Merge branch 'jk/pretty-encoding-doc' into maint
[git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
24
25 enum deny_action {
26         DENY_UNCONFIGURED,
27         DENY_IGNORE,
28         DENY_WARN,
29         DENY_REFUSE,
30         DENY_UPDATE_INSTEAD
31 };
32
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int advertise_atomic_push = 1;
42 static int unpack_limit = 100;
43 static int report_status;
44 static int use_sideband;
45 static int use_atomic;
46 static int quiet;
47 static int prefer_ofs_delta = 1;
48 static int auto_update_server_info;
49 static int auto_gc = 1;
50 static int fix_thin = 1;
51 static int stateless_rpc;
52 static const char *service_dir;
53 static const char *head_name;
54 static void *head_name_to_free;
55 static int sent_capabilities;
56 static int shallow_update;
57 static const char *alt_shallow_file;
58 static struct strbuf push_cert = STRBUF_INIT;
59 static unsigned char push_cert_sha1[20];
60 static struct signature_check sigcheck;
61 static const char *push_cert_nonce;
62 static const char *cert_nonce_seed;
63
64 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65 static const char *NONCE_BAD = "BAD";
66 static const char *NONCE_MISSING = "MISSING";
67 static const char *NONCE_OK = "OK";
68 static const char *NONCE_SLOP = "SLOP";
69 static const char *nonce_status;
70 static long nonce_stamp_slop;
71 static unsigned long nonce_stamp_slop_limit;
72 static struct ref_transaction *transaction;
73
74 static enum deny_action parse_deny_action(const char *var, const char *value)
75 {
76         if (value) {
77                 if (!strcasecmp(value, "ignore"))
78                         return DENY_IGNORE;
79                 if (!strcasecmp(value, "warn"))
80                         return DENY_WARN;
81                 if (!strcasecmp(value, "refuse"))
82                         return DENY_REFUSE;
83                 if (!strcasecmp(value, "updateinstead"))
84                         return DENY_UPDATE_INSTEAD;
85         }
86         if (git_config_bool(var, value))
87                 return DENY_REFUSE;
88         return DENY_IGNORE;
89 }
90
91 static int receive_pack_config(const char *var, const char *value, void *cb)
92 {
93         int status = parse_hide_refs_config(var, value, "receive");
94
95         if (status)
96                 return status;
97
98         if (strcmp(var, "receive.denydeletes") == 0) {
99                 deny_deletes = git_config_bool(var, value);
100                 return 0;
101         }
102
103         if (strcmp(var, "receive.denynonfastforwards") == 0) {
104                 deny_non_fast_forwards = git_config_bool(var, value);
105                 return 0;
106         }
107
108         if (strcmp(var, "receive.unpacklimit") == 0) {
109                 receive_unpack_limit = git_config_int(var, value);
110                 return 0;
111         }
112
113         if (strcmp(var, "transfer.unpacklimit") == 0) {
114                 transfer_unpack_limit = git_config_int(var, value);
115                 return 0;
116         }
117
118         if (strcmp(var, "receive.fsckobjects") == 0) {
119                 receive_fsck_objects = git_config_bool(var, value);
120                 return 0;
121         }
122
123         if (strcmp(var, "transfer.fsckobjects") == 0) {
124                 transfer_fsck_objects = git_config_bool(var, value);
125                 return 0;
126         }
127
128         if (!strcmp(var, "receive.denycurrentbranch")) {
129                 deny_current_branch = parse_deny_action(var, value);
130                 return 0;
131         }
132
133         if (strcmp(var, "receive.denydeletecurrent") == 0) {
134                 deny_delete_current = parse_deny_action(var, value);
135                 return 0;
136         }
137
138         if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139                 prefer_ofs_delta = git_config_bool(var, value);
140                 return 0;
141         }
142
143         if (strcmp(var, "receive.updateserverinfo") == 0) {
144                 auto_update_server_info = git_config_bool(var, value);
145                 return 0;
146         }
147
148         if (strcmp(var, "receive.autogc") == 0) {
149                 auto_gc = git_config_bool(var, value);
150                 return 0;
151         }
152
153         if (strcmp(var, "receive.shallowupdate") == 0) {
154                 shallow_update = git_config_bool(var, value);
155                 return 0;
156         }
157
158         if (strcmp(var, "receive.certnonceseed") == 0)
159                 return git_config_string(&cert_nonce_seed, var, value);
160
161         if (strcmp(var, "receive.certnonceslop") == 0) {
162                 nonce_stamp_slop_limit = git_config_ulong(var, value);
163                 return 0;
164         }
165
166         if (strcmp(var, "receive.advertiseatomic") == 0) {
167                 advertise_atomic_push = git_config_bool(var, value);
168                 return 0;
169         }
170
171         return git_default_config(var, value, cb);
172 }
173
174 static void show_ref(const char *path, const unsigned char *sha1)
175 {
176         if (ref_is_hidden(path))
177                 return;
178
179         if (sent_capabilities) {
180                 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
181         } else {
182                 struct strbuf cap = STRBUF_INIT;
183
184                 strbuf_addstr(&cap,
185                               "report-status delete-refs side-band-64k quiet");
186                 if (advertise_atomic_push)
187                         strbuf_addstr(&cap, " atomic");
188                 if (prefer_ofs_delta)
189                         strbuf_addstr(&cap, " ofs-delta");
190                 if (push_cert_nonce)
191                         strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192                 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193                 packet_write(1, "%s %s%c%s\n",
194                              sha1_to_hex(sha1), path, 0, cap.buf);
195                 strbuf_release(&cap);
196                 sent_capabilities = 1;
197         }
198 }
199
200 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
201 {
202         path = strip_namespace(path);
203         /*
204          * Advertise refs outside our current namespace as ".have"
205          * refs, so that the client can use them to minimize data
206          * transfer but will otherwise ignore them. This happens to
207          * cover ".have" that are thrown in by add_one_alternate_ref()
208          * to mark histories that are complete in our alternates as
209          * well.
210          */
211         if (!path)
212                 path = ".have";
213         show_ref(path, sha1);
214         return 0;
215 }
216
217 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
218 {
219         show_ref(".have", sha1);
220 }
221
222 static void collect_one_alternate_ref(const struct ref *ref, void *data)
223 {
224         struct sha1_array *sa = data;
225         sha1_array_append(sa, ref->old_sha1);
226 }
227
228 static void write_head_info(void)
229 {
230         struct sha1_array sa = SHA1_ARRAY_INIT;
231         for_each_alternate_ref(collect_one_alternate_ref, &sa);
232         sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
233         sha1_array_clear(&sa);
234         for_each_ref(show_ref_cb, NULL);
235         if (!sent_capabilities)
236                 show_ref("capabilities^{}", null_sha1);
237
238         advertise_shallow_grafts(1);
239
240         /* EOF */
241         packet_flush(1);
242 }
243
244 struct command {
245         struct command *next;
246         const char *error_string;
247         unsigned int skip_update:1,
248                      did_not_exist:1;
249         int index;
250         unsigned char old_sha1[20];
251         unsigned char new_sha1[20];
252         char ref_name[FLEX_ARRAY]; /* more */
253 };
254
255 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
256 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
257
258 static void report_message(const char *prefix, const char *err, va_list params)
259 {
260         int sz = strlen(prefix);
261         char msg[4096];
262
263         strncpy(msg, prefix, sz);
264         sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
265         if (sz > (sizeof(msg) - 1))
266                 sz = sizeof(msg) - 1;
267         msg[sz++] = '\n';
268
269         if (use_sideband)
270                 send_sideband(1, 2, msg, sz, use_sideband);
271         else
272                 xwrite(2, msg, sz);
273 }
274
275 static void rp_warning(const char *err, ...)
276 {
277         va_list params;
278         va_start(params, err);
279         report_message("warning: ", err, params);
280         va_end(params);
281 }
282
283 static void rp_error(const char *err, ...)
284 {
285         va_list params;
286         va_start(params, err);
287         report_message("error: ", err, params);
288         va_end(params);
289 }
290
291 static int copy_to_sideband(int in, int out, void *arg)
292 {
293         char data[128];
294         while (1) {
295                 ssize_t sz = xread(in, data, sizeof(data));
296                 if (sz <= 0)
297                         break;
298                 send_sideband(1, 2, data, sz, use_sideband);
299         }
300         close(in);
301         return 0;
302 }
303
304 #define HMAC_BLOCK_SIZE 64
305
306 static void hmac_sha1(unsigned char *out,
307                       const char *key_in, size_t key_len,
308                       const char *text, size_t text_len)
309 {
310         unsigned char key[HMAC_BLOCK_SIZE];
311         unsigned char k_ipad[HMAC_BLOCK_SIZE];
312         unsigned char k_opad[HMAC_BLOCK_SIZE];
313         int i;
314         git_SHA_CTX ctx;
315
316         /* RFC 2104 2. (1) */
317         memset(key, '\0', HMAC_BLOCK_SIZE);
318         if (HMAC_BLOCK_SIZE < key_len) {
319                 git_SHA1_Init(&ctx);
320                 git_SHA1_Update(&ctx, key_in, key_len);
321                 git_SHA1_Final(key, &ctx);
322         } else {
323                 memcpy(key, key_in, key_len);
324         }
325
326         /* RFC 2104 2. (2) & (5) */
327         for (i = 0; i < sizeof(key); i++) {
328                 k_ipad[i] = key[i] ^ 0x36;
329                 k_opad[i] = key[i] ^ 0x5c;
330         }
331
332         /* RFC 2104 2. (3) & (4) */
333         git_SHA1_Init(&ctx);
334         git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
335         git_SHA1_Update(&ctx, text, text_len);
336         git_SHA1_Final(out, &ctx);
337
338         /* RFC 2104 2. (6) & (7) */
339         git_SHA1_Init(&ctx);
340         git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
341         git_SHA1_Update(&ctx, out, 20);
342         git_SHA1_Final(out, &ctx);
343 }
344
345 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
346 {
347         struct strbuf buf = STRBUF_INIT;
348         unsigned char sha1[20];
349
350         strbuf_addf(&buf, "%s:%lu", path, stamp);
351         hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
352         strbuf_release(&buf);
353
354         /* RFC 2104 5. HMAC-SHA1-80 */
355         strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
356         return strbuf_detach(&buf, NULL);
357 }
358
359 /*
360  * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
361  * after dropping "_commit" from its name and possibly moving it out
362  * of commit.c
363  */
364 static char *find_header(const char *msg, size_t len, const char *key)
365 {
366         int key_len = strlen(key);
367         const char *line = msg;
368
369         while (line && line < msg + len) {
370                 const char *eol = strchrnul(line, '\n');
371
372                 if ((msg + len <= eol) || line == eol)
373                         return NULL;
374                 if (line + key_len < eol &&
375                     !memcmp(line, key, key_len) && line[key_len] == ' ') {
376                         int offset = key_len + 1;
377                         return xmemdupz(line + offset, (eol - line) - offset);
378                 }
379                 line = *eol ? eol + 1 : NULL;
380         }
381         return NULL;
382 }
383
384 static const char *check_nonce(const char *buf, size_t len)
385 {
386         char *nonce = find_header(buf, len, "nonce");
387         unsigned long stamp, ostamp;
388         char *bohmac, *expect = NULL;
389         const char *retval = NONCE_BAD;
390
391         if (!nonce) {
392                 retval = NONCE_MISSING;
393                 goto leave;
394         } else if (!push_cert_nonce) {
395                 retval = NONCE_UNSOLICITED;
396                 goto leave;
397         } else if (!strcmp(push_cert_nonce, nonce)) {
398                 retval = NONCE_OK;
399                 goto leave;
400         }
401
402         if (!stateless_rpc) {
403                 /* returned nonce MUST match what we gave out earlier */
404                 retval = NONCE_BAD;
405                 goto leave;
406         }
407
408         /*
409          * In stateless mode, we may be receiving a nonce issued by
410          * another instance of the server that serving the same
411          * repository, and the timestamps may not match, but the
412          * nonce-seed and dir should match, so we can recompute and
413          * report the time slop.
414          *
415          * In addition, when a nonce issued by another instance has
416          * timestamp within receive.certnonceslop seconds, we pretend
417          * as if we issued that nonce when reporting to the hook.
418          */
419
420         /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
421         if (*nonce <= '0' || '9' < *nonce) {
422                 retval = NONCE_BAD;
423                 goto leave;
424         }
425         stamp = strtoul(nonce, &bohmac, 10);
426         if (bohmac == nonce || bohmac[0] != '-') {
427                 retval = NONCE_BAD;
428                 goto leave;
429         }
430
431         expect = prepare_push_cert_nonce(service_dir, stamp);
432         if (strcmp(expect, nonce)) {
433                 /* Not what we would have signed earlier */
434                 retval = NONCE_BAD;
435                 goto leave;
436         }
437
438         /*
439          * By how many seconds is this nonce stale?  Negative value
440          * would mean it was issued by another server with its clock
441          * skewed in the future.
442          */
443         ostamp = strtoul(push_cert_nonce, NULL, 10);
444         nonce_stamp_slop = (long)ostamp - (long)stamp;
445
446         if (nonce_stamp_slop_limit &&
447             labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
448                 /*
449                  * Pretend as if the received nonce (which passes the
450                  * HMAC check, so it is not a forged by third-party)
451                  * is what we issued.
