Sync with 2.27.1
[git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "lockfile.h"
5 #include "pack.h"
6 #include "refs.h"
7 #include "pkt-line.h"
8 #include "sideband.h"
9 #include "run-command.h"
10 #include "exec-cmd.h"
11 #include "commit.h"
12 #include "object.h"
13 #include "remote.h"
14 #include "connect.h"
15 #include "string-list.h"
16 #include "oid-array.h"
17 #include "connected.h"
18 #include "argv-array.h"
19 #include "version.h"
20 #include "tag.h"
21 #include "gpg-interface.h"
22 #include "sigchain.h"
23 #include "fsck.h"
24 #include "tmp-objdir.h"
25 #include "oidset.h"
26 #include "packfile.h"
27 #include "object-store.h"
28 #include "protocol.h"
29 #include "commit-reach.h"
30 #include "worktree.h"
31 #include "shallow.h"
32
33 static const char * const receive_pack_usage[] = {
34         N_("git receive-pack <git-dir>"),
35         NULL
36 };
37
38 enum deny_action {
39         DENY_UNCONFIGURED,
40         DENY_IGNORE,
41         DENY_WARN,
42         DENY_REFUSE,
43         DENY_UPDATE_INSTEAD
44 };
45
46 static int deny_deletes;
47 static int deny_non_fast_forwards;
48 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
49 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
50 static int receive_fsck_objects = -1;
51 static int transfer_fsck_objects = -1;
52 static struct strbuf fsck_msg_types = STRBUF_INIT;
53 static int receive_unpack_limit = -1;
54 static int transfer_unpack_limit = -1;
55 static int advertise_atomic_push = 1;
56 static int advertise_push_options;
57 static int unpack_limit = 100;
58 static off_t max_input_size;
59 static int report_status;
60 static int use_sideband;
61 static int use_atomic;
62 static int use_push_options;
63 static int quiet;
64 static int prefer_ofs_delta = 1;
65 static int auto_update_server_info;
66 static int auto_gc = 1;
67 static int reject_thin;
68 static int stateless_rpc;
69 static const char *service_dir;
70 static const char *head_name;
71 static void *head_name_to_free;
72 static int sent_capabilities;
73 static int shallow_update;
74 static const char *alt_shallow_file;
75 static struct strbuf push_cert = STRBUF_INIT;
76 static struct object_id push_cert_oid;
77 static struct signature_check sigcheck;
78 static const char *push_cert_nonce;
79 static const char *cert_nonce_seed;
80
81 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
82 static const char *NONCE_BAD = "BAD";
83 static const char *NONCE_MISSING = "MISSING";
84 static const char *NONCE_OK = "OK";
85 static const char *NONCE_SLOP = "SLOP";
86 static const char *nonce_status;
87 static long nonce_stamp_slop;
88 static timestamp_t nonce_stamp_slop_limit;
89 static struct ref_transaction *transaction;
90
91 static enum {
92         KEEPALIVE_NEVER = 0,
93         KEEPALIVE_AFTER_NUL,
94         KEEPALIVE_ALWAYS
95 } use_keepalive;
96 static int keepalive_in_sec = 5;
97
98 static struct tmp_objdir *tmp_objdir;
99
100 static enum deny_action parse_deny_action(const char *var, const char *value)
101 {
102         if (value) {
103                 if (!strcasecmp(value, "ignore"))
104                         return DENY_IGNORE;
105                 if (!strcasecmp(value, "warn"))
106                         return DENY_WARN;
107                 if (!strcasecmp(value, "refuse"))
108                         return DENY_REFUSE;
109                 if (!strcasecmp(value, "updateinstead"))
110                         return DENY_UPDATE_INSTEAD;
111         }
112         if (git_config_bool(var, value))
113                 return DENY_REFUSE;
114         return DENY_IGNORE;
115 }
116
117 static int receive_pack_config(const char *var, const char *value, void *cb)
118 {
119         int status = parse_hide_refs_config(var, value, "receive");
120
121         if (status)
122                 return status;
123
124         if (strcmp(var, "receive.denydeletes") == 0) {
125                 deny_deletes = git_config_bool(var, value);
126                 return 0;
127         }
128
129         if (strcmp(var, "receive.denynonfastforwards") == 0) {
130                 deny_non_fast_forwards = git_config_bool(var, value);
131                 return 0;
132         }
133
134         if (strcmp(var, "receive.unpacklimit") == 0) {
135                 receive_unpack_limit = git_config_int(var, value);
136                 return 0;
137         }
138
139         if (strcmp(var, "transfer.unpacklimit") == 0) {
140                 transfer_unpack_limit = git_config_int(var, value);
141                 return 0;
142         }
143
144         if (strcmp(var, "receive.fsck.skiplist") == 0) {
145                 const char *path;
146
147                 if (git_config_pathname(&path, var, value))
148                         return 1;
149                 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
150                         fsck_msg_types.len ? ',' : '=', path);
151                 free((char *)path);
152                 return 0;
153         }
154
155         if (skip_prefix(var, "receive.fsck.", &var)) {
156                 if (is_valid_msg_type(var, value))
157                         strbuf_addf(&fsck_msg_types, "%c%s=%s",
158                                 fsck_msg_types.len ? ',' : '=', var, value);
159                 else
160                         warning("Skipping unknown msg id '%s'", var);
161                 return 0;
162         }
163
164         if (strcmp(var, "receive.fsckobjects") == 0) {
165                 receive_fsck_objects = git_config_bool(var, value);
166                 return 0;
167         }
168
169         if (strcmp(var, "transfer.fsckobjects") == 0) {
170                 transfer_fsck_objects = git_config_bool(var, value);
171                 return 0;
172         }
173
174         if (!strcmp(var, "receive.denycurrentbranch")) {
175                 deny_current_branch = parse_deny_action(var, value);
176                 return 0;
177         }
178
179         if (strcmp(var, "receive.denydeletecurrent") == 0) {
180                 deny_delete_current = parse_deny_action(var, value);
181                 return 0;
182         }
183
184         if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
185                 prefer_ofs_delta = git_config_bool(var, value);
186                 return 0;
187         }
188
189         if (strcmp(var, "receive.updateserverinfo") == 0) {
190                 auto_update_server_info = git_config_bool(var, value);
191                 return 0;
192         }
193
194         if (strcmp(var, "receive.autogc") == 0) {
195                 auto_gc = git_config_bool(var, value);
196                 return 0;
197         }
198
199         if (strcmp(var, "receive.shallowupdate") == 0) {
200                 shallow_update = git_config_bool(var, value);
201                 return 0;
202         }
203
204         if (strcmp(var, "receive.certnonceseed") == 0)
205                 return git_config_string(&cert_nonce_seed, var, value);
206
207         if (strcmp(var, "receive.certnonceslop") == 0) {
208                 nonce_stamp_slop_limit = git_config_ulong(var, value);
209                 return 0;
210         }
211
212         if (strcmp(var, "receive.advertiseatomic") == 0) {
213                 advertise_atomic_push = git_config_bool(var, value);
214                 return 0;
215         }
216
217         if (strcmp(var, "receive.advertisepushoptions") == 0) {
218                 advertise_push_options = git_config_bool(var, value);
219                 return 0;
220         }
221
222         if (strcmp(var, "receive.keepalive") == 0) {
223                 keepalive_in_sec = git_config_int(var, value);
224                 return 0;
225         }
226
227         if (strcmp(var, "receive.maxinputsize") == 0) {
228                 max_input_size = git_config_int64(var, value);
229                 return 0;
230         }
231
232         return git_default_config(var, value, cb);
233 }
234
235 static void show_ref(const char *path, const struct object_id *oid)
236 {
237         if (sent_capabilities) {
238                 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
239         } else {
240                 struct strbuf cap = STRBUF_INIT;
241
242                 strbuf_addstr(&cap,
243                               "report-status delete-refs side-band-64k quiet");
244                 if (advertise_atomic_push)
245                         strbuf_addstr(&cap, " atomic");
246                 if (prefer_ofs_delta)
247                         strbuf_addstr(&cap, " ofs-delta");
248                 if (push_cert_nonce)
249                         strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
250                 if (advertise_push_options)
251                         strbuf_addstr(&cap, " push-options");
252                 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name);
253                 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
254                 packet_write_fmt(1, "%s %s%c%s\n",
255                              oid_to_hex(oid), path, 0, cap.buf);
256                 strbuf_release(&cap);
257                 sent_capabilities = 1;
258         }
259 }
260
261 static int show_ref_cb(const char *path_full, const struct object_id *oid,
262                        int flag, void *data)
263 {
264         struct oidset *seen = data;
265         const char *path = strip_namespace(path_full);
266
267         if (ref_is_hidden(path, path_full))
268                 return 0;
269
270         /*
271          * Advertise refs outside our current namespace as ".have"
272          * refs, so that the client can use them to minimize data
273          * transfer but will otherwise ignore them.
