From ed605fa1a8a2afe47cda5f24b5059494b86379b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Mon, 7 Nov 2022 22:23:09 +0100 Subject: [PATCH] Makefile: document SHA-1 and SHA-256 default and selection order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For the *_SHA1 and *_SHA256 flags we've discussed the various flags, but not the fact that when you define multiple flags we'll pick one. Which one we pick depends on the order they're listed in the Makefile, which differed from the order we discussed them in this documentation. Let's be explicit about how we select these, and re-arrange the listings so that they're listed in the priority order we've picked. I'd personally prefer that the selection was more explicit, and that we'd error out if conflicting flags were provided, but per the discussion downhtread of[1] the consensus was to keep theses semantics. This behavior makes it easier to e.g. integrate with autoconf-like systems, where the configuration can provide everything it can support, and Git is tasked with picking the first one it prefers. 1. https://lore.kernel.org/git/220710.86mtdh81ty.gmgdl@evledraar.gmail.com/ Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Taylor Blau --- Makefile | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 646fbe5b7d..9b5f872d10 100644 --- a/Makefile +++ b/Makefile @@ -481,6 +481,11 @@ include shared.mak # # === SHA-1 backend === # +# ==== Default SHA-1 backend ==== +# +# If no *_SHA1 backend is picked, the first supported one listed in +# "SHA-1 implementations" will be picked. +# # ==== Options common to all SHA-1 implementations ==== # # Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed @@ -489,14 +494,14 @@ include shared.mak # # ==== SHA-1 implementations ==== # -# Define DC_SHA1 to enable the collision-detecting sha1 -# algorithm. This is slower, but may detect attempted collision attacks. +# Define OPENSSL_SHA1 to link to the SHA-1 routines from the OpenSSL +# library. # # Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled # with git (in the block-sha1/ directory). # -# Define OPENSSL_SHA1 to link to the SHA-1 routines from the OpenSSL -# library. +# Define DC_SHA1 to enable the collision-detecting sha1 +# algorithm. This is slower, but may detect attempted collision attacks. # # ==== Options for the sha1collisiondetection library ==== # @@ -515,12 +520,12 @@ include shared.mak # # ==== SHA-256 implementations ==== # +# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. +# # Define NETTLE_SHA256 to use the SHA-256 routines in libnettle. # # Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt. # -# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL. -# # If don't enable any of the *_SHA256 settings in this section, Git # will default to its built-in sha256 implementation. #