I maintain the package
memtest86-efi. Recently there was a PR updating
memtest86-efi to use an IPFS mirror in
fetchurl. I’ve never seen this in Nixpkgs and I wanted to see how other Nixpkgs maintainers felt about this.
The problem with
memtest86-efi is that it is a proprietary package, and the company creating it does not provide a versioned URL for the latest version.
The latest version of
memtest86-efi is 9.3-1000. However, the download URL is https://www.memtest86.com/downloads/memtest86-usb.zip. When a new version gets released, it also has the same download URL. There are old versions available to download at versioned URLs. For instance, the previous version is 9.2-2000, and it is available as a versioned URL: https://www.memtest86.com/downloads/memtest86-9.2.2000-usb.zip.
The reasoning from the company for not providing a versioned URL is here: version 8.1 distribution file is not versioned - PassMark Support Forums. Note that redistributing binaries is OK.
Up until now, I’ve always just packaged the previously released version, since it has versioned URL.
There was a recent PR updating
memtest86-efi to download the latest zip file using an IPFS mirror:
The benefit of this is that now the non-versioned
memtest86-usb.zip file is content-addressed, so it doesn’t matter that it is not versioned.
There are a couple drawbacks that I see:
- I don’t use IPFS, so I wouldn’t personally be able to update to a later version of
memtest86-efi. (Not being able to update your own packages is quite unfortunate!)
- From memtest86-efi: 8.4 -> 9.3.1000 by TredwellGit · Pull Request #147574 · NixOS/nixpkgs · GitHub and Pin files | IPFS Docs, it appears that this is now relying on a single(?) user to pin the files on IPFS. Without this working in any sort of official capacity, it is hard to know whether or not this is more reliable than downloading from upstream.
- I couldn’t find any other packages in Nixpkgs using IPFS mirrors as a download source, so it is at the very least uncommon.
I wanted to get a feel for how other Nixpkgs maintainers felt about this.