Skip to content

Commit

Permalink
fetch-*: remove md5 support
Browse files Browse the repository at this point in the history 
fixes #4491
  • Loading branch information
@globin
globin committed Mar 20, 2017
1 parent 1c3308e commit f57185d
Show file tree
Hide file tree
Showing 8 changed files with 44 additions and 24 deletions.
9 changes: 6 additions & 3 deletions pkgs/build-support/fetchdarcs/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
{stdenv, darcs, nix}: {url, rev ? null, context ? null, md5 ? "", sha256 ? ""}:

if md5 != "" then
throw "fetchdarcs does not support md5 anymore, please use sha256"
else
stdenv.mkDerivation {
name = "fetchdarcs";
builder = ./builder.sh;
buildInputs = [darcs];

outputHashAlgo = if sha256 == "" then "md5" else "sha256";
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = if sha256 == "" then md5 else sha256;
outputHash = sha256;

inherit url rev context;
}
7 changes: 5 additions & 2 deletions pkgs/build-support/fetchegg/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@
{ stdenv, chicken }:
{ name, version, md5 ? "", sha256 ? "" }:

if md5 != "" then
throw "fetchegg does not support md5 anymore, please use sha256"
else
stdenv.mkDerivation {
name = "chicken-${name}-export";
builder = ./builder.sh;
buildInputs = [ chicken ];

outputHashAlgo = if sha256 == "" then "md5" else "sha256";
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = if sha256 == "" then md5 else sha256;
outputHash = sha256;

inherit version;

Expand Down
8 changes: 5 additions & 3 deletions pkgs/build-support/fetchgit/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,18 +39,20 @@ in
server admins start using the new version?
*/

assert md5 != "" || sha256 != "";
assert deepClone -> leaveDotGit;

if md5 != "" then
throw "fetchgit does not support md5 anymore, please use sha256"
else
stdenv.mkDerivation {
inherit name;
builder = ./builder.sh;
fetcher = "${./nix-prefetch-git}"; # This must be a string to ensure it's called with bash.
buildInputs = [git];

outputHashAlgo = if sha256 == "" then "md5" else "sha256";
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = if sha256 == "" then md5 else sha256;
outputHash = sha256;

inherit url rev leaveDotGit fetchSubmodules deepClone branchName;

Expand Down
10 changes: 5 additions & 5 deletions pkgs/build-support/fetchhg/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
{stdenv, mercurial, nix}: {name ? null, url, rev ? null, md5 ? null, sha256 ? null, fetchSubrepos ? false}:

if md5 != null then
throw "fetchhg does not support md5 anymore, please use sha256"
else
# TODO: statically check if mercurial as the https support if the url starts woth https.
stdenv.mkDerivation {
name = "hg-archive" + (if name != null then "-${name}" else "");
Expand All @@ -8,14 +11,11 @@ stdenv.mkDerivation {

impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars;

# Nix <= 0.7 compatibility.
id = md5;

subrepoClause = if fetchSubrepos then "S" else "";

outputHashAlgo = if md5 != null then "md5" else "sha256";
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = if md5 != null then md5 else sha256;
outputHash = sha256;

inherit url rev;
preferLocalBuild = true;
Expand Down
5 changes: 4 additions & 1 deletion pkgs/build-support/fetchnuget/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,12 @@ attrs @
, md5 ? ""
, ...
}:
if md5 != "" then
throw "fetchnuget does not support md5 anymore, please use sha256"
else
buildDotnetPackage ({
src = fetchurl {
inherit url sha256 md5;
inherit url sha256;
name = "${baseName}.${version}.zip";
};

Expand Down
7 changes: 5 additions & 2 deletions pkgs/build-support/fetchsvn/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,17 @@ let
name_ = if name == null then "${repoName}-r${toString rev}" else name;
in

if md5 != "" then
throw "fetchsvn does not support md5 anymore, please use sha256"
else
stdenv.mkDerivation {
name = name_;
builder = ./builder.sh;
buildInputs = [subversion];

outputHashAlgo = if sha256 == "" then "md5" else "sha256";
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = if sha256 == "" then md5 else sha256;
outputHash = sha256;

inherit url rev sshSupport openssh ignoreExternals ignoreKeywords;

Expand Down
12 changes: 8 additions & 4 deletions pkgs/build-support/fetchsvnssh/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
{stdenv, subversion, sshSupport ? false, openssh ? null, expect}:
{username, password, url, rev ? "HEAD", md5 ? "", sha256 ? ""}:


if md5 != "" then
throw "fetchsvnssh does not support md5 anymore, please use sha256"
else
stdenv.mkDerivation {
name = "svn-export-ssh";
builder = ./builder.sh;
buildInputs = [subversion expect];

outputHashAlgo = if sha256 == "" then "md5" else "sha256";
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = if sha256 == "" then md5 else sha256;
outputHash = sha256;

sshSubversion = ./sshsubversion.exp;

inherit username password url rev sshSupport openssh;
}
10 changes: 6 additions & 4 deletions pkgs/build-support/fetchurl/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,14 @@ assert sha512 != "" -> builtins.compareVersions "1.11" builtins.nixVersion <= 0;
let

hasHash = showURLs || (outputHash != "" && outputHashAlgo != "")
|| md5 != "" || sha1 != "" || sha256 != "" || sha512 != "";
|| sha1 != "" || sha256 != "" || sha512 != "";
urls_ = if urls != [] then urls else [url];

in

if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${stdenv.lib.concatStringsSep ", " urls_}" else stdenv.mkDerivation {
if md5 != "" then throw "fetchsvnssh does not support md5 anymore, please use sha256 or sha512"
else if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${stdenv.lib.concatStringsSep ", " urls_}"
else stdenv.mkDerivation {
name =
if showURLs then "urls"
else if name != "" then name
Expand All @@ -110,9 +112,9 @@ if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${s

# New-style output content requirements.
outputHashAlgo = if outputHashAlgo != "" then outputHashAlgo else
if sha512 != "" then "sha512" else if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5";
if sha512 != "" then "sha512" else if sha256 != "" then "sha256" else "sha1";
outputHash = if outputHash != "" then outputHash else
if sha512 != "" then sha512 else if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5;
if sha512 != "" then sha512 else if sha256 != "" then sha256 else sha1;

outputHashMode = if (recursiveHash || executable) then "recursive" else "flat";

Expand Down

0 comments on commit f57185d

Please sign in to comment.