6 #include "run-command.h"
12 #include "transport.h"
13 #include "string-list.h"
14 #include "sha1-array.h"
15 #include "connected.h"
16 #include "argv-array.h"
19 #include "gpg-interface.h"
21 static const char receive_pack_usage
[] = "git receive-pack <git-dir>";
30 static int deny_deletes
;
31 static int deny_non_fast_forwards
;
32 static enum deny_action deny_current_branch
= DENY_UNCONFIGURED
;
33 static enum deny_action deny_delete_current
= DENY_UNCONFIGURED
;
34 static int receive_fsck_objects
= -1;
35 static int transfer_fsck_objects
= -1;
36 static int receive_unpack_limit
= -1;
37 static int transfer_unpack_limit
= -1;
38 static int unpack_limit
= 100;
39 static int report_status
;
40 static int use_sideband
;
42 static int prefer_ofs_delta
= 1;
43 static int auto_update_server_info
;
44 static int auto_gc
= 1;
45 static int fix_thin
= 1;
46 static int stateless_rpc
;
47 static const char *service_dir
;
48 static const char *head_name
;
49 static void *head_name_to_free
;
50 static int sent_capabilities
;
51 static int shallow_update
;
52 static const char *alt_shallow_file
;
53 static struct strbuf push_cert
= STRBUF_INIT
;
54 static unsigned char push_cert_sha1
[20];
55 static struct signature_check sigcheck
;
56 static const char *push_cert_nonce
;
57 static const char *cert_nonce_seed
;
59 static const char *NONCE_UNSOLICITED
= "UNSOLICITED";
60 static const char *NONCE_BAD
= "BAD";
61 static const char *NONCE_MISSING
= "MISSING";
62 static const char *NONCE_OK
= "OK";
63 static const char *NONCE_SLOP
= "SLOP";
64 static const char *nonce_status
;
65 static long nonce_stamp_slop
;
66 static unsigned long nonce_stamp_slop_limit
;
68 static enum deny_action
parse_deny_action(const char *var
, const char *value
)
71 if (!strcasecmp(value
, "ignore"))
73 if (!strcasecmp(value
, "warn"))
75 if (!strcasecmp(value
, "refuse"))
78 if (git_config_bool(var
, value
))
83 static int receive_pack_config(const char *var
, const char *value
, void *cb
)
85 int status
= parse_hide_refs_config(var
, value
, "receive");
90 if (strcmp(var
, "receive.denydeletes") == 0) {
91 deny_deletes
= git_config_bool(var
, value
);
95 if (strcmp(var
, "receive.denynonfastforwards") == 0) {
96 deny_non_fast_forwards
= git_config_bool(var
, value
);
100 if (strcmp(var
, "receive.unpacklimit") == 0) {
101 receive_unpack_limit
= git_config_int(var
, value
);
105 if (strcmp(var
, "transfer.unpacklimit") == 0) {
106 transfer_unpack_limit
= git_config_int(var
, value
);
110 if (strcmp(var
, "receive.fsckobjects") == 0) {
111 receive_fsck_objects
= git_config_bool(var
, value
);
115 if (strcmp(var
, "transfer.fsckobjects") == 0) {
116 transfer_fsck_objects
= git_config_bool(var
, value
);
120 if (!strcmp(var
, "receive.denycurrentbranch")) {
121 deny_current_branch
= parse_deny_action(var
, value
);
125 if (strcmp(var
, "receive.denydeletecurrent") == 0) {
126 deny_delete_current
= parse_deny_action(var
, value
);
130 if (strcmp(var
, "repack.usedeltabaseoffset") == 0) {
131 prefer_ofs_delta
= git_config_bool(var
, value
);
135 if (strcmp(var
, "receive.updateserverinfo") == 0) {
136 auto_update_server_info
= git_config_bool(var
, value
);
140 if (strcmp(var
, "receive.autogc") == 0) {
141 auto_gc
= git_config_bool(var
, value
);
145 if (strcmp(var
, "receive.shallowupdate") == 0) {
146 shallow_update
= git_config_bool(var
, value
);
150 if (strcmp(var
, "receive.certnonceseed") == 0)
151 return git_config_string(&cert_nonce_seed
, var
, value
);
153 if (strcmp(var
, "receive.certnonceslop") == 0) {
154 nonce_stamp_slop_limit
= git_config_ulong(var
, value
);
158 return git_default_config(var
, value
, cb
);
161 static void show_ref(const char *path
, const unsigned char *sha1
)
163 if (ref_is_hidden(path
))
166 if (sent_capabilities
) {
167 packet_write(1, "%s %s\n", sha1_to_hex(sha1
), path
);
169 struct strbuf cap
= STRBUF_INIT
;
172 "report-status delete-refs side-band-64k quiet");
173 if (prefer_ofs_delta
)
174 strbuf_addstr(&cap
, " ofs-delta");
176 strbuf_addf(&cap
, " push-cert=%s", push_cert_nonce
);
177 strbuf_addf(&cap
, " agent=%s", git_user_agent_sanitized());
178 packet_write(1, "%s %s%c%s\n",
179 sha1_to_hex(sha1
), path
, 0, cap
.buf
);
180 strbuf_release(&cap
);
181 sent_capabilities
= 1;
185 static int show_ref_cb(const char *path
, const unsigned char *sha1
, int flag
, void *unused
)
187 path
= strip_namespace(path
);
189 * Advertise refs outside our current namespace as ".have"
190 * refs, so that the client can use them to minimize data
191 * transfer but will otherwise ignore them. This happens to
192 * cover ".have" that are thrown in by add_one_alternate_ref()
193 * to mark histories that are complete in our alternates as
198 show_ref(path
, sha1
);
202 static void show_one_alternate_sha1(const unsigned char sha1
[20], void *unused
)
204 show_ref(".have", sha1
);
207 static void collect_one_alternate_ref(const struct ref
*ref
, void *data
)
209 struct sha1_array
*sa
= data
;
210 sha1_array_append(sa
, ref
->old_sha1
);
213 static void write_head_info(void)
215 struct sha1_array sa
= SHA1_ARRAY_INIT
;
216 for_each_alternate_ref(collect_one_alternate_ref
, &sa
);
217 sha1_array_for_each_unique(&sa
, show_one_alternate_sha1
, NULL
);
218 sha1_array_clear(&sa
);
219 for_each_ref(show_ref_cb
, NULL
);
220 if (!sent_capabilities
)
221 show_ref("capabilities^{}", null_sha1
);
223 advertise_shallow_grafts(1);
230 struct command
*next
;
231 const char *error_string
;
232 unsigned int skip_update
:1,
235 unsigned char old_sha1
[20];
236 unsigned char new_sha1
[20];
237 char ref_name
[FLEX_ARRAY
]; /* more */
240 static void rp_error(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
241 static void rp_warning(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
243 static void report_message(const char *prefix
, const char *err
, va_list params
)
245 int sz
= strlen(prefix
);
248 strncpy(msg
, prefix
, sz
);
249 sz
+= vsnprintf(msg
+ sz
, sizeof(msg
) - sz
, err
, params
);
250 if (sz
> (sizeof(msg
) - 1))
251 sz
= sizeof(msg
) - 1;
255 send_sideband(1, 2, msg
, sz
, use_sideband
);
260 static void rp_warning(const char *err
, ...)
263 va_start(params
, err
);
264 report_message("warning: ", err
, params
);
268 static void rp_error(const char *err
, ...)
271 va_start(params
, err
);
272 report_message("error: ", err
, params
);
276 static int copy_to_sideband(int in
, int out
, void *arg
)
280 ssize_t sz
= xread(in
, data
, sizeof(data
));
283 send_sideband(1, 2, data
, sz
, use_sideband
);
289 #define HMAC_BLOCK_SIZE 64
291 static void hmac_sha1(unsigned char *out
,
292 const char *key_in
, size_t key_len
,
293 const char *text
, size_t text_len
)
295 unsigned char key
[HMAC_BLOCK_SIZE
];
296 unsigned char k_ipad
[HMAC_BLOCK_SIZE
];
297 unsigned char k_opad
[HMAC_BLOCK_SIZE
];
301 /* RFC 2104 2. (1) */
302 memset(key
, '\0', HMAC_BLOCK_SIZE
);
303 if (HMAC_BLOCK_SIZE
< key_len
) {
305 git_SHA1_Update(&ctx
, key_in
, key_len
);
306 git_SHA1_Final(key
, &ctx
);
308 memcpy(key
, key_in
, key_len
);
311 /* RFC 2104 2. (2) & (5) */
312 for (i
= 0; i
< sizeof(key
); i
++) {
313 k_ipad
[i
] = key
[i
] ^ 0x36;
314 k_opad
[i
] = key
[i
] ^ 0x5c;
317 /* RFC 2104 2. (3) & (4) */
319 git_SHA1_Update(&ctx
, k_ipad
, sizeof(k_ipad
));
320 git_SHA1_Update(&ctx
, text
, text_len
);
321 git_SHA1_Final(out
, &ctx
);
323 /* RFC 2104 2. (6) & (7) */
325 git_SHA1_Update(&ctx
, k_opad
, sizeof(k_opad
));
326 git_SHA1_Update(&ctx
, out
, 20);
327 git_SHA1_Final(out
, &ctx
);
330 static char *prepare_push_cert_nonce(const char *path
, unsigned long stamp
)
332 struct strbuf buf
= STRBUF_INIT
;
333 unsigned char sha1
[20];
335 strbuf_addf(&buf
, "%s:%lu", path
, stamp
);
336 hmac_sha1(sha1
, buf
.buf
, buf
.len
, cert_nonce_seed
, strlen(cert_nonce_seed
));;
337 strbuf_release(&buf
);
339 /* RFC 2104 5. HMAC-SHA1-80 */
340 strbuf_addf(&buf
, "%lu-%.*s", stamp
, 20, sha1_to_hex(sha1
));
341 return strbuf_detach(&buf
, NULL
);
345 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
346 * after dropping "_commit" from its name and possibly moving it out
349 static char *find_header(const char *msg
, size_t len
, const char *key
)
351 int key_len
= strlen(key
);
352 const char *line
= msg
;
354 while (line
&& line
< msg
+ len
) {
355 const char *eol
= strchrnul(line
, '\n');
357 if ((msg
+ len
<= eol
) || line
== eol
)
359 if (line
+ key_len
< eol
&&
360 !memcmp(line
, key
, key_len
) && line
[key_len
] == ' ') {
361 int offset
= key_len
+ 1;
362 return xmemdupz(line
+ offset
, (eol
- line
) - offset
);
364 line
= *eol
? eol
+ 1 : NULL
;
369 static const char *check_nonce(const char *buf
, size_t len
)
371 char *nonce
= find_header(buf
, len
, "nonce");
372 unsigned long stamp
, ostamp
;
373 char *bohmac
, *expect
= NULL
;
374 const char *retval
= NONCE_BAD
;
377 retval
= NONCE_MISSING
;
379 } else if (!push_cert_nonce
) {
380 retval
= NONCE_UNSOLICITED
;
382 } else if (!strcmp(push_cert_nonce
, nonce
)) {
387 if (!stateless_rpc
) {
388 /* returned nonce MUST match what we gave out earlier */
394 * In stateless mode, we may be receiving a nonce issued by
395 * another instance of the server that serving the same
396 * repository, and the timestamps may not match, but the
397 * nonce-seed and dir should match, so we can recompute and
398 * report the time slop.
