Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2016-04-30 23:30:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-tls"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2016-01-08
15:22:41.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2016-04-30
23:30:42.000000000 +0200
@@ -1,0 +2,9 @@
+Sun Apr 10 19:02:03 UTC 2016 - mimi...@gmail.com
+
+- update to 1.3.5
+* Fix a bug with ECDHE based cipher where serialization
+* Improve tests
+* Debugging: Add a way to print random seed and a way to side-load
+ a seed for replayability
+
+-------------------------------------------------------------------
Old:
----
tls-1.3.4.tar.gz
New:
----
tls-1.3.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-tls.spec ++++++
--- /var/tmp/diff_new_pack.0jmYOG/_old 2016-04-30 23:30:43.000000000 +0200
+++ /var/tmp/diff_new_pack.0jmYOG/_new 2016-04-30 23:30:43.000000000 +0200
@@ -21,7 +21,7 @@
%bcond_with tests
Name: ghc-tls
-Version: 1.3.4
+Version: 1.3.5
Release: 0
Summary: TLS/SSL protocol native implementation (Server and Client)
License: BSD-3-Clause
++++++ tls-1.3.4.tar.gz -> tls-1.3.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Benchmarks/Benchmarks.hs
new/tls-1.3.5/Benchmarks/Benchmarks.hs
--- old/tls-1.3.4/Benchmarks/Benchmarks.hs 2015-12-12 15:51:40.000000000
+0100
+++ new/tls-1.3.5/Benchmarks/Benchmarks.hs 2016-04-09 15:47:25.000000000
+0200
@@ -35,7 +35,7 @@
}
(pubKey, privKey) = getGlobalRSAPair
-runTLSPipe params tlsServer tlsClient d name = bench name $ do
+runTLSPipe params tlsServer tlsClient d name = bench name . nfIO $ do
(startQueue, resultQueue) <- establishDataPipe params tlsServer tlsClient
writeChan startQueue d
readChan resultQueue
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/CHANGELOG.md new/tls-1.3.5/CHANGELOG.md
--- old/tls-1.3.4/CHANGELOG.md 2015-12-12 15:51:40.000000000 +0100
+++ new/tls-1.3.5/CHANGELOG.md 2016-04-09 15:47:25.000000000 +0200
@@ -1,3 +1,17 @@
+## Version 1.3.5
+
+- Fix a bug with ECDHE based cipher where serialization
+- Debugging: Add a way to print random seed and a way to side-load a seed for
replayability
+- Improve tests
+
+## Version 1.3.4
+
+- Fix tests on 32 bits `time_t` machines (time not within bound)
+- VirtualHost: Add a way to load credentials related to the hostname used by
the client (Julian Beaumont)
+- VirtualHost: Expose an API to query which hostname the client has contacted
(Julian Beaumont)
+- Add a way to disable empty packet that are use for security when
+ using old versions + old CBC based cipher (Anton Dessiatov)
+
## Version 1.3.3
- Add support for Hans (Haskell Network Stack) (Adam Wick)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Context.hs
new/tls-1.3.5/Network/TLS/Context.hs
--- old/tls-1.3.4/Network/TLS/Context.hs 2015-12-12 15:51:40.000000000
+0100
+++ new/tls-1.3.5/Network/TLS/Context.hs 2016-04-09 15:47:25.000000000
+0200
@@ -98,6 +98,7 @@
instance TLSParams ClientParams where
getTLSCommonParams cparams = ( clientSupported cparams
, clientShared cparams
+ , clientDebug cparams
)
getTLSRole _ = ClientRole
getCiphers cparams = supportedCiphers $ clientSupported cparams
@@ -107,6 +108,7 @@
instance TLSParams ServerParams where
getTLSCommonParams sparams = ( serverSupported sparams
, serverShared sparams
+ , serverDebug sparams
)
getTLSRole _ = ServerRole
-- on the server we filter our allowed ciphers here according
@@ -144,11 +146,17 @@
contextNew backend params = liftIO $ do
initializeBackend backend
- rng <- newStateRNG
+ let (supported, shared, debug) = getTLSCommonParams params
+
+ seed <- case debugSeed debug of
+ Nothing -> do seed <- seedNew
+ debugPrintSeed debug $ seed
+ return seed
+ Just determ -> return determ
+ let rng = newStateRNG seed
let role = getTLSRole params
st = newTLSState rng role
- (supported, shared) = getTLSCommonParams params
ciphers = getCiphers params
when (null ciphers) $ error "no ciphers available with those parameters"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Crypto/DH.hs
new/tls-1.3.5/Network/TLS/Crypto/DH.hs
--- old/tls-1.3.4/Network/TLS/Crypto/DH.hs 2015-12-12 15:51:40.000000000
+0100
+++ new/tls-1.3.5/Network/TLS/Crypto/DH.hs 2016-04-09 15:47:25.000000000
+0200
@@ -17,15 +17,14 @@
, dhUnwrapPublic
) where
-import Network.TLS.Util.Serialization (i2osp)
import qualified Crypto.PubKey.DH as DH
-import Network.TLS.RNG
-import Data.ByteString (ByteString)
+import Crypto.Number.Basic (numBits)
+import Network.TLS.RNG
type DHPublic = DH.PublicNumber
type DHPrivate = DH.PrivateNumber
type DHParams = DH.Params
-type DHKey = ByteString
+type DHKey = DH.SharedKey
dhPublic :: Integer -> DHPublic
dhPublic = DH.PublicNumber
@@ -34,7 +33,7 @@
dhPrivate = DH.PrivateNumber
dhParams :: Integer -> Integer -> DHParams
-dhParams = DH.Params
+dhParams p g = DH.Params p g (numBits p)
dhGenerateKeyPair :: MonadRandom r => DHParams -> r (DHPrivate, DHPublic)
dhGenerateKeyPair params = do
@@ -43,18 +42,16 @@
return (priv, pub)
dhGetShared :: DHParams -> DHPrivate -> DHPublic -> DHKey
-dhGetShared params priv pub =
- let (DH.SharedKey sk) = DH.getShared params priv pub
- in i2osp sk
+dhGetShared params priv pub = DH.getShared params priv pub
dhUnwrap :: DHParams -> DHPublic -> [Integer]
-dhUnwrap (DH.Params p g) (DH.PublicNumber y) = [p,g,y]
+dhUnwrap (DH.Params p g _) (DH.PublicNumber y) = [p,g,y]
dhParamsGetP :: DHParams -> Integer
-dhParamsGetP (DH.Params p _) = p
+dhParamsGetP (DH.Params p _ _) = p
dhParamsGetG :: DHParams -> Integer
-dhParamsGetG (DH.Params _ g) = g
+dhParamsGetG (DH.Params _ g _) = g
dhUnwrapPublic :: DHPublic -> Integer
dhUnwrapPublic (DH.PublicNumber y) = y
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Crypto/ECDH.hs
new/tls-1.3.5/Network/TLS/Crypto/ECDH.hs
--- old/tls-1.3.4/Network/TLS/Crypto/ECDH.hs 2015-12-12 15:51:40.000000000
+0100
+++ new/tls-1.3.5/Network/TLS/Crypto/ECDH.hs 2016-04-09 15:47:25.000000000
+0200
@@ -15,13 +15,12 @@
, ecdhUnwrapPublic
) where
-import Network.TLS.Util.Serialization (i2osp, lengthBytes)
+import Network.TLS.Util.Serialization (lengthBytes)
import Network.TLS.Extension.EC
import qualified Crypto.PubKey.ECC.DH as ECDH
import qualified Crypto.PubKey.ECC.Types as ECDH
import qualified Crypto.PubKey.ECC.Prim as ECC (isPointValid)
import Network.TLS.RNG
-import Data.ByteString (ByteString)
import Data.Word (Word16)
data ECDHPublic = ECDHPublic ECDH.PublicPoint Int {- byte size -}
@@ -31,7 +30,7 @@
data ECDHParams = ECDHParams ECDH.Curve ECDH.CurveName deriving (Show,Eq)
-type ECDHKey = ByteString
+type ECDHKey = ECDH.SharedKey
ecdhPublic :: Integer -> Integer -> Int -> ECDHPublic
ecdhPublic x y siz = ECDHPublic (ECDH.Point x y) siz
@@ -55,11 +54,8 @@
ecdhGetShared :: ECDHParams -> ECDHPrivate -> ECDHPublic -> Maybe ECDHKey
ecdhGetShared (ECDHParams curve _) (ECDHPrivate priv) (ECDHPublic point _)
- | ECC.isPointValid curve point =
- let ECDH.SharedKey sk = ECDH.getShared curve priv point
- in Just $ i2osp sk
- | otherwise =
- Nothing
+ | ECC.isPointValid curve point = Just $ ECDH.getShared curve priv point
