Documentation: pack-protocol correct NAK response
[git/git.git] / Documentation / technical / pack-protocol.txt
1 Packfile transfer protocols
2 ===========================
3
4 Git supports transferring data in packfiles over the ssh://, git://, http:// and
5 file:// transports. There exist two sets of protocols, one for pushing
6 data from a client to a server and another for fetching data from a
7 server to a client. The three transports (ssh, git, file) use the same
8 protocol to transfer data. http is documented in http-protocol.txt.
9
10 The processes invoked in the canonical Git implementation are 'upload-pack'
11 on the server side and 'fetch-pack' on the client side for fetching data;
12 then 'receive-pack' on the server and 'send-pack' on the client for pushing
13 data. The protocol functions to have a server tell a client what is
14 currently on the server, then for the two to negotiate the smallest amount
15 of data to send in order to fully update one or the other.
16
17 Transports
18 ----------
19 There are three transports over which the packfile protocol is
20 initiated. The Git transport is a simple, unauthenticated server that
21 takes the command (almost always 'upload-pack', though Git
22 servers can be configured to be globally writable, in which 'receive-
23 pack' initiation is also allowed) with which the client wishes to
24 communicate and executes it and connects it to the requesting
25 process.
26
27 In the SSH transport, the client just runs the 'upload-pack'
28 or 'receive-pack' process on the server over the SSH protocol and then
29 communicates with that invoked process over the SSH connection.
30
31 The file:// transport runs the 'upload-pack' or 'receive-pack'
32 process locally and communicates with it over a pipe.
33
34 Git Transport
35 -------------
36
37 The Git transport starts off by sending the command and repository
38 on the wire using the pkt-line format, followed by a NUL byte and a
39 hostname parameter, terminated by a NUL byte.
40
41 0032git-upload-pack /project.git\0host=myserver.com\0
42
43 --
44 git-proto-request = request-command SP pathname NUL [ host-parameter NUL ]
45 request-command = "git-upload-pack" / "git-receive-pack" /
46 "git-upload-archive" ; case sensitive
47 pathname = *( %x01-ff ) ; exclude NUL
48 host-parameter = "host=" hostname [ ":" port ]
49 --
50
51 Only host-parameter is allowed in the git-proto-request. Clients
52 MUST NOT attempt to send additional parameters. It is used for the
53 git-daemon name based virtual hosting. See --interpolated-path
54 option to git daemon, with the %H/%CH format characters.
55
56 Basically what the Git client is doing to connect to an 'upload-pack'
57 process on the server side over the Git protocol is this:
58
59 $ echo -e -n \
60 "0039git-upload-pack /schacon/gitbook.git\0host=example.com\0" |
61 nc -v example.com 9418
62
63 If the server refuses the request for some reasons, it could abort
64 gracefully with an error message.
65
66 ----
67 error-line = PKT-LINE("ERR" SP explanation-text)
68 ----
69
70
71 SSH Transport
72 -------------
73
74 Initiating the upload-pack or receive-pack processes over SSH is
75 executing the binary on the server via SSH remote execution.
76 It is basically equivalent to running this:
77
78 $ ssh git.example.com "git-upload-pack '/project.git'"
79
80 For a server to support Git pushing and pulling for a given user over
81 SSH, that user needs to be able to execute one or both of those
82 commands via the SSH shell that they are provided on login. On some
83 systems, that shell access is limited to only being able to run those
84 two commands, or even just one of them.
85
86 In an ssh:// format URI, it's absolute in the URI, so the '/' after
87 the host name (or port number) is sent as an argument, which is then
88 read by the remote git-upload-pack exactly as is, so it's effectively
89 an absolute path in the remote filesystem.
90
91 git clone ssh://user@example.com/project.git
92 |
93 v
94 ssh user@example.com "git-upload-pack '/project.git'"
95
96 In a "user@host:path" format URI, its relative to the user's home
97 directory, because the Git client will run:
98
99 git clone user@example.com:project.git
100 |
101 v
102 ssh user@example.com "git-upload-pack 'project.git'"
103
104 The exception is if a '~' is used, in which case
105 we execute it without the leading '/'.
106
107 ssh://user@example.com/~alice/project.git,
108 |
109 v
110 ssh user@example.com "git-upload-pack '~alice/project.git'"
111
112 A few things to remember here:
113
114 - The "command name" is spelled with dash (e.g. git-upload-pack), but
115 this can be overridden by the client;
116
117 - The repository path is always quoted with single quotes.
118
119 Fetching Data From a Server
120 ---------------------------
121
122 When one Git repository wants to get data that a second repository
123 has, the first can 'fetch' from the second. This operation determines
124 what data the server has that the client does not then streams that
125 data down to the client in packfile format.
126
127
128 Reference Discovery
129 -------------------
130
131 When the client initially connects the server will immediately respond
132 with a listing of each reference it has (all branches and tags) along
133 with the object name that each reference currently points to.
134
135 $ echo -e -n "0039git-upload-pack /schacon/gitbook.git\0host=example.com\0" |
136 nc -v example.com 9418
137 00887217a7c7e582c46cec22a130adf4b9d7d950fba0 HEAD\0multi_ack thin-pack
138 side-band side-band-64k ofs-delta shallow no-progress include-tag
139 00441d3fcd5ced445d1abc402225c0b8a1299641f497 refs/heads/integration
140 003f7217a7c7e582c46cec22a130adf4b9d7d950fba0 refs/heads/master
141 003cb88d2441cac0977faf98efc80305012112238d9d refs/tags/v0.9
142 003c525128480b96c89e6418b1e40909bf6c5b2d580f refs/tags/v1.0
143 003fe92df48743b7bc7d26bcaabfddde0a1e20cae47c refs/tags/v1.0^{}
144 0000
145
146 Server SHOULD terminate each non-flush line using LF ("\n") terminator;
147 client MUST NOT complain if there is no terminator.
148
149 The returned response is a pkt-line stream describing each ref and
150 its current value. The stream MUST be sorted by name according to
151 the C locale ordering.
152
153 If HEAD is a valid ref, HEAD MUST appear as the first advertised
154 ref. If HEAD is not a valid ref, HEAD MUST NOT appear in the
155 advertisement list at all, but other refs may still appear.
156
157 The stream MUST include capability declarations behind a NUL on the
158 first ref. The peeled value of a ref (that is "ref^{}") MUST be
159 immediately after the ref itself, if presented. A conforming server
160 MUST peel the ref if it's an annotated tag.
161
162 ----
163 advertised-refs = (no-refs / list-of-refs)
164 *shallow
165 flush-pkt
166
167 no-refs = PKT-LINE(zero-id SP "capabilities^{}"
168 NUL capability-list LF)
169
170 list-of-refs = first-ref *other-ref
171 first-ref = PKT-LINE(obj-id SP refname
172 NUL capability-list LF)
173
174 other-ref = PKT-LINE(other-tip / other-peeled)
175 other-tip = obj-id SP refname LF
176 other-peeled = obj-id SP refname "^{}" LF
177
178 shallow = PKT-LINE("shallow" SP obj-id)
179
180 capability-list = capability *(SP capability)
181 capability = 1*(LC_ALPHA / DIGIT / "-" / "_")
182 LC_ALPHA = %x61-7A
183 ----
184
185 Server and client MUST use lowercase for obj-id, both MUST treat obj-id
186 as case-insensitive.
187
188 See protocol-capabilities.txt for a list of allowed server capabilities
189 and descriptions.
190
191 Packfile Negotiation
192 --------------------
193 After reference and capabilities discovery, the client can decide to
194 terminate the connection by sending a flush-pkt, telling the server it can
195 now gracefully terminate, and disconnect, when it does not need any pack
196 data. This can happen with the ls-remote command, and also can happen when
197 the client already is up-to-date.
