aboutsummaryrefslogtreecommitdiff
path: root/src/libutil/hash.hh
AgeCommit message (Collapse)Author
2020-06-29Merge remote-tracking branch 'upstream/master' into hash-always-has-typeJohn Ericson
2020-06-25Fix empty std::optional dereference in writeDerivation()Eelco Dolstra
https://hydra.nixos.org/build/123017579
2020-06-19WIP: Make Hash always store a valid hash typeJohn Ericson
2020-06-18Revert the `enum struct` changeJohn Ericson
Not a regular git revert as there have been many merges and things.
2020-06-18Merge branch 'enum-class' into no-hash-type-unknownJohn Ericson
2020-06-18Merge remote-tracking branch 'upstream/master' into enum-classJohn Ericson
2020-06-12Use `std::string_view` in a few more placesJohn Ericson
2020-06-12Merge pull request #3674 from matthewbauer/allow-empty-hash2Eelco Dolstra
Allow empty hash in derivations
2020-06-12Add newHashAllowEmpty helper functionMatthew Bauer
This replaces the copy&paste with a helper function in hash.hh.
2020-06-03libutils/hash: remove default encodingzimbatm
This will make it easier to reason about the hash encoding and switch to SRI everywhere where possible.
2020-06-02Remove `HashType::Unknown`John Ericson
Instead, `Hash` uses `std::optional<HashType>`. In the future, we may also make `Hash` itself require a known hash type, encoraging people to use `std::optional<Hash>` instead.
2020-03-29Use `enum struct` and drop prefixesJohn Ericson
This does a few enums; the rest will be gotten in subsequent commits.
2020-03-24Misc changes from the flakes branchEelco Dolstra
2019-10-21Allow content-addressable paths to have referencesEelco Dolstra
This adds a command 'nix make-content-addressable' that rewrites the specified store paths into content-addressable paths. The advantage of such paths is that 1) they can be imported without signatures; 2) they can enable deduplication in cases where derivation changes do not cause output changes (apart from store path hashes). For example, $ nix make-content-addressable -r nixpkgs.cowsay rewrote '/nix/store/g1g31ah55xdia1jdqabv1imf6mcw0nb1-glibc-2.25-49' to '/nix/store/48jfj7bg78a8n4f2nhg269rgw1936vj4-glibc-2.25-49' ... rewrote '/nix/store/qbi6rzpk0bxjw8lw6azn2mc7ynnn455q-cowsay-3.03+dfsg1-16' to '/nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16' We can then copy the resulting closure to another store without signatures: $ nix copy --trusted-public-keys '' ---to ~/my-nix /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 In order to support self-references in content-addressable paths, these paths are hashed "modulo" self-references, meaning that self-references are zeroed out during hashing. Somewhat annoyingly, this means that the NAR hash stored in the Nix database is no longer necessarily equal to the output of "nix hash-path"; for content-addressable paths, you need to pass the --modulo flag: $ nix path-info --json /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 | jq -r .[].narHash sha256:0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 1ggznh07khq0hz6id09pqws3a8q9pn03ya3c03nwck1kwq8rclzs $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 --modulo iq6g2x4q62xp7y7493bibx0qn5w7xz67 0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw
2018-12-13Support SRI hashesEelco Dolstra
SRI hashes (https://www.w3.org/TR/SRI/) combine the hash algorithm and a base-64 hash. This allows more concise and standard hash specifications. For example, instead of import <nix/fetchurl.nl> { url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz; sha256 = "5d22dad058d5c800d65a115f919da22938c50dd6ba98c5e3a183172d149840a4"; }; you can write import <nix/fetchurl.nl> { url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz; hash = "sha256-XSLa0FjVyADWWhFfkZ2iKTjFDda6mMXjoYMXLRSYQKQ="; }; In fixed-output derivations, the outputHashAlgo is no longer mandatory if outputHash specifies the hash (either as an SRI or in the old "<type>:<hash>" format). 'nix hash-{file,path}' now print hashes in SRI format by default. I also reverted them to use SHA-256 by default because that's what we're using most of the time in Nixpkgs. Suggested by @zimbatm.
2017-10-30builtins.fetchgit: Support importing a working treeEelco Dolstra
For example, you can write src = fetchgit ./.; and if ./. refers to an unclean working tree, that tree will be copied to the Nix store. This removes the need for "cleanSource".
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-04Support base-64 hashesEelco Dolstra
Also simplify the Hash API. Fixes #1437.
2016-04-20Cache path info lookups in SQLiteEelco Dolstra
This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-01-27Define HashType's size to allow it to be forward-declaredEelco Dolstra
2016-01-27Make hashLength32() a method of HashEelco Dolstra
2015-11-04Support SHA-512 hashesEelco Dolstra
Fixes #679. Note: on x86_64, SHA-512 is considerably faster than SHA-256 (198 MB/s versus 131 MB/s).
2012-10-23If hashes do not match, print them in base-32 for SHA-1/SHA-256Eelco Dolstra
Fixes #57.
2012-07-18Use "#pragma once" to prevent repeated header file inclusionEelco Dolstra
2011-12-15* Refactoring: move sink/source buffering into separate classes.Eelco Dolstra
* Buffer the HashSink. This speeds up hashing a bit because it prevents lots of calls to the hash update functions (e.g. nix-hash went from 9.3s to 8.7s of user time on the closure of my /var/run/current-system).
2011-12-02* Move parseHash16or32 into libutil, and use in nix-hash.Eelco Dolstra
2010-11-16* Store the size of a store path in the database (to be precise, theEelco Dolstra
size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-03-09* In `nix-store --export', abort if the contents of a path hasEelco Dolstra
changed. This prevents corrupt paths from spreading to other machines. Note that checking the hash is cheap because we're hashing anyway (because of the --sign feature).
2008-12-03* Pass HashType values instead of strings.Eelco Dolstra
2008-05-21* GCC 4.3.0 (Fedora 9) compatibility fixes. Reported by Gour andEelco Dolstra
Armijn Hemel.
2007-02-21* `nix-store --export --sign': sign the Nix archive using the RSA keyEelco Dolstra
in /nix/etc/nix/signing-key.sec
2006-12-12* New primop builtins.filterSource, which can be used to filter filesEelco Dolstra
from a source directory. All files for which a predicate function returns true are copied to the store. Typical example is to leave out the .svn directory: stdenv.mkDerivation { ... src = builtins.filterSource (path: baseNameOf (toString path) != ".svn") ./source-dir; # as opposed to # src = ./source-dir; } This is important because the .svn directory influences the hash in a rather unpredictable and variable way.
2006-09-20* Print a better error message for wrong hashes (NIX-49).Eelco Dolstra
2006-09-04* Use a proper namespace.Eelco Dolstra
* Optimise header file usage a bit. * Compile the parser as C++.
2006-02-01* bsdiff updated to 4.3. This makes Nix depend on libbz2.Eelco Dolstra
2005-11-16* Did something useful while waiting at IAD: reference scanning is nowEelco Dolstra
much faster.
2005-01-17* Removed the `id' attribute hack.Eelco Dolstra
* Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.)
2005-01-14* Shorten SHA-256 hashes used in store path name generation to 160Eelco Dolstra
bits, then encode them in a radix-32 representation (using digits and letters except e, o, u, and t). This produces store paths like /nix/store/4i0zb0z7f88mwghjirkz702a71dcfivn-aterm-2.3.1. The nice thing about this is that the hash part of the file name is still 32 characters, as before with MD5. (Of course, shortening SHA-256 to 160 bits makes it no better than SHA-160 in theory, but hopefully it's a bit more resistant to attacks; it's certainly a lot slower.)
2005-01-14* Start move towards SHA-256 hashes instead of MD5.Eelco Dolstra
* Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14* Add SHA-256.Eelco Dolstra
* Tests for the various hashes.
2005-01-13* Added SHA-1 support. `nix-hash' now has an option `--type sha1' toEelco Dolstra
select SHA-1 hashing.
2005-01-13* Refactoring to support SHA-1.Eelco Dolstra
2003-11-18* Source tree refactoring.Eelco Dolstra