7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int advertise_atomic_push = 1;
42 static int unpack_limit = 100;
43 static int report_status;
44 static int use_sideband;
45 static int use_atomic;
47 static int prefer_ofs_delta = 1;
48 static int auto_update_server_info;
49 static int auto_gc = 1;
50 static int fix_thin = 1;
51 static int stateless_rpc;
52 static const char *service_dir;
53 static const char *head_name;
54 static void *head_name_to_free;
55 static int sent_capabilities;
56 static int shallow_update;
57 static const char *alt_shallow_file;
58 static struct strbuf push_cert = STRBUF_INIT;
59 static unsigned char push_cert_sha1[20];
60 static struct signature_check sigcheck;
61 static const char *push_cert_nonce;
62 static const char *cert_nonce_seed;
64 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65 static const char *NONCE_BAD = "BAD";
66 static const char *NONCE_MISSING = "MISSING";
67 static const char *NONCE_OK = "OK";
68 static const char *NONCE_SLOP = "SLOP";
69 static const char *nonce_status;
70 static long nonce_stamp_slop;
71 static unsigned long nonce_stamp_slop_limit;
72 static struct ref_transaction *transaction;
74 static enum deny_action parse_deny_action(const char *var, const char *value)
77 if (!strcasecmp(value, "ignore"))
79 if (!strcasecmp(value, "warn"))
81 if (!strcasecmp(value, "refuse"))
83 if (!strcasecmp(value, "updateinstead"))
84 return DENY_UPDATE_INSTEAD;
86 if (git_config_bool(var, value))
91 static int receive_pack_config(const char *var, const char *value, void *cb)
93 int status = parse_hide_refs_config(var, value, "receive");
98 if (strcmp(var, "receive.denydeletes") == 0) {
99 deny_deletes = git_config_bool(var, value);
103 if (strcmp(var, "receive.denynonfastforwards") == 0) {
104 deny_non_fast_forwards = git_config_bool(var, value);
108 if (strcmp(var, "receive.unpacklimit") == 0) {
109 receive_unpack_limit = git_config_int(var, value);
113 if (strcmp(var, "transfer.unpacklimit") == 0) {
114 transfer_unpack_limit = git_config_int(var, value);
118 if (strcmp(var, "receive.fsckobjects") == 0) {
119 receive_fsck_objects = git_config_bool(var, value);
123 if (strcmp(var, "transfer.fsckobjects") == 0) {
124 transfer_fsck_objects = git_config_bool(var, value);
128 if (!strcmp(var, "receive.denycurrentbranch")) {
129 deny_current_branch = parse_deny_action(var, value);
133 if (strcmp(var, "receive.denydeletecurrent") == 0) {
134 deny_delete_current = parse_deny_action(var, value);
138 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139 prefer_ofs_delta = git_config_bool(var, value);
143 if (strcmp(var, "receive.updateserverinfo") == 0) {
144 auto_update_server_info = git_config_bool(var, value);
148 if (strcmp(var, "receive.autogc") == 0) {
149 auto_gc = git_config_bool(var, value);
153 if (strcmp(var, "receive.shallowupdate") == 0) {
154 shallow_update = git_config_bool(var, value);
158 if (strcmp(var, "receive.certnonceseed") == 0)
159 return git_config_string(&cert_nonce_seed, var, value);
161 if (strcmp(var, "receive.certnonceslop") == 0) {
162 nonce_stamp_slop_limit = git_config_ulong(var, value);
166 if (strcmp(var, "receive.advertiseatomic") == 0) {
167 advertise_atomic_push = git_config_bool(var, value);
171 return git_default_config(var, value, cb);
174 static void show_ref(const char *path, const unsigned char *sha1)
176 if (ref_is_hidden(path))
179 if (sent_capabilities) {
180 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
182 struct strbuf cap = STRBUF_INIT;
185 "report-status delete-refs side-band-64k quiet");
186 if (advertise_atomic_push)
187 strbuf_addstr(&cap, " atomic");
188 if (prefer_ofs_delta)
189 strbuf_addstr(&cap, " ofs-delta");
191 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193 packet_write(1, "%s %s%c%s\n",
194 sha1_to_hex(sha1), path, 0, cap.buf);
195 strbuf_release(&cap);
196 sent_capabilities = 1;
200 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
202 path = strip_namespace(path);
204 * Advertise refs outside our current namespace as ".have"
205 * refs, so that the client can use them to minimize data
206 * transfer but will otherwise ignore them. This happens to
207 * cover ".have" that are thrown in by add_one_alternate_ref()
208 * to mark histories that are complete in our alternates as
213 show_ref(path, sha1);
217 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
219 show_ref(".have", sha1);
222 static void collect_one_alternate_ref(const struct ref *ref, void *data)
224 struct sha1_array *sa = data;
225 sha1_array_append(sa, ref->old_sha1);
228 static void write_head_info(void)
230 struct sha1_array sa = SHA1_ARRAY_INIT;
231 for_each_alternate_ref(collect_one_alternate_ref, &sa);
232 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
233 sha1_array_clear(&sa);
234 for_each_ref(show_ref_cb, NULL);
235 if (!sent_capabilities)
236 show_ref("capabilities^{}", null_sha1);
238 advertise_shallow_grafts(1);
245 struct command *next;
246 const char *error_string;
247 unsigned int skip_update:1,
250 unsigned char old_sha1[20];
251 unsigned char new_sha1[20];
252 char ref_name[FLEX_ARRAY]; /* more */
255 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
256 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
258 static void report_message(const char *prefix, const char *err, va_list params)
260 int sz = strlen(prefix);
263 strncpy(msg, prefix, sz);
264 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
265 if (sz > (sizeof(msg) - 1))
266 sz = sizeof(msg) - 1;
270 send_sideband(1, 2, msg, sz, use_sideband);
275 static void rp_warning(const char *err, ...)
278 va_start(params, err);
279 report_message("warning: ", err, params);
283 static void rp_error(const char *err, ...)
286 va_start(params, err);
287 report_message("error: ", err, params);
291 static int copy_to_sideband(int in, int out, void *arg)
295 ssize_t sz = xread(in, data, sizeof(data));
298 send_sideband(1, 2, data, sz, use_sideband);
304 #define HMAC_BLOCK_SIZE 64
306 static void hmac_sha1(unsigned char *out,
307 const char *key_in, size_t key_len,
308 const char *text, size_t text_len)
310 unsigned char key[HMAC_BLOCK_SIZE];
311 unsigned char k_ipad[HMAC_BLOCK_SIZE];
312 unsigned char k_opad[HMAC_BLOCK_SIZE];
316 /* RFC 2104 2. (1) */
317 memset(key, '\0', HMAC_BLOCK_SIZE);
318 if (HMAC_BLOCK_SIZE < key_len) {
320 git_SHA1_Update(&ctx, key_in, key_len);
321 git_SHA1_Final(key, &ctx);
323 memcpy(key, key_in, key_len);
326 /* RFC 2104 2. (2) & (5) */
327 for (i = 0; i < sizeof(key); i++) {
328 k_ipad[i] = key[i] ^ 0x36;
329 k_opad[i] = key[i] ^ 0x5c;
332 /* RFC 2104 2. (3) & (4) */
334 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
335 git_SHA1_Update(&ctx, text, text_len);
336 git_SHA1_Final(out, &ctx);
338 /* RFC 2104 2. (6) & (7) */
340 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
341 git_SHA1_Update(&ctx, out, 20);
342 git_SHA1_Final(out, &ctx);
345 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
347 struct strbuf buf = STRBUF_INIT;
348 unsigned char sha1[20];
350 strbuf_addf(&buf, "%s:%lu", path, stamp);
351 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
352 strbuf_release(&buf);
354 /* RFC 2104 5. HMAC-SHA1-80 */
355 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
356 return strbuf_detach(&buf, NULL);
360 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
361 * after dropping "_commit" from its name and possibly moving it out
364 static char *find_header(const char *msg, size_t len, const char *key)
366 int key_len = strlen(key);
367 const char *line = msg;
369 while (line && line < msg + len) {
370 const char *eol = strchrnul(line, '\n');
372 if ((msg + len <= eol) || line == eol)
374 if (line + key_len < eol &&
375 !memcmp(line, key, key_len) && line[key_len] == ' ') {
376 int offset = key_len + 1;
377 return xmemdupz(line + offset, (eol - line) - offset);
379 line = *eol ? eol + 1 : NULL;
384 static const char *check_nonce(const char *buf, size_t len)
386 char *nonce = find_header(buf, len, "nonce");
387 unsigned long stamp, ostamp;
388 char *bohmac, *expect = NULL;
389 const char *retval = NONCE_BAD;
392 retval = NONCE_MISSING;
394 } else if (!push_cert_nonce) {
395 retval = NONCE_UNSOLICITED;
397 } else if (!strcmp(push_cert_nonce, nonce)) {
402 if (!stateless_rpc) {
403 /* returned nonce MUST match what we gave out earlier */
409 * In stateless mode, we may be receiving a nonce issued by
410 * another instance of the server that serving the same
411 * repository, and the timestamps may not match, but the
412 * nonce-seed and dir should match, so we can recompute and
413 * report the time slop.
415 * In addition, when a nonce issued by another instance has
416 * timestamp within receive.certnonceslop seconds, we pretend
417 * as if we issued that nonce when reporting to the hook.
420 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
421 if (*nonce <= '0' || '9' < *nonce) {
425 stamp = strtoul(nonce, &bohmac, 10);
426 if (bohmac == nonce || bohmac[0] != '-') {
431 expect = prepare_push_cert_nonce(service_dir, stamp);
432 if (strcmp(expect, nonce)) {
433 /* Not what we would have signed earlier */
439 * By how many seconds is this nonce stale? Negative value
440 * would mean it was issued by another server with its clock
441 * skewed in the future.
443 ostamp = strtoul(push_cert_nonce, NULL, 10);
444 nonce_stamp_slop = (long)ostamp - (long)stamp;
446 if (nonce_stamp_slop_limit &&
447 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
449 * Pretend as if the received nonce (which passes the
450 * HMAC check, so it is not a forged by third-party)
453 free((void *)push_cert_nonce);
454 push_cert_nonce = xstrdup(nonce);
466 static void prepare_push_cert_sha1(struct child_process *proc)
468 static int already_done;
474 struct strbuf gpg_output = STRBUF_INIT;
475 struct strbuf gpg_status = STRBUF_INIT;
476 int bogs /* beginning_of_gpg_sig */;
479 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
480 hashclr(push_cert_sha1);
482 memset(&sigcheck, '\0', sizeof(sigcheck));
483 sigcheck.result = 'N';
485 bogs = parse_signature(push_cert.buf, push_cert.len);
486 if (verify_signed_buffer(push_cert.buf, bogs,
487 push_cert.buf + bogs, push_cert.len - bogs,
488 &gpg_output, &gpg_status) < 0) {
489 ; /* error running gpg */
491 sigcheck.payload = push_cert.buf;
492 sigcheck.gpg_output = gpg_output.buf;
493 sigcheck.gpg_status = gpg_status.buf;
494 parse_gpg_output(&sigcheck);
497 strbuf_release(&gpg_output);
498 strbuf_release(&gpg_status);
499 nonce_status = check_nonce(push_cert.buf, bogs);
501 if (!is_null_sha1(push_cert_sha1)) {
502 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
503 sha1_to_hex(push_cert_sha1));
504 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
505 sigcheck.signer ? sigcheck.signer : "");
506 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
507 sigcheck.key ? sigcheck.key : "");
508 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
510 if (push_cert_nonce) {
511 argv_array_pushf(&proc->env_array,
512 "GIT_PUSH_CERT_NONCE=%s",
514 argv_array_pushf(&proc->env_array,
515 "GIT_PUSH_CERT_NONCE_STATUS=%s",
517 if (nonce_status == NONCE_SLOP)
518 argv_array_pushf(&proc->env_array,
519 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
525 typedef int (*feed_fn)(void *, const char **, size_t *);
526 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
528 struct child_process proc = CHILD_PROCESS_INIT;
533 argv[0] = find_hook(hook_name);
541 proc.stdout_to_stderr = 1;
544 memset(&muxer, 0, sizeof(muxer));
545 muxer.proc = copy_to_sideband;
547 code = start_async(&muxer);
553 prepare_push_cert_sha1(&proc);
555 code = start_command(&proc);
558 finish_async(&muxer);
562 sigchain_push(SIGPIPE, SIG_IGN);
567 if (feed(feed_state, &buf, &n))
569 if (write_in_full(proc.in, buf, n) != n)
574 finish_async(&muxer);
576 sigchain_pop(SIGPIPE);
578 return finish_command(&proc);
581 struct receive_hook_feed_state {
587 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
589 struct receive_hook_feed_state *state = state_;
590 struct command *cmd = state->cmd;
593 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
597 strbuf_reset(&state->buf);
598 strbuf_addf(&state->buf, "%s %s %s\n",
599 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
601 state->cmd = cmd->next;
603 *bufp = state->buf.buf;
604 *sizep = state->buf.len;
609 static int run_receive_hook(struct command *commands, const char *hook_name,
612 struct receive_hook_feed_state state;
615 strbuf_init(&state.buf, 0);
616 state.cmd = commands;
617 state.skip_broken = skip_broken;
618 if (feed_receive_hook(&state, NULL, NULL))
620 state.cmd = commands;
621 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
622 strbuf_release(&state.buf);
626 static int run_update_hook(struct command *cmd)
629 struct child_process proc = CHILD_PROCESS_INIT;
632 argv[0] = find_hook("update");
636 argv[1] = cmd->ref_name;
637 argv[2] = sha1_to_hex(cmd->old_sha1);
638 argv[3] = sha1_to_hex(cmd->new_sha1);
642 proc.stdout_to_stderr = 1;
643 proc.err = use_sideband ? -1 : 0;
646 code = start_command(&proc);
650 copy_to_sideband(proc.err, -1, NULL);
651 return finish_command(&proc);
654 static int is_ref_checked_out(const char *ref)
656 if (is_bare_repository())
661 return !strcmp(head_name, ref);
664 static char *refuse_unconfigured_deny_msg[] = {
665 "By default, updating the current branch in a non-bare repository",
666 "is denied, because it will make the index and work tree inconsistent",
667 "with what you pushed, and will require 'git reset --hard' to match",
668 "the work tree to HEAD.",
670 "You can set 'receive.denyCurrentBranch' configuration variable to",
671 "'ignore' or 'warn' in the remote repository to allow pushing into",
672 "its current branch; however, this is not recommended unless you",
673 "arranged to update its work tree to match what you pushed in some",
676 "To squelch this message and still keep the default behaviour, set",
677 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
680 static void refuse_unconfigured_deny(void)
683 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
684 rp_error("%s", refuse_unconfigured_deny_msg[i]);
687 static char *refuse_unconfigured_deny_delete_current_msg[] = {
688 "By default, deleting the current branch is denied, because the next",
689 "'git clone' won't result in any file checked out, causing confusion.",
691 "You can set 'receive.denyDeleteCurrent' configuration variable to",
692 "'warn' or 'ignore' in the remote repository to allow deleting the",
693 "current branch, with or without a warning message.",
695 "To squelch this message, you can set it to 'refuse'."
698 static void refuse_unconfigured_deny_delete_current(void)
702 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
704 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
707 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
708 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
710 static struct lock_file shallow_lock;
711 struct sha1_array extra = SHA1_ARRAY_INIT;
712 const char *alt_file;
713 uint32_t mask = 1 << (cmd->index % 32);
716 trace_printf_key(&trace_shallow,
717 "shallow: update_shallow_ref %s\n", cmd->ref_name);
718 for (i = 0; i < si->shallow->nr; i++)
719 if (si->used_shallow[i] &&
720 (si->used_shallow[i][cmd->index / 32] & mask) &&
721 !delayed_reachability_test(si, i))
722 sha1_array_append(&extra, si->shallow->sha1[i]);
724 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
725 if (check_shallow_connected(command_singleton_iterator,
727 rollback_lock_file(&shallow_lock);
728 sha1_array_clear(&extra);
732 commit_lock_file(&shallow_lock);
735 * Make sure setup_alternate_shallow() for the next ref does
736 * not lose these new roots..
738 for (i = 0; i < extra.nr; i++)
739 register_shallow(extra.sha1[i]);
741 si->shallow_ref[cmd->index] = 0;
742 sha1_array_clear(&extra);
747 * NEEDSWORK: we should consolidate various implementions of "are we
748 * on an unborn branch?" test into one, and make the unified one more
749 * robust. !get_sha1() based check used here and elsewhere would not
750 * allow us to tell an unborn branch from corrupt ref, for example.
751 * For the purpose of fixing "deploy-to-update does not work when
752 * pushing into an empty repository" issue, this should suffice for
755 static int head_has_history(void)
757 unsigned char sha1[20];
759 return !get_sha1("HEAD", sha1);
762 static const char *push_to_deploy(unsigned char *sha1,
763 struct argv_array *env,
764 const char *work_tree)
766 const char *update_refresh[] = {
767 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
769 const char *diff_files[] = {
770 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
772 const char *diff_index[] = {
773 "diff-index", "--quiet", "--cached", "--ignore-submodules",
776 const char *read_tree[] = {
777 "read-tree", "-u", "-m", NULL, NULL
779 struct child_process child = CHILD_PROCESS_INIT;
781 child.argv = update_refresh;
782 child.env = env->argv;
783 child.dir = work_tree;
785 child.stdout_to_stderr = 1;
787 if (run_command(&child))
788 return "Up-to-date check failed";
790 /* run_command() does not clean up completely; reinitialize */
791 child_process_init(&child);
792 child.argv = diff_files;
793 child.env = env->argv;
794 child.dir = work_tree;
796 child.stdout_to_stderr = 1;
798 if (run_command(&child))
799 return "Working directory has unstaged changes";
801 /* diff-index with either HEAD or an empty tree */
802 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
804 child_process_init(&child);
805 child.argv = diff_index;
806 child.env = env->argv;
809 child.stdout_to_stderr = 0;
811 if (run_command(&child))
812 return "Working directory has staged changes";
814 read_tree[3] = sha1_to_hex(sha1);
815 child_process_init(&child);
816 child.argv = read_tree;
817 child.env = env->argv;
818 child.dir = work_tree;
821 child.stdout_to_stderr = 0;
823 if (run_command(&child))
824 return "Could not update working tree to new HEAD";
829 static const char *push_to_checkout_hook = "push-to-checkout";
831 static const char *push_to_checkout(unsigned char *sha1,
832 struct argv_array *env,
833 const char *work_tree)
835 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
836 if (run_hook_le(env->argv, push_to_checkout_hook,
837 sha1_to_hex(sha1), NULL))
838 return "push-to-checkout hook declined";
843 static const char *update_worktree(unsigned char *sha1)
846 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
847 struct argv_array env = ARGV_ARRAY_INIT;
849 if (is_bare_repository())
850 return "denyCurrentBranch = updateInstead needs a worktree";
852 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
854 if (!find_hook(push_to_checkout_hook))
855 retval = push_to_deploy(sha1, &env, work_tree);
857 retval = push_to_checkout(sha1, &env, work_tree);
859 argv_array_clear(&env);
863 static const char *update(struct command *cmd, struct shallow_info *si)
865 const char *name = cmd->ref_name;
866 struct strbuf namespaced_name_buf = STRBUF_INIT;
867 const char *namespaced_name, *ret;
868 unsigned char *old_sha1 = cmd->old_sha1;
869 unsigned char *new_sha1 = cmd->new_sha1;
871 /* only refs/... are allowed */
872 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
873 rp_error("refusing to create funny ref '%s' remotely", name);
874 return "funny refname";
877 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
878 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
880 if (is_ref_checked_out(namespaced_name)) {
881 switch (deny_current_branch) {
885 rp_warning("updating the current branch");
888 case DENY_UNCONFIGURED:
889 rp_error("refusing to update checked out branch: %s", name);
890 if (deny_current_branch == DENY_UNCONFIGURED)
891 refuse_unconfigured_deny();
892 return "branch is currently checked out";
893 case DENY_UPDATE_INSTEAD:
894 ret = update_worktree(new_sha1);
901 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
902 error("unpack should have generated %s, "
903 "but I can't find it!", sha1_to_hex(new_sha1));
907 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
908 if (deny_deletes && starts_with(name, "refs/heads/")) {
909 rp_error("denying ref deletion for %s", name);
910 return "deletion prohibited";
913 if (!strcmp(namespaced_name, head_name)) {
914 switch (deny_delete_current) {
918 rp_warning("deleting the current branch");
921 case DENY_UNCONFIGURED:
922 case DENY_UPDATE_INSTEAD:
923 if (deny_delete_current == DENY_UNCONFIGURED)
924 refuse_unconfigured_deny_delete_current();
925 rp_error("refusing to delete the current branch: %s", name);
926 return "deletion of the current branch prohibited";
928 return "Invalid denyDeleteCurrent setting";
933 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
934 !is_null_sha1(old_sha1) &&
935 starts_with(name, "refs/heads/")) {
936 struct object *old_object, *new_object;
937 struct commit *old_commit, *new_commit;
939 old_object = parse_object(old_sha1);
940 new_object = parse_object(new_sha1);
942 if (!old_object || !new_object ||
943 old_object->type != OBJ_COMMIT ||
944 new_object->type != OBJ_COMMIT) {
945 error("bad sha1 objects for %s", name);
948 old_commit = (struct commit *)old_object;
949 new_commit = (struct commit *)new_object;
950 if (!in_merge_bases(old_commit, new_commit)) {
951 rp_error("denying non-fast-forward %s"
952 " (you should pull first)", name);
953 return "non-fast-forward";
956 if (run_update_hook(cmd)) {
957 rp_error("hook declined to update %s", name);
958 return "hook declined";
961 if (is_null_sha1(new_sha1)) {
962 struct strbuf err = STRBUF_INIT;
963 if (!parse_object(old_sha1)) {
965 if (ref_exists(name)) {
966 rp_warning("Allowing deletion of corrupt ref.");
968 rp_warning("Deleting a non-existent ref.");
969 cmd->did_not_exist = 1;
972 if (ref_transaction_delete(transaction,
976 rp_error("%s", err.buf);
977 strbuf_release(&err);
978 return "failed to delete";
980 strbuf_release(&err);
981 return NULL; /* good */
984 struct strbuf err = STRBUF_INIT;
985 if (shallow_update && si->shallow_ref[cmd->index] &&
986 update_shallow_ref(cmd, si))
987 return "shallow error";
989 if (ref_transaction_update(transaction,
994 rp_error("%s", err.buf);
995 strbuf_release(&err);
997 return "failed to update ref";
999 strbuf_release(&err);
1001 return NULL; /* good */
1005 static void run_update_post_hook(struct command *commands)
1007 struct command *cmd;
1010 struct child_process proc = CHILD_PROCESS_INIT;
1013 hook = find_hook("post-update");
1014 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1015 if (cmd->error_string || cmd->did_not_exist)
1022 argv = xmalloc(sizeof(*argv) * (2 + argc));
1025 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1026 if (cmd->error_string || cmd->did_not_exist)
1028 argv[argc] = xstrdup(cmd->ref_name);
1034 proc.stdout_to_stderr = 1;
1035 proc.err = use_sideband ? -1 : 0;
1038 if (!start_command(&proc)) {
1040 copy_to_sideband(proc.err, -1, NULL);
1041 finish_command(&proc);
1045 static void check_aliased_update(struct command *cmd, struct string_list *list)
1047 struct strbuf buf = STRBUF_INIT;
1048 const char *dst_name;
1049 struct string_list_item *item;
1050 struct command *dst_cmd;
1051 unsigned char sha1[20];
1052 char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1055 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1056 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1057 strbuf_release(&buf);
1059 if (!(flag & REF_ISSYMREF))
1062 dst_name = strip_namespace(dst_name);
1064 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1065 cmd->skip_update = 1;
1066 cmd->error_string = "broken symref";
1070 if ((item = string_list_lookup(list, dst_name)) == NULL)
1073 cmd->skip_update = 1;
1075 dst_cmd = (struct command *) item->util;
1077 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1078 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1081 dst_cmd->skip_update = 1;
1083 strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1084 strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1085 strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1086 strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1087 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1088 " its target '%s' (%s..%s)",
1089 cmd->ref_name, cmd_oldh, cmd_newh,
1090 dst_cmd->ref_name, dst_oldh, dst_newh);
1092 cmd->error_string = dst_cmd->error_string =
1093 "inconsistent aliased update";
1096 static void check_aliased_updates(struct command *commands)
1098 struct command *cmd;
1099 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1101 for (cmd = commands; cmd; cmd = cmd->next) {
1102 struct string_list_item *item =
1103 string_list_append(&ref_list, cmd->ref_name);
1104 item->util = (void *)cmd;
1106 string_list_sort(&ref_list);
1108 for (cmd = commands; cmd; cmd = cmd->next) {
1109 if (!cmd->error_string)
1110 check_aliased_update(cmd, &ref_list);
1113 string_list_clear(&ref_list, 0);
1116 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1118 struct command **cmd_list = cb_data;
1119 struct command *cmd = *cmd_list;
1121 if (!cmd || is_null_sha1(cmd->new_sha1))
1122 return -1; /* end of list */
1123 *cmd_list = NULL; /* this returns only one */
1124 hashcpy(sha1, cmd->new_sha1);
1128 static void set_connectivity_errors(struct command *commands,
1129 struct shallow_info *si)
1131 struct command *cmd;
1133 for (cmd = commands; cmd; cmd = cmd->next) {
1134 struct command *singleton = cmd;
1135 if (shallow_update && si->shallow_ref[cmd->index])
1136 /* to be checked in update_shallow_ref() */
1138 if (!check_everything_connected(command_singleton_iterator,
1141 cmd->error_string = "missing necessary objects";
1145 struct iterate_data {
1146 struct command *cmds;
1147 struct shallow_info *si;
1150 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1152 struct iterate_data *data = cb_data;
1153 struct command **cmd_list = &data->cmds;
1154 struct command *cmd = *cmd_list;
1156 for (; cmd; cmd = cmd->next) {
1157 if (shallow_update && data->si->shallow_ref[cmd->index])
1158 /* to be checked in update_shallow_ref() */
1160 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1161 hashcpy(sha1, cmd->new_sha1);
1162 *cmd_list = cmd->next;
1167 return -1; /* end of list */
1170 static void reject_updates_to_hidden(struct command *commands)
1172 struct command *cmd;
1174 for (cmd = commands; cmd; cmd = cmd->next) {
1175 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1177 if (is_null_sha1(cmd->new_sha1))
1178 cmd->error_string = "deny deleting a hidden ref";
1180 cmd->error_string = "deny updating a hidden ref";
1184 static int should_process_cmd(struct command *cmd)
1186 return !cmd->error_string && !cmd->skip_update;
1189 static void warn_if_skipped_connectivity_check(struct command *commands,
1190 struct shallow_info *si)
1192 struct command *cmd;
1193 int checked_connectivity = 1;
1195 for (cmd = commands; cmd; cmd = cmd->next) {
1196 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1197 error("BUG: connectivity check has not been run on ref %s",
1199 checked_connectivity = 0;
1202 if (!checked_connectivity)
1203 die("BUG: connectivity check skipped???");
1206 static void execute_commands_non_atomic(struct command *commands,
1207 struct shallow_info *si)
1209 struct command *cmd;
1210 struct strbuf err = STRBUF_INIT;
1212 for (cmd = commands; cmd; cmd = cmd->next) {
1213 if (!should_process_cmd(cmd))
1216 transaction = ref_transaction_begin(&err);
1218 rp_error("%s", err.buf);
1220 cmd->error_string = "transaction failed to start";
1224 cmd->error_string = update(cmd, si);
1226 if (!cmd->error_string
1227 && ref_transaction_commit(transaction, &err)) {
1228 rp_error("%s", err.buf);
1230 cmd->error_string = "failed to update ref";
1232 ref_transaction_free(transaction);
1234 strbuf_release(&err);
1237 static void execute_commands_atomic(struct command *commands,
1238 struct shallow_info *si)
1240 struct command *cmd;
1241 struct strbuf err = STRBUF_INIT;
1242 const char *reported_error = "atomic push failure";
1244 transaction = ref_transaction_begin(&err);
1246 rp_error("%s", err.buf);
1248 reported_error = "transaction failed to start";
1252 for (cmd = commands; cmd; cmd = cmd->next) {
1253 if (!should_process_cmd(cmd))
1256 cmd->error_string = update(cmd, si);
1258 if (cmd->error_string)
1262 if (ref_transaction_commit(transaction, &err)) {
1263 rp_error("%s", err.buf);
1264 reported_error = "atomic transaction failed";
1270 for (cmd = commands; cmd; cmd = cmd->next)
1271 if (!cmd->error_string)
1272 cmd->error_string = reported_error;
1275 ref_transaction_free(transaction);
1276 strbuf_release(&err);
1279 static void execute_commands(struct command *commands,
1280 const char *unpacker_error,
1281 struct shallow_info *si)
1283 struct command *cmd;
1284 unsigned char sha1[20];
1285 struct iterate_data data;
1287 if (unpacker_error) {
1288 for (cmd = commands; cmd; cmd = cmd->next)
1289 cmd->error_string = "unpacker error";
1293 data.cmds = commands;
1295 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1296 set_connectivity_errors(commands, si);
1298 reject_updates_to_hidden(commands);
1300 if (run_receive_hook(commands, "pre-receive", 0)) {
1301 for (cmd = commands; cmd; cmd = cmd->next) {
1302 if (!cmd->error_string)
1303 cmd->error_string = "pre-receive hook declined";
1308 check_aliased_updates(commands);
1310 free(head_name_to_free);
1311 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1314 execute_commands_atomic(commands, si);
1316 execute_commands_non_atomic(commands, si);
1319 warn_if_skipped_connectivity_check(commands, si);
1322 static struct command **queue_command(struct command **tail,
1326 unsigned char old_sha1[20], new_sha1[20];
1327 struct command *cmd;
1328 const char *refname;
1334 get_sha1_hex(line, old_sha1) ||
1335 get_sha1_hex(line + 41, new_sha1))
1336 die("protocol error: expected old/new/ref, got '%s'", line);
1338 refname = line + 82;
1339 reflen = linelen - 82;
1340 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1341 hashcpy(cmd->old_sha1, old_sha1);
1342 hashcpy(cmd->new_sha1, new_sha1);
1343 memcpy(cmd->ref_name, refname, reflen);
1344 cmd->ref_name[reflen] = '\0';
1349 static void queue_commands_from_cert(struct command **tail,
1350 struct strbuf *push_cert)
1352 const char *boc, *eoc;
1355 die("protocol error: got both push certificate and unsigned commands");
1357 boc = strstr(push_cert->buf, "\n\n");
1359 die("malformed push certificate %.*s", 100, push_cert->buf);
1362 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1365 const char *eol = memchr(boc, '\n', eoc - boc);
1366 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1367 boc = eol ? eol + 1 : eoc;
1371 static struct command *read_head_info(struct sha1_array *shallow)
1373 struct command *commands = NULL;
1374 struct command **p = &commands;
1379 line = packet_read_line(0, &len);
1383 if (len == 48 && starts_with(line, "shallow ")) {
1384 unsigned char sha1[20];
1385 if (get_sha1_hex(line + 8, sha1))
1386 die("protocol error: expected shallow sha, got '%s'",
1388 sha1_array_append(shallow, sha1);
1392 linelen = strlen(line);
1393 if (linelen < len) {
1394 const char *feature_list = line + linelen + 1;
1395 if (parse_feature_request(feature_list, "report-status"))
1397 if (parse_feature_request(feature_list, "side-band-64k"))
1398 use_sideband = LARGE_PACKET_MAX;
1399 if (parse_feature_request(feature_list, "quiet"))
1401 if (advertise_atomic_push
1402 && parse_feature_request(feature_list, "atomic"))
1406 if (!strcmp(line, "push-cert")) {
1411 len = packet_read(0, NULL, NULL,
1412 certbuf, sizeof(certbuf), 0);
1417 if (!strcmp(certbuf, "push-cert-end\n"))
1418 break; /* end of cert */
1419 strbuf_addstr(&push_cert, certbuf);
1427 p = queue_command(p, line, linelen);
1431 queue_commands_from_cert(p, &push_cert);
1436 static const char *parse_pack_header(struct pack_header *hdr)
1438 switch (read_pack_header(0, hdr)) {
1440 return "eof before pack header was fully read";
1442 case PH_ERROR_PACK_SIGNATURE:
1443 return "protocol error (pack signature mismatch detected)";
1445 case PH_ERROR_PROTOCOL:
1446 return "protocol error (pack version unsupported)";
1449 return "unknown error in parse_pack_header";
1456 static const char *pack_lockfile;
1458 static const char *unpack(int err_fd, struct shallow_info *si)
1460 struct pack_header hdr;
1461 const char *hdr_err;
1464 struct child_process child = CHILD_PROCESS_INIT;
1465 int fsck_objects = (receive_fsck_objects >= 0
1466 ? receive_fsck_objects
1467 : transfer_fsck_objects >= 0
1468 ? transfer_fsck_objects
1471 hdr_err = parse_pack_header(&hdr);
1477 snprintf(hdr_arg, sizeof(hdr_arg),
1478 "--pack_header=%"PRIu32",%"PRIu32,
1479 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1481 if (si->nr_ours || si->nr_theirs) {
1482 alt_shallow_file = setup_temporary_shallow(si->shallow);
1483 argv_array_push(&child.args, "--shallow-file");
1484 argv_array_push(&child.args, alt_shallow_file);
1487 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1488 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1490 argv_array_push(&child.args, "-q");
1492 argv_array_push(&child.args, "--strict");
1493 child.no_stdout = 1;
1496 status = run_command(&child);
1498 return "unpack-objects abnormal exit";
1503 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1504 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1505 strcpy(keep_arg + s, "localhost");
1507 argv_array_pushl(&child.args, "index-pack",
1508 "--stdin", hdr_arg, keep_arg, NULL);
1510 argv_array_push(&child.args, "--strict");
1512 argv_array_push(&child.args, "--fix-thin");
1516 status = start_command(&child);
1518 return "index-pack fork failed";
1519 pack_lockfile = index_pack_lockfile(child.out);
1521 status = finish_command(&child);
1523 return "index-pack abnormal exit";
1524 reprepare_packed_git();
1529 static const char *unpack_with_sideband(struct shallow_info *si)
1535 return unpack(0, si);
1537 memset(&muxer, 0, sizeof(muxer));
1538 muxer.proc = copy_to_sideband;
1540 if (start_async(&muxer))
1543 ret = unpack(muxer.in, si);
1545 finish_async(&muxer);
1549 static void prepare_shallow_update(struct command *commands,
1550 struct shallow_info *si)
1552 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1554 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1556 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1558 si->need_reachability_test =
1559 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1561 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1562 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1564 for (i = 0; i < si->nr_ours; i++)
1565 si->need_reachability_test[si->ours[i]] = 1;
1567 for (i = 0; i < si->shallow->nr; i++) {
1568 if (!si->used_shallow[i])
1570 for (j = 0; j < bitmap_size; j++) {
1571 if (!si->used_shallow[i][j])
1573 si->need_reachability_test[i]++;
1574 for (k = 0; k < 32; k++)
1575 if (si->used_shallow[i][j] & (1 << k))
1576 si->shallow_ref[j * 32 + k]++;
1580 * true for those associated with some refs and belong
1581 * in "ours" list aka "step 7 not done yet"
1583 si->need_reachability_test[i] =
1584 si->need_reachability_test[i] > 1;
1588 * keep hooks happy by forcing a temporary shallow file via
1589 * env variable because we can't add --shallow-file to every
1590 * command. check_everything_connected() will be done with
1591 * true .git/shallow though.
1593 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1596 static void update_shallow_info(struct command *commands,
1597 struct shallow_info *si,
1598 struct sha1_array *ref)
1600 struct command *cmd;
1602 remove_nonexistent_theirs_shallow(si);
1603 if (!si->nr_ours && !si->nr_theirs) {
1608 for (cmd = commands; cmd; cmd = cmd->next) {
1609 if (is_null_sha1(cmd->new_sha1))
1611 sha1_array_append(ref, cmd->new_sha1);
1612 cmd->index = ref->nr - 1;
1616 if (shallow_update) {
1617 prepare_shallow_update(commands, si);
1621 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1622 assign_shallow_commits_to_refs(si, NULL, ref_status);
1623 for (cmd = commands; cmd; cmd = cmd->next) {
1624 if (is_null_sha1(cmd->new_sha1))
1626 if (ref_status[cmd->index]) {
1627 cmd->error_string = "shallow update not allowed";
1628 cmd->skip_update = 1;
1634 static void report(struct command *commands, const char *unpack_status)
1636 struct command *cmd;
1637 struct strbuf buf = STRBUF_INIT;
1639 packet_buf_write(&buf, "unpack %s\n",
1640 unpack_status ? unpack_status : "ok");
1641 for (cmd = commands; cmd; cmd = cmd->next) {
1642 if (!cmd->error_string)
1643 packet_buf_write(&buf, "ok %s\n",
1646 packet_buf_write(&buf, "ng %s %s\n",
1647 cmd->ref_name, cmd->error_string);
1649 packet_buf_flush(&buf);
1652 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1654 write_or_die(1, buf.buf, buf.len);
1655 strbuf_release(&buf);
1658 static int delete_only(struct command *commands)
1660 struct command *cmd;
1661 for (cmd = commands; cmd; cmd = cmd->next) {
1662 if (!is_null_sha1(cmd->new_sha1))
1668 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1670 int advertise_refs = 0;
1672 struct command *commands;
1673 struct sha1_array shallow = SHA1_ARRAY_INIT;
1674 struct sha1_array ref = SHA1_ARRAY_INIT;
1675 struct shallow_info si;
1677 packet_trace_identity("receive-pack");
1680 for (i = 1; i < argc; i++) {
1681 const char *arg = *argv++;
1684 if (!strcmp(arg, "--quiet")) {
1689 if (!strcmp(arg, "--advertise-refs")) {
1693 if (!strcmp(arg, "--stateless-rpc")) {
1697 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1702 usage(receive_pack_usage);
1705 usage(receive_pack_usage);
1709 usage(receive_pack_usage);
1713 if (!enter_repo(service_dir, 0))
1714 die("'%s' does not appear to be a git repository", service_dir);
1716 git_config(receive_pack_config, NULL);
1717 if (cert_nonce_seed)
1718 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1720 if (0 <= transfer_unpack_limit)
1721 unpack_limit = transfer_unpack_limit;
1722 else if (0 <= receive_unpack_limit)
1723 unpack_limit = receive_unpack_limit;
1725 if (advertise_refs || !stateless_rpc) {
1731 if ((commands = read_head_info(&shallow)) != NULL) {
1732 const char *unpack_status = NULL;
1734 prepare_shallow_info(&si, &shallow);
1735 if (!si.nr_ours && !si.nr_theirs)
1737 if (!delete_only(commands)) {
1738 unpack_status = unpack_with_sideband(&si);
1739 update_shallow_info(commands, &si, &ref);
1741 execute_commands(commands, unpack_status, &si);
1743 unlink_or_warn(pack_lockfile);
1745 report(commands, unpack_status);
1746 run_receive_hook(commands, "post-receive", 1);
1747 run_update_post_hook(commands);
1749 const char *argv_gc_auto[] = {
1750 "gc", "--auto", "--quiet", NULL,
1752 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1753 run_command_v_opt(argv_gc_auto, opt);
1755 if (auto_update_server_info)
1756 update_server_info(0);
1757 clear_shallow_info(&si);
1761 sha1_array_clear(&shallow);
1762 sha1_array_clear(&ref);
1763 free((void *)push_cert_nonce);