search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
receive-pack: plug memory leak in update()
[git.git] / builtin / receive-pack.c
blob48c07ddb65930ed6fd529aed9d90da5618da678b
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23 #include "tmp-objdir.h"
24 #include "oidset.h"
25
26 static const char * const receive_pack_usage[] = {
27 N_("git receive-pack <git-dir>"),
28 NULL
29 };
30
31 enum deny_action {
32 DENY_UNCONFIGURED,
33 DENY_IGNORE,
34 DENY_WARN,
35 DENY_REFUSE,
36 DENY_UPDATE_INSTEAD
37 };
38
39 static int deny_deletes;
40 static int deny_non_fast_forwards;
41 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
42 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
43 static int receive_fsck_objects = -1;
44 static int transfer_fsck_objects = -1;
45 static struct strbuf fsck_msg_types = STRBUF_INIT;
46 static int receive_unpack_limit = -1;
47 static int transfer_unpack_limit = -1;
48 static int advertise_atomic_push = 1;
49 static int advertise_push_options;
50 static int unpack_limit = 100;
51 static off_t max_input_size;
52 static int report_status;
53 static int use_sideband;
54 static int use_atomic;
55 static int use_push_options;
56 static int quiet;
57 static int prefer_ofs_delta = 1;
58 static int auto_update_server_info;
59 static int auto_gc = 1;
60 static int reject_thin;
61 static int stateless_rpc;
62 static const char *service_dir;
63 static const char *head_name;
64 static void *head_name_to_free;
65 static int sent_capabilities;
66 static int shallow_update;
67 static const char *alt_shallow_file;
68 static struct strbuf push_cert = STRBUF_INIT;
69 static unsigned char push_cert_sha1[20];
70 static struct signature_check sigcheck;
71 static const char *push_cert_nonce;
72 static const char *cert_nonce_seed;
73
74 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
75 static const char *NONCE_BAD = "BAD";
76 static const char *NONCE_MISSING = "MISSING";
77 static const char *NONCE_OK = "OK";
78 static const char *NONCE_SLOP = "SLOP";
79 static const char *nonce_status;
80 static long nonce_stamp_slop;
81 static unsigned long nonce_stamp_slop_limit;
82 static struct ref_transaction *transaction;
83
84 static enum {
85 KEEPALIVE_NEVER = 0,
86 KEEPALIVE_AFTER_NUL,
87 KEEPALIVE_ALWAYS
88 } use_keepalive;
89 static int keepalive_in_sec = 5;
90
91 static struct tmp_objdir *tmp_objdir;
92
93 static enum deny_action parse_deny_action(const char *var, const char *value)
94 {
95 if (value) {
96 if (!strcasecmp(value, "ignore"))
97 return DENY_IGNORE;
98 if (!strcasecmp(value, "warn"))
99 return DENY_WARN;
100 if (!strcasecmp(value, "refuse"))
101 return DENY_REFUSE;
102 if (!strcasecmp(value, "updateinstead"))
103 return DENY_UPDATE_INSTEAD;
104 }
105 if (git_config_bool(var, value))
106 return DENY_REFUSE;
107 return DENY_IGNORE;
108 }
109
110 static int receive_pack_config(const char *var, const char *value, void *cb)
111 {
112 int status = parse_hide_refs_config(var, value, "receive");
113
114 if (status)
115 return status;
116
117 if (strcmp(var, "receive.denydeletes") == 0) {
118 deny_deletes = git_config_bool(var, value);
119 return 0;
120 }
121
122 if (strcmp(var, "receive.denynonfastforwards") == 0) {
123 deny_non_fast_forwards = git_config_bool(var, value);
124 return 0;
125 }
126
127 if (strcmp(var, "receive.unpacklimit") == 0) {
128 receive_unpack_limit = git_config_int(var, value);
129 return 0;
130 }
131
132 if (strcmp(var, "transfer.unpacklimit") == 0) {
133 transfer_unpack_limit = git_config_int(var, value);
134 return 0;
135 }
136
137 if (strcmp(var, "receive.fsck.skiplist") == 0) {
138 const char *path;
139
140 if (git_config_pathname(&path, var, value))
141 return 1;
142 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
143 fsck_msg_types.len ? ',' : '=', path);
144 free((char *)path);
145 return 0;
146 }
147
148 if (skip_prefix(var, "receive.fsck.", &var)) {
149 if (is_valid_msg_type(var, value))
150 strbuf_addf(&fsck_msg_types, "%c%s=%s",
151 fsck_msg_types.len ? ',' : '=', var, value);
152 else
153 warning("Skipping unknown msg id '%s'", var);
154 return 0;
155 }
156
157 if (strcmp(var, "receive.fsckobjects") == 0) {
158 receive_fsck_objects = git_config_bool(var, value);
159 return 0;
160 }
161
162 if (strcmp(var, "transfer.fsckobjects") == 0) {
163 transfer_fsck_objects = git_config_bool(var, value);
164 return 0;
165 }
166
167 if (!strcmp(var, "receive.denycurrentbranch")) {
168 deny_current_branch = parse_deny_action(var, value);
169 return 0;
170 }
171
172 if (strcmp(var, "receive.denydeletecurrent") == 0) {
173 deny_delete_current = parse_deny_action(var, value);
174 return 0;
175 }
176
177 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
178 prefer_ofs_delta = git_config_bool(var, value);
179 return 0;
180 }
181
182 if (strcmp(var, "receive.updateserverinfo") == 0) {
183 auto_update_server_info = git_config_bool(var, value);
184 return 0;
185 }
186
187 if (strcmp(var, "receive.autogc") == 0) {
188 auto_gc = git_config_bool(var, value);
189 return 0;
190 }
191
192 if (strcmp(var, "receive.shallowupdate") == 0) {
193 shallow_update = git_config_bool(var, value);
194 return 0;
195 }
196
197 if (strcmp(var, "receive.certnonceseed") == 0)
198 return git_config_string(&cert_nonce_seed, var, value);
199
200 if (strcmp(var, "receive.certnonceslop") == 0) {
201 nonce_stamp_slop_limit = git_config_ulong(var, value);
202 return 0;
203 }
204
205 if (strcmp(var, "receive.advertiseatomic") == 0) {
206 advertise_atomic_push = git_config_bool(var, value);
207 return 0;
208 }
209
210 if (strcmp(var, "receive.advertisepushoptions") == 0) {
211 advertise_push_options = git_config_bool(var, value);
212 return 0;
213 }
214
215 if (strcmp(var, "receive.keepalive") == 0) {
216 keepalive_in_sec = git_config_int(var, value);
217 return 0;
218 }
219
220 if (strcmp(var, "receive.maxinputsize") == 0) {
221 max_input_size = git_config_int64(var, value);
222 return 0;
223 }
224
225 return git_default_config(var, value, cb);
226 }
227
228 static void show_ref(const char *path, const struct object_id *oid)
229 {
230 if (sent_capabilities) {
231 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
232 } else {
233 struct strbuf cap = STRBUF_INIT;
234
235 strbuf_addstr(&cap,
236 "report-status delete-refs side-band-64k quiet");
237 if (advertise_atomic_push)
238 strbuf_addstr(&cap, " atomic");
239 if (prefer_ofs_delta)
240 strbuf_addstr(&cap, " ofs-delta");
241 if (push_cert_nonce)
242 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
243 if (advertise_push_options)
244 strbuf_addstr(&cap, " push-options");
245 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
246 packet_write_fmt(1, "%s %s%c%s\n",
247 oid_to_hex(oid), path, 0, cap.buf);
248 strbuf_release(&cap);
249 sent_capabilities = 1;
250 }
251 }
252
253 static int show_ref_cb(const char *path_full, const struct object_id *oid,
254 int flag, void *data)
255 {
256 struct oidset *seen = data;
257 const char *path = strip_namespace(path_full);
258
259 if (ref_is_hidden(path, path_full))
260 return 0;
261
262 /*
263 * Advertise refs outside our current namespace as ".have"
264 * refs, so that the client can use them to minimize data
265 * transfer but will otherwise ignore them.
266 */
267 if (!path) {
268 if (oidset_insert(seen, oid))
269 return 0;
270 path = ".have";
271 } else {
272 oidset_insert(seen, oid);
273 }
274 show_ref(path, oid);
275 return 0;
276 }
277
278 static void show_one_alternate_ref(const char *refname,
279 const struct object_id *oid,
280 void *data)
281 {
282 struct oidset *seen = data;
283
284 if (oidset_insert(seen, oid))
285 return;
286
287 show_ref(".have", oid);
288 }
289
290 static void write_head_info(void)
291 {
292 static struct oidset seen = OIDSET_INIT;
293
294 for_each_ref(show_ref_cb, &seen);
295 for_each_alternate_ref(show_one_alternate_ref, &seen);
296 oidset_clear(&seen);
297 if (!sent_capabilities)
298 show_ref("capabilities^{}", &null_oid);
299
300 advertise_shallow_grafts(1);
301
302 /* EOF */
303 packet_flush(1);
304 }
305
306 struct command {
307 struct command *next;
308 const char *error_string;
309 unsigned int skip_update:1,
310 did_not_exist:1;
311 int index;
312 struct object_id old_oid;
313 struct object_id new_oid;
314 char ref_name[FLEX_ARRAY]; /* more */
315 };
316
317 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
318 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
319
320 static void report_message(const char *prefix, const char *err, va_list params)
321 {
322 int sz;
323 char msg[4096];
324
325 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
326 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
327 if (sz > (sizeof(msg) - 1))
328 sz = sizeof(msg) - 1;
329 msg[sz++] = '\n';
330
331 if (use_sideband)
332 send_sideband(1, 2, msg, sz, use_sideband);
333 else
334 xwrite(2, msg, sz);
335 }
336
337 static void rp_warning(const char *err, ...)
338 {
339 va_list params;
340 va_start(params, err);
341 report_message("warning: ", err, params);
342 va_end(params);
343 }
344
345 static void rp_error(const char *err, ...)
346 {
347 va_list params;
348 va_start(params, err);
349 report_message("error: ", err, params);
350 va_end(params);
351 }
352
353 static int copy_to_sideband(int in, int out, void *arg)
354 {
355 char data[128];
356 int keepalive_active = 0;
357
358 if (keepalive_in_sec <= 0)
359 use_keepalive = KEEPALIVE_NEVER;
360 if (use_keepalive == KEEPALIVE_ALWAYS)
361 keepalive_active = 1;
362
363 while (1) {
364 ssize_t sz;
365
366 if (keepalive_active) {
367 struct pollfd pfd;
368 int ret;
369
370 pfd.fd = in;
371 pfd.events = POLLIN;
372 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
373
374 if (ret < 0) {
375 if (errno == EINTR)
376 continue;
377 else
378 break;
379 } else if (ret == 0) {
380 /* no data; send a keepalive packet */
381 static const char buf[] = "0005\1";
382 write_or_die(1, buf, sizeof(buf) - 1);
383 continue;
384 } /* else there is actual data to read */
385 }
386
387 sz = xread(in, data, sizeof(data));
388 if (sz <= 0)
389 break;
390
391 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
392 const char *p = memchr(data, '\0', sz);
393 if (p) {
394 /*
395 * The NUL tells us to start sending keepalives. Make
396 * sure we send any other data we read along
397 * with it.
398 */
399 keepalive_active = 1;
400 send_sideband(1, 2, data, p - data, use_sideband);
401 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
402 continue;
403 }
404 }
405
406 /*
407 * Either we're not looking for a NUL signal, or we didn't see
408 * it yet; just pass along the data.
409 */
410 send_sideband(1, 2, data, sz, use_sideband);
411 }
412 close(in);
413 return 0;
414 }
415
416 #define HMAC_BLOCK_SIZE 64
417
418 static void hmac_sha1(unsigned char *out,
419 const char *key_in, size_t key_len,
420 const char *text, size_t text_len)
421 {
422 unsigned char key[HMAC_BLOCK_SIZE];
423 unsigned char k_ipad[HMAC_BLOCK_SIZE];
424 unsigned char k_opad[HMAC_BLOCK_SIZE];
425 int i;
426 git_SHA_CTX ctx;
427
428 /* RFC 2104 2. (1) */
429 memset(key, '\0', HMAC_BLOCK_SIZE);
430 if (HMAC_BLOCK_SIZE < key_len) {
431 git_SHA1_Init(&ctx);
432 git_SHA1_Update(&ctx, key_in, key_len);
433 git_SHA1_Final(key, &ctx);
434 } else {
435 memcpy(key, key_in, key_len);
436 }
437
438 /* RFC 2104 2. (2) & (5) */
439 for (i = 0; i < sizeof(key); i++) {
440 k_ipad[i] = key[i] ^ 0x36;
441 k_opad[i] = key[i] ^ 0x5c;
442 }
443
444 /* RFC 2104 2. (3) & (4) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
447 git_SHA1_Update(&ctx, text, text_len);
448 git_SHA1_Final(out, &ctx);
449
450 /* RFC 2104 2. (6) & (7) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
453 git_SHA1_Update(&ctx, out, 20);
454 git_SHA1_Final(out, &ctx);
455 }
456
457 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
458 {
459 struct strbuf buf = STRBUF_INIT;
460 unsigned char sha1[20];
461
462 strbuf_addf(&buf, "%s:%lu", path, stamp);
463 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
464 strbuf_release(&buf);
465
466 /* RFC 2104 5. HMAC-SHA1-80 */
467 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
468 return strbuf_detach(&buf, NULL);
469 }
470
471 /*
472 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
473 * after dropping "_commit" from its name and possibly moving it out
474 * of commit.c
475 */
476 static char *find_header(const char *msg, size_t len, const char *key)
477 {
478 int key_len = strlen(key);
479 const char *line = msg;
480
481 while (line && line < msg + len) {
482 const char *eol = strchrnul(line, '\n');
483
484 if ((msg + len <= eol) || line == eol)
485 return NULL;
486 if (line + key_len < eol &&
487 !memcmp(line, key, key_len) && line[key_len] == ' ') {
488 int offset = key_len + 1;
489 return xmemdupz(line + offset, (eol - line) - offset);
490 }
491 line = *eol ? eol + 1 : NULL;
492 }
493 return NULL;
494 }
495
496 static const char *check_nonce(const char *buf, size_t len)
497 {
498 char *nonce = find_header(buf, len, "nonce");
499 unsigned long stamp, ostamp;
500 char *bohmac, *expect = NULL;
501 const char *retval = NONCE_BAD;
502
503 if (!nonce) {
504 retval = NONCE_MISSING;
505 goto leave;
506 } else if (!push_cert_nonce) {
507 retval = NONCE_UNSOLICITED;
508 goto leave;
509 } else if (!strcmp(push_cert_nonce, nonce)) {
510 retval = NONCE_OK;
511 goto leave;
512 }
513
514 if (!stateless_rpc) {
515 /* returned nonce MUST match what we gave out earlier */
516 retval = NONCE_BAD;
517 goto leave;
518 }
519
520 /*
521 * In stateless mode, we may be receiving a nonce issued by
522 * another instance of the server that serving the same
523 * repository, and the timestamps may not match, but the
524 * nonce-seed and dir should match, so we can recompute and
525 * report the time slop.
526 *
527 * In addition, when a nonce issued by another instance has
528 * timestamp within receive.certnonceslop seconds, we pretend
529 * as if we issued that nonce when reporting to the hook.
530 */
531
532 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
533 if (*nonce <= '0' || '9' < *nonce) {
534 retval = NONCE_BAD;
535 goto leave;
536 }
537 stamp = strtoul(nonce, &bohmac, 10);
538 if (bohmac == nonce || bohmac[0] != '-') {
539 retval = NONCE_BAD;
540 goto leave;
541 }
542
543 expect = prepare_push_cert_nonce(service_dir, stamp);
544 if (strcmp(expect, nonce)) {
545 /* Not what we would have signed earlier */
546 retval = NONCE_BAD;
547 goto leave;
548 }
549
550 /*
551 * By how many seconds is this nonce stale? Negative value
552 * would mean it was issued by another server with its clock
553 * skewed in the future.
554 */
555 ostamp = strtoul(push_cert_nonce, NULL, 10);
556 nonce_stamp_slop = (long)ostamp - (long)stamp;
557
558 if (nonce_stamp_slop_limit &&
559 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
560 /*
561 * Pretend as if the received nonce (which passes the
562 * HMAC check, so it is not a forged by third-party)
563 * is what we issued.
564 */
565 free((void *)push_cert_nonce);
566 push_cert_nonce = xstrdup(nonce);
567 retval = NONCE_OK;
568 } else {
569 retval = NONCE_SLOP;
570 }
571
572 leave:
573 free(nonce);
574 free(expect);
575 return retval;
576 }
577
578 static void prepare_push_cert_sha1(struct child_process *proc)
579 {
580 static int already_done;
581
582 if (!push_cert.len)
583 return;
584
585 if (!already_done) {
586 struct strbuf gpg_output = STRBUF_INIT;
587 struct strbuf gpg_status = STRBUF_INIT;
588 int bogs /* beginning_of_gpg_sig */;
589
590 already_done = 1;
591 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
592 hashclr(push_cert_sha1);
593
594 memset(&sigcheck, '\0', sizeof(sigcheck));
595 sigcheck.result = 'N';
596
597 bogs = parse_signature(push_cert.buf, push_cert.len);
598 if (verify_signed_buffer(push_cert.buf, bogs,
599 push_cert.buf + bogs, push_cert.len - bogs,
600 &gpg_output, &gpg_status) < 0) {
601 ; /* error running gpg */
602 } else {
603 sigcheck.payload = push_cert.buf;
604 sigcheck.gpg_output = gpg_output.buf;
605 sigcheck.gpg_status = gpg_status.buf;
606 parse_gpg_output(&sigcheck);
607 }
608
609 strbuf_release(&gpg_output);
610 strbuf_release(&gpg_status);
611 nonce_status = check_nonce(push_cert.buf, bogs);
612 }
613 if (!is_null_sha1(push_cert_sha1)) {
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
615 sha1_to_hex(push_cert_sha1));
616 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
617 sigcheck.signer ? sigcheck.signer : "");
618 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
619 sigcheck.key ? sigcheck.key : "");
620 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
621 sigcheck.result);
622 if (push_cert_nonce) {
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE=%s",
625 push_cert_nonce);
626 argv_array_pushf(&proc->env_array,
627 "GIT_PUSH_CERT_NONCE_STATUS=%s",
628 nonce_status);
629 if (nonce_status == NONCE_SLOP)
630 argv_array_pushf(&proc->env_array,
631 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
632 nonce_stamp_slop);
633 }
634 }
635 }
636
637 struct receive_hook_feed_state {
638 struct command *cmd;
639 int skip_broken;
640 struct strbuf buf;
641 const struct string_list *push_options;
642 };
643
644 typedef int (*feed_fn)(void *, const char **, size_t *);
645 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
646 struct receive_hook_feed_state *feed_state)
647 {
648 struct child_process proc = CHILD_PROCESS_INIT;
649 struct async muxer;
650 const char *argv[2];
651 int code;
652
653 argv[0] = find_hook(hook_name);
654 if (!argv[0])
655 return 0;
656
657 argv[1] = NULL;
658
659 proc.argv = argv;
660 proc.in = -1;
661 proc.stdout_to_stderr = 1;
662 if (feed_state->push_options) {
663 int i;
664 for (i = 0; i < feed_state->push_options->nr; i++)
665 argv_array_pushf(&proc.env_array,
666 "GIT_PUSH_OPTION_%d=%s", i,
667 feed_state->push_options->items[i].string);
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
669 feed_state->push_options->nr);
670 } else
671 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
672
673 if (tmp_objdir)
674 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
675
676 if (use_sideband) {
677 memset(&muxer, 0, sizeof(muxer));
678 muxer.proc = copy_to_sideband;
679 muxer.in = -1;
680 code = start_async(&muxer);
681 if (code)
682 return code;
683 proc.err = muxer.in;
684 }
685
686 prepare_push_cert_sha1(&proc);
687
688 code = start_command(&proc);
689 if (code) {
690 if (use_sideband)
691 finish_async(&muxer);
692 return code;
693 }
694
695 sigchain_push(SIGPIPE, SIG_IGN);
696
697 while (1) {
698 const char *buf;
699 size_t n;
700 if (feed(feed_state, &buf, &n))
701 break;
702 if (write_in_full(proc.in, buf, n) != n)
703 break;
704 }
705 close(proc.in);
706 if (use_sideband)
707 finish_async(&muxer);
708
709 sigchain_pop(SIGPIPE);
710
711 return finish_command(&proc);
712 }
713
714 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
715 {
716 struct receive_hook_feed_state *state = state_;
717 struct command *cmd = state->cmd;
718
719 while (cmd &&
720 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
721 cmd = cmd->next;
722 if (!cmd)
723 return -1; /* EOF */
724 strbuf_reset(&state->buf);
725 strbuf_addf(&state->buf, "%s %s %s\n",
726 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
727 cmd->ref_name);
728 state->cmd = cmd->next;
729 if (bufp) {
730 *bufp = state->buf.buf;
731 *sizep = state->buf.len;
732 }
733 return 0;
734 }
735
736 static int run_receive_hook(struct command *commands,
737 const char *hook_name,
738 int skip_broken,
739 const struct string_list *push_options)
740 {
741 struct receive_hook_feed_state state;
742 int status;
743
744 strbuf_init(&state.buf, 0);
745 state.cmd = commands;
746 state.skip_broken = skip_broken;
747 if (feed_receive_hook(&state, NULL, NULL))
748 return 0;
749 state.cmd = commands;
750 state.push_options = push_options;
751 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
752 strbuf_release(&state.buf);
753 return status;
754 }
755
756 static int run_update_hook(struct command *cmd)
757 {
758 const char *argv[5];
759 struct child_process proc = CHILD_PROCESS_INIT;
760 int code;
761
762 argv[0] = find_hook("update");
763 if (!argv[0])
764 return 0;
765
766 argv[1] = cmd->ref_name;
767 argv[2] = oid_to_hex(&cmd->old_oid);
768 argv[3] = oid_to_hex(&cmd->new_oid);
769 argv[4] = NULL;
770
771 proc.no_stdin = 1;
772 proc.stdout_to_stderr = 1;
773 proc.err = use_sideband ? -1 : 0;
774 proc.argv = argv;
775
776 code = start_command(&proc);
777 if (code)
778 return code;
779 if (use_sideband)
780 copy_to_sideband(proc.err, -1, NULL);
781 return finish_command(&proc);
782 }
783
784 static int is_ref_checked_out(const char *ref)
785 {
786 if (is_bare_repository())
787 return 0;
788
789 if (!head_name)
790 return 0;
791 return !strcmp(head_name, ref);
792 }
793
794 static char *refuse_unconfigured_deny_msg =
795 N_("By default, updating the current branch in a non-bare repository\n"
796 "is denied, because it will make the index and work tree inconsistent\n"
797 "with what you pushed, and will require 'git reset --hard' to match\n"
798 "the work tree to HEAD.\n"
799 "\n"
800 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
801 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
802 "its current branch; however, this is not recommended unless you\n"
803 "arranged to update its work tree to match what you pushed in some\n"
804 "other way.\n"
805 "\n"
806 "To squelch this message and still keep the default behaviour, set\n"
807 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
808
809 static void refuse_unconfigured_deny(void)
810 {
811 rp_error("%s", _(refuse_unconfigured_deny_msg));
812 }
813
814 static char *refuse_unconfigured_deny_delete_current_msg =
815 N_("By default, deleting the current branch is denied, because the next\n"
816 "'git clone' won't result in any file checked out, causing confusion.\n"
817 "\n"
818 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
819 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
820 "current branch, with or without a warning message.\n"
821 "\n"
822 "To squelch this message, you can set it to 'refuse'.");
823
824 static void refuse_unconfigured_deny_delete_current(void)
825 {
826 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
827 }
828
829 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
830 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
831 {
832 static struct lock_file shallow_lock;
833 struct oid_array extra = OID_ARRAY_INIT;
834 struct check_connected_options opt = CHECK_CONNECTED_INIT;
835 uint32_t mask = 1 << (cmd->index % 32);
836 int i;
837
838 trace_printf_key(&trace_shallow,
839 "shallow: update_shallow_ref %s\n", cmd->ref_name);
840 for (i = 0; i < si->shallow->nr; i++)
841 if (si->used_shallow[i] &&
842 (si->used_shallow[i][cmd->index / 32] & mask) &&
843 !delayed_reachability_test(si, i))
844 oid_array_append(&extra, &si->shallow->oid[i]);
845
846 opt.env = tmp_objdir_env(tmp_objdir);
847 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
848 if (check_connected(command_singleton_iterator, cmd, &opt)) {
849 rollback_lock_file(&shallow_lock);
850 oid_array_clear(&extra);
851 return -1;
852 }
853
854 commit_lock_file(&shallow_lock);
855
856 /*
857 * Make sure setup_alternate_shallow() for the next ref does
858 * not lose these new roots..
859 */
860 for (i = 0; i < extra.nr; i++)
861 register_shallow(extra.oid[i].hash);
862
863 si->shallow_ref[cmd->index] = 0;
864 oid_array_clear(&extra);
865 return 0;
866 }
867
868 /*
869 * NEEDSWORK: we should consolidate various implementions of "are we
870 * on an unborn branch?" test into one, and make the unified one more
871 * robust. !get_sha1() based check used here and elsewhere would not
872 * allow us to tell an unborn branch from corrupt ref, for example.
873 * For the purpose of fixing "deploy-to-update does not work when
874 * pushing into an empty repository" issue, this should suffice for
875 * now.
876 */
877 static int head_has_history(void)
878 {
879 unsigned char sha1[20];
880
881 return !get_sha1("HEAD", sha1);
882 }
883
884 static const char *push_to_deploy(unsigned char *sha1,
885 struct argv_array *env,
886 const char *work_tree)
887 {
888 const char *update_refresh[] = {
889 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
890 };
891 const char *diff_files[] = {
892 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
893 };
894 const char *diff_index[] = {
895 "diff-index", "--quiet", "--cached", "--ignore-submodules",
896 NULL, "--", NULL
897 };
898 const char *read_tree[] = {
899 "read-tree", "-u", "-m", NULL, NULL
900 };
901 struct child_process child = CHILD_PROCESS_INIT;
902
903 child.argv = update_refresh;
904 child.env = env->argv;
905 child.dir = work_tree;
906 child.no_stdin = 1;
907 child.stdout_to_stderr = 1;
908 child.git_cmd = 1;
909 if (run_command(&child))
910 return "Up-to-date check failed";
911
912 /* run_command() does not clean up completely; reinitialize */
913 child_process_init(&child);
914 child.argv = diff_files;
915 child.env = env->argv;
916 child.dir = work_tree;
917 child.no_stdin = 1;
918 child.stdout_to_stderr = 1;
919 child.git_cmd = 1;
920 if (run_command(&child))
921 return "Working directory has unstaged changes";
922
923 /* diff-index with either HEAD or an empty tree */
924 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
925
926 child_process_init(&child);
927 child.argv = diff_index;
928 child.env = env->argv;
929 child.no_stdin = 1;
930 child.no_stdout = 1;
931 child.stdout_to_stderr = 0;
932 child.git_cmd = 1;
933 if (run_command(&child))
934 return "Working directory has staged changes";
935
936 read_tree[3] = sha1_to_hex(sha1);
937 child_process_init(&child);
938 child.argv = read_tree;
939 child.env = env->argv;
940 child.dir = work_tree;
941 child.no_stdin = 1;
942 child.no_stdout = 1;
943 child.stdout_to_stderr = 0;
944 child.git_cmd = 1;
945 if (run_command(&child))
946 return "Could not update working tree to new HEAD";
947
948 return NULL;
949 }
950
951 static const char *push_to_checkout_hook = "push-to-checkout";
952
953 static const char *push_to_checkout(unsigned char *sha1,
954 struct argv_array *env,
955 const char *work_tree)
956 {
957 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
958 if (run_hook_le(env->argv, push_to_checkout_hook,
959 sha1_to_hex(sha1), NULL))
960 return "push-to-checkout hook declined";
961 else
962 return NULL;
963 }
964
965 static const char *update_worktree(unsigned char *sha1)
966 {
967 const char *retval;
968 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
969 struct argv_array env = ARGV_ARRAY_INIT;
970
971 if (is_bare_repository())
972 return "denyCurrentBranch = updateInstead needs a worktree";
973
974 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
975
976 if (!find_hook(push_to_checkout_hook))
977 retval = push_to_deploy(sha1, &env, work_tree);
978 else
979 retval = push_to_checkout(sha1, &env, work_tree);
980
981 argv_array_clear(&env);
982 return retval;
983 }
984
985 static const char *update(struct command *cmd, struct shallow_info *si)
986 {
987 const char *name = cmd->ref_name;
988 struct strbuf namespaced_name_buf = STRBUF_INIT;
989 static char *namespaced_name;
990 const char *ret;
991 struct object_id *old_oid = &cmd->old_oid;
992 struct object_id *new_oid = &cmd->new_oid;
993
994 /* only refs/... are allowed */
995 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
996 rp_error("refusing to create funny ref '%s' remotely", name);
997 return "funny refname";
998 }
999
1000 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1001 free(namespaced_name);
1002 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1003
1004 if (is_ref_checked_out(namespaced_name)) {
1005 switch (deny_current_branch) {
1006 case DENY_IGNORE:
1007 break;
1008 case DENY_WARN:
1009 rp_warning("updating the current branch");
1010 break;
1011 case DENY_REFUSE:
1012 case DENY_UNCONFIGURED:
1013 rp_error("refusing to update checked out branch: %s", name);
1014 if (deny_current_branch == DENY_UNCONFIGURED)
1015 refuse_unconfigured_deny();
1016 return "branch is currently checked out";
1017 case DENY_UPDATE_INSTEAD:
1018 ret = update_worktree(new_oid->hash);
1019 if (ret)
1020 return ret;
1021 break;
1022 }
1023 }
1024
1025 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1026 error("unpack should have generated %s, "
1027 "but I can't find it!", oid_to_hex(new_oid));
1028 return "bad pack";
1029 }
1030
1031 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1032 if (deny_deletes && starts_with(name, "refs/heads/")) {
1033 rp_error("denying ref deletion for %s", name);
1034 return "deletion prohibited";
1035 }
1036
1037 if (head_name && !strcmp(namespaced_name, head_name)) {
1038 switch (deny_delete_current) {
1039 case DENY_IGNORE:
1040 break;
1041 case DENY_WARN:
1042 rp_warning("deleting the current branch");
1043 break;
1044 case DENY_REFUSE:
1045 case DENY_UNCONFIGURED:
1046 case DENY_UPDATE_INSTEAD:
1047 if (deny_delete_current == DENY_UNCONFIGURED)
1048 refuse_unconfigured_deny_delete_current();
1049 rp_error("refusing to delete the current branch: %s", name);
1050 return "deletion of the current branch prohibited";
1051 default:
1052 return "Invalid denyDeleteCurrent setting";
1053 }
1054 }
1055 }
1056
1057 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1058 !is_null_oid(old_oid) &&
1059 starts_with(name, "refs/heads/")) {
1060 struct object *old_object, *new_object;
1061 struct commit *old_commit, *new_commit;
1062
1063 old_object = parse_object(old_oid->hash);
1064 new_object = parse_object(new_oid->hash);
1065
1066 if (!old_object || !new_object ||
1067 old_object->type != OBJ_COMMIT ||
1068 new_object->type != OBJ_COMMIT) {
1069 error("bad sha1 objects for %s", name);
1070 return "bad ref";
1071 }
1072 old_commit = (struct commit *)old_object;
1073 new_commit = (struct commit *)new_object;
1074 if (!in_merge_bases(old_commit, new_commit)) {
1075 rp_error("denying non-fast-forward %s"
1076 " (you should pull first)", name);
1077 return "non-fast-forward";
1078 }
1079 }
1080 if (run_update_hook(cmd)) {
1081 rp_error("hook declined to update %s", name);
1082 return "hook declined";
1083 }
1084
1085 if (is_null_oid(new_oid)) {
1086 struct strbuf err = STRBUF_INIT;
1087 if (!parse_object(old_oid->hash)) {
1088 old_oid = NULL;
1089 if (ref_exists(name)) {
1090 rp_warning("Allowing deletion of corrupt ref.");
1091 } else {
1092 rp_warning("Deleting a non-existent ref.");
1093 cmd->did_not_exist = 1;
1094 }
1095 }
1096 if (ref_transaction_delete(transaction,
1097 namespaced_name,
1098 old_oid->hash,
1099 0, "push", &err)) {
1100 rp_error("%s", err.buf);
1101 strbuf_release(&err);
1102 return "failed to delete";
1103 }
1104 strbuf_release(&err);
1105 return NULL; /* good */
1106 }
1107 else {
1108 struct strbuf err = STRBUF_INIT;
1109 if (shallow_update && si->shallow_ref[cmd->index] &&
1110 update_shallow_ref(cmd, si))
1111 return "shallow error";
1112
1113 if (ref_transaction_update(transaction,
1114 namespaced_name,
1115 new_oid->hash, old_oid->hash,
1116 0, "push",
1117 &err)) {
1118 rp_error("%s", err.buf);
1119 strbuf_release(&err);
1120
1121 return "failed to update ref";
1122 }
1123 strbuf_release(&err);
1124
1125 return NULL; /* good */
1126 }
1127 }
1128
1129 static void run_update_post_hook(struct command *commands)
1130 {
1131 struct command *cmd;
1132 struct child_process proc = CHILD_PROCESS_INIT;
1133 const char *hook;
1134
1135 hook = find_hook("post-update");
1136 if (!hook)
1137 return;
1138
1139 for (cmd = commands; cmd; cmd = cmd->next) {
1140 if (cmd->error_string || cmd->did_not_exist)
1141 continue;
1142 if (!proc.args.argc)
1143 argv_array_push(&proc.args, hook);
1144 argv_array_push(&proc.args, cmd->ref_name);
1145 }
1146 if (!proc.args.argc)
1147 return;
1148
1149 proc.no_stdin = 1;
1150 proc.stdout_to_stderr = 1;
1151 proc.err = use_sideband ? -1 : 0;
1152
1153 if (!start_command(&proc)) {
1154 if (use_sideband)
1155 copy_to_sideband(proc.err, -1, NULL);
1156 finish_command(&proc);
1157 }
1158 }
1159
1160 static void check_aliased_update(struct command *cmd, struct string_list *list)
1161 {
1162 struct strbuf buf = STRBUF_INIT;
1163 const char *dst_name;
1164 struct string_list_item *item;
1165 struct command *dst_cmd;
1166 unsigned char sha1[GIT_MAX_RAWSZ];
1167 int flag;
1168
1169 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1170 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1171 strbuf_release(&buf);
1172
1173 if (!(flag & REF_ISSYMREF))
1174 return;
1175
1176 if (!dst_name) {
1177 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1178 cmd->skip_update = 1;
1179 cmd->error_string = "broken symref";
1180 return;
1181 }
1182 dst_name = strip_namespace(dst_name);
1183
1184 if ((item = string_list_lookup(list, dst_name)) == NULL)
1185 return;
1186
1187 cmd->skip_update = 1;
1188
1189 dst_cmd = (struct command *) item->util;
1190
1191 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1192 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1193 return;
1194
1195 dst_cmd->skip_update = 1;
1196
1197 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1198 " its target '%s' (%s..%s)",
1199 cmd->ref_name,
1200 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1201 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1202 dst_cmd->ref_name,
1203 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1204 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1205
1206 cmd->error_string = dst_cmd->error_string =
1207 "inconsistent aliased update";
1208 }
1209
1210 static void check_aliased_updates(struct command *commands)
1211 {
1212 struct command *cmd;
1213 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1214
1215 for (cmd = commands; cmd; cmd = cmd->next) {
1216 struct string_list_item *item =
1217 string_list_append(&ref_list, cmd->ref_name);
1218 item->util = (void *)cmd;
1219 }
1220 string_list_sort(&ref_list);
1221
1222 for (cmd = commands; cmd; cmd = cmd->next) {
1223 if (!cmd->error_string)
1224 check_aliased_update(cmd, &ref_list);
1225 }
1226
1227 string_list_clear(&ref_list, 0);
1228 }
1229
1230 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1231 {
1232 struct command **cmd_list = cb_data;
1233 struct command *cmd = *cmd_list;
1234
1235 if (!cmd || is_null_oid(&cmd->new_oid))
1236 return -1; /* end of list */
1237 *cmd_list = NULL; /* this returns only one */
1238 hashcpy(sha1, cmd->new_oid.hash);
1239 return 0;
1240 }
1241
1242 static void set_connectivity_errors(struct command *commands,
1243 struct shallow_info *si)
1244 {
1245 struct command *cmd;
1246
1247 for (cmd = commands; cmd; cmd = cmd->next) {
1248 struct command *singleton = cmd;
1249 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1250
1251 if (shallow_update && si->shallow_ref[cmd->index])
1252 /* to be checked in update_shallow_ref() */
1253 continue;
1254
1255 opt.env = tmp_objdir_env(tmp_objdir);
1256 if (!check_connected(command_singleton_iterator, &singleton,
1257 &opt))
1258 continue;
1259
1260 cmd->error_string = "missing necessary objects";
1261 }
1262 }
1263
1264 struct iterate_data {
1265 struct command *cmds;
1266 struct shallow_info *si;
1267 };
1268
1269 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1270 {
1271 struct iterate_data *data = cb_data;
1272 struct command **cmd_list = &data->cmds;
1273 struct command *cmd = *cmd_list;
1274
1275 for (; cmd; cmd = cmd->next) {
1276 if (shallow_update && data->si->shallow_ref[cmd->index])
1277 /* to be checked in update_shallow_ref() */
1278 continue;
1279 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1280 hashcpy(sha1, cmd->new_oid.hash);
1281 *cmd_list = cmd->next;
1282 return 0;
1283 }
1284 }
1285 *cmd_list = NULL;
1286 return -1; /* end of list */
1287 }
1288
1289 static void reject_updates_to_hidden(struct command *commands)
1290 {
1291 struct strbuf refname_full = STRBUF_INIT;
1292 size_t prefix_len;
1293 struct command *cmd;
1294
1295 strbuf_addstr(&refname_full, get_git_namespace());
1296 prefix_len = refname_full.len;
1297
1298 for (cmd = commands; cmd; cmd = cmd->next) {
1299 if (cmd->error_string)
1300 continue;
1301
1302 strbuf_setlen(&refname_full, prefix_len);
1303 strbuf_addstr(&refname_full, cmd->ref_name);
1304
1305 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1306 continue;
1307 if (is_null_oid(&cmd->new_oid))
1308 cmd->error_string = "deny deleting a hidden ref";
1309 else
1310 cmd->error_string = "deny updating a hidden ref";
1311 }
1312
1313 strbuf_release(&refname_full);
1314 }
1315
1316 static int should_process_cmd(struct command *cmd)
1317 {
1318 return !cmd->error_string && !cmd->skip_update;
1319 }
1320
1321 static void warn_if_skipped_connectivity_check(struct command *commands,
1322 struct shallow_info *si)
1323 {
1324 struct command *cmd;
1325 int checked_connectivity = 1;
1326
1327 for (cmd = commands; cmd; cmd = cmd->next) {
1328 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1329 error("BUG: connectivity check has not been run on ref %s",
1330 cmd->ref_name);
1331 checked_connectivity = 0;
1332 }
1333 }
1334 if (!checked_connectivity)
1335 die("BUG: connectivity check skipped???");
1336 }
1337
1338 static void execute_commands_non_atomic(struct command *commands,
1339 struct shallow_info *si)
1340 {
1341 struct command *cmd;
1342 struct strbuf err = STRBUF_INIT;
1343
1344 for (cmd = commands; cmd; cmd = cmd->next) {
1345 if (!should_process_cmd(cmd))
1346 continue;
1347
1348 transaction = ref_transaction_begin(&err);
1349 if (!transaction) {
1350 rp_error("%s", err.buf);
1351 strbuf_reset(&err);
1352 cmd->error_string = "transaction failed to start";
1353 continue;
1354 }
1355
1356 cmd->error_string = update(cmd, si);
1357
1358 if (!cmd->error_string
1359 && ref_transaction_commit(transaction, &err)) {
1360 rp_error("%s", err.buf);
1361 strbuf_reset(&err);
1362 cmd->error_string = "failed to update ref";
1363 }
1364 ref_transaction_free(transaction);
1365 }
1366 strbuf_release(&err);
1367 }
1368
1369 static void execute_commands_atomic(struct command *commands,
1370 struct shallow_info *si)
1371 {
1372 struct command *cmd;
1373 struct strbuf err = STRBUF_INIT;
1374 const char *reported_error = "atomic push failure";
1375
1376 transaction = ref_transaction_begin(&err);
1377 if (!transaction) {
1378 rp_error("%s", err.buf);
1379 strbuf_reset(&err);
1380 reported_error = "transaction failed to start";
1381 goto failure;
1382 }
1383
1384 for (cmd = commands; cmd; cmd = cmd->next) {
1385 if (!should_process_cmd(cmd))
1386 continue;
1387
1388 cmd->error_string = update(cmd, si);
1389
1390 if (cmd->error_string)
1391 goto failure;
1392 }
1393
1394 if (ref_transaction_commit(transaction, &err)) {
1395 rp_error("%s", err.buf);
1396 reported_error = "atomic transaction failed";
1397 goto failure;
1398 }
1399 goto cleanup;
1400
1401 failure:
1402 for (cmd = commands; cmd; cmd = cmd->next)
1403 if (!cmd->error_string)
1404 cmd->error_string = reported_error;
1405
1406 cleanup:
1407 ref_transaction_free(transaction);
1408 strbuf_release(&err);
1409 }
1410
1411 static void execute_commands(struct command *commands,
1412 const char *unpacker_error,
1413 struct shallow_info *si,
1414 const struct string_list *push_options)
1415 {
1416 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1417 struct command *cmd;
1418 struct object_id oid;
1419 struct iterate_data data;
1420 struct async muxer;
1421 int err_fd = 0;
1422
1423 if (unpacker_error) {
1424 for (cmd = commands; cmd; cmd = cmd->next)
1425 cmd->error_string = "unpacker error";
1426 return;
1427 }
1428
1429 if (use_sideband) {
1430 memset(&muxer, 0, sizeof(muxer));
1431 muxer.proc = copy_to_sideband;
1432 muxer.in = -1;
1433 if (!start_async(&muxer))
1434 err_fd = muxer.in;
1435 /* ...else, continue without relaying sideband */
1436 }
1437
1438 data.cmds = commands;
1439 data.si = si;
1440 opt.err_fd = err_fd;
1441 opt.progress = err_fd && !quiet;
1442 opt.env = tmp_objdir_env(tmp_objdir);
1443 if (check_connected(iterate_receive_command_list, &data, &opt))
1444 set_connectivity_errors(commands, si);
1445
1446 if (use_sideband)
1447 finish_async(&muxer);
1448
1449 reject_updates_to_hidden(commands);
1450
1451 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1452 for (cmd = commands; cmd; cmd = cmd->next) {
1453 if (!cmd->error_string)
1454 cmd->error_string = "pre-receive hook declined";
1455 }
1456 return;
1457 }
1458
1459 /*
1460 * Now we'll start writing out refs, which means the objects need
1461 * to be in their final positions so that other processes can see them.
1462 */
1463 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1464 for (cmd = commands; cmd; cmd = cmd->next) {
1465 if (!cmd->error_string)
1466 cmd->error_string = "unable to migrate objects to permanent storage";
1467 }
1468 return;
1469 }
1470 tmp_objdir = NULL;
1471
1472 check_aliased_updates(commands);
1473
1474 free(head_name_to_free);
1475 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1476
1477 if (use_atomic)
1478 execute_commands_atomic(commands, si);
1479 else
1480 execute_commands_non_atomic(commands, si);
1481
1482 if (shallow_update)
1483 warn_if_skipped_connectivity_check(commands, si);
1484 }
1485
1486 static struct command **queue_command(struct command **tail,
1487 const char *line,
1488 int linelen)
1489 {
1490 struct object_id old_oid, new_oid;
1491 struct command *cmd;
1492 const char *refname;
1493 int reflen;
1494 const char *p;
1495
1496 if (parse_oid_hex(line, &old_oid, &p) ||
1497 *p++ != ' ' ||
1498 parse_oid_hex(p, &new_oid, &p) ||
1499 *p++ != ' ')
1500 die("protocol error: expected old/new/ref, got '%s'", line);
1501
1502 refname = p;
1503 reflen = linelen - (p - line);
1504 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1505 oidcpy(&cmd->old_oid, &old_oid);
1506 oidcpy(&cmd->new_oid, &new_oid);
1507 *tail = cmd;
1508 return &cmd->next;
1509 }
1510
1511 static void queue_commands_from_cert(struct command **tail,
1512 struct strbuf *push_cert)
1513 {
1514 const char *boc, *eoc;
1515
1516 if (*tail)
1517 die("protocol error: got both push certificate and unsigned commands");
1518
1519 boc = strstr(push_cert->buf, "\n\n");
1520 if (!boc)
1521 die("malformed push certificate %.*s", 100, push_cert->buf);
1522 else
1523 boc += 2;
1524 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1525
1526 while (boc < eoc) {
1527 const char *eol = memchr(boc, '\n', eoc - boc);
1528 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1529 boc = eol ? eol + 1 : eoc;
1530 }
1531 }
1532
1533 static struct command *read_head_info(struct oid_array *shallow)
1534 {
1535 struct command *commands = NULL;
1536 struct command **p = &commands;
1537 for (;;) {
1538 char *line;
1539 int len, linelen;
1540
1541 line = packet_read_line(0, &len);
1542 if (!line)
1543 break;
1544
1545 if (len > 8 && starts_with(line, "shallow ")) {
1546 struct object_id oid;
1547 if (get_oid_hex(line + 8, &oid))
1548 die("protocol error: expected shallow sha, got '%s'",
1549 line + 8);
1550 oid_array_append(shallow, &oid);
1551 continue;
1552 }
1553
1554 linelen = strlen(line);
1555 if (linelen < len) {
1556 const char *feature_list = line + linelen + 1;
1557 if (parse_feature_request(feature_list, "report-status"))
1558 report_status = 1;
1559 if (parse_feature_request(feature_list, "side-band-64k"))
1560 use_sideband = LARGE_PACKET_MAX;
1561 if (parse_feature_request(feature_list, "quiet"))
1562 quiet = 1;
1563 if (advertise_atomic_push
1564 && parse_feature_request(feature_list, "atomic"))
1565 use_atomic = 1;
1566 if (advertise_push_options
1567 && parse_feature_request(feature_list, "push-options"))
1568 use_push_options = 1;
1569 }
1570
1571 if (!strcmp(line, "push-cert")) {
1572 int true_flush = 0;
1573 char certbuf[1024];
1574
1575 for (;;) {
1576 len = packet_read(0, NULL, NULL,
1577 certbuf, sizeof(certbuf), 0);
1578 if (!len) {
1579 true_flush = 1;
1580 break;
1581 }
1582 if (!strcmp(certbuf, "push-cert-end\n"))
1583 break; /* end of cert */
1584 strbuf_addstr(&push_cert, certbuf);
1585 }
1586
1587 if (true_flush)
1588 break;
1589 continue;
1590 }
1591
1592 p = queue_command(p, line, linelen);
1593 }
1594
1595 if (push_cert.len)
1596 queue_commands_from_cert(p, &push_cert);
1597
1598 return commands;
1599 }
1600
1601 static void read_push_options(struct string_list *options)
1602 {
1603 while (1) {
1604 char *line;
1605 int len;
1606
1607 line = packet_read_line(0, &len);
1608
1609 if (!line)
1610 break;
1611
1612 string_list_append(options, line);
1613 }
1614 }
1615
1616 static const char *parse_pack_header(struct pack_header *hdr)
1617 {
1618 switch (read_pack_header(0, hdr)) {
1619 case PH_ERROR_EOF:
1620 return "eof before pack header was fully read";
1621
1622 case PH_ERROR_PACK_SIGNATURE:
1623 return "protocol error (pack signature mismatch detected)";
1624
1625 case PH_ERROR_PROTOCOL:
1626 return "protocol error (pack version unsupported)";
1627
1628 default:
1629 return "unknown error in parse_pack_header";
1630
1631 case 0:
1632 return NULL;
1633 }
1634 }
1635
1636 static const char *pack_lockfile;
1637
1638 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1639 {
1640 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1641 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1642 }
1643
1644 static const char *unpack(int err_fd, struct shallow_info *si)
1645 {
1646 struct pack_header hdr;
1647 const char *hdr_err;
1648 int status;
1649 struct child_process child = CHILD_PROCESS_INIT;
1650 int fsck_objects = (receive_fsck_objects >= 0
1651 ? receive_fsck_objects
1652 : transfer_fsck_objects >= 0
1653 ? transfer_fsck_objects
1654 : 0);
1655
1656 hdr_err = parse_pack_header(&hdr);
1657 if (hdr_err) {
1658 if (err_fd > 0)
1659 close(err_fd);
1660 return hdr_err;
1661 }
1662
1663 if (si->nr_ours || si->nr_theirs) {
1664 alt_shallow_file = setup_temporary_shallow(si->shallow);
1665 argv_array_push(&child.args, "--shallow-file");
1666 argv_array_push(&child.args, alt_shallow_file);
1667 }
1668
1669 tmp_objdir = tmp_objdir_create();
1670 if (!tmp_objdir) {
1671 if (err_fd > 0)
1672 close(err_fd);
1673 return "unable to create temporary object directory";
1674 }
1675 child.env = tmp_objdir_env(tmp_objdir);
1676
1677 /*
1678 * Normally we just pass the tmp_objdir environment to the child
1679 * processes that do the heavy lifting, but we may need to see these
1680 * objects ourselves to set up shallow information.
1681 */
1682 tmp_objdir_add_as_alternate(tmp_objdir);
1683
1684 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1685 argv_array_push(&child.args, "unpack-objects");
1686 push_header_arg(&child.args, &hdr);
1687 if (quiet)
1688 argv_array_push(&child.args, "-q");
1689 if (fsck_objects)
1690 argv_array_pushf(&child.args, "--strict%s",
1691 fsck_msg_types.buf);
1692 if (max_input_size)
1693 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1694 (uintmax_t)max_input_size);
1695 child.no_stdout = 1;
1696 child.err = err_fd;
1697 child.git_cmd = 1;
1698 status = run_command(&child);
1699 if (status)
1700 return "unpack-objects abnormal exit";
1701 } else {
1702 char hostname[HOST_NAME_MAX + 1];
1703
1704 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1705 push_header_arg(&child.args, &hdr);
1706
1707 if (xgethostname(hostname, sizeof(hostname)))
1708 xsnprintf(hostname, sizeof(hostname), "localhost");
1709 argv_array_pushf(&child.args,
1710 "--keep=receive-pack %"PRIuMAX" on %s",
1711 (uintmax_t)getpid(),
1712 hostname);
1713
1714 if (!quiet && err_fd)
1715 argv_array_push(&child.args, "--show-resolving-progress");
1716 if (use_sideband)
1717 argv_array_push(&child.args, "--report-end-of-input");
1718 if (fsck_objects)
1719 argv_array_pushf(&child.args, "--strict%s",
1720 fsck_msg_types.buf);
1721 if (!reject_thin)
1722 argv_array_push(&child.args, "--fix-thin");
1723 if (max_input_size)
1724 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1725 (uintmax_t)max_input_size);
1726 child.out = -1;
1727 child.err = err_fd;
1728 child.git_cmd = 1;
1729 status = start_command(&child);
1730 if (status)
1731 return "index-pack fork failed";
1732 pack_lockfile = index_pack_lockfile(child.out);
1733 close(child.out);
1734 status = finish_command(&child);
1735 if (status)
1736 return "index-pack abnormal exit";
1737 reprepare_packed_git();
1738 }
1739 return NULL;
1740 }
1741
1742 static const char *unpack_with_sideband(struct shallow_info *si)
1743 {
1744 struct async muxer;
1745 const char *ret;
1746
1747 if (!use_sideband)
1748 return unpack(0, si);
1749
1750 use_keepalive = KEEPALIVE_AFTER_NUL;
1751 memset(&muxer, 0, sizeof(muxer));
1752 muxer.proc = copy_to_sideband;
1753 muxer.in = -1;
1754 if (start_async(&muxer))
1755 return NULL;
1756
1757 ret = unpack(muxer.in, si);
1758
1759 finish_async(&muxer);
1760 return ret;
1761 }
1762
1763 static void prepare_shallow_update(struct command *commands,
1764 struct shallow_info *si)
1765 {
1766 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1767
1768 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1769 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1770
1771 si->need_reachability_test =
1772 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1773 si->reachable =
1774 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1775 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1776
1777 for (i = 0; i < si->nr_ours; i++)
1778 si->need_reachability_test[si->ours[i]] = 1;
1779
1780 for (i = 0; i < si->shallow->nr; i++) {
1781 if (!si->used_shallow[i])
1782 continue;
1783 for (j = 0; j < bitmap_size; j++) {
1784 if (!si->used_shallow[i][j])
1785 continue;
1786 si->need_reachability_test[i]++;
1787 for (k = 0; k < 32; k++)
1788 if (si->used_shallow[i][j] & (1U << k))
1789 si->shallow_ref[j * 32 + k]++;
1790 }
1791
1792 /*
1793 * true for those associated with some refs and belong
1794 * in "ours" list aka "step 7 not done yet"
1795 */
1796 si->need_reachability_test[i] =
1797 si->need_reachability_test[i] > 1;
1798 }
1799
1800 /*
1801 * keep hooks happy by forcing a temporary shallow file via
1802 * env variable because we can't add --shallow-file to every
1803 * command. check_everything_connected() will be done with
1804 * true .git/shallow though.
1805 */
1806 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1807 }
1808
1809 static void update_shallow_info(struct command *commands,
1810 struct shallow_info *si,
1811 struct oid_array *ref)
1812 {
1813 struct command *cmd;
1814 int *ref_status;
1815 remove_nonexistent_theirs_shallow(si);
1816 if (!si->nr_ours && !si->nr_theirs) {
1817 shallow_update = 0;
1818 return;
1819 }
1820
1821 for (cmd = commands; cmd; cmd = cmd->next) {
1822 if (is_null_oid(&cmd->new_oid))
1823 continue;
1824 oid_array_append(ref, &cmd->new_oid);
1825 cmd->index = ref->nr - 1;
1826 }
1827 si->ref = ref;
1828
1829 if (shallow_update) {
1830 prepare_shallow_update(commands, si);
1831 return;
1832 }
1833
1834 ALLOC_ARRAY(ref_status, ref->nr);
1835 assign_shallow_commits_to_refs(si, NULL, ref_status);
1836 for (cmd = commands; cmd; cmd = cmd->next) {
1837 if (is_null_oid(&cmd->new_oid))
1838 continue;
1839 if (ref_status[cmd->index]) {
1840 cmd->error_string = "shallow update not allowed";
1841 cmd->skip_update = 1;
1842 }
1843 }
1844 free(ref_status);
1845 }
1846
1847 static void report(struct command *commands, const char *unpack_status)
1848 {
1849 struct command *cmd;
1850 struct strbuf buf = STRBUF_INIT;
1851
1852 packet_buf_write(&buf, "unpack %s\n",
1853 unpack_status ? unpack_status : "ok");
1854 for (cmd = commands; cmd; cmd = cmd->next) {
1855 if (!cmd->error_string)
1856 packet_buf_write(&buf, "ok %s\n",
1857 cmd->ref_name);
1858 else
1859 packet_buf_write(&buf, "ng %s %s\n",
1860 cmd->ref_name, cmd->error_string);
1861 }
1862 packet_buf_flush(&buf);
1863
1864 if (use_sideband)
1865 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1866 else
1867 write_or_die(1, buf.buf, buf.len);
1868 strbuf_release(&buf);
1869 }
1870
1871 static int delete_only(struct command *commands)
1872 {
1873 struct command *cmd;
1874 for (cmd = commands; cmd; cmd = cmd->next) {
1875 if (!is_null_oid(&cmd->new_oid))
1876 return 0;
1877 }
1878 return 1;
1879 }
1880
1881 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1882 {
1883 int advertise_refs = 0;
1884 struct command *commands;
1885 struct oid_array shallow = OID_ARRAY_INIT;
1886 struct oid_array ref = OID_ARRAY_INIT;
1887 struct shallow_info si;
1888
1889 struct option options[] = {
1890 OPT__QUIET(&quiet, N_("quiet")),
1891 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1892 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1893 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1894 OPT_END()
1895 };
1896
1897 packet_trace_identity("receive-pack");
1898
1899 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1900
1901 if (argc > 1)
1902 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1903 if (argc == 0)
1904 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1905
1906 service_dir = argv[0];
1907
1908 setup_path();
1909
1910 if (!enter_repo(service_dir, 0))
1911 die("'%s' does not appear to be a git repository", service_dir);
1912
1913 git_config(receive_pack_config, NULL);
1914 if (cert_nonce_seed)
1915 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1916
1917 if (0 <= transfer_unpack_limit)
1918 unpack_limit = transfer_unpack_limit;
1919 else if (0 <= receive_unpack_limit)
1920 unpack_limit = receive_unpack_limit;
1921
1922 if (advertise_refs || !stateless_rpc) {
1923 write_head_info();
1924 }
1925 if (advertise_refs)
1926 return 0;
1927
1928 if ((commands = read_head_info(&shallow)) != NULL) {
1929 const char *unpack_status = NULL;
1930 struct string_list push_options = STRING_LIST_INIT_DUP;
1931
1932 if (use_push_options)
1933 read_push_options(&push_options);
1934
1935 prepare_shallow_info(&si, &shallow);
1936 if (!si.nr_ours && !si.nr_theirs)
1937 shallow_update = 0;
1938 if (!delete_only(commands)) {
1939 unpack_status = unpack_with_sideband(&si);
1940 update_shallow_info(commands, &si, &ref);
1941 }
1942 use_keepalive = KEEPALIVE_ALWAYS;
1943 execute_commands(commands, unpack_status, &si,
1944 &push_options);
1945 if (pack_lockfile)
1946 unlink_or_warn(pack_lockfile);
1947 if (report_status)
1948 report(commands, unpack_status);
1949 run_receive_hook(commands, "post-receive", 1,
1950 &push_options);
1951 run_update_post_hook(commands);
1952 string_list_clear(&push_options, 0);
1953 if (auto_gc) {
1954 const char *argv_gc_auto[] = {
1955 "gc", "--auto", "--quiet", NULL,
1956 };
1957 struct child_process proc = CHILD_PROCESS_INIT;
1958
1959 proc.no_stdin = 1;
1960 proc.stdout_to_stderr = 1;
1961 proc.err = use_sideband ? -1 : 0;
1962 proc.git_cmd = 1;
1963 proc.argv = argv_gc_auto;
1964
1965 close_all_packs();
1966 if (!start_command(&proc)) {
1967 if (use_sideband)
1968 copy_to_sideband(proc.err, -1, NULL);
1969 finish_command(&proc);
1970 }
1971 }
1972 if (auto_update_server_info)
1973 update_server_info(0);
1974 clear_shallow_info(&si);
1975 }
1976 if (use_sideband)
1977 packet_flush(1);
1978 oid_array_clear(&shallow);
1979 oid_array_clear(&ref);
1980 free((void *)push_cert_nonce);
1981 return 0;
1982 }
The Best VCS Around