Hey,
Homebrew allows me to build certain formula from master/main branch:
$ brew install --build-from-source --HEAD sops
Is there something similiar available with nix?
Packages are always built from source. If you want to rebuild the package, use nix build --rebuild or nix-build --check.
If you want to override the source used, use something like
nix-build --expr 'with (import <nixpkgs> { }); FOOBAR.overrideAttrs { src = ...; }'
or nix build --impure --expr ...
Yes indeed but that’s not what I’m asking please read my question again.
For example if I install sops:
$ nix-shell -p sops
$ sops -v
sops 3.9.4 (latest)
This will install the tag mentioned in: nixpkgs/pkgs/by-name/so/sops/package.nix at 4833a5fb0d03c5206f843e81d643d3b9920c0354 · NixOS/nixpkgs · GitHub
I would want to override this with main/master branch. Can you provide full example with this case?
Set src as I mentioned. You’ll have to choose an appropriate fetcher depending on where the code is located. https://nixos.org/manual/nixpkgs/unstable/#chap-pkgs-fetchers
Also, the question in the title doesn’t match your question in the post, so I answered both questions.
You’re right and I updated the title.
Somehow I feel that in this forum I mainly get answers which are just halfway answering the question and leaving the hard part as an exercise to the reader.
I’m still unsure what the src attribute should point to? Can’t I just override the tag or Rev instead of adding full custom fetcher? How would one do this in de-facto nix way?
This leaves one really wondering how to do something basic as this. Remember that Google/Chatgpt/etc will scrape this page and by giving helpful full answers you will help next generation to use nix and not just me.
I suggest reading the nixpkgs manual. The src is itself a derivation which outputs the source code for a particular package. Unfortunately, you have to recompose the source of you wish to easily change it. However, Detecting version in derivation based on source rev. · Issue #317663 · NixOS/nixpkgs · GitHub would make this much simpler. Using what is called an overlay and changing the src attribute via an attributes override is the de-facto nix way of updating a package.
What’s the confusion? You linked the exact piece of source code (package expression) which contains the fetcher that nixpkgs uses for this, and if you’re using the same repo, use the same fetcher (but instead of tag, use rev if you want a commit that’s untagged).
Because no one here is a mindreader to know exactly what you want to achieve here. With the details you have given, I have no idea why you want to rebuild a package (Are you using this in your config? Are you just doing this as a learning exercise? Are you hacking on the upstream code?). So, I give the most generic answer possible and allow you to explore in further specificity if you have some followup questions.
What’s the confusion?
There are some unreleased features in sops which I can only use by building it from main branch.
Because no one here is a mindreader to know exactly what you want to achieve here. With the details you have given, I have no idea why you want to rebuild a package (Are you using this in your config?
I tried to provide a full corresponding example with homebrew in the initial message and ask how to build from main/master.
I’m interested in how I could build certain package from the main branch and run it in a nix shell. Or how could I just in anyway build the latest version.
I’m now trying to follow your examples here but they don’t work:
$ last_sops_commit=$(git ls-remote "https://github.com/getsops/sops.git" --branches main | cut -f1)
$ nix-build --expr "with (import <nixpkgs> { }); sops.overrideAttrs { rev = \"$last_sops_commit\"; }"
$ ./result/bin/sops --version
sops 3.9.4 (latest)
$ ./result/bin/sops secrets/test.yaml
failed to parse input as Bech32-encoded age public key: malformed recipient "age1se1q2r6sc647nl3zp5cenuqclgj0e9czw43hq2y3amfyhv5yrnc326fusl30yv": invalid type "age1se"
# But when I try with the homebrew version which was built from main branch it works
$ /opt/homebrew/bin/sops secrets/test.yaml
Failed to get the data key required to decrypt the SOPS file.
Group 0: FAILED
age1se1q2r6sc647nl3zp5cenuqclgj0e9czw43hq2y3amfyhv5yrnc326fusl30yv: FAILED
- | failed to create reader for decrypting sops data key with
| age: no identity matched any of the recipients
I assume that the overriding the rev doesn’t work in this context but I have no idea why.
I would be very grateful if someone would be able to show a full example of how this could be done.
You might override src as suggested as in
nix-build --expr "with (import <nixpkgs> { }); sops.overrideAttrs { src = builtins.fetchTarball { url = \"https://github.com/getsops/sops/archive/$last_sops_commit.tar.gz\"; sha256 = \"0000000000000000000000000000000000000000000000000000\"; }; }"
and then the zeroes replaced with the actual sha256 value repeating the command. But also then you’re on to make the build succeed.
With all due respect I’d suggest to make the tone less kind of ambivalent insofar not diminishing the value of work of contributors here and elsewhere in the eco system. It is no rocket science that LLMs can take over parts of tasks but bringing the right incentives is still our the human beings’ part.
The code you linked uses pkgs.fetchFromGitHub, just use that? It feels ironic that you asked me to reread your question if you didn’t read my answer.
nix-build --expr 'with (import <nixpkgs> { });
sops.overrideAttrs {
src = fetchFromGitHub {
owner = "getsops";
repo = "sops";
rev = "2eb776b01df5df04eee626da3e99e9717fffd9e0";
hash = "";
};
}'
Ensure that hash is set to empty string, do not set it to any other value. (Well the lib.fake* valuea are also permissible, but are ultimately redundant, empty string is easier obviously.)
The error will tell you the correct hash, then use that hash in that string.
There’s also nix-prefetch-github for getting the hash, but I think it’s pointless as it’ll download the same file twice anyway due to nix’s design choices.
I’m honestly really trying my best here. I’m sorry if my answers felt hostile. My point was that I want to learn and I want to understand but like you saw from the steps I provided above I wasn’t able to understand.
I’ve been actively asking help in multiple different communities in last year and here the answers always feel very complicated and leaving major part as exercise to the reader like I mentioned earlier.
This is probably because nix is pretty complicated for someone like me when comparing to eg homebrew above. It’s also likely that for you this is straightforward because you are much more advanced and more fluent in nix. I wish there would be more hands-on examples for someone who has not been using nix for long and this was where I was referring.
Thank you so much for providing the example. It was definitely not obvious for me that it’s not possible to just override the rev but I need to change the whole source by changing the whole fetcher. I will try that out 
1 Like
It may be possible to nest overrides:
nix-build --expr 'with (import <nixpkgs> { });
sops.overrideAttrs (oldAttrs: {
src = oldAttrs.src.override {
rev = "2eb776b01df5df04eee626da3e99e9717fffd9e0";
hash = "";
};
})'
(Note the oldAttrs argument provided above to access the attributes prior to overriding.)
The reason I didn’t suggest this originally is because I’m unsure what will happen if both rev and tag are set explicitly, which one will take precedence, but you can try it if you wish.
When I run the provided command (I used hash=null instead to test it) it seems that the go modules cached for sops are not compatible with the new src.
I started this thread with assumption that this could somehow be done easily and it now seems to me that I need to dig quite deep in the sops internals to achieve the same thing as with homebrew.
I appreciate your help so far but it seems to me that it’s easier for me to use homebrew in cases like this 
. If I’m just holding it wrongly let me know.
$ nix-build --expr 'with (import <nixpkgs> { });
sops.overrideAttrs {
src = fetchFromGitHub {
owner = "getsops";
repo = "sops";
rev = "2eb776b01df5df04eee626da3e99e9717fffd9e0";
hash = null;
};
}'
these 2 derivations will be built:
/nix/store/nyc9sfa33nckxkq0svl8jgss4sbf7n9z-source.drv
/nix/store/8p0jfh3389vddnnqjywj437lixszg7s6-sops-3.9.4.drv
building '/nix/store/nyc9sfa33nckxkq0svl8jgss4sbf7n9z-source.drv'...
trying https://github.com/getsops/sops/archive/2eb776b01df5df04eee626da3e99e9717fffd9e0.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 257k 0 257k 0 0 60534 0 --:--:-- 0:00:04 --:--:-- 75146
unpacking source archive /private/tmp/nix-build-source.drv-0/download.tar.gz
building '/nix/store/8p0jfh3389vddnnqjywj437lixszg7s6-sops-3.9.4.drv'...
