Use digest crate (#984)

Use the digest crate Remove the bespoke hasher implementation, dropping the ring dependency. This commit also updates the el9 BuildRequires list. Closes #983
ctc-oss · Jan 3, 2024 · b97feb1 · b97feb1
1 parent 36cc3a0
commit b97feb1
Show file tree

Hide file tree

Showing 9 changed files with 111 additions and 87 deletions.
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -17,3 +17,4 @@ jobs:
         with:
           ignores: ci,documentation,release
           contrib_url: https://github.com/ctc-oss/fapolicy-analyzer/blob/master/CONTRIBUTING.md#changelog-updates
+          debug: true
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/trust/src/ops.rs b/crates/trust/src/ops.rs
@@ -6,12 +6,11 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
 
+use fapolicy_util::sha::sha256_digest;
 use std::collections::HashMap;
 use std::fs::File;
 use std::io::BufReader;
 
-use fapolicy_util::sha::sha256_digest;
-
 use crate::db::{Rec, DB};
 use crate::error::Error;
 use crate::ops::TrustOp::{Add, Del, Ins};
@@ -101,7 +100,7 @@ pub fn get_path_action_map(cs: &Changeset) -> HashMap<String, String> {
     cs.changes.iter().map(to_pair).collect()
 }
 
-fn new_trust_record(path: &str) -> Result<Trust, fapolicy_util::sha::Error> {
+fn new_trust_record(path: &str) -> Result<Trust, Error> {
     let f = File::open(path)?;
     let sha = sha256_digest(BufReader::new(&f))?;
 

diff --git a/crates/util/Cargo.toml b/crates/util/Cargo.toml
@@ -6,7 +6,7 @@ version = "0.4.1"
 edition = "2021"
 
 [dependencies]
-data-encoding = "2.3.1"
-ring = "0.17"
 thiserror = "1.0"
 nom = "7.1"
+digest = "0.10"
+sha2 = "0.10"
diff --git a/crates/util/src/sha.rs b/crates/util/src/sha.rs
@@ -6,34 +6,25 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
 
+use digest::Digest;
+use sha2::Sha256;
 use std::io;
 use std::io::Read;
 
 use thiserror::Error;
 
-use data_encoding::HEXLOWER;
-use ring::digest::{Context, SHA256};
-
 #[derive(Error, Debug)]
 pub enum Error {
     #[error("error generating hash, {0}")]
     HashingError(#[from] io::Error),
 }
 
 /// generate a sha256 hash as a string
-pub fn sha256_digest<R: Read>(mut reader: R) -> Result<String, Error> {
-    let mut context = Context::new(&SHA256);
-    let mut buffer = [0; 1024];
-
-    loop {
-        let count = reader.read(&mut buffer)?;
-        if count == 0 {
-            break;
-        }
-        context.update(&buffer[..count]);
-    }
-
-    Ok(HEXLOWER.encode(context.finish().as_ref()))
+pub fn sha256_digest<R: Read>(mut src: R) -> Result<String, Error> {
+    let mut hasher = Sha256::new();
+    io::copy(&mut src, &mut hasher)?;
+    let hash = hasher.finalize();
+    Ok(format!("{:x}", hash))
 }
 
 // tested with integration tests
diff --git a/crates/util/tests/data/mt.txt b/crates/util/tests/data/mt.txt
diff --git a/crates/util/tests/sha256_test.rs b/crates/util/tests/sha256_test.rs
@@ -11,9 +11,17 @@ use std::fs::File;
 use std::io::BufReader;
 
 #[test]
-fn test_hashme() {
+fn test_non_empty() {
     let expected = "047bc85db1001a7c98c13f594178d339efc60e3b099af5d27a65498ddc808f55";
     let f = File::open("tests/data/hashme.txt").expect("failed to open file");
     let actual = sha256_digest(BufReader::new(&f)).expect("failed to hash file");
     assert_eq!(actual, expected);
 }
+
+#[test]
+fn test_empty() {
+    let expected = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
+    let f = File::open("tests/data/mt.txt").expect("failed to open file");
+    let actual = sha256_digest(BufReader::new(&f)).expect("failed to hash file");
+    assert_eq!(actual, expected);
+}
diff --git a/news/984.packaging.md b/news/984.packaging.md
@@ -0,0 +1 @@
+Use digest crate for sha256 hashing, removing need for ring crate.
diff --git a/scripts/srpm/fapolicy-analyzer.el9.spec b/scripts/srpm/fapolicy-analyzer.el9.spec
@@ -45,72 +45,63 @@ BuildRequires: lmdb-devel
 
 BuildRequires: rust-packaging
 
+BuildRequires: rust-arc-swap-devel
 BuildRequires: rust-assert_matches-devel
 BuildRequires: rust-autocfg-devel
-BuildRequires: rust-bitflags-devel
+BuildRequires: rust-bindgen-devel
+BuildRequires: rust-block-buffer-devel
 BuildRequires: rust-bumpalo-devel
-BuildRequires: rust-byteorder-devel
 BuildRequires: rust-cc-devel
+BuildRequires: rust-cexpr-devel
 BuildRequires: rust-cfg-if-devel
 BuildRequires: rust-chrono-devel
+BuildRequires: rust-clang-sys-devel
 BuildRequires: rust-confy-devel
-BuildRequires: rust-crossbeam-channel-devel
-BuildRequires: rust-crossbeam-deque-devel
+BuildRequires: rust-cpufeatures-devel
 BuildRequires: rust-crossbeam-epoch-devel
 BuildRequires: rust-crossbeam-utils-devel
-BuildRequires: rust-data-encoding-devel
-#BuildRequires: rust-dbus-devel
+BuildRequires: rust-crypto-common-devel
+BuildRequires: rust-digest-devel
 BuildRequires: rust-directories-devel
 BuildRequires: rust-dirs-sys-devel
 BuildRequires: rust-either-devel
-BuildRequires: rust-fastrand-devel
+BuildRequires: rust-generic-array-devel
 BuildRequires: rust-getrandom-devel
-BuildRequires: rust-iana-time-zone-devel
-BuildRequires: rust-is_executable-devel
+BuildRequires: rust-glob-devel
+BuildRequires: rust-heck-devel
+BuildRequires: rust-indoc-devel
 BuildRequires: rust-instant-devel
 BuildRequires: rust-lazy_static-devel
 BuildRequires: rust-libc-devel
-#BuildRequires: rust-libdbus-sys-devel
-#BuildRequires: rust-lmdb-devel
+BuildRequires: rust-libloading-devel
 BuildRequires: rust-lock_api-devel
 BuildRequires: rust-log-devel
 BuildRequires: rust-memchr-devel
 BuildRequires: rust-memoffset-devel
-BuildRequires: rust-minimal-lexical-devel
 BuildRequires: rust-nom-devel
 BuildRequires: rust-num-integer-devel
 BuildRequires: rust-num-traits-devel
 BuildRequires: rust-num_cpus-devel
-BuildRequires: rust-once_cell-devel
+BuildRequires: rust-option-ext-devel
 BuildRequires: rust-parking_lot-devel
-BuildRequires: rust-parking_lot_core-devel
 BuildRequires: rust-pkg-config-devel
-BuildRequires: rust-proc-macro-hack-devel
 BuildRequires: rust-proc-macro2-devel
-#BuildRequires: rust-pyo3-devel
-#BuildRequires: rust-pyo3-log-devel
-BuildRequires: rust-quote-devel
 BuildRequires: rust-rayon-devel
-BuildRequires: rust-rayon-core-devel
-BuildRequires: rust-remove_dir_all-devel
-BuildRequires: rust-ring-devel
-BuildRequires: rust-scopeguard-devel
-BuildRequires: rust-serde-devel
-BuildRequires: rust-serde_derive-devel
+BuildRequires: rust-regex-devel
+BuildRequires: rust-regex-syntax-devel
+BuildRequires: rust-rustc-hash-devel
+BuildRequires: rust-sha2-devel
+BuildRequires: rust-shlex-devel
 BuildRequires: rust-similar-devel
 BuildRequires: rust-smallvec-devel
-BuildRequires: rust-spin-devel
 BuildRequires: rust-syn-devel
-BuildRequires: rust-tempfile-devel
+BuildRequires: rust-target-lexicon-devel
 BuildRequires: rust-thiserror-devel
-BuildRequires: rust-thiserror-impl-devel
-BuildRequires: rust-time0.1-devel
-BuildRequires: rust-toml-devel
-BuildRequires: rust-unicode-xid-devel
+BuildRequires: rust-typenum-devel
+BuildRequires: rust-unicode-ident-devel
 BuildRequires: rust-unindent-devel
-BuildRequires: rust-untrusted-devel
-BuildRequires: rust-paste-devel
-BuildRequires: rust-indoc-devel
+BuildRequires: rust-version_check-devel
+BuildRequires: rust-which-devel
 
 Requires:      python3
 Requires:      python3-gobject
@@ -119,7 +110,7 @@ Requires:      python3-configargparse
 Requires:      python3-more-itertools
 Requires:      python3-rx
 Requires:      python3-importlib-metadata
-Requires:      python3-toml 
+Requires:      python3-toml
 
 Requires:      gtk3
 Requires:      gtksourceview3
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Use digest crate for sha256 hashing, removing need for ring crate.