treewide: convert all sha256 to hash in pypi fetchers

[Aleksanaa]

Description of changes

Same as #326858, part of #325892.

Changed packages are 0 rebuilds, but unsure if all are

treewide script

#!/usr/bin/env bash

EDITED_LOG=./edited-log
PROBLEM_LOG=./problem-log
SEARCH_CACHE=./search-cache

mkfifo nix_repl_in
mkfifo nix_repl_out

trap "rm -f nix_repl_in nix_repl_out" EXIT

# if replacing more files we can remove 2>/dev/null
nix repl < nix_repl_in > nix_repl_out 2>/dev/null &
NIX_REPL_PID=$!

sleep 2

exec 13>nix_repl_in
exec 14< nix_repl_out

extract_output() {
  output=$(echo $1 | ansi2txt)
  if [[ $output == "\"\"" ]]; then
    return 1
  elif [[ $output =~ ^\"([^\"]+)\"$ ]]; then
    echo "${BASH_REMATCH[1]}"
  elif [[ $output == "null" ]]; then
    echo "null"
  else
    return 1
  fi
}

send_repl() {
  local cmd=$1
  echo "$cmd" >&13
  # echo "$cmd" > ./repl_in
  while IFS= read -r -d $'\n' line <&14; do
    if [[ -z "$line" ]]; then
      return 1
    else
      echo "$(extract_output $line)"
      # echo "$line" > ./repl_out
    fi
  done
}

replace_hash() {
  local attr_name=$1
  
  local hashAlgo=$(send_repl "${attr_name}.src.outputHashAlgo") || return 1
  # Only to limit scope here, can be adjusted
  local hashUrl=$(send_repl "${attr_name}.src.url") || return 1

  if [[ "$hashAlgo" == "sha256" ]] && [[ "$hashUrl" == "mirror://pypi/"* ]]; then
    local hash=$(send_repl "${attr_name}.src.outputHash") || return 1
    # echo "$attr_name hash"
    local sri_hash=$(nix hash convert --to sri --hash-algo sha256 $hash)
    if [ $? -eq 0 ]; then
      local position=$(send_repl "${attr_name}.meta.position") || return 1

      [[ $position == "null" ]] && return 1
      
      local position_file=${position%%:*}

      grep -q "sha256 = \"$hash\"" $position_file
      if [ $? -eq 0 ]; then
        local outPath=$(send_repl "${attr_name}.outPath") || return 1
        echo "editing: ${attr_name}:${position_file}"
        sed -i "s|sha256 = \"$hash\"|hash = \"$sri_hash\"|" $position_file
        echo "${attr_name}:${position_file}:${outPath}" >> $EDITED_LOG
      fi
    fi
  fi
}

verify_hash() {
  local attr_name=$1
  local position_file=$2
  local outPath=$3

  local new_outPath=$(send_repl "${attr_name}.outPath")
  if [ $? -ne 0 ] || [[ "$outPath" != "$new_outPath" ]]; then
    echo "problem: ${attr_name}:${position_file}"
    # echo "'$outPath' != '$new_outPath'"
    echo "${attr_name}:${position_file}:${outPath}" >> $PROBLEM_LOG
  fi
}

[[ -f "$SEARCH_CACHE" ]] || nix search . ^ --json > $SEARCH_CACHE

pkg_list=($(cat $SEARCH_CACHE | jq --raw-output 'keys_unsorted | @sh'))

send_repl ":l ./."

sleep 1

echo "starting to replace"

for pkg_raw in ${pkg_list[@]}; do
  pkg=${pkg_raw#*.*.}
  pkg=${pkg%\'}
  replace_hash $pkg
done

send_repl ":r"

sleep 1

echo "starting to examine"

while IFS= read -r line; do
  IFS=':' read -r -a parts <<< "$line"
  verify_hash ${parts[@]}
done < "$EDITED_LOG"

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[Aleksanaa]

Link to currently reviewing PR:                                                                                    
https://github.com/NixOS/nixpkgs/pull/327055                                                                       
                                                                                                                   
2 packages built:                                                                                                  
tests.haskell.cabalSdist.assumptionLocalHasDirectReference tests.haskell.cabalSdist.localHasNoDirectReference

[Aleksanaa]

Dropped sphinx, now should be 0 rebuilds