2

Given a remote repository URL and a SHA hash, is it possible to test whether the hash represents a commit in the repository:

  1. Without fetching at all?
  2. If not, with as little fetching (shallow, not all branches) as possible?

A closest answer I think of as a related one states that git fetch cannot fetch a commit by hash, which is not very promising. ls-remote also works only with refs. I cannot find any more related commands that look helpful.

Background: a build/packaging tool needs to verify that the build, which contains an SHA hash of a commit, is trackable to source in a particular “golden” repository–not in the legal or cryptographically sound sense of trackable, rather just to prevent the common human error of not sharing the code before pushing binaries into production. Any thoughts on a solution to this problem are appreciated.

Indeed, the local git repository almost certainly exists, and the remote with the given URL very likely exists in it also (or how else the commit could have been pushed into the golden repository?), but I would prefer to avoid, if possible, altering the state of that user's repository with a fetch.

Community
  • 1
  • 1
kkm
  • 4,273
  • 1
  • 25
  • 49

1 Answers1

2

"cannot fetch a commit by hash".

Well... about that: Git 2.5 will allow you to fetch a specific commit!
See "Pull a specific commit from a remote git repository".
Git 2.5 will be released at the end of this month (27th of July)

git fetch --depth=1 ../testrepo/.git $SHA1
git cat-file commit $SHA1

If the SHA1 is reachable from one of the branch tips of the remote repo, you will be able to fetch it, which will validate your test.

Caveat: you need a Git 2.5 remote repo server though, which will handle the uploadpack.allowReachableSHA1InWant config (and you need that config to be set to true, in order to allow a single commit fetch).

So for existing Git server, the answer is "probably not possible" (without fetching at least everything, since you don't know which branch to fetch).

Community
  • 1
  • 1
VonC
  • 1,042,979
  • 435
  • 3,649
  • 4,283
  • Wonderful, thank you, this will do the trick! Yes, the server is on the intranet, so we can upgrade it, and configure any way we want. Do you perchance know whether the server upgrade alone will be enough, or the client also needs to be v2.5 for this feature to work? – kkm Jul 16 '15 at 06:07
  • @kkm the client also need to be 2.5. If the client is Windows, it will need to use https://github.com/git-for-windows/git/releases/ – VonC Jul 16 '15 at 06:07
  • Yes, most development is done under Windows, and thanks for sharing the pointer to the future v2.5 build for Windows too! – kkm Jul 16 '15 at 06:14
  • @kkm Yes, 2.5 for Windows will closely follow Git 2.5 official release – VonC Jul 16 '15 at 06:15