From patchwork Wed Oct 19 01:03:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13011252 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E739DC433FE for ; Wed, 19 Oct 2022 01:03:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229848AbiJSBDf (ORCPT ); Tue, 18 Oct 2022 21:03:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229508AbiJSBDd (ORCPT ); Tue, 18 Oct 2022 21:03:33 -0400 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E37D2DED38 for ; Tue, 18 Oct 2022 18:03:32 -0700 (PDT) Received: by mail-wr1-x429.google.com with SMTP id n12so26380588wrp.10 for ; Tue, 18 Oct 2022 18:03:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+UQAfRP+M4Ne8vgylcRWj1IvISeS+gGHOFLT5WttF7M=; b=aci2eLZEs3yIoJXU+SNZfpPPsZZeeqWnXykwQaZdB/J7QXgASi3pw3/O749+YM50e4 ZL097mlvNE+LNwv12LL1TV7aRLwTStX1npFPAVN1EsMc611bErWJyHo4C9SeRFoMMcOp AORfp3WBARYIakqVPovUXRuIBzKc4dHhRXPxIk8qQyaTq3Y7d28IJBfoM9ZCaHks0y6a ZjSybSTGSw5UNww7lv/tMthEFtHHWa2hPS8/BBpj+3huNlqnIhVnX9kTYDrFgjYRfigc G7WYbzlhCT7/lNoeQ21aGonZNWeGmPW3geHdlxMrIay/IvfZpYQAEXzOvja/hgAEi9F4 Z1FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+UQAfRP+M4Ne8vgylcRWj1IvISeS+gGHOFLT5WttF7M=; b=HfZtUtNIef8kypfINSrJazJiQPGvjujevMpyzFtpbxmKW7TwG7gQkOO1Q8rIcuAA6j V9jT6WC2kS7LW9fT9R0+5FqGTMp7xG3l6tMxXtO31D0uehfxeJr1N3eaByfSJ05Av+gz PL4hR/aV+tlhfWWD2Z3+2FYX1F+uYSk4OvPnjmcDLHA1Uh3U2XDY1Yj1Ta/M79oexm/2 MokyzHo/Xy2t2WCCAxCPWOnyqo/L7QTydeY85ME9JphuW9rk8O/ib3vRdCZViph/vLG+ Te/3FA/SSa6VEq/TErjvTPzbASPTr6cbQHXhuSt+eHsLDWgiGu5x9LFxf9x32oWcTxlP TwIA== X-Gm-Message-State: ACrzQf38lqyzQRY7bfHPbJvYGNi3DMqUWcBxIHgZWNpmHdRxf6o/AHDc LC2FyxPskPgRh1SPrAJOBBVTDoNZzSjl6g== X-Google-Smtp-Source: AMsMyM6xt2X7P0U2Si7tNxKXcvhCgcGqPc+4OGnoFm6Y5dvq+Haoge9JZIR8zF7pajKAoMHWfUAhwg== X-Received: by 2002:adf:8bc5:0:b0:22e:3873:276d with SMTP id w5-20020adf8bc5000000b0022e3873276dmr3258981wra.402.1666141410998; Tue, 18 Oct 2022 18:03:30 -0700 (PDT) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id q3-20020a056000136300b0022e3cba367fsm12161315wrz.100.2022.10.18.18.03.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Oct 2022 18:03:30 -0700 (PDT) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v2 1/4] fsmonitor OSX: compile with DC_SHA1=YesPlease Date: Wed, 19 Oct 2022 03:03:19 +0200 Message-Id: X-Mailer: git-send-email 2.38.0.1093.gcd4a685f0b1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org As we'll address in subsequent commits the "DC_SHA1=YesPlease" is not on by default on OSX, instead we use Apple Common Crypto's SHA-1 implementation. In 6beb2688d33 (fsmonitor: relocate socket file if .git directory is remote, 2022-10-04) the build was broken with "DC_SHA1=YesPlease" (and probably other non-"APPLE_COMMON_CRYPTO" SHA-1 backends). So let's extract the fix for this from [1] to get the build working again with "DC_SHA1=YesPlease". In addition to the fix in [1] we also need to replace "SHA_DIGEST_LENGTH" with "GIT_MAX_RAWSZ". 1. https://lore.kernel.org/git/c085fc15b314abcb5e5ca6b4ee5ac54a28327cab.1665326258.git.gitgitgadget@gmail.com/ Signed-off-by: Eric DeCosta Signed-off-by: Ævar Arnfjörð Bjarmason --- compat/fsmonitor/fsm-ipc-darwin.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compat/fsmonitor/fsm-ipc-darwin.c b/compat/fsmonitor/fsm-ipc-darwin.c index ce843d63348..d67b0ee50d3 100644 --- a/compat/fsmonitor/fsm-ipc-darwin.c +++ b/compat/fsmonitor/fsm-ipc-darwin.c @@ -10,10 +10,10 @@ static GIT_PATH_FUNC(fsmonitor_ipc__get_default_path, "fsmonitor--daemon.ipc") const char *fsmonitor_ipc__get_path(struct repository *r) { static const char *ipc_path = NULL; - SHA_CTX sha1ctx; + git_SHA_CTX sha1ctx; char *sock_dir = NULL; struct strbuf ipc_file = STRBUF_INIT; - unsigned char hash[SHA_DIGEST_LENGTH]; + unsigned char hash[GIT_MAX_RAWSZ]; if (!r) BUG("No repository passed into fsmonitor_ipc__get_path"); @@ -28,9 +28,9 @@ const char *fsmonitor_ipc__get_path(struct repository *r) return ipc_path; } - SHA1_Init(&sha1ctx); - SHA1_Update(&sha1ctx, r->worktree, strlen(r->worktree)); - SHA1_Final(hash, &sha1ctx); + git_SHA1_Init(&sha1ctx); + git_SHA1_Update(&sha1ctx, r->worktree, strlen(r->worktree)); + git_SHA1_Final(hash, &sha1ctx); repo_config_get_string(r, "fsmonitor.socketdir", &sock_dir); From patchwork Wed Oct 19 01:03:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13011256 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA96EC43217 for ; Wed, 19 Oct 2022 01:03:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229918AbiJSBDp (ORCPT ); Tue, 18 Oct 2022 21:03:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229569AbiJSBDk (ORCPT ); Tue, 18 Oct 2022 21:03:40 -0400 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24568DEF2F for ; Tue, 18 Oct 2022 18:03:34 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id bv10so26486429wrb.4 for ; Tue, 18 Oct 2022 18:03:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0WzzMtTKx1LfDsqot0MKLFKi01aLC4by7HvQI//oNCg=; b=alJBn1EkvqWbtsp+8TSo2ah2j65UStwlAGdVyBwPi+/ZQbll+5gT1hO0rhU4P3G0Mr CaP+XbJQINeSEnq+ZUz/bf4olGnNjAk0SWYqb3WRLDGgaiihEKVGGUQKM/33byn/oUsS yTSW0iyJc0aA2d1yCSfl6uNXX7vn3KDSZx33WmOlNsXEGhfrSgOvfuJqeh5pwUf6y/UC CuUWP8QcFBTyEtZmUlN7+Zgw+b8tlD/G4yHEqpwAcHyP2ftt+dyW+rCNIjWXY+sWLeGF JiOekmOSVuc1lme7+GGexskp0UN4i7PWzdJjHO8gJF1Po0zHwrmGvNqJ1qBkUG/pxTXg agBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0WzzMtTKx1LfDsqot0MKLFKi01aLC4by7HvQI//oNCg=; b=xAkHhj7jAHNiq456FopKjTec9aRWABMQEE5Mya9OpfvoVxGrWxyy/vp2qLZFNizxz0 f+T/dAqxV9aKFAwPwZcERUPGXH1/oLtAEHcsK8rtKqPIqSQosP+mD3W0O7jmpb2r214l jR6MKf4zxkh6kWvSayJt5oPMmK8ewn3Bdaf3GH3stB73x4Ixtp0udo+tnz8CLw2SfvND Cm4LceXkXA8LYE6V71i7RAQlGRk9YzTbSb3mKD1CyxaLODS1R6SvmPnZLpp3KRYcnqxZ WnapXMjNAALerY94Td5ZZz7iZ7mgilH5KedPR35Xdde02G7IoAWdn1cFSWW3IuUQhS33 Lxjg== X-Gm-Message-State: ACrzQf0fsNGCWKdwZFlAtT/ZXtRe281ucynqFdc+jaU1OP8x3vlvbWO/ i7rG6bqX/2czrvlUYOOot2J3NsIxs7pUNQ== X-Google-Smtp-Source: AMsMyM5bHkEHM+OS/YsebEwO8AZW2yTgM6MmTj1xliqJ1Qe5/CqYcgAwzO8CLWQMssGzGaSDB1J1Gg== X-Received: by 2002:a5d:6442:0:b0:22e:2c71:fdac with SMTP id d2-20020a5d6442000000b0022e2c71fdacmr3152991wrw.243.1666141412131; Tue, 18 Oct 2022 18:03:32 -0700 (PDT) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id q3-20020a056000136300b0022e3cba367fsm12161315wrz.100.2022.10.18.18.03.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Oct 2022 18:03:31 -0700 (PDT) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v2 2/4] Makefile: create and use sections for "define" flag listing Date: Wed, 19 Oct 2022 03:03:20 +0200 Message-Id: X-Mailer: git-send-email 2.38.0.1093.gcd4a685f0b1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Since the "Define ..." template of comments at the top of the Makefile was started in 5bdac8b3269 ([PATCH] Improve the compilation-time settings interface, 2005-07-29) we've had a lot more flags added, including flags that come in "groups". Not having any obvious structure to the >500 line comment at the top of the Makefile has made it hard to follow. This change is almost entirely a move-only change, the two paragraphs at the start of the first two sections are new, and so are the added sections themselves, but other than that no lines are changed, only moved. We now list Makefile-only flags at the start, followed by stand-alone flags, and then cover "optional library" flags in their respective groups, followed by SHA-1 and SHA-256 flags, and finally DEVELOPER-specific flags. Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 210 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 117 insertions(+), 93 deletions(-) diff --git a/Makefile b/Makefile index d93ad956e58..18ad487274e 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,20 @@ all:: # Import tree-wide shared Makefile behavior and libraries include shared.mak +# == Makefile defines == +# +# These defines change the behavior of the Makefile itself, but have +# no impact on what it builds: +# # Define V=1 to have a more verbose compile. # +# == Portability and optional library defines == +# +# These defines indicate what Git can expect from the OS, what +# libraries are available etc. Much of this is auto-detected in +# config.mak.uname, or in configure.ac when using the optional "make +# configure && ./configure" (see INSTALL). +# # Define SHELL_PATH to a POSIX shell if your /bin/sh is broken. # # Define SANE_TOOL_PATH to a colon-separated list of paths to prepend @@ -30,68 +42,8 @@ include shared.mak # # Define NO_OPENSSL environment variable if you do not have OpenSSL. # -# Define USE_LIBPCRE if you have and want to use libpcre. Various -# commands such as log and grep offer runtime options to use -# Perl-compatible regular expressions instead of standard or extended -# POSIX regular expressions. -# -# Only libpcre version 2 is supported. USE_LIBPCRE2 is a synonym for -# USE_LIBPCRE, support for the old USE_LIBPCRE1 has been removed. -# -# Define LIBPCREDIR=/foo/bar if your PCRE header and library files are -# in /foo/bar/include and /foo/bar/lib directories. -# # Define HAVE_ALLOCA_H if you have working alloca(3) defined in that header. # -# Define NO_CURL if you do not have libcurl installed. git-http-fetch and -# git-http-push are not built, and you cannot use http:// and https:// -# transports (neither smart nor dumb). -# -# Define CURLDIR=/foo/bar if your curl header and library files are in -# /foo/bar/include and /foo/bar/lib directories. -# -# Define CURL_CONFIG to curl's configuration program that prints information -# about the library (e.g., its version number). The default is 'curl-config'. -# -# Define CURL_LDFLAGS to specify flags that you need to link when using libcurl, -# if you do not want to rely on the libraries provided by CURL_CONFIG. The -# default value is a result of `curl-config --libs`. An example value for -# CURL_LDFLAGS is as follows: -# -# CURL_LDFLAGS=-lcurl -# -# Define NO_EXPAT if you do not have expat installed. git-http-push is -# not built, and you cannot push using http:// and https:// transports (dumb). -# -# Define EXPATDIR=/foo/bar if your expat header and library files are in -# /foo/bar/include and /foo/bar/lib directories. -# -# Define EXPAT_NEEDS_XMLPARSE_H if you have an old version of expat (e.g., -# 1.1 or 1.2) that provides xmlparse.h instead of expat.h. -# -# Define NO_GETTEXT if you don't want Git output to be translated. -# A translated Git requires GNU libintl or another gettext implementation, -# plus libintl-perl at runtime. -# -# Define USE_GETTEXT_SCHEME and set it to 'fallthrough', if you don't trust -# the installed gettext translation of the shell scripts output. -# -# Define HAVE_LIBCHARSET_H if you haven't set NO_GETTEXT and you can't -# trust the langinfo.h's nl_langinfo(CODESET) function to return the -# current character set. GNU and Solaris have a nl_langinfo(CODESET), -# FreeBSD can use either, but MinGW and some others need to use -# libcharset.h's locale_charset() instead. -# -# Define CHARSET_LIB to the library you need to link with in order to -# use locale_charset() function. On some platforms this needs to set to -# -lcharset, on others to -liconv . -# -# Define LIBC_CONTAINS_LIBINTL if your gettext implementation doesn't -# need -lintl when linking. -# -# Define NO_MSGFMT_EXTENDED_OPTIONS if your implementation of msgfmt -# doesn't support GNU extensions like --check and --statistics -# # Define HAVE_PATHS_H if you have paths.h and want to use the default PATH # it specifies. # @@ -152,39 +104,6 @@ include shared.mak # and do not want to use Apple's CommonCrypto library. This allows you # to provide your own OpenSSL library, for example from MacPorts. # -# Define BLK_SHA1 environment variable to make use of the bundled -# optimized C SHA1 routine. -# -# Define DC_SHA1 to unconditionally enable the collision-detecting sha1 -# algorithm. This is slower, but may detect attempted collision attacks. -# Takes priority over other *_SHA1 knobs. -# -# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link -# git with the external SHA1 collision-detect library. -# Without this option, i.e. the default behavior is to build git with its -# own built-in code (or submodule). -# -# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the -# sha1collisiondetection shipped as a submodule instead of the -# non-submodule copy in sha1dc/. This is an experimental option used -# by the git project to migrate to using sha1collisiondetection as a -# submodule. -# -# Define OPENSSL_SHA1 environment variable when running make to link -# with the SHA1 routine from openssl library. -# -# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed -# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO -# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. -# -# Define BLK_SHA256 to use the built-in SHA-256 routines. -# -# Define NETTLE_SHA256 to use the SHA-256 routines in libnettle. -# -# Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt. -# -# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. -# # Define NEEDS_CRYPTO_WITH_SSL if you need -lcrypto when using -lssl (Darwin). # # Define NEEDS_SSL_WITH_CRYPTO if