freshlybakedca.ke / git
Git fork
fork atom
git / builtin / receive-pack.c
at reftables-rust 2717 lines 71 kB view raw
Patrick Steinhardt packfile: split up responsibilities of `reprepare_packed_git()`
78237ea5
1#define USE_THE_REPOSITORY_VARIABLE 2#define DISABLE_SIGN_COMPARE_WARNINGS 3 4#include "builtin.h" 5#include "abspath.h" 6 7#include "config.h" 8#include "environment.h" 9#include "gettext.h" 10#include "hex.h" 11#include "lockfile.h" 12#include "pack.h" 13#include "refs.h" 14#include "pkt-line.h" 15#include "sideband.h" 16#include "run-command.h" 17#include "hook.h" 18#include "exec-cmd.h" 19#include "commit.h" 20#include "object.h" 21#include "remote.h" 22#include "connect.h" 23#include "string-list.h" 24#include "oid-array.h" 25#include "connected.h" 26#include "strvec.h" 27#include "version.h" 28#include "gpg-interface.h" 29#include "sigchain.h" 30#include "fsck.h" 31#include "tmp-objdir.h" 32#include "oidset.h" 33#include "packfile.h" 34#include "object-file.h" 35#include "object-name.h" 36#include "odb.h" 37#include "path.h" 38#include "protocol.h" 39#include "commit-reach.h" 40#include "server-info.h" 41#include "trace.h" 42#include "trace2.h" 43#include "worktree.h" 44#include "shallow.h" 45#include "parse-options.h" 46 47static const char * const receive_pack_usage[] = { 48 N_("git receive-pack <git-dir>"), 49 NULL 50}; 51 52enum deny_action { 53 DENY_UNCONFIGURED, 54 DENY_IGNORE, 55 DENY_WARN, 56 DENY_REFUSE, 57 DENY_UPDATE_INSTEAD 58}; 59 60static int deny_deletes; 61static int deny_non_fast_forwards; 62static enum deny_action deny_current_branch = DENY_UNCONFIGURED; 63static enum deny_action deny_delete_current = DENY_UNCONFIGURED; 64static int receive_fsck_objects = -1; 65static int transfer_fsck_objects = -1; 66static struct strbuf fsck_msg_types = STRBUF_INIT; 67static int receive_unpack_limit = -1; 68static int transfer_unpack_limit = -1; 69static int advertise_atomic_push = 1; 70static int advertise_push_options; 71static int advertise_sid; 72static int unpack_limit = 100; 73static off_t max_input_size; 74static int report_status; 75static int report_status_v2; 76static int use_sideband; 77static int use_atomic; 78static int use_push_options; 79static int quiet; 80static int prefer_ofs_delta = 1; 81static int auto_update_server_info; 82static int auto_gc = 1; 83static int reject_thin; 84static int skip_connectivity_check; 85static int stateless_rpc; 86static const char *service_dir; 87static const char *head_name; 88static void *head_name_to_free; 89static int sent_capabilities; 90static int shallow_update; 91static const char *alt_shallow_file; 92static struct strbuf push_cert = STRBUF_INIT; 93static struct object_id push_cert_oid; 94static struct signature_check sigcheck; 95static const char *push_cert_nonce; 96static char *cert_nonce_seed; 97static struct strvec hidden_refs = STRVEC_INIT; 98 99static const char *NONCE_UNSOLICITED = "UNSOLICITED"; 100static const char *NONCE_BAD = "BAD"; 101static const char *NONCE_MISSING = "MISSING"; 102static const char *NONCE_OK = "OK"; 103static const char *NONCE_SLOP = "SLOP"; 104static const char *nonce_status; 105static long nonce_stamp_slop; 106static timestamp_t nonce_stamp_slop_limit; 107static struct ref_transaction *transaction; 108 109static enum { 110 KEEPALIVE_NEVER = 0, 111 KEEPALIVE_AFTER_NUL, 112 KEEPALIVE_ALWAYS 113} use_keepalive; 114static int keepalive_in_sec = 5; 115 116static struct tmp_objdir *tmp_objdir; 117 118static struct proc_receive_ref { 119 unsigned int want_add:1, 120 want_delete:1, 121 want_modify:1, 122 negative_ref:1; 123 char *ref_prefix; 124 struct proc_receive_ref *next; 125} *proc_receive_ref; 126 127static void proc_receive_ref_append(const char *prefix); 128 129static enum deny_action parse_deny_action(const char *var, const char *value) 130{ 131 if (value) { 132 if (!strcasecmp(value, "ignore")) 133 return DENY_IGNORE; 134 if (!strcasecmp(value, "warn")) 135 return DENY_WARN; 136 if (!strcasecmp(value, "refuse")) 137 return DENY_REFUSE; 138 if (!strcasecmp(value, "updateinstead")) 139 return DENY_UPDATE_INSTEAD; 140 } 141 if (git_config_bool(var, value)) 142 return DENY_REFUSE; 143 return DENY_IGNORE; 144} 145 146static int receive_pack_config(const char *var, const char *value, 147 const struct config_context *ctx, void *cb) 148{ 149 const char *msg_id; 150 int status = parse_hide_refs_config(var, value, "receive", &hidden_refs); 151 152 if (status) 153 return status; 154 155 if (strcmp(var, "receive.denydeletes") == 0) { 156 deny_deletes = git_config_bool(var, value); 157 return 0; 158 } 159 160 if (strcmp(var, "receive.denynonfastforwards") == 0) { 161 deny_non_fast_forwards = git_config_bool(var, value); 162 return 0; 163 } 164 165 if (strcmp(var, "receive.unpacklimit") == 0) { 166 receive_unpack_limit = git_config_int(var, value, ctx->kvi); 167 return 0; 168 } 169 170 if (strcmp(var, "transfer.unpacklimit") == 0) { 171 transfer_unpack_limit = git_config_int(var, value, ctx->kvi); 172 return 0; 173 } 174 175 if (strcmp(var, "receive.fsck.skiplist") == 0) { 176 char *path; 177 178 if (git_config_pathname(&path, var, value)) 179 return -1; 180 strbuf_addf(&fsck_msg_types, "%cskiplist=%s", 181 fsck_msg_types.len ? ',' : '=', path); 182 free(path); 183 return 0; 184 } 185 186 if (skip_prefix(var, "receive.fsck.", &msg_id)) { 187 if (!value) 188 return config_error_nonbool(var); 189 if (is_valid_msg_type(msg_id, value)) 190 strbuf_addf(&fsck_msg_types, "%c%s=%s", 191 fsck_msg_types.len ? ',' : '=', msg_id, value); 192 else 193 warning("skipping unknown msg id '%s'", msg_id); 194 return 0; 195 } 196 197 if (strcmp(var, "receive.fsckobjects") == 0) { 198 receive_fsck_objects = git_config_bool(var, value); 199 return 0; 200 } 201 202 if (strcmp(var, "transfer.fsckobjects") == 0) { 203 transfer_fsck_objects = git_config_bool(var, value); 204 return 0; 205 } 206 207 if (!strcmp(var, "receive.denycurrentbranch")) { 208 deny_current_branch = parse_deny_action(var, value); 209 return 0; 210 } 211 212 if (strcmp(var, "receive.denydeletecurrent") == 0) { 213 deny_delete_current = parse_deny_action(var, value); 214 return 0; 215 } 216 217 if (strcmp(var, "repack.usedeltabaseoffset") == 0) { 218 prefer_ofs_delta = git_config_bool(var, value); 219 return 0; 220 } 221 222 if (strcmp(var, "receive.updateserverinfo") == 0) { 223 auto_update_server_info = git_config_bool(var, value); 224 return 0; 225 } 226 227 if (strcmp(var, "receive.autogc") == 0) { 228 auto_gc = git_config_bool(var, value); 229 return 0; 230 } 231 232 if (strcmp(var, "receive.shallowupdate") == 0) { 233 shallow_update = git_config_bool(var, value); 234 return 0; 235 } 236 237 if (strcmp(var, "receive.certnonceseed") == 0) 238 return git_config_string(&cert_nonce_seed, var, value); 239 240 if (strcmp(var, "receive.certnonceslop") == 0) { 241 nonce_stamp_slop_limit = git_config_ulong(var, value, ctx->kvi); 242 return 0; 243 } 244 245 if (strcmp(var, "receive.advertiseatomic") == 0) { 246 advertise_atomic_push = git_config_bool(var, value); 247 return 0; 248 } 249 250 if (strcmp(var, "receive.advertisepushoptions") == 0) { 251 advertise_push_options = git_config_bool(var, value); 252 return 0; 253 } 254 255 if (strcmp(var, "receive.keepalive") == 0) { 256 keepalive_in_sec = git_config_int(var, value, ctx->kvi); 257 return 0; 258 } 259 260 if (strcmp(var, "receive.maxinputsize") == 0) { 261 max_input_size = git_config_int64(var, value, ctx->kvi); 262 return 0; 263 } 264 265 if (strcmp(var, "receive.procreceiverefs") == 0) { 266 if (!value) 267 return config_error_nonbool(var); 268 proc_receive_ref_append(value); 269 return 0; 270 } 271 272 if (strcmp(var, "transfer.advertisesid") == 0) { 273 advertise_sid = git_config_bool(var, value); 274 return 0; 275 } 276 277 return git_default_config(var, value, ctx, cb); 278} 279 280static void show_ref(const char *path, const struct object_id *oid) 281{ 282 if (sent_capabilities) { 283 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path); 284 } else { 285 struct strbuf cap = STRBUF_INIT; 286 287 strbuf_addstr(&cap, 288 "report-status report-status-v2 delete-refs side-band-64k quiet"); 289 if (advertise_atomic_push) 290 strbuf_addstr(&cap, " atomic"); 291 if (prefer_ofs_delta) 292 strbuf_addstr(&cap, " ofs-delta"); 293 if (push_cert_nonce) 294 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce); 295 if (advertise_push_options) 296 strbuf_addstr(&cap, " push-options"); 297 if (advertise_sid) 298 strbuf_addf(&cap, " session-id=%s", trace2_session_id()); 299 strbuf_addf(&cap, " object-format=%s", the_hash_algo->name); 300 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized()); 301 packet_write_fmt(1, "%s %s%c%s\n", 302 oid_to_hex(oid), path, 0, cap.buf); 303 strbuf_release(&cap); 304 sent_capabilities = 1; 305 } 306} 307 308static int show_ref_cb(const char *path_full, const char *referent UNUSED, const struct object_id *oid, 309 int flag UNUSED, void *data) 310{ 311 struct oidset *seen = data; 312 const char *path = strip_namespace(path_full); 313 314 if (ref_is_hidden(path, path_full, &hidden_refs)) 315 return 0; 316 317 /* 318 * Advertise refs outside our current namespace as ".have" 319 * refs, so that the client can use them to minimize data 320 * transfer but will otherwise ignore them. 321 */ 322 if (!path) { 323 if (oidset_insert(seen, oid)) 324 return 0; 325 path = ".have"; 326 } else { 327 oidset_insert(seen, oid); 328 } 329 show_ref(path, oid); 330 return 0; 331} 332 333static void show_one_alternate_ref(const struct object_id *oid, 334 void *data) 335{ 336 struct oidset *seen = data; 337 338 if (oidset_insert(seen, oid)) 339 return; 340 341 show_ref(".have", oid); 342} 343 344static void write_head_info(void) 345{ 346 static struct oidset seen = OIDSET_INIT; 347 struct strvec excludes_vector = STRVEC_INIT; 348 const char **exclude_patterns; 349 350 /* 351 * We need access to the reference names both with and without their 352 * namespace and thus cannot use `refs_for_each_namespaced_ref()`. We 353 * thus have to adapt exclude patterns to carry the namespace prefix 354 * ourselves. 