aboutsummaryrefslogtreecommitdiff
path: root/src/libutil/hash.cc
AgeCommit message (Collapse)Author
2018-05-02Fix some random -Wconversion warningsEelco Dolstra
2018-03-22Merge branch 'fix/avoid-large-stack-buffers' of https://github.com/dtzWill/nixEelco Dolstra
2018-03-14Catch more possible instances of passing NULL to memcpy.Shea Levy
Actually fixes #1976.
2018-03-02don't allocate large buffers on the stackWill Dietz
2018-02-19libutil: Fix invalid assert on decoding base64 hashesTuomas Tynkkynen
The assertion is broken because there is no one-to-one mapping from length of a base64 string to the length of the output. E.g. "1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9q=" results in a 32-byte output. "1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9qy" results in a 33-byte output. To reproduce, evaluate: builtins.derivationStrict { name = "0"; builder = "0"; system = "0"; outputHashAlgo = "sha256"; outputHash = "1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9qy"; } Found by afl-fuzz.
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-28nix-prefetch-url: Fix regression in hash printingEelco Dolstra
2017-07-10Merge pull request #1422 from nh2/fix-potential-hash-comparison-crashEelco Dolstra
Fix potential crash/wrong result two hashes of unequal length are compared
2017-07-04Support base-64 hashesEelco Dolstra
Also simplify the Hash API. Fixes #1437.
2017-06-24Fix potential crash/wrong result two hashes of unequal length are comparedNiklas Hambüchen
2017-04-28Fix hash computation when importing NARs greater than 4 GiBEelco Dolstra
This caused "nix-store --import" to compute an incorrect hash on NARs that don't fit in an unsigned int. The import would succeed, but "nix-store --verify-path" or subsequent exports would detect an incorrect hash. A deeper issue is that the export/import format does not contain a hash, so we can't detect such issues early. Also, I learned that -Wall does not warn about this.
2017-03-21Move istringstream_nocopy to a separate fileEelco Dolstra
2017-03-06istringstream_nocopy: Implement in a standards-compliant way.Shea Levy
Fixes the problem mentioned in e6a61b8da788efbbbb0eb690c49434b6b5fc9741 See #1135
2017-02-08Include config.h implicitly with '-include config.h' in CFLAGSTuomas Tynkkynen
Because config.h can #define things like _FILE_OFFSET_BITS=64 and not every compilation unit includes config.h, we currently compile half of Nix with _FILE_OFFSET_BITS=64 and other half with _FILE_OFFSET_BITS unset. This causes major havoc with the Settings class on e.g. 32-bit ARM, where different compilation units disagree with the struct layout. E.g.: diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc @@ -166,6 +166,8 @@ void Settings::update() _get(useSubstitutes, "build-use-substitutes"); + fprintf(stderr, "at Settings::update(): &useSubstitutes = %p\n", &nix::settings.useSubstitutes); _get(buildUsersGroup, "build-users-group"); diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc +++ b/src/libstore/remote-store.cc @@ -138,6 +138,8 @@ void RemoteStore::initConnection(Connection & conn) void RemoteStore::setOptions(Connection & conn) { + fprintf(stderr, "at RemoteStore::setOptions(): &useSubstitutes = %p\n", &nix::settings.useSubstitutes); conn.to << wopSetOptions Gave me: at Settings::update(): &useSubstitutes = 0xb6e5c5cb at RemoteStore::setOptions(): &useSubstitutes = 0xb6e5c5c7 That was not a fun one to debug!
2016-11-06Detect and disallow base32 hash overflowVladimír Čunát
Example (before this commit): $ nix-hash --type sha256 --to-base16 4n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0 \ | xargs nix-hash --type sha256 --to-base32 0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0 It's a real-life example: https://github.com/NixOS/nixpkgs/pull/20208/files#r86695567
2016-07-21Fix assertion failureEelco Dolstra
2016-07-21NarInfo::NarInfo(): Ensure that we get a NAR size/hashEelco Dolstra
2016-07-11Modernize AutoCloseFDShea Levy
2016-06-09Use O_CLOEXEC in most placesEelco Dolstra
2016-04-20Cache path info lookups in SQLiteEelco Dolstra
This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-01-27Make hashLength32() a method of HashEelco Dolstra
2015-11-04Support SHA-512 hashesEelco Dolstra
Fixes #679. Note: on x86_64, SHA-512 is considerably faster than SHA-256 (198 MB/s versus 131 MB/s).
2015-11-04Require OpenSSLEelco Dolstra
2015-09-18Shut up clang warningsEelco Dolstra
2015-02-03Simplify parseHash32Eelco Dolstra
2015-02-03Simplify printHash32Eelco Dolstra
2014-08-20Use proper quotes everywhereEelco Dolstra
2012-10-23If hashes do not match, print them in base-32 for SHA-1/SHA-256Eelco Dolstra
Fixes #57.
2012-02-09Use data() instead of c_str() where appropriateEelco Dolstra
2011-12-15* Refactoring: move sink/source buffering into separate classes.Eelco Dolstra
* Buffer the HashSink. This speeds up hashing a bit because it prevents lots of calls to the hash update functions (e.g. nix-hash went from 9.3s to 8.7s of user time on the closure of my /var/run/current-system).
2011-12-02* Move parseHash16or32 into libutil, and use in nix-hash.Eelco Dolstra
2010-11-16* Store the size of a store path in the database (to be precise, theEelco Dolstra
size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-03-09* In `nix-store --export', abort if the contents of a path hasEelco Dolstra
changed. This prevents corrupt paths from spreading to other machines. Note that checking the hash is cheap because we're hashing anyway (because of the --sign feature).
2008-12-03* Pass HashType values instead of strings.Eelco Dolstra
2008-08-25* Doh.Eelco Dolstra
2008-08-25* Strip off the `.nix' suffix from the attribute name for files inEelco Dolstra
~/.nix-defexpr, otherwise the attribute cannot be selected with the `-A' option. Useful if you want to stick a Nix expression directly in ~/.nix-defexpr.
2008-05-21* GCC 4.3.0 (Fedora 9) compatibility fixes. Reported by Gour andEelco Dolstra
Armijn Hemel.
2007-02-21* `nix-store --export --sign': sign the Nix archive using the RSA keyEelco Dolstra
in /nix/etc/nix/signing-key.sec
2006-12-12* New primop builtins.filterSource, which can be used to filter filesEelco Dolstra
from a source directory. All files for which a predicate function returns true are copied to the store. Typical example is to leave out the .svn directory: stdenv.mkDerivation { ... src = builtins.filterSource (path: baseNameOf (toString path) != ".svn") ./source-dir; # as opposed to # src = ./source-dir; } This is important because the .svn directory influences the hash in a rather unpredictable and variable way.
2006-11-30* Skeleton of the privileged worker program.Eelco Dolstra
* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation.
2006-09-20* Print a better error message for wrong hashes (NIX-49).Eelco Dolstra
2006-09-04* Use a proper namespace.Eelco Dolstra
* Optimise header file usage a bit. * Compile the parser as C++.
2006-03-09* Ugh, printHash() was very inefficient because it usedEelco Dolstra
ostringstreams. Around 11% of execution time was spent here (now it's 0.5%).
2006-03-01* Ouch, parseHash32 was completely broken. All digits >= 4 wereEelco Dolstra
parsed as 4. For a moment I worried that printHash32 was broken, and that would have been really, *really* bad ;-)
2006-02-13* Optional switch "--with-openssl=<PATH>" to use OpenSSL'sEelco Dolstra
implementations of MD5, SHA-1 and SHA-256. The main benefit is that we get assembler-optimised implementations of MD5 and SHA-1 (though not SHA-256 (at least on x86), unfortunately). OpenSSL's SHA-1 implementation on Intel is twice as fast as ours.
2006-02-13* Use a union.Eelco Dolstra
2005-11-16* Did something useful while waiting at IAD: reference scanning is nowEelco Dolstra
much faster.
2005-03-23* Fix endianness bug.Eelco Dolstra
2005-01-17* Removed the `id' attribute hack.Eelco Dolstra
* Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.)
2005-01-14* Shorten SHA-256 hashes used in store path name generation to 160Eelco Dolstra
bits, then encode them in a radix-32 representation (using digits and letters except e, o, u, and t). This produces store paths like /nix/store/4i0zb0z7f88mwghjirkz702a71dcfivn-aterm-2.3.1. The nice thing about this is that the hash part of the file name is still 32 characters, as before with MD5. (Of course, shortening SHA-256 to 160 bits makes it no better than SHA-160 in theory, but hopefully it's a bit more resistant to attacks; it's certainly a lot slower.)