0a12cc0e51
Git for Windows has a long track record of bogus virus scanner reports. In fact, all of the reports turned out to be false positives (which is not a surprise, given that the releases were always prepared on a trusted, dedicated VM). One blatant example is where precious development time was spent on verifying that Git for Windows 2.5.1's `/cmd/git-gui.exe` (that was reported as infected with a Trojan) differs from its /cmd/git.exe` (that was reported as *uninfected*) only in the four bytes in the header that indicate a GUI vs a console program. So obviously the virus scanner's logic was kind of questionable, otherwise it would have flagged either both or none. In the process of trying to work with (or against) virus scanner developers, the idea cropped up that signing the executables might make a difference. To facilitate testing this hypothesis, this script was written. It requires an API key of https://www.virustotal.com/ (registration required) to be put into the `$HOME/_netrc` file as machine api.virustotal.com password <your API key here> Sadly, the test demonstrated that the PortableGit-2.6.1-64-bit.7z.exe file was flagged by the 'Jiangmin' engine as being infected by 'Trojan/Blocker.aifm' while PortableGit-2.6.1-32-bit.7z.exe was flagged by the 'Ad-Aware' engine with the 'Gen:TrojanHeur.FU.iK0@ayy4a0ki' label. For 2.6.0, it is even worse. The 32-bit portable Git is flagged by both 'Ad-Aware' (as 'Gen:Trojan.Heur.FU.iK0@aij9DHai' and 'Qihoo-360' (as 'HEUR/QVM20.1.Malware.Gen'), yet the 64-bit portable Git goes scot free. These different findings make no sense whatsoever, given that the portable Git installers are all *identical* self-extractors with the `.7z` archive appended. So again, the engines should have flagged them all, or none. At least now we have an easy-to-use script so that future analyses might be taking less time away from what this developer is really here for: developing Git for Windows. This closes https://github.com/git-for-windows/git/issues/451 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
||
---|---|---|
7-Zip | ||
git-extra | ||
installer | ||
portable | ||
sdk-installer | ||
.gitignore | ||
README.md | ||
download-stats.sh | ||
git-for-windows.svg | ||
git-for-windows.xcf | ||
make-file-list.sh | ||
pacman-helper.sh | ||
post-install.bat | ||
send-to-virus-total.sh | ||
shears.sh | ||
upload-to-github.sh |
README.md
Build environment for Git for Windows
This is Git for Windows SDK, the build environment for Git for Windows.
The easiest way to install Git for Windows SDK is via the Git SDK installer. This installer will clone our repositories, including all the necessary components to build Git for Windows, and perform an initial build. It will also install a shortcut to the Git SDK Bash on the desktop.
To check out the build-extra
project in the Git SDK, issue the following commands in the Git SDK Bash:
cd /usr/src/build-extra
git fetch
git checkout master
Components of the Git for Windows SDK
The build environment brings all the necessary parts required to build a Git for Windows installer, or a portable Git for Windows ("portable" == "USB drive edition", i.e. you can run it without installing, from wherever it was unpacked).
Git for Windows
The most important part of Git for Windows is Git, obviously. The Git for Windows project maintains a friendly fork of the "upstream" Git project. The idea is that the Git for Windows repository serves as a test bed to develop patches and patch series that are specific to the Windows port, and once the patches stabilized, they are submitted upstream.
MSys2
Git is not a monolithic executable, but consists of a couple of executables written in C, a couple of Bash scripts, a couple of Perl scripts, and a couple of Tcl/Tk scripts. Some parts (not supported by Git for Windows yet) are written in other script languages, still.
To support those scripts, Git for Windows uses MSys2, a project providing a minimal POSIX emulation layer (based on Cygwin), a package management system (named "Pacman", borrowed from Arch Linux) and a number of packages that are kept up-to-date by an active team of maintainers, including Bash, Perl, Subversion, etc.
The difference between MSys2 and MinGW
MSys2 refers to the libraries and programs that use the POSIX emulation layer ("msys2 runtime", derived from Cygwin's cygwin1.dll
). It is very easy to port libraries and programs from Unix/Linux because most of the POSIX semantics is emulated reasonably well, for example the fork()
function. Bash and Perl are examples of MSys2 programs.
MinGW refers to libraries and programs that are compiled using GNU tools but do not require any POSIX semantics, instead relying on the standard Win32 API and the C runtime library. MinGW stands for "Minimal GNU for Windows". Examples: cURL (a library to talk to remote servers via HTTP(S), (S)FTP, etc), emacs, Inkscape, etc
The POSIX emulation layer of MSys2 binaries is convenient, but comes at a cost: Typically, MSys2 programs are noticably slower than their MinGW counterparts (if there are such counterparts). As a consequence, the Git for Windows project tries to provide as many components as possible as MinGW binaries.
MinGW packages
The MinGW packages are built from the MINGW-packages
repository which can be initialized in the Git SDK Bash via
cd /usr/src/MINGW-packages
git fetch
git checkout master
The packages inside the /usr/src/MINGW-packages/
directory can then be built by executing makepkg-mingw -s
in the appropriate subdirectory.
MinGW packages can be built for both i686
and x86_64
architectures at the same time by making sure that both toolchains are installed (pacman -Sy mingw-w64-i686-toolchain mingw-w64-x86_64-toolchain
) before running makepkg-mingw
.
MSys2 packages
The MSys2 packages are built from the MSYS2-packages
repository which can be initialized in the Git SDK Bash via
cd /usr/src/MSYS2-packages
git fetch
git checkout master
To build the packages inside the /usr/src/MSYS2-packages/
directory, the user has to launch a special shell by double-clicking the msys2_shell.bat
script in the top-level directory of the Git SDK, switch the working directory to the appropriate subdirectory of /usr/src/MSYS2-packages/
and then execute makepkg -s
. Before the first MSys2 package is built, the prerequisite development packages have to be installed by executing pacman -Sy base-devel binutils
.
Installer generators
The Git for Windows project aims to provide three different types of installers:
- Git for Windows for end users. The subdirectory
installer/
contains the files to generate this installer. - Portable Git for Windows for end users ("USB drive edition"). This installer is actually a self-extracting
.7z
archive, and can be generated using the files inportable/
. - The Git for Windows SDK for Git for Windows contributors. This is a complete development environment to build Git for Windows, including Git, Bash, cURL, etc (including these three installers, of course). The files to generate this installer live in
sdk-installer/
.
Support scripts/files
The build-extra
repository is also the home of other resources necessary to develop and maintain Git for Windows. For example, it contains the Git garden shears that help with updating Git for Windows' source code whenever new upstream Git versions are released ("merging rebase").