]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
run-command API: remove "env" member, always use "env_array"
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "hook.h"
11 #include "exec-cmd.h"
12 #include "commit.h"
13 #include "object.h"
14 #include "remote.h"
15 #include "connect.h"
16 #include "string-list.h"
17 #include "oid-array.h"
18 #include "connected.h"
19 #include "strvec.h"
20 #include "version.h"
21 #include "tag.h"
22 #include "gpg-interface.h"
23 #include "sigchain.h"
24 #include "fsck.h"
25 #include "tmp-objdir.h"
26 #include "oidset.h"
27 #include "packfile.h"
28 #include "object-store.h"
29 #include "protocol.h"
30 #include "commit-reach.h"
31 #include "worktree.h"
32 #include "shallow.h"
33
34 static const char * const receive_pack_usage[] = {
35 N_("git receive-pack <git-dir>"),
36 NULL
37 };
38
39 enum deny_action {
40 DENY_UNCONFIGURED,
41 DENY_IGNORE,
42 DENY_WARN,
43 DENY_REFUSE,
44 DENY_UPDATE_INSTEAD
45 };
46
47 static int deny_deletes;
48 static int deny_non_fast_forwards;
49 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
50 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
51 static int receive_fsck_objects = -1;
52 static int transfer_fsck_objects = -1;
53 static struct strbuf fsck_msg_types = STRBUF_INIT;
54 static int receive_unpack_limit = -1;
55 static int transfer_unpack_limit = -1;
56 static int advertise_atomic_push = 1;
57 static int advertise_push_options;
58 static int advertise_sid;
59 static int unpack_limit = 100;
60 static off_t max_input_size;
61 static int report_status;
62 static int report_status_v2;
63 static int use_sideband;
64 static int use_atomic;
65 static int use_push_options;
66 static int quiet;
67 static int prefer_ofs_delta = 1;
68 static int auto_update_server_info;
69 static int auto_gc = 1;
70 static int reject_thin;
71 static int stateless_rpc;
72 static const char *service_dir;
73 static const char *head_name;
74 static void *head_name_to_free;
75 static int sent_capabilities;
76 static int shallow_update;
77 static const char *alt_shallow_file;
78 static struct strbuf push_cert = STRBUF_INIT;
79 static struct object_id push_cert_oid;
80 static struct signature_check sigcheck;
81 static const char *push_cert_nonce;
82 static const char *cert_nonce_seed;
83
84 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
85 static const char *NONCE_BAD = "BAD";
86 static const char *NONCE_MISSING = "MISSING";
87 static const char *NONCE_OK = "OK";
88 static const char *NONCE_SLOP = "SLOP";
89 static const char *nonce_status;
90 static long nonce_stamp_slop;
91 static timestamp_t nonce_stamp_slop_limit;
92 static struct ref_transaction *transaction;
93
94 static enum {
95 KEEPALIVE_NEVER = 0,
96 KEEPALIVE_AFTER_NUL,
97 KEEPALIVE_ALWAYS
98 } use_keepalive;
99 static int keepalive_in_sec = 5;
100
101 static struct tmp_objdir *tmp_objdir;
102
103 static struct proc_receive_ref {
104 unsigned int want_add:1,
105 want_delete:1,
106 want_modify:1,
107 negative_ref:1;
108 char *ref_prefix;
109 struct proc_receive_ref *next;
110 } *proc_receive_ref;
111
112 static void proc_receive_ref_append(const char *prefix);
113
114 static enum deny_action parse_deny_action(const char *var, const char *value)
115 {
116 if (value) {
117 if (!strcasecmp(value, "ignore"))
118 return DENY_IGNORE;
119 if (!strcasecmp(value, "warn"))
120 return DENY_WARN;
121 if (!strcasecmp(value, "refuse"))
122 return DENY_REFUSE;
123 if (!strcasecmp(value, "updateinstead"))
124 return DENY_UPDATE_INSTEAD;
125 }
126 if (git_config_bool(var, value))
127 return DENY_REFUSE;
128 return DENY_IGNORE;
129 }
130
131 static int receive_pack_config(const char *var, const char *value, void *cb)
132 {
133 int status = parse_hide_refs_config(var, value, "receive");
134
135 if (status)
136 return status;
137
138 status = git_gpg_config(var, value, NULL);
139 if (status)
140 return status;
141
142 if (strcmp(var, "receive.denydeletes") == 0) {
143 deny_deletes = git_config_bool(var, value);
144 return 0;
145 }
146
147 if (strcmp(var, "receive.denynonfastforwards") == 0) {
148 deny_non_fast_forwards = git_config_bool(var, value);
149 return 0;
150 }
151
152 if (strcmp(var, "receive.unpacklimit") == 0) {
153 receive_unpack_limit = git_config_int(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "transfer.unpacklimit") == 0) {
158 transfer_unpack_limit = git_config_int(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsck.skiplist") == 0) {
163 const char *path;
164
165 if (git_config_pathname(&path, var, value))
166 return 1;
167 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
168 fsck_msg_types.len ? ',' : '=', path);
169 free((char *)path);
170 return 0;
171 }
172
173 if (skip_prefix(var, "receive.fsck.", &var)) {
174 if (is_valid_msg_type(var, value))
175 strbuf_addf(&fsck_msg_types, "%c%s=%s",
176 fsck_msg_types.len ? ',' : '=', var, value);
177 else
178 warning("Skipping unknown msg id '%s'", var);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.fsckobjects") == 0) {
183 receive_fsck_objects = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "transfer.fsckobjects") == 0) {
188 transfer_fsck_objects = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (!strcmp(var, "receive.denycurrentbranch")) {
193 deny_current_branch = parse_deny_action(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.denydeletecurrent") == 0) {
198 deny_delete_current = parse_deny_action(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
203 prefer_ofs_delta = git_config_bool(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.updateserverinfo") == 0) {
208 auto_update_server_info = git_config_bool(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.autogc") == 0) {
213 auto_gc = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.shallowupdate") == 0) {
218 shallow_update = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.certnonceseed") == 0)
223 return git_config_string(&cert_nonce_seed, var, value);
224
225 if (strcmp(var, "receive.certnonceslop") == 0) {
226 nonce_stamp_slop_limit = git_config_ulong(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.advertiseatomic") == 0) {
231 advertise_atomic_push = git_config_bool(var, value);
232 return 0;
233 }
234
235 if (strcmp(var, "receive.advertisepushoptions") == 0) {
236 advertise_push_options = git_config_bool(var, value);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.keepalive") == 0) {
241 keepalive_in_sec = git_config_int(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.maxinputsize") == 0) {
246 max_input_size = git_config_int64(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.procreceiverefs") == 0) {
251 if (!value)
252 return config_error_nonbool(var);
253 proc_receive_ref_append(value);
254 return 0;
255 }
256
257 if (strcmp(var, "transfer.advertisesid") == 0) {
258 advertise_sid = git_config_bool(var, value);
259 return 0;
260 }
261
262 return git_default_config(var, value, cb);
263 }
264
265 static void show_ref(const char *path, const struct object_id *oid)
266 {
267 if (sent_capabilities) {
268 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
269 } else {
270 struct strbuf cap = STRBUF_INIT;
271
272 strbuf_addstr(&cap,
273 "report-status report-status-v2 delete-refs side-band-64k quiet");
274 if (advertise_atomic_push)
275 strbuf_addstr(&cap, " atomic");
276 if (prefer_ofs_delta)
277 strbuf_addstr(&cap, " ofs-delta");
278 if (push_cert_nonce)
279 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
280 if (advertise_push_options)
281 strbuf_addstr(&cap, " push-options");
282 if (advertise_sid)
283 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
284 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
285 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
286 packet_write_fmt(1, "%s %s%c%s\n",
287 oid_to_hex(oid), path, 0, cap.buf);
288 strbuf_release(&cap);
289 sent_capabilities = 1;
290 }
291 }
292
293 static int show_ref_cb(const char *path_full, const struct object_id *oid,
294 int flag, void *data)
295 {
296 struct oidset *seen = data;
297 const char *path = strip_namespace(path_full);
298
299 if (ref_is_hidden(path, path_full))
300 return 0;
301
302 /*
303 * Advertise refs outside our current namespace as ".have"
304 * refs, so that the client can use them to minimize data
305 * transfer but will otherwise ignore them.
306 */
307 if (!path) {
308 if (oidset_insert(seen, oid))
309 return 0;
310 path = ".have";
311 } else {
312 oidset_insert(seen, oid);
313 }
314 show_ref(path, oid);
315 return 0;
316 }
317
318 static void show_one_alternate_ref(const struct object_id *oid,
319 void *data)
320 {
321 struct oidset *seen = data;
322
323 if (oidset_insert(seen, oid))
324 return;
325
326 show_ref(".have", oid);
327 }
328
329 static void write_head_info(void)
330 {
331 static struct oidset seen = OIDSET_INIT;
332
333 for_each_ref(show_ref_cb, &seen);
334 for_each_alternate_ref(show_one_alternate_ref, &seen);
335 oidset_clear(&seen);
336 if (!sent_capabilities)
337 show_ref("capabilities^{}", null_oid());
338
339 advertise_shallow_grafts(1);
340
341 /* EOF */
342 packet_flush(1);
343 }
344
345 #define RUN_PROC_RECEIVE_SCHEDULED 1
346 #define RUN_PROC_RECEIVE_RETURNED 2
347 struct command {
348 struct command *next;
349 const char *error_string;
350 struct ref_push_report *report;
351 unsigned int skip_update:1,
352 did_not_exist:1,
353 run_proc_receive:2;
354 int index;
355 struct object_id old_oid;
356 struct object_id new_oid;
357 char ref_name[FLEX_ARRAY]; /* more */
358 };
359
360 static void proc_receive_ref_append(const char *prefix)
361 {
362 struct proc_receive_ref *ref_pattern;
363 char *p;
364 int len;
365
366 CALLOC_ARRAY(ref_pattern, 1);
367 p = strchr(prefix, ':');
368 if (p) {
369 while (prefix < p) {
370 if (*prefix == 'a')
371 ref_pattern->want_add = 1;
372 else if (*prefix == 'd')
373 ref_pattern->want_delete = 1;
374 else if (*prefix == 'm')
375 ref_pattern->want_modify = 1;
376 else if (*prefix == '!')
377 ref_pattern->negative_ref = 1;
378 prefix++;
379 }
380 prefix++;
381 } else {
382 ref_pattern->want_add = 1;
383 ref_pattern->want_delete = 1;
384 ref_pattern->want_modify = 1;
385 }
386 len = strlen(prefix);
387 while (len && prefix[len - 1] == '/')
388 len--;
389 ref_pattern->ref_prefix = xmemdupz(prefix, len);
390 if (!proc_receive_ref) {
391 proc_receive_ref = ref_pattern;
392 } else {
393 struct proc_receive_ref *end;
394
395 end = proc_receive_ref;
396 while (end->next)
397 end = end->next;
398 end->next = ref_pattern;
399 }
400 }
401
402 static int proc_receive_ref_matches(struct command *cmd)
403 {
404 struct proc_receive_ref *p;
405
406 if (!proc_receive_ref)
407 return 0;
408
409 for (p = proc_receive_ref; p; p = p->next) {
410 const char *match = p->ref_prefix;
411 const char *remains;
412
413 if (!p->want_add && is_null_oid(&cmd->old_oid))
414 continue;
415 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
416 continue;
417 else if (!p->want_modify &&
418 !is_null_oid(&cmd->old_oid) &&
419 !is_null_oid(&cmd->new_oid))
420 continue;
421
422 if (skip_prefix(cmd->ref_name, match, &remains) &&
423 (!*remains || *remains == '/')) {
424 if (!p->negative_ref)
425 return 1;
426 } else if (p->negative_ref) {
427 return 1;
428 }
429 }
430 return 0;
431 }
432
433 static void report_message(const char *prefix, const char *err, va_list params)
434 {
435 int sz;
436 char msg[4096];
437
438 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
439 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
440 if (sz > (sizeof(msg) - 1))
441 sz = sizeof(msg) - 1;
442 msg[sz++] = '\n';
443
444 if (use_sideband)
445 send_sideband(1, 2, msg, sz, use_sideband);
446 else
447 xwrite(2, msg, sz);
448 }
449
450 __attribute__((format (printf, 1, 2)))
451 static void rp_warning(const char *err, ...)
452 {
453 va_list params;
454 va_start(params, err);
455 report_message("warning: ", err, params);
456 va_end(params);
457 }
458
459 __attribute__((format (printf, 1, 2)))
460 static void rp_error(const char *err, ...)
461 {
462 va_list params;
463 va_start(params, err);
464 report_message("error: ", err, params);
465 va_end(params);
466 }
467
468 static int copy_to_sideband(int in, int out, void *arg)
469 {
470 char data[128];
471 int keepalive_active = 0;
472
473 if (keepalive_in_sec <= 0)
474 use_keepalive = KEEPALIVE_NEVER;
475 if (use_keepalive == KEEPALIVE_ALWAYS)
476 keepalive_active = 1;
477
478 while (1) {
479 ssize_t sz;
480
481 if (keepalive_active) {
482 struct pollfd pfd;
483 int ret;
484
485 pfd.fd = in;
486 pfd.events = POLLIN;
487 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
488
489 if (ret < 0) {
490 if (errno == EINTR)
491 continue;
492 else
493 break;
494 } else if (ret == 0) {
495 /* no data; send a keepalive packet */
496 static const char buf[] = "0005\1";
497 write_or_die(1, buf, sizeof(buf) - 1);
498 continue;
499 } /* else there is actual data to read */
500 }
501
502 sz = xread(in, data, sizeof(data));
503 if (sz <= 0)
504 break;
505
506 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
507 const char *p = memchr(data, '\0', sz);
508 if (p) {
509 /*
510 * The NUL tells us to start sending keepalives. Make
511 * sure we send any other data we read along
512 * with it.
513 */
514 keepalive_active = 1;
515 send_sideband(1, 2, data, p - data, use_sideband);
516 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
517 continue;
518 }
519 }
520
521 /*
522 * Either we're not looking for a NUL signal, or we didn't see
523 * it yet; just pass along the data.
524 */
525 send_sideband(1, 2, data, sz, use_sideband);
526 }
527 close(in);
528 return 0;
529 }
530
531 static void hmac_hash(unsigned char *out,
532 const char *key_in, size_t key_len,
533 const char *text, size_t text_len)
534 {
535 unsigned char key[GIT_MAX_BLKSZ];
536 unsigned char k_ipad[GIT_MAX_BLKSZ];
537 unsigned char k_opad[GIT_MAX_BLKSZ];
538 int i;
539 git_hash_ctx ctx;
540
541 /* RFC 2104 2. (1) */
542 memset(key, '\0', GIT_MAX_BLKSZ);
543 if (the_hash_algo->blksz < key_len) {
544 the_hash_algo->init_fn(&ctx);
545 the_hash_algo->update_fn(&ctx, key_in, key_len);
546 the_hash_algo->final_fn(key, &ctx);
547 } else {
548 memcpy(key, key_in, key_len);
549 }
550
551 /* RFC 2104 2. (2) & (5) */
552 for (i = 0; i < sizeof(key); i++) {
553 k_ipad[i] = key[i] ^ 0x36;
554 k_opad[i] = key[i] ^ 0x5c;
555 }
556
557 /* RFC 2104 2. (3) & (4) */
558 the_hash_algo->init_fn(&ctx);
559 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
560 the_hash_algo->update_fn(&ctx, text, text_len);
561 the_hash_algo->final_fn(out, &ctx);
562
563 /* RFC 2104 2. (6) & (7) */
564 the_hash_algo->init_fn(&ctx);
565 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
566 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
567 the_hash_algo->final_fn(out, &ctx);
568 }
569
570 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
571 {
572 struct strbuf buf = STRBUF_INIT;
573 unsigned char hash[GIT_MAX_RAWSZ];
574
575 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
576 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
577 strbuf_release(&buf);
578
579 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
580 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
581 return strbuf_detach(&buf, NULL);
582 }
583
584 /*
585 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
586 * after dropping "_commit" from its name and possibly moving it out
587 * of commit.c
588 */
589 static char *find_header(const char *msg, size_t len, const char *key,
590 const char **next_line)
591 {
592 int key_len = strlen(key);
593 const char *line = msg;
594
595 while (line && line < msg + len) {
596 const char *eol = strchrnul(line, '\n');
597
598 if ((msg + len <= eol) || line == eol)
599 return NULL;
600 if (line + key_len < eol &&
601 !memcmp(line, key, key_len) && line[key_len] == ' ') {
602 int offset = key_len + 1;
603 if (next_line)
604 *next_line = *eol ? eol + 1 : eol;
605 return xmemdupz(line + offset, (eol - line) - offset);
606 }
607 line = *eol ? eol + 1 : NULL;
608 }
609 return NULL;
610 }
611
612 /*
613 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
614 * This operation is guaranteed to run in constant time to avoid leaking data.
615 */
616 static int constant_memequal(const char *a, const char *b, size_t n)
617 {
618 int res = 0;
619 size_t i;
620
621 for (i = 0; i < n; i++)
622 res |= a[i] ^ b[i];
623 return res;
624 }
625
626 static const char *check_nonce(const char *buf, size_t len)
627 {
628 char *nonce = find_header(buf, len, "nonce", NULL);
629 timestamp_t stamp, ostamp;
630 char *bohmac, *expect = NULL;
631 const char *retval = NONCE_BAD;
632 size_t noncelen;
633
634 if (!nonce) {
635 retval = NONCE_MISSING;
636 goto leave;
637 } else if (!push_cert_nonce) {
638 retval = NONCE_UNSOLICITED;
639 goto leave;
640 } else if (!strcmp(push_cert_nonce, nonce)) {
641 retval = NONCE_OK;
642 goto leave;
643 }
644
645 if (!stateless_rpc) {
646 /* returned nonce MUST match what we gave out earlier */
647 retval = NONCE_BAD;
648 goto leave;
649 }
650
651 /*
652 * In stateless mode, we may be receiving a nonce issued by
653 * another instance of the server that serving the same
654 * repository, and the timestamps may not match, but the
655 * nonce-seed and dir should match, so we can recompute and
656 * report the time slop.
657 *
658 * In addition, when a nonce issued by another instance has
659 * timestamp within receive.certnonceslop seconds, we pretend
660 * as if we issued that nonce when reporting to the hook.
661 */
662
663 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
664 if (*nonce <= '0' || '9' < *nonce) {
665 retval = NONCE_BAD;
666 goto leave;
667 }
668 stamp = parse_timestamp(nonce, &bohmac, 10);
669 if (bohmac == nonce || bohmac[0] != '-') {
670 retval = NONCE_BAD;
671 goto leave;
672 }
673
674 noncelen = strlen(nonce);
675 expect = prepare_push_cert_nonce(service_dir, stamp);
676 if (noncelen != strlen(expect)) {
677 /* This is not even the right size. */
678 retval = NONCE_BAD;
679 goto leave;
680 }
681 if (constant_memequal(expect, nonce, noncelen)) {
682 /* Not what we would have signed earlier */
683 retval = NONCE_BAD;
684 goto leave;
685 }
686
687 /*
688 * By how many seconds is this nonce stale? Negative value
689 * would mean it was issued by another server with its clock
690 * skewed in the future.
