From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eEMACF4c+l5ocgAA0tVLHw (envelope-from ) for ; Mon, 29 Jun 2020 16:52:46 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id WPjYA14c+l4/UAAA1q6Kng (envelope-from ) for ; Mon, 29 Jun 2020 16:52:46 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8EF099401AE for ; Mon, 29 Jun 2020 16:52:45 +0000 (UTC) Received: from localhost ([::1]:43310 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jpx1P-0005RF-W7 for larch@yhetil.org; Mon, 29 Jun 2020 12:52:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58480) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jpx0k-0004o7-3U for guix-patches@gnu.org; Mon, 29 Jun 2020 12:52:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:37721) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jpx0j-0000vP-QX for guix-patches@gnu.org; Mon, 29 Jun 2020 12:52:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jpx0j-00028h-Ob for guix-patches@gnu.org; Mon, 29 Jun 2020 12:52:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42019] [PATCH v2] website: Add integrity to JSON sources. References: <20200623151323.29639-1-zimon.toutoune@gmail.com> In-Reply-To: <20200623151323.29639-1-zimon.toutoune@gmail.com> Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 29 Jun 2020 16:52:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42019 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42019@debbugs.gnu.org Cc: zimoun Received: via spool by 42019-submit@debbugs.gnu.org id=B42019.15934494758129 (code B ref 42019); Mon, 29 Jun 2020 16:52:01 +0000 Received: (at 42019) by debbugs.gnu.org; 29 Jun 2020 16:51:15 +0000 Received: from localhost ([127.0.0.1]:49267 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpwzz-000272-5G for submit@debbugs.gnu.org; Mon, 29 Jun 2020 12:51:15 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:33244) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpwzv-00026d-8F for 42019@debbugs.gnu.org; Mon, 29 Jun 2020 12:51:13 -0400 Received: by mail-wm1-f67.google.com with SMTP id a6so14128329wmm.0 for <42019@debbugs.gnu.org>; Mon, 29 Jun 2020 09:51:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5SCBqqoJ4Knoxv/Ea/p3QLx6Zw6XclkwWNTl4hmBnLY=; b=ivbgHke7XPcmpcl8lSySk4k3no/Ocp8yQOD+7pd7Ro10n9cE4wGhSEgNNa3aIjV5B5 EAX9AnyroRZwd7A5lEBfb1REJCBq9RnAmSN4OChT1D73sbHB1vIdE/0EoTM8lwBNqVF9 tQYHwyy/yuzSDBWFCADNZzE6TkgeYLcor5dnzaGx9fKdIJ934ZXapo3I2+HE5bYGuU5S IROM2wL9ESM+m1jn8T46jcUHn5tJlLzb13FQOTza5VjDAdpv7w7ztJIOHvTOcFCLofhH NICWGA0OfomthPmxxBA8oEjkNogsIMwR8LUDFNdKMWE9ckfMtqzCYa5UgR8z0LUmT0j7 Xrtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5SCBqqoJ4Knoxv/Ea/p3QLx6Zw6XclkwWNTl4hmBnLY=; b=naSjZdxmGrhYOp43RB+gJpJ+F+2Wd/vajCew79nWOdoBr+rs3bkjb/hDnH6z3hVRxV 5H/y6CBSmAE7qkJirynL0FQf0t6Cd1J0DyH93dBCpv1jChkgGOgZh3f2mtYImLKeJqDY ssm1215a7UwJ0BIKYvoy7e/+Nk/Y4k1hnBvi4WRXKfS3mXaXv+nnNHrUnO0j3A3A1eqa SLRRZUsA9m0f3zV5MNQHhFe+Zkv5yupRTdXFmrMiFnJKXQ2WzB5+JeB7fzprW5ht2Aa6 vggIKTVbXTRR+k9q8I7M725QzCCqS/4PVuvXv1DUS/B4g58gBLvl+ciLtwU0aR1Y/3AT yYGw== X-Gm-Message-State: AOAM533T5nXnJmH0z/sDyqgi2ttApjoGl0RL129SkBA6eJbf3M0rL62v 4VQLTi4GI7XDm+eYTGsJD5uXbuMTfX8= X-Google-Smtp-Source: ABdhPJx+ryNl6H6a6Fm9Z8yNwT6tBAXq3pFcAUx1CVoTyvueznJ1ycQ12HxfdZdWnKitfTWhnErwVw== X-Received: by 2002:a1c:154:: with SMTP id 81mr17104468wmb.23.1593449465043; Mon, 29 Jun 2020 09:51:05 -0700 (PDT) Received: from pfiuh02.univ-paris-diderot.fr ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id e5sm440731wrs.33.2020.06.29.09.51.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jun 2020 09:51:04 -0700 (PDT) From: zimoun Date: Mon, 29 Jun 2020 18:50:57 +0200 Message-Id: <20200629165057.9451-1-zimon.toutoune@gmail.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=ivbgHke7; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 4.09 X-TUID: iP3vxIEs3L6j * website/apps/packages/builder.scm (origin->json): Add integrity field using SRI format. --- website/apps/packages/builder.scm | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/website/apps/packages/builder.scm b/website/apps/packages/builder.scm index d2bccd7..fa488a5 100644 --- a/website/apps/packages/builder.scm +++ b/website/apps/packages/builder.scm @@ -46,6 +46,9 @@ #:use-module (guix hg-download) #:use-module (guix utils) ;location #:use-module ((guix build download) #:select (maybe-expand-mirrors)) + #:use-module ((guix base64) #:select (base64-encode)) + #:use-module ((guix describe) #:select (current-profile)) + #:use-module ((guix config) #:select (%guix-version)) #:use-module (json) #:use-module (ice-9 match) #:use-module ((web uri) #:select (string->uri uri->string)) @@ -114,7 +117,7 @@ ,@(cond ((or (eq? url-fetch method) (eq? url-fetch/tarbomb method) (eq? url-fetch/zipbomb method)) - `(("url" . ,(list->vector + `(("urls" . ,(list->vector (resolve (match uri ((? string? url) (list url)) @@ -128,6 +131,16 @@ ((eq? hg-fetch method) `(("hg_url" . ,(hg-reference-url uri)))) (else '())) + ,@(if (or (eq? url-fetch method) + (eq? url-fetch/tarbomb method) + (eq? url-fetch/zipbomb method)) + (let* ((content-hash (origin-hash origin)) + (hash-value (content-hash-value content-hash)) + (hash-algorithm (content-hash-algorithm content-hash)) + (algorithm-string (symbol->string hash-algorithm))) + `(("integrity" . ,(string-append algorithm-string "-" + (base64-encode hash-value))))) + '()) ,@(if (eq? method git-fetch) `(("git_ref" . ,(git-reference-commit uri))) '()) @@ -174,9 +187,11 @@ scm->json)) (define (sources-json-builder) - "Return a JSON page listing all the sources. - -See ." + "Return a JSON page listing all the sources." + ;; The Software Heritage format is described here: + ;; https://forge.softwareheritage.org/source/swh-loader-core/browse/master/swh/loader/package/nixguix/tests/data/https_nix-community.github.io/nixpkgs-swh_sources.json + ;; And the loader is implemented here: + ;; https://forge.softwareheritage.org/source/swh-loader-core/browse/master/swh/loader/package/nixguix/ (define (package->json package) `(,@(if (origin? (package-source package)) (origin->json (package-source package)) @@ -185,7 +200,13 @@ See ." (make-page "sources.json" `(("sources" . ,(list->vector (map package->json (all-packages)))) - ("version" . "1")) + ("version" . "1") + ("revision" . + ,(match (current-profile) + (#f %guix-version) ;for lack of a better ID + (profile + (let ((channel (find guix-channel? (profile-channels profile)))) + (channel-commit channel)))))) scm->json)) (define (index-builder) -- 2.26.2