New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
b2sum: init at 20160619 #44459
b2sum: init at 20160619 #44459
Conversation
a014988
to
11a9769
Compare
Note that
Since this is in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it makes sense to have this package in Nixpkgs, for two reasons:
- This supports algorithms other than BLAKE2b: BLAKE2s, BLAKE2bp, BLAKE2sp.
- While
coreutils
andbusybox
have this utility, it may be unwieldy to install the full set for people on macOS (or in the future, BSDs: none to my knowledge include BLAKE2 digest program).
{ stdenv, fetchurl, openmp }: | ||
|
||
stdenv.mkDerivation rec { | ||
version = "20160619"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this release, upstream has added ARM NEON implementations of BLAKE2b and BLAKE2s which should improve performance on aarch64: BLAKE2/BLAKE2@7965d3e
Also a bug fix for BLAKE2bp which previously returned incorrect results when -l
option was set: BLAKE2/BLAKE2#36
To incorporate these changes into Nixpkgs version, could you use version from master?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh my, why didn’t they make a new release then :/
we should probably tell the Homebrew people
url = "https://github.com/BLAKE2/BLAKE2/archive/${version}.tar.gz"; | ||
sha256 = "0csnlp6kwlyla5s4r6bsrx2jgcwrm9qzisnvfdhmqsz5r8y87b6b"; | ||
}; | ||
postUnpack = "sourceRoot=$sourceRoot/b2sum"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sourceRoot = "b2sum";
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Um, I’m not sure it would work this way, because the source root is <whatever the dir in the archive is called>/b2sum
@@ -0,0 +1,25 @@ | |||
{ stdenv, fetchurl, openmp }: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since openmp is nullable, would be nice to have it default to null
:
{ stdenv, fetchurl, openmp ? null }:
@@ -1579,6 +1579,10 @@ with pkgs; | |||
|
|||
asynk = callPackage ../tools/networking/asynk { }; | |||
|
|||
b2sum = callPackage ../tools/security/b2sum { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably move tthsum from ../tools/misc to ../tools/security then, for conformance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I judged by tthsum
and rhash
and decided the latter was placed more appropriately, so, yes, I think, we should.
I'm not really sure I buy argument 1 that having multiple hash functions is necessarily worth adding this package. People always think they can choose something better because of their particular know-how, but the actual users who can do this are relatively small -- to the detriment and confusion of other, more ordinary users. BLAKE2b is a perfectly fine and robust hash function for the use-cases b2sum is intended for (file hashes, more or less), and it should already be faster than MD5 or sha1sum which I'd consider unsafe, not to mention SHA2 variants:
Personally, I consider "algorithm flexibility" for things like this -- that are mostly inconsequential and confusing to non-familiar/'crypto' users -- to be anti-features. While blake2b is a 64-bit hash function, I don't think our (relatively small) 32-bit userbase should really worry about having multiple hash functions for e.g. blake2s for some efficiency gains. Having multiple hash functions also makes it unclear which one you used, and which package people should use for doing their hash comparisons (especially because any use or installation of There's an argument the parallel versions might be worth having, but frankly I don't find that super convincing as an argument for duplicating an already existing utility that seems perfectly adequate on its own, although I admit some people may disagree. I also don't buy argument 2: MacOS already has coreutils in stdenv, does it not? And it comes with b2sum (I verified this by looking at Hydra closures, as I have no macOS machines). It has to work, so I'm not sure there's any problem there at all. And "future BSDs" are not a good argument for adding packages and/or increasing the footprint of nixpkgs, in my opinion (Actually, I consider Nix-on-not-Linux a misguided 'feature' that largely penalizes the vast majority of users who are on Linux by complexifying build expressions -- though I accept macOS as a valid target -- but that's neither here nor there). Besides, I suspect trying to truly remove coreutils semantics from the majority of Nix build expressions that use them via Tentatively adding features that are based on potential future users (that historically have fallen to bitrot very quickly) for relatively minor reasons seems like a bad idea, and can always be rectified in the future if needed. We can just cross that bridge later. I generally don't (and haven't, I think) put hard rejections on package additions, but I'm rather disinclined to accept this addition, personally. I can't say that my opinion weighs more heavily than anyone elses, though (I'm just an average maintainer). |
I understand your arguments and agree with them for the most part, just not your conclusion. Nixpkgs has always been very friendly to new packages, we regularly accept packages with virtually no users, or packages that have better counterparts. The policy so far was to let the end-user make the decision, and just be a collection of build instructions with nearly no moderation. Since this is a different implementation of |
I don’t think that the “crypto algorithm flexibility is bad” argument can be used in this case. This sort of tools most of the time is used for hash verification, not generation and when a user has to verify a hash, they have no choice which algorithm to use. In this specific case it is not an issue at all, simply because the tool does not explicitly ask the user to pick an algorithm, it has the right one as the default.
The fact that Let me explain how this PR happened. I needed to compute a blake2 hash of a file, so I check that Update: I have looked up the discussion in the mailing list and apparently the reason was “we already have |
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)