]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'ea/blame-use-oideq'
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "oid-array.h"
17 #include "connected.h"
18 #include "strvec.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31 #include "shallow.h"
32
33 static const char * const receive_pack_usage[] = {
34 N_("git receive-pack <git-dir>"),
35 NULL
36 };
37
38 enum deny_action {
39 DENY_UNCONFIGURED,
40 DENY_IGNORE,
41 DENY_WARN,
42 DENY_REFUSE,
43 DENY_UPDATE_INSTEAD
44 };
45
46 static int deny_deletes;
47 static int deny_non_fast_forwards;
48 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
49 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
50 static int receive_fsck_objects = -1;
51 static int transfer_fsck_objects = -1;
52 static struct strbuf fsck_msg_types = STRBUF_INIT;
53 static int receive_unpack_limit = -1;
54 static int transfer_unpack_limit = -1;
55 static int advertise_atomic_push = 1;
56 static int advertise_push_options;
57 static int unpack_limit = 100;
58 static off_t max_input_size;
59 static int report_status;
60 static int use_sideband;
61 static int use_atomic;
62 static int use_push_options;
63 static int quiet;
64 static int prefer_ofs_delta = 1;
65 static int auto_update_server_info;
66 static int auto_gc = 1;
67 static int reject_thin;
68 static int stateless_rpc;
69 static const char *service_dir;
70 static const char *head_name;
71 static void *head_name_to_free;
72 static int sent_capabilities;
73 static int shallow_update;
74 static const char *alt_shallow_file;
75 static struct strbuf push_cert = STRBUF_INIT;
76 static struct object_id push_cert_oid;
77 static struct signature_check sigcheck;
78 static const char *push_cert_nonce;
79 static const char *cert_nonce_seed;
80
81 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
82 static const char *NONCE_BAD = "BAD";
83 static const char *NONCE_MISSING = "MISSING";
84 static const char *NONCE_OK = "OK";
85 static const char *NONCE_SLOP = "SLOP";
86 static const char *nonce_status;
87 static long nonce_stamp_slop;
88 static timestamp_t nonce_stamp_slop_limit;
89 static struct ref_transaction *transaction;
90
91 static enum {
92 KEEPALIVE_NEVER = 0,
93 KEEPALIVE_AFTER_NUL,
94 KEEPALIVE_ALWAYS
95 } use_keepalive;
96 static int keepalive_in_sec = 5;
97
98 static struct tmp_objdir *tmp_objdir;
99
100 static enum deny_action parse_deny_action(const char *var, const char *value)
101 {
102 if (value) {
103 if (!strcasecmp(value, "ignore"))
104 return DENY_IGNORE;
105 if (!strcasecmp(value, "warn"))
106 return DENY_WARN;
107 if (!strcasecmp(value, "refuse"))
108 return DENY_REFUSE;
109 if (!strcasecmp(value, "updateinstead"))
110 return DENY_UPDATE_INSTEAD;
111 }
112 if (git_config_bool(var, value))
113 return DENY_REFUSE;
114 return DENY_IGNORE;
115 }
116
117 static int receive_pack_config(const char *var, const char *value, void *cb)
118 {
119 int status = parse_hide_refs_config(var, value, "receive");
120
121 if (status)
122 return status;
123
124 if (strcmp(var, "receive.denydeletes") == 0) {
125 deny_deletes = git_config_bool(var, value);
126 return 0;
127 }
128
129 if (strcmp(var, "receive.denynonfastforwards") == 0) {
130 deny_non_fast_forwards = git_config_bool(var, value);
131 return 0;
132 }
133
134 if (strcmp(var, "receive.unpacklimit") == 0) {
135 receive_unpack_limit = git_config_int(var, value);
136 return 0;
137 }
138
139 if (strcmp(var, "transfer.unpacklimit") == 0) {
140 transfer_unpack_limit = git_config_int(var, value);
141 return 0;
142 }
143
144 if (strcmp(var, "receive.fsck.skiplist") == 0) {
145 const char *path;
146
147 if (git_config_pathname(&path, var, value))
148 return 1;
149 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
150 fsck_msg_types.len ? ',' : '=', path);
151 free((char *)path);
152 return 0;
153 }
154
155 if (skip_prefix(var, "receive.fsck.", &var)) {
156 if (is_valid_msg_type(var, value))
157 strbuf_addf(&fsck_msg_types, "%c%s=%s",
158 fsck_msg_types.len ? ',' : '=', var, value);
159 else
160 warning("Skipping unknown msg id '%s'", var);
161 return 0;
162 }
163
164 if (strcmp(var, "receive.fsckobjects") == 0) {
165 receive_fsck_objects = git_config_bool(var, value);
166 return 0;
167 }
168
169 if (strcmp(var, "transfer.fsckobjects") == 0) {
170 transfer_fsck_objects = git_config_bool(var, value);
171 return 0;
172 }
173
174 if (!strcmp(var, "receive.denycurrentbranch")) {
175 deny_current_branch = parse_deny_action(var, value);
176 return 0;
177 }
178
179 if (strcmp(var, "receive.denydeletecurrent") == 0) {
180 deny_delete_current = parse_deny_action(var, value);
181 return 0;
182 }
183
184 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
185 prefer_ofs_delta = git_config_bool(var, value);
186 return 0;
187 }
188
189 if (strcmp(var, "receive.updateserverinfo") == 0) {
190 auto_update_server_info = git_config_bool(var, value);
191 return 0;
192 }
193
194 if (strcmp(var, "receive.autogc") == 0) {
195 auto_gc = git_config_bool(var, value);
196 return 0;
197 }
198
199 if (strcmp(var, "receive.shallowupdate") == 0) {
200 shallow_update = git_config_bool(var, value);
201 return 0;
202 }
203
204 if (strcmp(var, "receive.certnonceseed") == 0)
205 return git_config_string(&cert_nonce_seed, var, value);
206
207 if (strcmp(var, "receive.certnonceslop") == 0) {
208 nonce_stamp_slop_limit = git_config_ulong(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.advertiseatomic") == 0) {
213 advertise_atomic_push = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.advertisepushoptions") == 0) {
218 advertise_push_options = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.keepalive") == 0) {
223 keepalive_in_sec = git_config_int(var, value);
224 return 0;
225 }
226
227 if (strcmp(var, "receive.maxinputsize") == 0) {
228 max_input_size = git_config_int64(var, value);
229 return 0;
230 }
231
232 return git_default_config(var, value, cb);
233 }
234
235 static void show_ref(const char *path, const struct object_id *oid)
236 {
237 if (sent_capabilities) {
238 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
239 } else {
240 struct strbuf cap = STRBUF_INIT;
241
242 strbuf_addstr(&cap,
243 "report-status delete-refs side-band-64k quiet");
244 if (advertise_atomic_push)
245 strbuf_addstr(&cap, " atomic");
246 if (prefer_ofs_delta)
247 strbuf_addstr(&cap, " ofs-delta");
248 if (push_cert_nonce)
249 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
250 if (advertise_push_options)
251 strbuf_addstr(&cap, " push-options");
252 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
253 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
254 packet_write_fmt(1, "%s %s%c%s\n",
255 oid_to_hex(oid), path, 0, cap.buf);
256 strbuf_release(&cap);
257 sent_capabilities = 1;
258 }
259 }
260
261 static int show_ref_cb(const char *path_full, const struct object_id *oid,
262 int flag, void *data)
263 {
264 struct oidset *seen = data;
265 const char *path = strip_namespace(path_full);
266
267 if (ref_is_hidden(path, path_full))
268 return 0;
269
270 /*
271 * Advertise refs outside our current namespace as ".have"
272 * refs, so that the client can use them to minimize data
273 * transfer but will otherwise ignore them.
