search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
receive-pack: drop tmp_objdir_env from run_update_hook
[git/gitweb.git] / builtin / receive-pack.c
bloba7408591d92789b0aefb6529db7e42d2dc6e2037
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23 #include "tmp-objdir.h"
24
25 static const char * const receive_pack_usage[] = {
26 N_("git receive-pack <git-dir>"),
27 NULL
28 };
29
30 enum deny_action {
31 DENY_UNCONFIGURED,
32 DENY_IGNORE,
33 DENY_WARN,
34 DENY_REFUSE,
35 DENY_UPDATE_INSTEAD
36 };
37
38 static int deny_deletes;
39 static int deny_non_fast_forwards;
40 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
41 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
42 static int receive_fsck_objects = -1;
43 static int transfer_fsck_objects = -1;
44 static struct strbuf fsck_msg_types = STRBUF_INIT;
45 static int receive_unpack_limit = -1;
46 static int transfer_unpack_limit = -1;
47 static int advertise_atomic_push = 1;
48 static int advertise_push_options;
49 static int unpack_limit = 100;
50 static off_t max_input_size;
51 static int report_status;
52 static int use_sideband;
53 static int use_atomic;
54 static int use_push_options;
55 static int quiet;
56 static int prefer_ofs_delta = 1;
57 static int auto_update_server_info;
58 static int auto_gc = 1;
59 static int reject_thin;
60 static int stateless_rpc;
61 static const char *service_dir;
62 static const char *head_name;
63 static void *head_name_to_free;
64 static int sent_capabilities;
65 static int shallow_update;
66 static const char *alt_shallow_file;
67 static struct strbuf push_cert = STRBUF_INIT;
68 static unsigned char push_cert_sha1[20];
69 static struct signature_check sigcheck;
70 static const char *push_cert_nonce;
71 static const char *cert_nonce_seed;
72
73 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
74 static const char *NONCE_BAD = "BAD";
75 static const char *NONCE_MISSING = "MISSING";
76 static const char *NONCE_OK = "OK";
77 static const char *NONCE_SLOP = "SLOP";
78 static const char *nonce_status;
79 static long nonce_stamp_slop;
80 static unsigned long nonce_stamp_slop_limit;
81 static struct ref_transaction *transaction;
82
83 static enum {
84 KEEPALIVE_NEVER = 0,
85 KEEPALIVE_AFTER_NUL,
86 KEEPALIVE_ALWAYS
87 } use_keepalive;
88 static int keepalive_in_sec = 5;
89
90 static struct tmp_objdir *tmp_objdir;
91
92 static enum deny_action parse_deny_action(const char *var, const char *value)
93 {
94 if (value) {
95 if (!strcasecmp(value, "ignore"))
96 return DENY_IGNORE;
97 if (!strcasecmp(value, "warn"))
98 return DENY_WARN;
99 if (!strcasecmp(value, "refuse"))
100 return DENY_REFUSE;
101 if (!strcasecmp(value, "updateinstead"))
102 return DENY_UPDATE_INSTEAD;
103 }
104 if (git_config_bool(var, value))
105 return DENY_REFUSE;
106 return DENY_IGNORE;
107 }
108
109 static int receive_pack_config(const char *var, const char *value, void *cb)
110 {
111 int status = parse_hide_refs_config(var, value, "receive");
112
113 if (status)
114 return status;
115
116 if (strcmp(var, "receive.denydeletes") == 0) {
117 deny_deletes = git_config_bool(var, value);
118 return 0;
119 }
120
121 if (strcmp(var, "receive.denynonfastforwards") == 0) {
122 deny_non_fast_forwards = git_config_bool(var, value);
123 return 0;
124 }
125
126 if (strcmp(var, "receive.unpacklimit") == 0) {
127 receive_unpack_limit = git_config_int(var, value);
128 return 0;
129 }
130
131 if (strcmp(var, "transfer.unpacklimit") == 0) {
132 transfer_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135
136 if (strcmp(var, "receive.fsck.skiplist") == 0) {
137 const char *path;
138
139 if (git_config_pathname(&path, var, value))
140 return 1;
141 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
142 fsck_msg_types.len ? ',' : '=', path);
143 free((char *)path);
144 return 0;
145 }
146
147 if (skip_prefix(var, "receive.fsck.", &var)) {
148 if (is_valid_msg_type(var, value))
149 strbuf_addf(&fsck_msg_types, "%c%s=%s",
150 fsck_msg_types.len ? ',' : '=', var, value);
151 else
152 warning("Skipping unknown msg id '%s'", var);
153 return 0;
154 }
155
156 if (strcmp(var, "receive.fsckobjects") == 0) {
157 receive_fsck_objects = git_config_bool(var, value);
158 return 0;
159 }
160
161 if (strcmp(var, "transfer.fsckobjects") == 0) {
162 transfer_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165
166 if (!strcmp(var, "receive.denycurrentbranch")) {
167 deny_current_branch = parse_deny_action(var, value);
168 return 0;
169 }
170
171 if (strcmp(var, "receive.denydeletecurrent") == 0) {
172 deny_delete_current = parse_deny_action(var, value);
173 return 0;
174 }
175
176 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
177 prefer_ofs_delta = git_config_bool(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "receive.updateserverinfo") == 0) {
182 auto_update_server_info = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (strcmp(var, "receive.autogc") == 0) {
187 auto_gc = git_config_bool(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.shallowupdate") == 0) {
192 shallow_update = git_config_bool(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "receive.certnonceseed") == 0)
197 return git_config_string(&cert_nonce_seed, var, value);
198
199 if (strcmp(var, "receive.certnonceslop") == 0) {
200 nonce_stamp_slop_limit = git_config_ulong(var, value);
201 return 0;
202 }
203
204 if (strcmp(var, "receive.advertiseatomic") == 0) {
205 advertise_atomic_push = git_config_bool(var, value);
206 return 0;
207 }
208
209 if (strcmp(var, "receive.advertisepushoptions") == 0) {
210 advertise_push_options = git_config_bool(var, value);
211 return 0;
212 }
213
214 if (strcmp(var, "receive.keepalive") == 0) {
215 keepalive_in_sec = git_config_int(var, value);
216 return 0;
217 }
218
219 if (strcmp(var, "receive.maxinputsize") == 0) {
220 max_input_size = git_config_int64(var, value);
221 return 0;
222 }
223
224 return git_default_config(var, value, cb);
225 }
226
227 static void show_ref(const char *path, const unsigned char *sha1)
228 {
229 if (sent_capabilities) {
230 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
231 } else {
232 struct strbuf cap = STRBUF_INIT;
233
234 strbuf_addstr(&cap,
235 "report-status delete-refs side-band-64k quiet");
236 if (advertise_atomic_push)
237 strbuf_addstr(&cap, " atomic");
238 if (prefer_ofs_delta)
239 strbuf_addstr(&cap, " ofs-delta");
240 if (push_cert_nonce)
241 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
242 if (advertise_push_options)
243 strbuf_addstr(&cap, " push-options");
244 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
245 packet_write(1, "%s %s%c%s\n",
246 sha1_to_hex(sha1), path, 0, cap.buf);
247 strbuf_release(&cap);
248 sent_capabilities = 1;
249 }
250 }
251
252 static int show_ref_cb(const char *path_full, const struct object_id *oid,
253 int flag, void *unused)
254 {
255 const char *path = strip_namespace(path_full);
256
257 if (ref_is_hidden(path, path_full))
258 return 0;
259
260 /*
261 * Advertise refs outside our current namespace as ".have"
262 * refs, so that the client can use them to minimize data
263 * transfer but will otherwise ignore them. This happens to
264 * cover ".have" that are thrown in by add_one_alternate_ref()
265 * to mark histories that are complete in our alternates as
266 * well.
