search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ref-filter: allow porcelain to translate messages in the output
[git.git] / builtin / receive-pack.c
blob6b97cbdbe9444d72d575c149678e4b609a154842
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23 #include "tmp-objdir.h"
24
25 static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28 };
29
30 enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36 };
37
38 static int deny_deletes;
39 static int deny_non_fast_forwards;
40 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42 static int receive_fsck_objects = -1;
43 static int transfer_fsck_objects = -1;
44 static struct strbuf fsck_msg_types = STRBUF_INIT;
45 static int receive_unpack_limit = -1;
46 static int transfer_unpack_limit = -1;
47 static int advertise_atomic_push = 1;
48 static int advertise_push_options;
49 static int unpack_limit = 100;
50 static off_t max_input_size;
51 static int report_status;
52 static int use_sideband;
53 static int use_atomic;
54 static int use_push_options;
55 static int quiet;
56 static int prefer_ofs_delta = 1;
57 static int auto_update_server_info;
58 static int auto_gc = 1;
59 static int reject_thin;
60 static int stateless_rpc;
61 static const char *service_dir;
62 static const char *head_name;
63 static void *head_name_to_free;
64 static int sent_capabilities;
65 static int shallow_update;
66 static const char *alt_shallow_file;
67 static struct strbuf push_cert = STRBUF_INIT;
68 static unsigned char push_cert_sha1[20];
69 static struct signature_check sigcheck;
70 static const char *push_cert_nonce;
71 static const char *cert_nonce_seed;
72
73 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74 static const char *NONCE_BAD = "BAD";
75 static const char *NONCE_MISSING = "MISSING";
76 static const char *NONCE_OK = "OK";
77 static const char *NONCE_SLOP = "SLOP";
78 static const char *nonce_status;
79 static long nonce_stamp_slop;
80 static unsigned long nonce_stamp_slop_limit;
81 static struct ref_transaction *transaction;
82
83 static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87 } use_keepalive;
88 static int keepalive_in_sec = 5;
89
90 static struct tmp_objdir *tmp_objdir;
91
92 static enum deny_action parse_deny_action(const char *var, const char *value)
93 {
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107 }
108
109 static int receive_pack_config(const char *var, const char *value, void *cb)
110 {
111 int status = parse_hide_refs_config(var, value, "receive");
112
113 if (status)
114 return status;
115
116 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125
126 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138
139 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146
147 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155
156 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165
166 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198
199 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213
214 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218
219 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223
224 return git_default_config(var, value, cb);
225 }
226
227 static void show_ref(const char *path, const unsigned char *sha1)
228 {
229 if (sent_capabilities) {
230 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233
234 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write_fmt(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250 }
251
252 static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254 {
255 const char *path = strip_namespace(path_full);
256
257 if (ref_is_hidden(path, path_full))
258 return 0;
259
260 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272 }
273
274 static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275 {
276 show_ref(".have", sha1);
277 return 0;
278 }
279
280 static void collect_one_alternate_ref(const struct ref *ref, void *data)
281 {
282 struct sha1_array *sa = data;
283 sha1_array_append(sa, ref->old_oid.hash);
284 }
285
286 static void write_head_info(void)
287 {
288 struct sha1_array sa = SHA1_ARRAY_INIT;
289
290 for_each_alternate_ref(collect_one_alternate_ref, &sa);
291 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
292 sha1_array_clear(&sa);
293 for_each_ref(show_ref_cb, NULL);
294 if (!sent_capabilities)
295 show_ref("capabilities^{}", null_sha1);
296
297 advertise_shallow_grafts(1);
298
299 /* EOF */
300 packet_flush(1);
301 }
302
303 struct command {
304 struct command *next;
305 const char *error_string;
306 unsigned int skip_update:1,
307 did_not_exist:1;
308 int index;
309 unsigned char old_sha1[20];
310 unsigned char new_sha1[20];
311 char ref_name[FLEX_ARRAY]; /* more */
312 };
313
314 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
315 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
316
317 static void report_message(const char *prefix, const char *err, va_list params)
318 {
319 int sz;
320 char msg[4096];
321
322 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
323 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
324 if (sz > (sizeof(msg) - 1))
325 sz = sizeof(msg) - 1;
326 msg[sz++] = '\n';
327
328 if (use_sideband)
329 send_sideband(1, 2, msg, sz, use_sideband);
330 else
331 xwrite(2, msg, sz);
332 }
333
334 static void rp_warning(const char *err, ...)
335 {
336 va_list params;
337 va_start(params, err);
338 report_message("warning: ", err, params);
339 va_end(params);
340 }
341
342 static void rp_error(const char *err, ...)
343 {
344 va_list params;
345 va_start(params, err);
346 report_message("error: ", err, params);
347 va_end(params);
348 }
349
350 static int copy_to_sideband(int in, int out, void *arg)
351 {
352 char data[128];
353 int keepalive_active = 0;
354
355 if (keepalive_in_sec <= 0)
356 use_keepalive = KEEPALIVE_NEVER;
357 if (use_keepalive == KEEPALIVE_ALWAYS)
358 keepalive_active = 1;
359
360 while (1) {
361 ssize_t sz;
362
363 if (keepalive_active) {
364 struct pollfd pfd;
365 int ret;
366
367 pfd.fd = in;
368 pfd.events = POLLIN;
369 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
370
371 if (ret < 0) {
372 if (errno == EINTR)
373 continue;
374 else
375 break;
376 } else if (ret == 0) {
377 /* no data; send a keepalive packet */
378 static const char buf[] = "0005\1";
379 write_or_die(1, buf, sizeof(buf) - 1);
380 continue;
381 } /* else there is actual data to read */
382 }
383
384 sz = xread(in, data, sizeof(data));
385 if (sz <= 0)
386 break;
387
388 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
389 const char *p = memchr(data, '\0', sz);
390 if (p) {
391 /*
392 * The NUL tells us to start sending keepalives. Make
393 * sure we send any other data we read along
394 * with it.
395 */
396 keepalive_active = 1;
397 send_sideband(1, 2, data, p - data, use_sideband);
398 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
399 continue;
400 }
401 }
402
403 /*
404 * Either we're not looking for a NUL signal, or we didn't see
405 * it yet; just pass along the data.
406 */
407 send_sideband(1, 2, data, sz, use_sideband);
408 }
409 close(in);
410 return 0;
411 }
412
413 #define HMAC_BLOCK_SIZE 64
414
415 static void hmac_sha1(unsigned char *out,
416 const char *key_in, size_t key_len,
417 const char *text, size_t text_len)
418 {
419 unsigned char key[HMAC_BLOCK_SIZE];
420 unsigned char k_ipad[HMAC_BLOCK_SIZE];
421 unsigned char k_opad[HMAC_BLOCK_SIZE];
422 int i;
423 git_SHA_CTX ctx;
424
425 /* RFC 2104 2. (1) */
426 memset(key, '\0', HMAC_BLOCK_SIZE);
427 if (HMAC_BLOCK_SIZE < key_len) {
428 git_SHA1_Init(&ctx);
429 git_SHA1_Update(&ctx, key_in, key_len);
430 git_SHA1_Final(key, &ctx);
431 } else {
432 memcpy(key, key_in, key_len);
433 }
434
435 /* RFC 2104 2. (2) & (5) */
436 for (i = 0; i < sizeof(key); i++) {
437 k_ipad[i] = key[i] ^ 0x36;
438 k_opad[i] = key[i] ^ 0x5c;
439 }
440
441 /* RFC 2104 2. (3) & (4) */
442 git_SHA1_Init(&ctx);
443 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
444 git_SHA1_Update(&ctx, text, text_len);
445 git_SHA1_Final(out, &ctx);
446
447 /* RFC 2104 2. (6) & (7) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
450 git_SHA1_Update(&ctx, out, 20);
451 git_SHA1_Final(out, &ctx);
452 }
453
454 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
455 {
456 struct strbuf buf = STRBUF_INIT;
457 unsigned char sha1[20];
458
459 strbuf_addf(&buf, "%s:%lu", path, stamp);
460 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
461 strbuf_release(&buf);
462
463 /* RFC 2104 5. HMAC-SHA1-80 */
464 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
465 return strbuf_detach(&buf, NULL);
466 }
467
468 /*
469 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
470 * after dropping "_commit" from its name and possibly moving it out
471 * of commit.c
472 */
473 static char *find_header(const char *msg, size_t len, const char *key)
474 {
475 int key_len = strlen(key);
476 const char *line = msg;
477
478 while (line && line < msg + len) {
479 const char *eol = strchrnul(line, '\n');
480
481 if ((msg + len <= eol) || line == eol)
482 return NULL;
483 if (line + key_len < eol &&
484 !memcmp(line, key, key_len) && line[key_len] == ' ') {
485 int offset = key_len + 1;
486 return xmemdupz(line + offset, (eol - line) - offset);
487 }
488 line = *eol ? eol + 1 : NULL;
489 }
490 return NULL;
491 }
492
493 static const char *check_nonce(const char *buf, size_t len)
494 {
495 char *nonce = find_header(buf, len, "nonce");
496 unsigned long stamp, ostamp;
497 char *bohmac, *expect = NULL;
498 const char *retval = NONCE_BAD;
499
500 if (!nonce) {
501 retval = NONCE_MISSING;
502 goto leave;
503 } else if (!push_cert_nonce) {
504 retval = NONCE_UNSOLICITED;
505 goto leave;
506 } else if (!strcmp(push_cert_nonce, nonce)) {
507 retval = NONCE_OK;
508 goto leave;
509 }
510
511 if (!stateless_rpc) {
512 /* returned nonce MUST match what we gave out earlier */
513 retval = NONCE_BAD;
514 goto leave;
515 }
516
517 /*
518 * In stateless mode, we may be receiving a nonce issued by
519 * another instance of the server that serving the same
520 * repository, and the timestamps may not match, but the
521 * nonce-seed and dir should match, so we can recompute and
522 * report the time slop.
523 *
524 * In addition, when a nonce issued by another instance has
525 * timestamp within receive.certnonceslop seconds, we pretend
526 * as if we issued that nonce when reporting to the hook.
527 */
528
529 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
530 if (*nonce <= '0' || '9' < *nonce) {
531 retval = NONCE_BAD;
532 goto leave;
533 }
534 stamp = strtoul(nonce, &bohmac, 10);
535 if (bohmac == nonce || bohmac[0] != '-') {
536 retval = NONCE_BAD;
537 goto leave;
538 }
539
540 expect = prepare_push_cert_nonce(service_dir, stamp);
541 if (strcmp(expect, nonce)) {
542 /* Not what we would have signed earlier */
543 retval = NONCE_BAD;
544 goto leave;
545 }
546
547 /*
548 * By how many seconds is this nonce stale? Negative value
549 * would mean it was issued by another server with its clock
550 * skewed in the future.
551 */
552 ostamp = strtoul(push_cert_nonce, NULL, 10);
553 nonce_stamp_slop = (long)ostamp - (long)stamp;
554
555 if (nonce_stamp_slop_limit &&
556 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
557 /*
558 * Pretend as if the received nonce (which passes the
559 * HMAC check, so it is not a forged by third-party)
560 * is what we issued.
561 */
562 free((void *)push_cert_nonce);
563 push_cert_nonce = xstrdup(nonce);
564 retval = NONCE_OK;
565 } else {
566 retval = NONCE_SLOP;
567 }
568
569 leave:
570 free(nonce);
571 free(expect);
572 return retval;
573 }
574
575 static void prepare_push_cert_sha1(struct child_process *proc)
576 {
577 static int already_done;
578
579 if (!push_cert.len)
580 return;
581
582 if (!already_done) {
583 struct strbuf gpg_output = STRBUF_INIT;
584 struct strbuf gpg_status = STRBUF_INIT;
585 int bogs /* beginning_of_gpg_sig */;
586
587 already_done = 1;
588 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
589 hashclr(push_cert_sha1);
590
591 memset(&sigcheck, '\0', sizeof(sigcheck));
592 sigcheck.result = 'N';
593
594 bogs = parse_signature(push_cert.buf, push_cert.len);
595 if (verify_signed_buffer(push_cert.buf, bogs,
596 push_cert.buf + bogs, push_cert.len - bogs,
597 &gpg_output, &gpg_status) < 0) {
598 ; /* error running gpg */
599 } else {
600 sigcheck.payload = push_cert.buf;
601 sigcheck.gpg_output = gpg_output.buf;
602 sigcheck.gpg_status = gpg_status.buf;
603 parse_gpg_output(&sigcheck);
604 }
605
606 strbuf_release(&gpg_output);
607 strbuf_release(&gpg_status);
608 nonce_status = check_nonce(push_cert.buf, bogs);
609 }
610 if (!is_null_sha1(push_cert_sha1)) {
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
612 sha1_to_hex(push_cert_sha1));
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
614 sigcheck.signer ? sigcheck.signer : "");
615 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
616 sigcheck.key ? sigcheck.key : "");
617 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
618 sigcheck.result);
619 if (push_cert_nonce) {
620 argv_array_pushf(&proc->env_array,
621 "GIT_PUSH_CERT_NONCE=%s",
622 push_cert_nonce);
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_STATUS=%s",
625 nonce_status);
626 if (nonce_status == NONCE_SLOP)
627 argv_array_pushf(&proc->env_array,
628 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
629 nonce_stamp_slop);
630 }
631 }
632 }
633
634 struct receive_hook_feed_state {
635 struct command *cmd;
636 int skip_broken;
637 struct strbuf buf;
638 const struct string_list *push_options;
639 };
640
641 typedef int (*feed_fn)(void *, const char **, size_t *);
642 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
643 struct receive_hook_feed_state *feed_state)
644 {
645 struct child_process proc = CHILD_PROCESS_INIT;
646 struct async muxer;
647 const char *argv[2];
648 int code;
649
650 argv[0] = find_hook(hook_name);
651 if (!argv[0])
652 return 0;
653
654 argv[1] = NULL;
655
656 proc.argv = argv;
657 proc.in = -1;
658 proc.stdout_to_stderr = 1;
659 if (feed_state->push_options) {
660 int i;
661 for (i = 0; i < feed_state->push_options->nr; i++)
662 argv_array_pushf(&proc.env_array,
663 "GIT_PUSH_OPTION_%d=%s", i,
664 feed_state->push_options->items[i].string);
665 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
666 feed_state->push_options->nr);
667 } else
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
669
670 if (tmp_objdir)
671 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
672
673 if (use_sideband) {
674 memset(&muxer, 0, sizeof(muxer));
675 muxer.proc = copy_to_sideband;
676 muxer.in = -1;
677 code = start_async(&muxer);
678 if (code)
679 return code;
680 proc.err = muxer.in;
681 }
682
683 prepare_push_cert_sha1(&proc);
684
685 code = start_command(&proc);
686 if (code) {
687 if (use_sideband)
688 finish_async(&muxer);
689 return code;
690 }
691
692 sigchain_push(SIGPIPE, SIG_IGN);
693
694 while (1) {
695 const char *buf;
696 size_t n;
697 if (feed(feed_state, &buf, &n))
698 break;
699 if (write_in_full(proc.in, buf, n) != n)
700 break;
701 }
702 close(proc.in);
703 if (use_sideband)
704 finish_async(&muxer);
705
706 sigchain_pop(SIGPIPE);
707
708 return finish_command(&proc);
709 }
710
711 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
712 {
713 struct receive_hook_feed_state *state = state_;
714 struct command *cmd = state->cmd;
715
716 while (cmd &&
717 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
718 cmd = cmd->next;
719 if (!cmd)
720 return -1; /* EOF */
721 strbuf_reset(&state->buf);
722 strbuf_addf(&state->buf, "%s %s %s\n",
723 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
724 cmd->ref_name);
725 state->cmd = cmd->next;
726 if (bufp) {
727 *bufp = state->buf.buf;
728 *sizep = state->buf.len;
729 }
730 return 0;
731 }
732
733 static int run_receive_hook(struct command *commands,
734 const char *hook_name,
735 int skip_broken,
736 const struct string_list *push_options)
737 {
738 struct receive_hook_feed_state state;
739 int status;
740
741 strbuf_init(&state.buf, 0);
742 state.cmd = commands;
743 state.skip_broken = skip_broken;
744 if (feed_receive_hook(&state, NULL, NULL))
745 return 0;
746 state.cmd = commands;
747 state.push_options = push_options;
748 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
749 strbuf_release(&state.buf);
750 return status;
751 }
752
753 static int run_update_hook(struct command *cmd)
754 {
755 const char *argv[5];
756 struct child_process proc = CHILD_PROCESS_INIT;
757 int code;
758
759 argv[0] = find_hook("update");
760 if (!argv[0])
761 return 0;
762
763 argv[1] = cmd->ref_name;
764 argv[2] = sha1_to_hex(cmd->old_sha1);
765 argv[3] = sha1_to_hex(cmd->new_sha1);
766 argv[4] = NULL;
767
768 proc.no_stdin = 1;
769 proc.stdout_to_stderr = 1;
770 proc.err = use_sideband ? -1 : 0;
771 proc.argv = argv;
772 proc.env = tmp_objdir_env(tmp_objdir);
773
774 code = start_command(&proc);
775 if (code)
776 return code;
777 if (use_sideband)
778 copy_to_sideband(proc.err, -1, NULL);
779 return finish_command(&proc);
780 }
781
782 static int is_ref_checked_out(const char *ref)
783 {
784 if (is_bare_repository())
785 return 0;
786
787 if (!head_name)
788 return 0;
789 return !strcmp(head_name, ref);
790 }
791
792 static char *refuse_unconfigured_deny_msg =
793 N_("By default, updating the current branch in a non-bare repository\n"
794 "is denied, because it will make the index and work tree inconsistent\n"
795 "with what you pushed, and will require 'git reset --hard' to match\n"
796 "the work tree to HEAD.\n"
797 "\n"
798 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
799 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
800 "its current branch; however, this is not recommended unless you\n"
801 "arranged to update its work tree to match what you pushed in some\n"
802 "other way.\n"
803 "\n"
804 "To squelch this message and still keep the default behaviour, set\n"
805 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
806
807 static void refuse_unconfigured_deny(void)
808 {
809 rp_error("%s", _(refuse_unconfigured_deny_msg));
810 }
811
812 static char *refuse_unconfigured_deny_delete_current_msg =
813 N_("By default, deleting the current branch is denied, because the next\n"
814 "'git clone' won't result in any file checked out, causing confusion.\n"
815 "\n"
816 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
817 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
818 "current branch, with or without a warning message.\n"
819 "\n"
820 "To squelch this message, you can set it to 'refuse'.");
821
822 static void refuse_unconfigured_deny_delete_current(void)
823 {
824 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
825 }
826
827 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
828 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
829 {
830 static struct lock_file shallow_lock;
831 struct sha1_array extra = SHA1_ARRAY_INIT;
832 struct check_connected_options opt = CHECK_CONNECTED_INIT;
833 uint32_t mask = 1 << (cmd->index % 32);
834 int i;
835
836 trace_printf_key(&trace_shallow,
837 "shallow: update_shallow_ref %s\n", cmd->ref_name);
838 for (i = 0; i < si->shallow->nr; i++)
839 if (si->used_shallow[i] &&
840 (si->used_shallow[i][cmd->index / 32] & mask) &&
841 !delayed_reachability_test(si, i))
842 sha1_array_append(&extra, si->shallow->sha1[i]);
843
844 opt.env = tmp_objdir_env(tmp_objdir);
845 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
846 if (check_connected(command_singleton_iterator, cmd, &opt)) {
847 rollback_lock_file(&shallow_lock);
848 sha1_array_clear(&extra);
849 return -1;
850 }
851
852 commit_lock_file(&shallow_lock);
853
854 /*
855 * Make sure setup_alternate_shallow() for the next ref does
856 * not lose these new roots..
857 */
858 for (i = 0; i < extra.nr; i++)
859 register_shallow(extra.sha1[i]);
860
861 si->shallow_ref[cmd->index] = 0;
862 sha1_array_clear(&extra);
863 return 0;
864 }
865
866 /*
867 * NEEDSWORK: we should consolidate various implementions of "are we
868 * on an unborn branch?" test into one, and make the unified one more
869 * robust. !get_sha1() based check used here and elsewhere would not
870 * allow us to tell an unborn branch from corrupt ref, for example.
871 * For the purpose of fixing "deploy-to-update does not work when
872 * pushing into an empty repository" issue, this should suffice for
873 * now.
874 */
875 static int head_has_history(void)
876 {
877 unsigned char sha1[20];
878
879 return !get_sha1("HEAD", sha1);
880 }
881
882 static const char *push_to_deploy(unsigned char *sha1,
883 struct argv_array *env,
884 const char *work_tree)
885 {
886 const char *update_refresh[] = {
887 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
888 };
889 const char *diff_files[] = {
890 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
891 };
892 const char *diff_index[] = {
893 "diff-index", "--quiet", "--cached", "--ignore-submodules",
894 NULL, "--", NULL
895 };
896 const char *read_tree[] = {
897 "read-tree", "-u", "-m", NULL, NULL
898 };
899 struct child_process child = CHILD_PROCESS_INIT;
900
901 child.argv = update_refresh;
902 child.env = env->argv;
903 child.dir = work_tree;
904 child.no_stdin = 1;
905 child.stdout_to_stderr = 1;
906 child.git_cmd = 1;
907 if (run_command(&child))
908 return "Up-to-date check failed";
909
910 /* run_command() does not clean up completely; reinitialize */
911 child_process_init(&child);
912 child.argv = diff_files;
913 child.env = env->argv;
914 child.dir = work_tree;
915 child.no_stdin = 1;
916 child.stdout_to_stderr = 1;
917 child.git_cmd = 1;
918 if (run_command(&child))
919 return "Working directory has unstaged changes";
920
921 /* diff-index with either HEAD or an empty tree */
922 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
923
924 child_process_init(&child);
925 child.argv = diff_index;
926 child.env = env->argv;
927 child.no_stdin = 1;
928 child.no_stdout = 1;
929 child.stdout_to_stderr = 0;
930 child.git_cmd = 1;
931 if (run_command(&child))
932 return "Working directory has staged changes";
933
934 read_tree[3] = sha1_to_hex(sha1);
935 child_process_init(&child);
936 child.argv = read_tree;
937 child.env = env->argv;
938 child.dir = work_tree;
939 child.no_stdin = 1;
940 child.no_stdout = 1;
941 child.stdout_to_stderr = 0;
942 child.git_cmd = 1;
943 if (run_command(&child))
944 return "Could not update working tree to new HEAD";
945
946 return NULL;
947 }
948
949 static const char *push_to_checkout_hook = "push-to-checkout";
950
951 static const char *push_to_checkout(unsigned char *sha1,
952 struct argv_array *env,
953 const char *work_tree)
954 {
955 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
956 if (run_hook_le(env->argv, push_to_checkout_hook,
957 sha1_to_hex(sha1), NULL))
958 return "push-to-checkout hook declined";
959 else
960 return NULL;
961 }
962
963 static const char *update_worktree(unsigned char *sha1)
964 {
965 const char *retval;
966 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
967 struct argv_array env = ARGV_ARRAY_INIT;
968
969 if (is_bare_repository())
970 return "denyCurrentBranch = updateInstead needs a worktree";
971
972 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
973
974 if (!find_hook(push_to_checkout_hook))
975 retval = push_to_deploy(sha1, &env, work_tree);
976 else
977 retval = push_to_checkout(sha1, &env, work_tree);
978
979 argv_array_clear(&env);
980 return retval;
981 }
982
983 static const char *update(struct command *cmd, struct shallow_info *si)
984 {
985 const char *name = cmd->ref_name;
986 struct strbuf namespaced_name_buf = STRBUF_INIT;
987 const char *namespaced_name, *ret;
988 unsigned char *old_sha1 = cmd->old_sha1;
989 unsigned char *new_sha1 = cmd->new_sha1;
990
991 /* only refs/... are allowed */
992 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
993 rp_error("refusing to create funny ref '%s' remotely", name);
994 return "funny refname";
995 }
996
997 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
998 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
999
1000 if (is_ref_checked_out(namespaced_name)) {
1001 switch (deny_current_branch) {
1002 case DENY_IGNORE:
1003 break;
1004 case DENY_WARN:
1005 rp_warning("updating the current branch");
1006 break;
1007 case DENY_REFUSE:
1008 case DENY_UNCONFIGURED:
1009 rp_error("refusing to update checked out branch: %s", name);
1010 if (deny_current_branch == DENY_UNCONFIGURED)
1011 refuse_unconfigured_deny();
1012 return "branch is currently checked out";
1013 case DENY_UPDATE_INSTEAD:
1014 ret = update_worktree(new_sha1);
1015 if (ret)
1016 return ret;
1017 break;
1018 }
1019 }
1020
1021 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1022 error("unpack should have generated %s, "
1023 "but I can't find it!", sha1_to_hex(new_sha1));
1024 return "bad pack";
1025 }
1026
1027 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1028 if (deny_deletes && starts_with(name, "refs/heads/")) {
1029 rp_error("denying ref deletion for %s", name);
1030 return "deletion prohibited";
1031 }
1032
1033 if (head_name && !strcmp(namespaced_name, head_name)) {
1034 switch (deny_delete_current) {
1035 case DENY_IGNORE:
1036 break;
1037 case DENY_WARN:
1038 rp_warning("deleting the current branch");
1039 break;
1040 case DENY_REFUSE:
1041 case DENY_UNCONFIGURED:
1042 case DENY_UPDATE_INSTEAD:
1043 if (deny_delete_current == DENY_UNCONFIGURED)
1044 refuse_unconfigured_deny_delete_current();
1045 rp_error("refusing to delete the current branch: %s", name);
1046 return "deletion of the current branch prohibited";
1047 default:
1048 return "Invalid denyDeleteCurrent setting";
1049 }
1050 }
1051 }
1052
1053 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1054 !is_null_sha1(old_sha1) &&
1055 starts_with(name, "refs/heads/")) {
1056 struct object *old_object, *new_object;
1057 struct commit *old_commit, *new_commit;
1058
1059 old_object = parse_object(old_sha1);
1060 new_object = parse_object(new_sha1);
1061
1062 if (!old_object || !new_object ||
1063 old_object->type != OBJ_COMMIT ||
1064 new_object->type != OBJ_COMMIT) {
1065 error("bad sha1 objects for %s", name);
1066 return "bad ref";
1067 }
1068 old_commit = (struct commit *)old_object;
1069 new_commit = (struct commit *)new_object;
1070 if (!in_merge_bases(old_commit, new_commit)) {
1071 rp_error("denying non-fast-forward %s"
1072 " (you should pull first)", name);
1073 return "non-fast-forward";
1074 }
1075 }
1076 if (run_update_hook(cmd)) {
1077 rp_error("hook declined to update %s", name);
1078 return "hook declined";
1079 }
1080
1081 if (is_null_sha1(new_sha1)) {
1082 struct strbuf err = STRBUF_INIT;
1083 if (!parse_object(old_sha1)) {
1084 old_sha1 = NULL;
1085 if (ref_exists(name)) {
1086 rp_warning("Allowing deletion of corrupt ref.");
1087 } else {
1088 rp_warning("Deleting a non-existent ref.");
1089 cmd->did_not_exist = 1;
1090 }
1091 }
1092 if (ref_transaction_delete(transaction,
1093 namespaced_name,
1094 old_sha1,
1095 0, "push", &err)) {
1096 rp_error("%s", err.buf);
1097 strbuf_release(&err);
1098 return "failed to delete";
1099 }
1100 strbuf_release(&err);
1101 return NULL; /* good */
1102 }
1103 else {
1104 struct strbuf err = STRBUF_INIT;
1105 if (shallow_update && si->shallow_ref[cmd->index] &&
1106 update_shallow_ref(cmd, si))
1107 return "shallow error";
1108
1109 if (ref_transaction_update(transaction,
1110 namespaced_name,
1111 new_sha1, old_sha1,
1112 0, "push",
1113 &err)) {
1114 rp_error("%s", err.buf);
1115 strbuf_release(&err);
1116
1117 return "failed to update ref";
1118 }
1119 strbuf_release(&err);
1120
1121 return NULL; /* good */
1122 }
1123 }
1124
1125 static void run_update_post_hook(struct command *commands)
1126 {
1127 struct command *cmd;
1128 int argc;
1129 struct child_process proc = CHILD_PROCESS_INIT;
1130 const char *hook;
1131
1132 hook = find_hook("post-update");
1133 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1134 if (cmd->error_string || cmd->did_not_exist)
1135 continue;
1136 argc++;
1137 }
1138 if (!argc || !hook)
1139 return;
1140
1141 argv_array_push(&proc.args, hook);
1142 for (cmd = commands; cmd; cmd = cmd->next) {
1143 if (cmd->error_string || cmd->did_not_exist)
1144 continue;
1145 argv_array_push(&proc.args, cmd->ref_name);
1146 }
1147
1148 proc.no_stdin = 1;
1149 proc.stdout_to_stderr = 1;
1150 proc.err = use_sideband ? -1 : 0;
1151
1152 if (!start_command(&proc)) {
1153 if (use_sideband)
1154 copy_to_sideband(proc.err, -1, NULL);
1155 finish_command(&proc);
1156 }
1157 }
1158
1159 static void check_aliased_update(struct command *cmd, struct string_list *list)
1160 {
1161 struct strbuf buf = STRBUF_INIT;
1162 const char *dst_name;
1163 struct string_list_item *item;
1164 struct command *dst_cmd;
1165 unsigned char sha1[GIT_SHA1_RAWSZ];
1166 int flag;
1167
1168 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1169 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1170 strbuf_release(&buf);
1171
1172 if (!(flag & REF_ISSYMREF))
1173 return;
1174
1175 if (!dst_name) {
1176 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1177 cmd->skip_update = 1;
1178 cmd->error_string = "broken symref";
1179 return;
1180 }
1181 dst_name = strip_namespace(dst_name);
1182
1183 if ((item = string_list_lookup(list, dst_name)) == NULL)
1184 return;
1185
1186 cmd->skip_update = 1;
1187
1188 dst_cmd = (struct command *) item->util;
1189
1190 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1191 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1192 return;
1193
1194 dst_cmd->skip_update = 1;
1195
1196 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1197 " its target '%s' (%s..%s)",
1198 cmd->ref_name,
1199 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1200 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1201 dst_cmd->ref_name,
1202 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1203 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1204
1205 cmd->error_string = dst_cmd->error_string =
1206 "inconsistent aliased update";
1207 }
1208
1209 static void check_aliased_updates(struct command *commands)
1210 {
1211 struct command *cmd;
1212 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1213
1214 for (cmd = commands; cmd; cmd = cmd->next) {
1215 struct string_list_item *item =
1216 string_list_append(&ref_list, cmd->ref_name);
1217 item->util = (void *)cmd;
1218 }
1219 string_list_sort(&ref_list);
1220
1221 for (cmd = commands; cmd; cmd = cmd->next) {
1222 if (!cmd->error_string)
1223 check_aliased_update(cmd, &ref_list);
1224 }
1225
1226 string_list_clear(&ref_list, 0);
1227 }
1228
1229 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1230 {
1231 struct command **cmd_list = cb_data;
1232 struct command *cmd = *cmd_list;
1233
1234 if (!cmd || is_null_sha1(cmd->new_sha1))
1235 return -1; /* end of list */
1236 *cmd_list = NULL; /* this returns only one */
1237 hashcpy(sha1, cmd->new_sha1);
1238 return 0;
1239 }
1240
1241 static void set_connectivity_errors(struct command *commands,
1242 struct shallow_info *si)
1243 {
1244 struct command *cmd;
1245
1246 for (cmd = commands; cmd; cmd = cmd->next) {
1247 struct command *singleton = cmd;
1248 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1249
1250 if (shallow_update && si->shallow_ref[cmd->index])
1251 /* to be checked in update_shallow_ref() */
1252 continue;
1253
1254 opt.env = tmp_objdir_env(tmp_objdir);
1255 if (!check_connected(command_singleton_iterator, &singleton,
1256 &opt))
1257 continue;
1258
1259 cmd->error_string = "missing necessary objects";
1260 }
1261 }
1262
1263 struct iterate_data {
1264 struct command *cmds;
1265 struct shallow_info *si;
1266 };
1267
1268 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1269 {
1270 struct iterate_data *data = cb_data;
1271 struct command **cmd_list = &data->cmds;
1272 struct command *cmd = *cmd_list;
1273
1274 for (; cmd; cmd = cmd->next) {
1275 if (shallow_update && data->si->shallow_ref[cmd->index])
1276 /* to be checked in update_shallow_ref() */
1277 continue;
1278 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1279 hashcpy(sha1, cmd->new_sha1);
1280 *cmd_list = cmd->next;
1281 return 0;
1282 }
1283 }
1284 *cmd_list = NULL;
1285 return -1; /* end of list */
1286 }
1287
1288 static void reject_updates_to_hidden(struct command *commands)
1289 {
1290 struct strbuf refname_full = STRBUF_INIT;
1291 size_t prefix_len;
1292 struct command *cmd;
1293
1294 strbuf_addstr(&refname_full, get_git_namespace());
1295 prefix_len = refname_full.len;
1296
1297 for (cmd = commands; cmd; cmd = cmd->next) {
1298 if (cmd->error_string)
1299 continue;
1300
1301 strbuf_setlen(&refname_full, prefix_len);
1302 strbuf_addstr(&refname_full, cmd->ref_name);
1303
1304 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1305 continue;
1306 if (is_null_sha1(cmd->new_sha1))
1307 cmd->error_string = "deny deleting a hidden ref";
1308 else
1309 cmd->error_string = "deny updating a hidden ref";
1310 }
1311
1312 strbuf_release(&refname_full);
1313 }
1314
1315 static int should_process_cmd(struct command *cmd)
1316 {
1317 return !cmd->error_string && !cmd->skip_update;
1318 }
1319
1320 static void warn_if_skipped_connectivity_check(struct command *commands,
1321 struct shallow_info *si)
1322 {
1323 struct command *cmd;
1324 int checked_connectivity = 1;
1325
1326 for (cmd = commands; cmd; cmd = cmd->next) {
1327 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1328 error("BUG: connectivity check has not been run on ref %s",
1329 cmd->ref_name);
1330 checked_connectivity = 0;
1331 }
1332 }
1333 if (!checked_connectivity)
1334 die("BUG: connectivity check skipped???");
1335 }
1336
1337 static void execute_commands_non_atomic(struct command *commands,
1338 struct shallow_info *si)
1339 {
1340 struct command *cmd;
1341 struct strbuf err = STRBUF_INIT;
1342
1343 for (cmd = commands; cmd; cmd = cmd->next) {
1344 if (!should_process_cmd(cmd))
1345 continue;
1346
1347 transaction = ref_transaction_begin(&err);
1348 if (!transaction) {
1349 rp_error("%s", err.buf);
1350 strbuf_reset(&err);
1351 cmd->error_string = "transaction failed to start";
1352 continue;
1353 }
1354
1355 cmd->error_string = update(cmd, si);
1356
1357 if (!cmd->error_string
1358 && ref_transaction_commit(transaction, &err)) {
1359 rp_error("%s", err.buf);
1360 strbuf_reset(&err);
1361 cmd->error_string = "failed to update ref";
1362 }
1363 ref_transaction_free(transaction);
1364 }
1365 strbuf_release(&err);
1366 }
1367
1368 static void execute_commands_atomic(struct command *commands,
1369 struct shallow_info *si)
1370 {
1371 struct command *cmd;
1372 struct strbuf err = STRBUF_INIT;
1373 const char *reported_error = "atomic push failure";
1374
1375 transaction = ref_transaction_begin(&err);
1376 if (!transaction) {
1377 rp_error("%s", err.buf);
1378 strbuf_reset(&err);
1379 reported_error = "transaction failed to start";
1380 goto failure;
1381 }
1382
1383 for (cmd = commands; cmd; cmd = cmd->next) {
1384 if (!should_process_cmd(cmd))
1385 continue;
1386
1387 cmd->error_string = update(cmd, si);
1388
1389 if (cmd->error_string)
1390 goto failure;
1391 }
1392
1393 if (ref_transaction_commit(transaction, &err)) {
1394 rp_error("%s", err.buf);
1395 reported_error = "atomic transaction failed";
1396 goto failure;
1397 }
1398 goto cleanup;
1399
1400 failure:
1401 for (cmd = commands; cmd; cmd = cmd->next)
1402 if (!cmd->error_string)
1403 cmd->error_string = reported_error;
1404
1405 cleanup:
1406 ref_transaction_free(transaction);
1407 strbuf_release(&err);
1408 }
1409
1410 static void execute_commands(struct command *commands,
1411 const char *unpacker_error,
1412 struct shallow_info *si,
1413 const struct string_list *push_options)
1414 {
1415 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1416 struct command *cmd;
1417 unsigned char sha1[20];
1418 struct iterate_data data;
1419 struct async muxer;
1420 int err_fd = 0;
1421
1422 if (unpacker_error) {
1423 for (cmd = commands; cmd; cmd = cmd->next)
1424 cmd->error_string = "unpacker error";
1425 return;
1426 }
1427
1428 if (use_sideband) {
1429 memset(&muxer, 0, sizeof(muxer));
1430 muxer.proc = copy_to_sideband;
1431 muxer.in = -1;
1432 if (!start_async(&muxer))
1433 err_fd = muxer.in;
1434 /* ...else, continue without relaying sideband */
1435 }
1436
1437 data.cmds = commands;
1438 data.si = si;
1439 opt.err_fd = err_fd;
1440 opt.progress = err_fd && !quiet;
1441 opt.env = tmp_objdir_env(tmp_objdir);
1442 if (check_connected(iterate_receive_command_list, &data, &opt))
1443 set_connectivity_errors(commands, si);
1444
1445 if (use_sideband)
1446 finish_async(&muxer);
1447
1448 reject_updates_to_hidden(commands);
1449
1450 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1451 for (cmd = commands; cmd; cmd = cmd->next) {
1452 if (!cmd->error_string)
1453 cmd->error_string = "pre-receive hook declined";
1454 }
1455 return;
1456 }
1457
1458 /*
1459 * Now we'll start writing out refs, which means the objects need
1460 * to be in their final positions so that other processes can see them.
1461 */
1462 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1463 for (cmd = commands; cmd; cmd = cmd->next) {
1464 if (!cmd->error_string)
1465 cmd->error_string = "unable to migrate objects to permanent storage";
1466 }
1467 return;
1468 }
1469 tmp_objdir = NULL;
1470
1471 check_aliased_updates(commands);
1472
1473 free(head_name_to_free);
1474 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1475
1476 if (use_atomic)
1477 execute_commands_atomic(commands, si);
1478 else
1479 execute_commands_non_atomic(commands, si);
1480
1481 if (shallow_update)
1482 warn_if_skipped_connectivity_check(commands, si);
1483 }
1484
1485 static struct command **queue_command(struct command **tail,
1486 const char *line,
1487 int linelen)
1488 {
1489 unsigned char old_sha1[20], new_sha1[20];
1490 struct command *cmd;
1491 const char *refname;
1492 int reflen;
1493
1494 if (linelen < 83 ||
1495 line[40] != ' ' ||
1496 line[81] != ' ' ||
1497 get_sha1_hex(line, old_sha1) ||
1498 get_sha1_hex(line + 41, new_sha1))
1499 die("protocol error: expected old/new/ref, got '%s'", line);
1500
1501 refname = line + 82;
1502 reflen = linelen - 82;
1503 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1504 hashcpy(cmd->old_sha1, old_sha1);
1505 hashcpy(cmd->new_sha1, new_sha1);
1506 *tail = cmd;
1507 return &cmd->next;
1508 }
1509
1510 static void queue_commands_from_cert(struct command **tail,
1511 struct strbuf *push_cert)
1512 {
1513 const char *boc, *eoc;
1514
1515 if (*tail)
1516 die("protocol error: got both push certificate and unsigned commands");
1517
1518 boc = strstr(push_cert->buf, "\n\n");
1519 if (!boc)
1520 die("malformed push certificate %.*s", 100, push_cert->buf);
1521 else
1522 boc += 2;
1523 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1524
1525 while (boc < eoc) {
1526 const char *eol = memchr(boc, '\n', eoc - boc);
1527 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1528 boc = eol ? eol + 1 : eoc;
1529 }
1530 }
1531
1532 static struct command *read_head_info(struct sha1_array *shallow)
1533 {
1534 struct command *commands = NULL;
1535 struct command **p = &commands;
1536 for (;;) {
1537 char *line;
1538 int len, linelen;
1539
1540 line = packet_read_line(0, &len);
1541 if (!line)
1542 break;
1543
1544 if (len == 48 && starts_with(line, "shallow ")) {
1545 unsigned char sha1[20];
1546 if (get_sha1_hex(line + 8, sha1))
1547 die("protocol error: expected shallow sha, got '%s'",
1548 line + 8);
1549 sha1_array_append(shallow, sha1);
1550 continue;
1551 }
1552
1553 linelen = strlen(line);
1554 if (linelen < len) {
1555 const char *feature_list = line + linelen + 1;
1556 if (parse_feature_request(feature_list, "report-status"))
1557 report_status = 1;
1558 if (parse_feature_request(feature_list, "side-band-64k"))
1559 use_sideband = LARGE_PACKET_MAX;
1560 if (parse_feature_request(feature_list, "quiet"))
1561 quiet = 1;
1562 if (advertise_atomic_push
1563 && parse_feature_request(feature_list, "atomic"))
1564 use_atomic = 1;
1565 if (advertise_push_options
1566 && parse_feature_request(feature_list, "push-options"))
1567 use_push_options = 1;
1568 }
1569
1570 if (!strcmp(line, "push-cert")) {
1571 int true_flush = 0;
1572 char certbuf[1024];
1573
1574 for (;;) {
1575 len = packet_read(0, NULL, NULL,
1576 certbuf, sizeof(certbuf), 0);
1577 if (!len) {
1578 true_flush = 1;
1579 break;
1580 }
1581 if (!strcmp(certbuf, "push-cert-end\n"))
1582 break; /* end of cert */
1583 strbuf_addstr(&push_cert, certbuf);
1584 }
1585
1586 if (true_flush)
1587 break;
1588 continue;
1589 }
1590
1591 p = queue_command(p, line, linelen);
1592 }
1593
1594 if (push_cert.len)
1595 queue_commands_from_cert(p, &push_cert);
1596
1597 return commands;
1598 }
1599
1600 static void read_push_options(struct string_list *options)
1601 {
1602 while (1) {
1603 char *line;
1604 int len;
1605
1606 line = packet_read_line(0, &len);
1607
1608 if (!line)
1609 break;
1610
1611 string_list_append(options, line);
1612 }
1613 }
1614
1615 static const char *parse_pack_header(struct pack_header *hdr)
1616 {
1617 switch (read_pack_header(0, hdr)) {
1618 case PH_ERROR_EOF:
1619 return "eof before pack header was fully read";
1620
1621 case PH_ERROR_PACK_SIGNATURE:
1622 return "protocol error (pack signature mismatch detected)";
1623
1624 case PH_ERROR_PROTOCOL:
1625 return "protocol error (pack version unsupported)";
1626
1627 default:
1628 return "unknown error in parse_pack_header";
1629
1630 case 0:
1631 return NULL;
1632 }
1633 }
1634
1635 static const char *pack_lockfile;
1636
1637 static const char *unpack(int err_fd, struct shallow_info *si)
1638 {
1639 struct pack_header hdr;
1640 const char *hdr_err;
1641 int status;
1642 char hdr_arg[38];
1643 struct child_process child = CHILD_PROCESS_INIT;
1644 int fsck_objects = (receive_fsck_objects >= 0
1645 ? receive_fsck_objects
1646 : transfer_fsck_objects >= 0
1647 ? transfer_fsck_objects
1648 : 0);
1649
1650 hdr_err = parse_pack_header(&hdr);
1651 if (hdr_err) {
1652 if (err_fd > 0)
1653 close(err_fd);
1654 return hdr_err;
1655 }
1656 snprintf(hdr_arg, sizeof(hdr_arg),
1657 "--pack_header=%"PRIu32",%"PRIu32,
1658 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1659
1660 if (si->nr_ours || si->nr_theirs) {
1661 alt_shallow_file = setup_temporary_shallow(si->shallow);
1662 argv_array_push(&child.args, "--shallow-file");
1663 argv_array_push(&child.args, alt_shallow_file);
1664 }
1665
1666 tmp_objdir = tmp_objdir_create();
1667 if (!tmp_objdir)
1668 return "unable to create temporary object directory";
1669 child.env = tmp_objdir_env(tmp_objdir);
1670
1671 /*
1672 * Normally we just pass the tmp_objdir environment to the child
1673 * processes that do the heavy lifting, but we may need to see these
1674 * objects ourselves to set up shallow information.
1675 */
1676 tmp_objdir_add_as_alternate(tmp_objdir);
1677
1678 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1679 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1680 if (quiet)
1681 argv_array_push(&child.args, "-q");
1682 if (fsck_objects)
1683 argv_array_pushf(&child.args, "--strict%s",
1684 fsck_msg_types.buf);
1685 if (max_input_size)
1686 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1687 (uintmax_t)max_input_size);
1688 child.no_stdout = 1;
1689 child.err = err_fd;
1690 child.git_cmd = 1;
1691 status = run_command(&child);
1692 if (status)
1693 return "unpack-objects abnormal exit";
1694 } else {
1695 char hostname[256];
1696
1697 argv_array_pushl(&child.args, "index-pack",
1698 "--stdin", hdr_arg, NULL);
1699
1700 if (gethostname(hostname, sizeof(hostname)))
1701 xsnprintf(hostname, sizeof(hostname), "localhost");
1702 argv_array_pushf(&child.args,
1703 "--keep=receive-pack %"PRIuMAX" on %s",
1704 (uintmax_t)getpid(),
1705 hostname);
1706
1707 if (!quiet && err_fd)
1708 argv_array_push(&child.args, "--show-resolving-progress");
1709 if (use_sideband)
1710 argv_array_push(&child.args, "--report-end-of-input");
1711 if (fsck_objects)
1712 argv_array_pushf(&child.args, "--strict%s",
1713 fsck_msg_types.buf);
1714 if (!reject_thin)
1715 argv_array_push(&child.args, "--fix-thin");
1716 if (max_input_size)
1717 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1718 (uintmax_t)max_input_size);
1719 child.out = -1;
1720 child.err = err_fd;
1721 child.git_cmd = 1;
1722 status = start_command(&child);
1723 if (status)
1724 return "index-pack fork failed";
1725 pack_lockfile = index_pack_lockfile(child.out);
1726 close(child.out);
1727 status = finish_command(&child);
1728 if (status)
1729 return "index-pack abnormal exit";
1730 reprepare_packed_git();
1731 }
1732 return NULL;
1733 }
1734
1735 static const char *unpack_with_sideband(struct shallow_info *si)
1736 {
1737 struct async muxer;
1738 const char *ret;
1739
1740 if (!use_sideband)
1741 return unpack(0, si);
1742
1743 use_keepalive = KEEPALIVE_AFTER_NUL;
1744 memset(&muxer, 0, sizeof(muxer));
1745 muxer.proc = copy_to_sideband;
1746 muxer.in = -1;
1747 if (start_async(&muxer))
1748 return NULL;
1749
1750 ret = unpack(muxer.in, si);
1751
1752 finish_async(&muxer);
1753 return ret;
1754 }
1755
1756 static void prepare_shallow_update(struct command *commands,
1757 struct shallow_info *si)
1758 {
1759 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1760
1761 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1762 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1763
1764 si->need_reachability_test =
1765 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1766 si->reachable =
1767 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1768 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1769
1770 for (i = 0; i < si->nr_ours; i++)
1771 si->need_reachability_test[si->ours[i]] = 1;
1772
1773 for (i = 0; i < si->shallow->nr; i++) {
1774 if (!si->used_shallow[i])
1775 continue;
1776 for (j = 0; j < bitmap_size; j++) {
1777 if (!si->used_shallow[i][j])
1778 continue;
1779 si->need_reachability_test[i]++;
1780 for (k = 0; k < 32; k++)
1781 if (si->used_shallow[i][j] & (1U << k))
1782 si->shallow_ref[j * 32 + k]++;
1783 }
1784
1785 /*
1786 * true for those associated with some refs and belong
1787 * in "ours" list aka "step 7 not done yet"
1788 */
1789 si->need_reachability_test[i] =
1790 si->need_reachability_test[i] > 1;
1791 }
1792
1793 /*
1794 * keep hooks happy by forcing a temporary shallow file via
1795 * env variable because we can't add --shallow-file to every
1796 * command. check_everything_connected() will be done with
1797 * true .git/shallow though.
1798 */
1799 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1800 }
1801
1802 static void update_shallow_info(struct command *commands,
1803 struct shallow_info *si,
1804 struct sha1_array *ref)
1805 {
1806 struct command *cmd;
1807 int *ref_status;
1808 remove_nonexistent_theirs_shallow(si);
1809 if (!si->nr_ours && !si->nr_theirs) {
1810 shallow_update = 0;
1811 return;
1812 }
1813
1814 for (cmd = commands; cmd; cmd = cmd->next) {
1815 if (is_null_sha1(cmd->new_sha1))
1816 continue;
1817 sha1_array_append(ref, cmd->new_sha1);
1818 cmd->index = ref->nr - 1;
1819 }
1820 si->ref = ref;
1821
1822 if (shallow_update) {
1823 prepare_shallow_update(commands, si);
1824 return;
1825 }
1826
1827 ALLOC_ARRAY(ref_status, ref->nr);
1828 assign_shallow_commits_to_refs(si, NULL, ref_status);
1829 for (cmd = commands; cmd; cmd = cmd->next) {
1830 if (is_null_sha1(cmd->new_sha1))
1831 continue;
1832 if (ref_status[cmd->index]) {
1833 cmd->error_string = "shallow update not allowed";
1834 cmd->skip_update = 1;
1835 }
1836 }
1837 free(ref_status);
1838 }
1839
1840 static void report(struct command *commands, const char *unpack_status)
1841 {
1842 struct command *cmd;
1843 struct strbuf buf = STRBUF_INIT;
1844
1845 packet_buf_write(&buf, "unpack %s\n",
1846 unpack_status ? unpack_status : "ok");
1847 for (cmd = commands; cmd; cmd = cmd->next) {
1848 if (!cmd->error_string)
1849 packet_buf_write(&buf, "ok %s\n",
1850 cmd->ref_name);
1851 else
1852 packet_buf_write(&buf, "ng %s %s\n",
1853 cmd->ref_name, cmd->error_string);
1854 }
1855 packet_buf_flush(&buf);
1856
1857 if (use_sideband)
1858 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1859 else
1860 write_or_die(1, buf.buf, buf.len);
1861 strbuf_release(&buf);
1862 }
1863
1864 static int delete_only(struct command *commands)
1865 {
1866 struct command *cmd;
1867 for (cmd = commands; cmd; cmd = cmd->next) {
1868 if (!is_null_sha1(cmd->new_sha1))
1869 return 0;
1870 }
1871 return 1;
1872 }
1873
1874 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1875 {
1876 int advertise_refs = 0;
1877 struct command *commands;
1878 struct sha1_array shallow = SHA1_ARRAY_INIT;
1879 struct sha1_array ref = SHA1_ARRAY_INIT;
1880 struct shallow_info si;
1881
1882 struct option options[] = {
1883 OPT__QUIET(&quiet, N_("quiet")),
1884 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1885 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1886 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1887 OPT_END()
1888 };
1889
1890 packet_trace_identity("receive-pack");
1891
1892 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1893
1894 if (argc > 1)
1895 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1896 if (argc == 0)
1897 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1898
1899 service_dir = argv[0];
1900
1901 setup_path();
1902
1903 if (!enter_repo(service_dir, 0))
1904 die("'%s' does not appear to be a git repository", service_dir);
1905
1906 git_config(receive_pack_config, NULL);
1907 if (cert_nonce_seed)
1908 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1909
1910 if (0 <= transfer_unpack_limit)
1911 unpack_limit = transfer_unpack_limit;
1912 else if (0 <= receive_unpack_limit)
1913 unpack_limit = receive_unpack_limit;
1914
1915 if (advertise_refs || !stateless_rpc) {
1916 write_head_info();
1917 }
1918 if (advertise_refs)
1919 return 0;
1920
1921 if ((commands = read_head_info(&shallow)) != NULL) {
1922 const char *unpack_status = NULL;
1923 struct string_list push_options = STRING_LIST_INIT_DUP;
1924
1925 if (use_push_options)
1926 read_push_options(&push_options);
1927
1928 prepare_shallow_info(&si, &shallow);
1929 if (!si.nr_ours && !si.nr_theirs)
1930 shallow_update = 0;
1931 if (!delete_only(commands)) {
1932 unpack_status = unpack_with_sideband(&si);
1933 update_shallow_info(commands, &si, &ref);
1934 }
1935 use_keepalive = KEEPALIVE_ALWAYS;
1936 execute_commands(commands, unpack_status, &si,
1937 &push_options);
1938 if (pack_lockfile)
1939 unlink_or_warn(pack_lockfile);
1940 if (report_status)
1941 report(commands, unpack_status);
1942 run_receive_hook(commands, "post-receive", 1,
1943 &push_options);
1944 run_update_post_hook(commands);
1945 if (push_options.nr)
1946 string_list_clear(&push_options, 0);
1947 if (auto_gc) {
1948 const char *argv_gc_auto[] = {
1949 "gc", "--auto", "--quiet", NULL,
1950 };
1951 struct child_process proc = CHILD_PROCESS_INIT;
1952
1953 proc.no_stdin = 1;
1954 proc.stdout_to_stderr = 1;
1955 proc.err = use_sideband ? -1 : 0;
1956 proc.git_cmd = 1;
1957 proc.argv = argv_gc_auto;
1958
1959 close_all_packs();
1960 if (!start_command(&proc)) {
1961 if (use_sideband)
1962 copy_to_sideband(proc.err, -1, NULL);
1963 finish_command(&proc);
1964 }
1965 }
1966 if (auto_update_server_info)
1967 update_server_info(0);
1968 clear_shallow_info(&si);
1969 }
1970 if (use_sideband)
1971 packet_flush(1);
1972 sha1_array_clear(&shallow);
1973 sha1_array_clear(&ref);
1974 free((void *)push_cert_nonce);
1975 return 0;
1976 }
The Best VCS Around