]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
submodule-config.c: strengthen URL fsck check
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "environment.h"
6 #include "gettext.h"
7 #include "hex.h"
8 #include "lockfile.h"
9 #include "pack.h"
10 #include "refs.h"
11 #include "pkt-line.h"
12 #include "sideband.h"
13 #include "run-command.h"
14 #include "hook.h"
15 #include "exec-cmd.h"
16 #include "commit.h"
17 #include "object.h"
18 #include "remote.h"
19 #include "connect.h"
20 #include "string-list.h"
21 #include "oid-array.h"
22 #include "connected.h"
23 #include "strvec.h"
24 #include "version.h"
25 #include "tag.h"
26 #include "gpg-interface.h"
27 #include "sigchain.h"
28 #include "fsck.h"
29 #include "tmp-objdir.h"
30 #include "oidset.h"
31 #include "packfile.h"
32 #include "object-name.h"
33 #include "object-store-ll.h"
34 #include "path.h"
35 #include "protocol.h"
36 #include "commit-reach.h"
37 #include "server-info.h"
38 #include "trace.h"
39 #include "trace2.h"
40 #include "worktree.h"
41 #include "shallow.h"
42 #include "parse-options.h"
43
44 static const char * const receive_pack_usage[] = {
45 N_("git receive-pack <git-dir>"),
46 NULL
47 };
48
49 enum deny_action {
50 DENY_UNCONFIGURED,
51 DENY_IGNORE,
52 DENY_WARN,
53 DENY_REFUSE,
54 DENY_UPDATE_INSTEAD
55 };
56
57 static int deny_deletes;
58 static int deny_non_fast_forwards;
59 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
60 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
61 static int receive_fsck_objects = -1;
62 static int transfer_fsck_objects = -1;
63 static struct strbuf fsck_msg_types = STRBUF_INIT;
64 static int receive_unpack_limit = -1;
65 static int transfer_unpack_limit = -1;
66 static int advertise_atomic_push = 1;
67 static int advertise_push_options;
68 static int advertise_sid;
69 static int unpack_limit = 100;
70 static off_t max_input_size;
71 static int report_status;
72 static int report_status_v2;
73 static int use_sideband;
74 static int use_atomic;
75 static int use_push_options;
76 static int quiet;
77 static int prefer_ofs_delta = 1;
78 static int auto_update_server_info;
79 static int auto_gc = 1;
80 static int reject_thin;
81 static int stateless_rpc;
82 static const char *service_dir;
83 static const char *head_name;
84 static void *head_name_to_free;
85 static int sent_capabilities;
86 static int shallow_update;
87 static const char *alt_shallow_file;
88 static struct strbuf push_cert = STRBUF_INIT;
89 static struct object_id push_cert_oid;
90 static struct signature_check sigcheck;
91 static const char *push_cert_nonce;
92 static const char *cert_nonce_seed;
93 static struct strvec hidden_refs = STRVEC_INIT;
94
95 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
96 static const char *NONCE_BAD = "BAD";
97 static const char *NONCE_MISSING = "MISSING";
98 static const char *NONCE_OK = "OK";
99 static const char *NONCE_SLOP = "SLOP";
100 static const char *nonce_status;
101 static long nonce_stamp_slop;
102 static timestamp_t nonce_stamp_slop_limit;
103 static struct ref_transaction *transaction;
104
105 static enum {
106 KEEPALIVE_NEVER = 0,
107 KEEPALIVE_AFTER_NUL,
108 KEEPALIVE_ALWAYS
109 } use_keepalive;
110 static int keepalive_in_sec = 5;
111
112 static struct tmp_objdir *tmp_objdir;
113
114 static struct proc_receive_ref {
115 unsigned int want_add:1,
116 want_delete:1,
117 want_modify:1,
118 negative_ref:1;
119 char *ref_prefix;
120 struct proc_receive_ref *next;
121 } *proc_receive_ref;
122
123 static void proc_receive_ref_append(const char *prefix);
124
125 static enum deny_action parse_deny_action(const char *var, const char *value)
126 {
127 if (value) {
128 if (!strcasecmp(value, "ignore"))
129 return DENY_IGNORE;
130 if (!strcasecmp(value, "warn"))
131 return DENY_WARN;
132 if (!strcasecmp(value, "refuse"))
133 return DENY_REFUSE;
134 if (!strcasecmp(value, "updateinstead"))
135 return DENY_UPDATE_INSTEAD;
136 }
137 if (git_config_bool(var, value))
138 return DENY_REFUSE;
139 return DENY_IGNORE;
140 }
141
142 static int receive_pack_config(const char *var, const char *value,
143 const struct config_context *ctx, void *cb)
144 {
145 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
146
147 if (status)
148 return status;
149
150 if (strcmp(var, "receive.denydeletes") == 0) {
151 deny_deletes = git_config_bool(var, value);
152 return 0;
153 }
154
155 if (strcmp(var, "receive.denynonfastforwards") == 0) {
156 deny_non_fast_forwards = git_config_bool(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "receive.unpacklimit") == 0) {
161 receive_unpack_limit = git_config_int(var, value, ctx->kvi);
162 return 0;
163 }
164
165 if (strcmp(var, "transfer.unpacklimit") == 0) {
166 transfer_unpack_limit = git_config_int(var, value, ctx->kvi);
167 return 0;
168 }
169
170 if (strcmp(var, "receive.fsck.skiplist") == 0) {
171 const char *path;
172
173 if (git_config_pathname(&path, var, value))
174 return 1;
175 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
176 fsck_msg_types.len ? ',' : '=', path);
177 free((char *)path);
178 return 0;
179 }
180
181 if (skip_prefix(var, "receive.fsck.", &var)) {
182 if (is_valid_msg_type(var, value))
183 strbuf_addf(&fsck_msg_types, "%c%s=%s",
184 fsck_msg_types.len ? ',' : '=', var, value);
185 else
186 warning("skipping unknown msg id '%s'", var);
187 return 0;
188 }
189
190 if (strcmp(var, "receive.fsckobjects") == 0) {
191 receive_fsck_objects = git_config_bool(var, value);
192 return 0;
193 }
194
195 if (strcmp(var, "transfer.fsckobjects") == 0) {
196 transfer_fsck_objects = git_config_bool(var, value);
197 return 0;
198 }
199
200 if (!strcmp(var, "receive.denycurrentbranch")) {
201 deny_current_branch = parse_deny_action(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "receive.denydeletecurrent") == 0) {
206 deny_delete_current = parse_deny_action(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
211 prefer_ofs_delta = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.updateserverinfo") == 0) {
216 auto_update_server_info = git_config_bool(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.autogc") == 0) {
221 auto_gc = git_config_bool(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.shallowupdate") == 0) {
226 shallow_update = git_config_bool(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.certnonceseed") == 0)
231 return git_config_string(&cert_nonce_seed, var, value);
232
233 if (strcmp(var, "receive.certnonceslop") == 0) {
234 nonce_stamp_slop_limit = git_config_ulong(var, value, ctx->kvi);
235 return 0;
236 }
237
238 if (strcmp(var, "receive.advertiseatomic") == 0) {
239 advertise_atomic_push = git_config_bool(var, value);
240 return 0;
241 }
242
243 if (strcmp(var, "receive.advertisepushoptions") == 0) {
244 advertise_push_options = git_config_bool(var, value);
245 return 0;
246 }
247
248 if (strcmp(var, "receive.keepalive") == 0) {
249 keepalive_in_sec = git_config_int(var, value, ctx->kvi);
250 return 0;
251 }
252
253 if (strcmp(var, "receive.maxinputsize") == 0) {
254 max_input_size = git_config_int64(var, value, ctx->kvi);
255 return 0;
256 }
257
258 if (strcmp(var, "receive.procreceiverefs") == 0) {
259 if (!value)
260 return config_error_nonbool(var);
261 proc_receive_ref_append(value);
262 return 0;
263 }
264
265 if (strcmp(var, "transfer.advertisesid") == 0) {
266 advertise_sid = git_config_bool(var, value);
267 return 0;
268 }
269
270 return git_default_config(var, value, ctx, cb);
271 }
272
273 static void show_ref(const char *path, const struct object_id *oid)
274 {
275 if (sent_capabilities) {
276 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
277 } else {
278 struct strbuf cap = STRBUF_INIT;
279
280 strbuf_addstr(&cap,
281 "report-status report-status-v2 delete-refs side-band-64k quiet");
282 if (advertise_atomic_push)
283 strbuf_addstr(&cap, " atomic");
284 if (prefer_ofs_delta)
285 strbuf_addstr(&cap, " ofs-delta");
286 if (push_cert_nonce)
287 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
288 if (advertise_push_options)
289 strbuf_addstr(&cap, " push-options");
290 if (advertise_sid)
291 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
292 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
293 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
294 packet_write_fmt(1, "%s %s%c%s\n",
295 oid_to_hex(oid), path, 0, cap.buf);
296 strbuf_release(&cap);
297 sent_capabilities = 1;
298 }
299 }
300
301 static int show_ref_cb(const char *path_full, const struct object_id *oid,
302 int flag UNUSED, void *data)
303 {
304 struct oidset *seen = data;
305 const char *path = strip_namespace(path_full);
306
307 if (ref_is_hidden(path, path_full, &hidden_refs))
308 return 0;
309
310 /*
311 * Advertise refs outside our current namespace as ".have"
312 * refs, so that the client can use them to minimize data
313 * transfer but will otherwise ignore them.
314 */
315 if (!path) {
316 if (oidset_insert(seen, oid))
317 return 0;
318 path = ".have";
319 } else {
320 oidset_insert(seen, oid);
321 }
322 show_ref(path, oid);
323 return 0;
324 }
325
326 static void show_one_alternate_ref(const struct object_id *oid,
327 void *data)
328 {
329 struct oidset *seen = data;
330
331 if (oidset_insert(seen, oid))
332 return;
333
334 show_ref(".have", oid);
335 }
336
337 static void write_head_info(void)
338 {
339 static struct oidset seen = OIDSET_INIT;
340
341 refs_for_each_fullref_in(get_main_ref_store(the_repository), "",
342 hidden_refs_to_excludes(&hidden_refs),
343 show_ref_cb, &seen);
344 for_each_alternate_ref(show_one_alternate_ref, &seen);
345 oidset_clear(&seen);
346 if (!sent_capabilities)
347 show_ref("capabilities^{}", null_oid());
348
349 advertise_shallow_grafts(1);
350
351 /* EOF */
352 packet_flush(1);
353 }
354
355 #define RUN_PROC_RECEIVE_SCHEDULED 1
356 #define RUN_PROC_RECEIVE_RETURNED 2
357 struct command {
358 struct command *next;
359 const char *error_string;
360 struct ref_push_report *report;
361 unsigned int skip_update:1,
362 did_not_exist:1,
363 run_proc_receive:2;
364 int index;
365 struct object_id old_oid;
366 struct object_id new_oid;
367 char ref_name[FLEX_ARRAY]; /* more */
368 };
369
370 static void proc_receive_ref_append(const char *prefix)
371 {
372 struct proc_receive_ref *ref_pattern;
373 char *p;
374 int len;
375
376 CALLOC_ARRAY(ref_pattern, 1);
377 p = strchr(prefix, ':');
378 if (p) {
379 while (prefix < p) {
380 if (*prefix == 'a')
381 ref_pattern->want_add = 1;
382 else if (*prefix == 'd')
383 ref_pattern->want_delete = 1;
384 else if (*prefix == 'm')
385 ref_pattern->want_modify = 1;
386 else if (*prefix == '!')
387 ref_pattern->negative_ref = 1;
388 prefix++;
389 }
390 prefix++;
391 } else {
392 ref_pattern->want_add = 1;
393 ref_pattern->want_delete = 1;
394 ref_pattern->want_modify = 1;
395 }
396 len = strlen(prefix);
397 while (len && prefix[len - 1] == '/')
398 len--;
399 ref_pattern->ref_prefix = xmemdupz(prefix, len);
400 if (!proc_receive_ref) {
401 proc_receive_ref = ref_pattern;
402 } else {
403 struct proc_receive_ref *end;
404
405 end = proc_receive_ref;
406 while (end->next)
407 end = end->next;
408 end->next = ref_pattern;
409 }
410 }
411
412 static int proc_receive_ref_matches(struct command *cmd)
413 {
414 struct proc_receive_ref *p;
415
416 if (!proc_receive_ref)
417 return 0;
418
419 for (p = proc_receive_ref; p; p = p->next) {
420 const char *match = p->ref_prefix;
421 const char *remains;
422
423 if (!p->want_add && is_null_oid(&cmd->old_oid))
424 continue;
425 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
426 continue;
427 else if (!p->want_modify &&
428 !is_null_oid(&cmd->old_oid) &&
429 !is_null_oid(&cmd->new_oid))
430 continue;
431
432 if (skip_prefix(cmd->ref_name, match, &remains) &&
433 (!*remains || *remains == '/')) {
434 if (!p->negative_ref)
435 return 1;
436 } else if (p->negative_ref) {
437 return 1;
438 }
439 }
440 return 0;
441 }
442
443 static void report_message(const char *prefix, const char *err, va_list params)
444 {
445 int sz;
446 char msg[4096];
447
448 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
449 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
450 if (sz > (sizeof(msg) - 1))
451 sz = sizeof(msg) - 1;
452 msg[sz++] = '\n';
453
454 if (use_sideband)
455 send_sideband(1, 2, msg, sz, use_sideband);
456 else
457 xwrite(2, msg, sz);
458 }
459
460 __attribute__((format (printf, 1, 2)))
461 static void rp_warning(const char *err, ...)
462 {
463 va_list params;
464 va_start(params, err);
465 report_message("warning: ", err, params);
466 va_end(params);
467 }
468
469 __attribute__((format (printf, 1, 2)))
470 static void rp_error(const char *err, ...)
471 {
472 va_list params;
473 va_start(params, err);
474 report_message("error: ", err, params);
475 va_end(params);
476 }
477
478 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
479 {
480 char data[128];
481 int keepalive_active = 0;
482
483 if (keepalive_in_sec <= 0)
484 use_keepalive = KEEPALIVE_NEVER;
485 if (use_keepalive == KEEPALIVE_ALWAYS)
486 keepalive_active = 1;
487
488 while (1) {
489 ssize_t sz;
490
491 if (keepalive_active) {
492 struct pollfd pfd;
493 int ret;
494
495 pfd.fd = in;
496 pfd.events = POLLIN;
497 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
498
499 if (ret < 0) {
500 if (errno == EINTR)
501 continue;
502 else
503 break;
504 } else if (ret == 0) {
505 /* no data; send a keepalive packet */
506 static const char buf[] = "0005\1";
507 write_or_die(1, buf, sizeof(buf) - 1);
508 continue;
509 } /* else there is actual data to read */
510 }
511
512 sz = xread(in, data, sizeof(data));
513 if (sz <= 0)
514 break;
515
516 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
517 const char *p = memchr(data, '\0', sz);
518 if (p) {
519 /*
520 * The NUL tells us to start sending keepalives. Make
521 * sure we send any other data we read along
522 * with it.
523 */
524 keepalive_active = 1;
525 send_sideband(1, 2, data, p - data, use_sideband);
526 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
527 continue;
528 }
529 }
530
531 /*
532 * Either we're not looking for a NUL signal, or we didn't see
533 * it yet; just pass along the data.
534 */
535 send_sideband(1, 2, data, sz, use_sideband);
536 }
537 close(in);
538 return 0;
539 }
540
541 static void hmac_hash(unsigned char *out,
542 const char *key_in, size_t key_len,
543 const char *text, size_t text_len)
544 {
545 unsigned char key[GIT_MAX_BLKSZ];
546 unsigned char k_ipad[GIT_MAX_BLKSZ];
547 unsigned char k_opad[GIT_MAX_BLKSZ];
548 int i;
549 git_hash_ctx ctx;
550
551 /* RFC 2104 2. (1) */
552 memset(key, '\0', GIT_MAX_BLKSZ);
553 if (the_hash_algo->blksz < key_len) {
554 the_hash_algo->init_fn(&ctx);
555 the_hash_algo->update_fn(&ctx, key_in, key_len);
556 the_hash_algo->final_fn(key, &ctx);
557 } else {
558 memcpy(key, key_in, key_len);
559 }
560
561 /* RFC 2104 2. (2) & (5) */
562 for (i = 0; i < sizeof(key); i++) {
563 k_ipad[i] = key[i] ^ 0x36;
564 k_opad[i] = key[i] ^ 0x5c;
565 }
566
567 /* RFC 2104 2. (3) & (4) */
568 the_hash_algo->init_fn(&ctx);
569 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
570 the_hash_algo->update_fn(&ctx, text, text_len);
571 the_hash_algo->final_fn(out, &ctx);
572
573 /* RFC 2104 2. (6) & (7) */
574 the_hash_algo->init_fn(&ctx);
575 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
576 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
577 the_hash_algo->final_fn(out, &ctx);
578 }
579
580 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
581 {
582 struct strbuf buf = STRBUF_INIT;
583 unsigned char hash[GIT_MAX_RAWSZ];
584
585 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
586 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
587 strbuf_release(&buf);
588
589 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
590 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
591 return strbuf_detach(&buf, NULL);
592 }
593
594 static char *find_header(const char *msg, size_t len, const char *key,
595 const char **next_line)
596 {
597 size_t out_len;
598 const char *val = find_header_mem(msg, len, key, &out_len);
599
600 if (!val)
601 return NULL;
602
603 if (next_line)
604 *next_line = val + out_len + 1;
605
606 return xmemdupz(val, out_len);
607 }
608
609 /*
610 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
611 * This operation is guaranteed to run in constant time to avoid leaking data.
612 */
613 static int constant_memequal(const char *a, const char *b, size_t n)
614 {
615 int res = 0;
616 size_t i;
617
618 for (i = 0; i < n; i++)
619 res |= a[i] ^ b[i];
620 return res;
621 }
622
623 static const char *check_nonce(const char *buf, size_t len)
624 {
625 char *nonce = find_header(buf, len, "nonce", NULL);
626 timestamp_t stamp, ostamp;
627 char *bohmac, *expect = NULL;
628 const char *retval = NONCE_BAD;
629 size_t noncelen;
630
631 if (!nonce) {
632 retval = NONCE_MISSING;
633 goto leave;
634 } else if (!push_cert_nonce) {
635 retval = NONCE_UNSOLICITED;
636 goto leave;
637 } else if (!strcmp(push_cert_nonce, nonce)) {
638 retval = NONCE_OK;
639 goto leave;
640 }
641
642 if (!stateless_rpc) {
643 /* returned nonce MUST match what we gave out earlier */
644 retval = NONCE_BAD;
645 goto leave;
646 }
647
648 /*
649 * In stateless mode, we may be receiving a nonce issued by
650 * another instance of the server that serving the same
651 * repository, and the timestamps may not match, but the
652 * nonce-seed and dir should match, so we can recompute and
653 * report the time slop.
654 *
655 * In addition, when a nonce issued by another instance has
656 * timestamp within receive.certnonceslop seconds, we pretend
657 * as if we issued that nonce when reporting to the hook.
658 */
659
660 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
661 if (*nonce <= '0' || '9' < *nonce) {
662 retval = NONCE_BAD;
663 goto leave;
664 }
665 stamp = parse_timestamp(nonce, &bohmac, 10);
666 if (bohmac == nonce || bohmac[0] != '-') {
667 retval = NONCE_BAD;
668 goto leave;
669 }
670
671 noncelen = strlen(nonce);
672 expect = prepare_push_cert_nonce(service_dir, stamp);
673 if (noncelen != strlen(expect)) {
674 /* This is not even the right size. */
675 retval = NONCE_BAD;
676 goto leave;
677 }
678 if (constant_memequal(expect, nonce, noncelen)) {
679 /* Not what we would have signed earlier */
680 retval = NONCE_BAD;
681 goto leave;
682 }
683
684 /*
685 * By how many seconds is this nonce stale? Negative value
686 * would mean it was issued by another server with its clock
687 * skewed in the future.
688 */
689 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
690 nonce_stamp_slop = (long)ostamp - (long)stamp;
691
692 if (nonce_stamp_slop_limit &&
693 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
694 /*
695 * Pretend as if the received nonce (which passes the
696 * HMAC check, so it is not a forged by third-party)
697 * is what we issued.
698 */
699 free((void *)push_cert_nonce);
700 push_cert_nonce = xstrdup(nonce);
701 retval = NONCE_OK;
702 } else {
703 retval = NONCE_SLOP;
704 }
705
706 leave:
707 free(nonce);
708 free(expect);
709 return retval;
710 }
711
712 /*
713 * Return 1 if there is no push_cert or if the push options in push_cert are
714 * the same as those in the argument; 0 otherwise.
715 */
716 static int check_cert_push_options(const struct string_list *push_options)
717 {
718 const char *buf = push_cert.buf;
719 int len = push_cert.len;
720
721 char *option;
722 const char *next_line;
723 int options_seen = 0;
724
725 int retval = 1;
726
727 if (!len)
728 return 1;
729
730 while ((option = find_header(buf, len, "push-option", &next_line))) {
731 len -= (next_line - buf);
732 buf = next_line;
733 options_seen++;
734 if (options_seen > push_options->nr
735 || strcmp(option,
736 push_options->items[options_seen - 1].string)) {
737 retval = 0;
738 goto leave;
739 }
740 free(option);
741 }
742
743 if (options_seen != push_options->nr)
744 retval = 0;
745
746 leave:
747 free(option);
748 return retval;
749 }
750
751 static void prepare_push_cert_sha1(struct child_process *proc)
752 {
753 static int already_done;
754
755 if (!push_cert.len)
756 return;
757
758 if (!already_done) {
759 int bogs /* beginning_of_gpg_sig */;
760
761 already_done = 1;
762 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
763 &push_cert_oid))
764 oidclr(&push_cert_oid);
765
766 memset(&sigcheck, '\0', sizeof(sigcheck));
767
768 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
769 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
770 sigcheck.payload_len = bogs;
771 check_signature(&sigcheck, push_cert.buf + bogs,
772 push_cert.len - bogs);
773
774 nonce_status = check_nonce(push_cert.buf, bogs);
775 }
776 if (!is_null_oid(&push_cert_oid)) {
777 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
778 oid_to_hex(&push_cert_oid));
779 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
780 sigcheck.signer ? sigcheck.signer : "");
781 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
782 sigcheck.key ? sigcheck.key : "");
783 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
784 sigcheck.result);
785 if (push_cert_nonce) {
786 strvec_pushf(&proc->env,
787 "GIT_PUSH_CERT_NONCE=%s",
788 push_cert_nonce);
789 strvec_pushf(&proc->env,
790 "GIT_PUSH_CERT_NONCE_STATUS=%s",
791 nonce_status);
792 if (nonce_status == NONCE_SLOP)
793 strvec_pushf(&proc->env,
794 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
795 nonce_stamp_slop);
796 }
797 }
798 }
799
800 struct receive_hook_feed_state {
801 struct command *cmd;
802 struct ref_push_report *report;
803 int skip_broken;
804 struct strbuf buf;
805 const struct string_list *push_options;
806 };
807
808 typedef int (*feed_fn)(void *, const char **, size_t *);
809 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
810 struct receive_hook_feed_state *feed_state)
811 {
812 struct child_process proc = CHILD_PROCESS_INIT;
813 struct async muxer;
814 int code;
815 const char *hook_path = find_hook(hook_name);
816
817 if (!hook_path)
818 return 0;
819
820 strvec_push(&proc.args, hook_path);
821 proc.in = -1;
822 proc.stdout_to_stderr = 1;
823 proc.trace2_hook_name = hook_name;
824
825 if (feed_state->push_options) {
826 size_t i;
827 for (i = 0; i < feed_state->push_options->nr; i++)
828 strvec_pushf(&proc.env,
829 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
830 (uintmax_t)i,
831 feed_state->push_options->items[i].string);
832 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
833 (uintmax_t)feed_state->push_options->nr);
834 } else
835 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
836
837 if (tmp_objdir)
838 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
839
840 if (use_sideband) {
841 memset(&muxer, 0, sizeof(muxer));
842 muxer.proc = copy_to_sideband;
843 muxer.in = -1;
844 code = start_async(&muxer);
845 if (code)
846 return code;
847 proc.err = muxer.in;
848 }
849
850 prepare_push_cert_sha1(&proc);
851
852 code = start_command(&proc);
853 if (code) {
854 if (use_sideband)
855 finish_async(&muxer);
856 return code;
857 }
858
859 sigchain_push(SIGPIPE, SIG_IGN);
860
861 while (1) {
862 const char *buf;
863 size_t n;
864 if (feed(feed_state, &buf, &n))
865 break;
866 if (write_in_full(proc.in, buf, n) < 0)
867 break;
868 }
869 close(proc.in);
870 if (use_sideband)
871 finish_async(&muxer);
872
873 sigchain_pop(SIGPIPE);
874
875 return finish_command(&proc);
876 }
877
878 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
879 {
880 struct receive_hook_feed_state *state = state_;
881 struct command *cmd = state->cmd;
882
883 while (cmd &&
884 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
885 cmd = cmd->next;
886 if (!cmd)
887 return -1; /* EOF */
888 if (!bufp)
889 return 0; /* OK, can feed something. */
890 strbuf_reset(&state->buf);
891 if (!state->report)
892 state->report = cmd->report;
893 if (state->report) {
894 struct object_id *old_oid;
895 struct object_id *new_oid;
896 const char *ref_name;
897
898 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
899 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
900 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
901 strbuf_addf(&state->buf, "%s %s %s\n",
902 oid_to_hex(old_oid), oid_to_hex(new_oid),
903 ref_name);
904 state->report = state->report->next;
905 if (!state->report)
906 state->cmd = cmd->next;
907 } else {
908 strbuf_addf(&state->buf, "%s %s %s\n",
909 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
910 cmd->ref_name);
911 state->cmd = cmd->next;
912 }
913 if (bufp) {
914 *bufp = state->buf.buf;
915 *sizep = state->buf.len;
916 }
917 return 0;
918 }
919
920 static int run_receive_hook(struct command *commands,
921 const char *hook_name,
922 int skip_broken,
923 const struct string_list *push_options)
924 {
925 struct receive_hook_feed_state state;
926 int status;
927
928 strbuf_init(&state.buf, 0);
929 state.cmd = commands;
930 state.skip_broken = skip_broken;
931 state.report = NULL;
932 if (feed_receive_hook(&state, NULL, NULL))
933 return 0;
934 state.cmd = commands;
935 state.push_options = push_options;
936 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
937 strbuf_release(&state.buf);
938 return status;
939 }
940
941 static int run_update_hook(struct command *cmd)
942 {
943 struct child_process proc = CHILD_PROCESS_INIT;
944 int code;
945 const char *hook_path = find_hook("update");
946
947 if (!hook_path)
948 return 0;
949
950 strvec_push(&proc.args, hook_path);
951 strvec_push(&proc.args, cmd->ref_name);
952 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
953 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
954
955 proc.no_stdin = 1;
956 proc.stdout_to_stderr = 1;
957 proc.err = use_sideband ? -1 : 0;
958 proc.trace2_hook_name = "update";
959
960 code = start_command(&proc);
961 if (code)
962 return code;
963 if (use_sideband)
964 copy_to_sideband(proc.err, -1, NULL);
965 return finish_command(&proc);
966 }
967
968 static struct command *find_command_by_refname(struct command *list,
969 const char *refname)
970 {
971 for (; list; list = list->next)
972 if (!strcmp(list->ref_name, refname))
973 return list;
974 return NULL;
975 }
976
977 static int read_proc_receive_report(struct packet_reader *reader,
978 struct command *commands,
979 struct strbuf *errmsg)
980 {
981 struct command *cmd;
982 struct command *hint = NULL;
983 struct ref_push_report *report = NULL;
984 int new_report = 0;
985 int code = 0;
986 int once = 0;
987 int response = 0;
988
989 for (;;) {
990 struct object_id old_oid, new_oid;
991 const char *head;
992 const char *refname;
993 char *p;
994 enum packet_read_status status;
995
996 status = packet_reader_read(reader);
997 if (status != PACKET_READ_NORMAL) {
998 /* Check whether proc-receive exited abnormally */
999 if (status == PACKET_READ_EOF && !response) {
1000 strbuf_addstr(errmsg, "proc-receive exited abnormally");
1001 return -1;
1002 }
1003 break;
1004 }
1005 response++;
1006
1007 head = reader->line;
1008 p = strchr(head, ' ');
1009 if (!p) {
1010 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1011 code = -1;
1012 continue;
1013 }
1014 *p++ = '\0';
1015 if (!strcmp(head, "option")) {
1016 const char *key, *val;
1017
1018 if (!hint || !(report || new_report)) {
1019 if (!once++)
1020 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1021 code = -1;
1022 continue;
1023 }
1024 if (new_report) {
1025 if (!hint->report) {
1026 CALLOC_ARRAY(hint->report, 1);
1027 report = hint->report;
1028 } else {
1029 report = hint->report;
1030 while (report->next)
1031 report = report->next;
1032 report->next = xcalloc(1, sizeof(struct ref_push_report));
1033 report = report->next;
1034 }
1035 new_report = 0;
1036 }
1037 key = p;
1038 p = strchr(key, ' ');
1039 if (p)
1040 *p++ = '\0';
1041 val = p;
1042 if (!strcmp(key, "refname"))
1043 report->ref_name = xstrdup_or_null(val);
1044 else if (!strcmp(key, "old-oid") && val &&
1045 !parse_oid_hex(val, &old_oid, &val))
1046 report->old_oid = oiddup(&old_oid);
1047 else if (!strcmp(key, "new-oid") && val &&
1048 !parse_oid_hex(val, &new_oid, &val))
1049 report->new_oid = oiddup(&new_oid);
1050 else if (!strcmp(key, "forced-update"))
1051 report->forced_update = 1;
1052 else if (!strcmp(key, "fall-through"))
1053 /* Fall through, let 'receive-pack' to execute it. */
1054 hint->run_proc_receive = 0;
1055 continue;
1056 }
1057
1058 report = NULL;
1059 new_report = 0;
1060 refname = p;
1061 p = strchr(refname, ' ');
1062 if (p)
1063 *p++ = '\0';
1064 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1065 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1066 head, refname);
1067 code = -1;
1068 continue;
1069 }
1070
1071 /* first try searching at our hint, falling back to all refs */
1072 if (hint)
1073 hint = find_command_by_refname(hint, refname);
1074 if (!hint)
1075 hint = find_command_by_refname(commands, refname);
1076 if (!hint) {
1077 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1078 refname);
1079 code = -1;
1080 continue;
1081 }
1082 if (!hint->run_proc_receive) {
1083 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1084 refname);
1085 code = -1;
1086 continue;
1087 }
1088 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1089 if (!strcmp(head, "ng")) {
1090 if (p)
1091 hint->error_string = xstrdup(p);
1092 else
1093 hint->error_string = "failed";
1094 code = -1;
1095 continue;
1096 }
1097 new_report = 1;
1098 }
1099
1100 for (cmd = commands; cmd; cmd = cmd->next)
1101 if (cmd->run_proc_receive && !cmd->error_string &&
1102 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1103 cmd->error_string = "proc-receive failed to report status";
1104 code = -1;
1105 }
1106 return code;
1107 }
1108
1109 static int run_proc_receive_hook(struct command *commands,
1110 const struct string_list *push_options)
1111 {
1112 struct child_process proc = CHILD_PROCESS_INIT;
1113 struct async muxer;
1114 struct command *cmd;
1115 struct packet_reader reader;
1116 struct strbuf cap = STRBUF_INIT;
1117 struct strbuf errmsg = STRBUF_INIT;
1118 int hook_use_push_options = 0;
1119 int version = 0;
1120 int code;
1121 const char *hook_path = find_hook("proc-receive");
1122
1123 if (!hook_path) {
1124 rp_error("cannot find hook 'proc-receive'");
1125 return -1;
1126 }
1127
1128 strvec_push(&proc.args, hook_path);
1129 proc.in = -1;
1130 proc.out = -1;
1131 proc.trace2_hook_name = "proc-receive";
1132
1133 if (use_sideband) {
1134 memset(&muxer, 0, sizeof(muxer));
1135 muxer.proc = copy_to_sideband;
1136 muxer.in = -1;
1137 code = start_async(&muxer);
1138 if (code)
1139 return code;
1140 proc.err = muxer.in;
1141 } else {
1142 proc.err = 0;
1143 }
1144
1145 code = start_command(&proc);
1146 if (code) {
1147 if (use_sideband)
1148 finish_async(&muxer);
1149 return code;
1150 }
1151
1152 sigchain_push(SIGPIPE, SIG_IGN);
1153
1154 /* Version negotiaton */
1155 packet_reader_init(&reader, proc.out, NULL, 0,
1156 PACKET_READ_CHOMP_NEWLINE |
1157 PACKET_READ_GENTLE_ON_EOF);
1158 if (use_atomic)
1159 strbuf_addstr(&cap, " atomic");
1160 if (use_push_options)
1161 strbuf_addstr(&cap, " push-options");
1162 if (cap.len) {
1163 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1164 strbuf_release(&cap);
1165 } else {
1166 code = packet_write_fmt_gently(proc.in, "version=1\n");
1167 }
1168 if (!code)
1169 code = packet_flush_gently(proc.in);
1170
1171 if (!code)
1172 for (;;) {
1173 int linelen;
1174 enum packet_read_status status;
1175
1176 status = packet_reader_read(&reader);
1177 if (status != PACKET_READ_NORMAL) {
1178 /* Check whether proc-receive exited abnormally */
1179 if (status == PACKET_READ_EOF)
1180 code = -1;
1181 break;
1182 }
1183
1184 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1185 version = atoi(reader.line + 8);
1186 linelen = strlen(reader.line);
1187 if (linelen < reader.pktlen) {
1188 const char *feature_list = reader.line + linelen + 1;
1189 if (parse_feature_request(feature_list, "push-options"))
1190 hook_use_push_options = 1;
1191 }
1192 }
1193 }
1194
1195 if (code) {
1196 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1197 goto cleanup;
1198 }
1199
1200 switch (version) {
1201 case 0:
1202 /* fallthrough */
1203 case 1:
1204 break;
1205 default:
1206 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1207 version);
1208 code = -1;
1209 goto cleanup;
1210 }
1211
1212 /* Send commands */
1213 for (cmd = commands; cmd; cmd = cmd->next) {
1214 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1215 continue;
1216 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1217 oid_to_hex(&cmd->old_oid),
1218 oid_to_hex(&cmd->new_oid),
1219 cmd->ref_name);
1220 if (code)
1221 break;
1222 }
1223 if (!code)
1224 code = packet_flush_gently(proc.in);
1225 if (code) {
1226 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1227 goto cleanup;
1228 }
1229
1230 /* Send push options */
1231 if (hook_use_push_options) {
1232 struct string_list_item *item;
1233
1234 for_each_string_list_item(item, push_options) {
1235 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1236 if (code)
1237 break;
1238 }
1239 if (!code)
1240 code = packet_flush_gently(proc.in);
1241 if (code) {
1242 strbuf_addstr(&errmsg,
1243 "fail to write push-options to proc-receive hook");
1244 goto cleanup;
1245 }
1246 }
1247
1248 /* Read result from proc-receive */
1249 code = read_proc_receive_report(&reader, commands, &errmsg);
1250
1251 cleanup:
1252 close(proc.in);
1253 close(proc.out);
1254 if (use_sideband)
1255 finish_async(&muxer);
1256 if (finish_command(&proc))
1257 code = -1;
1258 if (errmsg.len >0) {
1259 char *p = errmsg.buf;
1260
1261 p += errmsg.len - 1;
1262 if (*p == '\n')
1263 *p = '\0';
1264 rp_error("%s", errmsg.buf);
1265 strbuf_release(&errmsg);
1266 }
1267 sigchain_pop(SIGPIPE);
1268
1269 return code;
1270 }
1271
1272 static char *refuse_unconfigured_deny_msg =
1273 N_("By default, updating the current branch in a non-bare repository\n"
1274 "is denied, because it will make the index and work tree inconsistent\n"
1275 "with what you pushed, and will require 'git reset --hard' to match\n"
1276 "the work tree to HEAD.\n"
1277 "\n"
1278 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1279 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1280 "its current branch; however, this is not recommended unless you\n"
1281 "arranged to update its work tree to match what you pushed in some\n"
1282 "other way.\n"
1283 "\n"
1284 "To squelch this message and still keep the default behaviour, set\n"
1285 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1286
1287 static void refuse_unconfigured_deny(void)
1288 {
1289 rp_error("%s", _(refuse_unconfigured_deny_msg));
1290 }
1291
1292 static char *refuse_unconfigured_deny_delete_current_msg =
1293 N_("By default, deleting the current branch is denied, because the next\n"
1294 "'git clone' won't result in any file checked out, causing confusion.\n"
1295 "\n"
1296 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1297 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1298 "current branch, with or without a warning message.\n"
1299 "\n"
1300 "To squelch this message, you can set it to 'refuse'.");
1301
1302 static void refuse_unconfigured_deny_delete_current(void)
1303 {
1304 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1305 }
1306
1307 static const struct object_id *command_singleton_iterator(void *cb_data);
1308 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1309 {
1310 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1311 struct oid_array extra = OID_ARRAY_INIT;
1312 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1313 uint32_t mask = 1 << (cmd->index % 32);
1314 int i;
1315
1316 trace_printf_key(&trace_shallow,
1317 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1318 for (i = 0; i < si->shallow->nr; i++)
1319 if (si->used_shallow[i] &&
1320 (si->used_shallow[i][cmd->index / 32] & mask) &&
1321 !delayed_reachability_test(si, i))
1322 oid_array_append(&extra, &si->shallow->oid[i]);
1323
1324 opt.env = tmp_objdir_env(tmp_objdir);
1325 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1326 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1327 rollback_shallow_file(the_repository, &shallow_lock);
1328 oid_array_clear(&extra);
1329 return -1;
1330 }
1331
1332 commit_shallow_file(the_repository, &shallow_lock);
1333
1334 /*
1335 * Make sure setup_alternate_shallow() for the next ref does
1336 * not lose these new roots..
1337 */
1338 for (i = 0; i < extra.nr; i++)
1339 register_shallow(the_repository, &extra.oid[i]);
1340
1341 si->shallow_ref[cmd->index] = 0;
1342 oid_array_clear(&extra);
1343 return 0;
1344 }
1345
1346 /*
1347 * NEEDSWORK: we should consolidate various implementions of "are we
1348 * on an unborn branch?" test into one, and make the unified one more
1349 * robust. !get_sha1() based check used here and elsewhere would not
1350 * allow us to tell an unborn branch from corrupt ref, for example.
1351 * For the purpose of fixing "deploy-to-update does not work when
1352 * pushing into an empty repository" issue, this should suffice for
1353 * now.
1354 */
1355 static int head_has_history(void)
1356 {
1357 struct object_id oid;
1358
1359 return !repo_get_oid(the_repository, "HEAD", &oid);
1360 }
1361
1362 static const char *push_to_deploy(unsigned char *sha1,
1363 struct strvec *env,
1364 const char *work_tree)
1365 {
1366 struct child_process child = CHILD_PROCESS_INIT;
1367
1368 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1369 "--refresh", NULL);
1370 strvec_pushv(&child.env, env->v);
1371 child.dir = work_tree;
1372 child.no_stdin = 1;
1373 child.stdout_to_stderr = 1;
1374 child.git_cmd = 1;
1375 if (run_command(&child))
1376 return "Up-to-date check failed";
1377
1378 /* run_command() does not clean up completely; reinitialize */
1379 child_process_init(&child);
1380 strvec_pushl(&child.args, "diff-files", "--quiet",
1381 "--ignore-submodules", "--", NULL);
1382 strvec_pushv(&child.env, env->v);
1383 child.dir = work_tree;
1384 child.no_stdin = 1;
1385 child.stdout_to_stderr = 1;
1386 child.git_cmd = 1;
1387 if (run_command(&child))
1388 return "Working directory has unstaged changes";
1389
1390 child_process_init(&child);
1391 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1392 "--ignore-submodules",
1393 /* diff-index with either HEAD or an empty tree */
1394 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1395 "--", NULL);
1396 strvec_pushv(&child.env, env->v);
1397 child.no_stdin = 1;
1398 child.no_stdout = 1;
1399 child.stdout_to_stderr = 0;
1400 child.git_cmd = 1;
1401 if (run_command(&child))
1402 return "Working directory has staged changes";
1403
1404 child_process_init(&child);
1405 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1406 NULL);
1407 strvec_pushv(&child.env, env->v);
1408 child.dir = work_tree;
1409 child.no_stdin = 1;
1410 child.no_stdout = 1;
1411 child.stdout_to_stderr = 0;
1412 child.git_cmd = 1;
1413 if (run_command(&child))
1414 return "Could not update working tree to new HEAD";
1415
1416 return NULL;
1417 }
1418
1419 static const char *push_to_checkout_hook = "push-to-checkout";
1420
1421 static const char *push_to_checkout(unsigned char *hash,
1422 int *invoked_hook,
1423 struct strvec *env,
1424 const char *work_tree)
1425 {
1426 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1427 opt.invoked_hook = invoked_hook;
1428
1429 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1430 strvec_pushv(&opt.env, env->v);
1431 strvec_push(&opt.args, hash_to_hex(hash));
1432 if (run_hooks_opt(push_to_checkout_hook, &opt))
1433 return "push-to-checkout hook declined";
1434 else
1435 return NULL;
1436 }
1437
1438 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1439 {
1440 const char *retval, *git_dir;
1441 struct strvec env = STRVEC_INIT;
1442 int invoked_hook;
1443
1444 if (!worktree || !worktree->path)
1445 BUG("worktree->path must be non-NULL");
1446
1447 if (worktree->is_bare)
1448 return "denyCurrentBranch = updateInstead needs a worktree";
1449 git_dir = get_worktree_git_dir(worktree);
1450
1451 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1452
1453 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1454 if (!invoked_hook)
1455 retval = push_to_deploy(sha1, &env, worktree->path);
1456
1457 strvec_clear(&env);
1458 return retval;
1459 }
1460
1461 static const char *update(struct command *cmd, struct shallow_info *si)
1462 {
1463 const char *name = cmd->ref_name;
1464 struct strbuf namespaced_name_buf = STRBUF_INIT;
1465 static char *namespaced_name;
1466 const char *ret;
1467 struct object_id *old_oid = &cmd->old_oid;
1468 struct object_id *new_oid = &cmd->new_oid;
1469 int do_update_worktree = 0;
1470 struct worktree **worktrees = get_worktrees();
1471 const struct worktree *worktree =
1472 find_shared_symref(worktrees, "HEAD", name);
1473
1474 /* only refs/... are allowed */
1475 if (!starts_with(name, "refs/") ||
1476 check_refname_format(name + 5, is_null_oid(new_oid) ?
1477 REFNAME_ALLOW_ONELEVEL : 0)) {
1478 rp_error("refusing to update funny ref '%s' remotely", name);
1479 ret = "funny refname";
1480 goto out;
1481 }
1482
1483 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1484 free(namespaced_name);
1485 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1486
1487 if (worktree && !worktree->is_bare) {
1488 switch (deny_current_branch) {
1489 case DENY_IGNORE:
1490 break;
1491 case DENY_WARN:
1492 rp_warning("updating the current branch");
1493 break;
1494 case DENY_REFUSE:
1495 case DENY_UNCONFIGURED:
1496 rp_error("refusing to update checked out branch: %s", name);
1497 if (deny_current_branch == DENY_UNCONFIGURED)
1498 refuse_unconfigured_deny();
1499 ret = "branch is currently checked out";
1500 goto out;
1501 case DENY_UPDATE_INSTEAD:
1502 /* pass -- let other checks intervene first */
1503 do_update_worktree = 1;
1504 break;
1505 }
1506 }
1507
1508 if (!is_null_oid(new_oid) && !repo_has_object_file(the_repository, new_oid)) {
1509 error("unpack should have generated %s, "
1510 "but I can't find it!", oid_to_hex(new_oid));
1511 ret = "bad pack";
1512 goto out;
1513 }
1514
1515 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1516 if (deny_deletes && starts_with(name, "refs/heads/")) {
1517 rp_error("denying ref deletion for %s", name);
1518 ret = "deletion prohibited";
1519 goto out;
1520 }
1521
1522 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1523 switch (deny_delete_current) {
1524 case DENY_IGNORE:
1525 break;
1526 case DENY_WARN:
1527 rp_warning("deleting the current branch");
1528 break;
1529 case DENY_REFUSE:
1530 case DENY_UNCONFIGURED:
1531 case DENY_UPDATE_INSTEAD:
1532 if (deny_delete_current == DENY_UNCONFIGURED)
1533 refuse_unconfigured_deny_delete_current();
1534 rp_error("refusing to delete the current branch: %s", name);
1535 ret = "deletion of the current branch prohibited";
1536 goto out;
1537 default:
1538 ret = "Invalid denyDeleteCurrent setting";
1539 goto out;
1540 }
1541 }
1542 }
1543
1544 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1545 !is_null_oid(old_oid) &&
1546 starts_with(name, "refs/heads/")) {
1547 struct object *old_object, *new_object;
1548 struct commit *old_commit, *new_commit;
1549
1550 old_object = parse_object(the_repository, old_oid);
1551 new_object = parse_object(the_repository, new_oid);
1552
1553 if (!old_object || !new_object ||
1554 old_object->type != OBJ_COMMIT ||
1555 new_object->type != OBJ_COMMIT) {
1556 error("bad sha1 objects for %s", name);
1557 ret = "bad ref";
1558 goto out;
1559 }
1560 old_commit = (struct commit *)old_object;
1561 new_commit = (struct commit *)new_object;
1562 if (!repo_in_merge_bases(the_repository, old_commit, new_commit)) {
1563 rp_error("denying non-fast-forward %s"
1564 " (you should pull first)", name);
1565 ret = "non-fast-forward";
1566 goto out;
1567 }
1568 }
1569 if (run_update_hook(cmd)) {
1570 rp_error("hook declined to update %s", name);
1571 ret = "hook declined";
1572 goto out;
1573 }
1574
1575 if (do_update_worktree) {
1576 ret = update_worktree(new_oid->hash, worktree);
1577 if (ret)
1578 goto out;
1579 }
1580
1581 if (is_null_oid(new_oid)) {
1582 struct strbuf err = STRBUF_INIT;
1583 if (!parse_object(the_repository, old_oid)) {
1584 old_oid = NULL;
1585 if (ref_exists(name)) {
1586 rp_warning("allowing deletion of corrupt ref");
1587 } else {
1588 rp_warning("deleting a non-existent ref");
1589 cmd->did_not_exist = 1;
1590 }
1591 }
1592 if (ref_transaction_delete(transaction,
1593 namespaced_name,
1594 old_oid,
1595 0, "push", &err)) {
1596 rp_error("%s", err.buf);
1597 ret = "failed to delete";
1598 } else {
1599 ret = NULL; /* good */
1600 }
1601 strbuf_release(&err);
1602 }
1603 else {
1604 struct strbuf err = STRBUF_INIT;
1605 if (shallow_update && si->shallow_ref[cmd->index] &&
1606 update_shallow_ref(cmd, si)) {
1607 ret = "shallow error";
1608 goto out;
1609 }
1610
1611 if (ref_transaction_update(transaction,
1612 namespaced_name,
1613 new_oid, old_oid,
1614 0, "push",
1615 &err)) {
1616 rp_error("%s", err.buf);
1617 ret = "failed to update ref";
1618 } else {
1619 ret = NULL; /* good */
1620 }
1621 strbuf_release(&err);
1622 }
1623
1624 out:
1625 free_worktrees(worktrees);
1626 return ret;
1627 }
1628
1629 static void run_update_post_hook(struct command *commands)
1630 {
1631 struct command *cmd;
1632 struct child_process proc = CHILD_PROCESS_INIT;
1633 const char *hook;
1634
1635 hook = find_hook("post-update");
1636 if (!hook)
1637 return;
1638
1639 for (cmd = commands; cmd; cmd = cmd->next) {
1640 if (cmd->error_string || cmd->did_not_exist)
1641 continue;
1642 if (!proc.args.nr)
1643 strvec_push(&proc.args, hook);
1644 strvec_push(&proc.args, cmd->ref_name);
1645 }
1646 if (!proc.args.nr)
1647 return;
1648
1649 proc.no_stdin = 1;
1650 proc.stdout_to_stderr = 1;
1651 proc.err = use_sideband ? -1 : 0;
1652 proc.trace2_hook_name = "post-update";
1653
1654 if (!start_command(&proc)) {
1655 if (use_sideband)
1656 copy_to_sideband(proc.err, -1, NULL);
1657 finish_command(&proc);
1658 }
1659 }
1660
1661 static void check_aliased_update_internal(struct command *cmd,
1662 struct string_list *list,
1663 const char *dst_name, int flag)
1664 {
1665 struct string_list_item *item;
