Re: integrity of a repository

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ralf Wildenhues <Ralf.Wildenhues@xxxxxx> writes:

> I am aware that git provides integrity of a commit (and thus, a branch
> head) via its sha, which covers both the tree and its history.
>
> But what about the integrity of a git repository as a whole?
>
> For example, if I have a set of branches, create a file listing
>   branchname  sha-of-head
>
> for each such branch, and hash that file, and also 'git gc --prune',
> can I then be sure that not only does the repository contain exactly
> what I want (namely all history of all branches), but also that it does
> not contain any other material (say, stuff that may not be disclosed)?
>
> Would I need the in file listing all local and remote branches?
> What about all heads in .git/*HEAD (such as FETCH_HEAD)?

That's an incoherent question ;-)  First you talk about snapshotting all
the refs, as if you would want to make sure you can detect anybody moving
the tips of branches after that happens, but then you talk about something
completely unrelated.

A freestanding git repository with a work tree consists of a set of refs
(that includes your local branches in refs/heads, tags in refs/tags, and
remote tracking branches refs/remotes but not limited to these three
categories.  Anything under refs/ is a ref by definition, and it includes
the stash), reflogs, the index, HEAD (which is typically a pointer into
refs/heads/ somewhere but can directly be pointing at a commit), and an
object store.  An object store of a repository that is not corrupt
contains all objects that are reachable from refs, reflogs, the index and
the HEAD, and "gc --prune" will remove everything else.

So the answer to the question in your later part of the message is that:

 - FETCH_HEAD, ORIG_HEAD and MERGE_HEAD do not protect anything from
   getting pruned;

 - Objects that are not reachable from the tip of branches will remain in
   the object store after pruning, if they are reachable from non-branch
   refs (e.g. tags and the stash), reflogs, or the index.

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux