Documentation / core-intro.txton commit Allow the tag signing key to be specified in the config file (d67778e)
   1////////////////////////////////////////////////////////////////
   2
   3        GIT - the stupid content tracker
   4
   5////////////////////////////////////////////////////////////////
   6
   7"git" can mean anything, depending on your mood.
   8
   9 - random three-letter combination that is pronounceable, and not
  10   actually used by any common UNIX command.  The fact that it is a
  11   mispronunciation of "get" may or may not be relevant.
  12 - stupid. contemptible and despicable. simple. Take your pick from the
  13   dictionary of slang.
  14 - "global information tracker": you're in a good mood, and it actually
  15   works for you. Angels sing, and a light suddenly fills the room.
  16 - "goddamn idiotic truckload of sh*t": when it breaks
  17
  18This is a (not so) stupid but extremely fast directory content manager.
  19It doesn't do a whole lot at its core, but what it 'does' do is track
  20directory contents efficiently.
  21
  22There are two object abstractions: the "object database", and the
  23"current directory cache" aka "index".
  24
  25The Object Database
  26~~~~~~~~~~~~~~~~~~~
  27The object database is literally just a content-addressable collection
  28of objects.  All objects are named by their content, which is
  29approximated by the SHA1 hash of the object itself.  Objects may refer
  30to other objects (by referencing their SHA1 hash), and so you can
  31build up a hierarchy of objects.
  32
  33All objects have a statically determined "type" aka "tag", which is
  34determined at object creation time, and which identifies the format of
  35the object (i.e. how it is used, and how it can refer to other
  36objects).  There are currently four different object types: "blob",
  37"tree", "commit" and "tag".
  38
  39A "blob" object cannot refer to any other object, and is, like the type
  40implies, a pure storage object containing some user data.  It is used to
  41actually store the file data, i.e. a blob object is associated with some
  42particular version of some file.
  43
  44A "tree" object is an object that ties one or more "blob" objects into a
  45directory structure. In addition, a tree object can refer to other tree
  46objects, thus creating a directory hierarchy.
  47
  48A "commit" object ties such directory hierarchies together into
  49a DAG of revisions - each "commit" is associated with exactly one tree
  50(the directory hierarchy at the time of the commit). In addition, a
  51"commit" refers to one or more "parent" commit objects that describe the
  52history of how we arrived at that directory hierarchy.
  53
  54As a special case, a commit object with no parents is called the "root"
  55object, and is the point of an initial project commit.  Each project
  56must have at least one root, and while you can tie several different
  57root objects together into one project by creating a commit object which
  58has two or more separate roots as its ultimate parents, that's probably
  59just going to confuse people.  So aim for the notion of "one root object
  60per project", even if git itself does not enforce that.
  61
  62A "tag" object symbolically identifies and can be used to sign other
  63objects. It contains the identifier and type of another object, a
  64symbolic name (of course!) and, optionally, a signature.
  65
  66Regardless of object type, all objects share the following
  67characteristics: they are all deflated with zlib, and have a header
  68that not only specifies their type, but also provides size information
  69about the data in the object.  It's worth noting that the SHA1 hash
  70that is used to name the object is the hash of the original data
  71plus this header, so `sha1sum` 'file' does not match the object name
  72for 'file'.
  73(Historical note: in the dawn of the age of git the hash
  74was the sha1 of the 'compressed' object.)
  75
  76As a result, the general consistency of an object can always be tested
  77independently of the contents or the type of the object: all objects can
  78be validated by verifying that (a) their hashes match the content of the
  79file and (b) the object successfully inflates to a stream of bytes that
  80forms a sequence of <ascii type without space> + <space> + <ascii decimal
  81size> + <byte\0> + <binary object data>.
  82
  83The structured objects can further have their structure and
  84connectivity to other objects verified. This is generally done with
  85the `git-fsck-objects` program, which generates a full dependency graph
  86of all objects, and verifies their internal consistency (in addition
  87to just verifying their superficial consistency through the hash).