274 */
275 if (!path) {
276 if (oidset_insert(seen, oid))
277 return 0;
278 path = ".have";
279 } else {
280 oidset_insert(seen, oid);
281 }
282 show_ref(path, oid);
283 return 0;
284 }
285
286 static void show_one_alternate_ref(const struct object_id *oid,
287 void *data)
288 {
289 struct oidset *seen = data;
290
291 if (oidset_insert(seen, oid))
292 return;
293
294 show_ref(".have", oid);
295 }
296
297 static void write_head_info(void)
298 {
299 static struct oidset seen = OIDSET_INIT;
300
301 for_each_ref(show_ref_cb, &seen);
302 for_each_alternate_ref(show_one_alternate_ref, &seen);
303 oidset_clear(&seen);
304 if (!sent_capabilities)
305 show_ref("capabilities^{}", &null_oid);
306
307 advertise_shallow_grafts(1);
308
309 /* EOF */
310 packet_flush(1);
311 }
312
313 struct command {
314 struct command *next;
315 const char *error_string;
316 unsigned int skip_update:1,
317 did_not_exist:1;
318 int index;
319 struct object_id old_oid;
320 struct object_id new_oid;
321 char ref_name[FLEX_ARRAY]; /* more */
322 };
323
324 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
325 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
326
327 static void report_message(const char *prefix, const char *err, va_list params)
328 {
329 int sz;
330 char msg[4096];
331
332 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
333 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
334 if (sz > (sizeof(msg) - 1))
335 sz = sizeof(msg) - 1;
336 msg[sz++] = '\n';
337
338 if (use_sideband)
339 send_sideband(1, 2, msg, sz, use_sideband);
340 else
341 xwrite(2, msg, sz);
342 }
343
344 static void rp_warning(const char *err, ...)
345 {
346 va_list params;
347 va_start(params, err);
348 report_message("warning: ", err, params);
349 va_end(params);
350 }
351
352 static void rp_error(const char *err, ...)
353 {
354 va_list params;
355 va_start(params, err);
356 report_message("error: ", err, params);
357 va_end(params);
358 }
359
360 static int copy_to_sideband(int in, int out, void *arg)
361 {
362 char data[128];
363 int keepalive_active = 0;
364
365 if (keepalive_in_sec <= 0)
366 use_keepalive = KEEPALIVE_NEVER;
367 if (use_keepalive == KEEPALIVE_ALWAYS)
368 keepalive_active = 1;
369
370 while (1) {
371 ssize_t sz;
372
373 if (keepalive_active) {
374 struct pollfd pfd;
375 int ret;
376
377 pfd.fd = in;
378 pfd.events = POLLIN;
379 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
380
381 if (ret < 0) {
382 if (errno == EINTR)
383 continue;
384 else
385 break;
386 } else if (ret == 0) {
387 /* no data; send a keepalive packet */
388 static const char buf[] = "0005\1";
389 write_or_die(1, buf, sizeof(buf) - 1);
390 continue;
391 } /* else there is actual data to read */
392 }
393
394 sz = xread(in, data, sizeof(data));
395 if (sz <= 0)
396 break;
397
398 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
399 const char *p = memchr(data, '\0', sz);
400 if (p) {
401 /*
402 * The NUL tells us to start sending keepalives. Make
403 * sure we send any other data we read along
404 * with it.
405 */
406 keepalive_active = 1;
407 send_sideband(1, 2, data, p - data, use_sideband);
408 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
409 continue;
410 }
411 }
412
413 /*
414 * Either we're not looking for a NUL signal, or we didn't see
415 * it yet; just pass along the data.
416 */
417 send_sideband(1, 2, data, sz, use_sideband);
418 }
419 close(in);
420 return 0;
421 }
422
423 static void hmac_hash(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426 {
427 unsigned char key[GIT_MAX_BLKSZ];
428 unsigned char k_ipad[GIT_MAX_BLKSZ];
429 unsigned char k_opad[GIT_MAX_BLKSZ];
430 int i;
431 git_hash_ctx ctx;
432
433 /* RFC 2104 2. (1) */
434 memset(key, '\0', GIT_MAX_BLKSZ);
435 if (the_hash_algo->blksz < key_len) {
436 the_hash_algo->init_fn(&ctx);
437 the_hash_algo->update_fn(&ctx, key_in, key_len);
438 the_hash_algo->final_fn(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442
443 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448
449 /* RFC 2104 2. (3) & (4) */
450 the_hash_algo->init_fn(&ctx);
451 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
452 the_hash_algo->update_fn(&ctx, text, text_len);
453 the_hash_algo->final_fn(out, &ctx);
454
455 /* RFC 2104 2. (6) & (7) */
456 the_hash_algo->init_fn(&ctx);
457 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
458 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
459 the_hash_algo->final_fn(out, &ctx);
460 }
461
462 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463 {
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char hash[GIT_MAX_RAWSZ];
466
467 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
469 strbuf_release(&buf);
470
471 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
473 return strbuf_detach(&buf, NULL);
474 }
475
476 /*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481 static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483 {
484 int key_len = strlen(key);
485 const char *line = msg;
486
487 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489
490 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502 }
503
504 /*
505 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
506 * This operation is guaranteed to run in constant time to avoid leaking data.
507 */
508 static int constant_memequal(const char *a, const char *b, size_t n)
509 {
510 int res = 0;
511 size_t i;
512
513 for (i = 0; i < n; i++)
514 res |= a[i] ^ b[i];
515 return res;
516 }
517
518 static const char *check_nonce(const char *buf, size_t len)
519 {
520 char *nonce = find_header(buf, len, "nonce", NULL);
521 timestamp_t stamp, ostamp;
522 char *bohmac, *expect = NULL;
523 const char *retval = NONCE_BAD;
524 size_t noncelen;
525
526 if (!nonce) {
527 retval = NONCE_MISSING;
528 goto leave;
529 } else if (!push_cert_nonce) {
530 retval = NONCE_UNSOLICITED;
531 goto leave;
532 } else if (!strcmp(push_cert_nonce, nonce)) {
533 retval = NONCE_OK;
534 goto leave;
535 }
536
537 if (!stateless_rpc) {
538 /* returned nonce MUST match what we gave out earlier */
539 retval = NONCE_BAD;
540 goto leave;
541 }
542
543 /*
544 * In stateless mode, we may be receiving a nonce issued by
545 * another instance of the server that serving the same
546 * repository, and the timestamps may not match, but the
547 * nonce-seed and dir should match, so we can recompute and
548 * report the time slop.
549 *
550 * In addition, when a nonce issued by another instance has
551 * timestamp within receive.certnonceslop seconds, we pretend
552 * as if we issued that nonce when reporting to the hook.
553 */
554
555 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
556 if (*nonce <= '0' || '9' < *nonce) {
557 retval = NONCE_BAD;
558 goto leave;
559 }
560 stamp = parse_timestamp(nonce, &bohmac, 10);
561 if (bohmac == nonce || bohmac[0] != '-') {
562 retval = NONCE_BAD;
563 goto leave;
564 }
565
566 noncelen = strlen(nonce);
567 expect = prepare_push_cert_nonce(service_dir, stamp);
568 if (noncelen != strlen(expect)) {
569 /* This is not even the right size. */
570 retval = NONCE_BAD;
571 goto leave;
572 }
573 if (constant_memequal(expect, nonce, noncelen)) {
574 /* Not what we would have signed earlier */
575 retval = NONCE_BAD;
576 goto leave;
577 }
578
579 /*
580 * By how many seconds is this nonce stale? Negative value
581 * would mean it was issued by another server with its clock
582 * skewed in the future.
583 */
584 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
585 nonce_stamp_slop = (long)ostamp - (long)stamp;
586
587 if (nonce_stamp_slop_limit &&
588 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
589 /*
590 * Pretend as if the received nonce (which passes the
591 * HMAC check, so it is not a forged by third-party)
592 * is what we issued.
