Marc Weber <marco-owe...@gmx.de> writes:
> git clone --depth=20 $url; git checkout $hash
> How to verify that I have the contents I think I have - given that I
> trust my local git executable?
Define what you mean by "contents". Do you care only about the tree
state recorded in that $hash, and you also trust that $hash is the
$ git cat-object commit $hash | git hash-object --stdin -t commit
would be a way to verify that you do have the commit object
everybody else calls $hash, and you can verify the objects contained
within the commit whose name is $hash (i.e. its tree and its
parents) in a similar way. Use "git ls-tree $tree" to find out the
objects your top-level tree recorded in the commit $hash, and you
can verify the contents recorded in the tree object recursively.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html