NAME
git-pull - Fetch from and integrate with another repository or a local branch
SYNOPSIS
- git pull [<options>] [<repository> [<refspec>…]]
DESCRIPTION
Incorporates changes from a remote repository into the currentbranch. In its default mode, git pull
is shorthand forgit fetch
followed by git merge FETCH_HEAD
.
More precisely, git pull runs git fetch with the givenparameters and calls git merge to merge the retrieved branchheads into the current branch.With —rebase
, it runs git rebase instead of git merge.
<repository> should be the name of a remote repository aspassed to git-fetch[1]. <refspec> can name anarbitrary remote ref (for example, the name of a tag) or evena collection of refs with corresponding remote-tracking branches(e.g., refs/heads/:refs/remotes/origin/),but usually it is the name of a branch in the remote repository.
Default values for <repository> and <branch> are read from the"remote" and "merge" configuration for the current branchas set by git-branch[1] —track
.
Assume the following history exists and the current branch is"master
":
- A---B---C master on origin
- /
- D---E---F---G master
- ^
- origin/master in your repository
Then "git pull
" will fetch and replay the changes from the remotemaster
branch since it diverged from the local master
(i.e., E
)until its current commit (C
) on top of master
and record theresult in a new commit along with the names of the two parent commitsand a log message from the user describing the changes.
- A---B---C origin/master
- / \
- D---E---F---G---H master
See git-merge[1] for details, including how conflictsare presented and handled.
In Git 1.7.0 or later, to cancel a conflicting merge, usegit reset —merge
. Warning: In older versions of Git, running _git pull_with uncommitted changes is discouraged: while possible, it leaves youin a state that may be hard to back out of in the case of a conflict.
If any of the remote changes overlap with local uncommitted changes,the merge will be automatically canceled and the work tree untouched.It is generally best to get any local changes in working order beforepulling or stash them away with git-stash[1].
OPTIONS
- -q
- —quiet
This is passed to both underlying git-fetch to squelch reporting ofduring transfer, and underlying git-merge to squelch output duringmerging.
- —verbose
Pass —verbose to git-fetch and git-merge.
- This option controls if new commits of all populated submodules shouldbe fetched and updated, too (see git-config[1] andgitmodules[5]).
If the checkout is done via rebase, local submodule commits are rebased as well.
If the update is done via merge, the submodule conflicts are resolved and checked out.
Options related to merging
- —commit
- —no-commit
- Perform the merge and commit the result. This option canbe used to override —no-commit.
With —no-commit perform the merge and stop just before creatinga merge commit, to give the user a chance to inspect and furthertweak the merge result before committing.
Note that fast-forward updates do not create a merge commit andtherefore there is no way to stop those merges with —no-commit.Thus, if you want to ensure your branch is not changed or updatedby the merge command, use —no-ff with —no-commit.
- —edit
- -e
- —no-edit
- Invoke an editor before committing successful mechanical merge tofurther edit the auto-generated merge message, so that the usercan explain and justify the merge. The
—no-edit
option can beused to accept the auto-generated message (this is generallydiscouraged).
Older scripts may depend on the historical behaviour of not allowing theuser to edit the merge log message. They will see an editor opened whenthey run git merge
. To make it easier to adjust such scripts to theupdated behaviour, the environment variable GIT_MERGE_AUTOEDIT
can beset to no
at the beginning of them.
- —cleanup=
This option determines how the merge message will be cleaned up beforecommiting. See git-commit[1] for more details. In addition, ifthe
is given a value of scissors
, scissors will be appendedtoMERGE_MSG
before being passed on to the commit machinery in thecase of a merge conflict.When the merge resolves as a fast-forward, only update the branchpointer, without creating a merge commit. This is the defaultbehavior.
Create a merge commit even when the merge resolves as afast-forward. This is the default behaviour when merging anannotated (and possibly signed) tag that is not stored inits natural place in refs/tags/ hierarchy.
Refuse to merge and exit with a non-zero status unless thecurrent
HEAD
is already up to date or the merge can beresolved as a fast-forward.- —gpg-sign[=
] GPG-sign the resulting merge commit. The
keyid
argument isoptional and defaults to the committer identity; if specified,it must be stuck to the option without a space.- —no-log
- In addition to branch names, populate the log message withone-line descriptions from at most
actual commits that are beingmerged. See also git-fmt-merge-msg[1].
With —no-log do not list one-line descriptions from theactual commits being merged.
- —signoff
- —no-signoff
- Add Signed-off-by line by the committer at the end of the commitlog message. The meaning of a signoff depends on the project,but it typically certifies that committer hasthe rights to submit this work under the same license andagrees to a Developer Certificate of Origin(see http://developercertificate.org/ for more information).
With —no-signoff do not add a Signed-off-by line.
- —stat
- -n
- —no-stat
- Show a diffstat at the end of the merge. The diffstat is alsocontrolled by the configuration option merge.stat.
With -n or —no-stat do not show a diffstat at the end of themerge.
- —squash
- —no-squash
- Produce the working tree and index state as if a real mergehappened (except for the merge information), but do not actuallymake a commit, move the
HEAD
, or record$GIT_DIR/MERGE_HEAD
(to cause the nextgit commit
command to create a mergecommit). This allows you to create a single commit on top ofthe current branch whose effect is the same as merging anotherbranch (or more in case of an octopus).
With —no-squash perform the merge and commit the result. Thisoption can be used to override —squash.
With —squash, —commit is not allowed, and will fail.
- -s
- —strategy=
Use the given merge strategy; can be supplied more thanonce to specify them in the order they should be tried.If there is no
-s
option, a built-in list of strategiesis used instead (git merge-recursive when merging a singlehead, git merge-octopus otherwise).- —strategy-option=
Pass merge strategy specific option through to the mergestrategy.
- —no-verify-signatures
Verify that the tip commit of the side branch being merged issigned with a valid key, i.e. a key that has a valid uid: in thedefault trust model, this means the signing key has been signed bya trusted key. If the tip commit of the side branch is not signedwith a valid key, the merge is aborted.
- —no-summary
Synonyms to —stat and —no-stat; these are deprecated and will beremoved in the future.
By default,
git merge
command refuses to merge historiesthat do not share a common ancestor. This option can beused to override this safety when merging histories of twoprojects that started their lives independently. As that isa very rare occasion, no configuration variable to enablethis by default exists and will not be added.- —rebase[=false|true|merges|preserve|interactive]
- When true, rebase the current branch on top of the upstreambranch after fetching. If there is a remote-tracking branchcorresponding to the upstream branch and the upstream branchwas rebased since last fetched, the rebase uses that informationto avoid rebasing non-local changes.
When set to merges
, rebase using git rebase —rebase-merges
so thatthe local merge commits are included in the rebase (seegit-rebase[1] for details).
When set to preserve
(deprecated in favor of merges
), rebase with the—preserve-merges
option passed to git rebase
so that locally createdmerge commits will not be flattened.
When false, merge the current branch into the upstream branch.
When interactive
, enable the interactive mode of rebase.
See pull.rebase
, branch.<name>.rebase
and branch.autoSetupRebase
ingit-config[1] if you want to make git pull
always use—rebase
instead of merging.
NoteThis is a potentially dangerous mode of operation.It rewrites history, which does not bode well when youpublished that history already. Do not use this optionunless you have read git-rebase[1] carefully.
- —no-rebase
Override earlier —rebase.
- —no-autostash
- Before starting rebase, stash local modifications away (seegit-stash[1]) if needed, and apply the stash entry whendone.
—no-autostash
is useful to override therebase.autoStash
configuration variable (see git-config[1]).
This option is only valid when "—rebase" is used.
Options related to fetching
- —all
Fetch all remotes.
- —append
Append ref names and object names of fetched refs to theexisting contents of
.git/FETCH_HEAD
. Without thisoption old data in.git/FETCH_HEAD
will be overwritten.Limit fetching to the specified number of commits from the tip ofeach remote branch history. If fetching to a shallow repositorycreated by
git clone
with—depth=<depth>
option (seegit-clone[1]), deepen or shorten the history to the specifiednumber of commits. Tags for the deepened commits are not fetched.Similar to —depth, except it specifies the number of commitsfrom the current shallow boundary instead of from the tip ofeach remote branch history.
Deepen or shorten the history of a shallow repository toinclude all reachable commits after
. Deepen or shorten the history of a shallow repository toexclude commits reachable from a specified remote branch or tag.This option can be specified multiple times.
- If the source repository is complete, convert a shallowrepository to a complete one, removing all the limitationsimposed by shallow repositories.
If the source repository is shallow, fetch as much as possible so thatthe current repository has the same history as the source repository.
- —update-shallow
By default when fetching from a shallow repository,
git fetch
refuses refs that require updating.git/shallow. This option updates .git/shallow and accept suchrefs.- By default, Git will report, to the server, commits reachablefrom all local refs to find common commits in an attempt toreduce the size of the to-be-received packfile. If specified,Git will only report commits reachable from the given tips.This is useful to speed up fetches when the user knows whichlocal ref is likely to have commits in common with theupstream ref being fetched.
This option may be specified more than once; if so, Git will reportcommits reachable from any of the given commits.
The argument to this option may be a glob on ref names, a ref, or the (possiblyabbreviated) SHA-1 of a commit. Specifying a glob is equivalent to specifyingthis option multiple times, one for each matching ref name.
See also the fetch.negotiationAlgorithm
configuration variabledocumented in git-config[1].
- -f
- —force
When git fetch is used with
<src>:<dst>
refspec it mayrefuse to update the local branch as discussedin the<refspec>
part of the git-fetch[1]documentation.This option overrides that check.- —keep
Keep downloaded pack.
By default, tags that point at objects that are downloadedfrom the remote repository are fetched and stored locally.This option disables this automatic tag following. The defaultbehavior for a remote may be specified with the remote.
.tagOptsetting. See git-config[1]. - —update-head-ok
By default git fetch refuses to update the head whichcorresponds to the current branch. This flag disables thecheck. This is purely for the internal use for git pull_to communicate with _git fetch, and unless you areimplementing your own Porcelain you are not supposed touse it.
When given, and the repository to fetch from is handledby git fetch-pack,
—exec=<upload-pack>
is passed tothe command to specify non-default path for the commandrun on the other end.Progress status is reported on the standard error streamby default when it is attached to a terminal, unless -qis specified. This flag forces progress status even if thestandard error stream is not directed to a terminal.
- —server-option=
Transmit the given string to the server when communicating usingprotocol version 2. The given string must not contain a NUL or LFcharacter. The server’s handling of server options, includingunknown ones, is server-specific.When multiple
—server-option=<option>
are given, they are allsent to the other side in the order listed on the command line.By default, git checks if a branch is force-updated duringfetch. This can be disabled through fetch.showForcedUpdates, butthe —show-forced-updates option guarantees this check occurs.See git-config[1].
By default, git checks if a branch is force-updated duringfetch. Pass —no-show-forced-updates or set fetch.showForcedUpdatesto false to skip this check for performance reasons. If used duringgit-pull the —ff-only option will still check for forced updatesbefore attempting a fast-forward update. See git-config[1].
- —ipv4
Use IPv4 addresses only, ignoring IPv6 addresses.
- —ipv6
Use IPv6 addresses only, ignoring IPv4 addresses.
The "remote" repository that is the source of a fetchor pull operation. This parameter can be either a URL(see the section GIT URLS below) or the nameof a remote (see the section REMOTES below).
- Specifies which refs to fetch and which local refs to update.When no
s appear on the command line, the refs to fetchare read from remote.<repository>.fetch
variables instead(see git-fetch[1]).
The format of a +
, followed by the source :
, followed by the destination ref
tag <tag>
means the same as refs/tags/<tag>:refs/tags/<tag>
;it requests fetching everything up to the given tag.
The remote ref that matches
Whether that update is allowed without —force
depends on the refnamespace it’s being fetched to, the type of object being fetched, andwhether the update is considered to be a fast-forward. Generally, thesame rules apply for fetching as when pushing, see the <refspec>…
section of git-push[1] for what those are. Exceptions to thoserules particular to git fetch are noted below.
Until Git version 2.20, and unlike when pushing withgit-push[1], any updates to refs/tags/
would be acceptedwithout +
in the refspec (or —force
). When fetching, we promiscuouslyconsidered all tag updates from a remote to be forced fetches. SinceGit version 2.20, fetching to update refs/tags/
works the same wayas when pushing. I.e. any updates will be rejected without +
in therefspec (or —force
).
Unlike when pushing with git-push[1], any updates outside ofrefs/{tags,heads}/*
will be accepted without +
in the refspec (or—force
), whether that’s swapping e.g. a tree object for a blob, ora commit for another commit that’s doesn’t have the previous commit asan ancestor etc.
Unlike when pushing with git-push[1], there is noconfiguration which’ll amend these rules, and nothing like apre-fetch
hook analogous to the pre-receive
hook.
As with pushing with git-push[1], all of the rules describedabove about what’s not allowed as an update can be overridden byadding an the optional leading +
to a refspec (or using —force
command line option). The only exception to this is that no amount offorcing will make the refs/heads/*
namespace accept a non-commitobject.
NoteWhen the remote branch you want to fetch is known tobe rewound and rebased regularly, it is expected thatits new tip will not be descendant of its previous tip(as stored in your remote-tracking branch the last timeyou fetched). You would wantto use the +
sign to indicate non-fast-forward updateswill be needed for such branches. There is no way todetermine or declare that a branch will be made availablein a repository with this behavior; the pulling user simplymust know this is the expected usage pattern for a branch.
NoteThere is a difference between listing multiple remote.<repository>.fetch
entries in your configurationfor a remote.<repository>.fetch
configuration and mergeonly the first
GIT URLS
In general, URLs contain information about the transport protocol, theaddress of the remote server, and the path to the repository.Depending on the transport protocol, some of this information may beabsent.
Git supports ssh, git, http, and https protocols (in addition, ftp,and ftps can be used for fetching, but this is inefficient anddeprecated; do not use it).
The native transport (i.e. git:// URL) does no authentication andshould be used with caution on unsecured networks.
The following syntaxes may be used with them:
ssh://[user@]host.xz[:port]/path/to/repo.git/
git://host.xz[:port]/path/to/repo.git/
http[s]://host.xz[:port]/path/to/repo.git/
ftp[s]://host.xz[:port]/path/to/repo.git/
An alternative scp-like syntax may also be used with the ssh protocol:
- [user@]host.xz:path/to/repo.git/
This syntax is only recognized if there are no slashes before thefirst colon. This helps differentiate a local path that contains acolon. For example the local path foo:bar
could be specified as anabsolute path or ./foo:bar
to avoid being misinterpreted as an sshurl.
The ssh and git protocols additionally support ~username expansion:
ssh://[user@]host.xz[:port]/~[user]/path/to/repo.git/
git://host.xz[:port]/~[user]/path/to/repo.git/
[user@]host.xz:/~[user]/path/to/repo.git/
For local repositories, also supported by Git natively, the followingsyntaxes may be used:
/path/to/repo.git/
file:///path/to/repo.git/
These two syntaxes are mostly equivalent, except when cloning, whenthe former implies —local option. See git-clone[1] fordetails.
When Git doesn’t know how to handle a certain transport protocol, itattempts to use the remote-<transport> remote helper, if oneexists. To explicitly request a remote helper, the following syntaxmay be used:
::
where <address> may be a path, a server and path, or an arbitraryURL-like string recognized by the specific remote helper beinginvoked. See gitremote-helpers[7] for details.
If there are a large number of similarly-named remote repositories andyou want to use a different format for them (such that the URLs youuse will be rewritten into URLs that work), you can create aconfiguration section of the form:
- [url "<actual url base>"]
- insteadOf = <other url base>
For example, with this:
- [url "git://git.host.xz/"]
- insteadOf = host.xz:/path/to/
- insteadOf = work:
a URL like "work:repo.git" or like "host.xz:/path/to/repo.git" will berewritten in any context that takes a URL to be "git://git.host.xz/repo.git".
If you want to rewrite URLs for push only, you can create aconfiguration section of the form:
- [url "<actual url base>"]
- pushInsteadOf = <other url base>
For example, with this:
- [url "ssh://example.org/"]
- pushInsteadOf = git://example.org/
a URL like "git://example.org/path/to/repo.git" will be rewritten to"ssh://example.org/path/to/repo.git" for pushes, but pulls will stilluse the original URL.
REMOTES
The name of one of the following can be used insteadof a URL as <repository>
argument:
a remote in the Git configuration file:
$GIT_DIR/config
,a file in the
$GIT_DIR/remotes
directory, ora file in the
$GIT_DIR/branches
directory.
All of these also allow you to omit the refspec from the command linebecause they each contain a refspec which git will use by default.
Named remote in configuration file
You can choose to provide the name of a remote which you had previouslyconfigured using git-remote[1], git-config[1]or even by a manual edit to the $GIT_DIR/config
file. The URL ofthis remote will be used to access the repository. The refspecof this remote will be used by default when you donot provide a refspec on the command line. The entry in theconfig file would appear like this:
- [remote "<name>"]
- url = <url>
- pushurl = <pushurl>
- push = <refspec>
- fetch = <refspec>
The <pushurl>
is used for pushes only. It is optional and defaultsto <url>
.
Named file in $GIT_DIR/remotes
You can choose to provide the name of afile in $GIT_DIR/remotes
. The URLin this file will be used to access the repository. The refspecin this file will be used as default when you do notprovide a refspec on the command line. This file should have thefollowing format:
- URL: one of the above URL format
- Push: <refspec>
- Pull: <refspec>
Push:
lines are used by git push andPull:
lines are used by git pull and git fetch.Multiple Push:
and Pull:
lines maybe specified for additional branch mappings.
Named file in $GIT_DIR/branches
You can choose to provide the name of afile in $GIT_DIR/branches
.The URL in this file will be used to access the repository.This file should have the following format:
- <url>#<head>
<url>
is required; #<head>
is optional.
Depending on the operation, git will use one of the followingrefspecs, if you don’t provide one on the command line.<branch>
is the name of this file in $GIT_DIR/branches
and<head>
defaults to master
.
git fetch uses:
- refs/heads/<head>:refs/heads/<branch>
git push uses:
- HEAD:refs/heads/<head>
MERGE STRATEGIES
The merge mechanism (git merge
and git pull
commands) allows thebackend merge strategies to be chosen with -s
option. Some strategiescan also take their own options, which can be passed by giving -X<option>
arguments to git merge
and/or git pull
.
- resolve
This can only resolve two heads (i.e. the current branchand another branch you pulled from) using a 3-way mergealgorithm. It tries to carefully detect criss-crossmerge ambiguities and is considered generally safe andfast.
- This can only resolve two heads using a 3-way mergealgorithm. When there is more than one commonancestor that can be used for 3-way merge, it creates amerged tree of the common ancestors and uses that asthe reference tree for the 3-way merge. This has beenreported to result in fewer merge conflicts withoutcausing mismerges by tests done on actual merge commitstaken from Linux 2.6 kernel development history.Additionally this can detect and handle merges involvingrenames, but currently cannot make use of detectedcopies. This is the default merge strategy when pullingor merging one branch.
The recursive strategy can take the following options:
- ours
- This option forces conflicting hunks to be auto-resolved cleanly byfavoring our version. Changes from the other tree that do notconflict with our side are reflected to the merge result.For a binary file, the entire contents are taken from our side.
This should not be confused with the ours merge strategy, which does noteven look at what the other tree contains at all. It discards everythingthe other tree did, declaring our history contains all that happened in it.
- theirs
This is the opposite of ours; note that, unlike ours, there isno theirs merge strategy to confuse this merge option with.
With this option, merge-recursive spends a little extra timeto avoid mismerges that sometimes occur due to unimportantmatching lines (e.g., braces from distinct functions). Usethis when the branches to be merged have diverged wildly.See also git-diff[1]
—patience
.Tells merge-recursive to use a different diff algorithm, whichcan help avoid mismerges that occur due to unimportant matchinglines (such as braces from distinct functions). See alsogit-diff[1]
—diff-algorithm
.- ignore-all-space
- ignore-space-at-eol
- ignore-cr-at-eol
- Treats lines with the indicated type of whitespace change asunchanged for the sake of a three-way merge. Whitespacechanges mixed with other changes to a line are not ignored.See also git-diff[1]
-b
,-w
,—ignore-space-at-eol
, and—ignore-cr-at-eol
.
-
If their version only introduces whitespace changes to a line,our version is used;
-
If our version introduces whitespace changes but their_version includes a substantial change, _their version is used;
-
Otherwise, the merge proceeds in the usual way.
- renormalize
This runs a virtual check-out and check-in of all three stagesof a file when resolving a three-way merge. This option ismeant to be used when merging branches with different cleanfilters or end-of-line normalization rules. See "Mergingbranches with differing checkin/checkout attributes" ingitattributes[5] for details.
Disables the
renormalize
option. This overrides themerge.renormalize
configuration variable.Turn off rename detection. This overrides the
merge.renames
configuration variable.See also git-diff[1]—no-renames
.Turn on rename detection, optionally setting the similaritythreshold. This is the default. This overrides themerge.renames configuration variable.See also git-diff[1]
—find-renames
.Deprecated synonym for
find-renames=<n>
.- This option is a more advanced form of subtree strategy, wherethe strategy makes a guess on how two trees must be shifted tomatch with each other when merging. Instead, the specified pathis prefixed (or stripped from the beginning) to make the shape oftwo trees to match.
- octopus
This resolves cases with more than two heads, but refuses to doa complex merge that needs manual resolution. It isprimarily meant to be used for bundling topic branchheads together. This is the default merge strategy whenpulling or merging more than one branch.
This resolves any number of heads, but the resulting tree of themerge is always that of the current branch head, effectivelyignoring all changes from all other branches. It is meant tobe used to supersede old development history of sidebranches. Note that this is different from the -Xours option tothe recursive merge strategy.
- This is a modified recursive strategy. When merging trees A andB, if B corresponds to a subtree of A, B is first adjusted tomatch the tree structure of A, instead of reading the trees atthe same level. This adjustment is also done to the commonancestor tree.
With the strategies that use 3-way merge (including the default, recursive),if a change is made on both branches, but later reverted on one of thebranches, that change will be present in the merged result; some people findthis behavior confusing. It occurs because only the heads and the merge baseare considered when performing a merge, not the individual commits. The mergealgorithm therefore considers the reverted change as no change at all, andsubstitutes the changed version instead.
DEFAULT BEHAVIOUR
Often people use git pull
without giving any parameter.Traditionally, this has been equivalent to saying git pullorigin
. However, when configuration branch.<name>.remote
ispresent while on branch <name>
, that value is used instead oforigin
.
In order to determine what URL to use to fetch from, the valueof the configuration remote.<origin>.url
is consultedand if there is not any such variable, the value on the URL:
linein $GIT_DIR/remotes/<origin>
is used.
In order to determine what remote branches to fetch (andoptionally store in the remote-tracking branches) when the command isrun without any refspec parameters on the command line, valuesof the configuration variable remote.<origin>.fetch
areconsulted, and if there aren’t any, $GIT_DIR/remotes/<origin>
is consulted and its Pull:
lines are used.In addition to the refspec formats described in the OPTIONSsection, you can have a globbing refspec that looks like this:
- refs/heads/*:refs/remotes/origin/*
A globbing refspec must have a non-empty RHS (i.e. must storewhat were fetched in remote-tracking branches), and its LHS and RHSmust end with /*
. The above specifies that all remotebranches are tracked using remote-tracking branches inrefs/remotes/origin/
hierarchy under the same name.
The rule to determine which remote branch to merge afterfetching is a bit involved, in order not to break backwardcompatibility.
If explicit refspecs were given on the commandline of git pull
, they are all merged.
When no refspec was given on the command line, then git pull
uses the refspec from the configuration or$GIT_DIR/remotes/<origin>
. In such cases, the followingrules apply:
If
branch.<name>.merge
configuration for the currentbranch<name>
exists, that is the name of the branch at theremote site that is merged.If the refspec is a globbing one, nothing is merged.
Otherwise the remote branch of the first refspec is merged.
EXAMPLES
- Update the remote-tracking branches for the repositoryyou cloned from, then merge one of them into yourcurrent branch:
- $ git pull
- $ git pull origin
Normally the branch merged in is the HEAD of the remote repository,but the choice is determined by the branch.
- Merge into the current branch the remote branch
next
:
- $ git pull origin next
This leaves a copy of next
temporarily in FETCH_HEAD, butdoes not update any remote-tracking branches. Using remote-trackingbranches, the same can be done by invoking fetch and merge:
- $ git fetch origin
- $ git merge origin/next
If you tried a pull which resulted in complex conflicts andwould want to start over, you can recover with git reset.
SECURITY
The fetch and push protocols are not designed to prevent one side fromstealing data from the other repository that was not intended to beshared. If you have private data that you need to protect from a maliciouspeer, your best option is to store it in another repository. This appliesto both clients and servers. In particular, namespaces on a server are noteffective for read access control; you should only grant read access to anamespace to clients that you would trust with read access to the entirerepository.
The known attack vectors are as follows:
The victim sends "have" lines advertising the IDs of objects it has thatare not explicitly intended to be shared but can be used to optimize thetransfer if the peer also has them. The attacker chooses an object ID Xto steal and sends a ref to X, but isn’t required to send the content ofX because the victim already has it. Now the victim believes that theattacker has X, and it sends the content of X back to the attackerlater. (This attack is most straightforward for a client to perform on aserver, by creating a ref to X in the namespace the client has accessto and then fetching it. The most likely way for a server to perform iton a client is to "merge" X into a public branch and hope that the userdoes additional work on this branch and pushes it back to the serverwithout noticing the merge.)
As in #1, the attacker chooses an object ID X to steal. The victim sendsan object Y that the attacker already has, and the attacker falselyclaims to have X and not Y, so the victim sends Y as a delta against X.The delta reveals regions of X that are similar to Y to the attacker.
BUGS
Using —recurse-submodules can only fetch new commits in already checkedout submodules right now. When e.g. upstream added a new submodule in thejust fetched commits of the superproject the submodule itself cannot befetched, making it impossible to check out that submodule later withouthaving to do a fetch again. This is expected to be fixed in a future Gitversion.
SEE ALSO
git-fetch[1], git-merge[1], git-config[1]
GIT
Part of the git[1] suite