7 #include "run-command.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
20 #include "gpg-interface.h"
24 static const char * const receive_pack_usage[] = {
25 N_("git receive-pack <git-dir>"),
37 static int deny_deletes;
38 static int deny_non_fast_forwards;
39 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
40 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
41 static int receive_fsck_objects = -1;
42 static int transfer_fsck_objects = -1;
43 static struct strbuf fsck_msg_types = STRBUF_INIT;
44 static int receive_unpack_limit = -1;
45 static int transfer_unpack_limit = -1;
46 static int advertise_atomic_push = 1;
47 static int unpack_limit = 100;
48 static int report_status;
49 static int use_sideband;
50 static int use_atomic;
52 static int prefer_ofs_delta = 1;
53 static int auto_update_server_info;
54 static int auto_gc = 1;
55 static int reject_thin;
56 static int stateless_rpc;
57 static const char *service_dir;
58 static const char *head_name;
59 static void *head_name_to_free;
60 static int sent_capabilities;
61 static int shallow_update;
62 static const char *alt_shallow_file;
63 static struct strbuf push_cert = STRBUF_INIT;
64 static unsigned char push_cert_sha1[20];
65 static struct signature_check sigcheck;
66 static const char *push_cert_nonce;
67 static const char *cert_nonce_seed;
69 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
70 static const char *NONCE_BAD = "BAD";
71 static const char *NONCE_MISSING = "MISSING";
72 static const char *NONCE_OK = "OK";
73 static const char *NONCE_SLOP = "SLOP";
74 static const char *nonce_status;
75 static long nonce_stamp_slop;
76 static unsigned long nonce_stamp_slop_limit;
77 static struct ref_transaction *transaction;
79 static enum deny_action parse_deny_action(const char *var, const char *value)
82 if (!strcasecmp(value, "ignore"))
84 if (!strcasecmp(value, "warn"))
86 if (!strcasecmp(value, "refuse"))
88 if (!strcasecmp(value, "updateinstead"))
89 return DENY_UPDATE_INSTEAD;
91 if (git_config_bool(var, value))
96 static int receive_pack_config(const char *var, const char *value, void *cb)
98 int status = parse_hide_refs_config(var, value, "receive");
103 if (strcmp(var, "receive.denydeletes") == 0) {
104 deny_deletes = git_config_bool(var, value);
108 if (strcmp(var, "receive.denynonfastforwards") == 0) {
109 deny_non_fast_forwards = git_config_bool(var, value);
113 if (strcmp(var, "receive.unpacklimit") == 0) {
114 receive_unpack_limit = git_config_int(var, value);
118 if (strcmp(var, "transfer.unpacklimit") == 0) {
119 transfer_unpack_limit = git_config_int(var, value);
123 if (strcmp(var, "receive.fsck.skiplist") == 0) {
126 if (git_config_pathname(&path, var, value))
128 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
129 fsck_msg_types.len ? ',' : '=', path);
134 if (skip_prefix(var, "receive.fsck.", &var)) {
135 if (is_valid_msg_type(var, value))
136 strbuf_addf(&fsck_msg_types, "%c%s=%s",
137 fsck_msg_types.len ? ',' : '=', var, value);
139 warning("Skipping unknown msg id '%s'", var);
143 if (strcmp(var, "receive.fsckobjects") == 0) {
144 receive_fsck_objects = git_config_bool(var, value);
148 if (strcmp(var, "transfer.fsckobjects") == 0) {
149 transfer_fsck_objects = git_config_bool(var, value);
153 if (!strcmp(var, "receive.denycurrentbranch")) {
154 deny_current_branch = parse_deny_action(var, value);
158 if (strcmp(var, "receive.denydeletecurrent") == 0) {
159 deny_delete_current = parse_deny_action(var, value);
163 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
164 prefer_ofs_delta = git_config_bool(var, value);
168 if (strcmp(var, "receive.updateserverinfo") == 0) {
169 auto_update_server_info = git_config_bool(var, value);
173 if (strcmp(var, "receive.autogc") == 0) {
174 auto_gc = git_config_bool(var, value);
178 if (strcmp(var, "receive.shallowupdate") == 0) {
179 shallow_update = git_config_bool(var, value);
183 if (strcmp(var, "receive.certnonceseed") == 0)
184 return git_config_string(&cert_nonce_seed, var, value);
186 if (strcmp(var, "receive.certnonceslop") == 0) {
187 nonce_stamp_slop_limit = git_config_ulong(var, value);
191 if (strcmp(var, "receive.advertiseatomic") == 0) {
192 advertise_atomic_push = git_config_bool(var, value);
196 return git_default_config(var, value, cb);
199 static void show_ref(const char *path, const unsigned char *sha1)
201 if (sent_capabilities) {
202 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
204 struct strbuf cap = STRBUF_INIT;
207 "report-status delete-refs side-band-64k quiet");
208 if (advertise_atomic_push)
209 strbuf_addstr(&cap, " atomic");
210 if (prefer_ofs_delta)
211 strbuf_addstr(&cap, " ofs-delta");
213 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
214 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
215 packet_write(1, "%s %s%c%s\n",
216 sha1_to_hex(sha1), path, 0, cap.buf);
217 strbuf_release(&cap);
218 sent_capabilities = 1;
222 static int show_ref_cb(const char *path_full, const struct object_id *oid,
223 int flag, void *unused)
225 const char *path = strip_namespace(path_full);
227 if (ref_is_hidden(path, path_full))
231 * Advertise refs outside our current namespace as ".have"
232 * refs, so that the client can use them to minimize data
233 * transfer but will otherwise ignore them. This happens to
234 * cover ".have" that are thrown in by add_one_alternate_ref()
235 * to mark histories that are complete in our alternates as
240 show_ref(path, oid->hash);
244 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
246 show_ref(".have", sha1);
249 static void collect_one_alternate_ref(const struct ref *ref, void *data)
251 struct sha1_array *sa = data;
252 sha1_array_append(sa, ref->old_oid.hash);
255 static void write_head_info(void)
257 struct sha1_array sa = SHA1_ARRAY_INIT;
259 for_each_alternate_ref(collect_one_alternate_ref, &sa);
260 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
261 sha1_array_clear(&sa);
262 for_each_ref(show_ref_cb, NULL);
263 if (!sent_capabilities)
264 show_ref("capabilities^{}", null_sha1);
266 advertise_shallow_grafts(1);
273 struct command *next;
274 const char *error_string;
275 unsigned int skip_update:1,
278 unsigned char old_sha1[20];
279 unsigned char new_sha1[20];
280 char ref_name[FLEX_ARRAY]; /* more */
283 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
284 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
286 static void report_message(const char *prefix, const char *err, va_list params)
291 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
292 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
293 if (sz > (sizeof(msg) - 1))
294 sz = sizeof(msg) - 1;
298 send_sideband(1, 2, msg, sz, use_sideband);
303 static void rp_warning(const char *err, ...)
306 va_start(params, err);
307 report_message("warning: ", err, params);
311 static void rp_error(const char *err, ...)
314 va_start(params, err);
315 report_message("error: ", err, params);
319 static int copy_to_sideband(int in, int out, void *arg)
323 ssize_t sz = xread(in, data, sizeof(data));
326 send_sideband(1, 2, data, sz, use_sideband);
332 #define HMAC_BLOCK_SIZE 64
334 static void hmac_sha1(unsigned char *out,
335 const char *key_in, size_t key_len,
336 const char *text, size_t text_len)
338 unsigned char key[HMAC_BLOCK_SIZE];
339 unsigned char k_ipad[HMAC_BLOCK_SIZE];
340 unsigned char k_opad[HMAC_BLOCK_SIZE];
344 /* RFC 2104 2. (1) */
345 memset(key, '\0', HMAC_BLOCK_SIZE);
346 if (HMAC_BLOCK_SIZE < key_len) {
348 git_SHA1_Update(&ctx, key_in, key_len);
349 git_SHA1_Final(key, &ctx);
351 memcpy(key, key_in, key_len);
354 /* RFC 2104 2. (2) & (5) */
355 for (i = 0; i < sizeof(key); i++) {
356 k_ipad[i] = key[i] ^ 0x36;
357 k_opad[i] = key[i] ^ 0x5c;
360 /* RFC 2104 2. (3) & (4) */
362 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
363 git_SHA1_Update(&ctx, text, text_len);
364 git_SHA1_Final(out, &ctx);
366 /* RFC 2104 2. (6) & (7) */
368 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
369 git_SHA1_Update(&ctx, out, 20);
370 git_SHA1_Final(out, &ctx);
373 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
375 struct strbuf buf = STRBUF_INIT;
376 unsigned char sha1[20];
378 strbuf_addf(&buf, "%s:%lu", path, stamp);
379 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
380 strbuf_release(&buf);
382 /* RFC 2104 5. HMAC-SHA1-80 */
383 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
384 return strbuf_detach(&buf, NULL);
388 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
389 * after dropping "_commit" from its name and possibly moving it out
392 static char *find_header(const char *msg, size_t len, const char *key)
394 int key_len = strlen(key);
395 const char *line = msg;
397 while (line && line < msg + len) {
398 const char *eol = strchrnul(line, '\n');
400 if ((msg + len <= eol) || line == eol)
402 if (line + key_len < eol &&
403 !memcmp(line, key, key_len) && line[key_len] == ' ') {
404 int offset = key_len + 1;
405 return xmemdupz(line + offset, (eol - line) - offset);
407 line = *eol ? eol + 1 : NULL;
412 static const char *check_nonce(const char *buf, size_t len)
414 char *nonce = find_header(buf, len, "nonce");
415 unsigned long stamp, ostamp;
416 char *bohmac, *expect = NULL;
417 const char *retval = NONCE_BAD;
420 retval = NONCE_MISSING;
422 } else if (!push_cert_nonce) {
423 retval = NONCE_UNSOLICITED;
425 } else if (!strcmp(push_cert_nonce, nonce)) {
430 if (!stateless_rpc) {
431 /* returned nonce MUST match what we gave out earlier */
437 * In stateless mode, we may be receiving a nonce issued by
438 * another instance of the server that serving the same
439 * repository, and the timestamps may not match, but the
440 * nonce-seed and dir should match, so we can recompute and
441 * report the time slop.
443 * In addition, when a nonce issued by another instance has
444 * timestamp within receive.certnonceslop seconds, we pretend
445 * as if we issued that nonce when reporting to the hook.
448 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
449 if (*nonce <= '0' || '9' < *nonce) {
453 stamp = strtoul(nonce, &bohmac, 10);
454 if (bohmac == nonce || bohmac[0] != '-') {
459 expect = prepare_push_cert_nonce(service_dir, stamp);
460 if (strcmp(expect, nonce)) {
461 /* Not what we would have signed earlier */
467 * By how many seconds is this nonce stale? Negative value
468 * would mean it was issued by another server with its clock
469 * skewed in the future.
471 ostamp = strtoul(push_cert_nonce, NULL, 10);
472 nonce_stamp_slop = (long)ostamp - (long)stamp;
474 if (nonce_stamp_slop_limit &&
475 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
477 * Pretend as if the received nonce (which passes the
478 * HMAC check, so it is not a forged by third-party)
481 free((void *)push_cert_nonce);
482 push_cert_nonce = xstrdup(nonce);
494 static void prepare_push_cert_sha1(struct child_process *proc)
496 static int already_done;
502 struct strbuf gpg_output = STRBUF_INIT;
503 struct strbuf gpg_status = STRBUF_INIT;
504 int bogs /* beginning_of_gpg_sig */;
507 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
508 hashclr(push_cert_sha1);
510 memset(&sigcheck, '\0', sizeof(sigcheck));
511 sigcheck.result = 'N';
513 bogs = parse_signature(push_cert.buf, push_cert.len);
514 if (verify_signed_buffer(push_cert.buf, bogs,
515 push_cert.buf + bogs, push_cert.len - bogs,
516 &gpg_output, &gpg_status) < 0) {
517 ; /* error running gpg */
519 sigcheck.payload = push_cert.buf;
520 sigcheck.gpg_output = gpg_output.buf;
521 sigcheck.gpg_status = gpg_status.buf;
522 parse_gpg_output(&sigcheck);
525 strbuf_release(&gpg_output);
526 strbuf_release(&gpg_status);
527 nonce_status = check_nonce(push_cert.buf, bogs);
529 if (!is_null_sha1(push_cert_sha1)) {
530 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
531 sha1_to_hex(push_cert_sha1));
532 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
533 sigcheck.signer ? sigcheck.signer : "");
534 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
535 sigcheck.key ? sigcheck.key : "");
536 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
538 if (push_cert_nonce) {
539 argv_array_pushf(&proc->env_array,
540 "GIT_PUSH_CERT_NONCE=%s",
542 argv_array_pushf(&proc->env_array,
543 "GIT_PUSH_CERT_NONCE_STATUS=%s",
545 if (nonce_status == NONCE_SLOP)
546 argv_array_pushf(&proc->env_array,
547 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
553 typedef int (*feed_fn)(void *, const char **, size_t *);
554 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
556 struct child_process proc = CHILD_PROCESS_INIT;
561 argv[0] = find_hook(hook_name);
569 proc.stdout_to_stderr = 1;
572 memset(&muxer, 0, sizeof(muxer));
573 muxer.proc = copy_to_sideband;
575 code = start_async(&muxer);
581 prepare_push_cert_sha1(&proc);
583 code = start_command(&proc);
586 finish_async(&muxer);
590 sigchain_push(SIGPIPE, SIG_IGN);
595 if (feed(feed_state, &buf, &n))
597 if (write_in_full(proc.in, buf, n) != n)
602 finish_async(&muxer);
604 sigchain_pop(SIGPIPE);
606 return finish_command(&proc);
609 struct receive_hook_feed_state {
615 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
617 struct receive_hook_feed_state *state = state_;
618 struct command *cmd = state->cmd;
621 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
625 strbuf_reset(&state->buf);
626 strbuf_addf(&state->buf, "%s %s %s\n",
627 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
629 state->cmd = cmd->next;
631 *bufp = state->buf.buf;
632 *sizep = state->buf.len;
637 static int run_receive_hook(struct command *commands, const char *hook_name,
640 struct receive_hook_feed_state state;
643 strbuf_init(&state.buf, 0);
644 state.cmd = commands;
645 state.skip_broken = skip_broken;
646 if (feed_receive_hook(&state, NULL, NULL))
648 state.cmd = commands;
649 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
650 strbuf_release(&state.buf);
654 static int run_update_hook(struct command *cmd)
657 struct child_process proc = CHILD_PROCESS_INIT;
660 argv[0] = find_hook("update");
664 argv[1] = cmd->ref_name;
665 argv[2] = sha1_to_hex(cmd->old_sha1);
666 argv[3] = sha1_to_hex(cmd->new_sha1);
670 proc.stdout_to_stderr = 1;
671 proc.err = use_sideband ? -1 : 0;
674 code = start_command(&proc);
678 copy_to_sideband(proc.err, -1, NULL);
679 return finish_command(&proc);
682 static int is_ref_checked_out(const char *ref)
684 if (is_bare_repository())
689 return !strcmp(head_name, ref);
692 static char *refuse_unconfigured_deny_msg[] = {
693 "By default, updating the current branch in a non-bare repository",
694 "is denied, because it will make the index and work tree inconsistent",
695 "with what you pushed, and will require 'git reset --hard' to match",
696 "the work tree to HEAD.",
698 "You can set 'receive.denyCurrentBranch' configuration variable to",
699 "'ignore' or 'warn' in the remote repository to allow pushing into",
700 "its current branch; however, this is not recommended unless you",
701 "arranged to update its work tree to match what you pushed in some",
704 "To squelch this message and still keep the default behaviour, set",
705 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
708 static void refuse_unconfigured_deny(void)
711 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
712 rp_error("%s", refuse_unconfigured_deny_msg[i]);
715 static char *refuse_unconfigured_deny_delete_current_msg[] = {
716 "By default, deleting the current branch is denied, because the next",
717 "'git clone' won't result in any file checked out, causing confusion.",
719 "You can set 'receive.denyDeleteCurrent' configuration variable to",
720 "'warn' or 'ignore' in the remote repository to allow deleting the",
721 "current branch, with or without a warning message.",
723 "To squelch this message, you can set it to 'refuse'."
726 static void refuse_unconfigured_deny_delete_current(void)
730 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
732 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
735 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
736 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
738 static struct lock_file shallow_lock;
739 struct sha1_array extra = SHA1_ARRAY_INIT;
740 const char *alt_file;
741 uint32_t mask = 1 << (cmd->index % 32);
744 trace_printf_key(&trace_shallow,
745 "shallow: update_shallow_ref %s\n", cmd->ref_name);
746 for (i = 0; i < si->shallow->nr; i++)
747 if (si->used_shallow[i] &&
748 (si->used_shallow[i][cmd->index / 32] & mask) &&
749 !delayed_reachability_test(si, i))
750 sha1_array_append(&extra, si->shallow->sha1[i]);
752 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
753 if (check_shallow_connected(command_singleton_iterator,
755 rollback_lock_file(&shallow_lock);
756 sha1_array_clear(&extra);
760 commit_lock_file(&shallow_lock);
763 * Make sure setup_alternate_shallow() for the next ref does
764 * not lose these new roots..
766 for (i = 0; i < extra.nr; i++)
767 register_shallow(extra.sha1[i]);
769 si->shallow_ref[cmd->index] = 0;
770 sha1_array_clear(&extra);
775 * NEEDSWORK: we should consolidate various implementions of "are we
776 * on an unborn branch?" test into one, and make the unified one more
777 * robust. !get_sha1() based check used here and elsewhere would not
778 * allow us to tell an unborn branch from corrupt ref, for example.
779 * For the purpose of fixing "deploy-to-update does not work when
780 * pushing into an empty repository" issue, this should suffice for
783 static int head_has_history(void)
785 unsigned char sha1[20];
787 return !get_sha1("HEAD", sha1);
790 static const char *push_to_deploy(unsigned char *sha1,
791 struct argv_array *env,
792 const char *work_tree)
794 const char *update_refresh[] = {
795 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
797 const char *diff_files[] = {
798 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
800 const char *diff_index[] = {
801 "diff-index", "--quiet", "--cached", "--ignore-submodules",
804 const char *read_tree[] = {
805 "read-tree", "-u", "-m", NULL, NULL
807 struct child_process child = CHILD_PROCESS_INIT;
809 child.argv = update_refresh;
810 child.env = env->argv;
811 child.dir = work_tree;
813 child.stdout_to_stderr = 1;
815 if (run_command(&child))
816 return "Up-to-date check failed";
818 /* run_command() does not clean up completely; reinitialize */
819 child_process_init(&child);
820 child.argv = diff_files;
821 child.env = env->argv;
822 child.dir = work_tree;
824 child.stdout_to_stderr = 1;
826 if (run_command(&child))
827 return "Working directory has unstaged changes";
829 /* diff-index with either HEAD or an empty tree */
830 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
832 child_process_init(&child);
833 child.argv = diff_index;
834 child.env = env->argv;
837 child.stdout_to_stderr = 0;
839 if (run_command(&child))
840 return "Working directory has staged changes";
842 read_tree[3] = sha1_to_hex(sha1);
843 child_process_init(&child);
844 child.argv = read_tree;
845 child.env = env->argv;
846 child.dir = work_tree;
849 child.stdout_to_stderr = 0;
851 if (run_command(&child))
852 return "Could not update working tree to new HEAD";
857 static const char *push_to_checkout_hook = "push-to-checkout";
859 static const char *push_to_checkout(unsigned char *sha1,
860 struct argv_array *env,
861 const char *work_tree)
863 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
864 if (run_hook_le(env->argv, push_to_checkout_hook,
865 sha1_to_hex(sha1), NULL))
866 return "push-to-checkout hook declined";
871 static const char *update_worktree(unsigned char *sha1)
874 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
875 struct argv_array env = ARGV_ARRAY_INIT;
877 if (is_bare_repository())
878 return "denyCurrentBranch = updateInstead needs a worktree";
880 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
882 if (!find_hook(push_to_checkout_hook))
883 retval = push_to_deploy(sha1, &env, work_tree);
885 retval = push_to_checkout(sha1, &env, work_tree);
887 argv_array_clear(&env);
891 static const char *update(struct command *cmd, struct shallow_info *si)
893 const char *name = cmd->ref_name;
894 struct strbuf namespaced_name_buf = STRBUF_INIT;
895 const char *namespaced_name, *ret;
896 unsigned char *old_sha1 = cmd->old_sha1;
897 unsigned char *new_sha1 = cmd->new_sha1;
899 /* only refs/... are allowed */
900 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
901 rp_error("refusing to create funny ref '%s' remotely", name);
902 return "funny refname";
905 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
906 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
908 if (is_ref_checked_out(namespaced_name)) {
909 switch (deny_current_branch) {
913 rp_warning("updating the current branch");
916 case DENY_UNCONFIGURED:
917 rp_error("refusing to update checked out branch: %s", name);
918 if (deny_current_branch == DENY_UNCONFIGURED)
919 refuse_unconfigured_deny();
920 return "branch is currently checked out";
921 case DENY_UPDATE_INSTEAD:
922 ret = update_worktree(new_sha1);
929 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
930 error("unpack should have generated %s, "
931 "but I can't find it!", sha1_to_hex(new_sha1));
935 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
936 if (deny_deletes && starts_with(name, "refs/heads/")) {
937 rp_error("denying ref deletion for %s", name);
938 return "deletion prohibited";
941 if (head_name && !strcmp(namespaced_name, head_name)) {
942 switch (deny_delete_current) {
946 rp_warning("deleting the current branch");
949 case DENY_UNCONFIGURED:
950 case DENY_UPDATE_INSTEAD:
951 if (deny_delete_current == DENY_UNCONFIGURED)
952 refuse_unconfigured_deny_delete_current();
953 rp_error("refusing to delete the current branch: %s", name);
954 return "deletion of the current branch prohibited";
956 return "Invalid denyDeleteCurrent setting";
961 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
962 !is_null_sha1(old_sha1) &&
963 starts_with(name, "refs/heads/")) {
964 struct object *old_object, *new_object;
965 struct commit *old_commit, *new_commit;
967 old_object = parse_object(old_sha1);
968 new_object = parse_object(new_sha1);
970 if (!old_object || !new_object ||
971 old_object->type != OBJ_COMMIT ||
972 new_object->type != OBJ_COMMIT) {
973 error("bad sha1 objects for %s", name);
976 old_commit = (struct commit *)old_object;
977 new_commit = (struct commit *)new_object;
978 if (!in_merge_bases(old_commit, new_commit)) {
979 rp_error("denying non-fast-forward %s"
980 " (you should pull first)", name);
981 return "non-fast-forward";
984 if (run_update_hook(cmd)) {
985 rp_error("hook declined to update %s", name);
986 return "hook declined";
989 if (is_null_sha1(new_sha1)) {
990 struct strbuf err = STRBUF_INIT;
991 if (!parse_object(old_sha1)) {
993 if (ref_exists(name)) {
994 rp_warning("Allowing deletion of corrupt ref.");
996 rp_warning("Deleting a non-existent ref.");
997 cmd->did_not_exist = 1;
1000 if (ref_transaction_delete(transaction,
1004 rp_error("%s", err.buf);
1005 strbuf_release(&err);
1006 return "failed to delete";
1008 strbuf_release(&err);
1009 return NULL; /* good */
1012 struct strbuf err = STRBUF_INIT;
1013 if (shallow_update && si->shallow_ref[cmd->index] &&
1014 update_shallow_ref(cmd, si))
1015 return "shallow error";
1017 if (ref_transaction_update(transaction,
1022 rp_error("%s", err.buf);
1023 strbuf_release(&err);
1025 return "failed to update ref";
1027 strbuf_release(&err);
1029 return NULL; /* good */
1033 static void run_update_post_hook(struct command *commands)
1035 struct command *cmd;
1037 struct child_process proc = CHILD_PROCESS_INIT;
1040 hook = find_hook("post-update");
1041 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1042 if (cmd->error_string || cmd->did_not_exist)
1049 argv_array_push(&proc.args, hook);
1050 for (cmd = commands; cmd; cmd = cmd->next) {
1051 if (cmd->error_string || cmd->did_not_exist)
1053 argv_array_push(&proc.args, cmd->ref_name);
1057 proc.stdout_to_stderr = 1;
1058 proc.err = use_sideband ? -1 : 0;
1060 if (!start_command(&proc)) {
1062 copy_to_sideband(proc.err, -1, NULL);
1063 finish_command(&proc);
1067 static void check_aliased_update(struct command *cmd, struct string_list *list)
1069 struct strbuf buf = STRBUF_INIT;
1070 const char *dst_name;
1071 struct string_list_item *item;
1072 struct command *dst_cmd;
1073 unsigned char sha1[GIT_SHA1_RAWSZ];
1074 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1075 cmd_newh[GIT_SHA1_HEXSZ + 1],
1076 dst_oldh[GIT_SHA1_HEXSZ + 1],
1077 dst_newh[GIT_SHA1_HEXSZ + 1];
1080 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1081 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1082 strbuf_release(&buf);
1084 if (!(flag & REF_ISSYMREF))
1088 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1089 cmd->skip_update = 1;
1090 cmd->error_string = "broken symref";
1093 dst_name = strip_namespace(dst_name);
1095 if ((item = string_list_lookup(list, dst_name)) == NULL)
1098 cmd->skip_update = 1;
1100 dst_cmd = (struct command *) item->util;
1102 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1103 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1106 dst_cmd->skip_update = 1;
1108 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1109 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1110 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1111 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
1112 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1113 " its target '%s' (%s..%s)",
1114 cmd->ref_name, cmd_oldh, cmd_newh,
1115 dst_cmd->ref_name, dst_oldh, dst_newh);
1117 cmd->error_string = dst_cmd->error_string =
1118 "inconsistent aliased update";
1121 static void check_aliased_updates(struct command *commands)
1123 struct command *cmd;
1124 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1126 for (cmd = commands; cmd; cmd = cmd->next) {
1127 struct string_list_item *item =
1128 string_list_append(&ref_list, cmd->ref_name);
1129 item->util = (void *)cmd;
1131 string_list_sort(&ref_list);
1133 for (cmd = commands; cmd; cmd = cmd->next) {
1134 if (!cmd->error_string)
1135 check_aliased_update(cmd, &ref_list);
1138 string_list_clear(&ref_list, 0);
1141 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1143 struct command **cmd_list = cb_data;
1144 struct command *cmd = *cmd_list;
1146 if (!cmd || is_null_sha1(cmd->new_sha1))
1147 return -1; /* end of list */
1148 *cmd_list = NULL; /* this returns only one */
1149 hashcpy(sha1, cmd->new_sha1);
1153 static void set_connectivity_errors(struct command *commands,
1154 struct shallow_info *si)
1156 struct command *cmd;
1158 for (cmd = commands; cmd; cmd = cmd->next) {
1159 struct command *singleton = cmd;
1160 if (shallow_update && si->shallow_ref[cmd->index])
1161 /* to be checked in update_shallow_ref() */
1163 if (!check_everything_connected(command_singleton_iterator,
1166 cmd->error_string = "missing necessary objects";
1170 struct iterate_data {
1171 struct command *cmds;
1172 struct shallow_info *si;
1175 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1177 struct iterate_data *data = cb_data;
1178 struct command **cmd_list = &data->cmds;
1179 struct command *cmd = *cmd_list;
1181 for (; cmd; cmd = cmd->next) {
1182 if (shallow_update && data->si->shallow_ref[cmd->index])
1183 /* to be checked in update_shallow_ref() */
1185 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1186 hashcpy(sha1, cmd->new_sha1);
1187 *cmd_list = cmd->next;
1192 return -1; /* end of list */
1195 static void reject_updates_to_hidden(struct command *commands)
1197 struct strbuf refname_full = STRBUF_INIT;
1199 struct command *cmd;
1201 strbuf_addstr(&refname_full, get_git_namespace());
1202 prefix_len = refname_full.len;
1204 for (cmd = commands; cmd; cmd = cmd->next) {
1205 if (cmd->error_string)
1208 strbuf_setlen(&refname_full, prefix_len);
1209 strbuf_addstr(&refname_full, cmd->ref_name);
1211 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1213 if (is_null_sha1(cmd->new_sha1))
1214 cmd->error_string = "deny deleting a hidden ref";
1216 cmd->error_string = "deny updating a hidden ref";
1219 strbuf_release(&refname_full);
1222 static int should_process_cmd(struct command *cmd)
1224 return !cmd->error_string && !cmd->skip_update;
1227 static void warn_if_skipped_connectivity_check(struct command *commands,
1228 struct shallow_info *si)
1230 struct command *cmd;
1231 int checked_connectivity = 1;
1233 for (cmd = commands; cmd; cmd = cmd->next) {
1234 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1235 error("BUG: connectivity check has not been run on ref %s",
1237 checked_connectivity = 0;
1240 if (!checked_connectivity)
1241 die("BUG: connectivity check skipped???");
1244 static void execute_commands_non_atomic(struct command *commands,
1245 struct shallow_info *si)
1247 struct command *cmd;
1248 struct strbuf err = STRBUF_INIT;
1250 for (cmd = commands; cmd; cmd = cmd->next) {
1251 if (!should_process_cmd(cmd))
1254 transaction = ref_transaction_begin(&err);
1256 rp_error("%s", err.buf);
1258 cmd->error_string = "transaction failed to start";
1262 cmd->error_string = update(cmd, si);
1264 if (!cmd->error_string
1265 && ref_transaction_commit(transaction, &err)) {
1266 rp_error("%s", err.buf);
1268 cmd->error_string = "failed to update ref";
1270 ref_transaction_free(transaction);
1272 strbuf_release(&err);
1275 static void execute_commands_atomic(struct command *commands,
1276 struct shallow_info *si)
1278 struct command *cmd;
1279 struct strbuf err = STRBUF_INIT;
1280 const char *reported_error = "atomic push failure";
1282 transaction = ref_transaction_begin(&err);
1284 rp_error("%s", err.buf);
1286 reported_error = "transaction failed to start";
1290 for (cmd = commands; cmd; cmd = cmd->next) {
1291 if (!should_process_cmd(cmd))
1294 cmd->error_string = update(cmd, si);
1296 if (cmd->error_string)
1300 if (ref_transaction_commit(transaction, &err)) {
1301 rp_error("%s", err.buf);
1302 reported_error = "atomic transaction failed";
1308 for (cmd = commands; cmd; cmd = cmd->next)
1309 if (!cmd->error_string)
1310 cmd->error_string = reported_error;
1313 ref_transaction_free(transaction);
1314 strbuf_release(&err);
1317 static void execute_commands(struct command *commands,
1318 const char *unpacker_error,
1319 struct shallow_info *si)
1321 struct command *cmd;
1322 unsigned char sha1[20];
1323 struct iterate_data data;
1325 if (unpacker_error) {
1326 for (cmd = commands; cmd; cmd = cmd->next)
1327 cmd->error_string = "unpacker error";
1331 data.cmds = commands;
1333 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1334 set_connectivity_errors(commands, si);
1336 reject_updates_to_hidden(commands);
1338 if (run_receive_hook(commands, "pre-receive", 0)) {
1339 for (cmd = commands; cmd; cmd = cmd->next) {
1340 if (!cmd->error_string)
1341 cmd->error_string = "pre-receive hook declined";
1346 check_aliased_updates(commands);
1348 free(head_name_to_free);
1349 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1352 execute_commands_atomic(commands, si);
1354 execute_commands_non_atomic(commands, si);
1357 warn_if_skipped_connectivity_check(commands, si);
1360 static struct command **queue_command(struct command **tail,
1364 unsigned char old_sha1[20], new_sha1[20];
1365 struct command *cmd;
1366 const char *refname;
1372 get_sha1_hex(line, old_sha1) ||
1373 get_sha1_hex(line + 41, new_sha1))
1374 die("protocol error: expected old/new/ref, got '%s'", line);
1376 refname = line + 82;
1377 reflen = linelen - 82;
1378 cmd = xcalloc(1, st_add3(sizeof(struct command), reflen, 1));
1379 hashcpy(cmd->old_sha1, old_sha1);
1380 hashcpy(cmd->new_sha1, new_sha1);
1381 memcpy(cmd->ref_name, refname, reflen);
1382 cmd->ref_name[reflen] = '\0';
1387 static void queue_commands_from_cert(struct command **tail,
1388 struct strbuf *push_cert)
1390 const char *boc, *eoc;
1393 die("protocol error: got both push certificate and unsigned commands");
1395 boc = strstr(push_cert->buf, "\n\n");
1397 die("malformed push certificate %.*s", 100, push_cert->buf);
1400 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1403 const char *eol = memchr(boc, '\n', eoc - boc);
1404 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1405 boc = eol ? eol + 1 : eoc;
1409 static struct command *read_head_info(struct sha1_array *shallow)
1411 struct command *commands = NULL;
1412 struct command **p = &commands;
1417 line = packet_read_line(0, &len);
1421 if (len == 48 && starts_with(line, "shallow ")) {
1422 unsigned char sha1[20];
1423 if (get_sha1_hex(line + 8, sha1))
1424 die("protocol error: expected shallow sha, got '%s'",
1426 sha1_array_append(shallow, sha1);
1430 linelen = strlen(line);
1431 if (linelen < len) {
1432 const char *feature_list = line + linelen + 1;
1433 if (parse_feature_request(feature_list, "report-status"))
1435 if (parse_feature_request(feature_list, "side-band-64k"))
1436 use_sideband = LARGE_PACKET_MAX;
1437 if (parse_feature_request(feature_list, "quiet"))
1439 if (advertise_atomic_push
1440 && parse_feature_request(feature_list, "atomic"))
1444 if (!strcmp(line, "push-cert")) {
1449 len = packet_read(0, NULL, NULL,
1450 certbuf, sizeof(certbuf), 0);
1455 if (!strcmp(certbuf, "push-cert-end\n"))
1456 break; /* end of cert */
1457 strbuf_addstr(&push_cert, certbuf);
1465 p = queue_command(p, line, linelen);
1469 queue_commands_from_cert(p, &push_cert);
1474 static const char *parse_pack_header(struct pack_header *hdr)
1476 switch (read_pack_header(0, hdr)) {
1478 return "eof before pack header was fully read";
1480 case PH_ERROR_PACK_SIGNATURE:
1481 return "protocol error (pack signature mismatch detected)";
1483 case PH_ERROR_PROTOCOL:
1484 return "protocol error (pack version unsupported)";
1487 return "unknown error in parse_pack_header";
1494 static const char *pack_lockfile;
1496 static const char *unpack(int err_fd, struct shallow_info *si)
1498 struct pack_header hdr;
1499 const char *hdr_err;
1502 struct child_process child = CHILD_PROCESS_INIT;
1503 int fsck_objects = (receive_fsck_objects >= 0
1504 ? receive_fsck_objects
1505 : transfer_fsck_objects >= 0
1506 ? transfer_fsck_objects
1509 hdr_err = parse_pack_header(&hdr);
1515 snprintf(hdr_arg, sizeof(hdr_arg),
1516 "--pack_header=%"PRIu32",%"PRIu32,
1517 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1519 if (si->nr_ours || si->nr_theirs) {
1520 alt_shallow_file = setup_temporary_shallow(si->shallow);
1521 argv_array_push(&child.args, "--shallow-file");
1522 argv_array_push(&child.args, alt_shallow_file);
1525 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1526 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1528 argv_array_push(&child.args, "-q");
1530 argv_array_pushf(&child.args, "--strict%s",
1531 fsck_msg_types.buf);
1532 child.no_stdout = 1;
1535 status = run_command(&child);
1537 return "unpack-objects abnormal exit";
1541 argv_array_pushl(&child.args, "index-pack",
1542 "--stdin", hdr_arg, NULL);
1544 if (gethostname(hostname, sizeof(hostname)))
1545 xsnprintf(hostname, sizeof(hostname), "localhost");
1546 argv_array_pushf(&child.args,
1547 "--keep=receive-pack %"PRIuMAX" on %s",
1548 (uintmax_t)getpid(),
1552 argv_array_pushf(&child.args, "--strict%s",
1553 fsck_msg_types.buf);
1555 argv_array_push(&child.args, "--fix-thin");
1559 status = start_command(&child);
1561 return "index-pack fork failed";
1562 pack_lockfile = index_pack_lockfile(child.out);
1564 status = finish_command(&child);
1566 return "index-pack abnormal exit";
1567 reprepare_packed_git();
1572 static const char *unpack_with_sideband(struct shallow_info *si)
1578 return unpack(0, si);
1580 memset(&muxer, 0, sizeof(muxer));
1581 muxer.proc = copy_to_sideband;
1583 if (start_async(&muxer))
1586 ret = unpack(muxer.in, si);
1588 finish_async(&muxer);
1592 static void prepare_shallow_update(struct command *commands,
1593 struct shallow_info *si)
1595 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1597 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1598 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1600 si->need_reachability_test =
1601 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1603 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1604 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1606 for (i = 0; i < si->nr_ours; i++)
1607 si->need_reachability_test[si->ours[i]] = 1;
1609 for (i = 0; i < si->shallow->nr; i++) {
1610 if (!si->used_shallow[i])
1612 for (j = 0; j < bitmap_size; j++) {
1613 if (!si->used_shallow[i][j])
1615 si->need_reachability_test[i]++;
1616 for (k = 0; k < 32; k++)
1617 if (si->used_shallow[i][j] & (1U << k))
1618 si->shallow_ref[j * 32 + k]++;
1622 * true for those associated with some refs and belong
1623 * in "ours" list aka "step 7 not done yet"
1625 si->need_reachability_test[i] =
1626 si->need_reachability_test[i] > 1;
1630 * keep hooks happy by forcing a temporary shallow file via
1631 * env variable because we can't add --shallow-file to every
1632 * command. check_everything_connected() will be done with
1633 * true .git/shallow though.
1635 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1638 static void update_shallow_info(struct command *commands,
1639 struct shallow_info *si,
1640 struct sha1_array *ref)
1642 struct command *cmd;
1644 remove_nonexistent_theirs_shallow(si);
1645 if (!si->nr_ours && !si->nr_theirs) {
1650 for (cmd = commands; cmd; cmd = cmd->next) {
1651 if (is_null_sha1(cmd->new_sha1))
1653 sha1_array_append(ref, cmd->new_sha1);
1654 cmd->index = ref->nr - 1;
1658 if (shallow_update) {
1659 prepare_shallow_update(commands, si);
1663 ALLOC_ARRAY(ref_status, ref->nr);
1664 assign_shallow_commits_to_refs(si, NULL, ref_status);
1665 for (cmd = commands; cmd; cmd = cmd->next) {
1666 if (is_null_sha1(cmd->new_sha1))
1668 if (ref_status[cmd->index]) {
1669 cmd->error_string = "shallow update not allowed";
1670 cmd->skip_update = 1;
1676 static void report(struct command *commands, const char *unpack_status)
1678 struct command *cmd;
1679 struct strbuf buf = STRBUF_INIT;
1681 packet_buf_write(&buf, "unpack %s\n",
1682 unpack_status ? unpack_status : "ok");
1683 for (cmd = commands; cmd; cmd = cmd->next) {
1684 if (!cmd->error_string)
1685 packet_buf_write(&buf, "ok %s\n",
1688 packet_buf_write(&buf, "ng %s %s\n",
1689 cmd->ref_name, cmd->error_string);
1691 packet_buf_flush(&buf);
1694 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1696 write_or_die(1, buf.buf, buf.len);
1697 strbuf_release(&buf);
1700 static int delete_only(struct command *commands)
1702 struct command *cmd;
1703 for (cmd = commands; cmd; cmd = cmd->next) {
1704 if (!is_null_sha1(cmd->new_sha1))
1710 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1712 int advertise_refs = 0;
1713 struct command *commands;
1714 struct sha1_array shallow = SHA1_ARRAY_INIT;
1715 struct sha1_array ref = SHA1_ARRAY_INIT;
1716 struct shallow_info si;
1718 struct option options[] = {
1719 OPT__QUIET(&quiet, N_("quiet")),
1720 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1721 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1722 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1726 packet_trace_identity("receive-pack");
1728 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1731 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1733 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1735 service_dir = argv[0];
1739 if (!enter_repo(service_dir, 0))
1740 die("'%s' does not appear to be a git repository", service_dir);
1742 git_config(receive_pack_config, NULL);
1743 if (cert_nonce_seed)
1744 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1746 if (0 <= transfer_unpack_limit)
1747 unpack_limit = transfer_unpack_limit;
1748 else if (0 <= receive_unpack_limit)
1749 unpack_limit = receive_unpack_limit;
1751 if (advertise_refs || !stateless_rpc) {
1757 if ((commands = read_head_info(&shallow)) != NULL) {
1758 const char *unpack_status = NULL;
1760 prepare_shallow_info(&si, &shallow);
1761 if (!si.nr_ours && !si.nr_theirs)
1763 if (!delete_only(commands)) {
1764 unpack_status = unpack_with_sideband(&si);
1765 update_shallow_info(commands, &si, &ref);
1767 execute_commands(commands, unpack_status, &si);
1769 unlink_or_warn(pack_lockfile);
1771 report(commands, unpack_status);
1772 run_receive_hook(commands, "post-receive", 1);
1773 run_update_post_hook(commands);
1775 const char *argv_gc_auto[] = {
1776 "gc", "--auto", "--quiet", NULL,
1778 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1780 run_command_v_opt(argv_gc_auto, opt);
1782 if (auto_update_server_info)
1783 update_server_info(0);
1784 clear_shallow_info(&si);
1788 sha1_array_clear(&shallow);
1789 sha1_array_clear(&ref);
1790 free((void *)push_cert_nonce);