exarkun
commented
5 years ago clever | exarkun: i get the arch+darwin hash, on my nixos box
clever | exarkun: this means, that upstream has fudged with the source, and only the arch+darwin hash will work
clever | exarkun: if you provide the old hash, nixos finds the old copy in /nix/store and doesnt care that upstream borked things
clever | exarkun: if you use the "darwin" hash on nixos, then it should just work everywhere
clever | exarkun: you can blame somebody on the rust package management end, for changing a source tar without changing the version
exarkun | clever: is there some strategy for dealing with this case - the case where /nix/store has the "wrong" hash (wrong in the sense that you would never be able to reproduce it if it weren't in your /nix/store already)
exarkun: set the hash wrong, on all machines, and see if the new hash they come up with matches, on all machines
clever | exarkun: that will proove that somebody upstream borked (or mitm'd) the download, and nixos was just blindly trusting your old hash
tilpner | exarkun: --check on foo.src might work too (but verify!)
nix-build fails, producing this error: