2006-02-13 19:52:43 +00:00
|
|
|
|
#include "config.h"
|
|
|
|
|
|
2003-06-16 15:59:23 +00:00
|
|
|
|
#include <iostream>
|
2008-05-21 11:17:31 +00:00
|
|
|
|
#include <cstring>
|
2003-06-16 15:59:23 +00:00
|
|
|
|
|
2006-02-13 19:52:43 +00:00
|
|
|
|
#ifdef HAVE_OPENSSL
|
|
|
|
|
#include <openssl/md5.h>
|
|
|
|
|
#include <openssl/sha.h>
|
|
|
|
|
#else
|
2003-06-15 13:41:32 +00:00
|
|
|
|
extern "C" {
|
|
|
|
|
#include "md5.h"
|
2005-01-13 17:39:26 +00:00
|
|
|
|
#include "sha1.h"
|
2005-01-14 12:03:04 +00:00
|
|
|
|
#include "sha256.h"
|
2003-06-15 13:41:32 +00:00
|
|
|
|
}
|
2006-02-13 19:52:43 +00:00
|
|
|
|
#endif
|
2003-06-15 13:41:32 +00:00
|
|
|
|
|
|
|
|
|
#include "hash.hh"
|
2003-06-20 10:40:25 +00:00
|
|
|
|
#include "archive.hh"
|
2006-09-04 21:06:23 +00:00
|
|
|
|
#include "util.hh"
|
2003-06-15 13:41:32 +00:00
|
|
|
|
|
2005-01-13 17:39:26 +00:00
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
|
|
|
|
|
|
2006-09-04 21:06:23 +00:00
|
|
|
|
namespace nix {
|
|
|
|
|
|
|
|
|
|
|
2005-01-14 16:04:03 +00:00
|
|
|
|
Hash::Hash()
|
|
|
|
|
{
|
|
|
|
|
type = htUnknown;
|
|
|
|
|
hashSize = 0;
|
|
|
|
|
memset(hash, 0, maxHashSize);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-01-13 15:44:44 +00:00
|
|
|
|
Hash::Hash(HashType type)
|
2003-06-15 13:41:32 +00:00
|
|
|
|
{
|
2005-01-13 15:44:44 +00:00
|
|
|
|
this->type = type;
|
|
|
|
|
if (type == htMD5) hashSize = md5HashSize;
|
|
|
|
|
else if (type == htSHA1) hashSize = sha1HashSize;
|
2005-01-14 12:03:04 +00:00
|
|
|
|
else if (type == htSHA256) hashSize = sha256HashSize;
|
2005-01-13 17:39:26 +00:00
|
|
|
|
else throw Error("unknown hash type");
|
2005-01-14 13:51:38 +00:00
|
|
|
|
assert(hashSize <= maxHashSize);
|
2005-01-14 16:04:03 +00:00
|
|
|
|
memset(hash, 0, maxHashSize);
|
2003-06-15 13:41:32 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-07-15 22:28:27 +00:00
|
|
|
|
bool Hash::operator == (const Hash & h2) const
|
2003-06-15 13:41:32 +00:00
|
|
|
|
{
|
2005-01-13 15:44:44 +00:00
|
|
|
|
if (hashSize != h2.hashSize) return false;
|
2003-06-15 13:41:32 +00:00
|
|
|
|
for (unsigned int i = 0; i < hashSize; i++)
|
|
|
|
|
if (hash[i] != h2.hash[i]) return false;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-07-15 22:28:27 +00:00
|
|
|
|
bool Hash::operator != (const Hash & h2) const
|
2003-06-15 13:41:32 +00:00
|
|
|
|
{
|
|
|
|
|
return !(*this == h2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-07-15 21:24:05 +00:00
|
|
|
|
bool Hash::operator < (const Hash & h) const
|
|
|
|
|
{
|
|
|
|
|
for (unsigned int i = 0; i < hashSize; i++) {
|
|
|
|
|
if (hash[i] < h.hash[i]) return true;
|
|
|
|
|
if (hash[i] > h.hash[i]) return false;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2006-03-09 17:07:25 +00:00
|
|
|
|
const string base16Chars = "0123456789abcdef";
|
|
|
|
|
|
|
|
|
|
|
2005-01-14 16:04:03 +00:00
|
|
|
|
string printHash(const Hash & hash)
|
2003-06-15 13:41:32 +00:00
|
|
|
|
{
|
2006-03-09 17:07:25 +00:00
|
|
|
|
char buf[hash.hashSize * 2];
|
2005-01-14 16:04:03 +00:00
|
|
|
|
for (unsigned int i = 0; i < hash.hashSize; i++) {
|
2006-03-09 17:07:25 +00:00
|
|
|
|
buf[i * 2] = base16Chars[hash.hash[i] >> 4];
|
|
|
|
|
buf[i * 2 + 1] = base16Chars[hash.hash[i] & 0x0f];
|
2003-06-15 13:41:32 +00:00
|
|
|
|
}
|
2006-03-09 17:07:25 +00:00
|
|
|
|
return string(buf, hash.hashSize * 2);
|
2003-06-15 13:41:32 +00:00
|
|
|
|
}
|
|
|
|
|
|
2015-02-03 17:35:11 +00:00
|
|
|
|
|
2005-01-14 16:04:03 +00:00
|
|
|
|
Hash parseHash(HashType ht, const string & s)
|
2003-06-15 13:41:32 +00:00
|
|
|
|
{
|
2005-01-14 16:04:03 +00:00
|
|
|
|
Hash hash(ht);
|
2005-01-13 15:44:44 +00:00
|
|
|
|
if (s.length() != hash.hashSize * 2)
|
2014-08-20 15:00:17 +00:00
|
|
|
|
throw Error(format("invalid hash ‘%1%’") % s);
|
2005-01-13 15:44:44 +00:00
|
|
|
|
for (unsigned int i = 0; i < hash.hashSize; i++) {
|
2003-06-15 13:41:32 +00:00
|
|
|
|
string s2(s, i * 2, 2);
|
2015-02-03 17:35:11 +00:00
|
|
|
|
if (!isxdigit(s2[0]) || !isxdigit(s2[1]))
|
2014-08-20 15:00:17 +00:00
|
|
|
|
throw Error(format("invalid hash ‘%1%’") % s);
|
2006-09-04 21:06:23 +00:00
|
|
|
|
std::istringstream str(s2);
|
2003-06-15 13:41:32 +00:00
|
|
|
|
int n;
|
2006-09-04 21:06:23 +00:00
|
|
|
|
str >> std::hex >> n;
|
2003-06-15 13:41:32 +00:00
|
|
|
|
hash.hash[i] = n;
|
|
|
|
|
}
|
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2006-09-20 16:15:32 +00:00
|
|
|
|
unsigned int hashLength32(const Hash & hash)
|
|
|
|
|
{
|
|
|
|
|
return (hash.hashSize * 8 - 1) / 5 + 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-01-14 16:04:03 +00:00
|
|
|
|
// omitted: E O U T
|
2005-11-16 08:27:06 +00:00
|
|
|
|
const string base32Chars = "0123456789abcdfghijklmnpqrsvwxyz";
|
2005-01-14 16:04:03 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
string printHash32(const Hash & hash)
|
|
|
|
|
{
|
|
|
|
|
Hash hash2(hash);
|
2006-09-20 16:15:32 +00:00
|
|
|
|
unsigned int len = hashLength32(hash);
|
2005-11-16 08:27:06 +00:00
|
|
|
|
|
2015-02-03 17:35:11 +00:00
|
|
|
|
string s;
|
|
|
|
|
s.reserve(len);
|
|
|
|
|
|
|
|
|
|
for (int n = len - 1; n >= 0; n--) {
|
|
|
|
|
unsigned int b = n * 5;
|
|
|
|
|
unsigned int i = b / 8;
|
|
|
|
|
unsigned int j = b % 8;
|
|
|
|
|
unsigned char c =
|
|
|
|
|
(hash.hash[i] >> j)
|
|
|
|
|
| (i >= hash.hashSize - 1 ? 0 : hash.hash[i + 1] << (8 - j));
|
|
|
|
|
s.push_back(base32Chars[c & 0x1f]);
|
2005-01-14 16:04:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-10-23 16:05:50 +00:00
|
|
|
|
string printHash16or32(const Hash & hash)
|
|
|
|
|
{
|
|
|
|
|
return hash.type == htMD5 ? printHash(hash) : printHash32(hash);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-03-23 19:18:22 +00:00
|
|
|
|
static bool mul(unsigned char * bytes, unsigned char y, int maxSize)
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
{
|
2005-03-23 19:18:22 +00:00
|
|
|
|
unsigned char carry = 0;
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
|
|
|
|
|
for (int pos = 0; pos < maxSize; ++pos) {
|
2005-03-23 19:18:22 +00:00
|
|
|
|
unsigned int m = bytes[pos] * y + carry;
|
|
|
|
|
bytes[pos] = m & 0xff;
|
|
|
|
|
carry = m >> 8;
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return carry;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-03-23 19:18:22 +00:00
|
|
|
|
static bool add(unsigned char * bytes, unsigned char y, int maxSize)
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
{
|
2005-03-23 19:18:22 +00:00
|
|
|
|
unsigned char carry = y;
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
|
|
|
|
|
for (int pos = 0; pos < maxSize; ++pos) {
|
2005-03-23 19:18:22 +00:00
|
|
|
|
unsigned int m = bytes[pos] + carry;
|
|
|
|
|
bytes[pos] = m & 0xff;
|
|
|
|
|
carry = m >> 8;
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
if (carry == 0) break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return carry;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hash parseHash32(HashType ht, const string & s)
|
|
|
|
|
{
|
|
|
|
|
Hash hash(ht);
|
|
|
|
|
|
2012-02-09 17:27:45 +00:00
|
|
|
|
const char * chars = base32Chars.data();
|
2005-11-16 08:27:06 +00:00
|
|
|
|
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
for (unsigned int i = 0; i < s.length(); ++i) {
|
|
|
|
|
char c = s[i];
|
|
|
|
|
unsigned char digit;
|
2006-03-01 17:59:08 +00:00
|
|
|
|
for (digit = 0; digit < base32Chars.size(); ++digit) /* !!! slow */
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
if (chars[digit] == c) break;
|
|
|
|
|
if (digit >= 32)
|
2014-08-20 15:00:17 +00:00
|
|
|
|
throw Error(format("invalid base-32 hash ‘%1%’") % s);
|
2005-03-23 19:18:22 +00:00
|
|
|
|
if (mul(hash.hash, 32, hash.hashSize) ||
|
|
|
|
|
add(hash.hash, digit, hash.hashSize))
|
2014-08-20 15:00:17 +00:00
|
|
|
|
throw Error(format("base-32 hash ‘%1%’ is too large") % s);
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2011-12-02 11:47:06 +00:00
|
|
|
|
Hash parseHash16or32(HashType ht, const string & s)
|
|
|
|
|
{
|
|
|
|
|
Hash hash(ht);
|
|
|
|
|
if (s.size() == hash.hashSize * 2)
|
|
|
|
|
/* hexadecimal representation */
|
|
|
|
|
hash = parseHash(ht, s);
|
|
|
|
|
else if (s.size() == hashLength32(hash))
|
|
|
|
|
/* base-32 representation */
|
|
|
|
|
hash = parseHash32(ht, s);
|
|
|
|
|
else
|
2014-08-20 15:00:17 +00:00
|
|
|
|
throw Error(format("hash ‘%1%’ has wrong length for hash type ‘%2%’")
|
2011-12-02 11:47:06 +00:00
|
|
|
|
% s % printHashType(ht));
|
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-06-15 13:41:32 +00:00
|
|
|
|
bool isHash(const string & s)
|
|
|
|
|
{
|
|
|
|
|
if (s.length() != 32) return false;
|
|
|
|
|
for (int i = 0; i < 32; i++) {
|
|
|
|
|
char c = s[i];
|
|
|
|
|
if (!((c >= '0' && c <= '9') ||
|
|
|
|
|
(c >= 'a' && c <= 'f')))
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2006-02-13 18:00:08 +00:00
|
|
|
|
union Ctx
|
2003-06-16 13:33:38 +00:00
|
|
|
|
{
|
2006-02-13 19:52:43 +00:00
|
|
|
|
MD5_CTX md5;
|
|
|
|
|
SHA_CTX sha1;
|
2005-01-14 12:03:04 +00:00
|
|
|
|
SHA256_CTX sha256;
|
2005-01-13 17:39:26 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void start(HashType ht, Ctx & ctx)
|
|
|
|
|
{
|
2006-02-13 19:52:43 +00:00
|
|
|
|
if (ht == htMD5) MD5_Init(&ctx.md5);
|
|
|
|
|
else if (ht == htSHA1) SHA1_Init(&ctx.sha1);
|
2005-01-14 12:03:04 +00:00
|
|
|
|
else if (ht == htSHA256) SHA256_Init(&ctx.sha256);
|
2005-01-13 17:39:26 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void update(HashType ht, Ctx & ctx,
|
|
|
|
|
const unsigned char * bytes, unsigned int len)
|
|
|
|
|
{
|
2006-02-13 19:52:43 +00:00
|
|
|
|
if (ht == htMD5) MD5_Update(&ctx.md5, bytes, len);
|
|
|
|
|
else if (ht == htSHA1) SHA1_Update(&ctx.sha1, bytes, len);
|
2005-01-14 12:03:04 +00:00
|
|
|
|
else if (ht == htSHA256) SHA256_Update(&ctx.sha256, bytes, len);
|
2005-01-13 17:39:26 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void finish(HashType ht, Ctx & ctx, unsigned char * hash)
|
|
|
|
|
{
|
2006-02-13 19:52:43 +00:00
|
|
|
|
if (ht == htMD5) MD5_Final(hash, &ctx.md5);
|
|
|
|
|
else if (ht == htSHA1) SHA1_Final(hash, &ctx.sha1);
|
2005-01-14 12:03:04 +00:00
|
|
|
|
else if (ht == htSHA256) SHA256_Final(hash, &ctx.sha256);
|
2005-01-13 17:39:26 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
Hash hashString(HashType ht, const string & s)
|
2005-01-13 17:39:26 +00:00
|
|
|
|
{
|
|
|
|
|
Ctx ctx;
|
|
|
|
|
Hash hash(ht);
|
|
|
|
|
start(ht, ctx);
|
2012-02-09 17:27:45 +00:00
|
|
|
|
update(ht, ctx, (const unsigned char *) s.data(), s.length());
|
2005-01-13 17:39:26 +00:00
|
|
|
|
finish(ht, ctx, hash.hash);
|
2003-06-16 13:33:38 +00:00
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
Hash hashFile(HashType ht, const Path & path)
|
2003-06-15 13:41:32 +00:00
|
|
|
|
{
|
2005-01-13 17:39:26 +00:00
|
|
|
|
Ctx ctx;
|
|
|
|
|
Hash hash(ht);
|
|
|
|
|
start(ht, ctx);
|
|
|
|
|
|
|
|
|
|
AutoCloseFD fd = open(path.c_str(), O_RDONLY);
|
2014-08-20 15:00:17 +00:00
|
|
|
|
if (fd == -1) throw SysError(format("opening file ‘%1%’") % path);
|
2005-01-13 17:39:26 +00:00
|
|
|
|
|
|
|
|
|
unsigned char buf[8192];
|
|
|
|
|
ssize_t n;
|
|
|
|
|
while ((n = read(fd, buf, sizeof(buf)))) {
|
|
|
|
|
checkInterrupt();
|
2014-08-20 15:00:17 +00:00
|
|
|
|
if (n == -1) throw SysError(format("reading file ‘%1%’") % path);
|
2005-01-13 17:39:26 +00:00
|
|
|
|
update(ht, ctx, buf, n);
|
|
|
|
|
}
|
2015-02-03 17:35:11 +00:00
|
|
|
|
|
2005-01-13 17:39:26 +00:00
|
|
|
|
finish(ht, ctx, hash.hash);
|
2003-06-15 13:41:32 +00:00
|
|
|
|
return hash;
|
|
|
|
|
}
|
2003-06-16 15:59:23 +00:00
|
|
|
|
|
|
|
|
|
|
2007-02-21 14:31:42 +00:00
|
|
|
|
HashSink::HashSink(HashType ht) : ht(ht)
|
2003-06-16 15:59:23 +00:00
|
|
|
|
{
|
2007-02-21 14:31:42 +00:00
|
|
|
|
ctx = new Ctx;
|
2010-11-16 17:11:46 +00:00
|
|
|
|
bytes = 0;
|
2007-02-21 14:31:42 +00:00
|
|
|
|
start(ht, *ctx);
|
|
|
|
|
}
|
2015-02-03 17:35:11 +00:00
|
|
|
|
|
2007-02-21 14:31:42 +00:00
|
|
|
|
HashSink::~HashSink()
|
|
|
|
|
{
|
2011-12-15 16:19:53 +00:00
|
|
|
|
bufPos = 0;
|
2007-02-21 14:31:42 +00:00
|
|
|
|
delete ctx;
|
|
|
|
|
}
|
2003-06-16 15:59:23 +00:00
|
|
|
|
|
2011-12-15 16:19:53 +00:00
|
|
|
|
void HashSink::write(const unsigned char * data, size_t len)
|
2007-02-21 14:31:42 +00:00
|
|
|
|
{
|
2010-11-16 17:11:46 +00:00
|
|
|
|
bytes += len;
|
2007-02-21 14:31:42 +00:00
|
|
|
|
update(ht, *ctx, data, len);
|
|
|
|
|
}
|
2003-06-16 15:59:23 +00:00
|
|
|
|
|
2010-11-16 17:11:46 +00:00
|
|
|
|
HashResult HashSink::finish()
|
2003-06-16 15:59:23 +00:00
|
|
|
|
{
|
2011-12-15 16:19:53 +00:00
|
|
|
|
flush();
|
2005-01-13 17:39:26 +00:00
|
|
|
|
Hash hash(ht);
|
2007-02-21 14:31:42 +00:00
|
|
|
|
nix::finish(ht, *ctx, hash.hash);
|
2010-11-16 17:11:46 +00:00
|
|
|
|
return HashResult(hash, bytes);
|
2003-06-16 15:59:23 +00:00
|
|
|
|
}
|
2005-01-14 16:04:03 +00:00
|
|
|
|
|
2011-12-15 16:19:53 +00:00
|
|
|
|
HashResult HashSink::currentHash()
|
|
|
|
|
{
|
|
|
|
|
flush();
|
|
|
|
|
Ctx ctx2 = *ctx;
|
|
|
|
|
Hash hash(ht);
|
|
|
|
|
nix::finish(ht, ctx2, hash.hash);
|
|
|
|
|
return HashResult(hash, bytes);
|
|
|
|
|
}
|
|
|
|
|
|
2005-01-14 16:04:03 +00:00
|
|
|
|
|
2010-11-16 17:11:46 +00:00
|
|
|
|
HashResult hashPath(
|
|
|
|
|
HashType ht, const Path & path, PathFilter & filter)
|
2007-02-21 14:31:42 +00:00
|
|
|
|
{
|
|
|
|
|
HashSink sink(ht);
|
|
|
|
|
dumpPath(path, sink, filter);
|
|
|
|
|
return sink.finish();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-01-14 16:04:03 +00:00
|
|
|
|
Hash compressHash(const Hash & hash, unsigned int newSize)
|
|
|
|
|
{
|
|
|
|
|
Hash h;
|
|
|
|
|
h.hashSize = newSize;
|
|
|
|
|
for (unsigned int i = 0; i < hash.hashSize; ++i)
|
|
|
|
|
h.hash[i % newSize] ^= hash.hash[i];
|
|
|
|
|
return h;
|
|
|
|
|
}
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 16:55:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HashType parseHashType(const string & s)
|
|
|
|
|
{
|
|
|
|
|
if (s == "md5") return htMD5;
|
|
|
|
|
else if (s == "sha1") return htSHA1;
|
|
|
|
|
else if (s == "sha256") return htSHA256;
|
|
|
|
|
else return htUnknown;
|
|
|
|
|
}
|
2006-09-04 21:06:23 +00:00
|
|
|
|
|
2015-02-03 17:35:11 +00:00
|
|
|
|
|
2008-12-03 16:10:17 +00:00
|
|
|
|
string printHashType(HashType ht)
|
|
|
|
|
{
|
|
|
|
|
if (ht == htMD5) return "md5";
|
|
|
|
|
else if (ht == htSHA1) return "sha1";
|
|
|
|
|
else if (ht == htSHA256) return "sha256";
|
|
|
|
|
else throw Error("cannot print unknown hash type");
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-03 17:35:11 +00:00
|
|
|
|
|
2006-09-04 21:06:23 +00:00
|
|
|
|
}
|