-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn2nix: use sha512 by default #149834
yarn2nix: use sha512 by default #149834
Conversation
22cbd65
to
b546960
Compare
b546960
to
f167823
Compare
f167823
to
c5eec7c
Compare
c5eec7c
to
8385afe
Compare
resolved: `${url}#${newSha512}`, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure this is supported. At least I have not seen it anywhere.
It would probably be better to use integrity: `sha512-${newSha512}`
@@ -34,7 +34,7 @@ function getSha1(url) { | |||
} | |||
|
|||
// Object -> Object | |||
async function fixPkgAddMissingSha1(pkg) { | |||
async function fixPkgAddMissingSha512(pkg) { | |||
// local dependency | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would also add something like
if (pkg.integrity) {
return pkg;
}
as according to my understanding, integrity
has priority over the hash in resolved
.
@@ -46,21 +46,21 @@ async function fixPkgAddMissingSha1(pkg) { | |||
return pkg | |||
} | |||
|
|||
const [url, sha1] = pkg.resolved.split('#', 2) | |||
const [url, sha512] = pkg.resolved.split('#', 2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned, I am not sure if resolved
field can contain anything other than sha1
. Will prolly need to scour https://github.com/yarnpkg/yarn
|
||
if (sha1 || url.startsWith('https://codeload.github.com')) { | ||
if (sha512 || url.startsWith('https://codeload.github.com')) { | ||
return pkg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably do getSha512
if the sha1
is present.
}; | ||
} | ||
{ | ||
name = "to_readable_stream___to_readable_stream_1.0.0.tgz"; | ||
path = fetchurl { | ||
name = "to_readable_stream___to_readable_stream_1.0.0.tgz"; | ||
url = "https://registry.yarnpkg.com/to-readable-stream/-/to-readable-stream-1.0.0.tgz"; | ||
sha1 = "ce0aa0c2f3df6adf852efb404a783e77c0475771"; | ||
sha512 = "Iq25XBt6zD5npPhlLVXGFN3/gyR2/qODcKNNyTMd4vbm39HUaOiAM4PMq0eMVC/Tkxz+Zjdsc55g9yyz+Yq00Q=="; | ||
}; | ||
} | ||
{ | ||
name = "to_regex_range___to_regex_range_2.1.1.tgz"; | ||
path = fetchurl { | ||
name = "to_regex_range___to_regex_range_2.1.1.tgz"; | ||
url = "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-2. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Example of sha1
The resolved field always uses sha1, so some parts of this change don't make sense. With #119522 we should already use sha512 most of the time? Please also consider and test the IFD-mode of yarn2nix where we have to use what's in the yarn.lock file. |
Motivation for this change
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes