taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 12:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(deps): update sha2 0.10→0.11, hmac 0.12→0.13 (#75)

Browse Source 
Breaking API changes in digest crate ecosystem:
- sha2 digest returns Array instead of GenericArray
- Replace format!("{:x}", digest) with hex::encode(digest)
- Add digest::KeyInit trait import for Hmac
- Update all hash formatting in docker, npm, s3, tokens
This commit is contained in:
DevITWay | Pavel Volkov
2026-03-31 22:36:29 +03:00
committed by GitHub
parent d6e3f3e129
commit 7c8964f8fa
6 changed files with 111 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
nora-registry/src/registry/docker.rs
View File

@@ -488,7 +488,7 @@ async fn upload_blob(
// Verify digest matches uploaded content (Docker Distribution Spec)
{
use sha2::Digest as _;
let computed = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let computed = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
if computed != *digest {
tracing::warn!(
expected = %digest,
@@ -564,7 +564,7 @@ async fn get_manifest(
// Calculate digest for Docker-Content-Digest header
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
// Detect manifest media type from content
let content_type = detect_manifest_media_type(&data);
@@ -614,7 +614,7 @@ async fn get_manifest(
// Calculate digest for Docker-Content-Digest header
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
// Cache manifest and create metadata (fire and forget)
let storage = state.storage.clone();
@@ -684,7 +684,7 @@ async fn get_manifest(
));
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
// Cache under original name for future local hits
let storage = state.storage.clone();
@@ -726,7 +726,7 @@ async fn put_manifest(
// Calculate digest
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&body));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&body)));
// Store by tag/reference
let key = format!("docker/{}/manifests/{}.json", name, reference);
@@ -819,7 +819,7 @@ async fn delete_manifest(
if is_tag {
if let Ok(data) = state.storage.get(&key).await {
use sha2::Digest;
let digest = format!("sha256:{:x}", sha2::Sha256::digest(&data));
let digest = format!("sha256:{}", hex::encode(sha2::Sha256::digest(&data)));
let digest_key = format!("docker/{}/manifests/{}.json", name, digest);
let _ = state.storage.delete(&digest_key).await;
let digest_meta = format!("docker/{}/manifests/{}.meta.json", name, digest);

6
nora-registry/src/registry/npm.rs
View File

@@ -107,7 +107,7 @@ async fn handle_request(State(state): State<Arc<AppState>>, Path(path): Path<Str
// Tarball: integrity check if hash exists
let hash_key = format!("{}.sha256", key);
if let Ok(stored_hash) = state.storage.get(&hash_key).await {
let computed = format!("{:x}", sha2::Sha256::digest(&data));
let computed = hex::encode(sha2::Sha256::digest(&data));
let expected = String::from_utf8_lossy(&stored_hash);
if computed != expected.as_ref() {
tracing::error!(
@@ -152,7 +152,7 @@ async fn handle_request(State(state): State<Arc<AppState>>, Path(path): Path<Str
if is_tarball {
// Compute and store sha256
let hash = format!("{:x}", sha2::Sha256::digest(&data));
let hash = hex::encode(sha2::Sha256::digest(&data));
let hash_key = format!("{}.sha256", key);
let storage = state.storage.clone();
tokio::spawn(async move {
@@ -338,7 +338,7 @@ async fn handle_publish(
}
// Store sha256
let hash = format!("{:x}", sha2::Sha256::digest(&tarball_bytes));
let hash = hex::encode(sha2::Sha256::digest(&tarball_bytes));
let hash_key = format!("{}.sha256", tarball_key);
let _ = state.storage.put(&hash_key, hash.as_bytes()).await;
}