452                  */
453                 free((void *)push_cert_nonce);
454                 push_cert_nonce = xstrdup(nonce);
455                 retval = NONCE_OK;
456         } else {
457                 retval = NONCE_SLOP;
458         }
459
460 leave:
461         free(nonce);
462         free(expect);
463         return retval;
464 }
465
466 static void prepare_push_cert_sha1(struct child_process *proc)
467 {
468         static int already_done;
469
470         if (!push_cert.len)
471                 return;
472
473         if (!already_done) {
474                 struct strbuf gpg_output = STRBUF_INIT;
475                 struct strbuf gpg_status = STRBUF_INIT;
476                 int bogs /* beginning_of_gpg_sig */;
477
478                 already_done = 1;
479                 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
480                         hashclr(push_cert_sha1);
481
482                 memset(&sigcheck, '\0', sizeof(sigcheck));
483                 sigcheck.result = 'N';
484
485                 bogs = parse_signature(push_cert.buf, push_cert.len);
486                 if (verify_signed_buffer(push_cert.buf, bogs,
487                                          push_cert.buf + bogs, push_cert.len - bogs,
488                                          &gpg_output, &gpg_status) < 0) {
489                         ; /* error running gpg */
490                 } else {
491                         sigcheck.payload = push_cert.buf;
492                         sigcheck.gpg_output = gpg_output.buf;
493                         sigcheck.gpg_status = gpg_status.buf;
494                         parse_gpg_output(&sigcheck);
495                 }
496
497                 strbuf_release(&gpg_output);
498                 strbuf_release(&gpg_status);
499                 nonce_status = check_nonce(push_cert.buf, bogs);
500         }
501         if (!is_null_sha1(push_cert_sha1)) {
502                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
503                                  sha1_to_hex(push_cert_sha1));
504                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
505                                  sigcheck.signer ? sigcheck.signer : "");
506                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
507                                  sigcheck.key ? sigcheck.key : "");
508                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
509                                  sigcheck.result);
510                 if (push_cert_nonce) {
511                         argv_array_pushf(&proc->env_array,
512                                          "GIT_PUSH_CERT_NONCE=%s",
513                                          push_cert_nonce);
514                         argv_array_pushf(&proc->env_array,
515                                          "GIT_PUSH_CERT_NONCE_STATUS=%s",
516                                          nonce_status);
517                         if (nonce_status == NONCE_SLOP)
518                                 argv_array_pushf(&proc->env_array,
519                                                  "GIT_PUSH_CERT_NONCE_SLOP=%ld",
520                                                  nonce_stamp_slop);
521                 }
522         }
523 }
524
525 typedef int (*feed_fn)(void *, const char **, size_t *);
526 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
527 {
528         struct child_process proc = CHILD_PROCESS_INIT;
529         struct async muxer;
530         const char *argv[2];
531         int code;
532
533         argv[0] = find_hook(hook_name);
534         if (!argv[0])
535                 return 0;
536
537         argv[1] = NULL;
538
539         proc.argv = argv;
540         proc.in = -1;
541         proc.stdout_to_stderr = 1;
542
543         if (use_sideband) {
544                 memset(&muxer, 0, sizeof(muxer));
545                 muxer.proc = copy_to_sideband;
546                 muxer.in = -1;
547                 code = start_async(&muxer);
548                 if (code)
549                         return code;
550                 proc.err = muxer.in;
551         }
552
553         prepare_push_cert_sha1(&proc);
554
555         code = start_command(&proc);
556         if (code) {
557                 if (use_sideband)
558                         finish_async(&muxer);
559                 return code;
560         }
561
562         sigchain_push(SIGPIPE, SIG_IGN);
563
564         while (1) {
565                 const char *buf;
566                 size_t n;
567                 if (feed(feed_state, &buf, &n))
568                         break;
569                 if (write_in_full(proc.in, buf, n) != n)
570                         break;
571         }
572         close(proc.in);
573         if (use_sideband)
574                 finish_async(&muxer);
575
576         sigchain_pop(SIGPIPE);
577
578         return finish_command(&proc);
579 }
580
581 struct receive_hook_feed_state {
582         struct command *cmd;
583         int skip_broken;
584         struct strbuf buf;
585 };
586
587 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
588 {
589         struct receive_hook_feed_state *state = state_;
590         struct command *cmd = state->cmd;
591
592         while (cmd &&
593                state->skip_broken && (cmd->error_string || cmd->did_not_exist))
594                 cmd = cmd->next;
595         if (!cmd)
596                 return -1; /* EOF */
597         strbuf_reset(&state->buf);
598         strbuf_addf(&state->buf, "%s %s %s\n",
599                     sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
600                     cmd->ref_name);
601         state->cmd = cmd->next;
602         if (bufp) {
603                 *bufp = state->buf.buf;
604                 *sizep = state->buf.len;
605         }
606         return 0;
607 }
608
609 static int run_receive_hook(struct command *commands, const char *hook_name,
610                             int skip_broken)
611 {
612         struct receive_hook_feed_state state;
613         int status;
614
615         strbuf_init(&state.buf, 0);
616         state.cmd = commands;
617         state.skip_broken = skip_broken;
618         if (feed_receive_hook(&state, NULL, NULL))
619                 return 0;
620         state.cmd = commands;
621         status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
622         strbuf_release(&state.buf);
623         return status;
624 }
625
626 static int run_update_hook(struct command *cmd)
627 {
628         const char *argv[5];
629         struct child_process proc = CHILD_PROCESS_INIT;
630         int code;
631
632         argv[0] = find_hook("update");
633         if (!argv[0])
634                 return 0;
635
636         argv[1] = cmd->ref_name;
637         argv[2] = sha1_to_hex(cmd->old_sha1);
638         argv[3] = sha1_to_hex(cmd->new_sha1);
639         argv[4] = NULL;
640
641         proc.no_stdin = 1;
642         proc.stdout_to_stderr = 1;
643         proc.err = use_sideband ? -1 : 0;
644         proc.argv = argv;
645
646         code = start_command(&proc);
647         if (code)
648                 return code;
649         if (use_sideband)
650                 copy_to_sideband(proc.err, -1, NULL);
651         return finish_command(&proc);
652 }
653
654 static int is_ref_checked_out(const char *ref)
655 {
656         if (is_bare_repository())
657                 return 0;
658
659         if (!head_name)
660                 return 0;
661         return !strcmp(head_name, ref);
662 }
663
664 static char *refuse_unconfigured_deny_msg[] = {
665         "By default, updating the current branch in a non-bare repository",
666         "is denied, because it will make the index and work tree inconsistent",
667         "with what you pushed, and will require 'git reset --hard' to match",
668         "the work tree to HEAD.",
669         "",
670         "You can set 'receive.denyCurrentBranch' configuration variable to",
671         "'ignore' or 'warn' in the remote repository to allow pushing into",
672         "its current branch; however, this is not recommended unless you",
673         "arranged to update its work tree to match what you pushed in some",
674         "other way.",
675         "",
676         "To squelch this message and still keep the default behaviour, set",
677         "'receive.denyCurrentBranch' configuration variable to 'refuse'."
678 };
679
680 static void refuse_unconfigured_deny(void)
681 {
682         int i;
683         for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
684                 rp_error("%s", refuse_unconfigured_deny_msg[i]);
685 }
686
687 static char *refuse_unconfigured_deny_delete_current_msg[] = {
688         "By default, deleting the current branch is denied, because the next",
689         "'git clone' won't result in any file checked out, causing confusion.",
690         "",
691         "You can set 'receive.denyDeleteCurrent' configuration variable to",
692         "'warn' or 'ignore' in the remote repository to allow deleting the",
693         "current branch, with or without a warning message.",
694         "",
695         "To squelch this message, you can set it to 'refuse'."
696 };
697
698 static void refuse_unconfigured_deny_delete_current(void)
699 {
700         int i;
701         for (i = 0;
702              i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
703              i++)
704                 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
705 }
706
707 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
708 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
709 {
710         static struct lock_file shallow_lock;
711         struct sha1_array extra = SHA1_ARRAY_INIT;
712         const char *alt_file;
713         uint32_t mask = 1 << (cmd->index % 32);
714         int i;
715
716         trace_printf_key(&trace_shallow,
717                          "shallow: update_shallow_ref %s\n", cmd->ref_name);
718         for (i = 0; i < si->shallow->nr; i++)
719                 if (si->used_shallow[i] &&
720                     (si->used_shallow[i][cmd->index / 32] & mask) &&
721                     !delayed_reachability_test(si, i))
722                         sha1_array_append(&extra, si->shallow->sha1[i]);
723
724         setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
725         if (check_shallow_connected(command_singleton_iterator,
726                                     0, cmd, alt_file)) {
727                 rollback_lock_file(&shallow_lock);
728                 sha1_array_clear(&extra);
729                 return -1;
730         }
731
732         commit_lock_file(&shallow_lock);
733
734         /*
735          * Make sure setup_alternate_shallow() for the next ref does
736          * not lose these new roots..
737          */
738         for (i = 0; i < extra.nr; i++)
739                 register_shallow(extra.sha1[i]);
740
741         si->shallow_ref[cmd->index] = 0;
742         sha1_array_clear(&extra);
743         return 0;
744 }
745
746 /*
747  * NEEDSWORK: we should consolidate various implementions of "are we
748  * on an unborn branch?" test into one, and make the unified one more
749  * robust. !get_sha1() based check used here and elsewhere would not
750  * allow us to tell an unborn branch from corrupt ref, for example.
751  * For the purpose of fixing "deploy-to-update does not work when
752  * pushing into an empty repository" issue, this should suffice for
753  * now.
754  */
755 static int head_has_history(void)
756 {
757         unsigned char sha1[20];
758
759         return !get_sha1("HEAD", sha1);
760 }
761
762 static const char *push_to_deploy(unsigned char *sha1,
763                                   struct argv_array *env,
764                                   const char *work_tree)
765 {
766         const char *update_refresh[] = {
767                 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
768         };
769         const char *diff_files[] = {
770                 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
771         };
772         const char *diff_index[] = {
773                 "diff-index", "--quiet", "--cached", "--ignore-submodules",
774                 NULL, "--", NULL
775         };
776         const char *read_tree[] = {
777                 "read-tree", "-u", "-m", NULL, NULL
778         };
779         struct child_process child = CHILD_PROCESS_INIT;
780
781         child.argv = update_refresh;
782         child.env = env->argv;
783         child.dir = work_tree;
784         child.no_stdin = 1;
785         child.stdout_to_stderr = 1;
786         child.git_cmd = 1;
787         if (run_command(&child))
788                 return "Up-to-date check failed";
789
790         /* run_command() does not clean up completely; reinitialize */
791         child_process_init(&child);
792         child.argv = diff_files;
793         child.env = env->argv;
794         child.dir = work_tree;
795         child.no_stdin = 1;
796         child.stdout_to_stderr = 1;
797         child.git_cmd = 1;
798         if (run_command(&child))
799                 return "Working directory has unstaged changes";
800
801         /* diff-index with either HEAD or an empty tree */
802         diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
803
804         child_process_init(&child);
805         child.argv = diff_index;
806         child.env = env->argv;
807         child.no_stdin = 1;
808         child.no_stdout = 1;
809         child.stdout_to_stderr = 0;
810         child.git_cmd = 1;
811         if (run_command(&child))
812                 return "Working directory has staged changes";
813
814         read_tree[3] = sha1_to_hex(sha1);
815         child_process_init(&child);
816         child.argv = read_tree;
817         child.env = env->argv;
818         child.dir = work_tree;
819         child.no_stdin = 1;
820         child.no_stdout = 1;
821         child.stdout_to_stderr = 0;
822         child.git_cmd = 1;
823         if (run_command(&child))
824                 return "Could not update working tree to new HEAD";
825
826         return NULL;
827 }
828
829 static const char *push_to_checkout_hook = "push-to-checkout";
830
831 static const char *push_to_checkout(unsigned char *sha1,
832                                     struct argv_array *env,
833                                     const char *work_tree)
834 {
835         argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
836         if (run_hook_le(env->argv, push_to_checkout_hook,
837                         sha1_to_hex(sha1), NULL))
838                 return "push-to-checkout hook declined";
839         else
840                 return NULL;
841 }
842
843 static const char *update_worktree(unsigned char *sha1)
844 {
845         const char *retval;
846         const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
847         struct argv_array env = ARGV_ARRAY_INIT;
848
849         if (is_bare_repository())
850                 return "denyCurrentBranch = updateInstead needs a worktree";
851
852         argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
853
854         if (!find_hook(push_to_checkout_hook))
855                 retval = push_to_deploy(sha1, &env, work_tree);
856         else
857                 retval = push_to_checkout(sha1, &env, work_tree);
858
859         argv_array_clear(&env);
860         return retval;
861 }
862
863 static const char *update(struct command *cmd, struct shallow_info *si)
864 {
865         const char *name = cmd->ref_name;
866         struct strbuf namespaced_name_buf = STRBUF_INIT;
867         const char *namespaced_name, *ret;
868         unsigned char *old_sha1 = cmd->old_sha1;
869         unsigned char *new_sha1 = cmd->new_sha1;
870
871         /* only refs/... are allowed */
872         if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
873                 rp_error("refusing to create funny ref '%s' remotely", name);
874                 return "funny refname";
875         }
876
877         strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
878         namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
879
880         if (is_ref_checked_out(namespaced_name)) {
881                 switch (deny_current_branch) {
882                 case DENY_IGNORE:
883                         break;
884                 case DENY_WARN:
885                         rp_warning("updating the current branch");
886                         break;
887                 case DENY_REFUSE:
888                 case DENY_UNCONFIGURED:
889                         rp_error("refusing to update checked out branch: %s", name);
890                         if (deny_current_branch == DENY_UNCONFIGURED)
891                                 refuse_unconfigured_deny();
892                         return "branch is currently checked out";
893                 case DENY_UPDATE_INSTEAD:
894                         ret = update_worktree(new_sha1);
895                         if (ret)
896                                 return ret;
897                         break;
898                 }
899         }
900
901         if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
902                 error("unpack should have generated %s, "
903                       "but I can't find it!", sha1_to_hex(new_sha1));
904                 return "bad pack";
905         }
906
907         if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
908                 if (deny_deletes && starts_with(name, "refs/heads/")) {
909                         rp_error("denying ref deletion for %s", name);
910                         return "deletion prohibited";
911                 }
912
913                 if (!strcmp(namespaced_name, head_name)) {
914                         switch (deny_delete_current) {
915                         case DENY_IGNORE:
916                                 break;
917                         case DENY_WARN:
918                                 rp_warning("deleting the current branch");
919                                 break;
920                         case DENY_REFUSE:
921                         case DENY_UNCONFIGURED:
922                         case DENY_UPDATE_INSTEAD:
923                                 if (deny_delete_current == DENY_UNCONFIGURED)
924                                         refuse_unconfigured_deny_delete_current();
925                                 rp_error("refusing to delete the current branch: %s", name);
926                                 return "deletion of the current branch prohibited";
927                         default:
928                                 return "Invalid denyDeleteCurrent setting";
929                         }
930                 }
931         }
932
933         if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
934             !is_null_sha1(old_sha1) &&
935             starts_with(name, "refs/heads/")) {
936                 struct object *old_object, *new_object;
937                 struct commit *old_commit, *new_commit;
938
939                 old_object = parse_object(old_sha1);
940                 new_object = parse_object(new_sha1);
941
942                 if (!old_object || !new_object ||
943                     old_object->type != OBJ_COMMIT ||
944                     new_object->type != OBJ_COMMIT) {
945                         error("bad sha1 objects for %s", name);
946                         return "bad ref";
947                 }
948                 old_commit = (struct commit *)old_object;
949                 new_commit = (struct commit *)new_object;
950                 if (!in_merge_bases(old_commit, new_commit)) {
951                         rp_error("denying non-fast-forward %s"
952                                  " (you should pull first)", name);
953                         return "non-fast-forward";
954                 }
955         }
956         if (run_update_hook(cmd)) {
957                 rp_error("hook declined to update %s", name);
958                 return "hook declined";
959         }
960
961         if (is_null_sha1(new_sha1)) {
962                 struct strbuf err = STRBUF_INIT;
963                 if (!parse_object(old_sha1)) {
964                         old_sha1 = NULL;
965                         if (ref_exists(name)) {
966                                 rp_warning("Allowing deletion of corrupt ref.");
967                         } else {
968                                 rp_warning("Deleting a non-existent ref.");
969                                 cmd->did_not_exist = 1;
970                         }
971                 }
972                 if (ref_transaction_delete(transaction,
973                                            namespaced_name,
974                                            old_sha1,
975                                            0, "push", &err)) {
976                         rp_error("%s", err.buf);
977                         strbuf_release(&err);
978                         return "failed to delete";
979                 }
980                 strbuf_release(&err);
981                 return NULL; /* good */
982         }
983         else {
984                 struct strbuf err = STRBUF_INIT;
985                 if (shallow_update && si->shallow_ref[cmd->index] &&
986                     update_shallow_ref(cmd, si))
987                         return "shallow error";
988
989                 if (ref_transaction_update(transaction,
990                                            namespaced_name,
991                                            new_sha1, old_sha1,
992                                            0, "push",
993                                            &err)) {
994                         rp_error("%s", err.buf);
995                         strbuf_release(&err);
996
997                         return "failed to update ref";
998                 }
999                 strbuf_release(&err);
1000
1001                 return NULL; /* good */
1002         }
1003 }
1004
1005 static void run_update_post_hook(struct command *commands)
1006 {
1007         struct command *cmd;
1008         int argc;
1009         const char **argv;
1010         struct child_process proc = CHILD_PROCESS_INIT;
1011         char *hook;
1012
1013         hook = find_hook("post-update");
1014         for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1015                 if (cmd->error_string || cmd->did_not_exist)
1016                         continue;
1017                 argc++;
1018         }
1019         if (!argc || !hook)
1020                 return;
1021
1022         argv = xmalloc(sizeof(*argv) * (2 + argc));
1023         argv[0] = hook;
1024
1025         for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1026                 if (cmd->error_string || cmd->did_not_exist)
1027                         continue;
1028                 argv[argc] = xstrdup(cmd->ref_name);
1029                 argc++;
1030         }
1031         argv[argc] = NULL;
1032
1033         proc.no_stdin = 1;
1034         proc.stdout_to_stderr = 1;
1035         proc.err = use_sideband ? -1 : 0;
1036         proc.argv = argv;
1037
1038         if (!start_command(&proc)) {
1039                 if (use_sideband)
1040                         copy_to_sideband(proc.err, -1, NULL);
1041                 finish_command(&proc);
1042         }
1043 }
1044
1045 static void check_aliased_update(struct command *cmd, struct string_list *list)
1046 {
1047         struct strbuf buf = STRBUF_INIT;
1048         const char *dst_name;
1049         struct string_list_item *item;
1050         struct command *dst_cmd;
1051         unsigned char sha1[20];
1052         char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1053         int flag;
1054
1055         strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1056         dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1057         strbuf_release(&buf);
1058
1059         if (!(flag & REF_ISSYMREF))
1060                 return;
1061
1062         dst_name = strip_namespace(dst_name);
1063         if (!dst_name) {
1064                 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1065                 cmd->skip_update = 1;
1066                 cmd->error_string = "broken symref";
1067                 return;
1068         }
1069
1070         if ((item = string_list_lookup(list, dst_name)) == NULL)
1071                 return;
1072
1073         cmd->skip_update = 1;
1074
1075         dst_cmd = (struct command *) item->util;
1076
1077         if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1078             !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1079                 return;
1080
1081         dst_cmd->skip_update = 1;
1082
1083         strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1084         strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1085         strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1086         strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1087         rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1088                  " its target '%s' (%s..%s)",
1089                  cmd->ref_name, cmd_oldh, cmd_newh,
1090                  dst_cmd->ref_name, dst_oldh, dst_newh);
1091
1092         cmd->error_string = dst_cmd->error_string =
1093                 "inconsistent aliased update";
1094 }
1095
1096 static void check_aliased_updates(struct command *commands)
1097 {
1098         struct command *cmd;
1099         struct string_list ref_list = STRING_LIST_INIT_NODUP;
1100
1101         for (cmd = commands; cmd; cmd = cmd->next) {
1102                 struct string_list_item *item =
1103                         string_list_append(&ref_list, cmd->ref_name);
1104                 item->util = (void *)cmd;
1105         }
1106         string_list_sort(&ref_list);
1107
1108         for (cmd = commands; cmd; cmd = cmd->next) {
1109                 if (!cmd->error_string)
1110                         check_aliased_update(cmd, &ref_list);
1111         }
1112
1113         string_list_clear(&ref_list, 0);
1114 }
1115
1116 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1117 {
1118         struct command **cmd_list = cb_data;
1119         struct command *cmd = *cmd_list;
1120
1121         if (!cmd || is_null_sha1(cmd->new_sha1))
1122                 return -1; /* end of list */
1123         *cmd_list = NULL; /* this returns only one */
1124         hashcpy(sha1, cmd->new_sha1);
1125         return 0;
1126 }
1127
1128 static void set_connectivity_errors(struct command *commands,
1129                                     struct shallow_info *si)
1130 {
1131         struct command *cmd;
1132
1133         for (cmd = commands; cmd; cmd = cmd->next) {
1134                 struct command *singleton = cmd;
1135                 if (shallow_update && si->shallow_ref[cmd->index])
1136                         /* to be checked in update_shallow_ref() */
1137                         continue;
1138                 if (!check_everything_connected(command_singleton_iterator,
1139                                                 0, &singleton))
1140                         continue;
1141                 cmd->error_string = "missing necessary objects";
1142         }
1143 }
1144
1145 struct iterate_data {
1146         struct command *cmds;
1147         struct shallow_info *si;
1148 };
1149
1150 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1151 {
1152         struct iterate_data *data = cb_data;
1153         struct command **cmd_list = &data->cmds;
1154         struct command *cmd = *cmd_list;
1155
1156         for (; cmd; cmd = cmd->next) {
1157                 if (shallow_update && data->si->shallow_ref[cmd->index])
1158                         /* to be checked in update_shallow_ref() */
1159                         continue;
1160                 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1161                         hashcpy(sha1, cmd->new_sha1);
1162                         *cmd_list = cmd->next;
1163                         return 0;
1164                 }
1165         }
1166         *cmd_list = NULL;
1167         return -1; /* end of list */
1168 }
1169
1170 static void reject_updates_to_hidden(struct command *commands)
1171 {
1172         struct command *cmd;
1173
1174         for (cmd = commands; cmd; cmd = cmd->next) {
1175                 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1176                         continue;
1177                 if (is_null_sha1(cmd->new_sha1))
1178                         cmd->error_string = "deny deleting a hidden ref";
1179                 else
1180                         cmd->error_string = "deny updating a hidden ref";
1181         }
1182 }
1183
1184 static int should_process_cmd(struct command *cmd)
1185 {
1186         return !cmd->error_string && !cmd->skip_update;
1187 }
1188
1189 static void warn_if_skipped_connectivity_check(struct command *commands,
1190                                                struct shallow_info *si)
1191 {
1192         struct command *cmd;
1193         int checked_connectivity = 1;
1194
1195         for (cmd = commands; cmd; cmd = cmd->next) {
1196                 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1197                         error("BUG: connectivity check has not been run on ref %s",
1198                               cmd->ref_name);
1199                         checked_connectivity = 0;
1200                 }
1201         }
1202         if (!checked_connectivity)
1203                 die("BUG: connectivity check skipped???");
1204 }
1205
1206 static void execute_commands_non_atomic(struct command *commands,
1207                                         struct shallow_info *si)
1208 {
1209         struct command *cmd;
1210         struct strbuf err = STRBUF_INIT;
1211
1212         for (cmd = commands; cmd; cmd = cmd->next) {
1213                 if (!should_process_cmd(cmd))
1214                         continue;
1215
1216                 transaction = ref_transaction_begin(&err);
1217                 if (!transaction) {
1218                         rp_error("%s", err.buf);
1219                         strbuf_reset(&err);
1220                         cmd->error_string = "transaction failed to start";
1221                         continue;
1222                 }
1223
1224                 cmd->error_string = update(cmd, si);
1225
1226                 if (!cmd->error_string
1227                     && ref_transaction_commit(transaction, &err)) {
1228                         rp_error("%s", err.buf);
1229                         strbuf_reset(&err);
1230                         cmd->error_string = "failed to update ref";
1231                 }
1232                 ref_transaction_free(transaction);
1233         }
1234         strbuf_release(&err);
1235 }
1236
1237 static void execute_commands_atomic(struct command *commands,
1238                                         struct shallow_info *si)
1239 {
1240         struct command *cmd;
1241         struct strbuf err = STRBUF_INIT;
1242         const char *reported_error = "atomic push failure";
1243
1244         transaction = ref_transaction_begin(&err);
1245         if (!transaction) {
1246                 rp_error("%s", err.buf);
1247                 strbuf_reset(&err);
1248                 reported_error = "transaction failed to start";
1249                 goto failure;
1250         }
1251
1252         for (cmd = commands; cmd; cmd = cmd->next) {
1253                 if (!should_process_cmd(cmd))
1254                         continue;
1255
1256                 cmd->error_string = update(cmd, si);
1257
1258                 if (cmd->error_string)
1259                         goto failure;
1260         }
1261
1262         if (ref_transaction_commit(transaction, &err)) {
1263                 rp_error("%s", err.buf);
1264                 reported_error = "atomic transaction failed";
1265                 goto failure;
1266         }
1267         goto cleanup;
1268
1269 failure:
1270         for (cmd = commands; cmd; cmd = cmd->next)
1271                 if (!cmd->error_string)
1272                         cmd->error_string = reported_error;
1273
1274 cleanup:
1275         ref_transaction_free(transaction);
1276         strbuf_release(&err);
1277 }
1278
1279 static void execute_commands(struct command *commands,
1280                              const char *unpacker_error,
1281                              struct shallow_info *si)
1282 {
1283         struct command *cmd;
1284         unsigned char sha1[20];
1285         struct iterate_data data;
1286
1287         if (unpacker_error) {
1288                 for (cmd = commands; cmd; cmd = cmd->next)
1289                         cmd->error_string = "unpacker error";
1290                 return;
1291         }
1292
1293         data.cmds = commands;
1294         data.si = si;
1295         if (check_everything_connected(iterate_receive_command_list, 0, &data))
1296                 set_connectivity_errors(commands, si);
1297
1298         reject_updates_to_hidden(commands);
1299
1300         if (run_receive_hook(commands, "pre-receive", 0)) {
1301                 for (cmd = commands; cmd; cmd = cmd->next) {
1302                         if (!cmd->error_string)
1303                                 cmd->error_string = "pre-receive hook declined";
1304                 }
1305                 return;
1306         }
1307
1308         check_aliased_updates(commands);
1309
1310         free(head_name_to_free);
1311         head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1312
1313         if (use_atomic)
1314                 execute_commands_atomic(commands, si);
1315         else
1316                 execute_commands_non_atomic(commands, si);
1317
1318         if (shallow_update)
1319                 warn_if_skipped_connectivity_check(commands, si);
1320 }
1321
1322 static struct command **queue_command(struct command **tail,
1323                                       const char *line,
1324                                       int linelen)
1325 {
1326         unsigned char old_sha1[20], new_sha1[20];
1327         struct command *cmd;
1328         const char *refname;
1329         int reflen;
1330
1331         if (linelen < 83 ||
1332             line[40] != ' ' ||
1333             line[81] != ' ' ||
1334             get_sha1_hex(line, old_sha1) ||
1335             get_sha1_hex(line + 41, new_sha1))
1336                 die("protocol error: expected old/new/ref, got '%s'", line);
1337
1338         refname = line + 82;
1339         reflen = linelen - 82;
1340         cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1341         hashcpy(cmd->old_sha1, old_sha1);
1342         hashcpy(cmd->new_sha1, new_sha1);
1343         memcpy(cmd->ref_name, refname, reflen);
1344         cmd->ref_name[reflen] = '\0';
1345         *tail = cmd;
1346         return &cmd->next;
1347 }
1348
1349 static void queue_commands_from_cert(struct command **tail,
1350                                      struct strbuf *push_cert)
1351 {
1352         const char *boc, *eoc;
1353
1354         if (*tail)
1355                 die("protocol error: got both push certificate and unsigned commands");
1356
1357         boc = strstr(push_cert->buf, "\n\n");
1358         if (!boc)
1359                 die("malformed push certificate %.*s", 100, push_cert->buf);
1360         else
1361                 boc += 2;
1362         eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1363
1364         while (boc < eoc) {
1365                 const char *eol = memchr(boc, '\n', eoc - boc);
1366                 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1367                 boc = eol ? eol + 1 : eoc;
1368         }
1369 }
1370
1371 static struct command *read_head_info(struct sha1_array *shallow)
1372 {
1373         struct command *commands = NULL;
1374         struct command **p = &commands;
1375         for (;;) {
1376                 char *line;
1377                 int len, linelen;
1378
1379                 line = packet_read_line(0, &len);
1380                 if (!line)
1381                         break;
1382
1383                 if (len == 48 && starts_with(line, "shallow ")) {
1384                         unsigned char sha1[20];
1385                         if (get_sha1_hex(line + 8, sha1))
1386                                 die("protocol error: expected shallow sha, got '%s'",
1387                                     line + 8);
1388                         sha1_array_append(shallow, sha1);
1389                         continue;
1390                 }
1391
1392                 linelen = strlen(line);
1393                 if (linelen < len) {
1394                         const char *feature_list = line + linelen + 1;
1395                         if (parse_feature_request(feature_list, "report-status"))
1396                                 report_status = 1;
1397                         if (parse_feature_request(feature_list, "side-band-64k"))
1398                                 use_sideband = LARGE_PACKET_MAX;
1399                         if (parse_feature_request(feature_list, "quiet"))
1400                                 quiet = 1;
1401                         if (advertise_atomic_push
1402                             && parse_feature_request(feature_list, "atomic"))
1403                                 use_atomic = 1;
1404                 }
1405
1406                 if (!strcmp(line, "push-cert")) {
1407                         int true_flush = 0;
1408                         char certbuf[1024];
1409
1410                         for (;;) {
1411                                 len = packet_read(0, NULL, NULL,
1412                                                   certbuf, sizeof(certbuf), 0);
1413                                 if (!len) {
1414                                         true_flush = 1;
1415                                         break;
1416                                 }
1417                                 if (!strcmp(certbuf, "push-cert-end\n"))
1418                                         break; /* end of cert */
1419                                 strbuf_addstr(&push_cert, certbuf);
1420                         }
1421
1422                         if (true_flush)
1423                                 break;
1424                         continue;
1425                 }
1426
1427                 p = queue_command(p, line, linelen);
1428         }
1429
1430         if (push_cert.len)
1431                 queue_commands_from_cert(p, &push_cert);
1432
1433         return commands;
1434 }
1435
1436 static const char *parse_pack_header(struct pack_header *hdr)
1437 {
1438         switch (read_pack_header(0, hdr)) {
1439         case PH_ERROR_EOF:
1440                 return "eof before pack header was fully read";
1441
1442         case PH_ERROR_PACK_SIGNATURE:
1443                 return "protocol error (pack signature mismatch detected)";
1444
1445         case PH_ERROR_PROTOCOL:
1446                 return "protocol error (pack version unsupported)";
1447
1448         default:
1449                 return "unknown error in parse_pack_header";
1450
1451         case 0:
1452                 return NULL;
1453         }
1454 }
1455
1456 static const char *pack_lockfile;
1457
1458 static const char *unpack(int err_fd, struct shallow_info *si)
1459 {
1460         struct pack_header hdr;
1461         const char *hdr_err;
1462         int status;
1463         char hdr_arg[38];
1464         struct child_process child = CHILD_PROCESS_INIT;
1465         int fsck_objects = (receive_fsck_objects >= 0
1466                             ? receive_fsck_objects
1467                             : transfer_fsck_objects >= 0
1468                             ? transfer_fsck_objects
1469                             : 0);
1470
1471         hdr_err = parse_pack_header(&hdr);
1472         if (hdr_err) {
1473                 if (err_fd > 0)
1474                         close(err_fd);
1475                 return hdr_err;
1476         }
1477         snprintf(hdr_arg, sizeof(hdr_arg),
1478                         "--pack_header=%"PRIu32",%"PRIu32,
1479                         ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1480
1481         if (si->nr_ours || si->nr_theirs) {
1482                 alt_shallow_file = setup_temporary_shallow(si->shallow);
1483                 argv_array_push(&child.args, "--shallow-file");
1484                 argv_array_push(&child.args, alt_shallow_file);
1485         }
1486
1487         if (ntohl(hdr.hdr_entries) < unpack_limit) {
1488                 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1489                 if (quiet)
1490                         argv_array_push(&child.args, "-q");
1491                 if (fsck_objects)
1492                         argv_array_push(&child.args, "--strict");
1493                 child.no_stdout = 1;
1494                 child.err = err_fd;
1495                 child.git_cmd = 1;
1496                 status = run_command(&child);
1497                 if (status)
1498                         return "unpack-objects abnormal exit";
1499         } else {
1500                 int s;
1501                 char keep_arg[256];
1502
1503                 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1504                 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1505                         strcpy(keep_arg + s, "localhost");
1506
1507                 argv_array_pushl(&child.args, "index-pack",
1508                                  "--stdin", hdr_arg, keep_arg, NULL);
1509                 if (fsck_objects)
1510                         argv_array_push(&child.args, "--strict");
1511                 if (fix_thin)
1512                         argv_array_push(&child.args, "--fix-thin");
1513                 child.out = -1;
1514                 child.err = err_fd;
1515                 child.git_cmd = 1;
1516                 status = start_command(&child);
1517                 if (status)
1518                         return "index-pack fork failed";
1519                 pack_lockfile = index_pack_lockfile(child.out);
1520                 close(child.out);
1521                 status = finish_command(&child);
1522                 if (status)
1523                         return "index-pack abnormal exit";
1524                 reprepare_packed_git();
1525         }
1526         return NULL;
1527 }
1528
1529 static const char *unpack_with_sideband(struct shallow_info *si)
1530 {
1531         struct async muxer;
1532         const char *ret;
1533
1534         if (!use_sideband)
1535                 return unpack(0, si);
1536
1537         memset(&muxer, 0, sizeof(muxer));
1538         muxer.proc = copy_to_sideband;
1539         muxer.in = -1;
1540         if (start_async(&muxer))
1541                 return NULL;
1542
1543         ret = unpack(muxer.in, si);
1544
1545         finish_async(&muxer);
1546         return ret;
1547 }
1548
1549 static void prepare_shallow_update(struct command *commands,
1550                                    struct shallow_info *si)
1551 {
1552         int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1553
1554         si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1555                                    si->shallow->nr);
1556         assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1557
1558         si->need_reachability_test =
1559                 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1560         si->reachable =
1561                 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1562         si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1563
1564         for (i = 0; i < si->nr_ours; i++)
1565                 si->need_reachability_test[si->ours[i]] = 1;
1566
1567         for (i = 0; i < si->shallow->nr; i++) {
1568                 if (!si->used_shallow[i])
1569                         continue;
1570                 for (j = 0; j < bitmap_size; j++) {
1571                         if (!si->used_shallow[i][j])
1572                                 continue;
1573                         si->need_reachability_test[i]++;
1574                         for (k = 0; k < 32; k++)
1575                                 if (si->used_shallow[i][j] & (1 << k))
1576                                         si->shallow_ref[j * 32 + k]++;
1577                 }
1578
1579                 /*
1580                  * true for those associated with some refs and belong
1581                  * in "ours" list aka "step 7 not done yet"
1582                  */
1583                 si->need_reachability_test[i] =
1584                         si->need_reachability_test[i] > 1;
1585         }
1586
1587         /*
1588          * keep hooks happy by forcing a temporary shallow file via
1589          * env variable because we can't add --shallow-file to every
1590          * command. check_everything_connected() will be done with
1591          * true .git/shallow though.
1592          */
1593         setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1594 }
1595
1596 static void update_shallow_info(struct command *commands,
1597                                 struct shallow_info *si,
1598                                 struct sha1_array *ref)
1599 {
1600         struct command *cmd;
1601         int *ref_status;
1602         remove_nonexistent_theirs_shallow(si);
1603         if (!si->nr_ours && !si->nr_theirs) {
1604                 shallow_update = 0;
1605                 return;
1606         }
1607
1608         for (cmd = commands; cmd; cmd = cmd->next) {
1609                 if (is_null_sha1(cmd->new_sha1))
1610                         continue;
1611                 sha1_array_append(ref, cmd->new_sha1);
1612                 cmd->index = ref->nr - 1;
1613         }
1614         si->ref = ref;
1615
1616         if (shallow_update) {
1617                 prepare_shallow_update(commands, si);
1618                 return;
1619         }
1620
1621         ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1622         assign_shallow_commits_to_refs(si, NULL, ref_status);
1623         for (cmd = commands; cmd; cmd = cmd->next) {
1624                 if (is_null_sha1(cmd->new_sha1))
1625                         continue;
1626                 if (ref_status[cmd->index]) {
1627                         cmd->error_string = "shallow update not allowed";
1628                         cmd->skip_update = 1;
1629                 }
1630         }
1631         free(ref_status);
1632 }
1633
1634 static void report(struct command *commands, const char *unpack_status)
1635 {
1636         struct command *cmd;
1637         struct strbuf buf = STRBUF_INIT;
1638
1639         packet_buf_write(&buf, "unpack %s\n",
1640                          unpack_status ? unpack_status : "ok");
1641         for (cmd = commands; cmd; cmd = cmd->next) {
1642                 if (!cmd->error_string)
1643                         packet_buf_write(&buf, "ok %s\n",
1644                                          cmd->ref_name);
1645                 else
1646                         packet_buf_write(&buf, "ng %s %s\n",
1647                                          cmd->ref_name, cmd->error_string);
1648         }
1649         packet_buf_flush(&buf);
1650
1651         if (use_sideband)
1652                 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1653         else
1654                 write_or_die(1, buf.buf, buf.len);
1655         strbuf_release(&buf);
1656 }
1657
1658 static int delete_only(struct command *commands)
1659 {
1660         struct command *cmd;
1661         for (cmd = commands; cmd; cmd = cmd->next) {
1662                 if (!is_null_sha1(cmd->new_sha1))
1663                         return 0;
1664         }
1665         return 1;
1666 }
1667
1668 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1669 {
1670         int advertise_refs = 0;
1671         int i;
1672         struct command *commands;
1673         struct sha1_array shallow = SHA1_ARRAY_INIT;
1674         struct sha1_array ref = SHA1_ARRAY_INIT;
1675         struct shallow_info si;
1676
1677         packet_trace_identity("receive-pack");
1678
1679         argv++;
1680         for (i = 1; i < argc; i++) {
1681                 const char *arg = *argv++;
1682
1683                 if (*arg == '-') {
1684                         if (!strcmp(arg, "--quiet")) {
1685                                 quiet = 1;
1686                                 continue;
1687                         }
1688
1689                         if (!strcmp(arg, "--advertise-refs")) {
1690                                 advertise_refs = 1;
1691                                 continue;
1692                         }
1693                         if (!strcmp(arg, "--stateless-rpc")) {
1694                                 stateless_rpc = 1;
1695                                 continue;
1696                         }
1697                         if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1698                                 fix_thin = 0;
1699                                 continue;
1700                         }
1701
1702                         usage(receive_pack_usage);
1703                 }
1704                 if (service_dir)
1705                         usage(receive_pack_usage);
1706                 service_dir = arg;
1707         }
1708         if (!service_dir)
1709                 usage(receive_pack_usage);
1710
1711         setup_path();
1712
1713         if (!enter_repo(service_dir, 0))
1714                 die("'%s' does not appear to be a git repository", service_dir);
1715
1716         git_config(receive_pack_config, NULL);
1717         if (cert_nonce_seed)
1718                 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1719
1720         if (0 <= transfer_unpack_limit)
1721                 unpack_limit = transfer_unpack_limit;
1722         else if (0 <= receive_unpack_limit)
1723                 unpack_limit = receive_unpack_limit;
1724
1725         if (advertise_refs || !stateless_rpc) {
1726                 write_head_info();
1727         }
1728         if (advertise_refs)
1729                 return 0;
1730
1731         if ((commands = read_head_info(&shallow)) != NULL) {
1732                 const char *unpack_status = NULL;
1733
1734                 prepare_shallow_info(&si, &shallow);
1735                 if (!si.nr_ours && !si.nr_theirs)
1736                         shallow_update = 0;
1737                 if (!delete_only(commands)) {
1738                         unpack_status = unpack_with_sideband(&si);
1739                         update_shallow_info(commands, &si, &ref);
1740                 }
1741                 execute_commands(commands, unpack_status, &si);
1742                 if (pack_lockfile)
1743                         unlink_or_warn(pack_lockfile);
1744                 if (report_status)
1745                         report(commands, unpack_status);
1746                 run_receive_hook(commands, "post-receive", 1);
1747                 run_update_post_hook(commands);
1748                 if (auto_gc) {
1749                         const char *argv_gc_auto[] = {
1750                                 "gc", "--auto", "--quiet", NULL,
1751                         };
1752                         int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1753                         run_command_v_opt(argv_gc_auto, opt);
1754                 }
1755                 if (auto_update_server_info)
1756                         update_server_info(0);
1757                 clear_shallow_info(&si);
1758         }
1759         if (use_sideband)
1760                 packet_flush(1);
1761         sha1_array_clear(&shallow);
1762         sha1_array_clear(&ref);
1763         free((void *)push_cert_nonce);
1764         return 0;
1765 }