7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int advertise_atomic_push = 1;
42 static int unpack_limit = 100;
43 static int report_status;
44 static int use_sideband;
45 static int use_atomic;
47 static int prefer_ofs_delta = 1;
48 static int auto_update_server_info;
49 static int auto_gc = 1;
50 static int fix_thin = 1;
51 static int stateless_rpc;
52 static const char *service_dir;
53 static const char *head_name;
54 static void *head_name_to_free;
55 static int sent_capabilities;
56 static int shallow_update;
57 static const char *alt_shallow_file;
58 static struct strbuf push_cert = STRBUF_INIT;
59 static unsigned char push_cert_sha1[20];
60 static struct signature_check sigcheck;
61 static const char *push_cert_nonce;
62 static const char *cert_nonce_seed;
64 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65 static const char *NONCE_BAD = "BAD";
66 static const char *NONCE_MISSING = "MISSING";
67 static const char *NONCE_OK = "OK";
68 static const char *NONCE_SLOP = "SLOP";
69 static const char *nonce_status;
70 static long nonce_stamp_slop;
71 static unsigned long nonce_stamp_slop_limit;
72 static struct ref_transaction *transaction;
74 static enum deny_action parse_deny_action(const char *var, const char *value)
77 if (!strcasecmp(value, "ignore"))
79 if (!strcasecmp(value, "warn"))
81 if (!strcasecmp(value, "refuse"))
83 if (!strcasecmp(value, "updateinstead"))
84 return DENY_UPDATE_INSTEAD;
86 if (git_config_bool(var, value))
91 static int receive_pack_config(const char *var, const char *value, void *cb)
93 int status = parse_hide_refs_config(var, value, "receive");
98 if (strcmp(var, "receive.denydeletes") == 0) {
99 deny_deletes = git_config_bool(var, value);
103 if (strcmp(var, "receive.denynonfastforwards") == 0) {
104 deny_non_fast_forwards = git_config_bool(var, value);
108 if (strcmp(var, "receive.unpacklimit") == 0) {
109 receive_unpack_limit = git_config_int(var, value);
113 if (strcmp(var, "transfer.unpacklimit") == 0) {
114 transfer_unpack_limit = git_config_int(var, value);
118 if (strcmp(var, "receive.fsckobjects") == 0) {
119 receive_fsck_objects = git_config_bool(var, value);
123 if (strcmp(var, "transfer.fsckobjects") == 0) {
124 transfer_fsck_objects = git_config_bool(var, value);
128 if (!strcmp(var, "receive.denycurrentbranch")) {
129 deny_current_branch = parse_deny_action(var, value);
133 if (strcmp(var, "receive.denydeletecurrent") == 0) {
134 deny_delete_current = parse_deny_action(var, value);
138 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139 prefer_ofs_delta = git_config_bool(var, value);
143 if (strcmp(var, "receive.updateserverinfo") == 0) {
144 auto_update_server_info = git_config_bool(var, value);
148 if (strcmp(var, "receive.autogc") == 0) {
149 auto_gc = git_config_bool(var, value);
153 if (strcmp(var, "receive.shallowupdate") == 0) {
154 shallow_update = git_config_bool(var, value);
158 if (strcmp(var, "receive.certnonceseed") == 0)
159 return git_config_string(&cert_nonce_seed, var, value);
161 if (strcmp(var, "receive.certnonceslop") == 0) {
162 nonce_stamp_slop_limit = git_config_ulong(var, value);
166 if (strcmp(var, "receive.advertiseatomic") == 0) {
167 advertise_atomic_push = git_config_bool(var, value);
171 return git_default_config(var, value, cb);
174 static void show_ref(const char *path, const unsigned char *sha1)
176 if (ref_is_hidden(path))
179 if (sent_capabilities) {
180 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
182 struct strbuf cap = STRBUF_INIT;
185 "report-status delete-refs side-band-64k quiet");
186 if (advertise_atomic_push)
187 strbuf_addstr(&cap, " atomic");
188 if (prefer_ofs_delta)
189 strbuf_addstr(&cap, " ofs-delta");
191 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193 packet_write(1, "%s %s%c%s\n",
194 sha1_to_hex(sha1), path, 0, cap.buf);
195 strbuf_release(&cap);
196 sent_capabilities = 1;
200 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
202 path = strip_namespace(path);
204 * Advertise refs outside our current namespace as ".have"
205 * refs, so that the client can use them to minimize data
206 * transfer but will otherwise ignore them. This happens to
207 * cover ".have" that are thrown in by add_one_alternate_ref()
208 * to mark histories that are complete in our alternates as
213 show_ref(path, sha1);
217 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
219 show_ref(".have", sha1);
222 static void collect_one_alternate_ref(const struct ref *ref, void *data)
224 struct sha1_array *sa = data;
225 sha1_array_append(sa, ref->old_sha1);
228 static void write_head_info(void)
230 struct sha1_array sa = SHA1_ARRAY_INIT;
231 for_each_alternate_ref(collect_one_alternate_ref, &sa);
232 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
233 sha1_array_clear(&sa);
234 for_each_ref(show_ref_cb, NULL);
235 if (!sent_capabilities)
236 show_ref("capabilities^{}", null_sha1);
238 advertise_shallow_grafts(1);
245 struct command *next;
246 const char *error_string;
247 unsigned int skip_update:1,
250 unsigned char old_sha1[20];
251 unsigned char new_sha1[20];
252 char ref_name[FLEX_ARRAY]; /* more */
255 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
256 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
258 static void report_message(const char *prefix, const char *err, va_list params)
260 int sz = strlen(prefix);
263 strncpy(msg, prefix, sz);
264 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
265 if (sz > (sizeof(msg) - 1))
266 sz = sizeof(msg) - 1;
270 send_sideband(1, 2, msg, sz, use_sideband);
275 static void rp_warning(const char *err, ...)
