]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
config: pass kvi to die_bad_number()
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "environment.h"
6 #include "gettext.h"
7 #include "hex.h"
8 #include "lockfile.h"
9 #include "pack.h"
10 #include "refs.h"
11 #include "pkt-line.h"
12 #include "sideband.h"
13 #include "run-command.h"
14 #include "hook.h"
15 #include "exec-cmd.h"
16 #include "commit.h"
17 #include "object.h"
18 #include "remote.h"
19 #include "connect.h"
20 #include "string-list.h"
21 #include "oid-array.h"
22 #include "connected.h"
23 #include "strvec.h"
24 #include "version.h"
25 #include "tag.h"
26 #include "gpg-interface.h"
27 #include "sigchain.h"
28 #include "fsck.h"
29 #include "tmp-objdir.h"
30 #include "oidset.h"
31 #include "packfile.h"
32 #include "object-name.h"
33 #include "object-store.h"
34 #include "protocol.h"
35 #include "commit-reach.h"
36 #include "server-info.h"
37 #include "trace.h"
38 #include "trace2.h"
39 #include "worktree.h"
40 #include "shallow.h"
41 #include "parse-options.h"
42 #include "wrapper.h"
43
44 static const char * const receive_pack_usage[] = {
45 N_("git receive-pack <git-dir>"),
46 NULL
47 };
48
49 enum deny_action {
50 DENY_UNCONFIGURED,
51 DENY_IGNORE,
52 DENY_WARN,
53 DENY_REFUSE,
54 DENY_UPDATE_INSTEAD
55 };
56
57 static int deny_deletes;
58 static int deny_non_fast_forwards;
59 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
60 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
61 static int receive_fsck_objects = -1;
62 static int transfer_fsck_objects = -1;
63 static struct strbuf fsck_msg_types = STRBUF_INIT;
64 static int receive_unpack_limit = -1;
65 static int transfer_unpack_limit = -1;
66 static int advertise_atomic_push = 1;
67 static int advertise_push_options;
68 static int advertise_sid;
69 static int unpack_limit = 100;
70 static off_t max_input_size;
71 static int report_status;
72 static int report_status_v2;
73 static int use_sideband;
74 static int use_atomic;
75 static int use_push_options;
76 static int quiet;
77 static int prefer_ofs_delta = 1;
78 static int auto_update_server_info;
79 static int auto_gc = 1;
80 static int reject_thin;
81 static int stateless_rpc;
82 static const char *service_dir;
83 static const char *head_name;
84 static void *head_name_to_free;
85 static int sent_capabilities;
86 static int shallow_update;
87 static const char *alt_shallow_file;
88 static struct strbuf push_cert = STRBUF_INIT;
89 static struct object_id push_cert_oid;
90 static struct signature_check sigcheck;
91 static const char *push_cert_nonce;
92 static const char *cert_nonce_seed;
93 static struct string_list hidden_refs = STRING_LIST_INIT_DUP;
94
95 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
96 static const char *NONCE_BAD = "BAD";
97 static const char *NONCE_MISSING = "MISSING";
98 static const char *NONCE_OK = "OK";
99 static const char *NONCE_SLOP = "SLOP";
100 static const char *nonce_status;
101 static long nonce_stamp_slop;
102 static timestamp_t nonce_stamp_slop_limit;
103 static struct ref_transaction *transaction;
104
105 static enum {
106 KEEPALIVE_NEVER = 0,
107 KEEPALIVE_AFTER_NUL,
108 KEEPALIVE_ALWAYS
109 } use_keepalive;
110 static int keepalive_in_sec = 5;
111
112 static struct tmp_objdir *tmp_objdir;
113
114 static struct proc_receive_ref {
115 unsigned int want_add:1,
116 want_delete:1,
117 want_modify:1,
118 negative_ref:1;
119 char *ref_prefix;
120 struct proc_receive_ref *next;
121 } *proc_receive_ref;
122
123 static void proc_receive_ref_append(const char *prefix);
124
125 static enum deny_action parse_deny_action(const char *var, const char *value)
126 {
127 if (value) {
128 if (!strcasecmp(value, "ignore"))
129 return DENY_IGNORE;
130 if (!strcasecmp(value, "warn"))
131 return DENY_WARN;
132 if (!strcasecmp(value, "refuse"))
133 return DENY_REFUSE;
134 if (!strcasecmp(value, "updateinstead"))
135 return DENY_UPDATE_INSTEAD;
136 }
137 if (git_config_bool(var, value))
138 return DENY_REFUSE;
139 return DENY_IGNORE;
140 }
141
142 static int receive_pack_config(const char *var, const char *value,
143 const struct config_context *ctx, void *cb)
144 {
145 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
146
147 if (status)
148 return status;
149
150 if (strcmp(var, "receive.denydeletes") == 0) {
151 deny_deletes = git_config_bool(var, value);
152 return 0;
153 }
154
155 if (strcmp(var, "receive.denynonfastforwards") == 0) {
156 deny_non_fast_forwards = git_config_bool(var, value);
157 return 0;
158 }
159
160 if (strcmp(var, "receive.unpacklimit") == 0) {
161 receive_unpack_limit = git_config_int(var, value, ctx->kvi);
162 return 0;
163 }
164
165 if (strcmp(var, "transfer.unpacklimit") == 0) {
166 transfer_unpack_limit = git_config_int(var, value, ctx->kvi);
167 return 0;
168 }
169
170 if (strcmp(var, "receive.fsck.skiplist") == 0) {
171 const char *path;
172
173 if (git_config_pathname(&path, var, value))
174 return 1;
175 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
176 fsck_msg_types.len ? ',' : '=', path);
177 free((char *)path);
178 return 0;
179 }
180
181 if (skip_prefix(var, "receive.fsck.", &var)) {
182 if (is_valid_msg_type(var, value))
183 strbuf_addf(&fsck_msg_types, "%c%s=%s",
184 fsck_msg_types.len ? ',' : '=', var, value);
185 else
186 warning("skipping unknown msg id '%s'", var);
187 return 0;
188 }
189
190 if (strcmp(var, "receive.fsckobjects") == 0) {
191 receive_fsck_objects = git_config_bool(var, value);
192 return 0;
193 }
194
195 if (strcmp(var, "transfer.fsckobjects") == 0) {
196 transfer_fsck_objects = git_config_bool(var, value);
197 return 0;
198 }
199
200 if (!strcmp(var, "receive.denycurrentbranch")) {
201 deny_current_branch = parse_deny_action(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "receive.denydeletecurrent") == 0) {
206 deny_delete_current = parse_deny_action(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
211 prefer_ofs_delta = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.updateserverinfo") == 0) {
216 auto_update_server_info = git_config_bool(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.autogc") == 0) {
221 auto_gc = git_config_bool(var, value);
222 return 0;
223 }
224
225 if (strcmp(var, "receive.shallowupdate") == 0) {
226 shallow_update = git_config_bool(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.certnonceseed") == 0)
231 return git_config_string(&cert_nonce_seed, var, value);
232
233 if (strcmp(var, "receive.certnonceslop") == 0) {
234 nonce_stamp_slop_limit = git_config_ulong(var, value, ctx->kvi);
235 return 0;
236 }
237
238 if (strcmp(var, "receive.advertiseatomic") == 0) {
239 advertise_atomic_push = git_config_bool(var, value);
240 return 0;
241 }
242
243 if (strcmp(var, "receive.advertisepushoptions") == 0) {
244 advertise_push_options = git_config_bool(var, value);
245 return 0;
246 }
247
248 if (strcmp(var, "receive.keepalive") == 0) {
249 keepalive_in_sec = git_config_int(var, value, ctx->kvi);
250 return 0;
251 }
252
253 if (strcmp(var, "receive.maxinputsize") == 0) {
254 max_input_size = git_config_int64(var, value, ctx->kvi);
255 return 0;
256 }
257
258 if (strcmp(var, "receive.procreceiverefs") == 0) {
259 if (!value)
260 return config_error_nonbool(var);
261 proc_receive_ref_append(value);
262 return 0;
263 }
264
265 if (strcmp(var, "transfer.advertisesid") == 0) {
266 advertise_sid = git_config_bool(var, value);
267 return 0;
268 }
269
270 return git_default_config(var, value, ctx, cb);
271 }
272
273 static void show_ref(const char *path, const struct object_id *oid)
274 {
275 if (sent_capabilities) {
276 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
277 } else {
278 struct strbuf cap = STRBUF_INIT;
279
280 strbuf_addstr(&cap,
281 "report-status report-status-v2 delete-refs side-band-64k quiet");
282 if (advertise_atomic_push)
283 strbuf_addstr(&cap, " atomic");
284 if (prefer_ofs_delta)
285 strbuf_addstr(&cap, " ofs-delta");
286 if (push_cert_nonce)
287 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
288 if (advertise_push_options)
289 strbuf_addstr(&cap, " push-options");
290 if (advertise_sid)
291 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
292 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
293 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
294 packet_write_fmt(1, "%s %s%c%s\n",
295 oid_to_hex(oid), path, 0, cap.buf);
296 strbuf_release(&cap);
297 sent_capabilities = 1;
298 }
299 }
300
301 static int show_ref_cb(const char *path_full, const struct object_id *oid,
302 int flag UNUSED, void *data)
303 {
304 struct oidset *seen = data;
305 const char *path = strip_namespace(path_full);
306
307 if (ref_is_hidden(path, path_full, &hidden_refs))
308 return 0;
309
310 /*
311 * Advertise refs outside our current namespace as ".have"
312 * refs, so that the client can use them to minimize data
313 * transfer but will otherwise ignore them.
314 */
315 if (!path) {
316 if (oidset_insert(seen, oid))
317 return 0;
318 path = ".have";
319 } else {
320 oidset_insert(seen, oid);
321 }
322 show_ref(path, oid);
323 return 0;
324 }
325
326 static void show_one_alternate_ref(const struct object_id *oid,
327 void *data)
328 {
329 struct oidset *seen = data;
330
331 if (oidset_insert(seen, oid))
332 return;
333
334 show_ref(".have", oid);
335 }
336
337 static void write_head_info(void)
338 {
339 static struct oidset seen = OIDSET_INIT;
340
341 for_each_ref(show_ref_cb, &seen);
342 for_each_alternate_ref(show_one_alternate_ref, &seen);
343 oidset_clear(&seen);
344 if (!sent_capabilities)
345 show_ref("capabilities^{}", null_oid());
346
347 advertise_shallow_grafts(1);
348
349 /* EOF */
350 packet_flush(1);
351 }
352
353 #define RUN_PROC_RECEIVE_SCHEDULED 1
354 #define RUN_PROC_RECEIVE_RETURNED 2
355 struct command {
356 struct command *next;
357 const char *error_string;
358 struct ref_push_report *report;
359 unsigned int skip_update:1,
360 did_not_exist:1,
361 run_proc_receive:2;
362 int index;
363 struct object_id old_oid;
364 struct object_id new_oid;
365 char ref_name[FLEX_ARRAY]; /* more */
366 };
367
368 static void proc_receive_ref_append(const char *prefix)
369 {
370 struct proc_receive_ref *ref_pattern;
371 char *p;
372 int len;
373
374 CALLOC_ARRAY(ref_pattern, 1);
375 p = strchr(prefix, ':');
376 if (p) {
377 while (prefix < p) {
378 if (*prefix == 'a')
379 ref_pattern->want_add = 1;
380 else if (*prefix == 'd')
381 ref_pattern->want_delete = 1;
382 else if (*prefix == 'm')
383 ref_pattern->want_modify = 1;
384 else if (*prefix == '!')
385 ref_pattern->negative_ref = 1;
386 prefix++;
387 }
388 prefix++;
389 } else {
390 ref_pattern->want_add = 1;
391 ref_pattern->want_delete = 1;
392 ref_pattern->want_modify = 1;
393 }
394 len = strlen(prefix);
395 while (len && prefix[len - 1] == '/')
396 len--;
397 ref_pattern->ref_prefix = xmemdupz(prefix, len);
398 if (!proc_receive_ref) {
399 proc_receive_ref = ref_pattern;
400 } else {
401 struct proc_receive_ref *end;
402
403 end = proc_receive_ref;
404 while (end->next)
405 end = end->next;
406 end->next = ref_pattern;
407 }
408 }
409
410 static int proc_receive_ref_matches(struct command *cmd)
411 {
412 struct proc_receive_ref *p;
413
414 if (!proc_receive_ref)
415 return 0;
416
417 for (p = proc_receive_ref; p; p = p->next) {
418 const char *match = p->ref_prefix;
419 const char *remains;
420
421 if (!p->want_add && is_null_oid(&cmd->old_oid))
422 continue;
423 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
424 continue;
425 else if (!p->want_modify &&
426 !is_null_oid(&cmd->old_oid) &&
427 !is_null_oid(&cmd->new_oid))
428 continue;
429
430 if (skip_prefix(cmd->ref_name, match, &remains) &&
431 (!*remains || *remains == '/')) {
432 if (!p->negative_ref)
433 return 1;
434 } else if (p->negative_ref) {
435 return 1;
436 }
437 }
438 return 0;
439 }
440
441 static void report_message(const char *prefix, const char *err, va_list params)
442 {
443 int sz;
444 char msg[4096];
445
446 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
447 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
448 if (sz > (sizeof(msg) - 1))
449 sz = sizeof(msg) - 1;
450 msg[sz++] = '\n';
451
452 if (use_sideband)
453 send_sideband(1, 2, msg, sz, use_sideband);
454 else
455 xwrite(2, msg, sz);
456 }
457
458 __attribute__((format (printf, 1, 2)))
459 static void rp_warning(const char *err, ...)
460 {
461 va_list params;
462 va_start(params, err);
463 report_message("warning: ", err, params);
464 va_end(params);
465 }
466
467 __attribute__((format (printf, 1, 2)))
468 static void rp_error(const char *err, ...)
469 {
470 va_list params;
471 va_start(params, err);
472 report_message("error: ", err, params);
473 va_end(params);
474 }
475
476 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
477 {
478 char data[128];
479 int keepalive_active = 0;
480
481 if (keepalive_in_sec <= 0)
482 use_keepalive = KEEPALIVE_NEVER;
483 if (use_keepalive == KEEPALIVE_ALWAYS)
484 keepalive_active = 1;
485
486 while (1) {
487 ssize_t sz;
488
489 if (keepalive_active) {
490 struct pollfd pfd;
491 int ret;
492
493 pfd.fd = in;
494 pfd.events = POLLIN;
495 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
496
497 if (ret < 0) {
498 if (errno == EINTR)
499 continue;
500 else
501 break;
502 } else if (ret == 0) {
503 /* no data; send a keepalive packet */
504 static const char buf[] = "0005\1";
505 write_or_die(1, buf, sizeof(buf) - 1);
506 continue;
507 } /* else there is actual data to read */
508 }
509
510 sz = xread(in, data, sizeof(data));
511 if (sz <= 0)
512 break;
513
514 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
515 const char *p = memchr(data, '\0', sz);
516 if (p) {
517 /*
518 * The NUL tells us to start sending keepalives. Make
519 * sure we send any other data we read along
520 * with it.
521 */
522 keepalive_active = 1;
523 send_sideband(1, 2, data, p - data, use_sideband);
524 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
525 continue;
526 }
527 }
528
529 /*
530 * Either we're not looking for a NUL signal, or we didn't see
531 * it yet; just pass along the data.
532 */
533 send_sideband(1, 2, data, sz, use_sideband);
534 }
535 close(in);
536 return 0;
537 }
538
539 static void hmac_hash(unsigned char *out,
540 const char *key_in, size_t key_len,
541 const char *text, size_t text_len)
542 {
543 unsigned char key[GIT_MAX_BLKSZ];
544 unsigned char k_ipad[GIT_MAX_BLKSZ];
545 unsigned char k_opad[GIT_MAX_BLKSZ];
546 int i;
547 git_hash_ctx ctx;
548
549 /* RFC 2104 2. (1) */
550 memset(key, '\0', GIT_MAX_BLKSZ);
551 if (the_hash_algo->blksz < key_len) {
552 the_hash_algo->init_fn(&ctx);
553 the_hash_algo->update_fn(&ctx, key_in, key_len);
554 the_hash_algo->final_fn(key, &ctx);
555 } else {
556 memcpy(key, key_in, key_len);
557 }
558
559 /* RFC 2104 2. (2) & (5) */
560 for (i = 0; i < sizeof(key); i++) {
561 k_ipad[i] = key[i] ^ 0x36;
562 k_opad[i] = key[i] ^ 0x5c;
563 }
564
565 /* RFC 2104 2. (3) & (4) */
566 the_hash_algo->init_fn(&ctx);
567 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
568 the_hash_algo->update_fn(&ctx, text, text_len);
569 the_hash_algo->final_fn(out, &ctx);
570
571 /* RFC 2104 2. (6) & (7) */
572 the_hash_algo->init_fn(&ctx);
573 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
574 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
575 the_hash_algo->final_fn(out, &ctx);
576 }
577
578 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
579 {
580 struct strbuf buf = STRBUF_INIT;
581 unsigned char hash[GIT_MAX_RAWSZ];
582
583 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
584 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
585 strbuf_release(&buf);
586
587 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
588 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
589 return strbuf_detach(&buf, NULL);
590 }
591
592 static char *find_header(const char *msg, size_t len, const char *key,
593 const char **next_line)
594 {
595 size_t out_len;
596 const char *val = find_header_mem(msg, len, key, &out_len);
597
598 if (!val)
599 return NULL;
600
601 if (next_line)
602 *next_line = val + out_len + 1;
603
604 return xmemdupz(val, out_len);
605 }
606
607 /*
608 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
609 * This operation is guaranteed to run in constant time to avoid leaking data.
610 */
611 static int constant_memequal(const char *a, const char *b, size_t n)
612 {
613 int res = 0;
614 size_t i;
615
616 for (i = 0; i < n; i++)
617 res |= a[i] ^ b[i];
618 return res;
619 }
620
621 static const char *check_nonce(const char *buf, size_t len)
622 {
623 char *nonce = find_header(buf, len, "nonce", NULL);
624 timestamp_t stamp, ostamp;
625 char *bohmac, *expect = NULL;
626 const char *retval = NONCE_BAD;
627 size_t noncelen;
628
629 if (!nonce) {
630 retval = NONCE_MISSING;
631 goto leave;
632 } else if (!push_cert_nonce) {
633 retval = NONCE_UNSOLICITED;
634 goto leave;
635 } else if (!strcmp(push_cert_nonce, nonce)) {
636 retval = NONCE_OK;
637 goto leave;
638 }
639
640 if (!stateless_rpc) {
641 /* returned nonce MUST match what we gave out earlier */
642 retval = NONCE_BAD;
643 goto leave;
644 }
645
646 /*
647 * In stateless mode, we may be receiving a nonce issued by
648 * another instance of the server that serving the same
649 * repository, and the timestamps may not match, but the
650 * nonce-seed and dir should match, so we can recompute and
651 * report the time slop.
652 *
653 * In addition, when a nonce issued by another instance has
654 * timestamp within receive.certnonceslop seconds, we pretend
655 * as if we issued that nonce when reporting to the hook.
656 */
657
658 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
659 if (*nonce <= '0' || '9' < *nonce) {
660 retval = NONCE_BAD;
661 goto leave;
662 }
663 stamp = parse_timestamp(nonce, &bohmac, 10);
664 if (bohmac == nonce || bohmac[0] != '-') {
665 retval = NONCE_BAD;
666 goto leave;
667 }
668
669 noncelen = strlen(nonce);
670 expect = prepare_push_cert_nonce(service_dir, stamp);
671 if (noncelen != strlen(expect)) {
672 /* This is not even the right size. */
673 retval = NONCE_BAD;
674 goto leave;
675 }
676 if (constant_memequal(expect, nonce, noncelen)) {
677 /* Not what we would have signed earlier */
678 retval = NONCE_BAD;
679 goto leave;
680 }
681
682 /*
683 * By how many seconds is this nonce stale? Negative value
684 * would mean it was issued by another server with its clock
685 * skewed in the future.
