struct shallow_info *si,
2348 struct oid_array *ref)
2349 {
2350 struct command *cmd;
2351 int *ref_status;
2352 remove_nonexistent_theirs_shallow(si);
2353 if (!si->nr_ours && !si->nr_theirs) {
2354 shallow_update = 0;
2355 return;
2356 }
2357
2358 for (cmd = commands; cmd; cmd = cmd->next) {
2359 if (is_null_oid(&cmd->new_oid))
2360 continue;
2361 oid_array_append(ref, &cmd->new_oid);
2362 cmd->index = ref->nr - 1;
2363 }
2364 si->ref = ref;
2365
2366 if (shallow_update) {
2367 prepare_shallow_update(si);
2368 return;
2369 }
2370
2371 ALLOC_ARRAY(ref_status, ref->nr);
2372 assign_shallow_commits_to_refs(si, NULL, ref_status);
2373 for (cmd = commands; cmd; cmd = cmd->next) {
2374 if (is_null_oid(&cmd->new_oid))
2375 continue;
2376 if (ref_status[cmd->index]) {
2377 cmd->error_string = "shallow update not allowed";
2378 cmd->skip_update = 1;
2379 }
2380 }
2381 free(ref_status);
2382 }
2383
2384 static void report(struct command *commands, const char *unpack_status)
2385 {
2386 struct command *cmd;
2387 struct strbuf buf = STRBUF_INIT;
2388
2389 packet_buf_write(&buf, "unpack %s\n",
2390 unpack_status ? unpack_status : "ok");
2391 for (cmd = commands; cmd; cmd = cmd->next) {
2392 if (!cmd->error_string)
2393 packet_buf_write(&buf, "ok %s\n",
2394 cmd->ref_name);
2395 else
2396 packet_buf_write(&buf, "ng %s %s\n",
2397 cmd->ref_name, cmd->error_string);
2398 }
2399 packet_buf_flush(&buf);
2400
2401 if (use_sideband)
2402 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2403 else
2404 write_or_die(1, buf.buf, buf.len);
2405 strbuf_release(&buf);
2406 }
2407
2408 static void report_v2(struct command *commands, const char *unpack_status)
2409 {
2410 struct command *cmd;
2411 struct strbuf buf = STRBUF_INIT;
2412 struct ref_push_report *report;
2413
2414 packet_buf_write(&buf, "unpack %s\n",
2415 unpack_status ? unpack_status : "ok");
2416 for (cmd = commands; cmd; cmd = cmd->next) {
2417 int count = 0;
2418
2419 if (cmd->error_string) {
2420 packet_buf_write(&buf, "ng %s %s\n",
2421 cmd->ref_name,
2422 cmd->error_string);
2423 continue;
2424 }
2425 packet_buf_write(&buf, "ok %s\n",
2426 cmd->ref_name);
2427 for (report = cmd->report; report; report = report->next) {
2428 if (count++ > 0)
2429 packet_buf_write(&buf, "ok %s\n",
2430 cmd->ref_name);
2431 if (report->ref_name)
2432 packet_buf_write(&buf, "option refname %s\n",
2433 report->ref_name);
2434 if (report->old_oid)
2435 packet_buf_write(&buf, "option old-oid %s\n",
2436 oid_to_hex(report->old_oid));
2437 if (report->new_oid)
2438 packet_buf_write(&buf, "option new-oid %s\n",
2439 oid_to_hex(report->new_oid));
2440 if (report->forced_update)
2441 packet_buf_write(&buf, "option forced-update\n");
2442 }
2443 }
2444 packet_buf_flush(&buf);
2445
2446 if (use_sideband)
2447 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2448 else
2449 write_or_die(1, buf.buf, buf.len);
2450 strbuf_release(&buf);
2451 }
2452
2453 static int delete_only(struct command *commands)
2454 {
2455 struct command *cmd;
2456 for (cmd = commands; cmd; cmd = cmd->next) {
2457 if (!is_null_oid(&cmd->new_oid))
2458 return 0;
2459 }
2460 return 1;
2461 }
2462
2463 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2464 {
2465 int advertise_refs = 0;
2466 struct command *commands;
2467 struct oid_array shallow = OID_ARRAY_INIT;
2468 struct oid_array ref = OID_ARRAY_INIT;
2469 struct shallow_info si;
2470 struct packet_reader reader;
2471
2472 struct option options[] = {
2473 OPT__QUIET(&quiet, N_("quiet")),
2474 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2475 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2476 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2477 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2478 OPT_END()
2479 };
2480
2481 packet_trace_identity("receive-pack");
2482
2483 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2484
2485 if (argc > 1)
2486 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2487 if (argc == 0)
2488 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2489
2490 service_dir = argv[0];
2491
2492 setup_path();
2493
2494 if (!enter_repo(service_dir, 0))
2495 die("'%s' does not appear to be a git repository", service_dir);
2496
2497 git_config(receive_pack_config, NULL);
2498 if (cert_nonce_seed)
2499 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2500
2501 if (0 <= transfer_unpack_limit)
2502 unpack_limit = transfer_unpack_limit;
2503 else if (0 <= receive_unpack_limit)
2504 unpack_limit = receive_unpack_limit;
2505
2506 switch (determine_protocol_version_server()) {
2507 case protocol_v2:
2508 /*
2509 * push support for protocol v2 has not been implemented yet,
2510 * so ignore the request to use v2 and fallback to using v0.
2511 */
2512 break;
2513 case protocol_v1:
2514 /*
2515 * v1 is just the original protocol with a version string,
2516 * so just fall through after writing the version string.
2517 */
2518 if (advertise_refs || !stateless_rpc)
2519 packet_write_fmt(1, "version 1\n");
2520
2521 /* fallthrough */
2522 case protocol_v0:
2523 break;
2524 case protocol_unknown_version:
2525 BUG("unknown protocol version");
2526 }
2527
2528 if (advertise_refs || !stateless_rpc) {
2529 write_head_info();
2530 }
2531 if (advertise_refs)
2532 return 0;
2533
2534 packet_reader_init(&reader, 0, NULL, 0,
2535 PACKET_READ_CHOMP_NEWLINE |
2536 PACKET_READ_DIE_ON_ERR_PACKET);
2537
2538 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2539 const char *unpack_status = NULL;
2540 struct string_list push_options = STRING_LIST_INIT_DUP;
2541
2542 if (use_push_options)
2543 read_push_options(&reader, &push_options);
2544 if (!check_cert_push_options(&push_options)) {
2545 struct command *cmd;
2546 for (cmd = commands; cmd; cmd = cmd->next)
2547 cmd->error_string = "inconsistent push options";
2548 }
2549
2550 prepare_shallow_info(&si, &shallow);
2551 if (!si.nr_ours && !si.nr_theirs)
2552 shallow_update = 0;
2553 if (!delete_only(commands)) {
2554 unpack_status = unpack_with_sideband(&si);
2555 update_shallow_info(commands, &si, &ref);
2556 }
2557 use_keepalive = KEEPALIVE_ALWAYS;
2558 execute_commands(commands, unpack_status, &si,
2559 &push_options);
2560 if (pack_lockfile)
2561 unlink_or_warn(pack_lockfile);
2562 sigchain_push(SIGPIPE, SIG_IGN);
2563 if (report_status_v2)
2564 report_v2(commands, unpack_status);
2565 else if (report_status)
2566 report(commands, unpack_status);
2567 sigchain_pop(SIGPIPE);
2568 run_receive_hook(commands, "post-receive", 1,
2569 &push_options);
2570 run_update_post_hook(commands);
2571 string_list_clear(&push_options, 0);
2572 if (auto_gc) {
2573 struct child_process proc = CHILD_PROCESS_INIT;
2574
2575 proc.no_stdin = 1;
2576 proc.stdout_to_stderr = 1;
2577 proc.err = use_sideband ? -1 : 0;
2578 proc.git_cmd = proc.close_object_store = 1;
2579 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2580 NULL);
2581
2582 if (!start_command(&proc)) {
2583 if (use_sideband)
2584 copy_to_sideband(proc.err, -1, NULL);
2585 finish_command(&proc);
2586 }
2587 }
2588 if (auto_update_server_info)
2589 update_server_info(0);
2590 clear_shallow_info(&si);
2591 }
2592 if (use_sideband)
2593 packet_flush(1);
2594 oid_array_clear(&shallow);
2595 oid_array_clear(&ref);
2596 free((void *)push_cert_nonce);
2597 return 0;
2598 }
Unnamed repository; edit this file 'description' to name the repository.