mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(tvix/nix-compat): rename NixHashWithMode -> CAHash

Browse source 
This specific struct is only used to represent content-addressed paths
(in case a Derivation has a fixed-output hash, for example).
Rename `Output`'s `hash_with_mode` to `ca_hash`.

We now also include `CAHash::Text`, and update the `validate` function
of the `Output` struct to reject text hashes there.

This allows cleaning up the various output path calculation functions
inside nix-compat/src/store_path/utils.rs, as they can now match on
the type.

`make_type` is renamed to `make_references_string`,
`build_regular_ca_path` is renamed to `build_ca_path`, and
`build_text_path` has a disclaimer added, because you might not actually
want to use it.

Change-Id: I674d065f2ed5c804012ddfed56e161ac49d23931
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9814
Tested-by: BuildkiteCI
Reviewed-by: raitobezarius <tvl@lahfa.xyz>
This commit is contained in:
Florian Klink 2023-10-18 11:39:36 +01:00 committed by flokli
parent 833957b374
commit 34fc4637eb
10 changed files with 222 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
tvix/cli/src/derivation.rs
View file

@ -115,7 +115,7 @@ fn populate_output_configuration(
) -> Result<(), ErrorKind> {
// We only do something when `digest` and `algo` are `Some(_)``, and
// there's an `out` output.
if let (Some(hash), Some(algo), hash_mode) = (hash, hash_algo, hash_mode) {
if let (Some(nixhash_str), Some(algo), hash_mode) = (hash, hash_algo, hash_mode) {
match drv.outputs.get_mut("out") {
None => return Err(Error::ConflictingOutputTypes.into()),
Some(out) => {
@ -126,12 +126,12 @@ fn populate_output_configuration(
Some(algo.as_ref())
};
let output_hash = nixhash::from_str(&hash, a).map_err(Error::InvalidOutputHash)?;
let hash = nixhash::from_str(&nixhash_str, a).map_err(Error::InvalidOutputHash)?;
// construct the NixHashWithMode.
out.hash_with_mode = match hash_mode.as_deref() {
None | Some("flat") => Some(nixhash::NixHashWithMode::Flat(output_hash)),
Some("recursive") => Some(nixhash::NixHashWithMode::Recursive(output_hash)),
out.ca_hash = match hash_mode.as_deref() {
None | Some("flat") => Some(nixhash::CAHash::Flat(hash)),
Some("recursive") => Some(nixhash::CAHash::Nar(hash)),
Some(other) => {
return Err(Error::InvalidOutputHashMode(other.to_string()).into())
}

12
tvix/nix-compat/src/derivation/errors.rs
View file

@ -1,6 +1,8 @@
use crate::{nixbase32::Nixbase32DecodeError, store_path};
use crate::store_path;
use thiserror::Error;
use super::CAHash;
/// Errors that can occur during the validation of Derivation structs.
#[derive(Debug, Error, PartialEq)]
pub enum DerivationError {
@ -50,10 +52,6 @@ pub enum DerivationError {
pub enum OutputError {
#[error("Invalid output path {0}: {1}")]
InvalidOutputPath(String, store_path::Error),
#[error("Invalid hash encoding: {0}")]
InvalidHashEncoding(String, Nixbase32DecodeError),
#[error("Invalid hash algo: {0}")]
InvalidHashAlgo(String),
#[error("Invalid Digest size {0} for algo {1}")]
InvalidDigestSizeForAlgo(usize, String),
#[error("Invalid CAHash: {:?}", .0)]
InvalidCAHash(CAHash),
}

36
tvix/nix-compat/src/derivation/mod.rs
View file

@ -1,6 +1,4 @@
use crate::store_path::{
self, build_output_path, build_regular_ca_path, build_text_path, StorePath,
};
use crate::store_path::{self, build_ca_path, build_output_path, build_text_path, StorePath};
use bstr::BString;
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
@ -18,7 +16,7 @@ mod write;
mod tests;
// Public API of the crate.
pub use crate::nixhash::{NixHash, NixHashWithMode};
pub use crate::nixhash::{CAHash, NixHash};
pub use errors::{DerivationError, OutputError};
pub use output::Output;
@ -122,16 +120,22 @@ impl Derivation {
/// Returns the FOD digest, if the derivation is fixed-output, or None if
/// it's not.
/// TODO: this is kinda the string from [build_ca_path] with a
/// [CAHash::Flat], what's fed to `build_store_path_from_fingerprint_parts`
/// (except the out_output.path being an empty string)
fn fod_digest(&self) -> Option<[u8; 32]> {
if self.outputs.len() != 1 {
return None;
}
let out_output = self.outputs.get("out")?;
let ca_hash = &out_output.ca_hash.as_ref()?;
Some(
Sha256::new_with_prefix(format!(
"fixed:out:{}:{}",
out_output.hash_with_mode.clone()?.to_nix_hash_string(),
"fixed:out:{}{}:{}",
ca_kind_prefix(ca_hash),
ca_hash.digest().to_nix_hash_string(),
out_output.path
))
.finalize()
@ -229,10 +233,10 @@ impl Derivation {
// For fixed output derivation we use the per-output info, otherwise we use the
// derivation hash.
let abs_store_path = if let Some(ref hwm) = output.hash_with_mode {
build_regular_ca_path(&path_name, hwm, Vec::<String>::new(), false).map_err(
|e| DerivationError::InvalidOutputDerivationPath(output_name.to_string(), e),
)?
let abs_store_path = if let Some(ref hwm) = output.ca_hash {
build_ca_path(&path_name, hwm, Vec::<String>::new(), false).map_err(|e| {
DerivationError::InvalidOutputDerivationPath(output_name.to_string(), e)
})?
} else {
build_output_path(derivation_or_fod_hash, output_name, &path_name).map_err(|e| {
DerivationError::InvalidOutputDerivationPath(
@ -265,3 +269,15 @@ fn output_path_name(derivation_name: &str, output_name: &str) -> String {
}
output_path_name
}
/// For a [CAHash], return the "prefix" used for NAR purposes.
/// For [CAHash::Flat], this is an empty string, for [CAHash::Nar], it's "r:".
/// Panics for other [CAHash] kinds, as they're not valid in a derivation
/// context.
fn ca_kind_prefix(ca_hash: &CAHash) -> &'static str {
match ca_hash {
CAHash::Flat(_) => "",
CAHash::Nar(_) => "r:",
_ => panic!("invalid ca hash in derivation context: {:?}", ca_hash),
}
}

20
tvix/nix-compat/src/derivation/output.rs
View file

@ -1,5 +1,5 @@
use crate::derivation::OutputError;
use crate::nixhash::{HashAlgo, NixHashWithMode};
use crate::nixhash::CAHash;
use crate::store_path::StorePath;
use serde::{Deserialize, Serialize};
use serde_json::Map;
@ -9,7 +9,7 @@ pub struct Output {
pub path: String,
#[serde(flatten)]
pub hash_with_mode: Option<NixHashWithMode>,
pub ca_hash: Option<CAHash>, // we can only represent a subset here.
}
impl<'de> Deserialize<'de> for Output {
@ -30,26 +30,26 @@ impl<'de> Deserialize<'de> for Output {
&"a string",
))?
.to_owned(),
hash_with_mode: NixHashWithMode::from_map::<D>(&fields)?,
ca_hash: CAHash::from_map::<D>(&fields)?,
})
}
}
impl Output {
pub fn is_fixed(&self) -> bool {
self.hash_with_mode.is_some()
self.ca_hash.is_some()
}
pub fn validate(&self, validate_output_paths: bool) -> Result<(), OutputError> {
if let Some(hash) = &self.hash_with_mode {
match hash {
NixHashWithMode::Flat(h) | NixHashWithMode::Recursive(h) => {
if h.algo() != HashAlgo::Sha1 || h.algo() != HashAlgo::Sha256 {
return Err(OutputError::InvalidHashAlgo(h.algo().to_string()));
}
if let Some(fixed_output_hash) = &self.ca_hash {
match fixed_output_hash {
CAHash::Flat(_) | CAHash::Nar(_) => {
// all hashes allowed for Flat, and Nar.
}
_ => return Err(OutputError::InvalidCAHash(fixed_output_hash.clone())),
}
}
if validate_output_paths {
if let Err(e) = StorePath::from_absolute_path(self.path.as_bytes()) {
return Err(OutputError::InvalidOutputPath(self.path.to_string(), e));

74
tvix/nix-compat/src/derivation/parser.rs
View file

@ -12,8 +12,8 @@ use nom::sequence::{delimited, preceded, separated_pair, terminated, tuple};
use std::collections::{BTreeMap, BTreeSet};
use thiserror;
use super::parse_error::{into_nomerror, ErrorKind, NomError, NomResult};
use super::{write, Derivation, NixHashWithMode, Output};
use crate::derivation::parse_error::{into_nomerror, ErrorKind, NomError, NomResult};
use crate::derivation::{write, CAHash, Derivation, Output};
use crate::{aterm, nixhash};
#[derive(Debug, thiserror::Error)]
@ -42,6 +42,24 @@ pub(crate) fn parse(i: &[u8]) -> Result<Derivation, Error<&[u8]>> {
}
}
/// Consume a string containing the algo, and optionally a `r:`
/// prefix, and a digest (bytes), return a [CAHash::Nar] or [CAHash::Flat].
fn from_algo_and_mode_and_digest<B: AsRef<[u8]>>(
algo_and_mode: &str,
digest: B,
) -> crate::nixhash::Result<CAHash> {
Ok(match algo_and_mode.strip_prefix("r:") {
Some(algo) => nixhash::CAHash::Nar(nixhash::from_algo_and_digest(
algo.try_into()?,
digest.as_ref(),
)?),
None => nixhash::CAHash::Flat(nixhash::from_algo_and_digest(
algo_and_mode.try_into()?,
digest.as_ref(),
)?),
})
}
/// Parse one output in ATerm. This is 4 string fields inside parans:
/// output name, output path, algo (and mode), digest.
/// Returns the output name and [Output] struct.
@ -60,27 +78,26 @@ fn parse_output(i: &[u8]) -> NomResult<&[u8], (String, Output)> {
},
|(output_name, output_path, algo_and_mode, encoded_digest)| {
// convert these 4 fields into an [Output].
let hash_with_mode_res = {
let ca_hash_res = {
if algo_and_mode.is_empty() && encoded_digest.is_empty() {
None
} else {
match data_encoding::HEXLOWER.decode(&encoded_digest) {
Ok(digest) => Some(NixHashWithMode::from_algo_mode_hash(
&algo_and_mode,
&digest,
)),
Ok(digest) => {
Some(from_algo_and_mode_and_digest(&algo_and_mode, digest))
}
Err(e) => Some(Err(nixhash::Error::InvalidBase64Encoding(e))),
}
}
}
.transpose();
match hash_with_mode_res {
match ca_hash_res {
Ok(hash_with_mode) => Ok((
output_name,
Output {
path: output_path,
hash_with_mode,
ca_hash: hash_with_mode,
},
)),
Err(e) => Err(nom::Err::Failure(NomError {
@ -279,12 +296,20 @@ where
mod tests {
use std::collections::{BTreeMap, BTreeSet};
use crate::derivation::{parse_error::ErrorKind, Output};
use crate::derivation::{
parse_error::ErrorKind, parser::from_algo_and_mode_and_digest, CAHash, NixHash, Output,
};
use bstr::{BString, ByteSlice};
use lazy_static::lazy_static;
use test_case::test_case;
const DIGEST_SHA256: [u8; 32] = [
0xa5, 0xce, 0x9c, 0x15, 0x5e, 0xd0, 0x93, 0x97, 0x61, 0x46, 0x46, 0xc9, 0x71, 0x7f, 0xc7,
0xcd, 0x94, 0xb1, 0x02, 0x3d, 0x7b, 0x76, 0xb6, 0x18, 0xd4, 0x09, 0xe4, 0xfe, 0xfd, 0x6e,
0x9d, 0x39,
];
lazy_static! {
pub static ref NIXHASH_SHA256: NixHash = NixHash::Sha256(DIGEST_SHA256);
static ref EXP_MULTI_OUTPUTS: BTreeMap<String, Output> = {
let mut b = BTreeMap::new();
b.insert(
@ -292,14 +317,14 @@ mod tests {
Output {
path: "/nix/store/2vixb94v0hy2xc6p7mbnxxcyc095yyia-has-multi-out-lib"
.to_string(),
hash_with_mode: None,
ca_hash: None,
},
);
b.insert(
"out".to_string(),
Output {
path: "/nix/store/55lwldka5nyxa08wnvlizyqw02ihy8ic-has-multi-out".to_string(),
hash_with_mode: None,
ca_hash: None,
},
);
b
@ -441,19 +466,15 @@ mod tests {
br#"("out","/nix/store/5vyvcwah9l9kf07d52rcgdk70g2f4y13-foo","","")"#,
("out".to_string(), Output {
path: "/nix/store/5vyvcwah9l9kf07d52rcgdk70g2f4y13-foo".to_string(),
hash_with_mode: None
ca_hash: None
}); "simple"
)]
#[test_case(
br#"("out","/nix/store/4q0pg5zpfmznxscq3avycvf9xdvx50n3-bar","r:sha256","08813cbee9903c62be4c5027726a418a300da4500b2d369d3af9286f4815ceba")"#,
("out".to_string(), Output {
path: "/nix/store/4q0pg5zpfmznxscq3avycvf9xdvx50n3-bar".to_string(),
hash_with_mode: Some(crate::derivation::NixHashWithMode::Recursive(
crate::nixhash::from_algo_and_digest (
crate::nixhash::HashAlgo::Sha256,
&data_encoding::HEXLOWER.decode(b"08813cbee9903c62be4c5027726a418a300da4500b2d369d3af9286f4815ceba").unwrap()
).unwrap()
)),
ca_hash: Some(from_algo_and_mode_and_digest("r:sha256",
&data_encoding::HEXLOWER.decode(b"08813cbee9903c62be4c5027726a418a300da4500b2d369d3af9286f4815ceba").unwrap() ).unwrap()),
}); "fod"
)]
fn parse_output(input: &[u8], expected: (String, Output)) {
@ -472,4 +493,19 @@ mod tests {
assert!(rest.is_empty());
assert_eq!(*expected, parsed);
}
#[test_case("sha256", &DIGEST_SHA256, CAHash::Flat(NIXHASH_SHA256.clone()); "sha256 flat")]
#[test_case("r:sha256", &DIGEST_SHA256, CAHash::Nar(NIXHASH_SHA256.clone()); "sha256 recursive")]
fn test_from_algo_and_mode_and_digest(algo_and_mode: &str, digest: &[u8], expected: CAHash) {
assert_eq!(
expected,
from_algo_and_mode_and_digest(algo_and_mode, digest).unwrap()
);
}
#[test]
fn from_algo_and_mode_and_digest_failure() {
assert!(from_algo_and_mode_and_digest("r:sha256", &[]).is_err());
assert!(from_algo_and_mode_and_digest("ha256", &DIGEST_SHA256).is_err());
}
}

4
tvix/nix-compat/src/derivation/tests/mod.rs
View file

@ -315,7 +315,7 @@ fn output_path_construction() {
"out".to_string(),
Output {
path: "".to_string(), // will be calculated
hash_with_mode: Some(crate::nixhash::NixHashWithMode::Recursive(
ca_hash: Some(crate::nixhash::CAHash::Nar(
crate::nixhash::from_algo_and_digest(
crate::nixhash::HashAlgo::Sha256,
&data_encoding::HEXLOWER
@ -376,7 +376,7 @@ fn output_path_construction() {
"out".to_string(),
Output {
path: "".to_string(), // will be calculated
hash_with_mode: None,
ca_hash: None,
},
);

14
tvix/nix-compat/src/derivation/write.rs
View file

@ -4,7 +4,7 @@
//! [ATerm]: http://program-transformation.org/Tools/ATermFormat.html
use crate::aterm::escape_bytes;
use crate::derivation::output::Output;
use crate::derivation::{ca_kind_prefix, output::Output};
use bstr::BString;
use std::{
collections::{BTreeMap, BTreeSet},
@ -79,14 +79,10 @@ pub fn write_outputs(
let mut elements: Vec<&str> = vec![output_name, &output.path];
let (mode_and_algo, digest) = match &output.hash_with_mode {
Some(crate::nixhash::NixHashWithMode::Flat(h)) => (
h.algo().to_string(),
data_encoding::HEXLOWER.encode(h.digest_as_bytes()),
),
Some(crate::nixhash::NixHashWithMode::Recursive(h)) => (
format!("r:{}", h.algo()),
data_encoding::HEXLOWER.encode(h.digest_as_bytes()),
let (mode_and_algo, digest) = match &output.ca_hash {
Some(ca_hash) => (
format!("{}{}", ca_kind_prefix(ca_hash), ca_hash.digest().algo()),
data_encoding::HEXLOWER.encode(ca_hash.digest().digest_as_bytes()),
),
None => ("".to_string(), "".to_string()),
};

123
tvix/nix-compat/src/nixhash/with_mode.rs → tvix/nix-compat/src/nixhash/ca_hash.rs
View file

@ -4,74 +4,41 @@ use serde::de::Unexpected;
use serde::ser::SerializeMap;
use serde::{Deserialize, Deserializer, Serialize, Serializer};
use serde_json::{Map, Value};
use std::borrow::Cow;
use super::algos::SUPPORTED_ALGOS;
use super::from_algo_and_digest;
pub enum NixHashMode {
Flat,
Recursive,
}
impl NixHashMode {
pub fn prefix(self) -> &'static str {
match self {
Self::Flat => "",
Self::Recursive => "r:",
}
}
}
/// A Nix Hash can either be flat or recursive.
/// A Nix CAHash describes a content-addressed hash of a path.
/// Semantically, it can be split into the following components:
///
/// - "content address prefix". Currently, "fixed" and "text" are supported.
/// - "hash mode". Currently, "flat" and "recursive" are supported.
/// - "hash type". The underlying hash function used.
/// Currently, sha1, md5, sha256, sha512.
/// - "digest". The digest itself.
#[derive(Clone, Debug, Eq, PartialEq)]
pub enum NixHashWithMode {
Flat(NixHash),
Recursive(NixHash),
pub enum CAHash {
Flat(NixHash), // "fixed flat"
Nar(NixHash), // "fixed recursive"
Text(Box<[u8; 32]>), // "text", only supports sha256
}
impl NixHashWithMode {
/// Construct a [NixHashWithMode] from a string containing the algo, and
/// optionally a `r:` prefix, and a digest (bytes).
pub fn from_algo_mode_hash(algo_and_mode: &str, digest: &[u8]) -> super::Result<Self> {
Ok(match algo_and_mode.strip_prefix("r:") {
Some(algo) => nixhash::NixHashWithMode::Recursive(nixhash::from_algo_and_digest(
algo.try_into()?,
digest,
)?),
None => nixhash::NixHashWithMode::Flat(nixhash::from_algo_and_digest(
algo_and_mode.try_into()?,
digest,
)?),
})
}
pub fn mode(&self) -> NixHashMode {
impl CAHash {
pub fn digest(&self) -> Cow<NixHash> {
match self {
Self::Flat(_) => NixHashMode::Flat,
Self::Recursive(_) => NixHashMode::Recursive,
CAHash::Nar(ref digest) => Cow::Borrowed(digest),
CAHash::Text(ref digest) => Cow::Owned(NixHash::Sha256(*digest.clone())),
CAHash::Flat(ref digest) => Cow::Borrowed(digest),
}
}
pub fn digest(&self) -> &NixHash {
match self {
Self::Flat(ref h) => h,
Self::Recursive(ref h) => h,
}
}
/// Formats a [NixHashWithMode] in the Nix default hash format,
/// which is the algo, followed by a colon, then the lower hex encoded digest.
/// In case the hash itself is recursive, a `r:` is added as prefix
pub fn to_nix_hash_string(&self) -> String {
String::from(self.mode().prefix()) + &self.digest().to_nix_hash_string()
}
/// This takes a serde_json::Map and turns it into this structure. This is necessary to do such
/// shenigans because we have external consumers, like the Derivation parser, who would like to
/// know whether we have a invalid or a missing NixHashWithMode structure in another structure,
/// e.g. Output.
/// This means we have this combinatorial situation:
/// - no hash, no hashAlgo: no NixHashWithMode so we return Ok(None).
/// - no hash, no hashAlgo: no [CAHash] so we return Ok(None).
/// - present hash, missing hashAlgo: invalid, we will return missing_field
/// - missing hash, present hashAlgo: same
/// - present hash, present hashAlgo: either we return ourselves or a type/value validation
@ -79,7 +46,7 @@ impl NixHashWithMode {
/// This function is for internal consumption regarding those needs until we have a better
/// solution. Now this is said, let's explain how this works.
///
/// We want to map the serde data model into a NixHashWithMode.
/// We want to map the serde data model into a [CAHash].
///
/// The serde data model has a `hash` field (containing a digest in nixbase32),
/// and a `hashAlgo` field, containing the stringified hash algo.
@ -118,7 +85,7 @@ impl NixHashWithMode {
if let Some(v) = map.get("hashAlgo") {
if let Some(s) = v.as_str() {
match s.strip_prefix("r:") {
Some(rest) => Ok(Some(Self::Recursive(
Some(rest) => Ok(Some(Self::Nar(
from_algo_and_digest(
HashAlgo::try_from(rest).map_err(|e| {
serde::de::Error::invalid_value(
@ -167,28 +134,35 @@ impl NixHashWithMode {
}
}
impl Serialize for NixHashWithMode {
/// map a NixHashWithMode into the serde data model.
impl Serialize for CAHash {
/// map a CAHash into the serde data model.
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
let mut map = serializer.serialize_map(Some(2))?;
match self {
NixHashWithMode::Flat(h) => {
CAHash::Flat(h) => {
map.serialize_entry("hash", &nixbase32::encode(h.digest_as_bytes()))?;
map.serialize_entry("hashAlgo", &h.algo())?;
}
NixHashWithMode::Recursive(h) => {
CAHash::Nar(h) => {
map.serialize_entry("hash", &nixbase32::encode(h.digest_as_bytes()))?;
map.serialize_entry("hashAlgo", &format!("r:{}", &h.algo()))?;
}
// It is not legal for derivations to use this (which is where
// we're currently exercising [Serialize] mostly,
// but it's still good to be able to serialize other CA hashes too.
CAHash::Text(h) => {
map.serialize_entry("hash", &nixbase32::encode(h.as_ref()))?;
map.serialize_entry("hashAlgo", "text")?;
}
};
map.end()
}
}
impl<'de> Deserialize<'de> for NixHashWithMode {
impl<'de> Deserialize<'de> for CAHash {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
@ -201,34 +175,3 @@ impl<'de> Deserialize<'de> for NixHashWithMode {
}
}
}
#[cfg(test)]
mod tests {
use crate::nixhash::{NixHash, NixHashWithMode};
use lazy_static::lazy_static;
use test_case::test_case;
const DIGEST_SHA256: [u8; 32] = [
0xa5, 0xce, 0x9c, 0x15, 0x5e, 0xd0, 0x93, 0x97, 0x61, 0x46, 0x46, 0xc9, 0x71, 0x7f, 0xc7,
0xcd, 0x94, 0xb1, 0x02, 0x3d, 0x7b, 0x76, 0xb6, 0x18, 0xd4, 0x09, 0xe4, 0xfe, 0xfd, 0x6e,
0x9d, 0x39,
];
lazy_static! {
pub static ref NIXHASH_SHA256: NixHash = NixHash::Sha256(DIGEST_SHA256);
}
#[test_case("sha256", &DIGEST_SHA256, NixHashWithMode::Flat(NIXHASH_SHA256.clone()); "sha256 flat")]
#[test_case("r:sha256", &DIGEST_SHA256, NixHashWithMode::Recursive(NIXHASH_SHA256.clone()); "sha256 recursive")]
fn from_from_algo_mode_hash(algo_and_mode: &str, digest: &[u8], expected: NixHashWithMode) {
assert_eq!(
expected,
NixHashWithMode::from_algo_mode_hash(algo_and_mode, digest).unwrap()
);
}
#[test]
fn from_algo_mode_failure() {
assert!(NixHashWithMode::from_algo_mode_hash("r:sha256", &[]).is_err());
assert!(NixHashWithMode::from_algo_mode_hash("ha256", &DIGEST_SHA256).is_err());
}
}

4
tvix/nix-compat/src/nixhash/mod.rs
View file

@ -3,10 +3,10 @@ use data_encoding::{BASE64, BASE64_NOPAD, HEXLOWER};
use thiserror;
mod algos;
mod with_mode;
mod ca_hash;
pub use algos::HashAlgo;
pub use with_mode::NixHashWithMode;
pub use ca_hash::CAHash;
/// NixHash represents hashes known by Nix.
#[derive(Clone, Debug, Eq, PartialEq)]

134
tvix/nix-compat/src/store_path/utils.rs
View file

@ -1,7 +1,6 @@
use super::{Error, STORE_DIR};
use crate::nixbase32;
use crate::nixhash::{NixHash, NixHashWithMode};
use crate::store_path::StorePath;
use crate::nixhash::{CAHash, NixHash};
use crate::store_path::{Error, StorePath, STORE_DIR};
use sha2::{Digest, Sha256};
use thiserror;
@ -41,43 +40,51 @@ pub fn compress_hash<const OUTPUT_SIZE: usize>(input: &[u8]) -> [u8; OUTPUT_SIZE
/// This builds a store path, by calculating the text_hash_string of either a
/// derivation or a literal text file that may contain references.
/// If you don't want to have to pass the entire contents, you might want to use
/// [build_ca_path] instead.
pub fn build_text_path<S: AsRef<str>, I: IntoIterator<Item = S>, C: AsRef<[u8]>>(
name: &str,
content: C,
references: I,
) -> Result<StorePath, Error> {
build_store_path_from_fingerprint_parts(
&make_type("text", references, false),
// the nix_hash_string representation of the sha256 digest of some contents
&{
let content_digest = {
let hasher = Sha256::new_with_prefix(content);
hasher.finalize()
};
) -> Result<StorePath, BuildStorePathError> {
// produce the sha256 digest of the contents
let content_digest = Sha256::new_with_prefix(content).finalize().into();
NixHash::Sha256(content_digest.into())
},
build_ca_path(
name,
&CAHash::Text(Box::new(content_digest)),
references,
false,
)
}
/// This builds a more "regular" content-addressed store path
pub fn build_regular_ca_path<S: AsRef<str>, I: IntoIterator<Item = S>>(
name: &str,
hash_with_mode: &NixHashWithMode,
/// This builds a store path from a [CAHash] and a list of references.
pub fn build_ca_path<B: AsRef<[u8]>, S: AsRef<str>, I: IntoIterator<Item = S>>(
name: B,
ca_hash: &CAHash,
references: I,
self_reference: bool,
) -> Result<StorePath, BuildStorePathError> {
match &hash_with_mode {
NixHashWithMode::Recursive(ref hash @ NixHash::Sha256(_)) => {
match &ca_hash {
CAHash::Text(ref digest) => {
if self_reference {
return Err(BuildStorePathError::InvalidReference());
}
build_store_path_from_fingerprint_parts(
&make_type("source", references, self_reference),
hash,
&make_references_string("text", references, false),
&NixHash::Sha256(*digest.to_owned()),
name,
)
.map_err(BuildStorePathError::InvalidStorePath)
}
_ => {
CAHash::Nar(ref hash @ NixHash::Sha256(_)) => build_store_path_from_fingerprint_parts(
&make_references_string("source", references, self_reference),
hash,
name,
)
.map_err(BuildStorePathError::InvalidStorePath),
// for all other CAHash::Nar, another custom scheme is used.
CAHash::Nar(ref hash) => {
if references.into_iter().next().is_some() {
return Err(BuildStorePathError::InvalidReference());
}
@ -87,14 +94,38 @@ pub fn build_regular_ca_path<S: AsRef<str>, I: IntoIterator<Item = S>>(
build_store_path_from_fingerprint_parts(
"output:out",
&{
let content_digest = {
let mut hasher = Sha256::new_with_prefix("fixed:out:");
hasher.update(hash_with_mode.to_nix_hash_string());
hasher.update(":");
hasher.finalize()
};
NixHash::Sha256(content_digest.into())
NixHash::Sha256(
Sha256::new_with_prefix(format!(
"fixed:out:r:{}:",
hash.to_nix_hash_string()
))
.finalize()
.into(),
)
},
name,
)
.map_err(BuildStorePathError::InvalidStorePath)
}
// CaHash::Flat is using something very similar, except the `r:` prefix.
CAHash::Flat(ref hash) => {
if references.into_iter().next().is_some() {
return Err(BuildStorePathError::InvalidReference());
}
if self_reference {
return Err(BuildStorePathError::InvalidReference());
}
build_store_path_from_fingerprint_parts(
"output:out",
&{
NixHash::Sha256(
Sha256::new_with_prefix(format!(
"fixed:out:{}:",
hash.to_nix_hash_string()
))
.finalize()
.into(),
)
},
name,
)
@ -105,13 +136,12 @@ pub fn build_regular_ca_path<S: AsRef<str>, I: IntoIterator<Item = S>>(
/// For given NAR sha256 digest and name, return the new [StorePath] this would have.
pub fn build_nar_based_store_path(nar_sha256_digest: &[u8; 32], name: &str) -> StorePath {
let nar_hash_with_mode =
NixHashWithMode::Recursive(NixHash::Sha256(nar_sha256_digest.to_owned()));
let nar_hash_with_mode = CAHash::Nar(NixHash::Sha256(nar_sha256_digest.to_owned()));
build_regular_ca_path(name, &nar_hash_with_mode, Vec::<String>::new(), false).unwrap()
build_ca_path(name, &nar_hash_with_mode, Vec::<String>::new(), false).unwrap()
}
/// This builds an input-addressed store path
/// This builds an input-addressed store path.
///
/// Input-addresed store paths are always derivation outputs, the "input" in question is the
/// derivation and its closure.
@ -135,22 +165,20 @@ pub fn build_output_path(
///
/// The fingerprint is hashed with sha256, its digest is compressed to 20 bytes,
/// and nixbase32-encoded (32 characters).
fn build_store_path_from_fingerprint_parts(
fn build_store_path_from_fingerprint_parts<B: AsRef<[u8]>>(
ty: &str,
hash: &NixHash,
name: &str,
name: B,
) -> Result<StorePath, Error> {
let name = super::validate_name(name.as_ref())?;
let fingerprint =
String::from(ty) + ":" + &hash.to_nix_hash_string() + ":" + STORE_DIR + ":" + name;
let digest = {
let hasher = Sha256::new_with_prefix(fingerprint);
hasher.finalize()
};
String::from(ty) + ":" + &hash.to_nix_hash_string() + ":" + STORE_DIR + ":" + &name;
let digest = Sha256::new_with_prefix(fingerprint).finalize();
let compressed = compress_hash::<20>(&digest);
super::validate_name(name.as_bytes())?;
Ok(StorePath {
digest: compressed,
name: name.to_string(),
name,
})
}
@ -164,7 +192,7 @@ fn build_store_path_from_fingerprint_parts(
/// - the nix_hash_string representation of the sha256 digest of some contents
/// - the value of `storeDir`
/// - the name
fn make_type<S: AsRef<str>, I: IntoIterator<Item = S>>(
fn make_references_string<S: AsRef<str>, I: IntoIterator<Item = S>>(
ty: &str,
references: I,
self_ref: bool,
@ -190,11 +218,7 @@ fn make_type<S: AsRef<str>, I: IntoIterator<Item = S>>(
/// The actual placeholder is basically just a SHA256 hash encoded in
/// cppnix format.
pub fn hash_placeholder(name: &str) -> String {
let digest = {
let mut hasher = Sha256::new();
hasher.update(format!("nix-output:{}", name));
hasher.finalize()
};
let digest = Sha256::new_with_prefix(format!("nix-output:{}", name)).finalize();
format!("/{}", nixbase32::encode(&digest))
}
@ -202,7 +226,7 @@ pub fn hash_placeholder(name: &str) -> String {
#[cfg(test)]
mod test {
use super::*;
use crate::nixhash::{NixHash, NixHashWithMode};
use crate::nixhash::{CAHash, NixHash};
#[test]
fn build_text_path_with_zero_references() {
@ -242,9 +266,9 @@ mod test {
#[test]
fn build_sha1_path() {
let outer = build_regular_ca_path(
let outer = build_ca_path(
"bar",
&NixHashWithMode::Recursive(NixHash::Sha1(
&CAHash::Nar(NixHash::Sha1(
data_encoding::HEXLOWER
.decode(b"0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33")
.expect("hex should decode")
@ -271,9 +295,9 @@ mod test {
//
// $ nix store make-content-addressed /nix/store/5xd714cbfnkz02h2vbsj4fm03x3f15nf-baz
// rewrote '/nix/store/5xd714cbfnkz02h2vbsj4fm03x3f15nf-baz' to '/nix/store/s89y431zzhmdn3k8r96rvakryddkpv2v-baz'
let outer = build_regular_ca_path(
let outer = build_ca_path(
"baz",
&NixHashWithMode::Recursive(NixHash::Sha256(
&CAHash::Nar(NixHash::Sha256(
nixbase32::decode(b"1xqkzcb3909fp07qngljr4wcdnrh1gdam1m2n29i6hhrxlmkgkv1")
.expect("hex should decode")
.try_into()