From 9fa2c8ef8e6e4a33f07459c112f0aeb3b4efec7e Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 7 Oct 2024 20:38:53 +0200 Subject: [PATCH 1/2] update to mirage-crypto 1.0.0 API --- bot-components.opam | 8 ++++---- bot-components/GitHub_app.ml | 7 +++---- bot-components/GitHub_subscriptions.ml | 5 ++--- bot-components/dune | 4 ++-- coq-bot.opam | 6 +++--- default.nix | 4 ++-- dune-project | 14 +++++++------- src/config.ml | 5 +---- 8 files changed, 24 insertions(+), 29 deletions(-) diff --git a/bot-components.opam b/bot-components.opam index c08b9c63..502a57ea 100644 --- a/bot-components.opam +++ b/bot-components.opam @@ -15,15 +15,15 @@ depends: [ "lwt_ssl" {>= "1.1.3"} "ssl" {= "0.5.9"} "stdio" {>= "v0.14.0"} - "hex" {>= "1.4.0"} - "mirage-crypto" {>= "0.8.7"} + "ohex" {>= "0.2.0"} + "mirage-crypto" {>= "1.0.0"} "eqaf" {>= "0.7"} "yojson" {>= "1.7.0"} "graphql_ppx" {>= "1.2.0"} - "x509" {>= "0.11.2"} - "cstruct" {>= "5.0.0"} + "x509" {>= "1.0.0"} "ISO8601" {>= "0.2.0"} "camlzip" {>= "1.08"} + "digestif" {>= "1.2.0"} "odoc" {>= "1.5.2" & with-doc} ] build: [ diff --git a/bot-components/GitHub_app.ml b/bot-components/GitHub_app.ml index 22e06583..c436926b 100644 --- a/bot-components/GitHub_app.ml +++ b/bot-components/GitHub_app.ml @@ -10,11 +10,10 @@ let github_headers token = ; ("authorization", "Bearer " ^ token) ] let rs256_sign ~key ~data = - (* Taken from https://github.com/mmaker/ocaml-letsencrypt *) - let data = Cstruct.of_string data in - let h = Mirage_crypto.Hash.SHA256.digest data in + (* Taken from https://github.com/robur-coop/ocaml-letsencrypt *) + let h = Digestif.SHA256.(to_raw_string (digest_string data)) in let pkcs1_digest = X509.Certificate.encode_pkcs1_digest_info (`SHA256, h) in - Mirage_crypto_pk.Rsa.PKCS1.sig_encode ~key pkcs1_digest |> Cstruct.to_string + Mirage_crypto_pk.Rsa.PKCS1.sig_encode ~key pkcs1_digest let base64 = Base64.encode ~pad:false ~alphabet:Base64.uri_safe_alphabet diff --git a/bot-components/GitHub_subscriptions.ml b/bot-components/GitHub_subscriptions.ml index 92310b89..10086461 100644 --- a/bot-components/GitHub_subscriptions.ml +++ b/bot-components/GitHub_subscriptions.ml @@ -240,9 +240,8 @@ let receive_github ~secret headers body = match Header.get headers "X-Hub-Signature" with | Some signature -> let expected = - Mirage_crypto.Hash.SHA1.hmac ~key:(Cstruct.of_string secret) - (Cstruct.of_string body) - |> Hex.of_cstruct |> Hex.show |> f "sha1=%s" + Digestif.SHA1.(to_raw_string (hmac_string ~key:secret body)) + |> Ohex.encode |> f "sha1=%s" in if Eqaf.equal signature expected then Ok (Some install_id) else Error "Webhook signed but with wrong signature." diff --git a/bot-components/dune b/bot-components/dune index a2c5ba1a..e29732d7 100644 --- a/bot-components/dune +++ b/bot-components/dune @@ -1,8 +1,8 @@ (library (name Bot_components) (public_name bot-components) - (libraries base camlzip cohttp-lwt-unix cstruct eqaf hex mirage-crypto stdio - str x509 yojson ISO8601) + (libraries base camlzip cohttp-lwt-unix eqaf ohex mirage-crypto stdio str + x509 yojson ISO8601 digestif) (private_modules GraphQL_query GitHub_GraphQL Utils) (modules_without_implementation GitHub_types GitLab_types) (preprocess diff --git a/coq-bot.opam b/coq-bot.opam index 68c49db1..c10cd98a 100644 --- a/coq-bot.opam +++ b/coq-bot.opam @@ -15,9 +15,9 @@ depends: [ "cohttp-lwt-unix" {>= "2.5.4"} "lwt_ssl" {>= "1.1.3"} "ssl" {>= "0.5.9"} - "mirage-crypto" {>= "0.11.0"} - "mirage-crypto-rng" {>= "0.11.0"} - "mirage-crypto-rng-lwt" {>= "0.11.0"} + "mirage-crypto" {>= "1.0.0"} + "mirage-crypto-rng" {>= "1.0.0"} + "mirage-crypto-rng-lwt" {>= "1.0.0"} "stdio" {>= "v0.14.0"} "yojson" {>= "1.7.0"} "bot-components" {dev} diff --git a/default.nix b/default.nix index f2011d57..a5c0982e 100644 --- a/default.nix +++ b/default.nix @@ -22,7 +22,7 @@ pkgs.stdenv.mkDerivation rec { camlzip cohttp cohttp-lwt-unix - hex + ohex iso8601 mirage-crypto mirage-crypto-rng-lwt @@ -31,7 +31,7 @@ pkgs.stdenv.mkDerivation rec { toml eqaf x509 - cstruct + digestif ppx_expect odoc ]; diff --git a/dune-project b/dune-project index 80011b81..ee67456c 100644 --- a/dune-project +++ b/dune-project @@ -20,9 +20,9 @@ (cohttp-lwt-unix (>= 2.5.4)) (lwt_ssl (>= 1.1.3)) (ssl (>= 0.5.9)) - (mirage-crypto (>= 0.11.0)) - (mirage-crypto-rng (>= 0.11.0)) - (mirage-crypto-rng-lwt (>= 0.11.0)) + (mirage-crypto (>= 1.0.0)) + (mirage-crypto-rng (>= 1.0.0)) + (mirage-crypto-rng-lwt (>= 1.0.0)) (stdio (>= v0.14.0)) (yojson (>= 1.7.0)) (bot-components :dev) @@ -42,14 +42,14 @@ (lwt_ssl (>= 1.1.3)) (ssl (= 0.5.9)) (stdio (>= v0.14.0)) - (hex (>= 1.4.0)) - (mirage-crypto (>= 0.8.7)) + (ohex (>= 0.2.0)) + (mirage-crypto (>= 1.0.0)) (eqaf (>= 0.7)) (yojson (>= 1.7.0)) (graphql_ppx (>= 1.2.0)) - (x509 (>= 0.11.2)) - (cstruct (>= 5.0.0)) + (x509 (>= 1.0.0)) (ISO8601 (>= 0.2.0)) (camlzip (>= 1.08)) + (digestif (>= 1.2.0)) (odoc (and (>= 1.5.2) :with-doc))) ) diff --git a/src/config.ml b/src/config.ml index 6f7c8491..92f1dcb4 100644 --- a/src/config.ml +++ b/src/config.ml @@ -123,10 +123,7 @@ let github_app_id toml_data = let github_private_key () = (*string_of_file_path "./github.private-key.pem"*) - match - Sys.getenv_exn "GITHUB_PRIVATE_KEY" - |> Cstruct.of_string |> X509.Private_key.decode_pem - with + match Sys.getenv_exn "GITHUB_PRIVATE_KEY" |> X509.Private_key.decode_pem with | Ok (`RSA priv) -> priv | Ok _ -> From e720713070b320d7e37a62e25aa26bcd3d0a359f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Zimmermann?= Date: Tue, 22 Oct 2024 12:58:52 +0200 Subject: [PATCH 2/2] Update nixpkgs to get latest mirage-crypto. --- default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default.nix b/default.nix index a5c0982e..d9025e14 100644 --- a/default.nix +++ b/default.nix @@ -1,6 +1,6 @@ { pkgs ? import (fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/280db3decab4cbeb22a4599bd472229ab74d25e1.tar.gz"; - sha256 = "sha256:17n9wji64l7d16s8r100ypwlxkmwrypll4q3wkkfjswbilxkqjr6"; + url = "https://github.com/NixOS/nixpkgs/archive/5ea573ca476915e0ccefb99be5687e4150fa049b.tar.gz"; + sha256 = "0hsg6xjj4iclfrvplsf0rd9xiwkaazvmlp609qiwka65v7wcjja2"; }) { } }: pkgs.stdenv.mkDerivation rec {