From patchwork Mon Nov 7 21:23:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035306 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71A2DC433FE for ; Mon, 7 Nov 2022 21:23:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232521AbiKGVXZ (ORCPT ); Mon, 7 Nov 2022 16:23:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44884 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232838AbiKGVXT (ORCPT ); Mon, 7 Nov 2022 16:23:19 -0500 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B411199 for ; Mon, 7 Nov 2022 13:23:18 -0800 (PST) Received: by mail-ej1-x62d.google.com with SMTP id y14so33602958ejd.9 for ; Mon, 07 Nov 2022 13:23:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2tG9V2itct4loqz4lNc8+gYSOVsoZbLVfGkFTrxXN2k=; b=ZM8sjbd/A69rYt75IJgqfvd8OxwuT26MlRqsh5BPinHR5WUBIvR2h5Drqx4THG/jKc foMYZ9VTMuauNYine8w9Fv9xUcROa1d3rn7X7tSsqXcJICvOnjqyeaZN3qWcCyfrMY4C 7tWACbr0+OrHHru2/r5ID6dfQy9G3Bay9MN3OdKNKNHe4nrLUGXkP5qNqJQeZy6Lq47Z 53GQeopoRUavA0Qz6sfT8b2ddJYbFViwdJ669Mbc15La1sEp7kMxpN9EgtYZy6p9hYb4 MRoYSQ81mvUV3wkVhpmqR6jVGM1Wm53kBnxvrY485zrTF9IsVbhcHRxjsyjrlbXYcoVc nvqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2tG9V2itct4loqz4lNc8+gYSOVsoZbLVfGkFTrxXN2k=; b=7U0wa1oVo45+3gDz5B2cVV03rdknZwSD5MaLgakIV3ccWSFdUX9j92dnayV4iCJiv+ 3rr+/AKTTjbrgaxcX88KvXIjb9w3BmZVyTcs6fFap02X5bg6mx3TbBGrSaN126Gy2i/X EVMx2Twd50gLgtfhCPqVFIujVFwPfR/LfjXaREZD6wkSNwDyF9AI/rnn/7KrR2ysS6X+ 7fgViKzSDg9ST7uh65FUvgnFlFxzwAGBVRQqfER21a/Yga2B1kUyidGUPUtIOvy5CaH2 QJG876veILsMo2MmrQFzEPqb0IAXKo0kLXTGLcEDdkr91jiLVocdpfQBhdJQbvp9MSiH aD+A== X-Gm-Message-State: ACrzQf0YLOitnQYKWYmrMCU5Cc9mRpt6Yca6VKABJLohA8iMl35v7Usc fCWRHxWteax+SpyLqCHfpUW/i9UxaNuH7g== X-Google-Smtp-Source: AMsMyM5zFDgad0bPeurnGZ7hx76UMihuX1j8bKujEUQRRgX+qx4jjhYu8k7Ddr7DNxpJK+lYk3954w== X-Received: by 2002:a17:907:88ca:b0:7ad:b635:2f1c with SMTP id rq10-20020a17090788ca00b007adb6352f1cmr47966493ejc.6.1667856196497; Mon, 07 Nov 2022 13:23:16 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:15 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 01/10] Makefile: always (re)set DC_SHA1 on fallback Date: Mon, 7 Nov 2022 22:23:03 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Fix an edge case introduced in in e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17), when DC_SHA1 was made the default fallback we started unconditionally adding to BASIC_CFLAGS and LIB_OBJS, so we'd use the sha1collisiondetection by default. But the "DC_SHA1" variable remained unset, so e.g.: make test DC_SHA1= T=t0013*.sh Would skip the sha1collisiondetection tests, as we'd write "DC_SHA1=''" to "GIT-BUILD-OPTIONS", but if we manually removed that test prerequisite we'd pass the test (which we couldn't if we weren't using sha1collisiondetection). So let's have the fallback assignment use the 'override' directive instead of the ":=" simply expanded variable introduced in e6b07da2780. In this case we explicitly want to override the user's choice. Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4927379184c..0ad9a6c5bc1 100644 --- a/Makefile +++ b/Makefile @@ -1826,7 +1826,7 @@ ifdef APPLE_COMMON_CRYPTO COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL BASIC_CFLAGS += -DSHA1_APPLE else - DC_SHA1 := YesPlease + override DC_SHA1 = YesPlease BASIC_CFLAGS += -DSHA1_DC LIB_OBJS += sha1dc_git.o ifdef DC_SHA1_EXTERNAL From patchwork Mon Nov 7 21:23:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035308 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C198AC4332F for ; Mon, 7 Nov 2022 21:23:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232974AbiKGVXa (ORCPT ); Mon, 7 Nov 2022 16:23:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232897AbiKGVXV (ORCPT ); Mon, 7 Nov 2022 16:23:21 -0500 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7324102F for ; Mon, 7 Nov 2022 13:23:19 -0800 (PST) Received: by mail-ej1-x636.google.com with SMTP id b2so33615542eja.6 for ; Mon, 07 Nov 2022 13:23:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=liLb5m7Gxdu1jKhTpbICJkV/eOHdcvbuS30xiZ1dUVE=; b=oaQzt+0vixlm4TtCJD6HA7Rs2GkRzrUby7tHXX8fTn8ddAYKG/8u/QvenCgKNOz88T M6MPvA7VwcL15vcHXUaVzN7jfXO6asYfLwMkECLrXbLAL0GRCF4lahZDap/u+9b97O+h irVZJRnUw1h6YdBGG6G3OqGa4iz64iCtnzWX+vczJ2h89f/O7bPUzJROej2ZVq4aKCBk YshL46m4ErJx7WsFPp66gvbnxurx4gdK6QITLYEqs8vypnMWHdGYSbzKrBb0ytU2pTv1 vvv89czX6LtgnNlL2alSZZpAnKBEdY5aWTsUty/DYuBd3AJpy6WcDFA1fnvvOFi98L1n d9yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=liLb5m7Gxdu1jKhTpbICJkV/eOHdcvbuS30xiZ1dUVE=; b=gjE04zjw4bvqAufnBh6yAIac7jfQoya3rNPy215XUTFFKTP0wGYbEvWDCI+HzAEL3u HQhWhoTWeg6c6hPbkhqhXhArtclLoP0/E2fuLI2A/kkZrZEhU+brDgI5g2hcNSy6y4Aa SINK10NdO/syrkxrVDYbDLGf1445gAqLSHCktmLZGhprrRd4bJaD8WvLX6prbe8Yz9xt /xrGt3/9JkCUKdu0WuAT1Muj97hkXinJkkbEDoQO75i0Es5ZxZdB/tpeXFlevyJZQ8/l IhrZBjyOYDIGJolgCiSCmbONs5wfP5UatTTVw/l7xeoOmm+aPJSCFuldjzjEKN74iraR viZw== X-Gm-Message-State: ANoB5pl50aAM6BnvNGcXMZyODu6oBroZ2YNw06lYzr1d7ioHBLm2dKW2 8OiecfI3Bgoj2CnDB8PZLaMXeYV9feTwEQ== X-Google-Smtp-Source: AA0mqf6cooZzwaId7yLazk45hI5cVtcrSuHZfc+0UIkSDtqZKK1t3KqTinchptcMEqoBFQ5zVvS44g== X-Received: by 2002:a17:906:5dce:b0:7ae:5b86:58fe with SMTP id p14-20020a1709065dce00b007ae5b8658femr10991738ejv.641.1667856197630; Mon, 07 Nov 2022 13:23:17 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:17 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 02/10] INSTALL: remove discussion of SHA-1 backends Date: Mon, 7 Nov 2022 22:23:04 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org The claim that OpenSSL is the default SHA-1 backend hasn't been true since e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17), but more importantly tweaking the SHA-1 backend isn't something that's common enough to warrant discussing in the INSTALL document, so let's remove this paragraph. This discussion was originally added in c538d2d34ab (Add some installation notes in INSTALL, 2005-06-17) when tweaking the default backend was more common. The current wording was added in 5beb577db8c (INSTALL: Describe dependency knobs from Makefile, 2009-09-10). Signed-off-by: Ævar Arnfjörð Bjarmason --- INSTALL | 4 ---- 1 file changed, 4 deletions(-) diff --git a/INSTALL b/INSTALL index 89b15d71df5..33447883974 100644 --- a/INSTALL +++ b/INSTALL @@ -133,10 +133,6 @@ Issues of note: you are using libcurl older than 7.34.0. Otherwise you can use NO_OPENSSL without losing git-imap-send. - By default, git uses OpenSSL for SHA1 but it will use its own - library (inspired by Mozilla's) with either NO_OPENSSL or - BLK_SHA1. - - "libcurl" library is used for fetching and pushing repositories over http:// or https://, as well as by git-imap-send if the curl version is >= 7.34.0. If you do From patchwork Mon Nov 7 21:23:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035309 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64F43C433FE for ; Mon, 7 Nov 2022 21:23:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233037AbiKGVXc (ORCPT ); Mon, 7 Nov 2022 16:23:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232979AbiKGVXW (ORCPT ); Mon, 7 Nov 2022 16:23:22 -0500 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF883AE4D for ; Mon, 7 Nov 2022 13:23:20 -0800 (PST) Received: by mail-ed1-x529.google.com with SMTP id a5so19607384edb.11 for ; Mon, 07 Nov 2022 13:23:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mfYDONUCt6F2NVMIJZ5pckxWEUBHo6CgnIRDORJyycQ=; b=XT1p88P6f5qZbegDmk6m1CFun+WV/nihD7JjR8um0SMP4pFi3VgqkQPxHo+ahay7DN ISooWfwDP9m0agZUD6wgRD/Gx7cAorBWdk/W3O7zdKBKzdKTKktRZd9SuXGOtwz24j/M uVMz9rmkBcL+5Tnkx9fIu/n59Vv5ESVCxZuJiMWoVFc7kdsKzuOEClZuH2KGi+VcI8+c jt5XBGcA2XXDkzC/qky+IenkV6o6FqE9f61sDGqaVEJIgTGfabetoUGniAipqDJPO6OU ukTZUo1TQJxWg8b6B2q+ph0bCtXHR0UNVy1IbLCfCuC3TPjnJHJDLV1hXNTDCRedq7u7 t1Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mfYDONUCt6F2NVMIJZ5pckxWEUBHo6CgnIRDORJyycQ=; b=L8uCBKJL3wA36J0yjNKRzixrgTBqsI69JaLwISzNOcUitDFzz7udPgWPSvQ2gPl3Cx Y8GWdGsTzUiQrALjkvOzFbDJaGsJcViKOv0T4M9DmpEhxpqfG+EwvnoKaUCuybYBZO0a S6gY5haI4ntHS63bXRJwKO4DA6lNw8CpDssaiZzt2vn5yjrXK4eZawqoO5x6wToTzTJ8 0gleJFz2brfqor6q/QBhspgwtT1mR5OL/xyz2nmoZ9gNb3f934jd3m5jc2q1LglksFag lf6Aaph58jixiTSpwbkv7DmR5gAvh37qxsIrxbIFxrYvdAdvbkdIesrnJyUXmhQcP1uj FNng== X-Gm-Message-State: ANoB5pmRJgcMfR2V8j2KUUDvXK6OzJ28Sxeo61WKg+w+eAgzh2L3HQJ1 o7ht0GG/P6Av01xBmh7WtHIis/fe3FKQrg== X-Google-Smtp-Source: AA0mqf5fI2nsD0iwsJeI55hUijYusnPPUBQo1HdM0Tq6WhwGO2iaLmMjKF42b0H9JUK36JJ1juQwJA== X-Received: by 2002:aa7:d1d3:0:b0:466:539:4654 with SMTP id g19-20020aa7d1d3000000b0046605394654mr15891053edp.309.1667856198673; Mon, 07 Nov 2022 13:23:18 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:17 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 03/10] Makefile: correct DC_SHA1 documentation Date: Mon, 7 Nov 2022 22:23:05 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org The claim that DC_SHA1 takes priority over other *_SHA1 knobs was true when it was added in [1], But that hasn't been the case since it was made the fallback default in [2]. We should be making it not only the default, but something that takes priority over other *_SHA1 knobs, but that's outside the scope of this change. For now let's correct the documentation to match reality. Let's also remove the "unconditionally enable" wording, per the above the enabling of "DC_SHA1" is conditional on these other flags. The "Define DC_SHA1" here is also a lie, actually it's "we don't care if you define DC_SHA1, just don't define anything else", but that's a more general issue that'll be addressed in a subsequent commit. Let's first stop pretending that this setting (which we actually don't even use) takes priority over anything else. 1. 8325e43b82d (Makefile: add DC_SHA1 knob, 2017-03-16) 2. e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17) Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 0ad9a6c5bc1..489327ecd9b 100644 --- a/Makefile +++ b/Makefile @@ -155,9 +155,8 @@ include shared.mak # Define BLK_SHA1 environment variable to make use of the bundled # optimized C SHA1 routine. # -# Define DC_SHA1 to unconditionally enable the collision-detecting sha1 +# Define DC_SHA1 to enable the collision-detecting sha1 # algorithm. This is slower, but may detect attempted collision attacks. -# Takes priority over other *_SHA1 knobs. # # Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link # git with the external SHA1 collision-detect library. From patchwork Mon Nov 7 21:23:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035313 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AA5AC4332F for ; Mon, 7 Nov 2022 21:23:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233463AbiKGVXx (ORCPT ); Mon, 7 Nov 2022 16:23:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232832AbiKGVX1 (ORCPT ); Mon, 7 Nov 2022 16:23:27 -0500 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8F0A246 for ; Mon, 7 Nov 2022 13:23:21 -0800 (PST) Received: by mail-ej1-x62f.google.com with SMTP id ud5so33658896ejc.4 for ; Mon, 07 Nov 2022 13:23:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RHIwFmCv0uosTLXC/BEROBHrwumgB0WeUrkYNzKWIuc=; b=QS7Y2maEsllZythOo125juGAv91TvOc6qpNmq4f0Z8Q9NQZBmSp2Qh6JrU7zXl8+oG Sv6UXbSsNd/K/TgK9gbjanT72lcrQww+AEFJ3p8u9bey/8U5vs8HYaInaHSpxAeMyO3q 0+X9Cl52h8YfGtLOIb+gowZvkW4zPxUQkRMUNSTs92/Dn86Uy47M7YrsljjSZZI7zJFk Rb7rLgB0ls7nPOqNlRE0b8cIpFaIWsVTJXHQgUHPFtATJkXl3hJrdxcbXc809A+I7oRa igKcVETFne0deCncWfVwqeQB/qBvyrKc7MIi+aWBpwAypn6ne1pWQw5jJvEu4gsGqRI4 iwQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RHIwFmCv0uosTLXC/BEROBHrwumgB0WeUrkYNzKWIuc=; b=AMf82AJDLFQtkFYDRHZeUbhCmAi2bp+xOfEn631nQpQulCe0fBC2KcqzuFNLzl6C2y ZNpVVtfQuNrkgu7gpf+eRbMvjbiuxNY1Z9ZMhKVOdJWVkegozfgN6oaFD0JbsrRPP6gc k3pW8dGcdKLFBrcp2r7rfSi5y6qBtt70YIeLtuVwjIWB20cOjDdw/0LcrmeusQSCgV4k hZJtjhALBVrIUw83ooHBbGAYdbMfeQzySXR26qBRFqyBvs29RgRFiY6wNBufIKPPjNjH zrGkBULna7ic4xRnxTCdpSeiNdZPjRvQBr1USXs2SarHL9/RmA8+u4txpJqtNoXojfvJ qVWA== X-Gm-Message-State: ACrzQf0AGugHnRZ7k7XtukptiDyox1zPCsjqIvOoOWu02EJeqDnAKEyN JYs2OCWQWHz03A1A+FI/VVfNno6eOkFxoA== X-Google-Smtp-Source: AMsMyM7LZPyGjconM7QxlZ/natjquFLHPTA0DHTYgu/zWWcrd12Fh2M5hbq7QEecdjRVpQ1EC4Ebpw== X-Received: by 2002:a17:906:cecc:b0:78d:408a:4a18 with SMTP id si12-20020a170906cecc00b0078d408a4a18mr855816ejb.261.1667856199854; Mon, 07 Nov 2022 13:23:19 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:19 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 04/10] Makefile: create and use sections for "define" flag listing Date: Mon, 7 Nov 2022 22:23:06 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Since the "Define ..." template of comments at the top of the Makefile was started in 5bdac8b3269 ([PATCH] Improve the compilation-time settings interface, 2005-07-29) we've had a lot more flags added, including flags that come in "groups". Not having any obvious structure to the >500 line comment at the top of the Makefile has made it hard to follow. This change is almost entirely a move-only change, the two paragraphs at the start of the first two sections are new, and so are the added sections themselves, but other than that no lines are changed, only moved. We now list Makefile-only flags at the start, followed by stand-alone flags, and then cover "optional library" flags in their respective groups, followed by SHA-1 and SHA-256 flags, and finally DEVELOPER-specific flags. Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 220 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 128 insertions(+), 92 deletions(-) diff --git a/Makefile b/Makefile index 489327ecd9b..19235624684 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,20 @@ all:: # Import tree-wide shared Makefile behavior and libraries include shared.mak +# == Makefile defines == +# +# These defines change the behavior of the Makefile itself, but have +# no impact on what it builds: +# # Define V=1 to have a more verbose compile. # +# == Portability and optional library defines == +# +# These defines indicate what Git can expect from the OS, what +# libraries are available etc. Much of this is auto-detected in +# config.mak.uname, or in configure.ac when using the optional "make +# configure && ./configure" (see INSTALL). +# # Define SHELL_PATH to a POSIX shell if your /bin/sh is broken. # # Define SANE_TOOL_PATH to a colon-separated list of paths to prepend @@ -30,68 +42,8 @@ include shared.mak # # Define NO_OPENSSL environment variable if you do not have OpenSSL. # -# Define USE_LIBPCRE if you have and want to use libpcre. Various -# commands such as log and grep offer runtime options to use -# Perl-compatible regular expressions instead of standard or extended -# POSIX regular expressions. -# -# Only libpcre version 2 is supported. USE_LIBPCRE2 is a synonym for -# USE_LIBPCRE, support for the old USE_LIBPCRE1 has been removed. -# -# Define LIBPCREDIR=/foo/bar if your PCRE header and library files are -# in /foo/bar/include and /foo/bar/lib directories. -# # Define HAVE_ALLOCA_H if you have working alloca(3) defined in that header. # -# Define NO_CURL if you do not have libcurl installed. git-http-fetch and -# git-http-push are not built, and you cannot use http:// and https:// -# transports (neither smart nor dumb). -# -# Define CURLDIR=/foo/bar if your curl header and library files are in -# /foo/bar/include and /foo/bar/lib directories. -# -# Define CURL_CONFIG to curl's configuration program that prints information -# about the library (e.g., its version number). The default is 'curl-config'. -# -# Define CURL_LDFLAGS to specify flags that you need to link when using libcurl, -# if you do not want to rely on the libraries provided by CURL_CONFIG. The -# default value is a result of `curl-config --libs`. An example value for -# CURL_LDFLAGS is as follows: -# -# CURL_LDFLAGS=-lcurl -# -# Define NO_EXPAT if you do not have expat installed. git-http-push is -# not built, and you cannot push using http:// and https:// transports (dumb). -# -# Define EXPATDIR=/foo/bar if your expat header and library files are in -# /foo/bar/include and /foo/bar/lib directories. -# -# Define EXPAT_NEEDS_XMLPARSE_H if you have an old version of expat (e.g., -# 1.1 or 1.2) that provides xmlparse.h instead of expat.h. -# -# Define NO_GETTEXT if you don't want Git output to be translated. -# A translated Git requires GNU libintl or another gettext implementation, -# plus libintl-perl at runtime. -# -# Define USE_GETTEXT_SCHEME and set it to 'fallthrough', if you don't trust -# the installed gettext translation of the shell scripts output. -# -# Define HAVE_LIBCHARSET_H if you haven't set NO_GETTEXT and you can't -# trust the langinfo.h's nl_langinfo(CODESET) function to return the -# current character set. GNU and Solaris have a nl_langinfo(CODESET), -# FreeBSD can use either, but MinGW and some others need to use -# libcharset.h's locale_charset() instead. -# -# Define CHARSET_LIB to the library you need to link with in order to -# use locale_charset() function. On some platforms this needs to set to -# -lcharset, on others to -liconv . -# -# Define LIBC_CONTAINS_LIBINTL if your gettext implementation doesn't -# need -lintl when linking. -# -# Define NO_MSGFMT_EXTENDED_OPTIONS if your implementation of msgfmt -# doesn't support GNU extensions like --check and --statistics -# # Define HAVE_PATHS_H if you have paths.h and want to use the default PATH # it specifies. # @@ -152,38 +104,6 @@ include shared.mak # and do not want to use Apple's CommonCrypto library. This allows you # to provide your own OpenSSL library, for example from MacPorts. # -# Define BLK_SHA1 environment variable to make use of the bundled -# optimized C SHA1 routine. -# -# Define DC_SHA1 to enable the collision-detecting sha1 -# algorithm. This is slower, but may detect attempted collision attacks. -# -# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link -# git with the external SHA1 collision-detect library. -# Without this option, i.e. the default behavior is to build git with its -# own built-in code (or submodule). -# -# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the -# sha1collisiondetection shipped as a submodule instead of the -# non-submodule copy in sha1dc/. This is an experimental option used -# by the git project to migrate to using sha1collisiondetection as a -# submodule. -# -# Define OPENSSL_SHA1 environment variable when running make to link -# with the SHA1 routine from openssl library. -# -# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed -# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO -# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. -# -# Define BLK_SHA256 to use the built-in SHA-256 routines. -# -# Define NETTLE_SHA256 to use the SHA-256 routines in libnettle. -# -# Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt. -# -# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. -# # Define NEEDS_CRYPTO_WITH_SSL if you need -lcrypto when using -lssl (Darwin). # # Define NEEDS_SSL_WITH_CRYPTO if you need -lssl when using -lcrypto (Darwin). @@ -489,6 +409,122 @@ include shared.mak # to the "" of the corresponding `compat/fsmonitor/fsm-settings-.c` # that implements the `fsm_os_settings__*()` routines. # +# === Optional library: libintl === +# +# Define NO_GETTEXT if you don't want Git output to be translated. +# A translated Git requires GNU libintl or another gettext implementation, +# plus libintl-perl at runtime. +# +# Define USE_GETTEXT_SCHEME and set it to 'fallthrough', if you don't trust +# the installed gettext translation of the shell scripts output. +# +# Define HAVE_LIBCHARSET_H if you haven't set NO_GETTEXT and you can't +# trust the langinfo.h's nl_langinfo(CODESET) function to