Using overrideAttrs in a flake (or pinning a version some other way)

MattRixman · March 14, 2023, 4:16pm

Hello, I’m trying to get familiar with nix flakes by using them to manage my project dependencies. I need to pin a version (in my case, it’s a version of kustomize but I’m trying to understand the overall strategy by pinning gnu hello instead).

Here’s my flake.nix:

{
  description = "gnu hello at version 2.12";

  inputs = {
    flake-utils.url = "github:numtide/flake-utils";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    hello-src = {
      url = "https://ftp.gnu.org/gnu/hello/hello-2.12.tar.gz";
      flake = false;
    };
  };

  outputs = { self, nixpkgs, flake-utils, hello-src }: 
    flake-utils.lib.eachDefaultSystem (system:
      let
        pin-hello = final: prev: { 
            hello = prev.hello.overrideAttrs (old: {
              version = "2.12";
              src = hello-src;
            });
          };

        pkgs = nixpkgs.legacyPackages.${system}.extend pin-hello;
      in rec
      {
        packages = {
          default = pkgs.hello;
        };
      });
}

I know something is wrong because I still get 2.12.1, not 2.12:

$ nix run .#default -- --version
hello (GNU Hello) 2.12.1-6fe9

Having overridden the src attribute of the nixpkgs hello derivation to point at the 2.12 version of gnu hello, I’d expect to get 2.12 here.

Can anybody tell me what I’m missing?

figsoda · March 14, 2023, 9:41pm

Could you set it to something other than 2.12? It seems like it has something to do with hello itself instead of the nix side of things, I was able to get the correct version with 2.11

MattRixman · March 15, 2023, 1:59am

Thanks @figsoda, you’re right. I should have tried more versions before asking. Being new to this, I just assumed it was my mistake.

Unfortunately for me, when I try to migrate this learning over to the actual dependency I want to pin, I once again end up with a non-nix problem: > go: -mod may only be set to readonly when in workspace mode, but it is set to "vendor" · GitHub

I’m guessing that this is not the right forum to ask about that. Any idea where I might ask?

figsoda · March 15, 2023, 3:17am

Unfortunately I can’t to help you on this. Though I do have a few tips

you can use override instead of callPackage, so instead of prev.callPackage <path> { buildGoModule = <...>; }, you can do prev.kustomize.override { buildGoModule = <...>; }
you can try overriding go-modules with overrideAttrs, this is where vendorSha256 eventually gets passed to (go-modules.outputHash) which you can override with overrideAttrs

MattRixman · March 15, 2023, 5:59am

Thanks again for you help, I think this works:

{
  description = "kustomize pinned at v4.5.5";

  inputs = {
    flake-utils.url = "github:numtide/flake-utils";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    kustomize-src = {
      url = "github:kubernetes-sigs/kustomize?tag=kustomize/v4.5.5";
      flake = false;
    };
  };
  outputs = { self, nixpkgs, flake-utils, kustomize-src }:
    flake-utils.lib.eachDefaultSystem (system:
      let
        version = "4.5.5";
        pin-kustomize = final: prev: {
          kustomize = prev.kustomize.override {
            buildGoModule = args: prev.buildGoModule (args // {
              inherit version;
              src = kustomize-src;
              vendorSha256 = "sha256-k8Rso1bAJbJOz/zGmU2VxQJW20Khof23a86seXt9AGQ=";
              ldflags = [
                "-s"
                "-w"
                "-X sigs.k8s.io/kustomize/api/provenance.version=v${version}"
              ];
              preBuild = ''
                export GOWORK=off
              '';
            });
          };
        };

        pkgs = nixpkgs.legacyPackages.${system}.extend pin-kustomize;
      in rec
      {
        packages = {
          default = pkgs.kustomize;
        };
      });
}

Aside:

I’ve been forum hunting, and using traditional search engines, and consulting GPT-3-based AI’s about this. It’s been an incremental process spanning the whole day, off and on.

GPT-4 was just released. It accepts a larger query, so I just gave it the whole flake.nix, and the go build error. Ten minutes later, I had it. Huge improvement. What an age we live in…

MattRixman · March 15, 2023, 6:03am

I think I got it. Thanks again for you help!

{
  description = "kustomize pinned at v4.5.5";

  inputs = {
    flake-utils.url = "github:numtide/flake-utils";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    kustomize-src = {
      url = "github:kubernetes-sigs/kustomize?tag=kustomize/v4.5.5";
      flake = false;
    };
  };
  outputs = { self, nixpkgs, flake-utils, kustomize-src }:
    flake-utils.lib.eachDefaultSystem (system:
      let
        version = "4.5.5";
        pin-kustomize = final: prev: {
          kustomize = prev.kustomize.override {
            buildGoModule = args: prev.buildGoModule (args // {
              inherit version;
              src = kustomize-src;
              vendorSha256 = "sha256-k8Rso1bAJbJOz/zGmU2VxQJW20Khof23a86seXt9AGQ=";
              ldflags = [
                "-s"
                "-w"
                "-X sigs.k8s.io/kustomize/api/provenance.version=v${version}"
              ];
              preBuild = ''
                export GOWORK=off
              '';
            });
          };
        };

        pkgs = nixpkgs.legacyPackages.${system}.extend pin-kustomize;
      in rec
      {
        packages = {
          default = pkgs.kustomize;
        };
      });
}

Aside:

I’ve been forum hunting (this thread was useful), and using traditional search engines, and consulting GPT-3-based AI’s about this. It’s been an incremental process spanning the whole day.

GPT-4 accepts a larger query, so I just gave it the whole flake.nix, and the go build error, and it only took three or four revisions to get it right. Huge improvement.