]> git.ipfire.org Git - thirdparty/git.git/blob - refs/files-backend.c
projects / thirdparty / git.git / blob
? search:


bf6f89b1d1938b6fae0c4125839c188b0d65fc86
[thirdparty/git.git] / refs / files-backend.c
1 #define USE_THE_REPOSITORY_VARIABLE
2 #define DISABLE_SIGN_COMPARE_WARNINGS
3
4 #include "../git-compat-util.h"
5 #include "../abspath.h"
6 #include "../config.h"
7 #include "../copy.h"
8 #include "../environment.h"
9 #include "../gettext.h"
10 #include "../hash.h"
11 #include "../hex.h"
12 #include "../fsck.h"
13 #include "../refs.h"
14 #include "../repo-settings.h"
15 #include "refs-internal.h"
16 #include "ref-cache.h"
17 #include "packed-backend.h"
18 #include "../ident.h"
19 #include "../iterator.h"
20 #include "../dir-iterator.h"
21 #include "../lockfile.h"
22 #include "../object.h"
23 #include "../object-file.h"
24 #include "../path.h"
25 #include "../dir.h"
26 #include "../chdir-notify.h"
27 #include "../setup.h"
28 #include "../worktree.h"
29 #include "../wrapper.h"
30 #include "../write-or-die.h"
31 #include "../revision.h"
32 #include <wildmatch.h>
33
34 /*
35 * This backend uses the following flags in `ref_update::flags` for
36 * internal bookkeeping purposes. Their numerical values must not
37 * conflict with REF_NO_DEREF, REF_FORCE_CREATE_REFLOG, REF_HAVE_NEW,
38 * or REF_HAVE_OLD, which are also stored in `ref_update::flags`.
39 */
40
41 /*
42 * Used as a flag in ref_update::flags when a loose ref is being
43 * pruned. This flag must only be used when REF_NO_DEREF is set.
44 */
45 #define REF_IS_PRUNING (1 << 4)
46
47 /*
48 * Flag passed to lock_ref_sha1_basic() telling it to tolerate broken
49 * refs (i.e., because the reference is about to be deleted anyway).
50 */
51 #define REF_DELETING (1 << 5)
52
53 /*
54 * Used as a flag in ref_update::flags when the lockfile needs to be
55 * committed.
56 */
57 #define REF_NEEDS_COMMIT (1 << 6)
58
59 /*
60 * Used as a flag in ref_update::flags when the ref_update was via an
61 * update to HEAD.
62 */
63 #define REF_UPDATE_VIA_HEAD (1 << 8)
64
65 /*
66 * Used as a flag in ref_update::flags when a reference has been
67 * deleted and the ref's parent directories may need cleanup.
68 */
69 #define REF_DELETED_RMDIR (1 << 9)
70
71 struct ref_lock {
72 char *ref_name;
73 struct lock_file lk;
74 struct object_id old_oid;
75 unsigned int count; /* track users of the lock (ref update + reflog updates) */
76 };
77
78 struct files_ref_store {
79 struct ref_store base;
80 unsigned int store_flags;
81
82 char *gitcommondir;
83 enum log_refs_config log_all_ref_updates;
84 int prefer_symlink_refs;
85
86 struct ref_cache *loose;
87
88 struct ref_store *packed_ref_store;
89 };
90
91 static void clear_loose_ref_cache(struct files_ref_store *refs)
92 {
93 if (refs->loose) {
94 free_ref_cache(refs->loose);
95 refs->loose = NULL;
96 }
97 }
98
99 /*
100 * Create a new submodule ref cache and add it to the internal
101 * set of caches.
102 */
103 static struct ref_store *files_ref_store_init(struct repository *repo,
104 const char *gitdir,
105 unsigned int flags)
106 {
107 struct files_ref_store *refs = xcalloc(1, sizeof(*refs));
108 struct ref_store *ref_store = (struct ref_store *)refs;
109 struct strbuf sb = STRBUF_INIT;
110
111 base_ref_store_init(ref_store, repo, gitdir, &refs_be_files);
112 refs->store_flags = flags;
113 get_common_dir_noenv(&sb, gitdir);
114 refs->gitcommondir = strbuf_detach(&sb, NULL);
115 refs->packed_ref_store =
116 packed_ref_store_init(repo, refs->gitcommondir, flags);
117 refs->log_all_ref_updates = repo_settings_get_log_all_ref_updates(repo);
118 repo_config_get_bool(repo, "core.prefersymlinkrefs", &refs->prefer_symlink_refs);
119
120 chdir_notify_reparent("files-backend $GIT_DIR", &refs->base.gitdir);
121 chdir_notify_reparent("files-backend $GIT_COMMONDIR",
122 &refs->gitcommondir);
123
124 return ref_store;
125 }
126
127 /*
128 * Die if refs is not the main ref store. caller is used in any
129 * necessary error messages.
130 */
131 static void files_assert_main_repository(struct files_ref_store *refs,
132 const char *caller)
133 {
134 if (refs->store_flags & REF_STORE_MAIN)
135 return;
136
137 BUG("operation %s only allowed for main ref store", caller);
138 }
139
140 /*
141 * Downcast ref_store to files_ref_store. Die if ref_store is not a
142 * files_ref_store. required_flags is compared with ref_store's
143 * store_flags to ensure the ref_store has all required capabilities.
144 * "caller" is used in any necessary error messages.
145 */
146 static struct files_ref_store *files_downcast(struct ref_store *ref_store,
147 unsigned int required_flags,
148 const char *caller)
149 {
150 struct files_ref_store *refs;
151
152 if (ref_store->be != &refs_be_files)
153 BUG("ref_store is type \"%s\" not \"files\" in %s",
154 ref_store->be->name, caller);
155
156 refs = (struct files_ref_store *)ref_store;
157
158 if ((refs->store_flags & required_flags) != required_flags)
159 BUG("operation %s requires abilities 0x%x, but only have 0x%x",
160 caller, required_flags, refs->store_flags);
161
162 return refs;
163 }
164
165 static void files_ref_store_release(struct ref_store *ref_store)
166 {
167 struct files_ref_store *refs = files_downcast(ref_store, 0, "release");
168 free_ref_cache(refs->loose);
169 free(refs->gitcommondir);
170 ref_store_release(refs->packed_ref_store);
171 free(refs->packed_ref_store);
172 }
173
174 static void files_reflog_path(struct files_ref_store *refs,
175 struct strbuf *sb,
176 const char *refname)
177 {
178 const char *bare_refname;
179 const char *wtname;
180 int wtname_len;
181 enum ref_worktree_type wt_type = parse_worktree_ref(
182 refname, &wtname, &wtname_len, &bare_refname);
183
184 switch (wt_type) {
185 case REF_WORKTREE_CURRENT:
186 strbuf_addf(sb, "%s/logs/%s", refs->base.gitdir, refname);
187 break;
188 case REF_WORKTREE_SHARED:
189 case REF_WORKTREE_MAIN:
190 strbuf_addf(sb, "%s/logs/%s", refs->gitcommondir, bare_refname);
191 break;
192 case REF_WORKTREE_OTHER:
193 strbuf_addf(sb, "%s/worktrees/%.*s/logs/%s", refs->gitcommondir,
194 wtname_len, wtname, bare_refname);
195 break;
196 default:
197 BUG("unknown ref type %d of ref %s", wt_type, refname);
198 }
199 }
200
201 static void files_ref_path(struct files_ref_store *refs,
202 struct strbuf *sb,
203 const char *refname)
204 {
205 const char *bare_refname;
206 const char *wtname;
207 int wtname_len;
208 enum ref_worktree_type wt_type = parse_worktree_ref(
209 refname, &wtname, &wtname_len, &bare_refname);
210 switch (wt_type) {
211 case REF_WORKTREE_CURRENT:
212 strbuf_addf(sb, "%s/%s", refs->base.gitdir, refname);
213 break;
214 case REF_WORKTREE_OTHER:
215 strbuf_addf(sb, "%s/worktrees/%.*s/%s", refs->gitcommondir,
216 wtname_len, wtname, bare_refname);
217 break;
218 case REF_WORKTREE_SHARED:
219 case REF_WORKTREE_MAIN:
220 strbuf_addf(sb, "%s/%s", refs->gitcommondir, bare_refname);
221 break;
222 default:
223 BUG("unknown ref type %d of ref %s", wt_type, refname);
224 }
225 }
226
227 /*
228 * Manually add refs/bisect, refs/rewritten and refs/worktree, which, being
229 * per-worktree, might not appear in the directory listing for
230 * refs/ in the main repo.
231 */
232 static void add_per_worktree_entries_to_dir(struct ref_dir *dir, const char *dirname)
233 {
234 const char *prefixes[] = { "refs/bisect/", "refs/worktree/", "refs/rewritten/" };
235 int ip;
236
237 if (strcmp(dirname, "refs/"))
238 return;
239
240 for (ip = 0; ip < ARRAY_SIZE(prefixes); ip++) {
241 const char *prefix = prefixes[ip];
242 int prefix_len = strlen(prefix);
243 struct ref_entry *child_entry;
244 int pos;
245
246 pos = search_ref_dir(dir, prefix, prefix_len);
247 if (pos >= 0)
248 continue;
249 child_entry = create_dir_entry(dir->cache, prefix, prefix_len);
250 add_entry_to_dir(dir, child_entry);
251 }
252 }
253
254 static void loose_fill_ref_dir_regular_file(struct files_ref_store *refs,
255 const char *refname,
256 struct ref_dir *dir)
257 {
258 struct object_id oid;
259 int flag;
260 const char *referent = refs_resolve_ref_unsafe(&refs->base,
261 refname,
262 RESOLVE_REF_READING,
263 &oid, &flag);
264
265 if (!referent) {
266 oidclr(&oid, refs->base.repo->hash_algo);
267 flag |= REF_ISBROKEN;
268 } else if (is_null_oid(&oid)) {
269 /*
270 * It is so astronomically unlikely
271 * that null_oid is the OID of an
272 * actual object that we consider its
273 * appearance in a loose reference
274 * file to be repo corruption
275 * (probably due to a software bug).
276 */
277 flag |= REF_ISBROKEN;
278 }
279
280 if (check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) {
281 if (!refname_is_safe(refname))
282 die("loose refname is dangerous: %s", refname);
283 oidclr(&oid, refs->base.repo->hash_algo);
284 flag |= REF_BAD_NAME | REF_ISBROKEN;
285 }
286
287 if (!(flag & REF_ISSYMREF))
288 referent = NULL;
289
290 add_entry_to_dir(dir, create_ref_entry(refname, referent, &oid, flag));
291 }
292
293 /*
294 * Read the loose references from the namespace dirname into dir
295 * (without recursing). dirname must end with '/'. dir must be the
296 * directory entry corresponding to dirname.
297 */
298 static void loose_fill_ref_dir(struct ref_store *ref_store,
299 struct ref_dir *dir, const char *dirname)
300 {
301 struct files_ref_store *refs =
302 files_downcast(ref_store, REF_STORE_READ, "fill_ref_dir");
303 DIR *d;
304 struct dirent *de;
305 int dirnamelen = strlen(dirname);
306 struct strbuf refname;
307 struct strbuf path = STRBUF_INIT;
308
309 files_ref_path(refs, &path, dirname);
310
311 d = opendir(path.buf);
312 if (!d) {
313 strbuf_release(&path);
314 return;
315 }
316
317 strbuf_init(&refname, dirnamelen + 257);
318 strbuf_add(&refname, dirname, dirnamelen);
319
320 while ((de = readdir(d)) != NULL) {
321 unsigned char dtype;
322
323 if (de->d_name[0] == '.')
324 continue;
325 if (ends_with(de->d_name, ".lock"))
326 continue;
327 strbuf_addstr(&refname, de->d_name);
328
329 dtype = get_dtype(de, &path, 1);
330 if (dtype == DT_DIR) {
331 strbuf_addch(&refname, '/');
332 add_entry_to_dir(dir,
333 create_dir_entry(dir->cache, refname.buf,
334 refname.len));
335 } else if (dtype == DT_REG) {
336 loose_fill_ref_dir_regular_file(refs, refname.buf, dir);
337 }
338 strbuf_setlen(&refname, dirnamelen);
339 }
340 strbuf_release(&refname);
341 strbuf_release(&path);
342 closedir(d);
343
344 add_per_worktree_entries_to_dir(dir, dirname);
345 }
346
347 static int for_each_root_ref(struct files_ref_store *refs,
348 int (*cb)(const char *refname, void *cb_data),
349 void *cb_data)
350 {
351 struct strbuf path = STRBUF_INIT, refname = STRBUF_INIT;
352 const char *dirname = refs->loose->root->name;
353 struct dirent *de;
354 size_t dirnamelen;
355 int ret;
356 DIR *d;
357
358 files_ref_path(refs, &path, dirname);
359
360 d = opendir(path.buf);
361 if (!d) {
362 strbuf_release(&path);
363 return -1;
364 }
365
366 strbuf_addstr(&refname, dirname);
367 dirnamelen = refname.len;
368
369 while ((de = readdir(d)) != NULL) {
370 unsigned char dtype;
371
372 if (de->d_name[0] == '.')
373 continue;
374 if (ends_with(de->d_name, ".lock"))
375 continue;
376 strbuf_addstr(&refname, de->d_name);
377
378 dtype = get_dtype(de, &path, 1);
379 if (dtype == DT_REG && is_root_ref(de->d_name)) {
380 ret = cb(refname.buf, cb_data);
381 if (ret)
382 goto done;
383 }
384
385 strbuf_setlen(&refname, dirnamelen);
386 }
387
388 ret = 0;
389
390 done:
391 strbuf_release(&refname);
392 strbuf_release(&path);
393 closedir(d);
394 return ret;
395 }
396
397 struct fill_root_ref_data {
398 struct files_ref_store *refs;
399 struct ref_dir *dir;
400 };
401
402 static int fill_root_ref(const char *refname, void *cb_data)
403 {
404 struct fill_root_ref_data *data = cb_data;
405 loose_fill_ref_dir_regular_file(data->refs, refname, data->dir);
406 return 0;
407 }
408
409 /*
410 * Add root refs to the ref dir by parsing the directory for any files which
411 * follow the root ref syntax.
412 */
413 static void add_root_refs(struct files_ref_store *refs,
414 struct ref_dir *dir)
415 {
416 struct fill_root_ref_data data = {
417 .refs = refs,
418 .dir = dir,
419 };
420
421 for_each_root_ref(refs, fill_root_ref, &data);
422 }
423
424 static struct ref_cache *get_loose_ref_cache(struct files_ref_store *refs,
425 unsigned int flags)
426 {
427 if (!refs->loose) {
428 struct ref_dir *dir;
429
430 /*
431 * Mark the top-level directory complete because we
432 * are about to read the only subdirectory that can
433 * hold references:
434 */
435 refs->loose = create_ref_cache(&refs->base, loose_fill_ref_dir);
436
437 /* We're going to fill the top level ourselves: */
438 refs->loose->root->flag &= ~REF_INCOMPLETE;
439
440 dir = get_ref_dir(refs->loose->root);
441
442 if (flags & DO_FOR_EACH_INCLUDE_ROOT_REFS)
443 add_root_refs(refs, dir);
444
445 /*
446 * Add an incomplete entry for "refs/" (to be filled
447 * lazily):
448 */
449 add_entry_to_dir(dir, create_dir_entry(refs->loose, "refs/", 5));
450 }
451 return refs->loose;
452 }
453
454 static int read_ref_internal(struct ref_store *ref_store, const char *refname,
455 struct object_id *oid, struct strbuf *referent,
456 unsigned int *type, int *failure_errno, int skip_packed_refs)
457 {
458 struct files_ref_store *refs =
459 files_downcast(ref_store, REF_STORE_READ, "read_raw_ref");
460 struct strbuf sb_contents = STRBUF_INIT;
461 struct strbuf sb_path = STRBUF_INIT;
462 const char *path;
463 const char *buf;
464 struct stat st;
465 int fd;
466 int ret = -1;
467 int remaining_retries = 3;
468 int myerr = 0;
469
470 *type = 0;
471 strbuf_reset(&sb_path);
472
473 files_ref_path(refs, &sb_path, refname);
474
475 path = sb_path.buf;
476
477 stat_ref:
478 /*
479 * We might have to loop back here to avoid a race
480 * condition: first we lstat() the file, then we try
481 * to read it as a link or as a file. But if somebody
482 * changes the type of the file (file <-> directory
483 * <-> symlink) between the lstat() and reading, then
484 * we don't want to report that as an error but rather
485 * try again starting with the lstat().
486 *
487 * We'll keep a count of the retries, though, just to avoid
488 * any confusing situation sending us into an infinite loop.
489 */
490
491 if (remaining_retries-- <= 0)
492 goto out;
493
494 if (lstat(path, &st) < 0) {
495 int ignore_errno;
496 myerr = errno;
497 if (myerr != ENOENT || skip_packed_refs)
498 goto out;
499 if (refs_read_raw_ref(refs->packed_ref_store, refname, oid,
500 referent, type, &ignore_errno)) {
501 myerr = ENOENT;
502 goto out;
503 }
504 ret = 0;
505 goto out;
506 }
507
508 /* Follow "normalized" - ie "refs/.." symlinks by hand */
509 if (S_ISLNK(st.st_mode)) {
510 strbuf_reset(&sb_contents);
511 if (strbuf_readlink(&sb_contents, path, st.st_size) < 0) {
512 myerr = errno;
513 if (myerr == ENOENT || myerr == EINVAL)
514 /* inconsistent with lstat; retry */
515 goto stat_ref;
516 else
517 goto out;
518 }
519 if (starts_with(sb_contents.buf, "refs/") &&
520 !check_refname_format(sb_contents.buf, 0)) {
521 strbuf_swap(&sb_contents, referent);
522 *type |= REF_ISSYMREF;
523 ret = 0;
524 goto out;
525 }
526 /*
527 * It doesn't look like a refname; fall through to just
528 * treating it like a non-symlink, and reading whatever it
529 * points to.