return the +# current character set. GNU and Solaris have a nl_langinfo(CODESET), +# FreeBSD can use either, but MinGW and some others need to use +# libcharset.h's locale_charset() instead. +# +# Define CHARSET_LIB to the library you need to link with in order to +# use locale_charset() function. On some platforms this needs to set to +# -lcharset, on others to -liconv . +# +# Define LIBC_CONTAINS_LIBINTL if your gettext implementation doesn't +# need -lintl when linking. +# +# Define NO_MSGFMT_EXTENDED_OPTIONS if your implementation of msgfmt +# doesn't support GNU extensions like --check and --statistics +# +# === Optional library: libexpat === +# +# Define NO_EXPAT if you do not have expat installed. git-http-push is +# not built, and you cannot push using http:// and https:// transports (dumb). +# +# Define EXPATDIR=/foo/bar if your expat header and library files are in +# /foo/bar/include and /foo/bar/lib directories. +# +# Define EXPAT_NEEDS_XMLPARSE_H if you have an old version of expat (e.g., +# 1.1 or 1.2) that provides xmlparse.h instead of expat.h. + +# === Optional library: libcurl === +# +# Define NO_CURL if you do not have libcurl installed. git-http-fetch and +# git-http-push are not built, and you cannot use http:// and https:// +# transports (neither smart nor dumb). +# +# Define CURLDIR=/foo/bar if your curl header and library files are in +# /foo/bar/include and /foo/bar/lib directories. +# +# Define CURL_CONFIG to curl's configuration program that prints information +# about the library (e.g., its version number). The default is 'curl-config'. +# +# Define CURL_LDFLAGS to specify flags that you need to link when using libcurl, +# if you do not want to rely on the libraries provided by CURL_CONFIG. The +# default value is a result of `curl-config --libs`. An example value for +# CURL_LDFLAGS is as follows: +# +# CURL_LDFLAGS=-lcurl +# +# === Optional library: libpcre2 === +# +# Define USE_LIBPCRE if you have and want to use libpcre. Various +# commands such as log and grep offer runtime options to use +# Perl-compatible regular expressions instead of standard or extended +# POSIX regular expressions. +# +# Only libpcre version 2 is supported. USE_LIBPCRE2 is a synonym for +# USE_LIBPCRE, support for the old USE_LIBPCRE1 has been removed. +# +# Define LIBPCREDIR=/foo/bar if your PCRE header and library files are +# in /foo/bar/include and /foo/bar/lib directories. +# +# == SHA-1 and SHA-256 defines == +# +# === SHA-1 backend === +# +# ==== Options common to all SHA-1 implementations ==== +# +# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed +# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO +# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. +# +# ==== SHA-1 implementations ==== +# +# Define DC_SHA1 to enable the collision-detecting sha1 +# algorithm. This is slower, but may detect attempted collision attacks. +# +# Define BLK_SHA1 environment variable to make use of the bundled +# optimized C SHA1 routine. +# +# Define OPENSSL_SHA1 environment variable when running make to link +# with the SHA1 routine from openssl library. +# +# ==== Options for the sha1collisiondetection library ==== +# +# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link +# git with the external SHA1 collision-detect library. +# Without this option, i.e. the default behavior is to build git with its +# own built-in code (or submodule). +# +# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the +# sha1collisiondetection shipped as a submodule instead of the +# non-submodule copy in sha1dc/. This is an experimental option used +# by the git project to migrate to using sha1collisiondetection as a +# submodule. +# +# === SHA-256 backend === +# +# ==== SHA-256 implementations ==== +# +# Define BLK_SHA256 to use the built-in SHA-256 routines. +# +# Define NETTLE_SHA256 to use the SHA-256 routines in libnettle. +# +# Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt. +# +# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. +# +# == DEVELOPER defines == +# # Define DEVELOPER to enable more compiler warnings. Compiler version # and family are auto detected, but could be overridden by defining # COMPILER_FEATURES (see config.mak.dev). You can still set From patchwork Mon Nov 7 21:23:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035311 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D02FFC4332F for ; Mon, 7 Nov 2022 21:23:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232746AbiKGVXt (ORCPT ); Mon, 7 Nov 2022 16:23:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232760AbiKGVXZ (ORCPT ); Mon, 7 Nov 2022 16:23:25 -0500 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C29A328 for ; Mon, 7 Nov 2022 13:23:22 -0800 (PST) Received: by mail-ej1-x62a.google.com with SMTP id k2so33664825ejr.2 for ; Mon, 07 Nov 2022 13:23:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5a/Cm8NPIa6TCUJjHvRBqNMWeJxwu4ydupoqzVQx00c=; b=lmB541yWYqmPjaNYvDExTA0F5PQVTQIjO3sEmy8w+nyvo6DESFfm2fzDI4i6cNdI+I 6cn8QLc0CFHfI87vr9I/pjDZS90wE2svbbzY+FDH58wfTJW21JtFnbxE0Xbag/5JgYeR 1RMxY4XbgpNo2Cg0oPXQNxk5wLWSmT8BYM0iIqp7TE9+p5HQhiK6HriIv4YSHFCVACbN 1lW6xmoYH9xQUjVP8Cwrk8TfUneo7yYA5mdKQkm79MZp8TKCjbUKyC4Woc441JA/cuEG 18TOZqSjnLy7N50+v1NQUKUSS3ATERi9uFC2m3Dv5dkzOKkhNYapPuOGUeE4S7KLpKRh Crdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5a/Cm8NPIa6TCUJjHvRBqNMWeJxwu4ydupoqzVQx00c=; b=Nb5fVi7ihSBf/K7ssaM78/nN5QtH4uQHlHgf7TN6Pu/kv4sgzCAGqItltgpovtyFI8 trDQiF3K71mHhjFOZpnrtohJ32pUNwEYAjd+1SxQo3ew3wkoXTtySOI8ubwWNSqN0Wb1 A9zEVr6BxHhv0p2GmDiJYw42XbntJz44etwvO8IIue8MJV9h8ReFNUzwBhzIfvvblqTG kAXqTMgxfeAFRCpvCwuOdAEYSWqi2PuyniJSZlvVEqXh1aGQf9HS1h2sy2pXY02rdZNx 4XBu4Zp/MGqpYEzddX/SoREHa1kV84D0m33CMmLZ+CpF9AKM/UIQTGmP3ykKMSh6qj38 +rLQ== X-Gm-Message-State: ACrzQf0T8IOZnkqM3ZsOG6AR8QX99hJeLKAaIzurthbfj8YDVi9EfUH9 B/3jXWagFE7PBCiDYic8/v9xxgP8AIKiyg== X-Google-Smtp-Source: AMsMyM76FAT1Ip3is8OLWnrJa8AuVStiRHtFcda32jsw5LRxI05sqnNlzfX/uCC5HSG6hIWCtSuxDw== X-Received: by 2002:a17:906:ad81:b0:7ad:d411:30af with SMTP id la1-20020a170906ad8100b007add41130afmr836397ejb.636.1667856200830; Mon, 07 Nov 2022 13:23:20 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:20 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 05/10] Makefile: rephrase the discussion of *_SHA1 knobs Date: Mon, 7 Nov 2022 22:23:07 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In the preceding commit the discussion of the *_SHA1 knobs was left as-is to benefit from a smaller diff, but since we're changing these let's use the same phrasing we use for most other knobs. E.g. "define X", not "define X environment variable", and get rid of the "when running make to link with" entirely. Furthermore the discussion of DC_SHA1* options is now under a "Options for the sha1collisiondetection implementation" heading, so we don't need to clarify that these options go along with DC_SHA1=Y, so let's rephrase them accordingly. Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 19235624684..251368b315d 100644 --- a/Makefile +++ b/Makefile @@ -492,20 +492,20 @@ include shared.mak # Define DC_SHA1 to enable the collision-detecting sha1 # algorithm. This is slower, but may detect attempted collision attacks. # -# Define BLK_SHA1 environment variable to make use of the bundled -# optimized C SHA1 routine. +# Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled +# with git (in the block-sha1/ directory). # -# Define OPENSSL_SHA1 environment variable when running make to link -# with the SHA1 routine from openssl library. +# Define OPENSSL_SHA1 to link to the SHA-1 routines from the OpenSSL +# library. # # ==== Options for the sha1collisiondetection library ==== # -# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link +# Define DC_SHA1_EXTERNAL if you want to build / link # git with the external SHA1 collision-detect library. # Without this option, i.e. the default behavior is to build git with its # own built-in code (or submodule). # -# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the +# Define DC_SHA1_SUBMODULE to use the # sha1collisiondetection shipped as a submodule instead of the # non-submodule copy in sha1dc/. This is an experimental option used # by the git project to migrate to using sha1collisiondetection as a From patchwork Mon Nov 7 21:23:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035310 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DC10C4332F for ; Mon, 7 Nov 2022 21:23:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233451AbiKGVXq (ORCPT ); Mon, 7 Nov 2022 16:23:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45300 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232746AbiKGVXZ (ORCPT ); Mon, 7 Nov 2022 16:23:25 -0500 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AAFA3DE5 for ; Mon, 7 Nov 2022 13:23:23 -0800 (PST) Received: by mail-ed1-x533.google.com with SMTP id z18so19621279edb.9 for ; Mon, 07 Nov 2022 13:23:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=P1Yp8FmSYqhG9hXrwvjt1gFwr87ipouyHNQtQe9NlYY=; b=YgcC2gsVEPeUNfJYYQ7pNZpqPIOYlbTPT5IqG1scJ0PFR1zlZEJYBvswplgvaU9uNC WRE9isu0LVSiGHA8szbUMNhUVX/BK6jmfzMjuMvf8Gte9XJB4lEltsmJHLq36KxPi6QI G6CCN6v+78SiStCvhcqVNjUZR1COCS+VUoOQqJ831lCvC7ZjTV+KR3DORLKhdklod3Wx UiPHuJlS/fIK1ayO7VTj3Flrtte1K/d9O476h6D21ZrCc0aoNlYftVrfNQlbe4NfNk2l 0JRPI7w7GuRNiPNffy2yBuWFJQVWjqs2nLBxJs6pyW7VZm0wNz894G3c4ldiGG0g5FB6 hQJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P1Yp8FmSYqhG9hXrwvjt1gFwr87ipouyHNQtQe9NlYY=; b=ElFM7Z+u36b1p4hsQK0VEMQ1ufhghYsjf0rZNoowrJ2pc1gXdbgp1AkJYh6Ozfq0E1 klXjyhc+FVFMao55pYSwE2aok8rtyolS5m8smPA0C80ZuiamEygtNOGXV+DXLzGr0OLv p5fh3pxHsxyfps6i4F5Tv6T8gKT7H4aC5jygOwhlYp4jpl+QqI3SVQ8FT3Z+RJfPS3VP MQoYGSUSmllYKukxjv7k3uXsenxaoosNyCBv8kgDSCxDIASx82L5buRhxDmGdonE2TZ4 t1DPs6K3ZOkoGgnLCcF5hxDod3EnZ/cDmBsgZNXMIPz2l0TVXrljCu1iq9Bbtm3rxS6Z cS6w== X-Gm-Message-State: ACrzQf0h5CSWQ7KbWtPuoU12QLqZGS1sQNZkuDYwWBijg6In71LUmtZq qotmJyYkiNQVjT486LXpqR6BDhHCltu9RA== X-Google-Smtp-Source: AMsMyM7e8B9/tP+3vi7akdvySWNcU66n0ez25ezUpVyi1nCx3v4PHZC95hp5s80o2x6lkRYlx+GpqQ== X-Received: by 2002:a05:6402:448c:b0:457:52eb:b57e with SMTP id er12-20020a056402448c00b0045752ebb57emr52876836edb.178.1667856201945; Mon, 07 Nov 2022 13:23:21 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:21 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 06/10] Makefile: document default SHA-256 backend Date: Mon, 7 Nov 2022 22:23:08 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Since 27dc04c5450 (sha256: add an SHA-256 implementation using libgcrypt, 2018-11-14) we've claimed to support a BLK_SHA256 flag, but there's no such SHA-256 backend. Instead we fall back on adding "sha256/block/sha256.o" to "LIB_OBJS" and adding "-DSHA256_BLK" to BASIC_CFLAGS. Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 251368b315d..646fbe5b7dd 100644 --- a/Makefile +++ b/Makefile @@ -515,14 +515,15 @@ include shared.mak # # ==== SHA-256 implementations ==== # -# Define BLK_SHA256 to use the built-in SHA-256 routines. -# # Define NETTLE_SHA256 to use the SHA-256 routines in libnettle. # # Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt. # # Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. # +# If don't enable any of the *_SHA256 settings in this section, Git +# will default to its built-in sha256 implementation. +# # == DEVELOPER defines == # # Define DEVELOPER to enable more compiler warnings. Compiler version From patchwork Mon Nov 7 21:23:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035312 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F215C433FE for ; Mon, 7 Nov 2022 21:23:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232941AbiKGVXv (ORCPT ); Mon, 7 Nov 2022 16:23:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232350AbiKGVX1 (ORCPT ); Mon, 7 Nov 2022 16:23:27 -0500 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EE7C1150 for ; Mon, 7 Nov 2022 13:23:25 -0800 (PST) Received: by mail-ej1-x62f.google.com with SMTP id 13so33694199ejn.3 for ; Mon, 07 Nov 2022 13:23:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yYyPO10BDw0VnriYKZuvAFp2lTbRUcqJFJepXrDzzY8=; b=ZviUd+AEsfUJ8GlF8O+ylfsMSj1tUfX4uAzn2Ew7gKo/qgMGDi+kI/Bo9g97Rz6mCk XhkS6LbR22AbOkjWxbB7vbN4KuB1OT3OqQVZdT17Da/rpmSAmM8m2rEWCa3tJm/nRJxo abX9flrXn9uDrV5ZVcc7p2lBEnVNcqPE+5dnQ/fVNRdhvSaGMuwTyv7bwT0dsEY/Z1Wx BhX/5uqd/UzDETnnXrBRG1GvIrVLK79LHtF5gyc2oN+UsWHtxFaiXAZYlJGkRus9CZ46 GT2zjfkTV88S92aoCoRk316EI/tDXwORLOv9aCU1durfVjinVCW88E9w0T2XQmOeh7Eg xbHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yYyPO10BDw0VnriYKZuvAFp2lTbRUcqJFJepXrDzzY8=; b=A8mk1sTa8ewtyMQq8lHrrUyMzSKMdD+c3mGi6eMyshwkQcnaPGSXFr2IMEfhgQwsny ZNkcw2HbFii4pdLTRsH5aYOrauORTYid1SHvsnhZTsIZoNXKh1ZwDXCK3rIkFDCDCYpA WaMpW/ld/DJemom6tXIKhrCPWrjiRQSSVD3KOp/Wb1De0fTCacksmZ+mKThJYH1OCKFT YpPNzCTtXv6KhACMKF2iZJ7BGPzoYIjYG72eA2RC9alBqfjwQ9Wz4K+z9GCh1/4Rf1sE J9ZvW+KA18Q4josGcwLUYwMUgExhtWT6+HevCS97po/6jr3XWbyxU5HWuoMLsOqW7dE7 UVpQ== X-Gm-Message-State: ACrzQf2lSuhRCwRtPeUNuu2TjjgbCMJ6Eciznom2buClmpnrqAcFbHJp VOtt/3qrQ44QtvhTVteM23bbe9hTjz4OLA== X-Google-Smtp-Source: AMsMyM4ZjoP7V8lyG8X5npzV3TXnx6bIJHUFTs9JYZKrJApRatYnNR0hyGRIrq/8lBdxTe/LXgGpMA== X-Received: by 2002:a17:906:bceb:b0:7ae:75e:3929 with SMTP id op11-20020a170906bceb00b007ae075e3929mr28368228ejb.400.1667856203477; Mon, 07 Nov 2022 13:23:23 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:22 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 07/10] Makefile: document SHA-1 and SHA-256 default and selection order Date: Mon, 7 Nov 2022 22:23:09 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org For the *_SHA1 and *_SHA256 flags we've discussed the various flags, but not the fact that when you define multiple flags we'll pick one. Which one we pick depends on the order they're listed in the Makefile, which differed from the order we discussed them in this documentation. Let's be explicit about how we select these, and re-arrange the listings so that they're listed in the priority order we've picked. I'd personally prefer that the selection was more explicit, and that we'd error out if conflicting flags were provided, but per the discussion downhtread of[1] the consensus was to keep theses semantics. This behavior makes it easier to e.g. integrate with autoconf-like systems, where the configuration can provide everything it can support, and Git is tasked with picking the first one it prefers. 1. https://lore.kernel.org/git/220710.86mtdh81ty.gmgdl@evledraar.gmail.com/ Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 646fbe5b7dd..9b5f872d107 100644 --- a/Makefile +++ b/Makefile @@ -481,6 +481,11 @@ include shared.mak # # === SHA-1 backend === # +# ==== Default SHA-1 backend ==== +# +# If no *_SHA1 backend is picked, the first supported one listed in +# "SHA-1 implementations" will be picked. +# # ==== Options common to all SHA-1 implementations ==== # # Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed @@ -489,14 +494,14 @@ include shared.mak # # ==== SHA-1 implementations ==== # -# Define DC_SHA1 to enable the collision-detecting sha1 -# algorithm. This is slower, but may detect attempted collision attacks. +# Define OPENSSL_SHA1 to link to the SHA-1 routines from the OpenSSL +# library. # # Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled # with git (in the block-sha1/ directory). # -# Define OPENSSL_SHA1 to link to the SHA-1 routines from the OpenSSL -# library. +# Define DC_SHA1 to enable the collision-detecting sha1 +# algorithm. This is slower, but may detect attempted collision attacks. # # ==== Options for the sha1collisiondetection library ==== # @@ -515,12 +520,12 @@ include shared.mak # # ==== SHA-256 implementations ==== # +# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. +# # Define NETTLE_SHA256 to use the SHA-256 routines in libnettle. # # Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt. # -# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. -# # If don't enable any of the *_SHA256 settings in this section, Git # will default to its built-in sha256 implementation. # From patchwork Mon Nov 7 21:23:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035314 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CC0DC4332F for ; Mon, 7 Nov 2022 21:23:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233465AbiKGVX5 (ORCPT ); Mon, 7 Nov 2022 16:23:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232848AbiKGVX2 (ORCPT ); Mon, 7 Nov 2022 16:23:28 -0500 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA802102F for ; Mon, 7 Nov 2022 13:23:26 -0800 (PST) Received: by mail-ed1-x52e.google.com with SMTP id s12so10026351edd.5 for ; Mon, 07 Nov 2022 13:23:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4HZHvERxq7vHEN22SojWO1d/+wIpRLipDbShKHvhOvM=; b=jJhTGweOgiVeyTwHGjJ3EF64FIN2TOyCiFcNS+yb5jNUjxdX3sD7dzAJMBdfc9+hW6 mBTJBIRsIm7NgakGaIQJG/Awt52EU5Y9ETlN8d0nxRduqN44zlSV3xSwsLVDW6QlvUuV 0U5Avefct5ubcJPGhPBBSG+aOU5hjl8GB0I12uYlXq3XNWHj5CK5WhCUhFsuWJrAPD0Q U5GQEbfuzhq/FlhdzDrvMe7YYGSRd9xBIYG+uezmsxxPNCx43YMlsK0fiNBISNS8fx59 J3vGLZj19TD+4LOAHZehbxY8Y7OMJ78hrZ1QVjpnB+na4l7Q/Xef3a8gN4zZtqBewI8/ uUXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4HZHvERxq7vHEN22SojWO1d/+wIpRLipDbShKHvhOvM=; b=3WjVILybDxdAn5IV3bWak7NzHA/LNjmwqgWBRO6iqwUFbyYl8UQUqEPoCvOa0UJlZM qMeyDK6wApGlCfpUPh2/QW5GlY47z5ePfBq2APX7Z32rx/tiGYY/xyTyZMd7J2DvDpBl 75CP5HZ1kipaL7eHcwtJNzi5OUmxBeyYN+82UyHxH9IranXU50ICVEAJ5XDm7JC8gIwR ZLbvbJU0WHam+JAVE510KjDXcgjo+mNVWtcqny+bxe/lWpUgUMGy1rf2RgwkXdiAJ4Jk sBSEaT0nbvTljnYjuoFso1lQr3mcCpmsyDV5Gsl3zhd3JoESAZ0zBbo/kQ0+uJIt38Um hCkg== X-Gm-Message-State: ACrzQf1GZ0as5p2PkrvppuUVwyjbzjNubDTebllQePucLguSJahCl0LB qSQxXEC66EH9cVQu94h0uYeBAFamghS+kg== X-Google-Smtp-Source: AMsMyM57Q/vNAXY7ohTakSLSYO33cd6hXFSL3RpOcUPHft6ynXVwro+JRS7dq8WuqnxXsMmPyVzmtA== X-Received: by 2002:aa7:d506:0:b0:461:565e:8673 with SMTP id y6-20020aa7d506000000b00461565e8673mr52578571edq.416.1667856204866; Mon, 07 Nov 2022 13:23:24 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:24 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 08/10] Makefile & test-tool: replace "DC_SHA1" variable with a "define" Date: Mon, 7 Nov 2022 22:23:10 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Address the root cause of technical debt we've been carrying since sha1collisiondetection was made the default in [1]. In a preceding commit we narrowly fixed a bug where the "DC_SHA1" variable would be unset (in combination with "NO_APPLE_COMMON_CRYPTO=" on OSX), even though we had the sha1collisiondetection library enabled. But the only reason we needed to have such a user-exposed knob went away with [1], and it's been doing nothing useful since then. We don't care if you define DC_SHA1=*, we only care that you don't ask for any other SHA-1 implementation. If it turns out that you didn't, we'll use sha1collisiondetection, whether you had "DC_SHA1" set or not. As a result of this being confusing we had e.g. [2] for cmake and the recent [3] for ci/lib.sh setting "DC_SHA1" explicitly, even though this was always a NOOP. A much simpler way to do this is to stop having the Makefile and CMakeLists.txt set "DC_SHA1" to be picked up by the test-lib.sh, let's instead add a trivial "test-tool sha1-is-sha1dc". It returns zero if we're using sha1collisiondetection, non-zero otherwise. 1. e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17) 2. c4b2f41b5f5 (cmake: support for testing git with ctest, 2020-06-26) 3. 1ad5c3df35a (ci: use DC_SHA1=YesPlease on osx-clang job for CI, 2022-10-20) Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 8 ++++---- ci/lib.sh | 2 +- contrib/buildsystems/CMakeLists.txt | 2 -- sha1dc_git.h | 1 + t/helper/test-sha1.c | 8 ++++++++ t/helper/test-tool.c | 1 + t/helper/test-tool.h | 1 + t/t0013-sha1dc.sh | 6 ++++-- 8 files changed, 20 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index 9b5f872d107..0c79546712f 100644 --- a/Makefile +++ b/Makefile @@ -500,8 +500,10 @@ include shared.mak # Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled # with git (in the block-sha1/ directory). # -# Define DC_SHA1 to enable the collision-detecting sha1 -# algorithm. This is slower, but may detect attempted collision attacks. +# If don't enable any of the *_SHA1 settings in this section, Git will +# default to its built-in sha1collisiondetection library, which is a +# collision-detecting sha1 This is slower, but may detect attempted +# collision attacks. # # ==== Options for the sha1collisiondetection library ==== # @@ -1867,7 +1869,6 @@ ifdef APPLE_COMMON_CRYPTO COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL BASIC_CFLAGS += -DSHA1_APPLE else - override DC_SHA1 = YesPlease BASIC_CFLAGS += -DSHA1_DC LIB_OBJS += sha1dc_git.o ifdef DC_SHA1_EXTERNAL @@ -3030,7 +3031,6 @@ GIT-BUILD-OPTIONS: FORCE @echo NO_REGEX=\''$(subst ','\'',$(subst ','\'',$(NO_REGEX)))'\' >>$@+ @echo NO_UNIX_SOCKETS=\''$(subst ','\'',$(subst ','\'',$(NO_UNIX_SOCKETS)))'\' >>$@+ @echo PAGER_ENV=\''$(subst ','\'',$(subst ','\'',$(PAGER_ENV)))'\' >>$@+ - @echo DC_SHA1=\''$(subst ','\'',$(subst ','\'',$(DC_SHA1)))'\' >>$@+ @echo SANITIZE_LEAK=\''$(subst ','\'',$(subst ','\'',$(SANITIZE_LEAK)))'\' >>$@+ @echo SANITIZE_ADDRESS=\''$(subst ','\'',$(subst ','\'',$(SANITIZE_ADDRESS)))'\' >>$@+ @echo X=\'$(X)\' >>$@+ diff --git a/ci/lib.sh b/ci/lib.sh index 1808e3b1ce1..24d20a5d648 100755 --- a/ci/lib.sh +++ b/ci/lib.sh @@ -260,7 +260,7 @@ macos-latest) else MAKEFLAGS="$MAKEFLAGS PYTHON_PATH=$(which python2)" MAKEFLAGS="$MAKEFLAGS NO_APPLE_COMMON_CRYPTO=NoThanks" - MAKEFLAGS="$MAKEFLAGS DC_SHA1=YesPlease NO_OPENSSL=NoThanks" + MAKEFLAGS="$MAKEFLAGS NO_OPENSSL=NoThanks" fi ;; esac diff --git a/contrib/buildsystems/CMakeLists.txt b/contrib/buildsystems/CMakeLists.txt index 3957e4cf8cd..2f6e0197ffa 100644 --- a/contrib/buildsystems/CMakeLists.txt +++ b/contrib/buildsystems/CMakeLists.txt @@ -1025,7 +1025,6 @@ set(NO_PERL ) set(NO_PTHREADS ) set(NO_PYTHON ) set(PAGER_ENV "LESS=FRX LV=-c") -set(DC_SHA1 YesPlease) set(RUNTIME_PREFIX true) set(NO_GETTEXT ) @@ -1061,7 +1060,6 @@ file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_PERL='${NO_PERL}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_PTHREADS='${NO_PTHREADS}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_UNIX_SOCKETS='${NO_UNIX_SOCKETS}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "PAGER_ENV='${PAGER_ENV}'\n") -file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "DC_SHA1='${DC_SHA1}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "X='${EXE_EXTENSION}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "NO_GETTEXT='${NO_GETTEXT}'\n") file(APPEND ${CMAKE_BINARY_DIR}/GIT-BUILD-OPTIONS "RUNTIME_PREFIX='${RUNTIME_PREFIX}'\n") diff --git a/sha1dc_git.h b/sha1dc_git.h index 41e1c3fd3f7..60e3ce84395 100644 --- a/sha1dc_git.h +++ b/sha1dc_git.h @@ -17,6 +17,7 @@ void git_SHA1DCInit(SHA1_CTX *); void git_SHA1DCFinal(unsigned char [20], SHA1_CTX *); void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *data, unsigned long len); +#define platform_SHA_IS_SHA1DC /* used by "test-tool sha1-is-sha1dc" */ #define platform_SHA_CTX SHA1_CTX #define platform_SHA1_Init git_SHA1DCInit #define platform_SHA1_Update git_SHA1DCUpdate diff --git a/t/helper/test-sha1.c b/t/helper/test-sha1.c index d860c387c38..71fe5c61455 100644 --- a/t/helper/test-sha1.c +++ b/t/helper/test-sha1.c @@ -5,3 +5,11 @@ int cmd__sha1(int ac, const char **av) { return cmd_hash_impl(ac, av, GIT_HASH_SHA1); } + +int cmd__sha1_is_sha1dc(int argc UNUSED, const char **argv UNUSED) +{ +#ifdef platform_SHA_IS_SHA1DC + return 0; +#endif + return 1; +} diff --git a/t/helper/test-tool.c b/t/helper/test-tool.c index 01cda9358df..775854c9f96 100644 --- a/t/helper/test-tool.c +++ b/t/helper/test-tool.c @@ -73,6 +73,7 @@ static struct test_cmd cmds[] = { { "scrap-cache-tree", cmd__scrap_cache_tree }, { "serve-v2", cmd__serve_v2 }, { "sha1", cmd__sha1 }, + { "sha1-is-sha1dc", cmd__sha1_is_sha1dc }, { "sha256", cmd__sha256 }, { "sigchain", cmd__sigchain }, { "simple-ipc", cmd__simple_ipc }, diff --git a/t/helper/test-tool.h b/t/helper/test-tool.h index ca2948066fd..7cf84eca12e 100644 --- a/t/helper/test-tool.h +++ b/t/helper/test-tool.h @@ -66,6 +66,7 @@ int cmd__run_command(int argc, const char **argv); int cmd__scrap_cache_tree(int argc, const char **argv); int cmd__serve_v2(int argc, const char **argv); int cmd__sha1(int argc, const char **argv); +int cmd__sha1_is_sha1dc(int argc, const char **argv); int cmd__oid_array(int argc, const char **argv); int cmd__sha256(int argc, const char **argv); int cmd__sigchain(int argc, const char **argv); diff --git a/t/t0013-sha1dc.sh b/t/t0013-sha1dc.sh index 9ad76080aa4..53240476896 100755 --- a/t/t0013-sha1dc.sh +++ b/t/t0013-sha1dc.sh @@ -6,9 +6,11 @@ TEST_PASSES_SANITIZE_LEAK=true . ./test-lib.sh TEST_DATA="$TEST_DIRECTORY/t0013" -if test -z "$DC_SHA1" +test_lazy_prereq SHA1_IS_SHA1DC 'test-tool sha1-is-sha1dc' + +if ! test_have_prereq SHA1_IS_SHA1DC then - skip_all='skipping sha1 collision tests, DC_SHA1 not set' + skip_all='skipping sha1 collision tests, not using sha1collisiondetection' test_done fi From patchwork Mon Nov 7 21:23:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035315 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BA8EC433FE for ; Mon, 7 Nov 2022 21:24:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232229AbiKGVYA (ORCPT ); Mon, 7 Nov 2022 16:24:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232896AbiKGVX3 (ORCPT ); Mon, 7 Nov 2022 16:23:29 -0500 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4F9C55AE for ; Mon, 7 Nov 2022 13:23:27 -0800 (PST) Received: by mail-ej1-x629.google.com with SMTP id 13so33694421ejn.3 for ; Mon, 07 Nov 2022 13:23:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GE2SXbQNnSpsldc1vO15iKfQ0m7JfVbCB9aIamTJdE4=; b=U+nbAhHF42Gs9bBwtbRkhwoIWYGRHyEpVbvY3TF8tz6u59cJfA4mpop0ZXU+mxvBwt 3njAEb7yGSQOp1qEO8BDdya4KtFJXBurTfXqMIFbHmMIJXby0PTku06bxDBgbBWgbpwc 092LGibi6XrvqMHvlPb0F7Gj3CAp2FuxR3QOkAgD17pYPdPWlFh2354J1YKrJOKZoe5W eiEE1zHjJ/vmApg0q2cBtMU8OQnOrK2eYXGCoxxT8zCuSSMA7RsLc6vf9c/jFHfvVfLA HmAqgxf4SOUAYL99TI0Q/Bo2CbO91bZC29IqskLhRM1YZFdeQRAnjPaV3AwBHiPlIo9g AqMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GE2SXbQNnSpsldc1vO15iKfQ0m7JfVbCB9aIamTJdE4=; b=0FqQ+YJIGDSs7rMywKK3K1tJaMKm4nLVFqXWhCywzUrGX0AwaR9te7khhjHIT4w2h+ X+jQq5ykogaYu5VHV7r0DzpCE+evEWfJrCRRDO1hjGkS/x0GaXa9HPGqHzAcFf+POV9M 2RUMvAMvYYFq0fLIIFUQoRao3zjIIqpyKF9XkgF3fTb1FPFs20hXFSViHdTsg0YrfCJR kW5hm3NFgzMzqFXxvmR0SwITFeXCb2TmADggjxf7nXEht3/Ed51do4SHogNYBHWr0eiG USik+krCfndZ41OxZhoBnF+ga8aqC+CcghP01dEoyGtpRED8Tkk1bkNu6gkxDjL5t59v rivA== X-Gm-Message-State: ACrzQf2gzogFGXilvVtFUi7NXyeCTfyEEzUPU9d05v5WN4jbCbAQIeVn KvgXfyy7miUPLL7awmWQtKJfvVBFR7BjiA== X-Google-Smtp-Source: AMsMyM4HKoTgYhJq72Tani4JIWHPtU5IU3puyRpOHIB9zz9/IEYtJc7d8m1ung0aak3EytZ+nxjrhw== X-Received: by 2002:a17:907:75d0:b0:7ad:8a7a:1a53 with SMTP id jl16-20020a17090775d000b007ad8a7a1a53mr49046238ejc.47.1667856205888; Mon, 07 Nov 2022 13:23:25 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:25 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 09/10] Makefile: document default SHA-1 backend on OSX Date: Mon, 7 Nov 2022 22:23:11 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Since [1] the default SHA-1 backend on OSX has been APPLE_COMMON_CRYPTO. Per [2] we'll skip using it on anything older than Mac OS X 10.4 "Tiger"[3]. When "DC_SHA1" was made the default in [4] this interaction between it and APPLE_COMMON_CRYPTO seems to have been missed in. Ever since DC_SHA1 was "made the default" we've still used Apple's CommonCrypto instead of sha1collisiondetection on modern versions of Darwin and OSX. 1. 61067954ce1 (cache.h: eliminate SHA-1 deprecation warnings on Mac OS X, 2013-05-19) 2. 9c7a0beee09 (config.mak.uname: set NO_APPLE_COMMON_CRYPTO on older systems, 2014-08-15) 3. We could probably drop "NO_APPLE_COMMON_CRYPTO", as nobody's likely to care about such on old version of OSX anymore. But let's leave that for now. 4. e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17) Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile b/Makefile index 0c79546712f..7d0fa7adb61 100644 --- a/Makefile +++ b/Makefile @@ -500,6 +500,11 @@ include shared.mak # Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled # with git (in the block-sha1/ directory). # +# Define NO_APPLE_COMMON_CRYPTO on OSX to opt-out of using the +# "APPLE_COMMON_CRYPTO" backend for SHA-1, which is currently the +# default on that OS. On macOS 01.4 (Tiger) or older, +# NO_APPLE_COMMON_CRYPTO is defined by default. +# # If don't enable any of the *_SHA1 settings in this section, Git will # default to its built-in sha1collisiondetection library, which is a # collision-detecting sha1 This is slower, but may detect attempted From patchwork Mon Nov 7 21:23:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 13035316 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B2F1C4332F for ; Mon, 7 Nov 2022 21:24:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233341AbiKGVYB (ORCPT ); Mon, 7 Nov 2022 16:24:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232952AbiKGVXa (ORCPT ); Mon, 7 Nov 2022 16:23:30 -0500 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2361E63F3 for ; Mon, 7 Nov 2022 13:23:29 -0800 (PST) Received: by mail-ed1-x52e.google.com with SMTP id v17so19644233edc.8 for ; Mon, 07 Nov 2022 13:23:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=S4A5U71pUqFrLPNtPdNvyjbt9IUVm6mWuZej8FN1CNA=; b=YCxNYUbs84TIQMP6S82WiehkIumNiCKJ4Ido1W6MIZwhKLIPz9OXJxM/Onkh/i+Y0k HRhwGJAyvIeWKY9HTwVlDPf2/oQTYzjB4fuha9VYaAvGkQN8P2nWas2NaB/hf/OUAsmw FyA0lAqp6DbcI5VpFD58LO2RmSCz4XOapCfZDbsGQ6KWFbC4MjywnVNbcSUAtRT4SzcD FFz2jNqmav/BPiONYN2tqeyxOU3y6x6iIex3hjZeqZ8UXI+anheroOCazWXGx11qxXLI zZTRYV+cZmBeLjtajn/twapY50vcpaFSMiLNYGNfpit5gCRnB4v00Kbz9aYp/S+T7jjL V8eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S4A5U71pUqFrLPNtPdNvyjbt9IUVm6mWuZej8FN1CNA=; b=IjRDoXzZte+wNIpBBFUYilkC38oI7IATACEU0Sy8WSEzXiIKoDOlYXN6UgCYo0ljRg 65ru670Ha3eFr0TIR7u22hTqY+Tg/ZlipCH7yQC934W4Dg01h5APwhvnCRocDSSs1qfK Cg3jrO4cQ3RY8upC0vEEd1jfXP5N3NhUIFhek5el+kWlN+bijL7w9sM7IudyPwZXui4O lDY9NDLlNRZjvp9aGZgVa2vBzoL2XRXK/WwuAtjQcByCnr67abDjW9q0QMMl9vNZMdnI nilxiBONddXcowIlEDZDU3GMVFeQhXq3HMo92VdnGQ2D44e308YF0DaxJ4ci9S/Nb84a EwPw== X-Gm-Message-State: ACrzQf2Gv2f+sdNatDsSQAlHv0bPQTf6hDVO2WqnmBuoX2wdmcmZm5X1 aaBcjzxnMBBDxgd5VvYV6x8jVs/zT6+3bQ== X-Google-Smtp-Source: AMsMyM7PdlmG9Ayj03uFFgzjrR32kQWtJEDyBWSyYCCxcipAbcsDInVsBIQQa3pqdmNaM+yJL5odtw== X-Received: by 2002:a05:6402:c07:b0:461:87ab:78aa with SMTP id co7-20020a0564020c0700b0046187ab78aamr53115063edb.258.1667856207176; Mon, 07 Nov 2022 13:23:27 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id gg3-20020a170906e28300b0077d6f628e14sm3834418ejb.83.2022.11.07.13.23.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 13:23:26 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Mike Hommey , "brian m . carlson" , =?utf-8?q?Carlo_Marcelo?= =?utf-8?q?_Arenas_Bel=C3=B3n?= , Eric Sunshine , Glen Choo , Eric DeCosta , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBC?= =?utf-8?b?amFybWFzb24=?= Subject: [PATCH v5 10/10] Makefile: discuss SHAttered in *_SHA{1,256} discussion Date: Mon, 7 Nov 2022 22:23:12 +0100 Message-Id: X-Mailer: git-send-email 2.38.0.1464.gea6794aacbc In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Let's mention the SHAttered attack and more generally why we use the sha1collisiondetection backend by default, and note that for SHA-256 the user should feel free to pick any of the supported backends as far as hashing security is concerned. Signed-off-by: Ævar Arnfjörð Bjarmason --- Makefile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Makefile b/Makefile index 7d0fa7adb61..91596bac4c0 100644 --- a/Makefile +++ b/Makefile @@ -481,6 +481,17 @@ include shared.mak # # === SHA-1 backend === # +# ==== Security ==== +# +# Due to the SHAttered (https://shattered.io) attack vector on SHA-1 +# it's strongly recommended to use the sha1collisiondetection +# counter-cryptanalysis library for SHA-1 hashing. +# +# If you know that you can trust the repository contents, or where +# potential SHA-1 attacks are otherwise mitigated the other backends +# listed in "SHA-1 implementations" are faster than +# sha1collisiondetection. +# # ==== Default SHA-1 backend ==== # # If no *_SHA1 backend is picked, the first supported one listed in @@ -525,6 +536,11 @@ include shared.mak # # === SHA-256 backend === # +# ==== Security ==== +# +# Unlike SHA-1 the SHA-256 algorithm does not suffer from any known +# vulnerabilities, so any implementation will do. +# # ==== SHA-256 implementations ==== # # Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL.