From: brian m. carlson Date: Fri, 20 Jun 2025 01:19:42 +0000 (+0000) Subject: Enable SHA-256 by default in breaking changes mode X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=53554e53b35c112a8205a5ac211afff0f81a5fbd;p=thirdparty%2Fgit.git Enable SHA-256 by default in breaking changes mode Our document on breaking changes indicates that we intend to default to SHA-256 in Git 3.0. Since most people choose the default option, this is an important security upgrade to our defaults. To allow people to test this case, when WITH_BREAKING_CHANGES is set in the configuration, build Git with SHA-256 as the default hash. Update the testsuite to reflect this configuration so that the tests pass. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- diff --git a/hash.h b/hash.h index 0e14cade4e..144b53b7d6 100644 --- a/hash.h +++ b/hash.h @@ -174,8 +174,14 @@ static inline void git_SHA256_Clone(git_SHA256_CTX *dst, const git_SHA256_CTX *s #define GIT_HASH_SHA256 2 /* Number of algorithms supported (including unknown). */ #define GIT_HASH_NALGOS (GIT_HASH_SHA256 + 1) + /* Default hash algorithm if unspecified. */ +#ifdef WITH_BREAKING_CHANGES +#define GIT_HASH_DEFAULT GIT_HASH_SHA256 +#else #define GIT_HASH_DEFAULT GIT_HASH_SHA1 +#endif + /* Original hash algorithm. Implied for older data formats which don't specify. */ #define GIT_HASH_ORIGINAL GIT_HASH_SHA1 diff --git a/t/test-lib.sh b/t/test-lib.sh index be71890678..4cfa957e54 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -536,7 +536,12 @@ export GIT_COMMITTER_EMAIL GIT_COMMITTER_NAME export GIT_COMMITTER_DATE GIT_AUTHOR_DATE export EDITOR -GIT_TEST_BUILTIN_HASH=sha1 +if test -n "$WITH_BREAKING_CHANGES" +then + GIT_TEST_BUILTIN_HASH=sha256 +else + GIT_TEST_BUILTIN_HASH=sha1 +fi GIT_DEFAULT_HASH="${GIT_TEST_DEFAULT_HASH:-$GIT_TEST_BUILTIN_HASH}" export GIT_DEFAULT_HASH GIT_DEFAULT_REF_FORMAT="${GIT_TEST_DEFAULT_REF_FORMAT:-files}"