7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage
[] = "git receive-pack <git-dir>";
32 static int deny_deletes
;
33 static int deny_non_fast_forwards
;
34 static enum deny_action deny_current_branch
= DENY_UNCONFIGURED
;
35 static enum deny_action deny_delete_current
= DENY_UNCONFIGURED
;
36 static int receive_fsck_objects
= -1;
37 static int transfer_fsck_objects
= -1;
38 static int receive_unpack_limit
= -1;
39 static int transfer_unpack_limit
= -1;
40 static int advertise_atomic_push
= 1;
41 static int unpack_limit
= 100;
42 static int report_status
;
43 static int use_sideband
;
44 static int use_atomic
;
46 static int prefer_ofs_delta
= 1;
47 static int auto_update_server_info
;
48 static int auto_gc
= 1;
49 static int fix_thin
= 1;
50 static int stateless_rpc
;
51 static const char *service_dir
;
52 static const char *head_name
;
53 static void *head_name_to_free
;
54 static int sent_capabilities
;
55 static int shallow_update
;
56 static const char *alt_shallow_file
;
57 static struct strbuf push_cert
= STRBUF_INIT
;
58 static unsigned char push_cert_sha1
[20];
59 static struct signature_check sigcheck
;
60 static const char *push_cert_nonce
;
61 static const char *cert_nonce_seed
;
63 static const char *NONCE_UNSOLICITED
= "UNSOLICITED";
64 static const char *NONCE_BAD
= "BAD";
65 static const char *NONCE_MISSING
= "MISSING";
66 static const char *NONCE_OK
= "OK";
67 static const char *NONCE_SLOP
= "SLOP";
68 static const char *nonce_status
;
69 static long nonce_stamp_slop
;
70 static unsigned long nonce_stamp_slop_limit
;
71 static struct ref_transaction
*transaction
;
73 static enum deny_action
parse_deny_action(const char *var
, const char *value
)
76 if (!strcasecmp(value
, "ignore"))
78 if (!strcasecmp(value
, "warn"))
80 if (!strcasecmp(value
, "refuse"))
83 if (git_config_bool(var
, value
))
88 static int receive_pack_config(const char *var
, const char *value
, void *cb
)
90 int status
= parse_hide_refs_config(var
, value
, "receive");
95 if (strcmp(var
, "receive.denydeletes") == 0) {
96 deny_deletes
= git_config_bool(var
, value
);
100 if (strcmp(var
, "receive.denynonfastforwards") == 0) {
101 deny_non_fast_forwards
= git_config_bool(var
, value
);
105 if (strcmp(var
, "receive.unpacklimit") == 0) {
106 receive_unpack_limit
= git_config_int(var
, value
);
110 if (strcmp(var
, "transfer.unpacklimit") == 0) {
111 transfer_unpack_limit
= git_config_int(var
, value
);
115 if (strcmp(var
, "receive.fsckobjects") == 0) {
116 receive_fsck_objects
= git_config_bool(var
, value
);
120 if (strcmp(var
, "transfer.fsckobjects") == 0) {
121 transfer_fsck_objects
= git_config_bool(var
, value
);
125 if (!strcmp(var
, "receive.denycurrentbranch")) {
126 deny_current_branch
= parse_deny_action(var
, value
);
130 if (strcmp(var
, "receive.denydeletecurrent") == 0) {
131 deny_delete_current
= parse_deny_action(var
, value
);
135 if (strcmp(var
, "repack.usedeltabaseoffset") == 0) {
136 prefer_ofs_delta
= git_config_bool(var
, value
);
140 if (strcmp(var
, "receive.updateserverinfo") == 0) {
141 auto_update_server_info
= git_config_bool(var
, value
);
145 if (strcmp(var
, "receive.autogc") == 0) {
146 auto_gc
= git_config_bool(var
, value
);
150 if (strcmp(var
, "receive.shallowupdate") == 0) {
151 shallow_update
= git_config_bool(var
, value
);
155 if (strcmp(var
, "receive.certnonceseed") == 0)
156 return git_config_string(&cert_nonce_seed
, var
, value
);
158 if (strcmp(var
, "receive.certnonceslop") == 0) {
159 nonce_stamp_slop_limit
= git_config_ulong(var
, value
);
163 if (strcmp(var
, "receive.advertiseatomic") == 0) {
164 advertise_atomic_push
= git_config_bool(var
, value
);
168 return git_default_config(var
, value
, cb
);
171 static void show_ref(const char *path
, const unsigned char *sha1
)
173 if (ref_is_hidden(path
))
176 if (sent_capabilities
) {
177 packet_write(1, "%s %s\n", sha1_to_hex(sha1
), path
);
179 struct strbuf cap
= STRBUF_INIT
;
182 "report-status delete-refs side-band-64k quiet");
183 if (advertise_atomic_push
)
184 strbuf_addstr(&cap
, " atomic");
185 if (prefer_ofs_delta
)
186 strbuf_addstr(&cap
, " ofs-delta");
188 strbuf_addf(&cap
, " push-cert=%s", push_cert_nonce
);
189 strbuf_addf(&cap
, " agent=%s", git_user_agent_sanitized());
190 packet_write(1, "%s %s%c%s\n",
191 sha1_to_hex(sha1
), path
, 0, cap
.buf
);
192 strbuf_release(&cap
);
193 sent_capabilities
= 1;
197 static int show_ref_cb(const char *path
, const unsigned char *sha1
, int flag
, void *unused
)
199 path
= strip_namespace(path
);
201 * Advertise refs outside our current namespace as ".have"
202 * refs, so that the client can use them to minimize data
203 * transfer but will otherwise ignore them. This happens to
204 * cover ".have" that are thrown in by add_one_alternate_ref()
205 * to mark histories that are complete in our alternates as
210 show_ref(path
, sha1
);
214 static void show_one_alternate_sha1(const unsigned char sha1
[20], void *unused
)
216 show_ref(".have", sha1
);
219 static void collect_one_alternate_ref(const struct ref
*ref
, void *data
)
221 struct sha1_array
*sa
= data
;
222 sha1_array_append(sa
, ref
->old_sha1
);
225 static void write_head_info(void)
227 struct sha1_array sa
= SHA1_ARRAY_INIT
;
228 for_each_alternate_ref(collect_one_alternate_ref
, &sa
);
229 sha1_array_for_each_unique(&sa
, show_one_alternate_sha1
, NULL
);
230 sha1_array_clear(&sa
);
231 for_each_ref(show_ref_cb
, NULL
);
232 if (!sent_capabilities
)
233 show_ref("capabilities^{}", null_sha1
);
235 advertise_shallow_grafts(1);
242 struct command
*next
;
243 const char *error_string
;
244 unsigned int skip_update
:1,
247 unsigned char old_sha1
[20];
248 unsigned char new_sha1
[20];
249 char ref_name
[FLEX_ARRAY
]; /* more */
252 static void rp_error(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
253 static void rp_warning(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
255 static void report_message(const char *prefix
, const char *err
, va_list params
)
257 int sz
= strlen(prefix
);
260 strncpy(msg
, prefix
, sz
);
261 sz
+= vsnprintf(msg
+ sz
, sizeof(msg
) - sz
, err
, params
);
262 if (sz
> (sizeof(msg
) - 1))
263 sz
= sizeof(msg
) - 1;
267 send_sideband(1, 2, msg
, sz
, use_sideband
);
272 static void rp_warning(const char *err
, ...)
