]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'js/update-index-ignore-removal-for-skip-worktree'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "sha1-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30
31 static const char * const receive_pack_usage[] = {
32 N_("git receive-pack <git-dir>"),
33 NULL
34 };
35
36 enum deny_action {
37 DENY_UNCONFIGURED,
38 DENY_IGNORE,
39 DENY_WARN,
40 DENY_REFUSE,
41 DENY_UPDATE_INSTEAD
42 };
43
44 static int deny_deletes;
45 static int deny_non_fast_forwards;
46 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
47 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
48 static int receive_fsck_objects = -1;
49 static int transfer_fsck_objects = -1;
50 static struct strbuf fsck_msg_types = STRBUF_INIT;
51 static int receive_unpack_limit = -1;
52 static int transfer_unpack_limit = -1;
53 static int advertise_atomic_push = 1;
54 static int advertise_push_options;
55 static int unpack_limit = 100;
56 static off_t max_input_size;
57 static int report_status;
58 static int use_sideband;
59 static int use_atomic;
60 static int use_push_options;
61 static int quiet;
62 static int prefer_ofs_delta = 1;
63 static int auto_update_server_info;
64 static int auto_gc = 1;
65 static int reject_thin;
66 static int stateless_rpc;
67 static const char *service_dir;
68 static const char *head_name;
69 static void *head_name_to_free;
70 static int sent_capabilities;
71 static int shallow_update;
72 static const char *alt_shallow_file;
73 static struct strbuf push_cert = STRBUF_INIT;
74 static struct object_id push_cert_oid;
75 static struct signature_check sigcheck;
76 static const char *push_cert_nonce;
77 static const char *cert_nonce_seed;
78
79 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
80 static const char *NONCE_BAD = "BAD";
81 static const char *NONCE_MISSING = "MISSING";
82 static const char *NONCE_OK = "OK";
83 static const char *NONCE_SLOP = "SLOP";
84 static const char *nonce_status;
85 static long nonce_stamp_slop;
86 static timestamp_t nonce_stamp_slop_limit;
87 static struct ref_transaction *transaction;
88
89 static enum {
90 KEEPALIVE_NEVER = 0,
91 KEEPALIVE_AFTER_NUL,
92 KEEPALIVE_ALWAYS
93 } use_keepalive;
94 static int keepalive_in_sec = 5;
95
96 static struct tmp_objdir *tmp_objdir;
97
98 static enum deny_action parse_deny_action(const char *var, const char *value)
99 {
100 if (value) {
101 if (!strcasecmp(value, "ignore"))
102 return DENY_IGNORE;
103 if (!strcasecmp(value, "warn"))
104 return DENY_WARN;
105 if (!strcasecmp(value, "refuse"))
106 return DENY_REFUSE;
107 if (!strcasecmp(value, "updateinstead"))
108 return DENY_UPDATE_INSTEAD;
109 }
110 if (git_config_bool(var, value))
111 return DENY_REFUSE;
112 return DENY_IGNORE;
113 }
114
115 static int receive_pack_config(const char *var, const char *value, void *cb)
116 {
117 int status = parse_hide_refs_config(var, value, "receive");
118
119 if (status)
120 return status;
121
122 if (strcmp(var, "receive.denydeletes") == 0) {
123 deny_deletes = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.denynonfastforwards") == 0) {
128 deny_non_fast_forwards = git_config_bool(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "receive.unpacklimit") == 0) {
133 receive_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "transfer.unpacklimit") == 0) {
138 transfer_unpack_limit = git_config_int(var, value);
139 return 0;
140 }
141
142 if (strcmp(var, "receive.fsck.skiplist") == 0) {
143 const char *path;
144
145 if (git_config_pathname(&path, var, value))
146 return 1;
147 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
148 fsck_msg_types.len ? ',' : '=', path);
149 free((char *)path);
150 return 0;
151 }
152
153 if (skip_prefix(var, "receive.fsck.", &var)) {
154 if (is_valid_msg_type(var, value))
155 strbuf_addf(&fsck_msg_types, "%c%s=%s",
156 fsck_msg_types.len ? ',' : '=', var, value);
157 else
158 warning("Skipping unknown msg id '%s'", var);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsckobjects") == 0) {
163 receive_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (strcmp(var, "transfer.fsckobjects") == 0) {
168 transfer_fsck_objects = git_config_bool(var, value);
169 return 0;
170 }
171
172 if (!strcmp(var, "receive.denycurrentbranch")) {
173 deny_current_branch = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "receive.denydeletecurrent") == 0) {
178 deny_delete_current = parse_deny_action(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
183 prefer_ofs_delta = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.updateserverinfo") == 0) {
188 auto_update_server_info = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.autogc") == 0) {
193 auto_gc = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.shallowupdate") == 0) {
198 shallow_update = git_config_bool(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "receive.certnonceseed") == 0)
203 return git_config_string(&cert_nonce_seed, var, value);
204
205 if (strcmp(var, "receive.certnonceslop") == 0) {
206 nonce_stamp_slop_limit = git_config_ulong(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertiseatomic") == 0) {
211 advertise_atomic_push = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.advertisepushoptions") == 0) {
216 advertise_push_options = git_config_bool(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.keepalive") == 0) {
221 keepalive_in_sec = git_config_int(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.maxinputsize") == 0) {
226 max_input_size = git_config_int64(var, value);
227 return 0;
228 }
229
230 return git_default_config(var, value, cb);
231 }
232
233 static void show_ref(const char *path, const struct object_id *oid)
234 {
235 if (sent_capabilities) {
236 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
237 } else {
238 struct strbuf cap = STRBUF_INIT;
239
240 strbuf_addstr(&cap,
241 "report-status delete-refs side-band-64k quiet");
242 if (advertise_atomic_push)
243 strbuf_addstr(&cap, " atomic");
244 if (prefer_ofs_delta)
245 strbuf_addstr(&cap, " ofs-delta");
246 if (push_cert_nonce)
247 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
248 if (advertise_push_options)
249 strbuf_addstr(&cap, " push-options");
250 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
251 packet_write_fmt(1, "%s %s%c%s\n",
252 oid_to_hex(oid), path, 0, cap.buf);
253 strbuf_release(&cap);
254 sent_capabilities = 1;
255 }
256 }
257
258 static int show_ref_cb(const char *path_full, const struct object_id *oid,
259 int flag, void *data)
260 {
261 struct oidset *seen = data;
262 const char *path = strip_namespace(path_full);
263
264 if (ref_is_hidden(path, path_full))
265 return 0;
266
267 /*
268 * Advertise refs outside our current namespace as ".have"
269 * refs, so that the client can use them to minimize data
270 * transfer but will otherwise ignore them.
271 */
272 if (!path) {
273 if (oidset_insert(seen, oid))
274 return 0;
275 path = ".have";
276 } else {
277 oidset_insert(seen, oid);
278 }
279 show_ref(path, oid);
280 return 0;
281 }
282
283 static void show_one_alternate_ref(const struct object_id *oid,
284 void *data)
285 {
286 struct oidset *seen = data;
287
288 if (oidset_insert(seen, oid))
289 return;
290
291 show_ref(".have", oid);
292 }
293
294 static void write_head_info(void)
295 {
296 static struct oidset seen = OIDSET_INIT;
297
298 for_each_ref(show_ref_cb, &seen);
299 for_each_alternate_ref(show_one_alternate_ref, &seen);
300 oidset_clear(&seen);
301 if (!sent_capabilities)
302 show_ref("capabilities^{}", &null_oid);
303
304 advertise_shallow_grafts(1);
305
306 /* EOF */
307 packet_flush(1);
308 }
309
310 struct command {
311 struct command *next;
312 const char *error_string;
313 unsigned int skip_update:1,
314 did_not_exist:1;
315 int index;
316 struct object_id old_oid;
317 struct object_id new_oid;
318 char ref_name[FLEX_ARRAY]; /* more */
319 };
320
321 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
322 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
323
324 static void report_message(const char *prefix, const char *err, va_list params)
325 {
326 int sz;
327 char msg[4096];
328
329 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
330 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
331 if (sz > (sizeof(msg) - 1))
332 sz = sizeof(msg) - 1;
333 msg[sz++] = '\n';
334
335 if (use_sideband)
336 send_sideband(1, 2, msg, sz, use_sideband);
337 else
338 xwrite(2, msg, sz);
339 }
340
341 static void rp_warning(const char *err, ...)
