Merge branch 'ls/no-double-utf8-author-name' of ../git-gui into ls/git-gui-no-double...
[git/git.git] / Documentation / technical / pack-protocol.txt
1 Packfile transfer protocols
2 ===========================
3
4 Git supports transferring data in packfiles over the ssh://, git://, http:// and
5 file:// transports. There exist two sets of protocols, one for pushing
6 data from a client to a server and another for fetching data from a
7 server to a client. The three transports (ssh, git, file) use the same
8 protocol to transfer data. http is documented in http-protocol.txt.
9
10 The processes invoked in the canonical Git implementation are 'upload-pack'
11 on the server side and 'fetch-pack' on the client side for fetching data;
12 then 'receive-pack' on the server and 'send-pack' on the client for pushing
13 data. The protocol functions to have a server tell a client what is
14 currently on the server, then for the two to negotiate the smallest amount
15 of data to send in order to fully update one or the other.
16
17 pkt-line Format
18 ---------------
19
20 The descriptions below build on the pkt-line format described in
21 protocol-common.txt. When the grammar indicate `PKT-LINE(...)`, unless
22 otherwise noted the usual pkt-line LF rules apply: the sender SHOULD
23 include a LF, but the receiver MUST NOT complain if it is not present.
24
25 Transports
26 ----------
27 There are three transports over which the packfile protocol is
28 initiated. The Git transport is a simple, unauthenticated server that
29 takes the command (almost always 'upload-pack', though Git
30 servers can be configured to be globally writable, in which 'receive-
31 pack' initiation is also allowed) with which the client wishes to
32 communicate and executes it and connects it to the requesting
33 process.
34
35 In the SSH transport, the client just runs the 'upload-pack'
36 or 'receive-pack' process on the server over the SSH protocol and then
37 communicates with that invoked process over the SSH connection.
38
39 The file:// transport runs the 'upload-pack' or 'receive-pack'
40 process locally and communicates with it over a pipe.
41
42 Git Transport
43 -------------
44
45 The Git transport starts off by sending the command and repository
46 on the wire using the pkt-line format, followed by a NUL byte and a
47 hostname parameter, terminated by a NUL byte.
48
49 0032git-upload-pack /project.git\0host=myserver.com\0
50
51 --
52 git-proto-request = request-command SP pathname NUL [ host-parameter NUL ]
53 request-command = "git-upload-pack" / "git-receive-pack" /
54 "git-upload-archive" ; case sensitive
55 pathname = *( %x01-ff ) ; exclude NUL
56 host-parameter = "host=" hostname [ ":" port ]
57 --
58
59 Only host-parameter is allowed in the git-proto-request. Clients
60 MUST NOT attempt to send additional parameters. It is used for the
61 git-daemon name based virtual hosting. See --interpolated-path
62 option to git daemon, with the %H/%CH format characters.
63
64 Basically what the Git client is doing to connect to an 'upload-pack'
65 process on the server side over the Git protocol is this:
66
67 $ echo -e -n \
68 "0039git-upload-pack /schacon/gitbook.git\0host=example.com\0" |
69 nc -v example.com 9418
70
71 If the server refuses the request for some reasons, it could abort
72 gracefully with an error message.
73
74 ----
75 error-line = PKT-LINE("ERR" SP explanation-text)
76 ----
77
78
79 SSH Transport
80 -------------
81
82 Initiating the upload-pack or receive-pack processes over SSH is
83 executing the binary on the server via SSH remote execution.
84 It is basically equivalent to running this:
85
86 $ ssh git.example.com "git-upload-pack '/project.git'"
87
88 For a server to support Git pushing and pulling for a given user over
89 SSH, that user needs to be able to execute one or both of those
90 commands via the SSH shell that they are provided on login. On some
91 systems, that shell access is limited to only being able to run those
92 two commands, or even just one of them.
93
94 In an ssh:// format URI, it's absolute in the URI, so the '/' after
95 the host name (or port number) is sent as an argument, which is then
96 read by the remote git-upload-pack exactly as is, so it's effectively
97 an absolute path in the remote filesystem.
98
99 git clone ssh://user@example.com/project.git
100 |
101 v
102 ssh user@example.com "git-upload-pack '/project.git'"
103
104 In a "user@host:path" format URI, its relative to the user's home
105 directory, because the Git client will run:
106
107 git clone user@example.com:project.git
108 |
109 v
110 ssh user@example.com "git-upload-pack 'project.git'"
111
112 The exception is if a '~' is used, in which case
113 we execute it without the leading '/'.
114
115 ssh://user@example.com/~alice/project.git,
116 |
117 v
118 ssh user@example.com "git-upload-pack '~alice/project.git'"
119
120 A few things to remember here:
121
122 - The "command name" is spelled with dash (e.g. git-upload-pack), but
123 this can be overridden by the client;
124
125 - The repository path is always quoted with single quotes.
126
127 Fetching Data From a Server
128 ---------------------------
129
130 When one Git repository wants to get data that a second repository
131 has, the first can 'fetch' from the second. This operation determines
132 what data the server has that the client does not then streams that
133 data down to the client in packfile format.
134
135
136 Reference Discovery
137 -------------------
138
139 When the client initially connects the server will immediately respond
140 with a listing of each reference it has (all branches and tags) along
141 with the object name that each reference currently points to.
142
143 $ echo -e -n "0039git-upload-pack /schacon/gitbook.git\0host=example.com\0" |
144 nc -v example.com 9418
145 00887217a7c7e582c46cec22a130adf4b9d7d950fba0 HEAD\0multi_ack thin-pack
146 side-band side-band-64k ofs-delta shallow no-progress include-tag
147 00441d3fcd5ced445d1abc402225c0b8a1299641f497 refs/heads/integration
148 003f7217a7c7e582c46cec22a130adf4b9d7d950fba0 refs/heads/master
149 003cb88d2441cac0977faf98efc80305012112238d9d refs/tags/v0.9
150 003c525128480b96c89e6418b1e40909bf6c5b2d580f refs/tags/v1.0
151 003fe92df48743b7bc7d26bcaabfddde0a1e20cae47c refs/tags/v1.0^{}
152 0000
153
154 The returned response is a pkt-line stream describing each ref and
155 its current value. The stream MUST be sorted by name according to
156 the C locale ordering.
157
158 If HEAD is a valid ref, HEAD MUST appear as the first advertised
159 ref. If HEAD is not a valid ref, HEAD MUST NOT appear in the
160 advertisement list at all, but other refs may still appear.
161
162 The stream MUST include capability declarations behind a NUL on the
163 first ref. The peeled value of a ref (that is "ref^{}") MUST be
164 immediately after the ref itself, if presented. A conforming server
165 MUST peel the ref if it's an annotated tag.
166
167 ----
168 advertised-refs = (no-refs / list-of-refs)
169 *shallow
170 flush-pkt
171
172 no-refs = PKT-LINE(zero-id SP "capabilities^{}"
173 NUL capability-list)
174
175 list-of-refs = first-ref *other-ref
176 first-ref = PKT-LINE(obj-id SP refname
177 NUL capability-list)
178
179 other-ref = PKT-LINE(other-tip / other-peeled)
180 other-tip = obj-id SP refname
181 other-peeled = obj-id SP refname "^{}"
182
183 shallow = PKT-LINE("shallow" SP obj-id)
184
185 capability-list = capability *(SP capability)
186 capability = 1*(LC_ALPHA / DIGIT / "-" / "_")
187 LC_ALPHA = %x61-7A
188 ----
189
190 Server and client MUST use lowercase for obj-id, both MUST treat obj-id
191 as case-insensitive.
192
193 See protocol-capabilities.txt for a list of allowed server capabilities
194 and descriptions.
195
196 Packfile Negotiation
197 --------------------
198 After reference and capabilities discovery, the client can decide to
199 terminate the connection by sending a flush-pkt, telling the server it can
200 now gracefully terminate, and disconnect, when it does not need any pack
201 data. This can happen with the ls-remote command, and also can happen when
202 the client already is up to date.
203
204 Otherwise, it enters the negotiation phase, where the client and
205 server determine what the minimal packfile necessary for transport is,
206 by telling the server what objects it wants, its shallow objects
207 (if any), and the maximum commit depth it wants (if any). The client
208 will also send a list of the capabilities it wants to be in effect,
209 out of what the server said it could do with the first 'want' line.
