From d5f30e6e8920bf2f2547b4033533b394db6ebf08 Mon Sep 17 00:00:00 2001 From: Daniel Salazar Date: Wed, 9 Aug 2023 22:59:19 -0500 Subject: [PATCH] feat(back): #1128 avoid hitting max arg limit - Make _nix_hashes receive bytes so it is compatible with stdin - Make _nix_hashes process provided paths using xargs to avoid hitting ARG_MAX limit - Add findutils to runtime so xargs is available --- makes/cli/env/runtime/main.nix | 1 + src/cli/main/cli.py | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/makes/cli/env/runtime/main.nix b/makes/cli/env/runtime/main.nix index c791fa78..3a3386cd 100644 --- a/makes/cli/env/runtime/main.nix +++ b/makes/cli/env/runtime/main.nix @@ -7,6 +7,7 @@ makeSearchPaths { bin = [ __nixpkgs__.cachix + __nixpkgs__.findutils __nixpkgs__.git __nixpkgs__.gnutar __nixpkgs__.gzip diff --git a/src/cli/main/cli.py b/src/cli/main/cli.py index 10bfa7c4..ff9df91f 100644 --- a/src/cli/main/cli.py +++ b/src/cli/main/cli.py @@ -326,14 +326,14 @@ def _nix_build( ] -def _nix_hashes(*paths: str) -> List[str]: +def _nix_hashes(paths: bytes) -> List[str]: cmd = [ + "xargs", f"{__NIX_STABLE__}/bin/nix-store", "--query", "--hash", - *paths, ] - out, stdout, _ = _run_outputs(cmd, stderr=None) + out, stdout, _ = _run_outputs(cmd, stdin=paths, stderr=None) if out != 0: raise SystemExit(out) @@ -360,7 +360,7 @@ def _nix_build_requisites(path: str) -> List[Tuple[str, str]]: requisites: List[str] = stdout.decode().splitlines() - hashes: List[str] = _nix_hashes(*requisites) + hashes: List[str] = _nix_hashes(stdout) return list(zip(requisites, hashes)) @@ -769,7 +769,7 @@ def write_provenance( attestation["subject"] = [ { "uri": realpath(out), - "hash": dict([_nix_hashes(out)[0].split(":")]), + "hash": dict([_nix_hashes(out.encode())[0].split(":")]), } ]