Merge branch 'ew/svn-maint-fixes'
[git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
24
25 enum deny_action {
26         DENY_UNCONFIGURED,
27         DENY_IGNORE,
28         DENY_WARN,
29         DENY_REFUSE,
30         DENY_UPDATE_INSTEAD
31 };
32
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int advertise_atomic_push = 1;
42 static int unpack_limit = 100;
43 static int report_status;
44 static int use_sideband;
45 static int use_atomic;
46 static int quiet;
47 static int prefer_ofs_delta = 1;
48 static int auto_update_server_info;
49 static int auto_gc = 1;
50 static int fix_thin = 1;
51 static int stateless_rpc;
52 static const char *service_dir;
53 static const char *head_name;
54 static void *head_name_to_free;
55 static int sent_capabilities;
56 static int shallow_update;
57 static const char *alt_shallow_file;
58 static struct strbuf push_cert = STRBUF_INIT;
59 static unsigned char push_cert_sha1[20];
60 static struct signature_check sigcheck;
61 static const char *push_cert_nonce;
62 static const char *cert_nonce_seed;
63
64 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65 static const char *NONCE_BAD = "BAD";
66 static const char *NONCE_MISSING = "MISSING";
67 static const char *NONCE_OK = "OK";
68 static const char *NONCE_SLOP = "SLOP";
69 static const char *nonce_status;
70 static long nonce_stamp_slop;
71 static unsigned long nonce_stamp_slop_limit;
72 static struct ref_transaction *transaction;
73
74 static enum deny_action parse_deny_action(const char *var, const char *value)
75 {
76         if (value) {
77                 if (!strcasecmp(value, "ignore"))
78                         return DENY_IGNORE;
79                 if (!strcasecmp(value, "warn"))
80                         return DENY_WARN;
81                 if (!strcasecmp(value, "refuse"))
82                         return DENY_REFUSE;
83                 if (!strcasecmp(value, "updateinstead"))
84                         return DENY_UPDATE_INSTEAD;
85         }
86         if (git_config_bool(var, value))
87                 return DENY_REFUSE;
88         return DENY_IGNORE;
89 }
90
91 static int receive_pack_config(const char *var, const char *value, void *cb)
92 {
93         int status = parse_hide_refs_config(var, value, "receive");
94
95         if (status)
96                 return status;
97
98         if (strcmp(var, "receive.denydeletes") == 0) {
99                 deny_deletes = git_config_bool(var, value);
100                 return 0;
101         }
102
103         if (strcmp(var, "receive.denynonfastforwards") == 0) {
104                 deny_non_fast_forwards = git_config_bool(var, value);
105                 return 0;
106         }
107
108         if (strcmp(var, "receive.unpacklimit") == 0) {
109                 receive_unpack_limit = git_config_int(var, value);
110                 return 0;
111         }
112
113         if (strcmp(var, "transfer.unpacklimit") == 0) {
114                 transfer_unpack_limit = git_config_int(var, value);
115                 return 0;
116         }
117
118         if (strcmp(var, "receive.fsckobjects") == 0) {
119                 receive_fsck_objects = git_config_bool(var, value);
120                 return 0;
121         }
122
123         if (strcmp(var, "transfer.fsckobjects") == 0) {
124                 transfer_fsck_objects = git_config_bool(var, value);
125                 return 0;
126         }
127
128         if (!strcmp(var, "receive.denycurrentbranch")) {
129                 deny_current_branch = parse_deny_action(var, value);
130                 return 0;
131         }
132
133         if (strcmp(var, "receive.denydeletecurrent") == 0) {
134                 deny_delete_current = parse_deny_action(var, value);
135                 return 0;
136         }
137
138         if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139                 prefer_ofs_delta = git_config_bool(var, value);
140                 return 0;
141         }
142
143         if (strcmp(var, "receive.updateserverinfo") == 0) {
144                 auto_update_server_info = git_config_bool(var, value);
145                 return 0;
146         }
147
148         if (strcmp(var, "receive.autogc") == 0) {
149                 auto_gc = git_config_bool(var, value);
150                 return 0;
151         }
152
153         if (strcmp(var, "receive.shallowupdate") == 0) {
154                 shallow_update = git_config_bool(var, value);
155                 return 0;
156         }
157
158         if (strcmp(var, "receive.certnonceseed") == 0)
159                 return git_config_string(&cert_nonce_seed, var, value);
160
161         if (strcmp(var, "receive.certnonceslop") == 0) {
162                 nonce_stamp_slop_limit = git_config_ulong(var, value);
163                 return 0;
164         }
165
166         if (strcmp(var, "receive.advertiseatomic") == 0) {
167                 advertise_atomic_push = git_config_bool(var, value);
168                 return 0;
169         }
170
171         return git_default_config(var, value, cb);
172 }
173
174 static void show_ref(const char *path, const unsigned char *sha1)
175 {
176         if (ref_is_hidden(path))
177                 return;
178
179         if (sent_capabilities) {
180                 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
181         } else {
182                 struct strbuf cap = STRBUF_INIT;
183
184                 strbuf_addstr(&cap,
185                               "report-status delete-refs side-band-64k quiet");
186                 if (advertise_atomic_push)
187                         strbuf_addstr(&cap, " atomic");
188                 if (prefer_ofs_delta)
189                         strbuf_addstr(&cap, " ofs-delta");
190                 if (push_cert_nonce)
191                         strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192                 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193                 packet_write(1, "%s %s%c%s\n",
194                              sha1_to_hex(sha1), path, 0, cap.buf);
195                 strbuf_release(&cap);
196                 sent_capabilities = 1;
197         }
198 }
199
200 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
201 {
202         path = strip_namespace(path);
203         /*
204          * Advertise refs outside our current namespace as ".have"
205          * refs, so that the client can use them to minimize data
206          * transfer but will otherwise ignore them. This happens to
207          * cover ".have" that are thrown in by add_one_alternate_ref()
208          * to mark histories that are complete in our alternates as
209          * well.
210          */
211         if (!path)
212                 path = ".have";
213         show_ref(path, sha1);
214         return 0;
215 }
216
217 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
218 {
219         show_ref(".have", sha1);
220 }
221
222 static void collect_one_alternate_ref(const struct ref *ref, void *data)
223 {
224         struct sha1_array *sa = data;
225         sha1_array_append(sa, ref->old_sha1);
226 }
227
228 static void write_head_info(void)
229 {
230         struct sha1_array sa = SHA1_ARRAY_INIT;
231         for_each_alternate_ref(collect_one_alternate_ref, &sa);
232         sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
233         sha1_array_clear(&sa);
234         for_each_ref(show_ref_cb, NULL);
235         if (!sent_capabilities)
236                 show_ref("capabilities^{}", null_sha1);
237
238         advertise_shallow_grafts(1);
239
240         /* EOF */
241         packet_flush(1);
242 }
243
244 struct command {
245         struct command *next;
246         const char *error_string;
247         unsigned int skip_update:1,
248                      did_not_exist:1;
249         int index;
250         unsigned char old_sha1[20];
251         unsigned char new_sha1[20];
252         char ref_name[FLEX_ARRAY]; /* more */
253 };
254
255 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
256 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
257
258 static void report_message(const char *prefix, const char *err, va_list params)
259 {
260         int sz = strlen(prefix);
261         char msg[4096];
262
263         strncpy(msg, prefix, sz);
264         sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
265         if (sz > (sizeof(msg) - 1))
266                 sz = sizeof(msg) - 1;
267         msg[sz++] = '\n';
268
269         if (use_sideband)
270                 send_sideband(1, 2, msg, sz, use_sideband);
271         else
272                 xwrite(2, msg, sz);
273 }
274
275 static void rp_warning(const char *err, ...)
