New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
webassemblyjs tool suite: init at 1.7.8 #45225
Conversation
For ease of review: the operations done for this PR are addition of the lines in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM :)
@@ -1872,7 +1872,7 @@ let | |||
packageName = "strip-ansi"; | |||
version = "3.0.1"; | |||
src = fetchurl { | |||
url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz"; | |||
url = "http://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh actually, this is weird, why did it switch to http? Can you maybe run ./generate.sh again with the latest master version?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not coming back :'( It did get two updates though, so I did a push -f
Intuitively the HTTPS isn't that important, though, as it's going to (I guess) be built by hydra, which has no need for confidentiality, and it's protected by sha*sum anyway :) |
@Ekleog Well the hashes were probably obtained from the http URL to begin with |
Indeed, but HTTPS more or less only tells that some third-party over the internet saw you over a HTTP connection (at least with Let's Encrypt, some other CAs have different requirements), so basically what we're doing by pinning hashes and making contributor+ofborg review them is basically as secure as HTTPS, with the exception that there's no Certificate Transparency logs for hashes we insert :) Anyway, thank you for the review! |
Motivation for this change
Couldn't test
wasmrun
for not having a WASM file that can be run at hand, but it looks like it's at least basically working :)All other binaries are either OK or had bugs reported upstream because they really didn't look like packaging issues.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)