Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: sha256 = sha256-.. => hash = sha256-.. #112388

Closed
wants to merge 1 commit into from
Closed

*: sha256 = sha256-.. => hash = sha256-.. #112388

wants to merge 1 commit into from

Conversation

mkg20001
Copy link
Member

@mkg20001 mkg20001 commented Feb 8, 2021

This commit replaces all hashes using the new format
and the old variable name (sha256 = "sha256-..") to
the new format (hash = "sha256-..")

Command used for changes

find -iname "*.nix" -type f -exec sed 's|sha256 = "sha256|hash = "sha256|g' -i {} +

//cc @worldofpeace

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot added 6.topic: erlang 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: golang 6.topic: nixos 6.topic: pantheon The Pantheon desktop environment 6.topic: python 6.topic: qt/kde 6.topic: stdenv Standard environment 6.topic: steam 6.topic: xfce The Xfce Desktop Environment 8.has: documentation labels Feb 8, 2021
@SuperSandro2000
Copy link
Member

This breaks easy updates for people not using sri hashes.

stigtsp
stigtsp requested changes Feb 8, 2021
View reviewed changes
Copy link
Member

@stigtsp stigtsp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi! The update script expects to find and update sha256. I suggest keeping sha256 for the two derivations in pkgs/top-level/perl-packages.nix if that's ok?

pkgs/top-level/perl-packages.nix
@@ -10184,7 +10184,7 @@ let
version = "0.78";
src = fetchurl {
url = "mirror://cpan/authors/id/P/PE/PEVANS/IO-Async-0.78.tar.gz";
sha256 = "sha256-P7UYhZd7hiGKiepC84yvvOWCO/SPqqLRhaGGwqNYNmw=";
hash = "sha256-P7UYhZd7hiGKiepC84yvvOWCO/SPqqLRhaGGwqNYNmw=";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
hash = "sha256-P7UYhZd7hiGKiepC84yvvOWCO/SPqqLRhaGGwqNYNmw=";
sha256 = "sha256-P7UYhZd7hiGKiepC84yvvOWCO/SPqqLRhaGGwqNYNmw=";

pkgs/top-level/perl-packages.nix
@@ -23090,7 +23090,7 @@ let
version = "1.01";
src = fetchurl {
url = "mirror://cpan/authors/id/G/GR/GRANTM/XML-Filter-Sort-1.01.tar.gz";
sha256 = "sha256-UQWF85pJFszV+o1UXpYXnJHq9vx8l6QBp1aOhBFi+l8=";
hash = "sha256-UQWF85pJFszV+o1UXpYXnJHq9vx8l6QBp1aOhBFi+l8=";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
hash = "sha256-UQWF85pJFszV+o1UXpYXnJHq9vx8l6QBp1aOhBFi+l8=";
sha256 = "sha256-UQWF85pJFszV+o1UXpYXnJHq9vx8l6QBp1aOhBFi+l8=";

@mkg20001
Copy link
Member Author

mkg20001 commented Feb 8, 2021

@SuperSandro2000 I suppose this PR might possibly be the right time to resolve those issues beforehand and then merge it. I'd say SRI is the future, so we shouldn't let that hold things back.

@SuperSandro2000
Copy link
Member

This should be done in badges or we can't review it and get frequent merge conflicts. Also right now it does not even eval and what do we do with all the hashes in the old format? If they are recalculated it definitely needs to be done in batches. Does this cause rebuilds? Is there a consensus on this? What do we do with PRs that introduce the old format?

@worldofpeace
Copy link
Contributor

Anyone can do nix to-sri --type sha256 0f7xysk0cl48q7i28m25hasmrp30grgm3kah0s7xmkjgm33887pi @SuperSandro2000

@mkg20001
*: sha256 = sha256-.. => hash = sha256-..
1d56931 
This commit replaces all hashes using the new format
and the old variable name (sha256 = "sha256-..") to
the new format (hash = "sha256-..")

Command used for changes

find -iname "*.nix" -type f -exec sed 's|sha256 = "sha256|hash = "sha256|g' -i {} +

//cc @worldofpeace
@jonringer
Copy link
Contributor

Anyone can do nix to-sri --type sha256 0f7xysk0cl48q7i28m25hasmrp30grgm3kah0s7xmkjgm33887pi @SuperSandro2000

Yea, but it's not a good user experience. At the very least I don't think we should be requesting changes to PR because they have a sha256 = <base32 hash>;.

Once 2.4 is stable, then the changes will mostly be sha256 -> hash, as the sri hash will be default.

@jtojnar
Copy link
Member

jtojnar commented Feb 8, 2021

Also fetchpatch and fetchgit (therefore also fetchFromGitHub with submodules) do not support hash yet: #79987

@vcunat
Copy link
Member

vcunat commented Apr 16, 2021

Honestly I fail to see motivation why replace all the hashes.

@jtojnar
Copy link
Member

jtojnar commented Apr 16, 2021
edited
Loading

I think standardization on a single format is a good idea to reduce the number of things new users need to learn about but it is simply too soon.

We need to decide if the attribute name should be narHash, hash, or integrity first, and then add support for it to fetchpatch and fetchgit. Only then we will be able to gradually migrate to the new attribute.

@ju1m ju1m mentioned this pull request Jul 11, 2021
Merged
11 tasks
@fabaff fabaff mentioned this pull request Sep 6, 2021
Merged
12 tasks
@Mindavi Mindavi added the 2.status: wait-for-upstream Waiting for upstream fix (or their other action). label Sep 21, 2021
@mkg20001 mkg20001 closed this Oct 19, 2021
@mkg20001 mkg20001 deleted the hash-stuff branch October 19, 2021 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stigtsp stigtsp stigtsp requested changes

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@kalbasit kalbasit Awaiting requested review from kalbasit

@Mic92 Mic92 Awaiting requested review from Mic92

@mmahut mmahut Awaiting requested review from mmahut

@RaghavSood RaghavSood Awaiting requested review from RaghavSood

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice

@ttuegel ttuegel Awaiting requested review from ttuegel

@zowoq zowoq Awaiting requested review from zowoq

Assignees
No one assigned
Labels
2.status: wait-for-upstream Waiting for upstream fix (or their other action). 6.topic: erlang 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: golang 6.topic: nixos 6.topic: pantheon The Pantheon desktop environment 6.topic: python 6.topic: qt/kde 6.topic: stdenv Standard environment 6.topic: steam 6.topic: xfce The Xfce Desktop Environment 8.has: documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@mkg20001 @SuperSandro2000 @worldofpeace @jonringer @jtojnar @vcunat @stigtsp @Mindavi