198
199 Otherwise, it enters the negotiation phase, where the client and
200 server determine what the minimal packfile necessary for transport is,
201 by telling the server what objects it wants, its shallow objects
202 (if any), and the maximum commit depth it wants (if any). The client
203 will also send a list of the capabilities it wants to be in effect,
204 out of what the server said it could do with the first 'want' line.
205
206 ----
207 upload-request = want-list
208 *shallow-line
209 *1depth-request
210 flush-pkt
211
212 want-list = first-want
213 *additional-want
214
215 shallow-line = PKT-LINE("shallow" SP obj-id)
216
217 depth-request = PKT-LINE("deepen" SP depth)
218
219 first-want = PKT-LINE("want" SP obj-id SP capability-list LF)
220 additional-want = PKT-LINE("want" SP obj-id LF)
221
222 depth = 1*DIGIT
223 ----
224
225 Clients MUST send all the obj-ids it wants from the reference
226 discovery phase as 'want' lines. Clients MUST send at least one
227 'want' command in the request body. Clients MUST NOT mention an
228 obj-id in a 'want' command which did not appear in the response
229 obtained through ref discovery.
230
231 The client MUST write all obj-ids which it only has shallow copies
232 of (meaning that it does not have the parents of a commit) as
233 'shallow' lines so that the server is aware of the limitations of
234 the client's history.
235
236 The client now sends the maximum commit history depth it wants for
237 this transaction, which is the number of commits it wants from the
238 tip of the history, if any, as a 'deepen' line. A depth of 0 is the
239 same as not making a depth request. The client does not want to receive
240 any commits beyond this depth, nor does it want objects needed only to
241 complete those commits. Commits whose parents are not received as a
242 result are defined as shallow and marked as such in the server. This
243 information is sent back to the client in the next step.
244
245 Once all the 'want's and 'shallow's (and optional 'deepen') are
246 transferred, clients MUST send a flush-pkt, to tell the server side
247 that it is done sending the list.
248
249 Otherwise, if the client sent a positive depth request, the server
250 will determine which commits will and will not be shallow and
251 send this information to the client. If the client did not request
252 a positive depth, this step is skipped.
253
254 ----
255 shallow-update = *shallow-line
256 *unshallow-line
257 flush-pkt
258
259 shallow-line = PKT-LINE("shallow" SP obj-id)
260
261 unshallow-line = PKT-LINE("unshallow" SP obj-id)
262 ----
263
264 If the client has requested a positive depth, the server will compute
265 the set of commits which are no deeper than the desired depth. The set
266 of commits start at the client's wants.
267
268 The server writes 'shallow' lines for each
269 commit whose parents will not be sent as a result. The server writes
270 an 'unshallow' line for each commit which the client has indicated is
271 shallow, but is no longer shallow at the currently requested depth
272 (that is, its parents will now be sent). The server MUST NOT mark
273 as unshallow anything which the client has not indicated was shallow.
274
275 Now the client will send a list of the obj-ids it has using 'have'
276 lines, so the server can make a packfile that only contains the objects
277 that the client needs. In multi_ack mode, the canonical implementation
278 will send up to 32 of these at a time, then will send a flush-pkt. The
279 canonical implementation will skip ahead and send the next 32 immediately,
280 so that there is always a block of 32 "in-flight on the wire" at a time.
281
282 ----
283 upload-haves = have-list
284 compute-end
285
286 have-list = *have-line
287 have-line = PKT-LINE("have" SP obj-id LF)
288 compute-end = flush-pkt / PKT-LINE("done")
289 ----
290
291 If the server reads 'have' lines, it then will respond by ACKing any
292 of the obj-ids the client said it had that the server also has. The
293 server will ACK obj-ids differently depending on which ack mode is
294 chosen by the client.
295
296 In multi_ack mode:
297
298 * the server will respond with 'ACK obj-id continue' for any common
299 commits.
300
301 * once the server has found an acceptable common base commit and is
302 ready to make a packfile, it will blindly ACK all 'have' obj-ids
303 back to the client.
