eyecatchu/git - git - KM Solution Bank Gitea

eyecatchu/git

Fork 0

mirror of https://github.com/git/git.git synced 2026-01-11 21:33:13 +09:00

Commit Graph

Author	SHA1	Message	Date
Eric W. Biederman	f711f37b05	t1016-compatObjectFormat: really freeze time for reproduciblity The strategy in t1016-compatObjectFormat is to build two trees with identical commits, one tree encoded in sha1 the other tree encoded in sha256 and to use the compatibility code to test and see if the two trees are identical. GPG signatures include the current time as part of the signature. To make gpg deterministic I forced the use of gpg --faked-system-time. Unfortunately I did not look closely enough. By default gpg still allows time to move forward with --faked-system-time. So in those rare instances when the system is heavily loaded and gpg runs slower than other times, signatures over the exact same data differ due to timestamps with a minuscule difference. Reading through the gpg documentation with a close eye, time can be frozen by including an exclamation point at the end of the argument to --faked-system-time. Add the exclamation point so gpg really runs with a fixed notion of time, resulting in the exact same data having identical gpg signatures. That is enough that I can run "t1016-compatObjectFormat.sh --stress" and I don't see any failures. It is possible a future change to gpg will make replay protection more robust and not provide a way to allow two separate runs of gpg to produce exactly the same signature for exactly the same data. If that happens a deeper comparison of the two repositories will need to be performed. A comparison that simply verifies the signatures and compares the data for equality. For now that is a lot of work for no gain so I am just documenting the possibility. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>	2025-10-28 20:10:15 -07:00
Eric W. Biederman	7673ecd2dc	t1016-compatObjectFormat: add tests to verify the conversion between objects For now my strategy is simple. Create two identical repositories one in each format. Use fixed timestamps. Verify the dynamically computed compatibility objects from one repository match the objects stored in the other repository. A general limitation of this strategy is that the git when generating signed tags and commits with compatObjectFormat enabled will generate a signature for both formats. To overcome this limitation I have added "test-tool delete-gpgsig" that when fed an signed commit or tag with two signatures deletes one of the signatures. With that in place I can have "git commit" and "git tag" generate signed objects, have my tool delete one, and feed the new object into "git hash-object" to create the kinds of commits and tags git without compatObjectFormat enabled will generate. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>	2023-10-02 14:57:40 -07:00

Author

SHA1

Message

Date

Eric W. Biederman

f711f37b05

t1016-compatObjectFormat: really freeze time for reproduciblity

The strategy in t1016-compatObjectFormat is to build two trees with
identical commits, one tree encoded in sha1 the other tree encoded
in sha256 and to use the compatibility code to test and see if
the two trees are identical.

GPG signatures include the current time as part of the signature.

To make gpg deterministic I forced the use of gpg --faked-system-time.
Unfortunately I did not look closely enough.

By default gpg still allows time to move forward with --faked-system-time.
So in those rare instances when the system is heavily loaded and gpg runs
slower than other times, signatures over the exact same data differ
due to timestamps with a minuscule difference.

Reading through the gpg documentation with a close eye, time can be
frozen by including an exclamation point at the end of the argument to
--faked-system-time.

Add the exclamation point so gpg really runs with a fixed notion of time,
resulting in the exact same data having identical gpg signatures.

That is enough that I can run "t1016-compatObjectFormat.sh --stress"
and I don't see any failures.

It is possible a future change to gpg will make replay protection more
robust and not provide a way to allow two separate runs of gpg to
produce exactly the same signature for exactly the same data.  If that
happens a deeper comparison of the two repositories will need to be
performed.  A comparison that simply verifies the signatures and
compares the data for equality.  For now that is a lot of work
for no gain so I am just documenting the possibility.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

2025-10-28 20:10:15 -07:00

Eric W. Biederman

7673ecd2dc

t1016-compatObjectFormat: add tests to verify the conversion between objects

For now my strategy is simple.  Create two identical repositories one
in each format.  Use fixed timestamps. Verify the dynamically computed
compatibility objects from one repository match the objects stored in
the other repository.

A general limitation of this strategy is that the git when generating
signed tags and commits with compatObjectFormat enabled will generate
a signature for both formats.  To overcome this limitation I have
added "test-tool delete-gpgsig" that when fed an signed commit or tag
with two signatures deletes one of the signatures.

With that in place I can have "git commit" and  "git tag" generate
signed objects, have my tool delete one, and feed the new object
into "git hash-object" to create the kinds of commits and tags
git without compatObjectFormat enabled will generate.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

2023-10-02 14:57:40 -07:00

2 Commits