Hi, On Thu, 06 Feb 2025 at 12:08, Vagrant Cascadian <vagr...@debian.org> wrote:
>> All these commits before v0.16 could be archived. And the “new” >> repository would start at this 4a0b87f0ec5b6c2dcf82b372dd20ca7ea6acdd9c. [...] > Maybe I misunderstand, but can that be done without rewriting history, > which would break the chain of signed commits? That would seem like a > great time to introduce malicious code... For instance, the content could be verified by all. --8<---------------cut here---------------start------------->8--- $ git checkout 4a0b87f0ec5b6c2dcf82b372dd20ca7ea6acdd9c $ guix hash -rx . 002aay2220nfwhnbdfzrvnc8wxvzqwakxw7rda4hnzzsb6r6qn5i --8<---------------cut here---------------end--------------->8--- And the introduction for authentication is (on my machine) 9edb3f66fd807b096b48283debdcddccfea34bad; which dates from 2020, younger than the one above. So I would not be afraid by the introduction of some malicious code. :-) However, indeed, it would break the chain of signed commits since the signature includes the parent hash-identifier, IIUC [1]. Or one needs to re-sign all the 37730 commits; on the paper, it would be possible to verify using the ’tree’ SHA1 hash-identifier that we have a match between the two Git trees. Arf, much less trivial than initially expected. :-) About Git shallow clone, we already discussed several times. For one example on this specific case of %oldest-possible-commit-, see [2]. Shallow clone has not been included yet because “guix pull” relies on libgit2 that does not support it. For the record, one of my motivations when starting to write what we re-collectively write as “GCD” is rooted in a discussion [3,4] about introducing Git as an hard dependency (e.g., required by builtin:git-download). And I’ve not changed my mind about that (“Trusting Computing Base“); worse, the XZ attack illustrates what I thought, I guess. Anyway, another story that could be resumed, eventually. :-) That’s said, at some point we need to make a decision about relying on libgit2: Drop it when possible? Or not and do the converse? It could be part of some GCD, I guess. I agree, that’s not “urgent”. :-) Cheers, simon 1: https://git-scm.com/docs/signature-format --8<---------------cut here---------------start------------->8--- $ git rev-list --count 4a0b87f0ec5b6c2dcf82b372dd20ca7ea6acdd9c 37730 --8<---------------cut here---------------end--------------->8--- 2: Re: hard dependency on Git? (was bug#65866: [PATCH 0/8] Add built-in builder for Git checkouts) Simon Tournier <zimon.touto...@gmail.com> Mon, 11 Sep 2023 19:52:34 +0200 id:871qf4ha1p....@gmail.com https://lists.gnu.org/archive/html/guix-devel/2023-09 https://yhetil.org/guix/871qf4ha1p....@gmail.com 3: [bug#65866] [PATCH 0/8] Add built-in builder for Git checkouts Simon Tournier <zimon.touto...@gmail.com> Tue, 26 Sep 2023 19:13:31 +0200 id:caj3okz11cgeerxt7fpa_y-hxltq+mbqzyfb0qfge3ywc_gj...@mail.gmail.com https://issues.guix.gnu.org/65866 https://issues.guix.gnu.org/msgid/caj3okz11cgeerxt7fpa_y-hxltq+mbqzyfb0qfge3ywc_gj...@mail.gmail.com https://yhetil.org/guix/caj3okz11cgeerxt7fpa_y-hxltq+mbqzyfb0qfge3ywc_gj...@mail.gmail.com 4: [bug#65866] Toward RFC? (was Re: [bug#65866] [PATCH 0/8] Add built-in builder for Git checkouts) Simon Tournier <zimon.touto...@gmail.com> Mon, 16 Oct 2023 11:11:25 +0200 id:87jzrnq6de....@gmail.com https://issues.guix.gnu.org/65866 https://issues.guix.gnu.org/msgid/87jzrnq6de....@gmail.com https://yhetil.org/guix/87jzrnq6de....@gmail.com
