How to calculate the sha256 parameter of the pullImage function

Hi all,

anyone knows how the sha256 parameter of the pullImage function is calculated?
I’ve tried inspecting the image with “docker inspect nixos/nix:1.11” or with skopeo or by trying a command like:

# docker image save | sha256sum 

but the result is different, and the help string for the parameter is meaningless…

Did you try to use nix hash-file --base64 --type sha256?

Most of the time I am too lazy to figure out exactly what the fetcher does so I copy-paste an existing sha256, change one character, run nix-build, look at the was expecting <GOOD-SHA256> but got <COPIED-SHA256> message and copy the result back into the derivation.

1 Like

Since you are not the first one to ask for this (dockerTools.pullImage: Fix build with sandboxing · NixOS/nixpkgs@42a0b11 · GitHub), I’ve added an entry in the Docker section of the NixOS wiki (I don’t know if it is the right place). See Docker - NixOS Wiki.

But such as @zimbatm, I also provide a non existing sha256 to know the one I have to provide:/

1 Like

Thanks @lewo, well done. In fact I’ve done what @zimbatm suggested, but there were a total of 4 images pulls to update and it’s a bit tedious to do the “launch test - watch it fail - copy over the new sha256 - save - restart the test” cycle.

Thanks again!