  88
  89The object types in some more detail:
  90
  91Blob Object
  92~~~~~~~~~~~
  93A "blob" object is nothing but a binary blob of data, and doesn't
  94refer to anything else.  There is no signature or any other
  95verification of the data, so while the object is consistent (it 'is'
  96indexed by its sha1 hash, so the data itself is certainly correct), it
  97has absolutely no other attributes.  No name associations, no
  98permissions.  It is purely a blob of data (i.e. normally "file
  99contents").
 100
 101In particular, since the blob is entirely defined by its data, if two
 102files in a directory tree (or in multiple different versions of the
 103repository) have the same contents, they will share the same blob
 104object. The object is totally independent of its location in the
 105directory tree, and renaming a file does not change the object that
 106file is associated with in any way.
 107
 108A blob is typically created when gitlink:git-update-index[1]
 109is run, and its data can be accessed by gitlink:git-cat-file[1].
 110
 111Tree Object
 112~~~~~~~~~~~
 113The next hierarchical object type is the "tree" object.  A tree object
 114is a list of mode/name/blob data, sorted by name.  Alternatively, the
 115mode data may specify a directory mode, in which case instead of
 116naming a blob, that name is associated with another TREE object.
 117
 118Like the "blob" object, a tree object is uniquely determined by the
 119set contents, and so two separate but identical trees will always
 120share the exact same object. This is true at all levels, i.e. it's
 121true for a "leaf" tree (which does not refer to any other trees, only
 122blobs) as well as for a whole subdirectory.
 123
 124For that reason a "tree" object is just a pure data abstraction: it
 125has no history, no signatures, no verification of validity, except
 126that since the contents are again protected by the hash itself, we can
 127trust that the tree is immutable and its contents never change.
 128
 129So you can trust the contents of a tree to be valid, the same way you
 130can trust the contents of a blob, but you don't know where those
 131contents 'came' from.
 132
 133Side note on trees: since a "tree" object is a sorted list of
 134"filename+content", you can create a diff between two trees without
 135actually having to unpack two trees.  Just ignore all common parts,
 136and your diff will look right.  In other words, you can effectively
 137(and efficiently) tell the difference between any two random trees by
 138O(n) where "n" is the size of the difference, rather than the size of
 139the tree.
 140
 141Side note 2 on trees: since the name of a "blob" depends entirely and
 142exclusively on its contents (i.e. there are no names or permissions
 143involved), you can see trivial renames or permission changes by
 144noticing that the blob stayed the same.  However, renames with data
 145changes need a smarter "diff" implementation.
 146
 147A tree is created with gitlink:git-write-tree[1] and
 148its data can be accessed by gitlink:git-ls-tree[1].
 149Two trees can be compared with gitlink:git-diff-tree[1].
 150
 151Commit Object
 152~~~~~~~~~~~~~
 153The "commit" object is an object that introduces the notion of
 154history into the picture.  In contrast to the other objects, it
 155doesn't just describe the physical state of a tree, it describes how
 156we got there, and why.
 157
 158A "commit" is defined by the tree-object that it results in, the
 159parent commits (zero, one or more) that led up to that point, and a
 160comment on what happened.  Again, a commit is not trusted per se:
 161the contents are well-defined and "safe" due to the cryptographically
 162strong signatures at all levels, but there is no reason to believe
 163that the tree is "good" or that the merge information makes sense.
 164The parents do not have to actually have any relationship with the
 165result, for example.
 166
 167Note on commits: unlike real SCM's, commits do not contain
 168rename information or file mode change information.  All of that is
 169implicit in the trees involved (the result tree, and the result trees
 170of the parents), and describing that makes no sense in this idiotic
 171file manager.
 172
 173A commit is created with gitlink:git-commit-tree[1] and
 174its data can be accessed by gitlink:git-cat-file[1].
 175
 176Trust
 177~~~~~
 178An aside on the notion of "trust". Trust is really outside the scope
 179of "git", but it's worth noting a few things.  First off, since
 180everything is hashed with SHA1, you 'can' trust that an object is
 181intact and has not been messed with by external sources.  So the name
 182of an object uniquely identifies a known state - just not a state that
 183you may want to trust.
 184
 185Furthermore, since the SHA1 signature of a commit refers to the
 186SHA1 signatures of the tree it is associated with and the signatures
 187of the parent, a single named commit specifies uniquely a whole set
 188of history, with full contents.  You can't later fake any step of the
 189way once you have the name of a commit.
 190
 191So to introduce some real trust in the system, the only thing you need
 192to do is to digitally sign just 'one' special note, which includes the
 193name of a top-level commit.  Your digital signature shows others
 194that you trust that commit, and the immutability of the history of
 195commits tells others that they can trust the whole history.
 196
 197In other words, you can easily validate a whole archive by just
 198sending out a single email that tells the people the name (SHA1 hash)
 199of the top commit, and digitally sign that email using something
 200like GPG/PGP.
 201
 202To assist in this, git also provides the tag object...
 203
 204Tag Object
 205~~~~~~~~~~
 206Git provides the "tag" object to simplify creating, managing and
 207exchanging symbolic and signed tokens.  The "tag" object at its
 208simplest simply symbolically identifies another object by containing
 209the sha1, type and symbolic name.
 210
 211However it can optionally contain additional signature information
 212(which git doesn't care about as long as there's less than 8k of
 213it). This can then be verified externally to git.
 214
 215Note that despite the tag features, "git" itself only handles content
 216integrity; the trust framework (and signature provision and
 217verification) has to come from outside.
 218
 219A tag is created with gitlink:git-mktag[1],
 220its data can be accessed by gitlink:git-cat-file[1],
 221and the signature can be verified by
 222gitlink:git-verify-tag[1].
 223
 224
 225The "index" aka "Current Directory Cache"
 226-----------------------------------------
 227The index is a simple binary file, which contains an efficient
 228representation of a virtual directory content at some random time.  It
 229does so by a simple array that associates a set of names, dates,
 230permissions and content (aka "blob") objects together.  The cache is
 231always kept ordered by name, and names are unique (with a few very
 232specific rules) at any point in time, but the cache has no long-term
 233meaning, and can be partially updated at any time.
 234
 235In particular, the index certainly does not need to be consistent with
 236the current directory contents (in fact, most operations will depend on
 237different ways to make the index 'not' be consistent with the directory
 238hierarchy), but it has three very important attributes:
 239
 240'(a) it can re-generate the full state it caches (not just the
 241directory structure: it contains pointers to the "blob" objects so
 242that it can regenerate the data too)'
 243
 244As a special case, there is a clear and unambiguous one-way mapping
 245from a current directory cache to a "tree object", which can be
 246efficiently created from just the current directory cache without
 247actually looking at any other data.  So a directory cache at any one
 248time uniquely specifies one and only one "tree" object (but has
 249additional data to make it easy to match up that tree object with what
 250has happened in the directory)
 251
 252'(b) it has efficient methods for finding inconsistencies between that
 253cached state ("tree object waiting to be instantiated") and the
 254current state.'
 255
 256'(c) it can additionally efficiently represent information about merge
 257conflicts between different tree objects, allowing each pathname to be
 258associated with sufficient information about the trees involved that
 259you can create a three-way merge between them.'
 260
 261Those are the three ONLY things that the directory cache does.  It's a
 262cache, and the normal operation is to re-generate it completely from a
 263known tree object, or update/compare it with a live tree that is being
 264developed.  If you blow the directory cache away entirely, you generally
 265haven't lost any information as long as you have the name of the tree
 266that it described.
 267
 268At the same time, the index is at the same time also the
 269staging area for creating new trees, and creating a new tree always
 270involves a controlled modification of the index file.  In particular,
 271the index file can have the representation of an intermediate tree that
 272has not yet been instantiated.  So the index can be thought of as a
 273write-back cache, which can contain dirty information that has not yet
 274been written back to the backing store.
 275
 276
 277
 278The Workflow
 279------------
 280Generally, all "git" operations work on the index file. Some operations
 281work *purely* on the index file (showing the current state of the
 282index), but most operations move data to and from the index file. Either
 283from the database or from the working directory. Thus there are four
 284main combinations:
 285
 2861) working directory -> index
 287~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 288
 289You update the index with information from the working directory with
 290the gitlink:git-update-index[1] command.  You
 291generally update the index information by just specifying the filename
 292you want to update, like so:
 293
 294        git-update-index filename
 295
 296but to avoid common mistakes with filename globbing etc, the command
 297will not normally add totally new entries or remove old entries,
 298i.e. it will normally just update existing cache entries.
 299
 300To tell git that yes, you really do realize that certain files no
 301longer exist, or that new files should be added, you
 302should use the `--remove` and `--add` flags respectively.
 303
 304NOTE! A `--remove` flag does 'not' mean that subsequent filenames will
 305necessarily be removed: if the files still exist in your directory
 306structure, the index will be updated with their new status, not
 307removed. The only thing `--remove` means is that update-cache will be
 308considering a removed file to be a valid thing, and if the file really
 309does not exist any more, it will update the index accordingly.
 310
 311As a special case, you can also do `git-update-index --refresh`, which
 312will refresh the "stat" information of each index to match the current
 313stat information. It will 'not' update the object status itself, and
 314it will only update the fields that are used to quickly test whether
 315an object still matches its old backing store object.
 316
 3172) index -> object database
 318~~~~~~~~~~~~~~~~~~~~~~~~~~~
 319
 320You write your current index file to a "tree" object with the program
 321
 322        git-write-tree
 323
 324that doesn't come with any options - it will just write out the
 325current index into the set of tree objects that describe that state,
 326and it will return the name of the resulting top-level tree. You can
 327use that tree to re-generate the index at any time by going in the
 328other direction:
 329
 3303) object database -> index
 331~~~~~~~~~~~~~~~~~~~~~~~~~~~
 332
 333You read a "tree" file from the object database, and use that to
 334populate (and overwrite - don't do this if your index contains any
 335unsaved state that you might want to restore later!) your current
 336index.  Normal operation is just
 337
 338                git-read-tree <sha1 of tree>
 339
 340and your index file will now be equivalent to the tree that you saved
 341earlier. However, that is only your 'index' file: your working
 342directory contents have not been modified.
 343
 3444) index -> working directory
 345~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 346
 347You update your working directory from the index by "checking out"
 348files. This is not a very common operation, since normally you'd just
 349keep your files updated, and rather than write to your working
 350directory, you'd tell the index files about the changes in your
 351working directory (i.e. `git-update-index`).
 352
 353However, if you decide to jump to a new version, or check out somebody
 354else's version, or just restore a previous tree, you'd populate your
 355index file with read-tree, and then you need to check out the result
 356with
 357
 358                git-checkout-index filename
 359
 360or, if you want to check out all of the index, use `-a`.
 361
 362NOTE! git-checkout-index normally refuses to overwrite old files, so
 363if you have an old version of the tree already checked out, you will
 364need to use the "-f" flag ('before' the "-a" flag or the filename) to
 365'force' the checkout.
 366
 367
 368Finally, there are a few odds and ends which are not purely moving
 369from one representation to the other:
 370
 3715) Tying it all together
 372~~~~~~~~~~~~~~~~~~~~~~~~
 373To commit a tree you have instantiated with "git-write-tree", you'd
 374create a "commit" object that refers to that tree and the history
 375behind it - most notably the "parent" commits that preceded it in
 376history.
 377
 378Normally a "commit" has one parent: the previous state of the tree
 379before a certain change was made. However, sometimes it can have two
 380or more parent commits, in which case we call it a "merge", due to the
 381fact that such a commit brings together ("merges") two or more
 382previous states represented by other commits.
 383
 384In other words, while a "tree" represents a particular directory state
 385of a working directory, a "commit" represents that state in "time",
 386and explains how we got there.
 387
 388You create a commit object by giving it the tree that describes the
 389state at the time of the commit, and a list of parents:
 390
 391        git-commit-tree <tree> -p <parent> [-p <parent2> ..]
 392
 393and then giving the reason for the commit on stdin (either through
 394redirection from a pipe or file, or by just typing it at the tty).
 395
 396git-commit-tree will return the name of the object that represents
 397that commit, and you should save it away for later use. Normally,
 398you'd commit a new `HEAD` state, and while git doesn't care where you
 399save the note about that state, in practice we tend to just write the
 400result to the file pointed at by `.git/HEAD`, so that we can always see
 401what the last committed state was.
 402
 403Here is an ASCII art by Jon Loeliger that illustrates how
 404various pieces fit together.
 405
 406------------
 407
 408                     commit-tree
 409                      commit obj
 410                       +----+
 411                       |    |
 412                       |    |
 413                       V    V
 414                    +-----------+
 415                    | Object DB |
 416                    |  Backing  |
 417                    |   Store   |
 418                    +-----------+
 419                       ^
 420           write-tree  |     |
 421             tree obj  |     |
 422                       |     |  read-tree
 423                       |     |  tree obj
 424                             V
 425                    +-----------+
 426                    |   Index   |
 427                    |  "cache"  |
 428                    +-----------+
 429         update-index  ^
 430             blob obj  |     |
 431                       |     |
 432    checkout-index -u  |     |  checkout-index
 433             stat      |     |  blob obj
 434                             V
 435                    +-----------+
 436                    |  Working  |
 437                    | Directory |
 438                    +-----------+
 439
 440------------
 441
 442
 4436) Examining the data
 444~~~~~~~~~~~~~~~~~~~~~
 445
 446You can examine the data represented in the object database and the
 447index with various helper tools. For every object, you can use
 448gitlink:git-cat-file[1] to examine details about the
 449object:
 450
 451                git-cat-file -t <objectname>
 452
 453shows the type of the object, and once you have the type (which is
 454usually implicit in where you find the object), you can use
 455
 456                git-cat-file blob|tree|commit|tag <objectname>
 457
 458to show its contents. NOTE! Trees have binary content, and as a result
 459there is a special helper for showing that content, called
 460`git-ls-tree`, which turns the binary content into a more easily
 461readable form.
 462
 463It's especially instructive to look at "commit" objects, since those
 464tend to be small and fairly self-explanatory. In particular, if you
 465follow the convention of having the top commit name in `.git/HEAD`,
 466you can do
 467
 468                git-cat-file commit HEAD
 469
 470to see what the top commit was.
 471
 4727) Merging multiple trees
 473~~~~~~~~~~~~~~~~~~~~~~~~~
 474
 475Git helps you do a three-way merge, which you can expand to n-way by
 476repeating the merge procedure arbitrary times until you finally
 477"commit" the state.  The normal situation is that you'd only do one
 478three-way merge (two parents), and commit it, but if you like to, you
 479can do multiple parents in one go.
 480
 481To do a three-way merge, you need the two sets of "commit" objects
 482that you want to merge, use those to find the closest common parent (a
 483third "commit" object), and then use those commit objects to find the
 484state of the directory ("tree" object) at these points.
 485
 486To get the "base" for the merge, you first look up the common parent
 487of two commits with
 488
 489                git-merge-base <commit1> <commit2>
 490
 491which will return you the commit they are both based on.  You should
 492now look up the "tree" objects of those commits, which you can easily
 493do with (for example)
 494
 495                git-cat-file commit <commitname> | head -1
 496
 497since the tree object information is always the first line in a commit
 498object.
 499
 500Once you know the three trees you are going to merge (the one
 501"original" tree, aka the common case, and the two "result" trees, aka
 502the branches you want to merge), you do a "merge" read into the
 503index. This will complain if it has to throw away your old index contents, so you should
 504make sure that you've committed those - in fact you would normally
 505always do a merge against your last commit (which should thus match
 506what you have in your current index anyway).
 507
 508To do the merge, do
 509
 510                git-read-tree -m -u <origtree> <yourtree> <targettree>
 511
 512which will do all trivial merge operations for you directly in the
 513index file, and you can just write the result out with
 514`git-write-tree`.
 515
 516Historical note.  We did not have `-u` facility when this
 517section was first written, so we used to warn that
 518the merge is done in the index file, not in your
 519working tree, and your working tree will not match your
 520index after this step.
 521This is no longer true.  The above command, thanks to `-u`
 522option, updates your working tree with the merge results for
 523paths that have been trivially merged.
 524
 525
 5268) Merging multiple trees, continued
 527~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 528
 529Sadly, many merges aren't trivial. If there are files that have
 530been added.moved or removed, or if both branches have modified the
 531same file, you will be left with an index tree that contains "merge
 532entries" in it. Such an index tree can 'NOT' be written out to a tree
 533object, and you will have to resolve any such merge clashes using
 534other tools before you can write out the result.
 535
 536You can examine such index state with `git-ls-files --unmerged`
 537command.  An example:
 538
 539------------------------------------------------
 540$ git-read-tree -m $orig HEAD $target
 541$ git-ls-files --unmerged
 542100644 263414f423d0e4d70dae8fe53fa34614ff3e2860 1       hello.c
 543100644 06fa6a24256dc7e560efa5687fa84b51f0263c3a 2       hello.c
 544100644 cc44c73eb783565da5831b4d820c962954019b69 3       hello.c
 545------------------------------------------------
 546
 547Each line of the `git-ls-files --unmerged` output begins with
 548the blob mode bits, blob SHA1, 'stage number', and the
 549filename.  The 'stage number' is git's way to say which tree it
 550came from: stage 1 corresponds to `$orig` tree, stage 2 `HEAD`
 551tree, and stage3 `$target` tree.
 552
 553Earlier we said that trivial merges are done inside
 554`git-read-tree -m`.  For example, if the file did not change
 555from `$orig` to `HEAD` nor `$target`, or if the file changed
 556from `$orig` to `HEAD` and `$orig` to `$target` the same way,
 557obviously the final outcome is what is in `HEAD`.  What the
 558above example shows is that file `hello.c` was changed from
 559`$orig` to `HEAD` and `$orig` to `$target` in a different way.
 560You could resolve this by running your favorite 3-way merge
 561program, e.g.  `diff3` or `merge`, on the blob objects from
 562these three stages yourself, like this:
 563
 564------------------------------------------------
 565$ git-cat-file blob 263414f... >hello.c~1
 566$ git-cat-file blob 06fa6a2... >hello.c~2
 567$ git-cat-file blob cc44c73... >hello.c~3
 568$ merge hello.c~2 hello.c~1 hello.c~3
 569------------------------------------------------
 570
 571This would leave the merge result in `hello.c~2` file, along
 572with conflict markers if there are conflicts.  After verifying
 573the merge result makes sense, you can tell git what the final
 574merge result for this file is by:
 575
 576        mv -f hello.c~2 hello.c
 577        git-update-index hello.c
 578
 579When a path is in unmerged state, running `git-update-index` for
 580that path tells git to mark the path resolved.
 581
 582The above is the description of a git merge at the lowest level,
 583to help you understand what conceptually happens under the hood.
 584In practice, nobody, not even git itself, uses three `git-cat-file`
 585for this.  There is `git-merge-index` program that extracts the
 586stages to temporary files and calls a "merge" script on it:
 587
 588        git-merge-index git-merge-one-file hello.c
 589
 590and that is what higher level `git resolve` is implemented with.