search

NixOS / nix.dev

Official documentation for getting things done with Nix.
https://nix.dev
Creative Commons Attribution Share Alike 4.0 International
2.26k stars 238 forks source link

Issue on page /tutorials/packaging-existing-software.html #986

Closed leon-thomm closed 1 week ago

leon-thomm commented 1 month ago

Other than shown in the guide, a wrong SHA256 will cause fetchzip to fail with a cryptic curl error

default.nix

let
  nixpkgs = import <nixpkgs> {};
in
{ hello = nixpkgs.callPackage ./hello.nix {}; }

hello.nix

{ stdenv, fetchzip }:
stdenv.mkDerivation {
  pname = "myapp";
  version = "0.4";
  src = fetchzip {
    url = "https://ftp.gnu.org/gnu/hello/hello-2.12.1.tar.gz";
    sha256 = "";
  };
}

result:

> nix-build 
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
these 2 derivations will be built:
  /nix/store/8n9l4kbrbjgn8b6f1j0aksi180zyfbgk-source.drv
  /nix/store/hsyygxhzknczdbkvypsa8w4wrxa7mbig-myapp-0.4.drv
building '/nix/store/8n9l4kbrbjgn8b6f1j0aksi180zyfbgk-source.drv'...
error checking the existence of https://tarballs.nixos.org/sha256/:
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

trying https://ftp.gnu.org/gnu/hello/hello-2.12.1.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
error: cannot download source from any mirror
error: builder for '/nix/store/8n9l4kbrbjgn8b6f1j0aksi180zyfbgk-source.drv' failed with exit code 1;
       last 10 log lines:
       >   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
       >                                  Dload  Upload   Total   Spent    Left  Speed
       >   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
       > curl: (60) SSL certificate problem: self-signed certificate in certificate chain
       > More details here: https://curl.se/docs/sslcerts.html
       >
       > curl failed to verify the legitimacy of the server and therefore could not
       > establish a secure connection to it. To learn more about this situation and
       > how to fix it, please visit the web page mentioned above.
       > error: cannot download source from any mirror
       For full logs, run 'nix log /nix/store/8n9l4kbrbjgn8b6f1j0aksi180zyfbgk-source.drv'.
error: 1 dependencies of derivation '/nix/store/hsyygxhzknczdbkvypsa8w4wrxa7mbig-myapp-0.4.drv' failed to build

It works fine when using fetchTarball instead of fetchzip

> nix-build 
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
error:
       … while calling the 'derivationStrict' builtin

         at /builtin/derivation.nix:9:12: (source not available)

       … while evaluating derivation 'myapp-0.4'
         whose name attribute is located at /nix/store/b8bwkgjwsrgjmfxpmcx84nkrjd37vw4d-nixos-23.11/nixos/pkgs/stdenv/generic/make-derivation.nix:348:7

       … while evaluating attribute 'src' of derivation 'myapp-0.4'

         at /home/leon/projects/nix-pkg-test/hello.nix:9:3:

            8|
            9|   src = fetchTarball {
             |   ^
           10|     url = "https://ftp.gnu.org/gnu/hello/hello-2.12.1.tar.gz";

       error: hash mismatch in file downloaded from 'https://ftp.gnu.org/gnu/hello/hello-2.12.1.tar.gz':
         specified: sha256:0000000000000000000000000000000000000000000000000000
         got:       sha256:0xw6cr5jgi1ir13q6apvrivwmmpr5j8vbymp0x6ll0kcv6366hnn

I'm using NixOS 23.11.6759.0638fe2715d9 (Tapir). I'm behind a proxy, but curl'ing the source manually works fine, so might be a bug in fetchzip.

fricklerhandwerk commented 1 week ago

This is not an issue with the tutorial, and is being discussed here: https://github.com/NixOS/nix/issues/10783

leon-thomm commented 6 days ago

indeed, my bad i didn't update this issue

fricklerhandwerk commented 6 days ago

No problem, just cleaning up. :)