7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
24 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
34 static int deny_deletes;
35 static int deny_non_fast_forwards;
36 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
37 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
38 static int receive_fsck_objects = -1;
39 static int transfer_fsck_objects = -1;
40 static struct strbuf fsck_msg_types = STRBUF_INIT;
41 static int receive_unpack_limit = -1;
42 static int transfer_unpack_limit = -1;
43 static int advertise_atomic_push = 1;
44 static int unpack_limit = 100;
45 static int report_status;
46 static int use_sideband;
47 static int use_atomic;
49 static int prefer_ofs_delta = 1;
50 static int auto_update_server_info;
51 static int auto_gc = 1;
52 static int fix_thin = 1;
53 static int stateless_rpc;
54 static const char *service_dir;
55 static const char *head_name;
56 static void *head_name_to_free;
57 static int sent_capabilities;
58 static int shallow_update;
59 static const char *alt_shallow_file;
60 static struct strbuf push_cert = STRBUF_INIT;
61 static unsigned char push_cert_sha1[20];
62 static struct signature_check sigcheck;
63 static const char *push_cert_nonce;
64 static const char *cert_nonce_seed;
66 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
67 static const char *NONCE_BAD = "BAD";
68 static const char *NONCE_MISSING = "MISSING";
69 static const char *NONCE_OK = "OK";
70 static const char *NONCE_SLOP = "SLOP";
71 static const char *nonce_status;
72 static long nonce_stamp_slop;
73 static unsigned long nonce_stamp_slop_limit;
74 static struct ref_transaction *transaction;
76 static enum deny_action parse_deny_action(const char *var, const char *value)
79 if (!strcasecmp(value, "ignore"))
81 if (!strcasecmp(value, "warn"))
83 if (!strcasecmp(value, "refuse"))
85 if (!strcasecmp(value, "updateinstead"))
86 return DENY_UPDATE_INSTEAD;
88 if (git_config_bool(var, value))
93 static int receive_pack_config(const char *var, const char *value, void *cb)
95 int status = parse_hide_refs_config(var, value, "receive");
100 if (strcmp(var, "receive.denydeletes") == 0) {
101 deny_deletes = git_config_bool(var, value);
105 if (strcmp(var, "receive.denynonfastforwards") == 0) {
106 deny_non_fast_forwards = git_config_bool(var, value);
110 if (strcmp(var, "receive.unpacklimit") == 0) {
111 receive_unpack_limit = git_config_int(var, value);
115 if (strcmp(var, "transfer.unpacklimit") == 0) {
116 transfer_unpack_limit = git_config_int(var, value);
120 if (strcmp(var, "receive.fsck.skiplist") == 0) {
123 if (git_config_pathname(&path, var, value))
125 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
126 fsck_msg_types.len ? ',' : '=', path);
131 if (skip_prefix(var, "receive.fsck.", &var)) {
132 if (is_valid_msg_type(var, value))
133 strbuf_addf(&fsck_msg_types, "%c%s=%s",
134 fsck_msg_types.len ? ',' : '=', var, value);
136 warning("Skipping unknown msg id '%s'", var);
140 if (strcmp(var, "receive.fsckobjects") == 0) {
141 receive_fsck_objects = git_config_bool(var, value);
145 if (strcmp(var, "transfer.fsckobjects") == 0) {
146 transfer_fsck_objects = git_config_bool(var, value);
150 if (!strcmp(var, "receive.denycurrentbranch")) {
151 deny_current_branch = parse_deny_action(var, value);
155 if (strcmp(var, "receive.denydeletecurrent") == 0) {
156 deny_delete_current = parse_deny_action(var, value);
160 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
161 prefer_ofs_delta = git_config_bool(var, value);
165 if (strcmp(var, "receive.updateserverinfo") == 0) {
166 auto_update_server_info = git_config_bool(var, value);
170 if (strcmp(var, "receive.autogc") == 0) {
171 auto_gc = git_config_bool(var, value);
175 if (strcmp(var, "receive.shallowupdate") == 0) {
176 shallow_update = git_config_bool(var, value);
180 if (strcmp(var, "receive.certnonceseed") == 0)
181 return git_config_string(&cert_nonce_seed, var, value);
183 if (strcmp(var, "receive.certnonceslop") == 0) {
184 nonce_stamp_slop_limit = git_config_ulong(var, value);
188 if (strcmp(var, "receive.advertiseatomic") == 0) {
189 advertise_atomic_push = git_config_bool(var, value);
193 return git_default_config(var, value, cb);
196 static void show_ref(const char *path, const unsigned char *sha1)
198 if (sent_capabilities) {
199 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
201 struct strbuf cap = STRBUF_INIT;
204 "report-status delete-refs side-band-64k quiet");
205 if (advertise_atomic_push)
206 strbuf_addstr(&cap, " atomic");
207 if (prefer_ofs_delta)
208 strbuf_addstr(&cap, " ofs-delta");
210 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
211 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
212 packet_write(1, "%s %s%c%s\n",
213 sha1_to_hex(sha1), path, 0, cap.buf);
214 strbuf_release(&cap);
215 sent_capabilities = 1;
219 static int show_ref_cb(const char *path_full, const struct object_id *oid,
220 int flag, void *unused)
222 const char *path = strip_namespace(path_full);
224 if (ref_is_hidden(path, path_full))
228 * Advertise refs outside our current namespace as ".have"
229 * refs, so that the client can use them to minimize data
230 * transfer but will otherwise ignore them. This happens to
231 * cover ".have" that are thrown in by add_one_alternate_ref()
232 * to mark histories that are complete in our alternates as
237 show_ref(path, oid->hash);
241 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
243 show_ref(".have", sha1);
246 static void collect_one_alternate_ref(const struct ref *ref, void *data)
248 struct sha1_array *sa = data;
249 sha1_array_append(sa, ref->old_oid.hash);
252 static void write_head_info(void)
254 struct sha1_array sa = SHA1_ARRAY_INIT;
256 for_each_alternate_ref(collect_one_alternate_ref, &sa);
257 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
258 sha1_array_clear(&sa);
259 for_each_ref(show_ref_cb, NULL);
260 if (!sent_capabilities)
261 show_ref("capabilities^{}", null_sha1);
263 advertise_shallow_grafts(1);
270 struct command *next;
271 const char *error_string;
272 unsigned int skip_update:1,
275 unsigned char old_sha1[20];
276 unsigned char new_sha1[20];
277 char ref_name[FLEX_ARRAY]; /* more */
280 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
281 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
283 static void report_message(const char *prefix, const char *err, va_list params)
288 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
289 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
290 if (sz > (sizeof(msg) - 1))
291 sz = sizeof(msg) - 1;
295 send_sideband(1, 2, msg, sz, use_sideband);
300 static void rp_warning(const char *err, ...)
