Git LFS 2.5.0 to be Available

It replaces large files with text links, and their contents are stored on GitHub Enterprise servers
31 July 2018   296

The GitHub developers have updated the Git LFS extension. It replaces large files with text links, and their contents are stored on GitHub Enterprise servers. The new version fixes bugs and added new features to the old commands. 

New migration options

The git lfs migrate command received several new functions.

  • Fixing the inability to save in the repository using Git LFS. If the file is larger than 100 MB, it does not move to GitHub and the history requires rewriting with the git lfs migrate import command. If the file is less than 100 MB, the git lfs migrate import --no-rewrite command will move the file using the extension, fixing the changes in the repository.
  • Correcting the error of storing files with the extension LFS. For example, you need to store images * .png with LFS, and the file is added without using it. git lfs migrate import --fixup helps to fix the error. The--fixup flag reads the condition in the .gitattributes file and automatically converts the objects for storage using Git LFS. In the example below, the mona.png file is added without Git LFS:
$ cat .gitattributes
*.png filter=lfs diff=lfs merge=lfs -text

$ git cat-file -p :mona.png | file -s
/dev/stdin: PNG image data, 896 x 896, 8-bit/color RGBA, non-interlaced

You can fix it this way:

$ git lfs migrate import --fixup
migrate: Fetching remote refs: ..., done
migrate: Sorting commits: ..., done
migrate: Rewriting commits: 100% (2/2), done
  master        1002728154804338fe645976ad8b7258b0be0810 -> 076e2bfe114df5575b1130f694c18d1b26c86b86
migrate: Updating refs: ..., done
migrate: checkout: ..., done

$ git cat-file -p :mona.png
oid sha256:49afbfc61b10df78377f8f7dac774158e1a0197740e160ea3572d9839c61ac04
size 106277

Now mona.png is in the repository using the LFS repository.

To stop working with the expansion and export of large objects, it is enough to type git lfs migrate export. The command accepts the same arguments asgit lfs migrate import, moving files from the extension.

Other changes

Modified scripts and programs that can be used to design as "crutches." Now the testing software package outputs the results in TAP format and is started by the prove command. And the assembly of the project can be done thanks to Makefile, the familiar Git users.

In addition, the fixes and improvements to support for alternative objects, as well as the output of results from subdirectories by the git lfs status command.

Google to Introduce Tink Cryptographic Library

Google already uses Tink in projects like AdMob, Google Pay, Google Assistant, Firebase and the Android Search App
31 August 2018   394

Google introduced the open cryptographic library called Tink with support for Java, C ++ and Objective-C, as well as experimental support for Go and JavaScript. Product primitives use the BoringSSL and the Java Cryptography Architecture framework.

Even small errors in the use of cryptographic methods can have serious consequences, and they are carefully study for decades. Many developers do not have so much time, so when creating a new tool, the company tried to reduce the number of potential errors with cryptographic APIs. Google already uses Tink in projects like AdMob, Google Pay, Google Assistant, Firebase and the Android Search App.

These primitives are used in the core of the library:

  • AEAD (Authenticated Encryption with Associated Data) for symmetric encryption of blocks and data streams over a fixed key. The tool does not require the definition of specific algorithms and their parameters. With it, you can quickly perform encryption and decryption operations:
     // 1. Generate the key material.
     KeysetHandle keysetHandle = KeysetHandle.generateNew(
     // 2. Get the primitive.
     Aead aead = AeadFactory.getPrimitive(keysetHandle);
     // 3. Use the primitive.
     byte[] plaintext = ...;
     byte[] additionalData = ...;
     byte[] ciphertext = aead.(plaintext, additionalData);
  • The MAC (Message Authentication Codes) provides message authentication codes.

In Tink, there are functions for creating a digital signature and its verification, as well as the functions of fast hybrid encryption.

Features of work
Each primitive supports stateless mode operation, secure copy operations and the use of keys with a length of 128 bits. The library automatically blocks potentially unsafe operations, for example, downloading keys from unencrypted files on the disk. Tink provides an API for rotating keys and interacting with external key management systems: Google Cloud KMS, Amazon KMS, Android Keystore and Apple iOS KeyChain.

The library has a modular architecture, allows you to connect custom primitives and replace them with existing code files without changing the final applications. From Tink, you can exclude part of the tools. For example, if the program only uses digital signature verification, you can remove symmetric encryption components to reduce the application code size.

In August 2018, the creators of the VPN protocol, WireGuard, announced the creation of the Zinc cryptographic library, which, upon introduction into the core Linux kernel, will accelerate the process of data encryption through a simplified set of crypto algorithms.