Re: Stability of git-archive, breaking (?) the Github universe, and a... | git

Stability of git-archive, breaking (?) the Github universe, and a possible solution · Eli Schwartz <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Ævar Arnfjörð Bjarmason <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Eli Schwartz <hidden> · 2023-01-31
[PATCH 0/9] git archive: use gzip again by default, document output stabilty · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 1/9] archive & tar config docs: de-duplicate configuration section · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 2/9] git config docs: document "tar.<format>.{command,remote}" · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 3/9] archiver API: make the "flags" in "struct archiver" an enum · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 4/9] archive: omit the shell for built-in "command" filters · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 5/9] archive-tar.c: move internal gzip implementation to a function · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 6/9] archive: use "gzip -cn" for stability, not "git archive gzip" · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 7/9] test-lib.sh: add a lazy GZIP prerequisite · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 8/9] archive tests: test for "gzip -cn" and "git archive gzip" stability · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
[PATCH 9/9] git archive docs: document output non-stability · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
Re: [PATCH 9/9] git archive docs: document output non-stability · brian m. carlson <hidden> · 2023-02-02
Re: [PATCH 9/9] git archive docs: document output non-stability · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
Re: [PATCH 0/9] git archive: use gzip again by default, document output stabilty · Phillip Wood <hidden> · 2023-02-02
Re: [PATCH 0/9] git archive: use gzip again by default, document output stabilty · Raymond E. Pasco <hidden> · 2023-02-02
[PATCH] archive: document output stability concerns · Raymond E. Pasco <hidden> · 2023-02-03
Re: [PATCH 0/9] git archive: use gzip again by default, document output stabilty · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-03
Re: [PATCH 0/9] git archive: use gzip again by default, document output stabilty · Phillip Wood <hidden> · 2023-02-06
Re: [PATCH 0/9] git archive: use gzip again by default, document output stabilty · "Theodore Ts'o" <tytso@mit.edu> · 2023-02-03
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · brian m. carlson <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Ævar Arnfjörð Bjarmason <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Konstantin Ryabitsev <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · brian m. carlson <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · demerphq <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Michal Suchánek <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · demerphq <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · demerphq <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · "Theodore Ts'o" <tytso@mit.edu> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Joey Hess <hidden> · 2023-02-02
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · "Theodore Ts'o" <tytso@mit.edu> · 2023-02-03
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-03
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Raymond E. Pasco <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · brian m. carlson <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-02
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Eli Schwartz <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Konstantin Ryabitsev <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Eli Schwartz <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Konstantin Ryabitsev <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Michal Suchánek <hidden> · 2023-01-31
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · brian m. carlson <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · Ævar Arnfjörð Bjarmason <hidden> · 2023-02-01
Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution · brian m. carlson <hidden> · 2023-02-01

Re: Stability of git-archive, breaking (?) the Github universe, and a possible solution

From: Konstantin Ryabitsev <hidden>
Date: 2023-01-31 16:20:55

On Tue, Jan 31, 2023 at 10:56:52AM -0500, Eli Schwartz wrote:

And for tarballs that are generated once and uploaded to ftp storage,
not repeatedly generated on the fly, we know the checksum will never
legitimately change, so we *want* to hash the compressed file.
Decompressing kernel.org tarballs in order to run PGP on them is *slow*.

FWIW, the most correct way is:

* download sha256sums.asc and verify its signature (auto-signed by infra)
* download the tarball you want and verify that the checksum matches
* uncompress and verify the PGP signature (signed by developer)

This script implements this workflow:
https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball

-K

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help