grep: re-order rev-parsing loop
[git/debian.git] / builtin / receive-pack.c
blob1dbb8a069225be1e9d9fe27ad4b83a8bd66ca511
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23 #include "tmp-objdir.h"
25 static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
30 enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
38 static int deny_deletes;
39 static int deny_non_fast_forwards;
40 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42 static int receive_fsck_objects = -1;
43 static int transfer_fsck_objects = -1;
44 static struct strbuf fsck_msg_types = STRBUF_INIT;
45 static int receive_unpack_limit = -1;
46 static int transfer_unpack_limit = -1;
47 static int advertise_atomic_push = 1;
48 static int advertise_push_options;
49 static int unpack_limit = 100;
50 static off_t max_input_size;
51 static int report_status;
52 static int use_sideband;
53 static int use_atomic;
54 static int use_push_options;
55 static int quiet;
56 static int prefer_ofs_delta = 1;
57 static int auto_update_server_info;
58 static int auto_gc = 1;
59 static int reject_thin;
60 static int stateless_rpc;
61 static const char *service_dir;
62 static const char *head_name;
63 static void *head_name_to_free;
64 static int sent_capabilities;
65 static int shallow_update;
66 static const char *alt_shallow_file;
67 static struct strbuf push_cert = STRBUF_INIT;
68 static unsigned char push_cert_sha1[20];
69 static struct signature_check sigcheck;
70 static const char *push_cert_nonce;
71 static const char *cert_nonce_seed;
73 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74 static const char *NONCE_BAD = "BAD";
75 static const char *NONCE_MISSING = "MISSING";
76 static const char *NONCE_OK = "OK";
77 static const char *NONCE_SLOP = "SLOP";
78 static const char *nonce_status;
79 static long nonce_stamp_slop;
80 static unsigned long nonce_stamp_slop_limit;
81 static struct ref_transaction *transaction;
83 static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87 } use_keepalive;
88 static int keepalive_in_sec = 5;
90 static struct tmp_objdir *tmp_objdir;
92 static enum deny_action parse_deny_action(const char *var, const char *value)
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
109 static int receive_pack_config(const char *var, const char *value, void *cb)
111 int status = parse_hide_refs_config(var, value, "receive");
113 if (status)
114 return status;
116 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
126 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
139 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
147 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
156 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
166 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
186 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
191 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
196 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
199 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
214 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
219 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
224 return git_default_config(var, value, cb);
227 static void show_ref(const char *path, const unsigned char *sha1)
229 if (sent_capabilities) {
230 packet_write_fmt(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
234 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write_fmt(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
252 static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
255 const char *path = strip_namespace(path_full);
257 if (ref_is_hidden(path, path_full))
258 return 0;
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
274 static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
276 show_ref(".have", sha1);
277 return 0;
280 static void collect_one_alternate_ref(const struct ref *ref, void *data)
282 struct sha1_array *sa = data;
283 sha1_array_append(sa, ref->old_oid.hash);
286 static void write_head_info(void)
288 struct sha1_array sa = SHA1_ARRAY_INIT;
290 for_each_alternate_ref(collect_one_alternate_ref, &sa);
291 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
292 sha1_array_clear(&sa);
293 for_each_ref(show_ref_cb, NULL);
294 if (!sent_capabilities)
295 show_ref("capabilities^{}", null_sha1);
297 advertise_shallow_grafts(1);
299 /* EOF */
300 packet_flush(1);
303 struct command {
304 struct command *next;
305 const char *error_string;
306 unsigned int skip_update:1,
307 did_not_exist:1;
308 int index;
309 unsigned char old_sha1[20];
310 unsigned char new_sha1[20];
311 char ref_name[FLEX_ARRAY]; /* more */
314 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
315 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
317 static void report_message(const char *prefix, const char *err, va_list params)
319 int sz;
320 char msg[4096];
322 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
323 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
324 if (sz > (sizeof(msg) - 1))
325 sz = sizeof(msg) - 1;
326 msg[sz++] = '\n';
328 if (use_sideband)
329 send_sideband(1, 2, msg, sz, use_sideband);
330 else
331 xwrite(2, msg, sz);
334 static void rp_warning(const char *err, ...)
336 va_list params;
337 va_start(params, err);
338 report_message("warning: ", err, params);
339 va_end(params);
342 static void rp_error(const char *err, ...)
344 va_list params;
345 va_start(params, err);
346 report_message("error: ", err, params);
347 va_end(params);
350 static int copy_to_sideband(int in, int out, void *arg)
352 char data[128];
353 int keepalive_active = 0;
355 if (keepalive_in_sec <= 0)
356 use_keepalive = KEEPALIVE_NEVER;
357 if (use_keepalive == KEEPALIVE_ALWAYS)
358 keepalive_active = 1;
360 while (1) {
361 ssize_t sz;
363 if (keepalive_active) {
364 struct pollfd pfd;
365 int ret;
367 pfd.fd = in;
368 pfd.events = POLLIN;
369 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
371 if (ret < 0) {
372 if (errno == EINTR)
373 continue;
374 else
375 break;
376 } else if (ret == 0) {
377 /* no data; send a keepalive packet */
378 static const char buf[] = "0005\1";
379 write_or_die(1, buf, sizeof(buf) - 1);
380 continue;
381 } /* else there is actual data to read */
384 sz = xread(in, data, sizeof(data));
385 if (sz <= 0)
386 break;
388 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
389 const char *p = memchr(data, '\0', sz);
390 if (p) {
392 * The NUL tells us to start sending keepalives. Make
393 * sure we send any other data we read along
394 * with it.
396 keepalive_active = 1;
397 send_sideband(1, 2, data, p - data, use_sideband);
398 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
399 continue;
404 * Either we're not looking for a NUL signal, or we didn't see
405 * it yet; just pass along the data.
