Git
Git is a distributed version-control system for tracking changes in source code during software development. It is designed for coordinating work among programmers, but it can be used to track changes in any set of files. Its goals include speed, data integrity, and support for distributed, non-linear workflows.
Git was created by Linus Torvalds in 2005 for development of the Linux kernel, with other kernel developers contributing to its initial development. Since 2005, Junio Hamano has been the core maintainer. As with most other distributed version-control systems, and unlike most client–server systems, every Git directory on every computer is a full-fledged repository with complete history and full version-tracking abilities, independent of network access or a central server. Git is free and open-source software distributed under GNU General Public License Version 2.
History
Git development began in April 2005, after many developers of the Linux kernel gave up access to BitKeeper, a proprietary source-control management system that they had been used to maintain the project since 2002. The copyright holder of BitKeeper, Larry McVoy, had withdrawn free use of the product after claiming that Andrew Tridgell had created SourcePuller by reverse engineering the BitKeeper protocols. The same incident also spurred the creation of another version-control system, Mercurial.Linus Torvalds wanted a distributed system that he could use like BitKeeper, but none of the available free systems met his needs. Torvalds cited an example of a source-control management system needing 30 seconds to apply a patch and update all associated metadata, and noted that this would not scale to the needs of Linux kernel development, where synchronizing with fellow maintainers could require 250 such actions at once. For his design criterion, he specified that patching should take no more than three seconds, and added three more points:
- Take Concurrent Versions System as an example of what not to do; if in doubt, make the exact opposite decision.
- Support a distributed, BitKeeper-like workflow.
- Include very strong safeguards against corruption, either accidental or malicious.
The development of Git began on 3 April 2005. Torvalds announced the project on 6 April and became self-hosting the next day. The first merge of multiple branches took place on 18 April. Torvalds achieved his performance goals; on 29 April, the nascent Git was benchmarked recording patches to the Linux kernel tree at the rate of 6.7 patches per second. On 16 June, Git managed the kernel 2.6.12 release.
Torvalds turned over maintenance on 26 July 2005 to Junio Hamano, a major contributor to the project. Hamano was responsible for the 1.0 release on 21 December 2005 and remains the project's core maintainer.
Naming
Torvalds sarcastically quipped about the name git : "I'm an egotistical bastard, and I name all my projects after myself. First 'Linux', now 'git'." The man page describes Git as "the stupid content tracker". The read-me file of the source code elaborates further:Releases
List of Git releases:Design
Git's design was inspired by BitKeeper and Monotone. Git was originally designed as a low-level version-control system engine, on top of which others could write front ends, such as Cogito or StGIT. The core Git project has since become a complete version-control system that is usable directly. While strongly influenced by BitKeeper, Torvalds deliberately avoided conventional approaches, leading to a unique design.Characteristics
Git's design is a synthesis of Torvalds's experience with Linux in maintaining a large distributed development project, along with his intimate knowledge of file-system performance gained from the same project and the urgent need to produce a working system in short order. These influences led to the following implementation choices:; Strong support for non-linear development: Git supports rapid branching and merging, and includes specific tools for visualizing and navigating a non-linear development history. In Git, a core assumption is that a change will be merged more often than it is written, as it is passed around to various reviewers. In Git, branches are very lightweight: a branch is only a reference to one commit. With its parental commits, the full branch structure can be constructed.
; Distributed development: Like Darcs, BitKeeper, Mercurial, Bazaar, and Monotone, Git gives each developer a local copy of the full development history, and changes are copied from one such repository to another. These changes are imported as added development branches and can be merged in the same way as a locally developed branch.
; Compatibility with existent systems and protocols: Repositories can be published via Hypertext Transfer Protocol, File Transfer Protocol, or a Git protocol over either a plain socket, or Secure Shell. Git also has a CVS server emulation, which enables the use of existent CVS clients and IDE plugins to access Git repositories. Subversion repositories can be used directly with git-svn.
; Efficient handling of large projects: Torvalds has described Git as being very fast and scalable, and performance tests done by Mozilla showed that it was an order of magnitude faster than some version-control systems; fetching version history from a locally stored repository can be one hundred times faster than fetching it from the remote server.
; Cryptographic authentication of history: The Git history is stored in such a way that the ID of a particular version depends upon the complete development history leading up to that commit. Once it is published, it is not possible to change the old versions without it being noticed. The structure is similar to a Merkle tree, but with added data at the nodes and leaves.
; Toolkit-based design: Git was designed as a set of programs written in C and several shell scripts that provide wrappers around those programs. Although most of those scripts have since been rewritten in C for speed and portability, the design remains, and it is easy to chain the components together.
; Pluggable merge strategies: As part of its toolkit design, Git has a well-defined model of an incomplete merge, and it has multiple algorithms for completing it, culminating in telling the user that it is unable to complete the merge automatically and that manual editing is needed.
; Garbage accumulates until collected: Aborting operations or backing out changes will leave useless dangling objects in the database. These are generally a small fraction of the continuously growing history of wanted objects. Git will automatically perform garbage collection when enough loose objects have been created in the repository. Garbage collection can be called explicitly using
git gc.; Periodic explicit object packing: Git stores each newly created object as a separate file. Although individually compressed, this takes a great deal of space and is inefficient. This is solved by the use of packs that store a large number of objects delta-compressed among themselves in one file called a packfile. Packs are compressed using the heuristic that files with the same name are probably similar, without depending on this for correctness. A corresponding index file is created for each packfile, telling the offset of each object in the packfile. Newly created objects are still stored as single objects, and periodic repacking is needed to maintain space efficiency. The process of packing the repository can be very computationally costly. By allowing objects to exist in the repository in a loose but quickly generated format, Git allows the costly pack operation to be deferred until later, when time matters less, e.g., the end of a work day. Git does periodic repacking automatically, but manual repacking is also possible with the git gc command. For data integrity, both the packfile and its index have an SHA-1 checksum inside, and the file name of the packfile also contains an SHA-1 checksum. To check the integrity of a repository, run the git fsck command.
Another property of Git is that it snapshots directory trees of files. The earliest systems for tracking versions of source code, Source Code Control System and Revision Control System, worked on individual files and emphasized the space savings to be gained from interleaved deltas or delta encoding the versions. Later revision-control systems maintained this notion of a file having an identity across multiple revisions of a project. However, Torvalds rejected this concept. Consequently, Git does not explicitly record file revision relationships at any level below the source-code tree.
These implicit revision relationships have some significant consequences:
- It is slightly more costly to examine the change history of one file than the whole project. To obtain a history of changes affecting a given file, Git must walk the global history and then determine whether each change modified that file. This method of examining history does, however, let Git produce with equal efficiency a single history showing the changes to an arbitrary set of files. For example, a subdirectory of the source tree plus an associated global header file is a very common case.
- Renames are handled implicitly rather than explicitly. A common complaint with CVS is that it uses the name of a file to identify its revision history, so moving or renaming a file is not possible without either interrupting its history or renaming the history and thereby making the history inaccurate. Most post-CVS revision-control systems solve this by giving a file a unique long-lived name that survives renaming. Git does not record such an identifier, and this is claimed as an advantage. Source code files are sometimes split or merged, or simply renamed, and recording this as a simple rename would freeze an inaccurate description of what happened in the history. Git addresses the issue by detecting renames while browsing the history of snapshots rather than recording it when making the snapshot. However, it does require more CPU-intensive work every time the history is reviewed, and several options to adjust the heuristics are available. This mechanism does not always work; sometimes a file that is renamed with changes in the same commit is read as a deletion of the old file and the creation of a new file. Developers can work around this limitation by committing the rename and the changes separately.
- resolve: the traditional three-way merge algorithm.
- recursive: This is the default when pulling or merging one branch, and is a variant of the three-way merge algorithm.
- octopus: This is the default when merging more than two heads.
Data structures
From this initial design approach, Git has developed the full set of features expected of a traditional SCM, with features mostly being created as needed, then refined and extended over time.
Git has two data structures: a mutable index that caches information about the working directory and the next revision to be committed; and an immutable, append-only object database.
The index serves as a connection point between the object database and the working tree.
The object database contains five types of objects:
- A blob is the content of a file. Blobs have no proper file name, time stamps, or other metadata.
- A tree object is the equivalent of a directory. It contains a list of file names, each with some type bits and a reference to a blob or tree object that is that file, symbolic link, or directory's contents. These objects are a snapshot of the source tree.
- A commit object links tree objects together into a history. It contains the name of a tree object, a timestamp, a log message, and the names of zero or more parent commit objects.
- A tag object is a container that contains a reference to another object and can hold added meta-data related to another object. Most commonly, it is used to store a digital signature of a commit object corresponding to a particular release of the data being tracked by Git.
- A packfile object is a zlib version compressed of various other objects for compactness and ease of transport over network protocols.
Git stores each revision of a file as a unique blob. The relationships between the blobs can be found through examining the tree and commit objects. Newly added objects are stored in their entirety using zlib compression. This can consume a large amount of disk space quickly, so objects can be combined into packs, which use delta compression to save space, storing blobs as their changes relative to other blobs.
Additionally git stores labels called refs to indicate to index the locations of various commits. They are stored in the reference database and are respectively:
- Heads: Named references that are advanced automatically to the new commit when a commit is made on top of them.
- HEAD: A reserved head that will be compared against the working tree to create a commit.
- Tags: Like branch references but fixed to a particular commit. Used to label important points in the history.
Implementations
The first Windows port of Git was primarily a Linux-emulation framework that hosts the Linux version. Installing Git under Windows creates a similarly named Program Files directory containing the Mingw-w64 port of the GNU Compiler Collection, Perl 5, MSYS2 and various other Windows ports or emulations of Linux utilities and libraries. Currently, native Windows builds of Git are distributed as 32- and 64-bit installers. The git official website currently maintains a build of Git for Windows, still using the MSYS2 environment.
The JGit implementation of Git is a pure Java software library, designed to be embedded in any Java application. JGit is used in the Gerrit code-review tool, and in EGit, a Git client for the Eclipse IDE.
go-git is an open-source implementation of Git written in pure Go. It is currently used for backing projects as a SQL interface for Git code repositories and providing encryption for Git.
The Dulwich implementation of Git is a pure Python software component for Python 2.7, 3.4 and 3.5
The libgit2 implementation of Git is an ANSI C software library with no other dependencies, which can be built on multiple platforms, including Windows, Linux, macOS, and BSD. It has bindings for many programming languages, including Ruby, Python, and Haskell.
JS-Git is a JavaScript implementation of a subset of Git.
Git GUIs
Git server
As Git is a distributed version-control system, it could be used as a server out of the box. It's shipped with a built-in commandgit daemon which starts a simple TCP server running on the GIT protocol. Dedicated Git HTTP servers help by adding access control, displaying the contents of a Git repository via the web interfaces, and managing multiple repositories. Already existing Git repositories can be cloned and shared to be used by others as a centralized repo. It can also be accessed via remote shell just by having the Git software installed and allowing a user to log in. Git servers typically listen on TCP port 9418.Open source
- Hosting the Git server using the Git Binary.
- Gerrit, a git server configurable to support code reviews and providing access via ssh, an integrated Apache MINA or OpenSSH, or an integrated Jetty web server. Gerrit provides integration for LDAP, Active Directory, OpenID, OAuth, Kerberos/GSSAPI, X509 https client certificates. With Gerrit 3.0 all configurations will be stored as git repositories, no database required to run. Gerrit has a pull-request feature implemented in its core but lacks a GUI for it.
- Phabricator, a spin-off from Facebook. As Facebook primarily uses Mercurial, the git support is not as prominent.
- Trac, supporting git, Mercurial, and Subversion with a modified BSD license.
- RhodeCode Community Edition, supporting git, Mercurial and Subversion with an AGPLv3 license.
- Kallithea, supporting both git and Mercurial, developed in Python with GPL license.
- External projects like gitolite, which provide scripts on top of git software to provide fine-grained access control.
- There are several other FLOSS solutions for self-hosting, including Gogs and Gitea, a fork of Gogs, both developed in Go language with MIT license.
Git server as a service
Adoption
The Eclipse Foundation reported in its annual community survey that as of May 2014, Git is now the most widely used source-code management tool, with 42.9% of professional software developers reporting that they use Git as their primary source-control system compared with 36.3% in 2013, 32% in 2012; or for Git responses excluding use of GitHub: 33.3% in 2014, 30.3% in 2013, 27.6% in 2012 and 12.8% in 2011. Open-source directory Black Duck Open Hub reports a similar uptake among open-source projects.Stack Overflow has included Version control in their annual developer survey in 2015, 2017 and 2018. Git was the overwhelming favorite of responding developers in these surveys, reporting as high as 87.2% in 2018.
Version control systems used by responding developers:
| Name | 2015 | 2017 | 2018 |
| Git | 69.3% | 69.2% | 87.2% |
| Subversion | 36.9% | 9.1% | 16.1% |
| TFVC | 12.2% | 7.3% | 10.9% |
| Mercurial | 7.9% | 1.9% | 3.6% |
| CVS | 4.2% | ||
| Perforce | 3.3% | ||
| VSS | 0.6% | ||
| ClearCase | 0.4% | ||
| Zip file backups | 2.0% | 7.9% | |
| Raw network sharing | 1.7% | 7.9% | |
| Other | 5.8% | 3.0% | |
| - | 9.3% | 4.8% | 4.8% |
The UK IT jobs website itjobswatch.co.uk reports that as of late September 2016, 29.27% of UK permanent software development job openings have cited Git, ahead of 12.17% for Microsoft Team Foundation Server, 10.60% for Subversion, 1.30% for Mercurial, and 0.48% for Visual SourceSafe.
Extensions
There are many Git extensions, like , which started as an extension to Git in the GitHub community and now is widely used by other repositories. Extensions are usually independently developed and maintained by different people, but at some point in the future a widely used extension can be merged to Git.Other open-source git extensions include:
- git-annex, a distributed file synchronization system based on Git
- git-flow, a set of git extensions to provide high-level repository operations for
- , a repository organizer & tool for automating rebase/merge/pull/push operations
Conventions
Git does not impose many restrictions on how it should used, however some conventions are adopted in order to organize histories, especially those which require the cooperation of many contributors.- The master branch is created by default with git init and is often used as the branch that other changes are merged into. Correspondingly the default name of the upstream remote is origin and so the name of the default remote branch is origin/master. As of June 2020, GitHub is working on changing the default name of the branch on their services to "main".
- Pushed commits should not be overwritten, but should rather be reverted, unless they contained sensitive information which should not remain in the history. This prevents shared new commits based off shared commits from being invalid because the commit off which they are based does not exist in the remote.
- The git-flow workflow and naming conventions are often adopted to distinguish feature specific unstable histories, unstable shared histories, production ready histories, and emergency patches to released products.
- Pull requests are not a feature of git, but are commonly provided by git cloud services. A pull request is a request by one user to merge a branch of their repository fork into another repository sharing the same history. The underlying function of a pull request is no different than that of an administrator of a repository pulling changes from another remote ; however the pull request itself is a ticket managed by the hosting server which initiates a scripts to perform these actions, it is not a feature of git SCM.
Security
On 17 December 2014, an exploit was found affecting the Windows and macOS versions of the Git client. An attacker could perform arbitrary code execution on a target computer with Git installed by creating a malicious Git tree named .git in a different case with malicious files in the .git/hooks subdirectory on a repository that the attacker made or on a repository that the attacker can modify. If a Windows or Mac user pulls a version of the repository with the malicious directory, then switches to that directory, the.git directory will be overwritten and the malicious executable files in .git/hooks may be run, which results in the attacker's commands being executed. An attacker could also modify the .git/config configuration file, which allows the attacker to create malicious Git aliases or modify extant aliases to execute malicious commands when run. The vulnerability was patched in version 2.2.1 of Git, released on 17 December 2014, and announced the next day.
Git version 2.6.1, released on 29 September 2015, contained a patch for a security vulnerability that allowed arbitrary code execution. The vulnerability was exploitable if an attacker could convince a victim to clone a specific URL, as the arbitrary commands were embedded in the URL itself. An attacker could use the exploit via a man-in-the-middle attack if the connection was unencrypted, as they could redirect the user to a URL of their choice. Recursive clones were also vulnerable, since they allowed the controller of a repository to specify arbitrary URLs via the gitmodules file.
Git uses SHA-1 hashes internally. Linus Torvalds has responded that the hash was mostly to guard against accidental corruption, and the security a cryptographically secure hash gives was just an accidental side effect, with the main security being signing elsewhere.