public abstract class BaseReceivePack extends Object
Contains high-level operations for initializing and closing streams, advertising refs, reading commands, and receiving and applying a pack. Subclasses compose these operations into full service implementations.
Modifier and Type | Class and Description |
---|---|
static class |
BaseReceivePack.FirstLine
Data in the first line of a request, the line itself plus capabilities.
|
protected static class |
BaseReceivePack.ReceiveConfig
Configuration for receive operations.
|
Modifier and Type | Field and Description |
---|---|
protected OutputStream |
msgOut
Optional message output stream.
|
protected PacketLineIn |
pckIn
Packet line input stream around
rawIn . |
protected PacketLineOut |
pckOut
Packet line output stream around
rawOut . |
protected InputStream |
rawIn
Raw input stream.
|
protected OutputStream |
rawOut
Raw output stream.
|
Modifier | Constructor and Description |
---|---|
protected |
BaseReceivePack(Repository into)
Create a new pack receive for an open repository.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
anyRejects()
Whether any commands have been rejected so far.
|
protected void |
close()
Close and flush (if necessary) the underlying streams.
|
protected void |
enableCapabilities()
Enable capabilities based on a previously read capabilities line.
|
protected void |
executeCommands()
Execute commands to update references.
|
protected void |
failPendingCommands()
Set the result to fail for any command that was not processed yet.
|
protected List<ReceiveCommand> |
filterCommands(ReceiveCommand.Result want)
Filter the list of commands according to result.
|
Set<ObjectId> |
getAdvertisedObjects()
Get objects advertised to the client.
|
protected Map<String,Ref> |
getAdvertisedOrDefaultRefs()
Get advertised refs, or the default if not explicitly advertised.
|
Map<String,Ref> |
getAdvertisedRefs()
Get refs which were advertised to the client.
|
AdvertiseRefsHook |
getAdvertiseRefsHook()
Get the hook used while advertising the refs to the client
|
List<ReceiveCommand> |
getAllCommands()
Get all of the command received by the current request.
|
protected Set<ObjectId> |
getClientShallowCommits()
Get the commits from the client's shallow file.
|
protected abstract String |
getLockMessageProcessName()
Get the process name used for pack lock messages.
|
OutputStream |
getMessageOutputStream()
Get an underlying stream for sending messages to the client.
|
long |
getPackSize()
Get the size of the received pack file including the index size.
|
String |
getPeerUserAgent()
Get the user agent of the client.
|
PushCertificate |
getPushCertificate()
Get the push certificate used to verify the pusher's identity.
|
ReceivedPackStatistics |
getReceivedPackStatistics()
Returns the statistics on the received pack if available.
|
RefFilter |
getRefFilter()
Get the filter used while advertising the refs to the client
|
PersonIdent |
getRefLogIdent()
Get identity of the user making the changes in the reflog.
|
Repository |
getRepository()
Get the repository this receive completes into.
|
RevWalk |
getRevWalk()
Get the RevWalk instance used by this connection.
|
int |
getTimeout()
Get timeout (in seconds) before aborting an IO operation.
|
protected boolean |
hasCommands()
Whether any commands to be executed have been read.
|
protected boolean |
hasError()
Whether an error occurred that should be advertised.
|
protected void |
init(InputStream input,
OutputStream output,
OutputStream messages)
Initialize the instance with the given streams.
|
boolean |
isAllowBranchDeletes()
Whether the client can delete from
refs/heads/ . |
boolean |
isAllowCreates()
Whether the client can request refs to be created.
|
boolean |
isAllowDeletes()
Whether the client can request refs to be deleted.
|
boolean |
isAllowNonFastForwards()
Whether the client can request non-fast-forward updates of a ref,
possibly making objects unreachable.
|
boolean |
isAllowPushOptions()
Whether the server supports receiving push options.
|
boolean |
isAllowQuiet()
Whether clients may request avoiding noisy progress messages.
|
boolean |
isAtomic()
Whether the client's commands should be performed as a single atomic
transaction.
|
boolean |
isBiDirectionalPipe()
Whether this class expects a bi-directional pipe opened between the
client and itself.
|
protected boolean |
isCapabilityEnabled(String name)
Check if the peer requested a capability.
|
boolean |
isCheckReceivedObjects()
Whether this instance will verify received objects are formatted
correctly.
|
boolean |
isCheckReferencedObjectsAreReachable()
Whether this instance will validate all referenced, but not supplied by
the client, objects are reachable from another reference.
|
boolean |
isExpectDataAfterPackFooter()
Whether there is data expected after the pack footer.
|
boolean |
isQuiet()
True if the client wants less verbose output.
|
boolean |
isSideBand()
Check whether the client expects a side-band stream.
|
protected boolean |
needPack()
Whether a pack is expected based on the list of commands.
|
protected void |
receivePackAndCheckConnectivity()
Receive a pack from the stream and check connectivity if necessary.
|
protected void |
recvCommands()
Receive a list of commands from the input.
|
protected void |
release()
Release any resources used by this object.
|
void |
sendAdvertisedRefs(RefAdvertiser adv)
Generate an advertisement of available refs and capabilities.
|
void |
sendError(String what)
Send an error message to the client.
|
void |
sendMessage(String what)
Send a message to the client, if it supports receiving them.
|
protected void |
sendStatusReport(boolean forClient,
Throwable unpackError,
org.eclipse.jgit.transport.BaseReceivePack.Reporter out)
Send a status report.
|
void |
setAdvertisedRefs(Map<String,Ref> allRefs,
Set<ObjectId> additionalHaves)
Set the refs advertised by this ReceivePack.
|
void |
setAdvertiseRefsHook(AdvertiseRefsHook advertiseRefsHook)
Set the hook used while advertising the refs to the client.
|
void |
setAllowBranchDeletes(boolean canDelete)
Configure whether to permit deletion of branches from the
refs/heads/ namespace. |
void |
setAllowCreates(boolean canCreate)
Whether to permit create ref commands to be processed.
|
void |
setAllowDeletes(boolean canDelete)
Whether to permit delete ref commands to be processed.
|
void |
setAllowNonFastForwards(boolean canRewind)
Configure whether to permit the client to ask for non-fast-forward
updates of an existing ref.
|
void |
setAllowPushOptions(boolean allow)
Configure if the server supports receiving push options.
|
void |
setAllowQuiet(boolean allow)
Configure if clients may request the server skip noisy messages.
|
void |
setAtomic(boolean atomic)
Configure whether to perform the client's commands as a single atomic
transaction.
|
void |
setBiDirectionalPipe(boolean twoWay)
Whether this class will assume the socket is a fully bidirectional pipe
between the two peers and takes advantage of that by first transmitting
the known refs, then waiting to read commands.
|
void |
setCheckReceivedObjects(boolean check)
Whether to enable checking received objects
|
void |
setCheckReferencedObjectsAreReachable(boolean b)
Validate all referenced but not supplied objects are reachable.
|
void |
setExpectDataAfterPackFooter(boolean e)
Whether there is additional data in InputStream after pack.
|
void |
setMaxCommandBytes(long limit)
Set the maximum number of command bytes to read from the client.
|
void |
setMaxCommandDiscardBytes(long limit)
Set the maximum number of command bytes to discard from the client.
|
void |
setMaxObjectSizeLimit(long limit)
Set the maximum allowed Git object size.
|
void |
setMaxPackSizeLimit(long limit)
Set the maximum allowed pack size.
|
void |
setObjectChecker(ObjectChecker impl)
Set the object checking instance to verify each received object with
|
void |
setPushCertificate(PushCertificate cert)
Set the push certificate used to verify the pusher's identity.
|
void |
setRefFilter(RefFilter refFilter)
Set the filter used while advertising the refs to the client.
|
void |
setRefLogIdent(PersonIdent pi)
Set the identity of the user appearing in the affected reflogs.
|
void |
setSignedPushConfig(SignedPushConfig cfg)
Set the configuration for push certificate verification.
|
void |
setTimeout(int seconds)
Set the timeout before willing to abort an IO call.
|
protected void |
unlockPack()
Unlock the pack written by this object.
|
protected void |
validateCommands()
Validate the command list.
|
protected InputStream rawIn
protected OutputStream rawOut
protected OutputStream msgOut
protected PacketLineIn pckIn
rawIn
.protected PacketLineOut pckOut
rawOut
.protected BaseReceivePack(Repository into)
into
- the destination repository.public PushCertificate getPushCertificate()
Only valid after commands are read from the wire.
public void setPushCertificate(PushCertificate cert)
Should only be called if reconstructing an instance without going through
the normal recvCommands()
flow.
cert
- the push certificate to set.protected abstract String getLockMessageProcessName()
public final Repository getRepository()
public final RevWalk getRevWalk()
public final Map<String,Ref> getAdvertisedRefs()
setAdvertisedRefs(Map, Set)
has not been called yet.public void setAdvertisedRefs(Map<String,Ref> allRefs, Set<ObjectId> additionalHaves)
Intended to be called from a
PreReceiveHook
.
allRefs
- explicit set of references to claim as advertised by this
ReceivePack instance. This overrides any references that may
exist in the source repository. The map is passed to the
configured getRefFilter()
. If null, assumes all refs
were advertised.additionalHaves
- explicit set of additional haves to claim as advertised. If
null, assumes the default set of additional haves from the
repository.public final Set<ObjectId> getAdvertisedObjects()
setAdvertisedRefs(Map, Set)
has not been called
yet.public boolean isCheckReferencedObjectsAreReachable()
public void setCheckReferencedObjectsAreReachable(boolean b)
If enabled, this instance will verify that references to objects not
contained within the received pack are already reachable through at least
one other reference displayed as part of getAdvertisedRefs()
.
This feature is useful when the application doesn't trust the client to
not provide a forged SHA-1 reference to an object, in an attempt to
access parts of the DAG that they aren't allowed to see and which have
been hidden from them via the configured
AdvertiseRefsHook
or
RefFilter
.
Enabling this feature may imply at least some, if not all, of the same
functionality performed by setCheckReceivedObjects(boolean)
.
Applications are encouraged to enable both features, if desired.
b
- true
to enable the additional check.public boolean isBiDirectionalPipe()
public void setBiDirectionalPipe(boolean twoWay)
twoWay
- if true, this class will assume the socket is a fully
bidirectional pipe between the two peers and takes advantage
of that by first transmitting the known refs, then waiting to
read commands. If false, this class assumes it must read the
commands before writing output and does not perform the
initial advertising.public boolean isExpectDataAfterPackFooter()
true
if there is data expected after the pack footer.public void setExpectDataAfterPackFooter(boolean e)
e
- true
if there is additional data in InputStream after
pack.public boolean isCheckReceivedObjects()
true
if this instance will verify received objects are
formatted correctly. Validating objects requires more CPU time on
this side of the connection.public void setCheckReceivedObjects(boolean check)
check
- true
to enable checking received objects; false to
assume all received objects are valid.setObjectChecker(ObjectChecker)
public void setObjectChecker(ObjectChecker impl)
impl
- if non-null the object checking instance to verify each
received object with; null to disable object checking.public boolean isAllowCreates()
true
if the client can request refs to be created.public void setAllowCreates(boolean canCreate)
canCreate
- true
to permit create ref commands to be processed.public boolean isAllowDeletes()
true
if the client can request refs to be deleted.public void setAllowDeletes(boolean canDelete)
canDelete
- true
to permit delete ref commands to be processed.public boolean isAllowBranchDeletes()
refs/heads/
.true
if the client can delete from refs/heads/
.public void setAllowBranchDeletes(boolean canDelete)
refs/heads/
namespace.canDelete
- true
to permit deletion of branches from the
refs/heads/
namespace.public boolean isAllowNonFastForwards()
true
if the client can request non-fast-forward updates
of a ref, possibly making objects unreachable.public void setAllowNonFastForwards(boolean canRewind)
canRewind
- true
to permit the client to ask for non-fast-forward
updates of an existing ref.public boolean isAtomic()
true
if the client's commands should be performed as a
single atomic transaction.public void setAtomic(boolean atomic)
atomic
- true
to perform the client's commands as a single
atomic transaction.public PersonIdent getRefLogIdent()
public void setRefLogIdent(PersonIdent pi)
The timestamp portion of the identity is ignored. A new identity with the current timestamp will be created automatically when the updates occur and the log records are written.
pi
- identity of the user. If null the identity will be
automatically determined based on the repository
configuration.public AdvertiseRefsHook getAdvertiseRefsHook()
public RefFilter getRefFilter()
public void setAdvertiseRefsHook(AdvertiseRefsHook advertiseRefsHook)
If the AdvertiseRefsHook
chooses to
call setAdvertisedRefs(Map,Set)
, only refs set by this hook
and selected by the RefFilter
will be shown to the client. Clients may still attempt to create or
update a reference not advertised by the configured
AdvertiseRefsHook
. These attempts
should be rejected by a matching
PreReceiveHook
.
advertiseRefsHook
- the hook; may be null to show all refs.public void setRefFilter(RefFilter refFilter)
Only refs allowed by this filter will be shown to the client. The filter
is run against the refs specified by the
AdvertiseRefsHook
(if applicable).
refFilter
- the filter; may be null to show all refs.public int getTimeout()
public void setTimeout(int seconds)
seconds
- number of seconds to wait (with no data transfer occurring)
before aborting an IO read or write operation with the
connected client.public void setMaxCommandBytes(long limit)
limit
- command limit in bytes; if 0 there is no limit.public void setMaxCommandDiscardBytes(long limit)
Discarding remaining bytes allows this instance to consume the rest of the command block and send a human readable over-limit error via the side-band channel. If the client sends an excessive number of bytes this limit kicks in and the instance disconnects, resulting in a non-specific 'pipe closed', 'end of stream', or similar generic error at the client.
When the limit is set to -1
the implementation will default to
the larger of 3 * maxCommandBytes
or 3 MiB
.
limit
- discard limit in bytes; if 0 there is no limit; if -1 the
implementation tries to set a reasonable default.public void setMaxObjectSizeLimit(long limit)
If an object is larger than the given size the pack-parsing will throw an exception aborting the receive-pack operation.
limit
- the Git object size limit. If zero then there is not limit.public void setMaxPackSizeLimit(long limit)
A pack exceeding this size will be rejected.
limit
- the pack size limit, in bytespublic boolean isSideBand() throws RequestNotYetReadException
RequestNotYetReadException
- if the client's request has not yet been read from the wire, so
we do not know if they expect side-band. Note that the client
may have already written the request, it just has not been
read.public boolean isAllowQuiet()
public void setAllowQuiet(boolean allow)
allow
- true to allow clients to request quiet behavior; false to
refuse quiet behavior and send messages anyway. This may be
necessary if processing is slow and the client-server network
connection can timeout.public boolean isAllowPushOptions()
public void setAllowPushOptions(boolean allow)
allow
- true to optionally accept option strings from the client.public boolean isQuiet() throws RequestNotYetReadException
RequestNotYetReadException
- if the client's request has not yet been read from the wire,
so we do not know if they expect side-band. Note that the
client may have already written the request, it just has not
been read.public void setSignedPushConfig(SignedPushConfig cfg)
cfg
- new configuration; if this object is null or its SignedPushConfig.getCertNonceSeed()
is null, push certificate
verification will be disabled.public String getPeerUserAgent()
If the client is new enough to use agent=
capability that value
will be returned. Older HTTP clients may also supply their version using
the HTTP User-Agent
header. The capability overrides the HTTP
header if both are available.
When an HTTP request has been received this method returns the HTTP
User-Agent
header value until capabilities have been parsed.
public List<ReceiveCommand> getAllCommands()
public void sendError(String what)
If any error messages are sent before the references are advertised to the client, the errors will be sent instead of the advertisement and the receive operation will be aborted. All clients should receive and display such early stage errors.
If the reference advertisements have already been sent, messages are sent in a side channel. If the client doesn't support receiving messages, the message will be discarded, with no other indication to the caller or to the client.
PreReceiveHook
s should always try to
use
ReceiveCommand.setResult(Result, String)
with a result status of
ReceiveCommand.Result.REJECTED_OTHER_REASON
to indicate any reasons for rejecting an update. Messages attached to a
command are much more likely to be returned to the client.
what
- string describing the problem identified by the hook. The
string must not end with an LF, and must not contain an LF.public void sendMessage(String what)
If the client doesn't support receiving messages, the message will be discarded, with no other indication to the caller or to the client.
what
- string describing the problem identified by the hook. The
string must not end with an LF, and must not contain an LF.public OutputStream getMessageOutputStream()
public long getPackSize()
IllegalStateException
- if called before the pack has been receivedprotected Set<ObjectId> getClientShallowCommits()
protected boolean hasCommands()
true
if any commands to be executed have been read.protected boolean hasError()
protected void init(InputStream input, OutputStream output, OutputStream messages)
input
- raw input to read client commands and pack data from. Caller
must ensure the input is buffered, otherwise read performance
may suffer.output
- response back to the Git network client. Caller must ensure
the output is buffered, otherwise write performance may
suffer.messages
- secondary "notice" channel to send additional messages out
through. When run over SSH this should be tied back to the
standard error channel of the command execution. For most
other network connections this should be null.protected Map<String,Ref> getAdvertisedOrDefaultRefs()
protected void receivePackAndCheckConnectivity() throws IOException
IOException
- an error occurred during unpacking or connectivity checking.protected void unlockPack() throws IOException
IOException
- the pack could not be unlocked.public void sendAdvertisedRefs(RefAdvertiser adv) throws IOException, ServiceMayNotContinueException
adv
- the advertisement formatter.IOException
- the formatter failed to write an advertisement.ServiceMayNotContinueException
- the hook denied advertisement.@Nullable public ReceivedPackStatistics getReceivedPackStatistics()
receivePack()
is called.protected void recvCommands() throws IOException
IOException
protected void enableCapabilities()
protected boolean isCapabilityEnabled(String name)
name
- protocol name identifying the capability.protected boolean needPack()
true
if a pack is expected based on the list of commands.protected void validateCommands()
protected boolean anyRejects()
protected void failPendingCommands()
protected List<ReceiveCommand> filterCommands(ReceiveCommand.Result want)
want
- desired status to filter by.protected void executeCommands()
protected void sendStatusReport(boolean forClient, Throwable unpackError, org.eclipse.jgit.transport.BaseReceivePack.Reporter out) throws IOException
forClient
- true if this report is for a Git client, false if it is for an
end-user.unpackError
- an error that occurred during unpacking, or null
out
- the reporter for sending the status strings.IOException
- an error occurred writing the status report.protected void close() throws IOException
IOException
protected void release() throws IOException
IOException
- the pack could not be unlocked.Copyright © 2020 Eclipse JGit Project. All rights reserved.