]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'vd/fsck-submodule-url-test'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "environment.h"
6 #include "gettext.h"
7 #include "hex.h"
8 #include "lockfile.h"
9 #include "pack.h"
10 #include "refs.h"
11 #include "pkt-line.h"
12 #include "sideband.h"
13 #include "run-command.h"
14 #include "hook.h"
15 #include "exec-cmd.h"
16 #include "commit.h"
17 #include "object.h"
18 #include "remote.h"
19 #include "connect.h"
20 #include "string-list.h"
21 #include "oid-array.h"
22 #include "connected.h"
23 #include "strvec.h"
24 #include "version.h"
25 #include "gpg-interface.h"
26 #include "sigchain.h"
27 #include "fsck.h"
28 #include "tmp-objdir.h"
29 #include "oidset.h"
30 #include "packfile.h"
31 #include "object-name.h"
32 #include "object-store-ll.h"
33 #include "path.h"
34 #include "protocol.h"
35 #include "commit-reach.h"
36 #include "server-info.h"
37 #include "trace.h"
38 #include "trace2.h"
39 #include "worktree.h"
40 #include "shallow.h"
41 #include "parse-options.h"
42
43 static const char * const receive_pack_usage[] = {
44 N_("git receive-pack <git-dir>"),
45 NULL
46 };
47
48 enum deny_action {
49 DENY_UNCONFIGURED,
50 DENY_IGNORE,
51 DENY_WARN,
52 DENY_REFUSE,
53 DENY_UPDATE_INSTEAD
54 };
55
56 static int deny_deletes;
57 static int deny_non_fast_forwards;
58 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
59 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
60 static int receive_fsck_objects = -1;
61 static int transfer_fsck_objects = -1;
62 static struct strbuf fsck_msg_types = STRBUF_INIT;
63 static int receive_unpack_limit = -1;
64 static int transfer_unpack_limit = -1;
65 static int advertise_atomic_push = 1;
66 static int advertise_push_options;
67 static int advertise_sid;
68 static int unpack_limit = 100;
69 static off_t max_input_size;
70 static int report_status;
71 static int report_status_v2;
72 static int use_sideband;
73 static int use_atomic;
74 static int use_push_options;
75 static int quiet;
76 static int prefer_ofs_delta = 1;
77 static int auto_update_server_info;
78 static int auto_gc = 1;
79 static int reject_thin;
80 static int stateless_rpc;
81 static const char *service_dir;
82 static const char *head_name;
83 static void *head_name_to_free;
84 static int sent_capabilities;
85 static int shallow_update;
86 static const char *alt_shallow_file;
87 static struct strbuf push_cert = STRBUF_INIT;
88 static struct object_id push_cert_oid;
89 static struct signature_check sigcheck;
90 static const char *push_cert_nonce;
91 static const char *cert_nonce_seed;
92 static struct strvec hidden_refs = STRVEC_INIT;
93
94 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
95 static const char *NONCE_BAD = "BAD";
96 static const char *NONCE_MISSING = "MISSING";
97 static const char *NONCE_OK = "OK";
98 static const char *NONCE_SLOP = "SLOP";
99 static const char *nonce_status;
100 static long nonce_stamp_slop;
101 static timestamp_t nonce_stamp_slop_limit;
102 static struct ref_transaction *transaction;
103
104 static enum {
105 KEEPALIVE_NEVER = 0,
106 KEEPALIVE_AFTER_NUL,
107 KEEPALIVE_ALWAYS
108 } use_keepalive;
109 static int keepalive_in_sec = 5;
110
111 static struct tmp_objdir *tmp_objdir;
112
113 static struct proc_receive_ref {
114 unsigned int want_add:1,
115 want_delete:1,
116 want_modify:1,
117 negative_ref:1;
118 char *ref_prefix;
119 struct proc_receive_ref *next;
120 } *proc_receive_ref;
121
122 static void proc_receive_ref_append(const char *prefix);
123
124 static enum deny_action parse_deny_action(const char *var, const char *value)
125 {
126 if (value) {
127 if (!strcasecmp(value, "ignore"))
128 return DENY_IGNORE;
129 if (!strcasecmp(value, "warn"))
130 return DENY_WARN;
131 if (!strcasecmp(value, "refuse"))
132 return DENY_REFUSE;
133 if (!strcasecmp(value, "updateinstead"))
134 return DENY_UPDATE_INSTEAD;
135 }
136 if (git_config_bool(var, value))
137 return DENY_REFUSE;
138 return DENY_IGNORE;
139 }
140
141 static int receive_pack_config(const char *var, const char *value,
142 const struct config_context *ctx, void *cb)
143 {
144 const char *msg_id;
145 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
146
147 if (status)
148 return status;
149
150 if (strcmp(var, "receive.denydeletes") == 0) {
151 deny_deletes = git_config_bool(var, value);
152 return 0;
153 }
154
155 if (strcmp(var, "receive.denynonfastforwards") == 0) {
156 deny_non_fast_forwards = git_config_bool(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "receive.unpacklimit") == 0) {
161 receive_unpack_limit = git_config_int(var, value, ctx->kvi);
162 return 0;
163 }
164
165 if (strcmp(var, "transfer.unpacklimit") == 0) {
166 transfer_unpack_limit = git_config_int(var, value, ctx->kvi);
167 return 0;
168 }
169
170 if (strcmp(var, "receive.fsck.skiplist") == 0) {
171 const char *path;
172
173 if (git_config_pathname(&path, var, value))
174 return 1;
175 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
176 fsck_msg_types.len ? ',' : '=', path);
177 free((char *)path);
178 return 0;
179 }
180
181 if (skip_prefix(var, "receive.fsck.", &msg_id)) {
182 if (!value)
183 return config_error_nonbool(var);
184 if (is_valid_msg_type(msg_id, value))
185 strbuf_addf(&fsck_msg_types, "%c%s=%s",
186 fsck_msg_types.len ? ',' : '=', msg_id, value);
187 else
188 warning("skipping unknown msg id '%s'", msg_id);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.fsckobjects") == 0) {
193 receive_fsck_objects = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "transfer.fsckobjects") == 0) {
198 transfer_fsck_objects = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (!strcmp(var, "receive.denycurrentbranch")) {
203 deny_current_branch = parse_deny_action(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.denydeletecurrent") == 0) {
208 deny_delete_current = parse_deny_action(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
213 prefer_ofs_delta = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.updateserverinfo") == 0) {
218 auto_update_server_info = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.autogc") == 0) {
223 auto_gc = git_config_bool(var, value);
224 return 0;
225 }
226
227 if (strcmp(var, "receive.shallowupdate") == 0) {
228 shallow_update = git_config_bool(var, value);
229 return 0;
230 }
231
232 if (strcmp(var, "receive.certnonceseed") == 0)
233 return git_config_string(&cert_nonce_seed, var, value);
234
235 if (strcmp(var, "receive.certnonceslop") == 0) {
236 nonce_stamp_slop_limit = git_config_ulong(var, value, ctx->kvi);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.advertiseatomic") == 0) {
241 advertise_atomic_push = git_config_bool(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.advertisepushoptions") == 0) {
246 advertise_push_options = git_config_bool(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.keepalive") == 0) {
251 keepalive_in_sec = git_config_int(var, value, ctx->kvi);
252 return 0;
253 }
254
255 if (strcmp(var, "receive.maxinputsize") == 0) {
256 max_input_size = git_config_int64(var, value, ctx->kvi);
257 return 0;
258 }
259
260 if (strcmp(var, "receive.procreceiverefs") == 0) {
261 if (!value)
262 return config_error_nonbool(var);
263 proc_receive_ref_append(value);
264 return 0;
265 }
266
267 if (strcmp(var, "transfer.advertisesid") == 0) {
268 advertise_sid = git_config_bool(var, value);
269 return 0;
270 }
271
272 return git_default_config(var, value, ctx, cb);
273 }
274
275 static void show_ref(const char *path, const struct object_id *oid)
276 {
277 if (sent_capabilities) {
278 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
279 } else {
280 struct strbuf cap = STRBUF_INIT;
281
282 strbuf_addstr(&cap,
283 "report-status report-status-v2 delete-refs side-band-64k quiet");
284 if (advertise_atomic_push)
285 strbuf_addstr(&cap, " atomic");
286 if (prefer_ofs_delta)
287 strbuf_addstr(&cap, " ofs-delta");
288 if (push_cert_nonce)
289 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
290 if (advertise_push_options)
291 strbuf_addstr(&cap, " push-options");
292 if (advertise_sid)
293 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
294 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
295 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
296 packet_write_fmt(1, "%s %s%c%s\n",
297 oid_to_hex(oid), path, 0, cap.buf);
298 strbuf_release(&cap);
299 sent_capabilities = 1;
300 }
301 }
302
303 static int show_ref_cb(const char *path_full, const struct object_id *oid,
304 int flag UNUSED, void *data)
305 {
306 struct oidset *seen = data;
307 const char *path = strip_namespace(path_full);
308
309 if (ref_is_hidden(path, path_full, &hidden_refs))
310 return 0;
311
312 /*
313 * Advertise refs outside our current namespace as ".have"
314 * refs, so that the client can use them to minimize data
315 * transfer but will otherwise ignore them.
316 */
317 if (!path) {
318 if (oidset_insert(seen, oid))
319 return 0;
320 path = ".have";
321 } else {
322 oidset_insert(seen, oid);
323 }
324 show_ref(path, oid);
325 return 0;
326 }
327
328 static void show_one_alternate_ref(const struct object_id *oid,
329 void *data)
330 {
331 struct oidset *seen = data;
332
333 if (oidset_insert(seen, oid))
334 return;
335
336 show_ref(".have", oid);
337 }
338
339 static void write_head_info(void)
340 {
341 static struct oidset seen = OIDSET_INIT;
342
343 refs_for_each_fullref_in(get_main_ref_store(the_repository), "",
344 hidden_refs_to_excludes(&hidden_refs),
345 show_ref_cb, &seen);
346 for_each_alternate_ref(show_one_alternate_ref, &seen);
347 oidset_clear(&seen);
348 if (!sent_capabilities)
349 show_ref("capabilities^{}", null_oid());
350
351 advertise_shallow_grafts(1);
352
353 /* EOF */
354 packet_flush(1);
355 }
356
357 #define RUN_PROC_RECEIVE_SCHEDULED 1
358 #define RUN_PROC_RECEIVE_RETURNED 2
359 struct command {
360 struct command *next;
361 const char *error_string;
362 struct ref_push_report *report;
363 unsigned int skip_update:1,
364 did_not_exist:1,
365 run_proc_receive:2;
366 int index;
367 struct object_id old_oid;
368 struct object_id new_oid;
369 char ref_name[FLEX_ARRAY]; /* more */
370 };
371
372 static void proc_receive_ref_append(const char *prefix)
373 {
374 struct proc_receive_ref *ref_pattern;
375 char *p;
376 int len;
377
378 CALLOC_ARRAY(ref_pattern, 1);
379 p = strchr(prefix, ':');
380 if (p) {
381 while (prefix < p) {
382 if (*prefix == 'a')
383 ref_pattern->want_add = 1;
384 else if (*prefix == 'd')
385 ref_pattern->want_delete = 1;
386 else if (*prefix == 'm')
387 ref_pattern->want_modify = 1;
388 else if (*prefix == '!')
389 ref_pattern->negative_ref = 1;
390 prefix++;
391 }
392 prefix++;
393 } else {
394 ref_pattern->want_add = 1;
395 ref_pattern->want_delete = 1;
396 ref_pattern->want_modify = 1;
397 }
398 len = strlen(prefix);
399 while (len && prefix[len - 1] == '/')
400 len--;
401 ref_pattern->ref_prefix = xmemdupz(prefix, len);
402 if (!proc_receive_ref) {
403 proc_receive_ref = ref_pattern;
404 } else {
405 struct proc_receive_ref *end;
406
407 end = proc_receive_ref;
408 while (end->next)
409 end = end->next;
410 end->next = ref_pattern;
411 }
412 }
413
414 static int proc_receive_ref_matches(struct command *cmd)
415 {
416 struct proc_receive_ref *p;
417
418 if (!proc_receive_ref)
419 return 0;
420
421 for (p = proc_receive_ref; p; p = p->next) {
422 const char *match = p->ref_prefix;
423 const char *remains;
424
425 if (!p->want_add && is_null_oid(&cmd->old_oid))
426 continue;
427 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
428 continue;
429 else if (!p->want_modify &&
430 !is_null_oid(&cmd->old_oid) &&
431 !is_null_oid(&cmd->new_oid))
432 continue;
433
434 if (skip_prefix(cmd->ref_name, match, &remains) &&
435 (!*remains || *remains == '/')) {
436 if (!p->negative_ref)
437 return 1;
438 } else if (p->negative_ref) {
439 return 1;
440 }
441 }
442 return 0;
443 }
444
445 static void report_message(const char *prefix, const char *err, va_list params)
446 {
447 int sz;
448 char msg[4096];
449
450 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
451 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
452 if (sz > (sizeof(msg) - 1))
453 sz = sizeof(msg) - 1;
454 msg[sz++] = '\n';
455
456 if (use_sideband)
457 send_sideband(1, 2, msg, sz, use_sideband);
458 else
459 xwrite(2, msg, sz);
460 }
461
462 __attribute__((format (printf, 1, 2)))
463 static void rp_warning(const char *err, ...)
464 {
465 va_list params;
466 va_start(params, err);
467 report_message("warning: ", err, params);
468 va_end(params);
469 }
470
471 __attribute__((format (printf, 1, 2)))
472 static void rp_error(const char *err, ...)
473 {
474 va_list params;
475 va_start(params, err);
476 report_message("error: ", err, params);
477 va_end(params);
478 }
479
480 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
481 {
482 char data[128];
483 int keepalive_active = 0;
484
485 if (keepalive_in_sec <= 0)
486 use_keepalive = KEEPALIVE_NEVER;
487 if (use_keepalive == KEEPALIVE_ALWAYS)
488 keepalive_active = 1;
489
490 while (1) {
491 ssize_t sz;
492
493 if (keepalive_active) {
494 struct pollfd pfd;
495 int ret;
496
497 pfd.fd = in;
498 pfd.events = POLLIN;
499 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
500
501 if (ret < 0) {
502 if (errno == EINTR)
503 continue;
504 else
505 break;
506 } else if (ret == 0) {
507 /* no data; send a keepalive packet */
508 static const char buf[] = "0005\1";
509 write_or_die(1, buf, sizeof(buf) - 1);
510 continue;
511 } /* else there is actual data to read */
512 }
513
514 sz = xread(in, data, sizeof(data));
515 if (sz <= 0)
516 break;
517
518 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
519 const char *p = memchr(data, '\0', sz);
520 if (p) {
521 /*
522 * The NUL tells us to start sending keepalives. Make
523 * sure we send any other data we read along
524 * with it.
525 */
526 keepalive_active = 1;
527 send_sideband(1, 2, data, p - data, use_sideband);
528 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
529 continue;
530 }
531 }
532
533 /*
534 * Either we're not looking for a NUL signal, or we didn't see
535 * it yet; just pass along the data.
536 */
537 send_sideband(1, 2, data, sz, use_sideband);
538 }
539 close(in);
540 return 0;
541 }
542
543 static void hmac_hash(unsigned char *out,
544 const char *key_in, size_t key_len,
545 const char *text, size_t text_len)
546 {
547 unsigned char key[GIT_MAX_BLKSZ];
548 unsigned char k_ipad[GIT_MAX_BLKSZ];
549 unsigned char k_opad[GIT_MAX_BLKSZ];
550 int i;
551 git_hash_ctx ctx;
552
553 /* RFC 2104 2. (1) */
554 memset(key, '\0', GIT_MAX_BLKSZ);
555 if (the_hash_algo->blksz < key_len) {
556 the_hash_algo->init_fn(&ctx);
557 the_hash_algo->update_fn(&ctx, key_in, key_len);
558 the_hash_algo->final_fn(key, &ctx);
559 } else {
560 memcpy(key, key_in, key_len);
561 }
562
563 /* RFC 2104 2. (2) & (5) */
564 for (i = 0; i < sizeof(key); i++) {
565 k_ipad[i] = key[i] ^ 0x36;
566 k_opad[i] = key[i] ^ 0x5c;
567 }
568
569 /* RFC 2104 2. (3) & (4) */
570 the_hash_algo->init_fn(&ctx);
571 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
572 the_hash_algo->update_fn(&ctx, text, text_len);
573 the_hash_algo->final_fn(out, &ctx);
574
575 /* RFC 2104 2. (6) & (7) */
576 the_hash_algo->init_fn(&ctx);
577 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
578 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
579 the_hash_algo->final_fn(out, &ctx);
580 }
581
582 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
583 {
584 struct strbuf buf = STRBUF_INIT;
585 unsigned char hash[GIT_MAX_RAWSZ];
586
587 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
588 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
589 strbuf_release(&buf);
590
591 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
592 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
593 return strbuf_detach(&buf, NULL);
594 }
595
596 static char *find_header(const char *msg, size_t len, const char *key,
597 const char **next_line)
598 {
599 size_t out_len;
600 const char *val = find_header_mem(msg, len, key, &out_len);
601
602 if (!val)
603 return NULL;
604
605 if (next_line)
606 *next_line = val + out_len + 1;
607
608 return xmemdupz(val, out_len);
609 }
610
611 /*
612 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
613 * This operation is guaranteed to run in constant time to avoid leaking data.
614 */
615 static int constant_memequal(const char *a, const char *b, size_t n)
616 {
617 int res = 0;
618 size_t i;
619
620 for (i = 0; i < n; i++)
621 res |= a[i] ^ b[i];
622 return res;
623 }
624
625 static const char *check_nonce(const char *buf, size_t len)
626 {
627 char *nonce = find_header(buf, len, "nonce", NULL);
628 timestamp_t stamp, ostamp;
629 char *bohmac, *expect = NULL;
630 const char *retval = NONCE_BAD;
631 size_t noncelen;
632
633 if (!nonce) {
634 retval = NONCE_MISSING;
635 goto leave;
636 } else if (!push_cert_nonce) {
637 retval = NONCE_UNSOLICITED;
638 goto leave;
639 } else if (!strcmp(push_cert_nonce, nonce)) {
640 retval = NONCE_OK;
641 goto leave;
642 }
643
644 if (!stateless_rpc) {
645 /* returned nonce MUST match what we gave out earlier */
646 retval = NONCE_BAD;
647 goto leave;
648 }
649
650 /*
651 * In stateless mode, we may be receiving a nonce issued by
652 * another instance of the server that serving the same
653 * repository, and the timestamps may not match, but the
654 * nonce-seed and dir should match, so we can recompute and
655 * report the time slop.
656 *
657 * In addition, when a nonce issued by another instance has
658 * timestamp within receive.certnonceslop seconds, we pretend
659 * as if we issued that nonce when reporting to the hook.
660 */
661
662 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
663 if (*nonce <= '0' || '9' < *nonce) {
664 retval = NONCE_BAD;
665 goto leave;
666 }
667 stamp = parse_timestamp(nonce, &bohmac, 10);
668 if (bohmac == nonce || bohmac[0] != '-') {
669 retval = NONCE_BAD;
670 goto leave;
671 }
672
673 noncelen = strlen(nonce);
674 expect = prepare_push_cert_nonce(service_dir, stamp);
675 if (noncelen != strlen(expect)) {
676 /* This is not even the right size. */
677 retval = NONCE_BAD;
678 goto leave;
679 }
680 if (constant_memequal(expect, nonce, noncelen)) {
681 /* Not what we would have signed earlier */
682 retval = NONCE_BAD;
683 goto leave;
684 }
685
686 /*
687 * By how many seconds is this nonce stale? Negative value
688 * would mean it was issued by another server with its clock
689 * skewed in the future.
690 */
691 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
692 nonce_stamp_slop = (long)ostamp - (long)stamp;
693
694 if (nonce_stamp_slop_limit &&
695 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
696 /*
697 * Pretend as if the received nonce (which passes the
698 * HMAC check, so it is not a forged by third-party)
699 * is what we issued.
700 */
701 free((void *)push_cert_nonce);
702 push_cert_nonce = xstrdup(nonce);
703 retval = NONCE_OK;
704 } else {
705 retval = NONCE_SLOP;
706 }
707
708 leave:
709 free(nonce);
710 free(expect);
711 return retval;
712 }
713
714 /*
715 * Return 1 if there is no push_cert or if the push options in push_cert are
716 * the same as those in the argument; 0 otherwise.
717 */
718 static int check_cert_push_options(const struct string_list *push_options)
719 {
720 const char *buf = push_cert.buf;
721 int len = push_cert.len;
722
723 char *option;
724 const char *next_line;
725 int options_seen = 0;
726
727 int retval = 1;
728
729 if (!len)
730 return 1;
731
732 while ((option = find_header(buf, len, "push-option", &next_line))) {
733 len -= (next_line - buf);
734 buf = next_line;
735 options_seen++;
736 if (options_seen > push_options->nr
737 || strcmp(option,
738 push_options->items[options_seen - 1].string)) {
739 retval = 0;
740 goto leave;
741 }
742 free(option);
743 }
744
745 if (options_seen != push_options->nr)
746 retval = 0;
747
748 leave:
749 free(option);
750 return retval;
751 }
752
753 static void prepare_push_cert_sha1(struct child_process *proc)
754 {
755 static int already_done;
756
757 if (!push_cert.len)
758 return;
759
760 if (!already_done) {
761 int bogs /* beginning_of_gpg_sig */;
762
763 already_done = 1;
764 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
765 &push_cert_oid))
766 oidclr(&push_cert_oid);
767
768 memset(&sigcheck, '\0', sizeof(sigcheck));
769
770 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
771 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
772 sigcheck.payload_len = bogs;
773 check_signature(&sigcheck, push_cert.buf + bogs,
774 push_cert.len - bogs);
775
776 nonce_status = check_nonce(push_cert.buf, bogs);
777 }
778 if (!is_null_oid(&push_cert_oid)) {
779 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
780 oid_to_hex(&push_cert_oid));
781 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
782 sigcheck.signer ? sigcheck.signer : "");
783 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
784 sigcheck.key ? sigcheck.key : "");
785 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
786 sigcheck.result);
787 if (push_cert_nonce) {
788 strvec_pushf(&proc->env,
789 "GIT_PUSH_CERT_NONCE=%s",
790 push_cert_nonce);
791 strvec_pushf(&proc->env,
792 "GIT_PUSH_CERT_NONCE_STATUS=%s",
793 nonce_status);
794 if (nonce_status == NONCE_SLOP)
795 strvec_pushf(&proc->env,
796 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
797 nonce_stamp_slop);
798 }
799 }
800 }
801
802 struct receive_hook_feed_state {
803 struct command *cmd;
804 struct ref_push_report *report;
805 int skip_broken;
806 struct strbuf buf;
807 const struct string_list *push_options;
808 };
809
810 typedef int (*feed_fn)(void *, const char **, size_t *);
811 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
812 struct receive_hook_feed_state *feed_state)
813 {
814 struct child_process proc = CHILD_PROCESS_INIT;
815 struct async muxer;
816 int code;
817 const char *hook_path = find_hook(hook_name);
818
819 if (!hook_path)
820 return 0;
821
822 strvec_push(&proc.args, hook_path);
823 proc.in = -1;
824 proc.stdout_to_stderr = 1;
825 proc.trace2_hook_name = hook_name;
826
827 if (feed_state->push_options) {
828 size_t i;
829 for (i = 0; i < feed_state->push_options->nr; i++)
830 strvec_pushf(&proc.env,
831 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
832 (uintmax_t)i,
833 feed_state->push_options->items[i].string);
834 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
835 (uintmax_t)feed_state->push_options->nr);
836 } else
837 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
838
839 if (tmp_objdir)
840 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
841
842 if (use_sideband) {
843 memset(&muxer, 0, sizeof(muxer));
844 muxer.proc = copy_to_sideband;
845 muxer.in = -1;
846 code = start_async(&muxer);
847 if (code)
848 return code;
849 proc.err = muxer.in;
850 }
851
852 prepare_push_cert_sha1(&proc);
853
854 code = start_command(&proc);
855 if (code) {
856 if (use_sideband)
857 finish_async(&muxer);
858 return code;
859 }
860
861 sigchain_push(SIGPIPE, SIG_IGN);
862
863 while (1) {
864 const char *buf;
865 size_t n;
866 if (feed(feed_state, &buf, &n))
867 break;
868 if (write_in_full(proc.in, buf, n) < 0)
869 break;
870 }
871 close(proc.in);
872 if (use_sideband)
873 finish_async(&muxer);
874
875 sigchain_pop(SIGPIPE);
876
877 return finish_command(&proc);
878 }
879
880 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
881 {
882 struct receive_hook_feed_state *state = state_;
883 struct command *cmd = state->cmd;
884
885 while (cmd &&
886 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
887 cmd = cmd->next;
888 if (!cmd)
889 return -1; /* EOF */
890 if (!bufp)
891 return 0; /* OK, can feed something. */
892 strbuf_reset(&state->buf);
893 if (!state->report)
894 state->report = cmd->report;
895 if (state->report) {
896 struct object_id *old_oid;
897 struct object_id *new_oid;
898 const char *ref_name;
899
900 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
901 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
902 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
903 strbuf_addf(&state->buf, "%s %s %s\n",
904 oid_to_hex(old_oid), oid_to_hex(new_oid),
905 ref_name);
906 state->report = state->report->next;
907 if (!state->report)
908 state->cmd = cmd->next;
909 } else {
910 strbuf_addf(&state->buf, "%s %s %s\n",
911 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
912 cmd->ref_name);
913 state->cmd = cmd->next;
914 }
915 if (bufp) {
916 *bufp = state->buf.buf;
917 *sizep = state->buf.len;
918 }
919 return 0;
920 }
921
922 static int run_receive_hook(struct command *commands,
923 const char *hook_name,
924 int skip_broken,
925 const struct string_list *push_options)
926 {
927 struct receive_hook_feed_state state;
928 int status;
929
930 strbuf_init(&state.buf, 0);
931 state.cmd = commands;
932 state.skip_broken = skip_broken;
933 state.report = NULL;
934 if (feed_receive_hook(&state, NULL, NULL))
935 return 0;
936 state.cmd = commands;
937 state.push_options = push_options;
938 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
939 strbuf_release(&state.buf);
940 return status;
941 }
942
943 static int run_update_hook(struct command *cmd)
944 {
945 struct child_process proc = CHILD_PROCESS_INIT;
946 int code;
947 const char *hook_path = find_hook("update");
948
949 if (!hook_path)
950 return 0;
951
952 strvec_push(&proc.args, hook_path);
953 strvec_push(&proc.args, cmd->ref_name);
954 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
955 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
956
957 proc.no_stdin = 1;
958 proc.stdout_to_stderr = 1;
959 proc.err = use_sideband ? -1 : 0;
960 proc.trace2_hook_name = "update";
961
962 code = start_command(&proc);
963 if (code)
964 return code;
965 if (use_sideband)
966 copy_to_sideband(proc.err, -1, NULL);
967 return finish_command(&proc);
968 }
969
970 static struct command *find_command_by_refname(struct command *list,
971 const char *refname)
972 {
973 for (; list; list = list->next)
974 if (!strcmp(list->ref_name, refname))
975 return list;
976 return NULL;
977 }
978
979 static int read_proc_receive_report(struct packet_reader *reader,
980 struct command *commands,
981 struct strbuf *errmsg)
982 {
983 struct command *cmd;
984 struct command *hint = NULL;
985 struct ref_push_report *report = NULL;
986 int new_report = 0;
987 int code = 0;
988 int once = 0;
989 int response = 0;
990
991 for (;;) {
992 struct object_id old_oid, new_oid;
993 const char *head;
994 const char *refname;
995 char *p;
996 enum packet_read_status status;
997
998 status = packet_reader_read(reader);
999 if (status != PACKET_READ_NORMAL) {
1000 /* Check whether proc-receive exited abnormally */
1001 if (status == PACKET_READ_EOF && !response) {
1002 strbuf_addstr(errmsg, "proc-receive exited abnormally");
1003 return -1;
1004 }
1005 break;
1006 }
1007 response++;
1008
1009 head = reader->line;
1010 p = strchr(head, ' ');
1011 if (!p) {
1012 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1013 code = -1;
1014 continue;
1015 }
1016 *p++ = '\0';
1017 if (!strcmp(head, "option")) {
1018 const char *key, *val;
1019
1020 if (!hint || !(report || new_report)) {
1021 if (!once++)
1022 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1023 code = -1;
1024 continue;
1025 }
1026 if (new_report) {
1027 if (!hint->report) {
1028 CALLOC_ARRAY(hint->report, 1);
1029 report = hint->report;
1030 } else {
1031 report = hint->report;
1032 while (report->next)
1033 report = report->next;
1034 report->next = xcalloc(1, sizeof(struct ref_push_report));
1035 report = report->next;
1036 }
1037 new_report = 0;
1038 }
1039 key = p;
1040 p = strchr(key, ' ');
1041 if (p)
1042 *p++ = '\0';
1043 val = p;
1044 if (!strcmp(key, "refname"))
1045 report->ref_name = xstrdup_or_null(val);
1046 else if (!strcmp(key, "old-oid") && val &&
1047 !parse_oid_hex(val, &old_oid, &val))
1048 report->old_oid = oiddup(&old_oid);
1049 else if (!strcmp(key, "new-oid") && val &&
1050 !parse_oid_hex(val, &new_oid, &val))
1051 report->new_oid = oiddup(&new_oid);
1052 else if (!strcmp(key, "forced-update"))
1053 report->forced_update = 1;
1054 else if (!strcmp(key, "fall-through"))
1055 /* Fall through, let 'receive-pack' to execute it. */
1056 hint->run_proc_receive = 0;
1057 continue;
1058 }
1059
1060 report = NULL;
1061 new_report = 0;
1062 refname = p;
1063 p = strchr(refname, ' ');
1064 if (p)
1065 *p++ = '\0';
1066 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1067 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1068 head, refname);
1069 code = -1;
1070 continue;
1071 }
1072
1073 /* first try searching at our hint, falling back to all refs */
1074 if (hint)
1075 hint = find_command_by_refname(hint, refname);
1076 if (!hint)
1077 hint = find_command_by_refname(commands, refname);
1078 if (!hint) {
1079 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1080 refname);
1081 code = -1;
1082 continue;
1083 }
1084 if (!hint->run_proc_receive) {
1085 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1086 refname);
1087 code = -1;
1088 continue;
1089 }
1090 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1091 if (!strcmp(head, "ng")) {
1092 if (p)
1093 hint->error_string = xstrdup(p);
1094 else
1095 hint->error_string = "failed";
1096 code = -1;
1097 continue;
1098 }
1099 new_report = 1;
1100 }
1101
1102 for (cmd = commands; cmd; cmd = cmd->next)
1103 if (cmd->run_proc_receive && !cmd->error_string &&
1104 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1105 cmd->error_string = "proc-receive failed to report status";
1106 code = -1;
1107 }
1108 return code;
1109 }
1110
1111 static int run_proc_receive_hook(struct command *commands,
1112 const struct string_list *push_options)
1113 {
1114 struct child_process proc = CHILD_PROCESS_INIT;
1115 struct async muxer;
1116 struct command *cmd;
1117 struct packet_reader reader;
1118 struct strbuf cap = STRBUF_INIT;
1119 struct strbuf errmsg = STRBUF_INIT;
1120 int hook_use_push_options = 0;
1121 int version = 0;
1122 int code;
1123 const char *hook_path = find_hook("proc-receive");
1124
1125 if (!hook_path) {
1126 rp_error("cannot find hook 'proc-receive'");
1127 return -1;
1128 }
1129
1130 strvec_push(&proc.args, hook_path);
1131 proc.in = -1;
1132 proc.out = -1;
1133 proc.trace2_hook_name = "proc-receive";
1134
1135 if (use_sideband) {
1136 memset(&muxer, 0, sizeof(muxer));
1137 muxer.proc = copy_to_sideband;
1138 muxer.in = -1;
1139 code = start_async(&muxer);
1140 if (code)
1141 return code;
1142 proc.err = muxer.in;
1143 } else {
1144 proc.err = 0;
1145 }
1146
1147 code = start_command(&proc);
1148 if (code) {
1149 if (use_sideband)
1150 finish_async(&muxer);
1151 return code;
1152 }
1153
1154 sigchain_push(SIGPIPE, SIG_IGN);
1155
1156 /* Version negotiaton */
1157 packet_reader_init(&reader, proc.out, NULL, 0,
1158 PACKET_READ_CHOMP_NEWLINE |
1159 PACKET_READ_GENTLE_ON_EOF);
1160 if (use_atomic)
1161 strbuf_addstr(&cap, " atomic");
1162 if (use_push_options)
1163 strbuf_addstr(&cap, " push-options");
1164 if (cap.len) {
1165 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1166 strbuf_release(&cap);
1167 } else {
1168 code = packet_write_fmt_gently(proc.in, "version=1\n");
1169 }
1170 if (!code)
1171 code = packet_flush_gently(proc.in);
1172
1173 if (!code)
1174 for (;;) {
1175 int linelen;
1176 enum packet_read_status status;
1177
1178 status = packet_reader_read(&reader);
1179 if (status != PACKET_READ_NORMAL) {
1180 /* Check whether proc-receive exited abnormally */
1181 if (status == PACKET_READ_EOF)
1182 code = -1;
1183 break;
1184 }
1185
1186 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1187 version = atoi(reader.line + 8);
1188 linelen = strlen(reader.line);
1189 if (linelen < reader.pktlen) {
1190 const char *feature_list = reader.line + linelen + 1;
1191 if (parse_feature_request(feature_list, "push-options"))
1192 hook_use_push_options = 1;
1193 }
1194 }
1195 }
1196
1197 if (code) {
1198 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1199 goto cleanup;
1200 }
1201
1202 switch (version) {
1203 case 0:
1204 /* fallthrough */
1205 case 1:
1206 break;
1207 default:
1208 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1209 version);
1210 code = -1;
1211 goto cleanup;
1212 }
1213
1214 /* Send commands */
1215 for (cmd = commands; cmd; cmd = cmd->next) {
1216 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1217 continue;
1218 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1219 oid_to_hex(&cmd->old_oid),
1220 oid_to_hex(&cmd->new_oid),
1221 cmd->ref_name);
1222 if (code)
1223 break;
1224 }
1225 if (!code)
1226 code = packet_flush_gently(proc.in);
1227 if (code) {
1228 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1229 goto cleanup;
1230 }
1231
1232 /* Send push options */
1233 if (hook_use_push_options) {
1234 struct string_list_item *item;
1235
1236 for_each_string_list_item(item, push_options) {
1237 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1238 if (code)
1239 break;
1240 }
1241 if (!code)
1242 code = packet_flush_gently(proc.in);
1243 if (code) {
1244 strbuf_addstr(&errmsg,
1245 "fail to write push-options to proc-receive hook");
1246 goto cleanup;
1247 }
1248 }
1249
1250 /* Read result from proc-receive */
1251 code = read_proc_receive_report(&reader, commands, &errmsg);
1252
1253 cleanup:
1254 close(proc.in);
1255 close(proc.out);
1256 if (use_sideband)
1257 finish_async(&muxer);
1258 if (finish_command(&proc))
1259 code = -1;
1260 if (errmsg.len >0) {
1261 char *p = errmsg.buf;
1262
1263 p += errmsg.len - 1;
1264 if (*p == '\n')
1265 *p = '\0';
1266 rp_error("%s", errmsg.buf);
1267 strbuf_release(&errmsg);
1268 }
1269 sigchain_pop(SIGPIPE);
1270
1271 return code;
1272 }
1273
1274 static char *refuse_unconfigured_deny_msg =
1275 N_("By default, updating the current branch in a non-bare repository\n"
1276 "is denied, because it will make the index and work tree inconsistent\n"
1277 "with what you pushed, and will require 'git reset --hard' to match\n"
1278 "the work tree to HEAD.\n"
1279 "\n"
1280 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1281 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1282 "its current branch; however, this is not recommended unless you\n"
1283 "arranged to update its work tree to match what you pushed in some\n"
1284 "other way.\n"
1285 "\n"
1286 "To squelch this message and still keep the default behaviour, set\n"
1287 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1288
1289 static void refuse_unconfigured_deny(void)
1290 {
1291 rp_error("%s", _(refuse_unconfigured_deny_msg));
1292 }
1293
1294 static char *refuse_unconfigured_deny_delete_current_msg =
1295 N_("By default, deleting the current branch is denied, because the next\n"
1296 "'git clone' won't result in any file checked out, causing confusion.\n"
1297 "\n"
1298 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1299 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1300 "current branch, with or without a warning message.\n"
1301 "\n"
1302 "To squelch this message, you can set it to 'refuse'.");
1303
1304 static void refuse_unconfigured_deny_delete_current(void)
1305 {
1306 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1307 }
1308
1309 static const struct object_id *command_singleton_iterator(void *cb_data);
1310 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1311 {
1312 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1313 struct oid_array extra = OID_ARRAY_INIT;
1314 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1315 uint32_t mask = 1 << (cmd->index % 32);
1316 int i;
1317
1318 trace_printf_key(&trace_shallow,
1319 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1320 for (i = 0; i < si->shallow->nr; i++)
1321 if (si->used_shallow[i] &&
1322 (si->used_shallow[i][cmd->index / 32] & mask) &&
1323 !delayed_reachability_test(si, i))
1324 oid_array_append(&extra, &si->shallow->oid[i]);
1325
1326 opt.env = tmp_objdir_env(tmp_objdir);
1327 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1328 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1329 rollback_shallow_file(the_repository, &shallow_lock);
1330 oid_array_clear(&extra);
1331 return -1;
1332 }
1333
1334 commit_shallow_file(the_repository, &shallow_lock);
1335
1336 /*
1337 * Make sure setup_alternate_shallow() for the next ref does
1338 * not lose these new roots..
1339 */
1340 for (i = 0; i < extra.nr; i++)
1341 register_shallow(the_repository, &extra.oid[i]);
1342
1343 si->shallow_ref[cmd->index] = 0;
1344 oid_array_clear(&extra);
1345 return 0;
1346 }
1347
1348 /*
1349 * NEEDSWORK: we should consolidate various implementions of "are we
1350 * on an unborn branch?" test into one, and make the unified one more
1351 * robust. !get_sha1() based check used here and elsewhere would not
1352 * allow us to tell an unborn branch from corrupt ref, for example.
1353 * For the purpose of fixing "deploy-to-update does not work when
1354 * pushing into an empty repository" issue, this should suffice for
1355 * now.
1356 */
1357 static int head_has_history(void)
1358 {
1359 struct object_id oid;
1360
1361 return !repo_get_oid(the_repository, "HEAD", &oid);
1362 }
1363
1364 static const char *push_to_deploy(unsigned char *sha1,
1365 struct strvec *env,
1366 const char *work_tree)
1367 {
1368 struct child_process child = CHILD_PROCESS_INIT;
1369
1370 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1371 "--refresh", NULL);
1372 strvec_pushv(&child.env, env->v);
1373 child.dir = work_tree;
1374 child.no_stdin = 1;
1375 child.stdout_to_stderr = 1;
1376 child.git_cmd = 1;
1377 if (run_command(&child))
1378 return "Up-to-date check failed";
1379
1380 /* run_command() does not clean up completely; reinitialize */
1381 child_process_init(&child);
1382 strvec_pushl(&child.args, "diff-files", "--quiet",
1383 "--ignore-submodules", "--", NULL);
1384 strvec_pushv(&child.env, env->v);
1385 child.dir = work_tree;
1386 child.no_stdin = 1;
1387 child.stdout_to_stderr = 1;
1388 child.git_cmd = 1;
1389 if (run_command(&child))
1390 return "Working directory has unstaged changes";
1391
1392 child_process_init(&child);
1393 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1394 "--ignore-submodules",
1395 /* diff-index with either HEAD or an empty tree */
1396 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1397 "--", NULL);
1398 strvec_pushv(&child.env, env->v);
1399 child.no_stdin = 1;
1400 child.no_stdout = 1;
1401 child.stdout_to_stderr = 0;
1402 child.git_cmd = 1;
1403 if (run_command(&child))
1404 return "Working directory has staged changes";
1405
1406 child_process_init(&child);
1407 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1408 NULL);
1409 strvec_pushv(&child.env, env->v);
1410 child.dir = work_tree;
1411 child.no_stdin = 1;
1412 child.no_stdout = 1;
1413 child.stdout_to_stderr = 0;
1414 child.git_cmd = 1;
1415 if (run_command(&child))
1416 return "Could not update working tree to new HEAD";
1417
1418 return NULL;
1419 }
1420
1421 static const char *push_to_checkout_hook = "push-to-checkout";
1422
1423 static const char *push_to_checkout(unsigned char *hash,
1424 int *invoked_hook,
1425 struct strvec *env,
1426 const char *work_tree)
1427 {
1428 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1429 opt.invoked_hook = invoked_hook;
1430
1431 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1432 strvec_pushv(&opt.env, env->v);
1433 strvec_push(&opt.args, hash_to_hex(hash));
1434 if (run_hooks_opt(push_to_checkout_hook, &opt))
1435 return "push-to-checkout hook declined";
1436 else
1437 return NULL;
1438 }
1439
1440 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1441 {
1442 const char *retval, *git_dir;
1443 struct strvec env = STRVEC_INIT;
1444 int invoked_hook;
1445
1446 if (!worktree || !worktree->path)
1447 BUG("worktree->path must be non-NULL");
1448
1449 if (worktree->is_bare)
1450 return "denyCurrentBranch = updateInstead needs a worktree";
1451 git_dir = get_worktree_git_dir(worktree);
1452
1453 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1454
1455 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1456 if (!invoked_hook)
1457 retval = push_to_deploy(sha1, &env, worktree->path);
1458
1459 strvec_clear(&env);
1460 return retval;
1461 }
1462
1463 static const char *update(struct command *cmd, struct shallow_info *si)
1464 {
1465 const char *name = cmd->ref_name;
1466 struct strbuf namespaced_name_buf = STRBUF_INIT;
1467 static char *namespaced_name;
1468 const char *ret;
1469 struct object_id *old_oid = &cmd->old_oid;
1470 struct object_id *new_oid = &cmd->new_oid;
1471 int do_update_worktree = 0;
1472 struct worktree **worktrees = get_worktrees();
1473 const struct worktree *worktree =
1474 find_shared_symref(worktrees, "HEAD", name);
1475
1476 /* only refs/... are allowed */
1477 if (!starts_with(name, "refs/") ||
1478 check_refname_format(name + 5, is_null_oid(new_oid) ?
1479 REFNAME_ALLOW_ONELEVEL : 0)) {
1480 rp_error("refusing to update funny ref '%s' remotely", name);
1481 ret = "funny refname";
1482 goto out;
1483 }
1484
1485 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1486 free(namespaced_name);
1487 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1488
1489 if (worktree && !worktree->is_bare) {
1490 switch (deny_current_branch) {
1491 case DENY_IGNORE:
1492 break;
1493 case DENY_WARN:
1494 rp_warning("updating the current branch");
1495 break;
1496 case DENY_REFUSE:
1497 case DENY_UNCONFIGURED:
1498 rp_error("refusing to update checked out branch: %s", name);
1499 if (deny_current_branch == DENY_UNCONFIGURED)
1500 refuse_unconfigured_deny();
1501 ret = "branch is currently checked out";
1502 goto out;
1503 case DENY_UPDATE_INSTEAD:
1504 /* pass -- let other checks intervene first */
1505 do_update_worktree = 1;
1506 break;
1507 }
1508 }
1509
1510 if (!is_null_oid(new_oid) && !repo_has_object_file(the_repository, new_oid)) {
1511 error("unpack should have generated %s, "
1512 "but I can't find it!", oid_to_hex(new_oid));
1513 ret = "bad pack";
1514 goto out;
1515 }
1516
1517 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1518 if (deny_deletes && starts_with(name, "refs/heads/")) {
1519 rp_error("denying ref deletion for %s", name);
1520 ret = "deletion prohibited";
1521 goto out;
1522 }
1523
1524 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1525 switch (deny_delete_current) {
1526 case DENY_IGNORE:
1527 break;
1528 case DENY_WARN:
1529 rp_warning("deleting the current branch");
1530 break;
1531 case DENY_REFUSE:
1532 case DENY_UNCONFIGURED:
1533 case DENY_UPDATE_INSTEAD:
1534 if (deny_delete_current == DENY_UNCONFIGURED)
1535 refuse_unconfigured_deny_delete_current();
1536 rp_error("refusing to delete the current branch: %s", name);
1537 ret = "deletion of the current branch prohibited";
1538 goto out;
1539 default:
1540 ret = "Invalid denyDeleteCurrent setting";
1541 goto out;
1542 }
1543 }
1544 }
1545
1546 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1547 !is_null_oid(old_oid) &&
1548 starts_with(name, "refs/heads/")) {
1549 struct object *old_object, *new_object;
1550 struct commit *old_commit, *new_commit;
1551
1552 old_object = parse_object(the_repository, old_oid);
1553 new_object = parse_object(the_repository, new_oid);
1554
1555 if (!old_object || !new_object ||
1556 old_object->type != OBJ_COMMIT ||
1557 new_object->type != OBJ_COMMIT) {
1558 error("bad sha1 objects for %s", name);
1559 ret = "bad ref";
1560 goto out;
1561 }
1562 old_commit = (struct commit *)old_object;
1563 new_commit = (struct commit *)new_object;
1564 if (!repo_in_merge_bases(the_repository, old_commit, new_commit)) {
1565 rp_error("denying non-fast-forward %s"
1566 " (you should pull first)", name);
1567 ret = "non-fast-forward";
1568 goto out;
1569 }
1570 }
1571 if (run_update_hook(cmd)) {
1572 rp_error("hook declined to update %s", name);
1573 ret = "hook declined";
1574 goto out;
1575 }
1576
1577 if (do_update_worktree) {
1578 ret = update_worktree(new_oid->hash, worktree);
1579 if (ret)
1580 goto out;
1581 }
1582
1583 if (is_null_oid(new_oid)) {
1584 struct strbuf err = STRBUF_INIT;
1585 if (!parse_object(the_repository, old_oid)) {
1586 old_oid = NULL;
1587 if (ref_exists(name)) {
1588 rp_warning("allowing deletion of corrupt ref");
1589 } else {
1590 rp_warning("deleting a non-existent ref");
1591 cmd->did_not_exist = 1;
1592 }
1593 }
1594 if (ref_transaction_delete(transaction,
1595 namespaced_name,
1596 old_oid,
1597 0, "push", &err)) {
1598 rp_error("%s", err.buf);
1599 ret = "failed to delete";
1600 } else {
1601 ret = NULL; /* good */
1602 }
1603 strbuf_release(&err);
1604 }
1605 else {
1606 struct strbuf err = STRBUF_INIT;
1607 if (shallow_update && si->shallow_ref[cmd->index] &&
1608 update_shallow_ref(cmd, si)) {
1609 ret = "shallow error";
1610 goto out;
1611 }
1612
1613 if (ref_transaction_update(transaction,
1614 namespaced_name,
1615 new_oid, old_oid,
1616 0, "push",
1617 &err)) {
1618 rp_error("%s", err.buf);
1619 ret = "failed to update ref";
1620 } else {
1621 ret = NULL; /* good */
1622 }
1623 strbuf_release(&err);
1624 }
1625
1626 out:
1627 free_worktrees(worktrees);
1628 return ret;
1629 }
1630
1631 static void run_update_post_hook(struct command *commands)
1632 {
1633 struct command *cmd;
1634 struct child_process proc = CHILD_PROCESS_INIT;
1635 const char *hook;
1636
1637 hook = find_hook("post-update");
1638 if (!hook)
1639 return;
1640
1641 for (cmd = commands; cmd; cmd = cmd->next) {
1642 if (cmd->error_string || cmd->did_not_exist)
1643 continue;
1644 if (!proc.args.nr)
1645 strvec_push(&proc.args, hook);
1646 strvec_push(&proc.args, cmd->ref_name);
1647 }
1648 if (!proc.args.nr)
1649 return;
1650
1651 proc.no_stdin = 1;
1652 proc.stdout_to_stderr = 1;
1653 proc.err = use_sideband ? -1 : 0;
1654 proc.trace2_hook_name = "post-update";
1655
1656 if (!start_command(&proc)) {
1657 if (use_sideband)
1658 copy_to_sideband(proc.err, -1, NULL);
1659 finish_command(&proc);
1660 }
1661 }
1662
1663 static void check_aliased_update_internal(struct command *cmd,
1664 struct string_list *list,
1665 const char *dst_name, int flag)
1666 {
1667 struct string_list_item *item;
