|
|
|
|
@ -4,8 +4,20 @@ all::
|
|
|
|
|
# Import tree-wide shared Makefile behavior and libraries
|
|
|
|
|
include shared.mak
|
|
|
|
|
|
|
|
|
|
# == Makefile defines ==
|
|
|
|
|
#
|
|
|
|
|
# These defines change the behavior of the Makefile itself, but have
|
|
|
|
|
# no impact on what it builds:
|
|
|
|
|
#
|
|
|
|
|
# Define V=1 to have a more verbose compile.
|
|
|
|
|
#
|
|
|
|
|
# == Portability and optional library defines ==
|
|
|
|
|
#
|
|
|
|
|
# These defines indicate what Git can expect from the OS, what
|
|
|
|
|
# libraries are available etc. Much of this is auto-detected in
|
|
|
|
|
# config.mak.uname, or in configure.ac when using the optional "make
|
|
|
|
|
# configure && ./configure" (see INSTALL).
|
|
|
|
|
#
|
|
|
|
|
# Define SHELL_PATH to a POSIX shell if your /bin/sh is broken.
|
|
|
|
|
#
|
|
|
|
|
# Define SANE_TOOL_PATH to a colon-separated list of paths to prepend
|
|
|
|
|
@ -30,68 +42,8 @@ include shared.mak
|
|
|
|
|
#
|
|
|
|
|
# Define NO_OPENSSL environment variable if you do not have OpenSSL.
|
|
|
|
|
#
|
|
|
|
|
# Define USE_LIBPCRE if you have and want to use libpcre. Various
|
|
|
|
|
# commands such as log and grep offer runtime options to use
|
|
|
|
|
# Perl-compatible regular expressions instead of standard or extended
|
|
|
|
|
# POSIX regular expressions.
|
|
|
|
|
#
|
|
|
|
|
# Only libpcre version 2 is supported. USE_LIBPCRE2 is a synonym for
|
|
|
|
|
# USE_LIBPCRE, support for the old USE_LIBPCRE1 has been removed.
|
|
|
|
|
#
|
|
|
|
|
# Define LIBPCREDIR=/foo/bar if your PCRE header and library files are
|
|
|
|
|
# in /foo/bar/include and /foo/bar/lib directories.
|
|
|
|
|
#
|
|
|
|
|
# Define HAVE_ALLOCA_H if you have working alloca(3) defined in that header.
|
|
|
|
|
#
|
|
|
|
|
# Define NO_CURL if you do not have libcurl installed. git-http-fetch and
|
|
|
|
|
# git-http-push are not built, and you cannot use http:// and https://
|
|
|
|
|
# transports (neither smart nor dumb).
|
|
|
|
|
#
|
|
|
|
|
# Define CURLDIR=/foo/bar if your curl header and library files are in
|
|
|
|
|
# /foo/bar/include and /foo/bar/lib directories.
|
|
|
|
|
#
|
|
|
|
|
# Define CURL_CONFIG to curl's configuration program that prints information
|
|
|
|
|
# about the library (e.g., its version number). The default is 'curl-config'.
|
|
|
|
|
#
|
|
|
|
|
# Define CURL_LDFLAGS to specify flags that you need to link when using libcurl,
|
|
|
|
|
# if you do not want to rely on the libraries provided by CURL_CONFIG. The
|
|
|
|
|
# default value is a result of `curl-config --libs`. An example value for
|
|
|
|
|
# CURL_LDFLAGS is as follows:
|
|
|
|
|
#
|
|
|
|
|
# CURL_LDFLAGS=-lcurl
|
|
|
|
|
#
|
|
|
|
|
# Define NO_EXPAT if you do not have expat installed. git-http-push is
|
|
|
|
|
# not built, and you cannot push using http:// and https:// transports (dumb).
|
|
|
|
|
#
|
|
|
|
|
# Define EXPATDIR=/foo/bar if your expat header and library files are in
|
|
|
|
|
# /foo/bar/include and /foo/bar/lib directories.
|
|
|
|
|
#
|
|
|
|
|
# Define EXPAT_NEEDS_XMLPARSE_H if you have an old version of expat (e.g.,
|
|
|
|
|
# 1.1 or 1.2) that provides xmlparse.h instead of expat.h.
|
|
|
|
|
#
|
|
|
|
|
# Define NO_GETTEXT if you don't want Git output to be translated.
|
|
|
|
|
# A translated Git requires GNU libintl or another gettext implementation,
|
|
|
|
|
# plus libintl-perl at runtime.
|
|
|
|
|
#
|
|
|
|
|
# Define USE_GETTEXT_SCHEME and set it to 'fallthrough', if you don't trust
|
|
|
|
|
# the installed gettext translation of the shell scripts output.
|
|
|
|
|
#
|
|
|
|
|
# Define HAVE_LIBCHARSET_H if you haven't set NO_GETTEXT and you can't
|
|
|
|
|
# trust the langinfo.h's nl_langinfo(CODESET) function to return the
|
|
|
|
|
# current character set. GNU and Solaris have a nl_langinfo(CODESET),
|
|
|
|
|
# FreeBSD can use either, but MinGW and some others need to use
|
|
|
|
|
# libcharset.h's locale_charset() instead.
|
|
|
|
|
#
|
|
|
|
|
# Define CHARSET_LIB to the library you need to link with in order to
|
|
|
|
|
# use locale_charset() function. On some platforms this needs to set to
|
|
|
|
|
# -lcharset, on others to -liconv .
|
|
|
|
|
#
|
|
|
|
|
# Define LIBC_CONTAINS_LIBINTL if your gettext implementation doesn't
|
|
|
|
|
# need -lintl when linking.
|
|
|
|
|
#
|
|
|
|
|
# Define NO_MSGFMT_EXTENDED_OPTIONS if your implementation of msgfmt
|
|
|
|
|
# doesn't support GNU extensions like --check and --statistics
|
|
|
|
|
#
|
|
|
|
|
# Define HAVE_PATHS_H if you have paths.h and want to use the default PATH
|
|
|
|
|
# it specifies.
|
|
|
|
|
#
|
|
|
|
|
@ -152,39 +104,6 @@ include shared.mak
|
|
|
|
|
# and do not want to use Apple's CommonCrypto library. This allows you
|
|
|
|
|
# to provide your own OpenSSL library, for example from MacPorts.
|
|
|
|
|
#
|
|
|
|
|
# Define BLK_SHA1 environment variable to make use of the bundled
|
|
|
|
|
# optimized C SHA1 routine.
|
|
|
|
|
#
|
|
|
|
|
# Define DC_SHA1 to unconditionally enable the collision-detecting sha1
|
|
|
|
|
# algorithm. This is slower, but may detect attempted collision attacks.
|
|
|
|
|
# Takes priority over other *_SHA1 knobs.
|
|
|
|
|
#
|
|
|
|
|
# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link
|
|
|
|
|
# git with the external SHA1 collision-detect library.
|
|
|
|
|
# Without this option, i.e. the default behavior is to build git with its
|
|
|
|
|
# own built-in code (or submodule).
|
|
|
|
|
#
|
|
|
|
|
# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the
|
|
|
|
|
# sha1collisiondetection shipped as a submodule instead of the
|
|
|
|
|
# non-submodule copy in sha1dc/. This is an experimental option used
|
|
|
|
|
# by the git project to migrate to using sha1collisiondetection as a
|
|
|
|
|
# submodule.
|
|
|
|
|
#
|
|
|
|
|
# Define OPENSSL_SHA1 environment variable when running make to link
|
|
|
|
|
# with the SHA1 routine from openssl library.
|
|
|
|
|
#
|
|
|
|
|
# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed
|
|
|
|
|
# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO
|
|
|
|
|
# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined.
|
|
|
|
|
#
|
|
|
|
|
# Define BLK_SHA256 to use the built-in SHA-256 routines.
|
|
|
|
|
#
|
|
|
|
|
# Define NETTLE_SHA256 to use the SHA-256 routines in libnettle.
|
|
|
|
|
#
|
|
|
|
|
# Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt.
|
|
|
|
|
#
|
|
|
|
|
# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL.
|
|
|
|
|
#
|
|
|
|
|
# Define NEEDS_CRYPTO_WITH_SSL if you need -lcrypto when using -lssl (Darwin).
|
|
|
|
|
#
|
|
|
|
|
# Define NEEDS_SSL_WITH_CRYPTO if you need -lssl when using -lcrypto (Darwin).
|
|
|
|
|
@ -490,6 +409,151 @@ include shared.mak
|
|
|
|
|
# to the "<name>" of the corresponding `compat/fsmonitor/fsm-settings-<name>.c`
|
|
|
|
|
# that implements the `fsm_os_settings__*()` routines.
|
|
|
|
|
#
|
|
|
|
|
# === Optional library: libintl ===
|
|
|
|
|
#
|
|
|
|
|
# Define NO_GETTEXT if you don't want Git output to be translated.
|
|
|
|
|
# A translated Git requires GNU libintl or another gettext implementation,
|
|
|
|
|
# plus libintl-perl at runtime.
|
|
|
|
|
#
|
|
|
|
|
# Define USE_GETTEXT_SCHEME and set it to 'fallthrough', if you don't trust
|
|
|
|
|
# the installed gettext translation of the shell scripts output.
|
|
|
|
|
#
|
|
|
|
|
# Define HAVE_LIBCHARSET_H if you haven't set NO_GETTEXT and you can't
|
|
|
|
|
# trust the langinfo.h's nl_langinfo(CODESET) function to return the
|
|
|
|
|
# current character set. GNU and Solaris have a nl_langinfo(CODESET),
|
|
|
|
|
# FreeBSD can use either, but MinGW and some others need to use
|
|
|
|
|
# libcharset.h's locale_charset() instead.
|
|
|
|
|
#
|
|
|
|
|
# Define CHARSET_LIB to the library you need to link with in order to
|
|
|
|
|
# use locale_charset() function. On some platforms this needs to set to
|
|
|
|
|
# -lcharset, on others to -liconv .
|
|
|
|
|
#
|
|
|
|
|
# Define LIBC_CONTAINS_LIBINTL if your gettext implementation doesn't
|
|
|
|
|
# need -lintl when linking.
|
|
|
|
|
#
|
|
|
|
|
# Define NO_MSGFMT_EXTENDED_OPTIONS if your implementation of msgfmt
|
|
|
|
|
# doesn't support GNU extensions like --check and --statistics
|
|
|
|
|
#
|
|
|
|
|
# === Optional library: libexpat ===
|
|
|
|
|
#
|
|
|
|
|
# Define NO_EXPAT if you do not have expat installed. git-http-push is
|
|
|
|
|
# not built, and you cannot push using http:// and https:// transports (dumb).
|
|
|
|
|
#
|
|
|
|
|
# Define EXPATDIR=/foo/bar if your expat header and library files are in
|
|
|
|
|
# /foo/bar/include and /foo/bar/lib directories.
|
|
|
|
|
#
|
|
|
|
|
# Define EXPAT_NEEDS_XMLPARSE_H if you have an old version of expat (e.g.,
|
|
|
|
|
# 1.1 or 1.2) that provides xmlparse.h instead of expat.h.
|
|
|
|
|
|
|
|
|
|
# === Optional library: libcurl ===
|
|
|
|
|
#
|
|
|
|
|
# Define NO_CURL if you do not have libcurl installed. git-http-fetch and
|
|
|
|
|
# git-http-push are not built, and you cannot use http:// and https://
|
|
|
|
|
# transports (neither smart nor dumb).
|
|
|
|
|
#
|
|
|
|
|
# Define CURLDIR=/foo/bar if your curl header and library files are in
|
|
|
|
|
# /foo/bar/include and /foo/bar/lib directories.
|
|
|
|
|
#
|
|
|
|
|
# Define CURL_CONFIG to curl's configuration program that prints information
|
|
|
|
|
# about the library (e.g., its version number). The default is 'curl-config'.
|
|
|
|
|
#
|
|
|
|
|
# Define CURL_LDFLAGS to specify flags that you need to link when using libcurl,
|
|
|
|
|
# if you do not want to rely on the libraries provided by CURL_CONFIG. The
|
|
|
|
|
# default value is a result of `curl-config --libs`. An example value for
|
|
|
|
|
# CURL_LDFLAGS is as follows:
|
|
|
|
|
#
|
|
|
|
|
# CURL_LDFLAGS=-lcurl
|
|
|
|
|
#
|
|
|
|
|
# === Optional library: libpcre2 ===
|
|
|
|
|
#
|
|
|
|
|
# Define USE_LIBPCRE if you have and want to use libpcre. Various
|
|
|
|
|
# commands such as log and grep offer runtime options to use
|
|
|
|
|
# Perl-compatible regular expressions instead of standard or extended
|
|
|
|
|
# POSIX regular expressions.
|
|
|
|
|
#
|
|
|
|
|
# Only libpcre version 2 is supported. USE_LIBPCRE2 is a synonym for
|
|
|
|
|
# USE_LIBPCRE, support for the old USE_LIBPCRE1 has been removed.
|
|
|
|
|
#
|
|
|
|
|
# Define LIBPCREDIR=/foo/bar if your PCRE header and library files are
|
|
|
|
|
# in /foo/bar/include and /foo/bar/lib directories.
|
|
|
|
|
#
|
|
|
|
|
# == SHA-1 and SHA-256 defines ==
|
|
|
|
|
#
|
|
|
|
|
# === SHA-1 backend ===
|
|
|
|
|
#
|
|
|
|
|
# ==== Security ====
|
|
|
|
|
#
|
|
|
|
|
# Due to the SHAttered (https://shattered.io) attack vector on SHA-1
|
|
|
|
|
# it's strongly recommended to use the sha1collisiondetection
|
|
|
|
|
# counter-cryptanalysis library for SHA-1 hashing.
|
|
|
|
|
#
|
|
|
|
|
# If you know that you can trust the repository contents, or where
|
|
|
|
|
# potential SHA-1 attacks are otherwise mitigated the other backends
|
|
|
|
|
# listed in "SHA-1 implementations" are faster than
|
|
|
|
|
# sha1collisiondetection.
|
|
|
|
|
#
|
|
|
|
|
# ==== Default SHA-1 backend ====
|
|
|
|
|
#
|
|
|
|
|
# If no *_SHA1 backend is picked, the first supported one listed in
|
|
|
|
|
# "SHA-1 implementations" will be picked.
|
|
|
|
|
#
|
|
|
|
|
# ==== Options common to all SHA-1 implementations ====
|
|
|
|
|
#
|
|
|
|
|
# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed
|
|
|
|
|
# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO
|
|
|
|
|
# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined.
|
|
|
|
|
#
|
|
|
|
|
# ==== SHA-1 implementations ====
|
|
|
|
|
#
|
|
|
|
|
# Define OPENSSL_SHA1 to link to the SHA-1 routines from the OpenSSL
|
|
|
|
|
# library.
|
|
|
|
|
#
|
|
|
|
|
# Define BLK_SHA1 to make use of optimized C SHA-1 routines bundled
|
|
|
|
|
# with git (in the block-sha1/ directory).
|
|
|
|
|
#
|
|
|
|
|
# Define NO_APPLE_COMMON_CRYPTO on OSX to opt-out of using the
|
|
|
|
|
# "APPLE_COMMON_CRYPTO" backend for SHA-1, which is currently the
|
|
|
|
|
# default on that OS. On macOS 01.4 (Tiger) or older,
|
|
|
|
|
# NO_APPLE_COMMON_CRYPTO is defined by default.
|
|
|
|
|
#
|
|
|
|
|
# If don't enable any of the *_SHA1 settings in this section, Git will
|
|
|
|
|
# default to its built-in sha1collisiondetection library, which is a
|
|
|
|
|
# collision-detecting sha1 This is slower, but may detect attempted
|
|
|
|
|
# collision attacks.
|
|
|
|
|
#
|
|
|
|
|
# ==== Options for the sha1collisiondetection library ====
|
|
|
|
|
#
|
|
|
|
|
# Define DC_SHA1_EXTERNAL if you want to build / link
|
|
|
|
|
# git with the external SHA1 collision-detect library.
|
|
|
|
|
# Without this option, i.e. the default behavior is to build git with its
|
|
|
|
|
# own built-in code (or submodule).
|
|
|
|
|
#
|
|
|
|
|
# Define DC_SHA1_SUBMODULE to use the
|
|
|
|
|
# sha1collisiondetection shipped as a submodule instead of the
|
|
|
|
|
# non-submodule copy in sha1dc/. This is an experimental option used
|
|
|
|
|
# by the git project to migrate to using sha1collisiondetection as a
|
|
|
|
|
# submodule.
|
|
|
|
|
#
|
|
|
|
|
# === SHA-256 backend ===
|
|
|
|
|
#
|
|
|
|
|
# ==== Security ====
|
|
|
|
|
#
|
|
|
|
|
# Unlike SHA-1 the SHA-256 algorithm does not suffer from any known
|
|
|
|
|
# vulnerabilities, so any implementation will do.
|
|
|
|
|
#
|
|
|
|
|
# ==== SHA-256 implementations ====
|
|
|
|
|
#
|
|
|
|
|
# Define OPENSSL_SHA256 to use the SHA-256 routines in OpenSSL.
|
|
|
|
|
#
|
|
|
|
|
# Define NETTLE_SHA256 to use the SHA-256 routines in libnettle.
|
|
|
|
|
#
|
|
|
|
|
# Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt.
|
|
|
|
|
#
|
|
|
|
|
# If don't enable any of the *_SHA256 settings in this section, Git
|
|
|
|
|
# will default to its built-in sha256 implementation.
|
|
|
|
|
#
|
|
|
|
|
# == DEVELOPER defines ==
|
|
|
|
|
#
|
|
|
|
|
# Define DEVELOPER to enable more compiler warnings. Compiler version
|
|
|
|
|
# and family are auto detected, but could be overridden by defining
|
|
|
|
|
# COMPILER_FEATURES (see config.mak.dev). You can still set
|
|
|
|
|
@ -1826,7 +1890,6 @@ ifdef APPLE_COMMON_CRYPTO
|
|
|
|
|
COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
|
|
|
|
|
BASIC_CFLAGS += -DSHA1_APPLE
|
|
|
|
|
else
|
|
|
|
|
DC_SHA1 := YesPlease
|
|
|
|
|
BASIC_CFLAGS += -DSHA1_DC
|
|
|
|
|
LIB_OBJS += sha1dc_git.o
|
|
|
|
|
ifdef DC_SHA1_EXTERNAL
|
|
|
|
|
@ -2989,7 +3052,6 @@ GIT-BUILD-OPTIONS: FORCE
|
|
|
|
|
@echo NO_REGEX=\''$(subst ','\'',$(subst ','\'',$(NO_REGEX)))'\' >>$@+
|
|
|
|
|
@echo NO_UNIX_SOCKETS=\''$(subst ','\'',$(subst ','\'',$(NO_UNIX_SOCKETS)))'\' >>$@+
|
|
|
|
|
@echo PAGER_ENV=\''$(subst ','\'',$(subst ','\'',$(PAGER_ENV)))'\' >>$@+
|
|
|
|
|
@echo DC_SHA1=\''$(subst ','\'',$(subst ','\'',$(DC_SHA1)))'\' >>$@+
|
|
|
|
|
@echo SANITIZE_LEAK=\''$(subst ','\'',$(subst ','\'',$(SANITIZE_LEAK)))'\' >>$@+
|
|
|
|
|
@echo SANITIZE_ADDRESS=\''$(subst ','\'',$(subst ','\'',$(SANITIZE_ADDRESS)))'\' >>$@+
|
|
|
|
|
@echo X=\'$(X)\' >>$@+
|
|
|
|
|
|
Taylor Blau