Andy Lutomirski <> writes:

> It's possible, in principle, to shove enough metadata into the output
> of 'git archive' to allow anyone to verify (without cloning the repo)
> to verify that the archive is a correct copy of a given commit.  Would
> this be considered a useful feature?
> Presumably there would be a 'git untar' command that would report
> failure if it fails to verify the archive contents.
> This could be as simple as including copies of the commit object and
> all relevant tree objects and checking all of the hashes when
> untarring.

You only need the object name of the top-level tree.  After "untar"
the archive into an empty directory, make it a new repository and
"git add . && git write-tree"---the result should match the
top-level tree the archive was supposed to contain.

Of course, you can write "git verify-archive" that does the same
computation all in-core, without actually extracting the archive
into an empty directory.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to
More majordomo info at

Reply via email to