use labs() for variables of type long instead of abs()
[git/debian.git] / builtin / receive-pack.c
bloba38ea7ddb396d0ae2a3f76b2c84223d88bf50ffb
1 #include "builtin.h"
2 #include "pack.h"
3 #include "refs.h"
4 #include "pkt-line.h"
5 #include "sideband.h"
6 #include "run-command.h"
7 #include "exec_cmd.h"
8 #include "commit.h"
9 #include "object.h"
10 #include "remote.h"
11 #include "connect.h"
12 #include "transport.h"
13 #include "string-list.h"
14 #include "sha1-array.h"
15 #include "connected.h"
16 #include "argv-array.h"
17 #include "version.h"
18 #include "tag.h"
19 #include "gpg-interface.h"
21 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
23 enum deny_action {
24 DENY_UNCONFIGURED,
25 DENY_IGNORE,
26 DENY_WARN,
27 DENY_REFUSE
30 static int deny_deletes;
31 static int deny_non_fast_forwards;
32 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
33 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
34 static int receive_fsck_objects = -1;
35 static int transfer_fsck_objects = -1;
36 static int receive_unpack_limit = -1;
37 static int transfer_unpack_limit = -1;
38 static int unpack_limit = 100;
39 static int report_status;
40 static int use_sideband;
41 static int quiet;
42 static int prefer_ofs_delta = 1;
43 static int auto_update_server_info;
44 static int auto_gc = 1;
45 static int fix_thin = 1;
46 static int stateless_rpc;
47 static const char *service_dir;
48 static const char *head_name;
49 static void *head_name_to_free;
50 static int sent_capabilities;
51 static int shallow_update;
52 static const char *alt_shallow_file;
53 static struct strbuf push_cert = STRBUF_INIT;
54 static unsigned char push_cert_sha1[20];
55 static struct signature_check sigcheck;
56 static const char *push_cert_nonce;
57 static const char *cert_nonce_seed;
59 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
60 static const char *NONCE_BAD = "BAD";
61 static const char *NONCE_MISSING = "MISSING";
62 static const char *NONCE_OK = "OK";
63 static const char *NONCE_SLOP = "SLOP";
64 static const char *nonce_status;
65 static long nonce_stamp_slop;
66 static unsigned long nonce_stamp_slop_limit;
68 static enum deny_action parse_deny_action(const char *var, const char *value)
70 if (value) {
71 if (!strcasecmp(value, "ignore"))
72 return DENY_IGNORE;
73 if (!strcasecmp(value, "warn"))
74 return DENY_WARN;
75 if (!strcasecmp(value, "refuse"))
76 return DENY_REFUSE;
78 if (git_config_bool(var, value))
79 return DENY_REFUSE;
80 return DENY_IGNORE;
83 static int receive_pack_config(const char *var, const char *value, void *cb)
85 int status = parse_hide_refs_config(var, value, "receive");
87 if (status)
88 return status;
90 if (strcmp(var, "receive.denydeletes") == 0) {
91 deny_deletes = git_config_bool(var, value);
92 return 0;
95 if (strcmp(var, "receive.denynonfastforwards") == 0) {
96 deny_non_fast_forwards = git_config_bool(var, value);
97 return 0;
100 if (strcmp(var, "receive.unpacklimit") == 0) {
101 receive_unpack_limit = git_config_int(var, value);
102 return 0;
105 if (strcmp(var, "transfer.unpacklimit") == 0) {
106 transfer_unpack_limit = git_config_int(var, value);
107 return 0;
110 if (strcmp(var, "receive.fsckobjects") == 0) {
111 receive_fsck_objects = git_config_bool(var, value);
112 return 0;
115 if (strcmp(var, "transfer.fsckobjects") == 0) {
116 transfer_fsck_objects = git_config_bool(var, value);
117 return 0;
120 if (!strcmp(var, "receive.denycurrentbranch")) {
121 deny_current_branch = parse_deny_action(var, value);
122 return 0;
125 if (strcmp(var, "receive.denydeletecurrent") == 0) {
126 deny_delete_current = parse_deny_action(var, value);
127 return 0;
130 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
131 prefer_ofs_delta = git_config_bool(var, value);
132 return 0;
135 if (strcmp(var, "receive.updateserverinfo") == 0) {
136 auto_update_server_info = git_config_bool(var, value);
137 return 0;
140 if (strcmp(var, "receive.autogc") == 0) {
141 auto_gc = git_config_bool(var, value);
142 return 0;
145 if (strcmp(var, "receive.shallowupdate") == 0) {
146 shallow_update = git_config_bool(var, value);
147 return 0;
150 if (strcmp(var, "receive.certnonceseed") == 0)
151 return git_config_string(&cert_nonce_seed, var, value);
153 if (strcmp(var, "receive.certnonceslop") == 0) {
154 nonce_stamp_slop_limit = git_config_ulong(var, value);
155 return 0;
158 return git_default_config(var, value, cb);
161 static void show_ref(const char *path, const unsigned char *sha1)
163 if (ref_is_hidden(path))
164 return;
166 if (sent_capabilities) {
167 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
168 } else {
169 struct strbuf cap = STRBUF_INIT;
171 strbuf_addstr(&cap,
172 "report-status delete-refs side-band-64k quiet");
173 if (prefer_ofs_delta)
174 strbuf_addstr(&cap, " ofs-delta");
175 if (push_cert_nonce)
176 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
177 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
178 packet_write(1, "%s %s%c%s\n",
179 sha1_to_hex(sha1), path, 0, cap.buf);
180 strbuf_release(&cap);
181 sent_capabilities = 1;
185 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
187 path = strip_namespace(path);
189 * Advertise refs outside our current namespace as ".have"
190 * refs, so that the client can use them to minimize data
191 * transfer but will otherwise ignore them. This happens to
192 * cover ".have" that are thrown in by add_one_alternate_ref()
193 * to mark histories that are complete in our alternates as
194 * well.
196 if (!path)
197 path = ".have";
198 show_ref(path, sha1);
199 return 0;
202 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
204 show_ref(".have", sha1);
207 static void collect_one_alternate_ref(const struct ref *ref, void *data)
209 struct sha1_array *sa = data;
210 sha1_array_append(sa, ref->old_sha1);
213 static void write_head_info(void)
215 struct sha1_array sa = SHA1_ARRAY_INIT;
216 for_each_alternate_ref(collect_one_alternate_ref, &sa);
217 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
218 sha1_array_clear(&sa);
219 for_each_ref(show_ref_cb, NULL);
220 if (!sent_capabilities)
221 show_ref("capabilities^{}", null_sha1);
223 advertise_shallow_grafts(1);
225 /* EOF */
226 packet_flush(1);
229 struct command {
230 struct command *next;
231 const char *error_string;
232 unsigned int skip_update:1,
233 did_not_exist:1;
234 int index;
235 unsigned char old_sha1[20];
236 unsigned char new_sha1[20];
237 char ref_name[FLEX_ARRAY]; /* more */
240 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
241 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
243 static void report_message(const char *prefix, const char *err, va_list params)
245 int sz = strlen(prefix);
246 char msg[4096];
248 strncpy(msg, prefix, sz);
249 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
250 if (sz > (sizeof(msg) - 1))
251 sz = sizeof(msg) - 1;
252 msg[sz++] = '\n';
254 if (use_sideband)
255 send_sideband(1, 2, msg, sz, use_sideband);
256 else
257 xwrite(2, msg, sz);
260 static void rp_warning(const char *err, ...)
262 va_list params;
263 va_start(params, err);
264 report_message("warning: ", err, params);
265 va_end(params);
268 static void rp_error(const char *err, ...)
270 va_list params;
271 va_start(params, err);
272 report_message("error: ", err, params);
273 va_end(params);
276 static int copy_to_sideband(int in, int out, void *arg)
278 char data[128];
279 while (1) {
280 ssize_t sz = xread(in, data, sizeof(data));
281 if (sz <= 0)
282 break;
283 send_sideband(1, 2, data, sz, use_sideband);
285 close(in);
286 return 0;
289 #define HMAC_BLOCK_SIZE 64
291 static void hmac_sha1(unsigned char *out,
292 const char *key_in, size_t key_len,
293 const char *text, size_t text_len)
295 unsigned char key[HMAC_BLOCK_SIZE];
296 unsigned char k_ipad[HMAC_BLOCK_SIZE];
297 unsigned char k_opad[HMAC_BLOCK_SIZE];
298 int i;
299 git_SHA_CTX ctx;
301 /* RFC 2104 2. (1) */
302 memset(key, '\0', HMAC_BLOCK_SIZE);
303 if (HMAC_BLOCK_SIZE < key_len) {
304 git_SHA1_Init(&ctx);
305 git_SHA1_Update(&ctx, key_in, key_len);
306 git_SHA1_Final(key, &ctx);
307 } else {
308 memcpy(key, key_in, key_len);
311 /* RFC 2104 2. (2) & (5) */
312 for (i = 0; i < sizeof(key); i++) {
313 k_ipad[i] = key[i] ^ 0x36;
314 k_opad[i] = key[i] ^ 0x5c;
317 /* RFC 2104 2. (3) & (4) */
318 git_SHA1_Init(&ctx);
319 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
320 git_SHA1_Update(&ctx, text, text_len);
321 git_SHA1_Final(out, &ctx);
323 /* RFC 2104 2. (6) & (7) */
324 git_SHA1_Init(&ctx);
325 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
326 git_SHA1_Update(&ctx, out, 20);
327 git_SHA1_Final(out, &ctx);
330 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
332 struct strbuf buf = STRBUF_INIT;
333 unsigned char sha1[20];
335 strbuf_addf(&buf, "%s:%lu", path, stamp);
336 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
337 strbuf_release(&buf);
339 /* RFC 2104 5. HMAC-SHA1-80 */
340 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
341 return strbuf_detach(&buf, NULL);
345 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
346 * after dropping "_commit" from its name and possibly moving it out
347 * of commit.c
349 static char *find_header(const char *msg, size_t len, const char *key)
351 int key_len = strlen(key);
352 const char *line = msg;
354 while (line && line < msg + len) {
355 const char *eol = strchrnul(line, '\n');
357 if ((msg + len <= eol) || line == eol)
358 return NULL;
359 if (line + key_len < eol &&
360 !memcmp(line, key, key_len) && line[key_len] == ' ') {
361 int offset = key_len + 1;
362 return xmemdupz(line + offset, (eol - line) - offset);
364 line = *eol ? eol + 1 : NULL;
366 return NULL;
369 static const char *check_nonce(const char *buf, size_t len)
371 char *nonce = find_header(buf, len, "nonce");
372 unsigned long stamp, ostamp;
373 char *bohmac, *expect = NULL;
374 const char *retval = NONCE_BAD;
376 if (!nonce) {
377 retval = NONCE_MISSING;
378 goto leave;
379 } else if (!push_cert_nonce) {
380 retval = NONCE_UNSOLICITED;
381 goto leave;
382 } else if (!strcmp(push_cert_nonce, nonce)) {
383 retval = NONCE_OK;
384 goto leave;
387 if (!stateless_rpc) {
388 /* returned nonce MUST match what we gave out earlier */
389 retval = NONCE_BAD;
390 goto leave;
394 * In stateless mode, we may be receiving a nonce issued by
395 * another instance of the server that serving the same
396 * repository, and the timestamps may not match, but the
397 * nonce-seed and dir should match, so we can recompute and
398 * report the time slop.
400 * In addition, when a nonce issued by another instance has
401 * timestamp within receive.certnonceslop seconds, we pretend
402 * as if we issued that nonce when reporting to the hook.
405 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
406 if (*nonce <= '0' || '9' < *nonce) {
407 retval = NONCE_BAD;
408 goto leave;
410 stamp = strtoul(nonce, &bohmac, 10);
411 if (bohmac == nonce || bohmac[0] != '-') {
412 retval = NONCE_BAD;
413 goto leave;
416 expect = prepare_push_cert_nonce(service_dir, stamp);
417 if (strcmp(expect, nonce)) {
418 /* Not what we would have signed earlier */
419 retval = NONCE_BAD;
420 goto leave;
424 * By how many seconds is this nonce stale? Negative value
425 * would mean it was issued by another server with its clock
426 * skewed in the future.
428 ostamp = strtoul(push_cert_nonce, NULL, 10);
429 nonce_stamp_slop = (long)ostamp - (long)stamp;
431 if (nonce_stamp_slop_limit &&
432 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
434 * Pretend as if the received nonce (which passes the
435 * HMAC check, so it is not a forged by third-party)
436 * is what we issued.
438 free((void *)push_cert_nonce);
439 push_cert_nonce = xstrdup(nonce);
440 retval = NONCE_OK;
441 } else {
442 retval = NONCE_SLOP;
445 leave:
446 free(nonce);
447 free(expect);
448 return retval;
451 static void prepare_push_cert_sha1(struct child_process *proc)
453 static int already_done;
454 struct argv_array env = ARGV_ARRAY_INIT;
456 if (!push_cert.len)
457 return;
459 if (!already_done) {
460 struct strbuf gpg_output = STRBUF_INIT;
461 struct strbuf gpg_status = STRBUF_INIT;
462 int bogs /* beginning_of_gpg_sig */;
464 already_done = 1;
465 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
466 hashclr(push_cert_sha1);
468 memset(&sigcheck, '\0', sizeof(sigcheck));
469 sigcheck.result = 'N';
471 bogs = parse_signature(push_cert.buf, push_cert.len);
472 if (verify_signed_buffer(push_cert.buf, bogs,
473 push_cert.buf + bogs, push_cert.len - bogs,
474 &gpg_output, &gpg_status) < 0) {
475 ; /* error running gpg */
476 } else {
477 sigcheck.payload = push_cert.buf;
478 sigcheck.gpg_output = gpg_output.buf;
479 sigcheck.gpg_status = gpg_status.buf;
480 parse_gpg_output(&sigcheck);
483 strbuf_release(&gpg_output);
484 strbuf_release(&gpg_status);
485 nonce_status = check_nonce(push_cert.buf, bogs);
487 if (!is_null_sha1(push_cert_sha1)) {
488 argv_array_pushf(&env, "GIT_PUSH_CERT=%s", sha1_to_hex(push_cert_sha1));
489 argv_array_pushf(&env, "GIT_PUSH_CERT_SIGNER=%s",
490 sigcheck.signer ? sigcheck.signer : "");
491 argv_array_pushf(&env, "GIT_PUSH_CERT_KEY=%s",
492 sigcheck.key ? sigcheck.key : "");
493 argv_array_pushf(&env, "GIT_PUSH_CERT_STATUS=%c", sigcheck.result);
494 if (push_cert_nonce) {
495 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE=%s", push_cert_nonce);
496 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE_STATUS=%s", nonce_status);
497 if (nonce_status == NONCE_SLOP)
498 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE_SLOP=%ld",
499 nonce_stamp_slop);
501 proc->env = env.argv;
505 typedef int (*feed_fn)(void *, const char **, size_t *);
506 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
508 struct child_process proc;
509 struct async muxer;
510 const char *argv[2];
511 int code;
513 argv[0] = find_hook(hook_name);
514 if (!argv[0])
515 return 0;
517 argv[1] = NULL;
519 memset(&proc, 0, sizeof(proc));
520 proc.argv = argv;
521 proc.in = -1;
522 proc.stdout_to_stderr = 1;
524 prepare_push_cert_sha1(&proc);
526 if (use_sideband) {
527 memset(&muxer, 0, sizeof(muxer));
528 muxer.proc = copy_to_sideband;
529 muxer.in = -1;
530 code = start_async(&muxer);
531 if (code)
532 return code;
533 proc.err = muxer.in;
536 code = start_command(&proc);
537 if (code) {
538 if (use_sideband)
539 finish_async(&muxer);
540 return code;
543 while (1) {
544 const char *buf;
545 size_t n;
546 if (feed(feed_state, &buf, &n))
547 break;
548 if (write_in_full(proc.in, buf, n) != n)
549 break;
551 close(proc.in);
552 if (use_sideband)
553 finish_async(&muxer);
554 return finish_command(&proc);
557 struct receive_hook_feed_state {
558 struct command *cmd;
559 int skip_broken;
560 struct strbuf buf;
563 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
565 struct receive_hook_feed_state *state = state_;
