7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
24 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
34 static int deny_deletes;
35 static int deny_non_fast_forwards;
36 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
37 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
38 static int receive_fsck_objects = -1;
39 static int transfer_fsck_objects = -1;
40 static struct strbuf fsck_msg_types = STRBUF_INIT;
41 static int receive_unpack_limit = -1;
42 static int transfer_unpack_limit = -1;
43 static int advertise_atomic_push = 1;
44 static int unpack_limit = 100;
45 static int report_status;
46 static int use_sideband;
47 static int use_atomic;
49 static int prefer_ofs_delta = 1;
50 static int auto_update_server_info;
51 static int auto_gc = 1;
52 static int fix_thin = 1;
53 static int stateless_rpc;
54 static const char *service_dir;
55 static const char *head_name;
56 static void *head_name_to_free;
57 static int sent_capabilities;
58 static int shallow_update;
59 static const char *alt_shallow_file;
60 static struct strbuf push_cert = STRBUF_INIT;
61 static unsigned char push_cert_sha1[20];
62 static struct signature_check sigcheck;
63 static const char *push_cert_nonce;
64 static const char *cert_nonce_seed;
66 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
67 static const char *NONCE_BAD = "BAD";
68 static const char *NONCE_MISSING = "MISSING";
69 static const char *NONCE_OK = "OK";
70 static const char *NONCE_SLOP = "SLOP";
71 static const char *nonce_status;
72 static long nonce_stamp_slop;
73 static unsigned long nonce_stamp_slop_limit;
74 static struct ref_transaction *transaction;
76 static enum deny_action parse_deny_action(const char *var, const char *value)
79 if (!strcasecmp(value, "ignore"))
81 if (!strcasecmp(value, "warn"))
83 if (!strcasecmp(value, "refuse"))
85 if (!strcasecmp(value, "updateinstead"))
86 return DENY_UPDATE_INSTEAD;
88 if (git_config_bool(var, value))
93 static int receive_pack_config(const char *var, const char *value, void *cb)
95 int status = parse_hide_refs_config(var, value, "receive");
100 if (strcmp(var, "receive.denydeletes") == 0) {
101 deny_deletes = git_config_bool(var, value);
105 if (strcmp(var, "receive.denynonfastforwards") == 0) {
106 deny_non_fast_forwards = git_config_bool(var, value);
110 if (strcmp(var, "receive.unpacklimit") == 0) {
111 receive_unpack_limit = git_config_int(var, value);
115 if (strcmp(var, "transfer.unpacklimit") == 0) {
116 transfer_unpack_limit = git_config_int(var, value);
120 if (strcmp(var, "receive.fsck.skiplist") == 0) {
123 if (git_config_pathname(&path, var, value))
125 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
126 fsck_msg_types.len ? ',' : '=', path);
131 if (skip_prefix(var, "receive.fsck.", &var)) {
132 if (is_valid_msg_type(var, value))
133 strbuf_addf(&fsck_msg_types, "%c%s=%s",
134 fsck_msg_types.len ? ',' : '=', var, value);
136 warning("Skipping unknown msg id '%s'", var);
140 if (strcmp(var, "receive.fsckobjects") == 0) {
141 receive_fsck_objects = git_config_bool(var, value);
145 if (strcmp(var, "transfer.fsckobjects") == 0) {
146 transfer_fsck_objects = git_config_bool(var, value);
150 if (!strcmp(var, "receive.denycurrentbranch")) {
151 deny_current_branch = parse_deny_action(var, value);
155 if (strcmp(var, "receive.denydeletecurrent") == 0) {
156 deny_delete_current = parse_deny_action(var, value);
160 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
161 prefer_ofs_delta = git_config_bool(var, value);
165 if (strcmp(var, "receive.updateserverinfo") == 0) {
166 auto_update_server_info = git_config_bool(var, value);
170 if (strcmp(var, "receive.autogc") == 0) {
171 auto_gc = git_config_bool(var, value);
175 if (strcmp(var, "receive.shallowupdate") == 0) {
176 shallow_update = git_config_bool(var, value);
180 if (strcmp(var, "receive.certnonceseed") == 0)
181 return git_config_string(&cert_nonce_seed, var, value);
183 if (strcmp(var, "receive.certnonceslop") == 0) {
184 nonce_stamp_slop_limit = git_config_ulong(var, value);
188 if (strcmp(var, "receive.advertiseatomic") == 0) {
189 advertise_atomic_push = git_config_bool(var, value);
193 return git_default_config(var, value, cb);
196 static void show_ref(const char *path, const unsigned char *sha1)
198 if (sent_capabilities) {
199 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
201 struct strbuf cap = STRBUF_INIT;
204 "report-status delete-refs side-band-64k quiet");
205 if (advertise_atomic_push)
206 strbuf_addstr(&cap, " atomic");
207 if (prefer_ofs_delta)
208 strbuf_addstr(&cap, " ofs-delta");
210 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
211 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
212 packet_write(1, "%s %s%c%s\n",
213 sha1_to_hex(sha1), path, 0, cap.buf);
214 strbuf_release(&cap);
215 sent_capabilities = 1;
219 static int show_ref_cb(const char *path_full, const struct object_id *oid,
220 int flag, void *unused)
222 const char *path = strip_namespace(path_full);
224 if (ref_is_hidden(path, path_full))
228 * Advertise refs outside our current namespace as ".have"
229 * refs, so that the client can use them to minimize data
230 * transfer but will otherwise ignore them. This happens to
231 * cover ".have" that are thrown in by add_one_alternate_ref()
232 * to mark histories that are complete in our alternates as
237 show_ref(path, oid->hash);
241 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
243 show_ref(".have", sha1);
246 static void collect_one_alternate_ref(const struct ref *ref, void *data)
248 struct sha1_array *sa = data;
249 sha1_array_append(sa, ref->old_oid.hash);
252 static void write_head_info(void)
254 struct sha1_array sa = SHA1_ARRAY_INIT;
256 for_each_alternate_ref(collect_one_alternate_ref, &sa);
257 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
258 sha1_array_clear(&sa);
259 for_each_ref(show_ref_cb, NULL);
260 if (!sent_capabilities)
261 show_ref("capabilities^{}", null_sha1);
263 advertise_shallow_grafts(1);
270 struct command *next;
271 const char *error_string;
272 unsigned int skip_update:1,
275 unsigned char old_sha1[20];
276 unsigned char new_sha1[20];
277 char ref_name[FLEX_ARRAY]; /* more */
280 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
281 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
283 static void report_message(const char *prefix, const char *err, va_list params)
288 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
289 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
290 if (sz > (sizeof(msg) - 1))
291 sz = sizeof(msg) - 1;
295 send_sideband(1, 2, msg, sz, use_sideband);
300 static void rp_warning(const char *err, ...)
303 va_start(params, err);
304 report_message("warning: ", err, params);
308 static void rp_error(const char *err, ...)
311 va_start(params, err);
312 report_message("error: ", err, params);
316 static int copy_to_sideband(int in, int out, void *arg)
320 ssize_t sz = xread(in, data, sizeof(data));
323 send_sideband(1, 2, data, sz, use_sideband);
329 #define HMAC_BLOCK_SIZE 64
331 static void hmac_sha1(unsigned char *out,
332 const char *key_in, size_t key_len,
333 const char *text, size_t text_len)
335 unsigned char key[HMAC_BLOCK_SIZE];
336 unsigned char k_ipad[HMAC_BLOCK_SIZE];
337 unsigned char k_opad[HMAC_BLOCK_SIZE];
341 /* RFC 2104 2. (1) */
342 memset(key, '\0', HMAC_BLOCK_SIZE);
343 if (HMAC_BLOCK_SIZE < key_len) {
345 git_SHA1_Update(&ctx, key_in, key_len);
346 git_SHA1_Final(key, &ctx);
348 memcpy(key, key_in, key_len);
351 /* RFC 2104 2. (2) & (5) */
352 for (i = 0; i < sizeof(key); i++) {
353 k_ipad[i] = key[i] ^ 0x36;
354 k_opad[i] = key[i] ^ 0x5c;
357 /* RFC 2104 2. (3) & (4) */
359 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
360 git_SHA1_Update(&ctx, text, text_len);
361 git_SHA1_Final(out, &ctx);
363 /* RFC 2104 2. (6) & (7) */
365 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
366 git_SHA1_Update(&ctx, out, 20);
367 git_SHA1_Final(out, &ctx);
370 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
372 struct strbuf buf = STRBUF_INIT;
373 unsigned char sha1[20];
375 strbuf_addf(&buf, "%s:%lu", path, stamp);
376 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
377 strbuf_release(&buf);
379 /* RFC 2104 5. HMAC-SHA1-80 */
380 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
381 return strbuf_detach(&buf, NULL);
385 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
386 * after dropping "_commit" from its name and possibly moving it out
389 static char *find_header(const char *msg, size_t len, const char *key)
391 int key_len = strlen(key);
392 const char *line = msg;
394 while (line && line < msg + len) {
395 const char *eol = strchrnul(line, '\n');
397 if ((msg + len <= eol) || line == eol)
399 if (line + key_len < eol &&
400 !memcmp(line, key, key_len) && line[key_len] == ' ') {
401 int offset = key_len + 1;
402 return xmemdupz(line + offset, (eol - line) - offset);
404 line = *eol ? eol + 1 : NULL;
409 static const char *check_nonce(const char *buf, size_t len)
411 char *nonce = find_header(buf, len, "nonce");
412 unsigned long stamp, ostamp;
413 char *bohmac, *expect = NULL;
414 const char *retval = NONCE_BAD;
417 retval = NONCE_MISSING;
419 } else if (!push_cert_nonce) {
420 retval = NONCE_UNSOLICITED;
422 } else if (!strcmp(push_cert_nonce, nonce)) {
427 if (!stateless_rpc) {
428 /* returned nonce MUST match what we gave out earlier */
434 * In stateless mode, we may be receiving a nonce issued by
435 * another instance of the server that serving the same
436 * repository, and the timestamps may not match, but the
437 * nonce-seed and dir should match, so we can recompute and
438 * report the time slop.
440 * In addition, when a nonce issued by another instance has
441 * timestamp within receive.certnonceslop seconds, we pretend
442 * as if we issued that nonce when reporting to the hook.
445 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
446 if (*nonce <= '0' || '9' < *nonce) {
450 stamp = strtoul(nonce, &bohmac, 10);
451 if (bohmac == nonce || bohmac[0] != '-') {
456 expect = prepare_push_cert_nonce(service_dir, stamp);
457 if (strcmp(expect, nonce)) {
458 /* Not what we would have signed earlier */
464 * By how many seconds is this nonce stale? Negative value
465 * would mean it was issued by another server with its clock
466 * skewed in the future.
468 ostamp = strtoul(push_cert_nonce, NULL, 10);
469 nonce_stamp_slop = (long)ostamp - (long)stamp;
471 if (nonce_stamp_slop_limit &&
472 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
474 * Pretend as if the received nonce (which passes the
475 * HMAC check, so it is not a forged by third-party)
478 free((void *)push_cert_nonce);
479 push_cert_nonce = xstrdup(nonce);
491 static void prepare_push_cert_sha1(struct child_process *proc)
493 static int already_done;
499 struct strbuf gpg_output = STRBUF_INIT;
500 struct strbuf gpg_status = STRBUF_INIT;
501 int bogs /* beginning_of_gpg_sig */;
504 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
505 hashclr(push_cert_sha1);
507 memset(&sigcheck, '\0', sizeof(sigcheck));
508 sigcheck.result = 'N';
510 bogs = parse_signature(push_cert.buf, push_cert.len);
511 if (verify_signed_buffer(push_cert.buf, bogs,
512 push_cert.buf + bogs, push_cert.len - bogs,
513 &gpg_output, &gpg_status) < 0) {
514 ; /* error running gpg */
516 sigcheck.payload = push_cert.buf;
517 sigcheck.gpg_output = gpg_output.buf;
518 sigcheck.gpg_status = gpg_status.buf;
519 parse_gpg_output(&sigcheck);
522 strbuf_release(&gpg_output);
523 strbuf_release(&gpg_status);
524 nonce_status = check_nonce(push_cert.buf, bogs);
526 if (!is_null_sha1(push_cert_sha1)) {
527 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
528 sha1_to_hex(push_cert_sha1));
529 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
530 sigcheck.signer ? sigcheck.signer : "");
531 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
532 sigcheck.key ? sigcheck.key : "");
533 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
535 if (push_cert_nonce) {
536 argv_array_pushf(&proc->env_array,
537 "GIT_PUSH_CERT_NONCE=%s",
539 argv_array_pushf(&proc->env_array,
540 "GIT_PUSH_CERT_NONCE_STATUS=%s",
542 if (nonce_status == NONCE_SLOP)
543 argv_array_pushf(&proc->env_array,
544 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
550 typedef int (*feed_fn)(void *, const char **, size_t *);
551 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
553 struct child_process proc = CHILD_PROCESS_INIT;
558 argv[0] = find_hook(hook_name);
566 proc.stdout_to_stderr = 1;
569 memset(&muxer, 0, sizeof(muxer));
570 muxer.proc = copy_to_sideband;
572 code = start_async(&muxer);
578 prepare_push_cert_sha1(&proc);
580 code = start_command(&proc);
583 finish_async(&muxer);
587 sigchain_push(SIGPIPE, SIG_IGN);
592 if (feed(feed_state, &buf, &n))
594 if (write_in_full(proc.in, buf, n) != n)
599 finish_async(&muxer);
601 sigchain_pop(SIGPIPE);
603 return finish_command(&proc);
606 struct receive_hook_feed_state {
612 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
614 struct receive_hook_feed_state *state = state_;
615 struct command *cmd = state->cmd;
618 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
622 strbuf_reset(&state->buf);
623 strbuf_addf(&state->buf, "%s %s %s\n",
624 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
626 state->cmd = cmd->next;
628 *bufp = state->buf.buf;
629 *sizep = state->buf.len;
634 static int run_receive_hook(struct command *commands, const char *hook_name,
637 struct receive_hook_feed_state state;
640 strbuf_init(&state.buf, 0);
641 state.cmd = commands;
642 state.skip_broken = skip_broken;
643 if (feed_receive_hook(&state, NULL, NULL))
645 state.cmd = commands;
646 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
647 strbuf_release(&state.buf);
651 static int run_update_hook(struct command *cmd)
654 struct child_process proc = CHILD_PROCESS_INIT;
657 argv[0] = find_hook("update");
661 argv[1] = cmd->ref_name;
662 argv[2] = sha1_to_hex(cmd->old_sha1);
663 argv[3] = sha1_to_hex(cmd->new_sha1);
667 proc.stdout_to_stderr = 1;
668 proc.err = use_sideband ? -1 : 0;
671 code = start_command(&proc);
675 copy_to_sideband(proc.err, -1, NULL);
676 return finish_command(&proc);
679 static int is_ref_checked_out(const char *ref)
681 if (is_bare_repository())
686 return !strcmp(head_name, ref);
689 static char *refuse_unconfigured_deny_msg[] = {
690 "By default, updating the current branch in a non-bare repository",
691 "is denied, because it will make the index and work tree inconsistent",
692 "with what you pushed, and will require 'git reset --hard' to match",
693 "the work tree to HEAD.",
695 "You can set 'receive.denyCurrentBranch' configuration variable to",
696 "'ignore' or 'warn' in the remote repository to allow pushing into",
697 "its current branch; however, this is not recommended unless you",
698 "arranged to update its work tree to match what you pushed in some",
701 "To squelch this message and still keep the default behaviour, set",
702 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
705 static void refuse_unconfigured_deny(void)
708 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
709 rp_error("%s", refuse_unconfigured_deny_msg[i]);
712 static char *refuse_unconfigured_deny_delete_current_msg[] = {
713 "By default, deleting the current branch is denied, because the next",
714 "'git clone' won't result in any file checked out, causing confusion.",
716 "You can set 'receive.denyDeleteCurrent' configuration variable to",
717 "'warn' or 'ignore' in the remote repository to allow deleting the",
718 "current branch, with or without a warning message.",
720 "To squelch this message, you can set it to 'refuse'."
