From: Junio C Hamano <gitster@pobox.com>
To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: git@vger.kernel.org
Subject: Re: how to (integrity) verify a whole git repo
Date: Tue, 21 Apr 2020 12:14:21 -0700 [thread overview]
Message-ID: <xmqqftcwodma.fsf@gitster.c.googlers.com> (raw)
In-Reply-To: <acb9a2da98bce7ea3044cbf37c92163497f7e9e2.camel@scientia.net> (Christoph Anton Mitterer's message of "Tue, 21 Apr 2020 06:45:35 +0200")
Christoph Anton Mitterer <calestyo@scientia.net> writes:
> How to check everything else? Is it enough to git fsck --full?
>
> Everything earlier in the history of a verified tag/commit should be
> cryptographically safe (assuming SHA1 would be still secure enough),
> right?
Correct.
> 2) But this of course won't show me anything which is in the repo but
> not earlier in the history of the tag/commit I've checked, right?!
> Is there a way to e.g. have everything dropped which is not verifiable
> via some signed commit/tag?
You can compute the commits that are not reachable from any of the
signed tags.
git rev-list --all --not $list_tags_and_commits_you_trust_here
will enumerate all the commits that are not reachable from those
tags.
But your "have everything dropped" is a fuzzy notion and you must be
more precise to define what you want. Imagine this history:
----o-----o-----L-----x----x-----x-----x-----x----x HEAD (master)
/
/
/
... ------o----o----G
where you have two people you trust (Linus and Greg), HEAD is the
tip of your 'master' branch, probably you fetched from Linus, L and
G are the two recent tags Linus and Greg signed.
If you enumerate commits that are not reachable from L or G, you'll
get all commits that are marked with 'x'. Commits marked with 'o'
are reachable from either 'L' or 'G', and you would want to keep
them.
Now, you need to define what you mean by "have everything dropped".
You can remove commits 'x' but then after that where would your
'master' branch point at? There is no good answer to that question.
What you could do is remove all branches and tags except for the
signed tags you trust from your repository and then use "git repack"
the repository. Then there will be tags that point at L and G but
you'd be discarding 'master' (which is not signed) and repack will
discard all 'x' in the sample history illustrated above.
next prev parent reply other threads:[~2020-04-21 19:14 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-21 4:45 how to (integrity) verify a whole git repo Christoph Anton Mitterer
2020-04-21 6:53 ` Jonathan Nieder
2020-04-21 14:42 ` Christoph Anton Mitterer
2020-04-21 16:19 ` Konstantin Ryabitsev
2020-04-23 18:12 ` Christoph Anton Mitterer
2020-04-21 19:14 ` Junio C Hamano [this message]
2020-04-23 4:02 ` Christoph Anton Mitterer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqftcwodma.fsf@gitster.c.googlers.com \
--to=gitster@pobox.com \
--cc=calestyo@scientia.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).