407 send_sideband(1, 2, data, sz, use_sideband);
409 close(in);
410 return 0;
413 #define HMAC_BLOCK_SIZE 64
415 static void hmac_sha1(unsigned char *out,
416 const char *key_in, size_t key_len,
417 const char *text, size_t text_len)
419 unsigned char key[HMAC_BLOCK_SIZE];
420 unsigned char k_ipad[HMAC_BLOCK_SIZE];
421 unsigned char k_opad[HMAC_BLOCK_SIZE];
422 int i;
423 git_SHA_CTX ctx;
425 /* RFC 2104 2. (1) */
426 memset(key, '\0', HMAC_BLOCK_SIZE);
427 if (HMAC_BLOCK_SIZE < key_len) {
428 git_SHA1_Init(&ctx);
429 git_SHA1_Update(&ctx, key_in, key_len);
430 git_SHA1_Final(key, &ctx);
431 } else {
432 memcpy(key, key_in, key_len);
435 /* RFC 2104 2. (2) & (5) */
436 for (i = 0; i < sizeof(key); i++) {
437 k_ipad[i] = key[i] ^ 0x36;
438 k_opad[i] = key[i] ^ 0x5c;
441 /* RFC 2104 2. (3) & (4) */
442 git_SHA1_Init(&ctx);
443 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
444 git_SHA1_Update(&ctx, text, text_len);
445 git_SHA1_Final(out, &ctx);
447 /* RFC 2104 2. (6) & (7) */
448 git_SHA1_Init(&ctx);
449 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
450 git_SHA1_Update(&ctx, out, 20);
451 git_SHA1_Final(out, &ctx);
454 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
456 struct strbuf buf = STRBUF_INIT;
457 unsigned char sha1[20];
459 strbuf_addf(&buf, "%s:%lu", path, stamp);
460 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
461 strbuf_release(&buf);
463 /* RFC 2104 5. HMAC-SHA1-80 */
464 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
465 return strbuf_detach(&buf, NULL);
469 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
470 * after dropping "_commit" from its name and possibly moving it out
471 * of commit.c
473 static char *find_header(const char *msg, size_t len, const char *key)
475 int key_len = strlen(key);
476 const char *line = msg;
478 while (line && line < msg + len) {
479 const char *eol = strchrnul(line, '\n');
481 if ((msg + len <= eol) || line == eol)
482 return NULL;
483 if (line + key_len < eol &&
484 !memcmp(line, key, key_len) && line[key_len] == ' ') {
485 int offset = key_len + 1;
486 return xmemdupz(line + offset, (eol - line) - offset);
488 line = *eol ? eol + 1 : NULL;
490 return NULL;
493 static const char *check_nonce(const char *buf, size_t len)
495 char *nonce = find_header(buf, len, "nonce");
496 unsigned long stamp, ostamp;
497 char *bohmac, *expect = NULL;
498 const char *retval = NONCE_BAD;
500 if (!nonce) {
501 retval = NONCE_MISSING;
502 goto leave;
503 } else if (!push_cert_nonce) {
504 retval = NONCE_UNSOLICITED;
505 goto leave;
506 } else if (!strcmp(push_cert_nonce, nonce)) {
507 retval = NONCE_OK;
508 goto leave;
511 if (!stateless_rpc) {
512 /* returned nonce MUST match what we gave out earlier */
513 retval = NONCE_BAD;
514 goto leave;
518 * In stateless mode, we may be receiving a nonce issued by
519 * another instance of the server that serving the same
520 * repository, and the timestamps may not match, but the
521 * nonce-seed and dir should match, so we can recompute and
522 * report the time slop.
524 * In addition, when a nonce issued by another instance has
525 * timestamp within receive.certnonceslop seconds, we pretend
526 * as if we issued that nonce when reporting to the hook.
529 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
530 if (*nonce <= '0' || '9' < *nonce) {
531 retval = NONCE_BAD;
532 goto leave;
534 stamp = strtoul(nonce, &bohmac, 10);
535 if (bohmac == nonce || bohmac[0] != '-') {
536 retval = NONCE_BAD;
537 goto leave;
540 expect = prepare_push_cert_nonce(service_dir, stamp);
541 if (strcmp(expect, nonce)) {
542 /* Not what we would have signed earlier */
543 retval = NONCE_BAD;
544 goto leave;
548 * By how many seconds is this nonce stale? Negative value
549 * would mean it was issued by another server with its clock
550 * skewed in the future.
552 ostamp = strtoul(push_cert_nonce, NULL, 10);
553 nonce_stamp_slop = (long)ostamp - (long)stamp;
555 if (nonce_stamp_slop_limit &&
556 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
558 * Pretend as if the received nonce (which passes the
559 * HMAC check, so it is not a forged by third-party)
560 * is what we issued.
562 free((void *)push_cert_nonce);
563 push_cert_nonce = xstrdup(nonce);
564 retval = NONCE_OK;
565 } else {
566 retval = NONCE_SLOP;
569 leave:
570 free(nonce);
571 free(expect);
572 return retval;
575 static void prepare_push_cert_sha1(struct child_process *proc)
577 static int already_done;
579 if (!push_cert.len)
580 return;
582 if (!already_done) {
583 struct strbuf gpg_output = STRBUF_INIT;
584 struct strbuf gpg_status = STRBUF_INIT;
585 int bogs /* beginning_of_gpg_sig */;
587 already_done = 1;
588 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
589 hashclr(push_cert_sha1);
591 memset(&sigcheck, '\0', sizeof(sigcheck));
592 sigcheck.result = 'N';
594 bogs = parse_signature(push_cert.buf, push_cert.len);
595 if (verify_signed_buffer(push_cert.buf, bogs,
596 push_cert.buf + bogs, push_cert.len - bogs,
597 &gpg_output, &gpg_status) < 0) {
598 ; /* error running gpg */
599 } else {
600 sigcheck.payload = push_cert.buf;
601 sigcheck.gpg_output = gpg_output.buf;
602 sigcheck.gpg_status = gpg_status.buf;
603 parse_gpg_output(&sigcheck);
606 strbuf_release(&gpg_output);
607 strbuf_release(&gpg_status);
608 nonce_status = check_nonce(push_cert.buf, bogs);
610 if (!is_null_sha1(push_cert_sha1)) {
611 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
612 sha1_to_hex(push_cert_sha1));
613 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
614 sigcheck.signer ? sigcheck.signer : "");
615 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
616 sigcheck.key ? sigcheck.key : "");
617 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
618 sigcheck.result);
619 if (push_cert_nonce) {
620 argv_array_pushf(&proc->env_array,
621 "GIT_PUSH_CERT_NONCE=%s",
622 push_cert_nonce);
623 argv_array_pushf(&proc->env_array,
624 "GIT_PUSH_CERT_NONCE_STATUS=%s",
625 nonce_status);
626 if (nonce_status == NONCE_SLOP)
627 argv_array_pushf(&proc->env_array,
628 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
629 nonce_stamp_slop);
634 struct receive_hook_feed_state {
635 struct command *cmd;
636 int skip_broken;
637 struct strbuf buf;
638 const struct string_list *push_options;
641 typedef int (*feed_fn)(void *, const char **, size_t *);