686 */
687 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
688 nonce_stamp_slop = (long)ostamp - (long)stamp;
689
690 if (nonce_stamp_slop_limit &&
691 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
692 /*
693 * Pretend as if the received nonce (which passes the
694 * HMAC check, so it is not a forged by third-party)
695 * is what we issued.
696 */
697 free((void *)push_cert_nonce);
698 push_cert_nonce = xstrdup(nonce);
699 retval = NONCE_OK;
700 } else {
701 retval = NONCE_SLOP;
702 }
703
704 leave:
705 free(nonce);
706 free(expect);
707 return retval;
708 }
709
710 /*
711 * Return 1 if there is no push_cert or if the push options in push_cert are
712 * the same as those in the argument; 0 otherwise.
713 */
714 static int check_cert_push_options(const struct string_list *push_options)
715 {
716 const char *buf = push_cert.buf;
717 int len = push_cert.len;
718
719 char *option;
720 const char *next_line;
721 int options_seen = 0;
722
723 int retval = 1;
724
725 if (!len)
726 return 1;
727
728 while ((option = find_header(buf, len, "push-option", &next_line))) {
729 len -= (next_line - buf);
730 buf = next_line;
731 options_seen++;
732 if (options_seen > push_options->nr
733 || strcmp(option,
734 push_options->items[options_seen - 1].string)) {
735 retval = 0;
736 goto leave;
737 }
738 free(option);
739 }
740
741 if (options_seen != push_options->nr)
742 retval = 0;
743
744 leave:
745 free(option);
746 return retval;
747 }
748
749 static void prepare_push_cert_sha1(struct child_process *proc)
750 {
751 static int already_done;
752
753 if (!push_cert.len)
754 return;
755
756 if (!already_done) {
757 int bogs /* beginning_of_gpg_sig */;
758
759 already_done = 1;
760 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
761 &push_cert_oid))
762 oidclr(&push_cert_oid);
763
764 memset(&sigcheck, '\0', sizeof(sigcheck));
765
766 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
767 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
768 sigcheck.payload_len = bogs;
769 check_signature(&sigcheck, push_cert.buf + bogs,
770 push_cert.len - bogs);
771
772 nonce_status = check_nonce(push_cert.buf, bogs);
773 }
774 if (!is_null_oid(&push_cert_oid)) {
775 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
776 oid_to_hex(&push_cert_oid));
777 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
778 sigcheck.signer ? sigcheck.signer : "");
779 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
780 sigcheck.key ? sigcheck.key : "");
781 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
782 sigcheck.result);
783 if (push_cert_nonce) {
784 strvec_pushf(&proc->env,
785 "GIT_PUSH_CERT_NONCE=%s",
786 push_cert_nonce);
787 strvec_pushf(&proc->env,
788 "GIT_PUSH_CERT_NONCE_STATUS=%s",
789 nonce_status);
790 if (nonce_status == NONCE_SLOP)
791 strvec_pushf(&proc->env,
792 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
793 nonce_stamp_slop);
794 }
795 }
796 }
797
798 struct receive_hook_feed_state {
799 struct command *cmd;
800 struct ref_push_report *report;
801 int skip_broken;
802 struct strbuf buf;
803 const struct string_list *push_options;
804 };
805
806 typedef int (*feed_fn)(void *, const char **, size_t *);
807 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
808 struct receive_hook_feed_state *feed_state)
809 {
810 struct child_process proc = CHILD_PROCESS_INIT;
811 struct async muxer;
812 int code;
813 const char *hook_path = find_hook(hook_name);
814
815 if (!hook_path)
816 return 0;
817
818 strvec_push(&proc.args, hook_path);
819 proc.in = -1;
820 proc.stdout_to_stderr = 1;
821 proc.trace2_hook_name = hook_name;
822
823 if (feed_state->push_options) {
824 size_t i;
825 for (i = 0; i < feed_state->push_options->nr; i++)
826 strvec_pushf(&proc.env,
827 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
828 (uintmax_t)i,
829 feed_state->push_options->items[i].string);
830 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
831 (uintmax_t)feed_state->push_options->nr);
832 } else
833 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
834
835 if (tmp_objdir)
836 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
837
838 if (use_sideband) {
839 memset(&muxer, 0, sizeof(muxer));
840 muxer.proc = copy_to_sideband;
841 muxer.in = -1;
842 code = start_async(&muxer);
843 if (code)
844 return code;
845 proc.err = muxer.in;
846 }
847
848 prepare_push_cert_sha1(&proc);
849
850 code = start_command(&proc);
851 if (code) {
852 if (use_sideband)
853 finish_async(&muxer);
854 return code;
855 }
856
857 sigchain_push(SIGPIPE, SIG_IGN);
858
859 while (1) {
860 const char *buf;
861 size_t n;
862 if (feed(feed_state, &buf, &n))
863 break;
864 if (write_in_full(proc.in, buf, n) < 0)
865 break;
866 }
867 close(proc.in);
868 if (use_sideband)
869 finish_async(&muxer);
870
871 sigchain_pop(SIGPIPE);
872
873 return finish_command(&proc);
874 }
875
876 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
877 {
878 struct receive_hook_feed_state *state = state_;
879 struct command *cmd = state->cmd;
880
881 while (cmd &&
882 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
883 cmd = cmd->next;
884 if (!cmd)
885 return -1; /* EOF */
886 if (!bufp)
887 return 0; /* OK, can feed something. */
888 strbuf_reset(&state->buf);
889 if (!state->report)
890 state->report = cmd->report;
891 if (state->report) {
892 struct object_id *old_oid;
893 struct object_id *new_oid;
894 const char *ref_name;
895
896 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
897 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
898 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
899 strbuf_addf(&state->buf, "%s %s %s\n",
900 oid_to_hex(old_oid), oid_to_hex(new_oid),
901 ref_name);
902 state->report = state->report->next;
903 if (!state->report)
904 state->cmd = cmd->next;
905 } else {
906 strbuf_addf(&state->buf, "%s %s %s\n",
907 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
908 cmd->ref_name);
909 state->cmd = cmd->next;
910 }
911 if (bufp) {
912 *bufp = state->buf.buf;
913 *sizep = state->buf.len;
914 }
915 return 0;
916 }
917
918 static int run_receive_hook(struct command *commands,
919 const char *hook_name,
920 int skip_broken,
921 const struct string_list *push_options)
922 {
923 struct receive_hook_feed_state state;
924 int status;
925
926 strbuf_init(&state.buf, 0);
927 state.cmd = commands;
928 state.skip_broken = skip_broken;
929 state.report = NULL;
930 if (feed_receive_hook(&state, NULL, NULL))
931 return 0;
932 state.cmd = commands;
933 state.push_options = push_options;
934 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
935 strbuf_release(&state.buf);
936 return status;
937 }
938
939 static int run_update_hook(struct command *cmd)
940 {
941 struct child_process proc = CHILD_PROCESS_INIT;
942 int code;
943 const char *hook_path = find_hook("update");
944
945 if (!hook_path)
946 return 0;
947
948 strvec_push(&proc.args, hook_path);
949 strvec_push(&proc.args, cmd->ref_name);
950 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
951 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
952
953 proc.no_stdin = 1;
954 proc.stdout_to_stderr = 1;
955 proc.err = use_sideband ? -1 : 0;
956 proc.trace2_hook_name = "update";
957
958 code = start_command(&proc);
959 if (code)
960 return code;
961 if (use_sideband)
962 copy_to_sideband(proc.err, -1, NULL);
963 return finish_command(&proc);
964 }
965
966 static struct command *find_command_by_refname(struct command *list,
967 const char *refname)
968 {
969 for (; list; list = list->next)
970 if (!strcmp(list->ref_name, refname))
971 return list;
972 return NULL;
973 }
974
975 static int read_proc_receive_report(struct packet_reader *reader,
976 struct command *commands,
977 struct strbuf *errmsg)
978 {
979 struct command *cmd;
980 struct command *hint = NULL;
981 struct ref_push_report *report = NULL;
982 int new_report = 0;
983 int code = 0;
984 int once = 0;
985 int response = 0;
986
987 for (;;) {
988 struct object_id old_oid, new_oid;
989 const char *head;
990 const char *refname;
991 char *p;
992 enum packet_read_status status;
993
994 status = packet_reader_read(reader);
995 if (status != PACKET_READ_NORMAL) {
996 /* Check whether proc-receive exited abnormally */
997 if (status == PACKET_READ_EOF && !response) {
998 strbuf_addstr(errmsg, "proc-receive exited abnormally");
999 return -1;
1000 }
1001 break;
1002 }
1003 response++;
1004
1005 head = reader->line;
1006 p = strchr(head, ' ');
1007 if (!p) {
1008 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1009 code = -1;
1010 continue;
1011 }
1012 *p++ = '\0';
1013 if (!strcmp(head, "option")) {
1014 const char *key, *val;
1015
1016 if (!hint || !(report || new_report)) {
1017 if (!once++)
1018 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1019 code = -1;
1020 continue;
1021 }
1022 if (new_report) {
1023 if (!hint->report) {
1024 CALLOC_ARRAY(hint->report, 1);
1025 report = hint->report;
1026 } else {
1027 report = hint->report;
1028 while (report->next)
1029 report = report->next;
1030 report->next = xcalloc(1, sizeof(struct ref_push_report));
1031 report = report->next;
1032 }
1033 new_report = 0;
1034 }
1035 key = p;
1036 p = strchr(key, ' ');
1037 if (p)
1038 *p++ = '\0';
1039 val = p;
1040 if (!strcmp(key, "refname"))
1041 report->ref_name = xstrdup_or_null(val);
1042 else if (!strcmp(key, "old-oid") && val &&
1043 !parse_oid_hex(val, &old_oid, &val))
1044 report->old_oid = oiddup(&old_oid);
1045 else if (!strcmp(key, "new-oid") && val &&
1046 !parse_oid_hex(val, &new_oid, &val))
1047 report->new_oid = oiddup(&new_oid);
1048 else if (!strcmp(key, "forced-update"))
1049 report->forced_update = 1;
1050 else if (!strcmp(key, "fall-through"))
1051 /* Fall through, let 'receive-pack' to execute it. */
1052 hint->run_proc_receive = 0;
1053 continue;
1054 }
1055
1056 report = NULL;
1057 new_report = 0;
1058 refname = p;
1059 p = strchr(refname, ' ');
1060 if (p)
1061 *p++ = '\0';
1062 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1063 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1064 head, refname);
1065 code = -1;
1066 continue;
1067 }
1068
1069 /* first try searching at our hint, falling back to all refs */
1070 if (hint)
1071 hint = find_command_by_refname(hint, refname);
1072 if (!hint)
1073 hint = find_command_by_refname(commands, refname);
1074 if (!hint) {
1075 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1076 refname);
1077 code = -1;
1078 continue;
1079 }
1080 if (!hint->run_proc_receive) {
1081 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1082 refname);
1083 code = -1;
1084 continue;
1085 }
1086 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1087 if (!strcmp(head, "ng")) {
1088 if (p)
1089 hint->error_string = xstrdup(p);
1090 else
1091 hint->error_string = "failed";
1092 code = -1;
1093 continue;
1094 }
1095 new_report = 1;
1096 }
1097
1098 for (cmd = commands; cmd; cmd = cmd->next)
1099 if (cmd->run_proc_receive && !cmd->error_string &&
1100 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1101 cmd->error_string = "proc-receive failed to report status";
1102 code = -1;
1103 }
1104 return code;
1105 }
1106
1107 static int run_proc_receive_hook(struct command *commands,
1108 const struct string_list *push_options)
1109 {
1110 struct child_process proc = CHILD_PROCESS_INIT;
1111 struct async muxer;
1112 struct command *cmd;
1113 struct packet_reader reader;
1114 struct strbuf cap = STRBUF_INIT;
1115 struct strbuf errmsg = STRBUF_INIT;
1116 int hook_use_push_options = 0;
1117 int version = 0;
1118 int code;
1119 const char *hook_path = find_hook("proc-receive");
1120
1121 if (!hook_path) {
1122 rp_error("cannot find hook 'proc-receive'");
1123 return -1;
1124 }
1125
1126 strvec_push(&proc.args, hook_path);
1127 proc.in = -1;
1128 proc.out = -1;
1129 proc.trace2_hook_name = "proc-receive";
1130
1131 if (use_sideband) {
1132 memset(&muxer, 0, sizeof(muxer));
1133 muxer.proc = copy_to_sideband;
1134 muxer.in = -1;
1135 code = start_async(&muxer);
1136 if (code)
1137 return code;
1138 proc.err = muxer.in;
1139 } else {
1140 proc.err = 0;
1141 }
1142
1143 code = start_command(&proc);
1144 if (code) {
1145 if (use_sideband)
1146 finish_async(&muxer);
1147 return code;
1148 }
1149
1150 sigchain_push(SIGPIPE, SIG_IGN);
1151
1152 /* Version negotiaton */
1153 packet_reader_init(&reader, proc.out, NULL, 0,
1154 PACKET_READ_CHOMP_NEWLINE |
1155 PACKET_READ_GENTLE_ON_EOF);
1156 if (use_atomic)
1157 strbuf_addstr(&cap, " atomic");
1158 if (use_push_options)
1159 strbuf_addstr(&cap, " push-options");
1160 if (cap.len) {
1161 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1162 strbuf_release(&cap);
1163 } else {
1164 code = packet_write_fmt_gently(proc.in, "version=1\n");
1165 }
1166 if (!code)
1167 code = packet_flush_gently(proc.in);
1168
1169 if (!code)
1170 for (;;) {
1171 int linelen;
1172 enum packet_read_status status;
1173
1174 status = packet_reader_read(&reader);
1175 if (status != PACKET_READ_NORMAL) {
1176 /* Check whether proc-receive exited abnormally */
1177 if (status == PACKET_READ_EOF)
1178 code = -1;
1179 break;
1180 }
1181
1182 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1183 version = atoi(reader.line + 8);
1184 linelen = strlen(reader.line);
1185 if (linelen < reader.pktlen) {
1186 const char *feature_list = reader.line + linelen + 1;
1187 if (parse_feature_request(feature_list, "push-options"))
1188 hook_use_push_options = 1;
1189 }
1190 }
1191 }
1192
1193 if (code) {
1194 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1195 goto cleanup;
1196 }
1197
1198 switch (version) {
1199 case 0:
1200 /* fallthrough */
1201 case 1:
1202 break;
1203 default:
1204 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1205 version);
1206 code = -1;
1207 goto cleanup;
1208 }
1209
1210 /* Send commands */
1211 for (cmd = commands; cmd; cmd = cmd->next) {
1212 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1213 continue;
1214 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1215 oid_to_hex(&cmd->old_oid),
1216 oid_to_hex(&cmd->new_oid),
1217 cmd->ref_name);
1218 if (code)
1219 break;
1220 }
1221 if (!code)
1222 code = packet_flush_gently(proc.in);
1223 if (code) {
1224 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1225 goto cleanup;
1226 }
1227
1228 /* Send push options */
1229 if (hook_use_push_options) {
1230 struct string_list_item *item;
1231
1232 for_each_string_list_item(item, push_options) {
1233 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1234 if (code)
1235 break;
1236 }
1237 if (!code)
1238 code = packet_flush_gently(proc.in);
1239 if (code) {
1240 strbuf_addstr(&errmsg,
1241 "fail to write push-options to proc-receive hook");
1242 goto cleanup;
1243 }
1244 }
1245
1246 /* Read result from proc-receive */
1247 code = read_proc_receive_report(&reader, commands, &errmsg);
1248
1249 cleanup:
1250 close(proc.in);
1251 close(proc.out);
1252 if (use_sideband)
1253 finish_async(&muxer);
1254 if (finish_command(&proc))
1255 code = -1;
1256 if (errmsg.len >0) {
1257 char *p = errmsg.buf;
1258
1259 p += errmsg.len - 1;
1260 if (*p == '\n')
1261 *p = '\0';
1262 rp_error("%s", errmsg.buf);
1263 strbuf_release(&errmsg);
1264 }
1265 sigchain_pop(SIGPIPE);
1266
1267 return code;
1268 }
1269
1270 static char *refuse_unconfigured_deny_msg =
1271 N_("By default, updating the current branch in a non-bare repository\n"
1272 "is denied, because it will make the index and work tree inconsistent\n"
1273 "with what you pushed, and will require 'git reset --hard' to match\n"
1274 "the work tree to HEAD.\n"
1275 "\n"
1276 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1277 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1278 "its current branch; however, this is not recommended unless you\n"
1279 "arranged to update its work tree to match what you pushed in some\n"
1280 "other way.\n"
1281 "\n"
1282 "To squelch this message and still keep the default behaviour, set\n"
1283 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1284
1285 static void refuse_unconfigured_deny(void)
1286 {
1287 rp_error("%s", _(refuse_unconfigured_deny_msg));
1288 }
1289
1290 static char *refuse_unconfigured_deny_delete_current_msg =
1291 N_("By default, deleting the current branch is denied, because the next\n"
1292 "'git clone' won't result in any file checked out, causing confusion.\n"
1293 "\n"
1294 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1295 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1296 "current branch, with or without a warning message.\n"
1297 "\n"
1298 "To squelch this message, you can set it to 'refuse'.");
1299
1300 static void refuse_unconfigured_deny_delete_current(void)
1301 {
1302 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1303 }
1304
1305 static const struct object_id *command_singleton_iterator(void *cb_data);
1306 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1307 {
1308 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1309 struct oid_array extra = OID_ARRAY_INIT;
1310 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1311 uint32_t mask = 1 << (cmd->index % 32);
1312 int i;
1313
1314 trace_printf_key(&trace_shallow,
1315 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1316 for (i = 0; i < si->shallow->nr; i++)
1317 if (si->used_shallow[i] &&
1318 (si->used_shallow[i][cmd->index / 32] & mask) &&
1319 !delayed_reachability_test(si, i))
1320 oid_array_append(&extra, &si->shallow->oid[i]);
1321
1322 opt.env = tmp_objdir_env(tmp_objdir);
1323 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1324 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1325 rollback_shallow_file(the_repository, &shallow_lock);
1326 oid_array_clear(&extra);
1327 return -1;
1328 }
1329
1330 commit_shallow_file(the_repository, &shallow_lock);
1331
1332 /*
1333 * Make sure setup_alternate_shallow() for the next ref does
1334 * not lose these new roots..
1335 */
1336 for (i = 0; i < extra.nr; i++)
1337 register_shallow(the_repository, &extra.oid[i]);
1338
1339 si->shallow_ref[cmd->index] = 0;
1340 oid_array_clear(&extra);
1341 return 0;
1342 }
1343
1344 /*
1345 * NEEDSWORK: we should consolidate various implementions of "are we
1346 * on an unborn branch?" test into one, and make the unified one more
1347 * robust. !get_sha1() based check used here and elsewhere would not
1348 * allow us to tell an unborn branch from corrupt ref, for example.
1349 * For the purpose of fixing "deploy-to-update does not work when
1350 * pushing into an empty repository" issue, this should suffice for
1351 * now.
1352 */
1353 static int head_has_history(void)
1354 {
1355 struct object_id oid;
1356
1357 return !repo_get_oid(the_repository, "HEAD", &oid);
1358 }
1359
1360 static const char *push_to_deploy(unsigned char *sha1,
1361 struct strvec *env,
1362 const char *work_tree)
1363 {
1364 struct child_process child = CHILD_PROCESS_INIT;
1365
1366 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1367 "--refresh", NULL);
1368 strvec_pushv(&child.env, env->v);
1369 child.dir = work_tree;
1370 child.no_stdin = 1;
1371 child.stdout_to_stderr = 1;
1372 child.git_cmd = 1;
1373 if (run_command(&child))
1374 return "Up-to-date check failed";
1375
1376 /* run_command() does not clean up completely; reinitialize */
1377 child_process_init(&child);
1378 strvec_pushl(&child.args, "diff-files", "--quiet",
1379 "--ignore-submodules", "--", NULL);
1380 strvec_pushv(&child.env, env->v);
1381 child.dir = work_tree;
1382 child.no_stdin = 1;
1383 child.stdout_to_stderr = 1;
1384 child.git_cmd = 1;
1385 if (run_command(&child))
1386 return "Working directory has unstaged changes";
1387
1388 child_process_init(&child);
1389 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1390 "--ignore-submodules",
1391 /* diff-index with either HEAD or an empty tree */
1392 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1393 "--", NULL);
1394 strvec_pushv(&child.env, env->v);
1395 child.no_stdin = 1;
1396 child.no_stdout = 1;
1397 child.stdout_to_stderr = 0;
1398 child.git_cmd = 1;
1399 if (run_command(&child))
1400 return "Working directory has staged changes";
1401
1402 child_process_init(&child);
1403 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1404 NULL);
1405 strvec_pushv(&child.env, env->v);
1406 child.dir = work_tree;
1407 child.no_stdin = 1;
1408 child.no_stdout = 1;
1409 child.stdout_to_stderr = 0;
1410 child.git_cmd = 1;
1411 if (run_command(&child))
1412 return "Could not update working tree to new HEAD";
1413
1414 return NULL;
1415 }
1416
1417 static const char *push_to_checkout_hook = "push-to-checkout";
1418
1419 static const char *push_to_checkout(unsigned char *hash,
1420 int *invoked_hook,
1421 struct strvec *env,
1422 const char *work_tree)
1423 {
1424 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1425 opt.invoked_hook = invoked_hook;
1426
1427 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1428 strvec_pushv(&opt.env, env->v);
1429 strvec_push(&opt.args, hash_to_hex(hash));
1430 if (run_hooks_opt(push_to_checkout_hook, &opt))
1431 return "push-to-checkout hook declined";
1432 else
1433 return NULL;
1434 }
1435
1436 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1437 {
1438 const char *retval, *git_dir;
1439 struct strvec env = STRVEC_INIT;
1440 int invoked_hook;
1441
1442 if (!worktree || !worktree->path)
1443 BUG("worktree->path must be non-NULL");
1444
1445 if (worktree->is_bare)
1446 return "denyCurrentBranch = updateInstead needs a worktree";
1447 git_dir = get_worktree_git_dir(worktree);
1448
1449 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1450
1451 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1452 if (!invoked_hook)
1453 retval = push_to_deploy(sha1, &env, worktree->path);
1454
1455 strvec_clear(&env);
1456 return retval;
1457 }
1458
1459 static const char *update(struct command *cmd, struct shallow_info *si)
1460 {
1461 const char *name = cmd->ref_name;
1462 struct strbuf namespaced_name_buf = STRBUF_INIT;
1463 static char *namespaced_name;
1464 const char *ret;
1465 struct object_id *old_oid = &cmd->old_oid;
1466 struct object_id *new_oid = &cmd->new_oid;
1467 int do_update_worktree = 0;
1468 struct worktree **worktrees = get_worktrees();
1469 const struct worktree *worktree =
1470 find_shared_symref(worktrees, "HEAD", name);
1471
1472 /* only refs/... are allowed */
1473 if (!starts_with(name, "refs/") ||
1474 check_refname_format(name + 5, is_null_oid(new_oid) ?
1475 REFNAME_ALLOW_ONELEVEL : 0)) {
1476 rp_error("refusing to update funny ref '%s' remotely", name);
1477 ret = "funny refname";
1478 goto out;
1479 }
1480
1481 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1482 free(namespaced_name);
1483 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1484
1485 if (worktree && !worktree->is_bare) {
1486 switch (deny_current_branch) {
1487 case DENY_IGNORE:
1488 break;
1489 case DENY_WARN:
1490 rp_warning("updating the current branch");
1491 break;
1492 case DENY_REFUSE:
1493 case DENY_UNCONFIGURED:
1494 rp_error("refusing to update checked out branch: %s", name);
1495 if (deny_current_branch == DENY_UNCONFIGURED)
1496 refuse_unconfigured_deny();
1497 ret = "branch is currently checked out";
1498 goto out;
1499 case DENY_UPDATE_INSTEAD:
1500 /* pass -- let other checks intervene first */
1501 do_update_worktree = 1;
1502 break;
1503 }
1504 }
1505
1506 if (!is_null_oid(new_oid) && !repo_has_object_file(the_repository, new_oid)) {
1507 error("unpack should have generated %s, "
1508 "but I can't find it!", oid_to_hex(new_oid));
1509 ret = "bad pack";
1510 goto out;
1511 }
1512
1513 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1514 if (deny_deletes && starts_with(name, "refs/heads/")) {
1515 rp_error("denying ref deletion for %s", name);
1516 ret = "deletion prohibited";
1517 goto out;
1518 }
1519
1520 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1521 switch (deny_delete_current) {
1522 case DENY_IGNORE:
1523 break;
1524 case DENY_WARN:
1525 rp_warning("deleting the current branch");
1526 break;
1527 case DENY_REFUSE:
1528 case DENY_UNCONFIGURED:
1529 case DENY_UPDATE_INSTEAD:
1530 if (deny_delete_current == DENY_UNCONFIGURED)
1531 refuse_unconfigured_deny_delete_current();
1532 rp_error("refusing to delete the current branch: %s", name);
1533 ret = "deletion of the current branch prohibited";
1534 goto out;
1535 default:
1536 ret = "Invalid denyDeleteCurrent setting";
1537 goto out;
1538 }
1539 }
1540 }
1541
1542 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1543 !is_null_oid(old_oid) &&
1544 starts_with(name, "refs/heads/")) {
1545 struct object *old_object, *new_object;
1546 struct commit *old_commit, *new_commit;
1547
1548 old_object = parse_object(the_repository, old_oid);
1549 new_object = parse_object(the_repository, new_oid);
1550
1551 if (!old_object || !new_object ||
1552 old_object->type != OBJ_COMMIT ||
1553 new_object->type != OBJ_COMMIT) {
1554 error("bad sha1 objects for %s", name);
1555 ret = "bad ref";
1556 goto out;
1557 }
1558 old_commit = (struct commit *)old_object;
1559 new_commit = (struct commit *)new_object;
1560 if (!repo_in_merge_bases(the_repository, old_commit, new_commit)) {
1561 rp_error("denying non-fast-forward %s"
1562 " (you should pull first)", name);
1563 ret = "non-fast-forward";
1564 goto out;
1565 }
1566 }
1567 if (run_update_hook(cmd)) {
1568 rp_error("hook declined to update %s", name);
1569 ret = "hook declined";
1570 goto out;
1571 }
1572
1573 if (do_update_worktree) {
1574 ret = update_worktree(new_oid->hash, worktree);
1575 if (ret)
1576 goto out;
1577 }
1578
1579 if (is_null_oid(new_oid)) {
1580 struct strbuf err = STRBUF_INIT;
1581 if (!parse_object(the_repository, old_oid)) {
1582 old_oid = NULL;
1583 if (ref_exists(name)) {
1584 rp_warning("allowing deletion of corrupt ref");
1585 } else {
1586 rp_warning("deleting a non-existent ref");
1587 cmd->did_not_exist = 1;
1588 }
1589 }
1590 if (ref_transaction_delete(transaction,
1591 namespaced_name,
1592 old_oid,
1593 0, "push", &err)) {
1594 rp_error("%s", err.buf);
1595 ret = "failed to delete";
1596 } else {
1597 ret = NULL; /* good */
1598 }
1599 strbuf_release(&err);
1600 }
1601 else {
1602 struct strbuf err = STRBUF_INIT;
1603 if (shallow_update && si->shallow_ref[cmd->index] &&
1604 update_shallow_ref(cmd, si)) {
1605 ret = "shallow error";
1606 goto out;
1607 }
1608
1609 if (ref_transaction_update(transaction,
1610 namespaced_name,
1611 new_oid, old_oid,
1612 0, "push",
1613 &err)) {
1614 rp_error("%s", err.buf);
1615 ret = "failed to update ref";
1616 } else {
1617 ret = NULL; /* good */
1618 }
1619 strbuf_release(&err);
1620 }
1621
1622 out:
1623 free_worktrees(worktrees);
1624 return ret;
1625 }
1626
1627 static void run_update_post_hook(struct command *commands)
1628 {
1629 struct command *cmd;
1630 struct child_process proc = CHILD_PROCESS_INIT;
1631 const char *hook;
1632
1633 hook = find_hook("post-update");
1634 if (!hook)
1635 return;
1636
1637 for (cmd = commands; cmd; cmd = cmd->next) {
1638 if (cmd->error_string || cmd->did_not_exist)
1639 continue;
1640 if (!proc.args.nr)
1641 strvec_push(&proc.args, hook);
1642 strvec_push(&proc.args, cmd->ref_name);
1643 }
1644 if (!proc.args.nr)
1645 return;
1646
1647 proc.no_stdin = 1;
1648 proc.stdout_to_stderr = 1;
1649 proc.err = use_sideband ? -1 : 0;
1650 proc.trace2_hook_name = "post-update";
1651
1652 if (!start_command(&proc)) {
1653 if (use_sideband)
1654 copy_to_sideband(proc.err, -1, NULL);
1655 finish_command(&proc);
1656 }
1657 }
1658
1659 static void check_aliased_update_internal(struct command *cmd,
1660 struct string_list *list,
1661 const char *dst_name, int flag)
1662 {
1663 struct string_list_item *item;
1664 struct command *dst_cmd;
1665
1666 if (!(flag & REF_ISSYMREF))
1667 return;
1668
1669 if (!dst_name) {
1670 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1671 cmd->skip_update = 1;
1672 cmd->error_string = "broken symref";
1673 return;
1674 }
1675 dst_name = strip_namespace(dst_name);
1676
1677 if (!(item = string_list_lookup(list, dst_name)))
1678 return;
1679
1680 cmd->skip_update = 1;
1681
1682 dst_cmd = (struct command *) item->util;
1683
1684 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1685 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1686 return;
1687
1688 dst_cmd->skip_update = 1;
1689
1690 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1691 " its target '%s' (%s..%s)",
1692 cmd->ref_name,
1693 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV),
1694 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV),
1695 dst_cmd->ref_name,
1696 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV),
1697 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV));
1698
1699 cmd->error_string = dst_cmd->error_string =
1700 "inconsistent aliased update";
1701 }
1702
1703 static void check_aliased_update(struct command *cmd, struct string_list *list)
1704 {
1705 struct strbuf buf = STRBUF_INIT;
1706 const char *dst_name;
1707 int flag;
1708
1709 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1710 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1711 check_aliased_update_internal(cmd, list, dst_name, flag);
1712 strbuf_release(&buf);
1713 }
1714
1715 static void check_aliased_updates(struct command *commands)
1716 {
1717 struct command *cmd;
1718 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1719
1720 for (cmd = commands; cmd; cmd = cmd->next) {
1721 struct string_list_item *item =
1722 string_list_append(&ref_list, cmd->ref_name);
1723 item->util = (void *)cmd;
1724 }
1725 string_list_sort(&ref_list);
1726
1727 for (cmd = commands; cmd; cmd = cmd->next) {
1728 if (!cmd->error_string)
1729 check_aliased_update(cmd, &ref_list);
1730 }
1731
1732 string_list_clear(&ref_list, 0);
1733 }
1734
1735 static const struct object_id *command_singleton_iterator(void *cb_data)
1736 {
1737 struct command **cmd_list = cb_data;
1738 struct command *cmd = *cmd_list;
1739
1740 if (!cmd || is_null_oid(&cmd->new_oid))
1741 return NULL;
1742 *cmd_list = NULL; /* this returns only one */
1743 return &cmd->new_oid;
1744 }
1745
1746 static void set_connectivity_errors(struct command *commands,
1747 struct shallow_info *si)
1748 {
1749 struct command *cmd;
1750
1751 for (cmd = commands; cmd; cmd = cmd->next) {
1752 struct command *singleton = cmd;
1753 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1754
1755 if (shallow_update && si->shallow_ref[cmd->index])
1756 /* to be checked in update_shallow_ref() */
1757 continue;
1758
1759 opt.env = tmp_objdir_env(tmp_objdir);
1760 if (!check_connected(command_singleton_iterator, &singleton,
1761 &opt))
1762 continue;
1763
1764 cmd->error_string = "missing necessary objects";
1765 }
1766 }
1767
1768 struct iterate_data {
1769 struct command *cmds;
1770 struct shallow_info *si;
1771 };
1772
1773 static const struct object_id *iterate_receive_command_list(void *cb_data)
1774 {
1775 struct iterate_data *data = cb_data;
1776 struct command **cmd_list = &data->cmds;
1777 struct command *cmd = *cmd_list;
1778
1779 for (; cmd; cmd = cmd->next) {
1780 if (shallow_update && data->si->shallow_ref[cmd->index])
1781 /* to be checked in update_shallow_ref() */
1782 continue;
1783 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1784 *cmd_list = cmd->next;
1785 return &cmd->new_oid;
1786 }
1787 }
1788 return NULL;
1789 }
1790
1791 static void reject_updates_to_hidden(struct command *commands)
1792 {
1793 struct strbuf refname_full = STRBUF_INIT;
1794 size_t prefix_len;
1795 struct command *cmd;
1796
1797 strbuf_addstr(&refname_full, get_git_namespace());
1798 prefix_len = refname_full.len;
1799
1800 for (cmd = commands; cmd; cmd = cmd->next) {
1801 if (cmd->error_string)
1802 continue;
1803
1804 strbuf_setlen(&refname_full, prefix_len);
1805 strbuf_addstr(&refname_full, cmd->ref_name);
1806
1807 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1808 continue;
1809 if (is_null_oid(&cmd->new_oid))
1810 cmd->error_string = "deny deleting a hidden ref";
1811 else
1812 cmd->error_string = "deny updating a hidden ref";
1813 }
1814
1815 strbuf_release(&refname_full);
1816 }
1817
1818 static int should_process_cmd(struct command *cmd)
1819 {
1820 return !cmd->error_string && !cmd->skip_update;
1821 }
1822
1823 static void BUG_if_skipped_connectivity_check(struct command *commands,
1824 struct shallow_info *si)
1825 {
1826 struct command *cmd;
1827
1828 for (cmd = commands; cmd; cmd = cmd->next) {
1829 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1830 bug("connectivity check has not been run on ref %s",
1831 cmd->ref_name);
1832 }
1833 BUG_if_bug("connectivity check skipped???");
1834 }
1835
1836 static void execute_commands_non_atomic(struct command *commands,
1837 struct shallow_info *si)
1838 {
1839 struct command *cmd;
1840 struct strbuf err = STRBUF_INIT;
1841
1842 for (cmd = commands; cmd; cmd = cmd->next) {
1843 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1844 continue;
1845
1846 transaction = ref_transaction_begin(&err);
1847 if (!transaction) {
1848 rp_error("%s", err.buf);
1849 strbuf_reset(&err);
1850 cmd->error_string = "transaction failed to start";
1851 continue;
1852 }
1853
1854 cmd->error_string = update(cmd, si);
1855
1856 if (!cmd->error_string
1857 && ref_transaction_commit(transaction, &err)) {
1858 rp_error("%s", err.buf);
1859 strbuf_reset(&err);
1860 cmd->error_string = "failed to update ref";
1861 }
1862 ref_transaction_free(transaction);
1863 }
1864 strbuf_release(&err);
1865 }
1866
1867 static void execute_commands_atomic(struct command *commands,
1868 struct shallow_info *si)
1869 {
1870 struct command *cmd;
1871 struct strbuf err = STRBUF_INIT;
1872 const char *reported_error = "atomic push failure";
1873
1874 transaction = ref_transaction_begin(&err);
1875 if (!transaction) {
1876 rp_error("%s", err.buf);
1877 strbuf_reset(&err);
1878 reported_error = "transaction failed to start";
1879 goto failure;
1880 }
1881
1882 for (cmd = commands; cmd; cmd = cmd->next) {
1883 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1884 continue;
1885
1886 cmd->error_string = update(cmd, si);
1887
1888 if (cmd->error_string)
1889 goto failure;
1890 }
1891
1892 if (ref_transaction_commit(transaction, &err)) {
1893 rp_error("%s", err.buf);
1894 reported_error = "atomic transaction failed";
1895 goto failure;
1896 }
1897 goto cleanup;
1898
1899 failure:
1900 for (cmd = commands; cmd; cmd = cmd->next)
1901 if (!cmd->error_string)
1902 cmd->error_string = reported_error;
1903
1904 cleanup:
1905 ref_transaction_free(transaction);
1906 strbuf_release(&err);
1907 }
1908
1909 static void execute_commands(struct command *commands,
1910 const char *unpacker_error,
1911 struct shallow_info *si,
1912 const struct string_list *push_options)
1913 {
1914 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1915 struct command *cmd;
1916 struct iterate_data data;
1917 struct async muxer;
1918 int err_fd = 0;
1919 int run_proc_receive = 0;
1920
1921 if (unpacker_error) {
1922 for (cmd = commands; cmd; cmd = cmd->next)
1923 cmd->error_string = "unpacker error";
1924 return;
1925 }
1926
1927 if (use_sideband) {
1928 memset(&muxer, 0, sizeof(muxer));
1929 muxer.proc = copy_to_sideband;
1930 muxer.in = -1;
1931 if (!start_async(&muxer))
1932 err_fd = muxer.in;
1933 /* ...else, continue without relaying sideband */
1934 }
1935
1936 data.cmds = commands;
1937 data.si = si;
1938 opt.err_fd = err_fd;
1939 opt.progress = err_fd && !quiet;
1940 opt.env = tmp_objdir_env(tmp_objdir);
1941 opt.exclude_hidden_refs_section = "receive";
1942
1943 if (check_connected(iterate_receive_command_list, &data, &opt))
1944 set_connectivity_errors(commands, si);
1945
1946 if (use_sideband)
1947 finish_async(&muxer);
1948
1949 reject_updates_to_hidden(commands);
1950
1951 /*
1952 * Try to find commands that have special prefix in their reference names,
1953 * and mark them to run an external "proc-receive" hook later.
1954 */
1955 if (proc_receive_ref) {
1956 for (cmd = commands; cmd; cmd = cmd->next) {
1957 if (!should_process_cmd(cmd))
1958 continue;
1959
1960 if (proc_receive_ref_matches(cmd)) {
1961 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1962 run_proc_receive = 1;
1963 }
1964 }
1965 }
1966
1967 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1968 for (cmd = commands; cmd; cmd = cmd->next) {
1969 if (!cmd->error_string)
1970 cmd->error_string = "pre-receive hook declined";
1971 }
1972 return;
1973 }
1974
1975 /*
1976 * If there is no command ready to run, should return directly to destroy
1977 * temporary data in the quarantine area.
1978 */
1979 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1980 ; /* nothing */
1981 if (!cmd)
1982 return;
1983
1984 /*
1985 * Now we'll start writing out refs, which means the objects need
1986 * to be in their final positions so that other processes can see them.
1987 */
1988 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1989 for (cmd = commands; cmd; cmd = cmd->next) {
1990 if (!cmd->error_string)
1991 cmd->error_string = "unable to migrate objects to permanent storage";
1992 }
1993 return;
1994 }
1995 tmp_objdir = NULL;
1996
1997 check_aliased_updates(commands);
1998
1999 free(head_name_to_free);
2000 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
2001
2002 if (run_proc_receive &&
2003 run_proc_receive_hook(commands, push_options))
2004 for (cmd = commands; cmd; cmd = cmd->next)
2005 if (!cmd->error_string &&
2006 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
2007 (cmd->run_proc_receive || use_atomic))
2008 cmd->error_string = "fail to run proc-receive hook";
2009
2010 if (use_atomic)
2011 execute_commands_atomic(commands, si);
2012 else
2013 execute_commands_non_atomic(commands, si);
2014
2015 if (shallow_update)
2016 BUG_if_skipped_connectivity_check(commands, si);
2017 }
2018
2019 static struct command **queue_command(struct command **tail,
2020 const char *line,
2021 int linelen)
2022 {
2023 struct object_id old_oid, new_oid;
2024 struct command *cmd;
2025 const char *refname;
2026 int reflen;
2027 const char *p;
2028
2029 if (parse_oid_hex(line, &old_oid, &p) ||
2030 *p++ != ' ' ||
2031 parse_oid_hex(p, &new_oid, &p) ||
2032 *p++ != ' ')
2033 die("protocol error: expected old/new/ref, got '%s'", line);
2034
2035 refname = p;
2036 reflen = linelen - (p - line);
2037 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2038 oidcpy(&cmd->old_oid, &old_oid);
2039 oidcpy(&cmd->new_oid, &new_oid);
2040 *tail = cmd;
2041 return &cmd->next;
2042 }
2043
2044 static void free_commands(struct command *commands)
2045 {
2046 while (commands) {
2047 struct command *next = commands->next;
2048
2049 free(commands);
2050 commands = next;
2051 }
2052 }
2053
2054 static void queue_commands_from_cert(struct command **tail,
2055 struct strbuf *push_cert)
2056 {
2057 const char *boc, *eoc;
2058
2059 if (*tail)
2060 die("protocol error: got both push certificate and unsigned commands");
2061
2062 boc = strstr(push_cert->buf, "\n\n");
2063 if (!boc)
2064 die("malformed push certificate %.*s", 100, push_cert->buf);
2065 else
2066 boc += 2;
2067 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2068
2069 while (boc < eoc) {
2070 const char *eol = memchr(boc, '\n', eoc - boc);
2071 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2072 boc = eol ? eol + 1 : eoc;
2073 }
2074 }
2075
2076 static struct command *read_head_info(struct packet_reader *reader,
2077 struct oid_array *shallow)
2078 {
2079 struct command *commands = NULL;
2080 struct command **p = &commands;
2081 for (;;) {
2082 int linelen;
2083
2084 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2085 break;
2086
2087 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2088 struct object_id oid;
2089 if (get_oid_hex(reader->line + 8, &oid))
2090 die("protocol error: expected shallow sha, got '%s'",
2091 reader->line + 8);
2092 oid_array_append(shallow, &oid);
2093 continue;
2094 }
2095
2096 linelen = strlen(reader->line);
2097 if (linelen < reader->pktlen) {
2098 const char *feature_list = reader->line + linelen + 1;
2099 const char *hash = NULL;
2100 const char *client_sid;
2101 size_t len = 0;
2102 if (parse_feature_request(feature_list, "report-status"))
2103 report_status = 1;
2104 if (parse_feature_request(feature_list, "report-status-v2"))
2105 report_status_v2 = 1;
2106 if (parse_feature_request(feature_list, "side-band-64k"))
2107 use_sideband = LARGE_PACKET_MAX;
2108 if (parse_feature_request(feature_list, "quiet"))
2109 quiet = 1;
2110 if (advertise_atomic_push
2111 && parse_feature_request(feature_list, "atomic"))
2112 use_atomic = 1;
2113 if (advertise_push_options
2114 && parse_feature_request(feature_list, "push-options"))
2115 use_push_options = 1;
2116 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2117 if (!hash) {
2118 hash = hash_algos[GIT_HASH_SHA1].name;
2119 len = strlen(hash);
2120 }
2121 if (xstrncmpz(the_hash_algo->name, hash, len))
2122 die("error: unsupported object format '%s'", hash);
2123 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2124 if (client_sid) {
2125 char *sid = xstrndup(client_sid, len);
2126 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2127 free(sid);
2128 }
2129 }
2130
2131 if (!strcmp(reader->line, "push-cert")) {
2132 int true_flush = 0;
2133 int saved_options = reader->options;
2134 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2135
2136 for (;;) {
2137 packet_reader_read(reader);
2138 if (reader->status == PACKET_READ_FLUSH) {
2139 true_flush = 1;
2140 break;
2141 }
2142 if (reader->status != PACKET_READ_NORMAL) {
2143 die("protocol error: got an unexpected packet");
2144 }
2145 if (!strcmp(reader->line, "push-cert-end\n"))
2146 break; /* end of cert */
2147 strbuf_addstr(&push_cert, reader->line);
2148 }
2149 reader->options = saved_options;
2150
2151 if (true_flush)
2152 break;
2153 continue;
2154 }
2155
2156 p = queue_command(p, reader->line, linelen);
2157 }
2158
2159 if (push_cert.len)
2160 queue_commands_from_cert(p, &push_cert);
2161
2162 return commands;
2163 }
2164
2165 static void read_push_options(struct packet_reader *reader,
2166 struct string_list *options)
2167 {
2168 while (1) {
2169 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2170 break;
2171
2172 string_list_append(options, reader->line);
2173 }
2174 }
2175
2176 static const char *parse_pack_header(struct pack_header *hdr)
2177 {
2178 switch (read_pack_header(0, hdr)) {
2179 case PH_ERROR_EOF:
2180 return "eof before pack header was fully read";
2181
2182 case PH_ERROR_PACK_SIGNATURE:
2183 return "protocol error (pack signature mismatch detected)";
2184
2185 case PH_ERROR_PROTOCOL:
2186 return "protocol error (pack version unsupported)";
2187
2188 default:
2189 return "unknown error in parse_pack_header";
2190
2191 case 0:
2192 return NULL;
2193 }
2194 }
2195
2196 static struct tempfile *pack_lockfile;
2197
2198 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2199 {
2200 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2201 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2202 }
2203
2204 static const char *unpack(int err_fd, struct shallow_info *si)
2205 {
2206 struct pack_header hdr;
2207 const char *hdr_err;
2208 int status;
2209 struct child_process child = CHILD_PROCESS_INIT;
2210 int fsck_objects = (receive_fsck_objects >= 0
2211 ? receive_fsck_objects
2212 : transfer_fsck_objects >= 0
2213 ? transfer_fsck_objects
2214 : 0);
2215
2216 hdr_err = parse_pack_header(&hdr);
2217 if (hdr_err) {
2218 if (err_fd > 0)
2219 close(err_fd);
2220 return hdr_err;
2221 }
2222
2223 if (si->nr_ours || si->nr_theirs) {
2224 alt_shallow_file = setup_temporary_shallow(si->shallow);
2225 strvec_push(&child.args, "--shallow-file");
2226 strvec_push(&child.args, alt_shallow_file);
2227 }
2228
2229 tmp_objdir = tmp_objdir_create("incoming");
2230 if (!tmp_objdir) {
2231 if (err_fd > 0)
2232 close(err_fd);
2233 return "unable to create temporary object directory";
2234 }
2235 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2236
2237 /*
2238 * Normally we just pass the tmp_objdir environment to the child
2239 * processes that do the heavy lifting, but we may need to see these
2240 * objects ourselves to set up shallow information.
2241 */
2242 tmp_objdir_add_as_alternate(tmp_objdir);
2243
2244 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2245 strvec_push(&child.args, "unpack-objects");
2246 push_header_arg(&child.args, &hdr);
2247 if (quiet)
2248 strvec_push(&child.args, "-q");
2249 if (fsck_objects)
2250 strvec_pushf(&child.args, "--strict%s",
2251 fsck_msg_types.buf);
2252 if (max_input_size)
2253 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2254 (uintmax_t)max_input_size);
2255 child.no_stdout = 1;
2256 child.err = err_fd;
2257 child.git_cmd = 1;
2258 status = run_command(&child);
2259 if (status)
2260 return "unpack-objects abnormal exit";
2261 } else {
2262 char hostname[HOST_NAME_MAX + 1];
2263 char *lockfile;
2264
2265 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2266 push_header_arg(&child.args, &hdr);
2267
2268 if (xgethostname(hostname, sizeof(hostname)))
2269 xsnprintf(hostname, sizeof(hostname), "localhost");
2270 strvec_pushf(&child.args,
2271 "--keep=receive-pack %"PRIuMAX" on %s",
2272 (uintmax_t)getpid(),
2273 hostname);
2274
2275 if (!quiet && err_fd)
2276 strvec_push(&child.args, "--show-resolving-progress");
2277 if (use_sideband)
2278 strvec_push(&child.args, "--report-end-of-input");
2279 if (fsck_objects)
2280 strvec_pushf(&child.args, "--strict%s",
2281 fsck_msg_types.buf);
2282 if (!reject_thin)
2283 strvec_push(&child.args, "--fix-thin");
2284 if (max_input_size)
2285 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2286 (uintmax_t)max_input_size);
2287 child.out = -1;
2288 child.err = err_fd;
2289 child.git_cmd = 1;
2290 status = start_command(&child);
2291 if (status)
2292 return "index-pack fork failed";
2293
2294 lockfile = index_pack_lockfile(child.out, NULL);
2295 if (lockfile) {
2296 pack_lockfile = register_tempfile(lockfile);
2297 free(lockfile);
2298 }
2299 close(child.out);
2300
2301 status = finish_command(&child);
2302 if (status)
2303 return "index-pack abnormal exit";
2304 reprepare_packed_git(the_repository);
2305 }
2306 return NULL;
2307 }
2308
2309 static const char *unpack_with_sideband(struct shallow_info *si)
2310 {
2311 struct async muxer;
2312 const char *ret;
2313
2314 if (!use_sideband)
2315 return unpack(0, si);
2316
2317 use_keepalive = KEEPALIVE_AFTER_NUL;
2318 memset(&muxer, 0, sizeof(muxer));
2319 muxer.proc = copy_to_sideband;
2320 muxer.in = -1;
2321 if (start_async(&muxer))
2322 return NULL;
2323
2324 ret = unpack(muxer.in, si);
2325
2326 finish_async(&muxer);
2327 return ret;
2328 }
2329
2330 static void prepare_shallow_update(struct shallow_info *si)
2331 {
2332 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2333
2334 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2335 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2336
2337 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2338 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2339 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2340
2341 for (i = 0; i < si->nr_ours; i++)
2342 si->need_reachability_test[si->ours[i]] = 1;
2343
2344 for (i = 0; i < si->shallow->nr; i++) {
2345 if (!si->used_shallow[i])
2346 continue;
2347 for (j = 0; j < bitmap_size; j++) {
2348 if (!si->used_shallow[i][j])
2349 continue;
2350 si->need_reachability_test[i]++;
2351 for (k = 0; k < 32; k++)
2352 if (si->used_shallow[i][j] & (1U << k))
2353 si->shallow_ref[j * 32 + k]++;
2354 }
2355
2356 /*
2357 * true for those associated with some refs and belong
2358 * in "ours" list aka "step 7 not done yet"
2359 */
2360 si->need_reachability_test[i] =
2361 si->need_reachability_test[i] > 1;
2362 }
2363
2364 /*
2365 * keep hooks happy by forcing a temporary shallow file via
2366 * env variable because we can't add --shallow-file to every
2367 * command. check_connected() will be done with
2368 * true .git/shallow though.