723 static void refuse_unconfigured_deny_delete_current(void)
727 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
729 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
732 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
733 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
735 static struct lock_file shallow_lock;
736 struct sha1_array extra = SHA1_ARRAY_INIT;
737 const char *alt_file;
738 uint32_t mask = 1 << (cmd->index % 32);
741 trace_printf_key(&trace_shallow,
742 "shallow: update_shallow_ref %s\n", cmd->ref_name);
743 for (i = 0; i < si->shallow->nr; i++)
744 if (si->used_shallow[i] &&
745 (si->used_shallow[i][cmd->index / 32] & mask) &&
746 !delayed_reachability_test(si, i))
747 sha1_array_append(&extra, si->shallow->sha1[i]);
749 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
750 if (check_shallow_connected(command_singleton_iterator,
752 rollback_lock_file(&shallow_lock);
753 sha1_array_clear(&extra);
757 commit_lock_file(&shallow_lock);
760 * Make sure setup_alternate_shallow() for the next ref does
761 * not lose these new roots..
763 for (i = 0; i < extra.nr; i++)
764 register_shallow(extra.sha1[i]);
766 si->shallow_ref[cmd->index] = 0;
767 sha1_array_clear(&extra);
772 * NEEDSWORK: we should consolidate various implementions of "are we
773 * on an unborn branch?" test into one, and make the unified one more
774 * robust. !get_sha1() based check used here and elsewhere would not
775 * allow us to tell an unborn branch from corrupt ref, for example.
776 * For the purpose of fixing "deploy-to-update does not work when
777 * pushing into an empty repository" issue, this should suffice for
780 static int head_has_history(void)
782 unsigned char sha1[20];
784 return !get_sha1("HEAD", sha1);
787 static const char *push_to_deploy(unsigned char *sha1,
788 struct argv_array *env,
789 const char *work_tree)
791 const char *update_refresh[] = {
792 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
794 const char *diff_files[] = {
795 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
797 const char *diff_index[] = {
798 "diff-index", "--quiet", "--cached", "--ignore-submodules",
801 const char *read_tree[] = {
802 "read-tree", "-u", "-m", NULL, NULL
804 struct child_process child = CHILD_PROCESS_INIT;
806 child.argv = update_refresh;
807 child.env = env->argv;
808 child.dir = work_tree;
810 child.stdout_to_stderr = 1;
812 if (run_command(&child))
813 return "Up-to-date check failed";
815 /* run_command() does not clean up completely; reinitialize */
816 child_process_init(&child);
817 child.argv = diff_files;
818 child.env = env->argv;
819 child.dir = work_tree;
821 child.stdout_to_stderr = 1;
823 if (run_command(&child))
824 return "Working directory has unstaged changes";
826 /* diff-index with either HEAD or an empty tree */
827 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
829 child_process_init(&child);
830 child.argv = diff_index;
831 child.env = env->argv;
834 child.stdout_to_stderr = 0;
836 if (run_command(&child))
837 return "Working directory has staged changes";
839 read_tree[3] = sha1_to_hex(sha1);
840 child_process_init(&child);
841 child.argv = read_tree;
842 child.env = env->argv;
843 child.dir = work_tree;
846 child.stdout_to_stderr = 0;
848 if (run_command(&child))
849 return "Could not update working tree to new HEAD";
854 static const char *push_to_checkout_hook = "push-to-checkout";
856 static const char *push_to_checkout(unsigned char *sha1,
857 struct argv_array *env,
858 const char *work_tree)
860 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
861 if (run_hook_le(env->argv, push_to_checkout_hook,
862 sha1_to_hex(sha1), NULL))
863 return "push-to-checkout hook declined";
868 static const char *update_worktree(unsigned char *sha1)
871 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
872 struct argv_array env = ARGV_ARRAY_INIT;
874 if (is_bare_repository())
875 return "denyCurrentBranch = updateInstead needs a worktree";
877 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
879 if (!find_hook(push_to_checkout_hook))
880 retval = push_to_deploy(sha1, &env, work_tree);
882 retval = push_to_checkout(sha1, &env, work_tree);
884 argv_array_clear(&env);
888 static const char *update(struct command *cmd, struct shallow_info *si)
890 const char *name = cmd->ref_name;
891 struct strbuf namespaced_name_buf = STRBUF_INIT;
892 const char *namespaced_name, *ret;
893 unsigned char *old_sha1 = cmd->old_sha1;
894 unsigned char *new_sha1 = cmd->new_sha1;
896 /* only refs/... are allowed */
897 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
898 rp_error("refusing to create funny ref '%s' remotely", name);
899 return "funny refname";
902 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
903 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
905 if (is_ref_checked_out(namespaced_name)) {
906 switch (deny_current_branch) {
910 rp_warning("updating the current branch");
913 case DENY_UNCONFIGURED:
914 rp_error("refusing to update checked out branch: %s", name);
915 if (deny_current_branch == DENY_UNCONFIGURED)
916 refuse_unconfigured_deny();
917 return "branch is currently checked out";
918 case DENY_UPDATE_INSTEAD:
919 ret = update_worktree(new_sha1);
926 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
927 error("unpack should have generated %s, "
928 "but I can't find it!", sha1_to_hex(new_sha1));
932 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
933 if (deny_deletes && starts_with(name, "refs/heads/")) {
934 rp_error("denying ref deletion for %s", name);
935 return "deletion prohibited";
938 if (head_name && !strcmp(namespaced_name, head_name)) {
939 switch (deny_delete_current) {
943 rp_warning("deleting the current branch");
946 case DENY_UNCONFIGURED:
947 case DENY_UPDATE_INSTEAD:
948 if (deny_delete_current == DENY_UNCONFIGURED)
949 refuse_unconfigured_deny_delete_current();
950 rp_error("refusing to delete the current branch: %s", name);
951 return "deletion of the current branch prohibited";
953 return "Invalid denyDeleteCurrent setting";
958 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
959 !is_null_sha1(old_sha1) &&
960 starts_with(name, "refs/heads/")) {
961 struct object *old_object, *new_object;
962 struct commit *old_commit, *new_commit;
964 old_object = parse_object(old_sha1);
965 new_object = parse_object(new_sha1);
967 if (!old_object || !new_object ||
968 old_object->type != OBJ_COMMIT ||
969 new_object->type != OBJ_COMMIT) {
970 error("bad sha1 objects for %s", name);
973 old_commit = (struct commit *)old_object;
974 new_commit = (struct commit *)new_object;
975 if (!in_merge_bases(old_commit, new_commit)) {
976 rp_error("denying non-fast-forward %s"
977 " (you should pull first)", name);
978 return "non-fast-forward";
981 if (run_update_hook(cmd)) {
982 rp_error("hook declined to update %s", name);
983 return "hook declined";
986 if (is_null_sha1(new_sha1)) {
987 struct strbuf err = STRBUF_INIT;
988 if (!parse_object(old_sha1)) {
990 if (ref_exists(name)) {
991 rp_warning("Allowing deletion of corrupt ref.");
993 rp_warning("Deleting a non-existent ref.");
994 cmd->did_not_exist = 1;
997 if (ref_transaction_delete(transaction,
1001 rp_error("%s", err.buf);
1002 strbuf_release(&err);
1003 return "failed to delete";
1005 strbuf_release(&err);
1006 return NULL; /* good */
1009 struct strbuf err = STRBUF_INIT;
1010 if (shallow_update && si->shallow_ref[cmd->index] &&
1011 update_shallow_ref(cmd, si))
1012 return "shallow error";
1014 if (ref_transaction_update(transaction,
1019 rp_error("%s", err.buf);
1020 strbuf_release(&err);
1022 return "failed to update ref";
1024 strbuf_release(&err);
1026 return NULL; /* good */
1030 static void run_update_post_hook(struct command *commands)
1032 struct command *cmd;
1034 struct child_process proc = CHILD_PROCESS_INIT;
1037 hook = find_hook("post-update");
1038 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1039 if (cmd->error_string || cmd->did_not_exist)
1046 argv_array_push(&proc.args, hook);
1047 for (cmd = commands; cmd; cmd = cmd->next) {
1048 if (cmd->error_string || cmd->did_not_exist)
1050 argv_array_push(&proc.args, cmd->ref_name);
1054 proc.stdout_to_stderr = 1;
1055 proc.err = use_sideband ? -1 : 0;
1057 if (!start_command(&proc)) {
1059 copy_to_sideband(proc.err, -1, NULL);
1060 finish_command(&proc);
1064 static void check_aliased_update(struct command *cmd, struct string_list *list)
1066 struct strbuf buf = STRBUF_INIT;
1067 const char *dst_name;
1068 struct string_list_item *item;
1069 struct command *dst_cmd;
1070 unsigned char sha1[GIT_SHA1_RAWSZ];
1071 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1072 cmd_newh[GIT_SHA1_HEXSZ + 1],
1073 dst_oldh[GIT_SHA1_HEXSZ + 1],
1074 dst_newh[GIT_SHA1_HEXSZ + 1];
1077 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1078 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1079 strbuf_release(&buf);
1081 if (!(flag & REF_ISSYMREF))
1084 dst_name = strip_namespace(dst_name);
1086 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1087 cmd->skip_update = 1;
1088 cmd->error_string = "broken symref";
1092 if ((item = string_list_lookup(list, dst_name)) == NULL)
1095 cmd->skip_update = 1;
1097 dst_cmd = (struct command *) item->util;
1099 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1100 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1103 dst_cmd->skip_update = 1;
1105 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1106 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1107 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1108 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1109 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1110 " its target '%s' (%s..%s)",
1111 cmd->ref_name, cmd_oldh, cmd_newh,
1112 dst_cmd->ref_name, dst_oldh, dst_newh);
1114 cmd->error_string = dst_cmd->error_string =
1115 "inconsistent aliased update";
1118 static void check_aliased_updates(struct command *commands)
1120 struct command *cmd;
1121 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1123 for (cmd = commands; cmd; cmd = cmd->next) {
1124 struct string_list_item *item =
1125 string_list_append(&ref_list, cmd->ref_name);
1126 item->util = (void *)cmd;
1128 string_list_sort(&ref_list);
1130 for (cmd = commands; cmd; cmd = cmd->next) {
1131 if (!cmd->error_string)
1132 check_aliased_update(cmd, &ref_list);
1135 string_list_clear(&ref_list, 0);
1138 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1140 struct command **cmd_list = cb_data;
1141 struct command *cmd = *cmd_list;
1143 if (!cmd || is_null_sha1(cmd->new_sha1))
1144 return -1; /* end of list */
1145 *cmd_list = NULL; /* this returns only one */
1146 hashcpy(sha1, cmd->new_sha1);
1150 static void set_connectivity_errors(struct command *commands,
1151 struct shallow_info *si)
1153 struct command *cmd;
1155 for (cmd = commands; cmd; cmd = cmd->next) {
1156 struct command *singleton = cmd;
1157 if (shallow_update && si->shallow_ref[cmd->index])
1158 /* to be checked in update_shallow_ref() */
1160 if (!check_everything_connected(command_singleton_iterator,
1163 cmd->error_string = "missing necessary objects";
1167 struct iterate_data {
1168 struct command *cmds;
1169 struct shallow_info *si;
1172 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1174 struct iterate_data *data = cb_data;
1175 struct command **cmd_list = &data->cmds;
1176 struct command *cmd = *cmd_list;
1178 for (; cmd; cmd = cmd->next) {
1179 if (shallow_update && data->si->shallow_ref[cmd->index])
1180 /* to be checked in update_shallow_ref() */
1182 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1183 hashcpy(sha1, cmd->new_sha1);
1184 *cmd_list = cmd->next;
1189 return -1; /* end of list */
1192 static void reject_updates_to_hidden(struct command *commands)
1194 struct strbuf refname_full = STRBUF_INIT;
1196 struct command *cmd;
1198 strbuf_addstr(&refname_full, get_git_namespace());
1199 prefix_len = refname_full.len;
1201 for (cmd = commands; cmd; cmd = cmd->next) {
1202 if (cmd->error_string)
1205 strbuf_setlen(&refname_full, prefix_len);
1206 strbuf_addstr(&refname_full, cmd->ref_name);
1208 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1210 if (is_null_sha1(cmd->new_sha1))
1211 cmd->error_string = "deny deleting a hidden ref";
1213 cmd->error_string = "deny updating a hidden ref";
1216 strbuf_release(&refname_full);
1219 static int should_process_cmd(struct command *cmd)
1221 return !cmd->error_string && !cmd->skip_update;
1224 static void warn_if_skipped_connectivity_check(struct command *commands,
1225 struct shallow_info *si)
1227 struct command *cmd;
1228 int checked_connectivity = 1;
1230 for (cmd = commands; cmd; cmd = cmd->next) {
1231 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1232 error("BUG: connectivity check has not been run on ref %s",
1234 checked_connectivity = 0;
1237 if (!checked_connectivity)
1238 die("BUG: connectivity check skipped???");
1241 static void execute_commands_non_atomic(struct command *commands,
1242 struct shallow_info *si)
1244 struct command *cmd;
1245 struct strbuf err = STRBUF_INIT;
1247 for (cmd = commands; cmd; cmd = cmd->next) {
1248 if (!should_process_cmd(cmd))
1251 transaction = ref_transaction_begin(&err);
1253 rp_error("%s", err.buf);
1255 cmd->error_string = "transaction failed to start";
1259 cmd->error_string = update(cmd, si);
1261 if (!cmd->error_string
1262 && ref_transaction_commit(transaction, &err)) {
1263 rp_error("%s", err.buf);
1265 cmd->error_string = "failed to update ref";
1267 ref_transaction_free(transaction);
1269 strbuf_release(&err);
1272 static void execute_commands_atomic(struct command *commands,
1273 struct shallow_info *si)
1275 struct command *cmd;
1276 struct strbuf err = STRBUF_INIT;
1277 const char *reported_error = "atomic push failure";
1279 transaction = ref_transaction_begin(&err);
1281 rp_error("%s", err.buf);
1283 reported_error = "transaction failed to start";
1287 for (cmd = commands; cmd; cmd = cmd->next) {
1288 if (!should_process_cmd(cmd))
1291 cmd->error_string = update(cmd, si);
1293 if (cmd->error_string)
1297 if (ref_transaction_commit(transaction, &err)) {
1298 rp_error("%s", err.buf);
1299 reported_error = "atomic transaction failed";
1305 for (cmd = commands; cmd; cmd = cmd->next)
1306 if (!cmd->error_string)
1307 cmd->error_string = reported_error;
1310 ref_transaction_free(transaction);
1311 strbuf_release(&err);
1314 static void execute_commands(struct command *commands,
1315 const char *unpacker_error,
1316 struct shallow_info *si)
1318 struct command *cmd;
1319 unsigned char sha1[20];
1320 struct iterate_data data;
1322 if (unpacker_error) {
1323 for (cmd = commands; cmd; cmd = cmd->next)
1324 cmd->error_string = "unpacker error";
1328 data.cmds = commands;
1330 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1331 set_connectivity_errors(commands, si);
1333 reject_updates_to_hidden(commands);
1335 if (run_receive_hook(commands, "pre-receive", 0)) {
1336 for (cmd = commands; cmd; cmd = cmd->next) {
1337 if (!cmd->error_string)
1338 cmd->error_string = "pre-receive hook declined";
1343 check_aliased_updates(commands);
1345 free(head_name_to_free);
1346 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1349 execute_commands_atomic(commands, si);
1351 execute_commands_non_atomic(commands, si);
1354 warn_if_skipped_connectivity_check(commands, si);
1357 static struct command **queue_command(struct command **tail,
1361 unsigned char old_sha1[20], new_sha1[20];
1362 struct command *cmd;
1363 const char *refname;
1369 get_sha1_hex(line, old_sha1) ||
1370 get_sha1_hex(line + 41, new_sha1))
1371 die("protocol error: expected old/new/ref, got '%s'", line);
1373 refname = line + 82;
1374 reflen = linelen - 82;
1375 cmd = xcalloc(1, st_add3(sizeof(struct command), reflen, 1));
1376 hashcpy(cmd->old_sha1, old_sha1);
1377 hashcpy(cmd->new_sha1, new_sha1);
1378 memcpy(cmd->ref_name, refname, reflen);
1379 cmd->ref_name[reflen] = '\0';
1384 static void queue_commands_from_cert(struct command **tail,
1385 struct strbuf *push_cert)
1387 const char *boc, *eoc;
1390 die("protocol error: got both push certificate and unsigned commands");
1392 boc = strstr(push_cert->buf, "\n\n");
1394 die("malformed push certificate %.*s", 100, push_cert->buf);
1397 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1400 const char *eol = memchr(boc, '\n', eoc - boc);
1401 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1402 boc = eol ? eol + 1 : eoc;
1406 static struct command *read_head_info(struct sha1_array *shallow)
1408 struct command *commands = NULL;
1409 struct command **p = &commands;
1414 line = packet_read_line(0, &len);
1418 if (len == 48 && starts_with(line, "shallow ")) {
1419 unsigned char sha1[20];
1420 if (get_sha1_hex(line + 8, sha1))
1421 die("protocol error: expected shallow sha, got '%s'",
1423 sha1_array_append(shallow, sha1);
1427 linelen = strlen(line);
1428 if (linelen < len) {
1429 const char *feature_list = line + linelen + 1;
1430 if (parse_feature_request(feature_list, "report-status"))
1432 if (parse_feature_request(feature_list, "side-band-64k"))
1433 use_sideband = LARGE_PACKET_MAX;
1434 if (parse_feature_request(feature_list, "quiet"))
1436 if (advertise_atomic_push
1437 && parse_feature_request(feature_list, "atomic"))
1441 if (!strcmp(line, "push-cert")) {
1446 len = packet_read(0, NULL, NULL,
1447 certbuf, sizeof(certbuf), 0);
1452 if (!strcmp(certbuf, "push-cert-end\n"))
1453 break; /* end of cert */
1454 strbuf_addstr(&push_cert, certbuf);
1462 p = queue_command(p, line, linelen);
1466 queue_commands_from_cert(p, &push_cert);
1471 static const char *parse_pack_header(struct pack_header *hdr)
1473 switch (read_pack_header(0, hdr)) {
1475 return "eof before pack header was fully read";
1477 case PH_ERROR_PACK_SIGNATURE:
1478 return "protocol error (pack signature mismatch detected)";
1480 case PH_ERROR_PROTOCOL:
1481 return "protocol error (pack version unsupported)";
1484 return "unknown error in parse_pack_header";
1491 static const char *pack_lockfile;
1493 static const char *unpack(int err_fd, struct shallow_info *si)
1495 struct pack_header hdr;
1496 const char *hdr_err;
1499 struct child_process child = CHILD_PROCESS_INIT;
1500 int fsck_objects = (receive_fsck_objects >= 0
1501 ? receive_fsck_objects
1502 : transfer_fsck_objects >= 0
1503 ? transfer_fsck_objects
1506 hdr_err = parse_pack_header(&hdr);
1512 snprintf(hdr_arg, sizeof(hdr_arg),
1513 "--pack_header=%"PRIu32",%"PRIu32,
1514 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1516 if (si->nr_ours || si->nr_theirs) {
1517 alt_shallow_file = setup_temporary_shallow(si->shallow);
1518 argv_array_push(&child.args, "--shallow-file");
1519 argv_array_push(&child.args, alt_shallow_file);
1522 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1523 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1525 argv_array_push(&child.args, "-q");
1527 argv_array_pushf(&child.args, "--strict%s",
1528 fsck_msg_types.buf);
1529 child.no_stdout = 1;
1532 status = run_command(&child);
1534 return "unpack-objects abnormal exit";
1538 argv_array_pushl(&child.args, "index-pack",
1539 "--stdin", hdr_arg, NULL);
1541 if (gethostname(hostname, sizeof(hostname)))
1542 xsnprintf(hostname, sizeof(hostname), "localhost");
1543 argv_array_pushf(&child.args,
1544 "--keep=receive-pack %"PRIuMAX" on %s",
1545 (uintmax_t)getpid(),
1549 argv_array_pushf(&child.args, "--strict%s",
1550 fsck_msg_types.buf);
1552 argv_array_push(&child.args, "--fix-thin");
1556 status = start_command(&child);
1558 return "index-pack fork failed";
1559 pack_lockfile = index_pack_lockfile(child.out);
1561 status = finish_command(&child);
1563 return "index-pack abnormal exit";
1564 reprepare_packed_git();
1569 static const char *unpack_with_sideband(struct shallow_info *si)
1575 return unpack(0, si);
1577 memset(&muxer, 0, sizeof(muxer));
1578 muxer.proc = copy_to_sideband;
1580 if (start_async(&muxer))
1583 ret = unpack(muxer.in, si);
1585 finish_async(&muxer);
1589 static void prepare_shallow_update(struct command *commands,
1590 struct shallow_info *si)
1592 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1594 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1595 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1597 si->need_reachability_test =
1598 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1600 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1601 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1603 for (i = 0; i < si->nr_ours; i++)
1604 si->need_reachability_test[si->ours[i]] = 1;
1606 for (i = 0; i < si->shallow->nr; i++) {
1607 if (!si->used_shallow[i])
1609 for (j = 0; j < bitmap_size; j++) {
1610 if (!si->used_shallow[i][j])
1612 si->need_reachability_test[i]++;
1613 for (k = 0; k < 32; k++)
1614 if (si->used_shallow[i][j] & (1U << k))
1615 si->shallow_ref[j * 32 + k]++;
1619 * true for those associated with some refs and belong
1620 * in "ours" list aka "step 7 not done yet"
1622 si->need_reachability_test[i] =
1623 si->need_reachability_test[i] > 1;
1627 * keep hooks happy by forcing a temporary shallow file via
1628 * env variable because we can't add --shallow-file to every
1629 * command. check_everything_connected() will be done with
1630 * true .git/shallow though.
1632 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1635 static void update_shallow_info(struct command *commands,
1636 struct shallow_info *si,
1637 struct sha1_array *ref)
1639 struct command *cmd;
1641 remove_nonexistent_theirs_shallow(si);
1642 if (!si->nr_ours && !si->nr_theirs) {
1647 for (cmd = commands; cmd; cmd = cmd->next) {
1648 if (is_null_sha1(cmd->new_sha1))
1650 sha1_array_append(ref, cmd->new_sha1);
1651 cmd->index = ref->nr - 1;
1655 if (shallow_update) {
1656 prepare_shallow_update(commands, si);
1660 ALLOC_ARRAY(ref_status, ref->nr);
1661 assign_shallow_commits_to_refs(si, NULL, ref_status);
1662 for (cmd = commands; cmd; cmd = cmd->next) {
1663 if (is_null_sha1(cmd->new_sha1))
1665 if (ref_status[cmd->index]) {
1666 cmd->error_string = "shallow update not allowed";
1667 cmd->skip_update = 1;
1673 static void report(struct command *commands, const char *unpack_status)
1675 struct command *cmd;
1676 struct strbuf buf = STRBUF_INIT;
1678 packet_buf_write(&buf, "unpack %s\n",
1679 unpack_status ? unpack_status : "ok");
1680 for (cmd = commands; cmd; cmd = cmd->next) {
1681 if (!cmd->error_string)
1682 packet_buf_write(&buf, "ok %s\n",
1685 packet_buf_write(&buf, "ng %s %s\n",
1686 cmd->ref_name, cmd->error_string);
1688 packet_buf_flush(&buf);
1691 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1693 write_or_die(1, buf.buf, buf.len);
1694 strbuf_release(&buf);
1697 static int delete_only(struct command *commands)
1699 struct command *cmd;
1700 for (cmd = commands; cmd; cmd = cmd->next) {
1701 if (!is_null_sha1(cmd->new_sha1))
1707 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1709 int advertise_refs = 0;
1711 struct command *commands;
1712 struct sha1_array shallow = SHA1_ARRAY_INIT;
1713 struct sha1_array ref = SHA1_ARRAY_INIT;
1714 struct shallow_info si;
1716 packet_trace_identity("receive-pack");
1719 for (i = 1; i < argc; i++) {
1720 const char *arg = *argv++;
1723 if (!strcmp(arg, "--quiet")) {
1728 if (!strcmp(arg, "--advertise-refs")) {
1732 if (!strcmp(arg, "--stateless-rpc")) {
1736 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1741 usage(receive_pack_usage);
1744 usage(receive_pack_usage);
1748 usage(receive_pack_usage);
1752 if (!enter_repo(service_dir, 0))
1753 die("'%s' does not appear to be a git repository", service_dir);
1755 git_config(receive_pack_config, NULL);
1756 if (cert_nonce_seed)
1757 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1759 if (0 <= transfer_unpack_limit)
1760 unpack_limit = transfer_unpack_limit;
1761 else if (0 <= receive_unpack_limit)
1762 unpack_limit = receive_unpack_limit;
1764 if (advertise_refs || !stateless_rpc) {
1770 if ((commands = read_head_info(&shallow)) != NULL) {
1771 const char *unpack_status = NULL;
1773 prepare_shallow_info(&si, &shallow);
1774 if (!si.nr_ours && !si.nr_theirs)
1776 if (!delete_only(commands)) {
1777 unpack_status = unpack_with_sideband(&si);
1778 update_shallow_info(commands, &si, &ref);
1780 execute_commands(commands, unpack_status, &si);
1782 unlink_or_warn(pack_lockfile);
1784 report(commands, unpack_status);
1785 run_receive_hook(commands, "post-receive", 1);
1786 run_update_post_hook(commands);
1788 const char *argv_gc_auto[] = {
1789 "gc", "--auto", "--quiet", NULL,
1791 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1793 run_command_v_opt(argv_gc_auto, opt);
1795 if (auto_update_server_info)
1796 update_server_info(0);
1797 clear_shallow_info(&si);
1801 sha1_array_clear(&shallow);
1802 sha1_array_clear(&ref);
1803 free((void *)push_cert_nonce);
projects / git / blob