Using versionCheckHook
Running phase: unpackPhase
unpacking source archive /nix/store/6y9w76r5pjc31r57qyafgkjhqc4757l2-source
source root is source
Running phase: patchPhase
Running phase: updateAutotoolsGnuConfigScriptsPhase
Running phase: configurePhase
Running phase: buildPhase
Building subPackage ./cmd/sops
go: inconsistent vendoring in /private/tmp/nix-build-sops-3.9.4.drv-0/source:
cloud.google.com/go/kms@v1.21.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cloud.google.com/go/storage@v1.51.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.8.2: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys@v1.3.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/ProtonMail/go-crypto@v1.1.6: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2@v1.36.3: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/config@v1.29.9: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/credentials@v1.17.62: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/feature/s3/manager@v1.17.66: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/kms@v1.38.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/s3@v1.78.2: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/sts@v1.33.17: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/google/go-cmp@v0.7.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/hashicorp/vault/api@v1.16.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/crypto@v0.36.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/net@v0.37.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/sys@v0.31.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/term@v0.30.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
google.golang.org/api@v0.226.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
google.golang.org/genproto/googleapis/rpc@v0.0.0-20250303144028-a0af3efb3deb: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
google.golang.org/grpc@v1.71.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
google.golang.org/protobuf@v1.36.5: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cel.dev/expr@v0.19.2: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cloud.google.com/go@v0.118.3: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cloud.google.com/go/auth@v0.15.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cloud.google.com/go/iam@v1.4.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cloud.google.com/go/longrunning@v0.6.5: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cloud.google.com/go/monitoring@v1.24.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
filippo.io/edwards25519@v1.1.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal@v1.1.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/AzureAD/microsoft-authentication-library-for-go@v1.3.3: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric@v0.51.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping@v0.51.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.6.10: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.30: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.34: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.34: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.3: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.34: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.12.3: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.7.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.12.15: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.18.15: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/sso@v1.25.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.29.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aws/smithy-go@v1.22.2: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/cncf/xds/go@v0.0.0-20250121191232-2f005788dc42: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/envoyproxy/go-control-plane/envoy@v1.32.4: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/envoyproxy/protoc-gen-validate@v1.2.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/go-jose/go-jose/v4@v4.0.5: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/googleapis/enterprise-certificate-proxy@v0.3.5: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/contrib/detectors/gcp@v1.34.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.59.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.59.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/otel@v1.34.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/otel/metric@v1.34.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/otel/sdk@v1.34.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/otel/sdk/metric@v1.34.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.opentelemetry.io/otel/trace@v1.34.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/oauth2@v0.28.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/sync@v0.12.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/text@v0.23.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/time@v0.11.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
google.golang.org/genproto@v0.0.0-20250303144028-a0af3efb3deb: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
google.golang.org/genproto/googleapis/api@v0.0.0-20250303144028-a0af3efb3deb: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
cel.dev/expr@v0.19.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
cloud.google.com/go@v0.117.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
cloud.google.com/go/auth@v0.14.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
cloud.google.com/go/iam@v1.3.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
cloud.google.com/go/kms@v1.20.5: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
cloud.google.com/go/longrunning@v0.6.3: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
cloud.google.com/go/monitoring@v1.22.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
cloud.google.com/go/storage@v1.50.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.8.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys@v1.3.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal@v1.1.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/AzureAD/microsoft-authentication-library-for-go@v1.3.2: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric@v0.49.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping@v0.49.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/ProtonMail/go-crypto@v1.1.5: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.6.7: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/config@v1.29.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/credentials@v1.17.54: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.24: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/feature/s3/manager@v1.17.53: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.28: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.28: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.28: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.12.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.5.2: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.12.9: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.18.9: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/kms@v1.37.13: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/s3@v1.74.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/sso@v1.24.11: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.28.10: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/aws-sdk-go-v2/service/sts@v1.33.9: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/aws/smithy-go@v1.22.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/census-instrumentation/opencensus-proto@v0.4.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/cncf/xds/go@v0.0.0-20241223141626-cff3c89139a3: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/envoyproxy/go-control-plane@v0.13.1: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/envoyproxy/protoc-gen-validate@v1.1.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/go-jose/go-jose/v4@v4.0.4: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/google/go-cmp@v0.6.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/googleapis/enterprise-certificate-proxy@v0.3.4: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
github.com/hashicorp/vault/api@v1.15.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/contrib/detectors/gcp@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.58.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.58.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/otel@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/otel/metric@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/otel/sdk@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/otel/sdk/metric@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
go.opentelemetry.io/otel/trace@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/crypto@v0.32.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/net@v0.34.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/oauth2@v0.25.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/sync@v0.10.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/sys@v0.29.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/term@v0.28.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/text@v0.21.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
golang.org/x/time@v0.9.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
google.golang.org/api@v0.218.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
google.golang.org/genproto@v0.0.0-20241223144023-3abc09e42ca8: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
google.golang.org/genproto/googleapis/api@v0.0.0-20241223144023-3abc09e42ca8: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
google.golang.org/genproto/googleapis/rpc@v0.0.0-20250115164207-1a7da9e5054f: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
google.golang.org/grpc@v1.70.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
google.golang.org/protobuf@v1.36.4: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
To ignore the vendor directory, use -mod=readonly or -mod=mod.
To sync the vendor directory, run:
go mod vendor
error: builder for '/nix/store/8p0jfh3389vddnnqjywj437lixszg7s6-sops-3.9.4.drv' failed with exit code 1;
last 25 log lines:
> go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.58.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.58.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> go.opentelemetry.io/otel@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> go.opentelemetry.io/otel/metric@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> go.opentelemetry.io/otel/sdk@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> go.opentelemetry.io/otel/sdk/metric@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> go.opentelemetry.io/otel/trace@v1.33.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/crypto@v0.32.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/net@v0.34.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/oauth2@v0.25.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/sync@v0.10.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/sys@v0.29.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/term@v0.28.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/text@v0.21.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> golang.org/x/time@v0.9.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> google.golang.org/api@v0.218.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> google.golang.org/genproto@v0.0.0-20241223144023-3abc09e42ca8: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> google.golang.org/genproto/googleapis/api@v0.0.0-20241223144023-3abc09e42ca8: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> google.golang.org/genproto/googleapis/rpc@v0.0.0-20250115164207-1a7da9e5054f: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> google.golang.org/grpc@v1.70.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
> google.golang.org/protobuf@v1.36.4: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
>
> To ignore the vendor directory, use -mod=readonly or -mod=mod.
> To sync the vendor directory, run:
> go mod vendor
For full logs, run 'nix log /nix/store/8p0jfh3389vddnnqjywj437lixszg7s6-sops-3.9.4.drv'.
You need to override the vendorHash as well.
1 Like
It doesn’t seem to help and I still get the same failure as above when I run it like this:
$ nix-build --expr 'with (import <nixpkgs> { });
sops.overrideAttrs {
src = fetchFromGitHub {
owner = "getsops";
repo = "sops";
rev = "2eb776b01df5df04eee626da3e99e9717fffd9e0";
hash = null;
};
vendorHash = null;
}'
Is it because I can’t use null here? Normally nix outputs the offending hash and I really doubt that the failure is related to the vendorHash or again if it is it seems that this is again too ambiguous advice for me to follow.
Right, I missed discussing the vendorHash as mentioned - and yes you’d have to keep in mind that this is using buildGo122Module and adjust the override accordingly.
It also seems that current upstream master needs go 1.23 instead of 1.22 as the current package uses, so, theoretically it would be something like this:
nix-build --expr 'with (import <nixpkgs> { });
(sops.override {
buildGo122Module = args: buildGo123Module ( args // { vendorHash = ""; });
}).overrideAttrs {
src = fetchFromGitHub {
owner = "getsops";
repo = "sops";
rev = "2eb776b01df5df04eee626da3e99e9717fffd9e0";
hash = "sha256-VB4/DyQoQnV/AAXteJPsD2vbtAilZcJPTCXk2nvUZU8=";
};
}'
However, you’d also need updates to the go.mod file because the upstream lockfile appears to be broken.
go: updates to go.mod needed; to update it:
go mod tidy
I’m not familiar with homebrew, but I don’t know why it would be able to build a go module with a broken lockfile.
1 Like
I recall that using null did not work for me in the past for building go modules but I never checked/understood why.
Also, you should be using the literal empty string, not null, I explicitly mentioned the permissible values for a reason.
https://nixos.org/manual/nixpkgs/unstable/#sec-pkgs-fetchers-updating-source-hashes
Though, in this case the null is not the only issue.
1 Like
The homebrew formula for sops doesn’t lock the golang version at all and it seems to use latest:
$ which go
/opt/homebrew/bin/go
$ go version
go version go1.24.1 darwin/arm64
Well it doesn’t really matter whether you use 1.23 or 1.24 here, the lockfile being broken is still a problem, and both buildGo123Module and buildGo124Module fail with the same error about it.