test: validate prerequistes syntax
[git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
24
25 enum deny_action {
26         DENY_UNCONFIGURED,
27         DENY_IGNORE,
28         DENY_WARN,
29         DENY_REFUSE,
30         DENY_UPDATE_INSTEAD
31 };
32
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int unpack_limit = 100;
42 static int report_status;
43 static int use_sideband;
44 static int quiet;
45 static int prefer_ofs_delta = 1;
46 static int auto_update_server_info;
47 static int auto_gc = 1;
48 static int fix_thin = 1;
49 static int stateless_rpc;
50 static const char *service_dir;
51 static const char *head_name;
52 static void *head_name_to_free;
53 static int sent_capabilities;
54 static int shallow_update;
55 static const char *alt_shallow_file;
56 static struct strbuf push_cert = STRBUF_INIT;
57 static unsigned char push_cert_sha1[20];
58 static struct signature_check sigcheck;
59 static const char *push_cert_nonce;
60 static const char *cert_nonce_seed;
61
62 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
63 static const char *NONCE_BAD = "BAD";
64 static const char *NONCE_MISSING = "MISSING";
65 static const char *NONCE_OK = "OK";
66 static const char *NONCE_SLOP = "SLOP";
67 static const char *nonce_status;
68 static long nonce_stamp_slop;
69 static unsigned long nonce_stamp_slop_limit;
70
71 static enum deny_action parse_deny_action(const char *var, const char *value)
72 {
73         if (value) {
74                 if (!strcasecmp(value, "ignore"))
75                         return DENY_IGNORE;
76                 if (!strcasecmp(value, "warn"))
77                         return DENY_WARN;
78                 if (!strcasecmp(value, "refuse"))
79                         return DENY_REFUSE;
80                 if (!strcasecmp(value, "updateinstead"))
81                         return DENY_UPDATE_INSTEAD;
82         }
83         if (git_config_bool(var, value))
84                 return DENY_REFUSE;
85         return DENY_IGNORE;
86 }
87
88 static int receive_pack_config(const char *var, const char *value, void *cb)
89 {
90         int status = parse_hide_refs_config(var, value, "receive");
91
92         if (status)
93                 return status;
94
95         if (strcmp(var, "receive.denydeletes") == 0) {
96                 deny_deletes = git_config_bool(var, value);
97                 return 0;
98         }
99
100         if (strcmp(var, "receive.denynonfastforwards") == 0) {
101                 deny_non_fast_forwards = git_config_bool(var, value);
102                 return 0;
103         }
104
105         if (strcmp(var, "receive.unpacklimit") == 0) {
106                 receive_unpack_limit = git_config_int(var, value);
107                 return 0;
108         }
109
110         if (strcmp(var, "transfer.unpacklimit") == 0) {
111                 transfer_unpack_limit = git_config_int(var, value);
112                 return 0;
113         }
114
115         if (strcmp(var, "receive.fsckobjects") == 0) {
116                 receive_fsck_objects = git_config_bool(var, value);
117                 return 0;
118         }
119
120         if (strcmp(var, "transfer.fsckobjects") == 0) {
121                 transfer_fsck_objects = git_config_bool(var, value);
122                 return 0;
123         }
124
125         if (!strcmp(var, "receive.denycurrentbranch")) {
126                 deny_current_branch = parse_deny_action(var, value);
127                 return 0;
128         }
129
130         if (strcmp(var, "receive.denydeletecurrent") == 0) {
131                 deny_delete_current = parse_deny_action(var, value);
132                 return 0;
133         }
134
135         if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
136                 prefer_ofs_delta = git_config_bool(var, value);
137                 return 0;
138         }
139
140         if (strcmp(var, "receive.updateserverinfo") == 0) {
141                 auto_update_server_info = git_config_bool(var, value);
142                 return 0;
143         }
144
145         if (strcmp(var, "receive.autogc") == 0) {
146                 auto_gc = git_config_bool(var, value);
147                 return 0;
148         }
149
150         if (strcmp(var, "receive.shallowupdate") == 0) {
151                 shallow_update = git_config_bool(var, value);
152                 return 0;
153         }
154
155         if (strcmp(var, "receive.certnonceseed") == 0)
156                 return git_config_string(&cert_nonce_seed, var, value);
157
158         if (strcmp(var, "receive.certnonceslop") == 0) {
159                 nonce_stamp_slop_limit = git_config_ulong(var, value);
160                 return 0;
161         }
162
163         return git_default_config(var, value, cb);
164 }
165
166 static void show_ref(const char *path, const unsigned char *sha1)
167 {
168         if (ref_is_hidden(path))
169                 return;
170
171         if (sent_capabilities) {
172                 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
173         } else {
174                 struct strbuf cap = STRBUF_INIT;
175
176                 strbuf_addstr(&cap,
177                               "report-status delete-refs side-band-64k quiet");
178                 if (prefer_ofs_delta)
179                         strbuf_addstr(&cap, " ofs-delta");
180                 if (push_cert_nonce)
181                         strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
182                 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
183                 packet_write(1, "%s %s%c%s\n",
184                              sha1_to_hex(sha1), path, 0, cap.buf);
185                 strbuf_release(&cap);
186                 sent_capabilities = 1;
187         }
188 }
189
190 static int show_ref_cb(const char *path, const unsigned char *sha1, int flag, void *unused)
191 {
192         path = strip_namespace(path);
193         /*
194          * Advertise refs outside our current namespace as ".have"
195          * refs, so that the client can use them to minimize data
196          * transfer but will otherwise ignore them. This happens to
197          * cover ".have" that are thrown in by add_one_alternate_ref()
198          * to mark histories that are complete in our alternates as
199          * well.
200          */
201         if (!path)
202                 path = ".have";
203         show_ref(path, sha1);
204         return 0;
205 }
206
207 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
208 {
209         show_ref(".have", sha1);
210 }
211
212 static void collect_one_alternate_ref(const struct ref *ref, void *data)
213 {
214         struct sha1_array *sa = data;
215         sha1_array_append(sa, ref->old_sha1);
216 }
217
218 static void write_head_info(void)
219 {
220         struct sha1_array sa = SHA1_ARRAY_INIT;
221         for_each_alternate_ref(collect_one_alternate_ref, &sa);
222         sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
223         sha1_array_clear(&sa);
224         for_each_ref(show_ref_cb, NULL);
225         if (!sent_capabilities)
226                 show_ref("capabilities^{}", null_sha1);
227
228         advertise_shallow_grafts(1);
229
230         /* EOF */
231         packet_flush(1);
232 }
233
234 struct command {
235         struct command *next;
236         const char *error_string;
237         unsigned int skip_update:1,
238                      did_not_exist:1;
239         int index;
240         unsigned char old_sha1[20];
241         unsigned char new_sha1[20];
242         char ref_name[FLEX_ARRAY]; /* more */
243 };
244
245 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
246 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
247
248 static void report_message(const char *prefix, const char *err, va_list params)
249 {
250         int sz = strlen(prefix);
251         char msg[4096];
252
253         strncpy(msg, prefix, sz);
254         sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
255         if (sz > (sizeof(msg) - 1))
256                 sz = sizeof(msg) - 1;
257         msg[sz++] = '\n';
258
259         if (use_sideband)
260                 send_sideband(1, 2, msg, sz, use_sideband);
261         else
262                 xwrite(2, msg, sz);
263 }
264
265 static void rp_warning(const char *err, ...)
266 {
267         va_list params;
268         va_start(params, err);
269         report_message("warning: ", err, params);
270         va_end(params);
271 }
272
273 static void rp_error(const char *err, ...)
274 {
275         va_list params;
276         va_start(params, err);
277         report_message("error: ", err, params);
278         va_end(params);
279 }
280
281 static int copy_to_sideband(int in, int out, void *arg)
282 {
283         char data[128];
284         while (1) {
285                 ssize_t sz = xread(in, data, sizeof(data));
286                 if (sz <= 0)
287                         break;
288                 send_sideband(1, 2, data, sz, use_sideband);
289         }
290         close(in);
291         return 0;
292 }
293
294 #define HMAC_BLOCK_SIZE 64
295
296 static void hmac_sha1(unsigned char *out,
297                       const char *key_in, size_t key_len,
298                       const char *text, size_t text_len)
299 {
300         unsigned char key[HMAC_BLOCK_SIZE];
301         unsigned char k_ipad[HMAC_BLOCK_SIZE];
302         unsigned char k_opad[HMAC_BLOCK_SIZE];
303         int i;
304         git_SHA_CTX ctx;
305
306         /* RFC 2104 2. (1) */
307         memset(key, '\0', HMAC_BLOCK_SIZE);
308         if (HMAC_BLOCK_SIZE < key_len) {
309                 git_SHA1_Init(&ctx);
310                 git_SHA1_Update(&ctx, key_in, key_len);
311                 git_SHA1_Final(key, &ctx);
312         } else {
313                 memcpy(key, key_in, key_len);
314         }
315
316         /* RFC 2104 2. (2) & (5) */
317         for (i = 0; i < sizeof(key); i++) {
318                 k_ipad[i] = key[i] ^ 0x36;
319                 k_opad[i] = key[i] ^ 0x5c;
320         }
321
322         /* RFC 2104 2. (3) & (4) */
323         git_SHA1_Init(&ctx);
324         git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
325         git_SHA1_Update(&ctx, text, text_len);
326         git_SHA1_Final(out, &ctx);
327
328         /* RFC 2104 2. (6) & (7) */
329         git_SHA1_Init(&ctx);
330         git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
331         git_SHA1_Update(&ctx, out, 20);
332         git_SHA1_Final(out, &ctx);
333 }
334
335 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
336 {
337         struct strbuf buf = STRBUF_INIT;
338         unsigned char sha1[20];
339
340         strbuf_addf(&buf, "%s:%lu", path, stamp);
341         hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
342         strbuf_release(&buf);
343
344         /* RFC 2104 5. HMAC-SHA1-80 */
345         strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
346         return strbuf_detach(&buf, NULL);
347 }
348
349 /*
350  * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
351  * after dropping "_commit" from its name and possibly moving it out
352  * of commit.c
353  */
354 static char *find_header(const char *msg, size_t len, const char *key)
355 {
356         int key_len = strlen(key);
357         const char *line = msg;
358
359         while (line && line < msg + len) {
360                 const char *eol = strchrnul(line, '\n');
361
362                 if ((msg + len <= eol) || line == eol)
363                         return NULL;
364                 if (line + key_len < eol &&
365                     !memcmp(line, key, key_len) && line[key_len] == ' ') {
366                         int offset = key_len + 1;
367                         return xmemdupz(line + offset, (eol - line) - offset);
368                 }
369                 line = *eol ? eol + 1 : NULL;
370         }
371         return NULL;
372 }
373
374 static const char *check_nonce(const char *buf, size_t len)
375 {
376         char *nonce = find_header(buf, len, "nonce");
377         unsigned long stamp, ostamp;
378         char *bohmac, *expect = NULL;
379         const char *retval = NONCE_BAD;
380
381         if (!nonce) {
382                 retval = NONCE_MISSING;
383                 goto leave;
384         } else if (!push_cert_nonce) {
385                 retval = NONCE_UNSOLICITED;
386                 goto leave;
387         } else if (!strcmp(push_cert_nonce, nonce)) {
388                 retval = NONCE_OK;
389                 goto leave;
390         }
391
392         if (!stateless_rpc) {
393                 /* returned nonce MUST match what we gave out earlier */
394                 retval = NONCE_BAD;
395                 goto leave;
396         }
397
398         /*
399          * In stateless mode, we may be receiving a nonce issued by
400          * another instance of the server that serving the same
401          * repository, and the timestamps may not match, but the
402          * nonce-seed and dir should match, so we can recompute and
403          * report the time slop.
404          *
405          * In addition, when a nonce issued by another instance has
406          * timestamp within receive.certnonceslop seconds, we pretend
407          * as if we issued that nonce when reporting to the hook.
408          */
409
410         /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
411         if (*nonce <= '0' || '9' < *nonce) {
412                 retval = NONCE_BAD;
413                 goto leave;
414         }
415         stamp = strtoul(nonce, &bohmac, 10);
416         if (bohmac == nonce || bohmac[0] != '-') {
417                 retval = NONCE_BAD;
418                 goto leave;
419         }
420
421         expect = prepare_push_cert_nonce(service_dir, stamp);
422         if (strcmp(expect, nonce)) {
423                 /* Not what we would have signed earlier */
424                 retval = NONCE_BAD;
425                 goto leave;
426         }
427
428         /*
429          * By how many seconds is this nonce stale?  Negative value
430          * would mean it was issued by another server with its clock
431          * skewed in the future.
432          */
433         ostamp = strtoul(push_cert_nonce, NULL, 10);
434         nonce_stamp_slop = (long)ostamp - (long)stamp;
435
436         if (nonce_stamp_slop_limit &&
437             labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
438                 /*
439                  * Pretend as if the received nonce (which passes the
440                  * HMAC check, so it is not a forged by third-party)
441                  * is what we issued.
442                  */
443                 free((void *)push_cert_nonce);
444                 push_cert_nonce = xstrdup(nonce);
445                 retval = NONCE_OK;
446         } else {
447                 retval = NONCE_SLOP;
448         }
449
450 leave:
451         free(nonce);
452         free(expect);
453         return retval;
454 }
455
456 static void prepare_push_cert_sha1(struct child_process *proc)
457 {
458         static int already_done;
459
460         if (!push_cert.len)
461                 return;
462
463         if (!already_done) {
464                 struct strbuf gpg_output = STRBUF_INIT;
465                 struct strbuf gpg_status = STRBUF_INIT;
466                 int bogs /* beginning_of_gpg_sig */;
467
468                 already_done = 1;
469                 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
470                         hashclr(push_cert_sha1);
471
472                 memset(&sigcheck, '\0', sizeof(sigcheck));
473                 sigcheck.result = 'N';
474
475                 bogs = parse_signature(push_cert.buf, push_cert.len);
476                 if (verify_signed_buffer(push_cert.buf, bogs,
477                                          push_cert.buf + bogs, push_cert.len - bogs,
478                                          &gpg_output, &gpg_status) < 0) {
479                         ; /* error running gpg */
480                 } else {
481                         sigcheck.payload = push_cert.buf;
482                         sigcheck.gpg_output = gpg_output.buf;
483                         sigcheck.gpg_status = gpg_status.buf;
484                         parse_gpg_output(&sigcheck);
485                 }
486
487                 strbuf_release(&gpg_output);
488                 strbuf_release(&gpg_status);
489                 nonce_status = check_nonce(push_cert.buf, bogs);
490         }
491         if (!is_null_sha1(push_cert_sha1)) {
492                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
493                                  sha1_to_hex(push_cert_sha1));
494                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
495                                  sigcheck.signer ? sigcheck.signer : "");
496                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
497                                  sigcheck.key ? sigcheck.key : "");
498                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
499                                  sigcheck.result);
500                 if (push_cert_nonce) {
501                         argv_array_pushf(&proc->env_array,
502                                          "GIT_PUSH_CERT_NONCE=%s",
503                                          push_cert_nonce);
504                         argv_array_pushf(&proc->env_array,
505                                          "GIT_PUSH_CERT_NONCE_STATUS=%s",
506                                          nonce_status);
507                         if (nonce_status == NONCE_SLOP)
508                                 argv_array_pushf(&proc->env_array,
509                                                  "GIT_PUSH_CERT_NONCE_SLOP=%ld",
510                                                  nonce_stamp_slop);
511                 }
512         }
513 }
514
515 typedef int (*feed_fn)(void *, const char **, size_t *);
516 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
517 {
518         struct child_process proc = CHILD_PROCESS_INIT;
519         struct async muxer;
520         const char *argv[2];
521         int code;
522
523         argv[0] = find_hook(hook_name);
524         if (!argv[0])
525                 return 0;
526
527         argv[1] = NULL;
528
529         proc.argv = argv;
530         proc.in = -1;
531         proc.stdout_to_stderr = 1;
532
533         if (use_sideband) {
534                 memset(&muxer, 0, sizeof(muxer));
535                 muxer.proc = copy_to_sideband;
536                 muxer.in = -1;
537                 code = start_async(&muxer);
538                 if (code)
539                         return code;
540                 proc.err = muxer.in;
541         }
542
543         prepare_push_cert_sha1(&proc);
544
545         code = start_command(&proc);
546         if (code) {
547                 if (use_sideband)
548                         finish_async(&muxer);
549                 return code;
550         }
551
552         sigchain_push(SIGPIPE, SIG_IGN);
553
554         while (1) {
555                 const char *buf;
556                 size_t n;
557                 if (feed(feed_state, &buf, &n))
558                         break;
559                 if (write_in_full(proc.in, buf, n) != n)
560                         break;
561         }
562         close(proc.in);
563         if (use_sideband)
564                 finish_async(&muxer);
565
566         sigchain_pop(SIGPIPE);
567
568         return finish_command(&proc);
569 }
570
571 struct receive_hook_feed_state {
572         struct command *cmd;
573         int skip_broken;
574         struct strbuf buf;
575 };
576
577 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
578 {
579         struct receive_hook_feed_state *state = state_;
580         struct command *cmd = state->cmd;
581
582         while (cmd &&
583                state->skip_broken && (cmd->error_string || cmd->did_not_exist))
584                 cmd = cmd->next;
585         if (!cmd)
586                 return -1; /* EOF */
587         strbuf_reset(&state->buf);
588         strbuf_addf(&state->buf, "%s %s %s\n",
589                     sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
590                     cmd->ref_name);
591         state->cmd = cmd->next;
592         if (bufp) {
593                 *bufp = state->buf.buf;
594                 *sizep = state->buf.len;
595         }
596         return 0;
597 }
598
599 static int run_receive_hook(struct command *commands, const char *hook_name,
600                             int skip_broken)
601 {
602         struct receive_hook_feed_state state;
603         int status;
604
605         strbuf_init(&state.buf, 0);
606         state.cmd = commands;
607         state.skip_broken = skip_broken;
608         if (feed_receive_hook(&state, NULL, NULL))
609                 return 0;
610         state.cmd = commands;
611         status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
612         strbuf_release(&state.buf);
613         return status;
614 }
615
616 static int run_update_hook(struct command *cmd)
617 {
618         const char *argv[5];
619         struct child_process proc = CHILD_PROCESS_INIT;
620         int code;
621
622         argv[0] = find_hook("update");
623         if (!argv[0])
624                 return 0;
625
626         argv[1] = cmd->ref_name;
627         argv[2] = sha1_to_hex(cmd->old_sha1);
628         argv[3] = sha1_to_hex(cmd->new_sha1);
629         argv[4] = NULL;
630
631         proc.no_stdin = 1;
632         proc.stdout_to_stderr = 1;
633         proc.err = use_sideband ? -1 : 0;
634         proc.argv = argv;
635
636         code = start_command(&proc);
637         if (code)
638                 return code;
639         if (use_sideband)
640                 copy_to_sideband(proc.err, -1, NULL);
641         return finish_command(&proc);
642 }
643
644 static int is_ref_checked_out(const char *ref)
645 {
646         if (is_bare_repository())
647                 return 0;
648
649         if (!head_name)
650                 return 0;
651         return !strcmp(head_name, ref);
652 }
653
654 static char *refuse_unconfigured_deny_msg[] = {
655         "By default, updating the current branch in a non-bare repository",
656         "is denied, because it will make the index and work tree inconsistent",
657         "with what you pushed, and will require 'git reset --hard' to match",
658         "the work tree to HEAD.",
659         "",
660         "You can set 'receive.denyCurrentBranch' configuration variable to",
661         "'ignore' or 'warn' in the remote repository to allow pushing into",
662         "its current branch; however, this is not recommended unless you",
663         "arranged to update its work tree to match what you pushed in some",
664         "other way.",
665         "",
666         "To squelch this message and still keep the default behaviour, set",
667         "'receive.denyCurrentBranch' configuration variable to 'refuse'."
668 };
669
670 static void refuse_unconfigured_deny(void)
671 {
672         int i;
673         for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
674                 rp_error("%s", refuse_unconfigured_deny_msg[i]);
675 }
676
677 static char *refuse_unconfigured_deny_delete_current_msg[] = {
678         "By default, deleting the current branch is denied, because the next",
679         "'git clone' won't result in any file checked out, causing confusion.",
680         "",
681         "You can set 'receive.denyDeleteCurrent' configuration variable to",
682         "'warn' or 'ignore' in the remote repository to allow deleting the",
683         "current branch, with or without a warning message.",
684         "",
685         "To squelch this message, you can set it to 'refuse'."
686 };
687
688 static void refuse_unconfigured_deny_delete_current(void)
689 {
690         int i;
691         for (i = 0;
692              i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
693              i++)
694                 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
695 }
696
697 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
698 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
699 {
700         static struct lock_file shallow_lock;
701         struct sha1_array extra = SHA1_ARRAY_INIT;
702         const char *alt_file;
703         uint32_t mask = 1 << (cmd->index % 32);
704         int i;
705
706         trace_printf_key(&trace_shallow,
707                          "shallow: update_shallow_ref %s\n", cmd->ref_name);
708         for (i = 0; i < si->shallow->nr; i++)
709                 if (si->used_shallow[i] &&
710                     (si->used_shallow[i][cmd->index / 32] & mask) &&
711                     !delayed_reachability_test(si, i))
712                         sha1_array_append(&extra, si->shallow->sha1[i]);
713
714         setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
715         if (check_shallow_connected(command_singleton_iterator,
716                                     0, cmd, alt_file)) {
717                 rollback_lock_file(&shallow_lock);
718                 sha1_array_clear(&extra);
719                 return -1;
720         }
721
722         commit_lock_file(&shallow_lock);
723
724         /*
725          * Make sure setup_alternate_shallow() for the next ref does
726          * not lose these new roots..
727          */
728         for (i = 0; i < extra.nr; i++)
729                 register_shallow(extra.sha1[i]);
730
731         si->shallow_ref[cmd->index] = 0;
732         sha1_array_clear(&extra);
733         return 0;
734 }
735
736 static const char *update_worktree(unsigned char *sha1)
737 {
738         const char *update_refresh[] = {
739                 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
740         };
741         const char *diff_files[] = {
742                 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
743         };
744         const char *diff_index[] = {
745                 "diff-index", "--quiet", "--cached", "--ignore-submodules",
746                 "HEAD", "--", NULL
747         };
748         const char *read_tree[] = {
749                 "read-tree", "-u", "-m", NULL, NULL
750         };
751         const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
752         struct argv_array env = ARGV_ARRAY_INIT;
753         struct child_process child = CHILD_PROCESS_INIT;
754
755         if (is_bare_repository())
756                 return "denyCurrentBranch = updateInstead needs a worktree";
757
758         argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
759
760         child.argv = update_refresh;
761         child.env = env.argv;
762         child.dir = work_tree;
763         child.no_stdin = 1;
764         child.stdout_to_stderr = 1;
765         child.git_cmd = 1;
766         if (run_command(&child)) {
767                 argv_array_clear(&env);
768                 return "Up-to-date check failed";
769         }
770
771         /* run_command() does not clean up completely; reinitialize */
772         child_process_init(&child);
773         child.argv = diff_files;
774         child.env = env.argv;
775         child.dir = work_tree;
776         child.no_stdin = 1;
777         child.stdout_to_stderr = 1;
778         child.git_cmd = 1;
779         if (run_command(&child)) {
780                 argv_array_clear(&env);
781                 return "Working directory has unstaged changes";
782         }
783
784         child_process_init(&child);
785         child.argv = diff_index;
786         child.env = env.argv;
787         child.no_stdin = 1;
788         child.no_stdout = 1;
789         child.stdout_to_stderr = 0;
790         child.git_cmd = 1;
791         if (run_command(&child)) {
792                 argv_array_clear(&env);
793                 return "Working directory has staged changes";
794         }
795
796         read_tree[3] = sha1_to_hex(sha1);
797         child_process_init(&child);
798         child.argv = read_tree;
799         child.env = env.argv;
800         child.dir = work_tree;
801         child.no_stdin = 1;
802         child.no_stdout = 1;
803         child.stdout_to_stderr = 0;
804         child.git_cmd = 1;
805         if (run_command(&child)) {
806                 argv_array_clear(&env);
807                 return "Could not update working tree to new HEAD";
808         }
809
810         argv_array_clear(&env);
811         return NULL;
812 }
813
814 static const char *update(struct command *cmd, struct shallow_info *si)
815 {
816         const char *name = cmd->ref_name;
817         struct strbuf namespaced_name_buf = STRBUF_INIT;
818         const char *namespaced_name, *ret;
819         unsigned char *old_sha1 = cmd->old_sha1;
820         unsigned char *new_sha1 = cmd->new_sha1;
821
822         /* only refs/... are allowed */
823         if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
824                 rp_error("refusing to create funny ref '%s' remotely", name);
825                 return "funny refname";
826         }
827
828         strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
829         namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
830
831         if (is_ref_checked_out(namespaced_name)) {
832                 switch (deny_current_branch) {
833                 case DENY_IGNORE:
834                         break;
835                 case DENY_WARN:
836                         rp_warning("updating the current branch");
837                         break;
838                 case DENY_REFUSE:
839                 case DENY_UNCONFIGURED:
840                         rp_error("refusing to update checked out branch: %s", name);
841                         if (deny_current_branch == DENY_UNCONFIGURED)
842                                 refuse_unconfigured_deny();
843                         return "branch is currently checked out";
844                 case DENY_UPDATE_INSTEAD:
845                         ret = update_worktree(new_sha1);
846                         if (ret)
847                                 return ret;
848                         break;
849                 }
850         }
851
852         if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
853                 error("unpack should have generated %s, "
854                       "but I can't find it!", sha1_to_hex(new_sha1));
855                 return "bad pack";
856         }
857
858         if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
859                 if (deny_deletes && starts_with(name, "refs/heads/")) {
860                         rp_error("denying ref deletion for %s", name);
861                         return "deletion prohibited";
862                 }
863
864                 if (!strcmp(namespaced_name, head_name)) {
865                         switch (deny_delete_current) {
866                         case DENY_IGNORE:
867                                 break;
868                         case DENY_WARN:
869                                 rp_warning("deleting the current branch");
870                                 break;
871                         case DENY_REFUSE:
872                         case DENY_UNCONFIGURED:
873                         case DENY_UPDATE_INSTEAD:
874                                 if (deny_delete_current == DENY_UNCONFIGURED)
875                                         refuse_unconfigured_deny_delete_current();
876                                 rp_error("refusing to delete the current branch: %s", name);
877                                 return "deletion of the current branch prohibited";
878                         default:
879                                 return "Invalid denyDeleteCurrent setting";
880                         }
881                 }
882         }
883
884         if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
885             !is_null_sha1(old_sha1) &&
886             starts_with(name, "refs/heads/")) {
887                 struct object *old_object, *new_object;
888                 struct commit *old_commit, *new_commit;
889
890                 old_object = parse_object(old_sha1);
891                 new_object = parse_object(new_sha1);
892
893                 if (!old_object || !new_object ||
894                     old_object->type != OBJ_COMMIT ||
895                     new_object->type != OBJ_COMMIT) {
896                         error("bad sha1 objects for %s", name);
897                         return "bad ref";
898                 }
899                 old_commit = (struct commit *)old_object;
900                 new_commit = (struct commit *)new_object;
901                 if (!in_merge_bases(old_commit, new_commit)) {
902                         rp_error("denying non-fast-forward %s"
903                                  " (you should pull first)", name);
904                         return "non-fast-forward";
905                 }
906         }
907         if (run_update_hook(cmd)) {
908                 rp_error("hook declined to update %s", name);
909                 return "hook declined";
910         }
911
912         if (is_null_sha1(new_sha1)) {
913                 if (!parse_object(old_sha1)) {
914                         old_sha1 = NULL;
915                         if (ref_exists(name)) {
916                                 rp_warning("Allowing deletion of corrupt ref.");
917                         } else {
918                                 rp_warning("Deleting a non-existent ref.");
919                                 cmd->did_not_exist = 1;
920                         }
921                 }
922                 if (delete_ref(namespaced_name, old_sha1, 0)) {
923                         rp_error("failed to delete %s", name);
924                         return "failed to delete";
925                 }
926                 return NULL; /* good */
927         }
928         else {
929                 struct strbuf err = STRBUF_INIT;
930                 struct ref_transaction *transaction;
931
932                 if (shallow_update && si->shallow_ref[cmd->index] &&
933                     update_shallow_ref(cmd, si))
934                         return "shallow error";
935
936                 transaction = ref_transaction_begin(&err);
937                 if (!transaction ||
938                     ref_transaction_update(transaction, namespaced_name,
939                                            new_sha1, old_sha1, 0, 1, "push",
940                                            &err) ||
941                     ref_transaction_commit(transaction, &err)) {
942                         ref_transaction_free(transaction);
943
944                         rp_error("%s", err.buf);
945                         strbuf_release(&err);
946                         return "failed to update ref";
947                 }
948
949                 ref_transaction_free(transaction);
950                 strbuf_release(&err);
951                 return NULL; /* good */
952         }
953 }
954
955 static void run_update_post_hook(struct command *commands)
956 {
957         struct command *cmd;
958         int argc;
959         const char **argv;
960         struct child_process proc = CHILD_PROCESS_INIT;
961         char *hook;
962
963         hook = find_hook("post-update");
964         for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
965                 if (cmd->error_string || cmd->did_not_exist)
966                         continue;
967                 argc++;
968         }
969         if (!argc || !hook)
970                 return;
971
972         argv = xmalloc(sizeof(*argv) * (2 + argc));
973         argv[0] = hook;
974
975         for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
976                 if (cmd->error_string || cmd->did_not_exist)
977                         continue;
978                 argv[argc] = xstrdup(cmd->ref_name);
979                 argc++;
980         }
981         argv[argc] = NULL;
982
983         proc.no_stdin = 1;
984         proc.stdout_to_stderr = 1;
985         proc.err = use_sideband ? -1 : 0;
986         proc.argv = argv;
987
988         if (!start_command(&proc)) {
989                 if (use_sideband)
990                         copy_to_sideband(proc.err, -1, NULL);
991                 finish_command(&proc);
992         }
993 }
994
995 static void check_aliased_update(struct command *cmd, struct string_list *list)
996 {
997         struct strbuf buf = STRBUF_INIT;
998         const char *dst_name;
999         struct string_list_item *item;
1000         struct command *dst_cmd;
1001         unsigned char sha1[20];
1002         char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1003         int flag;
1004
1005         strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1006         dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1007         strbuf_release(&buf);
1008
1009         if (!(flag & REF_ISSYMREF))
1010                 return;
1011
1012         dst_name = strip_namespace(dst_name);
1013         if (!dst_name) {
1014                 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1015                 cmd->skip_update = 1;
1016                 cmd->error_string = "broken symref";
1017                 return;
1018         }
1019
1020         if ((item = string_list_lookup(list, dst_name)) == NULL)
1021                 return;
1022
1023         cmd->skip_update = 1;
1024
1025         dst_cmd = (struct command *) item->util;
1026
1027         if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1028             !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1029                 return;
1030
1031         dst_cmd->skip_update = 1;
1032
1033         strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1034         strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1035         strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1036         strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1037         rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1038                  " its target '%s' (%s..%s)",
1039                  cmd->ref_name, cmd_oldh, cmd_newh,
1040                  dst_cmd->ref_name, dst_oldh, dst_newh);
1041
1042         cmd->error_string = dst_cmd->error_string =
1043                 "inconsistent aliased update";
1044 }
1045
1046 static void check_aliased_updates(struct command *commands)
1047 {
1048         struct command *cmd;
1049         struct string_list ref_list = STRING_LIST_INIT_NODUP;
1050
1051         for (cmd = commands; cmd; cmd = cmd->next) {
1052                 struct string_list_item *item =
1053                         string_list_append(&ref_list, cmd->ref_name);
1054                 item->util = (void *)cmd;
1055         }
1056         string_list_sort(&ref_list);
1057
1058         for (cmd = commands; cmd; cmd = cmd->next) {
1059                 if (!cmd->error_string)
1060                         check_aliased_update(cmd, &ref_list);
1061         }
1062
1063         string_list_clear(&ref_list, 0);
1064 }
1065
1066 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1067 {
1068         struct command **cmd_list = cb_data;
1069         struct command *cmd = *cmd_list;
1070
1071         if (!cmd || is_null_sha1(cmd->new_sha1))
1072                 return -1; /* end of list */
1073         *cmd_list = NULL; /* this returns only one */
1074         hashcpy(sha1, cmd->new_sha1);
1075         return 0;
1076 }
1077
1078 static void set_connectivity_errors(struct command *commands,
1079                                     struct shallow_info *si)
1080 {
1081         struct command *cmd;
1082
1083         for (cmd = commands; cmd; cmd = cmd->next) {
1084                 struct command *singleton = cmd;
1085                 if (shallow_update && si->shallow_ref[cmd->index])
1086                         /* to be checked in update_shallow_ref() */
1087                         continue;
1088                 if (!check_everything_connected(command_singleton_iterator,
1089                                                 0, &singleton))
1090                         continue;
1091                 cmd->error_string = "missing necessary objects";
1092         }
1093 }
1094
1095 struct iterate_data {
1096         struct command *cmds;
1097         struct shallow_info *si;
1098 };
1099
1100 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1101 {
1102         struct iterate_data *data = cb_data;
1103         struct command **cmd_list = &data->cmds;
1104         struct command *cmd = *cmd_list;
1105
1106         for (; cmd; cmd = cmd->next) {
1107                 if (shallow_update && data->si->shallow_ref[cmd->index])
1108                         /* to be checked in update_shallow_ref() */
1109                         continue;
1110                 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1111                         hashcpy(sha1, cmd->new_sha1);
1112                         *cmd_list = cmd->next;
1113                         return 0;
1114                 }
1115         }
1116         *cmd_list = NULL;
1117         return -1; /* end of list */
1118 }
1119
1120 static void reject_updates_to_hidden(struct command *commands)
1121 {
1122         struct command *cmd;
1123
1124         for (cmd = commands; cmd; cmd = cmd->next) {
1125                 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1126                         continue;
1127                 if (is_null_sha1(cmd->new_sha1))
1128                         cmd->error_string = "deny deleting a hidden ref";
1129                 else
1130                         cmd->error_string = "deny updating a hidden ref";
1131         }
1132 }
1133
1134 static void execute_commands(struct command *commands,
1135                              const char *unpacker_error,
1136                              struct shallow_info *si)
1137 {
1138         int checked_connectivity;
1139         struct command *cmd;
1140         unsigned char sha1[20];
1141         struct iterate_data data;
1142
1143         if (unpacker_error) {
1144                 for (cmd = commands; cmd; cmd = cmd->next)
1145                         cmd->error_string = "unpacker error";
1146                 return;
1147         }
1148
1149         data.cmds = commands;
1150         data.si = si;
1151         if (check_everything_connected(iterate_receive_command_list, 0, &data))
1152                 set_connectivity_errors(commands, si);
1153
1154         reject_updates_to_hidden(commands);
1155
1156         if (run_receive_hook(commands, "pre-receive", 0)) {
1157                 for (cmd = commands; cmd; cmd = cmd->next) {
1158                         if (!cmd->error_string)
1159                                 cmd->error_string = "pre-receive hook declined";
1160                 }
1161                 return;
1162         }
1163
1164         check_aliased_updates(commands);
1165
1166         free(head_name_to_free);
1167         head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1168
1169         checked_connectivity = 1;
1170         for (cmd = commands; cmd; cmd = cmd->next) {
1171                 if (cmd->error_string)
1172                         continue;
1173
1174                 if (cmd->skip_update)
1175                         continue;
1176
1177                 cmd->error_string = update(cmd, si);
1178                 if (shallow_update && !cmd->error_string &&
1179                     si->shallow_ref[cmd->index]) {
1180                         error("BUG: connectivity check has not been run on ref %s",
1181                               cmd->ref_name);
1182                         checked_connectivity = 0;
1183                 }
1184         }
1185
1186         if (shallow_update && !checked_connectivity)
1187                 error("BUG: run 'git fsck' for safety.\n"
1188                       "If there are errors, try to remove "
1189                       "the reported refs above");
1190 }
1191
1192 static struct command **queue_command(struct command **tail,
1193                                       const char *line,
1194                                       int linelen)
1195 {
1196         unsigned char old_sha1[20], new_sha1[20];
1197         struct command *cmd;
1198         const char *refname;
1199         int reflen;
1200
1201         if (linelen < 83 ||
1202             line[40] != ' ' ||
1203             line[81] != ' ' ||
1204             get_sha1_hex(line, old_sha1) ||
1205             get_sha1_hex(line + 41, new_sha1))
1206                 die("protocol error: expected old/new/ref, got '%s'", line);
1207
1208         refname = line + 82;
1209         reflen = linelen - 82;
1210         cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1211         hashcpy(cmd->old_sha1, old_sha1);
1212         hashcpy(cmd->new_sha1, new_sha1);
1213         memcpy(cmd->ref_name, refname, reflen);
1214         cmd->ref_name[reflen] = '\0';
1215         *tail = cmd;
1216         return &cmd->next;
1217 }
1218
1219 static void queue_commands_from_cert(struct command **tail,
1220                                      struct strbuf *push_cert)
1221 {
1222         const char *boc, *eoc;
1223
1224         if (*tail)
1225                 die("protocol error: got both push certificate and unsigned commands");
1226
1227         boc = strstr(push_cert->buf, "\n\n");
1228         if (!boc)
1229                 die("malformed push certificate %.*s", 100, push_cert->buf);
1230         else
1231                 boc += 2;
1232         eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1233
1234         while (boc < eoc) {
1235                 const char *eol = memchr(boc, '\n', eoc - boc);
1236                 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1237                 boc = eol ? eol + 1 : eoc;
1238         }
1239 }
1240
1241 static struct command *read_head_info(struct sha1_array *shallow)
1242 {
1243         struct command *commands = NULL;
1244         struct command **p = &commands;
1245         for (;;) {
1246                 char *line;
1247                 int len, linelen;
1248
1249                 line = packet_read_line(0, &len);
1250                 if (!line)
1251                         break;
1252
1253                 if (len == 48 && starts_with(line, "shallow ")) {
1254                         unsigned char sha1[20];
1255                         if (get_sha1_hex(line + 8, sha1))
1256                                 die("protocol error: expected shallow sha, got '%s'",
1257                                     line + 8);
1258                         sha1_array_append(shallow, sha1);
1259                         continue;
1260                 }
1261
1262                 linelen = strlen(line);
1263                 if (linelen < len) {
1264                         const char *feature_list = line + linelen + 1;
1265                         if (parse_feature_request(feature_list, "report-status"))
1266                                 report_status = 1;
1267                         if (parse_feature_request(feature_list, "side-band-64k"))
1268                                 use_sideband = LARGE_PACKET_MAX;
1269                         if (parse_feature_request(feature_list, "quiet"))
1270                                 quiet = 1;
1271                 }
1272
1273                 if (!strcmp(line, "push-cert")) {
1274                         int true_flush = 0;
1275                         char certbuf[1024];
1276
1277                         for (;;) {
1278                                 len = packet_read(0, NULL, NULL,
1279                                                   certbuf, sizeof(certbuf), 0);
1280                                 if (!len) {
1281                                         true_flush = 1;
1282                                         break;
1283                                 }
1284                                 if (!strcmp(certbuf, "push-cert-end\n"))
1285                                         break; /* end of cert */
1286                                 strbuf_addstr(&push_cert, certbuf);
1287                         }
1288
1289                         if (true_flush)
1290                                 break;
1291                         continue;
1292                 }
1293
1294                 p = queue_command(p, line, linelen);
1295         }
1296
1297         if (push_cert.len)
1298                 queue_commands_from_cert(p, &push_cert);
1299
1300         return commands;
1301 }
1302
1303 static const char *parse_pack_header(struct pack_header *hdr)
1304 {
1305         switch (read_pack_header(0, hdr)) {
1306         case PH_ERROR_EOF:
1307                 return "eof before pack header was fully read";
1308
1309         case PH_ERROR_PACK_SIGNATURE:
1310                 return "protocol error (pack signature mismatch detected)";
1311
1312         case PH_ERROR_PROTOCOL:
1313                 return "protocol error (pack version unsupported)";
1314
1315         default:
1316                 return "unknown error in parse_pack_header";
1317
1318         case 0:
1319                 return NULL;
1320         }
1321 }
1322
1323 static const char *pack_lockfile;
1324
1325 static const char *unpack(int err_fd, struct shallow_info *si)
1326 {
1327         struct pack_header hdr;
1328         const char *hdr_err;
1329         int status;
1330         char hdr_arg[38];
1331         struct child_process child = CHILD_PROCESS_INIT;
1332         int fsck_objects = (receive_fsck_objects >= 0
1333                             ? receive_fsck_objects
1334                             : transfer_fsck_objects >= 0
1335                             ? transfer_fsck_objects
1336                             : 0);
1337
1338         hdr_err = parse_pack_header(&hdr);
1339         if (hdr_err) {
1340                 if (err_fd > 0)
1341                         close(err_fd);
1342                 return hdr_err;
1343         }
1344         snprintf(hdr_arg, sizeof(hdr_arg),
1345                         "--pack_header=%"PRIu32",%"PRIu32,
1346                         ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1347
1348         if (si->nr_ours || si->nr_theirs) {
1349                 alt_shallow_file = setup_temporary_shallow(si->shallow);
1350                 argv_array_push(&child.args, "--shallow-file");
1351                 argv_array_push(&child.args, alt_shallow_file);
1352         }
1353
1354         if (ntohl(hdr.hdr_entries) < unpack_limit) {
1355                 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1356                 if (quiet)
1357                         argv_array_push(&child.args, "-q");
1358                 if (fsck_objects)
1359                         argv_array_push(&child.args, "--strict");
1360                 child.no_stdout = 1;
1361                 child.err = err_fd;
1362                 child.git_cmd = 1;
1363                 status = run_command(&child);
1364                 if (status)
1365                         return "unpack-objects abnormal exit";
1366         } else {
1367                 int s;
1368                 char keep_arg[256];
1369
1370                 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1371                 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1372                         strcpy(keep_arg + s, "localhost");
1373
1374                 argv_array_pushl(&child.args, "index-pack",
1375                                  "--stdin", hdr_arg, keep_arg, NULL);
1376                 if (fsck_objects)
1377                         argv_array_push(&child.args, "--strict");
1378                 if (fix_thin)
1379                         argv_array_push(&child.args, "--fix-thin");
1380                 child.out = -1;
1381                 child.err = err_fd;
1382                 child.git_cmd = 1;
1383                 status = start_command(&child);
1384                 if (status)
1385                         return "index-pack fork failed";
1386                 pack_lockfile = index_pack_lockfile(child.out);
1387                 close(child.out);
1388                 status = finish_command(&child);
1389                 if (status)
1390                         return "index-pack abnormal exit";
1391                 reprepare_packed_git();
1392         }
1393         return NULL;
1394 }
1395
1396 static const char *unpack_with_sideband(struct shallow_info *si)
1397 {
1398         struct async muxer;
1399         const char *ret;
1400
1401         if (!use_sideband)
1402                 return unpack(0, si);
1403
1404         memset(&muxer, 0, sizeof(muxer));
1405         muxer.proc = copy_to_sideband;
1406         muxer.in = -1;
1407         if (start_async(&muxer))
1408                 return NULL;
1409
1410         ret = unpack(muxer.in, si);
1411
1412         finish_async(&muxer);
1413         return ret;
1414 }
1415
1416 static void prepare_shallow_update(struct command *commands,
1417                                    struct shallow_info *si)
1418 {
1419         int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1420
1421         si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1422                                    si->shallow->nr);
1423         assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1424
1425         si->need_reachability_test =
1426                 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1427         si->reachable =
1428                 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1429         si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1430
1431         for (i = 0; i < si->nr_ours; i++)
1432                 si->need_reachability_test[si->ours[i]] = 1;
1433
1434         for (i = 0; i < si->shallow->nr; i++) {
1435                 if (!si->used_shallow[i])
1436                         continue;
1437                 for (j = 0; j < bitmap_size; j++) {
1438                         if (!si->used_shallow[i][j])
1439                                 continue;
1440                         si->need_reachability_test[i]++;
1441                         for (k = 0; k < 32; k++)
1442                                 if (si->used_shallow[i][j] & (1 << k))
1443                                         si->shallow_ref[j * 32 + k]++;
1444                 }
1445
1446                 /*
1447                  * true for those associated with some refs and belong
1448                  * in "ours" list aka "step 7 not done yet"
1449                  */
1450                 si->need_reachability_test[i] =
1451                         si->need_reachability_test[i] > 1;
1452         }
1453
1454         /*
1455          * keep hooks happy by forcing a temporary shallow file via
1456          * env variable because we can't add --shallow-file to every
1457          * command. check_everything_connected() will be done with
1458          * true .git/shallow though.
1459          */
1460         setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1461 }
1462
1463 static void update_shallow_info(struct command *commands,
1464                                 struct shallow_info *si,
1465                                 struct sha1_array *ref)
1466 {
1467         struct command *cmd;
1468         int *ref_status;
1469         remove_nonexistent_theirs_shallow(si);
1470         if (!si->nr_ours && !si->nr_theirs) {
1471                 shallow_update = 0;
1472                 return;
1473         }
1474
1475         for (cmd = commands; cmd; cmd = cmd->next) {
1476                 if (is_null_sha1(cmd->new_sha1))
1477                         continue;
1478                 sha1_array_append(ref, cmd->new_sha1);
1479                 cmd->index = ref->nr - 1;
1480         }
1481         si->ref = ref;
1482
1483         if (shallow_update) {
1484                 prepare_shallow_update(commands, si);
1485                 return;
1486         }
1487
1488         ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1489         assign_shallow_commits_to_refs(si, NULL, ref_status);
1490         for (cmd = commands; cmd; cmd = cmd->next) {
1491                 if (is_null_sha1(cmd->new_sha1))
1492                         continue;
1493                 if (ref_status[cmd->index]) {
1494                         cmd->error_string = "shallow update not allowed";
1495                         cmd->skip_update = 1;
1496                 }
1497         }
1498         free(ref_status);
1499 }
1500
1501 static void report(struct command *commands, const char *unpack_status)
1502 {
1503         struct command *cmd;
1504         struct strbuf buf = STRBUF_INIT;
1505
1506         packet_buf_write(&buf, "unpack %s\n",
1507                          unpack_status ? unpack_status : "ok");
1508         for (cmd = commands; cmd; cmd = cmd->next) {
1509                 if (!cmd->error_string)
1510                         packet_buf_write(&buf, "ok %s\n",
1511                                          cmd->ref_name);
1512                 else
1513                         packet_buf_write(&buf, "ng %s %s\n",
1514                                          cmd->ref_name, cmd->error_string);
1515         }
1516         packet_buf_flush(&buf);
1517
1518         if (use_sideband)
1519                 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1520         else
1521                 write_or_die(1, buf.buf, buf.len);
1522         strbuf_release(&buf);
1523 }
1524
1525 static int delete_only(struct command *commands)
1526 {
1527         struct command *cmd;
1528         for (cmd = commands; cmd; cmd = cmd->next) {
1529                 if (!is_null_sha1(cmd->new_sha1))
1530                         return 0;
1531         }
1532         return 1;
1533 }
1534
1535 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1536 {
1537         int advertise_refs = 0;
1538         int i;
1539         struct command *commands;
1540         struct sha1_array shallow = SHA1_ARRAY_INIT;
1541         struct sha1_array ref = SHA1_ARRAY_INIT;
1542         struct shallow_info si;
1543
1544         packet_trace_identity("receive-pack");
1545
1546         argv++;
1547         for (i = 1; i < argc; i++) {
1548                 const char *arg = *argv++;
1549
1550                 if (*arg == '-') {
1551                         if (!strcmp(arg, "--quiet")) {
1552                                 quiet = 1;
1553                                 continue;
1554                         }
1555
1556                         if (!strcmp(arg, "--advertise-refs")) {
1557                                 advertise_refs = 1;
1558                                 continue;
1559                         }
1560                         if (!strcmp(arg, "--stateless-rpc")) {
1561                                 stateless_rpc = 1;
1562                                 continue;
1563                         }
1564                         if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1565                                 fix_thin = 0;
1566                                 continue;
1567                         }
1568
1569                         usage(receive_pack_usage);
1570                 }
1571                 if (service_dir)
1572                         usage(receive_pack_usage);
1573                 service_dir = arg;
1574         }
1575         if (!service_dir)
1576                 usage(receive_pack_usage);
1577
1578         setup_path();
1579
1580         if (!enter_repo(service_dir, 0))
1581                 die("'%s' does not appear to be a git repository", service_dir);
1582
1583         git_config(receive_pack_config, NULL);
1584         if (cert_nonce_seed)
1585                 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1586
1587         if (0 <= transfer_unpack_limit)
1588                 unpack_limit = transfer_unpack_limit;
1589         else if (0 <= receive_unpack_limit)
1590                 unpack_limit = receive_unpack_limit;
1591
1592         if (advertise_refs || !stateless_rpc) {
1593                 write_head_info();
1594         }
1595         if (advertise_refs)
1596                 return 0;
1597
1598         if ((commands = read_head_info(&shallow)) != NULL) {
1599                 const char *unpack_status = NULL;
1600
1601                 prepare_shallow_info(&si, &shallow);
1602                 if (!si.nr_ours && !si.nr_theirs)
1603                         shallow_update = 0;
1604                 if (!delete_only(commands)) {
1605                         unpack_status = unpack_with_sideband(&si);
1606                         update_shallow_info(commands, &si, &ref);
1607                 }
1608                 execute_commands(commands, unpack_status, &si);
1609                 if (pack_lockfile)
1610                         unlink_or_warn(pack_lockfile);
1611                 if (report_status)
1612                         report(commands, unpack_status);
1613                 run_receive_hook(commands, "post-receive", 1);
1614                 run_update_post_hook(commands);
1615                 if (auto_gc) {
1616                         const char *argv_gc_auto[] = {
1617                                 "gc", "--auto", "--quiet", NULL,
1618                         };
1619                         int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1620                         run_command_v_opt(argv_gc_auto, opt);
1621                 }
1622                 if (auto_update_server_info)
1623                         update_server_info(0);
1624                 clear_shallow_info(&si);
1625         }
1626         if (use_sideband)
1627                 packet_flush(1);
1628         sha1_array_clear(&shallow);
1629         sha1_array_clear(&ref);
1630         free((void *)push_cert_nonce);
1631         return 0;
1632 }