diff options
Diffstat (limited to 'pkgs/build-support/node/fetch-npm-deps/src')
4 files changed, 28 insertions, 11 deletions
diff --git a/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs b/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs index c49c094b85c68..403c909dee115 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/cacache.rs @@ -1,4 +1,4 @@ -use base64::prelude::{Engine, BASE64_STANDARD}; +use data_encoding::BASE64; use digest::{Digest, Update}; use serde::{Deserialize, Serialize}; use sha1::Sha1; @@ -11,6 +11,7 @@ use std::{ }; use url::Url; +#[allow(clippy::struct_field_names)] #[derive(Serialize, Deserialize)] pub(super) struct Key { pub(super) key: String, @@ -59,16 +60,18 @@ impl Cache { integrity: Option<String>, ) -> anyhow::Result<()> { let (algo, hash, integrity) = if let Some(integrity) = integrity { - let (algo, hash) = integrity.split_once('-').unwrap(); + let (algo, hash) = integrity + .split_once('-') + .expect("hash should be SRI format"); - (algo.to_string(), BASE64_STANDARD.decode(hash)?, integrity) + (algo.to_string(), BASE64.decode(hash.as_bytes())?, integrity) } else { let hash = Sha512::new().chain(data).finalize(); ( String::from("sha512"), hash.to_vec(), - format!("sha512-{}", BASE64_STANDARD.encode(hash)), + format!("sha512-{}", BASE64.encode(&hash)), ) }; diff --git a/pkgs/build-support/node/fetch-npm-deps/src/main.rs b/pkgs/build-support/node/fetch-npm-deps/src/main.rs index dc20c72970491..cb06d32600e8c 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/main.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/main.rs @@ -8,7 +8,7 @@ use std::{ collections::HashMap, env, fs, path::{Path, PathBuf}, - process::{self, Command}, + process, }; use tempfile::tempdir; use url::Url; @@ -266,10 +266,7 @@ fn main() -> anyhow::Result<()> { fs::write(out.join("package-lock.json"), lock_content)?; if print_hash { - Command::new("nix") - .args(["--experimental-features", "nix-command", "hash", "path"]) - .arg(out.as_os_str()) - .status()?; + println!("{}", util::make_sri_hash(out)?); } Ok(()) diff --git a/pkgs/build-support/node/fetch-npm-deps/src/parse/lock.rs b/pkgs/build-support/node/fetch-npm-deps/src/parse/lock.rs index c6e77153a0b80..49bba8780c979 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/parse/lock.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/parse/lock.rs @@ -179,7 +179,7 @@ impl fmt::Display for Hash { } } -#[allow(clippy::incorrect_partial_ord_impl_on_ord_type)] +#[allow(clippy::non_canonical_partial_ord_impl)] impl PartialOrd for Hash { fn partial_cmp(&self, other: &Hash) -> Option<Ordering> { let lhs = self.0.split_once('-')?.0; diff --git a/pkgs/build-support/node/fetch-npm-deps/src/util.rs b/pkgs/build-support/node/fetch-npm-deps/src/util.rs index 7dd928fdc43fa..023ba56793b90 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/util.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/util.rs @@ -1,10 +1,18 @@ use backoff::{retry, ExponentialBackoff}; +use data_encoding::BASE64; +use digest::Digest; use isahc::{ config::{CaCertificate, Configurable, RedirectPolicy, SslOption}, Body, Request, RequestExt, }; +use nix_nar::{Encoder, NarError}; use serde_json::{Map, Value}; -use std::{env, io::Read, path::Path}; +use sha2::Sha256; +use std::{ + env, + io::{self, Read}, + path::Path, +}; use url::Url; pub fn get_url(url: &Url) -> Result<Body, isahc::Error> { @@ -64,3 +72,12 @@ pub fn get_url_body_with_retry(url: &Url) -> Result<Vec<u8>, isahc::Error> { } => err, }) } + +pub fn make_sri_hash(path: &Path) -> Result<String, NarError> { + let mut encoder = Encoder::new(path)?; + let mut hasher = Sha256::new(); + + io::copy(&mut encoder, &mut hasher)?; + + Ok(format!("sha256-{}", BASE64.encode(&hasher.finalize()))) +} |