2012-07-18 21:59:03 +03:00
|
|
|
#pragma once
|
2003-06-15 16:41:32 +03:00
|
|
|
|
2006-09-05 00:06:23 +03:00
|
|
|
#include "types.hh"
|
2007-02-21 16:31:42 +02:00
|
|
|
#include "serialise.hh"
|
2003-06-15 16:41:32 +03:00
|
|
|
|
|
|
|
|
|
2006-09-05 00:06:23 +03:00
|
|
|
namespace nix {
|
2003-06-15 16:41:32 +03:00
|
|
|
|
|
|
|
|
|
2016-04-20 15:12:38 +03:00
|
|
|
MakeError(BadHash, Error);
|
|
|
|
|
|
|
|
|
|
|
2020-03-29 01:22:10 +02:00
|
|
|
enum struct HashType : char {
|
|
|
|
|
MD5,
|
|
|
|
|
SHA1,
|
|
|
|
|
SHA256,
|
|
|
|
|
SHA512,
|
|
|
|
|
};
|
2005-01-13 17:44:44 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
const int md5HashSize = 16;
|
|
|
|
|
const int sha1HashSize = 20;
|
2005-01-14 14:03:04 +02:00
|
|
|
const int sha256HashSize = 32;
|
2015-11-04 17:31:06 +02:00
|
|
|
const int sha512HashSize = 64;
|
2005-01-13 17:44:44 +02:00
|
|
|
|
2005-11-16 10:27:06 +02:00
|
|
|
extern const string base32Chars;
|
|
|
|
|
|
2020-03-29 01:22:10 +02:00
|
|
|
enum struct Base : int {
|
|
|
|
|
Base64,
|
|
|
|
|
Base32,
|
|
|
|
|
Base16,
|
|
|
|
|
SRI,
|
|
|
|
|
};
|
2017-07-04 15:47:59 +03:00
|
|
|
|
2005-01-13 17:44:44 +02:00
|
|
|
|
2003-06-15 16:41:32 +03:00
|
|
|
struct Hash
|
|
|
|
|
{
|
2015-11-04 17:31:06 +02:00
|
|
|
static const unsigned int maxHashSize = 64;
|
2017-07-04 15:47:59 +03:00
|
|
|
unsigned int hashSize = 0;
|
|
|
|
|
unsigned char hash[maxHashSize] = {};
|
2005-01-13 17:44:44 +02:00
|
|
|
|
2020-06-02 18:52:13 +03:00
|
|
|
std::optional<HashType> type = {};
|
2003-06-15 16:41:32 +03:00
|
|
|
|
2016-04-20 15:12:38 +03:00
|
|
|
/* Create an unset hash object. */
|
2017-07-04 15:47:59 +03:00
|
|
|
Hash() { };
|
2005-01-14 18:04:03 +02:00
|
|
|
|
|
|
|
|
/* Create a zero-filled hash object. */
|
2017-07-04 15:47:59 +03:00
|
|
|
Hash(HashType type) : type(type) { init(); };
|
|
|
|
|
|
|
|
|
|
/* Initialize the hash from a string representation, in the format
|
2018-12-13 15:30:52 +02:00
|
|
|
"[<type>:]<base16|base32|base64>" or "<type>-<base64>" (a
|
|
|
|
|
Subresource Integrity hash expression). If the 'type' argument
|
2020-06-02 18:52:13 +03:00
|
|
|
is not present, then the hash type must be specified in the
|
2017-07-04 15:47:59 +03:00
|
|
|
string. */
|
2020-06-02 18:52:13 +03:00
|
|
|
Hash(const std::string & s, std::optional<HashType> type);
|
|
|
|
|
// type must be provided
|
|
|
|
|
Hash(const std::string & s, HashType type);
|
|
|
|
|
// hash type must be part of string
|
|
|
|
|
Hash(const std::string & s);
|
2017-07-04 15:47:59 +03:00
|
|
|
|
|
|
|
|
void init();
|
2003-06-16 17:19:32 +03:00
|
|
|
|
2016-04-20 15:12:38 +03:00
|
|
|
/* Check whether a hash is set. */
|
2020-06-02 18:52:13 +03:00
|
|
|
operator bool () const { return (bool) type; }
|
2016-04-20 15:12:38 +03:00
|
|
|
|
2003-06-16 17:19:32 +03:00
|
|
|
/* Check whether two hash are equal. */
|
2003-07-16 01:28:27 +03:00
|
|
|
bool operator == (const Hash & h2) const;
|
2003-06-16 17:19:32 +03:00
|
|
|
|
|
|
|
|
/* Check whether two hash are not equal. */
|
2003-07-16 01:28:27 +03:00
|
|
|
bool operator != (const Hash & h2) const;
|
2003-06-16 17:19:32 +03:00
|
|
|
|
2003-07-16 00:24:05 +03:00
|
|
|
/* For sorting. */
|
|
|
|
|
bool operator < (const Hash & h) const;
|
2016-01-27 18:18:20 +02:00
|
|
|
|
|
|
|
|
/* Returns the length of a base-16 representation of this hash. */
|
|
|
|
|
size_t base16Len() const
|
|
|
|
|
{
|
|
|
|
|
return hashSize * 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Returns the length of a base-32 representation of this hash. */
|
|
|
|
|
size_t base32Len() const
|
|
|
|
|
{
|
|
|
|
|
return (hashSize * 8 - 1) / 5 + 1;
|
|
|
|
|
}
|
2016-04-20 15:12:38 +03:00
|
|
|
|
2017-07-04 15:47:59 +03:00
|
|
|
/* Returns the length of a base-64 representation of this hash. */
|
|
|
|
|
size_t base64Len() const
|
|
|
|
|
{
|
|
|
|
|
return ((4 * hashSize / 3) + 3) & ~3;
|
|
|
|
|
}
|
2016-04-20 15:12:38 +03:00
|
|
|
|
2017-07-04 15:47:59 +03:00
|
|
|
/* Return a string representation of the hash, in base-16, base-32
|
|
|
|
|
or base-64. By default, this is prefixed by the hash type
|
|
|
|
|
(e.g. "sha256:"). */
|
2020-03-29 01:22:10 +02:00
|
|
|
std::string to_string(Base base = Base::Base32, bool includeType = true) const;
|
2020-03-24 15:26:13 +02:00
|
|
|
|
|
|
|
|
std::string gitRev() const
|
|
|
|
|
{
|
2020-03-29 01:22:10 +02:00
|
|
|
assert(type == HashType::SHA1);
|
|
|
|
|
return to_string(Base::Base16, false);
|
2020-03-24 15:26:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::string gitShortRev() const
|
|
|
|
|
{
|
2020-03-29 01:22:10 +02:00
|
|
|
assert(type == HashType::SHA1);
|
|
|
|
|
return std::string(to_string(Base::Base16, false), 0, 7);
|
2020-03-24 15:26:13 +02:00
|
|
|
}
|
2017-07-04 15:47:59 +03:00
|
|
|
};
|
2005-01-14 18:04:03 +02:00
|
|
|
|
|
|
|
|
|
2012-10-23 19:05:50 +03:00
|
|
|
/* Print a hash in base-16 if it's MD5, or base-32 otherwise. */
|
|
|
|
|
string printHash16or32(const Hash & hash);
|
|
|
|
|
|
2003-06-16 17:19:32 +03:00
|
|
|
/* Compute the hash of the given string. */
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 18:55:19 +02:00
|
|
|
Hash hashString(HashType ht, const string & s);
|
2003-06-16 17:19:32 +03:00
|
|
|
|
|
|
|
|
/* Compute the hash of the given file. */
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 18:55:19 +02:00
|
|
|
Hash hashFile(HashType ht, const Path & path);
|
2003-06-15 16:41:32 +03:00
|
|
|
|
2003-06-16 17:19:32 +03:00
|
|
|
/* Compute the hash of the given path. The hash is defined as
|
2006-02-01 18:48:49 +02:00
|
|
|
(essentially) hashString(ht, dumpPath(path)). */
|
2010-11-16 19:11:46 +02:00
|
|
|
typedef std::pair<Hash, unsigned long long> HashResult;
|
|
|
|
|
HashResult hashPath(HashType ht, const Path & path,
|
2006-12-13 01:05:01 +02:00
|
|
|
PathFilter & filter = defaultPathFilter);
|
2003-06-16 18:59:23 +03:00
|
|
|
|
2005-01-14 18:04:03 +02:00
|
|
|
/* Compress a hash to the specified number of bytes by cyclically
|
|
|
|
|
XORing bytes together. */
|
|
|
|
|
Hash compressHash(const Hash & hash, unsigned int newSize);
|
|
|
|
|
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 18:55:19 +02:00
|
|
|
/* Parse a string representing a hash type. */
|
|
|
|
|
HashType parseHashType(const string & s);
|
2020-06-02 18:52:13 +03:00
|
|
|
/* Will return nothing on parse error */
|
|
|
|
|
std::optional<HashType> parseHashTypeOpt(const string & s);
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 18:55:19 +02:00
|
|
|
|
2008-12-03 18:10:17 +02:00
|
|
|
/* And the reverse. */
|
|
|
|
|
string printHashType(HashType ht);
|
|
|
|
|
|
2007-02-21 16:31:42 +02:00
|
|
|
|
2008-05-21 14:17:31 +03:00
|
|
|
union Ctx;
|
2007-02-21 16:31:42 +02:00
|
|
|
|
2018-03-30 01:56:13 +03:00
|
|
|
struct AbstractHashSink : virtual Sink
|
|
|
|
|
{
|
|
|
|
|
virtual HashResult finish() = 0;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
class HashSink : public BufferedSink, public AbstractHashSink
|
2007-02-21 16:31:42 +02:00
|
|
|
{
|
|
|
|
|
private:
|
|
|
|
|
HashType ht;
|
|
|
|
|
Ctx * ctx;
|
2010-11-16 19:11:46 +02:00
|
|
|
unsigned long long bytes;
|
2007-02-21 16:31:42 +02:00
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
HashSink(HashType ht);
|
2010-03-09 16:32:03 +02:00
|
|
|
HashSink(const HashSink & h);
|
2007-02-21 16:31:42 +02:00
|
|
|
~HashSink();
|
2018-03-30 01:56:13 +03:00
|
|
|
void write(const unsigned char * data, size_t len) override;
|
|
|
|
|
HashResult finish() override;
|
2011-12-15 18:19:53 +02:00
|
|
|
HashResult currentHash();
|
2007-02-21 16:31:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2006-09-05 00:06:23 +03:00
|
|
|
}
|