7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int unpack_limit = 100;
42 static int report_status;
43 static int use_sideband;
45 static int prefer_ofs_delta = 1;
46 static int auto_update_server_info;
47 static int auto_gc = 1;
48 static int fix_thin = 1;
49 static int stateless_rpc;
50 static const char *service_dir;
51 static const char *head_name;
52 static void *head_name_to_free;
53 static int sent_capabilities;
54 static int shallow_update;
55 static const char *alt_shallow_file;
56 static struct strbuf push_cert = STRBUF_INIT;
57 static unsigned char push_cert_sha1[20];
58 static struct signature_check sigcheck;
59 static const char *push_cert_nonce;
60 static const char *cert_nonce_seed;
62 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
63 static const char *NONCE_BAD = "BAD";
64 static const char *NONCE_MISSING = "MISSING";
65 static const char *NONCE_OK = "OK";
66 static const char *NONCE_SLOP = "SLOP";
67 static const char *nonce_status;
68 static long nonce_stamp_slop;
69 static unsigned long nonce_stamp_slop_limit;
71 static enum deny_action parse_deny_action(const char *var, const char *value)
74 if (!strcasecmp(value, "ignore"))
76 if (!strcasecmp(value, "warn"))
78 if (!strcasecmp(value, "refuse"))
80 if (!strcasecmp(value, "updateinstead"))
81 return DENY_UPDATE_INSTEAD;
83 if (git_config_bool(var, value))
88 static int receive_pack_config(const char *var, const char *value, void *cb)
90 int status = parse_hide_refs_config(var, value, "receive");
95 if (strcmp(var, "receive.denydeletes") == 0) {
96 deny_deletes = git_config_bool(var, value);
100 if (strcmp(var, "receive.denynonfastforwards") == 0) {
101 deny_non_fast_forwards = git_config_bool(var, value);
105 if (strcmp(var, "receive.unpacklimit") == 0) {
106 receive_unpack_limit = git_config_int(var, value);
110 if (strcmp(var, "transfer.unpacklimit") == 0) {
111 transfer_unpack_limit = git_config_int(var, value);
115 if (strcmp(var, "receive.fsckobjects") == 0) {
116 receive_fsck_objects = git_config_bool(var, value);
120 if (strcmp(var, "transfer.fsckobjects") == 0) {
121 transfer_fsck_objects = git_config_bool(var, value);
125 if (!strcmp(var, "receive.denycurrentbranch")) {
126 deny_current_branch = parse_deny_action(var, value);
130 if (strcmp(var, "receive.denydeletecurrent") == 0) {
131 deny_delete_current = parse_deny_action(var, value);
135 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
136 prefer_ofs_delta = git_config_bool(var, value);
140 if (strcmp(var, "receive.updateserverinfo") == 0) {
141 auto_update_server_info = git_config_bool(var, value);
145 if (strcmp(var, "receive.autogc") == 0) {
146 auto_gc = git_config_bool(var, value);
150 if (strcmp(var, "receive.shallowupdate") == 0) {
151 shallow_update = git_config_bool(var, value);
155 if (strcmp(var, "receive.certnonceseed") == 0)
156 return git_config_string(&cert_nonce_seed, var, value);
158 if (strcmp(var, "receive.certnonceslop") == 0) {
159 nonce_stamp_slop_limit = git_config_ulong(var, value);
163 return git_default_config(var, value, cb);
166 static void show_ref(const char *path, const unsigned char *sha1)
168 if (ref_is_hidden(path))
171 if (sent_capabilities) {
172 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
174 struct strbuf cap = STRBUF_INIT;
177 "report-status delete-refs side-band-64k quiet");
178 if (prefer_ofs_delta)
179 strbuf_addstr(&cap, " ofs-delta");
181 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
182 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
183 packet_write(1, "%s %s%c%s\n",
184 sha1_to_hex(sha1), path, 0, cap.buf);
185 strbuf_release(&cap);
186 sent_capabilities = 1;
190 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
192 path = strip_namespace(path);
194 * Advertise refs outside our current namespace as ".have"
195 * refs, so that the client can use them to minimize data
196 * transfer but will otherwise ignore them. This happens to
197 * cover ".have" that are thrown in by add_one_alternate_ref()
198 * to mark histories that are complete in our alternates as
203 show_ref(path, sha1);
207 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
209 show_ref(".have", sha1);
212 static void collect_one_alternate_ref(const struct ref *ref, void *data)
214 struct sha1_array *sa = data;
215 sha1_array_append(sa, ref->old_sha1);
218 static void write_head_info(void)
220 struct sha1_array sa = SHA1_ARRAY_INIT;
221 for_each_alternate_ref(collect_one_alternate_ref, &sa);
222 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
223 sha1_array_clear(&sa);
224 for_each_ref(show_ref_cb, NULL);
225 if (!sent_capabilities)
226 show_ref("capabilities^{}", null_sha1);
228 advertise_shallow_grafts(1);
235 struct command *next;
236 const char *error_string;
237 unsigned int skip_update:1,
240 unsigned char old_sha1[20];
241 unsigned char new_sha1[20];
242 char ref_name[FLEX_ARRAY]; /* more */
245 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
246 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
248 static void report_message(const char *prefix, const char *err, va_list params)
250 int sz = strlen(prefix);
253 strncpy(msg, prefix, sz);
254 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
255 if (sz > (sizeof(msg) - 1))
256 sz = sizeof(msg) - 1;
260 send_sideband(1, 2, msg, sz, use_sideband);
265 static void rp_warning(const char *err, ...)
