use sha1_to_hex_r() instead of strcpy
[git/git.git] / builtin / receive-pack.c
CommitLineData
1e4cd68c 1#include "builtin.h"
697cc8ef 2#include "lockfile.h"
fc04c412 3#include "pack.h"
8a65ff76 4#include "refs.h"
f3a3214e 5#include "pkt-line.h"
38a81b4e 6#include "sideband.h"
b1bf95bb 7#include "run-command.h"
576162a4 8#include "exec_cmd.h"
11031d7e
JS
9#include "commit.h"
10#include "object.h"
d79796bc 11#include "remote.h"
47a59185 12#include "connect.h"
d79796bc 13#include "transport.h"
da3efdb1 14#include "string-list.h"
cff38a5e 15#include "sha1-array.h"
52fed6e1 16#include "connected.h"
31c42bff 17#include "argv-array.h"
ff5effdf 18#include "version.h"
d05b9618
JH
19#include "tag.h"
20#include "gpg-interface.h"
ec7dbd14 21#include "sigchain.h"
5d477a33 22#include "fsck.h"
575f4974 23
34263de0 24static const char receive_pack_usage[] = "git receive-pack <git-dir>";
575f4974 25
986e8239 26enum deny_action {
3d95d92b 27 DENY_UNCONFIGURED,
986e8239
JK
28 DENY_IGNORE,
29 DENY_WARN,
1404bcbb
JS
30 DENY_REFUSE,
31 DENY_UPDATE_INSTEAD
986e8239
JK
32};
33
1b53a076
JH
34static int deny_deletes;
35static int deny_non_fast_forwards;
3d95d92b 36static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
747ca245 37static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
dab76d3a
JH
38static int receive_fsck_objects = -1;
39static int transfer_fsck_objects = -1;
5d477a33 40static struct strbuf fsck_msg_types = STRBUF_INIT;
e28714c5
JH
41static int receive_unpack_limit = -1;
42static int transfer_unpack_limit = -1;
1b70fe5d 43static int advertise_atomic_push = 1;
46732fae 44static int unpack_limit = 100;
96f1e58f 45static int report_status;
38a81b4e 46static int use_sideband;
68deed29 47static int use_atomic;
c207e34f 48static int quiet;
b74fce16 49static int prefer_ofs_delta = 1;
77e3efbf
JH
50static int auto_update_server_info;
51static int auto_gc = 1;
f7c815c3 52static int fix_thin = 1;
5732373d
JH
53static int stateless_rpc;
54static const char *service_dir;
747ca245 55static const char *head_name;
96ec7b1e 56static void *head_name_to_free;
185c04e0 57static int sent_capabilities;
0a1bc12b 58static int shallow_update;
5dbd7676 59static const char *alt_shallow_file;
a85b377d
JH
60static struct strbuf push_cert = STRBUF_INIT;
61static unsigned char push_cert_sha1[20];
d05b9618 62static struct signature_check sigcheck;
b89363e4
JH
63static const char *push_cert_nonce;
64static const char *cert_nonce_seed;
65
66static const char *NONCE_UNSOLICITED = "UNSOLICITED";
67static const char *NONCE_BAD = "BAD";
68static const char *NONCE_MISSING = "MISSING";
69static const char *NONCE_OK = "OK";
5732373d 70static const char *NONCE_SLOP = "SLOP";
b89363e4 71static const char *nonce_status;
5732373d
JH
72static long nonce_stamp_slop;
73static unsigned long nonce_stamp_slop_limit;
222368c6 74static struct ref_transaction *transaction;
cfee10a7 75
986e8239
JK
76static enum deny_action parse_deny_action(const char *var, const char *value)
77{
78 if (value) {
79 if (!strcasecmp(value, "ignore"))
80 return DENY_IGNORE;
81 if (!strcasecmp(value, "warn"))
82 return DENY_WARN;
83 if (!strcasecmp(value, "refuse"))
84 return DENY_REFUSE;
1404bcbb
JS
85 if (!strcasecmp(value, "updateinstead"))
86 return DENY_UPDATE_INSTEAD;
986e8239
JK
87 }
88 if (git_config_bool(var, value))
89 return DENY_REFUSE;
90 return DENY_IGNORE;
91}
92
ef90d6d4 93static int receive_pack_config(const char *var, const char *value, void *cb)
6fb75bed 94{
daebaa78
JH
95 int status = parse_hide_refs_config(var, value, "receive");
96
97 if (status)
98 return status;
99
a240de11
JK
100 if (strcmp(var, "receive.denydeletes") == 0) {
101 deny_deletes = git_config_bool(var, value);
102 return 0;
103 }
104
e28714c5 105 if (strcmp(var, "receive.denynonfastforwards") == 0) {
6fb75bed
SP
106 deny_non_fast_forwards = git_config_bool(var, value);
107 return 0;
108 }
109
e28714c5
JH
110 if (strcmp(var, "receive.unpacklimit") == 0) {
111 receive_unpack_limit = git_config_int(var, value);
fc04c412
SP
112 return 0;
113 }
114
e28714c5
JH
115 if (strcmp(var, "transfer.unpacklimit") == 0) {
116 transfer_unpack_limit = git_config_int(var, value);
117 return 0;
118 }
119
cd94c6f9
JS
120 if (strcmp(var, "receive.fsck.skiplist") == 0) {
121 const char *path;
122
123 if (git_config_pathname(&path, var, value))
124 return 1;
125 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
126 fsck_msg_types.len ? ',' : '=', path);
127 free((char *)path);
128 return 0;
129 }
130
5d477a33
JS
131 if (skip_prefix(var, "receive.fsck.", &var)) {
132 if (is_valid_msg_type(var, value))
133 strbuf_addf(&fsck_msg_types, "%c%s=%s",
134 fsck_msg_types.len ? ',' : '=', var, value);
135 else
136 warning("Skipping unknown msg id '%s'", var);
137 return 0;
138 }
139
20dc0016
MK
140 if (strcmp(var, "receive.fsckobjects") == 0) {
141 receive_fsck_objects = git_config_bool(var, value);
142 return 0;
143 }
144
dab76d3a
JH
145 if (strcmp(var, "transfer.fsckobjects") == 0) {
146 transfer_fsck_objects = git_config_bool(var, value);
147 return 0;
148 }
149
986e8239
JK
150 if (!strcmp(var, "receive.denycurrentbranch")) {
151 deny_current_branch = parse_deny_action(var, value);
152 return 0;
153 }
154
747ca245
JH
155 if (strcmp(var, "receive.denydeletecurrent") == 0) {
156 deny_delete_current = parse_deny_action(var, value);
157 return 0;
158 }
159
b74fce16
NP
160 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
161 prefer_ofs_delta = git_config_bool(var, value);
162 return 0;
163 }
164
77e3efbf
JH
165 if (strcmp(var, "receive.updateserverinfo") == 0) {
166 auto_update_server_info = git_config_bool(var, value);
167 return 0;
168 }
169
170 if (strcmp(var, "receive.autogc") == 0) {
171 auto_gc = git_config_bool(var, value);
172 return 0;
173 }
174
0a1bc12b
NTND
175 if (strcmp(var, "receive.shallowupdate") == 0) {
176 shallow_update = git_config_bool(var, value);
177 return 0;
178 }
179
b89363e4
JH
180 if (strcmp(var, "receive.certnonceseed") == 0)
181 return git_config_string(&cert_nonce_seed, var, value);
a85b377d 182
5732373d
JH
183 if (strcmp(var, "receive.certnonceslop") == 0) {
184 nonce_stamp_slop_limit = git_config_ulong(var, value);
185 return 0;
186 }
187
1b70fe5d
RS
188 if (strcmp(var, "receive.advertiseatomic") == 0) {
189 advertise_atomic_push = git_config_bool(var, value);
190 return 0;
191 }
192
ef90d6d4 193 return git_default_config(var, value, cb);
6fb75bed
SP
194}
195
bc98201d 196static void show_ref(const char *path, const unsigned char *sha1)
575f4974 197{
daebaa78
JH
198 if (ref_is_hidden(path))
199 return;
200
52d2ae58 201 if (sent_capabilities) {
cfee10a7 202 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
52d2ae58
JH
203 } else {
204 struct strbuf cap = STRBUF_INIT;
205
206 strbuf_addstr(&cap,
207 "report-status delete-refs side-band-64k quiet");
1b70fe5d
RS
208 if (advertise_atomic_push)
209 strbuf_addstr(&cap, " atomic");
52d2ae58
JH
210 if (prefer_ofs_delta)
211 strbuf_addstr(&cap, " ofs-delta");
b89363e4
JH
212 if (push_cert_nonce)
213 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
52d2ae58
JH
214 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
215 packet_write(1, "%s %s%c%s\n",
216 sha1_to_hex(sha1), path, 0, cap.buf);
217 strbuf_release(&cap);
218 sent_capabilities = 1;
219 }
575f4974
LT
220}
221
ce2a9873 222static int show_ref_cb(const char *path, const struct object_id *oid, int flag, void *unused)
6b01ecfe
JT
223{
224 path = strip_namespace(path);
225 /*
226 * Advertise refs outside our current namespace as ".have"
227 * refs, so that the client can use them to minimize data
228 * transfer but will otherwise ignore them. This happens to
229 * cover ".have" that are thrown in by add_one_alternate_ref()
230 * to mark histories that are complete in our alternates as
231 * well.
