* Properly specify the hash algorithm in the manifests, and read it
too. * Change the default hash for nix-prefetch-url back to md5, since that's what we use in Nixpkgs (for now; a birthday attack is rather unlikely there).
This commit is contained in:
Eelco Dolstra
parent
95e870a113
commit
3259ae5811
4 changed files with 31 additions and 13 deletions
|
|
@ -96,7 +96,7 @@ while ($queueFront < scalar @queue) {
|
||||||
foreach my $patch (@{$patchList}) {
|
foreach my $patch (@{$patchList}) {
|
||||||
if (isValidPath($patch->{basePath})) {
|
if (isValidPath($patch->{basePath})) {
|
||||||
# !!! this should be cached
|
# !!! this should be cached
|
||||||
my $hash = `@bindir@/nix-hash "$patch->{basePath}"`;
|
my $hash = `@bindir@/nix-hash --type '$patch->{hashAlgo}' "$patch->{basePath}"`;
|
||||||
chomp $hash;
|
chomp $hash;
|
||||||
# print " MY HASH is $hash\n";
|
# print " MY HASH is $hash\n";
|
||||||
if ($hash ne $patch->{baseHash}) {
|
if ($hash ne $patch->{baseHash}) {
|
||||||
|
|
@ -175,8 +175,10 @@ my $maxStep = scalar @path;
|
||||||
sub downloadFile {
|
sub downloadFile {
|
||||||
my $url = shift;
|
my $url = shift;
|
||||||
my $hash = shift;
|
my $hash = shift;
|
||||||
|
my $hashAlgo = shift;
|
||||||
$ENV{"PRINT_PATH"} = 1;
|
$ENV{"PRINT_PATH"} = 1;
|
||||||
$ENV{"QUIET"} = 1;
|
$ENV{"QUIET"} = 1;
|
||||||
|
$ENV{"NIX_HASH_ALGO"} = $hashAlgo;
|
||||||
my ($hash2, $path) = `@bindir@/nix-prefetch-url '$url' '$hash'`;
|
my ($hash2, $path) = `@bindir@/nix-prefetch-url '$url' '$hash'`;
|
||||||
chomp $hash2;
|
chomp $hash2;
|
||||||
chomp $path;
|
chomp $path;
|
||||||
|
|
@ -205,7 +207,7 @@ while (scalar @path > 0) {
|
||||||
|
|
||||||
# Download the patch.
|
# Download the patch.
|
||||||
print " downloading patch...\n";
|
print " downloading patch...\n";
|
||||||
my $patchPath = downloadFile "$patch->{url}", "$patch->{hash}";
|
my $patchPath = downloadFile "$patch->{url}", "$patch->{hash}", "$patch->{hashAlgo}";
|
||||||
|
|
||||||
# Turn the base path into a NAR archive, to which we can
|
# Turn the base path into a NAR archive, to which we can
|
||||||
# actually apply the patch.
|
# actually apply the patch.
|
||||||
|
|
@ -232,7 +234,7 @@ while (scalar @path > 0) {
|
||||||
|
|
||||||
# Download the archive.
|
# Download the archive.
|
||||||
print " downloading archive...\n";
|
print " downloading archive...\n";
|
||||||
my $narFilePath = downloadFile "$narFile->{url}", "$narFile->{hash}";
|
my $narFilePath = downloadFile "$narFile->{url}", "$narFile->{hash}", "$narFile->{hashAlgo}";
|
||||||
|
|
||||||
# Unpack the archive into the target path.
|
# Unpack the archive into the target path.
|
||||||
print " unpacking archive...\n";
|
print " unpacking archive...\n";
|
||||||
|
|
|
||||||
|
|
@ -45,6 +45,7 @@ sub findOutputPaths {
|
||||||
|
|
||||||
# Ignore store expressions.
|
# Ignore store expressions.
|
||||||
next if ($p =~ /\.store$/);
|
next if ($p =~ /\.store$/);
|
||||||
|
next if ($p =~ /\.drv$/);
|
||||||
|
|
||||||
# Ignore builders (too much ambiguity -- they're all called
|
# Ignore builders (too much ambiguity -- they're all called
|
||||||
# `builder.sh').
|
# `builder.sh').
|
||||||
|
|
@ -69,7 +70,7 @@ my %dstOutPaths = findOutputPaths \%dstNarFiles, \%dstSuccessors;
|
||||||
|
|
||||||
sub getNameVersion {
|
sub getNameVersion {
|
||||||
my $p = shift;
|
my $p = shift;
|
||||||
$p =~ /\/[0-9a-f]+((?:-[a-zA-Z][^\/-]*)+)([^\/]*)$/;
|
$p =~ /\/[0-9a-z]+((?:-[a-zA-Z][^\/-]*)+)([^\/]*)$/;
|
||||||
my $name = $1;
|
my $name = $1;
|
||||||
my $version = $2;
|
my $version = $2;
|
||||||
$name =~ s/^-//;
|
$name =~ s/^-//;
|
||||||
|
|
@ -192,16 +193,16 @@ foreach my $p (keys %dstOutPaths) {
|
||||||
system("@bunzip2@ < $dstNarBz2 > $tmpdir/B") == 0
|
system("@bunzip2@ < $dstNarBz2 > $tmpdir/B") == 0
|
||||||
or die "cannot unpack $dstNarBz2";
|
or die "cannot unpack $dstNarBz2";
|
||||||
|
|
||||||
system("@libexecdir@/bspatch $tmpdir/A $tmpdir/B $tmpdir/DIFF") == 0
|
system("@libexecdir@/bsdiff $tmpdir/A $tmpdir/B $tmpdir/DIFF") == 0
|
||||||
or die "cannot compute binary diff";
|
or die "cannot compute binary diff";
|
||||||
|
|
||||||
my $baseHash = `@bindir@/nix-hash --flat $tmpdir/A` or die;
|
my $baseHash = `@bindir@/nix-hash --flat --type sha1 $tmpdir/A` or die;
|
||||||
chomp $baseHash;
|
chomp $baseHash;
|
||||||
|
|
||||||
my $narHash = `@bindir@/nix-hash --flat $tmpdir/B` or die;
|
my $narHash = `@bindir@/nix-hash --flat --type sha1 $tmpdir/B` or die;
|
||||||
chomp $narHash;
|
chomp $narHash;
|
||||||
|
|
||||||
my $narDiffHash = `@bindir@/nix-hash --flat $tmpdir/DIFF` or die;
|
my $narDiffHash = `@bindir@/nix-hash --flat --type sha1 $tmpdir/DIFF` or die;
|
||||||
chomp $narDiffHash;
|
chomp $narDiffHash;
|
||||||
|
|
||||||
my $narDiffSize = (stat "$tmpdir/DIFF")[7];
|
my $narDiffSize = (stat "$tmpdir/DIFF")[7];
|
||||||
|
|
@ -234,7 +235,7 @@ foreach my $p (keys %dstOutPaths) {
|
||||||
# Add the patch to the manifest.
|
# Add the patch to the manifest.
|
||||||
addPatch \%dstPatches, $p,
|
addPatch \%dstPatches, $p,
|
||||||
{ url => "$patchesURL/$finalName", hash => $narDiffHash
|
{ url => "$patchesURL/$finalName", hash => $narDiffHash
|
||||||
, size => $narDiffSize
|
, size => $narDiffSize, hashAlgo => "sha1"
|
||||||
, basePath => $closest, baseHash => $baseHash
|
, basePath => $closest, baseHash => $baseHash
|
||||||
, narHash => $narHash, patchType => "nar-bsdiff"
|
, narHash => $narHash, patchType => "nar-bsdiff"
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,10 @@
|
||||||
url=$1
|
url=$1
|
||||||
hash=$2
|
hash=$2
|
||||||
|
|
||||||
hashType="sha1"
|
hashType=$NIX_HASH_ALGO
|
||||||
|
if test -z "$hashType"; then
|
||||||
|
hashType=md5
|
||||||
|
fi
|
||||||
|
|
||||||
if test -z "$url"; then
|
if test -z "$url"; then
|
||||||
echo "syntax: nix-prefetch-url URL" >&2
|
echo "syntax: nix-prefetch-url URL" >&2
|
||||||
|
|
|
||||||
|
|
@ -52,6 +52,7 @@ sub readManifest {
|
||||||
my $narHash;
|
my $narHash;
|
||||||
my $references;
|
my $references;
|
||||||
my $deriver;
|
my $deriver;
|
||||||
|
my $hashAlgo;
|
||||||
|
|
||||||
while (<MANIFEST>) {
|
while (<MANIFEST>) {
|
||||||
chomp;
|
chomp;
|
||||||
|
|
@ -75,6 +76,7 @@ sub readManifest {
|
||||||
undef $patchType;
|
undef $patchType;
|
||||||
$references = "";
|
$references = "";
|
||||||
$deriver = "";
