On Thu, Jan 9, 2014 at 12:11 PM, Junio C Hamano <gits...@pobox.com> wrote:
> Andy Lutomirski <l...@amacapital.net> writes:
>> It's possible, in principle, to shove enough metadata into the output
>> of 'git archive' to allow anyone to verify (without cloning the repo)
>> to verify that the archive is a correct copy of a given commit.  Would
>> this be considered a useful feature?
>> Presumably there would be a 'git untar' command that would report
>> failure if it fails to verify the archive contents.
>> This could be as simple as including copies of the commit object and
>> all relevant tree objects and checking all of the hashes when
>> untarring.
> You only need the object name of the top-level tree.  After "untar"
> the archive into an empty directory, make it a new repository and
> "git add . && git write-tree"---the result should match the
> top-level tree the archive was supposed to contain.

Hmm.  I didn't realize that there was enough metadata in the 'git
archive' output to reproduce the final tree.  If I can make it work,
would you accept a patch to add another extended pax header containing
the commit object and the top-level tree hash to the 'git archive'
tarball output?

> Of course, you can write "git verify-archive" that does the same
> computation all in-core, without actually extracting the archive
> into an empty directory.

Hmm.  I'll play with this.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to