7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
24 static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
37 static int deny_deletes;
38 static int deny_non_fast_forwards;
39 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41 static int receive_fsck_objects = -1;
42 static int transfer_fsck_objects = -1;
43 static struct strbuf fsck_msg_types = STRBUF_INIT;
44 static int receive_unpack_limit = -1;
45 static int transfer_unpack_limit = -1;
46 static int advertise_atomic_push = 1;
47 static int unpack_limit = 100;
48 static int report_status;
49 static int use_sideband;
50 static int use_atomic;
52 static int prefer_ofs_delta = 1;
53 static int auto_update_server_info;
54 static int auto_gc = 1;
55 static int reject_thin;
56 static int stateless_rpc;
57 static const char *service_dir;
58 static const char *head_name;
59 static void *head_name_to_free;
60 static int sent_capabilities;
61 static int shallow_update;
62 static const char *alt_shallow_file;
63 static struct strbuf push_cert = STRBUF_INIT;
64 static unsigned char push_cert_sha1[20];
65 static struct signature_check sigcheck;
66 static const char *push_cert_nonce;
67 static const char *cert_nonce_seed;
69 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
70 static const char *NONCE_BAD = "BAD";
71 static const char *NONCE_MISSING = "MISSING";
72 static const char *NONCE_OK = "OK";
73 static const char *NONCE_SLOP = "SLOP";
74 static const char *nonce_status;
75 static long nonce_stamp_slop;
76 static unsigned long nonce_stamp_slop_limit;
77 static struct ref_transaction *transaction;
79 static enum deny_action parse_deny_action(const char *var, const char *value)
82 if (!strcasecmp(value, "ignore"))
84 if (!strcasecmp(value, "warn"))
86 if (!strcasecmp(value, "refuse"))
88 if (!strcasecmp(value, "updateinstead"))
89 return DENY_UPDATE_INSTEAD;
91 if (git_config_bool(var, value))
96 static int receive_pack_config(const char *var, const char *value, void *cb)
98 int status = parse_hide_refs_config(var, value, "receive");
103 if (strcmp(var, "receive.denydeletes") == 0) {
104 deny_deletes = git_config_bool(var, value);
108 if (strcmp(var, "receive.denynonfastforwards") == 0) {
109 deny_non_fast_forwards = git_config_bool(var, value);
113 if (strcmp(var, "receive.unpacklimit") == 0) {
114 receive_unpack_limit = git_config_int(var, value);
118 if (strcmp(var, "transfer.unpacklimit") == 0) {
119 transfer_unpack_limit = git_config_int(var, value);
123 if (strcmp(var, "receive.fsck.skiplist") == 0) {
126 if (git_config_pathname(&path, var, value))
128 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
129 fsck_msg_types.len ? ',' : '=', path);
134 if (skip_prefix(var, "receive.fsck.", &var)) {
135 if (is_valid_msg_type(var, value))
136 strbuf_addf(&fsck_msg_types, "%c%s=%s",
137 fsck_msg_types.len ? ',' : '=', var, value);
139 warning("Skipping unknown msg id '%s'", var);
143 if (strcmp(var, "receive.fsckobjects") == 0) {
144 receive_fsck_objects = git_config_bool(var, value);
148 if (strcmp(var, "transfer.fsckobjects") == 0) {
149 transfer_fsck_objects = git_config_bool(var, value);
153 if (!strcmp(var, "receive.denycurrentbranch")) {
154 deny_current_branch = parse_deny_action(var, value);
158 if (strcmp(var, "receive.denydeletecurrent") == 0) {
159 deny_delete_current = parse_deny_action(var, value);
163 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
164 prefer_ofs_delta = git_config_bool(var, value);
168 if (strcmp(var, "receive.updateserverinfo") == 0) {
169 auto_update_server_info = git_config_bool(var, value);
173 if (strcmp(var, "receive.autogc") == 0) {
174 auto_gc = git_config_bool(var, value);
178 if (strcmp(var, "receive.shallowupdate") == 0) {
179 shallow_update = git_config_bool(var, value);
183 if (strcmp(var, "receive.certnonceseed") == 0)
184 return git_config_string(&cert_nonce_seed, var, value);
186 if (strcmp(var, "receive.certnonceslop") == 0) {
187 nonce_stamp_slop_limit = git_config_ulong(var, value);
191 if (strcmp(var, "receive.advertiseatomic") == 0) {
192 advertise_atomic_push = git_config_bool(var, value);
196 return git_default_config(var, value, cb);
199 static void show_ref(const char *path, const unsigned char *sha1)
201 if (sent_capabilities) {
202 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
204 struct strbuf cap = STRBUF_INIT;
207 "report-status delete-refs side-band-64k quiet");
208 if (advertise_atomic_push)
209 strbuf_addstr(&cap, " atomic");
210 if (prefer_ofs_delta)
211 strbuf_addstr(&cap, " ofs-delta");
213 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
214 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
215 packet_write(1, "%s %s%c%s\n",
216 sha1_to_hex(sha1), path, 0, cap.buf);
217 strbuf_release(&cap);
218 sent_capabilities = 1;
222 static int show_ref_cb(const char *path_full, const struct object_id *oid,
223 int flag, void *unused)
225 const char *path = strip_namespace(path_full);
227 if (ref_is_hidden(path, path_full))
231 * Advertise refs outside our current namespace as ".have"
232 * refs, so that the client can use them to minimize data
233 * transfer but will otherwise ignore them. This happens to
234 * cover ".have" that are thrown in by add_one_alternate_ref()
235 * to mark histories that are complete in our alternates as
240 show_ref(path, oid->hash);
244 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
246 show_ref(".have", sha1);
249 static void collect_one_alternate_ref(const struct ref *ref, void *data)
251 struct sha1_array *sa = data;
252 sha1_array_append(sa, ref->old_oid.hash);
255 static void write_head_info(void)
257 struct sha1_array sa = SHA1_ARRAY_INIT;
259 for_each_alternate_ref(collect_one_alternate_ref, &sa);
260 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
261 sha1_array_clear(&sa);
262 for_each_ref(show_ref_cb, NULL);
263 if (!sent_capabilities)
264 show_ref("capabilities^{}", null_sha1);
266 advertise_shallow_grafts(1);
273 struct command *next;
274 const char *error_string;
275 unsigned int skip_update:1,
278 unsigned char old_sha1[20];
279 unsigned char new_sha1[20];
280 char ref_name[FLEX_ARRAY]; /* more */
283 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
284 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
286 static void report_message(const char *prefix, const char *err, va_list params)
291 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
292 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
293 if (sz > (sizeof(msg) - 1))
294 sz = sizeof(msg) - 1;
298 send_sideband(1, 2, msg, sz, use_sideband);
303 static void rp_warning(const char *err, ...)
306 va_start(params, err);
307 report_message("warning: ", err, params);
311 static void rp_error(const char *err, ...)
314 va_start(params, err);
315 report_message("error: ", err, params);
319 static int copy_to_sideband(int in, int out, void *arg)
323 ssize_t sz = xread(in, data, sizeof(data));
326 send_sideband(1, 2, data, sz, use_sideband);
332 #define HMAC_BLOCK_SIZE 64
334 static void hmac_sha1(unsigned char *out,
335 const char *key_in, size_t key_len,
336 const char *text, size_t text_len)
338 unsigned char key[HMAC_BLOCK_SIZE];
339 unsigned char k_ipad[HMAC_BLOCK_SIZE];
340 unsigned char k_opad[HMAC_BLOCK_SIZE];
344 /* RFC 2104 2. (1) */
345 memset(key, '\0', HMAC_BLOCK_SIZE);
346 if (HMAC_BLOCK_SIZE < key_len) {
348 git_SHA1_Update(&ctx, key_in, key_len);
349 git_SHA1_Final(key, &ctx);
351 memcpy(key, key_in, key_len);
354 /* RFC 2104 2. (2) & (5) */
355 for (i = 0; i < sizeof(key); i++) {
356 k_ipad[i] = key[i] ^ 0x36;
357 k_opad[i] = key[i] ^ 0x5c;
360 /* RFC 2104 2. (3) & (4) */
362 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
363 git_SHA1_Update(&ctx, text, text_len);
364 git_SHA1_Final(out, &ctx);
366 /* RFC 2104 2. (6) & (7) */
368 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
369 git_SHA1_Update(&ctx, out, 20);
370 git_SHA1_Final(out, &ctx);
373 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
375 struct strbuf buf = STRBUF_INIT;
376 unsigned char sha1[20];
378 strbuf_addf(&buf, "%s:%lu", path, stamp);
379 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
380 strbuf_release(&buf);
382 /* RFC 2104 5. HMAC-SHA1-80 */
383 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
384 return strbuf_detach(&buf, NULL);
388 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
389 * after dropping "_commit" from its name and possibly moving it out
392 static char *find_header(const char *msg, size_t len, const char *key)
394 int key_len = strlen(key);
395 const char *line = msg;
397 while (line && line < msg + len) {
398 const char *eol = strchrnul(line, '\n');
400 if ((msg + len <= eol) || line == eol)
402 if (line + key_len < eol &&
403 !memcmp(line, key, key_len) && line[key_len] == ' ') {
404 int offset = key_len + 1;
405 return xmemdupz(line + offset, (eol - line) - offset);
407 line = *eol ? eol + 1 : NULL;
412 static const char *check_nonce(const char *buf, size_t len)
414 char *nonce = find_header(buf, len, "nonce");
415 unsigned long stamp, ostamp;
416 char *bohmac, *expect = NULL;
417 const char *retval = NONCE_BAD;
420 retval = NONCE_MISSING;
422 } else if (!push_cert_nonce) {
423 retval = NONCE_UNSOLICITED;
425 } else if (!strcmp(push_cert_nonce, nonce)) {
430 if (!stateless_rpc) {
431 /* returned nonce MUST match what we gave out earlier */
437 * In stateless mode, we may be receiving a nonce issued by
438 * another instance of the server that serving the same
439 * repository, and the timestamps may not match, but the
440 * nonce-seed and dir should match, so we can recompute and
441 * report the time slop.
443 * In addition, when a nonce issued by another instance has
444 * timestamp within receive.certnonceslop seconds, we pretend
445 * as if we issued that nonce when reporting to the hook.
448 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
449 if (*nonce <= '0' || '9' < *nonce) {
453 stamp = strtoul(nonce, &bohmac, 10);
454 if (bohmac == nonce || bohmac[0] != '-') {
459 expect = prepare_push_cert_nonce(service_dir, stamp);
460 if (strcmp(expect, nonce)) {
461 /* Not what we would have signed earlier */
467 * By how many seconds is this nonce stale? Negative value
468 * would mean it was issued by another server with its clock
469 * skewed in the future.
