search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'jk/ambiguous-short-object-names'
[git/git-svn.git] / builtin / receive-pack.c
blobf7cd1802524e2ba41a41d6479e69534dc042b404
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23
24 static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
27 };
28
29 enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
35 };
36
37 static int deny_deletes;
38 static int deny_non_fast_forwards;
39 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41 static int receive_fsck_objects = -1;
42 static int transfer_fsck_objects = -1;
43 static struct strbuf fsck_msg_types = STRBUF_INIT;
44 static int receive_unpack_limit = -1;
45 static int transfer_unpack_limit = -1;
46 static int advertise_atomic_push = 1;
47 static int advertise_push_options;
48 static int unpack_limit = 100;
49 static off_t max_input_size;
50 static int report_status;
51 static int use_sideband;
52 static int use_atomic;
53 static int use_push_options;
54 static int quiet;
55 static int prefer_ofs_delta = 1;
56 static int auto_update_server_info;
57 static int auto_gc = 1;
58 static int reject_thin;
59 static int stateless_rpc;
60 static const char *service_dir;
61 static const char *head_name;
62 static void *head_name_to_free;
63 static int sent_capabilities;
64 static int shallow_update;
65 static const char *alt_shallow_file;
66 static struct strbuf push_cert = STRBUF_INIT;
67 static unsigned char push_cert_sha1[20];
68 static struct signature_check sigcheck;
69 static const char *push_cert_nonce;
70 static const char *cert_nonce_seed;
71
72 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
73 static const char *NONCE_BAD = "BAD";
74 static const char *NONCE_MISSING = "MISSING";
75 static const char *NONCE_OK = "OK";
76 static const char *NONCE_SLOP = "SLOP";
77 static const char *nonce_status;
78 static long nonce_stamp_slop;
79 static unsigned long nonce_stamp_slop_limit;
80 static struct ref_transaction *transaction;
81
82 static enum {
83 KEEPALIVE_NEVER = 0,
84 KEEPALIVE_AFTER_NUL,
85 KEEPALIVE_ALWAYS
86 } use_keepalive;
87 static int keepalive_in_sec = 5;
88
89 static enum deny_action parse_deny_action(const char *var, const char *value)
90 {
91 if (value) {
92 if (!strcasecmp(value, "ignore"))
93 return DENY_IGNORE;
94 if (!strcasecmp(value, "warn"))
95 return DENY_WARN;
96 if (!strcasecmp(value, "refuse"))
97 return DENY_REFUSE;
98 if (!strcasecmp(value, "updateinstead"))
99 return DENY_UPDATE_INSTEAD;
100 }
101 if (git_config_bool(var, value))
102 return DENY_REFUSE;
103 return DENY_IGNORE;
104 }
105
106 static int receive_pack_config(const char *var, const char *value, void *cb)
107 {
108 int status = parse_hide_refs_config(var, value, "receive");
109
110 if (status)
111 return status;
112
113 if (strcmp(var, "receive.denydeletes") == 0) {
114 deny_deletes = git_config_bool(var, value);
115 return 0;
116 }
117
118 if (strcmp(var, "receive.denynonfastforwards") == 0) {
119 deny_non_fast_forwards = git_config_bool(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "receive.unpacklimit") == 0) {
124 receive_unpack_limit = git_config_int(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "transfer.unpacklimit") == 0) {
129 transfer_unpack_limit = git_config_int(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.fsck.skiplist") == 0) {
134 const char *path;
135
136 if (git_config_pathname(&path, var, value))
137 return 1;
138 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
139 fsck_msg_types.len ? ',' : '=', path);
140 free((char *)path);
141 return 0;
142 }
143
144 if (skip_prefix(var, "receive.fsck.", &var)) {
145 if (is_valid_msg_type(var, value))
146 strbuf_addf(&fsck_msg_types, "%c%s=%s",
147 fsck_msg_types.len ? ',' : '=', var, value);
148 else
149 warning("Skipping unknown msg id '%s'", var);
150 return 0;
151 }
152
153 if (strcmp(var, "receive.fsckobjects") == 0) {
154 receive_fsck_objects = git_config_bool(var, value);
155 return 0;
156 }
157
158 if (strcmp(var, "transfer.fsckobjects") == 0) {
159 transfer_fsck_objects = git_config_bool(var, value);
160 return 0;
161 }
162
163 if (!strcmp(var, "receive.denycurrentbranch")) {
164 deny_current_branch = parse_deny_action(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "receive.denydeletecurrent") == 0) {
169 deny_delete_current = parse_deny_action(var, value);
170 return 0;
171 }
172
173 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
174 prefer_ofs_delta = git_config_bool(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.updateserverinfo") == 0) {
179 auto_update_server_info = git_config_bool(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "receive.autogc") == 0) {
184 auto_gc = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.shallowupdate") == 0) {
189 shallow_update = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.certnonceseed") == 0)
194 return git_config_string(&cert_nonce_seed, var, value);
195
196 if (strcmp(var, "receive.certnonceslop") == 0) {
197 nonce_stamp_slop_limit = git_config_ulong(var, value);
198 return 0;
199 }
200
201 if (strcmp(var, "receive.advertiseatomic") == 0) {
202 advertise_atomic_push = git_config_bool(var, value);
203 return 0;
204 }
205
206 if (strcmp(var, "receive.advertisepushoptions") == 0) {
207 advertise_push_options = git_config_bool(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.keepalive") == 0) {
212 keepalive_in_sec = git_config_int(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.maxinputsize") == 0) {
217 max_input_size = git_config_int64(var, value);
218 return 0;
219 }
220
221 return git_default_config(var, value, cb);
222 }
223
224 static void show_ref(const char *path, const unsigned char *sha1)
225 {
226 if (sent_capabilities) {
227 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
228 } else {
229 struct strbuf cap = STRBUF_INIT;
230
231 strbuf_addstr(&cap,
232 "report-status delete-refs side-band-64k quiet");
233 if (advertise_atomic_push)
234 strbuf_addstr(&cap, " atomic");
235 if (prefer_ofs_delta)
236 strbuf_addstr(&cap, " ofs-delta");
237 if (push_cert_nonce)
238 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
239 if (advertise_push_options)
240 strbuf_addstr(&cap, " push-options");
241 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
242 packet_write(1, "%s %s%c%s\n",
243 sha1_to_hex(sha1), path, 0, cap.buf);
244 strbuf_release(&cap);
245 sent_capabilities = 1;
246 }
247 }
248
249 static int show_ref_cb(const char *path_full, const struct object_id *oid,
250 int flag, void *unused)
251 {
252 const char *path = strip_namespace(path_full);
253
254 if (ref_is_hidden(path, path_full))
255 return 0;
256
257 /*
258 * Advertise refs outside our current namespace as ".have"
259 * refs, so that the client can use them to minimize data
260 * transfer but will otherwise ignore them. This happens to
261 * cover ".have" that are thrown in by add_one_alternate_ref()
262 * to mark histories that are complete in our alternates as
263 * well.
264 */
265 if (!path)
266 path = ".have";
267 show_ref(path, oid->hash);
268 return 0;
269 }
270
271 static int show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
272 {
273 show_ref(".have", sha1);
274 return 0;
275 }
276
277 static void collect_one_alternate_ref(const struct ref *ref, void *data)
278 {
279 struct sha1_array *sa = data;
280 sha1_array_append(sa, ref->old_oid.hash);
281 }
282
283 static void write_head_info(void)
284 {
285 struct sha1_array sa = SHA1_ARRAY_INIT;
286
287 for_each_alternate_ref(collect_one_alternate_ref, &sa);
288 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
289 sha1_array_clear(&sa);
290 for_each_ref(show_ref_cb, NULL);
291 if (!sent_capabilities)
292 show_ref("capabilities^{}", null_sha1);
293
294 advertise_shallow_grafts(1);
295
296 /* EOF */
297 packet_flush(1);
298 }
299
300 struct command {
301 struct command *next;
302 const char *error_string;
303 unsigned int skip_update:1,
304 did_not_exist:1;
305 int index;
306 unsigned char old_sha1[20];
307 unsigned char new_sha1[20];
308 char ref_name[FLEX_ARRAY]; /* more */
309 };
310
311 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
312 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
313
314 static void report_message(const char *prefix, const char *err, va_list params)
315 {
316 int sz;
317 char msg[4096];
318
319 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
320 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
321 if (sz > (sizeof(msg) - 1))
322 sz = sizeof(msg) - 1;
323 msg[sz++] = '\n';
324
325 if (use_sideband)
326 send_sideband(1, 2, msg, sz, use_sideband);
327 else
328 xwrite(2, msg, sz);
329 }
330
331 static void rp_warning(const char *err, ...)
332 {
333 va_list params;
334 va_start(params, err);
335 report_message("warning: ", err, params);
336 va_end(params);
337 }
338
339 static void rp_error(const char *err, ...)
340 {
341 va_list params;
342 va_start(params, err);
343 report_message("error: ", err, params);
344 va_end(params);
345 }
346
347 static int copy_to_sideband(int in, int out, void *arg)
348 {
349 char data[128];
350 int keepalive_active = 0;
351
352 if (keepalive_in_sec <= 0)
353 use_keepalive = KEEPALIVE_NEVER;
354 if (use_keepalive == KEEPALIVE_ALWAYS)
355 keepalive_active = 1;
356
357 while (1) {
358 ssize_t sz;
359
360 if (keepalive_active) {
361 struct pollfd pfd;
362 int ret;
363
364 pfd.fd = in;
365 pfd.events = POLLIN;
366 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
367
368 if (ret < 0) {
369 if (errno == EINTR)
370 continue;
371 else
372 break;
373 } else if (ret == 0) {
374 /* no data; send a keepalive packet */
375 static const char buf[] = "0005\1";
376 write_or_die(1, buf, sizeof(buf) - 1);
377 continue;
378 } /* else there is actual data to read */
379 }
380
381 sz = xread(in, data, sizeof(data));
382 if (sz <= 0)
383 break;
384
385 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
386 const char *p = memchr(data, '\0', sz);
387 if (p) {
388 /*
389 * The NUL tells us to start sending keepalives. Make
390 * sure we send any other data we read along
391 * with it.
392 */
393 keepalive_active = 1;
394 send_sideband(1, 2, data, p - data, use_sideband);
395 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
396 continue;
397 }
398 }
399
400 /*
401 * Either we're not looking for a NUL signal, or we didn't see
402 * it yet; just pass along the data.
403 */
404 send_sideband(1, 2, data, sz, use_sideband);
405 }
406 close(in);
407 return 0;
408 }
409
410 #define HMAC_BLOCK_SIZE 64
411
412 static void hmac_sha1(unsigned char *out,
413 const char *key_in, size_t key_len,
414 const char *text, size_t text_len)
415 {
416 unsigned char key[HMAC_BLOCK_SIZE];
417 unsigned char k_ipad[HMAC_BLOCK_SIZE];
418 unsigned char k_opad[HMAC_BLOCK_SIZE];
419 int i;
420 git_SHA_CTX ctx;
421
422 /* RFC 2104 2. (1) */
423 memset(key, '\0', HMAC_BLOCK_SIZE);
424 if (HMAC_BLOCK_SIZE < key_len) {
425 git_SHA1_Init(&ctx);
426 git_SHA1_Update(&ctx, key_in, key_len);
427 git_SHA1_Final(key, &ctx);
428 } else {
429 memcpy(key, key_in, key_len);
430 }
431
432 /* RFC 2104 2. (2) & (5) */
433 for (i = 0; i < sizeof(key); i++) {
434 k_ipad[i] = key[i] ^ 0x36;
435 k_opad[i] = key[i] ^ 0x5c;
436 }
437
438 /* RFC 2104 2. (3) & (4) */
439 git_SHA1_Init(&ctx);
440 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
441 git_SHA1_Update(&ctx, text, text_len);
442 git_SHA1_Final(out, &ctx);
443
444 /* RFC 2104 2. (6) & (7) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
447 git_SHA1_Update(&ctx, out, 20);
448 git_SHA1_Final(out, &ctx);
449 }
450
451 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
452 {
453 struct strbuf buf = STRBUF_INIT;
454 unsigned char sha1[20];
455
456 strbuf_addf(&buf, "%s:%lu", path, stamp);
457 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
458 strbuf_release(&buf);
459
460 /* RFC 2104 5. HMAC-SHA1-80 */
461 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
462 return strbuf_detach(&buf, NULL);
463 }
464
465 /*
466 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
467 * after dropping "_commit" from its name and possibly moving it out
468 * of commit.c
469 */
470 static char *find_header(const char *msg, size_t len, const char *key)
471 {
472 int key_len = strlen(key);
473 const char *line = msg;
474
475 while (line && line < msg + len) {
476 const char *eol = strchrnul(line, '\n');
477
478 if ((msg + len <= eol) || line == eol)
479 return NULL;
480 if (line + key_len < eol &&
481 !memcmp(line, key, key_len) && line[key_len] == ' ') {
482 int offset = key_len + 1;
483 return xmemdupz(line + offset, (eol - line) - offset);
484 }
485 line = *eol ? eol + 1 : NULL;
486 }
487 return NULL;
488 }
489
490 static const char *check_nonce(const char *buf, size_t len)
491 {
492 char *nonce = find_header(buf, len, "nonce");
493 unsigned long stamp, ostamp;
494 char *bohmac, *expect = NULL;
495 const char *retval = NONCE_BAD;
496
497 if (!nonce) {
498 retval = NONCE_MISSING;
499 goto leave;
500 } else if (!push_cert_nonce) {
501 retval = NONCE_UNSOLICITED;
502 goto leave;
503 } else if (!strcmp(push_cert_nonce, nonce)) {
504 retval = NONCE_OK;
505 goto leave;
506 }
507
508 if (!stateless_rpc) {
509 /* returned nonce MUST match what we gave out earlier */
510 retval = NONCE_BAD;
511 goto leave;
512 }
513
514 /*
515 * In stateless mode, we may be receiving a nonce issued by
516 * another instance of the server that serving the same
517 * repository, and the timestamps may not match, but the
518 * nonce-seed and dir should match, so we can recompute and
519 * report the time slop.
520 *
521 * In addition, when a nonce issued by another instance has
522 * timestamp within receive.certnonceslop seconds, we pretend
523 * as if we issued that nonce when reporting to the hook.
