On Thu, Apr 23, 2020 at 11:18:15AM -0400, Todd Zullinger wrote: > Hi, > > Pierre-Yves Chibon wrote: > > For a first step I went with a third approach: a small python service that > > runs every 3 minutes (configurable): git fetch && git fsck (to ensure the git > > is in a correct state). > > You could likely set transfer.fsckObjects¹ and skip the > secondary git fsck call. > > The transfer.fsckObjects option will check objects as they > are pulled in via fetch (or git-receive-pack). The option > is available with git-1.8.3.1 in RHEL 7 that is currently > installed on batcave. > > That could be set in the repo config or via git -c for just > the invocation in your script. > > Here's the docs from the current git release: > > https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferfsckObjects > > I don't know whether all of the later improvements to catch > malicious objects are backported to the RHEL 7 version or > not. Some aren't relevant due to the features which allow > for the malicious behaviors not being available in that > version of git. But the core of the check is still present > and should handle the "fsck on fetch" portion. Details are > in git-config(1). > > ¹ or fetch.transferObjects Nice! Thanks, I'll look into this. Pierre
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