642 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
643 struct receive_hook_feed_state *feed_state)
645 struct child_process proc = CHILD_PROCESS_INIT;
646 struct async muxer;
647 const char *argv[2];
648 int code;
650 argv[0] = find_hook(hook_name);
651 if (!argv[0])
652 return 0;
654 argv[1] = NULL;
656 proc.argv = argv;
657 proc.in = -1;
658 proc.stdout_to_stderr = 1;
659 if (feed_state->push_options) {
660 int i;
661 for (i = 0; i < feed_state->push_options->nr; i++)
662 argv_array_pushf(&proc.env_array,
663 "GIT_PUSH_OPTION_%d=%s", i,
664 feed_state->push_options->items[i].string);
665 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
666 feed_state->push_options->nr);
667 } else
668 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
670 if (tmp_objdir)
671 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
673 if (use_sideband) {
674 memset(&muxer, 0, sizeof(muxer));
675 muxer.proc = copy_to_sideband;
676 muxer.in = -1;
677 code = start_async(&muxer);
678 if (code)
679 return code;
680 proc.err = muxer.in;
683 prepare_push_cert_sha1(&proc);
685 code = start_command(&proc);
686 if (code) {
687 if (use_sideband)
688 finish_async(&muxer);
689 return code;
692 sigchain_push(SIGPIPE, SIG_IGN);
694 while (1) {
695 const char *buf;
696 size_t n;
697 if (feed(feed_state, &buf, &n))
698 break;
699 if (write_in_full(proc.in, buf, n) != n)
700 break;
702 close(proc.in);
703 if (use_sideband)
704 finish_async(&muxer);
706 sigchain_pop(SIGPIPE);
708 return finish_command(&proc);
711 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
713 struct receive_hook_feed_state *state = state_;
714 struct command *cmd = state->cmd;
716 while (cmd &&
717 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
718 cmd = cmd->next;
719 if (!cmd)
720 return -1; /* EOF */
721 strbuf_reset(&state->buf);
722 strbuf_addf(&state->buf, "%s %s %s\n",
723 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
724 cmd->ref_name);
725 state->cmd = cmd->next;
726 if (bufp) {
727 *bufp = state->buf.buf;
728 *sizep = state->buf.len;
730 return 0;
733 static int run_receive_hook(struct command *commands,
734 const char *hook_name,
735 int skip_broken,
736 const struct string_list *push_options)
738 struct receive_hook_feed_state state;
739 int status;
741 strbuf_init(&state.buf, 0);
742 state.cmd = commands;
743 state.skip_broken = skip_broken;
744 if (feed_receive_hook(&state, NULL, NULL))
745 return 0;
746 state.cmd = commands;
747 state.push_options = push_options;
748 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
749 strbuf_release(&state.buf);
750 return status;
753 static int run_update_hook(struct command *cmd)
755 const char *argv[5];
756 struct child_process proc = CHILD_PROCESS_INIT;
757 int code;
759 argv[0] = find_hook("update");
760 if (!argv[0])
761 return 0;
763 argv[1] = cmd->ref_name;
764 argv[2] = sha1_to_hex(cmd->old_sha1);
765 argv[3] = sha1_to_hex(cmd->new_sha1);
766 argv[4] = NULL;
768 proc.no_stdin = 1;
769 proc.stdout_to_stderr = 1;
770 proc.err = use_sideband ? -1 : 0;
771 proc.argv = argv;
772 proc.env = tmp_objdir_env(tmp_objdir);
774 code = start_command(&proc);
775 if (code)
776 return code;
777 if (use_sideband)
778 copy_to_sideband(proc.err, -1, NULL);
779 return finish_command(&proc);
782 static int is_ref_checked_out(const char *ref)
784 if (is_bare_repository())
785 return 0;
787 if (!head_name)
788 return 0;
789 return !strcmp(head_name, ref);
792 static char *refuse_unconfigured_deny_msg =
793 N_("By default, updating the current branch in a non-bare repository\n"
794 "is denied, because it will make the index and work tree inconsistent\n"
795 "with what you pushed, and will require 'git reset --hard' to match\n"
796 "the work tree to HEAD.\n"
797 "\n"
798 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
799 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
800 "its current branch; however, this is not recommended unless you\n"
801 "arranged to update its work tree to match what you pushed in some\n"
802 "other way.\n"
803 "\n"
804 "To squelch this message and still keep the default behaviour, set\n"
805 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
807 static void refuse_unconfigured_deny(void)
809 rp_error("%s", _(refuse_unconfigured_deny_msg));
812 static char *refuse_unconfigured_deny_delete_current_msg =
813 N_("By default, deleting the current branch is denied, because the next\n"
814 "'git clone' won't result in any file checked out, causing confusion.\n"
815 "\n"
816 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
817 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
818 "current branch, with or without a warning message.\n"
819 "\n"
820 "To squelch this message, you can set it to 'refuse'.");
822 static void refuse_unconfigured_deny_delete_current(void)
824 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
827 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
828 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
830 static struct lock_file shallow_lock;
831 struct sha1_array extra = SHA1_ARRAY_INIT;
832 struct check_connected_options opt = CHECK_CONNECTED_INIT;
833 uint32_t mask = 1 << (cmd->index % 32);
834 int i;
836 trace_printf_key(&trace_shallow,
837 "shallow: update_shallow_ref %s\n", cmd->ref_name);
838 for (i = 0; i < si->shallow->nr; i++)
839 if (si->used_shallow[i] &&
840 (si->used_shallow[i][cmd->index / 32] & mask) &&
841 !delayed_reachability_test(si, i))
842 sha1_array_append(&extra, si->shallow->sha1[i]);
844 opt.env = tmp_objdir_env(tmp_objdir);
845 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
846 if (check_connected(command_singleton_iterator, cmd, &opt)) {
847 rollback_lock_file(&shallow_lock);
848 sha1_array_clear(&extra);
849 return -1;
852 commit_lock_file(&shallow_lock);
855 * Make sure setup_alternate_shallow() for the next ref does
856 * not lose these new roots..
858 for (i = 0; i < extra.nr; i++)
859 register_shallow(extra.sha1[i]);
861 si->shallow_ref[cmd->index] = 0;
862 sha1_array_clear(&extra);
863 return 0;
867 * NEEDSWORK: we should consolidate various implementions of "are we
868 * on an unborn branch?" test into one, and make the unified one more
869 * robust. !get_sha1() based check used here and elsewhere would not
870 * allow us to tell an unborn branch from corrupt ref, for example.
