Nixpkgs: Cannot install google-fonts: hash mismatch

https://github.com/NixOS/nixpkgs/blob/master/pkgs/data/fonts/google-fonts/default.nix looks really strange to me, in effect trying to be a "two-level" fixed-output derivation. @manveru, do you know what's up with that?

Oh, it looks like @edolstra did that fairly recently: https://github.com/NixOS/nixpkgs/commit/1681718e2fd81c2613604df0a3fbb259bf213ceb

The danger of making a derivation into a fixed-output derivation like that is that if any of the inputs change their behavior slightly, the FO derivation breaks.

I think this was fixed in c015c2910693f47b641f325f66e690158c3d2652.

@edolstra but the hash it was complaining about in OP was the google-fonts output hash, not its source hash (which admittedly will also change with a straight fetchurl, so the commit you linked to is still useful), so my concern about fragility still stands

Note that there is nothing wrong with using a fixed-output derivation. In fact it revealed an actual problem, namely that the build was non-deterministic in a bad way: depending on directory order it would copy different TTF files.

I just had this problem today. I'm on nixos-unstable, so I would expect that the patch should have fixed it. Is there something I can do to check what version of the packages I'm on, to see if the problem persists?

It seems OK to me on current nixos-unstable (1c50bdd9).

@vcunat How do I check whether my nix channel contains that commit? My nixpkgs version is 16.09.1086.7596205.

(I found this by running the command nix-instantiate --eval -E '(import <nixpkgs> {}).lib.nixpkgsVersion'.)

@sid-kap: you said you were on nixos-unstable, but your version indicates 16.09 (i.e. stable). Still, it does work for me even on your version (7596205).

...which might be just because http://tarballs.nixos.org is used before the original URL by default.

Hmm, I wonder why that is. I followed the instructions in Chapter 4 of the Nixos Manual. Is there something else I need to do to switch to unstable?

I ran nixos-rebuild switch --upgrade, and now my version is up to "16.09.1272.81428dd", which still starts with 16.09 and therefore is not unstable. Why did it not upgrade me to unstable? Here is the output of nix-channel --list:

nixos https://nixos.org/channels/nixos-unstable

In case this might be useful, the output of cat /nix/var/nix/profiles/per-user/root/channels/nixpkgs/.version is 17.03, but the output of cat /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/.version is 16.09.

We're getting a bit off-topic, but for nixos-rebuild the root's channels are what you should look at, e.g. sudo nix-channel --list. In the manual that's signified as the command lines starting by #; I'm not sure if there's some explicit statement.

Thanks, that worked. Google Fonts now installs properly on my machine.

Well, let me close. If someone can reproduce the problem on a recent (un)stable channel, we'll reopen.

I retried ensuring download comes from github, and it succeeded with the same hash we have in 16.09 for months.

I did yet another two downloads from github, together from three different networks within CZ, and all have the hash we got committed. I've got no idea how some people could get a different one. We could try comparing individual file hashes, etc. but as long as it's just a single package...

Nix store hashes don't exhibit such "bugs" normally.

Still, it's possible that fetchzip is buggy in this respect.

Still, it's possible that fetchzip is buggy in this respect.

@vcunat @volth is talking about the output hash being a mismatch, not the fetchFromGitHub one.

Ah, right, it's most likely that buggy usage of find that got fixed on master already but wasn't backported to 16.09 yet. I somehow missed the difference from master.

Picked all those changes now.