remote-mediawiki: support fetching from (Main) namespace
[git.git] / builtin / receive-pack.c
blobcc4876740569c6e495b7cb32161d019619171d79
1 #include "builtin.h"
2 #include "config.h"
3 #include "lockfile.h"
4 #include "pack.h"
5 #include "refs.h"
6 #include "pkt-line.h"
7 #include "sideband.h"
8 #include "run-command.h"
9 #include "exec_cmd.h"
10 #include "commit.h"
11 #include "object.h"
12 #include "remote.h"
13 #include "connect.h"
14 #include "transport.h"
15 #include "string-list.h"
16 #include "sha1-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
28 static const char * const receive_pack_usage[] = {
29 N_("git receive-pack <git-dir>"),
30 NULL
33 enum deny_action {
34 DENY_UNCONFIGURED,
35 DENY_IGNORE,
36 DENY_WARN,
37 DENY_REFUSE,
38 DENY_UPDATE_INSTEAD
41 static int deny_deletes;
42 static int deny_non_fast_forwards;
43 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
44 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
45 static int receive_fsck_objects = -1;
46 static int transfer_fsck_objects = -1;
47 static struct strbuf fsck_msg_types = STRBUF_INIT;
48 static int receive_unpack_limit = -1;
49 static int transfer_unpack_limit = -1;
50 static int advertise_atomic_push = 1;
51 static int advertise_push_options;
52 static int unpack_limit = 100;
53 static off_t max_input_size;
54 static int report_status;
55 static int use_sideband;
56 static int use_atomic;
57 static int use_push_options;
58 static int quiet;
59 static int prefer_ofs_delta = 1;
60 static int auto_update_server_info;
61 static int auto_gc = 1;
62 static int reject_thin;
63 static int stateless_rpc;
64 static const char *service_dir;
65 static const char *head_name;
66 static void *head_name_to_free;
67 static int sent_capabilities;
68 static int shallow_update;
69 static const char *alt_shallow_file;
70 static struct strbuf push_cert = STRBUF_INIT;
71 static unsigned char push_cert_sha1[20];
72 static struct signature_check sigcheck;
73 static const char *push_cert_nonce;
74 static const char *cert_nonce_seed;
76 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
77 static const char *NONCE_BAD = "BAD";
78 static const char *NONCE_MISSING = "MISSING";
79 static const char *NONCE_OK = "OK";
80 static const char *NONCE_SLOP = "SLOP";
81 static const char *nonce_status;
82 static long nonce_stamp_slop;
83 static timestamp_t nonce_stamp_slop_limit;
84 static struct ref_transaction *transaction;
86 static enum {
87 KEEPALIVE_NEVER = 0,
88 KEEPALIVE_AFTER_NUL,
89 KEEPALIVE_ALWAYS
90 } use_keepalive;
91 static int keepalive_in_sec = 5;
93 static struct tmp_objdir *tmp_objdir;
95 static enum deny_action parse_deny_action(const char *var, const char *value)
97 if (value) {
98 if (!strcasecmp(value, "ignore"))
99 return DENY_IGNORE;
100 if (!strcasecmp(value, "warn"))
101 return DENY_WARN;
102 if (!strcasecmp(value, "refuse"))
103 return DENY_REFUSE;
104 if (!strcasecmp(value, "updateinstead"))
105 return DENY_UPDATE_INSTEAD;
107 if (git_config_bool(var, value))
108 return DENY_REFUSE;
109 return DENY_IGNORE;
112 static int receive_pack_config(const char *var, const char *value, void *cb)
114 int status = parse_hide_refs_config(var, value, "receive");
116 if (status)
117 return status;
119 if (strcmp(var, "receive.denydeletes") == 0) {
120 deny_deletes = git_config_bool(var, value);
121 return 0;
124 if (strcmp(var, "receive.denynonfastforwards") == 0) {
125 deny_non_fast_forwards = git_config_bool(var, value);
126 return 0;
129 if (strcmp(var, "receive.unpacklimit") == 0) {
130 receive_unpack_limit = git_config_int(var, value);
131 return 0;
134 if (strcmp(var, "transfer.unpacklimit") == 0) {
135 transfer_unpack_limit = git_config_int(var, value);
136 return 0;
139 if (strcmp(var, "receive.fsck.skiplist") == 0) {
140 const char *path;
142 if (git_config_pathname(&path, var, value))
143 return 1;
144 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
145 fsck_msg_types.len ? ',' : '=', path);
146 free((char *)path);
147 return 0;
150 if (skip_prefix(var, "receive.fsck.", &var)) {
151 if (is_valid_msg_type(var, value))
152 strbuf_addf(&fsck_msg_types, "%c%s=%s",
153 fsck_msg_types.len ? ',' : '=', var, value);
154 else
155 warning("Skipping unknown msg id '%s'", var);
156 return 0;
159 if (strcmp(var, "receive.fsckobjects") == 0) {
160 receive_fsck_objects = git_config_bool(var, value);
161 return 0;
164 if (strcmp(var, "transfer.fsckobjects") == 0) {
165 transfer_fsck_objects = git_config_bool(var, value);
166 return 0;
169 if (!strcmp(var, "receive.denycurrentbranch")) {
170 deny_current_branch = parse_deny_action(var, value);
171 return 0;
174 if (strcmp(var, "receive.denydeletecurrent") == 0) {
175 deny_delete_current = parse_deny_action(var, value);
176 return 0;
179 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
180 prefer_ofs_delta = git_config_bool(var, value);
181 return 0;
184 if (strcmp(var, "receive.updateserverinfo") == 0) {
185 auto_update_server_info = git_config_bool(var, value);
186 return 0;
189 if (strcmp(var, "receive.autogc") == 0) {
190 auto_gc = git_config_bool(var, value);
191 return 0;
194 if (strcmp(var, "receive.shallowupdate") == 0) {
195 shallow_update = git_config_bool(var, value);
196 return 0;
199 if (strcmp(var, "receive.certnonceseed") == 0)
200 return git_config_string(&cert_nonce_seed, var, value);
202 if (strcmp(var, "receive.certnonceslop") == 0) {
203 nonce_stamp_slop_limit = git_config_ulong(var, value);
204 return 0;
207 if (strcmp(var, "receive.advertiseatomic") == 0) {
208 advertise_atomic_push = git_config_bool(var, value);
209 return 0;
212 if (strcmp(var, "receive.advertisepushoptions") == 0) {
213 advertise_push_options = git_config_bool(var, value);
214 return 0;
217 if (strcmp(var, "receive.keepalive") == 0) {
218 keepalive_in_sec = git_config_int(var, value);
219 return 0;
222 if (strcmp(var, "receive.maxinputsize") == 0) {
223 max_input_size = git_config_int64(var, value);
224 return 0;
227 return git_default_config(var, value, cb);
230 static void show_ref(const char *path, const struct object_id *oid)
232 if (sent_capabilities) {
233 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
234 } else {
235 struct strbuf cap = STRBUF_INIT;
237 strbuf_addstr(&cap,
238 "report-status delete-refs side-band-64k quiet");
239 if (advertise_atomic_push)
240 strbuf_addstr(&cap, " atomic");
241 if (prefer_ofs_delta)
242 strbuf_addstr(&cap, " ofs-delta");
243 if (push_cert_nonce)
244 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
245 if (advertise_push_options)
246 strbuf_addstr(&cap, " push-options");
247 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
248 packet_write_fmt(1, "%s %s%c%s\n",
249 oid_to_hex(oid), path, 0, cap.buf);
250 strbuf_release(&cap);
251 sent_capabilities = 1;
255 static int show_ref_cb(const char *path_full, const struct object_id *oid,
256 int flag, void *data)
258 struct oidset *seen = data;
259 const char *path = strip_namespace(path_full);
261 if (ref_is_hidden(path, path_full))
262 return 0;
265 * Advertise refs outside our current namespace as ".have"
266 * refs, so that the client can use them to minimize data
267 * transfer but will otherwise ignore them.
269 if (!path) {
270 if (oidset_insert(seen, oid))
271 return 0;
272 path = ".have";
273 } else {
274 oidset_insert(seen, oid);
276 show_ref(path, oid);
277 return 0;
280 static void show_one_alternate_ref(const char *refname,
281 const struct object_id *oid,
282 void *data)
284 struct oidset *seen = data;
286 if (oidset_insert(seen, oid))
287 return;
289 show_ref(".have", oid);
292 static void write_head_info(void)
294 static struct oidset seen = OIDSET_INIT;
296 for_each_ref(show_ref_cb, &seen);
297 for_each_alternate_ref(show_one_alternate_ref, &seen);
298 oidset_clear(&seen);
299 if (!sent_capabilities)
300 show_ref("capabilities^{}", &null_oid);
302 advertise_shallow_grafts(1);
304 /* EOF */
305 packet_flush(1);
308 struct command {
309 struct command *next;
310 const char *error_string;
311 unsigned int skip_update:1,
312 did_not_exist:1;
313 int index;
314 struct object_id old_oid;
315 struct object_id new_oid;
316 char ref_name[FLEX_ARRAY]; /* more */
319 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
320 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
322 static void report_message(const char *prefix, const char *err, va_list params)
324 int sz;
325 char msg[4096];
327 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
328 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
329 if (sz > (sizeof(msg) - 1))
330 sz = sizeof(msg) - 1;
331 msg[sz++] = '\n';
333 if (use_sideband)
334 send_sideband(1, 2, msg, sz, use_sideband);
335 else
336 xwrite(2, msg, sz);
339 static void rp_warning(const char *err, ...)
341 va_list params;
342 va_start(params, err);
343 report_message("warning: ", err, params);
344 va_end(params);
347 static void rp_error(const char *err, ...)
349 va_list params;
350 va_start(params, err);
351 report_message("error: ", err, params);
352 va_end(params);
355 static int copy_to_sideband(int in, int out, void *arg)
357 char data[128];
358 int keepalive_active = 0;
360 if (keepalive_in_sec <= 0)
361 use_keepalive = KEEPALIVE_NEVER;
362 if (use_keepalive == KEEPALIVE_ALWAYS)
363 keepalive_active = 1;
365 while (1) {
366 ssize_t sz;
368 if (keepalive_active) {
369 struct pollfd pfd;
370 int ret;
372 pfd.fd = in;
373 pfd.events = POLLIN;
374 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
376 if (ret < 0) {
377 if (errno == EINTR)
378 continue;
379 else
380 break;
381 } else if (ret == 0) {
382 /* no data; send a keepalive packet */
383 static const char buf[] = "0005\1";
384 write_or_die(1, buf, sizeof(buf) - 1);
385 continue;
386 } /* else there is actual data to read */
389 sz = xread(in, data, sizeof(data));
390 if (sz <= 0)
391 break;
393 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
394 const char *p = memchr(data, '\0', sz);
395 if (p) {
397 * The NUL tells us to start sending keepalives. Make
398 * sure we send any other data we read along
399 * with it.
401 keepalive_active = 1;
402 send_sideband(1, 2, data, p - data, use_sideband);
403 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
404 continue;
409 * Either we're not looking for a NUL signal, or we didn't see
410 * it yet; just pass along the data.
412 send_sideband(1, 2, data, sz, use_sideband);
414 close(in);
415 return 0;
418 #define HMAC_BLOCK_SIZE 64
420 static void hmac_sha1(unsigned char *out,
421 const char *key_in, size_t key_len,
422 const char *text, size_t text_len)
424 unsigned char key[HMAC_BLOCK_SIZE];
425 unsigned char k_ipad[HMAC_BLOCK_SIZE];
426 unsigned char k_opad[HMAC_BLOCK_SIZE];
427 int i;
428 git_SHA_CTX ctx;
430 /* RFC 2104 2. (1) */
431 memset(key, '\0', HMAC_BLOCK_SIZE);
432 if (HMAC_BLOCK_SIZE < key_len) {
433 git_SHA1_Init(&ctx);
434 git_SHA1_Update(&ctx, key_in, key_len);
435 git_SHA1_Final(key, &ctx);
436 } else {
437 memcpy(key, key_in, key_len);
440 /* RFC 2104 2. (2) & (5) */
441 for (i = 0; i < sizeof(key); i++) {
442 k_ipad[i] = key[i] ^ 0x36;
443 k_opad[i] = key[i] ^ 0x5c;
446 /* RFC 2104 2. (3) & (4) */
447 git_SHA1_Init(&ctx);
448 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
449 git_SHA1_Update(&ctx, text, text_len);
450 git_SHA1_Final(out, &ctx);
452 /* RFC 2104 2. (6) & (7) */
453 git_SHA1_Init(&ctx);
454 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
455 git_SHA1_Update(&ctx, out, 20);
456 git_SHA1_Final(out, &ctx);
459 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
461 struct strbuf buf = STRBUF_INIT;
462 unsigned char sha1[20];
464 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
465 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
466 strbuf_release(&buf);
468 /* RFC 2104 5. HMAC-SHA1-80 */
469 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
470 return strbuf_detach(&buf, NULL);
474 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
475 * after dropping "_commit" from its name and possibly moving it out
476 * of commit.c
478 static char *find_header(const char *msg, size_t len, const char *key,
479 const char **next_line)
481 int key_len = strlen(key);
482 const char *line = msg;
484 while (line && line < msg + len) {
485 const char *eol = strchrnul(line, '\n');
487 if ((msg + len <= eol) || line == eol)
488 return NULL;
489 if (line + key_len < eol &&
490 !memcmp(line, key, key_len) && line[key_len] == ' ') {
491 int offset = key_len + 1;
492 if (next_line)
493 *next_line = *eol ? eol + 1 : eol;
494 return xmemdupz(line + offset, (eol - line) - offset);
496 line = *eol ? eol + 1 : NULL;
498 return NULL;
501 static const char *check_nonce(const char *buf, size_t len)
503 char *nonce = find_header(buf, len, "nonce", NULL);
504 timestamp_t stamp, ostamp;
505 char *bohmac, *expect = NULL;
506 const char *retval = NONCE_BAD;
508 if (!nonce) {
509 retval = NONCE_MISSING;
510 goto leave;
511 } else if (!push_cert_nonce) {
512 retval = NONCE_UNSOLICITED;
513 goto leave;
514 } else if (!strcmp(push_cert_nonce, nonce)) {
515 retval = NONCE_OK;
516 goto leave;
519 if (!stateless_rpc) {
520 /* returned nonce MUST match what we gave out earlier */
521 retval = NONCE_BAD;
522 goto leave;
526 * In stateless mode, we may be receiving a nonce issued by
527 * another instance of the server that serving the same
528 * repository, and the timestamps may not match, but the
529 * nonce-seed and dir should match, so we can recompute and
530 * report the time slop.
532 * In addition, when a nonce issued by another instance has
533 * timestamp within receive.certnonceslop seconds, we pretend
534 * as if we issued that nonce when reporting to the hook.
537 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
538 if (*nonce <= '0' || '9' < *nonce) {
539 retval = NONCE_BAD;
540 goto leave;
542 stamp = parse_timestamp(nonce, &bohmac, 10);
543 if (bohmac == nonce || bohmac[0] != '-') {
544 retval = NONCE_BAD;
545 goto leave;
548 expect = prepare_push_cert_nonce(service_dir, stamp);
549 if (strcmp(expect, nonce)) {
550 /* Not what we would have signed earlier */
551 retval = NONCE_BAD;
552 goto leave;
556 * By how many seconds is this nonce stale? Negative value
557 * would mean it was issued by another server with its clock
558 * skewed in the future.
560 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
561 nonce_stamp_slop = (long)ostamp - (long)stamp;
563 if (nonce_stamp_slop_limit &&
564 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
566 * Pretend as if the received nonce (which passes the
567 * HMAC check, so it is not a forged by third-party)
568 * is what we issued.
570 free((void *)push_cert_nonce);
571 push_cert_nonce = xstrdup(nonce);
572 retval = NONCE_OK;
573 } else {
574 retval = NONCE_SLOP;
577 leave:
578 free(nonce);
579 free(expect);
580 return retval;
584 * Return 1 if there is no push_cert or if the push options in push_cert are
585 * the same as those in the argument; 0 otherwise.
587 static int check_cert_push_options(const struct string_list *push_options)
589 const char *buf = push_cert.buf;
590 int len = push_cert.len;
592 char *option;
593 const char *next_line;
594 int options_seen = 0;
596 int retval = 1;
598 if (!len)
599 return 1;
601 while ((option = find_header(buf, len, "push-option", &next_line))) {
602 len -= (next_line - buf);
603 buf = next_line;
604 options_seen++;
605 if (options_seen > push_options->nr
606 || strcmp(option,
607 push_options->items[options_seen - 1].string)) {
608 retval = 0;
609 goto leave;
611 free(option);
614 if (options_seen != push_options->nr)
615 retval = 0;
617 leave:
618 free(option);
619 return retval;
622 static void prepare_push_cert_sha1(struct child_process *proc)
624 static int already_done;
626 if (!push_cert.len)
627 return;
629 if (!already_done) {
630 struct strbuf gpg_output = STRBUF_INIT;
631 struct strbuf gpg_status = STRBUF_INIT;
632 int bogs /* beginning_of_gpg_sig */;
634 already_done = 1;
635 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
636 hashclr(push_cert_sha1);
638 memset(&sigcheck, '\0', sizeof(sigcheck));
639 sigcheck.result = 'N';
641 bogs = parse_signature(push_cert.buf, push_cert.len);
642 if (verify_signed_buffer(push_cert.buf, bogs,
643 push_cert.buf + bogs, push_cert.len - bogs,
644 &gpg_output, &gpg_status) < 0) {
645 ; /* error running gpg */
646 } else {
647 sigcheck.payload = push_cert.buf;
648 sigcheck.gpg_output = gpg_output.buf;
649 sigcheck.gpg_status = gpg_status.buf;
650 parse_gpg_output(&sigcheck);
653 strbuf_release(&gpg_output);
654 strbuf_release(&gpg_status);
655 nonce_status = check_nonce(push_cert.buf, bogs);
657 if (!is_null_sha1(push_cert_sha1)) {
658 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
659 sha1_to_hex(push_cert_sha1));
660 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
661 sigcheck.signer ? sigcheck.signer : "");
662 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
663 sigcheck.key ? sigcheck.key : "");
664 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
665 sigcheck.result);
666 if (push_cert_nonce) {
667 argv_array_pushf(&proc->env_array,
668 "GIT_PUSH_CERT_NONCE=%s",
669 push_cert_nonce);
670 argv_array_pushf(&proc->env_array,
671 "GIT_PUSH_CERT_NONCE_STATUS=%s",
672 nonce_status);
673 if (nonce_status == NONCE_SLOP)
674 argv_array_pushf(&proc->env_array,
675 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
676 nonce_stamp_slop);
681 struct receive_hook_feed_state {
682 struct command *cmd;
683 int skip_broken;
684 struct strbuf buf;
685 const struct string_list *push_options;
688 typedef int (*feed_fn)(void *, const char **, size_t *);
689 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
690 struct receive_hook_feed_state *feed_state)
692 struct child_process proc = CHILD_PROCESS_INIT;
693 struct async muxer;
694 const char *argv[2];
695 int code;
697 argv[0] = find_hook(hook_name);
698 if (!argv[0])
699 return 0;
701 argv[1] = NULL;
703 proc.argv = argv;
704 proc.in = -1;
705 proc.stdout_to_stderr = 1;
706 if (feed_state->push_options) {
707 int i;
708 for (i = 0; i < feed_state->push_options->nr; i++)
709 argv_array_pushf(&proc.env_array,
710 "GIT_PUSH_OPTION_%d=%s", i,
711 feed_state->push_options->items[i].string);
712 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
713 feed_state->push_options->nr);
714 } else
715 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
717 if (tmp_objdir)
718 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
720 if (use_sideband) {
721 memset(&muxer, 0, sizeof(muxer));
722 muxer.proc = copy_to_sideband;
723 muxer.in = -1;
724 code = start_async(&muxer);
725 if (code)
726 return code;
727 proc.err = muxer.in;
730 prepare_push_cert_sha1(&proc);
732 code = start_command(&proc);
733 if (code) {
734 if (use_sideband)
735 finish_async(&muxer);
736 return code;
739 sigchain_push(SIGPIPE, SIG_IGN);
741 while (1) {
742 const char *buf;
743 size_t n;
744 if (feed(feed_state, &buf, &n))
745 break;
746 if (write_in_full(proc.in, buf, n) < 0)
747 break;
749 close(proc.in);
750 if (use_sideband)
751 finish_async(&muxer);
753 sigchain_pop(SIGPIPE);
755 return finish_command(&proc);
758 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
760 struct receive_hook_feed_state *state = state_;
761 struct command *cmd = state->cmd;
763 while (cmd &&
764 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
765 cmd = cmd->next;
766 if (!cmd)
767 return -1; /* EOF */
768 strbuf_reset(&state->buf);
769 strbuf_addf(&state->buf, "%s %s %s\n",
770 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
771 cmd->ref_name);
772 state->cmd = cmd->next;
773 if (bufp) {
774 *bufp = state->buf.buf;
775 *sizep = state->buf.len;
777 return 0;
780 static int run_receive_hook(struct command *commands,
781 const char *hook_name,
782 int skip_broken,
783 const struct string_list *push_options)
785 struct receive_hook_feed_state state;
786 int status;
788 strbuf_init(&state.buf, 0);
789 state.cmd = commands;
790 state.skip_broken = skip_broken;
791 if (feed_receive_hook(&state, NULL, NULL))
792 return 0;
793 state.cmd = commands;
794 state.push_options = push_options;
795 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
796 strbuf_release(&state.buf);
797 return status;
800 static int run_update_hook(struct command *cmd)
802 const char *argv[5];
803 struct child_process proc = CHILD_PROCESS_INIT;
804 int code;
806 argv[0] = find_hook("update");
807 if (!argv[0])
808 return 0;
810 argv[1] = cmd->ref_name;
811 argv[2] = oid_to_hex(&cmd->old_oid);
812 argv[3] = oid_to_hex(&cmd->new_oid);
813 argv[4] = NULL;
815 proc.no_stdin = 1;
816 proc.stdout_to_stderr = 1;
817 proc.err = use_sideband ? -1 : 0;
818 proc.argv = argv;
820 code = start_command(&proc);
821 if (code)
822 return code;
823 if (use_sideband)
824 copy_to_sideband(proc.err, -1, NULL);
825 return finish_command(&proc);
828 static int is_ref_checked_out(const char *ref)
830 if (is_bare_repository())
831 return 0;
833 if (!head_name)
834 return 0;
835 return !strcmp(head_name, ref);
838 static char *refuse_unconfigured_deny_msg =
839 N_("By default, updating the current branch in a non-bare repository\n"
840 "is denied, because it will make the index and work tree inconsistent\n"
841 "with what you pushed, and will require 'git reset --hard' to match\n"
842 "the work tree to HEAD.\n"
843 "\n"
844 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
845 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
846 "its current branch; however, this is not recommended unless you\n"
847 "arranged to update its work tree to match what you pushed in some\n"
848 "other way.\n"
849 "\n"
850 "To squelch this message and still keep the default behaviour, set\n"
851 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
853 static void refuse_unconfigured_deny(void)
855 rp_error("%s", _(refuse_unconfigured_deny_msg));
858 static char *refuse_unconfigured_deny_delete_current_msg =
859 N_("By default, deleting the current branch is denied, because the next\n"
860 "'git clone' won't result in any file checked out, causing confusion.\n"
861 "\n"
862 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
863 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
864 "current branch, with or without a warning message.\n"
865 "\n"
866 "To squelch this message, you can set it to 'refuse'.");
868 static void refuse_unconfigured_deny_delete_current(void)
870 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
873 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
874 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
876 static struct lock_file shallow_lock;
877 struct oid_array extra = OID_ARRAY_INIT;
878 struct check_connected_options opt = CHECK_CONNECTED_INIT;
879 uint32_t mask = 1 << (cmd->index % 32);
880 int i;
882 trace_printf_key(&trace_shallow,
883 "shallow: update_shallow_ref %s\n", cmd->ref_name);
884 for (i = 0; i < si->shallow->nr; i++)
885 if (si->used_shallow[i] &&
886 (si->used_shallow[i][cmd->index / 32] & mask) &&
887 !delayed_reachability_test(si, i))
888 oid_array_append(&extra, &si->shallow->oid[i]);
890 opt.env = tmp_objdir_env(tmp_objdir);
891 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
892 if (check_connected(command_singleton_iterator, cmd, &opt)) {
893 rollback_lock_file(&shallow_lock);
894 oid_array_clear(&extra);
895 return -1;
898 commit_lock_file(&shallow_lock);
901 * Make sure setup_alternate_shallow() for the next ref does
902 * not lose these new roots..
904 for (i = 0; i < extra.nr; i++)
905 register_shallow(&extra.oid[i]);
907 si->shallow_ref[cmd->index] = 0;
908 oid_array_clear(&extra);
909 return 0;
913 * NEEDSWORK: we should consolidate various implementions of "are we
914 * on an unborn branch?" test into one, and make the unified one more
915 * robust. !get_sha1() based check used here and elsewhere would not
916 * allow us to tell an unborn branch from corrupt ref, for example.
917 * For the purpose of fixing "deploy-to-update does not work when
918 * pushing into an empty repository" issue, this should suffice for
919 * now.
921 static int head_has_history(void)
923 struct object_id oid;
925 return !get_oid("HEAD", &oid);
928 static const char *push_to_deploy(unsigned char *sha1,
929 struct argv_array *env,
930 const char *work_tree)
932 const char *update_refresh[] = {
933 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
935 const char *diff_files[] = {
936 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
938 const char *diff_index[] = {
939 "diff-index", "--quiet", "--cached", "--ignore-submodules",
940 NULL, "--", NULL
942 const char *read_tree[] = {
943 "read-tree", "-u", "-m", NULL, NULL
945 struct child_process child = CHILD_PROCESS_INIT;
947 child.argv = update_refresh;
948 child.env = env->argv;
949 child.dir = work_tree;
950 child.no_stdin = 1;
951 child.stdout_to_stderr = 1;
952 child.git_cmd = 1;
953 if (run_command(&child))
954 return "Up-to-date check failed";
956 /* run_command() does not clean up completely; reinitialize */
957 child_process_init(&child);
958 child.argv = diff_files;
959 child.env = env->argv;
960 child.dir = work_tree;
961 child.no_stdin = 1;
962 child.stdout_to_stderr = 1;
963 child.git_cmd = 1;
964 if (run_command(&child))
965 return "Working directory has unstaged changes";
967 /* diff-index with either HEAD or an empty tree */
968 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
970 child_process_init(&child);
971 child.argv = diff_index;
972 child.env = env->argv;
973 child.no_stdin = 1;
974 child.no_stdout = 1;
975 child.stdout_to_stderr = 0;
976 child.git_cmd = 1;
977 if (run_command(&child))
978 return "Working directory has staged changes";
980 read_tree[3] = sha1_to_hex(sha1);
981 child_process_init(&child);
982 child.argv = read_tree;
983 child.env = env->argv;
984 child.dir = work_tree;
985 child.no_stdin = 1;
986 child.no_stdout = 1;
987 child.stdout_to_stderr = 0;
988 child.git_cmd = 1;
989 if (run_command(&child))
990 return "Could not update working tree to new HEAD";
992 return NULL;
995 static const char *push_to_checkout_hook = "push-to-checkout";
997 static const char *push_to_checkout(unsigned char *sha1,
998 struct argv_array *env,
999 const char *work_tree)
1001 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1002 if (run_hook_le(env->argv, push_to_checkout_hook,
1003 sha1_to_hex(sha1), NULL))
1004 return "push-to-checkout hook declined";
1005 else
1006 return NULL;
1009 static const char *update_worktree(unsigned char *sha1)
1011 const char *retval;
1012 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1013 struct argv_array env = ARGV_ARRAY_INIT;
1015 if (is_bare_repository())
1016 return "denyCurrentBranch = updateInstead needs a worktree";
1018 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1020 if (!find_hook(push_to_checkout_hook))
1021 retval = push_to_deploy(sha1, &env, work_tree);
1022 else
1023 retval = push_to_checkout(sha1, &env, work_tree);
1025 argv_array_clear(&env);
1026 return retval;
1029 static const char *update(struct command *cmd, struct shallow_info *si)
1031 const char *name = cmd->ref_name;
1032 struct strbuf namespaced_name_buf = STRBUF_INIT;
1033 static char *namespaced_name;
1034 const char *ret;
1035 struct object_id *old_oid = &cmd->old_oid;
1036 struct object_id *new_oid = &cmd->new_oid;
1038 /* only refs/... are allowed */
1039 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1040 rp_error("refusing to create funny ref '%s' remotely", name);
1041 return "funny refname";
1044 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1045 free(namespaced_name);
1046 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1048 if (is_ref_checked_out(namespaced_name)) {
1049 switch (deny_current_branch) {
1050 case DENY_IGNORE:
1051 break;
1052 case DENY_WARN:
1053 rp_warning("updating the current branch");
1054 break;
1055 case DENY_REFUSE:
1056 case DENY_UNCONFIGURED:
1057 rp_error("refusing to update checked out branch: %s", name);
1058 if (deny_current_branch == DENY_UNCONFIGURED)
1059 refuse_unconfigured_deny();
1060 return "branch is currently checked out";
1061 case DENY_UPDATE_INSTEAD:
1062 ret = update_worktree(new_oid->hash);
1063 if (ret)
1064 return ret;
1065 break;
1069 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1070 error("unpack should have generated %s, "
1071 "but I can't find it!", oid_to_hex(new_oid));
1072 return "bad pack";
1075 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1076 if (deny_deletes && starts_with(name, "refs/heads/")) {
1077 rp_error("denying ref deletion for %s", name);
1078 return "deletion prohibited";
1081 if (head_name && !strcmp(namespaced_name, head_name)) {
1082 switch (deny_delete_current) {
1083 case DENY_IGNORE:
1084 break;
1085 case DENY_WARN:
1086 rp_warning("deleting the current branch");
1087 break;
1088 case DENY_REFUSE:
1089 case DENY_UNCONFIGURED:
1090 case DENY_UPDATE_INSTEAD:
1091 if (deny_delete_current == DENY_UNCONFIGURED)
1092 refuse_unconfigured_deny_delete_current();
1093 rp_error("refusing to delete the current branch: %s", name);
1094 return "deletion of the current branch prohibited";
1095 default:
1096 return "Invalid denyDeleteCurrent setting";
1101 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1102 !is_null_oid(old_oid) &&
1103 starts_with(name, "refs/heads/")) {
1104 struct object *old_object, *new_object;
1105 struct commit *old_commit, *new_commit;
1107 old_object = parse_object(old_oid);
1108 new_object = parse_object(new_oid);
1110 if (!old_object || !new_object ||
1111 old_object->type != OBJ_COMMIT ||
1112 new_object->type != OBJ_COMMIT) {
1113 error("bad sha1 objects for %s", name);
1114 return "bad ref";
1116 old_commit = (struct commit *)old_object;
1117 new_commit = (struct commit *)new_object;
1118 if (!in_merge_bases(old_commit, new_commit)) {
1119 rp_error("denying non-fast-forward %s"
1120 " (you should pull first)", name);
1121 return "non-fast-forward";
1124 if (run_update_hook(cmd)) {
1125 rp_error("hook declined to update %s", name);
1126 return "hook declined";
1129 if (is_null_oid(new_oid)) {
1130 struct strbuf err = STRBUF_INIT;
1131 if (!parse_object(old_oid)) {
1132 old_oid = NULL;
1133 if (ref_exists(name)) {
1134 rp_warning("Allowing deletion of corrupt ref.");
1135 } else {
1136 rp_warning("Deleting a non-existent ref.");
1137 cmd->did_not_exist = 1;
1140 if (ref_transaction_delete(transaction,
1141 namespaced_name,
1142 old_oid ? old_oid->hash : NULL,
1143 0, "push", &err)) {
1144 rp_error("%s", err.buf);
1145 strbuf_release(&err);
1146 return "failed to delete";
1148 strbuf_release(&err);
1149 return NULL; /* good */
1151 else {
1152 struct strbuf err = STRBUF_INIT;
1153 if (shallow_update && si->shallow_ref[cmd->index] &&
1154 update_shallow_ref(cmd, si))
1155 return "shallow error";
1157 if (ref_transaction_update(transaction,
1158 namespaced_name,
1159 new_oid->hash, old_oid->hash,
1160 0, "push",
1161 &err)) {
1162 rp_error("%s", err.buf);
1163 strbuf_release(&err);
1165 return "failed to update ref";
1167 strbuf_release(&err);
1169 return NULL; /* good */
1173 static void run_update_post_hook(struct command *commands)
1175 struct command *cmd;
1176 struct child_process proc = CHILD_PROCESS_INIT;
1177 const char *hook;
1179 hook = find_hook("post-update");
1180 if (!hook)
1181 return;
1183 for (cmd = commands; cmd; cmd = cmd->next) {
1184 if (cmd->error_string || cmd->did_not_exist)
1185 continue;
1186 if (!proc.args.argc)
1187 argv_array_push(&proc.args, hook);
1188 argv_array_push(&proc.args, cmd->ref_name);
1190 if (!proc.args.argc)
1191 return;
1193 proc.no_stdin = 1;
1194 proc.stdout_to_stderr = 1;
1195 proc.err = use_sideband ? -1 : 0;
1197 if (!start_command(&proc)) {
1198 if (use_sideband)
1199 copy_to_sideband(proc.err, -1, NULL);
1200 finish_command(&proc);
1204 static void check_aliased_update(struct command *cmd, struct string_list *list)
1206 struct strbuf buf = STRBUF_INIT;
1207 const char *dst_name;
1208 struct string_list_item *item;
1209 struct command *dst_cmd;
1210 int flag;
1212 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1213 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1214 strbuf_release(&buf);
1216 if (!(flag & REF_ISSYMREF))
1217 return;
1219 if (!dst_name) {
1220 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1221 cmd->skip_update = 1;
1222 cmd->error_string = "broken symref";
1223 return;
1225 dst_name = strip_namespace(dst_name);
1227 if ((item = string_list_lookup(list, dst_name)) == NULL)
1228 return;
1230 cmd->skip_update = 1;
1232 dst_cmd = (struct command *) item->util;
1234 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1235 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1236 return;
1238 dst_cmd->skip_update = 1;
1240 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1241 " its target '%s' (%s..%s)",
1242 cmd->ref_name,
1243 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1244 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1245 dst_cmd->ref_name,
1246 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1247 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1249 cmd->error_string = dst_cmd->error_string =
1250 "inconsistent aliased update";
1253 static void check_aliased_updates(struct command *commands)
1255 struct command *cmd;
1256 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1258 for (cmd = commands; cmd; cmd = cmd->next) {
1259 struct string_list_item *item =
1260 string_list_append(&ref_list, cmd->ref_name);
1261 item->util = (void *)cmd;
1263 string_list_sort(&ref_list);
1265 for (cmd = commands; cmd; cmd = cmd->next) {
1266 if (!cmd->error_string)
1267 check_aliased_update(cmd, &ref_list);
1270 string_list_clear(&ref_list, 0);
1273 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1275 struct command **cmd_list = cb_data;
1276 struct command *cmd = *cmd_list;
1278 if (!cmd || is_null_oid(&cmd->new_oid))
1279 return -1; /* end of list */
1280 *cmd_list = NULL; /* this returns only one */
1281 hashcpy(sha1, cmd->new_oid.hash);
1282 return 0;
1285 static void set_connectivity_errors(struct command *commands,
1286 struct shallow_info *si)
1288 struct command *cmd;
1290 for (cmd = commands; cmd; cmd = cmd->next) {
1291 struct command *singleton = cmd;
1292 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1294 if (shallow_update && si->shallow_ref[cmd->index])
1295 /* to be checked in update_shallow_ref() */
1296 continue;
1298 opt.env = tmp_objdir_env(tmp_objdir);
1299 if (!check_connected(command_singleton_iterator, &singleton,
1300 &opt))
1301 continue;
1303 cmd->error_string = "missing necessary objects";
1307 struct iterate_data {
1308 struct command *cmds;
1309 struct shallow_info *si;
1312 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1314 struct iterate_data *data = cb_data;
1315 struct command **cmd_list = &data->cmds;
1316 struct command *cmd = *cmd_list;
1318 for (; cmd; cmd = cmd->next) {
1319 if (shallow_update && data->si->shallow_ref[cmd->index])
1320 /* to be checked in update_shallow_ref() */
1321 continue;
1322 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1323 hashcpy(sha1, cmd->new_oid.hash);
1324 *cmd_list = cmd->next;
1325 return 0;
1328 *cmd_list = NULL;
1329 return -1; /* end of list */
1332 static void reject_updates_to_hidden(struct command *commands)
1334 struct strbuf refname_full = STRBUF_INIT;
1335 size_t prefix_len;
1336 struct command *cmd;
1338 strbuf_addstr(&refname_full, get_git_namespace());
1339 prefix_len = refname_full.len;
1341 for (cmd = commands; cmd; cmd = cmd->next) {
1342 if (cmd->error_string)
1343 continue;
1345 strbuf_setlen(&refname_full, prefix_len);
1346 strbuf_addstr(&refname_full, cmd->ref_name);
1348 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1349 continue;
1350 if (is_null_oid(&cmd->new_oid))
1351 cmd->error_string = "deny deleting a hidden ref";
1352 else
1353 cmd->error_string = "deny updating a hidden ref";
1356 strbuf_release(&refname_full);
1359 static int should_process_cmd(struct command *cmd)
1361 return !cmd->error_string && !cmd->skip_update;
1364 static void warn_if_skipped_connectivity_check(struct command *commands,
1365 struct shallow_info *si)
1367 struct command *cmd;
1368 int checked_connectivity = 1;
1370 for (cmd = commands; cmd; cmd = cmd->next) {
1371 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1372 error("BUG: connectivity check has not been run on ref %s",
1373 cmd->ref_name);
1374 checked_connectivity = 0;
1377 if (!checked_connectivity)
1378 die("BUG: connectivity check skipped???");
1381 static void execute_commands_non_atomic(struct command *commands,
1382 struct shallow_info *si)
1384 struct command *cmd;
1385 struct strbuf err = STRBUF_INIT;
1387 for (cmd = commands; cmd; cmd = cmd->next) {
1388 if (!should_process_cmd(cmd))
1389 continue;
1391 transaction = ref_transaction_begin(&err);
1392 if (!transaction) {
1393 rp_error("%s", err.buf);
1394 strbuf_reset(&err);
1395 cmd->error_string = "transaction failed to start";
1396 continue;
1399 cmd->error_string = update(cmd, si);
1401 if (!cmd->error_string
1402 && ref_transaction_commit(transaction, &err)) {
1403 rp_error("%s", err.buf);
1404 strbuf_reset(&err);
1405 cmd->error_string = "failed to update ref";
1407 ref_transaction_free(transaction);
1409 strbuf_release(&err);
1412 static void execute_commands_atomic(struct command *commands,
1413 struct shallow_info *si)
1415 struct command *cmd;
1416 struct strbuf err = STRBUF_INIT;
1417 const char *reported_error = "atomic push failure";
1419 transaction = ref_transaction_begin(&err);
1420 if (!transaction) {
1421 rp_error("%s", err.buf);
1422 strbuf_reset(&err);
1423 reported_error = "transaction failed to start";
1424 goto failure;
1427 for (cmd = commands; cmd; cmd = cmd->next) {
1428 if (!should_process_cmd(cmd))
1429 continue;
1431 cmd->error_string = update(cmd, si);
1433 if (cmd->error_string)
1434 goto failure;
1437 if (ref_transaction_commit(transaction, &err)) {
1438 rp_error("%s", err.buf);
1439 reported_error = "atomic transaction failed";
1440 goto failure;
1442 goto cleanup;
1444 failure:
1445 for (cmd = commands; cmd; cmd = cmd->next)
1446 if (!cmd->error_string)
1447 cmd->error_string = reported_error;
1449 cleanup:
1450 ref_transaction_free(transaction);
1451 strbuf_release(&err);
1454 static void execute_commands(struct command *commands,
1455 const char *unpacker_error,
1456 struct shallow_info *si,
1457 const struct string_list *push_options)
1459 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1460 struct command *cmd;
1461 struct iterate_data data;
1462 struct async muxer;
1463 int err_fd = 0;
1465 if (unpacker_error) {
1466 for (cmd = commands; cmd; cmd = cmd->next)
1467 cmd->error_string = "unpacker error";
1468 return;
1471 if (use_sideband) {
1472 memset(&muxer, 0, sizeof(muxer));
1473 muxer.proc = copy_to_sideband;
1474 muxer.in = -1;
1475 if (!start_async(&muxer))
1476 err_fd = muxer.in;
1477 /* ...else, continue without relaying sideband */
1480 data.cmds = commands;
1481 data.si = si;
1482 opt.err_fd = err_fd;
1483 opt.progress = err_fd && !quiet;
1484 opt.env = tmp_objdir_env(tmp_objdir);
1485 if (check_connected(iterate_receive_command_list, &data, &opt))
1486 set_connectivity_errors(commands, si);
1488 if (use_sideband)
1489 finish_async(&muxer);
1491 reject_updates_to_hidden(commands);
1493 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1494 for (cmd = commands; cmd; cmd = cmd->next) {
1495 if (!cmd->error_string)
1496 cmd->error_string = "pre-receive hook declined";
1498 return;
1502 * Now we'll start writing out refs, which means the objects need
1503 * to be in their final positions so that other processes can see them.
1505 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1506 for (cmd = commands; cmd; cmd = cmd->next) {
1507 if (!cmd->error_string)
1508 cmd->error_string = "unable to migrate objects to permanent storage";
1510 return;
1512 tmp_objdir = NULL;
1514 check_aliased_updates(commands);
1516 free(head_name_to_free);
1517 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1519 if (use_atomic)
1520 execute_commands_atomic(commands, si);
1521 else
1522 execute_commands_non_atomic(commands, si);
1524 if (shallow_update)
1525 warn_if_skipped_connectivity_check(commands, si);
1528 static struct command **queue_command(struct command **tail,
1529 const char *line,
1530 int linelen)
1532 struct object_id old_oid, new_oid;
1533 struct command *cmd;
1534 const char *refname;
1535 int reflen;
1536 const char *p;
1538 if (parse_oid_hex(line, &old_oid, &p) ||
1539 *p++ != ' ' ||
1540 parse_oid_hex(p, &new_oid, &p) ||
1541 *p++ != ' ')
1542 die("protocol error: expected old/new/ref, got '%s'", line);
1544 refname = p;
1545 reflen = linelen - (p - line);
1546 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1547 oidcpy(&cmd->old_oid, &old_oid);
1548 oidcpy(&cmd->new_oid, &new_oid);
1549 *tail = cmd;
1550 return &cmd->next;
1553 static void queue_commands_from_cert(struct command **tail,
1554 struct strbuf *push_cert)
1556 const char *boc, *eoc;
1558 if (*tail)
1559 die("protocol error: got both push certificate and unsigned commands");
1561 boc = strstr(push_cert->buf, "\n\n");
1562 if (!boc)
1563 die("malformed push certificate %.*s", 100, push_cert->buf);
1564 else
1565 boc += 2;
1566 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1568 while (boc < eoc) {
1569 const char *eol = memchr(boc, '\n', eoc - boc);
1570 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1571 boc = eol ? eol + 1 : eoc;
1575 static struct command *read_head_info(struct oid_array *shallow)
1577 struct command *commands = NULL;
1578 struct command **p = &commands;
1579 for (;;) {
1580 char *line;
1581 int len, linelen;
1583 line = packet_read_line(0, &len);
1584 if (!line)
1585 break;
1587 if (len > 8 && starts_with(line, "shallow ")) {
1588 struct object_id oid;
1589 if (get_oid_hex(line + 8, &oid))
1590 die("protocol error: expected shallow sha, got '%s'",
1591 line + 8);
1592 oid_array_append(shallow, &oid);
1593 continue;
1596 linelen = strlen(line);
1597 if (linelen < len) {
1598 const char *feature_list = line + linelen + 1;
1599 if (parse_feature_request(feature_list, "report-status"))
1600 report_status = 1;
1601 if (parse_feature_request(feature_list, "side-band-64k"))
1602 use_sideband = LARGE_PACKET_MAX;
1603 if (parse_feature_request(feature_list, "quiet"))
1604 quiet = 1;
1605 if (advertise_atomic_push
1606 && parse_feature_request(feature_list, "atomic"))
1607 use_atomic = 1;
1608 if (advertise_push_options
1609 && parse_feature_request(feature_list, "push-options"))
1610 use_push_options = 1;
1613 if (!strcmp(line, "push-cert")) {
1614 int true_flush = 0;
1615 char certbuf[1024];
1617 for (;;) {
1618 len = packet_read(0, NULL, NULL,
1619 certbuf, sizeof(certbuf), 0);
1620 if (!len) {
1621 true_flush = 1;
1622 break;
1624 if (!strcmp(certbuf, "push-cert-end\n"))
1625 break; /* end of cert */
1626 strbuf_addstr(&push_cert, certbuf);
1629 if (true_flush)
1630 break;
1631 continue;
1634 p = queue_command(p, line, linelen);
1637 if (push_cert.len)
1638 queue_commands_from_cert(p, &push_cert);
1640 return commands;
1643 static void read_push_options(struct string_list *options)
1645 while (1) {
1646 char *line;
1647 int len;
1649 line = packet_read_line(0, &len);
1651 if (!line)
1652 break;
1654 string_list_append(options, line);
1658 static const char *parse_pack_header(struct pack_header *hdr)
1660 switch (read_pack_header(0, hdr)) {
1661 case PH_ERROR_EOF:
1662 return "eof before pack header was fully read";
1664 case PH_ERROR_PACK_SIGNATURE:
1665 return "protocol error (pack signature mismatch detected)";
1667 case PH_ERROR_PROTOCOL:
1668 return "protocol error (pack version unsupported)";
1670 default:
1671 return "unknown error in parse_pack_header";
1673 case 0:
1674 return NULL;
1678 static const char *pack_lockfile;
1680 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1682 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1683 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1686 static const char *unpack(int err_fd, struct shallow_info *si)
1688 struct pack_header hdr;
1689 const char *hdr_err;
1690 int status;
1691 struct child_process child = CHILD_PROCESS_INIT;
1692 int fsck_objects = (receive_fsck_objects >= 0
1693 ? receive_fsck_objects
1694 : transfer_fsck_objects >= 0
1695 ? transfer_fsck_objects
1696 : 0);
1698 hdr_err = parse_pack_header(&hdr);
1699 if (hdr_err) {
1700 if (err_fd > 0)
1701 close(err_fd);
1702 return hdr_err;
1705 if (si->nr_ours || si->nr_theirs) {
1706 alt_shallow_file = setup_temporary_shallow(si->shallow);
1707 argv_array_push(&child.args, "--shallow-file");
1708 argv_array_push(&child.args, alt_shallow_file);
1711 tmp_objdir = tmp_objdir_create();
1712 if (!tmp_objdir) {
1713 if (err_fd > 0)
1714 close(err_fd);
1715 return "unable to create temporary object directory";
1717 child.env = tmp_objdir_env(tmp_objdir);
1720 * Normally we just pass the tmp_objdir environment to the child
1721 * processes that do the heavy lifting, but we may need to see these
1722 * objects ourselves to set up shallow information.
1724 tmp_objdir_add_as_alternate(tmp_objdir);
1726 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1727 argv_array_push(&child.args, "unpack-objects");
1728 push_header_arg(&child.args, &hdr);
1729 if (quiet)
1730 argv_array_push(&child.args, "-q");
1731 if (fsck_objects)
1732 argv_array_pushf(&child.args, "--strict%s",
1733 fsck_msg_types.buf);
1734 if (max_input_size)
1735 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1736 (uintmax_t)max_input_size);
1737 child.no_stdout = 1;
1738 child.err = err_fd;
1739 child.git_cmd = 1;
1740 status = run_command(&child);
1741 if (status)
1742 return "unpack-objects abnormal exit";
1743 } else {
1744 char hostname[HOST_NAME_MAX + 1];
1746 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1747 push_header_arg(&child.args, &hdr);
1749 if (xgethostname(hostname, sizeof(hostname)))
1750 xsnprintf(hostname, sizeof(hostname), "localhost");
1751 argv_array_pushf(&child.args,
1752 "--keep=receive-pack %"PRIuMAX" on %s",
1753 (uintmax_t)getpid(),
1754 hostname);
1756 if (!quiet && err_fd)
1757 argv_array_push(&child.args, "--show-resolving-progress");
1758 if (use_sideband)
1759 argv_array_push(&child.args, "--report-end-of-input");
1760 if (fsck_objects)
1761 argv_array_pushf(&child.args, "--strict%s",
1762 fsck_msg_types.buf);
1763 if (!reject_thin)
1764 argv_array_push(&child.args, "--fix-thin");
1765 if (max_input_size)
1766 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1767 (uintmax_t)max_input_size);
1768 child.out = -1;
1769 child.err = err_fd;
1770 child.git_cmd = 1;
1771 status = start_command(&child);
1772 if (status)
1773 return "index-pack fork failed";
1774 pack_lockfile = index_pack_lockfile(child.out);
1775 close(child.out);
1776 status = finish_command(&child);
1777 if (status)
1778 return "index-pack abnormal exit";
1779 reprepare_packed_git();
1781 return NULL;
1784 static const char *unpack_with_sideband(struct shallow_info *si)
1786 struct async muxer;
1787 const char *ret;
1789 if (!use_sideband)
1790 return unpack(0, si);
1792 use_keepalive = KEEPALIVE_AFTER_NUL;
1793 memset(&muxer, 0, sizeof(muxer));
1794 muxer.proc = copy_to_sideband;
1795 muxer.in = -1;
1796 if (start_async(&muxer))
1797 return NULL;
1799 ret = unpack(muxer.in, si);
1801 finish_async(&muxer);
1802 return ret;
1805 static void prepare_shallow_update(struct command *commands,
1806 struct shallow_info *si)
1808 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1810 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1811 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1813 si->need_reachability_test =
1814 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1815 si->reachable =
1816 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1817 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1819 for (i = 0; i < si->nr_ours; i++)
1820 si->need_reachability_test[si->ours[i]] = 1;
1822 for (i = 0; i < si->shallow->nr; i++) {
1823 if (!si->used_shallow[i])
1824 continue;
1825 for (j = 0; j < bitmap_size; j++) {
1826 if (!si->used_shallow[i][j])
1827 continue;
1828 si->need_reachability_test[i]++;
1829 for (k = 0; k < 32; k++)
1830 if (si->used_shallow[i][j] & (1U << k))
1831 si->shallow_ref[j * 32 + k]++;
1835 * true for those associated with some refs and belong
1836 * in "ours" list aka "step 7 not done yet"
1838 si->need_reachability_test[i] =
1839 si->need_reachability_test[i] > 1;
1843 * keep hooks happy by forcing a temporary shallow file via
1844 * env variable because we can't add --shallow-file to every
1845 * command. check_everything_connected() will be done with
1846 * true .git/shallow though.