+ | otherwise = Nothing
-- for server key exchange
ecdhUnwrap :: ECDHParams -> ECDHPublic -> (Word16,Integer,Integer,Int)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Extra/Cipher.hs
new/tls-1.3.5/Network/TLS/Extra/Cipher.hs
--- old/tls-1.3.4/Network/TLS/Extra/Cipher.hs 2015-12-12 15:51:40.000000000
+0100
+++ new/tls-1.3.5/Network/TLS/Extra/Cipher.hs 2016-04-09 15:47:25.000000000
+0200
@@ -98,10 +98,10 @@
tripledes_ede :: BulkDirection -> BulkKey -> BulkBlock
tripledes_ede BulkEncrypt key =
let ctx = noFail $ cipherInit key
- in (\iv input -> let output = cbcEncrypt ctx (tripledes_iv iv) input in
(output, takelast 16 output))
+ in (\iv input -> let output = cbcEncrypt ctx (tripledes_iv iv) input in
(output, takelast 8 output))
tripledes_ede BulkDecrypt key =
let ctx = noFail $ cipherInit key
- in (\iv input -> let output = cbcDecrypt ctx (tripledes_iv iv) input in
(output, takelast 16 input))
+ in (\iv input -> let output = cbcDecrypt ctx (tripledes_iv iv) input in
(output, takelast 8 input))
tripledes_iv :: BulkIV -> IV DES_EDE3
tripledes_iv iv = maybe (error "tripledes cipher iv internal error") id $
makeIV iv
@@ -262,7 +262,7 @@
cipher_AES128_SHA1 :: Cipher
cipher_AES128_SHA1 = Cipher
{ cipherID = 0x2f
- , cipherName = "RSA-aes128-sha1"
+ , cipherName = "RSA-AES128-SHA1"
, cipherBulk = bulk_aes128
, cipherHash = SHA1
, cipherKeyExchange = CipherKeyExchange_RSA
@@ -273,7 +273,7 @@
cipher_AES256_SHA1 :: Cipher
cipher_AES256_SHA1 = Cipher
{ cipherID = 0x35
- , cipherName = "RSA-aes256-sha1"
+ , cipherName = "RSA-AES256-SHA1"
, cipherBulk = bulk_aes256
, cipherHash = SHA1
, cipherKeyExchange = CipherKeyExchange_RSA
@@ -284,7 +284,7 @@
cipher_AES128_SHA256 :: Cipher
cipher_AES128_SHA256 = Cipher
{ cipherID = 0x3c
- , cipherName = "RSA-aes128-sha256"
+ , cipherName = "RSA-AES128-SHA256"
, cipherBulk = bulk_aes128
, cipherHash = SHA256
, cipherKeyExchange = CipherKeyExchange_RSA
@@ -295,7 +295,7 @@
cipher_AES256_SHA256 :: Cipher
cipher_AES256_SHA256 = Cipher
{ cipherID = 0x3d
- , cipherName = "RSA-aes256-sha256"
+ , cipherName = "RSA-AES256-SHA256"
, cipherBulk = bulk_aes256
, cipherHash = SHA256
, cipherKeyExchange = CipherKeyExchange_RSA
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Handshake/Server.hs
new/tls-1.3.5/Network/TLS/Handshake/Server.hs
--- old/tls-1.3.4/Network/TLS/Handshake/Server.hs 2015-12-12
15:51:40.000000000 +0100
+++ new/tls-1.3.5/Network/TLS/Handshake/Server.hs 2016-04-09
15:47:25.000000000 +0200
@@ -327,7 +327,7 @@
signed <- digitallySignECDHParams ctx serverParams sigAlg
case sigAlg of
SignatureRSA -> return $ SKX_ECDHE_RSA serverParams signed
- _ -> error ("generate skx_dhe unsupported signature
type: " ++ show sigAlg)
+ _ -> error ("generate skx_ecdhe unsupported
signature type: " ++ show sigAlg)
-- create a DigitallySigned objects for DHParams or ECDHParams.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Handshake/State.hs
new/tls-1.3.5/Network/TLS/Handshake/State.hs
--- old/tls-1.3.4/Network/TLS/Handshake/State.hs 2015-12-12
15:51:40.000000000 +0100
+++ new/tls-1.3.5/Network/TLS/Handshake/State.hs 2016-04-09
15:47:25.000000000 +0200
@@ -54,6 +54,7 @@
import Control.Applicative (Applicative, (<$>))
import Control.Monad.State
import Data.X509 (CertificateChain)
+import Data.ByteArray (ByteArrayAccess)
data HandshakeKeyState = HandshakeKeyState
{ hksRemotePublicKey :: !(Maybe PubKey)
@@ -194,9 +195,10 @@
| otherwise = generateServerFinished
-- | Generate the master secret from the pre master secret.
-setMasterSecretFromPre :: Version -- ^ chosen transmission version
- -> Role -- ^ the role (Client or Server) of the
generating side
- -> Bytes -- ^ the pre master secret
+setMasterSecretFromPre :: ByteArrayAccess preMaster
+ => Version -- ^ chosen transmission version
+ -> Role -- ^ the role (Client or Server) of the
generating side
+ -> preMaster -- ^ the pre master secret
-> HandshakeM ()
setMasterSecretFromPre ver role premasterSecret = do
secret <- genSecret <$> get
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Packet.hs
new/tls-1.3.5/Network/TLS/Packet.hs
--- old/tls-1.3.4/Network/TLS/Packet.hs 2015-12-12 15:51:40.000000000 +0100
+++ new/tls-1.3.5/Network/TLS/Packet.hs 2016-04-09 15:47:25.000000000 +0200
@@ -76,6 +76,8 @@
import Data.ByteString (ByteString)
import qualified Data.ByteString as B
import qualified Data.ByteString.Char8 as BC
+import Data.ByteArray (ByteArrayAccess)
+import qualified Data.ByteArray as B (convert)
data CurrentParams = CurrentParams
{ cParamsVersion :: Version -- ^ current protocol
version
@@ -579,18 +581,18 @@
-}
type PRF = Bytes -> Bytes -> Int -> Bytes
-generateMasterSecret_SSL :: Bytes -> ClientRandom -> ServerRandom -> Bytes
+generateMasterSecret_SSL :: ByteArrayAccess preMaster => preMaster ->
ClientRandom -> ServerRandom -> Bytes
generateMasterSecret_SSL premasterSecret (ClientRandom c) (ServerRandom s) =
B.concat $ map (computeMD5) ["A","BB","CCC"]
- where computeMD5 label = hash MD5 $ B.concat [ premasterSecret, computeSHA1
label ]
- computeSHA1 label = hash SHA1 $ B.concat [ label, premasterSecret, c,
s ]
+ where computeMD5 label = hash MD5 $ B.concat [ B.convert premasterSecret,
computeSHA1 label ]
+ computeSHA1 label = hash SHA1 $ B.concat [ label, B.convert
premasterSecret, c, s ]
-generateMasterSecret_TLS :: PRF -> Bytes -> ClientRandom -> ServerRandom ->
Bytes
+generateMasterSecret_TLS :: ByteArrayAccess preMaster => PRF -> preMaster ->
ClientRandom -> ServerRandom -> Bytes
generateMasterSecret_TLS prf premasterSecret (ClientRandom c) (ServerRandom s)
=
- prf premasterSecret seed 48
+ prf (B.convert premasterSecret) seed 48
where seed = B.concat [ "master secret", c, s ]
-generateMasterSecret :: Version -> Bytes -> ClientRandom -> ServerRandom ->
Bytes
+generateMasterSecret :: ByteArrayAccess preMaster => Version -> preMaster ->
ClientRandom -> ServerRandom -> Bytes
generateMasterSecret SSL2 = generateMasterSecret_SSL
generateMasterSecret SSL3 = generateMasterSecret_SSL
generateMasterSecret TLS10 = generateMasterSecret_TLS prf_MD5SHA1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Parameters.hs
new/tls-1.3.5/Network/TLS/Parameters.hs
--- old/tls-1.3.4/Network/TLS/Parameters.hs 2015-12-12 15:51:40.000000000
+0100
+++ new/tls-1.3.5/Network/TLS/Parameters.hs 2016-04-09 15:47:25.000000000
+0200
@@ -10,6 +10,7 @@
ClientParams(..)
, ServerParams(..)
, CommonParams
+ , DebugParams(..)
, ClientHooks(..)
, ServerHooks(..)
, Supported(..)
@@ -32,13 +33,37 @@
import Network.TLS.Crypto
import Network.TLS.Credentials
import Network.TLS.X509
+import Network.TLS.RNG (Seed)
import Data.Monoid
import Data.Default.Class
import qualified Data.ByteString as B
type HostName = String
-type CommonParams = (Supported, Shared)
+type CommonParams = (Supported, Shared, DebugParams)
+
+-- | All settings should not be used in production
+data DebugParams = DebugParams
+ {
+ -- | Disable the true randomness in favor of deterministic seed that
will produce
+ -- a deterministic random from. This is useful for tests and debugging
purpose.
+ -- Do not use in production
+ debugSeed :: Maybe Seed
+ -- | Add a way to print the seed that was randomly generated. re-using
the same seed
+ -- will reproduce the same randomness with 'debugSeed'
+ , debugPrintSeed :: Seed -> IO ()
+ }
+
+defaultDebugParams :: DebugParams
+defaultDebugParams = DebugParams
+ { debugSeed = Nothing
+ , debugPrintSeed = const (return ())
+ }
+
+instance Show DebugParams where
+ show _ = "DebugParams"
+instance Default DebugParams where
+ def = defaultDebugParams
data ClientParams = ClientParams
{ clientUseMaxFragmentLength :: Maybe MaxFragmentEnum
@@ -60,6 +85,7 @@
, clientShared :: Shared
, clientHooks :: ClientHooks
, clientSupported :: Supported
+ , clientDebug :: DebugParams
} deriving (Show)
defaultParamsClient :: HostName -> Bytes -> ClientParams
@@ -71,6 +97,7 @@
, clientShared = def
, clientHooks = def
, clientSupported = def
+ , clientDebug = defaultDebugParams
}
data ServerParams = ServerParams
@@ -89,6 +116,7 @@
, serverShared :: Shared
, serverHooks :: ServerHooks
, serverSupported :: Supported
+ , serverDebug :: DebugParams
} deriving (Show)
defaultParamsServer :: ServerParams
@@ -99,6 +127,7 @@
, serverHooks = def
, serverShared = def
, serverSupported = def
+ , serverDebug = defaultDebugParams
}
instance Default ServerParams where
@@ -275,6 +304,6 @@
}
instance Show ServerHooks where
- show _ = "ClientHooks"
+ show _ = "ServerHooks"
instance Default ServerHooks where
def = defaultServerHooks
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS/RNG.hs
new/tls-1.3.5/Network/TLS/RNG.hs
--- old/tls-1.3.4/Network/TLS/RNG.hs 2015-12-12 15:51:40.000000000 +0100
+++ new/tls-1.3.5/Network/TLS/RNG.hs 2016-04-09 15:47:25.000000000 +0200
@@ -1,12 +1,17 @@
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
module Network.TLS.RNG
( StateRNG(..)
+ , Seed
+ , seedNew
+ , seedToInteger
+ , seedFromInteger
, withTLSRNG
, newStateRNG
, MonadRandom
, getRandomBytes
) where
+import Crypto.Random.Types
import Crypto.Random
newtype StateRNG = StateRNG ChaChaDRG
@@ -20,5 +25,5 @@
-> (a, StateRNG)
withTLSRNG rng f = withDRG rng f
-newStateRNG :: MonadRandom randomly => randomly StateRNG
-newStateRNG = StateRNG `fmap` drgNew
+newStateRNG :: Seed -> StateRNG
+newStateRNG seed = StateRNG $ drgNewSeed seed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/Network/TLS.hs new/tls-1.3.5/Network/TLS.hs
--- old/tls-1.3.4/Network/TLS.hs 2015-12-12 15:51:40.000000000 +0100
+++ new/tls-1.3.5/Network/TLS.hs 2016-04-09 15:47:25.000000000 +0200
@@ -11,6 +11,7 @@
-- * Context configuration
ClientParams(..)
, ServerParams(..)
+ , DebugParams(..)
, ClientHooks(..)
, ServerHooks(..)
, Supported(..)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.4/tls.cabal new/tls-1.3.5/tls.cabal
--- old/tls-1.3.4/tls.cabal 2015-12-12 15:51:40.000000000 +0100
+++ new/tls-1.3.5/tls.cabal 2016-04-09 15:47:25.000000000 +0200
@@ -1,5 +1,5 @@
Name: tls
-Version: 1.3.4
+Version: 1.3.5
Description:
Native Haskell TLS and SSL protocol implementation for server and client.
.
@@ -28,7 +28,7 @@
CHANGELOG.md
Flag compat
- Description: Accept SSLv2 compatible handshake
+ Description: Accept SSLv2 client hello for beginning SSLv3 / TLS
handshake
Default: True
Flag network
@@ -48,7 +48,7 @@
, data-default-class
-- crypto related
, memory
- , cryptonite >= 0.7
+ , cryptonite >= 0.14
-- certificate related
, asn1-types >= 0.2.0
, asn1-encoding
@@ -145,11 +145,12 @@
, x509-validation
, data-default-class
, cryptonite
- , criterion
+ , criterion >= 1.0
, mtl
, bytestring
, hourglass
, QuickCheck >= 2
+ , tasty-quickcheck
source-repository head
type: git
