7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
32 static int deny_deletes;
33 static int deny_non_fast_forwards;
34 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
35 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
36 static int receive_fsck_objects = -1;
37 static int transfer_fsck_objects = -1;
38 static int receive_unpack_limit = -1;
39 static int transfer_unpack_limit = -1;
40 static int unpack_limit = 100;
41 static int report_status;
42 static int use_sideband;
44 static int prefer_ofs_delta = 1;
45 static int auto_update_server_info;
46 static int auto_gc = 1;
47 static int fix_thin = 1;
48 static int stateless_rpc;
49 static const char *service_dir;
50 static const char *head_name;
51 static void *head_name_to_free;
52 static int sent_capabilities;
53 static int shallow_update;
54 static const char *alt_shallow_file;
55 static struct strbuf push_cert = STRBUF_INIT;
56 static unsigned char push_cert_sha1[20];
57 static struct signature_check sigcheck;
58 static const char *push_cert_nonce;
59 static const char *cert_nonce_seed;
61 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
62 static const char *NONCE_BAD = "BAD";
63 static const char *NONCE_MISSING = "MISSING";
64 static const char *NONCE_OK = "OK";
65 static const char *NONCE_SLOP = "SLOP";
66 static const char *nonce_status;
67 static long nonce_stamp_slop;
68 static unsigned long nonce_stamp_slop_limit;
70 static enum deny_action parse_deny_action(const char *var, const char *value)
73 if (!strcasecmp(value, "ignore"))
75 if (!strcasecmp(value, "warn"))
77 if (!strcasecmp(value, "refuse"))
80 if (git_config_bool(var, value))
85 static int receive_pack_config(const char *var, const char *value, void *cb)
87 int status = parse_hide_refs_config(var, value, "receive");
92 if (strcmp(var, "receive.denydeletes") == 0) {
93 deny_deletes = git_config_bool(var, value);
97 if (strcmp(var, "receive.denynonfastforwards") == 0) {
98 deny_non_fast_forwards = git_config_bool(var, value);
102 if (strcmp(var, "receive.unpacklimit") == 0) {
103 receive_unpack_limit = git_config_int(var, value);
107 if (strcmp(var, "transfer.unpacklimit") == 0) {
108 transfer_unpack_limit = git_config_int(var, value);
112 if (strcmp(var, "receive.fsckobjects") == 0) {
113 receive_fsck_objects = git_config_bool(var, value);
117 if (strcmp(var, "transfer.fsckobjects") == 0) {
118 transfer_fsck_objects = git_config_bool(var, value);
122 if (!strcmp(var, "receive.denycurrentbranch")) {
123 deny_current_branch = parse_deny_action(var, value);
127 if (strcmp(var, "receive.denydeletecurrent") == 0) {
128 deny_delete_current = parse_deny_action(var, value);
132 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
133 prefer_ofs_delta = git_config_bool(var, value);
137 if (strcmp(var, "receive.updateserverinfo") == 0) {
138 auto_update_server_info = git_config_bool(var, value);
142 if (strcmp(var, "receive.autogc") == 0) {
143 auto_gc = git_config_bool(var, value);
147 if (strcmp(var, "receive.shallowupdate") == 0) {
148 shallow_update = git_config_bool(var, value);
152 if (strcmp(var, "receive.certnonceseed") == 0)
153 return git_config_string(&cert_nonce_seed, var, value);
155 if (strcmp(var, "receive.certnonceslop") == 0) {
156 nonce_stamp_slop_limit = git_config_ulong(var, value);
160 return git_default_config(var, value, cb);
163 static void show_ref(const char *path, const unsigned char *sha1)
165 if (ref_is_hidden(path))
168 if (sent_capabilities) {
169 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
171 struct strbuf cap = STRBUF_INIT;
174 "report-status delete-refs side-band-64k quiet");
175 if (prefer_ofs_delta)
176 strbuf_addstr(&cap, " ofs-delta");
178 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
179 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
180 packet_write(1, "%s %s%c%s\n",
181 sha1_to_hex(sha1), path, 0, cap.buf);
182 strbuf_release(&cap);
183 sent_capabilities = 1;
187 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
189 path = strip_namespace(path);
191 * Advertise refs outside our current namespace as ".have"
192 * refs, so that the client can use them to minimize data
193 * transfer but will otherwise ignore them. This happens to
194 * cover ".have" that are thrown in by add_one_alternate_ref()
195 * to mark histories that are complete in our alternates as
200 show_ref(path, sha1);
204 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
206 show_ref(".have", sha1);
209 static void collect_one_alternate_ref(const struct ref *ref, void *data)
211 struct sha1_array *sa = data;
212 sha1_array_append(sa, ref->old_sha1);
215 static void write_head_info(void)
217 struct sha1_array sa = SHA1_ARRAY_INIT;
218 for_each_alternate_ref(collect_one_alternate_ref, &sa);
219 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
220 sha1_array_clear(&sa);
221 for_each_ref(show_ref_cb, NULL);
222 if (!sent_capabilities)
223 show_ref("capabilities^{}", null_sha1);
225 advertise_shallow_grafts(1);
232 struct command *next;
233 const char *error_string;
234 unsigned int skip_update:1,
237 unsigned char old_sha1[20];
238 unsigned char new_sha1[20];
239 char ref_name[FLEX_ARRAY]; /* more */
242 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
243 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
245 static void report_message(const char *prefix, const char *err, va_list params)
247 int sz = strlen(prefix);
250 strncpy(msg, prefix, sz);
251 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
252 if (sz > (sizeof(msg) - 1))
253 sz = sizeof(msg) - 1;
257 send_sideband(1, 2, msg, sz, use_sideband);
262 static void rp_warning(const char *err, ...)
265 va_start(params, err);
266 report_message("warning: ", err, params);
270 static void rp_error(const char *err, ...)
273 va_start(params, err);
274 report_message("error: ", err, params);
278 static int copy_to_sideband(int in, int out, void *arg)
282 ssize_t sz = xread(in, data, sizeof(data));
285 send_sideband(1, 2, data, sz, use_sideband);
291 #define HMAC_BLOCK_SIZE 64
293 static void hmac_sha1(unsigned char *out,
294 const char *key_in, size_t key_len,
295 const char *text, size_t text_len)
297 unsigned char key[HMAC_BLOCK_SIZE];
298 unsigned char k_ipad[HMAC_BLOCK_SIZE];
299 unsigned char k_opad[HMAC_BLOCK_SIZE];
303 /* RFC 2104 2. (1) */
304 memset(key, '\0', HMAC_BLOCK_SIZE);
305 if (HMAC_BLOCK_SIZE < key_len) {
307 git_SHA1_Update(&ctx, key_in, key_len);
308 git_SHA1_Final(key, &ctx);
310 memcpy(key, key_in, key_len);
313 /* RFC 2104 2. (2) & (5) */
314 for (i = 0; i < sizeof(key); i++) {
315 k_ipad[i] = key[i] ^ 0x36;
316 k_opad[i] = key[i] ^ 0x5c;
319 /* RFC 2104 2. (3) & (4) */
321 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
322 git_SHA1_Update(&ctx, text, text_len);
323 git_SHA1_Final(out, &ctx);
325 /* RFC 2104 2. (6) & (7) */
327 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
328 git_SHA1_Update(&ctx, out, 20);
329 git_SHA1_Final(out, &ctx);
332 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
334 struct strbuf buf = STRBUF_INIT;
335 unsigned char sha1[20];
337 strbuf_addf(&buf, "%s:%lu", path, stamp);
338 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
339 strbuf_release(&buf);
341 /* RFC 2104 5. HMAC-SHA1-80 */
342 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
343 return strbuf_detach(&buf, NULL);
347 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
348 * after dropping "_commit" from its name and possibly moving it out
351 static char *find_header(const char *msg, size_t len, const char *key)
353 int key_len = strlen(key);
354 const char *line = msg;
356 while (line && line < msg + len) {
357 const char *eol = strchrnul(line, '\n');
359 if ((msg + len <= eol) || line == eol)
361 if (line + key_len < eol &&
362 !memcmp(line, key, key_len) && line[key_len] == ' ') {
363 int offset = key_len + 1;
364 return xmemdupz(line + offset, (eol - line) - offset);
366 line = *eol ? eol + 1 : NULL;
371 static const char *check_nonce(const char *buf, size_t len)
373 char *nonce = find_header(buf, len, "nonce");
374 unsigned long stamp, ostamp;
375 char *bohmac, *expect = NULL;
376 const char *retval = NONCE_BAD;
379 retval = NONCE_MISSING;
381 } else if (!push_cert_nonce) {
382 retval = NONCE_UNSOLICITED;
384 } else if (!strcmp(push_cert_nonce, nonce)) {
389 if (!stateless_rpc) {
390 /* returned nonce MUST match what we gave out earlier */
396 * In stateless mode, we may be receiving a nonce issued by
397 * another instance of the server that serving the same
398 * repository, and the timestamps may not match, but the
399 * nonce-seed and dir should match, so we can recompute and
400 * report the time slop.
402 * In addition, when a nonce issued by another instance has
403 * timestamp within receive.certnonceslop seconds, we pretend
404 * as if we issued that nonce when reporting to the hook.
407 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
408 if (*nonce <= '0' || '9' < *nonce) {
412 stamp = strtoul(nonce, &bohmac, 10);
413 if (bohmac == nonce || bohmac[0] != '-') {
418 expect = prepare_push_cert_nonce(service_dir, stamp);
419 if (strcmp(expect, nonce)) {
420 /* Not what we would have signed earlier */
426 * By how many seconds is this nonce stale? Negative value
427 * would mean it was issued by another server with its clock
428 * skewed in the future.
430 ostamp = strtoul(push_cert_nonce, NULL, 10);
431 nonce_stamp_slop = (long)ostamp - (long)stamp;
433 if (nonce_stamp_slop_limit &&
434 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
436 * Pretend as if the received nonce (which passes the
437 * HMAC check, so it is not a forged by third-party)
440 free((void *)push_cert_nonce);
441 push_cert_nonce = xstrdup(nonce);
453 static void prepare_push_cert_sha1(struct child_process *proc)
455 static int already_done;
461 struct strbuf gpg_output = STRBUF_INIT;
462 struct strbuf gpg_status = STRBUF_INIT;
463 int bogs /* beginning_of_gpg_sig */;
466 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
467 hashclr(push_cert_sha1);
469 memset(&sigcheck, '\0', sizeof(sigcheck));
470 sigcheck.result = 'N';
472 bogs = parse_signature(push_cert.buf, push_cert.len);
473 if (verify_signed_buffer(push_cert.buf, bogs,
474 push_cert.buf + bogs, push_cert.len - bogs,
475 &gpg_output, &gpg_status) < 0) {
476 ; /* error running gpg */
478 sigcheck.payload = push_cert.buf;
479 sigcheck.gpg_output = gpg_output.buf;
480 sigcheck.gpg_status = gpg_status.buf;
481 parse_gpg_output(&sigcheck);
484 strbuf_release(&gpg_output);
485 strbuf_release(&gpg_status);
486 nonce_status = check_nonce(push_cert.buf, bogs);
488 if (!is_null_sha1(push_cert_sha1)) {
489 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
490 sha1_to_hex(push_cert_sha1));
491 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
492 sigcheck.signer ? sigcheck.signer : "");
493 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
494 sigcheck.key ? sigcheck.key : "");
495 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
497 if (push_cert_nonce) {
498 argv_array_pushf(&proc->env_array,
499 "GIT_PUSH_CERT_NONCE=%s",
501 argv_array_pushf(&proc->env_array,
502 "GIT_PUSH_CERT_NONCE_STATUS=%s",
504 if (nonce_status == NONCE_SLOP)
505 argv_array_pushf(&proc->env_array,
506 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
512 typedef int (*feed_fn)(void *, const char **, size_t *);
513 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
515 struct child_process proc = CHILD_PROCESS_INIT;
520 argv[0] = find_hook(hook_name);
528 proc.stdout_to_stderr = 1;
531 memset(&muxer, 0, sizeof(muxer));
532 muxer.proc = copy_to_sideband;
534 code = start_async(&muxer);
540 prepare_push_cert_sha1(&proc);
542 code = start_command(&proc);
545 finish_async(&muxer);
549 sigchain_push(SIGPIPE, SIG_IGN);
554 if (feed(feed_state, &buf, &n))
556 if (write_in_full(proc.in, buf, n) != n)
561 finish_async(&muxer);
563 sigchain_pop(SIGPIPE);
565 return finish_command(&proc);
568 struct receive_hook_feed_state {
574 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
576 struct receive_hook_feed_state *state = state_;
577 struct command *cmd = state->cmd;
580 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
584 strbuf_reset(&state->buf);
585 strbuf_addf(&state->buf, "%s %s %s\n",
586 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
588 state->cmd = cmd->next;
590 *bufp = state->buf.buf;
591 *sizep = state->buf.len;
596 static int run_receive_hook(struct command *commands, const char *hook_name,
599 struct receive_hook_feed_state state;
602 strbuf_init(&state.buf, 0);
603 state.cmd = commands;
604 state.skip_broken = skip_broken;
605 if (feed_receive_hook(&state, NULL, NULL))
607 state.cmd = commands;
608 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
609 strbuf_release(&state.buf);
613 static int run_update_hook(struct command *cmd)
616 struct child_process proc = CHILD_PROCESS_INIT;
619 argv[0] = find_hook("update");
623 argv[1] = cmd->ref_name;
624 argv[2] = sha1_to_hex(cmd->old_sha1);
625 argv[3] = sha1_to_hex(cmd->new_sha1);
629 proc.stdout_to_stderr = 1;
630 proc.err = use_sideband ? -1 : 0;
633 code = start_command(&proc);
637 copy_to_sideband(proc.err, -1, NULL);
638 return finish_command(&proc);
641 static int is_ref_checked_out(const char *ref)
643 if (is_bare_repository())
648 return !strcmp(head_name, ref);
651 static char *refuse_unconfigured_deny_msg[] = {
652 "By default, updating the current branch in a non-bare repository",
653 "is denied, because it will make the index and work tree inconsistent",
654 "with what you pushed, and will require 'git reset --hard' to match",
655 "the work tree to HEAD.",
657 "You can set 'receive.denyCurrentBranch' configuration variable to",
658 "'ignore' or 'warn' in the remote repository to allow pushing into",
659 "its current branch; however, this is not recommended unless you",
660 "arranged to update its work tree to match what you pushed in some",
663 "To squelch this message and still keep the default behaviour, set",
664 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
667 static void refuse_unconfigured_deny(void)
670 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
671 rp_error("%s", refuse_unconfigured_deny_msg[i]);
674 static char *refuse_unconfigured_deny_delete_current_msg[] = {
675 "By default, deleting the current branch is denied, because the next",
676 "'git clone' won't result in any file checked out, causing confusion.",
678 "You can set 'receive.denyDeleteCurrent' configuration variable to",
679 "'warn' or 'ignore' in the remote repository to allow deleting the",
680 "current branch, with or without a warning message.",
682 "To squelch this message, you can set it to 'refuse'."
685 static void refuse_unconfigured_deny_delete_current(void)
689 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
691 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
694 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
695 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
697 static struct lock_file shallow_lock;
698 struct sha1_array extra = SHA1_ARRAY_INIT;
699 const char *alt_file;
700 uint32_t mask = 1 << (cmd->index % 32);
703 trace_printf_key(&trace_shallow,
704 "shallow: update_shallow_ref %s\n", cmd->ref_name);
705 for (i = 0; i < si->shallow->nr; i++)
706 if (si->used_shallow[i] &&
707 (si->used_shallow[i][cmd->index / 32] & mask) &&
708 !delayed_reachability_test(si, i))
709 sha1_array_append(&extra, si->shallow->sha1[i]);
711 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
712 if (check_shallow_connected(command_singleton_iterator,
714 rollback_lock_file(&shallow_lock);
715 sha1_array_clear(&extra);
719 commit_lock_file(&shallow_lock);
722 * Make sure setup_alternate_shallow() for the next ref does
723 * not lose these new roots..
725 for (i = 0; i < extra.nr; i++)
726 register_shallow(extra.sha1[i]);
728 si->shallow_ref[cmd->index] = 0;
729 sha1_array_clear(&extra);
733 static const char *update(struct command *cmd, struct shallow_info *si)
735 const char *name = cmd->ref_name;
736 struct strbuf namespaced_name_buf = STRBUF_INIT;
737 const char *namespaced_name;
738 unsigned char *old_sha1 = cmd->old_sha1;
739 unsigned char *new_sha1 = cmd->new_sha1;
741 /* only refs/... are allowed */
742 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
743 rp_error("refusing to create funny ref '%s' remotely", name);
744 return "funny refname";
747 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
748 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
750 if (is_ref_checked_out(namespaced_name)) {
751 switch (deny_current_branch) {
755 rp_warning("updating the current branch");
758 case DENY_UNCONFIGURED:
759 rp_error("refusing to update checked out branch: %s", name);
760 if (deny_current_branch == DENY_UNCONFIGURED)
761 refuse_unconfigured_deny();
762 return "branch is currently checked out";
766 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
767 error("unpack should have generated %s, "
768 "but I can't find it!", sha1_to_hex(new_sha1));
772 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
773 if (deny_deletes && starts_with(name, "refs/heads/")) {
774 rp_error("denying ref deletion for %s", name);
775 return "deletion prohibited";
778 if (!strcmp(namespaced_name, head_name)) {
779 switch (deny_delete_current) {
783 rp_warning("deleting the current branch");
786 case DENY_UNCONFIGURED:
787 if (deny_delete_current == DENY_UNCONFIGURED)