871 * For the purpose of fixing "deploy-to-update does not work when
872 * pushing into an empty repository" issue, this should suffice for
873 * now.
875 static int head_has_history(void)
877 unsigned char sha1[20];
879 return !get_sha1("HEAD", sha1);
882 static const char *push_to_deploy(unsigned char *sha1,
883 struct argv_array *env,
884 const char *work_tree)
886 const char *update_refresh[] = {
887 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
889 const char *diff_files[] = {
890 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
892 const char *diff_index[] = {
893 "diff-index", "--quiet", "--cached", "--ignore-submodules",
894 NULL, "--", NULL
896 const char *read_tree[] = {
897 "read-tree", "-u", "-m", NULL, NULL
899 struct child_process child = CHILD_PROCESS_INIT;
901 child.argv = update_refresh;
902 child.env = env->argv;
903 child.dir = work_tree;
904 child.no_stdin = 1;
905 child.stdout_to_stderr = 1;
906 child.git_cmd = 1;
907 if (run_command(&child))
908 return "Up-to-date check failed";
910 /* run_command() does not clean up completely; reinitialize */
911 child_process_init(&child);
912 child.argv = diff_files;
913 child.env = env->argv;
914 child.dir = work_tree;
915 child.no_stdin = 1;
916 child.stdout_to_stderr = 1;
917 child.git_cmd = 1;
918 if (run_command(&child))
919 return "Working directory has unstaged changes";
921 /* diff-index with either HEAD or an empty tree */
922 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
924 child_process_init(&child);
925 child.argv = diff_index;
926 child.env = env->argv;
927 child.no_stdin = 1;
928 child.no_stdout = 1;
929 child.stdout_to_stderr = 0;
930 child.git_cmd = 1;
931 if (run_command(&child))
932 return "Working directory has staged changes";
934 read_tree[3] = sha1_to_hex(sha1);
935 child_process_init(&child);
936 child.argv = read_tree;
937 child.env = env->argv;
938 child.dir = work_tree;
939 child.no_stdin = 1;
940 child.no_stdout = 1;
941 child.stdout_to_stderr = 0;
942 child.git_cmd = 1;
943 if (run_command(&child))
944 return "Could not update working tree to new HEAD";
946 return NULL;
949 static const char *push_to_checkout_hook = "push-to-checkout";
951 static const char *push_to_checkout(unsigned char *sha1,
952 struct argv_array *env,
953 const char *work_tree)
955 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
956 if (run_hook_le(env->argv, push_to_checkout_hook,
957 sha1_to_hex(sha1), NULL))
958 return "push-to-checkout hook declined";
959 else
960 return NULL;
963 static const char *update_worktree(unsigned char *sha1)
965 const char *retval;
966 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
967 struct argv_array env = ARGV_ARRAY_INIT;
969 if (is_bare_repository())
970 return "denyCurrentBranch = updateInstead needs a worktree";
972 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
974 if (!find_hook(push_to_checkout_hook))
975 retval = push_to_deploy(sha1, &env, work_tree);
976 else
977 retval = push_to_checkout(sha1, &env, work_tree);
979 argv_array_clear(&env);
980 return retval;
983 static const char *update(struct command *cmd, struct shallow_info *si)
985 const char *name = cmd->ref_name;
986 struct strbuf namespaced_name_buf = STRBUF_INIT;
987 const char *namespaced_name, *ret;
988 unsigned char *old_sha1 = cmd->old_sha1;
989 unsigned char *new_sha1 = cmd->new_sha1;
991 /* only refs/... are allowed */
992 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
993 rp_error("refusing to create funny ref '%s' remotely", name);
994 return "funny refname";
997 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
998 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1000 if (is_ref_checked_out(namespaced_name)) {
1001 switch (deny_current_branch) {
1002 case DENY_IGNORE:
1003 break;
1004 case DENY_WARN:
1005 rp_warning("updating the current branch");
1006 break;
1007 case DENY_REFUSE:
1008 case DENY_UNCONFIGURED:
1009 rp_error("refusing to update checked out branch: %s", name);
1010 if (deny_current_branch == DENY_UNCONFIGURED)
1011 refuse_unconfigured_deny();
1012 return "branch is currently checked out";
1013 case DENY_UPDATE_INSTEAD:
1014 ret = update_worktree(new_sha1);
1015 if (ret)
1016 return ret;
1017 break;
1021 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1022 error("unpack should have generated %s, "
1023 "but I can't find it!", sha1_to_hex(new_sha1));
1024 return "bad pack";
1027 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1028 if (deny_deletes && starts_with(name, "refs/heads/")) {
1029 rp_error("denying ref deletion for %s", name);
1030 return "deletion prohibited";
1033 if (head_name && !strcmp(namespaced_name, head_name)) {
1034 switch (deny_delete_current) {
1035 case DENY_IGNORE:
1036 break;
1037 case DENY_WARN:
1038 rp_warning("deleting the current branch");
1039 break;
1040 case DENY_REFUSE:
1041 case DENY_UNCONFIGURED:
1042 case DENY_UPDATE_INSTEAD:
1043 if (deny_delete_current == DENY_UNCONFIGURED)
1044 refuse_unconfigured_deny_delete_current();
1045 rp_error("refusing to delete the current branch: %s", name);
1046 return "deletion of the current branch prohibited";
1047 default:
1048 return "Invalid denyDeleteCurrent setting";
1053 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1054 !is_null_sha1(old_sha1) &&
1055 starts_with(name, "refs/heads/")) {
1056 struct object *old_object, *new_object;
1057 struct commit *old_commit, *new_commit;
1059 old_object = parse_object(old_sha1);
1060 new_object = parse_object(new_sha1);
1062 if (!old_object || !new_object ||
1063 old_object->type != OBJ_COMMIT ||
1064 new_object->type != OBJ_COMMIT) {
1065 error("bad sha1 objects for %s", name);
1066 return "bad ref";
1068 old_commit = (struct commit *)old_object;
1069 new_commit = (struct commit *)new_object;
1070 if (!in_merge_bases(old_commit, new_commit)) {
1071 rp_error("denying non-fast-forward %s"
1072 " (you should pull first)", name);
1073 return "non-fast-forward";
1076 if (run_update_hook(cmd)) {
1077 rp_error("hook declined to update %s", name);
1078 return "hook declined";
1081 if (is_null_sha1(new_sha1)) {
1082 struct strbuf err = STRBUF_INIT;
1083 if (!parse_object(old_sha1)) {
1084 old_sha1 = NULL;
1085 if (ref_exists(name)) {
1086 rp_warning("Allowing deletion of corrupt ref.");
1087 } else {
1088 rp_warning("Deleting a non-existent ref.");
1089 cmd->did_not_exist = 1;
1092 if (ref_transaction_delete(transaction,
1093 namespaced_name,
1094 old_sha1,
1095 0, "push", &err)) {
1096 rp_error("%s", err.buf);
1097 strbuf_release(&err);
1098 return "failed to delete";
1100 strbuf_release(&err);
1101 return NULL; /* good */
1103 else {
1104 struct strbuf err = STRBUF_INIT;
1105 if (shallow_update && si->shallow_ref[cmd->index] &&
1106 update_shallow_ref(cmd, si))
1107 return "shallow error";
1109 if (ref_transaction_update(transaction,
1110 namespaced_name,
1111 new_sha1, old_sha1,
1112 0, "push",
1113 &err)) {
1114 rp_error("%s", err.buf);
1115 strbuf_release(&err);
1117 return "failed to update ref";
1119 strbuf_release(&err);
1121 return NULL; /* good */
1125 static void run_update_post_hook(struct command *commands)
1127 struct command *cmd;
1128 int argc;
1129 struct child_process proc = CHILD_PROCESS_INIT;
1130 const char *hook;
1132 hook = find_hook("post-update");
1133 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1134 if (cmd->error_string || cmd->did_not_exist)
1135 continue;
1136 argc++;
1138 if (!argc || !hook)
1139 return;
1141 argv_array_push(&proc.args, hook);
1142 for (cmd = commands; cmd; cmd = cmd->next) {
1143 if (cmd->error_string || cmd->did_not_exist)
1144 continue;
1145 argv_array_push(&proc.args, cmd->ref_name);
1148 proc.no_stdin = 1;
1149 proc.stdout_to_stderr = 1;
1150 proc.err = use_sideband ? -1 : 0;
1152 if (!start_command(&proc)) {
1153 if (use_sideband)
1154 copy_to_sideband(proc.err, -1, NULL);
1155 finish_command(&proc);
1159 static void check_aliased_update(struct command *cmd, struct string_list *list)
1161 struct strbuf buf = STRBUF_INIT;
1162 const char *dst_name;
1163 struct string_list_item *item;
1164 struct command *dst_cmd;
1165 unsigned char sha1[GIT_SHA1_RAWSZ];
1166 int flag;
1168 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1169 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1170 strbuf_release(&buf);
1172 if (!(flag & REF_ISSYMREF))
1173 return;
1175 if (!dst_name) {
1176 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1177 cmd->skip_update = 1;
1178 cmd->error_string = "broken symref";
1179 return;
1181 dst_name = strip_namespace(dst_name);
1183 if ((item = string_list_lookup(list, dst_name)) == NULL)
1184 return;
1186 cmd->skip_update = 1;
1188 dst_cmd = (struct command *) item->util;
1190 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1191 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1192 return;
1194 dst_cmd->skip_update = 1;
1196 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1197 " its target '%s' (%s..%s)",
1198 cmd->ref_name,
1199 find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV),
1200 find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV),
1201 dst_cmd->ref_name,
1202 find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV),
1203 find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1205 cmd->error_string = dst_cmd->error_string =
1206 "inconsistent aliased update";
1209 static void check_aliased_updates(struct command *commands)
1211 struct command *cmd;
1212 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1214 for (cmd = commands; cmd; cmd = cmd->next) {
1215 struct string_list_item *item =
1216 string_list_append(&ref_list, cmd->ref_name);
1217 item->util = (void *)cmd;
1219 string_list_sort(&ref_list);
1221 for (cmd = commands; cmd; cmd = cmd->next) {
1222 if (!cmd->error_string)
1223 check_aliased_update(cmd, &ref_list);
1226 string_list_clear(&ref_list, 0);
1229 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1231 struct command **cmd_list = cb_data;
1232 struct command *cmd = *cmd_list;
1234 if (!cmd || is_null_sha1(cmd->new_sha1))
1235 return -1; /* end of list */
1236 *cmd_list = NULL; /* this returns only one */
1237 hashcpy(sha1, cmd->new_sha1);
1238 return 0;
1241 static void set_connectivity_errors(struct command *commands,
1242 struct shallow_info *si)
1244 struct command *cmd;
1246 for (cmd = commands; cmd; cmd = cmd->next) {
1247 struct command *singleton = cmd;
1248 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1250 if (shallow_update && si->shallow_ref[cmd->index])
1251 /* to be checked in update_shallow_ref() */
1252 continue;
1254 opt.env = tmp_objdir_env(tmp_objdir);
1255 if (!check_connected(command_singleton_iterator, &singleton,
1256 &opt))
1257 continue;
1259 cmd->error_string = "missing necessary objects";
1263 struct iterate_data {
1264 struct command *cmds;
1265 struct shallow_info *si;
1268 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1270 struct iterate_data *data = cb_data;
1271 struct command **cmd_list = &data->cmds;
1272 struct command *cmd = *cmd_list;
1274 for (; cmd; cmd = cmd->next) {
1275 if (shallow_update && data->si->shallow_ref[cmd->index])
1276 /* to be checked in update_shallow_ref() */
1277 continue;
1278 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1279 hashcpy(sha1, cmd->new_sha1);
1280 *cmd_list = cmd->next;
1281 return 0;
1284 *cmd_list = NULL;
1285 return -1; /* end of list */
1288 static void reject_updates_to_hidden(struct command *commands)
1290 struct strbuf refname_full = STRBUF_INIT;
1291 size_t prefix_len;
1292 struct command *cmd;
1294 strbuf_addstr(&refname_full, get_git_namespace());
1295 prefix_len = refname_full.len;
1297 for (cmd = commands; cmd; cmd = cmd->next) {
1298 if (cmd->error_string)
1299 continue;
1301 strbuf_setlen(&refname_full, prefix_len);
1302 strbuf_addstr(&refname_full, cmd->ref_name);
1304 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1305 continue;
1306 if (is_null_sha1(cmd->new_sha1))
1307 cmd->error_string = "deny deleting a hidden ref";
1308 else
1309 cmd->error_string = "deny updating a hidden ref";
1312 strbuf_release(&refname_full);
1315 static int should_process_cmd(struct command *cmd)
1317 return !cmd->error_string && !cmd->skip_update;
1320 static void warn_if_skipped_connectivity_check(struct command *commands,
1321 struct shallow_info *si)
1323 struct command *cmd;
1324 int checked_connectivity = 1;
1326 for (cmd = commands; cmd; cmd = cmd->next) {
