Fossil

Check-in [9a6256cf]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:For new Docker-generated repositories, use "auto" hash-policy as default: They might be synced with "sha1"-type repositories, this would render those repositories useless.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:9a6256cf0850e9c5a3a94da1cb6b464c0b4123ab
User & Date: jan.nijtmans 2017-03-06 12:48:02
Context
2017-03-06
12:52
Use "auto" hash-policy for new Docker repositories check-in: 3c9dc148 user: jan.nijtmans tags: trunk
12:48
For new Docker-generated repositories, use "auto" hash-policy as default: They might be synced with "sha1"-type repositories, this would render those repositories useless. check-in: 9a6256cf user: jan.nijtmans tags: trunk
00:08
Add a new hyperlink to the hash policy document. check-in: 907021af user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/db.c.

  1923   1923   */
  1924   1924   void create_repository_cmd(void){
  1925   1925     char *zPassword;
  1926   1926     const char *zTemplate;      /* Repository from which to copy settings */
  1927   1927     const char *zDate;          /* Date of the initial check-in */
  1928   1928     const char *zDefaultUser;   /* Optional name of the default user */
  1929   1929     int bUseSha1 = 0;           /* True to set the hash-policy to sha1 */
  1930         -  
         1930  +
  1931   1931   
  1932   1932     zTemplate = find_option("template",0,1);
  1933   1933     zDate = find_option("date-override",0,1);
  1934   1934     zDefaultUser = find_option("admin-user","A",1);
  1935   1935     bUseSha1 = find_option("sha1",0,0)!=0;
  1936   1936     /* We should be done with options.. */
  1937   1937     verify_all_options();
................................................................................
  1948   1948     db_open_repository(g.argv[2]);
  1949   1949     db_open_config(0, 0);
  1950   1950     if( zTemplate ) db_attach(zTemplate, "settingSrc");
  1951   1951     db_begin_transaction();
  1952   1952     if( bUseSha1 ){
  1953   1953       g.eHashPolicy = HPOLICY_SHA1;
  1954   1954       db_set_int("hash-policy", HPOLICY_SHA1, 0);
  1955         -  }      
         1955  +  }
  1956   1956     if( zDate==0 ) zDate = "now";
  1957   1957     db_initial_setup(zTemplate, zDate, zDefaultUser);
  1958   1958     db_end_transaction(0);
  1959   1959     if( zTemplate ) db_detach("settingSrc");
  1960   1960     fossil_print("project-id: %s\n", db_get("project-code", 0));
  1961   1961     fossil_print("server-id:  %s\n", db_get("server-code", 0));
  1962   1962     zPassword = db_text(0, "SELECT pw FROM user WHERE login=%Q", g.zLogin);

Changes to src/diffcmd.c.

   150    150   
   151    151   /*
   152    152   ** Show the difference between two files, one in memory and one on disk.
   153    153   **
   154    154   ** The difference is the set of edits needed to transform pFile1 into
   155    155   ** zFile2.  The content of pFile1 is in memory.  zFile2 exists on disk.
   156    156   **
   157         -** If fSwapDiff is 1, show the set of edits to transform zFile2 into pFile1 
          157  +** If fSwapDiff is 1, show the set of edits to transform zFile2 into pFile1
   158    158   ** instead of the opposite.
   159    159   **
   160    160   ** Use the internal diff logic if zDiffCmd is NULL.  Otherwise call the
   161    161   ** command zDiffCmd to do the diffing.
   162    162   **
   163    163   ** When using an external diff program, zBinGlob contains the GLOB patterns
   164    164   ** for file names to treat as binary.  If fIncludeBinary is zero, these files

Changes to src/encode.c.