303 va_start(params, err);
304 report_message("warning: ", err, params);
308 static void rp_error(const char *err, ...)
311 va_start(params, err);
312 report_message("error: ", err, params);
316 static int copy_to_sideband(int in, int out, void *arg)
320 ssize_t sz = xread(in, data, sizeof(data));
323 send_sideband(1, 2, data, sz, use_sideband);
329 #define HMAC_BLOCK_SIZE 64
331 static void hmac_sha1(unsigned char *out,
332 const char *key_in, size_t key_len,
333 const char *text, size_t text_len)
335 unsigned char key[HMAC_BLOCK_SIZE];
336 unsigned char k_ipad[HMAC_BLOCK_SIZE];
337 unsigned char k_opad[HMAC_BLOCK_SIZE];
341 /* RFC 2104 2. (1) */
342 memset(key, '\0', HMAC_BLOCK_SIZE);
343 if (HMAC_BLOCK_SIZE < key_len) {
345 git_SHA1_Update(&ctx, key_in, key_len);
346 git_SHA1_Final(key, &ctx);
348 memcpy(key, key_in, key_len);
351 /* RFC 2104 2. (2) & (5) */
352 for (i = 0; i < sizeof(key); i++) {
353 k_ipad[i] = key[i] ^ 0x36;
354 k_opad[i] = key[i] ^ 0x5c;
357 /* RFC 2104 2. (3) & (4) */
359 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
360 git_SHA1_Update(&ctx, text, text_len);
361 git_SHA1_Final(out, &ctx);
363 /* RFC 2104 2. (6) & (7) */
365 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
366 git_SHA1_Update(&ctx, out, 20);
367 git_SHA1_Final(out, &ctx);
370 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
372 struct strbuf buf = STRBUF_INIT;
373 unsigned char sha1[20];
375 strbuf_addf(&buf, "%s:%lu", path, stamp);
376 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
377 strbuf_release(&buf);
379 /* RFC 2104 5. HMAC-SHA1-80 */
380 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
381 return strbuf_detach(&buf, NULL);
385 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
386 * after dropping "_commit" from its name and possibly moving it out
389 static char *find_header(const char *msg, size_t len, const char *key)
391 int key_len = strlen(key);
392 const char *line = msg;
394 while (line && line < msg + len) {
395 const char *eol = strchrnul(line, '\n');
397 if ((msg + len <= eol) || line == eol)
399 if (line + key_len < eol &&
400 !memcmp(line, key, key_len) && line[key_len] == ' ') {
401 int offset = key_len + 1;
402 return xmemdupz(line + offset, (eol - line) - offset);
404 line = *eol ? eol + 1 : NULL;
409 static const char *check_nonce(const char *buf, size_t len)
411 char *nonce = find_header(buf, len, "nonce");
412 unsigned long stamp, ostamp;
413 char *bohmac, *expect = NULL;
414 const char *retval = NONCE_BAD;
417 retval = NONCE_MISSING;
419 } else if (!push_cert_nonce) {
420 retval = NONCE_UNSOLICITED;
422 } else if (!strcmp(push_cert_nonce, nonce)) {
427 if (!stateless_rpc) {
428 /* returned nonce MUST match what we gave out earlier */
434 * In stateless mode, we may be receiving a nonce issued by
435 * another instance of the server that serving the same
436 * repository, and the timestamps may not match, but the
437 * nonce-seed and dir should match, so we can recompute and
438 * report the time slop.
440 * In addition, when a nonce issued by another instance has
441 * timestamp within receive.certnonceslop seconds, we pretend
442 * as if we issued that nonce when reporting to the hook.
445 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
446 if (*nonce <= '0' || '9' < *nonce) {
450 stamp = strtoul(nonce, &bohmac, 10);
451 if (bohmac == nonce || bohmac[0] != '-') {
456 expect = prepare_push_cert_nonce(service_dir, stamp);
457 if (strcmp(expect, nonce)) {
458 /* Not what we would have signed earlier */
464 * By how many seconds is this nonce stale? Negative value
465 * would mean it was issued by another server with its clock
466 * skewed in the future.
468 ostamp = strtoul(push_cert_nonce, NULL, 10);
469 nonce_stamp_slop = (long)ostamp - (long)stamp;
471 if (nonce_stamp_slop_limit &&
472 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
474 * Pretend as if the received nonce (which passes the
475 * HMAC check, so it is not a forged by third-party)
478 free((void *)push_cert_nonce);
479 push_cert_nonce = xstrdup(nonce);
491 static void prepare_push_cert_sha1(struct child_process *proc)
493 static int already_done;
499 struct strbuf gpg_output = STRBUF_INIT;
500 struct strbuf gpg_status = STRBUF_INIT;
501 int bogs /* beginning_of_gpg_sig */;
504 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
505 hashclr(push_cert_sha1);
507 memset(&sigcheck, '\0', sizeof(sigcheck));
508 sigcheck.result = 'N';
510 bogs = parse_signature(push_cert.buf, push_cert.len);
511 if (verify_signed_buffer(push_cert.buf, bogs,
512 push_cert.buf + bogs, push_cert.len - bogs,
513 &gpg_output, &gpg_status) < 0) {
514 ; /* error running gpg */
516 sigcheck.payload = push_cert.buf;
517 sigcheck.gpg_output = gpg_output.buf;
518 sigcheck.gpg_status = gpg_status.buf;
519 parse_gpg_output(&sigcheck);
522 strbuf_release(&gpg_output);
523 strbuf_release(&gpg_status);
524 nonce_status = check_nonce(push_cert.buf, bogs);
526 if (!is_null_sha1(push_cert_sha1)) {
527 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
528 sha1_to_hex(push_cert_sha1));
529 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
530 sigcheck.signer ? sigcheck.signer : "");
531 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
532 sigcheck.key ? sigcheck.key : "");
533 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
535 if (push_cert_nonce) {
536 argv_array_pushf(&proc->env_array,
537 "GIT_PUSH_CERT_NONCE=%s",
539 argv_array_pushf(&proc->env_array,
540 "GIT_PUSH_CERT_NONCE_STATUS=%s",
542 if (nonce_status == NONCE_SLOP)
543 argv_array_pushf(&proc->env_array,
544 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
550 typedef int (*feed_fn)(void *, const char **, size_t *);
551 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
553 struct child_process proc = CHILD_PROCESS_INIT;
558 argv[0] = find_hook(hook_name);
566 proc.stdout_to_stderr = 1;
569 memset(&muxer, 0, sizeof(muxer));
570 muxer.proc = copy_to_sideband;
572 code = start_async(&muxer);
578 prepare_push_cert_sha1(&proc);
580 code = start_command(&proc);
583 finish_async(&muxer);
587 sigchain_push(SIGPIPE, SIG_IGN);
592 if (feed(feed_state, &buf, &n))
594 if (write_in_full(proc.in, buf, n) != n)
599 finish_async(&muxer);
601 sigchain_pop(SIGPIPE);
603 return finish_command(&proc);
606 struct receive_hook_feed_state {
612 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
614 struct receive_hook_feed_state *state = state_;
615 struct command *cmd = state->cmd;
618 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
622 strbuf_reset(&state->buf);
623 strbuf_addf(&state->buf, "%s %s %s\n",
624 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
626 state->cmd = cmd->next;
628 *bufp = state->buf.buf;
629 *sizep = state->buf.len;
634 static int run_receive_hook(struct command *commands, const char *hook_name,
637 struct receive_hook_feed_state state;
640 strbuf_init(&state.buf, 0);
641 state.cmd = commands;
642 state.skip_broken = skip_broken;
643 if (feed_receive_hook(&state, NULL, NULL))
645 state.cmd = commands;
646 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
647 strbuf_release(&state.buf);
651 static int run_update_hook(struct command *cmd)
654 struct child_process proc = CHILD_PROCESS_INIT;
657 argv[0] = find_hook("update");
661 argv[1] = cmd->ref_name;
662 argv[2] = sha1_to_hex(cmd->old_sha1);
663 argv[3] = sha1_to_hex(cmd->new_sha1);
667 proc.stdout_to_stderr = 1;
668 proc.err = use_sideband ? -1 : 0;
671 code = start_command(&proc);
675 copy_to_sideband(proc.err, -1, NULL);
676 return finish_command(&proc);
679 static int is_ref_checked_out(const char *ref)
681 if (is_bare_repository())
686 return !strcmp(head_name, ref);
689 static char *refuse_unconfigured_deny_msg[] = {
690 "By default, updating the current branch in a non-bare repository",
691 "is denied, because it will make the index and work tree inconsistent",
692 "with what you pushed, and will require 'git reset --hard' to match",
693 "the work tree to HEAD.",
695 "You can set 'receive.denyCurrentBranch' configuration variable to",
696 "'ignore' or 'warn' in the remote repository to allow pushing into",
697 "its current branch; however, this is not recommended unless you",
698 "arranged to update its work tree to match what you pushed in some",
701 "To squelch this message and still keep the default behaviour, set",
702 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
705 static void refuse_unconfigured_deny(void)
708 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
709 rp_error("%s", refuse_unconfigured_deny_msg[i]);
712 static char *refuse_unconfigured_deny_delete_current_msg[] = {
713 "By default, deleting the current branch is denied, because the next",
714 "'git clone' won't result in any file checked out, causing confusion.",
716 "You can set 'receive.denyDeleteCurrent' configuration variable to",
717 "'warn' or 'ignore' in the remote repository to allow deleting the",
718 "current branch, with or without a warning message.",
720 "To squelch this message, you can set it to 'refuse'."
723 static void refuse_unconfigured_deny_delete_current(void)
727 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
729 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
732 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
733 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
735 static struct lock_file shallow_lock;
736 struct sha1_array extra = SHA1_ARRAY_INIT;
737 const char *alt_file;
738 uint32_t mask = 1 << (cmd->index % 32);
741 trace_printf_key(&trace_shallow,
742 "shallow: update_shallow_ref %s\n", cmd->ref_name);
743 for (i = 0; i < si->shallow->nr; i++)
744 if (si->used_shallow[i] &&
745 (si->used_shallow[i][cmd->index / 32] & mask) &&
746 !delayed_reachability_test(si, i))
747 sha1_array_append(&extra, si->shallow->sha1[i]);
749 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
750 if (check_shallow_connected(command_singleton_iterator,
752 rollback_lock_file(&shallow_lock);
753 sha1_array_clear(&extra);
757 commit_lock_file(&shallow_lock);
760 * Make sure setup_alternate_shallow() for the next ref does
761 * not lose these new roots..
763 for (i = 0; i < extra.nr; i++)
764 register_shallow(extra.sha1[i]);
766 si->shallow_ref[cmd->index] = 0;
767 sha1_array_clear(&extra);
772 * NEEDSWORK: we should consolidate various implementions of "are we
773 * on an unborn branch?" test into one, and make the unified one more
774 * robust. !get_sha1() based check used here and elsewhere would not
775 * allow us to tell an unborn branch from corrupt ref, for example.
776 * For the purpose of fixing "deploy-to-update does not work when
777 * pushing into an empty repository" issue, this should suffice for
780 static int head_has_history(void)
782 unsigned char sha1[20];
784 return !get_sha1("HEAD", sha1);
787 static const char *push_to_deploy(unsigned char *sha1,
788 struct argv_array *env,
789 const char *work_tree)
791 const char *update_refresh[] = {
792 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
794 const char *diff_files[] = {
795 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
797 const char *diff_index[] = {
798 "diff-index", "--quiet", "--cached", "--ignore-submodules",
801 const char *read_tree[] = {
802 "read-tree", "-u", "-m", NULL, NULL
804 struct child_process child = CHILD_PROCESS_INIT;
806 child.argv = update_refresh;
807 child.env = env->argv;
808 child.dir = work_tree;
810 child.stdout_to_stderr = 1;
812 if (run_command(&child))
813 return "Up-to-date check failed";
815 /* run_command() does not clean up completely; reinitialize */
816 child_process_init(&child);
817 child.argv = diff_files;
818 child.env = env->argv;
819 child.dir = work_tree;
821 child.stdout_to_stderr = 1;
823 if (run_command(&child))
824 return "Working directory has unstaged changes";
826 /* diff-index with either HEAD or an empty tree */
827 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
829 child_process_init(&child);
830 child.argv = diff_index;
831 child.env = env->argv;
834 child.stdout_to_stderr = 0;
836 if (run_command(&child))
837 return "Working directory has staged changes";
839 read_tree[3] = sha1_to_hex(sha1);
840 child_process_init(&child);
841 child.argv = read_tree;
842 child.env = env->argv;
843 child.dir = work_tree;
846 child.stdout_to_stderr = 0;
848 if (run_command(&child))
849 return "Could not update working tree to new HEAD";
854 static const char *push_to_checkout_hook = "push-to-checkout";
856 static const char *push_to_checkout(unsigned char *sha1,
857 struct argv_array *env,
858 const char *work_tree)
860 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
861 if (run_hook_le(env->argv, push_to_checkout_hook,
862 sha1_to_hex(sha1), NULL))
863 return "push-to-checkout hook declined";
868 static const char *update_worktree(unsigned char *sha1)
871 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
872 struct argv_array env = ARGV_ARRAY_INIT;
874 if (is_bare_repository())
875 return "denyCurrentBranch = updateInstead needs a worktree";
877 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
879 if (!find_hook(push_to_checkout_hook))
880 retval = push_to_deploy(sha1, &env, work_tree);
882 retval = push_to_checkout(sha1, &env, work_tree);
884 argv_array_clear(&env);
888 static const char *update(struct command *cmd, struct shallow_info *si)
890 const char *name = cmd->ref_name;
891 struct strbuf namespaced_name_buf = STRBUF_INIT;
892 const char *namespaced_name, *ret;
893 unsigned char *old_sha1 = cmd->old_sha1;
894 unsigned char *new_sha1 = cmd->new_sha1;
896 /* only refs/... are allowed */
897 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
898 rp_error("refusing to create funny ref '%s' remotely", name);
899 return "funny refname";
902 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
903 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
905 if (is_ref_checked_out(namespaced_name)) {
906 switch (deny_current_branch) {
910 rp_warning("updating the current branch");
913 case DENY_UNCONFIGURED:
914 rp_error("refusing to update checked out branch: %s", name);
915 if (deny_current_branch == DENY_UNCONFIGURED)
916 refuse_unconfigured_deny();
917 return "branch is currently checked out";
918 case DENY_UPDATE_INSTEAD:
919 ret = update_worktree(new_sha1);
926 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
927 error("unpack should have generated %s, "
928 "but I can't find it!", sha1_to_hex(new_sha1));
932 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
933 if (deny_deletes && starts_with(name, "refs/heads/")) {
934 rp_error("denying ref deletion for %s", name);
935 return "deletion prohibited";
938 if (head_name && !strcmp(namespaced_name, head_name)) {
939 switch (deny_delete_current) {
943 rp_warning("deleting the current branch");
946 case DENY_UNCONFIGURED:
947 case DENY_UPDATE_INSTEAD:
948 if (deny_delete_current == DENY_UNCONFIGURED)
949 refuse_unconfigured_deny_delete_current();
950 rp_error("refusing to delete the current branch: %s", name);
951 return "deletion of the current branch prohibited";
953 return "Invalid denyDeleteCurrent setting";
958 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
959 !is_null_sha1(old_sha1) &&
960 starts_with(name, "refs/heads/")) {
961 struct object *old_object, *new_object;
962 struct commit *old_commit, *new_commit;
964 old_object = parse_object(old_sha1);
965 new_object = parse_object(new_sha1);
967 if (!old_object || !new_object ||
968 old_object->type != OBJ_COMMIT ||
969 new_object->type != OBJ_COMMIT) {
970 error("bad sha1 objects for %s", name);
973 old_commit = (struct commit *)old_object;
974 new_commit = (struct commit *)new_object;
975 if (!in_merge_bases(old_commit, new_commit)) {
976 rp_error("denying non-fast-forward %s"
977 " (you should pull first)", name);
978 return "non-fast-forward";
981 if (run_update_hook(cmd)) {
982 rp_error("hook declined to update %s", name);
983 return "hook declined";
986 if (is_null_sha1(new_sha1)) {
987 struct strbuf err = STRBUF_INIT;
988 if (!parse_object(old_sha1)) {
990 if (ref_exists(name)) {
991 rp_warning("Allowing deletion of corrupt ref.");
993 rp_warning("Deleting a non-existent ref.");
994 cmd->did_not_exist = 1;
997 if (ref_transaction_delete(transaction,
1001 rp_error("%s", err.buf);
1002 strbuf_release(&err);
1003 return "failed to delete";
1005 strbuf_release(&err);
1006 return NULL; /* good */
1009 struct strbuf err = STRBUF_INIT;
1010 if (shallow_update && si->shallow_ref[cmd->index] &&
1011 update_shallow_ref(cmd, si))
1012 return "shallow error";
1014 if (ref_transaction_update(transaction,
1019 rp_error("%s", err.buf);
1020 strbuf_release(&err);
1022 return "failed to update ref";
1024 strbuf_release(&err);
1026 return NULL; /* good */
1030 static void run_update_post_hook(struct command *commands)
1032 struct command *cmd;
1035 struct child_process proc = CHILD_PROCESS_INIT;
1038 hook = find_hook("post-update");
1039 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1040 if (cmd->error_string || cmd->did_not_exist)
1047 argv = xmalloc(sizeof(*argv) * (2 + argc));
1050 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1051 if (cmd->error_string || cmd->did_not_exist)
1053 argv[argc] = xstrdup(cmd->ref_name);
1059 proc.stdout_to_stderr = 1;
1060 proc.err = use_sideband ? -1 : 0;
1063 if (!start_command(&proc)) {
1065 copy_to_sideband(proc.err, -1, NULL);
1066 finish_command(&proc);
1070 static void check_aliased_update(struct command *cmd, struct string_list *list)
1072 struct strbuf buf = STRBUF_INIT;
1073 const char *dst_name;
1074 struct string_list_item *item;
1075 struct command *dst_cmd;
1076 unsigned char sha1[GIT_SHA1_RAWSZ];
1077 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1078 cmd_newh[GIT_SHA1_HEXSZ + 1],
1079 dst_oldh[GIT_SHA1_HEXSZ + 1],
1080 dst_newh[GIT_SHA1_HEXSZ + 1];
1083 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1084 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1085 strbuf_release(&buf);
1087 if (!(flag & REF_ISSYMREF))
1090 dst_name = strip_namespace(dst_name);
1092 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1093 cmd->skip_update = 1;
1094 cmd->error_string = "broken symref";
1098 if ((item = string_list_lookup(list, dst_name)) == NULL)
1101 cmd->skip_update = 1;
1103 dst_cmd = (struct command *) item->util;
1105 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1106 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1109 dst_cmd->skip_update = 1;
1111 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1112 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1113 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1114 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1115 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1116 " its target '%s' (%s..%s)",
1117 cmd->ref_name, cmd_oldh, cmd_newh,
1118 dst_cmd->ref_name, dst_oldh, dst_newh);
1120 cmd->error_string = dst_cmd->error_string =
1121 "inconsistent aliased update";
1124 static void check_aliased_updates(struct command *commands)
1126 struct command *cmd;
1127 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1129 for (cmd = commands; cmd; cmd = cmd->next) {
1130 struct string_list_item *item =
1131 string_list_append(&ref_list, cmd->ref_name);
1132 item->util = (void *)cmd;
1134 string_list_sort(&ref_list);
1136 for (cmd = commands; cmd; cmd = cmd->next) {
1137 if (!cmd->error_string)
1138 check_aliased_update(cmd, &ref_list);
1141 string_list_clear(&ref_list, 0);
1144 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1146 struct command **cmd_list = cb_data;
1147 struct command *cmd = *cmd_list;
1149 if (!cmd || is_null_sha1(cmd->new_sha1))
1150 return -1; /* end of list */
1151 *cmd_list = NULL; /* this returns only one */
1152 hashcpy(sha1, cmd->new_sha1);
1156 static void set_connectivity_errors(struct command *commands,
1157 struct shallow_info *si)
1159 struct command *cmd;
1161 for (cmd = commands; cmd; cmd = cmd->next) {
1162 struct command *singleton = cmd;
1163 if (shallow_update && si->shallow_ref[cmd->index])
1164 /* to be checked in update_shallow_ref() */
1166 if (!check_everything_connected(command_singleton_iterator,
1169 cmd->error_string = "missing necessary objects";
1173 struct iterate_data {
1174 struct command *cmds;
1175 struct shallow_info *si;
1178 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1180 struct iterate_data *data = cb_data;
1181 struct command **cmd_list = &data->cmds;
1182 struct command *cmd = *cmd_list;
1184 for (; cmd; cmd = cmd->next) {
1185 if (shallow_update && data->si->shallow_ref[cmd->index])
1186 /* to be checked in update_shallow_ref() */
1188 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1189 hashcpy(sha1, cmd->new_sha1);
1190 *cmd_list = cmd->next;
1195 return -1; /* end of list */
1198 static void reject_updates_to_hidden(struct command *commands)
1200 struct strbuf refname_full = STRBUF_INIT;
1202 struct command *cmd;
1204 strbuf_addstr(&refname_full, get_git_namespace());
1205 prefix_len = refname_full.len;
1207 for (cmd = commands; cmd; cmd = cmd->next) {
1208 if (cmd->error_string)
1211 strbuf_setlen(&refname_full, prefix_len);
1212 strbuf_addstr(&refname_full, cmd->ref_name);
1214 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1216 if (is_null_sha1(cmd->new_sha1))
1217 cmd->error_string = "deny deleting a hidden ref";
1219 cmd->error_string = "deny updating a hidden ref";
1222 strbuf_release(&refname_full);
1225 static int should_process_cmd(struct command *cmd)
1227 return !cmd->error_string && !cmd->skip_update;
1230 static void warn_if_skipped_connectivity_check(struct command *commands,
1231 struct shallow_info *si)
1233 struct command *cmd;
1234 int checked_connectivity = 1;
1236 for (cmd = commands; cmd; cmd = cmd->next) {
1237 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1238 error("BUG: connectivity check has not been run on ref %s",
1240 checked_connectivity = 0;
1243 if (!checked_connectivity)
1244 die("BUG: connectivity check skipped???");
1247 static void execute_commands_non_atomic(struct command *commands,
1248 struct shallow_info *si)
1250 struct command *cmd;
1251 struct strbuf err = STRBUF_INIT;
1253 for (cmd = commands; cmd; cmd = cmd->next) {
1254 if (!should_process_cmd(cmd))
1257 transaction = ref_transaction_begin(&err);
1259 rp_error("%s", err.buf);
1261 cmd->error_string = "transaction failed to start";
1265 cmd->error_string = update(cmd, si);
1267 if (!cmd->error_string
1268 && ref_transaction_commit(transaction, &err)) {
1269 rp_error("%s", err.buf);
1271 cmd->error_string = "failed to update ref";
1273 ref_transaction_free(transaction);
1275 strbuf_release(&err);
1278 static void execute_commands_atomic(struct command *commands,
1279 struct shallow_info *si)
1281 struct command *cmd;
1282 struct strbuf err = STRBUF_INIT;
1283 const char *reported_error = "atomic push failure";
1285 transaction = ref_transaction_begin(&err);
1287 rp_error("%s", err.buf);
1289 reported_error = "transaction failed to start";
1293 for (cmd = commands; cmd; cmd = cmd->next) {
1294 if (!should_process_cmd(cmd))
1297 cmd->error_string = update(cmd, si);
1299 if (cmd->error_string)
1303 if (ref_transaction_commit(transaction, &err)) {
1304 rp_error("%s", err.buf);
1305 reported_error = "atomic transaction failed";
1311 for (cmd = commands; cmd; cmd = cmd->next)
1312 if (!cmd->error_string)
1313 cmd->error_string = reported_error;
1316 ref_transaction_free(transaction);
1317 strbuf_release(&err);
1320 static void execute_commands(struct command *commands,
1321 const char *unpacker_error,
1322 struct shallow_info *si)
1324 struct command *cmd;
1325 unsigned char sha1[20];
1326 struct iterate_data data;
1328 if (unpacker_error) {
1329 for (cmd = commands; cmd; cmd = cmd->next)
1330 cmd->error_string = "unpacker error";
1334 data.cmds = commands;
1336 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1337 set_connectivity_errors(commands, si);
1339 reject_updates_to_hidden(commands);
1341 if (run_receive_hook(commands, "pre-receive", 0)) {
1342 for (cmd = commands; cmd; cmd = cmd->next) {
1343 if (!cmd->error_string)
1344 cmd->error_string = "pre-receive hook declined";
1349 check_aliased_updates(commands);
1351 free(head_name_to_free);
1352 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1355 execute_commands_atomic(commands, si);
1357 execute_commands_non_atomic(commands, si);
1360 warn_if_skipped_connectivity_check(commands, si);
1363 static struct command **queue_command(struct command **tail,
1367 unsigned char old_sha1[20], new_sha1[20];
1368 struct command *cmd;
1369 const char *refname;
1375 get_sha1_hex(line, old_sha1) ||
1376 get_sha1_hex(line + 41, new_sha1))
1377 die("protocol error: expected old/new/ref, got '%s'", line);
1379 refname = line + 82;
1380 reflen = linelen - 82;
1381 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1382 hashcpy(cmd->old_sha1, old_sha1);
1383 hashcpy(cmd->new_sha1, new_sha1);
1384 memcpy(cmd->ref_name, refname, reflen);
1385 cmd->ref_name[reflen] = '\0';
1390 static void queue_commands_from_cert(struct command **tail,
1391 struct strbuf *push_cert)
1393 const char *boc, *eoc;
1396 die("protocol error: got both push certificate and unsigned commands");
1398 boc = strstr(push_cert->buf, "\n\n");
1400 die("malformed push certificate %.*s", 100, push_cert->buf);
1403 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1406 const char *eol = memchr(boc, '\n', eoc - boc);
1407 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1408 boc = eol ? eol + 1 : eoc;
1412 static struct command *read_head_info(struct sha1_array *shallow)
1414 struct command *commands = NULL;
1415 struct command **p = &commands;
1420 line = packet_read_line(0, &len);
1424 if (len == 48 && starts_with(line, "shallow ")) {
1425 unsigned char sha1[20];
1426 if (get_sha1_hex(line + 8, sha1))
1427 die("protocol error: expected shallow sha, got '%s'",
1429 sha1_array_append(shallow, sha1);
1433 linelen = strlen(line);
1434 if (linelen < len) {
1435 const char *feature_list = line + linelen + 1;
1436 if (parse_feature_request(feature_list, "report-status"))
1438 if (parse_feature_request(feature_list, "side-band-64k"))
1439 use_sideband = LARGE_PACKET_MAX;
1440 if (parse_feature_request(feature_list, "quiet"))
1442 if (advertise_atomic_push
1443 && parse_feature_request(feature_list, "atomic"))
1447 if (!strcmp(line, "push-cert")) {
1452 len = packet_read(0, NULL, NULL,
1453 certbuf, sizeof(certbuf), 0);
1458 if (!strcmp(certbuf, "push-cert-end\n"))
1459 break; /* end of cert */
1460 strbuf_addstr(&push_cert, certbuf);
1468 p = queue_command(p, line, linelen);
1472 queue_commands_from_cert(p, &push_cert);
1477 static const char *parse_pack_header(struct pack_header *hdr)
1479 switch (read_pack_header(0, hdr)) {
1481 return "eof before pack header was fully read";
1483 case PH_ERROR_PACK_SIGNATURE:
1484 return "protocol error (pack signature mismatch detected)";
1486 case PH_ERROR_PROTOCOL:
1487 return "protocol error (pack version unsupported)";
1490 return "unknown error in parse_pack_header";
1497 static const char *pack_lockfile;
1499 static const char *unpack(int err_fd, struct shallow_info *si)
1501 struct pack_header hdr;
1502 const char *hdr_err;
1505 struct child_process child = CHILD_PROCESS_INIT;
1506 int fsck_objects = (receive_fsck_objects >= 0
1507 ? receive_fsck_objects
1508 : transfer_fsck_objects >= 0
1509 ? transfer_fsck_objects
1512 hdr_err = parse_pack_header(&hdr);
1518 snprintf(hdr_arg, sizeof(hdr_arg),
1519 "--pack_header=%"PRIu32",%"PRIu32,
1520 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1522 if (si->nr_ours || si->nr_theirs) {
1523 alt_shallow_file = setup_temporary_shallow(si->shallow);
1524 argv_array_push(&child.args, "--shallow-file");
1525 argv_array_push(&child.args, alt_shallow_file);
1528 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1529 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1531 argv_array_push(&child.args, "-q");
1533 argv_array_pushf(&child.args, "--strict%s",
1534 fsck_msg_types.buf);
1535 child.no_stdout = 1;
1538 status = run_command(&child);
1540 return "unpack-objects abnormal exit";
1544 argv_array_pushl(&child.args, "index-pack",
1545 "--stdin", hdr_arg, NULL);
1547 if (gethostname(hostname, sizeof(hostname)))
1548 xsnprintf(hostname, sizeof(hostname), "localhost");
1549 argv_array_pushf(&child.args,
1550 "--keep=receive-pack %"PRIuMAX" on %s",
1551 (uintmax_t)getpid(),
1555 argv_array_pushf(&child.args, "--strict%s",
1556 fsck_msg_types.buf);
1558 argv_array_push(&child.args, "--fix-thin");
1562 status = start_command(&child);
1564 return "index-pack fork failed";
1565 pack_lockfile = index_pack_lockfile(child.out);
1567 status = finish_command(&child);
1569 return "index-pack abnormal exit";
1570 reprepare_packed_git();
1575 static const char *unpack_with_sideband(struct shallow_info *si)
1581 return unpack(0, si);
1583 memset(&muxer, 0, sizeof(muxer));
1584 muxer.proc = copy_to_sideband;
1586 if (start_async(&muxer))
1589 ret = unpack(muxer.in, si);
1591 finish_async(&muxer);
1595 static void prepare_shallow_update(struct command *commands,
1596 struct shallow_info *si)
1598 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1600 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1602 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1604 si->need_reachability_test =
1605 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1607 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1608 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1610 for (i = 0; i < si->nr_ours; i++)
1611 si->need_reachability_test[si->ours[i]] = 1;
1613 for (i = 0; i < si->shallow->nr; i++) {
1614 if (!si->used_shallow[i])
1616 for (j = 0; j < bitmap_size; j++) {
1617 if (!si->used_shallow[i][j])
1619 si->need_reachability_test[i]++;
1620 for (k = 0; k < 32; k++)
1621 if (si->used_shallow[i][j] & (1 << k))
1622 si->shallow_ref[j * 32 + k]++;
1626 * true for those associated with some refs and belong
1627 * in "ours" list aka "step 7 not done yet"
1629 si->need_reachability_test[i] =
1630 si->need_reachability_test[i] > 1;
1634 * keep hooks happy by forcing a temporary shallow file via
1635 * env variable because we can't add --shallow-file to every
1636 * command. check_everything_connected() will be done with
1637 * true .git/shallow though.
1639 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1642 static void update_shallow_info(struct command *commands,
1643 struct shallow_info *si,
1644 struct sha1_array *ref)
1646 struct command *cmd;
1648 remove_nonexistent_theirs_shallow(si);
1649 if (!si->nr_ours && !si->nr_theirs) {
1654 for (cmd = commands; cmd; cmd = cmd->next) {
1655 if (is_null_sha1(cmd->new_sha1))
1657 sha1_array_append(ref, cmd->new_sha1);
1658 cmd->index = ref->nr - 1;
1662 if (shallow_update) {
1663 prepare_shallow_update(commands, si);
1667 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1668 assign_shallow_commits_to_refs(si, NULL, ref_status);
1669 for (cmd = commands; cmd; cmd = cmd->next) {
1670 if (is_null_sha1(cmd->new_sha1))
1672 if (ref_status[cmd->index]) {
1673 cmd->error_string = "shallow update not allowed";
1674 cmd->skip_update = 1;
1680 static void report(struct command *commands, const char *unpack_status)
1682 struct command *cmd;
1683 struct strbuf buf = STRBUF_INIT;
1685 packet_buf_write(&buf, "unpack %s\n",
1686 unpack_status ? unpack_status : "ok");
1687 for (cmd = commands; cmd; cmd = cmd->next) {
1688 if (!cmd->error_string)
1689 packet_buf_write(&buf, "ok %s\n",
1692 packet_buf_write(&buf, "ng %s %s\n",
1693 cmd->ref_name, cmd->error_string);
1695 packet_buf_flush(&buf);
1698 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1700 write_or_die(1, buf.buf, buf.len);
1701 strbuf_release(&buf);
1704 static int delete_only(struct command *commands)
1706 struct command *cmd;
1707 for (cmd = commands; cmd; cmd = cmd->next) {
1708 if (!is_null_sha1(cmd->new_sha1))
1714 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1716 int advertise_refs = 0;
1718 struct command *commands;
1719 struct sha1_array shallow = SHA1_ARRAY_INIT;
1720 struct sha1_array ref = SHA1_ARRAY_INIT;
1721 struct shallow_info si;
1723 packet_trace_identity("receive-pack");
1726 for (i = 1; i < argc; i++) {
1727 const char *arg = *argv++;
1730 if (!strcmp(arg, "--quiet")) {
1735 if (!strcmp(arg, "--advertise-refs")) {
1739 if (!strcmp(arg, "--stateless-rpc")) {
1743 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1748 usage(receive_pack_usage);
1751 usage(receive_pack_usage);
1755 usage(receive_pack_usage);
1759 if (!enter_repo(service_dir, 0))
1760 die("'%s' does not appear to be a git repository", service_dir);
1762 git_config(receive_pack_config, NULL);
1763 if (cert_nonce_seed)
1764 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1766 if (0 <= transfer_unpack_limit)
1767 unpack_limit = transfer_unpack_limit;
1768 else if (0 <= receive_unpack_limit)
1769 unpack_limit = receive_unpack_limit;
1771 if (advertise_refs || !stateless_rpc) {
1777 if ((commands = read_head_info(&shallow)) != NULL) {
1778 const char *unpack_status = NULL;
1780 prepare_shallow_info(&si, &shallow);
1781 if (!si.nr_ours && !si.nr_theirs)
1783 if (!delete_only(commands)) {
1784 unpack_status = unpack_with_sideband(&si);
1785 update_shallow_info(commands, &si, &ref);
1787 execute_commands(commands, unpack_status, &si);
1789 unlink_or_warn(pack_lockfile);
1791 report(commands, unpack_status);
1792 run_receive_hook(commands, "post-receive", 1);
1793 run_update_post_hook(commands);
1795 const char *argv_gc_auto[] = {
1796 "gc", "--auto", "--quiet", NULL,
1798 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1799 run_command_v_opt(argv_gc_auto, opt);
1801 if (auto_update_server_info)
1802 update_server_info(0);
1803 clear_shallow_info(&si);
1807 sha1_array_clear(&shallow);
1808 sha1_array_clear(&ref);
1809 free((void *)push_cert_nonce);