cgit archives and git get-tar-commit-id

Lars Hjemli hjemli at
Sat Mar 26 12:57:43 CET 2011

[ added cgit list to CC]

On Mon, Mar 21, 2011 at 16:57, Hrvoje Nikšić <hniksic at> wrote:
> git archive has a cool feature that it encodes the commit SHA1 in the
> header of the tar file. This header can be retrieved using git
> get-tar-commit-id (or simply with "strings"), yet it is completely
> ignored by tar -x. In archives created by cgit, this is not used
> because cgit fails to specify commit_sha1 in the archiver args. This
> patch changes cgit to specify the sha1 so that it gets stored in the
> tar file header.

Thanks. I like the idea, but there's a downside - it will change the
fingerprint of archives generated by cgit.

Some cgit-generated tarballs are used as package sources in some
distros, and with this change those tarballs will suddenly get new
checksums. This has happened once before, when cgit started to
generate tarballs with a more sane directory prefix, and it caused
some dismay.

On the other hand, the checksum of a cgit-generated archive is
fundamentally unpredictable, since it will be influenced by things out
of our control (e.g. which gzip-version was installed when the archive
was generated), so it might not be such a big deal after all.



More information about the CGit mailing list