7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int advertise_atomic_push = 1;
42 static int unpack_limit = 100;
43 static int report_status;
44 static int use_sideband;
45 static int use_atomic;
47 static int prefer_ofs_delta = 1;
48 static int auto_update_server_info;
49 static int auto_gc = 1;
50 static int fix_thin = 1;
51 static int stateless_rpc;
52 static const char *service_dir;
53 static const char *head_name;
54 static void *head_name_to_free;
55 static int sent_capabilities;
56 static int shallow_update;
57 static const char *alt_shallow_file;
58 static struct strbuf push_cert = STRBUF_INIT;
59 static unsigned char push_cert_sha1[20];
60 static struct signature_check sigcheck;
61 static const char *push_cert_nonce;
62 static const char *cert_nonce_seed;
64 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65 static const char *NONCE_BAD = "BAD";
66 static const char *NONCE_MISSING = "MISSING";
67 static const char *NONCE_OK = "OK";
68 static const char *NONCE_SLOP = "SLOP";
69 static const char *nonce_status;
70 static long nonce_stamp_slop;
71 static unsigned long nonce_stamp_slop_limit;
72 static struct ref_transaction *transaction;
74 static enum deny_action parse_deny_action(const char *var, const char *value)
77 if (!strcasecmp(value, "ignore"))
79 if (!strcasecmp(value, "warn"))
81 if (!strcasecmp(value, "refuse"))
83 if (!strcasecmp(value, "updateinstead"))
84 return DENY_UPDATE_INSTEAD;
86 if (git_config_bool(var, value))
91 static int receive_pack_config(const char *var, const char *value, void *cb)
93 int status = parse_hide_refs_config(var, value, "receive");
98 if (strcmp(var, "receive.denydeletes") == 0) {
99 deny_deletes = git_config_bool(var, value);
103 if (strcmp(var, "receive.denynonfastforwards") == 0) {
104 deny_non_fast_forwards = git_config_bool(var, value);
108 if (strcmp(var, "receive.unpacklimit") == 0) {
109 receive_unpack_limit = git_config_int(var, value);
113 if (strcmp(var, "transfer.unpacklimit") == 0) {
114 transfer_unpack_limit = git_config_int(var, value);
118 if (strcmp(var, "receive.fsckobjects") == 0) {
119 receive_fsck_objects = git_config_bool(var, value);
123 if (strcmp(var, "transfer.fsckobjects") == 0) {
124 transfer_fsck_objects = git_config_bool(var, value);
128 if (!strcmp(var, "receive.denycurrentbranch")) {
129 deny_current_branch = parse_deny_action(var, value);
133 if (strcmp(var, "receive.denydeletecurrent") == 0) {
134 deny_delete_current = parse_deny_action(var, value);
138 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139 prefer_ofs_delta = git_config_bool(var, value);
143 if (strcmp(var, "receive.updateserverinfo") == 0) {
144 auto_update_server_info = git_config_bool(var, value);
148 if (strcmp(var, "receive.autogc") == 0) {
149 auto_gc = git_config_bool(var, value);
153 if (strcmp(var, "receive.shallowupdate") == 0) {
154 shallow_update = git_config_bool(var, value);
158 if (strcmp(var, "receive.certnonceseed") == 0)
159 return git_config_string(&cert_nonce_seed, var, value);
161 if (strcmp(var, "receive.certnonceslop") == 0) {
162 nonce_stamp_slop_limit = git_config_ulong(var, value);
166 if (strcmp(var, "receive.advertiseatomic") == 0) {
167 advertise_atomic_push = git_config_bool(var, value);
171 return git_default_config(var, value, cb);
174 static void show_ref(const char *path, const unsigned char *sha1)
176 if (ref_is_hidden(path))
179 if (sent_capabilities) {
180 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
182 struct strbuf cap = STRBUF_INIT;
185 "report-status delete-refs side-band-64k quiet");
186 if (advertise_atomic_push)
187 strbuf_addstr(&cap, " atomic");
188 if (prefer_ofs_delta)
189 strbuf_addstr(&cap, " ofs-delta");
191 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193 packet_write(1, "%s %s%c%s\n",
194 sha1_to_hex(sha1), path, 0, cap.buf);
195 strbuf_release(&cap);
196 sent_capabilities = 1;
200 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
202 path = strip_namespace(path);
204 * Advertise refs outside our current namespace as ".have"
205 * refs, so that the client can use them to minimize data
206 * transfer but will otherwise ignore them. This happens to
207 * cover ".have" that are thrown in by add_one_alternate_ref()
208 * to mark histories that are complete in our alternates as
213 show_ref(path, sha1);
217 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
219 show_ref(".have", sha1);
222 static void collect_one_alternate_ref(const struct ref *ref, void *data)
224 struct sha1_array *sa = data;
225 sha1_array_append(sa, ref->old_sha1);
228 static void write_head_info(void)
230 struct sha1_array sa = SHA1_ARRAY_INIT;
231 struct each_ref_fn_sha1_adapter wrapped_show_ref_cb =
234 for_each_alternate_ref(collect_one_alternate_ref, &sa);
235 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
236 sha1_array_clear(&sa);
237 for_each_ref(each_ref_fn_adapter, &wrapped_show_ref_cb);
238 if (!sent_capabilities)
239 show_ref("capabilities^{}", null_sha1);
241 advertise_shallow_grafts(1);
248 struct command *next;
249 const char *error_string;
250 unsigned int skip_update:1,
253 unsigned char old_sha1[20];
254 unsigned char new_sha1[20];
255 char ref_name[FLEX_ARRAY]; /* more */
258 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
259 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
261 static void report_message(const char *prefix, const char *err, va_list params)
263 int sz = strlen(prefix);
266 strncpy(msg, prefix, sz);
267 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
268 if (sz > (sizeof(msg) - 1))
269 sz = sizeof(msg) - 1;
273 send_sideband(1, 2, msg, sz, use_sideband);
278 static void rp_warning(const char *err, ...)
281 va_start(params, err);
282 report_message("warning: ", err, params);
286 static void rp_error(const char *err, ...)
289 va_start(params, err);
290 report_message("error: ", err, params);
294 static int copy_to_sideband(int in, int out, void *arg)
298 ssize_t sz = xread(in, data, sizeof(data));
301 send_sideband(1, 2, data, sz, use_sideband);
307 #define HMAC_BLOCK_SIZE 64
309 static void hmac_sha1(unsigned char *out,
310 const char *key_in, size_t key_len,
311 const char *text, size_t text_len)
313 unsigned char key[HMAC_BLOCK_SIZE];
314 unsigned char k_ipad[HMAC_BLOCK_SIZE];
315 unsigned char k_opad[HMAC_BLOCK_SIZE];
319 /* RFC 2104 2. (1) */
320 memset(key, '\0', HMAC_BLOCK_SIZE);
321 if (HMAC_BLOCK_SIZE < key_len) {
323 git_SHA1_Update(&ctx, key_in, key_len);
324 git_SHA1_Final(key, &ctx);
326 memcpy(key, key_in, key_len);
329 /* RFC 2104 2. (2) & (5) */
330 for (i = 0; i < sizeof(key); i++) {
331 k_ipad[i] = key[i] ^ 0x36;
332 k_opad[i] = key[i] ^ 0x5c;
335 /* RFC 2104 2. (3) & (4) */
337 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
338 git_SHA1_Update(&ctx, text, text_len);
339 git_SHA1_Final(out, &ctx);
341 /* RFC 2104 2. (6) & (7) */
343 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
344 git_SHA1_Update(&ctx, out, 20);
345 git_SHA1_Final(out, &ctx);
348 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
350 struct strbuf buf = STRBUF_INIT;
351 unsigned char sha1[20];
353 strbuf_addf(&buf, "%s:%lu", path, stamp);
354 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
355 strbuf_release(&buf);
357 /* RFC 2104 5. HMAC-SHA1-80 */
358 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
359 return strbuf_detach(&buf, NULL);
363 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
364 * after dropping "_commit" from its name and possibly moving it out
367 static char *find_header(const char *msg, size_t len, const char *key)
369 int key_len = strlen(key);
370 const char *line = msg;
372 while (line && line < msg + len) {
373 const char *eol = strchrnul(line, '\n');
375 if ((msg + len <= eol) || line == eol)
377 if (line + key_len < eol &&
378 !memcmp(line, key, key_len) && line[key_len] == ' ') {
379 int offset = key_len + 1;
380 return xmemdupz(line + offset, (eol - line) - offset);
382 line = *eol ? eol + 1 : NULL;
387 static const char *check_nonce(const char *buf, size_t len)
389 char *nonce = find_header(buf, len, "nonce");
390 unsigned long stamp, ostamp;
391 char *bohmac, *expect = NULL;
392 const char *retval = NONCE_BAD;
395 retval = NONCE_MISSING;
397 } else if (!push_cert_nonce) {
398 retval = NONCE_UNSOLICITED;
400 } else if (!strcmp(push_cert_nonce, nonce)) {
405 if (!stateless_rpc) {
406 /* returned nonce MUST match what we gave out earlier */
412 * In stateless mode, we may be receiving a nonce issued by
413 * another instance of the server that serving the same
414 * repository, and the timestamps may not match, but the
415 * nonce-seed and dir should match, so we can recompute and
416 * report the time slop.
418 * In addition, when a nonce issued by another instance has
419 * timestamp within receive.certnonceslop seconds, we pretend
420 * as if we issued that nonce when reporting to the hook.
423 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
424 if (*nonce <= '0' || '9' < *nonce) {
428 stamp = strtoul(nonce, &bohmac, 10);
429 if (bohmac == nonce || bohmac[0] != '-') {
434 expect = prepare_push_cert_nonce(service_dir, stamp);
435 if (strcmp(expect, nonce)) {
436 /* Not what we would have signed earlier */
442 * By how many seconds is this nonce stale? Negative value
443 * would mean it was issued by another server with its clock
444 * skewed in the future.
