The Risks of Windows and Linux Line endings in Git with PoGoAPI

This talks about the minor changes needed for the api_hashes api to allow verifying API’s.

Original Problem

Someone contacted me and said they couldnt verify the API’s against the hashes I provided. I looked into this and locally there didnt seem to be an issue as the API’s matched directly.

However when I looked at the server the files didn’t match the verified hashes stored. I initially thought this to be odd as I checked the files into git and therefore they couldn’t change. The files locally should have been the same as the files on the server.

Git being “helpful”

One of the features of git is the line ending checkout mode. By default if you check out a git repository on your machine it will check out the line endings for your system.

What this meant is that on my windows desktop I created files with windows line endings that were then checked into git as linux line endings. This meant that the files stored in git had a different hash to the ones that were checked out locally on my Windows machine.

The Linux server I run PoGoAPI on therefore had Linux line endings as it was checked out from git.

Since I was generating the hash file locally too, these hashes were for files with windows line endings. This meant that the only way to verify the API’s was to convert the line endings to windows endings and then verify it.

Changing it to create the hashes on the server

Instead of checking in the hash file I have changed the update script so that it also generates the hash file on update. This means that the files served to those using the API always have the same hash as in the hash file.

After making these changes the api hash file should always be correct.

Its an interesting learning experience as a useful feature of git caused a small unintended bug.