#pragma once

#include <gcrypt.h>

#include "types.hh"
#include "serialise.hh"


namespace nix {


extern const string base32Chars;

typedef enum {
    htUnknown = 0,
    htMD5 = GCRY_MD_MD5,
    htSHA1 = GCRY_MD_SHA1,
    htSHA256 = GCRY_MD_SHA256,
    htSHA512 = GCRY_MD_SHA512,
    htSHA3_256 = GCRY_MD_SHA3_256,
    htSHA3_512 = GCRY_MD_SHA3_512,
    htBLAKE2s_256 = GCRY_MD_BLAKE2S_256
} HashType;

struct Hash
{
    static const unsigned int maxHashSize = 64;
    unsigned int hashSize;
    unsigned char hash[maxHashSize];

    HashType type;

    /* Create an unusable hash object. */
    Hash();

    /* Create a zero-filled hash object. */
    Hash(HashType type);

    /* Check whether two hash are equal. */
    bool operator == (const Hash & h2) const;

    /* Check whether two hash are not equal. */
    bool operator != (const Hash & h2) const;

    /* For sorting. */
    bool operator < (const Hash & h) const;
};


/* Convert a hash to a hexadecimal representation. */
string printHash(const Hash & hash);

/* Parse a hexadecimal representation of a hash code. */
Hash parseHash(HashType ht, const string & s);

/* Returns the length of a base-32 hash representation. */
unsigned int hashLength32(const Hash & hash);

/* Convert a hash to a base-32 representation. */
string printHash32(const Hash & hash);

/* Print a hash in base-16 if it's MD5, or base-32 otherwise. */
string printHash16or32(const Hash & hash);

/* Parse a base-32 representation of a hash code. */
Hash parseHash32(HashType ht, const string & s);

/* Parse a base-16 or base-32 representation of a hash code. */
Hash parseHash16or32(HashType ht, const string & s);

/* Verify that the given string is a valid hash code. */
bool isHash(const string & s);

/* Compute the hash of the given string. */
Hash hashString(HashType ht, const string & s);

/* Compute the hash of the given file. */
Hash hashFile(HashType ht, const Path & path);

/* Compute the hash of the given path.  The hash is defined as
   (essentially) hashString(ht, dumpPath(path)). */
struct PathFilter;
extern PathFilter defaultPathFilter;
typedef std::pair<Hash, unsigned long long> HashResult;
HashResult hashPath(HashType ht, const Path & path,
    PathFilter & filter = defaultPathFilter);

/* Compress a hash to the specified number of bytes by cyclically
   XORing bytes together. */
Hash compressHash(const Hash & hash, unsigned int newSize);

/* Parse a string representing a hash type. */
HashType parseHashType(const string & s);

/* And the reverse. */
string printHashType(HashType ht);


struct Ctx;

class HashSink : public BufferedSink
{
private:
    HashType ht;
    Ctx * ctx;
    unsigned long long bytes;

public:
    HashSink(HashType ht);
    HashSink(const HashSink & h);
    ~HashSink();
    void write(const unsigned char * data, size_t len);
    HashResult finish();
    HashResult currentHash();
};


}
a775484d2d7d0686346c2aeafa7b3e333e62a5'>gnu: bootloader: Use symbol as efi-bootloader-chain name.</a></td><td>Roman Scherer</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/bootloader.scm (efi-bootloader-chain): Use symbol as
efi-bootloader-chain name, to allow systems using it to roll-back and
switch-generations again.

Change-Id: I7f7663e125f5b25830399f04aa2f5ce6ad9e7354


</td></tr>
<tr class='logheader'><td><span title='2024-01-14 23:00:03 +0100'>2024-01-14</span></td><td class='logsubject'><a href='/guix/commit/gnu/bootloader.scm?id=086850e5b2b4a1744565fe83624d256524b64a49'>bootloader: grub: Add support for loading an additional initrd.</a></td><td>Tomas Volf</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
In order to be able to provide decryption keys for the LUKS device, they need
to be available in the initial ram disk.  However they cannot be stored inside
the usual initrd, since it is stored in the store and being a
world-readable (as files in the store are) is not a desired property for a
initrd containing decryption keys.  This commit adds an option to load
additional initrd during the boot, one that is not stored inside the store and
therefore can contain secrets.

Since only grub supports encrypted /boot, only grub is modified to use the
extra-initrd.  There is no use case for the other bootloaders.

* doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd
field.
* gnu/bootloader.scm (&lt;bootloader-configuration&gt;): Add extra-initrd field.
* gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd
field.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f


</td></tr>
<tr class='logheader'><td><span title='2023-10-28 00:17:24 +0200'>2023-10-28</span></td><td class='logsubject'><a href='/guix/commit/gnu/bootloader.scm?id=344e39c928bdb8e6b7e5ac79d94535921a414a05'>profiles: Hooks honor the #:system parameter of ‘profile-derivation’.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Fixes &lt;https://issues.guix.gnu.org/65225&gt;.

* guix/profiles.scm (info-dir-file, package-cache-file)
(info-dir-file, ghc-package-cache-file, ca-certificate-bundle)
(emacs-subdirs, gdk-pixbuf-loaders-cache-file, glib-schemas)
(gtk-icon-themes, gtk-im-modules, linux-module-database)
(xdg-desktop-database, xdg-mime-database, fonts-dir-file)
(manual-database, manual-database/optional): Add optional #:system
parameter and pass it to ‘gexp-&gt;derivation’.
(profile-derivation): Pass HOOK a second parameter, SYSTEM.
* gnu/bootloader.scm (efi-bootloader-profile)[efi-bootloader-profile-hook]:
Add optional #:system parameter and pass it to ‘gexp-&gt;derivation’.
* guix/channels.scm (package-cache-file): Likewise.
* tests/profiles.scm ("profile-derivation, #:system, and hooks"): New
test.

Reported-by: Tobias Geerinckx-Rice &lt;me@tobias.gr&gt;


</td></tr>