7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage
[] = "git receive-pack <git-dir>";
32 static int deny_deletes
;
33 static int deny_non_fast_forwards
;
34 static enum deny_action deny_current_branch
= DENY_UNCONFIGURED
;
35 static enum deny_action deny_delete_current
= DENY_UNCONFIGURED
;
36 static int receive_fsck_objects
= -1;
37 static int transfer_fsck_objects
= -1;
38 static int receive_unpack_limit
= -1;
39 static int transfer_unpack_limit
= -1;
40 static int unpack_limit
= 100;
41 static int report_status
;
42 static int use_sideband
;
44 static int prefer_ofs_delta
= 1;
45 static int auto_update_server_info
;
46 static int auto_gc
= 1;
47 static int fix_thin
= 1;
48 static int stateless_rpc
;
49 static const char *service_dir
;
50 static const char *head_name
;
51 static void *head_name_to_free
;
52 static int sent_capabilities
;
53 static int shallow_update
;
54 static const char *alt_shallow_file
;
55 static struct strbuf push_cert
= STRBUF_INIT
;
56 static unsigned char push_cert_sha1
[20];
57 static struct signature_check sigcheck
;
58 static const char *push_cert_nonce
;
59 static const char *cert_nonce_seed
;
61 static const char *NONCE_UNSOLICITED
= "UNSOLICITED";
62 static const char *NONCE_BAD
= "BAD";
63 static const char *NONCE_MISSING
= "MISSING";
64 static const char *NONCE_OK
= "OK";
65 static const char *NONCE_SLOP
= "SLOP";
66 static const char *nonce_status
;
67 static long nonce_stamp_slop
;
68 static unsigned long nonce_stamp_slop_limit
;
70 static enum deny_action
parse_deny_action(const char *var
, const char *value
)
73 if (!strcasecmp(value
, "ignore"))
75 if (!strcasecmp(value
, "warn"))
77 if (!strcasecmp(value
, "refuse"))
80 if (git_config_bool(var
, value
))
85 static int receive_pack_config(const char *var
, const char *value
, void *cb
)
87 int status
= parse_hide_refs_config(var
, value
, "receive");
92 if (strcmp(var
, "receive.denydeletes") == 0) {
93 deny_deletes
= git_config_bool(var
, value
);
97 if (strcmp(var
, "receive.denynonfastforwards") == 0) {
98 deny_non_fast_forwards
= git_config_bool(var
, value
);
102 if (strcmp(var
, "receive.unpacklimit") == 0) {
103 receive_unpack_limit
= git_config_int(var
, value
);
107 if (strcmp(var
, "transfer.unpacklimit") == 0) {
108 transfer_unpack_limit
= git_config_int(var
, value
);
112 if (strcmp(var
, "receive.fsckobjects") == 0) {
113 receive_fsck_objects
= git_config_bool(var
, value
);
117 if (strcmp(var
, "transfer.fsckobjects") == 0) {
118 transfer_fsck_objects
= git_config_bool(var
, value
);
122 if (!strcmp(var
, "receive.denycurrentbranch")) {
123 deny_current_branch
= parse_deny_action(var
, value
);
127 if (strcmp(var
, "receive.denydeletecurrent") == 0) {
128 deny_delete_current
= parse_deny_action(var
, value
);
132 if (strcmp(var
, "repack.usedeltabaseoffset") == 0) {
133 prefer_ofs_delta
= git_config_bool(var
, value
);
137 if (strcmp(var
, "receive.updateserverinfo") == 0) {
138 auto_update_server_info
= git_config_bool(var
, value
);
142 if (strcmp(var
, "receive.autogc") == 0) {
143 auto_gc
= git_config_bool(var
, value
);
147 if (strcmp(var
, "receive.shallowupdate") == 0) {
148 shallow_update
= git_config_bool(var
, value
);
152 if (strcmp(var
, "receive.certnonceseed") == 0)
153 return git_config_string(&cert_nonce_seed
, var
, value
);
155 if (strcmp(var
, "receive.certnonceslop") == 0) {
156 nonce_stamp_slop_limit
= git_config_ulong(var
, value
);
160 return git_default_config(var
, value
, cb
);
163 static void show_ref(const char *path
, const unsigned char *sha1
)
165 if (ref_is_hidden(path
))
168 if (sent_capabilities
) {
169 packet_write(1, "%s %s\n", sha1_to_hex(sha1
), path
);
171 struct strbuf cap
= STRBUF_INIT
;
174 "report-status delete-refs side-band-64k quiet");
175 if (prefer_ofs_delta
)
176 strbuf_addstr(&cap
, " ofs-delta");
178 strbuf_addf(&cap
, " push-cert=%s", push_cert_nonce
);
179 strbuf_addf(&cap
, " agent=%s", git_user_agent_sanitized());
180 packet_write(1, "%s %s%c%s\n",
181 sha1_to_hex(sha1
), path
, 0, cap
.buf
);
182 strbuf_release(&cap
);
183 sent_capabilities
= 1;
187 static int show_ref_cb(const char *path
, const unsigned char *sha1
, int flag
, void *unused
)
189 path
= strip_namespace(path
);
191 * Advertise refs outside our current namespace as ".have"
192 * refs, so that the client can use them to minimize data
193 * transfer but will otherwise ignore them. This happens to
194 * cover ".have" that are thrown in by add_one_alternate_ref()
195 * to mark histories that are complete in our alternates as
200 show_ref(path
, sha1
);
204 static void show_one_alternate_sha1(const unsigned char sha1
[20], void *unused
)
206 show_ref(".have", sha1
);
209 static void collect_one_alternate_ref(const struct ref
*ref
, void *data
)
211 struct sha1_array
*sa
= data
;
212 sha1_array_append(sa
, ref
->old_sha1
);
215 static void write_head_info(void)
217 struct sha1_array sa
= SHA1_ARRAY_INIT
;
218 for_each_alternate_ref(collect_one_alternate_ref
, &sa
);
219 sha1_array_for_each_unique(&sa
, show_one_alternate_sha1
, NULL
);
220 sha1_array_clear(&sa
);
221 for_each_ref(show_ref_cb
, NULL
);
222 if (!sent_capabilities
)
223 show_ref("capabilities^{}", null_sha1
);
225 advertise_shallow_grafts(1);
232 struct command
*next
;
233 const char *error_string
;
234 unsigned int skip_update
:1,
237 unsigned char old_sha1
[20];
238 unsigned char new_sha1
[20];
239 char ref_name
[FLEX_ARRAY
]; /* more */
242 static void rp_error(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
243 static void rp_warning(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
245 static void report_message(const char *prefix
, const char *err
, va_list params
)
247 int sz
= strlen(prefix
);
250 strncpy(msg
, prefix
, sz
);
251 sz
+= vsnprintf(msg
+ sz
, sizeof(msg
) - sz
, err
, params
);
252 if (sz
> (sizeof(msg
) - 1))
253 sz
= sizeof(msg
) - 1;
257 send_sideband(1, 2, msg
, sz
, use_sideband
);
262 static void rp_warning(const char *err
, ...)