268 va_start(params, err);
269 report_message("warning: ", err, params);
273 static void rp_error(const char *err, ...)
276 va_start(params, err);
277 report_message("error: ", err, params);
281 static int copy_to_sideband(int in, int out, void *arg)
285 ssize_t sz = xread(in, data, sizeof(data));
288 send_sideband(1, 2, data, sz, use_sideband);
294 #define HMAC_BLOCK_SIZE 64
296 static void hmac_sha1(unsigned char *out,
297 const char *key_in, size_t key_len,
298 const char *text, size_t text_len)
300 unsigned char key[HMAC_BLOCK_SIZE];
301 unsigned char k_ipad[HMAC_BLOCK_SIZE];
302 unsigned char k_opad[HMAC_BLOCK_SIZE];
306 /* RFC 2104 2. (1) */
307 memset(key, '\0', HMAC_BLOCK_SIZE);
308 if (HMAC_BLOCK_SIZE < key_len) {
310 git_SHA1_Update(&ctx, key_in, key_len);
311 git_SHA1_Final(key, &ctx);
313 memcpy(key, key_in, key_len);
316 /* RFC 2104 2. (2) & (5) */
317 for (i = 0; i < sizeof(key); i++) {
318 k_ipad[i] = key[i] ^ 0x36;
319 k_opad[i] = key[i] ^ 0x5c;
322 /* RFC 2104 2. (3) & (4) */
324 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
325 git_SHA1_Update(&ctx, text, text_len);
326 git_SHA1_Final(out, &ctx);
328 /* RFC 2104 2. (6) & (7) */
330 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
331 git_SHA1_Update(&ctx, out, 20);
332 git_SHA1_Final(out, &ctx);
335 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
337 struct strbuf buf = STRBUF_INIT;
338 unsigned char sha1[20];
340 strbuf_addf(&buf, "%s:%lu", path, stamp);
341 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
342 strbuf_release(&buf);
344 /* RFC 2104 5. HMAC-SHA1-80 */
345 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
346 return strbuf_detach(&buf, NULL);
350 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
351 * after dropping "_commit" from its name and possibly moving it out
354 static char *find_header(const char *msg, size_t len, const char *key)
356 int key_len = strlen(key);
357 const char *line = msg;
359 while (line && line < msg + len) {
360 const char *eol = strchrnul(line, '\n');
362 if ((msg + len <= eol) || line == eol)
364 if (line + key_len < eol &&
365 !memcmp(line, key, key_len) && line[key_len] == ' ') {
366 int offset = key_len + 1;
367 return xmemdupz(line + offset, (eol - line) - offset);
369 line = *eol ? eol + 1 : NULL;
374 static const char *check_nonce(const char *buf, size_t len)
376 char *nonce = find_header(buf, len, "nonce");
377 unsigned long stamp, ostamp;
378 char *bohmac, *expect = NULL;
379 const char *retval = NONCE_BAD;
382 retval = NONCE_MISSING;
384 } else if (!push_cert_nonce) {
385 retval = NONCE_UNSOLICITED;
387 } else if (!strcmp(push_cert_nonce, nonce)) {
392 if (!stateless_rpc) {
393 /* returned nonce MUST match what we gave out earlier */
399 * In stateless mode, we may be receiving a nonce issued by
400 * another instance of the server that serving the same
401 * repository, and the timestamps may not match, but the
402 * nonce-seed and dir should match, so we can recompute and
403 * report the time slop.
405 * In addition, when a nonce issued by another instance has
406 * timestamp within receive.certnonceslop seconds, we pretend
407 * as if we issued that nonce when reporting to the hook.
410 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
411 if (*nonce <= '0' || '9' < *nonce) {
415 stamp = strtoul(nonce, &bohmac, 10);
416 if (bohmac == nonce || bohmac[0] != '-') {
421 expect = prepare_push_cert_nonce(service_dir, stamp);
422 if (strcmp(expect, nonce)) {
423 /* Not what we would have signed earlier */
429 * By how many seconds is this nonce stale? Negative value
430 * would mean it was issued by another server with its clock
431 * skewed in the future.