471 ostamp = strtoul(push_cert_nonce, NULL, 10);
472 nonce_stamp_slop = (long)ostamp - (long)stamp;
474 if (nonce_stamp_slop_limit &&
475 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
477 * Pretend as if the received nonce (which passes the
478 * HMAC check, so it is not a forged by third-party)
481 free((void *)push_cert_nonce);
482 push_cert_nonce = xstrdup(nonce);
494 static void prepare_push_cert_sha1(struct child_process *proc)
496 static int already_done;
502 struct strbuf gpg_output = STRBUF_INIT;
503 struct strbuf gpg_status = STRBUF_INIT;
504 int bogs /* beginning_of_gpg_sig */;
507 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
508 hashclr(push_cert_sha1);
510 memset(&sigcheck, '\0', sizeof(sigcheck));
511 sigcheck.result = 'N';
513 bogs = parse_signature(push_cert.buf, push_cert.len);
514 if (verify_signed_buffer(push_cert.buf, bogs,
515 push_cert.buf + bogs, push_cert.len - bogs,
516 &gpg_output, &gpg_status) < 0) {
517 ; /* error running gpg */
519 sigcheck.payload = push_cert.buf;
520 sigcheck.gpg_output = gpg_output.buf;
521 sigcheck.gpg_status = gpg_status.buf;
522 parse_gpg_output(&sigcheck);
525 strbuf_release(&gpg_output);
526 strbuf_release(&gpg_status);
527 nonce_status = check_nonce(push_cert.buf, bogs);
529 if (!is_null_sha1(push_cert_sha1)) {
530 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
531 sha1_to_hex(push_cert_sha1));
532 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
533 sigcheck.signer ? sigcheck.signer : "");
534 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
535 sigcheck.key ? sigcheck.key : "");
536 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
538 if (push_cert_nonce) {
539 argv_array_pushf(&proc->env_array,
540 "GIT_PUSH_CERT_NONCE=%s",
542 argv_array_pushf(&proc->env_array,
543 "GIT_PUSH_CERT_NONCE_STATUS=%s",
545 if (nonce_status == NONCE_SLOP)
546 argv_array_pushf(&proc->env_array,
547 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
553 typedef int (*feed_fn)(void *, const char **, size_t *);
554 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
556 struct child_process proc = CHILD_PROCESS_INIT;
561 argv[0] = find_hook(hook_name);
569 proc.stdout_to_stderr = 1;
572 memset(&muxer, 0, sizeof(muxer));
573 muxer.proc = copy_to_sideband;
575 code = start_async(&muxer);
581 prepare_push_cert_sha1(&proc);
583 code = start_command(&proc);
586 finish_async(&muxer);
590 sigchain_push(SIGPIPE, SIG_IGN);
595 if (feed(feed_state, &buf, &n))
597 if (write_in_full(proc.in, buf, n) != n)
602 finish_async(&muxer);
604 sigchain_pop(SIGPIPE);
606 return finish_command(&proc);
609 struct receive_hook_feed_state {
615 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
617 struct receive_hook_feed_state *state = state_;
618 struct command *cmd = state->cmd;
621 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
625 strbuf_reset(&state->buf);
626 strbuf_addf(&state->buf, "%s %s %s\n",
627 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
629 state->cmd = cmd->next;
631 *bufp = state->buf.buf;
632 *sizep = state->buf.len;
637 static int run_receive_hook(struct command *commands, const char *hook_name,
640 struct receive_hook_feed_state state;
643 strbuf_init(&state.buf, 0);
644 state.cmd = commands;
645 state.skip_broken = skip_broken;
646 if (feed_receive_hook(&state, NULL, NULL))
648 state.cmd = commands;
649 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
650 strbuf_release(&state.buf);
654 static int run_update_hook(struct command *cmd)
657 struct child_process proc = CHILD_PROCESS_INIT;
660 argv[0] = find_hook("update");
664 argv[1] = cmd->ref_name;
665 argv[2] = sha1_to_hex(cmd->old_sha1);
666 argv[3] = sha1_to_hex(cmd->new_sha1);
670 proc.stdout_to_stderr = 1;
671 proc.err = use_sideband ? -1 : 0;
674 code = start_command(&proc);
678 copy_to_sideband(proc.err, -1, NULL);
679 return finish_command(&proc);
682 static int is_ref_checked_out(const char *ref)
684 if (is_bare_repository())
689 return !strcmp(head_name, ref);
692 static char *refuse_unconfigured_deny_msg[] = {
693 "By default, updating the current branch in a non-bare repository",
694 "is denied, because it will make the index and work tree inconsistent",
695 "with what you pushed, and will require 'git reset --hard' to match",
696 "the work tree to HEAD.",
698 "You can set 'receive.denyCurrentBranch' configuration variable to",
699 "'ignore' or 'warn' in the remote repository to allow pushing into",
700 "its current branch; however, this is not recommended unless you",
701 "arranged to update its work tree to match what you pushed in some",
704 "To squelch this message and still keep the default behaviour, set",
705 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
708 static void refuse_unconfigured_deny(void)
711 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
712 rp_error("%s", refuse_unconfigured_deny_msg[i]);
715 static char *refuse_unconfigured_deny_delete_current_msg[] = {
716 "By default, deleting the current branch is denied, because the next",
717 "'git clone' won't result in any file checked out, causing confusion.",
719 "You can set 'receive.denyDeleteCurrent' configuration variable to",
720 "'warn' or 'ignore' in the remote repository to allow deleting the",
721 "current branch, with or without a warning message.",
723 "To squelch this message, you can set it to 'refuse'."
726 static void refuse_unconfigured_deny_delete_current(void)
730 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
732 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
735 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
736 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
738 static struct lock_file shallow_lock;
739 struct sha1_array extra = SHA1_ARRAY_INIT;
740 struct check_connected_options opt = CHECK_CONNECTED_INIT;
741 uint32_t mask = 1 << (cmd->index % 32);
744 trace_printf_key(&trace_shallow,
745 "shallow: update_shallow_ref %s\n", cmd->ref_name);
746 for (i = 0; i < si->shallow->nr; i++)
747 if (si->used_shallow[i] &&
748 (si->used_shallow[i][cmd->index / 32] & mask) &&
749 !delayed_reachability_test(si, i))
750 sha1_array_append(&extra, si->shallow->sha1[i]);
752 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
753 if (check_connected(command_singleton_iterator, cmd, &opt)) {
754 rollback_lock_file(&shallow_lock);
755 sha1_array_clear(&extra);
759 commit_lock_file(&shallow_lock);
762 * Make sure setup_alternate_shallow() for the next ref does
763 * not lose these new roots..
765 for (i = 0; i < extra.nr; i++)
766 register_shallow(extra.sha1[i]);
768 si->shallow_ref[cmd->index] = 0;
769 sha1_array_clear(&extra);
774 * NEEDSWORK: we should consolidate various implementions of "are we
775 * on an unborn branch?" test into one, and make the unified one more
776 * robust. !get_sha1() based check used here and elsewhere would not
777 * allow us to tell an unborn branch from corrupt ref, for example.
778 * For the purpose of fixing "deploy-to-update does not work when
779 * pushing into an empty repository" issue, this should suffice for
782 static int head_has_history(void)
784 unsigned char sha1[20];
786 return !get_sha1("HEAD", sha1);
789 static const char *push_to_deploy(unsigned char *sha1,
790 struct argv_array *env,
791 const char *work_tree)
793 const char *update_refresh[] = {
794 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
796 const char *diff_files[] = {
797 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
799 const char *diff_index[] = {
800 "diff-index", "--quiet", "--cached", "--ignore-submodules",
803 const char *read_tree[] = {
804 "read-tree", "-u", "-m", NULL, NULL
806 struct child_process child = CHILD_PROCESS_INIT;
808 child.argv = update_refresh;
809 child.env = env->argv;
810 child.dir = work_tree;
812 child.stdout_to_stderr = 1;
814 if (run_command(&child))
815 return "Up-to-date check failed";
817 /* run_command() does not clean up completely; reinitialize */
818 child_process_init(&child);
819 child.argv = diff_files;
820 child.env = env->argv;
821 child.dir = work_tree;
823 child.stdout_to_stderr = 1;
825 if (run_command(&child))
826 return "Working directory has unstaged changes";
828 /* diff-index with either HEAD or an empty tree */
829 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
831 child_process_init(&child);
832 child.argv = diff_index;
833 child.env = env->argv;
836 child.stdout_to_stderr = 0;
838 if (run_command(&child))
839 return "Working directory has staged changes";
841 read_tree[3] = sha1_to_hex(sha1);
842 child_process_init(&child);
843 child.argv = read_tree;
844 child.env = env->argv;
845 child.dir = work_tree;
848 child.stdout_to_stderr = 0;
850 if (run_command(&child))
851 return "Could not update working tree to new HEAD";
856 static const char *push_to_checkout_hook = "push-to-checkout";
858 static const char *push_to_checkout(unsigned char *sha1,
859 struct argv_array *env,
860 const char *work_tree)
862 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
863 if (run_hook_le(env->argv, push_to_checkout_hook,
864 sha1_to_hex(sha1), NULL))
865 return "push-to-checkout hook declined";
870 static const char *update_worktree(unsigned char *sha1)
873 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
874 struct argv_array env = ARGV_ARRAY_INIT;
876 if (is_bare_repository())
877 return "denyCurrentBranch = updateInstead needs a worktree";
879 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
881 if (!find_hook(push_to_checkout_hook))
882 retval = push_to_deploy(sha1, &env, work_tree);
884 retval = push_to_checkout(sha1, &env, work_tree);
886 argv_array_clear(&env);
890 static const char *update(struct command *cmd, struct shallow_info *si)
892 const char *name = cmd->ref_name;
893 struct strbuf namespaced_name_buf = STRBUF_INIT;
894 const char *namespaced_name, *ret;
895 unsigned char *old_sha1 = cmd->old_sha1;
896 unsigned char *new_sha1 = cmd->new_sha1;
898 /* only refs/... are allowed */
899 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
900 rp_error("refusing to create funny ref '%s' remotely", name);
901 return "funny refname";
904 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
905 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
907 if (is_ref_checked_out(namespaced_name)) {
908 switch (deny_current_branch) {
912 rp_warning("updating the current branch");
915 case DENY_UNCONFIGURED:
916 rp_error("refusing to update checked out branch: %s", name);
917 if (deny_current_branch == DENY_UNCONFIGURED)
918 refuse_unconfigured_deny();
919 return "branch is currently checked out";
920 case DENY_UPDATE_INSTEAD:
921 ret = update_worktree(new_sha1);
928 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