1668 struct command *dst_cmd;
1669
1670 if (!(flag & REF_ISSYMREF))
1671 return;
1672
1673 if (!dst_name) {
1674 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1675 cmd->skip_update = 1;
1676 cmd->error_string = "broken symref";
1677 return;
1678 }
1679 dst_name = strip_namespace(dst_name);
1680
1681 if (!(item = string_list_lookup(list, dst_name)))
1682 return;
1683
1684 cmd->skip_update = 1;
1685
1686 dst_cmd = (struct command *) item->util;
1687
1688 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1689 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1690 return;
1691
1692 dst_cmd->skip_update = 1;
1693
1694 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1695 " its target '%s' (%s..%s)",
1696 cmd->ref_name,
1697 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1698 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1699 dst_cmd->ref_name,
1700 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1701 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1702
1703 cmd->error_string = dst_cmd->error_string =
1704 "inconsistent aliased update";
1705 }
1706
1707 static void check_aliased_update(struct command *cmd, struct string_list *list)
1708 {
1709 struct strbuf buf = STRBUF_INIT;
1710 const char *dst_name;
1711 int flag;
1712
1713 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1714 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1715 check_aliased_update_internal(cmd, list, dst_name, flag);
1716 strbuf_release(&buf);
1717 }
1718
1719 static void check_aliased_updates(struct command *commands)
1720 {
1721 struct command *cmd;
1722 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1723
1724 for (cmd = commands; cmd; cmd = cmd->next) {
1725 struct string_list_item *item =
1726 string_list_append(&ref_list, cmd->ref_name);
1727 item->util = (void *)cmd;
1728 }
1729 string_list_sort(&ref_list);
1730
1731 for (cmd = commands; cmd; cmd = cmd->next) {
1732 if (!cmd->error_string)
1733 check_aliased_update(cmd, &ref_list);
1734 }
1735
1736 string_list_clear(&ref_list, 0);
1737 }
1738
1739 static const struct object_id *command_singleton_iterator(void *cb_data)
1740 {
1741 struct command **cmd_list = cb_data;
1742 struct command *cmd = *cmd_list;
1743
1744 if (!cmd || is_null_oid(&cmd->new_oid))
1745 return NULL;
1746 *cmd_list = NULL; /* this returns only one */
1747 return &cmd->new_oid;
1748 }
1749
1750 static void set_connectivity_errors(struct command *commands,
1751 struct shallow_info *si)
1752 {
1753 struct command *cmd;
1754
1755 for (cmd = commands; cmd; cmd = cmd->next) {
1756 struct command *singleton = cmd;
1757 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1758
1759 if (shallow_update && si->shallow_ref[cmd->index])
1760 /* to be checked in update_shallow_ref() */
1761 continue;
1762
1763 opt.env = tmp_objdir_env(tmp_objdir);
1764 if (!check_connected(command_singleton_iterator, &singleton,
1765 &opt))
1766 continue;
1767
1768 cmd->error_string = "missing necessary objects";
1769 }
1770 }
1771
1772 struct iterate_data {
1773 struct command *cmds;
1774 struct shallow_info *si;
1775 };
1776
1777 static const struct object_id *iterate_receive_command_list(void *cb_data)
1778 {
1779 struct iterate_data *data = cb_data;
1780 struct command **cmd_list = &data->cmds;
1781 struct command *cmd = *cmd_list;
1782
1783 for (; cmd; cmd = cmd->next) {
1784 if (shallow_update && data->si->shallow_ref[cmd->index])
1785 /* to be checked in update_shallow_ref() */
1786 continue;
1787 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1788 *cmd_list = cmd->next;
1789 return &cmd->new_oid;
1790 }
1791 }
1792 return NULL;
1793 }
1794
1795 static void reject_updates_to_hidden(struct command *commands)
1796 {
1797 struct strbuf refname_full = STRBUF_INIT;
1798 size_t prefix_len;
1799 struct command *cmd;
1800
1801 strbuf_addstr(&refname_full, get_git_namespace());
1802 prefix_len = refname_full.len;
1803
1804 for (cmd = commands; cmd; cmd = cmd->next) {
1805 if (cmd->error_string)
1806 continue;
1807
1808 strbuf_setlen(&refname_full, prefix_len);
1809 strbuf_addstr(&refname_full, cmd->ref_name);
1810
1811 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1812 continue;
1813 if (is_null_oid(&cmd->new_oid))
1814 cmd->error_string = "deny deleting a hidden ref";
1815 else
1816 cmd->error_string = "deny updating a hidden ref";
1817 }
1818
1819 strbuf_release(&refname_full);
1820 }
1821
1822 static int should_process_cmd(struct command *cmd)
1823 {
1824 return !cmd->error_string && !cmd->skip_update;
1825 }
1826
1827 static void BUG_if_skipped_connectivity_check(struct command *commands,
1828 struct shallow_info *si)
1829 {
1830 struct command *cmd;
1831
1832 for (cmd = commands; cmd; cmd = cmd->next) {
1833 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1834 bug("connectivity check has not been run on ref %s",
1835 cmd->ref_name);
1836 }
1837 BUG_if_bug("connectivity check skipped???");
1838 }
1839
1840 static void execute_commands_non_atomic(struct command *commands,
1841 struct shallow_info *si)
1842 {
1843 struct command *cmd;
1844 struct strbuf err = STRBUF_INIT;
1845
1846 for (cmd = commands; cmd; cmd = cmd->next) {
1847 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1848 continue;
1849
1850 transaction = ref_transaction_begin(&err);
1851 if (!transaction) {
1852 rp_error("%s", err.buf);
1853 strbuf_reset(&err);
1854 cmd->error_string = "transaction failed to start";
1855 continue;
1856 }
1857
1858 cmd->error_string = update(cmd, si);
1859
1860 if (!cmd->error_string
1861 && ref_transaction_commit(transaction, &err)) {
1862 rp_error("%s", err.buf);
1863 strbuf_reset(&err);
1864 cmd->error_string = "failed to update ref";
1865 }
1866 ref_transaction_free(transaction);
1867 }
1868 strbuf_release(&err);
1869 }
1870
1871 static void execute_commands_atomic(struct command *commands,
1872 struct shallow_info *si)
1873 {
1874 struct command *cmd;
1875 struct strbuf err = STRBUF_INIT;
1876 const char *reported_error = "atomic push failure";
1877
1878 transaction = ref_transaction_begin(&err);
1879 if (!transaction) {
1880 rp_error("%s", err.buf);
1881 strbuf_reset(&err);
1882 reported_error = "transaction failed to start";
1883 goto failure;
1884 }
1885
1886 for (cmd = commands; cmd; cmd = cmd->next) {
1887 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1888 continue;
1889
1890 cmd->error_string = update(cmd, si);
1891
1892 if (cmd->error_string)
1893 goto failure;
1894 }
1895
1896 if (ref_transaction_commit(transaction, &err)) {
1897 rp_error("%s", err.buf);
1898 reported_error = "atomic transaction failed";
1899 goto failure;
1900 }
1901 goto cleanup;
1902
1903 failure:
1904 for (cmd = commands; cmd; cmd = cmd->next)
1905 if (!cmd->error_string)
1906 cmd->error_string = reported_error;
1907
1908 cleanup:
1909 ref_transaction_free(transaction);
1910 strbuf_release(&err);
1911 }
1912
1913 static void execute_commands(struct command *commands,
1914 const char *unpacker_error,
1915 struct shallow_info *si,
1916 const struct string_list *push_options)
1917 {
1918 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1919 struct command *cmd;
1920 struct iterate_data data;
1921 struct async muxer;
1922 int err_fd = 0;
1923 int run_proc_receive = 0;
1924
1925 if (unpacker_error) {
1926 for (cmd = commands; cmd; cmd = cmd->next)
1927 cmd->error_string = "unpacker error";
1928 return;
1929 }
1930
1931 if (use_sideband) {
1932 memset(&muxer, 0, sizeof(muxer));
1933 muxer.proc = copy_to_sideband;
1934 muxer.in = -1;
1935 if (!start_async(&muxer))
1936 err_fd = muxer.in;
1937 /* ...else, continue without relaying sideband */
1938 }
1939
1940 data.cmds = commands;
1941 data.si = si;
1942 opt.err_fd = err_fd;
1943 opt.progress = err_fd && !quiet;
1944 opt.env = tmp_objdir_env(tmp_objdir);
1945 opt.exclude_hidden_refs_section = "receive";
1946
1947 if (check_connected(iterate_receive_command_list, &data, &opt))
1948 set_connectivity_errors(commands, si);
1949
1950 if (use_sideband)
1951 finish_async(&muxer);
1952
1953 reject_updates_to_hidden(commands);
1954
1955 /*
1956 * Try to find commands that have special prefix in their reference names,
1957 * and mark them to run an external "proc-receive" hook later.
1958 */
1959 if (proc_receive_ref) {
1960 for (cmd = commands; cmd; cmd = cmd->next) {
1961 if (!should_process_cmd(cmd))
1962 continue;
1963
1964 if (proc_receive_ref_matches(cmd)) {
1965 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1966 run_proc_receive = 1;
1967 }
1968 }
1969 }
1970
1971 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1972 for (cmd = commands; cmd; cmd = cmd->next) {
1973 if (!cmd->error_string)
1974 cmd->error_string = "pre-receive hook declined";
1975 }
1976 return;
1977 }
1978
1979 /*
1980 * If there is no command ready to run, should return directly to destroy
1981 * temporary data in the quarantine area.
1982 */
1983 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1984 ; /* nothing */
1985 if (!cmd)
1986 return;
1987
1988 /*
1989 * Now we'll start writing out refs, which means the objects need
1990 * to be in their final positions so that other processes can see them.
1991 */
1992 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1993 for (cmd = commands; cmd; cmd = cmd->next) {
1994 if (!cmd->error_string)
1995 cmd->error_string = "unable to migrate objects to permanent storage";
1996 }
1997 return;
1998 }
1999 tmp_objdir = NULL;
2000
2001 check_aliased_updates(commands);
2002
2003 free(head_name_to_free);
2004 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
2005
2006 if (run_proc_receive &&
2007 run_proc_receive_hook(commands, push_options))
2008 for (cmd = commands; cmd; cmd = cmd->next)
2009 if (!cmd->error_string &&
2010 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2011 (cmd->run_proc_receive || use_atomic))
2012 cmd->error_string = "fail to run proc-receive hook";
2013
2014 if (use_atomic)
2015 execute_commands_atomic(commands, si);
2016 else
2017 execute_commands_non_atomic(commands, si);
2018
2019 if (shallow_update)
2020 BUG_if_skipped_connectivity_check(commands, si);
2021 }
2022
2023 static struct command **queue_command(struct command **tail,
2024 const char *line,
2025 int linelen)
2026 {
2027 struct object_id old_oid, new_oid;
2028 struct command *cmd;
2029 const char *refname;
2030 int reflen;
2031 const char *p;
2032
2033 if (parse_oid_hex(line, &old_oid, &p) ||
2034 *p++ != ' ' ||
2035 parse_oid_hex(p, &new_oid, &p) ||
2036 *p++ != ' ')
2037 die("protocol error: expected old/new/ref, got '%s'", line);
2038
2039 refname = p;
2040 reflen = linelen - (p - line);
2041 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2042 oidcpy(&cmd->old_oid, &old_oid);
2043 oidcpy(&cmd->new_oid, &new_oid);
2044 *tail = cmd;
2045 return &cmd->next;
2046 }
2047
2048 static void free_commands(struct command *commands)
2049 {
2050 while (commands) {
2051 struct command *next = commands->next;
2052
2053 free(commands);
2054 commands = next;
2055 }
2056 }
2057
2058 static void queue_commands_from_cert(struct command **tail,
2059 struct strbuf *push_cert)
2060 {
2061 const char *boc, *eoc;
2062
2063 if (*tail)
2064 die("protocol error: got both push certificate and unsigned commands");
2065
2066 boc = strstr(push_cert->buf, "\n\n");
2067 if (!boc)
2068 die("malformed push certificate %.*s", 100, push_cert->buf);
2069 else
2070 boc += 2;
2071 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2072
2073 while (boc < eoc) {
2074 const char *eol = memchr(boc, '\n', eoc - boc);
2075 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2076 boc = eol ? eol + 1 : eoc;
2077 }
2078 }
2079
2080 static struct command *read_head_info(struct packet_reader *reader,
2081 struct oid_array *shallow)
2082 {
2083 struct command *commands = NULL;
2084 struct command **p = &commands;
2085 for (;;) {
2086 int linelen;
2087
2088 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2089 break;
2090
2091 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2092 struct object_id oid;
2093 if (get_oid_hex(reader->line + 8, &oid))
2094 die("protocol error: expected shallow sha, got '%s'",
2095 reader->line + 8);
2096 oid_array_append(shallow, &oid);
2097 continue;
2098 }
2099
2100 linelen = strlen(reader->line);
2101 if (linelen < reader->pktlen) {
2102 const char *feature_list = reader->line + linelen + 1;
2103 const char *hash = NULL;
2104 const char *client_sid;
2105 size_t len = 0;
2106 if (parse_feature_request(feature_list, "report-status"))
2107 report_status = 1;
2108 if (parse_feature_request(feature_list, "report-status-v2"))
2109 report_status_v2 = 1;
2110 if (parse_feature_request(feature_list, "side-band-64k"))
2111 use_sideband = LARGE_PACKET_MAX;
2112 if (parse_feature_request(feature_list, "quiet"))
2113 quiet = 1;
2114 if (advertise_atomic_push
2115 && parse_feature_request(feature_list, "atomic"))
2116 use_atomic = 1;
2117 if (advertise_push_options
2118 && parse_feature_request(feature_list, "push-options"))
2119 use_push_options = 1;
2120 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2121 if (!hash) {
2122 hash = hash_algos[GIT_HASH_SHA1].name;
2123 len = strlen(hash);
2124 }
2125 if (xstrncmpz(the_hash_algo->name, hash, len))
2126 die("error: unsupported object format '%s'", hash);
2127 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2128 if (client_sid) {
2129 char *sid = xstrndup(client_sid, len);
2130 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2131 free(sid);
2132 }
2133 }
2134
2135 if (!strcmp(reader->line, "push-cert")) {
2136 int true_flush = 0;
2137 int saved_options = reader->options;
2138 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2139
2140 for (;;) {
2141 packet_reader_read(reader);
2142 if (reader->status == PACKET_READ_FLUSH) {
2143 true_flush = 1;
2144 break;
2145 }
2146 if (reader->status != PACKET_READ_NORMAL) {
2147 die("protocol error: got an unexpected packet");
2148 }
2149 if (!strcmp(reader->line, "push-cert-end\n"))
2150 break; /* end of cert */
2151 strbuf_addstr(&push_cert, reader->line);
2152 }
2153 reader->options = saved_options;
2154
2155 if (true_flush)
2156 break;
2157 continue;
2158 }
2159
2160 p = queue_command(p, reader->line, linelen);
2161 }
2162
2163 if (push_cert.len)
2164 queue_commands_from_cert(p, &push_cert);
2165
2166 return commands;
2167 }
2168
2169 static void read_push_options(struct packet_reader *reader,
2170 struct string_list *options)
2171 {
2172 while (1) {
2173 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2174 break;
2175
2176 string_list_append(options, reader->line);
2177 }
2178 }
2179
2180 static const char *parse_pack_header(struct pack_header *hdr)
2181 {
2182 switch (read_pack_header(0, hdr)) {
2183 case PH_ERROR_EOF:
2184 return "eof before pack header was fully read";
2185
2186 case PH_ERROR_PACK_SIGNATURE:
2187 return "protocol error (pack signature mismatch detected)";
2188
2189 case PH_ERROR_PROTOCOL:
2190 return "protocol error (pack version unsupported)";
2191
2192 default:
2193 return "unknown error in parse_pack_header";
2194
2195 case 0:
2196 return NULL;
2197 }
2198 }
2199
2200 static struct tempfile *pack_lockfile;
2201
2202 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2203 {
2204 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2205 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2206 }
2207
2208 static const char *unpack(int err_fd, struct shallow_info *si)
2209 {
2210 struct pack_header hdr;
2211 const char *hdr_err;
2212 int status;
2213 struct child_process child = CHILD_PROCESS_INIT;
2214 int fsck_objects = (receive_fsck_objects >= 0
2215 ? receive_fsck_objects
2216 : transfer_fsck_objects >= 0
2217 ? transfer_fsck_objects
2218 : 0);
2219
2220 hdr_err = parse_pack_header(&hdr);
2221 if (hdr_err) {
2222 if (err_fd > 0)
2223 close(err_fd);
2224 return hdr_err;
2225 }
2226
2227 if (si->nr_ours || si->nr_theirs) {
2228 alt_shallow_file = setup_temporary_shallow(si->shallow);
2229 strvec_push(&child.args, "--shallow-file");
2230 strvec_push(&child.args, alt_shallow_file);
2231 }
2232
2233 tmp_objdir = tmp_objdir_create("incoming");
2234 if (!tmp_objdir) {
2235 if (err_fd > 0)
2236 close(err_fd);
2237 return "unable to create temporary object directory";
2238 }
2239 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2240
2241 /*
2242 * Normally we just pass the tmp_objdir environment to the child
2243 * processes that do the heavy lifting, but we may need to see these
2244 * objects ourselves to set up shallow information.
2245 */
2246 tmp_objdir_add_as_alternate(tmp_objdir);
2247
2248 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2249 strvec_push(&child.args, "unpack-objects");
2250 push_header_arg(&child.args, &hdr);
2251 if (quiet)
2252 strvec_push(&child.args, "-q");
2253 if (fsck_objects)
2254 strvec_pushf(&child.args, "--strict%s",
2255 fsck_msg_types.buf);
2256 if (max_input_size)
2257 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2258 (uintmax_t)max_input_size);
2259 child.no_stdout = 1;
2260 child.err = err_fd;
2261 child.git_cmd = 1;
2262 status = run_command(&child);
2263 if (status)
2264 return "unpack-objects abnormal exit";
2265 } else {
2266 char hostname[HOST_NAME_MAX + 1];
2267 char *lockfile;
2268
2269 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2270 push_header_arg(&child.args, &hdr);
2271
2272 if (xgethostname(hostname, sizeof(hostname)))
2273 xsnprintf(hostname, sizeof(hostname), "localhost");
2274 strvec_pushf(&child.args,
2275 "--keep=receive-pack %"PRIuMAX" on %s",
2276 (uintmax_t)getpid(),
2277 hostname);
2278
2279 if (!quiet && err_fd)
2280 strvec_push(&child.args, "--show-resolving-progress");
2281 if (use_sideband)
2282 strvec_push(&child.args, "--report-end-of-input");
2283 if (fsck_objects)
2284 strvec_pushf(&child.args, "--strict%s",
2285 fsck_msg_types.buf);
2286 if (!reject_thin)
2287 strvec_push(&child.args, "--fix-thin");
2288 if (max_input_size)
2289 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2290 (uintmax_t)max_input_size);
2291 child.out = -1;
2292 child.err = err_fd;
2293 child.git_cmd = 1;
2294 status = start_command(&child);
2295 if (status)
2296 return "index-pack fork failed";
2297
2298 lockfile = index_pack_lockfile(child.out, NULL);
2299 if (lockfile) {
2300 pack_lockfile = register_tempfile(lockfile);
2301 free(lockfile);
2302 }
2303 close(child.out);
2304
2305 status = finish_command(&child);
2306 if (status)
2307 return "index-pack abnormal exit";
2308 reprepare_packed_git(the_repository);
2309 }
2310 return NULL;
2311 }
2312
2313 static const char *unpack_with_sideband(struct shallow_info *si)
2314 {
2315 struct async muxer;
2316 const char *ret;
2317
2318 if (!use_sideband)
2319 return unpack(0, si);
2320
2321 use_keepalive = KEEPALIVE_AFTER_NUL;
2322 memset(&muxer, 0, sizeof(muxer));
2323 muxer.proc = copy_to_sideband;
2324 muxer.in = -1;
2325 if (start_async(&muxer))
2326 return NULL;
2327
2328 ret = unpack(muxer.in, si);
2329
2330 finish_async(&muxer);
2331 return ret;
2332 }
2333
2334 static void prepare_shallow_update(struct shallow_info *si)
2335 {
2336 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2337
2338 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2339 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2340
2341 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2342 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2343 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2344
2345 for (i = 0; i < si->nr_ours; i++)
2346 si->need_reachability_test[si->ours[i]] = 1;
2347
2348 for (i = 0; i < si->shallow->nr; i++) {
2349 if (!si->used_shallow[i])
2350 continue;
2351 for (j = 0; j < bitmap_size; j++) {
2352 if (!si->used_shallow[i][j])
2353 continue;
2354 si->need_reachability_test[i]++;
2355 for (k = 0; k < 32; k++)
2356 if (si->used_shallow[i][j] & (1U << k))
2357 si->shallow_ref[j * 32 + k]++;
2358 }
2359
2360 /*
2361 * true for those associated with some refs and belong
2362 * in "ours" list aka "step 7 not done yet"
2363 */
2364 si->need_reachability_test[i] =
2365 si->need_reachability_test[i] > 1;
2366 }
2367
2368 /*
2369 * keep hooks happy by forcing a temporary shallow file via
2370 * env variable because we can't add --shallow-file to every
2371 * command. check_connected() will be done with
2372 * true .git/shallow though.
2373 */
2374 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2375 }
2376
2377 static void update_shallow_info(struct command *commands,
2378 struct shallow_info *si,
2379 struct oid_array *ref)
2380 {
2381 struct command *cmd;
2382 int *ref_status;
2383 remove_nonexistent_theirs_shallow(si);
2384 if (!si->nr_ours && !si->nr_theirs) {
2385 shallow_update = 0;
2386 return;
2387 }
2388
2389 for (cmd = commands; cmd; cmd = cmd->next) {
2390 if (is_null_oid(&cmd->new_oid))
2391 continue;
2392 oid_array_append(ref, &cmd->new_oid);
2393 cmd->index = ref->nr - 1;
2394 }
2395 si->ref = ref;
2396
2397 if (shallow_update) {
2398 prepare_shallow_update(si);
2399 return;
2400 }
2401
2402 ALLOC_ARRAY(ref_status, ref->nr);
2403 assign_shallow_commits_to_refs(si, NULL, ref_status);
2404 for (cmd = commands; cmd; cmd = cmd->next) {
2405 if (is_null_oid(&cmd->new_oid))
2406 continue;
2407 if (ref_status[cmd->index]) {
2408 cmd->error_string = "shallow update not allowed";
2409 cmd->skip_update = 1;
2410 }
2411 }
2412 free(ref_status);
2413 }
2414
2415 static void report(struct command *commands, const char *unpack_status)
2416 {
2417 struct command *cmd;
2418 struct strbuf buf = STRBUF_INIT;
2419
2420 packet_buf_write(&buf, "unpack %s\n",
2421 unpack_status ? unpack_status : "ok");
2422 for (cmd = commands; cmd; cmd = cmd->next) {
2423 if (!cmd->error_string)
2424 packet_buf_write(&buf, "ok %s\n",
2425 cmd->ref_name);
2426 else
2427 packet_buf_write(&buf, "ng %s %s\n",
2428 cmd->ref_name, cmd->error_string);
2429 }
2430 packet_buf_flush(&buf);
2431
2432 if (use_sideband)
2433 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2434 else
2435 write_or_die(1, buf.buf, buf.len);
2436 strbuf_release(&buf);
2437 }
2438
2439 static void report_v2(struct command *commands, const char *unpack_status)
2440 {
2441 struct command *cmd;
2442 struct strbuf buf = STRBUF_INIT;
2443 struct ref_push_report *report;
2444
2445 packet_buf_write(&buf, "unpack %s\n",
2446 unpack_status ? unpack_status : "ok");
2447 for (cmd = commands; cmd; cmd = cmd->next) {
2448 int count = 0;
2449
2450 if (cmd->error_string) {
2451 packet_buf_write(&buf, "ng %s %s\n",
2452 cmd->ref_name,
2453 cmd->error_string);
2454 continue;
2455 }
2456 packet_buf_write(&buf, "ok %s\n",
2457 cmd->ref_name);
2458 for (report = cmd->report; report; report = report->next) {
2459 if (count++ > 0)
2460 packet_buf_write(&buf, "ok %s\n",
2461 cmd->ref_name);
2462 if (report->ref_name)
2463 packet_buf_write(&buf, "option refname %s\n",
2464 report->ref_name);
2465 if (report->old_oid)
2466 packet_buf_write(&buf, "option old-oid %s\n",
2467 oid_to_hex(report->old_oid));
2468 if (report->new_oid)
2469 packet_buf_write(&buf, "option new-oid %s\n",
2470 oid_to_hex(report->new_oid));
2471 if (report->forced_update)
2472 packet_buf_write(&buf, "option forced-update\n");
2473 }
2474 }
2475 packet_buf_flush(&buf);
2476
2477 if (use_sideband)
2478 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2479 else
2480 write_or_die(1, buf.buf, buf.len);
2481 strbuf_release(&buf);
2482 }
2483
2484 static int delete_only(struct command *commands)
2485 {
2486 struct command *cmd;
2487 for (cmd = commands; cmd; cmd = cmd->next) {
2488 if (!is_null_oid(&cmd->new_oid))
2489 return 0;
2490 }
2491 return 1;
2492 }
2493
2494 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2495 {
2496 int advertise_refs = 0;
2497 struct command *commands;
2498 struct oid_array shallow = OID_ARRAY_INIT;
2499 struct oid_array ref = OID_ARRAY_INIT;
2500 struct shallow_info si;
2501 struct packet_reader reader;
2502
2503 struct option options[] = {
2504 OPT__QUIET(&quiet, N_("quiet")),
2505 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2506 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2507 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2508 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2509 OPT_END()
2510 };
2511
2512 packet_trace_identity("receive-pack");
2513
2514 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2515
2516 if (argc > 1)
2517 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2518 if (argc == 0)
2519 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2520
2521 service_dir = argv[0];
2522
2523 setup_path();
2524
2525 if (!enter_repo(service_dir, 0))
2526 die("'%s' does not appear to be a git repository", service_dir);
2527
2528 git_config(receive_pack_config, NULL);
2529 if (cert_nonce_seed)
2530 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2531
2532 if (0 <= receive_unpack_limit)
2533 unpack_limit = receive_unpack_limit;
2534 else if (0 <= transfer_unpack_limit)
2535 unpack_limit = transfer_unpack_limit;
2536
2537 switch (determine_protocol_version_server()) {
2538 case protocol_v2:
2539 /*
2540 * push support for protocol v2 has not been implemented yet,
2541 * so ignore the request to use v2 and fallback to using v0.
2542 */
2543 break;
2544 case protocol_v1:
2545 /*
2546 * v1 is just the original protocol with a version string,
2547 * so just fall through after writing the version string.
2548 */
2549 if (advertise_refs || !stateless_rpc)
2550 packet_write_fmt(1, "version 1\n");
2551
2552 /* fallthrough */
2553 case protocol_v0:
2554 break;
2555 case protocol_unknown_version:
2556 BUG("unknown protocol version");
2557 }
2558
2559 if (advertise_refs || !stateless_rpc) {
2560 write_head_info();
2561 }
2562 if (advertise_refs)
2563 return 0;
2564
2565 packet_reader_init(&reader, 0, NULL, 0,
2566 PACKET_READ_CHOMP_NEWLINE |
2567 PACKET_READ_DIE_ON_ERR_PACKET);
2568
2569 if ((commands = read_head_info(&reader, &shallow))) {
2570 const char *unpack_status = NULL;
2571 struct string_list push_options = STRING_LIST_INIT_DUP;
2572
2573 if (use_push_options)
2574 read_push_options(&reader, &push_options);
2575 if (!check_cert_push_options(&push_options)) {
2576 struct command *cmd;
2577 for (cmd = commands; cmd; cmd = cmd->next)
2578 cmd->error_string = "inconsistent push options";
2579 }
2580
2581 prepare_shallow_info(&si, &shallow);
2582 if (!si.nr_ours && !si.nr_theirs)
2583 shallow_update = 0;
2584 if (!delete_only(commands)) {
2585 unpack_status = unpack_with_sideband(&si);
2586 update_shallow_info(commands, &si, &ref);
2587 }
2588 use_keepalive = KEEPALIVE_ALWAYS;
2589 execute_commands(commands, unpack_status, &si,
2590 &push_options);
2591 delete_tempfile(&pack_lockfile);
2592 sigchain_push(SIGPIPE, SIG_IGN);
2593 if (report_status_v2)
2594 report_v2(commands, unpack_status);
2595 else if (report_status)
2596 report(commands, unpack_status);
2597 sigchain_pop(SIGPIPE);
2598 run_receive_hook(commands, "post-receive", 1,
2599 &push_options);
2600 run_update_post_hook(commands);
2601 free_commands(commands);
2602 string_list_clear(&push_options, 0);
2603 if (auto_gc) {
2604 struct child_process proc = CHILD_PROCESS_INIT;
2605
2606 proc.no_stdin = 1;
2607 proc.stdout_to_stderr = 1;
2608 proc.err = use_sideband ? -1 : 0;
2609 proc.git_cmd = proc.close_object_store = 1;
2610 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2611 NULL);
2612
2613 if (!start_command(&proc)) {
2614 if (use_sideband)
2615 copy_to_sideband(proc.err, -1, NULL);
2616 finish_command(&proc);
2617 }
2618 }
2619 if (auto_update_server_info)
2620 update_server_info(0);
2621 clear_shallow_info(&si);
2622 }
2623 if (use_sideband)
2624 packet_flush(1);
2625 oid_array_clear(&shallow);
2626 oid_array_clear(&ref);
2627 strvec_clear(&hidden_refs);
2628 free((void *)push_cert_nonce);
2629 return 0;
2630 }
Unnamed repository; edit this file 'description' to name the repository.