From 36f048c5e488005da0a9dfba6b617c7c9951c7cf Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Tue, 15 Aug 2017 14:04:16 +0200 Subject: sha1dc: build git plumbing code more explicitly The plumbing code between sha1dc and git is defined in sha1dc_git.[ch], but these aren't compiled / included directly but only via the indirect inclusion from sha1dc code. This is slightly confusing when you try to trace the build flow. This patch brings the following changes for simplification: - Make sha1dc_git.c stand-alone and build from Makefile - sha1dc_git.h is the common header to include further sha1.h depending on the build condition - Move comments for plumbing codes from the header to definitions This is also meant as a preliminary work for further plumbing with external sha1dc shlib. Signed-off-by: Takashi Iwai Signed-off-by: Junio C Hamano --- Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 461c845d3..5e7e9022b 100644 --- a/Makefile +++ b/Makefile @@ -1472,6 +1472,8 @@ ifdef APPLE_COMMON_CRYPTO BASIC_CFLAGS += -DSHA1_APPLE else DC_SHA1 := YesPlease + BASIC_CFLAGS += -DSHA1_DC + LIB_OBJS += sha1dc_git.o ifdef DC_SHA1_SUBMODULE LIB_OBJS += sha1collisiondetection/lib/sha1.o LIB_OBJS += sha1collisiondetection/lib/ubc_check.o @@ -1481,12 +1483,9 @@ else LIB_OBJS += sha1dc/ubc_check.o endif BASIC_CFLAGS += \ - -DSHA1_DC \ -DSHA1DC_NO_STANDARD_INCLUDES \ -DSHA1DC_INIT_SAFE_HASH_DEFAULT=0 \ -DSHA1DC_CUSTOM_INCLUDE_SHA1_C="\"cache.h\"" \ - -DSHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C="\"sha1dc_git.c\"" \ - -DSHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H="\"sha1dc_git.h\"" \ -DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C="\"git-compat-util.h\"" endif endif -- cgit v1.2.1 From 3964cbbb5c30609ebd795a979074251cf59436c3 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Tue, 15 Aug 2017 14:04:17 +0200 Subject: sha1dc: allow building with the external sha1dc library Some distros provide SHA1 collision-detect code as a shared library. It's the same code as we have in git tree (but may be with a different init default for hash), and git can link with it as well; at least, it may make maintenance easier, according to our security guys. This patch allows user to build git linking with the external sha1dc library instead of the built-in code. User needs to define DC_SHA1_EXTERNAL explicitly. As default without it, the built-in sha1dc code is used like before. Signed-off-by: Takashi Iwai Signed-off-by: Junio C Hamano --- Makefile | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 5e7e9022b..9f492b5d1 100644 --- a/Makefile +++ b/Makefile @@ -162,6 +162,11 @@ all:: # algorithm. This is slower, but may detect attempted collision attacks. # Takes priority over other *_SHA1 knobs. # +# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link +# git with the external SHA1 collision-detect library. +# Without this option, i.e. the default behavior is to build git with its +# own built-in code (or submodule). +# # Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the # sha1collisiondetection shipped as a submodule instead of the # non-submodule copy in sha1dc/. This is an experimental option used @@ -1474,6 +1479,13 @@ else DC_SHA1 := YesPlease BASIC_CFLAGS += -DSHA1_DC LIB_OBJS += sha1dc_git.o +ifdef DC_SHA1_EXTERNAL + ifdef DC_SHA1_SUBMODULE +$(error Only set DC_SHA1_EXTERNAL or DC_SHA1_SUBMODULE, not both) + endif + BASIC_CFLAGS += -DDC_SHA1_EXTERNAL + EXTLIBS += -lsha1detectcoll +else ifdef DC_SHA1_SUBMODULE LIB_OBJS += sha1collisiondetection/lib/sha1.o LIB_OBJS += sha1collisiondetection/lib/ubc_check.o @@ -1491,6 +1503,7 @@ endif endif endif endif +endif ifdef SHA1_MAX_BLOCK_SIZE LIB_OBJS += compat/sha1-chunked.o -- cgit v1.2.1