433 ostamp = strtoul(push_cert_nonce, NULL, 10);
434 nonce_stamp_slop = (long)ostamp - (long)stamp;
436 if (nonce_stamp_slop_limit &&
437 abs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
439 * Pretend as if the received nonce (which passes the
440 * HMAC check, so it is not a forged by third-party)
443 free((void *)push_cert_nonce);
444 push_cert_nonce = xstrdup(nonce);
456 static void prepare_push_cert_sha1(struct child_process *proc)
458 static int already_done;
464 struct strbuf gpg_output = STRBUF_INIT;
465 struct strbuf gpg_status = STRBUF_INIT;
466 int bogs /* beginning_of_gpg_sig */;
469 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
470 hashclr(push_cert_sha1);
472 memset(&sigcheck, '\0', sizeof(sigcheck));
473 sigcheck.result = 'N';
475 bogs = parse_signature(push_cert.buf, push_cert.len);
476 if (verify_signed_buffer(push_cert.buf, bogs,
477 push_cert.buf + bogs, push_cert.len - bogs,
478 &gpg_output, &gpg_status) < 0) {
479 ; /* error running gpg */
481 sigcheck.payload = push_cert.buf;
482 sigcheck.gpg_output = gpg_output.buf;
483 sigcheck.gpg_status = gpg_status.buf;
484 parse_gpg_output(&sigcheck);
487 strbuf_release(&gpg_output);
488 strbuf_release(&gpg_status);
489 nonce_status = check_nonce(push_cert.buf, bogs);
491 if (!is_null_sha1(push_cert_sha1)) {
492 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
493 sha1_to_hex(push_cert_sha1));
494 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
495 sigcheck.signer ? sigcheck.signer : "");
496 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
497 sigcheck.key ? sigcheck.key : "");
498 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
500 if (push_cert_nonce) {
501 argv_array_pushf(&proc->env_array,
502 "GIT_PUSH_CERT_NONCE=%s",
504 argv_array_pushf(&proc->env_array,
505 "GIT_PUSH_CERT_NONCE_STATUS=%s",
507 if (nonce_status == NONCE_SLOP)
508 argv_array_pushf(&proc->env_array,
509 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
515 typedef int (*feed_fn)(void *, const char **, size_t *);
516 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
518 struct child_process proc = CHILD_PROCESS_INIT;
523 argv[0] = find_hook(hook_name);
531 proc.stdout_to_stderr = 1;
534 memset(&muxer, 0, sizeof(muxer));
535 muxer.proc = copy_to_sideband;
537 code = start_async(&muxer);
543 prepare_push_cert_sha1(&proc);
545 code = start_command(&proc);
548 finish_async(&muxer);
552 sigchain_push(SIGPIPE, SIG_IGN);
557 if (feed(feed_state, &buf, &n))
559 if (write_in_full(proc.in, buf, n) != n)
564 finish_async(&muxer);
566 sigchain_pop(SIGPIPE);
568 return finish_command(&proc);
571 struct receive_hook_feed_state {
577 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
579 struct receive_hook_feed_state *state = state_;
580 struct command *cmd = state->cmd;
583 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
587 strbuf_reset(&state->buf);
588 strbuf_addf(&state->buf, "%s %s %s\n",
589 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
591 state->cmd = cmd->next;
593 *bufp = state->buf.buf;
594 *sizep = state->buf.len;
599 static int run_receive_hook(struct command *commands, const char *hook_name,
602 struct receive_hook_feed_state state;
605 strbuf_init(&state.buf, 0);
606 state.cmd = commands;
607 state.skip_broken = skip_broken;
608 if (feed_receive_hook(&state, NULL, NULL))
610 state.cmd = commands;
611 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
612 strbuf_release(&state.buf);
616 static int run_update_hook(struct command *cmd)
619 struct child_process proc = CHILD_PROCESS_INIT;
622 argv[0] = find_hook("update");
626 argv[1] = cmd->ref_name;
627 argv[2] = sha1_to_hex(cmd->old_sha1);
628 argv[3] = sha1_to_hex(cmd->new_sha1);
632 proc.stdout_to_stderr = 1;
633 proc.err = use_sideband ? -1 : 0;
636 code = start_command(&proc);
640 copy_to_sideband(proc.err, -1, NULL);
641 return finish_command(&proc);
644 static int is_ref_checked_out(const char *ref)
646 if (is_bare_repository())
651 return !strcmp(head_name, ref);
654 static char *refuse_unconfigured_deny_msg[] = {
655 "By default, updating the current branch in a non-bare repository",
656 "is denied, because it will make the index and work tree inconsistent",
657 "with what you pushed, and will require 'git reset --hard' to match",
658 "the work tree to HEAD.",
660 "You can set 'receive.denyCurrentBranch' configuration variable to",
661 "'ignore' or 'warn' in the remote repository to allow pushing into",
662 "its current branch; however, this is not recommended unless you",
663 "arranged to update its work tree to match what you pushed in some",
666 "To squelch this message and still keep the default behaviour, set",
667 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
670 static void refuse_unconfigured_deny(void)
673 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
674 rp_error("%s", refuse_unconfigured_deny_msg[i]);
677 static char *refuse_unconfigured_deny_delete_current_msg[] = {
678 "By default, deleting the current branch is denied, because the next",
679 "'git clone' won't result in any file checked out, causing confusion.",
681 "You can set 'receive.denyDeleteCurrent' configuration variable to",
682 "'warn' or 'ignore' in the remote repository to allow deleting the",
683 "current branch, with or without a warning message.",
685 "To squelch this message, you can set it to 'refuse'."
688 static void refuse_unconfigured_deny_delete_current(void)
692 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
694 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
697 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
698 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
700 static struct lock_file shallow_lock;
701 struct sha1_array extra = SHA1_ARRAY_INIT;
702 const char *alt_file;
703 uint32_t mask = 1 << (cmd->index % 32);
706 trace_printf_key(&trace_shallow,
707 "shallow: update_shallow_ref %s\n", cmd->ref_name);
708 for (i = 0; i < si->shallow->nr; i++)
709 if (si->used_shallow[i] &&
710 (si->used_shallow[i][cmd->index / 32] & mask) &&
711 !delayed_reachability_test(si, i))
712 sha1_array_append(&extra, si->shallow->sha1[i]);
714 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
715 if (check_shallow_connected(command_singleton_iterator,
717 rollback_lock_file(&shallow_lock);
718 sha1_array_clear(&extra);
722 commit_lock_file(&shallow_lock);
725 * Make sure setup_alternate_shallow() for the next ref does
726 * not lose these new roots..
728 for (i = 0; i < extra.nr; i++)
729 register_shallow(extra.sha1[i]);
731 si->shallow_ref[cmd->index] = 0;
732 sha1_array_clear(&extra);
736 static const char *push_to_deploy(unsigned char *sha1,
737 struct argv_array *env,
738 const char *work_tree)
740 const char *update_refresh[] = {
741 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
743 const char *diff_files[] = {
744 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
746 const char *diff_index[] = {
747 "diff-index", "--quiet", "--cached", "--ignore-submodules",
750 const char *read_tree[] = {
751 "read-tree", "-u", "-m", NULL, NULL
753 struct child_process child = CHILD_PROCESS_INIT;
755 child.argv = update_refresh;
756 child.env = env->argv;
757 child.dir = work_tree;
759 child.stdout_to_stderr = 1;
761 if (run_command(&child))
762 return "Up-to-date check failed";
764 /* run_command() does not clean up completely; reinitialize */
765 child_process_init(&child);
766 child.argv = diff_files;
767 child.env = env->argv;
768 child.dir = work_tree;
770 child.stdout_to_stderr = 1;
772 if (run_command(&child))
773 return "Working directory has unstaged changes";
775 child_process_init(&child);
776 child.argv = diff_index;
777 child.env = env->argv;
780 child.stdout_to_stderr = 0;
782 if (run_command(&child))
783 return "Working directory has staged changes";
785 read_tree[3] = sha1_to_hex(sha1);
786 child_process_init(&child);
787 child.argv = read_tree;
788 child.env = env->argv;
789 child.dir = work_tree;
792 child.stdout_to_stderr = 0;
794 if (run_command(&child))
795 return "Could not update working tree to new HEAD";
800 static const char *update_worktree(unsigned char *sha1)
803 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
804 struct argv_array env = ARGV_ARRAY_INIT;
806 if (is_bare_repository())
807 return "denyCurrentBranch = updateInstead needs a worktree";
809 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
811 retval = push_to_deploy(sha1, &env, work_tree);
813 argv_array_clear(&env);
817 static const char *update(struct command *cmd, struct shallow_info *si)
819 const char *name = cmd->ref_name;
820 struct strbuf namespaced_name_buf = STRBUF_INIT;
821 const char *namespaced_name, *ret;
822 unsigned char *old_sha1 = cmd->old_sha1;
823 unsigned char *new_sha1 = cmd->new_sha1;
825 /* only refs/... are allowed */
826 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
827 rp_error("refusing to create funny ref '%s' remotely", name);
828 return "funny refname";
831 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
832 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
834 if (is_ref_checked_out(namespaced_name)) {
835 switch (deny_current_branch) {
839 rp_warning("updating the current branch");
842 case DENY_UNCONFIGURED:
843 rp_error("refusing to update checked out branch: %s", name);
844 if (deny_current_branch == DENY_UNCONFIGURED)
845 refuse_unconfigured_deny();
846 return "branch is currently checked out";
847 case DENY_UPDATE_INSTEAD:
848 ret = update_worktree(new_sha1);
855 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
856 error("unpack should have generated %s, "
857 "but I can't find it!", sha1_to_hex(new_sha1));
861 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
862 if (deny_deletes && starts_with(name, "refs/heads/")) {
863 rp_error("denying ref deletion for %s", name);
864 return "deletion prohibited";
867 if (!strcmp(namespaced_name, head_name)) {
868 switch (deny_delete_current) {
872 rp_warning("deleting the current branch");
875 case DENY_UNCONFIGURED:
876 case DENY_UPDATE_INSTEAD:
877 if (deny_delete_current == DENY_UNCONFIGURED)
878 refuse_unconfigured_deny_delete_current();
879 rp_error("refusing to delete the current branch: %s", name);
880 return "deletion of the current branch prohibited";
882 return "Invalid denyDeleteCurrent setting";
887 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
888 !is_null_sha1(old_sha1) &&
889 starts_with(name, "refs/heads/")) {
890 struct object *old_object, *new_object;
891 struct commit *old_commit, *new_commit;
893 old_object = parse_object(old_sha1);
894 new_object = parse_object(new_sha1);
896 if (!old_object || !new_object ||
897 old_object->type != OBJ_COMMIT ||
898 new_object->type != OBJ_COMMIT) {
899 error("bad sha1 objects for %s", name);
902 old_commit = (struct commit *)old_object;
903 new_commit = (struct commit *)new_object;
904 if (!in_merge_bases(old_commit, new_commit)) {
905 rp_error("denying non-fast-forward %s"
906 " (you should pull first)", name);
907 return "non-fast-forward";
910 if (run_update_hook(cmd)) {
911 rp_error("hook declined to update %s", name);
912 return "hook declined";
915 if (is_null_sha1(new_sha1)) {
916 if (!parse_object(old_sha1)) {
918 if (ref_exists(name)) {
919 rp_warning("Allowing deletion of corrupt ref.");
921 rp_warning("Deleting a non-existent ref.");
922 cmd->did_not_exist = 1;
925 if (delete_ref(namespaced_name, old_sha1, 0)) {
926 rp_error("failed to delete %s", name);
927 return "failed to delete";
929 return NULL; /* good */
932 struct strbuf err = STRBUF_INIT;
933 struct ref_transaction *transaction;
935 if (shallow_update && si->shallow_ref[cmd->index] &&
936 update_shallow_ref(cmd, si))
937 return "shallow error";
939 transaction = ref_transaction_begin(&err);
941 ref_transaction_update(transaction, namespaced_name,
942 new_sha1, old_sha1, 0, 1, "push",
944 ref_transaction_commit(transaction, &err)) {
945 ref_transaction_free(transaction);
947 rp_error("%s", err.buf);
948 strbuf_release(&err);
949 return "failed to update ref";
952 ref_transaction_free(transaction);
953 strbuf_release(&err);
954 return NULL; /* good */
958 static void run_update_post_hook(struct command *commands)
963 struct child_process proc = CHILD_PROCESS_INIT;
966 hook = find_hook("post-update");
967 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
968 if (cmd->error_string || cmd->did_not_exist)
975 argv = xmalloc(sizeof(*argv) * (2 + argc));
978 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
979 if (cmd->error_string || cmd->did_not_exist)
981 argv[argc] = xstrdup(cmd->ref_name);
987 proc.stdout_to_stderr = 1;
988 proc.err = use_sideband ? -1 : 0;
991 if (!start_command(&proc)) {
993 copy_to_sideband(proc.err, -1, NULL);
994 finish_command(&proc);
998 static void check_aliased_update(struct command *cmd, struct string_list *list)
1000 struct strbuf buf = STRBUF_INIT;
1001 const char *dst_name;
1002 struct string_list_item *item;
1003 struct command *dst_cmd;
1004 unsigned char sha1[20];
1005 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1008 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1009 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1010 strbuf_release(&buf);
1012 if (!(flag & REF_ISSYMREF))
1015 dst_name = strip_namespace(dst_name);
1017 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1018 cmd->skip_update = 1;
1019 cmd->error_string = "broken symref";
1023 if ((item = string_list_lookup(list, dst_name)) == NULL)
1026 cmd->skip_update = 1;
1028 dst_cmd = (struct command *) item->util;
1030 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1031 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1034 dst_cmd->skip_update = 1;
1036 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1037 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1038 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1039 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1040 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1041 " its target '%s' (%s..%s)",
1042 cmd->ref_name, cmd_oldh, cmd_newh,
1043 dst_cmd->ref_name, dst_oldh, dst_newh);
1045 cmd->error_string = dst_cmd->error_string =
1046 "inconsistent aliased update";
1049 static void check_aliased_updates(struct command *commands)
1051 struct command *cmd;
1052 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1054 for (cmd = commands; cmd; cmd = cmd->next) {
1055 struct string_list_item *item =
