search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
t1007: remove SHA1 prerequisites
[git/debian.git] / builtin / receive-pack.c
blob77b7122456dbc893809038217bdd6f0972fc6745
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "transport.h"
16 #include "string-list.h"
17 #include "sha1-array.h"
18 #include "connected.h"
19 #include "argv-array.h"
20 #include "version.h"
21 #include "tag.h"
22 #include "gpg-interface.h"
23 #include "sigchain.h"
24 #include "fsck.h"
25 #include "tmp-objdir.h"
26 #include "oidset.h"
27 #include "packfile.h"
28 #include "object-store.h"
29 #include "protocol.h"
30 #include "commit-reach.h"
31
32 static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35 };
36
37 enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43 };
44
45 static int deny_deletes;
46 static int deny_non_fast_forwards;
47 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49 static int receive_fsck_objects = -1;
50 static int transfer_fsck_objects = -1;
51 static struct strbuf fsck_msg_types = STRBUF_INIT;
52 static int receive_unpack_limit = -1;
53 static int transfer_unpack_limit = -1;
54 static int advertise_atomic_push = 1;
55 static int advertise_push_options;
56 static int unpack_limit = 100;
57 static off_t max_input_size;
58 static int report_status;
59 static int use_sideband;
60 static int use_atomic;
61 static int use_push_options;
62 static int quiet;
63 static int prefer_ofs_delta = 1;
64 static int auto_update_server_info;
65 static int auto_gc = 1;
66 static int reject_thin;
67 static int stateless_rpc;
68 static const char *service_dir;
69 static const char *head_name;
70 static void *head_name_to_free;
71 static int sent_capabilities;
72 static int shallow_update;
73 static const char *alt_shallow_file;
74 static struct strbuf push_cert = STRBUF_INIT;
75 static struct object_id push_cert_oid;
76 static struct signature_check sigcheck;
77 static const char *push_cert_nonce;
78 static const char *cert_nonce_seed;
79
80 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81 static const char *NONCE_BAD = "BAD";
82 static const char *NONCE_MISSING = "MISSING";
83 static const char *NONCE_OK = "OK";
84 static const char *NONCE_SLOP = "SLOP";
85 static const char *nonce_status;
86 static long nonce_stamp_slop;
87 static timestamp_t nonce_stamp_slop_limit;
88 static struct ref_transaction *transaction;
89
90 static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94 } use_keepalive;
95 static int keepalive_in_sec = 5;
96
97 static struct tmp_objdir *tmp_objdir;
98
99 static enum deny_action parse_deny_action(const char *var, const char *value)
100 {
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114 }
115
116 static int receive_pack_config(const char *var, const char *value, void *cb)
117 {
118 int status = parse_hide_refs_config(var, value, "receive");
119
120 if (status)
121 return status;
122
123 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145
146 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153
154 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205
206 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225
226 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230
231 return git_default_config(var, value, cb);
232 }
233
234 static void show_ref(const char *path, const struct object_id *oid)
235 {
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240
241 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
252 packet_write_fmt(1, "%s %s%c%s\n",
253 oid_to_hex(oid), path, 0, cap.buf);
254 strbuf_release(&cap);
255 sent_capabilities = 1;
256 }
257 }
258
259 static int show_ref_cb(const char *path_full, const struct object_id *oid,
260 int flag, void *data)
261 {
262 struct oidset *seen = data;
263 const char *path = strip_namespace(path_full);
264
265 if (ref_is_hidden(path, path_full))
266 return 0;
267
268 /*
269 * Advertise refs outside our current namespace as ".have"
270 * refs, so that the client can use them to minimize data
271 * transfer but will otherwise ignore them.
272 */
273 if (!path) {
274 if (oidset_insert(seen, oid))
275 return 0;
276 path = ".have";
277 } else {
278 oidset_insert(seen, oid);
279 }
280 show_ref(path, oid);
281 return 0;
282 }
283
284 static void show_one_alternate_ref(const struct object_id *oid,
285 void *data)
286 {
287 struct oidset *seen = data;
288
289 if (oidset_insert(seen, oid))
290 return;
291
292 show_ref(".have", oid);
293 }
294
295 static void write_head_info(void)
296 {
297 static struct oidset seen = OIDSET_INIT;
298
299 for_each_ref(show_ref_cb, &seen);
300 for_each_alternate_ref(show_one_alternate_ref, &seen);
301 oidset_clear(&seen);
302 if (!sent_capabilities)
303 show_ref("capabilities^{}", &null_oid);
304
305 advertise_shallow_grafts(1);
306
307 /* EOF */
308 packet_flush(1);
309 }
310
311 struct command {
312 struct command *next;
313 const char *error_string;
314 unsigned int skip_update:1,
315 did_not_exist:1;
316 int index;
317 struct object_id old_oid;
318 struct object_id new_oid;
319 char ref_name[FLEX_ARRAY]; /* more */
320 };
321
322 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
323 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
324
325 static void report_message(const char *prefix, const char *err, va_list params)
326 {
327 int sz;
328 char msg[4096];
329
330 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
331 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
332 if (sz > (sizeof(msg) - 1))
333 sz = sizeof(msg) - 1;
334 msg[sz++] = '\n';
335
336 if (use_sideband)
337 send_sideband(1, 2, msg, sz, use_sideband);
338 else
339 xwrite(2, msg, sz);
340 }
341
342 static void rp_warning(const char *err, ...)
343 {
344 va_list params;
345 va_start(params, err);
346 report_message("warning: ", err, params);
347 va_end(params);
348 }
349
350 static void rp_error(const char *err, ...)
351 {
352 va_list params;
353 va_start(params, err);
354 report_message("error: ", err, params);
355 va_end(params);
356 }
357
358 static int copy_to_sideband(int in, int out, void *arg)
359 {
360 char data[128];
361 int keepalive_active = 0;
362
363 if (keepalive_in_sec <= 0)
364 use_keepalive = KEEPALIVE_NEVER;
365 if (use_keepalive == KEEPALIVE_ALWAYS)
366 keepalive_active = 1;
367
368 while (1) {
369 ssize_t sz;
370
371 if (keepalive_active) {
372 struct pollfd pfd;
373 int ret;
374
375 pfd.fd = in;
376 pfd.events = POLLIN;
377 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
378
379 if (ret < 0) {
380 if (errno == EINTR)
381 continue;
382 else
383 break;
384 } else if (ret == 0) {
385 /* no data; send a keepalive packet */
386 static const char buf[] = "0005\1";
387 write_or_die(1, buf, sizeof(buf) - 1);
388 continue;
389 } /* else there is actual data to read */
390 }
391
392 sz = xread(in, data, sizeof(data));
393 if (sz <= 0)
394 break;
395
396 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
397 const char *p = memchr(data, '\0', sz);
398 if (p) {
399 /*
400 * The NUL tells us to start sending keepalives. Make
401 * sure we send any other data we read along
402 * with it.
403 */
404 keepalive_active = 1;
405 send_sideband(1, 2, data, p - data, use_sideband);
406 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
407 continue;
408 }
409 }
410
411 /*
412 * Either we're not looking for a NUL signal, or we didn't see
413 * it yet; just pass along the data.