276 {
277         va_list params;
278         va_start(params, err);
279         report_message("warning: ", err, params);
280         va_end(params);
281 }
282
283 static void rp_error(const char *err, ...)
284 {
285         va_list params;
286         va_start(params, err);
287         report_message("error: ", err, params);
288         va_end(params);
289 }
290
291 static int copy_to_sideband(int in, int out, void *arg)
292 {
293         char data[128];
294         while (1) {
295                 ssize_t sz = xread(in, data, sizeof(data));
296                 if (sz <= 0)
297                         break;
298                 send_sideband(1, 2, data, sz, use_sideband);
299         }
300         close(in);
301         return 0;
302 }
303
304 #define HMAC_BLOCK_SIZE 64
305
306 static void hmac_sha1(unsigned char *out,
307                       const char *key_in, size_t key_len,
308                       const char *text, size_t text_len)
309 {
310         unsigned char key[HMAC_BLOCK_SIZE];
311         unsigned char k_ipad[HMAC_BLOCK_SIZE];
312         unsigned char k_opad[HMAC_BLOCK_SIZE];
313         int i;
314         git_SHA_CTX ctx;
315
316         /* RFC 2104 2. (1) */
317         memset(key, '\0', HMAC_BLOCK_SIZE);
318         if (HMAC_BLOCK_SIZE < key_len) {
319                 git_SHA1_Init(&ctx);
320                 git_SHA1_Update(&ctx, key_in, key_len);
321                 git_SHA1_Final(key, &ctx);
322         } else {
323                 memcpy(key, key_in, key_len);
324         }
325
326         /* RFC 2104 2. (2) & (5) */
327         for (i = 0; i < sizeof(key); i++) {
328                 k_ipad[i] = key[i] ^ 0x36;
329                 k_opad[i] = key[i] ^ 0x5c;
330         }
331
332         /* RFC 2104 2. (3) & (4) */
333         git_SHA1_Init(&ctx);
334         git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
335         git_SHA1_Update(&ctx, text, text_len);
336         git_SHA1_Final(out, &ctx);
337
338         /* RFC 2104 2. (6) & (7) */
339         git_SHA1_Init(&ctx);
340         git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
341         git_SHA1_Update(&ctx, out, 20);
342         git_SHA1_Final(out, &ctx);
343 }
344
345 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
346 {
347         struct strbuf buf = STRBUF_INIT;
348         unsigned char sha1[20];
349
350         strbuf_addf(&buf, "%s:%lu", path, stamp);
351         hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
352         strbuf_release(&buf);
353
354         /* RFC 2104 5. HMAC-SHA1-80 */
355         strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
356         return strbuf_detach(&buf, NULL);
357 }
358
359 /*
360  * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
361  * after dropping "_commit" from its name and possibly moving it out
362  * of commit.c
363  */
364 static char *find_header(const char *msg, size_t len, const char *key)
365 {
366         int key_len = strlen(key);
367         const char *line = msg;
368
369         while (line && line < msg + len) {
370                 const char *eol = strchrnul(line, '\n');
371
372                 if ((msg + len <= eol) || line == eol)
373                         return NULL;
374                 if (line + key_len < eol &&
375                     !memcmp(line, key, key_len) && line[key_len] == ' ') {
376                         int offset = key_len + 1;
377                         return xmemdupz(line + offset, (eol - line) - offset);
378                 }
379                 line = *eol ? eol + 1 : NULL;
380         }
381         return NULL;
382 }
383
384 static const char *check_nonce(const char *buf, size_t len)
385 {
386         char *nonce = find_header(buf, len, "nonce");
387         unsigned long stamp, ostamp;
388         char *bohmac, *expect = NULL;
389         const char *retval = NONCE_BAD;
390
391         if (!nonce) {
392                 retval = NONCE_MISSING;
393                 goto leave;
394         } else if (!push_cert_nonce) {
395                 retval = NONCE_UNSOLICITED;
396                 goto leave;
397         } else if (!strcmp(push_cert_nonce, nonce)) {
398                 retval = NONCE_OK;
399                 goto leave;
400         }
401
402         if (!stateless_rpc) {
403                 /* returned nonce MUST match what we gave out earlier */
404                 retval = NONCE_BAD;
405                 goto leave;
406         }
407
408         /*
409          * In stateless mode, we may be receiving a nonce issued by
410          * another instance of the server that serving the same
411          * repository, and the timestamps may not match, but the
412          * nonce-seed and dir should match, so we can recompute and
413          * report the time slop.
414          *
415          * In addition, when a nonce issued by another instance has
416          * timestamp within receive.certnonceslop seconds, we pretend
417          * as if we issued that nonce when reporting to the hook.
418          */
419
420         /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
421         if (*nonce <= '0' || '9' < *nonce) {
422                 retval = NONCE_BAD;
423                 goto leave;
424         }
425         stamp = strtoul(nonce, &bohmac, 10);
426         if (bohmac == nonce || bohmac[0] != '-') {
427                 retval = NONCE_BAD;
428                 goto leave;
429         }
430
431         expect = prepare_push_cert_nonce(service_dir, stamp);
432         if (strcmp(expect, nonce)) {
433                 /* Not what we would have signed earlier */
434                 retval = NONCE_BAD;
435                 goto leave;
436         }
437
438         /*
439          * By how many seconds is this nonce stale?  Negative value
440          * would mean it was issued by another server with its clock
441          * skewed in the future.
442          */
443         ostamp = strtoul(push_cert_nonce, NULL, 10);
444         nonce_stamp_slop = (long)ostamp - (long)stamp;
445
446         if (nonce_stamp_slop_limit &&
447             labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
448                 /*
449                  * Pretend as if the received nonce (which passes the
450                  * HMAC check, so it is not a forged by third-party)
451                  * is what we issued.