691 */
692 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
693 nonce_stamp_slop = (long)ostamp - (long)stamp;
694
695 if (nonce_stamp_slop_limit &&
696 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
697 /*
698 * Pretend as if the received nonce (which passes the
699 * HMAC check, so it is not a forged by third-party)
700 * is what we issued.
701 */
702 free((void *)push_cert_nonce);
703 push_cert_nonce = xstrdup(nonce);
704 retval = NONCE_OK;
705 } else {
706 retval = NONCE_SLOP;
707 }
708
709 leave:
710 free(nonce);
711 free(expect);
712 return retval;
713 }
714
715 /*
716 * Return 1 if there is no push_cert or if the push options in push_cert are
717 * the same as those in the argument; 0 otherwise.
718 */
719 static int check_cert_push_options(const struct string_list *push_options)
720 {
721 const char *buf = push_cert.buf;
722 int len = push_cert.len;
723
724 char *option;
725 const char *next_line;
726 int options_seen = 0;
727
728 int retval = 1;
729
730 if (!len)
731 return 1;
732
733 while ((option = find_header(buf, len, "push-option", &next_line))) {
734 len -= (next_line - buf);
735 buf = next_line;
736 options_seen++;
737 if (options_seen > push_options->nr
738 || strcmp(option,
739 push_options->items[options_seen - 1].string)) {
740 retval = 0;
741 goto leave;
742 }
743 free(option);
744 }
745
746 if (options_seen != push_options->nr)
747 retval = 0;
748
749 leave:
750 free(option);
751 return retval;
752 }
753
754 static void prepare_push_cert_sha1(struct child_process *proc)
755 {
756 static int already_done;
757
758 if (!push_cert.len)
759 return;
760
761 if (!already_done) {
762 int bogs /* beginning_of_gpg_sig */;
763
764 already_done = 1;
765 if (write_object_file(push_cert.buf, push_cert.len, "blob",
766 &push_cert_oid))
767 oidclr(&push_cert_oid);
768
769 memset(&sigcheck, '\0', sizeof(sigcheck));
770
771 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
772 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
773 push_cert.len - bogs, &sigcheck);
774
775 nonce_status = check_nonce(push_cert.buf, bogs);
776 }
777 if (!is_null_oid(&push_cert_oid)) {
778 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
779 oid_to_hex(&push_cert_oid));
780 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
781 sigcheck.signer ? sigcheck.signer : "");
782 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
783 sigcheck.key ? sigcheck.key : "");
784 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
785 sigcheck.result);
786 if (push_cert_nonce) {
787 strvec_pushf(&proc->env_array,
788 "GIT_PUSH_CERT_NONCE=%s",
789 push_cert_nonce);
790 strvec_pushf(&proc->env_array,
791 "GIT_PUSH_CERT_NONCE_STATUS=%s",
792 nonce_status);
793 if (nonce_status == NONCE_SLOP)
794 strvec_pushf(&proc->env_array,
795 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
796 nonce_stamp_slop);
797 }
798 }
799 }
800
801 struct receive_hook_feed_state {
802 struct command *cmd;
803 struct ref_push_report *report;
804 int skip_broken;
805 struct strbuf buf;
806 const struct string_list *push_options;
807 };
808
809 typedef int (*feed_fn)(void *, const char **, size_t *);
810 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
811 struct receive_hook_feed_state *feed_state)
812 {
813 struct child_process proc = CHILD_PROCESS_INIT;
814 struct async muxer;
815 int code;
816 const char *hook_path = find_hook(hook_name);
817
818 if (!hook_path)
819 return 0;
820
821 strvec_push(&proc.args, hook_path);
822 proc.in = -1;
823 proc.stdout_to_stderr = 1;
824 proc.trace2_hook_name = hook_name;
825
826 if (feed_state->push_options) {
827 int i;
828 for (i = 0; i < feed_state->push_options->nr; i++)
829 strvec_pushf(&proc.env_array,
830 "GIT_PUSH_OPTION_%d=%s", i,
831 feed_state->push_options->items[i].string);
832 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
833 feed_state->push_options->nr);
834 } else
835 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
836
837 if (tmp_objdir)
838 strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
839
840 if (use_sideband) {
841 memset(&muxer, 0, sizeof(muxer));
842 muxer.proc = copy_to_sideband;
843 muxer.in = -1;
844 code = start_async(&muxer);
845 if (code)
846 return code;
847 proc.err = muxer.in;
848 }
849
850 prepare_push_cert_sha1(&proc);
851
852 code = start_command(&proc);
853 if (code) {
854 if (use_sideband)
855 finish_async(&muxer);
856 return code;
857 }
858
859 sigchain_push(SIGPIPE, SIG_IGN);
860
861 while (1) {
862 const char *buf;
863 size_t n;
864 if (feed(feed_state, &buf, &n))
865 break;
866 if (write_in_full(proc.in, buf, n) < 0)
867 break;
868 }
869 close(proc.in);
870 if (use_sideband)
871 finish_async(&muxer);
872
873 sigchain_pop(SIGPIPE);
874
875 return finish_command(&proc);
876 }
877
878 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
879 {
880 struct receive_hook_feed_state *state = state_;
881 struct command *cmd = state->cmd;
882
883 while (cmd &&
884 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
885 cmd = cmd->next;
886 if (!cmd)
887 return -1; /* EOF */
888 if (!bufp)
889 return 0; /* OK, can feed something. */
890 strbuf_reset(&state->buf);
891 if (!state->report)
892 state->report = cmd->report;
893 if (state->report) {
894 struct object_id *old_oid;
895 struct object_id *new_oid;
896 const char *ref_name;
897
898 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
899 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
900 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
901 strbuf_addf(&state->buf, "%s %s %s\n",
902 oid_to_hex(old_oid), oid_to_hex(new_oid),
903 ref_name);
904 state->report = state->report->next;
905 if (!state->report)
906 state->cmd = cmd->next;
907 } else {
908 strbuf_addf(&state->buf, "%s %s %s\n",
909 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
910 cmd->ref_name);
911 state->cmd = cmd->next;
912 }
913 if (bufp) {
914 *bufp = state->buf.buf;
915 *sizep = state->buf.len;
916 }
917 return 0;
918 }
919
920 static int run_receive_hook(struct command *commands,
921 const char *hook_name,
922 int skip_broken,
923 const struct string_list *push_options)
924 {
925 struct receive_hook_feed_state state;
926 int status;
927
928 strbuf_init(&state.buf, 0);
929 state.cmd = commands;
930 state.skip_broken = skip_broken;
931 state.report = NULL;
932 if (feed_receive_hook(&state, NULL, NULL))
933 return 0;
934 state.cmd = commands;
935 state.push_options = push_options;
936 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
937 strbuf_release(&state.buf);
938 return status;
939 }
940
941 static int run_update_hook(struct command *cmd)
942 {
943 struct child_process proc = CHILD_PROCESS_INIT;
944 int code;
945 const char *hook_path = find_hook("update");
946
947 if (!hook_path)
948 return 0;
949
950 strvec_push(&proc.args, hook_path);
951 strvec_push(&proc.args, cmd->ref_name);
952 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
953 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
954
955 proc.no_stdin = 1;
956 proc.stdout_to_stderr = 1;
957 proc.err = use_sideband ? -1 : 0;
958 proc.trace2_hook_name = "update";
959
960 code = start_command(&proc);
961 if (code)
962 return code;
963 if (use_sideband)
964 copy_to_sideband(proc.err, -1, NULL);
965 return finish_command(&proc);
966 }
967
968 static struct command *find_command_by_refname(struct command *list,
969 const char *refname)
970 {
971 for (; list; list = list->next)
972 if (!strcmp(list->ref_name, refname))
973 return list;
974 return NULL;
975 }
976
977 static int read_proc_receive_report(struct packet_reader *reader,
978 struct command *commands,
979 struct strbuf *errmsg)
980 {
981 struct command *cmd;
982 struct command *hint = NULL;
983 struct ref_push_report *report = NULL;
984 int new_report = 0;
985 int code = 0;
986 int once = 0;
987 int response = 0;
988
989 for (;;) {
990 struct object_id old_oid, new_oid;
991 const char *head;
992 const char *refname;
993 char *p;
994 enum packet_read_status status;
995
996 status = packet_reader_read(reader);
997 if (status != PACKET_READ_NORMAL) {
998 /* Check whether proc-receive exited abnormally */
999 if (status == PACKET_READ_EOF && !response) {
1000 strbuf_addstr(errmsg, "proc-receive exited abnormally");
1001 return -1;
1002 }
1003 break;
1004 }
1005 response++;
1006
1007 head = reader->line;
1008 p = strchr(head, ' ');
1009 if (!p) {
1010 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1011 code = -1;
1012 continue;
1013 }
1014 *p++ = '\0';
1015 if (!strcmp(head, "option")) {
1016 const char *key, *val;
1017
1018 if (!hint || !(report || new_report)) {
1019 if (!once++)
1020 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1021 code = -1;
1022 continue;
1023 }
1024 if (new_report) {
1025 if (!hint->report) {
1026 CALLOC_ARRAY(hint->report, 1);
1027 report = hint->report;
1028 } else {
1029 report = hint->report;
1030 while (report->next)
1031 report = report->next;
1032 report->next = xcalloc(1, sizeof(struct ref_push_report));
1033 report = report->next;
1034 }
1035 new_report = 0;
1036 }
1037 key = p;
1038 p = strchr(key, ' ');
1039 if (p)
1040 *p++ = '\0';
1041 val = p;
1042 if (!strcmp(key, "refname"))
1043 report->ref_name = xstrdup_or_null(val);
1044 else if (!strcmp(key, "old-oid") && val &&
1045 !parse_oid_hex(val, &old_oid, &val))
1046 report->old_oid = oiddup(&old_oid);
1047 else if (!strcmp(key, "new-oid") && val &&
1048 !parse_oid_hex(val, &new_oid, &val))
1049 report->new_oid = oiddup(&new_oid);
1050 else if (!strcmp(key, "forced-update"))
1051 report->forced_update = 1;
1052 else if (!strcmp(key, "fall-through"))
1053 /* Fall through, let 'receive-pack' to execute it. */
1054 hint->run_proc_receive = 0;
1055 continue;
1056 }
1057
1058 report = NULL;
1059 new_report = 0;
1060 refname = p;
1061 p = strchr(refname, ' ');
1062 if (p)
1063 *p++ = '\0';
1064 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1065 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1066 head, refname);
1067 code = -1;
1068 continue;
1069 }
1070
1071 /* first try searching at our hint, falling back to all refs */
1072 if (hint)
1073 hint = find_command_by_refname(hint, refname);
1074 if (!hint)
1075 hint = find_command_by_refname(commands, refname);
1076 if (!hint) {
1077 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1078 refname);
1079 code = -1;
1080 continue;
1081 }
1082 if (!hint->run_proc_receive) {
1083 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1084 refname);
1085 code = -1;
1086 continue;
1087 }
1088 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1089 if (!strcmp(head, "ng")) {
1090 if (p)
1091 hint->error_string = xstrdup(p);
1092 else
1093 hint->error_string = "failed";
1094 code = -1;
1095 continue;
1096 }
1097 new_report = 1;
1098 }
1099
1100 for (cmd = commands; cmd; cmd = cmd->next)
1101 if (cmd->run_proc_receive && !cmd->error_string &&
1102 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1103 cmd->error_string = "proc-receive failed to report status";
1104 code = -1;
1105 }
1106 return code;
1107 }
1108
1109 static int run_proc_receive_hook(struct command *commands,
1110 const struct string_list *push_options)
1111 {
1112 struct child_process proc = CHILD_PROCESS_INIT;
1113 struct async muxer;
1114 struct command *cmd;
1115 struct packet_reader reader;
1116 struct strbuf cap = STRBUF_INIT;
1117 struct strbuf errmsg = STRBUF_INIT;
1118 int hook_use_push_options = 0;
1119 int version = 0;
1120 int code;
1121 const char *hook_path = find_hook("proc-receive");
1122
1123 if (!hook_path) {
1124 rp_error("cannot find hook 'proc-receive'");
1125 return -1;
1126 }
1127
1128 strvec_push(&proc.args, hook_path);
1129 proc.in = -1;
1130 proc.out = -1;
1131 proc.trace2_hook_name = "proc-receive";
1132
1133 if (use_sideband) {
1134 memset(&muxer, 0, sizeof(muxer));
1135 muxer.proc = copy_to_sideband;
1136 muxer.in = -1;
1137 code = start_async(&muxer);
1138 if (code)
1139 return code;
1140 proc.err = muxer.in;
1141 } else {
1142 proc.err = 0;
1143 }
1144
1145 code = start_command(&proc);
1146 if (code) {
1147 if (use_sideband)
1148 finish_async(&muxer);
1149 return code;
1150 }
1151
1152 sigchain_push(SIGPIPE, SIG_IGN);
1153
1154 /* Version negotiaton */
1155 packet_reader_init(&reader, proc.out, NULL, 0,
1156 PACKET_READ_CHOMP_NEWLINE |
1157 PACKET_READ_GENTLE_ON_EOF);
1158 if (use_atomic)
1159 strbuf_addstr(&cap, " atomic");
1160 if (use_push_options)
1161 strbuf_addstr(&cap, " push-options");
1162 if (cap.len) {
1163 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1164 strbuf_release(&cap);
1165 } else {
1166 code = packet_write_fmt_gently(proc.in, "version=1\n");
1167 }
1168 if (!code)
1169 code = packet_flush_gently(proc.in);
1170
1171 if (!code)
1172 for (;;) {
1173 int linelen;
1174 enum packet_read_status status;
1175
1176 status = packet_reader_read(&reader);
1177 if (status != PACKET_READ_NORMAL) {
1178 /* Check whether proc-receive exited abnormally */
1179 if (status == PACKET_READ_EOF)
1180 code = -1;
1181 break;
1182 }
1183
1184 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1185 version = atoi(reader.line + 8);
1186 linelen = strlen(reader.line);
1187 if (linelen < reader.pktlen) {
1188 const char *feature_list = reader.line + linelen + 1;
1189 if (parse_feature_request(feature_list, "push-options"))
1190 hook_use_push_options = 1;
1191 }
1192 }
1193 }
1194
1195 if (code) {
1196 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1197 goto cleanup;
1198 }
1199
1200 switch (version) {
1201 case 0:
1202 /* fallthrough */
1203 case 1:
1204 break;
1205 default:
1206 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1207 version);
1208 code = -1;
1209 goto cleanup;
1210 }
1211
1212 /* Send commands */
1213 for (cmd = commands; cmd; cmd = cmd->next) {
1214 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1215 continue;
1216 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1217 oid_to_hex(&cmd->old_oid),
1218 oid_to_hex(&cmd->new_oid),
1219 cmd->ref_name);
1220 if (code)
1221 break;
1222 }
1223 if (!code)
1224 code = packet_flush_gently(proc.in);
1225 if (code) {
1226 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1227 goto cleanup;
1228 }
1229
1230 /* Send push options */
1231 if (hook_use_push_options) {
1232 struct string_list_item *item;
1233
1234 for_each_string_list_item(item, push_options) {
1235 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1236 if (code)
1237 break;
1238 }
1239 if (!code)
1240 code = packet_flush_gently(proc.in);
1241 if (code) {
1242 strbuf_addstr(&errmsg,
1243 "fail to write push-options to proc-receive hook");
1244 goto cleanup;
1245 }
1246 }
1247
1248 /* Read result from proc-receive */
1249 code = read_proc_receive_report(&reader, commands, &errmsg);
1250
1251 cleanup:
1252 close(proc.in);
1253 close(proc.out);
1254 if (use_sideband)
1255 finish_async(&muxer);
1256 if (finish_command(&proc))
1257 code = -1;
1258 if (errmsg.len >0) {
1259 char *p = errmsg.buf;
1260
1261 p += errmsg.len - 1;
1262 if (*p == '\n')
1263 *p = '\0';
1264 rp_error("%s", errmsg.buf);
1265 strbuf_release(&errmsg);
1266 }
1267 sigchain_pop(SIGPIPE);
1268
1269 return code;
1270 }
1271
1272 static char *refuse_unconfigured_deny_msg =
1273 N_("By default, updating the current branch in a non-bare repository\n"
1274 "is denied, because it will make the index and work tree inconsistent\n"
1275 "with what you pushed, and will require 'git reset --hard' to match\n"
1276 "the work tree to HEAD.\n"
1277 "\n"
1278 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1279 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1280 "its current branch; however, this is not recommended unless you\n"
1281 "arranged to update its work tree to match what you pushed in some\n"
1282 "other way.\n"
1283 "\n"
1284 "To squelch this message and still keep the default behaviour, set\n"
1285 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1286
1287 static void refuse_unconfigured_deny(void)
1288 {
1289 rp_error("%s", _(refuse_unconfigured_deny_msg));
1290 }
1291
1292 static char *refuse_unconfigured_deny_delete_current_msg =
1293 N_("By default, deleting the current branch is denied, because the next\n"
1294 "'git clone' won't result in any file checked out, causing confusion.\n"
1295 "\n"
1296 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1297 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1298 "current branch, with or without a warning message.\n"
1299 "\n"
1300 "To squelch this message, you can set it to 'refuse'.");
1301
1302 static void refuse_unconfigured_deny_delete_current(void)
1303 {
1304 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1305 }
1306
1307 static const struct object_id *command_singleton_iterator(void *cb_data);
1308 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1309 {
1310 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1311 struct oid_array extra = OID_ARRAY_INIT;
1312 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1313 uint32_t mask = 1 << (cmd->index % 32);
1314 int i;
1315
1316 trace_printf_key(&trace_shallow,
1317 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1318 for (i = 0; i < si->shallow->nr; i++)
1319 if (si->used_shallow[i] &&
1320 (si->used_shallow[i][cmd->index / 32] & mask) &&
1321 !delayed_reachability_test(si, i))
1322 oid_array_append(&extra, &si->shallow->oid[i]);
1323
1324 opt.env = tmp_objdir_env(tmp_objdir);
1325 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1326 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1327 rollback_shallow_file(the_repository, &shallow_lock);
1328 oid_array_clear(&extra);
1329 return -1;
1330 }
1331
1332 commit_shallow_file(the_repository, &shallow_lock);
1333
1334 /*
1335 * Make sure setup_alternate_shallow() for the next ref does
1336 * not lose these new roots..
1337 */
1338 for (i = 0; i < extra.nr; i++)
1339 register_shallow(the_repository, &extra.oid[i]);
1340
1341 si->shallow_ref[cmd->index] = 0;
1342 oid_array_clear(&extra);
1343 return 0;
1344 }
1345
1346 /*
1347 * NEEDSWORK: we should consolidate various implementions of "are we
1348 * on an unborn branch?" test into one, and make the unified one more
1349 * robust. !get_sha1() based check used here and elsewhere would not
1350 * allow us to tell an unborn branch from corrupt ref, for example.
1351 * For the purpose of fixing "deploy-to-update does not work when
1352 * pushing into an empty repository" issue, this should suffice for
1353 * now.
1354 */
1355 static int head_has_history(void)
1356 {
1357 struct object_id oid;
1358
1359 return !get_oid("HEAD", &oid);
1360 }
1361
1362 static const char *push_to_deploy(unsigned char *sha1,
1363 struct strvec *env,
1364 const char *work_tree)
1365 {
1366 struct child_process child = CHILD_PROCESS_INIT;
1367
1368 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1369 "--refresh", NULL);
1370 strvec_pushv(&child.env_array, env->v);
1371 child.dir = work_tree;
1372 child.no_stdin = 1;
1373 child.stdout_to_stderr = 1;
1374 child.git_cmd = 1;
1375 if (run_command(&child))
1376 return "Up-to-date check failed";
1377
1378 /* run_command() does not clean up completely; reinitialize */
1379 child_process_init(&child);
1380 strvec_pushl(&child.args, "diff-files", "--quiet",
1381 "--ignore-submodules", "--", NULL);
1382 strvec_pushv(&child.env_array, env->v);
1383 child.dir = work_tree;
1384 child.no_stdin = 1;
1385 child.stdout_to_stderr = 1;
1386 child.git_cmd = 1;
1387 if (run_command(&child))
1388 return "Working directory has unstaged changes";
1389
1390 child_process_init(&child);
1391 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1392 "--ignore-submodules",
1393 /* diff-index with either HEAD or an empty tree */
1394 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1395 "--", NULL);
1396 strvec_pushv(&child.env_array, env->v);
1397 child.no_stdin = 1;
1398 child.no_stdout = 1;
1399 child.stdout_to_stderr = 0;
1400 child.git_cmd = 1;
1401 if (run_command(&child))
1402 return "Working directory has staged changes";
1403
1404 child_process_init(&child);
1405 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1406 NULL);
1407 strvec_pushv(&child.env_array, env->v);
1408 child.dir = work_tree;
1409 child.no_stdin = 1;
1410 child.no_stdout = 1;
1411 child.stdout_to_stderr = 0;
1412 child.git_cmd = 1;
1413 if (run_command(&child))
1414 return "Could not update working tree to new HEAD";
1415
1416 return NULL;
1417 }
1418
1419 static const char *push_to_checkout_hook = "push-to-checkout";
1420
1421 static const char *push_to_checkout(unsigned char *hash,
1422 struct strvec *env,
1423 const char *work_tree)
1424 {
1425 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1426 if (run_hook_le(env->v, push_to_checkout_hook,
1427 hash_to_hex(hash), NULL))
1428 return "push-to-checkout hook declined";
1429 else
1430 return NULL;
1431 }
1432
1433 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1434 {
1435 const char *retval, *work_tree, *git_dir = NULL;
1436 struct strvec env = STRVEC_INIT;
1437
1438 if (worktree && worktree->path)
1439 work_tree = worktree->path;
1440 else if (git_work_tree_cfg)
1441 work_tree = git_work_tree_cfg;
1442 else
1443 work_tree = "..";
1444
1445 if (is_bare_repository())
1446 return "denyCurrentBranch = updateInstead needs a worktree";
1447 if (worktree)
1448 git_dir = get_worktree_git_dir(worktree);
1449 if (!git_dir)
1450 git_dir = get_git_dir();
1451
1452 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1453
1454 if (!hook_exists(push_to_checkout_hook))
1455 retval = push_to_deploy(sha1, &env, work_tree);
1456 else
1457 retval = push_to_checkout(sha1, &env, work_tree);
1458
1459 strvec_clear(&env);
1460 return retval;
1461 }
1462
1463 static const char *update(struct command *cmd, struct shallow_info *si)
1464 {
1465 const char *name = cmd->ref_name;
1466 struct strbuf namespaced_name_buf = STRBUF_INIT;
1467 static char *namespaced_name;
1468 const char *ret;
1469 struct object_id *old_oid = &cmd->old_oid;
1470 struct object_id *new_oid = &cmd->new_oid;
1471 int do_update_worktree = 0;
1472 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1473
1474 /* only refs/... are allowed */
1475 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1476 rp_error("refusing to create funny ref '%s' remotely", name);
1477 return "funny refname";
1478 }
1479
1480 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1481 free(namespaced_name);
1482 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1483
1484 if (worktree) {
1485 switch (deny_current_branch) {
1486 case DENY_IGNORE:
1487 break;
1488 case DENY_WARN:
1489 rp_warning("updating the current branch");
1490 break;
1491 case DENY_REFUSE:
1492 case DENY_UNCONFIGURED:
1493 rp_error("refusing to update checked out branch: %s", name);
1494 if (deny_current_branch == DENY_UNCONFIGURED)
1495 refuse_unconfigured_deny();
1496 return "branch is currently checked out";
1497 case DENY_UPDATE_INSTEAD:
1498 /* pass -- let other checks intervene first */
1499 do_update_worktree = 1;
1500 break;
1501 }
1502 }
1503
1504 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1505 error("unpack should have generated %s, "
1506 "but I can't find it!", oid_to_hex(new_oid));
1507 return "bad pack";
1508 }
1509
1510 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1511 if (deny_deletes && starts_with(name, "refs/heads/")) {
1512 rp_error("denying ref deletion for %s", name);
1513 return "deletion prohibited";
1514 }
1515
1516 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1517 switch (deny_delete_current) {
1518 case DENY_IGNORE:
1519 break;
1520 case DENY_WARN:
1521 rp_warning("deleting the current branch");
1522 break;
1523 case DENY_REFUSE:
1524 case DENY_UNCONFIGURED:
1525 case DENY_UPDATE_INSTEAD:
1526 if (deny_delete_current == DENY_UNCONFIGURED)
1527 refuse_unconfigured_deny_delete_current();
1528 rp_error("refusing to delete the current branch: %s", name);
1529 return "deletion of the current branch prohibited";
1530 default:
1531 return "Invalid denyDeleteCurrent setting";
1532 }
1533 }
1534 }
1535
1536 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1537 !is_null_oid(old_oid) &&
1538 starts_with(name, "refs/heads/")) {
1539 struct object *old_object, *new_object;
1540 struct commit *old_commit, *new_commit;
1541
1542 old_object = parse_object(the_repository, old_oid);
1543 new_object = parse_object(the_repository, new_oid);
1544
1545 if (!old_object || !new_object ||
1546 old_object->type != OBJ_COMMIT ||
1547 new_object->type != OBJ_COMMIT) {
1548 error("bad sha1 objects for %s", name);
1549 return "bad ref";
1550 }
1551 old_commit = (struct commit *)old_object;
1552 new_commit = (struct commit *)new_object;
1553 if (!in_merge_bases(old_commit, new_commit)) {
1554 rp_error("denying non-fast-forward %s"
1555 " (you should pull first)", name);
1556 return "non-fast-forward";
1557 }
1558 }
1559 if (run_update_hook(cmd)) {
1560 rp_error("hook declined to update %s", name);
1561 return "hook declined";
1562 }
1563
1564 if (do_update_worktree) {
1565 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1566 if (ret)
1567 return ret;
1568 }
1569
1570 if (is_null_oid(new_oid)) {
1571 struct strbuf err = STRBUF_INIT;
1572 if (!parse_object(the_repository, old_oid)) {
1573 old_oid = NULL;
1574 if (ref_exists(name)) {
1575 rp_warning("Allowing deletion of corrupt ref.");
1576 } else {
1577 rp_warning("Deleting a non-existent ref.");
1578 cmd->did_not_exist = 1;
1579 }
1580 }
1581 if (ref_transaction_delete(transaction,
1582 namespaced_name,
1583 old_oid,
1584 0, "push", &err)) {
1585 rp_error("%s", err.buf);
1586 strbuf_release(&err);
1587 return "failed to delete";
1588 }
1589 strbuf_release(&err);
1590 return NULL; /* good */
1591 }
1592 else {
1593 struct strbuf err = STRBUF_INIT;
1594 if (shallow_update && si->shallow_ref[cmd->index] &&
1595 update_shallow_ref(cmd, si))
1596 return "shallow error";
1597
1598 if (ref_transaction_update(transaction,
1599 namespaced_name,
1600 new_oid, old_oid,
1601 0, "push",
1602 &err)) {
1603 rp_error("%s", err.buf);
1604 strbuf_release(&err);
1605
1606 return "failed to update ref";
1607 }
1608 strbuf_release(&err);
1609
1610 return NULL; /* good */
1611 }
1612 }
1613
1614 static void run_update_post_hook(struct command *commands)
1615 {
1616 struct command *cmd;
1617 struct child_process proc = CHILD_PROCESS_INIT;
1618 const char *hook;
1619
1620 hook = find_hook("post-update");
1621 if (!hook)
1622 return;
1623
1624 for (cmd = commands; cmd; cmd = cmd->next) {
1625 if (cmd->error_string || cmd->did_not_exist)
1626 continue;
1627 if (!proc.args.nr)
1628 strvec_push(&proc.args, hook);
1629 strvec_push(&proc.args, cmd->ref_name);
1630 }
1631 if (!proc.args.nr)
1632 return;
1633
1634 proc.no_stdin = 1;
1635 proc.stdout_to_stderr = 1;
1636 proc.err = use_sideband ? -1 : 0;
1637 proc.trace2_hook_name = "post-update";
1638
1639 if (!start_command(&proc)) {
1640 if (use_sideband)
1641 copy_to_sideband(proc.err, -1, NULL);
1642 finish_command(&proc);
1643 }
1644 }
1645
1646 static void check_aliased_update_internal(struct command *cmd,
1647 struct string_list *list,
1648 const char *dst_name, int flag)
1649 {
1650 struct string_list_item *item;
1651 struct command *dst_cmd;
1652
1653 if (!(flag & REF_ISSYMREF))
1654 return;
1655
1656 if (!dst_name) {
1657 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1658 cmd->skip_update = 1;
1659 cmd->error_string = "broken symref";
1660 return;
1661 }
1662 dst_name = strip_namespace(dst_name);
1663
1664 if ((item = string_list_lookup(list, dst_name)) == NULL)
1665 return;
1666
1667 cmd->skip_update = 1;
1668
1669 dst_cmd = (struct command *) item->util;
1670
1671 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1672 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1673 return;
1674
1675 dst_cmd->skip_update = 1;
1676
1677 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1678 " its target '%s' (%s..%s)",
1679 cmd->ref_name,
1680 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1681 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1682 dst_cmd->ref_name,
1683 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1684 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1685
1686 cmd->error_string = dst_cmd->error_string =
1687 "inconsistent aliased update";
1688 }
1689
1690 static void check_aliased_update(struct command *cmd, struct string_list *list)
1691 {
1692 struct strbuf buf = STRBUF_INIT;
1693 const char *dst_name;
1694 int flag;
1695
1696 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1697 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1698 check_aliased_update_internal(cmd, list, dst_name, flag);
1699 strbuf_release(&buf);
1700 }
1701
1702 static void check_aliased_updates(struct command *commands)
1703 {
1704 struct command *cmd;
1705 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1706
1707 for (cmd = commands; cmd; cmd = cmd->next) {
1708 struct string_list_item *item =
1709 string_list_append(&ref_list, cmd->ref_name);
1710 item->util = (void *)cmd;
1711 }
1712 string_list_sort(&ref_list);
1713
1714 for (cmd = commands; cmd; cmd = cmd->next) {
1715 if (!cmd->error_string)
1716 check_aliased_update(cmd, &ref_list);
1717 }
1718
1719 string_list_clear(&ref_list, 0);
1720 }
1721
1722 static const struct object_id *command_singleton_iterator(void *cb_data)
1723 {
1724 struct command **cmd_list = cb_data;
1725 struct command *cmd = *cmd_list;
1726
1727 if (!cmd || is_null_oid(&cmd->new_oid))
1728 return NULL;
1729 *cmd_list = NULL; /* this returns only one */
1730 return &cmd->new_oid;
1731 }
1732
1733 static void set_connectivity_errors(struct command *commands,
1734 struct shallow_info *si)
1735 {
1736 struct command *cmd;
1737
1738 for (cmd = commands; cmd; cmd = cmd->next) {
1739 struct command *singleton = cmd;
1740 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1741
1742 if (shallow_update && si->shallow_ref[cmd->index])
1743 /* to be checked in update_shallow_ref() */
1744 continue;
1745
1746 opt.env = tmp_objdir_env(tmp_objdir);
1747 if (!check_connected(command_singleton_iterator, &singleton,
1748 &opt))
1749 continue;
1750
1751 cmd->error_string = "missing necessary objects";
1752 }
1753 }
1754
1755 struct iterate_data {
1756 struct command *cmds;
1757 struct shallow_info *si;
1758 };
1759
1760 static const struct object_id *iterate_receive_command_list(void *cb_data)
1761 {
1762 struct iterate_data *data = cb_data;
1763 struct command **cmd_list = &data->cmds;
1764 struct command *cmd = *cmd_list;
1765
1766 for (; cmd; cmd = cmd->next) {
1767 if (shallow_update && data->si->shallow_ref[cmd->index])
1768 /* to be checked in update_shallow_ref() */
1769 continue;
1770 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1771 *cmd_list = cmd->next;
1772 return &cmd->new_oid;
1773 }
1774 }
1775 return NULL;
1776 }
1777
1778 static void reject_updates_to_hidden(struct command *commands)
1779 {
1780 struct strbuf refname_full = STRBUF_INIT;
1781 size_t prefix_len;
1782 struct command *cmd;
1783
1784 strbuf_addstr(&refname_full, get_git_namespace());
1785 prefix_len = refname_full.len;
1786
1787 for (cmd = commands; cmd; cmd = cmd->next) {
1788 if (cmd->error_string)
1789 continue;
1790
1791 strbuf_setlen(&refname_full, prefix_len);
1792 strbuf_addstr(&refname_full, cmd->ref_name);
1793
1794 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1795 continue;
1796 if (is_null_oid(&cmd->new_oid))
1797 cmd->error_string = "deny deleting a hidden ref";
1798 else
1799 cmd->error_string = "deny updating a hidden ref";
1800 }
1801
1802 strbuf_release(&refname_full);
1803 }
1804
1805 static int should_process_cmd(struct command *cmd)
1806 {
1807 return !cmd->error_string && !cmd->skip_update;
1808 }
1809
1810 static void warn_if_skipped_connectivity_check(struct command *commands,
1811 struct shallow_info *si)
1812 {
1813 struct command *cmd;
1814 int checked_connectivity = 1;
1815
1816 for (cmd = commands; cmd; cmd = cmd->next) {
1817 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1818 error("BUG: connectivity check has not been run on ref %s",
1819 cmd->ref_name);
1820 checked_connectivity = 0;
1821 }
1822 }
1823 if (!checked_connectivity)
1824 BUG("connectivity check skipped???");
1825 }
1826
1827 static void execute_commands_non_atomic(struct command *commands,
1828 struct shallow_info *si)
1829 {
1830 struct command *cmd;
1831 struct strbuf err = STRBUF_INIT;
1832
1833 for (cmd = commands; cmd; cmd = cmd->next) {
1834 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1835 continue;
1836
1837 transaction = ref_transaction_begin(&err);
1838 if (!transaction) {
1839 rp_error("%s", err.buf);
1840 strbuf_reset(&err);
1841 cmd->error_string = "transaction failed to start";
1842 continue;
1843 }
1844
1845 cmd->error_string = update(cmd, si);
1846
1847 if (!cmd->error_string
1848 && ref_transaction_commit(transaction, &err)) {
1849 rp_error("%s", err.buf);
1850 strbuf_reset(&err);
1851 cmd->error_string = "failed to update ref";
1852 }
1853 ref_transaction_free(transaction);
1854 }
1855 strbuf_release(&err);
1856 }
1857
1858 static void execute_commands_atomic(struct command *commands,
1859 struct shallow_info *si)
1860 {
1861 struct command *cmd;
1862 struct strbuf err = STRBUF_INIT;
1863 const char *reported_error = "atomic push failure";
1864
1865 transaction = ref_transaction_begin(&err);
1866 if (!transaction) {
1867 rp_error("%s", err.buf);
1868 strbuf_reset(&err);
1869 reported_error = "transaction failed to start";
1870 goto failure;
1871 }
1872
1873 for (cmd = commands; cmd; cmd = cmd->next) {
1874 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1875 continue;
1876
1877 cmd->error_string = update(cmd, si);
1878
1879 if (cmd->error_string)
1880 goto failure;
1881 }
1882
1883 if (ref_transaction_commit(transaction, &err)) {
1884 rp_error("%s", err.buf);
1885 reported_error = "atomic transaction failed";
1886 goto failure;
1887 }
1888 goto cleanup;
1889
1890 failure:
1891 for (cmd = commands; cmd; cmd = cmd->next)
1892 if (!cmd->error_string)
1893 cmd->error_string = reported_error;
1894
1895 cleanup:
1896 ref_transaction_free(transaction);
1897 strbuf_release(&err);
1898 }
1899
1900 static void execute_commands(struct command *commands,
1901 const char *unpacker_error,
1902 struct shallow_info *si,
1903 const struct string_list *push_options)
1904 {
1905 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1906 struct command *cmd;
1907 struct iterate_data data;
1908 struct async muxer;
1909 int err_fd = 0;
1910 int run_proc_receive = 0;
1911
1912 if (unpacker_error) {
1913 for (cmd = commands; cmd; cmd = cmd->next)
1914 cmd->error_string = "unpacker error";
1915 return;
1916 }
1917
1918 if (use_sideband) {
1919 memset(&muxer, 0, sizeof(muxer));
1920 muxer.proc = copy_to_sideband;
1921 muxer.in = -1;
1922 if (!start_async(&muxer))
1923 err_fd = muxer.in;
1924 /* ...else, continue without relaying sideband */
1925 }
1926
1927 data.cmds = commands;
1928 data.si = si;
1929 opt.err_fd = err_fd;
1930 opt.progress = err_fd && !quiet;
1931 opt.env = tmp_objdir_env(tmp_objdir);
1932 if (check_connected(iterate_receive_command_list, &data, &opt))
1933 set_connectivity_errors(commands, si);
1934
1935 if (use_sideband)
1936 finish_async(&muxer);
1937
1938 reject_updates_to_hidden(commands);
1939
1940 /*
1941 * Try to find commands that have special prefix in their reference names,
1942 * and mark them to run an external "proc-receive" hook later.
1943 */
1944 if (proc_receive_ref) {
1945 for (cmd = commands; cmd; cmd = cmd->next) {
1946 if (!should_process_cmd(cmd))
1947 continue;
1948
1949 if (proc_receive_ref_matches(cmd)) {
1950 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1951 run_proc_receive = 1;
1952 }
1953 }
1954 }
1955
1956 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1957 for (cmd = commands; cmd; cmd = cmd->next) {
1958 if (!cmd->error_string)
1959 cmd->error_string = "pre-receive hook declined";
1960 }
1961 return;
1962 }
1963
1964 /*
1965 * Now we'll start writing out refs, which means the objects need
1966 * to be in their final positions so that other processes can see them.
1967 */
1968 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1969 for (cmd = commands; cmd; cmd = cmd->next) {
1970 if (!cmd->error_string)
1971 cmd->error_string = "unable to migrate objects to permanent storage";
1972 }
1973 return;
1974 }
1975 tmp_objdir = NULL;
1976
1977 check_aliased_updates(commands);
1978
1979 free(head_name_to_free);
1980 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1981
1982 if (run_proc_receive &&
1983 run_proc_receive_hook(commands, push_options))
1984 for (cmd = commands; cmd; cmd = cmd->next)
1985 if (!cmd->error_string &&
1986 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1987 (cmd->run_proc_receive || use_atomic))
1988 cmd->error_string = "fail to run proc-receive hook";
1989
1990 if (use_atomic)
1991 execute_commands_atomic(commands, si);
1992 else
1993 execute_commands_non_atomic(commands, si);
1994
1995 if (shallow_update)
1996 warn_if_skipped_connectivity_check(commands, si);
1997 }
1998
1999 static struct command **queue_command(struct command **tail,
2000 const char *line,
2001 int linelen)
2002 {
2003 struct object_id old_oid, new_oid;
2004 struct command *cmd;
2005 const char *refname;
2006 int reflen;
2007 const char *p;
2008
2009 if (parse_oid_hex(line, &old_oid, &p) ||
2010 *p++ != ' ' ||
2011 parse_oid_hex(p, &new_oid, &p) ||
2012 *p++ != ' ')
2013 die("protocol error: expected old/new/ref, got '%s'", line);
2014
2015 refname = p;
2016 reflen = linelen - (p - line);
2017 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2018 oidcpy(&cmd->old_oid, &old_oid);
2019 oidcpy(&cmd->new_oid, &new_oid);
2020 *tail = cmd;
2021 return &cmd->next;
2022 }
2023
2024 static void queue_commands_from_cert(struct command **tail,
2025 struct strbuf *push_cert)
2026 {
2027 const char *boc, *eoc;
2028
2029 if (*tail)
2030 die("protocol error: got both push certificate and unsigned commands");
2031
2032 boc = strstr(push_cert->buf, "\n\n");
2033 if (!boc)
2034 die("malformed push certificate %.*s", 100, push_cert->buf);
2035 else
2036 boc += 2;
2037 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2038
2039 while (boc < eoc) {
2040 const char *eol = memchr(boc, '\n', eoc - boc);
2041 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2042 boc = eol ? eol + 1 : eoc;
2043 }
2044 }
2045
2046 static struct command *read_head_info(struct packet_reader *reader,
2047 struct oid_array *shallow)
2048 {
2049 struct command *commands = NULL;
2050 struct command **p = &commands;
2051 for (;;) {
2052 int linelen;
2053
2054 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2055 break;
2056
2057 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2058 struct object_id oid;
2059 if (get_oid_hex(reader->line + 8, &oid))
2060 die("protocol error: expected shallow sha, got '%s'",
2061 reader->line + 8);
2062 oid_array_append(shallow, &oid);
2063 continue;
2064 }
2065
2066 linelen = strlen(reader->line);
2067 if (linelen < reader->pktlen) {
2068 const char *feature_list = reader->line + linelen + 1;
2069 const char *hash = NULL;
2070 const char *client_sid;
2071 int len = 0;
2072 if (parse_feature_request(feature_list, "report-status"))
2073 report_status = 1;
2074 if (parse_feature_request(feature_list, "report-status-v2"))
2075 report_status_v2 = 1;
2076 if (parse_feature_request(feature_list, "side-band-64k"))
2077 use_sideband = LARGE_PACKET_MAX;
2078 if (parse_feature_request(feature_list, "quiet"))
2079 quiet = 1;
2080 if (advertise_atomic_push
2081 && parse_feature_request(feature_list, "atomic"))
2082 use_atomic = 1;
2083 if (advertise_push_options
2084 && parse_feature_request(feature_list, "push-options"))
2085 use_push_options = 1;
2086 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2087 if (!hash) {
2088 hash = hash_algos[GIT_HASH_SHA1].name;
2089 len = strlen(hash);
2090 }
2091 if (xstrncmpz(the_hash_algo->name, hash, len))
2092 die("error: unsupported object format '%s'", hash);
2093 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2094 if (client_sid) {
2095 char *sid = xstrndup(client_sid, len);
2096 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2097 free(sid);
2098 }
2099 }
2100
2101 if (!strcmp(reader->line, "push-cert")) {
2102 int true_flush = 0;
2103 int saved_options = reader->options;
2104 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2105
2106 for (;;) {
2107 packet_reader_read(reader);
2108 if (reader->status == PACKET_READ_FLUSH) {
2109 true_flush = 1;
2110 break;
2111 }
2112 if (reader->status != PACKET_READ_NORMAL) {
2113 die("protocol error: got an unexpected packet");
2114 }
2115 if (!strcmp(reader->line, "push-cert-end\n"))
2116 break; /* end of cert */
2117 strbuf_addstr(&push_cert, reader->line);
2118 }
2119 reader->options = saved_options;
2120
2121 if (true_flush)
2122 break;
2123 continue;
2124 }
2125
2126 p = queue_command(p, reader->line, linelen);
2127 }
2128
2129 if (push_cert.len)
2130 queue_commands_from_cert(p, &push_cert);
2131
2132 return commands;
2133 }
2134
2135 static void read_push_options(struct packet_reader *reader,
2136 struct string_list *options)
2137 {
2138 while (1) {
2139 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2140 break;
2141
2142 string_list_append(options, reader->line);
2143 }
2144 }
2145
2146 static const char *parse_pack_header(struct pack_header *hdr)
2147 {
2148 switch (read_pack_header(0, hdr)) {
2149 case PH_ERROR_EOF:
2150 return "eof before pack header was fully read";
2151
2152 case PH_ERROR_PACK_SIGNATURE:
2153 return "protocol error (pack signature mismatch detected)";
2154
2155 case PH_ERROR_PROTOCOL:
2156 return "protocol error (pack version unsupported)";
2157
2158 default:
2159 return "unknown error in parse_pack_header";
2160
2161 case 0:
2162 return NULL;
2163 }
2164 }
2165
2166 static const char *pack_lockfile;
2167
2168 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2169 {
2170 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2171 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2172 }
2173
2174 static const char *unpack(int err_fd, struct shallow_info *si)
2175 {
2176 struct pack_header hdr;
2177 const char *hdr_err;
2178 int status;
2179 struct child_process child = CHILD_PROCESS_INIT;
2180 int fsck_objects = (receive_fsck_objects >= 0
2181 ? receive_fsck_objects
2182 : transfer_fsck_objects >= 0
2183 ? transfer_fsck_objects
2184 : 0);
2185
2186 hdr_err = parse_pack_header(&hdr);
2187 if (hdr_err) {
2188 if (err_fd > 0)
2189 close(err_fd);
2190 return hdr_err;
2191 }
2192
2193 if (si->nr_ours || si->nr_theirs) {
2194 alt_shallow_file = setup_temporary_shallow(si->shallow);
2195 strvec_push(&child.args, "--shallow-file");
2196 strvec_push(&child.args, alt_shallow_file);
2197 }
2198
2199 tmp_objdir = tmp_objdir_create();
2200 if (!tmp_objdir) {
2201 if (err_fd > 0)
2202 close(err_fd);
2203 return "unable to create temporary object directory";
2204 }
2205 if (tmp_objdir)
2206 strvec_pushv(&child.env_array, tmp_objdir_env(tmp_objdir));
2207
2208 /*
2209 * Normally we just pass the tmp_objdir environment to the child
2210 * processes that do the heavy lifting, but we may need to see these
2211 * objects ourselves to set up shallow information.
2212 */
2213 tmp_objdir_add_as_alternate(tmp_objdir);
2214
2215 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2216 strvec_push(&child.args, "unpack-objects");
2217 push_header_arg(&child.args, &hdr);
2218 if (quiet)
2219 strvec_push(&child.args, "-q");
2220 if (fsck_objects)
2221 strvec_pushf(&child.args, "--strict%s",
2222 fsck_msg_types.buf);
2223 if (max_input_size)
2224 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2225 (uintmax_t)max_input_size);
2226 child.no_stdout = 1;
2227 child.err = err_fd;
2228 child.git_cmd = 1;
2229 status = run_command(&child);
2230 if (status)
2231 return "unpack-objects abnormal exit";
2232 } else {
2233 char hostname[HOST_NAME_MAX + 1];
2234
2235 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2236 push_header_arg(&child.args, &hdr);
2237
2238 if (xgethostname(hostname, sizeof(hostname)))
2239 xsnprintf(hostname, sizeof(hostname), "localhost");
2240 strvec_pushf(&child.args,
2241 "--keep=receive-pack %"PRIuMAX" on %s",
2242 (uintmax_t)getpid(),
2243 hostname);
2244
2245 if (!quiet && err_fd)
2246 strvec_push(&child.args, "--show-resolving-progress");
2247 if (use_sideband)
2248 strvec_push(&child.args, "--report-end-of-input");
2249 if (fsck_objects)
2250 strvec_pushf(&child.args, "--strict%s",
2251 fsck_msg_types.buf);
2252 if (!reject_thin)
2253 strvec_push(&child.args, "--fix-thin");
2254 if (max_input_size)
2255 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2256 (uintmax_t)max_input_size);
2257 child.out = -1;
2258 child.err = err_fd;
2259 child.git_cmd = 1;
2260 status = start_command(&child);
2261 if (status)
2262 return "index-pack fork failed";
2263 pack_lockfile = index_pack_lockfile(child.out, NULL);
2264 close(child.out);
2265 status = finish_command(&child);
2266 if (status)
2267 return "index-pack abnormal exit";
2268 reprepare_packed_git(the_repository);
2269 }
2270 return NULL;
2271 }
2272
2273 static const char *unpack_with_sideband(struct shallow_info *si)
2274 {
2275 struct async muxer;
2276 const char *ret;
2277
2278 if (!use_sideband)
2279 return unpack(0, si);
2280
2281 use_keepalive = KEEPALIVE_AFTER_NUL;
2282 memset(&muxer, 0, sizeof(muxer));
2283 muxer.proc = copy_to_sideband;
2284 muxer.in = -1;
2285 if (start_async(&muxer))
2286 return NULL;
2287
2288 ret = unpack(muxer.in, si);
2289
2290 finish_async(&muxer);
2291 return ret;
2292 }
2293
2294 static void prepare_shallow_update(struct shallow_info *si)
2295 {
2296 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2297
2298 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2299 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2300
2301 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2302 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2303 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2304
2305 for (i = 0; i < si->nr_ours; i++)
2306 si->need_reachability_test[si->ours[i]] = 1;
2307
2308 for (i = 0; i < si->shallow->nr; i++) {
2309 if (!si->used_shallow[i])
2310 continue;
2311 for (j = 0; j < bitmap_size; j++) {
2312 if (!si->used_shallow[i][j])
2313 continue;
2314 si->need_reachability_test[i]++;
2315 for (k = 0; k < 32; k++)
2316 if (si->used_shallow[i][j] & (1U << k))
2317 si->shallow_ref[j * 32 + k]++;
2318 }
2319
2320 /*
2321 * true for those associated with some refs and belong
2322 * in "ours" list aka "step 7 not done yet"
2323 */
2324 si->need_reachability_test[i] =
2325 si->need_reachability_test[i] > 1;
2326 }
2327
2328 /*
2329 * keep hooks happy by forcing a temporary shallow file via
2330 * env variable because we can't add --shallow-file to every
2331 * command. check_connected() will be done with
2332 * true .git/shallow though.
2333 */
2334 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2335 }
2336
2337 static void update_shallow_info(struct command *commands,
2338 struct shallow_info *si,
2339 struct oid_array *ref)
2340 {
2341 struct command *cmd;
2342 int *ref_status;
2343 remove_nonexistent_theirs_shallow(si);
2344 if (!si->nr_ours && !si->nr_theirs) {
2345 shallow_update = 0;
2346 return;
2347 }
2348
2349 for (cmd = commands; cmd; cmd = cmd->next) {
2350 if (is_null_oid(&cmd->new_oid))
2351 continue;
2352 oid_array_append(ref, &cmd->new_oid);
2353 cmd->index = ref->nr - 1;
2354 }
2355 si->ref = ref;
2356
2357 if (shallow_update) {
2358 prepare_shallow_update(si);
2359 return;
2360 }
2361
2362 ALLOC_ARRAY(ref_status, ref->nr);
2363 assign_shallow_commits_to_refs(si, NULL, ref_status);
2364 for (cmd = commands; cmd; cmd = cmd->next) {
2365 if (is_null_oid(&cmd->new_oid))
2366 continue;
2367 if (ref_status[cmd->index]) {
2368 cmd->error_string = "shallow update not allowed";
2369 cmd->skip_update = 1;
2370 }
2371 }
2372 free(ref_status);
2373 }
2374
2375 static void report(struct command *commands, const char *unpack_status)
2376 {
2377 struct command *cmd;
2378 struct strbuf buf = STRBUF_INIT;
2379
2380 packet_buf_write(&buf, "unpack %s\n",
2381 unpack_status ? unpack_status : "ok");
2382 for (cmd = commands; cmd; cmd = cmd->next) {
2383 if (!cmd->error_string)
2384 packet_buf_write(&buf, "ok %s\n",
2385 cmd->ref_name);
2386 else
2387 packet_buf_write(&buf, "ng %s %s\n",
2388 cmd->ref_name, cmd->error_string);
2389 }
2390 packet_buf_flush(&buf);
2391
2392 if (use_sideband)
2393 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2394 else
2395 write_or_die(1, buf.buf, buf.len);
2396 strbuf_release(&buf);
2397 }
2398
2399 static void report_v2(struct command *commands, const char *unpack_status)
2400 {
2401 struct command *cmd;
2402 struct strbuf buf = STRBUF_INIT;
2403 struct ref_push_report *report;
2404
2405 packet_buf_write(&buf, "unpack %s\n",
2406 unpack_status ? unpack_status : "ok");
2407 for (cmd = commands; cmd; cmd = cmd->next) {
2408 int count = 0;
2409
2410 if (cmd->error_string) {
2411 packet_buf_write(&buf, "ng %s %s\n",
2412 cmd->ref_name,
2413 cmd->error_string);
2414 continue;
2415 }
2416 packet_buf_write(&buf, "ok %s\n",
2417 cmd->ref_name);
2418 for (report = cmd->report; report; report = report->next) {
2419 if (count++ > 0)
2420 packet_buf_write(&buf, "ok %s\n",
2421 cmd->ref_name);
2422 if (report->ref_name)
2423 packet_buf_write(&buf, "option refname %s\n",
2424 report->ref_name);
2425 if (report->old_oid)
2426 packet_buf_write(&buf, "option old-oid %s\n",
2427 oid_to_hex(report->old_oid));
2428 if (report->new_oid)
2429 packet_buf_write(&buf, "option new-oid %s\n",
2430 oid_to_hex(report->new_oid));
2431 if (report->forced_update)
2432 packet_buf_write(&buf, "option forced-update\n");
2433 }
2434 }
2435 packet_buf_flush(&buf);
2436
2437 if (use_sideband)
2438 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2439 else
2440 write_or_die(1, buf.buf, buf.len);
2441 strbuf_release(&buf);
2442 }
2443
2444 static int delete_only(struct command *commands)
2445 {
2446 struct command *cmd;
2447 for (cmd = commands; cmd; cmd = cmd->next) {
2448 if (!is_null_oid(&cmd->new_oid))
2449 return 0;
2450 }
2451 return 1;
2452 }
2453
2454 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2455 {
2456 int advertise_refs = 0;
2457 struct command *commands;
2458 struct oid_array shallow = OID_ARRAY_INIT;
2459 struct oid_array ref = OID_ARRAY_INIT;
2460 struct shallow_info si;
2461 struct packet_reader reader;
2462
2463 struct option options[] = {
2464 OPT__QUIET(&quiet, N_("quiet")),
2465 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2466 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2467 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2468 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2469 OPT_END()
2470 };
2471
2472 packet_trace_identity("receive-pack");
2473
2474 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2475
2476 if (argc > 1)
2477 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
2478 if (argc == 0)
2479 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
2480
2481 service_dir = argv[0];
2482
2483 setup_path();
2484
2485 if (!enter_repo(service_dir, 0))
2486 die("'%s' does not appear to be a git repository", service_dir);
2487
2488 git_config(receive_pack_config, NULL);
2489 if (cert_nonce_seed)
2490 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2491
2492 if (0 <= transfer_unpack_limit)
2493 unpack_limit = transfer_unpack_limit;
2494 else if (0 <= receive_unpack_limit)
2495 unpack_limit = receive_unpack_limit;
2496
2497 switch (determine_protocol_version_server()) {
2498 case protocol_v2:
2499 /*
2500 * push support for protocol v2 has not been implemented yet,
2501 * so ignore the request to use v2 and fallback to using v0.
2502 */
2503 break;
2504 case protocol_v1:
2505 /*
2506 * v1 is just the original protocol with a version string,
2507 * so just fall through after writing the version string.
2508 */
2509 if (advertise_refs || !stateless_rpc)
2510 packet_write_fmt(1, "version 1\n");
2511
2512 /* fallthrough */
2513 case protocol_v0:
2514 break;
2515 case protocol_unknown_version:
2516 BUG("unknown protocol version");
2517 }
2518
2519 if (advertise_refs || !stateless_rpc) {
2520 write_head_info();
2521 }
2522 if (advertise_refs)
2523 return 0;
2524
2525 packet_reader_init(&reader, 0, NULL, 0,
2526 PACKET_READ_CHOMP_NEWLINE |
2527 PACKET_READ_DIE_ON_ERR_PACKET);
2528
2529 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2530 const char *unpack_status = NULL;
2531 struct string_list push_options = STRING_LIST_INIT_DUP;
2532
2533 if (use_push_options)
2534 read_push_options(&reader, &push_options);
2535 if (!check_cert_push_options(&push_options)) {
2536 struct command *cmd;
2537 for (cmd = commands; cmd; cmd = cmd->next)
2538 cmd->error_string = "inconsistent push options";
2539 }
2540
2541 prepare_shallow_info(&si, &shallow);
2542 if (!si.nr_ours && !si.nr_theirs)
2543 shallow_update = 0;
2544 if (!delete_only(commands)) {
2545 unpack_status = unpack_with_sideband(&si);
2546 update_shallow_info(commands, &si, &ref);
2547 }
2548 use_keepalive = KEEPALIVE_ALWAYS;
2549 execute_commands(commands, unpack_status, &si,
2550 &push_options);
2551 if (pack_lockfile)
2552 unlink_or_warn(pack_lockfile);
2553 if (report_status_v2)
2554 report_v2(commands, unpack_status);
2555 else if (report_status)
2556 report(commands, unpack_status);
2557 run_receive_hook(commands, "post-receive", 1,
2558 &push_options);
2559 run_update_post_hook(commands);
2560 string_list_clear(&push_options, 0);
2561 if (auto_gc) {
2562 struct child_process proc = CHILD_PROCESS_INIT;
2563
2564 proc.no_stdin = 1;
2565 proc.stdout_to_stderr = 1;
2566 proc.err = use_sideband ? -1 : 0;
2567 proc.git_cmd = proc.close_object_store = 1;
2568 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2569 NULL);
2570
2571 if (!start_command(&proc)) {
2572 if (use_sideband)
2573 copy_to_sideband(proc.err, -1, NULL);
2574 finish_command(&proc);
2575 }
2576 }
2577 if (auto_update_server_info)
2578 update_server_info(0);
2579 clear_shallow_info(&si);
2580 }
2581 if (use_sideband)
2582 packet_flush(1);
2583 oid_array_clear(&shallow);
2584 oid_array_clear(&ref);
2585 free((void *)push_cert_nonce);
2586 return 0;
2587 }
Unnamed repository; edit this file 'description' to name the repository.