414 */
415 send_sideband(1, 2, data, sz, use_sideband);
416 }
417 close(in);
418 return 0;
419 }
420
421 #define HMAC_BLOCK_SIZE 64
422
423 static void hmac_sha1(unsigned char *out,
424 const char *key_in, size_t key_len,
425 const char *text, size_t text_len)
426 {
427 unsigned char key[HMAC_BLOCK_SIZE];
428 unsigned char k_ipad[HMAC_BLOCK_SIZE];
429 unsigned char k_opad[HMAC_BLOCK_SIZE];
430 int i;
431 git_SHA_CTX ctx;
432
433 /* RFC 2104 2. (1) */
434 memset(key, '\0', HMAC_BLOCK_SIZE);
435 if (HMAC_BLOCK_SIZE < key_len) {
436 git_SHA1_Init(&ctx);
437 git_SHA1_Update(&ctx, key_in, key_len);
438 git_SHA1_Final(key, &ctx);
439 } else {
440 memcpy(key, key_in, key_len);
441 }
442
443 /* RFC 2104 2. (2) & (5) */
444 for (i = 0; i < sizeof(key); i++) {
445 k_ipad[i] = key[i] ^ 0x36;
446 k_opad[i] = key[i] ^ 0x5c;
447 }
448
449 /* RFC 2104 2. (3) & (4) */
450 git_SHA1_Init(&ctx);
451 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
452 git_SHA1_Update(&ctx, text, text_len);
453 git_SHA1_Final(out, &ctx);
454
455 /* RFC 2104 2. (6) & (7) */
456 git_SHA1_Init(&ctx);
457 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
458 git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
459 git_SHA1_Final(out, &ctx);
460 }
461
462 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463 {
464 struct strbuf buf = STRBUF_INIT;
465 unsigned char sha1[GIT_SHA1_RAWSZ];
466
467 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
469 strbuf_release(&buf);
470
471 /* RFC 2104 5. HMAC-SHA1-80 */
472 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
473 return strbuf_detach(&buf, NULL);
474 }
475
476 /*
477 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478 * after dropping "_commit" from its name and possibly moving it out
479 * of commit.c
480 */
481 static char *find_header(const char *msg, size_t len, const char *key,
482 const char **next_line)
483 {
484 int key_len = strlen(key);
485 const char *line = msg;
486
487 while (line && line < msg + len) {
488 const char *eol = strchrnul(line, '\n');
489
490 if ((msg + len <= eol) || line == eol)
491 return NULL;
492 if (line + key_len < eol &&
493 !memcmp(line, key, key_len) && line[key_len] == ' ') {
494 int offset = key_len + 1;
495 if (next_line)
496 *next_line = *eol ? eol + 1 : eol;
497 return xmemdupz(line + offset, (eol - line) - offset);
498 }
499 line = *eol ? eol + 1 : NULL;
500 }
501 return NULL;
502 }
503
504 static const char *check_nonce(const char *buf, size_t len)
505 {
506 char *nonce = find_header(buf, len, "nonce", NULL);
507 timestamp_t stamp, ostamp;
508 char *bohmac, *expect = NULL;
509 const char *retval = NONCE_BAD;
510
511 if (!nonce) {
512 retval = NONCE_MISSING;
513 goto leave;
514 } else if (!push_cert_nonce) {
515 retval = NONCE_UNSOLICITED;
516 goto leave;
517 } else if (!strcmp(push_cert_nonce, nonce)) {
518 retval = NONCE_OK;
519 goto leave;
520 }
521
522 if (!stateless_rpc) {
523 /* returned nonce MUST match what we gave out earlier */
524 retval = NONCE_BAD;
525 goto leave;
526 }
527
528 /*
529 * In stateless mode, we may be receiving a nonce issued by
530 * another instance of the server that serving the same
531 * repository, and the timestamps may not match, but the
532 * nonce-seed and dir should match, so we can recompute and
533 * report the time slop.
534 *
535 * In addition, when a nonce issued by another instance has
536 * timestamp within receive.certnonceslop seconds, we pretend
537 * as if we issued that nonce when reporting to the hook.
538 */
539
540 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
541 if (*nonce <= '0' || '9' < *nonce) {
542 retval = NONCE_BAD;
543 goto leave;
544 }
545 stamp = parse_timestamp(nonce, &bohmac, 10);
546 if (bohmac == nonce || bohmac[0] != '-') {
547 retval = NONCE_BAD;
548 goto leave;
549 }
550
551 expect = prepare_push_cert_nonce(service_dir, stamp);
552 if (strcmp(expect, nonce)) {
553 /* Not what we would have signed earlier */
554 retval = NONCE_BAD;
555 goto leave;
556 }
557
558 /*
559 * By how many seconds is this nonce stale? Negative value
560 * would mean it was issued by another server with its clock
561 * skewed in the future.
562 */
563 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
564 nonce_stamp_slop = (long)ostamp - (long)stamp;
565
566 if (nonce_stamp_slop_limit &&
567 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
568 /*
569 * Pretend as if the received nonce (which passes the
570 * HMAC check, so it is not a forged by third-party)
571 * is what we issued.
572 */
573 free((void *)push_cert_nonce);
574 push_cert_nonce = xstrdup(nonce);
575 retval = NONCE_OK;
576 } else {
577 retval = NONCE_SLOP;
578 }
579
580 leave:
581 free(nonce);
582 free(expect);
583 return retval;
584 }
585
586 /*
587 * Return 1 if there is no push_cert or if the push options in push_cert are
588 * the same as those in the argument; 0 otherwise.
589 */
590 static int check_cert_push_options(const struct string_list *push_options)
591 {
592 const char *buf = push_cert.buf;
593 int len = push_cert.len;
594
595 char *option;
596 const char *next_line;
597 int options_seen = 0;
598
599 int retval = 1;
600
601 if (!len)
602 return 1;
603
604 while ((option = find_header(buf, len, "push-option", &next_line))) {
605 len -= (next_line - buf);
606 buf = next_line;
607 options_seen++;
608 if (options_seen > push_options->nr
609 || strcmp(option,
610 push_options->items[options_seen - 1].string)) {
611 retval = 0;
612 goto leave;
613 }
614 free(option);
615 }
616
617 if (options_seen != push_options->nr)
618 retval = 0;
619
620 leave:
621 free(option);
622 return retval;
623 }
624
625 static void prepare_push_cert_sha1(struct child_process *proc)
626 {
627 static int already_done;
628
629 if (!push_cert.len)
630 return;
631
632 if (!already_done) {
633 int bogs /* beginning_of_gpg_sig */;
634
635 already_done = 1;
636 if (write_object_file(push_cert.buf, push_cert.len, "blob",
637 &push_cert_oid))
638 oidclr(&push_cert_oid);
639
640 memset(&sigcheck, '\0', sizeof(sigcheck));
641
642 bogs = parse_signature(push_cert.buf, push_cert.len);
643 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
644 push_cert.len - bogs, &sigcheck);
645
646 nonce_status = check_nonce(push_cert.buf, bogs);
647 }
648 if (!is_null_oid(&push_cert_oid)) {
649 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
650 oid_to_hex(&push_cert_oid));
651 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
652 sigcheck.signer ? sigcheck.signer : "");
653 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
654 sigcheck.key ? sigcheck.key : "");
655 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
656 sigcheck.result);
657 if (push_cert_nonce) {
658 argv_array_pushf(&proc->env_array,
659 "GIT_PUSH_CERT_NONCE=%s",
660 push_cert_nonce);
661 argv_array_pushf(&proc->env_array,
662 "GIT_PUSH_CERT_NONCE_STATUS=%s",
663 nonce_status);
664 if (nonce_status == NONCE_SLOP)
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
667 nonce_stamp_slop);
668 }
669 }
670 }
671
672 struct receive_hook_feed_state {
673 struct command *cmd;
674 int skip_broken;
675 struct strbuf buf;
676 const struct string_list *push_options;
677 };
678
679 typedef int (*feed_fn)(void *, const char **, size_t *);
680 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
681 struct receive_hook_feed_state *feed_state)
682 {
683 struct child_process proc = CHILD_PROCESS_INIT;
684 struct async muxer;
685 const char *argv[2];
686 int code;
687
688 argv[0] = find_hook(hook_name);
689 if (!argv[0])
690 return 0;
691
692 argv[1] = NULL;
693
694 proc.argv = argv;
695 proc.in = -1;
696 proc.stdout_to_stderr = 1;
697 proc.trace2_hook_name = hook_name;
698
699 if (feed_state->push_options) {
700 int i;
701 for (i = 0; i < feed_state->push_options->nr; i++)
702 argv_array_pushf(&proc.env_array,
703 "GIT_PUSH_OPTION_%d=%s", i,
704 feed_state->push_options->items[i].string);
705 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
706 feed_state->push_options->nr);
707 } else
708 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
709
710 if (tmp_objdir)
711 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
712
713 if (use_sideband) {
714 memset(&muxer, 0, sizeof(muxer));
715 muxer.proc = copy_to_sideband;
716 muxer.in = -1;
717 code = start_async(&muxer);
718 if (code)
719 return code;
720 proc.err = muxer.in;
721 }
722
723 prepare_push_cert_sha1(&proc);
724
725 code = start_command(&proc);
726 if (code) {
727 if (use_sideband)
728 finish_async(&muxer);
729 return code;
730 }
731
732 sigchain_push(SIGPIPE, SIG_IGN);
733
734 while (1) {
735 const char *buf;
736 size_t n;
737 if (feed(feed_state, &buf, &n))
738 break;
739 if (write_in_full(proc.in, buf, n) < 0)
740 break;
741 }
742 close(proc.in);
743 if (use_sideband)
744 finish_async(&muxer);
745
746 sigchain_pop(SIGPIPE);
747
748 return finish_command(&proc);
749 }
750
751 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
752 {
753 struct receive_hook_feed_state *state = state_;
754 struct command *cmd = state->cmd;
755
756 while (cmd &&
757 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
758 cmd = cmd->next;
759 if (!cmd)
760 return -1; /* EOF */
761 strbuf_reset(&state->buf);
762 strbuf_addf(&state->buf, "%s %s %s\n",
763 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
764 cmd->ref_name);
765 state->cmd = cmd->next;
766 if (bufp) {
767 *bufp = state->buf.buf;
768 *sizep = state->buf.len;
769 }
770 return 0;
771 }
772
773 static int run_receive_hook(struct command *commands,
774 const char *hook_name,
775 int skip_broken,
776 const struct string_list *push_options)
777 {
778 struct receive_hook_feed_state state;
779 int status;
780
781 strbuf_init(&state.buf, 0);
782 state.cmd = commands;
783 state.skip_broken = skip_broken;
784 if (feed_receive_hook(&state, NULL, NULL))
785 return 0;
786 state.cmd = commands;
787 state.push_options = push_options;
788 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
789 strbuf_release(&state.buf);
790 return status;
791 }
792
793 static int run_update_hook(struct command *cmd)
794 {
795 const char *argv[5];
796 struct child_process proc = CHILD_PROCESS_INIT;
797 int code;
798
799 argv[0] = find_hook("update");
800 if (!argv[0])
801 return 0;
802
803 argv[1] = cmd->ref_name;
804 argv[2] = oid_to_hex(&cmd->old_oid);
805 argv[3] = oid_to_hex(&cmd->new_oid);
806 argv[4] = NULL;
807
808 proc.no_stdin = 1;
809 proc.stdout_to_stderr = 1;
810 proc.err = use_sideband ? -1 : 0;
811 proc.argv = argv;
812 proc.trace2_hook_name = "update";
813
814 code = start_command(&proc);
815 if (code)
816 return code;
817 if (use_sideband)
818 copy_to_sideband(proc.err, -1, NULL);
819 return finish_command(&proc);
820 }
821
822 static int is_ref_checked_out(const char *ref)
823 {
824 if (is_bare_repository())
825 return 0;
826
827 if (!head_name)
828 return 0;
829 return !strcmp(head_name, ref);
830 }
831
832 static char *refuse_unconfigured_deny_msg =
833 N_("By default, updating the current branch in a non-bare repository\n"
834 "is denied, because it will make the index and work tree inconsistent\n"
835 "with what you pushed, and will require 'git reset --hard' to match\n"
836 "the work tree to HEAD.\n"
837 "\n"
838 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
839 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
840 "its current branch; however, this is not recommended unless you\n"
841 "arranged to update its work tree to match what you pushed in some\n"
842 "other way.\n"
843 "\n"
844 "To squelch this message and still keep the default behaviour, set\n"
845 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
846
847 static void refuse_unconfigured_deny(void)
848 {
849 rp_error("%s", _(refuse_unconfigured_deny_msg));
850 }
851
852 static char *refuse_unconfigured_deny_delete_current_msg =
853 N_("By default, deleting the current branch is denied, because the next\n"
854 "'git clone' won't result in any file checked out, causing confusion.\n"
855 "\n"
856 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
857 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
858 "current branch, with or without a warning message.\n"
859 "\n"
860 "To squelch this message, you can set it to 'refuse'.");
861
862 static void refuse_unconfigured_deny_delete_current(void)
863 {
864 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
865 }
866
867 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
868 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
869 {
870 struct lock_file shallow_lock = LOCK_INIT;
871 struct oid_array extra = OID_ARRAY_INIT;
872 struct check_connected_options opt = CHECK_CONNECTED_INIT;
873 uint32_t mask = 1 << (cmd->index % 32);
874 int i;
875
876 trace_printf_key(&trace_shallow,
877 "shallow: update_shallow_ref %s\n", cmd->ref_name);
878 for (i = 0; i < si->shallow->nr; i++)
879 if (si->used_shallow[i] &&
880 (si->used_shallow[i][cmd->index / 32] & mask) &&
881 !delayed_reachability_test(si, i))
882 oid_array_append(&extra, &si->shallow->oid[i]);
883
884 opt.env = tmp_objdir_env(tmp_objdir);
885 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
886 if (check_connected(command_singleton_iterator, cmd, &opt)) {
887 rollback_lock_file(&shallow_lock);
888 oid_array_clear(&extra);
889 return -1;
890 }
891
892 commit_lock_file(&shallow_lock);
893
894 /*
895 * Make sure setup_alternate_shallow() for the next ref does
896 * not lose these new roots..
897 */
898 for (i = 0; i < extra.nr; i++)
899 register_shallow(the_repository, &extra.oid[i]);
900
901 si->shallow_ref[cmd->index] = 0;
902 oid_array_clear(&extra);
903 return 0;
904 }
905
906 /*
907 * NEEDSWORK: we should consolidate various implementions of "are we
908 * on an unborn branch?" test into one, and make the unified one more
909 * robust. !get_sha1() based check used here and elsewhere would not
910 * allow us to tell an unborn branch from corrupt ref, for example.
911 * For the purpose of fixing "deploy-to-update does not work when
912 * pushing into an empty repository" issue, this should suffice for
913 * now.
914 */
915 static int head_has_history(void)
916 {
917 struct object_id oid;
918
919 return !get_oid("HEAD", &oid);
920 }
921
922 static const char *push_to_deploy(unsigned char *sha1,
923 struct argv_array *env,
924 const char *work_tree)
925 {
926 const char *update_refresh[] = {
927 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
928 };
929 const char *diff_files[] = {
930 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
931 };
932 const char *diff_index[] = {
933 "diff-index", "--quiet", "--cached", "--ignore-submodules",
934 NULL, "--", NULL
935 };
936 const char *read_tree[] = {
937 "read-tree", "-u", "-m", NULL, NULL
938 };
939 struct child_process child = CHILD_PROCESS_INIT;
940
941 child.argv = update_refresh;
942 child.env = env->argv;
943 child.dir = work_tree;
944 child.no_stdin = 1;
945 child.stdout_to_stderr = 1;
946 child.git_cmd = 1;
947 if (run_command(&child))
948 return "Up-to-date check failed";
949
950 /* run_command() does not clean up completely; reinitialize */
951 child_process_init(&child);
952 child.argv = diff_files;
953 child.env = env->argv;
954 child.dir = work_tree;
955 child.no_stdin = 1;
956 child.stdout_to_stderr = 1;
957 child.git_cmd = 1;
958 if (run_command(&child))
959 return "Working directory has unstaged changes";
960
961 /* diff-index with either HEAD or an empty tree */
962 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
963
964 child_process_init(&child);
965 child.argv = diff_index;
966 child.env = env->argv;
967 child.no_stdin = 1;
968 child.no_stdout = 1;
969 child.stdout_to_stderr = 0;
970 child.git_cmd = 1;
971 if (run_command(&child))
972 return "Working directory has staged changes";
973
974 read_tree[3] = sha1_to_hex(sha1);
975 child_process_init(&child);
976 child.argv = read_tree;
977 child.env = env->argv;
978 child.dir = work_tree;
979 child.no_stdin = 1;
980 child.no_stdout = 1;
981 child.stdout_to_stderr = 0;
982 child.git_cmd = 1;
983 if (run_command(&child))
984 return "Could not update working tree to new HEAD";
985
986 return NULL;
987 }
988
989 static const char *push_to_checkout_hook = "push-to-checkout";
990
991 static const char *push_to_checkout(unsigned char *sha1,
992 struct argv_array *env,
993 const char *work_tree)
994 {
995 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
996 if (run_hook_le(env->argv, push_to_checkout_hook,
997 sha1_to_hex(sha1), NULL))
998 return "push-to-checkout hook declined";
999 else
1000 return NULL;
1001 }
1002
1003 static const char *update_worktree(unsigned char *sha1)
1004 {
1005 const char *retval;
1006 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1007 struct argv_array env = ARGV_ARRAY_INIT;
1008
1009 if (is_bare_repository())
1010 return "denyCurrentBranch = updateInstead needs a worktree";
1011
1012 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1013
1014 if (!find_hook(push_to_checkout_hook))
1015 retval = push_to_deploy(sha1, &env, work_tree);
1016 else
1017 retval = push_to_checkout(sha1, &env, work_tree);
1018
1019 argv_array_clear(&env);
1020 return retval;
1021 }
1022
1023 static const char *update(struct command *cmd, struct shallow_info *si)
1024 {
1025 const char *name = cmd->ref_name;
1026 struct strbuf namespaced_name_buf = STRBUF_INIT;
1027 static char *namespaced_name;
1028 const char *ret;
1029 struct object_id *old_oid = &cmd->old_oid;
1030 struct object_id *new_oid = &cmd->new_oid;
1031 int do_update_worktree = 0;
1032
1033 /* only refs/... are allowed */
1034 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1035 rp_error("refusing to create funny ref '%s' remotely", name);
1036 return "funny refname";
1037 }
1038
1039 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1040 free(namespaced_name);
1041 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1042
1043 if (is_ref_checked_out(namespaced_name)) {
1044 switch (deny_current_branch) {
1045 case DENY_IGNORE:
1046 break;
1047 case DENY_WARN:
1048 rp_warning("updating the current branch");
1049 break;
1050 case DENY_REFUSE:
1051 case DENY_UNCONFIGURED:
1052 rp_error("refusing to update checked out branch: %s", name);
1053 if (deny_current_branch == DENY_UNCONFIGURED)
1054 refuse_unconfigured_deny();
1055 return "branch is currently checked out";
1056 case DENY_UPDATE_INSTEAD:
1057 /* pass -- let other checks intervene first */
1058 do_update_worktree = 1;
1059 break;
1060 }
1061 }
1062
1063 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1064 error("unpack should have generated %s, "
1065 "but I can't find it!", oid_to_hex(new_oid));
1066 return "bad pack";
1067 }
1068
1069 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1070 if (deny_deletes && starts_with(name, "refs/heads/")) {
1071 rp_error("denying ref deletion for %s", name);
1072 return "deletion prohibited";
1073 }
1074
1075 if (head_name && !strcmp(namespaced_name, head_name)) {
1076 switch (deny_delete_current) {
1077 case DENY_IGNORE:
1078 break;
1079 case DENY_WARN:
1080 rp_warning("deleting the current branch");
1081 break;
1082 case DENY_REFUSE:
1083 case DENY_UNCONFIGURED:
1084 case DENY_UPDATE_INSTEAD:
1085 if (deny_delete_current == DENY_UNCONFIGURED)
1086 refuse_unconfigured_deny_delete_current();
1087 rp_error("refusing to delete the current branch: %s", name);
1088 return "deletion of the current branch prohibited";
1089 default:
1090 return "Invalid denyDeleteCurrent setting";
1091 }
1092 }
1093 }
1094
1095 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1096 !is_null_oid(old_oid) &&
1097 starts_with(name, "refs/heads/")) {
1098 struct object *old_object, *new_object;
1099 struct commit *old_commit, *new_commit;
1100
1101 old_object = parse_object(the_repository, old_oid);
1102 new_object = parse_object(the_repository, new_oid);
1103
1104 if (!old_object || !new_object ||
1105 old_object->type != OBJ_COMMIT ||
1106 new_object->type != OBJ_COMMIT) {
1107 error("bad sha1 objects for %s", name);
1108 return "bad ref";
1109 }
1110 old_commit = (struct commit *)old_object;
1111 new_commit = (struct commit *)new_object;
1112 if (!in_merge_bases(old_commit, new_commit)) {
1113 rp_error("denying non-fast-forward %s"
1114 " (you should pull first)", name);
1115 return "non-fast-forward";
1116 }
1117 }
1118 if (run_update_hook(cmd)) {
1119 rp_error("hook declined to update %s", name);
1120 return "hook declined";
1121 }
1122
1123 if (do_update_worktree) {
1124 ret = update_worktree(new_oid->hash);
1125 if (ret)
1126 return ret;
1127 }
1128
1129 if (is_null_oid(new_oid)) {
1130 struct strbuf err = STRBUF_INIT;
1131 if (!parse_object(the_repository, old_oid)) {
1132 old_oid = NULL;
1133 if (ref_exists(name)) {
1134 rp_warning("Allowing deletion of corrupt ref.");
1135 } else {
1136 rp_warning("Deleting a non-existent ref.");
1137 cmd->did_not_exist = 1;
1138 }
1139 }
1140 if (ref_transaction_delete(transaction,
1141 namespaced_name,
1142 old_oid,
1143 0, "push", &err)) {
1144 rp_error("%s", err.buf);
1145 strbuf_release(&err);
1146 return "failed to delete";
1147 }
1148 strbuf_release(&err);
1149 return NULL; /* good */
1150 }
1151 else {
1152 struct strbuf err = STRBUF_INIT;
1153 if (shallow_update && si->shallow_ref[cmd->index] &&
1154 update_shallow_ref(cmd, si))
1155 return "shallow error";
1156
1157 if (ref_transaction_update(transaction,
1158 namespaced_name,
1159 new_oid, old_oid,
1160 0, "push",
1161 &err)) {
1162 rp_error("%s", err.buf);
1163 strbuf_release(&err);
1164
1165 return "failed to update ref";
1166 }
1167 strbuf_release(&err);
1168
1169 return NULL; /* good */
1170 }
1171 }
1172
1173 static void run_update_post_hook(struct command *commands)
1174 {
1175 struct command *cmd;
1176 struct child_process proc = CHILD_PROCESS_INIT;
1177 const char *hook;
1178
1179 hook = find_hook("post-update");
1180 if (!hook)
1181 return;
1182
1183 for (cmd = commands; cmd; cmd = cmd->next) {
1184 if (cmd->error_string || cmd->did_not_exist)
1185 continue;
1186 if (!proc.args.argc)
1187 argv_array_push(&proc.args, hook);
1188 argv_array_push(&proc.args, cmd->ref_name);
1189 }
1190 if (!proc.args.argc)
1191 return;
1192
1193 proc.no_stdin = 1;
1194 proc.stdout_to_stderr = 1;
1195 proc.err = use_sideband ? -1 : 0;
1196 proc.trace2_hook_name = "post-update";
1197
1198 if (!start_command(&proc)) {
1199 if (use_sideband)
1200 copy_to_sideband(proc.err, -1, NULL);
1201 finish_command(&proc);
1202 }
1203 }
1204
1205 static void check_aliased_update_internal(struct command *cmd,
1206 struct string_list *list,
1207 const char *dst_name, int flag)
1208 {
1209 struct string_list_item *item;
1210 struct command *dst_cmd;
1211
1212 if (!(flag & REF_ISSYMREF))
1213 return;
1214
1215 if (!dst_name) {
1216 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1217 cmd->skip_update = 1;
1218 cmd->error_string = "broken symref";
1219 return;
1220 }
1221 dst_name = strip_namespace(dst_name);
1222
1223 if ((item = string_list_lookup(list, dst_name)) == NULL)
1224 return;
1225
1226 cmd->skip_update = 1;
1227
1228 dst_cmd = (struct command *) item->util;
1229
1230 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1231 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1232 return;
1233
1234 dst_cmd->skip_update = 1;
1235
1236 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1237 " its target '%s' (%s..%s)",
1238 cmd->ref_name,
1239 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1240 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1241 dst_cmd->ref_name,
1242 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1243 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1244
1245 cmd->error_string = dst_cmd->error_string =
1246 "inconsistent aliased update";
1247 }
1248
1249 static void check_aliased_update(struct command *cmd, struct string_list *list)
1250 {
1251 struct strbuf buf = STRBUF_INIT;
1252 const char *dst_name;
1253 int flag;
1254
1255 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1256 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1257 check_aliased_update_internal(cmd, list, dst_name, flag);
1258 strbuf_release(&buf);
1259 }
1260
1261 static void check_aliased_updates(struct command *commands)
1262 {
1263 struct command *cmd;
1264 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1265
1266 for (cmd = commands; cmd; cmd = cmd->next) {
1267 struct string_list_item *item =
1268 string_list_append(&ref_list, cmd->ref_name);
1269 item->util = (void *)cmd;
1270 }
1271 string_list_sort(&ref_list);
1272
1273 for (cmd = commands; cmd; cmd = cmd->next) {
1274 if (!cmd->error_string)
1275 check_aliased_update(cmd, &ref_list);
1276 }
1277
1278 string_list_clear(&ref_list, 0);
1279 }
1280
1281 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1282 {
1283 struct command **cmd_list = cb_data;
1284 struct command *cmd = *cmd_list;
1285
1286 if (!cmd || is_null_oid(&cmd->new_oid))
1287 return -1; /* end of list */
1288 *cmd_list = NULL; /* this returns only one */
1289 oidcpy(oid, &cmd->new_oid);
1290 return 0;
1291 }
1292
1293 static void set_connectivity_errors(struct command *commands,
1294 struct shallow_info *si)
1295 {
1296 struct command *cmd;
1297
1298 for (cmd = commands; cmd; cmd = cmd->next) {
1299 struct command *singleton = cmd;
1300 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1301
1302 if (shallow_update && si->shallow_ref[cmd->index])
1303 /* to be checked in update_shallow_ref() */
1304 continue;
1305
1306 opt.env = tmp_objdir_env(tmp_objdir);
1307 if (!check_connected(command_singleton_iterator, &singleton,
1308 &opt))
1309 continue;
1310
1311 cmd->error_string = "missing necessary objects";
1312 }
1313 }
1314
1315 struct iterate_data {
1316 struct command *cmds;
1317 struct shallow_info *si;
1318 };
1319
1320 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1321 {
1322 struct iterate_data *data = cb_data;
1323 struct command **cmd_list = &data->cmds;
1324 struct command *cmd = *cmd_list;
1325
1326 for (; cmd; cmd = cmd->next) {
1327 if (shallow_update && data->si->shallow_ref[cmd->index])
1328 /* to be checked in update_shallow_ref() */
1329 continue;
1330 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1331 oidcpy(oid, &cmd->new_oid);
1332 *cmd_list = cmd->next;
1333 return 0;
1334 }
1335 }
1336 *cmd_list = NULL;
1337 return -1; /* end of list */
1338 }
1339
1340 static void reject_updates_to_hidden(struct command *commands)
1341 {
1342 struct strbuf refname_full = STRBUF_INIT;
1343 size_t prefix_len;
1344 struct command *cmd;
1345
1346 strbuf_addstr(&refname_full, get_git_namespace());
1347 prefix_len = refname_full.len;
1348
1349 for (cmd = commands; cmd; cmd = cmd->next) {
1350 if (cmd->error_string)
1351 continue;
1352
1353 strbuf_setlen(&refname_full, prefix_len);
1354 strbuf_addstr(&refname_full, cmd->ref_name);
1355
1356 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1357 continue;
1358 if (is_null_oid(&cmd->new_oid))
1359 cmd->error_string = "deny deleting a hidden ref";
1360 else
1361 cmd->error_string = "deny updating a hidden ref";
1362 }
1363
1364 strbuf_release(&refname_full);
1365 }
1366
1367 static int should_process_cmd(struct command *cmd)
1368 {
1369 return !cmd->error_string && !cmd->skip_update;
1370 }
1371
1372 static void warn_if_skipped_connectivity_check(struct command *commands,
1373 struct shallow_info *si)
1374 {
1375 struct command *cmd;
1376 int checked_connectivity = 1;
1377
1378 for (cmd = commands; cmd; cmd = cmd->next) {
