7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
32 static int deny_deletes;
33 static int deny_non_fast_forwards;
34 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
35 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
36 static int receive_fsck_objects = -1;
37 static int transfer_fsck_objects = -1;
38 static int receive_unpack_limit = -1;
39 static int transfer_unpack_limit = -1;
40 static int unpack_limit = 100;
41 static int report_status;
42 static int use_sideband;
44 static int prefer_ofs_delta = 1;
45 static int auto_update_server_info;
46 static int auto_gc = 1;
47 static int fix_thin = 1;
48 static int stateless_rpc;
49 static const char *service_dir;
50 static const char *head_name;
51 static void *head_name_to_free;
52 static int sent_capabilities;
53 static int shallow_update;
54 static const char *alt_shallow_file;
55 static struct strbuf push_cert = STRBUF_INIT;
56 static unsigned char push_cert_sha1[20];
57 static struct signature_check sigcheck;
58 static const char *push_cert_nonce;
59 static const char *cert_nonce_seed;
61 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
62 static const char *NONCE_BAD = "BAD";
63 static const char *NONCE_MISSING = "MISSING";
64 static const char *NONCE_OK = "OK";
65 static const char *NONCE_SLOP = "SLOP";
66 static const char *nonce_status;
67 static long nonce_stamp_slop;
68 static unsigned long nonce_stamp_slop_limit;
70 static enum deny_action parse_deny_action(const char *var, const char *value)
73 if (!strcasecmp(value, "ignore"))
75 if (!strcasecmp(value, "warn"))
77 if (!strcasecmp(value, "refuse"))
80 if (git_config_bool(var, value))
85 static int receive_pack_config(const char *var, const char *value, void *cb)
87 int status = parse_hide_refs_config(var, value, "receive");
92 if (strcmp(var, "receive.denydeletes") == 0) {
93 deny_deletes = git_config_bool(var, value);
97 if (strcmp(var, "receive.denynonfastforwards") == 0) {
98 deny_non_fast_forwards = git_config_bool(var, value);
102 if (strcmp(var, "receive.unpacklimit") == 0) {
103 receive_unpack_limit = git_config_int(var, value);
107 if (strcmp(var, "transfer.unpacklimit") == 0) {
108 transfer_unpack_limit = git_config_int(var, value);
112 if (strcmp(var, "receive.fsckobjects") == 0) {
113 receive_fsck_objects = git_config_bool(var, value);
117 if (strcmp(var, "transfer.fsckobjects") == 0) {
118 transfer_fsck_objects = git_config_bool(var, value);
122 if (!strcmp(var, "receive.denycurrentbranch")) {
123 deny_current_branch = parse_deny_action(var, value);
127 if (strcmp(var, "receive.denydeletecurrent") == 0) {
128 deny_delete_current = parse_deny_action(var, value);
132 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
133 prefer_ofs_delta = git_config_bool(var, value);
137 if (strcmp(var, "receive.updateserverinfo") == 0) {
138 auto_update_server_info = git_config_bool(var, value);
142 if (strcmp(var, "receive.autogc") == 0) {
143 auto_gc = git_config_bool(var, value);
147 if (strcmp(var, "receive.shallowupdate") == 0) {
148 shallow_update = git_config_bool(var, value);
152 if (strcmp(var, "receive.certnonceseed") == 0)
153 return git_config_string(&cert_nonce_seed, var, value);
155 if (strcmp(var, "receive.certnonceslop") == 0) {
156 nonce_stamp_slop_limit = git_config_ulong(var, value);
160 return git_default_config(var, value, cb);
163 static void show_ref(const char *path, const unsigned char *sha1)
165 if (ref_is_hidden(path))
168 if (sent_capabilities) {
169 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
171 struct strbuf cap = STRBUF_INIT;
174 "report-status delete-refs side-band-64k quiet");
175 if (prefer_ofs_delta)
176 strbuf_addstr(&cap, " ofs-delta");
178 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
179 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
180 packet_write(1, "%s %s%c%s\n",
181 sha1_to_hex(sha1), path, 0, cap.buf);
182 strbuf_release(&cap);
183 sent_capabilities = 1;
187 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
189 path = strip_namespace(path);
191 * Advertise refs outside our current namespace as ".have"
192 * refs, so that the client can use them to minimize data
193 * transfer but will otherwise ignore them. This happens to
194 * cover ".have" that are thrown in by add_one_alternate_ref()
195 * to mark histories that are complete in our alternates as
200 show_ref(path, sha1);
204 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
206 show_ref(".have", sha1);
209 static void collect_one_alternate_ref(const struct ref *ref, void *data)
211 struct sha1_array *sa = data;
212 sha1_array_append(sa, ref->old_sha1);
215 static void write_head_info(void)
217 struct sha1_array sa = SHA1_ARRAY_INIT;
218 for_each_alternate_ref(collect_one_alternate_ref, &sa);
219 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
220 sha1_array_clear(&sa);
221 for_each_ref(show_ref_cb, NULL);
222 if (!sent_capabilities)
223 show_ref("capabilities^{}", null_sha1);
225 advertise_shallow_grafts(1);
232 struct command *next;
233 const char *error_string;
234 unsigned int skip_update:1,
237 unsigned char old_sha1[20];
238 unsigned char new_sha1[20];
239 char ref_name[FLEX_ARRAY]; /* more */
242 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
243 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
245 static void report_message(const char *prefix, const char *err, va_list params)
247 int sz = strlen(prefix);
250 strncpy(msg, prefix, sz);
251 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
252 if (sz > (sizeof(msg) - 1))
253 sz = sizeof(msg) - 1;
257 send_sideband(1, 2, msg, sz, use_sideband);
262 static void rp_warning(const char *err, ...)
265 va_start(params, err);
266 report_message("warning: ", err, params);
270 static void rp_error(const char *err, ...)
273 va_start(params, err);
274 report_message("error: ", err, params);
278 static int copy_to_sideband(int in, int out, void *arg)
282 ssize_t sz = xread(in, data, sizeof(data));
285 send_sideband(1, 2, data, sz, use_sideband);
291 #define HMAC_BLOCK_SIZE 64
293 static void hmac_sha1(unsigned char *out,
294 const char *key_in, size_t key_len,
295 const char *text, size_t text_len)
297 unsigned char key[HMAC_BLOCK_SIZE];
298 unsigned char k_ipad[HMAC_BLOCK_SIZE];
299 unsigned char k_opad[HMAC_BLOCK_SIZE];
303 /* RFC 2104 2. (1) */
304 memset(key, '\0', HMAC_BLOCK_SIZE);
305 if (HMAC_BLOCK_SIZE < key_len) {
307 git_SHA1_Update(&ctx, key_in, key_len);
308 git_SHA1_Final(key, &ctx);
310 memcpy(key, key_in, key_len);
313 /* RFC 2104 2. (2) & (5) */
314 for (i = 0; i < sizeof(key); i++) {
315 k_ipad[i] = key[i] ^ 0x36;
316 k_opad[i] = key[i] ^ 0x5c;
319 /* RFC 2104 2. (3) & (4) */
321 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
322 git_SHA1_Update(&ctx, text, text_len);
323 git_SHA1_Final(out, &ctx);
325 /* RFC 2104 2. (6) & (7) */
327 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
328 git_SHA1_Update(&ctx, out, 20);
329 git_SHA1_Final(out, &ctx);
332 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
334 struct strbuf buf = STRBUF_INIT;
335 unsigned char sha1[20];
337 strbuf_addf(&buf, "%s:%lu", path, stamp);
338 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
339 strbuf_release(&buf);
341 /* RFC 2104 5. HMAC-SHA1-80 */
342 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
343 return strbuf_detach(&buf, NULL);
347 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
348 * after dropping "_commit" from its name and possibly moving it out
351 static char *find_header(const char *msg, size_t len, const char *key)
353 int key_len = strlen(key);
354 const char *line = msg;
356 while (line && line < msg + len) {
357 const char *eol = strchrnul(line, '\n');
359 if ((msg + len <= eol) || line == eol)
361 if (line + key_len < eol &&
362 !memcmp(line, key, key_len) && line[key_len] == ' ') {
363 int offset = key_len + 1;
364 return xmemdupz(line + offset, (eol - line) - offset);
366 line = *eol ? eol + 1 : NULL;
371 static const char *check_nonce(const char *buf, size_t len)
373 char *nonce = find_header(buf, len, "nonce");
374 unsigned long stamp, ostamp;
375 char *bohmac, *expect = NULL;
376 const char *retval = NONCE_BAD;
379 retval = NONCE_MISSING;
381 } else if (!push_cert_nonce) {
382 retval = NONCE_UNSOLICITED;
384 } else if (!strcmp(push_cert_nonce, nonce)) {
389 if (!stateless_rpc) {
390 /* returned nonce MUST match what we gave out earlier */
396 * In stateless mode, we may be receiving a nonce issued by
397 * another instance of the server that serving the same
398 * repository, and the timestamps may not match, but the
399 * nonce-seed and dir should match, so we can recompute and
400 * report the time slop.
402 * In addition, when a nonce issued by another instance has
403 * timestamp within receive.certnonceslop seconds, we pretend
404 * as if we issued that nonce when reporting to the hook.
407 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
408 if (*nonce <= '0' || '9' < *nonce) {
412 stamp = strtoul(nonce, &bohmac, 10);
413 if (bohmac == nonce || bohmac[0] != '-') {
418 expect = prepare_push_cert_nonce(service_dir, stamp);
419 if (strcmp(expect, nonce)) {
420 /* Not what we would have signed earlier */
426 * By how many seconds is this nonce stale? Negative value
427 * would mean it was issued by another server with its clock
428 * skewed in the future.
430 ostamp = strtoul(push_cert_nonce, NULL, 10);
431 nonce_stamp_slop = (long)ostamp - (long)stamp;
433 if (nonce_stamp_slop_limit &&
434 abs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
436 * Pretend as if the received nonce (which passes the
437 * HMAC check, so it is not a forged by third-party)
440 free((void *)push_cert_nonce);
441 push_cert_nonce = xstrdup(nonce);
453 static void prepare_push_cert_sha1(struct child_process *proc)
455 static int already_done;
456 struct argv_array env = ARGV_ARRAY_INIT;
462 struct strbuf gpg_output = STRBUF_INIT;
463 struct strbuf gpg_status = STRBUF_INIT;
464 int bogs /* beginning_of_gpg_sig */;
467 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
468 hashclr(push_cert_sha1);
470 memset(&sigcheck, '\0', sizeof(sigcheck));
471 sigcheck.result = 'N';
473 bogs = parse_signature(push_cert.buf, push_cert.len);
474 if (verify_signed_buffer(push_cert.buf, bogs,
475 push_cert.buf + bogs, push_cert.len - bogs,
476 &gpg_output, &gpg_status) < 0) {
477 ; /* error running gpg */
479 sigcheck.payload = push_cert.buf;
480 sigcheck.gpg_output = gpg_output.buf;
481 sigcheck.gpg_status = gpg_status.buf;
482 parse_gpg_output(&sigcheck);
485 strbuf_release(&gpg_output);
486 strbuf_release(&gpg_status);
487 nonce_status = check_nonce(push_cert.buf, bogs);
489 if (!is_null_sha1(push_cert_sha1)) {
490 argv_array_pushf(&env, "GIT_PUSH_CERT=%s", sha1_to_hex(push_cert_sha1));
491 argv_array_pushf(&env, "GIT_PUSH_CERT_SIGNER=%s",
492 sigcheck.signer ? sigcheck.signer : "");
493 argv_array_pushf(&env, "GIT_PUSH_CERT_KEY=%s",
494 sigcheck.key ? sigcheck.key : "");
495 argv_array_pushf(&env, "GIT_PUSH_CERT_STATUS=%c", sigcheck.result);
496 if (push_cert_nonce) {
497 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE=%s", push_cert_nonce);
498 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE_STATUS=%s", nonce_status);
499 if (nonce_status == NONCE_SLOP)
500 argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE_SLOP=%ld",
503 proc->env = env.argv;
507 typedef int (*feed_fn)(void *, const char **, size_t *);
508 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
510 struct child_process proc = CHILD_PROCESS_INIT;
515 argv[0] = find_hook(hook_name);
523 proc.stdout_to_stderr = 1;
525 prepare_push_cert_sha1(&proc);
528 memset(&muxer, 0, sizeof(muxer));
529 muxer.proc = copy_to_sideband;
531 code = start_async(&muxer);
537 code = start_command(&proc);
540 finish_async(&muxer);
544 sigchain_push(SIGPIPE, SIG_IGN);
549 if (feed(feed_state, &buf, &n))
551 if (write_in_full(proc.in, buf, n) != n)
556 finish_async(&muxer);
558 sigchain_pop(SIGPIPE);
560 return finish_command(&proc);
563 struct receive_hook_feed_state {
569 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
571 struct receive_hook_feed_state *state = state_;
572 struct command *cmd = state->cmd;
575 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
579 strbuf_reset(&state->buf);
580 strbuf_addf(&state->buf, "%s %s %s\n",
581 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
583 state->cmd = cmd->next;
585 *bufp = state->buf.buf;
586 *sizep = state->buf.len;
591 static int run_receive_hook(struct command *commands, const char *hook_name,
594 struct receive_hook_feed_state state;
597 strbuf_init(&state.buf, 0);
598 state.cmd = commands;
599 state.skip_broken = skip_broken;
600 if (feed_receive_hook(&state, NULL, NULL))
602 state.cmd = commands;
603 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
604 strbuf_release(&state.buf);
608 static int run_update_hook(struct command *cmd)
611 struct child_process proc = CHILD_PROCESS_INIT;
614 argv[0] = find_hook("update");
618 argv[1] = cmd->ref_name;
619 argv[2] = sha1_to_hex(cmd->old_sha1);
620 argv[3] = sha1_to_hex(cmd->new_sha1);
624 proc.stdout_to_stderr = 1;
625 proc.err = use_sideband ? -1 : 0;
628 code = start_command(&proc);
632 copy_to_sideband(proc.err, -1, NULL);
633 return finish_command(&proc);
636 static int is_ref_checked_out(const char *ref)
638 if (is_bare_repository())
643 return !strcmp(head_name, ref);
646 static char *refuse_unconfigured_deny_msg[] = {
647 "By default, updating the current branch in a non-bare repository",
648 "is denied, because it will make the index and work tree inconsistent",
649 "with what you pushed, and will require 'git reset --hard' to match",
650 "the work tree to HEAD.",
652 "You can set 'receive.denyCurrentBranch' configuration variable to",
653 "'ignore' or 'warn' in the remote repository to allow pushing into",
654 "its current branch; however, this is not recommended unless you",
655 "arranged to update its work tree to match what you pushed in some",
658 "To squelch this message and still keep the default behaviour, set",
659 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
662 static void refuse_unconfigured_deny(void)
665 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
666 rp_error("%s", refuse_unconfigured_deny_msg[i]);
669 static char *refuse_unconfigured_deny_delete_current_msg[] = {
670 "By default, deleting the current branch is denied, because the next",
671 "'git clone' won't result in any file checked out, causing confusion.",
673 "You can set 'receive.denyDeleteCurrent' configuration variable to",
674 "'warn' or 'ignore' in the remote repository to allow deleting the",
675 "current branch, with or without a warning message.",
677 "To squelch this message, you can set it to 'refuse'."
680 static void refuse_unconfigured_deny_delete_current(void)
684 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
686 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
689 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
690 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
692 static struct lock_file shallow_lock;
693 struct sha1_array extra = SHA1_ARRAY_INIT;
694 const char *alt_file;
695 uint32_t mask = 1 << (cmd->index % 32);
698 trace_printf_key(&trace_shallow,
699 "shallow: update_shallow_ref %s\n", cmd->ref_name);
700 for (i = 0; i < si->shallow->nr; i++)
701 if (si->used_shallow[i] &&
702 (si->used_shallow[i][cmd->index / 32] & mask) &&
703 !delayed_reachability_test(si, i))
704 sha1_array_append(&extra, si->shallow->sha1[i]);
706 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
707 if (check_shallow_connected(command_singleton_iterator,
709 rollback_lock_file(&shallow_lock);
710 sha1_array_clear(&extra);
714 commit_lock_file(&shallow_lock);
717 * Make sure setup_alternate_shallow() for the next ref does
718 * not lose these new roots..
720 for (i = 0; i < extra.nr; i++)
721 register_shallow(extra.sha1[i]);
723 si->shallow_ref[cmd->index] = 0;
724 sha1_array_clear(&extra);
728 static const char *update(struct command *cmd, struct shallow_info *si)
730 const char *name = cmd->ref_name;
731 struct strbuf namespaced_name_buf = STRBUF_INIT;
732 const char *namespaced_name;
733 unsigned char *old_sha1 = cmd->old_sha1;
734 unsigned char *new_sha1 = cmd->new_sha1;
736 /* only refs/... are allowed */
737 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
738 rp_error("refusing to create funny ref '%s' remotely", name);
739 return "funny refname";
742 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
743 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
745 if (is_ref_checked_out(namespaced_name)) {
746 switch (deny_current_branch) {
750 rp_warning("updating the current branch");
753 case DENY_UNCONFIGURED:
754 rp_error("refusing to update checked out branch: %s", name);
755 if (deny_current_branch == DENY_UNCONFIGURED)
756 refuse_unconfigured_deny();
757 return "branch is currently checked out";
761 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
762 error("unpack should have generated %s, "
763 "but I can't find it!", sha1_to_hex(new_sha1));
767 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
768 if (deny_deletes && starts_with(name, "refs/heads/")) {
769 rp_error("denying ref deletion for %s", name);
770 return "deletion prohibited";
773 if (!strcmp(namespaced_name, head_name)) {
774 switch (deny_delete_current) {
778 rp_warning("deleting the current branch");
781 case DENY_UNCONFIGURED:
782 if (deny_delete_current == DENY_UNCONFIGURED)
783 refuse_unconfigured_deny_delete_current();
784 rp_error("refusing to delete the current branch: %s", name);
785 return "deletion of the current branch prohibited";
790 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
791 !is_null_sha1(old_sha1) &&
792 starts_with(name, "refs/heads/")) {
793 struct object *old_object, *new_object;
794 struct commit *old_commit, *new_commit;
796 old_object = parse_object(old_sha1);
797 new_object = parse_object(new_sha1);
799 if (!old_object || !new_object ||
800 old_object->type != OBJ_COMMIT ||
801 new_object->type != OBJ_COMMIT) {
802 error("bad sha1 objects for %s", name);
805 old_commit = (struct commit *)old_object;
806 new_commit = (struct commit *)new_object;
807 if (!in_merge_bases(old_commit, new_commit)) {
808 rp_error("denying non-fast-forward %s"
809 " (you should pull first)", name);
810 return "non-fast-forward";
813 if (run_update_hook(cmd)) {
814 rp_error("hook declined to update %s", name);
815 return "hook declined";
818 if (is_null_sha1(new_sha1)) {
819 if (!parse_object(old_sha1)) {
821 if (ref_exists(name)) {
822 rp_warning("Allowing deletion of corrupt ref.");
824 rp_warning("Deleting a non-existent ref.");
825 cmd->did_not_exist = 1;
828 if (delete_ref(namespaced_name, old_sha1, 0)) {
829 rp_error("failed to delete %s", name);
830 return "failed to delete";
832 return NULL; /* good */
835 struct strbuf err = STRBUF_INIT;
836 struct ref_transaction *transaction;
838 if (shallow_update && si->shallow_ref[cmd->index] &&
839 update_shallow_ref(cmd, si))
840 return "shallow error";
842 transaction = ref_transaction_begin(&err);
844 ref_transaction_update(transaction, namespaced_name,
845 new_sha1, old_sha1, 0, 1, "push",
847 ref_transaction_commit(transaction, &err)) {
848 ref_transaction_free(transaction);
850 rp_error("%s", err.buf);
851 strbuf_release(&err);
852 return "failed to update ref";
855 ref_transaction_free(transaction);
856 strbuf_release(&err);
857 return NULL; /* good */
861 static void run_update_post_hook(struct command *commands)
866 struct child_process proc = CHILD_PROCESS_INIT;
869 hook = find_hook("post-update");
870 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
871 if (cmd->error_string || cmd->did_not_exist)
878 argv = xmalloc(sizeof(*argv) * (2 + argc));
881 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
882 if (cmd->error_string || cmd->did_not_exist)
884 argv[argc] = xstrdup(cmd->ref_name);
890 proc.stdout_to_stderr = 1;
891 proc.err = use_sideband ? -1 : 0;
894 if (!start_command(&proc)) {
896 copy_to_sideband(proc.err, -1, NULL);
897 finish_command(&proc);
901 static void check_aliased_update(struct command *cmd, struct string_list *list)
903 struct strbuf buf = STRBUF_INIT;
904 const char *dst_name;
905 struct string_list_item *item;
906 struct command *dst_cmd;
907 unsigned char sha1[20];
908 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
911 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
912 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
913 strbuf_release(&buf);
915 if (!(flag & REF_ISSYMREF))
918 dst_name = strip_namespace(dst_name);
920 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
921 cmd->skip_update = 1;
922 cmd->error_string = "broken symref";
926 if ((item = string_list_lookup(list, dst_name)) == NULL)
929 cmd->skip_update = 1;
931 dst_cmd = (struct command *) item->util;
933 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
934 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
937 dst_cmd->skip_update = 1;
939 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
940 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
941 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
942 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
943 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
944 " its target '%s' (%s..%s)",
945 cmd->ref_name, cmd_oldh, cmd_newh,
946 dst_cmd->ref_name, dst_oldh, dst_newh);
948 cmd->error_string = dst_cmd->error_string =
949 "inconsistent aliased update";
952 static void check_aliased_updates(struct command *commands)
955 struct string_list ref_list = STRING_LIST_INIT_NODUP;
957 for (cmd = commands; cmd; cmd = cmd->next) {
958 struct string_list_item *item =
959 string_list_append(&ref_list, cmd->ref_name);
960 item->util = (void *)cmd;
962 sort_string_list(&ref_list);
964 for (cmd = commands; cmd; cmd = cmd->next) {
965 if (!cmd->error_string)
966 check_aliased_update(cmd, &ref_list);
969 string_list_clear(&ref_list, 0);
972 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
974 struct command **cmd_list = cb_data;
975 struct command *cmd = *cmd_list;
977 if (!cmd || is_null_sha1(cmd->new_sha1))
978 return -1; /* end of list */
979 *cmd_list = NULL; /* this returns only one */
980 hashcpy(sha1, cmd->new_sha1);
984 static void set_connectivity_errors(struct command *commands,
985 struct shallow_info *si)
989 for (cmd = commands; cmd; cmd = cmd->next) {
990 struct command *singleton = cmd;
991 if (shallow_update && si->shallow_ref[cmd->index])
992 /* to be checked in update_shallow_ref() */
994 if (!check_everything_connected(command_singleton_iterator,
997 cmd->error_string = "missing necessary objects";
1001 struct iterate_data {
1002 struct command *cmds;
1003 struct shallow_info *si;
1006 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1008 struct iterate_data *data = cb_data;
1009 struct command **cmd_list = &data->cmds;
1010 struct command *cmd = *cmd_list;
1012 for (; cmd; cmd = cmd->next) {
1013 if (shallow_update && data->si->shallow_ref[cmd->index])
1014 /* to be checked in update_shallow_ref() */
1016 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1017 hashcpy(sha1, cmd->new_sha1);
1018 *cmd_list = cmd->next;
1023 return -1; /* end of list */
1026 static void reject_updates_to_hidden(struct command *commands)
1028 struct command *cmd;
1030 for (cmd = commands; cmd; cmd = cmd->next) {
1031 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1033 if (is_null_sha1(cmd->new_sha1))
1034 cmd->error_string = "deny deleting a hidden ref";
1036 cmd->error_string = "deny updating a hidden ref";
1040 static void execute_commands(struct command *commands,
1041 const char *unpacker_error,
1042 struct shallow_info *si)
1044 int checked_connectivity;
1045 struct command *cmd;
1046 unsigned char sha1[20];
1047 struct iterate_data data;
1049 if (unpacker_error) {
1050 for (cmd = commands; cmd; cmd = cmd->next)
1051 cmd->error_string = "unpacker error";
1055 data.cmds = commands;
1057 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1058 set_connectivity_errors(commands, si);
1060 reject_updates_to_hidden(commands);
1062 if (run_receive_hook(commands, "pre-receive", 0)) {
1063 for (cmd = commands; cmd; cmd = cmd->next) {
1064 if (!cmd->error_string)
1065 cmd->error_string = "pre-receive hook declined";
1070 check_aliased_updates(commands);
1072 free(head_name_to_free);
1073 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1075 checked_connectivity = 1;
1076 for (cmd = commands; cmd; cmd = cmd->next) {
1077 if (cmd->error_string)
1080 if (cmd->skip_update)
1083 cmd->error_string = update(cmd, si);
1084 if (shallow_update && !cmd->error_string &&
1085 si->shallow_ref[cmd->index]) {
1086 error("BUG: connectivity check has not been run on ref %s",
1088 checked_connectivity = 0;
1092 if (shallow_update && !checked_connectivity)
1093 error("BUG: run 'git fsck' for safety.\n"
1094 "If there are errors, try to remove "
1095 "the reported refs above");
1098 static struct command **queue_command(struct command **tail,
1102 unsigned char old_sha1[20], new_sha1[20];
1103 struct command *cmd;
1104 const char *refname;
1110 get_sha1_hex(line, old_sha1) ||
1111 get_sha1_hex(line + 41, new_sha1))
1112 die("protocol error: expected old/new/ref, got '%s'", line);
1114 refname = line + 82;
1115 reflen = linelen - 82;
1116 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1117 hashcpy(cmd->old_sha1, old_sha1);
1118 hashcpy(cmd->new_sha1, new_sha1);
1119 memcpy(cmd->ref_name, refname, reflen);
1120 cmd->ref_name[reflen] = '\0';
1125 static void queue_commands_from_cert(struct command **tail,
1126 struct strbuf *push_cert)
1128 const char *boc, *eoc;
1131 die("protocol error: got both push certificate and unsigned commands");
1133 boc = strstr(push_cert->buf, "\n\n");
1135 die("malformed push certificate %.*s", 100, push_cert->buf);
1138 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1141 const char *eol = memchr(boc, '\n', eoc - boc);
1142 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1143 boc = eol ? eol + 1 : eoc;
1147 static struct command *read_head_info(struct sha1_array *shallow)
1149 struct command *commands = NULL;
1150 struct command **p = &commands;
1155 line = packet_read_line(0, &len);
1159 if (len == 48 && starts_with(line, "shallow ")) {
1160 unsigned char sha1[20];
1161 if (get_sha1_hex(line + 8, sha1))
1162 die("protocol error: expected shallow sha, got '%s'",
1164 sha1_array_append(shallow, sha1);
1168 linelen = strlen(line);
1169 if (linelen < len) {
1170 const char *feature_list = line + linelen + 1;
1171 if (parse_feature_request(feature_list, "report-status"))
1173 if (parse_feature_request(feature_list, "side-band-64k"))
1174 use_sideband = LARGE_PACKET_MAX;
1175 if (parse_feature_request(feature_list, "quiet"))
1179 if (!strcmp(line, "push-cert")) {
1184 len = packet_read(0, NULL, NULL,
1185 certbuf, sizeof(certbuf), 0);
1190 if (!strcmp(certbuf, "push-cert-end\n"))
1191 break; /* end of cert */
1192 strbuf_addstr(&push_cert, certbuf);
1200 p = queue_command(p, line, linelen);
1204 queue_commands_from_cert(p, &push_cert);
1209 static const char *parse_pack_header(struct pack_header *hdr)
1211 switch (read_pack_header(0, hdr)) {
1213 return "eof before pack header was fully read";
1215 case PH_ERROR_PACK_SIGNATURE:
1216 return "protocol error (pack signature mismatch detected)";
1218 case PH_ERROR_PROTOCOL:
1219 return "protocol error (pack version unsupported)";
1222 return "unknown error in parse_pack_header";
1229 static const char *pack_lockfile;
1231 static const char *unpack(int err_fd, struct shallow_info *si)
1233 struct pack_header hdr;
1234 const char *hdr_err;
1237 struct child_process child = CHILD_PROCESS_INIT;
1238 int fsck_objects = (receive_fsck_objects >= 0
1239 ? receive_fsck_objects
1240 : transfer_fsck_objects >= 0
1241 ? transfer_fsck_objects
1244 hdr_err = parse_pack_header(&hdr);
1250 snprintf(hdr_arg, sizeof(hdr_arg),
1251 "--pack_header=%"PRIu32",%"PRIu32,
1252 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1254 if (si->nr_ours || si->nr_theirs) {
1255 alt_shallow_file = setup_temporary_shallow(si->shallow);
1256 argv_array_push(&child.args, "--shallow-file");
1257 argv_array_push(&child.args, alt_shallow_file);
1260 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1261 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1263 argv_array_push(&child.args, "-q");
1265 argv_array_push(&child.args, "--strict");
1266 child.no_stdout = 1;
1269 status = run_command(&child);
1271 return "unpack-objects abnormal exit";
1276 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1277 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1278 strcpy(keep_arg + s, "localhost");
1280 argv_array_pushl(&child.args, "index-pack",
1281 "--stdin", hdr_arg, keep_arg, NULL);
1283 argv_array_push(&child.args, "--strict");
1285 argv_array_push(&child.args, "--fix-thin");
1289 status = start_command(&child);
1291 return "index-pack fork failed";
1292 pack_lockfile = index_pack_lockfile(child.out);
1294 status = finish_command(&child);
1296 return "index-pack abnormal exit";
1297 reprepare_packed_git();
1302 static const char *unpack_with_sideband(struct shallow_info *si)
1308 return unpack(0, si);
1310 memset(&muxer, 0, sizeof(muxer));
1311 muxer.proc = copy_to_sideband;
1313 if (start_async(&muxer))
1316 ret = unpack(muxer.in, si);
1318 finish_async(&muxer);
1322 static void prepare_shallow_update(struct command *commands,
1323 struct shallow_info *si)
1325 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1327 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1329 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1331 si->need_reachability_test =
1332 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1334 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1335 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1337 for (i = 0; i < si->nr_ours; i++)
1338 si->need_reachability_test[si->ours[i]] = 1;
1340 for (i = 0; i < si->shallow->nr; i++) {
1341 if (!si->used_shallow[i])
1343 for (j = 0; j < bitmap_size; j++) {
1344 if (!si->used_shallow[i][j])
1346 si->need_reachability_test[i]++;
1347 for (k = 0; k < 32; k++)
1348 if (si->used_shallow[i][j] & (1 << k))
1349 si->shallow_ref[j * 32 + k]++;
1353 * true for those associated with some refs and belong
1354 * in "ours" list aka "step 7 not done yet"
1356 si->need_reachability_test[i] =
1357 si->need_reachability_test[i] > 1;
1361 * keep hooks happy by forcing a temporary shallow file via
1362 * env variable because we can't add --shallow-file to every
1363 * command. check_everything_connected() will be done with
1364 * true .git/shallow though.
1366 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1369 static void update_shallow_info(struct command *commands,
1370 struct shallow_info *si,
1371 struct sha1_array *ref)
1373 struct command *cmd;
1375 remove_nonexistent_theirs_shallow(si);
1376 if (!si->nr_ours && !si->nr_theirs) {
1381 for (cmd = commands; cmd; cmd = cmd->next) {
1382 if (is_null_sha1(cmd->new_sha1))
1384 sha1_array_append(ref, cmd->new_sha1);
1385 cmd->index = ref->nr - 1;
1389 if (shallow_update) {
1390 prepare_shallow_update(commands, si);
1394 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1395 assign_shallow_commits_to_refs(si, NULL, ref_status);
1396 for (cmd = commands; cmd; cmd = cmd->next) {
1397 if (is_null_sha1(cmd->new_sha1))
1399 if (ref_status[cmd->index]) {
1400 cmd->error_string = "shallow update not allowed";
1401 cmd->skip_update = 1;
1407 static void report(struct command *commands, const char *unpack_status)
1409 struct command *cmd;
1410 struct strbuf buf = STRBUF_INIT;
1412 packet_buf_write(&buf, "unpack %s\n",
1413 unpack_status ? unpack_status : "ok");
1414 for (cmd = commands; cmd; cmd = cmd->next) {
1415 if (!cmd->error_string)
1416 packet_buf_write(&buf, "ok %s\n",
1419 packet_buf_write(&buf, "ng %s %s\n",
1420 cmd->ref_name, cmd->error_string);
1422 packet_buf_flush(&buf);
1425 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1427 write_or_die(1, buf.buf, buf.len);
1428 strbuf_release(&buf);
1431 static int delete_only(struct command *commands)
1433 struct command *cmd;
1434 for (cmd = commands; cmd; cmd = cmd->next) {
1435 if (!is_null_sha1(cmd->new_sha1))
1441 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1443 int advertise_refs = 0;
1445 struct command *commands;
1446 struct sha1_array shallow = SHA1_ARRAY_INIT;
1447 struct sha1_array ref = SHA1_ARRAY_INIT;
1448 struct shallow_info si;
1450 packet_trace_identity("receive-pack");
1453 for (i = 1; i < argc; i++) {
1454 const char *arg = *argv++;
1457 if (!strcmp(arg, "--quiet")) {
1462 if (!strcmp(arg, "--advertise-refs")) {
1466 if (!strcmp(arg, "--stateless-rpc")) {
1470 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1475 usage(receive_pack_usage);
1478 usage(receive_pack_usage);
1482 usage(receive_pack_usage);
1486 if (!enter_repo(service_dir, 0))
1487 die("'%s' does not appear to be a git repository", service_dir);
1489 git_config(receive_pack_config, NULL);
1490 if (cert_nonce_seed)
1491 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1493 if (0 <= transfer_unpack_limit)
1494 unpack_limit = transfer_unpack_limit;
1495 else if (0 <= receive_unpack_limit)
1496 unpack_limit = receive_unpack_limit;
1498 if (advertise_refs || !stateless_rpc) {
1504 if ((commands = read_head_info(&shallow)) != NULL) {
1505 const char *unpack_status = NULL;
1507 prepare_shallow_info(&si, &shallow);
1508 if (!si.nr_ours && !si.nr_theirs)
1510 if (!delete_only(commands)) {
1511 unpack_status = unpack_with_sideband(&si);
1512 update_shallow_info(commands, &si, &ref);
1514 execute_commands(commands, unpack_status, &si);
1516 unlink_or_warn(pack_lockfile);
1518 report(commands, unpack_status);
1519 run_receive_hook(commands, "post-receive", 1);
1520 run_update_post_hook(commands);
1522 const char *argv_gc_auto[] = {
1523 "gc", "--auto", "--quiet", NULL,
1525 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1526 run_command_v_opt(argv_gc_auto, opt);
1528 if (auto_update_server_info)
1529 update_server_info(0);
1530 clear_shallow_info(&si);
1534 sha1_array_clear(&shallow);
1535 sha1_array_clear(&ref);
1536 free((void *)push_cert_nonce);
projects / git / blob