diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2018-12-13T13·30+0100 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2018-12-13T13·30+0100 |
| commit | 6024dc1d97212130c19d3ff5ce6b1d102837eee6 (patch) | |
| tree | 71ad514b53863fc00ed4b8cff710dec1e792b056 /tests/fetchurl.sh | |
| parent | c37e6d77ea86df249aeaf65d329a6be3b837ad62 (diff) | |
Support SRI hashes
SRI hashes (https://www.w3.org/TR/SRI/) combine the hash algorithm and
a base-64 hash. This allows more concise and standard hash
specifications. For example, instead of
import <nix/fetchurl.nl> {
url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz;
sha256 = "5d22dad058d5c800d65a115f919da22938c50dd6ba98c5e3a183172d149840a4";
};
you can write
import <nix/fetchurl.nl> {
url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz;
hash = "sha256-XSLa0FjVyADWWhFfkZ2iKTjFDda6mMXjoYMXLRSYQKQ=";
};
In fixed-output derivations, the outputHashAlgo is no longer mandatory
if outputHash specifies the hash (either as an SRI or in the old
"<type>:<hash>" format).
'nix hash-{file,path}' now print hashes in SRI format by default. I
also reverted them to use SHA-256 by default because that's what we're
using most of the time in Nixpkgs.
Suggested by @zimbatm.
Diffstat (limited to 'tests/fetchurl.sh')
| -rw-r--r-- | tests/fetchurl.sh | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/tests/fetchurl.sh b/tests/fetchurl.sh index 9bbf044f7329..d51d081f5e3b 100644 --- a/tests/fetchurl.sh +++ b/tests/fetchurl.sh @@ -18,6 +18,17 @@ outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh cmp $outPath fetchurl.sh +# Now using an SRI hash. +clearStore + +hash=$(nix hash-file ./fetchurl.sh) + +[[ $hash =~ ^sha512- ]] + +outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr hash $hash --no-out-link --hashed-mirrors '') + +cmp $outPath fetchurl.sh + # Test the hashed mirror feature. clearStore |