feat!: switch to Nix SRI hashes

helsinki-systems · Apr 16, 2024 · 3c35a0e · 3c35a0e
1 parent 796ac33
commit 3c35a0e
Show file tree

Hide file tree

Showing 9 changed files with 2,081 additions and 1,826 deletions.
diff --git a/24.json b/24.json
diff --git a/25.json b/25.json
diff --git a/26.json b/26.json
diff --git a/27.json b/27.json
diff --git a/28.json b/28.json
diff --git a/default.nix b/default.nix
@@ -12,7 +12,7 @@ let apps = (self:
 
     mkApp = name: value: runCommand "nc-app-${name}-${value.version}" {
       src = fetchurl {
-        inherit (value) url sha256;
+        inherit (value) url hash;
       };
       inherit (value) version;
     } /* sh */ ''

diff --git a/go.mod b/go.mod
@@ -2,4 +2,19 @@ module git.helsinki.tools/helsinki-systems/nc4nix
 
 go 1.20
 
-require github.com/hashicorp/go-version v1.6.0
+require (
+	github.com/hashicorp/go-version v1.6.0
+	github.com/multiformats/go-multihash v0.2.3
+	github.com/nix-community/go-nix v0.0.0-20231219074122-93cb24a86856
+)
+
+require (
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
+	github.com/mr-tron/base58 v1.2.0 // indirect
+	github.com/multiformats/go-varint v0.0.7 // indirect
+	github.com/spaolacci/murmur3 v1.1.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	lukechampine.com/blake3 v1.2.2 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -1,2 +1,27 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
+github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
+github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
+github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
+github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
+github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
+github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
+github.com/nix-community/go-nix v0.0.0-20231219074122-93cb24a86856 h1:CHnKW7ZH43KDkO9vDazQefi82Z0l1smKhSOpMsV1A9I=
+github.com/nix-community/go-nix v0.0.0-20231219074122-93cb24a86856/go.mod h1:0FdXufC8BrrWsr65fGYC0fI6hlk4ku+JHGUiYhX/6g4=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
+lukechampine.com/blake3 v1.2.2 h1:wEAbSg0IVU4ih44CVlpMqMZMpzr5hf/6aqodLlevd/w=
+lukechampine.com/blake3 v1.2.2/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
diff --git a/main.go b/main.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"crypto/sha256"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -12,6 +11,8 @@ import (
 	"strings"
 
 	"github.com/hashicorp/go-version"
+	multihash "github.com/multiformats/go-multihash/core"
+	"github.com/nix-community/go-nix/pkg/hash"
 )
 
 var DEBUG bool
@@ -45,7 +46,7 @@ type ApiApp struct {
 type ApiJson []ApiApp
 
 type App struct {
-	Sha256      string   `json:"sha256"`
+	Hash        string   `json:"hash"`
 	Url         string   `json:"url"`
 	Version     string   `json:"version"`
 	Description string   `json:"description"`
@@ -120,9 +121,13 @@ func prefetch(url string) (string, error) {
 		log.Print("Prefetch failed reading body for: ", url, err)
 		return "", err
 	}
-	sha256 := fmt.Sprintf("%x", sha256.Sum256(contents))
-
-	return sha256, err
+	h, err := hash.New(multihash.SHA2_256)
+	if err != nil {
+		log.Print("Failed to create new hasher: ", url, err)
+		return "", err
+	}
+	_, _ = h.Write(contents)
+	return h.SRIString(), nil
 }
 
 // copy every element from every map into the resulting map
@@ -218,13 +223,13 @@ func update(v string, apps []string) {
 		}
 
 		if needsPrefetch {
-			sha256, err := prefetch(na.Url)
+			h, err := prefetch(na.Url)
 			if err != nil {
 				continue
 			}
-			na.Sha256 = sha256
+			na.Hash = h
 		} else {
-			na.Sha256 = oa.Sha256
+			na.Hash = oa.Hash
 		}
 		an[k] = na
 	}