2 .\" Title: git-receive-pack
3 .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
4 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
7 .\" Source: Git 2.46.0.rc0.75.g04f5a52757
10 .TH "GIT\-RECEIVE\-PACK" "1" "2024\-07\-16" "Git 2\&.46\&.0\&.rc0\&.75\&.g0" "Git Manual"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 git-receive-pack \- Receive what is pushed into the repository
35 \fIgit receive\-pack\fR <git\-dir>
40 Invoked by \fIgit send\-pack\fR and updates the repository with the information fed from the remote end\&.
42 This command is usually not invoked directly by the end user\&. The UI for the protocol is on the \fIgit send\-pack\fR side, and the program pair is meant to be used to push updates to a remote repository\&. For pull operations, see \fBgit-fetch-pack\fR(1)\&.
44 The command allows for the creation and fast\-forwarding of sha1 refs (heads/tags) on the remote end (strictly speaking, it is the local end \fIgit\-receive\-pack\fR runs, but to the user who is sitting at the send\-pack end, it is updating the remote\&. Confused?)
46 There are other real\-world examples of using update and post\-update hooks found in the Documentation/howto directory\&.
48 \fIgit\-receive\-pack\fR honours the receive\&.denyNonFastForwards config option, which tells it if updates to a ref should be denied if they are not fast\-forwards\&.
50 A number of other receive\&.* config options are available to tweak its behavior, see \fBgit-config\fR(1)\&.
55 The repository to sync into\&.
58 \-\-http\-backend\-info\-refs
61 \fBgit-http-backend\fR(1)
63 \fB$GIT_URL/info/refs?service=git\-receive\-pack\fR
65 \fB\-\-http\-backend\-info\-refs\fR
67 \fBgit-upload-pack\fR(1)\&.
69 .SH "PRE\-RECEIVE HOOK"
71 Before any ref is updated, if $GIT_DIR/hooks/pre\-receive file exists and is executable, it will be invoked once with no parameters\&. The standard input of the hook will be one line per ref to be updated:
77 sha1\-old SP sha1\-new SP refname LF
83 The refname value is relative to $GIT_DIR; e\&.g\&. for the master head this is "refs/heads/master"\&. The two sha1 values before each refname are the object names for the refname before and after the update\&. Refs to be created will have sha1\-old equal to 0{40}, while refs to be deleted will have sha1\-new equal to 0{40}, otherwise sha1\-old and sha1\-new should be valid objects in the repository\&.
85 When accepting a signed push (see \fBgit-push\fR(1)), the signed push certificate is stored in a blob and an environment variable \fBGIT_PUSH_CERT\fR can be consulted for its object name\&. See the description of \fBpost\-receive\fR hook for an example\&. In addition, the certificate is verified using GPG and the result is exported with the following environment variables:
87 \fBGIT_PUSH_CERT_SIGNER\fR
89 The name and the e\-mail address of the owner of the key that signed the push certificate\&.
92 \fBGIT_PUSH_CERT_KEY\fR
94 The GPG key ID of the key that signed the push certificate\&.
97 \fBGIT_PUSH_CERT_STATUS\fR
99 The status of GPG verification of the push certificate, using the same mnemonic as used in
103 family of commands (see
107 \fBGIT_PUSH_CERT_NONCE\fR
109 The nonce string the process asked the signer to include in the push certificate\&. If this does not match the value recorded on the "nonce" header in the push certificate, it may indicate that the certificate is a valid one that is being replayed from a separate "git push" session\&.
112 \fBGIT_PUSH_CERT_NONCE_STATUS\fR
117 "git push \-\-signed" sent a nonce when we did not ask it to send one\&.
122 "git push \-\-signed" did not send any nonce header\&.
127 "git push \-\-signed" sent a bogus nonce\&.
132 "git push \-\-signed" sent the nonce we asked it to send\&.
137 "git push \-\-signed" sent a nonce different from what we asked it to send now, but in a previous session\&. See
138 \fBGIT_PUSH_CERT_NONCE_SLOP\fR
139 environment variable\&.
143 \fBGIT_PUSH_CERT_NONCE_SLOP\fR
145 "git push \-\-signed" sent a nonce different from what we asked it to send now, but in a different session whose starting time is different by this many seconds from the current session\&. Only meaningful when
146 \fBGIT_PUSH_CERT_NONCE_STATUS\fR
148 \fBSLOP\fR\&. Also read about
149 \fBreceive\&.certNonceSlop\fR
151 \fBgit-config\fR(1)\&.
154 This hook is called before any refname is updated and before any fast\-forward checks are performed\&.
156 If the pre\-receive hook exits with a non\-zero exit status no updates will be performed, and the update, post\-receive and post\-update hooks will not be invoked either\&. This can be useful to quickly bail out if the update is not to be supported\&.
158 See the notes on the quarantine environment below\&.
161 Before each ref is updated, if $GIT_DIR/hooks/update file exists and is executable, it is invoked once per ref, with three parameters:
167 $GIT_DIR/hooks/update refname sha1\-old sha1\-new
173 The refname parameter is relative to $GIT_DIR; e\&.g\&. for the master head this is "refs/heads/master"\&. The two sha1 arguments are the object names for the refname before and after the update\&. Note that the hook is called before the refname is updated, so either sha1\-old is 0{40} (meaning there is no such ref yet), or it should match what is recorded in refname\&.
175 The hook should exit with non\-zero status if it wants to disallow updating the named ref\&. Otherwise it should exit with zero\&.
177 Successful execution (a zero exit status) of this hook does not ensure the ref will actually be updated, it is only a prerequisite\&. As such it is not a good idea to send notices (e\&.g\&. email) from this hook\&. Consider using the post\-receive hook instead\&.
178 .SH "POST\-RECEIVE HOOK"
180 After all refs were updated (or attempted to be updated), if any ref update was successful, and if $GIT_DIR/hooks/post\-receive file exists and is executable, it will be invoked once with no parameters\&. The standard input of the hook will be one line for each successfully updated ref:
186 sha1\-old SP sha1\-new SP refname LF
192 The refname value is relative to $GIT_DIR; e\&.g\&. for the master head this is "refs/heads/master"\&. The two sha1 values before each refname are the object names for the refname before and after the update\&. Refs that were created will have sha1\-old equal to 0{40}, while refs that were deleted will have sha1\-new equal to 0{40}, otherwise sha1\-old and sha1\-new should be valid objects in the repository\&.
194 The \fBGIT_PUSH_CERT*\fR environment variables can be inspected, just as in \fBpre\-receive\fR hook, after accepting a signed push\&.
196 Using this hook, it is easy to generate mails describing the updates to the repository\&. This example script sends one mail message per ref listing the commits pushed to the repository, and logs the push certificates of signed pushes with good signatures to a logger service:
203 # mail out commit update information\&.
204 while read oval nval ref
206 if expr "$oval" : \*(Aq0*$\*(Aq >/dev/null
208 echo "Created a new ref, with the following commits:"
209 git rev\-list \-\-pretty "$nval"
212 git rev\-list \-\-pretty "$nval" "^$oval"
214 mail \-s "Changes to ref $ref" commit\-list@mydomain
216 # log signed push certificate, if any
217 if test \-n "${GIT_PUSH_CERT\-}" && test ${GIT_PUSH_CERT_STATUS} = G
220 echo expected nonce is ${GIT_PUSH_NONCE}
221 git cat\-file blob ${GIT_PUSH_CERT}
222 ) | mail \-s "push certificate from $GIT_PUSH_CERT_SIGNER" push\-log@mydomain
231 The exit code from this hook invocation is ignored, however a non\-zero exit code will generate an error message\&.
233 Note that it is possible for refname to not have sha1\-new when this hook runs\&. This can easily occur if another user modifies the ref after it was updated by \fIgit\-receive\-pack\fR, but before the hook was able to evaluate it\&. It is recommended that hooks rely on sha1\-new rather than the current value of refname\&.
234 .SH "POST\-UPDATE HOOK"
236 After all other processing, if at least one ref was updated, and if $GIT_DIR/hooks/post\-update file exists and is executable, then post\-update will be called with the list of refs that have been updated\&. This can be used to implement any repository wide cleanup tasks\&.
238 The exit code from this hook invocation is ignored; the only thing left for \fIgit\-receive\-pack\fR to do at that point is to exit itself anyway\&.
240 This hook can be used, for example, to run \fBgit update\-server\-info\fR if the repository is packed and is served via a dumb transport\&.
247 exec git update\-server\-info
253 .SH "QUARANTINE ENVIRONMENT"
255 When \fBreceive\-pack\fR takes in objects, they are placed into a temporary "quarantine" directory within the \fB$GIT_DIR/objects\fR directory and migrated into the main object store only after the \fBpre\-receive\fR hook has completed\&. If the push fails before then, the temporary directory is removed entirely\&.
257 This has a few user\-visible effects and caveats:
267 Pushes which fail due to problems with the incoming pack, missing objects, or due to the
269 hook will not leave any on\-disk data\&. This is usually helpful to prevent repeated failed pushes from filling up your disk, but can make debugging more challenging\&.
280 Any objects created by the
282 hook will be created in the quarantine directory (and migrated only if it succeeds)\&.
295 hook MUST NOT update any refs to point to quarantined objects\&. Other programs accessing the repository will not be able to see the objects (and if the pre\-receive hook fails, those refs would become corrupted)\&. For safety, any ref updates from within
297 are automatically rejected\&.
301 \fBgit-send-pack\fR(1), \fBgitnamespaces\fR(7)
304 Part of the \fBgit\fR(1) suite