Documentation / git-receive-pack.txton commit Merge branch 'jc/git-open-cloexec' (02d0457)
   1git-receive-pack(1)
   2===================
   3
   4NAME
   5----
   6git-receive-pack - Receive what is pushed into the repository
   7
   8
   9SYNOPSIS
  10--------
  11[verse]
  12'git-receive-pack' <directory>
  13
  14DESCRIPTION
  15-----------
  16Invoked by 'git send-pack' and updates the repository with the
  17information fed from the remote end.
  18
  19This command is usually not invoked directly by the end user.
  20The UI for the protocol is on the 'git send-pack' side, and the
  21program pair is meant to be used to push updates to remote
  22repository.  For pull operations, see linkgit:git-fetch-pack[1].
  23
  24The command allows for creation and fast-forwarding of sha1 refs
  25(heads/tags) on the remote end (strictly speaking, it is the
  26local end 'git-receive-pack' runs, but to the user who is sitting at
  27the send-pack end, it is updating the remote.  Confused?)
  28
  29There are other real-world examples of using update and
  30post-update hooks found in the Documentation/howto directory.
  31
  32'git-receive-pack' honours the receive.denyNonFastForwards config
  33option, which tells it if updates to a ref should be denied if they
  34are not fast-forwards.
  35
  36A number of other receive.* config options are available to tweak
  37its behavior, see linkgit:git-config[1].
  38
  39OPTIONS
  40-------
  41<directory>::
  42        The repository to sync into.
  43
  44pre-receive Hook
  45----------------
  46Before any ref is updated, if $GIT_DIR/hooks/pre-receive file exists
  47and is executable, it will be invoked once with no parameters.  The
  48standard input of the hook will be one line per ref to be updated:
  49
  50       sha1-old SP sha1-new SP refname LF
  51
  52The refname value is relative to $GIT_DIR; e.g. for the master
  53head this is "refs/heads/master".  The two sha1 values before
  54each refname are the object names for the refname before and after
  55the update.  Refs to be created will have sha1-old equal to 0\{40},
  56while refs to be deleted will have sha1-new equal to 0\{40}, otherwise
  57sha1-old and sha1-new should be valid objects in the repository.
  58
  59When accepting a signed push (see linkgit:git-push[1]), the signed
  60push certificate is stored in a blob and an environment variable
  61`GIT_PUSH_CERT` can be consulted for its object name.  See the
  62description of `post-receive` hook for an example.  In addition, the
  63certificate is verified using GPG and the result is exported with
  64the following environment variables:
  65
  66`GIT_PUSH_CERT_SIGNER`::
  67        The name and the e-mail address of the owner of the key that
  68        signed the push certificate.
  69
  70`GIT_PUSH_CERT_KEY`::
  71        The GPG key ID of the key that signed the push certificate.
  72
  73`GIT_PUSH_CERT_STATUS`::
  74        The status of GPG verification of the push certificate,
  75        using the same mnemonic as used in `%G?` format of `git log`
  76        family of commands (see linkgit:git-log[1]).
  77
  78`GIT_PUSH_CERT_NONCE`::
  79        The nonce string the process asked the signer to include
  80        in the push certificate.  If this does not match the value
  81        recorded on the "nonce" header in the push certificate, it
  82        may indicate that the certificate is a valid one that is
  83        being replayed from a separate "git push" session.
  84
  85`GIT_PUSH_CERT_NONCE_STATUS`::
  86`UNSOLICITED`;;
  87        "git push --signed" sent a nonce when we did not ask it to
  88        send one.
  89`MISSING`;;
  90        "git push --signed" did not send any nonce header.
  91`BAD`;;
  92        "git push --signed" sent a bogus nonce.
  93`OK`;;
  94        "git push --signed" sent the nonce we asked it to send.
  95`SLOP`;;
  96        "git push --signed" sent a nonce different from what we
  97        asked it to send now, but in a previous session.  See
  98        `GIT_PUSH_CERT_NONCE_SLOP` environment variable.
  99
 100`GIT_PUSH_CERT_NONCE_SLOP`::
 101        "git push --signed" sent a nonce different from what we
 102        asked it to send now, but in a different session whose
 103        starting time is different by this many seconds from the
 104        current session.  Only meaningful when
 105        `GIT_PUSH_CERT_NONCE_STATUS` says `SLOP`.
 106        Also read about `receive.certNonceSlop` variable in
 107        linkgit:git-config[1].
 108
 109This hook is called before any refname is updated and before any
 110fast-forward checks are performed.
 111
 112If the pre-receive hook exits with a non-zero exit status no updates
 113will be performed, and the update, post-receive and post-update
 114hooks will not be invoked either.  This can be useful to quickly
 115bail out if the update is not to be supported.
 116
 117update Hook
 118-----------
 119Before each ref is updated, if $GIT_DIR/hooks/update file exists
 120and is executable, it is invoked once per ref, with three parameters:
 121
 122       $GIT_DIR/hooks/update refname sha1-old sha1-new
 123
 124The refname parameter is relative to $GIT_DIR; e.g. for the master
 125head this is "refs/heads/master".  The two sha1 arguments are
 126the object names for the refname before and after the update.
 127Note that the hook is called before the refname is updated,
 128so either sha1-old is 0\{40} (meaning there is no such ref yet),
 129or it should match what is recorded in refname.
 130
 131The hook should exit with non-zero status if it wants to disallow
 132updating the named ref.  Otherwise it should exit with zero.
 133
 134Successful execution (a zero exit status) of this hook does not
 135ensure the ref will actually be updated, it is only a prerequisite.
 136As such it is not a good idea to send notices (e.g. email) from
 137this hook.  Consider using the post-receive hook instead.
 138
 139post-receive Hook
 140-----------------
 141After all refs were updated (or attempted to be updated), if any
 142ref update was successful, and if $GIT_DIR/hooks/post-receive
 143file exists and is executable, it will be invoked once with no
 144parameters.  The standard input of the hook will be one line
 145for each successfully updated ref:
 146
 147       sha1-old SP sha1-new SP refname LF
 148
 149The refname value is relative to $GIT_DIR; e.g. for the master
 150head this is "refs/heads/master".  The two sha1 values before
 151each refname are the object names for the refname before and after
 152the update.  Refs that were created will have sha1-old equal to
 1530\{40}, while refs that were deleted will have sha1-new equal to
 1540\{40}, otherwise sha1-old and sha1-new should be valid objects in
 155the repository.
 156
 157The `GIT_PUSH_CERT*` environment variables can be inspected, just as
 158in `pre-receive` hook, after accepting a signed push.
 159
 160Using this hook, it is easy to generate mails describing the updates
 161to the repository.  This example script sends one mail message per
 162ref listing the commits pushed to the repository, and logs the push
 163certificates of signed pushes with good signatures to a logger
 164service:
 165
 166        #!/bin/sh
 167        # mail out commit update information.
 168        while read oval nval ref
 169        do
 170                if expr "$oval" : '0*$' >/dev/null
 171                then
 172                        echo "Created a new ref, with the following commits:"
 173                        git rev-list --pretty "$nval"
 174                else
 175                        echo "New commits:"
 176                        git rev-list --pretty "$nval" "^$oval"
 177                fi |
 178                mail -s "Changes to ref $ref" commit-list@mydomain
 179        done
 180        # log signed push certificate, if any
 181        if test -n "${GIT_PUSH_CERT-}" && test ${GIT_PUSH_CERT_STATUS} = G
 182        then
 183                (
 184                        echo expected nonce is ${GIT_PUSH_NONCE}
 185                        git cat-file blob ${GIT_PUSH_CERT}
 186                ) | mail -s "push certificate from $GIT_PUSH_CERT_SIGNER" push-log@mydomain
 187        fi
 188        exit 0
 189
 190The exit code from this hook invocation is ignored, however a
 191non-zero exit code will generate an error message.
 192
 193Note that it is possible for refname to not have sha1-new when this
 194hook runs.  This can easily occur if another user modifies the ref
 195after it was updated by 'git-receive-pack', but before the hook was able
 196to evaluate it.  It is recommended that hooks rely on sha1-new
 197rather than the current value of refname.
 198
 199post-update Hook
 200----------------
 201After all other processing, if at least one ref was updated, and
 202if $GIT_DIR/hooks/post-update file exists and is executable, then
 203post-update will be called with the list of refs that have been updated.
 204This can be used to implement any repository wide cleanup tasks.
 205
 206The exit code from this hook invocation is ignored; the only thing
 207left for 'git-receive-pack' to do at that point is to exit itself
 208anyway.
 209
 210This hook can be used, for example, to run `git update-server-info`
 211if the repository is packed and is served via a dumb transport.
 212
 213        #!/bin/sh
 214        exec git update-server-info
 215
 216
 217SEE ALSO
 218--------
 219linkgit:git-send-pack[1], linkgit:gitnamespaces[7]
 220
 221GIT
 222---
 223Part of the linkgit:git[1] suite