1666 struct command *dst_cmd;
1667
1668 if (!(flag & REF_ISSYMREF))
1669 return;
1670
1671 if (!dst_name) {
1672 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1673 cmd->skip_update = 1;
1674 cmd->error_string = "broken symref";
1675 return;
1676 }
1677 dst_name = strip_namespace(dst_name);
1678
1679 if (!(item = string_list_lookup(list, dst_name)))
1680 return;
1681
1682 cmd->skip_update = 1;
1683
1684 dst_cmd = (struct command *) item->util;
1685
1686 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1687 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1688 return;
1689
1690 dst_cmd->skip_update = 1;
1691
1692 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1693 " its target '%s' (%s..%s)",
1694 cmd->ref_name,
1695 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1696 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1697 dst_cmd->ref_name,
1698 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1699 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1700
1701 cmd->error_string = dst_cmd->error_string =
1702 "inconsistent aliased update";
1703 }
1704
1705 static void check_aliased_update(struct command *cmd, struct string_list *list)
1706 {
1707 struct strbuf buf = STRBUF_INIT;
1708 const char *dst_name;
1709 int flag;
1710
1711 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1712 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1713 check_aliased_update_internal(cmd, list, dst_name, flag);
1714 strbuf_release(&buf);
1715 }
1716
1717 static void check_aliased_updates(struct command *commands)
1718 {
1719 struct command *cmd;
1720 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1721
1722 for (cmd = commands; cmd; cmd = cmd->next) {
1723 struct string_list_item *item =
1724 string_list_append(&ref_list, cmd->ref_name);
1725 item->util = (void *)cmd;
1726 }
1727 string_list_sort(&ref_list);
1728
1729 for (cmd = commands; cmd; cmd = cmd->next) {
1730 if (!cmd->error_string)
1731 check_aliased_update(cmd, &ref_list);
1732 }
1733
1734 string_list_clear(&ref_list, 0);
1735 }
1736
1737 static const struct object_id *command_singleton_iterator(void *cb_data)
1738 {
1739 struct command **cmd_list = cb_data;
1740 struct command *cmd = *cmd_list;
1741
1742 if (!cmd || is_null_oid(&cmd->new_oid))
1743 return NULL;
1744 *cmd_list = NULL; /* this returns only one */
1745 return &cmd->new_oid;
1746 }
1747
1748 static void set_connectivity_errors(struct command *commands,
1749 struct shallow_info *si)
1750 {
1751 struct command *cmd;
1752
1753 for (cmd = commands; cmd; cmd = cmd->next) {
1754 struct command *singleton = cmd;
1755 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1756
1757 if (shallow_update && si->shallow_ref[cmd->index])
1758 /* to be checked in update_shallow_ref() */
1759 continue;
1760
1761 opt.env = tmp_objdir_env(tmp_objdir);
1762 if (!check_connected(command_singleton_iterator, &singleton,
1763 &opt))
1764 continue;
1765
1766 cmd->error_string = "missing necessary objects";
1767 }
1768 }
1769
1770 struct iterate_data {
1771 struct command *cmds;
1772 struct shallow_info *si;
1773 };
1774
1775 static const struct object_id *iterate_receive_command_list(void *cb_data)
1776 {
1777 struct iterate_data *data = cb_data;
1778 struct command **cmd_list = &data->cmds;
1779 struct command *cmd = *cmd_list;
1780
1781 for (; cmd; cmd = cmd->next) {
1782 if (shallow_update && data->si->shallow_ref[cmd->index])
1783 /* to be checked in update_shallow_ref() */
1784 continue;
1785 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1786 *cmd_list = cmd->next;
1787 return &cmd->new_oid;
1788 }
1789 }
1790 return NULL;
1791 }
1792
1793 static void reject_updates_to_hidden(struct command *commands)
1794 {
1795 struct strbuf refname_full = STRBUF_INIT;
1796 size_t prefix_len;
1797 struct command *cmd;
1798
1799 strbuf_addstr(&refname_full, get_git_namespace());
1800 prefix_len = refname_full.len;
1801
1802 for (cmd = commands; cmd; cmd = cmd->next) {
1803 if (cmd->error_string)
1804 continue;
1805
1806 strbuf_setlen(&refname_full, prefix_len);
1807 strbuf_addstr(&refname_full, cmd->ref_name);
1808
1809 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1810 continue;
1811 if (is_null_oid(&cmd->new_oid))
1812 cmd->error_string = "deny deleting a hidden ref";
1813 else
1814 cmd->error_string = "deny updating a hidden ref";
1815 }
1816
1817 strbuf_release(&refname_full);
1818 }
1819
1820 static int should_process_cmd(struct command *cmd)
1821 {
1822 return !cmd->error_string && !cmd->skip_update;
1823 }
1824
1825 static void BUG_if_skipped_connectivity_check(struct command *commands,
1826 struct shallow_info *si)
1827 {
1828 struct command *cmd;
1829
1830 for (cmd = commands; cmd; cmd = cmd->next) {
1831 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1832 bug("connectivity check has not been run on ref %s",
1833 cmd->ref_name);
1834 }
1835 BUG_if_bug("connectivity check skipped???");
1836 }
1837
1838 static void execute_commands_non_atomic(struct command *commands,
1839 struct shallow_info *si)
1840 {
1841 struct command *cmd;
1842 struct strbuf err = STRBUF_INIT;
1843
1844 for (cmd = commands; cmd; cmd = cmd->next) {
1845 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1846 continue;
1847
1848 transaction = ref_transaction_begin(&err);
1849 if (!transaction) {
1850 rp_error("%s", err.buf);
1851 strbuf_reset(&err);
1852 cmd->error_string = "transaction failed to start";
1853 continue;
1854 }
1855
1856 cmd->error_string = update(cmd, si);
1857
1858 if (!cmd->error_string
1859 && ref_transaction_commit(transaction, &err)) {
1860 rp_error("%s", err.buf);
1861 strbuf_reset(&err);
1862 cmd->error_string = "failed to update ref";
1863 }
1864 ref_transaction_free(transaction);
1865 }
1866 strbuf_release(&err);
1867 }
1868
1869 static void execute_commands_atomic(struct command *commands,
1870 struct shallow_info *si)
1871 {
1872 struct command *cmd;
1873 struct strbuf err = STRBUF_INIT;
1874 const char *reported_error = "atomic push failure";
1875
1876 transaction = ref_transaction_begin(&err);
1877 if (!transaction) {
1878 rp_error("%s", err.buf);
1879 strbuf_reset(&err);
1880 reported_error = "transaction failed to start";
1881 goto failure;
1882 }
1883
1884 for (cmd = commands; cmd; cmd = cmd->next) {
1885 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1886 continue;
1887
1888 cmd->error_string = update(cmd, si);
1889
1890 if (cmd->error_string)
1891 goto failure;
1892 }
1893
1894 if (ref_transaction_commit(transaction, &err)) {
1895 rp_error("%s", err.buf);
1896 reported_error = "atomic transaction failed";
1897 goto failure;
1898 }
1899 goto cleanup;
1900
1901 failure:
1902 for (cmd = commands; cmd; cmd = cmd->next)
1903 if (!cmd->error_string)
1904 cmd->error_string = reported_error;
1905
1906 cleanup:
1907 ref_transaction_free(transaction);
1908 strbuf_release(&err);
1909 }
1910
1911 static void execute_commands(struct command *commands,
1912 const char *unpacker_error,
1913 struct shallow_info *si,
1914 const struct string_list *push_options)
1915 {
1916 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1917 struct command *cmd;
1918 struct iterate_data data;
1919 struct async muxer;
1920 int err_fd = 0;
1921 int run_proc_receive = 0;
1922
1923 if (unpacker_error) {
1924 for (cmd = commands; cmd; cmd = cmd->next)
1925 cmd->error_string = "unpacker error";
1926 return;
1927 }
1928
1929 if (use_sideband) {
1930 memset(&muxer, 0, sizeof(muxer));
1931 muxer.proc = copy_to_sideband;
1932 muxer.in = -1;
1933 if (!start_async(&muxer))
1934 err_fd = muxer.in;
1935 /* ...else, continue without relaying sideband */
1936 }
1937
1938 data.cmds = commands;
1939 data.si = si;
1940 opt.err_fd = err_fd;
1941 opt.progress = err_fd && !quiet;
1942 opt.env = tmp_objdir_env(tmp_objdir);
1943 opt.exclude_hidden_refs_section = "receive";
1944
1945 if (check_connected(iterate_receive_command_list, &data, &opt))
1946 set_connectivity_errors(commands, si);
1947
1948 if (use_sideband)
1949 finish_async(&muxer);
1950
1951 reject_updates_to_hidden(commands);
1952
1953 /*
1954 * Try to find commands that have special prefix in their reference names,
1955 * and mark them to run an external "proc-receive" hook later.
1956 */
1957 if (proc_receive_ref) {
1958 for (cmd = commands; cmd; cmd = cmd->next) {
1959 if (!should_process_cmd(cmd))
1960 continue;
1961
1962 if (proc_receive_ref_matches(cmd)) {
1963 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1964 run_proc_receive = 1;
1965 }
1966 }
1967 }
1968
1969 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1970 for (cmd = commands; cmd; cmd = cmd->next) {
1971 if (!cmd->error_string)
1972 cmd->error_string = "pre-receive hook declined";
1973 }
1974 return;
1975 }
1976
1977 /*
1978 * If there is no command ready to run, should return directly to destroy
1979 * temporary data in the quarantine area.
1980 */
1981 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1982 ; /* nothing */
1983 if (!cmd)
1984 return;
1985
1986 /*
1987 * Now we'll start writing out refs, which means the objects need
1988 * to be in their final positions so that other processes can see them.
