Manifest is missing information to properly check "integrity" field for file with outputHashMode "recursive"

[ardumont]

For information, some nixpkgs manifests are missing information to properly check back
the "integrity" field. The derivation is containing the information but it's not
propagated to the manifest. See [1] [2] with a bit more description below:

In [1], the filesystem layout is required to build properly the same hash.

In [2], the executable bit permission is required on the file to compute the proper
hash.

I gather it's highly possible other edge cases exist too.

Is it possible to do something about it?

Thanks for this and thanks your time.

[1] Derivation: https://github.com/NixOS/nixpkgs/blob/e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef/pkgs/data/misc/unicode-emoji/default.nix

{
      "outputHash": "0s2mvy1nr2v1x0rr1fxlsv8ly1vyf9978rb4hwry5vnr678ls522",
      "outputHashAlgo": "sha256",
      "outputHashMode": "recursive",
      "type": "url",
      "urls": [
        "https://www.unicode.org/Public/emoji/12.1/emoji-zwj-sequences.txt"
      ],
      "integrity": "sha256-QhRN0THZ7uIzh2RldFJyfgdP0da0u5Az6GGLbIPfVWg=",
      "inferredFetcher": "unclassified"
    }

# you need to reproduce the layout exactly like the derivation to be able to have the right same hash:
$ mkdir -p foobar/share/unicode/emoji
$ wget https://www.unicode.org/Public/emoji/12.1/emoji-zwj-sequences.txt -O foobar/share/unicode/emoji/emoji-zwj-sequences.txt -q
$ nix-store --dump foobar | sha256sum
42144dd131d9eee2338764657452727e074fd1d6b4bb9033e8618b6c83df5568  -
$ python3
>>> import base64
>>> base64.b64encode(bytes.fromhex("42144dd131d9eee2338764657452727e074fd1d6b4bb9033e8618b6c83df5568"))
b'QhRN0THZ7uIzh2RldFJyfgdP0da0u5Az6GGLbIPfVWg='

[2] Derivation: https://github.com/NixOS/nixpkgs/blob/350fd0044447ae8712392c6b212a18bdf2433e71/pkgs/development/tools/misc/remarkable/remarkable-toolchain/default.nix

$ cat /var/tmp/sources-unstable-full.json  | jq . | grep -C6  https://storage.googleapis.com/remarkable-codex-toolchain/codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh
    {
      "outputHash": "sha256-ocODUUx2pgmqxMk8J+D+OvqlSHBSay6YzcqnxC9n59w=",
      "outputHashAlgo": "sha256",
      "outputHashMode": "recursive",
      "type": "url",
      "urls": [
        "https://storage.googleapis.com/remarkable-codex-toolchain/codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh"
      ],
      "integrity": "sha256-ocODUUx2pgmqxMk8J+D+OvqlSHBSay6YzcqnxC9n59w=",
      "inferredFetcher": "unclassified"
    },
$ nix-store --dump codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh | sha256sum
0144c6c6b10f88fbf5c154d9e6beb11c771ad71f36d4d0edfc8c3fc01239dda4  -

$ integrity decode "sha256-ocODUUx2pgmqxMk8J+D+OvqlSHBSay6YzcqnxC9n59w="
sha256 a1c383514c76a609aac4c93c27e0fe3afaa54870526b2e98cdcaa7c42f67e7dc # <- hash mismatch

$ ls -lah codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh
-rw-r--r-- 1 tony tony 211M Jan 14  2021 codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh

$ chmod +x codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh
ls -lah codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh
-rwxr-xr-x 1 tony tony 211M Jan 14  2021 codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh

$ nix-store --dump codex-x86_64-cortexa9hf-neon-rm10x-toolchain-3.1.2.sh | sha256sum
a1c383514c76a609aac4c93c27e0fe3afaa54870526b2e98cdcaa7c42f67e7dc  -  # <- match with executable bit