[PATCH 0/4] Add daemon support for SHA3 and BLAKE2s

  • Done
  • quality assurance status badge
Details
One participant
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
L
L
Ludovic Courtès wrote on 23 Jun 2020 17:36
(address . guix-patches@gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20200623153633.15346-1-ludo@gnu.org
Hello!

This is a followup to:


This patch series adds daemon support for a few more cryptographic
hash functions, for use by fixed-output derivations (origins) and
the likes. We should wait for a year or so before using those
algorithms in package definitions so we can assume that the new
daemon is widespread.

Note that there are still places where SHA256 is hard-coded.
For instance, the ‘query-path-hash’ RPC always returns a SHA256
hash. Internally, the ‘ValidPaths’ table of the database can
store any hash, but in practice it only ever contains a SHA256
hash (see ‘LocalStore::addValidPath’ and (guix store database)).

Feedback welcome!

Ludo’.

Ludovic Courtès (4):
daemon: Map directly to gcrypt hash functions.
daemon: Remove OpenSSL hash compatibility wrappers.
daemon: Recognize SHA3 and BLAKE2s.
packages: Recognize SHA3 and BLAKE2s for 'content-hash'.

guix/packages.scm | 5 ++-
nix/libutil/gcrypt-hash.cc | 51 -----------------------------
nix/libutil/gcrypt-hash.hh | 50 ----------------------------
nix/libutil/hash.cc | 67 +++++++++++++++++++-------------------
nix/libutil/hash.hh | 20 +++++++-----
nix/libutil/md5.h | 35 --------------------
nix/libutil/sha1.h | 35 --------------------
nix/libutil/sha256.h | 35 --------------------
nix/libutil/sha512.h | 35 --------------------
nix/local.mk | 12 ++-----
tests/packages.scm | 26 +++++++++++++++
tests/store.scm | 4 +--
12 files changed, 80 insertions(+), 295 deletions(-)
delete mode 100644 nix/libutil/gcrypt-hash.cc
delete mode 100644 nix/libutil/gcrypt-hash.hh
delete mode 100644 nix/libutil/md5.h
delete mode 100644 nix/libutil/sha1.h
delete mode 100644 nix/libutil/sha256.h
delete mode 100644 nix/libutil/sha512.h

--
2.26.2
L
L
Ludovic Courtès wrote on 23 Jun 2020 17:55
[PATCH 1/4] daemon: Map directly to gcrypt hash functions.
(address . 42020@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20200623155547.15886-1-ludo@gnu.org
* nix/libutil/hash.hh (HashType): Map directly to GCRY_MD_ values.
(md5HashSize, sha1HashSize, sha256HashSize, sha512HashSize): Remove.
* nix/libutil/hash.cc (Hash::Hash): Use 'gcry_md_get_algo_dlen'.
---
nix/libutil/hash.cc | 8 +++-----
nix/libutil/hash.hh | 17 +++++++++--------
2 files changed, 12 insertions(+), 13 deletions(-)

Toggle diff (57 lines)
diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index ea69aa64f9..251f18f60e 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -38,11 +38,9 @@ Hash::Hash()
Hash::Hash(HashType type)
{
this->type = type;
- if (type == htMD5) hashSize = md5HashSize;
- else if (type == htSHA1) hashSize = sha1HashSize;
- else if (type == htSHA256) hashSize = sha256HashSize;
- else if (type == htSHA512) hashSize = sha512HashSize;
- else throw Error("unknown hash type");
+ hashSize = gcry_md_get_algo_dlen(type);
+
+ if (hashSize == 0) throw Error("unknown hash type");
assert(hashSize <= maxHashSize);
memset(hash, 0, maxHashSize);
}
diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh
index 6b5e47cd8a..7357a34e1d 100644
--- a/nix/libutil/hash.hh
+++ b/nix/libutil/hash.hh
@@ -1,5 +1,7 @@
#pragma once
+#include <gcrypt.h>
+
#include "types.hh"
#include "serialise.hh"
@@ -7,16 +9,15 @@
namespace nix {
-typedef enum { htUnknown, htMD5, htSHA1, htSHA256, htSHA512 } HashType;
-
-
-const int md5HashSize = 16;
-const int sha1HashSize = 20;
-const int sha256HashSize = 32;
-const int sha512HashSize = 64;
-
extern const string base32Chars;
+typedef enum {
+ htUnknown = 0,
+ htMD5 = GCRY_MD_MD5,
+ htSHA1 = GCRY_MD_SHA1,
+ htSHA256 = GCRY_MD_SHA256,
+ htSHA512 = GCRY_MD_SHA512
+} HashType;
struct Hash
{
--
2.26.2
L
L
Ludovic Courtès wrote on 23 Jun 2020 17:55
[PATCH 3/4] daemon: Recognize SHA3 and BLAKE2s.
(address . 42020@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20200623155547.15886-3-ludo@gnu.org
* nix/libutil/hash.hh (HashType): Add htSHA3_256, htSHA3_512, and
htBLAKE2s_256.
* nix/libutil/hash.cc (parseHashType, printHashType): Recognize them.
* tests/store.scm ("add-to-store"): Test these algorithms.
---
nix/libutil/hash.cc | 6 ++++++
nix/libutil/hash.hh | 5 ++++-
tests/store.scm | 4 ++--
3 files changed, 12 insertions(+), 3 deletions(-)

Toggle diff (64 lines)
diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index 20d2e4b724..7853acdd49 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -321,6 +321,9 @@ HashType parseHashType(const string & s)
else if (s == "sha1") return htSHA1;
else if (s == "sha256") return htSHA256;
else if (s == "sha512") return htSHA512;
+ else if (s == "sha3-256") return htSHA3_256;
+ else if (s == "sha3-512") return htSHA3_512;
+ else if (s == "blake2s-256") return htBLAKE2s_256;
else return htUnknown;
}
@@ -331,6 +334,9 @@ string printHashType(HashType ht)
else if (ht == htSHA1) return "sha1";
else if (ht == htSHA256) return "sha256";
else if (ht == htSHA512) return "sha512";
+ else if (ht == htSHA3_256) return "sha3-256";
+ else if (ht == htSHA3_512) return "sha3-512";
+ else if (ht == htBLAKE2s_256) return "blake2s-256";
else throw Error("cannot print unknown hash type");
}
diff --git a/nix/libutil/hash.hh b/nix/libutil/hash.hh
index 7357a34e1d..ac58651a02 100644
--- a/nix/libutil/hash.hh
+++ b/nix/libutil/hash.hh
@@ -16,7 +16,10 @@ typedef enum {
htMD5 = GCRY_MD_MD5,
htSHA1 = GCRY_MD_SHA1,
htSHA256 = GCRY_MD_SHA256,
- htSHA512 = GCRY_MD_SHA512
+ htSHA512 = GCRY_MD_SHA512,
+ htSHA3_256 = GCRY_MD_SHA3_256,
+ htSHA3_512 = GCRY_MD_SHA3_512,
+ htBLAKE2s_256 = GCRY_MD_BLAKE2S_256
} HashType;
struct Hash
diff --git a/tests/store.scm b/tests/store.scm
index 06f7939657..ee3e01f33b 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -116,7 +116,7 @@
(list (stat:uid s) (stat:perms s))))
(test-equal "add-to-store"
- '("sha1" "sha256" "sha512")
+ '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256")
(let* ((file (search-path %load-path "guix.scm"))
(content (call-with-input-file file get-bytevector-all)))
(map (lambda (hash-algo)
@@ -125,7 +125,7 @@
(bytevector=? (call-with-input-file file get-bytevector-all)
content)
hash-algo)))
- '("sha1" "sha256" "sha512"))))
+ '("sha1" "sha256" "sha512" "sha3-256" "sha3-512" "blake2s-256"))))
(test-equal "add-data-to-store"
#vu8(1 2 3 4 5)
--
2.26.2
L
L
Ludovic Courtès wrote on 23 Jun 2020 17:55
[PATCH 2/4] daemon: Remove OpenSSL hash compatibility wrappers.
(address . 42020@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20200623155547.15886-2-ludo@gnu.org
* nix/libutil/hash.cc (struct Ctx): Copy from gcrypt-hash.hh.
(start, update, finish): Use gcrypt functions directly instead of
OpenSSL-like wrappers.
* nix/libutil/gcrypt-hash.cc, nix/libutil/gcrypt-hash.hh,
nix/libutil/md5.h, nix/libutil/sha1.h, nix/libutil/sha256.h,
nix/libutil/sha512.h: Remove.
* nix/local.mk (libutil_a_SOURCES, libutil_headers): Adjust
accordingly.
---
nix/libutil/gcrypt-hash.cc | 51 ------------------------------------
nix/libutil/gcrypt-hash.hh | 50 -----------------------------------
nix/libutil/hash.cc | 53 +++++++++++++++++---------------------
nix/libutil/md5.h | 35 -------------------------
nix/libutil/sha1.h | 35 -------------------------
nix/libutil/sha256.h | 35 -------------------------
nix/libutil/sha512.h | 35 -------------------------
nix/local.mk | 12 +++------
8 files changed, 27 insertions(+), 279 deletions(-)
delete mode 100644 nix/libutil/gcrypt-hash.cc
delete mode 100644 nix/libutil/gcrypt-hash.hh
delete mode 100644 nix/libutil/md5.h
delete mode 100644 nix/libutil/sha1.h
delete mode 100644 nix/libutil/sha256.h
delete mode 100644 nix/libutil/sha512.h

Toggle diff (403 lines)
diff --git a/nix/libutil/gcrypt-hash.cc b/nix/libutil/gcrypt-hash.cc
deleted file mode 100644
index c4ae7bfcc2..0000000000
--- a/nix/libutil/gcrypt-hash.cc
+++ /dev/null
@@ -1,51 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2013 Ludovic Courtès <ludo@gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <config.h>
-
-#include <gcrypt-hash.hh>
-#include <assert.h>
-
-extern "C" {
-
-void
-guix_hash_init (struct guix_hash_context *ctx, int algo)
-{
- gcry_error_t err;
-
- err = gcry_md_open (&ctx->md_handle, algo, 0);
- assert (err == GPG_ERR_NO_ERROR);
-}
-
-void
-guix_hash_update (struct guix_hash_context *ctx, const void *buffer, size_t len)
-{
- gcry_md_write (ctx->md_handle, buffer, len);
-}
-
-void
-guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
- int algo)
-{
- memcpy (resbuf, gcry_md_read (ctx->md_handle, algo),
- gcry_md_get_algo_dlen (algo));
- gcry_md_close (ctx->md_handle);
- ctx->md_handle = NULL;
-}
-
-}
diff --git a/nix/libutil/gcrypt-hash.hh b/nix/libutil/gcrypt-hash.hh
deleted file mode 100644
index 11f061159f..0000000000
--- a/nix/libutil/gcrypt-hash.hh
+++ /dev/null
@@ -1,50 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2013 Ludovic Courtès <ludo@gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-/* An OpenSSL-like interface to GNU libgcrypt cryptographic hash
- functions. */
-
-#pragma once
-#include <gcrypt.h>
-#include <unistd.h>
-
-struct guix_hash_context
-{
- /* This copy constructor is needed in 'HashSink::currentHash()' where we
- expect the copy of a 'Ctx' object to yield a truly different context. */
- guix_hash_context (guix_hash_context &ref)
- {
- if (ref.md_handle == NULL)
- md_handle = NULL;
- else
- gcry_md_copy (&md_handle, ref.md_handle);
- }
-
- /* Make sure 'md_handle' is always initialized. */
- guix_hash_context (): md_handle (NULL) { };
-
- gcry_md_hd_t md_handle;
-};
-
-extern "C" {
-extern void guix_hash_init (struct guix_hash_context *ctx, int algo);
-extern void guix_hash_update (struct guix_hash_context *ctx, const void *buffer,
- size_t len);
-extern void guix_hash_final (void *resbuf, struct guix_hash_context *ctx,
- int algo);
-}
diff --git a/nix/libutil/hash.cc b/nix/libutil/hash.cc
index 251f18f60e..20d2e4b724 100644
--- a/nix/libutil/hash.cc
+++ b/nix/libutil/hash.cc
@@ -3,18 +3,6 @@
#include <iostream>
#include <cstring>
-#ifdef HAVE_OPENSSL
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#else
-extern "C" {
-#include "md5.h"
-#include "sha1.h"
-#include "sha256.h"
-#include "sha512.h"
-}
-#endif
-
#include "hash.hh"
#include "archive.hh"
#include "util.hh"
@@ -193,41 +181,48 @@ bool isHash(const string & s)
return true;
}
-
+/* The "hash context". */
struct Ctx
{
- MD5_CTX md5;
- SHA_CTX sha1;
- SHA256_CTX sha256;
- SHA512_CTX sha512;
+ /* This copy constructor is needed in 'HashSink::currentHash()' where we
+ expect the copy of a 'Ctx' object to yield a truly different context. */
+ Ctx(Ctx &ref)
+ {
+ if (ref.md_handle == NULL)
+ md_handle = NULL;
+ else
+ gcry_md_copy (&md_handle, ref.md_handle);
+ }
+
+ /* Make sure 'md_handle' is always initialized. */
+ Ctx(): md_handle (NULL) { };
+
+ gcry_md_hd_t md_handle;
};
static void start(HashType ht, Ctx & ctx)
{
- if (ht == htMD5) MD5_Init(&ctx.md5);
- else if (ht == htSHA1) SHA1_Init(&ctx.sha1);
- else if (ht == htSHA256) SHA256_Init(&ctx.sha256);
- else if (ht == htSHA512) SHA512_Init(&ctx.sha512);
+ gcry_error_t err;
+
+ err = gcry_md_open (&ctx.md_handle, ht, 0);
+ assert (err == GPG_ERR_NO_ERROR);
}
static void update(HashType ht, Ctx & ctx,
const unsigned char * bytes, unsigned int len)
{
- if (ht == htMD5) MD5_Update(&ctx.md5, bytes, len);
- else if (ht == htSHA1) SHA1_Update(&ctx.sha1, bytes, len);
- else if (ht == htSHA256) SHA256_Update(&ctx.sha256, bytes, len);
- else if (ht == htSHA512) SHA512_Update(&ctx.sha512, bytes, len);
+ gcry_md_write (ctx.md_handle, bytes, len);
}
static void finish(HashType ht, Ctx & ctx, unsigned char * hash)
{
- if (ht == htMD5) MD5_Final(hash, &ctx.md5);
- else if (ht == htSHA1) SHA1_Final(hash, &ctx.sha1);
- else if (ht == htSHA256) SHA256_Final(hash, &ctx.sha256);
- else if (ht == htSHA512) SHA512_Final(hash, &ctx.sha512);
+ memcpy (hash, gcry_md_read (ctx.md_handle, ht),
+ gcry_md_get_algo_dlen (ht));
+ gcry_md_close (ctx.md_handle);
+ ctx.md_handle = NULL;
}
diff --git a/nix/libutil/md5.h b/nix/libutil/md5.h
deleted file mode 100644
index 4583a458b3..0000000000
--- a/nix/libutil/md5.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012 Ludovic Courtès <ludo@gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define MD5_CTX guix_hash_context
-
-static inline void
-MD5_Init (struct MD5_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_MD5);
-}
-
-#define MD5_Update guix_hash_update
-
-static inline void
-MD5_Final (void *resbuf, struct MD5_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_MD5);
-}
diff --git a/nix/libutil/sha1.h b/nix/libutil/sha1.h
deleted file mode 100644
index d2d071e058..0000000000
--- a/nix/libutil/sha1.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012 Ludovic Courtès <ludo@gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define SHA_CTX guix_hash_context
-
-static inline void
-SHA1_Init (struct SHA_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_SHA1);
-}
-
-#define SHA1_Update guix_hash_update
-
-static inline void
-SHA1_Final (void *resbuf, struct SHA_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_SHA1);
-}
diff --git a/nix/libutil/sha256.h b/nix/libutil/sha256.h
deleted file mode 100644
index ca95d7fea8..0000000000
--- a/nix/libutil/sha256.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012 Ludovic Courtès <ludo@gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define SHA256_CTX guix_hash_context
-
-static inline void
-SHA256_Init (struct SHA256_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_SHA256);
-}
-
-#define SHA256_Update guix_hash_update
-
-static inline void
-SHA256_Final (void *resbuf, struct SHA256_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_SHA256);
-}
diff --git a/nix/libutil/sha512.h b/nix/libutil/sha512.h
deleted file mode 100644
index d2abab4c5f..0000000000
--- a/nix/libutil/sha512.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2015 Ludovic Courtès <ludo@gnu.org>
-
- This file is part of GNU Guix.
-
- GNU Guix is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or (at
- your option) any later version.
-
- GNU Guix is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <gcrypt-hash.hh>
-
-#define SHA512_CTX guix_hash_context
-
-static inline void
-SHA512_Init (struct SHA512_CTX *ctx)
-{
- guix_hash_init (ctx, GCRY_MD_SHA512);
-}
-
-#define SHA512_Update guix_hash_update
-
-static inline void
-SHA512_Final (void *resbuf, struct SHA512_CTX *ctx)
-{
- guix_hash_final (resbuf, ctx, GCRY_MD_SHA512);
-}
diff --git a/nix/local.mk b/nix/local.mk
index c136fb7202..005cde5563 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -1,5 +1,5 @@
# GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
# Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
#
@@ -56,8 +56,7 @@ libutil_a_SOURCES = \
%D%/libutil/affinity.cc \
%D%/libutil/serialise.cc \
%D%/libutil/util.cc \
- %D%/libutil/hash.cc \
- %D%/libutil/gcrypt-hash.cc
+ %D%/libutil/hash.cc
libutil_headers = \
%D%/libutil/affinity.hh \
@@ -65,12 +64,7 @@ libutil_headers = \
%D%/libutil/serialise.hh \
%D%/libutil/util.hh \
%D%/libutil/archive.hh \
- %D%/libutil/types.hh \
- %D%/libutil/gcrypt-hash.hh \
- %D%/libutil/md5.h \
- %D%/libutil/sha1.h \
- %D%/libutil/sha256.h \
- %D%/libutil/sha512.h
+ %D%/libutil/types.hh
libutil_a_CPPFLAGS = \
-I$(top_builddir)/nix \
--
2.26.2
L
L
Ludovic Courtès wrote on 23 Jun 2020 17:55
[PATCH 4/4] packages: Recognize SHA3 and BLAKE2s for 'content-hash'.
(address . 42020@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20200623155547.15886-4-ludo@gnu.org
* guix/packages.scm (build-content-hash): Add 'sha3-256', 'sha3-512',
and 'blake2s-256'.
* tests/packages.scm ("package-source-derivation, origin, sha3-512"):
New test.
---
guix/packages.scm | 5 ++++-
tests/packages.scm | 26 ++++++++++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)

Toggle diff (55 lines)
diff --git a/guix/packages.scm b/guix/packages.scm
index 1e0ec41b76..68ef718872 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -191,7 +191,10 @@ its first argument has the right size for the chosen algorithm."
(define-content-hash-constructor build-content-hash
(sha256 32)
- (sha512 64))
+ (sha512 64)
+ (sha3-256 32)
+ (sha3-512 64)
+ (blake2s-256 64))
(define-syntax content-hash
(lambda (s)
diff --git a/tests/packages.scm b/tests/packages.scm
index c7b6f669b5..26377b269b 100644
--- a/tests/packages.scm
+++ b/tests/packages.scm
@@ -524,6 +524,32 @@
(build-derivations %store (list drv))
(call-with-input-file output get-string-all)))
+(test-equal "package-source-derivation, origin, sha3-512"
+ "hello, sha3"
+ (let* ((bash (search-bootstrap-binary "bash" (%current-system)))
+ (builder (add-text-to-store %store "my-fixed-builder.sh"
+ "echo -n hello, sha3 > $out" '()))
+ (method (lambda* (url hash-algo hash #:optional name
+ #:rest rest)
+ (and (eq? hash-algo 'sha3-512)
+ (raw-derivation name bash (list builder)
+ #:sources (list builder)
+ #:hash hash
+ #:hash-algo hash-algo))))
+ (source (origin
+ (method method)
+ (uri "unused://")
+ (file-name "origin-sha3")
+ (hash (content-hash
+ (gcrypt:bytevector-hash (string->utf8 "hello, sha3")
+ (gcrypt:lookup-hash-algorithm
+ 'sha3-512))
+ sha3-512))))
+ (drv (package-source-derivation %store source))
+ (output (derivation->output-path drv)))
+ (build-derivations %store (list drv))
+ (call-with-input-file output get-string-all)))
+
(unless (network-reachable?) (test-skip 1))
(test-equal "package-source-derivation, snippet"
"OK"
--
2.26.2
L
L
Ludovic Courtès wrote on 27 Jun 2020 23:44
Re: [bug#42020] [PATCH 0/4] Add daemon support for SHA3 and BLAKE2s
(address . 42020-done@debbugs.gnu.org)
87k0zsji9z.fsf@gnu.org
Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (6 lines)
> This patch series adds daemon support for a few more cryptographic
> hash functions, for use by fixed-output derivations (origins) and
> the likes. We should wait for a year or so before using those
> algorithms in package definitions so we can assume that the new
> daemon is widespread.

Pushed!

0505eda9c7 packages: Recognize SHA3 and BLAKE2s for 'content-hash'.
8e6c1415d8 daemon: Recognize SHA3 and BLAKE2s.
8dc6c38785 daemon: Remove OpenSSL hash compatibility wrappers.
3fb6b8f304 daemon: Map directly to gcrypt hash functions.

Ludo’.
Closed
?