788 refuse_unconfigured_deny_delete_current();
789 rp_error("refusing to delete the current branch: %s", name);
790 return "deletion of the current branch prohibited";
795 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
796 !is_null_sha1(old_sha1) &&
797 starts_with(name, "refs/heads/")) {
798 struct object *old_object, *new_object;
799 struct commit *old_commit, *new_commit;
801 old_object = parse_object(old_sha1);
802 new_object = parse_object(new_sha1);
804 if (!old_object || !new_object ||
805 old_object->type != OBJ_COMMIT ||
806 new_object->type != OBJ_COMMIT) {
807 error("bad sha1 objects for %s", name);
810 old_commit = (struct commit *)old_object;
811 new_commit = (struct commit *)new_object;
812 if (!in_merge_bases(old_commit, new_commit)) {
813 rp_error("denying non-fast-forward %s"
814 " (you should pull first)", name);
815 return "non-fast-forward";
818 if (run_update_hook(cmd)) {
819 rp_error("hook declined to update %s", name);
820 return "hook declined";
823 if (is_null_sha1(new_sha1)) {
824 if (!parse_object(old_sha1)) {
826 if (ref_exists(name)) {
827 rp_warning("Allowing deletion of corrupt ref.");
829 rp_warning("Deleting a non-existent ref.");
830 cmd->did_not_exist = 1;
833 if (delete_ref(namespaced_name, old_sha1, 0)) {
834 rp_error("failed to delete %s", name);
835 return "failed to delete";
837 return NULL; /* good */
840 struct strbuf err = STRBUF_INIT;
841 struct ref_transaction *transaction;
843 if (shallow_update && si->shallow_ref[cmd->index] &&
844 update_shallow_ref(cmd, si))
845 return "shallow error";
847 transaction = ref_transaction_begin(&err);
849 ref_transaction_update(transaction, namespaced_name,
850 new_sha1, old_sha1, 0, 1, "push",
852 ref_transaction_commit(transaction, &err)) {
853 ref_transaction_free(transaction);
855 rp_error("%s", err.buf);
856 strbuf_release(&err);
857 return "failed to update ref";
860 ref_transaction_free(transaction);
861 strbuf_release(&err);
862 return NULL; /* good */
866 static void run_update_post_hook(struct command *commands)
871 struct child_process proc = CHILD_PROCESS_INIT;
874 hook = find_hook("post-update");
875 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
876 if (cmd->error_string || cmd->did_not_exist)
883 argv = xmalloc(sizeof(*argv) * (2 + argc));
886 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
887 if (cmd->error_string || cmd->did_not_exist)
889 argv[argc] = xstrdup(cmd->ref_name);
895 proc.stdout_to_stderr = 1;
896 proc.err = use_sideband ? -1 : 0;
899 if (!start_command(&proc)) {
901 copy_to_sideband(proc.err, -1, NULL);
902 finish_command(&proc);
906 static void check_aliased_update(struct command *cmd, struct string_list *list)
908 struct strbuf buf = STRBUF_INIT;
909 const char *dst_name;
910 struct string_list_item *item;
911 struct command *dst_cmd;
912 unsigned char sha1[20];
913 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
916 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
917 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
918 strbuf_release(&buf);
920 if (!(flag & REF_ISSYMREF))
923 dst_name = strip_namespace(dst_name);
925 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
926 cmd->skip_update = 1;
927 cmd->error_string = "broken symref";
931 if ((item = string_list_lookup(list, dst_name)) == NULL)
934 cmd->skip_update = 1;
936 dst_cmd = (struct command *) item->util;
938 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
939 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
942 dst_cmd->skip_update = 1;
944 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
945 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
946 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
947 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
948 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
949 " its target '%s' (%s..%s)",
950 cmd->ref_name, cmd_oldh, cmd_newh,
951 dst_cmd->ref_name, dst_oldh, dst_newh);
953 cmd->error_string = dst_cmd->error_string =
954 "inconsistent aliased update";
957 static void check_aliased_updates(struct command *commands)
960 struct string_list ref_list = STRING_LIST_INIT_NODUP;
962 for (cmd = commands; cmd; cmd = cmd->next) {
963 struct string_list_item *item =
964 string_list_append(&ref_list, cmd->ref_name);
965 item->util = (void *)cmd;
967 sort_string_list(&ref_list);
969 for (cmd = commands; cmd; cmd = cmd->next) {
970 if (!cmd->error_string)
971 check_aliased_update(cmd, &ref_list);
974 string_list_clear(&ref_list, 0);
977 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
979 struct command **cmd_list = cb_data;
980 struct command *cmd = *cmd_list;
982 if (!cmd || is_null_sha1(cmd->new_sha1))
983 return -1; /* end of list */
984 *cmd_list = NULL; /* this returns only one */
985 hashcpy(sha1, cmd->new_sha1);
989 static void set_connectivity_errors(struct command *commands,
990 struct shallow_info *si)
994 for (cmd = commands; cmd; cmd = cmd->next) {
995 struct command *singleton = cmd;
996 if (shallow_update && si->shallow_ref[cmd->index])
997 /* to be checked in update_shallow_ref() */
999 if (!check_everything_connected(command_singleton_iterator,
1002 cmd->error_string = "missing necessary objects";
1006 struct iterate_data {
1007 struct command *cmds;
1008 struct shallow_info *si;
1011 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1013 struct iterate_data *data = cb_data;
1014 struct command **cmd_list = &data->cmds;
1015 struct command *cmd = *cmd_list;
1017 for (; cmd; cmd = cmd->next) {
1018 if (shallow_update && data->si->shallow_ref[cmd->index])
1019 /* to be checked in update_shallow_ref() */
1021 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1022 hashcpy(sha1, cmd->new_sha1);
1023 *cmd_list = cmd->next;
1028 return -1; /* end of list */
1031 static void reject_updates_to_hidden(struct command *commands)
1033 struct command *cmd;
1035 for (cmd = commands; cmd; cmd = cmd->next) {
1036 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1038 if (is_null_sha1(cmd->new_sha1))
1039 cmd->error_string = "deny deleting a hidden ref";
1041 cmd->error_string = "deny updating a hidden ref";
1045 static void execute_commands(struct command *commands,
1046 const char *unpacker_error,
1047 struct shallow_info *si)
1049 int checked_connectivity;
1050 struct command *cmd;
1051 unsigned char sha1[20];
1052 struct iterate_data data;
1054 if (unpacker_error) {
1055 for (cmd = commands; cmd; cmd = cmd->next)
1056 cmd->error_string = "unpacker error";
1060 data.cmds = commands;
1062 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1063 set_connectivity_errors(commands, si);
1065 reject_updates_to_hidden(commands);
1067 if (run_receive_hook(commands, "pre-receive", 0)) {
1068 for (cmd = commands; cmd; cmd = cmd->next) {
1069 if (!cmd->error_string)
1070 cmd->error_string = "pre-receive hook declined";
1075 check_aliased_updates(commands);
1077 free(head_name_to_free);
1078 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1080 checked_connectivity = 1;
1081 for (cmd = commands; cmd; cmd = cmd->next) {
1082 if (cmd->error_string)
1085 if (cmd->skip_update)
1088 cmd->error_string = update(cmd, si);
1089 if (shallow_update && !cmd->error_string &&
1090 si->shallow_ref[cmd->index]) {
1091 error("BUG: connectivity check has not been run on ref %s",
1093 checked_connectivity = 0;
1097 if (shallow_update && !checked_connectivity)
1098 error("BUG: run 'git fsck' for safety.\n"
1099 "If there are errors, try to remove "
1100 "the reported refs above");
1103 static struct command **queue_command(struct command **tail,
1107 unsigned char old_sha1[20], new_sha1[20];
1108 struct command *cmd;
1109 const char *refname;
1115 get_sha1_hex(line, old_sha1) ||
1116 get_sha1_hex(line + 41, new_sha1))
1117 die("protocol error: expected old/new/ref, got '%s'", line);
1119 refname = line + 82;
1120 reflen = linelen - 82;
1121 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1122 hashcpy(cmd->old_sha1, old_sha1);
1123 hashcpy(cmd->new_sha1, new_sha1);
1124 memcpy(cmd->ref_name, refname, reflen);
1125 cmd->ref_name[reflen] = '\0';
1130 static void queue_commands_from_cert(struct command **tail,
1131 struct strbuf *push_cert)
1133 const char *boc, *eoc;
1136 die("protocol error: got both push certificate and unsigned commands");
1138 boc = strstr(push_cert->buf, "\n\n");
1140 die("malformed push certificate %.*s", 100, push_cert->buf);
1143 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1146 const char *eol = memchr(boc, '\n', eoc - boc);
1147 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1148 boc = eol ? eol + 1 : eoc;
1152 static struct command *read_head_info(struct sha1_array *shallow)
1154 struct command *commands = NULL;
1155 struct command **p = &commands;
1160 line = packet_read_line(0, &len);
1164 if (len == 48 && starts_with(line, "shallow ")) {
1165 unsigned char sha1[20];
1166 if (get_sha1_hex(line + 8, sha1))
1167 die("protocol error: expected shallow sha, got '%s'",
1169 sha1_array_append(shallow, sha1);
1173 linelen = strlen(line);
1174 if (linelen < len) {
1175 const char *feature_list = line + linelen + 1;
1176 if (parse_feature_request(feature_list, "report-status"))
1178 if (parse_feature_request(feature_list, "side-band-64k"))
1179 use_sideband = LARGE_PACKET_MAX;
1180 if (parse_feature_request(feature_list, "quiet"))
1184 if (!strcmp(line, "push-cert")) {
1189 len = packet_read(0, NULL, NULL,
1190 certbuf, sizeof(certbuf), 0);
1195 if (!strcmp(certbuf, "push-cert-end\n"))
1196 break; /* end of cert */
1197 strbuf_addstr(&push_cert, certbuf);
1205 p = queue_command(p, line, linelen);
1209 queue_commands_from_cert(p, &push_cert);
1214 static const char *parse_pack_header(struct pack_header *hdr)
1216 switch (read_pack_header(0, hdr)) {
1218 return "eof before pack header was fully read";
1220 case PH_ERROR_PACK_SIGNATURE:
1221 return "protocol error (pack signature mismatch detected)";
1223 case PH_ERROR_PROTOCOL:
1224 return "protocol error (pack version unsupported)";
1227 return "unknown error in parse_pack_header";
1234 static const char *pack_lockfile;
1236 static const char *unpack(int err_fd, struct shallow_info *si)
1238 struct pack_header hdr;
1239 const char *hdr_err;
1242 struct child_process child = CHILD_PROCESS_INIT;
1243 int fsck_objects = (receive_fsck_objects >= 0
1244 ? receive_fsck_objects
1245 : transfer_fsck_objects >= 0
1246 ? transfer_fsck_objects
1249 hdr_err = parse_pack_header(&hdr);
1255 snprintf(hdr_arg, sizeof(hdr_arg),
1256 "--pack_header=%"PRIu32",%"PRIu32,
1257 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1259 if (si->nr_ours || si->nr_theirs) {
1260 alt_shallow_file = setup_temporary_shallow(si->shallow);
1261 argv_array_push(&child.args, "--shallow-file");
1262 argv_array_push(&child.args, alt_shallow_file);
1265 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1266 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1268 argv_array_push(&child.args, "-q");
1270 argv_array_push(&child.args, "--strict");
1271 child.no_stdout = 1;
1274 status = run_command(&child);
1276 return "unpack-objects abnormal exit";
1281 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1282 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1283 strcpy(keep_arg + s, "localhost");
1285 argv_array_pushl(&child.args, "index-pack",
1286 "--stdin", hdr_arg, keep_arg, NULL);
1288 argv_array_push(&child.args, "--strict");
1290 argv_array_push(&child.args, "--fix-thin");
1294 status = start_command(&child);
1296 return "index-pack fork failed";
1297 pack_lockfile = index_pack_lockfile(child.out);
1299 status = finish_command(&child);
1301 return "index-pack abnormal exit";
1302 reprepare_packed_git();
1307 static const char *unpack_with_sideband(struct shallow_info *si)
1313 return unpack(0, si);
1315 memset(&muxer, 0, sizeof(muxer));
1316 muxer.proc = copy_to_sideband;
1318 if (start_async(&muxer))
1321 ret = unpack(muxer.in, si);
1323 finish_async(&muxer);
1327 static void prepare_shallow_update(struct command *commands,
1328 struct shallow_info *si)
1330 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1332 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1334 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1336 si->need_reachability_test =
1337 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1339 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1340 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1342 for (i = 0; i < si->nr_ours; i++)
1343 si->need_reachability_test[si->ours[i]] = 1;
1345 for (i = 0; i < si->shallow->nr; i++) {
1346 if (!si->used_shallow[i])
1348 for (j = 0; j < bitmap_size; j++) {
1349 if (!si->used_shallow[i][j])
1351 si->need_reachability_test[i]++;
1352 for (k = 0; k < 32; k++)
1353 if (si->used_shallow[i][j] & (1 << k))
1354 si->shallow_ref[j * 32 + k]++;
1358 * true for those associated with some refs and belong
1359 * in "ours" list aka "step 7 not done yet"
1361 si->need_reachability_test[i] =
1362 si->need_reachability_test[i] > 1;
1366 * keep hooks happy by forcing a temporary shallow file via
1367 * env variable because we can't add --shallow-file to every
1368 * command. check_everything_connected() will be done with
1369 * true .git/shallow though.
1371 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1374 static void update_shallow_info(struct command *commands,
1375 struct shallow_info *si,
1376 struct sha1_array *ref)
1378 struct command *cmd;
1380 remove_nonexistent_theirs_shallow(si);
1381 if (!si->nr_ours && !si->nr_theirs) {
1386 for (cmd = commands; cmd; cmd = cmd->next) {
1387 if (is_null_sha1(cmd->new_sha1))
1389 sha1_array_append(ref, cmd->new_sha1);
1390 cmd->index = ref->nr - 1;
1394 if (shallow_update) {
1395 prepare_shallow_update(commands, si);
1399 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1400 assign_shallow_commits_to_refs(si, NULL, ref_status);
1401 for (cmd = commands; cmd; cmd = cmd->next) {
1402 if (is_null_sha1(cmd->new_sha1))
1404 if (ref_status[cmd->index]) {
1405 cmd->error_string = "shallow update not allowed";
1406 cmd->skip_update = 1;
1412 static void report(struct command *commands, const char *unpack_status)
1414 struct command *cmd;
1415 struct strbuf buf = STRBUF_INIT;
1417 packet_buf_write(&buf, "unpack %s\n",
1418 unpack_status ? unpack_status : "ok");
1419 for (cmd = commands; cmd; cmd = cmd->next) {
1420 if (!cmd->error_string)
1421 packet_buf_write(&buf, "ok %s\n",
1424 packet_buf_write(&buf, "ng %s %s\n",
1425 cmd->ref_name, cmd->error_string);
1427 packet_buf_flush(&buf);
1430 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1432 write_or_die(1, buf.buf, buf.len);
1433 strbuf_release(&buf);
1436 static int delete_only(struct command *commands)
1438 struct command *cmd;
1439 for (cmd = commands; cmd; cmd = cmd->next) {
1440 if (!is_null_sha1(cmd->new_sha1))
1446 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1448 int advertise_refs = 0;
1450 struct command *commands;
1451 struct sha1_array shallow = SHA1_ARRAY_INIT;
1452 struct sha1_array ref = SHA1_ARRAY_INIT;
1453 struct shallow_info si;
1455 packet_trace_identity("receive-pack");
1458 for (i = 1; i < argc; i++) {
1459 const char *arg = *argv++;
1462 if (!strcmp(arg, "--quiet")) {
1467 if (!strcmp(arg, "--advertise-refs")) {
1471 if (!strcmp(arg, "--stateless-rpc")) {
1475 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1480 usage(receive_pack_usage);
1483 usage(receive_pack_usage);
1487 usage(receive_pack_usage);
1491 if (!enter_repo(service_dir, 0))
1492 die("'%s' does not appear to be a git repository", service_dir);
1494 git_config(receive_pack_config, NULL);
1495 if (cert_nonce_seed)
1496 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1498 if (0 <= transfer_unpack_limit)
1499 unpack_limit = transfer_unpack_limit;
1500 else if (0 <= receive_unpack_limit)
1501 unpack_limit = receive_unpack_limit;
1503 if (advertise_refs || !stateless_rpc) {
1509 if ((commands = read_head_info(&shallow)) != NULL) {
1510 const char *unpack_status = NULL;
1512 prepare_shallow_info(&si, &shallow);
1513 if (!si.nr_ours && !si.nr_theirs)
1515 if (!delete_only(commands)) {
1516 unpack_status = unpack_with_sideband(&si);
1517 update_shallow_info(commands, &si, &ref);
1519 execute_commands(commands, unpack_status, &si);
1521 unlink_or_warn(pack_lockfile);
1523 report(commands, unpack_status);
1524 run_receive_hook(commands, "post-receive", 1);
1525 run_update_post_hook(commands);
1527 const char *argv_gc_auto[] = {
1528 "gc", "--auto", "--quiet", NULL,
1530 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1531 run_command_v_opt(argv_gc_auto, opt);
1533 if (auto_update_server_info)
1534 update_server_info(0);
1535 clear_shallow_info(&si);
1539 sha1_array_clear(&shallow);
1540 sha1_array_clear(&ref);
1541 free((void *)push_cert_nonce);