about summary refs log tree commit diff
path: root/tvix/nix-compat/src/nixhash
AgeCommit message (Collapse)AuthorFilesLines
2024-01-20 r/7429 fix(nix-compat): accept SRI hashes of invalid lengthRyan Lahfa1-2/+36
In cl/10468, we accepted SRI hashes of invalid padding while checking their trailing bits. In this commit, we accept SRI hashes of invalid padding and invalid length, as Nix does. Real world example: `pkgs.javaPackages.openjfx11.deps` <https://github.com/NixOS/nixpkgs/blob/849e4dc5ff0ae70fb7a0df19dbbf633e408c0f32/pkgs/development/compilers/openjdk/openjfx/11.nix#L71> in nixpkgs. Change-Id: I834437e7b94dab9fbb030163f7a2741f52bbf03a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10668 Autosubmit: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2024-01-03 r/7309 fix(nix-compat/nix-hash): relax padding requirementsFlorian Klink1-22/+29
Nix is quite tolerant when it comes to parsing SRI hashes and their padding (and only for SRI hashes, it funnily is strict about that in the non-SRI-hash case). Nix essentially accepts any number of padding characters, no matter if it's too much or too little. So we do the only sane thing - simply strip all padding characters, and parse it with BASE64_NOPAD and the length the algo uses. Change-Id: I6a721aa289b06cc36741589792b9dd4c4f930b86 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10468 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-12-21 r/7243 docs(nix-compat/nixhash): fix referenceFlorian Klink1-1/+1
Change-Id: I95c35a1405601c6f79cbc03462ab7c7cd6f08f2a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10397 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de>
2023-11-22 r/7045 refactor(tvix/nix-compat): cleanup parse_{ca,hash} and fmt structsFlorian Klink2-7/+70
These were used to format to and parse from strings. Move this to the CAHash and NixHash structs directly, and be explicit in the name about which encoding for digests is used. For output path calculation, nix encodes the nixpaths in hex, but for writing out NARInfos, it's using nixbase32. Change-Id: Ia585a76a3811b2609e7ce259fda66a29403b7e07 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10079 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-11-10 r/6983 feat(nix-compat/nixbase32): use data_encoding::DecodeErroredef1-1/+1
Rather than having our own error type, just make decoding errors use the same common error type. Change-Id: Ie2c86972f3745c695253adc3214444ac0ab8db6e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9995 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-27 r/6886 fix(tvix/nix-compat): don't box CAHash::Textedef1-6/+6
Change-Id: I31df3909bc21c9038f9fb831879e60e541242819 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9853 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-10-27 r/6883 refactor(tvix): condense long bytestringsedef1-33/+10
Change-Id: I3bea0827ec2c8db835334ce378a7bf3a39e9b1a3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9849 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-10-23 r/6871 refactor(tvix/nix-compat): rename NixHashWithMode -> CAHashFlorian Klink2-92/+35
This specific struct is only used to represent content-addressed paths (in case a Derivation has a fixed-output hash, for example). Rename `Output`'s `hash_with_mode` to `ca_hash`. We now also include `CAHash::Text`, and update the `validate` function of the `Output` struct to reject text hashes there. This allows cleaning up the various output path calculation functions inside nix-compat/src/store_path/utils.rs, as they can now match on the type. `make_type` is renamed to `make_references_string`, `build_regular_ca_path` is renamed to `build_ca_path`, and `build_text_path` has a disclaimer added, because you might not actually want to use it. Change-Id: I674d065f2ed5c804012ddfed56e161ac49d23931 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9814 Tested-by: BuildkiteCI Reviewed-by: raitobezarius <tvl@lahfa.xyz>
2023-10-16 r/6831 feat(nix-compat/{aterm,derivation}): init parserFlorian Klink1-1/+1
This provides a nom-based parser for Nix derivations in ATerm format, which can be reached via `Derivation::from_aterm_bytes`. Some of the lower-level ATerm primitives are moved into a (new) aterm module, and some more higher-level ones that construct derivation- specific types. Also, move the escape_bytes function into there, this is a generic ATerm thing. Change-Id: I2b03b8a1461c7ea2fcb8640c2fc3d1fa3ea719fb Reviewed-on: https://cl.tvl.fyi/c/depot/+/9730 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-10-16 r/6825 refactor(tvix/nix-compat): clippyFlorian Klink1-2/+2
Change-Id: I56282d9754b42e0e6cdbb08e9ae71f5700d28dd1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9747 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-10-15 r/6813 feat(tvix/nix-compat/nixhash/NixHashWithMode): from_algo_mode_hashFlorian Klink2-2/+48
Change-Id: Ieae628fab1926a498ae5c3eb27df1b722e6151d7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9728 Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-10-15 r/6812 refactor(nix-compat/nixhash): add Result type aliasFlorian Klink1-6/+9
Change-Id: Id0248047e9642d38afc106629957a2e7608f8c78 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9727 Reviewed-by: Connor Brewster <cbrewster@hey.com> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-10-15 r/6811 refactor(nix-compat/nixhash): box sha512Florian Klink1-4/+4
