search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'jc/push-cert' into pu
[git/jrn.git] / builtin / receive-pack.c
blob22db710d1233b99e3d5d451f8c203c9cb1a63505
1 #include "builtin.h"
2 #include "pack.h"
3 #include "refs.h"
4 #include "pkt-line.h"
5 #include "sideband.h"
6 #include "run-command.h"
7 #include "exec_cmd.h"
8 #include "commit.h"
9 #include "object.h"
10 #include "remote.h"
11 #include "connect.h"
12 #include "transport.h"
13 #include "string-list.h"
14 #include "sha1-array.h"
15 #include "connected.h"
16 #include "argv-array.h"
17 #include "version.h"
18 #include "tag.h"
19 #include "gpg-interface.h"
20
21 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
22
23 enum deny_action {
24 DENY_UNCONFIGURED,
25 DENY_IGNORE,
26 DENY_WARN,
27 DENY_REFUSE
28 };
29
30 static int deny_deletes;
31 static int deny_non_fast_forwards;
32 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
33 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
34 static int receive_fsck_objects = -1;
35 static int transfer_fsck_objects = -1;
36 static int receive_unpack_limit = -1;
37 static int transfer_unpack_limit = -1;
38 static int unpack_limit = 100;
39 static int report_status;
40 static int use_sideband;
41 static int quiet;
42 static int prefer_ofs_delta = 1;
43 static int auto_update_server_info;
44 static int auto_gc = 1;
45 static int fix_thin = 1;
46 static const char *head_name;
47 static void *head_name_to_free;
48 static int sent_capabilities;
49 static int shallow_update;
50 static const char *alt_shallow_file;
51 static struct strbuf push_cert = STRBUF_INIT;
52 static unsigned char push_cert_sha1[20];
53 static struct signature_check sigcheck;
54 static const char *push_cert_nonce;
55
56 static enum deny_action parse_deny_action(const char *var, const char *value)
57 {
58 if (value) {
59 if (!strcasecmp(value, "ignore"))
60 return DENY_IGNORE;
61 if (!strcasecmp(value, "warn"))
62 return DENY_WARN;
63 if (!strcasecmp(value, "refuse"))
64 return DENY_REFUSE;
65 }
66 if (git_config_bool(var, value))
67 return DENY_REFUSE;
68 return DENY_IGNORE;
69 }
70
71 static int receive_pack_config(const char *var, const char *value, void *cb)
72 {
73 int status = parse_hide_refs_config(var, value, "receive");
74
75 if (status)
76 return status;
77
78 if (strcmp(var, "receive.denydeletes") == 0) {
79 deny_deletes = git_config_bool(var, value);
80 return 0;
81 }
82
83 if (strcmp(var, "receive.denynonfastforwards") == 0) {
84 deny_non_fast_forwards = git_config_bool(var, value);
85 return 0;
86 }
87
88 if (strcmp(var, "receive.unpacklimit") == 0) {
89 receive_unpack_limit = git_config_int(var, value);
90 return 0;
91 }
92
93 if (strcmp(var, "transfer.unpacklimit") == 0) {
94 transfer_unpack_limit = git_config_int(var, value);
95 return 0;
96 }
97
98 if (strcmp(var, "receive.fsckobjects") == 0) {
99 receive_fsck_objects = git_config_bool(var, value);
100 return 0;
101 }
102
103 if (strcmp(var, "transfer.fsckobjects") == 0) {
104 transfer_fsck_objects = git_config_bool(var, value);
105 return 0;
106 }
107
108 if (!strcmp(var, "receive.denycurrentbranch")) {
109 deny_current_branch = parse_deny_action(var, value);
110 return 0;
111 }
112
113 if (strcmp(var, "receive.denydeletecurrent") == 0) {
114 deny_delete_current = parse_deny_action(var, value);
115 return 0;
116 }
117
118 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
119 prefer_ofs_delta = git_config_bool(var, value);
120 return 0;
121 }
122
123 if (strcmp(var, "receive.updateserverinfo") == 0) {
124 auto_update_server_info = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.autogc") == 0) {
129 auto_gc = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.shallowupdate") == 0) {
134 shallow_update = git_config_bool(var, value);
135 return 0;
136 }
137
138 return git_default_config(var, value, cb);
139 }
140
141 static void show_ref(const char *path, const unsigned char *sha1)
142 {
143 if (ref_is_hidden(path))
144 return;
145
146 if (sent_capabilities) {
147 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
148 } else {
149 packet_write(1, "%s %s%c%s%s%s%s agent=%s\n",
150 sha1_to_hex(sha1), path, 0,
151 " report-status delete-refs side-band-64k quiet",
152 prefer_ofs_delta ? " ofs-delta" : "",
153 push_cert_nonce ? " push-cert=" : "",
154 push_cert_nonce ? push_cert_nonce : "",
155 git_user_agent_sanitized());
156 sent_capabilities = 1;
157 }
158 }
159
160 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
161 {
162 path = strip_namespace(path);
163 /*
164 * Advertise refs outside our current namespace as ".have"
165 * refs, so that the client can use them to minimize data
166 * transfer but will otherwise ignore them. This happens to
167 * cover ".have" that are thrown in by add_one_alternate_ref()
168 * to mark histories that are complete in our alternates as
169 * well.
