And now I can’t update the installation. I removed the hash, assuming it will re-download the package to check the hash, but it just reads hash from the old tarball, which resides somewhere in cache.
yes. The problem is that the tarball is somewhere in /nix/store, and the builder just check the hash against that previously downloaded version. Lazy shit
Are you… sure? Because nix normally stores the files with the hash making up part of their path, if you change the hash the path should change, and nix should realize that the path does not yet exist. Perhaps you’re getting a 404 page or something, and that just repeatedly gives you the same hash.
It should be noted that the wiki is both unofficial and notoriously out of date, and in places completely wrong. It wouldn’t surprise me if the link had changed since someone last touched that page.
Either way, a nix-collect-garbage -d should remove any store paths not currently used by anything, if you still have an issue after that, please share the exact error, and check the contents of what nix actually downloads.
Pretty sure it’s supposed to be a joke on nix’ laziness, y’know, lazy evaluation. In this case the issue definitely isn’t that, to be fair, it’s either a massive bug in nix’ data storage or user error.
Ah, if that’s the case then please accept my apologies.
fetchTarball has a caching layer above the Nix store, and it both uses a TTL (one hour by default) and checks the server’s ETag before downloading a URL a second time. If Microsoft isn’t correctly updating the ETag published by the server, that could be causing this problem.
The tarball cache is stored in ~/.cache/nix/fetcher-cache-v1.sqlite, and if you want to, say, delete the last day of cached entries, you can run
sqlite3 ~/.cache/nix/fetcher-cache-v1.sqlite "delete from Cache where timestamp > $(date +%s) - 86400;"
No, ~/.cache/nix not so big to contain vscode’s binary:
du -sh .cache/nix
764K .cache/nix
but home-manager switch still gives an error:
error: hash mismatch in file downloaded from 'https://code.visualstudio.com/sha/download?build=insider&os=linux-x64':
specified: sha256:0000000000000000000000000000000000000000000000000000
got: sha256:1gkyagbrkihxbzcw8z0rg7plvgp7gg7yq6nlc0r7hwczsgz1dj1j
And somehow it gets the hash of the installed version (I checked with the previous version of the config). So apparently the old downloaded binary is stored somewhere in /nix/store.
The SQLite cache just stores the URL(s), the hash, the ETag (if there was one), a timestamp, and the path in the Nix store containing the actual data. If you try to fetch the URL, and the server responds with an ETag matching the one in the database, then fetchTarball acts as if it just completed a download and the result is the Nix store path indicated.
Ah, in that case the safest thing would probably be to delete the entry from the cache.
My oldest cache entry is from June 2022; pretty sure they just hang around in there until they’re invalidated. If servers are truthful about when their resources change, it shouldn’t matter.
I checked ETag just now, it’s different from those in the cache.
So the problem is with fetchTarball: when wrong hash provided it checks it against expired ~/.cache/nix entities (2 months vs 1 hour TTL) without even checking new etag.
I removed those entries from the ~/.nix/cache/fetcher-cache-v1.sqlite, and all worked as charm: it re-downloaded the tarball, gave me new hash, I put it into config and updated vscode insiders. Thanks everybody!
But I doubt nix users supposed to do it manually every time, ah? Maybe it’s just some once-only fault with my lazy fetchTarball?
Hard to say, but you may have encountered a legit bug. I don’t think impure URLs (returning different contents at different points in time) are used very much with Nix, so it wouldn’t surprise me if there are rarely exercised edge cases in the caching code that don’t work as intended.
If this happens again the next time you try to update Insiders, I would:
Replace the "https://code.visualstudio.com/sha/download?build=insider&os=linux-x64" URL with whatever it expands to ("https://vscode.download.prss.microsoft.com/dbazure/download/insider/a017b12b9caa3475675cfe6fda014fcf5af388c9/code-insider-x64-1702964236.tar.gz" today, something else tomorrow) to get your setup working.
Report the issue at Issues · NixOS/nix · GitHub, because I don’t see a current issue corresponding to this behavior. Try running an isolated nix-build on just the fetchTarball call, as in my last comment to you, making sure to include the --debug flag, and include it in the report; it’ll probably help with figuring out what code paths Nix is using.