2

I've heard that with GIT, you can make it automatically track filename changes (i.e. if you change a filename, it automatically notices that the checksum is very similar, and updates the filename in the repository automatically).

Does anyone have an example of how this is done?

Contango
  • 76,540
  • 58
  • 260
  • 305

3 Answers3

3

This is not checksum-based but rather on the delta of the file versions (unless the checksums are absolutely identical, i.e. a rename without additional changes in the file).

The used SHA-1 (a hash actually, not only a checksum) was designed for security and therefore does not expose any hints to similarity as far as research goes.

That said, you might also look into git's source code to be sure how it works. Maybe start with the piece of front-end code that shows that a rename has taken place, and work your way backwards to the locations where the detection is done.

Arc
  • 11,143
  • 4
  • 52
  • 75
  • Dont see, where hashes can ensure any security, they can only ensure the integrity of the objects. Also they are usable (and afaik they are used) for hints on equality (of course similarity is not possible this way). – KingCrunch Apr 07 '11 at 10:28
  • You understood it wrong. I did not say that SHA-1 is used for its security but it was designed by its creators with security in mind, not just for integrity checking of accidentally or random change of data but also for malicious changes. This actually has nothing to do with git but explains why SHA-1 cannot indicate similarity between two files. Hashes can ensure security if they are signed off using public key algorithms. By the way, there is a git tool for doing exactly this (with gpg) to ensure that a commit has not been tampered with. – Arc Apr 07 '11 at 10:32
  • Signing tagged git commits with GPG: http://www.kernel.org/pub/software/scm/git/docs/git-tag.html – Arc Apr 07 '11 at 10:36
  • A little bit offtopic, but know Im curious :) If I'm able to inject something malicious into a repository, I'm usually able to change the hashes and history too. As far as I can see this will break any existing clone (because the history/log is broken), but not a new one, because it seems to be a valid history, valid objects and valid hashes. (That SHA-1 cannot detect similarity is obvious: They are hashes :>) – KingCrunch Apr 07 '11 at 10:39
  • Signing something is an additional feature. Here you need a key to verify the commit, not only the hash itself. – KingCrunch Apr 07 '11 at 10:41
  • 1
    @KingCrunch this comment: "this will break any existing clone (because the history/log is broken), but not a new one, because it seems to be a valid history, valid objects and valid hashes" reminds me of this: "The truly paranoid should always write down the latest 20-byte SHA1 hash of the HEAD somewhere safe. It has to be safe, not private. For example, publishing it in a newspaper would work well, because it’s hard for an attacker to alter every copy of a newspaper." from http://www-cs-students.stanford.edu/~blynn/gitmagic/ch03.html which is a pretty good git intro. – Tyler Apr 08 '11 at 08:08
  • @MatrixFrog: This is no security on its own too (like signing also requires additional tasks to do). Thanks for the article. As far as I can see that hash is used (in this scenario) similar to md5-hashes are often used for files: An separate list of hashes to compare against a set of downloaded files. Interesting approach at all :) – KingCrunch Apr 08 '11 at 08:15
1

Usually git is able to find the old and new filename itself. In doubt, let git move the file

git mv <source> <destination>
KingCrunch
  • 128,817
  • 21
  • 151
  • 173
  • 2
    I don't think this makes it any more likely that git will track the rename. It's just a shorthand for something like `cp oldName newName && git rm oldName && git add newName`. – Tyler Apr 08 '11 at 00:52
  • Currently just found http://stackoverflow.com/questions/1094269/whats-the-purpose-of-git-mv . See the comment of the accepted asnwer. I dont know the details, but I havent any problems with both forms, so maybe its really just a shortcut. Die Manpage http://www.kernel.org/pub/software/scm/git/docs/git-mv.html doesnt help neither :/ – KingCrunch Apr 08 '11 at 07:12
0

I ended up using SmartGIT. Its a very cool GIT interface: if any files in your source code tree are updated/moved/renamed, it lets you know, so you can always be sure that GIT has all the source code you need to compile your project.

Contango
  • 76,540
  • 58
  • 260
  • 305