929 error("unpack should have generated %s, "
930 "but I can't find it!", sha1_to_hex(new_sha1));
934 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
935 if (deny_deletes && starts_with(name, "refs/heads/")) {
936 rp_error("denying ref deletion for %s", name);
937 return "deletion prohibited";
940 if (head_name && !strcmp(namespaced_name, head_name)) {
941 switch (deny_delete_current) {
945 rp_warning("deleting the current branch");
948 case DENY_UNCONFIGURED:
949 case DENY_UPDATE_INSTEAD:
950 if (deny_delete_current == DENY_UNCONFIGURED)
951 refuse_unconfigured_deny_delete_current();
952 rp_error("refusing to delete the current branch: %s", name);
953 return "deletion of the current branch prohibited";
955 return "Invalid denyDeleteCurrent setting";
960 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
961 !is_null_sha1(old_sha1) &&
962 starts_with(name, "refs/heads/")) {
963 struct object *old_object, *new_object;
964 struct commit *old_commit, *new_commit;
966 old_object = parse_object(old_sha1);
967 new_object = parse_object(new_sha1);
969 if (!old_object || !new_object ||
970 old_object->type != OBJ_COMMIT ||
971 new_object->type != OBJ_COMMIT) {
972 error("bad sha1 objects for %s", name);
975 old_commit = (struct commit *)old_object;
976 new_commit = (struct commit *)new_object;
977 if (!in_merge_bases(old_commit, new_commit)) {
978 rp_error("denying non-fast-forward %s"
979 " (you should pull first)", name);
980 return "non-fast-forward";
983 if (run_update_hook(cmd)) {
984 rp_error("hook declined to update %s", name);
985 return "hook declined";
988 if (is_null_sha1(new_sha1)) {
989 struct strbuf err = STRBUF_INIT;
990 if (!parse_object(old_sha1)) {
992 if (ref_exists(name)) {
993 rp_warning("Allowing deletion of corrupt ref.");
995 rp_warning("Deleting a non-existent ref.");
996 cmd->did_not_exist = 1;
999 if (ref_transaction_delete(transaction,
1003 rp_error("%s", err.buf);
1004 strbuf_release(&err);
1005 return "failed to delete";
1007 strbuf_release(&err);
1008 return NULL; /* good */
1011 struct strbuf err = STRBUF_INIT;
1012 if (shallow_update && si->shallow_ref[cmd->index] &&
1013 update_shallow_ref(cmd, si))
1014 return "shallow error";
1016 if (ref_transaction_update(transaction,
1021 rp_error("%s", err.buf);
1022 strbuf_release(&err);
1024 return "failed to update ref";
1026 strbuf_release(&err);
1028 return NULL; /* good */
1032 static void run_update_post_hook(struct command *commands)
1034 struct command *cmd;
1036 struct child_process proc = CHILD_PROCESS_INIT;
1039 hook = find_hook("post-update");
1040 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1041 if (cmd->error_string || cmd->did_not_exist)
1048 argv_array_push(&proc.args, hook);
1049 for (cmd = commands; cmd; cmd = cmd->next) {
1050 if (cmd->error_string || cmd->did_not_exist)
1052 argv_array_push(&proc.args, cmd->ref_name);
1056 proc.stdout_to_stderr = 1;
1057 proc.err = use_sideband ? -1 : 0;
1059 if (!start_command(&proc)) {
1061 copy_to_sideband(proc.err, -1, NULL);
1062 finish_command(&proc);
1066 static void check_aliased_update(struct command *cmd, struct string_list *list)
1068 struct strbuf buf = STRBUF_INIT;
1069 const char *dst_name;
1070 struct string_list_item *item;
1071 struct command *dst_cmd;
1072 unsigned char sha1[GIT_SHA1_RAWSZ];
1073 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1074 cmd_newh[GIT_SHA1_HEXSZ + 1],
1075 dst_oldh[GIT_SHA1_HEXSZ + 1],
1076 dst_newh[GIT_SHA1_HEXSZ + 1];
1079 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1080 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1081 strbuf_release(&buf);
1083 if (!(flag & REF_ISSYMREF))
1087 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1088 cmd->skip_update = 1;
1089 cmd->error_string = "broken symref";
1092 dst_name = strip_namespace(dst_name);
1094 if ((item = string_list_lookup(list, dst_name)) == NULL)
1097 cmd->skip_update = 1;
1099 dst_cmd = (struct command *) item->util;
1101 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1102 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1105 dst_cmd->skip_update = 1;
1107 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1108 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1109 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1110 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1111 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1112 " its target '%s' (%s..%s)",
1113 cmd->ref_name, cmd_oldh, cmd_newh,
1114 dst_cmd->ref_name, dst_oldh, dst_newh);
1116 cmd->error_string = dst_cmd->error_string =
1117 "inconsistent aliased update";
1120 static void check_aliased_updates(struct command *commands)
1122 struct command *cmd;
1123 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1125 for (cmd = commands; cmd; cmd = cmd->next) {
1126 struct string_list_item *item =
1127 string_list_append(&ref_list, cmd->ref_name);
1128 item->util = (void *)cmd;
1130 string_list_sort(&ref_list);
1132 for (cmd = commands; cmd; cmd = cmd->next) {
1133 if (!cmd->error_string)
1134 check_aliased_update(cmd, &ref_list);
1137 string_list_clear(&ref_list, 0);
1140 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1142 struct command **cmd_list = cb_data;
1143 struct command *cmd = *cmd_list;
1145 if (!cmd || is_null_sha1(cmd->new_sha1))
1146 return -1; /* end of list */
1147 *cmd_list = NULL; /* this returns only one */
1148 hashcpy(sha1, cmd->new_sha1);
1152 static void set_connectivity_errors(struct command *commands,
1153 struct shallow_info *si)
1155 struct command *cmd;
1157 for (cmd = commands; cmd; cmd = cmd->next) {
1158 struct command *singleton = cmd;
1159 if (shallow_update && si->shallow_ref[cmd->index])
1160 /* to be checked in update_shallow_ref() */
1162 if (!check_connected(command_singleton_iterator, &singleton,
1165 cmd->error_string = "missing necessary objects";
1169 struct iterate_data {
1170 struct command *cmds;
1171 struct shallow_info *si;
1174 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1176 struct iterate_data *data = cb_data;
1177 struct command **cmd_list = &data->cmds;
1178 struct command *cmd = *cmd_list;
1180 for (; cmd; cmd = cmd->next) {
1181 if (shallow_update && data->si->shallow_ref[cmd->index])
1182 /* to be checked in update_shallow_ref() */
1184 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1185 hashcpy(sha1, cmd->new_sha1);
1186 *cmd_list = cmd->next;
1191 return -1; /* end of list */
1194 static void reject_updates_to_hidden(struct command *commands)
1196 struct strbuf refname_full = STRBUF_INIT;
1198 struct command *cmd;
1200 strbuf_addstr(&refname_full, get_git_namespace());
1201 prefix_len = refname_full.len;
1203 for (cmd = commands; cmd; cmd = cmd->next) {
1204 if (cmd->error_string)
1207 strbuf_setlen(&refname_full, prefix_len);
1208 strbuf_addstr(&refname_full, cmd->ref_name);
1210 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1212 if (is_null_sha1(cmd->new_sha1))
1213 cmd->error_string = "deny deleting a hidden ref";
1215 cmd->error_string = "deny updating a hidden ref";
1218 strbuf_release(&refname_full);
1221 static int should_process_cmd(struct command *cmd)
1223 return !cmd->error_string && !cmd->skip_update;
1226 static void warn_if_skipped_connectivity_check(struct command *commands,
1227 struct shallow_info *si)
1229 struct command *cmd;
1230 int checked_connectivity = 1;
1232 for (cmd = commands; cmd; cmd = cmd->next) {
1233 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1234 error("BUG: connectivity check has not been run on ref %s",
1236 checked_connectivity = 0;
1239 if (!checked_connectivity)
1240 die("BUG: connectivity check skipped???");
1243 static void execute_commands_non_atomic(struct command *commands,
1244 struct shallow_info *si)
1246 struct command *cmd;
1247 struct strbuf err = STRBUF_INIT;
1249 for (cmd = commands; cmd; cmd = cmd->next) {
1250 if (!should_process_cmd(cmd))
1253 transaction = ref_transaction_begin(&err);
1255 rp_error("%s", err.buf);
1257 cmd->error_string = "transaction failed to start";
1261 cmd->error_string = update(cmd, si);
1263 if (!cmd->error_string
1264 && ref_transaction_commit(transaction, &err)) {
1265 rp_error("%s", err.buf);
1267 cmd->error_string = "failed to update ref";
1269 ref_transaction_free(transaction);
1271 strbuf_release(&err);
1274 static void execute_commands_atomic(struct command *commands,
1275 struct shallow_info *si)
1277 struct command *cmd;
1278 struct strbuf err = STRBUF_INIT;
1279 const char *reported_error = "atomic push failure";
1281 transaction = ref_transaction_begin(&err);
1283 rp_error("%s", err.buf);
1285 reported_error = "transaction failed to start";
1289 for (cmd = commands; cmd; cmd = cmd->next) {
1290 if (!should_process_cmd(cmd))
1293 cmd->error_string = update(cmd, si);
1295 if (cmd->error_string)
1299 if (ref_transaction_commit(transaction, &err)) {
1300 rp_error("%s", err.buf);
1301 reported_error = "atomic transaction failed";
1307 for (cmd = commands; cmd; cmd = cmd->next)
1308 if (!cmd->error_string)
1309 cmd->error_string = reported_error;
1312 ref_transaction_free(transaction);
1313 strbuf_release(&err);
1316 static void execute_commands(struct command *commands,
1317 const char *unpacker_error,
1318 struct shallow_info *si)
1320 struct command *cmd;
1321 unsigned char sha1[20];
1322 struct iterate_data data;
1324 if (unpacker_error) {
1325 for (cmd = commands; cmd; cmd = cmd->next)
1326 cmd->error_string = "unpacker error";
1330 data.cmds = commands;
1332 if (check_connected(iterate_receive_command_list, &data, NULL))
1333 set_connectivity_errors(commands, si);
1335 reject_updates_to_hidden(commands);
1337 if (run_receive_hook(commands, "pre-receive", 0)) {
1338 for (cmd = commands; cmd; cmd = cmd->next) {
1339 if (!cmd->error_string)
1340 cmd->error_string = "pre-receive hook declined";
1345 check_aliased_updates(commands);
1347 free(head_name_to_free);
1348 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1351 execute_commands_atomic(commands, si);
1353 execute_commands_non_atomic(commands, si);
1356 warn_if_skipped_connectivity_check(commands, si);
1359 static struct command **queue_command(struct command **tail,
1363 unsigned char old_sha1[20], new_sha1[20];
1364 struct command *cmd;
1365 const char *refname;
1371 get_sha1_hex(line, old_sha1) ||
1372 get_sha1_hex(line + 41, new_sha1))
1373 die("protocol error: expected old/new/ref, got '%s'", line);
1375 refname = line + 82;
1376 reflen = linelen - 82;
1377 cmd = xcalloc(1, st_add3(sizeof(struct command), reflen, 1));
1378 hashcpy(cmd->old_sha1, old_sha1);
1379 hashcpy(cmd->new_sha1, new_sha1);
1380 memcpy(cmd->ref_name, refname, reflen);
1381 cmd->ref_name[reflen] = '\0';
1386 static void queue_commands_from_cert(struct command **tail,
1387 struct strbuf *push_cert)
1389 const char *boc, *eoc;
1392 die("protocol error: got both push certificate and unsigned commands");
1394 boc = strstr(push_cert->buf, "\n\n");
1396 die("malformed push certificate %.*s", 100, push_cert->buf);
1399 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1402 const char *eol = memchr(boc, '\n', eoc - boc);
1403 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1404 boc = eol ? eol + 1 : eoc;
1408 static struct command *read_head_info(struct sha1_array *shallow)
1410 struct command *commands = NULL;
1411 struct command **p = &commands;
1416 line = packet_read_line(0, &len);
1420 if (len == 48 && starts_with(line, "shallow ")) {
1421 unsigned char sha1[20];
1422 if (get_sha1_hex(line + 8, sha1))
1423 die("protocol error: expected shallow sha, got '%s'",
1425 sha1_array_append(shallow, sha1);
1429 linelen = strlen(line);
1430 if (linelen < len) {
1431 const char *feature_list = line + linelen + 1;
1432 if (parse_feature_request(feature_list, "report-status"))
1434 if (parse_feature_request(feature_list, "side-band-64k"))
1435 use_sideband = LARGE_PACKET_MAX;
1436 if (parse_feature_request(feature_list, "quiet"))
1438 if (advertise_atomic_push
1439 && parse_feature_request(feature_list, "atomic"))
1443 if (!strcmp(line, "push-cert")) {
1448 len = packet_read(0, NULL, NULL,
1449 certbuf, sizeof(certbuf), 0);
1454 if (!strcmp(certbuf, "push-cert-end\n"))
1455 break; /* end of cert */
1456 strbuf_addstr(&push_cert, certbuf);
1464 p = queue_command(p, line, linelen);
1468 queue_commands_from_cert(p, &push_cert);
1473 static const char *parse_pack_header(struct pack_header *hdr)
1475 switch (read_pack_header(0, hdr)) {
1477 return "eof before pack header was fully read";
1479 case PH_ERROR_PACK_SIGNATURE:
1480 return "protocol error (pack signature mismatch detected)";
1482 case PH_ERROR_PROTOCOL:
1483 return "protocol error (pack version unsupported)";
1486 return "unknown error in parse_pack_header";
1493 static const char *pack_lockfile;
1495 static const char *unpack(int err_fd, struct shallow_info *si)
1497 struct pack_header hdr;
1498 const char *hdr_err;
1501 struct child_process child = CHILD_PROCESS_INIT;
1502 int fsck_objects = (receive_fsck_objects >= 0
1503 ? receive_fsck_objects
1504 : transfer_fsck_objects >= 0
1505 ? transfer_fsck_objects
1508 hdr_err = parse_pack_header(&hdr);
1514 snprintf(hdr_arg, sizeof(hdr_arg),
1515 "--pack_header=%"PRIu32",%"PRIu32,
1516 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1518 if (si->nr_ours || si->nr_theirs) {
1519 alt_shallow_file = setup_temporary_shallow(si->shallow);
1520 argv_array_push(&child.args, "--shallow-file");
1521 argv_array_push(&child.args, alt_shallow_file);
1524 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1525 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1527 argv_array_push(&child.args, "-q");
1529 argv_array_pushf(&child.args, "--strict%s",
1530 fsck_msg_types.buf);
1531 child.no_stdout = 1;
1534 status = run_command(&child);
1536 return "unpack-objects abnormal exit";
1540 argv_array_pushl(&child.args, "index-pack",
1541 "--stdin", hdr_arg, NULL);
1543 if (gethostname(hostname, sizeof(hostname)))
1544 xsnprintf(hostname, sizeof(hostname), "localhost");
1545 argv_array_pushf(&child.args,
1546 "--keep=receive-pack %"PRIuMAX" on %s",
1547 (uintmax_t)getpid(),
1551 argv_array_pushf(&child.args, "--strict%s",
1552 fsck_msg_types.buf);
1554 argv_array_push(&child.args, "--fix-thin");
1558 status = start_command(&child);
1560 return "index-pack fork failed";
1561 pack_lockfile = index_pack_lockfile(child.out);
1563 status = finish_command(&child);
1565 return "index-pack abnormal exit";
1566 reprepare_packed_git();
1571 static const char *unpack_with_sideband(struct shallow_info *si)
1577 return unpack(0, si);
1579 memset(&muxer, 0, sizeof(muxer));
1580 muxer.proc = copy_to_sideband;
1582 if (start_async(&muxer))
1585 ret = unpack(muxer.in, si);
1587 finish_async(&muxer);
1591 static void prepare_shallow_update(struct command *commands,
1592 struct shallow_info *si)
1594 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1596 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1597 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1599 si->need_reachability_test =
1600 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1602 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1603 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1605 for (i = 0; i < si->nr_ours; i++)
1606 si->need_reachability_test[si->ours[i]] = 1;
1608 for (i = 0; i < si->shallow->nr; i++) {
1609 if (!si->used_shallow[i])
1611 for (j = 0; j < bitmap_size; j++) {
1612 if (!si->used_shallow[i][j])
1614 si->need_reachability_test[i]++;
1615 for (k = 0; k < 32; k++)
1616 if (si->used_shallow[i][j] & (1U << k))
1617 si->shallow_ref[j * 32 + k]++;
1621 * true for those associated with some refs and belong
1622 * in "ours" list aka "step 7 not done yet"
1624 si->need_reachability_test[i] =
1625 si->need_reachability_test[i] > 1;
1629 * keep hooks happy by forcing a temporary shallow file via
1630 * env variable because we can't add --shallow-file to every
1631 * command. check_connected() will be done with
1632 * true .git/shallow though.
1634 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1637 static void update_shallow_info(struct command *commands,
1638 struct shallow_info *si,
1639 struct sha1_array *ref)
1641 struct command *cmd;
1643 remove_nonexistent_theirs_shallow(si);
1644 if (!si->nr_ours && !si->nr_theirs) {
1649 for (cmd = commands; cmd; cmd = cmd->next) {
1650 if (is_null_sha1(cmd->new_sha1))
1652 sha1_array_append(ref, cmd->new_sha1);
1653 cmd->index = ref->nr - 1;
1657 if (shallow_update) {
1658 prepare_shallow_update(commands, si);
1662 ALLOC_ARRAY(ref_status, ref->nr);
1663 assign_shallow_commits_to_refs(si, NULL, ref_status);
1664 for (cmd = commands; cmd; cmd = cmd->next) {
1665 if (is_null_sha1(cmd->new_sha1))
1667 if (ref_status[cmd->index]) {
1668 cmd->error_string = "shallow update not allowed";
1669 cmd->skip_update = 1;
1675 static void report(struct command *commands, const char *unpack_status)
1677 struct command *cmd;
1678 struct strbuf buf = STRBUF_INIT;
1680 packet_buf_write(&buf, "unpack %s\n",
1681 unpack_status ? unpack_status : "ok");
1682 for (cmd = commands; cmd; cmd = cmd->next) {
1683 if (!cmd->error_string)
1684 packet_buf_write(&buf, "ok %s\n",
1687 packet_buf_write(&buf, "ng %s %s\n",
1688 cmd->ref_name, cmd->error_string);
1690 packet_buf_flush(&buf);
1693 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1695 write_or_die(1, buf.buf, buf.len);
1696 strbuf_release(&buf);
1699 static int delete_only(struct command *commands)
1701 struct command *cmd;
1702 for (cmd = commands; cmd; cmd = cmd->next) {
1703 if (!is_null_sha1(cmd->new_sha1))
1709 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1711 int advertise_refs = 0;
1712 struct command *commands;
1713 struct sha1_array shallow = SHA1_ARRAY_INIT;
1714 struct sha1_array ref = SHA1_ARRAY_INIT;
1715 struct shallow_info si;
1717 struct option options[] = {
1718 OPT__QUIET(&quiet, N_("quiet")),
1719 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1720 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1721 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1725 packet_trace_identity("receive-pack");
1727 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1730 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1732 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1734 service_dir = argv[0];
1738 if (!enter_repo(service_dir, 0))
1739 die("'%s' does not appear to be a git repository", service_dir);
1741 git_config(receive_pack_config, NULL);
1742 if (cert_nonce_seed)
1743 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1745 if (0 <= transfer_unpack_limit)
1746 unpack_limit = transfer_unpack_limit;
1747 else if (0 <= receive_unpack_limit)
1748 unpack_limit = receive_unpack_limit;
1750 if (advertise_refs || !stateless_rpc) {
1756 if ((commands = read_head_info(&shallow)) != NULL) {
1757 const char *unpack_status = NULL;
1759 prepare_shallow_info(&si, &shallow);
1760 if (!si.nr_ours && !si.nr_theirs)
1762 if (!delete_only(commands)) {
1763 unpack_status = unpack_with_sideband(&si);
1764 update_shallow_info(commands, &si, &ref);
1766 execute_commands(commands, unpack_status, &si);
1768 unlink_or_warn(pack_lockfile);
1770 report(commands, unpack_status);
1771 run_receive_hook(commands, "post-receive", 1);
1772 run_update_post_hook(commands);
1774 const char *argv_gc_auto[] = {
1775 "gc", "--auto", "--quiet", NULL,
1777 struct child_process proc = CHILD_PROCESS_INIT;
1780 proc.stdout_to_stderr = 1;
1781 proc.err = use_sideband ? -1 : 0;
1783 proc.argv = argv_gc_auto;
1786 if (!start_command(&proc)) {
1788 copy_to_sideband(proc.err, -1, NULL);
1789 finish_command(&proc);
1792 if (auto_update_server_info)
1793 update_server_info(0);
1794 clear_shallow_info(&si);
1798 sha1_array_clear(&shallow);
1799 sha1_array_clear(&ref);
1800 free((void *)push_cert_nonce);
projects / git / blob