7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage
[] = "git receive-pack <git-dir>";
32 static int deny_deletes
;
33 static int deny_non_fast_forwards
;
34 static enum deny_action deny_current_branch
= DENY_UNCONFIGURED
;
35 static enum deny_action deny_delete_current
= DENY_UNCONFIGURED
;
36 static int receive_fsck_objects
= -1;
37 static int transfer_fsck_objects
= -1;
38 static int receive_unpack_limit
= -1;
39 static int transfer_unpack_limit
= -1;
40 static int unpack_limit
= 100;
41 static int report_status
;
42 static int use_sideband
;
44 static int prefer_ofs_delta
= 1;
45 static int auto_update_server_info
;
46 static int auto_gc
= 1;
47 static int fix_thin
= 1;
48 static int stateless_rpc
;
49 static const char *service_dir
;
50 static const char *head_name
;
51 static void *head_name_to_free
;
52 static int sent_capabilities
;
53 static int shallow_update
;
54 static const char *alt_shallow_file
;
55 static struct strbuf push_cert
= STRBUF_INIT
;
56 static unsigned char push_cert_sha1
[20];
57 static struct signature_check sigcheck
;
58 static const char *push_cert_nonce
;
59 static const char *cert_nonce_seed
;
61 static const char *NONCE_UNSOLICITED
= "UNSOLICITED";
62 static const char *NONCE_BAD
= "BAD";
63 static const char *NONCE_MISSING
= "MISSING";
64 static const char *NONCE_OK
= "OK";
65 static const char *NONCE_SLOP
= "SLOP";
66 static const char *nonce_status
;
67 static long nonce_stamp_slop
;
68 static unsigned long nonce_stamp_slop_limit
;
70 static enum deny_action
parse_deny_action(const char *var
, const char *value
)
73 if (!strcasecmp(value
, "ignore"))
75 if (!strcasecmp(value
, "warn"))
77 if (!strcasecmp(value
, "refuse"))
80 if (git_config_bool(var
, value
))
85 static int receive_pack_config(const char *var
, const char *value
, void *cb
)
87 int status
= parse_hide_refs_config(var
, value
, "receive");
92 if (strcmp(var
, "receive.denydeletes") == 0) {
93 deny_deletes
= git_config_bool(var
, value
);
97 if (strcmp(var
, "receive.denynonfastforwards") == 0) {
98 deny_non_fast_forwards
= git_config_bool(var
, value
);
102 if (strcmp(var
, "receive.unpacklimit") == 0) {
103 receive_unpack_limit
= git_config_int(var
, value
);
107 if (strcmp(var
, "transfer.unpacklimit") == 0) {
108 transfer_unpack_limit
= git_config_int(var
, value
);
112 if (strcmp(var
, "receive.fsckobjects") == 0) {
113 receive_fsck_objects
= git_config_bool(var
, value
);
117 if (strcmp(var
, "transfer.fsckobjects") == 0) {
118 transfer_fsck_objects
= git_config_bool(var
, value
);
122 if (!strcmp(var
, "receive.denycurrentbranch")) {
123 deny_current_branch
= parse_deny_action(var
, value
);
127 if (strcmp(var
, "receive.denydeletecurrent") == 0) {
128 deny_delete_current
= parse_deny_action(var
, value
);
132 if (strcmp(var
, "repack.usedeltabaseoffset") == 0) {
133 prefer_ofs_delta
= git_config_bool(var
, value
);
137 if (strcmp(var
, "receive.updateserverinfo") == 0) {
138 auto_update_server_info
= git_config_bool(var
, value
);
142 if (strcmp(var
, "receive.autogc") == 0) {
143 auto_gc
= git_config_bool(var
, value
);
147 if (strcmp(var
, "receive.shallowupdate") == 0) {
148 shallow_update
= git_config_bool(var
, value
);
152 if (strcmp(var
, "receive.certnonceseed") == 0)
153 return git_config_string(&cert_nonce_seed
, var
, value
);
155 if (strcmp(var
, "receive.certnonceslop") == 0) {
156 nonce_stamp_slop_limit
= git_config_ulong(var
, value
);
160 return git_default_config(var
, value
, cb
);
163 static void show_ref(const char *path
, const unsigned char *sha1
)
165 if (ref_is_hidden(path
))
168 if (sent_capabilities
) {
169 packet_write(1, "%s %s\n", sha1_to_hex(sha1
), path
);
171 struct strbuf cap
= STRBUF_INIT
;
174 "report-status delete-refs side-band-64k quiet");
175 if (prefer_ofs_delta
)
176 strbuf_addstr(&cap
, " ofs-delta");
178 strbuf_addf(&cap
, " push-cert=%s", push_cert_nonce
);
179 strbuf_addf(&cap
, " agent=%s", git_user_agent_sanitized());
180 packet_write(1, "%s %s%c%s\n",
181 sha1_to_hex(sha1
), path
, 0, cap
.buf
);
182 strbuf_release(&cap
);
183 sent_capabilities
= 1;
187 static int show_ref_cb(const char *path
, const unsigned char *sha1
, int flag
, void *unused
)
189 path
= strip_namespace(path
);
191 * Advertise refs outside our current namespace as ".have"
192 * refs, so that the client can use them to minimize data
193 * transfer but will otherwise ignore them. This happens to
194 * cover ".have" that are thrown in by add_one_alternate_ref()
195 * to mark histories that are complete in our alternates as
200 show_ref(path
, sha1
);
204 static void show_one_alternate_sha1(const unsigned char sha1
[20], void *unused
)
206 show_ref(".have", sha1
);
209 static void collect_one_alternate_ref(const struct ref
*ref
, void *data
)
211 struct sha1_array
*sa
= data
;
212 sha1_array_append(sa
, ref
->old_sha1
);
215 static void write_head_info(void)
217 struct sha1_array sa
= SHA1_ARRAY_INIT
;
218 for_each_alternate_ref(collect_one_alternate_ref
, &sa
);
219 sha1_array_for_each_unique(&sa
, show_one_alternate_sha1
, NULL
);
220 sha1_array_clear(&sa
);
221 for_each_ref(show_ref_cb
, NULL
);
222 if (!sent_capabilities
)
223 show_ref("capabilities^{}", null_sha1
);
225 advertise_shallow_grafts(1);
232 struct command
*next
;
233 const char *error_string
;
234 unsigned int skip_update
:1,
237 unsigned char old_sha1
[20];
238 unsigned char new_sha1
[20];
239 char ref_name
[FLEX_ARRAY
]; /* more */
242 static void rp_error(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
243 static void rp_warning(const char *err
, ...) __attribute__((format (printf
, 1, 2)));
245 static void report_message(const char *prefix
, const char *err
, va_list params
)
247 int sz
= strlen(prefix
);
250 strncpy(msg
, prefix
, sz
);
251 sz
+= vsnprintf(msg
+ sz
, sizeof(msg
) - sz
, err
, params
);
252 if (sz
> (sizeof(msg
) - 1))
253 sz
= sizeof(msg
) - 1;
257 send_sideband(1, 2, msg
, sz
, use_sideband
);
262 static void rp_warning(const char *err
, ...)
265 va_start(params
, err
);
266 report_message("warning: ", err
, params
);
270 static void rp_error(const char *err
, ...)
273 va_start(params
, err
);
274 report_message("error: ", err
, params
);
278 static int copy_to_sideband(int in
, int out
, void *arg
)
282 ssize_t sz
= xread(in
, data
, sizeof(data
));
285 send_sideband(1, 2, data
, sz
, use_sideband
);
291 #define HMAC_BLOCK_SIZE 64
293 static void hmac_sha1(unsigned char *out
,
294 const char *key_in
, size_t key_len
,
295 const char *text
, size_t text_len
)
297 unsigned char key
[HMAC_BLOCK_SIZE
];
298 unsigned char k_ipad
[HMAC_BLOCK_SIZE
];
299 unsigned char k_opad
[HMAC_BLOCK_SIZE
];
303 /* RFC 2104 2. (1) */
304 memset(key
, '\0', HMAC_BLOCK_SIZE
);
305 if (HMAC_BLOCK_SIZE
< key_len
) {
307 git_SHA1_Update(&ctx
, key_in
, key_len
);
308 git_SHA1_Final(key
, &ctx
);
310 memcpy(key
, key_in
, key_len
);
313 /* RFC 2104 2. (2) & (5) */
314 for (i
= 0; i
< sizeof(key
); i
++) {
315 k_ipad
[i
] = key
[i
] ^ 0x36;
316 k_opad
[i
] = key
[i
] ^ 0x5c;
319 /* RFC 2104 2. (3) & (4) */
321 git_SHA1_Update(&ctx
, k_ipad
, sizeof(k_ipad
));
322 git_SHA1_Update(&ctx
, text
, text_len
);
323 git_SHA1_Final(out
, &ctx
);
325 /* RFC 2104 2. (6) & (7) */
327 git_SHA1_Update(&ctx
, k_opad
, sizeof(k_opad
));
328 git_SHA1_Update(&ctx
, out
, 20);
329 git_SHA1_Final(out
, &ctx
);
332 static char *prepare_push_cert_nonce(const char *path
, unsigned long stamp
)
334 struct strbuf buf
= STRBUF_INIT
;
335 unsigned char sha1
[20];
337 strbuf_addf(&buf
, "%s:%lu", path
, stamp
);
338 hmac_sha1(sha1
, buf
.buf
, buf
.len
, cert_nonce_seed
, strlen(cert_nonce_seed
));;
339 strbuf_release(&buf
);
341 /* RFC 2104 5. HMAC-SHA1-80 */
342 strbuf_addf(&buf
, "%lu-%.*s", stamp
, 20, sha1_to_hex(sha1
));
343 return strbuf_detach(&buf
, NULL
);
347 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
348 * after dropping "_commit" from its name and possibly moving it out
351 static char *find_header(const char *msg
, size_t len
, const char *key
)
353 int key_len
= strlen(key
);
354 const char *line
= msg
;
356 while (line
&& line
< msg
+ len
) {
357 const char *eol
= strchrnul(line
, '\n');
359 if ((msg
+ len
<= eol
) || line
== eol
)
361 if (line
+ key_len
< eol
&&
362 !memcmp(line
, key
, key_len
) && line
[key_len
] == ' ') {
363 int offset
= key_len
+ 1;
364 return xmemdupz(line
+ offset
, (eol
- line
) - offset
);
366 line
= *eol
? eol
+ 1 : NULL
;
371 static const char *check_nonce(const char *buf
, size_t len
)
373 char *nonce
= find_header(buf
, len
, "nonce");
374 unsigned long stamp
, ostamp
;
375 char *bohmac
, *expect
= NULL
;
376 const char *retval
= NONCE_BAD
;
379 retval
= NONCE_MISSING
;
381 } else if (!push_cert_nonce
) {
382 retval
= NONCE_UNSOLICITED
;
384 } else if (!strcmp(push_cert_nonce
, nonce
)) {
389 if (!stateless_rpc
) {
390 /* returned nonce MUST match what we gave out earlier */
396 * In stateless mode, we may be receiving a nonce issued by
397 * another instance of the server that serving the same
398 * repository, and the timestamps may not match, but the
399 * nonce-seed and dir should match, so we can recompute and
400 * report the time slop.
