Sync with 2.4.8
[git] / builtin / receive-pack.c
1 #include "builtin.h"
2 #include "lockfile.h"
3 #include "pack.h"
4 #include "refs.h"
5 #include "pkt-line.h"
6 #include "sideband.h"
7 #include "run-command.h"
8 #include "exec_cmd.h"
9 #include "commit.h"
10 #include "object.h"
11 #include "remote.h"
12 #include "connect.h"
13 #include "transport.h"
14 #include "string-list.h"
15 #include "sha1-array.h"
16 #include "connected.h"
17 #include "argv-array.h"
18 #include "version.h"
19 #include "tag.h"
20 #include "gpg-interface.h"
21 #include "sigchain.h"
22
23 static const char receive_pack_usage[] = "git receive-pack <git-dir>";
24
25 enum deny_action {
26         DENY_UNCONFIGURED,
27         DENY_IGNORE,
28         DENY_WARN,
29         DENY_REFUSE,
30         DENY_UPDATE_INSTEAD
31 };
32
33 static int deny_deletes;
34 static int deny_non_fast_forwards;
35 static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
36 static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
37 static int receive_fsck_objects = -1;
38 static int transfer_fsck_objects = -1;
39 static int receive_unpack_limit = -1;
40 static int transfer_unpack_limit = -1;
41 static int advertise_atomic_push = 1;
42 static int unpack_limit = 100;
43 static int report_status;
44 static int use_sideband;
45 static int use_atomic;
46 static int quiet;
47 static int prefer_ofs_delta = 1;
48 static int auto_update_server_info;
49 static int auto_gc = 1;
50 static int fix_thin = 1;
51 static int stateless_rpc;
52 static const char *service_dir;
53 static const char *head_name;
54 static void *head_name_to_free;
55 static int sent_capabilities;
56 static int shallow_update;
57 static const char *alt_shallow_file;
58 static struct strbuf push_cert = STRBUF_INIT;
59 static unsigned char push_cert_sha1[20];
60 static struct signature_check sigcheck;
61 static const char *push_cert_nonce;
62 static const char *cert_nonce_seed;
63
64 static const char *NONCE_UNSOLICITED = "UNSOLICITED";
65 static const char *NONCE_BAD = "BAD";
66 static const char *NONCE_MISSING = "MISSING";
67 static const char *NONCE_OK = "OK";
68 static const char *NONCE_SLOP = "SLOP";
69 static const char *nonce_status;
70 static long nonce_stamp_slop;
71 static unsigned long nonce_stamp_slop_limit;
72 static struct ref_transaction *transaction;
73
74 static enum deny_action parse_deny_action(const char *var, const char *value)
75 {
76         if (value) {
77                 if (!strcasecmp(value, "ignore"))
78                         return DENY_IGNORE;
79                 if (!strcasecmp(value, "warn"))
80                         return DENY_WARN;
81                 if (!strcasecmp(value, "refuse"))
82                         return DENY_REFUSE;
83                 if (!strcasecmp(value, "updateinstead"))
84                         return DENY_UPDATE_INSTEAD;
85         }
86         if (git_config_bool(var, value))
87                 return DENY_REFUSE;
88         return DENY_IGNORE;
89 }
90
91 static int receive_pack_config(const char *var, const char *value, void *cb)
92 {
93         int status = parse_hide_refs_config(var, value, "receive");
94
95         if (status)
96                 return status;
97
98         if (strcmp(var, "receive.denydeletes") == 0) {
99                 deny_deletes = git_config_bool(var, value);
100                 return 0;
101         }
102
103         if (strcmp(var, "receive.denynonfastforwards") == 0) {
104                 deny_non_fast_forwards = git_config_bool(var, value);
105                 return 0;
106         }
107
108         if (strcmp(var, "receive.unpacklimit") == 0) {
109                 receive_unpack_limit = git_config_int(var, value);
110                 return 0;
111         }
112
113         if (strcmp(var, "transfer.unpacklimit") == 0) {
114                 transfer_unpack_limit = git_config_int(var, value);
115                 return 0;
116         }
117
118         if (strcmp(var, "receive.fsckobjects") == 0) {
119                 receive_fsck_objects = git_config_bool(var, value);
120                 return 0;
121         }
122
123         if (strcmp(var, "transfer.fsckobjects") == 0) {
124                 transfer_fsck_objects = git_config_bool(var, value);
125                 return 0;
126         }
127
128         if (!strcmp(var, "receive.denycurrentbranch")) {
129                 deny_current_branch = parse_deny_action(var, value);
130                 return 0;
131         }
132
133         if (strcmp(var, "receive.denydeletecurrent") == 0) {
134                 deny_delete_current = parse_deny_action(var, value);
135                 return 0;
136         }
137
138         if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
139                 prefer_ofs_delta = git_config_bool(var, value);
140                 return 0;
141         }
142
143         if (strcmp(var, "receive.updateserverinfo") == 0) {
144                 auto_update_server_info = git_config_bool(var, value);
145                 return 0;
146         }
147
148         if (strcmp(var, "receive.autogc") == 0) {
149                 auto_gc = git_config_bool(var, value);
150                 return 0;
151         }
152
153         if (strcmp(var, "receive.shallowupdate") == 0) {
154                 shallow_update = git_config_bool(var, value);
155                 return 0;
156         }
157
158         if (strcmp(var, "receive.certnonceseed") == 0)
159                 return git_config_string(&cert_nonce_seed, var, value);
160
161         if (strcmp(var, "receive.certnonceslop") == 0) {
162                 nonce_stamp_slop_limit = git_config_ulong(var, value);
163                 return 0;
164         }
165
166         if (strcmp(var, "receive.advertiseatomic") == 0) {
167                 advertise_atomic_push = git_config_bool(var, value);
168                 return 0;
169         }
170
171         return git_default_config(var, value, cb);
172 }
173
174 static void show_ref(const char *path, const unsigned char *sha1)
175 {
176         if (ref_is_hidden(path))
177                 return;
178
179         if (sent_capabilities) {
180                 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
181         } else {
182                 struct strbuf cap = STRBUF_INIT;
183
184                 strbuf_addstr(&cap,
185                               "report-status delete-refs side-band-64k quiet");
186                 if (advertise_atomic_push)
187                         strbuf_addstr(&cap, " atomic");
188                 if (prefer_ofs_delta)
189                         strbuf_addstr(&cap, " ofs-delta");
190                 if (push_cert_nonce)
191                         strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
192                 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
193                 packet_write(1, "%s %s%c%s\n",
194                              sha1_to_hex(sha1), path, 0, cap.buf);
195                 strbuf_release(&cap);
196                 sent_capabilities = 1;
197         }
198 }
199
200 static int show_ref_cb(const char *path, const struct object_id *oid, int flag, void *unused)
201 {
202         path = strip_namespace(path);
203         /*
204          * Advertise refs outside our current namespace as ".have"
205          * refs, so that the client can use them to minimize data
206          * transfer but will otherwise ignore them. This happens to
207          * cover ".have" that are thrown in by add_one_alternate_ref()
208          * to mark histories that are complete in our alternates as
209          * well.
210          */
211         if (!path)
212                 path = ".have";
213         show_ref(path, oid->hash);
214         return 0;
215 }
216
217 static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
218 {
219         show_ref(".have", sha1);
220 }
221
222 static void collect_one_alternate_ref(const struct ref *ref, void *data)
223 {
224         struct sha1_array *sa = data;
225         sha1_array_append(sa, ref->old_sha1);
226 }
227
228 static void write_head_info(void)
229 {
230         struct sha1_array sa = SHA1_ARRAY_INIT;
231
232         for_each_alternate_ref(collect_one_alternate_ref, &sa);
233         sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
234         sha1_array_clear(&sa);
235         for_each_ref(show_ref_cb, NULL);
236         if (!sent_capabilities)
237                 show_ref("capabilities^{}", null_sha1);
238
239         advertise_shallow_grafts(1);
240
241         /* EOF */
242         packet_flush(1);
243 }
244
245 struct command {
246         struct command *next;
247         const char *error_string;
248         unsigned int skip_update:1,
249                      did_not_exist:1;
250         int index;
251         unsigned char old_sha1[20];
252         unsigned char new_sha1[20];
253         char ref_name[FLEX_ARRAY]; /* more */
254 };
255
256 static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
257 static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
258
259 static void report_message(const char *prefix, const char *err, va_list params)
260 {
261         int sz = strlen(prefix);
262         char msg[4096];
263
264         strncpy(msg, prefix, sz);
265         sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
266         if (sz > (sizeof(msg) - 1))
267                 sz = sizeof(msg) - 1;
268         msg[sz++] = '\n';
269
270         if (use_sideband)
271                 send_sideband(1, 2, msg, sz, use_sideband);
272         else
273                 xwrite(2, msg, sz);
274 }
275
276 static void rp_warning(const char *err, ...)
277 {
278         va_list params;
279         va_start(params, err);
280         report_message("warning: ", err, params);
281         va_end(params);
282 }
283
284 static void rp_error(const char *err, ...)
285 {
286         va_list params;
287         va_start(params, err);
288         report_message("error: ", err, params);
289         va_end(params);
290 }
291
292 static int copy_to_sideband(int in, int out, void *arg)
293 {
294         char data[128];
295         while (1) {
296                 ssize_t sz = xread(in, data, sizeof(data));
297                 if (sz <= 0)
298                         break;
299                 send_sideband(1, 2, data, sz, use_sideband);
300         }
301         close(in);
302         return 0;
303 }
304
305 #define HMAC_BLOCK_SIZE 64
306
307 static void hmac_sha1(unsigned char *out,
308                       const char *key_in, size_t key_len,
309                       const char *text, size_t text_len)
310 {
311         unsigned char key[HMAC_BLOCK_SIZE];
312         unsigned char k_ipad[HMAC_BLOCK_SIZE];
313         unsigned char k_opad[HMAC_BLOCK_SIZE];
314         int i;
315         git_SHA_CTX ctx;
316
317         /* RFC 2104 2. (1) */
318         memset(key, '\0', HMAC_BLOCK_SIZE);
319         if (HMAC_BLOCK_SIZE < key_len) {
320                 git_SHA1_Init(&ctx);
321                 git_SHA1_Update(&ctx, key_in, key_len);
322                 git_SHA1_Final(key, &ctx);
323         } else {
324                 memcpy(key, key_in, key_len);
325         }
326
327         /* RFC 2104 2. (2) & (5) */
328         for (i = 0; i < sizeof(key); i++) {
329                 k_ipad[i] = key[i] ^ 0x36;
330                 k_opad[i] = key[i] ^ 0x5c;
331         }
332
333         /* RFC 2104 2. (3) & (4) */
334         git_SHA1_Init(&ctx);
335         git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
336         git_SHA1_Update(&ctx, text, text_len);
337         git_SHA1_Final(out, &ctx);
338
339         /* RFC 2104 2. (6) & (7) */
340         git_SHA1_Init(&ctx);
341         git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
342         git_SHA1_Update(&ctx, out, 20);
343         git_SHA1_Final(out, &ctx);
344 }
345
346 static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
347 {
348         struct strbuf buf = STRBUF_INIT;
349         unsigned char sha1[20];
350
351         strbuf_addf(&buf, "%s:%lu", path, stamp);
352         hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
353         strbuf_release(&buf);
354
355         /* RFC 2104 5. HMAC-SHA1-80 */
356         strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
357         return strbuf_detach(&buf, NULL);
358 }
359
360 /*
361  * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
362  * after dropping "_commit" from its name and possibly moving it out
363  * of commit.c
364  */
365 static char *find_header(const char *msg, size_t len, const char *key)
366 {
367         int key_len = strlen(key);
368         const char *line = msg;
369
370         while (line && line < msg + len) {
371                 const char *eol = strchrnul(line, '\n');
372
373                 if ((msg + len <= eol) || line == eol)
374                         return NULL;
375                 if (line + key_len < eol &&
376                     !memcmp(line, key, key_len) && line[key_len] == ' ') {
377                         int offset = key_len + 1;
378                         return xmemdupz(line + offset, (eol - line) - offset);
379                 }
380                 line = *eol ? eol + 1 : NULL;
381         }
382         return NULL;
383 }
384
385 static const char *check_nonce(const char *buf, size_t len)
386 {
387         char *nonce = find_header(buf, len, "nonce");
388         unsigned long stamp, ostamp;
389         char *bohmac, *expect = NULL;
390         const char *retval = NONCE_BAD;
391
392         if (!nonce) {
393                 retval = NONCE_MISSING;
394                 goto leave;
395         } else if (!push_cert_nonce) {
396                 retval = NONCE_UNSOLICITED;
397                 goto leave;
398         } else if (!strcmp(push_cert_nonce, nonce)) {
399                 retval = NONCE_OK;
400                 goto leave;
401         }
402
403         if (!stateless_rpc) {
404                 /* returned nonce MUST match what we gave out earlier */
405                 retval = NONCE_BAD;
406                 goto leave;
407         }
408
409         /*
410          * In stateless mode, we may be receiving a nonce issued by
411          * another instance of the server that serving the same
412          * repository, and the timestamps may not match, but the
413          * nonce-seed and dir should match, so we can recompute and
414          * report the time slop.
415          *
416          * In addition, when a nonce issued by another instance has
417          * timestamp within receive.certnonceslop seconds, we pretend
418          * as if we issued that nonce when reporting to the hook.
419          */
420
421         /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
422         if (*nonce <= '0' || '9' < *nonce) {
423                 retval = NONCE_BAD;
424                 goto leave;
425         }
426         stamp = strtoul(nonce, &bohmac, 10);
427         if (bohmac == nonce || bohmac[0] != '-') {
428                 retval = NONCE_BAD;
429                 goto leave;
430         }
431
432         expect = prepare_push_cert_nonce(service_dir, stamp);
433         if (strcmp(expect, nonce)) {
434                 /* Not what we would have signed earlier */
435                 retval = NONCE_BAD;
436                 goto leave;
437         }
438
439         /*
440          * By how many seconds is this nonce stale?  Negative value
441          * would mean it was issued by another server with its clock
442          * skewed in the future.
443          */
444         ostamp = strtoul(push_cert_nonce, NULL, 10);
445         nonce_stamp_slop = (long)ostamp - (long)stamp;
446
447         if (nonce_stamp_slop_limit &&
448             labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
449                 /*
450                  * Pretend as if the received nonce (which passes the
451                  * HMAC check, so it is not a forged by third-party)
452                  * is what we issued.
453                  */
454                 free((void *)push_cert_nonce);
455                 push_cert_nonce = xstrdup(nonce);
456                 retval = NONCE_OK;
457         } else {
458                 retval = NONCE_SLOP;
459         }
460
461 leave:
462         free(nonce);
463         free(expect);
464         return retval;
465 }
466
467 static void prepare_push_cert_sha1(struct child_process *proc)
468 {
469         static int already_done;
470
471         if (!push_cert.len)
472                 return;
473
474         if (!already_done) {
475                 struct strbuf gpg_output = STRBUF_INIT;
476                 struct strbuf gpg_status = STRBUF_INIT;
477                 int bogs /* beginning_of_gpg_sig */;
478
479                 already_done = 1;
480                 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
481                         hashclr(push_cert_sha1);
482
483                 memset(&sigcheck, '\0', sizeof(sigcheck));
484                 sigcheck.result = 'N';
485
486                 bogs = parse_signature(push_cert.buf, push_cert.len);
487                 if (verify_signed_buffer(push_cert.buf, bogs,
488                                          push_cert.buf + bogs, push_cert.len - bogs,
489                                          &gpg_output, &gpg_status) < 0) {
490                         ; /* error running gpg */
491                 } else {
492                         sigcheck.payload = push_cert.buf;
493                         sigcheck.gpg_output = gpg_output.buf;
494                         sigcheck.gpg_status = gpg_status.buf;
495                         parse_gpg_output(&sigcheck);
496                 }
497
498                 strbuf_release(&gpg_output);
499                 strbuf_release(&gpg_status);
500                 nonce_status = check_nonce(push_cert.buf, bogs);
501         }
502         if (!is_null_sha1(push_cert_sha1)) {
503                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
504                                  sha1_to_hex(push_cert_sha1));
505                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
506                                  sigcheck.signer ? sigcheck.signer : "");
507                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
508                                  sigcheck.key ? sigcheck.key : "");
509                 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
510                                  sigcheck.result);
511                 if (push_cert_nonce) {
512                         argv_array_pushf(&proc->env_array,
513                                          "GIT_PUSH_CERT_NONCE=%s",
514                                          push_cert_nonce);
515                         argv_array_pushf(&proc->env_array,
516                                          "GIT_PUSH_CERT_NONCE_STATUS=%s",
517                                          nonce_status);
518                         if (nonce_status == NONCE_SLOP)
519                                 argv_array_pushf(&proc->env_array,
520                                                  "GIT_PUSH_CERT_NONCE_SLOP=%ld",
521                                                  nonce_stamp_slop);
522                 }
523         }
524 }
525
526 typedef int (*feed_fn)(void *, const char **, size_t *);
527 static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
528 {
529         struct child_process proc = CHILD_PROCESS_INIT;
530         struct async muxer;
531         const char *argv[2];
532         int code;
533
534         argv[0] = find_hook(hook_name);
535         if (!argv[0])
536                 return 0;
537
538         argv[1] = NULL;
539
540         proc.argv = argv;
541         proc.in = -1;
542         proc.stdout_to_stderr = 1;
543
544         if (use_sideband) {
545                 memset(&muxer, 0, sizeof(muxer));
546                 muxer.proc = copy_to_sideband;
547                 muxer.in = -1;
548                 code = start_async(&muxer);
549                 if (code)
550                         return code;
551                 proc.err = muxer.in;
552         }
553
554         prepare_push_cert_sha1(&proc);
555
556         code = start_command(&proc);
557         if (code) {
558                 if (use_sideband)
559                         finish_async(&muxer);
560                 return code;
561         }
562
563         sigchain_push(SIGPIPE, SIG_IGN);
564
565         while (1) {
566                 const char *buf;
567                 size_t n;
568                 if (feed(feed_state, &buf, &n))
569                         break;
570                 if (write_in_full(proc.in, buf, n) != n)
571                         break;
572         }
573         close(proc.in);
574         if (use_sideband)
575                 finish_async(&muxer);
576
577         sigchain_pop(SIGPIPE);
578
579         return finish_command(&proc);
580 }
581
582 struct receive_hook_feed_state {
583         struct command *cmd;
584         int skip_broken;
585         struct strbuf buf;
586 };
587
588 static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
589 {
590         struct receive_hook_feed_state *state = state_;
591         struct command *cmd = state->cmd;
592
593         while (cmd &&
594                state->skip_broken && (cmd->error_string || cmd->did_not_exist))
595                 cmd = cmd->next;
596         if (!cmd)
597                 return -1; /* EOF */
598         strbuf_reset(&state->buf);
599         strbuf_addf(&state->buf, "%s %s %s\n",
600                     sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
601                     cmd->ref_name);
602         state->cmd = cmd->next;
603         if (bufp) {
604                 *bufp = state->buf.buf;
605                 *sizep = state->buf.len;
606         }
607         return 0;
608 }
609
610 static int run_receive_hook(struct command *commands, const char *hook_name,
611                             int skip_broken)
612 {
613         struct receive_hook_feed_state state;
614         int status;
615
616         strbuf_init(&state.buf, 0);
617         state.cmd = commands;
618         state.skip_broken = skip_broken;
619         if (feed_receive_hook(&state, NULL, NULL))
620                 return 0;
621         state.cmd = commands;
622         status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
623         strbuf_release(&state.buf);
624         return status;
625 }
626
627 static int run_update_hook(struct command *cmd)
628 {
629         const char *argv[5];
630         struct child_process proc = CHILD_PROCESS_INIT;
631         int code;
632
633         argv[0] = find_hook("update");
634         if (!argv[0])
635                 return 0;
636
637         argv[1] = cmd->ref_name;
638         argv[2] = sha1_to_hex(cmd->old_sha1);
639         argv[3] = sha1_to_hex(cmd->new_sha1);
640         argv[4] = NULL;
641
642         proc.no_stdin = 1;
643         proc.stdout_to_stderr = 1;
644         proc.err = use_sideband ? -1 : 0;
645         proc.argv = argv;
646
647         code = start_command(&proc);
648         if (code)
649                 return code;
650         if (use_sideband)
651                 copy_to_sideband(proc.err, -1, NULL);
652         return finish_command(&proc);
653 }
654
655 static int is_ref_checked_out(const char *ref)
656 {
657         if (is_bare_repository())
658                 return 0;
659
660         if (!head_name)
661                 return 0;
662         return !strcmp(head_name, ref);
663 }
664
665 static char *refuse_unconfigured_deny_msg[] = {
666         "By default, updating the current branch in a non-bare repository",
667         "is denied, because it will make the index and work tree inconsistent",
668         "with what you pushed, and will require 'git reset --hard' to match",
669         "the work tree to HEAD.",
670         "",
671         "You can set 'receive.denyCurrentBranch' configuration variable to",
672         "'ignore' or 'warn' in the remote repository to allow pushing into",
673         "its current branch; however, this is not recommended unless you",
674         "arranged to update its work tree to match what you pushed in some",
675         "other way.",
676         "",
677         "To squelch this message and still keep the default behaviour, set",
678         "'receive.denyCurrentBranch' configuration variable to 'refuse'."
679 };
680
681 static void refuse_unconfigured_deny(void)
682 {
683         int i;
684         for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
685                 rp_error("%s", refuse_unconfigured_deny_msg[i]);
686 }
687
688 static char *refuse_unconfigured_deny_delete_current_msg[] = {
689         "By default, deleting the current branch is denied, because the next",
690         "'git clone' won't result in any file checked out, causing confusion.",
691         "",
692         "You can set 'receive.denyDeleteCurrent' configuration variable to",
693         "'warn' or 'ignore' in the remote repository to allow deleting the",
694         "current branch, with or without a warning message.",
695         "",
696         "To squelch this message, you can set it to 'refuse'."
697 };
698
699 static void refuse_unconfigured_deny_delete_current(void)
700 {
701         int i;
702         for (i = 0;
703              i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
704              i++)
705                 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
706 }
707
708 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
709 static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
710 {
711         static struct lock_file shallow_lock;
712         struct sha1_array extra = SHA1_ARRAY_INIT;
713         const char *alt_file;
714         uint32_t mask = 1 << (cmd->index % 32);
715         int i;
716
717         trace_printf_key(&trace_shallow,
718                          "shallow: update_shallow_ref %s\n", cmd->ref_name);
719         for (i = 0; i < si->shallow->nr; i++)
720                 if (si->used_shallow[i] &&
721                     (si->used_shallow[i][cmd->index / 32] & mask) &&
722                     !delayed_reachability_test(si, i))
723                         sha1_array_append(&extra, si->shallow->sha1[i]);
724
725         setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
726         if (check_shallow_connected(command_singleton_iterator,
727                                     0, cmd, alt_file)) {
728                 rollback_lock_file(&shallow_lock);
729                 sha1_array_clear(&extra);
730                 return -1;
731         }
732
733         commit_lock_file(&shallow_lock);
734
735         /*
736          * Make sure setup_alternate_shallow() for the next ref does
737          * not lose these new roots..
738          */
739         for (i = 0; i < extra.nr; i++)
740                 register_shallow(extra.sha1[i]);
741
742         si->shallow_ref[cmd->index] = 0;
743         sha1_array_clear(&extra);
744         return 0;
745 }
746
747 /*
748  * NEEDSWORK: we should consolidate various implementions of "are we
749  * on an unborn branch?" test into one, and make the unified one more
750  * robust. !get_sha1() based check used here and elsewhere would not
751  * allow us to tell an unborn branch from corrupt ref, for example.
752  * For the purpose of fixing "deploy-to-update does not work when
753  * pushing into an empty repository" issue, this should suffice for
754  * now.
755  */
756 static int head_has_history(void)
757 {
758         unsigned char sha1[20];
759
760         return !get_sha1("HEAD", sha1);
761 }
762
763 static const char *push_to_deploy(unsigned char *sha1,
764                                   struct argv_array *env,
765                                   const char *work_tree)
766 {
767         const char *update_refresh[] = {
768                 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
769         };
770         const char *diff_files[] = {
771                 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
772         };
773         const char *diff_index[] = {
774                 "diff-index", "--quiet", "--cached", "--ignore-submodules",
775                 NULL, "--", NULL
776         };
777         const char *read_tree[] = {
778                 "read-tree", "-u", "-m", NULL, NULL
779         };
780         struct child_process child = CHILD_PROCESS_INIT;
781
782         child.argv = update_refresh;
783         child.env = env->argv;
784         child.dir = work_tree;
785         child.no_stdin = 1;
786         child.stdout_to_stderr = 1;
787         child.git_cmd = 1;
788         if (run_command(&child))
789                 return "Up-to-date check failed";
790
791         /* run_command() does not clean up completely; reinitialize */
792         child_process_init(&child);
793         child.argv = diff_files;
794         child.env = env->argv;
795         child.dir = work_tree;
796         child.no_stdin = 1;
797         child.stdout_to_stderr = 1;
798         child.git_cmd = 1;
799         if (run_command(&child))
800                 return "Working directory has unstaged changes";
801
802         /* diff-index with either HEAD or an empty tree */
803         diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
804
805         child_process_init(&child);
806         child.argv = diff_index;
807         child.env = env->argv;
808         child.no_stdin = 1;
809         child.no_stdout = 1;
810         child.stdout_to_stderr = 0;
811         child.git_cmd = 1;
812         if (run_command(&child))
813                 return "Working directory has staged changes";
814
815         read_tree[3] = sha1_to_hex(sha1);
816         child_process_init(&child);
817         child.argv = read_tree;
818         child.env = env->argv;
819         child.dir = work_tree;
820         child.no_stdin = 1;
821         child.no_stdout = 1;
822         child.stdout_to_stderr = 0;
823         child.git_cmd = 1;
824         if (run_command(&child))
825                 return "Could not update working tree to new HEAD";
826
827         return NULL;
828 }
829
830 static const char *push_to_checkout_hook = "push-to-checkout";
831
832 static const char *push_to_checkout(unsigned char *sha1,
833                                     struct argv_array *env,
834                                     const char *work_tree)
835 {
836         argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
837         if (run_hook_le(env->argv, push_to_checkout_hook,
838                         sha1_to_hex(sha1), NULL))
839                 return "push-to-checkout hook declined";
840         else
841                 return NULL;
842 }
843
844 static const char *update_worktree(unsigned char *sha1)
845 {
846         const char *retval;
847         const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
848         struct argv_array env = ARGV_ARRAY_INIT;
849
850         if (is_bare_repository())
851                 return "denyCurrentBranch = updateInstead needs a worktree";
852
853         argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
854
855         if (!find_hook(push_to_checkout_hook))
856                 retval = push_to_deploy(sha1, &env, work_tree);
857         else
858                 retval = push_to_checkout(sha1, &env, work_tree);
859
860         argv_array_clear(&env);
861         return retval;
862 }
863
864 static const char *update(struct command *cmd, struct shallow_info *si)
865 {
866         const char *name = cmd->ref_name;
867         struct strbuf namespaced_name_buf = STRBUF_INIT;
868         const char *namespaced_name, *ret;
869         unsigned char *old_sha1 = cmd->old_sha1;
870         unsigned char *new_sha1 = cmd->new_sha1;
871
872         /* only refs/... are allowed */
873         if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
874                 rp_error("refusing to create funny ref '%s' remotely", name);
875                 return "funny refname";
876         }
877
878         strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
879         namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
880
881         if (is_ref_checked_out(namespaced_name)) {
882                 switch (deny_current_branch) {
883                 case DENY_IGNORE:
884                         break;
885                 case DENY_WARN:
886                         rp_warning("updating the current branch");
887                         break;
888                 case DENY_REFUSE:
889                 case DENY_UNCONFIGURED:
890                         rp_error("refusing to update checked out branch: %s", name);
891                         if (deny_current_branch == DENY_UNCONFIGURED)
892                                 refuse_unconfigured_deny();
893                         return "branch is currently checked out";
894                 case DENY_UPDATE_INSTEAD:
895                         ret = update_worktree(new_sha1);
896                         if (ret)
897                                 return ret;
898                         break;
899                 }
900         }
901
902         if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
903                 error("unpack should have generated %s, "
904                       "but I can't find it!", sha1_to_hex(new_sha1));
905                 return "bad pack";
906         }
907
908         if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
909                 if (deny_deletes && starts_with(name, "refs/heads/")) {
910                         rp_error("denying ref deletion for %s", name);
911                         return "deletion prohibited";
912                 }
913
914                 if (!strcmp(namespaced_name, head_name)) {
915                         switch (deny_delete_current) {
916                         case DENY_IGNORE:
917                                 break;
918                         case DENY_WARN:
919                                 rp_warning("deleting the current branch");
920                                 break;
921                         case DENY_REFUSE:
922                         case DENY_UNCONFIGURED:
923                         case DENY_UPDATE_INSTEAD:
924                                 if (deny_delete_current == DENY_UNCONFIGURED)
925                                         refuse_unconfigured_deny_delete_current();
926                                 rp_error("refusing to delete the current branch: %s", name);
927                                 return "deletion of the current branch prohibited";
928                         default:
929                                 return "Invalid denyDeleteCurrent setting";
930                         }
931                 }
932         }
933
934         if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
935             !is_null_sha1(old_sha1) &&
936             starts_with(name, "refs/heads/")) {
937                 struct object *old_object, *new_object;
938                 struct commit *old_commit, *new_commit;
939
940                 old_object = parse_object(old_sha1);
941                 new_object = parse_object(new_sha1);
942
943                 if (!old_object || !new_object ||
944                     old_object->type != OBJ_COMMIT ||
945                     new_object->type != OBJ_COMMIT) {
946                         error("bad sha1 objects for %s", name);
947                         return "bad ref";
948                 }
949                 old_commit = (struct commit *)old_object;
950                 new_commit = (struct commit *)new_object;
951                 if (!in_merge_bases(old_commit, new_commit)) {
952                         rp_error("denying non-fast-forward %s"
953                                  " (you should pull first)", name);
954                         return "non-fast-forward";
955                 }
956         }
957         if (run_update_hook(cmd)) {
958                 rp_error("hook declined to update %s", name);
959                 return "hook declined";
960         }
961
962         if (is_null_sha1(new_sha1)) {
963                 struct strbuf err = STRBUF_INIT;
964                 if (!parse_object(old_sha1)) {
965                         old_sha1 = NULL;
966                         if (ref_exists(name)) {
967                                 rp_warning("Allowing deletion of corrupt ref.");
968                         } else {
969                                 rp_warning("Deleting a non-existent ref.");
970                                 cmd->did_not_exist = 1;
971                         }
972                 }
973                 if (ref_transaction_delete(transaction,
974                                            namespaced_name,
975                                            old_sha1,
976                                            0, "push", &err)) {
977                         rp_error("%s", err.buf);
978                         strbuf_release(&err);
979                         return "failed to delete";
980                 }
981                 strbuf_release(&err);
982                 return NULL; /* good */
983         }
984         else {
985                 struct strbuf err = STRBUF_INIT;
986                 if (shallow_update && si->shallow_ref[cmd->index] &&
987                     update_shallow_ref(cmd, si))
988                         return "shallow error";
989
990                 if (ref_transaction_update(transaction,
991                                            namespaced_name,
992                                            new_sha1, old_sha1,
993                                            0, "push",
994                                            &err)) {
995                         rp_error("%s", err.buf);
996                         strbuf_release(&err);
997
998                         return "failed to update ref";
999                 }
1000                 strbuf_release(&err);
1001
1002                 return NULL; /* good */
1003         }
1004 }
1005
1006 static void run_update_post_hook(struct command *commands)
1007 {
1008         struct command *cmd;
1009         int argc;
1010         const char **argv;
1011         struct child_process proc = CHILD_PROCESS_INIT;
1012         const char *hook;
1013
1014         hook = find_hook("post-update");
1015         for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
1016                 if (cmd->error_string || cmd->did_not_exist)
1017                         continue;
1018                 argc++;
1019         }
1020         if (!argc || !hook)
1021                 return;
1022
1023         argv = xmalloc(sizeof(*argv) * (2 + argc));
1024         argv[0] = hook;
1025
1026         for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
1027                 if (cmd->error_string || cmd->did_not_exist)
1028                         continue;
1029                 argv[argc] = xstrdup(cmd->ref_name);
1030                 argc++;
1031         }
1032         argv[argc] = NULL;
1033
1034         proc.no_stdin = 1;
1035         proc.stdout_to_stderr = 1;
1036         proc.err = use_sideband ? -1 : 0;
1037         proc.argv = argv;
1038
1039         if (!start_command(&proc)) {
1040                 if (use_sideband)
1041                         copy_to_sideband(proc.err, -1, NULL);
1042                 finish_command(&proc);
1043         }
1044 }
1045
1046 static void check_aliased_update(struct command *cmd, struct string_list *list)
1047 {
1048         struct strbuf buf = STRBUF_INIT;
1049         const char *dst_name;
1050         struct string_list_item *item;
1051         struct command *dst_cmd;
1052         unsigned char sha1[20];
1053         char cmd_oldh[41], cmd_newh[41], dst_oldh[41], dst_newh[41];
1054         int flag;
1055
1056         strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1057         dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
1058         strbuf_release(&buf);
1059
1060         if (!(flag & REF_ISSYMREF))
1061                 return;
1062
1063         dst_name = strip_namespace(dst_name);
1064         if (!dst_name) {
1065                 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1066                 cmd->skip_update = 1;
1067                 cmd->error_string = "broken symref";
1068                 return;
1069         }
1070
1071         if ((item = string_list_lookup(list, dst_name)) == NULL)
1072                 return;
1073
1074         cmd->skip_update = 1;
1075
1076         dst_cmd = (struct command *) item->util;
1077
1078         if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1079             !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1080                 return;
1081
1082         dst_cmd->skip_update = 1;
1083
1084         strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
1085         strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
1086         strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
1087         strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
1088         rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1089                  " its target '%s' (%s..%s)",
1090                  cmd->ref_name, cmd_oldh, cmd_newh,
1091                  dst_cmd->ref_name, dst_oldh, dst_newh);
1092
1093         cmd->error_string = dst_cmd->error_string =
1094                 "inconsistent aliased update";
1095 }
1096
1097 static void check_aliased_updates(struct command *commands)
1098 {
1099         struct command *cmd;
1100         struct string_list ref_list = STRING_LIST_INIT_NODUP;
1101
1102         for (cmd = commands; cmd; cmd = cmd->next) {
1103                 struct string_list_item *item =
1104                         string_list_append(&ref_list, cmd->ref_name);
1105                 item->util = (void *)cmd;
1106         }
1107         string_list_sort(&ref_list);
1108
1109         for (cmd = commands; cmd; cmd = cmd->next) {
1110                 if (!cmd->error_string)
1111                         check_aliased_update(cmd, &ref_list);
1112         }
1113
1114         string_list_clear(&ref_list, 0);
1115 }
1116
1117 static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1118 {
1119         struct command **cmd_list = cb_data;
1120         struct command *cmd = *cmd_list;
1121
1122         if (!cmd || is_null_sha1(cmd->new_sha1))
1123                 return -1; /* end of list */
1124         *cmd_list = NULL; /* this returns only one */
1125         hashcpy(sha1, cmd->new_sha1);
1126         return 0;
1127 }
1128
1129 static void set_connectivity_errors(struct command *commands,
1130                                     struct shallow_info *si)
1131 {
1132         struct command *cmd;
1133
1134         for (cmd = commands; cmd; cmd = cmd->next) {
1135                 struct command *singleton = cmd;
1136                 if (shallow_update && si->shallow_ref[cmd->index])
1137                         /* to be checked in update_shallow_ref() */
1138                         continue;
1139                 if (!check_everything_connected(command_singleton_iterator,
1140                                                 0, &singleton))
1141                         continue;
1142                 cmd->error_string = "missing necessary objects";
1143         }
1144 }
1145
1146 struct iterate_data {
1147         struct command *cmds;
1148         struct shallow_info *si;
1149 };
1150
1151 static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1152 {
1153         struct iterate_data *data = cb_data;
1154         struct command **cmd_list = &data->cmds;
1155         struct command *cmd = *cmd_list;
1156
1157         for (; cmd; cmd = cmd->next) {
1158                 if (shallow_update && data->si->shallow_ref[cmd->index])
1159                         /* to be checked in update_shallow_ref() */
1160                         continue;
1161                 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
1162                         hashcpy(sha1, cmd->new_sha1);
1163                         *cmd_list = cmd->next;
1164                         return 0;
1165                 }
1166         }
1167         *cmd_list = NULL;
1168         return -1; /* end of list */
1169 }
1170
1171 static void reject_updates_to_hidden(struct command *commands)
1172 {
1173         struct command *cmd;
1174
1175         for (cmd = commands; cmd; cmd = cmd->next) {
1176                 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1177                         continue;
1178                 if (is_null_sha1(cmd->new_sha1))
1179                         cmd->error_string = "deny deleting a hidden ref";
1180                 else
1181                         cmd->error_string = "deny updating a hidden ref";
1182         }
1183 }
1184
1185 static int should_process_cmd(struct command *cmd)
1186 {
1187         return !cmd->error_string && !cmd->skip_update;
1188 }
1189
1190 static void warn_if_skipped_connectivity_check(struct command *commands,
1191                                                struct shallow_info *si)
1192 {
1193         struct command *cmd;
1194         int checked_connectivity = 1;
1195
1196         for (cmd = commands; cmd; cmd = cmd->next) {
1197                 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1198                         error("BUG: connectivity check has not been run on ref %s",
1199                               cmd->ref_name);
1200                         checked_connectivity = 0;
1201                 }
1202         }
1203         if (!checked_connectivity)
1204                 die("BUG: connectivity check skipped???");
1205 }
1206
1207 static void execute_commands_non_atomic(struct command *commands,
1208                                         struct shallow_info *si)
1209 {
1210         struct command *cmd;
1211         struct strbuf err = STRBUF_INIT;
1212
1213         for (cmd = commands; cmd; cmd = cmd->next) {
1214                 if (!should_process_cmd(cmd))
1215                         continue;
1216
1217                 transaction = ref_transaction_begin(&err);
1218                 if (!transaction) {
1219                         rp_error("%s", err.buf);
1220                         strbuf_reset(&err);
1221                         cmd->error_string = "transaction failed to start";
1222                         continue;
1223                 }
1224
1225                 cmd->error_string = update(cmd, si);
1226
1227                 if (!cmd->error_string
1228                     && ref_transaction_commit(transaction, &err)) {
1229                         rp_error("%s", err.buf);
1230                         strbuf_reset(&err);
1231                         cmd->error_string = "failed to update ref";
1232                 }
1233                 ref_transaction_free(transaction);
1234         }
1235         strbuf_release(&err);
1236 }
1237
1238 static void execute_commands_atomic(struct command *commands,
1239                                         struct shallow_info *si)
1240 {
1241         struct command *cmd;
1242         struct strbuf err = STRBUF_INIT;
1243         const char *reported_error = "atomic push failure";
1244
1245         transaction = ref_transaction_begin(&err);
1246         if (!transaction) {
1247                 rp_error("%s", err.buf);
1248                 strbuf_reset(&err);
1249                 reported_error = "transaction failed to start";
1250                 goto failure;
1251         }
1252
1253         for (cmd = commands; cmd; cmd = cmd->next) {
1254                 if (!should_process_cmd(cmd))
1255                         continue;
1256
1257                 cmd->error_string = update(cmd, si);
1258
1259                 if (cmd->error_string)
1260                         goto failure;
1261         }
1262
1263         if (ref_transaction_commit(transaction, &err)) {
1264                 rp_error("%s", err.buf);
1265                 reported_error = "atomic transaction failed";
1266                 goto failure;
1267         }
1268         goto cleanup;
1269
1270 failure:
1271         for (cmd = commands; cmd; cmd = cmd->next)
1272                 if (!cmd->error_string)
1273                         cmd->error_string = reported_error;
1274
1275 cleanup:
1276         ref_transaction_free(transaction);
1277         strbuf_release(&err);
1278 }
1279
1280 static void execute_commands(struct command *commands,
1281                              const char *unpacker_error,
1282                              struct shallow_info *si)
1283 {
1284         struct command *cmd;
1285         unsigned char sha1[20];
1286         struct iterate_data data;
1287
1288         if (unpacker_error) {
1289                 for (cmd = commands; cmd; cmd = cmd->next)
1290                         cmd->error_string = "unpacker error";
1291                 return;
1292         }
1293
1294         data.cmds = commands;
1295         data.si = si;
1296         if (check_everything_connected(iterate_receive_command_list, 0, &data))
1297                 set_connectivity_errors(commands, si);
1298
1299         reject_updates_to_hidden(commands);
1300
1301         if (run_receive_hook(commands, "pre-receive", 0)) {
1302                 for (cmd = commands; cmd; cmd = cmd->next) {
1303                         if (!cmd->error_string)
1304                                 cmd->error_string = "pre-receive hook declined";
1305                 }
1306                 return;
1307         }
1308
1309         check_aliased_updates(commands);
1310
1311         free(head_name_to_free);
1312         head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
1313
1314         if (use_atomic)
1315                 execute_commands_atomic(commands, si);
1316         else
1317                 execute_commands_non_atomic(commands, si);
1318
1319         if (shallow_update)
1320                 warn_if_skipped_connectivity_check(commands, si);
1321 }
1322
1323 static struct command **queue_command(struct command **tail,
1324                                       const char *line,
1325                                       int linelen)
1326 {
1327         unsigned char old_sha1[20], new_sha1[20];
1328         struct command *cmd;
1329         const char *refname;
1330         int reflen;
1331
1332         if (linelen < 83 ||
1333             line[40] != ' ' ||
1334             line[81] != ' ' ||
1335             get_sha1_hex(line, old_sha1) ||
1336             get_sha1_hex(line + 41, new_sha1))
1337                 die("protocol error: expected old/new/ref, got '%s'", line);
1338
1339         refname = line + 82;
1340         reflen = linelen - 82;
1341         cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1342         hashcpy(cmd->old_sha1, old_sha1);
1343         hashcpy(cmd->new_sha1, new_sha1);
1344         memcpy(cmd->ref_name, refname, reflen);
1345         cmd->ref_name[reflen] = '\0';
1346         *tail = cmd;
1347         return &cmd->next;
1348 }
1349
1350 static void queue_commands_from_cert(struct command **tail,
1351                                      struct strbuf *push_cert)
1352 {
1353         const char *boc, *eoc;
1354
1355         if (*tail)
1356                 die("protocol error: got both push certificate and unsigned commands");
1357
1358         boc = strstr(push_cert->buf, "\n\n");
1359         if (!boc)
1360                 die("malformed push certificate %.*s", 100, push_cert->buf);
1361         else
1362                 boc += 2;
1363         eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1364
1365         while (boc < eoc) {
1366                 const char *eol = memchr(boc, '\n', eoc - boc);
1367                 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1368                 boc = eol ? eol + 1 : eoc;
1369         }
1370 }
1371
1372 static struct command *read_head_info(struct sha1_array *shallow)
1373 {
1374         struct command *commands = NULL;
1375         struct command **p = &commands;
1376         for (;;) {
1377                 char *line;
1378                 int len, linelen;
1379
1380                 line = packet_read_line(0, &len);
1381                 if (!line)
1382                         break;
1383
1384                 if (len == 48 && starts_with(line, "shallow ")) {
1385                         unsigned char sha1[20];
1386                         if (get_sha1_hex(line + 8, sha1))
1387                                 die("protocol error: expected shallow sha, got '%s'",
1388                                     line + 8);
1389                         sha1_array_append(shallow, sha1);
1390                         continue;
1391                 }
1392
1393                 linelen = strlen(line);
1394                 if (linelen < len) {
1395                         const char *feature_list = line + linelen + 1;
1396                         if (parse_feature_request(feature_list, "report-status"))
1397                                 report_status = 1;
1398                         if (parse_feature_request(feature_list, "side-band-64k"))
1399                                 use_sideband = LARGE_PACKET_MAX;
1400                         if (parse_feature_request(feature_list, "quiet"))
1401                                 quiet = 1;
1402                         if (advertise_atomic_push
1403                             && parse_feature_request(feature_list, "atomic"))
1404                                 use_atomic = 1;
1405                 }
1406
1407                 if (!strcmp(line, "push-cert")) {
1408                         int true_flush = 0;
1409                         char certbuf[1024];
1410
1411                         for (;;) {
1412                                 len = packet_read(0, NULL, NULL,
1413                                                   certbuf, sizeof(certbuf), 0);
1414                                 if (!len) {
1415                                         true_flush = 1;
1416                                         break;
1417                                 }
1418                                 if (!strcmp(certbuf, "push-cert-end\n"))
1419                                         break; /* end of cert */
1420                                 strbuf_addstr(&push_cert, certbuf);
1421                         }
1422
1423                         if (true_flush)
1424                                 break;
1425                         continue;
1426                 }
1427
1428                 p = queue_command(p, line, linelen);
1429         }
1430
1431         if (push_cert.len)
1432                 queue_commands_from_cert(p, &push_cert);
1433
1434         return commands;
1435 }
1436
1437 static const char *parse_pack_header(struct pack_header *hdr)
1438 {
1439         switch (read_pack_header(0, hdr)) {
1440         case PH_ERROR_EOF:
1441                 return "eof before pack header was fully read";
1442
1443         case PH_ERROR_PACK_SIGNATURE:
1444                 return "protocol error (pack signature mismatch detected)";
1445
1446         case PH_ERROR_PROTOCOL:
1447                 return "protocol error (pack version unsupported)";
1448
1449         default:
1450                 return "unknown error in parse_pack_header";
1451
1452         case 0:
1453                 return NULL;
1454         }
1455 }
1456
1457 static const char *pack_lockfile;
1458
1459 static const char *unpack(int err_fd, struct shallow_info *si)
1460 {
1461         struct pack_header hdr;
1462         const char *hdr_err;
1463         int status;
1464         char hdr_arg[38];
1465         struct child_process child = CHILD_PROCESS_INIT;
1466         int fsck_objects = (receive_fsck_objects >= 0
1467                             ? receive_fsck_objects
1468                             : transfer_fsck_objects >= 0
1469                             ? transfer_fsck_objects
1470                             : 0);
1471
1472         hdr_err = parse_pack_header(&hdr);
1473         if (hdr_err) {
1474                 if (err_fd > 0)
1475                         close(err_fd);
1476                 return hdr_err;
1477         }
1478         snprintf(hdr_arg, sizeof(hdr_arg),
1479                         "--pack_header=%"PRIu32",%"PRIu32,
1480                         ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1481
1482         if (si->nr_ours || si->nr_theirs) {
1483                 alt_shallow_file = setup_temporary_shallow(si->shallow);
1484                 argv_array_push(&child.args, "--shallow-file");
1485                 argv_array_push(&child.args, alt_shallow_file);
1486         }
1487
1488         if (ntohl(hdr.hdr_entries) < unpack_limit) {
1489                 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
1490                 if (quiet)
1491                         argv_array_push(&child.args, "-q");
1492                 if (fsck_objects)
1493                         argv_array_push(&child.args, "--strict");
1494                 child.no_stdout = 1;
1495                 child.err = err_fd;
1496                 child.git_cmd = 1;
1497                 status = run_command(&child);
1498                 if (status)
1499                         return "unpack-objects abnormal exit";
1500         } else {
1501                 int s;
1502                 char keep_arg[256];
1503
1504                 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
1505                 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1506                         strcpy(keep_arg + s, "localhost");
1507
1508                 argv_array_pushl(&child.args, "index-pack",
1509                                  "--stdin", hdr_arg, keep_arg, NULL);
1510                 if (fsck_objects)
1511                         argv_array_push(&child.args, "--strict");
1512                 if (fix_thin)
1513                         argv_array_push(&child.args, "--fix-thin");
1514                 child.out = -1;
1515                 child.err = err_fd;
1516                 child.git_cmd = 1;
1517                 status = start_command(&child);
1518                 if (status)
1519                         return "index-pack fork failed";
1520                 pack_lockfile = index_pack_lockfile(child.out);
1521                 close(child.out);
1522                 status = finish_command(&child);
1523                 if (status)
1524                         return "index-pack abnormal exit";
1525                 reprepare_packed_git();
1526         }
1527         return NULL;
1528 }
1529
1530 static const char *unpack_with_sideband(struct shallow_info *si)
1531 {
1532         struct async muxer;
1533         const char *ret;
1534
1535         if (!use_sideband)
1536                 return unpack(0, si);
1537
1538         memset(&muxer, 0, sizeof(muxer));
1539         muxer.proc = copy_to_sideband;
1540         muxer.in = -1;
1541         if (start_async(&muxer))
1542                 return NULL;
1543
1544         ret = unpack(muxer.in, si);
1545
1546         finish_async(&muxer);
1547         return ret;
1548 }
1549
1550 static void prepare_shallow_update(struct command *commands,
1551                                    struct shallow_info *si)
1552 {
1553         int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1554
1555         si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1556                                    si->shallow->nr);
1557         assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1558
1559         si->need_reachability_test =
1560                 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1561         si->reachable =
1562                 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1563         si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1564
1565         for (i = 0; i < si->nr_ours; i++)
1566                 si->need_reachability_test[si->ours[i]] = 1;
1567
1568         for (i = 0; i < si->shallow->nr; i++) {
1569                 if (!si->used_shallow[i])
1570                         continue;
1571                 for (j = 0; j < bitmap_size; j++) {
1572                         if (!si->used_shallow[i][j])
1573                                 continue;
1574                         si->need_reachability_test[i]++;
1575                         for (k = 0; k < 32; k++)
1576                                 if (si->used_shallow[i][j] & (1 << k))
1577                                         si->shallow_ref[j * 32 + k]++;
1578                 }
1579
1580                 /*
1581                  * true for those associated with some refs and belong
1582                  * in "ours" list aka "step 7 not done yet"
1583                  */
1584                 si->need_reachability_test[i] =
1585                         si->need_reachability_test[i] > 1;
1586         }
1587
1588         /*
1589          * keep hooks happy by forcing a temporary shallow file via
1590          * env variable because we can't add --shallow-file to every
1591          * command. check_everything_connected() will be done with
1592          * true .git/shallow though.
1593          */
1594         setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1595 }
1596
1597 static void update_shallow_info(struct command *commands,
1598                                 struct shallow_info *si,
1599                                 struct sha1_array *ref)
1600 {
1601         struct command *cmd;
1602         int *ref_status;
1603         remove_nonexistent_theirs_shallow(si);
1604         if (!si->nr_ours && !si->nr_theirs) {
1605                 shallow_update = 0;
1606                 return;
1607         }
1608
1609         for (cmd = commands; cmd; cmd = cmd->next) {
1610                 if (is_null_sha1(cmd->new_sha1))
1611                         continue;
1612                 sha1_array_append(ref, cmd->new_sha1);
1613                 cmd->index = ref->nr - 1;
1614         }
1615         si->ref = ref;
1616
1617         if (shallow_update) {
1618                 prepare_shallow_update(commands, si);
1619                 return;
1620         }
1621
1622         ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1623         assign_shallow_commits_to_refs(si, NULL, ref_status);
1624         for (cmd = commands; cmd; cmd = cmd->next) {
1625                 if (is_null_sha1(cmd->new_sha1))
1626                         continue;
1627                 if (ref_status[cmd->index]) {
1628                         cmd->error_string = "shallow update not allowed";
1629                         cmd->skip_update = 1;
1630                 }
1631         }
1632         free(ref_status);
1633 }
1634
1635 static void report(struct command *commands, const char *unpack_status)
1636 {
1637         struct command *cmd;
1638         struct strbuf buf = STRBUF_INIT;
1639
1640         packet_buf_write(&buf, "unpack %s\n",
1641                          unpack_status ? unpack_status : "ok");
1642         for (cmd = commands; cmd; cmd = cmd->next) {
1643                 if (!cmd->error_string)
1644                         packet_buf_write(&buf, "ok %s\n",
1645                                          cmd->ref_name);
1646                 else
1647                         packet_buf_write(&buf, "ng %s %s\n",
1648                                          cmd->ref_name, cmd->error_string);
1649         }
1650         packet_buf_flush(&buf);
1651
1652         if (use_sideband)
1653                 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1654         else
1655                 write_or_die(1, buf.buf, buf.len);
1656         strbuf_release(&buf);
1657 }
1658
1659 static int delete_only(struct command *commands)
1660 {
1661         struct command *cmd;
1662         for (cmd = commands; cmd; cmd = cmd->next) {
1663                 if (!is_null_sha1(cmd->new_sha1))
1664                         return 0;
1665         }
1666         return 1;
1667 }
1668
1669 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1670 {
1671         int advertise_refs = 0;
1672         int i;
1673         struct command *commands;
1674         struct sha1_array shallow = SHA1_ARRAY_INIT;
1675         struct sha1_array ref = SHA1_ARRAY_INIT;
1676         struct shallow_info si;
1677
1678         packet_trace_identity("receive-pack");
1679
1680         argv++;
1681         for (i = 1; i < argc; i++) {
1682                 const char *arg = *argv++;
1683
1684                 if (*arg == '-') {
1685                         if (!strcmp(arg, "--quiet")) {
1686                                 quiet = 1;
1687                                 continue;
1688                         }
1689
1690                         if (!strcmp(arg, "--advertise-refs")) {
1691                                 advertise_refs = 1;
1692                                 continue;
1693                         }
1694                         if (!strcmp(arg, "--stateless-rpc")) {
1695                                 stateless_rpc = 1;
1696                                 continue;
1697                         }
1698                         if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1699                                 fix_thin = 0;
1700                                 continue;
1701                         }
1702
1703                         usage(receive_pack_usage);
1704                 }
1705                 if (service_dir)
1706                         usage(receive_pack_usage);
1707                 service_dir = arg;
1708         }
1709         if (!service_dir)
1710                 usage(receive_pack_usage);
1711
1712         setup_path();
1713
1714         if (!enter_repo(service_dir, 0))
1715                 die("'%s' does not appear to be a git repository", service_dir);
1716
1717         git_config(receive_pack_config, NULL);
1718         if (cert_nonce_seed)
1719                 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1720
1721         if (0 <= transfer_unpack_limit)
1722                 unpack_limit = transfer_unpack_limit;
1723         else if (0 <= receive_unpack_limit)
1724                 unpack_limit = receive_unpack_limit;
1725
1726         if (advertise_refs || !stateless_rpc) {
1727                 write_head_info();
1728         }
1729         if (advertise_refs)
1730                 return 0;
1731
1732         if ((commands = read_head_info(&shallow)) != NULL) {
1733                 const char *unpack_status = NULL;
1734
1735                 prepare_shallow_info(&si, &shallow);
1736                 if (!si.nr_ours && !si.nr_theirs)
1737                         shallow_update = 0;
1738                 if (!delete_only(commands)) {
1739                         unpack_status = unpack_with_sideband(&si);
1740                         update_shallow_info(commands, &si, &ref);
1741                 }
1742                 execute_commands(commands, unpack_status, &si);
1743                 if (pack_lockfile)
1744                         unlink_or_warn(pack_lockfile);
1745                 if (report_status)
1746                         report(commands, unpack_status);
1747                 run_receive_hook(commands, "post-receive", 1);
1748                 run_update_post_hook(commands);
1749                 if (auto_gc) {
1750                         const char *argv_gc_auto[] = {
1751                                 "gc", "--auto", "--quiet", NULL,
1752                         };
1753                         int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1754                         run_command_v_opt(argv_gc_auto, opt);
1755                 }
1756                 if (auto_update_server_info)
1757                         update_server_info(0);
1758                 clear_shallow_info(&si);
1759         }
1760         if (use_sideband)
1761                 packet_flush(1);
1762         sha1_array_clear(&shallow);
1763         sha1_array_clear(&ref);
1764         free((void *)push_cert_nonce);
1765         return 0;
1766 }