1GIT-RECEIVE-PACK(1)               Git Manual               GIT-RECEIVE-PACK(1)
2
3
4

NAME

6       git-receive-pack - Receive what is pushed into the repository
7

SYNOPSIS

9       git-receive-pack <directory>
10

DESCRIPTION

12       Invoked by git send-pack and updates the repository with the
13       information fed from the remote end.
14
15       This command is usually not invoked directly by the end user. The UI
16       for the protocol is on the git send-pack side, and the program pair is
17       meant to be used to push updates to remote repository. For pull
18       operations, see git-fetch-pack(1).
19
20       The command allows for creation and fast-forwarding of sha1 refs
21       (heads/tags) on the remote end (strictly speaking, it is the local end
22       git-receive-pack runs, but to the user who is sitting at the send-pack
23       end, it is updating the remote. Confused?)
24
25       There are other real-world examples of using update and post-update
26       hooks found in the Documentation/howto directory.
27
28       git-receive-pack honours the receive.denyNonFastForwards config option,
29       which tells it if updates to a ref should be denied if they are not
30       fast-forwards.
31
32       A number of other receive.* config options are available to tweak its
33       behavior, see git-config(1).
34

OPTIONS

36       <directory>
37           The repository to sync into.
38

PRE-RECEIVE HOOK

40       Before any ref is updated, if $GIT_DIR/hooks/pre-receive file exists
41       and is executable, it will be invoked once with no parameters. The
42       standard input of the hook will be one line per ref to be updated:
43
44           sha1-old SP sha1-new SP refname LF
45
46       The refname value is relative to $GIT_DIR; e.g. for the master head
47       this is "refs/heads/master". The two sha1 values before each refname
48       are the object names for the refname before and after the update. Refs
49       to be created will have sha1-old equal to 0{40}, while refs to be
50       deleted will have sha1-new equal to 0{40}, otherwise sha1-old and
51       sha1-new should be valid objects in the repository.
52
53       When accepting a signed push (see git-push(1)), the signed push
54       certificate is stored in a blob and an environment variable
55       GIT_PUSH_CERT can be consulted for its object name. See the description
56       of post-receive hook for an example. In addition, the certificate is
57       verified using GPG and the result is exported with the following
58       environment variables:
59
60       GIT_PUSH_CERT_SIGNER
61           The name and the e-mail address of the owner of the key that signed
62           the push certificate.
63
64       GIT_PUSH_CERT_KEY
65           The GPG key ID of the key that signed the push certificate.
66
67       GIT_PUSH_CERT_STATUS
68           The status of GPG verification of the push certificate, using the
69           same mnemonic as used in %G?  format of git log family of commands
70           (see git-log(1)).
71
72       GIT_PUSH_CERT_NONCE
73           The nonce string the process asked the signer to include in the
74           push certificate. If this does not match the value recorded on the
75           "nonce" header in the push certificate, it may indicate that the
76           certificate is a valid one that is being replayed from a separate
77           "git push" session.
78
79       GIT_PUSH_CERT_NONCE_STATUS
80
81           UNSOLICITED
82               "git push --signed" sent a nonce when we did not ask it to send
83               one.
84
85           MISSING
86               "git push --signed" did not send any nonce header.
87
88           BAD
89               "git push --signed" sent a bogus nonce.
90
91           OK
92               "git push --signed" sent the nonce we asked it to send.
93
94           SLOP
95               "git push --signed" sent a nonce different from what we asked
96               it to send now, but in a previous session. See
97               GIT_PUSH_CERT_NONCE_SLOP environment variable.
98
99       GIT_PUSH_CERT_NONCE_SLOP
100           "git push --signed" sent a nonce different from what we asked it to
101           send now, but in a different session whose starting time is
102           different by this many seconds from the current session. Only
103           meaningful when GIT_PUSH_CERT_NONCE_STATUS says SLOP. Also read
104           about receive.certNonceSlop variable in git-config(1).
105
106       This hook is called before any refname is updated and before any
107       fast-forward checks are performed.
108
109       If the pre-receive hook exits with a non-zero exit status no updates
110       will be performed, and the update, post-receive and post-update hooks
111       will not be invoked either. This can be useful to quickly bail out if
112       the update is not to be supported.
113
114       See the notes on the quarantine environment below.
115

UPDATE HOOK

117       Before each ref is updated, if $GIT_DIR/hooks/update file exists and is
118       executable, it is invoked once per ref, with three parameters:
119
120           $GIT_DIR/hooks/update refname sha1-old sha1-new
121
122       The refname parameter is relative to $GIT_DIR; e.g. for the master head
123       this is "refs/heads/master". The two sha1 arguments are the object
124       names for the refname before and after the update. Note that the hook
125       is called before the refname is updated, so either sha1-old is 0{40}
126       (meaning there is no such ref yet), or it should match what is recorded
127       in refname.
128
129       The hook should exit with non-zero status if it wants to disallow
130       updating the named ref. Otherwise it should exit with zero.
131
132       Successful execution (a zero exit status) of this hook does not ensure
133       the ref will actually be updated, it is only a prerequisite. As such it
134       is not a good idea to send notices (e.g. email) from this hook.
135       Consider using the post-receive hook instead.
136

POST-RECEIVE HOOK

138       After all refs were updated (or attempted to be updated), if any ref
139       update was successful, and if $GIT_DIR/hooks/post-receive file exists
140       and is executable, it will be invoked once with no parameters. The
141       standard input of the hook will be one line for each successfully
142       updated ref:
143
144           sha1-old SP sha1-new SP refname LF
145
146       The refname value is relative to $GIT_DIR; e.g. for the master head
147       this is "refs/heads/master". The two sha1 values before each refname
148       are the object names for the refname before and after the update. Refs
149       that were created will have sha1-old equal to 0{40}, while refs that
150       were deleted will have sha1-new equal to 0{40}, otherwise sha1-old and
151       sha1-new should be valid objects in the repository.
152
153       The GIT_PUSH_CERT* environment variables can be inspected, just as in
154       pre-receive hook, after accepting a signed push.
155
156       Using this hook, it is easy to generate mails describing the updates to
157       the repository. This example script sends one mail message per ref
158       listing the commits pushed to the repository, and logs the push
159       certificates of signed pushes with good signatures to a logger service:
160
161           #!/bin/sh
162           # mail out commit update information.
163           while read oval nval ref
164           do
165                   if expr "$oval" : '0*$' >/dev/null
166                   then
167                           echo "Created a new ref, with the following commits:"
168                           git rev-list --pretty "$nval"
169                   else
170                           echo "New commits:"
171                           git rev-list --pretty "$nval" "^$oval"
172                   fi |
173                   mail -s "Changes to ref $ref" commit-list@mydomain
174           done
175           # log signed push certificate, if any
176           if test -n "${GIT_PUSH_CERT-}" && test ${GIT_PUSH_CERT_STATUS} = G
177           then
178                   (
179                           echo expected nonce is ${GIT_PUSH_NONCE}
180                           git cat-file blob ${GIT_PUSH_CERT}
181                   ) | mail -s "push certificate from $GIT_PUSH_CERT_SIGNER" push-log@mydomain
182           fi
183           exit 0
184
185       The exit code from this hook invocation is ignored, however a non-zero
186       exit code will generate an error message.
187
188       Note that it is possible for refname to not have sha1-new when this
189       hook runs. This can easily occur if another user modifies the ref after
190       it was updated by git-receive-pack, but before the hook was able to
191       evaluate it. It is recommended that hooks rely on sha1-new rather than
192       the current value of refname.
193

POST-UPDATE HOOK

195       After all other processing, if at least one ref was updated, and if
196       $GIT_DIR/hooks/post-update file exists and is executable, then
197       post-update will be called with the list of refs that have been
198       updated. This can be used to implement any repository wide cleanup
199       tasks.
200
201       The exit code from this hook invocation is ignored; the only thing left
202       for git-receive-pack to do at that point is to exit itself anyway.
203
204       This hook can be used, for example, to run git update-server-info if
205       the repository is packed and is served via a dumb transport.
206
207           #!/bin/sh
208           exec git update-server-info
209

QUARANTINE ENVIRONMENT

211       When receive-pack takes in objects, they are placed into a temporary
212       "quarantine" directory within the $GIT_DIR/objects directory and
213       migrated into the main object store only after the pre-receive hook has
214       completed. If the push fails before then, the temporary directory is
215       removed entirely.
216
217       This has a few user-visible effects and caveats:
218
219        1. Pushes which fail due to problems with the incoming pack, missing
220           objects, or due to the pre-receive hook will not leave any on-disk
221           data. This is usually helpful to prevent repeated failed pushes
222           from filling up your disk, but can make debugging more challenging.
223
224        2. Any objects created by the pre-receive hook will be created in the
225           quarantine directory (and migrated only if it succeeds).
226
227        3. The pre-receive hook MUST NOT update any refs to point to
228           quarantined objects. Other programs accessing the repository will
229           not be able to see the objects (and if the pre-receive hook fails,
230           those refs would become corrupted). For safety, any ref updates
231           from within pre-receive are automatically rejected.
232

SEE ALSO

234       git-send-pack(1), gitnamespaces(7)
235

GIT

237       Part of the git(1) suite
238
239
240
241Git 2.31.1                        2021-03-26               GIT-RECEIVE-PACK(1)
Impressum