Make the store path info ca field structured in JSON

The old string format is a holdover from the pre JSON days. It is not friendly to users who need to get the information out of it. Also introduce the sort of versioning we have for derivation for this format too.
2025-11-08 11:36:03 +01:00 · 2025-10-30 17:44:07 -04:00 · 2025-10-30 17:44:07 -04:00 · caa196e31d
commit caa196e31d
parent 0c37a62207
17 changed files with 130 additions and 36 deletions
--- a/tests/functional/fixed.sh
+++ b/tests/functional/fixed.sh
@ -14,7 +14,16 @@ nix-build fixed.nix -A bad --no-out-link && fail "should fail"
 # Building with the bad hash should produce the "good" output path as
 # a side-effect.
 [[ -e $path ]]
-nix path-info --json "$path" | grep fixed:md5:2qk15sxzzjlnpjk9brn7j8ppcd
+nix path-info --json "$path" | jq -e \
+    --arg hash "$(nix hash convert --to base64 "md5:8ddd8be4b179a529afa5f2ffae4b9858")" \
+    '.[].ca == {
+        method: "flat",
+        hash: {
+            algorithm: "md5",
+            format: "base64",
+            hash: $hash
+        },
+    }'

 echo 'testing good...'
 nix-build fixed.nix -A good --no-out-link
--- a/tests/functional/git-hashing/simple-common.sh
+++ b/tests/functional/git-hashing/simple-common.sh
@ -47,9 +47,17 @@ try2 () {
    hashFromGit=$(git -C "$repo" rev-parse "HEAD:$hashPath")
    [[ "$hashFromGit" == "$expected" ]]

-    local caFromNix
-    caFromNix=$(nix path-info --json "$path" | jq -r ".[] | .ca")
-    [[ "fixed:git:$hashAlgo:$(nix hash convert --to nix32 "$hashAlgo:$hashFromGit")" = "$caFromNix" ]]
+    nix path-info --json "$path" | jq -e \
+        --arg algo "$hashAlgo" \
+        --arg hash "$(nix hash convert --to base64 "$hashAlgo:$hashFromGit")" \
+        '.[].ca == {
+            method: "git",
+            hash: {
+                algorithm: $algo,
+                format: "base64",
+                hash: $hash
+            },
+        }'
 }

 test0 () {
--- a/tests/functional/impure-derivations.sh
+++ b/tests/functional/impure-derivations.sh
@ -30,7 +30,7 @@ path1_stuff=$(echo "$json" | jq -r .[].outputs.stuff)
 [[ $(< "$path1"/n) = 0 ]]
 [[ $(< "$path1_stuff"/bla) = 0 ]]

-[[ $(nix path-info --json "$path1" | jq .[].ca) =~ fixed:r:sha256: ]]
+nix path-info --json "$path1" | jq -e '.[].ca | .method == "nar" and .hash.algorithm == "sha256"'

 path2=$(nix build -L --no-link --json --file ./impure-derivations.nix impure | jq -r .[].outputs.out)
 [[ $(< "$path2"/n) = 1 ]]
--- a/tests/functional/nix-profile.sh
+++ b/tests/functional/nix-profile.sh
@ -166,7 +166,7 @@ printf 4.0 > "$flake1Dir"/version
 printf Utrecht > "$flake1Dir"/who
 nix profile add "$flake1Dir"
 [[ $("$TEST_HOME"/.nix-profile/bin/hello) = "Hello Utrecht" ]]
-[[ $(nix path-info --json "$(realpath "$TEST_HOME"/.nix-profile/bin/hello)" | jq -r .[].ca) =~ fixed:r:sha256: ]]
+nix path-info --json "$(realpath "$TEST_HOME"/.nix-profile/bin/hello)" | jq -e '.[].ca | .method == "nar" and .hash.algorithm == "sha256"'

 # Override the outputs.
 nix profile remove simple flake1
--- a/tests/functional/signing.sh
+++ b/tests/functional/signing.sh
@ -58,7 +58,7 @@ nix store verify -r "$outPath2" --sigs-needed 1 --trusted-public-keys "$pk1"
 # Build something content-addressed.
 outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)

-nix path-info --json "$outPathCA" | jq -e '.[] | .ca | startswith("fixed:md5:")'
+nix path-info --json "$outPathCA" | jq -e '.[].ca | .method == "flat" and .hash.algorithm == "md5"'

 # Content-addressed paths don't need signatures, so they verify
 # regardless of --sigs-needed.