From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: bug#22883: Authenticating a Git checkout
Date: Sun, 5 Jun 2016 17:15:17 -0400
Message-ID: <20160605211517.GA2928@jasmine>
References: <87io14sqoa.fsf@dustycloud.org> <87h9ep8gxk.fsf@gnu.org>
	<20160426001359.GA23088@jasmine> <874majg0z8.fsf@gnu.org>
	<87bn3iz1xc.fsf_-_@gnu.org> <87bn3hwpgo.fsf@gnu.org>
	<87wpm519um.fsf@gnu.org> <87h9d7e5g7.fsf@dustycloud.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33597)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b9fOz-0004w6-F5
	for bug-guix@gnu.org; Sun, 05 Jun 2016 17:16:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b9fOt-0001wV-EV
	for bug-guix@gnu.org; Sun, 05 Jun 2016 17:16:08 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:43597)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b9fOs-0001wH-8U
	for bug-guix@gnu.org; Sun, 05 Jun 2016 17:16:03 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.22883.B22883.146516132132208@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <87h9d7e5g7.fsf@dustycloud.org>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Christopher Allan Webber <cwebber@dustycloud.org>
Cc: 22883@debbugs.gnu.org

On Sun, Jun 05, 2016 at 03:39:04PM -0500, Christopher Allan Webber wrote:
> One theoretical optimization: if I verify the DAG, could I store
> somewhere that I've verified from commit cabba6e and upward already, so
> the next time I verify it only has to verify the new commits?

AIUI `git verify-commit` takes a single commit as an argument, so you
can pass it an argument like this:

$ git verify-commit $(git rev-list deadbeef..cabba6e)

... and it will only look at those. So, you would tailor the range of
commits that you want to verify.

> Mostly makes sense if we're already going down the only mildly
> crazypants direction of implementing our own tooling :)

It seems you'd want a tool that you trust to store a reference to the
latest commit you trust, and use it to create the range of commits you
pass to `git rev-list`.