1056 string_list_append(&ref_list, cmd->ref_name);
1057 item->util = (void *)cmd;
1059 sort_string_list(&ref_list);
1061 for (cmd = commands; cmd; cmd = cmd->next) {
1062 if (!cmd->error_string)
1063 check_aliased_update(cmd, &ref_list);
1066 string_list_clear(&ref_list, 0);
1069 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1071 struct command **cmd_list = cb_data;
1072 struct command *cmd = *cmd_list;
1074 if (!cmd || is_null_sha1(cmd->new_sha1))
1075 return -1; /* end of list */
1076 *cmd_list = NULL; /* this returns only one */
1077 hashcpy(sha1, cmd->new_sha1);
1081 static void set_connectivity_errors(struct command *commands,
1082 struct shallow_info *si)
1084 struct command *cmd;
1086 for (cmd = commands; cmd; cmd = cmd->next) {
1087 struct command *singleton = cmd;
1088 if (shallow_update && si->shallow_ref[cmd->index])
1089 /* to be checked in update_shallow_ref() */
1091 if (!check_everything_connected(command_singleton_iterator,
1094 cmd->error_string = "missing necessary objects";
1098 struct iterate_data {
1099 struct command *cmds;
1100 struct shallow_info *si;
1103 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1105 struct iterate_data *data = cb_data;
1106 struct command **cmd_list = &data->cmds;
1107 struct command *cmd = *cmd_list;
1109 for (; cmd; cmd = cmd->next) {
1110 if (shallow_update && data->si->shallow_ref[cmd->index])
1111 /* to be checked in update_shallow_ref() */
1113 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1114 hashcpy(sha1, cmd->new_sha1);
1115 *cmd_list = cmd->next;
1120 return -1; /* end of list */
1123 static void reject_updates_to_hidden(struct command *commands)
1125 struct command *cmd;
1127 for (cmd = commands; cmd; cmd = cmd->next) {
1128 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1130 if (is_null_sha1(cmd->new_sha1))
1131 cmd->error_string = "deny deleting a hidden ref";
1133 cmd->error_string = "deny updating a hidden ref";
1137 static void execute_commands(struct command *commands,
1138 const char *unpacker_error,
1139 struct shallow_info *si)
1141 int checked_connectivity;
1142 struct command *cmd;
1143 unsigned char sha1[20];
1144 struct iterate_data data;
1146 if (unpacker_error) {
1147 for (cmd = commands; cmd; cmd = cmd->next)
1148 cmd->error_string = "unpacker error";
1152 data.cmds = commands;
1154 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1155 set_connectivity_errors(commands, si);
1157 reject_updates_to_hidden(commands);
1159 if (run_receive_hook(commands, "pre-receive", 0)) {
1160 for (cmd = commands; cmd; cmd = cmd->next) {
1161 if (!cmd->error_string)
1162 cmd->error_string = "pre-receive hook declined";
1167 check_aliased_updates(commands);
1169 free(head_name_to_free);
1170 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1172 checked_connectivity = 1;
1173 for (cmd = commands; cmd; cmd = cmd->next) {
1174 if (cmd->error_string)
1177 if (cmd->skip_update)
1180 cmd->error_string = update(cmd, si);
1181 if (shallow_update && !cmd->error_string &&
1182 si->shallow_ref[cmd->index]) {
1183 error("BUG: connectivity check has not been run on ref %s",
1185 checked_connectivity = 0;
1189 if (shallow_update && !checked_connectivity)
1190 error("BUG: run 'git fsck' for safety.\n"
1191 "If there are errors, try to remove "
1192 "the reported refs above");
1195 static struct command **queue_command(struct command **tail,
1199 unsigned char old_sha1[20], new_sha1[20];
1200 struct command *cmd;
1201 const char *refname;
1207 get_sha1_hex(line, old_sha1) ||
1208 get_sha1_hex(line + 41, new_sha1))
1209 die("protocol error: expected old/new/ref, got '%s'", line);
1211 refname = line + 82;
1212 reflen = linelen - 82;
1213 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1214 hashcpy(cmd->old_sha1, old_sha1);
1215 hashcpy(cmd->new_sha1, new_sha1);
1216 memcpy(cmd->ref_name, refname, reflen);
1217 cmd->ref_name[reflen] = '\0';
1222 static void queue_commands_from_cert(struct command **tail,
1223 struct strbuf *push_cert)
1225 const char *boc, *eoc;
1228 die("protocol error: got both push certificate and unsigned commands");
1230 boc = strstr(push_cert->buf, "\n\n");
1232 die("malformed push certificate %.*s", 100, push_cert->buf);
1235 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1238 const char *eol = memchr(boc, '\n', eoc - boc);
1239 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1240 boc = eol ? eol + 1 : eoc;
1244 static struct command *read_head_info(struct sha1_array *shallow)
1246 struct command *commands = NULL;
1247 struct command **p = &commands;
1252 line = packet_read_line(0, &len);
1256 if (len == 48 && starts_with(line, "shallow ")) {
1257 unsigned char sha1[20];
1258 if (get_sha1_hex(line + 8, sha1))
1259 die("protocol error: expected shallow sha, got '%s'",
1261 sha1_array_append(shallow, sha1);
1265 linelen = strlen(line);
1266 if (linelen < len) {
1267 const char *feature_list = line + linelen + 1;
1268 if (parse_feature_request(feature_list, "report-status"))
1270 if (parse_feature_request(feature_list, "side-band-64k"))
1271 use_sideband = LARGE_PACKET_MAX;
1272 if (parse_feature_request(feature_list, "quiet"))
1276 if (!strcmp(line, "push-cert")) {
1281 len = packet_read(0, NULL, NULL,
1282 certbuf, sizeof(certbuf), 0);
1287 if (!strcmp(certbuf, "push-cert-end\n"))
1288 break; /* end of cert */
1289 strbuf_addstr(&push_cert, certbuf);
1297 p = queue_command(p, line, linelen);
1301 queue_commands_from_cert(p, &push_cert);
1306 static const char *parse_pack_header(struct pack_header *hdr)
1308 switch (read_pack_header(0, hdr)) {
1310 return "eof before pack header was fully read";
1312 case PH_ERROR_PACK_SIGNATURE:
1313 return "protocol error (pack signature mismatch detected)";
1315 case PH_ERROR_PROTOCOL:
1316 return "protocol error (pack version unsupported)";
1319 return "unknown error in parse_pack_header";
1326 static const char *pack_lockfile;
1328 static const char *unpack(int err_fd, struct shallow_info *si)
1330 struct pack_header hdr;
1331 const char *hdr_err;
1334 struct child_process child = CHILD_PROCESS_INIT;
1335 int fsck_objects = (receive_fsck_objects >= 0
1336 ? receive_fsck_objects
1337 : transfer_fsck_objects >= 0
1338 ? transfer_fsck_objects
1341 hdr_err = parse_pack_header(&hdr);
1347 snprintf(hdr_arg, sizeof(hdr_arg),
1348 "--pack_header=%"PRIu32",%"PRIu32,
1349 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1351 if (si->nr_ours || si->nr_theirs) {
1352 alt_shallow_file = setup_temporary_shallow(si->shallow);
1353 argv_array_push(&child.args, "--shallow-file");
1354 argv_array_push(&child.args, alt_shallow_file);
1357 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1358 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1360 argv_array_push(&child.args, "-q");
1362 argv_array_push(&child.args, "--strict");
1363 child.no_stdout = 1;
1366 status = run_command(&child);
1368 return "unpack-objects abnormal exit";
1373 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1374 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1375 strcpy(keep_arg + s, "localhost");
1377 argv_array_pushl(&child.args, "index-pack",
1378 "--stdin", hdr_arg, keep_arg, NULL);
1380 argv_array_push(&child.args, "--strict");
1382 argv_array_push(&child.args, "--fix-thin");
1386 status = start_command(&child);
1388 return "index-pack fork failed";
1389 pack_lockfile = index_pack_lockfile(child.out);
1391 status = finish_command(&child);
1393 return "index-pack abnormal exit";
1394 reprepare_packed_git();
1399 static const char *unpack_with_sideband(struct shallow_info *si)
1405 return unpack(0, si);
1407 memset(&muxer, 0, sizeof(muxer));
1408 muxer.proc = copy_to_sideband;
1410 if (start_async(&muxer))
1413 ret = unpack(muxer.in, si);
1415 finish_async(&muxer);
1419 static void prepare_shallow_update(struct command *commands,
1420 struct shallow_info *si)
1422 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1424 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1426 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1428 si->need_reachability_test =
1429 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1431 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1432 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1434 for (i = 0; i < si->nr_ours; i++)
1435 si->need_reachability_test[si->ours[i]] = 1;
1437 for (i = 0; i < si->shallow->nr; i++) {
1438 if (!si->used_shallow[i])
1440 for (j = 0; j < bitmap_size; j++) {
1441 if (!si->used_shallow[i][j])
1443 si->need_reachability_test[i]++;
1444 for (k = 0; k < 32; k++)
1445 if (si->used_shallow[i][j] & (1 << k))
1446 si->shallow_ref[j * 32 + k]++;
1450 * true for those associated with some refs and belong
1451 * in "ours" list aka "step 7 not done yet"
1453 si->need_reachability_test[i] =
1454 si->need_reachability_test[i] > 1;
1458 * keep hooks happy by forcing a temporary shallow file via
1459 * env variable because we can't add --shallow-file to every
1460 * command. check_everything_connected() will be done with
1461 * true .git/shallow though.
1463 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1466 static void update_shallow_info(struct command *commands,
1467 struct shallow_info *si,
1468 struct sha1_array *ref)
1470 struct command *cmd;
1472 remove_nonexistent_theirs_shallow(si);
1473 if (!si->nr_ours && !si->nr_theirs) {
1478 for (cmd = commands; cmd; cmd = cmd->next) {
1479 if (is_null_sha1(cmd->new_sha1))
1481 sha1_array_append(ref, cmd->new_sha1);
1482 cmd->index = ref->nr - 1;
1486 if (shallow_update) {
1487 prepare_shallow_update(commands, si);
1491 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1492 assign_shallow_commits_to_refs(si, NULL, ref_status);
1493 for (cmd = commands; cmd; cmd = cmd->next) {
1494 if (is_null_sha1(cmd->new_sha1))
1496 if (ref_status[cmd->index]) {
1497 cmd->error_string = "shallow update not allowed";
1498 cmd->skip_update = 1;
1504 static void report(struct command *commands, const char *unpack_status)
1506 struct command *cmd;
1507 struct strbuf buf = STRBUF_INIT;
1509 packet_buf_write(&buf, "unpack %s\n",
1510 unpack_status ? unpack_status : "ok");
1511 for (cmd = commands; cmd; cmd = cmd->next) {
1512 if (!cmd->error_string)
1513 packet_buf_write(&buf, "ok %s\n",
1516 packet_buf_write(&buf, "ng %s %s\n",
1517 cmd->ref_name, cmd->error_string);
1519 packet_buf_flush(&buf);
1522 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1524 write_or_die(1, buf.buf, buf.len);
1525 strbuf_release(&buf);
1528 static int delete_only(struct command *commands)
1530 struct command *cmd;
1531 for (cmd = commands; cmd; cmd = cmd->next) {
1532 if (!is_null_sha1(cmd->new_sha1))
1538 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1540 int advertise_refs = 0;
1542 struct command *commands;
1543 struct sha1_array shallow = SHA1_ARRAY_INIT;
1544 struct sha1_array ref = SHA1_ARRAY_INIT;
1545 struct shallow_info si;
1547 packet_trace_identity("receive-pack");
1550 for (i = 1; i < argc; i++) {
1551 const char *arg = *argv++;
1554 if (!strcmp(arg, "--quiet")) {
1559 if (!strcmp(arg, "--advertise-refs")) {
1563 if (!strcmp(arg, "--stateless-rpc")) {
1567 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1572 usage(receive_pack_usage);
1575 usage(receive_pack_usage);
1579 usage(receive_pack_usage);
1583 if (!enter_repo(service_dir, 0))
1584 die("'%s' does not appear to be a git repository", service_dir);
1586 git_config(receive_pack_config, NULL);
1587 if (cert_nonce_seed)
1588 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1590 if (0 <= transfer_unpack_limit)
1591 unpack_limit = transfer_unpack_limit;
1592 else if (0 <= receive_unpack_limit)
1593 unpack_limit = receive_unpack_limit;
1595 if (advertise_refs || !stateless_rpc) {
1601 if ((commands = read_head_info(&shallow)) != NULL) {
1602 const char *unpack_status = NULL;
1604 prepare_shallow_info(&si, &shallow);
1605 if (!si.nr_ours && !si.nr_theirs)
1607 if (!delete_only(commands)) {
1608 unpack_status = unpack_with_sideband(&si);
1609 update_shallow_info(commands, &si, &ref);
1611 execute_commands(commands, unpack_status, &si);
1613 unlink_or_warn(pack_lockfile);
1615 report(commands, unpack_status);
1616 run_receive_hook(commands, "post-receive", 1);
1617 run_update_post_hook(commands);
1619 const char *argv_gc_auto[] = {
1620 "gc", "--auto", "--quiet", NULL,
1622 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1623 run_command_v_opt(argv_gc_auto, opt);
1625 if (auto_update_server_info)
1626 update_server_info(0);
1627 clear_shallow_info(&si);
1631 sha1_array_clear(&shallow);
1632 sha1_array_clear(&ref);
1633 free((void *)push_cert_nonce);
projects / git / blob