Hello, I’m trying to get familiar with nix flakes by using them to manage my project dependencies. I need to pin a version (in my case, it’s a version of kustomize but I’m trying to understand the overall strategy by pinning gnu hello instead).
Here’s my flake.nix:
{
description = "gnu hello at version 2.12";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
hello-src = {
url = "https://ftp.gnu.org/gnu/hello/hello-2.12.tar.gz";
flake = false;
};
};
outputs = { self, nixpkgs, flake-utils, hello-src }:
flake-utils.lib.eachDefaultSystem (system:
let
pin-hello = final: prev: {
hello = prev.hello.overrideAttrs (old: {
version = "2.12";
src = hello-src;
});
};
pkgs = nixpkgs.legacyPackages.${system}.extend pin-hello;
in rec
{
packages = {
default = pkgs.hello;
};
});
}
I know something is wrong because I still get 2.12.1, not 2.12:
$ nix run .#default -- --version
hello (GNU Hello) 2.12.1-6fe9
Having overridden the src attribute of the nixpkgs hello derivation to point at the 2.12 version of gnu hello, I’d expect to get 2.12 here.
Can anybody tell me what I’m missing?
Could you set it to something other than 2.12? It seems like it has something to do with hello itself instead of the nix side of things, I was able to get the correct version with 2.11
1 Like
Thanks @figsoda, you’re right. I should have tried more versions before asking. Being new to this, I just assumed it was my mistake.
Unfortunately for me, when I try to migrate this learning over to the actual dependency I want to pin, I once again end up with a non-nix problem: > go: -mod may only be set to readonly when in workspace mode, but it is set to "vendor" · GitHub
I’m guessing that this is not the right forum to ask about that. Any idea where I might ask?
Unfortunately I can’t to help you on this. Though I do have a few tips
- you can use
override instead of callPackage, so instead of prev.callPackage <path> { buildGoModule = <...>; }, you can do prev.kustomize.override { buildGoModule = <...>; }
- you can try overriding
go-modules with overrideAttrs, this is where vendorSha256 eventually gets passed to (go-modules.outputHash) which you can override with overrideAttrs
Thanks again for you help, I think this works:
{
description = "kustomize pinned at v4.5.5";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
kustomize-src = {
url = "github:kubernetes-sigs/kustomize?tag=kustomize/v4.5.5";
flake = false;
};
};
outputs = { self, nixpkgs, flake-utils, kustomize-src }:
flake-utils.lib.eachDefaultSystem (system:
let
version = "4.5.5";
pin-kustomize = final: prev: {
kustomize = prev.kustomize.override {
buildGoModule = args: prev.buildGoModule (args // {
inherit version;
src = kustomize-src;
vendorSha256 = "sha256-k8Rso1bAJbJOz/zGmU2VxQJW20Khof23a86seXt9AGQ=";
ldflags = [
"-s"
"-w"
"-X sigs.k8s.io/kustomize/api/provenance.version=v${version}"
];
preBuild = ''
export GOWORK=off
'';
});
};
};
pkgs = nixpkgs.legacyPackages.${system}.extend pin-kustomize;
in rec
{
packages = {
default = pkgs.kustomize;
};
});
}
Aside:
I’ve been forum hunting, and using traditional search engines, and consulting GPT-3-based AI’s about this. It’s been an incremental process spanning the whole day, off and on.
GPT-4 was just released. It accepts a larger query, so I just gave it the whole flake.nix, and the go build error. Ten minutes later, I had it. Huge improvement. What an age we live in…
I think I got it. Thanks again for you help!
{
description = "kustomize pinned at v4.5.5";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
kustomize-src = {
url = "github:kubernetes-sigs/kustomize?tag=kustomize/v4.5.5";
flake = false;
};
};
outputs = { self, nixpkgs, flake-utils, kustomize-src }:
flake-utils.lib.eachDefaultSystem (system:
let
version = "4.5.5";
pin-kustomize = final: prev: {
kustomize = prev.kustomize.override {
buildGoModule = args: prev.buildGoModule (args // {
inherit version;
src = kustomize-src;
vendorSha256 = "sha256-k8Rso1bAJbJOz/zGmU2VxQJW20Khof23a86seXt9AGQ=";
ldflags = [
"-s"
"-w"
"-X sigs.k8s.io/kustomize/api/provenance.version=v${version}"
];
preBuild = ''
export GOWORK=off
'';
});
};
};
pkgs = nixpkgs.legacyPackages.${system}.extend pin-kustomize;
in rec
{
packages = {
default = pkgs.kustomize;
};
});
}
Aside:
I’ve been forum hunting (this thread was useful), and using traditional search engines, and consulting GPT-3-based AI’s about this. It’s been an incremental process spanning the whole day.
GPT-4 accepts a larger query, so I just gave it the whole flake.nix, and the go build error, and it only took three or four revisions to get it right. Huge improvement.