Presto, crypto, change-o: Git 2.29 goes into final leg of project’s SHA-256 transition


Version control system Git 2.29 is now available, fitting the Torvalds-spawn project with experimental SHA-256 support and negative refspecs, amongst other things.

The transition from SHA-1 to SHA-256 has been in the works for a couple of years now. The main motivation for the transition is that SHA-1 had made the project vulnerable to the so-called SHAttered attack, first presented to the public in February 2017. 

Git uses a hash function to name content like files or revisions to facilitate integrity checks, and allow signing them for added trust, amongst other things. In order to keep those qualities, the project first switched to a more secure SHA-1 implementation to mitigate any known risks, but soon looked into a transition to SHA-256, which seemed more prudent in the long run.

Git 2.29 is the first version of the tool that can be operated in SHA-256 mode. Before giving it a go, you need to enable the latter during the initialisation process by using the -object-format=sha256 option. 

Users have to be aware, however, that SHA-1 and SHA-256 repositories aren’t interoperable yet, so they’ll have to stick to one of the object formats in their repos. And to their own hosting solution for that matter, since GitHub, GitLab and Co aren’t done implementing their SHA-256 repo support yet.

Readers more interested in more practical enhancements could look into the new repair subcommand for git worktree, which is supposed to help users left with problems because they moved their worktrees or repositories manually, without telling version control. The worktree command also learned -d as a synonym for –detach to create a new worktree without being on a branch.

Commands like git fetch and git push have also gotten a bit more comfortable to use, since you can now use the ^ indicator to signal which references should be excluded. In earlier versions the only way to make that known was by setting up a list with everything to be included, which could make matters quite complicated. Untracked files can be included into a snapshot now using the –add-file option with git archive.

Other improvements include the new –first-parent option in git bisect to find the first breakage in a first-parent chain quicker, and the addition of git maintenance to take over maintenance tasks that aren’t limited to object database cleaning – the way git gc is, for example. 

More details and notes on fixes since the last release can be found in the project’s release notes.