]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'mt/do-not-use-scld-in-working-tree'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "oid-array.h"
17 #include "connected.h"
18 #include "strvec.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31 #include "shallow.h"
32
33 static const char * const receive_pack_usage[] = {
34 N_("git receive-pack <git-dir>"),
35 NULL
36 };
37
38 enum deny_action {
39 DENY_UNCONFIGURED,
40 DENY_IGNORE,
41 DENY_WARN,
42 DENY_REFUSE,
43 DENY_UPDATE_INSTEAD
44 };
45
46 static int deny_deletes;
47 static int deny_non_fast_forwards;
48 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
49 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
50 static int receive_fsck_objects = -1;
51 static int transfer_fsck_objects = -1;
52 static struct strbuf fsck_msg_types = STRBUF_INIT;
53 static int receive_unpack_limit = -1;
54 static int transfer_unpack_limit = -1;
55 static int advertise_atomic_push = 1;
56 static int advertise_push_options;
57 static int unpack_limit = 100;
58 static off_t max_input_size;
59 static int report_status;
60 static int report_status_v2;
61 static int use_sideband;
62 static int use_atomic;
63 static int use_push_options;
64 static int quiet;
65 static int prefer_ofs_delta = 1;
66 static int auto_update_server_info;
67 static int auto_gc = 1;
68 static int reject_thin;
69 static int stateless_rpc;
70 static const char *service_dir;
71 static const char *head_name;
72 static void *head_name_to_free;
73 static int sent_capabilities;
74 static int shallow_update;
75 static const char *alt_shallow_file;
76 static struct strbuf push_cert = STRBUF_INIT;
77 static struct object_id push_cert_oid;
78 static struct signature_check sigcheck;
79 static const char *push_cert_nonce;
80 static const char *cert_nonce_seed;
81
82 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
83 static const char *NONCE_BAD = "BAD";
84 static const char *NONCE_MISSING = "MISSING";
85 static const char *NONCE_OK = "OK";
86 static const char *NONCE_SLOP = "SLOP";
87 static const char *nonce_status;
88 static long nonce_stamp_slop;
89 static timestamp_t nonce_stamp_slop_limit;
90 static struct ref_transaction *transaction;
91
92 static enum {
93 KEEPALIVE_NEVER = 0,
94 KEEPALIVE_AFTER_NUL,
95 KEEPALIVE_ALWAYS
96 } use_keepalive;
97 static int keepalive_in_sec = 5;
98
99 static struct tmp_objdir *tmp_objdir;
100
101 static struct proc_receive_ref {
102 unsigned int want_add:1,
103 want_delete:1,
104 want_modify:1,
105 negative_ref:1;
106 char *ref_prefix;
107 struct proc_receive_ref *next;
108 } *proc_receive_ref;
109
110 static void proc_receive_ref_append(const char *prefix);
111
112 static enum deny_action parse_deny_action(const char *var, const char *value)
113 {
114 if (value) {
115 if (!strcasecmp(value, "ignore"))
116 return DENY_IGNORE;
117 if (!strcasecmp(value, "warn"))
118 return DENY_WARN;
119 if (!strcasecmp(value, "refuse"))
120 return DENY_REFUSE;
121 if (!strcasecmp(value, "updateinstead"))
122 return DENY_UPDATE_INSTEAD;
123 }
124 if (git_config_bool(var, value))
125 return DENY_REFUSE;
126 return DENY_IGNORE;
127 }
128
129 static int receive_pack_config(const char *var, const char *value, void *cb)
130 {
131 int status = parse_hide_refs_config(var, value, "receive");
132
133 if (status)
134 return status;
135
136 if (strcmp(var, "receive.denydeletes") == 0) {
137 deny_deletes = git_config_bool(var, value);
138 return 0;
139 }
140
141 if (strcmp(var, "receive.denynonfastforwards") == 0) {
142 deny_non_fast_forwards = git_config_bool(var, value);
143 return 0;
144 }
145
146 if (strcmp(var, "receive.unpacklimit") == 0) {
147 receive_unpack_limit = git_config_int(var, value);
148 return 0;
149 }
150
151 if (strcmp(var, "transfer.unpacklimit") == 0) {
152 transfer_unpack_limit = git_config_int(var, value);
153 return 0;
154 }
155
156 if (strcmp(var, "receive.fsck.skiplist") == 0) {
157 const char *path;
158
159 if (git_config_pathname(&path, var, value))
160 return 1;
161 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
162 fsck_msg_types.len ? ',' : '=', path);
163 free((char *)path);
164 return 0;
165 }
166
167 if (skip_prefix(var, "receive.fsck.", &var)) {
168 if (is_valid_msg_type(var, value))
169 strbuf_addf(&fsck_msg_types, "%c%s=%s",
170 fsck_msg_types.len ? ',' : '=', var, value);
171 else
172 warning("Skipping unknown msg id '%s'", var);
173 return 0;
174 }
175
176 if (strcmp(var, "receive.fsckobjects") == 0) {
177 receive_fsck_objects = git_config_bool(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "transfer.fsckobjects") == 0) {
182 transfer_fsck_objects = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (!strcmp(var, "receive.denycurrentbranch")) {
187 deny_current_branch = parse_deny_action(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.denydeletecurrent") == 0) {
192 deny_delete_current = parse_deny_action(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
197 prefer_ofs_delta = git_config_bool(var, value);
198 return 0;
199 }
200
201 if (strcmp(var, "receive.updateserverinfo") == 0) {
202 auto_update_server_info = git_config_bool(var, value);
203 return 0;
204 }
205
206 if (strcmp(var, "receive.autogc") == 0) {
207 auto_gc = git_config_bool(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.shallowupdate") == 0) {
212 shallow_update = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.certnonceseed") == 0)
217 return git_config_string(&cert_nonce_seed, var, value);
218
219 if (strcmp(var, "receive.certnonceslop") == 0) {
220 nonce_stamp_slop_limit = git_config_ulong(var, value);
221 return 0;
222 }
223
224 if (strcmp(var, "receive.advertiseatomic") == 0) {
225 advertise_atomic_push = git_config_bool(var, value);
226 return 0;
227 }
228
229 if (strcmp(var, "receive.advertisepushoptions") == 0) {
230 advertise_push_options = git_config_bool(var, value);
231 return 0;
232 }
233
234 if (strcmp(var, "receive.keepalive") == 0) {
235 keepalive_in_sec = git_config_int(var, value);
236 return 0;
237 }
238
239 if (strcmp(var, "receive.maxinputsize") == 0) {
240 max_input_size = git_config_int64(var, value);
241 return 0;
242 }
243
244 if (strcmp(var, "receive.procreceiverefs") == 0) {
245 if (!value)
246 return config_error_nonbool(var);
247 proc_receive_ref_append(value);
248 return 0;
249 }
250
251 return git_default_config(var, value, cb);
252 }
253
254 static void show_ref(const char *path, const struct object_id *oid)
255 {
256 if (sent_capabilities) {
257 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
258 } else {
259 struct strbuf cap = STRBUF_INIT;
260
261 strbuf_addstr(&cap,
262 "report-status report-status-v2 delete-refs side-band-64k quiet");
263 if (advertise_atomic_push)
264 strbuf_addstr(&cap, " atomic");
265 if (prefer_ofs_delta)
266 strbuf_addstr(&cap, " ofs-delta");
267 if (push_cert_nonce)
268 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
269 if (advertise_push_options)
270 strbuf_addstr(&cap, " push-options");
271 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
272 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
273 packet_write_fmt(1, "%s %s%c%s\n",
274 oid_to_hex(oid), path, 0, cap.buf);
275 strbuf_release(&cap);
276 sent_capabilities = 1;
277 }
278 }
279
280 static int show_ref_cb(const char *path_full, const struct object_id *oid,
281 int flag, void *data)
282 {
283 struct oidset *seen = data;
284 const char *path = strip_namespace(path_full);
285
286 if (ref_is_hidden(path, path_full))
287 return 0;
288
289 /*
290 * Advertise refs outside our current namespace as ".have"
291 * refs, so that the client can use them to minimize data
292 * transfer but will otherwise ignore them.
293 */
294 if (!path) {
295 if (oidset_insert(seen, oid))
296 return 0;
297 path = ".have";
298 } else {
299 oidset_insert(seen, oid);
300 }
301 show_ref(path, oid);
302 return 0;
303 }
304
305 static void show_one_alternate_ref(const struct object_id *oid,
306 void *data)
307 {
308 struct oidset *seen = data;
309
310 if (oidset_insert(seen, oid))
311 return;
312
313 show_ref(".have", oid);
314 }
315
316 static void write_head_info(void)
317 {
318 static struct oidset seen = OIDSET_INIT;
319
320 for_each_ref(show_ref_cb, &seen);
321 for_each_alternate_ref(show_one_alternate_ref, &seen);
322 oidset_clear(&seen);
323 if (!sent_capabilities)
324 show_ref("capabilities^{}", &null_oid);
325
326 advertise_shallow_grafts(1);
327
328 /* EOF */
329 packet_flush(1);
330 }
331
332 #define RUN_PROC_RECEIVE_SCHEDULED 1
333 #define RUN_PROC_RECEIVE_RETURNED 2
334 struct command {
335 struct command *next;
336 const char *error_string;
337 struct ref_push_report *report;
338 unsigned int skip_update:1,
339 did_not_exist:1,
340 run_proc_receive:2;
341 int index;
342 struct object_id old_oid;
343 struct object_id new_oid;
344 char ref_name[FLEX_ARRAY]; /* more */
345 };
346
347 static void proc_receive_ref_append(const char *prefix)
348 {
349 struct proc_receive_ref *ref_pattern;
350 char *p;
351 int len;
352
353 ref_pattern = xcalloc(1, sizeof(struct proc_receive_ref));
354 p = strchr(prefix, ':');
355 if (p) {
356 while (prefix < p) {
357 if (*prefix == 'a')
358 ref_pattern->want_add = 1;
359 else if (*prefix == 'd')
360 ref_pattern->want_delete = 1;
361 else if (*prefix == 'm')
362 ref_pattern->want_modify = 1;
363 else if (*prefix == '!')
364 ref_pattern->negative_ref = 1;
365 prefix++;
366 }
367 prefix++;
368 } else {
369 ref_pattern->want_add = 1;
370 ref_pattern->want_delete = 1;
371 ref_pattern->want_modify = 1;
372 }
373 len = strlen(prefix);
374 while (len && prefix[len - 1] == '/')
375 len--;
376 ref_pattern->ref_prefix = xmemdupz(prefix, len);
377 if (!proc_receive_ref) {
378 proc_receive_ref = ref_pattern;
379 } else {
380 struct proc_receive_ref *end;
381
382 end = proc_receive_ref;
383 while (end->next)
384 end = end->next;
385 end->next = ref_pattern;
386 }
387 }
388
389 static int proc_receive_ref_matches(struct command *cmd)
390 {
391 struct proc_receive_ref *p;
392
393 if (!proc_receive_ref)
394 return 0;
395
396 for (p = proc_receive_ref; p; p = p->next) {
397 const char *match = p->ref_prefix;
398 const char *remains;
399
400 if (!p->want_add && is_null_oid(&cmd->old_oid))
401 continue;
402 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
403 continue;
404 else if (!p->want_modify &&
405 !is_null_oid(&cmd->old_oid) &&
406 !is_null_oid(&cmd->new_oid))
407 continue;
408
409 if (skip_prefix(cmd->ref_name, match, &remains) &&
410 (!*remains || *remains == '/')) {
411 if (!p->negative_ref)
412 return 1;
413 } else if (p->negative_ref) {
414 return 1;
415 }
416 }
417 return 0;
418 }
419
420 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
421 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
422
423 static void report_message(const char *prefix, const char *err, va_list params)
424 {
425 int sz;
426 char msg[4096];
427
428 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
429 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
430 if (sz > (sizeof(msg) - 1))
431 sz = sizeof(msg) - 1;
432 msg[sz++] = '\n';
433
434 if (use_sideband)
435 send_sideband(1, 2, msg, sz, use_sideband);
436 else
437 xwrite(2, msg, sz);
438 }
439
440 static void rp_warning(const char *err, ...)
441 {
442 va_list params;
443 va_start(params, err);
444 report_message("warning: ", err, params);
445 va_end(params);
446 }
447
448 static void rp_error(const char *err, ...)
449 {
450 va_list params;
451 va_start(params, err);
452 report_message("error: ", err, params);
453 va_end(params);
454 }
455
456 static int copy_to_sideband(int in, int out, void *arg)
457 {
458 char data[128];
459 int keepalive_active = 0;
460
461 if (keepalive_in_sec <= 0)
462 use_keepalive = KEEPALIVE_NEVER;
463 if (use_keepalive == KEEPALIVE_ALWAYS)
464 keepalive_active = 1;
465
466 while (1) {
467 ssize_t sz;
468
469 if (keepalive_active) {
470 struct pollfd pfd;
471 int ret;
472
473 pfd.fd = in;
474 pfd.events = POLLIN;
475 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
476
477 if (ret < 0) {
478 if (errno == EINTR)
479 continue;
480 else
481 break;
482 } else if (ret == 0) {
483 /* no data; send a keepalive packet */
484 static const char buf[] = "0005\1";
485 write_or_die(1, buf, sizeof(buf) - 1);
486 continue;
487 } /* else there is actual data to read */
488 }
489
490 sz = xread(in, data, sizeof(data));
491 if (sz <= 0)
492 break;
493
494 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
495 const char *p = memchr(data, '\0', sz);
496 if (p) {
497 /*
498 * The NUL tells us to start sending keepalives. Make
499 * sure we send any other data we read along
500 * with it.
501 */
502 keepalive_active = 1;
503 send_sideband(1, 2, data, p - data, use_sideband);
504 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
505 continue;
506 }
507 }
508
509 /*
510 * Either we're not looking for a NUL signal, or we didn't see
511 * it yet; just pass along the data.
512 */
513 send_sideband(1, 2, data, sz, use_sideband);
514 }
515 close(in);
516 return 0;
517 }
518
519 static void hmac_hash(unsigned char *out,
520 const char *key_in, size_t key_len,
521 const char *text, size_t text_len)
522 {
523 unsigned char key[GIT_MAX_BLKSZ];
524 unsigned char k_ipad[GIT_MAX_BLKSZ];
525 unsigned char k_opad[GIT_MAX_BLKSZ];
526 int i;
527 git_hash_ctx ctx;
528
529 /* RFC 2104 2. (1) */
530 memset(key, '\0', GIT_MAX_BLKSZ);
531 if (the_hash_algo->blksz < key_len) {
532 the_hash_algo->init_fn(&ctx);
533 the_hash_algo->update_fn(&ctx, key_in, key_len);
534 the_hash_algo->final_fn(key, &ctx);
535 } else {
536 memcpy(key, key_in, key_len);
537 }
538
539 /* RFC 2104 2. (2) & (5) */
540 for (i = 0; i < sizeof(key); i++) {
541 k_ipad[i] = key[i] ^ 0x36;
542 k_opad[i] = key[i] ^ 0x5c;
543 }
544
545 /* RFC 2104 2. (3) & (4) */
546 the_hash_algo->init_fn(&ctx);
547 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
548 the_hash_algo->update_fn(&ctx, text, text_len);
549 the_hash_algo->final_fn(out, &ctx);
550
551 /* RFC 2104 2. (6) & (7) */
552 the_hash_algo->init_fn(&ctx);
553 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
554 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
555 the_hash_algo->final_fn(out, &ctx);
556 }
557
558 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
559 {
560 struct strbuf buf = STRBUF_INIT;
561 unsigned char hash[GIT_MAX_RAWSZ];
562
563 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
564 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
565 strbuf_release(&buf);
566
567 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
568 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
569 return strbuf_detach(&buf, NULL);
570 }
571
572 /*
573 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
574 * after dropping "_commit" from its name and possibly moving it out
575 * of commit.c
576 */
577 static char *find_header(const char *msg, size_t len, const char *key,
578 const char **next_line)
579 {
580 int key_len = strlen(key);
581 const char *line = msg;
582
583 while (line && line < msg + len) {
584 const char *eol = strchrnul(line, '\n');
585
586 if ((msg + len <= eol) || line == eol)
587 return NULL;
588 if (line + key_len < eol &&
589 !memcmp(line, key, key_len) && line[key_len] == ' ') {
590 int offset = key_len + 1;
591 if (next_line)
592 *next_line = *eol ? eol + 1 : eol;
593 return xmemdupz(line + offset, (eol - line) - offset);
594 }
595 line = *eol ? eol + 1 : NULL;
596 }
597 return NULL;
598 }
599
600 /*
601 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
602 * This operation is guaranteed to run in constant time to avoid leaking data.
603 */
604 static int constant_memequal(const char *a, const char *b, size_t n)
605 {
606 int res = 0;
607 size_t i;
608
609 for (i = 0; i < n; i++)
610 res |= a[i] ^ b[i];
611 return res;
612 }
613
614 static const char *check_nonce(const char *buf, size_t len)
615 {
616 char *nonce = find_header(buf, len, "nonce", NULL);
617 timestamp_t stamp, ostamp;
618 char *bohmac, *expect = NULL;
619 const char *retval = NONCE_BAD;
620 size_t noncelen;
621
622 if (!nonce) {
623 retval = NONCE_MISSING;
624 goto leave;
625 } else if (!push_cert_nonce) {
626 retval = NONCE_UNSOLICITED;
627 goto leave;
628 } else if (!strcmp(push_cert_nonce, nonce)) {
629 retval = NONCE_OK;
630 goto leave;
631 }
632
633 if (!stateless_rpc) {
634 /* returned nonce MUST match what we gave out earlier */
635 retval = NONCE_BAD;
636 goto leave;
637 }
638
639 /*
640 * In stateless mode, we may be receiving a nonce issued by
641 * another instance of the server that serving the same
642 * repository, and the timestamps may not match, but the
643 * nonce-seed and dir should match, so we can recompute and
644 * report the time slop.
645 *
646 * In addition, when a nonce issued by another instance has
647 * timestamp within receive.certnonceslop seconds, we pretend
648 * as if we issued that nonce when reporting to the hook.
649 */
650
651 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
652 if (*nonce <= '0' || '9' < *nonce) {
653 retval = NONCE_BAD;
654 goto leave;
655 }
656 stamp = parse_timestamp(nonce, &bohmac, 10);
657 if (bohmac == nonce || bohmac[0] != '-') {
658 retval = NONCE_BAD;
659 goto leave;
660 }
661
662 noncelen = strlen(nonce);
663 expect = prepare_push_cert_nonce(service_dir, stamp);
664 if (noncelen != strlen(expect)) {
665 /* This is not even the right size. */
666 retval = NONCE_BAD;
667 goto leave;
668 }
669 if (constant_memequal(expect, nonce, noncelen)) {
670 /* Not what we would have signed earlier */
671 retval = NONCE_BAD;
672 goto leave;
673 }
674
675 /*
676 * By how many seconds is this nonce stale? Negative value
677 * would mean it was issued by another server with its clock
678 * skewed in the future.
679 */
680 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
681 nonce_stamp_slop = (long)ostamp - (long)stamp;
682
683 if (nonce_stamp_slop_limit &&
684 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
685 /*
686 * Pretend as if the received nonce (which passes the
687 * HMAC check, so it is not a forged by third-party)
688 * is what we issued.
