1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec_cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "protocol.h"
29static const char * const receive_pack_usage[] = {
31 N_("git receive-pack <git-dir>"),
32 NULL
33};
34enum deny_action {
36 DENY_UNCONFIGURED,
37 DENY_IGNORE,
38 DENY_WARN,
39 DENY_REFUSE,
40 DENY_UPDATE_INSTEAD
41};
42static int deny_deletes;
44static int deny_non_fast_forwards;
45static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
46static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
47static int receive_fsck_objects = -1;
48static int transfer_fsck_objects = -1;
49static struct strbuf fsck_msg_types = STRBUF_INIT;
50static int receive_unpack_limit = -1;
51static int transfer_unpack_limit = -1;
52static int advertise_atomic_push = 1;
53static int advertise_push_options;
54static int unpack_limit = 100;
55static off_t max_input_size;
56static int report_status;
57static int use_sideband;
58static int use_atomic;
59static int use_push_options;
60static int quiet;
61static int prefer_ofs_delta = 1;
62static int auto_update_server_info;
63static int auto_gc = 1;
64static int reject_thin;
65static int stateless_rpc;
66static const char *service_dir;
67static const char *head_name;
68static void *head_name_to_free;
69static int sent_capabilities;
70static int shallow_update;
71static const char *alt_shallow_file;
72static struct strbuf push_cert = STRBUF_INIT;
73static unsigned char push_cert_sha1[20];
74static struct signature_check sigcheck;
75static const char *push_cert_nonce;
76static const char *cert_nonce_seed;
77static const char *NONCE_UNSOLICITED = "UNSOLICITED";
79static const char *NONCE_BAD = "BAD";
80static const char *NONCE_MISSING = "MISSING";
81static const char *NONCE_OK = "OK";
82static const char *NONCE_SLOP = "SLOP";
83static const char *nonce_status;
84static long nonce_stamp_slop;
85static timestamp_t nonce_stamp_slop_limit;
86static struct ref_transaction *transaction;
87static enum {
89 KEEPALIVE_NEVER = 0,
90 KEEPALIVE_AFTER_NUL,
91 KEEPALIVE_ALWAYS
92} use_keepalive;
93static int keepalive_in_sec = 5;
94static struct tmp_objdir *tmp_objdir;
96static enum deny_action parse_deny_action(const char *var, const char *value)
98{
99 if (value) {
100 if (!strcasecmp(value, "ignore"))
101 return DENY_IGNORE;
102 if (!strcasecmp(value, "warn"))
103 return DENY_WARN;
104 if (!strcasecmp(value, "refuse"))
105 return DENY_REFUSE;
106 if (!strcasecmp(value, "updateinstead"))
107 return DENY_UPDATE_INSTEAD;
108 }
109 if (git_config_bool(var, value))
110 return DENY_REFUSE;
111 return DENY_IGNORE;
112}
113static int receive_pack_config(const char *var, const char *value, void *cb)
115{
116 int status = parse_hide_refs_config(var, value, "receive");
117 if (status)
119 return status;
120 if (strcmp(var, "receive.denydeletes") == 0) {
122 deny_deletes = git_config_bool(var, value);
123 return 0;
124 }
125 if (strcmp(var, "receive.denynonfastforwards") == 0) {
127 deny_non_fast_forwards = git_config_bool(var, value);
128 return 0;
129 }
130 if (strcmp(var, "receive.unpacklimit") == 0) {
132 receive_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135 if (strcmp(var, "transfer.unpacklimit") == 0) {
137 transfer_unpack_limit = git_config_int(var, value);
138 return 0;
139 }
140 if (strcmp(var, "receive.fsck.skiplist") == 0) {
142 const char *path;
143 if (git_config_pathname(&path, var, value))
145 return 1;
146 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
147 fsck_msg_types.len ? ',' : '=', path);
148 free((char *)path);
149 return 0;
150 }
151 if (skip_prefix(var, "receive.fsck.", &var)) {
153 if (is_valid_msg_type(var, value))
154 strbuf_addf(&fsck_msg_types, "%c%s=%s",
155 fsck_msg_types.len ? ',' : '=', var, value);
156 else
157 warning("Skipping unknown msg id '%s'", var);
158 return 0;
159 }
160 if (strcmp(var, "receive.fsckobjects") == 0) {
162 receive_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165 if (strcmp(var, "transfer.fsckobjects") == 0) {
167 transfer_fsck_objects = git_config_bool(var, value);
168 return 0;
169 }
170 if (!strcmp(var, "receive.denycurrentbranch")) {
172 deny_current_branch = parse_deny_action(var, value);
173 return 0;
174 }
175 if (strcmp(var, "receive.denydeletecurrent") == 0) {
177 deny_delete_current = parse_deny_action(var, value);
178 return 0;
179 }
180 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
182 prefer_ofs_delta = git_config_bool(var, value);
183 return 0;
184 }
185 if (strcmp(var, "receive.updateserverinfo") == 0) {
187 auto_update_server_info = git_config_bool(var, value);
188 return 0;
189 }
190 if (strcmp(var, "receive.autogc") == 0) {
192 auto_gc = git_config_bool(var, value);
193 return 0;
194 }
195 if (strcmp(var, "receive.shallowupdate") == 0) {
197 shallow_update = git_config_bool(var, value);
198 return 0;
199 }
200 if (strcmp(var, "receive.certnonceseed") == 0)
202 return git_config_string(&cert_nonce_seed, var, value);
203 if (strcmp(var, "receive.certnonceslop") == 0) {
205 nonce_stamp_slop_limit = git_config_ulong(var, value);
206 return 0;
207 }
208 if (strcmp(var, "receive.advertiseatomic") == 0) {
210 advertise_atomic_push = git_config_bool(var, value);
211 return 0;
212 }
213 if (strcmp(var, "receive.advertisepushoptions") == 0) {
215 advertise_push_options = git_config_bool(var, value);
216 return 0;
217 }
218 if (strcmp(var, "receive.keepalive") == 0) {
220 keepalive_in_sec = git_config_int(var, value);
221 return 0;
222 }
223 if (strcmp(var, "receive.maxinputsize") == 0) {
225 max_input_size = git_config_int64(var, value);
226 return 0;
227 }
228 return git_default_config(var, value, cb);
230}
231static void show_ref(const char *path, const struct object_id *oid)
233{
234 if (sent_capabilities) {
235 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
236 } else {
237 struct strbuf cap = STRBUF_INIT;
238 strbuf_addstr(&cap,
240 "report-status delete-refs side-band-64k quiet");
241 if (advertise_atomic_push)
242 strbuf_addstr(&cap, " atomic");
243 if (prefer_ofs_delta)
244 strbuf_addstr(&cap, " ofs-delta");
245 if (push_cert_nonce)
246 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
247 if (advertise_push_options)
248 strbuf_addstr(&cap, " push-options");
249 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
250 packet_write_fmt(1, "%s %s%c%s\n",
251 oid_to_hex(oid), path, 0, cap.buf);
252 strbuf_release(&cap);
253 sent_capabilities = 1;
254 }
255}
256static int show_ref_cb(const char *path_full, const struct object_id *oid,
258 int flag, void *data)
259{
260 struct oidset *seen = data;
261 const char *path = strip_namespace(path_full);
262 if (ref_is_hidden(path, path_full))
264 return 0;
265 /*
267 * Advertise refs outside our current namespace as ".have"
268 * refs, so that the client can use them to minimize data
269 * transfer but will otherwise ignore them.
270 */
271 if (!path) {
272 if (oidset_insert(seen, oid))
273 return 0;
274 path = ".have";
275 } else {
276 oidset_insert(seen, oid);
277 }
278 show_ref(path, oid);
279 return 0;
280}
281static void show_one_alternate_ref(const char *refname,
283 const struct object_id *oid,
284 void *data)
285{
286 struct oidset *seen = data;
287 if (oidset_insert(seen, oid))
289 return;
290 show_ref(".have", oid);
292}
293static void write_head_info(void)
295{
296 static struct oidset seen = OIDSET_INIT;
297 for_each_ref(show_ref_cb, &seen);
299 for_each_alternate_ref(show_one_alternate_ref, &seen);
300 oidset_clear(&seen);
301 if (!sent_capabilities)
302 show_ref("capabilities^{}", &null_oid);
303 advertise_shallow_grafts(1);
305 /* EOF */
307 packet_flush(1);
308}
309struct command {
311 struct command *next;
312 const char *error_string;
313 unsigned int skip_update:1,
314 did_not_exist:1;
315 int index;
316 struct object_id old_oid;
317 struct object_id new_oid;
318 char ref_name[FLEX_ARRAY]; /* more */
319};
320static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
322static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
323static void report_message(const char *prefix, const char *err, va_list params)
325{
326 int sz;
327 char msg[4096];
328 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
330 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
331 if (sz > (sizeof(msg) - 1))
332 sz = sizeof(msg) - 1;
333 msg[sz++] = '\n';
334 if (use_sideband)
336 send_sideband(1, 2, msg, sz, use_sideband);
337 else
338 xwrite(2, msg, sz);
339}
340static void rp_warning(const char *err, ...)
342{
343 va_list params;
344 va_start(params, err);
345 report_message("warning: ", err, params);
346 va_end(params);
347}
348static void rp_error(const char *err, ...)
350{
351 va_list params;
352 va_start(params, err);
353 report_message("error: ", err, params);
354 va_end(params);
355}
356static int copy_to_sideband(int in, int out, void *arg)
358{
359 char data[128];
360 int keepalive_active = 0;
361 if (keepalive_in_sec <= 0)
363 use_keepalive = KEEPALIVE_NEVER;
364 if (use_keepalive == KEEPALIVE_ALWAYS)
365 keepalive_active = 1;
366 while (1) {
368 ssize_t sz;
369 if (keepalive_active) {
371 struct pollfd pfd;
372 int ret;
373 pfd.fd = in;
375 pfd.events = POLLIN;
376 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
377 if (ret < 0) {
379 if (errno == EINTR)
380 continue;
381 else
382 break;
383 } else if (ret == 0) {
384 /* no data; send a keepalive packet */
385 static const char buf[] = "0005\1";
386 write_or_die(1, buf, sizeof(buf) - 1);
387 continue;
388 } /* else there is actual data to read */
389 }
390 sz = xread(in, data, sizeof(data));
392 if (sz <= 0)
393 break;
394 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
396 const char *p = memchr(data, '\0', sz);
397 if (p) {
398 /*
399 * The NUL tells us to start sending keepalives. Make
400 * sure we send any other data we read along
401 * with it.
402 */
403 keepalive_active = 1;
404 send_sideband(1, 2, data, p - data, use_sideband);
405 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
406 continue;
407 }
408 }
409 /*
411 * Either we're not looking for a NUL signal, or we didn't see
412 * it yet; just pass along the data.
413 */
414 send_sideband(1, 2, data, sz, use_sideband);
415 }
416 close(in);
417 return 0;
418}
419#define HMAC_BLOCK_SIZE 64
421static void hmac_sha1(unsigned char *out,
423 const char *key_in, size_t key_len,
424 const char *text, size_t text_len)
425{
426 unsigned char key[HMAC_BLOCK_SIZE];
427 unsigned char k_ipad[HMAC_BLOCK_SIZE];
428 unsigned char k_opad[HMAC_BLOCK_SIZE];
429 int i;
430 git_SHA_CTX ctx;
431 /* RFC 2104 2. (1) */
433 memset(key, '\0', HMAC_BLOCK_SIZE);
434 if (HMAC_BLOCK_SIZE < key_len) {
435 git_SHA1_Init(&ctx);
436 git_SHA1_Update(&ctx, key_in, key_len);
437 git_SHA1_Final(key, &ctx);
438 } else {
439 memcpy(key, key_in, key_len);
440 }
441 /* RFC 2104 2. (2) & (5) */
443 for (i = 0; i < sizeof(key); i++) {
444 k_ipad[i] = key[i] ^ 0x36;
445 k_opad[i] = key[i] ^ 0x5c;
446 }
447 /* RFC 2104 2. (3) & (4) */
449 git_SHA1_Init(&ctx);
450 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
451 git_SHA1_Update(&ctx, text, text_len);
452 git_SHA1_Final(out, &ctx);
453 /* RFC 2104 2. (6) & (7) */
455 git_SHA1_Init(&ctx);
456 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
457 git_SHA1_Update(&ctx, out, 20);
458 git_SHA1_Final(out, &ctx);
459}
460static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462{
463 struct strbuf buf = STRBUF_INIT;
464 unsigned char sha1[20];
465 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
468 strbuf_release(&buf);
469 /* RFC 2104 5. HMAC-SHA1-80 */
471 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
472 return strbuf_detach(&buf, NULL);
473}
474/*
476 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
477 * after dropping "_commit" from its name and possibly moving it out
478 * of commit.c
479 */
480static char *find_header(const char *msg, size_t len, const char *key,
481 const char **next_line)
482{
483 int key_len = strlen(key);
484 const char *line = msg;
485 while (line && line < msg + len) {
487 const char *eol = strchrnul(line, '\n');
488 if ((msg + len <= eol) || line == eol)
490 return NULL;
491 if (line + key_len < eol &&
492 !memcmp(line, key, key_len) && line[key_len] == ' ') {
493 int offset = key_len + 1;
494 if (next_line)
495 *next_line = *eol ? eol + 1 : eol;
496 return xmemdupz(line + offset, (eol - line) - offset);
497 }
498 line = *eol ? eol + 1 : NULL;
499 }
500 return NULL;
501}
502static const char *check_nonce(const char *buf, size_t len)
504{
505 char *nonce = find_header(buf, len, "nonce", NULL);
506 timestamp_t stamp, ostamp;
507 char *bohmac, *expect = NULL;
508 const char *retval = NONCE_BAD;
509 if (!nonce) {
511 retval = NONCE_MISSING;
512 goto leave;
513 } else if (!push_cert_nonce) {
514 retval = NONCE_UNSOLICITED;
515 goto leave;
516 } else if (!strcmp(push_cert_nonce, nonce)) {
517 retval = NONCE_OK;
518 goto leave;
519 }
520 if (!stateless_rpc) {
522 /* returned nonce MUST match what we gave out earlier */
523 retval = NONCE_BAD;
524 goto leave;
525 }
526 /*
528 * In stateless mode, we may be receiving a nonce issued by
529 * another instance of the server that serving the same
530 * repository, and the timestamps may not match, but the
531 * nonce-seed and dir should match, so we can recompute and
532 * report the time slop.
533 *
534 * In addition, when a nonce issued by another instance has
535 * timestamp within receive.certnonceslop seconds, we pretend
536 * as if we issued that nonce when reporting to the hook.
537 */
538 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
540 if (*nonce <= '0' || '9' < *nonce) {
541 retval = NONCE_BAD;
542 goto leave;
543 }
544 stamp = parse_timestamp(nonce, &bohmac, 10);
545 if (bohmac == nonce || bohmac[0] != '-') {
546 retval = NONCE_BAD;
547 goto leave;
548 }
549 expect = prepare_push_cert_nonce(service_dir, stamp);
551 if (strcmp(expect, nonce)) {
552 /* Not what we would have signed earlier */
553 retval = NONCE_BAD;
554 goto leave;
555 }
556 /*
558 * By how many seconds is this nonce stale? Negative value
559 * would mean it was issued by another server with its clock
560 * skewed in the future.
561 */
562 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
563 nonce_stamp_slop = (long)ostamp - (long)stamp;
564 if (nonce_stamp_slop_limit &&
566 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
567 /*
568 * Pretend as if the received nonce (which passes the
569 * HMAC check, so it is not a forged by third-party)
570 * is what we issued.
571 */
572 free((void *)push_cert_nonce);
573 push_cert_nonce = xstrdup(nonce);
574 retval = NONCE_OK;
575 } else {
576 retval = NONCE_SLOP;
577 }
578leave:
580 free(nonce);
581 free(expect);
582 return retval;
583}
584/*
586 * Return 1 if there is no push_cert or if the push options in push_cert are
587 * the same as those in the argument; 0 otherwise.
588 */
589static int check_cert_push_options(const struct string_list *push_options)
590{
591 const char *buf = push_cert.buf;
592 int len = push_cert.len;
593 char *option;
595 const char *next_line;
596 int options_seen = 0;
597 int retval = 1;
599 if (!len)
601 return 1;
602 while ((option = find_header(buf, len, "push-option", &next_line))) {
604 len -= (next_line - buf);
605 buf = next_line;
606 options_seen++;
607 if (options_seen > push_options->nr
608 || strcmp(option,
609 push_options->items[options_seen - 1].string)) {
610 retval = 0;
611 goto leave;
612 }
613 free(option);
614 }
615 if (options_seen != push_options->nr)
617 retval = 0;
618leave:
620 free(option);
621 return retval;
622}
623static void prepare_push_cert_sha1(struct child_process *proc)
625{
626 static int already_done;
627 if (!push_cert.len)
629 return;
630 if (!already_done) {
632 struct strbuf gpg_output = STRBUF_INIT;
633 struct strbuf gpg_status = STRBUF_INIT;
634 int bogs /* beginning_of_gpg_sig */;
635 already_done = 1;
637 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
638 hashclr(push_cert_sha1);
639 memset(&sigcheck, '\0', sizeof(sigcheck));
641 sigcheck.result = 'N';
642 bogs = parse_signature(push_cert.buf, push_cert.len);
644 if (verify_signed_buffer(push_cert.buf, bogs,
645 push_cert.buf + bogs, push_cert.len - bogs,
646 &gpg_output, &gpg_status) < 0) {
647 ; /* error running gpg */
648 } else {
649 sigcheck.payload = push_cert.buf;
650 sigcheck.gpg_output = gpg_output.buf;
651 sigcheck.gpg_status = gpg_status.buf;
652 parse_gpg_output(&sigcheck);
653 }
654 strbuf_release(&gpg_output);
656 strbuf_release(&gpg_status);
657 nonce_status = check_nonce(push_cert.buf, bogs);
658 }
659 if (!is_null_sha1(push_cert_sha1)) {
660 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
661 sha1_to_hex(push_cert_sha1));
662 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
663 sigcheck.signer ? sigcheck.signer : "");
664 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
665 sigcheck.key ? sigcheck.key : "");
666 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
667 sigcheck.result);
668 if (push_cert_nonce) {
669 argv_array_pushf(&proc->env_array,
670 "GIT_PUSH_CERT_NONCE=%s",
671 push_cert_nonce);
672 argv_array_pushf(&proc->env_array,
673 "GIT_PUSH_CERT_NONCE_STATUS=%s",
674 nonce_status);
675 if (nonce_status == NONCE_SLOP)
676 argv_array_pushf(&proc->env_array,
677 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
678 nonce_stamp_slop);
679 }
680 }
681}
682struct receive_hook_feed_state {
684 struct command *cmd;
685 int skip_broken;
686 struct strbuf buf;
687 const struct string_list *push_options;
688};
689typedef int (*feed_fn)(void *, const char **, size_t *);
691static int run_and_feed_hook(const char *hook_name, feed_fn feed,
692 struct receive_hook_feed_state *feed_state)
693{
694 struct child_process proc = CHILD_PROCESS_INIT;
695 struct async muxer;
696 const char *argv[2];
697 int code;
698 argv[0] = find_hook(hook_name);
700 if (!argv[0])
701 return 0;
702 argv[1] = NULL;
704 proc.argv = argv;
706 proc.in = -1;
707 proc.stdout_to_stderr = 1;
708 if (feed_state->push_options) {
709 int i;
710 for (i = 0; i < feed_state->push_options->nr; i++)
711 argv_array_pushf(&proc.env_array,
712 "GIT_PUSH_OPTION_%d=%s", i,
713 feed_state->push_options->items[i].string);
714 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
715 feed_state->push_options->nr);
716 } else
717 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
718 if (tmp_objdir)
720 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
721 if (use_sideband) {
723 memset(&muxer, 0, sizeof(muxer));
724 muxer.proc = copy_to_sideband;
725 muxer.in = -1;
726 code = start_async(&muxer);
727 if (code)
728 return code;
729 proc.err = muxer.in;
730 }
731 prepare_push_cert_sha1(&proc);
733 code = start_command(&proc);
735 if (code) {
736 if (use_sideband)
737 finish_async(&muxer);
738 return code;
739 }
740 sigchain_push(SIGPIPE, SIG_IGN);
742 while (1) {
744 const char *buf;
745 size_t n;
746 if (feed(feed_state, &buf, &n))
747 break;
748 if (write_in_full(proc.in, buf, n) < 0)
749 break;
750 }
751 close(proc.in);
752 if (use_sideband)
753 finish_async(&muxer);
754 sigchain_pop(SIGPIPE);
756 return finish_command(&proc);
758}
759static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
761{
762 struct receive_hook_feed_state *state = state_;
763 struct command *cmd = state->cmd;
764 while (cmd &&
766 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
767 cmd = cmd->next;
768 if (!cmd)
769 return -1; /* EOF */
770 strbuf_reset(&state->buf);
771 strbuf_addf(&state->buf, "%s %s %s\n",
772 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
773 cmd->ref_name);
774 state->cmd = cmd->next;
775 if (bufp) {
776 *bufp = state->buf.buf;
777 *sizep = state->buf.len;
778 }
779 return 0;
780}
781static int run_receive_hook(struct command *commands,
783 const char *hook_name,
784 int skip_broken,
785 const struct string_list *push_options)
786{
787 struct receive_hook_feed_state state;
788 int status;
789 strbuf_init(&state.buf, 0);
791 state.cmd = commands;
792 state.skip_broken = skip_broken;
793 if (feed_receive_hook(&state, NULL, NULL))
794 return 0;
795 state.cmd = commands;
796 state.push_options = push_options;
797 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
798 strbuf_release(&state.buf);
799 return status;
800}
801static int run_update_hook(struct command *cmd)
803{
804 const char *argv[5];
805 struct child_process proc = CHILD_PROCESS_INIT;
806 int code;
807 argv[0] = find_hook("update");
809 if (!argv[0])
810 return 0;
811 argv[1] = cmd->ref_name;
813 argv[2] = oid_to_hex(&cmd->old_oid);
814 argv[3] = oid_to_hex(&cmd->new_oid);
815 argv[4] = NULL;
816 proc.no_stdin = 1;
818 proc.stdout_to_stderr = 1;
819 proc.err = use_sideband ? -1 : 0;
820 proc.argv = argv;
821 code = start_command(&proc);
823 if (code)
824 return code;
825 if (use_sideband)
826 copy_to_sideband(proc.err, -1, NULL);
827 return finish_command(&proc);
828}
829static int is_ref_checked_out(const char *ref)
831{
832 if (is_bare_repository())
833 return 0;
834 if (!head_name)
836 return 0;
837 return !strcmp(head_name, ref);
838}
839static char *refuse_unconfigured_deny_msg =
841 N_("By default, updating the current branch in a non-bare repository\n"
842 "is denied, because it will make the index and work tree inconsistent\n"
843 "with what you pushed, and will require 'git reset --hard' to match\n"
844 "the work tree to HEAD.\n"
845 "\n"
846 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
847 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
848 "its current branch; however, this is not recommended unless you\n"
849 "arranged to update its work tree to match what you pushed in some\n"
850 "other way.\n"
851 "\n"
852 "To squelch this message and still keep the default behaviour, set\n"
853 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
854static void refuse_unconfigured_deny(void)
856{
857 rp_error("%s", _(refuse_unconfigured_deny_msg));
858}
859static char *refuse_unconfigured_deny_delete_current_msg =
861 N_("By default, deleting the current branch is denied, because the next\n"
862 "'git clone' won't result in any file checked out, causing confusion.\n"
863 "\n"
864 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
865 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
866 "current branch, with or without a warning message.\n"
867 "\n"
868 "To squelch this message, you can set it to 'refuse'.");
869static void refuse_unconfigured_deny_delete_current(void)
871{
872 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
873}
874static int command_singleton_iterator(void *cb_data, struct object_id *oid);
876static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
877{
878 static struct lock_file shallow_lock;
879 struct oid_array extra = OID_ARRAY_INIT;
880 struct check_connected_options opt = CHECK_CONNECTED_INIT;
881 uint32_t mask = 1 << (cmd->index % 32);
882 int i;
883 trace_printf_key(&trace_shallow,
885 "shallow: update_shallow_ref %s\n", cmd->ref_name);
886 for (i = 0; i < si->shallow->nr; i++)
887 if (si->used_shallow[i] &&
888 (si->used_shallow[i][cmd->index / 32] & mask) &&
889 !delayed_reachability_test(si, i))
890 oid_array_append(&extra, &si->shallow->oid[i]);
891 opt.env = tmp_objdir_env(tmp_objdir);
893 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
894 if (check_connected(command_singleton_iterator, cmd, &opt)) {
895 rollback_lock_file(&shallow_lock);
896 oid_array_clear(&extra);
897 return -1;
898 }
899 commit_lock_file(&shallow_lock);
901 /*
903 * Make sure setup_alternate_shallow() for the next ref does
904 * not lose these new roots..
905 */
906 for (i = 0; i < extra.nr; i++)
907 register_shallow(&extra.oid[i]);
908 si->shallow_ref[cmd->index] = 0;
910 oid_array_clear(&extra);
911 return 0;
912}
913/*
915 * NEEDSWORK: we should consolidate various implementions of "are we
916 * on an unborn branch?" test into one, and make the unified one more
917 * robust. !get_sha1() based check used here and elsewhere would not
918 * allow us to tell an unborn branch from corrupt ref, for example.
919 * For the purpose of fixing "deploy-to-update does not work when
920 * pushing into an empty repository" issue, this should suffice for
921 * now.
922 */
923static int head_has_history(void)
924{
925 struct object_id oid;
926 return !get_oid("HEAD", &oid);
928}
929static const char *push_to_deploy(unsigned char *sha1,
931 struct argv_array *env,
932 const char *work_tree)
933{
934 const char *update_refresh[] = {
935 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
936 };
937 const char *diff_files[] = {
938 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
939 };
940 const char *diff_index[] = {
941 "diff-index", "--quiet", "--cached", "--ignore-submodules",
942 NULL, "--", NULL
943 };
944 const char *read_tree[] = {
945 "read-tree", "-u", "-m", NULL, NULL
946 };
947 struct child_process child = CHILD_PROCESS_INIT;
948 child.argv = update_refresh;
950 child.env = env->argv;
951 child.dir = work_tree;
952 child.no_stdin = 1;
953 child.stdout_to_stderr = 1;
954 child.git_cmd = 1;
955 if (run_command(&child))
956 return "Up-to-date check failed";
957 /* run_command() does not clean up completely; reinitialize */
959 child_process_init(&child);
960 child.argv = diff_files;
961 child.env = env->argv;
962 child.dir = work_tree;
963 child.no_stdin = 1;
964 child.stdout_to_stderr = 1;
965 child.git_cmd = 1;
966 if (run_command(&child))
967 return "Working directory has unstaged changes";
968 /* diff-index with either HEAD or an empty tree */
970 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
971 child_process_init(&child);
973 child.argv = diff_index;
974 child.env = env->argv;
975 child.no_stdin = 1;
976 child.no_stdout = 1;
977 child.stdout_to_stderr = 0;
978 child.git_cmd = 1;
979 if (run_command(&child))
980 return "Working directory has staged changes";
981 read_tree[3] = sha1_to_hex(sha1);
983 child_process_init(&child);
984 child.argv = read_tree;
985 child.env = env->argv;
986 child.dir = work_tree;
987 child.no_stdin = 1;
988 child.no_stdout = 1;
989 child.stdout_to_stderr = 0;
990 child.git_cmd = 1;
991 if (run_command(&child))
992 return "Could not update working tree to new HEAD";
993 return NULL;
995}
996static const char *push_to_checkout_hook = "push-to-checkout";
998static const char *push_to_checkout(unsigned char *sha1,
1000 struct argv_array *env,
1001 const char *work_tree)
1002{
1003 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1004 if (run_hook_le(env->argv, push_to_checkout_hook,
1005 sha1_to_hex(sha1), NULL))
1006 return "push-to-checkout hook declined";
1007 else
1008 return NULL;
1009}
1010static const char *update_worktree(unsigned char *sha1)
1012{
1013 const char *retval;
1014 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1015 struct argv_array env = ARGV_ARRAY_INIT;
1016 if (is_bare_repository())
1018 return "denyCurrentBranch = updateInstead needs a worktree";
1019 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1021 if (!find_hook(push_to_checkout_hook))
1023 retval = push_to_deploy(sha1, &env, work_tree);
1024 else
1025 retval = push_to_checkout(sha1, &env, work_tree);
1026 argv_array_clear(&env);
1028 return retval;
1029}
1030static const char *update(struct command *cmd, struct shallow_info *si)
1032{
1033 const char *name = cmd->ref_name;
1034 struct strbuf namespaced_name_buf = STRBUF_INIT;
1035 static char *namespaced_name;
1036 const char *ret;
1037 struct object_id *old_oid = &cmd->old_oid;
1038 struct object_id *new_oid = &cmd->new_oid;
1039 /* only refs/... are allowed */
1041 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1042 rp_error("refusing to create funny ref '%s' remotely", name);
1043 return "funny refname";
1044 }
1045 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1047 free(namespaced_name);
1048 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1049 if (is_ref_checked_out(namespaced_name)) {
1051 switch (deny_current_branch) {
1052 case DENY_IGNORE:
1053 break;
1054 case DENY_WARN:
1055 rp_warning("updating the current branch");
1056 break;
1057 case DENY_REFUSE:
1058 case DENY_UNCONFIGURED:
1059 rp_error("refusing to update checked out branch: %s", name);
1060 if (deny_current_branch == DENY_UNCONFIGURED)
1061 refuse_unconfigured_deny();
1062 return "branch is currently checked out";
1063 case DENY_UPDATE_INSTEAD:
1064 ret = update_worktree(new_oid->hash);
1065 if (ret)
1066 return ret;
1067 break;
1068 }
1069 }
1070 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1072 error("unpack should have generated %s, "
1073 "but I can't find it!", oid_to_hex(new_oid));
1074 return "bad pack";
1075 }
1076 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1078 if (deny_deletes && starts_with(name, "refs/heads/")) {
1079 rp_error("denying ref deletion for %s", name);
1080 return "deletion prohibited";
1081 }
1082 if (head_name && !strcmp(namespaced_name, head_name)) {
1084 switch (deny_delete_current) {
1085 case DENY_IGNORE:
1086 break;
1087 case DENY_WARN:
1088 rp_warning("deleting the current branch");
1089 break;
1090 case DENY_REFUSE:
1091 case DENY_UNCONFIGURED:
1092 case DENY_UPDATE_INSTEAD:
1093 if (deny_delete_current == DENY_UNCONFIGURED)
1094 refuse_unconfigured_deny_delete_current();
1095 rp_error("refusing to delete the current branch: %s", name);
1096 return "deletion of the current branch prohibited";
1097 default:
1098 return "Invalid denyDeleteCurrent setting";
1099 }
1100 }
1101 }
1102 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1104 !is_null_oid(old_oid) &&
1105 starts_with(name, "refs/heads/")) {
1106 struct object *old_object, *new_object;
1107 struct commit *old_commit, *new_commit;
1108 old_object = parse_object(old_oid);
1110 new_object = parse_object(new_oid);
1111 if (!old_object || !new_object ||
1113 old_object->type != OBJ_COMMIT ||
1114 new_object->type != OBJ_COMMIT) {
1115 error("bad sha1 objects for %s", name);
1116 return "bad ref";
1117 }
1118 old_commit = (struct commit *)old_object;
1119 new_commit = (struct commit *)new_object;
1120 if (!in_merge_bases(old_commit, new_commit)) {
1121 rp_error("denying non-fast-forward %s"
1122 " (you should pull first)", name);
1123 return "non-fast-forward";
1124 }
1125 }
1126 if (run_update_hook(cmd)) {
1127 rp_error("hook declined to update %s", name);
1128 return "hook declined";
1129 }
1130 if (is_null_oid(new_oid)) {
1132 struct strbuf err = STRBUF_INIT;
1133 if (!parse_object(old_oid)) {
1134 old_oid = NULL;
1135 if (ref_exists(name)) {
1136 rp_warning("Allowing deletion of corrupt ref.");
1137 } else {
1138 rp_warning("Deleting a non-existent ref.");
1139 cmd->did_not_exist = 1;
1140 }
1141 }
1142 if (ref_transaction_delete(transaction,
1143 namespaced_name,
1144 old_oid,
1145 0, "push", &err)) {
1146 rp_error("%s", err.buf);
1147 strbuf_release(&err);
1148 return "failed to delete";
1149 }
1150 strbuf_release(&err);
1151 return NULL; /* good */
1152 }
1153 else {
1154 struct strbuf err = STRBUF_INIT;
1155 if (shallow_update && si->shallow_ref[cmd->index] &&
1156 update_shallow_ref(cmd, si))
1157 return "shallow error";
1158 if (ref_transaction_update(transaction,
1160 namespaced_name,
1161 new_oid, old_oid,
1162 0, "push",
1163 &err)) {
1164 rp_error("%s", err.buf);
1165 strbuf_release(&err);
1166 return "failed to update ref";
1168 }
1169 strbuf_release(&err);
1170 return NULL; /* good */
1172 }
1173}
1174static void run_update_post_hook(struct command *commands)
1176{
1177 struct command *cmd;
1178 struct child_process proc = CHILD_PROCESS_INIT;
1179 const char *hook;
1180 hook = find_hook("post-update");
1182 if (!hook)
1183 return;
1184 for (cmd = commands; cmd; cmd = cmd->next) {
1186 if (cmd->error_string || cmd->did_not_exist)
1187 continue;
1188 if (!proc.args.argc)
1189 argv_array_push(&proc.args, hook);
1190 argv_array_push(&proc.args, cmd->ref_name);
1191 }
1192 if (!proc.args.argc)
1193 return;
1194 proc.no_stdin = 1;
1196 proc.stdout_to_stderr = 1;
1197 proc.err = use_sideband ? -1 : 0;
1198 if (!start_command(&proc)) {
1200 if (use_sideband)
1201 copy_to_sideband(proc.err, -1, NULL);
1202 finish_command(&proc);
1203 }
1204}
1205static void check_aliased_update(struct command *cmd, struct string_list *list)
1207{
1208 struct strbuf buf = STRBUF_INIT;
1209 const char *dst_name;
1210 struct string_list_item *item;
1211 struct command *dst_cmd;
1212 int flag;
1213 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1215 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1216 strbuf_release(&buf);
1217 if (!(flag & REF_ISSYMREF))
1219 return;
1220 if (!dst_name) {
1222 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1223 cmd->skip_update = 1;
1224 cmd->error_string = "broken symref";
1225 return;
1226 }
1227 dst_name = strip_namespace(dst_name);
1228 if ((item = string_list_lookup(list, dst_name)) == NULL)
1230 return;
1231 cmd->skip_update = 1;
1233 dst_cmd = (struct command *) item->util;
1235 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1237 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1238 return;
1239 dst_cmd->skip_update = 1;
1241 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1243 " its target '%s' (%s..%s)",
1244 cmd->ref_name,
1245 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1246 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1247 dst_cmd->ref_name,
1248 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1249 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1250 cmd->error_string = dst_cmd->error_string =
1252 "inconsistent aliased update";
1253}
1254static void check_aliased_updates(struct command *commands)
1256{
1257 struct command *cmd;
1258 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1259 for (cmd = commands; cmd; cmd = cmd->next) {
1261 struct string_list_item *item =
1262 string_list_append(&ref_list, cmd->ref_name);
1263 item->util = (void *)cmd;
1264 }
1265 string_list_sort(&ref_list);
1266 for (cmd = commands; cmd; cmd = cmd->next) {
1268 if (!cmd->error_string)
1269 check_aliased_update(cmd, &ref_list);
1270 }
1271 string_list_clear(&ref_list, 0);
1273}
1274static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1276{
1277 struct command **cmd_list = cb_data;
1278 struct command *cmd = *cmd_list;
1279 if (!cmd || is_null_oid(&cmd->new_oid))
1281 return -1; /* end of list */
1282 *cmd_list = NULL; /* this returns only one */
1283 oidcpy(oid, &cmd->new_oid);
1284 return 0;
1285}
1286static void set_connectivity_errors(struct command *commands,
1288 struct shallow_info *si)
1289{
1290 struct command *cmd;
1291 for (cmd = commands; cmd; cmd = cmd->next) {
1293 struct command *singleton = cmd;
1294 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1295 if (shallow_update && si->shallow_ref[cmd->index])
1297 /* to be checked in update_shallow_ref() */
1298 continue;
1299 opt.env = tmp_objdir_env(tmp_objdir);
1301 if (!check_connected(command_singleton_iterator, &singleton,
1302 &opt))
1303 continue;
1304 cmd->error_string = "missing necessary objects";
1306 }
1307}
1308struct iterate_data {
1310 struct command *cmds;
1311 struct shallow_info *si;
1312};
1313static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1315{
1316 struct iterate_data *data = cb_data;
1317 struct command **cmd_list = &data->cmds;
1318 struct command *cmd = *cmd_list;
1319 for (; cmd; cmd = cmd->next) {
1321 if (shallow_update && data->si->shallow_ref[cmd->index])
1322 /* to be checked in update_shallow_ref() */
1323 continue;
1324 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1325 oidcpy(oid, &cmd->new_oid);
1326 *cmd_list = cmd->next;
1327 return 0;
1328 }
1329 }
1330 *cmd_list = NULL;
1331 return -1; /* end of list */
1332}
1333static void reject_updates_to_hidden(struct command *commands)
1335{
1336 struct strbuf refname_full = STRBUF_INIT;
1337 size_t prefix_len;
1338 struct command *cmd;
1339 strbuf_addstr(&refname_full, get_git_namespace());
1341 prefix_len = refname_full.len;
1342 for (cmd = commands; cmd; cmd = cmd->next) {
1344 if (cmd->error_string)
1345 continue;
1346 strbuf_setlen(&refname_full, prefix_len);
1348 strbuf_addstr(&refname_full, cmd->ref_name);
1349 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1351 continue;
1352 if (is_null_oid(&cmd->new_oid))
1353 cmd->error_string = "deny deleting a hidden ref";
1354 else
1355 cmd->error_string = "deny updating a hidden ref";
1356 }
1357 strbuf_release(&refname_full);
1359}
1360static int should_process_cmd(struct command *cmd)
1362{
1363 return !cmd->error_string && !cmd->skip_update;
1364}
1365static void warn_if_skipped_connectivity_check(struct command *commands,
1367 struct shallow_info *si)
1368{
1369 struct command *cmd;
1370 int checked_connectivity = 1;
1371 for (cmd = commands; cmd; cmd = cmd->next) {
1373 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1374 error("BUG: connectivity check has not been run on ref %s",
1375 cmd->ref_name);
1376 checked_connectivity = 0;
1377 }
1378 }
1379 if (!checked_connectivity)
1380 die("BUG: connectivity check skipped???");
1381}
1382static void execute_commands_non_atomic(struct command *commands,
1384 struct shallow_info *si)
1385{
1386 struct command *cmd;
1387 struct strbuf err = STRBUF_INIT;
1388 for (cmd = commands; cmd; cmd = cmd->next) {
1390 if (!should_process_cmd(cmd))
1391 continue;
1392 transaction = ref_transaction_begin(&err);
1394 if (!transaction) {
1395 rp_error("%s", err.buf);
1396 strbuf_reset(&err);
1397 cmd->error_string = "transaction failed to start";
1398 continue;
1399 }
1400 cmd->error_string = update(cmd, si);
1402 if (!cmd->error_string
1404 && ref_transaction_commit(transaction, &err)) {
1405 rp_error("%s", err.buf);
1406 strbuf_reset(&err);
1407 cmd->error_string = "failed to update ref";
1408 }
1409 ref_transaction_free(transaction);
1410 }
1411 strbuf_release(&err);
1412}
1413static void execute_commands_atomic(struct command *commands,
1415 struct shallow_info *si)
1416{
1417 struct command *cmd;
1418 struct strbuf err = STRBUF_INIT;
1419 const char *reported_error = "atomic push failure";
1420 transaction = ref_transaction_begin(&err);
1422 if (!transaction) {
1423 rp_error("%s", err.buf);
1424 strbuf_reset(&err);
1425 reported_error = "transaction failed to start";
1426 goto failure;
1427 }
1428 for (cmd = commands; cmd; cmd = cmd->next) {
1430 if (!should_process_cmd(cmd))
1431 continue;
1432 cmd->error_string = update(cmd, si);
1434 if (cmd->error_string)
1436 goto failure;
1437 }
1438 if (ref_transaction_commit(transaction, &err)) {
1440 rp_error("%s", err.buf);
1441 reported_error = "atomic transaction failed";
1442 goto failure;
1443 }
1444 goto cleanup;
1445failure:
1447 for (cmd = commands; cmd; cmd = cmd->next)
1448 if (!cmd->error_string)
1449 cmd->error_string = reported_error;
1450cleanup:
1452 ref_transaction_free(transaction);
1453 strbuf_release(&err);
1454}
1455static void execute_commands(struct command *commands,
1457 const char *unpacker_error,
1458 struct shallow_info *si,
1459 const struct string_list *push_options)
1460{
1461 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1462 struct command *cmd;
1463 struct iterate_data data;
1464 struct async muxer;
1465 int err_fd = 0;
1466 if (unpacker_error) {
1468 for (cmd = commands; cmd; cmd = cmd->next)
1469 cmd->error_string = "unpacker error";
1470 return;
1471 }
1472 if (use_sideband) {
1474 memset(&muxer, 0, sizeof(muxer));
1475 muxer.proc = copy_to_sideband;
1476 muxer.in = -1;
1477 if (!start_async(&muxer))
1478 err_fd = muxer.in;
1479 /* ...else, continue without relaying sideband */
1480 }
1481 data.cmds = commands;
1483 data.si = si;
1484 opt.err_fd = err_fd;
1485 opt.progress = err_fd && !quiet;
1486 opt.env = tmp_objdir_env(tmp_objdir);
1487 if (check_connected(iterate_receive_command_list, &data, &opt))
1488 set_connectivity_errors(commands, si);
1489 if (use_sideband)
1491 finish_async(&muxer);
1492 reject_updates_to_hidden(commands);
1494 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1496 for (cmd = commands; cmd; cmd = cmd->next) {
1497 if (!cmd->error_string)
1498 cmd->error_string = "pre-receive hook declined";
1499 }
1500 return;
1501 }
1502 /*
1504 * Now we'll start writing out refs, which means the objects need
1505 * to be in their final positions so that other processes can see them.
1506 */
1507 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1508 for (cmd = commands; cmd; cmd = cmd->next) {
1509 if (!cmd->error_string)
1510 cmd->error_string = "unable to migrate objects to permanent storage";
1511 }
1512 return;
1513 }
1514 tmp_objdir = NULL;
1515 check_aliased_updates(commands);
1517 free(head_name_to_free);
1519 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1520 if (use_atomic)
1522 execute_commands_atomic(commands, si);
1523 else
1524 execute_commands_non_atomic(commands, si);
1525 if (shallow_update)
1527 warn_if_skipped_connectivity_check(commands, si);
1528}
1529static struct command **queue_command(struct command **tail,
1531 const char *line,
1532 int linelen)
1533{
1534 struct object_id old_oid, new_oid;
1535 struct command *cmd;
1536 const char *refname;
1537 int reflen;
1538 const char *p;
1539 if (parse_oid_hex(line, &old_oid, &p) ||
1541 *p++ != ' ' ||
1542 parse_oid_hex(p, &new_oid, &p) ||
1543 *p++ != ' ')
1544 die("protocol error: expected old/new/ref, got '%s'", line);
1545 refname = p;
1547 reflen = linelen - (p - line);
1548 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1549 oidcpy(&cmd->old_oid, &old_oid);
1550 oidcpy(&cmd->new_oid, &new_oid);
1551 *tail = cmd;
1552 return &cmd->next;
1553}
1554static void queue_commands_from_cert(struct command **tail,
1556 struct strbuf *push_cert)
1557{
1558 const char *boc, *eoc;
1559 if (*tail)
1561 die("protocol error: got both push certificate and unsigned commands");
1562 boc = strstr(push_cert->buf, "\n\n");
1564 if (!boc)
1565 die("malformed push certificate %.*s", 100, push_cert->buf);
1566 else
1567 boc += 2;
1568 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1569 while (boc < eoc) {
1571 const char *eol = memchr(boc, '\n', eoc - boc);
1572 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1573 boc = eol ? eol + 1 : eoc;
1574 }
1575}
1576static struct command *read_head_info(struct oid_array *shallow)
1578{
1579 struct command *commands = NULL;
1580 struct command **p = &commands;
1581 for (;;) {
1582 char *line;
1583 int len, linelen;
1584 line = packet_read_line(0, &len);
1586 if (!line)
1587 break;
1588 if (len > 8 && starts_with(line, "shallow ")) {
1590 struct object_id oid;
1591 if (get_oid_hex(line + 8, &oid))
1592 die("protocol error: expected shallow sha, got '%s'",
1593 line + 8);
1594 oid_array_append(shallow, &oid);
1595 continue;
1596 }
1597 linelen = strlen(line);
1599 if (linelen < len) {
1600 const char *feature_list = line + linelen + 1;
1601 if (parse_feature_request(feature_list, "report-status"))
1602 report_status = 1;
1603 if (parse_feature_request(feature_list, "side-band-64k"))
1604 use_sideband = LARGE_PACKET_MAX;
1605 if (parse_feature_request(feature_list, "quiet"))
1606 quiet = 1;
1607 if (advertise_atomic_push
1608 && parse_feature_request(feature_list, "atomic"))
1609 use_atomic = 1;
1610 if (advertise_push_options
1611 && parse_feature_request(feature_list, "push-options"))
1612 use_push_options = 1;
1613 }
1614 if (!strcmp(line, "push-cert")) {
1616 int true_flush = 0;
1617 char certbuf[1024];
1618 for (;;) {
1620 len = packet_read(0, NULL, NULL,
1621 certbuf, sizeof(certbuf), 0);
1622 if (!len) {
1623 true_flush = 1;
1624 break;
1625 }
1626 if (!strcmp(certbuf, "push-cert-end\n"))
1627 break; /* end of cert */
1628 strbuf_addstr(&push_cert, certbuf);
1629 }
1630 if (true_flush)
1632 break;
1633 continue;
1634 }
1635 p = queue_command(p, line, linelen);
1637 }
1638 if (push_cert.len)
1640 queue_commands_from_cert(p, &push_cert);
1641 return commands;
1643}
1644static void read_push_options(struct string_list *options)
1646{
1647 while (1) {
1648 char *line;
1649 int len;
1650 line = packet_read_line(0, &len);
1652 if (!line)
1654 break;
1655 string_list_append(options, line);
1657 }
1658}
1659static const char *parse_pack_header(struct pack_header *hdr)
1661{
1662 switch (read_pack_header(0, hdr)) {
1663 case PH_ERROR_EOF:
1664 return "eof before pack header was fully read";
1665 case PH_ERROR_PACK_SIGNATURE:
1667 return "protocol error (pack signature mismatch detected)";
1668 case PH_ERROR_PROTOCOL:
1670 return "protocol error (pack version unsupported)";
1671 default:
1673 return "unknown error in parse_pack_header";
1674 case 0:
1676 return NULL;
1677 }
1678}
1679static const char *pack_lockfile;
1681static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1683{
1684 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1685 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1686}
1687static const char *unpack(int err_fd, struct shallow_info *si)
1689{
1690 struct pack_header hdr;
1691 const char *hdr_err;
1692 int status;
1693 struct child_process child = CHILD_PROCESS_INIT;
1694 int fsck_objects = (receive_fsck_objects >= 0
1695 ? receive_fsck_objects
1696 : transfer_fsck_objects >= 0
1697 ? transfer_fsck_objects
1698 : 0);
1699 hdr_err = parse_pack_header(&hdr);
1701 if (hdr_err) {
1702 if (err_fd > 0)
1703 close(err_fd);
1704 return hdr_err;
1705 }
1706 if (si->nr_ours || si->nr_theirs) {
1708 alt_shallow_file = setup_temporary_shallow(si->shallow);
1709 argv_array_push(&child.args, "--shallow-file");
1710 argv_array_push(&child.args, alt_shallow_file);
1711 }
1712 tmp_objdir = tmp_objdir_create();
1714 if (!tmp_objdir) {
1715 if (err_fd > 0)
1716 close(err_fd);
1717 return "unable to create temporary object directory";
1718 }
1719 child.env = tmp_objdir_env(tmp_objdir);
1720 /*
1722 * Normally we just pass the tmp_objdir environment to the child
1723 * processes that do the heavy lifting, but we may need to see these
1724 * objects ourselves to set up shallow information.
1725 */
1726 tmp_objdir_add_as_alternate(tmp_objdir);
1727 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1729 argv_array_push(&child.args, "unpack-objects");
1730 push_header_arg(&child.args, &hdr);
1731 if (quiet)
1732 argv_array_push(&child.args, "-q");
1733 if (fsck_objects)
1734 argv_array_pushf(&child.args, "--strict%s",
1735 fsck_msg_types.buf);
1736 if (max_input_size)
1737 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1738 (uintmax_t)max_input_size);
1739 child.no_stdout = 1;
1740 child.err = err_fd;
1741 child.git_cmd = 1;
1742 status = run_command(&child);
1743 if (status)
1744 return "unpack-objects abnormal exit";
1745 } else {
1746 char hostname[HOST_NAME_MAX + 1];
1747 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1749 push_header_arg(&child.args, &hdr);
1750 if (xgethostname(hostname, sizeof(hostname)))
1752 xsnprintf(hostname, sizeof(hostname), "localhost");
1753 argv_array_pushf(&child.args,
1754 "--keep=receive-pack %"PRIuMAX" on %s",
1755 (uintmax_t)getpid(),
1756 hostname);
1757 if (!quiet && err_fd)
1759 argv_array_push(&child.args, "--show-resolving-progress");
1760 if (use_sideband)
1761 argv_array_push(&child.args, "--report-end-of-input");
1762 if (fsck_objects)
1763 argv_array_pushf(&child.args, "--strict%s",
1764 fsck_msg_types.buf);
1765 if (!reject_thin)
1766 argv_array_push(&child.args, "--fix-thin");
1767 if (max_input_size)
1768 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1769 (uintmax_t)max_input_size);
1770 child.out = -1;
1771 child.err = err_fd;
1772 child.git_cmd = 1;
1773 status = start_command(&child);
1774 if (status)
1775 return "index-pack fork failed";
1776 pack_lockfile = index_pack_lockfile(child.out);
1777 close(child.out);
1778 status = finish_command(&child);
1779 if (status)
1780 return "index-pack abnormal exit";
1781 reprepare_packed_git(the_repository);
1782 }
1783 return NULL;
1784}
1785static const char *unpack_with_sideband(struct shallow_info *si)
1787{
1788 struct async muxer;
1789 const char *ret;
1790 if (!use_sideband)
1792 return unpack(0, si);
1793 use_keepalive = KEEPALIVE_AFTER_NUL;
1795 memset(&muxer, 0, sizeof(muxer));
1796 muxer.proc = copy_to_sideband;
1797 muxer.in = -1;
1798 if (start_async(&muxer))
1799 return NULL;
1800 ret = unpack(muxer.in, si);
1802 finish_async(&muxer);
1804 return ret;
1805}
1806static void prepare_shallow_update(struct command *commands,
1808 struct shallow_info *si)
1809{
1810 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1811 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1813 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1814 si->need_reachability_test =
1816 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1817 si->reachable =
1818 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1819 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1820 for (i = 0; i < si->nr_ours; i++)
1822 si->need_reachability_test[si->ours[i]] = 1;
1823 for (i = 0; i < si->shallow->nr; i++) {
1825 if (!si->used_shallow[i])
1826 continue;
1827 for (j = 0; j < bitmap_size; j++) {
1828 if (!si->used_shallow[i][j])
1829 continue;
1830 si->need_reachability_test[i]++;
1831 for (k = 0; k < 32; k++)
1832 if (si->used_shallow[i][j] & (1U << k))
1833 si->shallow_ref[j * 32 + k]++;
1834 }
1835 /*
1837 * true for those associated with some refs and belong
1838 * in "ours" list aka "step 7 not done yet"
1839 */
1840 si->need_reachability_test[i] =
1841 si->need_reachability_test[i] > 1;
1842 }
1843 /*
1845 * keep hooks happy by forcing a temporary shallow file via
1846 * env variable because we can't add --shallow-file to every
1847 * command. check_everything_connected() will be done with
1848 * true .git/shallow though.
1849 */
1850 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1851}
1852static void update_shallow_info(struct command *commands,
1854 struct shallow_info *si,
1855 struct oid_array *ref)
1856{
1857 struct command *cmd;
1858 int *ref_status;
1859 remove_nonexistent_theirs_shallow(si);
1860 if (!si->nr_ours && !si->nr_theirs) {
1861 shallow_update = 0;
1862 return;
1863 }
1864 for (cmd = commands; cmd; cmd = cmd->next) {
1866 if (is_null_oid(&cmd->new_oid))
1867 continue;
1868 oid_array_append(ref, &cmd->new_oid);
1869 cmd->index = ref->nr - 1;
1870 }
1871 si->ref = ref;
1872 if (shallow_update) {
1874 prepare_shallow_update(commands, si);
1875 return;
1876 }
1877 ALLOC_ARRAY(ref_status, ref->nr);
1879 assign_shallow_commits_to_refs(si, NULL, ref_status);
1880 for (cmd = commands; cmd; cmd = cmd->next) {
1881 if (is_null_oid(&cmd->new_oid))
1882 continue;
1883 if (ref_status[cmd->index]) {
1884 cmd->error_string = "shallow update not allowed";
1885 cmd->skip_update = 1;
1886 }
1887 }
1888 free(ref_status);
1889}
1890static void report(struct command *commands, const char *unpack_status)
1892{
1893 struct command *cmd;
1894 struct strbuf buf = STRBUF_INIT;
1895 packet_buf_write(&buf, "unpack %s\n",
1897 unpack_status ? unpack_status : "ok");
1898 for (cmd = commands; cmd; cmd = cmd->next) {
1899 if (!cmd->error_string)
1900 packet_buf_write(&buf, "ok %s\n",
1901 cmd->ref_name);
1902 else
1903 packet_buf_write(&buf, "ng %s %s\n",
1904 cmd->ref_name, cmd->error_string);
1905 }
1906 packet_buf_flush(&buf);
1907 if (use_sideband)
1909 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1910 else
1911 write_or_die(1, buf.buf, buf.len);
1912 strbuf_release(&buf);
1913}
1914static int delete_only(struct command *commands)
1916{
1917 struct command *cmd;
1918 for (cmd = commands; cmd; cmd = cmd->next) {
1919 if (!is_null_oid(&cmd->new_oid))
1920 return 0;
1921 }
1922 return 1;
1923}
1924int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1926{
1927 int advertise_refs = 0;
1928 struct command *commands;
1929 struct oid_array shallow = OID_ARRAY_INIT;
1930 struct oid_array ref = OID_ARRAY_INIT;
1931 struct shallow_info si;
1932 struct option options[] = {
1934 OPT__QUIET(&quiet, N_("quiet")),
1935 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1936 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1937 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1938 OPT_END()
1939 };
1940 packet_trace_identity("receive-pack");
1942 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1944 if (argc > 1)
1946 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1947 if (argc == 0)
1948 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1949 service_dir = argv[0];
1951 setup_path();
1953 if (!enter_repo(service_dir, 0))
1955 die("'%s' does not appear to be a git repository", service_dir);
1956 git_config(receive_pack_config, NULL);
1958 if (cert_nonce_seed)
1959 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1960 if (0 <= transfer_unpack_limit)
1962 unpack_limit = transfer_unpack_limit;
1963 else if (0 <= receive_unpack_limit)
1964 unpack_limit = receive_unpack_limit;
1965 switch (determine_protocol_version_server()) {
1967 case protocol_v1:
1968 /*
1969 * v1 is just the original protocol with a version string,
1970 * so just fall through after writing the version string.
1971 */
1972 if (advertise_refs || !stateless_rpc)
1973 packet_write_fmt(1, "version 1\n");
1974 /* fallthrough */
1976 case protocol_v0:
1977 break;
1978 case protocol_unknown_version:
1979 BUG("unknown protocol version");
1980 }
1981 if (advertise_refs || !stateless_rpc) {
1983 write_head_info();
1984 }
1985 if (advertise_refs)
1986 return 0;
1987 if ((commands = read_head_info(&shallow)) != NULL) {
1989 const char *unpack_status = NULL;
1990 struct string_list push_options = STRING_LIST_INIT_DUP;
1991 if (use_push_options)
1993 read_push_options(&push_options);
1994 if (!check_cert_push_options(&push_options)) {
1995 struct command *cmd;
1996 for (cmd = commands; cmd; cmd = cmd->next)
1997 cmd->error_string = "inconsistent push options";
1998 }
1999 prepare_shallow_info(&si, &shallow);
2001 if (!si.nr_ours && !si.nr_theirs)
2002 shallow_update = 0;
2003 if (!delete_only(commands)) {
2004 unpack_status = unpack_with_sideband(&si);
2005 update_shallow_info(commands, &si, &ref);
2006 }
2007 use_keepalive = KEEPALIVE_ALWAYS;
2008 execute_commands(commands, unpack_status, &si,
2009 &push_options);
2010 if (pack_lockfile)
2011 unlink_or_warn(pack_lockfile);
2012 if (report_status)
2013 report(commands, unpack_status);
2014 run_receive_hook(commands, "post-receive", 1,
2015 &push_options);
2016 run_update_post_hook(commands);
2017 string_list_clear(&push_options, 0);
2018 if (auto_gc) {
2019 const char *argv_gc_auto[] = {
2020 "gc", "--auto", "--quiet", NULL,
2021 };
2022 struct child_process proc = CHILD_PROCESS_INIT;
2023 proc.no_stdin = 1;
2025 proc.stdout_to_stderr = 1;
2026 proc.err = use_sideband ? -1 : 0;
2027 proc.git_cmd = 1;
2028 proc.argv = argv_gc_auto;
2029 close_all_packs(the_repository->objects);
2031 if (!start_command(&proc)) {
2032 if (use_sideband)
2033 copy_to_sideband(proc.err, -1, NULL);
2034 finish_command(&proc);
2035 }
2036 }
2037 if (auto_update_server_info)
2038 update_server_info(0);
2039 clear_shallow_info(&si);
2040 }
2041 if (use_sideband)
2042 packet_flush(1);
2043 oid_array_clear(&shallow);
2044 oid_array_clear(&ref);
2045 free((void *)push_cert_nonce);
2046 return 0;
2047}