Is it possible to disable `vendorSha256` with buildGoModule to make updates easier with niv?

I’m using niv with git-actions but I would like to avoid having to update vendorSha256 on every dependency update.

From the doc it says to run go mod vendor. But that’s on the upstream repo right? Can I do it in a package using fetchFromGitHub without modifying the upstream repo?

Hi @bbigras. I apologize for not answering your question directly (though I was just wondering the same about vendorSha256 and cargoSha256 recently [related to adopting flakes]). But, I can offer this that might help. You can use nix-prefetch to get those values, as an example: nixpkgs-wayland/ at 9b5a54a5e449debd28cf1bb074e4a694b4fc9630 · colemickens/nixpkgs-wayland · GitHub That’s the relevant part of the script I wrote to update nixpkgs-wayland packages which includes git/hg repos, and go/rust packages, and updates are automated. I don’t love this being in bash though, and generally I wish I could lean on niv/flakes for similar reasons as you.

1 Like

I think the correct long-term action would be to make niv aware of vendor sha’s, similar to nixpkgs-update is now aware of them as well.


Thank you very much @colemickens. I’ll give it a try.

This make sense. I’ll open a feature request. Thanks!