Thanks everyone for the inputs !!! upgrade of GIT to 2.21 worked. BUT still I have significant slowness(50 times slower than clone on linux machine) while cloning. HPUX box is having very good H/W configuration and network is also stable. Do you have any inputs on this.? -Ibrahim -----Original Message----- From: Jeff King [mailto:peff@xxxxxxxx] Sent: Tuesday, May 28, 2019 3:07 PM To: Vanak, Ibrahim <ibrahim.vanak@xxxxxxx Cc: git@xxxxxxxxxxxxxxx Subject: Re: GIT issue while cloning (fatal: pack is corrupted (SHA1 mismatch)) !!! On Tue, May 28, 2019 at 09:10:12AM +0000, Vanak, Ibrahim wrote: > We are seeing issue with GIT 2.14 version. When we try to clone the > repos, it is taking HUGE amount of time on HPUX, whereas on the linux > machine with same network configuration, it's getting cloned in less > than mins. So we want to know has anyone reported this issue? What is > the fix for this? Has the fix been released for this? Whom should we > contact for this? I don't know about the slowness, but... > Below is the HPUX system where we are seeing issue, it is taking 1 hr 45 mins and later it failed: > > root@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx# uname -a HP-UX sstl002 B.11.31 U > ia64 0158936019 unlimited-user license > root@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx# time git clone > git@xxxxxxxxxxxxxx:HPUX/SysFaultMgmt.git > Cloning into 'SysFaultMgmt'... > remote: Enumerating objects: 63627, done. > remote: Total 63627 (delta 0), reused 0 (delta 0), pack-reused 63627 > Receiving objects: 100% (63627/63627), 681.90 MiB | 111.00 KiB/s, done. > fatal: pack is corrupted (SHA1 mismatch) > fatal: index-pack failed Git v2.14 uses the sha1collision-detection implementation of sha1 by default. That has a bug that was fixed recently with: commit 4125f78222749cb8fc91115abec3ac83e5dfb194 Author: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> Date: Tue May 14 00:17:01 2019 +0200 sha1dc: update from upstream Update sha1dc from the latest version by the upstream maintainer[1]. See 07a20f569b ("Makefile: fix unaligned loads in sha1dc with UBSan", 2019-03-12) for the last update. This fixes an issue where HP-UX IA64 was wrongly detected as a Little-endian instead of a Big-endian system, see [2] and [3]. 1. https://github.com/cr-marcstevens/sha1collisiondetection/commit/855827c583bc30645ba427885caa40c5b81764d2 2. https://public-inbox.org/git/603989bd-f86d-c61d-c6f5-fb6748a65ba9@xxxxxxxxxxx/ 3. https://github.com/cr-marcstevens/sha1collisiondetection/pull/50 which looks like it would impact your system. You can either: 1. Try v2.22.0-rc1, which will be the first release with that fix. 2. Try cherry-picking the various fixes on top of v2.14.0: git checkout v2.14.0 git cherry-pick 23e37f8e9d5961c0c8d52ac481693d3fca5309ce git cherry-pick 07a20f569b4b1690e717eaac0954007a8edfbfc2 git cherry-pick 4125f78222749cb8fc91115abec3ac83e5dfb194 3. Compile with another sha1 implementation. E.g.: # if you have openssl available; otherwise, # try BLK_SHA1 echo 'OPENSSL_SHA1 = Yes' >config.mak make Note that you won't be protected from collision attacks, but those are still impractically expensive to mount at this point. It may be a good tradeoff until you can upgrade to a more recent Git. -Peff