304
305 * the server will then send a 'NAK' and then wait for another response
306 from the client - either a 'done' or another list of 'have' lines.
307
308 In multi_ack_detailed mode:
309
310 * the server will differentiate the ACKs where it is signaling
311 that it is ready to send data with 'ACK obj-id ready' lines, and
312 signals the identified common commits with 'ACK obj-id common' lines.
313
314 Without either multi_ack or multi_ack_detailed:
315
316 * upload-pack sends "ACK obj-id" on the first common object it finds.
317 After that it says nothing until the client gives it a "done".
318
319 * upload-pack sends "NAK" on a flush-pkt if no common object
320 has been found yet. If one has been found, and thus an ACK
321 was already sent, it's silent on the flush-pkt.
322
323 After the client has gotten enough ACK responses that it can determine
324 that the server has enough information to send an efficient packfile
325 (in the canonical implementation, this is determined when it has received
326 enough ACKs that it can color everything left in the --date-order queue
327 as common with the server, or the --date-order queue is empty), or the
328 client determines that it wants to give up (in the canonical implementation,
329 this is determined when the client sends 256 'have' lines without getting
330 any of them ACKed by the server - meaning there is nothing in common and
331 the server should just send all of its objects), then the client will send
332 a 'done' command. The 'done' command signals to the server that the client
333 is ready to receive its packfile data.
334
335 However, the 256 limit *only* turns on in the canonical client
336 implementation if we have received at least one "ACK %s continue"
337 during a prior round. This helps to ensure that at least one common
338 ancestor is found before we give up entirely.
339
340 Once the 'done' line is read from the client, the server will either
341 send a final 'ACK obj-id' or it will send a 'NAK'. 'obj-id' is the object
342 name of the last commit determined to be common. The server only sends
343 ACK after 'done' if there is at least one common base and multi_ack or
344 multi_ack_detailed is enabled. The server always sends NAK after 'done'
345 if there is no common base found.
346
347 Then the server will start sending its packfile data.
348
349 ----
350 server-response = *ack_multi ack / nak
351 ack_multi = PKT-LINE("ACK" SP obj-id ack_status LF)
352 ack_status = "continue" / "common" / "ready"
353 ack = PKT-LINE("ACK SP obj-id LF)
354 nak = PKT-LINE("NAK" LF)
355 ----
356
357 A simple clone may look like this (with no 'have' lines):
358
359 ----
360 C: 0054want 74730d410fcb6603ace96f1dc55ea6196122532d multi_ack \
361 side-band-64k ofs-delta\n
362 C: 0032want 7d1665144a3a975c05f1f43902ddaf084e784dbe\n
363 C: 0032want 5a3f6be755bbb7deae50065988cbfa1ffa9ab68a\n
364 C: 0032want 7e47fe2bd8d01d481f44d7af0531bd93d3b21c01\n
365 C: 0032want 74730d410fcb6603ace96f1dc55ea6196122532d\n
366 C: 0000
367 C: 0009done\n
368
369 S: 0008NAK\n
370 S: [PACKFILE]
371 ----
372
373 An incremental update (fetch) response might look like this:
374
375 ----
376 C: 0054want 74730d410fcb6603ace96f1dc55ea6196122532d multi_ack \
377 side-band-64k ofs-delta\n
378 C: 0032want 7d1665144a3a975c05f1f43902ddaf084e784dbe\n
379 C: 0032want 5a3f6be755bbb7deae50065988cbfa1ffa9ab68a\n
380 C: 0000
381 C: 0032have 7e47fe2bd8d01d481f44d7af0531bd93d3b21c01\n
382 C: [30 more have lines]
383 C: 0032have 74730d410fcb6603ace96f1dc55ea6196122532d\n
384 C: 0000
385
386 S: 003aACK 7e47fe2bd8d01d481f44d7af0531bd93d3b21c01 continue\n
387 S: 003aACK 74730d410fcb6603ace96f1dc55ea6196122532d continue\n
388 S: 0008NAK\n
389
390 C: 0009done\n
391
392 S: 0031ACK 74730d410fcb6603ace96f1dc55ea6196122532d\n
393 S: [PACKFILE]
394 ----
395
396
397 Packfile Data
398 -------------
399
400 Now that the client and server have finished negotiation about what
401 the minimal amount of data that needs to be sent to the client is, the server
402 will construct and send the required data in packfile format.
403
404 See pack-format.txt for what the packfile itself actually looks like.
405
406 If 'side-band' or 'side-band-64k' capabilities have been specified by
407 the client, the server will send the packfile data multiplexed.
408
409 Each packet starting with the packet-line length of the amount of data
410 that follows, followed by a single byte specifying the sideband the
411 following data is coming in on.
412
413 In 'side-band' mode, it will send up to 999 data bytes plus 1 control
414 code, for a total of up to 1000 bytes in a pkt-line. In 'side-band-64k'
415 mode it will send up to 65519 data bytes plus 1 control code, for a
416 total of up to 65520 bytes in a pkt-line.
417
418 The sideband byte will be a '1', '2' or a '3'. Sideband '1' will contain
419 packfile data, sideband '2' will be used for progress information that the
420 client will generally print to stderr and sideband '3' is used for error
421 information.
422
423 If no 'side-band' capability was specified, the server will stream the
424 entire packfile without multiplexing.
425
426
427 Pushing Data To a Server
428 ------------------------
429
430 Pushing data to a server will invoke the 'receive-pack' process on the
431 server, which will allow the client to tell it which references it should
432 update and then send all the data the server will need for those new
433 references to be complete. Once all the data is received and validated,
434 the server will then update its references to what the client specified.
435
436 Authentication
437 --------------
438
439 The protocol itself contains no authentication mechanisms. That is to be
440 handled by the transport, such as SSH, before the 'receive-pack' process is
441 invoked. If 'receive-pack' is configured over the Git transport, those
442 repositories will be writable by anyone who can access that port (9418) as
443 that transport is unauthenticated.
444
445 Reference Discovery
446 -------------------
447
448 The reference discovery phase is done nearly the same way as it is in the
449 fetching protocol. Each reference obj-id and name on the server is sent
450 in packet-line format to the client, followed by a flush-pkt. The only
451 real difference is that the capability listing is different - the only
452 possible values are 'report-status', 'delete-refs' and 'ofs-delta'.
453
454 Reference Update Request and Packfile Transfer
455 ----------------------------------------------
456
457 Once the client knows what references the server is at, it can send a
458 list of reference update requests. For each reference on the server
459 that it wants to update, it sends a line listing the obj-id currently on
460 the server, the obj-id the client would like to update it to and the name
461 of the reference.
462
463 This list is followed by a flush-pkt and then the packfile that should
464 contain all the objects that the server will need to complete the new
465 references.
466
467 ----
468 update-request = *shallow ( command-list | push-cert ) [packfile]
469
470 shallow = PKT-LINE("shallow" SP obj-id LF)
471
472 command-list = PKT-LINE(command NUL capability-list LF)
473 *PKT-LINE(command LF)
474 flush-pkt
475
476 command = create / delete / update
477 create = zero-id SP new-id SP name
478 delete = old-id SP zero-id SP name
479 update = old-id SP new-id SP name
480
481 old-id = obj-id
482 new-id = obj-id
483
484 push-cert = PKT-LINE("push-cert" NUL capability-list LF)
485 PKT-LINE("certificate version 0.1" LF)
486 PKT-LINE("pusher" SP ident LF)
487 PKT-LINE("pushee" SP url LF)
488 PKT-LINE("nonce" SP nonce LF)
489 PKT-LINE(LF)
490 *PKT-LINE(command LF)
491 *PKT-LINE(gpg-signature-lines LF)
492 PKT-LINE("push-cert-end" LF)
493
494 packfile = "PACK" 28*(OCTET)
495 ----
496
497 If the receiving end does not support delete-refs, the sending end MUST
498 NOT ask for delete command.
499
500 If the receiving end does not support push-cert, the sending end
501 MUST NOT send a push-cert command. When a push-cert command is
502 sent, command-list MUST NOT be sent; the commands recorded in the
503 push certificate is used instead.
504
505 The packfile MUST NOT be sent if the only command used is 'delete'.
506
507 A packfile MUST be sent if either create or update command is used,
508 even if the server already has all the necessary objects. In this
509 case the client MUST send an empty packfile. The only time this
510 is likely to happen is if the client is creating
511 a new branch or a tag that points to an existing obj-id.
512
513 The server will receive the packfile, unpack it, then validate each
514 reference that is being updated that it hasn't changed while the request
515 was being processed (the obj-id is still the same as the old-id), and
516 it will run any update hooks to make sure that the update is acceptable.
517 If all of that is fine, the server will then update the references.
518
519 Push Certificate
520 ----------------
521
522 A push certificate begins with a set of header lines. After the
523 header and an empty line, the protocol commands follow, one per
524 line.
525
526 Currently, the following header fields are defined:
527
528 `pusher` ident::
529 Identify the GPG key in "Human Readable Name <email@address>"
530 format.
531
532 `pushee` url::
533 The repository URL (anonymized, if the URL contains
534 authentication material) the user who ran `git push`
535 intended to push into.
536
537 `nonce` nonce::
538 The 'nonce' string the receiving repository asked the
539 pushing user to include in the certificate, to prevent
540 replay attacks.
541
542 The GPG signature lines are a detached signature for the contents
543 recorded in the push certificate before the signature block begins.
544 The detached signature is used to certify that the commands were
545 given by the pusher, who must be the signer.
546
547 Report Status
548 -------------
549
550 After receiving the pack data from the sender, the receiver sends a
551 report if 'report-status' capability is in effect.
552 It is a short listing of what happened in that update. It will first
553 list the status of the packfile unpacking as either 'unpack ok' or
554 'unpack [error]'. Then it will list the status for each of the references
555 that it tried to update. Each line is either 'ok [refname]' if the
556 update was successful, or 'ng [refname] [error]' if the update was not.
557
558 ----
559 report-status = unpack-status
560 1*(command-status)
561 flush-pkt
562
563 unpack-status = PKT-LINE("unpack" SP unpack-result LF)
564 unpack-result = "ok" / error-msg
565
566 command-status = command-ok / command-fail
567 command-ok = PKT-LINE("ok" SP refname LF)
568 command-fail = PKT-LINE("ng" SP refname SP error-msg LF)
569
570 error-msg = 1*(OCTECT) ; where not "ok"
571 ----
572
573 Updates can be unsuccessful for a number of reasons. The reference can have
574 changed since the reference discovery phase was originally sent, meaning
575 someone pushed in the meantime. The reference being pushed could be a
576 non-fast-forward reference and the update hooks or configuration could be
577 set to not allow that, etc. Also, some references can be updated while others
578 can be rejected.
579
580 An example client/server communication might look like this:
581
582 ----
583 S: 007c74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/local\0report-status delete-refs ofs-delta\n
584 S: 003e7d1665144a3a975c05f1f43902ddaf084e784dbe refs/heads/debug\n
585 S: 003f74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/master\n
586 S: 003f74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/team\n
587 S: 0000
588
589 C: 003e7d1665144a3a975c05f1f43902ddaf084e784dbe 74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/debug\n
590 C: 003e74730d410fcb6603ace96f1dc55ea6196122532d 5a3f6be755bbb7deae50065988cbfa1ffa9ab68a refs/heads/master\n
591 C: 0000
592 C: [PACKDATA]
593
594 S: 000eunpack ok\n
595 S: 0018ok refs/heads/debug\n
596 S: 002ang refs/heads/master non-fast-forward\n
597 ----