267 */
268 if (!path)
269 path = ".have";
270 show_ref(path, oid->hash);
271 return 0;
272 }
273
274 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
275 {
276 show_ref(".have", sha1);
277 }
278
279 static void collect_one_alternate_ref(const struct ref *ref, void *data)
280 {
281 struct sha1_array *sa = data;
282 sha1_array_append(sa, ref->old_oid.hash);
283 }
284
285 static void write_head_info(void)
286 {
287 struct sha1_array sa = SHA1_ARRAY_INIT;
288
289 for_each_alternate_ref(collect_one_alternate_ref, &sa);
290 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
291 sha1_array_clear(&sa);
292 for_each_ref(show_ref_cb, NULL);
293 if (!sent_capabilities)
294 show_ref("capabilities^{}", null_sha1);
295
296 advertise_shallow_grafts(1);
297
298 /* EOF */
299 packet_flush(1);
300 }
301
302 struct command {
303 struct command *next;
304 const char *error_string;
305 unsigned int skip_update:1,
306 did_not_exist:1;
307 int index;
308 unsigned char old_sha1[20];
309 unsigned char new_sha1[20];
310 char ref_name[FLEX_ARRAY]; /* more */
311 };
312
313 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
314 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
315
316 static void report_message(const char *prefix, const char *err, va_list params)
317 {
318 int sz;
319 char msg[4096];
320
321 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
322 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
323 if (sz > (sizeof(msg) - 1))
324 sz = sizeof(msg) - 1;
325 msg[sz++] = '\n';
326
327 if (use_sideband)
328 send_sideband(1, 2, msg, sz, use_sideband);
329 else
330 xwrite(2, msg, sz);
331 }
332
333 static void rp_warning(const char *err, ...)
334 {
335 va_list params;
336 va_start(params, err);
337 report_message("warning: ", err, params);
338 va_end(params);
339 }
340
341 static void rp_error(const char *err, ...)
342 {
343 va_list params;
344 va_start(params, err);
345 report_message("error: ", err, params);
346 va_end(params);
347 }
348
349 static int copy_to_sideband(int in, int out, void *arg)
350 {
351 char data[128];
352 int keepalive_active = 0;
353
354 if (keepalive_in_sec <= 0)
355 use_keepalive = KEEPALIVE_NEVER;
356 if (use_keepalive == KEEPALIVE_ALWAYS)
357 keepalive_active = 1;
358
359 while (1) {
360 ssize_t sz;
361
362 if (keepalive_active) {
363 struct pollfd pfd;
364 int ret;
365
366 pfd.fd = in;
367 pfd.events = POLLIN;
368 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
369
370 if (ret < 0) {
371 if (errno == EINTR)
372 continue;
373 else
374 break;
375 } else if (ret == 0) {
376 /* no data; send a keepalive packet */
377 static const char buf[] = "0005\1";
378 write_or_die(1, buf, sizeof(buf) - 1);
379 continue;
380 } /* else there is actual data to read */
381 }
382
383 sz = xread(in, data, sizeof(data));
384 if (sz <= 0)
385 break;
386
387 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
388 const char *p = memchr(data, '\0', sz);
389 if (p) {
390 /*
391 * The NUL tells us to start sending keepalives. Make
392 * sure we send any other data we read along
393 * with it.
394 */
395 keepalive_active = 1;
396 send_sideband(1, 2, data, p - data, use_sideband);
397 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
398 continue;
399 }
400 }
401
402 /*
403 * Either we're not looking for a NUL signal, or we didn't see
404 * it yet; just pass along the data.
405 */
406 send_sideband(1, 2, data, sz, use_sideband);
407 }
408 close(in);
409 return 0;
410 }
411
412 #define HMAC_BLOCK_SIZE 64
413
414 static void hmac_sha1(unsigned char *out,
415 const char *key_in, size_t key_len,
416 const char *text, size_t text_len)
417 {
418 unsigned char key[HMAC_BLOCK_SIZE];
419 unsigned char k_ipad[HMAC_BLOCK_SIZE];
420 unsigned char k_opad[HMAC_BLOCK_SIZE];
421 int i;
422 git_SHA_CTX ctx;
423
424 /* RFC 2104 2. (1) */
425 memset(key, '\0', HMAC_BLOCK_SIZE);
426 if (HMAC_BLOCK_SIZE < key_len) {
427 git_SHA1_Init(&ctx);
428 git_SHA1_Update(&ctx, key_in, key_len);
429 git_SHA1_Final(key, &ctx);
430 } else {
431 memcpy(key, key_in, key_len);
432 }
433
434 /* RFC 2104 2. (2) & (5) */
435 for (i = 0; i < sizeof(key); i++) {
436 k_ipad[i] = key[i] ^ 0x36;
437 k_opad[i] = key[i] ^ 0x5c;
438 }
439
440 /* RFC 2104 2. (3) & (4) */
441 git_SHA1_Init(&ctx);
442 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
443 git_SHA1_Update(&ctx, text, text_len);
444 git_SHA1_Final(out, &ctx);
445
446 /* RFC 2104 2. (6) & (7) */
447 git_SHA1_Init(&ctx);
448 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
449 git_SHA1_Update(&ctx, out, 20);
450 git_SHA1_Final(out, &ctx);
451 }
452
453 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
454 {
455 struct strbuf buf = STRBUF_INIT;
456 unsigned char sha1[20];
457
458 strbuf_addf(&buf, "%s:%lu", path, stamp);
459 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
460 strbuf_release(&buf);
461
462 /* RFC 2104 5. HMAC-SHA1-80 */
463 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
464 return strbuf_detach(&buf, NULL);
465 }
466
467 /*
468 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
469 * after dropping "_commit" from its name and possibly moving it out
470 * of commit.c
471 */
472 static char *find_header(const char *msg, size_t len, const char *key)
473 {
474 int key_len = strlen(key);
475 const char *line = msg;
476
477 while (line && line < msg + len) {
478 const char *eol = strchrnul(line, '\n');
479
480 if ((msg + len <= eol) || line == eol)
481 return NULL;
482 if (line + key_len < eol &&
483 !memcmp(line, key, key_len) && line[key_len] == ' ') {
484 int offset = key_len + 1;
485 return xmemdupz(line + offset, (eol - line) - offset);
486 }
487 line = *eol ? eol + 1 : NULL;
488 }
489 return NULL;
490 }
491
492 static const char *check_nonce(const char *buf, size_t len)
493 {
494 char *nonce = find_header(buf, len, "nonce");
495 unsigned long stamp, ostamp;
496 char *bohmac, *expect = NULL;
497 const char *retval = NONCE_BAD;
498
499 if (!nonce) {
500 retval = NONCE_MISSING;
501 goto leave;
502 } else if (!push_cert_nonce) {
503 retval = NONCE_UNSOLICITED;
504 goto leave;
505 } else if (!strcmp(push_cert_nonce, nonce)) {
506 retval = NONCE_OK;
507 goto leave;
508 }
509
510 if (!stateless_rpc) {
511 /* returned nonce MUST match what we gave out earlier */
512 retval = NONCE_BAD;
513 goto leave;
514 }
515
516 /*
517 * In stateless mode, we may be receiving a nonce issued by
518 * another instance of the server that serving the same
519 * repository, and the timestamps may not match, but the
520 * nonce-seed and dir should match, so we can recompute and
521 * report the time slop.
522 *
523 * In addition, when a nonce issued by another instance has
524 * timestamp within receive.certnonceslop seconds, we pretend
525 * as if we issued that nonce when reporting to the hook.
526 */
527
528 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
529 if (*nonce <= '0' || '9' < *nonce) {
530 retval = NONCE_BAD;
531 goto leave;
532 }
533 stamp = strtoul(nonce, &bohmac, 10);
534 if (bohmac == nonce || bohmac[0] != '-') {
535 retval = NONCE_BAD;
536 goto leave;
537 }
538
539 expect = prepare_push_cert_nonce(service_dir, stamp);
540 if (strcmp(expect, nonce)) {
541 /* Not what we would have signed earlier */
542 retval = NONCE_BAD;
543 goto leave;
544 }
545
546 /*
547 * By how many seconds is this nonce stale? Negative value
548 * would mean it was issued by another server with its clock
549 * skewed in the future.
550 */
551 ostamp = strtoul(push_cert_nonce, NULL, 10);
552 nonce_stamp_slop = (long)ostamp - (long)stamp;
553
554 if (nonce_stamp_slop_limit &&
555 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
556 /*
557 * Pretend as if the received nonce (which passes the
558 * HMAC check, so it is not a forged by third-party)
559 * is what we issued.
560 */
561 free((void *)push_cert_nonce);
562 push_cert_nonce = xstrdup(nonce);
563 retval = NONCE_OK;
564 } else {
565 retval = NONCE_SLOP;
566 }
567
568 leave:
569 free(nonce);
570 free(expect);
571 return retval;
572 }
573
574 static void prepare_push_cert_sha1(struct child_process *proc)
575 {
576 static int already_done;
577
578 if (!push_cert.len)
579 return;
580
581 if (!already_done) {
582 struct strbuf gpg_output = STRBUF_INIT;
583 struct strbuf gpg_status = STRBUF_INIT;
584 int bogs /* beginning_of_gpg_sig */;
585
586 already_done = 1;
587 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
588 hashclr(push_cert_sha1);
589
590 memset(&sigcheck, '\0', sizeof(sigcheck));
591 sigcheck.result = 'N';
592
593 bogs = parse_signature(push_cert.buf, push_cert.len);
594 if (verify_signed_buffer(push_cert.buf, bogs,
595 push_cert.buf + bogs, push_cert.len - bogs,
596 &gpg_output, &gpg_status) < 0) {
597 ; /* error running gpg */
598 } else {
599 sigcheck.payload = push_cert.buf;
600 sigcheck.gpg_output = gpg_output.buf;
601 sigcheck.gpg_status = gpg_status.buf;
602 parse_gpg_output(&sigcheck);
603 }
604
605 strbuf_release(&gpg_output);
606 strbuf_release(&gpg_status);
607 nonce_status = check_nonce(push_cert.buf, bogs);
608 }
609 if (!is_null_sha1(push_cert_sha1)) {
610 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
611 sha1_to_hex(push_cert_sha1));
612 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
613 sigcheck.signer ? sigcheck.signer : "");
614 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
615 sigcheck.key ? sigcheck.key : "");
616 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
617 sigcheck.result);
618 if (push_cert_nonce) {
619 argv_array_pushf(&proc->env_array,
620 "GIT_PUSH_CERT_NONCE=%s",
621 push_cert_nonce);
622 argv_array_pushf(&proc->env_array,
623 "GIT_PUSH_CERT_NONCE_STATUS=%s",
624 nonce_status);
625 if (nonce_status == NONCE_SLOP)
626 argv_array_pushf(&proc->env_array,
627 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
628 nonce_stamp_slop);
629 }
630 }
631 }
632
633 struct receive_hook_feed_state {
634 struct command *cmd;
635 int skip_broken;
636 struct strbuf buf;
637 const struct string_list *push_options;
638 };
639
640 typedef int (*feed_fn)(void *, const char **, size_t *);
641 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
642 struct receive_hook_feed_state *feed_state)
643 {
644 struct child_process proc = CHILD_PROCESS_INIT;
645 struct async muxer;
646 const char *argv[2];
647 int code;
648
649 argv[0] = find_hook(hook_name);
650 if (!argv[0])
651 return 0;
652
653 argv[1] = NULL;
654
655 proc.argv = argv;
656 proc.in = -1;
657 proc.stdout_to_stderr = 1;
658 if (feed_state->push_options) {
659 int i;
660 for (i = 0; i < feed_state->push_options->nr; i++)
661 argv_array_pushf(&proc.env_array,
662 "GIT_PUSH_OPTION_%d=%s", i,
663 feed_state->push_options->items[i].string);
664 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
665 feed_state->push_options->nr);
666 } else
667 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
668
669 if (tmp_objdir)
670 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
671
672 if (use_sideband) {
673 memset(&muxer, 0, sizeof(muxer));
674 muxer.proc = copy_to_sideband;
675 muxer.in = -1;
676 code = start_async(&muxer);
677 if (code)
678 return code;
679 proc.err = muxer.in;
680 }
681
682 prepare_push_cert_sha1(&proc);
683
684 code = start_command(&proc);
685 if (code) {
686 if (use_sideband)
687 finish_async(&muxer);
688 return code;
689 }
690
691 sigchain_push(SIGPIPE, SIG_IGN);
692
693 while (1) {
694 const char *buf;
695 size_t n;
696 if (feed(feed_state, &buf, &n))
697 break;
698 if (write_in_full(proc.in, buf, n) != n)
699 break;
700 }
701 close(proc.in);
702 if (use_sideband)
703 finish_async(&muxer);
704
705 sigchain_pop(SIGPIPE);
706
707 return finish_command(&proc);
708 }
709
710 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
711 {
712 struct receive_hook_feed_state *state = state_;
713 struct command *cmd = state->cmd;
714
715 while (cmd &&
716 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
717 cmd = cmd->next;
718 if (!cmd)
719 return -1; /* EOF */
720 strbuf_reset(&state->buf);
721 strbuf_addf(&state->buf, "%s %s %s\n",
722 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
723 cmd->ref_name);
724 state->cmd = cmd->next;
725 if (bufp) {
726 *bufp = state->buf.buf;
727 *sizep = state->buf.len;
728 }
729 return 0;
730 }
731
732 static int run_receive_hook(struct command *commands,
733 const char *hook_name,
734 int skip_broken,
735 const struct string_list *push_options)
736 {
737 struct receive_hook_feed_state state;
738 int status;
739
740 strbuf_init(&state.buf, 0);
741 state.cmd = commands;
742 state.skip_broken = skip_broken;
743 if (feed_receive_hook(&state, NULL, NULL))
744 return 0;
745 state.cmd = commands;
746 state.push_options = push_options;
747 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
748 strbuf_release(&state.buf);
749 return status;
750 }
751
752 static int run_update_hook(struct command *cmd)
753 {
754 const char *argv[5];
755 struct child_process proc = CHILD_PROCESS_INIT;
756 int code;
757
758 argv[0] = find_hook("update");
759 if (!argv[0])
760 return 0;
761
762 argv[1] = cmd->ref_name;
763 argv[2] = sha1_to_hex(cmd->old_sha1);
764 argv[3] = sha1_to_hex(cmd->new_sha1);
765 argv[4] = NULL;
766
767 proc.no_stdin = 1;
768 proc.stdout_to_stderr = 1;
769 proc.err = use_sideband ? -1 : 0;
770 proc.argv = argv;
771
772 code = start_command(&proc);
773 if (code)
774 return code;
775 if (use_sideband)
776 copy_to_sideband(proc.err, -1, NULL);
777 return finish_command(&proc);
778 }
779
780 static int is_ref_checked_out(const char *ref)
781 {
782 if (is_bare_repository())
783 return 0;
784
785 if (!head_name)
786 return 0;
787 return !strcmp(head_name, ref);
788 }
789
790 static char *refuse_unconfigured_deny_msg =
791 N_("By default, updating the current branch in a non-bare repository\n"
792 "is denied, because it will make the index and work tree inconsistent\n"
793 "with what you pushed, and will require 'git reset --hard' to match\n"
794 "the work tree to HEAD.\n"
795 "\n"
796 "You can set 'receive.denyCurrentBranch' configuration variable to\n"
797 "'ignore' or 'warn' in the remote repository to allow pushing into\n"
798 "its current branch; however, this is not recommended unless you\n"
799 "arranged to update its work tree to match what you pushed in some\n"
800 "other way.\n"
801 "\n"
802 "To squelch this message and still keep the default behaviour, set\n"
803 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
804
805 static void refuse_unconfigured_deny(void)
806 {
807 rp_error("%s", _(refuse_unconfigured_deny_msg));
808 }
809
810 static char *refuse_unconfigured_deny_delete_current_msg =
811 N_("By default, deleting the current branch is denied, because the next\n"
812 "'git clone' won't result in any file checked out, causing confusion.\n"
813 "\n"
814 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
815 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
816 "current branch, with or without a warning message.\n"
817 "\n"
818 "To squelch this message, you can set it to 'refuse'.");
819
820 static void refuse_unconfigured_deny_delete_current(void)
821 {
822 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
823 }
824
825 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
826 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
827 {
828 static struct lock_file shallow_lock;
829 struct sha1_array extra = SHA1_ARRAY_INIT;
830 struct check_connected_options opt = CHECK_CONNECTED_INIT;
831 uint32_t mask = 1 << (cmd->index % 32);
832 int i;
833
834 trace_printf_key(&trace_shallow,
835 "shallow: update_shallow_ref %s\n", cmd->ref_name);
836 for (i = 0; i < si->shallow->nr; i++)
837 if (si->used_shallow[i] &&
838 (si->used_shallow[i][cmd->index / 32] & mask) &&
839 !delayed_reachability_test(si, i))
840 sha1_array_append(&extra, si->shallow->sha1[i]);
841
842 opt.env = tmp_objdir_env(tmp_objdir);
843 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
844 if (check_connected(command_singleton_iterator, cmd, &opt)) {
845 rollback_lock_file(&shallow_lock);
846 sha1_array_clear(&extra);
847 return -1;
848 }
849
850 commit_lock_file(&shallow_lock);
851
852 /*
853 * Make sure setup_alternate_shallow() for the next ref does
854 * not lose these new roots..
855 */
856 for (i = 0; i < extra.nr; i++)
857 register_shallow(extra.sha1[i]);
858
859 si->shallow_ref[cmd->index] = 0;
860 sha1_array_clear(&extra);
861 return 0;
862 }
863
864 /*
865 * NEEDSWORK: we should consolidate various implementions of "are we
866 * on an unborn branch?" test into one, and make the unified one more
867 * robust. !get_sha1() based check used here and elsewhere would not
868 * allow us to tell an unborn branch from corrupt ref, for example.
869 * For the purpose of fixing "deploy-to-update does not work when
870 * pushing into an empty repository" issue, this should suffice for
871 * now.
872 */
873 static int head_has_history(void)
874 {
875 unsigned char sha1[20];
876
877 return !get_sha1("HEAD", sha1);
878 }
879
880 static const char *push_to_deploy(unsigned char *sha1,
881 struct argv_array *env,
882 const char *work_tree)
883 {
884 const char *update_refresh[] = {
885 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
886 };
887 const char *diff_files[] = {
888 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
889 };
890 const char *diff_index[] = {
891 "diff-index", "--quiet", "--cached", "--ignore-submodules",
892 NULL, "--", NULL
893 };
894 const char *read_tree[] = {
895 "read-tree", "-u", "-m", NULL, NULL
896 };
897 struct child_process child = CHILD_PROCESS_INIT;
898
899 child.argv = update_refresh;
900 child.env = env->argv;
901 child.dir = work_tree;
902 child.no_stdin = 1;
903 child.stdout_to_stderr = 1;
904 child.git_cmd = 1;
905 if (run_command(&child))
906 return "Up-to-date check failed";
907
908 /* run_command() does not clean up completely; reinitialize */
909 child_process_init(&child);
910 child.argv = diff_files;
911 child.env = env->argv;
912 child.dir = work_tree;
913 child.no_stdin = 1;
914 child.stdout_to_stderr = 1;
915 child.git_cmd = 1;
916 if (run_command(&child))
917 return "Working directory has unstaged changes";
918
919 /* diff-index with either HEAD or an empty tree */
920 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
921
922 child_process_init(&child);
923 child.argv = diff_index;
924 child.env = env->argv;
925 child.no_stdin = 1;
926 child.no_stdout = 1;
927 child.stdout_to_stderr = 0;
928 child.git_cmd = 1;
929 if (run_command(&child))
930 return "Working directory has staged changes";
931
932 read_tree[3] = sha1_to_hex(sha1);
933 child_process_init(&child);
934 child.argv = read_tree;
935 child.env = env->argv;
936 child.dir = work_tree;
937 child.no_stdin = 1;
938 child.no_stdout = 1;
939 child.stdout_to_stderr = 0;
940 child.git_cmd = 1;
941 if (run_command(&child))
942 return "Could not update working tree to new HEAD";
943
944 return NULL;
945 }
946
947 static const char *push_to_checkout_hook = "push-to-checkout";
948
949 static const char *push_to_checkout(unsigned char *sha1,
950 struct argv_array *env,
951 const char *work_tree)
952 {
953 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
954 if (run_hook_le(env->argv, push_to_checkout_hook,
955 sha1_to_hex(sha1), NULL))
956 return "push-to-checkout hook declined";
957 else
958 return NULL;
959 }
960
961 static const char *update_worktree(unsigned char *sha1)
962 {
963 const char *retval;
964 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
965 struct argv_array env = ARGV_ARRAY_INIT;
966
967 if (is_bare_repository())
968 return "denyCurrentBranch = updateInstead needs a worktree";
969
970 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
971
972 if (!find_hook(push_to_checkout_hook))
973 retval = push_to_deploy(sha1, &env, work_tree);
974 else
975 retval = push_to_checkout(sha1, &env, work_tree);
976
977 argv_array_clear(&env);
978 return retval;
979 }
980
981 static const char *update(struct command *cmd, struct shallow_info *si)
982 {
983 const char *name = cmd->ref_name;
984 struct strbuf namespaced_name_buf = STRBUF_INIT;
985 const char *namespaced_name, *ret;
986 unsigned char *old_sha1 = cmd->old_sha1;
987 unsigned char *new_sha1 = cmd->new_sha1;
988
989 /* only refs/... are allowed */
990 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
991 rp_error("refusing to create funny ref '%s' remotely", name);
992 return "funny refname";
993 }
994
995 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
996 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
997
998 if (is_ref_checked_out(namespaced_name)) {
999 switch (deny_current_branch) {
1000 case DENY_IGNORE:
1001 break;
1002 case DENY_WARN:
1003 rp_warning("updating the current branch");
1004 break;
1005 case DENY_REFUSE:
1006 case DENY_UNCONFIGURED:
1007 rp_error("refusing to update checked out branch: %s", name);
1008 if (deny_current_branch == DENY_UNCONFIGURED)
1009 refuse_unconfigured_deny();
1010 return "branch is currently checked out";
1011 case DENY_UPDATE_INSTEAD:
1012 ret = update_worktree(new_sha1);
1013 if (ret)
1014 return ret;
1015 break;
1016 }
1017 }
1018
1019 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1020 error("unpack should have generated %s, "
1021 "but I can't find it!", sha1_to_hex(new_sha1));
1022 return "bad pack";
1023 }
1024
1025 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1026 if (deny_deletes && starts_with(name, "refs/heads/")) {
1027 rp_error("denying ref deletion for %s", name);
1028 return "deletion prohibited";
1029 }
1030
1031 if (head_name && !strcmp(namespaced_name, head_name)) {
1032 switch (deny_delete_current) {
1033 case DENY_IGNORE:
1034 break;
1035 case DENY_WARN:
1036 rp_warning("deleting the current branch");
1037 break;
1038 case DENY_REFUSE:
1039 case DENY_UNCONFIGURED:
1040 case DENY_UPDATE_INSTEAD:
1041 if (deny_delete_current == DENY_UNCONFIGURED)
1042 refuse_unconfigured_deny_delete_current();
1043 rp_error("refusing to delete the current branch: %s", name);
1044 return "deletion of the current branch prohibited";
1045 default:
1046 return "Invalid denyDeleteCurrent setting";
1047 }
1048 }
1049 }
1050
1051 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1052 !is_null_sha1(old_sha1) &&
1053 starts_with(name, "refs/heads/")) {
1054 struct object *old_object, *new_object;
1055 struct commit *old_commit, *new_commit;
1056
1057 old_object = parse_object(old_sha1);
1058 new_object = parse_object(new_sha1);
1059
1060 if (!old_object || !new_object ||
1061 old_object->type != OBJ_COMMIT ||
1062 new_object->type != OBJ_COMMIT) {
1063 error("bad sha1 objects for %s", name);
1064 return "bad ref";
1065 }
1066 old_commit = (struct commit *)old_object;
1067 new_commit = (struct commit *)new_object;
1068 if (!in_merge_bases(old_commit, new_commit)) {
1069 rp_error("denying non-fast-forward %s"
1070 " (you should pull first)", name);
1071 return "non-fast-forward";
1072 }
1073 }
1074 if (run_update_hook(cmd)) {
1075 rp_error("hook declined to update %s", name);
1076 return "hook declined";
1077 }
1078
1079 if (is_null_sha1(new_sha1)) {
1080 struct strbuf err = STRBUF_INIT;
1081 if (!parse_object(old_sha1)) {
1082 old_sha1 = NULL;
1083 if (ref_exists(name)) {
1084 rp_warning("Allowing deletion of corrupt ref.");
1085 } else {
1086 rp_warning("Deleting a non-existent ref.");
1087 cmd->did_not_exist = 1;
1088 }
1089 }
1090 if (ref_transaction_delete(transaction,
1091 namespaced_name,
1092 old_sha1,
1093 0, "push", &err)) {
1094 rp_error("%s", err.buf);
1095 strbuf_release(&err);
1096 return "failed to delete";
1097 }
1098 strbuf_release(&err);
1099 return NULL; /* good */
1100 }
1101 else {
1102 struct strbuf err = STRBUF_INIT;
1103 if (shallow_update && si->shallow_ref[cmd->index] &&
1104 update_shallow_ref(cmd, si))
1105 return "shallow error";
1106
1107 if (ref_transaction_update(transaction,
1108 namespaced_name,
1109 new_sha1, old_sha1,
1110 0, "push",
1111 &err)) {
1112 rp_error("%s", err.buf);
1113 strbuf_release(&err);
1114
1115 return "failed to update ref";
1116 }
1117 strbuf_release(&err);
1118
1119 return NULL; /* good */
1120 }
1121 }
1122
1123 static void run_update_post_hook(struct command *commands)
1124 {
1125 struct command *cmd;
1126 int argc;
1127 struct child_process proc = CHILD_PROCESS_INIT;
1128 const char *hook;
1129
1130 hook = find_hook("post-update");
1131 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1132 if (cmd->error_string || cmd->did_not_exist)
1133 continue;
1134 argc++;
1135 }
1136 if (!argc || !hook)
1137 return;
1138
1139 argv_array_push(&proc.args, hook);
1140 for (cmd = commands; cmd; cmd = cmd->next) {
1141 if (cmd->error_string || cmd->did_not_exist)
1142 continue;
1143 argv_array_push(&proc.args, cmd->ref_name);
1144 }
1145
1146 proc.no_stdin = 1;
1147 proc.stdout_to_stderr = 1;
1148 proc.err = use_sideband ? -1 : 0;
1149
1150 if (!start_command(&proc)) {
1151 if (use_sideband)
1152 copy_to_sideband(proc.err, -1, NULL);
1153 finish_command(&proc);
1154 }
1155 }
1156
1157 static void check_aliased_update(struct command *cmd, struct string_list *list)
1158 {
1159 struct strbuf buf = STRBUF_INIT;
1160 const char *dst_name;
1161 struct string_list_item *item;
1162 struct command *dst_cmd;
1163 unsigned char sha1[GIT_SHA1_RAWSZ];
1164 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1165 cmd_newh[GIT_SHA1_HEXSZ + 1],
1166 dst_oldh[GIT_SHA1_HEXSZ + 1],
1167 dst_newh[GIT_SHA1_HEXSZ + 1];
1168 int flag;
1169
1170 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1171 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1172 strbuf_release(&buf);
1173
1174 if (!(flag & REF_ISSYMREF))
1175 return;
1176
1177 if (!dst_name) {
1178 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1179 cmd->skip_update = 1;
1180 cmd->error_string = "broken symref";
1181 return;
1182 }
1183 dst_name = strip_namespace(dst_name);
1184
1185 if ((item = string_list_lookup(list, dst_name)) == NULL)
1186 return;
1187
1188 cmd->skip_update = 1;
1189
1190 dst_cmd = (struct command *) item->util;
1191
1192 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1193 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1194 return;
1195
1196 dst_cmd->skip_update = 1;
1197
1198 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1199 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1200 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1201 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1202 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1203 " its target '%s' (%s..%s)",
1204 cmd->ref_name, cmd_oldh, cmd_newh,
1205 dst_cmd->ref_name, dst_oldh, dst_newh);
1206
1207 cmd->error_string = dst_cmd->error_string =
1208 "inconsistent aliased update";
1209 }
1210
1211 static void check_aliased_updates(struct command *commands)
1212 {
1213 struct command *cmd;
1214 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1215
1216 for (cmd = commands; cmd; cmd = cmd->next) {
1217 struct string_list_item *item =
1218 string_list_append(&ref_list, cmd->ref_name);
1219 item->util = (void *)cmd;
1220 }
1221 string_list_sort(&ref_list);
1222
1223 for (cmd = commands; cmd; cmd = cmd->next) {
1224 if (!cmd->error_string)
1225 check_aliased_update(cmd, &ref_list);
1226 }
1227
1228 string_list_clear(&ref_list, 0);
1229 }
1230
1231 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1232 {
1233 struct command **cmd_list = cb_data;
1234 struct command *cmd = *cmd_list;
1235
1236 if (!cmd || is_null_sha1(cmd->new_sha1))
1237 return -1; /* end of list */
1238 *cmd_list = NULL; /* this returns only one */
1239 hashcpy(sha1, cmd->new_sha1);
1240 return 0;
1241 }
1242
1243 static void set_connectivity_errors(struct command *commands,
1244 struct shallow_info *si)
1245 {
1246 struct command *cmd;
1247
1248 for (cmd = commands; cmd; cmd = cmd->next) {
1249 struct command *singleton = cmd;
1250 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1251
1252 if (shallow_update && si->shallow_ref[cmd->index])
1253 /* to be checked in update_shallow_ref() */
1254 continue;
1255
1256 opt.env = tmp_objdir_env(tmp_objdir);
1257 if (!check_connected(command_singleton_iterator, &singleton,
1258 &opt))
1259 continue;
1260
1261 cmd->error_string = "missing necessary objects";
1262 }
1263 }
1264
1265 struct iterate_data {
1266 struct command *cmds;
1267 struct shallow_info *si;
1268 };
1269
1270 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1271 {
1272 struct iterate_data *data = cb_data;
1273 struct command **cmd_list = &data->cmds;
1274 struct command *cmd = *cmd_list;
1275
1276 for (; cmd; cmd = cmd->next) {
1277 if (shallow_update && data->si->shallow_ref[cmd->index])
1278 /* to be checked in update_shallow_ref() */
1279 continue;
1280 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1281 hashcpy(sha1, cmd->new_sha1);
1282 *cmd_list = cmd->next;
1283 return 0;
1284 }
1285 }
1286 *cmd_list = NULL;
1287 return -1; /* end of list */
1288 }
1289
1290 static void reject_updates_to_hidden(struct command *commands)
1291 {
1292 struct strbuf refname_full = STRBUF_INIT;
1293 size_t prefix_len;
1294 struct command *cmd;
1295
1296 strbuf_addstr(&refname_full, get_git_namespace());
1297 prefix_len = refname_full.len;
1298
1299 for (cmd = commands; cmd; cmd = cmd->next) {
1300 if (cmd->error_string)
1301 continue;
1302
1303 strbuf_setlen(&refname_full, prefix_len);
1304 strbuf_addstr(&refname_full, cmd->ref_name);
1305
1306 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1307 continue;
1308 if (is_null_sha1(cmd->new_sha1))
1309 cmd->error_string = "deny deleting a hidden ref";
1310 else
1311 cmd->error_string = "deny updating a hidden ref";
1312 }
1313
1314 strbuf_release(&refname_full);
1315 }
1316
1317 static int should_process_cmd(struct command *cmd)
1318 {
1319 return !cmd->error_string && !cmd->skip_update;
1320 }
1321
1322 static void warn_if_skipped_connectivity_check(struct command *commands,
1323 struct shallow_info *si)
1324 {
1325 struct command *cmd;
1326 int checked_connectivity = 1;
1327
1328 for (cmd = commands; cmd; cmd = cmd->next) {
1329 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1330 error("BUG: connectivity check has not been run on ref %s",
1331 cmd->ref_name);
1332 checked_connectivity = 0;
1333 }
1334 }
1335 if (!checked_connectivity)
1336 die("BUG: connectivity check skipped???");
1337 }
1338
1339 static void execute_commands_non_atomic(struct command *commands,
1340 struct shallow_info *si)
1341 {
1342 struct command *cmd;
1343 struct strbuf err = STRBUF_INIT;
1344
1345 for (cmd = commands; cmd; cmd = cmd->next) {
1346 if (!should_process_cmd(cmd))
1347 continue;
1348
1349 transaction = ref_transaction_begin(&err);
1350 if (!transaction) {
1351 rp_error("%s", err.buf);
1352 strbuf_reset(&err);
1353 cmd->error_string = "transaction failed to start";
1354 continue;
1355 }
1356
1357 cmd->error_string = update(cmd, si);
1358
1359 if (!cmd->error_string
1360 && ref_transaction_commit(transaction, &err)) {
1361 rp_error("%s", err.buf);
1362 strbuf_reset(&err);
1363 cmd->error_string = "failed to update ref";
1364 }
1365 ref_transaction_free(transaction);
1366 }
1367 strbuf_release(&err);
1368 }
1369
1370 static void execute_commands_atomic(struct command *commands,
1371 struct shallow_info *si)
1372 {
1373 struct command *cmd;
1374 struct strbuf err = STRBUF_INIT;
1375 const char *reported_error = "atomic push failure";
1376
1377 transaction = ref_transaction_begin(&err);
1378 if (!transaction) {
1379 rp_error("%s", err.buf);
1380 strbuf_reset(&err);
1381 reported_error = "transaction failed to start";
1382 goto failure;
1383 }
1384
1385 for (cmd = commands; cmd; cmd = cmd->next) {
1386 if (!should_process_cmd(cmd))
1387 continue;
1388
1389 cmd->error_string = update(cmd, si);
1390
1391 if (cmd->error_string)
1392 goto failure;
1393 }
1394
1395 if (ref_transaction_commit(transaction, &err)) {
1396 rp_error("%s", err.buf);
1397 reported_error = "atomic transaction failed";
1398 goto failure;
1399 }
1400 goto cleanup;
1401
1402 failure:
1403 for (cmd = commands; cmd; cmd = cmd->next)
1404 if (!cmd->error_string)
1405 cmd->error_string = reported_error;
1406
1407 cleanup:
1408 ref_transaction_free(transaction);
1409 strbuf_release(&err);
1410 }
1411
1412 static void execute_commands(struct command *commands,
1413 const char *unpacker_error,
1414 struct shallow_info *si,
1415 const struct string_list *push_options)
1416 {
1417 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1418 struct command *cmd;
1419 unsigned char sha1[20];
1420 struct iterate_data data;
1421 struct async muxer;
1422 int err_fd = 0;
1423
1424 if (unpacker_error) {
1425 for (cmd = commands; cmd; cmd = cmd->next)
1426 cmd->error_string = "unpacker error";
1427 return;
1428 }
1429
1430 if (use_sideband) {
1431 memset(&muxer, 0, sizeof(muxer));
1432 muxer.proc = copy_to_sideband;
1433 muxer.in = -1;
1434 if (!start_async(&muxer))
1435 err_fd = muxer.in;
1436 /* ...else, continue without relaying sideband */
1437 }
1438
1439 data.cmds = commands;
1440 data.si = si;
1441 opt.err_fd = err_fd;
1442 opt.progress = err_fd && !quiet;
1443 opt.env = tmp_objdir_env(tmp_objdir);
1444 if (check_connected(iterate_receive_command_list, &data, &opt))
1445 set_connectivity_errors(commands, si);
1446
1447 if (use_sideband)
1448 finish_async(&muxer);
1449
1450 reject_updates_to_hidden(commands);
1451
1452 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1453 for (cmd = commands; cmd; cmd = cmd->next) {
1454 if (!cmd->error_string)
1455 cmd->error_string = "pre-receive hook declined";
1456 }
1457 return;
1458 }
1459
1460 /*
1461 * Now we'll start writing out refs, which means the objects need
1462 * to be in their final positions so that other processes can see them.
1463 */
1464 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1465 for (cmd = commands; cmd; cmd = cmd->next) {
1466 if (!cmd->error_string)
1467 cmd->error_string = "unable to migrate objects to permanent storage";
1468 }
1469 return;
1470 }
1471 tmp_objdir = NULL;
1472
1473 check_aliased_updates(commands);
1474
1475 free(head_name_to_free);
1476 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1477
1478 if (use_atomic)
1479 execute_commands_atomic(commands, si);
1480 else
1481 execute_commands_non_atomic(commands, si);
1482
1483 if (shallow_update)
1484 warn_if_skipped_connectivity_check(commands, si);
1485 }
1486
1487 static struct command **queue_command(struct command **tail,
1488 const char *line,
1489 int linelen)
1490 {
1491 unsigned char old_sha1[20], new_sha1[20];
1492 struct command *cmd;
1493 const char *refname;
1494 int reflen;
1495
1496 if (linelen < 83 ||
1497 line[40] != ' ' ||
1498 line[81] != ' ' ||
1499 get_sha1_hex(line, old_sha1) ||
1500 get_sha1_hex(line + 41, new_sha1))
1501 die("protocol error: expected old/new/ref, got '%s'", line);
1502
1503 refname = line + 82;
1504 reflen = linelen - 82;
1505 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1506 hashcpy(cmd->old_sha1, old_sha1);
1507 hashcpy(cmd->new_sha1, new_sha1);
1508 *tail = cmd;
1509 return &cmd->next;
1510 }
1511
1512 static void queue_commands_from_cert(struct command **tail,
1513 struct strbuf *push_cert)
1514 {
1515 const char *boc, *eoc;
1516
1517 if (*tail)
1518 die("protocol error: got both push certificate and unsigned commands");
1519
1520 boc = strstr(push_cert->buf, "\n\n");
1521 if (!boc)
1522 die("malformed push certificate %.*s", 100, push_cert->buf);
1523 else
1524 boc += 2;
1525 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1526
1527 while (boc < eoc) {
1528 const char *eol = memchr(boc, '\n', eoc - boc);
1529 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1530 boc = eol ? eol + 1 : eoc;
1531 }
1532 }
1533
1534 static struct command *read_head_info(struct sha1_array *shallow)
1535 {
1536 struct command *commands = NULL;
1537 struct command **p = &commands;
1538 for (;;) {
1539 char *line;
1540 int len, linelen;
1541
1542 line = packet_read_line(0, &len);
1543 if (!line)
1544 break;
1545
1546 if (len == 48 && starts_with(line, "shallow ")) {
1547 unsigned char sha1[20];
1548 if (get_sha1_hex(line + 8, sha1))
1549 die("protocol error: expected shallow sha, got '%s'",
1550 line + 8);
1551 sha1_array_append(shallow, sha1);
1552 continue;
1553 }
1554
1555 linelen = strlen(line);
1556 if (linelen < len) {
1557 const char *feature_list = line + linelen + 1;
1558 if (parse_feature_request(feature_list, "report-status"))
1559 report_status = 1;
1560 if (parse_feature_request(feature_list, "side-band-64k"))
1561 use_sideband = LARGE_PACKET_MAX;
1562 if (parse_feature_request(feature_list, "quiet"))
1563 quiet = 1;
1564 if (advertise_atomic_push
1565 && parse_feature_request(feature_list, "atomic"))
1566 use_atomic = 1;
1567 if (advertise_push_options
1568 && parse_feature_request(feature_list, "push-options"))
1569 use_push_options = 1;
1570 }
1571
1572 if (!strcmp(line, "push-cert")) {
1573 int true_flush = 0;
1574 char certbuf[1024];
1575
1576 for (;;) {
1577 len = packet_read(0, NULL, NULL,
1578 certbuf, sizeof(certbuf), 0);
1579 if (!len) {
1580 true_flush = 1;
1581 break;
1582 }
1583 if (!strcmp(certbuf, "push-cert-end\n"))
1584 break; /* end of cert */
1585 strbuf_addstr(&push_cert, certbuf);
1586 }
1587
1588 if (true_flush)
1589 break;
1590 continue;
1591 }
1592
1593 p = queue_command(p, line, linelen);
1594 }
1595
1596 if (push_cert.len)
1597 queue_commands_from_cert(p, &push_cert);
1598
1599 return commands;
1600 }
1601
1602 static void read_push_options(struct string_list *options)
1603 {
1604 while (1) {
1605 char *line;
1606 int len;
1607
1608 line = packet_read_line(0, &len);
1609
1610 if (!line)
1611 break;
1612
1613 string_list_append(options, line);
1614 }
1615 }
1616
1617 static const char *parse_pack_header(struct pack_header *hdr)
1618 {
1619 switch (read_pack_header(0, hdr)) {
1620 case PH_ERROR_EOF:
1621 return "eof before pack header was fully read";
1622
1623 case PH_ERROR_PACK_SIGNATURE:
1624 return "protocol error (pack signature mismatch detected)";
1625
1626 case PH_ERROR_PROTOCOL:
1627 return "protocol error (pack version unsupported)";
1628
1629 default:
1630 return "unknown error in parse_pack_header";
1631
1632 case 0:
1633 return NULL;
1634 }
1635 }
1636
1637 static const char *pack_lockfile;
1638
1639 static const char *unpack(int err_fd, struct shallow_info *si)
1640 {
1641 struct pack_header hdr;
1642 const char *hdr_err;
1643 int status;
1644 char hdr_arg[38];
1645 struct child_process child = CHILD_PROCESS_INIT;
1646 int fsck_objects = (receive_fsck_objects >= 0
1647 ? receive_fsck_objects
1648 : transfer_fsck_objects >= 0
1649 ? transfer_fsck_objects
1650 : 0);
1651
1652 hdr_err = parse_pack_header(&hdr);
1653 if (hdr_err) {
1654 if (err_fd > 0)
1655 close(err_fd);
1656 return hdr_err;
1657 }
1658 snprintf(hdr_arg, sizeof(hdr_arg),
1659 "--pack_header=%"PRIu32",%"PRIu32,
1660 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1661
1662 if (si->nr_ours || si->nr_theirs) {
1663 alt_shallow_file = setup_temporary_shallow(si->shallow);
1664 argv_array_push(&child.args, "--shallow-file");
1665 argv_array_push(&child.args, alt_shallow_file);
1666 }
1667
1668 tmp_objdir = tmp_objdir_create();
1669 if (!tmp_objdir)
1670 return "unable to create temporary object directory";
1671 child.env = tmp_objdir_env(tmp_objdir);
1672
1673 /*
1674 * Normally we just pass the tmp_objdir environment to the child
1675 * processes that do the heavy lifting, but we may need to see these
1676 * objects ourselves to set up shallow information.
1677 */
1678 tmp_objdir_add_as_alternate(tmp_objdir);
1679
1680 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1681 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1682 if (quiet)
1683 argv_array_push(&child.args, "-q");
1684 if (fsck_objects)
1685 argv_array_pushf(&child.args, "--strict%s",
1686 fsck_msg_types.buf);
1687 if (max_input_size)
1688 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1689 (uintmax_t)max_input_size);
1690 child.no_stdout = 1;
1691 child.err = err_fd;
1692 child.git_cmd = 1;
1693 status = run_command(&child);
1694 if (status)
1695 return "unpack-objects abnormal exit";
1696 } else {
1697 char hostname[256];
1698
1699 argv_array_pushl(&child.args, "index-pack",
1700 "--stdin", hdr_arg, NULL);
1701
1702 if (gethostname(hostname, sizeof(hostname)))
1703 xsnprintf(hostname, sizeof(hostname), "localhost");
1704 argv_array_pushf(&child.args,
1705 "--keep=receive-pack %"PRIuMAX" on %s",
1706 (uintmax_t)getpid(),
1707 hostname);
1708
1709 if (!quiet && err_fd)
1710 argv_array_push(&child.args, "--show-resolving-progress");
1711 if (use_sideband)
1712 argv_array_push(&child.args, "--report-end-of-input");
1713 if (fsck_objects)
1714 argv_array_pushf(&child.args, "--strict%s",
1715 fsck_msg_types.buf);
1716 if (!reject_thin)
1717 argv_array_push(&child.args, "--fix-thin");
1718 if (max_input_size)
1719 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1720 (uintmax_t)max_input_size);
1721 child.out = -1;
1722 child.err = err_fd;
1723 child.git_cmd = 1;
1724 status = start_command(&child);
1725 if (status)
1726 return "index-pack fork failed";
1727 pack_lockfile = index_pack_lockfile(child.out);
1728 close(child.out);
1729 status = finish_command(&child);
1730 if (status)
1731 return "index-pack abnormal exit";
1732 reprepare_packed_git();
1733 }
1734 return NULL;
1735 }
1736
1737 static const char *unpack_with_sideband(struct shallow_info *si)
1738 {
1739 struct async muxer;
1740 const char *ret;
1741
1742 if (!use_sideband)
1743 return unpack(0, si);
1744
1745 use_keepalive = KEEPALIVE_AFTER_NUL;
1746 memset(&muxer, 0, sizeof(muxer));
1747 muxer.proc = copy_to_sideband;
1748 muxer.in = -1;
1749 if (start_async(&muxer))
1750 return NULL;
1751
1752 ret = unpack(muxer.in, si);
1753
1754 finish_async(&muxer);
1755 return ret;
1756 }
1757
1758 static void prepare_shallow_update(struct command *commands,
1759 struct shallow_info *si)
1760 {
1761 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1762
1763 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1764 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1765
1766 si->need_reachability_test =
1767 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1768 si->reachable =
1769 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1770 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1771
1772 for (i = 0; i < si->nr_ours; i++)
1773 si->need_reachability_test[si->ours[i]] = 1;
1774
1775 for (i = 0; i < si->shallow->nr; i++) {
1776 if (!si->used_shallow[i])
1777 continue;
1778 for (j = 0; j < bitmap_size; j++) {
1779 if (!si->used_shallow[i][j])
1780 continue;
1781 si->need_reachability_test[i]++;
1782 for (k = 0; k < 32; k++)
1783 if (si->used_shallow[i][j] & (1U << k))
1784 si->shallow_ref[j * 32 + k]++;
1785 }
1786
1787 /*
1788 * true for those associated with some refs and belong
1789 * in "ours" list aka "step 7 not done yet"
1790 */
1791 si->need_reachability_test[i] =
1792 si->need_reachability_test[i] > 1;
1793 }
1794
1795 /*
1796 * keep hooks happy by forcing a temporary shallow file via
1797 * env variable because we can't add --shallow-file to every
1798 * command. check_everything_connected() will be done with
1799 * true .git/shallow though.
1800 */
1801 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1802 }
1803
1804 static void update_shallow_info(struct command *commands,
1805 struct shallow_info *si,
1806 struct sha1_array *ref)
1807 {
1808 struct command *cmd;
1809 int *ref_status;
1810 remove_nonexistent_theirs_shallow(si);
1811 if (!si->nr_ours && !si->nr_theirs) {
1812 shallow_update = 0;
1813 return;
1814 }
1815
1816 for (cmd = commands; cmd; cmd = cmd->next) {
1817 if (is_null_sha1(cmd->new_sha1))
1818 continue;
1819 sha1_array_append(ref, cmd->new_sha1);
1820 cmd->index = ref->nr - 1;
1821 }
1822 si->ref = ref;
1823
1824 if (shallow_update) {
1825 prepare_shallow_update(commands, si);
1826 return;
1827 }
1828
1829 ALLOC_ARRAY(ref_status, ref->nr);
1830 assign_shallow_commits_to_refs(si, NULL, ref_status);
1831 for (cmd = commands; cmd; cmd = cmd->next) {
1832 if (is_null_sha1(cmd->new_sha1))
1833 continue;
1834 if (ref_status[cmd->index]) {
1835 cmd->error_string = "shallow update not allowed";
1836 cmd->skip_update = 1;
1837 }
1838 }
1839 free(ref_status);
1840 }
1841
1842 static void report(struct command *commands, const char *unpack_status)
1843 {
1844 struct command *cmd;
1845 struct strbuf buf = STRBUF_INIT;
1846
1847 packet_buf_write(&buf, "unpack %s\n",
1848 unpack_status ? unpack_status : "ok");
1849 for (cmd = commands; cmd; cmd = cmd->next) {
1850 if (!cmd->error_string)
1851 packet_buf_write(&buf, "ok %s\n",
1852 cmd->ref_name);
1853 else
1854 packet_buf_write(&buf, "ng %s %s\n",
1855 cmd->ref_name, cmd->error_string);
1856 }
1857 packet_buf_flush(&buf);
1858
1859 if (use_sideband)
1860 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1861 else
1862 write_or_die(1, buf.buf, buf.len);
1863 strbuf_release(&buf);
1864 }
1865
1866 static int delete_only(struct command *commands)
1867 {
1868 struct command *cmd;
1869 for (cmd = commands; cmd; cmd = cmd->next) {
1870 if (!is_null_sha1(cmd->new_sha1))
1871 return 0;
1872 }
1873 return 1;
1874 }
1875
1876 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1877 {
1878 int advertise_refs = 0;
1879 struct command *commands;
1880 struct sha1_array shallow = SHA1_ARRAY_INIT;
1881 struct sha1_array ref = SHA1_ARRAY_INIT;
1882 struct shallow_info si;
1883
1884 struct option options[] = {
1885 OPT__QUIET(&quiet, N_("quiet")),
1886 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1887 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1888 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1889 OPT_END()
1890 };
1891
1892 packet_trace_identity("receive-pack");
1893
1894 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1895
1896 if (argc > 1)
1897 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1898 if (argc == 0)
1899 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1900
1901 service_dir = argv[0];
1902
1903 setup_path();
1904
1905 if (!enter_repo(service_dir, 0))
1906 die("'%s' does not appear to be a git repository", service_dir);
1907
1908 git_config(receive_pack_config, NULL);
1909 if (cert_nonce_seed)
1910 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1911
1912 if (0 <= transfer_unpack_limit)
1913 unpack_limit = transfer_unpack_limit;
1914 else if (0 <= receive_unpack_limit)
1915 unpack_limit = receive_unpack_limit;
1916
1917 if (advertise_refs || !stateless_rpc) {
1918 write_head_info();
1919 }
1920 if (advertise_refs)
1921 return 0;
1922
1923 if ((commands = read_head_info(&shallow)) != NULL) {
1924 const char *unpack_status = NULL;
1925 struct string_list push_options = STRING_LIST_INIT_DUP;
1926
1927 if (use_push_options)
1928 read_push_options(&push_options);
1929
1930 prepare_shallow_info(&si, &shallow);
1931 if (!si.nr_ours && !si.nr_theirs)
1932 shallow_update = 0;
1933 if (!delete_only(commands)) {
1934 unpack_status = unpack_with_sideband(&si);
1935 update_shallow_info(commands, &si, &ref);
1936 }
1937 use_keepalive = KEEPALIVE_ALWAYS;
1938 execute_commands(commands, unpack_status, &si,
1939 &push_options);
1940 if (pack_lockfile)
1941 unlink_or_warn(pack_lockfile);
1942 if (report_status)
1943 report(commands, unpack_status);
1944 run_receive_hook(commands, "post-receive", 1,
1945 &push_options);
1946 run_update_post_hook(commands);
1947 if (push_options.nr)
1948 string_list_clear(&push_options, 0);
1949 if (auto_gc) {
1950 const char *argv_gc_auto[] = {
1951 "gc", "--auto", "--quiet", NULL,
1952 };
1953 struct child_process proc = CHILD_PROCESS_INIT;
1954
1955 proc.no_stdin = 1;
1956 proc.stdout_to_stderr = 1;
1957 proc.err = use_sideband ? -1 : 0;
1958 proc.git_cmd = 1;
1959 proc.argv = argv_gc_auto;
1960
1961 close_all_packs();
1962 if (!start_command(&proc)) {
1963 if (use_sideband)
1964 copy_to_sideband(proc.err, -1, NULL);
1965 finish_command(&proc);
1966 }
1967 }
1968 if (auto_update_server_info)
1969 update_server_info(0);
1970 clear_shallow_info(&si);
1971 }
1972 if (use_sideband)
1973 packet_flush(1);
1974 sha1_array_clear(&shallow);
1975 sha1_array_clear(&ref);
1976 free((void *)push_cert_nonce);
1977 return 0;
1978 }
Gitweb development nest