1 |
On Fri, Feb 20, 2009 at 12:25:51AM +0100, Maciej Mrozowski wrote: |
2 |
> > The 'Manifest' file committed by developers contains ONLY 'DIST' |
3 |
> > entries. Every git action you do on your local tree would detect other |
4 |
> > changes. |
5 |
> If it's free from any security flaws, then it's apparently win-win situation |
6 |
> (a'ka "why store something that is already there - non-distfiles hash"). |
7 |
> Issue related to Manifests needs to be solved somehow to fully gain from git |
8 |
> transition. |
9 |
> Still, what about git overlays that cannot utilize rsync method? This way they |
10 |
> are no longer compatible with package manager and such method cannot be |
11 |
> applied. It would be nice to have some common but working solution (if |
12 |
> possible that is). |
13 |
The overlays stay as git when they are on the user's systems. The |
14 |
Git->rsync Manifest translation is ONLY relevant if you want to generate |
15 |
an rsync tree from a Git tree. |
16 |
|
17 |
So the Manifests in the Git-based overlay contain ONLY DIST lines. 'git |
18 |
status' will tell you about files that are changed and don't match the |
19 |
Git index anymore. (For the sub-case of worrying about mtime being |
20 |
unchanged, see the 'assume unchanged' and core.ignorestat in the |
21 |
git-update-index documentation. |
22 |
|
23 |
> And of course even gentoo-x86 cannot be just cloned and used as PORTDIR,.. |
24 |
> unless, hmm, Manifests are fetched and then "fixed" (regenerating missing |
25 |
> manifests lines) on "client side" using git hooks and updated (stripping non- |
26 |
> DIST digests) and then commited using git hooks. |
27 |
> Is it possible? |
28 |
It can be cloned just fine. |
29 |
Remember that Portage will only verify hashes that exist in the file. If |
30 |
they aren't in the file, they don't get verified. The fix you describe |
31 |
is unneeded. |
32 |
|
33 |
To just use the Git tree on the client side, you'd want a verification |
34 |
as follows: |
35 |
1. Clone the tree |
36 |
2. Set core.ignoreStat in .git/config |
37 |
3. Run 'git status $FILENAME..' for every file you want to verify. [1] |
38 |
4. Fetch distfiles. |
39 |
4. Use the Manifest file (which contains only DIST) to check distfile. |
40 |
5. All good, you can unpack and build now. |
41 |
|
42 |
[1] This can be done ahead of time including verifying a gpg-signed commit. |
43 |
The 'git status' is just to make sure that your on-disk copy matches the |
44 |
git index still. |
45 |
|
46 |
-- |
47 |
Robin Hugh Johnson |
48 |
Gentoo Linux Developer & Infra Guy |
49 |
E-Mail : robbat2@g.o |
50 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |