search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
builtin/receive-pack: use check_signature from gpg-interface
[git.git] / builtin / receive-pack.c
blob9f0583deb9936df0268dae1ebee2ab9bac108cff
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "transport.h"
16 #include "string-list.h"
17 #include "sha1-array.h"
18 #include "connected.h"
19 #include "argv-array.h"
20 #include "version.h"
21 #include "tag.h"
22 #include "gpg-interface.h"
23 #include "sigchain.h"
24 #include "fsck.h"
25 #include "tmp-objdir.h"
26 #include "oidset.h"
27 #include "packfile.h"
28 #include "protocol.h"
29
30 static const char * const receive_pack_usage[] = {
31 N_("git receive-pack <git-dir>"),
32 NULL
33 };
34
35 enum deny_action {
36 DENY_UNCONFIGURED,
37 DENY_IGNORE,
38 DENY_WARN,
39 DENY_REFUSE,
40 DENY_UPDATE_INSTEAD
41 };
42
43 static int deny_deletes;
44 static int deny_non_fast_forwards;
45 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
46 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
47 static int receive_fsck_objects = -1;
48 static int transfer_fsck_objects = -1;
49 static struct strbuf fsck_msg_types = STRBUF_INIT;
50 static int receive_unpack_limit = -1;
51 static int transfer_unpack_limit = -1;
52 static int advertise_atomic_push = 1;
53 static int advertise_push_options;
54 static int unpack_limit = 100;
55 static off_t max_input_size;
56 static int report_status;
57 static int use_sideband;
58 static int use_atomic;
59 static int use_push_options;
60 static int quiet;
61 static int prefer_ofs_delta = 1;
62 static int auto_update_server_info;
63 static int auto_gc = 1;
64 static int reject_thin;
65 static int stateless_rpc;
66 static const char *service_dir;
67 static const char *head_name;
68 static void *head_name_to_free;
69 static int sent_capabilities;
70 static int shallow_update;
71 static const char *alt_shallow_file;
72 static struct strbuf push_cert = STRBUF_INIT;
73 static struct object_id push_cert_oid;
74 static struct signature_check sigcheck;
75 static const char *push_cert_nonce;
76 static const char *cert_nonce_seed;
77
78 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
79 static const char *NONCE_BAD = "BAD";
80 static const char *NONCE_MISSING = "MISSING";
81 static const char *NONCE_OK = "OK";
82 static const char *NONCE_SLOP = "SLOP";
83 static const char *nonce_status;
84 static long nonce_stamp_slop;
85 static timestamp_t nonce_stamp_slop_limit;
86 static struct ref_transaction *transaction;
87
88 static enum {
89 KEEPALIVE_NEVER = 0,
90 KEEPALIVE_AFTER_NUL,
91 KEEPALIVE_ALWAYS
92 } use_keepalive;
93 static int keepalive_in_sec = 5;
94
95 static struct tmp_objdir *tmp_objdir;
96
97 static enum deny_action parse_deny_action(const char *var, const char *value)
98 {
99 if (value) {
100 if (!strcasecmp(value, "ignore"))
101 return DENY_IGNORE;
102 if (!strcasecmp(value, "warn"))
103 return DENY_WARN;
104 if (!strcasecmp(value, "refuse"))
105 return DENY_REFUSE;
106 if (!strcasecmp(value, "updateinstead"))
107 return DENY_UPDATE_INSTEAD;
108 }
109 if (git_config_bool(var, value))
110 return DENY_REFUSE;
111 return DENY_IGNORE;
112 }
113
114 static int receive_pack_config(const char *var, const char *value, void *cb)
115 {
116 int status = parse_hide_refs_config(var, value, "receive");
117
118 if (status)
119 return status;
120
121 if (strcmp(var, "receive.denydeletes") == 0) {
122 deny_deletes = git_config_bool(var, value);
123 return 0;
124 }
125
126 if (strcmp(var, "receive.denynonfastforwards") == 0) {
127 deny_non_fast_forwards = git_config_bool(var, value);
128 return 0;
129 }
130
131 if (strcmp(var, "receive.unpacklimit") == 0) {
132 receive_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135
136 if (strcmp(var, "transfer.unpacklimit") == 0) {
137 transfer_unpack_limit = git_config_int(var, value);
138 return 0;
139 }
140
141 if (strcmp(var, "receive.fsck.skiplist") == 0) {
142 const char *path;
143
144 if (git_config_pathname(&path, var, value))
145 return 1;
146 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
147 fsck_msg_types.len ? ',' : '=', path);
148 free((char *)path);
149 return 0;
150 }
151
152 if (skip_prefix(var, "receive.fsck.", &var)) {
153 if (is_valid_msg_type(var, value))
154 strbuf_addf(&fsck_msg_types, "%c%s=%s",
155 fsck_msg_types.len ? ',' : '=', var, value);
156 else
157 warning("Skipping unknown msg id '%s'", var);
158 return 0;
159 }
160
161 if (strcmp(var, "receive.fsckobjects") == 0) {
162 receive_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165
166 if (strcmp(var, "transfer.fsckobjects") == 0) {
167 transfer_fsck_objects = git_config_bool(var, value);
168 return 0;
169 }
170
171 if (!strcmp(var, "receive.denycurrentbranch")) {
172 deny_current_branch = parse_deny_action(var, value);
173 return 0;
174 }
175
176 if (strcmp(var, "receive.denydeletecurrent") == 0) {
177 deny_delete_current = parse_deny_action(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
182 prefer_ofs_delta = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (strcmp(var, "receive.updateserverinfo") == 0) {
187 auto_update_server_info = git_config_bool(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.autogc") == 0) {
192 auto_gc = git_config_bool(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "receive.shallowupdate") == 0) {
197 shallow_update = git_config_bool(var, value);
198 return 0;
199 }
200
201 if (strcmp(var, "receive.certnonceseed") == 0)
202 return git_config_string(&cert_nonce_seed, var, value);
203
204 if (strcmp(var, "receive.certnonceslop") == 0) {
205 nonce_stamp_slop_limit = git_config_ulong(var, value);
206 return 0;
207 }
208
209 if (strcmp(var, "receive.advertiseatomic") == 0) {
210 advertise_atomic_push = git_config_bool(var, value);
211 return 0;
212 }
213
214 if (strcmp(var, "receive.advertisepushoptions") == 0) {
215 advertise_push_options = git_config_bool(var, value);
216 return 0;
217 }
218
219 if (strcmp(var, "receive.keepalive") == 0) {
220 keepalive_in_sec = git_config_int(var, value);
221 return 0;
222 }
223
224 if (strcmp(var, "receive.maxinputsize") == 0) {
225 max_input_size = git_config_int64(var, value);
226 return 0;
227 }
228
229 return git_default_config(var, value, cb);
230 }
231
232 static void show_ref(const char *path, const struct object_id *oid)
233 {
234 if (sent_capabilities) {
235 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
236 } else {
237 struct strbuf cap = STRBUF_INIT;
238
239 strbuf_addstr(&cap,
240 "report-status delete-refs side-band-64k quiet");
241 if (advertise_atomic_push)
242 strbuf_addstr(&cap, " atomic");
243 if (prefer_ofs_delta)
244 strbuf_addstr(&cap, " ofs-delta");
245 if (push_cert_nonce)
246 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
247 if (advertise_push_options)
248 strbuf_addstr(&cap, " push-options");
249 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
250 packet_write_fmt(1, "%s %s%c%s\n",
251 oid_to_hex(oid), path, 0, cap.buf);
252 strbuf_release(&cap);
253 sent_capabilities = 1;
254 }
255 }
256
257 static int show_ref_cb(const char *path_full, const struct object_id *oid,
258 int flag, void *data)
259 {
260 struct oidset *seen = data;
261 const char *path = strip_namespace(path_full);
262
263 if (ref_is_hidden(path, path_full))
264 return 0;
265
266 /*
267 * Advertise refs outside our current namespace as ".have"
268 * refs, so that the client can use them to minimize data
269 * transfer but will otherwise ignore them.
270 */
271 if (!path) {
272 if (oidset_insert(seen, oid))
273 return 0;
274 path = ".have";
275 } else {
276 oidset_insert(seen, oid);
277 }
278 show_ref(path, oid);
279 return 0;
280 }
281
282 static void show_one_alternate_ref(const char *refname,
283 const struct object_id *oid,
284 void *data)
285 {
286 struct oidset *seen = data;
287
288 if (oidset_insert(seen, oid))
289 return;
290
291 show_ref(".have", oid);
292 }
293
294 static void write_head_info(void)
295 {
296 static struct oidset seen = OIDSET_INIT;
297
298 for_each_ref(show_ref_cb, &seen);
299 for_each_alternate_ref(show_one_alternate_ref, &seen);
300 oidset_clear(&seen);
301 if (!sent_capabilities)
302 show_ref("capabilities^{}", &null_oid);
303
304 advertise_shallow_grafts(1);
305
306 /* EOF */
307 packet_flush(1);
308 }
309
310 struct command {
311 struct command *next;
312 const char *error_string;
313 unsigned int skip_update:1,
314 did_not_exist:1;
315 int index;
316 struct object_id old_oid;
317 struct object_id new_oid;
318 char ref_name[FLEX_ARRAY]; /* more */
319 };
320
321 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
322 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
323
324 static void report_message(const char *prefix, const char *err, va_list params)
325 {
326 int sz;
327 char msg[4096];
328
329 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
330 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
331 if (sz > (sizeof(msg) - 1))
332 sz = sizeof(msg) - 1;
333 msg[sz++] = '\n';
334
335 if (use_sideband)
336 send_sideband(1, 2, msg, sz, use_sideband);
337 else
338 xwrite(2, msg, sz);
339 }
340
341 static void rp_warning(const char *err, ...)
342 {
343 va_list params;
344 va_start(params, err);
345 report_message("warning: ", err, params);
346 va_end(params);
347 }
348
349 static void rp_error(const char *err, ...)
350 {
351 va_list params;
352 va_start(params, err);
353 report_message("error: ", err, params);
354 va_end(params);
355 }
356
357 static int copy_to_sideband(int in, int out, void *arg)
358 {
359 char data[128];
360 int keepalive_active = 0;
361
362 if (keepalive_in_sec <= 0)
363 use_keepalive = KEEPALIVE_NEVER;
364 if (use_keepalive == KEEPALIVE_ALWAYS)
365 keepalive_active = 1;
366
367 while (1) {
368 ssize_t sz;
369
370 if (keepalive_active) {
371 struct pollfd pfd;
372 int ret;
373
374 pfd.fd = in;
375 pfd.events = POLLIN;
376 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
377
378 if (ret < 0) {
379 if (errno == EINTR)
380 continue;
381 else
382 break;
383 } else if (ret == 0) {
384 /* no data; send a keepalive packet */
385 static const char buf[] = "0005\1";
386 write_or_die(1, buf, sizeof(buf) - 1);
387 continue;
388 } /* else there is actual data to read */
389 }
390
391 sz = xread(in, data, sizeof(data));
392 if (sz <= 0)
393 break;
394
395 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
396 const char *p = memchr(data, '\0', sz);
397 if (p) {
398 /*
399 * The NUL tells us to start sending keepalives. Make
400 * sure we send any other data we read along
401 * with it.
402 */
403 keepalive_active = 1;
404 send_sideband(1, 2, data, p - data, use_sideband);
405 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
406 continue;
407 }
408 }
409
410 /*
411 * Either we're not looking for a NUL signal, or we didn't see
412 * it yet; just pass along the data.
413 */
414 send_sideband(1, 2, data, sz, use_sideband);
415 }
416 close(in);
417 return 0;
418 }
419
420 #define HMAC_BLOCK_SIZE 64
421
422 static void hmac_sha1(unsigned char *out,
423 const char *key_in, size_t key_len,
424 const char *text, size_t text_len)
425 {
426 unsigned char key[HMAC_BLOCK_SIZE];
427 unsigned char k_ipad[HMAC_BLOCK_SIZE];
428 unsigned char k_opad[HMAC_BLOCK_SIZE];
429 int i;
430 git_SHA_CTX ctx;
431
432 /* RFC 2104 2. (1) */
433 memset(key, '\0', HMAC_BLOCK_SIZE);
434 if (HMAC_BLOCK_SIZE < key_len) {
435 git_SHA1_Init(&ctx);
436 git_SHA1_Update(&ctx, key_in, key_len);
437 git_SHA1_Final(key, &ctx);
438 } else {
439 memcpy(key, key_in, key_len);
440 }
441
442 /* RFC 2104 2. (2) & (5) */
443 for (i = 0; i < sizeof(key); i++) {
444 k_ipad[i] = key[i] ^ 0x36;
445 k_opad[i] = key[i] ^ 0x5c;
446 }
447
448 /* RFC 2104 2. (3) & (4) */
449 git_SHA1_Init(&ctx);
450 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
451 git_SHA1_Update(&ctx, text, text_len);
452 git_SHA1_Final(out, &ctx);
453
454 /* RFC 2104 2. (6) & (7) */
455 git_SHA1_Init(&ctx);
456 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
457 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
458 git_SHA1_Final(out, &ctx);
459 }
460
461 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462 {
463 struct strbuf buf = STRBUF_INIT;
464 unsigned char sha1[GIT_SHA1_RAWSZ];
465
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
468 strbuf_release(&buf);
469
470 /* RFC 2104 5. HMAC-SHA1-80 */
471 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
472 return strbuf_detach(&buf, NULL);
473 }
474
475 /*
476 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
477 * after dropping "_commit" from its name and possibly moving it out
478 * of commit.c
479 */
480 static char *find_header(const char *msg, size_t len, const char *key,
481 const char **next_line)
482 {
483 int key_len = strlen(key);
484 const char *line = msg;
485
486 while (line && line < msg + len) {
487 const char *eol = strchrnul(line, '\n');
488
489 if ((msg + len <= eol) || line == eol)
490 return NULL;
491 if (line + key_len < eol &&
492 !memcmp(line, key, key_len) && line[key_len] == ' ') {
493 int offset = key_len + 1;
494 if (next_line)
495 *next_line = *eol ? eol + 1 : eol;
496 return xmemdupz(line + offset, (eol - line) - offset);
497 }
498 line = *eol ? eol + 1 : NULL;
499 }
500 return NULL;
501 }
502
503 static const char *check_nonce(const char *buf, size_t len)
504 {
505 char *nonce = find_header(buf, len, "nonce", NULL);
506 timestamp_t stamp, ostamp;
507 char *bohmac, *expect = NULL;
508 const char *retval = NONCE_BAD;
509
510 if (!nonce) {
511 retval = NONCE_MISSING;
512 goto leave;
513 } else if (!push_cert_nonce) {
514 retval = NONCE_UNSOLICITED;
515 goto leave;
516 } else if (!strcmp(push_cert_nonce, nonce)) {
517 retval = NONCE_OK;
518 goto leave;
519 }
520
521 if (!stateless_rpc) {
522 /* returned nonce MUST match what we gave out earlier */
523 retval = NONCE_BAD;
524 goto leave;
525 }
526
527 /*
528 * In stateless mode, we may be receiving a nonce issued by
529 * another instance of the server that serving the same
530 * repository, and the timestamps may not match, but the
531 * nonce-seed and dir should match, so we can recompute and
532 * report the time slop.
533 *
534 * In addition, when a nonce issued by another instance has
535 * timestamp within receive.certnonceslop seconds, we pretend
536 * as if we issued that nonce when reporting to the hook.
537 */
538
539 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
540 if (*nonce <= '0' || '9' < *nonce) {
541 retval = NONCE_BAD;
542 goto leave;
543 }
544 stamp = parse_timestamp(nonce, &bohmac, 10);
545 if (bohmac == nonce || bohmac[0] != '-') {
546 retval = NONCE_BAD;
547 goto leave;
548 }
549
550 expect = prepare_push_cert_nonce(service_dir, stamp);
551 if (strcmp(expect, nonce)) {
552 /* Not what we would have signed earlier */
553 retval = NONCE_BAD;
554 goto leave;
555 }
556
557 /*
558 * By how many seconds is this nonce stale? Negative value
559 * would mean it was issued by another server with its clock
560 * skewed in the future.
561 */
562 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
563 nonce_stamp_slop = (long)ostamp - (long)stamp;
564
565 if (nonce_stamp_slop_limit &&
566 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
567 /*
568 * Pretend as if the received nonce (which passes the
569 * HMAC check, so it is not a forged by third-party)
570 * is what we issued.
571 */
572 free((void *)push_cert_nonce);
573 push_cert_nonce = xstrdup(nonce);
574 retval = NONCE_OK;
575 } else {
576 retval = NONCE_SLOP;
577 }
578
579 leave:
580 free(nonce);
581 free(expect);
582 return retval;
583 }
584
585 /*
586 * Return 1 if there is no push_cert or if the push options in push_cert are
587 * the same as those in the argument; 0 otherwise.
588 */
589 static int check_cert_push_options(const struct string_list *push_options)
590 {
591 const char *buf = push_cert.buf;
592 int len = push_cert.len;
593
594 char *option;
595 const char *next_line;
596 int options_seen = 0;
597
598 int retval = 1;
599
600 if (!len)
601 return 1;
602
603 while ((option = find_header(buf, len, "push-option", &next_line))) {
604 len -= (next_line - buf);
605 buf = next_line;
606 options_seen++;
607 if (options_seen > push_options->nr
608 || strcmp(option,
609 push_options->items[options_seen - 1].string)) {
610 retval = 0;
611 goto leave;
612 }
613 free(option);
614 }
615
616 if (options_seen != push_options->nr)
617 retval = 0;
618
619 leave:
620 free(option);
621 return retval;
622 }
623
624 static void prepare_push_cert_sha1(struct child_process *proc)
625 {
626 static int already_done;
627
628 if (!push_cert.len)
629 return;
630
631 if (!already_done) {
632 int bogs /* beginning_of_gpg_sig */;
633
634 already_done = 1;
635 if (write_object_file(push_cert.buf, push_cert.len, "blob",
636 &push_cert_oid))
637 oidclr(&push_cert_oid);
638
639 memset(&sigcheck, '\0', sizeof(sigcheck));
640
641 bogs = parse_signature(push_cert.buf, push_cert.len);
642 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
643 push_cert.len - bogs, &sigcheck);
644
645 nonce_status = check_nonce(push_cert.buf, bogs);
646 }
647 if (!is_null_oid(&push_cert_oid)) {
648 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
649 oid_to_hex(&push_cert_oid));
650 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
651 sigcheck.signer ? sigcheck.signer : "");
652 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
653 sigcheck.key ? sigcheck.key : "");
654 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
655 sigcheck.result);
656 if (push_cert_nonce) {
657 argv_array_pushf(&proc->env_array,
658 "GIT_PUSH_CERT_NONCE=%s",
659 push_cert_nonce);
660 argv_array_pushf(&proc->env_array,
661 "GIT_PUSH_CERT_NONCE_STATUS=%s",
662 nonce_status);
663 if (nonce_status == NONCE_SLOP)
664 argv_array_pushf(&proc->env_array,
665 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
666 nonce_stamp_slop);
667 }
668 }
669 }
670
671 struct receive_hook_feed_state {
672 struct command *cmd;
673 int skip_broken;
674 struct strbuf buf;
675 const struct string_list *push_options;
676 };
677
678 typedef int (*feed_fn)(void *, const char **, size_t *);
679 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
680 struct receive_hook_feed_state *feed_state)
681 {
682 struct child_process proc = CHILD_PROCESS_INIT;
683 struct async muxer;
684 const char *argv[2];
685 int code;
686
687 argv[0] = find_hook(hook_name);
688 if (!argv[0])
689 return 0;
690
691 argv[1] = NULL;
692
693 proc.argv = argv;
694 proc.in = -1;
695 proc.stdout_to_stderr = 1;
696 if (feed_state->push_options) {
697 int i;
698 for (i = 0; i < feed_state->push_options->nr; i++)
699 argv_array_pushf(&proc.env_array,
700 "GIT_PUSH_OPTION_%d=%s", i,
701 feed_state->push_options->items[i].string);
702 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
703 feed_state->push_options->nr);
704 } else
705 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
706
707 if (tmp_objdir)
708 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
709
710 if (use_sideband) {
711 memset(&muxer, 0, sizeof(muxer));
712 muxer.proc = copy_to_sideband;
713 muxer.in = -1;
714 code = start_async(&muxer);
715 if (code)
716 return code;
717 proc.err = muxer.in;
718 }
719
720 prepare_push_cert_sha1(&proc);
721
722 code = start_command(&proc);
723 if (code) {
724 if (use_sideband)
725 finish_async(&muxer);
726 return code;
727 }
728
729 sigchain_push(SIGPIPE, SIG_IGN);
730
731 while (1) {
732 const char *buf;
733 size_t n;
734 if (feed(feed_state, &buf, &n))
735 break;
736 if (write_in_full(proc.in, buf, n) < 0)
737 break;
738 }
739 close(proc.in);
740 if (use_sideband)
741 finish_async(&muxer);
742
743 sigchain_pop(SIGPIPE);
744
745 return finish_command(&proc);
746 }
747
748 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
749 {
750 struct receive_hook_feed_state *state = state_;
751 struct command *cmd = state->cmd;
752
753 while (cmd &&
754 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
755 cmd = cmd->next;
756 if (!cmd)
757 return -1; /* EOF */
758 strbuf_reset(&state->buf);
759 strbuf_addf(&state->buf, "%s %s %s\n",
760 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
761 cmd->ref_name);
762 state->cmd = cmd->next;
763 if (bufp) {
764 *bufp = state->buf.buf;
765 *sizep = state->buf.len;
766 }
767 return 0;
768 }
769
770 static int run_receive_hook(struct command *commands,
771 const char *hook_name,
772 int skip_broken,
773 const struct string_list *push_options)
774 {
775 struct receive_hook_feed_state state;
776 int status;
777
778 strbuf_init(&state.buf, 0);
779 state.cmd = commands;
780 state.skip_broken = skip_broken;
781 if (feed_receive_hook(&state, NULL, NULL))
782 return 0;
783 state.cmd = commands;
784 state.push_options = push_options;
785 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
786 strbuf_release(&state.buf);
787 return status;
788 }
789
790 static int run_update_hook(struct command *cmd)
791 {
792 const char *argv[5];
793 struct child_process proc = CHILD_PROCESS_INIT;
794 int code;
795
796 argv[0] = find_hook("update");
797 if (!argv[0])
798 return 0;
799
800 argv[1] = cmd->ref_name;
801 argv[2] = oid_to_hex(&cmd->old_oid);
802 argv[3] = oid_to_hex(&cmd->new_oid);
803 argv[4] = NULL;
804
805 proc.no_stdin = 1;
806 proc.stdout_to_stderr = 1;
807 proc.err = use_sideband ? -1 : 0;
808 proc.argv = argv;
809
810 code = start_command(&proc);
811 if (code)
812 return code;
813 if (use_sideband)
814 copy_to_sideband(proc.err, -1, NULL);
815 return finish_command(&proc);
816 }
817
818 static int is_ref_checked_out(const char *ref)
819 {
820 if (is_bare_repository())
821 return 0;
822
823 if (!head_name)
824 return 0;
825 return !strcmp(head_name, ref);
826 }
827
828 static char *refuse_unconfigured_deny_msg =
829 N_("By default, updating the current branch in a non-bare repository\n"
830 "is denied, because it will make the index and work tree inconsistent\n"
831 "with what you pushed, and will require 'git reset --hard' to match\n"
832 "the work tree to HEAD.\n"
833 "\n"
834 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
835 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
836 "its current branch; however, this is not recommended unless you\n"
837 "arranged to update its work tree to match what you pushed in some\n"
838 "other way.\n"
839 "\n"
840 "To squelch this message and still keep the default behaviour, set\n"
841 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
842
843 static void refuse_unconfigured_deny(void)
844 {
845 rp_error("%s", _(refuse_unconfigured_deny_msg));
846 }
847
848 static char *refuse_unconfigured_deny_delete_current_msg =
849 N_("By default, deleting the current branch is denied, because the next\n"
850 "'git clone' won't result in any file checked out, causing confusion.\n"
851 "\n"
852 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
853 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
854 "current branch, with or without a warning message.\n"
855 "\n"
856 "To squelch this message, you can set it to 'refuse'.");
857
858 static void refuse_unconfigured_deny_delete_current(void)
859 {
860 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
861 }
862
863 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
864 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
865 {
866 struct lock_file shallow_lock = LOCK_INIT;
867 struct oid_array extra = OID_ARRAY_INIT;
868 struct check_connected_options opt = CHECK_CONNECTED_INIT;
869 uint32_t mask = 1 << (cmd->index % 32);
870 int i;
871
872 trace_printf_key(&trace_shallow,
873 "shallow: update_shallow_ref %s\n", cmd->ref_name);
874 for (i = 0; i < si->shallow->nr; i++)
875 if (si->used_shallow[i] &&
876 (si->used_shallow[i][cmd->index / 32] & mask) &&
877 !delayed_reachability_test(si, i))
878 oid_array_append(&extra, &si->shallow->oid[i]);
879
880 opt.env = tmp_objdir_env(tmp_objdir);
881 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
882 if (check_connected(command_singleton_iterator, cmd, &opt)) {
883 rollback_lock_file(&shallow_lock);
884 oid_array_clear(&extra);
885 return -1;
886 }
887
888 commit_lock_file(&shallow_lock);
889
890 /*
891 * Make sure setup_alternate_shallow() for the next ref does
892 * not lose these new roots..
893 */
894 for (i = 0; i < extra.nr; i++)
895 register_shallow(&extra.oid[i]);
896
897 si->shallow_ref[cmd->index] = 0;
898 oid_array_clear(&extra);
899 return 0;
900 }
901
902 /*
903 * NEEDSWORK: we should consolidate various implementions of "are we
904 * on an unborn branch?" test into one, and make the unified one more
905 * robust. !get_sha1() based check used here and elsewhere would not
906 * allow us to tell an unborn branch from corrupt ref, for example.
907 * For the purpose of fixing "deploy-to-update does not work when
908 * pushing into an empty repository" issue, this should suffice for
909 * now.
910 */
911 static int head_has_history(void)
912 {
913 struct object_id oid;
914
915 return !get_oid("HEAD", &oid);
916 }
917
918 static const char *push_to_deploy(unsigned char *sha1,
919 struct argv_array *env,
920 const char *work_tree)
921 {
922 const char *update_refresh[] = {
923 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
924 };
925 const char *diff_files[] = {
926 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
927 };
928 const char *diff_index[] = {
929 "diff-index", "--quiet", "--cached", "--ignore-submodules",
930 NULL, "--", NULL
931 };
932 const char *read_tree[] = {
933 "read-tree", "-u", "-m", NULL, NULL
934 };
935 struct child_process child = CHILD_PROCESS_INIT;
936
937 child.argv = update_refresh;
938 child.env = env->argv;
939 child.dir = work_tree;
940 child.no_stdin = 1;
941 child.stdout_to_stderr = 1;
942 child.git_cmd = 1;
943 if (run_command(&child))
944 return "Up-to-date check failed";
945
946 /* run_command() does not clean up completely; reinitialize */
947 child_process_init(&child);
948 child.argv = diff_files;
949 child.env = env->argv;
950 child.dir = work_tree;
951 child.no_stdin = 1;
952 child.stdout_to_stderr = 1;
953 child.git_cmd = 1;
954 if (run_command(&child))
955 return "Working directory has unstaged changes";
956
957 /* diff-index with either HEAD or an empty tree */
958 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
959
960 child_process_init(&child);
961 child.argv = diff_index;
962 child.env = env->argv;
963 child.no_stdin = 1;
964 child.no_stdout = 1;
965 child.stdout_to_stderr = 0;
966 child.git_cmd = 1;
967 if (run_command(&child))
968 return "Working directory has staged changes";
969
970 read_tree[3] = sha1_to_hex(sha1);
971 child_process_init(&child);
972 child.argv = read_tree;
973 child.env = env->argv;
974 child.dir = work_tree;
975 child.no_stdin = 1;
976 child.no_stdout = 1;
977 child.stdout_to_stderr = 0;
978 child.git_cmd = 1;
979 if (run_command(&child))
980 return "Could not update working tree to new HEAD";
981
982 return NULL;
983 }
984
985 static const char *push_to_checkout_hook = "push-to-checkout";
986
987 static const char *push_to_checkout(unsigned char *sha1,
988 struct argv_array *env,
989 const char *work_tree)
990 {
991 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
992 if (run_hook_le(env->argv, push_to_checkout_hook,
993 sha1_to_hex(sha1), NULL))
994 return "push-to-checkout hook declined";
995 else
996 return NULL;
997 }
998
999 static const char *update_worktree(unsigned char *sha1)
1000 {
1001 const char *retval;
1002 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1003 struct argv_array env = ARGV_ARRAY_INIT;
1004
1005 if (is_bare_repository())
1006 return "denyCurrentBranch = updateInstead needs a worktree";
1007
1008 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1009
1010 if (!find_hook(push_to_checkout_hook))
1011 retval = push_to_deploy(sha1, &env, work_tree);
1012 else
1013 retval = push_to_checkout(sha1, &env, work_tree);
1014
1015 argv_array_clear(&env);
1016 return retval;
1017 }
1018
1019 static const char *update(struct command *cmd, struct shallow_info *si)
1020 {
1021 const char *name = cmd->ref_name;
1022 struct strbuf namespaced_name_buf = STRBUF_INIT;
1023 static char *namespaced_name;
1024 const char *ret;
1025 struct object_id *old_oid = &cmd->old_oid;
1026 struct object_id *new_oid = &cmd->new_oid;
1027
1028 /* only refs/... are allowed */
1029 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1030 rp_error("refusing to create funny ref '%s' remotely", name);
1031 return "funny refname";
1032 }
1033
1034 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1035 free(namespaced_name);
1036 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1037
1038 if (is_ref_checked_out(namespaced_name)) {
1039 switch (deny_current_branch) {
1040 case DENY_IGNORE:
1041 break;
1042 case DENY_WARN:
1043 rp_warning("updating the current branch");
1044 break;
1045 case DENY_REFUSE:
1046 case DENY_UNCONFIGURED:
1047 rp_error("refusing to update checked out branch: %s", name);
1048 if (deny_current_branch == DENY_UNCONFIGURED)
1049 refuse_unconfigured_deny();
1050 return "branch is currently checked out";
1051 case DENY_UPDATE_INSTEAD:
1052 ret = update_worktree(new_oid->hash);
1053 if (ret)
1054 return ret;
1055 break;
1056 }
1057 }
1058
1059 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1060 error("unpack should have generated %s, "
1061 "but I can't find it!", oid_to_hex(new_oid));
1062 return "bad pack";
1063 }
1064
1065 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1066 if (deny_deletes && starts_with(name, "refs/heads/")) {
1067 rp_error("denying ref deletion for %s", name);
1068 return "deletion prohibited";
1069 }
1070
1071 if (head_name && !strcmp(namespaced_name, head_name)) {
1072 switch (deny_delete_current) {
1073 case DENY_IGNORE:
1074 break;
1075 case DENY_WARN:
1076 rp_warning("deleting the current branch");
1077 break;
1078 case DENY_REFUSE:
1079 case DENY_UNCONFIGURED:
1080 case DENY_UPDATE_INSTEAD:
1081 if (deny_delete_current == DENY_UNCONFIGURED)
1082 refuse_unconfigured_deny_delete_current();
1083 rp_error("refusing to delete the current branch: %s", name);
1084 return "deletion of the current branch prohibited";
1085 default:
1086 return "Invalid denyDeleteCurrent setting";
1087 }
1088 }
1089 }
1090
1091 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1092 !is_null_oid(old_oid) &&
1093 starts_with(name, "refs/heads/")) {
1094 struct object *old_object, *new_object;
1095 struct commit *old_commit, *new_commit;
1096
1097 old_object = parse_object(old_oid);
1098 new_object = parse_object(new_oid);
1099
1100 if (!old_object || !new_object ||
1101 old_object->type != OBJ_COMMIT ||
1102 new_object->type != OBJ_COMMIT) {
1103 error("bad sha1 objects for %s", name);
1104 return "bad ref";
1105 }
1106 old_commit = (struct commit *)old_object;
1107 new_commit = (struct commit *)new_object;
1108 if (!in_merge_bases(old_commit, new_commit)) {
1109 rp_error("denying non-fast-forward %s"
1110 " (you should pull first)", name);
1111 return "non-fast-forward";
1112 }
1113 }
1114 if (run_update_hook(cmd)) {
1115 rp_error("hook declined to update %s", name);
1116 return "hook declined";
1117 }
1118
1119 if (is_null_oid(new_oid)) {
1120 struct strbuf err = STRBUF_INIT;
1121 if (!parse_object(old_oid)) {
1122 old_oid = NULL;
1123 if (ref_exists(name)) {
1124 rp_warning("Allowing deletion of corrupt ref.");
1125 } else {
1126 rp_warning("Deleting a non-existent ref.");
1127 cmd->did_not_exist = 1;
1128 }
1129 }
1130 if (ref_transaction_delete(transaction,
1131 namespaced_name,
1132 old_oid,
1133 0, "push", &err)) {
1134 rp_error("%s", err.buf);
1135 strbuf_release(&err);
1136 return "failed to delete";
1137 }
1138 strbuf_release(&err);
1139 return NULL; /* good */
1140 }
1141 else {
1142 struct strbuf err = STRBUF_INIT;
1143 if (shallow_update && si->shallow_ref[cmd->index] &&
1144 update_shallow_ref(cmd, si))
1145 return "shallow error";
1146
1147 if (ref_transaction_update(transaction,
1148 namespaced_name,
1149 new_oid, old_oid,
1150 0, "push",
1151 &err)) {
1152 rp_error("%s", err.buf);
1153 strbuf_release(&err);
1154
1155 return "failed to update ref";
1156 }
1157 strbuf_release(&err);
1158
1159 return NULL; /* good */
1160 }
1161 }
1162
1163 static void run_update_post_hook(struct command *commands)
1164 {
1165 struct command *cmd;
1166 struct child_process proc = CHILD_PROCESS_INIT;
1167 const char *hook;
1168
1169 hook = find_hook("post-update");
1170 if (!hook)
1171 return;
1172
1173 for (cmd = commands; cmd; cmd = cmd->next) {
1174 if (cmd->error_string || cmd->did_not_exist)
1175 continue;
1176 if (!proc.args.argc)
1177 argv_array_push(&proc.args, hook);
1178 argv_array_push(&proc.args, cmd->ref_name);
1179 }
1180 if (!proc.args.argc)
1181 return;
1182
1183 proc.no_stdin = 1;
1184 proc.stdout_to_stderr = 1;
1185 proc.err = use_sideband ? -1 : 0;
1186
1187 if (!start_command(&proc)) {
1188 if (use_sideband)
1189 copy_to_sideband(proc.err, -1, NULL);
1190 finish_command(&proc);
1191 }
1192 }
1193
1194 static void check_aliased_update(struct command *cmd, struct string_list *list)
1195 {
1196 struct strbuf buf = STRBUF_INIT;
1197 const char *dst_name;
1198 struct string_list_item *item;
1199 struct command *dst_cmd;
1200 int flag;
1201
1202 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1203 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1204 strbuf_release(&buf);
1205
1206 if (!(flag & REF_ISSYMREF))
1207 return;
1208
1209 if (!dst_name) {
1210 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1211 cmd->skip_update = 1;
1212 cmd->error_string = "broken symref";
1213 return;
1214 }
1215 dst_name = strip_namespace(dst_name);
1216
1217 if ((item = string_list_lookup(list, dst_name)) == NULL)
1218 return;
1219
1220 cmd->skip_update = 1;
1221
1222 dst_cmd = (struct command *) item->util;
1223
1224 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1225 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1226 return;
1227
1228 dst_cmd->skip_update = 1;
1229
1230 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1231 " its target '%s' (%s..%s)",
1232 cmd->ref_name,
1233 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1234 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1235 dst_cmd->ref_name,
1236 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1237 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1238
1239 cmd->error_string = dst_cmd->error_string =
1240 "inconsistent aliased update";
1241 }
1242
1243 static void check_aliased_updates(struct command *commands)
1244 {
1245 struct command *cmd;
1246 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1247
1248 for (cmd = commands; cmd; cmd = cmd->next) {
1249 struct string_list_item *item =
1250 string_list_append(&ref_list, cmd->ref_name);
1251 item->util = (void *)cmd;
1252 }
1253 string_list_sort(&ref_list);
1254
1255 for (cmd = commands; cmd; cmd = cmd->next) {
1256 if (!cmd->error_string)
1257 check_aliased_update(cmd, &ref_list);
1258 }
1259
1260 string_list_clear(&ref_list, 0);
1261 }
1262
1263 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1264 {
1265 struct command **cmd_list = cb_data;
1266 struct command *cmd = *cmd_list;
1267
1268 if (!cmd || is_null_oid(&cmd->new_oid))
1269 return -1; /* end of list */
1270 *cmd_list = NULL; /* this returns only one */
1271 oidcpy(oid, &cmd->new_oid);
1272 return 0;
1273 }
1274
1275 static void set_connectivity_errors(struct command *commands,
1276 struct shallow_info *si)
1277 {
1278 struct command *cmd;
1279
1280 for (cmd = commands; cmd; cmd = cmd->next) {
1281 struct command *singleton = cmd;
1282 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1283
1284 if (shallow_update && si->shallow_ref[cmd->index])
1285 /* to be checked in update_shallow_ref() */
1286 continue;
1287
1288 opt.env = tmp_objdir_env(tmp_objdir);
1289 if (!check_connected(command_singleton_iterator, &singleton,
1290 &opt))
1291 continue;
1292
1293 cmd->error_string = "missing necessary objects";
1294 }
1295 }
1296
1297 struct iterate_data {
1298 struct command *cmds;
1299 struct shallow_info *si;
1300 };
1301
1302 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1303 {
1304 struct iterate_data *data = cb_data;
1305 struct command **cmd_list = &data->cmds;
1306 struct command *cmd = *cmd_list;
1307
1308 for (; cmd; cmd = cmd->next) {
1309 if (shallow_update && data->si->shallow_ref[cmd->index])
1310 /* to be checked in update_shallow_ref() */
1311 continue;
1312 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1313 oidcpy(oid, &cmd->new_oid);
1314 *cmd_list = cmd->next;
1315 return 0;
1316 }
1317 }
1318 *cmd_list = NULL;
1319 return -1; /* end of list */
1320 }
1321
1322 static void reject_updates_to_hidden(struct command *commands)
1323 {
1324 struct strbuf refname_full = STRBUF_INIT;
1325 size_t prefix_len;
1326 struct command *cmd;
1327
1328 strbuf_addstr(&refname_full, get_git_namespace());
1329 prefix_len = refname_full.len;
1330
1331 for (cmd = commands; cmd; cmd = cmd->next) {
1332 if (cmd->error_string)
1333 continue;
1334
1335 strbuf_setlen(&refname_full, prefix_len);
1336 strbuf_addstr(&refname_full, cmd->ref_name);
1337
1338 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1339 continue;
1340 if (is_null_oid(&cmd->new_oid))
1341 cmd->error_string = "deny deleting a hidden ref";
1342 else
1343 cmd->error_string = "deny updating a hidden ref";
1344 }
1345
1346 strbuf_release(&refname_full);
1347 }
1348
1349 static int should_process_cmd(struct command *cmd)
1350 {
1351 return !cmd->error_string && !cmd->skip_update;
1352 }
1353
1354 static void warn_if_skipped_connectivity_check(struct command *commands,
1355 struct shallow_info *si)
1356 {
1357 struct command *cmd;
1358 int checked_connectivity = 1;
1359
1360 for (cmd = commands; cmd; cmd = cmd->next) {
1361 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1362 error("BUG: connectivity check has not been run on ref %s",
1363 cmd->ref_name);
1364 checked_connectivity = 0;
1365 }
1366 }
1367 if (!checked_connectivity)
1368 BUG("connectivity check skipped???");
1369 }
1370
1371 static void execute_commands_non_atomic(struct command *commands,
1372 struct shallow_info *si)
1373 {
1374 struct command *cmd;
1375 struct strbuf err = STRBUF_INIT;
1376
1377 for (cmd = commands; cmd; cmd = cmd->next) {
1378 if (!should_process_cmd(cmd))
1379 continue;
1380
1381 transaction = ref_transaction_begin(&err);
1382 if (!transaction) {
1383 rp_error("%s", err.buf);
1384 strbuf_reset(&err);
1385 cmd->error_string = "transaction failed to start";
1386 continue;
1387 }
1388
1389 cmd->error_string = update(cmd, si);
1390
1391 if (!cmd->error_string
1392 && ref_transaction_commit(transaction, &err)) {
1393 rp_error("%s", err.buf);
1394 strbuf_reset(&err);
1395 cmd->error_string = "failed to update ref";
1396 }
1397 ref_transaction_free(transaction);
1398 }
1399 strbuf_release(&err);
1400 }
1401
1402 static void execute_commands_atomic(struct command *commands,
1403 struct shallow_info *si)
1404 {
1405 struct command *cmd;
1406 struct strbuf err = STRBUF_INIT;
1407 const char *reported_error = "atomic push failure";
1408
1409 transaction = ref_transaction_begin(&err);
1410 if (!transaction) {
1411 rp_error("%s", err.buf);
1412 strbuf_reset(&err);
1413 reported_error = "transaction failed to start";
1414 goto failure;
1415 }
1416
1417 for (cmd = commands; cmd; cmd = cmd->next) {
1418 if (!should_process_cmd(cmd))
1419 continue;
1420
1421 cmd->error_string = update(cmd, si);
1422
1423 if (cmd->error_string)
1424 goto failure;
1425 }
1426
1427 if (ref_transaction_commit(transaction, &err)) {
1428 rp_error("%s", err.buf);
1429 reported_error = "atomic transaction failed";
1430 goto failure;
1431 }
1432 goto cleanup;
1433
1434 failure:
1435 for (cmd = commands; cmd; cmd = cmd->next)
1436 if (!cmd->error_string)
1437 cmd->error_string = reported_error;
1438
1439 cleanup:
1440 ref_transaction_free(transaction);
1441 strbuf_release(&err);
1442 }
1443
1444 static void execute_commands(struct command *commands,
1445 const char *unpacker_error,
1446 struct shallow_info *si,
1447 const struct string_list *push_options)
1448 {
1449 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1450 struct command *cmd;
1451 struct iterate_data data;
1452 struct async muxer;
1453 int err_fd = 0;
1454
1455 if (unpacker_error) {
1456 for (cmd = commands; cmd; cmd = cmd->next)
1457 cmd->error_string = "unpacker error";
1458 return;
1459 }
1460
1461 if (use_sideband) {
1462 memset(&muxer, 0, sizeof(muxer));
1463 muxer.proc = copy_to_sideband;
1464 muxer.in = -1;
1465 if (!start_async(&muxer))
1466 err_fd = muxer.in;
1467 /* ...else, continue without relaying sideband */
1468 }
1469
1470 data.cmds = commands;
1471 data.si = si;
1472 opt.err_fd = err_fd;
1473 opt.progress = err_fd && !quiet;
1474 opt.env = tmp_objdir_env(tmp_objdir);
1475 if (check_connected(iterate_receive_command_list, &data, &opt))
1476 set_connectivity_errors(commands, si);
1477
1478 if (use_sideband)
1479 finish_async(&muxer);
1480
1481 reject_updates_to_hidden(commands);
1482
1483 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1484 for (cmd = commands; cmd; cmd = cmd->next) {
1485 if (!cmd->error_string)
1486 cmd->error_string = "pre-receive hook declined";
1487 }
1488 return;
1489 }
1490
1491 /*
1492 * Now we'll start writing out refs, which means the objects need
1493 * to be in their final positions so that other processes can see them.
1494 */
1495 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1496 for (cmd = commands; cmd; cmd = cmd->next) {
1497 if (!cmd->error_string)
1498 cmd->error_string = "unable to migrate objects to permanent storage";
1499 }
1500 return;
1501 }
1502 tmp_objdir = NULL;
1503
1504 check_aliased_updates(commands);
1505
1506 free(head_name_to_free);
1507 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1508
1509 if (use_atomic)
1510 execute_commands_atomic(commands, si);
1511 else
1512 execute_commands_non_atomic(commands, si);
1513
1514 if (shallow_update)
1515 warn_if_skipped_connectivity_check(commands, si);
1516 }
1517
1518 static struct command **queue_command(struct command **tail,
1519 const char *line,
1520 int linelen)
1521 {
1522 struct object_id old_oid, new_oid;
1523 struct command *cmd;
1524 const char *refname;
1525 int reflen;
1526 const char *p;
1527
1528 if (parse_oid_hex(line, &old_oid, &p) ||
1529 *p++ != ' ' ||
1530 parse_oid_hex(p, &new_oid, &p) ||
1531 *p++ != ' ')
1532 die("protocol error: expected old/new/ref, got '%s'", line);
1533
1534 refname = p;
1535 reflen = linelen - (p - line);
1536 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1537 oidcpy(&cmd->old_oid, &old_oid);
1538 oidcpy(&cmd->new_oid, &new_oid);
1539 *tail = cmd;
1540 return &cmd->next;
1541 }
1542
1543 static void queue_commands_from_cert(struct command **tail,
1544 struct strbuf *push_cert)
1545 {
1546 const char *boc, *eoc;
1547
1548 if (*tail)
1549 die("protocol error: got both push certificate and unsigned commands");
1550
1551 boc = strstr(push_cert->buf, "\n\n");
1552 if (!boc)
1553 die("malformed push certificate %.*s", 100, push_cert->buf);
1554 else
1555 boc += 2;
1556 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1557
1558 while (boc < eoc) {
1559 const char *eol = memchr(boc, '\n', eoc - boc);
1560 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1561 boc = eol ? eol + 1 : eoc;
1562 }
1563 }
1564
1565 static struct command *read_head_info(struct oid_array *shallow)
1566 {
1567 struct command *commands = NULL;
1568 struct command **p = &commands;
1569 for (;;) {
1570 char *line;
1571 int len, linelen;
1572
1573 line = packet_read_line(0, &len);
1574 if (!line)
1575 break;
1576
1577 if (len > 8 && starts_with(line, "shallow ")) {
1578 struct object_id oid;
1579 if (get_oid_hex(line + 8, &oid))
1580 die("protocol error: expected shallow sha, got '%s'",
1581 line + 8);
1582 oid_array_append(shallow, &oid);
1583 continue;
1584 }
1585
1586 linelen = strlen(line);
1587 if (linelen < len) {
1588 const char *feature_list = line + linelen + 1;
1589 if (parse_feature_request(feature_list, "report-status"))
1590 report_status = 1;
1591 if (parse_feature_request(feature_list, "side-band-64k"))
1592 use_sideband = LARGE_PACKET_MAX;
1593 if (parse_feature_request(feature_list, "quiet"))
1594 quiet = 1;
1595 if (advertise_atomic_push
1596 && parse_feature_request(feature_list, "atomic"))
1597 use_atomic = 1;
1598 if (advertise_push_options
1599 && parse_feature_request(feature_list, "push-options"))
1600 use_push_options = 1;
1601 }
1602
1603 if (!strcmp(line, "push-cert")) {
1604 int true_flush = 0;
1605 char certbuf[1024];
1606
1607 for (;;) {
1608 len = packet_read(0, NULL, NULL,
1609 certbuf, sizeof(certbuf), 0);
1610 if (!len) {
1611 true_flush = 1;
1612 break;
1613 }
1614 if (!strcmp(certbuf, "push-cert-end\n"))
1615 break; /* end of cert */
1616 strbuf_addstr(&push_cert, certbuf);
1617 }
1618
1619 if (true_flush)
1620 break;
1621 continue;
1622 }
1623
1624 p = queue_command(p, line, linelen);
1625 }
1626
1627 if (push_cert.len)
1628 queue_commands_from_cert(p, &push_cert);
1629
1630 return commands;
1631 }
1632
1633 static void read_push_options(struct string_list *options)
1634 {
1635 while (1) {
1636 char *line;
1637 int len;
1638
1639 line = packet_read_line(0, &len);
1640
1641 if (!line)
1642 break;
1643
1644 string_list_append(options, line);
1645 }
1646 }
1647
1648 static const char *parse_pack_header(struct pack_header *hdr)
1649 {
1650 switch (read_pack_header(0, hdr)) {
1651 case PH_ERROR_EOF:
1652 return "eof before pack header was fully read";
1653
1654 case PH_ERROR_PACK_SIGNATURE:
1655 return "protocol error (pack signature mismatch detected)";
1656
1657 case PH_ERROR_PROTOCOL:
1658 return "protocol error (pack version unsupported)";
1659
1660 default:
1661 return "unknown error in parse_pack_header";
1662
1663 case 0:
1664 return NULL;
1665 }
1666 }
1667
1668 static const char *pack_lockfile;
1669
1670 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1671 {
1672 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1673 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1674 }
1675
1676 static const char *unpack(int err_fd, struct shallow_info *si)
1677 {
1678 struct pack_header hdr;
1679 const char *hdr_err;
1680 int status;
1681 struct child_process child = CHILD_PROCESS_INIT;
1682 int fsck_objects = (receive_fsck_objects >= 0
1683 ? receive_fsck_objects
1684 : transfer_fsck_objects >= 0
1685 ? transfer_fsck_objects
1686 : 0);
1687
1688 hdr_err = parse_pack_header(&hdr);
1689 if (hdr_err) {
1690 if (err_fd > 0)
1691 close(err_fd);
1692 return hdr_err;
1693 }
1694
1695 if (si->nr_ours || si->nr_theirs) {
1696 alt_shallow_file = setup_temporary_shallow(si->shallow);
1697 argv_array_push(&child.args, "--shallow-file");
1698 argv_array_push(&child.args, alt_shallow_file);
1699 }
1700
1701 tmp_objdir = tmp_objdir_create();
1702 if (!tmp_objdir) {
1703 if (err_fd > 0)
1704 close(err_fd);
1705 return "unable to create temporary object directory";
1706 }
1707 child.env = tmp_objdir_env(tmp_objdir);
1708
1709 /*
1710 * Normally we just pass the tmp_objdir environment to the child
1711 * processes that do the heavy lifting, but we may need to see these
1712 * objects ourselves to set up shallow information.
1713 */
1714 tmp_objdir_add_as_alternate(tmp_objdir);
1715
1716 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1717 argv_array_push(&child.args, "unpack-objects");
1718 push_header_arg(&child.args, &hdr);
1719 if (quiet)
1720 argv_array_push(&child.args, "-q");
1721 if (fsck_objects)
1722 argv_array_pushf(&child.args, "--strict%s",
1723 fsck_msg_types.buf);
1724 if (max_input_size)
1725 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1726 (uintmax_t)max_input_size);
1727 child.no_stdout = 1;
1728 child.err = err_fd;
1729 child.git_cmd = 1;
1730 status = run_command(&child);
1731 if (status)
1732 return "unpack-objects abnormal exit";
1733 } else {
1734 char hostname[HOST_NAME_MAX + 1];
1735
1736 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1737 push_header_arg(&child.args, &hdr);
1738
1739 if (xgethostname(hostname, sizeof(hostname)))
1740 xsnprintf(hostname, sizeof(hostname), "localhost");
1741 argv_array_pushf(&child.args,
1742 "--keep=receive-pack %"PRIuMAX" on %s",
1743 (uintmax_t)getpid(),
1744 hostname);
1745
1746 if (!quiet && err_fd)
1747 argv_array_push(&child.args, "--show-resolving-progress");
1748 if (use_sideband)
1749 argv_array_push(&child.args, "--report-end-of-input");
1750 if (fsck_objects)
1751 argv_array_pushf(&child.args, "--strict%s",
1752 fsck_msg_types.buf);
1753 if (!reject_thin)
1754 argv_array_push(&child.args, "--fix-thin");
1755 if (max_input_size)
1756 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1757 (uintmax_t)max_input_size);
1758 child.out = -1;
1759 child.err = err_fd;
1760 child.git_cmd = 1;
1761 status = start_command(&child);
1762 if (status)
1763 return "index-pack fork failed";
1764 pack_lockfile = index_pack_lockfile(child.out);
1765 close(child.out);
1766 status = finish_command(&child);
1767 if (status)
1768 return "index-pack abnormal exit";
1769 reprepare_packed_git(the_repository);
1770 }
1771 return NULL;
1772 }
1773
1774 static const char *unpack_with_sideband(struct shallow_info *si)
1775 {
1776 struct async muxer;
1777 const char *ret;
1778
1779 if (!use_sideband)
1780 return unpack(0, si);
1781
1782 use_keepalive = KEEPALIVE_AFTER_NUL;
1783 memset(&muxer, 0, sizeof(muxer));
1784 muxer.proc = copy_to_sideband;
1785 muxer.in = -1;
1786 if (start_async(&muxer))
1787 return NULL;
1788
1789 ret = unpack(muxer.in, si);
1790
1791 finish_async(&muxer);
1792 return ret;
1793 }
1794
1795 static void prepare_shallow_update(struct command *commands,
1796 struct shallow_info *si)
1797 {
1798 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1799
1800 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1801 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1802
1803 si->need_reachability_test =
1804 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1805 si->reachable =
1806 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1807 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1808
1809 for (i = 0; i < si->nr_ours; i++)
1810 si->need_reachability_test[si->ours[i]] = 1;
1811
1812 for (i = 0; i < si->shallow->nr; i++) {
1813 if (!si->used_shallow[i])
1814 continue;
1815 for (j = 0; j < bitmap_size; j++) {
1816 if (!si->used_shallow[i][j])
1817 continue;
1818 si->need_reachability_test[i]++;
1819 for (k = 0; k < 32; k++)
1820 if (si->used_shallow[i][j] & (1U << k))
1821 si->shallow_ref[j * 32 + k]++;
1822 }
1823
1824 /*
1825 * true for those associated with some refs and belong
1826 * in "ours" list aka "step 7 not done yet"
1827 */
1828 si->need_reachability_test[i] =
1829 si->need_reachability_test[i] > 1;
1830 }
1831
1832 /*
1833 * keep hooks happy by forcing a temporary shallow file via
1834 * env variable because we can't add --shallow-file to every
1835 * command. check_everything_connected() will be done with
1836 * true .git/shallow though.
1837 */
1838 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1839 }
1840
1841 static void update_shallow_info(struct command *commands,
1842 struct shallow_info *si,
1843 struct oid_array *ref)
1844 {
1845 struct command *cmd;
1846 int *ref_status;
1847 remove_nonexistent_theirs_shallow(si);
1848 if (!si->nr_ours && !si->nr_theirs) {
1849 shallow_update = 0;
1850 return;
1851 }
1852
1853 for (cmd = commands; cmd; cmd = cmd->next) {
1854 if (is_null_oid(&cmd->new_oid))
1855 continue;
1856 oid_array_append(ref, &cmd->new_oid);
1857 cmd->index = ref->nr - 1;
1858 }
1859 si->ref = ref;
1860
1861 if (shallow_update) {
1862 prepare_shallow_update(commands, si);
1863 return;
1864 }
1865
1866 ALLOC_ARRAY(ref_status, ref->nr);
1867 assign_shallow_commits_to_refs(si, NULL, ref_status);
1868 for (cmd = commands; cmd; cmd = cmd->next) {
1869 if (is_null_oid(&cmd->new_oid))
1870 continue;
1871 if (ref_status[cmd->index]) {
1872 cmd->error_string = "shallow update not allowed";
1873 cmd->skip_update = 1;
1874 }
1875 }
1876 free(ref_status);
1877 }
1878
1879 static void report(struct command *commands, const char *unpack_status)
1880 {
1881 struct command *cmd;
1882 struct strbuf buf = STRBUF_INIT;
1883
1884 packet_buf_write(&buf, "unpack %s\n",
1885 unpack_status ? unpack_status : "ok");
1886 for (cmd = commands; cmd; cmd = cmd->next) {
1887 if (!cmd->error_string)
1888 packet_buf_write(&buf, "ok %s\n",
1889 cmd->ref_name);
1890 else
1891 packet_buf_write(&buf, "ng %s %s\n",
1892 cmd->ref_name, cmd->error_string);
1893 }
1894 packet_buf_flush(&buf);
1895
1896 if (use_sideband)
1897 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1898 else
1899 write_or_die(1, buf.buf, buf.len);
1900 strbuf_release(&buf);
1901 }
1902
1903 static int delete_only(struct command *commands)
1904 {
1905 struct command *cmd;
1906 for (cmd = commands; cmd; cmd = cmd->next) {
1907 if (!is_null_oid(&cmd->new_oid))
1908 return 0;
1909 }
1910 return 1;
1911 }
1912
1913 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1914 {
1915 int advertise_refs = 0;
1916 struct command *commands;
1917 struct oid_array shallow = OID_ARRAY_INIT;
1918 struct oid_array ref = OID_ARRAY_INIT;
1919 struct shallow_info si;
1920
1921 struct option options[] = {
1922 OPT__QUIET(&quiet, N_("quiet")),
1923 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1924 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1925 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1926 OPT_END()
1927 };
1928
1929 packet_trace_identity("receive-pack");
1930
1931 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1932
1933 if (argc > 1)
1934 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1935 if (argc == 0)
1936 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1937
1938 service_dir = argv[0];
1939
1940 setup_path();
1941
1942 if (!enter_repo(service_dir, 0))
1943 die("'%s' does not appear to be a git repository", service_dir);
1944
1945 git_config(receive_pack_config, NULL);
1946 if (cert_nonce_seed)
1947 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1948
1949 if (0 <= transfer_unpack_limit)
1950 unpack_limit = transfer_unpack_limit;
1951 else if (0 <= receive_unpack_limit)
1952 unpack_limit = receive_unpack_limit;
1953
1954 switch (determine_protocol_version_server()) {
1955 case protocol_v2:
1956 /*
1957 * push support for protocol v2 has not been implemented yet,
1958 * so ignore the request to use v2 and fallback to using v0.
1959 */
1960 break;
1961 case protocol_v1:
1962 /*
1963 * v1 is just the original protocol with a version string,
1964 * so just fall through after writing the version string.
1965 */
1966 if (advertise_refs || !stateless_rpc)
1967 packet_write_fmt(1, "version 1\n");
1968
1969 /* fallthrough */
1970 case protocol_v0:
1971 break;
1972 case protocol_unknown_version:
1973 BUG("unknown protocol version");
1974 }
1975
1976 if (advertise_refs || !stateless_rpc) {
1977 write_head_info();
1978 }
1979 if (advertise_refs)
1980 return 0;
1981
1982 if ((commands = read_head_info(&shallow)) != NULL) {
1983 const char *unpack_status = NULL;
1984 struct string_list push_options = STRING_LIST_INIT_DUP;
1985
1986 if (use_push_options)
1987 read_push_options(&push_options);
1988 if (!check_cert_push_options(&push_options)) {
1989 struct command *cmd;
1990 for (cmd = commands; cmd; cmd = cmd->next)
1991 cmd->error_string = "inconsistent push options";
1992 }
1993
1994 prepare_shallow_info(&si, &shallow);
1995 if (!si.nr_ours && !si.nr_theirs)
1996 shallow_update = 0;
1997 if (!delete_only(commands)) {
1998 unpack_status = unpack_with_sideband(&si);
1999 update_shallow_info(commands, &si, &ref);
2000 }
2001 use_keepalive = KEEPALIVE_ALWAYS;
2002 execute_commands(commands, unpack_status, &si,
2003 &push_options);
2004 if (pack_lockfile)
2005 unlink_or_warn(pack_lockfile);
2006 if (report_status)
2007 report(commands, unpack_status);
2008 run_receive_hook(commands, "post-receive", 1,
2009 &push_options);
2010 run_update_post_hook(commands);
2011 string_list_clear(&push_options, 0);
2012 if (auto_gc) {
2013 const char *argv_gc_auto[] = {
2014 "gc", "--auto", "--quiet", NULL,
2015 };
2016 struct child_process proc = CHILD_PROCESS_INIT;
2017
2018 proc.no_stdin = 1;
2019 proc.stdout_to_stderr = 1;
2020 proc.err = use_sideband ? -1 : 0;
2021 proc.git_cmd = 1;
2022 proc.argv = argv_gc_auto;
2023
2024 close_all_packs(the_repository->objects);
2025 if (!start_command(&proc)) {
2026 if (use_sideband)
2027 copy_to_sideband(proc.err, -1, NULL);
2028 finish_command(&proc);
2029 }
2030 }
2031 if (auto_update_server_info)
2032 update_server_info(0);
2033 clear_shallow_info(&si);
2034 }
2035 if (use_sideband)
2036 packet_flush(1);
2037 oid_array_clear(&shallow);
2038 oid_array_clear(&ref);
2039 free((void *)push_cert_nonce);
2040 return 0;
2041 }
The Best VCS Around