210
211 ----
212 upload-request = want-list
213 *shallow-line
214 *1depth-request
215 flush-pkt
216
217 want-list = first-want
218 *additional-want
219
220 shallow-line = PKT-LINE("shallow" SP obj-id)
221
222 depth-request = PKT-LINE("deepen" SP depth) /
223 PKT-LINE("deepen-since" SP timestamp) /
224 PKT-LINE("deepen-not" SP ref)
225
226 first-want = PKT-LINE("want" SP obj-id SP capability-list)
227 additional-want = PKT-LINE("want" SP obj-id)
228
229 depth = 1*DIGIT
230 ----
231
232 Clients MUST send all the obj-ids it wants from the reference
233 discovery phase as 'want' lines. Clients MUST send at least one
234 'want' command in the request body. Clients MUST NOT mention an
235 obj-id in a 'want' command which did not appear in the response
236 obtained through ref discovery.
237
238 The client MUST write all obj-ids which it only has shallow copies
239 of (meaning that it does not have the parents of a commit) as
240 'shallow' lines so that the server is aware of the limitations of
241 the client's history.
242
243 The client now sends the maximum commit history depth it wants for
244 this transaction, which is the number of commits it wants from the
245 tip of the history, if any, as a 'deepen' line. A depth of 0 is the
246 same as not making a depth request. The client does not want to receive
247 any commits beyond this depth, nor does it want objects needed only to
248 complete those commits. Commits whose parents are not received as a
249 result are defined as shallow and marked as such in the server. This
250 information is sent back to the client in the next step.
251
252 Once all the 'want's and 'shallow's (and optional 'deepen') are
253 transferred, clients MUST send a flush-pkt, to tell the server side
254 that it is done sending the list.
255
256 Otherwise, if the client sent a positive depth request, the server
257 will determine which commits will and will not be shallow and
258 send this information to the client. If the client did not request
259 a positive depth, this step is skipped.
260
261 ----
262 shallow-update = *shallow-line
263 *unshallow-line
264 flush-pkt
265
266 shallow-line = PKT-LINE("shallow" SP obj-id)
267
268 unshallow-line = PKT-LINE("unshallow" SP obj-id)
269 ----
270
271 If the client has requested a positive depth, the server will compute
272 the set of commits which are no deeper than the desired depth. The set
273 of commits start at the client's wants.
274
275 The server writes 'shallow' lines for each
276 commit whose parents will not be sent as a result. The server writes
277 an 'unshallow' line for each commit which the client has indicated is
278 shallow, but is no longer shallow at the currently requested depth
279 (that is, its parents will now be sent). The server MUST NOT mark
280 as unshallow anything which the client has not indicated was shallow.
281
282 Now the client will send a list of the obj-ids it has using 'have'
283 lines, so the server can make a packfile that only contains the objects
284 that the client needs. In multi_ack mode, the canonical implementation
285 will send up to 32 of these at a time, then will send a flush-pkt. The
286 canonical implementation will skip ahead and send the next 32 immediately,
287 so that there is always a block of 32 "in-flight on the wire" at a time.
288
289 ----
290 upload-haves = have-list
291 compute-end
292
293 have-list = *have-line
294 have-line = PKT-LINE("have" SP obj-id)
295 compute-end = flush-pkt / PKT-LINE("done")
296 ----
297
298 If the server reads 'have' lines, it then will respond by ACKing any
299 of the obj-ids the client said it had that the server also has. The
300 server will ACK obj-ids differently depending on which ack mode is
301 chosen by the client.
302
303 In multi_ack mode:
304
305 * the server will respond with 'ACK obj-id continue' for any common
306 commits.
307
308 * once the server has found an acceptable common base commit and is
309 ready to make a packfile, it will blindly ACK all 'have' obj-ids
310 back to the client.
311
312 * the server will then send a 'NAK' and then wait for another response
313 from the client - either a 'done' or another list of 'have' lines.
314
315 In multi_ack_detailed mode:
316
317 * the server will differentiate the ACKs where it is signaling
318 that it is ready to send data with 'ACK obj-id ready' lines, and
319 signals the identified common commits with 'ACK obj-id common' lines.
