GNU bug report logs - #58561
Source hash mismatch with aggregator + possible guix bug with hashes.

Previous Next

Package: guix;

Reported by: mail <at> brendan.scot

Date: Sun, 16 Oct 2022 03:43:02 UTC

Severity: normal

Done: Brendan Tildesley <mail <at> brendan.scot>

Bug is archived. No further changes may be made.

Full log

Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: mail <at> brendan.scot
Cc: bug-guix <at> gnu.org, 58561 <at> debbugs.gnu.org
Subject: Re: bug#58561: Source hash mismatch with aggregator + possible guix
 bug with hashes.
Date: Sun, 16 Oct 2022 11:45:00 +0200

[Message part 1 (text/plain, inline)]
Hi Brendan,

Oh!  This is a fun one!

Brendan Tildesley 写道:
> However what concerned me more is that when I look in the source 
> code
> it looks like this:
>
> (sha256
>         (base32 
> "9yy5c29zxpli4cddknmdvjkgii3j7pvw6lhwqfrqjc8jh83gm8f8"))
>
>
> Notice how at the start its a '9', not a '1'?
[…]
> Is there a bug with how guix is reading/writing sha256 hashes?

It's… not a bug.  It's the opposite, kind of, although maybe 
(probably) Guix could (should) reject clearly bogus input like 
this.

What's happening is this:

In what can be described only as a bizarre coincidence, sha256 
produces hashes that are 256 bits long.

Base32¹ encodes 5 bits per character.  Our ‘hash’ strings are 
currently 52 characters long, meaning they encode 260 bits.

If you poke around Guix, you'll notice that every valid base32 
‘sha256’ hash starts with a 0 or a 1, because those 4 leftmost 
bits are never used, and hence set to zero.

In the case of this "9…" ‘hash’ (which was random data, I guess?), 
Guix still reads only 256 bits of the 260, and ignores those 4 
‘extra’ leftmost bits.

When it later prints the hash, it converts those 256 bits back to 
base32, now padded with zeroes, and you see a ‘hash’ starting with 
1.

What Guix could do is refuse to continue when it detects set 
higher bits, as they always indicate programmer error.

Kind regards,

T G-R

1: Guix uses ‘nix-base32’ which uses a slightly different alphabet 
from the more common base32 variant, but is otherwise identical in 
operation.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 102 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.