aboutsummaryrefslogtreecommitdiff
path: root/Documentation/git-receive-pack.txt
blob: 86a4b32f0f1cbb8b69ff8b935edade6f14e7d5e2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
git-receive-pack(1)
===================

NAME
----
git-receive-pack - Receive what is pushed into the repository


SYNOPSIS
--------
[verse]
'git-receive-pack' <directory>

DESCRIPTION
-----------
Invoked by 'git send-pack' and updates the repository with the
information fed from the remote end.

This command is usually not invoked directly by the end user.
The UI for the protocol is on the 'git send-pack' side, and the
program pair is meant to be used to push updates to remote
repository.  For pull operations, see linkgit:git-fetch-pack[1].

The command allows for creation and fast-forwarding of sha1 refs
(heads/tags) on the remote end (strictly speaking, it is the
local end 'git-receive-pack' runs, but to the user who is sitting at
the send-pack end, it is updating the remote.  Confused?)

There are other real-world examples of using update and
post-update hooks found in the Documentation/howto directory.

'git-receive-pack' honours the receive.denyNonFastForwards config
option, which tells it if updates to a ref should be denied if they
are not fast-forwards.

A number of other receive.* config options are available to tweak
its behavior, see linkgit:git-config[1].

OPTIONS
-------
<directory>::
	The repository to sync into.

pre-receive Hook
----------------
Before any ref is updated, if $GIT_DIR/hooks/pre-receive file exists
and is executable, it will be invoked once with no parameters.  The
standard input of the hook will be one line per ref to be updated:

       sha1-old SP sha1-new SP refname LF

The refname value is relative to $GIT_DIR; e.g. for the master
head this is "refs/heads/master".  The two sha1 values before
each refname are the object names for the refname before and after
the update.  Refs to be created will have sha1-old equal to 0\{40},
while refs to be deleted will have sha1-new equal to 0\{40}, otherwise
sha1-old and sha1-new should be valid objects in the repository.

When accepting a signed push (see linkgit:git-push[1]), the signed
push certificate is stored in a blob and an environment variable
`GIT_PUSH_CERT` can be consulted for its object name.  See the
description of `post-receive` hook for an example.  In addition, the
certificate is verified using GPG and the result is exported with
the following environment variables:

`GIT_PUSH_CERT_SIGNER`::
	The name and the e-mail address of the owner of the key that
	signed the push certificate.

`GIT_PUSH_CERT_KEY`::
	The GPG key ID of the key that signed the push certificate.

`GIT_PUSH_CERT_STATUS`::
	The status of GPG verification of the push certificate,
	using the same mnemonic as used in `%G?` format of `git log`
	family of commands (see linkgit:git-log[1]).

`GIT_PUSH_CERT_NONCE`::
	The nonce string the process asked the signer to include
	in the push certificate.  If this does not match the value
	recorded on the "nonce" header in the push certificate, it
	may indicate that the certificate is a valid one that is
	being replayed from a separate "git push" session.

`GIT_PUSH_CERT_NONCE_STATUS`::
`UNSOLICITED`;;
	"git push --signed" sent a nonce when we did not ask it to
	send one.
`MISSING`;;
	"git push --signed" did not send any nonce header.
`BAD`;;
	"git push --signed" sent a bogus nonce.
`OK`;;
	"git push --signed" sent the nonce we asked it to send.
`SLOP`;;
	"git push --signed" sent a nonce different from what we
	asked it to send now, but in a previous session.  See
	`GIT_PUSH_CERT_NONCE_SLOP` environment variable.

`GIT_PUSH_CERT_NONCE_SLOP`::
	"git push --signed" sent a nonce different from what we
	asked it to send now, but in a different session whose
	starting time is different by this many seconds from the
	current session.  Only meaningful when
	`GIT_PUSH_CERT_NONCE_STATUS` says `SLOP`.
	Also read about `receive.certNonceSlop` variable in
	linkgit:git-config[1].

This hook is called before any refname is updated and before any
fast-forward checks are performed.

If the pre-receive hook exits with a non-zero exit status no updates
will be performed, and the update, post-receive and post-update
hooks will not be invoked either.  This can be useful to quickly
bail out if the update is not to be supported.

See the notes on the quarantine environment below.

update Hook
-----------
Before each ref is updated, if $GIT_DIR/hooks/update file exists
and is executable, it is invoked once per ref, with three parameters:

       $GIT_DIR/hooks/update refname sha1-old sha1-new

The refname parameter is relative to $GIT_DIR; e.g. for the master
head this is "refs/heads/master".  The two sha1 arguments are
the object names for the refname before and after the update.
Note that the hook is called before the refname is updated,
so either sha1-old is 0\{40} (meaning there is no such ref yet),
or it should match what is recorded in refname.

The hook should exit with non-zero status if it wants to disallow
updating the named ref.  Otherwise it should exit with zero.

Successful execution (a zero exit status) of this hook does not
ensure the ref will actually be updated, it is only a prerequisite.
As such it is not a good idea to send notices (e.g. email) from
this hook.  Consider using the post-receive hook instead.

post-receive Hook
-----------------
After all refs were updated (or attempted to be updated), if any
ref update was successful, and if $GIT_DIR/hooks/post-receive
file exists and is executable, it will be invoked once with no
parameters.  The standard input of the hook will be one line
for each successfully updated ref:

       sha1-old SP sha1-new SP refname LF

The refname value is relative to $GIT_DIR; e.g. for the master
head this is "refs/heads/master".  The two sha1 values before
each refname are the object names for the refname before and after
the update.  Refs that were created will have sha1-old equal to
0\{40}, while refs that were deleted will have sha1-new equal to
0\{40}, otherwise sha1-old and sha1-new should be valid objects in
the repository.

The `GIT_PUSH_CERT*` environment variables can be inspected, just as
in `pre-receive` hook, after accepting a signed push.

Using this hook, it is easy to generate mails describing the updates
to the repository.  This example script sends one mail message per
ref listing the commits pushed to the repository, and logs the push
certificates of signed pushes with good signatures to a logger
service:

	#!/bin/sh
	# mail out commit update information.
	while read oval nval ref
	do
		if expr "$oval" : '0*$' >/dev/null
		then
			echo "Created a new ref, with the following commits:"
			git rev-list --pretty "$nval"
		else
			echo "New commits:"
			git rev-list --pretty "$nval" "^$oval"
		fi |
		mail -s "Changes to ref $ref" commit-list@mydomain
	done
	# log signed push certificate, if any
	if test -n "${GIT_PUSH_CERT-}" && test ${GIT_PUSH_CERT_STATUS} = G
	then
		(
			echo expected nonce is ${GIT_PUSH_NONCE}
			git cat-file blob ${GIT_PUSH_CERT}
		) | mail -s "push certificate from $GIT_PUSH_CERT_SIGNER" push-log@mydomain
	fi
	exit 0

The exit code from this hook invocation is ignored, however a
non-zero exit code will generate an error message.

Note that it is possible for refname to not have sha1-new when this
hook runs.  This can easily occur if another user modifies the ref
after it was updated by 'git-receive-pack', but before the hook was able
to evaluate it.  It is recommended that hooks rely on sha1-new
rather than the current value of refname.

post-update Hook
----------------
After all other processing, if at least one ref was updated, and
if $GIT_DIR/hooks/post-update file exists and is executable, then
post-update will be called with the list of refs that have been updated.
This can be used to implement any repository wide cleanup tasks.

The exit code from this hook invocation is ignored; the only thing
left for 'git-receive-pack' to do at that point is to exit itself
anyway.

This hook can be used, for example, to run `git update-server-info`
if the repository is packed and is served via a dumb transport.

	#!/bin/sh
	exec git update-server-info


Quarantine Environment
----------------------

When `receive-pack` takes in objects, they are placed into a temporary
"quarantine" directory within the `$GIT_DIR/objects` directory and
migrated into the main object store only after the `pre-receive` hook
has completed. If the push fails before then, the temporary directory is
removed entirely.

This has a few user-visible effects and caveats:

  1. Pushes which fail due to problems with the incoming pack, missing
     objects, or due to the `pre-receive` hook will not leave any
     on-disk data. This is usually helpful to prevent repeated failed
     pushes from filling up your disk, but can make debugging more
     challenging.

  2. Any objects created by the `pre-receive` hook will be created in
     the quarantine directory (and migrated only if it succeeds).

  3. The `pre-receive` hook MUST NOT update any refs to point to
     quarantined objects. Other programs accessing the repository will
     not be able to see the objects (and if the pre-receive hook fails,
     those refs would become corrupted). For safety, any ref updates
     from within `pre-receive` are automatically rejected.


SEE ALSO
--------
linkgit:git-send-pack[1], linkgit:gitnamespaces[7]

GIT
---
Part of the linkgit:git[1] suite