Minor edits.

[gitmagic.git] / secrets.txt

== Secrets Revealed ==

We take a peek under the hood and explain how Git performs its miracles. I will skimp over details. For in-depth descriptions refer to one of the link:.[references].

=== Invisibility ===

How can Git be so unobtrusive? Aside from occasional commits and merges, you can work as if you weren't aware that version control exists. That is, until you need it, and that's when you're glad Git was watching over you the whole time.

Other version control systems don't let you forget about them. Permissions of files may be read-only unless you explicitly tell the server which files you intend to edit. The central server might be keeping track of who's checked out which code, and when. When the network goes down, you'll soon suffer. Developers constantly struggle with virtual red tape and bureaucracy.

The secret is the ".git" directory in your working directory. Git keeps the history of your project here. The initial "." stops it showing up in *ls* listings. Except when you're pushing and pulling changes, all version control operations operate within this directory.

You have total control over the fate of your files because Git doesn't care what you do to them. Git can easily recreate a saved state from ".git" at any time.

=== Integrity ===

Most people associate cryptography with keeping information secret, but another equally important goal is keeping information safe. Proper use of cryptographic hash functions can prevent accidental or malicious data corruption.

A SHA1 hash can be thought of as a unique 160-bit ID number for every string of bytes you'll encounter in your life. Actually more than that: every string of bytes that any human will ever use over many lifetimes. The hash of the whole contents of a file can be viewed as a unique ID number for that file.

An important observation is that a SHA1 hash is itself a string of bytes, so we can hash strings of bytes containing other hashes.

Roughly speaking, all files handled by Git are referred to by their unique ID, not by their filename. All data resides in files in the ".git/objects" subdirectory, where you won't find any normal filenames. The contents of files are strings of bytes we call ''blobs'' and they are divorced from their filenames.

The filenames are recorded somewhere though. They live in ''tree'' objects, which are lists of filenames along with the IDs of their contents. Since the tree itself is a string of bytes, it too has a unique ID, which is how it is stored in the ".git/objects" subdirectory. Trees can appear on the lists of other trees, hence a directory tree and all the files within may be represented by trees and blobs.

Lastly, a ''commit'' contains a message, a few tree IDs and information on how they are related to each other. A commit is also a string of bytes, hence it too has a unique ID.

You can see for yourself: take any hash you see in the `.git/objects` directory, and type

 $ git cat-file -p SHA1_HASH

Now suppose somebody tries to rewrite history and attempts to change the contents of a file in an ancient version. Then the ID of the file will change since it's now a different string of bytes. This changes the ID of any tree object referencing this file, which in turn changes the ID of all commit objects involving this tree. The corruption in the bad repository is exposed when everyone realizes all the commits since the mutilated file have the wrong IDs.

I've ignored details such as file permissions and signatures. See the link:.[references] for the full story. But in short, so long as the 20 bytes representing the last commit are safe, it's impossible to tamper with a Git repository.

=== Intelligence ===

How does Git know you renamed a file, even though you never mentioned the fact explicitly? Sure, you may have run *git mv*, but that is exactly the same as a *git rm* followed by a *git add*.

Git heuristically ferrets out renames and copies between successive versions. In fact, it can detect chunks of code being moved or copied around between files! Though it cannot cover all cases, it does a decent job, and this feature is always improving. If it does not seem to be working for you, consider upgrading.

=== Bare Repositories ===

You may have been wondering what format those online Git repositories use.
They're plain Git repositories, just like your ".git" directory except they've got names like "proj.git", and they have no working directory associated with them.

Most Git commands expect the Git index to live in ".git", and will fail on these bare repositories. Fix this by setting the "GIT_DIR" environment variable to the path of the bare repository.

=== Git Shortcomings ===

There are some Git issues I've swept under the carpet until now. Some can be handled easily with scripts, others require reorganizing or redefining the project, and as for Windows annoyances, one will just have to wait. Or better yet, pitch in and help!

==== Microsoft Windows ====

Git on Windows can be cumbersome. It works with Cygwin installed, though is slower. There is also the less invasive http://repo.or.cz/w/git/mingw.git[mingw port] which can be run from the Windows command-line.

==== Unrelated Files ====

If your project is very large and contains many unrelated files that are constantly being changed, Git may be disadvantaged more than other systems because single files are not tracked. Git tracks changes to the whole project, which is usually beneficial.

A solution is to break up your project into pieces, each consisting of related files. Use *git submodule* if you still want to keep everything in a single repository.

==== Volatile Projects ====

Git was written to be fast with respect to the size of the changes. Humans make small edits from version to version. A one-liner bugfix here, a new feature there, emended comments, that sort of thing. But if you're mostly keeping files that are radically different in successive revisions, on each commit, your history necessarily grows by the size of your whole project.

There is nothing any version control system can do about this, but standard Git users will suffer more since normally histories are cloned.

The reasons why the changes are so great should be examined. Perhaps file formats should be changed. Minor edits should only cause minor changes to at most a few files.

Or perhaps a database or backup/archival solution is what is actually being sought, not a version control system. For example, version control may not be suitable for managing photos periodically taken from a webcam. Again, version control is meant for keeping track of alterations made by humans.

If the files really must be constantly morphing and they really must be versioned, a possibility is to use Git in a centralized fashion. One can create shallow clones, which checks out little or no history of the project. Of course, many Git tools will be unavailable, and fixes must be submitted as patches. This is probably fine as it's unclear why anyone would want the history of wildly unstable files.

Another example is a project depending on firmware, which takes the form of a huge binary file. The history of the firmware is uninteresting to users, and updates compress poorly, so firmware revisions would unnecessarily blow up the size of the repository.

In this case, the source code should be stored in a Git repository, and the binary file should be kept separately. To make life easier, one could distribute a script that uses Git to checkout the code, and rsync for the firmware.

==== Global Counter ====

Some centralized version control systems maintain a positive integer that increases when a new commit is accepted. Git refers to changes by their hash, which is better in many circumstances.

But some people like having this integer around. Luckily, it's easy to write scripts so that with every update, the central Git repository increments an integer, perhaps in a tag, and associates it with the hash of the latest commit.

Every clone could maintain such a counter, but this would probably not be useful, since everyone only really cares about the central repository and its counter.

==== Automatic Compression ====

To save space, *git gc* should be run once in a while. Git will automatically run it for you when it considers it's appropriate (which depends on how frequent you commit, and is usually less than once per month).