]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
wrapper.h: move declarations for wrapper.c functions from cache.h
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "gettext.h"
6 #include "hex.h"
7 #include "lockfile.h"
8 #include "pack.h"
9 #include "refs.h"
10 #include "pkt-line.h"
11 #include "sideband.h"
12 #include "run-command.h"
13 #include "hook.h"
14 #include "exec-cmd.h"
15 #include "commit.h"
16 #include "object.h"
17 #include "remote.h"
18 #include "connect.h"
19 #include "string-list.h"
20 #include "oid-array.h"
21 #include "connected.h"
22 #include "strvec.h"
23 #include "version.h"
24 #include "tag.h"
25 #include "gpg-interface.h"
26 #include "sigchain.h"
27 #include "fsck.h"
28 #include "tmp-objdir.h"
29 #include "oidset.h"
30 #include "packfile.h"
31 #include "object-store.h"
32 #include "protocol.h"
33 #include "commit-reach.h"
34 #include "worktree.h"
35 #include "shallow.h"
36 #include "wrapper.h"
37
38 static const char * const receive_pack_usage[] = {
39 N_("git receive-pack <git-dir>"),
40 NULL
41 };
42
43 enum deny_action {
44 DENY_UNCONFIGURED,
45 DENY_IGNORE,
46 DENY_WARN,
47 DENY_REFUSE,
48 DENY_UPDATE_INSTEAD
49 };
50
51 static int deny_deletes;
52 static int deny_non_fast_forwards;
53 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
54 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
55 static int receive_fsck_objects = -1;
56 static int transfer_fsck_objects = -1;
57 static struct strbuf fsck_msg_types = STRBUF_INIT;
58 static int receive_unpack_limit = -1;
59 static int transfer_unpack_limit = -1;
60 static int advertise_atomic_push = 1;
61 static int advertise_push_options;
62 static int advertise_sid;
63 static int unpack_limit = 100;
64 static off_t max_input_size;
65 static int report_status;
66 static int report_status_v2;
67 static int use_sideband;
68 static int use_atomic;
69 static int use_push_options;
70 static int quiet;
71 static int prefer_ofs_delta = 1;
72 static int auto_update_server_info;
73 static int auto_gc = 1;
74 static int reject_thin;
75 static int stateless_rpc;
76 static const char *service_dir;
77 static const char *head_name;
78 static void *head_name_to_free;
79 static int sent_capabilities;
80 static int shallow_update;
81 static const char *alt_shallow_file;
82 static struct strbuf push_cert = STRBUF_INIT;
83 static struct object_id push_cert_oid;
84 static struct signature_check sigcheck;
85 static const char *push_cert_nonce;
86 static const char *cert_nonce_seed;
87 static struct string_list hidden_refs = STRING_LIST_INIT_DUP;
88
89 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
90 static const char *NONCE_BAD = "BAD";
91 static const char *NONCE_MISSING = "MISSING";
92 static const char *NONCE_OK = "OK";
93 static const char *NONCE_SLOP = "SLOP";
94 static const char *nonce_status;
95 static long nonce_stamp_slop;
96 static timestamp_t nonce_stamp_slop_limit;
97 static struct ref_transaction *transaction;
98
99 static enum {
100 KEEPALIVE_NEVER = 0,
101 KEEPALIVE_AFTER_NUL,
102 KEEPALIVE_ALWAYS
103 } use_keepalive;
104 static int keepalive_in_sec = 5;
105
106 static struct tmp_objdir *tmp_objdir;
107
108 static struct proc_receive_ref {
109 unsigned int want_add:1,
110 want_delete:1,
111 want_modify:1,
112 negative_ref:1;
113 char *ref_prefix;
114 struct proc_receive_ref *next;
115 } *proc_receive_ref;
116
117 static void proc_receive_ref_append(const char *prefix);
118
119 static enum deny_action parse_deny_action(const char *var, const char *value)
120 {
121 if (value) {
122 if (!strcasecmp(value, "ignore"))
123 return DENY_IGNORE;
124 if (!strcasecmp(value, "warn"))
125 return DENY_WARN;
126 if (!strcasecmp(value, "refuse"))
127 return DENY_REFUSE;
128 if (!strcasecmp(value, "updateinstead"))
129 return DENY_UPDATE_INSTEAD;
130 }
131 if (git_config_bool(var, value))
132 return DENY_REFUSE;
133 return DENY_IGNORE;
134 }
135
136 static int receive_pack_config(const char *var, const char *value, void *cb)
137 {
138 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
139
140 if (status)
141 return status;
142
143 if (strcmp(var, "receive.denydeletes") == 0) {
144 deny_deletes = git_config_bool(var, value);
145 return 0;
146 }
147
148 if (strcmp(var, "receive.denynonfastforwards") == 0) {
149 deny_non_fast_forwards = git_config_bool(var, value);
150 return 0;
151 }
152
153 if (strcmp(var, "receive.unpacklimit") == 0) {
154 receive_unpack_limit = git_config_int(var, value);
155 return 0;
156 }
157
158 if (strcmp(var, "transfer.unpacklimit") == 0) {
159 transfer_unpack_limit = git_config_int(var, value);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsck.skiplist") == 0) {
164 const char *path;
165
166 if (git_config_pathname(&path, var, value))
167 return 1;
168 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
169 fsck_msg_types.len ? ',' : '=', path);
170 free((char *)path);
171 return 0;
172 }
173
174 if (skip_prefix(var, "receive.fsck.", &var)) {
175 if (is_valid_msg_type(var, value))
176 strbuf_addf(&fsck_msg_types, "%c%s=%s",
177 fsck_msg_types.len ? ',' : '=', var, value);
178 else
179 warning("skipping unknown msg id '%s'", var);
180 return 0;
181 }
182
183 if (strcmp(var, "receive.fsckobjects") == 0) {
184 receive_fsck_objects = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "transfer.fsckobjects") == 0) {
189 transfer_fsck_objects = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (!strcmp(var, "receive.denycurrentbranch")) {
194 deny_current_branch = parse_deny_action(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.denydeletecurrent") == 0) {
199 deny_delete_current = parse_deny_action(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
204 prefer_ofs_delta = git_config_bool(var, value);
205 return 0;
206 }
207
208 if (strcmp(var, "receive.updateserverinfo") == 0) {
209 auto_update_server_info = git_config_bool(var, value);
210 return 0;
211 }
212
213 if (strcmp(var, "receive.autogc") == 0) {
214 auto_gc = git_config_bool(var, value);
215 return 0;
216 }
217
218 if (strcmp(var, "receive.shallowupdate") == 0) {
219 shallow_update = git_config_bool(var, value);
220 return 0;
221 }
222
223 if (strcmp(var, "receive.certnonceseed") == 0)
224 return git_config_string(&cert_nonce_seed, var, value);
225
226 if (strcmp(var, "receive.certnonceslop") == 0) {
227 nonce_stamp_slop_limit = git_config_ulong(var, value);
228 return 0;
229 }
230
231 if (strcmp(var, "receive.advertiseatomic") == 0) {
232 advertise_atomic_push = git_config_bool(var, value);
233 return 0;
234 }
235
236 if (strcmp(var, "receive.advertisepushoptions") == 0) {
237 advertise_push_options = git_config_bool(var, value);
238 return 0;
239 }
240
241 if (strcmp(var, "receive.keepalive") == 0) {
242 keepalive_in_sec = git_config_int(var, value);
243 return 0;
244 }
245
246 if (strcmp(var, "receive.maxinputsize") == 0) {
247 max_input_size = git_config_int64(var, value);
248 return 0;
249 }
250
251 if (strcmp(var, "receive.procreceiverefs") == 0) {
252 if (!value)
253 return config_error_nonbool(var);
254 proc_receive_ref_append(value);
255 return 0;
256 }
257
258 if (strcmp(var, "transfer.advertisesid") == 0) {
259 advertise_sid = git_config_bool(var, value);
260 return 0;
261 }
262
263 return git_default_config(var, value, cb);
264 }
265
266 static void show_ref(const char *path, const struct object_id *oid)
267 {
268 if (sent_capabilities) {
269 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
270 } else {
271 struct strbuf cap = STRBUF_INIT;
272
273 strbuf_addstr(&cap,
274 "report-status report-status-v2 delete-refs side-band-64k quiet");
275 if (advertise_atomic_push)
276 strbuf_addstr(&cap, " atomic");
277 if (prefer_ofs_delta)
278 strbuf_addstr(&cap, " ofs-delta");
279 if (push_cert_nonce)
280 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
281 if (advertise_push_options)
282 strbuf_addstr(&cap, " push-options");
283 if (advertise_sid)
284 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
285 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
286 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
287 packet_write_fmt(1, "%s %s%c%s\n",
288 oid_to_hex(oid), path, 0, cap.buf);
289 strbuf_release(&cap);
290 sent_capabilities = 1;
291 }
292 }
293
294 static int show_ref_cb(const char *path_full, const struct object_id *oid,
295 int flag UNUSED, void *data)
296 {
297 struct oidset *seen = data;
298 const char *path = strip_namespace(path_full);
299
300 if (ref_is_hidden(path, path_full, &hidden_refs))
301 return 0;
302
303 /*
304 * Advertise refs outside our current namespace as ".have"
305 * refs, so that the client can use them to minimize data
306 * transfer but will otherwise ignore them.
307 */
308 if (!path) {
309 if (oidset_insert(seen, oid))
310 return 0;
311 path = ".have";
312 } else {
313 oidset_insert(seen, oid);
314 }
315 show_ref(path, oid);
316 return 0;
317 }
318
319 static void show_one_alternate_ref(const struct object_id *oid,
320 void *data)
321 {
322 struct oidset *seen = data;
323
324 if (oidset_insert(seen, oid))
325 return;
326
327 show_ref(".have", oid);
328 }
329
330 static void write_head_info(void)
331 {
332 static struct oidset seen = OIDSET_INIT;
333
334 for_each_ref(show_ref_cb, &seen);
335 for_each_alternate_ref(show_one_alternate_ref, &seen);
336 oidset_clear(&seen);
337 if (!sent_capabilities)
338 show_ref("capabilities^{}", null_oid());
339
340 advertise_shallow_grafts(1);
341
342 /* EOF */
343 packet_flush(1);
344 }
345
346 #define RUN_PROC_RECEIVE_SCHEDULED 1
347 #define RUN_PROC_RECEIVE_RETURNED 2
348 struct command {
349 struct command *next;
350 const char *error_string;
351 struct ref_push_report *report;
352 unsigned int skip_update:1,
353 did_not_exist:1,
354 run_proc_receive:2;
355 int index;
356 struct object_id old_oid;
357 struct object_id new_oid;
358 char ref_name[FLEX_ARRAY]; /* more */
359 };
360
361 static void proc_receive_ref_append(const char *prefix)
362 {
363 struct proc_receive_ref *ref_pattern;
364 char *p;
365 int len;
366
367 CALLOC_ARRAY(ref_pattern, 1);
368 p = strchr(prefix, ':');
369 if (p) {
370 while (prefix < p) {
371 if (*prefix == 'a')
372 ref_pattern->want_add = 1;
373 else if (*prefix == 'd')
374 ref_pattern->want_delete = 1;
375 else if (*prefix == 'm')
376 ref_pattern->want_modify = 1;
377 else if (*prefix == '!')
378 ref_pattern->negative_ref = 1;
379 prefix++;
380 }
381 prefix++;
382 } else {
383 ref_pattern->want_add = 1;
384 ref_pattern->want_delete = 1;
385 ref_pattern->want_modify = 1;
386 }
387 len = strlen(prefix);
388 while (len && prefix[len - 1] == '/')
389 len--;
390 ref_pattern->ref_prefix = xmemdupz(prefix, len);
391 if (!proc_receive_ref) {
392 proc_receive_ref = ref_pattern;
393 } else {
394 struct proc_receive_ref *end;
395
396 end = proc_receive_ref;
397 while (end->next)
398 end = end->next;
399 end->next = ref_pattern;
400 }
401 }
402
403 static int proc_receive_ref_matches(struct command *cmd)
404 {
405 struct proc_receive_ref *p;
406
407 if (!proc_receive_ref)
408 return 0;
409
410 for (p = proc_receive_ref; p; p = p->next) {
411 const char *match = p->ref_prefix;
412 const char *remains;
413
414 if (!p->want_add && is_null_oid(&cmd->old_oid))
415 continue;
416 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
417 continue;
418 else if (!p->want_modify &&
419 !is_null_oid(&cmd->old_oid) &&
420 !is_null_oid(&cmd->new_oid))
421 continue;
422
423 if (skip_prefix(cmd->ref_name, match, &remains) &&
424 (!*remains || *remains == '/')) {
425 if (!p->negative_ref)
426 return 1;
427 } else if (p->negative_ref) {
428 return 1;
429 }
430 }
431 return 0;
432 }
433
434 static void report_message(const char *prefix, const char *err, va_list params)
435 {
436 int sz;
437 char msg[4096];
438
439 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
440 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
441 if (sz > (sizeof(msg) - 1))
442 sz = sizeof(msg) - 1;
443 msg[sz++] = '\n';
444
445 if (use_sideband)
446 send_sideband(1, 2, msg, sz, use_sideband);
447 else
448 xwrite(2, msg, sz);
449 }
450
451 __attribute__((format (printf, 1, 2)))
452 static void rp_warning(const char *err, ...)
453 {
454 va_list params;
455 va_start(params, err);
456 report_message("warning: ", err, params);
457 va_end(params);
458 }
459
460 __attribute__((format (printf, 1, 2)))
461 static void rp_error(const char *err, ...)
462 {
463 va_list params;
464 va_start(params, err);
465 report_message("error: ", err, params);
466 va_end(params);
467 }
468
469 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
470 {
471 char data[128];
472 int keepalive_active = 0;
473
474 if (keepalive_in_sec <= 0)
475 use_keepalive = KEEPALIVE_NEVER;
476 if (use_keepalive == KEEPALIVE_ALWAYS)
477 keepalive_active = 1;
478
479 while (1) {
480 ssize_t sz;
481
482 if (keepalive_active) {
483 struct pollfd pfd;
484 int ret;
485
486 pfd.fd = in;
487 pfd.events = POLLIN;
488 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
489
490 if (ret < 0) {
491 if (errno == EINTR)
492 continue;
493 else
494 break;
495 } else if (ret == 0) {
496 /* no data; send a keepalive packet */
497 static const char buf[] = "0005\1";
498 write_or_die(1, buf, sizeof(buf) - 1);
499 continue;
500 } /* else there is actual data to read */
501 }
502
503 sz = xread(in, data, sizeof(data));
504 if (sz <= 0)
505 break;
506
507 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
508 const char *p = memchr(data, '\0', sz);
509 if (p) {
510 /*
511 * The NUL tells us to start sending keepalives. Make
512 * sure we send any other data we read along
513 * with it.
514 */
515 keepalive_active = 1;
516 send_sideband(1, 2, data, p - data, use_sideband);
517 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
518 continue;
519 }
520 }
521
522 /*
523 * Either we're not looking for a NUL signal, or we didn't see
524 * it yet; just pass along the data.
525 */
526 send_sideband(1, 2, data, sz, use_sideband);
527 }
528 close(in);
529 return 0;
530 }
531
532 static void hmac_hash(unsigned char *out,
533 const char *key_in, size_t key_len,
534 const char *text, size_t text_len)
535 {
536 unsigned char key[GIT_MAX_BLKSZ];
537 unsigned char k_ipad[GIT_MAX_BLKSZ];
538 unsigned char k_opad[GIT_MAX_BLKSZ];
539 int i;
540 git_hash_ctx ctx;
541
542 /* RFC 2104 2. (1) */
543 memset(key, '\0', GIT_MAX_BLKSZ);
544 if (the_hash_algo->blksz < key_len) {
545 the_hash_algo->init_fn(&ctx);
546 the_hash_algo->update_fn(&ctx, key_in, key_len);
547 the_hash_algo->final_fn(key, &ctx);
548 } else {
549 memcpy(key, key_in, key_len);
550 }
551
552 /* RFC 2104 2. (2) & (5) */
553 for (i = 0; i < sizeof(key); i++) {
554 k_ipad[i] = key[i] ^ 0x36;
555 k_opad[i] = key[i] ^ 0x5c;
556 }
557
558 /* RFC 2104 2. (3) & (4) */
559 the_hash_algo->init_fn(&ctx);
560 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
561 the_hash_algo->update_fn(&ctx, text, text_len);
562 the_hash_algo->final_fn(out, &ctx);
563
564 /* RFC 2104 2. (6) & (7) */
565 the_hash_algo->init_fn(&ctx);
566 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
567 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
568 the_hash_algo->final_fn(out, &ctx);
569 }
570
571 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
572 {
573 struct strbuf buf = STRBUF_INIT;
574 unsigned char hash[GIT_MAX_RAWSZ];
575
576 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
577 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
578 strbuf_release(&buf);
579
580 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
581 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
582 return strbuf_detach(&buf, NULL);
583 }
584
585 static char *find_header(const char *msg, size_t len, const char *key,
586 const char **next_line)
587 {
588 size_t out_len;
589 const char *val = find_header_mem(msg, len, key, &out_len);
590
591 if (!val)
592 return NULL;
593
594 if (next_line)
595 *next_line = val + out_len + 1;
596
597 return xmemdupz(val, out_len);
598 }
599
600 /*
601 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
602 * This operation is guaranteed to run in constant time to avoid leaking data.
603 */
604 static int constant_memequal(const char *a, const char *b, size_t n)
605 {
606 int res = 0;
607 size_t i;
608
609 for (i = 0; i < n; i++)
610 res |= a[i] ^ b[i];
611 return res;
612 }
613
614 static const char *check_nonce(const char *buf, size_t len)
615 {
616 char *nonce = find_header(buf, len, "nonce", NULL);
617 timestamp_t stamp, ostamp;
618 char *bohmac, *expect = NULL;
619 const char *retval = NONCE_BAD;
620 size_t noncelen;
621
622 if (!nonce) {
623 retval = NONCE_MISSING;
624 goto leave;
625 } else if (!push_cert_nonce) {
626 retval = NONCE_UNSOLICITED;
627 goto leave;
628 } else if (!strcmp(push_cert_nonce, nonce)) {
629 retval = NONCE_OK;
630 goto leave;
631 }
632
633 if (!stateless_rpc) {
634 /* returned nonce MUST match what we gave out earlier */
635 retval = NONCE_BAD;
636 goto leave;
637 }
638
639 /*
640 * In stateless mode, we may be receiving a nonce issued by
641 * another instance of the server that serving the same
642 * repository, and the timestamps may not match, but the
643 * nonce-seed and dir should match, so we can recompute and
644 * report the time slop.
645 *
646 * In addition, when a nonce issued by another instance has
647 * timestamp within receive.certnonceslop seconds, we pretend
648 * as if we issued that nonce when reporting to the hook.
649 */
650
651 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
652 if (*nonce <= '0' || '9' < *nonce) {
653 retval = NONCE_BAD;
654 goto leave;
655 }
656 stamp = parse_timestamp(nonce, &bohmac, 10);
657 if (bohmac == nonce || bohmac[0] != '-') {
658 retval = NONCE_BAD;
659 goto leave;
660 }
661
662 noncelen = strlen(nonce);
663 expect = prepare_push_cert_nonce(service_dir, stamp);
664 if (noncelen != strlen(expect)) {
665 /* This is not even the right size. */
666 retval = NONCE_BAD;
667 goto leave;
668 }
669 if (constant_memequal(expect, nonce, noncelen)) {
670 /* Not what we would have signed earlier */
671 retval = NONCE_BAD;
672 goto leave;
673 }
674
675 /*
676 * By how many seconds is this nonce stale? Negative value
677 * would mean it was issued by another server with its clock
678 * skewed in the future.
679 */
680 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
681 nonce_stamp_slop = (long)ostamp - (long)stamp;
682
683 if (nonce_stamp_slop_limit &&
684 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
685 /*
686 * Pretend as if the received nonce (which passes the
687 * HMAC check, so it is not a forged by third-party)
688 * is what we issued.
689 */
690 free((void *)push_cert_nonce);
691 push_cert_nonce = xstrdup(nonce);
692 retval = NONCE_OK;
693 } else {
694 retval = NONCE_SLOP;
695 }
696
697 leave:
698 free(nonce);
699 free(expect);
700 return retval;
701 }
702
703 /*
704 * Return 1 if there is no push_cert or if the push options in push_cert are
705 * the same as those in the argument; 0 otherwise.
706 */
707 static int check_cert_push_options(const struct string_list *push_options)
708 {
709 const char *buf = push_cert.buf;
710 int len = push_cert.len;
711
712 char *option;
713 const char *next_line;
714 int options_seen = 0;
715
716 int retval = 1;
717
718 if (!len)
719 return 1;
720
721 while ((option = find_header(buf, len, "push-option", &next_line))) {
722 len -= (next_line - buf);
723 buf = next_line;
724 options_seen++;
725 if (options_seen > push_options->nr
726 || strcmp(option,
727 push_options->items[options_seen - 1].string)) {
728 retval = 0;
729 goto leave;
730 }
731 free(option);
732 }
733
734 if (options_seen != push_options->nr)
735 retval = 0;
736
737 leave:
738 free(option);
739 return retval;
740 }
741
742 static void prepare_push_cert_sha1(struct child_process *proc)
743 {
744 static int already_done;
745
746 if (!push_cert.len)
747 return;
748
749 if (!already_done) {
750 int bogs /* beginning_of_gpg_sig */;
751
752 already_done = 1;
753 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
754 &push_cert_oid))
755 oidclr(&push_cert_oid);
756
757 memset(&sigcheck, '\0', sizeof(sigcheck));
758
759 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
760 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
761 sigcheck.payload_len = bogs;
762 check_signature(&sigcheck, push_cert.buf + bogs,
763 push_cert.len - bogs);
764
765 nonce_status = check_nonce(push_cert.buf, bogs);
766 }
767 if (!is_null_oid(&push_cert_oid)) {
768 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
769 oid_to_hex(&push_cert_oid));
770 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
771 sigcheck.signer ? sigcheck.signer : "");
772 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
773 sigcheck.key ? sigcheck.key : "");
774 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
775 sigcheck.result);
776 if (push_cert_nonce) {
777 strvec_pushf(&proc->env,
778 "GIT_PUSH_CERT_NONCE=%s",
779 push_cert_nonce);
780 strvec_pushf(&proc->env,
781 "GIT_PUSH_CERT_NONCE_STATUS=%s",
782 nonce_status);
783 if (nonce_status == NONCE_SLOP)
784 strvec_pushf(&proc->env,
785 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
786 nonce_stamp_slop);
787 }
788 }
789 }
790
791 struct receive_hook_feed_state {
792 struct command *cmd;
793 struct ref_push_report *report;
794 int skip_broken;
795 struct strbuf buf;
796 const struct string_list *push_options;
797 };
798
799 typedef int (*feed_fn)(void *, const char **, size_t *);
800 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
801 struct receive_hook_feed_state *feed_state)
802 {
803 struct child_process proc = CHILD_PROCESS_INIT;
804 struct async muxer;
805 int code;
806 const char *hook_path = find_hook(hook_name);
807
808 if (!hook_path)
809 return 0;
810
811 strvec_push(&proc.args, hook_path);
812 proc.in = -1;
813 proc.stdout_to_stderr = 1;
814 proc.trace2_hook_name = hook_name;
815
816 if (feed_state->push_options) {
817 size_t i;
818 for (i = 0; i < feed_state->push_options->nr; i++)
819 strvec_pushf(&proc.env,
820 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
821 (uintmax_t)i,
822 feed_state->push_options->items[i].string);
823 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
824 (uintmax_t)feed_state->push_options->nr);
825 } else
826 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
827
828 if (tmp_objdir)
829 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
830
831 if (use_sideband) {
832 memset(&muxer, 0, sizeof(muxer));
833 muxer.proc = copy_to_sideband;
834 muxer.in = -1;
835 code = start_async(&muxer);
836 if (code)
837 return code;
838 proc.err = muxer.in;
839 }
840
841 prepare_push_cert_sha1(&proc);
842
843 code = start_command(&proc);
844 if (code) {
845 if (use_sideband)
846 finish_async(&muxer);
847 return code;
848 }
849
850 sigchain_push(SIGPIPE, SIG_IGN);
851
852 while (1) {
853 const char *buf;
854 size_t n;
855 if (feed(feed_state, &buf, &n))
856 break;
857 if (write_in_full(proc.in, buf, n) < 0)
858 break;
859 }
860 close(proc.in);
861 if (use_sideband)
862 finish_async(&muxer);
863
864 sigchain_pop(SIGPIPE);
865
866 return finish_command(&proc);
867 }
868
869 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
870 {
871 struct receive_hook_feed_state *state = state_;
872 struct command *cmd = state->cmd;
873
874 while (cmd &&
875 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
876 cmd = cmd->next;
877 if (!cmd)
878 return -1; /* EOF */
879 if (!bufp)
880 return 0; /* OK, can feed something. */
881 strbuf_reset(&state->buf);
882 if (!state->report)
883 state->report = cmd->report;
884 if (state->report) {
885 struct object_id *old_oid;
886 struct object_id *new_oid;
887 const char *ref_name;
888
889 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
890 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
891 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
892 strbuf_addf(&state->buf, "%s %s %s\n",
893 oid_to_hex(old_oid), oid_to_hex(new_oid),
894 ref_name);
895 state->report = state->report->next;
896 if (!state->report)
897 state->cmd = cmd->next;
898 } else {
899 strbuf_addf(&state->buf, "%s %s %s\n",
900 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
901 cmd->ref_name);
902 state->cmd = cmd->next;
903 }
904 if (bufp) {
905 *bufp = state->buf.buf;
906 *sizep = state->buf.len;
907 }
908 return 0;
909 }
910
911 static int run_receive_hook(struct command *commands,
912 const char *hook_name,
913 int skip_broken,
914 const struct string_list *push_options)
915 {
916 struct receive_hook_feed_state state;
917 int status;
918
919 strbuf_init(&state.buf, 0);
920 state.cmd = commands;
921 state.skip_broken = skip_broken;
922 state.report = NULL;
923 if (feed_receive_hook(&state, NULL, NULL))
924 return 0;
925 state.cmd = commands;
926 state.push_options = push_options;
927 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
928 strbuf_release(&state.buf);
929 return status;
930 }
931
932 static int run_update_hook(struct command *cmd)
933 {
934 struct child_process proc = CHILD_PROCESS_INIT;
935 int code;
936 const char *hook_path = find_hook("update");
937
938 if (!hook_path)
939 return 0;
940
941 strvec_push(&proc.args, hook_path);
942 strvec_push(&proc.args, cmd->ref_name);
943 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
944 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
945
946 proc.no_stdin = 1;
947 proc.stdout_to_stderr = 1;
948 proc.err = use_sideband ? -1 : 0;
949 proc.trace2_hook_name = "update";
950
951 code = start_command(&proc);
952 if (code)
953 return code;
954 if (use_sideband)
955 copy_to_sideband(proc.err, -1, NULL);
956 return finish_command(&proc);
957 }
958
959 static struct command *find_command_by_refname(struct command *list,
960 const char *refname)
961 {
962 for (; list; list = list->next)
963 if (!strcmp(list->ref_name, refname))
964 return list;
965 return NULL;
966 }
967
968 static int read_proc_receive_report(struct packet_reader *reader,
969 struct command *commands,
970 struct strbuf *errmsg)
971 {
972 struct command *cmd;
973 struct command *hint = NULL;
974 struct ref_push_report *report = NULL;
975 int new_report = 0;
976 int code = 0;
977 int once = 0;
978 int response = 0;
979
980 for (;;) {
981 struct object_id old_oid, new_oid;
982 const char *head;
983 const char *refname;
984 char *p;
985 enum packet_read_status status;
986
987 status = packet_reader_read(reader);
988 if (status != PACKET_READ_NORMAL) {
989 /* Check whether proc-receive exited abnormally */
990 if (status == PACKET_READ_EOF && !response) {
991 strbuf_addstr(errmsg, "proc-receive exited abnormally");
992 return -1;
993 }
994 break;
995 }
996 response++;
997
998 head = reader->line;
999 p = strchr(head, ' ');
1000 if (!p) {
1001 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1002 code = -1;
1003 continue;
1004 }
1005 *p++ = '\0';
1006 if (!strcmp(head, "option")) {
1007 const char *key, *val;
1008
1009 if (!hint || !(report || new_report)) {
1010 if (!once++)
1011 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1012 code = -1;
1013 continue;
1014 }
1015 if (new_report) {
1016 if (!hint->report) {
1017 CALLOC_ARRAY(hint->report, 1);
1018 report = hint->report;
1019 } else {
1020 report = hint->report;
1021 while (report->next)
1022 report = report->next;
1023 report->next = xcalloc(1, sizeof(struct ref_push_report));
1024 report = report->next;
1025 }
1026 new_report = 0;
1027 }
1028 key = p;
1029 p = strchr(key, ' ');
1030 if (p)
1031 *p++ = '\0';
1032 val = p;
1033 if (!strcmp(key, "refname"))
