Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yarn2nix: use sha512 by default #149834

Closed
wants to merge 11 commits into from
Closed

yarn2nix: use sha512 by default #149834

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
40c96df
yarn2nix: use sha512 by default
prusnak Dec 9, 2021
29ebfe6
yarn2nix: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
00f76eb
plausible: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
3e514ab
grafana-image-renderer: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
68e24d0
emscripten: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
6a64a46
apache-airflow: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
d470626
uivonim: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
73a58a3
vieb: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
a75993d
mirakurun: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
375cc41
puppeteer-cli: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
8385afe
meshcentral: convert to sha512 (regenerate via yarn2nix)
prusnak Dec 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,430 changes: 715 additions & 715 deletions pkgs/applications/editors/uivonim/yarn.nix
View file
Open in desktop

Large diffs are not rendered by default.

1,228 changes: 614 additions & 614 deletions pkgs/applications/networking/browsers/vieb/yarn.nix
View file
Open in desktop

Large diffs are not rendered by default.

940 changes: 470 additions & 470 deletions pkgs/applications/video/mirakurun/yarn.nix
View file
Open in desktop

Large diffs are not rendered by default.

456 changes: 228 additions & 228 deletions pkgs/development/compilers/emscripten/yarn.nix
View file
Open in desktop

Large diffs are not rendered by default.

2,120 changes: 1,060 additions & 1,060 deletions pkgs/development/python-modules/apache-airflow/yarn.nix
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions pkgs/development/tools/yarn2nix-moretea/yarn2nix/bin/yarn2nix.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const { docopt } = require('docopt')
const deepEqual = require('deep-equal')
const R = require('ramda')

const fixPkgAddMissingSha1 = require('../lib/fixPkgAddMissingSha1')
const fixPkgAddMissingSha512 = require('../lib/fixPkgAddMissingSha512')
const mapObjIndexedReturnArray = require('../lib/mapObjIndexedReturnArray')
const generateNix = require('../lib/generateNix')

Expand Down Expand Up @@ -63,7 +63,7 @@ let pkgs = R.pipe(

;(async () => {
if (!options['--no-patch']) {
pkgs = await Promise.all(R.map(fixPkgAddMissingSha1, pkgs))
pkgs = await Promise.all(R.map(fixPkgAddMissingSha512, pkgs))
}

const origJson = lockfile.parse(data)
Expand Down
20 changes: 10 additions & 10 deletions ...etea/yarn2nix/lib/fixPkgAddMissingSha1.js → ...ea/yarn2nix/lib/fixPkgAddMissingSha512.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ const https = require('https')
const crypto = require('crypto')

// TODO:
// make test case where getSha1 function is used, i.e. the case when resolved is without sha1?
// make test case where getSha512 function is used, i.e. the case when resolved is without sha512?
// consider using https://github.com/request/request-promise-native

function getSha1(url) {
function getSha512(url) {
return new Promise((resolve, reject) => {
https.get(url, res => {
const { statusCode } = res
const hash = crypto.createHash('sha1')
const hash = crypto.createHash('sha512')

if (statusCode !== 200) {
const err = new Error(`Request Failed.\nStatus Code: ${statusCode}`)
Expand All @@ -34,7 +34,7 @@ function getSha1(url) {
}

// Object -> Object
async function fixPkgAddMissingSha1(pkg) {
async function fixPkgAddMissingSha512(pkg) {
// local dependency

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also add something like

if (pkg.integrity) {
  return pkg;
}

as according to my understanding, integrity has priority over the hash in resolved.

if (!pkg.resolved) {
Expand All @@ -46,21 +46,21 @@ async function fixPkgAddMissingSha1(pkg) {
return pkg
}

const [url, sha1] = pkg.resolved.split('#', 2)
const [url, sha512] = pkg.resolved.split('#', 2)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned, I am not sure if resolved field can contain anything other than sha1. Will prolly need to scour https://github.com/yarnpkg/yarn


if (sha1 || url.startsWith('https://codeload.github.com')) {
if (sha512 || url.startsWith('https://codeload.github.com')) {
return pkg
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably do getSha512 if the sha1 is present.

}

// if there is no sha1 in resolved url
// if there is no sha512 in resolved url
// (this could happen if yarn.lock was generated by older version of yarn)
// - request it from registry by https and add it to pkg
const newSha1 = await getSha1(url)
const newSha512 = await getSha512(url)

return {
...pkg,
resolved: `${url}#${newSha1}`,
resolved: `${url}#${newSha512}`,
}
Comment on lines +62 to 63
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure this is supported. At least I have not seen it anywhere.

It would probably be better to use integrity: `sha512-${newSha512}`

}

module.exports = fixPkgAddMissingSha1
module.exports = fixPkgAddMissingSha512
6 changes: 3 additions & 3 deletions pkgs/development/tools/yarn2nix-moretea/yarn2nix/lib/generateNix.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ function fetchLockedDep(builtinFetchGit) {
return ''
}

const [url, sha1OrRev] = resolved.split('#')
const [url, sha512OrRev] = resolved.split('#')

const fileName = urlToName(url)

Expand All @@ -93,7 +93,7 @@ function fetchLockedDep(builtinFetchGit) {
}

if (url.startsWith('git+') || url.startsWith("git:")) {
const rev = sha1OrRev
const rev = sha512OrRev

const [_, branch] = nameWithVersion.split('#')

Expand All @@ -102,7 +102,7 @@ function fetchLockedDep(builtinFetchGit) {
return fetchgit(fileName, urlForGit, rev, branch || 'master', builtinFetchGit)
}

const [algo, hash] = integrity ? integrity.split('-') : ['sha1', sha1OrRev]
const [algo, hash] = integrity ? integrity.split('-') : ['sha512', sha512OrRev]

return ` {
name = "${fileName}";
Expand Down
Loading