402 * In addition, when a nonce issued by another instance has
403 * timestamp within receive.certnonceslop seconds, we pretend
404 * as if we issued that nonce when reporting to the hook.
407 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
408 if (*nonce
<= '0' || '9' < *nonce
) {
412 stamp
= strtoul(nonce
, &bohmac
, 10);
413 if (bohmac
== nonce
|| bohmac
[0] != '-') {
418 expect
= prepare_push_cert_nonce(service_dir
, stamp
);
419 if (strcmp(expect
, nonce
)) {
420 /* Not what we would have signed earlier */
426 * By how many seconds is this nonce stale? Negative value
427 * would mean it was issued by another server with its clock
428 * skewed in the future.
430 ostamp
= strtoul(push_cert_nonce
, NULL
, 10);
431 nonce_stamp_slop
= (long)ostamp
- (long)stamp
;
433 if (nonce_stamp_slop_limit
&&
434 abs(nonce_stamp_slop
) <= nonce_stamp_slop_limit
) {
436 * Pretend as if the received nonce (which passes the
437 * HMAC check, so it is not a forged by third-party)
440 free((void *)push_cert_nonce
);
441 push_cert_nonce
= xstrdup(nonce
);
453 static void prepare_push_cert_sha1(struct child_process
*proc
)
455 static int already_done
;
461 struct strbuf gpg_output
= STRBUF_INIT
;
462 struct strbuf gpg_status
= STRBUF_INIT
;
463 int bogs
/* beginning_of_gpg_sig */;
466 if (write_sha1_file(push_cert
.buf
, push_cert
.len
, "blob", push_cert_sha1
))
467 hashclr(push_cert_sha1
);
469 memset(&sigcheck
, '\0', sizeof(sigcheck
));
470 sigcheck
.result
= 'N';
472 bogs
= parse_signature(push_cert
.buf
, push_cert
.len
);
473 if (verify_signed_buffer(push_cert
.buf
, bogs
,
474 push_cert
.buf
+ bogs
, push_cert
.len
- bogs
,
475 &gpg_output
, &gpg_status
) < 0) {
476 ; /* error running gpg */
478 sigcheck
.payload
= push_cert
.buf
;
479 sigcheck
.gpg_output
= gpg_output
.buf
;
480 sigcheck
.gpg_status
= gpg_status
.buf
;
481 parse_gpg_output(&sigcheck
);
484 strbuf_release(&gpg_output
);
485 strbuf_release(&gpg_status
);
486 nonce_status
= check_nonce(push_cert
.buf
, bogs
);
488 if (!is_null_sha1(push_cert_sha1
)) {
489 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT=%s",
490 sha1_to_hex(push_cert_sha1
));
491 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_SIGNER=%s",
492 sigcheck
.signer
? sigcheck
.signer
: "");
493 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_KEY=%s",
494 sigcheck
.key
? sigcheck
.key
: "");
495 argv_array_pushf(&proc
->env_array
, "GIT_PUSH_CERT_STATUS=%c",
497 if (push_cert_nonce
) {
498 argv_array_pushf(&proc
->env_array
,
499 "GIT_PUSH_CERT_NONCE=%s",
501 argv_array_pushf(&proc
->env_array
,
502 "GIT_PUSH_CERT_NONCE_STATUS=%s",
504 if (nonce_status
== NONCE_SLOP
)
505 argv_array_pushf(&proc
->env_array
,
506 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
512 typedef int (*feed_fn
)(void *, const char **, size_t *);
513 static int run_and_feed_hook(const char *hook_name
, feed_fn feed
, void *feed_state
)
515 struct child_process proc
= CHILD_PROCESS_INIT
;
520 argv
[0] = find_hook(hook_name
);
528 proc
.stdout_to_stderr
= 1;
531 memset(&muxer
, 0, sizeof(muxer
));
532 muxer
.proc
= copy_to_sideband
;
534 code
= start_async(&muxer
);
540 prepare_push_cert_sha1(&proc
);
542 code
= start_command(&proc
);
545 finish_async(&muxer
);
549 sigchain_push(SIGPIPE
, SIG_IGN
);
554 if (feed(feed_state
, &buf
, &n
))
556 if (write_in_full(proc
.in
, buf
, n
) != n
)
561 finish_async(&muxer
);
563 sigchain_pop(SIGPIPE
);
565 return finish_command(&proc
);
568 struct receive_hook_feed_state
{
574 static int feed_receive_hook(void *state_
, const char **bufp
, size_t *sizep
)
576 struct receive_hook_feed_state
*state
= state_
;
577 struct command
*cmd
= state
->cmd
;
580 state
->skip_broken
&& (cmd
->error_string
|| cmd
->did_not_exist
))
584 strbuf_reset(&state
->buf
);
585 strbuf_addf(&state
->buf
, "%s %s %s\n",
586 sha1_to_hex(cmd
->old_sha1
), sha1_to_hex(cmd
->new_sha1
),
588 state
->cmd
= cmd
->next
;
590 *bufp
= state
->buf
.buf
;
591 *sizep
= state
->buf
.len
;
596 static int run_receive_hook(struct command
*commands
, const char *hook_name
,
599 struct receive_hook_feed_state state
;
602 strbuf_init(&state
.buf
, 0);
603 state
.cmd
= commands
;
604 state
.skip_broken
= skip_broken
;
605 if (feed_receive_hook(&state
, NULL
, NULL
))
607 state
.cmd
= commands
;
608 status
= run_and_feed_hook(hook_name
, feed_receive_hook
, &state
);
609 strbuf_release(&state
.buf
);
613 static int run_update_hook(struct command
*cmd
)
616 struct child_process proc
= CHILD_PROCESS_INIT
;
619 argv
[0] = find_hook("update");
623 argv
[1] = cmd
->ref_name
;
624 argv
[2] = sha1_to_hex(cmd
->old_sha1
);
625 argv
[3] = sha1_to_hex(cmd
->new_sha1
);
629 proc
.stdout_to_stderr
= 1;
630 proc
.err
= use_sideband
? -1 : 0;
633 code
= start_command(&proc
);
637 copy_to_sideband(proc
.err
, -1, NULL
);
638 return finish_command(&proc
);
641 static int is_ref_checked_out(const char *ref
)
643 if (is_bare_repository())
648 return !strcmp(head_name
, ref
);
651 static char *refuse_unconfigured_deny_msg
[] = {
652 "By default, updating the current branch in a non-bare repository",
653 "is denied, because it will make the index and work tree inconsistent",
654 "with what you pushed, and will require 'git reset --hard' to match",
655 "the work tree to HEAD.",
657 "You can set 'receive.denyCurrentBranch' configuration variable to",
658 "'ignore' or 'warn' in the remote repository to allow pushing into",
659 "its current branch; however, this is not recommended unless you",
660 "arranged to update its work tree to match what you pushed in some",
663 "To squelch this message and still keep the default behaviour, set",
664 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
667 static void refuse_unconfigured_deny(void)
670 for (i
= 0; i
< ARRAY_SIZE(refuse_unconfigured_deny_msg
); i
++)
671 rp_error("%s", refuse_unconfigured_deny_msg
[i
]);
674 static char *refuse_unconfigured_deny_delete_current_msg
[] = {
675 "By default, deleting the current branch is denied, because the next",
676 "'git clone' won't result in any file checked out, causing confusion.",
678 "You can set 'receive.denyDeleteCurrent' configuration variable to",
679 "'warn' or 'ignore' in the remote repository to allow deleting the",
680 "current branch, with or without a warning message.",
682 "To squelch this message, you can set it to 'refuse'."
685 static void refuse_unconfigured_deny_delete_current(void)
689 i
< ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg
);
691 rp_error("%s", refuse_unconfigured_deny_delete_current_msg
[i
]);
694 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20]);
695 static int update_shallow_ref(struct command
*cmd
, struct shallow_info
*si
)
697 static struct lock_file shallow_lock
;
698 struct sha1_array extra
= SHA1_ARRAY_INIT
;
699 const char *alt_file
;
700 uint32_t mask
= 1 << (cmd
->index
% 32);
703 trace_printf_key(&trace_shallow
,
704 "shallow: update_shallow_ref %s\n", cmd
->ref_name
);
705 for (i
= 0; i
< si
->shallow
->nr
; i
++)
706 if (si
->used_shallow
[i
] &&
707 (si
->used_shallow
[i
][cmd
->index
/ 32] & mask
) &&
708 !delayed_reachability_test(si
, i
))
709 sha1_array_append(&extra
, si
->shallow
->sha1
[i
]);
711 setup_alternate_shallow(&shallow_lock
, &alt_file
, &extra
);
712 if (check_shallow_connected(command_singleton_iterator
,
714 rollback_lock_file(&shallow_lock
);
715 sha1_array_clear(&extra
);
719 commit_lock_file(&shallow_lock
);
722 * Make sure setup_alternate_shallow() for the next ref does
723 * not lose these new roots..
725 for (i
= 0; i
< extra
.nr
; i
++)
726 register_shallow(extra
.sha1
[i
]);
728 si
->shallow_ref
[cmd
->index
] = 0;
729 sha1_array_clear(&extra
);
733 static const char *update(struct command
*cmd
, struct shallow_info
*si
)
735 const char *name
= cmd
->ref_name
;
736 struct strbuf namespaced_name_buf
= STRBUF_INIT
;
737 const char *namespaced_name
;
738 unsigned char *old_sha1
= cmd
->old_sha1
;
739 unsigned char *new_sha1
= cmd
->new_sha1
;
741 /* only refs/... are allowed */
742 if (!starts_with(name
, "refs/") || check_refname_format(name
+ 5, 0)) {
743 rp_error("refusing to create funny ref '%s' remotely", name
);
744 return "funny refname";
747 strbuf_addf(&namespaced_name_buf
, "%s%s", get_git_namespace(), name
);
748 namespaced_name
= strbuf_detach(&namespaced_name_buf
, NULL
);
750 if (is_ref_checked_out(namespaced_name
)) {
751 switch (deny_current_branch
) {
755 rp_warning("updating the current branch");
758 case DENY_UNCONFIGURED
:
759 rp_error("refusing to update checked out branch: %s", name
);
760 if (deny_current_branch
== DENY_UNCONFIGURED
)
761 refuse_unconfigured_deny();
762 return "branch is currently checked out";
766 if (!is_null_sha1(new_sha1
) && !has_sha1_file(new_sha1
)) {
767 error("unpack should have generated %s, "
768 "but I can't find it!", sha1_to_hex(new_sha1
));
772 if (!is_null_sha1(old_sha1
) && is_null_sha1(new_sha1
)) {
773 if (deny_deletes
&& starts_with(name
, "refs/heads/")) {
774 rp_error("denying ref deletion for %s", name
);
775 return "deletion prohibited";
778 if (!strcmp(namespaced_name
, head_name
)) {
779 switch (deny_delete_current
) {
783 rp_warning("deleting the current branch");
786 case DENY_UNCONFIGURED
:
787 if (deny_delete_current
== DENY_UNCONFIGURED
)
788 refuse_unconfigured_deny_delete_current();
789 rp_error("refusing to delete the current branch: %s", name
);
790 return "deletion of the current branch prohibited";
795 if (deny_non_fast_forwards
&& !is_null_sha1(new_sha1
) &&
796 !is_null_sha1(old_sha1
) &&
797 starts_with(name
, "refs/heads/")) {
798 struct object
*old_object
, *new_object
;
799 struct commit
*old_commit
, *new_commit
;
801 old_object
= parse_object(old_sha1
);
802 new_object
= parse_object(new_sha1
);
804 if (!old_object
|| !new_object
||
805 old_object
->type
!= OBJ_COMMIT
||
806 new_object
->type
!= OBJ_COMMIT
) {
807 error("bad sha1 objects for %s", name
);
810 old_commit
= (struct commit
*)old_object
;
811 new_commit
= (struct commit
*)new_object
;
812 if (!in_merge_bases(old_commit
, new_commit
)) {
813 rp_error("denying non-fast-forward %s"
814 " (you should pull first)", name
);
815 return "non-fast-forward";
818 if (run_update_hook(cmd
)) {
819 rp_error("hook declined to update %s", name
);
820 return "hook declined";
823 if (is_null_sha1(new_sha1
)) {
824 if (!parse_object(old_sha1
)) {
826 if (ref_exists(name
)) {
827 rp_warning("Allowing deletion of corrupt ref.");
829 rp_warning("Deleting a non-existent ref.");
830 cmd
->did_not_exist
= 1;
833 if (delete_ref(namespaced_name
, old_sha1
, 0)) {
834 rp_error("failed to delete %s", name
);
835 return "failed to delete";
837 return NULL
; /* good */
840 struct strbuf err
= STRBUF_INIT
;
841 struct ref_transaction
*transaction
;
843 if (shallow_update
&& si
->shallow_ref
[cmd
->index
] &&
844 update_shallow_ref(cmd
, si
))
845 return "shallow error";
847 transaction
= ref_transaction_begin(&err
);
849 ref_transaction_update(transaction
, namespaced_name
,
850 new_sha1
, old_sha1
, 0, 1, "push",
852 ref_transaction_commit(transaction
, &err
)) {
853 ref_transaction_free(transaction
);
855 rp_error("%s", err
.buf
);
856 strbuf_release(&err
);
857 return "failed to update ref";
860 ref_transaction_free(transaction
);
861 strbuf_release(&err
);
862 return NULL
; /* good */
866 static void run_update_post_hook(struct command
*commands
)
871 struct child_process proc
= CHILD_PROCESS_INIT
;
874 hook
= find_hook("post-update");
875 for (argc
= 0, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
876 if (cmd
->error_string
|| cmd
->did_not_exist
)
883 argv
= xmalloc(sizeof(*argv
) * (2 + argc
));
886 for (argc
= 1, cmd
= commands
; cmd
; cmd
= cmd
->next
) {
887 if (cmd
->error_string
|| cmd
->did_not_exist
)
889 argv
[argc
] = xstrdup(cmd
->ref_name
);
895 proc
.stdout_to_stderr
= 1;
896 proc
.err
= use_sideband
? -1 : 0;
899 if (!start_command(&proc
)) {
901 copy_to_sideband(proc
.err
, -1, NULL
);
902 finish_command(&proc
);
906 static void check_aliased_update(struct command
*cmd
, struct string_list
*list
)
908 struct strbuf buf
= STRBUF_INIT
;
909 const char *dst_name
;
910 struct string_list_item
*item
;
911 struct command
*dst_cmd
;
912 unsigned char sha1
[20];
913 char cmd_oldh
[41], cmd_newh
[41], dst_oldh
[41], dst_newh
[41];
916 strbuf_addf(&buf
, "%s%s", get_git_namespace(), cmd
->ref_name
);
917 dst_name
= resolve_ref_unsafe(buf
.buf
, 0, sha1
, &flag
);
918 strbuf_release(&buf
);
920 if (!(flag
& REF_ISSYMREF
))
923 dst_name
= strip_namespace(dst_name
);
925 rp_error("refusing update to broken symref '%s'", cmd
->ref_name
);
926 cmd
->skip_update
= 1;
927 cmd
->error_string
= "broken symref";
931 if ((item
= string_list_lookup(list
, dst_name
)) == NULL
)
934 cmd
->skip_update
= 1;
936 dst_cmd
= (struct command
*) item
->util
;
938 if (!hashcmp(cmd
->old_sha1
, dst_cmd
->old_sha1
) &&
939 !hashcmp(cmd
->new_sha1
, dst_cmd
->new_sha1
))
942 dst_cmd
->skip_update
= 1;
944 strcpy(cmd_oldh
, find_unique_abbrev(cmd
->old_sha1
, DEFAULT_ABBREV
));
945 strcpy(cmd_newh
, find_unique_abbrev(cmd
->new_sha1
, DEFAULT_ABBREV
));
946 strcpy(dst_oldh
, find_unique_abbrev(dst_cmd
->old_sha1
, DEFAULT_ABBREV
));
947 strcpy(dst_newh
, find_unique_abbrev(dst_cmd
->new_sha1
, DEFAULT_ABBREV
));
948 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
949 " its target '%s' (%s..%s)",
950 cmd
->ref_name
, cmd_oldh
, cmd_newh
,
951 dst_cmd
->ref_name
, dst_oldh
, dst_newh
);
953 cmd
->error_string
= dst_cmd
->error_string
=
954 "inconsistent aliased update";
957 static void check_aliased_updates(struct command
*commands
)
960 struct string_list ref_list
= STRING_LIST_INIT_NODUP
;
962 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
963 struct string_list_item
*item
=
964 string_list_append(&ref_list
, cmd
->ref_name
);
965 item
->util
= (void *)cmd
;
967 sort_string_list(&ref_list
);
969 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
970 if (!cmd
->error_string
)
971 check_aliased_update(cmd
, &ref_list
);
974 string_list_clear(&ref_list
, 0);
977 static int command_singleton_iterator(void *cb_data
, unsigned char sha1
[20])
979 struct command
**cmd_list
= cb_data
;
980 struct command
*cmd
= *cmd_list
;
982 if (!cmd
|| is_null_sha1(cmd
->new_sha1
))
983 return -1; /* end of list */
984 *cmd_list
= NULL
; /* this returns only one */
985 hashcpy(sha1
, cmd
->new_sha1
);
989 static void set_connectivity_errors(struct command
*commands
,
990 struct shallow_info
*si
)
994 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
995 struct command
*singleton
= cmd
;
996 if (shallow_update
&& si
->shallow_ref
[cmd
->index
])
997 /* to be checked in update_shallow_ref() */
999 if (!check_everything_connected(command_singleton_iterator
,
1002 cmd
->error_string
= "missing necessary objects";
1006 struct iterate_data
{
1007 struct command
*cmds
;
1008 struct shallow_info
*si
;
1011 static int iterate_receive_command_list(void *cb_data
, unsigned char sha1
[20])
1013 struct iterate_data
*data
= cb_data
;
1014 struct command
**cmd_list
= &data
->cmds
;
1015 struct command
*cmd
= *cmd_list
;
1017 for (; cmd
; cmd
= cmd
->next
) {
1018 if (shallow_update
&& data
->si
->shallow_ref
[cmd
->index
])
1019 /* to be checked in update_shallow_ref() */
1021 if (!is_null_sha1(cmd
->new_sha1
) && !cmd
->skip_update
) {
1022 hashcpy(sha1
, cmd
->new_sha1
);
1023 *cmd_list
= cmd
->next
;
1028 return -1; /* end of list */
1031 static void reject_updates_to_hidden(struct command
*commands
)
1033 struct command
*cmd
;
1035 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1036 if (cmd
->error_string
|| !ref_is_hidden(cmd
->ref_name
))
1038 if (is_null_sha1(cmd
->new_sha1
))
1039 cmd
->error_string
= "deny deleting a hidden ref";
1041 cmd
->error_string
= "deny updating a hidden ref";
1045 static int should_process_cmd(struct command
*cmd
)
1047 return !cmd
->error_string
&& !cmd
->skip_update
;
1050 static void warn_if_skipped_connectivity_check(struct command
*commands
,
1051 struct shallow_info
*si
)
1053 struct command
*cmd
;
1054 int checked_connectivity
= 1;
1056 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1057 if (should_process_cmd(cmd
) && si
->shallow_ref
[cmd
->index
]) {
1058 error("BUG: connectivity check has not been run on ref %s",
1060 checked_connectivity
= 0;
1063 if (!checked_connectivity
)
1064 error("BUG: run 'git fsck' for safety.\n"
1065 "If there are errors, try to remove "
1066 "the reported refs above");
1069 static void execute_commands(struct command
*commands
,
1070 const char *unpacker_error
,
1071 struct shallow_info
*si
)
1073 struct command
*cmd
;
1074 unsigned char sha1
[20];
1075 struct iterate_data data
;
1077 if (unpacker_error
) {
1078 for (cmd
= commands
; cmd
; cmd
= cmd
->next
)
1079 cmd
->error_string
= "unpacker error";
1083 data
.cmds
= commands
;
1085 if (check_everything_connected(iterate_receive_command_list
, 0, &data
))
1086 set_connectivity_errors(commands
, si
);
1088 reject_updates_to_hidden(commands
);
1090 if (run_receive_hook(commands
, "pre-receive", 0)) {
1091 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1092 if (!cmd
->error_string
)
1093 cmd
->error_string
= "pre-receive hook declined";
1098 check_aliased_updates(commands
);
1100 free(head_name_to_free
);
1101 head_name
= head_name_to_free
= resolve_refdup("HEAD", 0, sha1
, NULL
);
1103 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1104 if (!should_process_cmd(cmd
))
1107 cmd
->error_string
= update(cmd
, si
);
1111 warn_if_skipped_connectivity_check(commands
, si
);
1114 static struct command
**queue_command(struct command
**tail
,
1118 unsigned char old_sha1
[20], new_sha1
[20];
1119 struct command
*cmd
;
1120 const char *refname
;
1126 get_sha1_hex(line
, old_sha1
) ||
1127 get_sha1_hex(line
+ 41, new_sha1
))
1128 die("protocol error: expected old/new/ref, got '%s'", line
);
1130 refname
= line
+ 82;
1131 reflen
= linelen
- 82;
1132 cmd
= xcalloc(1, sizeof(struct command
) + reflen
+ 1);
1133 hashcpy(cmd
->old_sha1
, old_sha1
);
1134 hashcpy(cmd
->new_sha1
, new_sha1
);
1135 memcpy(cmd
->ref_name
, refname
, reflen
);
1136 cmd
->ref_name
[reflen
] = '\0';
1141 static void queue_commands_from_cert(struct command
**tail
,
1142 struct strbuf
*push_cert
)
1144 const char *boc
, *eoc
;
1147 die("protocol error: got both push certificate and unsigned commands");
1149 boc
= strstr(push_cert
->buf
, "\n\n");
1151 die("malformed push certificate %.*s", 100, push_cert
->buf
);
1154 eoc
= push_cert
->buf
+ parse_signature(push_cert
->buf
, push_cert
->len
);
1157 const char *eol
= memchr(boc
, '\n', eoc
- boc
);
1158 tail
= queue_command(tail
, boc
, eol
? eol
- boc
: eoc
- eol
);
1159 boc
= eol
? eol
+ 1 : eoc
;
1163 static struct command
*read_head_info(struct sha1_array
*shallow
)
1165 struct command
*commands
= NULL
;
1166 struct command
**p
= &commands
;
1171 line
= packet_read_line(0, &len
);
1175 if (len
== 48 && starts_with(line
, "shallow ")) {
1176 unsigned char sha1
[20];
1177 if (get_sha1_hex(line
+ 8, sha1
))
1178 die("protocol error: expected shallow sha, got '%s'",
1180 sha1_array_append(shallow
, sha1
);
1184 linelen
= strlen(line
);
1185 if (linelen
< len
) {
1186 const char *feature_list
= line
+ linelen
+ 1;
1187 if (parse_feature_request(feature_list
, "report-status"))
1189 if (parse_feature_request(feature_list
, "side-band-64k"))
1190 use_sideband
= LARGE_PACKET_MAX
;
1191 if (parse_feature_request(feature_list
, "quiet"))
1195 if (!strcmp(line
, "push-cert")) {
1200 len
= packet_read(0, NULL
, NULL
,
1201 certbuf
, sizeof(certbuf
), 0);
1206 if (!strcmp(certbuf
, "push-cert-end\n"))
1207 break; /* end of cert */
1208 strbuf_addstr(&push_cert
, certbuf
);
1216 p
= queue_command(p
, line
, linelen
);
1220 queue_commands_from_cert(p
, &push_cert
);
1225 static const char *parse_pack_header(struct pack_header
*hdr
)
1227 switch (read_pack_header(0, hdr
)) {
1229 return "eof before pack header was fully read";
1231 case PH_ERROR_PACK_SIGNATURE
:
1232 return "protocol error (pack signature mismatch detected)";
1234 case PH_ERROR_PROTOCOL
:
1235 return "protocol error (pack version unsupported)";
1238 return "unknown error in parse_pack_header";
1245 static const char *pack_lockfile
;
1247 static const char *unpack(int err_fd
, struct shallow_info
*si
)
1249 struct pack_header hdr
;
1250 const char *hdr_err
;
1253 struct child_process child
= CHILD_PROCESS_INIT
;
1254 int fsck_objects
= (receive_fsck_objects
>= 0
1255 ? receive_fsck_objects
1256 : transfer_fsck_objects
>= 0
1257 ? transfer_fsck_objects
1260 hdr_err
= parse_pack_header(&hdr
);
1266 snprintf(hdr_arg
, sizeof(hdr_arg
),
1267 "--pack_header=%"PRIu32
",%"PRIu32
,
1268 ntohl(hdr
.hdr_version
), ntohl(hdr
.hdr_entries
));
1270 if (si
->nr_ours
|| si
->nr_theirs
) {
1271 alt_shallow_file
= setup_temporary_shallow(si
->shallow
);
1272 argv_array_push(&child
.args
, "--shallow-file");
1273 argv_array_push(&child
.args
, alt_shallow_file
);
1276 if (ntohl(hdr
.hdr_entries
) < unpack_limit
) {
1277 argv_array_pushl(&child
.args
, "unpack-objects", hdr_arg
, NULL
);
1279 argv_array_push(&child
.args
, "-q");
1281 argv_array_push(&child
.args
, "--strict");
1282 child
.no_stdout
= 1;
1285 status
= run_command(&child
);
1287 return "unpack-objects abnormal exit";
1292 s
= sprintf(keep_arg
, "--keep=receive-pack %"PRIuMAX
" on ", (uintmax_t) getpid());
1293 if (gethostname(keep_arg
+ s
, sizeof(keep_arg
) - s
))
1294 strcpy(keep_arg
+ s
, "localhost");
1296 argv_array_pushl(&child
.args
, "index-pack",
1297 "--stdin", hdr_arg
, keep_arg
, NULL
);
1299 argv_array_push(&child
.args
, "--strict");
1301 argv_array_push(&child
.args
, "--fix-thin");
1305 status
= start_command(&child
);
1307 return "index-pack fork failed";
1308 pack_lockfile
= index_pack_lockfile(child
.out
);
1310 status
= finish_command(&child
);
1312 return "index-pack abnormal exit";
1313 reprepare_packed_git();
1318 static const char *unpack_with_sideband(struct shallow_info
*si
)
1324 return unpack(0, si
);
1326 memset(&muxer
, 0, sizeof(muxer
));
1327 muxer
.proc
= copy_to_sideband
;
1329 if (start_async(&muxer
))
1332 ret
= unpack(muxer
.in
, si
);
1334 finish_async(&muxer
);
1338 static void prepare_shallow_update(struct command
*commands
,
1339 struct shallow_info
*si
)
1341 int i
, j
, k
, bitmap_size
= (si
->ref
->nr
+ 31) / 32;
1343 si
->used_shallow
= xmalloc(sizeof(*si
->used_shallow
) *
1345 assign_shallow_commits_to_refs(si
, si
->used_shallow
, NULL
);
1347 si
->need_reachability_test
=
1348 xcalloc(si
->shallow
->nr
, sizeof(*si
->need_reachability_test
));
1350 xcalloc(si
->shallow
->nr
, sizeof(*si
->reachable
));
1351 si
->shallow_ref
= xcalloc(si
->ref
->nr
, sizeof(*si
->shallow_ref
));
1353 for (i
= 0; i
< si
->nr_ours
; i
++)
1354 si
->need_reachability_test
[si
->ours
[i
]] = 1;
1356 for (i
= 0; i
< si
->shallow
->nr
; i
++) {
1357 if (!si
->used_shallow
[i
])
1359 for (j
= 0; j
< bitmap_size
; j
++) {
1360 if (!si
->used_shallow
[i
][j
])
1362 si
->need_reachability_test
[i
]++;
1363 for (k
= 0; k
< 32; k
++)
1364 if (si
->used_shallow
[i
][j
] & (1 << k
))
1365 si
->shallow_ref
[j
* 32 + k
]++;
1369 * true for those associated with some refs and belong
1370 * in "ours" list aka "step 7 not done yet"
1372 si
->need_reachability_test
[i
] =
1373 si
->need_reachability_test
[i
] > 1;
1377 * keep hooks happy by forcing a temporary shallow file via
1378 * env variable because we can't add --shallow-file to every
1379 * command. check_everything_connected() will be done with
1380 * true .git/shallow though.
1382 setenv(GIT_SHALLOW_FILE_ENVIRONMENT
, alt_shallow_file
, 1);
1385 static void update_shallow_info(struct command
*commands
,
1386 struct shallow_info
*si
,
1387 struct sha1_array
*ref
)
1389 struct command
*cmd
;
1391 remove_nonexistent_theirs_shallow(si
);
1392 if (!si
->nr_ours
&& !si
->nr_theirs
) {
1397 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1398 if (is_null_sha1(cmd
->new_sha1
))
1400 sha1_array_append(ref
, cmd
->new_sha1
);
1401 cmd
->index
= ref
->nr
- 1;
1405 if (shallow_update
) {
1406 prepare_shallow_update(commands
, si
);
1410 ref_status
= xmalloc(sizeof(*ref_status
) * ref
->nr
);
1411 assign_shallow_commits_to_refs(si
, NULL
, ref_status
);
1412 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1413 if (is_null_sha1(cmd
->new_sha1
))
1415 if (ref_status
[cmd
->index
]) {
1416 cmd
->error_string
= "shallow update not allowed";
1417 cmd
->skip_update
= 1;
1423 static void report(struct command
*commands
, const char *unpack_status
)
1425 struct command
*cmd
;
1426 struct strbuf buf
= STRBUF_INIT
;
1428 packet_buf_write(&buf
, "unpack %s\n",
1429 unpack_status
? unpack_status
: "ok");
1430 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1431 if (!cmd
->error_string
)
1432 packet_buf_write(&buf
, "ok %s\n",
1435 packet_buf_write(&buf
, "ng %s %s\n",
1436 cmd
->ref_name
, cmd
->error_string
);
1438 packet_buf_flush(&buf
);
1441 send_sideband(1, 1, buf
.buf
, buf
.len
, use_sideband
);
1443 write_or_die(1, buf
.buf
, buf
.len
);
1444 strbuf_release(&buf
);
1447 static int delete_only(struct command
*commands
)
1449 struct command
*cmd
;
1450 for (cmd
= commands
; cmd
; cmd
= cmd
->next
) {
1451 if (!is_null_sha1(cmd
->new_sha1
))
1457 int cmd_receive_pack(int argc
, const char **argv
, const char *prefix
)
1459 int advertise_refs
= 0;
1461 struct command
*commands
;
1462 struct sha1_array shallow
= SHA1_ARRAY_INIT
;
1463 struct sha1_array ref
= SHA1_ARRAY_INIT
;
1464 struct shallow_info si
;
1466 packet_trace_identity("receive-pack");
1469 for (i
= 1; i
< argc
; i
++) {
1470 const char *arg
= *argv
++;
1473 if (!strcmp(arg
, "--quiet")) {
1478 if (!strcmp(arg
, "--advertise-refs")) {
1482 if (!strcmp(arg
, "--stateless-rpc")) {
1486 if (!strcmp(arg
, "--reject-thin-pack-for-testing")) {
1491 usage(receive_pack_usage
);
1494 usage(receive_pack_usage
);
1498 usage(receive_pack_usage
);
1502 if (!enter_repo(service_dir
, 0))
1503 die("'%s' does not appear to be a git repository", service_dir
);
1505 git_config(receive_pack_config
, NULL
);
1506 if (cert_nonce_seed
)
1507 push_cert_nonce
= prepare_push_cert_nonce(service_dir
, time(NULL
));
1509 if (0 <= transfer_unpack_limit
)
1510 unpack_limit
= transfer_unpack_limit
;
1511 else if (0 <= receive_unpack_limit
)
1512 unpack_limit
= receive_unpack_limit
;
1514 if (advertise_refs
|| !stateless_rpc
) {
1520 if ((commands
= read_head_info(&shallow
)) != NULL
) {
1521 const char *unpack_status
= NULL
;
1523 prepare_shallow_info(&si
, &shallow
);
1524 if (!si
.nr_ours
&& !si
.nr_theirs
)
1526 if (!delete_only(commands
)) {
1527 unpack_status
= unpack_with_sideband(&si
);
1528 update_shallow_info(commands
, &si
, &ref
);
1530 execute_commands(commands
, unpack_status
, &si
);
1532 unlink_or_warn(pack_lockfile
);
1534 report(commands
, unpack_status
);
1535 run_receive_hook(commands
, "post-receive", 1);
1536 run_update_post_hook(commands
);
1538 const char *argv_gc_auto
[] = {
1539 "gc", "--auto", "--quiet", NULL
,
1541 int opt
= RUN_GIT_CMD
| RUN_COMMAND_STDOUT_TO_STDERR
;
1542 run_command_v_opt(argv_gc_auto
, opt
);
1544 if (auto_update_server_info
)
1545 update_server_info(0);
1546 clear_shallow_info(&si
);
1550 sha1_array_clear(&shallow
);
1551 sha1_array_clear(&ref
);
1552 free((void *)push_cert_nonce
);