sha1_file: rename LOOKUP_REPLACE_OBJECT
[git/raj.git] / builtin / receive-pack.c
blobb1706a5731c0e527a8abc1d42ac4f0e6d346c47c
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
23 #include "tmp-objdir.h"
24 #include "oidset.h"
26 static const char * const receive_pack_usage[] = {
27 N_("git receive-pack <git-dir>"),
28 NULL
31 enum deny_action {
32 DENY_UNCONFIGURED,
33 DENY_IGNORE,
34 DENY_WARN,
35 DENY_REFUSE,
36 DENY_UPDATE_INSTEAD
39 static int deny_deletes;
40 static int deny_non_fast_forwards;
41 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
42 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
43 static int receive_fsck_objects = -1;
44 static int transfer_fsck_objects = -1;
45 static struct strbuf fsck_msg_types = STRBUF_INIT;
46 static int receive_unpack_limit = -1;
47 static int transfer_unpack_limit = -1;
48 static int advertise_atomic_push = 1;
49 static int advertise_push_options;
50 static int unpack_limit = 100;
51 static off_t max_input_size;
52 static int report_status;
53 static int use_sideband;
54 static int use_atomic;
55 static int use_push_options;
56 static int quiet;
57 static int prefer_ofs_delta = 1;
58 static int auto_update_server_info;
59 static int auto_gc = 1;
60 static int reject_thin;
61 static int stateless_rpc;
62 static const char *service_dir;
63 static const char *head_name;
64 static void *head_name_to_free;
65 static int sent_capabilities;
66 static int shallow_update;
67 static const char *alt_shallow_file;
68 static struct strbuf push_cert = STRBUF_INIT;
69 static unsigned char push_cert_sha1[20];
70 static struct signature_check sigcheck;
71 static const char *push_cert_nonce;
72 static const char *cert_nonce_seed;
74 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
75 static const char *NONCE_BAD = "BAD";
76 static const char *NONCE_MISSING = "MISSING";
77 static const char *NONCE_OK = "OK";
78 static const char *NONCE_SLOP = "SLOP";
79 static const char *nonce_status;
80 static long nonce_stamp_slop;
81 static timestamp_t nonce_stamp_slop_limit;
82 static struct ref_transaction *transaction;
84 static enum {
85 KEEPALIVE_NEVER = 0,
86 KEEPALIVE_AFTER_NUL,
87 KEEPALIVE_ALWAYS
88 } use_keepalive;
89 static int keepalive_in_sec = 5;
91 static struct tmp_objdir *tmp_objdir;
93 static enum deny_action parse_deny_action(const char *var, const char *value)
95 if (value) {
96 if (!strcasecmp(value, "ignore"))
97 return DENY_IGNORE;
98 if (!strcasecmp(value, "warn"))
99 return DENY_WARN;
100 if (!strcasecmp(value, "refuse"))
101 return DENY_REFUSE;
102 if (!strcasecmp(value, "updateinstead"))
103 return DENY_UPDATE_INSTEAD;
105 if (git_config_bool(var, value))
106 return DENY_REFUSE;
107 return DENY_IGNORE;
110 static int receive_pack_config(const char *var, const char *value, void *cb)
112 int status = parse_hide_refs_config(var, value, "receive");
114 if (status)
115 return status;
117 if (strcmp(var, "receive.denydeletes") == 0) {
118 deny_deletes = git_config_bool(var, value);
119 return 0;
122 if (strcmp(var, "receive.denynonfastforwards") == 0) {
123 deny_non_fast_forwards = git_config_bool(var, value);
124 return 0;
127 if (strcmp(var, "receive.unpacklimit") == 0) {
128 receive_unpack_limit = git_config_int(var, value);
129 return 0;
132 if (strcmp(var, "transfer.unpacklimit") == 0) {
133 transfer_unpack_limit = git_config_int(var, value);
134 return 0;
137 if (strcmp(var, "receive.fsck.skiplist") == 0) {
138 const char *path;
140 if (git_config_pathname(&path, var, value))
141 return 1;
142 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
143 fsck_msg_types.len ? ',' : '=', path);
144 free((char *)path);
145 return 0;
148 if (skip_prefix(var, "receive.fsck.", &var)) {
149 if (is_valid_msg_type(var, value))
150 strbuf_addf(&fsck_msg_types, "%c%s=%s",
151 fsck_msg_types.len ? ',' : '=', var, value);
152 else
153 warning("Skipping unknown msg id '%s'", var);
154 return 0;
157 if (strcmp(var, "receive.fsckobjects") == 0) {
158 receive_fsck_objects = git_config_bool(var, value);
159 return 0;
162 if (strcmp(var, "transfer.fsckobjects") == 0) {
163 transfer_fsck_objects = git_config_bool(var, value);
164 return 0;
167 if (!strcmp(var, "receive.denycurrentbranch")) {
168 deny_current_branch = parse_deny_action(var, value);
169 return 0;
172 if (strcmp(var, "receive.denydeletecurrent") == 0) {
173 deny_delete_current = parse_deny_action(var, value);
174 return 0;
177 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
178 prefer_ofs_delta = git_config_bool(var, value);
179 return 0;
182 if (strcmp(var, "receive.updateserverinfo") == 0) {
183 auto_update_server_info = git_config_bool(var, value);
184 return 0;
187 if (strcmp(var, "receive.autogc") == 0) {
188 auto_gc = git_config_bool(var, value);
189 return 0;
192 if (strcmp(var, "receive.shallowupdate") == 0) {
193 shallow_update = git_config_bool(var, value);
194 return 0;
197 if (strcmp(var, "receive.certnonceseed") == 0)
198 return git_config_string(&cert_nonce_seed, var, value);
200 if (strcmp(var, "receive.certnonceslop") == 0) {
201 nonce_stamp_slop_limit = git_config_ulong(var, value);
202 return 0;
205 if (strcmp(var, "receive.advertiseatomic") == 0) {
206 advertise_atomic_push = git_config_bool(var, value);
207 return 0;
210 if (strcmp(var, "receive.advertisepushoptions") == 0) {
211 advertise_push_options = git_config_bool(var, value);
212 return 0;
215 if (strcmp(var, "receive.keepalive") == 0) {
216 keepalive_in_sec = git_config_int(var, value);
217 return 0;
220 if (strcmp(var, "receive.maxinputsize") == 0) {
221 max_input_size = git_config_int64(var, value);
222 return 0;
225 return git_default_config(var, value, cb);
228 static void show_ref(const char *path, const struct object_id *oid)
230 if (sent_capabilities) {
231 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
232 } else {
233 struct strbuf cap = STRBUF_INIT;
235 strbuf_addstr(&cap,
236 "report-status delete-refs side-band-64k quiet");
237 if (advertise_atomic_push)
238 strbuf_addstr(&cap, " atomic");
239 if (prefer_ofs_delta)
240 strbuf_addstr(&cap, " ofs-delta");
241 if (push_cert_nonce)
242 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
243 if (advertise_push_options)
244 strbuf_addstr(&cap, " push-options");
245 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
246 packet_write_fmt(1, "%s %s%c%s\n",
247 oid_to_hex(oid), path, 0, cap.buf);
248 strbuf_release(&cap);
249 sent_capabilities = 1;
253 static int show_ref_cb(const char *path_full, const struct object_id *oid,
254 int flag, void *data)
256 struct oidset *seen = data;
257 const char *path = strip_namespace(path_full);
259 if (ref_is_hidden(path, path_full))
260 return 0;
263 * Advertise refs outside our current namespace as ".have"
264 * refs, so that the client can use them to minimize data
265 * transfer but will otherwise ignore them.
267 if (!path) {
268 if (oidset_insert(seen, oid))
269 return 0;
270 path = ".have";
271 } else {
272 oidset_insert(seen, oid);
274 show_ref(path, oid);
275 return 0;
278 static void show_one_alternate_ref(const char *refname,
279 const struct object_id *oid,
280 void *data)
282 struct oidset *seen = data;
284 if (oidset_insert(seen, oid))
285 return;
287 show_ref(".have", oid);
290 static void write_head_info(void)
292 static struct oidset seen = OIDSET_INIT;
294 for_each_ref(show_ref_cb, &seen);
295 for_each_alternate_ref(show_one_alternate_ref, &seen);
296 oidset_clear(&seen);
297 if (!sent_capabilities)
298 show_ref("capabilities^{}", &null_oid);
300 advertise_shallow_grafts(1);
302 /* EOF */
303 packet_flush(1);
306 struct command {
307 struct command *next;
308 const char *error_string;
309 unsigned int skip_update:1,
310 did_not_exist:1;
311 int index;
312 struct object_id old_oid;
313 struct object_id new_oid;
314 char ref_name[FLEX_ARRAY]; /* more */
317 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
318 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
320 static void report_message(const char *prefix, const char *err, va_list params)
322 int sz;
323 char msg[4096];
325 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
326 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
327 if (sz > (sizeof(msg) - 1))
328 sz = sizeof(msg) - 1;
329 msg[sz++] = '\n';
331 if (use_sideband)
332 send_sideband(1, 2, msg, sz, use_sideband);
333 else
334 xwrite(2, msg, sz);
337 static void rp_warning(const char *err, ...)
339 va_list params;
340 va_start(params, err);
341 report_message("warning: ", err, params);
342 va_end(params);
345 static void rp_error(const char *err, ...)
347 va_list params;
348 va_start(params, err);
349 report_message("error: ", err, params);
350 va_end(params);
353 static int copy_to_sideband(int in, int out, void *arg)
355 char data[128];
356 int keepalive_active = 0;
358 if (keepalive_in_sec <= 0)
359 use_keepalive = KEEPALIVE_NEVER;
360 if (use_keepalive == KEEPALIVE_ALWAYS)
361 keepalive_active = 1;
363 while (1) {
364 ssize_t sz;
366 if (keepalive_active) {
367 struct pollfd pfd;
368 int ret;
370 pfd.fd = in;
371 pfd.events = POLLIN;
372 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
374 if (ret < 0) {
375 if (errno == EINTR)
376 continue;
377 else
378 break;
379 } else if (ret == 0) {
380 /* no data; send a keepalive packet */
381 static const char buf[] = "0005\1";
382 write_or_die(1, buf, sizeof(buf) - 1);
383 continue;
384 } /* else there is actual data to read */
387 sz = xread(in, data, sizeof(data));
388 if (sz <= 0)
389 break;
391 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
392 const char *p = memchr(data, '\0', sz);
393 if (p) {
395 * The NUL tells us to start sending keepalives. Make
396 * sure we send any other data we read along
397 * with it.
399 keepalive_active = 1;
400 send_sideband(1, 2, data, p - data, use_sideband);
401 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
402 continue;
407 * Either we're not looking for a NUL signal, or we didn't see
408 * it yet; just pass along the data.
410 send_sideband(1, 2, data, sz, use_sideband);
412 close(in);
413 return 0;
416 #define HMAC_BLOCK_SIZE 64
418 static void hmac_sha1(unsigned char *out,
419 const char *key_in, size_t key_len,
420 const char *text, size_t text_len)
422 unsigned char key[HMAC_BLOCK_SIZE];
423 unsigned char k_ipad[HMAC_BLOCK_SIZE];
424 unsigned char k_opad[HMAC_BLOCK_SIZE];
425 int i;
426 git_SHA_CTX ctx;
428 /* RFC 2104 2. (1) */
429 memset(key, '\0', HMAC_BLOCK_SIZE);
430 if (HMAC_BLOCK_SIZE < key_len) {
431 git_SHA1_Init(&ctx);
432 git_SHA1_Update(&ctx, key_in, key_len);
433 git_SHA1_Final(key, &ctx);
434 } else {
435 memcpy(key, key_in, key_len);
438 /* RFC 2104 2. (2) & (5) */
439 for (i = 0; i < sizeof(key); i++) {
440 k_ipad[i] = key[i] ^ 0x36;
441 k_opad[i] = key[i] ^ 0x5c;
444 /* RFC 2104 2. (3) & (4) */
445 git_SHA1_Init(&ctx);
446 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
447 git_SHA1_Update(&ctx, text, text_len);
448 git_SHA1_Final(out, &ctx);
450 /* RFC 2104 2. (6) & (7) */
451 git_SHA1_Init(&ctx);
452 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
453 git_SHA1_Update(&ctx, out, 20);
454 git_SHA1_Final(out, &ctx);
457 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
459 struct strbuf buf = STRBUF_INIT;
460 unsigned char sha1[20];
462 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
463 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
464 strbuf_release(&buf);
466 /* RFC 2104 5. HMAC-SHA1-80 */
467 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
468 return strbuf_detach(&buf, NULL);
472 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
473 * after dropping "_commit" from its name and possibly moving it out
474 * of commit.c
476 static char *find_header(const char *msg, size_t len, const char *key,
477 const char **next_line)
479 int key_len = strlen(key);
480 const char *line = msg;
482 while (line && line < msg + len) {
483 const char *eol = strchrnul(line, '\n');
485 if ((msg + len <= eol) || line == eol)
486 return NULL;
487 if (line + key_len < eol &&
488 !memcmp(line, key, key_len) && line[key_len] == ' ') {
489 int offset = key_len + 1;
490 if (next_line)
491 *next_line = *eol ? eol + 1 : eol;
492 return xmemdupz(line + offset, (eol - line) - offset);
494 line = *eol ? eol + 1 : NULL;
496 return NULL;
499 static const char *check_nonce(const char *buf, size_t len)
501 char *nonce = find_header(buf, len, "nonce", NULL);
502 timestamp_t stamp, ostamp;
503 char *bohmac, *expect = NULL;
504 const char *retval = NONCE_BAD;
506 if (!nonce) {
507 retval = NONCE_MISSING;
508 goto leave;
509 } else if (!push_cert_nonce) {
510 retval = NONCE_UNSOLICITED;
511 goto leave;
512 } else if (!strcmp(push_cert_nonce, nonce)) {
513 retval = NONCE_OK;
514 goto leave;
517 if (!stateless_rpc) {
518 /* returned nonce MUST match what we gave out earlier */
519 retval = NONCE_BAD;
520 goto leave;
524 * In stateless mode, we may be receiving a nonce issued by
525 * another instance of the server that serving the same
526 * repository, and the timestamps may not match, but the
527 * nonce-seed and dir should match, so we can recompute and
528 * report the time slop.