2369 */
2370 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2371 }
2372
2373 static void update_shallow_info(struct command *commands,
2374 struct shallow_info *si,
2375 struct oid_array *ref)
2376 {
2377 struct command *cmd;
2378 int *ref_status;
2379 remove_nonexistent_theirs_shallow(si);
2380 if (!si->nr_ours && !si->nr_theirs) {
2381 shallow_update = 0;
2382 return;
2383 }
2384
2385 for (cmd = commands; cmd; cmd = cmd->next) {
2386 if (is_null_oid(&cmd->new_oid))
2387 continue;
2388 oid_array_append(ref, &cmd->new_oid);
2389 cmd->index = ref->nr - 1;
2390 }
2391 si->ref = ref;
2392
2393 if (shallow_update) {
2394 prepare_shallow_update(si);
2395 return;
2396 }
2397
2398 ALLOC_ARRAY(ref_status, ref->nr);
2399 assign_shallow_commits_to_refs(si, NULL, ref_status);
2400 for (cmd = commands; cmd; cmd = cmd->next) {
2401 if (is_null_oid(&cmd->new_oid))
2402 continue;
2403 if (ref_status[cmd->index]) {
2404 cmd->error_string = "shallow update not allowed";
2405 cmd->skip_update = 1;
2406 }
2407 }
2408 free(ref_status);
2409 }
2410
2411 static void report(struct command *commands, const char *unpack_status)
2412 {
2413 struct command *cmd;
2414 struct strbuf buf = STRBUF_INIT;
2415
2416 packet_buf_write(&buf, "unpack %s\n",
2417 unpack_status ? unpack_status : "ok");
2418 for (cmd = commands; cmd; cmd = cmd->next) {
2419 if (!cmd->error_string)
2420 packet_buf_write(&buf, "ok %s\n",
2421 cmd->ref_name);
2422 else
2423 packet_buf_write(&buf, "ng %s %s\n",
2424 cmd->ref_name, cmd->error_string);
2425 }
2426 packet_buf_flush(&buf);
2427
2428 if (use_sideband)
2429 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2430 else
2431 write_or_die(1, buf.buf, buf.len);
2432 strbuf_release(&buf);
2433 }
2434
2435 static void report_v2(struct command *commands, const char *unpack_status)
2436 {
2437 struct command *cmd;
2438 struct strbuf buf = STRBUF_INIT;
2439 struct ref_push_report *report;
2440
2441 packet_buf_write(&buf, "unpack %s\n",
2442 unpack_status ? unpack_status : "ok");
2443 for (cmd = commands; cmd; cmd = cmd->next) {
2444 int count = 0;
2445
2446 if (cmd->error_string) {
2447 packet_buf_write(&buf, "ng %s %s\n",
2448 cmd->ref_name,
2449 cmd->error_string);
2450 continue;
2451 }
2452 packet_buf_write(&buf, "ok %s\n",
2453 cmd->ref_name);
2454 for (report = cmd->report; report; report = report->next) {
2455 if (count++ > 0)
2456 packet_buf_write(&buf, "ok %s\n",
2457 cmd->ref_name);
2458 if (report->ref_name)
2459 packet_buf_write(&buf, "option refname %s\n",
2460 report->ref_name);
2461 if (report->old_oid)
2462 packet_buf_write(&buf, "option old-oid %s\n",
2463 oid_to_hex(report->old_oid));
2464 if (report->new_oid)
2465 packet_buf_write(&buf, "option new-oid %s\n",
2466 oid_to_hex(report->new_oid));
2467 if (report->forced_update)
2468 packet_buf_write(&buf, "option forced-update\n");
2469 }
2470 }
2471 packet_buf_flush(&buf);
2472
2473 if (use_sideband)
2474 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2475 else
2476 write_or_die(1, buf.buf, buf.len);
2477 strbuf_release(&buf);
2478 }
2479
2480 static int delete_only(struct command *commands)
2481 {
2482 struct command *cmd;
2483 for (cmd = commands; cmd; cmd = cmd->next) {
2484 if (!is_null_oid(&cmd->new_oid))
2485 return 0;
2486 }
2487 return 1;
2488 }
2489
2490 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2491 {
2492 int advertise_refs = 0;
2493 struct command *commands;
2494 struct oid_array shallow = OID_ARRAY_INIT;
2495 struct oid_array ref = OID_ARRAY_INIT;
2496 struct shallow_info si;
2497 struct packet_reader reader;
2498
2499 struct option options[] = {
2500 OPT__QUIET(&quiet, N_("quiet")),
2501 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2502 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2503 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2504 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2505 OPT_END()
2506 };
2507
2508 packet_trace_identity("receive-pack");
2509
2510 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2511
2512 if (argc > 1)
2513 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2514 if (argc == 0)
2515 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2516
2517 service_dir = argv[0];
2518
2519 setup_path();
2520
2521 if (!enter_repo(service_dir, 0))
2522 die("'%s' does not appear to be a git repository", service_dir);
2523
2524 git_config(receive_pack_config, NULL);
2525 if (cert_nonce_seed)
2526 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2527
2528 if (0 <= transfer_unpack_limit)
2529 unpack_limit = transfer_unpack_limit;
2530 else if (0 <= receive_unpack_limit)
2531 unpack_limit = receive_unpack_limit;
2532
2533 switch (determine_protocol_version_server()) {
2534 case protocol_v2:
2535 /*
2536 * push support for protocol v2 has not been implemented yet,
2537 * so ignore the request to use v2 and fallback to using v0.
2538 */
2539 break;
2540 case protocol_v1:
2541 /*
2542 * v1 is just the original protocol with a version string,
2543 * so just fall through after writing the version string.
2544 */
2545 if (advertise_refs || !stateless_rpc)
2546 packet_write_fmt(1, "version 1\n");
2547
2548 /* fallthrough */
2549 case protocol_v0:
2550 break;
2551 case protocol_unknown_version:
2552 BUG("unknown protocol version");
2553 }
2554
2555 if (advertise_refs || !stateless_rpc) {
2556 write_head_info();
2557 }
2558 if (advertise_refs)
2559 return 0;
2560
2561 packet_reader_init(&reader, 0, NULL, 0,
2562 PACKET_READ_CHOMP_NEWLINE |
2563 PACKET_READ_DIE_ON_ERR_PACKET);
2564
2565 if ((commands = read_head_info(&reader, &shallow))) {
2566 const char *unpack_status = NULL;
2567 struct string_list push_options = STRING_LIST_INIT_DUP;
2568
2569 if (use_push_options)
2570 read_push_options(&reader, &push_options);
2571 if (!check_cert_push_options(&push_options)) {
2572 struct command *cmd;
2573 for (cmd = commands; cmd; cmd = cmd->next)
2574 cmd->error_string = "inconsistent push options";
2575 }
2576
2577 prepare_shallow_info(&si, &shallow);
2578 if (!si.nr_ours && !si.nr_theirs)
2579 shallow_update = 0;
2580 if (!delete_only(commands)) {
2581 unpack_status = unpack_with_sideband(&si);
2582 update_shallow_info(commands, &si, &ref);
2583 }
2584 use_keepalive = KEEPALIVE_ALWAYS;
2585 execute_commands(commands, unpack_status, &si,
2586 &push_options);
2587 delete_tempfile(&pack_lockfile);
2588 sigchain_push(SIGPIPE, SIG_IGN);
2589 if (report_status_v2)
2590 report_v2(commands, unpack_status);
2591 else if (report_status)
2592 report(commands, unpack_status);
2593 sigchain_pop(SIGPIPE);
2594 run_receive_hook(commands, "post-receive", 1,
2595 &push_options);
2596 run_update_post_hook(commands);
2597 free_commands(commands);
2598 string_list_clear(&push_options, 0);
2599 if (auto_gc) {
2600 struct child_process proc = CHILD_PROCESS_INIT;
2601
2602 proc.no_stdin = 1;
2603 proc.stdout_to_stderr = 1;
2604 proc.err = use_sideband ? -1 : 0;
2605 proc.git_cmd = proc.close_object_store = 1;
2606 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2607 NULL);
2608
2609 if (!start_command(&proc)) {
2610 if (use_sideband)
2611 copy_to_sideband(proc.err, -1, NULL);
2612 finish_command(&proc);
2613 }
2614 }
2615 if (auto_update_server_info)
2616 update_server_info(0);
2617 clear_shallow_info(&si);
2618 }
2619 if (use_sideband)
2620 packet_flush(1);
2621 oid_array_clear(&shallow);
2622 oid_array_clear(&ref);
2623 string_list_clear(&hidden_refs, 0);
2624 free((void *)push_cert_nonce);
2625 return 0;
2626 }
Unnamed repository; edit this file 'description' to name the repository.