1327 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1328 error("BUG: connectivity check has not been run on ref %s",
1329 cmd->ref_name);
1330 checked_connectivity = 0;
1333 if (!checked_connectivity)
1334 die("BUG: connectivity check skipped???");
1337 static void execute_commands_non_atomic(struct command *commands,
1338 struct shallow_info *si)
1340 struct command *cmd;
1341 struct strbuf err = STRBUF_INIT;
1343 for (cmd = commands; cmd; cmd = cmd->next) {
1344 if (!should_process_cmd(cmd))
1345 continue;
1347 transaction = ref_transaction_begin(&err);
1348 if (!transaction) {
1349 rp_error("%s", err.buf);
1350 strbuf_reset(&err);
1351 cmd->error_string = "transaction failed to start";
1352 continue;
1355 cmd->error_string = update(cmd, si);
1357 if (!cmd->error_string
1358 && ref_transaction_commit(transaction, &err)) {
1359 rp_error("%s", err.buf);
1360 strbuf_reset(&err);
1361 cmd->error_string = "failed to update ref";
1363 ref_transaction_free(transaction);
1365 strbuf_release(&err);
1368 static void execute_commands_atomic(struct command *commands,
1369 struct shallow_info *si)
1371 struct command *cmd;
1372 struct strbuf err = STRBUF_INIT;
1373 const char *reported_error = "atomic push failure";
1375 transaction = ref_transaction_begin(&err);
1376 if (!transaction) {
1377 rp_error("%s", err.buf);
1378 strbuf_reset(&err);
1379 reported_error = "transaction failed to start";
1380 goto failure;
1383 for (cmd = commands; cmd; cmd = cmd->next) {
1384 if (!should_process_cmd(cmd))
1385 continue;
1387 cmd->error_string = update(cmd, si);
1389 if (cmd->error_string)
1390 goto failure;
1393 if (ref_transaction_commit(transaction, &err)) {
1394 rp_error("%s", err.buf);
1395 reported_error = "atomic transaction failed";
1396 goto failure;
1398 goto cleanup;
1400 failure:
1401 for (cmd = commands; cmd; cmd = cmd->next)
1402 if (!cmd->error_string)
1403 cmd->error_string = reported_error;
1405 cleanup:
1406 ref_transaction_free(transaction);
1407 strbuf_release(&err);
1410 static void execute_commands(struct command *commands,
1411 const char *unpacker_error,
1412 struct shallow_info *si,
1413 const struct string_list *push_options)
1415 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1416 struct command *cmd;
1417 unsigned char sha1[20];
1418 struct iterate_data data;
1419 struct async muxer;
1420 int err_fd = 0;
1422 if (unpacker_error) {
1423 for (cmd = commands; cmd; cmd = cmd->next)
1424 cmd->error_string = "unpacker error";
1425 return;
1428 if (use_sideband) {
1429 memset(&muxer, 0, sizeof(muxer));
1430 muxer.proc = copy_to_sideband;
1431 muxer.in = -1;
1432 if (!start_async(&muxer))
1433 err_fd = muxer.in;
1434 /* ...else, continue without relaying sideband */
1437 data.cmds = commands;
1438 data.si = si;
1439 opt.err_fd = err_fd;
1440 opt.progress = err_fd && !quiet;
1441 opt.env = tmp_objdir_env(tmp_objdir);
1442 if (check_connected(iterate_receive_command_list, &data, &opt))
1443 set_connectivity_errors(commands, si);
1445 if (use_sideband)
1446 finish_async(&muxer);
1448 reject_updates_to_hidden(commands);
1450 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1451 for (cmd = commands; cmd; cmd = cmd->next) {
1452 if (!cmd->error_string)
1453 cmd->error_string = "pre-receive hook declined";
1455 return;
1459 * Now we'll start writing out refs, which means the objects need
1460 * to be in their final positions so that other processes can see them.
1462 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1463 for (cmd = commands; cmd; cmd = cmd->next) {
1464 if (!cmd->error_string)
1465 cmd->error_string = "unable to migrate objects to permanent storage";
1467 return;
1469 tmp_objdir = NULL;
1471 check_aliased_updates(commands);
1473 free(head_name_to_free);
1474 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1476 if (use_atomic)
1477 execute_commands_atomic(commands, si);
1478 else
1479 execute_commands_non_atomic(commands, si);
1481 if (shallow_update)
1482 warn_if_skipped_connectivity_check(commands, si);
1485 static struct command **queue_command(struct command **tail,
1486 const char *line,
1487 int linelen)
1489 unsigned char old_sha1[20], new_sha1[20];
1490 struct command *cmd;
1491 const char *refname;
1492 int reflen;
1494 if (linelen < 83 ||
1495 line[40] != ' ' ||
1496 line[81] != ' ' ||
1497 get_sha1_hex(line, old_sha1) ||
1498 get_sha1_hex(line + 41, new_sha1))
1499 die("protocol error: expected old/new/ref, got '%s'", line);
1501 refname = line + 82;
1502 reflen = linelen - 82;
1503 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1504 hashcpy(cmd->old_sha1, old_sha1);
1505 hashcpy(cmd->new_sha1, new_sha1);
1506 *tail = cmd;
1507 return &cmd->next;
1510 static void queue_commands_from_cert(struct command **tail,
1511 struct strbuf *push_cert)
1513 const char *boc, *eoc;
1515 if (*tail)
1516 die("protocol error: got both push certificate and unsigned commands");
1518 boc = strstr(push_cert->buf, "\n\n");
1519 if (!boc)
1520 die("malformed push certificate %.*s", 100, push_cert->buf);
1521 else
1522 boc += 2;
1523 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1525 while (boc < eoc) {
1526 const char *eol = memchr(boc, '\n', eoc - boc);
1527 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1528 boc = eol ? eol + 1 : eoc;
1532 static struct command *read_head_info(struct sha1_array *shallow)
1534 struct command *commands = NULL;
1535 struct command **p = &commands;
1536 for (;;) {
1537 char *line;
1538 int len, linelen;
1540 line = packet_read_line(0, &len);
1541 if (!line)
1542 break;
1544 if (len == 48 && starts_with(line, "shallow ")) {
1545 unsigned char sha1[20];
1546 if (get_sha1_hex(line + 8, sha1))
1547 die("protocol error: expected shallow sha, got '%s'",
1548 line + 8);
1549 sha1_array_append(shallow, sha1);
1550 continue;
1553 linelen = strlen(line);
1554 if (linelen < len) {
1555 const char *feature_list = line + linelen + 1;
1556 if (parse_feature_request(feature_list, "report-status"))
1557 report_status = 1;
1558 if (parse_feature_request(feature_list, "side-band-64k"))
1559 use_sideband = LARGE_PACKET_MAX;
1560 if (parse_feature_request(feature_list, "quiet"))
1561 quiet = 1;
1562 if (advertise_atomic_push
1563 && parse_feature_request(feature_list, "atomic"))
1564 use_atomic = 1;
1565 if (advertise_push_options
1566 && parse_feature_request(feature_list, "push-options"))
1567 use_push_options = 1;
1570 if (!strcmp(line, "push-cert")) {
1571 int true_flush = 0;
1572 char certbuf[1024];
1574 for (;;) {
1575 len = packet_read(0, NULL, NULL,
1576 certbuf, sizeof(certbuf), 0);
1577 if (!len) {
1578 true_flush = 1;
1579 break;
1581 if (!strcmp(certbuf, "push-cert-end\n"))
1582 break; /* end of cert */
1583 strbuf_addstr(&push_cert, certbuf);
1586 if (true_flush)
1587 break;
1588 continue;
1591 p = queue_command(p, line, linelen);
1594 if (push_cert.len)
1595 queue_commands_from_cert(p, &push_cert);
1597 return commands;
1600 static void read_push_options(struct string_list *options)
1602 while (1) {
1603 char *line;
1604 int len;
1606 line = packet_read_line(0, &len);
1608 if (!line)
1609 break;
1611 string_list_append(options, line);
1615 static const char *parse_pack_header(struct pack_header *hdr)
1617 switch (read_pack_header(0, hdr)) {
1618 case PH_ERROR_EOF:
1619 return "eof before pack header was fully read";
1621 case PH_ERROR_PACK_SIGNATURE:
1622 return "protocol error (pack signature mismatch detected)";
1624 case PH_ERROR_PROTOCOL:
1625 return "protocol error (pack version unsupported)";
1627 default:
1628 return "unknown error in parse_pack_header";
1630 case 0:
1631 return NULL;
1635 static const char *pack_lockfile;
1637 static const char *unpack(int err_fd, struct shallow_info *si)
1639 struct pack_header hdr;
1640 const char *hdr_err;
1641 int status;
1642 char hdr_arg[38];
1643 struct child_process child = CHILD_PROCESS_INIT;
1644 int fsck_objects = (receive_fsck_objects >= 0
1645 ? receive_fsck_objects
1646 : transfer_fsck_objects >= 0
1647 ? transfer_fsck_objects
1648 : 0);
1650 hdr_err = parse_pack_header(&hdr);
1651 if (hdr_err) {
1652 if (err_fd > 0)
1653 close(err_fd);
1654 return hdr_err;
1656 snprintf(hdr_arg, sizeof(hdr_arg),
1657 "--pack_header=%"PRIu32",%"PRIu32,
1658 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1660 if (si->nr_ours || si->nr_theirs) {
1661 alt_shallow_file = setup_temporary_shallow(si->shallow);
1662 argv_array_push(&child.args, "--shallow-file");
1663 argv_array_push(&child.args, alt_shallow_file);
1666 tmp_objdir = tmp_objdir_create();
1667 if (!tmp_objdir)
1668 return "unable to create temporary object directory";
1669 child.env = tmp_objdir_env(tmp_objdir);
1672 * Normally we just pass the tmp_objdir environment to the child
1673 * processes that do the heavy lifting, but we may need to see these
1674 * objects ourselves to set up shallow information.
1676 tmp_objdir_add_as_alternate(tmp_objdir);
1678 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1679 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1680 if (quiet)
1681 argv_array_push(&child.args, "-q");
1682 if (fsck_objects)
1683 argv_array_pushf(&child.args, "--strict%s",
1684 fsck_msg_types.buf);
1685 if (max_input_size)
1686 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1687 (uintmax_t)max_input_size);
1688 child.no_stdout = 1;
1689 child.err = err_fd;
1690 child.git_cmd = 1;
1691 status = run_command(&child);
1692 if (status)
1693 return "unpack-objects abnormal exit";
1694 } else {
1695 char hostname[256];
1697 argv_array_pushl(&child.args, "index-pack",
1698 "--stdin", hdr_arg, NULL);
1700 if (gethostname(hostname, sizeof(hostname)))
1701 xsnprintf(hostname, sizeof(hostname), "localhost");
1702 argv_array_pushf(&child.args,
1703 "--keep=receive-pack %"PRIuMAX" on %s",
1704 (uintmax_t)getpid(),
1705 hostname);
1707 if (!quiet && err_fd)
1708 argv_array_push(&child.args, "--show-resolving-progress");
1709 if (use_sideband)
1710 argv_array_push(&child.args, "--report-end-of-input");
1711 if (fsck_objects)
1712 argv_array_pushf(&child.args, "--strict%s",
1713 fsck_msg_types.buf);
1714 if (!reject_thin)
1715 argv_array_push(&child.args, "--fix-thin");
1716 if (max_input_size)
1717 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1718 (uintmax_t)max_input_size);
1719 child.out = -1;
1720 child.err = err_fd;
1721 child.git_cmd = 1;
1722 status = start_command(&child);
1723 if (status)
1724 return "index-pack fork failed";
1725 pack_lockfile = index_pack_lockfile(child.out);
1726 close(child.out);
1727 status = finish_command(&child);
1728 if (status)
1729 return "index-pack abnormal exit";
1730 reprepare_packed_git();
1732 return NULL;
1735 static const char *unpack_with_sideband(struct shallow_info *si)
1737 struct async muxer;
1738 const char *ret;
1740 if (!use_sideband)
1741 return unpack(0, si);
1743 use_keepalive = KEEPALIVE_AFTER_NUL;
1744 memset(&muxer, 0, sizeof(muxer));
1745 muxer.proc = copy_to_sideband;
1746 muxer.in = -1;
1747 if (start_async(&muxer))
1748 return NULL;
1750 ret = unpack(muxer.in, si);
1752 finish_async(&muxer);
1753 return ret;
1756 static void prepare_shallow_update(struct command *commands,
1757 struct shallow_info *si)
1759 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1761 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1762 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1764 si->need_reachability_test =
1765 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1766 si->reachable =
1767 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1768 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1770 for (i = 0; i < si->nr_ours; i++)
1771 si->need_reachability_test[si->ours[i]] = 1;
1773 for (i = 0; i < si->shallow->nr; i++) {
1774 if (!si->used_shallow[i])
1775 continue;
1776 for (j = 0; j < bitmap_size; j++) {
1777 if (!si->used_shallow[i][j])
1778 continue;
1779 si->need_reachability_test[i]++;
1780 for (k = 0; k < 32; k++)
1781 if (si->used_shallow[i][j] & (1U << k))
1782 si->shallow_ref[j * 32 + k]++;
1786 * true for those associated with some refs and belong
1787 * in "ours" list aka "step 7 not done yet"
1789 si->need_reachability_test[i] =
1790 si->need_reachability_test[i] > 1;
1794 * keep hooks happy by forcing a temporary shallow file via
1795 * env variable because we can't add --shallow-file to every
1796 * command. check_everything_connected() will be done with
1797 * true .git/shallow though.
1799 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1802 static void update_shallow_info(struct command *commands,
1803 struct shallow_info *si,
1804 struct sha1_array *ref)
1806 struct command *cmd;
1807 int *ref_status;
1808 remove_nonexistent_theirs_shallow(si);
1809 if (!si->nr_ours && !si->nr_theirs) {
1810 shallow_update = 0;
1811 return;
1814 for (cmd = commands; cmd; cmd = cmd->next) {
1815 if (is_null_sha1(cmd->new_sha1))
1816 continue;
1817 sha1_array_append(ref, cmd->new_sha1);
1818 cmd->index = ref->nr - 1;
1820 si->ref = ref;
1822 if (shallow_update) {
1823 prepare_shallow_update(commands, si);
1824 return;
1827 ALLOC_ARRAY(ref_status, ref->nr);
1828 assign_shallow_commits_to_refs(si, NULL, ref_status);
1829 for (cmd = commands; cmd; cmd = cmd->next) {
1830 if (is_null_sha1(cmd->new_sha1))
1831 continue;
1832 if (ref_status[cmd->index]) {
1833 cmd->error_string = "shallow update not allowed";
1834 cmd->skip_update = 1;
1837 free(ref_status);
1840 static void report(struct command *commands, const char *unpack_status)
1842 struct command *cmd;
1843 struct strbuf buf = STRBUF_INIT;
1845 packet_buf_write(&buf, "unpack %s\n",
1846 unpack_status ? unpack_status : "ok");
1847 for (cmd = commands; cmd; cmd = cmd->next) {
1848 if (!cmd->error_string)
1849 packet_buf_write(&buf, "ok %s\n",
1850 cmd->ref_name);
1851 else
1852 packet_buf_write(&buf, "ng %s %s\n",
1853 cmd->ref_name, cmd->error_string);
1855 packet_buf_flush(&buf);
1857 if (use_sideband)
1858 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1859 else
1860 write_or_die(1, buf.buf, buf.len);
1861 strbuf_release(&buf);
1864 static int delete_only(struct command *commands)
1866 struct command *cmd;
1867 for (cmd = commands; cmd; cmd = cmd->next) {
1868 if (!is_null_sha1(cmd->new_sha1))
1869 return 0;
1871 return 1;
1874 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1876 int advertise_refs = 0;
1877 struct command *commands;
1878 struct sha1_array shallow = SHA1_ARRAY_INIT;
1879 struct sha1_array ref = SHA1_ARRAY_INIT;
1880 struct shallow_info si;
1882 struct option options[] = {
1883 OPT__QUIET(&quiet, N_("quiet")),
1884 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1885 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1886 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1887 OPT_END()
1890 packet_trace_identity("receive-pack");
1892 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1894 if (argc > 1)
1895 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1896 if (argc == 0)
1897 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1899 service_dir = argv[0];
1901 setup_path();
1903 if (!enter_repo(service_dir, 0))
1904 die("'%s' does not appear to be a git repository", service_dir);
1906 git_config(receive_pack_config, NULL);
1907 if (cert_nonce_seed)
1908 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1910 if (0 <= transfer_unpack_limit)
1911 unpack_limit = transfer_unpack_limit;
1912 else if (0 <= receive_unpack_limit)
1913 unpack_limit = receive_unpack_limit;
1915 if (advertise_refs || !stateless_rpc) {
1916 write_head_info();
1918 if (advertise_refs)
1919 return 0;
1921 if ((commands = read_head_info(&shallow)) != NULL) {
1922 const char *unpack_status = NULL;
1923 struct string_list push_options = STRING_LIST_INIT_DUP;
1925 if (use_push_options)
1926 read_push_options(&push_options);
1928 prepare_shallow_info(&si, &shallow);
1929 if (!si.nr_ours && !si.nr_theirs)
1930 shallow_update = 0;
1931 if (!delete_only(commands)) {
1932 unpack_status = unpack_with_sideband(&si);
1933 update_shallow_info(commands, &si, &ref);
1935 use_keepalive = KEEPALIVE_ALWAYS;
1936 execute_commands(commands, unpack_status, &si,
1937 &push_options);
1938 if (pack_lockfile)
1939 unlink_or_warn(pack_lockfile);
1940 if (report_status)
1941 report(commands, unpack_status);
1942 run_receive_hook(commands, "post-receive", 1,
1943 &push_options);
1944 run_update_post_hook(commands);
1945 string_list_clear(&push_options, 0);
1946 if (auto_gc) {
1947 const char *argv_gc_auto[] = {
1948 "gc", "--auto", "--quiet", NULL,
1950 struct child_process proc = CHILD_PROCESS_INIT;
1952 proc.no_stdin = 1;
1953 proc.stdout_to_stderr = 1;
1954 proc.err = use_sideband ? -1 : 0;
1955 proc.git_cmd = 1;
1956 proc.argv = argv_gc_auto;
1958 close_all_packs();
1959 if (!start_command(&proc)) {
1960 if (use_sideband)
1961 copy_to_sideband(proc.err, -1, NULL);
1962 finish_command(&proc);
1965 if (auto_update_server_info)
1966 update_server_info(0);
1967 clear_shallow_info(&si);
1969 if (use_sideband)
1970 packet_flush(1);
1971 sha1_array_clear(&shallow);
1972 sha1_array_clear(&ref);
1973 free((void *)push_cert_nonce);
1974 return 0;