Getting sha256 for a patch, using fetchpatch [SOLVED]

I have a derivation for a SDDM theme on NixOS, and I want to update the theme.conf file. My solution is to make a patch file with my configs and apply that patch to theme.conf. Here’s my (incomplete) derivation:

  sddm-sugar-candy = stdenv.mkDerivation rec {
    pname = "sddm-sugar-candy-theme";
    version = "1.6";
    dontBuild = true;
    installPhase = ''
      mkdir -p $out/share/sddm/themes
      cp -aR $src $out/share/sddm/themes/sugar-candy

    patches = [
      (fetchpatch {
        url = "";
        sha256 = "";

    src = fetchFromGitHub {
      owner = "Kangie";
      repo = "sddm-sugar-candy";
      rev = "v${version}";
      sha256 = "18wsl2p9zdq2jdmvxl4r56lir530n73z9skgd7dssgq18lipnrx7";

The problem I have is that I don’t know how to get the sha256 hash. I did some experimentation by downloading a patch included in a derivation that gives the sha256, and running nix hash file on the downloaded patch and comparing this to the sha256 in the derivation, but they aren’t the same. I also had a look online and on Discourse but I couldn’t find any relevant threads.

Any help on this, or indeed updating my theme.conf file would be appreciated.

patches are processes by a postFetch function, it’s actually hard to do it (it’s possible though).

You can use lib.fakeSha256 for the hash value, then run the build to get the real processed value in the output and you are done.


Got the sha256 value, thanks for the solution. How exactly do I write the postFetch function, or is there a simpler way to change my conf file? Here’s my attempt (I don’t really know what I’m doing though):

    patches = [
      (fetchpatch {
        url = "";
        sha256 = [...];
        postFetch = "${patchutils}/bin/patch $out/share/sddm/themes/sugar-dark < $TMPDIR/patch" # don't know what the patch's path is;

The patch should be applied solely because beeing mentioned in the patches list.

In the postFetch of the patch, your sourcecode you want to patch does not yet exist.

I checked the conf file after rebuilding but the change hasn’t been applied. This was when I simply added the patch to the patches list without postFetch. If postFetch doesn’t work what else should I try?

Then it is time for more details.

What exactly do you need to know?

I wanted to ask for the derivation and the sources, though just realise that they are in the OP and wanted to delete my post now :smiley: Though as you already answered, I will take a closer look in a minute or 2.

Your patch does not specify any files in the source tree…

--- /run/current-system/sw/share/sddm/themes/sugar-candy/theme.conf	1970-01-01 01:00:01.000000000 +0100
+++ ./theme.conf	2022-12-06 17:57:27.593614235 +0000

Usually they contain a path relative to the source root, prefixed by a/ and b/ respectively.

Scratch that… I checked the logs, there seems to be another reasong…

postFetch is an internal function of fetchpatch :wink: don’t need to care about it. it’s stripping the patch of any extra information and may also reorder the hunks in alphabetical path order :thinking:

1 Like

Found it, this time for real!

$ rg -i 'password.*true' < result/share/sddm/themes/sugar-candy/theme.conf

Here my actual changes:

--- original.nix        2022-12-06 22:03:50.900429701 +0100
+++ default.nix 2022-12-06 22:01:12.304187732 +0100
@@ -9 +9 @@
-      cp -aR $src $out/share/sddm/themes/sugar-candy
+      cp -aRv . $out/share/sddm/themes/sugar-candy
@@ -15 +15 @@
-        sha256 = "";
+        sha256 = "sha256-1be//NP3wPK/JWKDpB2pDSaL3UzYKjhtj4shLxMf1tQ=";
1 Like

Perfect, does the trick! Out of interest, what is the significance of changing $src to the current dir? Thanks for the solution, by the way.

Noted, thanks for the help.

$src is where the download got extraced. . is where the build happens.

$src lives in the nix store, . in a temporary location, sandboxed in a way, that it always seems to be /build

1 Like