530 */
531 }
532
533 /* Is it a directory? */
534 if (S_ISDIR(st.st_mode)) {
535 int ignore_errno;
536 /*
537 * Even though there is a directory where the loose
538 * ref is supposed to be, there could still be a
539 * packed ref:
540 */
541 if (skip_packed_refs ||
542 refs_read_raw_ref(refs->packed_ref_store, refname, oid,
543 referent, type, &ignore_errno)) {
544 myerr = EISDIR;
545 goto out;
546 }
547 ret = 0;
548 goto out;
549 }
550
551 /*
552 * Anything else, just open it and try to use it as
553 * a ref
554 */
555 fd = open(path, O_RDONLY);
556 if (fd < 0) {
557 myerr = errno;
558 if (myerr == ENOENT && !S_ISLNK(st.st_mode))
559 /* inconsistent with lstat; retry */
560 goto stat_ref;
561 else
562 goto out;
563 }
564 strbuf_reset(&sb_contents);
565 if (strbuf_read(&sb_contents, fd, 256) < 0) {
566 myerr = errno;
567 close(fd);
568 goto out;
569 }
570 close(fd);
571 strbuf_rtrim(&sb_contents);
572 buf = sb_contents.buf;
573
574 ret = parse_loose_ref_contents(ref_store->repo->hash_algo, buf,
575 oid, referent, type, NULL, &myerr);
576
577 out:
578 if (ret && !myerr)
579 BUG("returning non-zero %d, should have set myerr!", ret);
580 *failure_errno = myerr;
581
582 strbuf_release(&sb_path);
583 strbuf_release(&sb_contents);
584 errno = 0;
585 return ret;
586 }
587
588 static int files_read_raw_ref(struct ref_store *ref_store, const char *refname,
589 struct object_id *oid, struct strbuf *referent,
590 unsigned int *type, int *failure_errno)
591 {
592 return read_ref_internal(ref_store, refname, oid, referent, type, failure_errno, 0);
593 }
594
595 static int files_read_symbolic_ref(struct ref_store *ref_store, const char *refname,
596 struct strbuf *referent)
597 {
598 struct object_id oid;
599 int failure_errno, ret;
600 unsigned int type;
601
602 ret = read_ref_internal(ref_store, refname, &oid, referent, &type, &failure_errno, 1);
603 if (!ret && !(type & REF_ISSYMREF))
604 return NOT_A_SYMREF;
605 return ret;
606 }
607
608 int parse_loose_ref_contents(const struct git_hash_algo *algop,
609 const char *buf, struct object_id *oid,
610 struct strbuf *referent, unsigned int *type,
611 const char **trailing, int *failure_errno)
612 {
613 const char *p;
614 if (skip_prefix(buf, "ref:", &buf)) {
615 while (isspace(*buf))
616 buf++;
617
618 strbuf_reset(referent);
619 strbuf_addstr(referent, buf);
620 *type |= REF_ISSYMREF;
621 return 0;
622 }
623
624 /*
625 * FETCH_HEAD has additional data after the sha.
626 */
627 if (parse_oid_hex_algop(buf, oid, &p, algop) ||
628 (*p != '\0' && !isspace(*p))) {
629 *type |= REF_ISBROKEN;
630 *failure_errno = EINVAL;
631 return -1;
632 }
633
634 if (trailing)
635 *trailing = p;
636
637 return 0;
638 }
639
640 static void unlock_ref(struct ref_lock *lock)
641 {
642 lock->count--;
643 if (!lock->count) {
644 rollback_lock_file(&lock->lk);
645 free(lock->ref_name);
646 free(lock);
647 }
648 }
649
650 /*
651 * Lock refname, without following symrefs, and set *lock_p to point
652 * at a newly-allocated lock object. Fill in lock->old_oid, referent,
653 * and type similarly to read_raw_ref().
654 *
655 * The caller must verify that refname is a "safe" reference name (in
656 * the sense of refname_is_safe()) before calling this function.
657 *
658 * If the reference doesn't already exist, verify that refname doesn't
659 * have a D/F conflict with any existing references. extras and skip
660 * are passed to refs_verify_refname_available() for this check.
661 *
662 * If mustexist is not set and the reference is not found or is
663 * broken, lock the reference anyway but clear old_oid.
664 *
665 * Return 0 on success. On failure, write an error message to err and
666 * return REF_TRANSACTION_ERROR_NAME_CONFLICT or REF_TRANSACTION_ERROR_GENERIC.
667 *
668 * Implementation note: This function is basically
669 *
670 * lock reference
671 * read_raw_ref()
672 *
673 * but it includes a lot more code to
674 * - Deal with possible races with other processes
675 * - Avoid calling refs_verify_refname_available() when it can be
676 * avoided, namely if we were successfully able to read the ref
677 * - Generate informative error messages in the case of failure
678 */
679 static enum ref_transaction_error lock_raw_ref(struct files_ref_store *refs,
680 struct ref_update *update,
681 size_t update_idx,
682 int mustexist,
683 struct string_list *refnames_to_check,
684 const struct string_list *extras,
685 struct ref_lock **lock_p,
686 struct strbuf *referent,
687 struct strbuf *err)
688 {
689 enum ref_transaction_error ret = REF_TRANSACTION_ERROR_GENERIC;
690 const char *refname = update->refname;
691 unsigned int *type = &update->type;
692 struct ref_lock *lock;
693 struct strbuf ref_file = STRBUF_INIT;
694 int attempts_remaining = 3;
695 int failure_errno;
696
697 assert(err);
698 files_assert_main_repository(refs, "lock_raw_ref");
699
700 *type = 0;
701
702 /* First lock the file so it can't change out from under us. */
703
704 *lock_p = CALLOC_ARRAY(lock, 1);
705
706 lock->ref_name = xstrdup(refname);
707 lock->count = 1;
708 files_ref_path(refs, &ref_file, refname);
709
710 retry:
711 switch (safe_create_leading_directories(the_repository, ref_file.buf)) {
712 case SCLD_OK:
713 break; /* success */
714 case SCLD_EXISTS:
715 /*
716 * Suppose refname is "refs/foo/bar". We just failed
717 * to create the containing directory, "refs/foo",
718 * because there was a non-directory in the way. This
719 * indicates a D/F conflict, probably because of
720 * another reference such as "refs/foo". There is no
721 * reason to expect this error to be transitory.
722 */
723 if (refs_verify_refname_available(&refs->base, refname,
724 extras, NULL, 0, err)) {
725 if (mustexist) {
726 /*
727 * To the user the relevant error is
728 * that the "mustexist" reference is
729 * missing:
730 */
731 strbuf_reset(err);
732 strbuf_addf(err, "unable to resolve reference '%s'",
733 refname);
734 ret = REF_TRANSACTION_ERROR_NONEXISTENT_REF;
735 } else {
736 /*
737 * The error message set by
738 * refs_verify_refname_available() is
739 * OK.
740 */
741 ret = REF_TRANSACTION_ERROR_NAME_CONFLICT;
742 }
743 } else {
744 /*
745 * The file that is in the way isn't a loose
746 * reference. Report it as a low-level
747 * failure.
748 */
749 strbuf_addf(err, "unable to create lock file %s.lock; "
750 "non-directory in the way",
751 ref_file.buf);
752 }
753 goto error_return;
754 case SCLD_VANISHED:
755 /* Maybe another process was tidying up. Try again. */
756 if (--attempts_remaining > 0)
757 goto retry;
758 /* fall through */
759 default:
760 strbuf_addf(err, "unable to create directory for %s",
761 ref_file.buf);
762 goto error_return;
763 }
764
765 if (hold_lock_file_for_update_timeout(
766 &lock->lk, ref_file.buf, LOCK_NO_DEREF,
767 get_files_ref_lock_timeout_ms()) < 0) {
768 int myerr = errno;
769 errno = 0;
770 if (myerr == ENOENT && --attempts_remaining > 0) {
771 /*
772 * Maybe somebody just deleted one of the
773 * directories leading to ref_file. Try
774 * again:
775 */
776 goto retry;
777 } else {
778 unable_to_lock_message(ref_file.buf, myerr, err);
779 goto error_return;
780 }
781 }
782
783 /*
784 * Now we hold the lock and can read the reference without
785 * fear that its value will change.
786 */
787
788 if (files_read_raw_ref(&refs->base, refname, &lock->old_oid, referent,
789 type, &failure_errno)) {
790 struct string_list_item *item;
791
792 if (failure_errno == ENOENT) {
793 if (mustexist) {
794 /* Garden variety missing reference. */
795 strbuf_addf(err, "unable to resolve reference '%s'",
796 refname);
797 ret = REF_TRANSACTION_ERROR_NONEXISTENT_REF;
798 goto error_return;
799 } else {
800 /*
801 * Reference is missing, but that's OK. We
802 * know that there is not a conflict with
803 * another loose reference because
804 * (supposing that we are trying to lock
805 * reference "refs/foo/bar"):
806 *
807 * - We were successfully able to create
808 * the lockfile refs/foo/bar.lock, so we
809 * know there cannot be a loose reference
810 * named "refs/foo".
811 *
812 * - We got ENOENT and not EISDIR, so we
813 * know that there cannot be a loose
814 * reference named "refs/foo/bar/baz".
815 */
816 }
817 } else if (failure_errno == EISDIR) {
818 /*
819 * There is a directory in the way. It might have
820 * contained references that have been deleted. If
821 * we don't require that the reference already
822 * exists, try to remove the directory so that it
823 * doesn't cause trouble when we want to rename the
824 * lockfile into place later.
825 */
826 if (mustexist) {
827 /* Garden variety missing reference. */
828 strbuf_addf(err, "unable to resolve reference '%s'",
829 refname);
830 ret = REF_TRANSACTION_ERROR_NONEXISTENT_REF;
831 goto error_return;
832 } else if (remove_dir_recursively(&ref_file,
833 REMOVE_DIR_EMPTY_ONLY)) {
834 if (refs_verify_refname_available(
835 &refs->base, refname,
836 extras, NULL, 0, err)) {
837 /*
838 * The error message set by
839 * verify_refname_available() is OK.
840 */
841 ret = REF_TRANSACTION_ERROR_NAME_CONFLICT;
842 goto error_return;
843 } else {
844 /*
845 * We can't delete the directory,
846 * but we also don't know of any
847 * references that it should
848 * contain.
849 */
850 strbuf_addf(err, "there is a non-empty directory '%s' "
851 "blocking reference '%s'",
852 ref_file.buf, refname);
853 goto error_return;
854 }
855 }
856 } else if (failure_errno == EINVAL && (*type & REF_ISBROKEN)) {
857 strbuf_addf(err, "unable to resolve reference '%s': "
858 "reference broken", refname);
859 goto error_return;
860 } else {
861 strbuf_addf(err, "unable to resolve reference '%s': %s",
862 refname, strerror(failure_errno));
863 goto error_return;
864 }
865
866 /*
867 * If the ref did not exist and we are creating it, we have to
868 * make sure there is no existing packed ref that conflicts
869 * with refname. This check is deferred so that we can batch it.
870 */
871 item = string_list_append(refnames_to_check, refname);
872 item->util = xmalloc(sizeof(update_idx));
873 memcpy(item->util, &update_idx, sizeof(update_idx));
874 }
875
876 ret = 0;
877 goto out;
878
879 error_return:
880 unlock_ref(lock);
881 *lock_p = NULL;
882
883 out:
884 strbuf_release(&ref_file);
885 return ret;
886 }
887
888 struct files_ref_iterator {
889 struct ref_iterator base;
890
891 struct ref_iterator *iter0;
892 struct repository *repo;
893 unsigned int flags;
894 };
895
896 static int files_ref_iterator_advance(struct ref_iterator *ref_iterator)
897 {
898 struct files_ref_iterator *iter =
899 (struct files_ref_iterator *)ref_iterator;
900 int ok;
901
902 while ((ok = ref_iterator_advance(iter->iter0)) == ITER_OK) {
903 if (iter->flags & DO_FOR_EACH_PER_WORKTREE_ONLY &&
904 parse_worktree_ref(iter->iter0->refname, NULL, NULL,
905 NULL) != REF_WORKTREE_CURRENT)
906 continue;
907
908 if ((iter->flags & DO_FOR_EACH_OMIT_DANGLING_SYMREFS) &&
909 (iter->iter0->flags & REF_ISSYMREF) &&
910 (iter->iter0->flags & REF_ISBROKEN))
911 continue;
912
913 if (!(iter->flags & DO_FOR_EACH_INCLUDE_BROKEN) &&
914 !ref_resolves_to_object(iter->iter0->refname,
915 iter->repo,
916 iter->iter0->oid,
917 iter->iter0->flags))
918 continue;
919
920 iter->base.refname = iter->iter0->refname;
921 iter->base.oid = iter->iter0->oid;
922 iter->base.flags = iter->iter0->flags;
923 iter->base.referent = iter->iter0->referent;
924
925 return ITER_OK;
926 }
927
928 return ok;
929 }
930
931 static int files_ref_iterator_seek(struct ref_iterator *ref_iterator,
932 const char *prefix)
933 {
934 struct files_ref_iterator *iter =
935 (struct files_ref_iterator *)ref_iterator;
936 return ref_iterator_seek(iter->iter0, prefix);
937 }
938
939 static int files_ref_iterator_peel(struct ref_iterator *ref_iterator,
940 struct object_id *peeled)
941 {
942 struct files_ref_iterator *iter =
943 (struct files_ref_iterator *)ref_iterator;
944
945 return ref_iterator_peel(iter->iter0, peeled);
946 }
947
948 static void files_ref_iterator_release(struct ref_iterator *ref_iterator)
949 {
950 struct files_ref_iterator *iter =
951 (struct files_ref_iterator *)ref_iterator;
952 ref_iterator_free(iter->iter0);
953 }
954
955 static struct ref_iterator_vtable files_ref_iterator_vtable = {
956 .advance = files_ref_iterator_advance,
957 .seek = files_ref_iterator_seek,
958 .peel = files_ref_iterator_peel,
959 .release = files_ref_iterator_release,
960 };
961
962 static struct ref_iterator *files_ref_iterator_begin(
963 struct ref_store *ref_store,
964 const char *prefix, const char **exclude_patterns,
965 unsigned int flags)
966 {
967 struct files_ref_store *refs;
968 struct ref_iterator *loose_iter, *packed_iter, *overlay_iter;
969 struct files_ref_iterator *iter;
970 struct ref_iterator *ref_iterator;
971 unsigned int required_flags = REF_STORE_READ;
972
973 if (!(flags & DO_FOR_EACH_INCLUDE_BROKEN))
974 required_flags |= REF_STORE_ODB;
975
976 refs = files_downcast(ref_store, required_flags, "ref_iterator_begin");
977
978 /*
979 * We must make sure that all loose refs are read before
980 * accessing the packed-refs file; this avoids a race
981 * condition if loose refs are migrated to the packed-refs
982 * file by a simultaneous process, but our in-memory view is
983 * from before the migration. We ensure this as follows:
984 * First, we call start the loose refs iteration with its
985 * `prime_ref` argument set to true. This causes the loose
986 * references in the subtree to be pre-read into the cache.
987 * (If they've already been read, that's OK; we only need to
988 * guarantee that they're read before the packed refs, not
989 * *how much* before.) After that, we call
990 * packed_ref_iterator_begin(), which internally checks
991 * whether the packed-ref cache is up to date with what is on
992 * disk, and re-reads it if not.
993 */
994
995 loose_iter = cache_ref_iterator_begin(get_loose_ref_cache(refs, flags),
996 prefix, ref_store->repo, 1);
997
998 /*
999 * The packed-refs file might contain broken references, for
1000 * example an old version of a reference that points at an
1001 * object that has since been garbage-collected. This is OK as
1002 * long as there is a corresponding loose reference that
1003 * overrides it, and we don't want to emit an error message in
1004 * this case. So ask the packed_ref_store for all of its
1005 * references, and (if needed) do our own check for broken
1006 * ones in files_ref_iterator_advance(), after we have merged
1007 * the packed and loose references.
1008 */
1009 packed_iter = refs_ref_iterator_begin(
1010 refs->packed_ref_store, prefix, exclude_patterns, 0,
1011 DO_FOR_EACH_INCLUDE_BROKEN);
1012
1013 overlay_iter = overlay_ref_iterator_begin(loose_iter, packed_iter);
1014
1015 CALLOC_ARRAY(iter, 1);
1016 ref_iterator = &iter->base;
1017 base_ref_iterator_init(ref_iterator, &files_ref_iterator_vtable);
1018 iter->iter0 = overlay_iter;
1019 iter->repo = ref_store->repo;
1020 iter->flags = flags;
1021
1022 return ref_iterator;
1023 }
1024
1025 /*
1026 * Callback function for raceproof_create_file(). This function is
1027 * expected to do something that makes dirname(path) permanent despite
1028 * the fact that other processes might be cleaning up empty
1029 * directories at the same time. Usually it will create a file named
1030 * path, but alternatively it could create another file in that
1031 * directory, or even chdir() into that directory. The function should
1032 * return 0 if the action was completed successfully. On error, it
1033 * should return a nonzero result and set errno.
1034 * raceproof_create_file() treats two errno values specially:
1035 *
1036 * - ENOENT -- dirname(path) does not exist. In this case,
1037 * raceproof_create_file() tries creating dirname(path)
1038 * (and any parent directories, if necessary) and calls
1039 * the function again.
1040 *
1041 * - EISDIR -- the file already exists and is a directory. In this
1042 * case, raceproof_create_file() removes the directory if
1043 * it is empty (and recursively any empty directories that
1044 * it contains) and calls the function again.
1045 *
1046 * Any other errno causes raceproof_create_file() to fail with the
1047 * callback's return value and errno.
1048 *
1049 * Obviously, this function should be OK with being called again if it
1050 * fails with ENOENT or EISDIR. In other scenarios it will not be
1051 * called again.
1052 */
1053 typedef int create_file_fn(const char *path, void *cb);
1054
1055 /*
1056 * Create a file in dirname(path) by calling fn, creating leading
1057 * directories if necessary. Retry a few times in case we are racing
1058 * with another process that is trying to clean up the directory that
1059 * contains path. See the documentation for create_file_fn for more
1060 * details.
1061 *
1062 * Return the value and set the errno that resulted from the most
1063 * recent call of fn. fn is always called at least once, and will be
1064 * called more than once if it returns ENOENT or EISDIR.
1065 */
1066 static int raceproof_create_file(const char *path, create_file_fn fn, void *cb)
1067 {
1068 /*
1069 * The number of times we will try to remove empty directories
1070 * in the way of path. This is only 1 because if another
1071 * process is racily creating directories that conflict with
1072 * us, we don't want to fight against them.
1073 */
1074 int remove_directories_remaining = 1;
1075
1076 /*
1077 * The number of times that we will try to create the
1078 * directories containing path. We are willing to attempt this
1079 * more than once, because another process could be trying to
1080 * clean up empty directories at the same time as we are
1081 * trying to create them.
1082 */
1083 int create_directories_remaining = 3;
1084
1085 /* A scratch copy of path, filled lazily if we need it: */
1086 struct strbuf path_copy = STRBUF_INIT;
1087
1088 int ret, save_errno;
1089
1090 /* Sanity check: */
1091 assert(*path);
1092
1093 retry_fn:
1094 ret = fn(path, cb);
1095 save_errno = errno;
1096 if (!ret)
1097 goto out;
1098
1099 if (errno == EISDIR && remove_directories_remaining-- > 0) {
1100 /*
1101 * A directory is in the way. Maybe it is empty; try
1102 * to remove it:
1103 */
1104 if (!path_copy.len)
1105 strbuf_addstr(&path_copy, path);
1106
1107 if (!remove_dir_recursively(&path_copy, REMOVE_DIR_EMPTY_ONLY))
1108 goto retry_fn;
1109 } else if (errno == ENOENT && create_directories_remaining-- > 0) {
1110 /*
1111 * Maybe the containing directory didn't exist, or
1112 * maybe it was just deleted by a process that is
1113 * racing with us to clean up empty directories. Try
1114 * to create it:
1115 */
1116 enum scld_error scld_result;
1117
1118 if (!path_copy.len)
1119 strbuf_addstr(&path_copy, path);
1120
1121 do {
1122 scld_result = safe_create_leading_directories(the_repository, path_copy.buf);
1123 if (scld_result == SCLD_OK)
1124 goto retry_fn;
1125 } while (scld_result == SCLD_VANISHED && create_directories_remaining-- > 0);
1126 }
1127
1128 out:
1129 strbuf_release(&path_copy);
1130 errno = save_errno;
1131 return ret;
1132 }
1133
1134 static int remove_empty_directories(struct strbuf *path)
1135 {
1136 /*
1137 * we want to create a file but there is a directory there;
1138 * if that is an empty directory (or a directory that contains
1139 * only empty directories), remove them.
1140 */
1141 return remove_dir_recursively(path, REMOVE_DIR_EMPTY_ONLY);
1142 }
1143
1144 static int create_reflock(const char *path, void *cb)
1145 {
1146 struct lock_file *lk = cb;
1147
1148 return hold_lock_file_for_update_timeout(
1149 lk, path, LOCK_NO_DEREF,
1150 get_files_ref_lock_timeout_ms()) < 0 ? -1 : 0;
1151 }
1152
1153 /*
1154 * Locks a ref returning the lock on success and NULL on failure.
1155 */
1156 static struct ref_lock *lock_ref_oid_basic(struct files_ref_store *refs,
1157 const char *refname,
1158 struct strbuf *err)
1159 {
1160 struct strbuf ref_file = STRBUF_INIT;
1161 struct ref_lock *lock;
1162
1163 files_assert_main_repository(refs, "lock_ref_oid_basic");
1164 assert(err);
1165
1166 CALLOC_ARRAY(lock, 1);
1167
1168 files_ref_path(refs, &ref_file, refname);
1169
1170 /*
1171 * If the ref did not exist and we are creating it, make sure
1172 * there is no existing packed ref whose name begins with our
1173 * refname, nor a packed ref whose name is a proper prefix of
1174 * our refname.
1175 */
1176 if (is_null_oid(&lock->old_oid) &&
1177 refs_verify_refname_available(refs->packed_ref_store, refname,
1178 NULL, NULL, 0, err))
1179 goto error_return;
1180
1181 lock->ref_name = xstrdup(refname);
1182 lock->count = 1;
1183
1184 if (raceproof_create_file(ref_file.buf, create_reflock, &lock->lk)) {
1185 unable_to_lock_message(ref_file.buf, errno, err);
1186 goto error_return;
1187 }
1188
1189 if (!refs_resolve_ref_unsafe(&refs->base, lock->ref_name, 0,
1190 &lock->old_oid, NULL))
1191 oidclr(&lock->old_oid, refs->base.repo->hash_algo);
1192 goto out;
1193
1194 error_return:
1195 unlock_ref(lock);
1196 lock = NULL;
1197
1198 out:
1199 strbuf_release(&ref_file);
1200 return lock;
1201 }
1202
1203 struct ref_to_prune {
1204 struct ref_to_prune *next;
1205 struct object_id oid;
1206 char name[FLEX_ARRAY];
1207 };
1208
1209 enum {
1210 REMOVE_EMPTY_PARENTS_REF = 0x01,
1211 REMOVE_EMPTY_PARENTS_REFLOG = 0x02
1212 };
1213
1214 /*
1215 * Remove empty parent directories associated with the specified
1216 * reference and/or its reflog, but spare [logs/]refs/ and immediate
1217 * subdirs. flags is a combination of REMOVE_EMPTY_PARENTS_REF and/or
1218 * REMOVE_EMPTY_PARENTS_REFLOG.
1219 */
1220 static void try_remove_empty_parents(struct files_ref_store *refs,
1221 const char *refname,
1222 unsigned int flags)
1223 {
1224 struct strbuf buf = STRBUF_INIT;
1225 struct strbuf sb = STRBUF_INIT;
1226 char *p, *q;
1227 int i;
1228
1229 strbuf_addstr(&buf, refname);
1230 p = buf.buf;
1231 for (i = 0; i < 2; i++) { /* refs/{heads,tags,...}/ */
1232 while (*p && *p != '/')
1233 p++;
1234 /* tolerate duplicate slashes; see check_refname_format() */
1235 while (*p == '/')
1236 p++;
1237 }
1238 q = buf.buf + buf.len;
1239 while (flags & (REMOVE_EMPTY_PARENTS_REF | REMOVE_EMPTY_PARENTS_REFLOG)) {
1240 while (q > p && *q != '/')
1241 q--;
1242 while (q > p && *(q-1) == '/')
1243 q--;
1244 if (q == p)
1245 break;
1246 strbuf_setlen(&buf, q - buf.buf);
1247
1248 strbuf_reset(&sb);
1249 files_ref_path(refs, &sb, buf.buf);
1250 if ((flags & REMOVE_EMPTY_PARENTS_REF) && rmdir(sb.buf))
1251 flags &= ~REMOVE_EMPTY_PARENTS_REF;
1252
1253 strbuf_reset(&sb);
1254 files_reflog_path(refs, &sb, buf.buf);
1255 if ((flags & REMOVE_EMPTY_PARENTS_REFLOG) && rmdir(sb.buf))
1256 flags &= ~REMOVE_EMPTY_PARENTS_REFLOG;
1257 }
1258 strbuf_release(&buf);
1259 strbuf_release(&sb);
1260 }
1261
1262 /* make sure nobody touched the ref, and unlink */
1263 static void prune_ref(struct files_ref_store *refs, struct ref_to_prune *r)
1264 {
1265 struct ref_transaction *transaction;
1266 struct strbuf err = STRBUF_INIT;
1267 int ret = -1;
1268
1269 if (check_refname_format(r->name, 0))
1270 return;
1271
1272 transaction = ref_store_transaction_begin(&refs->base, 0, &err);
1273 if (!transaction)
1274 goto cleanup;
1275 ref_transaction_add_update(
1276 transaction, r->name,
1277 REF_NO_DEREF | REF_HAVE_NEW | REF_HAVE_OLD | REF_IS_PRUNING,
1278 null_oid(the_hash_algo), &r->oid, NULL, NULL, NULL, NULL);
1279 if (ref_transaction_commit(transaction, &err))
1280 goto cleanup;
1281
1282 ret = 0;
1283
1284 cleanup:
1285 if (ret)
1286 error("%s", err.buf);
1287 strbuf_release(&err);
1288 ref_transaction_free(transaction);
1289 return;
1290 }
1291
1292 /*
1293 * Prune the loose versions of the references in the linked list
1294 * `*refs_to_prune`, freeing the entries in the list as we go.
1295 */
1296 static void prune_refs(struct files_ref_store *refs, struct ref_to_prune **refs_to_prune)
1297 {
1298 while (*refs_to_prune) {
1299 struct ref_to_prune *r = *refs_to_prune;
1300 *refs_to_prune = r->next;
1301 prune_ref(refs, r);
1302 free(r);
1303 }
1304 }
1305
1306 /*
1307 * Return true if the specified reference should be packed.
1308 */
1309 static int should_pack_ref(struct files_ref_store *refs,
1310 const char *refname,
1311 const struct object_id *oid, unsigned int ref_flags,
1312 struct pack_refs_opts *opts)
1313 {
1314 struct string_list_item *item;
1315
1316 /* Do not pack per-worktree refs: */
1317 if (parse_worktree_ref(refname, NULL, NULL, NULL) !=
1318 REF_WORKTREE_SHARED)
1319 return 0;
1320
1321 /* Do not pack symbolic refs: */
1322 if (ref_flags & REF_ISSYMREF)
1323 return 0;
1324
1325 /* Do not pack broken refs: */
1326 if (!ref_resolves_to_object(refname, refs->base.repo, oid, ref_flags))
1327 return 0;
1328
1329 if (ref_excluded(opts->exclusions, refname))
1330 return 0;
1331
1332 for_each_string_list_item(item, opts->includes)
1333 if (!wildmatch(item->string, refname, 0))
1334 return 1;
1335
1336 return 0;
1337 }
1338
1339 static int should_pack_refs(struct files_ref_store *refs,
1340 struct pack_refs_opts *opts)
1341 {
1342 struct ref_iterator *iter;
1343 size_t packed_size;
1344 size_t refcount = 0;
1345 size_t limit;
1346 int ret;
1347
1348 if (!(opts->flags & PACK_REFS_AUTO))
1349 return 1;
1350
1351 ret = packed_refs_size(refs->packed_ref_store, &packed_size);
1352 if (ret < 0)
1353 die("cannot determine packed-refs size");
1354
1355 /*
1356 * Packing loose references into the packed-refs file scales with the
1357 * number of references we're about to write. We thus decide whether we
1358 * repack refs by weighing the current size of the packed-refs file
1359 * against the number of loose references. This is done such that we do
1360 * not repack too often on repositories with a huge number of
1361 * references, where we can expect a lot of churn in the number of
1362 * references.
1363 *
1364 * As a heuristic, we repack if the number of loose references in the
1365 * repository exceeds `log2(nr_packed_refs) * 5`, where we estimate
1366 * `nr_packed_refs = packed_size / 100`, which scales as following:
1367 *
1368 * - 1kB ~ 10 packed refs: 16 refs
1369 * - 10kB ~ 100 packed refs: 33 refs
1370 * - 100kB ~ 1k packed refs: 49 refs
1371 * - 1MB ~ 10k packed refs: 66 refs
1372 * - 10MB ~ 100k packed refs: 82 refs
1373 * - 100MB ~ 1m packed refs: 99 refs
1374 *
1375 * We thus allow roughly 16 additional loose refs per factor of ten of
1376 * packed refs. This heuristic may be tweaked in the future, but should
1377 * serve as a sufficiently good first iteration.
1378 */
1379 limit = log2u(packed_size / 100) * 5;
1380 if (limit < 16)
1381 limit = 16;
1382
1383 iter = cache_ref_iterator_begin(get_loose_ref_cache(refs, 0), NULL,
1384 refs->base.repo, 0);
1385 while ((ret = ref_iterator_advance(iter)) == ITER_OK) {
1386 if (should_pack_ref(refs, iter->refname, iter->oid,
1387 iter->flags, opts))
1388 refcount++;
1389 if (refcount >= limit) {
1390 ref_iterator_free(iter);
1391 return 1;
1392 }
1393 }
1394
1395 if (ret != ITER_DONE)
1396 die("error while iterating over references");
1397
1398 ref_iterator_free(iter);
1399 return 0;
1400 }
1401
1402 static int files_pack_refs(struct ref_store *ref_store,
1403 struct pack_refs_opts *opts)
1404 {
1405 struct files_ref_store *refs =
1406 files_downcast(ref_store, REF_STORE_WRITE | REF_STORE_ODB,
1407 "pack_refs");
1408 struct ref_iterator *iter;
1409 int ok;
1410 struct ref_to_prune *refs_to_prune = NULL;
1411 struct strbuf err = STRBUF_INIT;
1412 struct ref_transaction *transaction;
1413
1414 if (!should_pack_refs(refs, opts))
1415 return 0;
1416
1417 transaction = ref_store_transaction_begin(refs->packed_ref_store,
1418 0, &err);
1419 if (!transaction)
1420 return -1;
1421
1422 packed_refs_lock(refs->packed_ref_store, LOCK_DIE_ON_ERROR, &err);
1423
1424 iter = cache_ref_iterator_begin(get_loose_ref_cache(refs, 0), NULL,
1425 refs->base.repo, 0);
1426 while ((ok = ref_iterator_advance(iter)) == ITER_OK) {
1427 /*
1428 * If the loose reference can be packed, add an entry
1429 * in the packed ref cache. If the reference should be
1430 * pruned, also add it to refs_to_prune.
1431 */
1432 if (!should_pack_ref(refs, iter->refname, iter->oid, iter->flags, opts))
1433 continue;
1434
1435 /*
1436 * Add a reference creation for this reference to the
1437 * packed-refs transaction:
1438 */
1439 if (ref_transaction_update(transaction, iter->refname,
1440 iter->oid, NULL, NULL, NULL,
1441 REF_NO_DEREF, NULL, &err))
1442 die("failure preparing to create packed reference %s: %s",
1443 iter->refname, err.buf);
1444
1445 /* Schedule the loose reference for pruning if requested. */
1446 if ((opts->flags & PACK_REFS_PRUNE)) {
1447 struct ref_to_prune *n;
1448 FLEX_ALLOC_STR(n, name, iter->refname);
1449 oidcpy(&n->oid, iter->oid);
1450 n->next = refs_to_prune;
1451 refs_to_prune = n;
1452 }
1453 }
1454 if (ok != ITER_DONE)
1455 die("error while iterating over references");
1456
1457 if (ref_transaction_commit(transaction, &err))
1458 die("unable to write new packed-refs: %s", err.buf);
1459
1460 ref_transaction_free(transaction);
1461
1462 packed_refs_unlock(refs->packed_ref_store);
1463
1464 prune_refs(refs, &refs_to_prune);
1465 ref_iterator_free(iter);
1466 strbuf_release(&err);
1467 return 0;
1468 }
1469
1470 /*
1471 * People using contrib's git-new-workdir have .git/logs/refs ->
1472 * /some/other/path/.git/logs/refs, and that may live on another device.
1473 *
1474 * IOW, to avoid cross device rename errors, the temporary renamed log must
1475 * live into logs/refs.
1476 */
1477 #define TMP_RENAMED_LOG "refs/.tmp-renamed-log"
1478
1479 struct rename_cb {
1480 const char *tmp_renamed_log;
1481 int true_errno;
1482 };
1483
1484 static int rename_tmp_log_callback(const char *path, void *cb_data)
1485 {
1486 struct rename_cb *cb = cb_data;
1487
1488 if (rename(cb->tmp_renamed_log, path)) {
1489 /*
1490 * rename(a, b) when b is an existing directory ought
1491 * to result in ISDIR, but Solaris 5.8 gives ENOTDIR.
1492 * Sheesh. Record the true errno for error reporting,
1493 * but report EISDIR to raceproof_create_file() so
1494 * that it knows to retry.