   359    359       0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
   360    360       0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
   361    361       0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
   362    362       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
   363    363       0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
   364    364       0x00, 0x01, 0x02, 0x03, 0x00, 0x01, 0x00, 0x00,
   365    365     };
   366         -   
          366  +
   367    367     c = *((*pz)++);
   368    368     if( c>=0xc0 ){
   369    369       c = utf8Trans1[c-0xc0];
   370    370       while( (*(*pz) & 0xc0)==0x80 ){
   371    371         c = (c<<6) + (0x3f & *((*pz)++));
   372    372       }
   373    373       if( c<0x80

Changes to src/hname.c.

   160    160   ** just two hashes, but HNAME_COUNT is currently fixed at 2.)
   161    161   **
   162    162   ** Depending on the hash policy, the alternative hash may be disallowed.
   163    163   ** If the alterative hash is disallowed, the routine returns 0.  This
   164    164   ** routine returns 1 if iHType>0 and the alternative hash is allowed,
   165    165   ** and it always returns 1 when iHType==0.
   166    166   **
   167         -** Alternative hash is disallowed for all hash policies except sha1
   168         -** and sha3.  
          167  +** Alternative hash is disallowed for all hash policies except auto,
          168  +** sha1 and sha3.
   169    169   */
   170    170   int hname_hash(const Blob *pContent, unsigned int iHType, Blob *pHashOut){
   171    171     assert( iHType==0 || iHType==1 );
   172    172     if( iHType==1 ){
   173    173       switch( g.eHashPolicy ){
          174  +      case HPOLICY_AUTO:
   174    175         case HPOLICY_SHA1:
   175    176           sha3sum_blob(pContent, 256, pHashOut);
   176    177           return 1;
   177    178         case HPOLICY_SHA3:
   178    179           sha1sum_blob(pContent, pHashOut);
   179    180           return 1;
   180    181       }
................................................................................
   197    198   }
   198    199   
   199    200   /*
   200    201   ** Return the default hash policy for repositories that do not currently
   201    202   ** have an assigned hash policy.
   202    203   **
   203    204   ** Make the default HPOLICY_AUTO if there are SHA1 artficates but no SHA3
   204         -** artifacts in the repository.  Make the default HPOLICY_SHA3 if there 
          205  +** artifacts in the repository.  Make the default HPOLICY_SHA3 if there
   205    206   ** are one or more SHA3 artifacts or if the repository is initially empty.
   206    207   */
   207    208   int hname_default_policy(void){
   208         -  if( db_exists("SELECT 1 FROM blob WHERE length(uuid)>40") 
          209  +  if( db_exists("SELECT 1 FROM blob WHERE length(uuid)>40")
   209    210      || !db_exists("SELECT 1 FROM blob WHERE length(uuid)==40")
   210    211     ){
   211    212       return HPOLICY_SHA3;
   212    213     }else{
   213    214       return HPOLICY_AUTO;
   214    215     }
   215    216   }
   216    217   
   217    218   /*
   218         -** Names of the hash policies.  
          219  +** Names of the hash policies.
   219    220   */
   220    221   static const char *azPolicy[] = {
   221    222     "sha1", "auto", "sha3", "sha3-only", "shun-sha1"
   222    223   };
   223    224   
   224    225   /* Return the name of the current hash policy.
   225    226   */
................................................................................
   264    265     if( g.argc==2 ){
   265    266       fossil_print("%s\n", azPolicy[g.eHashPolicy]);
   266    267       return;
   267    268     }
   268    269     for(i=HPOLICY_SHA1; i<=HPOLICY_SHUN_SHA1; i++){
   269    270       if( fossil_strcmp(g.argv[2],azPolicy[i])==0 ){
   270    271         if( i==HPOLICY_AUTO
   271         -       && db_exists("SELECT 1 FROM blob WHERE length(uuid)>40") 
          272  +       && db_exists("SELECT 1 FROM blob WHERE length(uuid)>40")
   272    273         ){
   273    274           i = HPOLICY_SHA3;
   274         -      }   
          275  +      }
   275    276         g.eHashPolicy = i;
   276    277         db_set_int("hash-policy", i, 0);
   277    278         fossil_print("%s\n", azPolicy[i]);
   278    279         return;
   279    280       }
   280    281     }
   281    282     fossil_fatal("unknown hash policy \"%s\" - should be one of: sha1 auto"
   282    283                  " sha3 sha3-only shun-sha1", g.argv[2]);
   283    284   }

Changes to src/stash.c.

   427    427   **     List all changes sets currently stashed.  Show information about
   428    428   **     individual files in each changeset if -v or --verbose is used.
   429    429   **
   430    430   **  fossil stash show|cat ?STASHID? ?DIFF-OPTIONS?
   431    431   **  fossil stash gshow|gcat ?STASHID? ?DIFF-OPTIONS?
   432    432   **
   433    433   **     Show the contents of a stash as a diff against it's baseline.
   434         -**     With gshow and gcat, gdiff-command is used instead of internal 
          434  +**     With gshow and gcat, gdiff-command is used instead of internal
   435    435   **     diff logic.
   436    436   **
   437    437   **  fossil stash pop
   438    438   **  fossil stash apply ?STASHID?
   439    439   **
   440    440   **     Apply STASHID or the most recently create stash to the current
   441    441   **     working checkout.  The "pop" command deletes that changeset from
................................................................................
   454    454   **     -a|--all flag is used.  Individual drops are undoable but -a|--all
   455    455   **     is not.
   456    456   **
   457    457   **  fossil stash diff ?STASHID? ?DIFF-OPTIONS?
   458    458   **  fossil stash gdiff ?STASHID? ?DIFF-OPTIONS?
   459    459   **
   460    460   **     Show diffs of the current working directory and what that
   461         -**     directory would be if STASHID were applied. With gdiff, 
          461  +**     directory would be if STASHID were applied. With gdiff,
   462    462   **     gdiff-command is used instead of internal diff logic.
   463    463   **
   464    464   ** SUMMARY:
   465    465   **  fossil stash
   466    466   **  fossil stash save ?-m|--comment COMMENT? ?FILES...?
   467    467   **  fossil stash snapshot ?-m|--comment COMMENT? ?FILES...?
   468    468   **  fossil stash list|ls ?-v|--verbose? ?-W|--width <num>?
................................................................................
   657    657      || memcmp(zCmd, "gshow", nCmd)==0
   658    658      || memcmp(zCmd, "cat", nCmd)==0
   659    659      || memcmp(zCmd, "gcat", nCmd)==0
   660    660     ){
   661    661       const char *zDiffCmd = 0;
   662    662       const char *zBinGlob = 0;
   663    663       int fIncludeBinary = 0;
   664         -    int fBaseline = 0; 
          664  +    int fBaseline = 0;
   665    665       u64 diffFlags;
   666    666   
   667    667       if( strstr(zCmd,"show")!=0 || strstr(zCmd,"cat")!=0 ){
   668    668         fBaseline = 1;
   669    669       }
   670    670       if( find_option("tk",0,0)!=0 ){
   671    671         db_close(0);

Changes to www/hashpolicy.wiki.

     1      1   <title>Hash Policy</title>
     2      2   
     3      3   <h2> Executive Summary, Or How To Avoid Reading This Article </h2>
     4      4   
     5      5   There is much angst over the [http://www.shattered.io|Shattered attack]
     6      6   against SHA1.  If you are concerned about this and its implications for
     7      7   Fossil, simply upgrade to Fossil 2.0 or later and the problem will go away.
     8         -Everything will continue to work as before.  All of your legacy repositories 
     9         -will continue to work and all of your old check-ins will still have the 
            8  +Everything will continue to work as before.  All of your legacy repositories
            9  +will continue to work and all of your old check-ins will still have the
    10     10   same name.  Your workflow will be unchanged.
    11     11   
    12     12   But if you are curious and want a deeper understanding of what is
    13     13   going on, read on...
    14     14   
    15     15   
    16     16   <h2> Introduction </h2>
    17     17   
    18         -The first snapshot-based distributed version control system 
           18  +The first snapshot-based distributed version control system
    19     19   was [http://www.monotone.ca|Monotone].  Many of the ideas behind the design
    20     20   of Fossil were copied from Monotone, including the use of a SHA1 hash to
    21     21   assign names to artifacts.  Git and Mercurial did the same thing.
    22     22   
    23     23   The SHA1 hash algorithm is used only to create names for artifacts in Fossil
    24     24   (and in Git, Mercurial, and Monotone).  It is not used for security.
    25     25   Nevertheless, when the [http://www.shattered.io|Shattered attack] found
................................................................................
    29     29   not true, but it is a public relations problem.  So the decision
    30     30   was made to migrate Fossil away from SHA1.
    31     31   
    32     32   This article describes how that migration is occurring.
    33     33   
    34     34   <h2>Use Of Hardened SHA1</h2>
    35     35   
    36         -In Fossil version 2.0 ([/timeline?c=version-2.0|2017-03-03]), 
           36  +In Fossil version 2.0 ([/timeline?c=version-2.0|2017-03-03]),
    37     37   the internal SHA1 implementation was changed from a generic
    38     38   FIPS PUB 180-4 SHA1 implementation to a "Hardened SHA1"
    39     39   &#91;[https://github.com/cr-marcstevens/sha1collisiondetection|1]&#93;
    40     40   &#91;[https://marc-stevens.nl/research/papers/C13-S.pdf|2]&#93;.
    41     41   
    42     42   The Hardened SHA1 implement automatically detects when the artifact
    43     43   being hashed is specifically designed to exploit the known weaknesses
................................................................................
    59     59   someone says "SHA1 is broken, and Fossil uses SHA1, therefore Fossil is
    60     60   broken", you can rebut the argument by pointing out that Fossil uses
    61     61   <em>Hardened SHA1</em> not generic SHA1 and Hardened SHA1 is <em>not</em>
    62     62   broken.
    63     63   
    64     64   <h2>Support For SHA3-256</h2>
    65     65   
    66         -Prior to Fossil version 2.0 ([/timeline?c=version-2.0|2017-03-03]), 
           66  +Prior to Fossil version 2.0 ([/timeline?c=version-2.0|2017-03-03]),
    67     67   all artifacts in all Fossil repositories were named
    68     68   by only a SHA1 hash.
    69     69   Version 2.0 extended the [./fileformat.wiki|Fossil file format]
    70     70   to allow artifacts to be named by either SHA1 or SHA3-256 hashes.
    71     71   (SHA3-256 is the only variant of SHA3 that
    72     72   Fossil uses for artifact naming, so for the remainder of this article
    73     73   it will be called simply "SHA3".  Similarly, "Hardened SHA1" will
................................................................................
   135    135   seen, Fossil automatically switches to "sha3" mode and thereafter generates
   136    136   only SHA3 hashes.
   137    137   
   138    138   When a new repository is created by cloning, the hash policy is copied
   139    139   from the parent.
   140    140   
   141    141   For new repositories created using the
   142         -[/help?cmd=new|fossil new] command the default hash policy is "sha3".  
          142  +[/help?cmd=new|fossil new] command the default hash policy is "sha3".
   143    143   That means new repositories
   144    144   will normally hold nothing except SHA3 hashes.  The hash policy for new
   145    145   repositories can be overridden using the "--sha1" option to the
   146    146   "fossil new" command.
   147    147   
   148    148   Even after upgrading to Fossil 2.1, Fossil will continue to use nothing
   149         -but SHA1 hashes on legacy repositories, thus preserving complete 
   150         -compatibility with Fossil 1.37 and before.  If you want Fossil to go 
          149  +but SHA1 hashes on legacy repositories, thus preserving complete
          150  +compatibility with Fossil 1.37 and before.  If you want Fossil to go
   151    151   ahead and start using SHA3 hashes, change the hash policy to
   152    152   "sha3" using a command like this:
   153    153   
   154    154   <blockquote><verbatim>
   155    155   fossil hash-policy sha3
   156    156   </verbatim></blockquote>
   157    157