Merge branch 'jt/http-redact-cookies' into maint
[git.git] / builtin / receive-pack.c
blobb7ce7c7f5275febbf6db6b71e3b610b09a4fe191
1 #include "builtin.h"
2 #include "config.h"
3 #include "lockfile.h"
4 #include "pack.h"
5 #include "refs.h"
6 #include "pkt-line.h"
7 #include "sideband.h"
8 #include "run-command.h"
9 #include "exec_cmd.h"
10 #include "commit.h"
11 #include "object.h"
12 #include "remote.h"
13 #include "connect.h"
14 #include "transport.h"
15 #include "string-list.h"
16 #include "sha1-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "protocol.h"
29 static const char * const receive_pack_usage[] = {
30 N_("git receive-pack <git-dir>"),
31 NULL
34 enum deny_action {
35 DENY_UNCONFIGURED,
36 DENY_IGNORE,
37 DENY_WARN,
38 DENY_REFUSE,
39 DENY_UPDATE_INSTEAD
42 static int deny_deletes;
43 static int deny_non_fast_forwards;
44 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
45 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
46 static int receive_fsck_objects = -1;
47 static int transfer_fsck_objects = -1;
48 static struct strbuf fsck_msg_types = STRBUF_INIT;
49 static int receive_unpack_limit = -1;
50 static int transfer_unpack_limit = -1;
51 static int advertise_atomic_push = 1;
52 static int advertise_push_options;
53 static int unpack_limit = 100;
54 static off_t max_input_size;
55 static int report_status;
56 static int use_sideband;
57 static int use_atomic;
58 static int use_push_options;
59 static int quiet;
60 static int prefer_ofs_delta = 1;
61 static int auto_update_server_info;
62 static int auto_gc = 1;
63 static int reject_thin;
64 static int stateless_rpc;
65 static const char *service_dir;
66 static const char *head_name;
67 static void *head_name_to_free;
68 static int sent_capabilities;
69 static int shallow_update;
70 static const char *alt_shallow_file;
71 static struct strbuf push_cert = STRBUF_INIT;
72 static unsigned char push_cert_sha1[20];
73 static struct signature_check sigcheck;
74 static const char *push_cert_nonce;
75 static const char *cert_nonce_seed;
77 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
78 static const char *NONCE_BAD = "BAD";
79 static const char *NONCE_MISSING = "MISSING";
80 static const char *NONCE_OK = "OK";
81 static const char *NONCE_SLOP = "SLOP";
82 static const char *nonce_status;
83 static long nonce_stamp_slop;
84 static timestamp_t nonce_stamp_slop_limit;
85 static struct ref_transaction *transaction;
87 static enum {
88 KEEPALIVE_NEVER = 0,
89 KEEPALIVE_AFTER_NUL,
90 KEEPALIVE_ALWAYS
91 } use_keepalive;
92 static int keepalive_in_sec = 5;
94 static struct tmp_objdir *tmp_objdir;
96 static enum deny_action parse_deny_action(const char *var, const char *value)
98 if (value) {
99 if (!strcasecmp(value, "ignore"))
100 return DENY_IGNORE;
101 if (!strcasecmp(value, "warn"))
102 return DENY_WARN;
103 if (!strcasecmp(value, "refuse"))
104 return DENY_REFUSE;
105 if (!strcasecmp(value, "updateinstead"))
106 return DENY_UPDATE_INSTEAD;
108 if (git_config_bool(var, value))
109 return DENY_REFUSE;
110 return DENY_IGNORE;
113 static int receive_pack_config(const char *var, const char *value, void *cb)
115 int status = parse_hide_refs_config(var, value, "receive");
117 if (status)
118 return status;
120 if (strcmp(var, "receive.denydeletes") == 0) {
121 deny_deletes = git_config_bool(var, value);
122 return 0;
125 if (strcmp(var, "receive.denynonfastforwards") == 0) {
126 deny_non_fast_forwards = git_config_bool(var, value);
127 return 0;
130 if (strcmp(var, "receive.unpacklimit") == 0) {
131 receive_unpack_limit = git_config_int(var, value);
132 return 0;
135 if (strcmp(var, "transfer.unpacklimit") == 0) {
136 transfer_unpack_limit = git_config_int(var, value);
137 return 0;
140 if (strcmp(var, "receive.fsck.skiplist") == 0) {
141 const char *path;
143 if (git_config_pathname(&path, var, value))
144 return 1;
145 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
146 fsck_msg_types.len ? ',' : '=', path);
147 free((char *)path);
148 return 0;
151 if (skip_prefix(var, "receive.fsck.", &var)) {
152 if (is_valid_msg_type(var, value))
153 strbuf_addf(&fsck_msg_types, "%c%s=%s",
154 fsck_msg_types.len ? ',' : '=', var, value);
155 else
156 warning("Skipping unknown msg id '%s'", var);
157 return 0;
160 if (strcmp(var, "receive.fsckobjects") == 0) {
161 receive_fsck_objects = git_config_bool(var, value);
162 return 0;
165 if (strcmp(var, "transfer.fsckobjects") == 0) {
166 transfer_fsck_objects = git_config_bool(var, value);
167 return 0;
170 if (!strcmp(var, "receive.denycurrentbranch")) {
171 deny_current_branch = parse_deny_action(var, value);
172 return 0;
175 if (strcmp(var, "receive.denydeletecurrent") == 0) {
176 deny_delete_current = parse_deny_action(var, value);
177 return 0;
180 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
181 prefer_ofs_delta = git_config_bool(var, value);
182 return 0;
185 if (strcmp(var, "receive.updateserverinfo") == 0) {
186 auto_update_server_info = git_config_bool(var, value);
187 return 0;
190 if (strcmp(var, "receive.autogc") == 0) {
191 auto_gc = git_config_bool(var, value);
192 return 0;
195 if (strcmp(var, "receive.shallowupdate") == 0) {
196 shallow_update = git_config_bool(var, value);
197 return 0;
200 if (strcmp(var, "receive.certnonceseed") == 0)
201 return git_config_string(&cert_nonce_seed, var, value);
203 if (strcmp(var, "receive.certnonceslop") == 0) {
204 nonce_stamp_slop_limit = git_config_ulong(var, value);
205 return 0;
208 if (strcmp(var, "receive.advertiseatomic") == 0) {
209 advertise_atomic_push = git_config_bool(var, value);
210 return 0;
213 if (strcmp(var, "receive.advertisepushoptions") == 0) {
214 advertise_push_options = git_config_bool(var, value);
215 return 0;
218 if (strcmp(var, "receive.keepalive") == 0) {
219 keepalive_in_sec = git_config_int(var, value);
220 return 0;
223 if (strcmp(var, "receive.maxinputsize") == 0) {
224 max_input_size = git_config_int64(var, value);
225 return 0;
228 return git_default_config(var, value, cb);
231 static void show_ref(const char *path, const struct object_id *oid)
233 if (sent_capabilities) {
234 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
235 } else {
236 struct strbuf cap = STRBUF_INIT;
238 strbuf_addstr(&cap,
239 "report-status delete-refs side-band-64k quiet");
240 if (advertise_atomic_push)
241 strbuf_addstr(&cap, " atomic");
242 if (prefer_ofs_delta)
243 strbuf_addstr(&cap, " ofs-delta");
244 if (push_cert_nonce)
245 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
246 if (advertise_push_options)
247 strbuf_addstr(&cap, " push-options");
248 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
249 packet_write_fmt(1, "%s %s%c%s\n",
250 oid_to_hex(oid), path, 0, cap.buf);
251 strbuf_release(&cap);
252 sent_capabilities = 1;
256 static int show_ref_cb(const char *path_full, const struct object_id *oid,
257 int flag, void *data)
259 struct oidset *seen = data;
260 const char *path = strip_namespace(path_full);
262 if (ref_is_hidden(path, path_full))
263 return 0;
266 * Advertise refs outside our current namespace as ".have"
267 * refs, so that the client can use them to minimize data
268 * transfer but will otherwise ignore them.
270 if (!path) {
271 if (oidset_insert(seen, oid))
272 return 0;
273 path = ".have";
274 } else {
275 oidset_insert(seen, oid);
277 show_ref(path, oid);
278 return 0;
281 static void show_one_alternate_ref(const char *refname,
282 const struct object_id *oid,
283 void *data)
285 struct oidset *seen = data;
287 if (oidset_insert(seen, oid))
288 return;
290 show_ref(".have", oid);
293 static void write_head_info(void)
295 static struct oidset seen = OIDSET_INIT;
297 for_each_ref(show_ref_cb, &seen);
298 for_each_alternate_ref(show_one_alternate_ref, &seen);
299 oidset_clear(&seen);
300 if (!sent_capabilities)
301 show_ref("capabilities^{}", &null_oid);
303 advertise_shallow_grafts(1);
305 /* EOF */
306 packet_flush(1);
309 struct command {
310 struct command *next;
311 const char *error_string;
312 unsigned int skip_update:1,
313 did_not_exist:1;
314 int index;
315 struct object_id old_oid;
316 struct object_id new_oid;
317 char ref_name[FLEX_ARRAY]; /* more */
320 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
321 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
323 static void report_message(const char *prefix, const char *err, va_list params)
325 int sz;
326 char msg[4096];
328 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
329 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
330 if (sz > (sizeof(msg) - 1))
331 sz = sizeof(msg) - 1;
332 msg[sz++] = '\n';
334 if (use_sideband)
335 send_sideband(1, 2, msg, sz, use_sideband);
336 else
337 xwrite(2, msg, sz);
340 static void rp_warning(const char *err, ...)
342 va_list params;
343 va_start(params, err);
344 report_message("warning: ", err, params);
345 va_end(params);
348 static void rp_error(const char *err, ...)
350 va_list params;
351 va_start(params, err);
352 report_message("error: ", err, params);
353 va_end(params);
356 static int copy_to_sideband(int in, int out, void *arg)
358 char data[128];
359 int keepalive_active = 0;
361 if (keepalive_in_sec <= 0)
362 use_keepalive = KEEPALIVE_NEVER;
363 if (use_keepalive == KEEPALIVE_ALWAYS)
364 keepalive_active = 1;
366 while (1) {
367 ssize_t sz;
369 if (keepalive_active) {
370 struct pollfd pfd;
371 int ret;
373 pfd.fd = in;
374 pfd.events = POLLIN;
375 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
377 if (ret < 0) {
378 if (errno == EINTR)
379 continue;
380 else
381 break;
382 } else if (ret == 0) {
383 /* no data; send a keepalive packet */
384 static const char buf[] = "0005\1";
385 write_or_die(1, buf, sizeof(buf) - 1);
386 continue;
387 } /* else there is actual data to read */
390 sz = xread(in, data, sizeof(data));
391 if (sz <= 0)
392 break;
394 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
395 const char *p = memchr(data, '\0', sz);
396 if (p) {
398 * The NUL tells us to start sending keepalives. Make
399 * sure we send any other data we read along
400 * with it.
402 keepalive_active = 1;
403 send_sideband(1, 2, data, p - data, use_sideband);
404 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
405 continue;
410 * Either we're not looking for a NUL signal, or we didn't see
411 * it yet; just pass along the data.
413 send_sideband(1, 2, data, sz, use_sideband);
415 close(in);
416 return 0;
419 #define HMAC_BLOCK_SIZE 64
421 static void hmac_sha1(unsigned char *out,
422 const char *key_in, size_t key_len,
423 const char *text, size_t text_len)
425 unsigned char key[HMAC_BLOCK_SIZE];
426 unsigned char k_ipad[HMAC_BLOCK_SIZE];
427 unsigned char k_opad[HMAC_BLOCK_SIZE];
428 int i;
429 git_SHA_CTX ctx;
431 /* RFC 2104 2. (1) */
432 memset(key, '\0', HMAC_BLOCK_SIZE);
433 if (HMAC_BLOCK_SIZE < key_len) {
434 git_SHA1_Init(&ctx);
435 git_SHA1_Update(&ctx, key_in, key_len);
436 git_SHA1_Final(key, &ctx);
437 } else {
438 memcpy(key, key_in, key_len);
441 /* RFC 2104 2. (2) & (5) */
442 for (i = 0; i < sizeof(key); i++) {
443 k_ipad[i] = key[i] ^ 0x36;
444 k_opad[i] = key[i] ^ 0x5c;
447 /* RFC 2104 2. (3) & (4) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
450 git_SHA1_Update(&ctx, text, text_len);
451 git_SHA1_Final(out, &ctx);
453 /* RFC 2104 2. (6) & (7) */
454 git_SHA1_Init(&ctx);
455 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
456 git_SHA1_Update(&ctx, out, 20);
457 git_SHA1_Final(out, &ctx);
460 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462 struct strbuf buf = STRBUF_INIT;
463 unsigned char sha1[20];
465 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
466 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
467 strbuf_release(&buf);
469 /* RFC 2104 5. HMAC-SHA1-80 */
470 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
471 return strbuf_detach(&buf, NULL);
475 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
476 * after dropping "_commit" from its name and possibly moving it out
477 * of commit.c
479 static char *find_header(const char *msg, size_t len, const char *key,
480 const char **next_line)
482 int key_len = strlen(key);
483 const char *line = msg;
485 while (line && line < msg + len) {
486 const char *eol = strchrnul(line, '\n');
488 if ((msg + len <= eol) || line == eol)
489 return NULL;
490 if (line + key_len < eol &&
491 !memcmp(line, key, key_len) && line[key_len] == ' ') {
492 int offset = key_len + 1;
493 if (next_line)
494 *next_line = *eol ? eol + 1 : eol;
495 return xmemdupz(line + offset, (eol - line) - offset);
497 line = *eol ? eol + 1 : NULL;
499 return NULL;
502 static const char *check_nonce(const char *buf, size_t len)
504 char *nonce = find_header(buf, len, "nonce", NULL);
505 timestamp_t stamp, ostamp;
506 char *bohmac, *expect = NULL;
507 const char *retval = NONCE_BAD;
509 if (!nonce) {
510 retval = NONCE_MISSING;
511 goto leave;
512 } else if (!push_cert_nonce) {
513 retval = NONCE_UNSOLICITED;
514 goto leave;
515 } else if (!strcmp(push_cert_nonce, nonce)) {
516 retval = NONCE_OK;
517 goto leave;
520 if (!stateless_rpc) {
521 /* returned nonce MUST match what we gave out earlier */
522 retval = NONCE_BAD;
523 goto leave;
527 * In stateless mode, we may be receiving a nonce issued by
528 * another instance of the server that serving the same
529 * repository, and the timestamps may not match, but the
530 * nonce-seed and dir should match, so we can recompute and
531 * report the time slop.
533 * In addition, when a nonce issued by another instance has
534 * timestamp within receive.certnonceslop seconds, we pretend
535 * as if we issued that nonce when reporting to the hook.
538 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
539 if (*nonce <= '0' || '9' < *nonce) {
540 retval = NONCE_BAD;
541 goto leave;
543 stamp = parse_timestamp(nonce, &bohmac, 10);
544 if (bohmac == nonce || bohmac[0] != '-') {
545 retval = NONCE_BAD;
546 goto leave;
549 expect = prepare_push_cert_nonce(service_dir, stamp);
550 if (strcmp(expect, nonce)) {
551 /* Not what we would have signed earlier */
552 retval = NONCE_BAD;
553 goto leave;
557 * By how many seconds is this nonce stale? Negative value
558 * would mean it was issued by another server with its clock
559 * skewed in the future.
561 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
562 nonce_stamp_slop = (long)ostamp - (long)stamp;
564 if (nonce_stamp_slop_limit &&
565 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
567 * Pretend as if the received nonce (which passes the
568 * HMAC check, so it is not a forged by third-party)
569 * is what we issued.
571 free((void *)push_cert_nonce);
572 push_cert_nonce = xstrdup(nonce);
573 retval = NONCE_OK;
574 } else {
575 retval = NONCE_SLOP;
578 leave:
579 free(nonce);
580 free(expect);
581 return retval;
585 * Return 1 if there is no push_cert or if the push options in push_cert are
586 * the same as those in the argument; 0 otherwise.
588 static int check_cert_push_options(const struct string_list *push_options)
590 const char *buf = push_cert.buf;
591 int len = push_cert.len;
593 char *option;
594 const char *next_line;
595 int options_seen = 0;
597 int retval = 1;
599 if (!len)
600 return 1;
602 while ((option = find_header(buf, len, "push-option", &next_line))) {
603 len -= (next_line - buf);
604 buf = next_line;
605 options_seen++;
606 if (options_seen > push_options->nr
607 || strcmp(option,
608 push_options->items[options_seen - 1].string)) {
609 retval = 0;
610 goto leave;
612 free(option);
615 if (options_seen != push_options->nr)
616 retval = 0;
618 leave:
619 free(option);
620 return retval;
623 static void prepare_push_cert_sha1(struct child_process *proc)
625 static int already_done;
627 if (!push_cert.len)
628 return;
630 if (!already_done) {
631 struct strbuf gpg_output = STRBUF_INIT;
632 struct strbuf gpg_status = STRBUF_INIT;
633 int bogs /* beginning_of_gpg_sig */;
635 already_done = 1;
636 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
637 hashclr(push_cert_sha1);
639 memset(&sigcheck, '\0', sizeof(sigcheck));
640 sigcheck.result = 'N';
642 bogs = parse_signature(push_cert.buf, push_cert.len);
643 if (verify_signed_buffer(push_cert.buf, bogs,
644 push_cert.buf + bogs, push_cert.len - bogs,
645 &gpg_output, &gpg_status) < 0) {
646 ; /* error running gpg */
647 } else {
648 sigcheck.payload = push_cert.buf;
649 sigcheck.gpg_output = gpg_output.buf;
650 sigcheck.gpg_status = gpg_status.buf;
651 parse_gpg_output(&sigcheck);
654 strbuf_release(&gpg_output);
655 strbuf_release(&gpg_status);
656 nonce_status = check_nonce(push_cert.buf, bogs);
658 if (!is_null_sha1(push_cert_sha1)) {
659 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
660 sha1_to_hex(push_cert_sha1));
661 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
662 sigcheck.signer ? sigcheck.signer : "");
663 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
664 sigcheck.key ? sigcheck.key : "");
665 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
666 sigcheck.result);
667 if (push_cert_nonce) {
668 argv_array_pushf(&proc->env_array,
669 "GIT_PUSH_CERT_NONCE=%s",
670 push_cert_nonce);
671 argv_array_pushf(&proc->env_array,
672 "GIT_PUSH_CERT_NONCE_STATUS=%s",
673 nonce_status);
674 if (nonce_status == NONCE_SLOP)
675 argv_array_pushf(&proc->env_array,
676 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
677 nonce_stamp_slop);
682 struct receive_hook_feed_state {
683 struct command *cmd;
684 int skip_broken;
685 struct strbuf buf;
686 const struct string_list *push_options;
689 typedef int (*feed_fn)(void *, const char **, size_t *);
690 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
691 struct receive_hook_feed_state *feed_state)
693 struct child_process proc = CHILD_PROCESS_INIT;
694 struct async muxer;
695 const char *argv[2];
696 int code;
698 argv[0] = find_hook(hook_name);
699 if (!argv[0])
700 return 0;
702 argv[1] = NULL;
704 proc.argv = argv;
705 proc.in = -1;
706 proc.stdout_to_stderr = 1;
707 if (feed_state->push_options) {
708 int i;
709 for (i = 0; i < feed_state->push_options->nr; i++)
710 argv_array_pushf(&proc.env_array,
711 "GIT_PUSH_OPTION_%d=%s", i,
712 feed_state->push_options->items[i].string);
713 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
714 feed_state->push_options->nr);
715 } else
716 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
718 if (tmp_objdir)
719 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
721 if (use_sideband) {
722 memset(&muxer, 0, sizeof(muxer));
723 muxer.proc = copy_to_sideband;
724 muxer.in = -1;
725 code = start_async(&muxer);
726 if (code)
727 return code;
728 proc.err = muxer.in;
731 prepare_push_cert_sha1(&proc);
733 code = start_command(&proc);
734 if (code) {
735 if (use_sideband)
736 finish_async(&muxer);
737 return code;
740 sigchain_push(SIGPIPE, SIG_IGN);
742 while (1) {
743 const char *buf;
744 size_t n;
745 if (feed(feed_state, &buf, &n))
746 break;
747 if (write_in_full(proc.in, buf, n) < 0)
748 break;
750 close(proc.in);
751 if (use_sideband)
752 finish_async(&muxer);
754 sigchain_pop(SIGPIPE);
756 return finish_command(&proc);
759 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
761 struct receive_hook_feed_state *state = state_;
762 struct command *cmd = state->cmd;
764 while (cmd &&
765 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
766 cmd = cmd->next;
767 if (!cmd)
768 return -1; /* EOF */
769 strbuf_reset(&state->buf);
770 strbuf_addf(&state->buf, "%s %s %s\n",
771 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
772 cmd->ref_name);
773 state->cmd = cmd->next;
774 if (bufp) {
775 *bufp = state->buf.buf;
776 *sizep = state->buf.len;
778 return 0;
781 static int run_receive_hook(struct command *commands,
782 const char *hook_name,
783 int skip_broken,
784 const struct string_list *push_options)
786 struct receive_hook_feed_state state;
787 int status;
789 strbuf_init(&state.buf, 0);
790 state.cmd = commands;
791 state.skip_broken = skip_broken;
792 if (feed_receive_hook(&state, NULL, NULL))
793 return 0;
794 state.cmd = commands;
795 state.push_options = push_options;
796 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
797 strbuf_release(&state.buf);
798 return status;
801 static int run_update_hook(struct command *cmd)
803 const char *argv[5];
804 struct child_process proc = CHILD_PROCESS_INIT;
805 int code;
807 argv[0] = find_hook("update");
808 if (!argv[0])
809 return 0;
811 argv[1] = cmd->ref_name;
812 argv[2] = oid_to_hex(&cmd->old_oid);
813 argv[3] = oid_to_hex(&cmd->new_oid);
814 argv[4] = NULL;
816 proc.no_stdin = 1;
817 proc.stdout_to_stderr = 1;
818 proc.err = use_sideband ? -1 : 0;
819 proc.argv = argv;
821 code = start_command(&proc);
822 if (code)
823 return code;
824 if (use_sideband)
825 copy_to_sideband(proc.err, -1, NULL);
826 return finish_command(&proc);
829 static int is_ref_checked_out(const char *ref)
831 if (is_bare_repository())
832 return 0;
834 if (!head_name)
835 return 0;
836 return !strcmp(head_name, ref);
839 static char *refuse_unconfigured_deny_msg =
840 N_("By default, updating the current branch in a non-bare repository\n"
841 "is denied, because it will make the index and work tree inconsistent\n"
842 "with what you pushed, and will require 'git reset --hard' to match\n"
843 "the work tree to HEAD.\n"
844 "\n"
845 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
846 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
847 "its current branch; however, this is not recommended unless you\n"
848 "arranged to update its work tree to match what you pushed in some\n"
849 "other way.\n"
850 "\n"
851 "To squelch this message and still keep the default behaviour, set\n"
852 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
854 static void refuse_unconfigured_deny(void)
856 rp_error("%s", _(refuse_unconfigured_deny_msg));
859 static char *refuse_unconfigured_deny_delete_current_msg =
860 N_("By default, deleting the current branch is denied, because the next\n"
861 "'git clone' won't result in any file checked out, causing confusion.\n"
862 "\n"
863 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
864 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
865 "current branch, with or without a warning message.\n"
866 "\n"
867 "To squelch this message, you can set it to 'refuse'.");
869 static void refuse_unconfigured_deny_delete_current(void)
871 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
874 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
875 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
877 static struct lock_file shallow_lock;
878 struct oid_array extra = OID_ARRAY_INIT;
879 struct check_connected_options opt = CHECK_CONNECTED_INIT;
880 uint32_t mask = 1 << (cmd->index % 32);
881 int i;
883 trace_printf_key(&trace_shallow,
884 "shallow: update_shallow_ref %s\n", cmd->ref_name);
885 for (i = 0; i < si->shallow->nr; i++)
886 if (si->used_shallow[i] &&
887 (si->used_shallow[i][cmd->index / 32] & mask) &&
888 !delayed_reachability_test(si, i))
889 oid_array_append(&extra, &si->shallow->oid[i]);
891 opt.env = tmp_objdir_env(tmp_objdir);
892 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
893 if (check_connected(command_singleton_iterator, cmd, &opt)) {
894 rollback_lock_file(&shallow_lock);
895 oid_array_clear(&extra);
896 return -1;
899 commit_lock_file(&shallow_lock);
902 * Make sure setup_alternate_shallow() for the next ref does
903 * not lose these new roots..
905 for (i = 0; i < extra.nr; i++)
906 register_shallow(&extra.oid[i]);
908 si->shallow_ref[cmd->index] = 0;
909 oid_array_clear(&extra);
910 return 0;
914 * NEEDSWORK: we should consolidate various implementions of "are we
915 * on an unborn branch?" test into one, and make the unified one more
916 * robust. !get_sha1() based check used here and elsewhere would not
917 * allow us to tell an unborn branch from corrupt ref, for example.
918 * For the purpose of fixing "deploy-to-update does not work when
919 * pushing into an empty repository" issue, this should suffice for
920 * now.
922 static int head_has_history(void)
924 struct object_id oid;
926 return !get_oid("HEAD", &oid);
929 static const char *push_to_deploy(unsigned char *sha1,
930 struct argv_array *env,
931 const char *work_tree)
933 const char *update_refresh[] = {
934 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
936 const char *diff_files[] = {
937 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
939 const char *diff_index[] = {
940 "diff-index", "--quiet", "--cached", "--ignore-submodules",
941 NULL, "--", NULL
943 const char *read_tree[] = {
944 "read-tree", "-u", "-m", NULL, NULL
946 struct child_process child = CHILD_PROCESS_INIT;
948 child.argv = update_refresh;
949 child.env = env->argv;
950 child.dir = work_tree;
951 child.no_stdin = 1;
952 child.stdout_to_stderr = 1;
953 child.git_cmd = 1;
954 if (run_command(&child))
955 return "Up-to-date check failed";
957 /* run_command() does not clean up completely; reinitialize */
958 child_process_init(&child);
959 child.argv = diff_files;
960 child.env = env->argv;
961 child.dir = work_tree;
962 child.no_stdin = 1;
963 child.stdout_to_stderr = 1;
964 child.git_cmd = 1;
965 if (run_command(&child))
966 return "Working directory has unstaged changes";
968 /* diff-index with either HEAD or an empty tree */
969 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
971 child_process_init(&child);
972 child.argv = diff_index;
973 child.env = env->argv;
974 child.no_stdin = 1;
975 child.no_stdout = 1;
976 child.stdout_to_stderr = 0;
977 child.git_cmd = 1;
978 if (run_command(&child))
979 return "Working directory has staged changes";
981 read_tree[3] = sha1_to_hex(sha1);
982 child_process_init(&child);
983 child.argv = read_tree;
984 child.env = env->argv;
985 child.dir = work_tree;
986 child.no_stdin = 1;
987 child.no_stdout = 1;
988 child.stdout_to_stderr = 0;
989 child.git_cmd = 1;
990 if (run_command(&child))
991 return "Could not update working tree to new HEAD";
993 return NULL;
996 static const char *push_to_checkout_hook = "push-to-checkout";
998 static const char *push_to_checkout(unsigned char *sha1,
999 struct argv_array *env,
1000 const char *work_tree)
1002 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1003 if (run_hook_le(env->argv, push_to_checkout_hook,
1004 sha1_to_hex(sha1), NULL))
1005 return "push-to-checkout hook declined";
1006 else
1007 return NULL;
1010 static const char *update_worktree(unsigned char *sha1)
1012 const char *retval;
1013 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1014 struct argv_array env = ARGV_ARRAY_INIT;
1016 if (is_bare_repository())
1017 return "denyCurrentBranch = updateInstead needs a worktree";
1019 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1021 if (!find_hook(push_to_checkout_hook))
1022 retval = push_to_deploy(sha1, &env, work_tree);
1023 else
1024 retval = push_to_checkout(sha1, &env, work_tree);
1026 argv_array_clear(&env);
1027 return retval;
1030 static const char *update(struct command *cmd, struct shallow_info *si)
1032 const char *name = cmd->ref_name;
1033 struct strbuf namespaced_name_buf = STRBUF_INIT;
1034 static char *namespaced_name;
1035 const char *ret;
1036 struct object_id *old_oid = &cmd->old_oid;
1037 struct object_id *new_oid = &cmd->new_oid;
1039 /* only refs/... are allowed */
1040 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1041 rp_error("refusing to create funny ref '%s' remotely", name);
1042 return "funny refname";
1045 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1046 free(namespaced_name);
1047 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1049 if (is_ref_checked_out(namespaced_name)) {
1050 switch (deny_current_branch) {
1051 case DENY_IGNORE:
1052 break;
1053 case DENY_WARN:
1054 rp_warning("updating the current branch");
1055 break;
1056 case DENY_REFUSE:
1057 case DENY_UNCONFIGURED:
1058 rp_error("refusing to update checked out branch: %s", name);
1059 if (deny_current_branch == DENY_UNCONFIGURED)
1060 refuse_unconfigured_deny();
1061 return "branch is currently checked out";
1062 case DENY_UPDATE_INSTEAD:
1063 ret = update_worktree(new_oid->hash);
1064 if (ret)
1065 return ret;
1066 break;
1070 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1071 error("unpack should have generated %s, "
1072 "but I can't find it!", oid_to_hex(new_oid));
1073 return "bad pack";
1076 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1077 if (deny_deletes && starts_with(name, "refs/heads/")) {
1078 rp_error("denying ref deletion for %s", name);
1079 return "deletion prohibited";
1082 if (head_name && !strcmp(namespaced_name, head_name)) {
1083 switch (deny_delete_current) {
1084 case DENY_IGNORE:
1085 break;
1086 case DENY_WARN:
1087 rp_warning("deleting the current branch");
1088 break;
1089 case DENY_REFUSE:
1090 case DENY_UNCONFIGURED:
1091 case DENY_UPDATE_INSTEAD:
1092 if (deny_delete_current == DENY_UNCONFIGURED)
1093 refuse_unconfigured_deny_delete_current();
1094 rp_error("refusing to delete the current branch: %s", name);
1095 return "deletion of the current branch prohibited";
1096 default:
1097 return "Invalid denyDeleteCurrent setting";
1102 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1103 !is_null_oid(old_oid) &&
1104 starts_with(name, "refs/heads/")) {
1105 struct object *old_object, *new_object;
1106 struct commit *old_commit, *new_commit;
1108 old_object = parse_object(old_oid);
1109 new_object = parse_object(new_oid);
1111 if (!old_object || !new_object ||
1112 old_object->type != OBJ_COMMIT ||
1113 new_object->type != OBJ_COMMIT) {
1114 error("bad sha1 objects for %s", name);
1115 return "bad ref";
1117 old_commit = (struct commit *)old_object;
1118 new_commit = (struct commit *)new_object;
1119 if (!in_merge_bases(old_commit, new_commit)) {
1120 rp_error("denying non-fast-forward %s"
1121 " (you should pull first)", name);
1122 return "non-fast-forward";
1125 if (run_update_hook(cmd)) {
1126 rp_error("hook declined to update %s", name);
1127 return "hook declined";
1130 if (is_null_oid(new_oid)) {
1131 struct strbuf err = STRBUF_INIT;
1132 if (!parse_object(old_oid)) {
1133 old_oid = NULL;
1134 if (ref_exists(name)) {
1135 rp_warning("Allowing deletion of corrupt ref.");
1136 } else {
1137 rp_warning("Deleting a non-existent ref.");
1138 cmd->did_not_exist = 1;
1141 if (ref_transaction_delete(transaction,
1142 namespaced_name,
1143 old_oid,
1144 0, "push", &err)) {
1145 rp_error("%s", err.buf);
1146 strbuf_release(&err);
1147 return "failed to delete";
1149 strbuf_release(&err);
1150 return NULL; /* good */
1152 else {
1153 struct strbuf err = STRBUF_INIT;
1154 if (shallow_update && si->shallow_ref[cmd->index] &&
1155 update_shallow_ref(cmd, si))
1156 return "shallow error";
1158 if (ref_transaction_update(transaction,
1159 namespaced_name,
1160 new_oid, old_oid,
1161 0, "push",
1162 &err)) {
1163 rp_error("%s", err.buf);
1164 strbuf_release(&err);
1166 return "failed to update ref";
1168 strbuf_release(&err);
1170 return NULL; /* good */
1174 static void run_update_post_hook(struct command *commands)
1176 struct command *cmd;
1177 struct child_process proc = CHILD_PROCESS_INIT;
1178 const char *hook;
1180 hook = find_hook("post-update");
1181 if (!hook)
1182 return;
1184 for (cmd = commands; cmd; cmd = cmd->next) {
1185 if (cmd->error_string || cmd->did_not_exist)
1186 continue;
1187 if (!proc.args.argc)
1188 argv_array_push(&proc.args, hook);
1189 argv_array_push(&proc.args, cmd->ref_name);
1191 if (!proc.args.argc)
1192 return;
1194 proc.no_stdin = 1;
1195 proc.stdout_to_stderr = 1;
1196 proc.err = use_sideband ? -1 : 0;
1198 if (!start_command(&proc)) {
1199 if (use_sideband)
1200 copy_to_sideband(proc.err, -1, NULL);
1201 finish_command(&proc);
1205 static void check_aliased_update(struct command *cmd, struct string_list *list)
1207 struct strbuf buf = STRBUF_INIT;
1208 const char *dst_name;
1209 struct string_list_item *item;
1210 struct command *dst_cmd;
1211 int flag;
1213 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1214 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1215 strbuf_release(&buf);
1217 if (!(flag & REF_ISSYMREF))
1218 return;
1220 if (!dst_name) {
1221 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1222 cmd->skip_update = 1;
1223 cmd->error_string = "broken symref";
1224 return;
1226 dst_name = strip_namespace(dst_name);
1228 if ((item = string_list_lookup(list, dst_name)) == NULL)
1229 return;
1231 cmd->skip_update = 1;
1233 dst_cmd = (struct command *) item->util;
1235 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1236 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1237 return;
1239 dst_cmd->skip_update = 1;
1241 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1242 " its target '%s' (%s..%s)",
1243 cmd->ref_name,
1244 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1245 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1246 dst_cmd->ref_name,
1247 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1248 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1250 cmd->error_string = dst_cmd->error_string =
1251 "inconsistent aliased update";
1254 static void check_aliased_updates(struct command *commands)
1256 struct command *cmd;
1257 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1259 for (cmd = commands; cmd; cmd = cmd->next) {
1260 struct string_list_item *item =
1261 string_list_append(&ref_list, cmd->ref_name);
1262 item->util = (void *)cmd;
1264 string_list_sort(&ref_list);
1266 for (cmd = commands; cmd; cmd = cmd->next) {
1267 if (!cmd->error_string)
1268 check_aliased_update(cmd, &ref_list);
1271 string_list_clear(&ref_list, 0);
1274 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1276 struct command **cmd_list = cb_data;
1277 struct command *cmd = *cmd_list;
1279 if (!cmd || is_null_oid(&cmd->new_oid))
1280 return -1; /* end of list */
1281 *cmd_list = NULL; /* this returns only one */
1282 oidcpy(oid, &cmd->new_oid);
1283 return 0;
1286 static void set_connectivity_errors(struct command *commands,
1287 struct shallow_info *si)
1289 struct command *cmd;
1291 for (cmd = commands; cmd; cmd = cmd->next) {
1292 struct command *singleton = cmd;
1293 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1295 if (shallow_update && si->shallow_ref[cmd->index])
1296 /* to be checked in update_shallow_ref() */
1297 continue;
1299 opt.env = tmp_objdir_env(tmp_objdir);
1300 if (!check_connected(command_singleton_iterator, &singleton,
1301 &opt))
1302 continue;
1304 cmd->error_string = "missing necessary objects";
1308 struct iterate_data {
1309 struct command *cmds;
1310 struct shallow_info *si;
1313 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1315 struct iterate_data *data = cb_data;
1316 struct command **cmd_list = &data->cmds;
1317 struct command *cmd = *cmd_list;
1319 for (; cmd; cmd = cmd->next) {
1320 if (shallow_update && data->si->shallow_ref[cmd->index])
1321 /* to be checked in update_shallow_ref() */
1322 continue;
1323 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1324 oidcpy(oid, &cmd->new_oid);
1325 *cmd_list = cmd->next;
1326 return 0;
1329 *cmd_list = NULL;
1330 return -1; /* end of list */
1333 static void reject_updates_to_hidden(struct command *commands)
1335 struct strbuf refname_full = STRBUF_INIT;
1336 size_t prefix_len;
1337 struct command *cmd;
1339 strbuf_addstr(&refname_full, get_git_namespace());
1340 prefix_len = refname_full.len;
1342 for (cmd = commands; cmd; cmd = cmd->next) {
1343 if (cmd->error_string)
1344 continue;
1346 strbuf_setlen(&refname_full, prefix_len);
1347 strbuf_addstr(&refname_full, cmd->ref_name);
1349 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1350 continue;
1351 if (is_null_oid(&cmd->new_oid))
1352 cmd->error_string = "deny deleting a hidden ref";
1353 else
1354 cmd->error_string = "deny updating a hidden ref";
1357 strbuf_release(&refname_full);
1360 static int should_process_cmd(struct command *cmd)
1362 return !cmd->error_string && !cmd->skip_update;
1365 static void warn_if_skipped_connectivity_check(struct command *commands,
1366 struct shallow_info *si)
1368 struct command *cmd;
1369 int checked_connectivity = 1;
1371 for (cmd = commands; cmd; cmd = cmd->next) {
1372 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1373 error("BUG: connectivity check has not been run on ref %s",
1374 cmd->ref_name);
1375 checked_connectivity = 0;
1378 if (!checked_connectivity)
1379 die("BUG: connectivity check skipped???");
1382 static void execute_commands_non_atomic(struct command *commands,
1383 struct shallow_info *si)
1385 struct command *cmd;
1386 struct strbuf err = STRBUF_INIT;
1388 for (cmd = commands; cmd; cmd = cmd->next) {
1389 if (!should_process_cmd(cmd))
1390 continue;
1392 transaction = ref_transaction_begin(&err);
1393 if (!transaction) {
1394 rp_error("%s", err.buf);
1395 strbuf_reset(&err);
1396 cmd->error_string = "transaction failed to start";
1397 continue;
1400 cmd->error_string = update(cmd, si);
1402 if (!cmd->error_string
1403 && ref_transaction_commit(transaction, &err)) {
1404 rp_error("%s", err.buf);
1405 strbuf_reset(&err);
1406 cmd->error_string = "failed to update ref";
1408 ref_transaction_free(transaction);
1410 strbuf_release(&err);
1413 static void execute_commands_atomic(struct command *commands,
1414 struct shallow_info *si)
1416 struct command *cmd;
1417 struct strbuf err = STRBUF_INIT;
1418 const char *reported_error = "atomic push failure";
1420 transaction = ref_transaction_begin(&err);
1421 if (!transaction) {
1422 rp_error("%s", err.buf);
1423 strbuf_reset(&err);
1424 reported_error = "transaction failed to start";
1425 goto failure;
1428 for (cmd = commands; cmd; cmd = cmd->next) {
1429 if (!should_process_cmd(cmd))
1430 continue;
1432 cmd->error_string = update(cmd, si);
1434 if (cmd->error_string)
1435 goto failure;
1438 if (ref_transaction_commit(transaction, &err)) {
1439 rp_error("%s", err.buf);
1440 reported_error = "atomic transaction failed";
1441 goto failure;
1443 goto cleanup;
1445 failure:
1446 for (cmd = commands; cmd; cmd = cmd->next)
1447 if (!cmd->error_string)
1448 cmd->error_string = reported_error;
1450 cleanup:
1451 ref_transaction_free(transaction);
1452 strbuf_release(&err);
1455 static void execute_commands(struct command *commands,
1456 const char *unpacker_error,
1457 struct shallow_info *si,
1458 const struct string_list *push_options)
1460 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1461 struct command *cmd;
1462 struct iterate_data data;
1463 struct async muxer;
1464 int err_fd = 0;
1466 if (unpacker_error) {
1467 for (cmd = commands; cmd; cmd = cmd->next)
1468 cmd->error_string = "unpacker error";
1469 return;
1472 if (use_sideband) {
1473 memset(&muxer, 0, sizeof(muxer));
1474 muxer.proc = copy_to_sideband;
1475 muxer.in = -1;
1476 if (!start_async(&muxer))
1477 err_fd = muxer.in;
1478 /* ...else, continue without relaying sideband */
1481 data.cmds = commands;
1482 data.si = si;
1483 opt.err_fd = err_fd;
1484 opt.progress = err_fd && !quiet;
1485 opt.env = tmp_objdir_env(tmp_objdir);
1486 if (check_connected(iterate_receive_command_list, &data, &opt))
1487 set_connectivity_errors(commands, si);
1489 if (use_sideband)
1490 finish_async(&muxer);
1492 reject_updates_to_hidden(commands);
1494 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1495 for (cmd = commands; cmd; cmd = cmd->next) {
1496 if (!cmd->error_string)
1497 cmd->error_string = "pre-receive hook declined";
1499 return;
1503 * Now we'll start writing out refs, which means the objects need
1504 * to be in their final positions so that other processes can see them.
1506 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1507 for (cmd = commands; cmd; cmd = cmd->next) {
1508 if (!cmd->error_string)
1509 cmd->error_string = "unable to migrate objects to permanent storage";
1511 return;
1513 tmp_objdir = NULL;
1515 check_aliased_updates(commands);
1517 free(head_name_to_free);
1518 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1520 if (use_atomic)
1521 execute_commands_atomic(commands, si);
1522 else
1523 execute_commands_non_atomic(commands, si);
1525 if (shallow_update)
1526 warn_if_skipped_connectivity_check(commands, si);
1529 static struct command **queue_command(struct command **tail,
1530 const char *line,
1531 int linelen)
1533 struct object_id old_oid, new_oid;
1534 struct command *cmd;
1535 const char *refname;
1536 int reflen;
1537 const char *p;
1539 if (parse_oid_hex(line, &old_oid, &p) ||
1540 *p++ != ' ' ||
1541 parse_oid_hex(p, &new_oid, &p) ||
1542 *p++ != ' ')
1543 die("protocol error: expected old/new/ref, got '%s'", line);
1545 refname = p;
1546 reflen = linelen - (p - line);
1547 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1548 oidcpy(&cmd->old_oid, &old_oid);
1549 oidcpy(&cmd->new_oid, &new_oid);
1550 *tail = cmd;
1551 return &cmd->next;
1554 static void queue_commands_from_cert(struct command **tail,
1555 struct strbuf *push_cert)
1557 const char *boc, *eoc;
1559 if (*tail)
1560 die("protocol error: got both push certificate and unsigned commands");
1562 boc = strstr(push_cert->buf, "\n\n");
1563 if (!boc)
1564 die("malformed push certificate %.*s", 100, push_cert->buf);
1565 else
1566 boc += 2;
1567 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1569 while (boc < eoc) {
1570 const char *eol = memchr(boc, '\n', eoc - boc);
1571 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1572 boc = eol ? eol + 1 : eoc;
1576 static struct command *read_head_info(struct oid_array *shallow)
1578 struct command *commands = NULL;
1579 struct command **p = &commands;
1580 for (;;) {
1581 char *line;
1582 int len, linelen;
1584 line = packet_read_line(0, &len);
1585 if (!line)
1586 break;
1588 if (len > 8 && starts_with(line, "shallow ")) {
1589 struct object_id oid;
1590 if (get_oid_hex(line + 8, &oid))
1591 die("protocol error: expected shallow sha, got '%s'",
1592 line + 8);
1593 oid_array_append(shallow, &oid);
1594 continue;
1597 linelen = strlen(line);
1598 if (linelen < len) {
1599 const char *feature_list = line + linelen + 1;
1600 if (parse_feature_request(feature_list, "report-status"))
1601 report_status = 1;
1602 if (parse_feature_request(feature_list, "side-band-64k"))
1603 use_sideband = LARGE_PACKET_MAX;
1604 if (parse_feature_request(feature_list, "quiet"))
1605 quiet = 1;
1606 if (advertise_atomic_push
1607 && parse_feature_request(feature_list, "atomic"))
1608 use_atomic = 1;
1609 if (advertise_push_options
1610 && parse_feature_request(feature_list, "push-options"))
1611 use_push_options = 1;
1614 if (!strcmp(line, "push-cert")) {
1615 int true_flush = 0;
1616 char certbuf[1024];
1618 for (;;) {
1619 len = packet_read(0, NULL, NULL,
1620 certbuf, sizeof(certbuf), 0);
1621 if (!len) {
1622 true_flush = 1;
1623 break;
1625 if (!strcmp(certbuf, "push-cert-end\n"))
1626 break; /* end of cert */
1627 strbuf_addstr(&push_cert, certbuf);
1630 if (true_flush)
1631 break;
1632 continue;
1635 p = queue_command(p, line, linelen);
1638 if (push_cert.len)
1639 queue_commands_from_cert(p, &push_cert);
1641 return commands;
1644 static void read_push_options(struct string_list *options)
1646 while (1) {
1647 char *line;
1648 int len;
1650 line = packet_read_line(0, &len);
1652 if (!line)
1653 break;
1655 string_list_append(options, line);
1659 static const char *parse_pack_header(struct pack_header *hdr)
1661 switch (read_pack_header(0, hdr)) {
1662 case PH_ERROR_EOF:
1663 return "eof before pack header was fully read";
1665 case PH_ERROR_PACK_SIGNATURE:
1666 return "protocol error (pack signature mismatch detected)";
1668 case PH_ERROR_PROTOCOL:
1669 return "protocol error (pack version unsupported)";
1671 default:
1672 return "unknown error in parse_pack_header";
1674 case 0:
1675 return NULL;
1679 static const char *pack_lockfile;
1681 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1683 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1684 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1687 static const char *unpack(int err_fd, struct shallow_info *si)
1689 struct pack_header hdr;
1690 const char *hdr_err;
1691 int status;
1692 struct child_process child = CHILD_PROCESS_INIT;
1693 int fsck_objects = (receive_fsck_objects >= 0
1694 ? receive_fsck_objects
1695 : transfer_fsck_objects >= 0
1696 ? transfer_fsck_objects
1697 : 0);
1699 hdr_err = parse_pack_header(&hdr);
1700 if (hdr_err) {
1701 if (err_fd > 0)
1702 close(err_fd);
1703 return hdr_err;
1706 if (si->nr_ours || si->nr_theirs) {
1707 alt_shallow_file = setup_temporary_shallow(si->shallow);
1708 argv_array_push(&child.args, "--shallow-file");
1709 argv_array_push(&child.args, alt_shallow_file);
1712 tmp_objdir = tmp_objdir_create();
1713 if (!tmp_objdir) {
1714 if (err_fd > 0)
1715 close(err_fd);
1716 return "unable to create temporary object directory";
1718 child.env = tmp_objdir_env(tmp_objdir);
1721 * Normally we just pass the tmp_objdir environment to the child
1722 * processes that do the heavy lifting, but we may need to see these
1723 * objects ourselves to set up shallow information.
1725 tmp_objdir_add_as_alternate(tmp_objdir);
1727 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1728 argv_array_push(&child.args, "unpack-objects");
1729 push_header_arg(&child.args, &hdr);
1730 if (quiet)
1731 argv_array_push(&child.args, "-q");
1732 if (fsck_objects)
1733 argv_array_pushf(&child.args, "--strict%s",
1734 fsck_msg_types.buf);
1735 if (max_input_size)
1736 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1737 (uintmax_t)max_input_size);
1738 child.no_stdout = 1;
1739 child.err = err_fd;
1740 child.git_cmd = 1;
1741 status = run_command(&child);
1742 if (status)
1743 return "unpack-objects abnormal exit";
1744 } else {
1745 char hostname[HOST_NAME_MAX + 1];
1747 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1748 push_header_arg(&child.args, &hdr);
1750 if (xgethostname(hostname, sizeof(hostname)))
1751 xsnprintf(hostname, sizeof(hostname), "localhost");
1752 argv_array_pushf(&child.args,
1753 "--keep=receive-pack %"PRIuMAX" on %s",
1754 (uintmax_t)getpid(),
1755 hostname);
1757 if (!quiet && err_fd)
1758 argv_array_push(&child.args, "--show-resolving-progress");
1759 if (use_sideband)
1760 argv_array_push(&child.args, "--report-end-of-input");
1761 if (fsck_objects)
1762 argv_array_pushf(&child.args, "--strict%s",
1763 fsck_msg_types.buf);
1764 if (!reject_thin)
1765 argv_array_push(&child.args, "--fix-thin");
1766 if (max_input_size)
1767 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1768 (uintmax_t)max_input_size);
1769 child.out = -1;
1770 child.err = err_fd;
1771 child.git_cmd = 1;
1772 status = start_command(&child);
1773 if (status)
1774 return "index-pack fork failed";
1775 pack_lockfile = index_pack_lockfile(child.out);
1776 close(child.out);
1777 status = finish_command(&child);
1778 if (status)
1779 return "index-pack abnormal exit";
1780 reprepare_packed_git();
1782 return NULL;
1785 static const char *unpack_with_sideband(struct shallow_info *si)
1787 struct async muxer;
1788 const char *ret;
1790 if (!use_sideband)
1791 return unpack(0, si);
1793 use_keepalive = KEEPALIVE_AFTER_NUL;
1794 memset(&muxer, 0, sizeof(muxer));
1795 muxer.proc = copy_to_sideband;
1796 muxer.in = -1;
1797 if (start_async(&muxer))
1798 return NULL;
1800 ret = unpack(muxer.in, si);
1802 finish_async(&muxer);
1803 return ret;
1806 static void prepare_shallow_update(struct command *commands,
1807 struct shallow_info *si)
1809 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1811 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1812 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1814 si->need_reachability_test =
1815 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1816 si->reachable =
1817 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1818 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1820 for (i = 0; i < si->nr_ours; i++)
1821 si->need_reachability_test[si->ours[i]] = 1;
1823 for (i = 0; i < si->shallow->nr; i++) {
1824 if (!si->used_shallow[i])
1825 continue;
1826 for (j = 0; j < bitmap_size; j++) {
1827 if (!si->used_shallow[i][j])
1828 continue;
1829 si->need_reachability_test[i]++;
1830 for (k = 0; k < 32; k++)
1831 if (si->used_shallow[i][j] & (1U << k))
1832 si->shallow_ref[j * 32 + k]++;
1836 * true for those associated with some refs and belong
1837 * in "ours" list aka "step 7 not done yet"
1839 si->need_reachability_test[i] =
1840 si->need_reachability_test[i] > 1;
1844 * keep hooks happy by forcing a temporary shallow file via
1845 * env variable because we can't add --shallow-file to every
1846 * command. check_everything_connected() will be done with
1847 * true .git/shallow though.
1849 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1852 static void update_shallow_info(struct command *commands,
1853 struct shallow_info *si,
1854 struct oid_array *ref)
1856 struct command *cmd;
1857 int *ref_status;
1858 remove_nonexistent_theirs_shallow(si);
1859 if (!si->nr_ours && !si->nr_theirs) {
1860 shallow_update = 0;
1861 return;
1864 for (cmd = commands; cmd; cmd = cmd->next) {
1865 if (is_null_oid(&cmd->new_oid))
1866 continue;
1867 oid_array_append(ref, &cmd->new_oid);
1868 cmd->index = ref->nr - 1;
1870 si->ref = ref;
1872 if (shallow_update) {
1873 prepare_shallow_update(commands, si);
1874 return;
1877 ALLOC_ARRAY(ref_status, ref->nr);
1878 assign_shallow_commits_to_refs(si, NULL, ref_status);
1879 for (cmd = commands; cmd; cmd = cmd->next) {
1880 if (is_null_oid(&cmd->new_oid))
1881 continue;
1882 if (ref_status[cmd->index]) {
1883 cmd->error_string = "shallow update not allowed";
1884 cmd->skip_update = 1;
1887 free(ref_status);
1890 static void report(struct command *commands, const char *unpack_status)
1892 struct command *cmd;
1893 struct strbuf buf = STRBUF_INIT;
1895 packet_buf_write(&buf, "unpack %s\n",
1896 unpack_status ? unpack_status : "ok");
1897 for (cmd = commands; cmd; cmd = cmd->next) {
1898 if (!cmd->error_string)
1899 packet_buf_write(&buf, "ok %s\n",
1900 cmd->ref_name);
1901 else
1902 packet_buf_write(&buf, "ng %s %s\n",
1903 cmd->ref_name, cmd->error_string);
1905 packet_buf_flush(&buf);
1907 if (use_sideband)
1908 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1909 else
1910 write_or_die(1, buf.buf, buf.len);
1911 strbuf_release(&buf);
1914 static int delete_only(struct command *commands)
1916 struct command *cmd;
1917 for (cmd = commands; cmd; cmd = cmd->next) {
1918 if (!is_null_oid(&cmd->new_oid))
1919 return 0;
1921 return 1;
1924 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1926 int advertise_refs = 0;
1927 struct command *commands;
1928 struct oid_array shallow = OID_ARRAY_INIT;
1929 struct oid_array ref = OID_ARRAY_INIT;
1930 struct shallow_info si;
1932 struct option options[] = {
1933 OPT__QUIET(&quiet, N_("quiet")),
1934 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1935 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1936 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1937 OPT_END()
1940 packet_trace_identity("receive-pack");
1942 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1944 if (argc > 1)
1945 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1946 if (argc == 0)
1947 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1949 service_dir = argv[0];
1951 setup_path();
1953 if (!enter_repo(service_dir, 0))
1954 die("'%s' does not appear to be a git repository", service_dir);
1956 git_config(receive_pack_config, NULL);
1957 if (cert_nonce_seed)
1958 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1960 if (0 <= transfer_unpack_limit)
1961 unpack_limit = transfer_unpack_limit;
1962 else if (0 <= receive_unpack_limit)
1963 unpack_limit = receive_unpack_limit;
1965 switch (determine_protocol_version_server()) {
1966 case protocol_v1:
1968 * v1 is just the original protocol with a version string,
1969 * so just fall through after writing the version string.
1971 if (advertise_refs || !stateless_rpc)
1972 packet_write_fmt(1, "version 1\n");
1974 /* fallthrough */
1975 case protocol_v0:
1976 break;
1977 case protocol_unknown_version:
1978 BUG("unknown protocol version");
1981 if (advertise_refs || !stateless_rpc) {
1982 write_head_info();
1984 if (advertise_refs)
1985 return 0;
1987 if ((commands = read_head_info(&shallow)) != NULL) {
1988 const char *unpack_status = NULL;
1989 struct string_list push_options = STRING_LIST_INIT_DUP;
1991 if (use_push_options)
1992 read_push_options(&push_options);
1993 if (!check_cert_push_options(&push_options)) {
1994 struct command *cmd;
1995 for (cmd = commands; cmd; cmd = cmd->next)
1996 cmd->error_string = "inconsistent push options";
1999 prepare_shallow_info(&si, &shallow);
2000 if (!si.nr_ours && !si.nr_theirs)
2001 shallow_update = 0;
2002 if (!delete_only(commands)) {
2003 unpack_status = unpack_with_sideband(&si);
2004 update_shallow_info(commands, &si, &ref);
2006 use_keepalive = KEEPALIVE_ALWAYS;
2007 execute_commands(commands, unpack_status, &si,
2008 &push_options);
2009 if (pack_lockfile)
2010 unlink_or_warn(pack_lockfile);
2011 if (report_status)
2012 report(commands, unpack_status);
2013 run_receive_hook(commands, "post-receive", 1,
2014 &push_options);
2015 run_update_post_hook(commands);
2016 string_list_clear(&push_options, 0);
2017 if (auto_gc) {
2018 const char *argv_gc_auto[] = {
2019 "gc", "--auto", "--quiet", NULL,
2021 struct child_process proc = CHILD_PROCESS_INIT;
2023 proc.no_stdin = 1;
2024 proc.stdout_to_stderr = 1;
2025 proc.err = use_sideband ? -1 : 0;
2026 proc.git_cmd = 1;
2027 proc.argv = argv_gc_auto;
2029 close_all_packs();
2030 if (!start_command(&proc)) {
2031 if (use_sideband)
2032 copy_to_sideband(proc.err, -1, NULL);
2033 finish_command(&proc);
2036 if (auto_update_server_info)
2037 update_server_info(0);
2038 clear_shallow_info(&si);
2040 if (use_sideband)
2041 packet_flush(1);
2042 oid_array_clear(&shallow);
2043 oid_array_clear(&ref);
2044 free((void *)push_cert_nonce);
2045 return 0;