[darcs-users] Signing patches
Daniel Carrera
daniel.carrera at theingots.org
Fri Apr 10 19:22:11 UTC 2009
Ganesh Sittampalam wrote:
> On Fri, 10 Apr 2009, Daniel Carrera wrote:
>> So the order used for the hash is independent of how the patches are
>> arranged in the repository. All that we need is that we agree on which
>> patches we are looking at. So my suggestion only works if the set of
>> dependencies of U is unique up to order.
>
> The dependencies of a patch are unique up to order, and the general idea
> of hashing just U with its dependencies has been discussed before
> (search for phrases like "minimal context"). I can't remember what the
> conclusion was, if any, though.
>
> If you track down the past discussion, it would be worth writing up as a
> wishlist item for the bug tracker if not already there.
I found a discussion from 2005, starting here:
http://lists.osuosl.org/pipermail/darcs-users/2005-November/008745.html
Summary:
* David R said it was a good idea. Ideally we'd use some canonical
representation so it'll survive whenever Darcs changes format.
* The cost of verifying a patch would be at worst O(N^2) assuming no
exponentially expensive commutes. If commutation and patch-parsing was
fast, it could probably work fine.
I have an optimization idea: The patch could store not just its own
hash, but also the hashes of its immediate dependencies. So Darcs can
skip all of the patches that are not directly relevant. I'll elaborate:
Def: By "direct dependency" I mean that patch B depends on A and there
is no patch X such that B depends on X depends on A.
Imagine we have the following tree: ABCDEFG
We want to add patch H, which depends on F and B. In turn, F depends on
E and B depends on A, but that's it. Then patch H would say:
[hash: <hash-of-H>]
[Added feature H.
depends: <hash-of-F>
depends: <hash-of-B>
user at example.com**20090331192735]
When Darcs verifies the patch, it skips straight to F and B. When it
gets to F it sees:
[hash: <hash-of-F>]
[Added feature F.
depends: <hash-of-E>
user at example.com**20090221192735]
So it goes get patch E as well. Likewise, when it reaches B it finds a
'depends:<hash-of-A>' so it grabs A. In this way, Darcs goes straight to
the patches that it needs and doesn't have to spend as much time
figuring out the minimal-context for H.
The hash for a patch would be the SHA1 sum of the entire patch file,
except for the [hash: ... ] line of course. This means that the hash of
H depends on the hash of F and B, and the hash of F in turn depends on
the hash of E and so on. In this way, the hash for any patch depends on
the entire history of patches needed to produce that patch's minimal
context.
Once we have a unique hash, we can get digital signatures. So a patch
might actually look like this:
[hash: <hash-of-H>
sig: <sign-hash-of-H>]
[Added feature H.
depends: <hash-of-F>
depends: <hash-of-B>
user at example.com**20090331192735]
What do you think?
More information about the darcs-users
mailing list