Nix-prefetch-url not working as expected

Hello all,

Is anyone able to tell me what I’m doing wrong here?

$ nix-prefetch-url --unpack                
path is '/nix/store/6cjg3y7q5gg3ps4z3xcap731igs7i0kd-nixos-23.05.tar.gz'

Then (note the hash is copied and pasted over here)

$ nix build -j0 --impure --no-link --print-out-paths --expr \                                          
                     'with import
                   (fetchTarball {
                     url = "";
                     sha256 = "0ha53gbglrcnpzfc4lwzgyvlsagvm1m2q9z5i5b4nfahplnqpsbj";
                   }) { };
                   stdenv.mkDerivation {
                    name = "test_package";
                    unpackPhase = "true";
                    installPhase = "echo hello > $out";
       error: hash mismatch in file downloaded from '':
         specified: sha256:0ha53gbglrcnpzfc4lwzgyvlsagvm1m2q9z5i5b4nfahplnqpsbj
         got:       sha256:166yxg4ff2jxvl9mbngd90dr1k3rdj6xmiccga41xynhh2zr0vmb

If I am misusing nix-prefetch-url somehow (… which I presume I am), can anyone tell me a better way to get the hash in advance?


The contents of (and thus the hash) of changes everytime a new commit is added to the underlying branch.

You need to fix the commit, e.g.

Thanks, and that makes sense, but I’m finding that running the nix-prefetch-url and the nix build command, even in direct sequence, is not working. If I bundle them up as a single command:

HASH=$(nix-prefetch-url --unpack) nix bui
ld -j0 --impure --no-link --print-out-paths --expr \
                     "with import
                   (fetchTarball {
                     url = \"\";
                     sha256 = \"$HASH\";
                   }) { };
                   stdenv.mkDerivation {
                    name = \"test_package\";
                    unpackPhase = \"true\";
                    installPhase = \"echo hello > $out\";

Then this gives me the same error. Could I ask if you get the same result?

The tar archive served by github is not reproducible so you have to use fetchzip which hashes the content vs the archive itself

Fetchzip compatible hash can be obtained with --unpack

EDIT you’re already using --unpack so use fetchzip

Thanks very much, that does work. There’s obviously some nuance of how github works that I’m not understanding here. Why would the tar archive (at a given point in time) not be reproducible? Should it not map directly to a particular tarball?

The contents will be the same but the tarball can change when its regenerated