wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-09 12:03:55 +02:00
Code Activity

Support SRI hashes

Browse source 
SRI hashes (https://www.w3.org/TR/SRI/) combine the hash algorithm and
a base-64 hash. This allows more concise and standard hash
specifications. For example, instead of

  import <nix/fetchurl.nl> {
    url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz;
    sha256 = "5d22dad058d5c800d65a115f919da22938c50dd6ba98c5e3a183172d149840a4";
  };

you can write

  import <nix/fetchurl.nl> {
    url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz;
    hash = "sha256-XSLa0FjVyADWWhFfkZ2iKTjFDda6mMXjoYMXLRSYQKQ=";
  };

In fixed-output derivations, the outputHashAlgo is no longer mandatory
if outputHash specifies the hash (either as an SRI or in the old
"<type>:<hash>" format).

'nix hash-{file,path}' now print hashes in SRI format by default. I
also reverted them to use SHA-256 by default because that's what we're
using most of the time in Nixpkgs.

Suggested by @zimbatm.
This commit is contained in:
Eelco Dolstra 2018-12-13 14:30:52 +01:00
parent c37e6d77ea
commit 6024dc1d97
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
8 changed files with 72 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tests/fetchurl.sh
View file

@ -18,6 +18,17 @@ outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh
cmp $outPath fetchurl.sh
# Now using an SRI hash.
clearStore
hash=$(nix hash-file ./fetchurl.sh)
[[ $hash =~ ^sha512- ]]
outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr hash $hash --no-out-link --hashed-mirrors '')
cmp $outPath fetchurl.sh
# Test the hashed mirror feature.
clearStore