zig build dependencies: name the hash function used in the manifest

[andrewrk]

Extracted from #14265.

Currently the build.zig.ini file uses:

hash=c9b30cffc40999d2c078ff350cbcee642970a224fe123c756d0892f876cf1aae

This is a SHA-256 hex-encoded digest. This proposal is to change it to:

hash.digest=c9b30cffc40999d2c078ff350cbcee642970a224fe123c756d0892f876cf1aae
hash.function=sha256

Or perhaps:

hash=sha256=c9b30cffc40999d2c078ff350cbcee642970a224fe123c756d0892f876cf1aae

Idea being to leave room for an upgrade to a different hash function in the future.

The second form may be preferred in order to ease copy+pasting from an error message, and so that diffs of hashes are only one line each.

Another possible syntax would be to use _ instead of = which would allow hashes to be used as field names in #14290 without use of @"" syntax.

[deflock]

Nix uses hash: sha256-<base64(hash)>, cannot be selected by double-clicking.

Does it make sense to support more than one hashing method? Earlier it was popular to have md5+sha1.
Looks like hash is going to be package's unique id and it may complicate resolving in some way 🤔

[nektro]

i also prefer the latter one line version

[motiejus]

When we start phasing out sha256 far in the future, transitional period may be easier by using two hash functions simultaneously. Perhaps we should consider a format that can support multiple hashes for the same artifact.

Therefore, if we do this:

hash=sha256=c9b30cffc40999d2c078ff350cbcee642970a224fe123c756d0892f876cf1aae

Implies that there is only a single hash, or multiple fields in the same section are allowed.

hash_sha256, hash.sha256 or variants would resolve this.

Like others, I agree that having algorithm+hash on the same line makes sense: one cannot live without the other, and don't bloat the line too much.

[leroycep]

There is multihash. It encodes the hash algorithm + the hash size in a binary format. That would make it more difficult for the user to tell which format it is from the file. Anyway, I think it's at least worth considering including the hash size along with the algorithm like multihash does.

[chr-1x]

If using ZON, it'd be pretty neat to support multiple hashes like:

.hash = {
    .sha256 = "bfac1bf4e5ab32b7a2cc424bf35b2eade5b783757a90d3108a4173bb1684dbe9",
    .md5 = "965cc7027c64265a2e4bd602dfcc85b1",
},

In this case having only one hash function can simplify to the oneliner:

.hash = { .sha256 = "bfac1bf4e5ab32b7a2cc424bf35b2eade5b783757a90d3108a4173bb1684dbe9" },

[gcoakes]

There is multihash.

I implemented multihash already, if anyone wants to rip it for use here. https://git.sr.ht/~gcoakes/zig-multihash