Git and libgit2

Git Repository Integrity

Published 2023-07-20.
Time to read: 2 minutes.

This page is part of the git collection.

Git has been the dominant source code control program since 2008. When on assignment as a software expert for a US federal court case, I always request entire git repositories instead of just the source code at one specific historical date. Having the entire git repository means that I can learn how a project was built, and who did what.

Git Integrity

Git repositories use two types of immutable objects to store data: blobs, which are files, and trees, which are directories. The ‘trees’ are actually Merkle trees, which are immutable. Merkle trees are also used in cryptocurrency for similar reasons.

Each node in a tree has a cryptographic hash, also known as a SHA, most often referred to as a hash. Git evaluates the validity of the hash of each object each time it processes them. Invalid hashes cause git to halt with an error message. This guarantees that if git continues a command to completion without halting with an error message, the objects that it processed are unchanged.

The git status command tells the user if any files or directories have been added, deleted or changed.

Demonstrating Status Changes

This is the message that results when a git repository has no uncommitted changes:

Shell
$ git status
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean 

This is the message that results when a git repository has a modified file:

Shell
$ git status
Refresh index: 100% (1756/1756), done.
On branch master
Your branch is up to date with 'origin/master'.

Changes not staged for commit:
  (use "git add ..." to update what will be committed)
  (use "git restore ..." to discard changes in working directory)
        modified:   what_yo_mama_said.txt

no changes added to commit (use "git add" and/or "git commit -a") 

This is the message that results when a git repository has an extra file:

Shell
$ git status
On branch master
Your branch is up to date with 'origin/master'.

Untracked files:
  (use "git add ..." to include in what will be committed)
        extra.html

nothing added to commit but untracked files present (use "git add" to track) 

This is the message that results when a git repository has a deleted file:

Shell
$ git status
On branch master
Your branch is up to date with 'origin/master'.

Changes not staged for commit:
  (use "git add/rm ..." to update what will be committed)
  (use "git restore ..." to discard changes in working directory)
        deleted:    README.md

no changes added to commit (use "git add" and/or "git commit -a") 

Summary

Thus, if the opposing side does not provide source code for a given product or program in a git repository, not only is it impossible to examine the history of the product or program, it is also impossible to know that all of the files have been received, unchanged, or if extra files have been provided. I always press for receiving source code in git repositories instead of in unmanaged directories.

* indicates a required field.

Please select the following to receive Mike Slinn’s newsletter:

You can unsubscribe at any time by clicking the link in the footer of emails.

Mike Slinn uses Mailchimp as his marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp’s privacy practices.