signed push: fortify against replay attacks
[git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "pack.h"
3 #include "refs.h"
4 #include "pkt-line.h"
5 #include "sideband.h"
6 #include "run-command.h"
7 #include "exec_cmd.h"
8 #include "commit.h"
9 #include "object.h"
10 #include "remote.h"
11 #include "connect.h"
12 #include "transport.h"
13 #include "string-list.h"
14 #include "sha1-array.h"
15 #include "connected.h"
16 #include "argv-array.h"
17 #include "version.h"
18 #include "tag.h"
19 #include "gpg-interface.h"
20
21 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
22
23 enum deny_action {
24         DENY_UNCONFIGURED,
25         DENY_IGNORE,
26         DENY_WARN,
27         DENY_REFUSE
28 };
29
30 static int deny_deletes;
31 static int deny_non_fast_forwards;
32 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
33 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
34 static int receive_fsck_objects = -1;
35 static int transfer_fsck_objects = -1;
36 static int receive_unpack_limit = -1;
37 static int transfer_unpack_limit = -1;
38 static int unpack_limit = 100;
39 static int report_status;
40 static int use_sideband;
41 static int quiet;
42 static int prefer_ofs_delta = 1;
43 static int auto_update_server_info;
44 static int auto_gc = 1;
45 static int fix_thin = 1;
46 static const char *head_name;
47 static void *head_name_to_free;
48 static int sent_capabilities;
49 static int shallow_update;
50 static const char *alt_shallow_file;
51 static struct strbuf push_cert = STRBUF_INIT;
52 static unsigned char push_cert_sha1[20];
53 static struct signature_check sigcheck;
54 static const char *push_cert_nonce;
55 static const char *cert_nonce_seed;
56
57 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
58 static const char *NONCE_BAD = "BAD";
59 static const char *NONCE_MISSING = "MISSING";
60 static const char *NONCE_OK = "OK";
61 static const char *nonce_status;
62
63 static enum deny_action parse_deny_action(const char *var, const char *value)
64 {
65         if (value) {
66                 if (!strcasecmp(value, "ignore"))
67                         return DENY_IGNORE;
68                 if (!strcasecmp(value, "warn"))
69                         return DENY_WARN;
70                 if (!strcasecmp(value, "refuse"))
71                         return DENY_REFUSE;
72         }
73         if (git_config_bool(var, value))
74                 return DENY_REFUSE;
75         return DENY_IGNORE;
76 }
77
78 static int receive_pack_config(const char *var, const char *value, void *cb)
79 {
80         int status = parse_hide_refs_config(var, value, "receive");
81
82         if (status)
83                 return status;
84
85         if (strcmp(var, "receive.denydeletes") == 0) {
86                 deny_deletes = git_config_bool(var, value);
87                 return 0;
88         }
89
90         if (strcmp(var, "receive.denynonfastforwards") == 0) {
91                 deny_non_fast_forwards = git_config_bool(var, value);
92                 return 0;
93         }
94
95         if (strcmp(var, "receive.unpacklimit") == 0) {
96                 receive_unpack_limit = git_config_int(var, value);
97                 return 0;
98         }
99
100         if (strcmp(var, "transfer.unpacklimit") == 0) {
101                 transfer_unpack_limit = git_config_int(var, value);
102                 return 0;
103         }
104
105         if (strcmp(var, "receive.fsckobjects") == 0) {
106                 receive_fsck_objects = git_config_bool(var, value);
107                 return 0;
108         }
109
110         if (strcmp(var, "transfer.fsckobjects") == 0) {
111                 transfer_fsck_objects = git_config_bool(var, value);
112                 return 0;
113         }
114
115         if (!strcmp(var, "receive.denycurrentbranch")) {
116                 deny_current_branch = parse_deny_action(var, value);
117                 return 0;
118         }
119
120         if (strcmp(var, "receive.denydeletecurrent") == 0) {
121                 deny_delete_current = parse_deny_action(var, value);
122                 return 0;
123         }
124
125         if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
126                 prefer_ofs_delta = git_config_bool(var, value);
127                 return 0;
128         }
129
130         if (strcmp(var, "receive.updateserverinfo") == 0) {
131                 auto_update_server_info = git_config_bool(var, value);
132                 return 0;
133         }
134
135         if (strcmp(var, "receive.autogc") == 0) {
136                 auto_gc = git_config_bool(var, value);
137                 return 0;
138         }
139
140         if (strcmp(var, "receive.shallowupdate") == 0) {
141                 shallow_update = git_config_bool(var, value);
142                 return 0;
143         }
144
145         if (strcmp(var, "receive.certnonceseed") == 0)
146                 return git_config_string(&cert_nonce_seed, var, value);
147
148         return git_default_config(var, value, cb);
149 }
150
151 static void show_ref(const char *path, const unsigned char *sha1)
152 {
153         if (ref_is_hidden(path))
154                 return;
155
156         if (sent_capabilities) {
157                 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
158         } else {
159                 struct strbuf cap = STRBUF_INIT;
160
161                 strbuf_addstr(&cap,
162                               "report-status delete-refs side-band-64k quiet");
163                 if (prefer_ofs_delta)
164                         strbuf_addstr(&cap, " ofs-delta");
165                 if (push_cert_nonce)
166                         strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
167                 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
168                 packet_write(1, "%s %s%c%s\n",
169                              sha1_to_hex(sha1), path, 0, cap.buf);
170                 strbuf_release(&cap);
171                 sent_capabilities = 1;
172         }
173 }
174
175 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
176 {
177         path = strip_namespace(path);
178         /*
179          * Advertise refs outside our current namespace as ".have"
180          * refs, so that the client can use them to minimize data
181          * transfer but will otherwise ignore them. This happens to
182          * cover ".have" that are thrown in by add_one_alternate_ref()
183          * to mark histories that are complete in our alternates as
184          * well.
185          */
186         if (!path)
187                 path = ".have";
188         show_ref(path, sha1);
189         return 0;
190 }
191
192 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
193 {
194         show_ref(".have", sha1);
195 }
196
197 static void collect_one_alternate_ref(const struct ref *ref, void *data)
198 {
199         struct sha1_array *sa = data;
200         sha1_array_append(sa, ref->old_sha1);
201 }
202
203 static void write_head_info(void)
204 {
205         struct sha1_array sa = SHA1_ARRAY_INIT;
206         for_each_alternate_ref(collect_one_alternate_ref, &sa);
207         sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
208         sha1_array_clear(&sa);
209         for_each_ref(show_ref_cb, NULL);
210         if (!sent_capabilities)
211                 show_ref("capabilities^{}", null_sha1);
212
213         advertise_shallow_grafts(1);
214
215         /* EOF */
216         packet_flush(1);
217 }
218
219 struct command {
220         struct command *next;
221         const char *error_string;
222         unsigned int skip_update:1,
223                      did_not_exist:1;
224         int index;
225         unsigned char old_sha1[20];
226         unsigned char new_sha1[20];
227         char ref_name[FLEX_ARRAY]; /* more */
228 };
229
230 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
231 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
232
233 static void report_message(const char *prefix, const char *err, va_list params)
234 {
235         int sz = strlen(prefix);
236         char msg[4096];
237
238         strncpy(msg, prefix, sz);
239         sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
240         if (sz > (sizeof(msg) - 1))
241                 sz = sizeof(msg) - 1;
242         msg[sz++] = '\n';
243
244         if (use_sideband)
245                 send_sideband(1, 2, msg, sz, use_sideband);
246         else
247                 xwrite(2, msg, sz);
248 }
249
250 static void rp_warning(const char *err, ...)
251 {
252         va_list params;
253         va_start(params, err);
254         report_message("warning: ", err, params);
255         va_end(params);
256 }
257
258 static void rp_error(const char *err, ...)
259 {
260         va_list params;
261         va_start(params, err);
262         report_message("error: ", err, params);
263         va_end(params);
264 }
265
266 static int copy_to_sideband(int in, int out, void *arg)
267 {
268         char data[128];
269         while (1) {
270                 ssize_t sz = xread(in, data, sizeof(data));
271                 if (sz <= 0)
272                         break;
273                 send_sideband(1, 2, data, sz, use_sideband);
274         }
275         close(in);
276         return 0;
277 }
278
279 #define HMAC_BLOCK_SIZE 64
280
281 static void hmac_sha1(unsigned char out[20],
282                       const char *key_in, size_t key_len,
283                       const char *text, size_t text_len)
284 {
285         unsigned char key[HMAC_BLOCK_SIZE];
286         unsigned char k_ipad[HMAC_BLOCK_SIZE];
287         unsigned char k_opad[HMAC_BLOCK_SIZE];
288         int i;
289         git_SHA_CTX ctx;
290
291         /* RFC 2104 2. (1) */
292         memset(key, '\0', HMAC_BLOCK_SIZE);
293         if (HMAC_BLOCK_SIZE < key_len) {
294                 git_SHA1_Init(&ctx);
295                 git_SHA1_Update(&ctx, key_in, key_len);
296                 git_SHA1_Final(key, &ctx);
297         } else {
298                 memcpy(key, key_in, key_len);
299         }
300
301         /* RFC 2104 2. (2) & (5) */
302         for (i = 0; i < sizeof(key); i++) {
303                 k_ipad[i] = key[i] ^ 0x36;
304                 k_opad[i] = key[i] ^ 0x5c;
305         }
306
307         /* RFC 2104 2. (3) & (4) */
308         git_SHA1_Init(&ctx);
309         git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
310         git_SHA1_Update(&ctx, text, text_len);
311         git_SHA1_Final(out, &ctx);
312
313         /* RFC 2104 2. (6) & (7) */
314         git_SHA1_Init(&ctx);
315         git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
316         git_SHA1_Update(&ctx, out, sizeof(out));
317         git_SHA1_Final(out, &ctx);
318 }
319
320 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
321 {
322         struct strbuf buf = STRBUF_INIT;
323         unsigned char sha1[20];
324
325         strbuf_addf(&buf, "%s:%lu", path, stamp);
326         hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
327         strbuf_release(&buf);
328
329         /* RFC 2104 5. HMAC-SHA1-80 */
330         strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
331         return strbuf_detach(&buf, NULL);
332 }
333
334 /*
335  * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
336  * after dropping "_commit" from its name and possibly moving it out
337  * of commit.c
338  */
339 static char *find_header(const char *msg, size_t len, const char *key)
340 {
341         int key_len = strlen(key);
342         const char *line = msg;
343
344         while (line && line < msg + len) {
345                 const char *eol = strchrnul(line, '\n');
346
347                 if ((msg + len <= eol) || line == eol)
348                         return NULL;
349                 if (line + key_len < eol &&
350                     !memcmp(line, key, key_len) && line[key_len] == ' ') {
351                         int offset = key_len + 1;
352                         return xmemdupz(line + offset, (eol - line) - offset);
353                 }
354                 line = *eol ? eol + 1 : NULL;
355         }
356         return NULL;
357 }
358
359 static const char *check_nonce(const char *buf, size_t len)
360 {
361         char *nonce = find_header(buf, len, "nonce");
362         const char *retval = NONCE_BAD;
363
364         if (!nonce) {
365                 retval = NONCE_MISSING;
366                 goto leave;
367         } else if (!push_cert_nonce) {
368                 retval = NONCE_UNSOLICITED;
369                 goto leave;
370         } else if (!strcmp(push_cert_nonce, nonce)) {
371                 retval = NONCE_OK;
372                 goto leave;
373         }
374
375         /* returned nonce MUST match what we gave out earlier */
376         retval = NONCE_BAD;
377
378 leave:
379         free(nonce);
380         return retval;
381 }
382
383 static void prepare_push_cert_sha1(struct child_process *proc)
384 {
385         static int already_done;
386         struct argv_array env = ARGV_ARRAY_INIT;
387
388         if (!push_cert.len)
389                 return;
390
391         if (!already_done) {
392                 struct strbuf gpg_output = STRBUF_INIT;
393                 struct strbuf gpg_status = STRBUF_INIT;
394                 int bogs /* beginning_of_gpg_sig */;
395
396                 already_done = 1;
397                 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
398                         hashclr(push_cert_sha1);
399
400                 memset(&sigcheck, '\0', sizeof(sigcheck));
401                 sigcheck.result = 'N';
402
403                 bogs = parse_signature(push_cert.buf, push_cert.len);
404                 if (verify_signed_buffer(push_cert.buf, bogs,
405                                          push_cert.buf + bogs, push_cert.len - bogs,
406                                          &gpg_output, &gpg_status) < 0) {
407                         ; /* error running gpg */
408                 } else {
409                         sigcheck.payload = push_cert.buf;
410                         sigcheck.gpg_output = gpg_output.buf;
411                         sigcheck.gpg_status = gpg_status.buf;
412                         parse_gpg_output(&sigcheck);
413                 }
414
415                 strbuf_release(&gpg_output);
416                 strbuf_release(&gpg_status);
417                 nonce_status = check_nonce(push_cert.buf, bogs);
418         }
419         if (!is_null_sha1(push_cert_sha1)) {
420                 argv_array_pushf(&env, "GIT_PUSH_CERT=%s", sha1_to_hex(push_cert_sha1));
421                 argv_array_pushf(&env, "GIT_PUSH_CERT_SIGNER=%s",
422                                  sigcheck.signer ? sigcheck.signer : "");
423                 argv_array_pushf(&env, "GIT_PUSH_CERT_KEY=%s",
424                                  sigcheck.key ? sigcheck.key : "");
425                 argv_array_pushf(&env, "GIT_PUSH_CERT_STATUS=%c", sigcheck.result);
426                 if (push_cert_nonce) {
427                         argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE=%s", push_cert_nonce);
428                         argv_array_pushf(&env, "GIT_PUSH_CERT_NONCE_STATUS=%s", nonce_status);
429                 }
430                 proc->env = env.argv;
431         }
432 }
433
434 typedef int (*feed_fn)(void *, const char **, size_t *);
435 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
436 {
437         struct child_process proc;
438         struct async muxer;
439         const char *argv[2];
440         int code;
441
442         argv[0] = find_hook(hook_name);
443         if (!argv[0])
444                 return 0;
445
446         argv[1] = NULL;
447
448         memset(&proc, 0, sizeof(proc));
449         proc.argv = argv;
450         proc.in = -1;
451         proc.stdout_to_stderr = 1;
452
453         prepare_push_cert_sha1(&proc);
454
455         if (use_sideband) {
456                 memset(&muxer, 0, sizeof(muxer));
457                 muxer.proc = copy_to_sideband;
458                 muxer.in = -1;
459                 code = start_async(&muxer);
460                 if (code)
461                         return code;
462                 proc.err = muxer.in;
463         }
464
465         code = start_command(&proc);
466         if (code) {
467                 if (use_sideband)
468                         finish_async(&muxer);
469                 return code;
470         }
471
472         while (1) {
473                 const char *buf;
474                 size_t n;
475                 if (feed(feed_state, &buf, &n))
476                         break;
477                 if (write_in_full(proc.in, buf, n) != n)
478                         break;
479         }
480         close(proc.in);
481         if (use_sideband)
482                 finish_async(&muxer);
483         return finish_command(&proc);
484 }
485
486 struct receive_hook_feed_state {
487         struct command *cmd;
488         int skip_broken;
489         struct strbuf buf;
490 };
491
492 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
493 {
494         struct receive_hook_feed_state *state = state_;
495         struct command *cmd = state->cmd;
496
497         while (cmd &&
498                state->skip_broken && (cmd->error_string || cmd->did_not_exist))
499                 cmd = cmd->next;
500         if (!cmd)
501                 return -1; /* EOF */
502         strbuf_reset(&state->buf);
503         strbuf_addf(&state->buf, "%s %s %s\n",
504                     sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
505                     cmd->ref_name);
506         state->cmd = cmd->next;
507         if (bufp) {
508                 *bufp = state->buf.buf;
509                 *sizep = state->buf.len;
510         }
511         return 0;
512 }
513
514 static int run_receive_hook(struct command *commands, const char *hook_name,
515                             int skip_broken)
516 {
517         struct receive_hook_feed_state state;
518         int status;
519
520         strbuf_init(&state.buf, 0);
521         state.cmd = commands;
522         state.skip_broken = skip_broken;
523         if (feed_receive_hook(&state, NULL, NULL))
524                 return 0;
525         state.cmd = commands;
526         status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
527         strbuf_release(&state.buf);
528         return status;
529 }
530
531 static int run_update_hook(struct command *cmd)
532 {
533         const char *argv[5];
534         struct child_process proc;
535         int code;
536
537         argv[0] = find_hook("update");
538         if (!argv[0])
539                 return 0;
540
541         argv[1] = cmd->ref_name;
542         argv[2] = sha1_to_hex(cmd->old_sha1);
543         argv[3] = sha1_to_hex(cmd->new_sha1);
544         argv[4] = NULL;
545
546         memset(&proc, 0, sizeof(proc));
547         proc.no_stdin = 1;
548         proc.stdout_to_stderr = 1;
549         proc.err = use_sideband ? -1 : 0;
550         proc.argv = argv;
551
552         code = start_command(&proc);
553         if (code)
554                 return code;
555         if (use_sideband)
556                 copy_to_sideband(proc.err, -1, NULL);
557         return finish_command(&proc);
558 }
559
560 static int is_ref_checked_out(const char *ref)
561 {
562         if (is_bare_repository())
563                 return 0;
564
565         if (!head_name)
566                 return 0;
567         return !strcmp(head_name, ref);
568 }
569
570 static char *refuse_unconfigured_deny_msg[] = {
571         "By default, updating the current branch in a non-bare repository",
572         "is denied, because it will make the index and work tree inconsistent",
573         "with what you pushed, and will require 'git reset --hard' to match",
574         "the work tree to HEAD.",
575         "",
576         "You can set 'receive.denyCurrentBranch' configuration variable to",
577         "'ignore' or 'warn' in the remote repository to allow pushing into",
578         "its current branch; however, this is not recommended unless you",
579         "arranged to update its work tree to match what you pushed in some",
580         "other way.",
581         "",
582         "To squelch this message and still keep the default behaviour, set",
583         "'receive.denyCurrentBranch' configuration variable to 'refuse'."