320
321 Without either multi_ack or multi_ack_detailed:
322
323 * upload-pack sends "ACK obj-id" on the first common object it finds.
324 After that it says nothing until the client gives it a "done".
325
326 * upload-pack sends "NAK" on a flush-pkt if no common object
327 has been found yet. If one has been found, and thus an ACK
328 was already sent, it's silent on the flush-pkt.
329
330 After the client has gotten enough ACK responses that it can determine
331 that the server has enough information to send an efficient packfile
332 (in the canonical implementation, this is determined when it has received
333 enough ACKs that it can color everything left in the --date-order queue
334 as common with the server, or the --date-order queue is empty), or the
335 client determines that it wants to give up (in the canonical implementation,
336 this is determined when the client sends 256 'have' lines without getting
337 any of them ACKed by the server - meaning there is nothing in common and
338 the server should just send all of its objects), then the client will send
339 a 'done' command. The 'done' command signals to the server that the client
340 is ready to receive its packfile data.
341
342 However, the 256 limit *only* turns on in the canonical client
343 implementation if we have received at least one "ACK %s continue"
344 during a prior round. This helps to ensure that at least one common
345 ancestor is found before we give up entirely.
346
347 Once the 'done' line is read from the client, the server will either
348 send a final 'ACK obj-id' or it will send a 'NAK'. 'obj-id' is the object
349 name of the last commit determined to be common. The server only sends
350 ACK after 'done' if there is at least one common base and multi_ack or
351 multi_ack_detailed is enabled. The server always sends NAK after 'done'
352 if there is no common base found.
353
354 Instead of 'ACK' or 'NAK', the server may send an error message (for
355 example, if it does not recognize an object in a 'want' line received
356 from the client).
357
358 Then the server will start sending its packfile data.
359
360 ----
361 server-response = *ack_multi ack / nak / error-line
362 ack_multi = PKT-LINE("ACK" SP obj-id ack_status)
363 ack_status = "continue" / "common" / "ready"
364 ack = PKT-LINE("ACK" SP obj-id)
365 nak = PKT-LINE("NAK")
366 error-line = PKT-LINE("ERR" SP explanation-text)
367 ----
368
369 A simple clone may look like this (with no 'have' lines):
370
371 ----
372 C: 0054want 74730d410fcb6603ace96f1dc55ea6196122532d multi_ack \
373 side-band-64k ofs-delta\n
374 C: 0032want 7d1665144a3a975c05f1f43902ddaf084e784dbe\n
375 C: 0032want 5a3f6be755bbb7deae50065988cbfa1ffa9ab68a\n
376 C: 0032want 7e47fe2bd8d01d481f44d7af0531bd93d3b21c01\n
377 C: 0032want 74730d410fcb6603ace96f1dc55ea6196122532d\n
378 C: 0000
379 C: 0009done\n
380
381 S: 0008NAK\n
382 S: [PACKFILE]
383 ----
384
385 An incremental update (fetch) response might look like this:
386
387 ----
388 C: 0054want 74730d410fcb6603ace96f1dc55ea6196122532d multi_ack \
389 side-band-64k ofs-delta\n
390 C: 0032want 7d1665144a3a975c05f1f43902ddaf084e784dbe\n
391 C: 0032want 5a3f6be755bbb7deae50065988cbfa1ffa9ab68a\n
392 C: 0000
393 C: 0032have 7e47fe2bd8d01d481f44d7af0531bd93d3b21c01\n
394 C: [30 more have lines]
395 C: 0032have 74730d410fcb6603ace96f1dc55ea6196122532d\n
396 C: 0000
397
398 S: 003aACK 7e47fe2bd8d01d481f44d7af0531bd93d3b21c01 continue\n
399 S: 003aACK 74730d410fcb6603ace96f1dc55ea6196122532d continue\n
400 S: 0008NAK\n
401
402 C: 0009done\n
403
404 S: 0031ACK 74730d410fcb6603ace96f1dc55ea6196122532d\n
405 S: [PACKFILE]
406 ----
407
408
409 Packfile Data
410 -------------
411
412 Now that the client and server have finished negotiation about what
413 the minimal amount of data that needs to be sent to the client is, the server
414 will construct and send the required data in packfile format.
415
416 See pack-format.txt for what the packfile itself actually looks like.
417
418 If 'side-band' or 'side-band-64k' capabilities have been specified by
419 the client, the server will send the packfile data multiplexed.
420
421 Each packet starting with the packet-line length of the amount of data
422 that follows, followed by a single byte specifying the sideband the
423 following data is coming in on.
424
425 In 'side-band' mode, it will send up to 999 data bytes plus 1 control
426 code, for a total of up to 1000 bytes in a pkt-line. In 'side-band-64k'
427 mode it will send up to 65519 data bytes plus 1 control code, for a
428 total of up to 65520 bytes in a pkt-line.
429
430 The sideband byte will be a '1', '2' or a '3'. Sideband '1' will contain
431 packfile data, sideband '2' will be used for progress information that the
432 client will generally print to stderr and sideband '3' is used for error
433 information.
434
435 If no 'side-band' capability was specified, the server will stream the
436 entire packfile without multiplexing.
437
438
439 Pushing Data To a Server
440 ------------------------
441
442 Pushing data to a server will invoke the 'receive-pack' process on the
443 server, which will allow the client to tell it which references it should
444 update and then send all the data the server will need for those new
445 references to be complete. Once all the data is received and validated,
446 the server will then update its references to what the client specified.
447
448 Authentication
449 --------------
450
451 The protocol itself contains no authentication mechanisms. That is to be
452 handled by the transport, such as SSH, before the 'receive-pack' process is
453 invoked. If 'receive-pack' is configured over the Git transport, those
454 repositories will be writable by anyone who can access that port (9418) as
455 that transport is unauthenticated.
456
457 Reference Discovery
458 -------------------
459
460 The reference discovery phase is done nearly the same way as it is in the
461 fetching protocol. Each reference obj-id and name on the server is sent
462 in packet-line format to the client, followed by a flush-pkt. The only
463 real difference is that the capability listing is different - the only
464 possible values are 'report-status', 'delete-refs', 'ofs-delta' and
465 'push-options'.
466
467 Reference Update Request and Packfile Transfer
468 ----------------------------------------------
469
470 Once the client knows what references the server is at, it can send a
471 list of reference update requests. For each reference on the server
472 that it wants to update, it sends a line listing the obj-id currently on
473 the server, the obj-id the client would like to update it to and the name
474 of the reference.
475
476 This list is followed by a flush-pkt.
477
478 ----
479 update-requests = *shallow ( command-list | push-cert )
480
481 shallow = PKT-LINE("shallow" SP obj-id)
482
483 command-list = PKT-LINE(command NUL capability-list)
484 *PKT-LINE(command)
485 flush-pkt
486
487 command = create / delete / update
488 create = zero-id SP new-id SP name
489 delete = old-id SP zero-id SP name
490 update = old-id SP new-id SP name
491
492 old-id = obj-id
493 new-id = obj-id
494
495 push-cert = PKT-LINE("push-cert" NUL capability-list LF)
496 PKT-LINE("certificate version 0.1" LF)
497 PKT-LINE("pusher" SP ident LF)
498 PKT-LINE("pushee" SP url LF)
499 PKT-LINE("nonce" SP nonce LF)
500 *PKT-LINE("push-option" SP push-option LF)
501 PKT-LINE(LF)
502 *PKT-LINE(command LF)
503 *PKT-LINE(gpg-signature-lines LF)
504 PKT-LINE("push-cert-end" LF)
505
506 push-option = 1*( VCHAR | SP )
507 ----
508
509 If the server has advertised the 'push-options' capability and the client has
510 specified 'push-options' as part of the capability list above, the client then
511 sends its push options followed by a flush-pkt.
512
513 ----
514 push-options = *PKT-LINE(push-option) flush-pkt
515 ----
516
517 For backwards compatibility with older Git servers, if the client sends a push
518 cert and push options, it MUST send its push options both embedded within the
519 push cert and after the push cert. (Note that the push options within the cert
520 are prefixed, but the push options after the cert are not.) Both these lists
521 MUST be the same, modulo the prefix.
522
523 After that the packfile that
524 should contain all the objects that the server will need to complete the new
525 references will be sent.