1379 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1380 error("BUG: connectivity check has not been run on ref %s",
1381 cmd->ref_name);
1382 checked_connectivity = 0;
1383 }
1384 }
1385 if (!checked_connectivity)
1386 BUG("connectivity check skipped???");
1387 }
1388
1389 static void execute_commands_non_atomic(struct command *commands,
1390 struct shallow_info *si)
1391 {
1392 struct command *cmd;
1393 struct strbuf err = STRBUF_INIT;
1394
1395 for (cmd = commands; cmd; cmd = cmd->next) {
1396 if (!should_process_cmd(cmd))
1397 continue;
1398
1399 transaction = ref_transaction_begin(&err);
1400 if (!transaction) {
1401 rp_error("%s", err.buf);
1402 strbuf_reset(&err);
1403 cmd->error_string = "transaction failed to start";
1404 continue;
1405 }
1406
1407 cmd->error_string = update(cmd, si);
1408
1409 if (!cmd->error_string
1410 && ref_transaction_commit(transaction, &err)) {
1411 rp_error("%s", err.buf);
1412 strbuf_reset(&err);
1413 cmd->error_string = "failed to update ref";
1414 }
1415 ref_transaction_free(transaction);
1416 }
1417 strbuf_release(&err);
1418 }
1419
1420 static void execute_commands_atomic(struct command *commands,
1421 struct shallow_info *si)
1422 {
1423 struct command *cmd;
1424 struct strbuf err = STRBUF_INIT;
1425 const char *reported_error = "atomic push failure";
1426
1427 transaction = ref_transaction_begin(&err);
1428 if (!transaction) {
1429 rp_error("%s", err.buf);
1430 strbuf_reset(&err);
1431 reported_error = "transaction failed to start";
1432 goto failure;
1433 }
1434
1435 for (cmd = commands; cmd; cmd = cmd->next) {
1436 if (!should_process_cmd(cmd))
1437 continue;
1438
1439 cmd->error_string = update(cmd, si);
1440
1441 if (cmd->error_string)
1442 goto failure;
1443 }
1444
1445 if (ref_transaction_commit(transaction, &err)) {
1446 rp_error("%s", err.buf);
1447 reported_error = "atomic transaction failed";
1448 goto failure;
1449 }
1450 goto cleanup;
1451
1452 failure:
1453 for (cmd = commands; cmd; cmd = cmd->next)
1454 if (!cmd->error_string)
1455 cmd->error_string = reported_error;
1456
1457 cleanup:
1458 ref_transaction_free(transaction);
1459 strbuf_release(&err);
1460 }
1461
1462 static void execute_commands(struct command *commands,
1463 const char *unpacker_error,
1464 struct shallow_info *si,
1465 const struct string_list *push_options)
1466 {
1467 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1468 struct command *cmd;
1469 struct iterate_data data;
1470 struct async muxer;
1471 int err_fd = 0;
1472
1473 if (unpacker_error) {
1474 for (cmd = commands; cmd; cmd = cmd->next)
1475 cmd->error_string = "unpacker error";
1476 return;
1477 }
1478
1479 if (use_sideband) {
1480 memset(&muxer, 0, sizeof(muxer));
1481 muxer.proc = copy_to_sideband;
1482 muxer.in = -1;
1483 if (!start_async(&muxer))
1484 err_fd = muxer.in;
1485 /* ...else, continue without relaying sideband */
1486 }
1487
1488 data.cmds = commands;
1489 data.si = si;
1490 opt.err_fd = err_fd;
1491 opt.progress = err_fd && !quiet;
1492 opt.env = tmp_objdir_env(tmp_objdir);
1493 if (check_connected(iterate_receive_command_list, &data, &opt))
1494 set_connectivity_errors(commands, si);
1495
1496 if (use_sideband)
1497 finish_async(&muxer);
1498
1499 reject_updates_to_hidden(commands);
1500
1501 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1502 for (cmd = commands; cmd; cmd = cmd->next) {
1503 if (!cmd->error_string)
1504 cmd->error_string = "pre-receive hook declined";
1505 }
1506 return;
1507 }
1508
1509 /*
1510 * Now we'll start writing out refs, which means the objects need
1511 * to be in their final positions so that other processes can see them.
1512 */
1513 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1514 for (cmd = commands; cmd; cmd = cmd->next) {
1515 if (!cmd->error_string)
1516 cmd->error_string = "unable to migrate objects to permanent storage";
1517 }
1518 return;
1519 }
1520 tmp_objdir = NULL;
1521
1522 check_aliased_updates(commands);
1523
1524 free(head_name_to_free);
1525 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1526
1527 if (use_atomic)
1528 execute_commands_atomic(commands, si);
1529 else
1530 execute_commands_non_atomic(commands, si);
1531
1532 if (shallow_update)
1533 warn_if_skipped_connectivity_check(commands, si);
1534 }
1535
1536 static struct command **queue_command(struct command **tail,
1537 const char *line,
1538 int linelen)
1539 {
1540 struct object_id old_oid, new_oid;
1541 struct command *cmd;
1542 const char *refname;
1543 int reflen;
1544 const char *p;
1545
1546 if (parse_oid_hex(line, &old_oid, &p) ||
1547 *p++ != ' ' ||
1548 parse_oid_hex(p, &new_oid, &p) ||
1549 *p++ != ' ')
1550 die("protocol error: expected old/new/ref, got '%s'", line);
1551
1552 refname = p;
1553 reflen = linelen - (p - line);
1554 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1555 oidcpy(&cmd->old_oid, &old_oid);
1556 oidcpy(&cmd->new_oid, &new_oid);
1557 *tail = cmd;
1558 return &cmd->next;
1559 }
1560
1561 static void queue_commands_from_cert(struct command **tail,
1562 struct strbuf *push_cert)
1563 {
1564 const char *boc, *eoc;
1565
1566 if (*tail)
1567 die("protocol error: got both push certificate and unsigned commands");
1568
1569 boc = strstr(push_cert->buf, "\n\n");
1570 if (!boc)
1571 die("malformed push certificate %.*s", 100, push_cert->buf);
1572 else
1573 boc += 2;
1574 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1575
1576 while (boc < eoc) {
1577 const char *eol = memchr(boc, '\n', eoc - boc);
1578 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1579 boc = eol ? eol + 1 : eoc;
1580 }
1581 }
1582
1583 static struct command *read_head_info(struct packet_reader *reader,
1584 struct oid_array *shallow)
1585 {
1586 struct command *commands = NULL;
1587 struct command **p = &commands;
1588 for (;;) {
1589 int linelen;
1590
1591 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1592 break;
1593
1594 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1595 struct object_id oid;
1596 if (get_oid_hex(reader->line + 8, &oid))
1597 die("protocol error: expected shallow sha, got '%s'",
1598 reader->line + 8);
1599 oid_array_append(shallow, &oid);
1600 continue;
1601 }
1602
1603 linelen = strlen(reader->line);
1604 if (linelen < reader->pktlen) {
1605 const char *feature_list = reader->line + linelen + 1;
1606 if (parse_feature_request(feature_list, "report-status"))
1607 report_status = 1;
1608 if (parse_feature_request(feature_list, "side-band-64k"))
1609 use_sideband = LARGE_PACKET_MAX;
1610 if (parse_feature_request(feature_list, "quiet"))
1611 quiet = 1;
1612 if (advertise_atomic_push
1613 && parse_feature_request(feature_list, "atomic"))
1614 use_atomic = 1;
1615 if (advertise_push_options
1616 && parse_feature_request(feature_list, "push-options"))
1617 use_push_options = 1;
1618 }
1619
1620 if (!strcmp(reader->line, "push-cert")) {
1621 int true_flush = 0;
1622 int saved_options = reader->options;
1623 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1624
1625 for (;;) {
1626 packet_reader_read(reader);
1627 if (reader->status == PACKET_READ_FLUSH) {
1628 true_flush = 1;
1629 break;
1630 }
1631 if (reader->status != PACKET_READ_NORMAL) {
1632 die("protocol error: got an unexpected packet");
1633 }
1634 if (!strcmp(reader->line, "push-cert-end\n"))
1635 break; /* end of cert */
1636 strbuf_addstr(&push_cert, reader->line);
1637 }
1638 reader->options = saved_options;
1639
1640 if (true_flush)
1641 break;
1642 continue;
1643 }
1644
1645 p = queue_command(p, reader->line, linelen);
1646 }
1647
1648 if (push_cert.len)
1649 queue_commands_from_cert(p, &push_cert);
1650
1651 return commands;
1652 }
1653
1654 static void read_push_options(struct packet_reader *reader,
1655 struct string_list *options)
1656 {
1657 while (1) {
1658 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1659 break;
1660
1661 string_list_append(options, reader->line);
1662 }
1663 }
1664
1665 static const char *parse_pack_header(struct pack_header *hdr)
1666 {
1667 switch (read_pack_header(0, hdr)) {
1668 case PH_ERROR_EOF:
1669 return "eof before pack header was fully read";
1670
1671 case PH_ERROR_PACK_SIGNATURE:
1672 return "protocol error (pack signature mismatch detected)";
1673
1674 case PH_ERROR_PROTOCOL:
1675 return "protocol error (pack version unsupported)";
1676
1677 default:
1678 return "unknown error in parse_pack_header";
1679
1680 case 0:
1681 return NULL;
1682 }
1683 }
1684
1685 static const char *pack_lockfile;
1686
1687 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1688 {
1689 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1690 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1691 }
1692
1693 static const char *unpack(int err_fd, struct shallow_info *si)
1694 {
1695 struct pack_header hdr;
1696 const char *hdr_err;
1697 int status;
1698 struct child_process child = CHILD_PROCESS_INIT;
1699 int fsck_objects = (receive_fsck_objects >= 0
1700 ? receive_fsck_objects
1701 : transfer_fsck_objects >= 0
1702 ? transfer_fsck_objects
1703 : 0);
1704
1705 hdr_err = parse_pack_header(&hdr);
1706 if (hdr_err) {
1707 if (err_fd > 0)
1708 close(err_fd);
1709 return hdr_err;
1710 }
1711
1712 if (si->nr_ours || si->nr_theirs) {
1713 alt_shallow_file = setup_temporary_shallow(si->shallow);
1714 argv_array_push(&child.args, "--shallow-file");
1715 argv_array_push(&child.args, alt_shallow_file);
1716 }
1717
1718 tmp_objdir = tmp_objdir_create();
1719 if (!tmp_objdir) {
1720 if (err_fd > 0)
1721 close(err_fd);
1722 return "unable to create temporary object directory";
1723 }
1724 child.env = tmp_objdir_env(tmp_objdir);
1725
1726 /*
1727 * Normally we just pass the tmp_objdir environment to the child
1728 * processes that do the heavy lifting, but we may need to see these
1729 * objects ourselves to set up shallow information.
1730 */
1731 tmp_objdir_add_as_alternate(tmp_objdir);
1732
1733 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1734 argv_array_push(&child.args, "unpack-objects");
1735 push_header_arg(&child.args, &hdr);
1736 if (quiet)
1737 argv_array_push(&child.args, "-q");
1738 if (fsck_objects)
1739 argv_array_pushf(&child.args, "--strict%s",
1740 fsck_msg_types.buf);
1741 if (max_input_size)
1742 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1743 (uintmax_t)max_input_size);
1744 child.no_stdout = 1;
1745 child.err = err_fd;
1746 child.git_cmd = 1;
1747 status = run_command(&child);
1748 if (status)
1749 return "unpack-objects abnormal exit";
1750 } else {
1751 char hostname[HOST_NAME_MAX + 1];
1752
1753 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1754 push_header_arg(&child.args, &hdr);
1755
1756 if (xgethostname(hostname, sizeof(hostname)))
1757 xsnprintf(hostname, sizeof(hostname), "localhost");
1758 argv_array_pushf(&child.args,
1759 "--keep=receive-pack %"PRIuMAX" on %s",
1760 (uintmax_t)getpid(),
1761 hostname);
1762
1763 if (!quiet && err_fd)
1764 argv_array_push(&child.args, "--show-resolving-progress");
1765 if (use_sideband)
1766 argv_array_push(&child.args, "--report-end-of-input");
1767 if (fsck_objects)
1768 argv_array_pushf(&child.args, "--strict%s",
1769 fsck_msg_types.buf);
1770 if (!reject_thin)
1771 argv_array_push(&child.args, "--fix-thin");
1772 if (max_input_size)
1773 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1774 (uintmax_t)max_input_size);
1775 child.out = -1;
1776 child.err = err_fd;
1777 child.git_cmd = 1;
1778 status = start_command(&child);
1779 if (status)
1780 return "index-pack fork failed";
1781 pack_lockfile = index_pack_lockfile(child.out);
1782 close(child.out);
1783 status = finish_command(&child);
1784 if (status)
1785 return "index-pack abnormal exit";
1786 reprepare_packed_git(the_repository);
1787 }
1788 return NULL;
1789 }
1790
1791 static const char *unpack_with_sideband(struct shallow_info *si)
1792 {
1793 struct async muxer;
1794 const char *ret;
1795
1796 if (!use_sideband)
1797 return unpack(0, si);
1798
1799 use_keepalive = KEEPALIVE_AFTER_NUL;
1800 memset(&muxer, 0, sizeof(muxer));
1801 muxer.proc = copy_to_sideband;
1802 muxer.in = -1;
1803 if (start_async(&muxer))
1804 return NULL;
1805
1806 ret = unpack(muxer.in, si);
1807
1808 finish_async(&muxer);
1809 return ret;
1810 }
1811
1812 static void prepare_shallow_update(struct shallow_info *si)
1813 {
1814 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1815
1816 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1817 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1818
1819 si->need_reachability_test =
1820 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1821 si->reachable =
1822 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1823 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1824
1825 for (i = 0; i < si->nr_ours; i++)
1826 si->need_reachability_test[si->ours[i]] = 1;
1827
1828 for (i = 0; i < si->shallow->nr; i++) {
1829 if (!si->used_shallow[i])
1830 continue;
1831 for (j = 0; j < bitmap_size; j++) {
1832 if (!si->used_shallow[i][j])
1833 continue;
1834 si->need_reachability_test[i]++;
1835 for (k = 0; k < 32; k++)
1836 if (si->used_shallow[i][j] & (1U << k))
1837 si->shallow_ref[j * 32 + k]++;
1838 }
1839
1840 /*
1841 * true for those associated with some refs and belong
1842 * in "ours" list aka "step 7 not done yet"
1843 */
1844 si->need_reachability_test[i] =
1845 si->need_reachability_test[i] > 1;
1846 }
1847
1848 /*
1849 * keep hooks happy by forcing a temporary shallow file via
1850 * env variable because we can't add --shallow-file to every
1851 * command. check_connected() will be done with
1852 * true .git/shallow though.
1853 */
1854 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1855 }
1856
1857 static void update_shallow_info(struct command *commands,
1858 struct shallow_info *si,
1859 struct oid_array *ref)
1860 {
1861 struct command *cmd;
1862 int *ref_status;
1863 remove_nonexistent_theirs_shallow(si);
1864 if (!si->nr_ours && !si->nr_theirs) {
1865 shallow_update = 0;
1866 return;
1867 }
1868
1869 for (cmd = commands; cmd; cmd = cmd->next) {
1870 if (is_null_oid(&cmd->new_oid))
1871 continue;
1872 oid_array_append(ref, &cmd->new_oid);
1873 cmd->index = ref->nr - 1;
1874 }
1875 si->ref = ref;
1876
1877 if (shallow_update) {
1878 prepare_shallow_update(si);
1879 return;
1880 }
1881
1882 ALLOC_ARRAY(ref_status, ref->nr);
1883 assign_shallow_commits_to_refs(si, NULL, ref_status);
1884 for (cmd = commands; cmd; cmd = cmd->next) {
1885 if (is_null_oid(&cmd->new_oid))
1886 continue;
1887 if (ref_status[cmd->index]) {
1888 cmd->error_string = "shallow update not allowed";
1889 cmd->skip_update = 1;
1890 }
1891 }
1892 free(ref_status);
1893 }
1894
1895 static void report(struct command *commands, const char *unpack_status)
1896 {
1897 struct command *cmd;
1898 struct strbuf buf = STRBUF_INIT;
1899
1900 packet_buf_write(&buf, "unpack %s\n",
1901 unpack_status ? unpack_status : "ok");
1902 for (cmd = commands; cmd; cmd = cmd->next) {
1903 if (!cmd->error_string)
1904 packet_buf_write(&buf, "ok %s\n",
1905 cmd->ref_name);
1906 else
1907 packet_buf_write(&buf, "ng %s %s\n",
1908 cmd->ref_name, cmd->error_string);
1909 }
1910 packet_buf_flush(&buf);
1911
1912 if (use_sideband)
1913 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1914 else
1915 write_or_die(1, buf.buf, buf.len);
1916 strbuf_release(&buf);
1917 }
1918
1919 static int delete_only(struct command *commands)
1920 {
1921 struct command *cmd;
1922 for (cmd = commands; cmd; cmd = cmd->next) {
1923 if (!is_null_oid(&cmd->new_oid))
1924 return 0;
1925 }
1926 return 1;
1927 }
1928
1929 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1930 {
1931 int advertise_refs = 0;
1932 struct command *commands;
1933 struct oid_array shallow = OID_ARRAY_INIT;
1934 struct oid_array ref = OID_ARRAY_INIT;
1935 struct shallow_info si;
1936 struct packet_reader reader;
1937
1938 struct option options[] = {
1939 OPT__QUIET(&quiet, N_("quiet")),
1940 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1941 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1942 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1943 OPT_END()
1944 };
1945
1946 packet_trace_identity("receive-pack");
1947
1948 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1949
1950 if (argc > 1)
1951 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1952 if (argc == 0)
1953 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1954
1955 service_dir = argv[0];
1956
1957 setup_path();
1958
1959 if (!enter_repo(service_dir, 0))
1960 die("'%s' does not appear to be a git repository", service_dir);
1961
1962 git_config(receive_pack_config, NULL);
1963 if (cert_nonce_seed)
1964 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1965
1966 if (0 <= transfer_unpack_limit)
1967 unpack_limit = transfer_unpack_limit;
1968 else if (0 <= receive_unpack_limit)
1969 unpack_limit = receive_unpack_limit;
1970
1971 switch (determine_protocol_version_server()) {
1972 case protocol_v2:
1973 /*
1974 * push support for protocol v2 has not been implemented yet,
1975 * so ignore the request to use v2 and fallback to using v0.
1976 */
1977 break;
1978 case protocol_v1:
1979 /*
1980 * v1 is just the original protocol with a version string,
1981 * so just fall through after writing the version string.
1982 */
1983 if (advertise_refs || !stateless_rpc)
1984 packet_write_fmt(1, "version 1\n");
1985
1986 /* fallthrough */
1987 case protocol_v0:
1988 break;
1989 case protocol_unknown_version:
1990 BUG("unknown protocol version");
1991 }
1992
1993 if (advertise_refs || !stateless_rpc) {
1994 write_head_info();
1995 }
1996 if (advertise_refs)
1997 return 0;
1998
1999 packet_reader_init(&reader, 0, NULL, 0,
2000 PACKET_READ_CHOMP_NEWLINE |
2001 PACKET_READ_DIE_ON_ERR_PACKET);
2002
2003 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2004 const char *unpack_status = NULL;
2005 struct string_list push_options = STRING_LIST_INIT_DUP;
2006
2007 if (use_push_options)
2008 read_push_options(&reader, &push_options);
2009 if (!check_cert_push_options(&push_options)) {
2010 struct command *cmd;
2011 for (cmd = commands; cmd; cmd = cmd->next)
2012 cmd->error_string = "inconsistent push options";
2013 }
2014
2015 prepare_shallow_info(&si, &shallow);
2016 if (!si.nr_ours && !si.nr_theirs)
2017 shallow_update = 0;
2018 if (!delete_only(commands)) {
2019 unpack_status = unpack_with_sideband(&si);
2020 update_shallow_info(commands, &si, &ref);
2021 }
2022 use_keepalive = KEEPALIVE_ALWAYS;
2023 execute_commands(commands, unpack_status, &si,
2024 &push_options);
2025 if (pack_lockfile)
2026 unlink_or_warn(pack_lockfile);
2027 if (report_status)
2028 report(commands, unpack_status);
2029 run_receive_hook(commands, "post-receive", 1,
2030 &push_options);
2031 run_update_post_hook(commands);
2032 string_list_clear(&push_options, 0);
2033 if (auto_gc) {
2034 const char *argv_gc_auto[] = {
2035 "gc", "--auto", "--quiet", NULL,
2036 };
2037 struct child_process proc = CHILD_PROCESS_INIT;
2038
2039 proc.no_stdin = 1;
2040 proc.stdout_to_stderr = 1;
2041 proc.err = use_sideband ? -1 : 0;
2042 proc.git_cmd = 1;
2043 proc.argv = argv_gc_auto;
2044
2045 close_all_packs(the_repository->objects);
2046 if (!start_command(&proc)) {
2047 if (use_sideband)
2048 copy_to_sideband(proc.err, -1, NULL);
2049 finish_command(&proc);
2050 }
2051 }
2052 if (auto_update_server_info)
2053 update_server_info(0);
2054 clear_shallow_info(&si);
2055 }
2056 if (use_sideband)
2057 packet_flush(1);
2058 oid_array_clear(&shallow);
2059 oid_array_clear(&ref);
2060 free((void *)push_cert_nonce);
2061 return 0;
2062 }
git for Debian