689 */
690 free((void *)push_cert_nonce);
691 push_cert_nonce = xstrdup(nonce);
692 retval = NONCE_OK;
693 } else {
694 retval = NONCE_SLOP;
695 }
696
697 leave:
698 free(nonce);
699 free(expect);
700 return retval;
701 }
702
703 /*
704 * Return 1 if there is no push_cert or if the push options in push_cert are
705 * the same as those in the argument; 0 otherwise.
706 */
707 static int check_cert_push_options(const struct string_list *push_options)
708 {
709 const char *buf = push_cert.buf;
710 int len = push_cert.len;
711
712 char *option;
713 const char *next_line;
714 int options_seen = 0;
715
716 int retval = 1;
717
718 if (!len)
719 return 1;
720
721 while ((option = find_header(buf, len, "push-option", &next_line))) {
722 len -= (next_line - buf);
723 buf = next_line;
724 options_seen++;
725 if (options_seen > push_options->nr
726 || strcmp(option,
727 push_options->items[options_seen - 1].string)) {
728 retval = 0;
729 goto leave;
730 }
731 free(option);
732 }
733
734 if (options_seen != push_options->nr)
735 retval = 0;
736
737 leave:
738 free(option);
739 return retval;
740 }
741
742 static void prepare_push_cert_sha1(struct child_process *proc)
743 {
744 static int already_done;
745
746 if (!push_cert.len)
747 return;
748
749 if (!already_done) {
750 int bogs /* beginning_of_gpg_sig */;
751
752 already_done = 1;
753 if (write_object_file(push_cert.buf, push_cert.len, "blob",
754 &push_cert_oid))
755 oidclr(&push_cert_oid);
756
757 memset(&sigcheck, '\0', sizeof(sigcheck));
758
759 bogs = parse_signature(push_cert.buf, push_cert.len);
760 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
761 push_cert.len - bogs, &sigcheck);
762
763 nonce_status = check_nonce(push_cert.buf, bogs);
764 }
765 if (!is_null_oid(&push_cert_oid)) {
766 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
767 oid_to_hex(&push_cert_oid));
768 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
769 sigcheck.signer ? sigcheck.signer : "");
770 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
771 sigcheck.key ? sigcheck.key : "");
772 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
773 sigcheck.result);
774 if (push_cert_nonce) {
775 strvec_pushf(&proc->env_array,
776 "GIT_PUSH_CERT_NONCE=%s",
777 push_cert_nonce);
778 strvec_pushf(&proc->env_array,
779 "GIT_PUSH_CERT_NONCE_STATUS=%s",
780 nonce_status);
781 if (nonce_status == NONCE_SLOP)
782 strvec_pushf(&proc->env_array,
783 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
784 nonce_stamp_slop);
785 }
786 }
787 }
788
789 struct receive_hook_feed_state {
790 struct command *cmd;
791 struct ref_push_report *report;
792 int skip_broken;
793 struct strbuf buf;
794 const struct string_list *push_options;
795 };
796
797 typedef int (*feed_fn)(void *, const char **, size_t *);
798 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
799 struct receive_hook_feed_state *feed_state)
800 {
801 struct child_process proc = CHILD_PROCESS_INIT;
802 struct async muxer;
803 const char *argv[2];
804 int code;
805
806 argv[0] = find_hook(hook_name);
807 if (!argv[0])
808 return 0;
809
810 argv[1] = NULL;
811
812 proc.argv = argv;
813 proc.in = -1;
814 proc.stdout_to_stderr = 1;
815 proc.trace2_hook_name = hook_name;
816
817 if (feed_state->push_options) {
818 int i;
819 for (i = 0; i < feed_state->push_options->nr; i++)
820 strvec_pushf(&proc.env_array,
821 "GIT_PUSH_OPTION_%d=%s", i,
822 feed_state->push_options->items[i].string);
823 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
824 feed_state->push_options->nr);
825 } else
826 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
827
828 if (tmp_objdir)
829 strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
830
831 if (use_sideband) {
832 memset(&muxer, 0, sizeof(muxer));
833 muxer.proc = copy_to_sideband;
834 muxer.in = -1;
835 code = start_async(&muxer);
836 if (code)
837 return code;
838 proc.err = muxer.in;
839 }
840
841 prepare_push_cert_sha1(&proc);
842
843 code = start_command(&proc);
844 if (code) {
845 if (use_sideband)
846 finish_async(&muxer);
847 return code;
848 }
849
850 sigchain_push(SIGPIPE, SIG_IGN);
851
852 while (1) {
853 const char *buf;
854 size_t n;
855 if (feed(feed_state, &buf, &n))
856 break;
857 if (write_in_full(proc.in, buf, n) < 0)
858 break;
859 }
860 close(proc.in);
861 if (use_sideband)
862 finish_async(&muxer);
863
864 sigchain_pop(SIGPIPE);
865
866 return finish_command(&proc);
867 }
868
869 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
870 {
871 struct receive_hook_feed_state *state = state_;
872 struct command *cmd = state->cmd;
873
874 while (cmd &&
875 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
876 cmd = cmd->next;
877 if (!cmd)
878 return -1; /* EOF */
879 if (!bufp)
880 return 0; /* OK, can feed something. */
881 strbuf_reset(&state->buf);
882 if (!state->report)
883 state->report = cmd->report;
884 if (state->report) {
885 struct object_id *old_oid;
886 struct object_id *new_oid;
887 const char *ref_name;
888
889 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
890 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
891 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
892 strbuf_addf(&state->buf, "%s %s %s\n",
893 oid_to_hex(old_oid), oid_to_hex(new_oid),
894 ref_name);
895 state->report = state->report->next;
896 if (!state->report)
897 state->cmd = cmd->next;
898 } else {
899 strbuf_addf(&state->buf, "%s %s %s\n",
900 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
901 cmd->ref_name);
902 state->cmd = cmd->next;
903 }
904 if (bufp) {
905 *bufp = state->buf.buf;
906 *sizep = state->buf.len;
907 }
908 return 0;
909 }
910
911 static int run_receive_hook(struct command *commands,
912 const char *hook_name,
913 int skip_broken,
914 const struct string_list *push_options)
915 {
916 struct receive_hook_feed_state state;
917 int status;
918
919 strbuf_init(&state.buf, 0);
920 state.cmd = commands;
921 state.skip_broken = skip_broken;
922 state.report = NULL;
923 if (feed_receive_hook(&state, NULL, NULL))
924 return 0;
925 state.cmd = commands;
926 state.push_options = push_options;
927 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
928 strbuf_release(&state.buf);
929 return status;
930 }
931
932 static int run_update_hook(struct command *cmd)
933 {
934 const char *argv[5];
935 struct child_process proc = CHILD_PROCESS_INIT;
936 int code;
937
938 argv[0] = find_hook("update");
939 if (!argv[0])
940 return 0;
941
942 argv[1] = cmd->ref_name;
943 argv[2] = oid_to_hex(&cmd->old_oid);
944 argv[3] = oid_to_hex(&cmd->new_oid);
945 argv[4] = NULL;
946
947 proc.no_stdin = 1;
948 proc.stdout_to_stderr = 1;
949 proc.err = use_sideband ? -1 : 0;
950 proc.argv = argv;
951 proc.trace2_hook_name = "update";
952
953 code = start_command(&proc);
954 if (code)
955 return code;
956 if (use_sideband)
957 copy_to_sideband(proc.err, -1, NULL);
958 return finish_command(&proc);
959 }
960
961 static struct command *find_command_by_refname(struct command *list,
962 const char *refname)
963 {
964 for (; list; list = list->next)
965 if (!strcmp(list->ref_name, refname))
966 return list;
967 return NULL;
968 }
969
970 static int read_proc_receive_report(struct packet_reader *reader,
971 struct command *commands,
972 struct strbuf *errmsg)
973 {
974 struct command *cmd;
975 struct command *hint = NULL;
976 struct ref_push_report *report = NULL;
977 int new_report = 0;
978 int code = 0;
979 int once = 0;
980 int response = 0;
981
982 for (;;) {
983 struct object_id old_oid, new_oid;
984 const char *head;
985 const char *refname;
986 char *p;
987 enum packet_read_status status;
988
989 status = packet_reader_read(reader);
990 if (status != PACKET_READ_NORMAL) {
991 /* Check whether proc-receive exited abnormally */
992 if (status == PACKET_READ_EOF && !response) {
993 strbuf_addstr(errmsg, "proc-receive exited abnormally");
994 return -1;
995 }
996 break;
997 }
998 response++;
999
1000 head = reader->line;
1001 p = strchr(head, ' ');
1002 if (!p) {
1003 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1004 code = -1;
1005 continue;
1006 }
1007 *p++ = '\0';
1008 if (!strcmp(head, "option")) {
1009 const char *key, *val;
1010
1011 if (!hint || !(report || new_report)) {
1012 if (!once++)
1013 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1014 code = -1;
1015 continue;
1016 }
1017 if (new_report) {
1018 if (!hint->report) {
1019 hint->report = xcalloc(1, sizeof(struct ref_push_report));
1020 report = hint->report;
1021 } else {
1022 report = hint->report;
1023 while (report->next)
1024 report = report->next;
1025 report->next = xcalloc(1, sizeof(struct ref_push_report));
1026 report = report->next;
1027 }
1028 new_report = 0;
1029 }
1030 key = p;
1031 p = strchr(key, ' ');
1032 if (p)
1033 *p++ = '\0';
1034 val = p;
1035 if (!strcmp(key, "refname"))
1036 report->ref_name = xstrdup_or_null(val);
1037 else if (!strcmp(key, "old-oid") && val &&
1038 !parse_oid_hex(val, &old_oid, &val))
1039 report->old_oid = oiddup(&old_oid);
1040 else if (!strcmp(key, "new-oid") && val &&
1041 !parse_oid_hex(val, &new_oid, &val))
1042 report->new_oid = oiddup(&new_oid);
1043 else if (!strcmp(key, "forced-update"))
1044 report->forced_update = 1;
1045 else if (!strcmp(key, "fall-through"))
1046 /* Fall through, let 'receive-pack' to execute it. */
1047 hint->run_proc_receive = 0;
1048 continue;
1049 }
1050
1051 report = NULL;
1052 new_report = 0;
1053 refname = p;
1054 p = strchr(refname, ' ');
1055 if (p)
1056 *p++ = '\0';
1057 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1058 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1059 head, refname);
1060 code = -1;
1061 continue;
1062 }
1063
1064 /* first try searching at our hint, falling back to all refs */
1065 if (hint)
1066 hint = find_command_by_refname(hint, refname);
1067 if (!hint)
1068 hint = find_command_by_refname(commands, refname);
1069 if (!hint) {
1070 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1071 refname);
1072 code = -1;
1073 continue;
1074 }
1075 if (!hint->run_proc_receive) {
1076 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1077 refname);
1078 code = -1;
1079 continue;
1080 }
1081 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1082 if (!strcmp(head, "ng")) {
1083 if (p)
1084 hint->error_string = xstrdup(p);
1085 else
1086 hint->error_string = "failed";
1087 code = -1;
1088 continue;
1089 }
1090 new_report = 1;
1091 }
1092
1093 for (cmd = commands; cmd; cmd = cmd->next)
1094 if (cmd->run_proc_receive && !cmd->error_string &&
1095 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1096 cmd->error_string = "proc-receive failed to report status";
1097 code = -1;
1098 }
1099 return code;
1100 }
1101
1102 static int run_proc_receive_hook(struct command *commands,
1103 const struct string_list *push_options)
1104 {
1105 struct child_process proc = CHILD_PROCESS_INIT;
1106 struct async muxer;
1107 struct command *cmd;
1108 const char *argv[2];
1109 struct packet_reader reader;
1110 struct strbuf cap = STRBUF_INIT;
1111 struct strbuf errmsg = STRBUF_INIT;
1112 int hook_use_push_options = 0;
1113 int version = 0;
1114 int code;
1115
1116 argv[0] = find_hook("proc-receive");
1117 if (!argv[0]) {
1118 rp_error("cannot find hook 'proc-receive'");
1119 return -1;
1120 }
1121 argv[1] = NULL;
1122
1123 proc.argv = argv;
1124 proc.in = -1;
1125 proc.out = -1;
1126 proc.trace2_hook_name = "proc-receive";
1127
1128 if (use_sideband) {
1129 memset(&muxer, 0, sizeof(muxer));
1130 muxer.proc = copy_to_sideband;
1131 muxer.in = -1;
1132 code = start_async(&muxer);
1133 if (code)
1134 return code;
1135 proc.err = muxer.in;
1136 } else {
1137 proc.err = 0;
1138 }
1139
1140 code = start_command(&proc);
1141 if (code) {
1142 if (use_sideband)
1143 finish_async(&muxer);
1144 return code;
1145 }
1146
1147 sigchain_push(SIGPIPE, SIG_IGN);
1148
1149 /* Version negotiaton */
1150 packet_reader_init(&reader, proc.out, NULL, 0,
1151 PACKET_READ_CHOMP_NEWLINE |
1152 PACKET_READ_GENTLE_ON_EOF);
1153 if (use_atomic)
1154 strbuf_addstr(&cap, " atomic");
1155 if (use_push_options)
1156 strbuf_addstr(&cap, " push-options");
1157 if (cap.len) {
1158 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1159 strbuf_release(&cap);
1160 } else {
1161 code = packet_write_fmt_gently(proc.in, "version=1\n");
1162 }
1163 if (!code)
1164 code = packet_flush_gently(proc.in);
1165
1166 if (!code)
1167 for (;;) {
1168 int linelen;
1169 enum packet_read_status status;
1170
1171 status = packet_reader_read(&reader);
1172 if (status != PACKET_READ_NORMAL) {
1173 /* Check whether proc-receive exited abnormally */
1174 if (status == PACKET_READ_EOF)
1175 code = -1;
1176 break;
1177 }
1178
1179 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1180 version = atoi(reader.line + 8);
1181 linelen = strlen(reader.line);
1182 if (linelen < reader.pktlen) {
1183 const char *feature_list = reader.line + linelen + 1;
1184 if (parse_feature_request(feature_list, "push-options"))
1185 hook_use_push_options = 1;
1186 }
1187 }
1188 }
1189
1190 if (code) {
1191 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1192 goto cleanup;
1193 }
1194
1195 switch (version) {
1196 case 0:
1197 /* fallthrough */
1198 case 1:
1199 break;
1200 default:
1201 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1202 version);
1203 code = -1;
1204 goto cleanup;
1205 }
1206
1207 /* Send commands */
1208 for (cmd = commands; cmd; cmd = cmd->next) {
1209 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1210 continue;
1211 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1212 oid_to_hex(&cmd->old_oid),
1213 oid_to_hex(&cmd->new_oid),
1214 cmd->ref_name);
1215 if (code)
1216 break;
1217 }
1218 if (!code)
1219 code = packet_flush_gently(proc.in);
1220 if (code) {
1221 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1222 goto cleanup;
1223 }
1224
1225 /* Send push options */
1226 if (hook_use_push_options) {
1227 struct string_list_item *item;
1228
1229 for_each_string_list_item(item, push_options) {
1230 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1231 if (code)
1232 break;
1233 }
1234 if (!code)
1235 code = packet_flush_gently(proc.in);
1236 if (code) {
1237 strbuf_addstr(&errmsg,
1238 "fail to write push-options to proc-receive hook");
1239 goto cleanup;
1240 }
1241 }
1242
1243 /* Read result from proc-receive */
1244 code = read_proc_receive_report(&reader, commands, &errmsg);
1245
1246 cleanup:
1247 close(proc.in);
1248 close(proc.out);
1249 if (use_sideband)
1250 finish_async(&muxer);
1251 if (finish_command(&proc))
1252 code = -1;
1253 if (errmsg.len >0) {
1254 char *p = errmsg.buf;
1255
1256 p += errmsg.len - 1;
1257 if (*p == '\n')
1258 *p = '\0';
1259 rp_error("%s", errmsg.buf);
1260 strbuf_release(&errmsg);
1261 }
1262 sigchain_pop(SIGPIPE);
1263
1264 return code;
1265 }
1266
1267 static char *refuse_unconfigured_deny_msg =
1268 N_("By default, updating the current branch in a non-bare repository\n"
1269 "is denied, because it will make the index and work tree inconsistent\n"
1270 "with what you pushed, and will require 'git reset --hard' to match\n"
1271 "the work tree to HEAD.\n"
1272 "\n"
1273 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1274 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1275 "its current branch; however, this is not recommended unless you\n"
1276 "arranged to update its work tree to match what you pushed in some\n"
1277 "other way.\n"
1278 "\n"
1279 "To squelch this message and still keep the default behaviour, set\n"
1280 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1281
1282 static void refuse_unconfigured_deny(void)
1283 {
1284 rp_error("%s", _(refuse_unconfigured_deny_msg));
1285 }
1286
1287 static char *refuse_unconfigured_deny_delete_current_msg =
1288 N_("By default, deleting the current branch is denied, because the next\n"
1289 "'git clone' won't result in any file checked out, causing confusion.\n"
1290 "\n"
1291 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1292 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1293 "current branch, with or without a warning message.\n"
1294 "\n"
1295 "To squelch this message, you can set it to 'refuse'.");
1296
1297 static void refuse_unconfigured_deny_delete_current(void)
1298 {
1299 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1300 }
1301
1302 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
1303 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1304 {
1305 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1306 struct oid_array extra = OID_ARRAY_INIT;
1307 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1308 uint32_t mask = 1 << (cmd->index % 32);
1309 int i;
1310
1311 trace_printf_key(&trace_shallow,
1312 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1313 for (i = 0; i < si->shallow->nr; i++)
1314 if (si->used_shallow[i] &&
1315 (si->used_shallow[i][cmd->index / 32] & mask) &&
1316 !delayed_reachability_test(si, i))
1317 oid_array_append(&extra, &si->shallow->oid[i]);
1318
1319 opt.env = tmp_objdir_env(tmp_objdir);
1320 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1321 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1322 rollback_shallow_file(the_repository, &shallow_lock);
1323 oid_array_clear(&extra);
1324 return -1;
1325 }
1326
1327 commit_shallow_file(the_repository, &shallow_lock);
1328
1329 /*
1330 * Make sure setup_alternate_shallow() for the next ref does
1331 * not lose these new roots..
1332 */
1333 for (i = 0; i < extra.nr; i++)
1334 register_shallow(the_repository, &extra.oid[i]);
1335
1336 si->shallow_ref[cmd->index] = 0;
1337 oid_array_clear(&extra);
1338 return 0;
1339 }
1340
1341 /*
1342 * NEEDSWORK: we should consolidate various implementions of "are we
1343 * on an unborn branch?" test into one, and make the unified one more
1344 * robust. !get_sha1() based check used here and elsewhere would not
1345 * allow us to tell an unborn branch from corrupt ref, for example.
1346 * For the purpose of fixing "deploy-to-update does not work when
1347 * pushing into an empty repository" issue, this should suffice for
1348 * now.
1349 */
1350 static int head_has_history(void)
1351 {
1352 struct object_id oid;
1353
1354 return !get_oid("HEAD", &oid);
1355 }
1356
1357 static const char *push_to_deploy(unsigned char *sha1,
1358 struct strvec *env,
1359 const char *work_tree)
1360 {
1361 const char *update_refresh[] = {
1362 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
1363 };
1364 const char *diff_files[] = {
1365 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
1366 };
1367 const char *diff_index[] = {
1368 "diff-index", "--quiet", "--cached", "--ignore-submodules",
1369 NULL, "--", NULL
1370 };
1371 const char *read_tree[] = {
1372 "read-tree", "-u", "-m", NULL, NULL
1373 };
1374 struct child_process child = CHILD_PROCESS_INIT;
1375
1376 child.argv = update_refresh;
1377 child.env = env->v;
1378 child.dir = work_tree;
1379 child.no_stdin = 1;
1380 child.stdout_to_stderr = 1;
1381 child.git_cmd = 1;
1382 if (run_command(&child))
1383 return "Up-to-date check failed";
1384
1385 /* run_command() does not clean up completely; reinitialize */
1386 child_process_init(&child);
1387 child.argv = diff_files;
1388 child.env = env->v;
1389 child.dir = work_tree;
1390 child.no_stdin = 1;
1391 child.stdout_to_stderr = 1;
1392 child.git_cmd = 1;
1393 if (run_command(&child))
1394 return "Working directory has unstaged changes";
1395
1396 /* diff-index with either HEAD or an empty tree */
1397 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
1398
1399 child_process_init(&child);
1400 child.argv = diff_index;
1401 child.env = env->v;
1402 child.no_stdin = 1;
1403 child.no_stdout = 1;
1404 child.stdout_to_stderr = 0;
1405 child.git_cmd = 1;
1406 if (run_command(&child))
1407 return "Working directory has staged changes";
1408
1409 read_tree[3] = hash_to_hex(sha1);
1410 child_process_init(&child);
1411 child.argv = read_tree;
1412 child.env = env->v;
1413 child.dir = work_tree;
1414 child.no_stdin = 1;
1415 child.no_stdout = 1;
1416 child.stdout_to_stderr = 0;
1417 child.git_cmd = 1;
1418 if (run_command(&child))
1419 return "Could not update working tree to new HEAD";
1420
1421 return NULL;
1422 }
1423
1424 static const char *push_to_checkout_hook = "push-to-checkout";
1425
1426 static const char *push_to_checkout(unsigned char *hash,
1427 struct strvec *env,
1428 const char *work_tree)
1429 {
1430 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1431 if (run_hook_le(env->v, push_to_checkout_hook,
1432 hash_to_hex(hash), NULL))
1433 return "push-to-checkout hook declined";
1434 else
1435 return NULL;
1436 }
1437
1438 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1439 {
1440 const char *retval, *work_tree, *git_dir = NULL;
1441 struct strvec env = STRVEC_INIT;
1442
1443 if (worktree && worktree->path)
1444 work_tree = worktree->path;
1445 else if (git_work_tree_cfg)
1446 work_tree = git_work_tree_cfg;
1447 else
1448 work_tree = "..";
1449
1450 if (is_bare_repository())
1451 return "denyCurrentBranch = updateInstead needs a worktree";
1452 if (worktree)
1453 git_dir = get_worktree_git_dir(worktree);
1454 if (!git_dir)
1455 git_dir = get_git_dir();
1456
1457 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1458
1459 if (!find_hook(push_to_checkout_hook))
1460 retval = push_to_deploy(sha1, &env, work_tree);
1461 else
1462 retval = push_to_checkout(sha1, &env, work_tree);
1463
1464 strvec_clear(&env);
1465 return retval;
1466 }
1467
1468 static const char *update(struct command *cmd, struct shallow_info *si)
1469 {
1470 const char *name = cmd->ref_name;
1471 struct strbuf namespaced_name_buf = STRBUF_INIT;
1472 static char *namespaced_name;
1473 const char *ret;
1474 struct object_id *old_oid = &cmd->old_oid;
1475 struct object_id *new_oid = &cmd->new_oid;
1476 int do_update_worktree = 0;
1477 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1478
1479 /* only refs/... are allowed */
1480 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1481 rp_error("refusing to create funny ref '%s' remotely", name);
1482 return "funny refname";
1483 }
1484
1485 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1486 free(namespaced_name);
1487 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1488
1489 if (worktree) {
1490 switch (deny_current_branch) {
1491 case DENY_IGNORE:
1492 break;
1493 case DENY_WARN:
1494 rp_warning("updating the current branch");
1495 break;
1496 case DENY_REFUSE:
1497 case DENY_UNCONFIGURED:
1498 rp_error("refusing to update checked out branch: %s", name);
1499 if (deny_current_branch == DENY_UNCONFIGURED)
1500 refuse_unconfigured_deny();
1501 return "branch is currently checked out";
1502 case DENY_UPDATE_INSTEAD:
1503 /* pass -- let other checks intervene first */
1504 do_update_worktree = 1;
1505 break;
1506 }
1507 }
1508
1509 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1510 error("unpack should have generated %s, "
1511 "but I can't find it!", oid_to_hex(new_oid));
1512 return "bad pack";
1513 }
1514
1515 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1516 if (deny_deletes && starts_with(name, "refs/heads/")) {
1517 rp_error("denying ref deletion for %s", name);
1518 return "deletion prohibited";
1519 }
1520
1521 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1522 switch (deny_delete_current) {
1523 case DENY_IGNORE:
1524 break;
1525 case DENY_WARN:
1526 rp_warning("deleting the current branch");
1527 break;
1528 case DENY_REFUSE:
1529 case DENY_UNCONFIGURED:
1530 case DENY_UPDATE_INSTEAD:
1531 if (deny_delete_current == DENY_UNCONFIGURED)
1532 refuse_unconfigured_deny_delete_current();
1533 rp_error("refusing to delete the current branch: %s", name);
1534 return "deletion of the current branch prohibited";
1535 default:
1536 return "Invalid denyDeleteCurrent setting";
1537 }
1538 }
1539 }
1540
1541 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1542 !is_null_oid(old_oid) &&
1543 starts_with(name, "refs/heads/")) {
1544 struct object *old_object, *new_object;
1545 struct commit *old_commit, *new_commit;
1546
1547 old_object = parse_object(the_repository, old_oid);
1548 new_object = parse_object(the_repository, new_oid);
1549
1550 if (!old_object || !new_object ||
1551 old_object->type != OBJ_COMMIT ||
1552 new_object->type != OBJ_COMMIT) {
1553 error("bad sha1 objects for %s", name);
1554 return "bad ref";
1555 }
1556 old_commit = (struct commit *)old_object;
1557 new_commit = (struct commit *)new_object;
1558 if (!in_merge_bases(old_commit, new_commit)) {
1559 rp_error("denying non-fast-forward %s"
1560 " (you should pull first)", name);
1561 return "non-fast-forward";
1562 }
1563 }
1564 if (run_update_hook(cmd)) {
1565 rp_error("hook declined to update %s", name);
1566 return "hook declined";
1567 }
1568
1569 if (do_update_worktree) {
1570 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1571 if (ret)
1572 return ret;
1573 }
1574
1575 if (is_null_oid(new_oid)) {
1576 struct strbuf err = STRBUF_INIT;
1577 if (!parse_object(the_repository, old_oid)) {
1578 old_oid = NULL;
1579 if (ref_exists(name)) {
1580 rp_warning("Allowing deletion of corrupt ref.");
1581 } else {
1582 rp_warning("Deleting a non-existent ref.");
1583 cmd->did_not_exist = 1;
1584 }
1585 }
1586 if (ref_transaction_delete(transaction,
1587 namespaced_name,
1588 old_oid,
1589 0, "push", &err)) {
1590 rp_error("%s", err.buf);
1591 strbuf_release(&err);
1592 return "failed to delete";
1593 }
1594 strbuf_release(&err);
1595 return NULL; /* good */
1596 }
1597 else {
1598 struct strbuf err = STRBUF_INIT;
1599 if (shallow_update && si->shallow_ref[cmd->index] &&
1600 update_shallow_ref(cmd, si))
1601 return "shallow error";
1602
1603 if (ref_transaction_update(transaction,
1604 namespaced_name,
1605 new_oid, old_oid,
1606 0, "push",
1607 &err)) {
1608 rp_error("%s", err.buf);
1609 strbuf_release(&err);
1610
1611 return "failed to update ref";
1612 }
1613 strbuf_release(&err);
1614
1615 return NULL; /* good */
1616 }
1617 }
1618
1619 static void run_update_post_hook(struct command *commands)
1620 {
1621 struct command *cmd;
1622 struct child_process proc = CHILD_PROCESS_INIT;
1623 const char *hook;
1624
1625 hook = find_hook("post-update");
1626 if (!hook)
1627 return;
1628
1629 for (cmd = commands; cmd; cmd = cmd->next) {
1630 if (cmd->error_string || cmd->did_not_exist)
1631 continue;
1632 if (!proc.args.nr)
1633 strvec_push(&proc.args, hook);
1634 strvec_push(&proc.args, cmd->ref_name);
1635 }
1636 if (!proc.args.nr)
1637 return;
1638
1639 proc.no_stdin = 1;
1640 proc.stdout_to_stderr = 1;
1641 proc.err = use_sideband ? -1 : 0;
1642 proc.trace2_hook_name = "post-update";
1643
1644 if (!start_command(&proc)) {
1645 if (use_sideband)
1646 copy_to_sideband(proc.err, -1, NULL);
1647 finish_command(&proc);
1648 }
1649 }
1650
1651 static void check_aliased_update_internal(struct command *cmd,
1652 struct string_list *list,
1653 const char *dst_name, int flag)
1654 {
1655 struct string_list_item *item;
1656 struct command *dst_cmd;
1657
1658 if (!(flag & REF_ISSYMREF))
1659 return;
1660
1661 if (!dst_name) {
1662 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1663 cmd->skip_update = 1;
1664 cmd->error_string = "broken symref";
1665 return;
1666 }
1667 dst_name = strip_namespace(dst_name);
1668
1669 if ((item = string_list_lookup(list, dst_name)) == NULL)
1670 return;
1671
1672 cmd->skip_update = 1;
1673
1674 dst_cmd = (struct command *) item->util;
1675
1676 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1677 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1678 return;
1679
1680 dst_cmd->skip_update = 1;
1681
1682 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1683 " its target '%s' (%s..%s)",
1684 cmd->ref_name,
1685 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1686 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1687 dst_cmd->ref_name,
1688 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1689 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1690
1691 cmd->error_string = dst_cmd->error_string =
1692 "inconsistent aliased update";
1693 }
1694
1695 static void check_aliased_update(struct command *cmd, struct string_list *list)
1696 {
1697 struct strbuf buf = STRBUF_INIT;
1698 const char *dst_name;
1699 int flag;
1700
1701 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1702 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1703 check_aliased_update_internal(cmd, list, dst_name, flag);
1704 strbuf_release(&buf);
1705 }
1706
1707 static void check_aliased_updates(struct command *commands)
1708 {
1709 struct command *cmd;
1710 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1711
1712 for (cmd = commands; cmd; cmd = cmd->next) {
1713 struct string_list_item *item =
1714 string_list_append(&ref_list, cmd->ref_name);
1715 item->util = (void *)cmd;
1716 }
1717 string_list_sort(&ref_list);
1718
1719 for (cmd = commands; cmd; cmd = cmd->next) {
1720 if (!cmd->error_string)
1721 check_aliased_update(cmd, &ref_list);
1722 }
1723
1724 string_list_clear(&ref_list, 0);
1725 }
1726
1727 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1728 {
1729 struct command **cmd_list = cb_data;
1730 struct command *cmd = *cmd_list;
1731
1732 if (!cmd || is_null_oid(&cmd->new_oid))
1733 return -1; /* end of list */
1734 *cmd_list = NULL; /* this returns only one */
1735 oidcpy(oid, &cmd->new_oid);
1736 return 0;
1737 }
1738
1739 static void set_connectivity_errors(struct command *commands,
1740 struct shallow_info *si)
1741 {
1742 struct command *cmd;
1743
1744 for (cmd = commands; cmd; cmd = cmd->next) {
1745 struct command *singleton = cmd;
1746 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1747
1748 if (shallow_update && si->shallow_ref[cmd->index])
1749 /* to be checked in update_shallow_ref() */
1750 continue;
1751
1752 opt.env = tmp_objdir_env(tmp_objdir);
1753 if (!check_connected(command_singleton_iterator, &singleton,
1754 &opt))
1755 continue;
1756
1757 cmd->error_string = "missing necessary objects";
1758 }
1759 }
1760
1761 struct iterate_data {
1762 struct command *cmds;
1763 struct shallow_info *si;
1764 };
1765
1766 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1767 {
1768 struct iterate_data *data = cb_data;
1769 struct command **cmd_list = &data->cmds;
1770 struct command *cmd = *cmd_list;
1771
1772 for (; cmd; cmd = cmd->next) {
1773 if (shallow_update && data->si->shallow_ref[cmd->index])
1774 /* to be checked in update_shallow_ref() */
1775 continue;
1776 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1777 oidcpy(oid, &cmd->new_oid);
1778 *cmd_list = cmd->next;
1779 return 0;
1780 }
1781 }
1782 *cmd_list = NULL;
1783 return -1; /* end of list */
1784 }
1785
1786 static void reject_updates_to_hidden(struct command *commands)
1787 {
1788 struct strbuf refname_full = STRBUF_INIT;
1789 size_t prefix_len;
1790 struct command *cmd;
1791
1792 strbuf_addstr(&refname_full, get_git_namespace());
1793 prefix_len = refname_full.len;
1794
1795 for (cmd = commands; cmd; cmd = cmd->next) {
1796 if (cmd->error_string)
1797 continue;
1798
1799 strbuf_setlen(&refname_full, prefix_len);
1800 strbuf_addstr(&refname_full, cmd->ref_name);
1801
1802 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1803 continue;
1804 if (is_null_oid(&cmd->new_oid))
1805 cmd->error_string = "deny deleting a hidden ref";
1806 else
1807 cmd->error_string = "deny updating a hidden ref";
1808 }
1809
1810 strbuf_release(&refname_full);
1811 }
1812
1813 static int should_process_cmd(struct command *cmd)
1814 {
1815 return !cmd->error_string && !cmd->skip_update;
1816 }
1817
1818 static void warn_if_skipped_connectivity_check(struct command *commands,
1819 struct shallow_info *si)
1820 {
1821 struct command *cmd;
1822 int checked_connectivity = 1;
1823
1824 for (cmd = commands; cmd; cmd = cmd->next) {
1825 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1826 error("BUG: connectivity check has not been run on ref %s",
1827 cmd->ref_name);
1828 checked_connectivity = 0;
1829 }
1830 }
1831 if (!checked_connectivity)
1832 BUG("connectivity check skipped???");
1833 }
1834
1835 static void execute_commands_non_atomic(struct command *commands,
1836 struct shallow_info *si)
1837 {
1838 struct command *cmd;
1839 struct strbuf err = STRBUF_INIT;
1840
1841 for (cmd = commands; cmd; cmd = cmd->next) {
1842 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1843 continue;
1844
1845 transaction = ref_transaction_begin(&err);
1846 if (!transaction) {
1847 rp_error("%s", err.buf);
1848 strbuf_reset(&err);
1849 cmd->error_string = "transaction failed to start";
1850 continue;
1851 }
1852
1853 cmd->error_string = update(cmd, si);
1854
1855 if (!cmd->error_string
1856 && ref_transaction_commit(transaction, &err)) {
1857 rp_error("%s", err.buf);
1858 strbuf_reset(&err);
1859 cmd->error_string = "failed to update ref";
1860 }
1861 ref_transaction_free(transaction);
1862 }
1863 strbuf_release(&err);
1864 }
1865
1866 static void execute_commands_atomic(struct command *commands,
1867 struct shallow_info *si)
1868 {
1869 struct command *cmd;
1870 struct strbuf err = STRBUF_INIT;
1871 const char *reported_error = "atomic push failure";
1872
1873 transaction = ref_transaction_begin(&err);
1874 if (!transaction) {
1875 rp_error("%s", err.buf);
1876 strbuf_reset(&err);
1877 reported_error = "transaction failed to start";
1878 goto failure;
1879 }
1880
1881 for (cmd = commands; cmd; cmd = cmd->next) {
1882 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1883 continue;
1884
1885 cmd->error_string = update(cmd, si);
1886
1887 if (cmd->error_string)
1888 goto failure;
1889 }
1890
1891 if (ref_transaction_commit(transaction, &err)) {
1892 rp_error("%s", err.buf);
1893 reported_error = "atomic transaction failed";
1894 goto failure;
1895 }
1896 goto cleanup;
1897
1898 failure:
1899 for (cmd = commands; cmd; cmd = cmd->next)
1900 if (!cmd->error_string)
1901 cmd->error_string = reported_error;
1902
1903 cleanup:
1904 ref_transaction_free(transaction);
1905 strbuf_release(&err);
1906 }
1907
1908 static void execute_commands(struct command *commands,
1909 const char *unpacker_error,
1910 struct shallow_info *si,
1911 const struct string_list *push_options)
1912 {
1913 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1914 struct command *cmd;
1915 struct iterate_data data;
1916 struct async muxer;
1917 int err_fd = 0;
1918 int run_proc_receive = 0;
1919
1920 if (unpacker_error) {
1921 for (cmd = commands; cmd; cmd = cmd->next)
1922 cmd->error_string = "unpacker error";
1923 return;
1924 }
1925
1926 if (use_sideband) {
1927 memset(&muxer, 0, sizeof(muxer));
1928 muxer.proc = copy_to_sideband;
1929 muxer.in = -1;
1930 if (!start_async(&muxer))
1931 err_fd = muxer.in;
1932 /* ...else, continue without relaying sideband */
1933 }
1934
1935 data.cmds = commands;
1936 data.si = si;
1937 opt.err_fd = err_fd;
1938 opt.progress = err_fd && !quiet;
1939 opt.env = tmp_objdir_env(tmp_objdir);
1940 if (check_connected(iterate_receive_command_list, &data, &opt))
1941 set_connectivity_errors(commands, si);
1942
1943 if (use_sideband)
1944 finish_async(&muxer);
1945
1946 reject_updates_to_hidden(commands);
1947
1948 /*
1949 * Try to find commands that have special prefix in their reference names,
1950 * and mark them to run an external "proc-receive" hook later.
1951 */
1952 if (proc_receive_ref) {
1953 for (cmd = commands; cmd; cmd = cmd->next) {
1954 if (!should_process_cmd(cmd))
1955 continue;
1956
1957 if (proc_receive_ref_matches(cmd)) {
1958 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1959 run_proc_receive = 1;
1960 }
1961 }
1962 }
1963
1964 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1965 for (cmd = commands; cmd; cmd = cmd->next) {
1966 if (!cmd->error_string)
1967 cmd->error_string = "pre-receive hook declined";
1968 }
1969 return;
1970 }
1971
1972 /*
1973 * Now we'll start writing out refs, which means the objects need
1974 * to be in their final positions so that other processes can see them.
