From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2O/rKFjXS2PqSAAAbAwnHQ (envelope-from ) for ; Sun, 16 Oct 2022 12:05:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id uEwUKFjXS2NTYwEAG6o9tA (envelope-from ) for ; Sun, 16 Oct 2022 12:05:12 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1CE1F1E216 for ; Sun, 16 Oct 2022 12:05:12 +0200 (CEST) Received: from localhost ([::1]:60056 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ok0W7-0003kv-8U for larch@yhetil.org; Sun, 16 Oct 2022 06:05:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39276) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ok0W0-0003jU-E7 for bug-guix@gnu.org; Sun, 16 Oct 2022 06:05:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:44378) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ok0Vz-0002yX-0A for bug-guix@gnu.org; Sun, 16 Oct 2022 06:05:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ok0Vy-0003ya-Sg for bug-guix@gnu.org; Sun, 16 Oct 2022 06:05:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#58561: Source hash mismatch with aggregator + possible guix bug with hashes. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 16 Oct 2022 10:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58561 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: mail@brendan.scot Cc: 58561@debbugs.gnu.org X-Debbugs-Original-Cc: bug-guix@gnu.org, 58561@debbugs.gnu.org Received: via spool by 58561-submit@debbugs.gnu.org id=B58561.166591469215234 (code B ref 58561); Sun, 16 Oct 2022 10:05:02 +0000 Received: (at 58561) by debbugs.gnu.org; 16 Oct 2022 10:04:52 +0000 Received: from localhost ([127.0.0.1]:43450 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ok0Vo-0003xd-IS for submit@debbugs.gnu.org; Sun, 16 Oct 2022 06:04:52 -0400 Received: from tobias.gr ([80.241.217.52]:52098) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ok0Vn-0003xV-3x for 58561@debbugs.gnu.org; Sun, 16 Oct 2022 06:04:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=DthG5qdmTbwtY w1pi/0VLG48J7kEwWXYXqTKfPPztgU=; h=in-reply-to:date:subject:cc:to: from:references; d=tobias.gr; b=OPNOPJRV2wxON/aMjp6Dnh2eo/QphPuP0szPBr wISn5MoM8DnastvTcKajFsk8W3tSE7efKTOJaWifjPaZsgLbcR72Q3pY6UAbCk8hIiaGGK IL3hsPmp0Up+keCyZRDWhZCmk8Mme++nipkr5DZpK6ZD5emd3/gMpHNzboIVa5mzz9qXQa sgKi6uNQ2VPg/wDfm76G+6S5YFmjvrPYROT/e6c7eM8hQHothhIt4YdbcvtFRDET7/m49r 0aRFBWwzzOBeLzgErG3FZDTlL+GmsBnyU3ne0OFWbqxE1EuqSkA9YzFP7bo3POahB/7X40 R3dyJPh5wgtl/jYeiiltJAWA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id e77b18a0 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sun, 16 Oct 2022 10:04:42 +0000 (UTC) References: <0df50579-d645-5a43-d558-4c49e503bb57@brendan.scot> Date: Sun, 16 Oct 2022 11:45:00 +0200 In-reply-to: <0df50579-d645-5a43-d558-4c49e503bb57@brendan.scot> BIMI-Selector: v=BIMI1; s=default; Message-ID: <87y1tgulqk.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" Reply-to: Tobias Geerinckx-Rice From: Tobias Geerinckx-Rice via Bug reports for GNU Guix X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1665914712; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=DthG5qdmTbwtYw1pi/0VLG48J7kEwWXYXqTKfPPztgU=; b=Zd7h8qaAotH4EH8FU7yUA/o4479xKhhUxRy4pWPXCPcGaTOgIwvp0WwHrIJKne7W3QPuze jcT/EAYca1WMpaRwzuewNBU3HguncFqptFofKOjUhO2T9pXUc4t8PwVnLG5K0bW97tPu1f QaiP+YhIEVfykcZsLOPQ1KSFY6wXse/WW/RsD0Wj2H1b+f8Z732rlj/s3dQxmloV0hH8Az BFCMRPYNYjEBFCodlaxGV3FLbAtDFXjOjN5L8BxVlEsY6PzsQvMNIdIyCOjuDxcIyJHjVw Lj/uhEILAeu4Z7Hw2XvpaADyRLwZsUw5AvDePhynM/a/EcV+6FpfiTqwOcXbZg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1665914712; a=rsa-sha256; cv=none; b=n91JdAlW3/Lqfe6wKoEcitMaa/3paB81itGs+VQwucN0DzZnzRJmYRFEg+g7aGyH4q4RL+ izAJAZ6duiM2DnItuY9pLYmFaBRwwLfmbtizOqSiViz8S0pQo5Ga2Z3+qpXxYkaVdaFwjw sJp2E9pvsrvNg12vL2vBP3WuGsJcEGi3m9gh0mz71fMG/pHXzHAMurwEw7/b3znLWMkmMh na4Ufid5igSFR8X3K5x8MRFWSNz8RUBsk/UptliEKfquibtPnjARUGQyWPFdxqyndkOZiK tan0R1sc/EnNXPRt1ZJluE8UQ7l5w7VJwnkSR3B/uFKEDxx0S677JOnog+24wg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=OPNOPJRV; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.30 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=OPNOPJRV; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 1CE1F1E216 X-Spam-Score: -4.30 X-Migadu-Scanner: scn0.migadu.com X-TUID: FOMXx+dvl2gI --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi Brendan, Oh! This is a fun one! Brendan Tildesley =E5=86=99=E9=81=93=EF=BC=9A > However what concerned me more is that when I look in the source=20 > code > it looks like this: > > (sha256 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (base32=20 > "9yy5c29zxpli4cddknmdvjkgii3j7pvw6lhwqfrqjc8jh83gm8f8")) > > > Notice how at the start its a '9', not a '1'? [=E2=80=A6] > Is there a bug with how guix is reading/writing sha256 hashes? It's=E2=80=A6 not a bug. It's the opposite, kind of, although maybe=20 (probably) Guix could (should) reject clearly bogus input like=20 this. What's happening is this: In what can be described only as a bizarre coincidence, sha256=20 produces hashes that are 256 bits long. Base32=C2=B9 encodes 5 bits per character. Our =E2=80=98hash=E2=80=99 stri= ngs are=20 currently 52 characters long, meaning they encode 260 bits. If you poke around Guix, you'll notice that every valid base32=20 =E2=80=98sha256=E2=80=99 hash starts with a 0 or a 1, because those 4 leftm= ost=20 bits are never used, and hence set to zero. In the case of this "9=E2=80=A6" =E2=80=98hash=E2=80=99 (which was random d= ata, I guess?),=20 Guix still reads only 256 bits of the 260, and ignores those 4=20 =E2=80=98extra=E2=80=99 leftmost bits. When it later prints the hash, it converts those 256 bits back to=20 base32, now padded with zeroes, and you see a =E2=80=98hash=E2=80=99 starti= ng with=20 1. What Guix could do is refuse to continue when it detects set=20 higher bits, as they always indicate programmer error. Kind regards, T G-R 1: Guix uses =E2=80=98nix-base32=E2=80=99 which uses a slightly different a= lphabet=20 from the more common base32 variant, but is otherwise identical in=20 operation. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY0vXcw0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15c10BAO5xfaxF596dkXKYFwiyK69C6UJNNSt5BU7cQSkY E7T8AQCRXN+NGyaaE5UuIrJsVusUp22uf0rny4EtIYp8Kpx7Cw== =A3ki -----END PGP SIGNATURE----- --=-=-=--