593 */
594 free((void *)push_cert_nonce);
595 push_cert_nonce = xstrdup(nonce);
596 retval = NONCE_OK;
597 } else {
598 retval = NONCE_SLOP;
599 }
600
601 leave:
602 free(nonce);
603 free(expect);
604 return retval;
605 }
606
607 /*
608 * Return 1 if there is no push_cert or if the push options in push_cert are
609 * the same as those in the argument; 0 otherwise.
610 */
611 static int check_cert_push_options(const struct string_list *push_options)
612 {
613 const char *buf = push_cert.buf;
614 int len = push_cert.len;
615
616 char *option;
617 const char *next_line;
618 int options_seen = 0;
619
620 int retval = 1;
621
622 if (!len)
623 return 1;
624
625 while ((option = find_header(buf, len, "push-option", &next_line))) {
626 len -= (next_line - buf);
627 buf = next_line;
628 options_seen++;
629 if (options_seen > push_options->nr
630 || strcmp(option,
631 push_options->items[options_seen - 1].string)) {
632 retval = 0;
633 goto leave;
634 }
635 free(option);
636 }
637
638 if (options_seen != push_options->nr)
639 retval = 0;
640
641 leave:
642 free(option);
643 return retval;
644 }
645
646 static void prepare_push_cert_sha1(struct child_process *proc)
647 {
648 static int already_done;
649
650 if (!push_cert.len)
651 return;
652
653 if (!already_done) {
654 int bogs /* beginning_of_gpg_sig */;
655
656 already_done = 1;
657 if (write_object_file(push_cert.buf, push_cert.len, "blob",
658 &push_cert_oid))
659 oidclr(&push_cert_oid);
660
661 memset(&sigcheck, '\0', sizeof(sigcheck));
662
663 bogs = parse_signature(push_cert.buf, push_cert.len);
664 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
665 push_cert.len - bogs, &sigcheck);
666
667 nonce_status = check_nonce(push_cert.buf, bogs);
668 }
669 if (!is_null_oid(&push_cert_oid)) {
670 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
671 oid_to_hex(&push_cert_oid));
672 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
673 sigcheck.signer ? sigcheck.signer : "");
674 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
675 sigcheck.key ? sigcheck.key : "");
676 strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
677 sigcheck.result);
678 if (push_cert_nonce) {
679 strvec_pushf(&proc->env_array,
680 "GIT_PUSH_CERT_NONCE=%s",
681 push_cert_nonce);
682 strvec_pushf(&proc->env_array,
683 "GIT_PUSH_CERT_NONCE_STATUS=%s",
684 nonce_status);
685 if (nonce_status == NONCE_SLOP)
686 strvec_pushf(&proc->env_array,
687 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
688 nonce_stamp_slop);
689 }
690 }
691 }
692
693 struct receive_hook_feed_state {
694 struct command *cmd;
695 int skip_broken;
696 struct strbuf buf;
697 const struct string_list *push_options;
698 };
699
700 typedef int (*feed_fn)(void *, const char **, size_t *);
701 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
702 struct receive_hook_feed_state *feed_state)
703 {
704 struct child_process proc = CHILD_PROCESS_INIT;
705 struct async muxer;
706 const char *argv[2];
707 int code;
708
709 argv[0] = find_hook(hook_name);
710 if (!argv[0])
711 return 0;
712
713 argv[1] = NULL;
714
715 proc.argv = argv;
716 proc.in = -1;
717 proc.stdout_to_stderr = 1;
718 proc.trace2_hook_name = hook_name;
719
720 if (feed_state->push_options) {
721 int i;
722 for (i = 0; i < feed_state->push_options->nr; i++)
723 strvec_pushf(&proc.env_array,
724 "GIT_PUSH_OPTION_%d=%s", i,
725 feed_state->push_options->items[i].string);
726 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
727 feed_state->push_options->nr);
728 } else
729 strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
730
731 if (tmp_objdir)
732 strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
733
734 if (use_sideband) {
735 memset(&muxer, 0, sizeof(muxer));
736 muxer.proc = copy_to_sideband;
737 muxer.in = -1;
738 code = start_async(&muxer);
739 if (code)
740 return code;
741 proc.err = muxer.in;
742 }
743
744 prepare_push_cert_sha1(&proc);
745
746 code = start_command(&proc);
747 if (code) {
748 if (use_sideband)
749 finish_async(&muxer);
750 return code;
751 }
752
753 sigchain_push(SIGPIPE, SIG_IGN);
754
755 while (1) {
756 const char *buf;
757 size_t n;
758 if (feed(feed_state, &buf, &n))
759 break;
760 if (write_in_full(proc.in, buf, n) < 0)
761 break;
762 }
763 close(proc.in);
764 if (use_sideband)
765 finish_async(&muxer);
766
767 sigchain_pop(SIGPIPE);
768
769 return finish_command(&proc);
770 }
771
772 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
773 {
774 struct receive_hook_feed_state *state = state_;
775 struct command *cmd = state->cmd;
776
777 while (cmd &&
778 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
779 cmd = cmd->next;
780 if (!cmd)
781 return -1; /* EOF */
782 strbuf_reset(&state->buf);
783 strbuf_addf(&state->buf, "%s %s %s\n",
784 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
785 cmd->ref_name);
786 state->cmd = cmd->next;
787 if (bufp) {
788 *bufp = state->buf.buf;
789 *sizep = state->buf.len;
790 }
791 return 0;
792 }
793
794 static int run_receive_hook(struct command *commands,
795 const char *hook_name,
796 int skip_broken,
797 const struct string_list *push_options)
798 {
799 struct receive_hook_feed_state state;
800 int status;
801
802 strbuf_init(&state.buf, 0);
803 state.cmd = commands;
804 state.skip_broken = skip_broken;
805 if (feed_receive_hook(&state, NULL, NULL))
806 return 0;
807 state.cmd = commands;
808 state.push_options = push_options;
809 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
810 strbuf_release(&state.buf);
811 return status;
812 }
813
814 static int run_update_hook(struct command *cmd)
815 {
816 const char *argv[5];
817 struct child_process proc = CHILD_PROCESS_INIT;
818 int code;
819
820 argv[0] = find_hook("update");
821 if (!argv[0])
822 return 0;
823
824 argv[1] = cmd->ref_name;
825 argv[2] = oid_to_hex(&cmd->old_oid);
826 argv[3] = oid_to_hex(&cmd->new_oid);
827 argv[4] = NULL;
828
829 proc.no_stdin = 1;
830 proc.stdout_to_stderr = 1;
831 proc.err = use_sideband ? -1 : 0;
832 proc.argv = argv;
833 proc.trace2_hook_name = "update";
834
835 code = start_command(&proc);
836 if (code)
837 return code;
838 if (use_sideband)
839 copy_to_sideband(proc.err, -1, NULL);
840 return finish_command(&proc);
841 }
842
843 static char *refuse_unconfigured_deny_msg =
844 N_("By default, updating the current branch in a non-bare repository\n"
845 "is denied, because it will make the index and work tree inconsistent\n"
846 "with what you pushed, and will require 'git reset --hard' to match\n"
847 "the work tree to HEAD.\n"
848 "\n"
849 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
850 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
851 "its current branch; however, this is not recommended unless you\n"
852 "arranged to update its work tree to match what you pushed in some\n"
853 "other way.\n"
854 "\n"
855 "To squelch this message and still keep the default behaviour, set\n"
856 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
857
858 static void refuse_unconfigured_deny(void)
859 {
860 rp_error("%s", _(refuse_unconfigured_deny_msg));
861 }
862
863 static char *refuse_unconfigured_deny_delete_current_msg =
864 N_("By default, deleting the current branch is denied, because the next\n"
865 "'git clone' won't result in any file checked out, causing confusion.\n"
866 "\n"
867 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
868 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
869 "current branch, with or without a warning message.\n"
870 "\n"
871 "To squelch this message, you can set it to 'refuse'.");
872
873 static void refuse_unconfigured_deny_delete_current(void)
874 {
875 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
876 }
877
878 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
879 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
880 {
881 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
882 struct oid_array extra = OID_ARRAY_INIT;
883 struct check_connected_options opt = CHECK_CONNECTED_INIT;
884 uint32_t mask = 1 << (cmd->index % 32);
885 int i;
886
887 trace_printf_key(&trace_shallow,
888 "shallow: update_shallow_ref %s\n", cmd->ref_name);
889 for (i = 0; i < si->shallow->nr; i++)
890 if (si->used_shallow[i] &&
891 (si->used_shallow[i][cmd->index / 32] & mask) &&
892 !delayed_reachability_test(si, i))
893 oid_array_append(&extra, &si->shallow->oid[i]);
894
895 opt.env = tmp_objdir_env(tmp_objdir);
896 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
897 if (check_connected(command_singleton_iterator, cmd, &opt)) {
898 rollback_shallow_file(the_repository, &shallow_lock);
899 oid_array_clear(&extra);
900 return -1;
901 }
902
903 commit_shallow_file(the_repository, &shallow_lock);
904
905 /*
906 * Make sure setup_alternate_shallow() for the next ref does
907 * not lose these new roots..
908 */
909 for (i = 0; i < extra.nr; i++)
910 register_shallow(the_repository, &extra.oid[i]);
911
912 si->shallow_ref[cmd->index] = 0;
913 oid_array_clear(&extra);
914 return 0;
915 }
916
917 /*
918 * NEEDSWORK: we should consolidate various implementions of "are we
919 * on an unborn branch?" test into one, and make the unified one more
920 * robust. !get_sha1() based check used here and elsewhere would not
921 * allow us to tell an unborn branch from corrupt ref, for example.
922 * For the purpose of fixing "deploy-to-update does not work when
923 * pushing into an empty repository" issue, this should suffice for
924 * now.
925 */
926 static int head_has_history(void)
927 {
928 struct object_id oid;
929
930 return !get_oid("HEAD", &oid);
931 }
932
933 static const char *push_to_deploy(unsigned char *sha1,
934 struct strvec *env,
935 const char *work_tree)
936 {
937 const char *update_refresh[] = {
938 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
939 };
940 const char *diff_files[] = {
941 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
942 };
943 const char *diff_index[] = {
944 "diff-index", "--quiet", "--cached", "--ignore-submodules",
945 NULL, "--", NULL
946 };
947 const char *read_tree[] = {
948 "read-tree", "-u", "-m", NULL, NULL
949 };
950 struct child_process child = CHILD_PROCESS_INIT;
951
952 child.argv = update_refresh;
953 child.env = env->v;
954 child.dir = work_tree;
955 child.no_stdin = 1;
956 child.stdout_to_stderr = 1;
957 child.git_cmd = 1;
958 if (run_command(&child))
959 return "Up-to-date check failed";
960
961 /* run_command() does not clean up completely; reinitialize */
962 child_process_init(&child);
963 child.argv = diff_files;
964 child.env = env->v;
965 child.dir = work_tree;
966 child.no_stdin = 1;
967 child.stdout_to_stderr = 1;
968 child.git_cmd = 1;
969 if (run_command(&child))
970 return "Working directory has unstaged changes";
971
972 /* diff-index with either HEAD or an empty tree */
973 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
974
975 child_process_init(&child);
976 child.argv = diff_index;
977 child.env = env->v;
978 child.no_stdin = 1;
979 child.no_stdout = 1;
980 child.stdout_to_stderr = 0;
981 child.git_cmd = 1;
982 if (run_command(&child))
983 return "Working directory has staged changes";
984
985 read_tree[3] = hash_to_hex(sha1);
986 child_process_init(&child);
987 child.argv = read_tree;
988 child.env = env->v;
989 child.dir = work_tree;
990 child.no_stdin = 1;
991 child.no_stdout = 1;
992 child.stdout_to_stderr = 0;
993 child.git_cmd = 1;
994 if (run_command(&child))
995 return "Could not update working tree to new HEAD";
996
997 return NULL;
998 }
999
1000 static const char *push_to_checkout_hook = "push-to-checkout";
1001
1002 static const char *push_to_checkout(unsigned char *hash,
1003 struct strvec *env,
1004 const char *work_tree)
1005 {
1006 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1007 if (run_hook_le(env->v, push_to_checkout_hook,
1008 hash_to_hex(hash), NULL))
1009 return "push-to-checkout hook declined";
1010 else
1011 return NULL;
1012 }
1013
1014 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1015 {
1016 const char *retval, *work_tree, *git_dir = NULL;
1017 struct strvec env = STRVEC_INIT;
1018
1019 if (worktree && worktree->path)
1020 work_tree = worktree->path;
1021 else if (git_work_tree_cfg)
1022 work_tree = git_work_tree_cfg;
1023 else
1024 work_tree = "..";
1025
1026 if (is_bare_repository())
1027 return "denyCurrentBranch = updateInstead needs a worktree";
1028 if (worktree)
1029 git_dir = get_worktree_git_dir(worktree);
1030 if (!git_dir)
1031 git_dir = get_git_dir();
1032
1033 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1034
1035 if (!find_hook(push_to_checkout_hook))
1036 retval = push_to_deploy(sha1, &env, work_tree);
1037 else
1038 retval = push_to_checkout(sha1, &env, work_tree);
1039
1040 strvec_clear(&env);
1041 return retval;
1042 }
1043
1044 static const char *update(struct command *cmd, struct shallow_info *si)
1045 {
1046 const char *name = cmd->ref_name;
1047 struct strbuf namespaced_name_buf = STRBUF_INIT;
1048 static char *namespaced_name;
1049 const char *ret;
1050 struct object_id *old_oid = &cmd->old_oid;
1051 struct object_id *new_oid = &cmd->new_oid;
1052 int do_update_worktree = 0;
1053 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1054
1055 /* only refs/... are allowed */
1056 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1057 rp_error("refusing to create funny ref '%s' remotely", name);
1058 return "funny refname";
1059 }
1060
1061 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1062 free(namespaced_name);
1063 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1064
1065 if (worktree) {
1066 switch (deny_current_branch) {
1067 case DENY_IGNORE:
1068 break;
1069 case DENY_WARN:
1070 rp_warning("updating the current branch");
1071 break;
1072 case DENY_REFUSE:
1073 case DENY_UNCONFIGURED:
1074 rp_error("refusing to update checked out branch: %s", name);
1075 if (deny_current_branch == DENY_UNCONFIGURED)
1076 refuse_unconfigured_deny();
1077 return "branch is currently checked out";
1078 case DENY_UPDATE_INSTEAD:
1079 /* pass -- let other checks intervene first */
1080 do_update_worktree = 1;
1081 break;
1082 }
1083 }
1084
1085 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1086 error("unpack should have generated %s, "
1087 "but I can't find it!", oid_to_hex(new_oid));
1088 return "bad pack";
1089 }
1090
1091 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1092 if (deny_deletes && starts_with(name, "refs/heads/")) {
1093 rp_error("denying ref deletion for %s", name);
1094 return "deletion prohibited";
1095 }
1096
1097 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1098 switch (deny_delete_current) {
1099 case DENY_IGNORE:
1100 break;
1101 case DENY_WARN:
1102 rp_warning("deleting the current branch");
1103 break;
1104 case DENY_REFUSE:
1105 case DENY_UNCONFIGURED:
1106 case DENY_UPDATE_INSTEAD:
1107 if (deny_delete_current == DENY_UNCONFIGURED)
1108 refuse_unconfigured_deny_delete_current();
1109 rp_error("refusing to delete the current branch: %s", name);
1110 return "deletion of the current branch prohibited";
1111 default:
1112 return "Invalid denyDeleteCurrent setting";
1113 }
1114 }
1115 }
1116
1117 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1118 !is_null_oid(old_oid) &&
1119 starts_with(name, "refs/heads/")) {
1120 struct object *old_object, *new_object;
1121 struct commit *old_commit, *new_commit;
1122
1123 old_object = parse_object(the_repository, old_oid);
1124 new_object = parse_object(the_repository, new_oid);
1125
1126 if (!old_object || !new_object ||
1127 old_object->type != OBJ_COMMIT ||
1128 new_object->type != OBJ_COMMIT) {
1129 error("bad sha1 objects for %s", name);
1130 return "bad ref";
1131 }
1132 old_commit = (struct commit *)old_object;
1133 new_commit = (struct commit *)new_object;
1134 if (!in_merge_bases(old_commit, new_commit)) {
1135 rp_error("denying non-fast-forward %s"
1136 " (you should pull first)", name);
1137 return "non-fast-forward";
1138 }
1139 }
1140 if (run_update_hook(cmd)) {
1141 rp_error("hook declined to update %s", name);
1142 return "hook declined";
1143 }
1144
1145 if (do_update_worktree) {
1146 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1147 if (ret)
1148 return ret;
1149 }
1150
1151 if (is_null_oid(new_oid)) {
1152 struct strbuf err = STRBUF_INIT;
1153 if (!parse_object(the_repository, old_oid)) {
1154 old_oid = NULL;
1155 if (ref_exists(name)) {
1156 rp_warning("Allowing deletion of corrupt ref.");
1157 } else {
1158 rp_warning("Deleting a non-existent ref.");
1159 cmd->did_not_exist = 1;
1160 }
1161 }
1162 if (ref_transaction_delete(transaction,
1163 namespaced_name,
1164 old_oid,
1165 0, "push", &err)) {
1166 rp_error("%s", err.buf);
1167 strbuf_release(&err);
1168 return "failed to delete";
1169 }
1170 strbuf_release(&err);
1171 return NULL; /* good */
1172 }
1173 else {
1174 struct strbuf err = STRBUF_INIT;
1175 if (shallow_update && si->shallow_ref[cmd->index] &&
1176 update_shallow_ref(cmd, si))
1177 return "shallow error";
1178
1179 if (ref_transaction_update(transaction,
1180 namespaced_name,
1181 new_oid, old_oid,
1182 0, "push",
1183 &err)) {
1184 rp_error("%s", err.buf);
1185 strbuf_release(&err);
1186
1187 return "failed to update ref";
1188 }
1189 strbuf_release(&err);
1190
1191 return NULL; /* good */
1192 }
1193 }
1194
1195 static void run_update_post_hook(struct command *commands)
1196 {
1197 struct command *cmd;
1198 struct child_process proc = CHILD_PROCESS_INIT;
1199 const char *hook;
1200
1201 hook = find_hook("post-update");
1202 if (!hook)
1203 return;
1204
1205 for (cmd = commands; cmd; cmd = cmd->next) {
1206 if (cmd->error_string || cmd->did_not_exist)
1207 continue;
1208 if (!proc.args.nr)
1209 strvec_push(&proc.args, hook);
1210 strvec_push(&proc.args, cmd->ref_name);
1211 }
1212 if (!proc.args.nr)
1213 return;
1214
1215 proc.no_stdin = 1;
1216 proc.stdout_to_stderr = 1;
1217 proc.err = use_sideband ? -1 : 0;
1218 proc.trace2_hook_name = "post-update";
1219
1220 if (!start_command(&proc)) {
1221 if (use_sideband)
1222 copy_to_sideband(proc.err, -1, NULL);
1223 finish_command(&proc);
1224 }
1225 }
1226
1227 static void check_aliased_update_internal(struct command *cmd,
1228 struct string_list *list,
1229 const char *dst_name, int flag)
1230 {
1231 struct string_list_item *item;
1232 struct command *dst_cmd;
1233
1234 if (!(flag & REF_ISSYMREF))
1235 return;
1236
1237 if (!dst_name) {
1238 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1239 cmd->skip_update = 1;
1240 cmd->error_string = "broken symref";
1241 return;
1242 }
1243 dst_name = strip_namespace(dst_name);
1244
1245 if ((item = string_list_lookup(list, dst_name)) == NULL)
1246 return;
1247
1248 cmd->skip_update = 1;
1249
1250 dst_cmd = (struct command *) item->util;
1251
1252 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1253 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1254 return;
1255
1256 dst_cmd->skip_update = 1;
1257
1258 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1259 " its target '%s' (%s..%s)",
1260 cmd->ref_name,
1261 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1262 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1263 dst_cmd->ref_name,
1264 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1265 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1266
1267 cmd->error_string = dst_cmd->error_string =
1268 "inconsistent aliased update";
1269 }
1270
1271 static void check_aliased_update(struct command *cmd, struct string_list *list)
1272 {
1273 struct strbuf buf = STRBUF_INIT;
1274 const char *dst_name;
1275 int flag;
1276
1277 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1278 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1279 check_aliased_update_internal(cmd, list, dst_name, flag);
1280 strbuf_release(&buf);
1281 }
1282
1283 static void check_aliased_updates(struct command *commands)
1284 {
1285 struct command *cmd;
1286 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1287
1288 for (cmd = commands; cmd; cmd = cmd->next) {
1289 struct string_list_item *item =
1290 string_list_append(&ref_list, cmd->ref_name);
1291 item->util = (void *)cmd;
1292 }
1293 string_list_sort(&ref_list);
1294
1295 for (cmd = commands; cmd; cmd = cmd->next) {
1296 if (!cmd->error_string)
1297 check_aliased_update(cmd, &ref_list);
1298 }
1299
1300 string_list_clear(&ref_list, 0);
1301 }
1302
1303 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1304 {
1305 struct command **cmd_list = cb_data;
1306 struct command *cmd = *cmd_list;
1307
1308 if (!cmd || is_null_oid(&cmd->new_oid))
1309 return -1; /* end of list */
1310 *cmd_list = NULL; /* this returns only one */
1311 oidcpy(oid, &cmd->new_oid);
1312 return 0;
1313 }
1314
1315 static void set_connectivity_errors(struct command *commands,
1316 struct shallow_info *si)
1317 {
1318 struct command *cmd;
1319
1320 for (cmd = commands; cmd; cmd = cmd->next) {
1321 struct command *singleton = cmd;
1322 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1323
1324 if (shallow_update && si->shallow_ref[cmd->index])
1325 /* to be checked in update_shallow_ref() */
1326 continue;
1327
1328 opt.env = tmp_objdir_env(tmp_objdir);
1329 if (!check_connected(command_singleton_iterator, &singleton,
1330 &opt))
1331 continue;
1332
1333 cmd->error_string = "missing necessary objects";
1334 }
1335 }
1336
1337 struct iterate_data {
1338 struct command *cmds;
1339 struct shallow_info *si;
1340 };
1341
1342 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1343 {
1344 struct iterate_data *data = cb_data;
1345 struct command **cmd_list = &data->cmds;
1346 struct command *cmd = *cmd_list;
1347
1348 for (; cmd; cmd = cmd->next) {
1349 if (shallow_update && data->si->shallow_ref[cmd->index])
1350 /* to be checked in update_shallow_ref() */
1351 continue;
1352 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1353 oidcpy(oid, &cmd->new_oid);
1354 *cmd_list = cmd->next;
1355 return 0;
1356 }
1357 }
1358 *cmd_list = NULL;
1359 return -1; /* end of list */
1360 }
1361
1362 static void reject_updates_to_hidden(struct command *commands)
1363 {
1364 struct strbuf refname_full = STRBUF_INIT;
1365 size_t prefix_len;
1366 struct command *cmd;
1367
1368 strbuf_addstr(&refname_full, get_git_namespace());
1369 prefix_len = refname_full.len;
1370
1371 for (cmd = commands; cmd; cmd = cmd->next) {
1372 if (cmd->error_string)
1373 continue;
1374
1375 strbuf_setlen(&refname_full, prefix_len);
1376 strbuf_addstr(&refname_full, cmd->ref_name);
1377
1378 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1379 continue;
1380 if (is_null_oid(&cmd->new_oid))
1381 cmd->error_string = "deny deleting a hidden ref";
1382 else
1383 cmd->error_string = "deny updating a hidden ref";
1384 }
1385
1386 strbuf_release(&refname_full);
1387 }
1388
1389 static int should_process_cmd(struct command *cmd)
1390 {
1391 return !cmd->error_string && !cmd->skip_update;
1392 }
1393
1394 static void warn_if_skipped_connectivity_check(struct command *commands,
1395 struct shallow_info *si)
1396 {
1397 struct command *cmd;
1398 int checked_connectivity = 1;
1399
1400 for (cmd = commands; cmd; cmd = cmd->next) {
1401 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1402 error("BUG: connectivity check has not been run on ref %s",
1403 cmd->ref_name);
1404 checked_connectivity = 0;
1405 }
1406 }
1407 if (!checked_connectivity)
1408 BUG("connectivity check skipped???");
1409 }
1410
1411 static void execute_commands_non_atomic(struct command *commands,
1412 struct shallow_info *si)
1413 {
1414 struct command *cmd;
1415 struct strbuf err = STRBUF_INIT;
1416
1417 for (cmd = commands; cmd; cmd = cmd->next) {
1418 if (!should_process_cmd(cmd))
1419 continue;
1420
1421 transaction = ref_transaction_begin(&err);
1422 if (!transaction) {
1423 rp_error("%s", err.buf);
1424 strbuf_reset(&err);
1425 cmd->error_string = "transaction failed to start";
1426 continue;
1427 }
1428
1429 cmd->error_string = update(cmd, si);
1430
1431 if (!cmd->error_string
1432 && ref_transaction_commit(transaction, &err)) {
1433 rp_error("%s", err.buf);
1434 strbuf_reset(&err);
1435 cmd->error_string = "failed to update ref";
1436 }
1437 ref_transaction_free(transaction);
1438 }
1439 strbuf_release(&err);
1440 }
1441
1442 static void execute_commands_atomic(struct command *commands,
1443 struct shallow_info *si)
1444 {
1445 struct command *cmd;
1446 struct strbuf err = STRBUF_INIT;
1447 const char *reported_error = "atomic push failure";
1448
1449 transaction = ref_transaction_begin(&err);
1450 if (!transaction) {
1451 rp_error("%s", err.buf);
1452 strbuf_reset(&err);
1453 reported_error = "transaction failed to start";
1454 goto failure;
1455 }
1456
1457 for (cmd = commands; cmd; cmd = cmd->next) {
1458 if (!should_process_cmd(cmd))
1459 continue;
1460
1461 cmd->error_string = update(cmd, si);
1462
1463 if (cmd->error_string)
1464 goto failure;
1465 }
1466
1467 if (ref_transaction_commit(transaction, &err)) {
1468 rp_error("%s", err.buf);
1469 reported_error = "atomic transaction failed";
1470 goto failure;
1471 }
1472 goto cleanup;
1473
1474 failure:
1475 for (cmd = commands; cmd; cmd = cmd->next)
1476 if (!cmd->error_string)
1477 cmd->error_string = reported_error;
1478
1479 cleanup:
1480 ref_transaction_free(transaction);
1481 strbuf_release(&err);
1482 }
1483
1484 static void execute_commands(struct command *commands,
1485 const char *unpacker_error,
1486 struct shallow_info *si,
1487 const struct string_list *push_options)
1488 {
1489 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1490 struct command *cmd;
1491 struct iterate_data data;
1492 struct async muxer;
1493 int err_fd = 0;
1494
1495 if (unpacker_error) {
1496 for (cmd = commands; cmd; cmd = cmd->next)
1497 cmd->error_string = "unpacker error";
1498 return;
1499 }
1500
1501 if (use_sideband) {
1502 memset(&muxer, 0, sizeof(muxer));
1503 muxer.proc = copy_to_sideband;
1504 muxer.in = -1;
1505 if (!start_async(&muxer))
1506 err_fd = muxer.in;
1507 /* ...else, continue without relaying sideband */
1508 }
1509
1510 data.cmds = commands;
1511 data.si = si;
1512 opt.err_fd = err_fd;
1513 opt.progress = err_fd && !quiet;
1514 opt.env = tmp_objdir_env(tmp_objdir);
1515 if (check_connected(iterate_receive_command_list, &data, &opt))
1516 set_connectivity_errors(commands, si);
1517
1518 if (use_sideband)
1519 finish_async(&muxer);
1520
1521 reject_updates_to_hidden(commands);
1522
1523 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1524 for (cmd = commands; cmd; cmd = cmd->next) {
1525 if (!cmd->error_string)
1526 cmd->error_string = "pre-receive hook declined";
1527 }
1528 return;
1529 }
1530
1531 /*
1532 * Now we'll start writing out refs, which means the objects need
1533 * to be in their final positions so that other processes can see them.
1534 */
1535 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1536 for (cmd = commands; cmd; cmd = cmd->next) {
1537 if (!cmd->error_string)
1538 cmd->error_string = "unable to migrate objects to permanent storage";
1539 }
1540 return;
1541 }
1542 tmp_objdir = NULL;
1543
1544 check_aliased_updates(commands);
1545
1546 free(head_name_to_free);
1547 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1548
1549 if (use_atomic)
1550 execute_commands_atomic(commands, si);
1551 else
1552 execute_commands_non_atomic(commands, si);
1553
1554 if (shallow_update)
1555 warn_if_skipped_connectivity_check(commands, si);
1556 }
1557
1558 static struct command **queue_command(struct command **tail,
1559 const char *line,
1560 int linelen)
1561 {
1562 struct object_id old_oid, new_oid;
1563 struct command *cmd;
1564 const char *refname;
1565 int reflen;
1566 const char *p;
1567
1568 if (parse_oid_hex(line, &old_oid, &p) ||
1569 *p++ != ' ' ||
1570 parse_oid_hex(p, &new_oid, &p) ||
1571 *p++ != ' ')
1572 die("protocol error: expected old/new/ref, got '%s'", line);
1573
1574 refname = p;
1575 reflen = linelen - (p - line);
1576 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1577 oidcpy(&cmd->old_oid, &old_oid);
1578 oidcpy(&cmd->new_oid, &new_oid);
1579 *tail = cmd;
1580 return &cmd->next;
1581 }
1582
1583 static void queue_commands_from_cert(struct command **tail,
1584 struct strbuf *push_cert)
1585 {
1586 const char *boc, *eoc;
1587
1588 if (*tail)
1589 die("protocol error: got both push certificate and unsigned commands");
1590
1591 boc = strstr(push_cert->buf, "\n\n");
1592 if (!boc)
1593 die("malformed push certificate %.*s", 100, push_cert->buf);
1594 else
1595 boc += 2;
1596 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1597
1598 while (boc < eoc) {
1599 const char *eol = memchr(boc, '\n', eoc - boc);
1600 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1601 boc = eol ? eol + 1 : eoc;
1602 }
1603 }
1604
1605 static struct command *read_head_info(struct packet_reader *reader,
1606 struct oid_array *shallow)
1607 {
1608 struct command *commands = NULL;
1609 struct command **p = &commands;
1610 for (;;) {
1611 int linelen;
1612
1613 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1614 break;
1615
1616 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1617 struct object_id oid;
1618 if (get_oid_hex(reader->line + 8, &oid))
1619 die("protocol error: expected shallow sha, got '%s'",
1620 reader->line + 8);
1621 oid_array_append(shallow, &oid);
1622 continue;
1623 }
1624
1625 linelen = strlen(reader->line);
1626 if (linelen < reader->pktlen) {
1627 const char *feature_list = reader->line + linelen + 1;
1628 const char *hash = NULL;
1629 int len = 0;
1630 if (parse_feature_request(feature_list, "report-status"))
1631 report_status = 1;
1632 if (parse_feature_request(feature_list, "side-band-64k"))
1633 use_sideband = LARGE_PACKET_MAX;
1634 if (parse_feature_request(feature_list, "quiet"))
1635 quiet = 1;
1636 if (advertise_atomic_push
1637 && parse_feature_request(feature_list, "atomic"))
1638 use_atomic = 1;
1639 if (advertise_push_options
1640 && parse_feature_request(feature_list, "push-options"))
1641 use_push_options = 1;
1642 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
1643 if (!hash) {
1644 hash = hash_algos[GIT_HASH_SHA1].name;
1645 len = strlen(hash);
1646 }
1647 if (xstrncmpz(the_hash_algo->name, hash, len))
1648 die("error: unsupported object format '%s'", hash);
1649 }
1650
1651 if (!strcmp(reader->line, "push-cert")) {
1652 int true_flush = 0;
1653 int saved_options = reader->options;
1654 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1655
1656 for (;;) {
1657 packet_reader_read(reader);
1658 if (reader->status == PACKET_READ_FLUSH) {
1659 true_flush = 1;
1660 break;
1661 }
1662 if (reader->status != PACKET_READ_NORMAL) {
1663 die("protocol error: got an unexpected packet");
1664 }
1665 if (!strcmp(reader->line, "push-cert-end\n"))
1666 break; /* end of cert */
1667 strbuf_addstr(&push_cert, reader->line);
1668 }
1669 reader->options = saved_options;
1670
1671 if (true_flush)
1672 break;
1673 continue;
1674 }
1675
1676 p = queue_command(p, reader->line, linelen);
1677 }
1678
1679 if (push_cert.len)
1680 queue_commands_from_cert(p, &push_cert);
1681
1682 return commands;
1683 }
1684
1685 static void read_push_options(struct packet_reader *reader,
1686 struct string_list *options)
1687 {
1688 while (1) {
1689 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1690 break;
1691
1692 string_list_append(options, reader->line);
1693 }
1694 }
1695
1696 static const char *parse_pack_header(struct pack_header *hdr)
1697 {
1698 switch (read_pack_header(0, hdr)) {
1699 case PH_ERROR_EOF:
1700 return "eof before pack header was fully read";
1701
1702 case PH_ERROR_PACK_SIGNATURE:
1703 return "protocol error (pack signature mismatch detected)";
1704
1705 case PH_ERROR_PROTOCOL:
1706 return "protocol error (pack version unsupported)";
1707
1708 default:
1709 return "unknown error in parse_pack_header";
1710
1711 case 0:
1712 return NULL;
1713 }
1714 }
1715
1716 static const char *pack_lockfile;
1717
1718 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
1719 {
1720 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1721 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1722 }
1723
1724 static const char *unpack(int err_fd, struct shallow_info *si)
1725 {
1726 struct pack_header hdr;
1727 const char *hdr_err;
1728 int status;
1729 struct child_process child = CHILD_PROCESS_INIT;
1730 int fsck_objects = (receive_fsck_objects >= 0
1731 ? receive_fsck_objects
1732 : transfer_fsck_objects >= 0
1733 ? transfer_fsck_objects
1734 : 0);
1735
1736 hdr_err = parse_pack_header(&hdr);
1737 if (hdr_err) {
1738 if (err_fd > 0)
1739 close(err_fd);
1740 return hdr_err;
1741 }
1742
1743 if (si->nr_ours || si->nr_theirs) {
1744 alt_shallow_file = setup_temporary_shallow(si->shallow);
1745 strvec_push(&child.args, "--shallow-file");
1746 strvec_push(&child.args, alt_shallow_file);
1747 }
1748
1749 tmp_objdir = tmp_objdir_create();
1750 if (!tmp_objdir) {
1751 if (err_fd > 0)
1752 close(err_fd);
1753 return "unable to create temporary object directory";
1754 }
1755 child.env = tmp_objdir_env(tmp_objdir);
1756
1757 /*
1758 * Normally we just pass the tmp_objdir environment to the child
1759 * processes that do the heavy lifting, but we may need to see these
1760 * objects ourselves to set up shallow information.
1761 */
1762 tmp_objdir_add_as_alternate(tmp_objdir);
1763
1764 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1765 strvec_push(&child.args, "unpack-objects");
1766 push_header_arg(&child.args, &hdr);
1767 if (quiet)
1768 strvec_push(&child.args, "-q");
1769 if (fsck_objects)
1770 strvec_pushf(&child.args, "--strict%s",
1771 fsck_msg_types.buf);
1772 if (max_input_size)
1773 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1774 (uintmax_t)max_input_size);
1775 child.no_stdout = 1;
1776 child.err = err_fd;
1777 child.git_cmd = 1;
1778 status = run_command(&child);
1779 if (status)
1780 return "unpack-objects abnormal exit";
1781 } else {
1782 char hostname[HOST_NAME_MAX + 1];
1783
1784 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
1785 push_header_arg(&child.args, &hdr);
1786
1787 if (xgethostname(hostname, sizeof(hostname)))
1788 xsnprintf(hostname, sizeof(hostname), "localhost");
1789 strvec_pushf(&child.args,
1790 "--keep=receive-pack %"PRIuMAX" on %s",
1791 (uintmax_t)getpid(),
1792 hostname);
1793
1794 if (!quiet && err_fd)
1795 strvec_push(&child.args, "--show-resolving-progress");
1796 if (use_sideband)
1797 strvec_push(&child.args, "--report-end-of-input");
1798 if (fsck_objects)
1799 strvec_pushf(&child.args, "--strict%s",
1800 fsck_msg_types.buf);
1801 if (!reject_thin)
1802 strvec_push(&child.args, "--fix-thin");
1803 if (max_input_size)
1804 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1805 (uintmax_t)max_input_size);
1806 child.out = -1;
1807 child.err = err_fd;
1808 child.git_cmd = 1;
1809 status = start_command(&child);
1810 if (status)
1811 return "index-pack fork failed";
1812 pack_lockfile = index_pack_lockfile(child.out);
1813 close(child.out);
1814 status = finish_command(&child);
1815 if (status)
1816 return "index-pack abnormal exit";
1817 reprepare_packed_git(the_repository);
1818 }
1819 return NULL;
1820 }
1821
1822 static const char *unpack_with_sideband(struct shallow_info *si)
1823 {
1824 struct async muxer;
1825 const char *ret;
1826
1827 if (!use_sideband)
1828 return unpack(0, si);
1829
1830 use_keepalive = KEEPALIVE_AFTER_NUL;
1831 memset(&muxer, 0, sizeof(muxer));
1832 muxer.proc = copy_to_sideband;
1833 muxer.in = -1;
1834 if (start_async(&muxer))
1835 return NULL;
1836
1837 ret = unpack(muxer.in, si);
1838
1839 finish_async(&muxer);
1840 return ret;
1841 }
1842
1843 static void prepare_shallow_update(struct shallow_info *si)
1844 {
1845 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1846
1847 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1848 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1849
1850 si->need_reachability_test =
1851 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1852 si->reachable =
1853 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1854 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1855
1856 for (i = 0; i < si->nr_ours; i++)
1857 si->need_reachability_test[si->ours[i]] = 1;
1858
1859 for (i = 0; i < si->shallow->nr; i++) {
1860 if (!si->used_shallow[i])
1861 continue;
1862 for (j = 0; j < bitmap_size; j++) {
1863 if (!si->used_shallow[i][j])
1864 continue;
1865 si->need_reachability_test[i]++;
1866 for (k = 0; k < 32; k++)
1867 if (si->used_shallow[i][j] & (1U << k))
1868 si->shallow_ref[j * 32 + k]++;
1869 }
1870
1871 /*
1872 * true for those associated with some refs and belong
1873 * in "ours" list aka "step 7 not done yet"
1874 */
1875 si->need_reachability_test[i] =
1876 si->need_reachability_test[i] > 1;
1877 }
1878
1879 /*
1880 * keep hooks happy by forcing a temporary shallow file via
1881 * env variable because we can't add --shallow-file to every
1882 * command. check_connected() will be done with
1883 * true .git/shallow though.
1884 */
1885 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1886 }
1887
1888 static void update_shallow_info(struct command *commands,
1889 struct shallow_info *si,
1890 struct oid_array *ref)
1891 {
1892 struct command *cmd;
1893 int *ref_status;
1894 remove_nonexistent_theirs_shallow(si);
1895 if (!si->nr_ours && !si->nr_theirs) {
1896 shallow_update = 0;
1897 return;
1898 }
1899
1900 for (cmd = commands; cmd; cmd = cmd->next) {
1901 if (is_null_oid(&cmd->new_oid))
1902 continue;
1903 oid_array_append(ref, &cmd->new_oid);
1904 cmd->index = ref->nr - 1;
1905 }
1906 si->ref = ref;
1907
1908 if (shallow_update) {
1909 prepare_shallow_update(si);
1910 return;
1911 }
1912
1913 ALLOC_ARRAY(ref_status, ref->nr);
1914 assign_shallow_commits_to_refs(si, NULL, ref_status);
1915 for (cmd = commands; cmd; cmd = cmd->next) {
1916 if (is_null_oid(&cmd->new_oid))
1917 continue;
1918 if (ref_status[cmd->index]) {
1919 cmd->error_string = "shallow update not allowed";
1920 cmd->skip_update = 1;
1921 }
1922 }
1923 free(ref_status);
1924 }
1925
1926 static void report(struct command *commands, const char *unpack_status)
1927 {
1928 struct command *cmd;
1929 struct strbuf buf = STRBUF_INIT;
1930
1931 packet_buf_write(&buf, "unpack %s\n",
1932 unpack_status ? unpack_status : "ok");
1933 for (cmd = commands; cmd; cmd = cmd->next) {
1934 if (!cmd->error_string)
1935 packet_buf_write(&buf, "ok %s\n",
1936 cmd->ref_name);
1937 else
1938 packet_buf_write(&buf, "ng %s %s\n",
1939 cmd->ref_name, cmd->error_string);
1940 }
1941 packet_buf_flush(&buf);
1942
1943 if (use_sideband)
1944 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1945 else
1946 write_or_die(1, buf.buf, buf.len);
1947 strbuf_release(&buf);
1948 }
1949
1950 static int delete_only(struct command *commands)
1951 {
1952 struct command *cmd;
1953 for (cmd = commands; cmd; cmd = cmd->next) {
1954 if (!is_null_oid(&cmd->new_oid))
1955 return 0;
1956 }
1957 return 1;
1958 }
1959
1960 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1961 {
1962 int advertise_refs = 0;
1963 struct command *commands;
1964 struct oid_array shallow = OID_ARRAY_INIT;
1965 struct oid_array ref = OID_ARRAY_INIT;
1966 struct shallow_info si;
1967 struct packet_reader reader;
1968
1969 struct option options[] = {
1970 OPT__QUIET(&quiet, N_("quiet")),
1971 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1972 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1973 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1974 OPT_END()
1975 };
1976
1977 packet_trace_identity("receive-pack");
1978
1979 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1980
1981 if (argc > 1)
1982 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1983 if (argc == 0)
1984 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1985
1986 service_dir = argv[0];
1987
1988 setup_path();
1989
1990 if (!enter_repo(service_dir, 0))
1991 die("'%s' does not appear to be a git repository", service_dir);
1992
1993 git_config(receive_pack_config, NULL);
1994 if (cert_nonce_seed)
1995 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1996
1997 if (0 <= transfer_unpack_limit)
1998 unpack_limit = transfer_unpack_limit;
1999 else if (0 <= receive_unpack_limit)
2000 unpack_limit = receive_unpack_limit;
2001
2002 switch (determine_protocol_version_server()) {
2003 case protocol_v2:
2004 /*
2005 * push support for protocol v2 has not been implemented yet,
2006 * so ignore the request to use v2 and fallback to using v0.
2007 */
2008 break;
2009 case protocol_v1:
2010 /*
2011 * v1 is just the original protocol with a version string,
2012 * so just fall through after writing the version string.
2013 */
2014 if (advertise_refs || !stateless_rpc)
2015 packet_write_fmt(1, "version 1\n");
2016
2017 /* fallthrough */
2018 case protocol_v0:
2019 break;
2020 case protocol_unknown_version:
2021 BUG("unknown protocol version");
2022 }
2023
2024 if (advertise_refs || !stateless_rpc) {
2025 write_head_info();
2026 }
2027 if (advertise_refs)
2028 return 0;
2029
2030 packet_reader_init(&reader, 0, NULL, 0,
2031 PACKET_READ_CHOMP_NEWLINE |
2032 PACKET_READ_DIE_ON_ERR_PACKET);
2033
2034 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2035 const char *unpack_status = NULL;
2036 struct string_list push_options = STRING_LIST_INIT_DUP;
2037
2038 if (use_push_options)
2039 read_push_options(&reader, &push_options);
2040 if (!check_cert_push_options(&push_options)) {
2041 struct command *cmd;
2042 for (cmd = commands; cmd; cmd = cmd->next)
2043 cmd->error_string = "inconsistent push options";
2044 }
2045
2046 prepare_shallow_info(&si, &shallow);
2047 if (!si.nr_ours && !si.nr_theirs)
2048 shallow_update = 0;
2049 if (!delete_only(commands)) {
2050 unpack_status = unpack_with_sideband(&si);
2051 update_shallow_info(commands, &si, &ref);
2052 }
2053 use_keepalive = KEEPALIVE_ALWAYS;
2054 execute_commands(commands, unpack_status, &si,
2055 &push_options);
2056 if (pack_lockfile)
2057 unlink_or_warn(pack_lockfile);
2058 if (report_status)
2059 report(commands, unpack_status);
2060 run_receive_hook(commands, "post-receive", 1,
2061 &push_options);
2062 run_update_post_hook(commands);
2063 string_list_clear(&push_options, 0);
2064 if (auto_gc) {
2065 const char *argv_gc_auto[] = {
2066 "gc", "--auto", "--quiet", NULL,
2067 };
2068 struct child_process proc = CHILD_PROCESS_INIT;
2069
2070 proc.no_stdin = 1;
2071 proc.stdout_to_stderr = 1;
2072 proc.err = use_sideband ? -1 : 0;
2073 proc.git_cmd = 1;
2074 proc.argv = argv_gc_auto;
2075
2076 close_object_store(the_repository->objects);
2077 if (!start_command(&proc)) {
2078 if (use_sideband)
2079 copy_to_sideband(proc.err, -1, NULL);
2080 finish_command(&proc);
2081 }
2082 }
2083 if (auto_update_server_info)
2084 update_server_info(0);
2085 clear_shallow_info(&si);
2086 }
2087 if (use_sideband)
2088 packet_flush(1);
2089 oid_array_clear(&shallow);
2090 oid_array_clear(&ref);
2091 free((void *)push_cert_nonce);
2092 return 0;
2093 }
Unnamed repository; edit this file 'description' to name the repository.