From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id KI6VOyYe8l5sRAAA0tVLHw (envelope-from ) for ; Tue, 23 Jun 2020 15:22:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 6KFmNyYe8l4rIwAAbx9fmQ (envelope-from ) for ; Tue, 23 Jun 2020 15:22:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 39C7D940B0C for ; Tue, 23 Jun 2020 15:22:14 +0000 (UTC) Received: from localhost ([::1]:48618 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jnkkV-0003lw-B0 for larch@yhetil.org; Tue, 23 Jun 2020 11:22:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45150) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jnkkM-0003jl-Jz for guix-patches@gnu.org; Tue, 23 Jun 2020 11:22:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:53652) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jnkkL-0007Yz-TD for guix-patches@gnu.org; Tue, 23 Jun 2020 11:22:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jnkkL-0006Sy-PO for guix-patches@gnu.org; Tue, 23 Jun 2020 11:22:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42019] [PATCH 1/1] website: Add integrity to JSON sources. References: <20200623151323.29639-1-zimon.toutoune@gmail.com> In-Reply-To: <20200623151323.29639-1-zimon.toutoune@gmail.com> Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 23 Jun 2020 15:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42019 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42019@debbugs.gnu.org Cc: zimoun Received: via spool by 42019-submit@debbugs.gnu.org id=B42019.159292571224840 (code B ref 42019); Tue, 23 Jun 2020 15:22:01 +0000 Received: (at 42019) by debbugs.gnu.org; 23 Jun 2020 15:21:52 +0000 Received: from localhost ([127.0.0.1]:36965 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnkkB-0006Sa-Ph for submit@debbugs.gnu.org; Tue, 23 Jun 2020 11:21:52 -0400 Received: from mail-wr1-f43.google.com ([209.85.221.43]:42376) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jnkk9-0006SN-KH for 42019@debbugs.gnu.org; Tue, 23 Jun 2020 11:21:50 -0400 Received: by mail-wr1-f43.google.com with SMTP id o11so13244368wrv.9 for <42019@debbugs.gnu.org>; Tue, 23 Jun 2020 08:21:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=O+lryE6sgzmhEzUsnEWC9eVcX9quyQkDEHN/amD0iMo=; b=q6jUr8RefnjPdSaLqypM+dC+LOKj+ixFm1sLBAcuaNU5HZ6J7wwy47tXHw45yMenxh 6AmnR6x/ZxsEfmAdXZxT5oXlBpkOdRzY4Tg6TYA6FfZOtomt5RxFzohJ+ySfZRRXSFCO aX+B8DW90mF/pDH8UAhU9BTvtuIVDUP8w9zZZ2LO1JE2giHkIavXX4dp3zZcQvEroS1f V0Bqr2xcBvR/adcxxHfWwGSeLAhie78iWHVYyNOQlH6wrCW32oeLW61XsKiawhMvMAt4 UTd8aM5xRWYk52gN0cwj9pWAbNnA676eS40GsJohPZw0iBF8ziMP0rwalvawJBd9aYQq de0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=O+lryE6sgzmhEzUsnEWC9eVcX9quyQkDEHN/amD0iMo=; b=iY56KC17Q5lGvo3iUcYezia1LWt9KvNQaI9c1zFg5Rkj9jmEWoF2+hV+049dwXQK/R 08bx3FG5/rdBolXJ98OaTf76KhZFDtmDUm/SDa8u59QQ5yMfjkgPo68ZSkSKN8fzeJ1x pha4UkShgkXLjzbsu38GkOrMBRcITwzQ7gPXjAvYTu+HK8RYH6V4OlUgls915pAUTlDC e5qV6smYuCBVlygZmNA2TOzmhI018RkH7p9rCVbis9I4n/zW0RmBAlMoWP+gSVYaFWiT St46y8shRIMg3/W6aCgG2JTzhIXhTWED0n/H7Z9VVXX6mnFrS9HB5FqWBMWdZgMftvop JCIg== X-Gm-Message-State: AOAM5321Cg+7XQas/6A/74cZVYb3jTmflVsdSKxFEDQquAmmBSkitTRU 3bAy6EdW6NI0dDiPVH3RRWL9PE7/Xao= X-Google-Smtp-Source: ABdhPJz7obllbnAH3vgAM0Jjk85jGmQd4iLTrFqP2/aoh0y6wc+JSVbWPEgYF4+zQoAhag9Q/+gcpQ== X-Received: by 2002:a5d:4687:: with SMTP id u7mr10798938wrq.357.1592925703291; Tue, 23 Jun 2020 08:21:43 -0700 (PDT) Received: from localhost.localdomain ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id c143sm4003961wmd.1.2020.06.23.08.21.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jun 2020 08:21:42 -0700 (PDT) From: zimoun Date: Tue, 23 Jun 2020 17:21:39 +0200 Message-Id: <20200623152139.512-1-zimon.toutoune@gmail.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=q6jUr8Re; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 4.09 X-TUID: SAhBQ9J9s+uW * website/apps/packages/builder.scm (origin->json): Add integrity field using SRI format. --- website/apps/packages/builder.scm | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/website/apps/packages/builder.scm b/website/apps/packages/builder.scm index d2bccd7..e20d672 100644 --- a/website/apps/packages/builder.scm +++ b/website/apps/packages/builder.scm @@ -46,6 +46,8 @@ #:use-module (guix hg-download) #:use-module (guix utils) ;location #:use-module ((guix build download) #:select (maybe-expand-mirrors)) + #:use-module ((guix base64) #:select (base64-encode)) + #:use-module ((guix config) #:select (%guix-version)) #:use-module (json) #:use-module (ice-9 match) #:use-module ((web uri) #:select (string->uri uri->string)) @@ -114,7 +116,7 @@ ,@(cond ((or (eq? url-fetch method) (eq? url-fetch/tarbomb method) (eq? url-fetch/zipbomb method)) - `(("url" . ,(list->vector + `(("urls" . ,(list->vector (resolve (match uri ((? string? url) (list url)) @@ -128,6 +130,16 @@ ((eq? hg-fetch method) `(("hg_url" . ,(hg-reference-url uri)))) (else '())) + ,@(if (or (eq? url-fetch method) + (eq? url-fetch/tarbomb method) + (eq? url-fetch/zipbomb method)) + (let* ((content-hash (origin-hash origin)) + (hash-value (content-hash-value content-hash)) + (hash-algorithm (content-hash-algorithm content-hash)) + (algorithm-string (symbol->string hash-algorithm))) + `(("integrity" . ,(string-append algorithm-string "-" + (base64-encode hash-value))))) + '()) ,@(if (eq? method git-fetch) `(("git_ref" . ,(git-reference-commit uri))) '()) @@ -174,9 +186,11 @@ scm->json)) (define (sources-json-builder) - "Return a JSON page listing all the sources. - -See ." + "Return a JSON page listing all the sources." + ;; The Software Heritage format is described here: + ;; https://forge.softwareheritage.org/source/swh-loader-core/browse/master/swh/loader/package/nixguix/tests/data/https_nix-community.github.io/nixpkgs-swh_sources.json + ;; And the loader is implemented here: + ;; https://forge.softwareheritage.org/source/swh-loader-core/browse/master/swh/loader/package/nixguix/ (define (package->json package) `(,@(if (origin? (package-source package)) (origin->json (package-source package)) @@ -185,7 +199,8 @@ See ." (make-page "sources.json" `(("sources" . ,(list->vector (map package->json (all-packages)))) - ("version" . "1")) + ("version" . "1") + ("revision" . ,%guix-version)) scm->json)) (define (index-builder) -- 2.26.2