530 * In addition, when a nonce issued by another instance has
531 * timestamp within receive.certnonceslop seconds, we pretend
532 * as if we issued that nonce when reporting to the hook.
535 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
536 if (*nonce <= '0' || '9' < *nonce) {
537 retval = NONCE_BAD;
538 goto leave;
540 stamp = parse_timestamp(nonce, &bohmac, 10);
541 if (bohmac == nonce || bohmac[0] != '-') {
542 retval = NONCE_BAD;
543 goto leave;
546 expect = prepare_push_cert_nonce(service_dir, stamp);
547 if (strcmp(expect, nonce)) {
548 /* Not what we would have signed earlier */
549 retval = NONCE_BAD;
550 goto leave;
554 * By how many seconds is this nonce stale? Negative value
555 * would mean it was issued by another server with its clock
556 * skewed in the future.
558 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
559 nonce_stamp_slop = (long)ostamp - (long)stamp;
561 if (nonce_stamp_slop_limit &&
562 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
564 * Pretend as if the received nonce (which passes the
565 * HMAC check, so it is not a forged by third-party)
566 * is what we issued.
568 free((void *)push_cert_nonce);
569 push_cert_nonce = xstrdup(nonce);
570 retval = NONCE_OK;
571 } else {
572 retval = NONCE_SLOP;
575 leave:
576 free(nonce);
577 free(expect);
578 return retval;
582 * Return 1 if there is no push_cert or if the push options in push_cert are
583 * the same as those in the argument; 0 otherwise.
585 static int check_cert_push_options(const struct string_list *push_options)
587 const char *buf = push_cert.buf;
588 int len = push_cert.len;
590 char *option;
591 const char *next_line;
592 int options_seen = 0;
594 int retval = 1;
596 if (!len)
597 return 1;
599 while ((option = find_header(buf, len, "push-option", &next_line))) {
600 len -= (next_line - buf);
601 buf = next_line;
602 options_seen++;
603 if (options_seen > push_options->nr
604 || strcmp(option,
605 push_options->items[options_seen - 1].string)) {
606 retval = 0;
607 goto leave;
609 free(option);
612 if (options_seen != push_options->nr)
613 retval = 0;
615 leave:
616 free(option);
617 return retval;
620 static void prepare_push_cert_sha1(struct child_process *proc)
622 static int already_done;
624 if (!push_cert.len)
625 return;
627 if (!already_done) {
628 struct strbuf gpg_output = STRBUF_INIT;
629 struct strbuf gpg_status = STRBUF_INIT;
630 int bogs /* beginning_of_gpg_sig */;
632 already_done = 1;
633 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
634 hashclr(push_cert_sha1);
636 memset(&sigcheck, '\0', sizeof(sigcheck));
637 sigcheck.result = 'N';
639 bogs = parse_signature(push_cert.buf, push_cert.len);
640 if (verify_signed_buffer(push_cert.buf, bogs,
641 push_cert.buf + bogs, push_cert.len - bogs,
642 &gpg_output, &gpg_status) < 0) {
643 ; /* error running gpg */
644 } else {
645 sigcheck.payload = push_cert.buf;
646 sigcheck.gpg_output = gpg_output.buf;
647 sigcheck.gpg_status = gpg_status.buf;
648 parse_gpg_output(&sigcheck);
651 strbuf_release(&gpg_output);
652 strbuf_release(&gpg_status);
653 nonce_status = check_nonce(push_cert.buf, bogs);
655 if (!is_null_sha1(push_cert_sha1)) {
656 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
657 sha1_to_hex(push_cert_sha1));
658 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
659 sigcheck.signer ? sigcheck.signer : "");
660 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
661 sigcheck.key ? sigcheck.key : "");
662 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
663 sigcheck.result);
664 if (push_cert_nonce) {
665 argv_array_pushf(&proc->env_array,
666 "GIT_PUSH_CERT_NONCE=%s",
667 push_cert_nonce);
668 argv_array_pushf(&proc->env_array,
669 "GIT_PUSH_CERT_NONCE_STATUS=%s",
670 nonce_status);
671 if (nonce_status == NONCE_SLOP)
672 argv_array_pushf(&proc->env_array,
673 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
674 nonce_stamp_slop);
679 struct receive_hook_feed_state {
680 struct command *cmd;
681 int skip_broken;
682 struct strbuf buf;
683 const struct string_list *push_options;
686 typedef int (*feed_fn)(void *, const char **, size_t *);
687 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
688 struct receive_hook_feed_state *feed_state)
690 struct child_process proc = CHILD_PROCESS_INIT;
691 struct async muxer;
692 const char *argv[2];
693 int code;
695 argv[0] = find_hook(hook_name);
696 if (!argv[0])
697 return 0;
699 argv[1] = NULL;
701 proc.argv = argv;
702 proc.in = -1;
703 proc.stdout_to_stderr = 1;
704 if (feed_state->push_options) {
705 int i;
706 for (i = 0; i < feed_state->push_options->nr; i++)
707 argv_array_pushf(&proc.env_array,
708 "GIT_PUSH_OPTION_%d=%s", i,
709 feed_state->push_options->items[i].string);
710 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
711 feed_state->push_options->nr);
712 } else
713 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
715 if (tmp_objdir)
716 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
718 if (use_sideband) {
719 memset(&muxer, 0, sizeof(muxer));
720 muxer.proc = copy_to_sideband;
721 muxer.in = -1;
722 code = start_async(&muxer);
723 if (code)
724 return code;
725 proc.err = muxer.in;
728 prepare_push_cert_sha1(&proc);
730 code = start_command(&proc);
731 if (code) {
732 if (use_sideband)
733 finish_async(&muxer);
734 return code;
737 sigchain_push(SIGPIPE, SIG_IGN);
739 while (1) {
740 const char *buf;
741 size_t n;
742 if (feed(feed_state, &buf, &n))
743 break;
744 if (write_in_full(proc.in, buf, n) != n)
745 break;
747 close(proc.in);
748 if (use_sideband)
749 finish_async(&muxer);
751 sigchain_pop(SIGPIPE);
753 return finish_command(&proc);
756 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
758 struct receive_hook_feed_state *state = state_;
759 struct command *cmd = state->cmd;
761 while (cmd &&
762 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
763 cmd = cmd->next;
764 if (!cmd)
765 return -1; /* EOF */
766 strbuf_reset(&state->buf);
767 strbuf_addf(&state->buf, "%s %s %s\n",
768 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
769 cmd->ref_name);
770 state->cmd = cmd->next;
771 if (bufp) {
772 *bufp = state->buf.buf;
773 *sizep = state->buf.len;
775 return 0;
778 static int run_receive_hook(struct command *commands,
779 const char *hook_name,
780 int skip_broken,
781 const struct string_list *push_options)
783 struct receive_hook_feed_state state;
784 int status;
786 strbuf_init(&state.buf, 0);
787 state.cmd = commands;
788 state.skip_broken = skip_broken;
789 if (feed_receive_hook(&state, NULL, NULL))
790 return 0;
791 state.cmd = commands;
792 state.push_options = push_options;
793 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
794 strbuf_release(&state.buf);
795 return status;
798 static int run_update_hook(struct command *cmd)
800 const char *argv[5];
801 struct child_process proc = CHILD_PROCESS_INIT;
802 int code;
804 argv[0] = find_hook("update");
805 if (!argv[0])
806 return 0;
808 argv[1] = cmd->ref_name;
809 argv[2] = oid_to_hex(&cmd->old_oid);
810 argv[3] = oid_to_hex(&cmd->new_oid);
811 argv[4] = NULL;
813 proc.no_stdin = 1;
814 proc.stdout_to_stderr = 1;
815 proc.err = use_sideband ? -1 : 0;
816 proc.argv = argv;
818 code = start_command(&proc);
819 if (code)
820 return code;
821 if (use_sideband)
822 copy_to_sideband(proc.err, -1, NULL);
823 return finish_command(&proc);
826 static int is_ref_checked_out(const char *ref)
828 if (is_bare_repository())
829 return 0;
831 if (!head_name)
832 return 0;
833 return !strcmp(head_name, ref);
836 static char *refuse_unconfigured_deny_msg =
837 N_("By default, updating the current branch in a non-bare repository\n"
838 "is denied, because it will make the index and work tree inconsistent\n"
839 "with what you pushed, and will require 'git reset --hard' to match\n"
840 "the work tree to HEAD.\n"
841 "\n"
842 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
843 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
844 "its current branch; however, this is not recommended unless you\n"
845 "arranged to update its work tree to match what you pushed in some\n"
846 "other way.\n"
847 "\n"
848 "To squelch this message and still keep the default behaviour, set\n"
849 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
851 static void refuse_unconfigured_deny(void)
853 rp_error("%s", _(refuse_unconfigured_deny_msg));
856 static char *refuse_unconfigured_deny_delete_current_msg =
857 N_("By default, deleting the current branch is denied, because the next\n"
858 "'git clone' won't result in any file checked out, causing confusion.\n"
859 "\n"
860 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
861 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
862 "current branch, with or without a warning message.\n"
863 "\n"
864 "To squelch this message, you can set it to 'refuse'.");
866 static void refuse_unconfigured_deny_delete_current(void)
868 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
871 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
872 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
874 static struct lock_file shallow_lock;
875 struct oid_array extra = OID_ARRAY_INIT;
876 struct check_connected_options opt = CHECK_CONNECTED_INIT;
877 uint32_t mask = 1 << (cmd->index % 32);
878 int i;
880 trace_printf_key(&trace_shallow,
881 "shallow: update_shallow_ref %s\n", cmd->ref_name);
882 for (i = 0; i < si->shallow->nr; i++)
883 if (si->used_shallow[i] &&
884 (si->used_shallow[i][cmd->index / 32] & mask) &&
885 !delayed_reachability_test(si, i))
886 oid_array_append(&extra, &si->shallow->oid[i]);
888 opt.env = tmp_objdir_env(tmp_objdir);
889 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
890 if (check_connected(command_singleton_iterator, cmd, &opt)) {
891 rollback_lock_file(&shallow_lock);
892 oid_array_clear(&extra);
893 return -1;
896 commit_lock_file(&shallow_lock);
899 * Make sure setup_alternate_shallow() for the next ref does
900 * not lose these new roots..
902 for (i = 0; i < extra.nr; i++)
903 register_shallow(&extra.oid[i]);
905 si->shallow_ref[cmd->index] = 0;
906 oid_array_clear(&extra);
907 return 0;
911 * NEEDSWORK: we should consolidate various implementions of "are we
912 * on an unborn branch?" test into one, and make the unified one more
913 * robust. !get_sha1() based check used here and elsewhere would not
914 * allow us to tell an unborn branch from corrupt ref, for example.
915 * For the purpose of fixing "deploy-to-update does not work when
916 * pushing into an empty repository" issue, this should suffice for
917 * now.
919 static int head_has_history(void)
921 unsigned char sha1[20];
923 return !get_sha1("HEAD", sha1);
926 static const char *push_to_deploy(unsigned char *sha1,
927 struct argv_array *env,
928 const char *work_tree)
930 const char *update_refresh[] = {
931 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
933 const char *diff_files[] = {
934 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
936 const char *diff_index[] = {
937 "diff-index", "--quiet", "--cached", "--ignore-submodules",
938 NULL, "--", NULL
940 const char *read_tree[] = {
941 "read-tree", "-u", "-m", NULL, NULL
943 struct child_process child = CHILD_PROCESS_INIT;
945 child.argv = update_refresh;
946 child.env = env->argv;
947 child.dir = work_tree;
948 child.no_stdin = 1;
949 child.stdout_to_stderr = 1;
950 child.git_cmd = 1;
951 if (run_command(&child))
952 return "Up-to-date check failed";
954 /* run_command() does not clean up completely; reinitialize */
955 child_process_init(&child);
956 child.argv = diff_files;
957 child.env = env->argv;
958 child.dir = work_tree;
959 child.no_stdin = 1;
960 child.stdout_to_stderr = 1;
961 child.git_cmd = 1;
962 if (run_command(&child))
963 return "Working directory has unstaged changes";
965 /* diff-index with either HEAD or an empty tree */
966 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
968 child_process_init(&child);
969 child.argv = diff_index;
970 child.env = env->argv;
971 child.no_stdin = 1;
972 child.no_stdout = 1;
973 child.stdout_to_stderr = 0;
974 child.git_cmd = 1;
975 if (run_command(&child))
976 return "Working directory has staged changes";
978 read_tree[3] = sha1_to_hex(sha1);
979 child_process_init(&child);
980 child.argv = read_tree;
981 child.env = env->argv;
982 child.dir = work_tree;
983 child.no_stdin = 1;
984 child.no_stdout = 1;
985 child.stdout_to_stderr = 0;
986 child.git_cmd = 1;
987 if (run_command(&child))
988 return "Could not update working tree to new HEAD";
990 return NULL;
993 static const char *push_to_checkout_hook = "push-to-checkout";
995 static const char *push_to_checkout(unsigned char *sha1,
996 struct argv_array *env,
997 const char *work_tree)
999 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1000 if (run_hook_le(env->argv, push_to_checkout_hook,
1001 sha1_to_hex(sha1), NULL))
1002 return "push-to-checkout hook declined";
1003 else
1004 return NULL;
1007 static const char *update_worktree(unsigned char *sha1)
1009 const char *retval;
1010 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1011 struct argv_array env = ARGV_ARRAY_INIT;
1013 if (is_bare_repository())
1014 return "denyCurrentBranch = updateInstead needs a worktree";
1016 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1018 if (!find_hook(push_to_checkout_hook))
1019 retval = push_to_deploy(sha1, &env, work_tree);
1020 else
1021 retval = push_to_checkout(sha1, &env, work_tree);
1023 argv_array_clear(&env);
1024 return retval;
1027 static const char *update(struct command *cmd, struct shallow_info *si)
1029 const char *name = cmd->ref_name;
1030 struct strbuf namespaced_name_buf = STRBUF_INIT;
1031 static char *namespaced_name;
1032 const char *ret;
1033 struct object_id *old_oid = &cmd->old_oid;
1034 struct object_id *new_oid = &cmd->new_oid;
1036 /* only refs/... are allowed */
1037 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1038 rp_error("refusing to create funny ref '%s' remotely", name);
1039 return "funny refname";
1042 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1043 free(namespaced_name);
1044 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1046 if (is_ref_checked_out(namespaced_name)) {
1047 switch (deny_current_branch) {
1048 case DENY_IGNORE:
1049 break;
1050 case DENY_WARN:
1051 rp_warning("updating the current branch");
1052 break;
1053 case DENY_REFUSE:
1054 case DENY_UNCONFIGURED:
1055 rp_error("refusing to update checked out branch: %s", name);
1056 if (deny_current_branch == DENY_UNCONFIGURED)
1057 refuse_unconfigured_deny();
1058 return "branch is currently checked out";
1059 case DENY_UPDATE_INSTEAD:
1060 ret = update_worktree(new_oid->hash);
1061 if (ret)
1062 return ret;
1063 break;
1067 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1068 error("unpack should have generated %s, "
1069 "but I can't find it!", oid_to_hex(new_oid));
1070 return "bad pack";
1073 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1074 if (deny_deletes && starts_with(name, "refs/heads/")) {
1075 rp_error("denying ref deletion for %s", name);
1076 return "deletion prohibited";
1079 if (head_name && !strcmp(namespaced_name, head_name)) {
1080 switch (deny_delete_current) {
1081 case DENY_IGNORE:
1082 break;
1083 case DENY_WARN:
1084 rp_warning("deleting the current branch");
1085 break;
1086 case DENY_REFUSE:
1087 case DENY_UNCONFIGURED:
1088 case DENY_UPDATE_INSTEAD:
1089 if (deny_delete_current == DENY_UNCONFIGURED)
1090 refuse_unconfigured_deny_delete_current();
1091 rp_error("refusing to delete the current branch: %s", name);
1092 return "deletion of the current branch prohibited";
1093 default:
1094 return "Invalid denyDeleteCurrent setting";
1099 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1100 !is_null_oid(old_oid) &&
1101 starts_with(name, "refs/heads/")) {
1102 struct object *old_object, *new_object;
1103 struct commit *old_commit, *new_commit;
1105 old_object = parse_object(old_oid);
1106 new_object = parse_object(new_oid);
1108 if (!old_object || !new_object ||
1109 old_object->type != OBJ_COMMIT ||
1110 new_object->type != OBJ_COMMIT) {
1111 error("bad sha1 objects for %s", name);
1112 return "bad ref";
1114 old_commit = (struct commit *)old_object;
1115 new_commit = (struct commit *)new_object;
1116 if (!in_merge_bases(old_commit, new_commit)) {
1117 rp_error("denying non-fast-forward %s"
1118 " (you should pull first)", name);
1119 return "non-fast-forward";
1122 if (run_update_hook(cmd)) {
1123 rp_error("hook declined to update %s", name);
1124 return "hook declined";
1127 if (is_null_oid(new_oid)) {
1128 struct strbuf err = STRBUF_INIT;
1129 if (!parse_object(old_oid)) {
1130 old_oid = NULL;
1131 if (ref_exists(name)) {
1132 rp_warning("Allowing deletion of corrupt ref.");
1133 } else {
1134 rp_warning("Deleting a non-existent ref.");
1135 cmd->did_not_exist = 1;
1138 if (ref_transaction_delete(transaction,
1139 namespaced_name,
1140 old_oid->hash,
1141 0, "push", &err)) {
1142 rp_error("%s", err.buf);
1143 strbuf_release(&err);
1144 return "failed to delete";
1146 strbuf_release(&err);
1147 return NULL; /* good */
1149 else {
1150 struct strbuf err = STRBUF_INIT;
1151 if (shallow_update && si->shallow_ref[cmd->index] &&
1152 update_shallow_ref(cmd, si))
1153 return "shallow error";
1155 if (ref_transaction_update(transaction,
1156 namespaced_name,
1157 new_oid->hash, old_oid->hash,
1158 0, "push",
1159 &err)) {
1160 rp_error("%s", err.buf);
1161 strbuf_release(&err);
1163 return "failed to update ref";
1165 strbuf_release(&err);
1167 return NULL; /* good */
1171 static void run_update_post_hook(struct command *commands)
1173 struct command *cmd;
1174 struct child_process proc = CHILD_PROCESS_INIT;
1175 const char *hook;
1177 hook = find_hook("post-update");
1178 if (!hook)
1179 return;
1181 for (cmd = commands; cmd; cmd = cmd->next) {
1182 if (cmd->error_string || cmd->did_not_exist)
1183 continue;
1184 if (!proc.args.argc)
1185 argv_array_push(&proc.args, hook);
1186 argv_array_push(&proc.args, cmd->ref_name);
1188 if (!proc.args.argc)
1189 return;
1191 proc.no_stdin = 1;
1192 proc.stdout_to_stderr = 1;
1193 proc.err = use_sideband ? -1 : 0;
1195 if (!start_command(&proc)) {
1196 if (use_sideband)
1197 copy_to_sideband(proc.err, -1, NULL);
1198 finish_command(&proc);
1202 static void check_aliased_update(struct command *cmd, struct string_list *list)
1204 struct strbuf buf = STRBUF_INIT;
1205 const char *dst_name;
1206 struct string_list_item *item;
1207 struct command *dst_cmd;
1208 unsigned char sha1[GIT_MAX_RAWSZ];
1209 int flag;
1211 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1212 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1213 strbuf_release(&buf);
1215 if (!(flag & REF_ISSYMREF))
1216 return;
1218 if (!dst_name) {
1219 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1220 cmd->skip_update = 1;
1221 cmd->error_string = "broken symref";
1222 return;
1224 dst_name = strip_namespace(dst_name);
1226 if ((item = string_list_lookup(list, dst_name)) == NULL)
1227 return;
1229 cmd->skip_update = 1;
1231 dst_cmd = (struct command *) item->util;
1233 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1234 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1235 return;
1237 dst_cmd->skip_update = 1;
1239 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1240 " its target '%s' (%s..%s)",
1241 cmd->ref_name,
1242 find_unique_abbrev(cmd->old_oid.hash, DEFAULT_ABBREV),
1243 find_unique_abbrev(cmd->new_oid.hash, DEFAULT_ABBREV),
1244 dst_cmd->ref_name,
1245 find_unique_abbrev(dst_cmd->old_oid.hash, DEFAULT_ABBREV),
1246 find_unique_abbrev(dst_cmd->new_oid.hash, DEFAULT_ABBREV));
1248 cmd->error_string = dst_cmd->error_string =
