search

nmattia / niv

Easy dependency management for Nix projects
https://github.com/nmattia/niv
MIT License
1.55k stars 77 forks source link

Different sha256 for nixos-rebuild vs. niv update #292

Closed cideM closed 3 years ago

cideM commented 3 years ago

I have the following source

    "vscode": {
        "sha256": "08gcihgy65dykp5bibgkr6237a8nmihc81gh2wk4jnwqfiyilv8c",
        "type": "tarball",
        "url": "https://vscode-update.azurewebsites.net/latest/linux-x64/insider",
        "url_template": "https://vscode-update.azurewebsites.net/<version>/linux-x64/insider",
        "version": "latest"
    }

which I'm using to install the latest Visual Studio Code Insiders build. The sha256 here comes from niv update vscode -t latest. If I now run nixos-rebuild switch it suggests a different sha256 -- 0y95m4dbrl5qgcf7wvck7v4lipqdbmhx5sr7a4cds0d4d64q3ffv. If I use that one, it works, but I get version 1.51.0 from September.

Here's the derivation

{ pkgs, ... }:
let
  sources = import ./nix/sources.nix;

in
{
  programs.vscode = {
    enable = true;

    package = (pkgs.vscode.override {
      isInsiders = true;
    }).overrideAttrs
      (_: rec {
        src = sources.vscode;
        # src = builtins.fetchTarball {
        #   url = "https://vscode-update.azurewebsites.net/latest/linux-x64/insider";
        #   sha256 = "k3vw63vysdy2991l5bpk5czqjim47f2h8fg50by9bapfksvj1jgv";
        # };
      });
  };
}

I'm a bit confused as to how Nix determines the hash and how niv does it. Also, I'm using flakes and have 

  nix = {
    package = pkgs.nixUnstable;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

not sure how that affects things. If I use the commented out lines instead, I get version 1.60.1

nmattia commented 3 years ago

I get the following:

nix-repl> sources.vscode
[87.1 MiB DL]
error: hash mismatch in file downloaded from 'https://vscode-update.azurewebsites.net/latest/linux-x64/insider':
  wanted: sha256:08gcihgy65dykp5bibgkr6237a8nmihc81gh2wk4jnwqfiyilv8c
  got:    sha256:12a364frldikjv9rx9r5k0lfg2qz9pi0pa9zh09giikk2d0z05jb

note that you're using latest, which I assume changes regularly. I believe you added it in September, when it was pointing to v1.51.0. niv calculated the sha256 at that point. Then, because nothing changed in the sources.json, niv didn't bother updating the source (the assumption is that an URL will always return the same content). When you run your nix-build or any other command, nix checks and see if it already has an entry with hash 08gcihgy65dykp5bibgkr6237a8nmihc81gh2wk4jnwqfiyilv8c; it does, and does not re-download it. That's why you're stuck with v1.51.0.

Instead of using latest, I would pin a specific version. Let me know if that works.

cideM commented 3 years ago

Got it, thanks for the explanation. I didn't consider that the latest URL doesn't change.