1989 */
1990 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1991 for (cmd = commands; cmd; cmd = cmd->next) {
1992 if (!cmd->error_string)
1993 cmd->error_string = "unable to migrate objects to permanent storage";
1994 }
1995 return;
1996 }
1997 tmp_objdir = NULL;
1998
1999 check_aliased_updates(commands);
2000
2001 free(head_name_to_free);
2002 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
2003
2004 if (run_proc_receive &&
2005 run_proc_receive_hook(commands, push_options))
2006 for (cmd = commands; cmd; cmd = cmd->next)
2007 if (!cmd->error_string &&
2008 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2009 (cmd->run_proc_receive || use_atomic))
2010 cmd->error_string = "fail to run proc-receive hook";
2011
2012 if (use_atomic)
2013 execute_commands_atomic(commands, si);
2014 else
2015 execute_commands_non_atomic(commands, si);
2016
2017 if (shallow_update)
2018 BUG_if_skipped_connectivity_check(commands, si);
2019 }
2020
2021 static struct command **queue_command(struct command **tail,
2022 const char *line,
2023 int linelen)
2024 {
2025 struct object_id old_oid, new_oid;
2026 struct command *cmd;
2027 const char *refname;
2028 int reflen;
2029 const char *p;
2030
2031 if (parse_oid_hex(line, &old_oid, &p) ||
2032 *p++ != ' ' ||
2033 parse_oid_hex(p, &new_oid, &p) ||
2034 *p++ != ' ')
2035 die("protocol error: expected old/new/ref, got '%s'", line);
2036
2037 refname = p;
2038 reflen = linelen - (p - line);
2039 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2040 oidcpy(&cmd->old_oid, &old_oid);
2041 oidcpy(&cmd->new_oid, &new_oid);
2042 *tail = cmd;
2043 return &cmd->next;
2044 }
2045
2046 static void free_commands(struct command *commands)
2047 {
2048 while (commands) {
2049 struct command *next = commands->next;
2050
2051 free(commands);
2052 commands = next;
2053 }
2054 }
2055
2056 static void queue_commands_from_cert(struct command **tail,
2057 struct strbuf *push_cert)
2058 {
2059 const char *boc, *eoc;
2060
2061 if (*tail)
2062 die("protocol error: got both push certificate and unsigned commands");
2063
2064 boc = strstr(push_cert->buf, "\n\n");
2065 if (!boc)
2066 die("malformed push certificate %.*s", 100, push_cert->buf);
2067 else
2068 boc += 2;
2069 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2070
2071 while (boc < eoc) {
2072 const char *eol = memchr(boc, '\n', eoc - boc);
2073 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2074 boc = eol ? eol + 1 : eoc;
2075 }
2076 }
2077
2078 static struct command *read_head_info(struct packet_reader *reader,
2079 struct oid_array *shallow)
2080 {
2081 struct command *commands = NULL;
2082 struct command **p = &commands;
2083 for (;;) {
2084 int linelen;
2085
2086 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2087 break;
2088
2089 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2090 struct object_id oid;
2091 if (get_oid_hex(reader->line + 8, &oid))
2092 die("protocol error: expected shallow sha, got '%s'",
2093 reader->line + 8);
2094 oid_array_append(shallow, &oid);
2095 continue;
2096 }
2097
2098 linelen = strlen(reader->line);
2099 if (linelen < reader->pktlen) {
2100 const char *feature_list = reader->line + linelen + 1;
2101 const char *hash = NULL;
2102 const char *client_sid;
2103 size_t len = 0;
2104 if (parse_feature_request(feature_list, "report-status"))
2105 report_status = 1;
2106 if (parse_feature_request(feature_list, "report-status-v2"))
2107 report_status_v2 = 1;
2108 if (parse_feature_request(feature_list, "side-band-64k"))
2109 use_sideband = LARGE_PACKET_MAX;
2110 if (parse_feature_request(feature_list, "quiet"))
2111 quiet = 1;
2112 if (advertise_atomic_push
2113 && parse_feature_request(feature_list, "atomic"))
2114 use_atomic = 1;
2115 if (advertise_push_options
2116 && parse_feature_request(feature_list, "push-options"))
2117 use_push_options = 1;
2118 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2119 if (!hash) {
2120 hash = hash_algos[GIT_HASH_SHA1].name;
2121 len = strlen(hash);
2122 }
2123 if (xstrncmpz(the_hash_algo->name, hash, len))
2124 die("error: unsupported object format '%s'", hash);
2125 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2126 if (client_sid) {
2127 char *sid = xstrndup(client_sid, len);
2128 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2129 free(sid);
2130 }
2131 }
2132
2133 if (!strcmp(reader->line, "push-cert")) {
2134 int true_flush = 0;
2135 int saved_options = reader->options;
2136 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2137
2138 for (;;) {
2139 packet_reader_read(reader);
2140 if (reader->status == PACKET_READ_FLUSH) {
2141 true_flush = 1;
2142 break;
2143 }
2144 if (reader->status != PACKET_READ_NORMAL) {
2145 die("protocol error: got an unexpected packet");
2146 }
2147 if (!strcmp(reader->line, "push-cert-end\n"))
2148 break; /* end of cert */
2149 strbuf_addstr(&push_cert, reader->line);
2150 }
2151 reader->options = saved_options;
2152
2153 if (true_flush)
2154 break;
2155 continue;
2156 }
2157
2158 p = queue_command(p, reader->line, linelen);
2159 }
2160
2161 if (push_cert.len)
2162 queue_commands_from_cert(p, &push_cert);
2163
2164 return commands;
2165 }
2166
2167 static void read_push_options(struct packet_reader *reader,
2168 struct string_list *options)
2169 {
2170 while (1) {
2171 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2172 break;
2173
2174 string_list_append(options, reader->line);
2175 }
2176 }
2177
2178 static const char *parse_pack_header(struct pack_header *hdr)
2179 {
2180 switch (read_pack_header(0, hdr)) {
2181 case PH_ERROR_EOF:
2182 return "eof before pack header was fully read";
2183
2184 case PH_ERROR_PACK_SIGNATURE:
2185 return "protocol error (pack signature mismatch detected)";
2186
2187 case PH_ERROR_PROTOCOL:
2188 return "protocol error (pack version unsupported)";
2189
2190 default:
2191 return "unknown error in parse_pack_header";
2192
2193 case 0:
2194 return NULL;
2195 }
2196 }
2197
2198 static struct tempfile *pack_lockfile;
2199
2200 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2201 {
2202 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2203 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2204 }
2205
2206 static const char *unpack(int err_fd, struct shallow_info *si)
2207 {
2208 struct pack_header hdr;
2209 const char *hdr_err;
2210 int status;
2211 struct child_process child = CHILD_PROCESS_INIT;
2212 int fsck_objects = (receive_fsck_objects >= 0
2213 ? receive_fsck_objects
2214 : transfer_fsck_objects >= 0
2215 ? transfer_fsck_objects
2216 : 0);
2217
2218 hdr_err = parse_pack_header(&hdr);
2219 if (hdr_err) {
2220 if (err_fd > 0)
2221 close(err_fd);
2222 return hdr_err;
2223 }
2224
2225 if (si->nr_ours || si->nr_theirs) {
2226 alt_shallow_file = setup_temporary_shallow(si->shallow);
2227 strvec_push(&child.args, "--shallow-file");
2228 strvec_push(&child.args, alt_shallow_file);
2229 }
2230
2231 tmp_objdir = tmp_objdir_create("incoming");
2232 if (!tmp_objdir) {
2233 if (err_fd > 0)
2234 close(err_fd);
2235 return "unable to create temporary object directory";
2236 }
2237 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2238
2239 /*
2240 * Normally we just pass the tmp_objdir environment to the child
2241 * processes that do the heavy lifting, but we may need to see these
2242 * objects ourselves to set up shallow information.
2243 */
2244 tmp_objdir_add_as_alternate(tmp_objdir);
2245
2246 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2247 strvec_push(&child.args, "unpack-objects");
2248 push_header_arg(&child.args, &hdr);
2249 if (quiet)
2250 strvec_push(&child.args, "-q");
2251 if (fsck_objects)
2252 strvec_pushf(&child.args, "--strict%s",
2253 fsck_msg_types.buf);
2254 if (max_input_size)
2255 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2256 (uintmax_t)max_input_size);
2257 child.no_stdout = 1;
2258 child.err = err_fd;
2259 child.git_cmd = 1;
2260 status = run_command(&child);
2261 if (status)
2262 return "unpack-objects abnormal exit";
2263 } else {
2264 char hostname[HOST_NAME_MAX + 1];
2265 char *lockfile;
2266
2267 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2268 push_header_arg(&child.args, &hdr);
2269
2270 if (xgethostname(hostname, sizeof(hostname)))
2271 xsnprintf(hostname, sizeof(hostname), "localhost");
2272 strvec_pushf(&child.args,
2273 "--keep=receive-pack %"PRIuMAX" on %s",
2274 (uintmax_t)getpid(),
2275 hostname);
2276
2277 if (!quiet && err_fd)
2278 strvec_push(&child.args, "--show-resolving-progress");
2279 if (use_sideband)
2280 strvec_push(&child.args, "--report-end-of-input");
2281 if (fsck_objects)
2282 strvec_pushf(&child.args, "--strict%s",
2283 fsck_msg_types.buf);
2284 if (!reject_thin)
2285 strvec_push(&child.args, "--fix-thin");
2286 if (max_input_size)
2287 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2288 (uintmax_t)max_input_size);
2289 child.out = -1;
2290 child.err = err_fd;
2291 child.git_cmd = 1;
2292 status = start_command(&child);
2293 if (status)
2294 return "index-pack fork failed";
2295
2296 lockfile = index_pack_lockfile(child.out, NULL);
2297 if (lockfile) {
2298 pack_lockfile = register_tempfile(lockfile);
2299 free(lockfile);
2300 }
2301 close(child.out);
2302
2303 status = finish_command(&child);
2304 if (status)
2305 return "index-pack abnormal exit";
2306 reprepare_packed_git(the_repository);
2307 }
2308 return NULL;
2309 }
2310
2311 static const char *unpack_with_sideband(struct shallow_info *si)
2312 {
2313 struct async muxer;
2314 const char *ret;
2315
2316 if (!use_sideband)
2317 return unpack(0, si);
2318
2319 use_keepalive = KEEPALIVE_AFTER_NUL;
2320 memset(&muxer, 0, sizeof(muxer));
2321 muxer.proc = copy_to_sideband;
2322 muxer.in = -1;
2323 if (start_async(&muxer))
2324 return NULL;
2325
2326 ret = unpack(muxer.in, si);
2327
2328 finish_async(&muxer);
2329 return ret;
2330 }
2331
2332 static void prepare_shallow_update(struct shallow_info *si)
2333 {
2334 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2335
2336 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2337 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2338
2339 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2340 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2341 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2342
2343 for (i = 0; i < si->nr_ours; i++)
2344 si->need_reachability_test[si->ours[i]] = 1;
2345
2346 for (i = 0; i < si->shallow->nr; i++) {
2347 if (!si->used_shallow[i])
2348 continue;
2349 for (j = 0; j < bitmap_size; j++) {
2350 if (!si->used_shallow[i][j])
2351 continue;
2352 si->need_reachability_test[i]++;
2353 for (k = 0; k < 32; k++)
2354 if (si->used_shallow[i][j] & (1U << k))
2355 si->shallow_ref[j * 32 + k]++;
2356 }
2357
2358 /*
2359 * true for those associated with some refs and belong
2360 * in "ours" list aka "step 7 not done yet"
2361 */
2362 si->need_reachability_test[i] =
2363 si->need_reachability_test[i] > 1;
2364 }
2365
2366 /*
2367 * keep hooks happy by forcing a temporary shallow file via
2368 * env variable because we can't add --shallow-file to every
2369 * command. check_connected() will be done with
2370 * true .git/shallow though.
