Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: pass SRI hashes for Git sources #87

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

feat: pass SRI hashes for Git sources #87

wants to merge 1 commit into from

Conversation

RaitoBezarius
Copy link

@RaitoBezarius RaitoBezarius commented Jun 19, 2024
edited
Loading

I am opening this to leave it as an example (and because I need it), I may not have time to polish it for upstream inclusion, feel free to close it if you are not interested.

Could fix #71.

@RaitoBezarius
feat: pass SRI hashes for Git sources
864a972 
This way, we avoid using `fetchGit` unlocked and we get better
properties on caching, etc.

Signed-off-by: Raito Bezarius <[email protected]>
@RaitoBezarius RaitoBezarius mentioned this pull request Jun 19, 2024
Open
andir
andir reviewed Jun 19, 2024
View reviewed changes
src/nix.rs
@@ -6,6 +6,25 @@ pub struct PrefetchInfo {
hash: String,
}

pub async fn hash_to_sri(hash_type: &str, hash: String) -> Result<String> {
let output = tokio::process::Command::new("nix")
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this require a specific minimum nix version? e.g. 2.4 and newer?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only if we shell out, if we use Tvix, not really.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If tvix manages to publish these operations in some useable format. I've some random bits and pieces from other nix-related projects that do this. Since I also want to remove reliance on nix-prefetch-url entirely and add that to npins.

@RaitoBezarius
Copy link
Author

(This is missing handling GitRelease type as well…)

@nikstur
Copy link

nikstur commented Aug 8, 2024

I would love to see this be merged. What's left to be done here?

@Janik-Haag
Copy link

@nikstur

I would love to see this be merged. What's left to be done here?

From what I can see:

  • adding support for the GitRelease type
  • switching from the shell out nix command to tvix for converting to sri hashes or handling the minimum nix version requirment.
  • updating the tests

other then that it's probably good to go.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andir andir andir left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change git inputs to use SRI hashes
4 participants
@RaitoBezarius @nikstur @Janik-Haag @andir