275 va_start(params
, err
);
276 report_message("warning: ", err
, params
);
280 static void rp_error(const char *err
, ...)
283 va_start(params
, err
);
284 report_message("error: ", err
, params
);
288 static int copy_to_sideband(int in
, int out
, void *arg
)
292 ssize_t sz
= xread(in
, data
, sizeof(data
));
295 send_sideband(1, 2, data
, sz
, use_sideband
);
301 #define HMAC_BLOCK_SIZE 64
303 static void hmac_sha1(unsigned char *out
,
304 const char *key_in
, size_t key_len
,
305 const char *text
, size_t text_len
)
307 unsigned char key
[HMAC_BLOCK_SIZE
];
308 unsigned char k_ipad
[HMAC_BLOCK_SIZE
];
309 unsigned char k_opad
[HMAC_BLOCK_SIZE
];
313 /* RFC 2104 2. (1) */
314 memset(key
, '\0', HMAC_BLOCK_SIZE
);
315 if (HMAC_BLOCK_SIZE
< key_len
) {
317 git_SHA1_Update(&ctx
, key_in
, key_len
);
318 git_SHA1_Final(key
, &ctx
);
320 memcpy(key
, key_in
, key_len
);
323 /* RFC 2104 2. (2) & (5) */
324 for (i
= 0; i
< sizeof(key
); i
++) {
325 k_ipad
[i
] = key
[i
] ^ 0x36;
326 k_opad
[i
] = key
[i
] ^ 0x5c;
329 /* RFC 2104 2. (3) & (4) */
331 git_SHA1_Update(&ctx
, k_ipad
, sizeof(k_ipad
));
332 git_SHA1_Update(&ctx
, text
, text_len
);
333 git_SHA1_Final(out
, &ctx
);
335 /* RFC 2104 2. (6) & (7) */
337 git_SHA1_Update(&ctx
, k_opad
, sizeof(k_opad
));
338 git_SHA1_Update(&ctx
, out
, 20);
339 git_SHA1_Final(out
, &ctx
);
342 static char *prepare_push_cert_nonce(const char *path
, unsigned long stamp
)
344 struct strbuf buf
= STRBUF_INIT
;
345 unsigned char sha1
[20];
347 strbuf_addf(&buf
, "%s:%lu", path
, stamp
);
348 hmac_sha1(sha1
, buf
.buf
, buf
.len
, cert_nonce_seed
, strlen(cert_nonce_seed
));;
349 strbuf_release(&buf
);
351 /* RFC 2104 5. HMAC-SHA1-80 */
352 strbuf_addf(&buf
, "%lu-%.*s", stamp
, 20, sha1_to_hex(sha1
));
353 return strbuf_detach(&buf
, NULL
);
357 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
358 * after dropping "_commit" from its name and possibly moving it out
361 static char *find_header(const char *msg
, size_t len
, const char *key
)
363 int key_len
= strlen(key
);
364 const char *line
= msg
;
366 while (line
&& line
< msg
+ len
) {
367 const char *eol
= strchrnul(line
, '\n');
369 if ((msg
+ len
<= eol
) || line
== eol
)
371 if (line
+ key_len
< eol
&&
372 !memcmp(line
, key
, key_len
) && line
[key_len
] == ' ') {
373 int offset
= key_len
+ 1;
374 return xmemdupz(line
+ offset
, (eol
- line
) - offset
);
376 line
= *eol
? eol
+ 1 : NULL
;
381 static const char *check_nonce(const char *buf
, size_t len
)
383 char *nonce
= find_header(buf
, len
, "nonce");
384 unsigned long stamp
, ostamp
;
385 char *bohmac
, *expect
= NULL
;
386 const char *retval
= NONCE_BAD
;
389 retval
= NONCE_MISSING
;
391 } else if (!push_cert_nonce
) {
392 retval
= NONCE_UNSOLICITED
;
394 } else if (!strcmp(push_cert_nonce
, nonce
)) {
399 if (!stateless_rpc
) {
400 /* returned nonce MUST match what we gave out earlier */
406 * In stateless mode, we may be receiving a nonce issued by
407 * another instance of the server that serving the same
408 * repository, and the timestamps may not match, but the
409 * nonce-seed and dir should match, so we can recompute and
410 * report the time slop.
412 * In addition, when a nonce issued by another instance has
413 * timestamp within receive.certnonceslop seconds, we pretend
414 * as if we issued that nonce when reporting to the hook.
417 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
418 if (*nonce
<= '0' || '9' < *nonce
) {
422 stamp
= strtoul(nonce
, &bohmac
, 10);
423 if (bohmac
== nonce
|| bohmac
[0] != '-') {
428 expect
= prepare_push_cert_nonce(service_dir
, stamp
);
429 if (strcmp(expect
, nonce
)) {
430 /* Not what we would have signed earlier */
436 * By how many seconds is this nonce stale? Negative value
437 * would mean it was issued by another server with its clock
438 * skewed in the future.
440 ostamp
= strtoul(push_cert_nonce
, NULL
, 10);
441 nonce_stamp_slop
= (long)ostamp
- (long)stamp
;
443 if (nonce_stamp_slop_limit
&&
444 abs(nonce_stamp_slop
) <= nonce_stamp_slop_limit
) {
446 * Pretend as if the received nonce (which passes the
447 * HMAC check, so it is not a forged by third-party)
450 free((void *)push_cert_nonce
);
451 push_cert_nonce
= xstrdup(nonce
);
463 static void prepare_push_cert_sha1(struct child_process
*proc
)
465 static int already_done
;
471 struct strbuf gpg_output
= STRBUF_INIT
;
472 struct strbuf gpg_status
= STRBUF_INIT
;
473 int bogs
/* beginning_of_gpg_sig */;
476 if (write_sha1_file(push_cert
.buf
, push_cert
.len
, "blob", push_cert_sha1
))
477 hashclr(push_cert_sha1
);
479 memset(&sigcheck
, '\0', sizeof(sigcheck
));
480 sigcheck
.result
= 'N';
482 bogs
= parse_signature(push_cert
.buf
, push_cert
.len
);
483 if (verify_signed_buffer(push_cert
.buf
, bogs
,
484 push_cert
.buf
+ bogs
, push_cert
.len
- bogs
,
485 &gpg_output
, &gpg_status
) < 0) {
486 ; /* error running gpg */
488 sigcheck
.payload
= push_cert
.buf
;
489 sigcheck
.gpg_output
= gpg_output
.buf
;
490 sigcheck
.gpg_status
= gpg_status
.buf
;
491 parse_gpg_output(&sigcheck
);
494 strbuf_release(&gpg_output
);
495 strbuf_release(&gpg_status
);
496 nonce_status
= check_nonce(push_cert
.buf
, bogs
);
498 if (!is_null_sha1(push_cert_sha1
)) {
499 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT=%s",
500 sha1_to_hex(push_cert_sha1
));
501 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_SIGNER=%s",
502 sigcheck
.signer
? sigcheck
.signer
: "");
503 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_KEY=%s",
504 sigcheck
.key
? sigcheck
.key
: "");
505 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_STATUS=%c",
507 if (push_cert_nonce
) {
508 argv_array_pushf(&proc
->env_array
,
509 "GIT_PUSH_CERT_NONCE=%s",
511 argv_array_pushf(&proc
->env_array
,
512 "GIT_PUSH_CERT_NONCE_STATUS=%s",
514 if (nonce_status
== NONCE_SLOP
)
515 argv_array_pushf(&proc
->env_array
,
516 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
522 typedef int (*feed_fn
)(void *, const char **, size_t *);
523 static int run_and_feed_hook(const char *hook_name
, feed_fn feed
, void *feed_state
)
525 struct child_process proc
= CHILD_PROCESS_INIT
;
530 argv
[0] = find_hook(hook_name
);
538 proc
.stdout_to_stderr
= 1;
541 memset(&muxer
, 0, sizeof(muxer
));
542 muxer
.proc
= copy_to_sideband
;
544 code
= start_async(&muxer
);
550 prepare_push_cert_sha1(&proc
);
552 code
= start_command(&proc
);
555 finish_async(&muxer
);
559 sigchain_push(SIGPIPE
, SIG_IGN
);
564 if (feed(feed_state
, &buf
, &n
))
566 if (write_in_full(proc
.in
, buf
, n
) != n
)
571 finish_async(&muxer
);
573 sigchain_pop(SIGPIPE
);
575 return finish_command(&proc
);
578 struct receive_hook_feed_state
{
584 static int feed_receive_hook(void *state_
, const char **bufp
, size_t *sizep
)
586 struct receive_hook_feed_state
*state
= state_
;
587 struct command
*cmd
= state
->cmd
;
590 state
->skip_broken
&& (cmd
->error_string
|| cmd
->did_not_exist
))
594 strbuf_reset(&state
->buf
);
595 strbuf_addf(&state
->buf
, "%s %s %s\n",
596 sha1_to_hex(cmd
->old_sha1
), sha1_to_hex(cmd
->new_sha1
),
598 state
->cmd
= cmd
->next
;
600 *bufp
= state
->buf
.buf
;
601 *sizep
= state
->buf
.len
;
606 static int run_receive_hook(struct command
*commands
, const char *hook_name
,
609 struct receive_hook_feed_state state
;
612 strbuf_init(&state
.buf
, 0);
613 state
.cmd
= commands
;
614 state
.skip_broken
= skip_broken
;
615 if (feed_receive_hook(&state
, NULL
, NULL
))
617 state
.cmd
= commands
;
618 status
= run_and_feed_hook(hook_name
, feed_receive_hook
, &state
);
619 strbuf_release(&state
.buf
);
623 static int run_update_hook(struct command
*cmd
)
626 struct child_process proc
= CHILD_PROCESS_INIT
;
629 argv
[0] = find_hook("update");
633 argv
[1] = cmd
->ref_name
;
634 argv
[2] = sha1_to_hex(cmd
->old_sha1
);
635 argv
[3] = sha1_to_hex(cmd
->new_sha1
);
639 proc
.stdout_to_stderr
= 1;
640 proc
.err
= use_sideband
? -1 : 0;
643 code
= start_command(&proc
);
647 copy_to_sideband(proc
.err
, -1, NULL
);
648 return finish_command(&proc
);
651 static int is_ref_checked_out(const char *ref
)
653 if (is_bare_repository())
658 return !strcmp(head_name
, ref
);
661 static char *refuse_unconfigured_deny_msg
[] = {
662 "By default, updating the current branch in a non-bare repository",
663 "is denied, because it will make the index and work tree inconsistent",
664 "with what you pushed, and will require 'git reset --hard' to match",
665 "the work tree to HEAD.",
667 "You can set 'receive.denyCurrentBranch' configuration variable to",
668 "'ignore' or 'warn' in the remote repository to allow pushing into",
669 "its current branch; however, this is not recommended unless you",
670 "arranged to update its work tree to match what you pushed in some",
673 "To squelch this message and still keep the default behaviour, set",
674 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
677 static void refuse_unconfigured_deny(void)
680 for (i
= 0; i
< ARRAY_SIZE(refuse_unconfigured_deny_msg
); i
++)
681 rp_error("%s", refuse_unconfigured_deny_msg
[i
]);
684 static char *refuse_unconfigured_deny_delete_current_msg
[] = {
685 "By default, deleting the current branch is denied, because the next",
686 "'git clone' won't result in any file checked out, causing confusion.",
688 "You can set 'receive.denyDeleteCurrent' configuration variable to",
689 "'warn' or 'ignore' in the remote repository to allow deleting the",
690 "current branch, with or without a warning message.",
692 "To squelch this message, you can set it to 'refuse'."
695 static void refuse_unconfigured_deny_delete_current(void)
699 i
< ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg
);
701 rp_error("%s", refuse_unconfigured_deny_delete_current_msg
[i
]);
704 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20]);
705 static int update_shallow_ref(struct command
*cmd
, struct shallow_info
*si
)
707 static struct lock_file shallow_lock
;
708 struct sha1_array extra
= SHA1_ARRAY_INIT
;
709 const char *alt_file
;
710 uint32_t mask
= 1 << (cmd
->index
% 32);
713 trace_printf_key(&trace_shallow
,
714 "shallow: update_shallow_ref %s\n", cmd
->ref_name
);
715 for (i
= 0; i
< si
->shallow
->nr
; i
++)
716 if (si
->used_shallow
[i
] &&
717 (si
->used_shallow
[i
][cmd
->index
/ 32] & mask
) &&
718 !delayed_reachability_test(si
, i
))
719 sha1_array_append(&extra
, si
->shallow
->sha1
[i
]);
721 setup_alternate_shallow(&shallow_lock
, &alt_file
, &extra
);
722 if (check_shallow_connected(command_singleton_iterator
,
724 rollback_lock_file(&shallow_lock
);
725 sha1_array_clear(&extra
);
729 commit_lock_file(&shallow_lock
);
732 * Make sure setup_alternate_shallow() for the next ref does
733 * not lose these new roots..
735 for (i
= 0; i
< extra
.nr
; i
++)
736 register_shallow(extra
.sha1
[i
]);
738 si
->shallow_ref
[cmd
->index
] = 0;
739 sha1_array_clear(&extra
);
743 static const char *update(struct command
*cmd
, struct shallow_info
*si
)
745 const char *name
= cmd
->ref_name
;
746 struct strbuf namespaced_name_buf
= STRBUF_INIT
;
747 const char *namespaced_name
;
748 unsigned char *old_sha1
= cmd
->old_sha1
;
749 unsigned char *new_sha1
= cmd
->new_sha1
;
751 /* only refs/... are allowed */
752 if (!starts_with(name
, "refs/") || check_refname_format(name
+ 5, 0)) {
753 rp_error("refusing to create funny ref '%s' remotely", name
);
754 return "funny refname";
757 strbuf_addf(&namespaced_name_buf
, "%s%s", get_git_namespace(), name
);
758 namespaced_name
= strbuf_detach(&namespaced_name_buf
, NULL
);
760 if (is_ref_checked_out(namespaced_name
)) {
761 switch (deny_current_branch
) {
765 rp_warning("updating the current branch");
768 case DENY_UNCONFIGURED
:
769 rp_error("refusing to update checked out branch: %s", name
);
770 if (deny_current_branch
== DENY_UNCONFIGURED
)
771 refuse_unconfigured_deny();
772 return "branch is currently checked out";
776 if (!is_null_sha1(new_sha1
) && !has_sha1_file(new_sha1
)) {
777 error("unpack should have generated %s, "
778 "but I can't find it!", sha1_to_hex(new_sha1
));
782 if (!is_null_sha1(old_sha1
) && is_null_sha1(new_sha1
)) {
783 if (deny_deletes
&& starts_with(name
, "refs/heads/")) {
784 rp_error("denying ref deletion for %s", name
);
785 return "deletion prohibited";
788 if (!strcmp(namespaced_name
, head_name
)) {
789 switch (deny_delete_current
) {
793 rp_warning("deleting the current branch");
796 case DENY_UNCONFIGURED
:
797 if (deny_delete_current
== DENY_UNCONFIGURED
)
798 refuse_unconfigured_deny_delete_current();
799 rp_error("refusing to delete the current branch: %s", name
);
800 return "deletion of the current branch prohibited";
805 if (deny_non_fast_forwards
&& !is_null_sha1(new_sha1
) &&
806 !is_null_sha1(old_sha1
) &&
807 starts_with(name
, "refs/heads/")) {
808 struct object
*old_object
, *new_object
;
809 struct commit
*old_commit
, *new_commit
;
811 old_object
= parse_object(old_sha1
);
812 new_object
= parse_object(new_sha1
);
814 if (!old_object
|| !new_object
||
815 old_object
->type
!= OBJ_COMMIT
||
816 new_object
->type
!= OBJ_COMMIT
) {
817 error("bad sha1 objects for %s", name
);
820 old_commit
= (struct commit
*)old_object
;
821 new_commit
= (struct commit
*)new_object
;
822 if (!in_merge_bases(old_commit
, new_commit
)) {
823 rp_error("denying non-fast-forward %s"
824 " (you should pull first)", name
);
825 return "non-fast-forward";
828 if (run_update_hook(cmd
)) {
829 rp_error("hook declined to update %s", name
);
830 return "hook declined";
833 if (is_null_sha1(new_sha1
)) {
834 struct strbuf err
= STRBUF_INIT
;
835 if (!parse_object(old_sha1
)) {
837 if (ref_exists(name
)) {
838 rp_warning("Allowing deletion of corrupt ref.");
840 rp_warning("Deleting a non-existent ref.");
841 cmd
->did_not_exist
= 1;
844 if (ref_transaction_delete(transaction
,
849 rp_error("%s", err
.buf
);
850 strbuf_release(&err
);
851 return "failed to delete";
853 strbuf_release(&err
);
854 return NULL
; /* good */
857 struct strbuf err
= STRBUF_INIT
;
858 if (shallow_update
&& si
->shallow_ref
[cmd
->index
] &&
859 update_shallow_ref(cmd
, si
))
860 return "shallow error";
862 if (ref_transaction_update(transaction
,
867 rp_error("%s", err
.buf
);
868 strbuf_release(&err
);
870 return "failed to update ref";
872 strbuf_release(&err
);
874 return NULL
; /* good */
878 static void run_update_post_hook(struct command
*commands
)
883 struct child_process proc
= CHILD_PROCESS_INIT
;
886 hook
= find_hook("post-update");
887 for (argc
= 0, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
888 if (cmd
->error_string
|| cmd
->did_not_exist
)
895 argv
= xmalloc(sizeof(*argv
) * (2 + argc
));
898 for (argc
= 1, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
899 if (cmd
->error_string
|| cmd
->did_not_exist
)
901 argv
[argc
] = xstrdup(cmd
->ref_name
);
907 proc
.stdout_to_stderr
= 1;
908 proc
.err
= use_sideband
? -1 : 0;
911 if (!start_command(&proc
)) {
913 copy_to_sideband(proc
.err
, -1, NULL
);
914 finish_command(&proc
);
918 static void check_aliased_update(struct command
*cmd
, struct string_list
*list
)
920 struct strbuf buf
= STRBUF_INIT
;
921 const char *dst_name
;
922 struct string_list_item
*item
;
923 struct command
*dst_cmd
;
924 unsigned char sha1
[20];
925 char cmd_oldh
[41], cmd_newh
[41], dst_oldh
[41], dst_newh
[41];
928 strbuf_addf(&buf
, "%s%s", get_git_namespace(), cmd
->ref_name
);
929 dst_name
= resolve_ref_unsafe(buf
.buf
, 0, sha1
, &flag
);
930 strbuf_release(&buf
);
932 if (!(flag
& REF_ISSYMREF
))
935 dst_name
= strip_namespace(dst_name
);
937 rp_error("refusing update to broken symref '%s'", cmd
->ref_name
);
938 cmd
->skip_update
= 1;
939 cmd
->error_string
= "broken symref";
943 if ((item
= string_list_lookup(list
, dst_name
)) == NULL
)
946 cmd
->skip_update
= 1;
948 dst_cmd
= (struct command
*) item
->util
;
950 if (!hashcmp(cmd
->old_sha1
, dst_cmd
->old_sha1
) &&
951 !hashcmp(cmd
->new_sha1
, dst_cmd
->new_sha1
))
954 dst_cmd
->skip_update
= 1;
956 strcpy(cmd_oldh
, find_unique_abbrev(cmd
->old_sha1
, DEFAULT_ABBREV
));
957 strcpy(cmd_newh
, find_unique_abbrev(cmd
->new_sha1
, DEFAULT_ABBREV
));
958 strcpy(dst_oldh
, find_unique_abbrev(dst_cmd
->old_sha1
, DEFAULT_ABBREV
));
959 strcpy(dst_newh
, find_unique_abbrev(dst_cmd
->new_sha1
, DEFAULT_ABBREV
));
960 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
961 " its target '%s' (%s..%s)",
962 cmd
->ref_name
, cmd_oldh
, cmd_newh
,
963 dst_cmd
->ref_name
, dst_oldh
, dst_newh
);
965 cmd
->error_string
= dst_cmd
->error_string
=
966 "inconsistent aliased update";
969 static void check_aliased_updates(struct command
*commands
)
972 struct string_list ref_list
= STRING_LIST_INIT_NODUP
;
974 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
975 struct string_list_item
*item
=
976 string_list_append(&ref_list
, cmd
->ref_name
);
977 item
->util
= (void *)cmd
;
979 sort_string_list(&ref_list
);
981 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
982 if (!cmd
->error_string
)
983 check_aliased_update(cmd
, &ref_list
);
986 string_list_clear(&ref_list
, 0);
989 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20])
991 struct command
**cmd_list
= cb_data
;
992 struct command
*cmd
= *cmd_list
;
994 if (!cmd
|| is_null_sha1(cmd
->new_sha1
))
995 return -1; /* end of list */
996 *cmd_list
= NULL
; /* this returns only one */
997 hashcpy(sha1
, cmd
->new_sha1
);
1001 static void set_connectivity_errors(struct command
*commands
,
1002 struct shallow_info
*si
)
1004 struct command
*cmd
;
1006 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1007 struct command
*singleton
= cmd
;
1008 if (shallow_update
&& si
->shallow_ref
[cmd
->index
])
1009 /* to be checked in update_shallow_ref() */
1011 if (!check_everything_connected(command_singleton_iterator
,
1014 cmd
->error_string
= "missing necessary objects";
1018 struct iterate_data
{
1019 struct command
*cmds
;
1020 struct shallow_info
*si
;
1023 static int iterate_receive_command_list(void *cb_data
, unsigned char sha1
[20])
1025 struct iterate_data
*data
= cb_data
;
1026 struct command
**cmd_list
= &data
->cmds
;
1027 struct command
*cmd
= *cmd_list
;
1029 for (; cmd
; cmd
= cmd
->next
) {
1030 if (shallow_update
&& data
->si
->shallow_ref
[cmd
->index
])
1031 /* to be checked in update_shallow_ref() */
1033 if (!is_null_sha1(cmd
->new_sha1
) && !cmd
->skip_update
) {
1034 hashcpy(sha1
, cmd
->new_sha1
);
1035 *cmd_list
= cmd
->next
;
1040 return -1; /* end of list */
1043 static void reject_updates_to_hidden(struct command
*commands
)
1045 struct command
*cmd
;
1047 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1048 if (cmd
->error_string
|| !ref_is_hidden(cmd
->ref_name
))
1050 if (is_null_sha1(cmd
->new_sha1
))
1051 cmd
->error_string
= "deny deleting a hidden ref";
1053 cmd
->error_string
= "deny updating a hidden ref";
1057 static int should_process_cmd(struct command
*cmd
)
1059 return !cmd
->error_string
&& !cmd
->skip_update
;
1062 static void warn_if_skipped_connectivity_check(struct command
*commands
,
1063 struct shallow_info
*si
)
1065 struct command
*cmd
;
1066 int checked_connectivity
= 1;
1068 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1069 if (should_process_cmd(cmd
) && si
->shallow_ref
[cmd
->index
]) {
1070 error("BUG: connectivity check has not been run on ref %s",
1072 checked_connectivity
= 0;
1075 if (!checked_connectivity
)
1076 die("BUG: connectivity check skipped???");
1079 static void execute_commands_non_atomic(struct command
*commands
,
1080 struct shallow_info
*si
)
1082 struct command
*cmd
;
1083 struct strbuf err
= STRBUF_INIT
;
1085 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1086 if (!should_process_cmd(cmd
))
1089 transaction
= ref_transaction_begin(&err
);
1091 rp_error("%s", err
.buf
);
1093 cmd
->error_string
= "transaction failed to start";
1097 cmd
->error_string
= update(cmd
, si
);
1099 if (!cmd
->error_string
1100 && ref_transaction_commit(transaction
, &err
)) {
1101 rp_error("%s", err
.buf
);
1103 cmd
->error_string
= "failed to update ref";
1105 ref_transaction_free(transaction
);
1107 strbuf_release(&err
);
1110 static void execute_commands_atomic(struct command
*commands
,
1111 struct shallow_info
*si
)
1113 struct command
*cmd
;
1114 struct strbuf err
= STRBUF_INIT
;
1115 const char *reported_error
= "atomic push failure";
1117 transaction
= ref_transaction_begin(&err
);
1119 rp_error("%s", err
.buf
);
1121 reported_error
= "transaction failed to start";
1125 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1126 if (!should_process_cmd(cmd
))
1129 cmd
->error_string
= update(cmd
, si
);
1131 if (cmd
->error_string
)
1135 if (ref_transaction_commit(transaction
, &err
)) {
1136 rp_error("%s", err
.buf
);
1137 reported_error
= "atomic transaction failed";
1143 for (cmd
= commands
; cmd
; cmd
= cmd
->next
)
1144 if (!cmd
->error_string
)
1145 cmd
->error_string
= reported_error
;
1148 ref_transaction_free(transaction
);
1149 strbuf_release(&err
);
1152 static void execute_commands(struct command
*commands
,
1153 const char *unpacker_error
,
1154 struct shallow_info
*si
)
1156 struct command
*cmd
;
1157 unsigned char sha1
[20];
1158 struct iterate_data data
;
1160 if (unpacker_error
) {
1161 for (cmd
= commands
; cmd
; cmd
= cmd
->next
)
1162 cmd
->error_string
= "unpacker error";
1166 data
.cmds
= commands
;
1168 if (check_everything_connected(iterate_receive_command_list
, 0, &data
))
1169 set_connectivity_errors(commands
, si
);
1171 reject_updates_to_hidden(commands
);
1173 if (run_receive_hook(commands
, "pre-receive", 0)) {
1174 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1175 if (!cmd
->error_string
)
1176 cmd
->error_string
= "pre-receive hook declined";
1181 check_aliased_updates(commands
);
1183 free(head_name_to_free
);
1184 head_name
= head_name_to_free
= resolve_refdup("HEAD", 0, sha1
, NULL
);
1187 execute_commands_atomic(commands
, si
);
1189 execute_commands_non_atomic(commands
, si
);
1192 warn_if_skipped_connectivity_check(commands
, si
);
1195 static struct command
**queue_command(struct command
**tail
,
1199 unsigned char old_sha1
[20], new_sha1
[20];
1200 struct command
*cmd
;
1201 const char *refname
;
1207 get_sha1_hex(line
, old_sha1
) ||
1208 get_sha1_hex(line
+ 41, new_sha1
))
1209 die("protocol error: expected old/new/ref, got '%s'", line
);
1211 refname
= line
+ 82;
1212 reflen
= linelen
- 82;
1213 cmd
= xcalloc(1, sizeof(struct command
) + reflen
+ 1);
1214 hashcpy(cmd
->old_sha1
, old_sha1
);
1215 hashcpy(cmd
->new_sha1
, new_sha1
);
1216 memcpy(cmd
->ref_name
, refname
, reflen
);
1217 cmd
->ref_name
[reflen
] = '\0';
1222 static void queue_commands_from_cert(struct command
**tail
,
1223 struct strbuf
*push_cert
)
1225 const char *boc
, *eoc
;
1228 die("protocol error: got both push certificate and unsigned commands");
1230 boc
= strstr(push_cert
->buf
, "\n\n");
1232 die("malformed push certificate %.*s", 100, push_cert
->buf
);
1235 eoc
= push_cert
->buf
+ parse_signature(push_cert
->buf
, push_cert
->len
);
1238 const char *eol
= memchr(boc
, '\n', eoc
- boc
);
1239 tail
= queue_command(tail
, boc
, eol
? eol
- boc
: eoc
- eol
);
1240 boc
= eol
? eol
+ 1 : eoc
;
1244 static struct command
*read_head_info(struct sha1_array
*shallow
)
1246 struct command
*commands
= NULL
;
1247 struct command
**p
= &commands
;
1252 line
= packet_read_line(0, &len
);
1256 if (len
== 48 && starts_with(line
, "shallow ")) {
1257 unsigned char sha1
[20];
1258 if (get_sha1_hex(line
+ 8, sha1
))
1259 die("protocol error: expected shallow sha, got '%s'",
1261 sha1_array_append(shallow
, sha1
);
1265 linelen
= strlen(line
);
1266 if (linelen
< len
) {
1267 const char *feature_list
= line
+ linelen
+ 1;
1268 if (parse_feature_request(feature_list
, "report-status"))
1270 if (parse_feature_request(feature_list
, "side-band-64k"))
1271 use_sideband
= LARGE_PACKET_MAX
;
1272 if (parse_feature_request(feature_list
, "quiet"))
1274 if (advertise_atomic_push
1275 && parse_feature_request(feature_list
, "atomic"))
1279 if (!strcmp(line
, "push-cert")) {
1284 len
= packet_read(0, NULL
, NULL
,
1285 certbuf
, sizeof(certbuf
), 0);
1290 if (!strcmp(certbuf
, "push-cert-end\n"))
1291 break; /* end of cert */
1292 strbuf_addstr(&push_cert
, certbuf
);
1300 p
= queue_command(p
, line
, linelen
);
1304 queue_commands_from_cert(p
, &push_cert
);
1309 static const char *parse_pack_header(struct pack_header
*hdr
)
1311 switch (read_pack_header(0, hdr
)) {
1313 return "eof before pack header was fully read";
1315 case PH_ERROR_PACK_SIGNATURE
:
1316 return "protocol error (pack signature mismatch detected)";
1318 case PH_ERROR_PROTOCOL
:
1319 return "protocol error (pack version unsupported)";
1322 return "unknown error in parse_pack_header";
1329 static const char *pack_lockfile
;
1331 static const char *unpack(int err_fd
, struct shallow_info
*si
)
1333 struct pack_header hdr
;
1334 const char *hdr_err
;
1337 struct child_process child
= CHILD_PROCESS_INIT
;
1338 int fsck_objects
= (receive_fsck_objects
>= 0
1339 ? receive_fsck_objects
1340 : transfer_fsck_objects
>= 0
1341 ? transfer_fsck_objects
1344 hdr_err
= parse_pack_header(&hdr
);
1350 snprintf(hdr_arg
, sizeof(hdr_arg
),
1351 "--pack_header=%"PRIu32
",%"PRIu32
,
1352 ntohl(hdr
.hdr_version
), ntohl(hdr
.hdr_entries
));
1354 if (si
->nr_ours
|| si
->nr_theirs
) {
1355 alt_shallow_file
= setup_temporary_shallow(si
->shallow
);
1356 argv_array_push(&child
.args
, "--shallow-file");
1357 argv_array_push(&child
.args
, alt_shallow_file
);
1360 if (ntohl(hdr
.hdr_entries
) < unpack_limit
) {
1361 argv_array_pushl(&child
.args
, "unpack-objects", hdr_arg
, NULL
);
1363 argv_array_push(&child
.args
, "-q");
1365 argv_array_push(&child
.args
, "--strict");
1366 child
.no_stdout
= 1;
1369 status
= run_command(&child
);
1371 return "unpack-objects abnormal exit";
1376 s
= sprintf(keep_arg
, "--keep=receive-pack %"PRIuMAX
" on ", (uintmax_t) getpid());
1377 if (gethostname(keep_arg
+ s
, sizeof(keep_arg
) - s
))
1378 strcpy(keep_arg
+ s
, "localhost");
1380 argv_array_pushl(&child
.args
, "index-pack",
1381 "--stdin", hdr_arg
, keep_arg
, NULL
);
1383 argv_array_push(&child
.args
, "--strict");
1385 argv_array_push(&child
.args
, "--fix-thin");
1389 status
= start_command(&child
);
1391 return "index-pack fork failed";
1392 pack_lockfile
= index_pack_lockfile(child
.out
);
1394 status
= finish_command(&child
);
1396 return "index-pack abnormal exit";
1397 reprepare_packed_git();
1402 static const char *unpack_with_sideband(struct shallow_info
*si
)
1408 return unpack(0, si
);
1410 memset(&muxer
, 0, sizeof(muxer
));
1411 muxer
.proc
= copy_to_sideband
;
1413 if (start_async(&muxer
))
1416 ret
= unpack(muxer
.in
, si
);
1418 finish_async(&muxer
);
1422 static void prepare_shallow_update(struct command
*commands
,
1423 struct shallow_info
*si
)
1425 int i
, j
, k
, bitmap_size
= (si
->ref
->nr
+ 31) / 32;
1427 si
->used_shallow
= xmalloc(sizeof(*si
->used_shallow
) *
1429 assign_shallow_commits_to_refs(si
, si
->used_shallow
, NULL
);
1431 si
->need_reachability_test
=
1432 xcalloc(si
->shallow
->nr
, sizeof(*si
->need_reachability_test
));
1434 xcalloc(si
->shallow
->nr
, sizeof(*si
->reachable
));
1435 si
->shallow_ref
= xcalloc(si
->ref
->nr
, sizeof(*si
->shallow_ref
));
1437 for (i
= 0; i
< si
->nr_ours
; i
++)
1438 si
->need_reachability_test
[si
->ours
[i
]] = 1;
1440 for (i
= 0; i
< si
->shallow
->nr
; i
++) {
1441 if (!si
->used_shallow
[i
])
1443 for (j
= 0; j
< bitmap_size
; j
++) {
1444 if (!si
->used_shallow
[i
][j
])
1446 si
->need_reachability_test
[i
]++;
1447 for (k
= 0; k
< 32; k
++)
1448 if (si
->used_shallow
[i
][j
] & (1 << k
))
1449 si
->shallow_ref
[j
* 32 + k
]++;
1453 * true for those associated with some refs and belong
1454 * in "ours" list aka "step 7 not done yet"
1456 si
->need_reachability_test
[i
] =
1457 si
->need_reachability_test
[i
] > 1;
1461 * keep hooks happy by forcing a temporary shallow file via
1462 * env variable because we can't add --shallow-file to every
1463 * command. check_everything_connected() will be done with
1464 * true .git/shallow though.
1466 setenv(GIT_SHALLOW_FILE_ENVIRONMENT
, alt_shallow_file
, 1);
1469 static void update_shallow_info(struct command
*commands
,
1470 struct shallow_info
*si
,
1471 struct sha1_array
*ref
)
1473 struct command
*cmd
;
1475 remove_nonexistent_theirs_shallow(si
);
1476 if (!si
->nr_ours
&& !si
->nr_theirs
) {
1481 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1482 if (is_null_sha1(cmd
->new_sha1
))
1484 sha1_array_append(ref
, cmd
->new_sha1
);
1485 cmd
->index
= ref
->nr
- 1;
1489 if (shallow_update
) {
1490 prepare_shallow_update(commands
, si
);
1494 ref_status
= xmalloc(sizeof(*ref_status
) * ref
->nr
);
1495 assign_shallow_commits_to_refs(si
, NULL
, ref_status
);
1496 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1497 if (is_null_sha1(cmd
->new_sha1
))
1499 if (ref_status
[cmd
->index
]) {
1500 cmd
->error_string
= "shallow update not allowed";
1501 cmd
->skip_update
= 1;
1507 static void report(struct command
*commands
, const char *unpack_status
)
1509 struct command
*cmd
;
1510 struct strbuf buf
= STRBUF_INIT
;
1512 packet_buf_write(&buf
, "unpack %s\n",
1513 unpack_status
? unpack_status
: "ok");
1514 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1515 if (!cmd
->error_string
)
1516 packet_buf_write(&buf
, "ok %s\n",
1519 packet_buf_write(&buf
, "ng %s %s\n",
1520 cmd
->ref_name
, cmd
->error_string
);
1522 packet_buf_flush(&buf
);
1525 send_sideband(1, 1, buf
.buf
, buf
.len
, use_sideband
);
1527 write_or_die(1, buf
.buf
, buf
.len
);
1528 strbuf_release(&buf
);
1531 static int delete_only(struct command
*commands
)
1533 struct command
*cmd
;
1534 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1535 if (!is_null_sha1(cmd
->new_sha1
))
1541 int cmd_receive_pack(int argc
, const char **argv
, const char *prefix
)
1543 int advertise_refs
= 0;
1545 struct command
*commands
;
1546 struct sha1_array shallow
= SHA1_ARRAY_INIT
;
1547 struct sha1_array ref
= SHA1_ARRAY_INIT
;
1548 struct shallow_info si
;
1550 packet_trace_identity("receive-pack");
1553 for (i
= 1; i
< argc
; i
++) {
1554 const char *arg
= *argv
++;
1557 if (!strcmp(arg
, "--quiet")) {
1562 if (!strcmp(arg
, "--advertise-refs")) {
1566 if (!strcmp(arg
, "--stateless-rpc")) {
1570 if (!strcmp(arg
, "--reject-thin-pack-for-testing")) {
1575 usage(receive_pack_usage
);
1578 usage(receive_pack_usage
);
1582 usage(receive_pack_usage
);
1586 if (!enter_repo(service_dir
, 0))
1587 die("'%s' does not appear to be a git repository", service_dir
);
1589 git_config(receive_pack_config
, NULL
);
1590 if (cert_nonce_seed
)
1591 push_cert_nonce
= prepare_push_cert_nonce(service_dir
, time(NULL
));
1593 if (0 <= transfer_unpack_limit
)
1594 unpack_limit
= transfer_unpack_limit
;
1595 else if (0 <= receive_unpack_limit
)
1596 unpack_limit
= receive_unpack_limit
;
1598 if (advertise_refs
|| !stateless_rpc
) {
1604 if ((commands
= read_head_info(&shallow
)) != NULL
) {
1605 const char *unpack_status
= NULL
;
1607 prepare_shallow_info(&si
, &shallow
);
1608 if (!si
.nr_ours
&& !si
.nr_theirs
)
1610 if (!delete_only(commands
)) {
1611 unpack_status
= unpack_with_sideband(&si
);
1612 update_shallow_info(commands
, &si
, &ref
);
1614 execute_commands(commands
, unpack_status
, &si
);
1616 unlink_or_warn(pack_lockfile
);
1618 report(commands
, unpack_status
);
1619 run_receive_hook(commands
, "post-receive", 1);
1620 run_update_post_hook(commands
);
1622 const char *argv_gc_auto
[] = {
1623 "gc", "--auto", "--quiet", NULL
,
1625 int opt
= RUN_GIT_CMD
| RUN_COMMAND_STDOUT_TO_STDERR
;
1626 run_command_v_opt(argv_gc_auto
, opt
);
1628 if (auto_update_server_info
)
1629 update_server_info(0);
1630 clear_shallow_info(&si
);
1634 sha1_array_clear(&shallow
);
1635 sha1_array_clear(&ref
);
1636 free((void *)push_cert_nonce
);