use strbuf_addstr() for adding constant strings to a strbuf, part 2
[git/raj.git] / builtin / receive-pack.c
blob011db00d31709408a21b97abfb5742b97b54238d
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22 #include "fsck.h"
24 static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
26 NULL
29 enum deny_action {
30 DENY_UNCONFIGURED,
31 DENY_IGNORE,
32 DENY_WARN,
33 DENY_REFUSE,
34 DENY_UPDATE_INSTEAD
37 static int deny_deletes;
38 static int deny_non_fast_forwards;
39 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41 static int receive_fsck_objects = -1;
42 static int transfer_fsck_objects = -1;
43 static struct strbuf fsck_msg_types = STRBUF_INIT;
44 static int receive_unpack_limit = -1;
45 static int transfer_unpack_limit = -1;
46 static int advertise_atomic_push = 1;
47 static int advertise_push_options;
48 static int unpack_limit = 100;
49 static int report_status;
50 static int use_sideband;
51 static int use_atomic;
52 static int use_push_options;
53 static int quiet;
54 static int prefer_ofs_delta = 1;
55 static int auto_update_server_info;
56 static int auto_gc = 1;
57 static int reject_thin;
58 static int stateless_rpc;
59 static const char *service_dir;
60 static const char *head_name;
61 static void *head_name_to_free;
62 static int sent_capabilities;
63 static int shallow_update;
64 static const char *alt_shallow_file;
65 static struct strbuf push_cert = STRBUF_INIT;
66 static unsigned char push_cert_sha1[20];
67 static struct signature_check sigcheck;
68 static const char *push_cert_nonce;
69 static const char *cert_nonce_seed;
71 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
72 static const char *NONCE_BAD = "BAD";
73 static const char *NONCE_MISSING = "MISSING";
74 static const char *NONCE_OK = "OK";
75 static const char *NONCE_SLOP = "SLOP";
76 static const char *nonce_status;
77 static long nonce_stamp_slop;
78 static unsigned long nonce_stamp_slop_limit;
79 static struct ref_transaction *transaction;
81 static enum {
82 KEEPALIVE_NEVER = 0,
83 KEEPALIVE_AFTER_NUL,
84 KEEPALIVE_ALWAYS
85 } use_keepalive;
86 static int keepalive_in_sec = 5;
88 static enum deny_action parse_deny_action(const char *var, const char *value)
90 if (value) {
91 if (!strcasecmp(value, "ignore"))
92 return DENY_IGNORE;
93 if (!strcasecmp(value, "warn"))
94 return DENY_WARN;
95 if (!strcasecmp(value, "refuse"))
96 return DENY_REFUSE;
97 if (!strcasecmp(value, "updateinstead"))
98 return DENY_UPDATE_INSTEAD;
100 if (git_config_bool(var, value))
101 return DENY_REFUSE;
102 return DENY_IGNORE;
105 static int receive_pack_config(const char *var, const char *value, void *cb)
107 int status = parse_hide_refs_config(var, value, "receive");
109 if (status)
110 return status;
112 if (strcmp(var, "receive.denydeletes") == 0) {
113 deny_deletes = git_config_bool(var, value);
114 return 0;
117 if (strcmp(var, "receive.denynonfastforwards") == 0) {
118 deny_non_fast_forwards = git_config_bool(var, value);
119 return 0;
122 if (strcmp(var, "receive.unpacklimit") == 0) {
123 receive_unpack_limit = git_config_int(var, value);
124 return 0;
127 if (strcmp(var, "transfer.unpacklimit") == 0) {
128 transfer_unpack_limit = git_config_int(var, value);
129 return 0;
132 if (strcmp(var, "receive.fsck.skiplist") == 0) {
133 const char *path;
135 if (git_config_pathname(&path, var, value))
136 return 1;
137 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
138 fsck_msg_types.len ? ',' : '=', path);
139 free((char *)path);
140 return 0;
143 if (skip_prefix(var, "receive.fsck.", &var)) {
144 if (is_valid_msg_type(var, value))
145 strbuf_addf(&fsck_msg_types, "%c%s=%s",
146 fsck_msg_types.len ? ',' : '=', var, value);
147 else
148 warning("Skipping unknown msg id '%s'", var);
149 return 0;
152 if (strcmp(var, "receive.fsckobjects") == 0) {
153 receive_fsck_objects = git_config_bool(var, value);
154 return 0;
157 if (strcmp(var, "transfer.fsckobjects") == 0) {
158 transfer_fsck_objects = git_config_bool(var, value);
159 return 0;
162 if (!strcmp(var, "receive.denycurrentbranch")) {
163 deny_current_branch = parse_deny_action(var, value);
164 return 0;
167 if (strcmp(var, "receive.denydeletecurrent") == 0) {
168 deny_delete_current = parse_deny_action(var, value);
169 return 0;
172 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
173 prefer_ofs_delta = git_config_bool(var, value);
174 return 0;
177 if (strcmp(var, "receive.updateserverinfo") == 0) {
178 auto_update_server_info = git_config_bool(var, value);
179 return 0;
182 if (strcmp(var, "receive.autogc") == 0) {
183 auto_gc = git_config_bool(var, value);
184 return 0;
187 if (strcmp(var, "receive.shallowupdate") == 0) {
188 shallow_update = git_config_bool(var, value);
189 return 0;
192 if (strcmp(var, "receive.certnonceseed") == 0)
193 return git_config_string(&cert_nonce_seed, var, value);
195 if (strcmp(var, "receive.certnonceslop") == 0) {
196 nonce_stamp_slop_limit = git_config_ulong(var, value);
197 return 0;
200 if (strcmp(var, "receive.advertiseatomic") == 0) {
201 advertise_atomic_push = git_config_bool(var, value);
202 return 0;
205 if (strcmp(var, "receive.advertisepushoptions") == 0) {
206 advertise_push_options = git_config_bool(var, value);
207 return 0;
210 if (strcmp(var, "receive.keepalive") == 0) {
211 keepalive_in_sec = git_config_int(var, value);
212 return 0;
215 return git_default_config(var, value, cb);
218 static void show_ref(const char *path, const unsigned char *sha1)
220 if (sent_capabilities) {
221 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
222 } else {
223 struct strbuf cap = STRBUF_INIT;
225 strbuf_addstr(&cap,
226 "report-status delete-refs side-band-64k quiet");
227 if (advertise_atomic_push)
228 strbuf_addstr(&cap, " atomic");
229 if (prefer_ofs_delta)
230 strbuf_addstr(&cap, " ofs-delta");
231 if (push_cert_nonce)
232 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
233 if (advertise_push_options)
234 strbuf_addstr(&cap, " push-options");
235 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
236 packet_write(1, "%s %s%c%s\n",
237 sha1_to_hex(sha1), path, 0, cap.buf);
238 strbuf_release(&cap);
239 sent_capabilities = 1;
243 static int show_ref_cb(const char *path_full, const struct object_id *oid,
244 int flag, void *unused)
246 const char *path = strip_namespace(path_full);
248 if (ref_is_hidden(path, path_full))
249 return 0;
252 * Advertise refs outside our current namespace as ".have"
253 * refs, so that the client can use them to minimize data
254 * transfer but will otherwise ignore them. This happens to
255 * cover ".have" that are thrown in by add_one_alternate_ref()
256 * to mark histories that are complete in our alternates as
257 * well.
259 if (!path)
260 path = ".have";
261 show_ref(path, oid->hash);
262 return 0;
265 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
267 show_ref(".have", sha1);
270 static void collect_one_alternate_ref(const struct ref *ref, void *data)
272 struct sha1_array *sa = data;
273 sha1_array_append(sa, ref->old_oid.hash);
276 static void write_head_info(void)
278 struct sha1_array sa = SHA1_ARRAY_INIT;
280 for_each_alternate_ref(collect_one_alternate_ref, &sa);
281 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
282 sha1_array_clear(&sa);
283 for_each_ref(show_ref_cb, NULL);
284 if (!sent_capabilities)
285 show_ref("capabilities^{}", null_sha1);
287 advertise_shallow_grafts(1);
289 /* EOF */
290 packet_flush(1);
293 struct command {
294 struct command *next;
295 const char *error_string;
296 unsigned int skip_update:1,
297 did_not_exist:1;
298 int index;
299 unsigned char old_sha1[20];
300 unsigned char new_sha1[20];
301 char ref_name[FLEX_ARRAY]; /* more */
304 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
305 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
307 static void report_message(const char *prefix, const char *err, va_list params)
309 int sz;
310 char msg[4096];
312 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
313 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
314 if (sz > (sizeof(msg) - 1))
315 sz = sizeof(msg) - 1;
316 msg[sz++] = '\n';
318 if (use_sideband)
319 send_sideband(1, 2, msg, sz, use_sideband);
320 else
321 xwrite(2, msg, sz);
324 static void rp_warning(const char *err, ...)
326 va_list params;
327 va_start(params, err);
328 report_message("warning: ", err, params);
329 va_end(params);
332 static void rp_error(const char *err, ...)
334 va_list params;
335 va_start(params, err);
336 report_message("error: ", err, params);
337 va_end(params);
340 static int copy_to_sideband(int in, int out, void *arg)
342 char data[128];
343 int keepalive_active = 0;
345 if (keepalive_in_sec <= 0)
346 use_keepalive = KEEPALIVE_NEVER;
347 if (use_keepalive == KEEPALIVE_ALWAYS)
348 keepalive_active = 1;
350 while (1) {
351 ssize_t sz;
353 if (keepalive_active) {
354 struct pollfd pfd;
355 int ret;
357 pfd.fd = in;
358 pfd.events = POLLIN;
359 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
361 if (ret < 0) {
362 if (errno == EINTR)
363 continue;
364 else
365 break;
366 } else if (ret == 0) {
367 /* no data; send a keepalive packet */
368 static const char buf[] = "0005\1";
369 write_or_die(1, buf, sizeof(buf) - 1);
370 continue;
371 } /* else there is actual data to read */
374 sz = xread(in, data, sizeof(data));
375 if (sz <= 0)
376 break;
378 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
379 const char *p = memchr(data, '\0', sz);
380 if (p) {
382 * The NUL tells us to start sending keepalives. Make
383 * sure we send any other data we read along
384 * with it.
386 keepalive_active = 1;
387 send_sideband(1, 2, data, p - data, use_sideband);
388 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
389 continue;
394 * Either we're not looking for a NUL signal, or we didn't see
395 * it yet; just pass along the data.
397 send_sideband(1, 2, data, sz, use_sideband);
399 close(in);
400 return 0;
403 #define HMAC_BLOCK_SIZE 64
405 static void hmac_sha1(unsigned char *out,
406 const char *key_in, size_t key_len,
407 const char *text, size_t text_len)
409 unsigned char key[HMAC_BLOCK_SIZE];
410 unsigned char k_ipad[HMAC_BLOCK_SIZE];
411 unsigned char k_opad[HMAC_BLOCK_SIZE];
412 int i;
413 git_SHA_CTX ctx;
415 /* RFC 2104 2. (1) */
416 memset(key, '\0', HMAC_BLOCK_SIZE);
417 if (HMAC_BLOCK_SIZE < key_len) {
418 git_SHA1_Init(&ctx);
419 git_SHA1_Update(&ctx, key_in, key_len);
420 git_SHA1_Final(key, &ctx);
421 } else {
422 memcpy(key, key_in, key_len);
425 /* RFC 2104 2. (2) & (5) */
426 for (i = 0; i < sizeof(key); i++) {
427 k_ipad[i] = key[i] ^ 0x36;
428 k_opad[i] = key[i] ^ 0x5c;
431 /* RFC 2104 2. (3) & (4) */
432 git_SHA1_Init(&ctx);
433 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
434 git_SHA1_Update(&ctx, text, text_len);
435 git_SHA1_Final(out, &ctx);
437 /* RFC 2104 2. (6) & (7) */
438 git_SHA1_Init(&ctx);
439 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
440 git_SHA1_Update(&ctx, out, 20);
441 git_SHA1_Final(out, &ctx);
444 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
446 struct strbuf buf = STRBUF_INIT;
447 unsigned char sha1[20];
449 strbuf_addf(&buf, "%s:%lu", path, stamp);
450 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
451 strbuf_release(&buf);
453 /* RFC 2104 5. HMAC-SHA1-80 */
454 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
455 return strbuf_detach(&buf, NULL);
459 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
460 * after dropping "_commit" from its name and possibly moving it out
461 * of commit.c
463 static char *find_header(const char *msg, size_t len, const char *key)
465 int key_len = strlen(key);
466 const char *line = msg;
468 while (line && line < msg + len) {
469 const char *eol = strchrnul(line, '\n');
471 if ((msg + len <= eol) || line == eol)
472 return NULL;
473 if (line + key_len < eol &&
474 !memcmp(line, key, key_len) && line[key_len] == ' ') {
475 int offset = key_len + 1;
476 return xmemdupz(line + offset, (eol - line) - offset);
478 line = *eol ? eol + 1 : NULL;
480 return NULL;
483 static const char *check_nonce(const char *buf, size_t len)
485 char *nonce = find_header(buf, len, "nonce");
486 unsigned long stamp, ostamp;
487 char *bohmac, *expect = NULL;
488 const char *retval = NONCE_BAD;
490 if (!nonce) {
491 retval = NONCE_MISSING;
492 goto leave;
493 } else if (!push_cert_nonce) {
494 retval = NONCE_UNSOLICITED;
495 goto leave;
496 } else if (!strcmp(push_cert_nonce, nonce)) {
497 retval = NONCE_OK;
498 goto leave;
501 if (!stateless_rpc) {
502 /* returned nonce MUST match what we gave out earlier */
503 retval = NONCE_BAD;
504 goto leave;
508 * In stateless mode, we may be receiving a nonce issued by
509 * another instance of the server that serving the same
510 * repository, and the timestamps may not match, but the
511 * nonce-seed and dir should match, so we can recompute and
512 * report the time slop.
514 * In addition, when a nonce issued by another instance has
515 * timestamp within receive.certnonceslop seconds, we pretend
516 * as if we issued that nonce when reporting to the hook.
519 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
520 if (*nonce <= '0' || '9' < *nonce) {
521 retval = NONCE_BAD;
522 goto leave;
524 stamp = strtoul(nonce, &bohmac, 10);
525 if (bohmac == nonce || bohmac[0] != '-') {
526 retval = NONCE_BAD;
527 goto leave;
530 expect = prepare_push_cert_nonce(service_dir, stamp);
531 if (strcmp(expect, nonce)) {
532 /* Not what we would have signed earlier */
533 retval = NONCE_BAD;
534 goto leave;
538 * By how many seconds is this nonce stale? Negative value
539 * would mean it was issued by another server with its clock
540 * skewed in the future.
542 ostamp = strtoul(push_cert_nonce, NULL, 10);
543 nonce_stamp_slop = (long)ostamp - (long)stamp;
545 if (nonce_stamp_slop_limit &&
546 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
548 * Pretend as if the received nonce (which passes the
549 * HMAC check, so it is not a forged by third-party)
550 * is what we issued.
552 free((void *)push_cert_nonce);
553 push_cert_nonce = xstrdup(nonce);
554 retval = NONCE_OK;
555 } else {
556 retval = NONCE_SLOP;
559 leave:
560 free(nonce);
561 free(expect);
562 return retval;
565 static void prepare_push_cert_sha1(struct child_process *proc)
567 static int already_done;
569 if (!push_cert.len)
570 return;
572 if (!already_done) {
573 struct strbuf gpg_output = STRBUF_INIT;
574 struct strbuf gpg_status = STRBUF_INIT;
575 int bogs /* beginning_of_gpg_sig */;
577 already_done = 1;
578 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
579 hashclr(push_cert_sha1);
581 memset(&sigcheck, '\0', sizeof(sigcheck));
582 sigcheck.result = 'N';
584 bogs = parse_signature(push_cert.buf, push_cert.len);
585 if (verify_signed_buffer(push_cert.buf, bogs,
586 push_cert.buf + bogs, push_cert.len - bogs,
587 &gpg_output, &gpg_status) < 0) {
588 ; /* error running gpg */
589 } else {
590 sigcheck.payload = push_cert.buf;
591 sigcheck.gpg_output = gpg_output.buf;
592 sigcheck.gpg_status = gpg_status.buf;
593 parse_gpg_output(&sigcheck);
596 strbuf_release(&gpg_output);
597 strbuf_release(&gpg_status);
598 nonce_status = check_nonce(push_cert.buf, bogs);
600 if (!is_null_sha1(push_cert_sha1)) {
601 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
602 sha1_to_hex(push_cert_sha1));
603 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
604 sigcheck.signer ? sigcheck.signer : "");
605 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
606 sigcheck.key ? sigcheck.key : "");
607 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
608 sigcheck.result);
609 if (push_cert_nonce) {
610 argv_array_pushf(&proc->env_array,
611 "GIT_PUSH_CERT_NONCE=%s",
612 push_cert_nonce);
613 argv_array_pushf(&proc->env_array,
614 "GIT_PUSH_CERT_NONCE_STATUS=%s",
615 nonce_status);
616 if (nonce_status == NONCE_SLOP)
617 argv_array_pushf(&proc->env_array,
618 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
619 nonce_stamp_slop);
624 struct receive_hook_feed_state {
625 struct command *cmd;
626 int skip_broken;
627 struct strbuf buf;
628 const struct string_list *push_options;
631 typedef int (*feed_fn)(void *, const char **, size_t *);
632 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
633 struct receive_hook_feed_state *feed_state)
635 struct child_process proc = CHILD_PROCESS_INIT;
636 struct async muxer;
637 const char *argv[2];
638 int code;
640 argv[0] = find_hook(hook_name);
641 if (!argv[0])
642 return 0;
644 argv[1] = NULL;
646 proc.argv = argv;
647 proc.in = -1;
648 proc.stdout_to_stderr = 1;
649 if (feed_state->push_options) {
650 int i;
651 for (i = 0; i < feed_state->push_options->nr; i++)
652 argv_array_pushf(&proc.env_array,
653 "GIT_PUSH_OPTION_%d=%s", i,
654 feed_state->push_options->items[i].string);
655 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
656 feed_state->push_options->nr);
657 } else
658 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
660 if (use_sideband) {
661 memset(&muxer, 0, sizeof(muxer));
662 muxer.proc = copy_to_sideband;
663 muxer.in = -1;
664 code = start_async(&muxer);
665 if (code)
666 return code;
667 proc.err = muxer.in;
670 prepare_push_cert_sha1(&proc);
672 code = start_command(&proc);
673 if (code) {
674 if (use_sideband)
675 finish_async(&muxer);
676 return code;
679 sigchain_push(SIGPIPE, SIG_IGN);
681 while (1) {
682 const char *buf;
683 size_t n;
684 if (feed(feed_state, &buf, &n))
685 break;
686 if (write_in_full(proc.in, buf, n) != n)
687 break;
689 close(proc.in);
690 if (use_sideband)
691 finish_async(&muxer);
693 sigchain_pop(SIGPIPE);
695 return finish_command(&proc);
698 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
700 struct receive_hook_feed_state *state = state_;
701 struct command *cmd = state->cmd;
703 while (cmd &&
704 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
705 cmd = cmd->next;
706 if (!cmd)
707 return -1; /* EOF */
708 strbuf_reset(&state->buf);
709 strbuf_addf(&state->buf, "%s %s %s\n",
710 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
711 cmd->ref_name);
712 state->cmd = cmd->next;
713 if (bufp) {
714 *bufp = state->buf.buf;
715 *sizep = state->buf.len;
717 return 0;
720 static int run_receive_hook(struct command *commands,
721 const char *hook_name,
722 int skip_broken,
723 const struct string_list *push_options)
725 struct receive_hook_feed_state state;
726 int status;
728 strbuf_init(&state.buf, 0);
729 state.cmd = commands;
730 state.skip_broken = skip_broken;
731 if (feed_receive_hook(&state, NULL, NULL))
732 return 0;
733 state.cmd = commands;
734 state.push_options = push_options;
735 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
736 strbuf_release(&state.buf);
737 return status;
740 static int run_update_hook(struct command *cmd)
742 const char *argv[5];
743 struct child_process proc = CHILD_PROCESS_INIT;
744 int code;
746 argv[0] = find_hook("update");
747 if (!argv[0])
748 return 0;
750 argv[1] = cmd->ref_name;
751 argv[2] = sha1_to_hex(cmd->old_sha1);
752 argv[3] = sha1_to_hex(cmd->new_sha1);
753 argv[4] = NULL;
755 proc.no_stdin = 1;
756 proc.stdout_to_stderr = 1;
757 proc.err = use_sideband ? -1 : 0;
758 proc.argv = argv;
760 code = start_command(&proc);
761 if (code)
762 return code;
763 if (use_sideband)
764 copy_to_sideband(proc.err, -1, NULL);
765 return finish_command(&proc);
768 static int is_ref_checked_out(const char *ref)
770 if (is_bare_repository())
771 return 0;
773 if (!head_name)
774 return 0;
775 return !strcmp(head_name, ref);
778 static char *refuse_unconfigured_deny_msg[] = {
779 "By default, updating the current branch in a non-bare repository",
780 "is denied, because it will make the index and work tree inconsistent",
781 "with what you pushed, and will require 'git reset --hard' to match",
782 "the work tree to HEAD.",
784 "You can set 'receive.denyCurrentBranch' configuration variable to",
785 "'ignore' or 'warn' in the remote repository to allow pushing into",
786 "its current branch; however, this is not recommended unless you",
787 "arranged to update its work tree to match what you pushed in some",
788 "other way.",
790 "To squelch this message and still keep the default behaviour, set",
791 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
794 static void refuse_unconfigured_deny(void)
796 int i;
797 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
798 rp_error("%s", refuse_unconfigured_deny_msg[i]);
801 static char *refuse_unconfigured_deny_delete_current_msg[] = {
802 "By default, deleting the current branch is denied, because the next",
803 "'git clone' won't result in any file checked out, causing confusion.",
805 "You can set 'receive.denyDeleteCurrent' configuration variable to",
806 "'warn' or 'ignore' in the remote repository to allow deleting the",
807 "current branch, with or without a warning message.",
809 "To squelch this message, you can set it to 'refuse'."
812 static void refuse_unconfigured_deny_delete_current(void)
814 int i;
815 for (i = 0;
816 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
817 i++)
818 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
821 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
822 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
824 static struct lock_file shallow_lock;
825 struct sha1_array extra = SHA1_ARRAY_INIT;
826 struct check_connected_options opt = CHECK_CONNECTED_INIT;
827 uint32_t mask = 1 << (cmd->index % 32);
828 int i;
830 trace_printf_key(&trace_shallow,
831 "shallow: update_shallow_ref %s\n", cmd->ref_name);
832 for (i = 0; i < si->shallow->nr; i++)
833 if (si->used_shallow[i] &&
834 (si->used_shallow[i][cmd->index / 32] & mask) &&
835 !delayed_reachability_test(si, i))
836 sha1_array_append(&extra, si->shallow->sha1[i]);
838 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
839 if (check_connected(command_singleton_iterator, cmd, &opt)) {
840 rollback_lock_file(&shallow_lock);
841 sha1_array_clear(&extra);
842 return -1;
845 commit_lock_file(&shallow_lock);
848 * Make sure setup_alternate_shallow() for the next ref does
849 * not lose these new roots..
851 for (i = 0; i < extra.nr; i++)
852 register_shallow(extra.sha1[i]);
854 si->shallow_ref[cmd->index] = 0;
855 sha1_array_clear(&extra);
856 return 0;
860 * NEEDSWORK: we should consolidate various implementions of "are we
861 * on an unborn branch?" test into one, and make the unified one more
862 * robust. !get_sha1() based check used here and elsewhere would not
863 * allow us to tell an unborn branch from corrupt ref, for example.
864 * For the purpose of fixing "deploy-to-update does not work when
865 * pushing into an empty repository" issue, this should suffice for
866 * now.
868 static int head_has_history(void)
870 unsigned char sha1[20];
872 return !get_sha1("HEAD", sha1);
875 static const char *push_to_deploy(unsigned char *sha1,
876 struct argv_array *env,
877 const char *work_tree)
879 const char *update_refresh[] = {
880 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
882 const char *diff_files[] = {
883 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
885 const char *diff_index[] = {
886 "diff-index", "--quiet", "--cached", "--ignore-submodules",
887 NULL, "--", NULL
889 const char *read_tree[] = {
890 "read-tree", "-u", "-m", NULL, NULL
892 struct child_process child = CHILD_PROCESS_INIT;
894 child.argv = update_refresh;
895 child.env = env->argv;
896 child.dir = work_tree;
897 child.no_stdin = 1;
898 child.stdout_to_stderr = 1;
899 child.git_cmd = 1;
900 if (run_command(&child))
901 return "Up-to-date check failed";
903 /* run_command() does not clean up completely; reinitialize */
904 child_process_init(&child);
905 child.argv = diff_files;
906 child.env = env->argv;
907 child.dir = work_tree;
908 child.no_stdin = 1;
909 child.stdout_to_stderr = 1;
910 child.git_cmd = 1;
911 if (run_command(&child))
912 return "Working directory has unstaged changes";
914 /* diff-index with either HEAD or an empty tree */
915 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
917 child_process_init(&child);
918 child.argv = diff_index;
919 child.env = env->argv;
920 child.no_stdin = 1;
921 child.no_stdout = 1;
922 child.stdout_to_stderr = 0;
923 child.git_cmd = 1;
924 if (run_command(&child))
925 return "Working directory has staged changes";
927 read_tree[3] = sha1_to_hex(sha1);
928 child_process_init(&child);
929 child.argv = read_tree;
930 child.env = env->argv;
931 child.dir = work_tree;
932 child.no_stdin = 1;
933 child.no_stdout = 1;
934 child.stdout_to_stderr = 0;
935 child.git_cmd = 1;
936 if (run_command(&child))
937 return "Could not update working tree to new HEAD";
939 return NULL;
942 static const char *push_to_checkout_hook = "push-to-checkout";
944 static const char *push_to_checkout(unsigned char *sha1,
945 struct argv_array *env,
946 const char *work_tree)
948 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
949 if (run_hook_le(env->argv, push_to_checkout_hook,
950 sha1_to_hex(sha1), NULL))
951 return "push-to-checkout hook declined";
952 else
953 return NULL;
956 static const char *update_worktree(unsigned char *sha1)
958 const char *retval;
959 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
960 struct argv_array env = ARGV_ARRAY_INIT;
962 if (is_bare_repository())
963 return "denyCurrentBranch = updateInstead needs a worktree";
965 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
967 if (!find_hook(push_to_checkout_hook))
968 retval = push_to_deploy(sha1, &env, work_tree);
969 else
970 retval = push_to_checkout(sha1, &env, work_tree);
972 argv_array_clear(&env);
973 return retval;
976 static const char *update(struct command *cmd, struct shallow_info *si)
978 const char *name = cmd->ref_name;
979 struct strbuf namespaced_name_buf = STRBUF_INIT;
980 const char *namespaced_name, *ret;
981 unsigned char *old_sha1 = cmd->old_sha1;
982 unsigned char *new_sha1 = cmd->new_sha1;
984 /* only refs/... are allowed */
985 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
986 rp_error("refusing to create funny ref '%s' remotely", name);
987 return "funny refname";
990 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
991 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
993 if (is_ref_checked_out(namespaced_name)) {
994 switch (deny_current_branch) {
995 case DENY_IGNORE:
996 break;
997 case DENY_WARN:
998 rp_warning("updating the current branch");
999 break;
1000 case DENY_REFUSE:
1001 case DENY_UNCONFIGURED:
1002 rp_error("refusing to update checked out branch: %s", name);
1003 if (deny_current_branch == DENY_UNCONFIGURED)
1004 refuse_unconfigured_deny();
1005 return "branch is currently checked out";
1006 case DENY_UPDATE_INSTEAD:
1007 ret = update_worktree(new_sha1);
1008 if (ret)
1009 return ret;
1010 break;
1014 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
1015 error("unpack should have generated %s, "
1016 "but I can't find it!", sha1_to_hex(new_sha1));
1017 return "bad pack";
1020 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
1021 if (deny_deletes && starts_with(name, "refs/heads/")) {
1022 rp_error("denying ref deletion for %s", name);
1023 return "deletion prohibited";
1026 if (head_name && !strcmp(namespaced_name, head_name)) {
1027 switch (deny_delete_current) {
1028 case DENY_IGNORE:
1029 break;
1030 case DENY_WARN:
1031 rp_warning("deleting the current branch");
1032 break;
1033 case DENY_REFUSE:
1034 case DENY_UNCONFIGURED:
1035 case DENY_UPDATE_INSTEAD:
1036 if (deny_delete_current == DENY_UNCONFIGURED)
1037 refuse_unconfigured_deny_delete_current();
1038 rp_error("refusing to delete the current branch: %s", name);
1039 return "deletion of the current branch prohibited";
1040 default:
1041 return "Invalid denyDeleteCurrent setting";
1046 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
1047 !is_null_sha1(old_sha1) &&
1048 starts_with(name, "refs/heads/")) {
1049 struct object *old_object, *new_object;
1050 struct commit *old_commit, *new_commit;
1052 old_object = parse_object(old_sha1);
1053 new_object = parse_object(new_sha1);
1055 if (!old_object || !new_object ||
1056 old_object->type != OBJ_COMMIT ||
1057 new_object->type != OBJ_COMMIT) {
1058 error("bad sha1 objects for %s", name);
1059 return "bad ref";
1061 old_commit = (struct commit *)old_object;
1062 new_commit = (struct commit *)new_object;
1063 if (!in_merge_bases(old_commit, new_commit)) {
1064 rp_error("denying non-fast-forward %s"
1065 " (you should pull first)", name);
1066 return "non-fast-forward";
1069 if (run_update_hook(cmd)) {
1070 rp_error("hook declined to update %s", name);
1071 return "hook declined";
1074 if (is_null_sha1(new_sha1)) {
1075 struct strbuf err = STRBUF_INIT;
1076 if (!parse_object(old_sha1)) {
1077 old_sha1 = NULL;
1078 if (ref_exists(name)) {
1079 rp_warning("Allowing deletion of corrupt ref.");
1080 } else {
1081 rp_warning("Deleting a non-existent ref.");
1082 cmd->did_not_exist = 1;
1085 if (ref_transaction_delete(transaction,
1086 namespaced_name,
1087 old_sha1,
1088 0, "push", &err)) {
1089 rp_error("%s", err.buf);
1090 strbuf_release(&err);
1091 return "failed to delete";
1093 strbuf_release(&err);
1094 return NULL; /* good */
1096 else {
1097 struct strbuf err = STRBUF_INIT;
1098 if (shallow_update && si->shallow_ref[cmd->index] &&
1099 update_shallow_ref(cmd, si))
1100 return "shallow error";
1102 if (ref_transaction_update(transaction,
1103 namespaced_name,
1104 new_sha1, old_sha1,
1105 0, "push",
1106 &err)) {
1107 rp_error("%s", err.buf);
1108 strbuf_release(&err);
1110 return "failed to update ref";
1112 strbuf_release(&err);
1114 return NULL; /* good */
1118 static void run_update_post_hook(struct command *commands)
1120 struct command *cmd;
1121 int argc;
1122 struct child_process proc = CHILD_PROCESS_INIT;
1123 const char *hook;
1125 hook = find_hook("post-update");
1126 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1127 if (cmd->error_string || cmd->did_not_exist)
1128 continue;
1129 argc++;
1131 if (!argc || !hook)
1132 return;
1134 argv_array_push(&proc.args, hook);
1135 for (cmd = commands; cmd; cmd = cmd->next) {
1136 if (cmd->error_string || cmd->did_not_exist)
1137 continue;
1138 argv_array_push(&proc.args, cmd->ref_name);
1141 proc.no_stdin = 1;
1142 proc.stdout_to_stderr = 1;
1143 proc.err = use_sideband ? -1 : 0;
1145 if (!start_command(&proc)) {
1146 if (use_sideband)
1147 copy_to_sideband(proc.err, -1, NULL);
1148 finish_command(&proc);
1152 static void check_aliased_update(struct command *cmd, struct string_list *list)
1154 struct strbuf buf = STRBUF_INIT;
1155 const char *dst_name;
1156 struct string_list_item *item;
1157 struct command *dst_cmd;
1158 unsigned char sha1[GIT_SHA1_RAWSZ];
1159 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1160 cmd_newh[GIT_SHA1_HEXSZ + 1],
1161 dst_oldh[GIT_SHA1_HEXSZ + 1],
1162 dst_newh[GIT_SHA1_HEXSZ + 1];
1163 int flag;
1165 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1166 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1167 strbuf_release(&buf);
1169 if (!(flag & REF_ISSYMREF))
1170 return;
1172 if (!dst_name) {
1173 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1174 cmd->skip_update = 1;
1175 cmd->error_string = "broken symref";
1176 return;
1178 dst_name = strip_namespace(dst_name);
1180 if ((item = string_list_lookup(list, dst_name)) == NULL)
1181 return;
1183 cmd->skip_update = 1;
1185 dst_cmd = (struct command *) item->util;
1187 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1188 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1189 return;
1191 dst_cmd->skip_update = 1;
1193 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1194 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1195 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1196 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1197 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1198 " its target '%s' (%s..%s)",
1199 cmd->ref_name, cmd_oldh, cmd_newh,
1200 dst_cmd->ref_name, dst_oldh, dst_newh);
1202 cmd->error_string = dst_cmd->error_string =
1203 "inconsistent aliased update";
1206 static void check_aliased_updates(struct command *commands)
1208 struct command *cmd;
1209 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1211 for (cmd = commands; cmd; cmd = cmd->next) {
1212 struct string_list_item *item =
1213 string_list_append(&ref_list, cmd->ref_name);
1214 item->util = (void *)cmd;
1216 string_list_sort(&ref_list);
1218 for (cmd = commands; cmd; cmd = cmd->next) {
1219 if (!cmd->error_string)
1220 check_aliased_update(cmd, &ref_list);
1223 string_list_clear(&ref_list, 0);
1226 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1228 struct command **cmd_list = cb_data;
1229 struct command *cmd = *cmd_list;
1231 if (!cmd || is_null_sha1(cmd->new_sha1))
1232 return -1; /* end of list */
1233 *cmd_list = NULL; /* this returns only one */
1234 hashcpy(sha1, cmd->new_sha1);
1235 return 0;
1238 static void set_connectivity_errors(struct command *commands,
1239 struct shallow_info *si)
1241 struct command *cmd;
1243 for (cmd = commands; cmd; cmd = cmd->next) {
1244 struct command *singleton = cmd;
1245 if (shallow_update && si->shallow_ref[cmd->index])
1246 /* to be checked in update_shallow_ref() */
1247 continue;
1248 if (!check_connected(command_singleton_iterator, &singleton,
1249 NULL))
1250 continue;
1251 cmd->error_string = "missing necessary objects";
1255 struct iterate_data {
1256 struct command *cmds;
1257 struct shallow_info *si;
1260 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1262 struct iterate_data *data = cb_data;
1263 struct command **cmd_list = &data->cmds;
1264 struct command *cmd = *cmd_list;
1266 for (; cmd; cmd = cmd->next) {
1267 if (shallow_update && data->si->shallow_ref[cmd->index])
1268 /* to be checked in update_shallow_ref() */
1269 continue;
1270 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1271 hashcpy(sha1, cmd->new_sha1);
1272 *cmd_list = cmd->next;
1273 return 0;
1276 *cmd_list = NULL;
1277 return -1; /* end of list */
1280 static void reject_updates_to_hidden(struct command *commands)
1282 struct strbuf refname_full = STRBUF_INIT;
1283 size_t prefix_len;
1284 struct command *cmd;
1286 strbuf_addstr(&refname_full, get_git_namespace());
1287 prefix_len = refname_full.len;
1289 for (cmd = commands; cmd; cmd = cmd->next) {
1290 if (cmd->error_string)
1291 continue;
1293 strbuf_setlen(&refname_full, prefix_len);
1294 strbuf_addstr(&refname_full, cmd->ref_name);
1296 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1297 continue;
1298 if (is_null_sha1(cmd->new_sha1))
1299 cmd->error_string = "deny deleting a hidden ref";
1300 else
1301 cmd->error_string = "deny updating a hidden ref";
1304 strbuf_release(&refname_full);
1307 static int should_process_cmd(struct command *cmd)
1309 return !cmd->error_string && !cmd->skip_update;
1312 static void warn_if_skipped_connectivity_check(struct command *commands,
1313 struct shallow_info *si)
1315 struct command *cmd;
1316 int checked_connectivity = 1;
1318 for (cmd = commands; cmd; cmd = cmd->next) {
1319 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1320 error("BUG: connectivity check has not been run on ref %s",
1321 cmd->ref_name);
1322 checked_connectivity = 0;
1325 if (!checked_connectivity)
1326 die("BUG: connectivity check skipped???");
1329 static void execute_commands_non_atomic(struct command *commands,
1330 struct shallow_info *si)
1332 struct command *cmd;
1333 struct strbuf err = STRBUF_INIT;
1335 for (cmd = commands; cmd; cmd = cmd->next) {
1336 if (!should_process_cmd(cmd))
1337 continue;
1339 transaction = ref_transaction_begin(&err);
1340 if (!transaction) {
1341 rp_error("%s", err.buf);
1342 strbuf_reset(&err);
1343 cmd->error_string = "transaction failed to start";
1344 continue;
1347 cmd->error_string = update(cmd, si);
1349 if (!cmd->error_string
1350 && ref_transaction_commit(transaction, &err)) {
1351 rp_error("%s", err.buf);
1352 strbuf_reset(&err);
1353 cmd->error_string = "failed to update ref";
1355 ref_transaction_free(transaction);
1357 strbuf_release(&err);
1360 static void execute_commands_atomic(struct command *commands,
1361 struct shallow_info *si)
1363 struct command *cmd;
1364 struct strbuf err = STRBUF_INIT;
1365 const char *reported_error = "atomic push failure";
1367 transaction = ref_transaction_begin(&err);
1368 if (!transaction) {
1369 rp_error("%s", err.buf);
1370 strbuf_reset(&err);
1371 reported_error = "transaction failed to start";
1372 goto failure;
1375 for (cmd = commands; cmd; cmd = cmd->next) {
1376 if (!should_process_cmd(cmd))
1377 continue;
1379 cmd->error_string = update(cmd, si);
1381 if (cmd->error_string)
1382 goto failure;
1385 if (ref_transaction_commit(transaction, &err)) {
1386 rp_error("%s", err.buf);
1387 reported_error = "atomic transaction failed";
1388 goto failure;
1390 goto cleanup;
1392 failure:
1393 for (cmd = commands; cmd; cmd = cmd->next)
1394 if (!cmd->error_string)
1395 cmd->error_string = reported_error;
1397 cleanup:
1398 ref_transaction_free(transaction);
1399 strbuf_release(&err);
1402 static void execute_commands(struct command *commands,
1403 const char *unpacker_error,
1404 struct shallow_info *si,
1405 const struct string_list *push_options)
1407 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1408 struct command *cmd;
1409 unsigned char sha1[20];
1410 struct iterate_data data;
1411 struct async muxer;
1412 int err_fd = 0;
1414 if (unpacker_error) {
1415 for (cmd = commands; cmd; cmd = cmd->next)
1416 cmd->error_string = "unpacker error";
1417 return;
1420 if (use_sideband) {
1421 memset(&muxer, 0, sizeof(muxer));
1422 muxer.proc = copy_to_sideband;
1423 muxer.in = -1;
1424 if (!start_async(&muxer))
1425 err_fd = muxer.in;
1426 /* ...else, continue without relaying sideband */
1429 data.cmds = commands;
1430 data.si = si;
1431 opt.err_fd = err_fd;
1432 opt.progress = err_fd && !quiet;
1433 if (check_connected(iterate_receive_command_list, &data, &opt))
1434 set_connectivity_errors(commands, si);
1436 if (use_sideband)
1437 finish_async(&muxer);
1439 reject_updates_to_hidden(commands);
1441 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1442 for (cmd = commands; cmd; cmd = cmd->next) {
1443 if (!cmd->error_string)
1444 cmd->error_string = "pre-receive hook declined";
1446 return;
1449 check_aliased_updates(commands);
1451 free(head_name_to_free);
1452 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1454 if (use_atomic)
1455 execute_commands_atomic(commands, si);
1456 else
1457 execute_commands_non_atomic(commands, si);
1459 if (shallow_update)
1460 warn_if_skipped_connectivity_check(commands, si);
1463 static struct command **queue_command(struct command **tail,
1464 const char *line,
1465 int linelen)
1467 unsigned char old_sha1[20], new_sha1[20];
1468 struct command *cmd;
1469 const char *refname;
1470 int reflen;
1472 if (linelen < 83 ||
1473 line[40] != ' ' ||
1474 line[81] != ' ' ||
1475 get_sha1_hex(line, old_sha1) ||
1476 get_sha1_hex(line + 41, new_sha1))
1477 die("protocol error: expected old/new/ref, got '%s'", line);
1479 refname = line + 82;
1480 reflen = linelen - 82;
1481 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1482 hashcpy(cmd->old_sha1, old_sha1);
1483 hashcpy(cmd->new_sha1, new_sha1);
1484 *tail = cmd;
1485 return &cmd->next;
1488 static void queue_commands_from_cert(struct command **tail,
1489 struct strbuf *push_cert)
1491 const char *boc, *eoc;
1493 if (*tail)
1494 die("protocol error: got both push certificate and unsigned commands");
1496 boc = strstr(push_cert->buf, "\n\n");
1497 if (!boc)
1498 die("malformed push certificate %.*s", 100, push_cert->buf);
1499 else
1500 boc += 2;
1501 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1503 while (boc < eoc) {
1504 const char *eol = memchr(boc, '\n', eoc - boc);
1505 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1506 boc = eol ? eol + 1 : eoc;
1510 static struct command *read_head_info(struct sha1_array *shallow)
1512 struct command *commands = NULL;
1513 struct command **p = &commands;
1514 for (;;) {
1515 char *line;
1516 int len, linelen;
1518 line = packet_read_line(0, &len);
1519 if (!line)
1520 break;
1522 if (len == 48 && starts_with(line, "shallow ")) {
1523 unsigned char sha1[20];
1524 if (get_sha1_hex(line + 8, sha1))
1525 die("protocol error: expected shallow sha, got '%s'",
1526 line + 8);
1527 sha1_array_append(shallow, sha1);
1528 continue;
1531 linelen = strlen(line);
1532 if (linelen < len) {
1533 const char *feature_list = line + linelen + 1;
1534 if (parse_feature_request(feature_list, "report-status"))
1535 report_status = 1;
1536 if (parse_feature_request(feature_list, "side-band-64k"))
1537 use_sideband = LARGE_PACKET_MAX;
1538 if (parse_feature_request(feature_list, "quiet"))
1539 quiet = 1;
1540 if (advertise_atomic_push
1541 && parse_feature_request(feature_list, "atomic"))
1542 use_atomic = 1;
1543 if (advertise_push_options
1544 && parse_feature_request(feature_list, "push-options"))
1545 use_push_options = 1;
1548 if (!strcmp(line, "push-cert")) {
1549 int true_flush = 0;
1550 char certbuf[1024];
1552 for (;;) {
1553 len = packet_read(0, NULL, NULL,
1554 certbuf, sizeof(certbuf), 0);
1555 if (!len) {
1556 true_flush = 1;
1557 break;
1559 if (!strcmp(certbuf, "push-cert-end\n"))
1560 break; /* end of cert */
1561 strbuf_addstr(&push_cert, certbuf);
1564 if (true_flush)
1565 break;
1566 continue;
1569 p = queue_command(p, line, linelen);
1572 if (push_cert.len)
1573 queue_commands_from_cert(p, &push_cert);
1575 return commands;
1578 static void read_push_options(struct string_list *options)
1580 while (1) {
1581 char *line;
1582 int len;
1584 line = packet_read_line(0, &len);
1586 if (!line)
1587 break;
1589 string_list_append(options, line);
1593 static const char *parse_pack_header(struct pack_header *hdr)
1595 switch (read_pack_header(0, hdr)) {
1596 case PH_ERROR_EOF:
1597 return "eof before pack header was fully read";
1599 case PH_ERROR_PACK_SIGNATURE:
1600 return "protocol error (pack signature mismatch detected)";
1602 case PH_ERROR_PROTOCOL:
1603 return "protocol error (pack version unsupported)";
1605 default:
1606 return "unknown error in parse_pack_header";
1608 case 0:
1609 return NULL;
1613 static const char *pack_lockfile;
1615 static const char *unpack(int err_fd, struct shallow_info *si)
1617 struct pack_header hdr;
1618 const char *hdr_err;
1619 int status;
1620 char hdr_arg[38];
1621 struct child_process child = CHILD_PROCESS_INIT;
1622 int fsck_objects = (receive_fsck_objects >= 0
1623 ? receive_fsck_objects
1624 : transfer_fsck_objects >= 0
1625 ? transfer_fsck_objects
1626 : 0);
1628 hdr_err = parse_pack_header(&hdr);
1629 if (hdr_err) {
1630 if (err_fd > 0)
1631 close(err_fd);
1632 return hdr_err;
1634 snprintf(hdr_arg, sizeof(hdr_arg),
1635 "--pack_header=%"PRIu32",%"PRIu32,
1636 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1638 if (si->nr_ours || si->nr_theirs) {
1639 alt_shallow_file = setup_temporary_shallow(si->shallow);
1640 argv_array_push(&child.args, "--shallow-file");
1641 argv_array_push(&child.args, alt_shallow_file);
1644 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1645 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1646 if (quiet)
1647 argv_array_push(&child.args, "-q");
1648 if (fsck_objects)
1649 argv_array_pushf(&child.args, "--strict%s",
1650 fsck_msg_types.buf);
1651 child.no_stdout = 1;
1652 child.err = err_fd;
1653 child.git_cmd = 1;
1654 status = run_command(&child);
1655 if (status)
1656 return "unpack-objects abnormal exit";
1657 } else {
1658 char hostname[256];
1660 argv_array_pushl(&child.args, "index-pack",
1661 "--stdin", hdr_arg, NULL);
1663 if (gethostname(hostname, sizeof(hostname)))
1664 xsnprintf(hostname, sizeof(hostname), "localhost");
1665 argv_array_pushf(&child.args,
1666 "--keep=receive-pack %"PRIuMAX" on %s",
1667 (uintmax_t)getpid(),
1668 hostname);
1670 if (!quiet && err_fd)
1671 argv_array_push(&child.args, "--show-resolving-progress");
1672 if (use_sideband)
1673 argv_array_push(&child.args, "--report-end-of-input");
1674 if (fsck_objects)
1675 argv_array_pushf(&child.args, "--strict%s",
1676 fsck_msg_types.buf);
1677 if (!reject_thin)
1678 argv_array_push(&child.args, "--fix-thin");
1679 child.out = -1;
1680 child.err = err_fd;
1681 child.git_cmd = 1;
1682 status = start_command(&child);
1683 if (status)
1684 return "index-pack fork failed";
1685 pack_lockfile = index_pack_lockfile(child.out);
1686 close(child.out);
1687 status = finish_command(&child);
1688 if (status)
1689 return "index-pack abnormal exit";
1690 reprepare_packed_git();
1692 return NULL;
1695 static const char *unpack_with_sideband(struct shallow_info *si)
1697 struct async muxer;
1698 const char *ret;
1700 if (!use_sideband)
1701 return unpack(0, si);
1703 use_keepalive = KEEPALIVE_AFTER_NUL;
1704 memset(&muxer, 0, sizeof(muxer));
1705 muxer.proc = copy_to_sideband;
1706 muxer.in = -1;
1707 if (start_async(&muxer))
1708 return NULL;
1710 ret = unpack(muxer.in, si);
1712 finish_async(&muxer);
1713 return ret;
1716 static void prepare_shallow_update(struct command *commands,
1717 struct shallow_info *si)
1719 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1721 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1722 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1724 si->need_reachability_test =
1725 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1726 si->reachable =
1727 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1728 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1730 for (i = 0; i < si->nr_ours; i++)
1731 si->need_reachability_test[si->ours[i]] = 1;
1733 for (i = 0; i < si->shallow->nr; i++) {
1734 if (!si->used_shallow[i])
1735 continue;
1736 for (j = 0; j < bitmap_size; j++) {
1737 if (!si->used_shallow[i][j])
1738 continue;
1739 si->need_reachability_test[i]++;
1740 for (k = 0; k < 32; k++)
1741 if (si->used_shallow[i][j] & (1U << k))
1742 si->shallow_ref[j * 32 + k]++;
1746 * true for those associated with some refs and belong
1747 * in "ours" list aka "step 7 not done yet"
1749 si->need_reachability_test[i] =
1750 si->need_reachability_test[i] > 1;
1754 * keep hooks happy by forcing a temporary shallow file via
1755 * env variable because we can't add --shallow-file to every
1756 * command. check_everything_connected() will be done with
1757 * true .git/shallow though.
1759 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1762 static void update_shallow_info(struct command *commands,
1763 struct shallow_info *si,
1764 struct sha1_array *ref)
1766 struct command *cmd;
1767 int *ref_status;
1768 remove_nonexistent_theirs_shallow(si);
1769 if (!si->nr_ours && !si->nr_theirs) {
1770 shallow_update = 0;
1771 return;
1774 for (cmd = commands; cmd; cmd = cmd->next) {
1775 if (is_null_sha1(cmd->new_sha1))
1776 continue;
1777 sha1_array_append(ref, cmd->new_sha1);
1778 cmd->index = ref->nr - 1;
1780 si->ref = ref;
1782 if (shallow_update) {
1783 prepare_shallow_update(commands, si);
1784 return;
1787 ALLOC_ARRAY(ref_status, ref->nr);
1788 assign_shallow_commits_to_refs(si, NULL, ref_status);
1789 for (cmd = commands; cmd; cmd = cmd->next) {
1790 if (is_null_sha1(cmd->new_sha1))
1791 continue;
1792 if (ref_status[cmd->index]) {
1793 cmd->error_string = "shallow update not allowed";
1794 cmd->skip_update = 1;
1797 free(ref_status);
1800 static void report(struct command *commands, const char *unpack_status)
1802 struct command *cmd;
1803 struct strbuf buf = STRBUF_INIT;
1805 packet_buf_write(&buf, "unpack %s\n",
1806 unpack_status ? unpack_status : "ok");
1807 for (cmd = commands; cmd; cmd = cmd->next) {
1808 if (!cmd->error_string)
1809 packet_buf_write(&buf, "ok %s\n",
1810 cmd->ref_name);
1811 else
1812 packet_buf_write(&buf, "ng %s %s\n",
1813 cmd->ref_name, cmd->error_string);
1815 packet_buf_flush(&buf);
1817 if (use_sideband)
1818 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1819 else
1820 write_or_die(1, buf.buf, buf.len);
1821 strbuf_release(&buf);
1824 static int delete_only(struct command *commands)
1826 struct command *cmd;
1827 for (cmd = commands; cmd; cmd = cmd->next) {
1828 if (!is_null_sha1(cmd->new_sha1))
1829 return 0;
1831 return 1;
1834 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1836 int advertise_refs = 0;
1837 struct command *commands;
1838 struct sha1_array shallow = SHA1_ARRAY_INIT;
1839 struct sha1_array ref = SHA1_ARRAY_INIT;
1840 struct shallow_info si;
1842 struct option options[] = {
1843 OPT__QUIET(&quiet, N_("quiet")),
1844 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1845 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1846 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1847 OPT_END()
1850 packet_trace_identity("receive-pack");
1852 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1854 if (argc > 1)
1855 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1856 if (argc == 0)
1857 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1859 service_dir = argv[0];
1861 setup_path();
1863 if (!enter_repo(service_dir, 0))
1864 die("'%s' does not appear to be a git repository", service_dir);
1866 git_config(receive_pack_config, NULL);
1867 if (cert_nonce_seed)
1868 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1870 if (0 <= transfer_unpack_limit)
1871 unpack_limit = transfer_unpack_limit;
1872 else if (0 <= receive_unpack_limit)
1873 unpack_limit = receive_unpack_limit;
1875 if (advertise_refs || !stateless_rpc) {
1876 write_head_info();
1878 if (advertise_refs)
1879 return 0;
1881 if ((commands = read_head_info(&shallow)) != NULL) {
1882 const char *unpack_status = NULL;
1883 struct string_list push_options = STRING_LIST_INIT_DUP;
1885 if (use_push_options)
1886 read_push_options(&push_options);
1888 prepare_shallow_info(&si, &shallow);
1889 if (!si.nr_ours && !si.nr_theirs)
1890 shallow_update = 0;
1891 if (!delete_only(commands)) {
1892 unpack_status = unpack_with_sideband(&si);
1893 update_shallow_info(commands, &si, &ref);
1895 use_keepalive = KEEPALIVE_ALWAYS;
1896 execute_commands(commands, unpack_status, &si,
1897 &push_options);
1898 if (pack_lockfile)
1899 unlink_or_warn(pack_lockfile);
1900 if (report_status)
1901 report(commands, unpack_status);
1902 run_receive_hook(commands, "post-receive", 1,
1903 &push_options);
1904 run_update_post_hook(commands);
1905 if (push_options.nr)
1906 string_list_clear(&push_options, 0);
1907 if (auto_gc) {
1908 const char *argv_gc_auto[] = {
1909 "gc", "--auto", "--quiet", NULL,
1911 struct child_process proc = CHILD_PROCESS_INIT;
1913 proc.no_stdin = 1;
1914 proc.stdout_to_stderr = 1;
1915 proc.err = use_sideband ? -1 : 0;
1916 proc.git_cmd = 1;
1917 proc.argv = argv_gc_auto;
1919 close_all_packs();
1920 if (!start_command(&proc)) {
1921 if (use_sideband)
1922 copy_to_sideband(proc.err, -1, NULL);
1923 finish_command(&proc);
1926 if (auto_update_server_info)
1927 update_server_info(0);
1928 clear_shallow_info(&si);
1930 if (use_sideband)
1931 packet_flush(1);
1932 sha1_array_clear(&shallow);
1933 sha1_array_clear(&ref);
1934 free((void *)push_cert_nonce);
1935 return 0;