2371 */
2372 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2373 }
2374
2375 static void update_shallow_info(struct command *commands,
2376 struct shallow_info *si,
2377 struct oid_array *ref)
2378 {
2379 struct command *cmd;
2380 int *ref_status;
2381 remove_nonexistent_theirs_shallow(si);
2382 if (!si->nr_ours && !si->nr_theirs) {
2383 shallow_update = 0;
2384 return;
2385 }
2386
2387 for (cmd = commands; cmd; cmd = cmd->next) {
2388 if (is_null_oid(&cmd->new_oid))
2389 continue;
2390 oid_array_append(ref, &cmd->new_oid);
2391 cmd->index = ref->nr - 1;
2392 }
2393 si->ref = ref;
2394
2395 if (shallow_update) {
2396 prepare_shallow_update(si);
2397 return;
2398 }
2399
2400 ALLOC_ARRAY(ref_status, ref->nr);
2401 assign_shallow_commits_to_refs(si, NULL, ref_status);
2402 for (cmd = commands; cmd; cmd = cmd->next) {
2403 if (is_null_oid(&cmd->new_oid))
2404 continue;
2405 if (ref_status[cmd->index]) {
2406 cmd->error_string = "shallow update not allowed";
2407 cmd->skip_update = 1;
2408 }
2409 }
2410 free(ref_status);
2411 }
2412
2413 static void report(struct command *commands, const char *unpack_status)
2414 {
2415 struct command *cmd;
2416 struct strbuf buf = STRBUF_INIT;
2417
2418 packet_buf_write(&buf, "unpack %s\n",
2419 unpack_status ? unpack_status : "ok");
2420 for (cmd = commands; cmd; cmd = cmd->next) {
2421 if (!cmd->error_string)
2422 packet_buf_write(&buf, "ok %s\n",
2423 cmd->ref_name);
2424 else
2425 packet_buf_write(&buf, "ng %s %s\n",
2426 cmd->ref_name, cmd->error_string);
2427 }
2428 packet_buf_flush(&buf);
2429
2430 if (use_sideband)
2431 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2432 else
2433 write_or_die(1, buf.buf, buf.len);
2434 strbuf_release(&buf);
2435 }
2436
2437 static void report_v2(struct command *commands, const char *unpack_status)
2438 {
2439 struct command *cmd;
2440 struct strbuf buf = STRBUF_INIT;
2441 struct ref_push_report *report;
2442
2443 packet_buf_write(&buf, "unpack %s\n",
2444 unpack_status ? unpack_status : "ok");
2445 for (cmd = commands; cmd; cmd = cmd->next) {
2446 int count = 0;
2447
2448 if (cmd->error_string) {
2449 packet_buf_write(&buf, "ng %s %s\n",
2450 cmd->ref_name,
2451 cmd->error_string);
2452 continue;
2453 }
2454 packet_buf_write(&buf, "ok %s\n",
2455 cmd->ref_name);
2456 for (report = cmd->report; report; report = report->next) {
2457 if (count++ > 0)
2458 packet_buf_write(&buf, "ok %s\n",
2459 cmd->ref_name);
2460 if (report->ref_name)
2461 packet_buf_write(&buf, "option refname %s\n",
2462 report->ref_name);
2463 if (report->old_oid)
2464 packet_buf_write(&buf, "option old-oid %s\n",
2465 oid_to_hex(report->old_oid));
2466 if (report->new_oid)
2467 packet_buf_write(&buf, "option new-oid %s\n",
2468 oid_to_hex(report->new_oid));
2469 if (report->forced_update)
2470 packet_buf_write(&buf, "option forced-update\n");
2471 }
2472 }
2473 packet_buf_flush(&buf);
2474
2475 if (use_sideband)
2476 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2477 else
2478 write_or_die(1, buf.buf, buf.len);
2479 strbuf_release(&buf);
2480 }
2481
2482 static int delete_only(struct command *commands)
2483 {
2484 struct command *cmd;
2485 for (cmd = commands; cmd; cmd = cmd->next) {
2486 if (!is_null_oid(&cmd->new_oid))
2487 return 0;
2488 }
2489 return 1;
2490 }
2491
2492 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2493 {
2494 int advertise_refs = 0;
2495 struct command *commands;
2496 struct oid_array shallow = OID_ARRAY_INIT;
2497 struct oid_array ref = OID_ARRAY_INIT;
2498 struct shallow_info si;
2499 struct packet_reader reader;
2500
2501 struct option options[] = {
2502 OPT__QUIET(&quiet, N_("quiet")),
2503 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2504 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2505 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2506 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2507 OPT_END()
2508 };
2509
2510 packet_trace_identity("receive-pack");
2511
2512 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2513
2514 if (argc > 1)
2515 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2516 if (argc == 0)
2517 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2518
2519 service_dir = argv[0];
2520
2521 setup_path();
2522
2523 if (!enter_repo(service_dir, 0))
2524 die("'%s' does not appear to be a git repository", service_dir);
2525
2526 git_config(receive_pack_config, NULL);
2527 if (cert_nonce_seed)
2528 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2529
2530 if (0 <= receive_unpack_limit)
2531 unpack_limit = receive_unpack_limit;
2532 else if (0 <= transfer_unpack_limit)
2533 unpack_limit = transfer_unpack_limit;
2534
2535 switch (determine_protocol_version_server()) {
2536 case protocol_v2:
2537 /*
2538 * push support for protocol v2 has not been implemented yet,
2539 * so ignore the request to use v2 and fallback to using v0.
2540 */
2541 break;
2542 case protocol_v1:
2543 /*
2544 * v1 is just the original protocol with a version string,
2545 * so just fall through after writing the version string.
2546 */
2547 if (advertise_refs || !stateless_rpc)
2548 packet_write_fmt(1, "version 1\n");
2549
2550 /* fallthrough */
2551 case protocol_v0:
2552 break;
2553 case protocol_unknown_version:
2554 BUG("unknown protocol version");
2555 }
2556
2557 if (advertise_refs || !stateless_rpc) {
2558 write_head_info();
2559 }
2560 if (advertise_refs)
2561 return 0;
2562
2563 packet_reader_init(&reader, 0, NULL, 0,
2564 PACKET_READ_CHOMP_NEWLINE |
2565 PACKET_READ_DIE_ON_ERR_PACKET);
2566
2567 if ((commands = read_head_info(&reader, &shallow))) {
2568 const char *unpack_status = NULL;
2569 struct string_list push_options = STRING_LIST_INIT_DUP;
2570
2571 if (use_push_options)
2572 read_push_options(&reader, &push_options);
2573 if (!check_cert_push_options(&push_options)) {
2574 struct command *cmd;
2575 for (cmd = commands; cmd; cmd = cmd->next)
2576 cmd->error_string = "inconsistent push options";
2577 }
2578
2579 prepare_shallow_info(&si, &shallow);
2580 if (!si.nr_ours && !si.nr_theirs)
2581 shallow_update = 0;
2582 if (!delete_only(commands)) {
2583 unpack_status = unpack_with_sideband(&si);
2584 update_shallow_info(commands, &si, &ref);
2585 }
2586 use_keepalive = KEEPALIVE_ALWAYS;
2587 execute_commands(commands, unpack_status, &si,
2588 &push_options);
2589 delete_tempfile(&pack_lockfile);
2590 sigchain_push(SIGPIPE, SIG_IGN);
2591 if (report_status_v2)
2592 report_v2(commands, unpack_status);
2593 else if (report_status)
2594 report(commands, unpack_status);
2595 sigchain_pop(SIGPIPE);
2596 run_receive_hook(commands, "post-receive", 1,
2597 &push_options);
2598 run_update_post_hook(commands);
2599 free_commands(commands);
2600 string_list_clear(&push_options, 0);
2601 if (auto_gc) {
2602 struct child_process proc = CHILD_PROCESS_INIT;
2603
2604 proc.no_stdin = 1;
2605 proc.stdout_to_stderr = 1;
2606 proc.err = use_sideband ? -1 : 0;
2607 proc.git_cmd = proc.close_object_store = 1;
2608 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2609 NULL);
2610
2611 if (!start_command(&proc)) {
2612 if (use_sideband)
2613 copy_to_sideband(proc.err, -1, NULL);
2614 finish_command(&proc);
2615 }
2616 }
2617 if (auto_update_server_info)
2618 update_server_info(0);
2619 clear_shallow_info(&si);
2620 }
2621 if (use_sideband)
2622 packet_flush(1);
2623 oid_array_clear(&shallow);
2624 oid_array_clear(&ref);
2625 strvec_clear(&hidden_refs);
2626 free((void *)push_cert_nonce);
2627 return 0;
2628 }
Unnamed repository; edit this file 'description' to name the repository.