Suggest `integrity` instead of `sha256` attribute in `http_*` rules
This attribute is also present on `archive_override`.
Work towards #17803
Closes #20156.
PiperOrigin-RevId: 581950628
Change-Id: Ied31b9bcf44d850e506f51d73d32059248457aad
diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock
index 9f56bf2..80760a8 100644
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
@@ -2158,7 +2158,7 @@
"moduleExtensions": {
"//:extensions.bzl%bazel_android_deps": {
"general": {
- "bzlTransitiveDigest": "JIUppb9cYpap/pfU76BpY/F/Qd6Qld7XVEsAa78X0T4=",
+ "bzlTransitiveDigest": "PjK+f/kxkhda9tRFlKVdGfNszPoXs7CDXZUi+ZGWGYU=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
@@ -2177,9 +2177,9 @@
},
"//:extensions.bzl%bazel_build_deps": {
"general": {
- "bzlTransitiveDigest": "JIUppb9cYpap/pfU76BpY/F/Qd6Qld7XVEsAa78X0T4=",
+ "bzlTransitiveDigest": "PjK+f/kxkhda9tRFlKVdGfNszPoXs7CDXZUi+ZGWGYU=",
"accumulatedFileDigests": {
- "@@//src/test/tools/bzlmod:MODULE.bazel.lock": "8d144d3e597e69c9cb6f572e9cae8333cc991ba75d61fff1c4d9bd2ad4e2d429",
+ "@@//src/test/tools/bzlmod:MODULE.bazel.lock": "10b96bd3c1eb194b0efe3a13fd06f2051abf36efb33414ad92048883ba471c7f",
"@@//:MODULE.bazel": "93aebd3a9f96d5d6e6148fc4ccd29b673d842f81a91eb2494a3008f4c2c56504"
},
"envVariables": {},
@@ -2428,7 +2428,7 @@
},
"//:extensions.bzl%bazel_test_deps": {
"general": {
- "bzlTransitiveDigest": "JIUppb9cYpap/pfU76BpY/F/Qd6Qld7XVEsAa78X0T4=",
+ "bzlTransitiveDigest": "PjK+f/kxkhda9tRFlKVdGfNszPoXs7CDXZUi+ZGWGYU=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
@@ -2478,7 +2478,7 @@
},
"//tools/android:android_extensions.bzl%remote_android_tools_extensions": {
"general": {
- "bzlTransitiveDigest": "hL6dUUghnqmrcFrs2bvFCvxPHBnPOY3ymycjIbgRQac=",
+ "bzlTransitiveDigest": "iz3RFYDcsjupaT10sdSPAhA44WL3eDYkTEnYThllj1w=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
@@ -2505,7 +2505,7 @@
},
"//tools/test:extensions.bzl%remote_coverage_tools_extension": {
"general": {
- "bzlTransitiveDigest": "DEE4EmNqW6/brpzbLQMxPvdWKALzpq/MeZyydMFsjLI=",
+ "bzlTransitiveDigest": "cizrA62cv8WUgb0cCmx5B6PRijtr/I4TAWxg/4caNGU=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
diff --git a/src/test/shell/bazel/bazel_repository_cache_test.sh b/src/test/shell/bazel/bazel_repository_cache_test.sh
index 4836db5..c6c2c38 100755
--- a/src/test/shell/bazel/bazel_repository_cache_test.sh
+++ b/src/test/shell/bazel/bazel_repository_cache_test.sh
@@ -124,6 +124,7 @@
zip -0 -ry "$repo2_zip" WORKSPACE fox >& $TEST_log
repo2_name=$(basename "$repo2_zip")
sha256=$(sha256sum "$repo2_zip" | cut -f 1 -d ' ')
+ integrity="sha256-$(cat "$repo2_zip" | openssl dgst -sha256 -binary | openssl base64 -A)"
fi
serve_file "$repo2_zip"
@@ -278,7 +279,7 @@
//zoo:breeding-program >& $TEST_log \
|| fail "expected fetch to succeed"
- expect_log "${sha256}"
+ expect_log "${integrity}"
# Shutdown the server; so fetching again won't work
shutdown_server
diff --git a/src/test/shell/bazel/workspace_resolved_test.sh b/src/test/shell/bazel/workspace_resolved_test.sh
index f3abd91..6cbaa18 100755
--- a/src/test/shell/bazel/workspace_resolved_test.sh
+++ b/src/test/shell/bazel/workspace_resolved_test.sh
@@ -335,10 +335,10 @@
touch a/f.txt
zip a.zip a/*
- expected_sha256="$(sha256sum "${EXTREPODIR}/a.zip" | head -c 64)"
+ expected_integrity="sha256-$(cat "${EXTREPODIR}/a.zip" | openssl dgst -sha256 -binary | openssl base64 -A)"
rm -rf a
- # http_archive rule doesn't specify the sha256 attribute
+ # http_archive rule doesn't specify the integrity attribute
mkdir -p main
cat > main/WORKSPACE <<EOF
workspace(name = "main")
@@ -355,7 +355,7 @@
bazel sync \
--experimental_repository_resolved_file=../repo.bzl
- grep ${expected_sha256} ../repo.bzl || fail "didn't return commit"
+ grep ${expected_integrity} ../repo.bzl || fail "didn't return integrity"
}
test_sync_calls_all() {
diff --git a/src/test/tools/bzlmod/MODULE.bazel.lock b/src/test/tools/bzlmod/MODULE.bazel.lock
index ef16ccf..80fcbbd 100644
--- a/src/test/tools/bzlmod/MODULE.bazel.lock
+++ b/src/test/tools/bzlmod/MODULE.bazel.lock
@@ -621,7 +621,7 @@
}
},
"moduleExtensions": {
- "@apple_support~1.5.0//crosstool:setup.bzl%apple_cc_configure_extension": {
+ "@@apple_support~1.5.0//crosstool:setup.bzl%apple_cc_configure_extension": {
"general": {
"bzlTransitiveDigest": "pMLFCYaRPkgXPQ8vtuNkMfiHfPmRBy6QJfnid4sWfv0=",
"accumulatedFileDigests": {},
@@ -644,9 +644,9 @@
}
}
},
- "@bazel_tools//tools/android:android_extensions.bzl%remote_android_tools_extensions": {
+ "@@bazel_tools//tools/android:android_extensions.bzl%remote_android_tools_extensions": {
"general": {
- "bzlTransitiveDigest": "hL6dUUghnqmrcFrs2bvFCvxPHBnPOY3ymycjIbgRQac=",
+ "bzlTransitiveDigest": "iz3RFYDcsjupaT10sdSPAhA44WL3eDYkTEnYThllj1w=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
@@ -671,7 +671,7 @@
}
}
},
- "@bazel_tools//tools/cpp:cc_configure.bzl%cc_configure_extension": {
+ "@@bazel_tools//tools/cpp:cc_configure.bzl%cc_configure_extension": {
"general": {
"bzlTransitiveDigest": "O9sf6ilKWU9Veed02jG9o2HM/xgV/UAyciuFBuxrFRY=",
"accumulatedFileDigests": {},
@@ -694,7 +694,7 @@
}
}
},
- "@bazel_tools//tools/osx:xcode_configure.bzl%xcode_configure_extension": {
+ "@@bazel_tools//tools/osx:xcode_configure.bzl%xcode_configure_extension": {
"general": {
"bzlTransitiveDigest": "Qh2bWTU6QW6wkrd87qrU4YeY+SG37Nvw3A0PR4Y0L2Y=",
"accumulatedFileDigests": {},
@@ -712,7 +712,7 @@
}
}
},
- "@bazel_tools//tools/sh:sh_configure.bzl%sh_configure_extension": {
+ "@@bazel_tools//tools/sh:sh_configure.bzl%sh_configure_extension": {
"general": {
"bzlTransitiveDigest": "hp4NgmNjEg5+xgvzfh6L83bt9/aiiWETuNpwNuF1MSU=",
"accumulatedFileDigests": {},
@@ -728,9 +728,9 @@
}
}
},
- "@bazel_tools//tools/test:extensions.bzl%remote_coverage_tools_extension": {
+ "@@bazel_tools//tools/test:extensions.bzl%remote_coverage_tools_extension": {
"general": {
- "bzlTransitiveDigest": "DEE4EmNqW6/brpzbLQMxPvdWKALzpq/MeZyydMFsjLI=",
+ "bzlTransitiveDigest": "cizrA62cv8WUgb0cCmx5B6PRijtr/I4TAWxg/4caNGU=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
@@ -748,9 +748,9 @@
}
}
},
- "@rules_java~7.1.0//java:extensions.bzl%toolchains": {
+ "@@rules_java~7.1.0//java:extensions.bzl%toolchains": {
"general": {
- "bzlTransitiveDigest": "QHrMRjNPjXXgiGx8x2I1hGry4XALDWB19awlz4iYfwg=",
+ "bzlTransitiveDigest": "iUIRqCK7tkhvcDJCAfPPqSd06IHG0a8HQD0xeQyVAqw=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
@@ -1288,9 +1288,9 @@
}
}
},
- "@rules_python~0.4.0//bzlmod:extensions.bzl%pip_install": {
+ "@@rules_python~0.4.0//bzlmod:extensions.bzl%pip_install": {
"general": {
- "bzlTransitiveDigest": "jfaPoItGn7QX/GUEdWPqrBf5a380ATtgwvSoPQF/t/Q=",
+ "bzlTransitiveDigest": "rTru6D/C8vlaQDk4HOKyx4U/l6PCnj3Aq/gLraAqHgQ=",
"accumulatedFileDigests": {},
"envVariables": {},
"generatedRepoSpecs": {
diff --git a/tools/build_defs/repo/http.bzl b/tools/build_defs/repo/http.bzl
index b61c404..81fc3f9 100644
--- a/tools/build_defs/repo/http.bzl
+++ b/tools/build_defs/repo/http.bzl
@@ -129,10 +129,10 @@
netrc = read_user_netrc(ctx)
return use_netrc(netrc, urls, ctx.attr.auth_patterns)
-def _update_sha256_attr(ctx, attrs, download_info):
- # We don't need to override the sha256 attribute if integrity is already specified.
- sha256_override = {} if ctx.attr.integrity else {"sha256": download_info.sha256}
- return update_attrs(ctx.attr, attrs.keys(), sha256_override)
+def _update_integrity_attr(ctx, attrs, download_info):
+ # We don't need to override the integrity attribute if sha256 is already specified.
+ integrity_override = {} if ctx.attr.sha256 else {"integrity": download_info.integrity}
+ return update_attrs(ctx.attr, attrs.keys(), integrity_override)
def _http_archive_impl(ctx):
"""Implementation of the http_archive rule."""
@@ -155,7 +155,7 @@
workspace_and_buildfile(ctx)
patch(ctx, auth = auth)
- return _update_sha256_attr(ctx, _http_archive_attrs, download_info)
+ return _update_integrity_attr(ctx, _http_archive_attrs, download_info)
_HTTP_FILE_BUILD = """\
package(default_visibility = ["//visibility:public"])
@@ -195,7 +195,7 @@
ctx.file("WORKSPACE", "workspace(name = \"{name}\")".format(name = ctx.name))
ctx.file("file/BUILD", _HTTP_FILE_BUILD.format(downloaded_file_path))
- return _update_sha256_attr(ctx, _http_file_attrs, download_info)
+ return _update_integrity_attr(ctx, _http_file_attrs, download_info)
_HTTP_JAR_BUILD = """\
load("{rules_java_defs}", "java_import")
@@ -235,7 +235,7 @@
rules_java_defs = str(Label("@rules_java//java:defs.bzl")),
))
- return _update_sha256_attr(ctx, _http_jar_attrs, download_info)
+ return _update_integrity_attr(ctx, _http_jar_attrs, download_info)
_http_archive_attrs = {
"url": attr.string(doc = _URL_DOC),