278 va_start(params, err);
279 report_message("warning: ", err, params);
283 static void rp_error(const char *err, ...)
286 va_start(params, err);
287 report_message("error: ", err, params);
291 static int copy_to_sideband(int in, int out, void *arg)
295 ssize_t sz = xread(in, data, sizeof(data));
298 send_sideband(1, 2, data, sz, use_sideband);
304 #define HMAC_BLOCK_SIZE 64
306 static void hmac_sha1(unsigned char *out,
307 const char *key_in, size_t key_len,
308 const char *text, size_t text_len)
310 unsigned char key[HMAC_BLOCK_SIZE];
311 unsigned char k_ipad[HMAC_BLOCK_SIZE];
312 unsigned char k_opad[HMAC_BLOCK_SIZE];
316 /* RFC 2104 2. (1) */
317 memset(key, '\0', HMAC_BLOCK_SIZE);
318 if (HMAC_BLOCK_SIZE < key_len) {
320 git_SHA1_Update(&ctx, key_in, key_len);
321 git_SHA1_Final(key, &ctx);
323 memcpy(key, key_in, key_len);
326 /* RFC 2104 2. (2) & (5) */
327 for (i = 0; i < sizeof(key); i++) {
328 k_ipad[i] = key[i] ^ 0x36;
329 k_opad[i] = key[i] ^ 0x5c;
332 /* RFC 2104 2. (3) & (4) */
334 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
335 git_SHA1_Update(&ctx, text, text_len);
336 git_SHA1_Final(out, &ctx);
338 /* RFC 2104 2. (6) & (7) */
340 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
341 git_SHA1_Update(&ctx, out, 20);
342 git_SHA1_Final(out, &ctx);
345 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
347 struct strbuf buf = STRBUF_INIT;
348 unsigned char sha1[20];
350 strbuf_addf(&buf, "%s:%lu", path, stamp);
351 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
352 strbuf_release(&buf);
354 /* RFC 2104 5. HMAC-SHA1-80 */
355 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
356 return strbuf_detach(&buf, NULL);
360 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
361 * after dropping "_commit" from its name and possibly moving it out
364 static char *find_header(const char *msg, size_t len, const char *key)
366 int key_len = strlen(key);
367 const char *line = msg;
369 while (line && line < msg + len) {
370 const char *eol = strchrnul(line, '\n');
372 if ((msg + len <= eol) || line == eol)
374 if (line + key_len < eol &&
375 !memcmp(line, key, key_len) && line[key_len] == ' ') {
376 int offset = key_len + 1;
377 return xmemdupz(line + offset, (eol - line) - offset);
379 line = *eol ? eol + 1 : NULL;
384 static const char *check_nonce(const char *buf, size_t len)
386 char *nonce = find_header(buf, len, "nonce");
387 unsigned long stamp, ostamp;
388 char *bohmac, *expect = NULL;
389 const char *retval = NONCE_BAD;
392 retval = NONCE_MISSING;
394 } else if (!push_cert_nonce) {
395 retval = NONCE_UNSOLICITED;
397 } else if (!strcmp(push_cert_nonce, nonce)) {
402 if (!stateless_rpc) {
403 /* returned nonce MUST match what we gave out earlier */
409 * In stateless mode, we may be receiving a nonce issued by
410 * another instance of the server that serving the same
411 * repository, and the timestamps may not match, but the
412 * nonce-seed and dir should match, so we can recompute and
413 * report the time slop.
415 * In addition, when a nonce issued by another instance has
416 * timestamp within receive.certnonceslop seconds, we pretend
417 * as if we issued that nonce when reporting to the hook.
420 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
421 if (*nonce <= '0' || '9' < *nonce) {
425 stamp = strtoul(nonce, &bohmac, 10);
426 if (bohmac == nonce || bohmac[0] != '-') {
431 expect = prepare_push_cert_nonce(service_dir, stamp);
432 if (strcmp(expect, nonce)) {
433 /* Not what we would have signed earlier */
439 * By how many seconds is this nonce stale? Negative value
440 * would mean it was issued by another server with its clock
441 * skewed in the future.
443 ostamp = strtoul(push_cert_nonce, NULL, 10);
444 nonce_stamp_slop = (long)ostamp - (long)stamp;
446 if (nonce_stamp_slop_limit &&
447 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
449 * Pretend as if the received nonce (which passes the
450 * HMAC check, so it is not a forged by third-party)
453 free((void *)push_cert_nonce);
454 push_cert_nonce = xstrdup(nonce);
466 static void prepare_push_cert_sha1(struct child_process *proc)
468 static int already_done;
474 struct strbuf gpg_output = STRBUF_INIT;
475 struct strbuf gpg_status = STRBUF_INIT;
476 int bogs /* beginning_of_gpg_sig */;
479 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
480 hashclr(push_cert_sha1);
482 memset(&sigcheck, '\0', sizeof(sigcheck));
483 sigcheck.result = 'N';
485 bogs = parse_signature(push_cert.buf, push_cert.len);
486 if (verify_signed_buffer(push_cert.buf, bogs,
487 push_cert.buf + bogs, push_cert.len - bogs,
488 &gpg_output, &gpg_status) < 0) {
489 ; /* error running gpg */
491 sigcheck.payload = push_cert.buf;
492 sigcheck.gpg_output = gpg_output.buf;
493 sigcheck.gpg_status = gpg_status.buf;
494 parse_gpg_output(&sigcheck);
497 strbuf_release(&gpg_output);
498 strbuf_release(&gpg_status);
499 nonce_status = check_nonce(push_cert.buf, bogs);
501 if (!is_null_sha1(push_cert_sha1)) {
502 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
503 sha1_to_hex(push_cert_sha1));
504 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
505 sigcheck.signer ? sigcheck.signer : "");
506 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
507 sigcheck.key ? sigcheck.key : "");
508 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
510 if (push_cert_nonce) {
511 argv_array_pushf(&proc->env_array,
512 "GIT_PUSH_CERT_NONCE=%s",
514 argv_array_pushf(&proc->env_array,
515 "GIT_PUSH_CERT_NONCE_STATUS=%s",
517 if (nonce_status == NONCE_SLOP)
518 argv_array_pushf(&proc->env_array,
519 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
525 typedef int (*feed_fn)(void *, const char **, size_t *);
526 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
528 struct child_process proc = CHILD_PROCESS_INIT;
533 argv[0] = find_hook(hook_name);
541 proc.stdout_to_stderr = 1;
544 memset(&muxer, 0, sizeof(muxer));
545 muxer.proc = copy_to_sideband;
547 code = start_async(&muxer);
553 prepare_push_cert_sha1(&proc);
555 code = start_command(&proc);
558 finish_async(&muxer);
562 sigchain_push(SIGPIPE, SIG_IGN);
567 if (feed(feed_state, &buf, &n))
569 if (write_in_full(proc.in, buf, n) != n)
574 finish_async(&muxer);
576 sigchain_pop(SIGPIPE);
578 return finish_command(&proc);
581 struct receive_hook_feed_state {
587 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
589 struct receive_hook_feed_state *state = state_;
590 struct command *cmd = state->cmd;
593 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
597 strbuf_reset(&state->buf);
598 strbuf_addf(&state->buf, "%s %s %s\n",
599 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
601 state->cmd = cmd->next;
603 *bufp = state->buf.buf;
604 *sizep = state->buf.len;
609 static int run_receive_hook(struct command *commands, const char *hook_name,
612 struct receive_hook_feed_state state;
615 strbuf_init(&state.buf, 0);
616 state.cmd = commands;
617 state.skip_broken = skip_broken;
618 if (feed_receive_hook(&state, NULL, NULL))
620 state.cmd = commands;
621 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
622 strbuf_release(&state.buf);
626 static int run_update_hook(struct command *cmd)
629 struct child_process proc = CHILD_PROCESS_INIT;
632 argv[0] = find_hook("update");
636 argv[1] = cmd->ref_name;
637 argv[2] = sha1_to_hex(cmd->old_sha1);
638 argv[3] = sha1_to_hex(cmd->new_sha1);
642 proc.stdout_to_stderr = 1;
643 proc.err = use_sideband ? -1 : 0;
646 code = start_command(&proc);
650 copy_to_sideband(proc.err, -1, NULL);
651 return finish_command(&proc);
654 static int is_ref_checked_out(const char *ref)
656 if (is_bare_repository())
661 return !strcmp(head_name, ref);
664 static char *refuse_unconfigured_deny_msg[] = {
665 "By default, updating the current branch in a non-bare repository",
666 "is denied, because it will make the index and work tree inconsistent",
667 "with what you pushed, and will require 'git reset --hard' to match",
668 "the work tree to HEAD.",
670 "You can set 'receive.denyCurrentBranch' configuration variable to",
671 "'ignore' or 'warn' in the remote repository to allow pushing into",
672 "its current branch; however, this is not recommended unless you",
673 "arranged to update its work tree to match what you pushed in some",
676 "To squelch this message and still keep the default behaviour, set",
677 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
680 static void refuse_unconfigured_deny(void)
683 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
684 rp_error("%s", refuse_unconfigured_deny_msg[i]);
687 static char *refuse_unconfigured_deny_delete_current_msg[] = {
688 "By default, deleting the current branch is denied, because the next",
689 "'git clone' won't result in any file checked out, causing confusion.",
691 "You can set 'receive.denyDeleteCurrent' configuration variable to",
692 "'warn' or 'ignore' in the remote repository to allow deleting the",
693 "current branch, with or without a warning message.",
695 "To squelch this message, you can set it to 'refuse'."
698 static void refuse_unconfigured_deny_delete_current(void)
702 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
704 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
707 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
708 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
710 static struct lock_file shallow_lock;
711 struct sha1_array extra = SHA1_ARRAY_INIT;
712 const char *alt_file;
713 uint32_t mask = 1 << (cmd->index % 32);
716 trace_printf_key(&trace_shallow,
717 "shallow: update_shallow_ref %s\n", cmd->ref_name);
718 for (i = 0; i < si->shallow->nr; i++)
719 if (si->used_shallow[i] &&
720 (si->used_shallow[i][cmd->index / 32] & mask) &&
721 !delayed_reachability_test(si, i))
722 sha1_array_append(&extra, si->shallow->sha1[i]);
724 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
725 if (check_shallow_connected(command_singleton_iterator,
727 rollback_lock_file(&shallow_lock);
728 sha1_array_clear(&extra);
732 commit_lock_file(&shallow_lock);
735 * Make sure setup_alternate_shallow() for the next ref does
736 * not lose these new roots..
738 for (i = 0; i < extra.nr; i++)
739 register_shallow(extra.sha1[i]);
741 si->shallow_ref[cmd->index] = 0;
742 sha1_array_clear(&extra);
746 static const char *push_to_deploy(unsigned char *sha1,
747 struct argv_array *env,
748 const char *work_tree)
750 const char *update_refresh[] = {
751 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
753 const char *diff_files[] = {
754 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
756 const char *diff_index[] = {
757 "diff-index", "--quiet", "--cached", "--ignore-submodules",
760 const char *read_tree[] = {
761 "read-tree", "-u", "-m", NULL, NULL
763 struct child_process child = CHILD_PROCESS_INIT;
765 child.argv = update_refresh;
766 child.env = env->argv;
767 child.dir = work_tree;
769 child.stdout_to_stderr = 1;
771 if (run_command(&child))
772 return "Up-to-date check failed";
774 /* run_command() does not clean up completely; reinitialize */
775 child_process_init(&child);
776 child.argv = diff_files;
777 child.env = env->argv;
778 child.dir = work_tree;
780 child.stdout_to_stderr = 1;
782 if (run_command(&child))
783 return "Working directory has unstaged changes";
785 child_process_init(&child);
786 child.argv = diff_index;
787 child.env = env->argv;
790 child.stdout_to_stderr = 0;
792 if (run_command(&child))
793 return "Working directory has staged changes";
795 read_tree[3] = sha1_to_hex(sha1);
796 child_process_init(&child);
797 child.argv = read_tree;
798 child.env = env->argv;
799 child.dir = work_tree;
802 child.stdout_to_stderr = 0;
804 if (run_command(&child))
805 return "Could not update working tree to new HEAD";
810 static const char *push_to_checkout_hook = "push-to-checkout";
812 static const char *push_to_checkout(unsigned char *sha1,
813 struct argv_array *env,
814 const char *work_tree)
816 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
817 if (run_hook_le(env->argv, push_to_checkout_hook,
818 sha1_to_hex(sha1), NULL))
819 return "push-to-checkout hook declined";
824 static const char *update_worktree(unsigned char *sha1)
827 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
828 struct argv_array env = ARGV_ARRAY_INIT;
830 if (is_bare_repository())
831 return "denyCurrentBranch = updateInstead needs a worktree";
833 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
835 if (!find_hook(push_to_checkout_hook))
836 retval = push_to_deploy(sha1, &env, work_tree);
838 retval = push_to_checkout(sha1, &env, work_tree);
840 argv_array_clear(&env);
844 static const char *update(struct command *cmd, struct shallow_info *si)
846 const char *name = cmd->ref_name;
847 struct strbuf namespaced_name_buf = STRBUF_INIT;
848 const char *namespaced_name, *ret;
849 unsigned char *old_sha1 = cmd->old_sha1;
850 unsigned char *new_sha1 = cmd->new_sha1;
852 /* only refs/... are allowed */
853 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
854 rp_error("refusing to create funny ref '%s' remotely", name);
855 return "funny refname";
858 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
859 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
861 if (is_ref_checked_out(namespaced_name)) {
862 switch (deny_current_branch) {
866 rp_warning("updating the current branch");
869 case DENY_UNCONFIGURED:
870 rp_error("refusing to update checked out branch: %s", name);
871 if (deny_current_branch == DENY_UNCONFIGURED)
872 refuse_unconfigured_deny();
873 return "branch is currently checked out";
874 case DENY_UPDATE_INSTEAD:
875 ret = update_worktree(new_sha1);
882 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
883 error("unpack should have generated %s, "
884 "but I can't find it!", sha1_to_hex(new_sha1));
888 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
889 if (deny_deletes && starts_with(name, "refs/heads/")) {
890 rp_error("denying ref deletion for %s", name);
891 return "deletion prohibited";
894 if (!strcmp(namespaced_name, head_name)) {
895 switch (deny_delete_current) {
899 rp_warning("deleting the current branch");
902 case DENY_UNCONFIGURED:
903 case DENY_UPDATE_INSTEAD:
904 if (deny_delete_current == DENY_UNCONFIGURED)
905 refuse_unconfigured_deny_delete_current();
906 rp_error("refusing to delete the current branch: %s", name);
907 return "deletion of the current branch prohibited";
909 return "Invalid denyDeleteCurrent setting";
914 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
915 !is_null_sha1(old_sha1) &&
916 starts_with(name, "refs/heads/")) {
917 struct object *old_object, *new_object;
918 struct commit *old_commit, *new_commit;
920 old_object = parse_object(old_sha1);
921 new_object = parse_object(new_sha1);
923 if (!old_object || !new_object ||
924 old_object->type != OBJ_COMMIT ||
925 new_object->type != OBJ_COMMIT) {
926 error("bad sha1 objects for %s", name);
929 old_commit = (struct commit *)old_object;
930 new_commit = (struct commit *)new_object;
931 if (!in_merge_bases(old_commit, new_commit)) {
932 rp_error("denying non-fast-forward %s"
933 " (you should pull first)", name);
934 return "non-fast-forward";
937 if (run_update_hook(cmd)) {
938 rp_error("hook declined to update %s", name);
939 return "hook declined";
942 if (is_null_sha1(new_sha1)) {
943 struct strbuf err = STRBUF_INIT;
944 if (!parse_object(old_sha1)) {
946 if (ref_exists(name)) {
947 rp_warning("Allowing deletion of corrupt ref.");
949 rp_warning("Deleting a non-existent ref.");
950 cmd->did_not_exist = 1;
953 if (ref_transaction_delete(transaction,
958 rp_error("%s", err.buf);
959 strbuf_release(&err);
960 return "failed to delete";
962 strbuf_release(&err);
963 return NULL; /* good */
966 struct strbuf err = STRBUF_INIT;
967 if (shallow_update && si->shallow_ref[cmd->index] &&
968 update_shallow_ref(cmd, si))
969 return "shallow error";
971 if (ref_transaction_update(transaction,
976 rp_error("%s", err.buf);
977 strbuf_release(&err);
979 return "failed to update ref";
981 strbuf_release(&err);
983 return NULL; /* good */
987 static void run_update_post_hook(struct command *commands)
992 struct child_process proc = CHILD_PROCESS_INIT;
995 hook = find_hook("post-update");
996 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
997 if (cmd->error_string || cmd->did_not_exist)
1004 argv = xmalloc(sizeof(*argv) * (2 + argc));
1007 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1008 if (cmd->error_string || cmd->did_not_exist)
1010 argv[argc] = xstrdup(cmd->ref_name);
1016 proc.stdout_to_stderr = 1;
1017 proc.err = use_sideband ? -1 : 0;
1020 if (!start_command(&proc)) {
1022 copy_to_sideband(proc.err, -1, NULL);
1023 finish_command(&proc);
1027 static void check_aliased_update(struct command *cmd, struct string_list *list)
1029 struct strbuf buf = STRBUF_INIT;
1030 const char *dst_name;
1031 struct string_list_item *item;
1032 struct command *dst_cmd;
1033 unsigned char sha1[20];
1034 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1037 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1038 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1039 strbuf_release(&buf);
1041 if (!(flag & REF_ISSYMREF))
1044 dst_name = strip_namespace(dst_name);
1046 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1047 cmd->skip_update = 1;
1048 cmd->error_string = "broken symref";
1052 if ((item = string_list_lookup(list, dst_name)) == NULL)
1055 cmd->skip_update = 1;
1057 dst_cmd = (struct command *) item->util;
1059 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1060 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1063 dst_cmd->skip_update = 1;
1065 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1066 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1067 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1068 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1069 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1070 " its target '%s' (%s..%s)",
1071 cmd->ref_name, cmd_oldh, cmd_newh,
1072 dst_cmd->ref_name, dst_oldh, dst_newh);
1074 cmd->error_string = dst_cmd->error_string =
1075 "inconsistent aliased update";
1078 static void check_aliased_updates(struct command *commands)
1080 struct command *cmd;
1081 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1083 for (cmd = commands; cmd; cmd = cmd->next) {
1084 struct string_list_item *item =
1085 string_list_append(&ref_list, cmd->ref_name);
1086 item->util = (void *)cmd;
1088 string_list_sort(&ref_list);
1090 for (cmd = commands; cmd; cmd = cmd->next) {
1091 if (!cmd->error_string)
1092 check_aliased_update(cmd, &ref_list);
1095 string_list_clear(&ref_list, 0);
1098 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1100 struct command **cmd_list = cb_data;
1101 struct command *cmd = *cmd_list;
1103 if (!cmd || is_null_sha1(cmd->new_sha1))
1104 return -1; /* end of list */
1105 *cmd_list = NULL; /* this returns only one */
1106 hashcpy(sha1, cmd->new_sha1);
1110 static void set_connectivity_errors(struct command *commands,
1111 struct shallow_info *si)
1113 struct command *cmd;
1115 for (cmd = commands; cmd; cmd = cmd->next) {
1116 struct command *singleton = cmd;
1117 if (shallow_update && si->shallow_ref[cmd->index])
1118 /* to be checked in update_shallow_ref() */
1120 if (!check_everything_connected(command_singleton_iterator,
1123 cmd->error_string = "missing necessary objects";
1127 struct iterate_data {
1128 struct command *cmds;
1129 struct shallow_info *si;
1132 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1134 struct iterate_data *data = cb_data;
1135 struct command **cmd_list = &data->cmds;
1136 struct command *cmd = *cmd_list;
1138 for (; cmd; cmd = cmd->next) {
1139 if (shallow_update && data->si->shallow_ref[cmd->index])
1140 /* to be checked in update_shallow_ref() */
1142 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1143 hashcpy(sha1, cmd->new_sha1);
1144 *cmd_list = cmd->next;
1149 return -1; /* end of list */
1152 static void reject_updates_to_hidden(struct command *commands)
1154 struct command *cmd;
1156 for (cmd = commands; cmd; cmd = cmd->next) {
1157 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1159 if (is_null_sha1(cmd->new_sha1))
1160 cmd->error_string = "deny deleting a hidden ref";
1162 cmd->error_string = "deny updating a hidden ref";
1166 static int should_process_cmd(struct command *cmd)
1168 return !cmd->error_string && !cmd->skip_update;
1171 static void warn_if_skipped_connectivity_check(struct command *commands,
1172 struct shallow_info *si)
1174 struct command *cmd;
1175 int checked_connectivity = 1;
1177 for (cmd = commands; cmd; cmd = cmd->next) {
1178 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1179 error("BUG: connectivity check has not been run on ref %s",
1181 checked_connectivity = 0;
1184 if (!checked_connectivity)
1185 die("BUG: connectivity check skipped???");
1188 static void execute_commands_non_atomic(struct command *commands,
1189 struct shallow_info *si)
1191 struct command *cmd;
1192 struct strbuf err = STRBUF_INIT;
1194 for (cmd = commands; cmd; cmd = cmd->next) {
1195 if (!should_process_cmd(cmd))
1198 transaction = ref_transaction_begin(&err);
1200 rp_error("%s", err.buf);
1202 cmd->error_string = "transaction failed to start";
1206 cmd->error_string = update(cmd, si);
1208 if (!cmd->error_string
1209 && ref_transaction_commit(transaction, &err)) {
1210 rp_error("%s", err.buf);
1212 cmd->error_string = "failed to update ref";
1214 ref_transaction_free(transaction);
1216 strbuf_release(&err);
1219 static void execute_commands_atomic(struct command *commands,
1220 struct shallow_info *si)
1222 struct command *cmd;
1223 struct strbuf err = STRBUF_INIT;
1224 const char *reported_error = "atomic push failure";
1226 transaction = ref_transaction_begin(&err);
1228 rp_error("%s", err.buf);
1230 reported_error = "transaction failed to start";
1234 for (cmd = commands; cmd; cmd = cmd->next) {
1235 if (!should_process_cmd(cmd))
1238 cmd->error_string = update(cmd, si);
1240 if (cmd->error_string)
1244 if (ref_transaction_commit(transaction, &err)) {
1245 rp_error("%s", err.buf);
1246 reported_error = "atomic transaction failed";
1252 for (cmd = commands; cmd; cmd = cmd->next)
1253 if (!cmd->error_string)
1254 cmd->error_string = reported_error;
1257 ref_transaction_free(transaction);
1258 strbuf_release(&err);
1261 static void execute_commands(struct command *commands,
1262 const char *unpacker_error,
1263 struct shallow_info *si)
1265 struct command *cmd;
1266 unsigned char sha1[20];
1267 struct iterate_data data;
1269 if (unpacker_error) {
1270 for (cmd = commands; cmd; cmd = cmd->next)
1271 cmd->error_string = "unpacker error";
1275 data.cmds = commands;
1277 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1278 set_connectivity_errors(commands, si);
1280 reject_updates_to_hidden(commands);
1282 if (run_receive_hook(commands, "pre-receive", 0)) {
1283 for (cmd = commands; cmd; cmd = cmd->next) {
1284 if (!cmd->error_string)
1285 cmd->error_string = "pre-receive hook declined";
1290 check_aliased_updates(commands);
1292 free(head_name_to_free);
1293 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1296 execute_commands_atomic(commands, si);
1298 execute_commands_non_atomic(commands, si);
1301 warn_if_skipped_connectivity_check(commands, si);
1304 static struct command **queue_command(struct command **tail,
1308 unsigned char old_sha1[20], new_sha1[20];
1309 struct command *cmd;
1310 const char *refname;
1316 get_sha1_hex(line, old_sha1) ||
1317 get_sha1_hex(line + 41, new_sha1))
1318 die("protocol error: expected old/new/ref, got '%s'", line);
1320 refname = line + 82;
1321 reflen = linelen - 82;
1322 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1323 hashcpy(cmd->old_sha1, old_sha1);
1324 hashcpy(cmd->new_sha1, new_sha1);
1325 memcpy(cmd->ref_name, refname, reflen);
1326 cmd->ref_name[reflen] = '\0';
1331 static void queue_commands_from_cert(struct command **tail,
1332 struct strbuf *push_cert)
1334 const char *boc, *eoc;
1337 die("protocol error: got both push certificate and unsigned commands");
1339 boc = strstr(push_cert->buf, "\n\n");
1341 die("malformed push certificate %.*s", 100, push_cert->buf);
1344 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1347 const char *eol = memchr(boc, '\n', eoc - boc);
1348 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1349 boc = eol ? eol + 1 : eoc;
1353 static struct command *read_head_info(struct sha1_array *shallow)
1355 struct command *commands = NULL;
1356 struct command **p = &commands;
1361 line = packet_read_line(0, &len);
1365 if (len == 48 && starts_with(line, "shallow ")) {
1366 unsigned char sha1[20];
1367 if (get_sha1_hex(line + 8, sha1))
1368 die("protocol error: expected shallow sha, got '%s'",
1370 sha1_array_append(shallow, sha1);
1374 linelen = strlen(line);
1375 if (linelen < len) {
1376 const char *feature_list = line + linelen + 1;
1377 if (parse_feature_request(feature_list, "report-status"))
1379 if (parse_feature_request(feature_list, "side-band-64k"))
1380 use_sideband = LARGE_PACKET_MAX;
1381 if (parse_feature_request(feature_list, "quiet"))
1383 if (advertise_atomic_push
1384 && parse_feature_request(feature_list, "atomic"))
1388 if (!strcmp(line, "push-cert")) {
1393 len = packet_read(0, NULL, NULL,
1394 certbuf, sizeof(certbuf), 0);
1399 if (!strcmp(certbuf, "push-cert-end\n"))
1400 break; /* end of cert */
1401 strbuf_addstr(&push_cert, certbuf);
1409 p = queue_command(p, line, linelen);
1413 queue_commands_from_cert(p, &push_cert);
1418 static const char *parse_pack_header(struct pack_header *hdr)
1420 switch (read_pack_header(0, hdr)) {
1422 return "eof before pack header was fully read";
1424 case PH_ERROR_PACK_SIGNATURE:
1425 return "protocol error (pack signature mismatch detected)";
1427 case PH_ERROR_PROTOCOL:
1428 return "protocol error (pack version unsupported)";
1431 return "unknown error in parse_pack_header";
1438 static const char *pack_lockfile;
1440 static const char *unpack(int err_fd, struct shallow_info *si)
1442 struct pack_header hdr;
1443 const char *hdr_err;
1446 struct child_process child = CHILD_PROCESS_INIT;
1447 int fsck_objects = (receive_fsck_objects >= 0
1448 ? receive_fsck_objects
1449 : transfer_fsck_objects >= 0
1450 ? transfer_fsck_objects
1453 hdr_err = parse_pack_header(&hdr);
1459 snprintf(hdr_arg, sizeof(hdr_arg),
1460 "--pack_header=%"PRIu32",%"PRIu32,
1461 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1463 if (si->nr_ours || si->nr_theirs) {
1464 alt_shallow_file = setup_temporary_shallow(si->shallow);
1465 argv_array_push(&child.args, "--shallow-file");
1466 argv_array_push(&child.args, alt_shallow_file);
1469 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1470 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1472 argv_array_push(&child.args, "-q");
1474 argv_array_push(&child.args, "--strict");
1475 child.no_stdout = 1;
1478 status = run_command(&child);
1480 return "unpack-objects abnormal exit";
1485 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1486 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1487 strcpy(keep_arg + s, "localhost");
1489 argv_array_pushl(&child.args, "index-pack",
1490 "--stdin", hdr_arg, keep_arg, NULL);
1492 argv_array_push(&child.args, "--strict");
1494 argv_array_push(&child.args, "--fix-thin");
1498 status = start_command(&child);
1500 return "index-pack fork failed";
1501 pack_lockfile = index_pack_lockfile(child.out);
1503 status = finish_command(&child);
1505 return "index-pack abnormal exit";
1506 reprepare_packed_git();
1511 static const char *unpack_with_sideband(struct shallow_info *si)
1517 return unpack(0, si);
1519 memset(&muxer, 0, sizeof(muxer));
1520 muxer.proc = copy_to_sideband;
1522 if (start_async(&muxer))
1525 ret = unpack(muxer.in, si);
1527 finish_async(&muxer);
1531 static void prepare_shallow_update(struct command *commands,
1532 struct shallow_info *si)
1534 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1536 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1538 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1540 si->need_reachability_test =
1541 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1543 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1544 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1546 for (i = 0; i < si->nr_ours; i++)
1547 si->need_reachability_test[si->ours[i]] = 1;
1549 for (i = 0; i < si->shallow->nr; i++) {
1550 if (!si->used_shallow[i])
1552 for (j = 0; j < bitmap_size; j++) {
1553 if (!si->used_shallow[i][j])
1555 si->need_reachability_test[i]++;
1556 for (k = 0; k < 32; k++)
1557 if (si->used_shallow[i][j] & (1 << k))
1558 si->shallow_ref[j * 32 + k]++;
1562 * true for those associated with some refs and belong
1563 * in "ours" list aka "step 7 not done yet"
1565 si->need_reachability_test[i] =
1566 si->need_reachability_test[i] > 1;
1570 * keep hooks happy by forcing a temporary shallow file via
1571 * env variable because we can't add --shallow-file to every
1572 * command. check_everything_connected() will be done with
1573 * true .git/shallow though.