1249 "inconsistent aliased update";
1252 static void check_aliased_updates(struct command *commands)
1254 struct command *cmd;
1255 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1257 for (cmd = commands; cmd; cmd = cmd->next) {
1258 struct string_list_item *item =
1259 string_list_append(&ref_list, cmd->ref_name);
1260 item->util = (void *)cmd;
1262 string_list_sort(&ref_list);
1264 for (cmd = commands; cmd; cmd = cmd->next) {
1265 if (!cmd->error_string)
1266 check_aliased_update(cmd, &ref_list);
1269 string_list_clear(&ref_list, 0);
1272 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1274 struct command **cmd_list = cb_data;
1275 struct command *cmd = *cmd_list;
1277 if (!cmd || is_null_oid(&cmd->new_oid))
1278 return -1; /* end of list */
1279 *cmd_list = NULL; /* this returns only one */
1280 hashcpy(sha1, cmd->new_oid.hash);
1281 return 0;
1284 static void set_connectivity_errors(struct command *commands,
1285 struct shallow_info *si)
1287 struct command *cmd;
1289 for (cmd = commands; cmd; cmd = cmd->next) {
1290 struct command *singleton = cmd;
1291 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1293 if (shallow_update && si->shallow_ref[cmd->index])
1294 /* to be checked in update_shallow_ref() */
1295 continue;
1297 opt.env = tmp_objdir_env(tmp_objdir);
1298 if (!check_connected(command_singleton_iterator, &singleton,
1299 &opt))
1300 continue;
1302 cmd->error_string = "missing necessary objects";
1306 struct iterate_data {
1307 struct command *cmds;
1308 struct shallow_info *si;
1311 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1313 struct iterate_data *data = cb_data;
1314 struct command **cmd_list = &data->cmds;
1315 struct command *cmd = *cmd_list;
1317 for (; cmd; cmd = cmd->next) {
1318 if (shallow_update && data->si->shallow_ref[cmd->index])
1319 /* to be checked in update_shallow_ref() */
1320 continue;
1321 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1322 hashcpy(sha1, cmd->new_oid.hash);
1323 *cmd_list = cmd->next;
1324 return 0;
1327 *cmd_list = NULL;
1328 return -1; /* end of list */
1331 static void reject_updates_to_hidden(struct command *commands)
1333 struct strbuf refname_full = STRBUF_INIT;
1334 size_t prefix_len;
1335 struct command *cmd;
1337 strbuf_addstr(&refname_full, get_git_namespace());
1338 prefix_len = refname_full.len;
1340 for (cmd = commands; cmd; cmd = cmd->next) {
1341 if (cmd->error_string)
1342 continue;
1344 strbuf_setlen(&refname_full, prefix_len);
1345 strbuf_addstr(&refname_full, cmd->ref_name);
1347 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1348 continue;
1349 if (is_null_oid(&cmd->new_oid))
1350 cmd->error_string = "deny deleting a hidden ref";
1351 else
1352 cmd->error_string = "deny updating a hidden ref";
1355 strbuf_release(&refname_full);
1358 static int should_process_cmd(struct command *cmd)
1360 return !cmd->error_string && !cmd->skip_update;
1363 static void warn_if_skipped_connectivity_check(struct command *commands,
1364 struct shallow_info *si)
1366 struct command *cmd;
1367 int checked_connectivity = 1;
1369 for (cmd = commands; cmd; cmd = cmd->next) {
1370 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1371 error("BUG: connectivity check has not been run on ref %s",
1372 cmd->ref_name);
1373 checked_connectivity = 0;
1376 if (!checked_connectivity)
1377 die("BUG: connectivity check skipped???");
1380 static void execute_commands_non_atomic(struct command *commands,
1381 struct shallow_info *si)
1383 struct command *cmd;
1384 struct strbuf err = STRBUF_INIT;
1386 for (cmd = commands; cmd; cmd = cmd->next) {
1387 if (!should_process_cmd(cmd))
1388 continue;
1390 transaction = ref_transaction_begin(&err);
1391 if (!transaction) {
1392 rp_error("%s", err.buf);
1393 strbuf_reset(&err);
1394 cmd->error_string = "transaction failed to start";
1395 continue;
1398 cmd->error_string = update(cmd, si);
1400 if (!cmd->error_string
1401 && ref_transaction_commit(transaction, &err)) {
1402 rp_error("%s", err.buf);
1403 strbuf_reset(&err);
1404 cmd->error_string = "failed to update ref";
1406 ref_transaction_free(transaction);
1408 strbuf_release(&err);
1411 static void execute_commands_atomic(struct command *commands,
1412 struct shallow_info *si)
1414 struct command *cmd;
1415 struct strbuf err = STRBUF_INIT;
1416 const char *reported_error = "atomic push failure";
1418 transaction = ref_transaction_begin(&err);
1419 if (!transaction) {
1420 rp_error("%s", err.buf);
1421 strbuf_reset(&err);
1422 reported_error = "transaction failed to start";
1423 goto failure;
1426 for (cmd = commands; cmd; cmd = cmd->next) {
1427 if (!should_process_cmd(cmd))
1428 continue;
1430 cmd->error_string = update(cmd, si);
1432 if (cmd->error_string)
1433 goto failure;
1436 if (ref_transaction_commit(transaction, &err)) {
1437 rp_error("%s", err.buf);
1438 reported_error = "atomic transaction failed";
1439 goto failure;
1441 goto cleanup;
1443 failure:
1444 for (cmd = commands; cmd; cmd = cmd->next)
1445 if (!cmd->error_string)
1446 cmd->error_string = reported_error;
1448 cleanup:
1449 ref_transaction_free(transaction);
1450 strbuf_release(&err);
1453 static void execute_commands(struct command *commands,
1454 const char *unpacker_error,
1455 struct shallow_info *si,
1456 const struct string_list *push_options)
1458 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1459 struct command *cmd;
1460 struct object_id oid;
1461 struct iterate_data data;
1462 struct async muxer;
1463 int err_fd = 0;
1465 if (unpacker_error) {
1466 for (cmd = commands; cmd; cmd = cmd->next)
1467 cmd->error_string = "unpacker error";
1468 return;
1471 if (use_sideband) {
1472 memset(&muxer, 0, sizeof(muxer));
1473 muxer.proc = copy_to_sideband;
1474 muxer.in = -1;
1475 if (!start_async(&muxer))
1476 err_fd = muxer.in;
1477 /* ...else, continue without relaying sideband */
1480 data.cmds = commands;
1481 data.si = si;
1482 opt.err_fd = err_fd;
1483 opt.progress = err_fd && !quiet;
1484 opt.env = tmp_objdir_env(tmp_objdir);
1485 if (check_connected(iterate_receive_command_list, &data, &opt))
1486 set_connectivity_errors(commands, si);
1488 if (use_sideband)
1489 finish_async(&muxer);
1491 reject_updates_to_hidden(commands);
1493 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1494 for (cmd = commands; cmd; cmd = cmd->next) {
1495 if (!cmd->error_string)
1496 cmd->error_string = "pre-receive hook declined";
1498 return;
1502 * Now we'll start writing out refs, which means the objects need
1503 * to be in their final positions so that other processes can see them.
1505 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1506 for (cmd = commands; cmd; cmd = cmd->next) {
1507 if (!cmd->error_string)
1508 cmd->error_string = "unable to migrate objects to permanent storage";
1510 return;
1512 tmp_objdir = NULL;
1514 check_aliased_updates(commands);
1516 free(head_name_to_free);
1517 head_name = head_name_to_free = resolve_refdup("HEAD", 0, oid.hash, NULL);
1519 if (use_atomic)
1520 execute_commands_atomic(commands, si);
1521 else
1522 execute_commands_non_atomic(commands, si);
1524 if (shallow_update)
1525 warn_if_skipped_connectivity_check(commands, si);
1528 static struct command **queue_command(struct command **tail,
1529 const char *line,
1530 int linelen)
1532 struct object_id old_oid, new_oid;
1533 struct command *cmd;
1534 const char *refname;
1535 int reflen;
1536 const char *p;
1538 if (parse_oid_hex(line, &old_oid, &p) ||
1539 *p++ != ' ' ||
1540 parse_oid_hex(p, &new_oid, &p) ||
1541 *p++ != ' ')
1542 die("protocol error: expected old/new/ref, got '%s'", line);
1544 refname = p;
1545 reflen = linelen - (p - line);
1546 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1547 oidcpy(&cmd->old_oid, &old_oid);
1548 oidcpy(&cmd->new_oid, &new_oid);
1549 *tail = cmd;
1550 return &cmd->next;
1553 static void queue_commands_from_cert(struct command **tail,
1554 struct strbuf *push_cert)
1556 const char *boc, *eoc;
1558 if (*tail)
1559 die("protocol error: got both push certificate and unsigned commands");
1561 boc = strstr(push_cert->buf, "\n\n");
1562 if (!boc)
1563 die("malformed push certificate %.*s", 100, push_cert->buf);
1564 else
1565 boc += 2;
1566 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1568 while (boc < eoc) {
1569 const char *eol = memchr(boc, '\n', eoc - boc);
1570 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1571 boc = eol ? eol + 1 : eoc;
1575 static struct command *read_head_info(struct oid_array *shallow)
1577 struct command *commands = NULL;
1578 struct command **p = &commands;
1579 for (;;) {
1580 char *line;
1581 int len, linelen;
1583 line = packet_read_line(0, &len);
1584 if (!line)
1585 break;
1587 if (len > 8 && starts_with(line, "shallow ")) {
1588 struct object_id oid;
1589 if (get_oid_hex(line + 8, &oid))
1590 die("protocol error: expected shallow sha, got '%s'",
1591 line + 8);
1592 oid_array_append(shallow, &oid);
1593 continue;
1596 linelen = strlen(line);
1597 if (linelen < len) {
1598 const char *feature_list = line + linelen + 1;
1599 if (parse_feature_request(feature_list, "report-status"))
1600 report_status = 1;
1601 if (parse_feature_request(feature_list, "side-band-64k"))
1602 use_sideband = LARGE_PACKET_MAX;
1603 if (parse_feature_request(feature_list, "quiet"))
1604 quiet = 1;
1605 if (advertise_atomic_push
1606 && parse_feature_request(feature_list, "atomic"))
1607 use_atomic = 1;
1608 if (advertise_push_options
1609 && parse_feature_request(feature_list, "push-options"))
1610 use_push_options = 1;
1613 if (!strcmp(line, "push-cert")) {
1614 int true_flush = 0;
1615 char certbuf[1024];
1617 for (;;) {
1618 len = packet_read(0, NULL, NULL,
1619 certbuf, sizeof(certbuf), 0);
1620 if (!len) {
1621 true_flush = 1;
1622 break;
1624 if (!strcmp(certbuf, "push-cert-end\n"))
1625 break; /* end of cert */
1626 strbuf_addstr(&push_cert, certbuf);
1629 if (true_flush)
1630 break;
1631 continue;
1634 p = queue_command(p, line, linelen);
1637 if (push_cert.len)
1638 queue_commands_from_cert(p, &push_cert);
1640 return commands;
1643 static void read_push_options(struct string_list *options)
1645 while (1) {
1646 char *line;
1647 int len;
1649 line = packet_read_line(0, &len);
1651 if (!line)
1652 break;
1654 string_list_append(options, line);
1658 static const char *parse_pack_header(struct pack_header *hdr)
1660 switch (read_pack_header(0, hdr)) {
1661 case PH_ERROR_EOF:
1662 return "eof before pack header was fully read";
1664 case PH_ERROR_PACK_SIGNATURE:
1665 return "protocol error (pack signature mismatch detected)";
1667 case PH_ERROR_PROTOCOL:
1668 return "protocol error (pack version unsupported)";
1670 default:
1671 return "unknown error in parse_pack_header";
1673 case 0:
1674 return NULL;
1678 static const char *pack_lockfile;
1680 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1682 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1683 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1686 static const char *unpack(int err_fd, struct shallow_info *si)
1688 struct pack_header hdr;
1689 const char *hdr_err;
1690 int status;
1691 struct child_process child = CHILD_PROCESS_INIT;
1692 int fsck_objects = (receive_fsck_objects >= 0
1693 ? receive_fsck_objects
1694 : transfer_fsck_objects >= 0
1695 ? transfer_fsck_objects
1696 : 0);
1698 hdr_err = parse_pack_header(&hdr);
1699 if (hdr_err) {
1700 if (err_fd > 0)
1701 close(err_fd);
1702 return hdr_err;
1705 if (si->nr_ours || si->nr_theirs) {
1706 alt_shallow_file = setup_temporary_shallow(si->shallow);
1707 argv_array_push(&child.args, "--shallow-file");
1708 argv_array_push(&child.args, alt_shallow_file);
1711 tmp_objdir = tmp_objdir_create();
1712 if (!tmp_objdir) {
1713 if (err_fd > 0)
1714 close(err_fd);
1715 return "unable to create temporary object directory";
1717 child.env = tmp_objdir_env(tmp_objdir);
1720 * Normally we just pass the tmp_objdir environment to the child
1721 * processes that do the heavy lifting, but we may need to see these
1722 * objects ourselves to set up shallow information.
1724 tmp_objdir_add_as_alternate(tmp_objdir);
1726 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1727 argv_array_push(&child.args, "unpack-objects");
1728 push_header_arg(&child.args, &hdr);
1729 if (quiet)
1730 argv_array_push(&child.args, "-q");
1731 if (fsck_objects)
1732 argv_array_pushf(&child.args, "--strict%s",
1733 fsck_msg_types.buf);
1734 if (max_input_size)
1735 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1736 (uintmax_t)max_input_size);
1737 child.no_stdout = 1;
1738 child.err = err_fd;
1739 child.git_cmd = 1;
1740 status = run_command(&child);
1741 if (status)
1742 return "unpack-objects abnormal exit";
1743 } else {
1744 char hostname[HOST_NAME_MAX + 1];
1746 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1747 push_header_arg(&child.args, &hdr);
1749 if (xgethostname(hostname, sizeof(hostname)))
1750 xsnprintf(hostname, sizeof(hostname), "localhost");
1751 argv_array_pushf(&child.args,
1752 "--keep=receive-pack %"PRIuMAX" on %s",
1753 (uintmax_t)getpid(),
1754 hostname);
1756 if (!quiet && err_fd)
1757 argv_array_push(&child.args, "--show-resolving-progress");
1758 if (use_sideband)
1759 argv_array_push(&child.args, "--report-end-of-input");
1760 if (fsck_objects)
1761 argv_array_pushf(&child.args, "--strict%s",
1762 fsck_msg_types.buf);
1763 if (!reject_thin)
1764 argv_array_push(&child.args, "--fix-thin");
1765 if (max_input_size)
1766 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1767 (uintmax_t)max_input_size);
1768 child.out = -1;
1769 child.err = err_fd;
1770 child.git_cmd = 1;
1771 status = start_command(&child);
1772 if (status)
1773 return "index-pack fork failed";
1774 pack_lockfile = index_pack_lockfile(child.out);
1775 close(child.out);
1776 status = finish_command(&child);
1777 if (status)
1778 return "index-pack abnormal exit";
1779 reprepare_packed_git();
1781 return NULL;
1784 static const char *unpack_with_sideband(struct shallow_info *si)
1786 struct async muxer;
1787 const char *ret;
1789 if (!use_sideband)
1790 return unpack(0, si);
1792 use_keepalive = KEEPALIVE_AFTER_NUL;
1793 memset(&muxer, 0, sizeof(muxer));
1794 muxer.proc = copy_to_sideband;
1795 muxer.in = -1;
1796 if (start_async(&muxer))
1797 return NULL;
1799 ret = unpack(muxer.in, si);
1801 finish_async(&muxer);
1802 return ret;
1805 static void prepare_shallow_update(struct command *commands,
1806 struct shallow_info *si)
1808 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1810 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1811 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1813 si->need_reachability_test =
1814 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1815 si->reachable =
1816 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1817 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1819 for (i = 0; i < si->nr_ours; i++)
1820 si->need_reachability_test[si->ours[i]] = 1;
1822 for (i = 0; i < si->shallow->nr; i++) {
1823 if (!si->used_shallow[i])
1824 continue;
1825 for (j = 0; j < bitmap_size; j++) {
1826 if (!si->used_shallow[i][j])
1827 continue;
1828 si->need_reachability_test[i]++;
1829 for (k = 0; k < 32; k++)
1830 if (si->used_shallow[i][j] & (1U << k))
1831 si->shallow_ref[j * 32 + k]++;
1835 * true for those associated with some refs and belong
1836 * in "ours" list aka "step 7 not done yet"
1838 si->need_reachability_test[i] =
1839 si->need_reachability_test[i] > 1;
1843 * keep hooks happy by forcing a temporary shallow file via
1844 * env variable because we can't add --shallow-file to every
1845 * command. check_everything_connected() will be done with
1846 * true .git/shallow though.
1848 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1851 static void update_shallow_info(struct command *commands,
1852 struct shallow_info *si,
1853 struct oid_array *ref)
1855 struct command *cmd;
1856 int *ref_status;
1857 remove_nonexistent_theirs_shallow(si);
1858 if (!si->nr_ours && !si->nr_theirs) {
1859 shallow_update = 0;
1860 return;
1863 for (cmd = commands; cmd; cmd = cmd->next) {
1864 if (is_null_oid(&cmd->new_oid))
1865 continue;
1866 oid_array_append(ref, &cmd->new_oid);
1867 cmd->index = ref->nr - 1;
1869 si->ref = ref;
1871 if (shallow_update) {
1872 prepare_shallow_update(commands, si);
1873 return;
1876 ALLOC_ARRAY(ref_status, ref->nr);
1877 assign_shallow_commits_to_refs(si, NULL, ref_status);
1878 for (cmd = commands; cmd; cmd = cmd->next) {
1879 if (is_null_oid(&cmd->new_oid))
1880 continue;
1881 if (ref_status[cmd->index]) {
1882 cmd->error_string = "shallow update not allowed";
1883 cmd->skip_update = 1;
1886 free(ref_status);
1889 static void report(struct command *commands, const char *unpack_status)
1891 struct command *cmd;
1892 struct strbuf buf = STRBUF_INIT;
1894 packet_buf_write(&buf, "unpack %s\n",
1895 unpack_status ? unpack_status : "ok");
1896 for (cmd = commands; cmd; cmd = cmd->next) {
1897 if (!cmd->error_string)
1898 packet_buf_write(&buf, "ok %s\n",
1899 cmd->ref_name);
1900 else
1901 packet_buf_write(&buf, "ng %s %s\n",
1902 cmd->ref_name, cmd->error_string);
1904 packet_buf_flush(&buf);
1906 if (use_sideband)
1907 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1908 else
1909 write_or_die(1, buf.buf, buf.len);
1910 strbuf_release(&buf);
1913 static int delete_only(struct command *commands)
1915 struct command *cmd;
1916 for (cmd = commands; cmd; cmd = cmd->next) {
1917 if (!is_null_oid(&cmd->new_oid))
1918 return 0;
1920 return 1;
1923 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1925 int advertise_refs = 0;
1926 struct command *commands;
1927 struct oid_array shallow = OID_ARRAY_INIT;
1928 struct oid_array ref = OID_ARRAY_INIT;
1929 struct shallow_info si;
1931 struct option options[] = {
1932 OPT__QUIET(&quiet, N_("quiet")),
1933 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1934 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1935 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1936 OPT_END()
1939 packet_trace_identity("receive-pack");
1941 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1943 if (argc > 1)
1944 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1945 if (argc == 0)
1946 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1948 service_dir = argv[0];
1950 setup_path();
1952 if (!enter_repo(service_dir, 0))
1953 die("'%s' does not appear to be a git repository", service_dir);
1955 git_config(receive_pack_config, NULL);
1956 if (cert_nonce_seed)
1957 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1959 if (0 <= transfer_unpack_limit)
1960 unpack_limit = transfer_unpack_limit;
1961 else if (0 <= receive_unpack_limit)
1962 unpack_limit = receive_unpack_limit;
1964 if (advertise_refs || !stateless_rpc) {
1965 write_head_info();
1967 if (advertise_refs)
1968 return 0;
1970 if ((commands = read_head_info(&shallow)) != NULL) {
1971 const char *unpack_status = NULL;
1972 struct string_list push_options = STRING_LIST_INIT_DUP;
1974 if (use_push_options)
1975 read_push_options(&push_options);
1976 if (!check_cert_push_options(&push_options)) {
1977 struct command *cmd;
1978 for (cmd = commands; cmd; cmd = cmd->next)
1979 cmd->error_string = "inconsistent push options";
1982 prepare_shallow_info(&si, &shallow);
1983 if (!si.nr_ours && !si.nr_theirs)
1984 shallow_update = 0;
1985 if (!delete_only(commands)) {
1986 unpack_status = unpack_with_sideband(&si);
1987 update_shallow_info(commands, &si, &ref);
1989 use_keepalive = KEEPALIVE_ALWAYS;
1990 execute_commands(commands, unpack_status, &si,
1991 &push_options);
1992 if (pack_lockfile)
1993 unlink_or_warn(pack_lockfile);
1994 if (report_status)
1995 report(commands, unpack_status);
1996 run_receive_hook(commands, "post-receive", 1,
1997 &push_options);
1998 run_update_post_hook(commands);
1999 string_list_clear(&push_options, 0);
2000 if (auto_gc) {
2001 const char *argv_gc_auto[] = {
2002 "gc", "--auto", "--quiet", NULL,
2004 struct child_process proc = CHILD_PROCESS_INIT;
2006 proc.no_stdin = 1;
2007 proc.stdout_to_stderr = 1;
2008 proc.err = use_sideband ? -1 : 0;
2009 proc.git_cmd = 1;
2010 proc.argv = argv_gc_auto;
2012 close_all_packs();
2013 if (!start_command(&proc)) {
2014 if (use_sideband)
2015 copy_to_sideband(proc.err, -1, NULL);
2016 finish_command(&proc);
2019 if (auto_update_server_info)
2020 update_server_info(0);
2021 clear_shallow_info(&si);
2023 if (use_sideband)
2024 packet_flush(1);
2025 oid_array_clear(&shallow);
2026 oid_array_clear(&ref);
2027 free((void *)push_cert_nonce);
2028 return 0;