Packaging Resonarium vst: hash mismatch

Zsele · February 15, 2026, 5:38pm

I am trying to package Resonarium vst, the building instructions are to just run cmake as the package calls every dependency it needs on its own: GitHub - gabrielsoule/resonarium: An expressive, semi-modular, and comprehensive physical modeling/waveguide synthesizer.

I’m geting the following error before any phase executes as far as i can tell (i’ve tried echoing a message to terminal during unpack phase and got nothing)

error: hash mismatch in fixed-output derivation ‘/nix/store/mbvk6qj5sljvwhplz5wd5w1d1aywmgy3-source.drv’:
specified: sha256-6Chb8WOyObYw15lf4CZv/FawzmP7wco7ANXAuJnVgYA=
got: sha256-/ezkq1er/OteoLrqXe60/QmC5BOqoRcoGvtr93wBioE=

I’ve searched for both hashes through the error log and none of them show up elsewhere, so i am not sure what dependency is failing.

Code for the package is the following:

{
  stdenv,
  fetchFromGitHub,
  cmake,
  juce,
}:

stdenv.mkDerivation rec {
    pname = "resonarium";
    version = "0.0.11";

    src = fetchFromGitHub {
        owner = "gabrielsoule";
        repo = "resonarium";
        rev = "v${version}";
        fetchSubmodules = true;
        sha256 = "1041sncvih6m00xwmhgvcg7b0mpwdwkf0pwrswqbcfdjcgqmna78" ;
      }; 

    nativeBuildInputs = [ cmake ];
    
    buildPhase = ''
      runHook preInstall
      git submodule update --init --recursive
      cmake -B build -DCMAKE_BUILD_TYPE=Release
      cmake --build build --target Resonarium_Instrument_VST3
      cmake --build build --target Resonarium_Instrument_Standalone
      runHook postInstall
    '';
    
  }

There’s probably a lot missing from it, but with the error i’m getting i have no guidance, making the log more verbose hasn’t helped

drupol · February 15, 2026, 5:39pm

Replace it with:

hash = "sha256-/ezkq1er/OteoLrqXe60/QmC5BOqoRcoGvtr93wBioE="

And run again your build.

Zsele · February 15, 2026, 5:57pm

thanks, now i get normal errors i can deal with.
Do you know why the error I got said a different hash from the one i had put in my code?

drupol · February 15, 2026, 6:15pm

Hash mismatches are a “rite of passage” when starting with Nix. Regarding your question, it’s worth explaining the difference between the 2 ways of writing hashes, as Nix is currently transitioning between them.

sha256 = "" (The Legacy Way)
- This tells Nix specifically to expect a SHA-256 hash.
- It usually expects the hash in base32 (a format specific to Nix, e.g., 0p7...) or hexadecimal.
- When the build fails, Nix will provide the “got” hash in base32.
- While still very common, this is considered the “old” style.
hash = "" (The Modern SRI Way)
- This uses the SRI (Subresource Integrity) standard.
- It is algorithm-agnostic: the prefix (sha256-, sha512-) tells Nix which algorithm to use.
- When the build fails, Nix will provide a string like sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=.
- Recommendation: You should prefer hash = "" for new packages. It is the modern standard used in Nixpkgs and is much cleaner.

The easiest way to get the correct hash for your VST is:

Set hash = ""; in your derivation.
Run the build (e.g., nix-build or nix build).
Nix will fail with a “hash mismatch” error.
Look for the got: line in the error message, copy the entire string starting with sha256-, and paste it into your code.

Hope it helps.

Zsele · February 15, 2026, 6:25pm

Definitely helped! I had been wondering about use of sha256 = ““ vs hash = ““ for a while.
Very interesting that somewhere along the way it converts to base32 but doesn’t care to switch back for the error message.