taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 12:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(deps): update sha2 0.10→0.11, hmac 0.12→0.13 (#75)

Browse Source 
Breaking API changes in digest crate ecosystem:
- sha2 digest returns Array instead of GenericArray
- Replace format!("{:x}", digest) with hex::encode(digest)
- Add digest::KeyInit trait import for Hmac
- Update all hash formatting in docker, npm, s3, tokens
This commit is contained in:
DevITWay | Pavel Volkov
2026-03-31 22:36:29 +03:00
committed by GitHub
parent d6e3f3e129
commit 7c8964f8fa
6 changed files with 111 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
nora-registry/src/registry/docker.rs
View File

@@ -488,7 +488,7 @@ async fn upload_blob(
// Verify digest matches uploaded content (Docker Distribution Spec)
{
use sha2::Digest as _;
let computed = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let computed = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
if computed != *digest {
tracing::warn!(
expected = %digest,
@@ -564,7 +564,7 @@ async fn get_manifest(
// Calculate digest for Docker-Content-Digest header
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
// Detect manifest media type from content
let content_type = detect_manifest_media_type(&data);
@@ -614,7 +614,7 @@ async fn get_manifest(
// Calculate digest for Docker-Content-Digest header
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
// Cache manifest and create metadata (fire and forget)
let storage = state.storage.clone();
@@ -684,7 +684,7 @@ async fn get_manifest(
));
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
// Cache under original name for future local hits
let storage = state.storage.clone();
@@ -726,7 +726,7 @@ async fn put_manifest(
// Calculate digest
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&body));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&body)));
// Store by tag/reference
let key = format!("docker/{}/manifests/{}.json", name, reference);
@@ -819,7 +819,7 @@ async fn delete_manifest(
if is_tag {
if let Ok(data) = state.storage.get(&key).await {
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
let digest_key = format!("docker/{}/manifests/{}.json", name, digest);
let _ = state.storage.delete(&digest_key).await;
let digest_meta = format!("docker/{}/manifests/{}.meta.json", name, digest);

6
nora-registry/src/registry/npm.rs
View File

@@ -107,7 +107,7 @@ async fn handle_request(State(state): State<Arc<AppState>>, Path(path): Path<Str
// Tarball: integrity check if hash exists
let hash_key = format!("{}.sha256", key);
if let Ok(stored_hash) = state.storage.get(&hash_key).await {
let computed = format!("{:x}", sha2::Sha256::digest(&data));
let computed = hex::encode(sha2::Sha256::digest(&data));
let expected = String::from_utf8_lossy(&stored_hash);
if computed != expected.as_ref() {
tracing::error!(
@@ -152,7 +152,7 @@ async fn handle_request(State(state): State<Arc<AppState>>, Path(path): Path<Str
if is_tarball {
// Compute and store sha256
let hash = format!("{:x}", sha2::Sha256::digest(&data));
let hash = hex::encode(sha2::Sha256::digest(&data));
let hash_key = format!("{}.sha256", key);
let storage = state.storage.clone();
tokio::spawn(async move {
@@ -338,7 +338,7 @@ async fn handle_publish(
}
// Store sha256
let hash = format!("{:x}", sha2::Sha256::digest(&tarball_bytes));
let hash = hex::encode(sha2::Sha256::digest(&tarball_bytes));
let hash_key = format!("{}.sha256", tarball_key);
let _ = state.storage.put(&hash_key, hash.as_bytes()).await;
}

11
nora-registry/src/storage/s3.rs
View File

@@ -4,7 +4,7 @@
use async_trait::async_trait;
use axum::body::Bytes;
use chrono::Utc;
use hmac::{Hmac, Mac};
use hmac::{digest::KeyInit, Hmac, Mac};
use sha2::{Digest, Sha256};
use super::{FileMeta, Result, StorageBackend, StorageError};
@@ -79,7 +79,8 @@ impl S3Storage {
method, canonical_uri, canonical_query, canonical_headers, signed_headers, payload_hash
);
let canonical_request_hash = hex::encode(Sha256::digest(canonical_request.as_bytes()));
let canonical_request_hash =
hex::encode(sha2::Sha256::digest(canonical_request.as_bytes()));
// String to sign
let credential_scope = format!("{}/{}/s3/aws4_request", date, self.region);
@@ -257,7 +258,8 @@ impl StorageBackend for S3Storage {
canonical_uri, canonical_headers, signed_headers, payload_hash
);
let canonical_request_hash = hex::encode(Sha256::digest(canonical_request.as_bytes()));
let canonical_request_hash =
hex::encode(sha2::Sha256::digest(canonical_request.as_bytes()));
let credential_scope = format!("{}/{}/s3/aws4_request", date, self.region);
let string_to_sign = format!(
"AWS4-HMAC-SHA256\n{}\n{}\n{}",
@@ -353,7 +355,8 @@ impl StorageBackend for S3Storage {
canonical_uri, canonical_headers, signed_headers, payload_hash
);
let canonical_request_hash = hex::encode(Sha256::digest(canonical_request.as_bytes()));
let canonical_request_hash =
hex::encode(sha2::Sha256::digest(canonical_request.as_bytes()));
let credential_scope = format!("{}/{}/s3/aws4_request", date, self.region);
let string_to_sign = format!(
"AWS4-HMAC-SHA256\n{}\n{}\n{}",

2
nora-registry/src/tokens.rs
View File

@@ -269,7 +269,7 @@ fn verify_token_argon2(token: &str, hash: &str) -> bool {
fn sha256_hex(input: &str) -> String {
let mut hasher = Sha256::new();
hasher.update(input.as_bytes());
format!("{:x}", hasher.finalize())
hex::encode(hasher.finalize())
}
/// Set file permissions to 600 (owner read/write only)