git.ipfire.org Git - thirdparty/git.git/commit

author	Ævar Arnfjörð Bjarmason <avarab@gmail.com>
	Thu, 15 Dec 2022 08:43:05 +0000 (09:43 +0100)
committer	Junio C Hamano <gitster@pobox.com>
	Thu, 15 Dec 2022 21:06:56 +0000 (06:06 +0900)
commit	35898ad24d83317135d7fdad601dc17375ac373e
tree	9bb4d2bb7c0699f3ea7161cf4efee5b2f9bae90a	tree
parent	c48035d29b4e524aed3a32f0403676f0d9128863	commit \| diff

Makefile: use sha1collisiondetection by default on OSX and Darwin

When the sha1collisiondetection library was added and made the default
in [1] the interaction with APPLE_COMMON_CRYPTO added in [2] and [3]
seems to have been missed. On modern OSX and Darwin we are able to use
Apple's CommonCrypto both for SHA-1, and as a generic (but partial)
OpenSSL replacement.

This left OSX and Darwin without protection against the SHAttered
attack when building Git in its default configuration.

Let's also use sha1collisiondetection on OSX, to do so we'll need to
split up the "APPLE_COMMON_CRYPTO" flag into that flag and a new
"APPLE_COMMON_CRYPTO_SHA1".

Because of this we can stop conflating whether we want to use Apple's
CommonCrypto at all, and whether we want to use it for SHA-1. This
makes the CI recipe added in [4] simpler.

1. e6b07da2780 (Makefile: make DC_SHA1 the default, 2017-03-17)
2. 4dcd7732db0 (Makefile: add support for Apple CommonCrypto facility, 2013-05-19)
3. 61067954ce1 (cache.h: eliminate SHA-1 deprecation warnings on Mac OS X, 2013-05-19)
4. 1ad5c3df35a (ci: use DC_SHA1=YesPlease on osx-clang job for CI,
2022-10-20)

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Makefile		diff \| blob \| blame \| history
ci/lib.sh		diff \| blob \| blame \| history