]> git.ipfire.org Git - thirdparty/git.git/blob - builtin/receive-pack.c
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
abspath.h: move absolute path functions from cache.h
[thirdparty/git.git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "abspath.h"
3 #include "repository.h"
4 #include "config.h"
5 #include "gettext.h"
6 #include "hex.h"
7 #include "lockfile.h"
8 #include "pack.h"
9 #include "refs.h"
10 #include "pkt-line.h"
11 #include "sideband.h"
12 #include "run-command.h"
13 #include "hook.h"
14 #include "exec-cmd.h"
15 #include "commit.h"
16 #include "object.h"
17 #include "remote.h"
18 #include "connect.h"
19 #include "string-list.h"
20 #include "oid-array.h"
21 #include "connected.h"
22 #include "strvec.h"
23 #include "version.h"
24 #include "tag.h"
25 #include "gpg-interface.h"
26 #include "sigchain.h"
27 #include "fsck.h"
28 #include "tmp-objdir.h"
29 #include "oidset.h"
30 #include "packfile.h"
31 #include "object-store.h"
32 #include "protocol.h"
33 #include "commit-reach.h"
34 #include "worktree.h"
35 #include "shallow.h"
36
37 static const char * const receive_pack_usage[] = {
38 N_("git receive-pack <git-dir>"),
39 NULL
40 };
41
42 enum deny_action {
43 DENY_UNCONFIGURED,
44 DENY_IGNORE,
45 DENY_WARN,
46 DENY_REFUSE,
47 DENY_UPDATE_INSTEAD
48 };
49
50 static int deny_deletes;
51 static int deny_non_fast_forwards;
52 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
53 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
54 static int receive_fsck_objects = -1;
55 static int transfer_fsck_objects = -1;
56 static struct strbuf fsck_msg_types = STRBUF_INIT;
57 static int receive_unpack_limit = -1;
58 static int transfer_unpack_limit = -1;
59 static int advertise_atomic_push = 1;
60 static int advertise_push_options;
61 static int advertise_sid;
62 static int unpack_limit = 100;
63 static off_t max_input_size;
64 static int report_status;
65 static int report_status_v2;
66 static int use_sideband;
67 static int use_atomic;
68 static int use_push_options;
69 static int quiet;
70 static int prefer_ofs_delta = 1;
71 static int auto_update_server_info;
72 static int auto_gc = 1;
73 static int reject_thin;
74 static int stateless_rpc;
75 static const char *service_dir;
76 static const char *head_name;
77 static void *head_name_to_free;
78 static int sent_capabilities;
79 static int shallow_update;
80 static const char *alt_shallow_file;
81 static struct strbuf push_cert = STRBUF_INIT;
82 static struct object_id push_cert_oid;
83 static struct signature_check sigcheck;
84 static const char *push_cert_nonce;
85 static const char *cert_nonce_seed;
86 static struct string_list hidden_refs = STRING_LIST_INIT_DUP;
87
88 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
89 static const char *NONCE_BAD = "BAD";
90 static const char *NONCE_MISSING = "MISSING";
91 static const char *NONCE_OK = "OK";
92 static const char *NONCE_SLOP = "SLOP";
93 static const char *nonce_status;
94 static long nonce_stamp_slop;
95 static timestamp_t nonce_stamp_slop_limit;
96 static struct ref_transaction *transaction;
97
98 static enum {
99 KEEPALIVE_NEVER = 0,
100 KEEPALIVE_AFTER_NUL,
101 KEEPALIVE_ALWAYS
102 } use_keepalive;
103 static int keepalive_in_sec = 5;
104
105 static struct tmp_objdir *tmp_objdir;
106
107 static struct proc_receive_ref {
108 unsigned int want_add:1,
109 want_delete:1,
110 want_modify:1,
111 negative_ref:1;
112 char *ref_prefix;
113 struct proc_receive_ref *next;
114 } *proc_receive_ref;
115
116 static void proc_receive_ref_append(const char *prefix);
117
118 static enum deny_action parse_deny_action(const char *var, const char *value)
119 {
120 if (value) {
121 if (!strcasecmp(value, "ignore"))
122 return DENY_IGNORE;
123 if (!strcasecmp(value, "warn"))
124 return DENY_WARN;
125 if (!strcasecmp(value, "refuse"))
126 return DENY_REFUSE;
127 if (!strcasecmp(value, "updateinstead"))
128 return DENY_UPDATE_INSTEAD;
129 }
130 if (git_config_bool(var, value))
131 return DENY_REFUSE;
132 return DENY_IGNORE;
133 }
134
135 static int receive_pack_config(const char *var, const char *value, void *cb)
136 {
137 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs);
138
139 if (status)
140 return status;
141
142 if (strcmp(var, "receive.denydeletes") == 0) {
143 deny_deletes = git_config_bool(var, value);
144 return 0;
145 }
146
147 if (strcmp(var, "receive.denynonfastforwards") == 0) {
148 deny_non_fast_forwards = git_config_bool(var, value);
149 return 0;
150 }
151
152 if (strcmp(var, "receive.unpacklimit") == 0) {
153 receive_unpack_limit = git_config_int(var, value);
154 return 0;
155 }
156
157 if (strcmp(var, "transfer.unpacklimit") == 0) {
158 transfer_unpack_limit = git_config_int(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "receive.fsck.skiplist") == 0) {
163 const char *path;
164
165 if (git_config_pathname(&path, var, value))
166 return 1;
167 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
168 fsck_msg_types.len ? ',' : '=', path);
169 free((char *)path);
170 return 0;
171 }
172
173 if (skip_prefix(var, "receive.fsck.", &var)) {
174 if (is_valid_msg_type(var, value))
175 strbuf_addf(&fsck_msg_types, "%c%s=%s",
176 fsck_msg_types.len ? ',' : '=', var, value);
177 else
178 warning("skipping unknown msg id '%s'", var);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.fsckobjects") == 0) {
183 receive_fsck_objects = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "transfer.fsckobjects") == 0) {
188 transfer_fsck_objects = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (!strcmp(var, "receive.denycurrentbranch")) {
193 deny_current_branch = parse_deny_action(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.denydeletecurrent") == 0) {
198 deny_delete_current = parse_deny_action(var, value);
199 return 0;
200 }
201
202 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
203 prefer_ofs_delta = git_config_bool(var, value);
204 return 0;
205 }
206
207 if (strcmp(var, "receive.updateserverinfo") == 0) {
208 auto_update_server_info = git_config_bool(var, value);
209 return 0;
210 }
211
212 if (strcmp(var, "receive.autogc") == 0) {
213 auto_gc = git_config_bool(var, value);
214 return 0;
215 }
216
217 if (strcmp(var, "receive.shallowupdate") == 0) {
218 shallow_update = git_config_bool(var, value);
219 return 0;
220 }
221
222 if (strcmp(var, "receive.certnonceseed") == 0)
223 return git_config_string(&cert_nonce_seed, var, value);
224
225 if (strcmp(var, "receive.certnonceslop") == 0) {
226 nonce_stamp_slop_limit = git_config_ulong(var, value);
227 return 0;
228 }
229
230 if (strcmp(var, "receive.advertiseatomic") == 0) {
231 advertise_atomic_push = git_config_bool(var, value);
232 return 0;
233 }
234
235 if (strcmp(var, "receive.advertisepushoptions") == 0) {
236 advertise_push_options = git_config_bool(var, value);
237 return 0;
238 }
239
240 if (strcmp(var, "receive.keepalive") == 0) {
241 keepalive_in_sec = git_config_int(var, value);
242 return 0;
243 }
244
245 if (strcmp(var, "receive.maxinputsize") == 0) {
246 max_input_size = git_config_int64(var, value);
247 return 0;
248 }
249
250 if (strcmp(var, "receive.procreceiverefs") == 0) {
251 if (!value)
252 return config_error_nonbool(var);
253 proc_receive_ref_append(value);
254 return 0;
255 }
256
257 if (strcmp(var, "transfer.advertisesid") == 0) {
258 advertise_sid = git_config_bool(var, value);
259 return 0;
260 }
261
262 return git_default_config(var, value, cb);
263 }
264
265 static void show_ref(const char *path, const struct object_id *oid)
266 {
267 if (sent_capabilities) {
268 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
269 } else {
270 struct strbuf cap = STRBUF_INIT;
271
272 strbuf_addstr(&cap,
273 "report-status report-status-v2 delete-refs side-band-64k quiet");
274 if (advertise_atomic_push)
275 strbuf_addstr(&cap, " atomic");
276 if (prefer_ofs_delta)
277 strbuf_addstr(&cap, " ofs-delta");
278 if (push_cert_nonce)
279 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
280 if (advertise_push_options)
281 strbuf_addstr(&cap, " push-options");
282 if (advertise_sid)
283 strbuf_addf(&cap, " session-id=%s", trace2_session_id());
284 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
285 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
286 packet_write_fmt(1, "%s %s%c%s\n",
287 oid_to_hex(oid), path, 0, cap.buf);
288 strbuf_release(&cap);
289 sent_capabilities = 1;
290 }
291 }
292
293 static int show_ref_cb(const char *path_full, const struct object_id *oid,
294 int flag UNUSED, void *data)
295 {
296 struct oidset *seen = data;
297 const char *path = strip_namespace(path_full);
298
299 if (ref_is_hidden(path, path_full, &hidden_refs))
300 return 0;
301
302 /*
303 * Advertise refs outside our current namespace as ".have"
304 * refs, so that the client can use them to minimize data
305 * transfer but will otherwise ignore them.
306 */
307 if (!path) {
308 if (oidset_insert(seen, oid))
309 return 0;
310 path = ".have";
311 } else {
312 oidset_insert(seen, oid);
313 }
314 show_ref(path, oid);
315 return 0;
316 }
317
318 static void show_one_alternate_ref(const struct object_id *oid,
319 void *data)
320 {
321 struct oidset *seen = data;
322
323 if (oidset_insert(seen, oid))
324 return;
325
326 show_ref(".have", oid);
327 }
328
329 static void write_head_info(void)
330 {
331 static struct oidset seen = OIDSET_INIT;
332
333 for_each_ref(show_ref_cb, &seen);
334 for_each_alternate_ref(show_one_alternate_ref, &seen);
335 oidset_clear(&seen);
336 if (!sent_capabilities)
337 show_ref("capabilities^{}", null_oid());
338
339 advertise_shallow_grafts(1);
340
341 /* EOF */
342 packet_flush(1);
343 }
344
345 #define RUN_PROC_RECEIVE_SCHEDULED 1
346 #define RUN_PROC_RECEIVE_RETURNED 2
347 struct command {
348 struct command *next;
349 const char *error_string;
350 struct ref_push_report *report;
351 unsigned int skip_update:1,
352 did_not_exist:1,
353 run_proc_receive:2;
354 int index;
355 struct object_id old_oid;
356 struct object_id new_oid;
357 char ref_name[FLEX_ARRAY]; /* more */
358 };
359
360 static void proc_receive_ref_append(const char *prefix)
361 {
362 struct proc_receive_ref *ref_pattern;
363 char *p;
364 int len;
365
366 CALLOC_ARRAY(ref_pattern, 1);
367 p = strchr(prefix, ':');
368 if (p) {
369 while (prefix < p) {
370 if (*prefix == 'a')
371 ref_pattern->want_add = 1;
372 else if (*prefix == 'd')
373 ref_pattern->want_delete = 1;
374 else if (*prefix == 'm')
375 ref_pattern->want_modify = 1;
376 else if (*prefix == '!')
377 ref_pattern->negative_ref = 1;
378 prefix++;
379 }
380 prefix++;
381 } else {
382 ref_pattern->want_add = 1;
383 ref_pattern->want_delete = 1;
384 ref_pattern->want_modify = 1;
385 }
386 len = strlen(prefix);
387 while (len && prefix[len - 1] == '/')
388 len--;
389 ref_pattern->ref_prefix = xmemdupz(prefix, len);
390 if (!proc_receive_ref) {
391 proc_receive_ref = ref_pattern;
392 } else {
393 struct proc_receive_ref *end;
394
395 end = proc_receive_ref;
396 while (end->next)
397 end = end->next;
398 end->next = ref_pattern;
399 }
400 }
401
402 static int proc_receive_ref_matches(struct command *cmd)
403 {
404 struct proc_receive_ref *p;
405
406 if (!proc_receive_ref)
407 return 0;
408
409 for (p = proc_receive_ref; p; p = p->next) {
410 const char *match = p->ref_prefix;
411 const char *remains;
412
413 if (!p->want_add && is_null_oid(&cmd->old_oid))
414 continue;
415 else if (!p->want_delete && is_null_oid(&cmd->new_oid))
416 continue;
417 else if (!p->want_modify &&
418 !is_null_oid(&cmd->old_oid) &&
419 !is_null_oid(&cmd->new_oid))
420 continue;
421
422 if (skip_prefix(cmd->ref_name, match, &remains) &&
423 (!*remains || *remains == '/')) {
424 if (!p->negative_ref)
425 return 1;
426 } else if (p->negative_ref) {
427 return 1;
428 }
429 }
430 return 0;
431 }
432
433 static void report_message(const char *prefix, const char *err, va_list params)
434 {
435 int sz;
436 char msg[4096];
437
438 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
439 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
440 if (sz > (sizeof(msg) - 1))
441 sz = sizeof(msg) - 1;
442 msg[sz++] = '\n';
443
444 if (use_sideband)
445 send_sideband(1, 2, msg, sz, use_sideband);
446 else
447 xwrite(2, msg, sz);
448 }
449
450 __attribute__((format (printf, 1, 2)))
451 static void rp_warning(const char *err, ...)
452 {
453 va_list params;
454 va_start(params, err);
455 report_message("warning: ", err, params);
456 va_end(params);
457 }
458
459 __attribute__((format (printf, 1, 2)))
460 static void rp_error(const char *err, ...)
461 {
462 va_list params;
463 va_start(params, err);
464 report_message("error: ", err, params);
465 va_end(params);
466 }
467
468 static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED)
469 {
470 char data[128];
471 int keepalive_active = 0;
472
473 if (keepalive_in_sec <= 0)
474 use_keepalive = KEEPALIVE_NEVER;
475 if (use_keepalive == KEEPALIVE_ALWAYS)
476 keepalive_active = 1;
477
478 while (1) {
479 ssize_t sz;
480
481 if (keepalive_active) {
482 struct pollfd pfd;
483 int ret;
484
485 pfd.fd = in;
486 pfd.events = POLLIN;
487 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
488
489 if (ret < 0) {
490 if (errno == EINTR)
491 continue;
492 else
493 break;
494 } else if (ret == 0) {
495 /* no data; send a keepalive packet */
496 static const char buf[] = "0005\1";
497 write_or_die(1, buf, sizeof(buf) - 1);
498 continue;
499 } /* else there is actual data to read */
500 }
501
502 sz = xread(in, data, sizeof(data));
503 if (sz <= 0)
504 break;
505
506 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
507 const char *p = memchr(data, '\0', sz);
508 if (p) {
509 /*
510 * The NUL tells us to start sending keepalives. Make
511 * sure we send any other data we read along
512 * with it.
513 */
514 keepalive_active = 1;
515 send_sideband(1, 2, data, p - data, use_sideband);
516 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
517 continue;
518 }
519 }
520
521 /*
522 * Either we're not looking for a NUL signal, or we didn't see
523 * it yet; just pass along the data.
524 */
525 send_sideband(1, 2, data, sz, use_sideband);
526 }
527 close(in);
528 return 0;
529 }
530
531 static void hmac_hash(unsigned char *out,
532 const char *key_in, size_t key_len,
533 const char *text, size_t text_len)
534 {
535 unsigned char key[GIT_MAX_BLKSZ];
536 unsigned char k_ipad[GIT_MAX_BLKSZ];
537 unsigned char k_opad[GIT_MAX_BLKSZ];
538 int i;
539 git_hash_ctx ctx;
540
541 /* RFC 2104 2. (1) */
542 memset(key, '\0', GIT_MAX_BLKSZ);
543 if (the_hash_algo->blksz < key_len) {
544 the_hash_algo->init_fn(&ctx);
545 the_hash_algo->update_fn(&ctx, key_in, key_len);
546 the_hash_algo->final_fn(key, &ctx);
547 } else {
548 memcpy(key, key_in, key_len);
549 }
550
551 /* RFC 2104 2. (2) & (5) */
552 for (i = 0; i < sizeof(key); i++) {
553 k_ipad[i] = key[i] ^ 0x36;
554 k_opad[i] = key[i] ^ 0x5c;
555 }
556
557 /* RFC 2104 2. (3) & (4) */
558 the_hash_algo->init_fn(&ctx);
559 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
560 the_hash_algo->update_fn(&ctx, text, text_len);
561 the_hash_algo->final_fn(out, &ctx);
562
563 /* RFC 2104 2. (6) & (7) */
564 the_hash_algo->init_fn(&ctx);
565 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
566 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
567 the_hash_algo->final_fn(out, &ctx);
568 }
569
570 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
571 {
572 struct strbuf buf = STRBUF_INIT;
573 unsigned char hash[GIT_MAX_RAWSZ];
574
575 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
576 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
577 strbuf_release(&buf);
578
579 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
580 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
581 return strbuf_detach(&buf, NULL);
582 }
583
584 static char *find_header(const char *msg, size_t len, const char *key,
585 const char **next_line)
586 {
587 size_t out_len;
588 const char *val = find_header_mem(msg, len, key, &out_len);
589
590 if (!val)
591 return NULL;
592
593 if (next_line)
594 *next_line = val + out_len + 1;
595
596 return xmemdupz(val, out_len);
597 }
598
599 /*
600 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
601 * This operation is guaranteed to run in constant time to avoid leaking data.
602 */
603 static int constant_memequal(const char *a, const char *b, size_t n)
604 {
605 int res = 0;
606 size_t i;
607
608 for (i = 0; i < n; i++)
609 res |= a[i] ^ b[i];
610 return res;
611 }
612
613 static const char *check_nonce(const char *buf, size_t len)
614 {
615 char *nonce = find_header(buf, len, "nonce", NULL);
616 timestamp_t stamp, ostamp;
617 char *bohmac, *expect = NULL;
618 const char *retval = NONCE_BAD;
619 size_t noncelen;
620
621 if (!nonce) {
622 retval = NONCE_MISSING;
623 goto leave;
624 } else if (!push_cert_nonce) {
625 retval = NONCE_UNSOLICITED;
626 goto leave;
627 } else if (!strcmp(push_cert_nonce, nonce)) {
628 retval = NONCE_OK;
629 goto leave;
630 }
631
632 if (!stateless_rpc) {
633 /* returned nonce MUST match what we gave out earlier */
634 retval = NONCE_BAD;
635 goto leave;
636 }
637
638 /*
639 * In stateless mode, we may be receiving a nonce issued by
640 * another instance of the server that serving the same
641 * repository, and the timestamps may not match, but the
642 * nonce-seed and dir should match, so we can recompute and
643 * report the time slop.
644 *
645 * In addition, when a nonce issued by another instance has
646 * timestamp within receive.certnonceslop seconds, we pretend
647 * as if we issued that nonce when reporting to the hook.
648 */
649
650 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
651 if (*nonce <= '0' || '9' < *nonce) {
652 retval = NONCE_BAD;
653 goto leave;
654 }
655 stamp = parse_timestamp(nonce, &bohmac, 10);
656 if (bohmac == nonce || bohmac[0] != '-') {
657 retval = NONCE_BAD;
658 goto leave;
659 }
660
661 noncelen = strlen(nonce);
662 expect = prepare_push_cert_nonce(service_dir, stamp);
663 if (noncelen != strlen(expect)) {
664 /* This is not even the right size. */
665 retval = NONCE_BAD;
666 goto leave;
667 }
668 if (constant_memequal(expect, nonce, noncelen)) {
669 /* Not what we would have signed earlier */
670 retval = NONCE_BAD;
671 goto leave;
672 }
673
674 /*
675 * By how many seconds is this nonce stale? Negative value
676 * would mean it was issued by another server with its clock
677 * skewed in the future.
678 */
679 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
680 nonce_stamp_slop = (long)ostamp - (long)stamp;
681
682 if (nonce_stamp_slop_limit &&
683 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
684 /*
685 * Pretend as if the received nonce (which passes the
686 * HMAC check, so it is not a forged by third-party)
687 * is what we issued.
688 */
689 free((void *)push_cert_nonce);
690 push_cert_nonce = xstrdup(nonce);
691 retval = NONCE_OK;
692 } else {
693 retval = NONCE_SLOP;
694 }
695
696 leave:
697 free(nonce);
698 free(expect);
699 return retval;
700 }
701
702 /*
703 * Return 1 if there is no push_cert or if the push options in push_cert are
704 * the same as those in the argument; 0 otherwise.
705 */
706 static int check_cert_push_options(const struct string_list *push_options)
707 {
708 const char *buf = push_cert.buf;
709 int len = push_cert.len;
710
711 char *option;
712 const char *next_line;
713 int options_seen = 0;
714
715 int retval = 1;
716
717 if (!len)
718 return 1;
719
720 while ((option = find_header(buf, len, "push-option", &next_line))) {
721 len -= (next_line - buf);
722 buf = next_line;
723 options_seen++;
724 if (options_seen > push_options->nr
725 || strcmp(option,
726 push_options->items[options_seen - 1].string)) {
727 retval = 0;
728 goto leave;
729 }
730 free(option);
731 }
732
733 if (options_seen != push_options->nr)
734 retval = 0;
735
736 leave:
737 free(option);
738 return retval;
739 }
740
741 static void prepare_push_cert_sha1(struct child_process *proc)
742 {
743 static int already_done;
744
745 if (!push_cert.len)
746 return;
747
748 if (!already_done) {
749 int bogs /* beginning_of_gpg_sig */;
750
751 already_done = 1;
752 if (write_object_file(push_cert.buf, push_cert.len, OBJ_BLOB,
753 &push_cert_oid))
754 oidclr(&push_cert_oid);
755
756 memset(&sigcheck, '\0', sizeof(sigcheck));
757
758 bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
759 sigcheck.payload = xmemdupz(push_cert.buf, bogs);
760 sigcheck.payload_len = bogs;
761 check_signature(&sigcheck, push_cert.buf + bogs,
762 push_cert.len - bogs);
763
764 nonce_status = check_nonce(push_cert.buf, bogs);
765 }
766 if (!is_null_oid(&push_cert_oid)) {
767 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
768 oid_to_hex(&push_cert_oid));
769 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
770 sigcheck.signer ? sigcheck.signer : "");
771 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s",
772 sigcheck.key ? sigcheck.key : "");
773 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c",
774 sigcheck.result);
775 if (push_cert_nonce) {
776 strvec_pushf(&proc->env,
777 "GIT_PUSH_CERT_NONCE=%s",
778 push_cert_nonce);
779 strvec_pushf(&proc->env,
780 "GIT_PUSH_CERT_NONCE_STATUS=%s",
781 nonce_status);
782 if (nonce_status == NONCE_SLOP)
783 strvec_pushf(&proc->env,
784 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
785 nonce_stamp_slop);
786 }
787 }
788 }
789
790 struct receive_hook_feed_state {
791 struct command *cmd;
792 struct ref_push_report *report;
793 int skip_broken;
794 struct strbuf buf;
795 const struct string_list *push_options;
796 };
797
798 typedef int (*feed_fn)(void *, const char **, size_t *);
799 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
800 struct receive_hook_feed_state *feed_state)
801 {
802 struct child_process proc = CHILD_PROCESS_INIT;
803 struct async muxer;
804 int code;
805 const char *hook_path = find_hook(hook_name);
806
807 if (!hook_path)
808 return 0;
809
810 strvec_push(&proc.args, hook_path);
811 proc.in = -1;
812 proc.stdout_to_stderr = 1;
813 proc.trace2_hook_name = hook_name;
814
815 if (feed_state->push_options) {
816 size_t i;
817 for (i = 0; i < feed_state->push_options->nr; i++)
818 strvec_pushf(&proc.env,
819 "GIT_PUSH_OPTION_%"PRIuMAX"=%s",
820 (uintmax_t)i,
821 feed_state->push_options->items[i].string);
822 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"",
823 (uintmax_t)feed_state->push_options->nr);
824 } else
825 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT");
826
827 if (tmp_objdir)
828 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir));
829
830 if (use_sideband) {
831 memset(&muxer, 0, sizeof(muxer));
832 muxer.proc = copy_to_sideband;
833 muxer.in = -1;
834 code = start_async(&muxer);
835 if (code)
836 return code;
837 proc.err = muxer.in;
838 }
839
840 prepare_push_cert_sha1(&proc);
841
842 code = start_command(&proc);
843 if (code) {
844 if (use_sideband)
845 finish_async(&muxer);
846 return code;
847 }
848
849 sigchain_push(SIGPIPE, SIG_IGN);
850
851 while (1) {
852 const char *buf;
853 size_t n;
854 if (feed(feed_state, &buf, &n))
855 break;
856 if (write_in_full(proc.in, buf, n) < 0)
857 break;
858 }
859 close(proc.in);
860 if (use_sideband)
861 finish_async(&muxer);
862
863 sigchain_pop(SIGPIPE);
864
865 return finish_command(&proc);
866 }
867
868 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
869 {
870 struct receive_hook_feed_state *state = state_;
871 struct command *cmd = state->cmd;
872
873 while (cmd &&
874 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
875 cmd = cmd->next;
876 if (!cmd)
877 return -1; /* EOF */
878 if (!bufp)
879 return 0; /* OK, can feed something. */
880 strbuf_reset(&state->buf);
881 if (!state->report)
882 state->report = cmd->report;
883 if (state->report) {
884 struct object_id *old_oid;
885 struct object_id *new_oid;
886 const char *ref_name;
887
888 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid;
889 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid;
890 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name;
891 strbuf_addf(&state->buf, "%s %s %s\n",
892 oid_to_hex(old_oid), oid_to_hex(new_oid),
893 ref_name);
894 state->report = state->report->next;
895 if (!state->report)
896 state->cmd = cmd->next;
897 } else {
898 strbuf_addf(&state->buf, "%s %s %s\n",
899 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
900 cmd->ref_name);
901 state->cmd = cmd->next;
902 }
903 if (bufp) {
904 *bufp = state->buf.buf;
905 *sizep = state->buf.len;
906 }
907 return 0;
908 }
909
910 static int run_receive_hook(struct command *commands,
911 const char *hook_name,
912 int skip_broken,
913 const struct string_list *push_options)
914 {
915 struct receive_hook_feed_state state;
916 int status;
917
918 strbuf_init(&state.buf, 0);
919 state.cmd = commands;
920 state.skip_broken = skip_broken;
921 state.report = NULL;
922 if (feed_receive_hook(&state, NULL, NULL))
923 return 0;
924 state.cmd = commands;
925 state.push_options = push_options;
926 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
927 strbuf_release(&state.buf);
928 return status;
929 }
930
931 static int run_update_hook(struct command *cmd)
932 {
933 struct child_process proc = CHILD_PROCESS_INIT;
934 int code;
935 const char *hook_path = find_hook("update");
936
937 if (!hook_path)
938 return 0;
939
940 strvec_push(&proc.args, hook_path);
941 strvec_push(&proc.args, cmd->ref_name);
942 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid));
943 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid));
944
945 proc.no_stdin = 1;
946 proc.stdout_to_stderr = 1;
947 proc.err = use_sideband ? -1 : 0;
948 proc.trace2_hook_name = "update";
949
950 code = start_command(&proc);
951 if (code)
952 return code;
953 if (use_sideband)
954 copy_to_sideband(proc.err, -1, NULL);
955 return finish_command(&proc);
956 }
957
958 static struct command *find_command_by_refname(struct command *list,
959 const char *refname)
960 {
961 for (; list; list = list->next)
962 if (!strcmp(list->ref_name, refname))
963 return list;
964 return NULL;
965 }
966
967 static int read_proc_receive_report(struct packet_reader *reader,
968 struct command *commands,
969 struct strbuf *errmsg)
970 {
971 struct command *cmd;
972 struct command *hint = NULL;
973 struct ref_push_report *report = NULL;
974 int new_report = 0;
975 int code = 0;
976 int once = 0;
977 int response = 0;
978
979 for (;;) {
980 struct object_id old_oid, new_oid;
981 const char *head;
982 const char *refname;
983 char *p;
984 enum packet_read_status status;
985
986 status = packet_reader_read(reader);
987 if (status != PACKET_READ_NORMAL) {
988 /* Check whether proc-receive exited abnormally */
989 if (status == PACKET_READ_EOF && !response) {
990 strbuf_addstr(errmsg, "proc-receive exited abnormally");
991 return -1;
992 }
993 break;
994 }
995 response++;
996
997 head = reader->line;
998 p = strchr(head, ' ');
999 if (!p) {
1000 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);
1001 code = -1;
1002 continue;
1003 }
1004 *p++ = '\0';
1005 if (!strcmp(head, "option")) {
1006 const char *key, *val;
1007
1008 if (!hint || !(report || new_report)) {
1009 if (!once++)
1010 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n");
1011 code = -1;
1012 continue;
1013 }
1014 if (new_report) {
1015 if (!hint->report) {
1016 CALLOC_ARRAY(hint->report, 1);
1017 report = hint->report;
1018 } else {
1019 report = hint->report;
1020 while (report->next)
1021 report = report->next;
1022 report->next = xcalloc(1, sizeof(struct ref_push_report));
1023 report = report->next;
1024 }
1025 new_report = 0;
1026 }
1027 key = p;
1028 p = strchr(key, ' ');
1029 if (p)
1030 *p++ = '\0';
1031 val = p;
1032 if (!strcmp(key, "refname"))
1033 report->ref_name = xstrdup_or_null(val);
1034 else if (!strcmp(key, "old-oid") && val &&
1035 !parse_oid_hex(val, &old_oid, &val))
1036 report->old_oid = oiddup(&old_oid);
1037 else if (!strcmp(key, "new-oid") && val &&
1038 !parse_oid_hex(val, &new_oid, &val))
1039 report->new_oid = oiddup(&new_oid);
1040 else if (!strcmp(key, "forced-update"))
1041 report->forced_update = 1;
1042 else if (!strcmp(key, "fall-through"))
1043 /* Fall through, let 'receive-pack' to execute it. */
1044 hint->run_proc_receive = 0;
1045 continue;
1046 }
1047
1048 report = NULL;
1049 new_report = 0;
1050 refname = p;
1051 p = strchr(refname, ' ');
1052 if (p)
1053 *p++ = '\0';
1054 if (strcmp(head, "ok") && strcmp(head, "ng")) {
1055 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n",
1056 head, refname);
1057 code = -1;
1058 continue;
1059 }
1060
1061 /* first try searching at our hint, falling back to all refs */
1062 if (hint)
1063 hint = find_command_by_refname(hint, refname);
1064 if (!hint)
1065 hint = find_command_by_refname(commands, refname);
1066 if (!hint) {
1067 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n",
1068 refname);
1069 code = -1;
1070 continue;
1071 }
1072 if (!hint->run_proc_receive) {
1073 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n",
1074 refname);
1075 code = -1;
1076 continue;
1077 }
1078 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED;
1079 if (!strcmp(head, "ng")) {
1080 if (p)
1081 hint->error_string = xstrdup(p);
1082 else
1083 hint->error_string = "failed";
1084 code = -1;
1085 continue;
1086 }
1087 new_report = 1;
1088 }
1089
1090 for (cmd = commands; cmd; cmd = cmd->next)
1091 if (cmd->run_proc_receive && !cmd->error_string &&
1092 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) {
1093 cmd->error_string = "proc-receive failed to report status";
1094 code = -1;
1095 }
1096 return code;
1097 }
1098
1099 static int run_proc_receive_hook(struct command *commands,
1100 const struct string_list *push_options)
1101 {
1102 struct child_process proc = CHILD_PROCESS_INIT;
1103 struct async muxer;
1104 struct command *cmd;
1105 struct packet_reader reader;
1106 struct strbuf cap = STRBUF_INIT;
1107 struct strbuf errmsg = STRBUF_INIT;
1108 int hook_use_push_options = 0;
1109 int version = 0;
1110 int code;
1111 const char *hook_path = find_hook("proc-receive");
1112
1113 if (!hook_path) {
1114 rp_error("cannot find hook 'proc-receive'");
1115 return -1;
1116 }
1117
1118 strvec_push(&proc.args, hook_path);
1119 proc.in = -1;
1120 proc.out = -1;
1121 proc.trace2_hook_name = "proc-receive";
1122
1123 if (use_sideband) {
1124 memset(&muxer, 0, sizeof(muxer));
1125 muxer.proc = copy_to_sideband;
1126 muxer.in = -1;
1127 code = start_async(&muxer);
1128 if (code)
1129 return code;
1130 proc.err = muxer.in;
1131 } else {
1132 proc.err = 0;
1133 }
1134
1135 code = start_command(&proc);
1136 if (code) {
1137 if (use_sideband)
1138 finish_async(&muxer);
1139 return code;
1140 }
1141
1142 sigchain_push(SIGPIPE, SIG_IGN);
1143
1144 /* Version negotiaton */
1145 packet_reader_init(&reader, proc.out, NULL, 0,
1146 PACKET_READ_CHOMP_NEWLINE |
1147 PACKET_READ_GENTLE_ON_EOF);
1148 if (use_atomic)
1149 strbuf_addstr(&cap, " atomic");
1150 if (use_push_options)
1151 strbuf_addstr(&cap, " push-options");
1152 if (cap.len) {
1153 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1);
1154 strbuf_release(&cap);
1155 } else {
1156 code = packet_write_fmt_gently(proc.in, "version=1\n");
1157 }
1158 if (!code)
1159 code = packet_flush_gently(proc.in);
1160
1161 if (!code)
1162 for (;;) {
1163 int linelen;
1164 enum packet_read_status status;
1165
1166 status = packet_reader_read(&reader);
1167 if (status != PACKET_READ_NORMAL) {
1168 /* Check whether proc-receive exited abnormally */
1169 if (status == PACKET_READ_EOF)
1170 code = -1;
1171 break;
1172 }
1173
1174 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) {
1175 version = atoi(reader.line + 8);
1176 linelen = strlen(reader.line);
1177 if (linelen < reader.pktlen) {
1178 const char *feature_list = reader.line + linelen + 1;
1179 if (parse_feature_request(feature_list, "push-options"))
1180 hook_use_push_options = 1;
1181 }
1182 }
1183 }
1184
1185 if (code) {
1186 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook");
1187 goto cleanup;
1188 }
1189
1190 switch (version) {
1191 case 0:
1192 /* fallthrough */
1193 case 1:
1194 break;
1195 default:
1196 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported",
1197 version);
1198 code = -1;
1199 goto cleanup;
1200 }
1201
1202 /* Send commands */
1203 for (cmd = commands; cmd; cmd = cmd->next) {
1204 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string)
1205 continue;
1206 code = packet_write_fmt_gently(proc.in, "%s %s %s",
1207 oid_to_hex(&cmd->old_oid),
1208 oid_to_hex(&cmd->new_oid),
1209 cmd->ref_name);
1210 if (code)
1211 break;
1212 }
1213 if (!code)
1214 code = packet_flush_gently(proc.in);
1215 if (code) {
1216 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook");
1217 goto cleanup;
1218 }
1219
1220 /* Send push options */
1221 if (hook_use_push_options) {
1222 struct string_list_item *item;
1223
1224 for_each_string_list_item(item, push_options) {
1225 code = packet_write_fmt_gently(proc.in, "%s", item->string);
1226 if (code)
1227 break;
1228 }
1229 if (!code)
1230 code = packet_flush_gently(proc.in);
1231 if (code) {
1232 strbuf_addstr(&errmsg,
1233 "fail to write push-options to proc-receive hook");
1234 goto cleanup;
1235 }
1236 }
1237
1238 /* Read result from proc-receive */
1239 code = read_proc_receive_report(&reader, commands, &errmsg);
1240
1241 cleanup:
1242 close(proc.in);
1243 close(proc.out);
1244 if (use_sideband)
1245 finish_async(&muxer);
1246 if (finish_command(&proc))
1247 code = -1;
1248 if (errmsg.len >0) {
1249 char *p = errmsg.buf;
1250
1251 p += errmsg.len - 1;
1252 if (*p == '\n')
1253 *p = '\0';
1254 rp_error("%s", errmsg.buf);
1255 strbuf_release(&errmsg);
1256 }
1257 sigchain_pop(SIGPIPE);
1258
1259 return code;
1260 }
1261
1262 static char *refuse_unconfigured_deny_msg =
1263 N_("By default, updating the current branch in a non-bare repository\n"
1264 "is denied, because it will make the index and work tree inconsistent\n"
1265 "with what you pushed, and will require 'git reset --hard' to match\n"
1266 "the work tree to HEAD.\n"
1267 "\n"
1268 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
1269 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
1270 "its current branch; however, this is not recommended unless you\n"
1271 "arranged to update its work tree to match what you pushed in some\n"
1272 "other way.\n"
1273 "\n"
1274 "To squelch this message and still keep the default behaviour, set\n"
1275 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
1276
1277 static void refuse_unconfigured_deny(void)
1278 {
1279 rp_error("%s", _(refuse_unconfigured_deny_msg));
1280 }
1281
1282 static char *refuse_unconfigured_deny_delete_current_msg =
1283 N_("By default, deleting the current branch is denied, because the next\n"
1284 "'git clone' won't result in any file checked out, causing confusion.\n"
1285 "\n"
1286 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
1287 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
1288 "current branch, with or without a warning message.\n"
1289 "\n"
1290 "To squelch this message, you can set it to 'refuse'.");
1291
1292 static void refuse_unconfigured_deny_delete_current(void)
1293 {
1294 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
1295 }
1296
1297 static const struct object_id *command_singleton_iterator(void *cb_data);
1298 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
1299 {
1300 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
1301 struct oid_array extra = OID_ARRAY_INIT;
1302 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1303 uint32_t mask = 1 << (cmd->index % 32);
1304 int i;
1305
1306 trace_printf_key(&trace_shallow,
1307 "shallow: update_shallow_ref %s\n", cmd->ref_name);
1308 for (i = 0; i < si->shallow->nr; i++)
1309 if (si->used_shallow[i] &&
1310 (si->used_shallow[i][cmd->index / 32] & mask) &&
1311 !delayed_reachability_test(si, i))
1312 oid_array_append(&extra, &si->shallow->oid[i]);
1313
1314 opt.env = tmp_objdir_env(tmp_objdir);
1315 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
1316 if (check_connected(command_singleton_iterator, cmd, &opt)) {
1317 rollback_shallow_file(the_repository, &shallow_lock);
1318 oid_array_clear(&extra);
1319 return -1;
1320 }
1321
1322 commit_shallow_file(the_repository, &shallow_lock);
1323
1324 /*
1325 * Make sure setup_alternate_shallow() for the next ref does
1326 * not lose these new roots..
1327 */
1328 for (i = 0; i < extra.nr; i++)
1329 register_shallow(the_repository, &extra.oid[i]);
1330
1331 si->shallow_ref[cmd->index] = 0;
1332 oid_array_clear(&extra);
1333 return 0;
1334 }
1335
1336 /*
1337 * NEEDSWORK: we should consolidate various implementions of "are we
1338 * on an unborn branch?" test into one, and make the unified one more
1339 * robust. !get_sha1() based check used here and elsewhere would not
1340 * allow us to tell an unborn branch from corrupt ref, for example.
1341 * For the purpose of fixing "deploy-to-update does not work when
1342 * pushing into an empty repository" issue, this should suffice for
1343 * now.
