Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

common-updater-scripts: Support SRI-style hash #78913

Merged
merged 4 commits into from Feb 4, 2020
Merged

Conversation

@jtojnar
Copy link
Contributor

@jtojnar jtojnar commented Jan 30, 2020

Some fetcher functions support SRI-style hash attribute in addition to legacy type-specific attributes. When hash is used outputHashAlgo is null so let’s complain when SRI-style hash value was not detected.

Such attributes match the form ${type}${separator}${hash}: True SRI uses dash as a separator and only supports base64, whereas Nix’s SRI-style format uses a colon and supports all the same encodings like regular hashes (16/32/64).

To keep this program reasonably simple, we will upgrade Nix’s SRI-like format to pure SRI instead of preserving it.

Relevant code:

@jtojnar jtojnar force-pushed the jtojnar:cus-fixes branch from f946601 to 6289cc7 Jan 30, 2020
@jtojnar jtojnar requested a review from worldofpeace Jan 30, 2020
@FRidh
Copy link
Member

@FRidh FRidh commented Jan 30, 2020

Is SRI already allowed in Nixpkgs? If I am correct it's a Nix fetchurl feature.

@jtojnar
Copy link
Contributor Author

@jtojnar jtojnar commented Jan 30, 2020

See 267c8d6

jtojnar added 4 commits Apr 12, 2019
Some fetcher functions support SRI-style `hash` attribute in addition to legacy type-specific attributes. When `hash` is used `outputHashAlgo` is null so let’s complain when SRI-style hash value was not detected.

Such attributes match the form ${type}${separator}${hash}: True SRI uses dash as a separator and only supports base64, whereas Nix’s SRI-style format uses a colon and supports all the same encodings like regular hashes (16/32/64).

To keep this program reasonably simple, we will upgrade Nix’s SRI-like format to pure SRI instead of preserving it.
Fix issues reported by shellcheck and few other style issues.

Though we need to ignore $systemArg complaints because Nix does not support passing --system as a single argument.
We can check some things before the modifications take place.
@jtojnar jtojnar force-pushed the jtojnar:cus-fixes branch from faf16e0 to e4a0953 Feb 4, 2020
@jtojnar jtojnar merged commit f40a8a0 into NixOS:master Feb 4, 2020
16 checks passed
16 checks passed
Evaluation Performance Report Evaluator Performance Report
Details
common-updater-scripts on aarch64-linux Success
Details
common-updater-scripts on x86_64-darwin Success
Details
common-updater-scripts on x86_64-linux Success
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
@jtojnar jtojnar deleted the jtojnar:cus-fixes branch Feb 4, 2020
dtzWill added a commit to dtzWill/nixpkgs that referenced this pull request Feb 5, 2020
common-updater-scripts: Support SRI-style hash
(cherry picked from commit f40a8a0)
@worldofpeace
Copy link
Member

@worldofpeace worldofpeace commented Feb 5, 2020

Thanks for adding this @jtojnar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.