search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
t9101: make hash independent
[git/raj.git] / builtin / receive-pack.c
blob0da8ca513402a44dc2fe8ba38220f126c23f8025
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "oid-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31
32 static const char * const receive_pack_usage[] = {
33 N_("git receive-pack <git-dir>"),
34 NULL
35 };
36
37 enum deny_action {
38 DENY_UNCONFIGURED,
39 DENY_IGNORE,
40 DENY_WARN,
41 DENY_REFUSE,
42 DENY_UPDATE_INSTEAD
43 };
44
45 static int deny_deletes;
46 static int deny_non_fast_forwards;
47 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
48 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
49 static int receive_fsck_objects = -1;
50 static int transfer_fsck_objects = -1;
51 static struct strbuf fsck_msg_types = STRBUF_INIT;
52 static int receive_unpack_limit = -1;
53 static int transfer_unpack_limit = -1;
54 static int advertise_atomic_push = 1;
55 static int advertise_push_options;
56 static int unpack_limit = 100;
57 static off_t max_input_size;
58 static int report_status;
59 static int use_sideband;
60 static int use_atomic;
61 static int use_push_options;
62 static int quiet;
63 static int prefer_ofs_delta = 1;
64 static int auto_update_server_info;
65 static int auto_gc = 1;
66 static int reject_thin;
67 static int stateless_rpc;
68 static const char *service_dir;
69 static const char *head_name;
70 static void *head_name_to_free;
71 static int sent_capabilities;
72 static int shallow_update;
73 static const char *alt_shallow_file;
74 static struct strbuf push_cert = STRBUF_INIT;
75 static struct object_id push_cert_oid;
76 static struct signature_check sigcheck;
77 static const char *push_cert_nonce;
78 static const char *cert_nonce_seed;
79
80 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
81 static const char *NONCE_BAD = "BAD";
82 static const char *NONCE_MISSING = "MISSING";
83 static const char *NONCE_OK = "OK";
84 static const char *NONCE_SLOP = "SLOP";
85 static const char *nonce_status;
86 static long nonce_stamp_slop;
87 static timestamp_t nonce_stamp_slop_limit;
88 static struct ref_transaction *transaction;
89
90 static enum {
91 KEEPALIVE_NEVER = 0,
92 KEEPALIVE_AFTER_NUL,
93 KEEPALIVE_ALWAYS
94 } use_keepalive;
95 static int keepalive_in_sec = 5;
96
97 static struct tmp_objdir *tmp_objdir;
98
99 static enum deny_action parse_deny_action(const char *var, const char *value)
100 {
101 if (value) {
102 if (!strcasecmp(value, "ignore"))
103 return DENY_IGNORE;
104 if (!strcasecmp(value, "warn"))
105 return DENY_WARN;
106 if (!strcasecmp(value, "refuse"))
107 return DENY_REFUSE;
108 if (!strcasecmp(value, "updateinstead"))
109 return DENY_UPDATE_INSTEAD;
110 }
111 if (git_config_bool(var, value))
112 return DENY_REFUSE;
113 return DENY_IGNORE;
114 }
115
116 static int receive_pack_config(const char *var, const char *value, void *cb)
117 {
118 int status = parse_hide_refs_config(var, value, "receive");
119
120 if (status)
121 return status;
122
123 if (strcmp(var, "receive.denydeletes") == 0) {
124 deny_deletes = git_config_bool(var, value);
125 return 0;
126 }
127
128 if (strcmp(var, "receive.denynonfastforwards") == 0) {
129 deny_non_fast_forwards = git_config_bool(var, value);
130 return 0;
131 }
132
133 if (strcmp(var, "receive.unpacklimit") == 0) {
134 receive_unpack_limit = git_config_int(var, value);
135 return 0;
136 }
137
138 if (strcmp(var, "transfer.unpacklimit") == 0) {
139 transfer_unpack_limit = git_config_int(var, value);
140 return 0;
141 }
142
143 if (strcmp(var, "receive.fsck.skiplist") == 0) {
144 const char *path;
145
146 if (git_config_pathname(&path, var, value))
147 return 1;
148 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
149 fsck_msg_types.len ? ',' : '=', path);
150 free((char *)path);
151 return 0;
152 }
153
154 if (skip_prefix(var, "receive.fsck.", &var)) {
155 if (is_valid_msg_type(var, value))
156 strbuf_addf(&fsck_msg_types, "%c%s=%s",
157 fsck_msg_types.len ? ',' : '=', var, value);
158 else
159 warning("Skipping unknown msg id '%s'", var);
160 return 0;
161 }
162
163 if (strcmp(var, "receive.fsckobjects") == 0) {
164 receive_fsck_objects = git_config_bool(var, value);
165 return 0;
166 }
167
168 if (strcmp(var, "transfer.fsckobjects") == 0) {
169 transfer_fsck_objects = git_config_bool(var, value);
170 return 0;
171 }
172
173 if (!strcmp(var, "receive.denycurrentbranch")) {
174 deny_current_branch = parse_deny_action(var, value);
175 return 0;
176 }
177
178 if (strcmp(var, "receive.denydeletecurrent") == 0) {
179 deny_delete_current = parse_deny_action(var, value);
180 return 0;
181 }
182
183 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
184 prefer_ofs_delta = git_config_bool(var, value);
185 return 0;
186 }
187
188 if (strcmp(var, "receive.updateserverinfo") == 0) {
189 auto_update_server_info = git_config_bool(var, value);
190 return 0;
191 }
192
193 if (strcmp(var, "receive.autogc") == 0) {
194 auto_gc = git_config_bool(var, value);
195 return 0;
196 }
197
198 if (strcmp(var, "receive.shallowupdate") == 0) {
199 shallow_update = git_config_bool(var, value);
200 return 0;
201 }
202
203 if (strcmp(var, "receive.certnonceseed") == 0)
204 return git_config_string(&cert_nonce_seed, var, value);
205
206 if (strcmp(var, "receive.certnonceslop") == 0) {
207 nonce_stamp_slop_limit = git_config_ulong(var, value);
208 return 0;
209 }
210
211 if (strcmp(var, "receive.advertiseatomic") == 0) {
212 advertise_atomic_push = git_config_bool(var, value);
213 return 0;
214 }
215
216 if (strcmp(var, "receive.advertisepushoptions") == 0) {
217 advertise_push_options = git_config_bool(var, value);
218 return 0;
219 }
220
221 if (strcmp(var, "receive.keepalive") == 0) {
222 keepalive_in_sec = git_config_int(var, value);
223 return 0;
224 }
225
226 if (strcmp(var, "receive.maxinputsize") == 0) {
227 max_input_size = git_config_int64(var, value);
228 return 0;
229 }
230
231 return git_default_config(var, value, cb);
232 }
233
234 static void show_ref(const char *path, const struct object_id *oid)
235 {
236 if (sent_capabilities) {
237 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
238 } else {
239 struct strbuf cap = STRBUF_INIT;
240
241 strbuf_addstr(&cap,
242 "report-status delete-refs side-band-64k quiet");
243 if (advertise_atomic_push)
244 strbuf_addstr(&cap, " atomic");
245 if (prefer_ofs_delta)
246 strbuf_addstr(&cap, " ofs-delta");
247 if (push_cert_nonce)
248 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
249 if (advertise_push_options)
250 strbuf_addstr(&cap, " push-options");
251 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
252 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
253 packet_write_fmt(1, "%s %s%c%s\n",
254 oid_to_hex(oid), path, 0, cap.buf);
255 strbuf_release(&cap);
256 sent_capabilities = 1;
257 }
258 }
259
260 static int show_ref_cb(const char *path_full, const struct object_id *oid,
261 int flag, void *data)
262 {
263 struct oidset *seen = data;
264 const char *path = strip_namespace(path_full);
265
266 if (ref_is_hidden(path, path_full))
267 return 0;
268
269 /*
270 * Advertise refs outside our current namespace as ".have"
271 * refs, so that the client can use them to minimize data
272 * transfer but will otherwise ignore them.
273 */
274 if (!path) {
275 if (oidset_insert(seen, oid))
276 return 0;
277 path = ".have";
278 } else {
279 oidset_insert(seen, oid);
280 }
281 show_ref(path, oid);
282 return 0;
283 }
284
285 static void show_one_alternate_ref(const struct object_id *oid,
286 void *data)
287 {
288 struct oidset *seen = data;
289
290 if (oidset_insert(seen, oid))
291 return;
292
293 show_ref(".have", oid);
294 }
295
296 static void write_head_info(void)
297 {
298 static struct oidset seen = OIDSET_INIT;
299
300 for_each_ref(show_ref_cb, &seen);
301 for_each_alternate_ref(show_one_alternate_ref, &seen);
302 oidset_clear(&seen);
303 if (!sent_capabilities)
304 show_ref("capabilities^{}", &null_oid);
305
306 advertise_shallow_grafts(1);
307
308 /* EOF */
309 packet_flush(1);
310 }
311
312 struct command {
313 struct command *next;
314 const char *error_string;
315 unsigned int skip_update:1,
316 did_not_exist:1;
317 int index;
318 struct object_id old_oid;
319 struct object_id new_oid;
320 char ref_name[FLEX_ARRAY]; /* more */
321 };
322
323 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
324 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
325
326 static void report_message(const char *prefix, const char *err, va_list params)
327 {
328 int sz;
329 char msg[4096];
330
331 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
332 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
333 if (sz > (sizeof(msg) - 1))
334 sz = sizeof(msg) - 1;
335 msg[sz++] = '\n';
336
337 if (use_sideband)
338 send_sideband(1, 2, msg, sz, use_sideband);
339 else
340 xwrite(2, msg, sz);
341 }
342
343 static void rp_warning(const char *err, ...)
344 {
345 va_list params;
346 va_start(params, err);
347 report_message("warning: ", err, params);
348 va_end(params);
349 }
350
351 static void rp_error(const char *err, ...)
352 {
353 va_list params;
354 va_start(params, err);
355 report_message("error: ", err, params);
356 va_end(params);
357 }
358
359 static int copy_to_sideband(int in, int out, void *arg)
360 {
361 char data[128];
362 int keepalive_active = 0;
363
364 if (keepalive_in_sec <= 0)
365 use_keepalive = KEEPALIVE_NEVER;
366 if (use_keepalive == KEEPALIVE_ALWAYS)
367 keepalive_active = 1;
368
369 while (1) {
370 ssize_t sz;
371
372 if (keepalive_active) {
373 struct pollfd pfd;
374 int ret;
375
376 pfd.fd = in;
377 pfd.events = POLLIN;
378 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
379
380 if (ret < 0) {
381 if (errno == EINTR)
382 continue;
383 else
384 break;
385 } else if (ret == 0) {
386 /* no data; send a keepalive packet */
387 static const char buf[] = "0005\1";
388 write_or_die(1, buf, sizeof(buf) - 1);
389 continue;
390 } /* else there is actual data to read */
391 }
392
393 sz = xread(in, data, sizeof(data));
394 if (sz <= 0)
395 break;
396
397 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
398 const char *p = memchr(data, '\0', sz);
399 if (p) {
400 /*
401 * The NUL tells us to start sending keepalives. Make
402 * sure we send any other data we read along
403 * with it.
404 */
405 keepalive_active = 1;
406 send_sideband(1, 2, data, p - data, use_sideband);
407 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
408 continue;
409 }
410 }
411
412 /*
413 * Either we're not looking for a NUL signal, or we didn't see
414 * it yet; just pass along the data.
415 */
416 send_sideband(1, 2, data, sz, use_sideband);
417 }
418 close(in);
419 return 0;
420 }
421
422 static void hmac_hash(unsigned char *out,
423 const char *key_in, size_t key_len,
424 const char *text, size_t text_len)
425 {
426 unsigned char key[GIT_MAX_BLKSZ];
427 unsigned char k_ipad[GIT_MAX_BLKSZ];
428 unsigned char k_opad[GIT_MAX_BLKSZ];
429 int i;
430 git_hash_ctx ctx;
431
432 /* RFC 2104 2. (1) */
433 memset(key, '\0', GIT_MAX_BLKSZ);
434 if (the_hash_algo->blksz < key_len) {
435 the_hash_algo->init_fn(&ctx);
436 the_hash_algo->update_fn(&ctx, key_in, key_len);
437 the_hash_algo->final_fn(key, &ctx);
438 } else {
439 memcpy(key, key_in, key_len);
440 }
441
442 /* RFC 2104 2. (2) & (5) */
443 for (i = 0; i < sizeof(key); i++) {
444 k_ipad[i] = key[i] ^ 0x36;
445 k_opad[i] = key[i] ^ 0x5c;
446 }
447
448 /* RFC 2104 2. (3) & (4) */
449 the_hash_algo->init_fn(&ctx);
450 the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
451 the_hash_algo->update_fn(&ctx, text, text_len);
452 the_hash_algo->final_fn(out, &ctx);
453
454 /* RFC 2104 2. (6) & (7) */
455 the_hash_algo->init_fn(&ctx);
456 the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
457 the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
458 the_hash_algo->final_fn(out, &ctx);
459 }
460
461 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462 {
463 struct strbuf buf = STRBUF_INIT;
464 unsigned char hash[GIT_MAX_RAWSZ];
465
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
468 strbuf_release(&buf);
469
470 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
471 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
472 return strbuf_detach(&buf, NULL);
473 }
474
475 /*
476 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
477 * after dropping "_commit" from its name and possibly moving it out
478 * of commit.c
479 */
480 static char *find_header(const char *msg, size_t len, const char *key,
481 const char **next_line)
482 {
483 int key_len = strlen(key);
484 const char *line = msg;
485
486 while (line && line < msg + len) {
487 const char *eol = strchrnul(line, '\n');
488
489 if ((msg + len <= eol) || line == eol)
490 return NULL;
491 if (line + key_len < eol &&
492 !memcmp(line, key, key_len) && line[key_len] == ' ') {
493 int offset = key_len + 1;
494 if (next_line)
495 *next_line = *eol ? eol + 1 : eol;
496 return xmemdupz(line + offset, (eol - line) - offset);
497 }
498 line = *eol ? eol + 1 : NULL;
499 }
500 return NULL;
501 }
502
503 /*
504 * Return zero if a and b are equal up to n bytes and nonzero if they are not.
505 * This operation is guaranteed to run in constant time to avoid leaking data.
506 */
507 static int constant_memequal(const char *a, const char *b, size_t n)
508 {
509 int res = 0;
510 size_t i;
511
512 for (i = 0; i < n; i++)
513 res |= a[i] ^ b[i];
514 return res;
515 }
516
517 static const char *check_nonce(const char *buf, size_t len)
518 {
519 char *nonce = find_header(buf, len, "nonce", NULL);
520 timestamp_t stamp, ostamp;
521 char *bohmac, *expect = NULL;
522 const char *retval = NONCE_BAD;
523 size_t noncelen;
524
525 if (!nonce) {
526 retval = NONCE_MISSING;
527 goto leave;
528 } else if (!push_cert_nonce) {
529 retval = NONCE_UNSOLICITED;
530 goto leave;
531 } else if (!strcmp(push_cert_nonce, nonce)) {
532 retval = NONCE_OK;
533 goto leave;
534 }
535
536 if (!stateless_rpc) {
537 /* returned nonce MUST match what we gave out earlier */
538 retval = NONCE_BAD;
539 goto leave;
540 }
541
542 /*
543 * In stateless mode, we may be receiving a nonce issued by
544 * another instance of the server that serving the same
545 * repository, and the timestamps may not match, but the
546 * nonce-seed and dir should match, so we can recompute and
547 * report the time slop.
548 *
549 * In addition, when a nonce issued by another instance has
550 * timestamp within receive.certnonceslop seconds, we pretend
551 * as if we issued that nonce when reporting to the hook.
552 */
553
554 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
555 if (*nonce <= '0' || '9' < *nonce) {
556 retval = NONCE_BAD;
557 goto leave;
558 }
559 stamp = parse_timestamp(nonce, &bohmac, 10);
560 if (bohmac == nonce || bohmac[0] != '-') {
561 retval = NONCE_BAD;
562 goto leave;
563 }
564
565 noncelen = strlen(nonce);
566 expect = prepare_push_cert_nonce(service_dir, stamp);
567 if (noncelen != strlen(expect)) {
568 /* This is not even the right size. */
569 retval = NONCE_BAD;
570 goto leave;
571 }
572 if (constant_memequal(expect, nonce, noncelen)) {
573 /* Not what we would have signed earlier */
574 retval = NONCE_BAD;
575 goto leave;
576 }
577
578 /*
579 * By how many seconds is this nonce stale? Negative value
580 * would mean it was issued by another server with its clock
581 * skewed in the future.
582 */
583 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
584 nonce_stamp_slop = (long)ostamp - (long)stamp;
585
586 if (nonce_stamp_slop_limit &&
587 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
588 /*
589 * Pretend as if the received nonce (which passes the
590 * HMAC check, so it is not a forged by third-party)
591 * is what we issued.
592 */
593 free((void *)push_cert_nonce);
594 push_cert_nonce = xstrdup(nonce);
595 retval = NONCE_OK;
596 } else {
597 retval = NONCE_SLOP;
598 }
599
600 leave:
601 free(nonce);
602 free(expect);
603 return retval;
604 }
605
606 /*
607 * Return 1 if there is no push_cert or if the push options in push_cert are
608 * the same as those in the argument; 0 otherwise.
609 */
610 static int check_cert_push_options(const struct string_list *push_options)
611 {
612 const char *buf = push_cert.buf;
613 int len = push_cert.len;
614
615 char *option;
616 const char *next_line;
617 int options_seen = 0;
618
619 int retval = 1;
620
621 if (!len)
622 return 1;
623
624 while ((option = find_header(buf, len, "push-option", &next_line))) {
625 len -= (next_line - buf);
626 buf = next_line;
627 options_seen++;
628 if (options_seen > push_options->nr
629 || strcmp(option,
630 push_options->items[options_seen - 1].string)) {
631 retval = 0;
632 goto leave;
633 }
634 free(option);
635 }
636
637 if (options_seen != push_options->nr)
638 retval = 0;
639
640 leave:
641 free(option);
642 return retval;
643 }
644
645 static void prepare_push_cert_sha1(struct child_process *proc)
646 {
647 static int already_done;
648
649 if (!push_cert.len)
650 return;
651
652 if (!already_done) {
653 int bogs /* beginning_of_gpg_sig */;
654
655 already_done = 1;
656 if (write_object_file(push_cert.buf, push_cert.len, "blob",
657 &push_cert_oid))
658 oidclr(&push_cert_oid);
659
660 memset(&sigcheck, '\0', sizeof(sigcheck));
661
662 bogs = parse_signature(push_cert.buf, push_cert.len);
663 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
664 push_cert.len - bogs, &sigcheck);
665
666 nonce_status = check_nonce(push_cert.buf, bogs);
667 }
668 if (!is_null_oid(&push_cert_oid)) {
669 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
670 oid_to_hex(&push_cert_oid));
671 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
672 sigcheck.signer ? sigcheck.signer : "");
673 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
674 sigcheck.key ? sigcheck.key : "");
675 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
676 sigcheck.result);
677 if (push_cert_nonce) {
678 argv_array_pushf(&proc->env_array,
679 "GIT_PUSH_CERT_NONCE=%s",
680 push_cert_nonce);
681 argv_array_pushf(&proc->env_array,
682 "GIT_PUSH_CERT_NONCE_STATUS=%s",
683 nonce_status);
684 if (nonce_status == NONCE_SLOP)
685 argv_array_pushf(&proc->env_array,
686 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
687 nonce_stamp_slop);
688 }
689 }
690 }
691
692 struct receive_hook_feed_state {
693 struct command *cmd;
694 int skip_broken;
695 struct strbuf buf;
696 const struct string_list *push_options;
697 };
698
699 typedef int (*feed_fn)(void *, const char **, size_t *);
700 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
701 struct receive_hook_feed_state *feed_state)
702 {
703 struct child_process proc = CHILD_PROCESS_INIT;
704 struct async muxer;
705 const char *argv[2];
706 int code;
707
708 argv[0] = find_hook(hook_name);
709 if (!argv[0])
710 return 0;
711
712 argv[1] = NULL;
713
714 proc.argv = argv;
715 proc.in = -1;
716 proc.stdout_to_stderr = 1;
717 proc.trace2_hook_name = hook_name;
718
719 if (feed_state->push_options) {
720 int i;
721 for (i = 0; i < feed_state->push_options->nr; i++)
722 argv_array_pushf(&proc.env_array,
723 "GIT_PUSH_OPTION_%d=%s", i,
724 feed_state->push_options->items[i].string);
725 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
726 feed_state->push_options->nr);
727 } else
728 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
729
730 if (tmp_objdir)
731 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
732
733 if (use_sideband) {
734 memset(&muxer, 0, sizeof(muxer));
735 muxer.proc = copy_to_sideband;
736 muxer.in = -1;
737 code = start_async(&muxer);
738 if (code)
739 return code;
740 proc.err = muxer.in;
741 }
742
743 prepare_push_cert_sha1(&proc);
744
745 code = start_command(&proc);
746 if (code) {
747 if (use_sideband)
748 finish_async(&muxer);
749 return code;
750 }
751
752 sigchain_push(SIGPIPE, SIG_IGN);
753
754 while (1) {
755 const char *buf;
756 size_t n;
757 if (feed(feed_state, &buf, &n))
758 break;
759 if (write_in_full(proc.in, buf, n) < 0)
760 break;
761 }
762 close(proc.in);
763 if (use_sideband)
764 finish_async(&muxer);
765
766 sigchain_pop(SIGPIPE);
767
768 return finish_command(&proc);
769 }
770
771 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
772 {
773 struct receive_hook_feed_state *state = state_;
774 struct command *cmd = state->cmd;
775
776 while (cmd &&
777 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
778 cmd = cmd->next;
779 if (!cmd)
780 return -1; /* EOF */
781 strbuf_reset(&state->buf);
782 strbuf_addf(&state->buf, "%s %s %s\n",
783 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
784 cmd->ref_name);
785 state->cmd = cmd->next;
786 if (bufp) {
787 *bufp = state->buf.buf;
788 *sizep = state->buf.len;
789 }
790 return 0;
791 }
792
793 static int run_receive_hook(struct command *commands,
794 const char *hook_name,
795 int skip_broken,
796 const struct string_list *push_options)
797 {
798 struct receive_hook_feed_state state;
799 int status;
800
801 strbuf_init(&state.buf, 0);
802 state.cmd = commands;
803 state.skip_broken = skip_broken;
804 if (feed_receive_hook(&state, NULL, NULL))
805 return 0;
806 state.cmd = commands;
807 state.push_options = push_options;
808 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
809 strbuf_release(&state.buf);
810 return status;
811 }
812
813 static int run_update_hook(struct command *cmd)
814 {
815 const char *argv[5];
816 struct child_process proc = CHILD_PROCESS_INIT;
817 int code;
818
819 argv[0] = find_hook("update");
820 if (!argv[0])
821 return 0;
822
823 argv[1] = cmd->ref_name;
824 argv[2] = oid_to_hex(&cmd->old_oid);
825 argv[3] = oid_to_hex(&cmd->new_oid);
826 argv[4] = NULL;
827
828 proc.no_stdin = 1;
829 proc.stdout_to_stderr = 1;
830 proc.err = use_sideband ? -1 : 0;
831 proc.argv = argv;
832 proc.trace2_hook_name = "update";
833
834 code = start_command(&proc);
835 if (code)
836 return code;
837 if (use_sideband)
838 copy_to_sideband(proc.err, -1, NULL);
839 return finish_command(&proc);
840 }
841
842 static char *refuse_unconfigured_deny_msg =
843 N_("By default, updating the current branch in a non-bare repository\n"
844 "is denied, because it will make the index and work tree inconsistent\n"
845 "with what you pushed, and will require 'git reset --hard' to match\n"
846 "the work tree to HEAD.\n"
847 "\n"
848 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
849 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
850 "its current branch; however, this is not recommended unless you\n"
851 "arranged to update its work tree to match what you pushed in some\n"
852 "other way.\n"
853 "\n"
854 "To squelch this message and still keep the default behaviour, set\n"
855 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
856
857 static void refuse_unconfigured_deny(void)
858 {
859 rp_error("%s", _(refuse_unconfigured_deny_msg));
860 }
861
862 static char *refuse_unconfigured_deny_delete_current_msg =
863 N_("By default, deleting the current branch is denied, because the next\n"
864 "'git clone' won't result in any file checked out, causing confusion.\n"
865 "\n"
866 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
867 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
868 "current branch, with or without a warning message.\n"
869 "\n"
870 "To squelch this message, you can set it to 'refuse'.");
871
872 static void refuse_unconfigured_deny_delete_current(void)
873 {
874 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
875 }
876
877 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
878 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
879 {
880 struct lock_file shallow_lock = LOCK_INIT;
881 struct oid_array extra = OID_ARRAY_INIT;
882 struct check_connected_options opt = CHECK_CONNECTED_INIT;
883 uint32_t mask = 1 << (cmd->index % 32);
884 int i;
885
886 trace_printf_key(&trace_shallow,
887 "shallow: update_shallow_ref %s\n", cmd->ref_name);
888 for (i = 0; i < si->shallow->nr; i++)
889 if (si->used_shallow[i] &&
890 (si->used_shallow[i][cmd->index / 32] & mask) &&
891 !delayed_reachability_test(si, i))
892 oid_array_append(&extra, &si->shallow->oid[i]);
893
894 opt.env = tmp_objdir_env(tmp_objdir);
895 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
896 if (check_connected(command_singleton_iterator, cmd, &opt)) {
897 rollback_shallow_file(the_repository, &shallow_lock);
898 oid_array_clear(&extra);
899 return -1;
900 }
901
902 commit_shallow_file(the_repository, &shallow_lock);
903
904 /*
905 * Make sure setup_alternate_shallow() for the next ref does
906 * not lose these new roots..
907 */
908 for (i = 0; i < extra.nr; i++)
909 register_shallow(the_repository, &extra.oid[i]);
910
911 si->shallow_ref[cmd->index] = 0;
912 oid_array_clear(&extra);
913 return 0;
914 }
915
916 /*
917 * NEEDSWORK: we should consolidate various implementions of "are we
918 * on an unborn branch?" test into one, and make the unified one more
919 * robust. !get_sha1() based check used here and elsewhere would not
920 * allow us to tell an unborn branch from corrupt ref, for example.
921 * For the purpose of fixing "deploy-to-update does not work when
922 * pushing into an empty repository" issue, this should suffice for
923 * now.
924 */
925 static int head_has_history(void)
926 {
927 struct object_id oid;
928
929 return !get_oid("HEAD", &oid);
930 }
931
932 static const char *push_to_deploy(unsigned char *sha1,
933 struct argv_array *env,
934 const char *work_tree)
935 {
936 const char *update_refresh[] = {
937 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
938 };
939 const char *diff_files[] = {
940 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
941 };
942 const char *diff_index[] = {
943 "diff-index", "--quiet", "--cached", "--ignore-submodules",
944 NULL, "--", NULL
945 };
946 const char *read_tree[] = {
947 "read-tree", "-u", "-m", NULL, NULL
948 };
949 struct child_process child = CHILD_PROCESS_INIT;
950
951 child.argv = update_refresh;
952 child.env = env->argv;
953 child.dir = work_tree;
954 child.no_stdin = 1;
955 child.stdout_to_stderr = 1;
956 child.git_cmd = 1;
957 if (run_command(&child))
958 return "Up-to-date check failed";
959
960 /* run_command() does not clean up completely; reinitialize */
961 child_process_init(&child);
962 child.argv = diff_files;
963 child.env = env->argv;
964 child.dir = work_tree;
965 child.no_stdin = 1;
966 child.stdout_to_stderr = 1;
967 child.git_cmd = 1;
968 if (run_command(&child))
969 return "Working directory has unstaged changes";
970
971 /* diff-index with either HEAD or an empty tree */
972 diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
973
974 child_process_init(&child);
975 child.argv = diff_index;
976 child.env = env->argv;
977 child.no_stdin = 1;
978 child.no_stdout = 1;
979 child.stdout_to_stderr = 0;
980 child.git_cmd = 1;
981 if (run_command(&child))
982 return "Working directory has staged changes";
983
984 read_tree[3] = hash_to_hex(sha1);
985 child_process_init(&child);
986 child.argv = read_tree;
987 child.env = env->argv;
988 child.dir = work_tree;
989 child.no_stdin = 1;
990 child.no_stdout = 1;
991 child.stdout_to_stderr = 0;
992 child.git_cmd = 1;
993 if (run_command(&child))
994 return "Could not update working tree to new HEAD";
995
996 return NULL;
997 }
998
999 static const char *push_to_checkout_hook = "push-to-checkout";
1000
1001 static const char *push_to_checkout(unsigned char *hash,
1002 struct argv_array *env,
1003 const char *work_tree)
1004 {
1005 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1006 if (run_hook_le(env->argv, push_to_checkout_hook,
1007 hash_to_hex(hash), NULL))
1008 return "push-to-checkout hook declined";
1009 else
1010 return NULL;
1011 }
1012
1013 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1014 {
1015 const char *retval, *work_tree, *git_dir = NULL;
1016 struct argv_array env = ARGV_ARRAY_INIT;
1017
1018 if (worktree && worktree->path)
1019 work_tree = worktree->path;
1020 else if (git_work_tree_cfg)
1021 work_tree = git_work_tree_cfg;
1022 else
1023 work_tree = "..";
1024
1025 if (is_bare_repository())
1026 return "denyCurrentBranch = updateInstead needs a worktree";
1027 if (worktree)
1028 git_dir = get_worktree_git_dir(worktree);
1029 if (!git_dir)
1030 git_dir = get_git_dir();
1031
1032 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1033
1034 if (!find_hook(push_to_checkout_hook))
1035 retval = push_to_deploy(sha1, &env, work_tree);
1036 else
1037 retval = push_to_checkout(sha1, &env, work_tree);
1038
1039 argv_array_clear(&env);
1040 return retval;
1041 }
1042
1043 static const char *update(struct command *cmd, struct shallow_info *si)
1044 {
1045 const char *name = cmd->ref_name;
1046 struct strbuf namespaced_name_buf = STRBUF_INIT;
1047 static char *namespaced_name;
1048 const char *ret;
1049 struct object_id *old_oid = &cmd->old_oid;
1050 struct object_id *new_oid = &cmd->new_oid;
1051 int do_update_worktree = 0;
1052 const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1053
1054 /* only refs/... are allowed */
1055 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1056 rp_error("refusing to create funny ref '%s' remotely", name);
1057 return "funny refname";
1058 }
1059
1060 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1061 free(namespaced_name);
1062 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1063
1064 if (worktree) {
1065 switch (deny_current_branch) {
1066 case DENY_IGNORE:
1067 break;
1068 case DENY_WARN:
1069 rp_warning("updating the current branch");
1070 break;
1071 case DENY_REFUSE:
1072 case DENY_UNCONFIGURED:
1073 rp_error("refusing to update checked out branch: %s", name);
1074 if (deny_current_branch == DENY_UNCONFIGURED)
1075 refuse_unconfigured_deny();
1076 return "branch is currently checked out";
1077 case DENY_UPDATE_INSTEAD:
1078 /* pass -- let other checks intervene first */
1079 do_update_worktree = 1;
1080 break;
1081 }
1082 }
1083
1084 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1085 error("unpack should have generated %s, "
1086 "but I can't find it!", oid_to_hex(new_oid));
1087 return "bad pack";
1088 }
1089
1090 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1091 if (deny_deletes && starts_with(name, "refs/heads/")) {
1092 rp_error("denying ref deletion for %s", name);
1093 return "deletion prohibited";
1094 }
1095
1096 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1097 switch (deny_delete_current) {
1098 case DENY_IGNORE:
1099 break;
1100 case DENY_WARN:
1101 rp_warning("deleting the current branch");
1102 break;
1103 case DENY_REFUSE:
1104 case DENY_UNCONFIGURED:
1105 case DENY_UPDATE_INSTEAD:
1106 if (deny_delete_current == DENY_UNCONFIGURED)
1107 refuse_unconfigured_deny_delete_current();
1108 rp_error("refusing to delete the current branch: %s", name);
1109 return "deletion of the current branch prohibited";
1110 default:
1111 return "Invalid denyDeleteCurrent setting";
1112 }
1113 }
1114 }
1115
1116 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1117 !is_null_oid(old_oid) &&
1118 starts_with(name, "refs/heads/")) {
1119 struct object *old_object, *new_object;
1120 struct commit *old_commit, *new_commit;
1121
1122 old_object = parse_object(the_repository, old_oid);
1123 new_object = parse_object(the_repository, new_oid);
1124
1125 if (!old_object || !new_object ||
1126 old_object->type != OBJ_COMMIT ||
1127 new_object->type != OBJ_COMMIT) {
1128 error("bad sha1 objects for %s", name);
1129 return "bad ref";
1130 }
1131 old_commit = (struct commit *)old_object;
1132 new_commit = (struct commit *)new_object;
1133 if (!in_merge_bases(old_commit, new_commit)) {
1134 rp_error("denying non-fast-forward %s"
1135 " (you should pull first)", name);
1136 return "non-fast-forward";
1137 }
1138 }
1139 if (run_update_hook(cmd)) {
1140 rp_error("hook declined to update %s", name);
1141 return "hook declined";
1142 }
1143
1144 if (do_update_worktree) {
1145 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1146 if (ret)
1147 return ret;
1148 }
1149
1150 if (is_null_oid(new_oid)) {
1151 struct strbuf err = STRBUF_INIT;
1152 if (!parse_object(the_repository, old_oid)) {
1153 old_oid = NULL;
1154 if (ref_exists(name)) {
1155 rp_warning("Allowing deletion of corrupt ref.");
1156 } else {
1157 rp_warning("Deleting a non-existent ref.");
1158 cmd->did_not_exist = 1;
1159 }
1160 }
1161 if (ref_transaction_delete(transaction,
1162 namespaced_name,
1163 old_oid,
1164 0, "push", &err)) {
1165 rp_error("%s", err.buf);
1166 strbuf_release(&err);
1167 return "failed to delete";
1168 }
1169 strbuf_release(&err);
1170 return NULL; /* good */
1171 }
1172 else {
1173 struct strbuf err = STRBUF_INIT;
1174 if (shallow_update && si->shallow_ref[cmd->index] &&
1175 update_shallow_ref(cmd, si))
1176 return "shallow error";
1177
1178 if (ref_transaction_update(transaction,
1179 namespaced_name,
1180 new_oid, old_oid,
1181 0, "push",
1182 &err)) {
1183 rp_error("%s", err.buf);
1184 strbuf_release(&err);
1185
1186 return "failed to update ref";
1187 }
1188 strbuf_release(&err);
1189
1190 return NULL; /* good */
1191 }
1192 }
1193
1194 static void run_update_post_hook(struct command *commands)
1195 {
1196 struct command *cmd;
1197 struct child_process proc = CHILD_PROCESS_INIT;
1198 const char *hook;
1199
1200 hook = find_hook("post-update");
1201 if (!hook)
1202 return;
1203
1204 for (cmd = commands; cmd; cmd = cmd->next) {
1205 if (cmd->error_string || cmd->did_not_exist)
1206 continue;
1207 if (!proc.args.argc)
1208 argv_array_push(&proc.args, hook);
1209 argv_array_push(&proc.args, cmd->ref_name);
1210 }
1211 if (!proc.args.argc)
1212 return;
1213
1214 proc.no_stdin = 1;
1215 proc.stdout_to_stderr = 1;
1216 proc.err = use_sideband ? -1 : 0;
1217 proc.trace2_hook_name = "post-update";
1218
1219 if (!start_command(&proc)) {
1220 if (use_sideband)
1221 copy_to_sideband(proc.err, -1, NULL);
1222 finish_command(&proc);
1223 }
1224 }
1225
1226 static void check_aliased_update_internal(struct command *cmd,
1227 struct string_list *list,
1228 const char *dst_name, int flag)
1229 {
1230 struct string_list_item *item;
1231 struct command *dst_cmd;
1232
1233 if (!(flag & REF_ISSYMREF))
1234 return;
1235
1236 if (!dst_name) {
1237 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1238 cmd->skip_update = 1;
1239 cmd->error_string = "broken symref";
1240 return;
1241 }
1242 dst_name = strip_namespace(dst_name);
1243
1244 if ((item = string_list_lookup(list, dst_name)) == NULL)
1245 return;
1246
1247 cmd->skip_update = 1;
1248
1249 dst_cmd = (struct command *) item->util;
1250
1251 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1252 oideq(&cmd->new_oid, &dst_cmd->new_oid))
1253 return;
1254
1255 dst_cmd->skip_update = 1;
1256
1257 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1258 " its target '%s' (%s..%s)",
1259 cmd->ref_name,
1260 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1261 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1262 dst_cmd->ref_name,
1263 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1264 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1265
1266 cmd->error_string = dst_cmd->error_string =
1267 "inconsistent aliased update";
1268 }
1269
1270 static void check_aliased_update(struct command *cmd, struct string_list *list)
1271 {
1272 struct strbuf buf = STRBUF_INIT;
1273 const char *dst_name;
1274 int flag;
1275
1276 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1277 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1278 check_aliased_update_internal(cmd, list, dst_name, flag);
1279 strbuf_release(&buf);
1280 }
1281
1282 static void check_aliased_updates(struct command *commands)
1283 {
1284 struct command *cmd;
1285 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1286
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1288 struct string_list_item *item =
1289 string_list_append(&ref_list, cmd->ref_name);
1290 item->util = (void *)cmd;
1291 }
1292 string_list_sort(&ref_list);
1293
1294 for (cmd = commands; cmd; cmd = cmd->next) {
1295 if (!cmd->error_string)
1296 check_aliased_update(cmd, &ref_list);
1297 }
1298
1299 string_list_clear(&ref_list, 0);
1300 }
1301
1302 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1303 {
1304 struct command **cmd_list = cb_data;
1305 struct command *cmd = *cmd_list;
1306
1307 if (!cmd || is_null_oid(&cmd->new_oid))
1308 return -1; /* end of list */
1309 *cmd_list = NULL; /* this returns only one */
1310 oidcpy(oid, &cmd->new_oid);
1311 return 0;
1312 }
1313
1314 static void set_connectivity_errors(struct command *commands,
1315 struct shallow_info *si)
1316 {
1317 struct command *cmd;
1318
1319 for (cmd = commands; cmd; cmd = cmd->next) {
1320 struct command *singleton = cmd;
1321 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1322
1323 if (shallow_update && si->shallow_ref[cmd->index])
1324 /* to be checked in update_shallow_ref() */
1325 continue;
1326
1327 opt.env = tmp_objdir_env(tmp_objdir);
1328 if (!check_connected(command_singleton_iterator, &singleton,
1329 &opt))
1330 continue;
1331
1332 cmd->error_string = "missing necessary objects";
1333 }
1334 }
1335
1336 struct iterate_data {
1337 struct command *cmds;
1338 struct shallow_info *si;
1339 };
1340
1341 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1342 {
1343 struct iterate_data *data = cb_data;
1344 struct command **cmd_list = &data->cmds;
1345 struct command *cmd = *cmd_list;
1346
1347 for (; cmd; cmd = cmd->next) {
1348 if (shallow_update && data->si->shallow_ref[cmd->index])
1349 /* to be checked in update_shallow_ref() */
1350 continue;
1351 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1352 oidcpy(oid, &cmd->new_oid);
1353 *cmd_list = cmd->next;
1354 return 0;
1355 }
1356 }
1357 *cmd_list = NULL;
1358 return -1; /* end of list */
1359 }
1360
1361 static void reject_updates_to_hidden(struct command *commands)
1362 {
1363 struct strbuf refname_full = STRBUF_INIT;
1364 size_t prefix_len;
1365 struct command *cmd;
1366
1367 strbuf_addstr(&refname_full, get_git_namespace());
1368 prefix_len = refname_full.len;
1369
1370 for (cmd = commands; cmd; cmd = cmd->next) {
1371 if (cmd->error_string)
1372 continue;
1373
1374 strbuf_setlen(&refname_full, prefix_len);
1375 strbuf_addstr(&refname_full, cmd->ref_name);
1376
1377 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1378 continue;
1379 if (is_null_oid(&cmd->new_oid))
1380 cmd->error_string = "deny deleting a hidden ref";
1381 else
1382 cmd->error_string = "deny updating a hidden ref";
1383 }
1384
1385 strbuf_release(&refname_full);
1386 }
1387
1388 static int should_process_cmd(struct command *cmd)
1389 {
1390 return !cmd->error_string && !cmd->skip_update;
1391 }
1392
1393 static void warn_if_skipped_connectivity_check(struct command *commands,
1394 struct shallow_info *si)
1395 {
1396 struct command *cmd;
1397 int checked_connectivity = 1;
1398
1399 for (cmd = commands; cmd; cmd = cmd->next) {
1400 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1401 error("BUG: connectivity check has not been run on ref %s",
1402 cmd->ref_name);
1403 checked_connectivity = 0;
1404 }
1405 }
1406 if (!checked_connectivity)
1407 BUG("connectivity check skipped???");
1408 }
1409
1410 static void execute_commands_non_atomic(struct command *commands,
1411 struct shallow_info *si)
1412 {
1413 struct command *cmd;
1414 struct strbuf err = STRBUF_INIT;
1415
1416 for (cmd = commands; cmd; cmd = cmd->next) {
1417 if (!should_process_cmd(cmd))
1418 continue;
1419
1420 transaction = ref_transaction_begin(&err);
1421 if (!transaction) {
1422 rp_error("%s", err.buf);
1423 strbuf_reset(&err);
1424 cmd->error_string = "transaction failed to start";
1425 continue;
1426 }
1427
1428 cmd->error_string = update(cmd, si);
1429
1430 if (!cmd->error_string
1431 && ref_transaction_commit(transaction, &err)) {
1432 rp_error("%s", err.buf);
1433 strbuf_reset(&err);
1434 cmd->error_string = "failed to update ref";
1435 }
1436 ref_transaction_free(transaction);
1437 }
1438 strbuf_release(&err);
1439 }
1440
1441 static void execute_commands_atomic(struct command *commands,
1442 struct shallow_info *si)
1443 {
1444 struct command *cmd;
1445 struct strbuf err = STRBUF_INIT;
1446 const char *reported_error = "atomic push failure";
1447
1448 transaction = ref_transaction_begin(&err);
1449 if (!transaction) {
1450 rp_error("%s", err.buf);
1451 strbuf_reset(&err);
1452 reported_error = "transaction failed to start";
1453 goto failure;
1454 }
1455
1456 for (cmd = commands; cmd; cmd = cmd->next) {
1457 if (!should_process_cmd(cmd))
1458 continue;
1459
1460 cmd->error_string = update(cmd, si);
1461
1462 if (cmd->error_string)
1463 goto failure;
1464 }
1465
1466 if (ref_transaction_commit(transaction, &err)) {
1467 rp_error("%s", err.buf);
1468 reported_error = "atomic transaction failed";
1469 goto failure;
1470 }
1471 goto cleanup;
1472
1473 failure:
1474 for (cmd = commands; cmd; cmd = cmd->next)
1475 if (!cmd->error_string)
1476 cmd->error_string = reported_error;
1477
1478 cleanup:
1479 ref_transaction_free(transaction);
1480 strbuf_release(&err);
1481 }
1482
1483 static void execute_commands(struct command *commands,
1484 const char *unpacker_error,
1485 struct shallow_info *si,
1486 const struct string_list *push_options)
1487 {
1488 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1489 struct command *cmd;
1490 struct iterate_data data;
1491 struct async muxer;
1492 int err_fd = 0;
1493
1494 if (unpacker_error) {
1495 for (cmd = commands; cmd; cmd = cmd->next)
1496 cmd->error_string = "unpacker error";
1497 return;
1498 }
1499
1500 if (use_sideband) {
1501 memset(&muxer, 0, sizeof(muxer));
1502 muxer.proc = copy_to_sideband;
1503 muxer.in = -1;
1504 if (!start_async(&muxer))
1505 err_fd = muxer.in;
1506 /* ...else, continue without relaying sideband */
1507 }
1508
1509 data.cmds = commands;
1510 data.si = si;
1511 opt.err_fd = err_fd;
1512 opt.progress = err_fd && !quiet;
1513 opt.env = tmp_objdir_env(tmp_objdir);
1514 if (check_connected(iterate_receive_command_list, &data, &opt))
1515 set_connectivity_errors(commands, si);
1516
1517 if (use_sideband)
1518 finish_async(&muxer);
1519
1520 reject_updates_to_hidden(commands);
1521
1522 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1523 for (cmd = commands; cmd; cmd = cmd->next) {
1524 if (!cmd->error_string)
1525 cmd->error_string = "pre-receive hook declined";
1526 }
1527 return;
1528 }
1529
1530 /*
1531 * Now we'll start writing out refs, which means the objects need
1532 * to be in their final positions so that other processes can see them.
1533 */
1534 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1535 for (cmd = commands; cmd; cmd = cmd->next) {
1536 if (!cmd->error_string)
1537 cmd->error_string = "unable to migrate objects to permanent storage";
1538 }
1539 return;
1540 }
1541 tmp_objdir = NULL;
1542
1543 check_aliased_updates(commands);
1544
1545 free(head_name_to_free);
1546 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1547
1548 if (use_atomic)
1549 execute_commands_atomic(commands, si);
1550 else
1551 execute_commands_non_atomic(commands, si);
1552
1553 if (shallow_update)
1554 warn_if_skipped_connectivity_check(commands, si);
1555 }
1556
1557 static struct command **queue_command(struct command **tail,
1558 const char *line,
1559 int linelen)
1560 {
1561 struct object_id old_oid, new_oid;
1562 struct command *cmd;
1563 const char *refname;
1564 int reflen;
1565 const char *p;
1566
1567 if (parse_oid_hex(line, &old_oid, &p) ||
1568 *p++ != ' ' ||
1569 parse_oid_hex(p, &new_oid, &p) ||
1570 *p++ != ' ')
1571 die("protocol error: expected old/new/ref, got '%s'", line);
1572
1573 refname = p;
1574 reflen = linelen - (p - line);
1575 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1576 oidcpy(&cmd->old_oid, &old_oid);
1577 oidcpy(&cmd->new_oid, &new_oid);
1578 *tail = cmd;
1579 return &cmd->next;
1580 }
1581
1582 static void queue_commands_from_cert(struct command **tail,
1583 struct strbuf *push_cert)
1584 {
1585 const char *boc, *eoc;
1586
1587 if (*tail)
1588 die("protocol error: got both push certificate and unsigned commands");
1589
1590 boc = strstr(push_cert->buf, "\n\n");
1591 if (!boc)
1592 die("malformed push certificate %.*s", 100, push_cert->buf);
1593 else
1594 boc += 2;
1595 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1596
1597 while (boc < eoc) {
1598 const char *eol = memchr(boc, '\n', eoc - boc);
1599 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1600 boc = eol ? eol + 1 : eoc;
1601 }
1602 }
1603
1604 static struct command *read_head_info(struct packet_reader *reader,
1605 struct oid_array *shallow)
1606 {
1607 struct command *commands = NULL;
1608 struct command **p = &commands;
1609 for (;;) {
1610 int linelen;
1611
1612 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1613 break;
1614
1615 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1616 struct object_id oid;
1617 if (get_oid_hex(reader->line + 8, &oid))
1618 die("protocol error: expected shallow sha, got '%s'",
1619 reader->line + 8);
1620 oid_array_append(shallow, &oid);
1621 continue;
1622 }
1623
1624 linelen = strlen(reader->line);
1625 if (linelen < reader->pktlen) {
1626 const char *feature_list = reader->line + linelen + 1;
1627 const char *hash = NULL;
1628 int len = 0;
1629 if (parse_feature_request(feature_list, "report-status"))
1630 report_status = 1;
1631 if (parse_feature_request(feature_list, "side-band-64k"))
1632 use_sideband = LARGE_PACKET_MAX;
1633 if (parse_feature_request(feature_list, "quiet"))
1634 quiet = 1;
1635 if (advertise_atomic_push
1636 && parse_feature_request(feature_list, "atomic"))
1637 use_atomic = 1;
1638 if (advertise_push_options
1639 && parse_feature_request(feature_list, "push-options"))
1640 use_push_options = 1;
1641 hash = parse_feature_value(feature_list, "object-format", &len, NULL);
1642 if (!hash) {
1643 hash = hash_algos[GIT_HASH_SHA1].name;
1644 len = strlen(hash);
1645 }
1646 if (xstrncmpz(the_hash_algo->name, hash, len))
1647 die("error: unsupported object format '%s'", hash);
1648 }
1649
1650 if (!strcmp(reader->line, "push-cert")) {
1651 int true_flush = 0;
1652 int saved_options = reader->options;
1653 reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1654
1655 for (;;) {
1656 packet_reader_read(reader);
1657 if (reader->status == PACKET_READ_FLUSH) {
1658 true_flush = 1;
1659 break;
1660 }
1661 if (reader->status != PACKET_READ_NORMAL) {
1662 die("protocol error: got an unexpected packet");
1663 }
1664 if (!strcmp(reader->line, "push-cert-end\n"))
1665 break; /* end of cert */
1666 strbuf_addstr(&push_cert, reader->line);
1667 }
1668 reader->options = saved_options;
1669
1670 if (true_flush)
1671 break;
1672 continue;
1673 }
1674
1675 p = queue_command(p, reader->line, linelen);
1676 }
1677
1678 if (push_cert.len)
1679 queue_commands_from_cert(p, &push_cert);
1680
1681 return commands;
1682 }
1683
1684 static void read_push_options(struct packet_reader *reader,
1685 struct string_list *options)
1686 {
1687 while (1) {
1688 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1689 break;
1690
1691 string_list_append(options, reader->line);
1692 }
1693 }
1694
1695 static const char *parse_pack_header(struct pack_header *hdr)
1696 {
1697 switch (read_pack_header(0, hdr)) {
1698 case PH_ERROR_EOF:
1699 return "eof before pack header was fully read";
1700
1701 case PH_ERROR_PACK_SIGNATURE:
1702 return "protocol error (pack signature mismatch detected)";
1703
1704 case PH_ERROR_PROTOCOL:
1705 return "protocol error (pack version unsupported)";
1706
1707 default:
1708 return "unknown error in parse_pack_header";
1709
1710 case 0:
1711 return NULL;
1712 }
1713 }
1714
1715 static const char *pack_lockfile;
1716
1717 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1718 {
1719 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1720 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1721 }
1722
1723 static const char *unpack(int err_fd, struct shallow_info *si)
1724 {
1725 struct pack_header hdr;
1726 const char *hdr_err;
1727 int status;
1728 struct child_process child = CHILD_PROCESS_INIT;
1729 int fsck_objects = (receive_fsck_objects >= 0
1730 ? receive_fsck_objects
1731 : transfer_fsck_objects >= 0
1732 ? transfer_fsck_objects
1733 : 0);
1734
1735 hdr_err = parse_pack_header(&hdr);
1736 if (hdr_err) {
1737 if (err_fd > 0)
1738 close(err_fd);
1739 return hdr_err;
1740 }
1741
1742 if (si->nr_ours || si->nr_theirs) {
1743 alt_shallow_file = setup_temporary_shallow(si->shallow);
1744 argv_array_push(&child.args, "--shallow-file");
1745 argv_array_push(&child.args, alt_shallow_file);
1746 }
1747
1748 tmp_objdir = tmp_objdir_create();
1749 if (!tmp_objdir) {
1750 if (err_fd > 0)
1751 close(err_fd);
1752 return "unable to create temporary object directory";
1753 }
1754 child.env = tmp_objdir_env(tmp_objdir);
1755
1756 /*
1757 * Normally we just pass the tmp_objdir environment to the child
1758 * processes that do the heavy lifting, but we may need to see these
1759 * objects ourselves to set up shallow information.
1760 */
1761 tmp_objdir_add_as_alternate(tmp_objdir);
1762
1763 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1764 argv_array_push(&child.args, "unpack-objects");
1765 push_header_arg(&child.args, &hdr);
1766 if (quiet)
1767 argv_array_push(&child.args, "-q");
1768 if (fsck_objects)
1769 argv_array_pushf(&child.args, "--strict%s",
1770 fsck_msg_types.buf);
1771 if (max_input_size)
1772 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1773 (uintmax_t)max_input_size);
1774 child.no_stdout = 1;
1775 child.err = err_fd;
1776 child.git_cmd = 1;
1777 status = run_command(&child);
1778 if (status)
1779 return "unpack-objects abnormal exit";
1780 } else {
1781 char hostname[HOST_NAME_MAX + 1];
1782
1783 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1784 push_header_arg(&child.args, &hdr);
1785
1786 if (xgethostname(hostname, sizeof(hostname)))
1787 xsnprintf(hostname, sizeof(hostname), "localhost");
1788 argv_array_pushf(&child.args,
1789 "--keep=receive-pack %"PRIuMAX" on %s",
1790 (uintmax_t)getpid(),
1791 hostname);
1792
1793 if (!quiet && err_fd)
1794 argv_array_push(&child.args, "--show-resolving-progress");
1795 if (use_sideband)
1796 argv_array_push(&child.args, "--report-end-of-input");
1797 if (fsck_objects)
1798 argv_array_pushf(&child.args, "--strict%s",
1799 fsck_msg_types.buf);
1800 if (!reject_thin)
1801 argv_array_push(&child.args, "--fix-thin");
1802 if (max_input_size)
1803 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1804 (uintmax_t)max_input_size);
1805 child.out = -1;
1806 child.err = err_fd;
1807 child.git_cmd = 1;
1808 status = start_command(&child);
1809 if (status)
1810 return "index-pack fork failed";
1811 pack_lockfile = index_pack_lockfile(child.out);
1812 close(child.out);
1813 status = finish_command(&child);
1814 if (status)
1815 return "index-pack abnormal exit";
1816 reprepare_packed_git(the_repository);
1817 }
1818 return NULL;
1819 }
1820
1821 static const char *unpack_with_sideband(struct shallow_info *si)
1822 {
1823 struct async muxer;
1824 const char *ret;
1825
1826 if (!use_sideband)
1827 return unpack(0, si);
1828
1829 use_keepalive = KEEPALIVE_AFTER_NUL;
1830 memset(&muxer, 0, sizeof(muxer));
1831 muxer.proc = copy_to_sideband;
1832 muxer.in = -1;
1833 if (start_async(&muxer))
1834 return NULL;
1835
1836 ret = unpack(muxer.in, si);
1837
1838 finish_async(&muxer);
1839 return ret;
1840 }
1841
1842 static void prepare_shallow_update(struct shallow_info *si)
1843 {
1844 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1845
1846 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1847 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1848
1849 si->need_reachability_test =
1850 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1851 si->reachable =
1852 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1853 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1854
1855 for (i = 0; i < si->nr_ours; i++)
1856 si->need_reachability_test[si->ours[i]] = 1;
1857
1858 for (i = 0; i < si->shallow->nr; i++) {
1859 if (!si->used_shallow[i])
1860 continue;
1861 for (j = 0; j < bitmap_size; j++) {
1862 if (!si->used_shallow[i][j])
1863 continue;
1864 si->need_reachability_test[i]++;
1865 for (k = 0; k < 32; k++)
1866 if (si->used_shallow[i][j] & (1U << k))
1867 si->shallow_ref[j * 32 + k]++;
1868 }
1869
1870 /*
1871 * true for those associated with some refs and belong
1872 * in "ours" list aka "step 7 not done yet"
1873 */
1874 si->need_reachability_test[i] =
1875 si->need_reachability_test[i] > 1;
1876 }
1877
1878 /*
1879 * keep hooks happy by forcing a temporary shallow file via
1880 * env variable because we can't add --shallow-file to every
1881 * command. check_connected() will be done with
1882 * true .git/shallow though.
1883 */
1884 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1885 }
1886
1887 static void update_shallow_info(struct command *commands,
1888 struct shallow_info *si,
1889 struct oid_array *ref)
1890 {
1891 struct command *cmd;
1892 int *ref_status;
1893 remove_nonexistent_theirs_shallow(si);
1894 if (!si->nr_ours && !si->nr_theirs) {
1895 shallow_update = 0;
1896 return;
1897 }
1898
1899 for (cmd = commands; cmd; cmd = cmd->next) {
1900 if (is_null_oid(&cmd->new_oid))
1901 continue;
1902 oid_array_append(ref, &cmd->new_oid);
1903 cmd->index = ref->nr - 1;
1904 }
1905 si->ref = ref;
1906
1907 if (shallow_update) {
1908 prepare_shallow_update(si);
1909 return;
1910 }
1911
1912 ALLOC_ARRAY(ref_status, ref->nr);
1913 assign_shallow_commits_to_refs(si, NULL, ref_status);
1914 for (cmd = commands; cmd; cmd = cmd->next) {
1915 if (is_null_oid(&cmd->new_oid))
1916 continue;
1917 if (ref_status[cmd->index]) {
1918 cmd->error_string = "shallow update not allowed";
1919 cmd->skip_update = 1;
1920 }
1921 }
1922 free(ref_status);
1923 }
1924
1925 static void report(struct command *commands, const char *unpack_status)
1926 {
1927 struct command *cmd;
1928 struct strbuf buf = STRBUF_INIT;
1929
1930 packet_buf_write(&buf, "unpack %s\n",
1931 unpack_status ? unpack_status : "ok");
1932 for (cmd = commands; cmd; cmd = cmd->next) {
1933 if (!cmd->error_string)
1934 packet_buf_write(&buf, "ok %s\n",
1935 cmd->ref_name);
1936 else
1937 packet_buf_write(&buf, "ng %s %s\n",
1938 cmd->ref_name, cmd->error_string);
1939 }
1940 packet_buf_flush(&buf);
1941
1942 if (use_sideband)
1943 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1944 else
1945 write_or_die(1, buf.buf, buf.len);
1946 strbuf_release(&buf);
1947 }
1948
1949 static int delete_only(struct command *commands)
1950 {
1951 struct command *cmd;
1952 for (cmd = commands; cmd; cmd = cmd->next) {
1953 if (!is_null_oid(&cmd->new_oid))
1954 return 0;
1955 }
1956 return 1;
1957 }
1958
1959 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1960 {
1961 int advertise_refs = 0;
1962 struct command *commands;
1963 struct oid_array shallow = OID_ARRAY_INIT;
1964 struct oid_array ref = OID_ARRAY_INIT;
1965 struct shallow_info si;
1966 struct packet_reader reader;
1967
1968 struct option options[] = {
1969 OPT__QUIET(&quiet, N_("quiet")),
1970 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1971 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1972 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1973 OPT_END()
1974 };
1975
1976 packet_trace_identity("receive-pack");
1977
1978 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1979
1980 if (argc > 1)
1981 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1982 if (argc == 0)
1983 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1984
1985 service_dir = argv[0];
1986
1987 setup_path();
1988
1989 if (!enter_repo(service_dir, 0))
1990 die("'%s' does not appear to be a git repository", service_dir);
1991
1992 git_config(receive_pack_config, NULL);
1993 if (cert_nonce_seed)
1994 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1995
1996 if (0 <= transfer_unpack_limit)
1997 unpack_limit = transfer_unpack_limit;
1998 else if (0 <= receive_unpack_limit)
1999 unpack_limit = receive_unpack_limit;
2000
2001 switch (determine_protocol_version_server()) {
2002 case protocol_v2:
2003 /*
2004 * push support for protocol v2 has not been implemented yet,
2005 * so ignore the request to use v2 and fallback to using v0.
2006 */
2007 break;
2008 case protocol_v1:
2009 /*
2010 * v1 is just the original protocol with a version string,
2011 * so just fall through after writing the version string.
2012 */
2013 if (advertise_refs || !stateless_rpc)
2014 packet_write_fmt(1, "version 1\n");
2015
2016 /* fallthrough */
2017 case protocol_v0:
2018 break;
2019 case protocol_unknown_version:
2020 BUG("unknown protocol version");
2021 }
2022
2023 if (advertise_refs || !stateless_rpc) {
2024 write_head_info();
2025 }
2026 if (advertise_refs)
2027 return 0;
2028
2029 packet_reader_init(&reader, 0, NULL, 0,
2030 PACKET_READ_CHOMP_NEWLINE |
2031 PACKET_READ_DIE_ON_ERR_PACKET);
2032
2033 if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2034 const char *unpack_status = NULL;
2035 struct string_list push_options = STRING_LIST_INIT_DUP;
2036
2037 if (use_push_options)
2038 read_push_options(&reader, &push_options);
2039 if (!check_cert_push_options(&push_options)) {
2040 struct command *cmd;
2041 for (cmd = commands; cmd; cmd = cmd->next)
2042 cmd->error_string = "inconsistent push options";
2043 }
2044
2045 prepare_shallow_info(&si, &shallow);
2046 if (!si.nr_ours && !si.nr_theirs)
2047 shallow_update = 0;
2048 if (!delete_only(commands)) {
2049 unpack_status = unpack_with_sideband(&si);
2050 update_shallow_info(commands, &si, &ref);
2051 }
2052 use_keepalive = KEEPALIVE_ALWAYS;
2053 execute_commands(commands, unpack_status, &si,
2054 &push_options);
2055 if (pack_lockfile)
2056 unlink_or_warn(pack_lockfile);
2057 if (report_status)
2058 report(commands, unpack_status);
2059 run_receive_hook(commands, "post-receive", 1,
2060 &push_options);
2061 run_update_post_hook(commands);
2062 string_list_clear(&push_options, 0);
2063 if (auto_gc) {
2064 const char *argv_gc_auto[] = {
2065 "gc", "--auto", "--quiet", NULL,
2066 };
2067 struct child_process proc = CHILD_PROCESS_INIT;
2068
2069 proc.no_stdin = 1;
2070 proc.stdout_to_stderr = 1;
2071 proc.err = use_sideband ? -1 : 0;
2072 proc.git_cmd = 1;
2073 proc.argv = argv_gc_auto;
2074
2075 close_object_store(the_repository->objects);
2076 if (!start_command(&proc)) {
2077 if (use_sideband)
2078 copy_to_sideband(proc.err, -1, NULL);
2079 finish_command(&proc);
2080 }
2081 }
2082 if (auto_update_server_info)
2083 update_server_info(0);
2084 clear_shallow_info(&si);
2085 }
2086 if (use_sideband)
2087 packet_flush(1);
2088 oid_array_clear(&shallow);
2089 oid_array_clear(&ref);
2090 free((void *)push_cert_nonce);
2091 return 0;
2092 }
ramsay's fork of git