I am using git archive
to generate a file which is later hashed to be checked for integrity against a pre-stored hash. However I have not seen anywhere that git archive
is intended for bit repeatability, so I fear that any future changes in git itself, tar, or some other internals may suddenly lead to a different archive being produced from the same repository.
I am right in that this is not an intended use of git archive
? Or can I use it confidently like this?
This is not an intended feature of git archive
. The tar archives generated have changed before to fix bugs. There are some people who try to rely on this nevertheless, including kernel.org, but their systems have been broken when Git updates. I strongly advise against doing this.
Anything using compression (including gzipped tar archives and zip files) is inherently unreproducible because the compression can change between versions of zlib or gzip, as appropriate.