355 */ 356 exclude_patterns = get_namespaced_exclude_patterns( 357 hidden_refs_to_excludes(&hidden_refs), 358 get_git_namespace(), &excludes_vector); 359 360 refs_for_each_fullref_in(get_main_ref_store(the_repository), "", 361 exclude_patterns, show_ref_cb, &seen); 362 odb_for_each_alternate_ref(the_repository->objects, 363 show_one_alternate_ref, &seen); 364 365 oidset_clear(&seen); 366 strvec_clear(&excludes_vector); 367 368 if (!sent_capabilities) 369 show_ref("capabilities^{}", null_oid(the_hash_algo)); 370 371 advertise_shallow_grafts(1); 372 373 /* EOF */ 374 packet_flush(1); 375} 376 377#define RUN_PROC_RECEIVE_SCHEDULED 1 378#define RUN_PROC_RECEIVE_RETURNED 2 379struct command { 380 struct command *next; 381 const char *error_string; 382 char *error_string_owned; 383 struct ref_push_report *report; 384 unsigned int skip_update:1, 385 did_not_exist:1, 386 run_proc_receive:2; 387 int index; 388 struct object_id old_oid; 389 struct object_id new_oid; 390 char ref_name[FLEX_ARRAY]; /* more */ 391}; 392 393static void proc_receive_ref_append(const char *prefix) 394{ 395 struct proc_receive_ref *ref_pattern; 396 char *p; 397 int len; 398 399 CALLOC_ARRAY(ref_pattern, 1); 400 p = strchr(prefix, ':'); 401 if (p) { 402 while (prefix < p) { 403 if (*prefix == 'a') 404 ref_pattern->want_add = 1; 405 else if (*prefix == 'd') 406 ref_pattern->want_delete = 1; 407 else if (*prefix == 'm') 408 ref_pattern->want_modify = 1; 409 else if (*prefix == '!') 410 ref_pattern->negative_ref = 1; 411 prefix++; 412 } 413 prefix++; 414 } else { 415 ref_pattern->want_add = 1; 416 ref_pattern->want_delete = 1; 417 ref_pattern->want_modify = 1; 418 } 419 len = strlen(prefix); 420 while (len && prefix[len - 1] == '/') 421 len--; 422 ref_pattern->ref_prefix = xmemdupz(prefix, len); 423 if (!proc_receive_ref) { 424 proc_receive_ref = ref_pattern; 425 } else { 426 struct proc_receive_ref *end; 427 428 end = proc_receive_ref; 429 while (end->next) 430 end = end->next; 431 end->next = ref_pattern; 432 } 433} 434 435static int proc_receive_ref_matches(struct command *cmd) 436{ 437 struct proc_receive_ref *p; 438 439 if (!proc_receive_ref) 440 return 0; 441 442 for (p = proc_receive_ref; p; p = p->next) { 443 const char *match = p->ref_prefix; 444 const char *remains; 445 446 if (!p->want_add && is_null_oid(&cmd->old_oid)) 447 continue; 448 else if (!p->want_delete && is_null_oid(&cmd->new_oid)) 449 continue; 450 else if (!p->want_modify && 451 !is_null_oid(&cmd->old_oid) && 452 !is_null_oid(&cmd->new_oid)) 453 continue; 454 455 if (skip_prefix(cmd->ref_name, match, &remains) && 456 (!*remains || *remains == '/')) { 457 if (!p->negative_ref) 458 return 1; 459 } else if (p->negative_ref) { 460 return 1; 461 } 462 } 463 return 0; 464} 465 466static void report_message(const char *prefix, const char *err, va_list params) 467{ 468 int sz; 469 char msg[4096]; 470 471 sz = xsnprintf(msg, sizeof(msg), "%s", prefix); 472 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params); 473 if (sz > (sizeof(msg) - 1)) 474 sz = sizeof(msg) - 1; 475 msg[sz++] = '\n'; 476 477 if (use_sideband) 478 send_sideband(1, 2, msg, sz, use_sideband); 479 else 480 xwrite(2, msg, sz); 481} 482 483__attribute__((format (printf, 1, 2))) 484static void rp_warning(const char *err, ...) 485{ 486 va_list params; 487 va_start(params, err); 488 report_message("warning: ", err, params); 489 va_end(params); 490} 491 492__attribute__((format (printf, 1, 2))) 493static void rp_error(const char *err, ...) 494{ 495 va_list params; 496 va_start(params, err); 497 report_message("error: ", err, params); 498 va_end(params); 499} 500 501static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED) 502{ 503 char data[128]; 504 int keepalive_active = 0; 505 506 if (keepalive_in_sec <= 0) 507 use_keepalive = KEEPALIVE_NEVER; 508 if (use_keepalive == KEEPALIVE_ALWAYS) 509 keepalive_active = 1; 510 511 while (1) { 512 ssize_t sz; 513 514 if (keepalive_active) { 515 struct pollfd pfd; 516 int ret; 517 518 pfd.fd = in; 519 pfd.events = POLLIN; 520 ret = poll(&pfd, 1, 1000 * keepalive_in_sec); 521 522 if (ret < 0) { 523 if (errno == EINTR) 524 continue; 525 else 526 break; 527 } else if (ret == 0) { 528 /* no data; send a keepalive packet */ 529 static const char buf[] = "0005\1"; 530 write_or_die(1, buf, sizeof(buf) - 1); 531 continue; 532 } /* else there is actual data to read */ 533 } 534 535 sz = xread(in, data, sizeof(data)); 536 if (sz <= 0) 537 break; 538 539 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) { 540 const char *p = memchr(data, '\0', sz); 541 if (p) { 542 /* 543 * The NUL tells us to start sending keepalives. Make 544 * sure we send any other data we read along 545 * with it. 546 */ 547 keepalive_active = 1; 548 send_sideband(1, 2, data, p - data, use_sideband); 549 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband); 550 continue; 551 } 552 } 553 554 /* 555 * Either we're not looking for a NUL signal, or we didn't see 556 * it yet; just pass along the data. 557 */ 558 send_sideband(1, 2, data, sz, use_sideband); 559 } 560 close(in); 561 return 0; 562} 563 564static void hmac_hash(unsigned char *out, 565 const char *key_in, size_t key_len, 566 const char *text, size_t text_len) 567{ 568 unsigned char key[GIT_MAX_BLKSZ]; 569 unsigned char k_ipad[GIT_MAX_BLKSZ]; 570 unsigned char k_opad[GIT_MAX_BLKSZ]; 571 int i; 572 struct git_hash_ctx ctx; 573 574 /* RFC 2104 2. (1) */ 575 memset(key, '\0', GIT_MAX_BLKSZ); 576 if (the_hash_algo->blksz < key_len) { 577 the_hash_algo->init_fn(&ctx); 578 git_hash_update(&ctx, key_in, key_len); 579 git_hash_final(key, &ctx); 580 } else { 581 memcpy(key, key_in, key_len); 582 } 583 584 /* RFC 2104 2. (2) & (5) */ 585 for (i = 0; i < sizeof(key); i++) { 586 k_ipad[i] = key[i] ^ 0x36; 587 k_opad[i] = key[i] ^ 0x5c; 588 } 589 590 /* RFC 2104 2. (3) & (4) */ 591 the_hash_algo->init_fn(&ctx); 592 git_hash_update(&ctx, k_ipad, sizeof(k_ipad)); 593 git_hash_update(&ctx, text, text_len); 594 git_hash_final(out, &ctx); 595 596 /* RFC 2104 2. (6) & (7) */ 597 the_hash_algo->init_fn(&ctx); 598 git_hash_update(&ctx, k_opad, sizeof(k_opad)); 599 git_hash_update(&ctx, out, the_hash_algo->rawsz); 600 git_hash_final(out, &ctx); 601} 602 603static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp) 604{ 605 struct strbuf buf = STRBUF_INIT; 606 unsigned char hash[GIT_MAX_RAWSZ]; 607 608 strbuf_addf(&buf, "%s:%"PRItime, path, stamp); 609 hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed)); 610 strbuf_release(&buf); 611 612 /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */ 613 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash)); 614 return strbuf_detach(&buf, NULL); 615} 616 617/* 618 * Return zero if a and b are equal up to n bytes and nonzero if they are not. 619 * This operation is guaranteed to run in constant time to avoid leaking data. 620 */ 621static int constant_memequal(const char *a, const char *b, size_t n) 622{ 623 int res = 0; 624 size_t i; 625 626 for (i = 0; i < n; i++) 627 res |= a[i] ^ b[i]; 628 return res; 629} 630 631static const char *check_nonce(const char *buf) 632{ 633 size_t noncelen; 634 const char *found = find_commit_header(buf, "nonce", &noncelen); 635 char *nonce = found ? xmemdupz(found, noncelen) : NULL; 636 timestamp_t stamp, ostamp; 637 char *bohmac, *expect = NULL; 638 const char *retval = NONCE_BAD; 639 640 if (!nonce) { 641 retval = NONCE_MISSING; 642 goto leave; 643 } else if (!push_cert_nonce) { 644 retval = NONCE_UNSOLICITED; 645 goto leave; 646 } else if (!strcmp(push_cert_nonce, nonce)) { 647 retval = NONCE_OK; 648 goto leave; 649 } 650 651 if (!stateless_rpc) { 652 /* returned nonce MUST match what we gave out earlier */ 653 retval = NONCE_BAD; 654 goto leave; 655 } 656 657 /* 658 * In stateless mode, we may be receiving a nonce issued by 659 * another instance of the server that serving the same 660 * repository, and the timestamps may not match, but the 661 * nonce-seed and dir should match, so we can recompute and 662 * report the time slop. 663 * 664 * In addition, when a nonce issued by another instance has 665 * timestamp within receive.certnonceslop seconds, we pretend 666 * as if we issued that nonce when reporting to the hook. 667 */ 668 669 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */ 670 if (*nonce <= '0' || '9' < *nonce) { 671 retval = NONCE_BAD; 672 goto leave; 673 } 674 stamp = parse_timestamp(nonce, &bohmac, 10); 675 if (bohmac == nonce || bohmac[0] != '-') { 676 retval = NONCE_BAD; 677 goto leave; 678 } 679 680 expect = prepare_push_cert_nonce(service_dir, stamp); 681 if (noncelen != strlen(expect)) { 682 /* This is not even the right size. */ 683 retval = NONCE_BAD; 684 goto leave; 685 } 686 if (constant_memequal(expect, nonce, noncelen)) { 687 /* Not what we would have signed earlier */ 688 retval = NONCE_BAD; 689 goto leave; 690 } 691 692 /* 693 * By how many seconds is this nonce stale? Negative value 694 * would mean it was issued by another server with its clock 695 * skewed in the future. 696 */ 697 ostamp = parse_timestamp(push_cert_nonce, NULL, 10); 698 nonce_stamp_slop = (long)ostamp - (long)stamp; 699 700 if (nonce_stamp_slop_limit && 701 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) { 702 /* 703 * Pretend as if the received nonce (which passes the 704 * HMAC check, so it is not a forged by third-party) 705 * is what we issued. 706 */ 707 free((void *)push_cert_nonce); 708 push_cert_nonce = xstrdup(nonce); 709 retval = NONCE_OK; 710 } else { 711 retval = NONCE_SLOP; 712 } 713 714leave: 715 free(nonce); 716 free(expect); 717 return retval; 718} 719 720/* 721 * Return 1 if there is no push_cert or if the push options in push_cert are 722 * the same as those in the argument; 0 otherwise. 723 */ 724static int check_cert_push_options(const struct string_list *push_options) 725{ 726 const char *buf = push_cert.buf; 727 728 const char *option; 729 size_t optionlen; 730 int options_seen = 0; 731 732 int retval = 1; 733 734 if (!*buf) 735 return 1; 736 737 while ((option = find_commit_header(buf, "push-option", &optionlen))) { 738 buf = option + optionlen + 1; 739 options_seen++; 740 if (options_seen > push_options->nr 741 || xstrncmpz(push_options->items[options_seen - 1].string, 742 option, optionlen)) 743 return 0; 744 } 745 746 if (options_seen != push_options->nr) 747 retval = 0; 748 749 return retval; 750} 751 752static void prepare_push_cert_sha1(struct child_process *proc) 753{ 754 static int already_done; 755 756 if (!push_cert.len) 757 return; 758 759 if (!already_done) { 760 int bogs /* beginning_of_gpg_sig */; 761 762 already_done = 1; 763 if (odb_write_object(the_repository->objects, push_cert.buf, 764 push_cert.len, OBJ_BLOB, &push_cert_oid)) 765 oidclr(&push_cert_oid, the_repository->hash_algo); 766 767 memset(&sigcheck, '\0', sizeof(sigcheck)); 768 769 bogs = parse_signed_buffer(push_cert.buf, push_cert.len); 770 sigcheck.payload = xmemdupz(push_cert.buf, bogs); 771 sigcheck.payload_len = bogs; 772 check_signature(&sigcheck, push_cert.buf + bogs, 773 push_cert.len - bogs); 774 775 nonce_status = check_nonce(sigcheck.payload); 776 } 777 if (!is_null_oid(&push_cert_oid)) { 778 strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s", 779 oid_to_hex(&push_cert_oid)); 780 strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s", 781 sigcheck.signer ? sigcheck.signer : ""); 782 strvec_pushf(&proc->env, "GIT_PUSH_CERT_KEY=%s", 783 sigcheck.key ? sigcheck.key : ""); 784 strvec_pushf(&proc->env, "GIT_PUSH_CERT_STATUS=%c", 785 sigcheck.result); 786 if (push_cert_nonce) { 787 strvec_pushf(&proc->env, 788 "GIT_PUSH_CERT_NONCE=%s", 789 push_cert_nonce); 790 strvec_pushf(&proc->env, 791 "GIT_PUSH_CERT_NONCE_STATUS=%s", 792 nonce_status); 793 if (nonce_status == NONCE_SLOP) 794 strvec_pushf(&proc->env, 795 "GIT_PUSH_CERT_NONCE_SLOP=%ld", 796 nonce_stamp_slop); 797 } 798 } 799} 800 801struct receive_hook_feed_state { 802 struct command *cmd; 803 struct ref_push_report *report; 804 int skip_broken; 805 struct strbuf buf; 806 const struct string_list *push_options; 807}; 808 809typedef int (*feed_fn)(void *, const char **, size_t *); 810static int run_and_feed_hook(const char *hook_name, feed_fn feed, 811 struct receive_hook_feed_state *feed_state) 812{ 813 struct child_process proc = CHILD_PROCESS_INIT; 814 struct async muxer; 815 int code; 816 const char *hook_path = find_hook(the_repository, hook_name); 817 818 if (!hook_path) 819 return 0; 820 821 strvec_push(&proc.args, hook_path); 822 proc.in = -1; 823 proc.stdout_to_stderr = 1; 824 proc.trace2_hook_name = hook_name; 825 826 if (feed_state->push_options) { 827 size_t i; 828 for (i = 0; i < feed_state->push_options->nr; i++) 829 strvec_pushf(&proc.env, 830 "GIT_PUSH_OPTION_%"PRIuMAX"=%s", 831 (uintmax_t)i, 832 feed_state->push_options->items[i].string); 833 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT=%"PRIuMAX"", 834 (uintmax_t)feed_state->push_options->nr); 835 } else 836 strvec_pushf(&proc.env, "GIT_PUSH_OPTION_COUNT"); 837 838 if (tmp_objdir) 839 strvec_pushv(&proc.env, tmp_objdir_env(tmp_objdir)); 840 841 if (use_sideband) { 842 memset(&muxer, 0, sizeof(muxer)); 843 muxer.proc = copy_to_sideband; 844 muxer.in = -1; 845 code = start_async(&muxer); 846 if (code) 847 return code; 848 proc.err = muxer.in; 849 } 850 851 prepare_push_cert_sha1(&proc); 852 853 code = start_command(&proc); 854 if (code) { 855 if (use_sideband) 856 finish_async(&muxer); 857 return code; 858 } 859 860 sigchain_push(SIGPIPE, SIG_IGN); 861 862 while (1) { 863 const char *buf; 864 size_t n; 865 if (feed(feed_state, &buf, &n)) 866 break; 867 if (write_in_full(proc.in, buf, n) < 0) 868 break; 869 } 870 close(proc.in); 871 if (use_sideband) 872 finish_async(&muxer); 873 874 sigchain_pop(SIGPIPE); 875 876 return finish_command(&proc); 877} 878 879static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep) 880{ 881 struct receive_hook_feed_state *state = state_; 882 struct command *cmd = state->cmd; 883 884 while (cmd && 885 state->skip_broken && (cmd->error_string || cmd->did_not_exist)) 886 cmd = cmd->next; 887 if (!cmd) 888 return -1; /* EOF */ 889 if (!bufp) 890 return 0; /* OK, can feed something. */ 891 strbuf_reset(&state->buf); 892 if (!state->report) 893 state->report = cmd->report; 894 if (state->report) { 895 struct object_id *old_oid; 896 struct object_id *new_oid; 897 const char *ref_name; 898 899 old_oid = state->report->old_oid ? state->report->old_oid : &cmd->old_oid; 900 new_oid = state->report->new_oid ? state->report->new_oid : &cmd->new_oid; 901 ref_name = state->report->ref_name ? state->report->ref_name : cmd->ref_name; 902 strbuf_addf(&state->buf, "%s %s %s\n", 903 oid_to_hex(old_oid), oid_to_hex(new_oid), 904 ref_name); 905 state->report = state->report->next; 906 if (!state->report) 907 state->cmd = cmd->next; 908 } else { 909 strbuf_addf(&state->buf, "%s %s %s\n", 910 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid), 911 cmd->ref_name); 912 state->cmd = cmd->next; 913 } 914 if (bufp) { 915 *bufp = state->buf.buf; 916 *sizep = state->buf.len; 917 } 918 return 0; 919} 920 921static int run_receive_hook(struct command *commands, 922 const char *hook_name, 923 int skip_broken, 924 const struct string_list *push_options) 925{ 926 struct receive_hook_feed_state state; 927 int status; 928 929 strbuf_init(&state.buf, 0); 930 state.cmd = commands; 931 state.skip_broken = skip_broken; 932 state.report = NULL; 933 if (feed_receive_hook(&state, NULL, NULL)) 934 return 0; 935 state.cmd = commands; 936 state.push_options = push_options; 937 status = run_and_feed_hook(hook_name, feed_receive_hook, &state); 938 strbuf_release(&state.buf); 939 return status; 940} 941 942static int run_update_hook(struct command *cmd) 943{ 944 struct child_process proc = CHILD_PROCESS_INIT; 945 int code; 946 const char *hook_path = find_hook(the_repository, "update"); 947 948 if (!hook_path) 949 return 0; 950 951 strvec_push(&proc.args, hook_path); 952 strvec_push(&proc.args, cmd->ref_name); 953 strvec_push(&proc.args, oid_to_hex(&cmd->old_oid)); 954 strvec_push(&proc.args, oid_to_hex(&cmd->new_oid)); 955 956 proc.no_stdin = 1; 957 proc.stdout_to_stderr = 1; 958 proc.err = use_sideband ? -1 : 0; 959 proc.trace2_hook_name = "update"; 960 961 code = start_command(&proc); 962 if (code) 963 return code; 964 if (use_sideband) 965 copy_to_sideband(proc.err, -1, NULL); 966 return finish_command(&proc); 967} 968 969static struct command *find_command_by_refname(struct command *list, 970 const char *refname) 971{ 972 for (; list; list = list->next) 973 if (!strcmp(list->ref_name, refname)) 974 return list; 975 return NULL; 976} 977 978static int read_proc_receive_report(struct packet_reader *reader, 979 struct command *commands, 980 struct strbuf *errmsg) 981{ 982 struct command *cmd; 983 struct command *hint = NULL; 984 struct ref_push_report *report = NULL; 985 int new_report = 0; 986 int code = 0; 987 int once = 0; 988 int response = 0; 989 990 for (;;) { 991 struct object_id old_oid, new_oid; 992 const char *head; 993 const char *refname; 994 char *p; 995 enum packet_read_status status; 996 997 status = packet_reader_read(reader); 998 if (status != PACKET_READ_NORMAL) { 999 /* Check whether proc-receive exited abnormally */ 1000 if (status == PACKET_READ_EOF && !response) { 1001 strbuf_addstr(errmsg, "proc-receive exited abnormally"); 1002 return -1; 1003 } 1004 break; 1005 } 1006 response++; 1007 1008 head = reader->line; 1009 p = strchr(head, ' '); 1010 if (!p) { 1011 strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head); 1012 code = -1; 1013 continue; 1014 } 1015 *p++ = '\0'; 1016 if (!strcmp(head, "option")) { 1017 const char *key, *val; 1018 1019 if (!hint || !(report || new_report)) { 1020 if (!once++) 1021 strbuf_addstr(errmsg, "proc-receive reported 'option' without a matching 'ok/ng' directive\n"); 1022 code = -1; 1023 continue; 1024 } 1025 if (new_report) { 1026 if (!hint->report) { 1027 CALLOC_ARRAY(hint->report, 1); 1028 report = hint->report; 1029 } else { 1030 report = hint->report; 1031 while (report->next) 1032 report = report->next; 1033 report->next = xcalloc(1, sizeof(struct ref_push_report)); 1034 report = report->next; 1035 } 1036 new_report = 0; 1037 } 1038 key = p; 1039 p = strchr(key, ' '); 1040 if (p) 1041 *p++ = '\0'; 1042 val = p; 1043 if (!strcmp(key, "refname")) 1044 report->ref_name = xstrdup_or_null(val); 1045 else if (!strcmp(key, "old-oid") && val && 1046 !parse_oid_hex(val, &old_oid, &val)) 1047 report->old_oid = oiddup(&old_oid); 1048 else if (!strcmp(key, "new-oid") && val && 1049 !parse_oid_hex(val, &new_oid, &val)) 1050 report->new_oid = oiddup(&new_oid); 1051 else if (!strcmp(key, "forced-update")) 1052 report->forced_update = 1; 1053 else if (!strcmp(key, "fall-through")) 1054 /* Fall through, let 'receive-pack' to execute it. */ 1055 hint->run_proc_receive = 0; 1056 continue; 1057 } 1058 1059 report = NULL; 1060 new_report = 0; 1061 refname = p; 1062 p = strchr(refname, ' '); 1063 if (p) 1064 *p++ = '\0'; 1065 if (strcmp(head, "ok") && strcmp(head, "ng")) { 1066 strbuf_addf(errmsg, "proc-receive reported bad status '%s' on ref '%s'\n", 1067 head, refname); 1068 code = -1; 1069 continue; 1070 } 1071 1072 /* first try searching at our hint, falling back to all refs */ 1073 if (hint) 1074 hint = find_command_by_refname(hint, refname); 1075 if (!hint) 1076 hint = find_command_by_refname(commands, refname); 1077 if (!hint) { 1078 strbuf_addf(errmsg, "proc-receive reported status on unknown ref: %s\n", 1079 refname); 1080 code = -1; 1081 continue; 1082 } 1083 if (!hint->run_proc_receive) { 1084 strbuf_addf(errmsg, "proc-receive reported status on unexpected ref: %s\n", 1085 refname); 1086 code = -1; 1087 continue; 1088 } 1089 hint->run_proc_receive |= RUN_PROC_RECEIVE_RETURNED; 1090 if (!strcmp(head, "ng")) { 1091 if (p) 1092 hint->error_string = hint->error_string_owned = xstrdup(p); 1093 else 1094 hint->error_string = "failed"; 1095 code = -1; 1096 continue; 1097 } 1098 new_report = 1; 1099 } 1100 1101 for (cmd = commands; cmd; cmd = cmd->next) 1102 if (cmd->run_proc_receive && !cmd->error_string && 1103 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED)) { 1104 cmd->error_string = "proc-receive failed to report status"; 1105 code = -1; 1106 } 1107 return code; 1108} 1109 1110static int run_proc_receive_hook(struct command *commands, 1111 const struct string_list *push_options) 1112{ 1113 struct child_process proc = CHILD_PROCESS_INIT; 1114 struct async muxer; 1115 struct command *cmd; 1116 struct packet_reader reader; 1117 struct strbuf cap = STRBUF_INIT; 1118 struct strbuf errmsg = STRBUF_INIT; 1119 int hook_use_push_options = 0; 1120 int version = 0; 1121 int code; 1122 const char *hook_path = find_hook(the_repository, "proc-receive"); 1123 1124 if (!hook_path) { 1125 rp_error("cannot find hook 'proc-receive'"); 1126 return -1; 1127 } 1128 1129 strvec_push(&proc.args, hook_path); 1130 proc.in = -1; 1131 proc.out = -1; 1132 proc.trace2_hook_name = "proc-receive"; 1133 1134 if (use_sideband) { 1135 memset(&muxer, 0, sizeof(muxer)); 1136 muxer.proc = copy_to_sideband; 1137 muxer.in = -1; 1138 code = start_async(&muxer); 1139 if (code) 1140 return code; 1141 proc.err = muxer.in; 1142 } else { 1143 proc.err = 0; 1144 } 1145 1146 code = start_command(&proc); 1147 if (code) { 1148 if (use_sideband) 1149 finish_async(&muxer); 1150 return code; 1151 } 1152 1153 sigchain_push(SIGPIPE, SIG_IGN); 1154 1155 /* Version negotiaton */ 1156 packet_reader_init(&reader, proc.out, NULL, 0, 1157 PACKET_READ_CHOMP_NEWLINE | 1158 PACKET_READ_GENTLE_ON_EOF); 1159 if (use_atomic) 1160 strbuf_addstr(&cap, " atomic"); 1161 if (use_push_options) 1162 strbuf_addstr(&cap, " push-options"); 1163 if (cap.len) { 1164 code = packet_write_fmt_gently(proc.in, "version=1%c%s\n", '\0', cap.buf + 1); 1165 strbuf_release(&cap); 1166 } else { 1167 code = packet_write_fmt_gently(proc.in, "version=1\n"); 1168 } 1169 if (!code) 1170 code = packet_flush_gently(proc.in); 1171 1172 if (!code) 1173 for (;;) { 1174 int linelen; 1175 enum packet_read_status status; 1176 1177 status = packet_reader_read(&reader); 1178 if (status != PACKET_READ_NORMAL) { 1179 /* Check whether proc-receive exited abnormally */ 1180 if (status == PACKET_READ_EOF) 1181 code = -1; 1182 break; 1183 } 1184 1185 if (reader.pktlen > 8 && starts_with(reader.line, "version=")) { 1186 version = atoi(reader.line + 8); 1187 linelen = strlen(reader.line); 1188 if (linelen < reader.pktlen) { 1189 const char *feature_list = reader.line + linelen + 1; 1190 if (parse_feature_request(feature_list, "push-options")) 1191 hook_use_push_options = 1; 1192 } 1193 } 1194 } 1195 1196 if (code) { 1197 strbuf_addstr(&errmsg, "fail to negotiate version with proc-receive hook"); 1198 goto cleanup; 1199 } 1200 1201 switch (version) { 1202 case 0: 1203 /* fallthrough */ 1204 case 1: 1205 break; 1206 default: 1207 strbuf_addf(&errmsg, "proc-receive version '%d' is not supported", 1208 version); 1209 code = -1; 1210 goto cleanup; 1211 } 1212 1213 /* Send commands */ 1214 for (cmd = commands; cmd; cmd = cmd->next) { 1215 if (!cmd->run_proc_receive || cmd->skip_update || cmd->error_string) 1216 continue; 1217 code = packet_write_fmt_gently(proc.in, "%s %s %s", 1218 oid_to_hex(&cmd->old_oid), 1219 oid_to_hex(&cmd->new_oid), 1220 cmd->ref_name); 1221 if (code) 1222 break; 1223 } 1224 if (!code) 1225 code = packet_flush_gently(proc.in); 1226 if (code) { 1227 strbuf_addstr(&errmsg, "fail to write commands to proc-receive hook"); 1228 goto cleanup; 1229 } 1230 1231 /* Send push options */ 1232 if (hook_use_push_options) { 1233 struct string_list_item *item; 1234 1235 for_each_string_list_item(item, push_options) { 1236 code = packet_write_fmt_gently(proc.in, "%s", item->string); 1237 if (code) 1238 break; 1239 } 1240 if (!code) 1241 code = packet_flush_gently(proc.in); 1242 if (code) { 1243 strbuf_addstr(&errmsg, 1244 "fail to write push-options to proc-receive hook"); 1245 goto cleanup; 1246 } 1247 } 1248 1249 /* Read result from proc-receive */ 1250 code = read_proc_receive_report(&reader, commands, &errmsg); 1251 1252cleanup: 1253 close(proc.in); 1254 close(proc.out); 1255 if (use_sideband) 1256 finish_async(&muxer); 1257 if (finish_command(&proc)) 1258 code = -1; 1259 if (errmsg.len >0) { 1260 char *p = errmsg.buf; 1261 1262 p += errmsg.len - 1; 1263 if (*p == '\n') 1264 *p = '\0'; 1265 rp_error("%s", errmsg.buf); 1266 strbuf_release(&errmsg); 1267 } 1268 sigchain_pop(SIGPIPE); 1269 1270 return code; 1271} 1272 1273static const char *refuse_unconfigured_deny_msg = 1274 N_("By default, updating the current branch in a non-bare repository\n" 1275 "is denied, because it will make the index and work tree inconsistent\n" 1276 "with what you pushed, and will require 'git reset --hard' to match\n" 1277 "the work tree to HEAD.\n" 1278 "\n" 1279 "You can set the 'receive.denyCurrentBranch' configuration variable\n" 1280 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n" 1281 "its current branch; however, this is not recommended unless you\n" 1282 "arranged to update its work tree to match what you pushed in some\n" 1283 "other way.\n" 1284 "\n" 1285 "To squelch this message and still keep the default behaviour, set\n" 1286 "'receive.denyCurrentBranch' configuration variable to 'refuse'."); 1287 1288static void refuse_unconfigured_deny(void) 1289{ 1290 rp_error("%s", _(refuse_unconfigured_deny_msg)); 1291} 1292 1293static const char *refuse_unconfigured_deny_delete_current_msg = 1294 N_("By default, deleting the current branch is denied, because the next\n" 1295 "'git clone' won't result in any file checked out, causing confusion.\n" 1296 "\n" 1297 "You can set 'receive.denyDeleteCurrent' configuration variable to\n" 1298 "'warn' or 'ignore' in the remote repository to allow deleting the\n" 1299 "current branch, with or without a warning message.\n" 1300 "\n" 1301 "To squelch this message, you can set it to 'refuse'."); 1302 1303static void refuse_unconfigured_deny_delete_current(void) 1304{ 1305 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg)); 1306} 1307 1308static const struct object_id *command_singleton_iterator(void *cb_data); 1309static int update_shallow_ref(struct command *cmd, struct shallow_info *si) 1310{ 1311 struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT; 1312 struct oid_array extra = OID_ARRAY_INIT; 1313 struct check_connected_options opt = CHECK_CONNECTED_INIT; 1314 uint32_t mask = 1 << (cmd->index % 32); 1315 int i; 1316 1317 trace_printf_key(&trace_shallow, 1318 "shallow: update_shallow_ref %s\n", cmd->ref_name); 1319 for (i = 0; i < si->shallow->nr; i++) 1320 if (si->used_shallow[i] && 1321 (si->used_shallow[i][cmd->index / 32] & mask) && 1322 !delayed_reachability_test(si, i)) 1323 oid_array_append(&extra, &si->shallow->oid[i]); 1324 1325 opt.env = tmp_objdir_env(tmp_objdir); 1326 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra); 1327 if (check_connected(command_singleton_iterator, cmd, &opt)) { 1328 rollback_shallow_file(the_repository, &shallow_lock); 1329 oid_array_clear(&extra); 1330 return -1; 1331 } 1332 1333 commit_shallow_file(the_repository, &shallow_lock); 1334 1335 /* 1336 * Make sure setup_alternate_shallow() for the next ref does 1337 * not lose these new roots.. 1338 */ 1339 for (i = 0; i < extra.nr; i++) 1340 register_shallow(the_repository, &extra.oid[i]); 1341 1342 si->shallow_ref[cmd->index] = 0; 1343 oid_array_clear(&extra); 1344 return 0; 1345} 1346 1347/* 1348 * NEEDSWORK: we should consolidate various implementations of "are we 1349 * on an unborn branch?" test into one, and make the unified one more 1350 * robust. !get_sha1() based check used here and elsewhere would not 1351 * allow us to tell an unborn branch from corrupt ref, for example. 1352 * For the purpose of fixing "deploy-to-update does not work when 1353 * pushing into an empty repository" issue, this should suffice for 1354 * now. 1355 */ 1356static int head_has_history(void) 1357{ 1358 struct object_id oid; 1359 1360 return !repo_get_oid(the_repository, "HEAD", &oid); 1361} 1362 1363static const char *push_to_deploy(unsigned char *sha1, 1364 struct strvec *env, 1365 const char *work_tree) 1366{ 1367 struct child_process child = CHILD_PROCESS_INIT; 1368 1369 strvec_pushl(&child.args, "update-index", "-q", "--ignore-submodules", 1370 "--refresh", NULL); 1371 strvec_pushv(&child.env, env->v); 1372 child.dir = work_tree; 1373 child.no_stdin = 1; 1374 child.stdout_to_stderr = 1; 1375 child.git_cmd = 1; 1376 if (run_command(&child)) 1377 return "Up-to-date check failed"; 1378 1379 /* run_command() does not clean up completely; reinitialize */ 1380 child_process_init(&child); 1381 strvec_pushl(&child.args, "diff-files", "--quiet", 1382 "--ignore-submodules", "--", NULL); 1383 strvec_pushv(&child.env, env->v); 1384 child.dir = work_tree; 1385 child.no_stdin = 1; 1386 child.stdout_to_stderr = 1; 1387 child.git_cmd = 1; 1388 if (run_command(&child)) 1389 return "Working directory has unstaged changes"; 1390 1391 child_process_init(&child); 1392 strvec_pushl(&child.args, "diff-index", "--quiet", "--cached", 1393 "--ignore-submodules", 1394 /* diff-index with either HEAD or an empty tree */ 1395 head_has_history() ? "HEAD" : empty_tree_oid_hex(the_repository->hash_algo), 1396 "--", NULL); 1397 strvec_pushv(&child.env, env->v); 1398 child.no_stdin = 1; 1399 child.no_stdout = 1; 1400 child.stdout_to_stderr = 0; 1401 child.git_cmd = 1; 1402 if (run_command(&child)) 1403 return "Working directory has staged changes"; 1404 1405 child_process_init(&child); 1406 strvec_pushl(&child.args, "read-tree", "-u", "-m", hash_to_hex(sha1), 1407 NULL); 1408 strvec_pushv(&child.env, env->v); 1409 child.dir = work_tree; 1410 child.no_stdin = 1; 1411 child.no_stdout = 1; 1412 child.stdout_to_stderr = 0; 1413 child.git_cmd = 1; 1414 if (run_command(&child)) 1415 return "Could not update working tree to new HEAD"; 1416 1417 return NULL; 1418} 1419 1420static const char *push_to_checkout_hook = "push-to-checkout"; 1421 1422static const char *push_to_checkout(unsigned char *hash, 1423 int *invoked_hook, 1424 struct strvec *env, 1425 const char *work_tree) 1426{ 1427 struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT; 1428 opt.invoked_hook = invoked_hook; 1429 1430 strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree)); 1431 strvec_pushv(&opt.env, env->v); 1432 strvec_push(&opt.args, hash_to_hex(hash)); 1433 if (run_hooks_opt(the_repository, push_to_checkout_hook, &opt)) 1434 return "push-to-checkout hook declined"; 1435 else 1436 return NULL; 1437} 1438 1439static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree) 1440{ 1441 const char *retval; 1442 char *git_dir; 1443 struct strvec env = STRVEC_INIT; 1444 int invoked_hook; 1445 1446 if (!worktree || !worktree->path) 1447 BUG("worktree->path must be non-NULL"); 1448 1449 if (worktree->is_bare) 1450 return "denyCurrentBranch = updateInstead needs a worktree"; 1451 git_dir = get_worktree_git_dir(worktree); 1452 1453 strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir)); 1454 1455 retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path); 1456 if (!invoked_hook) 1457 retval = push_to_deploy(sha1, &env, worktree->path); 1458 1459 strvec_clear(&env); 1460 free(git_dir); 1461 return retval; 1462} 1463 1464static const char *update(struct command *cmd, struct shallow_info *si) 1465{ 1466 const char *name = cmd->ref_name; 1467 struct strbuf namespaced_name_buf = STRBUF_INIT; 1468 static char *namespaced_name; 1469 const char *ret; 1470 struct object_id *old_oid = &cmd->old_oid; 1471 struct object_id *new_oid = &cmd->new_oid; 1472 int do_update_worktree = 0; 1473 struct worktree **worktrees = get_worktrees(); 1474 const struct worktree *worktree = 1475 find_shared_symref(worktrees, "HEAD", name); 1476 1477 /* only refs/... are allowed */ 1478 if (!starts_with(name, "refs/") || 1479 check_refname_format(name + 5, is_null_oid(new_oid) ? 1480 REFNAME_ALLOW_ONELEVEL : 0)) { 1481 rp_error("refusing to update funny ref '%s' remotely", name); 1482 ret = "funny refname"; 1483 goto out; 1484 } 1485 1486 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name); 1487 free(namespaced_name); 1488 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL); 1489 1490 if (worktree && !worktree->is_bare) { 1491 switch (deny_current_branch) { 1492 case DENY_IGNORE: 1493 break; 1494 case DENY_WARN: 1495 rp_warning("updating the current branch"); 1496 break; 1497 case DENY_REFUSE: 1498 case DENY_UNCONFIGURED: 1499 rp_error("refusing to update checked out branch: %s", name); 1500 if (deny_current_branch == DENY_UNCONFIGURED) 1501 refuse_unconfigured_deny(); 1502 ret = "branch is currently checked out"; 1503 goto out; 1504 case DENY_UPDATE_INSTEAD: 1505 /* pass -- let other checks intervene first */ 1506 do_update_worktree = 1; 1507 break; 1508 } 1509 } 1510 1511 if (!is_null_oid(new_oid) && 1512 !odb_has_object(the_repository->objects, new_oid, 1513 HAS_OBJECT_RECHECK_PACKED | HAS_OBJECT_FETCH_PROMISOR)) { 1514 error("unpack should have generated %s, " 1515 "but I can't find it!", oid_to_hex(new_oid)); 1516 ret = "bad pack"; 1517 goto out; 1518 } 1519 1520 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) { 1521 if (deny_deletes && starts_with(name, "refs/heads/")) { 1522 rp_error("denying ref deletion for %s", name); 1523 ret = "deletion prohibited"; 1524 goto out; 1525 } 1526 1527 if (worktree || (head_name && !strcmp(namespaced_name, head_name))) { 1528 switch (deny_delete_current) { 1529 case DENY_IGNORE: 1530 break; 1531 case DENY_WARN: 1532 rp_warning("deleting the current branch"); 1533 break; 1534 case DENY_REFUSE: 1535 case DENY_UNCONFIGURED: 1536 case DENY_UPDATE_INSTEAD: 1537 if (deny_delete_current == DENY_UNCONFIGURED) 1538 refuse_unconfigured_deny_delete_current(); 1539 rp_error("refusing to delete the current branch: %s", name); 1540 ret = "deletion of the current branch prohibited"; 1541 goto out; 1542 default: 1543 ret = "Invalid denyDeleteCurrent setting"; 1544 goto out; 1545 } 1546 } 1547 } 1548 1549 if (deny_non_fast_forwards && !is_null_oid(new_oid) && 1550 !is_null_oid(old_oid) && 1551 starts_with(name, "refs/heads/")) { 1552 struct object *old_object, *new_object; 1553 struct commit *old_commit, *new_commit; 1554 int ret2; 1555 1556 old_object = parse_object(the_repository, old_oid); 1557 new_object = parse_object(the_repository, new_oid); 1558 1559 if (!old_object || !new_object || 1560 old_object->type != OBJ_COMMIT || 1561 new_object->type != OBJ_COMMIT) { 1562 error("bad sha1 objects for %s", name); 1563 ret = "bad ref"; 1564 goto out; 1565 } 1566 old_commit = (struct commit *)old_object; 1567 new_commit = (struct commit *)new_object; 1568 ret2 = repo_in_merge_bases(the_repository, old_commit, new_commit); 1569 if (ret2 < 0) 1570 exit(128); 1571 if (!ret2) { 1572 rp_error("denying non-fast-forward %s" 1573 " (you should pull first)", name); 1574 ret = "non-fast-forward"; 1575 goto out; 1576 } 1577 } 1578 if (run_update_hook(cmd)) { 1579 rp_error("hook declined to update %s", name); 1580 ret = "hook declined"; 1581 goto out; 1582 } 1583 1584 if (do_update_worktree) { 1585 ret = update_worktree(new_oid->hash, worktree); 1586 if (ret) 1587 goto out; 1588 } 1589 1590 if (is_null_oid(new_oid)) { 1591 struct strbuf err = STRBUF_INIT; 1592 if (!parse_object(the_repository, old_oid)) { 1593 old_oid = NULL; 1594 if (refs_ref_exists(get_main_ref_store(the_repository), name)) { 1595 rp_warning("allowing deletion of corrupt ref"); 1596 } else { 1597 rp_warning("deleting a non-existent ref"); 1598 cmd->did_not_exist = 1; 1599 } 1600 } 1601 if (ref_transaction_delete(transaction, 1602 namespaced_name, 1603 old_oid, 1604 NULL, 0, 1605 "push", &err)) { 1606 rp_error("%s", err.buf); 1607 ret = "failed to delete"; 1608 } else { 1609 ret = NULL; /* good */ 1610 } 1611 strbuf_release(&err); 1612 } 1613 else { 1614 struct strbuf err = STRBUF_INIT; 1615 if (shallow_update && si->shallow_ref[cmd->index] && 1616 update_shallow_ref(cmd, si)) { 1617 ret = "shallow error"; 1618 goto out; 1619 } 1620 1621 if (ref_transaction_update(transaction, 1622 namespaced_name, 1623 new_oid, old_oid, 1624 NULL, NULL, 1625 0, "push", 1626 &err)) { 1627 rp_error("%s", err.buf); 1628 ret = "failed to update ref"; 1629 } else { 1630 ret = NULL; /* good */ 1631 } 1632 strbuf_release(&err); 1633 } 1634 1635out: 1636 free_worktrees(worktrees); 1637 return ret; 1638} 1639 1640static void run_update_post_hook(struct command *commands) 1641{ 1642 struct command *cmd; 1643 struct child_process proc = CHILD_PROCESS_INIT; 1644 const char *hook; 1645 1646 hook = find_hook(the_repository, "post-update"); 1647 if (!hook) 1648 return; 1649 1650 for (cmd = commands; cmd; cmd = cmd->next) { 1651 if (cmd->error_string || cmd->did_not_exist) 1652 continue; 1653 if (!proc.args.nr) 1654 strvec_push(&proc.args, hook); 1655 strvec_push(&proc.args, cmd->ref_name); 1656 } 1657 if (!proc.args.nr) 1658 return; 1659 1660 proc.no_stdin = 1; 1661 proc.stdout_to_stderr = 1; 1662 proc.err = use_sideband ? -1 : 0; 1663 proc.trace2_hook_name = "post-update"; 1664 1665 if (!start_command(&proc)) { 1666 if (use_sideband) 1667 copy_to_sideband(proc.err, -1, NULL); 1668 finish_command(&proc); 1669 } 1670} 1671 1672static void check_aliased_update_internal(struct command *cmd, 1673 struct string_list *list, 1674 const char *dst_name, int flag) 1675{ 1676 struct string_list_item *item; 1677 struct command *dst_cmd; 1678 1679 if (!(flag & REF_ISSYMREF)) 1680 return; 1681 1682 if (!dst_name) { 1683 rp_error("refusing update to broken symref '%s'", cmd->ref_name); 1684 cmd->skip_update = 1; 1685 cmd->error_string = "broken symref"; 1686 return; 1687 } 1688 dst_name = strip_namespace(dst_name); 1689 1690 if (!(item = string_list_lookup(list, dst_name))) 1691 return; 1692 1693 cmd->skip_update = 1; 1694 1695 dst_cmd = (struct command *) item->util; 1696 1697 if (oideq(&cmd->old_oid, &dst_cmd->old_oid) && 1698 oideq(&cmd->new_oid, &dst_cmd->new_oid)) 1699 return; 1700 1701 dst_cmd->skip_update = 1; 1702 1703 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and" 1704 " its target '%s' (%s..%s)", 1705 cmd->ref_name, 1706 repo_find_unique_abbrev(the_repository, &cmd->old_oid, DEFAULT_ABBREV), 1707 repo_find_unique_abbrev(the_repository, &cmd->new_oid, DEFAULT_ABBREV), 1708 dst_cmd->ref_name, 1709 repo_find_unique_abbrev(the_repository, &dst_cmd->old_oid, DEFAULT_ABBREV), 1710 repo_find_unique_abbrev(the_repository, &dst_cmd->new_oid, DEFAULT_ABBREV)); 1711 1712 cmd->error_string = dst_cmd->error_string = 1713 "inconsistent aliased update"; 1714} 1715 1716static void check_aliased_update(struct command *cmd, struct string_list *list) 1717{ 1718 struct strbuf buf = STRBUF_INIT; 1719 const char *dst_name; 1720 int flag; 1721 1722 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name); 1723 dst_name = refs_resolve_ref_unsafe(get_main_ref_store(the_repository), 1724 buf.buf, 0, NULL, &flag); 1725 check_aliased_update_internal(cmd, list, dst_name, flag); 1726 strbuf_release(&buf); 1727} 1728 1729static void check_aliased_updates(struct command *commands) 1730{ 1731 struct command *cmd; 1732 struct string_list ref_list = STRING_LIST_INIT_NODUP; 1733 1734 for (cmd = commands; cmd; cmd = cmd->next) { 1735 struct string_list_item *item = 1736 string_list_append(&ref_list, cmd->ref_name); 1737 item->util = (void *)cmd; 1738 } 1739 string_list_sort(&ref_list); 1740 1741 for (cmd = commands; cmd; cmd = cmd->next) { 1742 if (!cmd->error_string) 1743 check_aliased_update(cmd, &ref_list); 1744 } 1745 1746 string_list_clear(&ref_list, 0); 1747} 1748 1749static const struct object_id *command_singleton_iterator(void *cb_data) 1750{ 1751 struct command **cmd_list = cb_data; 1752 struct command *cmd = *cmd_list; 1753 1754 if (!cmd || is_null_oid(&cmd->new_oid)) 1755 return NULL; 1756 *cmd_list = NULL; /* this returns only one */ 1757 return &cmd->new_oid; 1758} 1759 1760static void set_connectivity_errors(struct command *commands, 1761 struct shallow_info *si) 1762{ 1763 struct command *cmd; 1764 1765 for (cmd = commands; cmd; cmd = cmd->next) { 1766 struct command *singleton = cmd; 1767 struct check_connected_options opt = CHECK_CONNECTED_INIT; 1768 1769 if (shallow_update && si->shallow_ref[cmd->index]) 1770 /* to be checked in update_shallow_ref() */ 1771 continue; 1772 1773 opt.env = tmp_objdir_env(tmp_objdir); 1774 if (!check_connected(command_singleton_iterator, &singleton, 1775 &opt)) 1776 continue; 1777 1778 cmd->error_string = "missing necessary objects"; 1779 } 1780} 1781 1782struct iterate_data { 1783 struct command *cmds; 1784 struct shallow_info *si; 1785}; 1786 1787static const struct object_id *iterate_receive_command_list(void *cb_data) 1788{ 1789 struct iterate_data *data = cb_data; 1790 struct command **cmd_list = &data->cmds; 1791 struct command *cmd = *cmd_list; 1792 1793 for (; cmd; cmd = cmd->next) { 1794 if (shallow_update && data->si->shallow_ref[cmd->index]) 1795 /* to be checked in update_shallow_ref() */ 1796 continue; 1797 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) { 1798 *cmd_list = cmd->next; 1799 return &cmd->new_oid; 1800 } 1801 } 1802 return NULL; 1803} 1804 1805static void reject_updates_to_hidden(struct command *commands) 1806{ 1807 struct strbuf refname_full = STRBUF_INIT; 1808 size_t prefix_len; 1809 struct command *cmd; 1810 1811 strbuf_addstr(&refname_full, get_git_namespace()); 1812 prefix_len = refname_full.len; 1813 1814 for (cmd = commands; cmd; cmd = cmd->next) { 1815 if (cmd->error_string) 1816 continue; 1817 1818 strbuf_setlen(&refname_full, prefix_len); 1819 strbuf_addstr(&refname_full, cmd->ref_name); 1820 1821 if (!ref_is_hidden(cmd->ref_name, refname_full.buf, &hidden_refs)) 1822 continue; 1823 if (is_null_oid(&cmd->new_oid)) 1824 cmd->error_string = "deny deleting a hidden ref"; 1825 else 1826 cmd->error_string = "deny updating a hidden ref"; 1827 } 1828 1829 strbuf_release(&refname_full); 1830} 1831 1832static int should_process_cmd(struct command *cmd) 1833{ 1834 return !cmd->error_string && !cmd->skip_update; 1835} 1836 1837static void BUG_if_skipped_connectivity_check(struct command *commands, 1838 struct shallow_info *si) 1839{ 1840 struct command *cmd; 1841 1842 for (cmd = commands; cmd; cmd = cmd->next) { 1843 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) 1844 bug("connectivity check has not been run on ref %s", 1845 cmd->ref_name); 1846 } 1847 BUG_if_bug("connectivity check skipped???"); 1848} 1849 1850static void ref_transaction_rejection_handler(const char *refname, 1851 const struct object_id *old_oid UNUSED, 1852 const struct object_id *new_oid UNUSED, 1853 const char *old_target UNUSED, 1854 const char *new_target UNUSED, 1855 enum ref_transaction_error err, 1856 void *cb_data) 1857{ 1858 struct strmap *failed_refs = cb_data; 1859 1860 strmap_put(failed_refs, refname, (char *)ref_transaction_error_msg(err)); 1861} 1862 1863static void execute_commands_non_atomic(struct command *commands, 1864 struct shallow_info *si) 1865{ 1866 struct command *cmd; 1867 struct strbuf err = STRBUF_INIT; 1868 const char *reported_error = NULL; 1869 struct strmap failed_refs = STRMAP_INIT; 1870 1871 /* 1872 * Reference updates, where D/F conflicts shouldn't arise due to 1873 * one reference being deleted, while the other being created 1874 * are treated as conflicts in batched updates. This is because 1875 * we don't do conflict resolution inside a transaction. To 1876 * mitigate this, delete references in a separate batch. 1877 * 1878 * NEEDSWORK: Add conflict resolution between deletion and creation 1879 * of reference updates within a transaction. With that, we can 1880 * combine the two phases. 1881 */ 1882 enum processing_phase { 1883 PHASE_DELETIONS, 1884 PHASE_OTHERS 1885 }; 1886 1887 for (enum processing_phase phase = PHASE_DELETIONS; phase <= PHASE_OTHERS; phase++) { 1888 for (cmd = commands; cmd; cmd = cmd->next) { 1889 if (!should_process_cmd(cmd) || cmd->run_proc_receive) 1890 continue; 1891 1892 if (phase == PHASE_DELETIONS && !is_null_oid(&cmd->new_oid)) 1893 continue; 1894 else if (phase == PHASE_OTHERS && is_null_oid(&cmd->new_oid)) 1895 continue; 1896 1897 /* 1898 * Lazily create a transaction only when we know there are 1899 * updates to be added. 1900 */ 1901 if (!transaction) { 1902 transaction = ref_store_transaction_begin(get_main_ref_store(the_repository), 1903 REF_TRANSACTION_ALLOW_FAILURE, &err); 1904 if (!transaction) { 1905 rp_error("%s", err.buf); 1906 strbuf_reset(&err); 1907 reported_error = "transaction failed to start"; 1908 goto failure; 1909 } 1910 } 1911 1912 cmd->error_string = update(cmd, si); 1913 } 1914 1915 /* No transaction, so nothing to commit */ 1916 if (!transaction) 1917 goto cleanup; 1918 1919 if (ref_transaction_commit(transaction, &err)) { 1920 rp_error("%s", err.buf); 1921 reported_error = "failed to update refs"; 1922 goto failure; 1923 } 1924 1925 ref_transaction_for_each_rejected_update(transaction, 1926 ref_transaction_rejection_handler, 1927 &failed_refs); 1928 1929 if (strmap_empty(&failed_refs)) 1930 goto cleanup; 1931 1932 failure: 1933 for (cmd = commands; cmd; cmd = cmd->next) { 1934 if (reported_error) 1935 cmd->error_string = reported_error; 1936 else if (strmap_contains(&failed_refs, cmd->ref_name)) 1937 cmd->error_string = strmap_get(&failed_refs, cmd->ref_name); 1938 } 1939 1940 cleanup: 1941 ref_transaction_free(transaction); 1942 transaction = NULL; 1943 strmap_clear(&failed_refs, 0); 1944 strbuf_release(&err); 1945 } 1946} 1947 1948static void execute_commands_atomic(struct command *commands, 1949 struct shallow_info *si) 1950{ 1951 struct command *cmd; 1952 struct strbuf err = STRBUF_INIT; 1953 const char *reported_error = "atomic push failure"; 1954 1955 transaction = ref_store_transaction_begin(get_main_ref_store(the_repository), 1956 0, &err); 1957 if (!transaction) { 1958 rp_error("%s", err.buf); 1959 strbuf_reset(&err); 1960 reported_error = "transaction failed to start"; 1961 goto failure; 1962 } 1963 1964 for (cmd = commands; cmd; cmd = cmd->next) { 1965 if (!should_process_cmd(cmd) || cmd->run_proc_receive) 1966 continue; 1967 1968 cmd->error_string = update(cmd, si); 1969 1970 if (cmd->error_string) 1971 goto failure; 1972 } 1973 1974 if (ref_transaction_commit(transaction, &err)) { 1975 rp_error("%s", err.buf); 1976 reported_error = "atomic transaction failed"; 1977 goto failure; 1978 } 1979 goto cleanup; 1980 1981failure: 1982 for (cmd = commands; cmd; cmd = cmd->next) 1983 if (!cmd->error_string) 1984 cmd->error_string = reported_error; 1985 1986cleanup: 1987 ref_transaction_free(transaction); 1988 strbuf_release(&err); 1989} 1990 1991static void execute_commands(struct command *commands, 1992 const char *unpacker_error, 1993 struct shallow_info *si, 1994 const struct string_list *push_options) 1995{ 1996 struct check_connected_options opt = CHECK_CONNECTED_INIT; 1997 struct command *cmd; 1998 struct iterate_data data; 1999 struct async muxer; 2000 int err_fd = 0; 2001 int run_proc_receive = 0; 2002 2003 if (unpacker_error) { 2004 for (cmd = commands; cmd; cmd = cmd->next) 2005 cmd->error_string = "unpacker error"; 2006 return; 2007 } 2008 2009 if (!skip_connectivity_check) { 2010 if (use_sideband) { 2011 memset(&muxer, 0, sizeof(muxer)); 2012 muxer.proc = copy_to_sideband; 2013 muxer.in = -1; 2014 if (!start_async(&muxer)) 2015 err_fd = muxer.in; 2016 /* ...else, continue without relaying sideband */ 2017 } 2018 2019 data.cmds = commands; 2020 data.si = si; 2021 opt.err_fd = err_fd; 2022 opt.progress = err_fd && !quiet; 2023 opt.env = tmp_objdir_env(tmp_objdir); 2024 opt.exclude_hidden_refs_section = "receive"; 2025 2026 if (check_connected(iterate_receive_command_list, &data, &opt)) 2027 set_connectivity_errors(commands, si); 2028 2029 if (use_sideband) 2030 finish_async(&muxer); 2031 } 2032 2033 reject_updates_to_hidden(commands); 2034 2035 /* 2036 * Try to find commands that have special prefix in their reference names, 2037 * and mark them to run an external "proc-receive" hook later. 2038 */ 2039 if (proc_receive_ref) { 2040 for (cmd = commands; cmd; cmd = cmd->next) { 2041 if (!should_process_cmd(cmd)) 2042 continue; 2043 2044 if (proc_receive_ref_matches(cmd)) { 2045 cmd->run_proc_receive = RUN_PROC_RECEIVE_SCHEDULED; 2046 run_proc_receive = 1; 2047 } 2048 } 2049 } 2050 2051 if (run_receive_hook(commands, "pre-receive", 0, push_options)) { 2052 for (cmd = commands; cmd; cmd = cmd->next) { 2053 if (!cmd->error_string) 2054 cmd->error_string = "pre-receive hook declined"; 2055 } 2056 return; 2057 } 2058 2059 /* 2060 * If there is no command ready to run, should return directly to destroy 2061 * temporary data in the quarantine area. 2062 */ 2063 for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next) 2064 ; /* nothing */ 2065 if (!cmd) 2066 return; 2067 2068 /* 2069 * Now we'll start writing out refs, which means the objects need 2070 * to be in their final positions so that other processes can see them. 2071 */ 2072 if (tmp_objdir_migrate(tmp_objdir) < 0) { 2073 for (cmd = commands; cmd; cmd = cmd->next) { 2074 if (!cmd->error_string) 2075 cmd->error_string = "unable to migrate objects to permanent storage"; 2076 } 2077 return; 2078 } 2079 tmp_objdir = NULL; 2080 2081 check_aliased_updates(commands); 2082 2083 free(head_name_to_free); 2084 head_name = head_name_to_free = refs_resolve_refdup(get_main_ref_store(the_repository), 2085 "HEAD", 0, NULL, 2086 NULL); 2087 2088 if (run_proc_receive && 2089 run_proc_receive_hook(commands, push_options)) 2090 for (cmd = commands; cmd; cmd = cmd->next) 2091 if (!cmd->error_string && 2092 !(cmd->run_proc_receive & RUN_PROC_RECEIVE_RETURNED) && 2093 (cmd->run_proc_receive || use_atomic)) 2094 cmd->error_string = "fail to run proc-receive hook"; 2095 2096 if (use_atomic) 2097 execute_commands_atomic(commands, si); 2098 else 2099 execute_commands_non_atomic(commands, si); 2100 2101 if (shallow_update) 2102 BUG_if_skipped_connectivity_check(commands, si); 2103} 2104 2105static struct command **queue_command(struct command **tail, 2106 const char *line, 2107 int linelen) 2108{ 2109 struct object_id old_oid, new_oid; 2110 struct command *cmd; 2111 const char *refname; 2112 int reflen; 2113 const char *p; 2114 2115 if (parse_oid_hex(line, &old_oid, &p) || 2116 *p++ != ' ' || 2117 parse_oid_hex(p, &new_oid, &p) || 2118 *p++ != ' ') 2119 die("protocol error: expected old/new/ref, got '%s'", line); 2120 2121 refname = p; 2122 reflen = linelen - (p - line); 2123 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen); 2124 oidcpy(&cmd->old_oid, &old_oid); 2125 oidcpy(&cmd->new_oid, &new_oid); 2126 *tail = cmd; 2127 return &cmd->next; 2128} 2129 2130static void free_commands(struct command *commands) 2131{ 2132 while (commands) { 2133 struct command *next = commands->next; 2134 2135 ref_push_report_free(commands->report); 2136 free(commands->error_string_owned); 2137 free(commands); 2138 commands = next; 2139 } 2140} 2141 2142static void queue_commands_from_cert(struct command **tail, 2143 struct strbuf *push_cert) 2144{ 2145 const char *boc, *eoc; 2146 2147 if (*tail) 2148 die("protocol error: got both push certificate and unsigned commands"); 2149 2150 boc = strstr(push_cert->buf, "\n\n"); 2151 if (!boc) 2152 die("malformed push certificate %.*s", 100, push_cert->buf); 2153 else 2154 boc += 2; 2155 eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len); 2156 2157 while (boc < eoc) { 2158 const char *eol = memchr(boc, '\n', eoc - boc); 2159 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc); 2160 boc = eol ? eol + 1 : eoc; 2161 } 2162} 2163 2164static struct command *read_head_info(struct packet_reader *reader, 2165 struct oid_array *shallow) 2166{ 2167 struct command *commands = NULL; 2168 struct command **p = &commands; 2169 for (;;) { 2170 int linelen; 2171 2172 if (packet_reader_read(reader) != PACKET_READ_NORMAL) 2173 break; 2174 2175 if (reader->pktlen > 8 && starts_with(reader->line, "shallow ")) { 2176 struct object_id oid; 2177 if (get_oid_hex(reader->line + 8, &oid)) 2178 die("protocol error: expected shallow sha, got '%s'", 2179 reader->line + 8); 2180 oid_array_append(shallow, &oid); 2181 continue; 2182 } 2183 2184 linelen = strlen(reader->line); 2185 if (linelen < reader->pktlen) { 2186 const char *feature_list = reader->line + linelen + 1; 2187 const char *hash = NULL; 2188 const char *client_sid; 2189 size_t len = 0; 2190 if (parse_feature_request(feature_list, "report-status")) 2191 report_status = 1; 2192 if (parse_feature_request(feature_list, "report-status-v2")) 2193 report_status_v2 = 1; 2194 if (parse_feature_request(feature_list, "side-band-64k")) 2195 use_sideband = LARGE_PACKET_MAX; 2196 if (parse_feature_request(feature_list, "quiet")) 2197 quiet = 1; 2198 if (advertise_atomic_push 2199 && parse_feature_request(feature_list, "atomic")) 2200 use_atomic = 1; 2201 if (advertise_push_options 2202 && parse_feature_request(feature_list, "push-options")) 2203 use_push_options = 1; 2204 hash = parse_feature_value(feature_list, "object-format", &len, NULL); 2205 if (!hash) { 2206 hash = hash_algos[GIT_HASH_SHA1_LEGACY].name; 2207 len = strlen(hash); 2208 } 2209 if (xstrncmpz(the_hash_algo->name, hash, len)) 2210 die("error: unsupported object format '%s'", hash); 2211 client_sid = parse_feature_value(feature_list, "session-id", &len, NULL); 2212 if (client_sid) { 2213 char *sid = xstrndup(client_sid, len); 2214 trace2_data_string("transfer", NULL, "client-sid", client_sid); 2215 free(sid); 2216 } 2217 } 2218 2219 if (!strcmp(reader->line, "push-cert")) { 2220 int true_flush = 0; 2221 int saved_options = reader->options; 2222 reader->options &= ~PACKET_READ_CHOMP_NEWLINE; 2223 2224 for (;;) { 2225 packet_reader_read(reader); 2226 if (reader->status == PACKET_READ_FLUSH) { 2227 true_flush = 1; 2228 break; 2229 } 2230 if (reader->status != PACKET_READ_NORMAL) { 2231 die("protocol error: got an unexpected packet"); 2232 } 2233 if (!strcmp(reader->line, "push-cert-end\n")) 2234 break; /* end of cert */ 2235 strbuf_addstr(&push_cert, reader->line); 2236 } 2237 reader->options = saved_options; 2238 2239 if (true_flush) 2240 break; 2241 continue; 2242 } 2243 2244 p = queue_command(p, reader->line, linelen); 2245 } 2246 2247 if (push_cert.len) 2248 queue_commands_from_cert(p, &push_cert); 2249 2250 return commands; 2251} 2252 2253static void read_push_options(struct packet_reader *reader, 2254 struct string_list *options) 2255{ 2256 while (1) { 2257 if (packet_reader_read(reader) != PACKET_READ_NORMAL) 2258 break; 2259 2260 string_list_append(options, reader->line); 2261 } 2262} 2263 2264static const char *parse_pack_header(struct pack_header *hdr) 2265{ 2266 switch (read_pack_header(0, hdr)) { 2267 case PH_ERROR_EOF: 2268 return "eof before pack header was fully read"; 2269 2270 case PH_ERROR_PACK_SIGNATURE: 2271 return "protocol error (pack signature mismatch detected)"; 2272 2273 case PH_ERROR_PROTOCOL: 2274 return "protocol error (pack version unsupported)"; 2275 2276 default: 2277 return "unknown error in parse_pack_header"; 2278 2279 case 0: 2280 return NULL; 2281 } 2282} 2283 2284static struct tempfile *pack_lockfile; 2285 2286static void push_header_arg(struct strvec *args, struct pack_header *hdr) 2287{ 2288 strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32, 2289 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries)); 2290} 2291 2292static const char *unpack(int err_fd, struct shallow_info *si) 2293{ 2294 struct pack_header hdr; 2295 const char *hdr_err; 2296 int status; 2297 struct child_process child = CHILD_PROCESS_INIT; 2298 int fsck_objects = (receive_fsck_objects >= 0 2299 ? receive_fsck_objects 2300 : transfer_fsck_objects >= 0 2301 ? transfer_fsck_objects 2302 : 0); 2303 2304 hdr_err = parse_pack_header(&hdr); 2305 if (hdr_err) { 2306 if (err_fd > 0) 2307 close(err_fd); 2308 return hdr_err; 2309 } 2310 2311 if (si->nr_ours || si->nr_theirs) { 2312 alt_shallow_file = setup_temporary_shallow(si->shallow); 2313 strvec_push(&child.args, "--shallow-file"); 2314 strvec_push(&child.args, alt_shallow_file); 2315 } 2316 2317 tmp_objdir = tmp_objdir_create(the_repository, "incoming"); 2318 if (!tmp_objdir) { 2319 if (err_fd > 0) 2320 close(err_fd); 2321 return "unable to create temporary object directory"; 2322 } 2323 strvec_pushv(&child.env, tmp_objdir_env(tmp_objdir)); 2324 2325 /* 2326 * Normally we just pass the tmp_objdir environment to the child 2327 * processes that do the heavy lifting, but we may need to see these 2328 * objects ourselves to set up shallow information. 2329 */ 2330 tmp_objdir_add_as_alternate(tmp_objdir); 2331 2332 if (ntohl(hdr.hdr_entries) < unpack_limit) { 2333 strvec_push(&child.args, "unpack-objects"); 2334 push_header_arg(&child.args, &hdr); 2335 if (quiet) 2336 strvec_push(&child.args, "-q"); 2337 if (fsck_objects) 2338 strvec_pushf(&child.args, "--strict%s", 2339 fsck_msg_types.buf); 2340 if (max_input_size) 2341 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX, 2342 (uintmax_t)max_input_size); 2343 child.no_stdout = 1; 2344 child.err = err_fd; 2345 child.git_cmd = 1; 2346 status = run_command(&child); 2347 if (status) 2348 return "unpack-objects abnormal exit"; 2349 } else { 2350 char hostname[HOST_NAME_MAX + 1]; 2351 char *lockfile; 2352 2353 strvec_pushl(&child.args, "index-pack", "--stdin", NULL); 2354 push_header_arg(&child.args, &hdr); 2355 2356 if (xgethostname(hostname, sizeof(hostname))) 2357 xsnprintf(hostname, sizeof(hostname), "localhost"); 2358 strvec_pushf(&child.args, 2359 "--keep=receive-pack %"PRIuMAX" on %s", 2360 (uintmax_t)getpid(), 2361 hostname); 2362 2363 if (!quiet && err_fd) 2364 strvec_push(&child.args, "--show-resolving-progress"); 2365 if (use_sideband) 2366 strvec_push(&child.args, "--report-end-of-input"); 2367 if (fsck_objects) 2368 strvec_pushf(&child.args, "--strict%s", 2369 fsck_msg_types.buf); 2370 if (!reject_thin) 2371 strvec_push(&child.args, "--fix-thin"); 2372 if (max_input_size) 2373 strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX, 2374 (uintmax_t)max_input_size); 2375 child.out = -1; 2376 child.err = err_fd; 2377 child.git_cmd = 1; 2378 status = start_command(&child); 2379 if (status) 2380 return "index-pack fork failed"; 2381 2382 lockfile = index_pack_lockfile(the_repository, child.out, NULL); 2383 if (lockfile) { 2384 pack_lockfile = register_tempfile(lockfile); 2385 free(lockfile); 2386 } 2387 close(child.out); 2388 2389 status = finish_command(&child); 2390 if (status) 2391 return "index-pack abnormal exit"; 2392 odb_reprepare(the_repository->objects); 2393 } 2394 return NULL; 2395} 2396 2397static const char *unpack_with_sideband(struct shallow_info *si) 2398{ 2399 struct async muxer; 2400 const char *ret; 2401 2402 if (!use_sideband) 2403 return unpack(0, si); 2404 2405 use_keepalive = KEEPALIVE_AFTER_NUL; 2406 memset(&muxer, 0, sizeof(muxer)); 2407 muxer.proc = copy_to_sideband; 2408 muxer.in = -1; 2409 if (start_async(&muxer)) 2410 return NULL; 2411 2412 ret = unpack(muxer.in, si); 2413 2414 finish_async(&muxer); 2415 return ret; 2416} 2417 2418static void prepare_shallow_update(struct shallow_info *si) 2419{ 2420 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32); 2421 2422 ALLOC_ARRAY(si->used_shallow, si->shallow->nr); 2423 assign_shallow_commits_to_refs(si, si->used_shallow, NULL); 2424 2425 CALLOC_ARRAY(si->need_reachability_test, si->shallow->nr); 2426 CALLOC_ARRAY(si->reachable, si->shallow->nr); 2427 CALLOC_ARRAY(si->shallow_ref, si->ref->nr); 2428 2429 for (i = 0; i < si->nr_ours; i++) 2430 si->need_reachability_test[si->ours[i]] = 1; 2431 2432 for (i = 0; i < si->shallow->nr; i++) { 2433 if (!si->used_shallow[i]) 2434 continue; 2435 for (j = 0; j < bitmap_size; j++) { 2436 if (!si->used_shallow[i][j]) 2437 continue; 2438 si->need_reachability_test[i]++; 2439 for (k = 0; k < 32; k++) 2440 if (si->used_shallow[i][j] & (1U << k)) 2441 si->shallow_ref[j * 32 + k]++; 2442 } 2443 2444 /* 2445 * true for those associated with some refs and belong 2446 * in "ours" list aka "step 7 not done yet" 2447 */ 2448 si->need_reachability_test[i] = 2449 si->need_reachability_test[i] > 1; 2450 } 2451 2452 /* 2453 * keep hooks happy by forcing a temporary shallow file via 2454 * env variable because we can't add --shallow-file to every 2455 * command. check_connected() will be done with 2456 * true .git/shallow though. 2457 */ 2458 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1); 2459} 2460 2461static void update_shallow_info(struct command *commands, 2462 struct shallow_info *si, 2463 struct oid_array *ref) 2464{ 2465 struct command *cmd; 2466 int *ref_status; 2467 remove_nonexistent_theirs_shallow(si); 2468 if (!si->nr_ours && !si->nr_theirs) { 2469 shallow_update = 0; 2470 return; 2471 } 2472 2473 for (cmd = commands; cmd; cmd = cmd->next) { 2474 if (is_null_oid(&cmd->new_oid)) 2475 continue; 2476 oid_array_append(ref, &cmd->new_oid); 2477 cmd->index = ref->nr - 1; 2478 } 2479 si->ref = ref; 2480 2481 if (shallow_update) { 2482 prepare_shallow_update(si); 2483 return; 2484 } 2485 2486 ALLOC_ARRAY(ref_status, ref->nr); 2487 assign_shallow_commits_to_refs(si, NULL, ref_status); 2488 for (cmd = commands; cmd; cmd = cmd->next) { 2489 if (is_null_oid(&cmd->new_oid)) 2490 continue; 2491 if (ref_status[cmd->index]) { 2492 cmd->error_string = "shallow update not allowed"; 2493 cmd->skip_update = 1; 2494 } 2495 } 2496 free(ref_status); 2497} 2498 2499static void report(struct command *commands, const char *unpack_status) 2500{ 2501 struct command *cmd; 2502 struct strbuf buf = STRBUF_INIT; 2503 2504 packet_buf_write(&buf, "unpack %s\n", 2505 unpack_status ? unpack_status : "ok"); 2506 for (cmd = commands; cmd; cmd = cmd->next) { 2507 if (!cmd->error_string) 2508 packet_buf_write(&buf, "ok %s\n", 2509 cmd->ref_name); 2510 else 2511 packet_buf_write(&buf, "ng %s %s\n", 2512 cmd->ref_name, cmd->error_string); 2513 } 2514 packet_buf_flush(&buf); 2515 2516 if (use_sideband) 2517 send_sideband(1, 1, buf.buf, buf.len, use_sideband); 2518 else 2519 write_or_die(1, buf.buf, buf.len); 2520 strbuf_release(&buf); 2521} 2522 2523static void report_v2(struct command *commands, const char *unpack_status) 2524{ 2525 struct command *cmd; 2526 struct strbuf buf = STRBUF_INIT; 2527 struct ref_push_report *report; 2528 2529 packet_buf_write(&buf, "unpack %s\n", 2530 unpack_status ? unpack_status : "ok"); 2531 for (cmd = commands; cmd; cmd = cmd->next) { 2532 int count = 0; 2533 2534 if (cmd->error_string) { 2535 packet_buf_write(&buf, "ng %s %s\n", 2536 cmd->ref_name, 2537 cmd->error_string); 2538 continue; 2539 } 2540 packet_buf_write(&buf, "ok %s\n", 2541 cmd->ref_name); 2542 for (report = cmd->report; report; report = report->next) { 2543 if (count++ > 0) 2544 packet_buf_write(&buf, "ok %s\n", 2545 cmd->ref_name); 2546 if (report->ref_name) 2547 packet_buf_write(&buf, "option refname %s\n", 2548 report->ref_name); 2549 if (report->old_oid) 2550 packet_buf_write(&buf, "option old-oid %s\n", 2551 oid_to_hex(report->old_oid)); 2552 if (report->new_oid) 2553 packet_buf_write(&buf, "option new-oid %s\n", 2554 oid_to_hex(report->new_oid)); 2555 if (report->forced_update) 2556 packet_buf_write(&buf, "option forced-update\n"); 2557 } 2558 } 2559 packet_buf_flush(&buf); 2560 2561 if (use_sideband) 2562 send_sideband(1, 1, buf.buf, buf.len, use_sideband); 2563 else 2564 write_or_die(1, buf.buf, buf.len); 2565 strbuf_release(&buf); 2566} 2567 2568static int delete_only(struct command *commands) 2569{ 2570 struct command *cmd; 2571 for (cmd = commands; cmd; cmd = cmd->next) { 2572 if (!is_null_oid(&cmd->new_oid)) 2573 return 0; 2574 } 2575 return 1; 2576} 2577 2578int cmd_receive_pack(int argc, 2579 const char **argv, 2580 const char *prefix, 2581 struct repository *repo UNUSED) 2582{ 2583 int advertise_refs = 0; 2584 struct command *commands; 2585 struct oid_array shallow = OID_ARRAY_INIT; 2586 struct oid_array ref = OID_ARRAY_INIT; 2587 struct shallow_info si; 2588 struct packet_reader reader; 2589 2590 struct option options[] = { 2591 OPT__QUIET(&quiet, N_("quiet")), 2592 OPT_HIDDEN_BOOL(0, "skip-connectivity-check", &skip_connectivity_check, NULL), 2593 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL), 2594 OPT_HIDDEN_BOOL(0, "http-backend-info-refs", &advertise_refs, NULL), 2595 OPT_ALIAS(0, "advertise-refs", "http-backend-info-refs"), 2596 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL), 2597 OPT_END() 2598 }; 2599 2600 packet_trace_identity("receive-pack"); 2601 2602 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0); 2603 2604 if (argc > 1) 2605 usage_msg_opt(_("too many arguments"), receive_pack_usage, options); 2606 if (argc == 0) 2607 usage_msg_opt(_("you must specify a directory"), receive_pack_usage, options); 2608 2609 service_dir = argv[0]; 2610 2611 setup_path(); 2612 2613 if (!enter_repo(service_dir, 0)) 2614 die("'%s' does not appear to be a git repository", service_dir); 2615 2616 repo_config(the_repository, receive_pack_config, NULL); 2617 if (cert_nonce_seed) 2618 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL)); 2619 2620 if (0 <= receive_unpack_limit) 2621 unpack_limit = receive_unpack_limit; 2622 else if (0 <= transfer_unpack_limit) 2623 unpack_limit = transfer_unpack_limit; 2624 2625 switch (determine_protocol_version_server()) { 2626 case protocol_v2: 2627 /* 2628 * push support for protocol v2 has not been implemented yet, 2629 * so ignore the request to use v2 and fallback to using v0. 2630 */ 2631 break; 2632 case protocol_v1: 2633 /* 2634 * v1 is just the original protocol with a version string, 2635 * so just fall through after writing the version string. 2636 */ 2637 if (advertise_refs || !stateless_rpc) 2638 packet_write_fmt(1, "version 1\n"); 2639 2640 /* fallthrough */ 2641 case protocol_v0: 2642 break; 2643 case protocol_unknown_version: 2644 BUG("unknown protocol version"); 2645 } 2646 2647 if (advertise_refs || !stateless_rpc) { 2648 write_head_info(); 2649 } 2650 if (advertise_refs) 2651 return 0; 2652 2653 packet_reader_init(&reader, 0, NULL, 0, 2654 PACKET_READ_CHOMP_NEWLINE | 2655 PACKET_READ_DIE_ON_ERR_PACKET); 2656 2657 if ((commands = read_head_info(&reader, &shallow))) { 2658 const char *unpack_status = NULL; 2659 struct string_list push_options = STRING_LIST_INIT_DUP; 2660 2661 if (use_push_options) 2662 read_push_options(&reader, &push_options); 2663 if (!check_cert_push_options(&push_options)) { 2664 struct command *cmd; 2665 for (cmd = commands; cmd; cmd = cmd->next) 2666 cmd->error_string = "inconsistent push options"; 2667 } 2668 2669 prepare_shallow_info(&si, &shallow); 2670 if (!si.nr_ours && !si.nr_theirs) 2671 shallow_update = 0; 2672 if (!delete_only(commands)) { 2673 unpack_status = unpack_with_sideband(&si); 2674 update_shallow_info(commands, &si, &ref); 2675 } 2676 use_keepalive = KEEPALIVE_ALWAYS; 2677 execute_commands(commands, unpack_status, &si, 2678 &push_options); 2679 delete_tempfile(&pack_lockfile); 2680 sigchain_push(SIGPIPE, SIG_IGN); 2681 if (report_status_v2) 2682 report_v2(commands, unpack_status); 2683 else if (report_status) 2684 report(commands, unpack_status); 2685 sigchain_pop(SIGPIPE); 2686 run_receive_hook(commands, "post-receive", 1, 2687 &push_options); 2688 run_update_post_hook(commands); 2689 free_commands(commands); 2690 string_list_clear(&push_options, 0); 2691 if (auto_gc) { 2692 struct child_process proc = CHILD_PROCESS_INIT; 2693 2694 if (prepare_auto_maintenance(1, &proc)) { 2695 proc.no_stdin = 1; 2696 proc.stdout_to_stderr = 1; 2697 proc.err = use_sideband ? -1 : 0; 2698 2699 if (!start_command(&proc)) { 2700 if (use_sideband) 2701 copy_to_sideband(proc.err, -1, NULL); 2702 finish_command(&proc); 2703 } 2704 } 2705 } 2706 if (auto_update_server_info) 2707 update_server_info(the_repository, 0); 2708 clear_shallow_info(&si); 2709 } 2710 if (use_sideband) 2711 packet_flush(1); 2712 oid_array_clear(&shallow); 2713 oid_array_clear(&ref); 2714 strvec_clear(&hidden_refs); 2715 free((void *)push_cert_nonce); 2716 return 0; 2717}