Closed RyanGibb closed 1 year ago
After closer inspection, I realise that the hashes are already extracted from the opam package definition, and that this is orthogonal to materialization.
After some tracing it looks like this error is the result of https://github.com/ocaml/opam-repository/blob/aa363b34739a7323c3b593e7ab850bc31fbfd202/packages/ocaml-variants/ocaml-variants.5.0.1+trunk/opam not having a checksum, as well as some packages (e.g. https://github.com/ocaml/opam-repository/blob/aa363b34739a7323c3b593e7ab850bc31fbfd202/packages/bigstringaf/bigstringaf.0.9.0/opam) not having a sha256 hash.
After some investigation it seems fetchTarball
fetchurl
only support sha256
hashes https://github.com/NixOS/nix/blob/601849b95afc3d173ea34ff5dba6353f9b71b495/src/libexpr/primops/fetchTree.cc#L232
This is despite the Nixpkgs manual stating [0]:
The hash is typically sha256, although many more hash algorithms are supported.
fetchurl
and fetchTarball
are different things, fetchurl
is a FOD (and can accept many hash formats, incl. md5
, sha256
, sha512
), while fetchTarball
is eval-time
I don't think it's a good idea to record hashes during materialization when they're not in the original opam
files. They could correspond to an "unstable" URL (think https://github.com/foo/bar/archive/master.tar.gz
), and so telling Nix that the result is supposed to have a stable checksum is wrong and will lead to problems.
Also, if you're experiencing this problem with the trunk
version (which is an unstable URL), there's a simpler fix: just require ocaml-base-compiler = "*"
in your query, to force opam to choose a stable OCaml version.
Thanks for the response, @balsoft.
if you're experiencing this problem with the trunk version (which is an unstable URL), there's a simpler fix: just require ocaml-base-compiler = "*" in your query, to force opam to choose a stable OCaml version.
Unfortunately this still seems to give an error:
nix build ...
error: in pure evaluation mode, 'fetchTarball' requires a 'sha256' argument
… while evaluating the attribute 'src'
at /nix/store/xjmchy23lg6wrlqbm32apzi9zrddf6k0-source/src/evaluator/default.nix:444:17:
443| pkgdef.src or pkgs.pkgsBuildBuild.emptyDirectory;
444| in { inherit archive src; };
| ^
445|
… while evaluating the attribute 'src' of the derivation 'ocaml-variants-5.0.1+trunk'
Edit: nevermind! This was due to a transitive dependency. This works now. Thanks :)
getUrl
doesn't provide a hash attribute, so when it's result is used in the builder we get the errorin pure evaluation mode, 'fetchTarball' requires a 'sha256' argument
.A workaround is to build with
--impure
. However, this negates a big advantage of flakes, especially if this requires a downstream user with a project built usingopam-nix
as a flake input to rebuild their NixOS config with--impure
.Materialization can be used to get all the dependencies of a project statically, instead of resolving them with
opam
at every build. Do you think it would be possibly to statically get hashes of these dependencies at this point and commit them to the json file produced my materialization?