566 struct command *cmd = state->cmd;
568 while (cmd &&
569 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
570 cmd = cmd->next;
571 if (!cmd)
572 return -1; /* EOF */
573 strbuf_reset(&state->buf);
574 strbuf_addf(&state->buf, "%s %s %s\n",
575 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
576 cmd->ref_name);
577 state->cmd = cmd->next;
578 if (bufp) {
579 *bufp = state->buf.buf;
580 *sizep = state->buf.len;
582 return 0;
585 static int run_receive_hook(struct command *commands, const char *hook_name,
586 int skip_broken)
588 struct receive_hook_feed_state state;
589 int status;
591 strbuf_init(&state.buf, 0);
592 state.cmd = commands;
593 state.skip_broken = skip_broken;
594 if (feed_receive_hook(&state, NULL, NULL))
595 return 0;
596 state.cmd = commands;
597 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
598 strbuf_release(&state.buf);
599 return status;
602 static int run_update_hook(struct command *cmd)
604 const char *argv[5];
605 struct child_process proc;
606 int code;
608 argv[0] = find_hook("update");
609 if (!argv[0])
610 return 0;
612 argv[1] = cmd->ref_name;
613 argv[2] = sha1_to_hex(cmd->old_sha1);
614 argv[3] = sha1_to_hex(cmd->new_sha1);
615 argv[4] = NULL;
617 memset(&proc, 0, sizeof(proc));
618 proc.no_stdin = 1;
619 proc.stdout_to_stderr = 1;
620 proc.err = use_sideband ? -1 : 0;
621 proc.argv = argv;
623 code = start_command(&proc);
624 if (code)
625 return code;
626 if (use_sideband)
627 copy_to_sideband(proc.err, -1, NULL);
628 return finish_command(&proc);
631 static int is_ref_checked_out(const char *ref)
633 if (is_bare_repository())
634 return 0;
636 if (!head_name)
637 return 0;
638 return !strcmp(head_name, ref);
641 static char *refuse_unconfigured_deny_msg[] = {
642 "By default, updating the current branch in a non-bare repository",
643 "is denied, because it will make the index and work tree inconsistent",
644 "with what you pushed, and will require 'git reset --hard' to match",
645 "the work tree to HEAD.",
647 "You can set 'receive.denyCurrentBranch' configuration variable to",
648 "'ignore' or 'warn' in the remote repository to allow pushing into",
649 "its current branch; however, this is not recommended unless you",
650 "arranged to update its work tree to match what you pushed in some",
651 "other way.",
653 "To squelch this message and still keep the default behaviour, set",
654 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
657 static void refuse_unconfigured_deny(void)
659 int i;
660 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
661 rp_error("%s", refuse_unconfigured_deny_msg[i]);
664 static char *refuse_unconfigured_deny_delete_current_msg[] = {
665 "By default, deleting the current branch is denied, because the next",
666 "'git clone' won't result in any file checked out, causing confusion.",
668 "You can set 'receive.denyDeleteCurrent' configuration variable to",
669 "'warn' or 'ignore' in the remote repository to allow deleting the",
670 "current branch, with or without a warning message.",
672 "To squelch this message, you can set it to 'refuse'."
675 static void refuse_unconfigured_deny_delete_current(void)
677 int i;
678 for (i = 0;
679 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
680 i++)
681 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
684 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
685 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
687 static struct lock_file shallow_lock;
688 struct sha1_array extra = SHA1_ARRAY_INIT;
689 const char *alt_file;
690 uint32_t mask = 1 << (cmd->index % 32);
691 int i;
693 trace_printf_key(&trace_shallow,
694 "shallow: update_shallow_ref %s\n", cmd->ref_name);
695 for (i = 0; i < si->shallow->nr; i++)
696 if (si->used_shallow[i] &&
697 (si->used_shallow[i][cmd->index / 32] & mask) &&
698 !delayed_reachability_test(si, i))
699 sha1_array_append(&extra, si->shallow->sha1[i]);
701 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
702 if (check_shallow_connected(command_singleton_iterator,
703 0, cmd, alt_file)) {
704 rollback_lock_file(&shallow_lock);
705 sha1_array_clear(&extra);
706 return -1;
709 commit_lock_file(&shallow_lock);
712 * Make sure setup_alternate_shallow() for the next ref does
713 * not lose these new roots..
715 for (i = 0; i < extra.nr; i++)
716 register_shallow(extra.sha1[i]);
718 si->shallow_ref[cmd->index] = 0;
719 sha1_array_clear(&extra);
720 return 0;
723 static const char *update(struct command *cmd, struct shallow_info *si)
725 const char *name = cmd->ref_name;
726 struct strbuf namespaced_name_buf = STRBUF_INIT;
727 const char *namespaced_name;
728 unsigned char *old_sha1 = cmd->old_sha1;
729 unsigned char *new_sha1 = cmd->new_sha1;
730 struct ref_lock *lock;
732 /* only refs/... are allowed */
733 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
734 rp_error("refusing to create funny ref '%s' remotely", name);
735 return "funny refname";
738 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
739 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
741 if (is_ref_checked_out(namespaced_name)) {
742 switch (deny_current_branch) {
743 case DENY_IGNORE:
744 break;
745 case DENY_WARN:
746 rp_warning("updating the current branch");
747 break;
748 case DENY_REFUSE:
749 case DENY_UNCONFIGURED:
750 rp_error("refusing to update checked out branch: %s", name);
751 if (deny_current_branch == DENY_UNCONFIGURED)
752 refuse_unconfigured_deny();
753 return "branch is currently checked out";
757 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
758 error("unpack should have generated %s, "
759 "but I can't find it!", sha1_to_hex(new_sha1));
760 return "bad pack";
763 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
764 if (deny_deletes && starts_with(name, "refs/heads/")) {
765 rp_error("denying ref deletion for %s", name);
766 return "deletion prohibited";
769 if (!strcmp(namespaced_name, head_name)) {
770 switch (deny_delete_current) {
771 case DENY_IGNORE:
772 break;
773 case DENY_WARN:
774 rp_warning("deleting the current branch");
775 break;
776 case DENY_REFUSE:
777 case DENY_UNCONFIGURED:
778 if (deny_delete_current == DENY_UNCONFIGURED)
779 refuse_unconfigured_deny_delete_current();
780 rp_error("refusing to delete the current branch: %s", name);
781 return "deletion of the current branch prohibited";
786 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
787 !is_null_sha1(old_sha1) &&
788 starts_with(name, "refs/heads/")) {
789 struct object *old_object, *new_object;
790 struct commit *old_commit, *new_commit;
792 old_object = parse_object(old_sha1);
793 new_object = parse_object(new_sha1);
795 if (!old_object || !new_object ||
796 old_object->type != OBJ_COMMIT ||
797 new_object->type != OBJ_COMMIT) {
798 error("bad sha1 objects for %s", name);
799 return "bad ref";
801 old_commit = (struct commit *)old_object;
802 new_commit = (struct commit *)new_object;
803 if (!in_merge_bases(old_commit, new_commit)) {
804 rp_error("denying non-fast-forward %s"
805 " (you should pull first)", name);
806 return "non-fast-forward";
809 if (run_update_hook(cmd)) {
810 rp_error("hook declined to update %s", name);
811 return "hook declined";
814 if (is_null_sha1(new_sha1)) {
815 if (!parse_object(old_sha1)) {
816 old_sha1 = NULL;
817 if (ref_exists(name)) {
818 rp_warning("Allowing deletion of corrupt ref.");
819 } else {
820 rp_warning("Deleting a non-existent ref.");
821 cmd->did_not_exist = 1;
824 if (delete_ref(namespaced_name, old_sha1, 0)) {
825 rp_error("failed to delete %s", name);
826 return "failed to delete";
828 return NULL; /* good */
830 else {
831 if (shallow_update && si->shallow_ref[cmd->index] &&
832 update_shallow_ref(cmd, si))
833 return "shallow error";
835 lock = lock_any_ref_for_update(namespaced_name, old_sha1,
836 0, NULL);
837 if (!lock) {
838 rp_error("failed to lock %s", name);
839 return "failed to lock";
841 if (write_ref_sha1(lock, new_sha1, "push")) {
842 return "failed to write"; /* error() already called */
844 return NULL; /* good */
848 static void run_update_post_hook(struct command *commands)
850 struct command *cmd;
851 int argc;
852 const char **argv;
853 struct child_process proc;
854 char *hook;
856 hook = find_hook("post-update");
857 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
858 if (cmd->error_string || cmd->did_not_exist)
859 continue;
860 argc++;
862 if (!argc || !hook)
863 return;
865 argv = xmalloc(sizeof(*argv) * (2 + argc));
866 argv[0] = hook;
868 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
869 if (cmd->error_string || cmd->did_not_exist)
870 continue;
871 argv[argc] = xstrdup(cmd->ref_name);
872 argc++;
874 argv[argc] = NULL;
876 memset(&proc, 0, sizeof(proc));
877 proc.no_stdin = 1;
878 proc.stdout_to_stderr = 1;
879 proc.err = use_sideband ? -1 : 0;
880 proc.argv = argv;
882 if (!start_command(&proc)) {
883 if (use_sideband)
884 copy_to_sideband(proc.err, -1, NULL);
885 finish_command(&proc);
889 static void check_aliased_update(struct command *cmd, struct string_list *list)
891 struct strbuf buf = STRBUF_INIT;
892 const char *dst_name;
893 struct string_list_item *item;
894 struct command *dst_cmd;
895 unsigned char sha1[20];
896 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
897 int flag;
899 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
900 dst_name = resolve_ref_unsafe(buf.buf, sha1, 0, &flag);
901 strbuf_release(&buf);
903 if (!(flag & REF_ISSYMREF))
904 return;
906 dst_name = strip_namespace(dst_name);
907 if (!dst_name) {
908 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
909 cmd->skip_update = 1;
910 cmd->error_string = "broken symref";
911 return;
914 if ((item = string_list_lookup(list, dst_name)) == NULL)
915 return;
917 cmd->skip_update = 1;
919 dst_cmd = (struct command *) item->util;
921 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
922 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
923 return;
925 dst_cmd->skip_update = 1;
927 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
928 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
929 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
930 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
931 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
932 " its target '%s' (%s..%s)",
933 cmd->ref_name, cmd_oldh, cmd_newh,
934 dst_cmd->ref_name, dst_oldh, dst_newh);
936 cmd->error_string = dst_cmd->error_string =
937 "inconsistent aliased update";
940 static void check_aliased_updates(struct command *commands)
942 struct command *cmd;
943 struct string_list ref_list = STRING_LIST_INIT_NODUP;
945 for (cmd = commands; cmd; cmd = cmd->next) {
946 struct string_list_item *item =
947 string_list_append(&ref_list, cmd->ref_name);
948 item->util = (void *)cmd;
950 sort_string_list(&ref_list);
952 for (cmd = commands; cmd; cmd = cmd->next) {
953 if (!cmd->error_string)
954 check_aliased_update(cmd, &ref_list);
957 string_list_clear(&ref_list, 0);
960 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
962 struct command **cmd_list = cb_data;
963 struct command *cmd = *cmd_list;
965 if (!cmd || is_null_sha1(cmd->new_sha1))
966 return -1; /* end of list */
967 *cmd_list = NULL; /* this returns only one */
968 hashcpy(sha1, cmd->new_sha1);
969 return 0;
972 static void set_connectivity_errors(struct command *commands,
973 struct shallow_info *si)
975 struct command *cmd;
977 for (cmd = commands; cmd; cmd = cmd->next) {
978 struct command *singleton = cmd;
979 if (shallow_update && si->shallow_ref[cmd->index])
980 /* to be checked in update_shallow_ref() */
981 continue;
982 if (!check_everything_connected(command_singleton_iterator,
983 0, &singleton))
984 continue;
985 cmd->error_string = "missing necessary objects";
989 struct iterate_data {
990 struct command *cmds;
991 struct shallow_info *si;
994 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
996 struct iterate_data *data = cb_data;
997 struct command **cmd_list = &data->cmds;
998 struct command *cmd = *cmd_list;
1000 for (; cmd; cmd = cmd->next) {
1001 if (shallow_update && data->si->shallow_ref[cmd->index])
1002 /* to be checked in update_shallow_ref() */
1003 continue;
1004 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1005 hashcpy(sha1, cmd->new_sha1);
1006 *cmd_list = cmd->next;
1007 return 0;
1010 *cmd_list = NULL;
1011 return -1; /* end of list */
1014 static void reject_updates_to_hidden(struct command *commands)
1016 struct command *cmd;
1018 for (cmd = commands; cmd; cmd = cmd->next) {
1019 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1020 continue;
1021 if (is_null_sha1(cmd->new_sha1))
1022 cmd->error_string = "deny deleting a hidden ref";
1023 else
1024 cmd->error_string = "deny updating a hidden ref";
1028 static void execute_commands(struct command *commands,
1029 const char *unpacker_error,
1030 struct shallow_info *si)
1032 int checked_connectivity;
1033 struct command *cmd;
1034 unsigned char sha1[20];
1035 struct iterate_data data;
1037 if (unpacker_error) {
1038 for (cmd = commands; cmd; cmd = cmd->next)
1039 cmd->error_string = "unpacker error";
1040 return;
1043 data.cmds = commands;
1044 data.si = si;
1045 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1046 set_connectivity_errors(commands, si);
1048 reject_updates_to_hidden(commands);
1050 if (run_receive_hook(commands, "pre-receive", 0)) {
1051 for (cmd = commands; cmd; cmd = cmd->next) {
1052 if (!cmd->error_string)
1053 cmd->error_string = "pre-receive hook declined";
1055 return;
1058 check_aliased_updates(commands);
1060 free(head_name_to_free);
1061 head_name = head_name_to_free = resolve_refdup("HEAD", sha1, 0, NULL);
1063 checked_connectivity = 1;
1064 for (cmd = commands; cmd; cmd = cmd->next) {
1065 if (cmd->error_string)
1066 continue;
1068 if (cmd->skip_update)
1069 continue;
1071 cmd->error_string = update(cmd, si);
1072 if (shallow_update && !cmd->error_string &&
1073 si->shallow_ref[cmd->index]) {
1074 error("BUG: connectivity check has not been run on ref %s",
1075 cmd->ref_name);
1076 checked_connectivity = 0;
1080 if (shallow_update && !checked_connectivity)
1081 error("BUG: run 'git fsck' for safety.\n"
1082 "If there are errors, try to remove "
1083 "the reported refs above");
1086 static struct command **queue_command(struct command **tail,
1087 const char *line,
1088 int linelen)
1090 unsigned char old_sha1[20], new_sha1[20];
1091 struct command *cmd;
1092 const char *refname;
1093 int reflen;
1095 if (linelen < 83 ||
1096 line[40] != ' ' ||
1097 line[81] != ' ' ||
1098 get_sha1_hex(line, old_sha1) ||
1099 get_sha1_hex(line + 41, new_sha1))
1100 die("protocol error: expected old/new/ref, got '%s'", line);
1102 refname = line + 82;
1103 reflen = linelen - 82;
1104 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1105 hashcpy(cmd->old_sha1, old_sha1);
1106 hashcpy(cmd->new_sha1, new_sha1);
1107 memcpy(cmd->ref_name, refname, reflen);
1108 cmd->ref_name[reflen] = '\0';
1109 *tail = cmd;
1110 return &cmd->next;
1113 static void queue_commands_from_cert(struct command **tail,
1114 struct strbuf *push_cert)
1116 const char *boc, *eoc;
1118 if (*tail)
1119 die("protocol error: got both push certificate and unsigned commands");
1121 boc = strstr(push_cert->buf, "\n\n");
1122 if (!boc)
1123 die("malformed push certificate %.*s", 100, push_cert->buf);
1124 else
1125 boc += 2;
1126 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1128 while (boc < eoc) {
1129 const char *eol = memchr(boc, '\n', eoc - boc);
1130 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1131 boc = eol ? eol + 1 : eoc;
1135 static struct command *read_head_info(struct sha1_array *shallow)
1137 struct command *commands = NULL;
1138 struct command **p = &commands;
1139 for (;;) {
1140 char *line;
1141 int len, linelen;
1143 line = packet_read_line(0, &len);
1144 if (!line)
1145 break;
1147 if (len == 48 && starts_with(line, "shallow ")) {
1148 unsigned char sha1[20];
1149 if (get_sha1_hex(line + 8, sha1))
1150 die("protocol error: expected shallow sha, got '%s'",
1151 line + 8);
1152 sha1_array_append(shallow, sha1);
1153 continue;
1156 linelen = strlen(line);
1157 if (linelen < len) {
1158 const char *feature_list = line + linelen + 1;
1159 if (parse_feature_request(feature_list, "report-status"))
1160 report_status = 1;
1161 if (parse_feature_request(feature_list, "side-band-64k"))
1162 use_sideband = LARGE_PACKET_MAX;
1163 if (parse_feature_request(feature_list, "quiet"))
1164 quiet = 1;
1167 if (!strcmp(line, "push-cert")) {
1168 int true_flush = 0;
1169 char certbuf[1024];
1171 for (;;) {
1172 len = packet_read(0, NULL, NULL,
1173 certbuf, sizeof(certbuf), 0);
1174 if (!len) {
1175 true_flush = 1;
1176 break;
1178 if (!strcmp(certbuf, "push-cert-end\n"))
1179 break; /* end of cert */
1180 strbuf_addstr(&push_cert, certbuf);
1183 if (true_flush)
1184 break;
1185 continue;
1188 p = queue_command(p, line, linelen);
1191 if (push_cert.len)
1192 queue_commands_from_cert(p, &push_cert);
1194 return commands;
1197 static const char *parse_pack_header(struct pack_header *hdr)
1199 switch (read_pack_header(0, hdr)) {
1200 case PH_ERROR_EOF:
1201 return "eof before pack header was fully read";
1203 case PH_ERROR_PACK_SIGNATURE:
1204 return "protocol error (pack signature mismatch detected)";
1206 case PH_ERROR_PROTOCOL:
1207 return "protocol error (pack version unsupported)";
1209 default:
1210 return "unknown error in parse_pack_header";
1212 case 0:
1213 return NULL;
1217 static const char *pack_lockfile;
1219 static const char *unpack(int err_fd, struct shallow_info *si)
1221 struct pack_header hdr;
1222 struct argv_array av = ARGV_ARRAY_INIT;
1223 const char *hdr_err;
1224 int status;
1225 char hdr_arg[38];
1226 struct child_process child;
1227 int fsck_objects = (receive_fsck_objects >= 0
1228 ? receive_fsck_objects
1229 : transfer_fsck_objects >= 0
1230 ? transfer_fsck_objects
1231 : 0);
1233 hdr_err = parse_pack_header(&hdr);
1234 if (hdr_err) {
1235 if (err_fd > 0)
1236 close(err_fd);
1237 return hdr_err;
1239 snprintf(hdr_arg, sizeof(hdr_arg),
1240 "--pack_header=%"PRIu32",%"PRIu32,
1241 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1243 if (si->nr_ours || si->nr_theirs) {
1244 alt_shallow_file = setup_temporary_shallow(si->shallow);
1245 argv_array_pushl(&av, "--shallow-file", alt_shallow_file, NULL);
1248 memset(&child, 0, sizeof(child));
1249 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1250 argv_array_pushl(&av, "unpack-objects", hdr_arg, NULL);
1251 if (quiet)
1252 argv_array_push(&av, "-q");
1253 if (fsck_objects)
1254 argv_array_push(&av, "--strict");
1255 child.argv = av.argv;
1256 child.no_stdout = 1;
1257 child.err = err_fd;
1258 child.git_cmd = 1;
1259 status = run_command(&child);
1260 if (status)
1261 return "unpack-objects abnormal exit";
1262 } else {
1263 int s;
1264 char keep_arg[256];
1266 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1267 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1268 strcpy(keep_arg + s, "localhost");
1270 argv_array_pushl(&av, "index-pack",
1271 "--stdin", hdr_arg, keep_arg, NULL);
1272 if (fsck_objects)
1273 argv_array_push(&av, "--strict");
1274 if (fix_thin)
1275 argv_array_push(&av, "--fix-thin");
1276 child.argv = av.argv;
1277 child.out = -1;
1278 child.err = err_fd;
1279 child.git_cmd = 1;
1280 status = start_command(&child);
1281 if (status)
1282 return "index-pack fork failed";
1283 pack_lockfile = index_pack_lockfile(child.out);
1284 close(child.out);
1285 status = finish_command(&child);
1286 if (status)
1287 return "index-pack abnormal exit";
1288 reprepare_packed_git();
1290 return NULL;
1293 static const char *unpack_with_sideband(struct shallow_info *si)
1295 struct async muxer;
1296 const char *ret;
1298 if (!use_sideband)
1299 return unpack(0, si);
1301 memset(&muxer, 0, sizeof(muxer));
1302 muxer.proc = copy_to_sideband;
1303 muxer.in = -1;
1304 if (start_async(&muxer))
1305 return NULL;
1307 ret = unpack(muxer.in, si);
1309 finish_async(&muxer);
1310 return ret;
1313 static void prepare_shallow_update(struct command *commands,
1314 struct shallow_info *si)
1316 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1318 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1319 si->shallow->nr);
1320 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1322 si->need_reachability_test =
1323 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1324 si->reachable =
1325 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1326 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1328 for (i = 0; i < si->nr_ours; i++)
1329 si->need_reachability_test[si->ours[i]] = 1;
1331 for (i = 0; i < si->shallow->nr; i++) {
1332 if (!si->used_shallow[i])
1333 continue;
1334 for (j = 0; j < bitmap_size; j++) {
1335 if (!si->used_shallow[i][j])
1336 continue;
1337 si->need_reachability_test[i]++;
1338 for (k = 0; k < 32; k++)
1339 if (si->used_shallow[i][j] & (1 << k))
1340 si->shallow_ref[j * 32 + k]++;
1344 * true for those associated with some refs and belong
1345 * in "ours" list aka "step 7 not done yet"
1347 si->need_reachability_test[i] =
1348 si->need_reachability_test[i] > 1;
1352 * keep hooks happy by forcing a temporary shallow file via
1353 * env variable because we can't add --shallow-file to every
1354 * command. check_everything_connected() will be done with
1355 * true .git/shallow though.
1357 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1360 static void update_shallow_info(struct command *commands,
1361 struct shallow_info *si,
1362 struct sha1_array *ref)
1364 struct command *cmd;
1365 int *ref_status;
1366 remove_nonexistent_theirs_shallow(si);
1367 if (!si->nr_ours && !si->nr_theirs) {
1368 shallow_update = 0;
1369 return;
1372 for (cmd = commands; cmd; cmd = cmd->next) {
1373 if (is_null_sha1(cmd->new_sha1))
1374 continue;
1375 sha1_array_append(ref, cmd->new_sha1);
1376 cmd->index = ref->nr - 1;
1378 si->ref = ref;
1380 if (shallow_update) {
1381 prepare_shallow_update(commands, si);
1382 return;
1385 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1386 assign_shallow_commits_to_refs(si, NULL, ref_status);
1387 for (cmd = commands; cmd; cmd = cmd->next) {
1388 if (is_null_sha1(cmd->new_sha1))
1389 continue;
1390 if (ref_status[cmd->index]) {
1391 cmd->error_string = "shallow update not allowed";
1392 cmd->skip_update = 1;
1395 free(ref_status);
1398 static void report(struct command *commands, const char *unpack_status)
1400 struct command *cmd;
1401 struct strbuf buf = STRBUF_INIT;
1403 packet_buf_write(&buf, "unpack %s\n",
1404 unpack_status ? unpack_status : "ok");
1405 for (cmd = commands; cmd; cmd = cmd->next) {
1406 if (!cmd->error_string)
1407 packet_buf_write(&buf, "ok %s\n",
1408 cmd->ref_name);
1409 else
1410 packet_buf_write(&buf, "ng %s %s\n",
1411 cmd->ref_name, cmd->error_string);
1413 packet_buf_flush(&buf);
1415 if (use_sideband)
1416 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1417 else
1418 write_or_die(1, buf.buf, buf.len);
1419 strbuf_release(&buf);
1422 static int delete_only(struct command *commands)
1424 struct command *cmd;
1425 for (cmd = commands; cmd; cmd = cmd->next) {
1426 if (!is_null_sha1(cmd->new_sha1))
1427 return 0;
1429 return 1;
1432 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1434 int advertise_refs = 0;
1435 int i;
1436 struct command *commands;
1437 struct sha1_array shallow = SHA1_ARRAY_INIT;
1438 struct sha1_array ref = SHA1_ARRAY_INIT;
1439 struct shallow_info si;
1441 packet_trace_identity("receive-pack");
1443 argv++;
1444 for (i = 1; i < argc; i++) {
1445 const char *arg = *argv++;
1447 if (*arg == '-') {
1448 if (!strcmp(arg, "--quiet")) {
1449 quiet = 1;
1450 continue;
1453 if (!strcmp(arg, "--advertise-refs")) {
1454 advertise_refs = 1;
1455 continue;
1457 if (!strcmp(arg, "--stateless-rpc")) {
1458 stateless_rpc = 1;
1459 continue;
1461 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1462 fix_thin = 0;
1463 continue;
1466 usage(receive_pack_usage);
1468 if (service_dir)
1469 usage(receive_pack_usage);
1470 service_dir = arg;
1472 if (!service_dir)
1473 usage(receive_pack_usage);
1475 setup_path();
1477 if (!enter_repo(service_dir, 0))
1478 die("'%s' does not appear to be a git repository", service_dir);
1480 git_config(receive_pack_config, NULL);
1481 if (cert_nonce_seed)
1482 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1484 if (0 <= transfer_unpack_limit)
1485 unpack_limit = transfer_unpack_limit;
1486 else if (0 <= receive_unpack_limit)
1487 unpack_limit = receive_unpack_limit;
1489 if (advertise_refs || !stateless_rpc) {
1490 write_head_info();
1492 if (advertise_refs)
1493 return 0;
1495 if ((commands = read_head_info(&shallow)) != NULL) {
1496 const char *unpack_status = NULL;
1498 prepare_shallow_info(&si, &shallow);
1499 if (!si.nr_ours && !si.nr_theirs)
1500 shallow_update = 0;
1501 if (!delete_only(commands)) {
1502 unpack_status = unpack_with_sideband(&si);
1503 update_shallow_info(commands, &si, &ref);
1505 execute_commands(commands, unpack_status, &si);
1506 if (pack_lockfile)
1507 unlink_or_warn(pack_lockfile);
1508 if (report_status)
1509 report(commands, unpack_status);
1510 run_receive_hook(commands, "post-receive", 1);
1511 run_update_post_hook(commands);
1512 if (auto_gc) {
1513 const char *argv_gc_auto[] = {
1514 "gc", "--auto", "--quiet", NULL,
1516 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1517 run_command_v_opt(argv_gc_auto, opt);
1519 if (auto_update_server_info)
1520 update_server_info(0);
1521 clear_shallow_info(&si);
1523 if (use_sideband)
1524 packet_flush(1);
1525 sha1_array_clear(&shallow);
1526 sha1_array_clear(&ref);
1527 free((void *)push_cert_nonce);
1528 return 0;