From patchwork Mon Dec 30 14:24:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923314 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A7F49443 for ; Mon, 30 Dec 2024 14:24:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.156 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568655; cv=none; b=DNVyKwXCJA5Rvx01ykDomVkBpGf28wh1GR85V2JUgTFPXfny357u567SdKA7C3QnrlpLqPh9orgXJTUJEGre+4fhMPX9p06dUdxwXiXQh/N+mengWElJ5RbdksqTs/PxtMBWf0LEdiRCURYJPcK0C4SpeqTtmh8xyJPqHAAlCHo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568655; c=relaxed/simple; bh=Pug/m8sPhsOHH8ScVuYAZQ8T+NVeFS8olj7JGKzLOVQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=KYPTGeJfOZh/IeRuaNneXsRbT9Uf4ygJWM+rKenniUg/Bncis/ddiiM7Z25NeYfGx93/+k7a2417cDFfp2Ni1AviKMm0mcq9l8ArR+B+yxDrcf70DjSgXIeo3hx6FPZUqThO7QAcDpaxnAtKRdeL5buoz+fAySltLAcZbS005pI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=jlA0bG2L; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=pR+Z3yD7; arc=none smtp.client-ip=202.12.124.156 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="jlA0bG2L"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="pR+Z3yD7" Received: from phl-compute-12.internal (phl-compute-12.phl.internal [10.202.2.52]) by mailfhigh.stl.internal (Postfix) with ESMTP id 7C0A325401EA; Mon, 30 Dec 2024 09:24:11 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-12.internal (MEProxy); Mon, 30 Dec 2024 09:24:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568651; x=1735655051; bh=DZsyb48ekzt9AlLPCt5u+kD4bPRJqPOp4oYmUZ28aDw=; b= jlA0bG2LGZ43KdR4yynzNkSPhoFawJUavxOKAJ2qeeqYc1pwvNCKg9PGBQkaJ/VU zw7xyRAUZxiLkoZkjHgblc1buPxACVBPigLy44EJmME+b+fxjDgt67x4LHfY1qSa 3jvuKRXlSkSuAQ8fFsv+cINJ2C+Q9wYqncfGdhbh7/5gSoCM3mIcpr4826Qb2NnZ lCDbPv0mggVeOA9rDzUkq0FJPjFqhA4U7yE/eY5Uu01ToIbedPvgrQj27oZv8Wtn sNucqHNxdTTeazZYkdNtrg5PskZAgKd0w2gIvRR/gLhQkeY4FFsrLrcOsN9ahUIR Zw0NHjsoT3RfTK/9D7cXWQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568651; x= 1735655051; bh=DZsyb48ekzt9AlLPCt5u+kD4bPRJqPOp4oYmUZ28aDw=; b=p R+Z3yD70P3bWlQgrorXjlJdoO8DKzgJneqOCCKYxgm3pj2Ziqq2Jd5gefoD7nWe5 /BXjA0oZFBbA9VH3cBemTFOYotRvF1nXi7RTQmdlV6akNDZrcRYw2JsReGWkUSBX ezycKkg4QlPtl8HBLjlhN+pHkkgyiY3RdIKTJV1W9WvF0uHYoTUWypDisP9/TIuI tm2zuCh8MLApKCd6w/ewGLIOt5WZyQNm+T/VOD7Q8GviG49XNUE3AsPXEetQVwcG O73+H5vd0pavHrQpkWPF0Gmm1V+D6+mLUSIQtZozWazAcRKhWoMtu2km57+tR/zT AwSaGDw/tBAPdnjdd5kjg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepmhgvseht thgrhihlohhrrhdrtghomhdprhgtphhtthhopehgihhtsehvghgvrhdrkhgvrhhnvghlrd horhhgpdhrtghpthhtohepghhithhsthgvrhesphhosghogidrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:10 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 28cc0641 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:06 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:01 +0100 Subject: [PATCH 01/10] bulk-checkin: fix segfault with unsafe SHA1 backend Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-1-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 In 1b9e9be8b4 (csum-file.c: use unsafe SHA-1 implementation when available, 2024-09-26) we have converted our `struct hashfile` to use the unsafe SHA1 backend, which results in a significant speedup. One needs to be careful with how to use that structure now though because callers need to consistently use either the safe or unsafe variants of SHA1, as otherwise one can easily trigger corruption. As it turns out, we have one inconsistent usage in our tree because we directly initialize `struct hashfile_checkpoint::ctx` with the safe variant of SHA1, but end up writing to that context with the unsafe ones. This went unnoticed so far because our CI systems do not exercise different hash functions for these two backends, and consequently safe and unsafe variants are equivalent. But when using SHA1DC as safe and OpenSSL as unsafe backend this leads to a crash an t1050: ++ git -c core.compression=0 add large1 AddressSanitizer:DEADLYSIGNAL ================================================================= ==1367==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc 0x7ffff7a01a99 bp 0x507000000db0 sp 0x7fffffff5690 T0) ==1367==The signal is caused by a READ memory access. ==1367==Hint: address points to the zero page. #0 0x7ffff7a01a99 in EVP_MD_CTX_copy_ex (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4) #1 0x555555ddde56 in openssl_SHA1_Clone ../sha1/openssl.h:40:2 #2 0x555555dce2fc in git_hash_sha1_clone_unsafe ../object-file.c:123:2 #3 0x555555c2d5f8 in hashfile_checkpoint ../csum-file.c:211:2 #4 0x555555b9905d in deflate_blob_to_pack ../bulk-checkin.c:286:4 #5 0x555555b98ae9 in index_blob_bulk_checkin ../bulk-checkin.c:362:15 #6 0x555555ddab62 in index_blob_stream ../object-file.c:2756:9 #7 0x555555dda420 in index_fd ../object-file.c:2778:9 #8 0x555555ddad76 in index_path ../object-file.c:2796:7 #9 0x555555e947f3 in add_to_index ../read-cache.c:771:7 #10 0x555555e954a4 in add_file_to_index ../read-cache.c:804:9 #11 0x5555558b5c39 in add_files ../builtin/add.c:355:7 #12 0x5555558b412e in cmd_add ../builtin/add.c:578:18 #13 0x555555b1f493 in run_builtin ../git.c:480:11 #14 0x555555b1bfef in handle_builtin ../git.c:740:9 #15 0x555555b1e6f4 in run_argv ../git.c:807:4 #16 0x555555b1b87a in cmd_main ../git.c:947:19 #17 0x5555561649e6 in main ../common-main.c:64:11 #18 0x7ffff742a1fb in __libc_start_call_main (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4) #19 0x7ffff742a2b8 in __libc_start_main@GLIBC_2.2.5 (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4) #20 0x555555772c84 in _start (git+0x21ec84) ==1367==Register values: rax = 0x0000511000001080 rbx = 0x0000000000000000 rcx = 0x000000000000000c rdx = 0x0000000000000000 rdi = 0x0000000000000000 rsi = 0x0000507000000db0 rbp = 0x0000507000000db0 rsp = 0x00007fffffff5690 r8 = 0x0000000000000000 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffff7a01a30 r12 = 0x0000000000000000 r13 = 0x00007fffffff6b38 r14 = 0x00007ffff7ffd000 r15 = 0x00005555563b9910 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4) in EVP_MD_CTX_copy_ex ==1367==ABORTING ./test-lib.sh: line 1023: 1367 Aborted git $config add large1 error: last command exited with $?=134 not ok 4 - add with -c core.compression=0 Fix the issue by using the unsafe variant instead. Signed-off-by: Patrick Steinhardt --- bulk-checkin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bulk-checkin.c b/bulk-checkin.c index 4a70a70a951cfd1a488339a33bf3a76b5152a344..433070a3bda461a2ad62da67cc5515f8822d2df3 100644 --- a/bulk-checkin.c +++ b/bulk-checkin.c @@ -272,7 +272,7 @@ static int deflate_blob_to_pack(struct bulk_checkin_packfile *state, OBJ_BLOB, size); the_hash_algo->init_fn(&ctx); the_hash_algo->update_fn(&ctx, obuf, header_len); - the_hash_algo->init_fn(&checkpoint.ctx); + the_hash_algo->unsafe_init_fn(&checkpoint.ctx); /* Note: idx is non-NULL when we are writing */ if ((flags & HASH_WRITE_OBJECT) != 0) From patchwork Mon Dec 30 14:24:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923313 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B8AB1A4F1B for ; Mon, 30 Dec 2024 14:24:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.156 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568654; cv=none; b=YXdmEhSCJbgdniKIF/RSDB/GK2jLOSim4V7xaMEtyG1G77ZGFdIps2xgKRnFDTVwtl/zllljAOfzIjEcnoXQk2e4s2mjnUzaoFn3Z6Z62T0mWPgC4pM/Xy49/UvEK0xq/mTlO3d0hK07zoZVwkkG+Zg++ESWdDTpyEhxy6J2/ek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568654; c=relaxed/simple; bh=Gu2d1mFr+xho7l6+ylwIKxjF05M1V+4b6bJtlGJ4EtM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ISlEkKYd0aKKQKYp+3YgW/WHAvTMOrahh4KoaMq9/gBOgY5fp1cEpx2nwewD+yXmAddnkkfD9JHtuoEy5FlaVv1oDxe3OfCCgAMoo7vfFuUusC/fQadjYMUAcMjWhewf2Rpf/XNSPxVlSaCfRVxhBCGyTss0kwmx96muQG3owD0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=Ggq4u6qe; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=rbKyB/9I; arc=none smtp.client-ip=202.12.124.156 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="Ggq4u6qe"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="rbKyB/9I" Received: from phl-compute-07.internal (phl-compute-07.phl.internal [10.202.2.47]) by mailfhigh.stl.internal (Postfix) with ESMTP id BB41425401EB; Mon, 30 Dec 2024 09:24:11 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-07.internal (MEProxy); Mon, 30 Dec 2024 09:24:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568651; x=1735655051; bh=octC69/NnKGkrseXmGfLiIr4R/ZslPAJ9Unyj9WG8wI=; b= Ggq4u6qed2LzYAUI97Hb9mSCHeJN5Hc3zo+AVB3RHbXC0UwnETbvQgAFVnTMjJdo vpuVuZ8zA5SYgued7i6z2lU810VGu7Tmdis9DItDSBWzr8dFXmarIcF7Uh87ds+i k6zBtYFOKCUDMqQZZiY4qYNEHKRiVSWzFwjreIwUPzSkb6kFhD6OFcRzR9orQjrS G0hD2F1TAgn1IJ1IE4u205+ZFFCWCqagADB7zYlEFiPoPvkwGXFKMJHSvPxMQBBT 2A7Cmt33r/K/WtlPhkJEn3XjzajSXSnVStJ+EoTjAfdN/hP0OoQv4EE7aO626aHx t+qzULIoZPxqqarG5JAsZg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568651; x= 1735655051; bh=octC69/NnKGkrseXmGfLiIr4R/ZslPAJ9Unyj9WG8wI=; b=r bKyB/9I+6i47mc3yNXrVEXSW/vpAbJCbmHTA01Hc23abFNDjcsVsj+E3aqMdiUus /HQpdGA8c2OBh90HrFdGMVj0+1Z5S6udVvTkhzMuEsVZQYYZ9N1irjiNzllPYEJn y+BXn3pfdTpIsYAOmUvzpPJtNuwkhN6OixKX8p+cdHP8CeIzAaqvdkoRjnZHB2+Q htoexv1BP5nXD4qfpI2D1RukOKJ6WNSoPlpFwUJFylGC8hGlZmUwe7q/HygE3GN3 onxfX00Ww5Bn5oyVWGGPGG8Obwhgy2UTqCHfjwg8V4FbS2E2a8OpG1aVAGnswz5m /bowNKc3qSYQHVc18/g8Q== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhithes vhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehmvgesthhtrgihlhhorhhrrd gtohhmpdhrtghpthhtohepghhithhsthgvrhesphhosghogidrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:10 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 857233b8 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:07 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:02 +0100 Subject: [PATCH 02/10] builtin/fast-import: fix segfault with unsafe SHA1 backend Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-2-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 Same as with the preceding commit, git-fast-import(1) is using the safe variant to initialize a hashfile checkpoint. This leads to a segfault when passing the checkpoint into the hashfile subsystem because it would use the unsafe variants instead: ++ git --git-dir=R/.git fast-import --big-file-threshold=1 AddressSanitizer:DEADLYSIGNAL ================================================================= ==577126==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc 0x7ffff7a01a99 bp 0x5070000009c0 sp 0x7fffffff5b30 T0) ==577126==The signal is caused by a READ memory access. ==577126==Hint: address points to the zero page. #0 0x7ffff7a01a99 in EVP_MD_CTX_copy_ex (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4) #1 0x555555ddde56 in openssl_SHA1_Clone ../sha1/openssl.h:40:2 #2 0x555555dce2fc in git_hash_sha1_clone_unsafe ../object-file.c:123:2 #3 0x555555c2d5f8 in hashfile_checkpoint ../csum-file.c:211:2 #4 0x5555559647d1 in stream_blob ../builtin/fast-import.c:1110:2 #5 0x55555596247b in parse_and_store_blob ../builtin/fast-import.c:2031:3 #6 0x555555967f91 in file_change_m ../builtin/fast-import.c:2408:5 #7 0x55555595d8a2 in parse_new_commit ../builtin/fast-import.c:2768:4 #8 0x55555595bb7a in cmd_fast_import ../builtin/fast-import.c:3614:4 #9 0x555555b1f493 in run_builtin ../git.c:480:11 #10 0x555555b1bfef in handle_builtin ../git.c:740:9 #11 0x555555b1e6f4 in run_argv ../git.c:807:4 #12 0x555555b1b87a in cmd_main ../git.c:947:19 #13 0x5555561649e6 in main ../common-main.c:64:11 #14 0x7ffff742a1fb in __libc_start_call_main (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a1fb) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4) #15 0x7ffff742a2b8 in __libc_start_main@GLIBC_2.2.5 (/nix/store/65h17wjrrlsj2rj540igylrx7fqcd6vq-glibc-2.40-36/lib/libc.so.6+0x2a2b8) (BuildId: bf320110569c8ec2425e9a0c5e4eb7e97f1fb6e4) #16 0x555555772c84 in _start (git+0x21ec84) ==577126==Register values: rax = 0x0000511000000cc0 rbx = 0x0000000000000000 rcx = 0x000000000000000c rdx = 0x0000000000000000 rdi = 0x0000000000000000 rsi = 0x00005070000009c0 rbp = 0x00005070000009c0 rsp = 0x00007fffffff5b30 r8 = 0x0000000000000000 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffff7a01a30 r12 = 0x0000000000000000 r13 = 0x00007fffffff6b60 r14 = 0x00007ffff7ffd000 r15 = 0x00005555563b9910 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/nix/store/h1ydpxkw9qhjdxjpic1pdc2nirggyy6f-openssl-3.3.2/lib/libcrypto.so.3+0x201a99) (BuildId: 41746a580d39075fc85e8c8065b6c07fb34e97d4) in EVP_MD_CTX_copy_ex ==577126==ABORTING ./test-lib.sh: line 1039: 577126 Aborted git --git-dir=R/.git fast-import --big-file-threshold=1 < input error: last command exited with $?=134 not ok 167 - R: blob bigger than threshold The segfault is only exposed in case the unsafe and safe backends are different from one another. Fix the issue by initializing the context with the unsafe SHA1 variant. Signed-off-by: Patrick Steinhardt --- builtin/fast-import.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/fast-import.c b/builtin/fast-import.c index 1fa2929a01b7dfee52b653248bba802884f6be6a..0f86392761abbe6acb217fef7f4fe7c3ff5ac1fa 100644 --- a/builtin/fast-import.c +++ b/builtin/fast-import.c @@ -1106,7 +1106,7 @@ static void stream_blob(uintmax_t len, struct object_id *oidout, uintmax_t mark) || (pack_size + PACK_SIZE_THRESHOLD + len) < pack_size) cycle_packfile(); - the_hash_algo->init_fn(&checkpoint.ctx); + the_hash_algo->unsafe_init_fn(&checkpoint.ctx); hashfile_checkpoint(pack_file, &checkpoint); offset = checkpoint.offset; From patchwork Mon Dec 30 14:24:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923315 Received: from fout-b4-smtp.messagingengine.com (fout-b4-smtp.messagingengine.com [202.12.124.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 287751A83E2 for ; Mon, 30 Dec 2024 14:24:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.147 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568655; cv=none; b=CVdJW2tYNbi91/6tWtkv1KhhjTve8HPCcxrCox+aSRdjAh4iggD7yRe768WGlYm6/8o0ZgqBe82KFCrQMAmFpNWjOGIHowiTneJMDs49wMefbk823nokq9yAVWUVSfItoBn+MNFmsUNY4ipF01JdoQKEovUM6SUkGzL8EVNAML8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568655; c=relaxed/simple; bh=WAN+UWQzu0fCPb8+jC5YoJ5laYQNy7ycRMBjwaXmGMY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SHLJNAnCIbihOP6q7Bgl6F/0tb9Y9cnuW+o7rrqrdMhRQfE8XatA8KBxg3b8DUTsoB9kVUV4q3QKDL4F8th38V40xhUeoEHmwI7ly45EwcXEiM9Xp/XMwt6sdYJotROd9OBGPDl0ZrOkWL7GHXg1YJY9uSmcK02ecBAeKv5/bzU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=CsYoGqj0; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=TXpM+pfY; arc=none smtp.client-ip=202.12.124.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="CsYoGqj0"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="TXpM+pfY" Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfout.stl.internal (Postfix) with ESMTP id D999C11401AA; Mon, 30 Dec 2024 09:24:12 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Mon, 30 Dec 2024 09:24:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568652; x=1735655052; bh=RMm0GdWELMDeFfoUmkH99rOXjzON529bNbj3pR53lKo=; b= CsYoGqj0VaVr6wS6gey02qSoDEzAO4wWnUgTuZ1tYf2cqCogXF+3bAmJvpn0JJPx 3+bss0fp96r9VeShm5kaexqPLNmDyxbX7VQP0cr6EpKfZTgkIrGlxiOIPtKuM3LT TNmBiq2zVjJ/K7G+KwivOYToIDZTh8lPz4O3yayto2A8p9hifiwa3N5DnHgN2VVu swMw3tY3whjotmCNZ/buUZ+/C9PymK0wk5fCeQe8Rr0qY7ke10S8G5nKFpgWPwuO KuxdVay/r7OeabJu4qyWtyMuf4WY3vCZctCrFNWLncN5QELgkRfoxT82mfeBgFv/ /yr/HpkMB2svjSTAQtrkBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568652; x= 1735655052; bh=RMm0GdWELMDeFfoUmkH99rOXjzON529bNbj3pR53lKo=; b=T XpM+pfYvNL/nN49vV/A7yXjTqmO8jocjcCLKEBKYiCwFTjYvGB1a6eIEQues4EZ3 w99dUecyg0pRpatwrqYQ+0iP+Bvg69GR0kACDLLHb12ZZqggQLlFagBFU4LhG/Mu 7KmkwNrZ23IvxJx7XsrEcliNIIm//aa8+Sem81u1NMO35wfwD8KjDwRCVLhOfgWG LnbiZVOkhejRreCCRstZpMufgeV3TlwHw3qabxZ9m4/fghxiNfH46vlUyjR50hw4 ZDhILsH3ygzIrakEGkz0XLCC58CcJO2u9Rt2+sF5tnv3iAXer0etnsjnmSwlXzYr NsK5G6feeeLAFljGVb5/g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhithhs thgvrhesphhosghogidrtghomhdprhgtphhtthhopehgihhtsehvghgvrhdrkhgvrhhnvg hlrdhorhhgpdhrtghpthhtohepmhgvsehtthgrhihlohhrrhdrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:11 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 708be0c4 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:08 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:03 +0100 Subject: [PATCH 03/10] ci: exercise unsafe OpenSSL backend Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-3-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 In the preceding commit we have fixed a segfault when using an unsafe SHA1 backend that is different from the safe one. This segfault only went by unnoticed because we never set up an unsafe backend in our CI systems. Fix this ommission by setting `OPENSSL_SHA1_UNSAFE` in our TEST-vars job. Signed-off-by: Patrick Steinhardt --- ci/run-build-and-tests.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh index c4a41bba0b84df57f6e60aeac2de29dbc0e27dc1..76667a1277720d74e09e8da227b5e0832003e0e2 100755 --- a/ci/run-build-and-tests.sh +++ b/ci/run-build-and-tests.sh @@ -17,6 +17,7 @@ linux-gcc) export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main ;; linux-TEST-vars) + export OPENSSL_SHA1_UNSAFE=YesPlease export GIT_TEST_SPLIT_INDEX=yes export GIT_TEST_MERGE_ALGORITHM=recursive export GIT_TEST_FULL_IN_PACK_ARRAY=true From patchwork Mon Dec 30 14:24:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923317 Received: from fout-b4-smtp.messagingengine.com (fout-b4-smtp.messagingengine.com [202.12.124.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 287C71A83F4 for ; Mon, 30 Dec 2024 14:24:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.147 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568656; cv=none; b=sL/B/6Ks4iUfA6SJHEMd4JcWwvojYzkDO7b13kmBmLGNPg0g604BlGRSjGMrkJ8aUIufe6tlDLl7oBZqwlhQYKbLctSFpFngt9tCUDHlX1Y08PJ1gME8n6uGLKUI6OZe0IZxnWuYaEwOv34eB4jOF3FiwG0dq436XpFDEQp8vrU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568656; c=relaxed/simple; bh=oh0m9/n/RvWK9r0x0bbS/MBlHGS+dpSxiBkK/9mruPY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=G+erYcCVd3OYkZR9RtejRQ5ekJtJk1M6C/IOUL58LzhNZOxbJUC0CjvFYzmWBKQIrWBs8R2JQNa+MRG7h+DKMFJNmsg+ABwOwHTD6WWVDuq4rBnW9aQUaACNofzcUPJAFyMnsRSf0SXZs0/V7amoub9s7vGm2e619njhYjU06ho= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=Q4/c7zEF; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=r1ZcxQZ5; arc=none smtp.client-ip=202.12.124.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="Q4/c7zEF"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="r1ZcxQZ5" Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfout.stl.internal (Postfix) with ESMTP id 3B6971140145; Mon, 30 Dec 2024 09:24:13 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Mon, 30 Dec 2024 09:24:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568653; x=1735655053; bh=WlG1DfzNXUxMrZLsv6zMS4fn0/sdbPaYLpRqXucurlY=; b= Q4/c7zEFMcZVp+4rH1gEfRRGqqwYqBxT5NKFKYwr7atR7j5sI8TrtayOh3EF0cFU mzF6pCM8MQUyPjFAdPPgbuOAvYsE7Ho4jpQwgf1YlFn1cHK5qiWzTJHImLKpPeIb +gy/IsKdAZL3RQ3ZEOdz2TCO9h6Kbx4z06LkIrJcB8pX4i/oY69967P5uyKSSTd5 6H8SpSi4ZJP7keKEjQus8JuGc7MgPLB8CMLhc7MTWfVE0ihzuJc/6NAFNjIvLKRR CiI3Rbel8Fhv/YVSCcaCeVqiXb8GDe4QPMhrfthEeHSlRU8xh+D2VRQbWJU3XrwD Ru/TfW6S2uYKJJJpi8gFRg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568653; x= 1735655053; bh=WlG1DfzNXUxMrZLsv6zMS4fn0/sdbPaYLpRqXucurlY=; b=r 1ZcxQZ58cSWD314X8Dbwq6gi0XPUk8k4Ydui39J439lV4qdDKQ4tb3gfElr+22ns v7vp/K7sl3CjUZ/YX2PBd6gw9nT34LgTZwK5nBMY558AGZlg+VcOXEW6pQYwpbFK Lbi8vw4CnjbxQqj5TRXZcegsRkENcXCQ93dQrAgLZ8XK/euZxi/JGNoj6VbvpmsJ tMHbyOYxmtRjduYSwlEGMxIshBok/A1I1OEd20fUCQJYfw4h893bOW7Qo4lH1cZx Im9Mhc9h9FHv58Rk7EEh4rufgnKbH9iA3uchwx0NlUH2bVQ9mFRtefe8ca0efaqR RNVMaHfnh68NlrkwPdvqA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhithes vhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehgihhtshhtvghrsehpohgsoh igrdgtohhmpdhrtghpthhtohepmhgvsehtthgrhihlohhrrhdrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:12 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id cbeb5ace (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:09 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:04 +0100 Subject: [PATCH 04/10] meson: consistenlty spell 'CommonCrypto' Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-4-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 The 'CommonCrypto' backend can be specified as HTTPS and SHA1 backends, but the value that one needs to use is inconsistent across those two build options. Unify it to 'CommonCrypto'. Signed-off-by: Patrick Steinhardt --- meson.build | 2 +- meson_options.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index 0064eb64f546a6349a8694ce251bd352febda6fe..9da58dafe0f1023cc72f4ea3eff5515c9d479099 100644 --- a/meson.build +++ b/meson.build @@ -1367,7 +1367,7 @@ if sha1_backend == 'sha1dc' 'sha1dc/sha1.c', 'sha1dc/ubc_check.c', ] -elif sha1_backend == 'common-crypto' +elif sha1_backend == 'CommonCrypto' libgit_c_args += '-DCOMMON_DIGEST_FOR_OPENSSL' libgit_c_args += '-DSHA1_APPLE' # Apple CommonCrypto requires chunking diff --git a/meson_options.txt b/meson_options.txt index 4be7eab39939178ae2ffde1ff9e78f83a1b482b2..a7f308d217f29ef301848e63623a49207ef83125 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -49,7 +49,7 @@ option('regex', type: 'feature', value: 'auto', # Backends. option('https_backend', type: 'combo', value: 'auto', choices: ['auto', 'openssl', 'CommonCrypto', 'none'], description: 'The HTTPS backend to use when connecting to remotes.') -option('sha1_backend', type: 'combo', choices: ['openssl', 'block', 'sha1dc', 'common-crypto'], value: 'sha1dc', +option('sha1_backend', type: 'combo', choices: ['openssl', 'block', 'sha1dc', 'CommonCrypto'], value: 'sha1dc', description: 'The backend used for hashing objects with the SHA1 object format') option('sha256_backend', type: 'combo', choices: ['openssl', 'nettle', 'gcrypt', 'block'], value: 'block', description: 'The backend used for hashing objects with the SHA256 object format') From patchwork Mon Dec 30 14:24:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923316 Received: from fout-b4-smtp.messagingengine.com (fout-b4-smtp.messagingengine.com [202.12.124.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C3D11A9B3D for ; Mon, 30 Dec 2024 14:24:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.147 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568656; cv=none; b=bixAShHFwyBkiC2aKPJDlPNhLEOgzdpMXtmNhOQi21qkEcxQm99JA/N5iIoVNwQDTMDHk9LgusArq7pLQ+XpyMEcNkfN8sEHRJzt83q6XRzTWnw3pLnaVQillgpHxnaDLGKMh7EoKHAZzG8RnsMFhkzaoWs5/6nTqQCILtkWJZo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568656; c=relaxed/simple; bh=f4j5qHrXcxEI2Xxo7gXYMi+5xZHEfMGfRSrrft79XOs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NZGr03eUtzqPRG/l0Rz1gk43qSlq+v2Iug9IoFC75NO+Vxh3QhG6UICyO7pKlgP4IRfLdEIHAdjY7xRBUFz2NCXrO8UMwj5W+s7hhifb/5iuurTUOa/kea0yrzrDfx5icePzSgjw1AqBM3VlLrcrMVgd62ZvBCP7pV4PCXxFjZI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=WPs4RmhF; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=j8gHzTTQ; arc=none smtp.client-ip=202.12.124.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="WPs4RmhF"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="j8gHzTTQ" Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfout.stl.internal (Postfix) with ESMTP id ADB9E1140190; Mon, 30 Dec 2024 09:24:13 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Mon, 30 Dec 2024 09:24:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568653; x=1735655053; bh=KynKY8HHWUrF3HJwh6jviUUOFfXluBQ3hYG3l1ZEyIs=; b= WPs4RmhFrGTG+O2+dy/K8ug81mfdI2wmunyqXo1BxM1dh5ErTiSBPR5mKOWq46Eg XIVRt21wFx1H0mhsEWnUgwP4TLt6OzeXNhSpNtsPvZExLwTsLDDtLsuy8plrwTbx 3P/9XCgDYZn+DDv6w0/QFk1naEMPn8gnoAVqu98D9E51+x1ekJksDUxFqZW9oS8i f/1MQCHpQPNsd8gPzxQrD/SvvkOwWFrxGtK1+prhNs4XS23yWO85q3U6DcvW61PE LOB+VoAxOqzPYFLY/yDB2uXwY+4cZ81PbAY3j2Uqmi/N5Skd2ZP5StfX/fCZT7fx zXaxy4iNmUDrrVzXHbBYZw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568653; x= 1735655053; bh=KynKY8HHWUrF3HJwh6jviUUOFfXluBQ3hYG3l1ZEyIs=; b=j 8gHzTTQXRpUnra/Gdp8I6MZesnpCDr0jnTiBNow1OQfLcMep3Yam7iycFeorKa5g 7pvM4qcd4Z0BDQMX1yfVNd18zJcDGA7n3p7lNlp4CbLi/8yd4DlvQ7S7RKv5Y/7o pZhJLoyP7ymAAt0GHMclkWku/TV4zQU4SOxHyCDcH4zRc7ebxE51rCjNlUX99y6p 6zseQM7mWDhCcfCXXrlTCg+RsKDYSZ5z0Z2fe8jJUaTMySBXYpDBEdYjFx+HKlUr UvbdE63Xp+2rDW5upgMiP8ZVdvbXRFNChmxEa7MVUgudk50YgM1yaCr1F+RaAK+z 18HYD3Gty1hX0CSMAQajg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhithhs thgvrhesphhosghogidrtghomhdprhgtphhtthhopehmvgesthhtrgihlhhorhhrrdgtoh hmpdhrtghpthhtohepghhithesvhhgvghrrdhkvghrnhgvlhdrohhrgh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:12 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 6d342b4b (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:10 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:05 +0100 Subject: [PATCH 05/10] meson: deduplicate access to SHA1/SHA256 backend options Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-5-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 We've got a couple of repeated calls to `get_option()` for the SHA1 and SHA256 backend options. While not an issue, it makes the code needlessly verbose. Fix this by consistently using a local variable. Signed-off-by: Patrick Steinhardt --- meson.build | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build index 9da58dafe0f1023cc72f4ea3eff5515c9d479099..6fa4d900ee02f0b80bc3c36d58a07a118ec3fb20 100644 --- a/meson.build +++ b/meson.build @@ -1326,6 +1326,8 @@ if not meson.is_cross_build() and fs.exists('/dev/tty') endif https_backend = get_option('https_backend') +sha1_backend = get_option('sha1_backend') +sha256_backend = get_option('sha256_backend') security_framework = dependency('Security', required: https_backend == 'CommonCrypto') core_foundation_framework = dependency('CoreFoundation', required: security_framework.found()) @@ -1333,7 +1335,7 @@ if https_backend == 'auto' and security_framework.found() https_backend = 'CommonCrypto' endif -openssl_required = https_backend == 'openssl' or get_option('sha1_backend') == 'openssl' or get_option('sha256_backend') == 'openssl' +openssl_required = https_backend == 'openssl' or sha1_backend == 'openssl' or sha256_backend == 'openssl' openssl = dependency('openssl', required: openssl_required, default_options: ['default_library=static']) if https_backend == 'auto' and openssl.found() https_backend = 'openssl' @@ -1354,7 +1356,6 @@ if https_backend != 'openssl' libgit_c_args += '-DNO_OPENSSL' endif -sha1_backend = get_option('sha1_backend') if sha1_backend == 'sha1dc' libgit_c_args += '-DSHA1_DC' libgit_c_args += '-DSHA1DC_NO_STANDARD_INCLUDES=1' @@ -1382,7 +1383,6 @@ else error('Unhandled SHA1 backend ' + sha1_backend) endif -sha256_backend = get_option('sha256_backend') if sha256_backend == 'openssl' libgit_c_args += '-DSHA256_OPENSSL' libgit_dependencies += openssl From patchwork Mon Dec 30 14:24:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923318 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5CB921A83F3 for ; Mon, 30 Dec 2024 14:24:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.156 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568657; cv=none; b=Lo+XWVT2XiHm7mhXXTHZzNLXV0UdE20rc7oGKr5w/VMRMuSEXoW7GMIucHcfDpobESvwd4IViFQ9V9ck8RaBzKs5fLgdGwWWkB1d9JgfC9lycCNpoY8/n2Kf9md9AXax5B4v2emD4ZLtCHsKy9jDLxR6vQGW6WSaVc9m8VwSJ4U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568657; c=relaxed/simple; bh=hHs7xNJrbCntwLsN7ypdNjXvodsO8B1AuGi31bzOgpQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=QNwnRt6e6yY6fXbokJAqT51Nu547rC9dIKWKvsMI2H56XBERob64Dp9ekSOXCpEmwNMA/YqWKKUYJX59cmjHSmx7wb56v71QYqe+H7YEPd1RGSr6ICzQicVYx2/mayRGp1+bna8a5gaB4QQu5V9sbR5pYS6jZLk8tLVbU6FJsaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=XqIh/GDf; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=p016gYZp; arc=none smtp.client-ip=202.12.124.156 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="XqIh/GDf"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="p016gYZp" Received: from phl-compute-03.internal (phl-compute-03.phl.internal [10.202.2.43]) by mailfhigh.stl.internal (Postfix) with ESMTP id 44F0425401E8; Mon, 30 Dec 2024 09:24:14 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Mon, 30 Dec 2024 09:24:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568654; x=1735655054; bh=jcKBDe4jJr35zAm8Yn2FRBVUrhTOzCwPlNxHKCzB6ds=; b= XqIh/GDf1DqimL6fxjw9afK8QpftMBJV7X543ohvdVOVfr4dXVR+SrqELPZwpJ0Q gzWGnjhJNolOFRIeHlbI7VbaPf+Y9f4MgZ0Xk52Pnq/kCrX9H8a7kTi1XZMS1QJw RRP+54sC4eQprvg1+SsRm2sWmmTqhM1oEkIBc8rTudUjpN3XXeTrwfbjVScPBo9/ W1dRepZ9jd+Kh026OFoJuDnRMBh/PbQMN/DmbkP98beKBLcKsNIHqr4OU9EKKith RE9O3XQbuiyXkgdVIHM8gNMPotspg5vqNyuUwunAS18BXF2hnPszNDWT9LG8T/LP /Lvxhz1UcylF4FBzWVteiA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568654; x= 1735655054; bh=jcKBDe4jJr35zAm8Yn2FRBVUrhTOzCwPlNxHKCzB6ds=; b=p 016gYZpNCXonHBsDqYi9+eHudDT3xjHGE6A1BVVGr5OEGoWR0609etWv2rpa/LDl vz+P/8xRt9umj6zCXT5umP84wg5HYQlNLE6yzP+tzNL/wMOnr1LWSw3BD83hMMLD niTCvvu5DAV8iQj+hrSh3NOvel8smcU7FtWVeFQy/zj1rhWlhCgtkWWXrT5rN0X5 vFdbkDXoHoZvzlE96FJ1aLc0KdzPmZxQy4Qhs00T8ikKSXsbEsQBGUD3FaAwRAbI HCv5RtqaOIvsdfCWtjcEWiZGOZrNxSz1Zg395ID4687oqRWnvsXU6R8XvXyKnX7l aM+YaWmHg46kug5Ix7KUg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepgeegudehhf ejveeujeeftddtjefhleffhefgfeelgffgfeehudegieffvdffueegnecuffhomhgrihhn pehpkhhsrdhimhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehpshesphhkshdrihhmpdhnsggprhgtphhtthhopeefpdhmohguvgepshhmthhp ohhuthdprhgtphhtthhopehgihhtshhtvghrsehpohgsohigrdgtohhmpdhrtghpthhtoh epmhgvsehtthgrhihlohhrrhdrtghomhdprhgtphhtthhopehgihhtsehvghgvrhdrkhgv rhhnvghlrdhorhhg X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:13 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id b52d94e1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:11 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:06 +0100 Subject: [PATCH 06/10] meson: require SecurityFramework when it's used as SHA1 backend Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-6-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 The Security framework is required when we use CommonCrypto either as HTTPS or SHA1 backend, but we only require it in case it is set up as HTTPS backend. Fix this. Signed-off-by: Patrick Steinhardt --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 6fa4d900ee02f0b80bc3c36d58a07a118ec3fb20..bc75ad954a4949342125b769d3d8d8362ef4e8a3 100644 --- a/meson.build +++ b/meson.build @@ -1329,7 +1329,7 @@ https_backend = get_option('https_backend') sha1_backend = get_option('sha1_backend') sha256_backend = get_option('sha256_backend') -security_framework = dependency('Security', required: https_backend == 'CommonCrypto') +security_framework = dependency('Security', required: https_backend == 'CommonCrypto' or sha1_backend == 'CommonCrypto') core_foundation_framework = dependency('CoreFoundation', required: security_framework.found()) if https_backend == 'auto' and security_framework.found() https_backend = 'CommonCrypto' From patchwork Mon Dec 30 14:24:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923319 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D98B1AA1FE for ; Mon, 30 Dec 2024 14:24:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.156 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568657; cv=none; b=AKeAYdrpgVUBTwRQd97ZLdcbS7Lc36b5z0xFF5E6LepvoXvngNNzDJXUWAlJie80AGXCAu0x/Ae8LPh2h2LqP73NBUdRXsPSImhFlCA2Pnx+D9hope0qeRifU2t3Ib7o49JRM9IqWIfG6lqjpVoAAxR2ndMYPe+zUqJVJ86NAYk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568657; c=relaxed/simple; bh=fBGsxttnHHDLqfdgCsaDtfFl8Le/fzc39NtqfJA2dA4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=OqUjRU2BpexYm/srHTsS1RjwhMKBGft+ihuDfDhzYhHpA8VDjBStYvT/KFmnN9gyRK/YYYC4ib21iCM0mKEOwADL8vUCLrWsMEoko8tnYQPot0v2NwYggrHDsOTVVFjyy8NLU/zkyNLsOGpkyVWRMTpciVmqYy4XQc/lT3hCiMw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=Jyvn9vZW; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=snkm3eJx; arc=none smtp.client-ip=202.12.124.156 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="Jyvn9vZW"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="snkm3eJx" Received: from phl-compute-07.internal (phl-compute-07.phl.internal [10.202.2.47]) by mailfhigh.stl.internal (Postfix) with ESMTP id A230225401ED; Mon, 30 Dec 2024 09:24:14 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-07.internal (MEProxy); Mon, 30 Dec 2024 09:24:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568654; x=1735655054; bh=vIKSq9J2yV8MQCRaHguzZXVsGIAM+SVClJ7OdBMzfZc=; b= Jyvn9vZWGq+tssyii1tUh3WmJ7iF1WKfJCWNcIBs5l8qHdHL78D+oyZtoN/ionpM 2g4AgzntnhcpZj5hlQKqMKbIB1qKXHBxs9OFIukjcJRb7cZPg1GHfw85YuxlbbzS J2IJ75UADbCHFbQ8lySlAgB/LIOGr0/pbVo8CaLTCAvi6eqXbVwx8o6D6PiJUp7g hDDi3szQXqUeJRCdOzMMVjcDBRvmvtdC7khVROyHryVX1pnedCxq34j9iySYz9vG 2J6yd8HrQIhRUkN9P+672y8Nl9s7Glf79vnjhiR2sTETL13ACq8cynJ9hX962/81 7eUVYWUpcAtGFpCTcf8d7g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568654; x= 1735655054; bh=vIKSq9J2yV8MQCRaHguzZXVsGIAM+SVClJ7OdBMzfZc=; b=s nkm3eJx1zoHVHSraXAMmQZelVRdPYyb2lhvSyyqocHjVeXcNF0Z03AozaVIV4/6C FhJPUBacFM1r+07ZUQKuEh/N061LZVMUQkB5MHdpeUAxnAi45yy2+IYvOrUMjZ8E dG2FmnP0Nun23uLi2Xx7QEkGXg/kwbgYciWTEkBX0DG6yzOtUycQfBcyE9qxyGcH /N838MCzr8pIE7a9faq90/FSl8uMqXzPGmG/ZTtdYPnao6BC2XjO+J+L1yDV2c7e nWI+pZLSUn+IzXtnZo86SZNgNG4bidOFlTZg0ylBnVS7saJrQov4BcV4J0r/WWV/ CSwgkFVcyISw/fo+0bjqA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhithes vhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehgihhtshhtvghrsehpohgsoh igrdgtohhmpdhrtghpthhtohepmhgvsehtthgrhihlohhrrhdrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:13 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 6914e682 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:12 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:07 +0100 Subject: [PATCH 07/10] meson: simplify conditions for HTTPS and SHA1 dependencies Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-7-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 The conditions used to figure out whteher the Security framework or OpenSSL library is required are a bit convoluted because they can be pulled in via the HTTPS, SHA1 or SHA256 backends. Refactor them to be easier to read. Signed-off-by: Patrick Steinhardt --- meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index bc75ad954a4949342125b769d3d8d8362ef4e8a3..46f807899b7bae33dd6aa7a94a54931d69ab0d62 100644 --- a/meson.build +++ b/meson.build @@ -1329,13 +1329,13 @@ https_backend = get_option('https_backend') sha1_backend = get_option('sha1_backend') sha256_backend = get_option('sha256_backend') -security_framework = dependency('Security', required: https_backend == 'CommonCrypto' or sha1_backend == 'CommonCrypto') +security_framework = dependency('Security', required: 'CommonCrypto' in [https_backend, sha1_backend]) core_foundation_framework = dependency('CoreFoundation', required: security_framework.found()) if https_backend == 'auto' and security_framework.found() https_backend = 'CommonCrypto' endif -openssl_required = https_backend == 'openssl' or sha1_backend == 'openssl' or sha256_backend == 'openssl' +openssl_required = 'openssl' in [https_backend, sha1_backend, sha256_backend] openssl = dependency('openssl', required: openssl_required, default_options: ['default_library=static']) if https_backend == 'auto' and openssl.found() https_backend = 'openssl' From patchwork Mon Dec 30 14:24:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923320 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 125CB1AA79C for ; Mon, 30 Dec 2024 14:24:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.156 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568657; cv=none; b=HEznIVADOyXA30NwN/pUL3w6IPH92fYUmPah0H5zzlhi5Uo8EdHSCe8sSBYjIHoFHdIOJX7zY7SMSTd1+b3IQrcUKYfC4jobh9+xL9HQxutJ2Vj0GUgPzxrj2XFtTpbTWFTUcu/vQWomBxPkqPkOFFvS9p/ISBxaUydp6n3GYuU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568657; c=relaxed/simple; bh=bS5evWXb33XPjmaVnvFvoC3Uifv6g/oqonkDRPQhScY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=O5uhYJv46neVasdklJWbcz9qI0UCE+hbBJjUGJgxPSe7aYTqvWhFzBxFiHwTek7O6ARSZ9dxe7uDyyqsVOWTas2/Arjd6o7Dla5RAi/6PBPCFpj+zH5eBIYBccNYnPpIhQqCLIWnYcufsAGVyz6B9HvKvhNgyLpgQ6AHlX5kcPY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=m0WJ2uE8; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=Penb2ikc; arc=none smtp.client-ip=202.12.124.156 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="m0WJ2uE8"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="Penb2ikc" Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfhigh.stl.internal (Postfix) with ESMTP id 1475B25401E9; Mon, 30 Dec 2024 09:24:15 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-05.internal (MEProxy); Mon, 30 Dec 2024 09:24:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568654; x=1735655054; bh=P0DlE9cWGE/TKbpM8C4trBcg1hG+giRcQ78PDr1j3UE=; b= m0WJ2uE8NNmHQrAl4Clj7iiXA4+TfC1t0G0UJMAXHvilYyeaLXQkWXPqTFFZUxwK HU+SL4o+YHglbRWMCgsOPPDrKQWMguCRTws52Ope4dGhPSCGGHqEShhcrWnmrh6O mnFXHYAVe0AyiKlcxnzKkvpbcAs73qRV0wt6+oI9yLozeKLhyoSjx9A59HaCkD1Y L/a8kgyB1gJ1Q5Yize09k+fdwIRWXtZ2cn0xZtO+hLXKBfFjX+XTKcbaQ+JuVXeP hK2b6gZiRyjJ1DORFN9+54sxP7ybcTzZ+PXGyCQ86cTl1J7iv6uYOCvYBV2d3mSa lCJ5PdcAWUofRIjEyyWhbA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568654; x= 1735655054; bh=P0DlE9cWGE/TKbpM8C4trBcg1hG+giRcQ78PDr1j3UE=; b=P enb2ikc+tS4n35djf/V1xElrdeN+ChgqufZTRA7xo+D6bHCAVkKjJzGn5I15AvP4 NaEtfJhy1SCg76SmtyFCjQPEH5lwowDsA/a3rUjANSM6NL3ejsvBJtpaot38jJUf 7MRqIxSvp+GOxF9SPtqq3sXxXzcAOTuS+Aab6VpJ2uYerobp3RQnGukdBojFkzjD Xqo6D5p7dSIikWObGjR3Bt6abrQrIOhvh4MeifLGm8Otk0tHA4LAOeYq6wlSZbX3 /bhmzC8czCdiyfHj+fS+++xb3XY5FqXgpJcI0FXd+y8903+bjMWypQTPi7dhY32J 3N1cuhSK0oddAWYpBqylQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepmhgvseht thgrhihlohhrrhdrtghomhdprhgtphhtthhopehgihhtsehvghgvrhdrkhgvrhhnvghlrd horhhgpdhrtghpthhtohepghhithhsthgvrhesphhosghogidrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:13 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 897b74c9 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:13 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:08 +0100 Subject: [PATCH 08/10] meson: add missing dots for build options Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-8-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 Most of our Meson build options end with a trailing dot, but those for our SHA1 and SHA256 backends don't. Add it. Signed-off-by: Patrick Steinhardt --- meson_options.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meson_options.txt b/meson_options.txt index a7f308d217f29ef301848e63623a49207ef83125..d8d283982bcdd0f688556e0102c0133061dfb304 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -50,9 +50,9 @@ option('regex', type: 'feature', value: 'auto', option('https_backend', type: 'combo', value: 'auto', choices: ['auto', 'openssl', 'CommonCrypto', 'none'], description: 'The HTTPS backend to use when connecting to remotes.') option('sha1_backend', type: 'combo', choices: ['openssl', 'block', 'sha1dc', 'CommonCrypto'], value: 'sha1dc', - description: 'The backend used for hashing objects with the SHA1 object format') + description: 'The backend used for hashing objects with the SHA1 object format.') option('sha256_backend', type: 'combo', choices: ['openssl', 'nettle', 'gcrypt', 'block'], value: 'block', - description: 'The backend used for hashing objects with the SHA256 object format') + description: 'The backend used for hashing objects with the SHA256 object format.') # Build tweaks. option('macos_use_homebrew_gettext', type: 'boolean', value: true, From patchwork Mon Dec 30 14:24:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923321 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 800991AAA15 for ; Mon, 30 Dec 2024 14:24:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.156 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568658; cv=none; b=C6cOqZfMqF32U5GjNVZ/x8PbxfFDcgeszUrwdSHcyTYiauZGtoR6S/0ACTmrPfXgl1SIQ2xKP/WfH7+SP/vauxaWOKUl7rTnoPHP0u7DIdOBYeaevCHtt88G1mVV7Q9UWQ86yXk2FyyXhgsuPnHUFudPhFGkfx7rNxnf3kyS44A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568658; c=relaxed/simple; bh=qpEfzuMcNo514bSGK24EdJEVrMsmGS+P+wFNN8W1Xis=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=e0lyaIiU04N94Ma+a5TXOF97BwMyCxOh7OSVGTpiPJz6fwJGXNvYcWdz9pA98vuO2zNbUyFgtVsRTtR235gW/Z7EryjQq9XWpJti0eDCz1titdmrKmhwJfcGgblfPaTTE5K7RWRJvY+nH9xNpxH5O1VOMk08JbMBQqD2KuSEgsA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=LeXff+D9; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=BphY9QnA; arc=none smtp.client-ip=202.12.124.156 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="LeXff+D9"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="BphY9QnA" Received: from phl-compute-02.internal (phl-compute-02.phl.internal [10.202.2.42]) by mailfhigh.stl.internal (Postfix) with ESMTP id A3F6225401EA; Mon, 30 Dec 2024 09:24:15 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-02.internal (MEProxy); Mon, 30 Dec 2024 09:24:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568655; x=1735655055; bh=kdXKKg1aM4Enzs8M6dQYU3DMegOOVGQ7oY1B58DGaN4=; b= LeXff+D9M3wDpC48anmljWovLDgVSPNPBa0WuDv55Ig9LyBimxaSJbnwpcvmrILA khrtz04EhDOaTO0MaEE1KCnwy8gq/XxLKAzV21HNy8wh9uNcVhZfrGBO1cwiHQvp 5za+XnLLlYIWRxQ6FbJX+lQMIJyvGNYMoN3OCDuvyx8ojgaSYvTi4hvfPVBf0vkJ 3HxCdGeDTS4vuNc/LuhE4pmWkSFD/LeJJ9bjXMwEli/NAz0OqFS7pMFscYv48igq R5E2k9Po6BX4o/mCbxDt/cQuPr/KneV2H7C1Dh8jx0DiJzQ8A/1RPZnDDh0czdLi VqwzVyJPj5d7CohzSeCHxQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568655; x= 1735655055; bh=kdXKKg1aM4Enzs8M6dQYU3DMegOOVGQ7oY1B58DGaN4=; b=B phY9QnA1sQrZPbZz2MkZpqFUHfkdvdnxAeZo3owZb/nzxm8Yba64PZIedP2/+ovv a1XDA024ck6Sp5o3p67GRMTHJiouKRJJhsHakNg4aG2gIZXdVN74RWdGHpNTRLIt JzubP1eX/d8lx2z0WeP8S0g/pH9nt+D2IsyH5CZ2Zjh2DF8JHpnC3cm7HV2pj8Dj KKTrpMJWxCvZ8sRjOmFCwjQ3qB/B7KMQuRb9uxXBAi83pS/PqJ0rDcaQVA75lQ7a /KAZzCJ59QYUwZIWiNrgOBN1A4BcMy+GOzuRB3DzuTYtt8+DNgukY4v5xOFOC/kS CQB4TRIIwaG5ERfzv7Qug== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgepudenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhithes vhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehmvgesthhtrgihlhhorhhrrd gtohhmpdhrtghpthhtohepghhithhsthgvrhesphhosghogidrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:14 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 973b548a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:14 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:09 +0100 Subject: [PATCH 09/10] meson: wire up unsafe SHA1 backend Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-9-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic uses, 2024-09-26), we have introduced a cryptographically-insecure backend for SHA1 that can optionally be used in some contexts where the processed data is not security relevant. This effort was in-flight with the effort to introduce Meson, so we don't have an equivalent here. Wire up a new build option that lets users pick an unsafe SHA1 backend. Note that for simplicity's sake we have to drop the error condition around an unhandled SHA1 backend. This should be fine though given that Meson verifies the value for combo-options for us. Signed-off-by: Patrick Steinhardt --- meson.build | 40 ++++++++++++++++++++++++++++++---------- meson_options.txt | 2 ++ 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/meson.build b/meson.build index 46f807899b7bae33dd6aa7a94a54931d69ab0d62..dc82c23cb4f07646a9a7bb96fefcf832f9840975 100644 --- a/meson.build +++ b/meson.build @@ -1327,15 +1327,16 @@ endif https_backend = get_option('https_backend') sha1_backend = get_option('sha1_backend') +sha1_unsafe_backend = get_option('sha1_unsafe_backend') sha256_backend = get_option('sha256_backend') -security_framework = dependency('Security', required: 'CommonCrypto' in [https_backend, sha1_backend]) +security_framework = dependency('Security', required: 'CommonCrypto' in [https_backend, sha1_backend, sha1_unsafe_backend]) core_foundation_framework = dependency('CoreFoundation', required: security_framework.found()) if https_backend == 'auto' and security_framework.found() https_backend = 'CommonCrypto' endif -openssl_required = 'openssl' in [https_backend, sha1_backend, sha256_backend] +openssl_required = 'openssl' in [https_backend, sha1_backend, sha1_unsafe_backend, sha256_backend] openssl = dependency('openssl', required: openssl_required, default_options: ['default_library=static']) if https_backend == 'auto' and openssl.found() https_backend = 'openssl' @@ -1368,19 +1369,38 @@ if sha1_backend == 'sha1dc' 'sha1dc/sha1.c', 'sha1dc/ubc_check.c', ] -elif sha1_backend == 'CommonCrypto' +endif +if sha1_backend == 'CommonCrypto' or sha1_unsafe_backend == 'CommonCrypto' + if sha1_backend == 'CommonCrypto' + libgit_c_args += '-DSHA1_APPLE' + endif + if sha1_unsafe_backend == 'CommonCrypto' + libgit_c_args += '-DSHA1_APPLE_UNSAFE' + endif + libgit_c_args += '-DCOMMON_DIGEST_FOR_OPENSSL' - libgit_c_args += '-DSHA1_APPLE' # Apple CommonCrypto requires chunking libgit_c_args += '-DSHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' -elif sha1_backend == 'openssl' - libgit_c_args += '-DSHA1_OPENSSL' +endif +if sha1_backend == 'openssl' or sha1_unsafe_backend == 'openssl' + if sha1_backend == 'openssl' + libgit_c_args += '-DSHA1_OPENSSL' + endif + if sha1_unsafe_backend == 'openssl' + libgit_c_args += '-DSHA1_OPENSSL_UNSAFE' + endif + libgit_dependencies += openssl -elif sha1_backend == 'block' - libgit_c_args += '-DSHA1_BLK' +endif +if sha1_backend == 'block' or sha1_unsafe_backend == 'block' + if sha1_backend == 'block' + libgit_c_args += '-DSHA1_BLK' + endif + if sha1_unsafe_backend == 'block' + libgit_c_args += '-DSHA1_BLK_UNSAFE' + endif + libgit_sources += 'block-sha1/sha1.c' -else - error('Unhandled SHA1 backend ' + sha1_backend) endif if sha256_backend == 'openssl' diff --git a/meson_options.txt b/meson_options.txt index d8d283982bcdd0f688556e0102c0133061dfb304..8282b1dea8e852fbd3a28309a96fdc83412f245d 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -51,6 +51,8 @@ option('https_backend', type: 'combo', value: 'auto', choices: ['auto', 'openssl description: 'The HTTPS backend to use when connecting to remotes.') option('sha1_backend', type: 'combo', choices: ['openssl', 'block', 'sha1dc', 'CommonCrypto'], value: 'sha1dc', description: 'The backend used for hashing objects with the SHA1 object format.') +option('sha1_unsafe_backend', type: 'combo', choices: ['openssl', 'block', 'CommonCrypto', 'none'], value: 'none', + description: 'The backend used for hashing data with the SHA1 object format in case no cryptographic security is needed.') option('sha256_backend', type: 'combo', choices: ['openssl', 'nettle', 'gcrypt', 'block'], value: 'block', description: 'The backend used for hashing objects with the SHA256 object format.') From patchwork Mon Dec 30 14:24:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13923322 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6962A9443 for ; Mon, 30 Dec 2024 14:24:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.156 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568659; cv=none; b=BsZlJGXD+xG7f0bukf55w7n3HWt0czJEUJm2KNZDNxBVieWmGGQPllbngFXSND6cceEBuVTYsh5XFOWs+5QxxUlUPK+M9USb40HbvbI9qunRsn+KAQCGLQdns/SInWS9B3TimDaNTwckTno0wOB4a0NcnboyK+V52JlGmX20GNU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735568659; c=relaxed/simple; bh=F1qXKKxn6qlOhhcaSnL3eXwfcredXi8fPUmb5AcXRqo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FXkzANmfrN9zgCZL0qaB8HilS4afI4zWOCqzuRVIfrj21XQ8YMd2rvyV0fNG36z2SB44GRoHzPmMcQkdqPobEJJr0zw10pOgkO6hX/tQzd9geH2MuoveG02fSULJ427+/Lk3/q77YSUMrQdiur+78/UftdXNS2fKghOVf2M+J9Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=KnfO5GcE; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=QpnR5Kgh; arc=none smtp.client-ip=202.12.124.156 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="KnfO5GcE"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="QpnR5Kgh" Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44]) by mailfhigh.stl.internal (Postfix) with ESMTP id 7CD6825400E9; Mon, 30 Dec 2024 09:24:16 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-04.internal (MEProxy); Mon, 30 Dec 2024 09:24:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1735568656; x=1735655056; bh=h2Rg+tajdGUbOw0XncBtF+Me1PMA2j8MSqO5VdtDHrk=; b= KnfO5GcEbC1Kd6JwK1SzvLpN0qiSaPurrsZO5D6LteGl50O9PhxRZVFphAA43oNf CI2laseV1JxGYP2r/u70cGG4v9HuFbpps0sSHTa+cRP0wTD+257xebRoV+xgyx+K Yz/BnGZsOcwFo/vpY20pB6m8PgPbcA8wdwCzntvApCgfYZJWIrPKnkc+VucK3dWn zsrEDH2fHFxmsEgz4ETSMkIFQRpRLlmhRZL93cYWmrky3bPZoqHyGzWOGUFmcSB0 z14lI3kC216JoXBAkxa/+v+VN+XsGYSl1dyX3ViLQmtwiAhpCrjSykAYuX0OAsZl EMji6DgAcUKCsmfMzrbSnw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735568656; x= 1735655056; bh=h2Rg+tajdGUbOw0XncBtF+Me1PMA2j8MSqO5VdtDHrk=; b=Q pnR5KghCE1fw5s5nomHX8XdvdRfNFJ7NvAHzGzeE0HYpC21f3OUzqYd3nFcGJC+0 xkorn+gSpQxlSY+Hmx8XRxttBdt69+SQckShDgSXdnSOxOfdQsIFwp9AhGDflvij Dz6UjkdLBEoVV2KePyL4JUnXLQ6DZxwaSztBKQQ1v99lgISCa4219MApktnQ16nZ MKajzMR/qJSF8L8fv3HFF7ngycym4ZDbZuyyjiq45z9wqLJEjWU1jRNqWruelrUU Tt53grHsK52BijV+elpXjvxQMCDLpnsv1mK1sKXj9gsULQL4WVEr/r4YO4ZNj0gA fwnCGMJOwl3k0cLJI2mog== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddviedgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffugg gtgffkfhgjvfevofesthejredtredtjeenucfhrhhomheprfgrthhrihgtkhcuufhtvghi nhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnhepffeuieduje dvkeehuedvkeefffeivdeuleetkeduheejteekgedvudfgtdfgieelnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhdpnh gspghrtghpthhtohepfedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepghhithhs thgvrhesphhosghogidrtghomhdprhgtphhtthhopehgihhtsehvghgvrhdrkhgvrhhnvg hlrdhorhhgpdhrtghpthhtohepmhgvsehtthgrhihlohhrrhdrtghomh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 30 Dec 2024 09:24:15 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id 053b75c1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 30 Dec 2024 14:24:15 +0000 (UTC) From: Patrick Steinhardt Date: Mon, 30 Dec 2024 15:24:10 +0100 Subject: [PATCH 10/10] meson: provide a summary of configured backends Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241230-pks-meson-sha1-unsafe-v1-10-efb276e171f5@pks.im> References: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> In-Reply-To: <20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im> To: git@vger.kernel.org Cc: Taylor Blau , Junio C Hamano X-Mailer: b4 0.14.2 There are a couple of backends from which the user can choose for HTTPS, SHA1, its unsafe variant as well as SHA256. Provide a summary of the configured values to make these more discoverable. Signed-off-by: Patrick Steinhardt --- meson.build | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meson.build b/meson.build index dc82c23cb4f07646a9a7bb96fefcf832f9840975..7361eb2eaad422e7a6c6ed95d275615836c21cdb 100644 --- a/meson.build +++ b/meson.build @@ -1943,3 +1943,10 @@ summary({ 'perl': perl_features_enabled, 'python': python.found(), }, section: 'Auto-detected features') + +summary({ + 'https': https_backend, + 'sha1': sha1_backend, + 'sha1_unsafe': sha1_unsafe_backend, + 'sha256': sha256_backend, +}, section: 'Backends')