400 * In addition, when a nonce issued by another instance has
401 * timestamp within receive.certnonceslop seconds, we pretend
402 * as if we issued that nonce when reporting to the hook.
405 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
406 if (*nonce
<= '0' || '9' < *nonce
) {
410 stamp
= strtoul(nonce
, &bohmac
, 10);
411 if (bohmac
== nonce
|| bohmac
[0] != '-') {
416 expect
= prepare_push_cert_nonce(service_dir
, stamp
);
417 if (strcmp(expect
, nonce
)) {
418 /* Not what we would have signed earlier */
424 * By how many seconds is this nonce stale? Negative value
425 * would mean it was issued by another server with its clock
426 * skewed in the future.
428 ostamp
= strtoul(push_cert_nonce
, NULL
, 10);
429 nonce_stamp_slop
= (long)ostamp
- (long)stamp
;
431 if (nonce_stamp_slop_limit
&&
432 labs(nonce_stamp_slop
) <= nonce_stamp_slop_limit
) {
434 * Pretend as if the received nonce (which passes the
435 * HMAC check, so it is not a forged by third-party)
438 free((void *)push_cert_nonce
);
439 push_cert_nonce
= xstrdup(nonce
);
451 static void prepare_push_cert_sha1(struct child_process
*proc
)
453 static int already_done
;
454 struct argv_array env
= ARGV_ARRAY_INIT
;
460 struct strbuf gpg_output
= STRBUF_INIT
;
461 struct strbuf gpg_status
= STRBUF_INIT
;
462 int bogs
/* beginning_of_gpg_sig */;
465 if (write_sha1_file(push_cert
.buf
, push_cert
.len
, "blob", push_cert_sha1
))
466 hashclr(push_cert_sha1
);
468 memset(&sigcheck
, '\0', sizeof(sigcheck
));
469 sigcheck
.result
= 'N';
471 bogs
= parse_signature(push_cert
.buf
, push_cert
.len
);
472 if (verify_signed_buffer(push_cert
.buf
, bogs
,
473 push_cert
.buf
+ bogs
, push_cert
.len
- bogs
,
474 &gpg_output
, &gpg_status
) < 0) {
475 ; /* error running gpg */
477 sigcheck
.payload
= push_cert
.buf
;
478 sigcheck
.gpg_output
= gpg_output
.buf
;
479 sigcheck
.gpg_status
= gpg_status
.buf
;
480 parse_gpg_output(&sigcheck
);
483 strbuf_release(&gpg_output
);
484 strbuf_release(&gpg_status
);
485 nonce_status
= check_nonce(push_cert
.buf
, bogs
);
487 if (!is_null_sha1(push_cert_sha1
)) {
488 argv_array_pushf(&env
, "GIT_PUSH_CERT=%s", sha1_to_hex(push_cert_sha1
));
489 argv_array_pushf(&env
, "GIT_PUSH_CERT_SIGNER=%s",
490 sigcheck
.signer
? sigcheck
.signer
: "");
491 argv_array_pushf(&env
, "GIT_PUSH_CERT_KEY=%s",
492 sigcheck
.key
? sigcheck
.key
: "");
493 argv_array_pushf(&env
, "GIT_PUSH_CERT_STATUS=%c", sigcheck
.result
);
494 if (push_cert_nonce
) {
495 argv_array_pushf(&env
, "GIT_PUSH_CERT_NONCE=%s", push_cert_nonce
);
496 argv_array_pushf(&env
, "GIT_PUSH_CERT_NONCE_STATUS=%s", nonce_status
);
497 if (nonce_status
== NONCE_SLOP
)
498 argv_array_pushf(&env
, "GIT_PUSH_CERT_NONCE_SLOP=%ld",
501 proc
->env
= env
.argv
;
505 typedef int (*feed_fn
)(void *, const char **, size_t *);
506 static int run_and_feed_hook(const char *hook_name
, feed_fn feed
, void *feed_state
)
508 struct child_process proc
;
513 argv
[0] = find_hook(hook_name
);
519 memset(&proc
, 0, sizeof(proc
));
522 proc
.stdout_to_stderr
= 1;
524 prepare_push_cert_sha1(&proc
);
527 memset(&muxer
, 0, sizeof(muxer
));
528 muxer
.proc
= copy_to_sideband
;
530 code
= start_async(&muxer
);
536 code
= start_command(&proc
);
539 finish_async(&muxer
);
546 if (feed(feed_state
, &buf
, &n
))
548 if (write_in_full(proc
.in
, buf
, n
) != n
)
553 finish_async(&muxer
);
554 return finish_command(&proc
);
557 struct receive_hook_feed_state
{
563 static int feed_receive_hook(void *state_
, const char **bufp
, size_t *sizep
)
565 struct receive_hook_feed_state
*state
= state_
;
566 struct command
*cmd
= state
->cmd
;
569 state
->skip_broken
&& (cmd
->error_string
|| cmd
->did_not_exist
))
573 strbuf_reset(&state
->buf
);
574 strbuf_addf(&state
->buf
, "%s %s %s\n",
575 sha1_to_hex(cmd
->old_sha1
), sha1_to_hex(cmd
->new_sha1
),
577 state
->cmd
= cmd
->next
;
579 *bufp
= state
->buf
.buf
;
580 *sizep
= state
->buf
.len
;
585 static int run_receive_hook(struct command
*commands
, const char *hook_name
,
588 struct receive_hook_feed_state state
;
591 strbuf_init(&state
.buf
, 0);
592 state
.cmd
= commands
;
593 state
.skip_broken
= skip_broken
;
594 if (feed_receive_hook(&state
, NULL
, NULL
))
596 state
.cmd
= commands
;
597 status
= run_and_feed_hook(hook_name
, feed_receive_hook
, &state
);
598 strbuf_release(&state
.buf
);
602 static int run_update_hook(struct command
*cmd
)
605 struct child_process proc
;
608 argv
[0] = find_hook("update");
612 argv
[1] = cmd
->ref_name
;
613 argv
[2] = sha1_to_hex(cmd
->old_sha1
);
614 argv
[3] = sha1_to_hex(cmd
->new_sha1
);
617 memset(&proc
, 0, sizeof(proc