452                  */
453                 free((void *)push_cert_nonce);
454                 push_cert_nonce = xstrdup(nonce);
455                 retval = NONCE_OK;
456         } else {
457                 retval = NONCE_SLOP;
458         }
459
460 leave:
461         free(nonce);
462         free(expect);
463         return retval;
464 }
465
466 static void prepare_push_cert_sha1(struct child_process *proc)
467 {
468         static int already_done;
469
470         if (!push_cert.len)
471                 return;
472
473         if (!already_done) {
474                 struct strbuf gpg_output = STRBUF_INIT;
475                 struct strbuf gpg_status = STRBUF_INIT;
476                 int bogs /* beginning_of_gpg_sig */;
477
478                 already_done = 1;
479                 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
480                         hashclr(push_cert_sha1);
481
482                 memset(&sigcheck, '\0', sizeof(sigcheck));
483                 sigcheck.result = 'N';
484
485                 bogs = parse_signature(push_cert.buf, push_cert.len);
486                 if (verify_signed_buffer(push_cert.buf, bogs,
487                                          push_cert.buf + bogs, push_cert.len - bogs,
488                                          &gpg_output, &gpg_status) < 0) {
489                         ; /* error running gpg */
490                 } else {
491                         sigcheck.payload = push_cert.buf;
492                         sigcheck.gpg_output = gpg_output.buf;
493                         sigcheck.gpg_status = gpg_status.buf;
494                         parse_gpg_output(&sigcheck);
495                 }
496
497                 strbuf_release(&gpg_output);
498                 strbuf_release(&gpg_status);
499                 nonce_status = check_nonce(push_cert.buf, bogs);
500         }
501         if (!is_null_sha1(push_cert_sha1)) {
502                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
503                                  sha1_to_hex(push_cert_sha1));
504                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
505                                  sigcheck.signer ? sigcheck.signer : "");
506                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
507                                  sigcheck.key ? sigcheck.key : "");
508                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
509                                  sigcheck.result);
510                 if (push_cert_nonce) {
511                         argv_array_pushf(&proc->env_array,
512                                          "GIT_PUSH_CERT_NONCE=%s",
513                                          push_cert_nonce);
514                         argv_array_pushf(&proc->env_array,
515                                          "GIT_PUSH_CERT_NONCE_STATUS=%s",
516                                          nonce_status);
517                         if (nonce_status == NONCE_SLOP)
518                                 argv_array_pushf(&proc->env_array,
519                                                  "GIT_PUSH_CERT_NONCE_SLOP=%ld",
520                                                  nonce_stamp_slop);
521                 }
522         }
523 }
524
525 typedef int (*feed_fn)(void *, const char **, size_t *);
526 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
527 {
528         struct child_process proc = CHILD_PROCESS_INIT;
529         struct async muxer;
530         const char *argv[2];
531         int code;
532
533         argv[0] = find_hook(hook_name);
534         if (!argv[0])
535                 return 0;
536
537         argv[1] = NULL;
538
539         proc.argv = argv;
540         proc.in = -1;
541         proc.stdout_to_stderr = 1;
542
543         if (use_sideband) {
544                 memset(&muxer, 0, sizeof(muxer));
545                 muxer.proc = copy_to_sideband;
546                 muxer.in = -1;
547                 code = start_async(&muxer);
548                 if (code)
549                         return code;
550                 proc.err = muxer.in;
551         }
552
553         prepare_push_cert_sha1(&proc);
554
555         code = start_command(&proc);
556         if (code) {
557                 if (use_sideband)
558                         finish_async(&muxer);
559                 return code;
560         }
561
562         sigchain_push(SIGPIPE, SIG_IGN);
563
564         while (1) {
565                 const char *buf;
566                 size_t n;
567                 if (feed(feed_state, &buf, &n))
568                         break;
569                 if (write_in_full(proc.in, buf, n) != n)
570                         break;
571         }
572         close(proc.in);
573         if (use_sideband)
574                 finish_async(&muxer);
575
576         sigchain_pop(SIGPIPE);
577
578         return finish_command(&proc);
579 }
580
581 struct receive_hook_feed_state {
582         struct command *cmd;
583         int skip_broken;
584         struct strbuf buf;
585 };
586
587 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
588 {
589         struct receive_hook_feed_state *state = state_;
590         struct command *cmd = state->cmd;
591
592         while (cmd &&
593                state->skip_broken && (cmd->error_string || cmd->did_not_exist))
594                 cmd = cmd->next;
595         if (!cmd)
596                 return -1; /* EOF */
597         strbuf_reset(&state->buf);
598         strbuf_addf(&state->buf, "%s %s %s\n",
599                     sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
600                     cmd->ref_name);
601         state->cmd = cmd->next;
602         if (bufp) {
603                 *bufp = state->buf.buf;
604                 *sizep = state->buf.len;
605         }
606         return 0;
607 }
608
609 static int run_receive_hook(struct command *commands, const char *hook_name,
610                             int skip_broken)
611 {
612         struct receive_hook_feed_state state;
613         int status;
614
615         strbuf_init(&state.buf, 0);
616         state.cmd = commands;
617         state.skip_broken = skip_broken;
618         if (feed_receive_hook(&state, NULL, NULL))
619                 return 0;
620         state.cmd = commands;
621         status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
622         strbuf_release(&state.buf);
623         return status;
624 }
625
626 static int run_update_hook(struct command *cmd)
627 {
628         const char *argv[5];
629         struct child_process proc = CHILD_PROCESS_INIT;
630         int code;
631
632         argv[0] = find_hook("update");
633         if (!argv[0])
634                 return 0;
635
636         argv[1] = cmd->ref_name;
637         argv[2] = sha1_to_hex(cmd->old_sha1);
638         argv[3] = sha1_to_hex(cmd->new_sha1);
639         argv[4] = NULL;
640
641         proc.no_stdin = 1;
642         proc.stdout_to_stderr = 1;
643         proc.err = use_sideband ? -1 : 0;
644         proc.argv = argv;
645
646         code = start_command(&proc);
647         if (code)
648                 return code;
649         if (use_sideband)
650                 copy_to_sideband(proc.err, -1, NULL);
651         return finish_command(&proc);
652 }
653
654 static int is_ref_checked_out(const char *ref)
655 {
656         if (is_bare_repository())
657                 return 0;
658
659         if (!head_name)
660                 return 0;
661         return !strcmp(head_name, ref);
662 }
663
664 static char *refuse_unconfigured_deny_msg[] = {
665         "By default, updating the current branch in a non-bare repository",
666         "is denied, because it will make the index and work tree inconsistent",
667         "with what you pushed, and will require 'git reset --hard' to match",
668         "the work tree to HEAD.",
669         "",
670         "You can set 'receive.denyCurrentBranch' configuration variable to",
671         "'ignore' or 'warn' in the remote repository to allow pushing into",
672         "its current branch; however, this is not recommended unless you",
673         "arranged to update its work tree to match what you pushed in some",
674         "other way.",
675         "",
676         "To squelch this message and still keep the default behaviour, set",
677         "'receive.denyCurrentBranch' configuration variable to 'refuse'."
678 };
679
680 static void refuse_unconfigured_deny(void)
681 {
682         int i;
683         for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
684                 rp_error("%s", refuse_unconfigured_deny_msg[i]);
685 }
686
687 static char *refuse_unconfigured_deny_delete_current_msg[] = {
688         "By default, deleting the current branch is denied, because the next",
689         "'git clone' won't result in any file checked out, causing confusion.",
690         "",
691         "You can set 'receive.denyDeleteCurrent' configuration variable to",
692         "'warn' or 'ignore' in the remote repository to allow deleting the",
693         "current branch, with or without a warning message.",
694         "",
695         "To squelch this message, you can set it to 'refuse'."
696 };
697
698 static void refuse_unconfigured_deny_delete_current(void)
699 {
700         int i;
701         for (i = 0;
702              i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
703              i++)
704                 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
705 }
706
707 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
708 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
709 {
710         static struct lock_file shallow_lock;
711         struct sha1_array extra = SHA1_ARRAY_INIT;
712         const char *alt_file;
713         uint32_t mask = 1 << (cmd->index % 32);
714         int i;
715
716         trace_printf_key(&trace_shallow,
717                          "shallow: update_shallow_ref %s\n", cmd->ref_name);
718         for (i = 0; i < si->shallow->nr; i++)
719                 if (si->used_shallow[i] &&
720                     (si->used_shallow[i][cmd->index / 32] & mask) &&
721                     !delayed_reachability_test(si, i))
722                         sha1_array_append(&extra, si->shallow->sha1[i]);
723
724         setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
725         if (check_shallow_connected(command_singleton_iterator,
726                                     0, cmd, alt_file)) {
727                 rollback_lock_file(&shallow_lock);
728                 sha1_array_clear(&extra);
729                 return -1;
730         }
731
732         commit_lock_file(&shallow_lock);
733
734         /*
735          * Make sure setup_alternate_shallow() for the next ref does
736          * not lose these new roots..
737          */
738         for (i = 0; i < extra.nr; i++)
739                 register_shallow(extra.sha1[i]);
740
741         si->shallow_ref[cmd->index] = 0;
742         sha1_array_clear(&extra);
743         return 0;
744 }
745
746 static const char *push_to_deploy(unsigned char *sha1,
747                                   struct argv_array *env,
748                                   const char *work_tree)
749 {
750         const char *update_refresh[] = {
751                 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
752         };
753         const char *diff_files[] = {
754                 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
755         };
756         const char *diff_index[] = {
757                 "diff-index", "--quiet", "--cached", "--ignore-submodules",
758                 "HEAD", "--", NULL
759         };
760         const char *read_tree[] = {
761                 "read-tree", "-u", "-m", NULL, NULL
762         };
763         struct child_process child = CHILD_PROCESS_INIT;
764
765         child.argv = update_refresh;
766         child.env = env->argv;
767         child.dir = work_tree;
768         child.no_stdin = 1;
769         child.stdout_to_stderr = 1;
770         child.git_cmd = 1;
771         if (run_command(&child))
772                 return "Up-to-date check failed";
773
774         /* run_command() does not clean up completely; reinitialize */
775         child_process_init(&child);
776         child.argv = diff_files;
777         child.env = env->argv;
778         child.dir = work_tree;
779         child.no_stdin = 1;
780         child.stdout_to_stderr = 1;
781         child.git_cmd = 1;
782         if (run_command(&child))
783                 return "Working directory has unstaged changes";
784
785         child_process_init(&child);
786         child.argv = diff_index;
787         child.env = env->argv;
788         child.no_stdin = 1;
789         child.no_stdout = 1;
790         child.stdout_to_stderr = 0;
791         child.git_cmd = 1;
792         if (run_command(&child))
793                 return "Working directory has staged changes";
794
795         read_tree[3] = sha1_to_hex(sha1);
796         child_process_init(&child);
797         child.argv = read_tree;
798         child.env = env->argv;
799         child.dir = work_tree;
800         child.no_stdin = 1;
801         child.no_stdout = 1;
802         child.stdout_to_stderr = 0;
803         child.git_cmd = 1;
804         if (run_command(&child))
805                 return "Could not update working tree to new HEAD";
806
807         return NULL;
808 }
809
810 static const char *push_to_checkout_hook = "push-to-checkout";
811
812 static const char *push_to_checkout(unsigned char *sha1,
813                                     struct argv_array *env,
814                                     const char *work_tree)
815 {
816         argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
817         if (run_hook_le(env->argv, push_to_checkout_hook,
818                         sha1_to_hex(sha1), NULL))
819                 return "push-to-checkout hook declined";
820         else
821                 return NULL;
822 }
823
824 static const char *update_worktree(unsigned char *sha1)
825 {
826         const char *retval;
827         const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
828         struct argv_array env = ARGV_ARRAY_INIT;
829
830         if (is_bare_repository())
831                 return "denyCurrentBranch = updateInstead needs a worktree";
832
833         argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
834
835         if (!find_hook(push_to_checkout_hook))
836                 retval = push_to_deploy(sha1, &env, work_tree);
837         else
838                 retval = push_to_checkout(sha1, &env, work_tree);
839
840         argv_array_clear(&env);
841         return retval;
842 }
843
844 static const char *update(struct command *cmd, struct shallow_info *si)
845 {
846         const char *name = cmd->ref_name;
847         struct strbuf namespaced_name_buf = STRBUF_INIT;
848         const char *namespaced_name, *ret;
849         unsigned char *old_sha1 = cmd->old_sha1;
850         unsigned char *new_sha1 = cmd->new_sha1;
851
852         /* only refs/... are allowed */
853         if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
854                 rp_error("refusing to create funny ref '%s' remotely", name);
855                 return "funny refname";
856         }
857
858         strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
859         namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
860
861         if (is_ref_checked_out(namespaced_name)) {
862                 switch (deny_current_branch) {
863                 case DENY_IGNORE:
864                         break;
865                 case DENY_WARN:
866                         rp_warning("updating the current branch");
867                         break;
868                 case DENY_REFUSE:
869                 case DENY_UNCONFIGURED:
870                         rp_error("refusing to update checked out branch: %s", name);
871                         if (deny_current_branch == DENY_UNCONFIGURED)
872                                 refuse_unconfigured_deny();
873                         return "branch is currently checked out";
874                 case DENY_UPDATE_INSTEAD:
875                         ret = update_worktree(new_sha1);
876                         if (ret)
877                                 return ret;
878                         break;
879                 }
880         }
881
882         if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
883                 error("unpack should have generated %s, "
884                       "but I can't find it!", sha1_to_hex(new_sha1));
885                 return "bad pack";
886         }
887
888         if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
889                 if (deny_deletes && starts_with(name, "refs/heads/")) {
890                         rp_error("denying ref deletion for %s", name);
891                         return "deletion prohibited";
892                 }
893
894                 if (!strcmp(namespaced_name, head_name)) {
895                         switch (deny_delete_current) {
896                         case DENY_IGNORE:
897                                 break;
898                         case DENY_WARN:
899                                 rp_warning("deleting the current branch");
900                                 break;
901                         case DENY_REFUSE:
902                         case DENY_UNCONFIGURED:
903                         case DENY_UPDATE_INSTEAD:
904                                 if (deny_delete_current == DENY_UNCONFIGURED)
905                                         refuse_unconfigured_deny_delete_current();
906                                 rp_error("refusing to delete the current branch: %s", name);
907                                 return "deletion of the current branch prohibited";
908                         default:
909                                 return "Invalid denyDeleteCurrent setting";
910                         }
911                 }
912         }
913
914         if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
915             !is_null_sha1(old_sha1) &&
916             starts_with(name, "refs/heads/")) {
917                 struct object *old_object, *new_object;
918                 struct commit *old_commit, *new_commit;
919
920                 old_object = parse_object(old_sha1);
921                 new_object = parse_object(new_sha1);
922
923                 if (!old_object || !new_object ||
924                     old_object->type != OBJ_COMMIT ||
925                     new_object->type != OBJ_COMMIT) {
926                         error("bad sha1 objects for %s", name);
927                         return "bad ref";
928                 }
929                 old_commit = (struct commit *)old_object;
930                 new_commit = (struct commit *)new_object;
931                 if (!in_merge_bases(old_commit, new_commit)) {
932                         rp_error("denying non-fast-forward %s"
933                                  " (you should pull first)", name);
934                         return "non-fast-forward";
935                 }
936         }
937         if (run_update_hook(cmd)) {
938                 rp_error("hook declined to update %s", name);
939                 return "hook declined";
940         }
941
942         if (is_null_sha1(new_sha1)) {
943                 struct strbuf err = STRBUF_INIT;
944                 if (!parse_object(old_sha1)) {
945                         old_sha1 = NULL;
946                         if (ref_exists(name)) {
947                                 rp_warning("Allowing deletion of corrupt ref.");
948                         } else {
949                                 rp_warning("Deleting a non-existent ref.");
950                                 cmd->did_not_exist = 1;
951                         }
952                 }
953                 if (ref_transaction_delete(transaction,
954                                            namespaced_name,
955                                            old_sha1,
956                                            0, "push", &err)) {
957                         rp_error("%s", err.buf);
958                         strbuf_release(&err);
959                         return "failed to delete";
960                 }
961                 strbuf_release(&err);
962                 return NULL; /* good */
963         }
964         else {
965                 struct strbuf err = STRBUF_INIT;
966                 if (shallow_update && si->shallow_ref[cmd->index] &&
967                     update_shallow_ref(cmd, si))
968                         return "shallow error";
969
970                 if (ref_transaction_update(transaction,
971                                            namespaced_name,
972                                            new_sha1, old_sha1,
973                                            0, "push",
974                                            &err)) {
975                         rp_error("%s", err.buf);
976                         strbuf_release(&err);
977
978                         return "failed to update ref";
979                 }
980                 strbuf_release(&err);
981
982                 return NULL; /* good */
983         }
984 }
985
986 static void run_update_post_hook(struct command *commands)
987 {
988         struct command *cmd;
989         int argc;
990         const char **argv;
991         struct child_process proc = CHILD_PROCESS_INIT;
992         char *hook;
993
994         hook = find_hook("post-update");
995         for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
996                 if (cmd->error_string || cmd->did_not_exist)
997                         continue;
998                 argc++;
999         }
1000         if (!argc || !hook)
1001                 return;
1002
1003         argv = xmalloc(sizeof(*argv) * (2 + argc));
1004         argv[0] = hook;
1005
1006         for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1007                 if (cmd->error_string || cmd->did_not_exist)
1008                         continue;
1009                 argv[argc] = xstrdup(cmd->ref_name);
1010                 argc++;
1011         }
1012         argv[argc] = NULL;
1013
1014         proc.no_stdin = 1;
1015         proc.stdout_to_stderr = 1;
1016         proc.err = use_sideband ? -1 : 0;
1017         proc.argv = argv;
1018
1019         if (!start_command(&proc)) {
1020                 if (use_sideband)
1021                         copy_to_sideband(proc.err, -1, NULL);
1022                 finish_command(&proc);
1023         }
1024 }
1025
1026 static void check_aliased_update(struct command *cmd, struct string_list *list)
1027 {
1028         struct strbuf buf = STRBUF_INIT;
1029         const char *dst_name;
1030         struct string_list_item *item;
1031         struct command *dst_cmd;
1032         unsigned char sha1[20];
1033         char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1034         int flag;
1035
1036         strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1037         dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1038         strbuf_release(&buf);
1039
1040         if (!(flag & REF_ISSYMREF))
1041                 return;
1042
1043         dst_name = strip_namespace(dst_name);
1044         if (!dst_name) {
1045                 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1046                 cmd->skip_update = 1;
1047                 cmd->error_string = "broken symref";
1048                 return;
1049         }
1050
1051         if ((item = string_list_lookup(list, dst_name)) == NULL)
1052                 return;
1053
1054         cmd->skip_update = 1;
1055
1056         dst_cmd = (struct command *) item->util;
1057
1058         if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1059             !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1060                 return;
1061
1062         dst_cmd->skip_update = 1;
1063
1064         strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1065         strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1066         strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1067         strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1068         rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1069                  " its target '%s' (%s..%s)",
1070                  cmd->ref_name, cmd_oldh, cmd_newh,
1071                  dst_cmd->ref_name, dst_oldh, dst_newh);
1072
1073         cmd->error_string = dst_cmd->error_string =
1074                 "inconsistent aliased update";
1075 }
1076
1077 static void check_aliased_updates(struct command *commands)
1078 {
1079         struct command *cmd;
1080         struct string_list ref_list = STRING_LIST_INIT_NODUP;
1081
1082         for (cmd = commands; cmd; cmd = cmd->next) {
1083                 struct string_list_item *item =
1084                         string_list_append(&ref_list, cmd->ref_name);
1085                 item->util = (void *)cmd;
1086         }
1087         string_list_sort(&ref_list);
1088
1089         for (cmd = commands; cmd; cmd = cmd->next) {
1090                 if (!cmd->error_string)
1091                         check_aliased_update(cmd, &ref_list);
1092         }
1093
1094         string_list_clear(&ref_list, 0);
1095 }
1096
1097 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1098 {
1099         struct command **cmd_list = cb_data;
1100         struct command *cmd = *cmd_list;
1101
1102         if (!cmd || is_null_sha1(cmd->new_sha1))
1103                 return -1; /* end of list */
1104         *cmd_list = NULL; /* this returns only one */
1105         hashcpy(sha1, cmd->new_sha1);
1106         return 0;
1107 }
1108
1109 static void set_connectivity_errors(struct command *commands,
1110                                     struct shallow_info *si)
1111 {
1112         struct command *cmd;
1113
1114         for (cmd = commands; cmd; cmd = cmd->next) {
1115                 struct command *singleton = cmd;
1116                 if (shallow_update && si->shallow_ref[cmd->index])
1117                         /* to be checked in update_shallow_ref() */
1118                         continue;
1119                 if (!check_everything_connected(command_singleton_iterator,
1120                                                 0, &singleton))
1121                         continue;
1122                 cmd->error_string = "missing necessary objects";
1123         }
1124 }
1125
1126 struct iterate_data {
1127         struct command *cmds;
1128         struct shallow_info *si;
1129 };
1130
1131 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1132 {
1133         struct iterate_data *data = cb_data;
1134         struct command **cmd_list = &data->cmds;
1135         struct command *cmd = *cmd_list;
1136
1137         for (; cmd; cmd = cmd->next) {
1138                 if (shallow_update && data->si->shallow_ref[cmd->index])
1139                         /* to be checked in update_shallow_ref() */
1140                         continue;
1141                 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1142                         hashcpy(sha1, cmd->new_sha1);
1143                         *cmd_list = cmd->next;
1144                         return 0;
1145                 }
1146         }
1147         *cmd_list = NULL;
1148         return -1; /* end of list */
1149 }
1150
1151 static void reject_updates_to_hidden(struct command *commands)
1152 {
1153         struct command *cmd;
1154
1155         for (cmd = commands; cmd; cmd = cmd->next) {
1156                 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1157                         continue;
1158                 if (is_null_sha1(cmd->new_sha1))
1159                         cmd->error_string = "deny deleting a hidden ref";
1160                 else
1161                         cmd->error_string = "deny updating a hidden ref";
1162         }
1163 }
1164
1165 static int should_process_cmd(struct command *cmd)
1166 {
1167         return !cmd->error_string && !cmd->skip_update;
1168 }
1169
1170 static void warn_if_skipped_connectivity_check(struct command *commands,
1171                                                struct shallow_info *si)
1172 {
1173         struct command *cmd;
1174         int checked_connectivity = 1;
1175
1176         for (cmd = commands; cmd; cmd = cmd->next) {
1177                 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1178                         error("BUG: connectivity check has not been run on ref %s",
1179                               cmd->ref_name);
1180                         checked_connectivity = 0;
1181                 }
1182         }
1183         if (!checked_connectivity)
1184                 die("BUG: connectivity check skipped???");
1185 }
1186
1187 static void execute_commands_non_atomic(struct command *commands,
1188                                         struct shallow_info *si)
1189 {
1190         struct command *cmd;
1191         struct strbuf err = STRBUF_INIT;
1192
1193         for (cmd = commands; cmd; cmd = cmd->next) {
1194                 if (!should_process_cmd(cmd))
1195                         continue;
1196
1197                 transaction = ref_transaction_begin(&err);
1198                 if (!transaction) {
1199                         rp_error("%s", err.buf);
1200                         strbuf_reset(&err);
1201                         cmd->error_string = "transaction failed to start";
1202                         continue;
1203                 }
1204
1205                 cmd->error_string = update(cmd, si);
1206
1207                 if (!cmd->error_string
1208                     && ref_transaction_commit(transaction, &err)) {
1209                         rp_error("%s", err.buf);
1210                         strbuf_reset(&err);
1211                         cmd->error_string = "failed to update ref";
1212                 }
1213                 ref_transaction_free(transaction);
1214         }
1215         strbuf_release(&err);
1216 }
1217
1218 static void execute_commands_atomic(struct command *commands,
1219                                         struct shallow_info *si)
1220 {
1221         struct command *cmd;
1222         struct strbuf err = STRBUF_INIT;
1223         const char *reported_error = "atomic push failure";
1224
1225         transaction = ref_transaction_begin(&err);
1226         if (!transaction) {
1227                 rp_error("%s", err.buf);
1228                 strbuf_reset(&err);
1229                 reported_error = "transaction failed to start";
1230                 goto failure;
1231         }
1232
1233         for (cmd = commands; cmd; cmd = cmd->next) {
1234                 if (!should_process_cmd(cmd))
1235                         continue;
1236
1237                 cmd->error_string = update(cmd, si);
1238
1239                 if (cmd->error_string)
1240                         goto failure;
1241         }
1242
1243         if (ref_transaction_commit(transaction, &err)) {
1244                 rp_error("%s", err.buf);
1245                 reported_error = "atomic transaction failed";
1246                 goto failure;
1247         }
1248         goto cleanup;
1249
1250 failure:
1251         for (cmd = commands; cmd; cmd = cmd->next)
1252                 if (!cmd->error_string)
1253                         cmd->error_string = reported_error;
1254
1255 cleanup:
1256         ref_transaction_free(transaction);
1257         strbuf_release(&err);
1258 }
1259
1260 static void execute_commands(struct command *commands,
1261                              const char *unpacker_error,
1262                              struct shallow_info *si)
1263 {
1264         struct command *cmd;
1265         unsigned char sha1[20];
1266         struct iterate_data data;
1267
1268         if (unpacker_error) {
1269                 for (cmd = commands; cmd; cmd = cmd->next)
1270                         cmd->error_string = "unpacker error";
1271                 return;
1272         }
1273
1274         data.cmds = commands;
1275         data.si = si;
1276         if (check_everything_connected(iterate_receive_command_list, 0, &data))
1277                 set_connectivity_errors(commands, si);
1278
1279         reject_updates_to_hidden(commands);
1280
1281         if (run_receive_hook(commands, "pre-receive", 0)) {
1282                 for (cmd = commands; cmd; cmd = cmd->next) {
1283                         if (!cmd->error_string)
1284                                 cmd->error_string = "pre-receive hook declined";
1285                 }
1286                 return;
1287         }
1288
1289         check_aliased_updates(commands);
1290
1291         free(head_name_to_free);
1292         head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1293
1294         if (use_atomic)
1295                 execute_commands_atomic(commands, si);
1296         else
1297                 execute_commands_non_atomic(commands, si);
1298
1299         if (shallow_update)
1300                 warn_if_skipped_connectivity_check(commands, si);
1301 }
1302
1303 static struct command **queue_command(struct command **tail,
1304                                       const char *line,
1305                                       int linelen)
1306 {
1307         unsigned char old_sha1[20], new_sha1[20];
1308         struct command *cmd;
1309         const char *refname;
1310         int reflen;
1311
1312         if (linelen < 83 ||
1313             line[40] != ' ' ||
1314             line[81] != ' ' ||
1315             get_sha1_hex(line, old_sha1) ||
1316             get_sha1_hex(line + 41, new_sha1))
1317                 die("protocol error: expected old/new/ref, got '%s'", line);
1318
1319         refname = line + 82;
1320         reflen = linelen - 82;
1321         cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1322         hashcpy(cmd->old_sha1, old_sha1);
1323         hashcpy(cmd->new_sha1, new_sha1);
1324         memcpy(cmd->ref_name, refname, reflen);
1325         cmd->ref_name[reflen] = '\0';
1326         *tail = cmd;
1327         return &cmd->next;
1328 }
1329
1330 static void queue_commands_from_cert(struct command **tail,
1331                                      struct strbuf *push_cert)
1332 {
1333         const char *boc, *eoc;
1334
1335         if (*tail)
1336                 die("protocol error: got both push certificate and unsigned commands");
1337
1338         boc = strstr(push_cert->buf, "\n\n");
1339         if (!boc)
1340                 die("malformed push certificate %.*s", 100, push_cert->buf);
1341         else
1342                 boc += 2;
1343         eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1344
1345         while (boc < eoc) {
1346                 const char *eol = memchr(boc, '\n', eoc - boc);
1347                 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1348                 boc = eol ? eol + 1 : eoc;
1349         }
1350 }
1351
1352 static struct command *read_head_info(struct sha1_array *shallow)
1353 {
1354         struct command *commands = NULL;
1355         struct command **p = &commands;
1356         for (;;) {
1357                 char *line;
1358                 int len, linelen;
1359
1360                 line = packet_read_line(0, &len);
1361                 if (!line)
1362                         break;
1363
1364                 if (len == 48 && starts_with(line, "shallow ")) {
1365                         unsigned char sha1[20];
1366                         if (get_sha1_hex(line + 8, sha1))
1367                                 die("protocol error: expected shallow sha, got '%s'",
1368                                     line + 8);
1369                         sha1_array_append(shallow, sha1);
1370                         continue;
1371                 }
1372
1373                 linelen = strlen(line);
1374                 if (linelen < len) {
1375                         const char *feature_list = line + linelen + 1;
1376                         if (parse_feature_request(feature_list, "report-status"))
1377                                 report_status = 1;
1378                         if (parse_feature_request(feature_list, "side-band-64k"))
1379                                 use_sideband = LARGE_PACKET_MAX;
1380                         if (parse_feature_request(feature_list, "quiet"))
1381                                 quiet = 1;
1382                         if (advertise_atomic_push
1383                             && parse_feature_request(feature_list, "atomic"))
1384                                 use_atomic = 1;
1385                 }
1386
1387                 if (!strcmp(line, "push-cert")) {
1388                         int true_flush = 0;
1389                         char certbuf[1024];
1390
1391                         for (;;) {
1392                                 len = packet_read(0, NULL, NULL,
1393                                                   certbuf, sizeof(certbuf), 0);
1394                                 if (!len) {
1395                                         true_flush = 1;
1396                                         break;
1397                                 }
1398                                 if (!strcmp(certbuf, "push-cert-end\n"))
1399                                         break; /* end of cert */
1400                                 strbuf_addstr(&push_cert, certbuf);
1401                         }
1402
1403                         if (true_flush)
1404                                 break;
1405                         continue;
1406                 }
1407
1408                 p = queue_command(p, line, linelen);
1409         }
1410
1411         if (push_cert.len)
1412                 queue_commands_from_cert(p, &push_cert);
1413
1414         return commands;
1415 }
1416
1417 static const char *parse_pack_header(struct pack_header *hdr)
1418 {
1419         switch (read_pack_header(0, hdr)) {
1420         case PH_ERROR_EOF:
1421                 return "eof before pack header was fully read";
1422
1423         case PH_ERROR_PACK_SIGNATURE:
1424                 return "protocol error (pack signature mismatch detected)";
1425
1426         case PH_ERROR_PROTOCOL:
1427                 return "protocol error (pack version unsupported)";
1428
1429         default:
1430                 return "unknown error in parse_pack_header";
1431
1432         case 0:
1433                 return NULL;
1434         }
1435 }
1436
1437 static const char *pack_lockfile;
1438
1439 static const char *unpack(int err_fd, struct shallow_info *si)
1440 {
1441         struct pack_header hdr;
1442         const char *hdr_err;
1443         int status;
1444         char hdr_arg[38];
1445         struct child_process child = CHILD_PROCESS_INIT;
1446         int fsck_objects = (receive_fsck_objects >= 0
1447                             ? receive_fsck_objects
1448                             : transfer_fsck_objects >= 0
1449                             ? transfer_fsck_objects
1450                             : 0);
1451
1452         hdr_err = parse_pack_header(&hdr);
1453         if (hdr_err) {
1454                 if (err_fd > 0)
1455                         close(err_fd);
1456                 return hdr_err;
1457         }
1458         snprintf(hdr_arg, sizeof(hdr_arg),
1459                         "--pack_header=%"PRIu32",%"PRIu32,
1460                         ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1461
1462         if (si->nr_ours || si->nr_theirs) {
1463                 alt_shallow_file = setup_temporary_shallow(si->shallow);
1464                 argv_array_push(&child.args, "--shallow-file");
1465                 argv_array_push(&child.args, alt_shallow_file);
1466         }
1467
1468         if (ntohl(hdr.hdr_entries) < unpack_limit) {
1469                 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1470                 if (quiet)
1471                         argv_array_push(&child.args, "-q");
1472                 if (fsck_objects)
1473                         argv_array_push(&child.args, "--strict");
1474                 child.no_stdout = 1;
1475                 child.err = err_fd;
1476                 child.git_cmd = 1;
1477                 status = run_command(&child);
1478                 if (status)
1479                         return "unpack-objects abnormal exit";
1480         } else {
1481                 int s;
1482                 char keep_arg[256];
1483
1484                 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1485                 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1486                         strcpy(keep_arg + s, "localhost");
1487
1488                 argv_array_pushl(&child.args, "index-pack",
1489                                  "--stdin", hdr_arg, keep_arg, NULL);
1490                 if (fsck_objects)
1491                         argv_array_push(&child.args, "--strict");
1492                 if (fix_thin)
1493                         argv_array_push(&child.args, "--fix-thin");
1494                 child.out = -1;
1495                 child.err = err_fd;
1496                 child.git_cmd = 1;
1497                 status = start_command(&child);
1498                 if (status)
1499                         return "index-pack fork failed";
1500                 pack_lockfile = index_pack_lockfile(child.out);
1501                 close(child.out);
1502                 status = finish_command(&child);
1503                 if (status)
1504                         return "index-pack abnormal exit";
1505                 reprepare_packed_git();
1506         }
1507         return NULL;
1508 }
1509
1510 static const char *unpack_with_sideband(struct shallow_info *si)
1511 {
1512         struct async muxer;
1513         const char *ret;
1514
1515         if (!use_sideband)
1516                 return unpack(0, si);
1517
1518         memset(&muxer, 0, sizeof(muxer));
1519         muxer.proc = copy_to_sideband;
1520         muxer.in = -1;
1521         if (start_async(&muxer))
1522                 return NULL;
1523
1524         ret = unpack(muxer.in, si);
1525
1526         finish_async(&muxer);
1527         return ret;
1528 }
1529
1530 static void prepare_shallow_update(struct command *commands,
1531                                    struct shallow_info *si)
1532 {
1533         int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1534
1535         si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1536                                    si->shallow->nr);
1537         assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1538
1539         si->need_reachability_test =
1540                 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1541         si->reachable =
1542                 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1543         si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1544
1545         for (i = 0; i < si->nr_ours; i++)
1546                 si->need_reachability_test[si->ours[i]] = 1;
1547
1548         for (i = 0; i < si->shallow->nr; i++) {
1549                 if (!si->used_shallow[i])
1550                         continue;
1551                 for (j = 0; j < bitmap_size; j++) {
1552                         if (!si->used_shallow[i][j])
1553                                 continue;
1554                         si->need_reachability_test[i]++;
1555                         for (k = 0; k < 32; k++)
1556                                 if (si->used_shallow[i][j] & (1 << k))
1557                                         si->shallow_ref[j * 32 + k]++;
1558                 }
1559
1560                 /*
1561                  * true for those associated with some refs and belong
1562                  * in "ours" list aka "step 7 not done yet"
1563                  */
1564                 si->need_reachability_test[i] =
1565                         si->need_reachability_test[i] > 1;
1566         }
1567
1568         /*
1569          * keep hooks happy by forcing a temporary shallow file via
1570          * env variable because we can't add --shallow-file to every
1571          * command. check_everything_connected() will be done with
1572          * true .git/shallow though.
1573          */
1574         setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1575 }
1576
1577 static void update_shallow_info(struct command *commands,
1578                                 struct shallow_info *si,
1579                                 struct sha1_array *ref)
1580 {
1581         struct command *cmd;
1582         int *ref_status;
1583         remove_nonexistent_theirs_shallow(si);
1584         if (!si->nr_ours && !si->nr_theirs) {
1585                 shallow_update = 0;
1586                 return;
1587         }
1588
1589         for (cmd = commands; cmd; cmd = cmd->next) {
1590                 if (is_null_sha1(cmd->new_sha1))
1591                         continue;
1592                 sha1_array_append(ref, cmd->new_sha1);
1593                 cmd->index = ref->nr - 1;
1594         }
1595         si->ref = ref;
1596
1597         if (shallow_update) {
1598                 prepare_shallow_update(commands, si);
1599                 return;
1600         }
1601
1602         ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1603         assign_shallow_commits_to_refs(si, NULL, ref_status);
1604         for (cmd = commands; cmd; cmd = cmd->next) {
1605                 if (is_null_sha1(cmd->new_sha1))
1606                         continue;
1607                 if (ref_status[cmd->index]) {
1608                         cmd->error_string = "shallow update not allowed";
1609                         cmd->skip_update = 1;
1610                 }
1611         }
1612         free(ref_status);
1613 }
1614
1615 static void report(struct command *commands, const char *unpack_status)
1616 {
1617         struct command *cmd;
1618         struct strbuf buf = STRBUF_INIT;
1619
1620         packet_buf_write(&buf, "unpack %s\n",
1621                          unpack_status ? unpack_status : "ok");
1622         for (cmd = commands; cmd; cmd = cmd->next) {
1623                 if (!cmd->error_string)
1624                         packet_buf_write(&buf, "ok %s\n",
1625                                          cmd->ref_name);
1626                 else
1627                         packet_buf_write(&buf, "ng %s %s\n",
1628                                          cmd->ref_name, cmd->error_string);
1629         }
1630         packet_buf_flush(&buf);
1631
1632         if (use_sideband)
1633                 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1634         else
1635                 write_or_die(1, buf.buf, buf.len);
1636         strbuf_release(&buf);
1637 }
1638
1639 static int delete_only(struct command *commands)
1640 {
1641         struct command *cmd;
1642         for (cmd = commands; cmd; cmd = cmd->next) {
1643                 if (!is_null_sha1(cmd->new_sha1))
1644                         return 0;
1645         }
1646         return 1;
1647 }
1648
1649 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1650 {
1651         int advertise_refs = 0;
1652         int i;
1653         struct command *commands;
1654         struct sha1_array shallow = SHA1_ARRAY_INIT;
1655         struct sha1_array ref = SHA1_ARRAY_INIT;
1656         struct shallow_info si;
1657
1658         packet_trace_identity("receive-pack");
1659
1660         argv++;
1661         for (i = 1; i < argc; i++) {
1662                 const char *arg = *argv++;
1663
1664                 if (*arg == '-') {
1665                         if (!strcmp(arg, "--quiet")) {
1666                                 quiet = 1;
1667                                 continue;
1668                         }
1669
1670                         if (!strcmp(arg, "--advertise-refs")) {
1671                                 advertise_refs = 1;
1672                                 continue;
1673                         }
1674                         if (!strcmp(arg, "--stateless-rpc")) {
1675                                 stateless_rpc = 1;
1676                                 continue;
1677                         }
1678                         if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1679                                 fix_thin = 0;
1680                                 continue;
1681                         }
1682
1683                         usage(receive_pack_usage);
1684                 }
1685                 if (service_dir)
1686                         usage(receive_pack_usage);
1687                 service_dir = arg;
1688         }
1689         if (!service_dir)
1690                 usage(receive_pack_usage);
1691
1692         setup_path();
1693
1694         if (!enter_repo(service_dir, 0))
1695                 die("'%s' does not appear to be a git repository", service_dir);
1696
1697         git_config(receive_pack_config, NULL);
1698         if (cert_nonce_seed)
1699                 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1700
1701         if (0 <= transfer_unpack_limit)
1702                 unpack_limit = transfer_unpack_limit;
1703         else if (0 <= receive_unpack_limit)
1704                 unpack_limit = receive_unpack_limit;
1705
1706         if (advertise_refs || !stateless_rpc) {
1707                 write_head_info();
1708         }
1709         if (advertise_refs)
1710                 return 0;
1711
1712         if ((commands = read_head_info(&shallow)) != NULL) {
1713                 const char *unpack_status = NULL;
1714
1715                 prepare_shallow_info(&si, &shallow);
1716                 if (!si.nr_ours && !si.nr_theirs)
1717                         shallow_update = 0;
1718                 if (!delete_only(commands)) {
1719                         unpack_status = unpack_with_sideband(&si);
1720                         update_shallow_info(commands, &si, &ref);
1721                 }
1722                 execute_commands(commands, unpack_status, &si);
1723                 if (pack_lockfile)
1724                         unlink_or_warn(pack_lockfile);
1725                 if (report_status)
1726                         report(commands, unpack_status);
1727                 run_receive_hook(commands, "post-receive", 1);
1728                 run_update_post_hook(commands);
1729                 if (auto_gc) {
1730                         const char *argv_gc_auto[] = {
1731                                 "gc", "--auto", "--quiet", NULL,
1732                         };
1733                         int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1734                         run_command_v_opt(argv_gc_auto, opt);
1735                 }
1736                 if (auto_update_server_info)
1737                         update_server_info(0);
1738                 clear_shallow_info(&si);
1739         }
1740         if (use_sideband)
1741                 packet_flush(1);
1742         sha1_array_clear(&shallow);
1743         sha1_array_clear(&ref);
1744         free((void *)push_cert_nonce);
1745         return 0;
1746 }