446 ostamp = strtoul(push_cert_nonce, NULL, 10);
447 nonce_stamp_slop = (long)ostamp - (long)stamp;
449 if (nonce_stamp_slop_limit &&
450 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
452 * Pretend as if the received nonce (which passes the
453 * HMAC check, so it is not a forged by third-party)
456 free((void *)push_cert_nonce);
457 push_cert_nonce = xstrdup(nonce);
469 static void prepare_push_cert_sha1(struct child_process *proc)
471 static int already_done;
477 struct strbuf gpg_output = STRBUF_INIT;
478 struct strbuf gpg_status = STRBUF_INIT;
479 int bogs /* beginning_of_gpg_sig */;
482 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
483 hashclr(push_cert_sha1);
485 memset(&sigcheck, '\0', sizeof(sigcheck));
486 sigcheck.result = 'N';
488 bogs = parse_signature(push_cert.buf, push_cert.len);
489 if (verify_signed_buffer(push_cert.buf, bogs,
490 push_cert.buf + bogs, push_cert.len - bogs,
491 &gpg_output, &gpg_status) < 0) {
492 ; /* error running gpg */
494 sigcheck.payload = push_cert.buf;
495 sigcheck.gpg_output = gpg_output.buf;
496 sigcheck.gpg_status = gpg_status.buf;
497 parse_gpg_output(&sigcheck);
500 strbuf_release(&gpg_output);
501 strbuf_release(&gpg_status);
502 nonce_status = check_nonce(push_cert.buf, bogs);
504 if (!is_null_sha1(push_cert_sha1)) {
505 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
506 sha1_to_hex(push_cert_sha1));
507 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
508 sigcheck.signer ? sigcheck.signer : "");
509 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
510 sigcheck.key ? sigcheck.key : "");
511 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
513 if (push_cert_nonce) {
514 argv_array_pushf(&proc->env_array,
515 "GIT_PUSH_CERT_NONCE=%s",
517 argv_array_pushf(&proc->env_array,
518 "GIT_PUSH_CERT_NONCE_STATUS=%s",
520 if (nonce_status == NONCE_SLOP)
521 argv_array_pushf(&proc->env_array,
522 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
528 typedef int (*feed_fn)(void *, const char **, size_t *);
529 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
531 struct child_process proc = CHILD_PROCESS_INIT;
536 argv[0] = find_hook(hook_name);
544 proc.stdout_to_stderr = 1;
547 memset(&muxer, 0, sizeof(muxer));
548 muxer.proc = copy_to_sideband;
550 code = start_async(&muxer);
556 prepare_push_cert_sha1(&proc);
558 code = start_command(&proc);
561 finish_async(&muxer);
565 sigchain_push(SIGPIPE, SIG_IGN);
570 if (feed(feed_state, &buf, &n))
572 if (write_in_full(proc.in, buf, n) != n)
577 finish_async(&muxer);
579 sigchain_pop(SIGPIPE);
581 return finish_command(&proc);
584 struct receive_hook_feed_state {
590 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
592 struct receive_hook_feed_state *state = state_;
593 struct command *cmd = state->cmd;
596 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
600 strbuf_reset(&state->buf);
601 strbuf_addf(&state->buf, "%s %s %s\n",
602 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
604 state->cmd = cmd->next;
606 *bufp = state->buf.buf;
607 *sizep = state->buf.len;
612 static int run_receive_hook(struct command *commands, const char *hook_name,
615 struct receive_hook_feed_state state;
618 strbuf_init(&state.buf, 0);
619 state.cmd = commands;
620 state.skip_broken = skip_broken;
621 if (feed_receive_hook(&state, NULL, NULL))
623 state.cmd = commands;
624 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
625 strbuf_release(&state.buf);
629 static int run_update_hook(struct command *cmd)
632 struct child_process proc = CHILD_PROCESS_INIT;
635 argv[0] = find_hook("update");
639 argv[1] = cmd->ref_name;
640 argv[2] = sha1_to_hex(cmd->old_sha1);
641 argv[3] = sha1_to_hex(cmd->new_sha1);
645 proc.stdout_to_stderr = 1;
646 proc.err = use_sideband ? -1 : 0;
649 code = start_command(&proc);
653 copy_to_sideband(proc.err, -1, NULL);
654 return finish_command(&proc);
657 static int is_ref_checked_out(const char *ref)
659 if (is_bare_repository())
664 return !strcmp(head_name, ref);
667 static char *refuse_unconfigured_deny_msg[] = {
668 "By default, updating the current branch in a non-bare repository",
669 "is denied, because it will make the index and work tree inconsistent",
670 "with what you pushed, and will require 'git reset --hard' to match",
671 "the work tree to HEAD.",
673 "You can set 'receive.denyCurrentBranch' configuration variable to",
674 "'ignore' or 'warn' in the remote repository to allow pushing into",
675 "its current branch; however, this is not recommended unless you",
676 "arranged to update its work tree to match what you pushed in some",
679 "To squelch this message and still keep the default behaviour, set",
680 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
683 static void refuse_unconfigured_deny(void)
686 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
687 rp_error("%s", refuse_unconfigured_deny_msg[i]);
690 static char *refuse_unconfigured_deny_delete_current_msg[] = {
691 "By default, deleting the current branch is denied, because the next",
692 "'git clone' won't result in any file checked out, causing confusion.",
694 "You can set 'receive.denyDeleteCurrent' configuration variable to",
695 "'warn' or 'ignore' in the remote repository to allow deleting the",
696 "current branch, with or without a warning message.",
698 "To squelch this message, you can set it to 'refuse'."
701 static void refuse_unconfigured_deny_delete_current(void)
705 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
707 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
710 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
711 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
713 static struct lock_file shallow_lock;
714 struct sha1_array extra = SHA1_ARRAY_INIT;
715 const char *alt_file;
716 uint32_t mask = 1 << (cmd->index % 32);
719 trace_printf_key(&trace_shallow,
720 "shallow: update_shallow_ref %s\n", cmd->ref_name);
721 for (i = 0; i < si->shallow->nr; i++)
722 if (si->used_shallow[i] &&
723 (si->used_shallow[i][cmd->index / 32] & mask) &&
724 !delayed_reachability_test(si, i))
725 sha1_array_append(&extra, si->shallow->sha1[i]);
727 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
728 if (check_shallow_connected(command_singleton_iterator,
730 rollback_lock_file(&shallow_lock);
731 sha1_array_clear(&extra);
735 commit_lock_file(&shallow_lock);
738 * Make sure setup_alternate_shallow() for the next ref does
739 * not lose these new roots..
741 for (i = 0; i < extra.nr; i++)
742 register_shallow(extra.sha1[i]);
744 si->shallow_ref[cmd->index] = 0;
745 sha1_array_clear(&extra);
750 * NEEDSWORK: we should consolidate various implementions of "are we
751 * on an unborn branch?" test into one, and make the unified one more
752 * robust. !get_sha1() based check used here and elsewhere would not
753 * allow us to tell an unborn branch from corrupt ref, for example.
754 * For the purpose of fixing "deploy-to-update does not work when
755 * pushing into an empty repository" issue, this should suffice for
758 static int head_has_history(void)
760 unsigned char sha1[20];
762 return !get_sha1("HEAD", sha1);
765 static const char *push_to_deploy(unsigned char *sha1,
766 struct argv_array *env,
767 const char *work_tree)
769 const char *update_refresh[] = {
770 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
772 const char *diff_files[] = {
773 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
775 const char *diff_index[] = {
776 "diff-index", "--quiet", "--cached", "--ignore-submodules",
779 const char *read_tree[] = {
780 "read-tree", "-u", "-m", NULL, NULL
782 struct child_process child = CHILD_PROCESS_INIT;
784 child.argv = update_refresh;
785 child.env = env->argv;
786 child.dir = work_tree;
788 child.stdout_to_stderr = 1;
790 if (run_command(&child))
791 return "Up-to-date check failed";
793 /* run_command() does not clean up completely; reinitialize */
794 child_process_init(&child);
795 child.argv = diff_files;
796 child.env = env->argv;
797 child.dir = work_tree;
799 child.stdout_to_stderr = 1;
801 if (run_command(&child))
802 return "Working directory has unstaged changes";
804 /* diff-index with either HEAD or an empty tree */
805 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
807 child_process_init(&child);
808 child.argv = diff_index;
809 child.env = env->argv;
812 child.stdout_to_stderr = 0;
814 if (run_command(&child))
815 return "Working directory has staged changes";
817 read_tree[3] = sha1_to_hex(sha1);
818 child_process_init(&child);
819 child.argv = read_tree;
820 child.env = env->argv;
821 child.dir = work_tree;
824 child.stdout_to_stderr = 0;
826 if (run_command(&child))
827 return "Could not update working tree to new HEAD";
832 static const char *push_to_checkout_hook = "push-to-checkout";
834 static const char *push_to_checkout(unsigned char *sha1,
835 struct argv_array *env,
836 const char *work_tree)
838 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
839 if (run_hook_le(env->argv, push_to_checkout_hook,
840 sha1_to_hex(sha1), NULL))
841 return "push-to-checkout hook declined";
846 static const char *update_worktree(unsigned char *sha1)
849 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
850 struct argv_array env = ARGV_ARRAY_INIT;
852 if (is_bare_repository())
853 return "denyCurrentBranch = updateInstead needs a worktree";
855 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
857 if (!find_hook(push_to_checkout_hook))
858 retval = push_to_deploy(sha1, &env, work_tree);
860 retval = push_to_checkout(sha1, &env, work_tree);
862 argv_array_clear(&env);
866 static const char *update(struct command *cmd, struct shallow_info *si)
868 const char *name = cmd->ref_name;
869 struct strbuf namespaced_name_buf = STRBUF_INIT;
870 const char *namespaced_name, *ret;
871 unsigned char *old_sha1 = cmd->old_sha1;
872 unsigned char *new_sha1 = cmd->new_sha1;
874 /* only refs/... are allowed */
875 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
876 rp_error("refusing to create funny ref '%s' remotely", name);
877 return "funny refname";
880 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
881 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
883 if (is_ref_checked_out(namespaced_name)) {
884 switch (deny_current_branch) {
888 rp_warning("updating the current branch");
891 case DENY_UNCONFIGURED:
892 rp_error("refusing to update checked out branch: %s", name);
893 if (deny_current_branch == DENY_UNCONFIGURED)
894 refuse_unconfigured_deny();
895 return "branch is currently checked out";
896 case DENY_UPDATE_INSTEAD:
897 ret = update_worktree(new_sha1);
904 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
905 error("unpack should have generated %s, "
906 "but I can't find it!", sha1_to_hex(new_sha1));
910 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
911 if (deny_deletes && starts_with(name, "refs/heads/")) {
912 rp_error("denying ref deletion for %s", name);
913 return "deletion prohibited";
916 if (!strcmp(namespaced_name, head_name)) {
917 switch (deny_delete_current) {
921 rp_warning("deleting the current branch");
924 case DENY_UNCONFIGURED:
925 case DENY_UPDATE_INSTEAD:
926 if (deny_delete_current == DENY_UNCONFIGURED)
927 refuse_unconfigured_deny_delete_current();
928 rp_error("refusing to delete the current branch: %s", name);
929 return "deletion of the current branch prohibited";
931 return "Invalid denyDeleteCurrent setting";
936 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
937 !is_null_sha1(old_sha1) &&
938 starts_with(name, "refs/heads/")) {
939 struct object *old_object, *new_object;
940 struct commit *old_commit, *new_commit;
942 old_object = parse_object(old_sha1);
943 new_object = parse_object(new_sha1);
945 if (!old_object || !new_object ||
946 old_object->type != OBJ_COMMIT ||
947 new_object->type != OBJ_COMMIT) {
948 error("bad sha1 objects for %s", name);
951 old_commit = (struct commit *)old_object;
952 new_commit = (struct commit *)new_object;
953 if (!in_merge_bases(old_commit, new_commit)) {
954 rp_error("denying non-fast-forward %s"
955 " (you should pull first)", name);
956 return "non-fast-forward";
959 if (run_update_hook(cmd)) {
960 rp_error("hook declined to update %s", name);
961 return "hook declined";
964 if (is_null_sha1(new_sha1)) {
965 struct strbuf err = STRBUF_INIT;
966 if (!parse_object(old_sha1)) {
968 if (ref_exists(name)) {
969 rp_warning("Allowing deletion of corrupt ref.");
971 rp_warning("Deleting a non-existent ref.");
972 cmd->did_not_exist = 1;
975 if (ref_transaction_delete(transaction,
979 rp_error("%s", err.buf);
980 strbuf_release(&err);
981 return "failed to delete";
983 strbuf_release(&err);
984 return NULL; /* good */
987 struct strbuf err = STRBUF_INIT;
988 if (shallow_update && si->shallow_ref[cmd->index] &&
989 update_shallow_ref(cmd, si))
990 return "shallow error";
992 if (ref_transaction_update(transaction,
997 rp_error("%s", err.buf);
998 strbuf_release(&err);
1000 return "failed to update ref";
1002 strbuf_release(&err);
1004 return NULL; /* good */
1008 static void run_update_post_hook(struct command *commands)
1010 struct command *cmd;
1013 struct child_process proc = CHILD_PROCESS_INIT;
1016 hook = find_hook("post-update");
1017 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1018 if (cmd->error_string || cmd->did_not_exist)
1025 argv = xmalloc(sizeof(*argv) * (2 + argc));
1028 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1029 if (cmd->error_string || cmd->did_not_exist)
1031 argv[argc] = xstrdup(cmd->ref_name);
1037 proc.stdout_to_stderr = 1;
1038 proc.err = use_sideband ? -1 : 0;
1041 if (!start_command(&proc)) {
1043 copy_to_sideband(proc.err, -1, NULL);
1044 finish_command(&proc);
1048 static void check_aliased_update(struct command *cmd, struct string_list *list)
1050 struct strbuf buf = STRBUF_INIT;
1051 const char *dst_name;
1052 struct string_list_item *item;
1053 struct command *dst_cmd;
1054 unsigned char sha1[20];
1055 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1058 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1059 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1060 strbuf_release(&buf);
1062 if (!(flag & REF_ISSYMREF))
1065 dst_name = strip_namespace(dst_name);
1067 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1068 cmd->skip_update = 1;
1069 cmd->error_string = "broken symref";
1073 if ((item = string_list_lookup(list, dst_name)) == NULL)
1076 cmd->skip_update = 1;
1078 dst_cmd = (struct command *) item->util;
1080 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1081 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1084 dst_cmd->skip_update = 1;
1086 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1087 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1088 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1089 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1090 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1091 " its target '%s' (%s..%s)",
1092 cmd->ref_name, cmd_oldh, cmd_newh,
1093 dst_cmd->ref_name, dst_oldh, dst_newh);
1095 cmd->error_string = dst_cmd->error_string =
1096 "inconsistent aliased update";
1099 static void check_aliased_updates(struct command *commands)
1101 struct command *cmd;
1102 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1104 for (cmd = commands; cmd; cmd = cmd->next) {
1105 struct string_list_item *item =
1106 string_list_append(&ref_list, cmd->ref_name);
1107 item->util = (void *)cmd;
1109 string_list_sort(&ref_list);
1111 for (cmd = commands; cmd; cmd = cmd->next) {
1112 if (!cmd->error_string)
1113 check_aliased_update(cmd, &ref_list);
1116 string_list_clear(&ref_list, 0);
1119 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1121 struct command **cmd_list = cb_data;
1122 struct command *cmd = *cmd_list;
1124 if (!cmd || is_null_sha1(cmd->new_sha1))
1125 return -1; /* end of list */
1126 *cmd_list = NULL; /* this returns only one */
1127 hashcpy(sha1, cmd->new_sha1);
1131 static void set_connectivity_errors(struct command *commands,
1132 struct shallow_info *si)
1134 struct command *cmd;
1136 for (cmd = commands; cmd; cmd = cmd->next) {
1137 struct command *singleton = cmd;
1138 if (shallow_update && si->shallow_ref[cmd->index])
1139 /* to be checked in update_shallow_ref() */
1141 if (!check_everything_connected(command_singleton_iterator,
1144 cmd->error_string = "missing necessary objects";
1148 struct iterate_data {
1149 struct command *cmds;
1150 struct shallow_info *si;
1153 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1155 struct iterate_data *data = cb_data;
1156 struct command **cmd_list = &data->cmds;
1157 struct command *cmd = *cmd_list;
1159 for (; cmd; cmd = cmd->next) {
1160 if (shallow_update && data->si->shallow_ref[cmd->index])
1161 /* to be checked in update_shallow_ref() */
1163 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1164 hashcpy(sha1, cmd->new_sha1);
1165 *cmd_list = cmd->next;
1170 return -1; /* end of list */
1173 static void reject_updates_to_hidden(struct command *commands)
1175 struct command *cmd;
1177 for (cmd = commands; cmd; cmd = cmd->next) {
1178 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1180 if (is_null_sha1(cmd->new_sha1))
1181 cmd->error_string = "deny deleting a hidden ref";
1183 cmd->error_string = "deny updating a hidden ref";
1187 static int should_process_cmd(struct command *cmd)
1189 return !cmd->error_string && !cmd->skip_update;
1192 static void warn_if_skipped_connectivity_check(struct command *commands,
1193 struct shallow_info *si)
1195 struct command *cmd;
1196 int checked_connectivity = 1;
1198 for (cmd = commands; cmd; cmd = cmd->next) {
1199 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1200 error("BUG: connectivity check has not been run on ref %s",
1202 checked_connectivity = 0;
1205 if (!checked_connectivity)
1206 die("BUG: connectivity check skipped???");
1209 static void execute_commands_non_atomic(struct command *commands,
1210 struct shallow_info *si)
1212 struct command *cmd;
1213 struct strbuf err = STRBUF_INIT;
1215 for (cmd = commands; cmd; cmd = cmd->next) {
1216 if (!should_process_cmd(cmd))
1219 transaction = ref_transaction_begin(&err);
1221 rp_error("%s", err.buf);
1223 cmd->error_string = "transaction failed to start";
1227 cmd->error_string = update(cmd, si);
1229 if (!cmd->error_string
1230 && ref_transaction_commit(transaction, &err)) {
1231 rp_error("%s", err.buf);
1233 cmd->error_string = "failed to update ref";
1235 ref_transaction_free(transaction);
1237 strbuf_release(&err);
1240 static void execute_commands_atomic(struct command *commands,
1241 struct shallow_info *si)
1243 struct command *cmd;
1244 struct strbuf err = STRBUF_INIT;
1245 const char *reported_error = "atomic push failure";
1247 transaction = ref_transaction_begin(&err);
1249 rp_error("%s", err.buf);
1251 reported_error = "transaction failed to start";
1255 for (cmd = commands; cmd; cmd = cmd->next) {
1256 if (!should_process_cmd(cmd))
1259 cmd->error_string = update(cmd, si);
1261 if (cmd->error_string)
1265 if (ref_transaction_commit(transaction, &err)) {
1266 rp_error("%s", err.buf);
1267 reported_error = "atomic transaction failed";
1273 for (cmd = commands; cmd; cmd = cmd->next)
1274 if (!cmd->error_string)
1275 cmd->error_string = reported_error;
1278 ref_transaction_free(transaction);
1279 strbuf_release(&err);
1282 static void execute_commands(struct command *commands,
1283 const char *unpacker_error,
1284 struct shallow_info *si)
1286 struct command *cmd;
1287 unsigned char sha1[20];
1288 struct iterate_data data;
1290 if (unpacker_error) {
1291 for (cmd = commands; cmd; cmd = cmd->next)
1292 cmd->error_string = "unpacker error";
1296 data.cmds = commands;
1298 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1299 set_connectivity_errors(commands, si);
1301 reject_updates_to_hidden(commands);
1303 if (run_receive_hook(commands, "pre-receive", 0)) {
1304 for (cmd = commands; cmd; cmd = cmd->next) {
1305 if (!cmd->error_string)
1306 cmd->error_string = "pre-receive hook declined";
1311 check_aliased_updates(commands);
1313 free(head_name_to_free);
1314 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1317 execute_commands_atomic(commands, si);
1319 execute_commands_non_atomic(commands, si);
1322 warn_if_skipped_connectivity_check(commands, si);
1325 static struct command **queue_command(struct command **tail,
1329 unsigned char old_sha1[20], new_sha1[20];
1330 struct command *cmd;
1331 const char *refname;
1337 get_sha1_hex(line, old_sha1) ||
1338 get_sha1_hex(line + 41, new_sha1))
1339 die("protocol error: expected old/new/ref, got '%s'", line);
1341 refname = line + 82;
1342 reflen = linelen - 82;
1343 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1344 hashcpy(cmd->old_sha1, old_sha1);
1345 hashcpy(cmd->new_sha1, new_sha1);
1346 memcpy(cmd->ref_name, refname, reflen);
1347 cmd->ref_name[reflen] = '\0';
1352 static void queue_commands_from_cert(struct command **tail,
1353 struct strbuf *push_cert)
1355 const char *boc, *eoc;
1358 die("protocol error: got both push certificate and unsigned commands");
1360 boc = strstr(push_cert->buf, "\n\n");
1362 die("malformed push certificate %.*s", 100, push_cert->buf);
1365 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1368 const char *eol = memchr(boc, '\n', eoc - boc);
1369 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1370 boc = eol ? eol + 1 : eoc;
1374 static struct command *read_head_info(struct sha1_array *shallow)
1376 struct command *commands = NULL;
1377 struct command **p = &commands;
1382 line = packet_read_line(0, &len);
1386 if (len == 48 && starts_with(line, "shallow ")) {
1387 unsigned char sha1[20];
1388 if (get_sha1_hex(line + 8, sha1))
1389 die("protocol error: expected shallow sha, got '%s'",
1391 sha1_array_append(shallow, sha1);
1395 linelen = strlen(line);
1396 if (linelen < len) {
1397 const char *feature_list = line + linelen + 1;
1398 if (parse_feature_request(feature_list, "report-status"))
1400 if (parse_feature_request(feature_list, "side-band-64k"))
1401 use_sideband = LARGE_PACKET_MAX;
1402 if (parse_feature_request(feature_list, "quiet"))
1404 if (advertise_atomic_push
1405 && parse_feature_request(feature_list, "atomic"))
1409 if (!strcmp(line, "push-cert")) {
1414 len = packet_read(0, NULL, NULL,
1415 certbuf, sizeof(certbuf), 0);
1420 if (!strcmp(certbuf, "push-cert-end\n"))
1421 break; /* end of cert */
1422 strbuf_addstr(&push_cert, certbuf);
1430 p = queue_command(p, line, linelen);
1434 queue_commands_from_cert(p, &push_cert);
1439 static const char *parse_pack_header(struct pack_header *hdr)
1441 switch (read_pack_header(0, hdr)) {
1443 return "eof before pack header was fully read";
1445 case PH_ERROR_PACK_SIGNATURE:
1446 return "protocol error (pack signature mismatch detected)";
1448 case PH_ERROR_PROTOCOL:
1449 return "protocol error (pack version unsupported)";
1452 return "unknown error in parse_pack_header";
1459 static const char *pack_lockfile;
1461 static const char *unpack(int err_fd, struct shallow_info *si)
1463 struct pack_header hdr;
1464 const char *hdr_err;
1467 struct child_process child = CHILD_PROCESS_INIT;
1468 int fsck_objects = (receive_fsck_objects >= 0
1469 ? receive_fsck_objects
1470 : transfer_fsck_objects >= 0
1471 ? transfer_fsck_objects
1474 hdr_err = parse_pack_header(&hdr);
1480 snprintf(hdr_arg, sizeof(hdr_arg),
1481 "--pack_header=%"PRIu32",%"PRIu32,
1482 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1484 if (si->nr_ours || si->nr_theirs) {
1485 alt_shallow_file = setup_temporary_shallow(si->shallow);
1486 argv_array_push(&child.args, "--shallow-file");
1487 argv_array_push(&child.args, alt_shallow_file);
1490 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1491 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1493 argv_array_push(&child.args, "-q");
1495 argv_array_push(&child.args, "--strict");
1496 child.no_stdout = 1;
1499 status = run_command(&child);
1501 return "unpack-objects abnormal exit";
1506 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1507 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1508 strcpy(keep_arg + s, "localhost");
1510 argv_array_pushl(&child.args, "index-pack",
1511 "--stdin", hdr_arg, keep_arg, NULL);
1513 argv_array_push(&child.args, "--strict");
1515 argv_array_push(&child.args, "--fix-thin");
1519 status = start_command(&child);
1521 return "index-pack fork failed";
1522 pack_lockfile = index_pack_lockfile(child.out);
1524 status = finish_command(&child);
1526 return "index-pack abnormal exit";
1527 reprepare_packed_git();
1532 static const char *unpack_with_sideband(struct shallow_info *si)
1538 return unpack(0, si);
1540 memset(&muxer, 0, sizeof(muxer));
1541 muxer.proc = copy_to_sideband;
1543 if (start_async(&muxer))
1546 ret = unpack(muxer.in, si);
1548 finish_async(&muxer);
1552 static void prepare_shallow_update(struct command *commands,
1553 struct shallow_info *si)
1555 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1557 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1559 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1561 si->need_reachability_test =
1562 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1564 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1565 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1567 for (i = 0; i < si->nr_ours; i++)
1568 si->need_reachability_test[si->ours[i]] = 1;
1570 for (i = 0; i < si->shallow->nr; i++) {
1571 if (!si->used_shallow[i])
1573 for (j = 0; j < bitmap_size; j++) {
1574 if (!si->used_shallow[i][j])
1576 si->need_reachability_test[i]++;
1577 for (k = 0; k < 32; k++)
1578 if (si->used_shallow[i][j] & (1 << k))
1579 si->shallow_ref[j * 32 + k]++;
1583 * true for those associated with some refs and belong
1584 * in "ours" list aka "step 7 not done yet"
1586 si->need_reachability_test[i] =
1587 si->need_reachability_test[i] > 1;
1591 * keep hooks happy by forcing a temporary shallow file via
1592 * env variable because we can't add --shallow-file to every
1593 * command. check_everything_connected() will be done with
1594 * true .git/shallow though.
1596 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1599 static void update_shallow_info(struct command *commands,
1600 struct shallow_info *si,
1601 struct sha1_array *ref)
1603 struct command *cmd;
1605 remove_nonexistent_theirs_shallow(si);
1606 if (!si->nr_ours && !si->nr_theirs) {
1611 for (cmd = commands; cmd; cmd = cmd->next) {
1612 if (is_null_sha1(cmd->new_sha1))
1614 sha1_array_append(ref, cmd->new_sha1);
1615 cmd->index = ref->nr - 1;
1619 if (shallow_update) {
1620 prepare_shallow_update(commands, si);
1624 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1625 assign_shallow_commits_to_refs(si, NULL, ref_status);
1626 for (cmd = commands; cmd; cmd = cmd->next) {
1627 if (is_null_sha1(cmd->new_sha1))
1629 if (ref_status[cmd->index]) {
1630 cmd->error_string = "shallow update not allowed";
1631 cmd->skip_update = 1;
1637 static void report(struct command *commands, const char *unpack_status)
1639 struct command *cmd;
1640 struct strbuf buf = STRBUF_INIT;
1642 packet_buf_write(&buf, "unpack %s\n",
1643 unpack_status ? unpack_status : "ok");
1644 for (cmd = commands; cmd; cmd = cmd->next) {
1645 if (!cmd->error_string)
1646 packet_buf_write(&buf, "ok %s\n",
1649 packet_buf_write(&buf, "ng %s %s\n",
1650 cmd->ref_name, cmd->error_string);
1652 packet_buf_flush(&buf);
1655 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1657 write_or_die(1, buf.buf, buf.len);
1658 strbuf_release(&buf);
1661 static int delete_only(struct command *commands)
1663 struct command *cmd;
1664 for (cmd = commands; cmd; cmd = cmd->next) {
1665 if (!is_null_sha1(cmd->new_sha1))
1671 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1673 int advertise_refs = 0;
1675 struct command *commands;
1676 struct sha1_array shallow = SHA1_ARRAY_INIT;
1677 struct sha1_array ref = SHA1_ARRAY_INIT;
1678 struct shallow_info si;
1680 packet_trace_identity("receive-pack");
1683 for (i = 1; i < argc; i++) {
1684 const char *arg = *argv++;
1687 if (!strcmp(arg, "--quiet")) {
1692 if (!strcmp(arg, "--advertise-refs")) {
1696 if (!strcmp(arg, "--stateless-rpc")) {
1700 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1705 usage(receive_pack_usage);
1708 usage(receive_pack_usage);
1712 usage(receive_pack_usage);
1716 if (!enter_repo(service_dir, 0))
1717 die("'%s' does not appear to be a git repository", service_dir);
1719 git_config(receive_pack_config, NULL);
1720 if (cert_nonce_seed)
1721 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1723 if (0 <= transfer_unpack_limit)
1724 unpack_limit = transfer_unpack_limit;
1725 else if (0 <= receive_unpack_limit)
1726 unpack_limit = receive_unpack_limit;
1728 if (advertise_refs || !stateless_rpc) {
1734 if ((commands = read_head_info(&shallow)) != NULL) {
1735 const char *unpack_status = NULL;
1737 prepare_shallow_info(&si, &shallow);
1738 if (!si.nr_ours && !si.nr_theirs)
1740 if (!delete_only(commands)) {
1741 unpack_status = unpack_with_sideband(&si);
1742 update_shallow_info(commands, &si, &ref);
1744 execute_commands(commands, unpack_status, &si);
1746 unlink_or_warn(pack_lockfile);
1748 report(commands, unpack_status);
1749 run_receive_hook(commands, "post-receive", 1);
1750 run_update_post_hook(commands);
1752 const char *argv_gc_auto[] = {
1753 "gc", "--auto", "--quiet", NULL,
1755 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1756 run_command_v_opt(argv_gc_auto, opt);
1758 if (auto_update_server_info)
1759 update_server_info(0);
1760 clear_shallow_info(&si);
1764 sha1_array_clear(&shallow);
1765 sha1_array_clear(&ref);
1766 free((void *)push_cert_nonce);
projects / git / blob