anyone knows how the sha256 parameter of the pullImage function is calculated?
I’ve tried inspecting the image with “docker inspect nixos/nix:1.11” or with skopeo or by trying a command like:
# docker image save | sha256sum
but the result is different, and the help string for the parameter is meaningless…
Did you try to use
nix hash-file --base64 --type sha256?
Most of the time I am too lazy to figure out exactly what the fetcher does so I copy-paste an existing sha256, change one character, run nix-build, look at the
was expecting <GOOD-SHA256> but got <COPIED-SHA256> message and copy the result back into the derivation.
Since you are not the first one to ask for this (dockerTools.pullImage: Fix build with sandboxing · NixOS/nixpkgs@42a0b11 · GitHub), I’ve added an entry in the Docker section of the NixOS wiki (I don’t know if it is the right place). See Docker - NixOS Wiki.
But such as @zimbatm, I also provide a non existing sha256 to know the one I have to provide:/
Thanks @lewo, well done. In fact I’ve done what @zimbatm suggested, but there were a total of 4 images pulls to update and it’s a bit tedious to do the “launch test - watch it fail - copy over the new sha256 - save - restart the test” cycle.