you need -lssl when using -lcrypto (Darwin). @@ -490,6 +409,111 @@ include shared.mak # to the "" of the corresponding `compat/fsmonitor/fsm-settings-.c` # that implements the `fsm_os_settings__*()` routines. # +# === Optional library: libintl === +# +# Define NO_GETTEXT if you don't want Git output to be translated. +# A translated Git requires GNU libintl or another gettext implementation, +# plus libintl-perl at runtime. +# +# Define USE_GETTEXT_SCHEME and set it to 'fallthrough', if you don't trust +# the installed gettext translation of the shell scripts output. +# +# Define HAVE_LIBCHARSET_H if you haven't set NO_GETTEXT and you can't +# trust the langinfo.h's nl_langinfo(CODESET) function to return the +# current character set. GNU and Solaris have a nl_langinfo(CODESET), +# FreeBSD can use either, but MinGW and some others need to use +# libcharset.h's locale_charset() instead. +# +# Define CHARSET_LIB to the library you need to link with in order to +# use locale_charset() function. On some platforms this needs to set to +# -lcharset, on others to -liconv . +# +# Define LIBC_CONTAINS_LIBINTL if your gettext implementation doesn't +# need -lintl when linking. +# +# Define NO_MSGFMT_EXTENDED_OPTIONS if your implementation of msgfmt +# doesn't support GNU extensions like --check and --statistics +# +# === Optional library: libexpat === +# +# Define NO_EXPAT if you do not have expat installed. git-http-push is +# not built, and you cannot push using http:// and https:// transports (dumb). +# +# Define EXPATDIR=/foo/bar if your expat header and library files are in +# /foo/bar/include and /foo/bar/lib directories. +# +# Define EXPAT_NEEDS_XMLPARSE_H if you have an old version of expat (e.g., +# 1.1 or 1.2) that provides xmlparse.h instead of expat.h. + +# === Optional library: libcurl === +# +# Define NO_CURL if you do not have libcurl installed. git-http-fetch and +# git-http-push are not built, and you cannot use http:// and https:// +# transports (neither smart nor dumb). +# +# Define CURLDIR=/foo/bar if your curl header and library files are in +# /foo/bar/include and /foo/bar/lib directories. +# +# Define CURL_CONFIG to curl's configuration program that prints information +# about the library (e.g., its version number). The default is 'curl-config'. +# +# Define CURL_LDFLAGS to specify flags that you need to link when using libcurl, +# if you do not want to rely on the libraries provided by CURL_CONFIG. The +# default value is a result of `curl-config --libs`. An example value for +# CURL_LDFLAGS is as follows: +# +# CURL_LDFLAGS=-lcurl +# +# === Optional library: libpcre2 === +# +# Define USE_LIBPCRE if you have and want to use libpcre. Various +# commands such as log and grep offer runtime options to use +# Perl-compatible regular expressions instead of standard or extended +# POSIX regular expressions. +# +# Only libpcre version 2 is supported. USE_LIBPCRE2 is a synonym for +# USE_LIBPCRE, support for the old USE_LIBPCRE1 has been removed. +# +# Define LIBPCREDIR=/foo/bar if your PCRE header and library files are +# in /foo/bar/include and /foo/bar/lib directories. +# +# == SHA-1 and SHA-256 defines == +# +# Define BLK_SHA1 environment variable to make use of the bundled +# optimized C SHA1 routine. +# +# Define DC_SHA1 to unconditionally enable the collision-detecting sha1 +# algorithm. This is slower, but may detect attempted collision attacks. +# Takes priority over other *_SHA1 knobs. +# +# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link +# git with the external SHA1 collision-detect library. +# Without this option, i.e. the default behavior is to build git with its +# own built-in code (or submodule). +# +# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the +# sha1collisiondetection shipped as a submodule instead of the +# non-submodule copy in sha1dc/. This is an experimental option used +# by the git project to migrate to using sha1collisiondetection as a +# submodule. +# +# Define OPENSSL_SHA1 environment variable when running make to link +# with the SHA1 routine from openssl library. +# +# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed +# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO +# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. +# +# Define BLK_SHA256 to use the built-in SHA-256 routines. +# +# Define NETTLE_SHA256 to use the SHA-256 routines in libnettle. +# +# Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt. +# +# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. +# +# == DEVELOPER defines == +# # Define DEVELOPER to enable more compiler warnings. Compiler version # and family are auto detected, but could be overridden by defining # COMPILER_FEATURES (see config.mak.dev). You can still set From patchwork Wed Oct 19 01:03:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13011254 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A745C4332F for ; Wed, 19 Oct 2022 01:03:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229890AbiJSBDk (ORCPT ); Tue, 18 Oct 2022 21:03:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229508AbiJSBDg (ORCPT ); Tue, 18 Oct 2022 21:03:36 -0400 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 287D8DED38 for ; Tue, 18 Oct 2022 18:03:35 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id j16so26581500wrh.5 for ; Tue, 18 Oct 2022 18:03:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iUs4gYllbwQQa3QUVj4MC3IPdEk/QC28Kut0M2cVom4=; b=JYGV4THeFjmaroGWu2zbtIuEoTrdQEqj+0KA6QnttVxOqayGBAlMuez/e8xeM2QtlM BoKdCdwECkxwBnDKdVgqttgYpIn2QVpj8GO507IYkV4hzRX0ixIDL8LR1axfiYVkOroF sFoTKFNOz6UZ9BplQ1wnL+wV9o28A6aImYwoJNsdlKapI6WNV0uB+sjVD3hDJyTGIYRN l4dHV80dPQptQpiIPrSvSOc9nqaI32YQaZhJXocHq/ARMwqsOrCaMGWYDMOGDTf+45ra 1ZM3Js09ziLiGJMR/5o3LWvLo34szLb33K+HxUVa6ZiahrBiLFHGoNNIYStqrr4rqDNb ANsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iUs4gYllbwQQa3QUVj4MC3IPdEk/QC28Kut0M2cVom4=; b=OpdTgQZFUKQkbVLsFu/St0b9HJNq6GVF3Bwwcd2S52CNok8ii6bXBy5rzSDVH80URV +czUPYAbjcdzb+ufvFRGXfRe9adJOSB2OQWHMZXBr0RWYqRVPBwHhWuNFlS0kZo1OWNw /jY6/k273OS99Ses5gZkTx24RQRy1I3cvFaBakvs4CWm3AWgYbp1CGlJE2UWepur47Pu nVdgEea8dmV6FYi4MonL1YlzFXUnhi+N22LSGCb/ZQ1gvfSYXD7+JbqTeJyWGrK07EMu NoslFwU2i/sJhEc+RmDwa1dbYo3Ut2ugrdJfVmh3R5fj8XtJud/R/bWRAFvTwOk5pwGk 0D6w== X-Gm-Message-State: ACrzQf3ZDbKWEU1/CHLHKJCd5ze2mNy1MNWQWF0sEh7FJS+CfzCVl/YP Ai+n7SG9G4Q9ju8wxBu7PihkOlga/HREeA== X-Google-Smtp-Source: AMsMyM7hUbmeN+uG7GMLtpOzdF5ym7gDpqLtG72O9cM+l3lChuJ6bP9k2bqGBm08LUrIxTCIJTg0jg== X-Received: by 2002:a5d:47c5:0:b0:22e:655e:f258 with SMTP id o5-20020a5d47c5000000b0022e655ef258mr3171425wrc.569.1666141413276; Tue, 18 Oct 2022 18:03:33 -0700 (PDT) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id q3-20020a056000136300b0022e3cba367fsm12161315wrz.100.2022.10.18.18.03.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Oct 2022 18:03:32 -0700 (PDT) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v2 3/4] Makefile: really use and document sha1collisiondetection by default Date: Wed, 19 Oct 2022 03:03:21 +0200 Message-Id: X-Mailer: git-send-email 2.38.0.1093.gcd4a685f0b1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org When the sha1collisiondetection library was added and made the default in [1] we never updated the documentation added in [2] early in that series once the default was flipped to DC_SHA1 in [3]. Furthermore the INSTALL file has been claiming that we use OpenSSL by default since [4], and hadn't been updated for the sha1collisiondetection switch. The interaction between NO_APPLE_COMMON_CRYPTO and DC_SHA1 seems to have been missed in [3], so ever since DC_SHA1 was made the default we've still used Apple's CommonCrypto instead of sha1collisiondetection on Darwin and Mac OS X. Instead off all of this we now: * Don't have a DC_SHA1 know anymore (using it is an error), you need to set NO_DC_SHA1 instead to use any optional *_SHA1 implementation. * Re-arranged the algorithm inclusion in hash.h to correspond to NO_DC_SHA1, and "#error" if we have no defined SHA_*, rather than silently picking block-sha1/sha1.h as a fallback. * Have an INSTALL that reflects reality. We were still claiming to use OpenSSL's SHA-1 hashing by default. * Have Darwin and Mac OS X use sha1collisiondetection, like everywhere else. There is still a NO_APPLE_COMMON_CRYPTO knob, but it's used for things unrelated to SHA-1 (see [6]). * Have a rewritten discussion of SHA-1 and SHA-256 in the Makefile which covers all of this. Let's also change the CI for "osx-clang" to test with the new APPLE_SHA1 knob ("osx-gcc" uses the new sha1collisiondetection default). In practice this will spot issues like the one noted in [7], as testing with just two backends should be enough to spot unportable code. Ideally we'd have other CI jobs to test the various SHA-1 combinations, but for now we have better CI coverage than before. 1. 48b3693d3ce (Merge branch 'jk/sha1dc', 2017-03-24) 2. 8325e43b82d (Makefile: add DC_SHA1 knob, 2017-03-16) 3. e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17) 4. 5beb577db8c (INSTALL: Describe dependency knobs from Makefile, 2009-09-10) 5. 4dcd7732db0 (Makefile: add support for Apple CommonCrypto facility, 2013-05-19) 6. 3ef2bcad02e (imap-send: use Apple's Security framework for base64 encoding, 2013-07-29) 7. https://lore.kernel.org/git/kl6l7d0yyu6r.fsf@chooglen-macbookpro.roam.corp.google.com/ Signed-off-by: Ævar Arnfjörð Bjarmason --- INSTALL | 10 ++- Makefile | 98 ++++++++++++++++++++--------- ci/lib.sh | 3 + contrib/buildsystems/CMakeLists.txt | 3 +- hash.h | 10 +-- t/t0013-sha1dc.sh | 4 +- 6 files changed, 86 insertions(+), 42 deletions(-) diff --git a/INSTALL b/INSTALL index 89b15d71df5..065ed81bd54 100644 --- a/INSTALL +++ b/INSTALL @@ -133,9 +133,13 @@ Issues of note: you are using libcurl older than 7.34.0. Otherwise you can use NO_OPENSSL without losing git-imap-send. - By default, git uses OpenSSL for SHA1 but it will use its own - library (inspired by Mozilla's) with either NO_OPENSSL or - BLK_SHA1. + - Git uses an altered version of SHA-1 by default which + detects the SHAttered attack via the sha1collisiondetection + counter-cryptanalysis library. For SHA-256 we'll select a + working implementation (and ship a fallback + implementation). See the "SHA-1 and SHA-256 defines" section + in the Makefile for details. You should not need to tweak + those settings. - "libcurl" library is used for fetching and pushing repositories over http:// or https://, as well as by diff --git a/Makefile b/Makefile index 18ad487274e..7a7411df8c3 100644 --- a/Makefile +++ b/Makefile @@ -479,30 +479,62 @@ include shared.mak # # == SHA-1 and SHA-256 defines == # -# Define BLK_SHA1 environment variable to make use of the bundled -# optimized C SHA1 routine. +# === SHA-1 backend === +# +# Due to the SHAttered (https://shattered.io) attack vector on SHA-1 +# Git uses the sha1collisiondetection counter-cryptanalysis library +# for SHA-1 hashing. +# +# You're strongly advised not to override this for any usage of Git +# where you don't 100% trust the repository content. # -# Define DC_SHA1 to unconditionally enable the collision-detecting sha1 -# algorithm. This is slower, but may detect attempted collision attacks. -# Takes priority over other *_SHA1 knobs. +# ==== Options common to all SHA-1 implementations ==== # -# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link +# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed +# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO +# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. +# +# ===== Options for the default sha1collisiondetection implementations ===== +# +# Define DC_SHA1_EXTERNAL if you want to build / link # git with the external SHA1 collision-detect library. # Without this option, i.e. the default behavior is to build git with its # own built-in code (or submodule). # -# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the +# Define DC_SHA1_SUBMODULE to use the # sha1collisiondetection shipped as a submodule instead of the # non-submodule copy in sha1dc/. This is an experimental option used # by the git project to migrate to using sha1collisiondetection as a # submodule. # +# ==== Alternate implementations ==== +# +# Git still ships with alternate SHA-1 implementations. These are +# faster than the default, which is useful when hashing speed +# is imperative, consider using them if you're confident that you +# won't need to worry about SHA-1 collision attacks. +# +# To use them you must define NO_DC_SHA1 and one of the *_SHA1 +# variables below: +# +# Define BLK_SHA1 environment variable to make use of the bundled +# optimized C SHA1 routine. +# # Define OPENSSL_SHA1 environment variable when running make to link # with the SHA1 routine from openssl library. # -# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed -# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO -# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. +# Define APPLE_SHA1 to use Apple's CommonCrypto SHA-1 routines on +# Darwin/Mac OS X. +# +# The APPLE_SHA1 option is unrelated to the NO_APPLE_COMMON_CRYPTO +# flag, which determines if Apple's crypto libraries are used for +# things that aren't SHA-1. +# +# === SHA-256 backend === +# +# Unlike SHA-1 the SHA-256 algorithm does not suffer from any known +# vulnerabilities, so any implementation will do. BLK_SHA256 is +# currently the default implementation (but that may change). # # Define BLK_SHA256 to use the built-in SHA-256 routines. # @@ -1464,7 +1496,6 @@ ifeq ($(uname_S),Darwin) endif ifndef NO_APPLE_COMMON_CRYPTO NO_OPENSSL = YesPlease - APPLE_COMMON_CRYPTO = YesPlease COMPAT_CFLAGS += -DAPPLE_COMMON_CRYPTO endif PTHREAD_LIBS = @@ -1825,30 +1856,19 @@ ifdef NO_POSIX_GOODIES BASIC_CFLAGS += -DNO_POSIX_GOODIES endif -ifdef APPLE_COMMON_CRYPTO - # Apple CommonCrypto requires chunking - SHA1_MAX_BLOCK_SIZE = 1024L*1024L*1024L -endif - ifdef PPC_SHA1 $(error the PPC_SHA1 flag has been removed along with the PowerPC-specific SHA-1 implementation.) endif -ifdef OPENSSL_SHA1 - EXTLIBS += $(LIB_4_CRYPTO) - BASIC_CFLAGS += -DSHA1_OPENSSL -else -ifdef BLK_SHA1 - LIB_OBJS += block-sha1/sha1.o - BASIC_CFLAGS += -DSHA1_BLK -else -ifdef APPLE_COMMON_CRYPTO - COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL - BASIC_CFLAGS += -DSHA1_APPLE -else - DC_SHA1 := YesPlease - BASIC_CFLAGS += -DSHA1_DC +ifdef DC_SHA1 +$(error the DC_SHA1 flag is no longer used, and has become the default. Adjust your build scripts accordingly) +endif +ifndef NO_DC_SHA1 + ifneq ($(OPENSSL_SHA1)$(BLK_SHA1)$(APPLE_SHA1),) +$(error no other *_SHA1 option can be defined unless NO_DC_SHA1 is defined) + endif LIB_OBJS += sha1dc_git.o + ifdef DC_SHA1_EXTERNAL ifdef DC_SHA1_SUBMODULE ifneq ($(DC_SHA1_SUBMODULE),auto) @@ -1872,6 +1892,22 @@ endif -DSHA1DC_CUSTOM_INCLUDE_SHA1_C="\"cache.h\"" \ -DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C="\"git-compat-util.h\"" endif +else # !NO_DC_SHA1 +BASIC_CFLAGS += -DNO_SHA1_DC +ifdef OPENSSL_SHA1 + EXTLIBS += $(LIB_4_CRYPTO) + BASIC_CFLAGS += -DSHA1_OPENSSL +else +ifdef BLK_SHA1 + LIB_OBJS += block-sha1/sha1.o + BASIC_CFLAGS += -DSHA1_BLK +else +ifdef APPLE_SHA1 + COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL + BASIC_CFLAGS += -DSHA1_APPLE +else +$(error when defining NO_DC_SHA1 another valid *_SHA1 variable must be defined!) +endif endif endif endif @@ -3009,7 +3045,7 @@ GIT-BUILD-OPTIONS: FORCE @echo NO_REGEX=\''$(subst ','\'',$(subst ','\'',$(NO_REGEX)))'\' >>$@+ @echo NO_UNIX_SOCKETS=\''$(subst ','\'',$(subst ','\'',$(NO_UNIX_SOCKETS)))'\' >>$@+ @echo PAGER_ENV=\''$(subst ','\'',$(subst ','\'',$(PAGER_ENV)))'\' >>$@+ - @echo DC_SHA1=\''$(subst ','\'',$(subst ','\'',$(DC_SHA1)))'\' >>$@+ + @echo NO_DC_SHA1=\''$(subst ','\'',$(subst ','\'',$(NO_DC_SHA1)))'\' >>$@+ @echo SANITIZE_LEAK=\''$(subst ','\'',$(subst ','\'',$(SANITIZE_LEAK)))'\' >>$@+ @echo SANITIZE_ADDRESS=\''$(subst ','\'',$(subst ','\'',$(SANITIZE_ADDRESS)))'\' >>$@+ @echo X=\'$(X)\' >>$@+ diff --git a/ci/lib.sh b/ci/lib.sh index 1b0cc2b57db..320f992680a 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -264,6 +264,9 @@ macos-latest) esac case "$jobname" in +osx-clang) + MAKEFLAGS="$MAKEFLAGS NO_DC_SHA1=Yes APPLE_SHA1=Yes" + ;; linux32) CC=gcc ;; diff --git a/contrib/buildsystems/CMakeLists.txt b/contrib/buildsystems/CMakeLists.txt index 787738e6fa3..14ac3d49849 100644 --- a/contrib/buildsystems/CMakeLists.txt +++ b/contrib/buildsystems/CMakeLists.txt @@ -1025,7 +1025,6 @@ set(NO_PERL ) set(NO_PTHREADS ) set(NO_PYTHON ) set(PAGER_ENV "LESS=FRX LV=-c") -set(DC_SHA1 YesPlease) set(RUNTIME_PREFIX true) set(NO_GETTEXT ) @@ -1061,7 +1060,7 @@ file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_PERL='${NO_PERL}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_PTHREADS='${NO_PTHREADS}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_UNIX_SOCKETS='${NO_UNIX_SOCKETS}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "PAGER_ENV='${PAGER_ENV}'\n") -file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "DC_SHA1='${DC_SHA1}'\n") +file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_DC_SHA1=''\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "X='${EXE_EXTENSION}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_GETTEXT='${NO_GETTEXT}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "RUNTIME_PREFIX='${RUNTIME_PREFIX}'\n") diff --git a/hash.h b/hash.h index 36b64165fc9..a7337779949 100644 --- a/hash.h +++ b/hash.h @@ -4,14 +4,16 @@ #include "git-compat-util.h" #include "repository.h" -#if defined(SHA1_APPLE) +#if !defined(NO_SHA1_DC) +#include "sha1dc_git.h" +#elif defined(SHA1_APPLE) #include #elif defined(SHA1_OPENSSL) #include -#elif defined(SHA1_DC) -#include "sha1dc_git.h" -#else /* SHA1_BLK */ +#elif defined(SHA1_BLK) #include "block-sha1/sha1.h" +#else +#error "need a SHA1_* implementation defined" #endif #if defined(SHA256_NETTLE) diff --git a/t/t0013-sha1dc.sh b/t/t0013-sha1dc.sh index 9ad76080aa4..539270a2665 100755 --- a/t/t0013-sha1dc.sh +++ b/t/t0013-sha1dc.sh @@ -6,9 +6,9 @@ TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh TEST_DATA="$TEST_DIRECTORY/t0013" -if test -z "$DC_SHA1" +if test -n "$NO_DC_SHA1" then - skip_all='skipping sha1 collision tests, DC_SHA1 not set' + skip_all='skipping sha1 collision tests, NO_DC_SHA1 set' test_done fi From patchwork Wed Oct 19 01:03:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13011255 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7D88C4332F for ; Wed, 19 Oct 2022 01:03:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229875AbiJSBDo (ORCPT ); Tue, 18 Oct 2022 21:03:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229861AbiJSBDi (ORCPT ); Tue, 18 Oct 2022 21:03:38 -0400 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53AB6DEF24 for ; Tue, 18 Oct 2022 18:03:36 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id r13so26353686wrj.11 for ; Tue, 18 Oct 2022 18:03:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=a/TPME5QvLtPBnDOZhck3MTPXEpufqWe17cEhECy1y8=; b=aUuxkryjXfXtHQPUNLPSG3bqgnucwwYvkHwO2pxNrs1he+Ox0OVt5zi/Nt9C0nQhXq CzFHuqLd/5tNRuKCQMU2GNZE+7giGVPufltB6lmlKr6YZ0dhAkgAdJItoMffkWBp3U9H oeACou6G7wtbsIGIamjwNxzLFriXDFU1I3C6G4t6xA3aqP31woY+UdPyc9rnB0hYKfX2 W+7oPBjk3jr3C1i03PwVC2Tg+sKla84wLYsuMult1O+avVEWD9RdF1H6S5jN6sIbycsI QVjzmgx19cQebwK/hapCrOxeaO8/rggA7EOu7+RLH0lVqGf1NUc3yesoBByFO2+UKdKn aMkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=a/TPME5QvLtPBnDOZhck3MTPXEpufqWe17cEhECy1y8=; b=wWpiaeTgcLYpWO4KdES71MOfb5mT5h55Hj3N/dCHQ68WhR0je/kI23GhIYSh24rWBP vydkNXX56DplaCG7NIYZykDcbRwzhS2AAh1JGE4QViz6ant4N64LfxxMQ0P5Hu7XRCmD SMY6sLg6uMRSxs2FSD195rMFT7nIQuxJsSLkhkL9jFwH9aJK1R1or6+sAKhiB4jqNGhn V8PdnqQWqdPhWTursMrIy28wwZYnH6vfcvZ75v8wQZPULEC92bq/wN1SAYyZCAkpF5Uc Jp+fM0c9ehaIo/BVbpnX3cxitUdVMDdgyda1fj8P1UiMg2SBTo9EW44DMLNkQ4KtYh0i cS9A== X-Gm-Message-State: ACrzQf0yHZBR4zdAZB8zqFFmEnGaVkfkU6mZVaW2q5VLuKT9A+xU1O9+ d0J03fIdwnmd/h5Ryb3FCN7+mN50t0H9cw== X-Google-Smtp-Source: AMsMyM7kUu4SwAY2OHDU5qzGe02a6qUjTksHexKod4TVl1bP9Ek/Jcz79drZbFXy3IC3Bk5tYMiBvA== X-Received: by 2002:a5d:668e:0:b0:22f:d914:80ed with SMTP id l14-20020a5d668e000000b0022fd91480edmr3382728wru.45.1666141414479; Tue, 18 Oct 2022 18:03:34 -0700 (PDT) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id q3-20020a056000136300b0022e3cba367fsm12161315wrz.100.2022.10.18.18.03.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Oct 2022 18:03:33 -0700 (PDT) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v2 4/4] Makefile: rephrase the discussion of *_SHA1 knobs Date: Wed, 19 Oct 2022 03:03:22 +0200 Message-Id: X-Mailer: git-send-email 2.38.0.1093.gcd4a685f0b1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In the preceding commit the discussion of the *_SHA1 knobs was left as-is to benefit from a smaller diff, but since we're changing these let's use the same phrasing we use for most other knobs. E.g. "define X", not "define X environment variable", and get rid of the "when running make to link with" entirely. Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 7a7411df8c3..16367c72ba8 100644 --- a/Makefile +++ b/Makefile @@ -517,11 +517,11 @@ include shared.mak # To use them you must define NO_DC_SHA1 and one of the *_SHA1 # variables below: # -# Define BLK_SHA1 environment variable to make use of the bundled -# optimized C SHA1 routine. +# Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled +# with git (in the block-sha1/ directory). # -# Define OPENSSL_SHA1 environment variable when running make to link -# with the SHA1 routine from openssl library. +# Define OPENSSL_SHA1 to link to the the SHA-1 routines from +# the OpenSSL library. # # Define APPLE_SHA1 to use Apple's CommonCrypto SHA-1 routines on # Darwin/Mac OS X.