526
527 ----
528 packfile = "PACK" 28*(OCTET)
529 ----
530
531 If the receiving end does not support delete-refs, the sending end MUST
532 NOT ask for delete command.
533
534 If the receiving end does not support push-cert, the sending end
535 MUST NOT send a push-cert command. When a push-cert command is
536 sent, command-list MUST NOT be sent; the commands recorded in the
537 push certificate is used instead.
538
539 The packfile MUST NOT be sent if the only command used is 'delete'.
540
541 A packfile MUST be sent if either create or update command is used,
542 even if the server already has all the necessary objects. In this
543 case the client MUST send an empty packfile. The only time this
544 is likely to happen is if the client is creating
545 a new branch or a tag that points to an existing obj-id.
546
547 The server will receive the packfile, unpack it, then validate each
548 reference that is being updated that it hasn't changed while the request
549 was being processed (the obj-id is still the same as the old-id), and
550 it will run any update hooks to make sure that the update is acceptable.
551 If all of that is fine, the server will then update the references.
552
553 Push Certificate
554 ----------------
555
556 A push certificate begins with a set of header lines. After the
557 header and an empty line, the protocol commands follow, one per
558 line. Note that the trailing LF in push-cert PKT-LINEs is _not_
559 optional; it must be present.
560
561 Currently, the following header fields are defined:
562
563 `pusher` ident::
564 Identify the GPG key in "Human Readable Name <email@address>"
565 format.
566
567 `pushee` url::
568 The repository URL (anonymized, if the URL contains
569 authentication material) the user who ran `git push`
570 intended to push into.
571
572 `nonce` nonce::
573 The 'nonce' string the receiving repository asked the
574 pushing user to include in the certificate, to prevent
575 replay attacks.
576
577 The GPG signature lines are a detached signature for the contents
578 recorded in the push certificate before the signature block begins.
579 The detached signature is used to certify that the commands were
580 given by the pusher, who must be the signer.
581
582 Report Status
583 -------------
584
585 After receiving the pack data from the sender, the receiver sends a
586 report if 'report-status' capability is in effect.
587 It is a short listing of what happened in that update. It will first
588 list the status of the packfile unpacking as either 'unpack ok' or
589 'unpack [error]'. Then it will list the status for each of the references
590 that it tried to update. Each line is either 'ok [refname]' if the
591 update was successful, or 'ng [refname] [error]' if the update was not.
592
593 ----
594 report-status = unpack-status
595 1*(command-status)
596 flush-pkt
597
598 unpack-status = PKT-LINE("unpack" SP unpack-result)
599 unpack-result = "ok" / error-msg
600
601 command-status = command-ok / command-fail
602 command-ok = PKT-LINE("ok" SP refname)
603 command-fail = PKT-LINE("ng" SP refname SP error-msg)
604
605 error-msg = 1*(OCTECT) ; where not "ok"
606 ----
607
608 Updates can be unsuccessful for a number of reasons. The reference can have
609 changed since the reference discovery phase was originally sent, meaning
610 someone pushed in the meantime. The reference being pushed could be a
611 non-fast-forward reference and the update hooks or configuration could be
612 set to not allow that, etc. Also, some references can be updated while others
613 can be rejected.
614
615 An example client/server communication might look like this:
616
617 ----
618 S: 007c74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/local\0report-status delete-refs ofs-delta\n
619 S: 003e7d1665144a3a975c05f1f43902ddaf084e784dbe refs/heads/debug\n
620 S: 003f74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/master\n
621 S: 003f74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/team\n
622 S: 0000
623
624 C: 003e7d1665144a3a975c05f1f43902ddaf084e784dbe 74730d410fcb6603ace96f1dc55ea6196122532d refs/heads/debug\n
625 C: 003e74730d410fcb6603ace96f1dc55ea6196122532d 5a3f6be755bbb7deae50065988cbfa1ffa9ab68a refs/heads/master\n
626 C: 0000
627 C: [PACKDATA]
628
629 S: 000eunpack ok\n
630 S: 0018ok refs/heads/debug\n
631 S: 002ang refs/heads/master non-fast-forward\n
632 ----