1975 */
1976 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1977 for (cmd = commands; cmd; cmd = cmd->next) {
1978 if (!cmd->error_string)
1979 cmd->error_string = "unable to migrate objects to permanent storage";
1980 }
1981 return;
1982 }
1983 tmp_objdir = NULL;
1984
1985 check_aliased_updates(commands);
1986
1987 free(head_name_to_free);
1988 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1989
1990 if (run_proc_receive &&
1991 run_proc_receive_hook(commands, push_options))
1992 for (cmd = commands; cmd; cmd = cmd->next)
1993 if (!cmd->error_string &&
1994 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1995 (cmd->run_proc_receive || use_atomic))
1996 cmd->error_string = "fail to run proc-receive hook";
1997
1998 if (use_atomic)
1999 execute_commands_atomic(commands, si);
2000 else
2001 execute_commands_non_atomic(commands, si);
2002
2003 if (shallow_update)
2004 warn_if_skipped_connectivity_check(commands, si);
2005 }
2006
2007 static struct command **queue_command(struct command **tail,
2008 const char *line,
2009 int linelen)
2010 {
2011 struct object_id old_oid, new_oid;
2012 struct command *cmd;
2013 const char *refname;
2014 int reflen;
2015 const char *p;
2016
2017 if (parse_oid_hex(line, &old_oid, &p) ||
2018 *p++ != ' ' ||
2019 parse_oid_hex(p, &new_oid, &p) ||
2020 *p++ != ' ')
2021 die("protocol error: expected old/new/ref, got '%s'", line);
2022
2023 refname = p;
2024 reflen = linelen - (p - line);
2025 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2026 oidcpy(&cmd->old_oid, &old_oid);
2027 oidcpy(&cmd->new_oid, &new_oid);
2028 *tail = cmd;
2029 return &cmd->next;
2030 }
2031
2032 static void queue_commands_from_cert(struct command **tail,
2033 struct strbuf *push_cert)
2034 {
2035 const char *boc, *eoc;
2036
2037 if (*tail)
2038 die("protocol error: got both push certificate and unsigned commands");
2039
2040 boc = strstr(push_cert->buf, "\n\n");
2041 if (!boc)
2042 die("malformed push certificate %.*s", 100, push_cert->buf);
2043 else
2044 boc += 2;
2045 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
2046
2047 while (boc < eoc) {
2048 const char *eol = memchr(boc, '\n', eoc - boc);
2049 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2050 boc = eol ? eol + 1 : eoc;
2051 }
2052 }
2053
2054 static struct command *read_head_info(struct packet_reader *reader,
2055 struct oid_array *shallow)
2056 {
2057 struct command *commands = NULL;
2058 struct command **p = &commands;
2059 for (;;) {
2060 int linelen;
2061
2062 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2063 break;
2064
2065 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2066 struct object_id oid;
2067 if (get_oid_hex(reader->line + 8, &oid))
2068 die("protocol error: expected shallow sha, got '%s'",
2069 reader->line + 8);
2070 oid_array_append(shallow, &oid);
2071 continue;
2072 }
2073
2074 linelen = strlen(reader->line);
2075 if (linelen < reader->pktlen) {
2076 const char *feature_list = reader->line + linelen + 1;
2077 const char *hash = NULL;
2078 int len = 0;
2079 if (parse_feature_request(feature_list, "report-status"))
2080 report_status = 1;
2081 if (parse_feature_request(feature_list, "report-status-v2"))
2082 report_status_v2 = 1;
2083 if (parse_feature_request(feature_list, "side-band-64k"))
2084 use_sideband = LARGE_PACKET_MAX;
2085 if (parse_feature_request(feature_list, "quiet"))
2086 quiet = 1;
2087 if (advertise_atomic_push
2088 && parse_feature_request(feature_list, "atomic"))
2089 use_atomic = 1;
2090 if (advertise_push_options
2091 && parse_feature_request(feature_list, "push-options"))
2092 use_push_options = 1;
2093 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2094 if (!hash) {
2095 hash = hash_algos[GIT_HASH_SHA1].name;
2096 len = strlen(hash);
2097 }
2098 if (xstrncmpz(the_hash_algo->name, hash, len))
2099 die("error: unsupported object format '%s'", hash);
2100 }
2101
2102 if (!strcmp(reader->line, "push-cert")) {
2103 int true_flush = 0;
2104 int saved_options = reader->options;
2105 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2106
2107 for (;;) {
2108 packet_reader_read(reader);
2109 if (reader->status == PACKET_READ_FLUSH) {
2110 true_flush = 1;
2111 break;
2112 }
2113 if (reader->status != PACKET_READ_NORMAL) {
2114 die("protocol error: got an unexpected packet");
2115 }
2116 if (!strcmp(reader->line, "push-cert-end\n"))
2117 break; /* end of cert */
2118 strbuf_addstr(&push_cert, reader->line);
2119 }
2120 reader->options = saved_options;
2121
2122 if (true_flush)
2123 break;
2124 continue;
2125 }
2126
2127 p = queue_command(p, reader->line, linelen);
2128 }
2129
2130 if (push_cert.len)
2131 queue_commands_from_cert(p, &push_cert);
2132
2133 return commands;
2134 }
2135
2136 static void read_push_options(struct packet_reader *reader,
2137 struct string_list *options)
2138 {
2139 while (1) {
2140 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2141 break;
2142
2143 string_list_append(options, reader->line);
2144 }
2145 }
2146
2147 static const char *parse_pack_header(struct pack_header *hdr)
2148 {
2149 switch (read_pack_header(0, hdr)) {
2150 case PH_ERROR_EOF:
2151 return "eof before pack header was fully read";
2152
2153 case PH_ERROR_PACK_SIGNATURE:
2154 return "protocol error (pack signature mismatch detected)";
2155
2156 case PH_ERROR_PROTOCOL:
2157 return "protocol error (pack version unsupported)";
2158
2159 default:
2160 return "unknown error in parse_pack_header";
2161
2162 case 0:
2163 return NULL;
2164 }
2165 }
2166
2167 static const char *pack_lockfile;
2168
2169 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2170 {
2171 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2172 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2173 }
2174
2175 static const char *unpack(int err_fd, struct shallow_info *si)
2176 {
2177 struct pack_header hdr;
2178 const char *hdr_err;
2179 int status;
2180 struct child_process child = CHILD_PROCESS_INIT;
2181 int fsck_objects = (receive_fsck_objects >= 0
2182 ? receive_fsck_objects
2183 : transfer_fsck_objects >= 0
2184 ? transfer_fsck_objects
2185 : 0);
2186
2187 hdr_err = parse_pack_header(&hdr);
2188 if (hdr_err) {
2189 if (err_fd > 0)
2190 close(err_fd);
2191 return hdr_err;
2192 }
2193
2194 if (si->nr_ours || si->nr_theirs) {
2195 alt_shallow_file = setup_temporary_shallow(si->shallow);
2196 strvec_push(&child.args, "--shallow-file");
2197 strvec_push(&child.args, alt_shallow_file);
2198 }
2199
2200 tmp_objdir = tmp_objdir_create();
2201 if (!tmp_objdir) {
2202 if (err_fd > 0)
2203 close(err_fd);
2204 return "unable to create temporary object directory";
2205 }
2206 child.env = tmp_objdir_env(tmp_objdir);
2207
2208 /*
2209 * Normally we just pass the tmp_objdir environment to the child
2210 * processes that do the heavy lifting, but we may need to see these
2211 * objects ourselves to set up shallow information.
2212 */
2213 tmp_objdir_add_as_alternate(tmp_objdir);
2214
2215 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2216 strvec_push(&child.args, "unpack-objects");
2217 push_header_arg(&child.args, &hdr);
2218 if (quiet)
2219 strvec_push(&child.args, "-q");
2220 if (fsck_objects)
2221 strvec_pushf(&child.args, "--strict%s",
2222 fsck_msg_types.buf);
2223 if (max_input_size)
2224 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2225 (uintmax_t)max_input_size);
2226 child.no_stdout = 1;
2227 child.err = err_fd;
2228 child.git_cmd = 1;
2229 status = run_command(&child);
2230 if (status)
2231 return "unpack-objects abnormal exit";
2232 } else {
2233 char hostname[HOST_NAME_MAX + 1];
2234
2235 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2236 push_header_arg(&child.args, &hdr);
2237
2238 if (xgethostname(hostname, sizeof(hostname)))
2239 xsnprintf(hostname, sizeof(hostname), "localhost");
2240 strvec_pushf(&child.args,
2241 "--keep=receive-pack %"PRIuMAX" on %s",
2242 (uintmax_t)getpid(),
2243 hostname);
2244
2245 if (!quiet && err_fd)
2246 strvec_push(&child.args, "--show-resolving-progress");
2247 if (use_sideband)
2248 strvec_push(&child.args, "--report-end-of-input");
2249 if (fsck_objects)
2250 strvec_pushf(&child.args, "--strict%s",
2251 fsck_msg_types.buf);
2252 if (!reject_thin)
2253 strvec_push(&child.args, "--fix-thin");
2254 if (max_input_size)
2255 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2256 (uintmax_t)max_input_size);
2257 child.out = -1;
2258 child.err = err_fd;
2259 child.git_cmd = 1;
2260 status = start_command(&child);
2261 if (status)
2262 return "index-pack fork failed";
2263 pack_lockfile = index_pack_lockfile(child.out);
2264 close(child.out);
2265 status = finish_command(&child);
2266 if (status)
2267 return "index-pack abnormal exit";
2268 reprepare_packed_git(the_repository);
2269 }
2270 return NULL;
2271 }
2272
2273 static const char *unpack_with_sideband(struct shallow_info *si)
2274 {
2275 struct async muxer;
2276 const char *ret;
2277
2278 if (!use_sideband)
2279 return unpack(0, si);
2280
2281 use_keepalive = KEEPALIVE_AFTER_NUL;
2282 memset(&muxer, 0, sizeof(muxer));
2283 muxer.proc = copy_to_sideband;
2284 muxer.in = -1;
2285 if (start_async(&muxer))
2286 return NULL;
2287
2288 ret = unpack(muxer.in, si);
2289
2290 finish_async(&muxer);
2291 return ret;
2292 }
2293
2294 static void prepare_shallow_update(struct shallow_info *si)
2295 {
2296 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2297
2298 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2299 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2300
2301 si->need_reachability_test =
2302 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
2303 si->reachable =
2304 xcalloc(si->shallow->nr, sizeof(*si->reachable));
2305 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
2306
2307 for (i = 0; i < si->nr_ours; i++)
2308 si->need_reachability_test[si->ours[i]] = 1;
2309
2310 for (i = 0; i < si->shallow->nr; i++) {
2311 if (!si->used_shallow[i])
2312 continue;
2313 for (j = 0; j < bitmap_size; j++) {
2314 if (!si->used_shallow[i][j])
2315 continue;
2316 si->need_reachability_test[i]++;
2317 for (k = 0; k < 32; k++)
2318 if (si->used_shallow[i][j] & (1U << k))
2319 si->shallow_ref[j * 32 + k]++;
2320 }
2321
2322 /*
2323 * true for those associated with some refs and belong
2324 * in "ours" list aka "step 7 not done yet"
2325 */
2326 si->need_reachability_test[i] =
2327 si->need_reachability_test[i] > 1;
2328 }
2329
2330 /*
2331 * keep hooks happy by forcing a temporary shallow file via
2332 * env variable because we can't add --shallow-file to every
2333 * command. check_connected() will be done with
2334 * true .git/shallow though.