1034 report->ref_name = xstrdup_or_null(val);
1035 else if (!strcmp(key, "old-oid") && val &&
1036 !parse_oid_hex(val, &old_oid, &val))
1037 report->old_oid = oiddup(&old_oid);
1038 else if (!strcmp(key, "new-oid") && val &&
1039 !parse_oid_hex(val, &new_oid, &val))
1040 report->new_oid = oiddup(&new_oid);
1041 else if (!strcmp(key, "forced-update"))
1042 report->forced_update = 1;
1043 else if (!strcmp(key, "fall-through"))
1044 /* Fall through, let 'receive-pack' to execute it. */
1045 hint->run_proc_receive = 0;
1046 continue;
1047 }
1048
1049 report = NULL;
1050 new_report = 0;
1051 refname = p;
1052 p = strchr(refname, ' ');
1053 if (p)
1054 *p++ = '\0';
1055 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1056 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1057 head, refname);
1058 code = -1;
1059 continue;
1060 }
1061
1062 /* first try searching at our hint, falling back to all refs */
1063 if (hint)
1064 hint = find_command_by_refname(hint, refname);
1065 if (!hint)
1066 hint = find_command_by_refname(commands, refname);
1067 if (!hint) {
1068 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1069 refname);
1070 code = -1;
1071 continue;
1072 }
1073 if (!hint->run_proc_receive) {
1074 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1075 refname);
1076 code = -1;
1077 continue;
1078 }
1079 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1080 if (!strcmp(head, "ng")) {
1081 if (p)
1082 hint->error_string = xstrdup(p);
1083 else
1084 hint->error_string = "failed";
1085 code = -1;
1086 continue;
1087 }
1088 new_report = 1;
1089 }
1090
1091 for (cmd = commands; cmd; cmd = cmd->next)
1092 if (cmd->run_proc_receive && !cmd->error_string &&
1093 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1094 cmd->error_string = "proc-receive failed to report status";
1095 code = -1;
1096 }
1097 return code;
1098 }
1099
1100 static int run_proc_receive_hook(struct command *commands,
1101 const struct string_list *push_options)
1102 {
1103 struct child_process proc = CHILD_PROCESS_INIT;
1104 struct async muxer;
1105 struct command *cmd;
1106 struct packet_reader reader;
1107 struct strbuf cap = STRBUF_INIT;
1108 struct strbuf errmsg = STRBUF_INIT;
1109 int hook_use_push_options = 0;
1110 int version = 0;
1111 int code;
1112 const char *hook_path = find_hook("proc-receive");
1113
1114 if (!hook_path) {
1115 rp_error("cannot find hook 'proc-receive'");
1116 return -1;
1117 }
1118
1119 strvec_push(&proc.args, hook_path);
1120 proc.in = -1;
1121 proc.out = -1;
1122 proc.trace2_hook_name = "proc-receive";
1123
1124 if (use_sideband) {
1125 memset(&muxer, 0, sizeof(muxer));
1126 muxer.proc = copy_to_sideband;
1127 muxer.in = -1;
1128 code = start_async(&muxer);
1129 if (code)
1130 return code;
1131 proc.err = muxer.in;
1132 } else {
1133 proc.err = 0;
1134 }
1135
1136 code = start_command(&proc);
1137 if (code) {
1138 if (use_sideband)
1139 finish_async(&muxer);
1140 return code;
1141 }
1142
1143 sigchain_push(SIGPIPE, SIG_IGN);
1144
1145 /* Version negotiaton */
1146 packet_reader_init(&reader, proc.out, NULL, 0,
1147 PACKET_READ_CHOMP_NEWLINE |
1148 PACKET_READ_GENTLE_ON_EOF);
1149 if (use_atomic)
1150 strbuf_addstr(&cap, " atomic");
1151 if (use_push_options)
1152 strbuf_addstr(&cap, " push-options");
1153 if (cap.len) {
1154 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1155 strbuf_release(&cap);
1156 } else {
1157 code = packet_write_fmt_gently(proc.in, "version=1\n");
1158 }
1159 if (!code)
1160 code = packet_flush_gently(proc.in);
1161
1162 if (!code)
1163 for (;;) {
1164 int linelen;
1165 enum packet_read_status status;
1166
1167 status = packet_reader_read(&reader);
1168 if (status != PACKET_READ_NORMAL) {
1169 /* Check whether proc-receive exited abnormally */
1170 if (status == PACKET_READ_EOF)
1171 code = -1;
1172 break;
1173 }
1174
1175 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1176 version = atoi(reader.line + 8);
1177 linelen = strlen(reader.line);
1178 if (linelen < reader.pktlen) {
1179 const char *feature_list = reader.line + linelen + 1;
1180 if (parse_feature_request(feature_list, "push-options"))
1181 hook_use_push_options = 1;
1182 }
1183 }
1184 }
1185
1186 if (code) {
1187 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1188 goto cleanup;
1189 }
1190
1191 switch (version) {
1192 case 0:
1193 /* fallthrough */
1194 case 1:
1195 break;
1196 default:
1197 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1198 version);
1199 code = -1;
1200 goto cleanup;
1201 }
1202
1203 /* Send commands */
1204 for (cmd = commands; cmd; cmd = cmd->next) {
1205 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1206 continue;
1207 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1208 oid_to_hex(&cmd->old_oid),
1209 oid_to_hex(&cmd->new_oid),
1210 cmd->ref_name);
1211 if (code)
1212 break;
1213 }
1214 if (!code)
1215 code = packet_flush_gently(proc.in);
1216 if (code) {
1217 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1218 goto cleanup;
1219 }
1220
1221 /* Send push options */
1222 if (hook_use_push_options) {
1223 struct string_list_item *item;
1224
1225 for_each_string_list_item(item, push_options) {
1226 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1227 if (code)
1228 break;
1229 }
1230 if (!code)
1231 code = packet_flush_gently(proc.in);
1232 if (code) {
1233 strbuf_addstr(&errmsg,
1234 "fail to write push-options to proc-receive hook");
1235 goto cleanup;
1236 }
1237 }
1238
1239 /* Read result from proc-receive */
1240 code = read_proc_receive_report(&reader, commands, &errmsg);
1241
1242 cleanup:
1243 close(proc.in);
1244 close(proc.out);
1245 if (use_sideband)
1246 finish_async(&muxer);
1247 if (finish_command(&proc))
1248 code = -1;
1249 if (errmsg.len >0) {
1250 char *p = errmsg.buf;
1251
1252 p += errmsg.len - 1;
1253 if (*p == '\n')
1254 *p = '\0';
1255 rp_error("%s", errmsg.buf);
1256 strbuf_release(&errmsg);
1257 }
1258 sigchain_pop(SIGPIPE);
1259
1260 return code;
1261 }
1262
1263 static char *refuse_unconfigured_deny_msg =
1264 N_("By default, updating the current branch in a non-bare repository\n"
1265 "is denied, because it will make the index and work tree inconsistent\n"
1266 "with what you pushed, and will require 'git reset --hard' to match\n"
1267 "the work tree to HEAD.\n"
1268 "\n"
1269 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1270 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1271 "its current branch; however, this is not recommended unless you\n"
1272 "arranged to update its work tree to match what you pushed in some\n"
1273 "other way.\n"
1274 "\n"
1275 "To squelch this message and still keep the default behaviour, set\n"
1276 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1277
1278 static void refuse_unconfigured_deny(void)
1279 {
1280 rp_error("%s", _(refuse_unconfigured_deny_msg));
1281 }
1282
1283 static char *refuse_unconfigured_deny_delete_current_msg =
1284 N_("By default, deleting the current branch is denied, because the next\n"
1285 "'git clone' won't result in any file checked out, causing confusion.\n"
1286 "\n"
1287 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1288 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1289 "current branch, with or without a warning message.\n"
1290 "\n"
1291 "To squelch this message, you can set it to 'refuse'.");
1292
1293 static void refuse_unconfigured_deny_delete_current(void)
1294 {
1295 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1296 }
1297
1298 static const struct object_id *command_singleton_iterator(void *cb_data);
1299 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1300 {
1301 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1302 struct oid_array extra = OID_ARRAY_INIT;
1303 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1304 uint32_t mask = 1 << (cmd->index % 32);
1305 int i;
1306
1307 trace_printf_key(&trace_shallow,
1308 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1309 for (i = 0; i < si->shallow->nr; i++)
1310 if (si->used_shallow[i] &&
1311 (si->used_shallow[i][cmd->index / 32] & mask) &&
1312 !delayed_reachability_test(si, i))
1313 oid_array_append(&extra, &si->shallow->oid[i]);
1314
1315 opt.env = tmp_objdir_env(tmp_objdir);
1316 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1317 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1318 rollback_shallow_file(the_repository, &shallow_lock);
1319 oid_array_clear(&extra);
1320 return -1;
1321 }
1322
1323 commit_shallow_file(the_repository, &shallow_lock);
1324
1325 /*
1326 * Make sure setup_alternate_shallow() for the next ref does
1327 * not lose these new roots..
1328 */
1329 for (i = 0; i < extra.nr; i++)
1330 register_shallow(the_repository, &extra.oid[i]);
1331
1332 si->shallow_ref[cmd->index] = 0;
1333 oid_array_clear(&extra);
1334 return 0;
1335 }
1336
1337 /*
1338 * NEEDSWORK: we should consolidate various implementions of "are we
1339 * on an unborn branch?" test into one, and make the unified one more
1340 * robust. !get_sha1() based check used here and elsewhere would not
1341 * allow us to tell an unborn branch from corrupt ref, for example.
1342 * For the purpose of fixing "deploy-to-update does not work when
1343 * pushing into an empty repository" issue, this should suffice for
1344 * now.
