Merge pull request #6986 from libgit2/ethomson/warn_sha1

cmake: warn for not using sha1dc
2026-01-25 02:56:17 +00:00 · 2024-12-28 09:58:25 +00:00
parent d85c1a1b79 550cf62021
commit a8fbbf77b8
3 changed files with 15 additions and 0 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -150,3 +150,9 @@ endif()

 feature_summary(WHAT ENABLED_FEATURES DESCRIPTION "Enabled features:")
 feature_summary(WHAT DISABLED_FEATURES DESCRIPTION "Disabled features:")
+
+# warn for not using sha1dc
+
+foreach(WARNING ${WARNINGS})
+	message(WARNING ${WARNING})
+endforeach()
--- a/cmake/SelectHashes.cmake
+++ b/cmake/SelectHashes.cmake
@@ -112,3 +112,10 @@ endif()

 add_feature_info(SHA1 ON "using ${USE_SHA1}")
 add_feature_info(SHA256 ON "using ${USE_SHA256}")
+
+# warn for users who do not use sha1dc
+
+if(NOT "${USE_SHA1}" STREQUAL "CollisionDetection")
+	list(APPEND WARNINGS "SHA1 support is set to ${USE_SHA1} which is not recommended - git's hash algorithm is sha1dc, it is *not* SHA1. Using SHA1 may leave you and your users susceptible to SHAttered-style attacks.")
+	set(WARNINGS ${WARNINGS} PARENT_SCOPE)
+endif()
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -252,6 +252,8 @@ will introduce a number of breaking changes in v2.0:
  https://github.com/libgit2/libgit2/pull/6924
 * ci: port latest fixes to nightlies by @ethomson in
  https://github.com/libgit2/libgit2/pull/6926
+* cmake: warn for not using sha1dc by @ethomson in
+  https://github.com/libgit2/libgit2/pull/6986

 ### Documentation improvements