To provide a serialized archival copy of the Gnulib Git repository we publish Git Bundles (https://git-scm.com/docs/git-bundle) of Gnulib at https://ftp.gnu.org/gnu/gnulib/. These may be useful if Savannah happens to be offline or if you want to have a GnuPG signed confirmation of the Gnulib content.
The files are named like gnulib-YYYYMMDD.bundle, for example
gnulib-20250303.bundle, where YYYYMMDD corresponds to
the Git commit date (in UTC0) of the last commit on the master
branch in the bundle.
Next to the Git Bundle is a PGP signature on the file, named
gnulib-YYYYMMDD.bundle.sig, which can be verified using GnuPG
as usual:
gpg --verify gnulib-20250303.bundle.sig
Or using the simpler gpgv tool like this:
gpgv gnulib-20250303.bundle.sig gnulib-20250303.bundle
After downloading the Git bundle you may use it to create a local gnulib clone using normal Git commands:
git clone /path/to/your/gnulib-20250303.bundle gnulib cd gnulib
Below are SHA-256 checksums of known releases:
9dae009ef9dd7cff17b74c0cda5d7a423e2ed98b4f5b7aa29a970565b0591c06 gnulib-20250303.bundle
The following PGP keys have signed releases:
sec> ed25519 2019-03-20 [SC] https://josefsson.org/key-20190320.txt
B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE
uid [ultimate] Simon Josefsson <[email protected]>
We desire that the Gnulib Git bundles are bit-by-bit reproducible, however we do not know how to achieve this. Currently gnulib maintainers may invoke the following commands to prepare and upload a Gnulib git bundle. We appreciate ideas on how to improve these set of commands (or the upstream Git tool) so that the bundle may be bit-by-bit reproducible by anyone.
cd $(mktemp -d)
REV=ac9dd0041307b1d3a68d26bf73567aa61222df54 # master branch commit to package
git clone https://git.savannah.gnu.org/git/gnulib.git
cd gnulib
git fsck # attempt to validate input
# inspect that the new tree matches a trusted copy
git checkout -B master $REV # put $REV at master
for b in $(git branch -r | grep origin/stable- | sort --version-sort); do git checkout ${b#origin/}; done
git remote remove origin # drop some unrelated branches
git gc --prune=now # drop any commits after $REV
git -c 'pack.threads=1' bundle create gnulib.bundle --all
V=$(env TZ=UTC0 git show -s --date=format:%Y%m%d --pretty=%cd master)
mv gnulib.bundle gnulib-$V.bundle
build-aux/gnupload --to ftp.gnu.org:gnulib gnulib-$V.bundle