274          */
275         if (!path) {
276                 if (oidset_insert(seen, oid))
277                         return 0;
278                 path = ".have";
279         } else {
280                 oidset_insert(seen, oid);
281         }
282         show_ref(path, oid);
283         return 0;
284 }
285
286 static void show_one_alternate_ref(const struct object_id *oid,
287                                    void *data)
288 {
289         struct oidset *seen = data;
290
291         if (oidset_insert(seen, oid))
292                 return;
293
294         show_ref(".have", oid);
295 }
296
297 static void write_head_info(void)
298 {
299         static struct oidset seen = OIDSET_INIT;
300
301         for_each_ref(show_ref_cb, &seen);
302         for_each_alternate_ref(show_one_alternate_ref, &seen);
303         oidset_clear(&seen);
304         if (!sent_capabilities)
305                 show_ref("capabilities^{}", &null_oid);
306
307         advertise_shallow_grafts(1);
308
309         /* EOF */
310         packet_flush(1);
311 }
312
313 struct command {
314         struct command *next;
315         const char *error_string;
316         unsigned int skip_update:1,
317                      did_not_exist:1;
318         int index;
319         struct object_id old_oid;
320         struct object_id new_oid;
321         char ref_name[FLEX_ARRAY]; /* more */
322 };
323
324 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
325 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
326
327 static void report_message(const char *prefix, const char *err, va_list params)
328 {
329         int sz;
330         char msg[4096];
331
332         sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
333         sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
334         if (sz > (sizeof(msg) - 1))
335                 sz = sizeof(msg) - 1;
336         msg[sz++] = '\n';
337
338         if (use_sideband)
339                 send_sideband(1, 2, msg, sz, use_sideband);
340         else
341                 xwrite(2, msg, sz);
342 }
343
344 static void rp_warning(const char *err, ...)
345 {
346         va_list params;
347         va_start(params, err);
348         report_message("warning: ", err, params);
349         va_end(params);
350 }
351
352 static void rp_error(const char *err, ...)
353 {
354         va_list params;
355         va_start(params, err);
356         report_message("error: ", err, params);
357         va_end(params);
358 }
359
360 static int copy_to_sideband(int in, int out, void *arg)
361 {
362         char data[128];
363         int keepalive_active = 0;
364
365         if (keepalive_in_sec <= 0)
366                 use_keepalive = KEEPALIVE_NEVER;
367         if (use_keepalive == KEEPALIVE_ALWAYS)
368                 keepalive_active = 1;
369
370         while (1) {
371                 ssize_t sz;
372
373                 if (keepalive_active) {
374                         struct pollfd pfd;
375                         int ret;
376
377                         pfd.fd = in;
378                         pfd.events = POLLIN;
379                         ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
380
381                         if (ret < 0) {
382                                 if (errno == EINTR)
383                                         continue;
384                                 else
385                                         break;
386                         } else if (ret == 0) {
387                                 /* no data; send a keepalive packet */
388                                 static const char buf[] = "0005\1";
389                                 write_or_die(1, buf, sizeof(buf) - 1);
390                                 continue;
391                         } /* else there is actual data to read */
392                 }
393
394                 sz = xread(in, data, sizeof(data));
395                 if (sz <= 0)
396                         break;
397
398                 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
399                         const char *p = memchr(data, '\0', sz);
400                         if (p) {
401                                 /*
402                                  * The NUL tells us to start sending keepalives. Make
403                                  * sure we send any other data we read along
404                                  * with it.
405                                  */
406                                 keepalive_active = 1;
407                                 send_sideband(1, 2, data, p - data, use_sideband);
408                                 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
409                                 continue;
410                         }
411                 }
412
413                 /*
414                  * Either we're not looking for a NUL signal, or we didn't see
415                  * it yet; just pass along the data.
416                  */
417                 send_sideband(1, 2, data, sz, use_sideband);
418         }
419         close(in);
420         return 0;
421 }
422
423 static void hmac_hash(unsigned char *out,
424                       const char *key_in, size_t key_len,
425                       const char *text, size_t text_len)
426 {
427         unsigned char key[GIT_MAX_BLKSZ];
428         unsigned char k_ipad[GIT_MAX_BLKSZ];
429         unsigned char k_opad[GIT_MAX_BLKSZ];
430         int i;
431         git_hash_ctx ctx;
432
433         /* RFC 2104 2. (1) */
434         memset(key, '\0', GIT_MAX_BLKSZ);
435         if (the_hash_algo->blksz < key_len) {
436                 the_hash_algo->init_fn(&ctx);
437                 the_hash_algo->update_fn(&ctx, key_in, key_len);
438                 the_hash_algo->final_fn(key, &ctx);
439         } else {
440                 memcpy(key, key_in, key_len);
441         }
442
443         /* RFC 2104 2. (2) & (5) */
444         for (i = 0; i < sizeof(key); i++) {
445                 k_ipad[i] = key[i] ^ 0x36;
446                 k_opad[i] = key[i] ^ 0x5c;
447         }
448
449         /* RFC 2104 2. (3) & (4) */
450         the_hash_algo->init_fn(&ctx);
451         the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad));
452         the_hash_algo->update_fn(&ctx, text, text_len);
453         the_hash_algo->final_fn(out, &ctx);
454
455         /* RFC 2104 2. (6) & (7) */
456         the_hash_algo->init_fn(&ctx);
457         the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad));
458         the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz);
459         the_hash_algo->final_fn(out, &ctx);
460 }
461
462 static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
463 {
464         struct strbuf buf = STRBUF_INIT;
465         unsigned char hash[GIT_MAX_RAWSZ];
466
467         strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
468         hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));
469         strbuf_release(&buf);
470
471         /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
472         strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
473         return strbuf_detach(&buf, NULL);
474 }
475
476 /*
477  * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
478  * after dropping "_commit" from its name and possibly moving it out
479  * of commit.c
480  */
481 static char *find_header(const char *msg, size_t len, const char *key,
482                          const char **next_line)
483 {
484         int key_len = strlen(key);
485         const char *line = msg;
486
487         while (line && line < msg + len) {
488                 const char *eol = strchrnul(line, '\n');
489
490                 if ((msg + len <= eol) || line == eol)
491                         return NULL;
492                 if (line + key_len < eol &&
493                     !memcmp(line, key, key_len) && line[key_len] == ' ') {
494                         int offset = key_len + 1;
495                         if (next_line)
496                                 *next_line = *eol ? eol + 1 : eol;
497                         return xmemdupz(line + offset, (eol - line) - offset);
498                 }
499                 line = *eol ? eol + 1 : NULL;
500         }
501         return NULL;
502 }
503
504 /*
505  * Return zero if a and b are equal up to n bytes and nonzero if they are not.
506  * This operation is guaranteed to run in constant time to avoid leaking data.
507  */
508 static int constant_memequal(const char *a, const char *b, size_t n)
509 {
510         int res = 0;
511         size_t i;
512
513         for (i = 0; i < n; i++)
514                 res |= a[i] ^ b[i];
515         return res;
516 }
517
518 static const char *check_nonce(const char *buf, size_t len)
519 {
520         char *nonce = find_header(buf, len, "nonce", NULL);
521         timestamp_t stamp, ostamp;
522         char *bohmac, *expect = NULL;
523         const char *retval = NONCE_BAD;
524         size_t noncelen;
525
526         if (!nonce) {
527                 retval = NONCE_MISSING;
528                 goto leave;
529         } else if (!push_cert_nonce) {
530                 retval = NONCE_UNSOLICITED;
531                 goto leave;
532         } else if (!strcmp(push_cert_nonce, nonce)) {
533                 retval = NONCE_OK;
534                 goto leave;
535         }
536
537         if (!stateless_rpc) {
538                 /* returned nonce MUST match what we gave out earlier */
539                 retval = NONCE_BAD;
540                 goto leave;
541         }
542
543         /*
544          * In stateless mode, we may be receiving a nonce issued by
545          * another instance of the server that serving the same
546          * repository, and the timestamps may not match, but the
547          * nonce-seed and dir should match, so we can recompute and
548          * report the time slop.
549          *
550          * In addition, when a nonce issued by another instance has
551          * timestamp within receive.certnonceslop seconds, we pretend
552          * as if we issued that nonce when reporting to the hook.
553          */
554
555         /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
556         if (*nonce <= '0' || '9' < *nonce) {
557                 retval = NONCE_BAD;
558                 goto leave;
559         }
560         stamp = parse_timestamp(nonce, &bohmac, 10);
561         if (bohmac == nonce || bohmac[0] != '-') {
562                 retval = NONCE_BAD;
563                 goto leave;
564         }
565
566         noncelen = strlen(nonce);
567         expect = prepare_push_cert_nonce(service_dir, stamp);
568         if (noncelen != strlen(expect)) {
569                 /* This is not even the right size. */
570                 retval = NONCE_BAD;
571                 goto leave;
572         }
573         if (constant_memequal(expect, nonce, noncelen)) {
574                 /* Not what we would have signed earlier */
575                 retval = NONCE_BAD;
576                 goto leave;
577         }
578
579         /*
580          * By how many seconds is this nonce stale?  Negative value
581          * would mean it was issued by another server with its clock
582          * skewed in the future.
583          */
584         ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
585         nonce_stamp_slop = (long)ostamp - (long)stamp;
586
587         if (nonce_stamp_slop_limit &&
588             labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
589                 /*
590                  * Pretend as if the received nonce (which passes the
591                  * HMAC check, so it is not a forged by third-party)
592                  * is what we issued.
593                  */
594                 free((void *)push_cert_nonce);
595                 push_cert_nonce = xstrdup(nonce);
596                 retval = NONCE_OK;
597         } else {
598                 retval = NONCE_SLOP;
599         }
600
601 leave:
602         free(nonce);
603         free(expect);
604         return retval;
605 }
606
607 /*
608  * Return 1 if there is no push_cert or if the push options in push_cert are
609  * the same as those in the argument; 0 otherwise.
610  */
611 static int check_cert_push_options(const struct string_list *push_options)
612 {
613         const char *buf = push_cert.buf;
614         int len = push_cert.len;
615
616         char *option;
617         const char *next_line;
618         int options_seen = 0;
619
620         int retval = 1;
621
622         if (!len)
623                 return 1;
624
625         while ((option = find_header(buf, len, "push-option", &next_line))) {
626                 len -= (next_line - buf);
627                 buf = next_line;
628                 options_seen++;
629                 if (options_seen > push_options->nr
630                     || strcmp(option,
631                               push_options->items[options_seen - 1].string)) {
632                         retval = 0;
633                         goto leave;
634                 }
635                 free(option);
636         }
637
638         if (options_seen != push_options->nr)
639                 retval = 0;
640
641 leave:
642         free(option);
643         return retval;
644 }
645
646 static void prepare_push_cert_sha1(struct child_process *proc)
647 {
648         static int already_done;
649
650         if (!push_cert.len)
651                 return;
652
653         if (!already_done) {
654                 int bogs /* beginning_of_gpg_sig */;
655
656                 already_done = 1;
657                 if (write_object_file(push_cert.buf, push_cert.len, "blob",
658                                       &push_cert_oid))
659                         oidclr(&push_cert_oid);
660
661                 memset(&sigcheck, '\0', sizeof(sigcheck));
662
663                 bogs = parse_signature(push_cert.buf, push_cert.len);
664                 check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
665                                 push_cert.len - bogs, &sigcheck);
666
667                 nonce_status = check_nonce(push_cert.buf, bogs);
668         }
669         if (!is_null_oid(&push_cert_oid)) {
670                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
671                                  oid_to_hex(&push_cert_oid));
672                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
673                                  sigcheck.signer ? sigcheck.signer : "");
674                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
675                                  sigcheck.key ? sigcheck.key : "");
676                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
677                                  sigcheck.result);
678                 if (push_cert_nonce) {
679                         argv_array_pushf(&proc->env_array,
680                                          "GIT_PUSH_CERT_NONCE=%s",
681                                          push_cert_nonce);
682                         argv_array_pushf(&proc->env_array,
683                                          "GIT_PUSH_CERT_NONCE_STATUS=%s",
684                                          nonce_status);
685                         if (nonce_status == NONCE_SLOP)
686                                 argv_array_pushf(&proc->env_array,
687                                                  "GIT_PUSH_CERT_NONCE_SLOP=%ld",
688                                                  nonce_stamp_slop);
689                 }
690         }
691 }
692
693 struct receive_hook_feed_state {
694         struct command *cmd;
695         int skip_broken;
696         struct strbuf buf;
697         const struct string_list *push_options;
698 };
699
700 typedef int (*feed_fn)(void *, const char **, size_t *);
701 static int run_and_feed_hook(const char *hook_name, feed_fn feed,
702                              struct receive_hook_feed_state *feed_state)
703 {
704         struct child_process proc = CHILD_PROCESS_INIT;
705         struct async muxer;
706         const char *argv[2];
707         int code;
708
709         argv[0] = find_hook(hook_name);
710         if (!argv[0])
711                 return 0;
712
713         argv[1] = NULL;
714
715         proc.argv = argv;
716         proc.in = -1;
717         proc.stdout_to_stderr = 1;
718         proc.trace2_hook_name = hook_name;
719
720         if (feed_state->push_options) {
721                 int i;
722                 for (i = 0; i < feed_state->push_options->nr; i++)
723                         argv_array_pushf(&proc.env_array,
724                                 "GIT_PUSH_OPTION_%d=%s", i,
725                                 feed_state->push_options->items[i].string);
726                 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
727                                  feed_state->push_options->nr);
728         } else
729                 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
730
731         if (tmp_objdir)
732                 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
733
734         if (use_sideband) {
735                 memset(&muxer, 0, sizeof(muxer));
736                 muxer.proc = copy_to_sideband;
737                 muxer.in = -1;
738                 code = start_async(&muxer);
739                 if (code)
740                         return code;
741                 proc.err = muxer.in;
742         }
743
744         prepare_push_cert_sha1(&proc);
745
746         code = start_command(&proc);
747         if (code) {
748                 if (use_sideband)
749                         finish_async(&muxer);
750                 return code;
751         }
752
753         sigchain_push(SIGPIPE, SIG_IGN);
754
755         while (1) {
756                 const char *buf;
757                 size_t n;
758                 if (feed(feed_state, &buf, &n))
759                         break;
760                 if (write_in_full(proc.in, buf, n) < 0)
761                         break;
762         }
763         close(proc.in);
764         if (use_sideband)
765                 finish_async(&muxer);
766
767         sigchain_pop(SIGPIPE);
768
769         return finish_command(&proc);
770 }
771
772 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
773 {
774         struct receive_hook_feed_state *state = state_;
775         struct command *cmd = state->cmd;
776
777         while (cmd &&
778                state->skip_broken && (cmd->error_string || cmd->did_not_exist))
779                 cmd = cmd->next;
780         if (!cmd)
781                 return -1; /* EOF */
782         strbuf_reset(&state->buf);
783         strbuf_addf(&state->buf, "%s %s %s\n",
784                     oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
785                     cmd->ref_name);
786         state->cmd = cmd->next;
787         if (bufp) {
788                 *bufp = state->buf.buf;
789                 *sizep = state->buf.len;
790         }
791         return 0;
792 }
793
794 static int run_receive_hook(struct command *commands,
795                             const char *hook_name,
796                             int skip_broken,
797                             const struct string_list *push_options)
798 {
799         struct receive_hook_feed_state state;
800         int status;
801
802         strbuf_init(&state.buf, 0);
803         state.cmd = commands;
804         state.skip_broken = skip_broken;
805         if (feed_receive_hook(&state, NULL, NULL))
806                 return 0;
807         state.cmd = commands;
808         state.push_options = push_options;
809         status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
810         strbuf_release(&state.buf);
811         return status;
812 }
813
814 static int run_update_hook(struct command *cmd)
815 {
816         const char *argv[5];
817         struct child_process proc = CHILD_PROCESS_INIT;
818         int code;
819
820         argv[0] = find_hook("update");
821         if (!argv[0])
822                 return 0;
823
824         argv[1] = cmd->ref_name;
825         argv[2] = oid_to_hex(&cmd->old_oid);
826         argv[3] = oid_to_hex(&cmd->new_oid);
827         argv[4] = NULL;
828
829         proc.no_stdin = 1;
830         proc.stdout_to_stderr = 1;
831         proc.err = use_sideband ? -1 : 0;
832         proc.argv = argv;
833         proc.trace2_hook_name = "update";
834
835         code = start_command(&proc);
836         if (code)
837                 return code;
838         if (use_sideband)
839                 copy_to_sideband(proc.err, -1, NULL);
840         return finish_command(&proc);
841 }
842
843 static char *refuse_unconfigured_deny_msg =
844         N_("By default, updating the current branch in a non-bare repository\n"
845            "is denied, because it will make the index and work tree inconsistent\n"
846            "with what you pushed, and will require 'git reset --hard' to match\n"
847            "the work tree to HEAD.\n"
848            "\n"
849            "You can set the 'receive.denyCurrentBranch' configuration variable\n"
850            "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
851            "its current branch; however, this is not recommended unless you\n"
852            "arranged to update its work tree to match what you pushed in some\n"
853            "other way.\n"
854            "\n"
855            "To squelch this message and still keep the default behaviour, set\n"
856            "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
857
858 static void refuse_unconfigured_deny(void)
859 {
860         rp_error("%s", _(refuse_unconfigured_deny_msg));
861 }
862
863 static char *refuse_unconfigured_deny_delete_current_msg =
864         N_("By default, deleting the current branch is denied, because the next\n"
865            "'git clone' won't result in any file checked out, causing confusion.\n"
866            "\n"
867            "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
868            "'warn' or 'ignore' in the remote repository to allow deleting the\n"
869            "current branch, with or without a warning message.\n"
870            "\n"
871            "To squelch this message, you can set it to 'refuse'.");
872
873 static void refuse_unconfigured_deny_delete_current(void)
874 {
875         rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
876 }
877
878 static int command_singleton_iterator(void *cb_data, struct object_id *oid);
879 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
880 {
881         struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT;
882         struct oid_array extra = OID_ARRAY_INIT;
883         struct check_connected_options opt = CHECK_CONNECTED_INIT;
884         uint32_t mask = 1 << (cmd->index % 32);
885         int i;
886
887         trace_printf_key(&trace_shallow,
888                          "shallow: update_shallow_ref %s\n", cmd->ref_name);
889         for (i = 0; i < si->shallow->nr; i++)
890                 if (si->used_shallow[i] &&
891                     (si->used_shallow[i][cmd->index / 32] & mask) &&
892                     !delayed_reachability_test(si, i))
893                         oid_array_append(&extra, &si->shallow->oid[i]);
894
895         opt.env = tmp_objdir_env(tmp_objdir);
896         setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
897         if (check_connected(command_singleton_iterator, cmd, &opt)) {
898                 rollback_shallow_file(the_repository, &shallow_lock);
899                 oid_array_clear(&extra);
900                 return -1;
901         }
902
903         commit_shallow_file(the_repository, &shallow_lock);
904
905         /*
906          * Make sure setup_alternate_shallow() for the next ref does
907          * not lose these new roots..
908          */
909         for (i = 0; i < extra.nr; i++)
910                 register_shallow(the_repository, &extra.oid[i]);
911
912         si->shallow_ref[cmd->index] = 0;
913         oid_array_clear(&extra);
914         return 0;
915 }
916
917 /*
918  * NEEDSWORK: we should consolidate various implementions of "are we
919  * on an unborn branch?" test into one, and make the unified one more
920  * robust. !get_sha1() based check used here and elsewhere would not
921  * allow us to tell an unborn branch from corrupt ref, for example.
922  * For the purpose of fixing "deploy-to-update does not work when
923  * pushing into an empty repository" issue, this should suffice for
924  * now.
925  */
926 static int head_has_history(void)
927 {
928         struct object_id oid;
929
930         return !get_oid("HEAD", &oid);
931 }
932
933 static const char *push_to_deploy(unsigned char *sha1,
934                                   struct argv_array *env,
935                                   const char *work_tree)
936 {
937         const char *update_refresh[] = {
938                 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
939         };
940         const char *diff_files[] = {
941                 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
942         };
943         const char *diff_index[] = {
944                 "diff-index", "--quiet", "--cached", "--ignore-submodules",
945                 NULL, "--", NULL
946         };
947         const char *read_tree[] = {
948                 "read-tree", "-u", "-m", NULL, NULL
949         };
950         struct child_process child = CHILD_PROCESS_INIT;
951
952         child.argv = update_refresh;
953         child.env = env->argv;
954         child.dir = work_tree;
955         child.no_stdin = 1;
956         child.stdout_to_stderr = 1;
957         child.git_cmd = 1;
958         if (run_command(&child))
959                 return "Up-to-date check failed";
960
961         /* run_command() does not clean up completely; reinitialize */
962         child_process_init(&child);
963         child.argv = diff_files;
964         child.env = env->argv;
965         child.dir = work_tree;
966         child.no_stdin = 1;
967         child.stdout_to_stderr = 1;
968         child.git_cmd = 1;
969         if (run_command(&child))
970                 return "Working directory has unstaged changes";
971
972         /* diff-index with either HEAD or an empty tree */
973         diff_index[4] = head_has_history() ? "HEAD" : empty_tree_oid_hex();
974
975         child_process_init(&child);
976         child.argv = diff_index;
977         child.env = env->argv;
978         child.no_stdin = 1;
979         child.no_stdout = 1;
980         child.stdout_to_stderr = 0;
981         child.git_cmd = 1;
982         if (run_command(&child))
983                 return "Working directory has staged changes";
984
985         read_tree[3] = hash_to_hex(sha1);
986         child_process_init(&child);
987         child.argv = read_tree;
988         child.env = env->argv;
989         child.dir = work_tree;
990         child.no_stdin = 1;
991         child.no_stdout = 1;
992         child.stdout_to_stderr = 0;
993         child.git_cmd = 1;
994         if (run_command(&child))
995                 return "Could not update working tree to new HEAD";
996
997         return NULL;
998 }
999
1000 static const char *push_to_checkout_hook = "push-to-checkout";
1001
1002 static const char *push_to_checkout(unsigned char *hash,
1003                                     struct argv_array *env,
1004                                     const char *work_tree)
1005 {
1006         argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1007         if (run_hook_le(env->argv, push_to_checkout_hook,
1008                         hash_to_hex(hash), NULL))
1009                 return "push-to-checkout hook declined";
1010         else
1011                 return NULL;
1012 }
1013
1014 static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree)
1015 {
1016         const char *retval, *work_tree, *git_dir = NULL;
1017         struct argv_array env = ARGV_ARRAY_INIT;
1018
1019         if (worktree && worktree->path)
1020                 work_tree = worktree->path;
1021         else if (git_work_tree_cfg)
1022                 work_tree = git_work_tree_cfg;
1023         else
1024                 work_tree = "..";
1025
1026         if (is_bare_repository())
1027                 return "denyCurrentBranch = updateInstead needs a worktree";
1028         if (worktree)
1029                 git_dir = get_worktree_git_dir(worktree);
1030         if (!git_dir)
1031                 git_dir = get_git_dir();
1032
1033         argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
1034
1035         if (!find_hook(push_to_checkout_hook))
1036                 retval = push_to_deploy(sha1, &env, work_tree);
1037         else
1038                 retval = push_to_checkout(sha1, &env, work_tree);
1039
1040         argv_array_clear(&env);
1041         return retval;
1042 }
1043
1044 static const char *update(struct command *cmd, struct shallow_info *si)
1045 {
1046         const char *name = cmd->ref_name;
1047         struct strbuf namespaced_name_buf = STRBUF_INIT;
1048         static char *namespaced_name;
1049         const char *ret;
1050         struct object_id *old_oid = &cmd->old_oid;
1051         struct object_id *new_oid = &cmd->new_oid;
1052         int do_update_worktree = 0;
1053         const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name);
1054
1055         /* only refs/... are allowed */
1056         if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1057                 rp_error("refusing to create funny ref '%s' remotely", name);
1058                 return "funny refname";
1059         }
1060
1061         strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1062         free(namespaced_name);
1063         namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1064
1065         if (worktree) {
1066                 switch (deny_current_branch) {
1067                 case DENY_IGNORE:
1068                         break;
1069                 case DENY_WARN:
1070                         rp_warning("updating the current branch");
1071                         break;
1072                 case DENY_REFUSE:
1073                 case DENY_UNCONFIGURED:
1074                         rp_error("refusing to update checked out branch: %s", name);
1075                         if (deny_current_branch == DENY_UNCONFIGURED)
1076                                 refuse_unconfigured_deny();
1077                         return "branch is currently checked out";
1078                 case DENY_UPDATE_INSTEAD:
1079                         /* pass -- let other checks intervene first */
1080                         do_update_worktree = 1;
1081                         break;
1082                 }
1083         }
1084
1085         if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1086                 error("unpack should have generated %s, "
1087                       "but I can't find it!", oid_to_hex(new_oid));
1088                 return "bad pack";
1089         }
1090
1091         if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1092                 if (deny_deletes && starts_with(name, "refs/heads/")) {
1093                         rp_error("denying ref deletion for %s", name);
1094                         return "deletion prohibited";
1095                 }
1096
1097                 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) {
1098                         switch (deny_delete_current) {
1099                         case DENY_IGNORE:
1100                                 break;
1101                         case DENY_WARN:
1102                                 rp_warning("deleting the current branch");
1103                                 break;
1104                         case DENY_REFUSE:
1105                         case DENY_UNCONFIGURED:
1106                         case DENY_UPDATE_INSTEAD:
1107                                 if (deny_delete_current == DENY_UNCONFIGURED)
1108                                         refuse_unconfigured_deny_delete_current();
1109                                 rp_error("refusing to delete the current branch: %s", name);
1110                                 return "deletion of the current branch prohibited";
1111                         default:
1112                                 return "Invalid denyDeleteCurrent setting";
1113                         }
1114                 }
1115         }
1116
1117         if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1118             !is_null_oid(old_oid) &&
1119             starts_with(name, "refs/heads/")) {
1120                 struct object *old_object, *new_object;
1121                 struct commit *old_commit, *new_commit;
1122
1123                 old_object = parse_object(the_repository, old_oid);
1124                 new_object = parse_object(the_repository, new_oid);
1125
1126                 if (!old_object || !new_object ||
1127                     old_object->type != OBJ_COMMIT ||
1128                     new_object->type != OBJ_COMMIT) {
1129                         error("bad sha1 objects for %s", name);
1130                         return "bad ref";
1131                 }
1132                 old_commit = (struct commit *)old_object;
1133                 new_commit = (struct commit *)new_object;
1134                 if (!in_merge_bases(old_commit, new_commit)) {
1135                         rp_error("denying non-fast-forward %s"
1136                                  " (you should pull first)", name);
1137                         return "non-fast-forward";
1138                 }
1139         }
1140         if (run_update_hook(cmd)) {
1141                 rp_error("hook declined to update %s", name);
1142                 return "hook declined";
1143         }
1144
1145         if (do_update_worktree) {
1146                 ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name));
1147                 if (ret)
1148                         return ret;
1149         }
1150
1151         if (is_null_oid(new_oid)) {
1152                 struct strbuf err = STRBUF_INIT;
1153                 if (!parse_object(the_repository, old_oid)) {
1154                         old_oid = NULL;
1155                         if (ref_exists(name)) {
1156                                 rp_warning("Allowing deletion of corrupt ref.");
1157                         } else {
1158                                 rp_warning("Deleting a non-existent ref.");
1159                                 cmd->did_not_exist = 1;
1160                         }
1161                 }
1162                 if (ref_transaction_delete(transaction,
1163                                            namespaced_name,
1164                                            old_oid,
1165                                            0, "push", &err)) {
1166                         rp_error("%s", err.buf);
1167                         strbuf_release(&err);
1168                         return "failed to delete";
1169                 }
1170                 strbuf_release(&err);
1171                 return NULL; /* good */
1172         }
1173         else {
1174                 struct strbuf err = STRBUF_INIT;
1175                 if (shallow_update && si->shallow_ref[cmd->index] &&
1176                     update_shallow_ref(cmd, si))
1177                         return "shallow error";
1178
1179                 if (ref_transaction_update(transaction,
1180                                            namespaced_name,
1181                                            new_oid, old_oid,
1182                                            0, "push",
1183                                            &err)) {
1184                         rp_error("%s", err.buf);
1185                         strbuf_release(&err);
1186
1187                         return "failed to update ref";
1188                 }
1189                 strbuf_release(&err);
1190
1191                 return NULL; /* good */
1192         }
1193 }
1194
1195 static void run_update_post_hook(struct command *commands)
1196 {
1197         struct command *cmd;
1198         struct child_process proc = CHILD_PROCESS_INIT;
1199         const char *hook;
1200
1201         hook = find_hook("post-update");
1202         if (!hook)
1203                 return;
1204
1205         for (cmd = commands; cmd; cmd = cmd->next) {
1206                 if (cmd->error_string || cmd->did_not_exist)
1207                         continue;
1208                 if (!proc.args.argc)
1209                         argv_array_push(&proc.args, hook);
1210                 argv_array_push(&proc.args, cmd->ref_name);
1211         }
1212         if (!proc.args.argc)
1213                 return;
1214
1215         proc.no_stdin = 1;
1216         proc.stdout_to_stderr = 1;
1217         proc.err = use_sideband ? -1 : 0;
1218         proc.trace2_hook_name = "post-update";
1219
1220         if (!start_command(&proc)) {
1221                 if (use_sideband)
1222                         copy_to_sideband(proc.err, -1, NULL);
1223                 finish_command(&proc);
1224         }
1225 }
1226
1227 static void check_aliased_update_internal(struct command *cmd,
1228                                           struct string_list *list,
1229                                           const char *dst_name, int flag)
1230 {
1231         struct string_list_item *item;
1232         struct command *dst_cmd;
1233
1234         if (!(flag & REF_ISSYMREF))
1235                 return;
1236
1237         if (!dst_name) {
1238                 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1239                 cmd->skip_update = 1;
1240                 cmd->error_string = "broken symref";
1241                 return;
1242         }
1243         dst_name = strip_namespace(dst_name);
1244
1245         if ((item = string_list_lookup(list, dst_name)) == NULL)
1246                 return;
1247
1248         cmd->skip_update = 1;
1249
1250         dst_cmd = (struct command *) item->util;
1251
1252         if (oideq(&cmd->old_oid, &dst_cmd->old_oid) &&
1253             oideq(&cmd->new_oid, &dst_cmd->new_oid))
1254                 return;
1255
1256         dst_cmd->skip_update = 1;
1257
1258         rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1259                  " its target '%s' (%s..%s)",
1260                  cmd->ref_name,
1261                  find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1262                  find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1263                  dst_cmd->ref_name,
1264                  find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1265                  find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1266
1267         cmd->error_string = dst_cmd->error_string =
1268                 "inconsistent aliased update";
1269 }
1270
1271 static void check_aliased_update(struct command *cmd, struct string_list *list)
1272 {
1273         struct strbuf buf = STRBUF_INIT;
1274         const char *dst_name;
1275         int flag;
1276
