Merge branch 'ep/use-git-trace-curl-in-tests'
[git.git] / builtin / receive-pack.c
blobf1ce05ce282361d8c49b1a447db90c13d5186674
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
24 static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
29 enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
37 static int deny_deletes;
38 static int deny_non_fast_forwards;
39 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41 static int receive_fsck_objects = -1;
42 static int transfer_fsck_objects = -1;
43 static struct strbuf fsck_msg_types = STRBUF_INIT;
44 static int receive_unpack_limit = -1;
45 static int transfer_unpack_limit = -1;
46 static int advertise_atomic_push = 1;
47 static int advertise_push_options;
48 static int unpack_limit = 100;
49 static off_t max_input_size;
50 static int report_status;
51 static int use_sideband;
52 static int use_atomic;
53 static int use_push_options;
54 static int quiet;
55 static int prefer_ofs_delta = 1;
56 static int auto_update_server_info;
57 static int auto_gc = 1;
58 static int reject_thin;
59 static int stateless_rpc;
60 static const char *service_dir;
61 static const char *head_name;
62 static void *head_name_to_free;
63 static int sent_capabilities;
64 static int shallow_update;
65 static const char *alt_shallow_file;
66 static struct strbuf push_cert = STRBUF_INIT;
67 static unsigned char push_cert_sha1[20];
68 static struct signature_check sigcheck;
69 static const char *push_cert_nonce;
70 static const char *cert_nonce_seed;
72 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
73 static const char *NONCE_BAD = "BAD";
74 static const char *NONCE_MISSING = "MISSING";
75 static const char *NONCE_OK = "OK";
76 static const char *NONCE_SLOP = "SLOP";
77 static const char *nonce_status;
78 static long nonce_stamp_slop;
79 static unsigned long nonce_stamp_slop_limit;
80 static struct ref_transaction *transaction;
82 static enum {
83 KEEPALIVE_NEVER = 0,
84 KEEPALIVE_AFTER_NUL,
85 KEEPALIVE_ALWAYS
86 } use_keepalive;
87 static int keepalive_in_sec = 5;
89 static enum deny_action parse_deny_action(const char *var, const char *value)
91 if (value) {
92 if (!strcasecmp(value, "ignore"))
93 return DENY_IGNORE;
94 if (!strcasecmp(value, "warn"))
95 return DENY_WARN;
96 if (!strcasecmp(value, "refuse"))
97 return DENY_REFUSE;
98 if (!strcasecmp(value, "updateinstead"))
99 return DENY_UPDATE_INSTEAD;
101 if (git_config_bool(var, value))
102 return DENY_REFUSE;
103 return DENY_IGNORE;
106 static int receive_pack_config(const char *var, const char *value, void *cb)
108 int status = parse_hide_refs_config(var, value, "receive");
110 if (status)
111 return status;
113 if (strcmp(var, "receive.denydeletes") == 0) {
114 deny_deletes = git_config_bool(var, value);
115 return 0;
118 if (strcmp(var, "receive.denynonfastforwards") == 0) {
119 deny_non_fast_forwards = git_config_bool(var, value);
120 return 0;
123 if (strcmp(var, "receive.unpacklimit") == 0) {
124 receive_unpack_limit = git_config_int(var, value);
125 return 0;
128 if (strcmp(var, "transfer.unpacklimit") == 0) {
129 transfer_unpack_limit = git_config_int(var, value);
130 return 0;
133 if (strcmp(var, "receive.fsck.skiplist") == 0) {
134 const char *path;
136 if (git_config_pathname(&path, var, value))
137 return 1;
138 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
139 fsck_msg_types.len ? ',' : '=', path);
140 free((char *)path);
141 return 0;
144 if (skip_prefix(var, "receive.fsck.", &var)) {
145 if (is_valid_msg_type(var, value))
146 strbuf_addf(&fsck_msg_types, "%c%s=%s",
147 fsck_msg_types.len ? ',' : '=', var, value);
148 else
149 warning("Skipping unknown msg id '%s'", var);
150 return 0;
153 if (strcmp(var, "receive.fsckobjects") == 0) {
154 receive_fsck_objects = git_config_bool(var, value);
155 return 0;
158 if (strcmp(var, "transfer.fsckobjects") == 0) {
159 transfer_fsck_objects = git_config_bool(var, value);
160 return 0;
163 if (!strcmp(var, "receive.denycurrentbranch")) {
164 deny_current_branch = parse_deny_action(var, value);
165 return 0;
168 if (strcmp(var, "receive.denydeletecurrent") == 0) {
169 deny_delete_current = parse_deny_action(var, value);
170 return 0;
173 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
174 prefer_ofs_delta = git_config_bool(var, value);
175 return 0;
178 if (strcmp(var, "receive.updateserverinfo") == 0) {
179 auto_update_server_info = git_config_bool(var, value);
180 return 0;
183 if (strcmp(var, "receive.autogc") == 0) {
184 auto_gc = git_config_bool(var, value);
185 return 0;
188 if (strcmp(var, "receive.shallowupdate") == 0) {
189 shallow_update = git_config_bool(var, value);
190 return 0;
193 if (strcmp(var, "receive.certnonceseed") == 0)
194 return git_config_string(&cert_nonce_seed, var, value);
196 if (strcmp(var, "receive.certnonceslop") == 0) {
197 nonce_stamp_slop_limit = git_config_ulong(var, value);
198 return 0;
201 if (strcmp(var, "receive.advertiseatomic") == 0) {
202 advertise_atomic_push = git_config_bool(var, value);
203 return 0;
206 if (strcmp(var, "receive.advertisepushoptions") == 0) {
207 advertise_push_options = git_config_bool(var, value);
208 return 0;
211 if (strcmp(var, "receive.keepalive") == 0) {
212 keepalive_in_sec = git_config_int(var, value);
213 return 0;
216 if (strcmp(var, "receive.maxinputsize") == 0) {
217 max_input_size = git_config_int64(var, value);
218 return 0;
221 return git_default_config(var, value, cb);
224 static void show_ref(const char *path, const unsigned char *sha1)
226 if (sent_capabilities) {
227 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
228 } else {
229 struct strbuf cap = STRBUF_INIT;
231 strbuf_addstr(&cap,
232 "report-status delete-refs side-band-64k quiet");
233 if (advertise_atomic_push)
234 strbuf_addstr(&cap, " atomic");
235 if (prefer_ofs_delta)
236 strbuf_addstr(&cap, " ofs-delta");
237 if (push_cert_nonce)
238 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
239 if (advertise_push_options)
240 strbuf_addstr(&cap, " push-options");
241 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
242 packet_write(1, "%s %s%c%s\n",
243 sha1_to_hex(sha1), path, 0, cap.buf);
244 strbuf_release(&cap);
245 sent_capabilities = 1;
249 static int show_ref_cb(const char *path_full, const struct object_id *oid,
250 int flag, void *unused)
252 const char *path = strip_namespace(path_full);
254 if (ref_is_hidden(path, path_full))
255 return 0;
258 * Advertise refs outside our current namespace as ".have"
259 * refs, so that the client can use them to minimize data
260 * transfer but will otherwise ignore them. This happens to
261 * cover ".have" that are thrown in by add_one_alternate_ref()
262 * to mark histories that are complete in our alternates as
263 * well.
265 if (!path)
266 path = ".have";
267 show_ref(path, oid->hash);
268 return 0;
271 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
273 show_ref(".have", sha1);
276 static void collect_one_alternate_ref(const struct ref *ref, void *data)
278 struct sha1_array *sa = data;
279 sha1_array_append(sa, ref->old_oid.hash);
282 static void write_head_info(void)
284 struct sha1_array sa = SHA1_ARRAY_INIT;
286 for_each_alternate_ref(collect_one_alternate_ref, &sa);
287 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
288 sha1_array_clear(&sa);
289 for_each_ref(show_ref_cb, NULL);
290 if (!sent_capabilities)
291 show_ref("capabilities^{}", null_sha1);
293 advertise_shallow_grafts(1);
295 /* EOF */
296 packet_flush(1);
299 struct command {
300 struct command *next;
301 const char *error_string;
302 unsigned int skip_update:1,
303 did_not_exist:1;
304 int index;
305 unsigned char old_sha1[20];
306 unsigned char new_sha1[20];
307 char ref_name[FLEX_ARRAY]; /* more */
310 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
311 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
313 static void report_message(const char *prefix, const char *err, va_list params)
315 int sz;
316 char msg[4096];
318 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
319 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
320 if (sz > (sizeof(msg) - 1))
321 sz = sizeof(msg) - 1;
322 msg[sz++] = '\n';
324 if (use_sideband)
325 send_sideband(1, 2, msg, sz, use_sideband);
326 else
327 xwrite(2, msg, sz);
330 static void rp_warning(const char *err, ...)
332 va_list params;
333 va_start(params, err);
334 report_message("warning: ", err, params);
335 va_end(params);
338 static void rp_error(const char *err, ...)
340 va_list params;
341 va_start(params, err);
342 report_message("error: ", err, params);
343 va_end(params);
346 static int copy_to_sideband(int in, int out, void *arg)
348 char data[128];
349 int keepalive_active = 0;
351 if (keepalive_in_sec <= 0)
352 use_keepalive = KEEPALIVE_NEVER;
353 if (use_keepalive == KEEPALIVE_ALWAYS)
354 keepalive_active = 1;
356 while (1) {
357 ssize_t sz;
359 if (keepalive_active) {
360 struct pollfd pfd;
361 int ret;
363 pfd.fd = in;
364 pfd.events = POLLIN;
365 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
367 if (ret < 0) {
368 if (errno == EINTR)
369 continue;
370 else
371 break;
372 } else if (ret == 0) {
373 /* no data; send a keepalive packet */
374 static const char buf[] = "0005\1";
375 write_or_die(1, buf, sizeof(buf) - 1);
376 continue;
377 } /* else there is actual data to read */
380 sz = xread(in, data, sizeof(data));
381 if (sz <= 0)
382 break;
384 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
385 const char *p = memchr(data, '\0', sz);
386 if (p) {
388 * The NUL tells us to start sending keepalives. Make
389 * sure we send any other data we read along
390 * with it.
392 keepalive_active = 1;
393 send_sideband(1, 2, data, p - data, use_sideband);
394 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
395 continue;
400 * Either we're not looking for a NUL signal, or we didn't see
401 * it yet; just pass along the data.
403 send_sideband(1, 2, data, sz, use_sideband);
405 close(in);
406 return 0;
409 #define HMAC_BLOCK_SIZE 64
411 static void hmac_sha1(unsigned char *out,
412 const char *key_in, size_t key_len,
413 const char *text, size_t text_len)
415 unsigned char key[HMAC_BLOCK_SIZE];
416 unsigned char k_ipad[HMAC_BLOCK_SIZE];
417 unsigned char k_opad[HMAC_BLOCK_SIZE];
418 int i;
419 git_SHA_CTX ctx;
421 /* RFC 2104 2. (1) */
422 memset(key, '\0', HMAC_BLOCK_SIZE);
423 if (HMAC_BLOCK_SIZE < key_len) {
424 git_SHA1_Init(&ctx);
425 git_SHA1_Update(&ctx, key_in, key_len);
426 git_SHA1_Final(key, &ctx);
427 } else {
428 memcpy(key, key_in, key_len);
431 /* RFC 2104 2. (2) & (5) */
432 for (i = 0; i < sizeof(key); i++) {
433 k_ipad[i] = key[i] ^ 0x36;
434 k_opad[i] = key[i] ^ 0x5c;
437 /* RFC 2104 2. (3) & (4) */
438 git_SHA1_Init(&ctx);
439 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
440 git_SHA1_Update(&ctx, text, text_len);
441 git_SHA1_Final(out, &ctx);
443 /* RFC 2104 2. (6) & (7) */
444 git_SHA1_Init(&ctx);
445 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
446 git_SHA1_Update(&ctx, out, 20);
447 git_SHA1_Final(out, &ctx);
450 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
452 struct strbuf buf = STRBUF_INIT;
453 unsigned char sha1[20];
455 strbuf_addf(&buf, "%s:%lu", path, stamp);
456 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
457 strbuf_release(&buf);
459 /* RFC 2104 5. HMAC-SHA1-80 */
460 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
461 return strbuf_detach(&buf, NULL);
465 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
466 * after dropping "_commit" from its name and possibly moving it out
467 * of commit.c
469 static char *find_header(const char *msg, size_t len, const char *key)
471 int key_len = strlen(key);
472 const char *line = msg;
474 while (line && line < msg + len) {
475 const char *eol = strchrnul(line, '\n');
477 if ((msg + len <= eol) || line == eol)
478 return NULL;
479 if (line + key_len < eol &&
480 !memcmp(line, key, key_len) && line[key_len] == ' ') {
481 int offset = key_len + 1;
482 return xmemdupz(line + offset, (eol - line) - offset);
484 line = *eol ? eol + 1 : NULL;
486 return NULL;
489 static const char *check_nonce(const char *buf, size_t len)
491 char *nonce = find_header(buf, len, "nonce");
492 unsigned long stamp, ostamp;
493 char *bohmac, *expect = NULL;
494 const char *retval = NONCE_BAD;
496 if (!nonce) {
497 retval = NONCE_MISSING;
498 goto leave;
499 } else if (!push_cert_nonce) {
500 retval = NONCE_UNSOLICITED;
501 goto leave;
502 } else if (!strcmp(push_cert_nonce, nonce)) {
503 retval = NONCE_OK;
504 goto leave;
507 if (!stateless_rpc) {
508 /* returned nonce MUST match what we gave out earlier */
509 retval = NONCE_BAD;
510 goto leave;
514 * In stateless mode, we may be receiving a nonce issued by
515 * another instance of the server that serving the same
516 * repository, and the timestamps may not match, but the
517 * nonce-seed and dir should match, so we can recompute and
518 * report the time slop.
520 * In addition, when a nonce issued by another instance has
521 * timestamp within receive.certnonceslop seconds, we pretend
522 * as if we issued that nonce when reporting to the hook.
525 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
526 if (*nonce <= '0' || '9' < *nonce) {
527 retval = NONCE_BAD;
528 goto leave;
530 stamp = strtoul(nonce, &bohmac, 10);
531 if (bohmac == nonce || bohmac[0] != '-') {
532 retval = NONCE_BAD;
533 goto leave;
536 expect = prepare_push_cert_nonce(service_dir, stamp);
537 if (strcmp(expect, nonce)) {
538 /* Not what we would have signed earlier */
539 retval = NONCE_BAD;
540 goto leave;
544 * By how many seconds is this nonce stale? Negative value
545 * would mean it was issued by another server with its clock
546 * skewed in the future.
548 ostamp = strtoul(push_cert_nonce, NULL, 10);
549 nonce_stamp_slop = (long)ostamp - (long)stamp;
551 if (nonce_stamp_slop_limit &&
552 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
554 * Pretend as if the received nonce (which passes the
555 * HMAC check, so it is not a forged by third-party)
556 * is what we issued.
558 free((void *)push_cert_nonce);
559 push_cert_nonce = xstrdup(nonce);
560 retval = NONCE_OK;
561 } else {
562 retval = NONCE_SLOP;
565 leave:
566 free(nonce);
567 free(expect);
568 return retval;
571 static void prepare_push_cert_sha1(struct child_process *proc)
573 static int already_done;
575 if (!push_cert.len)
576 return;
578 if (!already_done) {
579 struct strbuf gpg_output = STRBUF_INIT;
580 struct strbuf gpg_status = STRBUF_INIT;
581 int bogs /* beginning_of_gpg_sig */;
583 already_done = 1;
584 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
585 hashclr(push_cert_sha1);
587 memset(&sigcheck, '\0', sizeof(sigcheck));
588 sigcheck.result = 'N';
590 bogs = parse_signature(push_cert.buf, push_cert.len);
591 if (verify_signed_buffer(push_cert.buf, bogs,
592 push_cert.buf + bogs, push_cert.len - bogs,
593 &gpg_output, &gpg_status) < 0) {
594 ; /* error running gpg */
595 } else {
596 sigcheck.payload = push_cert.buf;
597 sigcheck.gpg_output = gpg_output.buf;
598 sigcheck.gpg_status = gpg_status.buf;
599 parse_gpg_output(&sigcheck);
602 strbuf_release(&gpg_output);
603 strbuf_release(&gpg_status);
604 nonce_status = check_nonce(push_cert.buf, bogs);
606 if (!is_null_sha1(push_cert_sha1)) {
607 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
608 sha1_to_hex(push_cert_sha1));
609 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
610 sigcheck.signer ? sigcheck.signer : "");
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
612 sigcheck.key ? sigcheck.key : "");
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
614 sigcheck.result);
615 if (push_cert_nonce) {
616 argv_array_pushf(&proc->env_array,
617 "GIT_PUSH_CERT_NONCE=%s",
618 push_cert_nonce);
619 argv_array_pushf(&proc->env_array,
620 "GIT_PUSH_CERT_NONCE_STATUS=%s",
621 nonce_status);
622 if (nonce_status == NONCE_SLOP)
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
625 nonce_stamp_slop);
630 struct receive_hook_feed_state {
631 struct command *cmd;
632 int skip_broken;
633 struct strbuf buf;
634 const struct string_list *push_options;
637 typedef int (*feed_fn)(void *, const char **, size_t *);
638 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
639 struct receive_hook_feed_state *feed_state)
641 struct child_process proc = CHILD_PROCESS_INIT;
642 struct async muxer;
643 const char *argv[2];
644 int code;
646 argv[0] = find_hook(hook_name);
647 if (!argv[0])
648 return 0;
650 argv[1] = NULL;
652 proc.argv = argv;
653 proc.in = -1;
654 proc.stdout_to_stderr = 1;
655 if (feed_state->push_options) {
656 int i;
657 for (i = 0; i < feed_state->push_options->nr; i++)
658 argv_array_pushf(&proc.env_array,
659 "GIT_PUSH_OPTION_%d=%s", i,
660 feed_state->push_options->items[i].string);
661 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
662 feed_state->push_options->nr);
663 } else
664 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
666 if (use_sideband) {
667 memset(&muxer, 0, sizeof(muxer));
668 muxer.proc = copy_to_sideband;
669 muxer.in = -1;
670 code = start_async(&muxer);
671 if (code)
672 return code;
673 proc.err = muxer.in;
676 prepare_push_cert_sha1(&proc);
678 code = start_command(&proc);
679 if (code) {
680 if (use_sideband)
681 finish_async(&muxer);
682 return code;
685 sigchain_push(SIGPIPE, SIG_IGN);
687 while (1) {
688 const char *buf;
689 size_t n;
690 if (feed(feed_state, &buf, &n))
691 break;
692 if (write_in_full(proc.in, buf, n) != n)
693 break;
695 close(proc.in);
696 if (use_sideband)
697 finish_async(&muxer);
699 sigchain_pop(SIGPIPE);
701 return finish_command(&proc);
704 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
706 struct receive_hook_feed_state *state = state_;
707 struct command *cmd = state->cmd;
709 while (cmd &&
710 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
711 cmd = cmd->next;
712 if (!cmd)
713 return -1; /* EOF */
714 strbuf_reset(&state->buf);
715 strbuf_addf(&state->buf, "%s %s %s\n",
716 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
717 cmd->ref_name);
718 state->cmd = cmd->next;
719 if (bufp) {
720 *bufp = state->buf.buf;
721 *sizep = state->buf.len;
723 return 0;
726 static int run_receive_hook(struct command *commands,
727 const char *hook_name,
728 int skip_broken,
729 const struct string_list *push_options)
731 struct receive_hook_feed_state state;
732 int status;
734 strbuf_init(&state.buf, 0);
735 state.cmd = commands;
736 state.skip_broken = skip_broken;
737 if (feed_receive_hook(&state, NULL, NULL))
738 return 0;
739 state.cmd = commands;
740 state.push_options = push_options;
741 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
742 strbuf_release(&state.buf);
743 return status;
746 static int run_update_hook(struct command *cmd)
748 const char *argv[5];
749 struct child_process proc = CHILD_PROCESS_INIT;
750 int code;
752 argv[0] = find_hook("update");
753 if (!argv[0])
754 return 0;
756 argv[1] = cmd->ref_name;
757 argv[2] = sha1_to_hex(cmd->old_sha1);
758 argv[3] = sha1_to_hex(cmd->new_sha1);
759 argv[4] = NULL;
761 proc.no_stdin = 1;
762 proc.stdout_to_stderr = 1;
763 proc.err = use_sideband ? -1 : 0;
764 proc.argv = argv;
766 code = start_command(&proc);
767 if (code)
768 return code;
769 if (use_sideband)
770 copy_to_sideband(proc.err, -1, NULL);
771 return finish_command(&proc);
774 static int is_ref_checked_out(const char *ref)
776 if (is_bare_repository())
777 return 0;
779 if (!head_name)
780 return 0;
781 return !strcmp(head_name, ref);
784 static char *refuse_unconfigured_deny_msg[] = {
785 "By default, updating the current branch in a non-bare repository",
786 "is denied, because it will make the index and work tree inconsistent",
787 "with what you pushed, and will require 'git reset --hard' to match",
788 "the work tree to HEAD.",
790 "You can set 'receive.denyCurrentBranch' configuration variable to",
791 "'ignore' or 'warn' in the remote repository to allow pushing into",
792 "its current branch; however, this is not recommended unless you",
793 "arranged to update its work tree to match what you pushed in some",
794 "other way.",
796 "To squelch this message and still keep the default behaviour, set",
797 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
800 static void refuse_unconfigured_deny(void)
802 int i;
803 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
804 rp_error("%s", refuse_unconfigured_deny_msg[i]);
807 static char *refuse_unconfigured_deny_delete_current_msg[] = {
808 "By default, deleting the current branch is denied, because the next",
809 "'git clone' won't result in any file checked out, causing confusion.",
811 "You can set 'receive.denyDeleteCurrent' configuration variable to",
812 "'warn' or 'ignore' in the remote repository to allow deleting the",
813 "current branch, with or without a warning message.",
815 "To squelch this message, you can set it to 'refuse'."
818 static void refuse_unconfigured_deny_delete_current(void)
820 int i;
821 for (i = 0;
822 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
823 i++)
824 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
827 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
828 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
830 static struct lock_file shallow_lock;
831 struct sha1_array extra = SHA1_ARRAY_INIT;
832 struct check_connected_options opt = CHECK_CONNECTED_INIT;
833 uint32_t mask = 1 << (cmd->index % 32);
834 int i;
836 trace_printf_key(&trace_shallow,
837 "shallow: update_shallow_ref %s\n", cmd->ref_name);
838 for (i = 0; i < si->shallow->nr; i++)
839 if (si->used_shallow[i] &&
840 (si->used_shallow[i][cmd->index / 32] & mask) &&
841 !delayed_reachability_test(si, i))
842 sha1_array_append(&extra, si->shallow->sha1[i]);
844 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
845 if (check_connected(command_singleton_iterator, cmd, &opt)) {
846 rollback_lock_file(&shallow_lock);
847 sha1_array_clear(&extra);
848 return -1;
851 commit_lock_file(&shallow_lock);
854 * Make sure setup_alternate_shallow() for the next ref does
855 * not lose these new roots..
857 for (i = 0; i < extra.nr; i++)
858 register_shallow(extra.sha1[i]);
860 si->shallow_ref[cmd->index] = 0;
861 sha1_array_clear(&extra);
862 return 0;
866 * NEEDSWORK: we should consolidate various implementions of "are we
867 * on an unborn branch?" test into one, and make the unified one more
868 * robust. !get_sha1() based check used here and elsewhere would not
869 * allow us to tell an unborn branch from corrupt ref, for example.
870 * For the purpose of fixing "deploy-to-update does not work when
871 * pushing into an empty repository" issue, this should suffice for
872 * now.
874 static int head_has_history(void)
876 unsigned char sha1[20];
878 return !get_sha1("HEAD", sha1);
881 static const char *push_to_deploy(unsigned char *sha1,
882 struct argv_array *env,
883 const char *work_tree)
885 const char *update_refresh[] = {
886 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
888 const char *diff_files[] = {
889 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
891 const char *diff_index[] = {
892 "diff-index", "--quiet", "--cached", "--ignore-submodules",
893 NULL, "--", NULL
895 const char *read_tree[] = {
896 "read-tree", "-u", "-m", NULL, NULL
898 struct child_process child = CHILD_PROCESS_INIT;
900 child.argv = update_refresh;
901 child.env = env->argv;
902 child.dir = work_tree;
903 child.no_stdin = 1;
904 child.stdout_to_stderr = 1;
905 child.git_cmd = 1;
906 if (run_command(&child))
907 return "Up-to-date check failed";
909 /* run_command() does not clean up completely; reinitialize */
910 child_process_init(&child);
911 child.argv = diff_files;
912 child.env = env->argv;
913 child.dir = work_tree;
914 child.no_stdin = 1;
915 child.stdout_to_stderr = 1;
916 child.git_cmd = 1;
917 if (run_command(&child))
918 return "Working directory has unstaged changes";
920 /* diff-index with either HEAD or an empty tree */
921 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
923 child_process_init(&child);
924 child.argv = diff_index;
925 child.env = env->argv;
926 child.no_stdin = 1;
927 child.no_stdout = 1;
928 child.stdout_to_stderr = 0;
929 child.git_cmd = 1;
930 if (run_command(&child))
931 return "Working directory has staged changes";
933 read_tree[3] = sha1_to_hex(sha1);
934 child_process_init(&child);
935 child.argv = read_tree;
936 child.env = env->argv;
937 child.dir = work_tree;
938 child.no_stdin = 1;
939 child.no_stdout = 1;
940 child.stdout_to_stderr = 0;
941 child.git_cmd = 1;
942 if (run_command(&child))
943 return "Could not update working tree to new HEAD";
945 return NULL;
948 static const char *push_to_checkout_hook = "push-to-checkout";
950 static const char *push_to_checkout(unsigned char *sha1,
951 struct argv_array *env,
952 const char *work_tree)
954 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
955 if (run_hook_le(env->argv, push_to_checkout_hook,
956 sha1_to_hex(sha1), NULL))
957 return "push-to-checkout hook declined";
958 else
959 return NULL;
962 static const char *update_worktree(unsigned char *sha1)
964 const char *retval;
965 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
966 struct argv_array env = ARGV_ARRAY_INIT;
968 if (is_bare_repository())
969 return "denyCurrentBranch = updateInstead needs a worktree";
971 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
973 if (!find_hook(push_to_checkout_hook))
974 retval = push_to_deploy(sha1, &env, work_tree);
975 else
976 retval = push_to_checkout(sha1, &env, work_tree);
978 argv_array_clear(&env);
979 return retval;
982 static const char *update(struct command *cmd, struct shallow_info *si)
984 const char *name = cmd->ref_name;
985 struct strbuf namespaced_name_buf = STRBUF_INIT;
986 const char *namespaced_name, *ret;
987 unsigned char *old_sha1 = cmd->old_sha1;
988 unsigned char *new_sha1 = cmd->new_sha1;
990 /* only refs/... are allowed */
991 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
992 rp_error("refusing to create funny ref '%s' remotely", name);
993 return "funny refname";
996 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
997 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
999 if (is_ref_checked_out(namespaced_name)) {
1000 switch (deny_current_branch) {
1001 case DENY_IGNORE:
1002 break;
1003 case DENY_WARN:
1004 rp_warning("updating the current branch");
1005 break;
1006 case DENY_REFUSE:
1007 case DENY_UNCONFIGURED:
1008 rp_error("refusing to update checked out branch: %s", name);
1009 if (deny_current_branch == DENY_UNCONFIGURED)
1010 refuse_unconfigured_deny();
1011 return "branch is currently checked out";
1012 case DENY_UPDATE_INSTEAD:
1013 ret = update_worktree(new_sha1);
1014 if (ret)
1015 return ret;
1016 break;
1020 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1021 error("unpack should have generated %s, "
1022 "but I can't find it!", sha1_to_hex(new_sha1));
1023 return "bad pack";
1026 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1027 if (deny_deletes && starts_with(name, "refs/heads/")) {
1028 rp_error("denying ref deletion for %s", name);
1029 return "deletion prohibited";
1032 if (head_name && !strcmp(namespaced_name, head_name)) {
1033 switch (deny_delete_current) {
1034 case DENY_IGNORE:
1035 break;
1036 case DENY_WARN:
1037 rp_warning("deleting the current branch");
1038 break;
1039 case DENY_REFUSE:
1040 case DENY_UNCONFIGURED:
1041 case DENY_UPDATE_INSTEAD:
1042 if (deny_delete_current == DENY_UNCONFIGURED)
1043 refuse_unconfigured_deny_delete_current();
1044 rp_error("refusing to delete the current branch: %s", name);
1045 return "deletion of the current branch prohibited";
1046 default:
1047 return "Invalid denyDeleteCurrent setting";
1052 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1053 !is_null_sha1(old_sha1) &&
1054 starts_with(name, "refs/heads/")) {
1055 struct object *old_object, *new_object;
1056 struct commit *old_commit, *new_commit;
1058 old_object = parse_object(old_sha1);
1059 new_object = parse_object(new_sha1);
1061 if (!old_object || !new_object ||
1062 old_object->type != OBJ_COMMIT ||
1063 new_object->type != OBJ_COMMIT) {
1064 error("bad sha1 objects for %s", name);
1065 return "bad ref";
1067 old_commit = (struct commit *)old_object;
1068 new_commit = (struct commit *)new_object;
1069 if (!in_merge_bases(old_commit, new_commit)) {
1070 rp_error("denying non-fast-forward %s"
1071 " (you should pull first)", name);
1072 return "non-fast-forward";
1075 if (run_update_hook(cmd)) {
1076 rp_error("hook declined to update %s", name);
1077 return "hook declined";
1080 if (is_null_sha1(new_sha1)) {
1081 struct strbuf err = STRBUF_INIT;
1082 if (!parse_object(old_sha1)) {
1083 old_sha1 = NULL;
1084 if (ref_exists(name)) {
1085 rp_warning("Allowing deletion of corrupt ref.");
1086 } else {
1087 rp_warning("Deleting a non-existent ref.");
1088 cmd->did_not_exist = 1;
1091 if (ref_transaction_delete(transaction,
1092 namespaced_name,
1093 old_sha1,
1094 0, "push", &err)) {
1095 rp_error("%s", err.buf);
1096 strbuf_release(&err);
1097 return "failed to delete";
1099 strbuf_release(&err);
1100 return NULL; /* good */
1102 else {
1103 struct strbuf err = STRBUF_INIT;
1104 if (shallow_update && si->shallow_ref[cmd->index] &&
1105 update_shallow_ref(cmd, si))
1106 return "shallow error";
1108 if (ref_transaction_update(transaction,
1109 namespaced_name,
1110 new_sha1, old_sha1,
1111 0, "push",
1112 &err)) {
1113 rp_error("%s", err.buf);
1114 strbuf_release(&err);
1116 return "failed to update ref";
1118 strbuf_release(&err);
1120 return NULL; /* good */
1124 static void run_update_post_hook(struct command *commands)
1126 struct command *cmd;
1127 int argc;
1128 struct child_process proc = CHILD_PROCESS_INIT;
1129 const char *hook;
1131 hook = find_hook("post-update");
1132 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1133 if (cmd->error_string || cmd->did_not_exist)
1134 continue;
1135 argc++;
1137 if (!argc || !hook)
1138 return;
1140 argv_array_push(&proc.args, hook);
1141 for (cmd = commands; cmd; cmd = cmd->next) {
1142 if (cmd->error_string || cmd->did_not_exist)
1143 continue;
1144 argv_array_push(&proc.args, cmd->ref_name);
1147 proc.no_stdin = 1;
1148 proc.stdout_to_stderr = 1;
1149 proc.err = use_sideband ? -1 : 0;
1151 if (!start_command(&proc)) {
1152 if (use_sideband)
1153 copy_to_sideband(proc.err, -1, NULL);
1154 finish_command(&proc);
1158 static void check_aliased_update(struct command *cmd, struct string_list *list)
1160 struct strbuf buf = STRBUF_INIT;
1161 const char *dst_name;
1162 struct string_list_item *item;
1163 struct command *dst_cmd;
1164 unsigned char sha1[GIT_SHA1_RAWSZ];
1165 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1166 cmd_newh[GIT_SHA1_HEXSZ + 1],
1167 dst_oldh[GIT_SHA1_HEXSZ + 1],
1168 dst_newh[GIT_SHA1_HEXSZ + 1];
1169 int flag;
1171 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1172 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1173 strbuf_release(&buf);
1175 if (!(flag & REF_ISSYMREF))
1176 return;
1178 if (!dst_name) {
1179 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1180 cmd->skip_update = 1;
1181 cmd->error_string = "broken symref";
1182 return;
1184 dst_name = strip_namespace(dst_name);
1186 if ((item = string_list_lookup(list, dst_name)) == NULL)
1187 return;
1189 cmd->skip_update = 1;
1191 dst_cmd = (struct command *) item->util;
1193 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1194 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1195 return;
1197 dst_cmd->skip_update = 1;
1199 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1200 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1201 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1202 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1203 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1204 " its target '%s' (%s..%s)",
1205 cmd->ref_name, cmd_oldh, cmd_newh,
1206 dst_cmd->ref_name, dst_oldh, dst_newh);
1208 cmd->error_string = dst_cmd->error_string =
1209 "inconsistent aliased update";
1212 static void check_aliased_updates(struct command *commands)
1214 struct command *cmd;
1215 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1217 for (cmd = commands; cmd; cmd = cmd->next) {
1218 struct string_list_item *item =
1219 string_list_append(&ref_list, cmd->ref_name);
1220 item->util = (void *)cmd;
1222 string_list_sort(&ref_list);
1224 for (cmd = commands; cmd; cmd = cmd->next) {
1225 if (!cmd->error_string)
1226 check_aliased_update(cmd, &ref_list);
1229 string_list_clear(&ref_list, 0);
1232 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1234 struct command **cmd_list = cb_data;
1235 struct command *cmd = *cmd_list;
1237 if (!cmd || is_null_sha1(cmd->new_sha1))
1238 return -1; /* end of list */
1239 *cmd_list = NULL; /* this returns only one */
1240 hashcpy(sha1, cmd->new_sha1);
1241 return 0;
1244 static void set_connectivity_errors(struct command *commands,
1245 struct shallow_info *si)
1247 struct command *cmd;
1249 for (cmd = commands; cmd; cmd = cmd->next) {
1250 struct command *singleton = cmd;
1251 if (shallow_update && si->shallow_ref[cmd->index])
1252 /* to be checked in update_shallow_ref() */
1253 continue;
1254 if (!check_connected(command_singleton_iterator, &singleton,
1255 NULL))
1256 continue;
1257 cmd->error_string = "missing necessary objects";
1261 struct iterate_data {
1262 struct command *cmds;
1263 struct shallow_info *si;
1266 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1268 struct iterate_data *data = cb_data;
1269 struct command **cmd_list = &data->cmds;
1270 struct command *cmd = *cmd_list;
1272 for (; cmd; cmd = cmd->next) {
1273 if (shallow_update && data->si->shallow_ref[cmd->index])
1274 /* to be checked in update_shallow_ref() */
1275 continue;
1276 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1277 hashcpy(sha1, cmd->new_sha1);
1278 *cmd_list = cmd->next;
1279 return 0;
1282 *cmd_list = NULL;
1283 return -1; /* end of list */
1286 static void reject_updates_to_hidden(struct command *commands)
1288 struct strbuf refname_full = STRBUF_INIT;
1289 size_t prefix_len;
1290 struct command *cmd;
1292 strbuf_addstr(&refname_full, get_git_namespace());
1293 prefix_len = refname_full.len;
1295 for (cmd = commands; cmd; cmd = cmd->next) {
1296 if (cmd->error_string)
1297 continue;
1299 strbuf_setlen(&refname_full, prefix_len);
1300 strbuf_addstr(&refname_full, cmd->ref_name);
1302 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1303 continue;
1304 if (is_null_sha1(cmd->new_sha1))
1305 cmd->error_string = "deny deleting a hidden ref";
1306 else
1307 cmd->error_string = "deny updating a hidden ref";
1310 strbuf_release(&refname_full);
1313 static int should_process_cmd(struct command *cmd)
1315 return !cmd->error_string && !cmd->skip_update;
1318 static void warn_if_skipped_connectivity_check(struct command *commands,
1319 struct shallow_info *si)
1321 struct command *cmd;
1322 int checked_connectivity = 1;
1324 for (cmd = commands; cmd; cmd = cmd->next) {
1325 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1326 error("BUG: connectivity check has not been run on ref %s",
1327 cmd->ref_name);
1328 checked_connectivity = 0;
1331 if (!checked_connectivity)
1332 die("BUG: connectivity check skipped???");
1335 static void execute_commands_non_atomic(struct command *commands,
1336 struct shallow_info *si)
1338 struct command *cmd;
1339 struct strbuf err = STRBUF_INIT;
1341 for (cmd = commands; cmd; cmd = cmd->next) {
1342 if (!should_process_cmd(cmd))
1343 continue;
1345 transaction = ref_transaction_begin(&err);
1346 if (!transaction) {
1347 rp_error("%s", err.buf);
1348 strbuf_reset(&err);
1349 cmd->error_string = "transaction failed to start";
1350 continue;
1353 cmd->error_string = update(cmd, si);
1355 if (!cmd->error_string
1356 && ref_transaction_commit(transaction, &err)) {
1357 rp_error("%s", err.buf);
1358 strbuf_reset(&err);
1359 cmd->error_string = "failed to update ref";
1361 ref_transaction_free(transaction);
1363 strbuf_release(&err);
1366 static void execute_commands_atomic(struct command *commands,
1367 struct shallow_info *si)
1369 struct command *cmd;
1370 struct strbuf err = STRBUF_INIT;
1371 const char *reported_error = "atomic push failure";
1373 transaction = ref_transaction_begin(&err);
1374 if (!transaction) {
1375 rp_error("%s", err.buf);
1376 strbuf_reset(&err);
1377 reported_error = "transaction failed to start";
1378 goto failure;
1381 for (cmd = commands; cmd; cmd = cmd->next) {
1382 if (!should_process_cmd(cmd))
1383 continue;
1385 cmd->error_string = update(cmd, si);
1387 if (cmd->error_string)
1388 goto failure;
1391 if (ref_transaction_commit(transaction, &err)) {
1392 rp_error("%s", err.buf);
1393 reported_error = "atomic transaction failed";
1394 goto failure;
1396 goto cleanup;
1398 failure:
1399 for (cmd = commands; cmd; cmd = cmd->next)
1400 if (!cmd->error_string)
1401 cmd->error_string = reported_error;
1403 cleanup:
1404 ref_transaction_free(transaction);
1405 strbuf_release(&err);
1408 static void execute_commands(struct command *commands,
1409 const char *unpacker_error,
1410 struct shallow_info *si,
1411 const struct string_list *push_options)
1413 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1414 struct command *cmd;
1415 unsigned char sha1[20];
1416 struct iterate_data data;
1417 struct async muxer;
1418 int err_fd = 0;
1420 if (unpacker_error) {
1421 for (cmd = commands; cmd; cmd = cmd->next)
1422 cmd->error_string = "unpacker error";
1423 return;
1426 if (use_sideband) {
1427 memset(&muxer, 0, sizeof(muxer));
1428 muxer.proc = copy_to_sideband;
1429 muxer.in = -1;
1430 if (!start_async(&muxer))
1431 err_fd = muxer.in;
1432 /* ...else, continue without relaying sideband */
1435 data.cmds = commands;
1436 data.si = si;
1437 opt.err_fd = err_fd;
1438 opt.progress = err_fd && !quiet;
1439 if (check_connected(iterate_receive_command_list, &data, &opt))
1440 set_connectivity_errors(commands, si);
1442 if (use_sideband)
1443 finish_async(&muxer);
1445 reject_updates_to_hidden(commands);
1447 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1448 for (cmd = commands; cmd; cmd = cmd->next) {
1449 if (!cmd->error_string)
1450 cmd->error_string = "pre-receive hook declined";
1452 return;
1455 check_aliased_updates(commands);
1457 free(head_name_to_free);
1458 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1460 if (use_atomic)
1461 execute_commands_atomic(commands, si);
1462 else
1463 execute_commands_non_atomic(commands, si);
1465 if (shallow_update)
1466 warn_if_skipped_connectivity_check(commands, si);
1469 static struct command **queue_command(struct command **tail,
1470 const char *line,
1471 int linelen)
1473 unsigned char old_sha1[20], new_sha1[20];
1474 struct command *cmd;
1475 const char *refname;
1476 int reflen;
1478 if (linelen < 83 ||
1479 line[40] != ' ' ||
1480 line[81] != ' ' ||
1481 get_sha1_hex(line, old_sha1) ||
1482 get_sha1_hex(line + 41, new_sha1))
1483 die("protocol error: expected old/new/ref, got '%s'", line);
1485 refname = line + 82;
1486 reflen = linelen - 82;
1487 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1488 hashcpy(cmd->old_sha1, old_sha1);
1489 hashcpy(cmd->new_sha1, new_sha1);
1490 *tail = cmd;
1491 return &cmd->next;
1494 static void queue_commands_from_cert(struct command **tail,
1495 struct strbuf *push_cert)
1497 const char *boc, *eoc;
1499 if (*tail)
1500 die("protocol error: got both push certificate and unsigned commands");
1502 boc = strstr(push_cert->buf, "\n\n");
1503 if (!boc)
1504 die("malformed push certificate %.*s", 100, push_cert->buf);
1505 else
1506 boc += 2;
1507 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1509 while (boc < eoc) {
1510 const char *eol = memchr(boc, '\n', eoc - boc);
1511 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1512 boc = eol ? eol + 1 : eoc;
1516 static struct command *read_head_info(struct sha1_array *shallow)
1518 struct command *commands = NULL;
1519 struct command **p = &commands;
1520 for (;;) {
1521 char *line;
1522 int len, linelen;
1524 line = packet_read_line(0, &len);
1525 if (!line)
1526 break;
1528 if (len == 48 && starts_with(line, "shallow ")) {
1529 unsigned char sha1[20];
1530 if (get_sha1_hex(line + 8, sha1))
1531 die("protocol error: expected shallow sha, got '%s'",
1532 line + 8);
1533 sha1_array_append(shallow, sha1);
1534 continue;
1537 linelen = strlen(line);
1538 if (linelen < len) {
1539 const char *feature_list = line + linelen + 1;
1540 if (parse_feature_request(feature_list, "report-status"))
1541 report_status = 1;
1542 if (parse_feature_request(feature_list, "side-band-64k"))
1543 use_sideband = LARGE_PACKET_MAX;
1544 if (parse_feature_request(feature_list, "quiet"))
1545 quiet = 1;
1546 if (advertise_atomic_push
1547 && parse_feature_request(feature_list, "atomic"))
1548 use_atomic = 1;
1549 if (advertise_push_options
1550 && parse_feature_request(feature_list, "push-options"))
1551 use_push_options = 1;
1554 if (!strcmp(line, "push-cert")) {
1555 int true_flush = 0;
1556 char certbuf[1024];
1558 for (;;) {
1559 len = packet_read(0, NULL, NULL,
1560 certbuf, sizeof(certbuf), 0);
1561 if (!len) {
1562 true_flush = 1;
1563 break;
1565 if (!strcmp(certbuf, "push-cert-end\n"))
1566 break; /* end of cert */
1567 strbuf_addstr(&push_cert, certbuf);
1570 if (true_flush)
1571 break;
1572 continue;
1575 p = queue_command(p, line, linelen);
1578 if (push_cert.len)
1579 queue_commands_from_cert(p, &push_cert);
1581 return commands;
1584 static void read_push_options(struct string_list *options)
1586 while (1) {
1587 char *line;
1588 int len;
1590 line = packet_read_line(0, &len);
1592 if (!line)
1593 break;
1595 string_list_append(options, line);
1599 static const char *parse_pack_header(struct pack_header *hdr)
1601 switch (read_pack_header(0, hdr)) {
1602 case PH_ERROR_EOF:
1603 return "eof before pack header was fully read";
1605 case PH_ERROR_PACK_SIGNATURE:
1606 return "protocol error (pack signature mismatch detected)";
1608 case PH_ERROR_PROTOCOL:
1609 return "protocol error (pack version unsupported)";
1611 default:
1612 return "unknown error in parse_pack_header";
1614 case 0:
1615 return NULL;
1619 static const char *pack_lockfile;
1621 static const char *unpack(int err_fd, struct shallow_info *si)
1623 struct pack_header hdr;
1624 const char *hdr_err;
1625 int status;
1626 char hdr_arg[38];
1627 struct child_process child = CHILD_PROCESS_INIT;
1628 int fsck_objects = (receive_fsck_objects >= 0
1629 ? receive_fsck_objects
1630 : transfer_fsck_objects >= 0
1631 ? transfer_fsck_objects
1632 : 0);
1634 hdr_err = parse_pack_header(&hdr);
1635 if (hdr_err) {
1636 if (err_fd > 0)
1637 close(err_fd);
1638 return hdr_err;
1640 snprintf(hdr_arg, sizeof(hdr_arg),
1641 "--pack_header=%"PRIu32",%"PRIu32,
1642 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1644 if (si->nr_ours || si->nr_theirs) {
1645 alt_shallow_file = setup_temporary_shallow(si->shallow);
1646 argv_array_push(&child.args, "--shallow-file");
1647 argv_array_push(&child.args, alt_shallow_file);
1650 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1651 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1652 if (quiet)
1653 argv_array_push(&child.args, "-q");
1654 if (fsck_objects)
1655 argv_array_pushf(&child.args, "--strict%s",
1656 fsck_msg_types.buf);
1657 if (max_input_size)
1658 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1659 (uintmax_t)max_input_size);
1660 child.no_stdout = 1;
1661 child.err = err_fd;
1662 child.git_cmd = 1;
1663 status = run_command(&child);
1664 if (status)
1665 return "unpack-objects abnormal exit";
1666 } else {
1667 char hostname[256];
1669 argv_array_pushl(&child.args, "index-pack",
1670 "--stdin", hdr_arg, NULL);
1672 if (gethostname(hostname, sizeof(hostname)))
1673 xsnprintf(hostname, sizeof(hostname), "localhost");
1674 argv_array_pushf(&child.args,
1675 "--keep=receive-pack %"PRIuMAX" on %s",
1676 (uintmax_t)getpid(),
1677 hostname);
1679 if (!quiet && err_fd)
1680 argv_array_push(&child.args, "--show-resolving-progress");
1681 if (use_sideband)
1682 argv_array_push(&child.args, "--report-end-of-input");
1683 if (fsck_objects)
1684 argv_array_pushf(&child.args, "--strict%s",
1685 fsck_msg_types.buf);
1686 if (!reject_thin)
1687 argv_array_push(&child.args, "--fix-thin");
1688 if (max_input_size)
1689 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1690 (uintmax_t)max_input_size);
1691 child.out = -1;
1692 child.err = err_fd;
1693 child.git_cmd = 1;
1694 status = start_command(&child);
1695 if (status)
1696 return "index-pack fork failed";
1697 pack_lockfile = index_pack_lockfile(child.out);
1698 close(child.out);
1699 status = finish_command(&child);
1700 if (status)
1701 return "index-pack abnormal exit";
1702 reprepare_packed_git();
1704 return NULL;
1707 static const char *unpack_with_sideband(struct shallow_info *si)
1709 struct async muxer;
1710 const char *ret;
1712 if (!use_sideband)
1713 return unpack(0, si);
1715 use_keepalive = KEEPALIVE_AFTER_NUL;
1716 memset(&muxer, 0, sizeof(muxer));
1717 muxer.proc = copy_to_sideband;
1718 muxer.in = -1;
1719 if (start_async(&muxer))
1720 return NULL;
1722 ret = unpack(muxer.in, si);
1724 finish_async(&muxer);
1725 return ret;
1728 static void prepare_shallow_update(struct command *commands,
1729 struct shallow_info *si)
1731 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1733 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1734 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1736 si->need_reachability_test =
1737 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1738 si->reachable =
1739 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1740 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1742 for (i = 0; i < si->nr_ours; i++)
1743 si->need_reachability_test[si->ours[i]] = 1;
1745 for (i = 0; i < si->shallow->nr; i++) {
1746 if (!si->used_shallow[i])
1747 continue;
1748 for (j = 0; j < bitmap_size; j++) {
1749 if (!si->used_shallow[i][j])
1750 continue;
1751 si->need_reachability_test[i]++;
1752 for (k = 0; k < 32; k++)
1753 if (si->used_shallow[i][j] & (1U << k))
1754 si->shallow_ref[j * 32 + k]++;
1758 * true for those associated with some refs and belong
1759 * in "ours" list aka "step 7 not done yet"
1761 si->need_reachability_test[i] =
1762 si->need_reachability_test[i] > 1;
1766 * keep hooks happy by forcing a temporary shallow file via
1767 * env variable because we can't add --shallow-file to every
1768 * command. check_everything_connected() will be done with
1769 * true .git/shallow though.
1771 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1774 static void update_shallow_info(struct command *commands,
1775 struct shallow_info *si,
1776 struct sha1_array *ref)
1778 struct command *cmd;
1779 int *ref_status;
1780 remove_nonexistent_theirs_shallow(si);
1781 if (!si->nr_ours && !si->nr_theirs) {
1782 shallow_update = 0;
1783 return;
1786 for (cmd = commands; cmd; cmd = cmd->next) {
1787 if (is_null_sha1(cmd->new_sha1))
1788 continue;
1789 sha1_array_append(ref, cmd->new_sha1);
1790 cmd->index = ref->nr - 1;
1792 si->ref = ref;
1794 if (shallow_update) {
1795 prepare_shallow_update(commands, si);
1796 return;
1799 ALLOC_ARRAY(ref_status, ref->nr);
1800 assign_shallow_commits_to_refs(si, NULL, ref_status);
1801 for (cmd = commands; cmd; cmd = cmd->next) {
1802 if (is_null_sha1(cmd->new_sha1))
1803 continue;
1804 if (ref_status[cmd->index]) {
1805 cmd->error_string = "shallow update not allowed";
1806 cmd->skip_update = 1;
1809 free(ref_status);
1812 static void report(struct command *commands, const char *unpack_status)
1814 struct command *cmd;
1815 struct strbuf buf = STRBUF_INIT;
1817 packet_buf_write(&buf, "unpack %s\n",
1818 unpack_status ? unpack_status : "ok");
1819 for (cmd = commands; cmd; cmd = cmd->next) {
1820 if (!cmd->error_string)
1821 packet_buf_write(&buf, "ok %s\n",
1822 cmd->ref_name);
1823 else
1824 packet_buf_write(&buf, "ng %s %s\n",
1825 cmd->ref_name, cmd->error_string);
1827 packet_buf_flush(&buf);
1829 if (use_sideband)
1830 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1831 else
1832 write_or_die(1, buf.buf, buf.len);
1833 strbuf_release(&buf);
1836 static int delete_only(struct command *commands)
1838 struct command *cmd;
1839 for (cmd = commands; cmd; cmd = cmd->next) {
1840 if (!is_null_sha1(cmd->new_sha1))
1841 return 0;
1843 return 1;
1846 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1848 int advertise_refs = 0;
1849 struct command *commands;
1850 struct sha1_array shallow = SHA1_ARRAY_INIT;
1851 struct sha1_array ref = SHA1_ARRAY_INIT;
1852 struct shallow_info si;
1854 struct option options[] = {
1855 OPT__QUIET(&quiet, N_("quiet")),
1856 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1857 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1858 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1859 OPT_END()
1862 packet_trace_identity("receive-pack");
1864 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1866 if (argc > 1)
1867 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1868 if (argc == 0)
1869 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1871 service_dir = argv[0];
1873 setup_path();
1875 if (!enter_repo(service_dir, 0))
1876 die("'%s' does not appear to be a git repository", service_dir);
1878 git_config(receive_pack_config, NULL);
1879 if (cert_nonce_seed)
1880 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1882 if (0 <= transfer_unpack_limit)
1883 unpack_limit = transfer_unpack_limit;
1884 else if (0 <= receive_unpack_limit)
1885 unpack_limit = receive_unpack_limit;
1887 if (advertise_refs || !stateless_rpc) {
1888 write_head_info();
1890 if (advertise_refs)
1891 return 0;
1893 if ((commands = read_head_info(&shallow)) != NULL) {
1894 const char *unpack_status = NULL;
1895 struct string_list push_options = STRING_LIST_INIT_DUP;
1897 if (use_push_options)
1898 read_push_options(&push_options);
1900 prepare_shallow_info(&si, &shallow);
1901 if (!si.nr_ours && !si.nr_theirs)
1902 shallow_update = 0;
1903 if (!delete_only(commands)) {
1904 unpack_status = unpack_with_sideband(&si);
1905 update_shallow_info(commands, &si, &ref);
1907 use_keepalive = KEEPALIVE_ALWAYS;
1908 execute_commands(commands, unpack_status, &si,
1909 &push_options);
1910 if (pack_lockfile)
1911 unlink_or_warn(pack_lockfile);
1912 if (report_status)
1913 report(commands, unpack_status);
1914 run_receive_hook(commands, "post-receive", 1,
1915 &push_options);
1916 run_update_post_hook(commands);
1917 if (push_options.nr)
1918 string_list_clear(&push_options, 0);
1919 if (auto_gc) {
1920 const char *argv_gc_auto[] = {
1921 "gc", "--auto", "--quiet", NULL,
1923 struct child_process proc = CHILD_PROCESS_INIT;
1925 proc.no_stdin = 1;
1926 proc.stdout_to_stderr = 1;
1927 proc.err = use_sideband ? -1 : 0;
1928 proc.git_cmd = 1;
1929 proc.argv = argv_gc_auto;
1931 close_all_packs();
1932 if (!start_command(&proc)) {
1933 if (use_sideband)
1934 copy_to_sideband(proc.err, -1, NULL);
1935 finish_command(&proc);
1938 if (auto_update_server_info)
1939 update_server_info(0);
1940 clear_shallow_info(&si);
1942 if (use_sideband)
1943 packet_flush(1);
1944 sha1_array_clear(&shallow);
1945 sha1_array_clear(&ref);
1946 free((void *)push_cert_nonce);
1947 return 0;