Skip to content

common-updater-scripts: Support SRI-style hash #78913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 4, 2020
Merged

common-updater-scripts: Support SRI-style hash #78913

merged 4 commits into from
Feb 4, 2020
+54 −30

Conversation

jtojnar
Copy link
Member

@jtojnar jtojnar commented Jan 30, 2020
edited
Loading

Some fetcher functions support SRI-style hash attribute in addition to legacy type-specific attributes. When hash is used outputHashAlgo is null so let’s complain when SRI-style hash value was not detected.

Such attributes match the form ${type}${separator}${hash}: True SRI uses dash as a separator and only supports base64, whereas Nix’s SRI-style format uses a colon and supports all the same encodings like regular hashes (16/32/64).

To keep this program reasonably simple, we will upgrade Nix’s SRI-like format to pure SRI instead of preserving it.

Relevant code:

@jtojnar jtojnar requested a review from worldofpeace January 30, 2020 20:54
@FRidh
Copy link
Member

FRidh commented Jan 30, 2020

Is SRI already allowed in Nixpkgs? If I am correct it's a Nix fetchurl feature.

@jtojnar
Copy link
Member Author

jtojnar commented Jan 30, 2020

See 267c8d6

@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Jan 31, 2020
@jtojnar
common-updater-scripts: mention --ignore-same-hash in usage
ea9da64
@jtojnar
common-updater-scripts: Support SRI-style hash
5a1bc70 
Some fetcher functions support SRI-style `hash` attribute in addition to legacy type-specific attributes. When `hash` is used `outputHashAlgo` is null so let’s complain when SRI-style hash value was not detected.

Such attributes match the form ${type}${separator}${hash}: True SRI uses dash as a separator and only supports base64, whereas Nix’s SRI-style format uses a colon and supports all the same encodings like regular hashes (16/32/64).

To keep this program reasonably simple, we will upgrade Nix’s SRI-like format to pure SRI instead of preserving it.
@jtojnar
common-updater-scripts: clean up
65543d1 
Fix issues reported by shellcheck and few other style issues.

Though we need to ignore $systemArg complaints because Nix does not support passing --system as a single argument.
@jtojnar
common-updater-scripts: move destructive changes further in the script

Verified

This commit was signed with the committer’s verified signature. The key has expired.
dtzWill Will Dietz
GPG key ID: EBB0EA4124809D02
Expired
Verified
Learn about vigilant mode
e4a0953 
We can check some things before the modifications take place.
@jtojnar jtojnar merged commit f40a8a0 into NixOS:master Feb 4, 2020
@jtojnar jtojnar deleted the cus-fixes branch February 4, 2020 23:47
dtzWill pushed a commit to dtzWill/nixpkgs that referenced this pull request Feb 5, 2020
@jtojnar @dtzWill
Merge pull request NixOS#78913 from jtojnar/cus-fixes

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
5cf9eb0 
common-updater-scripts: Support SRI-style hash
(cherry picked from commit f40a8a0)
@worldofpeace
Copy link
Contributor

Thanks for adding this @jtojnar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@worldofpeace worldofpeace

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jtojnar @FRidh @worldofpeace