1575 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1578 static void update_shallow_info(struct command *commands,
1579 struct shallow_info *si,
1580 struct sha1_array *ref)
1582 struct command *cmd;
1584 remove_nonexistent_theirs_shallow(si);
1585 if (!si->nr_ours && !si->nr_theirs) {
1590 for (cmd = commands; cmd; cmd = cmd->next) {
1591 if (is_null_sha1(cmd->new_sha1))
1593 sha1_array_append(ref, cmd->new_sha1);
1594 cmd->index = ref->nr - 1;
1598 if (shallow_update) {
1599 prepare_shallow_update(commands, si);
1603 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1604 assign_shallow_commits_to_refs(si, NULL, ref_status);
1605 for (cmd = commands; cmd; cmd = cmd->next) {
1606 if (is_null_sha1(cmd->new_sha1))
1608 if (ref_status[cmd->index]) {
1609 cmd->error_string = "shallow update not allowed";
1610 cmd->skip_update = 1;
1616 static void report(struct command *commands, const char *unpack_status)
1618 struct command *cmd;
1619 struct strbuf buf = STRBUF_INIT;
1621 packet_buf_write(&buf, "unpack %s\n",
1622 unpack_status ? unpack_status : "ok");
1623 for (cmd = commands; cmd; cmd = cmd->next) {
1624 if (!cmd->error_string)
1625 packet_buf_write(&buf, "ok %s\n",
1628 packet_buf_write(&buf, "ng %s %s\n",
1629 cmd->ref_name, cmd->error_string);
1631 packet_buf_flush(&buf);
1634 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1636 write_or_die(1, buf.buf, buf.len);
1637 strbuf_release(&buf);
1640 static int delete_only(struct command *commands)
1642 struct command *cmd;
1643 for (cmd = commands; cmd; cmd = cmd->next) {
1644 if (!is_null_sha1(cmd->new_sha1))
1650 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1652 int advertise_refs = 0;
1654 struct command *commands;
1655 struct sha1_array shallow = SHA1_ARRAY_INIT;
1656 struct sha1_array ref = SHA1_ARRAY_INIT;
1657 struct shallow_info si;
1659 packet_trace_identity("receive-pack");
1662 for (i = 1; i < argc; i++) {
1663 const char *arg = *argv++;
1666 if (!strcmp(arg, "--quiet")) {
1671 if (!strcmp(arg, "--advertise-refs")) {
1675 if (!strcmp(arg, "--stateless-rpc")) {
1679 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1684 usage(receive_pack_usage);
1687 usage(receive_pack_usage);
1691 usage(receive_pack_usage);
1695 if (!enter_repo(service_dir, 0))
1696 die("'%s' does not appear to be a git repository", service_dir);
1698 git_config(receive_pack_config, NULL);
1699 if (cert_nonce_seed)
1700 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1702 if (0 <= transfer_unpack_limit)
1703 unpack_limit = transfer_unpack_limit;
1704 else if (0 <= receive_unpack_limit)
1705 unpack_limit = receive_unpack_limit;
1707 if (advertise_refs || !stateless_rpc) {
1713 if ((commands = read_head_info(&shallow)) != NULL) {
1714 const char *unpack_status = NULL;
1716 prepare_shallow_info(&si, &shallow);
1717 if (!si.nr_ours && !si.nr_theirs)
1719 if (!delete_only(commands)) {
1720 unpack_status = unpack_with_sideband(&si);
1721 update_shallow_info(commands, &si, &ref);
1723 execute_commands(commands, unpack_status, &si);
1725 unlink_or_warn(pack_lockfile);
1727 report(commands, unpack_status);
1728 run_receive_hook(commands, "post-receive", 1);
1729 run_update_post_hook(commands);
1731 const char *argv_gc_auto[] = {
1732 "gc", "--auto", "--quiet", NULL,
1734 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1735 run_command_v_opt(argv_gc_auto, opt);
1737 if (auto_update_server_info)
1738 update_server_info(0);
1739 clear_shallow_info(&si);
1743 sha1_array_clear(&shallow);
1744 sha1_array_clear(&ref);
1745 free((void *)push_cert_nonce);
projects / git / blob