584 };
585
586 static void refuse_unconfigured_deny(void)
587 {
588         int i;
589         for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
590                 rp_error("%s", refuse_unconfigured_deny_msg[i]);
591 }
592
593 static char *refuse_unconfigured_deny_delete_current_msg[] = {
594         "By default, deleting the current branch is denied, because the next",
595         "'git clone' won't result in any file checked out, causing confusion.",
596         "",
597         "You can set 'receive.denyDeleteCurrent' configuration variable to",
598         "'warn' or 'ignore' in the remote repository to allow deleting the",
599         "current branch, with or without a warning message.",
600         "",
601         "To squelch this message, you can set it to 'refuse'."
602 };
603
604 static void refuse_unconfigured_deny_delete_current(void)
605 {
606         int i;
607         for (i = 0;
608              i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
609              i++)
610                 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
611 }
612
613 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
614 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
615 {
616         static struct lock_file shallow_lock;
617         struct sha1_array extra = SHA1_ARRAY_INIT;
618         const char *alt_file;
619         uint32_t mask = 1 << (cmd->index % 32);
620         int i;
621
622         trace_printf_key(&trace_shallow,
623                          "shallow: update_shallow_ref %s\n", cmd->ref_name);
624         for (i = 0; i < si->shallow->nr; i++)
625                 if (si->used_shallow[i] &&
626                     (si->used_shallow[i][cmd->index / 32] & mask) &&
627                     !delayed_reachability_test(si, i))
628                         sha1_array_append(&extra, si->shallow->sha1[i]);
629
630         setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
631         if (check_shallow_connected(command_singleton_iterator,
632                                     0, cmd, alt_file)) {
633                 rollback_lock_file(&shallow_lock);
634                 sha1_array_clear(&extra);
635                 return -1;
636         }
637
638         commit_lock_file(&shallow_lock);
639
640         /*
641          * Make sure setup_alternate_shallow() for the next ref does
642          * not lose these new roots..
643          */
644         for (i = 0; i < extra.nr; i++)
645                 register_shallow(extra.sha1[i]);
646
647         si->shallow_ref[cmd->index] = 0;
648         sha1_array_clear(&extra);
649         return 0;
650 }
651
652 static const char *update(struct command *cmd, struct shallow_info *si)
653 {
654         const char *name = cmd->ref_name;
655         struct strbuf namespaced_name_buf = STRBUF_INIT;
656         const char *namespaced_name;
657         unsigned char *old_sha1 = cmd->old_sha1;
658         unsigned char *new_sha1 = cmd->new_sha1;
659         struct ref_lock *lock;
660
661         /* only refs/... are allowed */
662         if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
663                 rp_error("refusing to create funny ref '%s' remotely", name);
664                 return "funny refname";
665         }
666
667         strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
668         namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
669
670         if (is_ref_checked_out(namespaced_name)) {
671                 switch (deny_current_branch) {
672                 case DENY_IGNORE:
673                         break;
674                 case DENY_WARN:
675                         rp_warning("updating the current branch");
676                         break;
677                 case DENY_REFUSE:
678                 case DENY_UNCONFIGURED:
679                         rp_error("refusing to update checked out branch: %s", name);
680                         if (deny_current_branch == DENY_UNCONFIGURED)
681                                 refuse_unconfigured_deny();
682                         return "branch is currently checked out";
683                 }
684         }
685
686         if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
687                 error("unpack should have generated %s, "
688                       "but I can't find it!", sha1_to_hex(new_sha1));
689                 return "bad pack";
690         }
691
692         if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
693                 if (deny_deletes && starts_with(name, "refs/heads/")) {
694                         rp_error("denying ref deletion for %s", name);
695                         return "deletion prohibited";
696                 }
697
698                 if (!strcmp(namespaced_name, head_name)) {
699                         switch (deny_delete_current) {
700                         case DENY_IGNORE:
701                                 break;
702                         case DENY_WARN:
703                                 rp_warning("deleting the current branch");
704                                 break;
705                         case DENY_REFUSE:
706                         case DENY_UNCONFIGURED:
707                                 if (deny_delete_current == DENY_UNCONFIGURED)
708                                         refuse_unconfigured_deny_delete_current();
709                                 rp_error("refusing to delete the current branch: %s", name);
710                                 return "deletion of the current branch prohibited";
711                         }
712                 }
713         }
714
715         if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
716             !is_null_sha1(old_sha1) &&
717             starts_with(name, "refs/heads/")) {
718                 struct object *old_object, *new_object;
719                 struct commit *old_commit, *new_commit;
720
721                 old_object = parse_object(old_sha1);
722                 new_object = parse_object(new_sha1);
723
724                 if (!old_object || !new_object ||
725                     old_object->type != OBJ_COMMIT ||
726                     new_object->type != OBJ_COMMIT) {
727                         error("bad sha1 objects for %s", name);
728                         return "bad ref";
729                 }
730                 old_commit = (struct commit *)old_object;
731                 new_commit = (struct commit *)new_object;
732                 if (!in_merge_bases(old_commit, new_commit)) {
733                         rp_error("denying non-fast-forward %s"
734                                  " (you should pull first)", name);
735                         return "non-fast-forward";
736                 }
737         }
738         if (run_update_hook(cmd)) {
739                 rp_error("hook declined to update %s", name);
740                 return "hook declined";
741         }
742
743         if (is_null_sha1(new_sha1)) {
744                 if (!parse_object(old_sha1)) {
745                         old_sha1 = NULL;
746                         if (ref_exists(name)) {
747                                 rp_warning("Allowing deletion of corrupt ref.");
748                         } else {
749                                 rp_warning("Deleting a non-existent ref.");
750                                 cmd->did_not_exist = 1;
751                         }
752                 }
753                 if (delete_ref(namespaced_name, old_sha1, 0)) {
754                         rp_error("failed to delete %s", name);
755                         return "failed to delete";
756                 }
757                 return NULL; /* good */
758         }
759         else {
760                 if (shallow_update && si->shallow_ref[cmd->index] &&
761                     update_shallow_ref(cmd, si))
762                         return "shallow error";
763
764                 lock = lock_any_ref_for_update(namespaced_name, old_sha1,
765                                                0, NULL);
766                 if (!lock) {
767                         rp_error("failed to lock %s", name);
768                         return "failed to lock";
769                 }
770                 if (write_ref_sha1(lock, new_sha1, "push")) {
771                         return "failed to write"; /* error() already called */
772                 }
773                 return NULL; /* good */
774         }
775 }
776
777 static void run_update_post_hook(struct command *commands)
778 {
779         struct command *cmd;
780         int argc;
781         const char **argv;
782         struct child_process proc;
783         char *hook;
784
785         hook = find_hook("post-update");
786         for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
787                 if (cmd->error_string || cmd->did_not_exist)
788                         continue;
789                 argc++;
790         }
791         if (!argc || !hook)
792                 return;
793
794         argv = xmalloc(sizeof(*argv) * (2 + argc));
795         argv[0] = hook;
796
797         for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
798                 if (cmd->error_string || cmd->did_not_exist)
799                         continue;
800                 argv[argc] = xstrdup(cmd->ref_name);
801                 argc++;
802         }
803         argv[argc] = NULL;
804
805         memset(&proc, 0, sizeof(proc));
806         proc.no_stdin = 1;
807         proc.stdout_to_stderr = 1;
808         proc.err = use_sideband ? -1 : 0;
809         proc.argv = argv;
810
811         if (!start_command(&proc)) {
812                 if (use_sideband)
813                         copy_to_sideband(proc.err, -1, NULL);
814                 finish_command(&proc);
815         }
816 }
817
818 static void check_aliased_update(struct command *cmd, struct string_list *list)
819 {
820         struct strbuf buf = STRBUF_INIT;
821         const char *dst_name;
822         struct string_list_item *item;
823         struct command *dst_cmd;
824         unsigned char sha1[20];
825         char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
826         int flag;
827
828         strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
829         dst_name = resolve_ref_unsafe(buf.buf, sha1, 0, &flag);
830         strbuf_release(&buf);
831
832         if (!(flag & REF_ISSYMREF))
833                 return;
834
835         dst_name = strip_namespace(dst_name);
836         if (!dst_name) {
837                 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
838                 cmd->skip_update = 1;
839                 cmd->error_string = "broken symref";
840                 return;
841         }
842
843         if ((item = string_list_lookup(list, dst_name)) == NULL)
844                 return;
845
846         cmd->skip_update = 1;
847
848         dst_cmd = (struct command *) item->util;
849
850         if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
851             !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
852                 return;
853
854         dst_cmd->skip_update = 1;
855
856         strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
857         strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
858         strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
859         strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
860         rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
861                  " its target '%s' (%s..%s)",
862                  cmd->ref_name, cmd_oldh, cmd_newh,
863                  dst_cmd->ref_name, dst_oldh, dst_newh);
864
865         cmd->error_string = dst_cmd->error_string =
866                 "inconsistent aliased update";
867 }
868
869 static void check_aliased_updates(struct command *commands)
870 {
871         struct command *cmd;
872         struct string_list ref_list = STRING_LIST_INIT_NODUP;
873
874         for (cmd = commands; cmd; cmd = cmd->next) {
875                 struct string_list_item *item =
876                         string_list_append(&ref_list, cmd->ref_name);
877                 item->util = (void *)cmd;
878         }
879         sort_string_list(&ref_list);
880
881         for (cmd = commands; cmd; cmd = cmd->next) {
882                 if (!cmd->error_string)
883                         check_aliased_update(cmd, &ref_list);
884         }
885
886         string_list_clear(&ref_list, 0);
887 }
888
889 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
890 {
891         struct command **cmd_list = cb_data;
892         struct command *cmd = *cmd_list;
893
894         if (!cmd || is_null_sha1(cmd->new_sha1))
895                 return -1; /* end of list */
896         *cmd_list = NULL; /* this returns only one */
897         hashcpy(sha1, cmd->new_sha1);
898         return 0;
899 }
900
901 static void set_connectivity_errors(struct command *commands,
902                                     struct shallow_info *si)
903 {
904         struct command *cmd;
905
906         for (cmd = commands; cmd; cmd = cmd->next) {
907                 struct command *singleton = cmd;
908                 if (shallow_update && si->shallow_ref[cmd->index])
909                         /* to be checked in update_shallow_ref() */
910                         continue;
911                 if (!check_everything_connected(command_singleton_iterator,
912                                                 0, &singleton))
913                         continue;
914                 cmd->error_string = "missing necessary objects";
915         }
916 }
917
918 struct iterate_data {
919         struct command *cmds;
920         struct shallow_info *si;
921 };
922
923 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
924 {
925         struct iterate_data *data = cb_data;
926         struct command **cmd_list = &data->cmds;
927         struct command *cmd = *cmd_list;
928
929         for (; cmd; cmd = cmd->next) {
930                 if (shallow_update && data->si->shallow_ref[cmd->index])
931                         /* to be checked in update_shallow_ref() */
932                         continue;
933                 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
934                         hashcpy(sha1, cmd->new_sha1);
935                         *cmd_list = cmd->next;
936                         return 0;
937                 }
938         }
939         *cmd_list = NULL;
940         return -1; /* end of list */
941 }
942
943 static void reject_updates_to_hidden(struct command *commands)
944 {
945         struct command *cmd;
946
947         for (cmd = commands; cmd; cmd = cmd->next) {
948                 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
949                         continue;
950                 if (is_null_sha1(cmd->new_sha1))
951                         cmd->error_string = "deny deleting a hidden ref";
952                 else
953                         cmd->error_string = "deny updating a hidden ref";
954         }
955 }
956
957 static void execute_commands(struct command *commands,
958                              const char *unpacker_error,
959                              struct shallow_info *si)
960 {
961         int checked_connectivity;
962         struct command *cmd;
963         unsigned char sha1[20];
964         struct iterate_data data;
965
966         if (unpacker_error) {
967                 for (cmd = commands; cmd; cmd = cmd->next)
968                         cmd->error_string = "unpacker error";
969                 return;
970         }
971
972         data.cmds = commands;
973         data.si = si;
974         if (check_everything_connected(iterate_receive_command_list, 0, &data))
975                 set_connectivity_errors(commands, si);
976
977         reject_updates_to_hidden(commands);
978
979         if (run_receive_hook(commands, "pre-receive", 0)) {
980                 for (cmd = commands; cmd; cmd = cmd->next) {
981                         if (!cmd->error_string)
982                                 cmd->error_string = "pre-receive hook declined";
983                 }
984                 return;
985         }
986
987         check_aliased_updates(commands);
988
989         free(head_name_to_free);
990         head_name = head_name_to_free = resolve_refdup("HEAD", sha1, 0, NULL);
991
992         checked_connectivity = 1;
993         for (cmd = commands; cmd; cmd = cmd->next) {
994                 if (cmd->error_string)
995                         continue;
996
997                 if (cmd->skip_update)
998                         continue;
999
1000                 cmd->error_string = update(cmd, si);
1001                 if (shallow_update && !cmd->error_string &&
1002                     si->shallow_ref[cmd->index]) {
1003                         error("BUG: connectivity check has not been run on ref %s",
1004                               cmd->ref_name);
1005                         checked_connectivity = 0;
1006                 }
1007         }
1008
1009         if (shallow_update && !checked_connectivity)
1010                 error("BUG: run 'git fsck' for safety.\n"
1011                       "If there are errors, try to remove "
1012                       "the reported refs above");
1013 }
1014
1015 static struct command **queue_command(struct command **tail,
1016                                       const char *line,
1017                                       int linelen)
1018 {
1019         unsigned char old_sha1[20], new_sha1[20];
1020         struct command *cmd;
1021         const char *refname;
1022         int reflen;
1023
1024         if (linelen < 83 ||
1025             line[40] != ' ' ||
1026             line[81] != ' ' ||
1027             get_sha1_hex(line, old_sha1) ||
1028             get_sha1_hex(line + 41, new_sha1))
1029                 die("protocol error: expected old/new/ref, got '%s'", line);
1030
1031         refname = line + 82;
1032         reflen = linelen - 82;
1033         cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1034         hashcpy(cmd->old_sha1, old_sha1);
1035         hashcpy(cmd->new_sha1, new_sha1);
1036         memcpy(cmd->ref_name, refname, reflen);
1037         cmd->ref_name[reflen] = '\0';
1038         *tail = cmd;
1039         return &cmd->next;
1040 }
1041
1042 static void queue_commands_from_cert(struct command **tail,
1043                                      struct strbuf *push_cert)
1044 {
1045         const char *boc, *eoc;
1046
1047         if (*tail)
1048                 die("protocol error: got both push certificate and unsigned commands");
1049
1050         boc = strstr(push_cert->buf, "\n\n");
1051         if (!boc)
1052                 die("malformed push certificate %.*s", 100, push_cert->buf);
1053         else
1054                 boc += 2;
1055         eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1056
1057         while (boc < eoc) {
1058                 const char *eol = memchr(boc, '\n', eoc - boc);
1059                 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1060                 boc = eol ? eol + 1 : eoc;
1061         }
1062 }
1063
1064 static struct command *read_head_info(struct sha1_array *shallow)
1065 {
1066         struct command *commands = NULL;
1067         struct command **p = &commands;
1068         for (;;) {
1069                 char *line;
1070                 int len, linelen;
1071
1072                 line = packet_read_line(0, &len);
1073                 if (!line)
1074                         break;
1075
1076                 if (len == 48 && starts_with(line, "shallow ")) {
1077                         unsigned char sha1[20];
1078                         if (get_sha1_hex(line + 8, sha1))
1079                                 die("protocol error: expected shallow sha, got '%s'",
1080                                     line + 8);
1081                         sha1_array_append(shallow, sha1);
1082                         continue;
1083                 }
1084
1085                 linelen = strlen(line);
1086                 if (linelen < len) {
1087                         const char *feature_list = line + linelen + 1;
1088                         if (parse_feature_request(feature_list, "report-status"))
1089                                 report_status = 1;
1090                         if (parse_feature_request(feature_list, "side-band-64k"))
1091                                 use_sideband = LARGE_PACKET_MAX;
1092                         if (parse_feature_request(feature_list, "quiet"))
1093                                 quiet = 1;
1094                 }
1095
1096                 if (!strcmp(line, "push-cert")) {
1097                         int true_flush = 0;
1098                         char certbuf[1024];
1099
1100                         for (;;) {
1101                                 len = packet_read(0, NULL, NULL,
1102                                                   certbuf, sizeof(certbuf), 0);
1103                                 if (!len) {
1104                                         true_flush = 1;
1105                                         break;
1106                                 }
1107                                 if (!strcmp(certbuf, "push-cert-end\n"))
1108                                         break; /* end of cert */
1109                                 strbuf_addstr(&push_cert, certbuf);
1110                         }
1111
1112                         if (true_flush)
1113                                 break;
1114                         continue;
1115                 }
1116
1117                 p = queue_command(p, line, linelen);
1118         }
1119
1120         if (push_cert.len)
1121                 queue_commands_from_cert(p, &push_cert);
1122
1123         return commands;
1124 }
1125
1126 static const char *parse_pack_header(struct pack_header *hdr)
1127 {
1128         switch (read_pack_header(0, hdr)) {
1129         case PH_ERROR_EOF:
1130                 return "eof before pack header was fully read";
1131
1132         case PH_ERROR_PACK_SIGNATURE:
1133                 return "protocol error (pack signature mismatch detected)";
1134
1135         case PH_ERROR_PROTOCOL:
1136                 return "protocol error (pack version unsupported)";
1137
1138         default:
1139                 return "unknown error in parse_pack_header";
1140
1141         case 0:
1142                 return NULL;
1143         }
1144 }
1145
1146 static const char *pack_lockfile;
1147
1148 static const char *unpack(int err_fd, struct shallow_info *si)
1149 {
1150         struct pack_header hdr;
1151         struct argv_array av = ARGV_ARRAY_INIT;
1152         const char *hdr_err;
1153         int status;
1154         char hdr_arg[38];
1155         struct child_process child;
1156         int fsck_objects = (receive_fsck_objects >= 0
1157                             ? receive_fsck_objects
1158                             : transfer_fsck_objects >= 0
1159                             ? transfer_fsck_objects
1160                             : 0);
1161
1162         hdr_err = parse_pack_header(&hdr);
1163         if (hdr_err) {
1164                 if (err_fd > 0)
1165                         close(err_fd);
1166                 return hdr_err;
1167         }
1168         snprintf(hdr_arg, sizeof(hdr_arg),
1169                         "--pack_header=%"PRIu32",%"PRIu32,
1170                         ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1171
1172         if (si->nr_ours || si->nr_theirs) {
1173                 alt_shallow_file = setup_temporary_shallow(si->shallow);
1174                 argv_array_pushl(&av, "--shallow-file", alt_shallow_file, NULL);
1175         }
1176
1177         memset(&child, 0, sizeof(child));
1178         if (ntohl(hdr.hdr_entries) < unpack_limit) {
1179                 argv_array_pushl(&av, "unpack-objects", hdr_arg, NULL);
1180                 if (quiet)
1181                         argv_array_push(&av, "-q");
1182                 if (fsck_objects)
1183                         argv_array_push(&av, "--strict");
1184                 child.argv = av.argv;
1185                 child.no_stdout = 1;
1186                 child.err = err_fd;
1187                 child.git_cmd = 1;
1188                 status = run_command(&child);
1189                 if (status)
1190                         return "unpack-objects abnormal exit";
1191         } else {
1192                 int s;
1193                 char keep_arg[256];
1194
1195                 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1196                 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1197                         strcpy(keep_arg + s, "localhost");
1198
1199                 argv_array_pushl(&av, "index-pack",
1200                                  "--stdin", hdr_arg, keep_arg, NULL);
1201                 if (fsck_objects)
1202                         argv_array_push(&av, "--strict");
1203                 if (fix_thin)
1204                         argv_array_push(&av, "--fix-thin");
1205                 child.argv = av.argv;
1206                 child.out = -1;
1207                 child.err = err_fd;
1208                 child.git_cmd = 1;
1209                 status = start_command(&child);
1210                 if (status)
1211                         return "index-pack fork failed";
1212                 pack_lockfile = index_pack_lockfile(child.out);
1213                 close(child.out);
1214                 status = finish_command(&child);
1215                 if (status)
1216                         return "index-pack abnormal exit";
1217                 reprepare_packed_git();
1218         }
1219         return NULL;
1220 }
1221
1222 static const char *unpack_with_sideband(struct shallow_info *si)
1223 {
1224         struct async muxer;
1225         const char *ret;
1226
1227         if (!use_sideband)
1228                 return unpack(0, si);
1229
1230         memset(&muxer, 0, sizeof(muxer));
1231         muxer.proc = copy_to_sideband;
1232         muxer.in = -1;
1233         if (start_async(&muxer))
1234                 return NULL;
1235
1236         ret = unpack(muxer.in, si);
1237
1238         finish_async(&muxer);
1239         return ret;
1240 }
1241
1242 static void prepare_shallow_update(struct command *commands,
1243                                    struct shallow_info *si)
1244 {
1245         int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1246
1247         si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1248                                    si->shallow->nr);
1249         assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1250
1251         si->need_reachability_test =
1252                 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1253         si->reachable =
1254                 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1255         si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1256
1257         for (i = 0; i < si->nr_ours; i++)
1258                 si->need_reachability_test[si->ours[i]] = 1;
1259
1260         for (i = 0; i < si->shallow->nr; i++) {
1261                 if (!si->used_shallow[i])
1262                         continue;
1263                 for (j = 0; j < bitmap_size; j++) {
1264                         if (!si->used_shallow[i][j])
1265                                 continue;
1266                         si->need_reachability_test[i]++;
1267                         for (k = 0; k < 32; k++)
1268                                 if (si->used_shallow[i][j] & (1 << k))
1269                                         si->shallow_ref[j * 32 + k]++;
1270                 }
1271
1272                 /*
1273                  * true for those associated with some refs and belong
1274                  * in "ours" list aka "step 7 not done yet"
1275                  */
1276                 si->need_reachability_test[i] =
1277                         si->need_reachability_test[i] > 1;
1278         }
1279
1280         /*
1281          * keep hooks happy by forcing a temporary shallow file via
1282          * env variable because we can't add --shallow-file to every
1283          * command. check_everything_connected() will be done with
1284          * true .git/shallow though.
1285          */
1286         setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1287 }
1288
1289 static void update_shallow_info(struct command *commands,
1290                                 struct shallow_info *si,
1291                                 struct sha1_array *ref)
1292 {
1293         struct command *cmd;
1294         int *ref_status;
1295         remove_nonexistent_theirs_shallow(si);
1296         if (!si->nr_ours && !si->nr_theirs) {
1297                 shallow_update = 0;
1298                 return;
1299         }
1300
1301         for (cmd = commands; cmd; cmd = cmd->next) {
1302                 if (is_null_sha1(cmd->new_sha1))
1303                         continue;
1304                 sha1_array_append(ref, cmd->new_sha1);
1305                 cmd->index = ref->nr - 1;
1306         }
1307         si->ref = ref;
1308
1309         if (shallow_update) {
1310                 prepare_shallow_update(commands, si);
1311                 return;
1312         }
1313
1314         ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1315         assign_shallow_commits_to_refs(si, NULL, ref_status);
1316         for (cmd = commands; cmd; cmd = cmd->next) {
1317                 if (is_null_sha1(cmd->new_sha1))
1318                         continue;
1319                 if (ref_status[cmd->index]) {
1320                         cmd->error_string = "shallow update not allowed";
1321                         cmd->skip_update = 1;
1322                 }
1323         }
1324         free(ref_status);
1325 }
1326
1327 static void report(struct command *commands, const char *unpack_status)
1328 {
1329         struct command *cmd;
1330         struct strbuf buf = STRBUF_INIT;
1331
1332         packet_buf_write(&buf, "unpack %s\n",
1333                          unpack_status ? unpack_status : "ok");
1334         for (cmd = commands; cmd; cmd = cmd->next) {
1335                 if (!cmd->error_string)
1336                         packet_buf_write(&buf, "ok %s\n",
1337                                          cmd->ref_name);
1338                 else
1339                         packet_buf_write(&buf, "ng %s %s\n",
1340                                          cmd->ref_name, cmd->error_string);
1341         }
1342         packet_buf_flush(&buf);
1343
1344         if (use_sideband)
1345                 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1346         else
1347                 write_or_die(1, buf.buf, buf.len);
1348         strbuf_release(&buf);
1349 }
1350
1351 static int delete_only(struct command *commands)
1352 {
1353         struct command *cmd;
1354         for (cmd = commands; cmd; cmd = cmd->next) {
1355                 if (!is_null_sha1(cmd->new_sha1))
1356                         return 0;
1357         }
1358         return 1;
1359 }
1360
1361 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1362 {
1363         int advertise_refs = 0;
1364         int stateless_rpc = 0;
1365         int i;
1366         const char *dir = NULL;
1367         struct command *commands;
1368         struct sha1_array shallow = SHA1_ARRAY_INIT;
1369         struct sha1_array ref = SHA1_ARRAY_INIT;
1370         struct shallow_info si;
1371
1372         packet_trace_identity("receive-pack");
1373
1374         argv++;
1375         for (i = 1; i < argc; i++) {
1376                 const char *arg = *argv++;
1377
1378                 if (*arg == '-') {
1379                         if (!strcmp(arg, "--quiet")) {
1380                                 quiet = 1;
1381                                 continue;
1382                         }
1383
1384                         if (!strcmp(arg, "--advertise-refs")) {
1385                                 advertise_refs = 1;
1386                                 continue;
1387                         }
1388                         if (!strcmp(arg, "--stateless-rpc")) {
1389                                 stateless_rpc = 1;
1390                                 continue;
1391                         }
1392                         if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1393                                 fix_thin = 0;
1394                                 continue;
1395                         }
1396
1397                         usage(receive_pack_usage);
1398                 }
1399                 if (dir)
1400                         usage(receive_pack_usage);
1401                 dir = arg;
1402         }
1403         if (!dir)
1404                 usage(receive_pack_usage);
1405
1406         setup_path();
1407
1408         if (!enter_repo(dir, 0))
1409                 die("'%s' does not appear to be a git repository", dir);
1410
1411         git_config(receive_pack_config, NULL);
1412         if (cert_nonce_seed)
1413                 push_cert_nonce = prepare_push_cert_nonce(dir, time(NULL));
1414
1415         if (0 <= transfer_unpack_limit)
1416                 unpack_limit = transfer_unpack_limit;
1417         else if (0 <= receive_unpack_limit)
1418                 unpack_limit = receive_unpack_limit;
1419
1420         if (advertise_refs || !stateless_rpc) {
1421                 write_head_info();
1422         }
1423         if (advertise_refs)
1424                 return 0;
1425
1426         if ((commands = read_head_info(&shallow)) != NULL) {
1427                 const char *unpack_status = NULL;
1428
1429                 prepare_shallow_info(&si, &shallow);
1430                 if (!si.nr_ours && !si.nr_theirs)
1431                         shallow_update = 0;
1432                 if (!delete_only(commands)) {
1433                         unpack_status = unpack_with_sideband(&si);
1434                         update_shallow_info(commands, &si, &ref);
1435                 }
1436                 execute_commands(commands, unpack_status, &si);
1437                 if (pack_lockfile)
1438                         unlink_or_warn(pack_lockfile);
1439                 if (report_status)
1440                         report(commands, unpack_status);
1441                 run_receive_hook(commands, "post-receive", 1);
1442                 run_update_post_hook(commands);
1443                 if (auto_gc) {
1444                         const char *argv_gc_auto[] = {
1445                                 "gc", "--auto", "--quiet", NULL,
1446                         };
1447                         int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1448                         run_command_v_opt(argv_gc_auto, opt);
1449                 }
1450                 if (auto_update_server_info)
1451                         update_server_info(0);
1452                 clear_shallow_info(&si);
1453         }
1454         if (use_sideband)
1455                 packet_flush(1);
1456         sha1_array_clear(&shallow);
1457         sha1_array_clear(&ref);
1458         free((void *)push_cert_nonce);
1459         return 0;
1460 }