[CentOS] Checksums for git repo content?
Gordon Messmer
gordon.messmer at gmail.com
Thu Feb 9 20:38:26 UTC 2017
On 02/09/2017 10:50 AM, Leonard den Ottolander wrote:
> SRPMS are signed which allows the integrity of the contents to be
> checked. Such an integrity check is missing from the git repo.
Git already has the protection you're looking for. As part of its core
design, git uses a hash chain to verify the integrity of its history.
Every change and every file is thus protected. It's impossible to
insert changes or to modify the history of the git repository in a way
that wouldn't be extremely visible to all users.
If you check out a module using git, and fetch its external sources
using get_sources.sh, you can rest assured that every file used to build
an RPM has been hashed and verified.
More information about the CentOS
mailing list