524 */
525
526 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
527 if (*nonce <= '0' || '9' < *nonce) {
528 retval = NONCE_BAD;
529 goto leave;
530 }
531 stamp = strtoul(nonce, &bohmac, 10);
532 if (bohmac == nonce || bohmac[0] != '-') {
533 retval = NONCE_BAD;
534 goto leave;
535 }
536
537 expect = prepare_push_cert_nonce(service_dir, stamp);
538 if (strcmp(expect, nonce)) {
539 /* Not what we would have signed earlier */
540 retval = NONCE_BAD;
541 goto leave;
542 }
543
544 /*
545 * By how many seconds is this nonce stale? Negative value
546 * would mean it was issued by another server with its clock
547 * skewed in the future.
548 */
549 ostamp = strtoul(push_cert_nonce, NULL, 10);
550 nonce_stamp_slop = (long)ostamp - (long)stamp;
551
552 if (nonce_stamp_slop_limit &&
553 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
554 /*
555 * Pretend as if the received nonce (which passes the
556 * HMAC check, so it is not a forged by third-party)
557 * is what we issued.
558 */
559 free((void *)push_cert_nonce);
560 push_cert_nonce = xstrdup(nonce);
561 retval = NONCE_OK;
562 } else {
563 retval = NONCE_SLOP;
564 }
565
566 leave:
567 free(nonce);
568 free(expect);
569 return retval;
570 }
571
572 static void prepare_push_cert_sha1(struct child_process *proc)
573 {
574 static int already_done;
575
576 if (!push_cert.len)
577 return;
578
579 if (!already_done) {
580 struct strbuf gpg_output = STRBUF_INIT;
581 struct strbuf gpg_status = STRBUF_INIT;
582 int bogs /* beginning_of_gpg_sig */;
583
584 already_done = 1;
585 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
586 hashclr(push_cert_sha1);
587
588 memset(&sigcheck, '\0', sizeof(sigcheck));
589 sigcheck.result = 'N';
590
591 bogs = parse_signature(push_cert.buf, push_cert.len);
592 if (verify_signed_buffer(push_cert.buf, bogs,
593 push_cert.buf + bogs, push_cert.len - bogs,
594 &gpg_output, &gpg_status) < 0) {
595 ; /* error running gpg */
596 } else {
597 sigcheck.payload = push_cert.buf;
598 sigcheck.gpg_output = gpg_output.buf;
599 sigcheck.gpg_status = gpg_status.buf;
600 parse_gpg_output(&sigcheck);
601 }
602
603 strbuf_release(&gpg_output);
604 strbuf_release(&gpg_status);
605 nonce_status = check_nonce(push_cert.buf, bogs);
606 }
607 if (!is_null_sha1(push_cert_sha1)) {
608 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
609 sha1_to_hex(push_cert_sha1));
610 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
611 sigcheck.signer ? sigcheck.signer : "");
612 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
613 sigcheck.key ? sigcheck.key : "");
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
615 sigcheck.result);
616 if (push_cert_nonce) {
617 argv_array_pushf(&proc->env_array,
618 "GIT_PUSH_CERT_NONCE=%s",
619 push_cert_nonce);
620 argv_array_pushf(&proc->env_array,
621 "GIT_PUSH_CERT_NONCE_STATUS=%s",
622 nonce_status);
623 if (nonce_status == NONCE_SLOP)
624 argv_array_pushf(&proc->env_array,
625 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
626 nonce_stamp_slop);
627 }
628 }
629 }
630
631 struct receive_hook_feed_state {
632 struct command *cmd;
633 int skip_broken;
634 struct strbuf buf;
635 const struct string_list *push_options;
636 };
637
638 typedef int (*feed_fn)(void *, const char **, size_t *);
639 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
640 struct receive_hook_feed_state *feed_state)
641 {
642 struct child_process proc = CHILD_PROCESS_INIT;
643 struct async muxer;
644 const char *argv[2];
645 int code;
646
647 argv[0] = find_hook(hook_name);
648 if (!argv[0])
649 return 0;
650
651 argv[1] = NULL;
652
653 proc.argv = argv;
654 proc.in = -1;
655 proc.stdout_to_stderr = 1;
656 if (feed_state->push_options) {
657 int i;
658 for (i = 0; i < feed_state->push_options->nr; i++)
659 argv_array_pushf(&proc.env_array,
660 "GIT_PUSH_OPTION_%d=%s", i,
661 feed_state->push_options->items[i].string);
662 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
663 feed_state->push_options->nr);
664 } else
665 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
666
667 if (use_sideband) {
668 memset(&muxer, 0, sizeof(muxer));
669 muxer.proc = copy_to_sideband;
670 muxer.in = -1;
671 code = start_async(&muxer);
672 if (code)
673 return code;
674 proc.err = muxer.in;
675 }
676
677 prepare_push_cert_sha1(&proc);
678
679 code = start_command(&proc);
680 if (code) {
681 if (use_sideband)
682 finish_async(&muxer);
683 return code;
684 }
685
686 sigchain_push(SIGPIPE, SIG_IGN);
687
688 while (1) {
689 const char *buf;
690 size_t n;
691 if (feed(feed_state, &buf, &n))
692 break;
693 if (write_in_full(proc.in, buf, n) != n)
694 break;
695 }
696 close(proc.in);
697 if (use_sideband)
698 finish_async(&muxer);
699
700 sigchain_pop(SIGPIPE);
701
702 return finish_command(&proc);
703 }
704
705 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
706 {
707 struct receive_hook_feed_state *state = state_;
708 struct command *cmd = state->cmd;
709
710 while (cmd &&
711 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
712 cmd = cmd->next;
713 if (!cmd)
714 return -1; /* EOF */
715 strbuf_reset(&state->buf);
716 strbuf_addf(&state->buf, "%s %s %s\n",
717 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
718 cmd->ref_name);
719 state->cmd = cmd->next;
720 if (bufp) {
721 *bufp = state->buf.buf;
722 *sizep = state->buf.len;
723 }
724 return 0;
725 }
726
727 static int run_receive_hook(struct command *commands,
728 const char *hook_name,
729 int skip_broken,
730 const struct string_list *push_options)
731 {
732 struct receive_hook_feed_state state;
733 int status;
734
735 strbuf_init(&state.buf, 0);
736 state.cmd = commands;
737 state.skip_broken = skip_broken;
738 if (feed_receive_hook(&state, NULL, NULL))
739 return 0;
740 state.cmd = commands;
741 state.push_options = push_options;
742 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
743 strbuf_release(&state.buf);
744 return status;
745 }
746
747 static int run_update_hook(struct command *cmd)
748 {
749 const char *argv[5];
750 struct child_process proc = CHILD_PROCESS_INIT;
751 int code;
752
753 argv[0] = find_hook("update");
754 if (!argv[0])
755 return 0;
756
757 argv[1] = cmd->ref_name;
758 argv[2] = sha1_to_hex(cmd->old_sha1);
759 argv[3] = sha1_to_hex(cmd->new_sha1);
760 argv[4] = NULL;
761
762 proc.no_stdin = 1;
763 proc.stdout_to_stderr = 1;
764 proc.err = use_sideband ? -1 : 0;
765 proc.argv = argv;
766
767 code = start_command(&proc);
768 if (code)
769 return code;
770 if (use_sideband)
771 copy_to_sideband(proc.err, -1, NULL);
772 return finish_command(&proc);
773 }
774
775 static int is_ref_checked_out(const char *ref)
776 {
777 if (is_bare_repository())
778 return 0;
779
780 if (!head_name)
781 return 0;
782 return !strcmp(head_name, ref);
783 }
784
785 static char *refuse_unconfigured_deny_msg =
786 N_("By default, updating the current branch in a non-bare repository\n"
787 "is denied, because it will make the index and work tree inconsistent\n"
788 "with what you pushed, and will require 'git reset --hard' to match\n"
789 "the work tree to HEAD.\n"
790 "\n"
791 "You can set 'receive.denyCurrentBranch' configuration variable to\n"
792 "'ignore' or 'warn' in the remote repository to allow pushing into\n"
793 "its current branch; however, this is not recommended unless you\n"
794 "arranged to update its work tree to match what you pushed in some\n"
795 "other way.\n"
796 "\n"
797 "To squelch this message and still keep the default behaviour, set\n"
798 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
799
800 static void refuse_unconfigured_deny(void)
801 {
802 rp_error("%s", _(refuse_unconfigured_deny_msg));
803 }
804
805 static char *refuse_unconfigured_deny_delete_current_msg =
806 N_("By default, deleting the current branch is denied, because the next\n"
807 "'git clone' won't result in any file checked out, causing confusion.\n"
808 "\n"
809 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
810 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
811 "current branch, with or without a warning message.\n"
812 "\n"
813 "To squelch this message, you can set it to 'refuse'.");
814
815 static void refuse_unconfigured_deny_delete_current(void)
816 {
817 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
818 }
819
820 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
821 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
822 {
823 static struct lock_file shallow_lock;
824 struct sha1_array extra = SHA1_ARRAY_INIT;
825 struct check_connected_options opt = CHECK_CONNECTED_INIT;
826 uint32_t mask = 1 << (cmd->index % 32);
827 int i;
828
829 trace_printf_key(&trace_shallow,
830 "shallow: update_shallow_ref %s\n", cmd->ref_name);
831 for (i = 0; i < si->shallow->nr; i++)
832 if (si->used_shallow[i] &&
833 (si->used_shallow[i][cmd->index / 32] & mask) &&
834 !delayed_reachability_test(si, i))
835 sha1_array_append(&extra, si->shallow->sha1[i]);
836
837 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
838 if (check_connected(command_singleton_iterator, cmd, &opt)) {
839 rollback_lock_file(&shallow_lock);
840 sha1_array_clear(&extra);
841 return -1;
842 }
843
844 commit_lock_file(&shallow_lock);
845
846 /*
847 * Make sure setup_alternate_shallow() for the next ref does
848 * not lose these new roots..
849 */
850 for (i = 0; i < extra.nr; i++)
851 register_shallow(extra.sha1[i]);
852
853 si->shallow_ref[cmd->index] = 0;
854 sha1_array_clear(&extra);
855 return 0;
856 }
857
858 /*
859 * NEEDSWORK: we should consolidate various implementions of "are we
860 * on an unborn branch?" test into one, and make the unified one more
861 * robust. !get_sha1() based check used here and elsewhere would not
862 * allow us to tell an unborn branch from corrupt ref, for example.
863 * For the purpose of fixing "deploy-to-update does not work when
864 * pushing into an empty repository" issue, this should suffice for
865 * now.
866 */
867 static int head_has_history(void)
868 {
869 unsigned char sha1[20];
870
871 return !get_sha1("HEAD", sha1);
872 }
873
874 static const char *push_to_deploy(unsigned char *sha1,
875 struct argv_array *env,
876 const char *work_tree)
877 {
878 const char *update_refresh[] = {
879 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
880 };
881 const char *diff_files[] = {
882 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
883 };
884 const char *diff_index[] = {
885 "diff-index", "--quiet", "--cached", "--ignore-submodules",
886 NULL, "--", NULL
887 };
888 const char *read_tree[] = {
889 "read-tree", "-u", "-m", NULL, NULL
890 };
891 struct child_process child = CHILD_PROCESS_INIT;
892
893 child.argv = update_refresh;
894 child.env = env->argv;
895 child.dir = work_tree;
896 child.no_stdin = 1;
897 child.stdout_to_stderr = 1;
898 child.git_cmd = 1;
899 if (run_command(&child))
900 return "Up-to-date check failed";
901
902 /* run_command() does not clean up completely; reinitialize */
903 child_process_init(&child);
904 child.argv = diff_files;
905 child.env = env->argv;
906 child.dir = work_tree;
907 child.no_stdin = 1;
908 child.stdout_to_stderr = 1;
909 child.git_cmd = 1;
910 if (run_command(&child))
911 return "Working directory has unstaged changes";
912
913 /* diff-index with either HEAD or an empty tree */
914 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
915
916 child_process_init(&child);
917 child.argv = diff_index;
918 child.env = env->argv;
919 child.no_stdin = 1;
920 child.no_stdout = 1;
921 child.stdout_to_stderr = 0;
922 child.git_cmd = 1;
923 if (run_command(&child))
924 return "Working directory has staged changes";
925
926 read_tree[3] = sha1_to_hex(sha1);
927 child_process_init(&child);
928 child.argv = read_tree;
929 child.env = env->argv;
930 child.dir = work_tree;
931 child.no_stdin = 1;
932 child.no_stdout = 1;
933 child.stdout_to_stderr = 0;
934 child.git_cmd = 1;
935 if (run_command(&child))
936 return "Could not update working tree to new HEAD";
937
938 return NULL;
939 }
940
941 static const char *push_to_checkout_hook = "push-to-checkout";
942
943 static const char *push_to_checkout(unsigned char *sha1,
944 struct argv_array *env,
945 const char *work_tree)
946 {
947 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
948 if (run_hook_le(env->argv, push_to_checkout_hook,
949 sha1_to_hex(sha1), NULL))
950 return "push-to-checkout hook declined";
951 else
952 return NULL;
953 }
954
955 static const char *update_worktree(unsigned char *sha1)
956 {
957 const char *retval;
958 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
959 struct argv_array env = ARGV_ARRAY_INIT;
960
961 if (is_bare_repository())
962 return "denyCurrentBranch = updateInstead needs a worktree";
963
964 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
965
966 if (!find_hook(push_to_checkout_hook))
967 retval = push_to_deploy(sha1, &env, work_tree);
968 else
969 retval = push_to_checkout(sha1, &env, work_tree);
970
971 argv_array_clear(&env);
972 return retval;
973 }
974
975 static const char *update(struct command *cmd, struct shallow_info *si)
976 {
977 const char *name = cmd->ref_name;
978 struct strbuf namespaced_name_buf = STRBUF_INIT;
979 const char *namespaced_name, *ret;
980 unsigned char *old_sha1 = cmd->old_sha1;
981 unsigned char *new_sha1 = cmd->new_sha1;
982
983 /* only refs/... are allowed */
984 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
985 rp_error("refusing to create funny ref '%s' remotely", name);
986 return "funny refname";
987 }
988
989 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
990 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
991
992 if (is_ref_checked_out(namespaced_name)) {
993 switch (deny_current_branch) {
994 case DENY_IGNORE:
995 break;
996 case DENY_WARN:
997 rp_warning("updating the current branch");
998 break;
999 case DENY_REFUSE:
1000 case DENY_UNCONFIGURED:
1001 rp_error("refusing to update checked out branch: %s", name);
1002 if (deny_current_branch == DENY_UNCONFIGURED)
1003 refuse_unconfigured_deny();
1004 return "branch is currently checked out";
1005 case DENY_UPDATE_INSTEAD:
1006 ret = update_worktree(new_sha1);
1007 if (ret)
1008 return ret;
1009 break;
1010 }
1011 }
1012
1013 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1014 error("unpack should have generated %s, "
1015 "but I can't find it!", sha1_to_hex(new_sha1));
1016 return "bad pack";
1017 }
1018
1019 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1020 if (deny_deletes && starts_with(name, "refs/heads/")) {
1021 rp_error("denying ref deletion for %s", name);
1022 return "deletion prohibited";
1023 }
1024
1025 if (head_name && !strcmp(namespaced_name, head_name)) {
1026 switch (deny_delete_current) {
1027 case DENY_IGNORE:
1028 break;
1029 case DENY_WARN:
1030 rp_warning("deleting the current branch");
1031 break;
1032 case DENY_REFUSE:
1033 case DENY_UNCONFIGURED:
1034 case DENY_UPDATE_INSTEAD:
1035 if (deny_delete_current == DENY_UNCONFIGURED)
1036 refuse_unconfigured_deny_delete_current();
1037 rp_error("refusing to delete the current branch: %s", name);
1038 return "deletion of the current branch prohibited";
1039 default:
1040 return "Invalid denyDeleteCurrent setting";
1041 }
1042 }
1043 }
1044
1045 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1046 !is_null_sha1(old_sha1) &&
1047 starts_with(name, "refs/heads/")) {
1048 struct object *old_object, *new_object;
1049 struct commit *old_commit, *new_commit;
1050
1051 old_object = parse_object(old_sha1);
1052 new_object = parse_object(new_sha1);
1053
1054 if (!old_object || !new_object ||
1055 old_object->type != OBJ_COMMIT ||
1056 new_object->type != OBJ_COMMIT) {
1057 error("bad sha1 objects for %s", name);
1058 return "bad ref";
1059 }
1060 old_commit = (struct commit *)old_object;
1061 new_commit = (struct commit *)new_object;
1062 if (!in_merge_bases(old_commit, new_commit)) {
1063 rp_error("denying non-fast-forward %s"
1064 " (you should pull first)", name);
1065 return "non-fast-forward";
1066 }
1067 }
1068 if (run_update_hook(cmd)) {
1069 rp_error("hook declined to update %s", name);
1070 return "hook declined";
1071 }
1072
1073 if (is_null_sha1(new_sha1)) {
1074 struct strbuf err = STRBUF_INIT;
1075 if (!parse_object(old_sha1)) {
1076 old_sha1 = NULL;
1077 if (ref_exists(name)) {
1078 rp_warning("Allowing deletion of corrupt ref.");
1079 } else {
1080 rp_warning("Deleting a non-existent ref.");
1081 cmd->did_not_exist = 1;
1082 }
1083 }
1084 if (ref_transaction_delete(transaction,
1085 namespaced_name,
1086 old_sha1,
1087 0, "push", &err)) {
1088 rp_error("%s", err.buf);
1089 strbuf_release(&err);
1090 return "failed to delete";
1091 }
1092 strbuf_release(&err);
1093 return NULL; /* good */
1094 }
1095 else {
1096 struct strbuf err = STRBUF_INIT;
1097 if (shallow_update && si->shallow_ref[cmd->index] &&
1098 update_shallow_ref(cmd, si))
1099 return "shallow error";
1100
1101 if (ref_transaction_update(transaction,
1102 namespaced_name,
1103 new_sha1, old_sha1,
1104 0, "push",
1105 &err)) {
1106 rp_error("%s", err.buf);
1107 strbuf_release(&err);
1108
1109 return "failed to update ref";
1110 }
1111 strbuf_release(&err);
1112
1113 return NULL; /* good */
1114 }
1115 }
1116
1117 static void run_update_post_hook(struct command *commands)
1118 {
1119 struct command *cmd;
1120 int argc;
1121 struct child_process proc = CHILD_PROCESS_INIT;
1122 const char *hook;
1123
1124 hook = find_hook("post-update");
1125 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1126 if (cmd->error_string || cmd->did_not_exist)
1127 continue;
1128 argc++;
1129 }
1130 if (!argc || !hook)
1131 return;
1132
1133 argv_array_push(&proc.args, hook);
1134 for (cmd = commands; cmd; cmd = cmd->next) {
1135 if (cmd->error_string || cmd->did_not_exist)
1136 continue;
1137 argv_array_push(&proc.args, cmd->ref_name);
1138 }
1139
1140 proc.no_stdin = 1;
1141 proc.stdout_to_stderr = 1;
1142 proc.err = use_sideband ? -1 : 0;
1143
1144 if (!start_command(&proc)) {
1145 if (use_sideband)
1146 copy_to_sideband(proc.err, -1, NULL);
1147 finish_command(&proc);
1148 }
1149 }
1150
1151 static void check_aliased_update(struct command *cmd, struct string_list *list)
1152 {
1153 struct strbuf buf = STRBUF_INIT;
1154 const char *dst_name;
1155 struct string_list_item *item;
1156 struct command *dst_cmd;
1157 unsigned char sha1[GIT_SHA1_RAWSZ];
1158 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1159 cmd_newh[GIT_SHA1_HEXSZ + 1],
1160 dst_oldh[GIT_SHA1_HEXSZ + 1],
1161 dst_newh[GIT_SHA1_HEXSZ + 1];
1162 int flag;
1163
1164 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1165 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1166 strbuf_release(&buf);
1167
1168 if (!(flag & REF_ISSYMREF))
1169 return;
1170
1171 if (!dst_name) {
1172 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1173 cmd->skip_update = 1;
1174 cmd->error_string = "broken symref";
1175 return;
1176 }
1177 dst_name = strip_namespace(dst_name);
1178
1179 if ((item = string_list_lookup(list, dst_name)) == NULL)
1180 return;
1181
1182 cmd->skip_update = 1;
1183
1184 dst_cmd = (struct command *) item->util;
1185
1186 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1187 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1188 return;
1189
1190 dst_cmd->skip_update = 1;
1191
1192 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1193 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1194 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1195 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1196 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1197 " its target '%s' (%s..%s)",
1198 cmd->ref_name, cmd_oldh, cmd_newh,
1199 dst_cmd->ref_name, dst_oldh, dst_newh);
1200
1201 cmd->error_string = dst_cmd->error_string =
1202 "inconsistent aliased update";
1203 }
1204
1205 static void check_aliased_updates(struct command *commands)
1206 {
1207 struct command *cmd;
1208 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1209
1210 for (cmd = commands; cmd; cmd = cmd->next) {
1211 struct string_list_item *item =
1212 string_list_append(&ref_list, cmd->ref_name);
1213 item->util = (void *)cmd;
1214 }
1215 string_list_sort(&ref_list);
1216
1217 for (cmd = commands; cmd; cmd = cmd->next) {
1218 if (!cmd->error_string)
1219 check_aliased_update(cmd, &ref_list);
1220 }
1221
1222 string_list_clear(&ref_list, 0);
1223 }
1224
1225 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1226 {
1227 struct command **cmd_list = cb_data;
1228 struct command *cmd = *cmd_list;
1229
1230 if (!cmd || is_null_sha1(cmd->new_sha1))
1231 return -1; /* end of list */
1232 *cmd_list = NULL; /* this returns only one */
1233 hashcpy(sha1, cmd->new_sha1);
1234 return 0;
1235 }
1236
1237 static void set_connectivity_errors(struct command *commands,
1238 struct shallow_info *si)
1239 {
1240 struct command *cmd;
1241
1242 for (cmd = commands; cmd; cmd = cmd->next) {
1243 struct command *singleton = cmd;
1244 if (shallow_update && si->shallow_ref[cmd->index])
1245 /* to be checked in update_shallow_ref() */
1246 continue;
1247 if (!check_connected(command_singleton_iterator, &singleton,
1248 NULL))
1249 continue;
1250 cmd->error_string = "missing necessary objects";
1251 }
1252 }
1253
1254 struct iterate_data {
1255 struct command *cmds;
1256 struct shallow_info *si;
1257 };
1258
1259 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1260 {
1261 struct iterate_data *data = cb_data;
1262 struct command **cmd_list = &data->cmds;
1263 struct command *cmd = *cmd_list;
1264
1265 for (; cmd; cmd = cmd->next) {
1266 if (shallow_update && data->si->shallow_ref[cmd->index])
1267 /* to be checked in update_shallow_ref() */
1268 continue;
1269 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1270 hashcpy(sha1, cmd->new_sha1);
1271 *cmd_list = cmd->next;
1272 return 0;
1273 }
1274 }
1275 *cmd_list = NULL;
1276 return -1; /* end of list */
1277 }
1278
1279 static void reject_updates_to_hidden(struct command *commands)
1280 {
1281 struct strbuf refname_full = STRBUF_INIT;
1282 size_t prefix_len;
1283 struct command *cmd;
1284
1285 strbuf_addstr(&refname_full, get_git_namespace());
1286 prefix_len = refname_full.len;
1287
1288 for (cmd = commands; cmd; cmd = cmd->next) {
1289 if (cmd->error_string)
1290 continue;
1291
1292 strbuf_setlen(&refname_full, prefix_len);
1293 strbuf_addstr(&refname_full, cmd->ref_name);
1294
1295 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1296 continue;
1297 if (is_null_sha1(cmd->new_sha1))
1298 cmd->error_string = "deny deleting a hidden ref";
1299 else
1300 cmd->error_string = "deny updating a hidden ref";
1301 }
1302
1303 strbuf_release(&refname_full);
1304 }
1305
1306 static int should_process_cmd(struct command *cmd)
1307 {
1308 return !cmd->error_string && !cmd->skip_update;
1309 }
1310
1311 static void warn_if_skipped_connectivity_check(struct command *commands,
1312 struct shallow_info *si)
1313 {
1314 struct command *cmd;
1315 int checked_connectivity = 1;
1316
1317 for (cmd = commands; cmd; cmd = cmd->next) {
1318 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1319 error("BUG: connectivity check has not been run on ref %s",
1320 cmd->ref_name);
1321 checked_connectivity = 0;
1322 }
1323 }
1324 if (!checked_connectivity)
1325 die("BUG: connectivity check skipped???");
1326 }
1327
1328 static void execute_commands_non_atomic(struct command *commands,
1329 struct shallow_info *si)
1330 {
1331 struct command *cmd;
1332 struct strbuf err = STRBUF_INIT;
1333
1334 for (cmd = commands; cmd; cmd = cmd->next) {
1335 if (!should_process_cmd(cmd))
1336 continue;
1337
1338 transaction = ref_transaction_begin(&err);
1339 if (!transaction) {
1340 rp_error("%s", err.buf);
1341 strbuf_reset(&err);
1342 cmd->error_string = "transaction failed to start";
1343 continue;
1344 }
1345
1346 cmd->error_string = update(cmd, si);
1347
1348 if (!cmd->error_string
1349 && ref_transaction_commit(transaction, &err)) {
1350 rp_error("%s", err.buf);
1351 strbuf_reset(&err);
1352 cmd->error_string = "failed to update ref";
1353 }
1354 ref_transaction_free(transaction);
1355 }
1356 strbuf_release(&err);
1357 }
1358
1359 static void execute_commands_atomic(struct command *commands,
1360 struct shallow_info *si)
1361 {
1362 struct command *cmd;
1363 struct strbuf err = STRBUF_INIT;
1364 const char *reported_error = "atomic push failure";
1365
1366 transaction = ref_transaction_begin(&err);
1367 if (!transaction) {
1368 rp_error("%s", err.buf);
1369 strbuf_reset(&err);
1370 reported_error = "transaction failed to start";
1371 goto failure;
1372 }
1373
1374 for (cmd = commands; cmd; cmd = cmd->next) {
1375 if (!should_process_cmd(cmd))
1376 continue;
1377
1378 cmd->error_string = update(cmd, si);
1379
1380 if (cmd->error_string)
1381 goto failure;
1382 }
1383
1384 if (ref_transaction_commit(transaction, &err)) {
1385 rp_error("%s", err.buf);
1386 reported_error = "atomic transaction failed";
1387 goto failure;
1388 }
1389 goto cleanup;
1390
1391 failure:
1392 for (cmd = commands; cmd; cmd = cmd->next)
1393 if (!cmd->error_string)
1394 cmd->error_string = reported_error;
1395
1396 cleanup:
1397 ref_transaction_free(transaction);
1398 strbuf_release(&err);
1399 }
1400
1401 static void execute_commands(struct command *commands,
1402 const char *unpacker_error,
1403 struct shallow_info *si,
1404 const struct string_list *push_options)
1405 {
1406 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1407 struct command *cmd;
1408 unsigned char sha1[20];
1409 struct iterate_data data;
1410 struct async muxer;
1411 int err_fd = 0;
1412
1413 if (unpacker_error) {
1414 for (cmd = commands; cmd; cmd = cmd->next)
1415 cmd->error_string = "unpacker error";
1416 return;
1417 }
1418
1419 if (use_sideband) {
1420 memset(&muxer, 0, sizeof(muxer));
1421 muxer.proc = copy_to_sideband;
1422 muxer.in = -1;
1423 if (!start_async(&muxer))
1424 err_fd = muxer.in;
1425 /* ...else, continue without relaying sideband */
1426 }
1427
1428 data.cmds = commands;
1429 data.si = si;
1430 opt.err_fd = err_fd;
1431 opt.progress = err_fd && !quiet;
1432 if (check_connected(iterate_receive_command_list, &data, &opt))
1433 set_connectivity_errors(commands, si);
1434
1435 if (use_sideband)
1436 finish_async(&muxer);
1437
1438 reject_updates_to_hidden(commands);
1439
1440 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1441 for (cmd = commands; cmd; cmd = cmd->next) {
1442 if (!cmd->error_string)
1443 cmd->error_string = "pre-receive hook declined";
1444 }
1445 return;
1446 }
1447
1448 check_aliased_updates(commands);
1449
1450 free(head_name_to_free);
1451 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1452
1453 if (use_atomic)
1454 execute_commands_atomic(commands, si);
1455 else
1456 execute_commands_non_atomic(commands, si);
1457
1458 if (shallow_update)
1459 warn_if_skipped_connectivity_check(commands, si);
1460 }
1461
1462 static struct command **queue_command(struct command **tail,
1463 const char *line,
1464 int linelen)
1465 {
1466 unsigned char old_sha1[20], new_sha1[20];
1467 struct command *cmd;
1468 const char *refname;
1469 int reflen;
1470
1471 if (linelen < 83 ||
1472 line[40] != ' ' ||
1473 line[81] != ' ' ||
1474 get_sha1_hex(line, old_sha1) ||
1475 get_sha1_hex(line + 41, new_sha1))
1476 die("protocol error: expected old/new/ref, got '%s'", line);
1477
1478 refname = line + 82;
1479 reflen = linelen - 82;
1480 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1481 hashcpy(cmd->old_sha1, old_sha1);
1482 hashcpy(cmd->new_sha1, new_sha1);
1483 *tail = cmd;
1484 return &cmd->next;
1485 }
1486
1487 static void queue_commands_from_cert(struct command **tail,
1488 struct strbuf *push_cert)
1489 {
1490 const char *boc, *eoc;
1491
1492 if (*tail)
1493 die("protocol error: got both push certificate and unsigned commands");
1494
1495 boc = strstr(push_cert->buf, "\n\n");
1496 if (!boc)
1497 die("malformed push certificate %.*s", 100, push_cert->buf);
1498 else
1499 boc += 2;
1500 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1501
1502 while (boc < eoc) {
1503 const char *eol = memchr(boc, '\n', eoc - boc);
1504 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1505 boc = eol ? eol + 1 : eoc;
1506 }
1507 }
1508
1509 static struct command *read_head_info(struct sha1_array *shallow)
1510 {
1511 struct command *commands = NULL;
1512 struct command **p = &commands;
1513 for (;;) {
1514 char *line;
1515 int len, linelen;
1516
1517 line = packet_read_line(0, &len);
1518 if (!line)
1519 break;
1520
1521 if (len == 48 && starts_with(line, "shallow ")) {
1522 unsigned char sha1[20];
1523 if (get_sha1_hex(line + 8, sha1))
1524 die("protocol error: expected shallow sha, got '%s'",
1525 line + 8);
1526 sha1_array_append(shallow, sha1);
1527 continue;
1528 }
1529
1530 linelen = strlen(line);
1531 if (linelen < len) {
1532 const char *feature_list = line + linelen + 1;
1533 if (parse_feature_request(feature_list, "report-status"))
1534 report_status = 1;
1535 if (parse_feature_request(feature_list, "side-band-64k"))
1536 use_sideband = LARGE_PACKET_MAX;
1537 if (parse_feature_request(feature_list, "quiet"))
1538 quiet = 1;
1539 if (advertise_atomic_push
1540 && parse_feature_request(feature_list, "atomic"))
1541 use_atomic = 1;
1542 if (advertise_push_options
1543 && parse_feature_request(feature_list, "push-options"))
1544 use_push_options = 1;
1545 }
1546
1547 if (!strcmp(line, "push-cert")) {
1548 int true_flush = 0;
1549 char certbuf[1024];
1550
1551 for (;;) {
1552 len = packet_read(0, NULL, NULL,
1553 certbuf, sizeof(certbuf), 0);
1554 if (!len) {
1555 true_flush = 1;
1556 break;
1557 }
1558 if (!strcmp(certbuf, "push-cert-end\n"))
1559 break; /* end of cert */
1560 strbuf_addstr(&push_cert, certbuf);
1561 }
1562
1563 if (true_flush)
1564 break;
1565 continue;
1566 }
1567
1568 p = queue_command(p, line, linelen);
1569 }
1570
1571 if (push_cert.len)
1572 queue_commands_from_cert(p, &push_cert);
1573
1574 return commands;
1575 }
1576
1577 static void read_push_options(struct string_list *options)
1578 {
1579 while (1) {
1580 char *line;
1581 int len;
1582
1583 line = packet_read_line(0, &len);
1584
1585 if (!line)
1586 break;
1587
1588 string_list_append(options, line);
1589 }
1590 }
1591
1592 static const char *parse_pack_header(struct pack_header *hdr)
1593 {
1594 switch (read_pack_header(0, hdr)) {
1595 case PH_ERROR_EOF:
1596 return "eof before pack header was fully read";
1597
1598 case PH_ERROR_PACK_SIGNATURE:
1599 return "protocol error (pack signature mismatch detected)";
1600
1601 case PH_ERROR_PROTOCOL:
1602 return "protocol error (pack version unsupported)";
1603
1604 default:
1605 return "unknown error in parse_pack_header";
1606
1607 case 0:
1608 return NULL;
1609 }
1610 }
1611
1612 static const char *pack_lockfile;
1613
1614 static const char *unpack(int err_fd, struct shallow_info *si)
1615 {
1616 struct pack_header hdr;
1617 const char *hdr_err;
1618 int status;
1619 char hdr_arg[38];
1620 struct child_process child = CHILD_PROCESS_INIT;
1621 int fsck_objects = (receive_fsck_objects >= 0
1622 ? receive_fsck_objects
1623 : transfer_fsck_objects >= 0
1624 ? transfer_fsck_objects
1625 : 0);
1626
1627 hdr_err = parse_pack_header(&hdr);
1628 if (hdr_err) {
1629 if (err_fd > 0)
1630 close(err_fd);
1631 return hdr_err;
1632 }
1633 snprintf(hdr_arg, sizeof(hdr_arg),
1634 "--pack_header=%"PRIu32",%"PRIu32,
1635 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1636
1637 if (si->nr_ours || si->nr_theirs) {
1638 alt_shallow_file = setup_temporary_shallow(si->shallow);
1639 argv_array_push(&child.args, "--shallow-file");
1640 argv_array_push(&child.args, alt_shallow_file);
1641 }
1642
1643 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1644 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1645 if (quiet)
1646 argv_array_push(&child.args, "-q");
1647 if (fsck_objects)
1648 argv_array_pushf(&child.args, "--strict%s",
1649 fsck_msg_types.buf);
1650 if (max_input_size)
1651 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1652 (uintmax_t)max_input_size);
1653 child.no_stdout = 1;
1654 child.err = err_fd;
1655 child.git_cmd = 1;
1656 status = run_command(&child);
1657 if (status)
1658 return "unpack-objects abnormal exit";
1659 } else {
1660 char hostname[256];
1661
1662 argv_array_pushl(&child.args, "index-pack",
1663 "--stdin", hdr_arg, NULL);
1664
1665 if (gethostname(hostname, sizeof(hostname)))
1666 xsnprintf(hostname, sizeof(hostname), "localhost");
1667 argv_array_pushf(&child.args,
1668 "--keep=receive-pack %"PRIuMAX" on %s",
1669 (uintmax_t)getpid(),
1670 hostname);
1671
1672 if (!quiet && err_fd)
1673 argv_array_push(&child.args, "--show-resolving-progress");
1674 if (use_sideband)
1675 argv_array_push(&child.args, "--report-end-of-input");
1676 if (fsck_objects)
1677 argv_array_pushf(&child.args, "--strict%s",
1678 fsck_msg_types.buf);
1679 if (!reject_thin)
1680 argv_array_push(&child.args, "--fix-thin");
1681 if (max_input_size)
1682 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1683 (uintmax_t)max_input_size);
1684 child.out = -1;
1685 child.err = err_fd;
1686 child.git_cmd = 1;
1687 status = start_command(&child);
1688 if (status)
1689 return "index-pack fork failed";
1690 pack_lockfile = index_pack_lockfile(child.out);
1691 close(child.out);
1692 status = finish_command(&child);
1693 if (status)
1694 return "index-pack abnormal exit";
1695 reprepare_packed_git();
1696 }
1697 return NULL;
1698 }
1699
1700 static const char *unpack_with_sideband(struct shallow_info *si)
1701 {
1702 struct async muxer;
1703 const char *ret;
1704
1705 if (!use_sideband)
1706 return unpack(0, si);
1707
1708 use_keepalive = KEEPALIVE_AFTER_NUL;
1709 memset(&muxer, 0, sizeof(muxer));
1710 muxer.proc = copy_to_sideband;
1711 muxer.in = -1;
1712 if (start_async(&muxer))
1713 return NULL;
1714
1715 ret = unpack(muxer.in, si);
1716
1717 finish_async(&muxer);
1718 return ret;
1719 }
1720
1721 static void prepare_shallow_update(struct command *commands,
1722 struct shallow_info *si)
1723 {
1724 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1725
1726 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1727 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1728
1729 si->need_reachability_test =
1730 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1731 si->reachable =
1732 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1733 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1734
1735 for (i = 0; i < si->nr_ours; i++)
1736 si->need_reachability_test[si->ours[i]] = 1;
1737
1738 for (i = 0; i < si->shallow->nr; i++) {
1739 if (!si->used_shallow[i])
1740 continue;
1741 for (j = 0; j < bitmap_size; j++) {
1742 if (!si->used_shallow[i][j])
1743 continue;
1744 si->need_reachability_test[i]++;
1745 for (k = 0; k < 32; k++)
1746 if (si->used_shallow[i][j] & (1U << k))
1747 si->shallow_ref[j * 32 + k]++;
1748 }
1749
1750 /*
1751 * true for those associated with some refs and belong
1752 * in "ours" list aka "step 7 not done yet"
1753 */
1754 si->need_reachability_test[i] =
1755 si->need_reachability_test[i] > 1;
1756 }
1757
1758 /*
1759 * keep hooks happy by forcing a temporary shallow file via
1760 * env variable because we can't add --shallow-file to every
1761 * command. check_everything_connected() will be done with
1762 * true .git/shallow though.
1763 */
1764 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1765 }
1766
1767 static void update_shallow_info(struct command *commands,
1768 struct shallow_info *si,
1769 struct sha1_array *ref)
1770 {
1771 struct command *cmd;
1772 int *ref_status;
1773 remove_nonexistent_theirs_shallow(si);
1774 if (!si->nr_ours && !si->nr_theirs) {
1775 shallow_update = 0;
1776 return;
1777 }
1778
1779 for (cmd = commands; cmd; cmd = cmd->next) {
1780 if (is_null_sha1(cmd->new_sha1))
1781 continue;
1782 sha1_array_append(ref, cmd->new_sha1);
1783 cmd->index = ref->nr - 1;
1784 }
1785 si->ref = ref;
1786
1787 if (shallow_update) {
1788 prepare_shallow_update(commands, si);
1789 return;
1790 }
1791
1792 ALLOC_ARRAY(ref_status, ref->nr);
1793 assign_shallow_commits_to_refs(si, NULL, ref_status);
1794 for (cmd = commands; cmd; cmd = cmd->next) {
1795 if (is_null_sha1(cmd->new_sha1))
1796 continue;
1797 if (ref_status[cmd->index]) {
1798 cmd->error_string = "shallow update not allowed";
1799 cmd->skip_update = 1;
1800 }
1801 }
1802 free(ref_status);
1803 }
1804
1805 static void report(struct command *commands, const char *unpack_status)
1806 {
1807 struct command *cmd;
1808 struct strbuf buf = STRBUF_INIT;
1809
1810 packet_buf_write(&buf, "unpack %s\n",
1811 unpack_status ? unpack_status : "ok");
1812 for (cmd = commands; cmd; cmd = cmd->next) {
1813 if (!cmd->error_string)
1814 packet_buf_write(&buf, "ok %s\n",
1815 cmd->ref_name);
1816 else
1817 packet_buf_write(&buf, "ng %s %s\n",
1818 cmd->ref_name, cmd->error_string);
1819 }
1820 packet_buf_flush(&buf);
1821
1822 if (use_sideband)
1823 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1824 else
1825 write_or_die(1, buf.buf, buf.len);
1826 strbuf_release(&buf);
1827 }
1828
1829 static int delete_only(struct command *commands)
1830 {
1831 struct command *cmd;
1832 for (cmd = commands; cmd; cmd = cmd->next) {
1833 if (!is_null_sha1(cmd->new_sha1))
1834 return 0;
1835 }
1836 return 1;
1837 }
1838
1839 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1840 {
1841 int advertise_refs = 0;
1842 struct command *commands;
1843 struct sha1_array shallow = SHA1_ARRAY_INIT;
1844 struct sha1_array ref = SHA1_ARRAY_INIT;
1845 struct shallow_info si;
1846
1847 struct option options[] = {
1848 OPT__QUIET(&quiet, N_("quiet")),
1849 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1850 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1851 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1852 OPT_END()
1853 };
1854
1855 packet_trace_identity("receive-pack");
1856
1857 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1858
1859 if (argc > 1)
1860 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1861 if (argc == 0)
1862 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1863
1864 service_dir = argv[0];
1865
1866 setup_path();
1867
1868 if (!enter_repo(service_dir, 0))
1869 die("'%s' does not appear to be a git repository", service_dir);
1870
1871 git_config(receive_pack_config, NULL);
1872 if (cert_nonce_seed)
1873 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1874
1875 if (0 <= transfer_unpack_limit)
1876 unpack_limit = transfer_unpack_limit;
1877 else if (0 <= receive_unpack_limit)
1878 unpack_limit = receive_unpack_limit;
1879
1880 if (advertise_refs || !stateless_rpc) {
1881 write_head_info();
1882 }
1883 if (advertise_refs)
1884 return 0;
1885
1886 if ((commands = read_head_info(&shallow)) != NULL) {
1887 const char *unpack_status = NULL;
1888 struct string_list push_options = STRING_LIST_INIT_DUP;
1889
1890 if (use_push_options)
1891 read_push_options(&push_options);
1892
1893 prepare_shallow_info(&si, &shallow);
1894 if (!si.nr_ours && !si.nr_theirs)
1895 shallow_update = 0;
1896 if (!delete_only(commands)) {
1897 unpack_status = unpack_with_sideband(&si);
1898 update_shallow_info(commands, &si, &ref);
1899 }
1900 use_keepalive = KEEPALIVE_ALWAYS;
1901 execute_commands(commands, unpack_status, &si,
1902 &push_options);
1903 if (pack_lockfile)
1904 unlink_or_warn(pack_lockfile);
1905 if (report_status)
1906 report(commands, unpack_status);
1907 run_receive_hook(commands, "post-receive", 1,
1908 &push_options);
1909 run_update_post_hook(commands);
1910 if (push_options.nr)
1911 string_list_clear(&push_options, 0);
1912 if (auto_gc) {
1913 const char *argv_gc_auto[] = {
1914 "gc", "--auto", "--quiet", NULL,
1915 };
1916 struct child_process proc = CHILD_PROCESS_INIT;
1917
1918 proc.no_stdin = 1;
1919 proc.stdout_to_stderr = 1;
1920 proc.err = use_sideband ? -1 : 0;
1921 proc.git_cmd = 1;
1922 proc.argv = argv_gc_auto;
1923
1924 close_all_packs();
1925 if (!start_command(&proc)) {
1926 if (use_sideband)
1927 copy_to_sideband(proc.err, -1, NULL);
1928 finish_command(&proc);
1929 }
1930 }
1931 if (auto_update_server_info)
1932 update_server_info(0);
1933 clear_shallow_info(&si);
1934 }
1935 if (use_sideband)
1936 packet_flush(1);
1937 sha1_array_clear(&shallow);
1938 sha1_array_clear(&ref);
1939 free((void *)push_cert_nonce);
1940 return 0;
1941 }
Eric Wong's git-svn branch