|
$deriver = "";
|
||||||
|
$hashAlgo = "md5";
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -104,7 +106,7 @@ sub readManifest {
|
||||||
push @{$narFileList},
|
push @{$narFileList},
|
||||||
{ url => $url, hash => $hash, size => $size
|
{ url => $url, hash => $hash, size => $size
|
||||||
, narHash => $narHash, references => $references
|
, narHash => $narHash, references => $references
|
||||||
, deriver => $deriver
|
, deriver => $deriver, hashAlgo => $hashAlgo
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -119,12 +121,14 @@ sub readManifest {
|
||||||
{ url => $url, hash => $hash, size => $size
|
{ url => $url, hash => $hash, size => $size
|
||||||
, basePath => $basePath, baseHash => $baseHash
|
, basePath => $basePath, baseHash => $baseHash
|
||||||
, narHash => $narHash, patchType => $patchType
|
, narHash => $narHash, patchType => $patchType
|
||||||
|
, hashAlgo => $hashAlgo
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
elsif (/^\s*StorePath:\s*(\/\S+)\s*$/) { $storePath = $1; }
|
elsif (/^\s*StorePath:\s*(\/\S+)\s*$/) { $storePath = $1; }
|
||||||
|
elsif (/^\s*HashAlgo:\s*(\S+)\s*$/) { $hashAlgo = $1; }
|
||||||
elsif (/^\s*Hash:\s*(\S+)\s*$/) { $hash = $1; }
|
elsif (/^\s*Hash:\s*(\S+)\s*$/) { $hash = $1; }
|
||||||
elsif (/^\s*URL:\s*(\S+)\s*$/) { $url = $1; }
|
elsif (/^\s*URL:\s*(\S+)\s*$/) { $url = $1; }
|
||||||
elsif (/^\s*Size:\s*(\d+)\s*$/) { $size = $1; }
|
elsif (/^\s*Size:\s*(\d+)\s*$/) { $size = $1; }
|
||||||
|
|
@ -162,7 +166,11 @@ sub writeManifest
|
||||||
print MANIFEST " StorePath: $storePath\n";
|
print MANIFEST " StorePath: $storePath\n";
|
||||||
print MANIFEST " HashAlgo: $narFile->{hashAlgo}\n";
|
print MANIFEST " HashAlgo: $narFile->{hashAlgo}\n";
|
||||||
print MANIFEST " NarURL: $narFile->{url}\n";
|
print MANIFEST " NarURL: $narFile->{url}\n";
|
||||||
|
if ($narFile->{hashAlgo} eq "md5") {
|
||||||
print MANIFEST " MD5: $narFile->{hash}\n";
|
print MANIFEST " MD5: $narFile->{hash}\n";
|
||||||
|
} else {
|
||||||
|
print MANIFEST " Hash: $narFile->{hash}\n";
|
||||||
|
}
|
||||||
print MANIFEST " NarHash: $narFile->{narHash}\n";
|
print MANIFEST " NarHash: $narFile->{narHash}\n";
|
||||||
print MANIFEST " Size: $narFile->{size}\n";
|
print MANIFEST " Size: $narFile->{size}\n";
|
||||||
print MANIFEST " References: $narFile->{references}\n"
|
print MANIFEST " References: $narFile->{references}\n"
|
||||||
|
|
@ -180,7 +188,11 @@ sub writeManifest
|
||||||
print MANIFEST " StorePath: $storePath\n";
|
print MANIFEST " StorePath: $storePath\n";
|
||||||
print MANIFEST " HashAlgo: $patch->{hashAlgo}\n";
|
print MANIFEST " HashAlgo: $patch->{hashAlgo}\n";
|
||||||
print MANIFEST " NarURL: $patch->{url}\n";
|
print MANIFEST " NarURL: $patch->{url}\n";
|
||||||
|
if ($patch->{hashAlgo} eq "md5") {
|
||||||
print MANIFEST " MD5: $patch->{hash}\n";
|
print MANIFEST " MD5: $patch->{hash}\n";
|
||||||
|
} else {
|
||||||
|
print MANIFEST " Hash: $patch->{hash}\n";
|
||||||
|
}
|
||||||
print MANIFEST " NarHash: $patch->{narHash}\n";
|
print MANIFEST " NarHash: $patch->{narHash}\n";
|
||||||
print MANIFEST " Size: $patch->{size}\n";
|
print MANIFEST " Size: $patch->{size}\n";
|
||||||
print MANIFEST " BasePath: $patch->{basePath}\n";
|
print MANIFEST " BasePath: $patch->{basePath}\n";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue