RE: [bug #61594] suggest new $(hash ...) function

[rsbecker]

On November 30, 2021 11:37 PM, anonymous wrote:
> To: psmith@gnu.org; boris@kolpackov.net; bug-make@gnu.org
> Subject: [bug #61594] suggest new $(hash ...) function
> 
> URL:
>   <https://savannah.gnu.org/bugs/?61594>
> 
>                  Summary: suggest new $(hash ...) function
>                  Project: make
>             Submitted by: None
>             Submitted on: Wed 01 Dec 2021 04:36:41 AM UTC
>                 Severity: 3 - Normal
>               Item Group: Enhancement
>                   Status: None
>                  Privacy: Public
>              Assigned to: None
>              Open/Closed: Open
>          Discussion Lock: Any
>        Component Version: SCM
>         Operating System: None
>            Fixed Release: None
>            Triage Status: None
> 
>     _______________________________________________________
> 
> Details:
> 
> Historically there's been a certain amount of resistance to adding new native
> functions to GNU make but a few have come in lately so ... I wonder if the
> idea of providing a hashing function has been considered?
> 
> I'm not thinking of a cryptographically secure hash, just something that could
> be used as a convenient digital signature. The use case I'm thinking of in
> particular is the advanced topic of forcing rebuild on command-line changes,
> which of course requires stashing the previous command line for
> comparison.
> Unfortunately, in some cases command lines can be very long and ugly; in
> our case they're >2K chars apiece. Stashing these can be done, and in fact we
> do it, but it would be much nicer and simpler if a SHA-1 or similar signature
> could be stashed instead.
> 
> It seems relatively easy to implement and document, assuming the GNU
> hashing functions are available somehow. The question in my mind, if it was
> to go forward, would be whether to give it a specific name and nail down the
> algorithm, such as $(sha-3,$(data)), or a generic name like $(hash,$(data)).
> Historically every hashing algorithm has been superseded by a better one
> every few years, which argues for $(hash ...), but on the other hand it's not
> intended for security anyway so anything with a sufficiently infinitesimal
> collision rate would be fine and there might be value in being able to
> generate a known hash like SHA-1.
> 
> Just a thought. Close with prejudice if not interested.

I would suggest that adding cryptography to GNU Make would limit its reach. 
There are jurisdictions where it is questionable to import software containing 
any cryptography. In addition, there are numerous tools for doing what you 
want. Something along the lines, for example, of:

$(shell git hash-object obj)

Is a simple function that is already supported by GNU Make without having to 
introduce cryptography. This would make a lot more sense to me to keep hashing 
out of GNU Make.

Respectfully,
Randall