170 */
171 if (!path)
172 path = ".have";
173 show_ref(path, sha1);
174 return 0;
175 }
176
177 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
178 {
179 show_ref(".have", sha1);
180 }
181
182 static void collect_one_alternate_ref(const struct ref *ref, void *data)
183 {
184 struct sha1_array *sa = data;
185 sha1_array_append(sa, ref->old_sha1);
186 }
187
188 static void write_head_info(void)
189 {
190 struct sha1_array sa = SHA1_ARRAY_INIT;
191 for_each_alternate_ref(collect_one_alternate_ref, &sa);
192 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
193 sha1_array_clear(&sa);
194 for_each_ref(show_ref_cb, NULL);
195 if (!sent_capabilities)
196 show_ref("capabilities^{}", null_sha1);
197
198 advertise_shallow_grafts(1);
199
200 /* EOF */
201 packet_flush(1);
202 }
203
204 struct command {
205 struct command *next;
206 char *error_string;
207 unsigned int skip_update:1,
208 did_not_exist:1;
209 int index;
210 unsigned char old_sha1[20];
211 unsigned char new_sha1[20];
212 char ref_name[FLEX_ARRAY]; /* more */
213 };
214
215 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
216 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
217
218 static void report_message(const char *prefix, const char *err, va_list params)
219 {
220 int sz = strlen(prefix);
221 char msg[4096];
222
223 strncpy(msg, prefix, sz);
224 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
225 if (sz > (sizeof(msg) - 1))
226 sz = sizeof(msg) - 1;
227 msg[sz++] = '\n';
228
229 if (use_sideband)
230 send_sideband(1, 2, msg, sz, use_sideband);
231 else
232 xwrite(2, msg, sz);
233 }
234
235 static void rp_warning(const char *err, ...)
236 {
237 va_list params;
238 va_start(params, err);
239 report_message("warning: ", err, params);
240 va_end(params);
241 }
242
243 static void rp_error(const char *err, ...)
244 {
245 va_list params;
246 va_start(params, err);
247 report_message("error: ", err, params);
248 va_end(params);
249 }
250
251 static int copy_to_sideband(int in, int out, void *arg)
252 {
253 char data[128];
254 while (1) {
255 ssize_t sz = xread(in, data, sizeof(data));
256 if (sz <= 0)
257 break;
258 send_sideband(1, 2, data, sz, use_sideband);
259 }
260 close(in);
261 return 0;
262 }
263
264 static void prepare_push_cert_sha1(struct child_process *proc)
265 {
266 static int already_done;
267 struct argv_array env = ARGV_ARRAY_INIT;
268
269 if (!already_done) {
270 struct strbuf gpg_output = STRBUF_INIT;
271 struct strbuf gpg_status = STRBUF_INIT;
272 int bogs /* beginning_of_gpg_sig */;
273
274 already_done = 1;
275 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
276 hashclr(push_cert_sha1);
277
278 memset(&sigcheck, '\0', sizeof(sigcheck));
279 sigcheck.result = 'N';
280
281 bogs = parse_signature(push_cert.buf, push_cert.len);
282 if (verify_signed_buffer(push_cert.buf, bogs,
283 push_cert.buf + bogs, push_cert.len - bogs,
284 &gpg_output, &gpg_status) < 0) {
285 ; /* error running gpg */
286 } else {
287 sigcheck.payload = push_cert.buf;
288 sigcheck.gpg_output = gpg_output.buf;
289 sigcheck.gpg_status = gpg_status.buf;
290 parse_gpg_output(&sigcheck);
291 }
292
293 strbuf_release(&gpg_output);
294 strbuf_release(&gpg_status);
295 }
296 if (!is_null_sha1(push_cert_sha1)) {
297 argv_array_pushf(&env, "GIT_PUSH_CERT=%s", sha1_to_hex(push_cert_sha1));
298 argv_array_pushf(&env, "GIT_PUSH_CERT_SIGNER=%s", sigcheck.signer);
299 argv_array_pushf(&env, "GIT_PUSH_CERT_KEY=%s", sigcheck.key);
300 argv_array_pushf(&env, "GIT_PUSH_CERT_STATUS=%c", sigcheck.result);
301 if (push_cert_nonce)
302 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE=%s", push_cert_nonce);
303
304 proc->env = env.argv;
305 }
306 }
307
308 typedef int (*feed_fn)(void *, const char **, size_t *);
309 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
310 {
311 struct child_process proc = CHILD_PROCESS_INIT;
312 struct async muxer;
313 const char *argv[2];
314 int code;
315
316 argv[0] = find_hook(hook_name);
317 if (!argv[0])
318 return 0;
319
320 argv[1] = NULL;
321
322 proc.argv = argv;
323 proc.in = -1;
324 proc.stdout_to_stderr = 1;
325
326 prepare_push_cert_sha1(&proc);
327
328 if (use_sideband) {
329 memset(&muxer, 0, sizeof(muxer));
330 muxer.proc = copy_to_sideband;
331 muxer.in = -1;
332 code = start_async(&muxer);
333 if (code)
334 return code;
335 proc.err = muxer.in;
336 }
337
338 code = start_command(&proc);
339 if (code) {
340 if (use_sideband)
341 finish_async(&muxer);
342 return code;
343 }
344
345 while (1) {
346 const char *buf;
347 size_t n;
348 if (feed(feed_state, &buf, &n))
349 break;
350 if (write_in_full(proc.in, buf, n) != n)
351 break;
352 }
353 close(proc.in);
354 if (use_sideband)
355 finish_async(&muxer);
356 return finish_command(&proc);
357 }
358
359 struct receive_hook_feed_state {
360 struct command *cmd;
361 int skip_broken;
362 struct strbuf buf;
363 };
364
365 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
366 {
367 struct receive_hook_feed_state *state = state_;
368 struct command *cmd = state->cmd;
369
370 while (cmd &&
371 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
372 cmd = cmd->next;
373 if (!cmd)
374 return -1; /* EOF */
375 strbuf_reset(&state->buf);
376 strbuf_addf(&state->buf, "%s %s %s\n",
377 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
378 cmd->ref_name);
379 state->cmd = cmd->next;
380 if (bufp) {
381 *bufp = state->buf.buf;
382 *sizep = state->buf.len;
383 }
384 return 0;
385 }
386
387 static int run_receive_hook(struct command *commands, const char *hook_name,
388 int skip_broken)
389 {
390 struct receive_hook_feed_state state;
391 int status;
392
393 strbuf_init(&state.buf, 0);
394 state.cmd = commands;
395 state.skip_broken = skip_broken;
396 if (feed_receive_hook(&state, NULL, NULL))
397 return 0;
398 state.cmd = commands;
399 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
400 strbuf_release(&state.buf);
401 return status;
402 }
403
404 static int run_update_hook(struct command *cmd)
405 {
406 const char *argv[5];
407 struct child_process proc = CHILD_PROCESS_INIT;
408 int code;
409
410 argv[0] = find_hook("update");
411 if (!argv[0])
412 return 0;
413
414 argv[1] = cmd->ref_name;
415 argv[2] = sha1_to_hex(cmd->old_sha1);
416 argv[3] = sha1_to_hex(cmd->new_sha1);
417 argv[4] = NULL;
418
419 proc.no_stdin = 1;
420 proc.stdout_to_stderr = 1;
421 proc.err = use_sideband ? -1 : 0;
422 proc.argv = argv;
423
424 code = start_command(&proc);
425 if (code)
426 return code;
427 if (use_sideband)
428 copy_to_sideband(proc.err, -1, NULL);
429 return finish_command(&proc);
430 }
431
432 static int is_ref_checked_out(const char *ref)
433 {
434 if (is_bare_repository())
435 return 0;
436
437 if (!head_name)
438 return 0;
439 return !strcmp(head_name, ref);
440 }
441
442 static char *refuse_unconfigured_deny_msg[] = {
443 "By default, updating the current branch in a non-bare repository",
444 "is denied, because it will make the index and work tree inconsistent",
445 "with what you pushed, and will require 'git reset --hard' to match",
446 "the work tree to HEAD.",
447 "",
448 "You can set 'receive.denyCurrentBranch' configuration variable to",
449 "'ignore' or 'warn' in the remote repository to allow pushing into",
450 "its current branch; however, this is not recommended unless you",
451 "arranged to update its work tree to match what you pushed in some",
452 "other way.",
453 "",
454 "To squelch this message and still keep the default behaviour, set",
455 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
456 };
457
458 static void refuse_unconfigured_deny(void)
459 {
460 int i;
461 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
462 rp_error("%s", refuse_unconfigured_deny_msg[i]);
463 }
464
465 static char *refuse_unconfigured_deny_delete_current_msg[] = {
466 "By default, deleting the current branch is denied, because the next",
467 "'git clone' won't result in any file checked out, causing confusion.",
468 "",
469 "You can set 'receive.denyDeleteCurrent' configuration variable to",
470 "'warn' or 'ignore' in the remote repository to allow deleting the",
471 "current branch, with or without a warning message.",
472 "",
473 "To squelch this message, you can set it to 'refuse'."
474 };
475
476 static void refuse_unconfigured_deny_delete_current(void)
477 {
478 int i;
479 for (i = 0;
480 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
481 i++)
482 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
483 }
484
485 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
486 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
487 {
488 static struct lock_file shallow_lock;
489 struct sha1_array extra = SHA1_ARRAY_INIT;
490 const char *alt_file;
491 uint32_t mask = 1 << (cmd->index % 32);
492 int i;
493
494 trace_printf_key(&trace_shallow,
495 "shallow: update_shallow_ref %s\n", cmd->ref_name);
496 for (i = 0; i < si->shallow->nr; i++)
497 if (si->used_shallow[i] &&
498 (si->used_shallow[i][cmd->index / 32] & mask) &&
499 !delayed_reachability_test(si, i))
500 sha1_array_append(&extra, si->shallow->sha1[i]);
501
502 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
503 if (check_shallow_connected(command_singleton_iterator,
504 0, cmd, alt_file)) {
505 rollback_lock_file(&shallow_lock);
506 sha1_array_clear(&extra);
507 return -1;
508 }
509
510 commit_lock_file(&shallow_lock);
511
512 /*
513 * Make sure setup_alternate_shallow() for the next ref does
514 * not lose these new roots..
515 */
516 for (i = 0; i < extra.nr; i++)
517 register_shallow(extra.sha1[i]);
518
519 si->shallow_ref[cmd->index] = 0;
520 sha1_array_clear(&extra);
521 return 0;
522 }
523
524 static char *update(struct command *cmd, struct shallow_info *si)
525 {
526 const char *name = cmd->ref_name;
527 struct strbuf namespaced_name_buf = STRBUF_INIT;
528 const char *namespaced_name;
529 unsigned char *old_sha1 = cmd->old_sha1;
530 unsigned char *new_sha1 = cmd->new_sha1;
531
532 /* only refs/... are allowed */
533 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
534 rp_error("refusing to create funny ref '%s' remotely", name);
535 return xstrdup("funny refname");
536 }
537
538 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
539 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
540
541 if (is_ref_checked_out(namespaced_name)) {
542 switch (deny_current_branch) {
543 case DENY_IGNORE:
544 break;
545 case DENY_WARN:
546 rp_warning("updating the current branch");
547 break;
548 case DENY_REFUSE:
549 case DENY_UNCONFIGURED:
550 rp_error("refusing to update checked out branch: %s", name);
551 if (deny_current_branch == DENY_UNCONFIGURED)
552 refuse_unconfigured_deny();
553 return xstrdup("branch is currently checked out");
554 }
555 }
556
557 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
558 error("unpack should have generated %s, "
559 "but I can't find it!", sha1_to_hex(new_sha1));
560 return xstrdup("bad pack");
561 }
562
563 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
564 if (deny_deletes && starts_with(name, "refs/heads/")) {
565 rp_error("denying ref deletion for %s", name);
566 return xstrdup("deletion prohibited");
567 }
568
569 if (!strcmp(namespaced_name, head_name)) {
570 switch (deny_delete_current) {
571 case DENY_IGNORE:
572 break;
573 case DENY_WARN:
574 rp_warning("deleting the current branch");
575 break;
576 case DENY_REFUSE:
577 case DENY_UNCONFIGURED:
578 if (deny_delete_current == DENY_UNCONFIGURED)
579 refuse_unconfigured_deny_delete_current();
580 rp_error("refusing to delete the current branch: %s", name);
581 return xstrdup("deletion of the current branch prohibited");
582 }
583 }
584 }
585
586 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
587 !is_null_sha1(old_sha1) &&
588 starts_with(name, "refs/heads/")) {
589 struct object *old_object, *new_object;
590 struct commit *old_commit, *new_commit;
591
592 old_object = parse_object(old_sha1);
593 new_object = parse_object(new_sha1);
594
595 if (!old_object || !new_object ||
596 old_object->type != OBJ_COMMIT ||
597 new_object->type != OBJ_COMMIT) {
598 error("bad sha1 objects for %s", name);
599 return xstrdup("bad ref");
600 }
601 old_commit = (struct commit *)old_object;
602 new_commit = (struct commit *)new_object;
603 if (!in_merge_bases(old_commit, new_commit)) {
604 rp_error("denying non-fast-forward %s"
605 " (you should pull first)", name);
606 return xstrdup("non-fast-forward");
607 }
608 }
609 if (run_update_hook(cmd)) {
610 rp_error("hook declined to update %s", name);
611 return xstrdup("hook declined");
612 }
613
614 if (is_null_sha1(new_sha1)) {
615 if (!parse_object(old_sha1)) {
616 old_sha1 = NULL;
617 if (ref_exists(name)) {
618 rp_warning("Allowing deletion of corrupt ref.");
619 } else {
620 rp_warning("Deleting a non-existent ref.");
621 cmd->did_not_exist = 1;
622 }
623 }
624 if (delete_ref(namespaced_name, old_sha1, 0)) {
625 rp_error("failed to delete %s", name);
626 return xstrdup("failed to delete");
627 }
628 return NULL; /* good */
629 }
630 else {
631 struct strbuf err = STRBUF_INIT;
632 struct ref_transaction *transaction;
633
634 if (shallow_update && si->shallow_ref[cmd->index] &&
635 update_shallow_ref(cmd, si))
636 return xstrdup("shallow error");
637
638 transaction = transaction_begin(&err);
639 if (!transaction ||
640 transaction_update_sha1(transaction, namespaced_name,
641 new_sha1, old_sha1, 0, 1, "push",
642 &err) ||
643 transaction_commit(transaction, &err)) {
644 char *str = strbuf_detach(&err, NULL);
645 transaction_free(transaction);
646
647 rp_error("%s", str);
648 return str;
649 }
650
651 transaction_free(transaction);
652 strbuf_release(&err);
653 return NULL; /* good */
654 }
655 }
656
657 static void run_update_post_hook(struct command *commands)
658 {
659 struct command *cmd;
660 int argc;
661 const char **argv;
662 struct child_process proc = CHILD_PROCESS_INIT;
663 const char *hook;
664
665 hook = find_hook("post-update");
666 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
667 if (cmd->error_string || cmd->did_not_exist)
668 continue;
669 argc++;
670 }
671 if (!argc || !hook)
672 return;
673
674 argv = xmalloc(sizeof(*argv) * (2 + argc));
675 argv[0] = hook;
676
677 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
678 if (cmd->error_string || cmd->did_not_exist)
679 continue;
680 argv[argc] = xstrdup(cmd->ref_name);
681 argc++;
682 }
683 argv[argc] = NULL;
684
685 proc.no_stdin = 1;
686 proc.stdout_to_stderr = 1;
687 proc.err = use_sideband ? -1 : 0;
688 proc.argv = argv;
689
690 if (!start_command(&proc)) {
691 if (use_sideband)
692 copy_to_sideband(proc.err, -1, NULL);
693 finish_command(&proc);
694 }
695 }
696
697 static void check_aliased_update(struct command *cmd, struct string_list *list)
698 {
699 struct strbuf buf = STRBUF_INIT;
700 const char *dst_name;
701 struct string_list_item *item;
702 struct command *dst_cmd;
703 unsigned char sha1[20];
704 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
705 int flag;
706
707 if (cmd->error_string)
708 die("BUG: check_aliased_update called with failed cmd");
709
710 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
711 dst_name = resolve_ref_unsafe(buf.buf, sha1, 0, &flag);
712 strbuf_release(&buf);
713
714 if (!(flag & REF_ISSYMREF))
715 return;
716
717 dst_name = strip_namespace(dst_name);
718 if (!dst_name) {
719 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
720 cmd->skip_update = 1;
721 cmd->error_string = xstrdup("broken symref");
722 return;
723 }
724
725 if ((item = string_list_lookup(list, dst_name)) == NULL)
726 return;
727
728 cmd->skip_update = 1;
729
730 dst_cmd = (struct command *) item->util;
731
732 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
733 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
734 return;
735
736 dst_cmd->skip_update = 1;
737
738 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
739 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
740 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
741 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
742 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
743 " its target '%s' (%s..%s)",
744 cmd->ref_name, cmd_oldh, cmd_newh,
745 dst_cmd->ref_name, dst_oldh, dst_newh);
746
747 cmd->error_string = xstrdup("inconsistent aliased update");
748 free(dst_cmd->error_string);
749 dst_cmd->error_string = xstrdup("inconsistent aliased update");
750 }
751
752 static void check_aliased_updates(struct command *commands)
753 {
754 struct command *cmd;
755 struct string_list ref_list = STRING_LIST_INIT_NODUP;
756
757 for (cmd = commands; cmd; cmd = cmd->next) {
758 struct string_list_item *item =
759 string_list_append(&ref_list, cmd->ref_name);
760 item->util = (void *)cmd;
761 }
762 sort_string_list(&ref_list);
763
764 for (cmd = commands; cmd; cmd = cmd->next) {
765 if (!cmd->error_string)
766 check_aliased_update(cmd, &ref_list);
767 }
768
769 string_list_clear(&ref_list, 0);
770 }
771
772 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
773 {
774 struct command **cmd_list = cb_data;
775 struct command *cmd = *cmd_list;
776
777 if (!cmd || is_null_sha1(cmd->new_sha1))
778 return -1; /* end of list */
779 *cmd_list = NULL; /* this returns only one */
780 hashcpy(sha1, cmd->new_sha1);
781 return 0;
782 }
783
784 static void set_connectivity_errors(struct command *commands,
785 struct shallow_info *si)
786 {
787 struct command *cmd;
788
789 for (cmd = commands; cmd; cmd = cmd->next) {
790 struct command *singleton = cmd;
791 if (shallow_update && si->shallow_ref[cmd->index])
792 /* to be checked in update_shallow_ref() */
793 continue;
794 if (!check_everything_connected(command_singleton_iterator,
795 0, &singleton))
796 continue;
797 if (cmd->error_string) /* can't happen */
798 continue;
799 cmd->error_string = xstrdup("missing necessary objects");
800 }
801 }
802
803 struct iterate_data {
804 struct command *cmds;
805 struct shallow_info *si;
806 };
807
808 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
809 {
810 struct iterate_data *data = cb_data;
811 struct command **cmd_list = &data->cmds;
812 struct command *cmd = *cmd_list;
813
814 for (; cmd; cmd = cmd->next) {
815 if (shallow_update && data->si->shallow_ref[cmd->index])
816 /* to be checked in update_shallow_ref() */
817 continue;
818 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
819 hashcpy(sha1, cmd->new_sha1);
820 *cmd_list = cmd->next;
821 return 0;
822 }
823 }
824 *cmd_list = NULL;
825 return -1; /* end of list */
826 }
827
828 static void reject_updates_to_hidden(struct command *commands)
829 {
830 struct command *cmd;
831
832 for (cmd = commands; cmd; cmd = cmd->next) {
833 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
834 continue;
835 if (is_null_sha1(cmd->new_sha1))
836 cmd->error_string = xstrdup("deny deleting a hidden ref");
837 else
838 cmd->error_string = xstrdup("deny updating a hidden ref");
839 }
840 }
841
842 static void execute_commands(struct command *commands,
843 const char *unpacker_error,
844 struct shallow_info *si)
845 {
846 int checked_connectivity;
847 struct command *cmd;
848 unsigned char sha1[20];
849 struct iterate_data data;
850
851 if (unpacker_error) {
852 for (cmd = commands; cmd; cmd = cmd->next) {
853 if (cmd->error_string) /* can't happen */
854 continue;
855 cmd->error_string = xstrdup("unpacker error");
856 }
857 return;
858 }
859
860 data.cmds = commands;
861 data.si = si;
862 if (check_everything_connected(iterate_receive_command_list, 0, &data))
863 set_connectivity_errors(commands, si);
864
865 reject_updates_to_hidden(commands);
866
867 if (run_receive_hook(commands, "pre-receive", 0)) {
868 for (cmd = commands; cmd; cmd = cmd->next) {
869 if (cmd->error_string)
870 continue;
871 cmd->error_string = xstrdup("pre-receive hook declined");
872 }
873 return;
874 }
875
876 check_aliased_updates(commands);
877
878 free(head_name_to_free);
879 head_name = head_name_to_free = resolve_refdup("HEAD", sha1, 0, NULL);
880
881 checked_connectivity = 1;
882 for (cmd = commands; cmd; cmd = cmd->next) {
883 if (cmd->error_string)
884 continue;
885
886 if (cmd->skip_update)
887 continue;
888
889 cmd->error_string = update(cmd, si);
890 if (shallow_update && !cmd->error_string &&
891 si->shallow_ref[cmd->index]) {
892 error("BUG: connectivity check has not been run on ref %s",
893 cmd->ref_name);
894 checked_connectivity = 0;
895 }
896 }
897
898 if (shallow_update && !checked_connectivity)
899 error("BUG: run 'git fsck' for safety.\n"
900 "If there are errors, try to remove "
901 "the reported refs above");
902 }
903
904 static struct command **queue_command(struct command **tail,
905 const char *line,
906 int linelen)
907 {
908 unsigned char old_sha1[20], new_sha1[20];
909 struct command *cmd;
910 const char *refname;
911 int reflen;
912
913 if (linelen < 83 ||
914 line[40] != ' ' ||
915 line[81] != ' ' ||
916 get_sha1_hex(line, old_sha1) ||
917 get_sha1_hex(line + 41, new_sha1))
918 die("protocol error: expected old/new/ref, got '%s'", line);
919
920 refname = line + 82;
921 reflen = linelen - 82;
922 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
923 hashcpy(cmd->old_sha1, old_sha1);
924 hashcpy(cmd->new_sha1, new_sha1);
925 memcpy(cmd->ref_name, refname, reflen);
926 cmd->ref_name[reflen] = '\0';
927 *tail = cmd;
928 return &cmd->next;
929 }
930
931 static void queue_commands_from_cert(struct command **tail,
932 struct strbuf *push_cert)
933 {
934 const char *boc, *eoc;
935
936 if (*tail)
937 die("protocol error: got both push certificate and unsigned commands");
938
939 boc = strstr(push_cert->buf, "\n\n");
940 if (!boc)
941 die("malformed push certificate %.*s", 100, push_cert->buf);
942 else
943 boc += 2;
944 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
945
946 while (boc < eoc) {
947 const char *eol = memchr(boc, '\n', eoc - boc);
948 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
949 boc = eol ? eol + 1 : eoc;
950 }
951 }
952
953 static struct command *read_head_info(struct sha1_array *shallow)
954 {
955 struct command *commands = NULL;
956 struct command **p = &commands;
957 for (;;) {
958 char *line;
959 int len, linelen;
960
961 line = packet_read_line(0, &len);
962 if (!line)
963 break;
964
965 if (len == 48 && starts_with(line, "shallow ")) {
966 unsigned char sha1[20];
967 if (get_sha1_hex(line + 8, sha1))
968 die("protocol error: expected shallow sha, got '%s'",
969 line + 8);
970 sha1_array_append(shallow, sha1);
971 continue;
972 }
973
974 linelen = strlen(line);
975 if (linelen < len) {
976 const char *feature_list = line + linelen + 1;
977 if (parse_feature_request(feature_list, "report-status"))
978 report_status = 1;
979 if (parse_feature_request(feature_list, "side-band-64k"))
980 use_sideband = LARGE_PACKET_MAX;
981 if (parse_feature_request(feature_list, "quiet"))
982 quiet = 1;
983 }
984
985 if (!strcmp(line, "push-cert")) {
986 int true_flush = 0;
987 char certbuf[1024];
988
989 for (;;) {
990 len = packet_read(0, NULL, NULL,
991 certbuf, sizeof(certbuf), 0);
992 if (!len) {
993 true_flush = 1;
994 break;
995 }
996 if (!strcmp(certbuf, "push-cert-end\n"))
997 break; /* end of cert */
998 strbuf_addstr(&push_cert, certbuf);
999 }
1000
1001 if (true_flush)
1002 break;
1003 continue;
1004 }
1005
1006 p = queue_command(p, line, linelen);
1007 }
1008
1009 if (push_cert.len)
1010 queue_commands_from_cert(p, &push_cert);
1011
1012 return commands;
1013 }
1014
1015 static const char *parse_pack_header(struct pack_header *hdr)
1016 {
1017 switch (read_pack_header(0, hdr)) {
1018 case PH_ERROR_EOF:
1019 return "eof before pack header was fully read";
1020
1021 case PH_ERROR_PACK_SIGNATURE:
1022 return "protocol error (pack signature mismatch detected)";
1023
1024 case PH_ERROR_PROTOCOL:
1025 return "protocol error (pack version unsupported)";
1026
1027 default:
1028 return "unknown error in parse_pack_header";
1029
1030 case 0:
1031 return NULL;
1032 }
1033 }
1034
1035 static const char *pack_lockfile;
1036
1037 static const char *unpack(int err_fd, struct shallow_info *si)
1038 {
1039 struct pack_header hdr;
1040 struct argv_array av = ARGV_ARRAY_INIT;
1041 const char *hdr_err;
1042 int status;
1043 char hdr_arg[38];
1044 struct child_process child = CHILD_PROCESS_INIT;
1045 int fsck_objects = (receive_fsck_objects >= 0
1046 ? receive_fsck_objects
1047 : transfer_fsck_objects >= 0
1048 ? transfer_fsck_objects
1049 : 0);
1050
1051 hdr_err = parse_pack_header(&hdr);
1052 if (hdr_err) {
1053 if (err_fd > 0)
1054 close(err_fd);
1055 return hdr_err;
1056 }
1057 snprintf(hdr_arg, sizeof(hdr_arg),
1058 "--pack_header=%"PRIu32",%"PRIu32,
1059 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1060
1061 if (si->nr_ours || si->nr_theirs) {
1062 alt_shallow_file = setup_temporary_shallow(si->shallow);
1063 argv_array_pushl(&av, "--shallow-file", alt_shallow_file, NULL);
1064 }
1065
1066 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1067 argv_array_pushl(&av, "unpack-objects", hdr_arg, NULL);
1068 if (quiet)
1069 argv_array_push(&av, "-q");
1070 if (fsck_objects)
1071 argv_array_push(&av, "--strict");
1072 child.argv = av.argv;
1073 child.no_stdout = 1;
1074 child.err = err_fd;
1075 child.git_cmd = 1;
1076 status = run_command(&child);
1077 if (status)
1078 return "unpack-objects abnormal exit";
1079 } else {
1080 int s;
1081 char keep_arg[256];
1082
1083 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1084 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1085 strcpy(keep_arg + s, "localhost");
1086
1087 argv_array_pushl(&av, "index-pack",
1088 "--stdin", hdr_arg, keep_arg, NULL);
1089 if (fsck_objects)
1090 argv_array_push(&av, "--strict");
1091 if (fix_thin)
1092 argv_array_push(&av, "--fix-thin");
1093 child.argv = av.argv;
1094 child.out = -1;
1095 child.err = err_fd;
1096 child.git_cmd = 1;
1097 status = start_command(&child);
1098 if (status)
1099 return "index-pack fork failed";
1100 pack_lockfile = index_pack_lockfile(child.out);
1101 close(child.out);
1102 status = finish_command(&child);
1103 if (status)
1104 return "index-pack abnormal exit";
1105 reprepare_packed_git();
1106 }
1107 return NULL;
1108 }
1109
1110 static const char *unpack_with_sideband(struct shallow_info *si)
1111 {
1112 struct async muxer;
1113 const char *ret;
1114
1115 if (!use_sideband)
1116 return unpack(0, si);
1117
1118 memset(&muxer, 0, sizeof(muxer));
1119 muxer.proc = copy_to_sideband;
1120 muxer.in = -1;
1121 if (start_async(&muxer))
1122 return NULL;
1123
1124 ret = unpack(muxer.in, si);
1125
1126 finish_async(&muxer);
1127 return ret;
1128 }
1129
1130 static void prepare_shallow_update(struct command *commands,
1131 struct shallow_info *si)
1132 {
1133 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1134
1135 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1136 si->shallow->nr);
1137 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1138
1139 si->need_reachability_test =
1140 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1141 si->reachable =
1142 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1143 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1144
1145 for (i = 0; i < si->nr_ours; i++)
1146 si->need_reachability_test[si->ours[i]] = 1;
1147
1148 for (i = 0; i < si->shallow->nr; i++) {
1149 if (!si->used_shallow[i])
1150 continue;
1151 for (j = 0; j < bitmap_size; j++) {
1152 if (!si->used_shallow[i][j])
1153 continue;
1154 si->need_reachability_test[i]++;
1155 for (k = 0; k < 32; k++)
1156 if (si->used_shallow[i][j] & (1 << k))
1157 si->shallow_ref[j * 32 + k]++;
1158 }
1159
1160 /*
1161 * true for those associated with some refs and belong
1162 * in "ours" list aka "step 7 not done yet"
1163 */
1164 si->need_reachability_test[i] =
1165 si->need_reachability_test[i] > 1;
1166 }
1167
1168 /*
1169 * keep hooks happy by forcing a temporary shallow file via
1170 * env variable because we can't add --shallow-file to every
1171 * command. check_everything_connected() will be done with
1172 * true .git/shallow though.
1173 */
1174 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1175 }
1176
1177 static void update_shallow_info(struct command *commands,
1178 struct shallow_info *si,
1179 struct sha1_array *ref)
1180 {
1181 struct command *cmd;
1182 int *ref_status;
1183 remove_nonexistent_theirs_shallow(si);
1184 if (!si->nr_ours && !si->nr_theirs) {
1185 shallow_update = 0;
1186 return;
1187 }
1188
1189 for (cmd = commands; cmd; cmd = cmd->next) {
1190 if (is_null_sha1(cmd->new_sha1))
1191 continue;
1192 sha1_array_append(ref, cmd->new_sha1);
1193 cmd->index = ref->nr - 1;
1194 }
1195 si->ref = ref;
1196
1197 if (shallow_update) {
1198 prepare_shallow_update(commands, si);
1199 return;
1200 }
1201
1202 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1203 assign_shallow_commits_to_refs(si, NULL, ref_status);
1204 for (cmd = commands; cmd; cmd = cmd->next) {
1205 if (is_null_sha1(cmd->new_sha1))
1206 continue;
1207 if (ref_status[cmd->index]) {
1208 free(cmd->error_string);
1209 cmd->error_string = xstrdup("shallow update not allowed");
1210 cmd->skip_update = 1;
1211 }
1212 }
1213 free(ref_status);
1214 }
1215
1216 static void report(struct command *commands, const char *unpack_status)
1217 {
1218 struct command *cmd;
1219 struct strbuf buf = STRBUF_INIT;
1220
1221 packet_buf_write(&buf, "unpack %s\n",
1222 unpack_status ? unpack_status : "ok");
1223 for (cmd = commands; cmd; cmd = cmd->next) {
1224 if (!cmd->error_string)
1225 packet_buf_write(&buf, "ok %s\n",
1226 cmd->ref_name);
1227 else
1228 packet_buf_write(&buf, "ng %s %s\n",
1229 cmd->ref_name, cmd->error_string);
1230 }
1231 packet_buf_flush(&buf);
1232
1233 if (use_sideband)
1234 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1235 else
1236 write_or_die(1, buf.buf, buf.len);
1237 strbuf_release(&buf);
1238 }
1239
1240 static int delete_only(struct command *commands)
1241 {
1242 struct command *cmd;
1243 for (cmd = commands; cmd; cmd = cmd->next) {
1244 if (!is_null_sha1(cmd->new_sha1))
1245 return 0;
1246 }
1247 return 1;
1248 }
1249
1250 static void free_commands(struct command *commands)
1251 {
1252 while (commands) {
1253 struct command *next = commands->next;
1254
1255 free(commands->error_string);
1256 free(commands);
1257 commands = next;
1258 }
1259 }
1260
1261 static char *prepare_push_cert_nonce(const char *sitename, const char *dir)
1262 {
1263 struct strbuf buf = STRBUF_INIT;
1264 unsigned char sha1[20];
1265
1266 if (!sitename) {
1267 static char hostname_buf[1024];
1268 gethostname(hostname_buf, sizeof(hostname_buf));
1269 sitename = hostname_buf;
1270 }
1271 strbuf_addf(&buf, "%s:%s:%lu", sitename, dir, time(NULL));
1272 hash_sha1_file(buf.buf, buf.len, "blob", sha1);
1273 strbuf_release(&buf);
1274 return xstrdup(sha1_to_hex(sha1));
1275 }
1276
1277 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1278 {
1279 int advertise_refs = 0;
1280 int stateless_rpc = 0;
1281 int i;
1282 const char *dir = NULL;
1283 const char *sitename = NULL;
1284 struct command *commands;
1285 struct sha1_array shallow = SHA1_ARRAY_INIT;
1286 struct sha1_array ref = SHA1_ARRAY_INIT;
1287 struct shallow_info si;
1288
1289 packet_trace_identity("receive-pack");
1290
1291 argv++;
1292 for (i = 1; i < argc; i++) {
1293 const char *arg = *argv++;
1294
1295 if (*arg == '-') {
1296 if (!strcmp(arg, "--quiet")) {
1297 quiet = 1;
1298 continue;
1299 }
1300
1301 if (!strcmp(arg, "--advertise-refs")) {
1302 advertise_refs = 1;
1303 continue;
1304 }
1305 if (!strcmp(arg, "--stateless-rpc")) {
1306 stateless_rpc = 1;
1307 continue;
1308 }
1309 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1310 fix_thin = 0;
1311 continue;
1312 }
1313 if (skip_prefix(arg, "--sitename=", &sitename)) {
1314 continue;
1315 }
1316 if (skip_prefix(arg, "--push-cert-nonce=", &push_cert_nonce)) {
1317 push_cert_nonce = xstrdup(push_cert_nonce);
1318 continue;
1319 }
1320
1321 usage(receive_pack_usage);
1322 }
1323 if (dir)
1324 usage(receive_pack_usage);
1325 dir = arg;
1326 }
1327 if (!dir)
1328 usage(receive_pack_usage);
1329
1330 setup_path();
1331
1332 if (!enter_repo(dir, 0))
1333 die("'%s' does not appear to be a git repository", dir);
1334
1335 git_config(receive_pack_config, NULL);
1336 if (!push_cert_nonce)
1337 push_cert_nonce = prepare_push_cert_nonce(sitename, dir);
1338
1339 if (0 <= transfer_unpack_limit)
1340 unpack_limit = transfer_unpack_limit;
1341 else if (0 <= receive_unpack_limit)
1342 unpack_limit = receive_unpack_limit;
1343
1344 if (advertise_refs || !stateless_rpc) {
1345 write_head_info();
1346 }
1347 if (advertise_refs)
1348 return 0;
1349
1350 if ((commands = read_head_info(&shallow)) != NULL) {
1351 const char *unpack_status = NULL;
1352
1353 prepare_shallow_info(&si, &shallow);
1354 if (!si.nr_ours && !si.nr_theirs)
1355 shallow_update = 0;
1356 if (!delete_only(commands)) {
1357 unpack_status = unpack_with_sideband(&si);
1358 update_shallow_info(commands, &si, &ref);
1359 }
1360 execute_commands(commands, unpack_status, &si);
1361 if (pack_lockfile)
1362 unlink_or_warn(pack_lockfile);
1363 if (report_status)
1364 report(commands, unpack_status);
1365 run_receive_hook(commands, "post-receive", 1);
1366 run_update_post_hook(commands);
1367 if (auto_gc) {
1368 const char *argv_gc_auto[] = {
1369 "gc", "--auto", "--quiet", NULL,
1370 };
1371 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1372 run_command_v_opt(argv_gc_auto, opt);
1373 }
1374 if (auto_update_server_info)
1375 update_server_info(0);
1376 clear_shallow_info(&si);
1377 }
1378 if (use_sideband)
1379 packet_flush(1);
1380 sha1_array_clear(&shallow);
1381 sha1_array_clear(&ref);
1382 free_commands(commands);
1383 free((void *)push_cert_nonce);
1384 return 0;
1385 }
Jonathan Nieder’s miscellaneous git branches