News for git-annex 6.20170228:

This version of git-annex has mitigations for SHA1 hash collision problems. A new annex.securehashesonly configuration, when used in combination with signed git commits, avoids potential hash collision problems in git-annex repositories. For details, see this web page: <https://git-annex.branchable.com/tips/using_signed_git_commits/>

git-annex 6.20170228 released with these changes

  • Cryptographically secure hashes can be forced to be used in a repository, by setting annex.securehashesonly. This does not prevent the git repository from containing links to insecure hashes, but it does prevent the content of such files from being added to .git/annex/objects by any method.
  • Tighten key parser to prevent SHA1 collision attacks generating two keys that have the same SHA1. (Only done for keys that contain a hash). This ensures that signed git commits of annexed files will remain secure, as long as git-annex is using a secure hashing backend.
  • fsck: Warn about any files whose content is present, that don't use secure hashes, when annex.securehashesonly is set.
  • init: When annex.securehashesonly has been set with git-annex config, copy that value to the annex.securehashesonly git config.
  • Added --securehash option to match files using a secure hash function, and corresponding securehash preferred content expression.
  • sync, merge: Fail when the current branch has no commits yet, instead of not merging in anything from remotes and appearing to succeed.
  • Run ssh with -n whenever input is not being piped into it, to avoid it consuming stdin that it shouldn't. This fixes git-annex-checkpresentkey --batch remote, which didn't output results for all keys passed into it. Other git-annex commands that communicate with a remote over ssh may also have been consuming stdin that they shouldn't have, which could have impacted using them in eg, shell scripts.
  • sync: Improve integration with receive.denyCurrentBranch=updateInstead, displaying error messages from the remote then it fails to update its checked out branch.
  • Added post-recieve hook, which makes updateInstead work with direct mode and adjusted branches.
  • init: Set up the post-receive hook.
  • sync: When syncing with a local repository located on a crippled filesystem, run the post-receive hook there, since it wouldn't get run otherwise. This makes pushing to repos on FAT-formatted removable drives update them when receive.denyCurrentBranch=updateInstead.
  • config group groupwanted numcopies schedule wanted required: Avoid displaying extraneous messages about repository auto-init, git-annex branch merging, etc, when being used to get information.
  • adjust: Fix behavior when used in a repository that contains submodules.
  • Run wget with -nv instead of -q, so it will display HTTP errors.
  • Run curl with -S, so HTTP errors are displayed, even when it's otherwise silent.
  • When downloading in --json or --quiet mode, use curl in preference to wget, since curl is able to display only errors to stderr, unlike wget.
  • status: Pass --ignore-submodules=when option on to git status.
  • config --set: As well as setting value in git-annex branch, set local gitconfig. This is needed especially for annex.securehashesonly, which is read only from local gitconfig and not the git-annex branch.
  • Removed support for building with the old cryptohash library. Building with that library made git-annex not support SHA3; it's time for that to always be supported in case SHA2 dominoes.
  • git-annex.cabal: Make crypto-api a dependency even when built w/o webapp and test suite.