Nix-prefetch-url not working as expected

harris-chris · October 18, 2023, 2:24am

Hello all,

Is anyone able to tell me what I’m doing wrong here?

$ nix-prefetch-url https://github.com/NixOS/nixpkgs/archive/nixos-23.05.tar.gz --unpack                
path is '/nix/store/6cjg3y7q5gg3ps4z3xcap731igs7i0kd-nixos-23.05.tar.gz'
0ha53gbglrcnpzfc4lwzgyvlsagvm1m2q9z5i5b4nfahplnqpsbj

Then (note the hash is copied and pasted over here)

$ nix build -j0 --impure --no-link --print-out-paths --expr \                                          
                     'with import
                   (fetchTarball {
                     url = "https://github.com/NixOS/nixpkgs/archive/nixos-23.05.tar.gz";
                     sha256 = "0ha53gbglrcnpzfc4lwzgyvlsagvm1m2q9z5i5b4nfahplnqpsbj";
                   }) { };
                   stdenv.mkDerivation {
                    name = "test_package";
                    unpackPhase = "true";
                    installPhase = "echo hello > $out";
                  }'
       error: hash mismatch in file downloaded from 'https://github.com/NixOS/nixpkgs/archive/nixos-23.05.tar.gz':
         specified: sha256:0ha53gbglrcnpzfc4lwzgyvlsagvm1m2q9z5i5b4nfahplnqpsbj
         got:       sha256:166yxg4ff2jxvl9mbngd90dr1k3rdj6xmiccga41xynhh2zr0vmb

If I am misusing nix-prefetch-url somehow (… which I presume I am), can anyone tell me a better way to get the hash in advance?

Thanks!

wamserma · October 19, 2023, 10:15am

The contents of (and thus the hash) of https://github.com/NixOS/nixpkgs/archive/nixos-23.05.tar.gz changes everytime a new commit is added to the underlying branch.

You need to fix the commit, e.g.
https://github.com/NixOS/nixpkgs/archive/b5f8ec6be261dfc44c3b56b220e2793d1b61512b.tar.gz

harris-chris · October 20, 2023, 12:28am

Thanks, and that makes sense, but I’m finding that running the nix-prefetch-url and the nix build command, even in direct sequence, is not working. If I bundle them up as a single command:

HASH=$(nix-prefetch-url https://github.com/NixOS/nixpkgs/archive/nixos-23.05.tar.gz --unpack) nix bui
ld -j0 --impure --no-link --print-out-paths --expr \
                     "with import
                   (fetchTarball {
                     url = \"https://github.com/NixOS/nixpkgs/archive/nixos-23.05.tar.gz\";
                     sha256 = \"$HASH\";
                   }) { };
                   stdenv.mkDerivation {
                    name = \"test_package\";
                    unpackPhase = \"true\";
                    installPhase = \"echo hello > $out\";
                  }"

Then this gives me the same error. Could I ask if you get the same result?

Artturin · October 20, 2023, 2:24am

~
The tar archive served by github is not reproducible so you have to use fetchzip which hashes the content vs the archive itself

Fetchzip compatible hash can be obtained with --unpack https://github.com/NixOS/nix/blob/42f26eb42e3b115f39570bb14445d7e5f33220d7/doc/manual/src/command-ref/nix-prefetch-url.md#options
~

EDIT you’re already using --unpack so use fetchzip

harris-chris · October 22, 2023, 12:13am

Thanks very much, that does work. There’s obviously some nuance of how github works that I’m not understanding here. Why would the tar archive (at a given point in time) not be reproducible? Should it not map directly to a particular tarball?

Artturin · October 22, 2023, 4:19pm

The contents will be the same but the tarball can change when its regenerated