265 va_start(params
, err
);
266 report_message("warning: ", err
, params
);
270 static void rp_error(const char *err
, ...)
273 va_start(params
, err
);
274 report_message("error: ", err
, params
);
278 static int copy_to_sideband(int in
, int out
, void *arg
)
282 ssize_t sz
= xread(in
, data
, sizeof(data
));
285 send_sideband(1, 2, data
, sz
, use_sideband
);
291 #define HMAC_BLOCK_SIZE 64
293 static void hmac_sha1(unsigned char *out
,
294 const char *key_in
, size_t key_len
,
295 const char *text
, size_t text_len
)
297 unsigned char key
[HMAC_BLOCK_SIZE
];
298 unsigned char k_ipad
[HMAC_BLOCK_SIZE
];
299 unsigned char k_opad
[HMAC_BLOCK_SIZE
];
303 /* RFC 2104 2. (1) */
304 memset(key
, '\0', HMAC_BLOCK_SIZE
);
305 if (HMAC_BLOCK_SIZE
< key_len
) {
307 git_SHA1_Update(&ctx
, key_in
, key_len
);
308 git_SHA1_Final(key
, &ctx
);
310 memcpy(key
, key_in
, key_len
);
313 /* RFC 2104 2. (2) & (5) */
314 for (i
= 0; i
< sizeof(key
); i
++) {
315 k_ipad
[i
] = key
[i
] ^ 0x36;
316 k_opad
[i
] = key
[i
] ^ 0x5c;
319 /* RFC 2104 2. (3) & (4) */
321 git_SHA1_Update(&ctx
, k_ipad
, sizeof(k_ipad
));
322 git_SHA1_Update(&ctx
, text
, text_len
);
323 git_SHA1_Final(out
, &ctx
);
325 /* RFC 2104 2. (6) & (7) */
327 git_SHA1_Update(&ctx
, k_opad
, sizeof(k_opad
));
328 git_SHA1_Update(&ctx
, out
, 20);
329 git_SHA1_Final(out
, &ctx
);
332 static char *prepare_push_cert_nonce(const char *path
, unsigned long stamp
)
334 struct strbuf buf
= STRBUF_INIT
;
335 unsigned char sha1
[20];
337 strbuf_addf(&buf
, "%s:%lu", path
, stamp
);
338 hmac_sha1(sha1
, buf
.buf
, buf
.len
, cert_nonce_seed
, strlen(cert_nonce_seed
));;
339 strbuf_release(&buf
);
341 /* RFC 2104 5. HMAC-SHA1-80 */
342 strbuf_addf(&buf
, "%lu-%.*s", stamp
, 20, sha1_to_hex(sha1
));
343 return strbuf_detach(&buf
, NULL
);
347 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
348 * after dropping "_commit" from its name and possibly moving it out
351 static char *find_header(const char *msg
, size_t len
, const char *key
)
353 int key_len
= strlen(key
);
354 const char *line
= msg
;
356 while (line
&& line
< msg
+ len
) {
357 const char *eol
= strchrnul(line
, '\n');
359 if ((msg
+ len
<= eol
) || line
== eol
)
361 if (line
+ key_len
< eol
&&
362 !memcmp(line
, key
, key_len
) && line
[key_len
] == ' ') {
363 int offset
= key_len
+ 1;
364 return xmemdupz(line
+ offset
, (eol
- line
) - offset
);
366 line
= *eol
? eol
+ 1 : NULL
;
371 static const char *check_nonce(const char *buf
, size_t len
)
373 char *nonce
= find_header(buf
, len
, "nonce");
374 unsigned long stamp
, ostamp
;
375 char *bohmac
, *expect
= NULL
;
376 const char *retval
= NONCE_BAD
;
379 retval
= NONCE_MISSING
;
381 } else if (!push_cert_nonce
) {
382 retval
= NONCE_UNSOLICITED
;
384 } else if (!strcmp(push_cert_nonce
, nonce
)) {
389 if (!stateless_rpc
) {
390 /* returned nonce MUST match what we gave out earlier */
396 * In stateless mode, we may be receiving a nonce issued by
397 * another instance of the server that serving the same
398 * repository, and the timestamps may not match, but the
399 * nonce-seed and dir should match, so we can recompute and
400 * report the time slop.
402 * In addition, when a nonce issued by another instance has
403 * timestamp within receive.certnonceslop seconds, we pretend
404 * as if we issued that nonce when reporting to the hook.
407 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
408 if (*nonce
<= '0' || '9' < *nonce
) {
412 stamp
= strtoul(nonce
, &bohmac
, 10);
413 if (bohmac
== nonce
|| bohmac
[0] != '-') {
418 expect
= prepare_push_cert_nonce(service_dir
, stamp
);
419 if (strcmp(expect
, nonce
)) {
420 /* Not what we would have signed earlier */
426 * By how many seconds is this nonce stale? Negative value
427 * would mean it was issued by another server with its clock
428 * skewed in the future.
430 ostamp
= strtoul(push_cert_nonce
, NULL
, 10);
431 nonce_stamp_slop
= (long)ostamp
- (long)stamp
;
433 if (nonce_stamp_slop_limit
&&
434 abs(nonce_stamp_slop
) <= nonce_stamp_slop_limit
) {
436 * Pretend as if the received nonce (which passes the
437 * HMAC check, so it is not a forged by third-party)
440 free((void *)push_cert_nonce
);
441 push_cert_nonce
= xstrdup(nonce
);
453 static void prepare_push_cert_sha1(struct child_process
*proc
)
455 static int already_done
;
461 struct strbuf gpg_output
= STRBUF_INIT
;
462 struct strbuf gpg_status
= STRBUF_INIT
;
463 int bogs
/* beginning_of_gpg_sig */;
466 if (write_sha1_file(push_cert
.buf
, push_cert
.len
, "blob", push_cert_sha1
))
467 hashclr(push_cert_sha1
);
469 memset(&sigcheck
, '\0', sizeof(sigcheck
));
470 sigcheck
.result
= 'N';
472 bogs
= parse_signature(push_cert
.buf
, push_cert
.len
);
473 if (verify_signed_buffer(push_cert
.buf
, bogs
,
474 push_cert
.buf
+ bogs
, push_cert
.len
- bogs
,
475 &gpg_output
, &gpg_status
) < 0) {
476 ; /* error running gpg */
478 sigcheck
.payload
= push_cert
.buf
;
479 sigcheck
.gpg_output
= gpg_output
.buf
;
480 sigcheck
.gpg_status
= gpg_status
.buf
;
481 parse_gpg_output(&sigcheck
);
484 strbuf_release(&gpg_output
);
485 strbuf_release(&gpg_status
);
486 nonce_status
= check_nonce(push_cert
.buf
, bogs
);
488 if (!is_null_sha1(push_cert_sha1
)) {
489 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT=%s",
490 sha1_to_hex(push_cert_sha1
));
491 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_SIGNER=%s",
492 sigcheck
.signer
? sigcheck
.signer
: "");
493 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_KEY=%s",
494 sigcheck
.key
? sigcheck
.key
: "");
495 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_STATUS=%c",
497 if (push_cert_nonce
) {
498 argv_array_pushf(&proc
->env_array
,
499 "GIT_PUSH_CERT_NONCE=%s",
501 argv_array_pushf(&proc
->env_array
,
502 "GIT_PUSH_CERT_NONCE_STATUS=%s",
504 if (nonce_status
== NONCE_SLOP
)
505 argv_array_pushf(&proc
->env_array
,
506 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
512 typedef int (*feed_fn
)(void *, const char **, size_t *);
513 static int run_and_feed_hook(const char *hook_name
, feed_fn feed
, void *feed_state
)
515 struct child_process proc
= CHILD_PROCESS_INIT
;
520 argv
[0] = find_hook(hook_name
);
528 proc
.stdout_to_stderr
= 1;
531 memset(&muxer
, 0, sizeof(muxer
));
532 muxer
.proc
= copy_to_sideband
;
534 code
= start_async(&muxer
);
540 prepare_push_cert_sha1(&proc
);
542 code
= start_command(&proc
);
545 finish_async(&muxer
);
549 sigchain_push(SIGPIPE
, SIG_IGN
);
554 if (feed(feed_state
, &buf
, &n
))
556 if (write_in_full(proc
.in
, buf
, n
) != n
)
561 finish_async(&muxer
);
563 sigchain_pop(SIGPIPE
);
565 return finish_command(&proc
);
568 struct receive_hook_feed_state
{
574 static int feed_receive_hook(void *state_
, const char **bufp
, size_t *sizep
)
576 struct receive_hook_feed_state
*state
= state_
;
577 struct command
*cmd
= state
->cmd
;
580 state
->skip_broken
&& (cmd
->error_string
|| cmd
->did_not_exist
))
584 strbuf_reset(&state
->buf
);
585 strbuf_addf(&state
->buf
, "%s %s %s\n",
586 sha1_to_hex(cmd
->old_sha1
), sha1_to_hex(cmd
->new_sha1
),
588 state
->cmd
= cmd
->next
;
590 *bufp
= state
->buf
.buf
;
591 *sizep
= state
->buf
.len
;
596 static int run_receive_hook(struct command
*commands
, const char *hook_name
,
599 struct receive_hook_feed_state state
;
602 strbuf_init(&state
.buf
, 0);
603 state
.cmd
= commands
;
604 state
.skip_broken
= skip_broken
;
605 if (feed_receive_hook(&state
, NULL
, NULL
))
607 state
.cmd
= commands
;
608 status
= run_and_feed_hook(hook_name
, feed_receive_hook
, &state
);
609 strbuf_release(&state
.buf
);
613 static int run_update_hook(struct command
*cmd
)
616 struct child_process proc
= CHILD_PROCESS_INIT
;
619 argv
[0] = find_hook("update");
623 argv
[1] = cmd
->ref_name
;
624 argv
[2] = sha1_to_hex(cmd
->old_sha1
);
625 argv
[3] = sha1_to_hex(cmd
->new_sha1
);
629 proc
.stdout_to_stderr
= 1;
630 proc
.err
= use_sideband
? -1 : 0;
633 code
= start_command(&proc
);
637 copy_to_sideband(proc
.err
, -1, NULL
);
638 return finish_command(&proc
);
641 static int is_ref_checked_out(const char *ref
)
643 if (is_bare_repository())
648 return !strcmp(head_name
, ref
);
651 static char *refuse_unconfigured_deny_msg
[] = {
652 "By default, updating the current branch in a non-bare repository",
653 "is denied, because it will make the index and work tree inconsistent",
654 "with what you pushed, and will require 'git reset --hard' to match",
655 "the work tree to HEAD.",
657 "You can set 'receive.denyCurrentBranch' configuration variable to",
658 "'ignore' or 'warn' in the remote repository to allow pushing into",
659 "its current branch; however, this is not recommended unless you",
660 "arranged to update its work tree to match what you pushed in some",
663 "To squelch this message and still keep the default behaviour, set",
664 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
667 static void refuse_unconfigured_deny(void)
670 for (i
= 0; i
< ARRAY_SIZE(refuse_unconfigured_deny_msg
); i
++)
671 rp_error("%s", refuse_unconfigured_deny_msg
[i
]);
674 static char *refuse_unconfigured_deny_delete_current_msg
[] = {
675 "By default, deleting the current branch is denied, because the next",
676 "'git clone' won't result in any file checked out, causing confusion.",
678 "You can set 'receive.denyDeleteCurrent' configuration variable to",
679 "'warn' or 'ignore' in the remote repository to allow deleting the",
680 "current branch, with or without a warning message.",
682 "To squelch this message, you can set it to 'refuse'."
685 static void refuse_unconfigured_deny_delete_current(void)
689 i
< ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg
);
691 rp_error("%s", refuse_unconfigured_deny_delete_current_msg
[i
]);
694 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20]);
695 static int update_shallow_ref(struct command
*cmd
, struct shallow_info
*si
)
697 static struct lock_file shallow_lock
;
698 struct sha1_array extra
= SHA1_ARRAY_INIT
;
699 const char *alt_file
;
700 uint32_t mask
= 1 << (cmd
->index
% 32);
703 trace_printf_key(&trace_shallow
,
704 "shallow: update_shallow_ref %s\n", cmd
->ref_name
);
705 for (i
= 0; i
< si
->shallow
->nr
; i
++)
706 if (si
->used_shallow
[i
] &&
707 (si
->used_shallow
[i
][cmd
->index
/ 32] & mask
) &&
708 !delayed_reachability_test(si
, i
))
709 sha1_array_append(&extra
, si
->shallow
->sha1
[i
]);
711 setup_alternate_shallow(&shallow_lock
, &alt_file
, &extra
);
712 if (check_shallow_connected(command_singleton_iterator
,
714 rollback_lock_file(&shallow_lock
);
715 sha1_array_clear(&extra
);
719 commit_lock_file(&shallow_lock
);
722 * Make sure setup_alternate_shallow() for the next ref does
723 * not lose these new roots..
725 for (i
= 0; i
< extra
.nr
; i
++)
726 register_shallow(extra
.sha1
[i
]);
728 si
->shallow_ref
[cmd
->index
] = 0;
729 sha1_array_clear(&extra
);
733 static const char *update(struct command
*cmd
, struct shallow_info
*si
)
735 const char *name
= cmd
->ref_name
;
736 struct strbuf namespaced_name_buf
= STRBUF_INIT
;
737 const char *namespaced_name
;
738 unsigned char *old_sha1
= cmd
->old_sha1
;
739 unsigned char *new_sha1
= cmd
->new_sha1
;
741 /* only refs/... are allowed */
742 if (!starts_with(name
, "refs/") || check_refname_format(name
+ 5, 0)) {
743 rp_error("refusing to create funny ref '%s' remotely", name
);
744 return "funny refname";
747 strbuf_addf(&namespaced_name_buf
, "%s%s", get_git_namespace(), name
);
748 namespaced_name
= strbuf_detach(&namespaced_name_buf
, NULL
);
750 if (is_ref_checked_out(namespaced_name
)) {
751 switch (deny_current_branch
) {
755 rp_warning("updating the current branch");
758 case DENY_UNCONFIGURED
:
759 rp_error("refusing to update checked out branch: %s", name
);
760 if (deny_current_branch
== DENY_UNCONFIGURED
)
761 refuse_unconfigured_deny();
762 return "branch is currently checked out";
766 if (!is_null_sha1(new_sha1
) && !has_sha1_file(new_sha1
)) {
767 error("unpack should have generated %s, "
768 "but I can't find it!", sha1_to_hex(new_sha1
));
772 if (!is_null_sha1(old_sha1
) && is_null_sha1(new_sha1
)) {
773 if (deny_deletes
&& starts_with(name
, "refs/heads/")) {
774 rp_error("denying ref deletion for %s", name
);
775 return "deletion prohibited";
778 if (!strcmp(namespaced_name
, head_name
)) {
779 switch (deny_delete_current
) {
783 rp_warning("deleting the current branch");
786 case DENY_UNCONFIGURED
:
787 if (deny_delete_current
== DENY_UNCONFIGURED
)
788 refuse_unconfigured_deny_delete_current();
789 rp_error("refusing to delete the current branch: %s", name
);
790 return "deletion of the current branch prohibited";
795 if (deny_non_fast_forwards
&& !is_null_sha1(new_sha1
) &&
796 !is_null_sha1(old_sha1
) &&
797 starts_with(name
, "refs/heads/")) {
798 struct object
*old_object
, *new_object
;
799 struct commit
*old_commit
, *new_commit
;
801 old_object
= parse_object(old_sha1
);
802 new_object
= parse_object(new_sha1
);
804 if (!old_object
|| !new_object
||
805 old_object
->type
!= OBJ_COMMIT
||
806 new_object
->type
!= OBJ_COMMIT
) {
807 error("bad sha1 objects for %s", name
);
810 old_commit
= (struct commit
*)old_object
;
811 new_commit
= (struct commit
*)new_object
;
812 if (!in_merge_bases(old_commit
, new_commit
)) {
813 rp_error("denying non-fast-forward %s"
814 " (you should pull first)", name
);
815 return "non-fast-forward";
818 if (run_update_hook(cmd
)) {
819 rp_error("hook declined to update %s", name
);
820 return "hook declined";
823 if (is_null_sha1(new_sha1
)) {
824 if (!parse_object(old_sha1
)) {
826 if (ref_exists(name
)) {
827 rp_warning("Allowing deletion of corrupt ref.");
829 rp_warning("Deleting a non-existent ref.");
830 cmd
->did_not_exist
= 1;
833 if (delete_ref(namespaced_name
, old_sha1
, 0)) {
834 rp_error("failed to delete %s", name
);
835 return "failed to delete";
837 return NULL
; /* good */
840 struct strbuf err
= STRBUF_INIT
;
841 struct ref_transaction
*transaction
;
843 if (shallow_update
&& si
->shallow_ref
[cmd
->index
] &&
844 update_shallow_ref(cmd
, si
))
845 return "shallow error";
847 transaction
= ref_transaction_begin(&err
);
849 ref_transaction_update(transaction
, namespaced_name
,
850 new_sha1
, old_sha1
, 0, 1, "push",
852 ref_transaction_commit(transaction
, &err
)) {
853 ref_transaction_free(transaction
);
855 rp_error("%s", err
.buf
);
856 strbuf_release(&err
);
857 return "failed to update ref";
860 ref_transaction_free(transaction
);
861 strbuf_release(&err
);
862 return NULL
; /* good */
866 static void run_update_post_hook(struct command
*commands
)
871 struct child_process proc
= CHILD_PROCESS_INIT
;
874 hook
= find_hook("post-update");
875 for (argc
= 0, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
876 if (cmd
->error_string
|| cmd
->did_not_exist
)
883 argv
= xmalloc(sizeof(*argv
) * (2 + argc
));
886 for (argc
= 1, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
887 if (cmd
->error_string
|| cmd
->did_not_exist
)
889 argv
[argc
] = xstrdup(cmd
->ref_name
);
895 proc
.stdout_to_stderr
= 1;
896 proc
.err
= use_sideband
? -1 : 0;
899 if (!start_command(&proc
)) {
901 copy_to_sideband(proc
.err
, -1, NULL
);
902 finish_command(&proc
);
906 static void check_aliased_update(struct command
*cmd
, struct string_list
*list
)
908 struct strbuf buf
= STRBUF_INIT
;
909 const char *dst_name
;
910 struct string_list_item
*item
;
911 struct command
*dst_cmd
;
912 unsigned char sha1
[20];
913 char cmd_oldh
[41], cmd_newh
[41], dst_oldh
[41], dst_newh
[41];
916 strbuf_addf(&buf
, "%s%s", get_git_namespace(), cmd
->ref_name
);
917 dst_name
= resolve_ref_unsafe(buf
.buf
, 0, sha1
, &flag
);
918 strbuf_release(&buf
);
920 if (!(flag
& REF_ISSYMREF
))
923 dst_name
= strip_namespace(dst_name
);
925 rp_error("refusing update to broken symref '%s'", cmd
->ref_name
);
926 cmd
->skip_update
= 1;
927 cmd
->error_string
= "broken symref";
931 if ((item
= string_list_lookup(list
, dst_name
)) == NULL
)
934 cmd
->skip_update
= 1;
936 dst_cmd
= (struct command
*) item
->util
;
938 if (!hashcmp(cmd
->old_sha1
, dst_cmd
->old_sha1
) &&
939 !hashcmp(cmd
->new_sha1
, dst_cmd
->new_sha1
))
942 dst_cmd
->skip_update
= 1;
944 strcpy(cmd_oldh
, find_unique_abbrev(cmd
->old_sha1
, DEFAULT_ABBREV
));
945 strcpy(cmd_newh
, find_unique_abbrev(cmd
->new_sha1
, DEFAULT_ABBREV
));
946 strcpy(dst_oldh
, find_unique_abbrev(dst_cmd
->old_sha1
, DEFAULT_ABBREV
));
947 strcpy(dst_newh
, find_unique_abbrev(dst_cmd
->new_sha1
, DEFAULT_ABBREV
));
948 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
949 " its target '%s' (%s..%s)",
950 cmd
->ref_name
, cmd_oldh
, cmd_newh
,
951 dst_cmd
->ref_name
, dst_oldh
, dst_newh
);
953 cmd
->error_string
= dst_cmd
->error_string
=
954 "inconsistent aliased update";
957 static void check_aliased_updates(struct command
*commands
)
960 struct string_list ref_list
= STRING_LIST_INIT_NODUP
;
962 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
963 struct string_list_item
*item
=
964 string_list_append(&ref_list
, cmd
->ref_name
);
965 item
->util
= (void *)cmd
;
967 sort_string_list(&ref_list
);
969 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
970 if (!cmd
->error_string
)
971 check_aliased_update(cmd
, &ref_list
);
974 string_list_clear(&ref_list
, 0);
977 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20])
979 struct command
**cmd_list
= cb_data
;
980 struct command
*cmd
= *cmd_list
;
982 if (!cmd
|| is_null_sha1(cmd
->new_sha1
))
983 return -1; /* end of list */
984 *cmd_list
= NULL
; /* this returns only one */
985 hashcpy(sha1
, cmd
->new_sha1
);
989 static void set_connectivity_errors(struct command
*commands
,
990 struct shallow_info
*si
)
994 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
995 struct command
*singleton
= cmd
;
996 if (shallow_update
&& si
->shallow_ref
[cmd
->index
])
997 /* to be checked in update_shallow_ref() */
999 if (!check_everything_connected(command_singleton_iterator
,
1002 cmd
->error_string
= "missing necessary objects";
1006 struct iterate_data
{
1007 struct command
*cmds
;
1008 struct shallow_info
*si
;
1011 static int iterate_receive_command_list(void *cb_data
, unsigned char sha1
[20])
1013 struct iterate_data
*data
= cb_data
;
1014 struct command
**cmd_list
= &data
->cmds
;
1015 struct command
*cmd
= *cmd_list
;
1017 for (; cmd
; cmd
= cmd
->next
) {
1018 if (shallow_update
&& data
->si
->shallow_ref
[cmd
->index
])
1019 /* to be checked in update_shallow_ref() */
1021 if (!is_null_sha1(cmd
->new_sha1
) && !cmd
->skip_update
) {
1022 hashcpy(sha1
, cmd
->new_sha1
);
1023 *cmd_list
= cmd
->next
;
1028 return -1; /* end of list */
1031 static void reject_updates_to_hidden(struct command
*commands
)
1033 struct command
*cmd
;
1035 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1036 if (cmd
->error_string
|| !ref_is_hidden(cmd
->ref_name
))
1038 if (is_null_sha1(cmd
->new_sha1
))
1039 cmd
->error_string
= "deny deleting a hidden ref";
1041 cmd
->error_string
= "deny updating a hidden ref";
1045 static int should_process_cmd(struct command
*cmd
)
1047 return !cmd
->error_string
&& !cmd
->skip_update
;
1050 static void warn_if_skipped_connectivity_check(struct command
*commands
,
1051 struct shallow_info
*si
)
1053 struct command
*cmd
;
1054 int checked_connectivity
= 1;
1056 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1057 if (should_process_cmd(cmd
) && si
->shallow_ref
[cmd
->index
]) {
1058 error("BUG: connectivity check has not been run on ref %s",
1060 checked_connectivity
= 0;
1063 if (!checked_connectivity
)
1064 die("BUG: connectivity check skipped???");
1067 static void execute_commands(struct command
*commands
,
1068 const char *unpacker_error
,
1069 struct shallow_info
*si
)
1071 struct command
*cmd
;
1072 unsigned char sha1
[20];
1073 struct iterate_data data
;
1075 if (unpacker_error
) {
1076 for (cmd
= commands
; cmd
; cmd
= cmd
->next
)
1077 cmd
->error_string
= "unpacker error";
1081 data
.cmds
= commands
;
1083 if (check_everything_connected(iterate_receive_command_list
, 0, &data
))
1084 set_connectivity_errors(commands
, si
);
1086 reject_updates_to_hidden(commands
);
1088 if (run_receive_hook(commands
, "pre-receive", 0)) {
1089 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1090 if (!cmd
->error_string
)
1091 cmd
->error_string
= "pre-receive hook declined";
1096 check_aliased_updates(commands
);
1098 free(head_name_to_free
);
1099 head_name
= head_name_to_free
= resolve_refdup("HEAD", 0, sha1
, NULL
);
1101 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1102 if (!should_process_cmd(cmd
))
1105 cmd
->error_string
= update(cmd
, si
);
1109 warn_if_skipped_connectivity_check(commands
, si
);
1112 static struct command
**queue_command(struct command
**tail
,
1116 unsigned char old_sha1
[20], new_sha1
[20];
1117 struct command
*cmd
;
1118 const char *refname
;
1124 get_sha1_hex(line
, old_sha1
) ||
1125 get_sha1_hex(line
+ 41, new_sha1
))
1126 die("protocol error: expected old/new/ref, got '%s'", line
);
1128 refname
= line
+ 82;
1129 reflen
= linelen
- 82;
1130 cmd
= xcalloc(1, sizeof(struct command
) + reflen
+ 1);
1131 hashcpy(cmd
->old_sha1
, old_sha1
);
1132 hashcpy(cmd
->new_sha1
, new_sha1
);
1133 memcpy(cmd
->ref_name
, refname
, reflen
);
1134 cmd
->ref_name
[reflen
] = '\0';
1139 static void queue_commands_from_cert(struct command
**tail
,
1140 struct strbuf
*push_cert
)
1142 const char *boc
, *eoc
;
1145 die("protocol error: got both push certificate and unsigned commands");
1147 boc
= strstr(push_cert
->buf
, "\n\n");
1149 die("malformed push certificate %.*s", 100, push_cert
->buf
);
1152 eoc
= push_cert
->buf
+ parse_signature(push_cert
->buf
, push_cert
->len
);
1155 const char *eol
= memchr(boc
, '\n', eoc
- boc
);
1156 tail
= queue_command(tail
, boc
, eol
? eol
- boc
: eoc
- eol
);
1157 boc
= eol
? eol
+ 1 : eoc
;
1161 static struct command
*read_head_info(struct sha1_array
*shallow
)
1163 struct command
*commands
= NULL
;
1164 struct command
**p
= &commands
;
1169 line
= packet_read_line(0, &len
);
1173 if (len
== 48 && starts_with(line
, "shallow ")) {
1174 unsigned char sha1
[20];
1175 if (get_sha1_hex(line
+ 8, sha1
))
1176 die("protocol error: expected shallow sha, got '%s'",
1178 sha1_array_append(shallow
, sha1
);
1182 linelen
= strlen(line
);
1183 if (linelen
< len
) {
1184 const char *feature_list
= line
+ linelen
+ 1;
1185 if (parse_feature_request(feature_list
, "report-status"))
1187 if (parse_feature_request(feature_list
, "side-band-64k"))
1188 use_sideband
= LARGE_PACKET_MAX
;
1189 if (parse_feature_request(feature_list
, "quiet"))
1193 if (!strcmp(line
, "push-cert")) {
1198 len
= packet_read(0, NULL
, NULL
,
1199 certbuf
, sizeof(certbuf
), 0);
1204 if (!strcmp(certbuf
, "push-cert-end\n"))
1205 break; /* end of cert */
1206 strbuf_addstr(&push_cert
, certbuf
);
1214 p
= queue_command(p
, line
, linelen
);
1218 queue_commands_from_cert(p
, &push_cert
);
1223 static const char *parse_pack_header(struct pack_header
*hdr
)
1225 switch (read_pack_header(0, hdr
)) {
1227 return "eof before pack header was fully read";
1229 case PH_ERROR_PACK_SIGNATURE
:
1230 return "protocol error (pack signature mismatch detected)";
1232 case PH_ERROR_PROTOCOL
:
1233 return "protocol error (pack version unsupported)";
1236 return "unknown error in parse_pack_header";
1243 static const char *pack_lockfile
;
1245 static const char *unpack(int err_fd
, struct shallow_info
*si
)
1247 struct pack_header hdr
;
1248 const char *hdr_err
;
1251 struct child_process child
= CHILD_PROCESS_INIT
;
1252 int fsck_objects
= (receive_fsck_objects
>= 0
1253 ? receive_fsck_objects
1254 : transfer_fsck_objects
>= 0
1255 ? transfer_fsck_objects
1258 hdr_err
= parse_pack_header(&hdr
);
1264 snprintf(hdr_arg
, sizeof(hdr_arg
),
1265 "--pack_header=%"PRIu32
",%"PRIu32
,
1266 ntohl(hdr
.hdr_version
), ntohl(hdr
.hdr_entries
));
1268 if (si
->nr_ours
|| si
->nr_theirs
) {
1269 alt_shallow_file
= setup_temporary_shallow(si
->shallow
);
1270 argv_array_push(&child
.args
, "--shallow-file");
1271 argv_array_push(&child
.args
, alt_shallow_file
);
1274 if (ntohl(hdr
.hdr_entries
) < unpack_limit
) {
1275 argv_array_pushl(&child
.args
, "unpack-objects", hdr_arg
, NULL
);
1277 argv_array_push(&child
.args
, "-q");
1279 argv_array_push(&child
.args
, "--strict");
1280 child
.no_stdout
= 1;
1283 status
= run_command(&child
);
1285 return "unpack-objects abnormal exit";
1290 s
= sprintf(keep_arg
, "--keep=receive-pack %"PRIuMAX
" on ", (uintmax_t) getpid());
1291 if (gethostname(keep_arg
+ s
, sizeof(keep_arg
) - s
))
1292 strcpy(keep_arg
+ s
, "localhost");
1294 argv_array_pushl(&child
.args
, "index-pack",
1295 "--stdin", hdr_arg
, keep_arg
, NULL
);
1297 argv_array_push(&child
.args
, "--strict");
1299 argv_array_push(&child
.args
, "--fix-thin");
1303 status
= start_command(&child
);
1305 return "index-pack fork failed";
1306 pack_lockfile
= index_pack_lockfile(child
.out
);
1308 status
= finish_command(&child
);
1310 return "index-pack abnormal exit";
1311 reprepare_packed_git();
1316 static const char *unpack_with_sideband(struct shallow_info
*si
)
1322 return unpack(0, si
);
1324 memset(&muxer
, 0, sizeof(muxer
));
1325 muxer
.proc
= copy_to_sideband
;
1327 if (start_async(&muxer
))
1330 ret
= unpack(muxer
.in
, si
);
1332 finish_async(&muxer
);
1336 static void prepare_shallow_update(struct command
*commands
,
1337 struct shallow_info
*si
)
1339 int i
, j
, k
, bitmap_size
= (si
->ref
->nr
+ 31) / 32;
1341 si
->used_shallow
= xmalloc(sizeof(*si
->used_shallow
) *
1343 assign_shallow_commits_to_refs(si
, si
->used_shallow
, NULL
);
1345 si
->need_reachability_test
=
1346 xcalloc(si
->shallow
->nr
, sizeof(*si
->need_reachability_test
));
1348 xcalloc(si
->shallow
->nr
, sizeof(*si
->reachable
));
1349 si
->shallow_ref
= xcalloc(si
->ref
->nr
, sizeof(*si
->shallow_ref
));
1351 for (i
= 0; i
< si
->nr_ours
; i
++)
1352 si
->need_reachability_test
[si
->ours
[i
]] = 1;
1354 for (i
= 0; i
< si
->shallow
->nr
; i
++) {
1355 if (!si
->used_shallow
[i
])
1357 for (j
= 0; j
< bitmap_size
; j
++) {
1358 if (!si
->used_shallow
[i
][j
])
1360 si
->need_reachability_test
[i
]++;
1361 for (k
= 0; k
< 32; k
++)
1362 if (si
->used_shallow
[i
][j
] & (1 << k
))
1363 si
->shallow_ref
[j
* 32 + k
]++;
1367 * true for those associated with some refs and belong
1368 * in "ours" list aka "step 7 not done yet"
1370 si
->need_reachability_test
[i
] =
1371 si
->need_reachability_test
[i
] > 1;
1375 * keep hooks happy by forcing a temporary shallow file via
1376 * env variable because we can't add --shallow-file to every
1377 * command. check_everything_connected() will be done with
1378 * true .git/shallow though.
1380 setenv(GIT_SHALLOW_FILE_ENVIRONMENT
, alt_shallow_file
, 1);
1383 static void update_shallow_info(struct command
*commands
,
1384 struct shallow_info
*si
,
1385 struct sha1_array
*ref
)
1387 struct command
*cmd
;
1389 remove_nonexistent_theirs_shallow(si
);
1390 if (!si
->nr_ours
&& !si
->nr_theirs
) {
1395 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1396 if (is_null_sha1(cmd
->new_sha1
))
1398 sha1_array_append(ref
, cmd
->new_sha1
);
1399 cmd
->index
= ref
->nr
- 1;
1403 if (shallow_update
) {
1404 prepare_shallow_update(commands
, si
);
1408 ref_status
= xmalloc(sizeof(*ref_status
) * ref
->nr
);
1409 assign_shallow_commits_to_refs(si
, NULL
, ref_status
);
1410 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1411 if (is_null_sha1(cmd
->new_sha1
))
1413 if (ref_status
[cmd
->index
]) {
1414 cmd
->error_string
= "shallow update not allowed";
1415 cmd
->skip_update
= 1;
1421 static void report(struct command
*commands
, const char *unpack_status
)
1423 struct command
*cmd
;
1424 struct strbuf buf
= STRBUF_INIT
;
1426 packet_buf_write(&buf
, "unpack %s\n",
1427 unpack_status
? unpack_status
: "ok");
1428 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1429 if (!cmd
->error_string
)
1430 packet_buf_write(&buf
, "ok %s\n",
1433 packet_buf_write(&buf
, "ng %s %s\n",
1434 cmd
->ref_name
, cmd
->error_string
);
1436 packet_buf_flush(&buf
);
1439 send_sideband(1, 1, buf
.buf
, buf
.len
, use_sideband
);
1441 write_or_die(1, buf
.buf
, buf
.len
);
1442 strbuf_release(&buf
);
1445 static int delete_only(struct command
*commands
)
1447 struct command
*cmd
;
1448 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1449 if (!is_null_sha1(cmd
->new_sha1
))
1455 int cmd_receive_pack(int argc
, const char **argv
, const char *prefix
)
1457 int advertise_refs
= 0;
1459 struct command
*commands
;
1460 struct sha1_array shallow
= SHA1_ARRAY_INIT
;
1461 struct sha1_array ref
= SHA1_ARRAY_INIT
;
1462 struct shallow_info si
;
1464 packet_trace_identity("receive-pack");
1467 for (i
= 1; i
< argc
; i
++) {
1468 const char *arg
= *argv
++;
1471 if (!strcmp(arg
, "--quiet")) {
1476 if (!strcmp(arg
, "--advertise-refs")) {
1480 if (!strcmp(arg
, "--stateless-rpc")) {
1484 if (!strcmp(arg
, "--reject-thin-pack-for-testing")) {
1489 usage(receive_pack_usage
);
1492 usage(receive_pack_usage
);
1496 usage(receive_pack_usage
);
1500 if (!enter_repo(service_dir
, 0))
1501 die("'%s' does not appear to be a git repository", service_dir
);
1503 git_config(receive_pack_config
, NULL
);
1504 if (cert_nonce_seed
)
1505 push_cert_nonce
= prepare_push_cert_nonce(service_dir
, time(NULL
));
1507 if (0 <= transfer_unpack_limit
)
1508 unpack_limit
= transfer_unpack_limit
;
1509 else if (0 <= receive_unpack_limit
)
1510 unpack_limit
= receive_unpack_limit
;
1512 if (advertise_refs
|| !stateless_rpc
) {
1518 if ((commands
= read_head_info(&shallow
)) != NULL
) {
1519 const char *unpack_status
= NULL
;
1521 prepare_shallow_info(&si
, &shallow
);
1522 if (!si
.nr_ours
&& !si
.nr_theirs
)
1524 if (!delete_only(commands
)) {
1525 unpack_status
= unpack_with_sideband(&si
);
1526 update_shallow_info(commands
, &si
, &ref
);
1528 execute_commands(commands
, unpack_status
, &si
);
1530 unlink_or_warn(pack_lockfile
);
1532 report(commands
, unpack_status
);
1533 run_receive_hook(commands
, "post-receive", 1);
1534 run_update_post_hook(commands
);
1536 const char *argv_gc_auto
[] = {
1537 "gc", "--auto", "--quiet", NULL
,
1539 int opt
= RUN_GIT_CMD
| RUN_COMMAND_STDOUT_TO_STDERR
;
1540 run_command_v_opt(argv_gc_auto
, opt
);
1542 if (auto_update_server_info
)
1543 update_server_info(0);
1544 clear_shallow_info(&si
);
1548 sha1_array_clear(&shallow
);
1549 sha1_array_clear(&ref
);
1550 free((void *)push_cert_nonce
);