1345 */
1346 static int head_has_history(void)
1347 {
1348 struct object_id oid;
1349
1350 return !get_oid("HEAD", &oid);
1351 }
1352
1353 static const char *push_to_deploy(unsigned char *sha1,
1354 struct strvec *env,
1355 const char *work_tree)
1356 {
1357 struct child_process child = CHILD_PROCESS_INIT;
1358
1359 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1360 "--refresh", NULL);
1361 strvec_pushv(&child.env, env->v);
1362 child.dir = work_tree;
1363 child.no_stdin = 1;
1364 child.stdout_to_stderr = 1;
1365 child.git_cmd = 1;
1366 if (run_command(&child))
1367 return "Up-to-date check failed";
1368
1369 /* run_command() does not clean up completely; reinitialize */
1370 child_process_init(&child);
1371 strvec_pushl(&child.args, "diff-files", "--quiet",
1372 "--ignore-submodules", "--", NULL);
1373 strvec_pushv(&child.env, env->v);
1374 child.dir = work_tree;
1375 child.no_stdin = 1;
1376 child.stdout_to_stderr = 1;
1377 child.git_cmd = 1;
1378 if (run_command(&child))
1379 return "Working directory has unstaged changes";
1380
1381 child_process_init(&child);
1382 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1383 "--ignore-submodules",
1384 /* diff-index with either HEAD or an empty tree */
1385 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1386 "--", NULL);
1387 strvec_pushv(&child.env, env->v);
1388 child.no_stdin = 1;
1389 child.no_stdout = 1;
1390 child.stdout_to_stderr = 0;
1391 child.git_cmd = 1;
1392 if (run_command(&child))
1393 return "Working directory has staged changes";
1394
1395 child_process_init(&child);
1396 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1397 NULL);
1398 strvec_pushv(&child.env, env->v);
1399 child.dir = work_tree;
1400 child.no_stdin = 1;
1401 child.no_stdout = 1;
1402 child.stdout_to_stderr = 0;
1403 child.git_cmd = 1;
1404 if (run_command(&child))
1405 return "Could not update working tree to new HEAD";
1406
1407 return NULL;
1408 }
1409
1410 static const char *push_to_checkout_hook = "push-to-checkout";
1411
1412 static const char *push_to_checkout(unsigned char *hash,
1413 int *invoked_hook,
1414 struct strvec *env,
1415 const char *work_tree)
1416 {
1417 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1418 opt.invoked_hook = invoked_hook;
1419
1420 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1421 strvec_pushv(&opt.env, env->v);
1422 strvec_push(&opt.args, hash_to_hex(hash));
1423 if (run_hooks_opt(push_to_checkout_hook, &opt))
1424 return "push-to-checkout hook declined";
1425 else
1426 return NULL;
1427 }
1428
1429 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1430 {
1431 const char *retval, *git_dir;
1432 struct strvec env = STRVEC_INIT;
1433 int invoked_hook;
1434
1435 if (!worktree || !worktree->path)
1436 BUG("worktree->path must be non-NULL");
1437
1438 if (worktree->is_bare)
1439 return "denyCurrentBranch = updateInstead needs a worktree";
1440 git_dir = get_worktree_git_dir(worktree);
1441
1442 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1443
1444 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1445 if (!invoked_hook)
1446 retval = push_to_deploy(sha1, &env, worktree->path);
1447
1448 strvec_clear(&env);
1449 return retval;
1450 }
1451
1452 static const char *update(struct command *cmd, struct shallow_info *si)
1453 {
1454 const char *name = cmd->ref_name;
1455 struct strbuf namespaced_name_buf = STRBUF_INIT;
1456 static char *namespaced_name;
1457 const char *ret;
1458 struct object_id *old_oid = &cmd->old_oid;
1459 struct object_id *new_oid = &cmd->new_oid;
1460 int do_update_worktree = 0;
1461 struct worktree **worktrees = get_worktrees();
1462 const struct worktree *worktree =
1463 find_shared_symref(worktrees, "HEAD", name);
1464
1465 /* only refs/... are allowed */
1466 if (!starts_with(name, "refs/") ||
1467 check_refname_format(name + 5, is_null_oid(new_oid) ?
1468 REFNAME_ALLOW_ONELEVEL : 0)) {
1469 rp_error("refusing to update funny ref '%s' remotely", name);
1470 ret = "funny refname";
1471 goto out;
1472 }
1473
1474 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1475 free(namespaced_name);
1476 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1477
1478 if (worktree && !worktree->is_bare) {
1479 switch (deny_current_branch) {
1480 case DENY_IGNORE:
1481 break;
1482 case DENY_WARN:
1483 rp_warning("updating the current branch");
1484 break;
1485 case DENY_REFUSE:
1486 case DENY_UNCONFIGURED:
1487 rp_error("refusing to update checked out branch: %s", name);
1488 if (deny_current_branch == DENY_UNCONFIGURED)
1489 refuse_unconfigured_deny();
1490 ret = "branch is currently checked out";
1491 goto out;
1492 case DENY_UPDATE_INSTEAD:
1493 /* pass -- let other checks intervene first */
1494 do_update_worktree = 1;
1495 break;
1496 }
1497 }
1498
1499 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1500 error("unpack should have generated %s, "
1501 "but I can't find it!", oid_to_hex(new_oid));
1502 ret = "bad pack";
1503 goto out;
1504 }
1505
1506 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1507 if (deny_deletes && starts_with(name, "refs/heads/")) {
1508 rp_error("denying ref deletion for %s", name);
1509 ret = "deletion prohibited";
1510 goto out;
1511 }
1512
1513 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1514 switch (deny_delete_current) {
1515 case DENY_IGNORE:
1516 break;
1517 case DENY_WARN:
1518 rp_warning("deleting the current branch");
1519 break;
1520 case DENY_REFUSE:
1521 case DENY_UNCONFIGURED:
1522 case DENY_UPDATE_INSTEAD:
1523 if (deny_delete_current == DENY_UNCONFIGURED)
1524 refuse_unconfigured_deny_delete_current();
1525 rp_error("refusing to delete the current branch: %s", name);
1526 ret = "deletion of the current branch prohibited";
1527 goto out;
1528 default:
1529 ret = "Invalid denyDeleteCurrent setting";
1530 goto out;
1531 }
1532 }
1533 }
1534
1535 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1536 !is_null_oid(old_oid) &&
1537 starts_with(name, "refs/heads/")) {
1538 struct object *old_object, *new_object;
1539 struct commit *old_commit, *new_commit;
1540
1541 old_object = parse_object(the_repository, old_oid);
1542 new_object = parse_object(the_repository, new_oid);
1543
1544 if (!old_object || !new_object ||
1545 old_object->type != OBJ_COMMIT ||
1546 new_object->type != OBJ_COMMIT) {
1547 error("bad sha1 objects for %s", name);
1548 ret = "bad ref";
1549 goto out;
1550 }
1551 old_commit = (struct commit *)old_object;
1552 new_commit = (struct commit *)new_object;
1553 if (!in_merge_bases(old_commit, new_commit)) {
1554 rp_error("denying non-fast-forward %s"
1555 " (you should pull first)", name);
1556 ret = "non-fast-forward";
1557 goto out;
1558 }
1559 }
1560 if (run_update_hook(cmd)) {
1561 rp_error("hook declined to update %s", name);
1562 ret = "hook declined";
1563 goto out;
1564 }
1565
1566 if (do_update_worktree) {
1567 ret = update_worktree(new_oid->hash, worktree);
1568 if (ret)
1569 goto out;
1570 }
1571
1572 if (is_null_oid(new_oid)) {
1573 struct strbuf err = STRBUF_INIT;
1574 if (!parse_object(the_repository, old_oid)) {
1575 old_oid = NULL;
1576 if (ref_exists(name)) {
1577 rp_warning("allowing deletion of corrupt ref");
1578 } else {
1579 rp_warning("deleting a non-existent ref");
1580 cmd->did_not_exist = 1;
1581 }
1582 }
1583 if (ref_transaction_delete(transaction,
1584 namespaced_name,
1585 old_oid,
1586 0, "push", &err)) {
1587 rp_error("%s", err.buf);
1588 ret = "failed to delete";
1589 } else {
1590 ret = NULL; /* good */
1591 }
1592 strbuf_release(&err);
1593 }
1594 else {
1595 struct strbuf err = STRBUF_INIT;
1596 if (shallow_update && si->shallow_ref[cmd->index] &&
1597 update_shallow_ref(cmd, si)) {
1598 ret = "shallow error";
1599 goto out;
1600 }
1601
1602 if (ref_transaction_update(transaction,
1603 namespaced_name,
1604 new_oid, old_oid,
1605 0, "push",
1606 &err)) {
1607 rp_error("%s", err.buf);
1608 ret = "failed to update ref";
1609 } else {
1610 ret = NULL; /* good */
1611 }
1612 strbuf_release(&err);
1613 }
1614
1615 out:
1616 free_worktrees(worktrees);
1617 return ret;
1618 }
1619
1620 static void run_update_post_hook(struct command *commands)
1621 {
1622 struct command *cmd;
1623 struct child_process proc = CHILD_PROCESS_INIT;
1624 const char *hook;
1625
1626 hook = find_hook("post-update");
1627 if (!hook)
1628 return;
1629
1630 for (cmd = commands; cmd; cmd = cmd->next) {
1631 if (cmd->error_string || cmd->did_not_exist)
1632 continue;
1633 if (!proc.args.nr)
1634 strvec_push(&proc.args, hook);
1635 strvec_push(&proc.args, cmd->ref_name);
1636 }
1637 if (!proc.args.nr)
1638 return;
1639
1640 proc.no_stdin = 1;
1641 proc.stdout_to_stderr = 1;
1642 proc.err = use_sideband ? -1 : 0;
1643 proc.trace2_hook_name = "post-update";
1644
1645 if (!start_command(&proc)) {
1646 if (use_sideband)
1647 copy_to_sideband(proc.err, -1, NULL);
1648 finish_command(&proc);
1649 }
1650 }
1651
1652 static void check_aliased_update_internal(struct command *cmd,
1653 struct string_list *list,
1654 const char *dst_name, int flag)
1655 {
1656 struct string_list_item *item;
1657 struct command *dst_cmd;
1658
1659 if (!(flag & REF_ISSYMREF))
1660 return;
1661
1662 if (!dst_name) {
1663 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1664 cmd->skip_update = 1;
1665 cmd->error_string = "broken symref";
1666 return;
1667 }
1668 dst_name = strip_namespace(dst_name);
1669
1670 if (!(item = string_list_lookup(list, dst_name)))
1671 return;
1672
1673 cmd->skip_update = 1;
1674
1675 dst_cmd = (struct command *) item->util;
1676
1677 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1678 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1679 return;
1680
1681 dst_cmd->skip_update = 1;
1682
1683 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1684 " its target '%s' (%s..%s)",
1685 cmd->ref_name,
1686 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1687 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1688 dst_cmd->ref_name,
1689 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1690 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1691
1692 cmd->error_string = dst_cmd->error_string =
1693 "inconsistent aliased update";
1694 }
1695
1696 static void check_aliased_update(struct command *cmd, struct string_list *list)
1697 {
1698 struct strbuf buf = STRBUF_INIT;
1699 const char *dst_name;
1700 int flag;
1701
1702 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1703 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1704 check_aliased_update_internal(cmd, list, dst_name, flag);
1705 strbuf_release(&buf);
1706 }
1707
1708 static void check_aliased_updates(struct command *commands)
1709 {
1710 struct command *cmd;
1711 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1712
1713 for (cmd = commands; cmd; cmd = cmd->next) {
1714 struct string_list_item *item =
1715 string_list_append(&ref_list, cmd->ref_name);
1716 item->util = (void *)cmd;
1717 }
1718 string_list_sort(&ref_list);
1719
1720 for (cmd = commands; cmd; cmd = cmd->next) {
1721 if (!cmd->error_string)
1722 check_aliased_update(cmd, &ref_list);
1723 }
1724
1725 string_list_clear(&ref_list, 0);
1726 }
1727
1728 static const struct object_id *command_singleton_iterator(void *cb_data)
1729 {
1730 struct command **cmd_list = cb_data;
1731 struct command *cmd = *cmd_list;
1732
1733 if (!cmd || is_null_oid(&cmd->new_oid))
1734 return NULL;
1735 *cmd_list = NULL; /* this returns only one */
1736 return &cmd->new_oid;
1737 }
1738
1739 static void set_connectivity_errors(struct command *commands,
1740 struct shallow_info *si)
1741 {
1742 struct command *cmd;
1743
1744 for (cmd = commands; cmd; cmd = cmd->next) {
1745 struct command *singleton = cmd;
1746 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1747
1748 if (shallow_update && si->shallow_ref[cmd->index])
1749 /* to be checked in update_shallow_ref() */
1750 continue;
1751
1752 opt.env = tmp_objdir_env(tmp_objdir);
1753 if (!check_connected(command_singleton_iterator, &singleton,
1754 &opt))
1755 continue;
1756
1757 cmd->error_string = "missing necessary objects";
1758 }
1759 }
1760
1761 struct iterate_data {
1762 struct command *cmds;
1763 struct shallow_info *si;
1764 };
1765
1766 static const struct object_id *iterate_receive_command_list(void *cb_data)
1767 {
1768 struct iterate_data *data = cb_data;
1769 struct command **cmd_list = &data->cmds;
1770 struct command *cmd = *cmd_list;
1771
1772 for (; cmd; cmd = cmd->next) {
1773 if (shallow_update && data->si->shallow_ref[cmd->index])
1774 /* to be checked in update_shallow_ref() */
1775 continue;
1776 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1777 *cmd_list = cmd->next;
1778 return &cmd->new_oid;
1779 }
1780 }
1781 return NULL;
1782 }
1783
1784 static void reject_updates_to_hidden(struct command *commands)
1785 {
1786 struct strbuf refname_full = STRBUF_INIT;
1787 size_t prefix_len;
1788 struct command *cmd;
1789
1790 strbuf_addstr(&refname_full, get_git_namespace());
1791 prefix_len = refname_full.len;
1792
1793 for (cmd = commands; cmd; cmd = cmd->next) {
1794 if (cmd->error_string)
1795 continue;
1796
1797 strbuf_setlen(&refname_full, prefix_len);
1798 strbuf_addstr(&refname_full, cmd->ref_name);
1799
1800 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1801 continue;
1802 if (is_null_oid(&cmd->new_oid))
1803 cmd->error_string = "deny deleting a hidden ref";
1804 else
1805 cmd->error_string = "deny updating a hidden ref";
1806 }
1807
1808 strbuf_release(&refname_full);
1809 }
1810
1811 static int should_process_cmd(struct command *cmd)
1812 {
1813 return !cmd->error_string && !cmd->skip_update;
1814 }
1815
1816 static void BUG_if_skipped_connectivity_check(struct command *commands,
1817 struct shallow_info *si)
1818 {
1819 struct command *cmd;
1820
1821 for (cmd = commands; cmd; cmd = cmd->next) {
1822 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1823 bug("connectivity check has not been run on ref %s",
1824 cmd->ref_name);
1825 }
1826 BUG_if_bug("connectivity check skipped???");
1827 }
1828
1829 static void execute_commands_non_atomic(struct command *commands,
1830 struct shallow_info *si)
1831 {
1832 struct command *cmd;
1833 struct strbuf err = STRBUF_INIT;
1834
1835 for (cmd = commands; cmd; cmd = cmd->next) {
1836 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1837 continue;
1838
1839 transaction = ref_transaction_begin(&err);
1840 if (!transaction) {
1841 rp_error("%s", err.buf);
1842 strbuf_reset(&err);
1843 cmd->error_string = "transaction failed to start";
1844 continue;
1845 }
1846
1847 cmd->error_string = update(cmd, si);
1848
1849 if (!cmd->error_string
1850 && ref_transaction_commit(transaction, &err)) {
1851 rp_error("%s", err.buf);
1852 strbuf_reset(&err);
1853 cmd->error_string = "failed to update ref";
1854 }
1855 ref_transaction_free(transaction);
1856 }
1857 strbuf_release(&err);
1858 }
1859
1860 static void execute_commands_atomic(struct command *commands,
1861 struct shallow_info *si)
1862 {
1863 struct command *cmd;
1864 struct strbuf err = STRBUF_INIT;
1865 const char *reported_error = "atomic push failure";
1866
1867 transaction = ref_transaction_begin(&err);
1868 if (!transaction) {
1869 rp_error("%s", err.buf);
1870 strbuf_reset(&err);
1871 reported_error = "transaction failed to start";
1872 goto failure;
1873 }
1874
1875 for (cmd = commands; cmd; cmd = cmd->next) {
1876 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1877 continue;
1878
1879 cmd->error_string = update(cmd, si);
1880
1881 if (cmd->error_string)
1882 goto failure;
1883 }
1884
1885 if (ref_transaction_commit(transaction, &err)) {
1886 rp_error("%s", err.buf);
1887 reported_error = "atomic transaction failed";
1888 goto failure;
1889 }
1890 goto cleanup;
1891
1892 failure:
1893 for (cmd = commands; cmd; cmd = cmd->next)
1894 if (!cmd->error_string)
1895 cmd->error_string = reported_error;
1896
1897 cleanup:
1898 ref_transaction_free(transaction);
1899 strbuf_release(&err);
1900 }
1901
1902 static void execute_commands(struct command *commands,
1903 const char *unpacker_error,
1904 struct shallow_info *si,
1905 const struct string_list *push_options)
1906 {
1907 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1908 struct command *cmd;
1909 struct iterate_data data;
1910 struct async muxer;
1911 int err_fd = 0;
1912 int run_proc_receive = 0;
1913
1914 if (unpacker_error) {
1915 for (cmd = commands; cmd; cmd = cmd->next)
1916 cmd->error_string = "unpacker error";
1917 return;
1918 }
1919
1920 if (use_sideband) {
1921 memset(&muxer, 0, sizeof(muxer));
1922 muxer.proc = copy_to_sideband;
1923 muxer.in = -1;
1924 if (!start_async(&muxer))
1925 err_fd = muxer.in;
1926 /* ...else, continue without relaying sideband */
1927 }
1928
1929 data.cmds = commands;
1930 data.si = si;
1931 opt.err_fd = err_fd;
1932 opt.progress = err_fd && !quiet;
1933 opt.env = tmp_objdir_env(tmp_objdir);
1934 opt.exclude_hidden_refs_section = "receive";
1935
1936 if (check_connected(iterate_receive_command_list, &data, &opt))
1937 set_connectivity_errors(commands, si);
1938
1939 if (use_sideband)
1940 finish_async(&muxer);
1941
1942 reject_updates_to_hidden(commands);
1943
1944 /*
1945 * Try to find commands that have special prefix in their reference names,
1946 * and mark them to run an external "proc-receive" hook later.
1947 */
1948 if (proc_receive_ref) {
1949 for (cmd = commands; cmd; cmd = cmd->next) {
1950 if (!should_process_cmd(cmd))
1951 continue;
1952
1953 if (proc_receive_ref_matches(cmd)) {
1954 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1955 run_proc_receive = 1;
1956 }
1957 }
1958 }
1959
1960 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1961 for (cmd = commands; cmd; cmd = cmd->next) {
1962 if (!cmd->error_string)
1963 cmd->error_string = "pre-receive hook declined";
1964 }
1965 return;
1966 }
1967
1968 /*
1969 * If there is no command ready to run, should return directly to destroy
1970 * temporary data in the quarantine area.
1971 */
1972 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1973 ; /* nothing */
1974 if (!cmd)
1975 return;
1976
1977 /*
1978 * Now we'll start writing out refs, which means the objects need
1979 * to be in their final positions so that other processes can see them.
1980 */
1981 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1982 for (cmd = commands; cmd; cmd = cmd->next) {
1983 if (!cmd->error_string)
1984 cmd->error_string = "unable to migrate objects to permanent storage";
1985 }
1986 return;
1987 }
1988 tmp_objdir = NULL;
1989
1990 check_aliased_updates(commands);
1991
1992 free(head_name_to_free);
1993 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1994
1995 if (run_proc_receive &&
1996 run_proc_receive_hook(commands, push_options))
1997 for (cmd = commands; cmd; cmd = cmd->next)
1998 if (!cmd->error_string &&
1999 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2000 (cmd->run_proc_receive || use_atomic))
2001 cmd->error_string = "fail to run proc-receive hook";
2002
2003 if (use_atomic)
2004 execute_commands_atomic(commands, si);
2005 else
2006 execute_commands_non_atomic(commands, si);
2007
2008 if (shallow_update)
2009 BUG_if_skipped_connectivity_check(commands, si);
2010 }
2011
2012 static struct command **queue_command(struct command **tail,
2013 const char *line,
2014 int linelen)
2015 {
2016 struct object_id old_oid, new_oid;
2017 struct command *cmd;
2018 const char *refname;
2019 int reflen;
2020 const char *p;
2021
2022 if (parse_oid_hex(line, &old_oid, &p) ||
2023 *p++ != ' ' ||
2024 parse_oid_hex(p, &new_oid, &p) ||
2025 *p++ != ' ')
2026 die("protocol error: expected old/new/ref, got '%s'", line);
2027
2028 refname = p;
2029 reflen = linelen - (p - line);
2030 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2031 oidcpy(&cmd->old_oid, &old_oid);
2032 oidcpy(&cmd->new_oid, &new_oid);
2033 *tail = cmd;
2034 return &cmd->next;
2035 }
2036
2037 static void free_commands(struct command *commands)
2038 {
2039 while (commands) {
2040 struct command *next = commands->next;
2041
2042 free(commands);
2043 commands = next;
2044 }
2045 }
2046
2047 static void queue_commands_from_cert(struct command **tail,
2048 struct strbuf *push_cert)
2049 {
2050 const char *boc, *eoc;
2051
2052 if (*tail)
2053 die("protocol error: got both push certificate and unsigned commands");
2054
2055 boc = strstr(push_cert->buf, "\n\n");
2056 if (!boc)
2057 die("malformed push certificate %.*s", 100, push_cert->buf);
2058 else
2059 boc += 2;
2060 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2061
2062 while (boc < eoc) {
2063 const char *eol = memchr(boc, '\n', eoc - boc);
2064 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2065 boc = eol ? eol + 1 : eoc;
2066 }
2067 }
2068
2069 static struct command *read_head_info(struct packet_reader *reader,
2070 struct oid_array *shallow)
2071 {
2072 struct command *commands = NULL;
2073 struct command **p = &commands;
2074 for (;;) {
2075 int linelen;
2076
2077 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2078 break;
2079
2080 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2081 struct object_id oid;
2082 if (get_oid_hex(reader->line + 8, &oid))
2083 die("protocol error: expected shallow sha, got '%s'",
2084 reader->line + 8);
2085 oid_array_append(shallow, &oid);
2086 continue;
2087 }
2088
2089 linelen = strlen(reader->line);
2090 if (linelen < reader->pktlen) {
2091 const char *feature_list = reader->line + linelen + 1;
2092 const char *hash = NULL;
2093 const char *client_sid;
2094 int len = 0;
2095 if (parse_feature_request(feature_list, "report-status"))
2096 report_status = 1;
2097 if (parse_feature_request(feature_list, "report-status-v2"))
2098 report_status_v2 = 1;
2099 if (parse_feature_request(feature_list, "side-band-64k"))
2100 use_sideband = LARGE_PACKET_MAX;
2101 if (parse_feature_request(feature_list, "quiet"))
2102 quiet = 1;
2103 if (advertise_atomic_push
2104 && parse_feature_request(feature_list, "atomic"))
2105 use_atomic = 1;
2106 if (advertise_push_options
2107 && parse_feature_request(feature_list, "push-options"))
2108 use_push_options = 1;
2109 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2110 if (!hash) {
2111 hash = hash_algos[GIT_HASH_SHA1].name;
2112 len = strlen(hash);
2113 }
2114 if (xstrncmpz(the_hash_algo->name, hash, len))
2115 die("error: unsupported object format '%s'", hash);
2116 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2117 if (client_sid) {
2118 char *sid = xstrndup(client_sid, len);
2119 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2120 free(sid);
2121 }
2122 }
2123
2124 if (!strcmp(reader->line, "push-cert")) {
2125 int true_flush = 0;
2126 int saved_options = reader->options;
2127 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2128
2129 for (;;) {
2130 packet_reader_read(reader);
2131 if (reader->status == PACKET_READ_FLUSH) {
2132 true_flush = 1;
2133 break;
2134 }
2135 if (reader->status != PACKET_READ_NORMAL) {
2136 die("protocol error: got an unexpected packet");
2137 }
2138 if (!strcmp(reader->line, "push-cert-end\n"))
2139 break; /* end of cert */
2140 strbuf_addstr(&push_cert, reader->line);
2141 }
2142 reader->options = saved_options;
2143
2144 if (true_flush)
2145 break;
2146 continue;
2147 }
2148
2149 p = queue_command(p, reader->line, linelen);
2150 }
2151
2152 if (push_cert.len)
2153 queue_commands_from_cert(p, &push_cert);
2154
2155 return commands;
2156 }
2157
2158 static void read_push_options(struct packet_reader *reader,
2159 struct string_list *options)
2160 {
2161 while (1) {
2162 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2163 break;
2164
2165 string_list_append(options, reader->line);
2166 }
2167 }
2168
2169 static const char *parse_pack_header(struct pack_header *hdr)
2170 {
2171 switch (read_pack_header(0, hdr)) {
2172 case PH_ERROR_EOF:
2173 return "eof before pack header was fully read";
2174
2175 case PH_ERROR_PACK_SIGNATURE:
2176 return "protocol error (pack signature mismatch detected)";
2177
2178 case PH_ERROR_PROTOCOL:
2179 return "protocol error (pack version unsupported)";
2180
2181 default:
2182 return "unknown error in parse_pack_header";
2183
2184 case 0:
2185 return NULL;
2186 }
2187 }
2188
2189 static const char *pack_lockfile;
2190
2191 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2192 {
2193 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2194 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2195 }
2196
2197 static const char *unpack(int err_fd, struct shallow_info *si)
2198 {
2199 struct pack_header hdr;
2200 const char *hdr_err;
2201 int status;
2202 struct child_process child = CHILD_PROCESS_INIT;
2203 int fsck_objects = (receive_fsck_objects >= 0
2204 ? receive_fsck_objects
2205 : transfer_fsck_objects >= 0
2206 ? transfer_fsck_objects
2207 : 0);
2208
2209 hdr_err = parse_pack_header(&hdr);
2210 if (hdr_err) {
2211 if (err_fd > 0)
2212 close(err_fd);
2213 return hdr_err;
2214 }
2215
2216 if (si->nr_ours || si->nr_theirs) {
2217 alt_shallow_file = setup_temporary_shallow(si->shallow);
2218 strvec_push(&child.args, "--shallow-file");
2219 strvec_push(&child.args, alt_shallow_file);
2220 }
2221
2222 tmp_objdir = tmp_objdir_create("incoming");
2223 if (!tmp_objdir) {
2224 if (err_fd > 0)
2225 close(err_fd);
2226 return "unable to create temporary object directory";
2227 }
2228 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2229
2230 /*
2231 * Normally we just pass the tmp_objdir environment to the child
2232 * processes that do the heavy lifting, but we may need to see these
2233 * objects ourselves to set up shallow information.
2234 */
2235 tmp_objdir_add_as_alternate(tmp_objdir);
2236
2237 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2238 strvec_push(&child.args, "unpack-objects");
2239 push_header_arg(&child.args, &hdr);
2240 if (quiet)
2241 strvec_push(&child.args, "-q");
2242 if (fsck_objects)
2243 strvec_pushf(&child.args, "--strict%s",
2244 fsck_msg_types.buf);
2245 if (max_input_size)
2246 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2247 (uintmax_t)max_input_size);
2248 child.no_stdout = 1;
2249 child.err = err_fd;
2250 child.git_cmd = 1;
2251 status = run_command(&child);
2252 if (status)
2253 return "unpack-objects abnormal exit";
2254 } else {
2255 char hostname[HOST_NAME_MAX + 1];
2256
2257 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2258 push_header_arg(&child.args, &hdr);
2259
2260 if (xgethostname(hostname, sizeof(hostname)))
2261 xsnprintf(hostname, sizeof(hostname), "localhost");
2262 strvec_pushf(&child.args,
2263 "--keep=receive-pack %"PRIuMAX" on %s",
2264 (uintmax_t)getpid(),
2265 hostname);
2266
2267 if (!quiet && err_fd)
2268 strvec_push(&child.args, "--show-resolving-progress");
2269 if (use_sideband)
2270 strvec_push(&child.args, "--report-end-of-input");
2271 if (fsck_objects)
2272 strvec_pushf(&child.args, "--strict%s",
2273 fsck_msg_types.buf);
2274 if (!reject_thin)
2275 strvec_push(&child.args, "--fix-thin");
2276 if (max_input_size)
2277 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2278 (uintmax_t)max_input_size);
2279 child.out = -1;
2280 child.err = err_fd;
2281 child.git_cmd = 1;
2282 status = start_command(&child);
2283 if (status)
2284 return "index-pack fork failed";
2285 pack_lockfile = index_pack_lockfile(child.out, NULL);
2286 close(child.out);
2287 status = finish_command(&child);
2288 if (status)
2289 return "index-pack abnormal exit";
2290 reprepare_packed_git(the_repository);
2291 }
2292 return NULL;
2293 }
2294
2295 static const char *unpack_with_sideband(struct shallow_info *si)
2296 {
2297 struct async muxer;
2298 const char *ret;
2299
2300 if (!use_sideband)
2301 return unpack(0, si);
2302
2303 use_keepalive = KEEPALIVE_AFTER_NUL;
2304 memset(&muxer, 0, sizeof(muxer));
2305 muxer.proc = copy_to_sideband;
2306 muxer.in = -1;
2307 if (start_async(&muxer))
2308 return NULL;
2309
2310 ret = unpack(muxer.in, si);
2311
2312 finish_async(&muxer);
2313 return ret;
2314 }
2315
2316 static void prepare_shallow_update(struct shallow_info *si)
2317 {
2318 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2319
2320 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2321 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2322
2323 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2324 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2325 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2326
2327 for (i = 0; i < si->nr_ours; i++)
2328 si->need_reachability_test[si->ours[i]] = 1;
2329
2330 for (i = 0; i < si->shallow->nr; i++) {
2331 if (!si->used_shallow[i])
2332 continue;
2333 for (j = 0; j < bitmap_size; j++) {
2334 if (!si->used_shallow[i][j])
2335 continue;
2336 si->need_reachability_test[i]++;
2337 for (k = 0; k < 32; k++)
2338 if (si->used_shallow[i][j] & (1U << k))
2339 si->shallow_ref[j * 32 + k]++;
2340 }
2341
2342 /*
2343 * true for those associated with some refs and belong
2344 * in "ours" list aka "step 7 not done yet"
2345 */
2346 si->need_reachability_test[i] =
2347 si->need_reachability_test[i] > 1;
2348 }
2349
2350 /*
2351 * keep hooks happy by forcing a temporary shallow file via
2352 * env variable because we can't add --shallow-file to every
2353 * command. check_connected() will be done with
2354 * true .git/shallow though.
2355 */
2356 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2357 }
2358
2359 static void update_shallow_info(struct command *commands,
2360 struct shallow_info *si,
2361 struct oid_array *ref)
2362 {
2363 struct command *cmd;
2364 int *ref_status;
2365 remove_nonexistent_theirs_shallow(si);
2366 if (!si->nr_ours && !si->nr_theirs) {
2367 shallow_update = 0;
2368 return;
2369 }
2370
2371 for (cmd = commands; cmd; cmd = cmd->next) {
2372 if (is_null_oid(&cmd->new_oid))
2373 continue;
2374 oid_array_append(ref, &cmd->new_oid);
2375 cmd->index = ref->nr - 1;
2376 }
2377 si->ref = ref;
2378
2379 if (shallow_update) {
2380 prepare_shallow_update(si);
2381 return;
2382 }
2383
2384 ALLOC_ARRAY(ref_status, ref->nr);
2385 assign_shallow_commits_to_refs(si, NULL, ref_status);
2386 for (cmd = commands; cmd; cmd = cmd->next) {
2387 if (is_null_oid(&cmd->new_oid))
2388 continue;
2389 if (ref_status[cmd->index]) {
2390 cmd->error_string = "shallow update not allowed";
2391 cmd->skip_update = 1;
2392 }
2393 }
2394 free(ref_status);
2395 }
2396
2397 static void report(struct command *commands, const char *unpack_status)
2398 {
2399 struct command *cmd;
2400 struct strbuf buf = STRBUF_INIT;
2401
2402 packet_buf_write(&buf, "unpack %s\n",
2403 unpack_status ? unpack_status : "ok");
2404 for (cmd = commands; cmd; cmd = cmd->next) {
2405 if (!cmd->error_string)
2406 packet_buf_write(&buf, "ok %s\n",
2407 cmd->ref_name);
2408 else
2409 packet_buf_write(&buf, "ng %s %s\n",
2410 cmd->ref_name, cmd->error_string);
2411 }
2412 packet_buf_flush(&buf);
2413
2414 if (use_sideband)
2415 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2416 else
2417 write_or_die(1, buf.buf, buf.len);
2418 strbuf_release(&buf);
2419 }
2420
2421 static void report_v2(struct command *commands, const char *unpack_status)
2422 {
2423 struct command *cmd;
2424 struct strbuf buf = STRBUF_INIT;
2425 struct ref_push_report *report;
2426
2427 packet_buf_write(&buf, "unpack %s\n",
2428 unpack_status ? unpack_status : "ok");
2429 for (cmd = commands; cmd; cmd = cmd->next) {
2430 int count = 0;
2431
2432 if (cmd->error_string) {
2433 packet_buf_write(&buf, "ng %s %s\n",
2434 cmd->ref_name,
2435 cmd->error_string);
2436 continue;
2437 }
2438 packet_buf_write(&buf, "ok %s\n",
2439 cmd->ref_name);
2440 for (report = cmd->report; report; report = report->next) {
2441 if (count++ > 0)
2442 packet_buf_write(&buf, "ok %s\n",
2443 cmd->ref_name);
2444 if (report->ref_name)
2445 packet_buf_write(&buf, "option refname %s\n",
2446 report->ref_name);
2447 if (report->old_oid)
2448 packet_buf_write(&buf, "option old-oid %s\n",
2449 oid_to_hex(report->old_oid));
2450 if (report->new_oid)
2451 packet_buf_write(&buf, "option new-oid %s\n",
2452 oid_to_hex(report->new_oid));
2453 if (report->forced_update)
2454 packet_buf_write(&buf, "option forced-update\n");
2455 }
2456 }
2457 packet_buf_flush(&buf);
2458
2459 if (use_sideband)
2460 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2461 else
2462 write_or_die(1, buf.buf, buf.len);
2463 strbuf_release(&buf);
2464 }
2465
2466 static int delete_only(struct command *commands)
2467 {
2468 struct command *cmd;
2469 for (cmd = commands; cmd; cmd = cmd->next) {
2470 if (!is_null_oid(&cmd->new_oid))
2471 return 0;
2472 }
2473 return 1;
2474 }
2475
2476 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2477 {
2478 int advertise_refs = 0;
2479 struct command *commands;
2480 struct oid_array shallow = OID_ARRAY_INIT;
2481 struct oid_array ref = OID_ARRAY_INIT;
2482 struct shallow_info si;
2483 struct packet_reader reader;
2484
2485 struct option options[] = {
2486 OPT__QUIET(&quiet, N_("quiet")),
2487 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2488 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2489 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2490 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2491 OPT_END()
2492 };
2493
2494 packet_trace_identity("receive-pack");
2495
2496 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2497
2498 if (argc > 1)
2499 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2500 if (argc == 0)
2501 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2502
2503 service_dir = argv[0];
2504
2505 setup_path();
2506
2507 if (!enter_repo(service_dir, 0))
2508 die("'%s' does not appear to be a git repository", service_dir);
2509
2510 git_config(receive_pack_config, NULL);
2511 if (cert_nonce_seed)
2512 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2513
2514 if (0 <= transfer_unpack_limit)
2515 unpack_limit = transfer_unpack_limit;
2516 else if (0 <= receive_unpack_limit)
2517 unpack_limit = receive_unpack_limit;
2518
2519 switch (determine_protocol_version_server()) {
2520 case protocol_v2:
2521 /*
2522 * push support for protocol v2 has not been implemented yet,
2523 * so ignore the request to use v2 and fallback to using v0.
2524 */
2525 break;
2526 case protocol_v1:
2527 /*
2528 * v1 is just the original protocol with a version string,
2529 * so just fall through after writing the version string.
2530 */
2531 if (advertise_refs || !stateless_rpc)
2532 packet_write_fmt(1, "version 1\n");
2533
2534 /* fallthrough */
2535 case protocol_v0:
2536 break;
2537 case protocol_unknown_version:
2538 BUG("unknown protocol version");
2539 }
2540
2541 if (advertise_refs || !stateless_rpc) {
2542 write_head_info();
2543 }
2544 if (advertise_refs)
2545 return 0;
2546
2547 packet_reader_init(&reader, 0, NULL, 0,
2548 PACKET_READ_CHOMP_NEWLINE |
2549 PACKET_READ_DIE_ON_ERR_PACKET);
2550
2551 if ((commands = read_head_info(&reader, &shallow))) {
2552 const char *unpack_status = NULL;
2553 struct string_list push_options = STRING_LIST_INIT_DUP;
2554
2555 if (use_push_options)
2556 read_push_options(&reader, &push_options);
2557 if (!check_cert_push_options(&push_options)) {
2558 struct command *cmd;
2559 for (cmd = commands; cmd; cmd = cmd->next)
2560 cmd->error_string = "inconsistent push options";
2561 }
2562
2563 prepare_shallow_info(&si, &shallow);
2564 if (!si.nr_ours && !si.nr_theirs)
2565 shallow_update = 0;
2566 if (!delete_only(commands)) {
2567 unpack_status = unpack_with_sideband(&si);
2568 update_shallow_info(commands, &si, &ref);
2569 }
2570 use_keepalive = KEEPALIVE_ALWAYS;
2571 execute_commands(commands, unpack_status, &si,
2572 &push_options);
2573 if (pack_lockfile)
2574 unlink_or_warn(pack_lockfile);
2575 sigchain_push(SIGPIPE, SIG_IGN);
2576 if (report_status_v2)
2577 report_v2(commands, unpack_status);
2578 else if (report_status)
2579 report(commands, unpack_status);
2580 sigchain_pop(SIGPIPE);
2581 run_receive_hook(commands, "post-receive", 1,
2582 &push_options);
2583 run_update_post_hook(commands);
2584 free_commands(commands);
2585 string_list_clear(&push_options, 0);
2586 if (auto_gc) {
2587 struct child_process proc = CHILD_PROCESS_INIT;
2588
2589 proc.no_stdin = 1;
2590 proc.stdout_to_stderr = 1;
2591 proc.err = use_sideband ? -1 : 0;
2592 proc.git_cmd = proc.close_object_store = 1;
2593 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2594 NULL);
2595
2596 if (!start_command(&proc)) {
2597 if (use_sideband)
2598 copy_to_sideband(proc.err, -1, NULL);
2599 finish_command(&proc);
2600 }
2601 }
2602 if (auto_update_server_info)
2603 update_server_info(0);
2604 clear_shallow_info(&si);
2605 }
2606 if (use_sideband)
2607 packet_flush(1);
2608 oid_array_clear(&shallow);
2609 oid_array_clear(&ref);
2610 string_list_clear(&hidden_refs, 0);
2611 free((void *)push_cert_nonce);
2612 return 0;
2613 }
Unnamed repository; edit this file 'description' to name the repository.