Limit the amount of memory consumed on the stack for NixHash. Sha512 isn't used that often, so it's fine if we heap-allocate it. Change-Id: I4a9eecd20c6184610124dc130c41bfa5d0dc04c5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9726 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-10-14 r/6807 refactor(tvix/nix-compat): make NixHash an enum with fixed-len bytesFlorian Klink3-153/+180
Less Vec<u8> passed around. Change-Id: Ie153a6bfaa084d7490ffa38634efdf5f3c31a768 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9722 Reviewed-by: Connor Brewster <cbrewster@hey.com> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-08-20 r/6513 docs(tvix/nix-compat/nixhash): update commentsFlorian Klink1-4/+6
Change-Id: I46660da84065fd6938f581e14d67e231dca3c3ea Reviewed-on: https://cl.tvl.fyi/c/depot/+/9112 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-08-20 r/6512 refactor(tvix/nix-compat/nixhash): validate digest lengthsFlorian Klink2-26/+54
There was a NixHash::new() before, which didn't perform any validation of the digest length. We had some length validation when parsing nix hashes or SRI hashes, but some places didn't perform validation and/or constructed the struct directly. Replace NixHash::new() with a `impl TryFrom<(HashAlgo, Vec<u8>)> for NixHash`, which does do this validation, and update constructing code to use that, rather than populating structs directly. In some rare cases where we're sure the digest length is correct we still populate the struct manually. Fixes b/291. Change-Id: I7a323c5b18d94de0ec15e391b3e7586df42f4229 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9109 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-08-20 r/6494 feat(tvix/nix-compat): don't swallow hash validation errorsRyan Lahfa2-57/+97
Previously, Output deserialization would silence validation errors and provide `None` for `hash_with_mode` as soon as a validation error would happen inside of the `NixHashWithMode` deserialization, e.g. invalid hash length would not provide an validation error but a silent `None` value. This is problematic, we workaround a serde limitation here by writing our own Deserializer. As you can see, we write some boilerplate code unfortunately, as, for example: - `#[serde(fail_if_unparsed_as="Option::is_none")]` is not a thing, otherwise, we could have been able to just bubble up errors in case of "not fully parsed" (and not missing) values. - `From<&serde_json::Value> for serde::de::Unexpected` is not a thing, otherwise, we could just map invalid type errors and reuse the existing types instead of doing extremely bizarre things with `serde::de::Unexpected::Other`, note: this is a not problem for expected, we know what we expect, we don't know what we received in practice. I decided to write a `NixHashWithMode::from_map` which will eat a map deserialized via `serde_json`, so our serde magic is not totally "data model" agnostic. I wanted to go for data model agnosticity and enable maximal performance, e.g. building the structure as the map values are streamed in the Visitor, this is needlessly painful because `Output` and `NixHashWithMode` are in different files and this really makes sense only if we write the full implementation in one file, indeed, otherwise, you end up duplicating the work or having strange coupling. So, for now, we will allocate a full map of the fields inside the `Output`, i.e. if any "unknown field" is in that map, we will deserialize it for no reason. Doing it properly, as I repeat it in the code and to flokli at C3Camp 2023, requires to patch serde upstream IMHO. Change-Id: I46fe6ccb8c390c48d6934fd3e3f02a0dfe59557b Reviewed-on: https://cl.tvl.fyi/c/depot/+/9107 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-08-19 r/6489 refactor(tvix/nix-compat/nixhash): use shorthand struct initFlorian Klink1-1/+1
Change-Id: I1e52b752408a70fdb27e3e5c6f3bef5417b3e922 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9085 Tested-by: BuildkiteCI Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de>
2023-07-31 r/6446 chore(tvix/nix-compat): drop useless cloneFlorian Klink1-1/+1
HashAlgo implements Copy, no need to clone here. Change-Id: Ief11d2cfbd4fd0cd44224c7ddd575f518edbbd55 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8989 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de>
2023-04-09 r/6088 refactor(nix-compat): Properly encapsulate store path constructionJohn Ericson2-5/+30
Before there was code scattered about (e.g. text hashing module and derivation output computation) constructing store paths from low level building blocks --- there was some duplication and it was easy to make nonsense store paths. Now, we have roughly the same "safe-ish" ways of constructing them as C++ Nix, and only those are exposed: - Make text hashed content-addressed store paths - Make other content-addressed store paths - Make input-addressed fixed output hashes Change-Id: I122a3ee0802b4f45ae386306b95b698991be89c8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8411 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-03-31 r/6068 refactor(nix-compat) Make `nixhash_*` mods hierarchicalJohn Ericson3-0/+604
They can go under `nixhash` Change-Id: Ia15835c57130b66d58f5df80ae9595dceee00941 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8408 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI