From patchwork Mon May 20 23:14:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Junio C Hamano X-Patchwork-Id: 13668714 Received: from pb-smtp1.pobox.com (pb-smtp1.pobox.com [64.147.108.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBC3045035 for ; Mon, 20 May 2024 23:14:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=64.147.108.70 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716246880; cv=none; b=a5I0fjVzyu54KlnUJvLuyIQ9DcHWdfIrZ1FNHFGG+mheVUiGmuVMV5KZoWJ5b+3hlU3Q3OfPYRmfBEpwcnCZDdBmwsACvczzCdEP/P0GxYbqdtDp3Y2ZsxkyT6E/5JHjrt0jNndU92gD3J3A9LA2LC5uI4PiM3BB3+SNsGJGZb4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716246880; c=relaxed/simple; bh=L6lV8h6zLeeHMBFn8XDqK2prEz3IlmCxpG510ZbS3B4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BO5bN3D9Ig7tCRHk1abFlYRDn+76aRZkomKNagr+nYr52ox7TDUMRm3/IvhpSmqq4kkodHi5gXfTD3OQ39MRFuQzh3U7yB+5LzIne/D3QxuCwQwOZCMjocBISNLZ6JTdFc6Bett4u1bRssTJZXkOfBz/kBrrgHmtBCNT2zIY5yo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=pobox.com; spf=pass smtp.mailfrom=pobox.com; dkim=pass (1024-bit key) header.d=pobox.com header.i=@pobox.com header.b=WcVnxv/h; arc=none smtp.client-ip=64.147.108.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=pobox.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pobox.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=pobox.com header.i=@pobox.com header.b="WcVnxv/h" Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 82D4829B86; Mon, 20 May 2024 19:14:37 -0400 (EDT) (envelope-from gitster@pobox.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=sasl; bh=L6lV8h6zLeeH MBFn8XDqK2prEz3IlmCxpG510ZbS3B4=; b=WcVnxv/hoK2rU16if7gQziSeQhC/ Px7SZOHzSklqurdKHXxtU2dd5Cjk1+P/IIa3EzEnpC1Wg+o6/7EYjKhVGD/C5qsR vnxhT2RvdwfXZLXbZ+KyFRVNtoe1wCCpGdpEQNIIv/PmQbogZ4U/0KFd9sf6ChkS e9D3qepU02lw/5Y= Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 7AFF929B85; Mon, 20 May 2024 19:14:37 -0400 (EDT) (envelope-from gitster@pobox.com) Received: from pobox.com (unknown [34.125.173.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id BA7C829B84; Mon, 20 May 2024 19:14:35 -0400 (EDT) (envelope-from gitster@pobox.com) From: Junio C Hamano To: git@vger.kernel.org Cc: Patrick Steinhardt Subject: [PATCH v5 0/5] Fix use of uninitialized hash algorithms Date: Mon, 20 May 2024 16:14:29 -0700 Message-ID: <20240520231434.1816979-1-gitster@pobox.com> X-Mailer: git-send-email 2.45.1-216-g4365c6fcf9 In-Reply-To: References: Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Pobox-Relay-ID: B948451C-16FE-11EF-9BDE-78DCEB2EC81B-77302942!pb-smtp1.pobox.com A change recently merged to 'next' stops us from defaulting to using SHA-1 unless other code (like a logic early in the start-up sequence to see what hash is being used in the repository we are working in) explicitly sets it, leading to a (deliberate) crash of "git" when we forgot to cover certain code paths. It turns out we have a few. Notable ones are all operations that are designed to work outside a repository. We should go over all such code paths and give them a reasonable default when there is one available (e.g. for historical reasons, patch-id is documented to work with SHA-1 hashes, so arguably it, or at least when it is invoked with the "--stable" option, should do so everywhere, not just in SHA-1 repositories, but in SHA-256 repository or outside any repository). In the meantime, if an end-user hits such a "bug" before we can fix it, it would be nice to give them an escape hatch to restore the historical behaviour of falling back to use SHA-1. These patches are designed to apply on a merge of c8aed5e8 (repository: stop setting SHA1 as the default object hash, 2024-05-07) into 3e4a232f (The third batch, 2024-05-13), which has been the same base throughout the past iterations. In this fifth iteration: - The first step no longer falls back to GIT_DEFAULT_HASH; the escape hatch is a dedicated GIT_TEST_DEFAULT_HASH_ALGO environment variable, but hopefully we do not have to advertise it all that often. - The second step has been simplified somewhat to use the "nongit" helper when we only need to run a single "git" command in t1517. The way the expected output files were prepared in the previous versions did not correctly force use of SHA-1 algorithm, which has been corrected. The third step and fourth step for t1517 continue to be "flip expect_failure to expect_success", but you can see context differences in the range-diff. - The fourth step also has a fix for t1007 where the previous iterations did not correctly force use of SHA-1 to prepare the expected output. Otherwise this round should be ready, modulo possible typoes. Junio C Hamano (3): setup: add an escape hatch for "no more default hash algorithm" change t1517: test commands that are designed to be run outside repository apply: fix uninitialized hash function Patrick Steinhardt (2): builtin/patch-id: fix uninitialized hash function builtin/hash-object: fix uninitialized hash function builtin/apply.c | 4 +++ builtin/hash-object.c | 3 +++ builtin/patch-id.c | 13 +++++++++ repository.c | 44 ++++++++++++++++++++++++++++++ t/t1007-hash-object.sh | 6 +++++ t/t1517-outside-repo.sh | 59 +++++++++++++++++++++++++++++++++++++++++ t/t4204-patch-id.sh | 34 ++++++++++++++++++++++++ 7 files changed, 163 insertions(+) create mode 100755 t/t1517-outside-repo.sh