1277         strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1278         dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1279         check_aliased_update_internal(cmd, list, dst_name, flag);
1280         strbuf_release(&buf);
1281 }
1282
1283 static void check_aliased_updates(struct command *commands)
1284 {
1285         struct command *cmd;
1286         struct string_list ref_list = STRING_LIST_INIT_NODUP;
1287
1288         for (cmd = commands; cmd; cmd = cmd->next) {
1289                 struct string_list_item *item =
1290                         string_list_append(&ref_list, cmd->ref_name);
1291                 item->util = (void *)cmd;
1292         }
1293         string_list_sort(&ref_list);
1294
1295         for (cmd = commands; cmd; cmd = cmd->next) {
1296                 if (!cmd->error_string)
1297                         check_aliased_update(cmd, &ref_list);
1298         }
1299
1300         string_list_clear(&ref_list, 0);
1301 }
1302
1303 static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1304 {
1305         struct command **cmd_list = cb_data;
1306         struct command *cmd = *cmd_list;
1307
1308         if (!cmd || is_null_oid(&cmd->new_oid))
1309                 return -1; /* end of list */
1310         *cmd_list = NULL; /* this returns only one */
1311         oidcpy(oid, &cmd->new_oid);
1312         return 0;
1313 }
1314
1315 static void set_connectivity_errors(struct command *commands,
1316                                     struct shallow_info *si)
1317 {
1318         struct command *cmd;
1319
1320         for (cmd = commands; cmd; cmd = cmd->next) {
1321                 struct command *singleton = cmd;
1322                 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1323
1324                 if (shallow_update && si->shallow_ref[cmd->index])
1325                         /* to be checked in update_shallow_ref() */
1326                         continue;
1327
1328                 opt.env = tmp_objdir_env(tmp_objdir);
1329                 if (!check_connected(command_singleton_iterator, &singleton,
1330                                      &opt))
1331                         continue;
1332
1333                 cmd->error_string = "missing necessary objects";
1334         }
1335 }
1336
1337 struct iterate_data {
1338         struct command *cmds;
1339         struct shallow_info *si;
1340 };
1341
1342 static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1343 {
1344         struct iterate_data *data = cb_data;
1345         struct command **cmd_list = &data->cmds;
1346         struct command *cmd = *cmd_list;
1347
1348         for (; cmd; cmd = cmd->next) {
1349                 if (shallow_update && data->si->shallow_ref[cmd->index])
1350                         /* to be checked in update_shallow_ref() */
1351                         continue;
1352                 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1353                         oidcpy(oid, &cmd->new_oid);
1354                         *cmd_list = cmd->next;
1355                         return 0;
1356                 }
1357         }
1358         *cmd_list = NULL;
1359         return -1; /* end of list */
1360 }
1361
1362 static void reject_updates_to_hidden(struct command *commands)
1363 {
1364         struct strbuf refname_full = STRBUF_INIT;
1365         size_t prefix_len;
1366         struct command *cmd;
1367
1368         strbuf_addstr(&refname_full, get_git_namespace());
1369         prefix_len = refname_full.len;
1370
1371         for (cmd = commands; cmd; cmd = cmd->next) {
1372                 if (cmd->error_string)
1373                         continue;
1374
1375                 strbuf_setlen(&refname_full, prefix_len);
1376                 strbuf_addstr(&refname_full, cmd->ref_name);
1377
1378                 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1379                         continue;
1380                 if (is_null_oid(&cmd->new_oid))
1381                         cmd->error_string = "deny deleting a hidden ref";
1382                 else
1383                         cmd->error_string = "deny updating a hidden ref";
1384         }
1385
1386         strbuf_release(&refname_full);
1387 }
1388
1389 static int should_process_cmd(struct command *cmd)
1390 {
1391         return !cmd->error_string && !cmd->skip_update;
1392 }
1393
1394 static void warn_if_skipped_connectivity_check(struct command *commands,
1395                                                struct shallow_info *si)
1396 {
1397         struct command *cmd;
1398         int checked_connectivity = 1;
1399
1400         for (cmd = commands; cmd; cmd = cmd->next) {
1401                 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1402                         error("BUG: connectivity check has not been run on ref %s",
1403                               cmd->ref_name);
1404                         checked_connectivity = 0;
1405                 }
1406         }
1407         if (!checked_connectivity)
1408                 BUG("connectivity check skipped???");
1409 }
1410
1411 static void execute_commands_non_atomic(struct command *commands,
1412                                         struct shallow_info *si)
1413 {
1414         struct command *cmd;
1415         struct strbuf err = STRBUF_INIT;
1416
1417         for (cmd = commands; cmd; cmd = cmd->next) {
1418                 if (!should_process_cmd(cmd))
1419                         continue;
1420
1421                 transaction = ref_transaction_begin(&err);
1422                 if (!transaction) {
1423                         rp_error("%s", err.buf);
1424                         strbuf_reset(&err);
1425                         cmd->error_string = "transaction failed to start";
1426                         continue;
1427                 }
1428
1429                 cmd->error_string = update(cmd, si);
1430
1431                 if (!cmd->error_string
1432                     && ref_transaction_commit(transaction, &err)) {
1433                         rp_error("%s", err.buf);
1434                         strbuf_reset(&err);
1435                         cmd->error_string = "failed to update ref";
1436                 }
1437                 ref_transaction_free(transaction);
1438         }
1439         strbuf_release(&err);
1440 }
1441
1442 static void execute_commands_atomic(struct command *commands,
1443                                         struct shallow_info *si)
1444 {
1445         struct command *cmd;
1446         struct strbuf err = STRBUF_INIT;
1447         const char *reported_error = "atomic push failure";
1448
1449         transaction = ref_transaction_begin(&err);
1450         if (!transaction) {
1451                 rp_error("%s", err.buf);
1452                 strbuf_reset(&err);
1453                 reported_error = "transaction failed to start";
1454                 goto failure;
1455         }
1456
1457         for (cmd = commands; cmd; cmd = cmd->next) {
1458                 if (!should_process_cmd(cmd))
1459                         continue;
1460
1461                 cmd->error_string = update(cmd, si);
1462
1463                 if (cmd->error_string)
1464                         goto failure;
1465         }
1466
1467         if (ref_transaction_commit(transaction, &err)) {
1468                 rp_error("%s", err.buf);
1469                 reported_error = "atomic transaction failed";
1470                 goto failure;
1471         }
1472         goto cleanup;
1473
1474 failure:
1475         for (cmd = commands; cmd; cmd = cmd->next)
1476                 if (!cmd->error_string)
1477                         cmd->error_string = reported_error;
1478
1479 cleanup:
1480         ref_transaction_free(transaction);
1481         strbuf_release(&err);
1482 }
1483
1484 static void execute_commands(struct command *commands,
1485                              const char *unpacker_error,
1486                              struct shallow_info *si,
1487                              const struct string_list *push_options)
1488 {
1489         struct check_connected_options opt = CHECK_CONNECTED_INIT;
1490         struct command *cmd;
1491         struct iterate_data data;
1492         struct async muxer;
1493         int err_fd = 0;
1494
1495         if (unpacker_error) {
1496                 for (cmd = commands; cmd; cmd = cmd->next)
1497                         cmd->error_string = "unpacker error";
1498                 return;
1499         }
1500
1501         if (use_sideband) {
1502                 memset(&muxer, 0, sizeof(muxer));
1503                 muxer.proc = copy_to_sideband;
1504                 muxer.in = -1;
1505                 if (!start_async(&muxer))
1506                         err_fd = muxer.in;
1507                 /* ...else, continue without relaying sideband */
1508         }
1509
1510         data.cmds = commands;
1511         data.si = si;
1512         opt.err_fd = err_fd;
1513         opt.progress = err_fd && !quiet;
1514         opt.env = tmp_objdir_env(tmp_objdir);
1515         if (check_connected(iterate_receive_command_list, &data, &opt))
1516                 set_connectivity_errors(commands, si);
1517
1518         if (use_sideband)
1519                 finish_async(&muxer);
1520
1521         reject_updates_to_hidden(commands);
1522
1523         if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1524                 for (cmd = commands; cmd; cmd = cmd->next) {
1525                         if (!cmd->error_string)
1526                                 cmd->error_string = "pre-receive hook declined";
1527                 }
1528                 return;
1529         }
1530
1531         /*
1532          * Now we'll start writing out refs, which means the objects need
1533          * to be in their final positions so that other processes can see them.
1534          */
1535         if (tmp_objdir_migrate(tmp_objdir) < 0) {
1536                 for (cmd = commands; cmd; cmd = cmd->next) {
1537                         if (!cmd->error_string)
1538                                 cmd->error_string = "unable to migrate objects to permanent storage";
1539                 }
1540                 return;
1541         }
1542         tmp_objdir = NULL;
1543
1544         check_aliased_updates(commands);
1545
1546         free(head_name_to_free);
1547         head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1548
1549         if (use_atomic)
1550                 execute_commands_atomic(commands, si);
1551         else
1552                 execute_commands_non_atomic(commands, si);
1553
1554         if (shallow_update)
1555                 warn_if_skipped_connectivity_check(commands, si);
1556 }
1557
1558 static struct command **queue_command(struct command **tail,
1559                                       const char *line,
1560                                       int linelen)
1561 {
1562         struct object_id old_oid, new_oid;
1563         struct command *cmd;
1564         const char *refname;
1565         int reflen;
1566         const char *p;
1567
1568         if (parse_oid_hex(line, &old_oid, &p) ||
1569             *p++ != ' ' ||
1570             parse_oid_hex(p, &new_oid, &p) ||
1571             *p++ != ' ')
1572                 die("protocol error: expected old/new/ref, got '%s'", line);
1573
1574         refname = p;
1575         reflen = linelen - (p - line);
1576         FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1577         oidcpy(&cmd->old_oid, &old_oid);
1578         oidcpy(&cmd->new_oid, &new_oid);
1579         *tail = cmd;
1580         return &cmd->next;
1581 }
1582
1583 static void queue_commands_from_cert(struct command **tail,
1584                                      struct strbuf *push_cert)
1585 {
1586         const char *boc, *eoc;
1587
1588         if (*tail)
1589                 die("protocol error: got both push certificate and unsigned commands");
1590
1591         boc = strstr(push_cert->buf, "\n\n");
1592         if (!boc)
1593                 die("malformed push certificate %.*s", 100, push_cert->buf);
1594         else
1595                 boc += 2;
1596         eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1597
1598         while (boc < eoc) {
1599                 const char *eol = memchr(boc, '\n', eoc - boc);
1600                 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1601                 boc = eol ? eol + 1 : eoc;
1602         }
1603 }
1604
1605 static struct command *read_head_info(struct packet_reader *reader,
1606                                       struct oid_array *shallow)
1607 {
1608         struct command *commands = NULL;
1609         struct command **p = &commands;
1610         for (;;) {
1611                 int linelen;
1612
1613                 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1614                         break;
1615
1616                 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) {
1617                         struct object_id oid;
1618                         if (get_oid_hex(reader->line + 8, &oid))
1619                                 die("protocol error: expected shallow sha, got '%s'",
1620                                     reader->line + 8);
1621                         oid_array_append(shallow, &oid);
1622                         continue;
1623                 }
1624
1625                 linelen = strlen(reader->line);
1626                 if (linelen < reader->pktlen) {
1627                         const char *feature_list = reader->line + linelen + 1;
1628                         const char *hash = NULL;
1629                         int len = 0;
1630                         if (parse_feature_request(feature_list, "report-status"))
1631                                 report_status = 1;
1632                         if (parse_feature_request(feature_list, "side-band-64k"))
1633                                 use_sideband = LARGE_PACKET_MAX;
1634                         if (parse_feature_request(feature_list, "quiet"))
1635                                 quiet = 1;
1636                         if (advertise_atomic_push
1637                             && parse_feature_request(feature_list, "atomic"))
1638                                 use_atomic = 1;
1639                         if (advertise_push_options
1640                             && parse_feature_request(feature_list, "push-options"))
1641                                 use_push_options = 1;
1642                         hash = parse_feature_value(feature_list, "object-format", &len, NULL);
1643                         if (!hash) {
1644                                 hash = hash_algos[GIT_HASH_SHA1].name;
1645                                 len = strlen(hash);
1646                         }
1647                         if (xstrncmpz(the_hash_algo->name, hash, len))
1648                                 die("error: unsupported object format '%s'", hash);
1649                 }
1650
1651                 if (!strcmp(reader->line, "push-cert")) {
1652                         int true_flush = 0;
1653                         int saved_options = reader->options;
1654                         reader->options &= ~PACKET_READ_CHOMP_NEWLINE;
1655
1656                         for (;;) {
1657                                 packet_reader_read(reader);
1658                                 if (reader->status == PACKET_READ_FLUSH) {
1659                                         true_flush = 1;
1660                                         break;
1661                                 }
1662                                 if (reader->status != PACKET_READ_NORMAL) {
1663                                         die("protocol error: got an unexpected packet");
1664                                 }
1665                                 if (!strcmp(reader->line, "push-cert-end\n"))
1666                                         break; /* end of cert */
1667                                 strbuf_addstr(&push_cert, reader->line);
1668                         }
1669                         reader->options = saved_options;
1670
1671                         if (true_flush)
1672                                 break;
1673                         continue;
1674                 }
1675
1676                 p = queue_command(p, reader->line, linelen);
1677         }
1678
1679         if (push_cert.len)
1680                 queue_commands_from_cert(p, &push_cert);
1681
1682         return commands;
1683 }
1684
1685 static void read_push_options(struct packet_reader *reader,
1686                               struct string_list *options)
1687 {
1688         while (1) {
1689                 if (packet_reader_read(reader) != PACKET_READ_NORMAL)
1690                         break;
1691
1692                 string_list_append(options, reader->line);
1693         }
1694 }
1695
1696 static const char *parse_pack_header(struct pack_header *hdr)
1697 {
1698         switch (read_pack_header(0, hdr)) {
1699         case PH_ERROR_EOF:
1700                 return "eof before pack header was fully read";
1701
1702         case PH_ERROR_PACK_SIGNATURE:
1703                 return "protocol error (pack signature mismatch detected)";
1704
1705         case PH_ERROR_PROTOCOL:
1706                 return "protocol error (pack version unsupported)";
1707
1708         default:
1709                 return "unknown error in parse_pack_header";
1710
1711         case 0:
1712                 return NULL;
1713         }
1714 }
1715
1716 static const char *pack_lockfile;
1717
1718 static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1719 {
1720         argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1721                         ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1722 }
1723
1724 static const char *unpack(int err_fd, struct shallow_info *si)
1725 {
1726         struct pack_header hdr;
1727         const char *hdr_err;
1728         int status;
1729         struct child_process child = CHILD_PROCESS_INIT;
1730         int fsck_objects = (receive_fsck_objects >= 0
1731                             ? receive_fsck_objects
1732                             : transfer_fsck_objects >= 0
1733                             ? transfer_fsck_objects
1734                             : 0);
1735
1736         hdr_err = parse_pack_header(&hdr);
1737         if (hdr_err) {
1738                 if (err_fd > 0)
1739                         close(err_fd);
1740                 return hdr_err;
1741         }
1742
1743         if (si->nr_ours || si->nr_theirs) {
1744                 alt_shallow_file = setup_temporary_shallow(si->shallow);
1745                 argv_array_push(&child.args, "--shallow-file");
1746                 argv_array_push(&child.args, alt_shallow_file);
1747         }
1748
1749         tmp_objdir = tmp_objdir_create();
1750         if (!tmp_objdir) {
1751                 if (err_fd > 0)
1752                         close(err_fd);
1753                 return "unable to create temporary object directory";
1754         }
1755         child.env = tmp_objdir_env(tmp_objdir);
1756
1757         /*
1758          * Normally we just pass the tmp_objdir environment to the child
1759          * processes that do the heavy lifting, but we may need to see these
1760          * objects ourselves to set up shallow information.
1761          */
1762         tmp_objdir_add_as_alternate(tmp_objdir);
1763
1764         if (ntohl(hdr.hdr_entries) < unpack_limit) {
1765                 argv_array_push(&child.args, "unpack-objects");
1766                 push_header_arg(&child.args, &hdr);
1767                 if (quiet)
1768                         argv_array_push(&child.args, "-q");
1769                 if (fsck_objects)
1770                         argv_array_pushf(&child.args, "--strict%s",
1771                                 fsck_msg_types.buf);
1772                 if (max_input_size)
1773                         argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1774                                 (uintmax_t)max_input_size);
1775                 child.no_stdout = 1;
1776                 child.err = err_fd;
1777                 child.git_cmd = 1;
1778                 status = run_command(&child);
1779                 if (status)
1780                         return "unpack-objects abnormal exit";
1781         } else {
1782                 char hostname[HOST_NAME_MAX + 1];
1783
1784                 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1785                 push_header_arg(&child.args, &hdr);
1786
1787                 if (xgethostname(hostname, sizeof(hostname)))
1788                         xsnprintf(hostname, sizeof(hostname), "localhost");
1789                 argv_array_pushf(&child.args,
1790                                  "--keep=receive-pack %"PRIuMAX" on %s",
1791                                  (uintmax_t)getpid(),
1792                                  hostname);
1793
1794                 if (!quiet && err_fd)
1795                         argv_array_push(&child.args, "--show-resolving-progress");
1796                 if (use_sideband)
1797                         argv_array_push(&child.args, "--report-end-of-input");
1798                 if (fsck_objects)
1799                         argv_array_pushf(&child.args, "--strict%s",
1800                                 fsck_msg_types.buf);
1801                 if (!reject_thin)
1802                         argv_array_push(&child.args, "--fix-thin");
1803                 if (max_input_size)
1804                         argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1805                                 (uintmax_t)max_input_size);
1806                 child.out = -1;
1807                 child.err = err_fd;
1808                 child.git_cmd = 1;
1809                 status = start_command(&child);
1810                 if (status)
1811                         return "index-pack fork failed";
1812                 pack_lockfile = index_pack_lockfile(child.out);
1813                 close(child.out);
1814                 status = finish_command(&child);
1815                 if (status)
1816                         return "index-pack abnormal exit";
1817                 reprepare_packed_git(the_repository);
1818         }
1819         return NULL;
1820 }
1821
1822 static const char *unpack_with_sideband(struct shallow_info *si)
1823 {
1824         struct async muxer;
1825         const char *ret;
1826
1827         if (!use_sideband)
1828                 return unpack(0, si);
1829
1830         use_keepalive = KEEPALIVE_AFTER_NUL;
1831         memset(&muxer, 0, sizeof(muxer));
1832         muxer.proc = copy_to_sideband;
1833         muxer.in = -1;
1834         if (start_async(&muxer))
1835                 return NULL;
1836
1837         ret = unpack(muxer.in, si);
1838
1839         finish_async(&muxer);
1840         return ret;
1841 }
1842
1843 static void prepare_shallow_update(struct shallow_info *si)
1844 {
1845         int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1846
1847         ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1848         assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1849
1850         si->need_reachability_test =
1851                 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1852         si->reachable =
1853                 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1854         si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1855
1856         for (i = 0; i < si->nr_ours; i++)
1857                 si->need_reachability_test[si->ours[i]] = 1;
1858
1859         for (i = 0; i < si->shallow->nr; i++) {
1860                 if (!si->used_shallow[i])
1861                         continue;
1862                 for (j = 0; j < bitmap_size; j++) {
1863                         if (!si->used_shallow[i][j])
1864                                 continue;
1865                         si->need_reachability_test[i]++;
1866                         for (k = 0; k < 32; k++)
1867                                 if (si->used_shallow[i][j] & (1U << k))
1868                                         si->shallow_ref[j * 32 + k]++;
1869                 }
1870
1871                 /*
1872                  * true for those associated with some refs and belong
1873                  * in "ours" list aka "step 7 not done yet"
1874                  */
1875                 si->need_reachability_test[i] =
1876                         si->need_reachability_test[i] > 1;
1877         }
1878
1879         /*
1880          * keep hooks happy by forcing a temporary shallow file via
1881          * env variable because we can't add --shallow-file to every
1882          * command. check_connected() will be done with
1883          * true .git/shallow though.
1884          */
1885         setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1886 }
1887
1888 static void update_shallow_info(struct command *commands,
1889                                 struct shallow_info *si,
1890                                 struct oid_array *ref)
1891 {
1892         struct command *cmd;
1893         int *ref_status;
1894         remove_nonexistent_theirs_shallow(si);
1895         if (!si->nr_ours && !si->nr_theirs) {
1896                 shallow_update = 0;
1897                 return;
1898         }
1899
1900         for (cmd = commands; cmd; cmd = cmd->next) {
1901                 if (is_null_oid(&cmd->new_oid))
1902                         continue;
1903                 oid_array_append(ref, &cmd->new_oid);
1904                 cmd->index = ref->nr - 1;
1905         }
1906         si->ref = ref;
1907
1908         if (shallow_update) {
1909                 prepare_shallow_update(si);
1910                 return;
1911         }
1912
1913         ALLOC_ARRAY(ref_status, ref->nr);
1914         assign_shallow_commits_to_refs(si, NULL, ref_status);
1915         for (cmd = commands; cmd; cmd = cmd->next) {
1916                 if (is_null_oid(&cmd->new_oid))
1917                         continue;
1918                 if (ref_status[cmd->index]) {
1919                         cmd->error_string = "shallow update not allowed";
1920                         cmd->skip_update = 1;
1921                 }
1922         }
1923         free(ref_status);
1924 }
1925
1926 static void report(struct command *commands, const char *unpack_status)
1927 {
1928         struct command *cmd;
1929         struct strbuf buf = STRBUF_INIT;
1930
1931         packet_buf_write(&buf, "unpack %s\n",
1932                          unpack_status ? unpack_status : "ok");
1933         for (cmd = commands; cmd; cmd = cmd->next) {
1934                 if (!cmd->error_string)
1935                         packet_buf_write(&buf, "ok %s\n",
1936                                          cmd->ref_name);
1937                 else
1938                         packet_buf_write(&buf, "ng %s %s\n",
1939                                          cmd->ref_name, cmd->error_string);
1940         }
1941         packet_buf_flush(&buf);
1942
1943         if (use_sideband)
1944                 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1945         else
1946                 write_or_die(1, buf.buf, buf.len);
1947         strbuf_release(&buf);
1948 }
1949
1950 static int delete_only(struct command *commands)
1951 {
1952         struct command *cmd;
1953         for (cmd = commands; cmd; cmd = cmd->next) {
1954                 if (!is_null_oid(&cmd->new_oid))
1955                         return 0;
1956         }
1957         return 1;
1958 }
1959
1960 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1961 {
1962         int advertise_refs = 0;
1963         struct command *commands;
1964         struct oid_array shallow = OID_ARRAY_INIT;
1965         struct oid_array ref = OID_ARRAY_INIT;
1966         struct shallow_info si;
1967         struct packet_reader reader;
1968
1969         struct option options[] = {
1970                 OPT__QUIET(&quiet, N_("quiet")),
1971                 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1972                 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1973                 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1974                 OPT_END()
1975         };
1976
1977         packet_trace_identity("receive-pack");
1978
1979         argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1980
1981         if (argc > 1)
1982                 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1983         if (argc == 0)
1984                 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1985
1986         service_dir = argv[0];
1987
1988         setup_path();
1989
1990         if (!enter_repo(service_dir, 0))
1991                 die("'%s' does not appear to be a git repository", service_dir);
1992
1993         git_config(receive_pack_config, NULL);
1994         if (cert_nonce_seed)
1995                 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1996
1997         if (0 <= transfer_unpack_limit)
1998                 unpack_limit = transfer_unpack_limit;
1999         else if (0 <= receive_unpack_limit)
2000                 unpack_limit = receive_unpack_limit;
2001
2002         switch (determine_protocol_version_server()) {
2003         case protocol_v2:
2004                 /*
2005                  * push support for protocol v2 has not been implemented yet,
2006                  * so ignore the request to use v2 and fallback to using v0.
2007                  */
2008                 break;
2009         case protocol_v1:
2010                 /*
2011                  * v1 is just the original protocol with a version string,
2012                  * so just fall through after writing the version string.
2013                  */
2014                 if (advertise_refs || !stateless_rpc)
2015                         packet_write_fmt(1, "version 1\n");
2016
2017                 /* fallthrough */
2018         case protocol_v0:
2019                 break;
2020         case protocol_unknown_version:
2021                 BUG("unknown protocol version");
2022         }
2023
2024         if (advertise_refs || !stateless_rpc) {
2025                 write_head_info();
2026         }
2027         if (advertise_refs)
2028                 return 0;
2029
2030         packet_reader_init(&reader, 0, NULL, 0,
2031                            PACKET_READ_CHOMP_NEWLINE |
2032                            PACKET_READ_DIE_ON_ERR_PACKET);
2033
2034         if ((commands = read_head_info(&reader, &shallow)) != NULL) {
2035                 const char *unpack_status = NULL;
2036                 struct string_list push_options = STRING_LIST_INIT_DUP;
2037
2038                 if (use_push_options)
2039                         read_push_options(&reader, &push_options);
2040                 if (!check_cert_push_options(&push_options)) {
2041                         struct command *cmd;
2042                         for (cmd = commands; cmd; cmd = cmd->next)
2043                                 cmd->error_string = "inconsistent push options";
2044                 }
2045
2046                 prepare_shallow_info(&si, &shallow);
2047                 if (!si.nr_ours && !si.nr_theirs)
2048                         shallow_update = 0;
2049                 if (!delete_only(commands)) {
2050                         unpack_status = unpack_with_sideband(&si);
2051                         update_shallow_info(commands, &si, &ref);
2052                 }
2053                 use_keepalive = KEEPALIVE_ALWAYS;
2054                 execute_commands(commands, unpack_status, &si,
2055                                  &push_options);
2056                 if (pack_lockfile)
2057                         unlink_or_warn(pack_lockfile);
2058                 if (report_status)
2059                         report(commands, unpack_status);
2060                 run_receive_hook(commands, "post-receive", 1,
2061                                  &push_options);
2062                 run_update_post_hook(commands);
2063                 string_list_clear(&push_options, 0);
2064                 if (auto_gc) {
2065                         const char *argv_gc_auto[] = {
2066                                 "gc", "--auto", "--quiet", NULL,
2067                         };
2068                         struct child_process proc = CHILD_PROCESS_INIT;
2069
2070                         proc.no_stdin = 1;
2071                         proc.stdout_to_stderr = 1;
2072                         proc.err = use_sideband ? -1 : 0;
2073                         proc.git_cmd = 1;
2074                         proc.argv = argv_gc_auto;
2075
2076                         close_object_store(the_repository->objects);
2077                         if (!start_command(&proc)) {
2078                                 if (use_sideband)
2079                                         copy_to_sideband(proc.err, -1, NULL);
2080                                 finish_command(&proc);
2081                         }
2082                 }
2083                 if (auto_update_server_info)
2084                         update_server_info(0);
2085                 clear_shallow_info(&si);
2086         }
2087         if (use_sideband)
2088                 packet_flush(1);
2089         oid_array_clear(&shallow);
2090         oid_array_clear(&ref);
2091         free((void *)push_cert_nonce);
2092         return 0;
2093 }