[0/2] help: include SHA build options in version info

Message ID	20250328170121.157563-1-jltobler@gmail.com (mailing list archive)
Headers	show Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D10253C0C for <git@vger.kernel.org>; Fri, 28 Mar 2025 17:05:24 +0000 (UTC) From: Justin Tobler <jltobler@gmail.com> To: git@vger.kernel.org Cc: christian.couder@gmail.com, Justin Tobler <jltobler@gmail.com> Subject: [PATCH 0/2] help: include SHA build options in version info Date: Fri, 28 Mar 2025 12:01:19 -0500 Message-ID: <20250328170121.157563-1-jltobler@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	help: include SHA build options in version info \| expand [0/2] help: include SHA build options in version info [1/2] help: include SHA implementation in version info [2/2] help: include unsafe SHA-1 build info in version

Message ID

20250328170121.157563-1-jltobler@gmail.com (mailing list archive)

Headers

From: Justin Tobler <jltobler@gmail.com>
To: git@vger.kernel.org
Cc: christian.couder@gmail.com,
	Justin Tobler <jltobler@gmail.com>
Subject: [PATCH 0/2] help: include SHA build options in version info
Date: Fri, 28 Mar 2025 12:01:19 -0500
Message-ID: <20250328170121.157563-1-jltobler@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

help: include SHA build options in version info | expand

Message

Justin Tobler March 28, 2025, 5:01 p.m. UTC

Greetings,

Additional information regarding how Git was build can be found via the
`--build-options` flag for git-verison(1). This currectly does not
include information about the SHA-1 and SHA-256 implementations Git is
built with.

This short series adds build option info for the SHA-1, SHA-256, and
unsafe-SHA-1 (if any) implementations which may be useful for diagnostic
purposes.

Regarding "unsafe-SHA-1", I wonder if we should use a different name in
the printed build options that sounds a little less scary. I was
thinking maybe "fast-SHA-1" and document its meaning appropriately. I'm
interested to know if anyone has thoughts on this.

Thanks,
-Justin

Justin Tobler (2):
  help: include SHA implementation in version info
  help: include unsafe SHA-1 build info in version

 Documentation/git-version.adoc |  3 +++
 help.c                         | 36 ++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)


base-commit: 683c54c999c301c2cd6f715c411407c413b1d84e

Comments

Christian Couder March 29, 2025, 8:58 a.m. UTC | #1

On Fri, Mar 28, 2025 at 6:05 PM Justin Tobler <jltobler@gmail.com> wrote:
>
> Greetings,
>
> Additional information regarding how Git was build can be found via the

Maybe: s/build/built/

> `--build-options` flag for git-verison(1). This currectly does not

s/git-verison/git-version/
s/currectly/currently/

> include information about the SHA-1 and SHA-256 implementations Git is
> built with.
>
> This short series adds build option info for the SHA-1, SHA-256, and
> unsafe-SHA-1 (if any) implementations which may be useful for diagnostic
> purposes.
>
> Regarding "unsafe-SHA-1", I wonder if we should use a different name in
> the printed build options that sounds a little less scary. I was
> thinking maybe "fast-SHA-1" and document its meaning appropriately. I'm
> interested to know if anyone has thoughts on this.

Maybe we could use just "SHA-1" if a single algorithm is used for
everything, and both "SHA-1 for crypto" and "SHA-1 for non-crypto"
otherwise.

Related to this I wonder if we should warn in some ways if a non
collision detection algorithm is used for crypto. For example we could
print "SHA-1: OpenSSL (No collision detection!!!)" instead of just
"SHA-1: OpenSSL". And yeah that should be documented.

Thanks!

Justin Tobler March 31, 2025, 6:17 p.m. UTC | #2

On 25/03/29 09:58AM, Christian Couder wrote:
> On Fri, Mar 28, 2025 at 6:05 PM Justin Tobler <jltobler@gmail.com> wrote:
> > Regarding "unsafe-SHA-1", I wonder if we should use a different name in
> > the printed build options that sounds a little less scary. I was
> > thinking maybe "fast-SHA-1" and document its meaning appropriately. I'm
> > interested to know if anyone has thoughts on this.
> 
> Maybe we could use just "SHA-1" if a single algorithm is used for
> everything, and both "SHA-1 for crypto" and "SHA-1 for non-crypto"
> otherwise.

Maybe we could leave "SHA-1:" alone and when unsafe is set use
"non-crypto-SHA-1" instead of "unsafe-SHA-1"? It's a little wordy, but
probably not too bad.

> Related to this I wonder if we should warn in some ways if a non
> collision detection algorithm is used for crypto. For example we could
> print "SHA-1: OpenSSL (No collision detection!!!)" instead of just
> "SHA-1: OpenSSL". And yeah that should be documented.

Elsewhere in this thread it was suggested that we use the internal
symbol names instead of coming up with new human readable names [1].
I'll append this warning to the appropriate options as well though and
document it.

Thanks,
-Justin

[1]: <xmqq8qoodq5u.fsf@gitster.g>