refactor(tvix/nix-compat): rename NixHashWithMode -> CAHash

This specific struct is only used to represent content-addressed paths
(in case a Derivation has a fixed-output hash, for example).
Rename `Output`'s `hash_with_mode` to `ca_hash`.

We now also include `CAHash::Text`, and update the `validate` function
of the `Output` struct to reject text hashes there.

This allows cleaning up the various output path calculation functions
inside nix-compat/src/store_path/utils.rs, as they can now match on
the type.

`make_type` is renamed to `make_references_string`,
`build_regular_ca_path` is renamed to `build_ca_path`, and
`build_text_path` has a disclaimer added, because you might not actually
want to use it.

Change-Id: I674d065f2ed5c804012ddfed56e161ac49d23931
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9814
Tested-by: BuildkiteCI
Reviewed-by: raitobezarius <tvl@lahfa.xyz>
This commit is contained in:
Florian Klink 2023-10-18 11:39:36 +01:00 committed by flokli
parent 833957b374
commit 34fc4637eb
10 changed files with 222 additions and 209 deletions

View file

@ -115,7 +115,7 @@ fn populate_output_configuration(
) -> Result<(), ErrorKind> {
// We only do something when `digest` and `algo` are `Some(_)``, and
// there's an `out` output.
if let (Some(hash), Some(algo), hash_mode) = (hash, hash_algo, hash_mode) {
if let (Some(nixhash_str), Some(algo), hash_mode) = (hash, hash_algo, hash_mode) {
match drv.outputs.get_mut("out") {
None => return Err(Error::ConflictingOutputTypes.into()),
Some(out) => {
@ -126,12 +126,12 @@ fn populate_output_configuration(
Some(algo.as_ref())
};
let output_hash = nixhash::from_str(&hash, a).map_err(Error::InvalidOutputHash)?;
let hash = nixhash::from_str(&nixhash_str, a).map_err(Error::InvalidOutputHash)?;
// construct the NixHashWithMode.
out.hash_with_mode = match hash_mode.as_deref() {
None | Some("flat") => Some(nixhash::NixHashWithMode::Flat(output_hash)),
Some("recursive") => Some(nixhash::NixHashWithMode::Recursive(output_hash)),
out.ca_hash = match hash_mode.as_deref() {
None | Some("flat") => Some(nixhash::CAHash::Flat(hash)),
Some("recursive") => Some(nixhash::CAHash::Nar(hash)),
Some(other) => {
return Err(Error::InvalidOutputHashMode(other.to_string()).into())
}

View file

@ -1,6 +1,8 @@
use crate::{nixbase32::Nixbase32DecodeError, store_path};
use crate::store_path;
use thiserror::Error;
use super::CAHash;
/// Errors that can occur during the validation of Derivation structs.
#[derive(Debug, Error, PartialEq)]
pub enum DerivationError {
@ -50,10 +52,6 @@ pub enum DerivationError {
pub enum OutputError {
#[error("Invalid output path {0}: {1}")]
InvalidOutputPath(String, store_path::Error),
#[error("Invalid hash encoding: {0}")]
InvalidHashEncoding(String, Nixbase32DecodeError),
#[error("Invalid hash algo: {0}")]
InvalidHashAlgo(String),
#[error("Invalid Digest size {0} for algo {1}")]
InvalidDigestSizeForAlgo(usize, String),
#[error("Invalid CAHash: {:?}", .0)]
InvalidCAHash(CAHash),
}

View file

@ -1,6 +1,4 @@
use crate::store_path::{
self, build_output_path, build_regular_ca_path, build_text_path, StorePath,
};
use crate::store_path::{self, build_ca_path, build_output_path, build_text_path, StorePath};
use bstr::BString;
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
@ -18,7 +16,7 @@ mod write;
mod tests;
// Public API of the crate.
pub use crate::nixhash::{NixHash, NixHashWithMode};
pub use crate::nixhash::{CAHash, NixHash};
pub use errors::{DerivationError, OutputError};
pub use output::Output;
@ -122,16 +120,22 @@ impl Derivation {
/// Returns the FOD digest, if the derivation is fixed-output, or None if
/// it's not.
/// TODO: this is kinda the string from [build_ca_path] with a
/// [CAHash::Flat], what's fed to `build_store_path_from_fingerprint_parts`
/// (except the out_output.path being an empty string)
fn fod_digest(&self) -> Option<[u8; 32]> {
if self.outputs.len() != 1 {
return None;
}
let out_output = self.outputs.get("out")?;
let ca_hash = &out_output.ca_hash.as_ref()?;
Some(
Sha256::new_with_prefix(format!(
"fixed:out:{}:{}",
out_output.hash_with_mode.clone()?.to_nix_hash_string(),
"fixed:out:{}{}:{}",
ca_kind_prefix(ca_hash),
ca_hash.digest().to_nix_hash_string(),
out_output.path
))
.finalize()
@ -229,10 +233,10 @@ impl Derivation {
// For fixed output derivation we use the per-output info, otherwise we use the
// derivation hash.
let abs_store_path = if let Some(ref hwm) = output.hash_with_mode {
build_regular_ca_path(&path_name, hwm, Vec::<String>::new(), false).map_err(
|e| DerivationError::InvalidOutputDerivationPath(output_name.to_string(), e),
)?
let abs_store_path = if let Some(ref hwm) = output.ca_hash {
build_ca_path(&path_name, hwm, Vec::<String>::new(), false).map_err(|e| {
DerivationError::InvalidOutputDerivationPath(output_name.to_string(), e)
})?
} else {
build_output_path(derivation_or_fod_hash, output_name, &path_name).map_err(|e| {
DerivationError::InvalidOutputDerivationPath(
@ -265,3 +269,15 @@ fn output_path_name(derivation_name: &str, output_name: &str) -> String {
}
output_path_name
}
/// For a [CAHash], return the "prefix" used for NAR purposes.
/// For [CAHash::Flat], this is an empty string, for [CAHash::Nar], it's "r:".
/// Panics for other [CAHash] kinds, as they're not valid in a derivation
/// context.
fn ca_kind_prefix(ca_hash: &CAHash) -> &'static str {
match ca_hash {
CAHash::Flat(_) => "",
CAHash::Nar(_) => "r:",
_ => panic!("invalid ca hash in derivation context: {:?}", ca_hash),
}
}

View file

@ -1,5 +1,5 @@
use crate::derivation::OutputError;
use crate::nixhash::{HashAlgo, NixHashWithMode};
use crate::nixhash::CAHash;
use crate::store_path::StorePath;
use serde::{Deserialize, Serialize};
use serde_json::Map;
@ -9,7 +9,7 @@ pub struct Output {
pub path: String,
#[serde(flatten)]
pub hash_with_mode: Option<NixHashWithMode>,
pub ca_hash: Option<CAHash>, // we can only represent a subset here.
}
impl<'de> Deserialize<'de> for Output {
@ -30,26 +30,26 @@ impl<'de> Deserialize<'de> for Output {
&"a string",
))?
.to_owned(),
hash_with_mode: NixHashWithMode::from_map::<D>(&fields)?,
ca_hash: CAHash::from_map::<D>(&fields)?,
})
}
}
impl Output {
pub fn is_fixed(&self) -> bool {
self.hash_with_mode.is_some()
self.ca_hash.is_some()
}
pub fn validate(&self, validate_output_paths: bool) -> Result<(), OutputError> {
if let Some(hash) = &self.hash_with_mode {
match hash {
NixHashWithMode::Flat(h) | NixHashWithMode::Recursive(h) => {
if h.algo() != HashAlgo::Sha1 || h.algo() != HashAlgo::Sha256 {
return Err(OutputError::InvalidHashAlgo(h.algo().to_string()));
}
if let Some(fixed_output_hash) = &self.ca_hash {
match fixed_output_hash {
CAHash::Flat(_) | CAHash::Nar(_) => {
// all hashes allowed for Flat, and Nar.
}
_ => return Err(OutputError::InvalidCAHash(fixed_output_hash.clone())),
}
}
if validate_output_paths {
if let Err(e) = StorePath::from_absolute_path(self.path.as_bytes()) {
return Err(OutputError::InvalidOutputPath(self.path.to_string(), e));

View file

@ -12,8 +12,8 @@ use nom::sequence::{delimited, preceded, separated_pair, terminated, tuple};
use std::collections::{BTreeMap, BTreeSet};
use thiserror;
use super::parse_error::{into_nomerror, ErrorKind, NomError, NomResult};
use super::{write, Derivation, NixHashWithMode, Output};
use crate::derivation::parse_error::{into_nomerror, ErrorKind, NomError, NomResult};
use crate::derivation::{write, CAHash, Derivation, Output};
use crate::{aterm, nixhash};
#[derive(Debug, thiserror::Error)]
@ -42,6 +42,24 @@ pub(crate) fn parse(i: &[u8]) -> Result<Derivation, Error<&[u8]>> {
}
}
/// Consume a string containing the algo, and optionally a `r:`
/// prefix, and a digest (bytes), return a [CAHash::Nar] or [CAHash::Flat].
fn from_algo_and_mode_and_digest<B: AsRef<[u8]>>(
algo_and_mode: &str,
digest: B,
) -> crate::nixhash::Result<CAHash> {
Ok(match algo_and_mode.strip_prefix("r:") {
Some(algo) => nixhash::CAHash::Nar(nixhash::from_algo_and_digest(
algo.try_into()?,
digest.as_ref(),
)?),
None => nixhash::CAHash::Flat(nixhash::from_algo_and_digest(
algo_and_mode.try_into()?,
digest.as_ref(),
)?),
})
}
/// Parse one output in ATerm. This is 4 string fields inside parans:
/// output name, output path, algo (and mode), digest.
/// Returns the output name and [Output] struct.
@ -60,27 +78,26 @@ fn parse_output(i: &[u8]) -> NomResult<&[u8], (String, Output)> {
},
|(output_name, output_path, algo_and_mode, encoded_digest)| {
// convert these 4 fields into an [Output].
let hash_with_mode_res = {
let ca_hash_res = {
if algo_and_mode.is_empty() && encoded_digest.is_empty() {
None
} else {
match data_encoding::HEXLOWER.decode(&encoded_digest) {
Ok(digest) => Some(NixHashWithMode::from_algo_mode_hash(
&algo_and_mode,
&digest,
)),
Ok(digest) => {
Some(from_algo_and_mode_and_digest(&algo_and_mode, digest))
}
Err(e) => Some(Err(nixhash::Error::InvalidBase64Encoding(e))),
}
}
}
.transpose();
match hash_with_mode_res {
match ca_hash_res {
Ok(hash_with_mode) => Ok((
output_name,
Output {
path: output_path,
hash_with_mode,
ca_hash: hash_with_mode,
},
)),
Err(e) => Err(nom::Err::Failure(NomError {
@ -279,12 +296,20 @@ where
mod tests {
use std::collections::{BTreeMap, BTreeSet};
use crate::derivation::{parse_error::ErrorKind, Output};
use crate::derivation::{
parse_error::ErrorKind, parser::from_algo_and_mode_and_digest, CAHash, NixHash, Output,
};
use bstr::{BString, ByteSlice};
use lazy_static::lazy_static;
use test_case::test_case;
const DIGEST_SHA256: [u8; 32] = [
0xa5, 0xce, 0x9c, 0x15, 0x5e, 0xd0, 0x93, 0x97, 0x61, 0x46, 0x46, 0xc9, 0x71, 0x7f, 0xc7,
0xcd, 0x94, 0xb1, 0x02, 0x3d, 0x7b, 0x76, 0xb6, 0x18, 0xd4, 0x09, 0xe4, 0xfe, 0xfd, 0x6e,
0x9d, 0x39,
];
lazy_static! {
pub static ref NIXHASH_SHA256: NixHash = NixHash::Sha256(DIGEST_SHA256);
static ref EXP_MULTI_OUTPUTS: BTreeMap<String, Output> = {
let mut b = BTreeMap::new();
b.insert(
@ -292,14 +317,14 @@ mod tests {
Output {
path: "/nix/store/2vixb94v0hy2xc6p7mbnxxcyc095yyia-has-multi-out-lib"
.to_string(),
hash_with_mode: None,
ca_hash: None,
},
);
b.insert(
"out".to_string(),
Output {
path: "/nix/store/55lwldka5nyxa08wnvlizyqw02ihy8ic-has-multi-out".to_string(),
hash_with_mode: None,
ca_hash: None,
},
);
b
@ -441,19 +466,15 @@ mod tests {
br#"("out","/nix/store/5vyvcwah9l9kf07d52rcgdk70g2f4y13-foo","","")"#,
("out".to_string(), Output {
path: "/nix/store/5vyvcwah9l9kf07d52rcgdk70g2f4y13-foo".to_string(),
hash_with_mode: None
ca_hash: None
}); "simple"
)]
#[test_case(
br#"("out","/nix/store/4q0pg5zpfmznxscq3avycvf9xdvx50n3-bar","r:sha256","08813cbee9903c62be4c5027726a418a300da4500b2d369d3af9286f4815ceba")"#,
("out".to_string(), Output {
path: "/nix/store/4q0pg5zpfmznxscq3avycvf9xdvx50n3-bar".to_string(),
hash_with_mode: Some(crate::derivation::NixHashWithMode::Recursive(
crate::nixhash::from_algo_and_digest (
crate::nixhash::HashAlgo::Sha256,
&data_encoding::HEXLOWER.decode(b"08813cbee9903c62be4c5027726a418a300da4500b2d369d3af9286f4815ceba").unwrap()
).unwrap()
)),
ca_hash: Some(from_algo_and_mode_and_digest("r:sha256",
&data_encoding::HEXLOWER.decode(b"08813cbee9903c62be4c5027726a418a300da4500b2d369d3af9286f4815ceba").unwrap() ).unwrap()),
}); "fod"
)]
fn parse_output(input: &[u8], expected: (String, Output)) {
@ -472,4 +493,19 @@ mod tests {
assert!(rest.is_empty());
assert_eq!(*expected, parsed);
}
#[test_case("sha256", &DIGEST_SHA256, CAHash::Flat(NIXHASH_SHA256.clone()); "sha256 flat")]
#[test_case("r:sha256", &DIGEST_SHA256, CAHash::Nar(NIXHASH_SHA256.clone()); "sha256 recursive")]
fn test_from_algo_and_mode_and_digest(algo_and_mode: &str, digest: &[u8], expected: CAHash) {
assert_eq!(
expected,
from_algo_and_mode_and_digest(algo_and_mode, digest).unwrap()
);
}
#[test]
fn from_algo_and_mode_and_digest_failure() {
assert!(from_algo_and_mode_and_digest("r:sha256", &[]).is_err());
assert!(from_algo_and_mode_and_digest("ha256", &DIGEST_SHA256).is_err());
}
}

View file

@ -315,7 +315,7 @@ fn output_path_construction() {
"out".to_string(),
Output {
path: "".to_string(), // will be calculated
hash_with_mode: Some(crate::nixhash::NixHashWithMode::Recursive(
ca_hash: Some(crate::nixhash::CAHash::Nar(
crate::nixhash::from_algo_and_digest(
crate::nixhash::HashAlgo::Sha256,
&data_encoding::HEXLOWER
@ -376,7 +376,7 @@ fn output_path_construction() {
"out".to_string(),
Output {
path: "".to_string(), // will be calculated
hash_with_mode: None,
ca_hash: None,
},
);

View file

@ -4,7 +4,7 @@
//! [ATerm]: http://program-transformation.org/Tools/ATermFormat.html
use crate::aterm::escape_bytes;
use crate::derivation::output::Output;
use crate::derivation::{ca_kind_prefix, output::Output};
use bstr::BString;
use std::{
collections::{BTreeMap, BTreeSet},
@ -79,14 +79,10 @@ pub fn write_outputs(
let mut elements: Vec<&str> = vec![output_name, &output.path];
let (mode_and_algo, digest) = match &output.hash_with_mode {
Some(crate::nixhash::NixHashWithMode::Flat(h)) => (
h.algo().to_string(),
data_encoding::HEXLOWER.encode(h.digest_as_bytes()),
),
Some(crate::nixhash::NixHashWithMode::Recursive(h)) => (
format!("r:{}", h.algo()),
data_encoding::HEXLOWER.encode(h.digest_as_bytes()),
let (mode_and_algo, digest) = match &output.ca_hash {
Some(ca_hash) => (
format!("{}{}", ca_kind_prefix(ca_hash), ca_hash.digest().algo()),
data_encoding::HEXLOWER.encode(ca_hash.digest().digest_as_bytes()),
),
None => ("".to_string(), "".to_string()),
};

View file

@ -4,74 +4,41 @@ use serde::de::Unexpected;
use serde::ser::SerializeMap;
use serde::{Deserialize, Deserializer, Serialize, Serializer};
use serde_json::{Map, Value};
use std::borrow::Cow;
use super::algos::SUPPORTED_ALGOS;
use super::from_algo_and_digest;
pub enum NixHashMode {
Flat,
Recursive,
}
impl NixHashMode {
pub fn prefix(self) -> &'static str {
match self {
Self::Flat => "",
Self::Recursive => "r:",
}
}
}
/// A Nix Hash can either be flat or recursive.
/// A Nix CAHash describes a content-addressed hash of a path.
/// Semantically, it can be split into the following components:
///
/// - "content address prefix". Currently, "fixed" and "text" are supported.
/// - "hash mode". Currently, "flat" and "recursive" are supported.
/// - "hash type". The underlying hash function used.
/// Currently, sha1, md5, sha256, sha512.
/// - "digest". The digest itself.
#[derive(Clone, Debug, Eq, PartialEq)]
pub enum NixHashWithMode {
Flat(NixHash),
Recursive(NixHash),
pub enum CAHash {
Flat(NixHash), // "fixed flat"
Nar(NixHash), // "fixed recursive"
Text(Box<[u8; 32]>), // "text", only supports sha256
}
impl NixHashWithMode {
/// Construct a [NixHashWithMode] from a string containing the algo, and
/// optionally a `r:` prefix, and a digest (bytes).
pub fn from_algo_mode_hash(algo_and_mode: &str, digest: &[u8]) -> super::Result<Self> {
Ok(match algo_and_mode.strip_prefix("r:") {
Some(algo) => nixhash::NixHashWithMode::Recursive(nixhash::from_algo_and_digest(
algo.try_into()?,
digest,
)?),
None => nixhash::NixHashWithMode::Flat(nixhash::from_algo_and_digest(
algo_and_mode.try_into()?,
digest,
)?),
})
}
pub fn mode(&self) -> NixHashMode {
impl CAHash {
pub fn digest(&self) -> Cow<NixHash> {
match self {
Self::Flat(_) => NixHashMode::Flat,
Self::Recursive(_) => NixHashMode::Recursive,
CAHash::Nar(ref digest) => Cow::Borrowed(digest),
CAHash::Text(ref digest) => Cow::Owned(NixHash::Sha256(*digest.clone())),
CAHash::Flat(ref digest) => Cow::Borrowed(digest),
}
}
pub fn digest(&self) -> &NixHash {
match self {
Self::Flat(ref h) => h,
Self::Recursive(ref h) => h,
}
}
/// Formats a [NixHashWithMode] in the Nix default hash format,
/// which is the algo, followed by a colon, then the lower hex encoded digest.
/// In case the hash itself is recursive, a `r:` is added as prefix
pub fn to_nix_hash_string(&self) -> String {
String::from(self.mode().prefix()) + &self.digest().to_nix_hash_string()
}
/// This takes a serde_json::Map and turns it into this structure. This is necessary to do such
/// shenigans because we have external consumers, like the Derivation parser, who would like to
/// know whether we have a invalid or a missing NixHashWithMode structure in another structure,
/// e.g. Output.
/// This means we have this combinatorial situation:
/// - no hash, no hashAlgo: no NixHashWithMode so we return Ok(None).
/// - no hash, no hashAlgo: no [CAHash] so we return Ok(None).
/// - present hash, missing hashAlgo: invalid, we will return missing_field
/// - missing hash, present hashAlgo: same
/// - present hash, present hashAlgo: either we return ourselves or a type/value validation
@ -79,7 +46,7 @@ impl NixHashWithMode {
/// This function is for internal consumption regarding those needs until we have a better
/// solution. Now this is said, let's explain how this works.
///
/// We want to map the serde data model into a NixHashWithMode.
/// We want to map the serde data model into a [CAHash].
///
/// The serde data model has a `hash` field (containing a digest in nixbase32),
/// and a `hashAlgo` field, containing the stringified hash algo.
@ -118,7 +85,7 @@ impl NixHashWithMode {
if let Some(v) = map.get("hashAlgo") {
if let Some(s) = v.as_str() {
match s.strip_prefix("r:") {
Some(rest) => Ok(Some(Self::Recursive(
Some(rest) => Ok(Some(Self::Nar(
from_algo_and_digest(
HashAlgo::try_from(rest).map_err(|e| {
serde::de::Error::invalid_value(
@ -167,28 +134,35 @@ impl NixHashWithMode {
}
}
impl Serialize for NixHashWithMode {
/// map a NixHashWithMode into the serde data model.
impl Serialize for CAHash {
/// map a CAHash into the serde data model.
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
let mut map = serializer.serialize_map(Some(2))?;
match self {
NixHashWithMode::Flat(h) => {
CAHash::Flat(h) => {
map.serialize_entry("hash", &nixbase32::encode(h.digest_as_bytes()))?;
map.serialize_entry("hashAlgo", &h.algo())?;
}
NixHashWithMode::Recursive(h) => {
CAHash::Nar(h) => {
map.serialize_entry("hash", &nixbase32::encode(h.digest_as_bytes()))?;
map.serialize_entry("hashAlgo", &format!("r:{}", &h.algo()))?;
}
// It is not legal for derivations to use this (which is where
// we're currently exercising [Serialize] mostly,
// but it's still good to be able to serialize other CA hashes too.
CAHash::Text(h) => {
map.serialize_entry("hash", &nixbase32::encode(h.as_ref()))?;
map.serialize_entry("hashAlgo", "text")?;
}
};
map.end()
}
}
impl<'de> Deserialize<'de> for NixHashWithMode {
impl<'de> Deserialize<'de> for CAHash {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
@ -201,34 +175,3 @@ impl<'de> Deserialize<'de> for NixHashWithMode {
}
}
}
#[cfg(test)]
mod tests {
use crate::nixhash::{NixHash, NixHashWithMode};
use lazy_static::lazy_static;
use test_case::test_case;
const DIGEST_SHA256: [u8; 32] = [
0xa5, 0xce, 0x9c, 0x15, 0x5e, 0xd0, 0x93, 0x97, 0x61, 0x46, 0x46, 0xc9, 0x71, 0x7f, 0xc7,
0xcd, 0x94, 0xb1, 0x02, 0x3d, 0x7b, 0x76, 0xb6, 0x18, 0xd4, 0x09, 0xe4, 0xfe, 0xfd, 0x6e,
0x9d, 0x39,
];
lazy_static! {
pub static ref NIXHASH_SHA256: NixHash = NixHash::Sha256(DIGEST_SHA256);
}
#[test_case("sha256", &DIGEST_SHA256, NixHashWithMode::Flat(NIXHASH_SHA256.clone()); "sha256 flat")]
#[test_case("r:sha256", &DIGEST_SHA256, NixHashWithMode::Recursive(NIXHASH_SHA256.clone()); "sha256 recursive")]
fn from_from_algo_mode_hash(algo_and_mode: &str, digest: &[u8], expected: NixHashWithMode) {
assert_eq!(
expected,
NixHashWithMode::from_algo_mode_hash(algo_and_mode, digest).unwrap()
);
}
#[test]
fn from_algo_mode_failure() {
assert!(NixHashWithMode::from_algo_mode_hash("r:sha256", &[]).is_err());
assert!(NixHashWithMode::from_algo_mode_hash("ha256", &DIGEST_SHA256).is_err());
}
}

View file

@ -3,10 +3,10 @@ use data_encoding::{BASE64, BASE64_NOPAD, HEXLOWER};
use thiserror;
mod algos;
mod with_mode;
mod ca_hash;
pub use algos::HashAlgo;
pub use with_mode::NixHashWithMode;
pub use ca_hash::CAHash;
/// NixHash represents hashes known by Nix.
#[derive(Clone, Debug, Eq, PartialEq)]

View file

@ -1,7 +1,6 @@
use super::{Error, STORE_DIR};
use crate::nixbase32;
use crate::nixhash::{NixHash, NixHashWithMode};
use crate::store_path::StorePath;
use crate::nixhash::{CAHash, NixHash};
use crate::store_path::{Error, StorePath, STORE_DIR};
use sha2::{Digest, Sha256};
use thiserror;
@ -41,43 +40,51 @@ pub fn compress_hash<const OUTPUT_SIZE: usize>(input: &[u8]) -> [u8; OUTPUT_SIZE
/// This builds a store path, by calculating the text_hash_string of either a
/// derivation or a literal text file that may contain references.
/// If you don't want to have to pass the entire contents, you might want to use
/// [build_ca_path] instead.
pub fn build_text_path<S: AsRef<str>, I: IntoIterator<Item = S>, C: AsRef<[u8]>>(
name: &str,
content: C,
references: I,
) -> Result<StorePath, Error> {
build_store_path_from_fingerprint_parts(
&make_type("text", references, false),
// the nix_hash_string representation of the sha256 digest of some contents
&{
let content_digest = {
let hasher = Sha256::new_with_prefix(content);
hasher.finalize()
};
) -> Result<StorePath, BuildStorePathError> {
// produce the sha256 digest of the contents
let content_digest = Sha256::new_with_prefix(content).finalize().into();
NixHash::Sha256(content_digest.into())
},
build_ca_path(
name,
&CAHash::Text(Box::new(content_digest)),
references,
false,
)
}
/// This builds a more "regular" content-addressed store path
pub fn build_regular_ca_path<S: AsRef<str>, I: IntoIterator<Item = S>>(
name: &str,
hash_with_mode: &NixHashWithMode,
/// This builds a store path from a [CAHash] and a list of references.
pub fn build_ca_path<B: AsRef<[u8]>, S: AsRef<str>, I: IntoIterator<Item = S>>(
name: B,
ca_hash: &CAHash,
references: I,
self_reference: bool,
) -> Result<StorePath, BuildStorePathError> {
match &hash_with_mode {
NixHashWithMode::Recursive(ref hash @ NixHash::Sha256(_)) => {
match &ca_hash {
CAHash::Text(ref digest) => {
if self_reference {
return Err(BuildStorePathError::InvalidReference());
}
build_store_path_from_fingerprint_parts(
&make_type("source", references, self_reference),
hash,
&make_references_string("text", references, false),
&NixHash::Sha256(*digest.to_owned()),
name,
)
.map_err(BuildStorePathError::InvalidStorePath)
}
_ => {
CAHash::Nar(ref hash @ NixHash::Sha256(_)) => build_store_path_from_fingerprint_parts(
&make_references_string("source", references, self_reference),
hash,
name,
)
.map_err(BuildStorePathError::InvalidStorePath),
// for all other CAHash::Nar, another custom scheme is used.
CAHash::Nar(ref hash) => {
if references.into_iter().next().is_some() {
return Err(BuildStorePathError::InvalidReference());
}
@ -87,14 +94,38 @@ pub fn build_regular_ca_path<S: AsRef<str>, I: IntoIterator<Item = S>>(
build_store_path_from_fingerprint_parts(
"output:out",
&{
let content_digest = {
let mut hasher = Sha256::new_with_prefix("fixed:out:");
hasher.update(hash_with_mode.to_nix_hash_string());
hasher.update(":");
hasher.finalize()
};
NixHash::Sha256(content_digest.into())
NixHash::Sha256(
Sha256::new_with_prefix(format!(
"fixed:out:r:{}:",
hash.to_nix_hash_string()
))
.finalize()
.into(),
)
},
name,
)
.map_err(BuildStorePathError::InvalidStorePath)
}
// CaHash::Flat is using something very similar, except the `r:` prefix.
CAHash::Flat(ref hash) => {
if references.into_iter().next().is_some() {
return Err(BuildStorePathError::InvalidReference());
}
if self_reference {
return Err(BuildStorePathError::InvalidReference());
}
build_store_path_from_fingerprint_parts(
"output:out",
&{
NixHash::Sha256(
Sha256::new_with_prefix(format!(
"fixed:out:{}:",
hash.to_nix_hash_string()
))
.finalize()
.into(),
)
},
name,
)
@ -105,13 +136,12 @@ pub fn build_regular_ca_path<S: AsRef<str>, I: IntoIterator<Item = S>>(
/// For given NAR sha256 digest and name, return the new [StorePath] this would have.
pub fn build_nar_based_store_path(nar_sha256_digest: &[u8; 32], name: &str) -> StorePath {
let nar_hash_with_mode =
NixHashWithMode::Recursive(NixHash::Sha256(nar_sha256_digest.to_owned()));
let nar_hash_with_mode = CAHash::Nar(NixHash::Sha256(nar_sha256_digest.to_owned()));
build_regular_ca_path(name, &nar_hash_with_mode, Vec::<String>::new(), false).unwrap()
build_ca_path(name, &nar_hash_with_mode, Vec::<String>::new(), false).unwrap()
}
/// This builds an input-addressed store path
/// This builds an input-addressed store path.
///
/// Input-addresed store paths are always derivation outputs, the "input" in question is the
/// derivation and its closure.
@ -135,22 +165,20 @@ pub fn build_output_path(
///
/// The fingerprint is hashed with sha256, its digest is compressed to 20 bytes,
/// and nixbase32-encoded (32 characters).
fn build_store_path_from_fingerprint_parts(
fn build_store_path_from_fingerprint_parts<B: AsRef<[u8]>>(
ty: &str,
hash: &NixHash,
name: &str,
name: B,
) -> Result<StorePath, Error> {
let name = super::validate_name(name.as_ref())?;
let fingerprint =
String::from(ty) + ":" + &hash.to_nix_hash_string() + ":" + STORE_DIR + ":" + name;
let digest = {
let hasher = Sha256::new_with_prefix(fingerprint);
hasher.finalize()
};
String::from(ty) + ":" + &hash.to_nix_hash_string() + ":" + STORE_DIR + ":" + &name;
let digest = Sha256::new_with_prefix(fingerprint).finalize();
let compressed = compress_hash::<20>(&digest);
super::validate_name(name.as_bytes())?;
Ok(StorePath {
digest: compressed,
name: name.to_string(),
name,
})
}
@ -164,7 +192,7 @@ fn build_store_path_from_fingerprint_parts(
/// - the nix_hash_string representation of the sha256 digest of some contents
/// - the value of `storeDir`
/// - the name
fn make_type<S: AsRef<str>, I: IntoIterator<Item = S>>(
fn make_references_string<S: AsRef<str>, I: IntoIterator<Item = S>>(
ty: &str,
references: I,
self_ref: bool,
@ -190,11 +218,7 @@ fn make_type<S: AsRef<str>, I: IntoIterator<Item = S>>(
/// The actual placeholder is basically just a SHA256 hash encoded in
/// cppnix format.
pub fn hash_placeholder(name: &str) -> String {
let digest = {
let mut hasher = Sha256::new();
hasher.update(format!("nix-output:{}", name));
hasher.finalize()
};
let digest = Sha256::new_with_prefix(format!("nix-output:{}", name)).finalize();
format!("/{}", nixbase32::encode(&digest))
}
@ -202,7 +226,7 @@ pub fn hash_placeholder(name: &str) -> String {
#[cfg(test)]
mod test {
use super::*;
use crate::nixhash::{NixHash, NixHashWithMode};
use crate::nixhash::{CAHash, NixHash};
#[test]
fn build_text_path_with_zero_references() {
@ -242,9 +266,9 @@ mod test {
#[test]
fn build_sha1_path() {
let outer = build_regular_ca_path(
let outer = build_ca_path(
"bar",
&NixHashWithMode::Recursive(NixHash::Sha1(
&CAHash::Nar(NixHash::Sha1(
data_encoding::HEXLOWER
.decode(b"0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33")
.expect("hex should decode")
@ -271,9 +295,9 @@ mod test {
//
// $ nix store make-content-addressed /nix/store/5xd714cbfnkz02h2vbsj4fm03x3f15nf-baz
// rewrote '/nix/store/5xd714cbfnkz02h2vbsj4fm03x3f15nf-baz' to '/nix/store/s89y431zzhmdn3k8r96rvakryddkpv2v-baz'
let outer = build_regular_ca_path(
let outer = build_ca_path(
"baz",
&NixHashWithMode::Recursive(NixHash::Sha256(
&CAHash::Nar(NixHash::Sha256(
nixbase32::decode(b"1xqkzcb3909fp07qngljr4wcdnrh1gdam1m2n29i6hhrxlmkgkv1")
.expect("hex should decode")
.try_into()