Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change git inputs to use SRI hashes #71

Open
lf- opened this issue May 5, 2024 · 4 comments · May be fixed by #87
Open

Change git inputs to use SRI hashes #71

lf- opened this issue May 5, 2024 · 4 comments · May be fixed by #87

Comments

@lf-
Copy link

lf- commented May 5, 2024

Currently npins uses legacy Nix base32 hashes for fetchGit. I would like to be able to passnarHash to fetchGit to get it to hit cache for any user connecting to the same the Nix store rather than just getting cached in the Nix git cache, but Nix only allows SRI hashes for that parameter.

I think the easiest fix here is to make npins store SRIs for such hashes, since I don't think the base32 hashes could actually be used for any purpose in the current state anyway.
@andir
Copy link
Owner

andir commented May 5, 2024

I like the idea if that improves the caching / substitution situation. Out of interest: Do you know the minimum Nix version required for these?

We should probably also support migration of the hashes. At least only change "updated" hashes to not cause issues with "dormant" dependencies? (e.g. fetching huge repos again just for the sake of hashing)

@RaitoBezarius
Copy link

Between 2.3 and 2.4, it's in 2.4. I cannot find it in 2.3, at least, narHash is not a supported argument of 2.3's fetchGit.

@RaitoBezarius
Copy link

In addition, nix hash to-sri probably exist only in 2.4+, if you want to implement the migration or initialization using #87 code. An alternative is to rely on Tvix to generate those without any dependency upon Nix, but well, you already know all of that :P.

@RaitoBezarius RaitoBezarius linked a pull request Jun 19, 2024 that will close this issue
Draft
@philiptaron
Copy link
Contributor

philiptaron commented Jun 25, 2024
edited
Loading

SRI hashes were added to Nix with NixOS/nix@6024dc1. That appears to have shipped in Nix 2.2. That commit changes the fetchurl builtin; fetchgit was changed in NixOS/nix@6024dc1 (I think) which shipped in 2.4, it looks like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: pass SRI hashes for Git sources RaitoBezarius/npins
4 participants
@philiptaron @RaitoBezarius @andir @lf-