Replace cryptonite with cryptohash-sha1

[anuraaga]

What I did

Replaced usage of deprecated cryptonite library with cryptohash-sha1. The primary motivation for this is Wasm compatibility for #873, and I could verify the new library does compile fine with Wasm. Another motivation is that cyrptonite is deprecated and uses quite legacy libraries such as basement.

Fixes #873

How I did it

Replaced fingerprint generation in Codeclimate to use cryptohash, as well as base16-bytestring as it recommends for generating a hex digest.

How to verify it

As far as I know there aren't unit tests for the formatter. I checked this command produces the same output before and after the change

cabal --allow-newer run exe:hadolint -- -f gitlab_codeclimate README.md

[anuraaga]

@lorenzo Are you still looking at this repo? The last release is also some time ago so wonder if we should be moving on from this tool.

[StevenACoffman]

I think that @m-ildefons also helps maintain this repository.

[m-ildefons]

Thanks for the PR.

I recently tried to cross-compile Hadolint into Javascript with the end-goal of updating the online linter eventually. While doing that I ran into issues compiling basement: https://gitlab.haskell.org/ghc/ghc/-/issues/26304
I had no idea that library is now considered "legacy".

Unfortunately, I think you need to fix up the formatter, because the fingerprints now contain escaped " characters.

With your change:

$ hadolint -f gitlab_codeclimate /home/moritz/tmp/Dockerfile | jq
[
  {
    "categories": [
      "Bug Risk"
    ],
    "check_name": "DL3006",
    "description": "Always tag the version of an image explicitly",
    "fingerprint": "\"085227bc53d6f5c3499f66470bbdf43b1431453c\"",
    "location": {
      "lines": {
        "begin": 1,
        "end": 1
      },
      "path": "/home/moritz/tmp/Dockerfile"
    },
    "severity": "major",
    "type": "issue"
  },
  {
    "categories": [
      "Bug Risk"
    ],
    "check_name": "DL3002",
    "description": "Last USER should not be root",
    "fingerprint": "\"3453f7ca2af22147e4c288320280cd43a994f34b\"",
    "location": {
      "lines": {
        "begin": 3,
        "end": 3
      },
      "path": "/home/moritz/tmp/Dockerfile"
    },
    "severity": "major",
    "type": "issue"
  }
]

Without your change:

$ hadolint -f gitlab_codeclimate /home/moritz/tmp/Dockerfile | jq"major","type":"issue"}]
[
  {
    "categories": [
      "Bug Risk"
    ],
    "check_name": "DL3006",
    "description": "Always tag the version of an image explicitly",
    "fingerprint": "085227bc53d6f5c3499f66470bbdf43b1431453c",
    "location": {
      "lines": {
        "begin": 1,
        "end": 1
      },
      "path": "/home/moritz/tmp/Dockerfile"
    },
    "severity": "major",
    "type": "issue"
  },
  {
    "categories": [
      "Bug Risk"
    ],
    "check_name": "DL3002",
    "description": "Last USER should not be root",
    "fingerprint": "3453f7ca2af22147e4c288320280cd43a994f34b",
    "location": {
      "lines": {
        "begin": 3,
        "end": 3
      },
      "path": "/home/moritz/tmp/Dockerfile"
    },
    "severity": "major",
    "type": "issue"
  }
]

The problem is probably line 73 "fingerprint" .= show fingerprint, shoudl be just "fingerprint" .= fingerprint, now that the fingerprint is a ByteString and no longer some structure, which needed to be converted to a string-like first.

Could you please fix this?
Otherwise the change looks good to me.

[anuraaga]

Thanks @m-ildefons - I completely missed those extra quotes. I have updated to unpack to a string and looks like they're fixed

[m-ildefons]

LGTM. Thanks for the contribution.