7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int unpack_limit = 100;
42 static int report_status;
43 static int use_sideband;
45 static int prefer_ofs_delta = 1;
46 static int auto_update_server_info;
47 static int auto_gc = 1;
48 static int fix_thin = 1;
49 static int stateless_rpc;
50 static const char *service_dir;
51 static const char *head_name;
52 static void *head_name_to_free;
53 static int sent_capabilities;
54 static int shallow_update;
55 static const char *alt_shallow_file;
56 static struct strbuf push_cert = STRBUF_INIT;
57 static unsigned char push_cert_sha1[20];
58 static struct signature_check sigcheck;
59 static const char *push_cert_nonce;
60 static const char *cert_nonce_seed;
62 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
63 static const char *NONCE_BAD = "BAD";
64 static const char *NONCE_MISSING = "MISSING";
65 static const char *NONCE_OK = "OK";
66 static const char *NONCE_SLOP = "SLOP";
67 static const char *nonce_status;
68 static long nonce_stamp_slop;
69 static unsigned long nonce_stamp_slop_limit;
71 static enum deny_action parse_deny_action(const char *var, const char *value)
74 if (!strcasecmp(value, "ignore"))
76 if (!strcasecmp(value, "warn"))
78 if (!strcasecmp(value, "refuse"))
80 if (!strcasecmp(value, "updateinstead"))
81 return DENY_UPDATE_INSTEAD;
83 if (git_config_bool(var, value))
88 static int receive_pack_config(const char *var, const char *value, void *cb)
90 int status = parse_hide_refs_config(var, value, "receive");
95 if (strcmp(var, "receive.denydeletes") == 0) {
96 deny_deletes = git_config_bool(var, value);
100 if (strcmp(var, "receive.denynonfastforwards") == 0) {
101 deny_non_fast_forwards = git_config_bool(var, value);
105 if (strcmp(var, "receive.unpacklimit") == 0) {
106 receive_unpack_limit = git_config_int(var, value);
110 if (strcmp(var, "transfer.unpacklimit") == 0) {
111 transfer_unpack_limit = git_config_int(var, value);
115 if (strcmp(var, "receive.fsckobjects") == 0) {
116 receive_fsck_objects = git_config_bool(var, value);
120 if (strcmp(var, "transfer.fsckobjects") == 0) {
121 transfer_fsck_objects = git_config_bool(var, value);
125 if (!strcmp(var, "receive.denycurrentbranch")) {
126 deny_current_branch = parse_deny_action(var, value);
130 if (strcmp(var, "receive.denydeletecurrent") == 0) {
131 deny_delete_current = parse_deny_action(var, value);
135 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
136 prefer_ofs_delta = git_config_bool(var, value);
140 if (strcmp(var, "receive.updateserverinfo") == 0) {
141 auto_update_server_info = git_config_bool(var, value);
145 if (strcmp(var, "receive.autogc") == 0) {
146 auto_gc = git_config_bool(var, value);
150 if (strcmp(var, "receive.shallowupdate") == 0) {
151 shallow_update = git_config_bool(var, value);
155 if (strcmp(var, "receive.certnonceseed") == 0)
156 return git_config_string(&cert_nonce_seed, var, value);
158 if (strcmp(var, "receive.certnonceslop") == 0) {
159 nonce_stamp_slop_limit = git_config_ulong(var, value);
163 return git_default_config(var, value, cb);
166 static void show_ref(const char *path, const unsigned char *sha1)
168 if (ref_is_hidden(path))
171 if (sent_capabilities) {
172 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
174 struct strbuf cap = STRBUF_INIT;
177 "report-status delete-refs side-band-64k quiet");
178 if (prefer_ofs_delta)
179 strbuf_addstr(&cap, " ofs-delta");
181 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
182 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
183 packet_write(1, "%s %s%c%s\n",
184 sha1_to_hex(sha1), path, 0, cap.buf);
185 strbuf_release(&cap);
186 sent_capabilities = 1;
190 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
192 path = strip_namespace(path);
194 * Advertise refs outside our current namespace as ".have"
195 * refs, so that the client can use them to minimize data
196 * transfer but will otherwise ignore them. This happens to
197 * cover ".have" that are thrown in by add_one_alternate_ref()
198 * to mark histories that are complete in our alternates as
203 show_ref(path, sha1);
207 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
209 show_ref(".have", sha1);
212 static void collect_one_alternate_ref(const struct ref *ref, void *data)
214 struct sha1_array *sa = data;
215 sha1_array_append(sa, ref->old_sha1);
218 static void write_head_info(void)
220 struct sha1_array sa = SHA1_ARRAY_INIT;
221 for_each_alternate_ref(collect_one_alternate_ref, &sa);
222 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
223 sha1_array_clear(&sa);
224 for_each_ref(show_ref_cb, NULL);
225 if (!sent_capabilities)
226 show_ref("capabilities^{}", null_sha1);
228 advertise_shallow_grafts(1);
235 struct command *next;
236 const char *error_string;
237 unsigned int skip_update:1,
240 unsigned char old_sha1[20];
241 unsigned char new_sha1[20];
242 char ref_name[FLEX_ARRAY]; /* more */
245 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
246 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
248 static void report_message(const char *prefix, const char *err, va_list params)
250 int sz = strlen(prefix);
253 strncpy(msg, prefix, sz);
254 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
255 if (sz > (sizeof(msg) - 1))
256 sz = sizeof(msg) - 1;
260 send_sideband(1, 2, msg, sz, use_sideband);
265 static void rp_warning(const char *err, ...)
268 va_start(params, err);
269 report_message("warning: ", err, params);
273 static void rp_error(const char *err, ...)
276 va_start(params, err);
277 report_message("error: ", err, params);
281 static int copy_to_sideband(int in, int out, void *arg)
285 ssize_t sz = xread(in, data, sizeof(data));
288 send_sideband(1, 2, data, sz, use_sideband);
294 #define HMAC_BLOCK_SIZE 64
296 static void hmac_sha1(unsigned char *out,
297 const char *key_in, size_t key_len,
298 const char *text, size_t text_len)
300 unsigned char key[HMAC_BLOCK_SIZE];
301 unsigned char k_ipad[HMAC_BLOCK_SIZE];
302 unsigned char k_opad[HMAC_BLOCK_SIZE];
306 /* RFC 2104 2. (1) */
307 memset(key, '\0', HMAC_BLOCK_SIZE);
308 if (HMAC_BLOCK_SIZE < key_len) {
310 git_SHA1_Update(&ctx, key_in, key_len);
311 git_SHA1_Final(key, &ctx);
313 memcpy(key, key_in, key_len);
316 /* RFC 2104 2. (2) & (5) */
317 for (i = 0; i < sizeof(key); i++) {
318 k_ipad[i] = key[i] ^ 0x36;
319 k_opad[i] = key[i] ^ 0x5c;
322 /* RFC 2104 2. (3) & (4) */
324 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
325 git_SHA1_Update(&ctx, text, text_len);
326 git_SHA1_Final(out, &ctx);
328 /* RFC 2104 2. (6) & (7) */
330 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
331 git_SHA1_Update(&ctx, out, 20);
332 git_SHA1_Final(out, &ctx);
335 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
337 struct strbuf buf = STRBUF_INIT;
338 unsigned char sha1[20];
340 strbuf_addf(&buf, "%s:%lu", path, stamp);
341 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
342 strbuf_release(&buf);
344 /* RFC 2104 5. HMAC-SHA1-80 */
345 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
346 return strbuf_detach(&buf, NULL);
350 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
351 * after dropping "_commit" from its name and possibly moving it out
354 static char *find_header(const char *msg, size_t len, const char *key)
356 int key_len = strlen(key);
357 const char *line = msg;
359 while (line && line < msg + len) {
360 const char *eol = strchrnul(line, '\n');
362 if ((msg + len <= eol) || line == eol)
364 if (line + key_len < eol &&
365 !memcmp(line, key, key_len) && line[key_len] == ' ') {
366 int offset = key_len + 1;
367 return xmemdupz(line + offset, (eol - line) - offset);
369 line = *eol ? eol + 1 : NULL;
374 static const char *check_nonce(const char *buf, size_t len)
376 char *nonce = find_header(buf, len, "nonce");
377 unsigned long stamp, ostamp;
378 char *bohmac, *expect = NULL;
379 const char *retval = NONCE_BAD;
382 retval = NONCE_MISSING;
384 } else if (!push_cert_nonce) {
385 retval = NONCE_UNSOLICITED;
387 } else if (!strcmp(push_cert_nonce, nonce)) {
392 if (!stateless_rpc) {
393 /* returned nonce MUST match what we gave out earlier */
399 * In stateless mode, we may be receiving a nonce issued by
400 * another instance of the server that serving the same
401 * repository, and the timestamps may not match, but the
402 * nonce-seed and dir should match, so we can recompute and
403 * report the time slop.
405 * In addition, when a nonce issued by another instance has
406 * timestamp within receive.certnonceslop seconds, we pretend
407 * as if we issued that nonce when reporting to the hook.
410 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
411 if (*nonce <= '0' || '9' < *nonce) {
415 stamp = strtoul(nonce, &bohmac, 10);
416 if (bohmac == nonce || bohmac[0] != '-') {
421 expect = prepare_push_cert_nonce(service_dir, stamp);
422 if (strcmp(expect, nonce)) {
423 /* Not what we would have signed earlier */
429 * By how many seconds is this nonce stale? Negative value
430 * would mean it was issued by another server with its clock
431 * skewed in the future.
433 ostamp = strtoul(push_cert_nonce, NULL, 10);
434 nonce_stamp_slop = (long)ostamp - (long)stamp;
436 if (nonce_stamp_slop_limit &&
437 abs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
439 * Pretend as if the received nonce (which passes the
440 * HMAC check, so it is not a forged by third-party)
443 free((void *)push_cert_nonce);
444 push_cert_nonce = xstrdup(nonce);
456 static void prepare_push_cert_sha1(struct child_process *proc)
458 static int already_done;
464 struct strbuf gpg_output = STRBUF_INIT;
465 struct strbuf gpg_status = STRBUF_INIT;
466 int bogs /* beginning_of_gpg_sig */;
469 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
470 hashclr(push_cert_sha1);
472 memset(&sigcheck, '\0', sizeof(sigcheck));
473 sigcheck.result = 'N';
475 bogs = parse_signature(push_cert.buf, push_cert.len);
476 if (verify_signed_buffer(push_cert.buf, bogs,
477 push_cert.buf + bogs, push_cert.len - bogs,
478 &gpg_output, &gpg_status) < 0) {
479 ; /* error running gpg */
481 sigcheck.payload = push_cert.buf;
482 sigcheck.gpg_output = gpg_output.buf;
483 sigcheck.gpg_status = gpg_status.buf;
484 parse_gpg_output(&sigcheck);
487 strbuf_release(&gpg_output);
488 strbuf_release(&gpg_status);
489 nonce_status = check_nonce(push_cert.buf, bogs);
491 if (!is_null_sha1(push_cert_sha1)) {
492 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
493 sha1_to_hex(push_cert_sha1));
494 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
495 sigcheck.signer ? sigcheck.signer : "");
496 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
497 sigcheck.key ? sigcheck.key : "");
498 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
500 if (push_cert_nonce) {
501 argv_array_pushf(&proc->env_array,
502 "GIT_PUSH_CERT_NONCE=%s",
504 argv_array_pushf(&proc->env_array,
505 "GIT_PUSH_CERT_NONCE_STATUS=%s",
507 if (nonce_status == NONCE_SLOP)
508 argv_array_pushf(&proc->env_array,
509 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
515 typedef int (*feed_fn)(void *, const char **, size_t *);
516 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
518 struct child_process proc = CHILD_PROCESS_INIT;
523 argv[0] = find_hook(hook_name);
531 proc.stdout_to_stderr = 1;
534 memset(&muxer, 0, sizeof(muxer));
535 muxer.proc = copy_to_sideband;
537 code = start_async(&muxer);
543 prepare_push_cert_sha1(&proc);
545 code = start_command(&proc);
548 finish_async(&muxer);
552 sigchain_push(SIGPIPE, SIG_IGN);
557 if (feed(feed_state, &buf, &n))
559 if (write_in_full(proc.in, buf, n) != n)
564 finish_async(&muxer);
566 sigchain_pop(SIGPIPE);
568 return finish_command(&proc);
571 struct receive_hook_feed_state {
577 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
579 struct receive_hook_feed_state *state = state_;
580 struct command *cmd = state->cmd;
583 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
587 strbuf_reset(&state->buf);
588 strbuf_addf(&state->buf, "%s %s %s\n",
589 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
591 state->cmd = cmd->next;
593 *bufp = state->buf.buf;
594 *sizep = state->buf.len;
599 static int run_receive_hook(struct command *commands, const char *hook_name,
602 struct receive_hook_feed_state state;
605 strbuf_init(&state.buf, 0);
606 state.cmd = commands;
607 state.skip_broken = skip_broken;
608 if (feed_receive_hook(&state, NULL, NULL))
610 state.cmd = commands;
611 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
612 strbuf_release(&state.buf);
616 static int run_update_hook(struct command *cmd)
619 struct child_process proc = CHILD_PROCESS_INIT;
622 argv[0] = find_hook("update");
626 argv[1] = cmd->ref_name;
627 argv[2] = sha1_to_hex(cmd->old_sha1);
628 argv[3] = sha1_to_hex(cmd->new_sha1);
632 proc.stdout_to_stderr = 1;
633 proc.err = use_sideband ? -1 : 0;
636 code = start_command(&proc);
640 copy_to_sideband(proc.err, -1, NULL);
641 return finish_command(&proc);
644 static int is_ref_checked_out(const char *ref)
646 if (is_bare_repository())
651 return !strcmp(head_name, ref);
654 static char *refuse_unconfigured_deny_msg[] = {
655 "By default, updating the current branch in a non-bare repository",
656 "is denied, because it will make the index and work tree inconsistent",
657 "with what you pushed, and will require 'git reset --hard' to match",
658 "the work tree to HEAD.",
660 "You can set 'receive.denyCurrentBranch' configuration variable to",
661 "'ignore' or 'warn' in the remote repository to allow pushing into",
662 "its current branch; however, this is not recommended unless you",
663 "arranged to update its work tree to match what you pushed in some",
666 "To squelch this message and still keep the default behaviour, set",
667 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
670 static void refuse_unconfigured_deny(void)
673 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
674 rp_error("%s", refuse_unconfigured_deny_msg[i]);
677 static char *refuse_unconfigured_deny_delete_current_msg[] = {
678 "By default, deleting the current branch is denied, because the next",
679 "'git clone' won't result in any file checked out, causing confusion.",
681 "You can set 'receive.denyDeleteCurrent' configuration variable to",
682 "'warn' or 'ignore' in the remote repository to allow deleting the",
683 "current branch, with or without a warning message.",
685 "To squelch this message, you can set it to 'refuse'."
688 static void refuse_unconfigured_deny_delete_current(void)
692 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
694 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
697 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
698 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
700 static struct lock_file shallow_lock;
701 struct sha1_array extra = SHA1_ARRAY_INIT;
702 const char *alt_file;
703 uint32_t mask = 1 << (cmd->index % 32);
706 trace_printf_key(&trace_shallow,
707 "shallow: update_shallow_ref %s\n", cmd->ref_name);
708 for (i = 0; i < si->shallow->nr; i++)
709 if (si->used_shallow[i] &&
710 (si->used_shallow[i][cmd->index / 32] & mask) &&
711 !delayed_reachability_test(si, i))
712 sha1_array_append(&extra, si->shallow->sha1[i]);
714 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
715 if (check_shallow_connected(command_singleton_iterator,
717 rollback_lock_file(&shallow_lock);
718 sha1_array_clear(&extra);
722 commit_lock_file(&shallow_lock);
725 * Make sure setup_alternate_shallow() for the next ref does
726 * not lose these new roots..
728 for (i = 0; i < extra.nr; i++)
729 register_shallow(extra.sha1[i]);
731 si->shallow_ref[cmd->index] = 0;
732 sha1_array_clear(&extra);
736 static const char *push_to_deploy(unsigned char *sha1,
737 struct argv_array *env,
738 const char *work_tree)
740 const char *update_refresh[] = {
741 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
743 const char *diff_files[] = {
744 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
746 const char *diff_index[] = {
747 "diff-index", "--quiet", "--cached", "--ignore-submodules",
750 const char *read_tree[] = {
751 "read-tree", "-u", "-m", NULL, NULL
753 struct child_process child = CHILD_PROCESS_INIT;
755 child.argv = update_refresh;
756 child.env = env->argv;
757 child.dir = work_tree;
759 child.stdout_to_stderr = 1;
761 if (run_command(&child))
762 return "Up-to-date check failed";
764 /* run_command() does not clean up completely; reinitialize */
765 child_process_init(&child);
766 child.argv = diff_files;
767 child.env = env->argv;
768 child.dir = work_tree;
770 child.stdout_to_stderr = 1;
772 if (run_command(&child))
773 return "Working directory has unstaged changes";
775 child_process_init(&child);
776 child.argv = diff_index;
777 child.env = env->argv;
780 child.stdout_to_stderr = 0;
782 if (run_command(&child))
783 return "Working directory has staged changes";
785 read_tree[3] = sha1_to_hex(sha1);
786 child_process_init(&child);
787 child.argv = read_tree;
788 child.env = env->argv;
789 child.dir = work_tree;
792 child.stdout_to_stderr = 0;
794 if (run_command(&child))
795 return "Could not update working tree to new HEAD";
800 static const char *push_to_checkout_hook = "push-to-checkout";
802 static const char *push_to_checkout(unsigned char *sha1,
803 struct argv_array *env,
804 const char *work_tree)
806 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
807 if (run_hook_le(env->argv, push_to_checkout_hook,
808 sha1_to_hex(sha1), NULL))
809 return "push-to-checkout hook declined";
814 static const char *update_worktree(unsigned char *sha1)
817 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
818 struct argv_array env = ARGV_ARRAY_INIT;
820 if (is_bare_repository())
821 return "denyCurrentBranch = updateInstead needs a worktree";
823 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
825 if (!find_hook(push_to_checkout_hook))
826 retval = push_to_deploy(sha1, &env, work_tree);
828 retval = push_to_checkout(sha1, &env, work_tree);
830 argv_array_clear(&env);
834 static const char *update(struct command *cmd, struct shallow_info *si)
836 const char *name = cmd->ref_name;
837 struct strbuf namespaced_name_buf = STRBUF_INIT;
838 const char *namespaced_name, *ret;
839 unsigned char *old_sha1 = cmd->old_sha1;
840 unsigned char *new_sha1 = cmd->new_sha1;
842 /* only refs/... are allowed */
843 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
844 rp_error("refusing to create funny ref '%s' remotely", name);
845 return "funny refname";
848 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
849 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
851 if (is_ref_checked_out(namespaced_name)) {
852 switch (deny_current_branch) {
856 rp_warning("updating the current branch");
859 case DENY_UNCONFIGURED:
860 rp_error("refusing to update checked out branch: %s", name);
861 if (deny_current_branch == DENY_UNCONFIGURED)
862 refuse_unconfigured_deny();
863 return "branch is currently checked out";
864 case DENY_UPDATE_INSTEAD:
865 ret = update_worktree(new_sha1);
872 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
873 error("unpack should have generated %s, "
874 "but I can't find it!", sha1_to_hex(new_sha1));
878 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
879 if (deny_deletes && starts_with(name, "refs/heads/")) {
880 rp_error("denying ref deletion for %s", name);
881 return "deletion prohibited";
884 if (!strcmp(namespaced_name, head_name)) {
885 switch (deny_delete_current) {
889 rp_warning("deleting the current branch");
892 case DENY_UNCONFIGURED:
893 case DENY_UPDATE_INSTEAD:
894 if (deny_delete_current == DENY_UNCONFIGURED)
895 refuse_unconfigured_deny_delete_current();
896 rp_error("refusing to delete the current branch: %s", name);
897 return "deletion of the current branch prohibited";
899 return "Invalid denyDeleteCurrent setting";
904 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
905 !is_null_sha1(old_sha1) &&
906 starts_with(name, "refs/heads/")) {
907 struct object *old_object, *new_object;
908 struct commit *old_commit, *new_commit;
910 old_object = parse_object(old_sha1);
911 new_object = parse_object(new_sha1);
913 if (!old_object || !new_object ||
914 old_object->type != OBJ_COMMIT ||
915 new_object->type != OBJ_COMMIT) {
916 error("bad sha1 objects for %s", name);
919 old_commit = (struct commit *)old_object;
920 new_commit = (struct commit *)new_object;
921 if (!in_merge_bases(old_commit, new_commit)) {
922 rp_error("denying non-fast-forward %s"
923 " (you should pull first)", name);
924 return "non-fast-forward";
927 if (run_update_hook(cmd)) {
928 rp_error("hook declined to update %s", name);
929 return "hook declined";
932 if (is_null_sha1(new_sha1)) {
933 if (!parse_object(old_sha1)) {
935 if (ref_exists(name)) {
936 rp_warning("Allowing deletion of corrupt ref.");
938 rp_warning("Deleting a non-existent ref.");
939 cmd->did_not_exist = 1;
942 if (delete_ref(namespaced_name, old_sha1, 0)) {
943 rp_error("failed to delete %s", name);
944 return "failed to delete";
946 return NULL; /* good */
949 struct strbuf err = STRBUF_INIT;
950 struct ref_transaction *transaction;
952 if (shallow_update && si->shallow_ref[cmd->index] &&
953 update_shallow_ref(cmd, si))
954 return "shallow error";
956 transaction = ref_transaction_begin(&err);
958 ref_transaction_update(transaction, namespaced_name,
959 new_sha1, old_sha1, 0, 1, "push",
961 ref_transaction_commit(transaction, &err)) {
962 ref_transaction_free(transaction);
964 rp_error("%s", err.buf);
965 strbuf_release(&err);
966 return "failed to update ref";
969 ref_transaction_free(transaction);
970 strbuf_release(&err);
971 return NULL; /* good */
975 static void run_update_post_hook(struct command *commands)
980 struct child_process proc = CHILD_PROCESS_INIT;
983 hook = find_hook("post-update");
984 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
985 if (cmd->error_string || cmd->did_not_exist)
992 argv = xmalloc(sizeof(*argv) * (2 + argc));
995 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
996 if (cmd->error_string || cmd->did_not_exist)
998 argv[argc] = xstrdup(cmd->ref_name);
1004 proc.stdout_to_stderr = 1;
1005 proc.err = use_sideband ? -1 : 0;
1008 if (!start_command(&proc)) {
1010 copy_to_sideband(proc.err, -1, NULL);
1011 finish_command(&proc);
1015 static void check_aliased_update(struct command *cmd, struct string_list *list)
1017 struct strbuf buf = STRBUF_INIT;
1018 const char *dst_name;
1019 struct string_list_item *item;
1020 struct command *dst_cmd;
1021 unsigned char sha1[20];
1022 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1025 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1026 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1027 strbuf_release(&buf);
1029 if (!(flag & REF_ISSYMREF))
1032 dst_name = strip_namespace(dst_name);
1034 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1035 cmd->skip_update = 1;
1036 cmd->error_string = "broken symref";
1040 if ((item = string_list_lookup(list, dst_name)) == NULL)
1043 cmd->skip_update = 1;
1045 dst_cmd = (struct command *) item->util;
1047 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1048 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1051 dst_cmd->skip_update = 1;
1053 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1054 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1055 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1056 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1057 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1058 " its target '%s' (%s..%s)",
1059 cmd->ref_name, cmd_oldh, cmd_newh,
1060 dst_cmd->ref_name, dst_oldh, dst_newh);
1062 cmd->error_string = dst_cmd->error_string =
1063 "inconsistent aliased update";
1066 static void check_aliased_updates(struct command *commands)
1068 struct command *cmd;
1069 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1071 for (cmd = commands; cmd; cmd = cmd->next) {
1072 struct string_list_item *item =
1073 string_list_append(&ref_list, cmd->ref_name);
1074 item->util = (void *)cmd;
1076 sort_string_list(&ref_list);
1078 for (cmd = commands; cmd; cmd = cmd->next) {
1079 if (!cmd->error_string)
1080 check_aliased_update(cmd, &ref_list);
1083 string_list_clear(&ref_list, 0);
1086 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1088 struct command **cmd_list = cb_data;
1089 struct command *cmd = *cmd_list;
1091 if (!cmd || is_null_sha1(cmd->new_sha1))
1092 return -1; /* end of list */
1093 *cmd_list = NULL; /* this returns only one */
1094 hashcpy(sha1, cmd->new_sha1);
1098 static void set_connectivity_errors(struct command *commands,
1099 struct shallow_info *si)
1101 struct command *cmd;
1103 for (cmd = commands; cmd; cmd = cmd->next) {
1104 struct command *singleton = cmd;
1105 if (shallow_update && si->shallow_ref[cmd->index])
1106 /* to be checked in update_shallow_ref() */
1108 if (!check_everything_connected(command_singleton_iterator,
1111 cmd->error_string = "missing necessary objects";
1115 struct iterate_data {
1116 struct command *cmds;
1117 struct shallow_info *si;
1120 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1122 struct iterate_data *data = cb_data;
1123 struct command **cmd_list = &data->cmds;
1124 struct command *cmd = *cmd_list;
1126 for (; cmd; cmd = cmd->next) {
1127 if (shallow_update && data->si->shallow_ref[cmd->index])
1128 /* to be checked in update_shallow_ref() */
1130 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1131 hashcpy(sha1, cmd->new_sha1);
1132 *cmd_list = cmd->next;
1137 return -1; /* end of list */
1140 static void reject_updates_to_hidden(struct command *commands)
1142 struct command *cmd;
1144 for (cmd = commands; cmd; cmd = cmd->next) {
1145 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1147 if (is_null_sha1(cmd->new_sha1))
1148 cmd->error_string = "deny deleting a hidden ref";
1150 cmd->error_string = "deny updating a hidden ref";
1154 static void execute_commands(struct command *commands,
1155 const char *unpacker_error,
1156 struct shallow_info *si)
1158 int checked_connectivity;
1159 struct command *cmd;
1160 unsigned char sha1[20];
1161 struct iterate_data data;
1163 if (unpacker_error) {
1164 for (cmd = commands; cmd; cmd = cmd->next)
1165 cmd->error_string = "unpacker error";
1169 data.cmds = commands;
1171 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1172 set_connectivity_errors(commands, si);
1174 reject_updates_to_hidden(commands);
1176 if (run_receive_hook(commands, "pre-receive", 0)) {
1177 for (cmd = commands; cmd; cmd = cmd->next) {
1178 if (!cmd->error_string)
1179 cmd->error_string = "pre-receive hook declined";
1184 check_aliased_updates(commands);
1186 free(head_name_to_free);
1187 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1189 checked_connectivity = 1;
1190 for (cmd = commands; cmd; cmd = cmd->next) {
1191 if (cmd->error_string)
1194 if (cmd->skip_update)
1197 cmd->error_string = update(cmd, si);
1198 if (shallow_update && !cmd->error_string &&
1199 si->shallow_ref[cmd->index]) {
1200 error("BUG: connectivity check has not been run on ref %s",
1202 checked_connectivity = 0;
1206 if (shallow_update && !checked_connectivity)
1207 error("BUG: run 'git fsck' for safety.\n"
1208 "If there are errors, try to remove "
1209 "the reported refs above");
1212 static struct command **queue_command(struct command **tail,
1216 unsigned char old_sha1[20], new_sha1[20];
1217 struct command *cmd;
1218 const char *refname;
1224 get_sha1_hex(line, old_sha1) ||
1225 get_sha1_hex(line + 41, new_sha1))
1226 die("protocol error: expected old/new/ref, got '%s'", line);
1228 refname = line + 82;
1229 reflen = linelen - 82;
1230 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1231 hashcpy(cmd->old_sha1, old_sha1);
1232 hashcpy(cmd->new_sha1, new_sha1);
1233 memcpy(cmd->ref_name, refname, reflen);
1234 cmd->ref_name[reflen] = '\0';
1239 static void queue_commands_from_cert(struct command **tail,
1240 struct strbuf *push_cert)
1242 const char *boc, *eoc;
1245 die("protocol error: got both push certificate and unsigned commands");
1247 boc = strstr(push_cert->buf, "\n\n");
1249 die("malformed push certificate %.*s", 100, push_cert->buf);
1252 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1255 const char *eol = memchr(boc, '\n', eoc - boc);
1256 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1257 boc = eol ? eol + 1 : eoc;
1261 static struct command *read_head_info(struct sha1_array *shallow)
1263 struct command *commands = NULL;
1264 struct command **p = &commands;
1269 line = packet_read_line(0, &len);
1273 if (len == 48 && starts_with(line, "shallow ")) {
1274 unsigned char sha1[20];
1275 if (get_sha1_hex(line + 8, sha1))
1276 die("protocol error: expected shallow sha, got '%s'",
1278 sha1_array_append(shallow, sha1);
1282 linelen = strlen(line);
1283 if (linelen < len) {
1284 const char *feature_list = line + linelen + 1;
1285 if (parse_feature_request(feature_list, "report-status"))
1287 if (parse_feature_request(feature_list, "side-band-64k"))
1288 use_sideband = LARGE_PACKET_MAX;
1289 if (parse_feature_request(feature_list, "quiet"))
1293 if (!strcmp(line, "push-cert")) {
1298 len = packet_read(0, NULL, NULL,
1299 certbuf, sizeof(certbuf), 0);
1304 if (!strcmp(certbuf, "push-cert-end\n"))
1305 break; /* end of cert */
1306 strbuf_addstr(&push_cert, certbuf);
1314 p = queue_command(p, line, linelen);
1318 queue_commands_from_cert(p, &push_cert);
1323 static const char *parse_pack_header(struct pack_header *hdr)
1325 switch (read_pack_header(0, hdr)) {
1327 return "eof before pack header was fully read";
1329 case PH_ERROR_PACK_SIGNATURE:
1330 return "protocol error (pack signature mismatch detected)";
1332 case PH_ERROR_PROTOCOL:
1333 return "protocol error (pack version unsupported)";
1336 return "unknown error in parse_pack_header";
1343 static const char *pack_lockfile;
1345 static const char *unpack(int err_fd, struct shallow_info *si)
1347 struct pack_header hdr;
1348 const char *hdr_err;
1351 struct child_process child = CHILD_PROCESS_INIT;
1352 int fsck_objects = (receive_fsck_objects >= 0
1353 ? receive_fsck_objects
1354 : transfer_fsck_objects >= 0
1355 ? transfer_fsck_objects
1358 hdr_err = parse_pack_header(&hdr);
1364 snprintf(hdr_arg, sizeof(hdr_arg),
1365 "--pack_header=%"PRIu32",%"PRIu32,
1366 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1368 if (si->nr_ours || si->nr_theirs) {
1369 alt_shallow_file = setup_temporary_shallow(si->shallow);
1370 argv_array_push(&child.args, "--shallow-file");
1371 argv_array_push(&child.args, alt_shallow_file);
1374 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1375 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1377 argv_array_push(&child.args, "-q");
1379 argv_array_push(&child.args, "--strict");
1380 child.no_stdout = 1;
1383 status = run_command(&child);
1385 return "unpack-objects abnormal exit";
1390 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1391 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1392 strcpy(keep_arg + s, "localhost");
1394 argv_array_pushl(&child.args, "index-pack",
1395 "--stdin", hdr_arg, keep_arg, NULL);
1397 argv_array_push(&child.args, "--strict");
1399 argv_array_push(&child.args, "--fix-thin");
1403 status = start_command(&child);
1405 return "index-pack fork failed";
1406 pack_lockfile = index_pack_lockfile(child.out);
1408 status = finish_command(&child);
1410 return "index-pack abnormal exit";
1411 reprepare_packed_git();
1416 static const char *unpack_with_sideband(struct shallow_info *si)
1422 return unpack(0, si);
1424 memset(&muxer, 0, sizeof(muxer));
1425 muxer.proc = copy_to_sideband;
1427 if (start_async(&muxer))
1430 ret = unpack(muxer.in, si);
1432 finish_async(&muxer);
1436 static void prepare_shallow_update(struct command *commands,
1437 struct shallow_info *si)
1439 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1441 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1443 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1445 si->need_reachability_test =
1446 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1448 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1449 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1451 for (i = 0; i < si->nr_ours; i++)
1452 si->need_reachability_test[si->ours[i]] = 1;
1454 for (i = 0; i < si->shallow->nr; i++) {
1455 if (!si->used_shallow[i])
1457 for (j = 0; j < bitmap_size; j++) {
1458 if (!si->used_shallow[i][j])
1460 si->need_reachability_test[i]++;
1461 for (k = 0; k < 32; k++)
1462 if (si->used_shallow[i][j] & (1 << k))
1463 si->shallow_ref[j * 32 + k]++;
1467 * true for those associated with some refs and belong
1468 * in "ours" list aka "step 7 not done yet"
1470 si->need_reachability_test[i] =
1471 si->need_reachability_test[i] > 1;
1475 * keep hooks happy by forcing a temporary shallow file via
1476 * env variable because we can't add --shallow-file to every
1477 * command. check_everything_connected() will be done with
1478 * true .git/shallow though.
1480 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1483 static void update_shallow_info(struct command *commands,
1484 struct shallow_info *si,
1485 struct sha1_array *ref)
1487 struct command *cmd;
1489 remove_nonexistent_theirs_shallow(si);
1490 if (!si->nr_ours && !si->nr_theirs) {
1495 for (cmd = commands; cmd; cmd = cmd->next) {
1496 if (is_null_sha1(cmd->new_sha1))
1498 sha1_array_append(ref, cmd->new_sha1);
1499 cmd->index = ref->nr - 1;
1503 if (shallow_update) {
1504 prepare_shallow_update(commands, si);
1508 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1509 assign_shallow_commits_to_refs(si, NULL, ref_status);
1510 for (cmd = commands; cmd; cmd = cmd->next) {
1511 if (is_null_sha1(cmd->new_sha1))
1513 if (ref_status[cmd->index]) {
1514 cmd->error_string = "shallow update not allowed";
1515 cmd->skip_update = 1;
1521 static void report(struct command *commands, const char *unpack_status)
1523 struct command *cmd;
1524 struct strbuf buf = STRBUF_INIT;
1526 packet_buf_write(&buf, "unpack %s\n",
1527 unpack_status ? unpack_status : "ok");
1528 for (cmd = commands; cmd; cmd = cmd->next) {
1529 if (!cmd->error_string)
1530 packet_buf_write(&buf, "ok %s\n",
1533 packet_buf_write(&buf, "ng %s %s\n",
1534 cmd->ref_name, cmd->error_string);
1536 packet_buf_flush(&buf);
1539 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1541 write_or_die(1, buf.buf, buf.len);
1542 strbuf_release(&buf);
1545 static int delete_only(struct command *commands)
1547 struct command *cmd;
1548 for (cmd = commands; cmd; cmd = cmd->next) {
1549 if (!is_null_sha1(cmd->new_sha1))
1555 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1557 int advertise_refs = 0;
1559 struct command *commands;
1560 struct sha1_array shallow = SHA1_ARRAY_INIT;
1561 struct sha1_array ref = SHA1_ARRAY_INIT;
1562 struct shallow_info si;
1564 packet_trace_identity("receive-pack");
1567 for (i = 1; i < argc; i++) {
1568 const char *arg = *argv++;
1571 if (!strcmp(arg, "--quiet")) {
1576 if (!strcmp(arg, "--advertise-refs")) {
1580 if (!strcmp(arg, "--stateless-rpc")) {
1584 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1589 usage(receive_pack_usage);
1592 usage(receive_pack_usage);
1596 usage(receive_pack_usage);
1600 if (!enter_repo(service_dir, 0))
1601 die("'%s' does not appear to be a git repository", service_dir);
1603 git_config(receive_pack_config, NULL);
1604 if (cert_nonce_seed)
1605 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1607 if (0 <= transfer_unpack_limit)
1608 unpack_limit = transfer_unpack_limit;
1609 else if (0 <= receive_unpack_limit)
1610 unpack_limit = receive_unpack_limit;
1612 if (advertise_refs || !stateless_rpc) {
1618 if ((commands = read_head_info(&shallow)) != NULL) {
1619 const char *unpack_status = NULL;
1621 prepare_shallow_info(&si, &shallow);
1622 if (!si.nr_ours && !si.nr_theirs)
1624 if (!delete_only(commands)) {
1625 unpack_status = unpack_with_sideband(&si);
1626 update_shallow_info(commands, &si, &ref);
1628 execute_commands(commands, unpack_status, &si);
1630 unlink_or_warn(pack_lockfile);
1632 report(commands, unpack_status);
1633 run_receive_hook(commands, "post-receive", 1);
1634 run_update_post_hook(commands);
1636 const char *argv_gc_auto[] = {
1637 "gc", "--auto", "--quiet", NULL,
1639 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1640 run_command_v_opt(argv_gc_auto, opt);
1642 if (auto_update_server_info)
1643 update_server_info(0);
1644 clear_shallow_info(&si);
1648 sha1_array_clear(&shallow);
1649 sha1_array_clear(&ref);
1650 free((void *)push_cert_nonce);
projects / git / blob