1344 */
1345 static int head_has_history(void)
1346 {
1347 struct object_id oid;
1348
1349 return !get_oid("HEAD", &oid);
1350 }
1351
1352 static const char *push_to_deploy(unsigned char *sha1,
1353 struct strvec *env,
1354 const char *work_tree)
1355 {
1356 struct child_process child = CHILD_PROCESS_INIT;
1357
1358 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules",
1359 "--refresh", NULL);
1360 strvec_pushv(&child.env, env->v);
1361 child.dir = work_tree;
1362 child.no_stdin = 1;
1363 child.stdout_to_stderr = 1;
1364 child.git_cmd = 1;
1365 if (run_command(&child))
1366 return "Up-to-date check failed";
1367
1368 /* run_command() does not clean up completely; reinitialize */
1369 child_process_init(&child);
1370 strvec_pushl(&child.args, "diff-files", "--quiet",
1371 "--ignore-submodules", "--", NULL);
1372 strvec_pushv(&child.env, env->v);
1373 child.dir = work_tree;
1374 child.no_stdin = 1;
1375 child.stdout_to_stderr = 1;
1376 child.git_cmd = 1;
1377 if (run_command(&child))
1378 return "Working directory has unstaged changes";
1379
1380 child_process_init(&child);
1381 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached",
1382 "--ignore-submodules",
1383 /* diff-index with either HEAD or an empty tree */
1384 head_has_history() ? "HEAD" : empty_tree_oid_hex(),
1385 "--", NULL);
1386 strvec_pushv(&child.env, env->v);
1387 child.no_stdin = 1;
1388 child.no_stdout = 1;
1389 child.stdout_to_stderr = 0;
1390 child.git_cmd = 1;
1391 if (run_command(&child))
1392 return "Working directory has staged changes";
1393
1394 child_process_init(&child);
1395 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1),
1396 NULL);
1397 strvec_pushv(&child.env, env->v);
1398 child.dir = work_tree;
1399 child.no_stdin = 1;
1400 child.no_stdout = 1;
1401 child.stdout_to_stderr = 0;
1402 child.git_cmd = 1;
1403 if (run_command(&child))
1404 return "Could not update working tree to new HEAD";
1405
1406 return NULL;
1407 }
1408
1409 static const char *push_to_checkout_hook = "push-to-checkout";
1410
1411 static const char *push_to_checkout(unsigned char *hash,
1412 int *invoked_hook,
1413 struct strvec *env,
1414 const char *work_tree)
1415 {
1416 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
1417 opt.invoked_hook = invoked_hook;
1418
1419 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1420 strvec_pushv(&opt.env, env->v);
1421 strvec_push(&opt.args, hash_to_hex(hash));
1422 if (run_hooks_opt(push_to_checkout_hook, &opt))
1423 return "push-to-checkout hook declined";
1424 else
1425 return NULL;
1426 }
1427
1428 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1429 {
1430 const char *retval, *git_dir;
1431 struct strvec env = STRVEC_INIT;
1432 int invoked_hook;
1433
1434 if (!worktree || !worktree->path)
1435 BUG("worktree->path must be non-NULL");
1436
1437 if (worktree->is_bare)
1438 return "denyCurrentBranch = updateInstead needs a worktree";
1439 git_dir = get_worktree_git_dir(worktree);
1440
1441 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1442
1443 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
1444 if (!invoked_hook)
1445 retval = push_to_deploy(sha1, &env, worktree->path);
1446
1447 strvec_clear(&env);
1448 return retval;
1449 }
1450
1451 static const char *update(struct command *cmd, struct shallow_info *si)
1452 {
1453 const char *name = cmd->ref_name;
1454 struct strbuf namespaced_name_buf = STRBUF_INIT;
1455 static char *namespaced_name;
1456 const char *ret;
1457 struct object_id *old_oid = &cmd->old_oid;
1458 struct object_id *new_oid = &cmd->new_oid;
1459 int do_update_worktree = 0;
1460 struct worktree **worktrees = get_worktrees();
1461 const struct worktree *worktree =
1462 find_shared_symref(worktrees, "HEAD", name);
1463
1464 /* only refs/... are allowed */
1465 if (!starts_with(name, "refs/") ||
1466 check_refname_format(name + 5, is_null_oid(new_oid) ?
1467 REFNAME_ALLOW_ONELEVEL : 0)) {
1468 rp_error("refusing to update funny ref '%s' remotely", name);
1469 ret = "funny refname";
1470 goto out;
1471 }
1472
1473 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1474 free(namespaced_name);
1475 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1476
1477 if (worktree && !worktree->is_bare) {
1478 switch (deny_current_branch) {
1479 case DENY_IGNORE:
1480 break;
1481 case DENY_WARN:
1482 rp_warning("updating the current branch");
1483 break;
1484 case DENY_REFUSE:
1485 case DENY_UNCONFIGURED:
1486 rp_error("refusing to update checked out branch: %s", name);
1487 if (deny_current_branch == DENY_UNCONFIGURED)
1488 refuse_unconfigured_deny();
1489 ret = "branch is currently checked out";
1490 goto out;
1491 case DENY_UPDATE_INSTEAD:
1492 /* pass -- let other checks intervene first */
1493 do_update_worktree = 1;
1494 break;
1495 }
1496 }
1497
1498 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1499 error("unpack should have generated %s, "
1500 "but I can't find it!", oid_to_hex(new_oid));
1501 ret = "bad pack";
1502 goto out;
1503 }
1504
1505 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1506 if (deny_deletes && starts_with(name, "refs/heads/")) {
1507 rp_error("denying ref deletion for %s", name);
1508 ret = "deletion prohibited";
1509 goto out;
1510 }
1511
1512 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1513 switch (deny_delete_current) {
1514 case DENY_IGNORE:
1515 break;
1516 case DENY_WARN:
1517 rp_warning("deleting the current branch");
1518 break;
1519 case DENY_REFUSE:
1520 case DENY_UNCONFIGURED:
1521 case DENY_UPDATE_INSTEAD:
1522 if (deny_delete_current == DENY_UNCONFIGURED)
1523 refuse_unconfigured_deny_delete_current();
1524 rp_error("refusing to delete the current branch: %s", name);
1525 ret = "deletion of the current branch prohibited";
1526 goto out;
1527 default:
1528 ret = "Invalid denyDeleteCurrent setting";
1529 goto out;
1530 }
1531 }
1532 }
1533
1534 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1535 !is_null_oid(old_oid) &&
1536 starts_with(name, "refs/heads/")) {
1537 struct object *old_object, *new_object;
1538 struct commit *old_commit, *new_commit;
1539
1540 old_object = parse_object(the_repository, old_oid);
1541 new_object = parse_object(the_repository, new_oid);
1542
1543 if (!old_object || !new_object ||
1544 old_object->type != OBJ_COMMIT ||
1545 new_object->type != OBJ_COMMIT) {
1546 error("bad sha1 objects for %s", name);
1547 ret = "bad ref";
1548 goto out;
1549 }
1550 old_commit = (struct commit *)old_object;
1551 new_commit = (struct commit *)new_object;
1552 if (!in_merge_bases(old_commit, new_commit)) {
1553 rp_error("denying non-fast-forward %s"
1554 " (you should pull first)", name);
1555 ret = "non-fast-forward";
1556 goto out;
1557 }
1558 }
1559 if (run_update_hook(cmd)) {
1560 rp_error("hook declined to update %s", name);
1561 ret = "hook declined";
1562 goto out;
1563 }
1564
1565 if (do_update_worktree) {
1566 ret = update_worktree(new_oid->hash, worktree);
1567 if (ret)
1568 goto out;
1569 }
1570
1571 if (is_null_oid(new_oid)) {
1572 struct strbuf err = STRBUF_INIT;
1573 if (!parse_object(the_repository, old_oid)) {
1574 old_oid = NULL;
1575 if (ref_exists(name)) {
1576 rp_warning("allowing deletion of corrupt ref");
1577 } else {
1578 rp_warning("deleting a non-existent ref");
1579 cmd->did_not_exist = 1;
1580 }
1581 }
1582 if (ref_transaction_delete(transaction,
1583 namespaced_name,
1584 old_oid,
1585 0, "push", &err)) {
1586 rp_error("%s", err.buf);
1587 ret = "failed to delete";
1588 } else {
1589 ret = NULL; /* good */
1590 }
1591 strbuf_release(&err);
1592 }
1593 else {
1594 struct strbuf err = STRBUF_INIT;
1595 if (shallow_update && si->shallow_ref[cmd->index] &&
1596 update_shallow_ref(cmd, si)) {
1597 ret = "shallow error";
1598 goto out;
1599 }
1600
1601 if (ref_transaction_update(transaction,
1602 namespaced_name,
1603 new_oid, old_oid,
1604 0, "push",
1605 &err)) {
1606 rp_error("%s", err.buf);
1607 ret = "failed to update ref";
1608 } else {
1609 ret = NULL; /* good */
1610 }
1611 strbuf_release(&err);
1612 }
1613
1614 out:
1615 free_worktrees(worktrees);
1616 return ret;
1617 }
1618
1619 static void run_update_post_hook(struct command *commands)
1620 {
1621 struct command *cmd;
1622 struct child_process proc = CHILD_PROCESS_INIT;
1623 const char *hook;
1624
1625 hook = find_hook("post-update");
1626 if (!hook)
1627 return;
1628
1629 for (cmd = commands; cmd; cmd = cmd->next) {
1630 if (cmd->error_string || cmd->did_not_exist)
1631 continue;
1632 if (!proc.args.nr)
1633 strvec_push(&proc.args, hook);
1634 strvec_push(&proc.args, cmd->ref_name);
1635 }
1636 if (!proc.args.nr)
1637 return;
1638
1639 proc.no_stdin = 1;
1640 proc.stdout_to_stderr = 1;
1641 proc.err = use_sideband ? -1 : 0;
1642 proc.trace2_hook_name = "post-update";
1643
1644 if (!start_command(&proc)) {
1645 if (use_sideband)
1646 copy_to_sideband(proc.err, -1, NULL);
1647 finish_command(&proc);
1648 }
1649 }
1650
1651 static void check_aliased_update_internal(struct command *cmd,
1652 struct string_list *list,
1653 const char *dst_name, int flag)
1654 {
1655 struct string_list_item *item;
1656 struct command *dst_cmd;
1657
1658 if (!(flag & REF_ISSYMREF))
1659 return;
1660
1661 if (!dst_name) {
1662 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1663 cmd->skip_update = 1;
1664 cmd->error_string = "broken symref";
1665 return;
1666 }
1667 dst_name = strip_namespace(dst_name);
1668
1669 if (!(item = string_list_lookup(list, dst_name)))
1670 return;
1671
1672 cmd->skip_update = 1;
1673
1674 dst_cmd = (struct command *) item->util;
1675
1676 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1677 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1678 return;
1679
1680 dst_cmd->skip_update = 1;
1681
1682 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1683 " its target '%s' (%s..%s)",
1684 cmd->ref_name,
1685 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1686 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1687 dst_cmd->ref_name,
1688 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1689 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1690
1691 cmd->error_string = dst_cmd->error_string =
1692 "inconsistent aliased update";
1693 }
1694
1695 static void check_aliased_update(struct command *cmd, struct string_list *list)
1696 {
1697 struct strbuf buf = STRBUF_INIT;
1698 const char *dst_name;
1699 int flag;
1700
1701 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1702 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1703 check_aliased_update_internal(cmd, list, dst_name, flag);
1704 strbuf_release(&buf);
1705 }
1706
1707 static void check_aliased_updates(struct command *commands)
1708 {
1709 struct command *cmd;
1710 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1711
1712 for (cmd = commands; cmd; cmd = cmd->next) {
1713 struct string_list_item *item =
1714 string_list_append(&ref_list, cmd->ref_name);
1715 item->util = (void *)cmd;
1716 }
1717 string_list_sort(&ref_list);
1718
1719 for (cmd = commands; cmd; cmd = cmd->next) {
1720 if (!cmd->error_string)
1721 check_aliased_update(cmd, &ref_list);
1722 }
1723
1724 string_list_clear(&ref_list, 0);
1725 }
1726
1727 static const struct object_id *command_singleton_iterator(void *cb_data)
1728 {
1729 struct command **cmd_list = cb_data;
1730 struct command *cmd = *cmd_list;
1731
1732 if (!cmd || is_null_oid(&cmd->new_oid))
1733 return NULL;
1734 *cmd_list = NULL; /* this returns only one */
1735 return &cmd->new_oid;
1736 }
1737
1738 static void set_connectivity_errors(struct command *commands,
1739 struct shallow_info *si)
1740 {
1741 struct command *cmd;
1742
1743 for (cmd = commands; cmd; cmd = cmd->next) {
1744 struct command *singleton = cmd;
1745 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1746
1747 if (shallow_update && si->shallow_ref[cmd->index])
1748 /* to be checked in update_shallow_ref() */
1749 continue;
1750
1751 opt.env = tmp_objdir_env(tmp_objdir);
1752 if (!check_connected(command_singleton_iterator, &singleton,
1753 &opt))
1754 continue;
1755
1756 cmd->error_string = "missing necessary objects";
1757 }
1758 }
1759
1760 struct iterate_data {
1761 struct command *cmds;
1762 struct shallow_info *si;
1763 };
1764
1765 static const struct object_id *iterate_receive_command_list(void *cb_data)
1766 {
1767 struct iterate_data *data = cb_data;
1768 struct command **cmd_list = &data->cmds;
1769 struct command *cmd = *cmd_list;
1770
1771 for (; cmd; cmd = cmd->next) {
1772 if (shallow_update && data->si->shallow_ref[cmd->index])
1773 /* to be checked in update_shallow_ref() */
1774 continue;
1775 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1776 *cmd_list = cmd->next;
1777 return &cmd->new_oid;
1778 }
1779 }
1780 return NULL;
1781 }
1782
1783 static void reject_updates_to_hidden(struct command *commands)
1784 {
1785 struct strbuf refname_full = STRBUF_INIT;
1786 size_t prefix_len;
1787 struct command *cmd;
1788
1789 strbuf_addstr(&refname_full, get_git_namespace());
1790 prefix_len = refname_full.len;
1791
1792 for (cmd = commands; cmd; cmd = cmd->next) {
1793 if (cmd->error_string)
1794 continue;
1795
1796 strbuf_setlen(&refname_full, prefix_len);
1797 strbuf_addstr(&refname_full, cmd->ref_name);
1798
1799 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs))
1800 continue;
1801 if (is_null_oid(&cmd->new_oid))
1802 cmd->error_string = "deny deleting a hidden ref";
1803 else
1804 cmd->error_string = "deny updating a hidden ref";
1805 }
1806
1807 strbuf_release(&refname_full);
1808 }
1809
1810 static int should_process_cmd(struct command *cmd)
1811 {
1812 return !cmd->error_string && !cmd->skip_update;
1813 }
1814
1815 static void BUG_if_skipped_connectivity_check(struct command *commands,
1816 struct shallow_info *si)
1817 {
1818 struct command *cmd;
1819
1820 for (cmd = commands; cmd; cmd = cmd->next) {
1821 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index])
1822 bug("connectivity check has not been run on ref %s",
1823 cmd->ref_name);
1824 }
1825 BUG_if_bug("connectivity check skipped???");
1826 }
1827
1828 static void execute_commands_non_atomic(struct command *commands,
1829 struct shallow_info *si)
1830 {
1831 struct command *cmd;
1832 struct strbuf err = STRBUF_INIT;
1833
1834 for (cmd = commands; cmd; cmd = cmd->next) {
1835 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1836 continue;
1837
1838 transaction = ref_transaction_begin(&err);
1839 if (!transaction) {
1840 rp_error("%s", err.buf);
1841 strbuf_reset(&err);
1842 cmd->error_string = "transaction failed to start";
1843 continue;
1844 }
1845
1846 cmd->error_string = update(cmd, si);
1847
1848 if (!cmd->error_string
1849 && ref_transaction_commit(transaction, &err)) {
1850 rp_error("%s", err.buf);
1851 strbuf_reset(&err);
1852 cmd->error_string = "failed to update ref";
1853 }
1854 ref_transaction_free(transaction);
1855 }
1856 strbuf_release(&err);
1857 }
1858
1859 static void execute_commands_atomic(struct command *commands,
1860 struct shallow_info *si)
1861 {
1862 struct command *cmd;
1863 struct strbuf err = STRBUF_INIT;
1864 const char *reported_error = "atomic push failure";
1865
1866 transaction = ref_transaction_begin(&err);
1867 if (!transaction) {
1868 rp_error("%s", err.buf);
1869 strbuf_reset(&err);
1870 reported_error = "transaction failed to start";
1871 goto failure;
1872 }
1873
1874 for (cmd = commands; cmd; cmd = cmd->next) {
1875 if (!should_process_cmd(cmd) || cmd->run_proc_receive)
1876 continue;
1877
1878 cmd->error_string = update(cmd, si);
1879
1880 if (cmd->error_string)
1881 goto failure;
1882 }
1883
1884 if (ref_transaction_commit(transaction, &err)) {
1885 rp_error("%s", err.buf);
1886 reported_error = "atomic transaction failed";
1887 goto failure;
1888 }
1889 goto cleanup;
1890
1891 failure:
1892 for (cmd = commands; cmd; cmd = cmd->next)
1893 if (!cmd->error_string)
1894 cmd->error_string = reported_error;
1895
1896 cleanup:
1897 ref_transaction_free(transaction);
1898 strbuf_release(&err);
1899 }
1900
1901 static void execute_commands(struct command *commands,
1902 const char *unpacker_error,
1903 struct shallow_info *si,
1904 const struct string_list *push_options)
1905 {
1906 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1907 struct command *cmd;
1908 struct iterate_data data;
1909 struct async muxer;
1910 int err_fd = 0;
1911 int run_proc_receive = 0;
1912
1913 if (unpacker_error) {
1914 for (cmd = commands; cmd; cmd = cmd->next)
1915 cmd->error_string = "unpacker error";
1916 return;
1917 }
1918
1919 if (use_sideband) {
1920 memset(&muxer, 0, sizeof(muxer));
1921 muxer.proc = copy_to_sideband;
1922 muxer.in = -1;
1923 if (!start_async(&muxer))
1924 err_fd = muxer.in;
1925 /* ...else, continue without relaying sideband */
1926 }
1927
1928 data.cmds = commands;
1929 data.si = si;
1930 opt.err_fd = err_fd;
1931 opt.progress = err_fd && !quiet;
1932 opt.env = tmp_objdir_env(tmp_objdir);
1933 opt.exclude_hidden_refs_section = "receive";
1934
1935 if (check_connected(iterate_receive_command_list, &data, &opt))
1936 set_connectivity_errors(commands, si);
1937
1938 if (use_sideband)
1939 finish_async(&muxer);
1940
1941 reject_updates_to_hidden(commands);
1942
1943 /*
1944 * Try to find commands that have special prefix in their reference names,
1945 * and mark them to run an external "proc-receive" hook later.
1946 */
1947 if (proc_receive_ref) {
1948 for (cmd = commands; cmd; cmd = cmd->next) {
1949 if (!should_process_cmd(cmd))
1950 continue;
1951
1952 if (proc_receive_ref_matches(cmd)) {
1953 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED;
1954 run_proc_receive = 1;
1955 }
1956 }
1957 }
1958
1959 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1960 for (cmd = commands; cmd; cmd = cmd->next) {
1961 if (!cmd->error_string)
1962 cmd->error_string = "pre-receive hook declined";
1963 }
1964 return;
1965 }
1966
1967 /*
1968 * If there is no command ready to run, should return directly to destroy
1969 * temporary data in the quarantine area.
1970 */
1971 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
1972 ; /* nothing */
1973 if (!cmd)
1974 return;
1975
1976 /*
1977 * Now we'll start writing out refs, which means the objects need
1978 * to be in their final positions so that other processes can see them.
1979 */
1980 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1981 for (cmd = commands; cmd; cmd = cmd->next) {
1982 if (!cmd->error_string)
1983 cmd->error_string = "unable to migrate objects to permanent storage";
1984 }
1985 return;
1986 }
1987 tmp_objdir = NULL;
1988
1989 check_aliased_updates(commands);
1990
1991 free(head_name_to_free);
1992 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1993
1994 if (run_proc_receive &&
1995 run_proc_receive_hook(commands, push_options))
1996 for (cmd = commands; cmd; cmd = cmd->next)
1997 if (!cmd->error_string &&
1998 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) &&
1999 (cmd->run_proc_receive || use_atomic))
2000 cmd->error_string = "fail to run proc-receive hook";
2001
2002 if (use_atomic)
2003 execute_commands_atomic(commands, si);
2004 else
2005 execute_commands_non_atomic(commands, si);
2006
2007 if (shallow_update)
2008 BUG_if_skipped_connectivity_check(commands, si);
2009 }
2010
2011 static struct command **queue_command(struct command **tail,
2012 const char *line,
2013 int linelen)
2014 {
2015 struct object_id old_oid, new_oid;
2016 struct command *cmd;
2017 const char *refname;
2018 int reflen;
2019 const char *p;
2020
2021 if (parse_oid_hex(line, &old_oid, &p) ||
2022 *p++ != ' ' ||
2023 parse_oid_hex(p, &new_oid, &p) ||
2024 *p++ != ' ')
2025 die("protocol error: expected old/new/ref, got '%s'", line);
2026
2027 refname = p;
2028 reflen = linelen - (p - line);
2029 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
2030 oidcpy(&cmd->old_oid, &old_oid);
2031 oidcpy(&cmd->new_oid, &new_oid);
2032 *tail = cmd;
2033 return &cmd->next;
2034 }
2035
2036 static void free_commands(struct command *commands)
2037 {
2038 while (commands) {
2039 struct command *next = commands->next;
2040
2041 free(commands);
2042 commands = next;
2043 }
2044 }
2045
2046 static void queue_commands_from_cert(struct command **tail,
2047 struct strbuf *push_cert)
2048 {
2049 const char *boc, *eoc;
2050
2051 if (*tail)
2052 die("protocol error: got both push certificate and unsigned commands");
2053
2054 boc = strstr(push_cert->buf, "\n\n");
2055 if (!boc)
2056 die("malformed push certificate %.*s", 100, push_cert->buf);
2057 else
2058 boc += 2;
2059 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len);
2060
2061 while (boc < eoc) {
2062 const char *eol = memchr(boc, '\n', eoc - boc);
2063 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
2064 boc = eol ? eol + 1 : eoc;
2065 }
2066 }
2067
2068 static struct command *read_head_info(struct packet_reader *reader,
2069 struct oid_array *shallow)
2070 {
2071 struct command *commands = NULL;
2072 struct command **p = &commands;
2073 for (;;) {
2074 int linelen;
2075
2076 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2077 break;
2078
2079 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
2080 struct object_id oid;
2081 if (get_oid_hex(reader->line + 8, &oid))
2082 die("protocol error: expected shallow sha, got '%s'",
2083 reader->line + 8);
2084 oid_array_append(shallow, &oid);
2085 continue;
2086 }
2087
2088 linelen = strlen(reader->line);
2089 if (linelen < reader->pktlen) {
2090 const char *feature_list = reader->line + linelen + 1;
2091 const char *hash = NULL;
2092 const char *client_sid;
2093 int len = 0;
2094 if (parse_feature_request(feature_list, "report-status"))
2095 report_status = 1;
2096 if (parse_feature_request(feature_list, "report-status-v2"))
2097 report_status_v2 = 1;
2098 if (parse_feature_request(feature_list, "side-band-64k"))
2099 use_sideband = LARGE_PACKET_MAX;
2100 if (parse_feature_request(feature_list, "quiet"))
2101 quiet = 1;
2102 if (advertise_atomic_push
2103 && parse_feature_request(feature_list, "atomic"))
2104 use_atomic = 1;
2105 if (advertise_push_options
2106 && parse_feature_request(feature_list, "push-options"))
2107 use_push_options = 1;
2108 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
2109 if (!hash) {
2110 hash = hash_algos[GIT_HASH_SHA1].name;
2111 len = strlen(hash);
2112 }
2113 if (xstrncmpz(the_hash_algo->name, hash, len))
2114 die("error: unsupported object format '%s'", hash);
2115 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL);
2116 if (client_sid) {
2117 char *sid = xstrndup(client_sid, len);
2118 trace2_data_string("transfer", NULL, "client-sid", client_sid);
2119 free(sid);
2120 }
2121 }
2122
2123 if (!strcmp(reader->line, "push-cert")) {
2124 int true_flush = 0;
2125 int saved_options = reader->options;
2126 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
2127
2128 for (;;) {
2129 packet_reader_read(reader);
2130 if (reader->status == PACKET_READ_FLUSH) {
2131 true_flush = 1;
2132 break;
2133 }
2134 if (reader->status != PACKET_READ_NORMAL) {
2135 die("protocol error: got an unexpected packet");
2136 }
2137 if (!strcmp(reader->line, "push-cert-end\n"))
2138 break; /* end of cert */
2139 strbuf_addstr(&push_cert, reader->line);
2140 }
2141 reader->options = saved_options;
2142
2143 if (true_flush)
2144 break;
2145 continue;
2146 }
2147
2148 p = queue_command(p, reader->line, linelen);
2149 }
2150
2151 if (push_cert.len)
2152 queue_commands_from_cert(p, &push_cert);
2153
2154 return commands;
2155 }
2156
2157 static void read_push_options(struct packet_reader *reader,
2158 struct string_list *options)
2159 {
2160 while (1) {
2161 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
2162 break;
2163
2164 string_list_append(options, reader->line);
2165 }
2166 }
2167
2168 static const char *parse_pack_header(struct pack_header *hdr)
2169 {
2170 switch (read_pack_header(0, hdr)) {
2171 case PH_ERROR_EOF:
2172 return "eof before pack header was fully read";
2173
2174 case PH_ERROR_PACK_SIGNATURE:
2175 return "protocol error (pack signature mismatch detected)";
2176
2177 case PH_ERROR_PROTOCOL:
2178 return "protocol error (pack version unsupported)";
2179
2180 default:
2181 return "unknown error in parse_pack_header";
2182
2183 case 0:
2184 return NULL;
2185 }
2186 }
2187
2188 static const char *pack_lockfile;
2189
2190 static void push_header_arg(struct strvec *args, struct pack_header *hdr)
2191 {
2192 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
2193 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
2194 }
2195
2196 static const char *unpack(int err_fd, struct shallow_info *si)
2197 {
2198 struct pack_header hdr;
2199 const char *hdr_err;
2200 int status;
2201 struct child_process child = CHILD_PROCESS_INIT;
2202 int fsck_objects = (receive_fsck_objects >= 0
2203 ? receive_fsck_objects
2204 : transfer_fsck_objects >= 0
2205 ? transfer_fsck_objects
2206 : 0);
2207
2208 hdr_err = parse_pack_header(&hdr);
2209 if (hdr_err) {
2210 if (err_fd > 0)
2211 close(err_fd);
2212 return hdr_err;
2213 }
2214
2215 if (si->nr_ours || si->nr_theirs) {
2216 alt_shallow_file = setup_temporary_shallow(si->shallow);
2217 strvec_push(&child.args, "--shallow-file");
2218 strvec_push(&child.args, alt_shallow_file);
2219 }
2220
2221 tmp_objdir = tmp_objdir_create("incoming");
2222 if (!tmp_objdir) {
2223 if (err_fd > 0)
2224 close(err_fd);
2225 return "unable to create temporary object directory";
2226 }
2227 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir));
2228
2229 /*
2230 * Normally we just pass the tmp_objdir environment to the child
2231 * processes that do the heavy lifting, but we may need to see these
2232 * objects ourselves to set up shallow information.
2233 */
2234 tmp_objdir_add_as_alternate(tmp_objdir);
2235
2236 if (ntohl(hdr.hdr_entries) < unpack_limit) {
2237 strvec_push(&child.args, "unpack-objects");
2238 push_header_arg(&child.args, &hdr);
2239 if (quiet)
2240 strvec_push(&child.args, "-q");
2241 if (fsck_objects)
2242 strvec_pushf(&child.args, "--strict%s",
2243 fsck_msg_types.buf);
2244 if (max_input_size)
2245 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2246 (uintmax_t)max_input_size);
2247 child.no_stdout = 1;
2248 child.err = err_fd;
2249 child.git_cmd = 1;
2250 status = run_command(&child);
2251 if (status)
2252 return "unpack-objects abnormal exit";
2253 } else {
2254 char hostname[HOST_NAME_MAX + 1];
2255
2256 strvec_pushl(&child.args, "index-pack", "--stdin", NULL);
2257 push_header_arg(&child.args, &hdr);
2258
2259 if (xgethostname(hostname, sizeof(hostname)))
2260 xsnprintf(hostname, sizeof(hostname), "localhost");
2261 strvec_pushf(&child.args,
2262 "--keep=receive-pack %"PRIuMAX" on %s",
2263 (uintmax_t)getpid(),
2264 hostname);
2265
2266 if (!quiet && err_fd)
2267 strvec_push(&child.args, "--show-resolving-progress");
2268 if (use_sideband)
2269 strvec_push(&child.args, "--report-end-of-input");
2270 if (fsck_objects)
2271 strvec_pushf(&child.args, "--strict%s",
2272 fsck_msg_types.buf);
2273 if (!reject_thin)
2274 strvec_push(&child.args, "--fix-thin");
2275 if (max_input_size)
2276 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX,
2277 (uintmax_t)max_input_size);
2278 child.out = -1;
2279 child.err = err_fd;
2280 child.git_cmd = 1;
2281 status = start_command(&child);
2282 if (status)
2283 return "index-pack fork failed";
2284 pack_lockfile = index_pack_lockfile(child.out, NULL);
2285 close(child.out);
2286 status = finish_command(&child);
2287 if (status)
2288 return "index-pack abnormal exit";
2289 reprepare_packed_git(the_repository);
2290 }
2291 return NULL;
2292 }
2293
2294 static const char *unpack_with_sideband(struct shallow_info *si)
2295 {
2296 struct async muxer;
2297 const char *ret;
2298
2299 if (!use_sideband)
2300 return unpack(0, si);
2301
2302 use_keepalive = KEEPALIVE_AFTER_NUL;
2303 memset(&muxer, 0, sizeof(muxer));
2304 muxer.proc = copy_to_sideband;
2305 muxer.in = -1;
2306 if (start_async(&muxer))
2307 return NULL;
2308
2309 ret = unpack(muxer.in, si);
2310
2311 finish_async(&muxer);
2312 return ret;
2313 }
2314
2315 static void prepare_shallow_update(struct shallow_info *si)
2316 {
2317 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
2318
2319 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
2320 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
2321
2322 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr);
2323 CALLOC_ARRAY(si->reachable, si->shallow->nr);
2324 CALLOC_ARRAY(si->shallow_ref, si->ref->nr);
2325
2326 for (i = 0; i < si->nr_ours; i++)
2327 si->need_reachability_test[si->ours[i]] = 1;
2328
2329 for (i = 0; i < si->shallow->nr; i++) {
2330 if (!si->used_shallow[i])
2331 continue;
2332 for (j = 0; j < bitmap_size; j++) {
2333 if (!si->used_shallow[i][j])
2334 continue;
2335 si->need_reachability_test[i]++;
2336 for (k = 0; k < 32; k++)
2337 if (si->used_shallow[i][j] & (1U << k))
2338 si->shallow_ref[j * 32 + k]++;
2339 }
2340
2341 /*
2342 * true for those associated with some refs and belong
2343 * in "ours" list aka "step 7 not done yet"
2344 */
2345 si->need_reachability_test[i] =
2346 si->need_reachability_test[i] > 1;
2347 }
2348
2349 /*
2350 * keep hooks happy by forcing a temporary shallow file via
2351 * env variable because we can't add --shallow-file to every
2352 * command. check_connected() will be done with
2353 * true .git/shallow though.
2354 */
2355 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
2356 }
2357
2358 static void update_shallow_info(struct command *commands,
2359 struct shallow_info *si,
2360 struct oid_array *ref)
2361 {
2362 struct command *cmd;
2363 int *ref_status;
2364 remove_nonexistent_theirs_shallow(si);
2365 if (!si->nr_ours && !si->nr_theirs) {
2366 shallow_update = 0;
2367 return;
2368 }
2369
2370 for (cmd = commands; cmd; cmd = cmd->next) {
2371 if (is_null_oid(&cmd->new_oid))
2372 continue;
2373 oid_array_append(ref, &cmd->new_oid);
2374 cmd->index = ref->nr - 1;
2375 }
2376 si->ref = ref;
2377
2378 if (shallow_update) {
2379 prepare_shallow_update(si);
2380 return;
2381 }
2382
2383 ALLOC_ARRAY(ref_status, ref->nr);
2384 assign_shallow_commits_to_refs(si, NULL, ref_status);
2385 for (cmd = commands; cmd; cmd = cmd->next) {
2386 if (is_null_oid(&cmd->new_oid))
2387 continue;
2388 if (ref_status[cmd->index]) {
2389 cmd->error_string = "shallow update not allowed";
2390 cmd->skip_update = 1;
2391 }
2392 }
2393 free(ref_status);
2394 }
2395
2396 static void report(struct command *commands, const char *unpack_status)
2397 {
2398 struct command *cmd;
2399 struct strbuf buf = STRBUF_INIT;
2400
2401 packet_buf_write(&buf, "unpack %s\n",
2402 unpack_status ? unpack_status : "ok");
2403 for (cmd = commands; cmd; cmd = cmd->next) {
2404 if (!cmd->error_string)
2405 packet_buf_write(&buf, "ok %s\n",
2406 cmd->ref_name);
2407 else
2408 packet_buf_write(&buf, "ng %s %s\n",
2409 cmd->ref_name, cmd->error_string);
2410 }
2411 packet_buf_flush(&buf);
2412
2413 if (use_sideband)
2414 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2415 else
2416 write_or_die(1, buf.buf, buf.len);
2417 strbuf_release(&buf);
2418 }
2419
2420 static void report_v2(struct command *commands, const char *unpack_status)
2421 {
2422 struct command *cmd;
2423 struct strbuf buf = STRBUF_INIT;
2424 struct ref_push_report *report;
2425
2426 packet_buf_write(&buf, "unpack %s\n",
2427 unpack_status ? unpack_status : "ok");
2428 for (cmd = commands; cmd; cmd = cmd->next) {
2429 int count = 0;
2430
2431 if (cmd->error_string) {
2432 packet_buf_write(&buf, "ng %s %s\n",
2433 cmd->ref_name,
2434 cmd->error_string);
2435 continue;
2436 }
2437 packet_buf_write(&buf, "ok %s\n",
2438 cmd->ref_name);
2439 for (report = cmd->report; report; report = report->next) {
2440 if (count++ > 0)
2441 packet_buf_write(&buf, "ok %s\n",
2442 cmd->ref_name);
2443 if (report->ref_name)
2444 packet_buf_write(&buf, "option refname %s\n",
2445 report->ref_name);
2446 if (report->old_oid)
2447 packet_buf_write(&buf, "option old-oid %s\n",
2448 oid_to_hex(report->old_oid));
2449 if (report->new_oid)
2450 packet_buf_write(&buf, "option new-oid %s\n",
2451 oid_to_hex(report->new_oid));
2452 if (report->forced_update)
2453 packet_buf_write(&buf, "option forced-update\n");
2454 }
2455 }
2456 packet_buf_flush(&buf);
2457
2458 if (use_sideband)
2459 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
2460 else
2461 write_or_die(1, buf.buf, buf.len);
2462 strbuf_release(&buf);
2463 }
2464
2465 static int delete_only(struct command *commands)
2466 {
2467 struct command *cmd;
2468 for (cmd = commands; cmd; cmd = cmd->next) {
2469 if (!is_null_oid(&cmd->new_oid))
2470 return 0;
2471 }
2472 return 1;
2473 }
2474
2475 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
2476 {
2477 int advertise_refs = 0;
2478 struct command *commands;
2479 struct oid_array shallow = OID_ARRAY_INIT;
2480 struct oid_array ref = OID_ARRAY_INIT;
2481 struct shallow_info si;
2482 struct packet_reader reader;
2483
2484 struct option options[] = {
2485 OPT__QUIET(&quiet, N_("quiet")),
2486 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
2487 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL),
2488 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"),
2489 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
2490 OPT_END()
2491 };
2492
2493 packet_trace_identity("receive-pack");
2494
2495 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
2496
2497 if (argc > 1)
2498 usage_msg_opt(_("too many arguments"), receive_pack_usage, options);
2499 if (argc == 0)
2500 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options);
2501
2502 service_dir = argv[0];
2503
2504 setup_path();
2505
2506 if (!enter_repo(service_dir, 0))
2507 die("'%s' does not appear to be a git repository", service_dir);
2508
2509 git_config(receive_pack_config, NULL);
2510 if (cert_nonce_seed)
2511 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
2512
2513 if (0 <= transfer_unpack_limit)
2514 unpack_limit = transfer_unpack_limit;
2515 else if (0 <= receive_unpack_limit)
2516 unpack_limit = receive_unpack_limit;
2517
2518 switch (determine_protocol_version_server()) {
2519 case protocol_v2:
2520 /*
2521 * push support for protocol v2 has not been implemented yet,
2522 * so ignore the request to use v2 and fallback to using v0.
2523 */
2524 break;
2525 case protocol_v1:
2526 /*
2527 * v1 is just the original protocol with a version string,
2528 * so just fall through after writing the version string.
2529 */
2530 if (advertise_refs || !stateless_rpc)
2531 packet_write_fmt(1, "version 1\n");
2532
2533 /* fallthrough */
2534 case protocol_v0:
2535 break;
2536 case protocol_unknown_version:
2537 BUG("unknown protocol version");
2538 }
2539
2540 if (advertise_refs || !stateless_rpc) {
2541 write_head_info();
2542 }
2543 if (advertise_refs)
2544 return 0;
2545
2546 packet_reader_init(&reader, 0, NULL, 0,
2547 PACKET_READ_CHOMP_NEWLINE |
2548 PACKET_READ_DIE_ON_ERR_PACKET);
2549
2550 if ((commands = read_head_info(&reader, &shallow))) {
2551 const char *unpack_status = NULL;
2552 struct string_list push_options = STRING_LIST_INIT_DUP;
2553
2554 if (use_push_options)
2555 read_push_options(&reader, &push_options);
2556 if (!check_cert_push_options(&push_options)) {
2557 struct command *cmd;
2558 for (cmd = commands; cmd; cmd = cmd->next)
2559 cmd->error_string = "inconsistent push options";
2560 }
2561
2562 prepare_shallow_info(&si, &shallow);
2563 if (!si.nr_ours && !si.nr_theirs)
2564 shallow_update = 0;
2565 if (!delete_only(commands)) {
2566 unpack_status = unpack_with_sideband(&si);
2567 update_shallow_info(commands, &si, &ref);
2568 }
2569 use_keepalive = KEEPALIVE_ALWAYS;
2570 execute_commands(commands, unpack_status, &si,
2571 &push_options);
2572 if (pack_lockfile)
2573 unlink_or_warn(pack_lockfile);
2574 sigchain_push(SIGPIPE, SIG_IGN);
2575 if (report_status_v2)
2576 report_v2(commands, unpack_status);
2577 else if (report_status)
2578 report(commands, unpack_status);
2579 sigchain_pop(SIGPIPE);
2580 run_receive_hook(commands, "post-receive", 1,
2581 &push_options);
2582 run_update_post_hook(commands);
2583 free_commands(commands);
2584 string_list_clear(&push_options, 0);
2585 if (auto_gc) {
2586 struct child_process proc = CHILD_PROCESS_INIT;
2587
2588 proc.no_stdin = 1;
2589 proc.stdout_to_stderr = 1;
2590 proc.err = use_sideband ? -1 : 0;
2591 proc.git_cmd = proc.close_object_store = 1;
2592 strvec_pushl(&proc.args, "gc", "--auto", "--quiet",
2593 NULL);
2594
2595 if (!start_command(&proc)) {
2596 if (use_sideband)
2597 copy_to_sideband(proc.err, -1, NULL);
2598 finish_command(&proc);
2599 }
2600 }
2601 if (auto_update_server_info)
2602 update_server_info(0);
2603 clear_shallow_info(&si);
2604 }
2605 if (use_sideband)
2606 packet_flush(1);
2607 oid_array_clear(&shallow);
2608 oid_array_clear(&ref);
2609 string_list_clear(&hidden_refs, 0);
2610 free((void *)push_cert_nonce);
2611 return 0;
2612 }
Unnamed repository; edit this file 'description' to name the repository.