));
619 proc
.stdout_to_stderr
= 1;
620 proc
.err
= use_sideband
? -1 : 0;
623 code
= start_command(&proc
);
627 copy_to_sideband(proc
.err
, -1, NULL
);
628 return finish_command(&proc
);
631 static int is_ref_checked_out(const char *ref
)
633 if (is_bare_repository())
638 return !strcmp(head_name
, ref
);
641 static char *refuse_unconfigured_deny_msg
[] = {
642 "By default, updating the current branch in a non-bare repository",
643 "is denied, because it will make the index and work tree inconsistent",
644 "with what you pushed, and will require 'git reset --hard' to match",
645 "the work tree to HEAD.",
647 "You can set 'receive.denyCurrentBranch' configuration variable to",
648 "'ignore' or 'warn' in the remote repository to allow pushing into",
649 "its current branch; however, this is not recommended unless you",
650 "arranged to update its work tree to match what you pushed in some",
653 "To squelch this message and still keep the default behaviour, set",
654 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
657 static void refuse_unconfigured_deny(void)
660 for (i
= 0; i
< ARRAY_SIZE(refuse_unconfigured_deny_msg
); i
++)
661 rp_error("%s", refuse_unconfigured_deny_msg
[i
]);
664 static char *refuse_unconfigured_deny_delete_current_msg
[] = {
665 "By default, deleting the current branch is denied, because the next",
666 "'git clone' won't result in any file checked out, causing confusion.",
668 "You can set 'receive.denyDeleteCurrent' configuration variable to",
669 "'warn' or 'ignore' in the remote repository to allow deleting the",
670 "current branch, with or without a warning message.",
672 "To squelch this message, you can set it to 'refuse'."
675 static void refuse_unconfigured_deny_delete_current(void)
679 i
< ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg
);
681 rp_error("%s", refuse_unconfigured_deny_delete_current_msg
[i
]);
684 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20]);
685 static int update_shallow_ref(struct command
*cmd
, struct shallow_info
*si
)
687 static struct lock_file shallow_lock
;
688 struct sha1_array extra
= SHA1_ARRAY_INIT
;
689 const char *alt_file
;
690 uint32_t mask
= 1 << (cmd
->index
% 32);
693 trace_printf_key(&trace_shallow
,
694 "shallow: update_shallow_ref %s\n", cmd
->ref_name
);
695 for (i
= 0; i
< si
->shallow
->nr
; i
++)
696 if (si
->used_shallow
[i
] &&
697 (si
->used_shallow
[i
][cmd
->index
/ 32] & mask
) &&
698 !delayed_reachability_test(si
, i
))
699 sha1_array_append(&extra
, si
->shallow
->sha1
[i
]);
701 setup_alternate_shallow(&shallow_lock
, &alt_file
, &extra
);
702 if (check_shallow_connected(command_singleton_iterator
,
704 rollback_lock_file(&shallow_lock
);
705 sha1_array_clear(&extra
);
709 commit_lock_file(&shallow_lock
);
712 * Make sure setup_alternate_shallow() for the next ref does
713 * not lose these new roots..
715 for (i
= 0; i
< extra
.nr
; i
++)
716 register_shallow(extra
.sha1
[i
]);
718 si
->shallow_ref
[cmd
->index
] = 0;
719 sha1_array_clear(&extra
);
723 static const char *update(struct command
*cmd
, struct shallow_info
*si
)
725 const char *name
= cmd
->ref_name
;
726 struct strbuf namespaced_name_buf
= STRBUF_INIT
;
727 const char *namespaced_name
;
728 unsigned char *old_sha1
= cmd
->old_sha1
;
729 unsigned char *new_sha1
= cmd
->new_sha1
;
730 struct ref_lock
*lock
;
732 /* only refs/... are allowed */
733 if (!starts_with(name
, "refs/") || check_refname_format(name
+ 5, 0)) {
734 rp_error("refusing to create funny ref '%s' remotely", name
);
735 return "funny refname";
738 strbuf_addf(&namespaced_name_buf
, "%s%s", get_git_namespace(), name
);
739 namespaced_name
= strbuf_detach(&namespaced_name_buf
, NULL
);
741 if (is_ref_checked_out(namespaced_name
)) {
742 switch (deny_current_branch
) {
746 rp_warning("updating the current branch");
749 case DENY_UNCONFIGURED
:
750 rp_error("refusing to update checked out branch: %s", name
);
751 if (deny_current_branch
== DENY_UNCONFIGURED
)
752 refuse_unconfigured_deny();
753 return "branch is currently checked out";
757 if (!is_null_sha1(new_sha1
) && !has_sha1_file(new_sha1
)) {
758 error("unpack should have generated %s, "
759 "but I can't find it!", sha1_to_hex(new_sha1
));
763 if (!is_null_sha1(old_sha1
) && is_null_sha1(new_sha1
)) {
764 if (deny_deletes
&& starts_with(name
, "refs/heads/")) {
765 rp_error("denying ref deletion for %s", name
);
766 return "deletion prohibited";
769 if (!strcmp(namespaced_name
, head_name
)) {
770 switch (deny_delete_current
) {
774 rp_warning("deleting the current branch");
777 case DENY_UNCONFIGURED
:
778 if (deny_delete_current
== DENY_UNCONFIGURED
)
779 refuse_unconfigured_deny_delete_current();
780 rp_error("refusing to delete the current branch: %s", name
);
781 return "deletion of the current branch prohibited";
786 if (deny_non_fast_forwards
&& !is_null_sha1(new_sha1
) &&
787 !is_null_sha1(old_sha1
) &&
788 starts_with(name
, "refs/heads/")) {
789 struct object
*old_object
, *new_object
;
790 struct commit
*old_commit
, *new_commit
;
792 old_object
= parse_object(old_sha1
);
793 new_object
= parse_object(new_sha1
);
795 if (!old_object
|| !new_object
||
796 old_object
->type
!= OBJ_COMMIT
||
797 new_object
->type
!= OBJ_COMMIT
) {
798 error("bad sha1 objects for %s", name
);
801 old_commit
= (struct commit
*)old_object
;
802 new_commit
= (struct commit
*)new_object
;
803 if (!in_merge_bases(old_commit
, new_commit
)) {
804 rp_error("denying non-fast-forward %s"
805 " (you should pull first)", name
);
806 return "non-fast-forward";
809 if (run_update_hook(cmd
)) {
810 rp_error("hook declined to update %s", name
);
811 return "hook declined";
814 if (is_null_sha1(new_sha1
)) {
815 if (!parse_object(old_sha1
)) {
817 if (ref_exists(name
)) {
818 rp_warning("Allowing deletion of corrupt ref.");
820 rp_warning("Deleting a non-existent ref.");
821 cmd
->did_not_exist
= 1;
824 if (delete_ref(namespaced_name
, old_sha1
, 0)) {
825 rp_error("failed to delete %s", name
);
826 return "failed to delete";
828 return NULL
; /* good */
831 if (shallow_update
&& si
->shallow_ref
[cmd
->index
] &&
832 update_shallow_ref(cmd
, si
))
833 return "shallow error";
835 lock
= lock_any_ref_for_update(namespaced_name
, old_sha1
,
838 rp_error("failed to lock %s", name
);
839 return "failed to lock";
841 if (write_ref_sha1(lock
, new_sha1
, "push")) {
842 return "failed to write"; /* error() already called */
844 return NULL
; /* good */
848 static void run_update_post_hook(struct command
*commands
)
853 struct child_process proc
;
856 hook
= find_hook("post-update");
857 for (argc
= 0, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
858 if (cmd
->error_string
|| cmd
->did_not_exist
)
865 argv
= xmalloc(sizeof(*argv
) * (2 + argc
));
868 for (argc
= 1, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
869 if (cmd
->error_string
|| cmd
->did_not_exist
)
871 argv
[argc
] = xstrdup(cmd
->ref_name
);
876 memset(&proc
, 0, sizeof(proc
));
878 proc
.stdout_to_stderr
= 1;
879 proc
.err
= use_sideband
? -1 : 0;
882 if (!start_command(&proc
)) {
884 copy_to_sideband(proc
.err
, -1, NULL
);
885 finish_command(&proc
);
889 static void check_aliased_update(struct command
*cmd
, struct string_list
*list
)
891 struct strbuf buf
= STRBUF_INIT
;
892 const char *dst_name
;
893 struct string_list_item
*item
;
894 struct command
*dst_cmd
;
895 unsigned char sha1
[20];
896 char cmd_oldh
[41], cmd_newh
[41], dst_oldh
[41], dst_newh
[41];
899 strbuf_addf(&buf
, "%s%s", get_git_namespace(), cmd
->ref_name
);
900 dst_name
= resolve_ref_unsafe(buf
.buf
, sha1
, 0, &flag
);
901 strbuf_release(&buf
);
903 if (!(flag
& REF_ISSYMREF
))
906 dst_name
= strip_namespace(dst_name
);
908 rp_error("refusing update to broken symref '%s'", cmd
->ref_name
);
909 cmd
->skip_update
= 1;
910 cmd
->error_string
= "broken symref";
914 if ((item
= string_list_lookup(list
, dst_name
)) == NULL
)
917 cmd
->skip_update
= 1;
919 dst_cmd
= (struct command
*) item
->util
;
921 if (!hashcmp(cmd
->old_sha1
, dst_cmd
->old_sha1
) &&
922 !hashcmp(cmd
->new_sha1
, dst_cmd
->new_sha1
))
925 dst_cmd
->skip_update
= 1;
927 strcpy(cmd_oldh
, find_unique_abbrev(cmd
->old_sha1
, DEFAULT_ABBREV
));
928 strcpy(cmd_newh
, find_unique_abbrev(cmd
->new_sha1
, DEFAULT_ABBREV
));
929 strcpy(dst_oldh
, find_unique_abbrev(dst_cmd
->old_sha1
, DEFAULT_ABBREV
));
930 strcpy(dst_newh
, find_unique_abbrev(dst_cmd
->new_sha1
, DEFAULT_ABBREV
));
931 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
932 " its target '%s' (%s..%s)",
933 cmd
->ref_name
, cmd_oldh
, cmd_newh
,
934 dst_cmd
->ref_name
, dst_oldh
, dst_newh
);
936 cmd
->error_string
= dst_cmd
->error_string
=
937 "inconsistent aliased update";
940 static void check_aliased_updates(struct command
*commands
)
943 struct string_list ref_list
= STRING_LIST_INIT_NODUP
;
945 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
946 struct string_list_item
*item
=
947 string_list_append(&ref_list
, cmd
->ref_name
);
948 item
->util
= (void *)cmd
;
950 sort_string_list(&ref_list
);
952 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
953 if (!cmd
->error_string
)
954 check_aliased_update(cmd
, &ref_list
);
957 string_list_clear(&ref_list
, 0);
960 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20])
962 struct command
**cmd_list
= cb_data
;
963 struct command
*cmd
= *cmd_list
;
965 if (!cmd
|| is_null_sha1(cmd
->new_sha1
))
966 return -1; /* end of list */
967 *cmd_list
= NULL
; /* this returns only one */
968 hashcpy(sha1
, cmd
->new_sha1
);
972 static void set_connectivity_errors(struct command
*commands
,
973 struct shallow_info
*si
)
977 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
978 struct command
*singleton
= cmd
;
979 if (shallow_update
&& si
->shallow_ref
[cmd
->index
])
980 /* to be checked in update_shallow_ref() */
982 if (!check_everything_connected(command_singleton_iterator
,
985 cmd
->error_string
= "missing necessary objects";
989 struct iterate_data
{
990 struct command
*cmds
;
991 struct shallow_info
*si
;
994 static int iterate_receive_command_list(void *cb_data
, unsigned char sha1
[20])
996 struct iterate_data
*data
= cb_data
;
997 struct command
**cmd_list
= &data
->cmds
;
998 struct command
*cmd
= *cmd_list
;
1000 for (; cmd
; cmd
= cmd
->next
) {
1001 if (shallow_update
&& data
->si
->shallow_ref
[cmd
->index
])
1002 /* to be checked in update_shallow_ref() */
1004 if (!is_null_sha1(cmd
->new_sha1
) && !cmd
->skip_update
) {
1005 hashcpy(sha1
, cmd
->new_sha1
);
1006 *cmd_list
= cmd
->next
;
1011 return -1; /* end of list */
1014 static void reject_updates_to_hidden(struct command
*commands
)
1016 struct command
*cmd
;
1018 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1019 if (cmd
->error_string
|| !ref_is_hidden(cmd
->ref_name
))
1021 if (is_null_sha1(cmd
->new_sha1
))
1022 cmd
->error_string
= "deny deleting a hidden ref";
1024 cmd
->error_string
= "deny updating a hidden ref";
1028 static void execute_commands(struct command
*commands
,
1029 const char *unpacker_error
,
1030 struct shallow_info
*si
)
1032 int checked_connectivity
;
1033 struct command
*cmd
;
1034 unsigned char sha1
[20];
1035 struct iterate_data data
;
1037 if (unpacker_error
) {
1038 for (cmd
= commands
; cmd
; cmd
= cmd
->next
)
1039 cmd
->error_string
= "unpacker error";
1043 data
.cmds
= commands
;
1045 if (check_everything_connected(iterate_receive_command_list
, 0, &data
))
1046 set_connectivity_errors(commands
, si
);
1048 reject_updates_to_hidden(commands
);
1050 if (run_receive_hook(commands
, "pre-receive", 0)) {
1051 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1052 if (!cmd
->error_string
)
1053 cmd
->error_string
= "pre-receive hook declined";
1058 check_aliased_updates(commands
);
1060 free(head_name_to_free
);
1061 head_name
= head_name_to_free
= resolve_refdup("HEAD", sha1
, 0, NULL
);
1063 checked_connectivity
= 1;
1064 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1065 if (cmd
->error_string
)
1068 if (cmd
->skip_update
)
1071 cmd
->error_string
= update(cmd
, si
);
1072 if (shallow_update
&& !cmd
->error_string
&&
1073 si
->shallow_ref
[cmd
->index
]) {
1074 error("BUG: connectivity check has not been run on ref %s",
1076 checked_connectivity
= 0;
1080 if (shallow_update
&& !checked_connectivity
)
1081 error("BUG: run 'git fsck' for safety.\n"
1082 "If there are errors, try to remove "
1083 "the reported refs above");
1086 static struct command
**queue_command(struct command
**tail
,
1090 unsigned char old_sha1
[20], new_sha1
[20];
1091 struct command
*cmd
;
1092 const char *refname
;
1098 get_sha1_hex(line
, old_sha1
) ||
1099 get_sha1_hex(line
+ 41, new_sha1
))
1100 die("protocol error: expected old/new/ref, got '%s'", line
);
1102 refname
= line
+ 82;
1103 reflen
= linelen
- 82;
1104 cmd
= xcalloc(1, sizeof(struct command
) + reflen
+ 1);
1105 hashcpy(cmd
->old_sha1
, old_sha1
);
1106 hashcpy(cmd
->new_sha1
, new_sha1
);
1107 memcpy(cmd
->ref_name
, refname
, reflen
);
1108 cmd
->ref_name
[reflen
] = '\0';
1113 static void queue_commands_from_cert(struct command
**tail
,
1114 struct strbuf
*push_cert
)
1116 const char *boc
, *eoc
;
1119 die("protocol error: got both push certificate and unsigned commands");
1121 boc
= strstr(push_cert
->buf
, "\n\n");
1123 die("malformed push certificate %.*s", 100, push_cert
->buf
);
1126 eoc
= push_cert
->buf
+ parse_signature(push_cert
->buf
, push_cert
->len
);
1129 const char *eol
= memchr(boc
, '\n', eoc
- boc
);
1130 tail
= queue_command(tail
, boc
, eol
? eol
- boc
: eoc
- eol
);
1131 boc
= eol
? eol
+ 1 : eoc
;
1135 static struct command
*read_head_info(struct sha1_array
*shallow
)
1137 struct command
*commands
= NULL
;
1138 struct command
**p
= &commands
;
1143 line
= packet_read_line(0, &len
);
1147 if (len
== 48 && starts_with(line
, "shallow ")) {
1148 unsigned char sha1
[20];
1149 if (get_sha1_hex(line
+ 8, sha1
))
1150 die("protocol error: expected shallow sha, got '%s'",
1152 sha1_array_append(shallow
, sha1
);
1156 linelen
= strlen(line
);
1157 if (linelen
< len
) {
1158 const char *feature_list
= line
+ linelen
+ 1;
1159 if (parse_feature_request(feature_list
, "report-status"))
1161 if (parse_feature_request(feature_list
, "side-band-64k"))
1162 use_sideband
= LARGE_PACKET_MAX
;
1163 if (parse_feature_request(feature_list
, "quiet"))
1167 if (!strcmp(line
, "push-cert")) {
1172 len
= packet_read(0, NULL
, NULL
,
1173 certbuf
, sizeof(certbuf
), 0);
1178 if (!strcmp(certbuf
, "push-cert-end\n"))
1179 break; /* end of cert */
1180 strbuf_addstr(&push_cert
, certbuf
);
1188 p
= queue_command(p
, line
, linelen
);
1192 queue_commands_from_cert(p
, &push_cert
);
1197 static const char *parse_pack_header(struct pack_header
*hdr
)
1199 switch (read_pack_header(0, hdr
)) {
1201 return "eof before pack header was fully read";
1203 case PH_ERROR_PACK_SIGNATURE
:
1204 return "protocol error (pack signature mismatch detected)";
1206 case PH_ERROR_PROTOCOL
:
1207 return "protocol error (pack version unsupported)";
1210 return "unknown error in parse_pack_header";
1217 static const char *pack_lockfile
;
1219 static const char *unpack(int err_fd
, struct shallow_info
*si
)
1221 struct pack_header hdr
;
1222 struct argv_array av
= ARGV_ARRAY_INIT
;
1223 const char *hdr_err
;
1226 struct child_process child
;
1227 int fsck_objects
= (receive_fsck_objects
>= 0
1228 ? receive_fsck_objects
1229 : transfer_fsck_objects
>= 0
1230 ? transfer_fsck_objects
1233 hdr_err
= parse_pack_header(&hdr
);
1239 snprintf(hdr_arg
, sizeof(hdr_arg
),
1240 "--pack_header=%"PRIu32
",%"PRIu32
,
1241 ntohl(hdr
.hdr_version
), ntohl(hdr
.hdr_entries
));
1243 if (si
->nr_ours
|| si
->nr_theirs
) {
1244 alt_shallow_file
= setup_temporary_shallow(si
->shallow
);
1245 argv_array_pushl(&av
, "--shallow-file", alt_shallow_file
, NULL
);
1248 memset(&child
, 0, sizeof(child
));
1249 if (ntohl(hdr
.hdr_entries
) < unpack_limit
) {
1250 argv_array_pushl(&av
, "unpack-objects", hdr_arg
, NULL
);
1252 argv_array_push(&av
, "-q");
1254 argv_array_push(&av
, "--strict");
1255 child
.argv
= av
.argv
;
1256 child
.no_stdout
= 1;
1259 status
= run_command(&child
);
1261 return "unpack-objects abnormal exit";
1266 s
= sprintf(keep_arg
, "--keep=receive-pack %"PRIuMAX
" on ", (uintmax_t) getpid());
1267 if (gethostname(keep_arg
+ s
, sizeof(keep_arg
) - s
))
1268 strcpy(keep_arg
+ s
, "localhost");
1270 argv_array_pushl(&av
, "index-pack",
1271 "--stdin", hdr_arg
, keep_arg
, NULL
);
1273 argv_array_push(&av
, "--strict");
1275 argv_array_push(&av
, "--fix-thin");
1276 child
.argv
= av
.argv
;
1280 status
= start_command(&child
);
1282 return "index-pack fork failed";
1283 pack_lockfile
= index_pack_lockfile(child
.out
);
1285 status
= finish_command(&child
);
1287 return "index-pack abnormal exit";
1288 reprepare_packed_git();
1293 static const char *unpack_with_sideband(struct shallow_info
*si
)
1299 return unpack(0, si
);
1301 memset(&muxer
, 0, sizeof(muxer
));
1302 muxer
.proc
= copy_to_sideband
;
1304 if (start_async(&muxer
))
1307 ret
= unpack(muxer
.in
, si
);
1309 finish_async(&muxer
);
1313 static void prepare_shallow_update(struct command
*commands
,
1314 struct shallow_info
*si
)
1316 int i
, j
, k
, bitmap_size
= (si
->ref
->nr
+ 31) / 32;
1318 si
->used_shallow
= xmalloc(sizeof(*si
->used_shallow
) *
1320 assign_shallow_commits_to_refs(si
, si
->used_shallow
, NULL
);
1322 si
->need_reachability_test
=
1323 xcalloc(si
->shallow
->nr
, sizeof(*si
->need_reachability_test
));
1325 xcalloc(si
->shallow
->nr
, sizeof(*si
->reachable
));
1326 si
->shallow_ref
= xcalloc(si
->ref
->nr
, sizeof(*si
->shallow_ref
));
1328 for (i
= 0; i
< si
->nr_ours
; i
++)
1329 si
->need_reachability_test
[si
->ours
[i
]] = 1;
1331 for (i
= 0; i
< si
->shallow
->nr
; i
++) {
1332 if (!si
->used_shallow
[i
])
1334 for (j
= 0; j
< bitmap_size
; j
++) {
1335 if (!si
->used_shallow
[i
][j
])
1337 si
->need_reachability_test
[i
]++;
1338 for (k
= 0; k
< 32; k
++)
1339 if (si
->used_shallow
[i
][j
] & (1 << k
))
1340 si
->shallow_ref
[j
* 32 + k
]++;
1344 * true for those associated with some refs and belong
1345 * in "ours" list aka "step 7 not done yet"
1347 si
->need_reachability_test
[i
] =
1348 si
->need_reachability_test
[i
] > 1;
1352 * keep hooks happy by forcing a temporary shallow file via
1353 * env variable because we can't add --shallow-file to every
1354 * command. check_everything_connected() will be done with
1355 * true .git/shallow though.
1357 setenv(GIT_SHALLOW_FILE_ENVIRONMENT
, alt_shallow_file
, 1);
1360 static void update_shallow_info(struct command
*commands
,
1361 struct shallow_info
*si
,
1362 struct sha1_array
*ref
)
1364 struct command
*cmd
;
1366 remove_nonexistent_theirs_shallow(si
);
1367 if (!si
->nr_ours
&& !si
->nr_theirs
) {
1372 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1373 if (is_null_sha1(cmd
->new_sha1
))
1375 sha1_array_append(ref
, cmd
->new_sha1
);
1376 cmd
->index
= ref
->nr
- 1;
1380 if (shallow_update
) {
1381 prepare_shallow_update(commands
, si
);
1385 ref_status
= xmalloc(sizeof(*ref_status
) * ref
->nr
);
1386 assign_shallow_commits_to_refs(si
, NULL
, ref_status
);
1387 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1388 if (is_null_sha1(cmd
->new_sha1
))
1390 if (ref_status
[cmd
->index
]) {
1391 cmd
->error_string
= "shallow update not allowed";
1392 cmd
->skip_update
= 1;
1398 static void report(struct command
*commands
, const char *unpack_status
)
1400 struct command
*cmd
;
1401 struct strbuf buf
= STRBUF_INIT
;
1403 packet_buf_write(&buf
, "unpack %s\n",
1404 unpack_status
? unpack_status
: "ok");
1405 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1406 if (!cmd
->error_string
)
1407 packet_buf_write(&buf
, "ok %s\n",
1410 packet_buf_write(&buf
, "ng %s %s\n",
1411 cmd
->ref_name
, cmd
->error_string
);
1413 packet_buf_flush(&buf
);
1416 send_sideband(1, 1, buf
.buf
, buf
.len
, use_sideband
);
1418 write_or_die(1, buf
.buf
, buf
.len
);
1419 strbuf_release(&buf
);
1422 static int delete_only(struct command
*commands
)
1424 struct command
*cmd
;
1425 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1426 if (!is_null_sha1(cmd
->new_sha1
))
1432 int cmd_receive_pack(int argc
, const char **argv
, const char *prefix
)
1434 int advertise_refs
= 0;
1436 struct command
*commands
;
1437 struct sha1_array shallow
= SHA1_ARRAY_INIT
;
1438 struct sha1_array ref
= SHA1_ARRAY_INIT
;
1439 struct shallow_info si
;
1441 packet_trace_identity("receive-pack");
1444 for (i
= 1; i
< argc
; i
++) {
1445 const char *arg
= *argv
++;
1448 if (!strcmp(arg
, "--quiet")) {
1453 if (!strcmp(arg
, "--advertise-refs")) {
1457 if (!strcmp(arg
, "--stateless-rpc")) {
1461 if (!strcmp(arg
, "--reject-thin-pack-for-testing")) {
1466 usage(receive_pack_usage
);
1469 usage(receive_pack_usage
);
1473 usage(receive_pack_usage
);
1477 if (!enter_repo(service_dir
, 0))
1478 die("'%s' does not appear to be a git repository", service_dir
);
1480 git_config(receive_pack_config
, NULL
);
1481 if (cert_nonce_seed
)
1482 push_cert_nonce
= prepare_push_cert_nonce(service_dir
, time(NULL
));
1484 if (0 <= transfer_unpack_limit
)
1485 unpack_limit
= transfer_unpack_limit
;
1486 else if (0 <= receive_unpack_limit
)
1487 unpack_limit
= receive_unpack_limit
;
1489 if (advertise_refs
|| !stateless_rpc
) {
1495 if ((commands
= read_head_info(&shallow
)) != NULL
) {
1496 const char *unpack_status
= NULL
;
1498 prepare_shallow_info(&si
, &shallow
);
1499 if (!si
.nr_ours
&& !si
.nr_theirs
)
1501 if (!delete_only(commands
)) {
1502 unpack_status
= unpack_with_sideband(&si
);
1503 update_shallow_info(commands
, &si
, &ref
);
1505 execute_commands(commands
, unpack_status
, &si
);
1507 unlink_or_warn(pack_lockfile
);
1509 report(commands
, unpack_status
);
1510 run_receive_hook(commands
, "post-receive", 1);
1511 run_update_post_hook(commands
);
1513 const char *argv_gc_auto
[] = {
1514 "gc", "--auto", "--quiet", NULL
,
1516 int opt
= RUN_GIT_CMD
| RUN_COMMAND_STDOUT_TO_STDERR
;
1517 run_command_v_opt(argv_gc_auto
, opt
);
1519 if (auto_update_server_info
)
1520 update_server_info(0);
1521 clear_shallow_info(&si
);
1525 sha1_array_clear(&shallow
);
1526 sha1_array_clear(&ref
);
1527 free((void *)push_cert_nonce
);