1495 */
1496 cb->true_errno = errno;
1497 if (errno == ENOTDIR)
1498 errno = EISDIR;
1499 return -1;
1500 } else {
1501 return 0;
1502 }
1503 }
1504
1505 static int rename_tmp_log(struct files_ref_store *refs, const char *newrefname)
1506 {
1507 struct strbuf path = STRBUF_INIT;
1508 struct strbuf tmp = STRBUF_INIT;
1509 struct rename_cb cb;
1510 int ret;
1511
1512 files_reflog_path(refs, &path, newrefname);
1513 files_reflog_path(refs, &tmp, TMP_RENAMED_LOG);
1514 cb.tmp_renamed_log = tmp.buf;
1515 ret = raceproof_create_file(path.buf, rename_tmp_log_callback, &cb);
1516 if (ret) {
1517 if (errno == EISDIR)
1518 error("directory not empty: %s", path.buf);
1519 else
1520 error("unable to move logfile %s to %s: %s",
1521 tmp.buf, path.buf,
1522 strerror(cb.true_errno));
1523 }
1524
1525 strbuf_release(&path);
1526 strbuf_release(&tmp);
1527 return ret;
1528 }
1529
1530 static enum ref_transaction_error write_ref_to_lockfile(struct files_ref_store *refs,
1531 struct ref_lock *lock,
1532 const struct object_id *oid,
1533 int skip_oid_verification,
1534 struct strbuf *err);
1535 static int commit_ref_update(struct files_ref_store *refs,
1536 struct ref_lock *lock,
1537 const struct object_id *oid, const char *logmsg,
1538 int flags,
1539 struct strbuf *err);
1540
1541 /*
1542 * Emit a better error message than lockfile.c's
1543 * unable_to_lock_message() would in case there is a D/F conflict with
1544 * another existing reference. If there would be a conflict, emit an error
1545 * message and return false; otherwise, return true.
1546 *
1547 * Note that this function is not safe against all races with other
1548 * processes, and that's not its job. We'll emit a more verbose error on D/f
1549 * conflicts if we get past it into lock_ref_oid_basic().
1550 */
1551 static int refs_rename_ref_available(struct ref_store *refs,
1552 const char *old_refname,
1553 const char *new_refname)
1554 {
1555 struct string_list skip = STRING_LIST_INIT_NODUP;
1556 struct strbuf err = STRBUF_INIT;
1557 int ok;
1558
1559 string_list_insert(&skip, old_refname);
1560 ok = !refs_verify_refname_available(refs, new_refname,
1561 NULL, &skip, 0, &err);
1562 if (!ok)
1563 error("%s", err.buf);
1564
1565 string_list_clear(&skip, 0);
1566 strbuf_release(&err);
1567 return ok;
1568 }
1569
1570 static int files_copy_or_rename_ref(struct ref_store *ref_store,
1571 const char *oldrefname, const char *newrefname,
1572 const char *logmsg, int copy)
1573 {
1574 struct files_ref_store *refs =
1575 files_downcast(ref_store, REF_STORE_WRITE, "rename_ref");
1576 struct object_id orig_oid;
1577 int flag = 0, logmoved = 0;
1578 struct ref_lock *lock;
1579 struct stat loginfo;
1580 struct strbuf sb_oldref = STRBUF_INIT;
1581 struct strbuf sb_newref = STRBUF_INIT;
1582 struct strbuf tmp_renamed_log = STRBUF_INIT;
1583 int log, ret;
1584 struct strbuf err = STRBUF_INIT;
1585
1586 files_reflog_path(refs, &sb_oldref, oldrefname);
1587 files_reflog_path(refs, &sb_newref, newrefname);
1588 files_reflog_path(refs, &tmp_renamed_log, TMP_RENAMED_LOG);
1589
1590 log = !lstat(sb_oldref.buf, &loginfo);
1591 if (log && S_ISLNK(loginfo.st_mode)) {
1592 ret = error("reflog for %s is a symlink", oldrefname);
1593 goto out;
1594 }
1595
1596 if (!refs_resolve_ref_unsafe(&refs->base, oldrefname,
1597 RESOLVE_REF_READING | RESOLVE_REF_NO_RECURSE,
1598 &orig_oid, &flag)) {
1599 ret = error("refname %s not found", oldrefname);
1600 goto out;
1601 }
1602
1603 if (flag & REF_ISSYMREF) {
1604 if (copy)
1605 ret = error("refname %s is a symbolic ref, copying it is not supported",
1606 oldrefname);
1607 else
1608 ret = error("refname %s is a symbolic ref, renaming it is not supported",
1609 oldrefname);
1610 goto out;
1611 }
1612 if (!refs_rename_ref_available(&refs->base, oldrefname, newrefname)) {
1613 ret = 1;
1614 goto out;
1615 }
1616
1617 if (!copy && log && rename(sb_oldref.buf, tmp_renamed_log.buf)) {
1618 ret = error("unable to move logfile logs/%s to logs/"TMP_RENAMED_LOG": %s",
1619 oldrefname, strerror(errno));
1620 goto out;
1621 }
1622
1623 if (copy && log && copy_file(tmp_renamed_log.buf, sb_oldref.buf, 0644)) {
1624 ret = error("unable to copy logfile logs/%s to logs/"TMP_RENAMED_LOG": %s",
1625 oldrefname, strerror(errno));
1626 goto out;
1627 }
1628
1629 if (!copy && refs_delete_ref(&refs->base, logmsg, oldrefname,
1630 &orig_oid, REF_NO_DEREF)) {
1631 error("unable to delete old %s", oldrefname);
1632 goto rollback;
1633 }
1634
1635 /*
1636 * Since we are doing a shallow lookup, oid is not the
1637 * correct value to pass to delete_ref as old_oid. But that
1638 * doesn't matter, because an old_oid check wouldn't add to
1639 * the safety anyway; we want to delete the reference whatever
1640 * its current value.
1641 */
1642 if (!copy && refs_resolve_ref_unsafe(&refs->base, newrefname,
1643 RESOLVE_REF_READING | RESOLVE_REF_NO_RECURSE,
1644 NULL, NULL) &&
1645 refs_delete_ref(&refs->base, NULL, newrefname,
1646 NULL, REF_NO_DEREF)) {
1647 if (errno == EISDIR) {
1648 struct strbuf path = STRBUF_INIT;
1649 int result;
1650
1651 files_ref_path(refs, &path, newrefname);
1652 result = remove_empty_directories(&path);
1653 strbuf_release(&path);
1654
1655 if (result) {
1656 error("Directory not empty: %s", newrefname);
1657 goto rollback;
1658 }
1659 } else {
1660 error("unable to delete existing %s", newrefname);
1661 goto rollback;
1662 }
1663 }
1664
1665 if (log && rename_tmp_log(refs, newrefname))
1666 goto rollback;
1667
1668 logmoved = log;
1669
1670 lock = lock_ref_oid_basic(refs, newrefname, &err);
1671 if (!lock) {
1672 if (copy)
1673 error("unable to copy '%s' to '%s': %s", oldrefname, newrefname, err.buf);
1674 else
1675 error("unable to rename '%s' to '%s': %s", oldrefname, newrefname, err.buf);
1676 strbuf_release(&err);
1677 goto rollback;
1678 }
1679 oidcpy(&lock->old_oid, &orig_oid);
1680
1681 if (write_ref_to_lockfile(refs, lock, &orig_oid, 0, &err) ||
1682 commit_ref_update(refs, lock, &orig_oid, logmsg, 0, &err)) {
1683 error("unable to write current sha1 into %s: %s", newrefname, err.buf);
1684 strbuf_release(&err);
1685 goto rollback;
1686 }
1687
1688 ret = 0;
1689 goto out;
1690
1691 rollback:
1692 lock = lock_ref_oid_basic(refs, oldrefname, &err);
1693 if (!lock) {
1694 error("unable to lock %s for rollback: %s", oldrefname, err.buf);
1695 strbuf_release(&err);
1696 goto rollbacklog;
1697 }
1698
1699 if (write_ref_to_lockfile(refs, lock, &orig_oid, 0, &err) ||
1700 commit_ref_update(refs, lock, &orig_oid, NULL, REF_SKIP_CREATE_REFLOG, &err)) {
1701 error("unable to write current sha1 into %s: %s", oldrefname, err.buf);
1702 strbuf_release(&err);
1703 }
1704
1705 rollbacklog:
1706 if (logmoved && rename(sb_newref.buf, sb_oldref.buf))
1707 error("unable to restore logfile %s from %s: %s",
1708 oldrefname, newrefname, strerror(errno));
1709 if (!logmoved && log &&
1710 rename(tmp_renamed_log.buf, sb_oldref.buf))
1711 error("unable to restore logfile %s from logs/"TMP_RENAMED_LOG": %s",
1712 oldrefname, strerror(errno));
1713 ret = 1;
1714 out:
1715 strbuf_release(&sb_newref);
1716 strbuf_release(&sb_oldref);
1717 strbuf_release(&tmp_renamed_log);
1718
1719 return ret;
1720 }
1721
1722 static int files_rename_ref(struct ref_store *ref_store,
1723 const char *oldrefname, const char *newrefname,
1724 const char *logmsg)
1725 {
1726 return files_copy_or_rename_ref(ref_store, oldrefname,
1727 newrefname, logmsg, 0);
1728 }
1729
1730 static int files_copy_ref(struct ref_store *ref_store,
1731 const char *oldrefname, const char *newrefname,
1732 const char *logmsg)
1733 {
1734 return files_copy_or_rename_ref(ref_store, oldrefname,
1735 newrefname, logmsg, 1);
1736 }
1737
1738 static int close_ref_gently(struct ref_lock *lock)
1739 {
1740 if (close_lock_file_gently(&lock->lk))
1741 return -1;
1742 return 0;
1743 }
1744
1745 static int commit_ref(struct ref_lock *lock)
1746 {
1747 char *path = get_locked_file_path(&lock->lk);
1748 struct stat st;
1749
1750 if (!lstat(path, &st) && S_ISDIR(st.st_mode)) {
1751 /*
1752 * There is a directory at the path we want to rename
1753 * the lockfile to. Hopefully it is empty; try to
1754 * delete it.
1755 */
1756 size_t len = strlen(path);
1757 struct strbuf sb_path = STRBUF_INIT;
1758
1759 strbuf_attach(&sb_path, path, len, len);
1760
1761 /*
1762 * If this fails, commit_lock_file() will also fail
1763 * and will report the problem.
1764 */
1765 remove_empty_directories(&sb_path);
1766 strbuf_release(&sb_path);
1767 } else {
1768 free(path);
1769 }
1770
1771 if (commit_lock_file(&lock->lk))
1772 return -1;
1773 return 0;
1774 }
1775
1776 static int open_or_create_logfile(const char *path, void *cb)
1777 {
1778 int *fd = cb;
1779
1780 *fd = open(path, O_APPEND | O_WRONLY | O_CREAT, 0666);
1781 return (*fd < 0) ? -1 : 0;
1782 }
1783
1784 /*
1785 * Create a reflog for a ref. If force_create = 0, only create the
1786 * reflog for certain refs (those for which should_autocreate_reflog
1787 * returns non-zero). Otherwise, create it regardless of the reference
1788 * name. If the logfile already existed or was created, return 0 and
1789 * set *logfd to the file descriptor opened for appending to the file.
1790 * If no logfile exists and we decided not to create one, return 0 and
1791 * set *logfd to -1. On failure, fill in *err, set *logfd to -1, and
1792 * return -1.
1793 */
1794 static int log_ref_setup(struct files_ref_store *refs,
1795 const char *refname, int force_create,
1796 int *logfd, struct strbuf *err)
1797 {
1798 enum log_refs_config log_refs_cfg = refs->log_all_ref_updates;
1799 struct strbuf logfile_sb = STRBUF_INIT;
1800 char *logfile;
1801
1802 if (log_refs_cfg == LOG_REFS_UNSET)
1803 log_refs_cfg = is_bare_repository() ? LOG_REFS_NONE : LOG_REFS_NORMAL;
1804
1805 files_reflog_path(refs, &logfile_sb, refname);
1806 logfile = strbuf_detach(&logfile_sb, NULL);
1807
1808 if (force_create || should_autocreate_reflog(log_refs_cfg, refname)) {
1809 if (raceproof_create_file(logfile, open_or_create_logfile, logfd)) {
1810 if (errno == ENOENT)
1811 strbuf_addf(err, "unable to create directory for '%s': "
1812 "%s", logfile, strerror(errno));
1813 else if (errno == EISDIR)
1814 strbuf_addf(err, "there are still logs under '%s'",
1815 logfile);
1816 else
1817 strbuf_addf(err, "unable to append to '%s': %s",
1818 logfile, strerror(errno));
1819
1820 goto error;
1821 }
1822 } else {
1823 *logfd = open(logfile, O_APPEND | O_WRONLY);
1824 if (*logfd < 0) {
1825 if (errno == ENOENT || errno == EISDIR) {
1826 /*
1827 * The logfile doesn't already exist,
1828 * but that is not an error; it only
1829 * means that we won't write log
1830 * entries to it.
1831 */
1832 ;
1833 } else {
1834 strbuf_addf(err, "unable to append to '%s': %s",
1835 logfile, strerror(errno));
1836 goto error;
1837 }
1838 }
1839 }
1840
1841 if (*logfd >= 0)
1842 adjust_shared_perm(the_repository, logfile);
1843
1844 free(logfile);
1845 return 0;
1846
1847 error:
1848 free(logfile);
1849 return -1;
1850 }
1851
1852 static int files_create_reflog(struct ref_store *ref_store, const char *refname,
1853 struct strbuf *err)
1854 {
1855 struct files_ref_store *refs =
1856 files_downcast(ref_store, REF_STORE_WRITE, "create_reflog");
1857 int fd;
1858
1859 if (log_ref_setup(refs, refname, 1, &fd, err))
1860 return -1;
1861
1862 if (fd >= 0)
1863 close(fd);
1864
1865 return 0;
1866 }
1867
1868 static int log_ref_write_fd(int fd, const struct object_id *old_oid,
1869 const struct object_id *new_oid,
1870 const char *committer, const char *msg)
1871 {
1872 struct strbuf sb = STRBUF_INIT;
1873 int ret = 0;
1874
1875 if (!committer)
1876 committer = git_committer_info(0);
1877
1878 strbuf_addf(&sb, "%s %s %s", oid_to_hex(old_oid), oid_to_hex(new_oid), committer);
1879 if (msg && *msg) {
1880 strbuf_addch(&sb, '\t');
1881 strbuf_addstr(&sb, msg);
1882 }
1883 strbuf_addch(&sb, '\n');
1884 if (write_in_full(fd, sb.buf, sb.len) < 0)
1885 ret = -1;
1886 strbuf_release(&sb);
1887 return ret;
1888 }
1889
1890 static int files_log_ref_write(struct files_ref_store *refs,
1891 const char *refname,
1892 const struct object_id *old_oid,
1893 const struct object_id *new_oid,
1894 const char *committer_info, const char *msg,
1895 int flags, struct strbuf *err)
1896 {
1897 int logfd, result;
1898
1899 if (flags & REF_SKIP_CREATE_REFLOG)
1900 return 0;
1901
1902 result = log_ref_setup(refs, refname,
1903 flags & REF_FORCE_CREATE_REFLOG,
1904 &logfd, err);
1905
1906 if (result)
1907 return result;
1908
1909 if (logfd < 0)
1910 return 0;
1911 result = log_ref_write_fd(logfd, old_oid, new_oid, committer_info, msg);
1912 if (result) {
1913 struct strbuf sb = STRBUF_INIT;
1914 int save_errno = errno;
1915
1916 files_reflog_path(refs, &sb, refname);
1917 strbuf_addf(err, "unable to append to '%s': %s",
1918 sb.buf, strerror(save_errno));
1919 strbuf_release(&sb);
1920 close(logfd);
1921 return -1;
1922 }
1923 if (close(logfd)) {
1924 struct strbuf sb = STRBUF_INIT;
1925 int save_errno = errno;
1926
1927 files_reflog_path(refs, &sb, refname);
1928 strbuf_addf(err, "unable to append to '%s': %s",
1929 sb.buf, strerror(save_errno));
1930 strbuf_release(&sb);
1931 return -1;
1932 }
1933 return 0;
1934 }
1935
1936 /*
1937 * Write oid into the open lockfile, then close the lockfile. On
1938 * errors, rollback the lockfile, fill in *err and return -1.
1939 */
1940 static enum ref_transaction_error write_ref_to_lockfile(struct files_ref_store *refs,
1941 struct ref_lock *lock,
1942 const struct object_id *oid,
1943 int skip_oid_verification,
1944 struct strbuf *err)
1945 {
1946 static char term = '\n';
1947 struct object *o;
1948 int fd;
1949
1950 if (!skip_oid_verification) {
1951 o = parse_object(refs->base.repo, oid);
1952 if (!o) {
1953 strbuf_addf(
1954 err,
1955 "trying to write ref '%s' with nonexistent object %s",
1956 lock->ref_name, oid_to_hex(oid));
1957 unlock_ref(lock);
1958 return REF_TRANSACTION_ERROR_INVALID_NEW_VALUE;
1959 }
1960 if (o->type != OBJ_COMMIT && is_branch(lock->ref_name)) {
1961 strbuf_addf(
1962 err,
1963 "trying to write non-commit object %s to branch '%s'",
1964 oid_to_hex(oid), lock->ref_name);
1965 unlock_ref(lock);
1966 return REF_TRANSACTION_ERROR_INVALID_NEW_VALUE;
1967 }
1968 }
1969 fd = get_lock_file_fd(&lock->lk);
1970 if (write_in_full(fd, oid_to_hex(oid), refs->base.repo->hash_algo->hexsz) < 0 ||
1971 write_in_full(fd, &term, 1) < 0 ||
1972 fsync_component(FSYNC_COMPONENT_REFERENCE, get_lock_file_fd(&lock->lk)) < 0 ||
1973 close_ref_gently(lock) < 0) {
1974 strbuf_addf(err,
1975 "couldn't write '%s'", get_lock_file_path(&lock->lk));
1976 unlock_ref(lock);
1977 return REF_TRANSACTION_ERROR_GENERIC;
1978 }
1979 return 0;
1980 }
1981
1982 /*
1983 * Commit a change to a loose reference that has already been written
1984 * to the loose reference lockfile. Also update the reflogs if
1985 * necessary, using the specified lockmsg (which can be NULL).
1986 */
1987 static int commit_ref_update(struct files_ref_store *refs,
1988 struct ref_lock *lock,
1989 const struct object_id *oid, const char *logmsg,
1990 int flags,
1991 struct strbuf *err)
1992 {
1993 files_assert_main_repository(refs, "commit_ref_update");
1994
1995 clear_loose_ref_cache(refs);
1996 if (files_log_ref_write(refs, lock->ref_name, &lock->old_oid, oid, NULL,
1997 logmsg, flags, err)) {
1998 char *old_msg = strbuf_detach(err, NULL);
1999 strbuf_addf(err, "cannot update the ref '%s': %s",
2000 lock->ref_name, old_msg);
2001 free(old_msg);
2002 unlock_ref(lock);
2003 return -1;
2004 }
2005
2006 if (strcmp(lock->ref_name, "HEAD") != 0) {
2007 /*
2008 * Special hack: If a branch is updated directly and HEAD
2009 * points to it (may happen on the remote side of a push
2010 * for example) then logically the HEAD reflog should be
2011 * updated too.
2012 * A generic solution implies reverse symref information,
2013 * but finding all symrefs pointing to the given branch
2014 * would be rather costly for this rare event (the direct
2015 * update of a branch) to be worth it. So let's cheat and
2016 * check with HEAD only which should cover 99% of all usage
2017 * scenarios (even 100% of the default ones).
2018 */
2019 int head_flag;
2020 const char *head_ref;
2021
2022 head_ref = refs_resolve_ref_unsafe(&refs->base, "HEAD",
2023 RESOLVE_REF_READING,
2024 NULL, &head_flag);
2025 if (head_ref && (head_flag & REF_ISSYMREF) &&
2026 !strcmp(head_ref, lock->ref_name)) {
2027 struct strbuf log_err = STRBUF_INIT;
2028 if (files_log_ref_write(refs, "HEAD", &lock->old_oid,
2029 oid, NULL, logmsg, flags,
2030 &log_err)) {
2031 error("%s", log_err.buf);
2032 strbuf_release(&log_err);
2033 }
2034 }
2035 }
2036
2037 if (commit_ref(lock)) {
2038 strbuf_addf(err, "couldn't set '%s'", lock->ref_name);
2039 unlock_ref(lock);
2040 return -1;
2041 }
2042
2043 unlock_ref(lock);
2044 return 0;
2045 }
2046
2047 #ifdef NO_SYMLINK_HEAD
2048 #define create_ref_symlink(a, b) (-1)
2049 #else
2050 static int create_ref_symlink(struct ref_lock *lock, const char *target)
2051 {
2052 int ret = -1;
2053
2054 char *ref_path = get_locked_file_path(&lock->lk);
2055 unlink(ref_path);
2056 ret = symlink(target, ref_path);
2057 free(ref_path);
2058
2059 if (ret)
2060 fprintf(stderr, "no symlink - falling back to symbolic ref\n");
2061 return ret;
2062 }
2063 #endif
2064
2065 static int create_symref_lock(struct ref_lock *lock, const char *target,
2066 struct strbuf *err)
2067 {
2068 if (!fdopen_lock_file(&lock->lk, "w")) {
2069 strbuf_addf(err, "unable to fdopen %s: %s",
2070 get_lock_file_path(&lock->lk), strerror(errno));
2071 return -1;
2072 }
2073
2074 if (fprintf(get_lock_file_fp(&lock->lk), "ref: %s\n", target) < 0) {
2075 strbuf_addf(err, "unable to write to %s: %s",
2076 get_lock_file_path(&lock->lk), strerror(errno));
2077 return -1;
2078 }
2079
2080 return 0;
2081 }
2082
2083 static int files_reflog_exists(struct ref_store *ref_store,
2084 const char *refname)
2085 {
2086 struct files_ref_store *refs =
2087 files_downcast(ref_store, REF_STORE_READ, "reflog_exists");
2088 struct strbuf sb = STRBUF_INIT;
2089 struct stat st;
2090 int ret;
2091
2092 files_reflog_path(refs, &sb, refname);
2093 ret = !lstat(sb.buf, &st) && S_ISREG(st.st_mode);
2094 strbuf_release(&sb);
2095 return ret;
2096 }
2097
2098 static int files_delete_reflog(struct ref_store *ref_store,
2099 const char *refname)
2100 {
2101 struct files_ref_store *refs =
2102 files_downcast(ref_store, REF_STORE_WRITE, "delete_reflog");
2103 struct strbuf sb = STRBUF_INIT;
2104 int ret;
2105
2106 files_reflog_path(refs, &sb, refname);
2107 ret = remove_path(sb.buf);
2108 strbuf_release(&sb);
2109 return ret;
2110 }
2111
2112 static int show_one_reflog_ent(struct files_ref_store *refs, struct strbuf *sb,
2113 each_reflog_ent_fn fn, void *cb_data)
2114 {
2115 struct object_id ooid, noid;
2116 char *email_end, *message;
2117 timestamp_t timestamp;
2118 int tz;
2119 const char *p = sb->buf;
2120
2121 /* old SP new SP name <email> SP time TAB msg LF */
2122 if (!sb->len || sb->buf[sb->len - 1] != '\n' ||
2123 parse_oid_hex_algop(p, &ooid, &p, refs->base.repo->hash_algo) || *p++ != ' ' ||
2124 parse_oid_hex_algop(p, &noid, &p, refs->base.repo->hash_algo) || *p++ != ' ' ||
2125 !(email_end = strchr(p, '>')) ||
2126 email_end[1] != ' ' ||
2127 !(timestamp = parse_timestamp(email_end + 2, &message, 10)) ||
2128 !message || message[0] != ' ' ||
2129 (message[1] != '+' && message[1] != '-') ||
2130 !isdigit(message[2]) || !isdigit(message[3]) ||
2131 !isdigit(message[4]) || !isdigit(message[5]))
2132 return 0; /* corrupt? */
2133 email_end[1] = '\0';
2134 tz = strtol(message + 1, NULL, 10);
2135 if (message[6] != '\t')
2136 message += 6;
2137 else
2138 message += 7;
2139 return fn(&ooid, &noid, p, timestamp, tz, message, cb_data);
2140 }
2141
2142 static char *find_beginning_of_line(char *bob, char *scan)
2143 {
2144 while (bob < scan && *(--scan) != '\n')
2145 ; /* keep scanning backwards */
2146 /*
2147 * Return either beginning of the buffer, or LF at the end of
2148 * the previous line.
2149 */
2150 return scan;
2151 }
2152
2153 static int files_for_each_reflog_ent_reverse(struct ref_store *ref_store,
2154 const char *refname,
2155 each_reflog_ent_fn fn,
2156 void *cb_data)
2157 {
2158 struct files_ref_store *refs =
2159 files_downcast(ref_store, REF_STORE_READ,
2160 "for_each_reflog_ent_reverse");
2161 struct strbuf sb = STRBUF_INIT;
2162 FILE *logfp;
2163 long pos;
2164 int ret = 0, at_tail = 1;
2165
2166 files_reflog_path(refs, &sb, refname);
2167 logfp = fopen(sb.buf, "r");
2168 strbuf_release(&sb);
2169 if (!logfp)
2170 return -1;
2171
2172 /* Jump to the end */
2173 if (fseek(logfp, 0, SEEK_END) < 0)
2174 ret = error("cannot seek back reflog for %s: %s",
2175 refname, strerror(errno));
2176 pos = ftell(logfp);
2177 while (!ret && 0 < pos) {
2178 int cnt;
2179 size_t nread;
2180 char buf[BUFSIZ];
2181 char *endp, *scanp;
2182
2183 /* Fill next block from the end */
2184 cnt = (sizeof(buf) < pos) ? sizeof(buf) : pos;
2185 if (fseek(logfp, pos - cnt, SEEK_SET)) {
2186 ret = error("cannot seek back reflog for %s: %s",
2187 refname, strerror(errno));
2188 break;
2189 }
2190 nread = fread(buf, cnt, 1, logfp);
2191 if (nread != 1) {
2192 ret = error("cannot read %d bytes from reflog for %s: %s",
2193 cnt, refname, strerror(errno));
2194 break;
2195 }
2196 pos -= cnt;
2197
2198 scanp = endp = buf + cnt;
2199 if (at_tail && scanp[-1] == '\n')
2200 /* Looking at the final LF at the end of the file */
2201 scanp--;
2202 at_tail = 0;
2203
2204 while (buf < scanp) {
2205 /*
2206 * terminating LF of the previous line, or the beginning
2207 * of the buffer.
2208 */
2209 char *bp;
2210
2211 bp = find_beginning_of_line(buf, scanp);
2212
2213 if (*bp == '\n') {
2214 /*
2215 * The newline is the end of the previous line,
2216 * so we know we have complete line starting
2217 * at (bp + 1). Prefix it onto any prior data
2218 * we collected for the line and process it.
2219 */
2220 strbuf_splice(&sb, 0, 0, bp + 1, endp - (bp + 1));
2221 scanp = bp;
2222 endp = bp + 1;
2223 ret = show_one_reflog_ent(refs, &sb, fn, cb_data);
2224 strbuf_reset(&sb);
2225 if (ret)
2226 break;
2227 } else if (!pos) {
2228 /*
2229 * We are at the start of the buffer, and the
2230 * start of the file; there is no previous
2231 * line, and we have everything for this one.
2232 * Process it, and we can end the loop.
2233 */
2234 strbuf_splice(&sb, 0, 0, buf, endp - buf);
2235 ret = show_one_reflog_ent(refs, &sb, fn, cb_data);
2236 strbuf_reset(&sb);
2237 break;
2238 }
2239
2240 if (bp == buf) {
2241 /*
2242 * We are at the start of the buffer, and there
2243 * is more file to read backwards. Which means
2244 * we are in the middle of a line. Note that we
2245 * may get here even if *bp was a newline; that
2246 * just means we are at the exact end of the
2247 * previous line, rather than some spot in the
2248 * middle.
2249 *
2250 * Save away what we have to be combined with
2251 * the data from the next read.
2252 */
2253 strbuf_splice(&sb, 0, 0, buf, endp - buf);
2254 break;
2255 }
2256 }
2257
2258 }
2259 if (!ret && sb.len)
2260 BUG("reverse reflog parser had leftover data");
2261
2262 fclose(logfp);
2263 strbuf_release(&sb);
2264 return ret;
2265 }
2266
2267 static int files_for_each_reflog_ent(struct ref_store *ref_store,
2268 const char *refname,
2269 each_reflog_ent_fn fn, void *cb_data)
2270 {
2271 struct files_ref_store *refs =
2272 files_downcast(ref_store, REF_STORE_READ,
2273 "for_each_reflog_ent");
2274 FILE *logfp;
2275 struct strbuf sb = STRBUF_INIT;
2276 int ret = 0;
2277
2278 files_reflog_path(refs, &sb, refname);
2279 logfp = fopen(sb.buf, "r");
2280 strbuf_release(&sb);
2281 if (!logfp)
2282 return -1;
2283
2284 while (!ret && !strbuf_getwholeline(&sb, logfp, '\n'))
2285 ret = show_one_reflog_ent(refs, &sb, fn, cb_data);
2286 fclose(logfp);
2287 strbuf_release(&sb);
2288 return ret;
2289 }
2290
2291 struct files_reflog_iterator {
2292 struct ref_iterator base;
2293 struct ref_store *ref_store;
2294 struct dir_iterator *dir_iterator;
2295 };
2296
2297 static int files_reflog_iterator_advance(struct ref_iterator *ref_iterator)
2298 {
2299 struct files_reflog_iterator *iter =
2300 (struct files_reflog_iterator *)ref_iterator;
2301 struct dir_iterator *diter = iter->dir_iterator;
2302 int ok;
2303
2304 while ((ok = dir_iterator_advance(diter)) == ITER_OK) {
2305 if (!S_ISREG(diter->st.st_mode))
2306 continue;
2307 if (check_refname_format(diter->basename,
2308 REFNAME_ALLOW_ONELEVEL))
2309 continue;
2310
2311 iter->base.refname = diter->relative_path;
2312 return ITER_OK;
2313 }
2314
2315 return ok;
2316 }
2317
2318 static int files_reflog_iterator_seek(struct ref_iterator *ref_iterator UNUSED,
2319 const char *prefix UNUSED)
2320 {
2321 BUG("ref_iterator_seek() called for reflog_iterator");
2322 }
2323
2324 static int files_reflog_iterator_peel(struct ref_iterator *ref_iterator UNUSED,
2325 struct object_id *peeled UNUSED)
2326 {
2327 BUG("ref_iterator_peel() called for reflog_iterator");
2328 }
2329
2330 static void files_reflog_iterator_release(struct ref_iterator *ref_iterator)
2331 {
2332 struct files_reflog_iterator *iter =
2333 (struct files_reflog_iterator *)ref_iterator;
2334 dir_iterator_free(iter->dir_iterator);
2335 }
2336
2337 static struct ref_iterator_vtable files_reflog_iterator_vtable = {
2338 .advance = files_reflog_iterator_advance,
2339 .seek = files_reflog_iterator_seek,
2340 .peel = files_reflog_iterator_peel,
2341 .release = files_reflog_iterator_release,
2342 };
2343
2344 static struct ref_iterator *reflog_iterator_begin(struct ref_store *ref_store,
2345 const char *gitdir)
2346 {
2347 struct dir_iterator *diter;
2348 struct files_reflog_iterator *iter;
2349 struct ref_iterator *ref_iterator;
2350 struct strbuf sb = STRBUF_INIT;
2351
2352 strbuf_addf(&sb, "%s/logs", gitdir);
2353
2354 diter = dir_iterator_begin(sb.buf, DIR_ITERATOR_SORTED);
2355 if (!diter) {
2356 strbuf_release(&sb);
2357 return empty_ref_iterator_begin();
2358 }
2359
2360 CALLOC_ARRAY(iter, 1);
2361 ref_iterator = &iter->base;
2362
2363 base_ref_iterator_init(ref_iterator, &files_reflog_iterator_vtable);
2364 iter->dir_iterator = diter;
2365 iter->ref_store = ref_store;
2366 strbuf_release(&sb);
2367
2368 return ref_iterator;
2369 }
2370
2371 static struct ref_iterator *files_reflog_iterator_begin(struct ref_store *ref_store)
2372 {
2373 struct files_ref_store *refs =
2374 files_downcast(ref_store, REF_STORE_READ,
2375 "reflog_iterator_begin");
2376
2377 if (!strcmp(refs->base.gitdir, refs->gitcommondir)) {
2378 return reflog_iterator_begin(ref_store, refs->gitcommondir);
2379 } else {
2380 return merge_ref_iterator_begin(
2381 reflog_iterator_begin(ref_store, refs->base.gitdir),
2382 reflog_iterator_begin(ref_store, refs->gitcommondir),
2383 ref_iterator_select, refs);
2384 }
2385 }
2386
2387 /*
2388 * If update is a direct update of head_ref (the reference pointed to
2389 * by HEAD), then add an extra REF_LOG_ONLY update for HEAD.
2390 */
2391 static enum ref_transaction_error split_head_update(struct ref_update *update,
2392 struct ref_transaction *transaction,
2393 const char *head_ref,
2394 struct strbuf *err)
2395 {
2396 struct ref_update *new_update;
2397
2398 if ((update->flags & REF_LOG_ONLY) ||
2399 (update->flags & REF_SKIP_CREATE_REFLOG) ||
2400 (update->flags & REF_IS_PRUNING) ||
2401 (update->flags & REF_UPDATE_VIA_HEAD))
2402 return 0;
2403
2404 if (strcmp(update->refname, head_ref))
2405 return 0;
2406
2407 /*
2408 * First make sure that HEAD is not already in the
2409 * transaction. This check is O(lg N) in the transaction
2410 * size, but it happens at most once per transaction.
2411 */
2412 if (string_list_has_string(&transaction->refnames, "HEAD")) {
2413 /* An entry already existed */
2414 strbuf_addf(err,
2415 "multiple updates for 'HEAD' (including one "
2416 "via its referent '%s') are not allowed",
2417 update->refname);
2418 return REF_TRANSACTION_ERROR_NAME_CONFLICT;
2419 }
2420
2421 new_update = ref_transaction_add_update(
2422 transaction, "HEAD",
2423 update->flags | REF_LOG_ONLY | REF_NO_DEREF,
2424 &update->new_oid, &update->old_oid,
2425 NULL, NULL, update->committer_info, update->msg);
2426
2427 /*
2428 * Add "HEAD". This insertion is O(N) in the transaction
2429 * size, but it happens at most once per transaction.
2430 * Add new_update->refname instead of a literal "HEAD".
2431 */
2432 if (strcmp(new_update->refname, "HEAD"))
2433 BUG("%s unexpectedly not 'HEAD'", new_update->refname);
2434
2435 return 0;
2436 }
2437
2438 /*
2439 * update is for a symref that points at referent and doesn't have
2440 * REF_NO_DEREF set. Split it into two updates:
2441 * - The original update, but with REF_LOG_ONLY and REF_NO_DEREF set
2442 * - A new, separate update for the referent reference
2443 * Note that the new update will itself be subject to splitting when
2444 * the iteration gets to it.
2445 */
2446 static enum ref_transaction_error split_symref_update(struct ref_update *update,
2447 const char *referent,
2448 struct ref_transaction *transaction,
2449 struct strbuf *err)
2450 {
2451 struct ref_update *new_update;
2452 unsigned int new_flags;
2453
2454 /*
2455 * First make sure that referent is not already in the
2456 * transaction. This check is O(lg N) in the transaction
2457 * size, but it happens at most once per symref in a
2458 * transaction.
2459 */
2460 if (string_list_has_string(&transaction->refnames, referent)) {
2461 /* An entry already exists */
2462 strbuf_addf(err,
2463 "multiple updates for '%s' (including one "
2464 "via symref '%s') are not allowed",
2465 referent, update->refname);
2466 return REF_TRANSACTION_ERROR_NAME_CONFLICT;
2467 }
2468
2469 new_flags = update->flags;
2470 if (!strcmp(update->refname, "HEAD")) {
2471 /*
2472 * Record that the new update came via HEAD, so that
2473 * when we process it, split_head_update() doesn't try
2474 * to add another reflog update for HEAD. Note that
2475 * this bit will be propagated if the new_update
2476 * itself needs to be split.
2477 */
2478 new_flags |= REF_UPDATE_VIA_HEAD;
2479 }
2480
2481 new_update = ref_transaction_add_update(
2482 transaction, referent, new_flags,
2483 update->new_target ? NULL : &update->new_oid,
2484 update->old_target ? NULL : &update->old_oid,
2485 update->new_target, update->old_target, NULL,
2486 update->msg);
2487
2488 new_update->parent_update = update;
2489
2490 /*
2491 * Change the symbolic ref update to log only. Also, it
2492 * doesn't need to check its old OID value, as that will be
2493 * done when new_update is processed.
2494 */
2495 update->flags |= REF_LOG_ONLY | REF_NO_DEREF;
2496 update->flags &= ~REF_HAVE_OLD;
2497
2498 return 0;
2499 }
2500
2501 /*
2502 * Check whether the REF_HAVE_OLD and old_oid values stored in update
2503 * are consistent with oid, which is the reference's current value. If
2504 * everything is OK, return 0; otherwise, write an error message to
2505 * err and return -1.
2506 */
2507 static enum ref_transaction_error check_old_oid(struct ref_update *update,
2508 struct object_id *oid,
2509 struct strbuf *err)
2510 {
2511 if (!(update->flags & REF_HAVE_OLD) ||
2512 oideq(oid, &update->old_oid))
2513 return 0;
2514
2515 if (is_null_oid(&update->old_oid)) {
2516 strbuf_addf(err, "cannot lock ref '%s': "
2517 "reference already exists",
2518 ref_update_original_update_refname(update));
2519 return REF_TRANSACTION_ERROR_CREATE_EXISTS;
2520 } else if (is_null_oid(oid)) {
2521 strbuf_addf(err, "cannot lock ref '%s': "
2522 "reference is missing but expected %s",
2523 ref_update_original_update_refname(update),
2524 oid_to_hex(&update->old_oid));
2525 return REF_TRANSACTION_ERROR_NONEXISTENT_REF;
2526 }
2527
2528 strbuf_addf(err, "cannot lock ref '%s': is at %s but expected %s",
2529 ref_update_original_update_refname(update), oid_to_hex(oid),
2530 oid_to_hex(&update->old_oid));
2531
2532 return REF_TRANSACTION_ERROR_INCORRECT_OLD_VALUE;
2533 }
2534
2535 struct files_transaction_backend_data {
2536 struct ref_transaction *packed_transaction;
2537 int packed_refs_locked;
2538 struct strmap ref_locks;
2539 };
2540
2541 /*
2542 * Prepare for carrying out update:
2543 * - Lock the reference referred to by update.
2544 * - Read the reference under lock.
2545 * - Check that its old OID value (if specified) is correct, and in
2546 * any case record it in update->lock->old_oid for later use when
2547 * writing the reflog.
2548 * - If it is a symref update without REF_NO_DEREF, split it up into a
2549 * REF_LOG_ONLY update of the symref and add a separate update for
2550 * the referent to transaction.
2551 * - If it is an update of head_ref, add a corresponding REF_LOG_ONLY
2552 * update of HEAD.
2553 */
2554 static enum ref_transaction_error lock_ref_for_update(struct files_ref_store *refs,
2555 struct ref_update *update,
2556 size_t update_idx,
2557 struct ref_transaction *transaction,
2558 const char *head_ref,
2559 struct string_list *refnames_to_check,
2560 struct strbuf *err)
2561 {
2562 struct strbuf referent = STRBUF_INIT;
2563 int mustexist = ref_update_expects_existing_old_ref(update);
2564 struct files_transaction_backend_data *backend_data;
2565 enum ref_transaction_error ret = 0;
2566 struct ref_lock *lock;
2567
2568 files_assert_main_repository(refs, "lock_ref_for_update");
2569
2570 backend_data = transaction->backend_data;
2571
2572 if ((update->flags & REF_HAVE_NEW) && ref_update_has_null_new_value(update))
2573 update->flags |= REF_DELETING;
2574
2575 if (head_ref) {
2576 ret = split_head_update(update, transaction, head_ref, err);
2577 if (ret)
2578 goto out;
2579 }
2580
2581 lock = strmap_get(&backend_data->ref_locks, update->refname);
2582 if (lock) {
2583 lock->count++;
2584 } else {
2585 ret = lock_raw_ref(refs, update, update_idx, mustexist,
2586 refnames_to_check, &transaction->refnames,
2587 &lock, &referent, err);
2588 if (ret) {
2589 char *reason;
2590
2591 reason = strbuf_detach(err, NULL);
2592 strbuf_addf(err, "cannot lock ref '%s': %s",
2593 ref_update_original_update_refname(update), reason);
2594 free(reason);
2595 goto out;
2596 }
2597
2598 strmap_put(&backend_data->ref_locks, update->refname, lock);
2599 }
2600
2601 update->backend_data = lock;
2602
2603 if (update->type & REF_ISSYMREF) {
2604 if (update->flags & REF_NO_DEREF) {
2605 /*
2606 * We won't be reading the referent as part of
2607 * the transaction, so we have to read it here
2608 * to record and possibly check old_oid:
2609 */
2610 if (!refs_resolve_ref_unsafe(&refs->base,
2611 referent.buf, 0,
2612 &lock->old_oid, NULL)) {
2613 if (update->flags & REF_HAVE_OLD) {
2614 strbuf_addf(err, "cannot lock ref '%s': "
2615 "error reading reference",
2616 ref_update_original_update_refname(update));
2617 ret = REF_TRANSACTION_ERROR_GENERIC;
2618 goto out;
2619 }
2620 }
2621
2622 if (update->old_target)
2623 ret = ref_update_check_old_target(referent.buf, update, err);
2624 else
2625 ret = check_old_oid(update, &lock->old_oid, err);
2626 if (ret)
2627 goto out;
2628 } else {
2629 /*
2630 * Create a new update for the reference this
2631 * symref is pointing at. Also, we will record
2632 * and verify old_oid for this update as part
2633 * of processing the split-off update, so we
2634 * don't have to do it here.
2635 */
2636 ret = split_symref_update(update, referent.buf,
2637 transaction, err);
2638 if (ret)
2639 goto out;
2640 }
2641 } else {
2642 struct ref_update *parent_update;
2643
2644 /*
2645 * Even if the ref is a regular ref, if `old_target` is set, we
2646 * fail with an error.
2647 */
2648 if (update->old_target) {
2649 strbuf_addf(err, _("cannot lock ref '%s': "
2650 "expected symref with target '%s': "
2651 "but is a regular ref"),
2652 ref_update_original_update_refname(update),
2653 update->old_target);
2654 ret = REF_TRANSACTION_ERROR_EXPECTED_SYMREF;
2655 goto out;
2656 } else {
2657 ret = check_old_oid(update, &lock->old_oid, err);
2658 if (ret) {
2659 goto out;
2660 }
2661 }
2662
2663 /*
2664 * If this update is happening indirectly because of a
2665 * symref update, record the old OID in the parent
2666 * update:
2667 */
2668 for (parent_update = update->parent_update;
2669 parent_update;
2670 parent_update = parent_update->parent_update) {
2671 struct ref_lock *parent_lock = parent_update->backend_data;
2672 oidcpy(&parent_lock->old_oid, &lock->old_oid);
2673 }
2674 }
2675
2676 if (update->new_target && !(update->flags & REF_LOG_ONLY)) {
2677 if (create_symref_lock(lock, update->new_target, err)) {
2678 ret = REF_TRANSACTION_ERROR_GENERIC;
2679 goto out;
2680 }
2681
2682 if (close_ref_gently(lock)) {
2683 strbuf_addf(err, "couldn't close '%s.lock'",
2684 update->refname);
2685 ret = REF_TRANSACTION_ERROR_GENERIC;
2686 goto out;
2687 }
2688
2689 /*
2690 * Once we have created the symref lock, the commit
2691 * phase of the transaction only needs to commit the lock.
2692 */
2693 update->flags |= REF_NEEDS_COMMIT;
2694 } else if ((update->flags & REF_HAVE_NEW) &&
2695 !(update->flags & REF_DELETING) &&
2696 !(update->flags & REF_LOG_ONLY)) {
2697 if (!(update->type & REF_ISSYMREF) &&
2698 oideq(&lock->old_oid, &update->new_oid)) {
2699 /*
2700 * The reference already has the desired
2701 * value, so we don't need to write it.
2702 */
2703 } else {
2704 ret = write_ref_to_lockfile(
2705 refs, lock, &update->new_oid,
2706 update->flags & REF_SKIP_OID_VERIFICATION,
2707 err);
2708 if (ret) {
2709 char *write_err = strbuf_detach(err, NULL);
2710
2711 /*
2712 * The lock was freed upon failure of
2713 * write_ref_to_lockfile():
2714 */
2715 update->backend_data = NULL;
2716 strbuf_addf(err,
2717 "cannot update ref '%s': %s",
2718 update->refname, write_err);
2719 free(write_err);
2720 goto out;
2721 } else {
2722 update->flags |= REF_NEEDS_COMMIT;
2723 }
2724 }
2725 }
2726 if (!(update->flags & REF_NEEDS_COMMIT)) {
2727 /*
2728 * We didn't call write_ref_to_lockfile(), so
2729 * the lockfile is still open. Close it to
2730 * free up the file descriptor:
2731 */
2732 if (close_ref_gently(lock)) {
2733 strbuf_addf(err, "couldn't close '%s.lock'",
2734 update->refname);
2735 ret = REF_TRANSACTION_ERROR_GENERIC;
2736 goto out;
2737 }
2738 }
2739
2740 out:
2741 strbuf_release(&referent);
2742 return ret;
2743 }
2744
2745 /*
2746 * Unlock any references in `transaction` that are still locked, and
2747 * mark the transaction closed.
2748 */
2749 static void files_transaction_cleanup(struct files_ref_store *refs,
2750 struct ref_transaction *transaction)
2751 {
2752 size_t i;
2753 struct files_transaction_backend_data *backend_data =
2754 transaction->backend_data;
2755 struct strbuf err = STRBUF_INIT;
2756
2757 for (i = 0; i < transaction->nr; i++) {
2758 struct ref_update *update = transaction->updates[i];
2759 struct ref_lock *lock = update->backend_data;
2760
2761 if (lock) {
2762 unlock_ref(lock);
2763 update->backend_data = NULL;
2764 }
2765 }
2766
2767 if (backend_data) {
2768 if (backend_data->packed_transaction &&
2769 ref_transaction_abort(backend_data->packed_transaction, &err)) {
2770 error("error aborting transaction: %s", err.buf);
2771 strbuf_release(&err);
2772 }
2773
2774 if (backend_data->packed_refs_locked)
2775 packed_refs_unlock(refs->packed_ref_store);
2776
2777 strmap_clear(&backend_data->ref_locks, 0);
2778
2779 free(backend_data);
2780 }
2781
2782 transaction->state = REF_TRANSACTION_CLOSED;
2783 }
2784
2785 static int files_transaction_prepare(struct ref_store *ref_store,
2786 struct ref_transaction *transaction,
2787 struct strbuf *err)
2788 {
2789 struct files_ref_store *refs =
2790 files_downcast(ref_store, REF_STORE_WRITE,
2791 "ref_transaction_prepare");
2792 size_t i;
2793 int ret = 0;
2794 struct string_list refnames_to_check = STRING_LIST_INIT_NODUP;
2795 char *head_ref = NULL;
2796 int head_type;
2797 struct files_transaction_backend_data *backend_data;
2798 struct ref_transaction *packed_transaction = NULL;
2799
2800 assert(err);
2801
2802 if (transaction->flags & REF_TRANSACTION_FLAG_INITIAL)
2803 goto cleanup;
2804 if (!transaction->nr)
2805 goto cleanup;
2806
2807 CALLOC_ARRAY(backend_data, 1);
2808 strmap_init(&backend_data->ref_locks);
2809 transaction->backend_data = backend_data;
2810
2811 /*
2812 * Fail if any of the updates use REF_IS_PRUNING without REF_NO_DEREF.
2813 */
2814 for (i = 0; i < transaction->nr; i++) {
2815 struct ref_update *update = transaction->updates[i];
2816
2817 if ((update->flags & REF_IS_PRUNING) &&
2818 !(update->flags & REF_NO_DEREF))
2819 BUG("REF_IS_PRUNING set without REF_NO_DEREF");
2820 }
2821
2822 /*
2823 * Special hack: If a branch is updated directly and HEAD
2824 * points to it (may happen on the remote side of a push
2825 * for example) then logically the HEAD reflog should be
2826 * updated too.
2827 *
2828 * A generic solution would require reverse symref lookups,
2829 * but finding all symrefs pointing to a given branch would be
2830 * rather costly for this rare event (the direct update of a
2831 * branch) to be worth it. So let's cheat and check with HEAD
2832 * only, which should cover 99% of all usage scenarios (even
2833 * 100% of the default ones).
2834 *
2835 * So if HEAD is a symbolic reference, then record the name of
2836 * the reference that it points to. If we see an update of
2837 * head_ref within the transaction, then split_head_update()
2838 * arranges for the reflog of HEAD to be updated, too.
2839 */
2840 head_ref = refs_resolve_refdup(ref_store, "HEAD",
2841 RESOLVE_REF_NO_RECURSE,
2842 NULL, &head_type);
2843
2844 if (head_ref && !(head_type & REF_ISSYMREF)) {
2845 FREE_AND_NULL(head_ref);
2846 }
2847
2848 /*
2849 * Acquire all locks, verify old values if provided, check
2850 * that new values are valid, and write new values to the
2851 * lockfiles, ready to be activated. Only keep one lockfile
2852 * open at a time to avoid running out of file descriptors.
2853 * Note that lock_ref_for_update() might append more updates
2854 * to the transaction.
2855 */
2856 for (i = 0; i < transaction->nr; i++) {
2857 struct ref_update *update = transaction->updates[i];
2858
2859 ret = lock_ref_for_update(refs, update, i, transaction,
2860 head_ref, &refnames_to_check,
2861 err);
2862 if (ret) {
2863 if (ref_transaction_maybe_set_rejected(transaction, i, ret)) {
2864 strbuf_reset(err);
2865 ret = 0;
2866
2867 continue;
2868 }
2869 goto cleanup;
2870 }
2871
2872 if (update->flags & REF_DELETING &&
2873 !(update->flags & REF_LOG_ONLY) &&
2874 !(update->flags & REF_IS_PRUNING)) {
2875 /*
2876 * This reference has to be deleted from
2877 * packed-refs if it exists there.
2878 */
2879 if (!packed_transaction) {
2880 packed_transaction = ref_store_transaction_begin(
2881 refs->packed_ref_store,
2882 transaction->flags, err);
2883 if (!packed_transaction) {
2884 ret = REF_TRANSACTION_ERROR_GENERIC;
2885 goto cleanup;
2886 }
2887
2888 backend_data->packed_transaction =
2889 packed_transaction;
2890 }
2891
2892 ref_transaction_add_update(
2893 packed_transaction, update->refname,
2894 REF_HAVE_NEW | REF_NO_DEREF,
2895 &update->new_oid, NULL,
2896 NULL, NULL, NULL, NULL);
2897 }
2898 }
2899
2900 /*
2901 * Verify that none of the loose reference that we're about to write
2902 * conflict with any existing packed references. Ideally, we'd do this
2903 * check after the packed-refs are locked so that the file cannot
2904 * change underneath our feet. But introducing such a lock now would
2905 * probably do more harm than good as users rely on there not being a
2906 * global lock with the "files" backend.
2907 *
2908 * Another alternative would be to do the check after the (optional)
2909 * lock, but that would extend the time we spend in the globally-locked
2910 * state.
2911 *
2912 * So instead, we accept the race for now.
2913 */
2914 if (refs_verify_refnames_available(refs->packed_ref_store, &refnames_to_check,
2915 &transaction->refnames, NULL, transaction,
2916 0, err)) {
2917 ret = REF_TRANSACTION_ERROR_NAME_CONFLICT;
2918 goto cleanup;
2919 }
2920
2921 if (packed_transaction) {
2922 if (packed_refs_lock(refs->packed_ref_store, 0, err)) {
2923 ret = REF_TRANSACTION_ERROR_GENERIC;
2924 goto cleanup;
2925 }
2926 backend_data->packed_refs_locked = 1;
2927
2928 if (is_packed_transaction_needed(refs->packed_ref_store,
2929 packed_transaction)) {
2930 ret = ref_transaction_prepare(packed_transaction, err);
2931 /*
2932 * A failure during the prepare step will abort
2933 * itself, but not free. Do that now, and disconnect
2934 * from the files_transaction so it does not try to
2935 * abort us when we hit the cleanup code below.
2936 */
2937 if (ret) {
2938 ref_transaction_free(packed_transaction);
2939 backend_data->packed_transaction = NULL;
2940 }
2941 } else {
2942 /*
2943 * We can skip rewriting the `packed-refs`
2944 * file. But we do need to leave it locked, so
2945 * that somebody else doesn't pack a reference
2946 * that we are trying to delete.
2947 *
2948 * We need to disconnect our transaction from
2949 * backend_data, since the abort (whether successful or
2950 * not) will free it.
2951 */
2952 backend_data->packed_transaction = NULL;
2953 if (ref_transaction_abort(packed_transaction, err)) {
2954 ret = REF_TRANSACTION_ERROR_GENERIC;
2955 goto cleanup;
2956 }
2957 }
2958 }
2959
2960 cleanup:
2961 free(head_ref);
2962 string_list_clear(&refnames_to_check, 1);
2963
2964 if (ret)
2965 files_transaction_cleanup(refs, transaction);
2966 else
2967 transaction->state = REF_TRANSACTION_PREPARED;
2968
2969 return ret;
2970 }
2971
2972 static int parse_and_write_reflog(struct files_ref_store *refs,
2973 struct ref_update *update,
2974 struct ref_lock *lock,
2975 struct strbuf *err)
2976 {
2977 if (update->new_target) {
2978 /*
2979 * We want to get the resolved OID for the target, to ensure
2980 * that the correct value is added to the reflog.
2981 */
2982 if (!refs_resolve_ref_unsafe(&refs->base, update->new_target,
2983 RESOLVE_REF_READING,
2984 &update->new_oid, NULL)) {
2985 /*
2986 * TODO: currently we skip creating reflogs for dangling
2987 * symref updates. It would be nice to capture this as
2988 * zero oid updates however.
2989 */
2990 return 0;
2991 }
2992 }
2993
2994 if (files_log_ref_write(refs, lock->ref_name, &lock->old_oid,
2995 &update->new_oid, update->committer_info,
2996 update->msg, update->flags, err)) {
2997 char *old_msg = strbuf_detach(err, NULL);
2998
2999 strbuf_addf(err, "cannot update the ref '%s': %s",
3000 lock->ref_name, old_msg);
3001 free(old_msg);
3002 unlock_ref(lock);
3003 update->backend_data = NULL;
3004 return -1;
3005 }
3006
3007 return 0;
3008 }
3009
3010 static int ref_present(const char *refname, const char *referent UNUSED,
3011 const struct object_id *oid UNUSED,
3012 int flags UNUSED,
3013 void *cb_data)
3014 {
3015 struct string_list *affected_refnames = cb_data;
3016
3017 return string_list_has_string(affected_refnames, refname);
3018 }
3019
3020 static int files_transaction_finish_initial(struct files_ref_store *refs,
3021 struct ref_transaction *transaction,
3022 struct strbuf *err)
3023 {
3024 size_t i;
3025 int ret = 0;
3026 struct string_list affected_refnames = STRING_LIST_INIT_NODUP;
3027 struct string_list refnames_to_check = STRING_LIST_INIT_NODUP;
3028 struct ref_transaction *packed_transaction = NULL;
3029 struct ref_transaction *loose_transaction = NULL;
3030
3031 assert(err);
3032
3033 if (transaction->state != REF_TRANSACTION_PREPARED)
3034 BUG("commit called for transaction that is not prepared");
3035
3036 /*
3037 * It's really undefined to call this function in an active
3038 * repository or when there are existing references: we are
3039 * only locking and changing packed-refs, so (1) any
3040 * simultaneous processes might try to change a reference at
3041 * the same time we do, and (2) any existing loose versions of
3042 * the references that we are setting would have precedence
3043 * over our values. But some remote helpers create the remote
3044 * "HEAD" and "master" branches before calling this function,
3045 * so here we really only check that none of the references
3046 * that we are creating already exists.
3047 */
3048 if (refs_for_each_rawref(&refs->base, ref_present,
3049 &transaction->refnames))
3050 BUG("initial ref transaction called with existing refs");
3051
3052 packed_transaction = ref_store_transaction_begin(refs->packed_ref_store,
3053 transaction->flags, err);
3054 if (!packed_transaction) {
3055 ret = REF_TRANSACTION_ERROR_GENERIC;
3056 goto cleanup;
3057 }
3058
3059 for (i = 0; i < transaction->nr; i++) {
3060 struct ref_update *update = transaction->updates[i];
3061
3062 if ((update->flags & REF_HAVE_OLD) &&
3063 !is_null_oid(&update->old_oid))
3064 BUG("initial ref transaction with old_sha1 set");
3065
3066 string_list_append(&refnames_to_check, update->refname);
3067
3068 /*
3069 * packed-refs don't support symbolic refs, root refs and reflogs,
3070 * so we have to queue these references via the loose transaction.
3071 */
3072 if (update->new_target ||
3073 is_root_ref(update->refname) ||
3074 (update->flags & REF_LOG_ONLY)) {
3075 if (!loose_transaction) {
3076 loose_transaction = ref_store_transaction_begin(&refs->base, 0, err);
3077 if (!loose_transaction) {
3078 ret = REF_TRANSACTION_ERROR_GENERIC;
3079 goto cleanup;
3080 }
3081 }
3082
3083 if (update->flags & REF_LOG_ONLY)
3084 ref_transaction_add_update(loose_transaction, update->refname,
3085 update->flags, &update->new_oid,
3086 &update->old_oid, NULL, NULL,
3087 update->committer_info, update->msg);
3088 else
3089 ref_transaction_add_update(loose_transaction, update->refname,
3090 update->flags & ~REF_HAVE_OLD,
3091 update->new_target ? NULL : &update->new_oid, NULL,
3092 update->new_target, NULL, update->committer_info,
3093 NULL);
3094 } else {
3095 ref_transaction_add_update(packed_transaction, update->refname,
3096 update->flags & ~REF_HAVE_OLD,
3097 &update->new_oid, &update->old_oid,
3098 NULL, NULL, update->committer_info, NULL);
3099 }
3100 }
3101
3102 if (packed_refs_lock(refs->packed_ref_store, 0, err)) {
3103 ret = REF_TRANSACTION_ERROR_GENERIC;
3104 goto cleanup;
3105 }
3106
3107 if (refs_verify_refnames_available(&refs->base, &refnames_to_check,
3108 &affected_refnames, NULL, transaction,
3109 1, err)) {
3110 packed_refs_unlock(refs->packed_ref_store);
3111 ret = REF_TRANSACTION_ERROR_NAME_CONFLICT;
3112 goto cleanup;
3113 }
3114
3115 if (ref_transaction_commit(packed_transaction, err)) {
3116 ret = REF_TRANSACTION_ERROR_GENERIC;
3117 goto cleanup;
3118 }
3119 packed_refs_unlock(refs->packed_ref_store);
3120
3121 if (loose_transaction) {
3122 if (ref_transaction_prepare(loose_transaction, err) ||
3123 ref_transaction_commit(loose_transaction, err)) {
3124 ret = REF_TRANSACTION_ERROR_GENERIC;
3125 goto cleanup;
3126 }
3127 }
3128
3129 cleanup:
3130 if (loose_transaction)
3131 ref_transaction_free(loose_transaction);
3132 if (packed_transaction)
3133 ref_transaction_free(packed_transaction);
3134 transaction->state = REF_TRANSACTION_CLOSED;
3135 string_list_clear(&affected_refnames, 0);
3136 string_list_clear(&refnames_to_check, 0);
3137 return ret;
3138 }
3139
3140 static int files_transaction_finish(struct ref_store *ref_store,
3141 struct ref_transaction *transaction,
3142 struct strbuf *err)
3143 {
3144 struct files_ref_store *refs =
3145 files_downcast(ref_store, 0, "ref_transaction_finish");
3146 size_t i;
3147 int ret = 0;
3148 struct strbuf sb = STRBUF_INIT;
3149 struct files_transaction_backend_data *backend_data;
3150 struct ref_transaction *packed_transaction;
3151
3152
3153 assert(err);
3154
3155 if (transaction->flags & REF_TRANSACTION_FLAG_INITIAL)
3156 return files_transaction_finish_initial(refs, transaction, err);
3157 if (!transaction->nr) {
3158 transaction->state = REF_TRANSACTION_CLOSED;
3159 return 0;
3160 }
3161
3162 backend_data = transaction->backend_data;
3163 packed_transaction = backend_data->packed_transaction;
3164
3165 /* Perform updates first so live commits remain referenced */
3166 for (i = 0; i < transaction->nr; i++) {
3167 struct ref_update *update = transaction->updates[i];
3168 struct ref_lock *lock = update->backend_data;
3169
3170 if (update->rejection_err)
3171 continue;
3172
3173 if (update->flags & REF_NEEDS_COMMIT ||
3174 update->flags & REF_LOG_ONLY) {
3175 if (parse_and_write_reflog(refs, update, lock, err)) {
3176 ret = REF_TRANSACTION_ERROR_GENERIC;
3177 goto cleanup;
3178 }
3179 }
3180
3181 /*
3182 * We try creating a symlink, if that succeeds we continue to the
3183 * next update. If not, we try and create a regular symref.
3184 */
3185 if (update->new_target && refs->prefer_symlink_refs)
3186 if (!create_ref_symlink(lock, update->new_target))
3187 continue;
3188
3189 if (update->flags & REF_NEEDS_COMMIT) {
3190 clear_loose_ref_cache(refs);
3191 if (commit_ref(lock)) {
3192 strbuf_addf(err, "couldn't set '%s'", lock->ref_name);
3193 unlock_ref(lock);
3194 update->backend_data = NULL;
3195 ret = REF_TRANSACTION_ERROR_GENERIC;
3196 goto cleanup;
3197 }
3198 }
3199 }
3200
3201 /*
3202 * Now that updates are safely completed, we can perform
3203 * deletes. First delete the reflogs of any references that
3204 * will be deleted, since (in the unexpected event of an
3205 * error) leaving a reference without a reflog is less bad
3206 * than leaving a reflog without a reference (the latter is a
3207 * mildly invalid repository state):
3208 */
3209 for (i = 0; i < transaction->nr; i++) {
3210 struct ref_update *update = transaction->updates[i];
3211 if (update->flags & REF_DELETING &&
3212 !(update->flags & REF_LOG_ONLY) &&
3213 !(update->flags & REF_IS_PRUNING)) {
3214 strbuf_reset(&sb);
3215 files_reflog_path(refs, &sb, update->refname);
3216 if (!unlink_or_warn(sb.buf))
3217 try_remove_empty_parents(refs, update->refname,
3218 REMOVE_EMPTY_PARENTS_REFLOG);
3219 }
3220 }
3221
3222 /*
3223 * Perform deletes now that updates are safely completed.
3224 *
3225 * First delete any packed versions of the references, while
3226 * retaining the packed-refs lock:
3227 */
3228 if (packed_transaction) {
3229 ret = ref_transaction_commit(packed_transaction, err);
3230 ref_transaction_free(packed_transaction);
3231 packed_transaction = NULL;
3232 backend_data->packed_transaction = NULL;
3233 if (ret)
3234 goto cleanup;
3235 }
3236
3237 /* Now delete the loose versions of the references: */
3238 for (i = 0; i < transaction->nr; i++) {
3239 struct ref_update *update = transaction->updates[i];
3240 struct ref_lock *lock = update->backend_data;
3241
3242 if (update->flags & REF_DELETING &&
3243 !(update->flags & REF_LOG_ONLY)) {
3244 update->flags |= REF_DELETED_RMDIR;
3245 if (!(update->type & REF_ISPACKED) ||
3246 update->type & REF_ISSYMREF) {
3247 /* It is a loose reference. */
3248 strbuf_reset(&sb);
3249 files_ref_path(refs, &sb, lock->ref_name);
3250 if (unlink_or_msg(sb.buf, err)) {
3251 ret = REF_TRANSACTION_ERROR_GENERIC;
3252 goto cleanup;
3253 }
3254 }
3255 }
3256 }
3257
3258 clear_loose_ref_cache(refs);
3259
3260 cleanup:
3261 files_transaction_cleanup(refs, transaction);
3262
3263 for (i = 0; i < transaction->nr; i++) {
3264 struct ref_update *update = transaction->updates[i];
3265
3266 if (update->flags & REF_DELETED_RMDIR) {
3267 /*
3268 * The reference was deleted. Delete any
3269 * empty parent directories. (Note that this
3270 * can only work because we have already
3271 * removed the lockfile.)
3272 */
3273 try_remove_empty_parents(refs, update->refname,
3274 REMOVE_EMPTY_PARENTS_REF);
3275 }
3276 }
3277
3278 strbuf_release(&sb);
3279 return ret;
3280 }
3281
3282 static int files_transaction_abort(struct ref_store *ref_store,
3283 struct ref_transaction *transaction,
3284 struct strbuf *err UNUSED)
3285 {
3286 struct files_ref_store *refs =
3287 files_downcast(ref_store, 0, "ref_transaction_abort");
3288
3289 files_transaction_cleanup(refs, transaction);
3290 return 0;
3291 }
3292
3293 struct expire_reflog_cb {
3294 reflog_expiry_should_prune_fn *should_prune_fn;
3295 void *policy_cb;
3296 FILE *newlog;
3297 struct object_id last_kept_oid;
3298 unsigned int rewrite:1,
3299 dry_run:1;
3300 };
3301
3302 static int expire_reflog_ent(struct object_id *ooid, struct object_id *noid,
3303 const char *email, timestamp_t timestamp, int tz,
3304 const char *message, void *cb_data)
3305 {
3306 struct expire_reflog_cb *cb = cb_data;
3307 reflog_expiry_should_prune_fn *fn = cb->should_prune_fn;
3308
3309 if (cb->rewrite)
3310 ooid = &cb->last_kept_oid;
3311
3312 if (fn(ooid, noid, email, timestamp, tz, message, cb->policy_cb))
3313 return 0;
3314
3315 if (cb->dry_run)
3316 return 0; /* --dry-run */
3317
3318 fprintf(cb->newlog, "%s %s %s %"PRItime" %+05d\t%s", oid_to_hex(ooid),
3319 oid_to_hex(noid), email, timestamp, tz, message);
3320 oidcpy(&cb->last_kept_oid, noid);
3321
3322 return 0;
3323 }
3324
3325 static int files_reflog_expire(struct ref_store *ref_store,
3326 const char *refname,
3327 unsigned int expire_flags,
3328 reflog_expiry_prepare_fn prepare_fn,
3329 reflog_expiry_should_prune_fn should_prune_fn,
3330 reflog_expiry_cleanup_fn cleanup_fn,
3331 void *policy_cb_data)
3332 {
3333 struct files_ref_store *refs =
3334 files_downcast(ref_store, REF_STORE_WRITE, "reflog_expire");
3335 struct lock_file reflog_lock = LOCK_INIT;
3336 struct expire_reflog_cb cb;
3337 struct ref_lock *lock;
3338 struct strbuf log_file_sb = STRBUF_INIT;
3339 char *log_file;
3340 int status = 0;
3341 struct strbuf err = STRBUF_INIT;
3342 const struct object_id *oid;
3343
3344 memset(&cb, 0, sizeof(cb));
3345 cb.rewrite = !!(expire_flags & EXPIRE_REFLOGS_REWRITE);
3346 cb.dry_run = !!(expire_flags & EXPIRE_REFLOGS_DRY_RUN);
3347 cb.policy_cb = policy_cb_data;
3348 cb.should_prune_fn = should_prune_fn;
3349
3350 /*
3351 * The reflog file is locked by holding the lock on the
3352 * reference itself, plus we might need to update the
3353 * reference if --updateref was specified:
3354 */
3355 lock = lock_ref_oid_basic(refs, refname, &err);
3356 if (!lock) {
3357 error("cannot lock ref '%s': %s", refname, err.buf);
3358 strbuf_release(&err);
3359 return -1;
3360 }
3361 oid = &lock->old_oid;
3362
3363 /*
3364 * When refs are deleted, their reflog is deleted before the
3365 * ref itself is deleted. This is because there is no separate
3366 * lock for reflog; instead we take a lock on the ref with
3367 * lock_ref_oid_basic().
3368 *
3369 * If a race happens and the reflog doesn't exist after we've
3370 * acquired the lock that's OK. We've got nothing more to do;
3371 * We were asked to delete the reflog, but someone else
3372 * deleted it! The caller doesn't care that we deleted it,
3373 * just that it is deleted. So we can return successfully.
3374 */
3375 if (!refs_reflog_exists(ref_store, refname)) {
3376 unlock_ref(lock);
3377 return 0;
3378 }
3379
3380 files_reflog_path(refs, &log_file_sb, refname);
3381 log_file = strbuf_detach(&log_file_sb, NULL);
3382 if (!cb.dry_run) {
3383 /*
3384 * Even though holding $GIT_DIR/logs/$reflog.lock has
3385 * no locking implications, we use the lock_file
3386 * machinery here anyway because it does a lot of the
3387 * work we need, including cleaning up if the program
3388 * exits unexpectedly.
3389 */
3390 if (hold_lock_file_for_update(&reflog_lock, log_file, 0) < 0) {
3391 struct strbuf err = STRBUF_INIT;
3392 unable_to_lock_message(log_file, errno, &err);
3393 error("%s", err.buf);
3394 strbuf_release(&err);
3395 goto failure;
3396 }
3397 cb.newlog = fdopen_lock_file(&reflog_lock, "w");
3398 if (!cb.newlog) {
3399 error("cannot fdopen %s (%s)",
3400 get_lock_file_path(&reflog_lock), strerror(errno));
3401 goto failure;
3402 }
3403 }
3404
3405 (*prepare_fn)(refname, oid, cb.policy_cb);
3406 refs_for_each_reflog_ent(ref_store, refname, expire_reflog_ent, &cb);
3407 (*cleanup_fn)(cb.policy_cb);
3408
3409 if (!cb.dry_run) {
3410 /*
3411 * It doesn't make sense to adjust a reference pointed
3412 * to by a symbolic ref based on expiring entries in
3413 * the symbolic reference's reflog. Nor can we update
3414 * a reference if there are no remaining reflog
3415 * entries.
3416 */
3417 int update = 0;
3418
3419 if ((expire_flags & EXPIRE_REFLOGS_UPDATE_REF) &&
3420 !is_null_oid(&cb.last_kept_oid)) {
3421 int type;
3422 const char *ref;
3423
3424 ref = refs_resolve_ref_unsafe(&refs->base, refname,
3425 RESOLVE_REF_NO_RECURSE,
3426 NULL, &type);
3427 update = !!(ref && !(type & REF_ISSYMREF));
3428 }
3429
3430 if (close_lock_file_gently(&reflog_lock)) {
3431 status |= error("couldn't write %s: %s", log_file,
3432 strerror(errno));
3433 rollback_lock_file(&reflog_lock);
3434 } else if (update &&
3435 (write_in_full(get_lock_file_fd(&lock->lk),
3436 oid_to_hex(&cb.last_kept_oid), refs->base.repo->hash_algo->hexsz) < 0 ||
3437 write_str_in_full(get_lock_file_fd(&lock->lk), "\n") < 0 ||
3438 close_ref_gently(lock) < 0)) {
3439 status |= error("couldn't write %s",
3440 get_lock_file_path(&lock->lk));
3441 rollback_lock_file(&reflog_lock);
3442 } else if (commit_lock_file(&reflog_lock)) {
3443 status |= error("unable to write reflog '%s' (%s)",
3444 log_file, strerror(errno));
3445 } else if (update && commit_ref(lock)) {
3446 status |= error("couldn't set %s", lock->ref_name);
3447 }
3448 }
3449 free(log_file);
3450 unlock_ref(lock);
3451 return status;
3452
3453 failure:
3454 rollback_lock_file(&reflog_lock);
3455 free(log_file);
3456 unlock_ref(lock);
3457 return -1;
3458 }
3459
3460 static int files_ref_store_create_on_disk(struct ref_store *ref_store,
3461 int flags,
3462 struct strbuf *err UNUSED)
3463 {
3464 struct files_ref_store *refs =
3465 files_downcast(ref_store, REF_STORE_WRITE, "create");
3466 struct strbuf sb = STRBUF_INIT;
3467
3468 /*
3469 * We need to create a "refs" dir in any case so that older versions of
3470 * Git can tell that this is a repository. This serves two main purposes:
3471 *
3472 * - Clients will know to stop walking the parent-directory chain when
3473 * detecting the Git repository. Otherwise they may end up detecting
3474 * a Git repository in a parent directory instead.
3475 *
3476 * - Instead of failing to detect a repository with unknown reference
3477 * format altogether, old clients will print an error saying that
3478 * they do not understand the reference format extension.
3479 */
3480 strbuf_addf(&sb, "%s/refs", ref_store->gitdir);
3481 safe_create_dir(the_repository, sb.buf, 1);
3482 adjust_shared_perm(the_repository, sb.buf);
3483
3484 /*
3485 * There is no need to create directories for common refs when creating
3486 * a worktree ref store.
3487 */
3488 if (!(flags & REF_STORE_CREATE_ON_DISK_IS_WORKTREE)) {
3489 /*
3490 * Create .git/refs/{heads,tags}
3491 */
3492 strbuf_reset(&sb);
3493 files_ref_path(refs, &sb, "refs/heads");
3494 safe_create_dir(the_repository, sb.buf, 1);
3495
3496 strbuf_reset(&sb);
3497 files_ref_path(refs, &sb, "refs/tags");
3498 safe_create_dir(the_repository, sb.buf, 1);
3499 }
3500
3501 strbuf_release(&sb);
3502 return 0;
3503 }
3504
3505 struct remove_one_root_ref_data {
3506 const char *gitdir;
3507 struct strbuf *err;
3508 };
3509
3510 static int remove_one_root_ref(const char *refname,
3511 void *cb_data)
3512 {
3513 struct remove_one_root_ref_data *data = cb_data;
3514 struct strbuf buf = STRBUF_INIT;
3515 int ret = 0;
3516
3517 strbuf_addf(&buf, "%s/%s", data->gitdir, refname);
3518
3519 ret = unlink(buf.buf);
3520 if (ret < 0)
3521 strbuf_addf(data->err, "could not delete %s: %s\n",
3522 refname, strerror(errno));
3523
3524 strbuf_release(&buf);
3525 return ret;
3526 }
3527
3528 static int files_ref_store_remove_on_disk(struct ref_store *ref_store,
3529 struct strbuf *err)
3530 {
3531 struct files_ref_store *refs =
3532 files_downcast(ref_store, REF_STORE_WRITE, "remove");
3533 struct remove_one_root_ref_data data = {
3534 .gitdir = refs->base.gitdir,
3535 .err = err,
3536 };
3537 struct strbuf sb = STRBUF_INIT;
3538 int ret = 0;
3539
3540 strbuf_addf(&sb, "%s/refs", refs->base.gitdir);
3541 if (remove_dir_recursively(&sb, 0) < 0) {
3542 strbuf_addf(err, "could not delete refs: %s",
3543 strerror(errno));
3544 ret = -1;
3545 }
3546 strbuf_reset(&sb);
3547
3548 strbuf_addf(&sb, "%s/logs", refs->base.gitdir);
3549 if (remove_dir_recursively(&sb, 0) < 0) {
3550 strbuf_addf(err, "could not delete logs: %s",
3551 strerror(errno));
3552 ret = -1;
3553 }
3554 strbuf_reset(&sb);
3555
3556 if (for_each_root_ref(refs, remove_one_root_ref, &data) < 0)
3557 ret = -1;
3558
3559 if (ref_store_remove_on_disk(refs->packed_ref_store, err) < 0)
3560 ret = -1;
3561
3562 strbuf_release(&sb);
3563 return ret;
3564 }
3565
3566 /*
3567 * For refs and reflogs, they share a unified interface when scanning
3568 * the whole directory. This function is used as the callback for each
3569 * regular file or symlink in the directory.
3570 */
3571 typedef int (*files_fsck_refs_fn)(struct ref_store *ref_store,
3572 struct fsck_options *o,
3573 const char *refname,
3574 struct dir_iterator *iter);
3575
3576 static int files_fsck_symref_target(struct fsck_options *o,
3577 struct fsck_ref_report *report,
3578 struct strbuf *referent,
3579 unsigned int symbolic_link)
3580 {
3581 int is_referent_root;
3582 char orig_last_byte;
3583 size_t orig_len;
3584 int ret = 0;
3585
3586 orig_len = referent->len;
3587 orig_last_byte = referent->buf[orig_len - 1];
3588 if (!symbolic_link)
3589 strbuf_rtrim(referent);
3590
3591 is_referent_root = is_root_ref(referent->buf);
3592 if (!is_referent_root &&
3593 !starts_with(referent->buf, "refs/") &&
3594 !starts_with(referent->buf, "worktrees/")) {
3595 ret = fsck_report_ref(o, report,
3596 FSCK_MSG_SYMREF_TARGET_IS_NOT_A_REF,
3597 "points to non-ref target '%s'", referent->buf);
3598
3599 }
3600
3601 if (!is_referent_root && check_refname_format(referent->buf, 0)) {
3602 ret = fsck_report_ref(o, report,
3603 FSCK_MSG_BAD_REFERENT_NAME,
3604 "points to invalid refname '%s'", referent->buf);
3605 goto out;
3606 }
3607
3608 if (symbolic_link)
3609 goto out;
3610
3611 if (referent->len == orig_len ||
3612 (referent->len < orig_len && orig_last_byte != '\n')) {
3613 ret = fsck_report_ref(o, report,
3614 FSCK_MSG_REF_MISSING_NEWLINE,
3615 "misses LF at the end");
3616 }
3617
3618 if (referent->len != orig_len && referent->len != orig_len - 1) {
3619 ret = fsck_report_ref(o, report,
3620 FSCK_MSG_TRAILING_REF_CONTENT,
3621 "has trailing whitespaces or newlines");
3622 }
3623
3624 out:
3625 return ret;
3626 }
3627
3628 static int files_fsck_refs_content(struct ref_store *ref_store,
3629 struct fsck_options *o,
3630 const char *target_name,
3631 struct dir_iterator *iter)
3632 {
3633 struct strbuf ref_content = STRBUF_INIT;
3634 struct strbuf abs_gitdir = STRBUF_INIT;
3635 struct strbuf referent = STRBUF_INIT;
3636 struct fsck_ref_report report = { 0 };
3637 const char *trailing = NULL;
3638 unsigned int type = 0;
3639 int failure_errno = 0;
3640 struct object_id oid;
3641 int ret = 0;
3642
3643 report.path = target_name;
3644
3645 if (S_ISLNK(iter->st.st_mode)) {
3646 const char *relative_referent_path = NULL;
3647
3648 ret = fsck_report_ref(o, &report,
3649 FSCK_MSG_SYMLINK_REF,
3650 "use deprecated symbolic link for symref");
3651
3652 strbuf_add_absolute_path(&abs_gitdir, ref_store->repo->gitdir);
3653 strbuf_normalize_path(&abs_gitdir);
3654 if (!is_dir_sep(abs_gitdir.buf[abs_gitdir.len - 1]))
3655 strbuf_addch(&abs_gitdir, '/');
3656
3657 strbuf_add_real_path(&ref_content, iter->path.buf);
3658 skip_prefix(ref_content.buf, abs_gitdir.buf,
3659 &relative_referent_path);
3660
3661 if (relative_referent_path)
3662 strbuf_addstr(&referent, relative_referent_path);
3663 else
3664 strbuf_addbuf(&referent, &ref_content);
3665
3666 ret |= files_fsck_symref_target(o, &report, &referent, 1);
3667 goto cleanup;
3668 }
3669
3670 if (strbuf_read_file(&ref_content, iter->path.buf, 0) < 0) {
3671 /*
3672 * Ref file could be removed by another concurrent process. We should
3673 * ignore this error and continue to the next ref.
3674 */
3675 if (errno == ENOENT)
3676 goto cleanup;
3677
3678 ret = error_errno(_("cannot read ref file '%s'"), iter->path.buf);
3679 goto cleanup;
3680 }
3681
3682 if (parse_loose_ref_contents(ref_store->repo->hash_algo,
3683 ref_content.buf, &oid, &referent,
3684 &type, &trailing, &failure_errno)) {
3685 strbuf_rtrim(&ref_content);
3686 ret = fsck_report_ref(o, &report,
3687 FSCK_MSG_BAD_REF_CONTENT,
3688 "%s", ref_content.buf);
3689 goto cleanup;
3690 }
3691
3692 if (!(type & REF_ISSYMREF)) {
3693 if (!*trailing) {
3694 ret = fsck_report_ref(o, &report,
3695 FSCK_MSG_REF_MISSING_NEWLINE,
3696 "misses LF at the end");
3697 goto cleanup;
3698 }
3699 if (*trailing != '\n' || *(trailing + 1)) {
3700 ret = fsck_report_ref(o, &report,
3701 FSCK_MSG_TRAILING_REF_CONTENT,
3702 "has trailing garbage: '%s'", trailing);
3703 goto cleanup;
3704 }
3705 } else {
3706 ret = files_fsck_symref_target(o, &report, &referent, 0);
3707 goto cleanup;
3708 }
3709
3710 cleanup:
3711 strbuf_release(&ref_content);
3712 strbuf_release(&referent);
3713 strbuf_release(&abs_gitdir);
3714 return ret;
3715 }
3716
3717 static int files_fsck_refs_name(struct ref_store *ref_store UNUSED,
3718 struct fsck_options *o,
3719 const char *refname,
3720 struct dir_iterator *iter)
3721 {
3722 struct strbuf sb = STRBUF_INIT;
3723 int ret = 0;
3724
3725 /*
3726 * Ignore the files ending with ".lock" as they may be lock files
3727 * However, do not allow bare ".lock" files.
3728 */
3729 if (iter->basename[0] != '.' && ends_with(iter->basename, ".lock"))
3730 goto cleanup;
3731
3732 /*
3733 * This works right now because we never check the root refs.
3734 */
3735 if (check_refname_format(refname, 0)) {
3736 struct fsck_ref_report report = { 0 };
3737
3738 report.path = refname;
3739 ret = fsck_report_ref(o, &report,
3740 FSCK_MSG_BAD_REF_NAME,
3741 "invalid refname format");
3742 }
3743
3744 cleanup:
3745 strbuf_release(&sb);
3746 return ret;
3747 }
3748
3749 static int files_fsck_refs_dir(struct ref_store *ref_store,
3750 struct fsck_options *o,
3751 const char *refs_check_dir,
3752 struct worktree *wt,
3753 files_fsck_refs_fn *fsck_refs_fn)
3754 {
3755 struct strbuf refname = STRBUF_INIT;
3756 struct strbuf sb = STRBUF_INIT;
3757 struct dir_iterator *iter;
3758 int iter_status;
3759 int ret = 0;
3760
3761 strbuf_addf(&sb, "%s/%s", ref_store->gitdir, refs_check_dir);
3762
3763 iter = dir_iterator_begin(sb.buf, 0);
3764 if (!iter) {
3765 if (errno == ENOENT && !is_main_worktree(wt))
3766 goto out;
3767
3768 ret = error_errno(_("cannot open directory %s"), sb.buf);
3769 goto out;
3770 }
3771
3772 while ((iter_status = dir_iterator_advance(iter)) == ITER_OK) {
3773 if (S_ISDIR(iter->st.st_mode)) {
3774 continue;
3775 } else if (S_ISREG(iter->st.st_mode) ||
3776 S_ISLNK(iter->st.st_mode)) {
3777 strbuf_reset(&refname);
3778
3779 if (!is_main_worktree(wt))
3780 strbuf_addf(&refname, "worktrees/%s/", wt->id);
3781 strbuf_addf(&refname, "%s/%s", refs_check_dir,
3782 iter->relative_path);
3783
3784 if (o->verbose)
3785 fprintf_ln(stderr, "Checking %s", refname.buf);
3786
3787 for (size_t i = 0; fsck_refs_fn[i]; i++) {
3788 if (fsck_refs_fn[i](ref_store, o, refname.buf, iter))
3789 ret = -1;
3790 }
3791 } else {
3792 struct fsck_ref_report report = { .path = iter->basename };
3793 if (fsck_report_ref(o, &report,
3794 FSCK_MSG_BAD_REF_FILETYPE,
3795 "unexpected file type"))
3796 ret = -1;
3797 }
3798 }
3799
3800 if (iter_status != ITER_DONE)
3801 ret = error(_("failed to iterate over '%s'"), sb.buf);
3802
3803 out:
3804 dir_iterator_free(iter);
3805 strbuf_release(&sb);
3806 strbuf_release(&refname);
3807 return ret;
3808 }
3809
3810 static int files_fsck_refs(struct ref_store *ref_store,
3811 struct fsck_options *o,
3812 struct worktree *wt)
3813 {
3814 files_fsck_refs_fn fsck_refs_fn[]= {
3815 files_fsck_refs_name,
3816 files_fsck_refs_content,
3817 NULL,
3818 };
3819
3820 if (o->verbose)
3821 fprintf_ln(stderr, _("Checking references consistency"));
3822 return files_fsck_refs_dir(ref_store, o, "refs", wt, fsck_refs_fn);
3823 }
3824
3825 static int files_fsck(struct ref_store *ref_store,
3826 struct fsck_options *o,
3827 struct worktree *wt)
3828 {
3829 struct files_ref_store *refs =
3830 files_downcast(ref_store, REF_STORE_READ, "fsck");
3831
3832 return files_fsck_refs(ref_store, o, wt) |
3833 refs->packed_ref_store->be->fsck(refs->packed_ref_store, o, wt);
3834 }
3835
3836 struct ref_storage_be refs_be_files = {
3837 .name = "files",
3838 .init = files_ref_store_init,
3839 .release = files_ref_store_release,
3840 .create_on_disk = files_ref_store_create_on_disk,
3841 .remove_on_disk = files_ref_store_remove_on_disk,
3842
3843 .transaction_prepare = files_transaction_prepare,
3844 .transaction_finish = files_transaction_finish,
3845 .transaction_abort = files_transaction_abort,
3846
3847 .pack_refs = files_pack_refs,
3848 .rename_ref = files_rename_ref,
3849 .copy_ref = files_copy_ref,
3850
3851 .iterator_begin = files_ref_iterator_begin,
3852 .read_raw_ref = files_read_raw_ref,
3853 .read_symbolic_ref = files_read_symbolic_ref,
3854
3855 .reflog_iterator_begin = files_reflog_iterator_begin,
3856 .for_each_reflog_ent = files_for_each_reflog_ent,
3857 .for_each_reflog_ent_reverse = files_for_each_reflog_ent_reverse,
3858 .reflog_exists = files_reflog_exists,
3859 .create_reflog = files_create_reflog,
3860 .delete_reflog = files_delete_reflog,
3861 .reflog_expire = files_reflog_expire,
3862
3863 .fsck = files_fsck,
3864 };
Unnamed repository; edit this file 'description' to name the repository.