Nixpkgs: fetchFromGitHub sha256 checksum error
I'm using Nix on OSX 10.10, with nixpkgs from GitHub. I can't get fetchFromGitHub to accept the sha256 checksum I supply to it for a repository. For example:
# default.nix
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "github-test";
src = fetchFromGitHub {
owner = "octocat";
repo = "Spoon-Knife";
rev = "d0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9";
sha256 = "71529cd6998a14f6482a78f078e1e868570f37b946ea4ba04820879479e3aa2c";
};
builder = ./builder.sh;
}
When I run nix-shell, I get the following error:
unpacking source archive /private/var/folders/nr/77qh9x2j1nbfc_gmy9v5smz40000gn/T/nix-build-Spoon-Knife-d0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9-src.drv-0/d0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9.tar.gz
output path ‘/nix/store/rqyyzn38i2vnp6hjp17synq3jyph0d7x-Spoon-Knife-d0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9-src’ should have r:sha256 hash ‘1jzxn58pjxrnis7ca37rgsxflsx8578w4iyn3bzkdfn51d5k0l5c’, instead has ‘1imvnn0k59yban4drm8x3lsdhs8rvm1j854zghigd2pfhqk70ipn’
error: build of ‘/nix/store/wbjsg7cc9777yy8sbbsdsj6kf2gvcljv-Spoon-Knife-d0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9-src.drv’ failed
These are the commands I used to generate the checksum of the repository:
$ curl -OL https://github.com/octocat/Spoon-Knife/archive/d0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9.tar.gz
$ shasum -a 256 d0dd1f61b33d64e29d8bc1372a94ef6a2fee76a9.tar.gz
I also double-checked that the archive downloaded in the commands above indeed result in the correct archived repository. I also noticed that the sha256 checksum for the file changed at least once upon newly downloading the same archive from GitHub. Is there some nondeterministic behavior in downloading archives from GitHub in this way?
giogadi
All 6 comments
Use nix-prefetch-git to figure out the sha256 to use in your expression (or just look at the error message; that's what I do). fetchFromGitHub uses fetchzip to hash the contents of the tarball as opposed to the tarball itself, which as you noted will vary between downloads.
copumpkin
on 11 Mar 2015
That fixes it! Can this perhaps be done in a more user-friendly way, or at least document this behavior at the definition of the fetchFromGitHub function?
giogadi
on 11 Mar 2015
What would be friendlier?
On Wednesday, March 11, 2015, Luis G. Torres [email protected]
wrote:
That fixes it! Can this perhaps be done in a more user-friendly way, or at
least document this behavior at the definition of the fetchFromGitHub
function?—
Reply to this email directly or view it on GitHub
https://github.com/NixOS/nixpkgs/issues/6750#issuecomment-78260834.
copumpkin
on 11 Mar 2015
I think it would be useful if a comment at the fetchFromGitHub definition in all-packages.nix briefly explained how to determine the sha256 field used when calling fetchFromGitHub.
giogadi
on 11 Mar 2015
I think it's just using the standard nix recursive directory hasher. Not sure how to invoke that manually, but maybe someone else is.
copumpkin
on 12 Mar 2015
See man nix-hash - that should be the same hashes (with proper options passed).
vcunat
on 12 Mar 2015
Related issues
copumpkin
·
3Comments
sid-kap
·
3Comments
copumpkin
·
3Comments
ghost
·
3Comments
langston-barrett
·
3Comments
Most helpful comment
Use
nix-prefetch-gitto figure out the sha256 to use in your expression (or just look at the error message; that's what I do).fetchFromGitHubusesfetchzipto hash the contents of the tarball as opposed to the tarball itself, which as you noted will vary between downloads.