From 6b2889e87aaf68240d6d78c00b136f570c7319df Mon Sep 17 00:00:00 2001 From: nicoo Date: Fri, 15 Sep 2023 13:41:25 +0000 Subject: [PATCH 1/3] maintainers/scripts/sha256-to-SRI.py: rename to sha-to-sri.py Add support for `sha512`, refactor to easily add hash functions in the future. Also, skip autogenerated files. --- maintainers/scripts/sha-to-sri.py | 228 +++++++++++++++++++++++++++ maintainers/scripts/sha256-to-SRI.py | 149 ----------------- 2 files changed, 228 insertions(+), 149 deletions(-) create mode 100755 maintainers/scripts/sha-to-sri.py delete mode 100755 maintainers/scripts/sha256-to-SRI.py diff --git a/maintainers/scripts/sha-to-sri.py b/maintainers/scripts/sha-to-sri.py new file mode 100755 index 000000000000..1af7ff215ad3 --- /dev/null +++ b/maintainers/scripts/sha-to-sri.py @@ -0,0 +1,228 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i "python3 -I" -p "python3.withPackages(p: with p; [ rich structlog ])" + +from abc import ABC, abstractclassmethod, abstractmethod +from contextlib import contextmanager +from pathlib import Path +from structlog.contextvars import bound_contextvars as log_context +from typing import ClassVar, List, Tuple + +import hashlib, re, structlog + + +logger = structlog.getLogger("sha-to-SRI") + + +class Encoding(ABC): + alphabet: ClassVar[str] + + @classmethod + @property + def name(cls) -> str: + return cls.__name__.lower() + + def toSRI(self, s: str) -> str: + digest = self.decode(s) + assert len(digest) == self.n + + from base64 import b64encode + return f"{self.hashName}-{b64encode(digest).decode()}" + + @classmethod + def all(cls, h) -> 'List[Encoding]': + return [ c(h) for c in cls.__subclasses__() ] + + def __init__(self, h): + self.n = h.digest_size + self.hashName = h.name + + @property + @abstractmethod + def length(self) -> int: + ... + + @property + def regex(self) -> str: + return f"[{self.alphabet}]{{{self.length}}}" + + @abstractmethod + def decode(self, s: str) -> bytes: + ... + + +class Nix32(Encoding): + alphabet = "0123456789abcdfghijklmnpqrsvwxyz" + inverted = { c: i for i, c in enumerate(alphabet) } + + @property + def length(self): + return 1 + (8 * self.n) // 5 + def decode(self, s: str): + assert len(s) == self.length + out = [ 0 for _ in range(self.n) ] + # TODO: Do better than a list of byte-sized ints + + for n, c in enumerate(reversed(s)): + digit = self.inverted[c] + i, j = divmod(5 * n, 8) + out[i] = out[i] | (digit << j) & 0xff + rem = digit >> (8 - j) + if rem == 0: + continue + elif i < self.n: + out[i+1] = rem + else: + raise ValueError(f"Invalid nix32 hash: '{s}'") + + return bytes(out) + +class Hex(Encoding): + alphabet = "0-9A-Fa-f" + + @property + def length(self): + return 2 * self.n + def decode(self, s: str): + from binascii import unhexlify + return unhexlify(s) + +class Base64(Encoding): + alphabet = "A-Za-z0-9+/" + + @property + def format(self) -> Tuple[int, int]: + """Number of characters in data and padding.""" + i, k = divmod(self.n, 3) + return 4 * i + (0 if k == 0 else k + 1), (3 - k) % 3 + @property + def length(self): + return sum(self.format) + @property + def regex(self): + data, padding = self.format + return f"[{self.alphabet}]{{{data}}}={{{padding}}}" + def decode(self, s): + from base64 import b64decode + return b64decode(s, validate = True) + + +_HASHES = (hashlib.new(n) for n in ('SHA-256', 'SHA-512')) +ENCODINGS = { + h.name: Encoding.all(h) + for h in _HASHES +} + +RE = { + h: "|".join( + (f"({h}-)?" if e.name == 'base64' else '') + + f"(?P<{h}_{e.name}>{e.regex})" + for e in encodings + ) for h, encodings in ENCODINGS.items() +} + +_DEF_RE = re.compile("|".join( + f"(?P<{h}>{h} = (?P<{h}_quote>['\"])({re})(?P={h}_quote);)" + for h, re in RE.items() +)) + + +def defToSRI(s: str) -> str: + def f(m: re.Match[str]) -> str: + try: + for h, encodings in ENCODINGS.items(): + if m.group(h) is None: + continue + + for e in encodings: + s = m.group(f"{h}_{e.name}") + if s is not None: + return f'hash = "{e.toSRI(s)}";' + + raise ValueError(f"Match with '{h}' but no subgroup") + raise ValueError("Match with no hash") + + except ValueError as exn: + logger.error( + "Skipping", + exc_info = exn, + ) + return m.group() + + return _DEF_RE.sub(f, s) + + +@contextmanager +def atomicFileUpdate(target: Path): + '''Atomically replace the contents of a file. + + Guarantees that no temporary files are left behind, and `target` is either + left untouched, or overwritten with new content if no exception was raised. + + Yields a pair `(original, new)` of open files. + `original` is the pre-existing file at `target`, open for reading; + `new` is an empty, temporary file in the same filder, open for writing. + + Upon exiting the context, the files are closed; if no exception was + raised, `new` (atomically) replaces the `target`, otherwise it is deleted. + ''' + # That's mostly copied from noto-emoji.py, should DRY it out + from tempfile import mkstemp + fd, _p = mkstemp( + dir = target.parent, + prefix = target.name, + ) + tmpPath = Path(_p) + + try: + with target.open() as original: + with tmpPath.open('w') as new: + yield (original, new) + + tmpPath.replace(target) + + except Exception: + tmpPath.unlink(missing_ok = True) + raise + + +def fileToSRI(p: Path): + with atomicFileUpdate(p) as (og, new): + for i, line in enumerate(og): + with log_context(line=i): + new.write(defToSRI(line)) + + +_SKIP_RE = re.compile( + "(generated by)|(do not edit)", + re.IGNORECASE +) + +if __name__ == "__main__": + from sys import argv, stderr + logger.info("Starting!") + + for arg in argv[1:]: + p = Path(arg) + with log_context(path=str(p)): + try: + if p.name == "yarn.nix" or p.name.find("generated") != -1: + logger.warning("File looks autogenerated, skipping!") + continue + + with p.open() as f: + for line in f: + if line.strip(): + break + + if _SKIP_RE.search(line): + logger.warning("File looks autogenerated, skipping!") + continue + + fileToSRI(p) + except Exception as exn: + logger.error( + "Unhandled exception, skipping file!", + exc_info = exn, + ) + else: + logger.info("Finished processing file") diff --git a/maintainers/scripts/sha256-to-SRI.py b/maintainers/scripts/sha256-to-SRI.py deleted file mode 100755 index dcacb4c58044..000000000000 --- a/maintainers/scripts/sha256-to-SRI.py +++ /dev/null @@ -1,149 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i "python3 -I" -p "python3.withPackages(p: with p; [ rich structlog ])" - -from contextlib import contextmanager -from pathlib import Path -from structlog.contextvars import bound_contextvars as log_context - -import re, structlog - - -logger = structlog.getLogger("sha256-to-SRI") - - -nix32alphabet = "0123456789abcdfghijklmnpqrsvwxyz" -nix32inverted = { c: i for i, c in enumerate(nix32alphabet) } - -def nix32decode(s: str) -> bytes: - # only support sha256 hashes for now - assert len(s) == 52 - out = [ 0 for _ in range(32) ] - # TODO: Do better than a list of byte-sized ints - - for n, c in enumerate(reversed(s)): - digit = nix32inverted[c] - i, j = divmod(5 * n, 8) - out[i] = out[i] | (digit << j) & 0xff - rem = digit >> (8 - j) - if rem == 0: - continue - elif i < 31: - out[i+1] = rem - else: - raise ValueError(f"Invalid nix32 hash: '{s}'") - - return bytes(out) - - -def toSRI(digest: bytes) -> str: - from base64 import b64encode - assert len(digest) == 32 - return f"sha256-{b64encode(digest).decode()}" - - -RE = { - 'nix32': f"[{nix32alphabet}]" "{52}", - 'hex': "[0-9A-Fa-f]{64}", - 'base64': "[A-Za-z0-9+/]{43}=", -} -RE['sha256'] = '|'.join( - f"{'(sha256-)?' if name == 'base64' else ''}" - f"(?P<{name}>{r})" - for name, r in RE.items() -) - -def sha256toSRI(m: re.Match) -> str: - """Produce the equivalent SRI string for any match of RE['sha256']""" - if m['nix32'] is not None: - return toSRI(nix32decode(m['nix32'])) - if m['hex'] is not None: - from binascii import unhexlify - return toSRI(unhexlify(m['hex'])) - if m['base64'] is not None: - from base64 import b64decode - return toSRI(b64decode(m['base64'])) - - raise ValueError("Got a match where none of the groups captured") - - -# Ohno I used evil, irregular backrefs instead of making 2 variants ^^' -_def_re = re.compile( - "sha256 = (?P[\"'])" - f"({RE['sha256']})" - "(?P=quote);" -) - -def defToSRI(s: str) -> str: - def f(m: re.Match[str]) -> str: - try: - return f'hash = "{sha256toSRI(m)}";' - - except ValueError as exn: - begin, end = m.span() - match = m.string[begin:end] - - logger.error( - "Skipping", - exc_info = exn, - ) - return match - - return _def_re.sub(f, s) - - -@contextmanager -def atomicFileUpdate(target: Path): - '''Atomically replace the contents of a file. - - Guarantees that no temporary files are left behind, and `target` is either - left untouched, or overwritten with new content if no exception was raised. - - Yields a pair `(original, new)` of open files. - `original` is the pre-existing file at `target`, open for reading; - `new` is an empty, temporary file in the same filder, open for writing. - - Upon exiting the context, the files are closed; if no exception was - raised, `new` (atomically) replaces the `target`, otherwise it is deleted. - ''' - # That's mostly copied from noto-emoji.py, should DRY it out - from tempfile import mkstemp - fd, _p = mkstemp( - dir = target.parent, - prefix = target.name, - ) - tmpPath = Path(_p) - - try: - with target.open() as original: - with tmpPath.open('w') as new: - yield (original, new) - - tmpPath.replace(target) - - except Exception: - tmpPath.unlink(missing_ok = True) - raise - - -def fileToSRI(p: Path): - with atomicFileUpdate(p) as (og, new): - for i, line in enumerate(og): - with log_context(line=i): - new.write(defToSRI(line)) - - -if __name__ == "__main__": - from sys import argv, stderr - - for arg in argv[1:]: - p = Path(arg) - with log_context(path=str(p)): - try: - fileToSRI(p) - except Exception as exn: - logger.error( - "Unhandled exception, skipping file!", - exc_info = exn, - ) - else: - logger.info("Finished processing file") From a6530e859b50c2881bef1008d8bb41a6abf12eb7 Mon Sep 17 00:00:00 2001 From: nicoo Date: Fri, 15 Sep 2023 16:26:04 +0000 Subject: [PATCH 2/3] =?UTF-8?q?libdwarf:=20sha512=20=E2=86=92=20hash?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/libraries/libdwarf/20210528.nix | 2 +- pkgs/development/libraries/libdwarf/common.nix | 4 ++-- pkgs/development/libraries/libdwarf/default.nix | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/libdwarf/20210528.nix b/pkgs/development/libraries/libdwarf/20210528.nix index 01ab2d720bf0..25d14de99ae2 100644 --- a/pkgs/development/libraries/libdwarf/20210528.nix +++ b/pkgs/development/libraries/libdwarf/20210528.nix @@ -2,7 +2,7 @@ callPackage ./common.nix rec { version = "20210528"; url = "https://www.prevanders.net/libdwarf-${version}.tar.gz"; - sha512 = "e0f9c88554053ee6c1b1333960891189e7820c4a4ddc302b7e63754a4cdcfc2acb1b4b6083a722d1204a75e994fff3401ecc251b8c3b24090f8cb4046d90f870"; + hash = "sha512-4PnIhVQFPubBsTM5YIkRieeCDEpN3DArfmN1Skzc/CrLG0tgg6ci0SBKdemU//NAHswlG4w7JAkPjLQEbZD4cA=="; buildInputs = [ zlib libelf ]; knownVulnerabilities = [ "CVE-2022-32200" "CVE-2022-39170" ]; } diff --git a/pkgs/development/libraries/libdwarf/common.nix b/pkgs/development/libraries/libdwarf/common.nix index 32dc6eaa6e4e..ebf59ccd03f9 100644 --- a/pkgs/development/libraries/libdwarf/common.nix +++ b/pkgs/development/libraries/libdwarf/common.nix @@ -1,11 +1,11 @@ -{ lib, stdenv, fetchurl, buildInputs, sha512, version, libelf, url, knownVulnerabilities }: +{ lib, stdenv, fetchurl, buildInputs, hash, version, libelf, url, knownVulnerabilities }: stdenv.mkDerivation rec { pname = "libdwarf"; inherit version; src = fetchurl { - inherit url sha512; + inherit url hash; }; configureFlags = [ "--enable-shared" "--disable-nonshared" ]; diff --git a/pkgs/development/libraries/libdwarf/default.nix b/pkgs/development/libraries/libdwarf/default.nix index 2beb4efc4bcd..0f96083100c2 100644 --- a/pkgs/development/libraries/libdwarf/default.nix +++ b/pkgs/development/libraries/libdwarf/default.nix @@ -2,7 +2,7 @@ callPackage ./common.nix rec { version = "0.4.2"; url = "https://www.prevanders.net/libdwarf-${version}.tar.xz"; - sha512 = "6d2a3ebf0104362dd9cecec272935684f977db119810eea0eec88c9f56a042f260a4f6ed3bbabde8592fe16f98cbd81b4ab2878005140e05c8f475df6380d1c2"; + hash = "sha512-bSo+vwEENi3Zzs7CcpNWhPl32xGYEO6g7siMn1agQvJgpPbtO7q96Fkv4W+Yy9gbSrKHgAUUDgXI9HXfY4DRwg=="; buildInputs = [ zlib ]; knownVulnerabilities = []; } From fab52fca51de6d49084d9b41d0a69b8108ebc668 Mon Sep 17 00:00:00 2001 From: nicoo Date: Sat, 16 Sep 2023 17:33:20 +0000 Subject: [PATCH 3/3] =?UTF-8?q?treewide:=20sha512=20=E2=86=92=20hash?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/applications/audio/plexamp/default.nix | 2 +- pkgs/applications/audio/spotify/linux.nix | 2 +- pkgs/applications/blockchains/oxen/default.nix | 2 +- .../blockchains/trezor-suite/default.nix | 2 +- pkgs/applications/editors/eclipse/plugins.nix | 2 +- .../networking/gopher/sacc/default.nix | 2 +- .../mailreaders/thunderbird/packages.nix | 4 ++-- pkgs/applications/video/lbry/default.nix | 2 +- .../node/fetch-yarn-deps/default.nix | 2 +- .../libraries/zookeeper_mt/default.nix | 2 +- .../development/ocaml-modules/extlib/default.nix | 2 +- .../tools/database/beekeeper-studio/default.nix | 2 +- pkgs/development/tools/misc/kibana/7.x.nix | 12 ++++++------ pkgs/development/web/bloomrpc/default.nix | 2 +- pkgs/servers/http/bozohttpd/default.nix | 2 +- pkgs/servers/http/tomcat/tomcat-native.nix | 2 +- pkgs/servers/search/elasticsearch/7.x.nix | 12 ++++++------ pkgs/servers/zookeeper/default.nix | 2 +- pkgs/tools/misc/logstash/7.x.nix | 16 ++++++++-------- pkgs/tools/security/beyond-identity/default.nix | 2 +- pkgs/tools/system/journalwatch/default.nix | 2 +- pkgs/tools/typesetting/lowdown/default.nix | 2 +- 22 files changed, 40 insertions(+), 40 deletions(-) diff --git a/pkgs/applications/audio/plexamp/default.nix b/pkgs/applications/audio/plexamp/default.nix index b32f2f48f3a2..c3d36d3b3836 100644 --- a/pkgs/applications/audio/plexamp/default.nix +++ b/pkgs/applications/audio/plexamp/default.nix @@ -7,7 +7,7 @@ let src = fetchurl { url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage"; name="${pname}-${version}.AppImage"; - sha512 = "CrSXmRVatVSkMyB1QaNSL/tK60rQvT9JraRtYYLl0Fau3M1LJXK9yqvt77AjwIwIvi2Dm5SROG+c4rA1XtI4Yg=="; + hash = "sha512-CrSXmRVatVSkMyB1QaNSL/tK60rQvT9JraRtYYLl0Fau3M1LJXK9yqvt77AjwIwIvi2Dm5SROG+c4rA1XtI4Yg=="; }; appimageContents = appimageTools.extractType2 { diff --git a/pkgs/applications/audio/spotify/linux.nix b/pkgs/applications/audio/spotify/linux.nix index 117d2325ce36..cbb229066175 100644 --- a/pkgs/applications/audio/spotify/linux.nix +++ b/pkgs/applications/audio/spotify/linux.nix @@ -84,7 +84,7 @@ stdenv.mkDerivation { # https://community.spotify.com/t5/Desktop-Linux/Redistribute-Spotify-on-Linux-Distributions/td-p/1695334 src = fetchurl { url = "https://api.snapcraft.io/api/v1/snaps/download/pOBIoZ2LrCB3rDohMxoYGnbN14EHOgD7_${rev}.snap"; - sha512 = "3d5a9fda88a076a22bb6d0b6b586334865f03a4e852ca8e022468e3dd3520a81dea314721e26e54ba9309603e08f66588f005ee8970e73eccbf805ff70e89dca"; + hash = "sha512-PVqf2oigdqIrttC2tYYzSGXwOk6FLKjgIkaOPdNSCoHeoxRyHiblS6kwlgPgj2ZYjwBe6JcOc+zL+AX/cOidyg=="; }; nativeBuildInputs = [ wrapGAppsHook makeShellWrapper squashfsTools ]; diff --git a/pkgs/applications/blockchains/oxen/default.nix b/pkgs/applications/blockchains/oxen/default.nix index a8948d7df5a1..a57e38ac9cfa 100644 --- a/pkgs/applications/blockchains/oxen/default.nix +++ b/pkgs/applications/blockchains/oxen/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { # Required for static linking, the only supported install path lbzmqsrc = fetchurl { url = "https://github.com/zeromq/libzmq/releases/download/v4.3.3/zeromq-4.3.3.tar.gz"; - sha512 = "4c18d784085179c5b1fcb753a93813095a12c8d34970f2e1bfca6499be6c9d67769c71c68b7ca54ff181b20390043170e89733c22f76ff1ea46494814f7095b1"; + hash = "sha512-TBjXhAhRecWx/LdTqTgTCVoSyNNJcPLhv8pkmb5snWd2nHHGi3ylT/GBsgOQBDFw6Jczwi92/x6kZJSBT3CVsQ=="; }; postPatch = '' diff --git a/pkgs/applications/blockchains/trezor-suite/default.nix b/pkgs/applications/blockchains/trezor-suite/default.nix index 67c02e299e19..c56e6da52f0f 100644 --- a/pkgs/applications/blockchains/trezor-suite/default.nix +++ b/pkgs/applications/blockchains/trezor-suite/default.nix @@ -18,7 +18,7 @@ let src = fetchurl { url = "https://github.com/trezor/${pname}/releases/download/v${version}/Trezor-Suite-${version}-${suffix}.AppImage"; - sha512 = { # curl -Lfs https://github.com/trezor/trezor-suite/releases/latest/download/latest-linux{-arm64,}.yml | grep ^sha512 | sed 's/: /-/' + hash = { # curl -Lfs https://github.com/trezor/trezor-suite/releases/latest/download/latest-linux{-arm64,}.yml | grep ^sha512 | sed 's/: /-/' aarch64-linux = "sha512-+dcogzj0mENWSAVKqUG/xyF+TD/nKpA3UiNyI2M7iiCaW+tpwO5Y0uUmzb1rFRtDsKMflDPZNWe8qMJmrtaIrA=="; x86_64-linux = "sha512-8UyPa3hDmALiYGao451ZBQLxv9H9OLbzzHiANp4zgvjBLGNhZnPFBIYM6KGyKkgRJJiTcgd7VHCgEhPpfm0qzg=="; }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); diff --git a/pkgs/applications/editors/eclipse/plugins.nix b/pkgs/applications/editors/eclipse/plugins.nix index a8a248804b04..67c071b5b938 100644 --- a/pkgs/applications/editors/eclipse/plugins.nix +++ b/pkgs/applications/editors/eclipse/plugins.nix @@ -355,7 +355,7 @@ rec { src = fetchzip { url = "https://download.jboss.org/drools/release/${version}/droolsjbpm-tools-distribution-${version}.zip"; - sha512 = "2qzc1iszqfrfnw8xip78n3kp6hlwrvrr708vlmdk7nv525xhs0ssjaxriqdhcr0s6jripmmazxivv3763rnk2bfkh31hmbnckpx4r3m"; + hash = "sha512-dWTS72R2VRgGnG6JafMwZ+wd+1e13pil0SAz2HDMXUmtgYa9iLLtma3SjcDJeWdOoblzWHRu7Ihblx3+Ogb2sQ=="; postFetch = '' # update site is a couple levels deep, alongside some other irrelevant stuff cd $out; diff --git a/pkgs/applications/networking/gopher/sacc/default.nix b/pkgs/applications/networking/gopher/sacc/default.nix index 1afcbe4d2a86..994423870398 100644 --- a/pkgs/applications/networking/gopher/sacc/default.nix +++ b/pkgs/applications/networking/gopher/sacc/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "ftp://bitreich.org/releases/sacc/sacc-${version}.tar.gz"; - sha512 = "7a895e432e1d28b7d9b2bb2a5326ca32350876a2c80d39dc6c19e75347d72a4847f1aa4ff11f07e8a9adea14ea71b84d70890dcc170ff6ce0b779e1d6586b4fa"; + hash = "sha512-eoleQy4dKLfZsrsqUybKMjUIdqLIDTncbBnnU0fXKkhH8apP8R8H6Kmt6hTqcbhNcIkNzBcP9s4Ld54dZYa0+g=="; }; inherit patches; diff --git a/pkgs/applications/networking/mailreaders/thunderbird/packages.nix b/pkgs/applications/networking/mailreaders/thunderbird/packages.nix index 4ddb0b6410f0..b233fe5739ce 100644 --- a/pkgs/applications/networking/mailreaders/thunderbird/packages.nix +++ b/pkgs/applications/networking/mailreaders/thunderbird/packages.nix @@ -11,7 +11,7 @@ rec { binaryName = pname; src = fetchurl { url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz"; - sha512 = "4ae3f216833aec55421f827d55bc1b5fc2f0ad4fefecb27724a5be3318c351df24d30a4897b924e733ed2e3995be284b6d135049d46001143fb1c961fefc1830"; + hash = "sha512-SuPyFoM67FVCH4J9VbwbX8LwrU/v7LJ3JKW+MxjDUd8k0wpIl7kk5zPtLjmVvihLbRNQSdRgARQ/sclh/vwYMA=="; }; extraPatches = [ # The file to be patched is different from firefox's `no-buildconfig-ffx90.patch`. @@ -49,7 +49,7 @@ rec { binaryName = pname; src = fetchurl { url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz"; - sha512 = "45843709c21eb19d69d43205da6b2f943b584811a29942ffef1933c1ce7882b48046b201c2ff198658fec2c53d479311d8a353731afe6ea53f97b31674d6074a"; + hash = "sha512-RYQ3CcIesZ1p1DIF2msvlDtYSBGimUL/7xkzwc54grSARrIBwv8Zhlj+wsU9R5MR2KNTcxr+bqU/l7MWdNYHSg=="; }; extraPatches = [ # The file to be patched is different from firefox's `no-buildconfig-ffx90.patch`. diff --git a/pkgs/applications/video/lbry/default.nix b/pkgs/applications/video/lbry/default.nix index fa74f138608f..afcec67d9134 100644 --- a/pkgs/applications/video/lbry/default.nix +++ b/pkgs/applications/video/lbry/default.nix @@ -12,7 +12,7 @@ in appimageTools.wrapAppImage rec { src = fetchurl { url = "https://github.com/lbryio/lbry-desktop/releases/download/v${version}/LBRY_${version}.AppImage"; # Gotten from latest-linux.yml - sha512 = "WZB2pMzSuWGPj6uad+rIECOhuWEOxi0hVUQifOrhUrKj4SnBDws+oy7V2+NpDGkzbG+Kf3IO8rcWBD4wfFoo2Q=="; + hash = "sha512-WZB2pMzSuWGPj6uad+rIECOhuWEOxi0hVUQifOrhUrKj4SnBDws+oy7V2+NpDGkzbG+Kf3IO8rcWBD4wfFoo2Q=="; }; }; diff --git a/pkgs/build-support/node/fetch-yarn-deps/default.nix b/pkgs/build-support/node/fetch-yarn-deps/default.nix index d95b1078c162..49c2f6cbfc98 100644 --- a/pkgs/build-support/node/fetch-yarn-deps/default.nix +++ b/pkgs/build-support/node/fetch-yarn-deps/default.nix @@ -3,7 +3,7 @@ let yarnpkg-lockfile-tar = fetchurl { url = "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz"; - sha512 = "sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ=="; + hash = "sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ=="; }; tests = callPackage ./tests {}; diff --git a/pkgs/development/libraries/zookeeper_mt/default.nix b/pkgs/development/libraries/zookeeper_mt/default.nix index 6a52f6a41d53..9c4302433ff0 100644 --- a/pkgs/development/libraries/zookeeper_mt/default.nix +++ b/pkgs/development/libraries/zookeeper_mt/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://apache/zookeeper/${zookeeper.pname}-${version}/apache-${zookeeper.pname}-${version}.tar.gz"; - sha512 = "sha512-ttYbATvfe+uRYhQWfeG1WGXl5GOztcrITfl/4EQierAzSaDvTmVxSb582hYQOdBpxw2QrVbIdnTm3/Xt4ifecg=="; + hash = "sha512-ttYbATvfe+uRYhQWfeG1WGXl5GOztcrITfl/4EQierAzSaDvTmVxSb582hYQOdBpxw2QrVbIdnTm3/Xt4ifecg=="; }; sourceRoot = "apache-${zookeeper.pname}-${version}/zookeeper-client/zookeeper-client-c"; diff --git a/pkgs/development/ocaml-modules/extlib/default.nix b/pkgs/development/ocaml-modules/extlib/default.nix index 35b8c59091cc..cd9f6d9b86ce 100644 --- a/pkgs/development/ocaml-modules/extlib/default.nix +++ b/pkgs/development/ocaml-modules/extlib/default.nix @@ -8,7 +8,7 @@ buildDunePackage rec { src = fetchurl { url = "https://ygrek.org/p/release/ocaml-${pname}/${pname}-${version}.tar.gz"; - sha512 = "2386ac69f037ea520835c0624d39ae9fbffe43a20b18e247de032232ed6f419d667b53d2314c6f56dc71d368bf0b6201a56c2f3f2a5bdfd933766c5a6cb98768"; + hash = "sha512-I4asafA36lIINcBiTTmun7/+Q6ILGOJH3gMiMu1vQZ1me1PSMUxvVtxx02i/C2IBpWwvPypb39kzdmxabLmHaA=="; }; nativeBuildInputs = [ cppo ]; diff --git a/pkgs/development/tools/database/beekeeper-studio/default.nix b/pkgs/development/tools/database/beekeeper-studio/default.nix index be53f57cac61..f02fa4771ba0 100644 --- a/pkgs/development/tools/database/beekeeper-studio/default.nix +++ b/pkgs/development/tools/database/beekeeper-studio/default.nix @@ -8,7 +8,7 @@ let src = fetchurl { url = "https://github.com/beekeeper-studio/beekeeper-studio/releases/download/v${version}/Beekeeper-Studio-${version}.AppImage"; name = "${pname}-${version}.AppImage"; - sha512 = "sha512-an4Gqx2mx/rnkLe/LUAz3qRdrqWBcrWcdCiNi8Hz1OKBp1SWN3acU8RppIM0uwlrcBkjnigbbM5DZ2o+svA23A=="; + hash = "sha512-an4Gqx2mx/rnkLe/LUAz3qRdrqWBcrWcdCiNi8Hz1OKBp1SWN3acU8RppIM0uwlrcBkjnigbbM5DZ2o+svA23A=="; }; appimageContents = appimageTools.extractType2 { diff --git a/pkgs/development/tools/misc/kibana/7.x.nix b/pkgs/development/tools/misc/kibana/7.x.nix index eaf5247a4165..257fbf4b235c 100644 --- a/pkgs/development/tools/misc/kibana/7.x.nix +++ b/pkgs/development/tools/misc/kibana/7.x.nix @@ -15,12 +15,12 @@ let info = lib.splitString "-" stdenv.hostPlatform.system; arch = elemAt info 0; plat = elemAt info 1; - shas = + hashes = { - x86_64-linux = "d3d5e8906e64ae3c469e4df80e1c692ce1912e36f68ddf36b99b7019faf34aebaa329061904a6d2b6a32486c6e19d1c5f2ea30c25479a7960ed93bc1c0cb1691"; - x86_64-darwin = "72a4499efbbbdf425f92beafc1b1d416e66e6ded60e76d9c9af9c3c13ce11862ba54dffbfbd5cbdef6afaad50f0d57532d3524f83acd88840aecc6891f748732"; - aarch64-linux = "ce1b584e1cf98f8fb0e602352564a71efef4f53936dde7a056caed62675a6216624f0db2bc24d8239b8d01f06306bf173dda7a08a1787ba061db01ca0d88359a"; - aarch64-darwin = "72a4499efbbbdf425f92beafc1b1d416e66e6ded60e76d9c9af9c3c13ce11862ba54dffbfbd5cbdef6afaad50f0d57532d3524f83acd88840aecc6891f748732"; + x86_64-linux = "sha512-09XokG5krjxGnk34DhxpLOGRLjb2jd82uZtwGfrzSuuqMpBhkEptK2oySGxuGdHF8uowwlR5p5YO2TvBwMsWkQ=="; + x86_64-darwin = "sha512-cqRJnvu730Jfkr6vwbHUFuZube1g522cmvnDwTzhGGK6VN/7+9XL3vavqtUPDVdTLTUk+DrNiIQK7MaJH3SHMg=="; + aarch64-linux = "sha512-zhtYThz5j4+w5gI1JWSnHv709Tk23eegVsrtYmdaYhZiTw2yvCTYI5uNAfBjBr8XPdp6CKF4e6Bh2wHKDYg1mg=="; + aarch64-darwin = "sha512-cqRJnvu730Jfkr6vwbHUFuZube1g522cmvnDwTzhGGK6VN/7+9XL3vavqtUPDVdTLTUk+DrNiIQK7MaJH3SHMg=="; }; in stdenv.mkDerivation rec { @@ -29,7 +29,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "https://artifacts.elastic.co/downloads/kibana/${pname}-${version}-${plat}-${arch}.tar.gz"; - sha512 = shas.${stdenv.hostPlatform.system} or (throw "Unknown architecture"); + hash = hashes.${stdenv.hostPlatform.system} or (throw "Unknown architecture"); }; patches = [ diff --git a/pkgs/development/web/bloomrpc/default.nix b/pkgs/development/web/bloomrpc/default.nix index 037e7f4931a1..fc14b131be8a 100644 --- a/pkgs/development/web/bloomrpc/default.nix +++ b/pkgs/development/web/bloomrpc/default.nix @@ -7,7 +7,7 @@ let src = fetchurl { url = "https://github.com/uw-labs/${pname}/releases/download/${version}/BloomRPC-${version}.AppImage"; name = "${pname}-${version}.AppImage"; - sha512 = "PebdYDpcplPN5y3mRu1mG6CXenYfYvBXNLgIGEr7ZgKnR5pIaOfJNORSNYSdagdGDb/B1sxuKfX4+4f2cqgb6Q=="; + hash = "sha512-PebdYDpcplPN5y3mRu1mG6CXenYfYvBXNLgIGEr7ZgKnR5pIaOfJNORSNYSdagdGDb/B1sxuKfX4+4f2cqgb6Q=="; }; appimageContents = appimageTools.extractType2 { diff --git a/pkgs/servers/http/bozohttpd/default.nix b/pkgs/servers/http/bozohttpd/default.nix index 2087c2f591d6..5fd9f350b117 100644 --- a/pkgs/servers/http/bozohttpd/default.nix +++ b/pkgs/servers/http/bozohttpd/default.nix @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { # http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/bozohttpd/distinfo src = fetchurl { url = "http://www.eterna.com.au/${pname}/${pname}-${version}.tar.bz2"; - sha512 = "275b8fab3cf2e6c59721682cae952db95da5bd3b1f20680240c6cf1029463693f6feca047fbef5e3a3e7528b40b7b2e87b2a56fd800b612e679a16f24890e5b6"; + hash = "sha512-J1uPqzzy5sWXIWgsrpUtuV2lvTsfIGgCQMbPEClGNpP2/soEf77146PnUotAt7LoeypW/YALYS5nmhbySJDltg=="; }; buildInputs = [ openssl libxcrypt ] ++ optional (luaSupport) lua; diff --git a/pkgs/servers/http/tomcat/tomcat-native.nix b/pkgs/servers/http/tomcat/tomcat-native.nix index cf912d87a1d6..8b05a2ea794f 100644 --- a/pkgs/servers/http/tomcat/tomcat-native.nix +++ b/pkgs/servers/http/tomcat/tomcat-native.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://apache/tomcat/tomcat-connectors/native/${version}/source/${pname}-${version}-src.tar.gz"; - sha512 = "2aaa93f0acf3eb780d39faeda3ece3cf053d3b6e2918462f7183070e8ab32232e035e9062f7c07ceb621006d727d3596d9b4b948f4432b4f625327b72fdb0e49"; + hash = "sha512-KqqT8Kzz63gNOfrto+zjzwU9O24pGEYvcYMHDoqzIjLgNekGL3wHzrYhAG1yfTWW2bS5SPRDK09iUye3L9sOSQ=="; }; sourceRoot = "${pname}-${version}-src/native"; diff --git a/pkgs/servers/search/elasticsearch/7.x.nix b/pkgs/servers/search/elasticsearch/7.x.nix index 6eea9d751d51..bcb7f0d33bf3 100644 --- a/pkgs/servers/search/elasticsearch/7.x.nix +++ b/pkgs/servers/search/elasticsearch/7.x.nix @@ -16,12 +16,12 @@ let info = splitString "-" stdenv.hostPlatform.system; arch = elemAt info 0; plat = elemAt info 1; - shas = + hashes = { - x86_64-linux = "7a2013e43c7fc39e86a31a733cc74c587ef2bba0c013f95ce874f98b488a4f8f0e6fb254a1eedd5c0b0e210aed9a0195f7358fa9653c890e234413ff93190807"; - x86_64-darwin = "e6f49e7c0f59e260b3e3d43e57375c9352976c4f51118005e3a9127f41b59f95e51ea158cd318e99410e6d98464ea1f84432c905d12a84b8f68b2ce35905f944"; - aarch64-linux = "f2790f49b79c381246bbf87431919452af93aa4fd8aa6bc9c1f9031e7ed5d9c649f5bab867c28a7d1602e2285d3f4a5f78f809ac05744b02ad67d68610bb677d"; - aarch64-darwin = "75b66b60650bb82dc517f4a594fa40816d3becb92bf3b349f3e8324cc6b297c8bcacebc08e7661891fd4ede03a099fea56c1509291804dd03345717c36564172"; + x86_64-linux = "sha512-eiAT5Dx/w56GoxpzPMdMWH7yu6DAE/lc6HT5i0iKT48Ob7JUoe7dXAsOIQrtmgGV9zWPqWU8iQ4jRBP/kxkIBw=="; + x86_64-darwin = "sha512-5vSefA9Z4mCz49Q+Vzdck1KXbE9REYAF46kSf0G1n5XlHqFYzTGOmUEObZhGTqH4RDLJBdEqhLj2iyzjWQX5RA=="; + aarch64-linux = "sha512-8nkPSbecOBJGu/h0MZGUUq+Tqk/YqmvJwfkDHn7V2cZJ9bq4Z8KKfRYC4ihdP0pfePgJrAV0SwKtZ9aGELtnfQ=="; + aarch64-darwin = "sha512-dbZrYGULuC3FF/SllPpAgW077Lkr87NJ8+gyTMayl8i8rOvAjnZhiR/U7eA6CZ/qVsFQkpGATdAzRXF8NlZBcg=="; }; in stdenv.mkDerivation rec { @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://artifacts.elastic.co/downloads/elasticsearch/${pname}-${version}-${plat}-${arch}.tar.gz"; - sha512 = shas.${stdenv.hostPlatform.system} or (throw "Unknown architecture"); + hash = hashes.${stdenv.hostPlatform.system} or (throw "Unknown architecture"); }; patches = [ ./es-home-6.x.patch ]; diff --git a/pkgs/servers/zookeeper/default.nix b/pkgs/servers/zookeeper/default.nix index c8ef0cb68d41..d333494ea35d 100644 --- a/pkgs/servers/zookeeper/default.nix +++ b/pkgs/servers/zookeeper/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://apache/zookeeper/${pname}-${version}/apache-${pname}-${version}-bin.tar.gz"; - sha512 = "sha512-kQNiilB0X6GiibymZv2kqcCOwXxVzxPmaIfnunbpPbrmCh8f/WwQeYvjoWBpNE7LwAzrspvwPZzXCWzNCY7QEQ=="; + hash = "sha512-kQNiilB0X6GiibymZv2kqcCOwXxVzxPmaIfnunbpPbrmCh8f/WwQeYvjoWBpNE7LwAzrspvwPZzXCWzNCY7QEQ=="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/misc/logstash/7.x.nix b/pkgs/tools/misc/logstash/7.x.nix index 7bbc5bd6a0df..807969635d8a 100644 --- a/pkgs/tools/misc/logstash/7.x.nix +++ b/pkgs/tools/misc/logstash/7.x.nix @@ -13,17 +13,17 @@ let info = lib.splitString "-" stdenv.hostPlatform.system; arch = lib.elemAt info 0; plat = lib.elemAt info 1; - shas = + hashes = if enableUnfree then { - x86_64-linux = "5391bfef09c403a365518a3a8e8f075bb7974b137095b3c7fd2a0173cfa6dbd4a7451170a3657afef3e6a468e90a38d6e7a5b669799878f9389fa44ff8fee026"; - x86_64-darwin = "8e3516b82329a47505358fb7eab486ca39423adc44a1f061c35f6ba225ac2f37330f2afc3e37eb652b6536e5ca35d77ac2485dec743fa8d99dd4fcc60bddbc21"; - aarch64-linux = "06f91a5aabff0f86a4150de6c1fd02fb6d0a44b04ac660597cb4c8356cf1d22552aaa77899db42a49a5e35b3cad73be5d7bad8cacfb4b17e622949329cdf791a"; + x86_64-linux = "sha512-U5G/7wnEA6NlUYo6jo8HW7eXSxNwlbPH/SoBc8+m29SnRRFwo2V6/vPmpGjpCjjW56W2aXmYePk4n6RP+P7gJg=="; + x86_64-darwin = "sha512-jjUWuCMppHUFNY+36rSGyjlCOtxEofBhw19roiWsLzczDyr8PjfrZStlNuXKNdd6wkhd7HQ/qNmd1PzGC928IQ=="; + aarch64-linux = "sha512-BvkaWqv/D4akFQ3mwf0C+20KRLBKxmBZfLTINWzx0iVSqqd4mdtCpJpeNbPK1zvl17rYys+0sX5iKUkynN95Gg=="; } else { - x86_64-linux = "ba22c4c414f47515387bb28cc47612bea58aff97c407f2571863e83174a2bef273627f65dd531ed833e40668c79144a501d49c3ec691c1b1c4d8fb0cb124b052"; - x86_64-darwin = "81a97ca06c086fac33f32e90124f649d5ddce09d649021020f434b75b5bff63065f9dc8aa267b72cedd581089bc24db12122f705ef8b69acf8f59f11771cbf77"; - aarch64-linux = "64adb41a7a1b14b21d463b333f3f4470a4db9140e288d379bf79510c83091d5ca27e997961d757cee2329b85d16da6da8a1038a00aeabb1e74ab8f95b841ad0a"; + x86_64-linux = "sha512-uiLExBT0dRU4e7KMxHYSvqWK/5fEB/JXGGPoMXSivvJzYn9l3VMe2DPkBmjHkUSlAdScPsaRwbHE2PsMsSSwUg=="; + x86_64-darwin = "sha512-gal8oGwIb6wz8y6QEk9knV3c4J1kkCECD0NLdbW/9jBl+dyKome3LO3VgQibwk2xISL3Be+Laaz49Z8Rdxy/dw=="; + aarch64-linux = "sha512-ZK20GnobFLIdRjszPz9EcKTbkUDiiNN5v3lRDIMJHVyifpl5YddXzuIym4XRbabaihA4oArqux50q4+VuEGtCg=="; }; this = stdenv.mkDerivation rec { version = elk7Version; @@ -32,7 +32,7 @@ let src = fetchurl { url = "https://artifacts.elastic.co/downloads/logstash/${pname}-${version}-${plat}-${arch}.tar.gz"; - sha512 = shas.${stdenv.hostPlatform.system} or (throw "Unknown architecture"); + hash = hashes.${stdenv.hostPlatform.system} or (throw "Unknown architecture"); }; dontBuild = true; diff --git a/pkgs/tools/security/beyond-identity/default.nix b/pkgs/tools/security/beyond-identity/default.nix index 46ed84078c2d..31b3439f0e87 100644 --- a/pkgs/tools/security/beyond-identity/default.nix +++ b/pkgs/tools/security/beyond-identity/default.nix @@ -22,7 +22,7 @@ let src = fetchurl { url = "https://packages.beyondidentity.com/public/linux-authenticator/deb/ubuntu/pool/focal/main/b/be/${pname}_${version}/${pname}_${version}_amd64.deb"; - sha512 = "sha512-JrHLf7KkJVbJLxx54OTvOSaIzY3+hjX+bpkeBHKX23YriCJssUUvEP6vlbI4r6gjMMFMhW92k0iikAgD1Tr4ug=="; + hash = "sha512-JrHLf7KkJVbJLxx54OTvOSaIzY3+hjX+bpkeBHKX23YriCJssUUvEP6vlbI4r6gjMMFMhW92k0iikAgD1Tr4ug=="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/system/journalwatch/default.nix b/pkgs/tools/system/journalwatch/default.nix index 01324b65f6bb..3eea1a379656 100644 --- a/pkgs/tools/system/journalwatch/default.nix +++ b/pkgs/tools/system/journalwatch/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { owner = "The-Compiler"; repo = pname; rev = "v${version}"; - sha512 = "11g2f1w9lfqw6zxxyg7qrqpb914s6w71j0gnpw7qr7cak2l5jlf2l39dlg30y55rw7jgmf0yg77wwzd0c430mq1n6q1v8w86g1rwkzb"; + hash = "sha512-60+ewzOIox2wsQFXMAgD7XN+zvPA1ScPz6V4MB5taVDhqCxUTMVOxodf+4AMhxtNQloXZ3ye7/0bjh1NPDjxQg=="; }; # can be removed post 1.1.0 diff --git a/pkgs/tools/typesetting/lowdown/default.nix b/pkgs/tools/typesetting/lowdown/default.nix index 3a108d7c8ed0..ba510fe256b7 100644 --- a/pkgs/tools/typesetting/lowdown/default.nix +++ b/pkgs/tools/typesetting/lowdown/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://kristaps.bsd.lv/lowdown/snapshots/lowdown-${version}.tar.gz"; - sha512 = "1cizrzmldi7lrgdkpn4b6skp1b5hz2jskkbcbv9k6lmz08clm02gyifh7fgd8j2rklqsim34n5ifyg83xhsjzd57xqjys1ccjdn3a5m"; + hash = "sha512-tahhm2QsaC9xP6V9qWEf6HkXiyWjRo3pzEKi9tyBLvonQKUMgV+pmWkvtubUUnxYVrhTm0Xsne1lemKj9ecfWQ=="; }; nativeBuildInputs = [ which dieHook ]