From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id 2O/rKFjXS2PqSAAAbAwnHQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 16 Oct 2022 12:05:12 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id uEwUKFjXS2NTYwEAG6o9tA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 16 Oct 2022 12:05:12 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 1CE1F1E216
	for <larch@yhetil.org>; Sun, 16 Oct 2022 12:05:12 +0200 (CEST)
Received: from localhost ([::1]:60056 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1ok0W7-0003kv-8U
	for larch@yhetil.org; Sun, 16 Oct 2022 06:05:11 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:39276)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ok0W0-0003jU-E7
 for bug-guix@gnu.org; Sun, 16 Oct 2022 06:05:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:44378)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ok0Vz-0002yX-0A
 for bug-guix@gnu.org; Sun, 16 Oct 2022 06:05:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ok0Vy-0003ya-Sg
 for bug-guix@gnu.org; Sun, 16 Oct 2022 06:05:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#58561: Source hash mismatch with aggregator + possible guix bug
 with hashes.
Resent-From: Tobias Geerinckx-Rice <me@tobias.gr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Sun, 16 Oct 2022 10:05:02 +0000
Resent-Message-ID: <handler.58561.B58561.166591469215234@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 58561
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: mail@brendan.scot
Cc: 58561@debbugs.gnu.org
X-Debbugs-Original-Cc: bug-guix@gnu.org, 58561@debbugs.gnu.org
Received: via spool by 58561-submit@debbugs.gnu.org id=B58561.166591469215234
 (code B ref 58561); Sun, 16 Oct 2022 10:05:02 +0000
Received: (at 58561) by debbugs.gnu.org; 16 Oct 2022 10:04:52 +0000
Received: from localhost ([127.0.0.1]:43450 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1ok0Vo-0003xd-IS
 for submit@debbugs.gnu.org; Sun, 16 Oct 2022 06:04:52 -0400
Received: from tobias.gr ([80.241.217.52]:52098)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1ok0Vn-0003xV-3x
 for 58561@debbugs.gnu.org; Sun, 16 Oct 2022 06:04:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=DthG5qdmTbwtY
 w1pi/0VLG48J7kEwWXYXqTKfPPztgU=;
 h=in-reply-to:date:subject:cc:to:
 from:references; d=tobias.gr; b=OPNOPJRV2wxON/aMjp6Dnh2eo/QphPuP0szPBr
 wISn5MoM8DnastvTcKajFsk8W3tSE7efKTOJaWifjPaZsgLbcR72Q3pY6UAbCk8hIiaGGK
 IL3hsPmp0Up+keCyZRDWhZCmk8Mme++nipkr5DZpK6ZD5emd3/gMpHNzboIVa5mzz9qXQa
 sgKi6uNQ2VPg/wDfm76G+6S5YFmjvrPYROT/e6c7eM8hQHothhIt4YdbcvtFRDET7/m49r
 0aRFBWwzzOBeLzgErG3FZDTlL+GmsBnyU3ne0OFWbqxE1EuqSkA9YzFP7bo3POahB/7X40
 R3dyJPh5wgtl/jYeiiltJAWA==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id e77b18a0
 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); 
 Sun, 16 Oct 2022 10:04:42 +0000 (UTC)
References: <0df50579-d645-5a43-d558-4c49e503bb57@brendan.scot>
Date: Sun, 16 Oct 2022 11:45:00 +0200
In-reply-to: <0df50579-d645-5a43-d558-4c49e503bb57@brendan.scot>
BIMI-Selector: v=BIMI1; s=default;
Message-ID: <87y1tgulqk.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
Reply-to:  Tobias Geerinckx-Rice <me@tobias.gr>
From:  Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1665914712;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=DthG5qdmTbwtYw1pi/0VLG48J7kEwWXYXqTKfPPztgU=;
	b=Zd7h8qaAotH4EH8FU7yUA/o4479xKhhUxRy4pWPXCPcGaTOgIwvp0WwHrIJKne7W3QPuze
	jcT/EAYca1WMpaRwzuewNBU3HguncFqptFofKOjUhO2T9pXUc4t8PwVnLG5K0bW97tPu1f
	QaiP+YhIEVfykcZsLOPQ1KSFY6wXse/WW/RsD0Wj2H1b+f8Z732rlj/s3dQxmloV0hH8Az
	BFCMRPYNYjEBFCodlaxGV3FLbAtDFXjOjN5L8BxVlEsY6PzsQvMNIdIyCOjuDxcIyJHjVw
	Lj/uhEILAeu4Z7Hw2XvpaADyRLwZsUw5AvDePhynM/a/EcV+6FpfiTqwOcXbZg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1665914712; a=rsa-sha256; cv=none;
	b=n91JdAlW3/Lqfe6wKoEcitMaa/3paB81itGs+VQwucN0DzZnzRJmYRFEg+g7aGyH4q4RL+
	izAJAZ6duiM2DnItuY9pLYmFaBRwwLfmbtizOqSiViz8S0pQo5Ga2Z3+qpXxYkaVdaFwjw
	sJp2E9pvsrvNg12vL2vBP3WuGsJcEGi3m9gh0mz71fMG/pHXzHAMurwEw7/b3znLWMkmMh
	na4Ufid5igSFR8X3K5x8MRFWSNz8RUBsk/UptliEKfquibtPnjARUGQyWPFdxqyndkOZiK
	tan0R1sc/EnNXPRt1ZJluE8UQ7l5w7VJwnkSR3B/uFKEDxx0S677JOnog+24wg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=OPNOPJRV;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -4.30
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=OPNOPJRV;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 1CE1F1E216
X-Spam-Score: -4.30
X-Migadu-Scanner: scn0.migadu.com
X-TUID: FOMXx+dvl2gI

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi Brendan,

Oh!  This is a fun one!

Brendan Tildesley =E5=86=99=E9=81=93=EF=BC=9A
> However what concerned me more is that when I look in the source=20
> code
> it looks like this:
>
> (sha256
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (base32=20
> "9yy5c29zxpli4cddknmdvjkgii3j7pvw6lhwqfrqjc8jh83gm8f8"))
>
>
> Notice how at the start its a '9', not a '1'?
[=E2=80=A6]
> Is there a bug with how guix is reading/writing sha256 hashes?

It's=E2=80=A6 not a bug.  It's the opposite, kind of, although maybe=20
(probably) Guix could (should) reject clearly bogus input like=20
this.

What's happening is this:

In what can be described only as a bizarre coincidence, sha256=20
produces hashes that are 256 bits long.

Base32=C2=B9 encodes 5 bits per character.  Our =E2=80=98hash=E2=80=99 stri=
ngs are=20
currently 52 characters long, meaning they encode 260 bits.

If you poke around Guix, you'll notice that every valid base32=20
=E2=80=98sha256=E2=80=99 hash starts with a 0 or a 1, because those 4 leftm=
ost=20
bits are never used, and hence set to zero.

In the case of this "9=E2=80=A6" =E2=80=98hash=E2=80=99 (which was random d=
ata, I guess?),=20
Guix still reads only 256 bits of the 260, and ignores those 4=20
=E2=80=98extra=E2=80=99 leftmost bits.

When it later prints the hash, it converts those 256 bits back to=20
base32, now padded with zeroes, and you see a =E2=80=98hash=E2=80=99 starti=
ng with=20
1.

What Guix could do is refuse to continue when it detects set=20
higher bits, as they always indicate programmer error.

Kind regards,

T G-R

1: Guix uses =E2=80=98nix-base32=E2=80=99 which uses a slightly different a=
lphabet=20
from the more common base32 variant, but is otherwise identical in=20
operation.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY0vXcw0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15c10BAO5xfaxF596dkXKYFwiyK69C6UJNNSt5BU7cQSkY
E7T8AQCRXN+NGyaaE5UuIrJsVusUp22uf0rny4EtIYp8Kpx7Cw==
=A3ki
-----END PGP SIGNATURE-----
--=-=-=--