I am a little confused by nix-prefetch-url as I thought its purpose was to give you a checksum you can use to update your Nix package, but whenever I use the checksum it provides, I get a checksum error when I try to build the package in question. For instance, I updated the sha256 hash of my OpenRA package (which I’ve modified to use fetchTarball instead of fetchFromGitHub) to 1zlz0zk4limqwiclakg5m27r00ljbjmsfns4zpqdixn4vyxc83ic as that is what nix-prefetch-url https://github.com/OpenRA/OpenRA/archive/10db26fa0b3df25e679b465475fe69b21381b26b.tar.gz returned. But when I rebuilt my OpenRA git package, which was building this very git commit, I received the error:
error: hash mismatch in file downloaded from 'https://github.com/OpenRA/OpenRA/archive/10db26fa0b3df25e679b465475fe69b21381b26b.tar.gz':
specified: sha256:1zlz0zk4limqwiclakg5m27r00ljbjmsfns4zpqdixn4vyxc83ic
got: sha256:1lw9yd43k94i1gx1ba55db475awzj4fd507vyhz28rz2gf746dph
I am guessing that I’m not meant to use nix-prefetch-url. If so, what tool am I meant to use to update checksums when using fetchTarball?
Just set the hash to "" and build, you’ll get the correct hash in the error. There prefetch scripts are a bit obscure to use, you have to set name and a bunch of flags to even avoid a cache miss after fetching.
Also, fetchFromGitHub is better; fetchTarball gets run during eval as it’s a builtin, and therefore slows down your eval.
This is because fetchTarball extracts the downloaded file into a store directory, but your invocation to nix-prefetch-url is calculating the hash for the tarball itself (aka the hash of using fetchurl), not the contents within it. If you use nix-prefetch-url --unpack <url>, you’ll get the correct hash.
For future reference, just don’t bother with trying to pre-calculate the hash. It might seem like the natural approach, and it might even seem unnatural to leave it empty, let Nix fail, then use the hash it tells you to use, but it’s honestly the easiest way and saves you a lot of headaches. This is because the internal mechanisms for hashing objects are slightly different between the various fetchers, and you’ll need to be aware of those mechanisms in order to correctly use nix-prefetch-url (or nix-hash / nix hash). It’s simply not worth remembering those details, just let Nix take care of it.