2335 */
2336 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2337 }
2338
2339 static void update_shallow_info(struct command *commands,
2340 struct shallow_info *si,
2341 struct oid_array *ref)
2342 {
2343 struct command *cmd;
2344 int *ref_status;
2345 remove_nonexistent_theirs_shallow(si);
2346 if (!si->nr_ours && !si->nr_theirs) {
2347 shallow_update = 0;
2348 return;
2349 }
2350
2351 for (cmd = commands; cmd; cmd = cmd->next) {
2352 if (is_null_oid(&cmd->new_oid))
2353 continue;
2354 oid_array_append(ref, &cmd->new_oid);
2355 cmd->index = ref->nr - 1;
2356 }
2357 si->ref = ref;
2358
2359 if (shallow_update) {
2360 prepare_shallow_update(si);
2361 return;
2362 }
2363
2364 ALLOC_ARRAY(ref_status, ref->nr);
2365 assign_shallow_commits_to_refs(si, NULL, ref_status);
2366 for (cmd = commands; cmd; cmd = cmd->next) {
2367 if (is_null_oid(&cmd->new_oid))
2368 continue;
2369 if (ref_status[cmd->index]) {
2370 cmd->error_string = "shallow update not allowed";
2371 cmd->skip_update = 1;
2372 }
2373 }
2374 free(ref_status);
2375 }
2376
2377 static void report(struct command *commands, const char *unpack_status)
2378 {
2379 struct command *cmd;
2380 struct strbuf buf = STRBUF_INIT;
2381
2382 packet_buf_write(&buf, "unpack %s\n",
2383 unpack_status ? unpack_status : "ok");
2384 for (cmd = commands; cmd; cmd = cmd->next) {
2385 if (!cmd->error_string)
2386 packet_buf_write(&buf, "ok %s\n",
2387 cmd->ref_name);
2388 else
2389 packet_buf_write(&buf, "ng %s %s\n",
2390 cmd->ref_name, cmd->error_string);
2391 }
2392 packet_buf_flush(&buf);
2393
2394 if (use_sideband)
2395 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2396 else
2397 write_or_die(1, buf.buf, buf.len);
2398 strbuf_release(&buf);
2399 }
2400
2401 static void report_v2(struct command *commands, const char *unpack_status)
2402 {
2403 struct command *cmd;
2404 struct strbuf buf = STRBUF_INIT;
2405 struct ref_push_report *report;
2406
2407 packet_buf_write(&buf, "unpack %s\n",
2408 unpack_status ? unpack_status : "ok");
2409 for (cmd = commands; cmd; cmd = cmd->next) {
2410 int count = 0;
2411
2412 if (cmd->error_string) {
2413 packet_buf_write(&buf, "ng %s %s\n",
2414 cmd->ref_name,
2415 cmd->error_string);
2416 continue;
2417 }
2418 packet_buf_write(&buf, "ok %s\n",
2419 cmd->ref_name);
2420 for (report = cmd->report; report; report = report->next) {
2421 if (count++ > 0)
2422 packet_buf_write(&buf, "ok %s\n",
2423 cmd->ref_name);
2424 if (report->ref_name)
2425 packet_buf_write(&buf, "option refname %s\n",
2426 report->ref_name);
2427 if (report->old_oid)
2428 packet_buf_write(&buf, "option old-oid %s\n",
2429 oid_to_hex(report->old_oid));
2430 if (report->new_oid)
2431 packet_buf_write(&buf, "option new-oid %s\n",
2432 oid_to_hex(report->new_oid));
2433 if (report->forced_update)
2434 packet_buf_write(&buf, "option forced-update\n");
2435 }
2436 }
2437 packet_buf_flush(&buf);
2438
2439 if (use_sideband)
2440 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2441 else
2442 write_or_die(1, buf.buf, buf.len);
2443 strbuf_release(&buf);
2444 }
2445
2446 static int delete_only(struct command *commands)
2447 {
2448 struct command *cmd;
2449 for (cmd = commands; cmd; cmd = cmd->next) {
2450 if (!is_null_oid(&cmd->new_oid))
2451 return 0;
2452 }
2453 return 1;
2454 }
2455
2456 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2457 {
2458 int advertise_refs = 0;
2459 struct command *commands;
2460 struct oid_array shallow = OID_ARRAY_INIT;
2461 struct oid_array ref = OID_ARRAY_INIT;
2462 struct shallow_info si;
2463 struct packet_reader reader;
2464
2465 struct option options[] = {
2466 OPT__QUIET(&quiet, N_("quiet")),
2467 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2468 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
2469 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2470 OPT_END()
2471 };
2472
2473 packet_trace_identity("receive-pack");
2474
2475 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2476
2477 if (argc > 1)
2478 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
2479 if (argc == 0)
2480 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
2481
2482 service_dir = argv[0];
2483
2484 setup_path();
2485
2486 if (!enter_repo(service_dir, 0))
2487 die("'%s' does not appear to be a git repository", service_dir);
2488
2489 git_config(receive_pack_config, NULL);
2490 if (cert_nonce_seed)
2491 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2492
2493 if (0 <= transfer_unpack_limit)
2494 unpack_limit = transfer_unpack_limit;
2495 else if (0 <= receive_unpack_limit)
2496 unpack_limit = receive_unpack_limit;
2497
2498 switch (determine_protocol_version_server()) {
2499 case protocol_v2:
2500 /*
2501 * push support for protocol v2 has not been implemented yet,
2502 * so ignore the request to use v2 and fallback to using v0.
2503 */
2504 break;
2505 case protocol_v1:
2506 /*
2507 * v1 is just the original protocol with a version string,
2508 * so just fall through after writing the version string.
2509 */
2510 if (advertise_refs || !stateless_rpc)
2511 packet_write_fmt(1, "version 1\n");
2512
2513 /* fallthrough */
2514 case protocol_v0:
2515 break;
2516 case protocol_unknown_version:
2517 BUG("unknown protocol version");
2518 }
2519
2520 if (advertise_refs || !stateless_rpc) {
2521 write_head_info();
2522 }
2523 if (advertise_refs)
2524 return 0;
2525
2526 packet_reader_init(&reader, 0, NULL, 0,
2527 PACKET_READ_CHOMP_NEWLINE |
2528 PACKET_READ_DIE_ON_ERR_PACKET);
2529
2530 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2531 const char *unpack_status = NULL;
2532 struct string_list push_options = STRING_LIST_INIT_DUP;
2533
2534 if (use_push_options)
2535 read_push_options(&reader, &push_options);
2536 if (!check_cert_push_options(&push_options)) {
2537 struct command *cmd;
2538 for (cmd = commands; cmd; cmd = cmd->next)
2539 cmd->error_string = "inconsistent push options";
2540 }
2541
2542 prepare_shallow_info(&si, &shallow);
2543 if (!si.nr_ours && !si.nr_theirs)
2544 shallow_update = 0;
2545 if (!delete_only(commands)) {
2546 unpack_status = unpack_with_sideband(&si);
2547 update_shallow_info(commands, &si, &ref);
2548 }
2549 use_keepalive = KEEPALIVE_ALWAYS;
2550 execute_commands(commands, unpack_status, &si,
2551 &push_options);
2552 if (pack_lockfile)
2553 unlink_or_warn(pack_lockfile);
2554 if (report_status_v2)
2555 report_v2(commands, unpack_status);
2556 else if (report_status)
2557 report(commands, unpack_status);
2558 run_receive_hook(commands, "post-receive", 1,
2559 &push_options);
2560 run_update_post_hook(commands);
2561 string_list_clear(&push_options, 0);
2562 if (auto_gc) {
2563 const char *argv_gc_auto[] = {
2564 "gc", "--auto", "--quiet", NULL,
2565 };
2566 struct child_process proc = CHILD_PROCESS_INIT;
2567
2568 proc.no_stdin = 1;
2569 proc.stdout_to_stderr = 1;
2570 proc.err = use_sideband ? -1 : 0;
2571 proc.git_cmd = 1;
2572 proc.argv = argv_gc_auto;
2573
2574 close_object_store(the_repository->objects);
2575 if (!start_command(&proc)) {
2576 if (use_sideband)
2577 copy_to_sideband(proc.err, -1, NULL);
2578 finish_command(&proc);
2579 }
2580 }
2581 if (auto_update_server_info)
2582 update_server_info(0);
2583 clear_shallow_info(&si);
2584 }
2585 if (use_sideband)
2586 packet_flush(1);
2587 oid_array_clear(&shallow);
2588 oid_array_clear(&ref);
2589 free((void *)push_cert_nonce);
2590 return 0;
2591 }
Unnamed repository; edit this file 'description' to name the repository.