342 {
343 va_list params;
344 va_start(params, err);
345 report_message("warning: ", err, params);
346 va_end(params);
347 }
348
349 static void rp_error(const char *err, ...)
350 {
351 va_list params;
352 va_start(params, err);
353 report_message("error: ", err, params);
354 va_end(params);
355 }
356
357 static int copy_to_sideband(int in, int out, void *arg)
358 {
359 char data[128];
360 int keepalive_active = 0;
361
362 if (keepalive_in_sec <= 0)
363 use_keepalive = KEEPALIVE_NEVER;
364 if (use_keepalive == KEEPALIVE_ALWAYS)
365 keepalive_active = 1;
366
367 while (1) {
368 ssize_t sz;
369
370 if (keepalive_active) {
371 struct pollfd pfd;
372 int ret;
373
374 pfd.fd = in;
375 pfd.events = POLLIN;
376 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
377
378 if (ret < 0) {
379 if (errno == EINTR)
380 continue;
381 else
382 break;
383 } else if (ret == 0) {
384 /* no data; send a keepalive packet */
385 static const char buf[] = "0005\1";
386 write_or_die(1, buf, sizeof(buf) - 1);
387 continue;
388 } /* else there is actual data to read */
389 }
390
391 sz = xread(in, data, sizeof(data));
392 if (sz <= 0)
393 break;
394
395 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
396 const char *p = memchr(data, '\0', sz);
397 if (p) {
398 /*
399 * The NUL tells us to start sending keepalives. Make
400 * sure we send any other data we read along
401 * with it.
402 */
403 keepalive_active = 1;
404 send_sideband(1, 2, data, p - data, use_sideband);
405 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
406 continue;
407 }
408 }
409
410 /*
411 * Either we're not looking for a NUL signal, or we didn't see
412 * it yet; just pass along the data.
413 */
414 send_sideband(1, 2, data, sz, use_sideband);
415 }
416 close(in);
417 return 0;
418 }
419
420 static void hmac(unsigned char *out,
421 const char *key_in, size_t key_len,
422 const char *text, size_t text_len)
423 {
424 unsigned char key[GIT_MAX_BLKSZ];
425 unsigned char k_ipad[GIT_MAX_BLKSZ];
426 unsigned char k_opad[GIT_MAX_BLKSZ];
427 int i;
428 git_hash_ctx ctx;
429
430 /* RFC 2104 2. (1) */
431 memset(key, '\0', GIT_MAX_BLKSZ);
432 if (the_hash_algo->blksz < key_len) {
433 the_hash_algo->init_fn(&ctx);
434 the_hash_algo->update_fn(&ctx, key_in, key_len);
435 the_hash_algo->final_fn(key, &ctx);
436 } else {
437 memcpy(key, key_in, key_len);
438 }
439
440 /* RFC 2104 2. (2) & (5) */
441 for (i = 0; i < sizeof(key); i++) {
442 k_ipad[i] = key[i] ^ 0x36;
443 k_opad[i] = key[i] ^ 0x5c;
444 }
445
446 /* RFC 2104 2. (3) & (4) */
447 the_hash_algo->init_fn(&ctx);
448 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
449 the_hash_algo->update_fn(&ctx, text, text_len);
450 the_hash_algo->final_fn(out, &ctx);
451
452 /* RFC 2104 2. (6) & (7) */
453 the_hash_algo->init_fn(&ctx);
454 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
455 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
456 the_hash_algo->final_fn(out, &ctx);
457 }
458
459 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
460 {
461 struct strbuf buf = STRBUF_INIT;
462 unsigned char hash[GIT_MAX_RAWSZ];
463
464 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
465 hmac(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
466 strbuf_release(&buf);
467
468 /* RFC 2104 5. HMAC-SHA1-80 */
469 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
470 return strbuf_detach(&buf, NULL);
471 }
472
473 /*
474 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
475 * after dropping "_commit" from its name and possibly moving it out
476 * of commit.c
477 */
478 static char *find_header(const char *msg, size_t len, const char *key,
479 const char **next_line)
480 {
481 int key_len = strlen(key);
482 const char *line = msg;
483
484 while (line && line < msg + len) {
485 const char *eol = strchrnul(line, '\n');
486
487 if ((msg + len <= eol) || line == eol)
488 return NULL;
489 if (line + key_len < eol &&
490 !memcmp(line, key, key_len) && line[key_len] == ' ') {
491 int offset = key_len + 1;
492 if (next_line)
493 *next_line = *eol ? eol + 1 : eol;
494 return xmemdupz(line + offset, (eol - line) - offset);
495 }
496 line = *eol ? eol + 1 : NULL;
497 }
498 return NULL;
499 }
500
501 static const char *check_nonce(const char *buf, size_t len)
502 {
503 char *nonce = find_header(buf, len, "nonce", NULL);
504 timestamp_t stamp, ostamp;
505 char *bohmac, *expect = NULL;
506 const char *retval = NONCE_BAD;
507
508 if (!nonce) {
509 retval = NONCE_MISSING;
510 goto leave;
511 } else if (!push_cert_nonce) {
512 retval = NONCE_UNSOLICITED;
513 goto leave;
514 } else if (!strcmp(push_cert_nonce, nonce)) {
515 retval = NONCE_OK;
516 goto leave;
517 }
518
519 if (!stateless_rpc) {
520 /* returned nonce MUST match what we gave out earlier */
521 retval = NONCE_BAD;
522 goto leave;
523 }
524
525 /*
526 * In stateless mode, we may be receiving a nonce issued by
527 * another instance of the server that serving the same
528 * repository, and the timestamps may not match, but the
529 * nonce-seed and dir should match, so we can recompute and
530 * report the time slop.
531 *
532 * In addition, when a nonce issued by another instance has
533 * timestamp within receive.certnonceslop seconds, we pretend
534 * as if we issued that nonce when reporting to the hook.
535 */
536
537 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
538 if (*nonce <= '0' || '9' < *nonce) {
539 retval = NONCE_BAD;
540 goto leave;
541 }
542 stamp = parse_timestamp(nonce, &bohmac, 10);
543 if (bohmac == nonce || bohmac[0] != '-') {
544 retval = NONCE_BAD;
545 goto leave;
546 }
547
548 expect = prepare_push_cert_nonce(service_dir, stamp);
549 if (strcmp(expect, nonce)) {
550 /* Not what we would have signed earlier */
551 retval = NONCE_BAD;
552 goto leave;
553 }
554
555 /*
556 * By how many seconds is this nonce stale? Negative value
557 * would mean it was issued by another server with its clock
558 * skewed in the future.
559 */
560 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
561 nonce_stamp_slop = (long)ostamp - (long)stamp;
562
563 if (nonce_stamp_slop_limit &&
564 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
565 /*
566 * Pretend as if the received nonce (which passes the
567 * HMAC check, so it is not a forged by third-party)
568 * is what we issued.
569 */
570 free((void *)push_cert_nonce);
571 push_cert_nonce = xstrdup(nonce);
572 retval = NONCE_OK;
573 } else {
574 retval = NONCE_SLOP;
575 }
576
577 leave:
578 free(nonce);
579 free(expect);
580 return retval;
581 }
582
583 /*
584 * Return 1 if there is no push_cert or if the push options in push_cert are
585 * the same as those in the argument; 0 otherwise.
586 */
587 static int check_cert_push_options(const struct string_list *push_options)
588 {
589 const char *buf = push_cert.buf;
590 int len = push_cert.len;
591
592 char *option;
593 const char *next_line;
594 int options_seen = 0;
595
596 int retval = 1;
597
598 if (!len)
599 return 1;
600
601 while ((option = find_header(buf, len, "push-option", &next_line))) {
602 len -= (next_line - buf);
603 buf = next_line;
604 options_seen++;
605 if (options_seen > push_options->nr
606 || strcmp(option,
607 push_options->items[options_seen - 1].string)) {
608 retval = 0;
609 goto leave;
610 }
611 free(option);
612 }
613
614 if (options_seen != push_options->nr)
615 retval = 0;
616
617 leave:
618 free(option);
619 return retval;
620 }
621
622 static void prepare_push_cert_sha1(struct child_process *proc)
623 {
624 static int already_done;
625
626 if (!push_cert.len)
627 return;
628
629 if (!already_done) {
630 int bogs /* beginning_of_gpg_sig */;
631
632 already_done = 1;
633 if (write_object_file(push_cert.buf, push_cert.len, "blob",
634 &push_cert_oid))
635 oidclr(&push_cert_oid);
636
637 memset(&sigcheck, '\0', sizeof(sigcheck));
638
639 bogs = parse_signature(push_cert.buf, push_cert.len);
640 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
641 push_cert.len - bogs, &sigcheck);
642
643 nonce_status = check_nonce(push_cert.buf, bogs);
644 }
645 if (!is_null_oid(&push_cert_oid)) {
646 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
647 oid_to_hex(&push_cert_oid));
648 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
649 sigcheck.signer ? sigcheck.signer : "");
650 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
651 sigcheck.key ? sigcheck.key : "");
652 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
653 sigcheck.result);
654 if (push_cert_nonce) {
655 argv_array_pushf(&proc->env_array,
656 "GIT_PUSH_CERT_NONCE=%s",
657 push_cert_nonce);
658 argv_array_pushf(&proc->env_array,
659 "GIT_PUSH_CERT_NONCE_STATUS=%s",
660 nonce_status);
661 if (nonce_status == NONCE_SLOP)
662 argv_array_pushf(&proc->env_array,
663 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
664 nonce_stamp_slop);
665 }
666 }
667 }
668
669 struct receive_hook_feed_state {
670 struct command *cmd;
671 int skip_broken;
672 struct strbuf buf;
673 const struct string_list *push_options;
674 };
675
676 typedef int (*feed_fn)(void *, const char **, size_t *);
677 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
678 struct receive_hook_feed_state *feed_state)
679 {
680 struct child_process proc = CHILD_PROCESS_INIT;
681 struct async muxer;
682 const char *argv[2];
683 int code;
684
685 argv[0] = find_hook(hook_name);
686 if (!argv[0])
687 return 0;
688
689 argv[1] = NULL;
690
691 proc.argv = argv;
692 proc.in = -1;
693 proc.stdout_to_stderr = 1;
694 proc.trace2_hook_name = hook_name;
695
696 if (feed_state->push_options) {
697 int i;
698 for (i = 0; i < feed_state->push_options->nr; i++)
699 argv_array_pushf(&proc.env_array,
700 "GIT_PUSH_OPTION_%d=%s", i,
701 feed_state->push_options->items[i].string);
702 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
703 feed_state->push_options->nr);
704 } else
705 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
706
707 if (tmp_objdir)
708 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
709
710 if (use_sideband) {
711 memset(&muxer, 0, sizeof(muxer));
712 muxer.proc = copy_to_sideband;
713 muxer.in = -1;
714 code = start_async(&muxer);
715 if (code)
716 return code;
717 proc.err = muxer.in;
718 }
719
720 prepare_push_cert_sha1(&proc);
721
722 code = start_command(&proc);
723 if (code) {
724 if (use_sideband)
725 finish_async(&muxer);
726 return code;
727 }
728
729 sigchain_push(SIGPIPE, SIG_IGN);
730
731 while (1) {
732 const char *buf;
733 size_t n;
734 if (feed(feed_state, &buf, &n))
735 break;
736 if (write_in_full(proc.in, buf, n) < 0)
737 break;
738 }
739 close(proc.in);
740 if (use_sideband)
741 finish_async(&muxer);
742
743 sigchain_pop(SIGPIPE);
744
745 return finish_command(&proc);
746 }
747
748 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
749 {
750 struct receive_hook_feed_state *state = state_;
751 struct command *cmd = state->cmd;
752
753 while (cmd &&
754 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
755 cmd = cmd->next;
756 if (!cmd)
757 return -1; /* EOF */
758 strbuf_reset(&state->buf);
759 strbuf_addf(&state->buf, "%s %s %s\n",
760 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
761 cmd->ref_name);
762 state->cmd = cmd->next;
763 if (bufp) {
764 *bufp = state->buf.buf;
765 *sizep = state->buf.len;
766 }
767 return 0;
768 }
769
770 static int run_receive_hook(struct command *commands,
771 const char *hook_name,
772 int skip_broken,
773 const struct string_list *push_options)
774 {
775 struct receive_hook_feed_state state;
776 int status;
777
778 strbuf_init(&state.buf, 0);
779 state.cmd = commands;
780 state.skip_broken = skip_broken;
781 if (feed_receive_hook(&state, NULL, NULL))
782 return 0;
783 state.cmd = commands;
784 state.push_options = push_options;
785 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
786 strbuf_release(&state.buf);
787 return status;
788 }
789
790 static int run_update_hook(struct command *cmd)
791 {
792 const char *argv[5];
793 struct child_process proc = CHILD_PROCESS_INIT;
794 int code;
795
796 argv[0] = find_hook("update");
797 if (!argv[0])
798 return 0;
799
800 argv[1] = cmd->ref_name;
801 argv[2] = oid_to_hex(&cmd->old_oid);
802 argv[3] = oid_to_hex(&cmd->new_oid);
803 argv[4] = NULL;
804
805 proc.no_stdin = 1;
806 proc.stdout_to_stderr = 1;
807 proc.err = use_sideband ? -1 : 0;
808 proc.argv = argv;
809 proc.trace2_hook_name = "update";
810
811 code = start_command(&proc);
812 if (code)
813 return code;
814 if (use_sideband)
815 copy_to_sideband(proc.err, -1, NULL);
816 return finish_command(&proc);
817 }
818
819 static int is_ref_checked_out(const char *ref)
820 {
821 if (is_bare_repository())
822 return 0;
823
824 if (!head_name)
825 return 0;
826 return !strcmp(head_name, ref);
827 }
828
829 static char *refuse_unconfigured_deny_msg =
830 N_("By default, updating the current branch in a non-bare repository\n"
831 "is denied, because it will make the index and work tree inconsistent\n"
832 "with what you pushed, and will require 'git reset --hard' to match\n"
833 "the work tree to HEAD.\n"
834 "\n"
835 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
836 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
837 "its current branch; however, this is not recommended unless you\n"
838 "arranged to update its work tree to match what you pushed in some\n"
839 "other way.\n"
840 "\n"
841 "To squelch this message and still keep the default behaviour, set\n"
842 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
843
844 static void refuse_unconfigured_deny(void)
845 {
846 rp_error("%s", _(refuse_unconfigured_deny_msg));
847 }
848
849 static char *refuse_unconfigured_deny_delete_current_msg =
850 N_("By default, deleting the current branch is denied, because the next\n"
851 "'git clone' won't result in any file checked out, causing confusion.\n"
852 "\n"
853 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
854 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
855 "current branch, with or without a warning message.\n"
856 "\n"
857 "To squelch this message, you can set it to 'refuse'.");
858
859 static void refuse_unconfigured_deny_delete_current(void)
860 {
861 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
862 }
863
864 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
865 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
866 {
867 struct lock_file shallow_lock = LOCK_INIT;
868 struct oid_array extra = OID_ARRAY_INIT;
869 struct check_connected_options opt = CHECK_CONNECTED_INIT;
870 uint32_t mask = 1 << (cmd->index % 32);
871 int i;
872
873 trace_printf_key(&trace_shallow,
874 "shallow: update_shallow_ref %s\n", cmd->ref_name);
875 for (i = 0; i < si->shallow->nr; i++)
876 if (si->used_shallow[i] &&
877 (si->used_shallow[i][cmd->index / 32] & mask) &&
878 !delayed_reachability_test(si, i))
879 oid_array_append(&extra, &si->shallow->oid[i]);
880
881 opt.env = tmp_objdir_env(tmp_objdir);
882 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
883 if (check_connected(command_singleton_iterator, cmd, &opt)) {
884 rollback_lock_file(&shallow_lock);
885 oid_array_clear(&extra);
886 return -1;
887 }
888
889 commit_lock_file(&shallow_lock);
890
891 /*
892 * Make sure setup_alternate_shallow() for the next ref does
893 * not lose these new roots..
894 */
895 for (i = 0; i < extra.nr; i++)
896 register_shallow(the_repository, &extra.oid[i]);
897
898 si->shallow_ref[cmd->index] = 0;
899 oid_array_clear(&extra);
900 return 0;
901 }
902
903 /*
904 * NEEDSWORK: we should consolidate various implementions of "are we
905 * on an unborn branch?" test into one, and make the unified one more
906 * robust. !get_sha1() based check used here and elsewhere would not
907 * allow us to tell an unborn branch from corrupt ref, for example.
908 * For the purpose of fixing "deploy-to-update does not work when
909 * pushing into an empty repository" issue, this should suffice for
910 * now.
911 */
912 static int head_has_history(void)
913 {
914 struct object_id oid;
915
916 return !get_oid("HEAD", &oid);
917 }
918
919 static const char *push_to_deploy(unsigned char *sha1,
920 struct argv_array *env,
921 const char *work_tree)
922 {
923 const char *update_refresh[] = {
924 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
925 };
926 const char *diff_files[] = {
927 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
928 };
929 const char *diff_index[] = {
930 "diff-index", "--quiet", "--cached", "--ignore-submodules",
931 NULL, "--", NULL
932 };
933 const char *read_tree[] = {
934 "read-tree", "-u", "-m", NULL, NULL
935 };
936 struct child_process child = CHILD_PROCESS_INIT;
937
938 child.argv = update_refresh;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.stdout_to_stderr = 1;
943 child.git_cmd = 1;
944 if (run_command(&child))
945 return "Up-to-date check failed";
946
947 /* run_command() does not clean up completely; reinitialize */
948 child_process_init(&child);
949 child.argv = diff_files;
950 child.env = env->argv;
951 child.dir = work_tree;
952 child.no_stdin = 1;
953 child.stdout_to_stderr = 1;
954 child.git_cmd = 1;
955 if (run_command(&child))
956 return "Working directory has unstaged changes";
957
958 /* diff-index with either HEAD or an empty tree */
959 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
960
961 child_process_init(&child);
962 child.argv = diff_index;
963 child.env = env->argv;
964 child.no_stdin = 1;
965 child.no_stdout = 1;
966 child.stdout_to_stderr = 0;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has staged changes";
970
971 read_tree[3] = hash_to_hex(sha1);
972 child_process_init(&child);
973 child.argv = read_tree;
974 child.env = env->argv;
975 child.dir = work_tree;
976 child.no_stdin = 1;
977 child.no_stdout = 1;
978 child.stdout_to_stderr = 0;
979 child.git_cmd = 1;
980 if (run_command(&child))
981 return "Could not update working tree to new HEAD";
982
983 return NULL;
984 }
985
986 static const char *push_to_checkout_hook = "push-to-checkout";
987
988 static const char *push_to_checkout(unsigned char *hash,
989 struct argv_array *env,
990 const char *work_tree)
991 {
992 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
993 if (run_hook_le(env->argv, push_to_checkout_hook,
994 hash_to_hex(hash), NULL))
995 return "push-to-checkout hook declined";
996 else
997 return NULL;
998 }
999
1000 static const char *update_worktree(unsigned char *sha1)
1001 {
1002 const char *retval;
1003 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1004 struct argv_array env = ARGV_ARRAY_INIT;
1005
1006 if (is_bare_repository())
1007 return "denyCurrentBranch = updateInstead needs a worktree";
1008
1009 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1010
1011 if (!find_hook(push_to_checkout_hook))
1012 retval = push_to_deploy(sha1, &env, work_tree);
1013 else
1014 retval = push_to_checkout(sha1, &env, work_tree);
1015
1016 argv_array_clear(&env);
1017 return retval;
1018 }
1019
1020 static const char *update(struct command *cmd, struct shallow_info *si)
1021 {
1022 const char *name = cmd->ref_name;
1023 struct strbuf namespaced_name_buf = STRBUF_INIT;
1024 static char *namespaced_name;
1025 const char *ret;
1026 struct object_id *old_oid = &cmd->old_oid;
1027 struct object_id *new_oid = &cmd->new_oid;
1028 int do_update_worktree = 0;
1029
1030 /* only refs/... are allowed */
1031 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1032 rp_error("refusing to create funny ref '%s' remotely", name);
1033 return "funny refname";
1034 }
1035
1036 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1037 free(namespaced_name);
1038 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1039
1040 if (is_ref_checked_out(namespaced_name)) {
1041 switch (deny_current_branch) {
1042 case DENY_IGNORE:
1043 break;
1044 case DENY_WARN:
1045 rp_warning("updating the current branch");
1046 break;
1047 case DENY_REFUSE:
1048 case DENY_UNCONFIGURED:
1049 rp_error("refusing to update checked out branch: %s", name);
1050 if (deny_current_branch == DENY_UNCONFIGURED)
1051 refuse_unconfigured_deny();
1052 return "branch is currently checked out";
1053 case DENY_UPDATE_INSTEAD:
1054 /* pass -- let other checks intervene first */
1055 do_update_worktree = 1;
1056 break;
1057 }
1058 }
1059
1060 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1061 error("unpack should have generated %s, "
1062 "but I can't find it!", oid_to_hex(new_oid));
1063 return "bad pack";
1064 }
1065
1066 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1067 if (deny_deletes && starts_with(name, "refs/heads/")) {
1068 rp_error("denying ref deletion for %s", name);
1069 return "deletion prohibited";
1070 }
1071
1072 if (head_name && !strcmp(namespaced_name, head_name)) {
1073 switch (deny_delete_current) {
1074 case DENY_IGNORE:
1075 break;
1076 case DENY_WARN:
1077 rp_warning("deleting the current branch");
1078 break;
1079 case DENY_REFUSE:
1080 case DENY_UNCONFIGURED:
1081 case DENY_UPDATE_INSTEAD:
1082 if (deny_delete_current == DENY_UNCONFIGURED)
1083 refuse_unconfigured_deny_delete_current();
1084 rp_error("refusing to delete the current branch: %s", name);
1085 return "deletion of the current branch prohibited";
1086 default:
1087 return "Invalid denyDeleteCurrent setting";
1088 }
1089 }
1090 }
1091
1092 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1093 !is_null_oid(old_oid) &&
1094 starts_with(name, "refs/heads/")) {
1095 struct object *old_object, *new_object;
1096 struct commit *old_commit, *new_commit;
1097
1098 old_object = parse_object(the_repository, old_oid);
1099 new_object = parse_object(the_repository, new_oid);
1100
1101 if (!old_object || !new_object ||
1102 old_object->type != OBJ_COMMIT ||
1103 new_object->type != OBJ_COMMIT) {
1104 error("bad sha1 objects for %s", name);
1105 return "bad ref";
1106 }
1107 old_commit = (struct commit *)old_object;
1108 new_commit = (struct commit *)new_object;
1109 if (!in_merge_bases(old_commit, new_commit)) {
1110 rp_error("denying non-fast-forward %s"
1111 " (you should pull first)", name);
1112 return "non-fast-forward";
1113 }
1114 }
1115 if (run_update_hook(cmd)) {
1116 rp_error("hook declined to update %s", name);
1117 return "hook declined";
1118 }
1119
1120 if (do_update_worktree) {
1121 ret = update_worktree(new_oid->hash);
1122 if (ret)
1123 return ret;
1124 }
1125
1126 if (is_null_oid(new_oid)) {
1127 struct strbuf err = STRBUF_INIT;
1128 if (!parse_object(the_repository, old_oid)) {
1129 old_oid = NULL;
1130 if (ref_exists(name)) {
1131 rp_warning("Allowing deletion of corrupt ref.");
1132 } else {
1133 rp_warning("Deleting a non-existent ref.");
1134 cmd->did_not_exist = 1;
1135 }
1136 }
1137 if (ref_transaction_delete(transaction,
1138 namespaced_name,
1139 old_oid,
1140 0, "push", &err)) {
1141 rp_error("%s", err.buf);
1142 strbuf_release(&err);
1143 return "failed to delete";
1144 }
1145 strbuf_release(&err);
1146 return NULL; /* good */
1147 }
1148 else {
1149 struct strbuf err = STRBUF_INIT;
1150 if (shallow_update && si->shallow_ref[cmd->index] &&
1151 update_shallow_ref(cmd, si))
1152 return "shallow error";
1153
1154 if (ref_transaction_update(transaction,
1155 namespaced_name,
1156 new_oid, old_oid,
1157 0, "push",
1158 &err)) {
1159 rp_error("%s", err.buf);
1160 strbuf_release(&err);
1161
1162 return "failed to update ref";
1163 }
1164 strbuf_release(&err);
1165
1166 return NULL; /* good */
1167 }
1168 }
1169
1170 static void run_update_post_hook(struct command *commands)
1171 {
1172 struct command *cmd;
1173 struct child_process proc = CHILD_PROCESS_INIT;
1174 const char *hook;
1175
1176 hook = find_hook("post-update");
1177 if (!hook)
1178 return;
1179
1180 for (cmd = commands; cmd; cmd = cmd->next) {
1181 if (cmd->error_string || cmd->did_not_exist)
1182 continue;
1183 if (!proc.args.argc)
1184 argv_array_push(&proc.args, hook);
1185 argv_array_push(&proc.args, cmd->ref_name);
1186 }
1187 if (!proc.args.argc)
1188 return;
1189
1190 proc.no_stdin = 1;
1191 proc.stdout_to_stderr = 1;
1192 proc.err = use_sideband ? -1 : 0;
1193 proc.trace2_hook_name = "post-update";
1194
1195 if (!start_command(&proc)) {
1196 if (use_sideband)
1197 copy_to_sideband(proc.err, -1, NULL);
1198 finish_command(&proc);
1199 }
1200 }
1201
1202 static void check_aliased_update_internal(struct command *cmd,
1203 struct string_list *list,
1204 const char *dst_name, int flag)
1205 {
1206 struct string_list_item *item;
1207 struct command *dst_cmd;
1208
1209 if (!(flag & REF_ISSYMREF))
1210 return;
1211
1212 if (!dst_name) {
1213 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1214 cmd->skip_update = 1;
1215 cmd->error_string = "broken symref";
1216 return;
1217 }
1218 dst_name = strip_namespace(dst_name);
1219
1220 if ((item = string_list_lookup(list, dst_name)) == NULL)
1221 return;
1222
1223 cmd->skip_update = 1;
1224
1225 dst_cmd = (struct command *) item->util;
1226
1227 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1228 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1229 return;
1230
1231 dst_cmd->skip_update = 1;
1232
1233 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1234 " its target '%s' (%s..%s)",
1235 cmd->ref_name,
1236 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1237 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1238 dst_cmd->ref_name,
1239 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1240 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1241
1242 cmd->error_string = dst_cmd->error_string =
1243 "inconsistent aliased update";
1244 }
1245
1246 static void check_aliased_update(struct command *cmd, struct string_list *list)
1247 {
1248 struct strbuf buf = STRBUF_INIT;
1249 const char *dst_name;
1250 int flag;
1251
1252 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1253 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1254 check_aliased_update_internal(cmd, list, dst_name, flag);
1255 strbuf_release(&buf);
1256 }
1257
1258 static void check_aliased_updates(struct command *commands)
1259 {
1260 struct command *cmd;
1261 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1262
1263 for (cmd = commands; cmd; cmd = cmd->next) {
1264 struct string_list_item *item =
1265 string_list_append(&ref_list, cmd->ref_name);
1266 item->util = (void *)cmd;
1267 }
1268 string_list_sort(&ref_list);
1269
1270 for (cmd = commands; cmd; cmd = cmd->next) {
1271 if (!cmd->error_string)
1272 check_aliased_update(cmd, &ref_list);
1273 }
1274
1275 string_list_clear(&ref_list, 0);
1276 }
1277
1278 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1279 {
1280 struct command **cmd_list = cb_data;
1281 struct command *cmd = *cmd_list;
1282
1283 if (!cmd || is_null_oid(&cmd->new_oid))
1284 return -1; /* end of list */
1285 *cmd_list = NULL; /* this returns only one */
1286 oidcpy(oid, &cmd->new_oid);
1287 return 0;
1288 }
1289
1290 static void set_connectivity_errors(struct command *commands,
1291 struct shallow_info *si)
1292 {
1293 struct command *cmd;
1294
1295 for (cmd = commands; cmd; cmd = cmd->next) {
1296 struct command *singleton = cmd;
1297 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1298
1299 if (shallow_update && si->shallow_ref[cmd->index])
1300 /* to be checked in update_shallow_ref() */
1301 continue;
1302
1303 opt.env = tmp_objdir_env(tmp_objdir);
1304 if (!check_connected(command_singleton_iterator, &singleton,
1305 &opt))
1306 continue;
1307
1308 cmd->error_string = "missing necessary objects";
1309 }
1310 }
1311
1312 struct iterate_data {
1313 struct command *cmds;
1314 struct shallow_info *si;
1315 };
1316
1317 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1318 {
1319 struct iterate_data *data = cb_data;
1320 struct command **cmd_list = &data->cmds;
1321 struct command *cmd = *cmd_list;
1322
1323 for (; cmd; cmd = cmd->next) {
1324 if (shallow_update && data->si->shallow_ref[cmd->index])
1325 /* to be checked in update_shallow_ref() */
1326 continue;
1327 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1328 oidcpy(oid, &cmd->new_oid);
1329 *cmd_list = cmd->next;
1330 return 0;
1331 }
1332 }
1333 *cmd_list = NULL;
1334 return -1; /* end of list */
1335 }
1336
1337 static void reject_updates_to_hidden(struct command *commands)
1338 {
1339 struct strbuf refname_full = STRBUF_INIT;
1340 size_t prefix_len;
1341 struct command *cmd;
1342
1343 strbuf_addstr(&refname_full, get_git_namespace());
1344 prefix_len = refname_full.len;
1345
1346 for (cmd = commands; cmd; cmd = cmd->next) {
1347 if (cmd->error_string)
1348 continue;
1349
1350 strbuf_setlen(&refname_full, prefix_len);
1351 strbuf_addstr(&refname_full, cmd->ref_name);
1352
1353 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1354 continue;
1355 if (is_null_oid(&cmd->new_oid))
1356 cmd->error_string = "deny deleting a hidden ref";
1357 else
1358 cmd->error_string = "deny updating a hidden ref";
1359 }
1360
1361 strbuf_release(&refname_full);
1362 }
1363
1364 static int should_process_cmd(struct command *cmd)
1365 {
1366 return !cmd->error_string && !cmd->skip_update;
1367 }
1368
1369 static void warn_if_skipped_connectivity_check(struct command *commands,
1370 struct shallow_info *si)
1371 {
1372 struct command *cmd;
1373 int checked_connectivity = 1;
1374
1375 for (cmd = commands; cmd; cmd = cmd->next) {
1376 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1377 error("BUG: connectivity check has not been run on ref %s",
1378 cmd->ref_name);
1379 checked_connectivity = 0;
1380 }
1381 }
1382 if (!checked_connectivity)
1383 BUG("connectivity check skipped???");
1384 }
1385
1386 static void execute_commands_non_atomic(struct command *commands,
1387 struct shallow_info *si)
1388 {
1389 struct command *cmd;
1390 struct strbuf err = STRBUF_INIT;
1391
1392 for (cmd = commands; cmd; cmd = cmd->next) {
1393 if (!should_process_cmd(cmd))
1394 continue;
1395
1396 transaction = ref_transaction_begin(&err);
1397 if (!transaction) {
1398 rp_error("%s", err.buf);
1399 strbuf_reset(&err);
1400 cmd->error_string = "transaction failed to start";
1401 continue;
1402 }
1403
1404 cmd->error_string = update(cmd, si);
1405
1406 if (!cmd->error_string
1407 && ref_transaction_commit(transaction, &err)) {
1408 rp_error("%s", err.buf);
1409 strbuf_reset(&err);
1410 cmd->error_string = "failed to update ref";
1411 }
1412 ref_transaction_free(transaction);
1413 }
1414 strbuf_release(&err);
1415 }
1416
1417 static void execute_commands_atomic(struct command *commands,
1418 struct shallow_info *si)
1419 {
1420 struct command *cmd;
1421 struct strbuf err = STRBUF_INIT;
1422 const char *reported_error = "atomic push failure";
1423
1424 transaction = ref_transaction_begin(&err);
1425 if (!transaction) {
1426 rp_error("%s", err.buf);
1427 strbuf_reset(&err);
1428 reported_error = "transaction failed to start";
1429 goto failure;
1430 }
1431
1432 for (cmd = commands; cmd; cmd = cmd->next) {
1433 if (!should_process_cmd(cmd))
1434 continue;
1435
1436 cmd->error_string = update(cmd, si);
1437
1438 if (cmd->error_string)
1439 goto failure;
1440 }
1441
1442 if (ref_transaction_commit(transaction, &err)) {
1443 rp_error("%s", err.buf);
1444 reported_error = "atomic transaction failed";
1445 goto failure;
1446 }
1447 goto cleanup;
1448
1449 failure:
1450 for (cmd = commands; cmd; cmd = cmd->next)
1451 if (!cmd->error_string)
1452 cmd->error_string = reported_error;
1453
1454 cleanup:
1455 ref_transaction_free(transaction);
1456 strbuf_release(&err);
1457 }
1458
1459 static void execute_commands(struct command *commands,
1460 const char *unpacker_error,
1461 struct shallow_info *si,
1462 const struct string_list *push_options)
1463 {
1464 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1465 struct command *cmd;
1466 struct iterate_data data;
1467 struct async muxer;
1468 int err_fd = 0;
1469
1470 if (unpacker_error) {
1471 for (cmd = commands; cmd; cmd = cmd->next)
1472 cmd->error_string = "unpacker error";
1473 return;
1474 }
1475
1476 if (use_sideband) {
1477 memset(&muxer, 0, sizeof(muxer));
1478 muxer.proc = copy_to_sideband;
1479 muxer.in = -1;
1480 if (!start_async(&muxer))
1481 err_fd = muxer.in;
1482 /* ...else, continue without relaying sideband */
1483 }
1484
1485 data.cmds = commands;
1486 data.si = si;
1487 opt.err_fd = err_fd;
1488 opt.progress = err_fd && !quiet;
1489 opt.env = tmp_objdir_env(tmp_objdir);
1490 if (check_connected(iterate_receive_command_list, &data, &opt))
1491 set_connectivity_errors(commands, si);
1492
1493 if (use_sideband)
1494 finish_async(&muxer);
1495
1496 reject_updates_to_hidden(commands);
1497
1498 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1499 for (cmd = commands; cmd; cmd = cmd->next) {
1500 if (!cmd->error_string)
1501 cmd->error_string = "pre-receive hook declined";
1502 }
1503 return;
1504 }
1505
1506 /*
1507 * Now we'll start writing out refs, which means the objects need
1508 * to be in their final positions so that other processes can see them.
1509 */
1510 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1511 for (cmd = commands; cmd; cmd = cmd->next) {
1512 if (!cmd->error_string)
1513 cmd->error_string = "unable to migrate objects to permanent storage";
1514 }
1515 return;
1516 }
1517 tmp_objdir = NULL;
1518
1519 check_aliased_updates(commands);
1520
1521 free(head_name_to_free);
1522 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1523
1524 if (use_atomic)
1525 execute_commands_atomic(commands, si);
1526 else
1527 execute_commands_non_atomic(commands, si);
1528
1529 if (shallow_update)
1530 warn_if_skipped_connectivity_check(commands, si);
1531 }
1532
1533 static struct command **queue_command(struct command **tail,
1534 const char *line,
1535 int linelen)
1536 {
1537 struct object_id old_oid, new_oid;
1538 struct command *cmd;
1539 const char *refname;
1540 int reflen;
1541 const char *p;
1542
1543 if (parse_oid_hex(line, &old_oid, &p) ||
1544 *p++ != ' ' ||
1545 parse_oid_hex(p, &new_oid, &p) ||
1546 *p++ != ' ')
1547 die("protocol error: expected old/new/ref, got '%s'", line);
1548
1549 refname = p;
1550 reflen = linelen - (p - line);
1551 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1552 oidcpy(&cmd->old_oid, &old_oid);
1553 oidcpy(&cmd->new_oid, &new_oid);
1554 *tail = cmd;
1555 return &cmd->next;
1556 }
1557
1558 static void queue_commands_from_cert(struct command **tail,
1559 struct strbuf *push_cert)
1560 {
1561 const char *boc, *eoc;
1562
1563 if (*tail)
1564 die("protocol error: got both push certificate and unsigned commands");
1565
1566 boc = strstr(push_cert->buf, "\n\n");
1567 if (!boc)
1568 die("malformed push certificate %.*s", 100, push_cert->buf);
1569 else
1570 boc += 2;
1571 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1572
1573 while (boc < eoc) {
1574 const char *eol = memchr(boc, '\n', eoc - boc);
1575 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1576 boc = eol ? eol + 1 : eoc;
1577 }
1578 }
1579
1580 static struct command *read_head_info(struct packet_reader *reader,
1581 struct oid_array *shallow)
1582 {
1583 struct command *commands = NULL;
1584 struct command **p = &commands;
1585 for (;;) {
1586 int linelen;
1587
1588 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1589 break;
1590
1591 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1592 struct object_id oid;
1593 if (get_oid_hex(reader->line + 8, &oid))
1594 die("protocol error: expected shallow sha, got '%s'",
1595 reader->line + 8);
1596 oid_array_append(shallow, &oid);
1597 continue;
1598 }
1599
1600 linelen = strlen(reader->line);
1601 if (linelen < reader->pktlen) {
1602 const char *feature_list = reader->line + linelen + 1;
1603 if (parse_feature_request(feature_list, "report-status"))
1604 report_status = 1;
1605 if (parse_feature_request(feature_list, "side-band-64k"))
1606 use_sideband = LARGE_PACKET_MAX;
1607 if (parse_feature_request(feature_list, "quiet"))
1608 quiet = 1;
1609 if (advertise_atomic_push
1610 && parse_feature_request(feature_list, "atomic"))
1611 use_atomic = 1;
1612 if (advertise_push_options
1613 && parse_feature_request(feature_list, "push-options"))
1614 use_push_options = 1;
1615 }
1616
1617 if (!strcmp(reader->line, "push-cert")) {
1618 int true_flush = 0;
1619 int saved_options = reader->options;
1620 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1621
1622 for (;;) {
1623 packet_reader_read(reader);
1624 if (reader->status == PACKET_READ_FLUSH) {
1625 true_flush = 1;
1626 break;
1627 }
1628 if (reader->status != PACKET_READ_NORMAL) {
1629 die("protocol error: got an unexpected packet");
1630 }
1631 if (!strcmp(reader->line, "push-cert-end\n"))
1632 break; /* end of cert */
1633 strbuf_addstr(&push_cert, reader->line);
1634 }
1635 reader->options = saved_options;
1636
1637 if (true_flush)
1638 break;
1639 continue;
1640 }
1641
1642 p = queue_command(p, reader->line, linelen);
1643 }
1644
1645 if (push_cert.len)
1646 queue_commands_from_cert(p, &push_cert);
1647
1648 return commands;
1649 }
1650
1651 static void read_push_options(struct packet_reader *reader,
1652 struct string_list *options)
1653 {
1654 while (1) {
1655 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1656 break;
1657
1658 string_list_append(options, reader->line);
1659 }
1660 }
1661
1662 static const char *parse_pack_header(struct pack_header *hdr)
1663 {
1664 switch (read_pack_header(0, hdr)) {
1665 case PH_ERROR_EOF:
1666 return "eof before pack header was fully read";
1667
1668 case PH_ERROR_PACK_SIGNATURE:
1669 return "protocol error (pack signature mismatch detected)";
1670
1671 case PH_ERROR_PROTOCOL:
1672 return "protocol error (pack version unsupported)";
1673
1674 default:
1675 return "unknown error in parse_pack_header";
1676
1677 case 0:
1678 return NULL;
1679 }
1680 }
1681
1682 static const char *pack_lockfile;
1683
1684 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1685 {
1686 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1687 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1688 }
1689
1690 static const char *unpack(int err_fd, struct shallow_info *si)
1691 {
1692 struct pack_header hdr;
1693 const char *hdr_err;
1694 int status;
1695 struct child_process child = CHILD_PROCESS_INIT;
1696 int fsck_objects = (receive_fsck_objects >= 0
1697 ? receive_fsck_objects
1698 : transfer_fsck_objects >= 0
1699 ? transfer_fsck_objects
1700 : 0);
1701
1702 hdr_err = parse_pack_header(&hdr);
1703 if (hdr_err) {
1704 if (err_fd > 0)
1705 close(err_fd);
1706 return hdr_err;
1707 }
1708
1709 if (si->nr_ours || si->nr_theirs) {
1710 alt_shallow_file = setup_temporary_shallow(si->shallow);
1711 argv_array_push(&child.args, "--shallow-file");
1712 argv_array_push(&child.args, alt_shallow_file);
1713 }
1714
1715 tmp_objdir = tmp_objdir_create();
1716 if (!tmp_objdir) {
1717 if (err_fd > 0)
1718 close(err_fd);
1719 return "unable to create temporary object directory";
1720 }
1721 child.env = tmp_objdir_env(tmp_objdir);
1722
1723 /*
1724 * Normally we just pass the tmp_objdir environment to the child
1725 * processes that do the heavy lifting, but we may need to see these
1726 * objects ourselves to set up shallow information.
1727 */
1728 tmp_objdir_add_as_alternate(tmp_objdir);
1729
1730 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1731 argv_array_push(&child.args, "unpack-objects");
1732 push_header_arg(&child.args, &hdr);
1733 if (quiet)
1734 argv_array_push(&child.args, "-q");
1735 if (fsck_objects)
1736 argv_array_pushf(&child.args, "--strict%s",
1737 fsck_msg_types.buf);
1738 if (max_input_size)
1739 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1740 (uintmax_t)max_input_size);
1741 child.no_stdout = 1;
1742 child.err = err_fd;
1743 child.git_cmd = 1;
1744 status = run_command(&child);
1745 if (status)
1746 return "unpack-objects abnormal exit";
1747 } else {
1748 char hostname[HOST_NAME_MAX + 1];
1749
1750 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1751 push_header_arg(&child.args, &hdr);
1752
1753 if (xgethostname(hostname, sizeof(hostname)))
1754 xsnprintf(hostname, sizeof(hostname), "localhost");
1755 argv_array_pushf(&child.args,
1756 "--keep=receive-pack %"PRIuMAX" on %s",
1757 (uintmax_t)getpid(),
1758 hostname);
1759
1760 if (!quiet && err_fd)
1761 argv_array_push(&child.args, "--show-resolving-progress");
1762 if (use_sideband)
1763 argv_array_push(&child.args, "--report-end-of-input");
1764 if (fsck_objects)
1765 argv_array_pushf(&child.args, "--strict%s",
1766 fsck_msg_types.buf);
1767 if (!reject_thin)
1768 argv_array_push(&child.args, "--fix-thin");
1769 if (max_input_size)
1770 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1771 (uintmax_t)max_input_size);
1772 child.out = -1;
1773 child.err = err_fd;
1774 child.git_cmd = 1;
1775 status = start_command(&child);
1776 if (status)
1777 return "index-pack fork failed";
1778 pack_lockfile = index_pack_lockfile(child.out);
1779 close(child.out);
1780 status = finish_command(&child);
1781 if (status)
1782 return "index-pack abnormal exit";
1783 reprepare_packed_git(the_repository);
1784 }
1785 return NULL;
1786 }
1787
1788 static const char *unpack_with_sideband(struct shallow_info *si)
1789 {
1790 struct async muxer;
1791 const char *ret;
1792
1793 if (!use_sideband)
1794 return unpack(0, si);
1795
1796 use_keepalive = KEEPALIVE_AFTER_NUL;
1797 memset(&muxer, 0, sizeof(muxer));
1798 muxer.proc = copy_to_sideband;
1799 muxer.in = -1;
1800 if (start_async(&muxer))
1801 return NULL;
1802
1803 ret = unpack(muxer.in, si);
1804
1805 finish_async(&muxer);
1806 return ret;
1807 }
1808
1809 static void prepare_shallow_update(struct shallow_info *si)
1810 {
1811 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1812
1813 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1814 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1815
1816 si->need_reachability_test =
1817 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1818 si->reachable =
1819 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1820 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1821
1822 for (i = 0; i < si->nr_ours; i++)
1823 si->need_reachability_test[si->ours[i]] = 1;
1824
1825 for (i = 0; i < si->shallow->nr; i++) {
1826 if (!si->used_shallow[i])
1827 continue;
1828 for (j = 0; j < bitmap_size; j++) {
1829 if (!si->used_shallow[i][j])
1830 continue;
1831 si->need_reachability_test[i]++;
1832 for (k = 0; k < 32; k++)
1833 if (si->used_shallow[i][j] & (1U << k))
1834 si->shallow_ref[j * 32 + k]++;
1835 }
1836
1837 /*
1838 * true for those associated with some refs and belong
1839 * in "ours" list aka "step 7 not done yet"
1840 */
1841 si->need_reachability_test[i] =
1842 si->need_reachability_test[i] > 1;
1843 }
1844
1845 /*
1846 * keep hooks happy by forcing a temporary shallow file via
1847 * env variable because we can't add --shallow-file to every
1848 * command. check_connected() will be done with
1849 * true .git/shallow though.
1850 */
1851 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1852 }
1853
1854 static void update_shallow_info(struct command *commands,
1855 struct shallow_info *si,
1856 struct oid_array *ref)
1857 {
1858 struct command *cmd;
1859 int *ref_status;
1860 remove_nonexistent_theirs_shallow(si);
1861 if (!si->nr_ours && !si->nr_theirs) {
1862 shallow_update = 0;
1863 return;
1864 }
1865
1866 for (cmd = commands; cmd; cmd = cmd->next) {
1867 if (is_null_oid(&cmd->new_oid))
1868 continue;
1869 oid_array_append(ref, &cmd->new_oid);
1870 cmd->index = ref->nr - 1;
1871 }
1872 si->ref = ref;
1873
1874 if (shallow_update) {
1875 prepare_shallow_update(si);
1876 return;
1877 }
1878
1879 ALLOC_ARRAY(ref_status, ref->nr);
1880 assign_shallow_commits_to_refs(si, NULL, ref_status);
1881 for (cmd = commands; cmd; cmd = cmd->next) {
1882 if (is_null_oid(&cmd->new_oid))
1883 continue;
1884 if (ref_status[cmd->index]) {
1885 cmd->error_string = "shallow update not allowed";
1886 cmd->skip_update = 1;
1887 }
1888 }
1889 free(ref_status);
1890 }
1891
1892 static void report(struct command *commands, const char *unpack_status)
1893 {
1894 struct command *cmd;
1895 struct strbuf buf = STRBUF_INIT;
1896
1897 packet_buf_write(&buf, "unpack %s\n",
1898 unpack_status ? unpack_status : "ok");
1899 for (cmd = commands; cmd; cmd = cmd->next) {
1900 if (!cmd->error_string)
1901 packet_buf_write(&buf, "ok %s\n",
1902 cmd->ref_name);
1903 else
1904 packet_buf_write(&buf, "ng %s %s\n",
1905 cmd->ref_name, cmd->error_string);
1906 }
1907 packet_buf_flush(&buf);
1908
1909 if (use_sideband)
1910 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1911 else
1912 write_or_die(1, buf.buf, buf.len);
1913 strbuf_release(&buf);
1914 }
1915
1916 static int delete_only(struct command *commands)
1917 {
1918 struct command *cmd;
1919 for (cmd = commands; cmd; cmd = cmd->next) {
1920 if (!is_null_oid(&cmd->new_oid))
1921 return 0;
1922 }
1923 return 1;
1924 }
1925
1926 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1927 {
1928 int advertise_refs = 0;
1929 struct command *commands;
1930 struct oid_array shallow = OID_ARRAY_INIT;
1931 struct oid_array ref = OID_ARRAY_INIT;
1932 struct shallow_info si;
1933 struct packet_reader reader;
1934
1935 struct option options[] = {
1936 OPT__QUIET(&quiet, N_("quiet")),
1937 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1938 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1939 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1940 OPT_END()
1941 };
1942
1943 packet_trace_identity("receive-pack");
1944
1945 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1946
1947 if (argc > 1)
1948 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1949 if (argc == 0)
1950 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1951
1952 service_dir = argv[0];
1953
1954 setup_path();
1955
1956 if (!enter_repo(service_dir, 0))
1957 die("'%s' does not appear to be a git repository", service_dir);
1958
1959 git_config(receive_pack_config, NULL);
1960 if (cert_nonce_seed)
1961 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1962
1963 if (0 <= transfer_unpack_limit)
1964 unpack_limit = transfer_unpack_limit;
1965 else if (0 <= receive_unpack_limit)
1966 unpack_limit = receive_unpack_limit;
1967
1968 switch (determine_protocol_version_server()) {
1969 case protocol_v2:
1970 /*
1971 * push support for protocol v2 has not been implemented yet,
1972 * so ignore the request to use v2 and fallback to using v0.
1973 */
1974 break;
1975 case protocol_v1:
1976 /*
1977 * v1 is just the original protocol with a version string,
1978 * so just fall through after writing the version string.
1979 */
1980 if (advertise_refs || !stateless_rpc)
1981 packet_write_fmt(1, "version 1\n");
1982
1983 /* fallthrough */
1984 case protocol_v0:
1985 break;
1986 case protocol_unknown_version:
1987 BUG("unknown protocol version");
1988 }
1989
1990 if (advertise_refs || !stateless_rpc) {
1991 write_head_info();
1992 }
1993 if (advertise_refs)
1994 return 0;
1995
1996 packet_reader_init(&reader, 0, NULL, 0,
1997 PACKET_READ_CHOMP_NEWLINE |
1998 PACKET_READ_DIE_ON_ERR_PACKET);
1999
2000 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2001 const char *unpack_status = NULL;
2002 struct string_list push_options = STRING_LIST_INIT_DUP;
2003
2004 if (use_push_options)
2005 read_push_options(&reader, &push_options);
2006 if (!check_cert_push_options(&push_options)) {
2007 struct command *cmd;
2008 for (cmd = commands; cmd; cmd = cmd->next)
2009 cmd->error_string = "inconsistent push options";
2010 }
2011
2012 prepare_shallow_info(&si, &shallow);
2013 if (!si.nr_ours && !si.nr_theirs)
2014 shallow_update = 0;
2015 if (!delete_only(commands)) {
2016 unpack_status = unpack_with_sideband(&si);
2017 update_shallow_info(commands, &si, &ref);
2018 }
2019 use_keepalive = KEEPALIVE_ALWAYS;
2020 execute_commands(commands, unpack_status, &si,
2021 &push_options);
2022 if (pack_lockfile)
2023 unlink_or_warn(pack_lockfile);
2024 if (report_status)
2025 report(commands, unpack_status);
2026 run_receive_hook(commands, "post-receive", 1,
2027 &push_options);
2028 run_update_post_hook(commands);
2029 string_list_clear(&push_options, 0);
2030 if (auto_gc) {
2031 const char *argv_gc_auto[] = {
2032 "gc", "--auto", "--quiet", NULL,
2033 };
2034 struct child_process proc = CHILD_PROCESS_INIT;
2035
2036 proc.no_stdin = 1;
2037 proc.stdout_to_stderr = 1;
2038 proc.err = use_sideband ? -1 : 0;
2039 proc.git_cmd = 1;
2040 proc.argv = argv_gc_auto;
2041
2042 close_object_store(the_repository->objects);
2043 if (!start_command(&proc)) {
2044 if (use_sideband)
2045 copy_to_sideband(proc.err, -1, NULL);
2046 finish_command(&proc);
2047 }
2048 }
2049 if (auto_update_server_info)
2050 update_server_info(0);
2051 clear_shallow_info(&si);
2052 }
2053 if (use_sideband)
2054 packet_flush(1);
2055 oid_array_clear(&shallow);
2056 oid_array_clear(&ref);
2057 free((void *)push_cert_nonce);
2058 return 0;
2059 }
Unnamed repository; edit this file 'description' to name the repository.