search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'va/i18n'
[git.git] / builtin / receive-pack.c
blob896b16f2cceba73a44529f3b3d4f6ecdc33e892c
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23
24 static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
27 };
28
29 enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
35 };
36
37 static int deny_deletes;
38 static int deny_non_fast_forwards;
39 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41 static int receive_fsck_objects = -1;
42 static int transfer_fsck_objects = -1;
43 static struct strbuf fsck_msg_types = STRBUF_INIT;
44 static int receive_unpack_limit = -1;
45 static int transfer_unpack_limit = -1;
46 static int advertise_atomic_push = 1;
47 static int advertise_push_options;
48 static int unpack_limit = 100;
49 static off_t max_input_size;
50 static int report_status;
51 static int use_sideband;
52 static int use_atomic;
53 static int use_push_options;
54 static int quiet;
55 static int prefer_ofs_delta = 1;
56 static int auto_update_server_info;
57 static int auto_gc = 1;
58 static int reject_thin;
59 static int stateless_rpc;
60 static const char *service_dir;
61 static const char *head_name;
62 static void *head_name_to_free;
63 static int sent_capabilities;
64 static int shallow_update;
65 static const char *alt_shallow_file;
66 static struct strbuf push_cert = STRBUF_INIT;
67 static unsigned char push_cert_sha1[20];
68 static struct signature_check sigcheck;
69 static const char *push_cert_nonce;
70 static const char *cert_nonce_seed;
71
72 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
73 static const char *NONCE_BAD = "BAD";
74 static const char *NONCE_MISSING = "MISSING";
75 static const char *NONCE_OK = "OK";
76 static const char *NONCE_SLOP = "SLOP";
77 static const char *nonce_status;
78 static long nonce_stamp_slop;
79 static unsigned long nonce_stamp_slop_limit;
80 static struct ref_transaction *transaction;
81
82 static enum {
83 KEEPALIVE_NEVER = 0,
84 KEEPALIVE_AFTER_NUL,
85 KEEPALIVE_ALWAYS
86 } use_keepalive;
87 static int keepalive_in_sec = 5;
88
89 static enum deny_action parse_deny_action(const char *var, const char *value)
90 {
91 if (value) {
92 if (!strcasecmp(value, "ignore"))
93 return DENY_IGNORE;
94 if (!strcasecmp(value, "warn"))
95 return DENY_WARN;
96 if (!strcasecmp(value, "refuse"))
97 return DENY_REFUSE;
98 if (!strcasecmp(value, "updateinstead"))
99 return DENY_UPDATE_INSTEAD;
100 }
101 if (git_config_bool(var, value))
102 return DENY_REFUSE;
103 return DENY_IGNORE;
104 }
105
106 static int receive_pack_config(const char *var, const char *value, void *cb)
107 {
108 int status = parse_hide_refs_config(var, value, "receive");
109
110 if (status)
111 return status;
112
113 if (strcmp(var, "receive.denydeletes") == 0) {
114 deny_deletes = git_config_bool(var, value);
115 return 0;
116 }
117
118 if (strcmp(var, "receive.denynonfastforwards") == 0) {
119 deny_non_fast_forwards = git_config_bool(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "receive.unpacklimit") == 0) {
124 receive_unpack_limit = git_config_int(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "transfer.unpacklimit") == 0) {
129 transfer_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.fsck.skiplist") == 0) {
134 const char *path;
135
136 if (git_config_pathname(&path, var, value))
137 return 1;
138 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
139 fsck_msg_types.len ? ',' : '=', path);
140 free((char *)path);
141 return 0;
142 }
143
144 if (skip_prefix(var, "receive.fsck.", &var)) {
145 if (is_valid_msg_type(var, value))
146 strbuf_addf(&fsck_msg_types, "%c%s=%s",
147 fsck_msg_types.len ? ',' : '=', var, value);
148 else
149 warning("Skipping unknown msg id '%s'", var);
150 return 0;
151 }
152
153 if (strcmp(var, "receive.fsckobjects") == 0) {
154 receive_fsck_objects = git_config_bool(var, value);
155 return 0;
156 }
157
158 if (strcmp(var, "transfer.fsckobjects") == 0) {
159 transfer_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162
163 if (!strcmp(var, "receive.denycurrentbranch")) {
164 deny_current_branch = parse_deny_action(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "receive.denydeletecurrent") == 0) {
169 deny_delete_current = parse_deny_action(var, value);
170 return 0;
171 }
172
173 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
174 prefer_ofs_delta = git_config_bool(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.updateserverinfo") == 0) {
179 auto_update_server_info = git_config_bool(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "receive.autogc") == 0) {
184 auto_gc = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.shallowupdate") == 0) {
189 shallow_update = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.certnonceseed") == 0)
194 return git_config_string(&cert_nonce_seed, var, value);
195
196 if (strcmp(var, "receive.certnonceslop") == 0) {
197 nonce_stamp_slop_limit = git_config_ulong(var, value);
198 return 0;
199 }
200
201 if (strcmp(var, "receive.advertiseatomic") == 0) {
202 advertise_atomic_push = git_config_bool(var, value);
203 return 0;
204 }
205
206 if (strcmp(var, "receive.advertisepushoptions") == 0) {
207 advertise_push_options = git_config_bool(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.keepalive") == 0) {
212 keepalive_in_sec = git_config_int(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.maxinputsize") == 0) {
217 max_input_size = git_config_int64(var, value);
218 return 0;
219 }
220
221 return git_default_config(var, value, cb);
222 }
223
224 static void show_ref(const char *path, const unsigned char *sha1)
225 {
226 if (sent_capabilities) {
227 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
228 } else {
229 struct strbuf cap = STRBUF_INIT;
230
231 strbuf_addstr(&cap,
232 "report-status delete-refs side-band-64k quiet");
233 if (advertise_atomic_push)
234 strbuf_addstr(&cap, " atomic");
235 if (prefer_ofs_delta)
236 strbuf_addstr(&cap, " ofs-delta");
237 if (push_cert_nonce)
238 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
239 if (advertise_push_options)
240 strbuf_addstr(&cap, " push-options");
241 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
242 packet_write(1, "%s %s%c%s\n",
243 sha1_to_hex(sha1), path, 0, cap.buf);
244 strbuf_release(&cap);
245 sent_capabilities = 1;
246 }
247 }
248
249 static int show_ref_cb(const char *path_full, const struct object_id *oid,
250 int flag, void *unused)
251 {
252 const char *path = strip_namespace(path_full);
253
254 if (ref_is_hidden(path, path_full))
255 return 0;
256
257 /*
258 * Advertise refs outside our current namespace as ".have"
259 * refs, so that the client can use them to minimize data
260 * transfer but will otherwise ignore them. This happens to
261 * cover ".have" that are thrown in by add_one_alternate_ref()
262 * to mark histories that are complete in our alternates as
263 * well.
264 */
265 if (!path)
266 path = ".have";
267 show_ref(path, oid->hash);
268 return 0;
269 }
270
271 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
272 {
273 show_ref(".have", sha1);
274 }
275
276 static void collect_one_alternate_ref(const struct ref *ref, void *data)
277 {
278 struct sha1_array *sa = data;
279 sha1_array_append(sa, ref->old_oid.hash);
280 }
281
282 static void write_head_info(void)
283 {
284 struct sha1_array sa = SHA1_ARRAY_INIT;
285
286 for_each_alternate_ref(collect_one_alternate_ref, &sa);
287 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
288 sha1_array_clear(&sa);
289 for_each_ref(show_ref_cb, NULL);
290 if (!sent_capabilities)
291 show_ref("capabilities^{}", null_sha1);
292
293 advertise_shallow_grafts(1);
294
295 /* EOF */
296 packet_flush(1);
297 }
298
299 struct command {
300 struct command *next;
301 const char *error_string;
302 unsigned int skip_update:1,
303 did_not_exist:1;
304 int index;
305 unsigned char old_sha1[20];
306 unsigned char new_sha1[20];
307 char ref_name[FLEX_ARRAY]; /* more */
308 };
309
310 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
311 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
312
313 static void report_message(const char *prefix, const char *err, va_list params)
314 {
315 int sz;
316 char msg[4096];
317
318 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
319 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
320 if (sz > (sizeof(msg) - 1))
321 sz = sizeof(msg) - 1;
322 msg[sz++] = '\n';
323
324 if (use_sideband)
325 send_sideband(1, 2, msg, sz, use_sideband);
326 else
327 xwrite(2, msg, sz);
328 }
329
330 static void rp_warning(const char *err, ...)
331 {
332 va_list params;
333 va_start(params, err);
334 report_message("warning: ", err, params);
335 va_end(params);
336 }
337
338 static void rp_error(const char *err, ...)
339 {
340 va_list params;
341 va_start(params, err);
342 report_message("error: ", err, params);
343 va_end(params);
344 }
345
346 static int copy_to_sideband(int in, int out, void *arg)
347 {
348 char data[128];
349 int keepalive_active = 0;
350
351 if (keepalive_in_sec <= 0)
352 use_keepalive = KEEPALIVE_NEVER;
353 if (use_keepalive == KEEPALIVE_ALWAYS)
354 keepalive_active = 1;
355
356 while (1) {
357 ssize_t sz;
358
359 if (keepalive_active) {
360 struct pollfd pfd;
361 int ret;
362
363 pfd.fd = in;
364 pfd.events = POLLIN;
365 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
366
367 if (ret < 0) {
368 if (errno == EINTR)
369 continue;
370 else
371 break;
372 } else if (ret == 0) {
373 /* no data; send a keepalive packet */
374 static const char buf[] = "0005\1";
375 write_or_die(1, buf, sizeof(buf) - 1);
376 continue;
377 } /* else there is actual data to read */
378 }
379
380 sz = xread(in, data, sizeof(data));
381 if (sz <= 0)
382 break;
383
384 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
385 const char *p = memchr(data, '\0', sz);
386 if (p) {
387 /*
388 * The NUL tells us to start sending keepalives. Make
389 * sure we send any other data we read along
390 * with it.
391 */
392 keepalive_active = 1;
393 send_sideband(1, 2, data, p - data, use_sideband);
394 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
395 continue;
396 }
397 }
398
399 /*
400 * Either we're not looking for a NUL signal, or we didn't see
401 * it yet; just pass along the data.
402 */
403 send_sideband(1, 2, data, sz, use_sideband);
404 }
405 close(in);
406 return 0;
407 }
408
409 #define HMAC_BLOCK_SIZE 64
410
411 static void hmac_sha1(unsigned char *out,
412 const char *key_in, size_t key_len,
413 const char *text, size_t text_len)
414 {
415 unsigned char key[HMAC_BLOCK_SIZE];
416 unsigned char k_ipad[HMAC_BLOCK_SIZE];
417 unsigned char k_opad[HMAC_BLOCK_SIZE];
418 int i;
419 git_SHA_CTX ctx;
420
421 /* RFC 2104 2. (1) */
422 memset(key, '\0', HMAC_BLOCK_SIZE);
423 if (HMAC_BLOCK_SIZE < key_len) {
424 git_SHA1_Init(&ctx);
425 git_SHA1_Update(&ctx, key_in, key_len);
426 git_SHA1_Final(key, &ctx);
427 } else {
428 memcpy(key, key_in, key_len);
429 }
430
431 /* RFC 2104 2. (2) & (5) */
432 for (i = 0; i < sizeof(key); i++) {
433 k_ipad[i] = key[i] ^ 0x36;
434 k_opad[i] = key[i] ^ 0x5c;
435 }
436
437 /* RFC 2104 2. (3) & (4) */
438 git_SHA1_Init(&ctx);
439 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
440 git_SHA1_Update(&ctx, text, text_len);
441 git_SHA1_Final(out, &ctx);
442
443 /* RFC 2104 2. (6) & (7) */
444 git_SHA1_Init(&ctx);
445 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
446 git_SHA1_Update(&ctx, out, 20);
447 git_SHA1_Final(out, &ctx);
448 }
449
450 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
451 {
452 struct strbuf buf = STRBUF_INIT;
453 unsigned char sha1[20];
454
455 strbuf_addf(&buf, "%s:%lu", path, stamp);
456 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
457 strbuf_release(&buf);
458
459 /* RFC 2104 5. HMAC-SHA1-80 */
460 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
461 return strbuf_detach(&buf, NULL);
462 }
463
464 /*
465 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
466 * after dropping "_commit" from its name and possibly moving it out
467 * of commit.c
468 */
469 static char *find_header(const char *msg, size_t len, const char *key)
470 {
471 int key_len = strlen(key);
472 const char *line = msg;
473
474 while (line && line < msg + len) {
475 const char *eol = strchrnul(line, '\n');
476
477 if ((msg + len <= eol) || line == eol)
478 return NULL;
479 if (line + key_len < eol &&
480 !memcmp(line, key, key_len) && line[key_len] == ' ') {
481 int offset = key_len + 1;
482 return xmemdupz(line + offset, (eol - line) - offset);
483 }
484 line = *eol ? eol + 1 : NULL;
485 }
486 return NULL;
487 }
488
489 static const char *check_nonce(const char *buf, size_t len)
490 {
491 char *nonce = find_header(buf, len, "nonce");
492 unsigned long stamp, ostamp;
493 char *bohmac, *expect = NULL;
494 const char *retval = NONCE_BAD;
495
496 if (!nonce) {
497 retval = NONCE_MISSING;
498 goto leave;
499 } else if (!push_cert_nonce) {
500 retval = NONCE_UNSOLICITED;
501 goto leave;
502 } else if (!strcmp(push_cert_nonce, nonce)) {
503 retval = NONCE_OK;
504 goto leave;
505 }
506
507 if (!stateless_rpc) {
508 /* returned nonce MUST match what we gave out earlier */
509 retval = NONCE_BAD;
510 goto leave;
511 }
512
513 /*
514 * In stateless mode, we may be receiving a nonce issued by
515 * another instance of the server that serving the same
516 * repository, and the timestamps may not match, but the
517 * nonce-seed and dir should match, so we can recompute and
518 * report the time slop.
519 *
520 * In addition, when a nonce issued by another instance has
521 * timestamp within receive.certnonceslop seconds, we pretend
522 * as if we issued that nonce when reporting to the hook.
523 */
524
525 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
526 if (*nonce <= '0' || '9' < *nonce) {
527 retval = NONCE_BAD;
528 goto leave;
529 }
530 stamp = strtoul(nonce, &bohmac, 10);
531 if (bohmac == nonce || bohmac[0] != '-') {
532 retval = NONCE_BAD;
533 goto leave;
534 }
535
536 expect = prepare_push_cert_nonce(service_dir, stamp);
537 if (strcmp(expect, nonce)) {
538 /* Not what we would have signed earlier */
539 retval = NONCE_BAD;
540 goto leave;
541 }
542
543 /*
544 * By how many seconds is this nonce stale? Negative value
545 * would mean it was issued by another server with its clock
546 * skewed in the future.
547 */
548 ostamp = strtoul(push_cert_nonce, NULL, 10);
549 nonce_stamp_slop = (long)ostamp - (long)stamp;
550
551 if (nonce_stamp_slop_limit &&
552 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
553 /*
554 * Pretend as if the received nonce (which passes the
555 * HMAC check, so it is not a forged by third-party)
556 * is what we issued.
557 */
558 free((void *)push_cert_nonce);
559 push_cert_nonce = xstrdup(nonce);
560 retval = NONCE_OK;
561 } else {
562 retval = NONCE_SLOP;
563 }
564
565 leave:
566 free(nonce);
567 free(expect);
568 return retval;
569 }
570
571 static void prepare_push_cert_sha1(struct child_process *proc)
572 {
573 static int already_done;
574
575 if (!push_cert.len)
576 return;
577
578 if (!already_done) {
579 struct strbuf gpg_output = STRBUF_INIT;
580 struct strbuf gpg_status = STRBUF_INIT;
581 int bogs /* beginning_of_gpg_sig */;
582
583 already_done = 1;
584 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
585 hashclr(push_cert_sha1);
586
587 memset(&sigcheck, '\0', sizeof(sigcheck));
588 sigcheck.result = 'N';
589
590 bogs = parse_signature(push_cert.buf, push_cert.len);
591 if (verify_signed_buffer(push_cert.buf, bogs,
592 push_cert.buf + bogs, push_cert.len - bogs,
593 &gpg_output, &gpg_status) < 0) {
594 ; /* error running gpg */
595 } else {
596 sigcheck.payload = push_cert.buf;
597 sigcheck.gpg_output = gpg_output.buf;
598 sigcheck.gpg_status = gpg_status.buf;
599 parse_gpg_output(&sigcheck);
600 }
601
602 strbuf_release(&gpg_output);
603 strbuf_release(&gpg_status);
604 nonce_status = check_nonce(push_cert.buf, bogs);
605 }
606 if (!is_null_sha1(push_cert_sha1)) {
607 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
608 sha1_to_hex(push_cert_sha1));
609 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
610 sigcheck.signer ? sigcheck.signer : "");
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
612 sigcheck.key ? sigcheck.key : "");
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
614 sigcheck.result);
615 if (push_cert_nonce) {
616 argv_array_pushf(&proc->env_array,
617 "GIT_PUSH_CERT_NONCE=%s",
618 push_cert_nonce);
619 argv_array_pushf(&proc->env_array,
620 "GIT_PUSH_CERT_NONCE_STATUS=%s",
621 nonce_status);
622 if (nonce_status == NONCE_SLOP)
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
625 nonce_stamp_slop);
626 }
627 }
628 }
629
630 struct receive_hook_feed_state {
631 struct command *cmd;
632 int skip_broken;
633 struct strbuf buf;
634 const struct string_list *push_options;
635 };
636
637 typedef int (*feed_fn)(void *, const char **, size_t *);
638 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
639 struct receive_hook_feed_state *feed_state)
640 {
641 struct child_process proc = CHILD_PROCESS_INIT;
642 struct async muxer;
643 const char *argv[2];
644 int code;
645
646 argv[0] = find_hook(hook_name);
647 if (!argv[0])
648 return 0;
649
650 argv[1] = NULL;
651
652 proc.argv = argv;
653 proc.in = -1;
654 proc.stdout_to_stderr = 1;
655 if (feed_state->push_options) {
656 int i;
657 for (i = 0; i < feed_state->push_options->nr; i++)
658 argv_array_pushf(&proc.env_array,
659 "GIT_PUSH_OPTION_%d=%s", i,
660 feed_state->push_options->items[i].string);
661 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
662 feed_state->push_options->nr);
663 } else
664 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
665
666 if (use_sideband) {
667 memset(&muxer, 0, sizeof(muxer));
668 muxer.proc = copy_to_sideband;
669 muxer.in = -1;
670 code = start_async(&muxer);
671 if (code)
672 return code;
673 proc.err = muxer.in;
674 }
675
676 prepare_push_cert_sha1(&proc);
677
678 code = start_command(&proc);
679 if (code) {
680 if (use_sideband)
681 finish_async(&muxer);
682 return code;
683 }
684
685 sigchain_push(SIGPIPE, SIG_IGN);
686
687 while (1) {
688 const char *buf;
689 size_t n;
690 if (feed(feed_state, &buf, &n))
691 break;
692 if (write_in_full(proc.in, buf, n) != n)
693 break;
694 }
695 close(proc.in);
696 if (use_sideband)
697 finish_async(&muxer);
698
699 sigchain_pop(SIGPIPE);
700
701 return finish_command(&proc);
702 }
703
704 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
705 {
706 struct receive_hook_feed_state *state = state_;
707 struct command *cmd = state->cmd;
708
709 while (cmd &&
710 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
711 cmd = cmd->next;
712 if (!cmd)
713 return -1; /* EOF */
714 strbuf_reset(&state->buf);
715 strbuf_addf(&state->buf, "%s %s %s\n",
716 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
717 cmd->ref_name);
718 state->cmd = cmd->next;
719 if (bufp) {
720 *bufp = state->buf.buf;
721 *sizep = state->buf.len;
722 }
723 return 0;
724 }
725
726 static int run_receive_hook(struct command *commands,
727 const char *hook_name,
728 int skip_broken,
729 const struct string_list *push_options)
730 {
731 struct receive_hook_feed_state state;
732 int status;
733
734 strbuf_init(&state.buf, 0);
735 state.cmd = commands;
736 state.skip_broken = skip_broken;
737 if (feed_receive_hook(&state, NULL, NULL))
738 return 0;
739 state.cmd = commands;
740 state.push_options = push_options;
741 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
742 strbuf_release(&state.buf);
743 return status;
744 }
745
746 static int run_update_hook(struct command *cmd)
747 {
748 const char *argv[5];
749 struct child_process proc = CHILD_PROCESS_INIT;
750 int code;
751
752 argv[0] = find_hook("update");
753 if (!argv[0])
754 return 0;
755
756 argv[1] = cmd->ref_name;
757 argv[2] = sha1_to_hex(cmd->old_sha1);
758 argv[3] = sha1_to_hex(cmd->new_sha1);
759 argv[4] = NULL;
760
761 proc.no_stdin = 1;
762 proc.stdout_to_stderr = 1;
763 proc.err = use_sideband ? -1 : 0;
764 proc.argv = argv;
765
766 code = start_command(&proc);
767 if (code)
768 return code;
769 if (use_sideband)
770 copy_to_sideband(proc.err, -1, NULL);
771 return finish_command(&proc);
772 }
773
774 static int is_ref_checked_out(const char *ref)
775 {
776 if (is_bare_repository())
777 return 0;
778
779 if (!head_name)
780 return 0;
781 return !strcmp(head_name, ref);
782 }
783
784 static char *refuse_unconfigured_deny_msg =
785 N_("By default, updating the current branch in a non-bare repository\n"
786 "is denied, because it will make the index and work tree inconsistent\n"
787 "with what you pushed, and will require 'git reset --hard' to match\n"
788 "the work tree to HEAD.\n"
789 "\n"
790 "You can set 'receive.denyCurrentBranch' configuration variable to\n"
791 "'ignore' or 'warn' in the remote repository to allow pushing into\n"
792 "its current branch; however, this is not recommended unless you\n"
793 "arranged to update its work tree to match what you pushed in some\n"
794 "other way.\n"
795 "\n"
796 "To squelch this message and still keep the default behaviour, set\n"
797 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
798
799 static void refuse_unconfigured_deny(void)
800 {
801 rp_error("%s", _(refuse_unconfigured_deny_msg));
802 }
803
804 static char *refuse_unconfigured_deny_delete_current_msg =
805 N_("By default, deleting the current branch is denied, because the next\n"
806 "'git clone' won't result in any file checked out, causing confusion.\n"
807 "\n"
808 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
809 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
810 "current branch, with or without a warning message.\n"
811 "\n"
812 "To squelch this message, you can set it to 'refuse'.");
813
814 static void refuse_unconfigured_deny_delete_current(void)
815 {
816 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
817 }
818
819 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
820 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
821 {
822 static struct lock_file shallow_lock;
823 struct sha1_array extra = SHA1_ARRAY_INIT;
824 struct check_connected_options opt = CHECK_CONNECTED_INIT;
825 uint32_t mask = 1 << (cmd->index % 32);
826 int i;
827
828 trace_printf_key(&trace_shallow,
829 "shallow: update_shallow_ref %s\n", cmd->ref_name);
830 for (i = 0; i < si->shallow->nr; i++)
831 if (si->used_shallow[i] &&
832 (si->used_shallow[i][cmd->index / 32] & mask) &&
833 !delayed_reachability_test(si, i))
834 sha1_array_append(&extra, si->shallow->sha1[i]);
835
836 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
837 if (check_connected(command_singleton_iterator, cmd, &opt)) {
838 rollback_lock_file(&shallow_lock);
839 sha1_array_clear(&extra);
840 return -1;
841 }
842
843 commit_lock_file(&shallow_lock);
844
845 /*
846 * Make sure setup_alternate_shallow() for the next ref does
847 * not lose these new roots..
848 */
849 for (i = 0; i < extra.nr; i++)
850 register_shallow(extra.sha1[i]);
851
852 si->shallow_ref[cmd->index] = 0;
853 sha1_array_clear(&extra);
854 return 0;
855 }
856
857 /*
858 * NEEDSWORK: we should consolidate various implementions of "are we
859 * on an unborn branch?" test into one, and make the unified one more
860 * robust. !get_sha1() based check used here and elsewhere would not
861 * allow us to tell an unborn branch from corrupt ref, for example.
862 * For the purpose of fixing "deploy-to-update does not work when
863 * pushing into an empty repository" issue, this should suffice for
864 * now.
865 */
866 static int head_has_history(void)
867 {
868 unsigned char sha1[20];
869
870 return !get_sha1("HEAD", sha1);
871 }
872
873 static const char *push_to_deploy(unsigned char *sha1,
874 struct argv_array *env,
875 const char *work_tree)
876 {
877 const char *update_refresh[] = {
878 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
879 };
880 const char *diff_files[] = {
881 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
882 };
883 const char *diff_index[] = {
884 "diff-index", "--quiet", "--cached", "--ignore-submodules",
885 NULL, "--", NULL
886 };
887 const char *read_tree[] = {
888 "read-tree", "-u", "-m", NULL, NULL
889 };
890 struct child_process child = CHILD_PROCESS_INIT;
891
892 child.argv = update_refresh;
893 child.env = env->argv;
894 child.dir = work_tree;
895 child.no_stdin = 1;
896 child.stdout_to_stderr = 1;
897 child.git_cmd = 1;
898 if (run_command(&child))
899 return "Up-to-date check failed";
900
901 /* run_command() does not clean up completely; reinitialize */
902 child_process_init(&child);
903 child.argv = diff_files;
904 child.env = env->argv;
905 child.dir = work_tree;
906 child.no_stdin = 1;
907 child.stdout_to_stderr = 1;
908 child.git_cmd = 1;
909 if (run_command(&child))
910 return "Working directory has unstaged changes";
911
912 /* diff-index with either HEAD or an empty tree */
913 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
914
915 child_process_init(&child);
916 child.argv = diff_index;
917 child.env = env->argv;
918 child.no_stdin = 1;
919 child.no_stdout = 1;
920 child.stdout_to_stderr = 0;
921 child.git_cmd = 1;
922 if (run_command(&child))
923 return "Working directory has staged changes";
924
925 read_tree[3] = sha1_to_hex(sha1);
926 child_process_init(&child);
927 child.argv = read_tree;
928 child.env = env->argv;
929 child.dir = work_tree;
930 child.no_stdin = 1;
931 child.no_stdout = 1;
932 child.stdout_to_stderr = 0;
933 child.git_cmd = 1;
934 if (run_command(&child))
935 return "Could not update working tree to new HEAD";
936
937 return NULL;
938 }
939
940 static const char *push_to_checkout_hook = "push-to-checkout";
941
942 static const char *push_to_checkout(unsigned char *sha1,
943 struct argv_array *env,
944 const char *work_tree)
945 {
946 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
947 if (run_hook_le(env->argv, push_to_checkout_hook,
948 sha1_to_hex(sha1), NULL))
949 return "push-to-checkout hook declined";
950 else
951 return NULL;
952 }
953
954 static const char *update_worktree(unsigned char *sha1)
955 {
956 const char *retval;
957 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
958 struct argv_array env = ARGV_ARRAY_INIT;
959
960 if (is_bare_repository())
961 return "denyCurrentBranch = updateInstead needs a worktree";
962
963 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
964
965 if (!find_hook(push_to_checkout_hook))
966 retval = push_to_deploy(sha1, &env, work_tree);
967 else
968 retval = push_to_checkout(sha1, &env, work_tree);
969
970 argv_array_clear(&env);
971 return retval;
972 }
973
974 static const char *update(struct command *cmd, struct shallow_info *si)
975 {
976 const char *name = cmd->ref_name;
977 struct strbuf namespaced_name_buf = STRBUF_INIT;
978 const char *namespaced_name, *ret;
979 unsigned char *old_sha1 = cmd->old_sha1;
980 unsigned char *new_sha1 = cmd->new_sha1;
981
982 /* only refs/... are allowed */
983 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
984 rp_error("refusing to create funny ref '%s' remotely", name);
985 return "funny refname";
986 }
987
988 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
989 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
990
991 if (is_ref_checked_out(namespaced_name)) {
992 switch (deny_current_branch) {
993 case DENY_IGNORE:
994 break;
995 case DENY_WARN:
996 rp_warning("updating the current branch");
997 break;
998 case DENY_REFUSE:
999 case DENY_UNCONFIGURED:
1000 rp_error("refusing to update checked out branch: %s", name);
1001 if (deny_current_branch == DENY_UNCONFIGURED)
1002 refuse_unconfigured_deny();
1003 return "branch is currently checked out";
1004 case DENY_UPDATE_INSTEAD:
1005 ret = update_worktree(new_sha1);
1006 if (ret)
1007 return ret;
1008 break;
1009 }
1010 }
1011
1012 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1013 error("unpack should have generated %s, "
1014 "but I can't find it!", sha1_to_hex(new_sha1));
1015 return "bad pack";
1016 }
1017
1018 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1019 if (deny_deletes && starts_with(name, "refs/heads/")) {
1020 rp_error("denying ref deletion for %s", name);
1021 return "deletion prohibited";
1022 }
1023
1024 if (head_name && !strcmp(namespaced_name, head_name)) {
1025 switch (deny_delete_current) {
1026 case DENY_IGNORE:
1027 break;
1028 case DENY_WARN:
1029 rp_warning("deleting the current branch");
1030 break;
1031 case DENY_REFUSE:
1032 case DENY_UNCONFIGURED:
1033 case DENY_UPDATE_INSTEAD:
1034 if (deny_delete_current == DENY_UNCONFIGURED)
1035 refuse_unconfigured_deny_delete_current();
1036 rp_error("refusing to delete the current branch: %s", name);
1037 return "deletion of the current branch prohibited";
1038 default:
1039 return "Invalid denyDeleteCurrent setting";
1040 }
1041 }
1042 }
1043
1044 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1045 !is_null_sha1(old_sha1) &&
1046 starts_with(name, "refs/heads/")) {
1047 struct object *old_object, *new_object;
1048 struct commit *old_commit, *new_commit;
1049
1050 old_object = parse_object(old_sha1);
1051 new_object = parse_object(new_sha1);
1052
1053 if (!old_object || !new_object ||
1054 old_object->type != OBJ_COMMIT ||
1055 new_object->type != OBJ_COMMIT) {
1056 error("bad sha1 objects for %s", name);
1057 return "bad ref";
1058 }
1059 old_commit = (struct commit *)old_object;
1060 new_commit = (struct commit *)new_object;
1061 if (!in_merge_bases(old_commit, new_commit)) {
1062 rp_error("denying non-fast-forward %s"
1063 " (you should pull first)", name);
1064 return "non-fast-forward";
1065 }
1066 }
1067 if (run_update_hook(cmd)) {
1068 rp_error("hook declined to update %s", name);
1069 return "hook declined";
1070 }
1071
1072 if (is_null_sha1(new_sha1)) {
1073 struct strbuf err = STRBUF_INIT;
1074 if (!parse_object(old_sha1)) {
1075 old_sha1 = NULL;
1076 if (ref_exists(name)) {
1077 rp_warning("Allowing deletion of corrupt ref.");
1078 } else {
1079 rp_warning("Deleting a non-existent ref.");
1080 cmd->did_not_exist = 1;
1081 }
1082 }
1083 if (ref_transaction_delete(transaction,
1084 namespaced_name,
1085 old_sha1,
1086 0, "push", &err)) {
1087 rp_error("%s", err.buf);
1088 strbuf_release(&err);
1089 return "failed to delete";
1090 }
1091 strbuf_release(&err);
1092 return NULL; /* good */
1093 }
1094 else {
1095 struct strbuf err = STRBUF_INIT;
1096 if (shallow_update && si->shallow_ref[cmd->index] &&
1097 update_shallow_ref(cmd, si))
1098 return "shallow error";
1099
1100 if (ref_transaction_update(transaction,
1101 namespaced_name,
1102 new_sha1, old_sha1,
1103 0, "push",
1104 &err)) {
1105 rp_error("%s", err.buf);
1106 strbuf_release(&err);
1107
1108 return "failed to update ref";
1109 }
1110 strbuf_release(&err);
1111
1112 return NULL; /* good */
1113 }
1114 }
1115
1116 static void run_update_post_hook(struct command *commands)
1117 {
1118 struct command *cmd;
1119 int argc;
1120 struct child_process proc = CHILD_PROCESS_INIT;
1121 const char *hook;
1122
1123 hook = find_hook("post-update");
1124 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1125 if (cmd->error_string || cmd->did_not_exist)
1126 continue;
1127 argc++;
1128 }
1129 if (!argc || !hook)
1130 return;
1131
1132 argv_array_push(&proc.args, hook);
1133 for (cmd = commands; cmd; cmd = cmd->next) {
1134 if (cmd->error_string || cmd->did_not_exist)
1135 continue;
1136 argv_array_push(&proc.args, cmd->ref_name);
1137 }
1138
1139 proc.no_stdin = 1;
1140 proc.stdout_to_stderr = 1;
1141 proc.err = use_sideband ? -1 : 0;
1142
1143 if (!start_command(&proc)) {
1144 if (use_sideband)
1145 copy_to_sideband(proc.err, -1, NULL);
1146 finish_command(&proc);
1147 }
1148 }
1149
1150 static void check_aliased_update(struct command *cmd, struct string_list *list)
1151 {
1152 struct strbuf buf = STRBUF_INIT;
1153 const char *dst_name;
1154 struct string_list_item *item;
1155 struct command *dst_cmd;
1156 unsigned char sha1[GIT_SHA1_RAWSZ];
1157 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1158 cmd_newh[GIT_SHA1_HEXSZ + 1],
1159 dst_oldh[GIT_SHA1_HEXSZ + 1],
1160 dst_newh[GIT_SHA1_HEXSZ + 1];
1161 int flag;
1162
1163 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1164 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1165 strbuf_release(&buf);
1166
1167 if (!(flag & REF_ISSYMREF))
1168 return;
1169
1170 if (!dst_name) {
1171 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1172 cmd->skip_update = 1;
1173 cmd->error_string = "broken symref";
1174 return;
1175 }
1176 dst_name = strip_namespace(dst_name);
1177
1178 if ((item = string_list_lookup(list, dst_name)) == NULL)
1179 return;
1180
1181 cmd->skip_update = 1;
1182
1183 dst_cmd = (struct command *) item->util;
1184
1185 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1186 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1187 return;
1188
1189 dst_cmd->skip_update = 1;
1190
1191 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1192 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1193 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1194 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1195 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1196 " its target '%s' (%s..%s)",
1197 cmd->ref_name, cmd_oldh, cmd_newh,
1198 dst_cmd->ref_name, dst_oldh, dst_newh);
1199
1200 cmd->error_string = dst_cmd->error_string =
1201 "inconsistent aliased update";
1202 }
1203
1204 static void check_aliased_updates(struct command *commands)
1205 {
1206 struct command *cmd;
1207 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1208
1209 for (cmd = commands; cmd; cmd = cmd->next) {
1210 struct string_list_item *item =
1211 string_list_append(&ref_list, cmd->ref_name);
1212 item->util = (void *)cmd;
1213 }
1214 string_list_sort(&ref_list);
1215
1216 for (cmd = commands; cmd; cmd = cmd->next) {
1217 if (!cmd->error_string)
1218 check_aliased_update(cmd, &ref_list);
1219 }
1220
1221 string_list_clear(&ref_list, 0);
1222 }
1223
1224 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1225 {
1226 struct command **cmd_list = cb_data;
1227 struct command *cmd = *cmd_list;
1228
1229 if (!cmd || is_null_sha1(cmd->new_sha1))
1230 return -1; /* end of list */
1231 *cmd_list = NULL; /* this returns only one */
1232 hashcpy(sha1, cmd->new_sha1);
1233 return 0;
1234 }
1235
1236 static void set_connectivity_errors(struct command *commands,
1237 struct shallow_info *si)
1238 {
1239 struct command *cmd;
1240
1241 for (cmd = commands; cmd; cmd = cmd->next) {
1242 struct command *singleton = cmd;
1243 if (shallow_update && si->shallow_ref[cmd->index])
1244 /* to be checked in update_shallow_ref() */
1245 continue;
1246 if (!check_connected(command_singleton_iterator, &singleton,
1247 NULL))
1248 continue;
1249 cmd->error_string = "missing necessary objects";
1250 }
1251 }
1252
1253 struct iterate_data {
1254 struct command *cmds;
1255 struct shallow_info *si;
1256 };
1257
1258 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1259 {
1260 struct iterate_data *data = cb_data;
1261 struct command **cmd_list = &data->cmds;
1262 struct command *cmd = *cmd_list;
1263
1264 for (; cmd; cmd = cmd->next) {
1265 if (shallow_update && data->si->shallow_ref[cmd->index])
1266 /* to be checked in update_shallow_ref() */
1267 continue;
1268 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1269 hashcpy(sha1, cmd->new_sha1);
1270 *cmd_list = cmd->next;
1271 return 0;
1272 }
1273 }
1274 *cmd_list = NULL;
1275 return -1; /* end of list */
1276 }
1277
1278 static void reject_updates_to_hidden(struct command *commands)
1279 {
1280 struct strbuf refname_full = STRBUF_INIT;
1281 size_t prefix_len;
1282 struct command *cmd;
1283
1284 strbuf_addstr(&refname_full, get_git_namespace());
1285 prefix_len = refname_full.len;
1286
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1288 if (cmd->error_string)
1289 continue;
1290
1291 strbuf_setlen(&refname_full, prefix_len);
1292 strbuf_addstr(&refname_full, cmd->ref_name);
1293
1294 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1295 continue;
1296 if (is_null_sha1(cmd->new_sha1))
1297 cmd->error_string = "deny deleting a hidden ref";
1298 else
1299 cmd->error_string = "deny updating a hidden ref";
1300 }
1301
1302 strbuf_release(&refname_full);
1303 }
1304
1305 static int should_process_cmd(struct command *cmd)
1306 {
1307 return !cmd->error_string && !cmd->skip_update;
1308 }
1309
1310 static void warn_if_skipped_connectivity_check(struct command *commands,
1311 struct shallow_info *si)
1312 {
1313 struct command *cmd;
1314 int checked_connectivity = 1;
1315
1316 for (cmd = commands; cmd; cmd = cmd->next) {
1317 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1318 error("BUG: connectivity check has not been run on ref %s",
1319 cmd->ref_name);
1320 checked_connectivity = 0;
1321 }
1322 }
1323 if (!checked_connectivity)
1324 die("BUG: connectivity check skipped???");
1325 }
1326
1327 static void execute_commands_non_atomic(struct command *commands,
1328 struct shallow_info *si)
1329 {
1330 struct command *cmd;
1331 struct strbuf err = STRBUF_INIT;
1332
1333 for (cmd = commands; cmd; cmd = cmd->next) {
1334 if (!should_process_cmd(cmd))
1335 continue;
1336
1337 transaction = ref_transaction_begin(&err);
1338 if (!transaction) {
1339 rp_error("%s", err.buf);
1340 strbuf_reset(&err);
1341 cmd->error_string = "transaction failed to start";
1342 continue;
1343 }
1344
1345 cmd->error_string = update(cmd, si);
1346
1347 if (!cmd->error_string
1348 && ref_transaction_commit(transaction, &err)) {
1349 rp_error("%s", err.buf);
1350 strbuf_reset(&err);
1351 cmd->error_string = "failed to update ref";
1352 }
1353 ref_transaction_free(transaction);
1354 }
1355 strbuf_release(&err);
1356 }
1357
1358 static void execute_commands_atomic(struct command *commands,
1359 struct shallow_info *si)
1360 {
1361 struct command *cmd;
1362 struct strbuf err = STRBUF_INIT;
1363 const char *reported_error = "atomic push failure";
1364
1365 transaction = ref_transaction_begin(&err);
1366 if (!transaction) {
1367 rp_error("%s", err.buf);
1368 strbuf_reset(&err);
1369 reported_error = "transaction failed to start";
1370 goto failure;
1371 }
1372
1373 for (cmd = commands; cmd; cmd = cmd->next) {
1374 if (!should_process_cmd(cmd))
1375 continue;
1376
1377 cmd->error_string = update(cmd, si);
1378
1379 if (cmd->error_string)
1380 goto failure;
1381 }
1382
1383 if (ref_transaction_commit(transaction, &err)) {
1384 rp_error("%s", err.buf);
1385 reported_error = "atomic transaction failed";
1386 goto failure;
1387 }
1388 goto cleanup;
1389
1390 failure:
1391 for (cmd = commands; cmd; cmd = cmd->next)
1392 if (!cmd->error_string)
1393 cmd->error_string = reported_error;
1394
1395 cleanup:
1396 ref_transaction_free(transaction);
1397 strbuf_release(&err);
1398 }
1399
1400 static void execute_commands(struct command *commands,
1401 const char *unpacker_error,
1402 struct shallow_info *si,
1403 const struct string_list *push_options)
1404 {
1405 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1406 struct command *cmd;
1407 unsigned char sha1[20];
1408 struct iterate_data data;
1409 struct async muxer;
1410 int err_fd = 0;
1411
1412 if (unpacker_error) {
1413 for (cmd = commands; cmd; cmd = cmd->next)
1414 cmd->error_string = "unpacker error";
1415 return;
1416 }
1417
1418 if (use_sideband) {
1419 memset(&muxer, 0, sizeof(muxer));
1420 muxer.proc = copy_to_sideband;
1421 muxer.in = -1;
1422 if (!start_async(&muxer))
1423 err_fd = muxer.in;
1424 /* ...else, continue without relaying sideband */
1425 }
1426
1427 data.cmds = commands;
1428 data.si = si;
1429 opt.err_fd = err_fd;
1430 opt.progress = err_fd && !quiet;
1431 if (check_connected(iterate_receive_command_list, &data, &opt))
1432 set_connectivity_errors(commands, si);
1433
1434 if (use_sideband)
1435 finish_async(&muxer);
1436
1437 reject_updates_to_hidden(commands);
1438
1439 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1440 for (cmd = commands; cmd; cmd = cmd->next) {
1441 if (!cmd->error_string)
1442 cmd->error_string = "pre-receive hook declined";
1443 }
1444 return;
1445 }
1446
1447 check_aliased_updates(commands);
1448
1449 free(head_name_to_free);
1450 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1451
1452 if (use_atomic)
1453 execute_commands_atomic(commands, si);
1454 else
1455 execute_commands_non_atomic(commands, si);
1456
1457 if (shallow_update)
1458 warn_if_skipped_connectivity_check(commands, si);
1459 }
1460
1461 static struct command **queue_command(struct command **tail,
1462 const char *line,
1463 int linelen)
1464 {
1465 unsigned char old_sha1[20], new_sha1[20];
1466 struct command *cmd;
1467 const char *refname;
1468 int reflen;
1469
1470 if (linelen < 83 ||
1471 line[40] != ' ' ||
1472 line[81] != ' ' ||
1473 get_sha1_hex(line, old_sha1) ||
1474 get_sha1_hex(line + 41, new_sha1))
1475 die("protocol error: expected old/new/ref, got '%s'", line);
1476
1477 refname = line + 82;
1478 reflen = linelen - 82;
1479 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1480 hashcpy(cmd->old_sha1, old_sha1);
1481 hashcpy(cmd->new_sha1, new_sha1);
1482 *tail = cmd;
1483 return &cmd->next;
1484 }
1485
1486 static void queue_commands_from_cert(struct command **tail,
1487 struct strbuf *push_cert)
1488 {
1489 const char *boc, *eoc;
1490
1491 if (*tail)
1492 die("protocol error: got both push certificate and unsigned commands");
1493
1494 boc = strstr(push_cert->buf, "\n\n");
1495 if (!boc)
1496 die("malformed push certificate %.*s", 100, push_cert->buf);
1497 else
1498 boc += 2;
1499 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1500
1501 while (boc < eoc) {
1502 const char *eol = memchr(boc, '\n', eoc - boc);
1503 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1504 boc = eol ? eol + 1 : eoc;
1505 }
1506 }
1507
1508 static struct command *read_head_info(struct sha1_array *shallow)
1509 {
1510 struct command *commands = NULL;
1511 struct command **p = &commands;
1512 for (;;) {
1513 char *line;
1514 int len, linelen;
1515
1516 line = packet_read_line(0, &len);
1517 if (!line)
1518 break;
1519
1520 if (len == 48 && starts_with(line, "shallow ")) {
1521 unsigned char sha1[20];
1522 if (get_sha1_hex(line + 8, sha1))
1523 die("protocol error: expected shallow sha, got '%s'",
1524 line + 8);
1525 sha1_array_append(shallow, sha1);
1526 continue;
1527 }
1528
1529 linelen = strlen(line);
1530 if (linelen < len) {
1531 const char *feature_list = line + linelen + 1;
1532 if (parse_feature_request(feature_list, "report-status"))
1533 report_status = 1;
1534 if (parse_feature_request(feature_list, "side-band-64k"))
1535 use_sideband = LARGE_PACKET_MAX;
1536 if (parse_feature_request(feature_list, "quiet"))
1537 quiet = 1;
1538 if (advertise_atomic_push
1539 && parse_feature_request(feature_list, "atomic"))
1540 use_atomic = 1;
1541 if (advertise_push_options
1542 && parse_feature_request(feature_list, "push-options"))
1543 use_push_options = 1;
1544 }
1545
1546 if (!strcmp(line, "push-cert")) {
1547 int true_flush = 0;
1548 char certbuf[1024];
1549
1550 for (;;) {
1551 len = packet_read(0, NULL, NULL,
1552 certbuf, sizeof(certbuf), 0);
1553 if (!len) {
1554 true_flush = 1;
1555 break;
1556 }
1557 if (!strcmp(certbuf, "push-cert-end\n"))
1558 break; /* end of cert */
1559 strbuf_addstr(&push_cert, certbuf);
1560 }
1561
1562 if (true_flush)
1563 break;
1564 continue;
1565 }
1566
1567 p = queue_command(p, line, linelen);
1568 }
1569
1570 if (push_cert.len)
1571 queue_commands_from_cert(p, &push_cert);
1572
1573 return commands;
1574 }
1575
1576 static void read_push_options(struct string_list *options)
1577 {
1578 while (1) {
1579 char *line;
1580 int len;
1581
1582 line = packet_read_line(0, &len);
1583
1584 if (!line)
1585 break;
1586
1587 string_list_append(options, line);
1588 }
1589 }
1590
1591 static const char *parse_pack_header(struct pack_header *hdr)
1592 {
1593 switch (read_pack_header(0, hdr)) {
1594 case PH_ERROR_EOF:
1595 return "eof before pack header was fully read";
1596
1597 case PH_ERROR_PACK_SIGNATURE:
1598 return "protocol error (pack signature mismatch detected)";
1599
1600 case PH_ERROR_PROTOCOL:
1601 return "protocol error (pack version unsupported)";
1602
1603 default:
1604 return "unknown error in parse_pack_header";
1605
1606 case 0:
1607 return NULL;
1608 }
1609 }
1610
1611 static const char *pack_lockfile;
1612
1613 static const char *unpack(int err_fd, struct shallow_info *si)
1614 {
1615 struct pack_header hdr;
1616 const char *hdr_err;
1617 int status;
1618 char hdr_arg[38];
1619 struct child_process child = CHILD_PROCESS_INIT;
1620 int fsck_objects = (receive_fsck_objects >= 0
1621 ? receive_fsck_objects
1622 : transfer_fsck_objects >= 0
1623 ? transfer_fsck_objects
1624 : 0);
1625
1626 hdr_err = parse_pack_header(&hdr);
1627 if (hdr_err) {
1628 if (err_fd > 0)
1629 close(err_fd);
1630 return hdr_err;
1631 }
1632 snprintf(hdr_arg, sizeof(hdr_arg),
1633 "--pack_header=%"PRIu32",%"PRIu32,
1634 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1635
1636 if (si->nr_ours || si->nr_theirs) {
1637 alt_shallow_file = setup_temporary_shallow(si->shallow);
1638 argv_array_push(&child.args, "--shallow-file");
1639 argv_array_push(&child.args, alt_shallow_file);
1640 }
1641
1642 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1643 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1644 if (quiet)
1645 argv_array_push(&child.args, "-q");
1646 if (fsck_objects)
1647 argv_array_pushf(&child.args, "--strict%s",
1648 fsck_msg_types.buf);
1649 if (max_input_size)
1650 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1651 (uintmax_t)max_input_size);
1652 child.no_stdout = 1;
1653 child.err = err_fd;
1654 child.git_cmd = 1;
1655 status = run_command(&child);
1656 if (status)
1657 return "unpack-objects abnormal exit";
1658 } else {
1659 char hostname[256];
1660
1661 argv_array_pushl(&child.args, "index-pack",
1662 "--stdin", hdr_arg, NULL);
1663
1664 if (gethostname(hostname, sizeof(hostname)))
1665 xsnprintf(hostname, sizeof(hostname), "localhost");
1666 argv_array_pushf(&child.args,
1667 "--keep=receive-pack %"PRIuMAX" on %s",
1668 (uintmax_t)getpid(),
1669 hostname);
1670
1671 if (!quiet && err_fd)
1672 argv_array_push(&child.args, "--show-resolving-progress");
1673 if (use_sideband)
1674 argv_array_push(&child.args, "--report-end-of-input");
1675 if (fsck_objects)
1676 argv_array_pushf(&child.args, "--strict%s",
1677 fsck_msg_types.buf);
1678 if (!reject_thin)
1679 argv_array_push(&child.args, "--fix-thin");
1680 if (max_input_size)
1681 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1682 (uintmax_t)max_input_size);
1683 child.out = -1;
1684 child.err = err_fd;
1685 child.git_cmd = 1;
1686 status = start_command(&child);
1687 if (status)
1688 return "index-pack fork failed";
1689 pack_lockfile = index_pack_lockfile(child.out);
1690 close(child.out);
1691 status = finish_command(&child);
1692 if (status)
1693 return "index-pack abnormal exit";
1694 reprepare_packed_git();
1695 }
1696 return NULL;
1697 }
1698
1699 static const char *unpack_with_sideband(struct shallow_info *si)
1700 {
1701 struct async muxer;
1702 const char *ret;
1703
1704 if (!use_sideband)
1705 return unpack(0, si);
1706
1707 use_keepalive = KEEPALIVE_AFTER_NUL;
1708 memset(&muxer, 0, sizeof(muxer));
1709 muxer.proc = copy_to_sideband;
1710 muxer.in = -1;
1711 if (start_async(&muxer))
1712 return NULL;
1713
1714 ret = unpack(muxer.in, si);
1715
1716 finish_async(&muxer);
1717 return ret;
1718 }
1719
1720 static void prepare_shallow_update(struct command *commands,
1721 struct shallow_info *si)
1722 {
1723 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1724
1725 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1726 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1727
1728 si->need_reachability_test =
1729 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1730 si->reachable =
1731 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1732 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1733
1734 for (i = 0; i < si->nr_ours; i++)
1735 si->need_reachability_test[si->ours[i]] = 1;
1736
1737 for (i = 0; i < si->shallow->nr; i++) {
1738 if (!si->used_shallow[i])
1739 continue;
1740 for (j = 0; j < bitmap_size; j++) {
1741 if (!si->used_shallow[i][j])
1742 continue;
1743 si->need_reachability_test[i]++;
1744 for (k = 0; k < 32; k++)
1745 if (si->used_shallow[i][j] & (1U << k))
1746 si->shallow_ref[j * 32 + k]++;
1747 }
1748
1749 /*
1750 * true for those associated with some refs and belong
1751 * in "ours" list aka "step 7 not done yet"
1752 */
1753 si->need_reachability_test[i] =
1754 si->need_reachability_test[i] > 1;
1755 }
1756
1757 /*
1758 * keep hooks happy by forcing a temporary shallow file via
1759 * env variable because we can't add --shallow-file to every
1760 * command. check_everything_connected() will be done with
1761 * true .git/shallow though.
1762 */
1763 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1764 }
1765
1766 static void update_shallow_info(struct command *commands,
1767 struct shallow_info *si,
1768 struct sha1_array *ref)
1769 {
1770 struct command *cmd;
1771 int *ref_status;
1772 remove_nonexistent_theirs_shallow(si);
1773 if (!si->nr_ours && !si->nr_theirs) {
1774 shallow_update = 0;
1775 return;
1776 }
1777
1778 for (cmd = commands; cmd; cmd = cmd->next) {
1779 if (is_null_sha1(cmd->new_sha1))
1780 continue;
1781 sha1_array_append(ref, cmd->new_sha1);
1782 cmd->index = ref->nr - 1;
1783 }
1784 si->ref = ref;
1785
1786 if (shallow_update) {
1787 prepare_shallow_update(commands, si);
1788 return;
1789 }
1790
1791 ALLOC_ARRAY(ref_status, ref->nr);
1792 assign_shallow_commits_to_refs(si, NULL, ref_status);
1793 for (cmd = commands; cmd; cmd = cmd->next) {
1794 if (is_null_sha1(cmd->new_sha1))
1795 continue;
1796 if (ref_status[cmd->index]) {
1797 cmd->error_string = "shallow update not allowed";
1798 cmd->skip_update = 1;
1799 }
1800 }
1801 free(ref_status);
1802 }
1803
1804 static void report(struct command *commands, const char *unpack_status)
1805 {
1806 struct command *cmd;
1807 struct strbuf buf = STRBUF_INIT;
1808
1809 packet_buf_write(&buf, "unpack %s\n",
1810 unpack_status ? unpack_status : "ok");
1811 for (cmd = commands; cmd; cmd = cmd->next) {
1812 if (!cmd->error_string)
1813 packet_buf_write(&buf, "ok %s\n",
1814 cmd->ref_name);
1815 else
1816 packet_buf_write(&buf, "ng %s %s\n",
1817 cmd->ref_name, cmd->error_string);
1818 }
1819 packet_buf_flush(&buf);
1820
1821 if (use_sideband)
1822 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1823 else
1824 write_or_die(1, buf.buf, buf.len);
1825 strbuf_release(&buf);
1826 }
1827
1828 static int delete_only(struct command *commands)
1829 {
1830 struct command *cmd;
1831 for (cmd = commands; cmd; cmd = cmd->next) {
1832 if (!is_null_sha1(cmd->new_sha1))
1833 return 0;
1834 }
1835 return 1;
1836 }
1837
1838 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1839 {
1840 int advertise_refs = 0;
1841 struct command *commands;
1842 struct sha1_array shallow = SHA1_ARRAY_INIT;
1843 struct sha1_array ref = SHA1_ARRAY_INIT;
1844 struct shallow_info si;
1845
1846 struct option options[] = {
1847 OPT__QUIET(&quiet, N_("quiet")),
1848 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1849 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1850 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1851 OPT_END()
1852 };
1853
1854 packet_trace_identity("receive-pack");
1855
1856 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1857
1858 if (argc > 1)
1859 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1860 if (argc == 0)
1861 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1862
1863 service_dir = argv[0];
1864
1865 setup_path();
1866
1867 if (!enter_repo(service_dir, 0))
1868 die("'%s' does not appear to be a git repository", service_dir);
1869
1870 git_config(receive_pack_config, NULL);
1871 if (cert_nonce_seed)
1872 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1873
1874 if (0 <= transfer_unpack_limit)
1875 unpack_limit = transfer_unpack_limit;
1876 else if (0 <= receive_unpack_limit)
1877 unpack_limit = receive_unpack_limit;
1878
1879 if (advertise_refs || !stateless_rpc) {
1880 write_head_info();
1881 }
1882 if (advertise_refs)
1883 return 0;
1884
1885 if ((commands = read_head_info(&shallow)) != NULL) {
1886 const char *unpack_status = NULL;
1887 struct string_list push_options = STRING_LIST_INIT_DUP;
1888
1889 if (use_push_options)
1890 read_push_options(&push_options);
1891
1892 prepare_shallow_info(&si, &shallow);
1893 if (!si.nr_ours && !si.nr_theirs)
1894 shallow_update = 0;
1895 if (!delete_only(commands)) {
1896 unpack_status = unpack_with_sideband(&si);
1897 update_shallow_info(commands, &si, &ref);
1898 }
1899 use_keepalive = KEEPALIVE_ALWAYS;
1900 execute_commands(commands, unpack_status, &si,
1901 &push_options);
1902 if (pack_lockfile)
1903 unlink_or_warn(pack_lockfile);
1904 if (report_status)
1905 report(commands, unpack_status);
1906 run_receive_hook(commands, "post-receive", 1,
1907 &push_options);
1908 run_update_post_hook(commands);
1909 if (push_options.nr)
1910 string_list_clear(&push_options, 0);
1911 if (auto_gc) {
1912 const char *argv_gc_auto[] = {
1913 "gc", "--auto", "--quiet", NULL,
1914 };
1915 struct child_process proc = CHILD_PROCESS_INIT;
1916
1917 proc.no_stdin = 1;
1918 proc.stdout_to_stderr = 1;
1919 proc.err = use_sideband ? -1 : 0;
1920 proc.git_cmd = 1;
1921 proc.argv = argv_gc_auto;
1922
1923 close_all_packs();
1924 if (!start_command(&proc)) {
1925 if (use_sideband)
1926 copy_to_sideband(proc.err, -1, NULL);
1927 finish_command(&proc);
1928 }
1929 }
1930 if (auto_update_server_info)
1931 update_server_info(0);
1932 clear_shallow_info(&si);
1933 }
1934 if (use_sideband)
1935 packet_flush(1);
1936 sha1_array_clear(&shallow);
1937 sha1_array_clear(&ref);
1938 free((void *)push_cert_nonce);
1939 return 0;
1940 }
The Best VCS Around