1848 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1851 static void update_shallow_info(struct command *commands,
1852 struct shallow_info *si,
1853 struct oid_array *ref)
1855 struct command *cmd;
1856 int *ref_status;
1857 remove_nonexistent_theirs_shallow(si);
1858 if (!si->nr_ours && !si->nr_theirs) {
1859 shallow_update = 0;
1860 return;
1863 for (cmd = commands; cmd; cmd = cmd->next) {
1864 if (is_null_oid(&cmd->new_oid))
1865 continue;
1866 oid_array_append(ref, &cmd->new_oid);
1867 cmd->index = ref->nr - 1;
1869 si->ref = ref;
1871 if (shallow_update) {
1872 prepare_shallow_update(commands, si);
1873 return;
1876 ALLOC_ARRAY(ref_status, ref->nr);
1877 assign_shallow_commits_to_refs(si, NULL, ref_status);
1878 for (cmd = commands; cmd; cmd = cmd->next) {
1879 if (is_null_oid(&cmd->new_oid))
1880 continue;
1881 if (ref_status[cmd->index]) {
1882 cmd->error_string = "shallow update not allowed";
1883 cmd->skip_update = 1;
1886 free(ref_status);
1889 static void report(struct command *commands, const char *unpack_status)
1891 struct command *cmd;
1892 struct strbuf buf = STRBUF_INIT;
1894 packet_buf_write(&buf, "unpack %s\n",
1895 unpack_status ? unpack_status : "ok");
1896 for (cmd = commands; cmd; cmd = cmd->next) {
1897 if (!cmd->error_string)
1898 packet_buf_write(&buf, "ok %s\n",
1899 cmd->ref_name);
1900 else
1901 packet_buf_write(&buf, "ng %s %s\n",
1902 cmd->ref_name, cmd->error_string);
1904 packet_buf_flush(&buf);
1906 if (use_sideband)
1907 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1908 else
1909 write_or_die(1, buf.buf, buf.len);
1910 strbuf_release(&buf);
1913 static int delete_only(struct command *commands)
1915 struct command *cmd;
1916 for (cmd = commands; cmd; cmd = cmd->next) {
1917 if (!is_null_oid(&cmd->new_oid))
1918 return 0;
1920 return 1;
1923 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1925 int advertise_refs = 0;
1926 struct command *commands;
1927 struct oid_array shallow = OID_ARRAY_INIT;
1928 struct oid_array ref = OID_ARRAY_INIT;
1929 struct shallow_info si;
1931 struct option options[] = {
1932 OPT__QUIET(&quiet, N_("quiet")),
1933 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1934 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1935 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1936 OPT_END()
1939 packet_trace_identity("receive-pack");
1941 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1943 if (argc > 1)
1944 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1945 if (argc == 0)
1946 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1948 service_dir = argv[0];
1950 setup_path();
1952 if (!enter_repo(service_dir, 0))
1953 die("'%s' does not appear to be a git repository", service_dir);
1955 git_config(receive_pack_config, NULL);
1956 if (cert_nonce_seed)
1957 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1959 if (0 <= transfer_unpack_limit)
1960 unpack_limit = transfer_unpack_limit;
1961 else if (0 <= receive_unpack_limit)
1962 unpack_limit = receive_unpack_limit;
1964 if (advertise_refs || !stateless_rpc) {
1965 write_head_info();
1967 if (advertise_refs)
1968 return 0;
1970 if ((commands = read_head_info(&shallow)) != NULL) {
1971 const char *unpack_status = NULL;
1972 struct string_list push_options = STRING_LIST_INIT_DUP;
1974 if (use_push_options)
1975 read_push_options(&push_options);
1976 if (!check_cert_push_options(&push_options)) {
1977 struct command *cmd;
1978 for (cmd = commands; cmd; cmd = cmd->next)
1979 cmd->error_string = "inconsistent push options";
1982 prepare_shallow_info(&si, &shallow);
1983 if (!si.nr_ours && !si.nr_theirs)
1984 shallow_update = 0;
1985 if (!delete_only(commands)) {
1986 unpack_status = unpack_with_sideband(&si);
1987 update_shallow_info(commands, &si, &ref);
1989 use_keepalive = KEEPALIVE_ALWAYS;
1990 execute_commands(commands, unpack_status, &si,
1991 &push_options);
1992 if (pack_lockfile)
1993 unlink_or_warn(pack_lockfile);
1994 if (report_status)
1995 report(commands, unpack_status);
1996 run_receive_hook(commands, "post-receive", 1,
1997 &push_options);
1998 run_update_post_hook(commands);
1999 string_list_clear(&push_options, 0);
2000 if (auto_gc) {
2001 const char *argv_gc_auto[] = {
2002 "gc", "--auto", "--quiet", NULL,
2004 struct child_process proc = CHILD_PROCESS_INIT;
2006 proc.no_stdin = 1;
2007 proc.stdout_to_stderr = 1;
2008 proc.err = use_sideband ? -1 : 0;
2009 proc.git_cmd = 1;
2010 proc.argv = argv_gc_auto;
2012 close_all_packs();
2013 if (!start_command(&proc)) {
2014 if (use_sideband)
2015 copy_to_sideband(proc.err, -1, NULL);
2016 finish_command(&proc);
2019 if (auto_update_server_info)
2020 update_server_info(0);
2021 clear_shallow_info(&si);
2023 if (use_sideband)
2024 packet_flush(1);
2025 oid_array_clear(&shallow);
2026 oid_array_clear(&ref);
2027 free((void *)push_cert_nonce);
2028 return 0;