From: Patrick Steinhardt <ps@pks.im>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH 10/10] Enable SHA-256 by default in breaking changes mode
Date: Tue, 1 Jul 2025 13:35:44 +0200 [thread overview]
Message-ID: <aGPIEHG8e0i9nzxV@pks.im> (raw)
In-Reply-To: <20250620011943.586596-11-sandals@crustytoothpaste.net>
On Fri, Jun 20, 2025 at 01:19:42AM +0000, brian m. carlson wrote:
> Our document on breaking changes indicates that we intend to default to
> SHA-256 in Git 3.0. Since most people choose the default option, this
> is an important security upgrade to our defaults.
>
> To allow people to test this case, when WITH_BREAKING_CHANGES is set in
> the configuration, build Git with SHA-256 as the default hash. Update
> the testsuite to reflect this configuration so that the tests pass.
Awesome. Thanks for advancing our migration towards SHA256!
> diff --git a/t/test-lib.sh b/t/test-lib.sh
> index ef3759ec80..bb18dd0606 100644
> --- a/t/test-lib.sh
> +++ b/t/test-lib.sh
> @@ -536,7 +536,12 @@ export GIT_COMMITTER_EMAIL GIT_COMMITTER_NAME
> export GIT_COMMITTER_DATE GIT_AUTHOR_DATE
> export EDITOR
>
> -GIT_TEST_BUILTIN_HASH=sha1
> +if test -n "$WITH_BREAKING_CHANGES"
> +then
> + GIT_TEST_BUILTIN_HASH=sha256
> +else
> + GIT_TEST_BUILTIN_HASH=sha1
> +fi
There should probably be an option somewhere in Git to ask it what its
current builtin hash is. If so, you wouldn't have to hardcode the hash
over here but could ask for example `git version --builtin-hash`.
Patrick
next prev parent reply other threads:[~2025-07-01 11:35 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-20 1:19 [PATCH 00/10] Add SHA-256 by default as a breaking change brian m. carlson
2025-06-20 1:19 ` [PATCH 01/10] hash: add a constant for the default hash algorithm brian m. carlson
2025-06-20 1:19 ` [PATCH 02/10] hash: add a constant for the original " brian m. carlson
2025-06-20 1:56 ` Junio C Hamano
2025-06-20 20:43 ` brian m. carlson
2025-07-01 11:35 ` Patrick Steinhardt
2025-06-20 1:19 ` [PATCH 03/10] builtin: use default hash when outside a repository brian m. carlson
2025-06-20 14:19 ` Junio C Hamano
2025-07-01 11:35 ` Patrick Steinhardt
2025-07-01 21:14 ` brian m. carlson
2025-07-02 15:08 ` Patrick Steinhardt
2025-06-20 1:19 ` [PATCH 04/10] Use original hash for legacy formats brian m. carlson
2025-06-20 14:26 ` Junio C Hamano
2025-06-20 20:51 ` brian m. carlson
2025-06-20 21:14 ` Junio C Hamano
2025-07-01 11:35 ` Patrick Steinhardt
2025-06-20 1:19 ` [PATCH 05/10] setup: use the default algorithm to initialize repo format brian m. carlson
2025-06-20 14:55 ` Junio C Hamano
2025-06-20 20:28 ` brian m. carlson
2025-06-20 21:05 ` Junio C Hamano
2025-06-20 1:19 ` [PATCH 06/10] t: default to compile-time default hash if not set brian m. carlson
2025-06-20 1:19 ` [PATCH 07/10] t1007: choose the built-in hash outside of a repo brian m. carlson
2025-06-20 1:19 ` [PATCH 08/10] t4042: " brian m. carlson
2025-06-20 1:19 ` [PATCH 09/10] t5300: " brian m. carlson
2025-06-20 1:19 ` [PATCH 10/10] Enable SHA-256 by default in breaking changes mode brian m. carlson
2025-06-20 14:58 ` Junio C Hamano
2025-06-20 19:18 ` brian m. carlson
2025-06-20 15:03 ` Junio C Hamano
2025-06-20 19:15 ` brian m. carlson
2025-06-20 20:42 ` Junio C Hamano
2025-06-20 21:06 ` brian m. carlson
2025-07-01 11:35 ` Patrick Steinhardt [this message]
2025-07-01 21:22 ` [PATCH v2 00/11] Add SHA-256 by default as a breaking change brian m. carlson
2025-07-01 21:22 ` [PATCH v2 01/11] hash: add a constant for the default hash algorithm brian m. carlson
2025-07-01 21:22 ` [PATCH v2 02/11] hash: add a constant for the legacy " brian m. carlson
2025-07-01 21:22 ` [PATCH v2 03/11] builtin: use default hash when outside a repository brian m. carlson
2025-07-01 21:22 ` [PATCH v2 04/11] Use legacy hash for legacy formats brian m. carlson
2025-07-01 21:22 ` [PATCH v2 05/11] setup: use the default algorithm to initialize repo format brian m. carlson
2025-07-01 21:22 ` [PATCH v2 06/11] t: default to compile-time default hash if not set brian m. carlson
2025-07-01 21:22 ` [PATCH v2 07/11] t1007: choose the built-in hash outside of a repo brian m. carlson
2025-07-01 21:22 ` [PATCH v2 08/11] t4042: " brian m. carlson
2025-07-01 21:22 ` [PATCH v2 09/11] t5300: " brian m. carlson
2025-07-01 21:22 ` [PATCH v2 10/11] help: add a build option for default hash brian m. carlson
2025-07-01 21:22 ` [PATCH v2 11/11] Enable SHA-256 by default in breaking changes mode brian m. carlson
2025-07-01 22:10 ` [PATCH v2 00/11] Add SHA-256 by default as a breaking change Junio C Hamano
2025-07-02 14:46 ` Patrick Steinhardt
2025-07-02 15:01 ` Kristoffer Haugsbakk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aGPIEHG8e0i9nzxV@pks.im \
--to=ps@pks.im \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).