Package: guix-patches;
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Tue, 23 Jun 2020 15:37:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 42020 in the body.
You can then email your comments to 42020 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#42020; Package guix-patches.
(Tue, 23 Jun 2020 15:37:01 GMT) Full text and rfc822 format available.Ludovic Courtès <ludo <at> gnu.org>:guix-patches <at> gnu.org.
(Tue, 23 Jun 2020 15:37:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: guix-patches <at> gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Date: Tue, 23 Jun 2020 17:36:33 +0200
Hello! This is a followup to: https://issues.guix.gnu.org/41382 This patch series adds daemon support for a few more cryptographic hash functions, for use by fixed-output derivations (origins) and the likes. We should wait for a year or so before using those algorithms in package definitions so we can assume that the new daemon is widespread. Note that there are still places where SHA256 is hard-coded. For instance, the ‘query-path-hash’ RPC always returns a SHA256 hash. Internally, the ‘ValidPaths’ table of the database can store any hash, but in practice it only ever contains a SHA256 hash (see ‘LocalStore::addValidPath’ and (guix store database)). Feedback welcome! Ludo’. Ludovic Courtès (4): daemon: Map directly to gcrypt hash functions. daemon: Remove OpenSSL hash compatibility wrappers. daemon: Recognize SHA3 and BLAKE2s. packages: Recognize SHA3 and BLAKE2s for 'content-hash'. guix/packages.scm | 5 ++- nix/libutil/gcrypt-hash.cc | 51 ----------------------------- nix/libutil/gcrypt-hash.hh | 50 ---------------------------- nix/libutil/hash.cc | 67 +++++++++++++++++++------------------- nix/libutil/hash.hh | 20 +++++++----- nix/libutil/md5.h | 35 -------------------- nix/libutil/sha1.h | 35 -------------------- nix/libutil/sha256.h | 35 -------------------- nix/libutil/sha512.h | 35 -------------------- nix/local.mk | 12 ++----- tests/packages.scm | 26 +++++++++++++++ tests/store.scm | 4 +-- 12 files changed, 80 insertions(+), 295 deletions(-) delete mode 100644 nix/libutil/gcrypt-hash.cc delete mode 100644 nix/libutil/gcrypt-hash.hh delete mode 100644 nix/libutil/md5.h delete mode 100644 nix/libutil/sha1.h delete mode 100644 nix/libutil/sha256.h delete mode 100644 nix/libutil/sha512.h -- 2.26.2
guix-patches <at> gnu.org:bug#42020; Package guix-patches.
(Tue, 23 Jun 2020 15:56:02 GMT) Full text and rfc822 format available.Message #8 received at 42020 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 42020 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 1/4] daemon: Map directly to gcrypt hash functions. Date: Tue, 23 Jun 2020 17:55:44 +0200
* nix/libutil/hash.hh (HashType): Map directly to GCRY_MD_ values.
(md5HashSize, sha1HashSize, sha256HashSize, sha512HashSize): Remove.
* nix/libutil/hash.cc (Hash::Hash): Use 'gcry_md_get_algo_dlen'.
---
nix/libutil/hash.cc | 8 +++-----
nix/libutil/hash.hh | 17 +++++++++--------
2 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index ea69aa64f9..251f18f60e 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -38,11 +38,9 @@ Hash::Hash()
Hash::Hash(HashType type)
{
this->type = type;
- if (type == htMD5) hashSize = md5HashSize;
- else if (type == htSHA1) hashSize = sha1HashSize;
- else if (type == htSHA256) hashSize = sha256HashSize;
- else if (type == htSHA512) hashSize = sha512HashSize;
- else throw Error("unknown hash type");
+ hashSize = gcry_md_get_algo_dlen(type);
+
+ if (hashSize == 0) throw Error("unknown hash type");
assert(hashSize <= maxHashSize);
memset(hash, 0, maxHashSize);
}
diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh
index 6b5e47cd8a..7357a34e1d 100644
--- a/nix/libutil/hash.hh
+++ b/nix/libutil/hash.hh
@@ -1,5 +1,7 @@
#pragma once
+#include <gcrypt.h>
+
#include "types.hh"
#include "serialise.hh"
@@ -7,16 +9,15 @@
namespace nix {
-typedef enum { htUnknown, htMD5, htSHA1, htSHA256, htSHA512 } HashType;
-
-
-const int md5HashSize = 16;
-const int sha1HashSize = 20;
-const int sha256HashSize = 32;
-const int sha512HashSize = 64;
-
extern const string base32Chars;
+typedef enum {
+ htUnknown = 0,
+ htMD5 = GCRY_MD_MD5,
+ htSHA1 = GCRY_MD_SHA1,
+ htSHA256 = GCRY_MD_SHA256,
+ htSHA512 = GCRY_MD_SHA512
+} HashType;
struct Hash
{
--
2.26.2
guix-patches <at> gnu.org:bug#42020; Package guix-patches.
(Tue, 23 Jun 2020 15:57:01 GMT) Full text and rfc822 format available.Message #11 received at 42020 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 42020 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 3/4] daemon: Recognize SHA3 and BLAKE2s. Date: Tue, 23 Jun 2020 17:55:46 +0200
* nix/libutil/hash.hh (HashType): Add htSHA3_256, htSHA3_512, and
htBLAKE2s_256.
* nix/libutil/hash.cc (parseHashType, printHashType): Recognize them.
* tests/store.scm ("add-to-store"): Test these algorithms.
---
nix/libutil/hash.cc | 6 ++++++
nix/libutil/hash.hh | 5 ++++-
tests/store.scm | 4 ++--
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index 20d2e4b724..7853acdd49 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -321,6 +321,9 @@ HashType parseHashType(const string & s)
else if (s == "sha1") return htSHA1;
else if (s == "sha256") return htSHA256;
else if (s == "sha512") return htSHA512;
+ else if (s == "sha3-256") return htSHA3_256;
+ else if (s == "sha3-512") return htSHA3_512;
+ else if (s == "blake2s-256") return htBLAKE2s_256;
else return htUnknown;
}
@@ -331,6 +334,9 @@ string printHashType(HashType ht)
else if (ht == htSHA1) return "sha1";
else if (ht == htSHA256) return "sha256";
else if (ht == htSHA512) return "sha512";
+ else if (ht == htSHA3_256) return "sha3-256";
+ else if (ht == htSHA3_512) return "sha3-512";
+ else if (ht == htBLAKE2s_256) return "blake2s-256";
else throw Error("cannot print unknown hash type");
}
diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh
index 7357a34e1d..ac58651a02 100644
--- a/nix/libutil/hash.hh
+++ b/nix/libutil/hash.hh
@@ -16,7 +16,10 @@ typedef enum {
htMD5 = GCRY_MD_MD5,
htSHA1 = GCRY_MD_SHA1,
htSHA256 = GCRY_MD_SHA256,
- htSHA512 = GCRY_MD_SHA512
+ htSHA512 = GCRY_MD_SHA512,
+ htSHA3_256 = GCRY_MD_SHA3_256,
+ htSHA3_512 = GCRY_MD_SHA3_512,
+ htBLAKE2s_256 = GCRY_MD_BLAKE2S_256
} HashType;
struct Hash
diff --git a/tests/store.scm b/tests/store.scm
index 06f7939657..ee3e01f33b 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -116,7 +116,7 @@
(list (stat:uid s) (stat:perms s))))
(test-equal "add-to-store"
- '("sha1" "sha256" "sha512")
+ '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256")
(let* ((file (search-path %load-path "guix.scm"))
(content (call-with-input-file file get-bytevector-all)))
(map (lambda (hash-algo)
@@ -125,7 +125,7 @@
(bytevector=? (call-with-input-file file get-bytevector-all)
content)
hash-algo)))
- '("sha1" "sha256" "sha512"))))
+ '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256"))))
(test-equal "add-data-to-store"
#vu8(1 2 3 4 5)
--
2.26.2
guix-patches <at> gnu.org:bug#42020; Package guix-patches.
(Tue, 23 Jun 2020 15:57:02 GMT) Full text and rfc822 format available.Message #14 received at 42020 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 42020 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers. Date: Tue, 23 Jun 2020 17:55:45 +0200
* nix/libutil/hash.cc (struct Ctx): Copy from gcrypt-hash.hh.
(start, update, finish): Use gcrypt functions directly instead of
OpenSSL-like wrappers.
* nix/libutil/gcrypt-hash.cc, nix/libutil/gcrypt-hash.hh,
nix/libutil/md5.h, nix/libutil/sha1.h, nix/libutil/sha256.h,
nix/libutil/sha512.h: Remove.
* nix/local.mk (libutil_a_SOURCES, libutil_headers): Adjust
accordingly.
---
nix/libutil/gcrypt-hash.cc | 51 ------------------------------------
nix/libutil/gcrypt-hash.hh | 50 -----------------------------------
nix/libutil/hash.cc | 53 +++++++++++++++++---------------------
nix/libutil/md5.h | 35 -------------------------
nix/libutil/sha1.h | 35 -------------------------
nix/libutil/sha256.h | 35 -------------------------
nix/libutil/sha512.h | 35 -------------------------
nix/local.mk | 12 +++------
8 files changed, 27 insertions(+), 279 deletions(-)
delete mode 100644 nix/libutil/gcrypt-hash.cc
delete mode 100644 nix/libutil/gcrypt-hash.hh
delete mode 100644 nix/libutil/md5.h
delete mode 100644 nix/libutil/sha1.h
delete mode 100644 nix/libutil/sha256.h
delete mode 100644 nix/libutil/sha512.h
diff --git a/nix/libutil/gcrypt-hash.cc b/nix/libutil/gcrypt-hash.cc
deleted file mode 100644
index c4ae7bfcc2..0000000000
--- a/nix/libutil/gcrypt-hash.cc
+++ /dev/null
@@ -1,51 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2013 Ludovic Courtès <ludo <at> gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <config.h>
-
-#include <gcrypt-hash.hh>
-#include <assert.h>
-
-extern "C" {
-
-void
-guix_hash_init (struct guix_hash_context *ctx, int algo)
-{
- gcry_error_t err;
-
- err = gcry_md_open (&ctx->md_handle, algo, 0);
- assert (err == GPG_ERR_NO_ERROR);
-}
-
-void
-guix_hash_update (struct guix_hash_context *ctx, const void *buffer, size_t len)
-{
- gcry_md_write (ctx->md_handle, buffer, len);
-}
-
-void
-guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
- int algo)
-{
- memcpy (resbuf, gcry_md_read (ctx->md_handle, algo),
- gcry_md_get_algo_dlen (algo));
- gcry_md_close (ctx->md_handle);
- ctx->md_handle = NULL;
-}
-
-}
diff --git a/nix/libutil/gcrypt-hash.hh b/nix/libutil/gcrypt-hash.hh
deleted file mode 100644
index 11f061159f..0000000000
--- a/nix/libutil/gcrypt-hash.hh
+++ /dev/null
@@ -1,50 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2013 Ludovic Courtès <ludo <at> gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-/* An OpenSSL-like interface to GNU libgcrypt cryptographic hash
- functions. */
-
-#pragma once
-#include <gcrypt.h>
-#include <unistd.h>
-
-struct guix_hash_context
-{
- /* This copy constructor is needed in 'HashSink::currentHash()' where we
- expect the copy of a 'Ctx' object to yield a truly different context. */
- guix_hash_context (guix_hash_context &ref)
- {
- if (ref.md_handle == NULL)
- md_handle = NULL;
- else
- gcry_md_copy (&md_handle, ref.md_handle);
- }
-
- /* Make sure 'md_handle' is always initialized. */
- guix_hash_context (): md_handle (NULL) { };
-
- gcry_md_hd_t md_handle;
-};
-
-extern "C" {
-extern void guix_hash_init (struct guix_hash_context *ctx, int algo);
-extern void guix_hash_update (struct guix_hash_context *ctx, const void *buffer,
- size_t len);
-extern void guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
- int algo);
-}
diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index 251f18f60e..20d2e4b724 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -3,18 +3,6 @@
#include <iostream>
#include <cstring>
-#ifdef HAVE_OPENSSL
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#else
-extern "C" {
-#include "md5.h"
-#include "sha1.h"
-#include "sha256.h"
-#include "sha512.h"
-}
-#endif
-
#include "hash.hh"
#include "archive.hh"
#include "util.hh"
@@ -193,41 +181,48 @@ bool isHash(const string & s)
return true;
}
-
+/* The "hash context". */
struct Ctx
{
- MD5_CTX md5;
- SHA_CTX sha1;
- SHA256_CTX sha256;
- SHA512_CTX sha512;
+ /* This copy constructor is needed in 'HashSink::currentHash()' where we
+ expect the copy of a 'Ctx' object to yield a truly different context. */
+ Ctx(Ctx &ref)
+ {
+ if (ref.md_handle == NULL)
+ md_handle = NULL;
+ else
+ gcry_md_copy (&md_handle, ref.md_handle);
+ }
+
+ /* Make sure 'md_handle' is always initialized. */
+ Ctx(): md_handle (NULL) { };
+
+ gcry_md_hd_t md_handle;
};
static void start(HashType ht, Ctx & ctx)
{
- if (ht == htMD5) MD5_Init(&ctx.md5);
- else if (ht == htSHA1) SHA1_Init(&ctx.sha1);
- else if (ht == htSHA256) SHA256_Init(&ctx.sha256);
- else if (ht == htSHA512) SHA512_Init(&ctx.sha512);
+ gcry_error_t err;
+
+ err = gcry_md_open (&ctx.md_handle, ht, 0);
+ assert (err == GPG_ERR_NO_ERROR);
}
static void update(HashType ht, Ctx & ctx,
const unsigned char * bytes, unsigned int len)
{
- if (ht == htMD5) MD5_Update(&ctx.md5, bytes, len);
- else if (ht == htSHA1) SHA1_Update(&ctx.sha1, bytes, len);
- else if (ht == htSHA256) SHA256_Update(&ctx.sha256, bytes, len);
- else if (ht == htSHA512) SHA512_Update(&ctx.sha512, bytes, len);
+ gcry_md_write (ctx.md_handle, bytes, len);
}
static void finish(HashType ht, Ctx & ctx, unsigned char * hash)
{
- if (ht == htMD5) MD5_Final(hash, &ctx.md5);
- else if (ht == htSHA1) SHA1_Final(hash, &ctx.sha1);
- else if (ht == htSHA256) SHA256_Final(hash, &ctx.sha256);
- else if (ht == htSHA512) SHA512_Final(hash, &ctx.sha512);
+ memcpy (hash, gcry_md_read (ctx.md_handle, ht),
+ gcry_md_get_algo_dlen (ht));
+ gcry_md_close (ctx.md_handle);
+ ctx.md_handle = NULL;
}
diff --git a/nix/libutil/md5.h b/nix/libutil/md5.h
deleted file mode 100644
index 4583a458b3..0000000000
--- a/nix/libutil/md5.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012 Ludovic Courtès <ludo <at> gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define MD5_CTX guix_hash_context
-
-static inline void
-MD5_Init (struct MD5_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_MD5);
-}
-
-#define MD5_Update guix_hash_update
-
-static inline void
-MD5_Final (void *resbuf, struct MD5_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_MD5);
-}
diff --git a/nix/libutil/sha1.h b/nix/libutil/sha1.h
deleted file mode 100644
index d2d071e058..0000000000
--- a/nix/libutil/sha1.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012 Ludovic Courtès <ludo <at> gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define SHA_CTX guix_hash_context
-
-static inline void
-SHA1_Init (struct SHA_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_SHA1);
-}
-
-#define SHA1_Update guix_hash_update
-
-static inline void
-SHA1_Final (void *resbuf, struct SHA_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_SHA1);
-}
diff --git a/nix/libutil/sha256.h b/nix/libutil/sha256.h
deleted file mode 100644
index ca95d7fea8..0000000000
--- a/nix/libutil/sha256.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012 Ludovic Courtès <ludo <at> gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define SHA256_CTX guix_hash_context
-
-static inline void
-SHA256_Init (struct SHA256_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_SHA256);
-}
-
-#define SHA256_Update guix_hash_update
-
-static inline void
-SHA256_Final (void *resbuf, struct SHA256_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_SHA256);
-}
diff --git a/nix/libutil/sha512.h b/nix/libutil/sha512.h
deleted file mode 100644
index d2abab4c5f..0000000000
--- a/nix/libutil/sha512.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2015 Ludovic Courtès <ludo <at> gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define SHA512_CTX guix_hash_context
-
-static inline void
-SHA512_Init (struct SHA512_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_SHA512);
-}
-
-#define SHA512_Update guix_hash_update
-
-static inline void
-SHA512_Final (void *resbuf, struct SHA512_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_SHA512);
-}
diff --git a/nix/local.mk b/nix/local.mk
index c136fb7202..005cde5563 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -1,5 +1,5 @@
# GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019 Ludovic Courtès <ludo <at> gnu.org>
+# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo <at> gnu.org>
# Copyright © 2016 Mathieu Lirzin <mthl <at> gnu.org>
# Copyright © 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
#
@@ -56,8 +56,7 @@ libutil_a_SOURCES = \
%D%/libutil/affinity.cc \
%D%/libutil/serialise.cc \
%D%/libutil/util.cc \
- %D%/libutil/hash.cc \
- %D%/libutil/gcrypt-hash.cc
+ %D%/libutil/hash.cc
libutil_headers = \
%D%/libutil/affinity.hh \
@@ -65,12 +64,7 @@ libutil_headers = \
%D%/libutil/serialise.hh \
%D%/libutil/util.hh \
%D%/libutil/archive.hh \
- %D%/libutil/types.hh \
- %D%/libutil/gcrypt-hash.hh \
- %D%/libutil/md5.h \
- %D%/libutil/sha1.h \
- %D%/libutil/sha256.h \
- %D%/libutil/sha512.h
+ %D%/libutil/types.hh
libutil_a_CPPFLAGS = \
-I$(top_builddir)/nix \
--
2.26.2
guix-patches <at> gnu.org:bug#42020; Package guix-patches.
(Tue, 23 Jun 2020 15:57:02 GMT) Full text and rfc822 format available.Message #17 received at 42020 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 42020 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 4/4] packages: Recognize SHA3 and BLAKE2s for 'content-hash'. Date: Tue, 23 Jun 2020 17:55:47 +0200
* guix/packages.scm (build-content-hash): Add 'sha3-256', 'sha3-512',
and 'blake2s-256'.
* tests/packages.scm ("package-source-derivation, origin, sha3-512"):
New test.
---
guix/packages.scm | 5 ++++-
tests/packages.scm | 26 ++++++++++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/guix/packages.scm b/guix/packages.scm
index 1e0ec41b76..68ef718872 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -191,7 +191,10 @@ its first argument has the right size for the chosen algorithm."
(define-content-hash-constructor build-content-hash
(sha256 32)
- (sha512 64))
+ (sha512 64)
+ (sha3-256 32)
+ (sha3-512 64)
+ (blake2s-256 64))
(define-syntax content-hash
(lambda (s)
diff --git a/tests/packages.scm b/tests/packages.scm
index c7b6f669b5..26377b269b 100644
--- a/tests/packages.scm
+++ b/tests/packages.scm
@@ -524,6 +524,32 @@
(build-derivations %store (list drv))
(call-with-input-file output get-string-all)))
+(test-equal "package-source-derivation, origin, sha3-512"
+ "hello, sha3"
+ (let* ((bash (search-bootstrap-binary "bash" (%current-system)))
+ (builder (add-text-to-store %store "my-fixed-builder.sh"
+ "echo -n hello, sha3 > $out" '()))
+ (method (lambda* (url hash-algo hash #:optional name
+ #:rest rest)
+ (and (eq? hash-algo 'sha3-512)
+ (raw-derivation name bash (list builder)
+ #:sources (list builder)
+ #:hash hash
+ #:hash-algo hash-algo))))
+ (source (origin
+ (method method)
+ (uri "unused://")
+ (file-name "origin-sha3")
+ (hash (content-hash
+ (gcrypt:bytevector-hash (string->utf8 "hello, sha3")
+ (gcrypt:lookup-hash-algorithm
+ 'sha3-512))
+ sha3-512))))
+ (drv (package-source-derivation %store source))
+ (output (derivation->output-path drv)))
+ (build-derivations %store (list drv))
+ (call-with-input-file output get-string-all)))
+
(unless (network-reachable?) (test-skip 1))
(test-equal "package-source-derivation, snippet"
"OK"
--
2.26.2
Ludovic Courtès <ludo <at> gnu.org>:Ludovic Courtès <ludo <at> gnu.org>:Message #22 received at 42020-done <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 42020-done <at> debbugs.gnu.org Subject: Re: [bug#42020] [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s Date: Sat, 27 Jun 2020 23:44:24 +0200
Ludovic Courtès <ludo <at> gnu.org> skribis: > This patch series adds daemon support for a few more cryptographic > hash functions, for use by fixed-output derivations (origins) and > the likes. We should wait for a year or so before using those > algorithms in package definitions so we can assume that the new > daemon is widespread. Pushed! 0505eda9c7 packages: Recognize SHA3 and BLAKE2s for 'content-hash'. 8e6c1415d8 daemon: Recognize SHA3 and BLAKE2s. 8dc6c38785 daemon: Remove OpenSSL hash compatibility wrappers. 3fb6b8f304 daemon: Map directly to gcrypt hash functions. Ludo’.
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Sun, 26 Jul 2020 11:24:04 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.