232 */
233 if (!path)
234 path = ".have";
ce2a9873 235 show_ref(path, oid->hash);
bc98201d 236 return 0;
6b01ecfe
JT
237}
238
85f25104 239static void show_one_alternate_sha1(const unsigned char sha1[20], void *unused)
b7a025d9 240{
85f25104 241 show_ref(".have", sha1);
b7a025d9
MH
242}
243
244static void collect_one_alternate_ref(const struct ref *ref, void *data)
245{
246 struct sha1_array *sa = data;
247 sha1_array_append(sa, ref->old_sha1);
6b01ecfe
JT
248}
249
8a65ff76 250static void write_head_info(void)
575f4974 251{
b7a025d9 252 struct sha1_array sa = SHA1_ARRAY_INIT;
2b2a5be3 253
b7a025d9 254 for_each_alternate_ref(collect_one_alternate_ref, &sa);
85f25104 255 sha1_array_for_each_unique(&sa, show_one_alternate_sha1, NULL);
b7a025d9 256 sha1_array_clear(&sa);
ce2a9873 257 for_each_ref(show_ref_cb, NULL);
185c04e0 258 if (!sent_capabilities)
bc98201d 259 show_ref("capabilities^{}", null_sha1);
cfee10a7 260
ad491366
NTND
261 advertise_shallow_grafts(1);
262
b7a025d9
MH
263 /* EOF */
264 packet_flush(1);
575f4974
LT
265}
266
eb1af2df
LT
267struct command {
268 struct command *next;
cfee10a7 269 const char *error_string;
160b81ed
PYH
270 unsigned int skip_update:1,
271 did_not_exist:1;
5dbd7676 272 int index;
eb1af2df
LT
273 unsigned char old_sha1[20];
274 unsigned char new_sha1[20];
8f1d2e6f 275 char ref_name[FLEX_ARRAY]; /* more */
575f4974
LT
276};
277
466dbc42
SP
278static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
279static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
280
281static void report_message(const char *prefix, const char *err, va_list params)
282{
b7115a35 283 int sz;
466dbc42
SP
284 char msg[4096];
285
b7115a35 286 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
466dbc42
SP
287 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
288 if (sz > (sizeof(msg) - 1))
289 sz = sizeof(msg) - 1;
290 msg[sz++] = '\n';
291
292 if (use_sideband)
293 send_sideband(1, 2, msg, sz, use_sideband);
294 else
295 xwrite(2, msg, sz);
296}
297
298static void rp_warning(const char *err, ...)
299{
300 va_list params;
301 va_start(params, err);
302 report_message("warning: ", err, params);
303 va_end(params);
304}
305
306static void rp_error(const char *err, ...)
307{
308 va_list params;
309 va_start(params, err);
310 report_message("error: ", err, params);
311 va_end(params);
312}
313
6d525d38
SP
314static int copy_to_sideband(int in, int out, void *arg)
315{
316 char data[128];
317 while (1) {
318 ssize_t sz = xread(in, data, sizeof(data));
319 if (sz <= 0)
320 break;
321 send_sideband(1, 2, data, sz, use_sideband);
322 }
323 close(in);
324 return 0;
325}
326
b89363e4
JH
327#define HMAC_BLOCK_SIZE 64
328
6f5ef44e 329static void hmac_sha1(unsigned char *out,
b89363e4
JH
330 const char *key_in, size_t key_len,
331 const char *text, size_t text_len)
332{
333 unsigned char key[HMAC_BLOCK_SIZE];
334 unsigned char k_ipad[HMAC_BLOCK_SIZE];
335 unsigned char k_opad[HMAC_BLOCK_SIZE];
336 int i;
337 git_SHA_CTX ctx;
338
339 /* RFC 2104 2. (1) */
340 memset(key, '\0', HMAC_BLOCK_SIZE);
341 if (HMAC_BLOCK_SIZE < key_len) {
342 git_SHA1_Init(&ctx);
343 git_SHA1_Update(&ctx, key_in, key_len);
344 git_SHA1_Final(key, &ctx);
345 } else {
346 memcpy(key, key_in, key_len);
347 }
348
349 /* RFC 2104 2. (2) & (5) */
350 for (i = 0; i < sizeof(key); i++) {
351 k_ipad[i] = key[i] ^ 0x36;
352 k_opad[i] = key[i] ^ 0x5c;
353 }
354
355 /* RFC 2104 2. (3) & (4) */
356 git_SHA1_Init(&ctx);
357 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
358 git_SHA1_Update(&ctx, text, text_len);
359 git_SHA1_Final(out, &ctx);
360
361 /* RFC 2104 2. (6) & (7) */
362 git_SHA1_Init(&ctx);
363 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
6f5ef44e 364 git_SHA1_Update(&ctx, out, 20);
b89363e4
JH
365 git_SHA1_Final(out, &ctx);
366}
367
368static char *prepare_push_cert_nonce(const char *path, unsigned long stamp)
369{
370 struct strbuf buf = STRBUF_INIT;
371 unsigned char sha1[20];
372
373 strbuf_addf(&buf, "%s:%lu", path, stamp);
374 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
375 strbuf_release(&buf);
376
377 /* RFC 2104 5. HMAC-SHA1-80 */
378 strbuf_addf(&buf, "%lu-%.*s", stamp, 20, sha1_to_hex(sha1));
379 return strbuf_detach(&buf, NULL);
380}
381
382/*
383 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
384 * after dropping "_commit" from its name and possibly moving it out
385 * of commit.c
386 */
387static char *find_header(const char *msg, size_t len, const char *key)
388{
389 int key_len = strlen(key);
390 const char *line = msg;
391
392 while (line && line < msg + len) {
393 const char *eol = strchrnul(line, '\n');
394
395 if ((msg + len <= eol) || line == eol)
396 return NULL;
397 if (line + key_len < eol &&
398 !memcmp(line, key, key_len) && line[key_len] == ' ') {
399 int offset = key_len + 1;
400 return xmemdupz(line + offset, (eol - line) - offset);
401 }
402 line = *eol ? eol + 1 : NULL;
403 }
404 return NULL;
405}
406
407static const char *check_nonce(const char *buf, size_t len)
408{
409 char *nonce = find_header(buf, len, "nonce");
5732373d
JH
410 unsigned long stamp, ostamp;
411 char *bohmac, *expect = NULL;
b89363e4
JH
412 const char *retval = NONCE_BAD;
413
414 if (!nonce) {
415 retval = NONCE_MISSING;
416 goto leave;
417 } else if (!push_cert_nonce) {
418 retval = NONCE_UNSOLICITED;
419 goto leave;
420 } else if (!strcmp(push_cert_nonce, nonce)) {
421 retval = NONCE_OK;
422 goto leave;
423 }
424
5732373d
JH
425 if (!stateless_rpc) {
426 /* returned nonce MUST match what we gave out earlier */
427 retval = NONCE_BAD;
428 goto leave;
429 }
430
431 /*
432 * In stateless mode, we may be receiving a nonce issued by
433 * another instance of the server that serving the same
434 * repository, and the timestamps may not match, but the
435 * nonce-seed and dir should match, so we can recompute and
436 * report the time slop.
437 *
438 * In addition, when a nonce issued by another instance has
439 * timestamp within receive.certnonceslop seconds, we pretend
440 * as if we issued that nonce when reporting to the hook.
441 */
442
443 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
444 if (*nonce <= '0' || '9' < *nonce) {
445 retval = NONCE_BAD;
446 goto leave;
447 }
448 stamp = strtoul(nonce, &bohmac, 10);
449 if (bohmac == nonce || bohmac[0] != '-') {
450 retval = NONCE_BAD;
451 goto leave;
452 }
453
454 expect = prepare_push_cert_nonce(service_dir, stamp);
455 if (strcmp(expect, nonce)) {
456 /* Not what we would have signed earlier */
457 retval = NONCE_BAD;
458 goto leave;
459 }
460
461 /*
462 * By how many seconds is this nonce stale? Negative value
463 * would mean it was issued by another server with its clock
464 * skewed in the future.
465 */
466 ostamp = strtoul(push_cert_nonce, NULL, 10);
467 nonce_stamp_slop = (long)ostamp - (long)stamp;
468
469 if (nonce_stamp_slop_limit &&
31a8aa1e 470 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
5732373d
JH
471 /*
472 * Pretend as if the received nonce (which passes the
473 * HMAC check, so it is not a forged by third-party)
474 * is what we issued.
475 */
476 free((void *)push_cert_nonce);
477 push_cert_nonce = xstrdup(nonce);
478 retval = NONCE_OK;
479 } else {
480 retval = NONCE_SLOP;
481 }
b89363e4
JH
482
483leave:
484 free(nonce);
5732373d 485 free(expect);
b89363e4
JH
486 return retval;
487}
488
a85b377d
JH
489static void prepare_push_cert_sha1(struct child_process *proc)
490{
491 static int already_done;
a85b377d
JH
492
493 if (!push_cert.len)
494 return;
495
496 if (!already_done) {
d05b9618
JH
497 struct strbuf gpg_output = STRBUF_INIT;
498 struct strbuf gpg_status = STRBUF_INIT;
499 int bogs /* beginning_of_gpg_sig */;
500
a85b377d
JH
501 already_done = 1;
502 if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1))
503 hashclr(push_cert_sha1);
d05b9618
JH
504
505 memset(&sigcheck, '\0', sizeof(sigcheck));
506 sigcheck.result = 'N';
507
508 bogs = parse_signature(push_cert.buf, push_cert.len);
509 if (verify_signed_buffer(push_cert.buf, bogs,
510 push_cert.buf + bogs, push_cert.len - bogs,
511 &gpg_output, &gpg_status) < 0) {
512 ; /* error running gpg */
513 } else {
514 sigcheck.payload = push_cert.buf;
515 sigcheck.gpg_output = gpg_output.buf;
516 sigcheck.gpg_status = gpg_status.buf;
517 parse_gpg_output(&sigcheck);
518 }
519
520 strbuf_release(&gpg_output);
521 strbuf_release(&gpg_status);
b89363e4 522 nonce_status = check_nonce(push_cert.buf, bogs);
a85b377d
JH
523 }
524 if (!is_null_sha1(push_cert_sha1)) {
a9154590
RS
525 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
526 sha1_to_hex(push_cert_sha1));
527 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
d05b9618 528 sigcheck.signer ? sigcheck.signer : "");
a9154590 529 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
d05b9618 530 sigcheck.key ? sigcheck.key : "");
a9154590
RS
531 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
532 sigcheck.result);
b89363e4 533 if (push_cert_nonce) {
a9154590
RS
534 argv_array_pushf(&proc->env_array,
535 "GIT_PUSH_CERT_NONCE=%s",
536 push_cert_nonce);
537 argv_array_pushf(&proc->env_array,
538 "GIT_PUSH_CERT_NONCE_STATUS=%s",
539 nonce_status);
5732373d 540 if (nonce_status == NONCE_SLOP)
a9154590
RS
541 argv_array_pushf(&proc->env_array,
542 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
5732373d 543 nonce_stamp_slop);
b89363e4 544 }
a85b377d
JH
545 }
546}
547
9684e44a
JH
548typedef int (*feed_fn)(void *, const char **, size_t *);
549static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state)
b1bf95bb 550{
d3180279 551 struct child_process proc = CHILD_PROCESS_INIT;
6d525d38 552 struct async muxer;
f43cd49f 553 const char *argv[2];
9684e44a 554 int code;
b1bf95bb 555
5a7da2dc
AS
556 argv[0] = find_hook(hook_name);
557 if (!argv[0])
b1bf95bb 558 return 0;
c8dd2771 559
f43cd49f
SP
560 argv[1] = NULL;
561
f43cd49f
SP
562 proc.argv = argv;
563 proc.in = -1;
564 proc.stdout_to_stderr = 1;
565
6d525d38
SP
566 if (use_sideband) {
567 memset(&muxer, 0, sizeof(muxer));
568 muxer.proc = copy_to_sideband;
569 muxer.in = -1;
570 code = start_async(&muxer);
571 if (code)
572 return code;
573 proc.err = muxer.in;
574 }
575
5d222c09
RS
576 prepare_push_cert_sha1(&proc);
577
f43cd49f 578 code = start_command(&proc);
6d525d38
SP
579 if (code) {
580 if (use_sideband)
581 finish_async(&muxer);
90e41a89 582 return code;
6d525d38
SP
583 }
584
ec7dbd14
JH
585 sigchain_push(SIGPIPE, SIG_IGN);
586
9684e44a
JH
587 while (1) {
588 const char *buf;
589 size_t n;
590 if (feed(feed_state, &buf, &n))
591 break;
592 if (write_in_full(proc.in, buf, n) != n)
593 break;
c8dd2771 594 }
e72ae288 595 close(proc.in);
6d525d38
SP
596 if (use_sideband)
597 finish_async(&muxer);
ec7dbd14
JH
598
599 sigchain_pop(SIGPIPE);
600
90e41a89 601 return finish_command(&proc);
b1bf95bb
JW
602}
603
9684e44a
JH
604struct receive_hook_feed_state {
605 struct command *cmd;
cdc2b2f3 606 int skip_broken;
9684e44a
JH
607 struct strbuf buf;
608};
609
610static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
611{
612 struct receive_hook_feed_state *state = state_;
613 struct command *cmd = state->cmd;
614
cdc2b2f3
JH
615 while (cmd &&
616 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
9684e44a
JH
617 cmd = cmd->next;
618 if (!cmd)
619 return -1; /* EOF */
620 strbuf_reset(&state->buf);
621 strbuf_addf(&state->buf, "%s %s %s\n",
622 sha1_to_hex(cmd->old_sha1), sha1_to_hex(cmd->new_sha1),
623 cmd->ref_name);
624 state->cmd = cmd->next;
625 if (bufp) {
626 *bufp = state->buf.buf;
627 *sizep = state->buf.len;
628 }
629 return 0;
630}
631
cdc2b2f3
JH
632static int run_receive_hook(struct command *commands, const char *hook_name,
633 int skip_broken)
9684e44a
JH
634{
635 struct receive_hook_feed_state state;
636 int status;
637
638 strbuf_init(&state.buf, 0);
639 state.cmd = commands;
cdc2b2f3 640 state.skip_broken = skip_broken;
9684e44a
JH
641 if (feed_receive_hook(&state, NULL, NULL))
642 return 0;
643 state.cmd = commands;
644 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
645 strbuf_release(&state.buf);
646 return status;
647}
648
1d9e8b56
SP
649static int run_update_hook(struct command *cmd)
650{
1d9e8b56 651 const char *argv[5];
d3180279 652 struct child_process proc = CHILD_PROCESS_INIT;
6d525d38 653 int code;
1d9e8b56 654
5a7da2dc
AS
655 argv[0] = find_hook("update");
656 if (!argv[0])
1d9e8b56
SP
657 return 0;
658
1d9e8b56
SP
659 argv[1] = cmd->ref_name;
660 argv[2] = sha1_to_hex(cmd->old_sha1);
661 argv[3] = sha1_to_hex(cmd->new_sha1);
662 argv[4] = NULL;
663
6d525d38
SP
664 proc.no_stdin = 1;
665 proc.stdout_to_stderr = 1;
666 proc.err = use_sideband ? -1 : 0;
667 proc.argv = argv;
668
669 code = start_command(&proc);
670 if (code)
671 return code;
672 if (use_sideband)
673 copy_to_sideband(proc.err, -1, NULL);
674 return finish_command(&proc);
1d9e8b56
SP
675}
676
986e8239
JK
677static int is_ref_checked_out(const char *ref)
678{
986e8239
JK
679 if (is_bare_repository())
680 return 0;
681
747ca245 682 if (!head_name)
986e8239 683 return 0;
747ca245 684 return !strcmp(head_name, ref);
986e8239
JK
685}
686
acd2a45b
JH
687static char *refuse_unconfigured_deny_msg[] = {
688 "By default, updating the current branch in a non-bare repository",
689 "is denied, because it will make the index and work tree inconsistent",
690 "with what you pushed, and will require 'git reset --hard' to match",
691 "the work tree to HEAD.",
3d95d92b
JH
692 "",
693 "You can set 'receive.denyCurrentBranch' configuration variable to",
acd2a45b
JH
694 "'ignore' or 'warn' in the remote repository to allow pushing into",
695 "its current branch; however, this is not recommended unless you",
696 "arranged to update its work tree to match what you pushed in some",
697 "other way.",
3d95d92b 698 "",
acd2a45b
JH
699 "To squelch this message and still keep the default behaviour, set",
700 "'receive.denyCurrentBranch' configuration variable to 'refuse'."
3d95d92b
JH
701};
702
acd2a45b 703static void refuse_unconfigured_deny(void)
3d95d92b
JH
704{
705 int i;
acd2a45b 706 for (i = 0; i < ARRAY_SIZE(refuse_unconfigured_deny_msg); i++)
a886ba28 707 rp_error("%s", refuse_unconfigured_deny_msg[i]);
3d95d92b
JH
708}
709
375881fa
JH
710static char *refuse_unconfigured_deny_delete_current_msg[] = {
711 "By default, deleting the current branch is denied, because the next",
712 "'git clone' won't result in any file checked out, causing confusion.",
747ca245
JH
713 "",
714 "You can set 'receive.denyDeleteCurrent' configuration variable to",
375881fa
JH
715 "'warn' or 'ignore' in the remote repository to allow deleting the",
716 "current branch, with or without a warning message.",
747ca245 717 "",
375881fa 718 "To squelch this message, you can set it to 'refuse'."
747ca245
JH
719};
720
375881fa 721static void refuse_unconfigured_deny_delete_current(void)
747ca245
JH
722{
723 int i;
724 for (i = 0;
375881fa 725 i < ARRAY_SIZE(refuse_unconfigured_deny_delete_current_msg);
747ca245 726 i++)
a886ba28 727 rp_error("%s", refuse_unconfigured_deny_delete_current_msg[i]);
747ca245
JH
728}
729
0a1bc12b
NTND
730static int command_singleton_iterator(void *cb_data, unsigned char sha1[20]);
731static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
732{
733 static struct lock_file shallow_lock;
734 struct sha1_array extra = SHA1_ARRAY_INIT;
735 const char *alt_file;
736 uint32_t mask = 1 << (cmd->index % 32);
737 int i;
738
6aa30857 739 trace_printf_key(&trace_shallow,
0a1bc12b
NTND
740 "shallow: update_shallow_ref %s\n", cmd->ref_name);
741 for (i = 0; i < si->shallow->nr; i++)
742 if (si->used_shallow[i] &&
743 (si->used_shallow[i][cmd->index / 32] & mask) &&
744 !delayed_reachability_test(si, i))
745 sha1_array_append(&extra, si->shallow->sha1[i]);
746
747 setup_alternate_shallow(&shallow_lock, &alt_file, &extra);
748 if (check_shallow_connected(command_singleton_iterator,
749 0, cmd, alt_file)) {
750 rollback_lock_file(&shallow_lock);
751 sha1_array_clear(&extra);
752 return -1;
753 }
754
755 commit_lock_file(&shallow_lock);
756
757 /*
758 * Make sure setup_alternate_shallow() for the next ref does
759 * not lose these new roots..
760 */
761 for (i = 0; i < extra.nr; i++)
762 register_shallow(extra.sha1[i]);
763
764 si->shallow_ref[cmd->index] = 0;
765 sha1_array_clear(&extra);
766 return 0;
767}
768
1a51b524
JH
769/*
770 * NEEDSWORK: we should consolidate various implementions of "are we
771 * on an unborn branch?" test into one, and make the unified one more
772 * robust. !get_sha1() based check used here and elsewhere would not
773 * allow us to tell an unborn branch from corrupt ref, for example.
774 * For the purpose of fixing "deploy-to-update does not work when
775 * pushing into an empty repository" issue, this should suffice for
776 * now.
777 */
778static int head_has_history(void)
779{
780 unsigned char sha1[20];
781
782 return !get_sha1("HEAD", sha1);
783}
784
21b138d0
JH
785static const char *push_to_deploy(unsigned char *sha1,
786 struct argv_array *env,
787 const char *work_tree)
1404bcbb
JS
788{
789 const char *update_refresh[] = {
790 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
791 };
792 const char *diff_files[] = {
793 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
794 };
795 const char *diff_index[] = {
796 "diff-index", "--quiet", "--cached", "--ignore-submodules",
1a51b524 797 NULL, "--", NULL
1404bcbb
JS
798 };
799 const char *read_tree[] = {
800 "read-tree", "-u", "-m", NULL, NULL
801 };
1404bcbb
JS
802 struct child_process child = CHILD_PROCESS_INIT;
803
1404bcbb 804 child.argv = update_refresh;
21b138d0 805 child.env = env->argv;
1404bcbb
JS
806 child.dir = work_tree;
807 child.no_stdin = 1;
808 child.stdout_to_stderr = 1;
809 child.git_cmd = 1;
21b138d0 810 if (run_command(&child))
1404bcbb 811 return "Up-to-date check failed";
1404bcbb
JS
812
813 /* run_command() does not clean up completely; reinitialize */
814 child_process_init(&child);
815 child.argv = diff_files;
21b138d0 816 child.env = env->argv;
1404bcbb
JS
817 child.dir = work_tree;
818 child.no_stdin = 1;
819 child.stdout_to_stderr = 1;
820 child.git_cmd = 1;
21b138d0 821 if (run_command(&child))
1404bcbb 822 return "Working directory has unstaged changes";
1404bcbb 823
1a51b524
JH
824 /* diff-index with either HEAD or an empty tree */
825 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
826
1404bcbb
JS
827 child_process_init(&child);
828 child.argv = diff_index;
21b138d0 829 child.env = env->argv;
1404bcbb
JS
830 child.no_stdin = 1;
831 child.no_stdout = 1;
832 child.stdout_to_stderr = 0;
833 child.git_cmd = 1;
21b138d0 834 if (run_command(&child))
1404bcbb 835 return "Working directory has staged changes";
1404bcbb
JS
836
837 read_tree[3] = sha1_to_hex(sha1);
838 child_process_init(&child);
839 child.argv = read_tree;
21b138d0 840 child.env = env->argv;
1404bcbb
JS
841 child.dir = work_tree;
842 child.no_stdin = 1;
843 child.no_stdout = 1;
844 child.stdout_to_stderr = 0;
845 child.git_cmd = 1;
21b138d0 846 if (run_command(&child))
1404bcbb 847 return "Could not update working tree to new HEAD";
1404bcbb 848
1404bcbb
JS
849 return NULL;
850}
851
08553319
JH
852static const char *push_to_checkout_hook = "push-to-checkout";
853
854static const char *push_to_checkout(unsigned char *sha1,
855 struct argv_array *env,
856 const char *work_tree)
857{
858 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
859 if (run_hook_le(env->argv, push_to_checkout_hook,
860 sha1_to_hex(sha1), NULL))
861 return "push-to-checkout hook declined";
862 else
863 return NULL;
864}
865
21b138d0
JH
866static const char *update_worktree(unsigned char *sha1)
867{
868 const char *retval;
869 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
870 struct argv_array env = ARGV_ARRAY_INIT;
871
872 if (is_bare_repository())
873 return "denyCurrentBranch = updateInstead needs a worktree";
874
875 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
876
08553319
JH
877 if (!find_hook(push_to_checkout_hook))
878 retval = push_to_deploy(sha1, &env, work_tree);
879 else
880 retval = push_to_checkout(sha1, &env, work_tree);
21b138d0
JH
881
882 argv_array_clear(&env);
883 return retval;
884}
885
0a1bc12b 886static const char *update(struct command *cmd, struct shallow_info *si)
2eca23da 887{
cfee10a7 888 const char *name = cmd->ref_name;
6b01ecfe 889 struct strbuf namespaced_name_buf = STRBUF_INIT;
1404bcbb 890 const char *namespaced_name, *ret;
cfee10a7
JH
891 unsigned char *old_sha1 = cmd->old_sha1;
892 unsigned char *new_sha1 = cmd->new_sha1;
2eca23da 893
061d6b9a 894 /* only refs/... are allowed */
59556548 895 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
466dbc42 896 rp_error("refusing to create funny ref '%s' remotely", name);
8aaf7d64 897 return "funny refname";
cfee10a7 898 }
d8a1deec 899
6b01ecfe
JT
900 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
901 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
902
903 if (is_ref_checked_out(namespaced_name)) {
3d95d92b
JH
904 switch (deny_current_branch) {
905 case DENY_IGNORE:
986e8239 906 break;
3d95d92b 907 case DENY_WARN:
466dbc42 908 rp_warning("updating the current branch");
986e8239 909 break;
3d95d92b 910 case DENY_REFUSE:
acd2a45b 911 case DENY_UNCONFIGURED:
466dbc42 912 rp_error("refusing to update checked out branch: %s", name);
acd2a45b
JH
913 if (deny_current_branch == DENY_UNCONFIGURED)
914 refuse_unconfigured_deny();
3d95d92b 915 return "branch is currently checked out";
1404bcbb
JS
916 case DENY_UPDATE_INSTEAD:
917 ret = update_worktree(new_sha1);
918 if (ret)
919 return ret;
920 break;
3d95d92b 921 }
986e8239
JK
922 }
923
d4f694ba 924 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
8aaf7d64
SP
925 error("unpack should have generated %s, "
926 "but I can't find it!", sha1_to_hex(new_sha1));
927 return "bad pack";
cfee10a7 928 }
747ca245
JH
929
930 if (!is_null_sha1(old_sha1) && is_null_sha1(new_sha1)) {
59556548 931 if (deny_deletes && starts_with(name, "refs/heads/")) {
466dbc42 932 rp_error("denying ref deletion for %s", name);
747ca245
JH
933 return "deletion prohibited";
934 }
935
b112b14d 936 if (head_name && !strcmp(namespaced_name, head_name)) {
747ca245
JH
937 switch (deny_delete_current) {
938 case DENY_IGNORE:
939 break;
940 case DENY_WARN:
466dbc42 941 rp_warning("deleting the current branch");
747ca245
JH
942 break;
943 case DENY_REFUSE:
375881fa 944 case DENY_UNCONFIGURED:
1404bcbb 945 case DENY_UPDATE_INSTEAD:
375881fa
JH
946 if (deny_delete_current == DENY_UNCONFIGURED)
947 refuse_unconfigured_deny_delete_current();
466dbc42 948 rp_error("refusing to delete the current branch: %s", name);
747ca245 949 return "deletion of the current branch prohibited";
1404bcbb
JS
950 default:
951 return "Invalid denyDeleteCurrent setting";
747ca245
JH
952 }
953 }
a240de11 954 }
747ca245 955
d4f694ba 956 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
ba988a83 957 !is_null_sha1(old_sha1) &&
59556548 958 starts_with(name, "refs/heads/")) {
eab82707 959 struct object *old_object, *new_object;
11031d7e 960 struct commit *old_commit, *new_commit;
11031d7e 961
eab82707
MK
962 old_object = parse_object(old_sha1);
963 new_object = parse_object(new_sha1);
964
965 if (!old_object || !new_object ||
966 old_object->type != OBJ_COMMIT ||
967 new_object->type != OBJ_COMMIT) {
968 error("bad sha1 objects for %s", name);
969 return "bad ref";
970 }
971 old_commit = (struct commit *)old_object;
972 new_commit = (struct commit *)new_object;
5d55915c 973 if (!in_merge_bases(old_commit, new_commit)) {
466dbc42
SP
974 rp_error("denying non-fast-forward %s"
975 " (you should pull first)", name);
a75d7b54 976 return "non-fast-forward";
8aaf7d64 977 }
11031d7e 978 }
1d9e8b56 979 if (run_update_hook(cmd)) {
466dbc42 980 rp_error("hook declined to update %s", name);
8aaf7d64 981 return "hook declined";
b1bf95bb 982 }
3159c8dc 983
d4f694ba 984 if (is_null_sha1(new_sha1)) {
222368c6 985 struct strbuf err = STRBUF_INIT;
28391a80 986 if (!parse_object(old_sha1)) {
28391a80 987 old_sha1 = NULL;
160b81ed
PYH
988 if (ref_exists(name)) {
989 rp_warning("Allowing deletion of corrupt ref.");
990 } else {
991 rp_warning("Deleting a non-existent ref.");
992 cmd->did_not_exist = 1;
993 }
28391a80 994 }
222368c6
SB
995 if (ref_transaction_delete(transaction,
996 namespaced_name,
997 old_sha1,
fb5a6bb6 998 0, "push", &err)) {
222368c6
SB
999 rp_error("%s", err.buf);
1000 strbuf_release(&err);
8aaf7d64 1001 return "failed to delete";
d4f694ba 1002 }
222368c6 1003 strbuf_release(&err);
8aaf7d64 1004 return NULL; /* good */
d4f694ba
JH
1005 }
1006 else {
6629ea2d 1007 struct strbuf err = STRBUF_INIT;
0a1bc12b
NTND
1008 if (shallow_update && si->shallow_ref[cmd->index] &&
1009 update_shallow_ref(cmd, si))
1010 return "shallow error";
1011
222368c6
SB
1012 if (ref_transaction_update(transaction,
1013 namespaced_name,
1014 new_sha1, old_sha1,
1d147bdf 1015 0, "push",
222368c6 1016 &err)) {
6629ea2d
RS
1017 rp_error("%s", err.buf);
1018 strbuf_release(&err);
222368c6 1019
6629ea2d 1020 return "failed to update ref";
ef203f08 1021 }
6629ea2d 1022 strbuf_release(&err);
222368c6 1023
8aaf7d64 1024 return NULL; /* good */
19614330 1025 }
2eca23da
LT
1026}
1027
5e1c71fd 1028static void run_update_post_hook(struct command *commands)
19614330 1029{
5e1c71fd 1030 struct command *cmd;
6d525d38 1031 int argc;
9201c707 1032 const char **argv;
d3180279 1033 struct child_process proc = CHILD_PROCESS_INIT;
dcf69262 1034 const char *hook;
19614330 1035
5a7da2dc 1036 hook = find_hook("post-update");
5e1c71fd 1037 for (argc = 0, cmd = commands; cmd; cmd = cmd->next) {
160b81ed 1038 if (cmd->error_string || cmd->did_not_exist)
19614330
JH
1039 continue;
1040 argc++;
1041 }
5a7da2dc 1042 if (!argc || !hook)
3e6e152c 1043 return;
5a7da2dc 1044
3e6e152c 1045 argv = xmalloc(sizeof(*argv) * (2 + argc));
5a7da2dc 1046 argv[0] = hook;
19614330 1047
5e1c71fd 1048 for (argc = 1, cmd = commands; cmd; cmd = cmd->next) {
160b81ed 1049 if (cmd->error_string || cmd->did_not_exist)
19614330 1050 continue;
95244ae3 1051 argv[argc] = xstrdup(cmd->ref_name);
19614330
JH
1052 argc++;
1053 }
1054 argv[argc] = NULL;
6d525d38 1055
6d525d38
SP
1056 proc.no_stdin = 1;
1057 proc.stdout_to_stderr = 1;
1058 proc.err = use_sideband ? -1 : 0;
1059 proc.argv = argv;
1060
1061 if (!start_command(&proc)) {
1062 if (use_sideband)
1063 copy_to_sideband(proc.err, -1, NULL);
1064 finish_command(&proc);
1065 }
19614330 1066}
2eca23da 1067
da3efdb1
JS
1068static void check_aliased_update(struct command *cmd, struct string_list *list)
1069{
6b01ecfe
JT
1070 struct strbuf buf = STRBUF_INIT;
1071 const char *dst_name;
da3efdb1
JS
1072 struct string_list_item *item;
1073 struct command *dst_cmd;
d59f765a
JK
1074 unsigned char sha1[GIT_SHA1_RAWSZ];
1075 char cmd_oldh[GIT_SHA1_HEXSZ + 1],
1076 cmd_newh[GIT_SHA1_HEXSZ + 1],
1077 dst_oldh[GIT_SHA1_HEXSZ + 1],
1078 dst_newh[GIT_SHA1_HEXSZ + 1];
da3efdb1
JS
1079 int flag;
1080
6b01ecfe 1081 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
7695d118 1082 dst_name = resolve_ref_unsafe(buf.buf, 0, sha1, &flag);
6b01ecfe 1083 strbuf_release(&buf);
da3efdb1
JS
1084
1085 if (!(flag & REF_ISSYMREF))
1086 return;
1087
6b01ecfe
JT
1088 dst_name = strip_namespace(dst_name);
1089 if (!dst_name) {
1090 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1091 cmd->skip_update = 1;
1092 cmd->error_string = "broken symref";
1093 return;
1094 }
1095
e8c8b713 1096 if ((item = string_list_lookup(list, dst_name)) == NULL)
da3efdb1
JS
1097 return;
1098
1099 cmd->skip_update = 1;
1100
1101 dst_cmd = (struct command *) item->util;
1102
1103 if (!hashcmp(cmd->old_sha1, dst_cmd->old_sha1) &&
1104 !hashcmp(cmd->new_sha1, dst_cmd->new_sha1))
1105 return;
1106
1107 dst_cmd->skip_update = 1;
1108
d59f765a
JK
1109 find_unique_abbrev_r(cmd_oldh, cmd->old_sha1, DEFAULT_ABBREV);
1110 find_unique_abbrev_r(cmd_newh, cmd->new_sha1, DEFAULT_ABBREV);
1111 find_unique_abbrev_r(dst_oldh, dst_cmd->old_sha1, DEFAULT_ABBREV);
1112 find_unique_abbrev_r(dst_newh, dst_cmd->new_sha1, DEFAULT_ABBREV);
da3efdb1
JS
1113 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1114 " its target '%s' (%s..%s)",
1115 cmd->ref_name, cmd_oldh, cmd_newh,
1116 dst_cmd->ref_name, dst_oldh, dst_newh);
1117
1118 cmd->error_string = dst_cmd->error_string =
1119 "inconsistent aliased update";
1120}
1121
1122static void check_aliased_updates(struct command *commands)
1123{
1124 struct command *cmd;
183113a5 1125 struct string_list ref_list = STRING_LIST_INIT_NODUP;
da3efdb1
JS
1126
1127 for (cmd = commands; cmd; cmd = cmd->next) {
1128 struct string_list_item *item =
1d2f80fa 1129 string_list_append(&ref_list, cmd->ref_name);
da3efdb1
JS
1130 item->util = (void *)cmd;
1131 }
3383e199 1132 string_list_sort(&ref_list);
da3efdb1 1133
ef7e93d9
CB
1134 for (cmd = commands; cmd; cmd = cmd->next) {
1135 if (!cmd->error_string)
1136 check_aliased_update(cmd, &ref_list);
1137 }
da3efdb1
JS
1138
1139 string_list_clear(&ref_list, 0);
1140}
1141
52fed6e1
JH
1142static int command_singleton_iterator(void *cb_data, unsigned char sha1[20])
1143{
1144 struct command **cmd_list = cb_data;
1145 struct command *cmd = *cmd_list;
1146
ee6dfb2d 1147 if (!cmd || is_null_sha1(cmd->new_sha1))
52fed6e1
JH
1148 return -1; /* end of list */
1149 *cmd_list = NULL; /* this returns only one */
1150 hashcpy(sha1, cmd->new_sha1);
1151 return 0;
1152}
1153
0a1bc12b
NTND
1154static void set_connectivity_errors(struct command *commands,
1155 struct shallow_info *si)
52fed6e1
JH
1156{
1157 struct command *cmd;
1158
1159 for (cmd = commands; cmd; cmd = cmd->next) {
1160 struct command *singleton = cmd;
0a1bc12b
NTND
1161 if (shallow_update && si->shallow_ref[cmd->index])
1162 /* to be checked in update_shallow_ref() */
1163 continue;
52fed6e1
JH
1164 if (!check_everything_connected(command_singleton_iterator,
1165 0, &singleton))
1166 continue;
1167 cmd->error_string = "missing necessary objects";
1168 }
1169}
1170
0a1bc12b
NTND
1171struct iterate_data {
1172 struct command *cmds;
1173 struct shallow_info *si;
1174};
1175
52fed6e1
JH
1176static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
1177{
0a1bc12b
NTND
1178 struct iterate_data *data = cb_data;
1179 struct command **cmd_list = &data->cmds;
52fed6e1
JH
1180 struct command *cmd = *cmd_list;
1181
0a1bc12b
NTND
1182 for (; cmd; cmd = cmd->next) {
1183 if (shallow_update && data->si->shallow_ref[cmd->index])
1184 /* to be checked in update_shallow_ref() */
1185 continue;
5dbd7676 1186 if (!is_null_sha1(cmd->new_sha1) && !cmd->skip_update) {
ee6dfb2d
JH
1187 hashcpy(sha1, cmd->new_sha1);
1188 *cmd_list = cmd->next;
1189 return 0;
1190 }
ee6dfb2d
JH
1191 }
1192 *cmd_list = NULL;
1193 return -1; /* end of list */
52fed6e1
JH
1194}
1195
daebaa78
JH
1196static void reject_updates_to_hidden(struct command *commands)
1197{
1198 struct command *cmd;
1199
1200 for (cmd = commands; cmd; cmd = cmd->next) {
1201 if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
1202 continue;
1203 if (is_null_sha1(cmd->new_sha1))
1204 cmd->error_string = "deny deleting a hidden ref";
1205 else
1206 cmd->error_string = "deny updating a hidden ref";
1207 }
1208}
1209
a6a84319
SB
1210static int should_process_cmd(struct command *cmd)
1211{
1212 return !cmd->error_string && !cmd->skip_update;
1213}
1214
1215static void warn_if_skipped_connectivity_check(struct command *commands,
1216 struct shallow_info *si)
1217{
1218 struct command *cmd;
1219 int checked_connectivity = 1;
1220
1221 for (cmd = commands; cmd; cmd = cmd->next) {
1222 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1223 error("BUG: connectivity check has not been run on ref %s",
1224 cmd->ref_name);
1225 checked_connectivity = 0;
1226 }
1227 }
1228 if (!checked_connectivity)
b6a47885 1229 die("BUG: connectivity check skipped???");
a6a84319
SB
1230}
1231
a1a26145
SB
1232static void execute_commands_non_atomic(struct command *commands,
1233 struct shallow_info *si)
1234{
1235 struct command *cmd;
222368c6
SB
1236 struct strbuf err = STRBUF_INIT;
1237
a1a26145
SB
1238 for (cmd = commands; cmd; cmd = cmd->next) {
1239 if (!should_process_cmd(cmd))
1240 continue;
1241
222368c6
SB
1242 transaction = ref_transaction_begin(&err);
1243 if (!transaction) {
1244 rp_error("%s", err.buf);
1245 strbuf_reset(&err);
1246 cmd->error_string = "transaction failed to start";
1247 continue;
1248 }
1249
a1a26145 1250 cmd->error_string = update(cmd, si);
222368c6
SB
1251
1252 if (!cmd->error_string
1253 && ref_transaction_commit(transaction, &err)) {
1254 rp_error("%s", err.buf);
1255 strbuf_reset(&err);
1256 cmd->error_string = "failed to update ref";
1257 }
1258 ref_transaction_free(transaction);
a1a26145 1259 }
68deed29
SB
1260 strbuf_release(&err);
1261}
222368c6 1262
68deed29
SB
1263static void execute_commands_atomic(struct command *commands,
1264 struct shallow_info *si)
1265{
1266 struct command *cmd;
1267 struct strbuf err = STRBUF_INIT;
1268 const char *reported_error = "atomic push failure";
1269
1270 transaction = ref_transaction_begin(&err);
1271 if (!transaction) {
1272 rp_error("%s", err.buf);
1273 strbuf_reset(&err);
1274 reported_error = "transaction failed to start";
1275 goto failure;
1276 }
1277
1278 for (cmd = commands; cmd; cmd = cmd->next) {
1279 if (!should_process_cmd(cmd))
1280 continue;
1281
1282 cmd->error_string = update(cmd, si);
1283
1284 if (cmd->error_string)
1285 goto failure;
1286 }
1287
1288 if (ref_transaction_commit(transaction, &err)) {
1289 rp_error("%s", err.buf);
1290 reported_error = "atomic transaction failed";
1291 goto failure;
1292 }
1293 goto cleanup;
1294
1295failure:
1296 for (cmd = commands; cmd; cmd = cmd->next)
1297 if (!cmd->error_string)
1298 cmd->error_string = reported_error;
1299
1300cleanup:
1301 ref_transaction_free(transaction);
222368c6 1302 strbuf_release(&err);
a1a26145
SB
1303}
1304
0a1bc12b
NTND
1305static void execute_commands(struct command *commands,
1306 const char *unpacker_error,
1307 struct shallow_info *si)
575f4974 1308{
5e1c71fd 1309 struct command *cmd;
747ca245 1310 unsigned char sha1[20];
0a1bc12b 1311 struct iterate_data data;
8aaf7d64
SP
1312
1313 if (unpacker_error) {
5e1c71fd 1314 for (cmd = commands; cmd; cmd = cmd->next)
74eb32d3 1315 cmd->error_string = "unpacker error";
8aaf7d64
SP
1316 return;
1317 }
1318
0a1bc12b
NTND
1319 data.cmds = commands;
1320 data.si = si;
1321 if (check_everything_connected(iterate_receive_command_list, 0, &data))
1322 set_connectivity_errors(commands, si);
52fed6e1 1323
daebaa78
JH
1324 reject_updates_to_hidden(commands);
1325
5a7da2dc 1326 if (run_receive_hook(commands, "pre-receive", 0)) {
ef7e93d9
CB
1327 for (cmd = commands; cmd; cmd = cmd->next) {
1328 if (!cmd->error_string)
1329 cmd->error_string = "pre-receive hook declined";
1330 }
05ef58ec
SP
1331 return;
1332 }
1333
da3efdb1
JS
1334 check_aliased_updates(commands);
1335
96ec7b1e 1336 free(head_name_to_free);
7695d118 1337 head_name = head_name_to_free = resolve_refdup("HEAD", 0, sha1, NULL);
747ca245 1338
68deed29
SB
1339 if (use_atomic)
1340 execute_commands_atomic(commands, si);
1341 else
1342 execute_commands_non_atomic(commands, si);
0a1bc12b 1343
a6a84319
SB
1344 if (shallow_update)
1345 warn_if_skipped_connectivity_check(commands, si);
575f4974
LT
1346}
1347
39895c74
JH
1348static struct command **queue_command(struct command **tail,
1349 const char *line,
1350 int linelen)
1351{
1352 unsigned char old_sha1[20], new_sha1[20];
1353 struct command *cmd;
1354 const char *refname;
1355 int reflen;
1356
1357 if (linelen < 83 ||
1358 line[40] != ' ' ||
1359 line[81] != ' ' ||
1360 get_sha1_hex(line, old_sha1) ||
1361 get_sha1_hex(line + 41, new_sha1))
1362 die("protocol error: expected old/new/ref, got '%s'", line);
1363
1364 refname = line + 82;
1365 reflen = linelen - 82;
1366 cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
1367 hashcpy(cmd->old_sha1, old_sha1);
1368 hashcpy(cmd->new_sha1, new_sha1);
1369 memcpy(cmd->ref_name, refname, reflen);
1370 cmd->ref_name[reflen] = '\0';
1371 *tail = cmd;
1372 return &cmd->next;
1373}
1374
4adf569d
JH
1375static void queue_commands_from_cert(struct command **tail,
1376 struct strbuf *push_cert)
1377{
1378 const char *boc, *eoc;
1379
1380 if (*tail)
1381 die("protocol error: got both push certificate and unsigned commands");
1382
1383 boc = strstr(push_cert->buf, "\n\n");
1384 if (!boc)
1385 die("malformed push certificate %.*s", 100, push_cert->buf);
1386 else
1387 boc += 2;
1388 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1389
1390 while (boc < eoc) {
1391 const char *eol = memchr(boc, '\n', eoc - boc);
1392 tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
1393 boc = eol ? eol + 1 : eoc;
1394 }
1395}
1396
5dbd7676 1397static struct command *read_head_info(struct sha1_array *shallow)
575f4974 1398{
5e1c71fd 1399 struct command *commands = NULL;
eb1af2df 1400 struct command **p = &commands;
575f4974 1401 for (;;) {
74543a04 1402 char *line;
39895c74 1403 int len, linelen;
eb1af2df 1404
74543a04
JK
1405 line = packet_read_line(0, &len);
1406 if (!line)
575f4974 1407 break;
5dbd7676 1408
92251b1b 1409 if (len == 48 && starts_with(line, "shallow ")) {
c09b71cc
JH
1410 unsigned char sha1[20];
1411 if (get_sha1_hex(line + 8, sha1))
1412 die("protocol error: expected shallow sha, got '%s'",
1413 line + 8);
1414 sha1_array_append(shallow, sha1);
5dbd7676
NTND
1415 continue;
1416 }
1417
0e3c339b
JH
1418 linelen = strlen(line);
1419 if (linelen < len) {
1420 const char *feature_list = line + linelen + 1;
f47182c8 1421 if (parse_feature_request(feature_list, "report-status"))
cfee10a7 1422 report_status = 1;
f47182c8 1423 if (parse_feature_request(feature_list, "side-band-64k"))
38a81b4e 1424 use_sideband = LARGE_PACKET_MAX;
c207e34f
CB
1425 if (parse_feature_request(feature_list, "quiet"))
1426 quiet = 1;
1b70fe5d
RS
1427 if (advertise_atomic_push
1428 && parse_feature_request(feature_list, "atomic"))
1429 use_atomic = 1;
cfee10a7 1430 }
0e3c339b 1431
a85b377d
JH
1432 if (!strcmp(line, "push-cert")) {
1433 int true_flush = 0;
1434 char certbuf[1024];
1435
1436 for (;;) {
1437 len = packet_read(0, NULL, NULL,
1438 certbuf, sizeof(certbuf), 0);
1439 if (!len) {
1440 true_flush = 1;
1441 break;
1442 }
1443 if (!strcmp(certbuf, "push-cert-end\n"))
1444 break; /* end of cert */
1445 strbuf_addstr(&push_cert, certbuf);
1446 }
1447
1448 if (true_flush)
1449 break;
1450 continue;
1451 }
1452
39895c74 1453 p = queue_command(p, line, linelen);
575f4974 1454 }
4adf569d
JH
1455
1456 if (push_cert.len)
1457 queue_commands_from_cert(p, &push_cert);
1458
5e1c71fd 1459 return commands;
575f4974
LT
1460}
1461
fc04c412
SP
1462static const char *parse_pack_header(struct pack_header *hdr)
1463{
a69e5429
JH
1464 switch (read_pack_header(0, hdr)) {
1465 case PH_ERROR_EOF:
1466 return "eof before pack header was fully read";
1467
1468 case PH_ERROR_PACK_SIGNATURE:
fc04c412 1469 return "protocol error (pack signature mismatch detected)";
a69e5429
JH
1470
1471 case PH_ERROR_PROTOCOL:
fc04c412 1472 return "protocol error (pack version unsupported)";
a69e5429
JH
1473
1474 default:
1475 return "unknown error in parse_pack_header";
1476
1477 case 0:
1478 return NULL;
1479 }
fc04c412
SP
1480}
1481
576162a4
NP
1482static const char *pack_lockfile;
1483
5dbd7676 1484static const char *unpack(int err_fd, struct shallow_info *si)
575f4974 1485{
fc04c412
SP
1486 struct pack_header hdr;
1487 const char *hdr_err;
31c42bff 1488 int status;
fc04c412 1489 char hdr_arg[38];
d3180279 1490 struct child_process child = CHILD_PROCESS_INIT;
dab76d3a
JH
1491 int fsck_objects = (receive_fsck_objects >= 0
1492 ? receive_fsck_objects
1493 : transfer_fsck_objects >= 0
1494 ? transfer_fsck_objects
1495 : 0);
fc04c412
SP
1496
1497 hdr_err = parse_pack_header(&hdr);
49ecfa13
JK
1498 if (hdr_err) {
1499 if (err_fd > 0)
1500 close(err_fd);
fc04c412 1501 return hdr_err;
49ecfa13 1502 }
6e1c2344
RJ
1503 snprintf(hdr_arg, sizeof(hdr_arg),
1504 "--pack_header=%"PRIu32",%"PRIu32,
fc04c412
SP
1505 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
1506
5dbd7676
NTND
1507 if (si->nr_ours || si->nr_theirs) {
1508 alt_shallow_file = setup_temporary_shallow(si->shallow);
64a7e92f
RS
1509 argv_array_push(&child.args, "--shallow-file");
1510 argv_array_push(&child.args, alt_shallow_file);
5dbd7676
NTND
1511 }
1512
fc04c412 1513 if (ntohl(hdr.hdr_entries) < unpack_limit) {
64a7e92f 1514 argv_array_pushl(&child.args, "unpack-objects", hdr_arg, NULL);
c207e34f 1515 if (quiet)
64a7e92f 1516 argv_array_push(&child.args, "-q");
dab76d3a 1517 if (fsck_objects)
5d477a33
JS
1518 argv_array_pushf(&child.args, "--strict%s",
1519 fsck_msg_types.buf);
59bfdfb8 1520 child.no_stdout = 1;
a22e6f85 1521 child.err = err_fd;
59bfdfb8 1522 child.git_cmd = 1;
31c42bff
NTND
1523 status = run_command(&child);
1524 if (status)
1525 return "unpack-objects abnormal exit";
576162a4 1526 } else {
31c42bff 1527 int s;
576162a4 1528 char keep_arg[256];
576162a4 1529
85e72830 1530 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
576162a4
NP
1531 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
1532 strcpy(keep_arg + s, "localhost");
1533
64a7e92f 1534 argv_array_pushl(&child.args, "index-pack",
31c42bff 1535 "--stdin", hdr_arg, keep_arg, NULL);
dab76d3a 1536 if (fsck_objects)
5d477a33
JS
1537 argv_array_pushf(&child.args, "--strict%s",
1538 fsck_msg_types.buf);
f7c815c3 1539 if (fix_thin)
64a7e92f 1540 argv_array_push(&child.args, "--fix-thin");
31c42bff
NTND
1541 child.out = -1;
1542 child.err = err_fd;
1543 child.git_cmd = 1;
1544 status = start_command(&child);
1545 if (status)
576162a4 1546 return "index-pack fork failed";
31c42bff
NTND
1547 pack_lockfile = index_pack_lockfile(child.out);
1548 close(child.out);
1549 status = finish_command(&child);
1550 if (status)
1551 return "index-pack abnormal exit";
1552 reprepare_packed_git();
cfee10a7 1553 }
31c42bff 1554 return NULL;
cfee10a7
JH
1555}
1556
5dbd7676 1557static const char *unpack_with_sideband(struct shallow_info *si)
a22e6f85
JK
1558{
1559 struct async muxer;
1560 const char *ret;
1561
1562 if (!use_sideband)
5dbd7676 1563 return unpack(0, si);
a22e6f85
JK
1564
1565 memset(&muxer, 0, sizeof(muxer));
1566 muxer.proc = copy_to_sideband;
1567 muxer.in = -1;
1568 if (start_async(&muxer))
1569 return NULL;
1570
5dbd7676 1571 ret = unpack(muxer.in, si);
a22e6f85
JK
1572
1573 finish_async(&muxer);
1574 return ret;
1575}
1576
0a1bc12b
NTND
1577static void prepare_shallow_update(struct command *commands,
1578 struct shallow_info *si)
1579{
1580 int i, j, k, bitmap_size = (si->ref->nr + 31) / 32;
1581
1582 si->used_shallow = xmalloc(sizeof(*si->used_shallow) *
1583 si->shallow->nr);
1584 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1585
1586 si->need_reachability_test =
1587 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1588 si->reachable =
1589 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1590 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1591
1592 for (i = 0; i < si->nr_ours; i++)
1593 si->need_reachability_test[si->ours[i]] = 1;
1594
1595 for (i = 0; i < si->shallow->nr; i++) {
1596 if (!si->used_shallow[i])
1597 continue;
1598 for (j = 0; j < bitmap_size; j++) {
1599 if (!si->used_shallow[i][j])
1600 continue;
1601 si->need_reachability_test[i]++;
1602 for (k = 0; k < 32; k++)
1603 if (si->used_shallow[i][j] & (1 << k))
1604 si->shallow_ref[j * 32 + k]++;
1605 }
1606
1607 /*
1608 * true for those associated with some refs and belong
1609 * in "ours" list aka "step 7 not done yet"
1610 */
1611 si->need_reachability_test[i] =
1612 si->need_reachability_test[i] > 1;
1613 }
1614
1615 /*
1616 * keep hooks happy by forcing a temporary shallow file via
1617 * env variable because we can't add --shallow-file to every
1618 * command. check_everything_connected() will be done with
1619 * true .git/shallow though.
1620 */
1621 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1622}
1623
5dbd7676
NTND
1624static void update_shallow_info(struct command *commands,
1625 struct shallow_info *si,
1626 struct sha1_array *ref)
1627{
1628 struct command *cmd;
1629 int *ref_status;
1630 remove_nonexistent_theirs_shallow(si);
0a1bc12b
NTND
1631 if (!si->nr_ours && !si->nr_theirs) {
1632 shallow_update = 0;
5dbd7676 1633 return;
0a1bc12b 1634 }
5dbd7676
NTND
1635
1636 for (cmd = commands; cmd; cmd = cmd->next) {
1637 if (is_null_sha1(cmd->new_sha1))
1638 continue;
1639 sha1_array_append(ref, cmd->new_sha1);
1640 cmd->index = ref->nr - 1;
1641 }
1642 si->ref = ref;
1643
0a1bc12b
NTND
1644 if (shallow_update) {
1645 prepare_shallow_update(commands, si);
1646 return;
1647 }
1648
5dbd7676
NTND
1649 ref_status = xmalloc(sizeof(*ref_status) * ref->nr);
1650 assign_shallow_commits_to_refs(si, NULL, ref_status);
1651 for (cmd = commands; cmd; cmd = cmd->next) {
1652 if (is_null_sha1(cmd->new_sha1))
1653 continue;
1654 if (ref_status[cmd->index]) {
1655 cmd->error_string = "shallow update not allowed";
1656 cmd->skip_update = 1;
1657 }
1658 }
5dbd7676
NTND
1659 free(ref_status);
1660}
1661
5e1c71fd 1662static void report(struct command *commands, const char *unpack_status)
cfee10a7
JH
1663{
1664 struct command *cmd;
38a81b4e
SP
1665 struct strbuf buf = STRBUF_INIT;
1666
1667 packet_buf_write(&buf, "unpack %s\n",
1668 unpack_status ? unpack_status : "ok");
cfee10a7
JH
1669 for (cmd = commands; cmd; cmd = cmd->next) {
1670 if (!cmd->error_string)
38a81b4e
SP
1671 packet_buf_write(&buf, "ok %s\n",
1672 cmd->ref_name);
cfee10a7 1673 else
38a81b4e
SP
1674 packet_buf_write(&buf, "ng %s %s\n",
1675 cmd->ref_name, cmd->error_string);
575f4974 1676 }
38a81b4e
SP
1677 packet_buf_flush(&buf);
1678
1679 if (use_sideband)
1680 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1681 else
cdf4fb8e 1682 write_or_die(1, buf.buf, buf.len);
38a81b4e 1683 strbuf_release(&buf);
575f4974
LT
1684}
1685
5e1c71fd 1686static int delete_only(struct command *commands)
d4f694ba 1687{
5e1c71fd
JS
1688 struct command *cmd;
1689 for (cmd = commands; cmd; cmd = cmd->next) {
d4f694ba
JH
1690 if (!is_null_sha1(cmd->new_sha1))
1691 return 0;
d4f694ba
JH
1692 }
1693 return 1;
1694}
1695
be5908ae 1696int cmd_receive_pack(int argc, const char **argv, const char *prefix)
575f4974 1697{
42526b47 1698 int advertise_refs = 0;
d0efc8a7 1699 int i;
5e1c71fd 1700 struct command *commands;
5dbd7676
NTND
1701 struct sha1_array shallow = SHA1_ARRAY_INIT;
1702 struct sha1_array ref = SHA1_ARRAY_INIT;
1703 struct shallow_info si;
575f4974 1704
bbc30f99
JK
1705 packet_trace_identity("receive-pack");
1706
575f4974
LT
1707 argv++;
1708 for (i = 1; i < argc; i++) {
be5908ae 1709 const char *arg = *argv++;
575f4974
LT
1710
1711 if (*arg == '-') {
c207e34f
CB
1712 if (!strcmp(arg, "--quiet")) {
1713 quiet = 1;
1714 continue;
1715 }
1716
42526b47
SP
1717 if (!strcmp(arg, "--advertise-refs")) {
1718 advertise_refs = 1;
1719 continue;
1720 }
1721 if (!strcmp(arg, "--stateless-rpc")) {
1722 stateless_rpc = 1;
1723 continue;
1724 }
f7c815c3
NTND
1725 if (!strcmp(arg, "--reject-thin-pack-for-testing")) {
1726 fix_thin = 0;
1727 continue;
1728 }
42526b47 1729
575f4974
LT
1730 usage(receive_pack_usage);
1731 }
5732373d 1732 if (service_dir)
d0efc8a7 1733 usage(receive_pack_usage);
5732373d 1734 service_dir = arg;
575f4974 1735 }
5732373d 1736 if (!service_dir)
575f4974
LT
1737 usage(receive_pack_usage);
1738
e1464ca7 1739 setup_path();
5c09f321 1740
5732373d
JH
1741 if (!enter_repo(service_dir, 0))
1742 die("'%s' does not appear to be a git repository", service_dir);
575f4974 1743
ef90d6d4 1744 git_config(receive_pack_config, NULL);
b89363e4 1745 if (cert_nonce_seed)
5732373d 1746 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
6fb75bed 1747
e28714c5
JH
1748 if (0 <= transfer_unpack_limit)
1749 unpack_limit = transfer_unpack_limit;
1750 else if (0 <= receive_unpack_limit)
1751 unpack_limit = receive_unpack_limit;
1752
42526b47 1753 if (advertise_refs || !stateless_rpc) {
42526b47 1754 write_head_info();
42526b47
SP
1755 }
1756 if (advertise_refs)
1757 return 0;
575f4974 1758
5dbd7676 1759 if ((commands = read_head_info(&shallow)) != NULL) {
d4f694ba
JH
1760 const char *unpack_status = NULL;
1761
5dbd7676 1762 prepare_shallow_info(&si, &shallow);
0a1bc12b
NTND
1763 if (!si.nr_ours && !si.nr_theirs)
1764 shallow_update = 0;
5dbd7676
NTND
1765 if (!delete_only(commands)) {
1766 unpack_status = unpack_with_sideband(&si);
1767 update_shallow_info(commands, &si, &ref);
1768 }
0a1bc12b 1769 execute_commands(commands, unpack_status, &si);
576162a4 1770 if (pack_lockfile)
691f1a28 1771 unlink_or_warn(pack_lockfile);
cfee10a7 1772 if (report_status)
5e1c71fd 1773 report(commands, unpack_status);
5a7da2dc 1774 run_receive_hook(commands, "post-receive", 1);
8e663d9e 1775 run_update_post_hook(commands);
77e3efbf
JH
1776 if (auto_gc) {
1777 const char *argv_gc_auto[] = {
1778 "gc", "--auto", "--quiet", NULL,
1779 };
4b7f2fa4
JH
1780 int opt = RUN_GIT_CMD | RUN_COMMAND_STDOUT_TO_STDERR;
1781 run_command_v_opt(argv_gc_auto, opt);
77e3efbf
JH
1782 }
1783 if (auto_update_server_info)
1784 update_server_info(0);
5dbd7676 1785 clear_shallow_info(&si);
7f8e9828 1786 }
38a81b4e
SP
1787 if (use_sideband)
1788 packet_flush(1);
5dbd7676
NTND
1789 sha1_array_clear(&shallow);
1790 sha1_array_clear(&ref);
b89363e4 1791 free((void *)push_cert_nonce);
575f4974
LT
1792 return 0;
1793}