* Properly specify the hash algorithm in the manifests, and read it
too. * Change the default hash for nix-prefetch-url back to md5, since that's what we use in Nixpkgs (for now; a birthday attack is rather unlikely there).
This commit is contained in:
parent
95e870a113
commit
3259ae5811
4 changed files with 31 additions and 13 deletions
|
@ -96,7 +96,7 @@ while ($queueFront < scalar @queue) {
|
|||
foreach my $patch (@{$patchList}) {
|
||||
if (isValidPath($patch->{basePath})) {
|
||||
# !!! this should be cached
|
||||
my $hash = `@bindir@/nix-hash "$patch->{basePath}"`;
|
||||
my $hash = `@bindir@/nix-hash --type '$patch->{hashAlgo}' "$patch->{basePath}"`;
|
||||
chomp $hash;
|
||||
# print " MY HASH is $hash\n";
|
||||
if ($hash ne $patch->{baseHash}) {
|
||||
|
@ -175,8 +175,10 @@ my $maxStep = scalar @path;
|
|||
sub downloadFile {
|
||||
my $url = shift;
|
||||
my $hash = shift;
|
||||
my $hashAlgo = shift;
|
||||
$ENV{"PRINT_PATH"} = 1;
|
||||
$ENV{"QUIET"} = 1;
|
||||
$ENV{"NIX_HASH_ALGO"} = $hashAlgo;
|
||||
my ($hash2, $path) = `@bindir@/nix-prefetch-url '$url' '$hash'`;
|
||||
chomp $hash2;
|
||||
chomp $path;
|
||||
|
@ -205,7 +207,7 @@ while (scalar @path > 0) {
|
|||
|
||||
# Download the patch.
|
||||
print " downloading patch...\n";
|
||||
my $patchPath = downloadFile "$patch->{url}", "$patch->{hash}";
|
||||
my $patchPath = downloadFile "$patch->{url}", "$patch->{hash}", "$patch->{hashAlgo}";
|
||||
|
||||
# Turn the base path into a NAR archive, to which we can
|
||||
# actually apply the patch.
|
||||
|
@ -232,7 +234,7 @@ while (scalar @path > 0) {
|
|||
|
||||
# Download the archive.
|
||||
print " downloading archive...\n";
|
||||
my $narFilePath = downloadFile "$narFile->{url}", "$narFile->{hash}";
|
||||
my $narFilePath = downloadFile "$narFile->{url}", "$narFile->{hash}", "$narFile->{hashAlgo}";
|
||||
|
||||
# Unpack the archive into the target path.
|
||||
print " unpacking archive...\n";
|
||||
|
|
|
@ -45,6 +45,7 @@ sub findOutputPaths {
|
|||
|
||||
# Ignore store expressions.
|
||||
next if ($p =~ /\.store$/);
|
||||
next if ($p =~ /\.drv$/);
|
||||
|
||||
# Ignore builders (too much ambiguity -- they're all called
|
||||
# `builder.sh').
|
||||
|
@ -69,7 +70,7 @@ my %dstOutPaths = findOutputPaths \%dstNarFiles, \%dstSuccessors;
|
|||
|
||||
sub getNameVersion {
|
||||
my $p = shift;
|
||||
$p =~ /\/[0-9a-f]+((?:-[a-zA-Z][^\/-]*)+)([^\/]*)$/;
|
||||
$p =~ /\/[0-9a-z]+((?:-[a-zA-Z][^\/-]*)+)([^\/]*)$/;
|
||||
my $name = $1;
|
||||
my $version = $2;
|
||||
$name =~ s/^-//;
|
||||
|
@ -192,16 +193,16 @@ foreach my $p (keys %dstOutPaths) {
|
|||
system("@bunzip2@ < $dstNarBz2 > $tmpdir/B") == 0
|
||||
or die "cannot unpack $dstNarBz2";
|
||||
|
||||
system("@libexecdir@/bspatch $tmpdir/A $tmpdir/B $tmpdir/DIFF") == 0
|
||||
system("@libexecdir@/bsdiff $tmpdir/A $tmpdir/B $tmpdir/DIFF") == 0
|
||||
or die "cannot compute binary diff";
|
||||
|
||||
my $baseHash = `@bindir@/nix-hash --flat $tmpdir/A` or die;
|
||||
my $baseHash = `@bindir@/nix-hash --flat --type sha1 $tmpdir/A` or die;
|
||||
chomp $baseHash;
|
||||
|
||||
my $narHash = `@bindir@/nix-hash --flat $tmpdir/B` or die;
|
||||
my $narHash = `@bindir@/nix-hash --flat --type sha1 $tmpdir/B` or die;
|
||||
chomp $narHash;
|
||||
|
||||
my $narDiffHash = `@bindir@/nix-hash --flat $tmpdir/DIFF` or die;
|
||||
my $narDiffHash = `@bindir@/nix-hash --flat --type sha1 $tmpdir/DIFF` or die;
|
||||
chomp $narDiffHash;
|
||||
|
||||
my $narDiffSize = (stat "$tmpdir/DIFF")[7];
|
||||
|
@ -234,7 +235,7 @@ foreach my $p (keys %dstOutPaths) {
|
|||
# Add the patch to the manifest.
|
||||
addPatch \%dstPatches, $p,
|
||||
{ url => "$patchesURL/$finalName", hash => $narDiffHash
|
||||
, size => $narDiffSize
|
||||
, size => $narDiffSize, hashAlgo => "sha1"
|
||||
, basePath => $closest, baseHash => $baseHash
|
||||
, narHash => $narHash, patchType => "nar-bsdiff"
|
||||
};
|
||||
|
|
|
@ -3,7 +3,10 @@
|
|||
url=$1
|
||||
hash=$2
|
||||
|
||||
hashType="sha1"
|
||||
hashType=$NIX_HASH_ALGO
|
||||
if test -z "$hashType"; then
|
||||
hashType=md5
|
||||
fi
|
||||
|
||||
if test -z "$url"; then
|
||||
echo "syntax: nix-prefetch-url URL" >&2
|
||||
|
|
|
@ -52,6 +52,7 @@ sub readManifest {
|
|||
my $narHash;
|
||||
my $references;
|
||||
my $deriver;
|
||||
my $hashAlgo;
|
||||
|
||||
while (<MANIFEST>) {
|
||||
chomp;
|
||||
|
@ -75,6 +76,7 @@ sub readManifest {
|
|||
undef $patchType;
|
||||
$references = "";
|
||||
$deriver = "";
|
||||
$hashAlgo = "md5";
|
||||
}
|
||||
|
||||
} else {
|
||||
|
@ -104,7 +106,7 @@ sub readManifest {
|
|||
push @{$narFileList},
|
||||
{ url => $url, hash => $hash, size => $size
|
||||
, narHash => $narHash, references => $references
|
||||
, deriver => $deriver
|
||||
, deriver => $deriver, hashAlgo => $hashAlgo
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -119,12 +121,14 @@ sub readManifest {
|
|||
{ url => $url, hash => $hash, size => $size
|
||||
, basePath => $basePath, baseHash => $baseHash
|
||||
, narHash => $narHash, patchType => $patchType
|
||||
, hashAlgo => $hashAlgo
|
||||
};
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
elsif (/^\s*StorePath:\s*(\/\S+)\s*$/) { $storePath = $1; }
|
||||
elsif (/^\s*HashAlgo:\s*(\S+)\s*$/) { $hashAlgo = $1; }
|
||||
elsif (/^\s*Hash:\s*(\S+)\s*$/) { $hash = $1; }
|
||||
elsif (/^\s*URL:\s*(\S+)\s*$/) { $url = $1; }
|
||||
elsif (/^\s*Size:\s*(\d+)\s*$/) { $size = $1; }
|
||||
|
@ -162,7 +166,11 @@ sub writeManifest
|
|||
print MANIFEST " StorePath: $storePath\n";
|
||||
print MANIFEST " HashAlgo: $narFile->{hashAlgo}\n";
|
||||
print MANIFEST " NarURL: $narFile->{url}\n";
|
||||
if ($narFile->{hashAlgo} eq "md5") {
|
||||
print MANIFEST " MD5: $narFile->{hash}\n";
|
||||
} else {
|
||||
print MANIFEST " Hash: $narFile->{hash}\n";
|
||||
}
|
||||
print MANIFEST " NarHash: $narFile->{narHash}\n";
|
||||
print MANIFEST " Size: $narFile->{size}\n";
|
||||
print MANIFEST " References: $narFile->{references}\n"
|
||||
|
@ -180,7 +188,11 @@ sub writeManifest
|
|||
print MANIFEST " StorePath: $storePath\n";
|
||||
print MANIFEST " HashAlgo: $patch->{hashAlgo}\n";
|
||||
print MANIFEST " NarURL: $patch->{url}\n";
|
||||
if ($patch->{hashAlgo} eq "md5") {
|
||||
print MANIFEST " MD5: $patch->{hash}\n";
|
||||
} else {
|
||||
print MANIFEST " Hash: $patch->{hash}\n";
|
||||
}
|
||||
print MANIFEST " NarHash: $patch->{narHash}\n";
|
||||
print MANIFEST " Size: $patch->{size}\n";
|
||||
print MANIFEST " BasePath: $patch->{basePath}\n";
|
||||
|
|
Loading…
Reference in a new issue