fetchTarball with sha256 results in error about lacking a signature

[FRidh]

Using nix-build or nix build on the following file

let
  src = {
    url = https://github.com/NixOS/nixpkgs/archive/9c90ff7e7df9ceadc7335bb43cc67ba92e171d53.tar.gz;
    sha256 = "0f8ynrrj24i4g8flp978ccsb2hlwk1n321z8xwj0wakj0ak4c8i9";
  };
in (import (fetchTarball src) {})

results in

error: imported archive of ‘/nix/store/p76kkardbk3jynwpfih24np3l2pjcwyq-9c90ff7e7df9ceadc7335bb43cc67ba92e171d53.tar.gz’ lacks a signature

$ nix-build --version
nix-build (Nix) 1.12pre5350_7689181e

Edit:

This was on NixOS 17.09.git.c882b96 (Hummingbird) with Nix 1.11.9. Nix Unstable was installed in my profile and so the daemon was still 1.11.

[edolstra]

The hash is wrong BTW, it should be 0b2gwbssb530rij8vg6i62rizbxp3i3hi1jif5179rdnjxdl42q2 (use nix-prefetch-url --unpack to get it).

[FRidh]

Thanks. Now it does evaluate with 1.12pre5350_7689181e. Quite a confusing error.

I wasn't aware that --unpack was needed. That will need to be added then to the docs at

nix/doc/manual/expressions/builtins.xml

Line 276 in 1fd5944

<varlistentry><term><function>fetchTarball</function>

[FRidh]

Is it possible to support

nix-prefetch-url --unpack -A src

where src is a call to fetchTarball?

This is possible with pkgs.fetchurl and that's quite convenient.

[edolstra]

With -A, you don't have to pass --unpack. It's unpacked automatically:

$ nix-prefetch-url -A nix-repl.src 
downloading ‘https://github.com/edolstra/nix-repl/archive/a1ea85e92b067a0a42354a28355c633eac7be65c.tar.gz’... [0/0 KiB, 0.0 KiB/s]
unpacking...
path is ‘/nix/store/q8h2ng6wzgxsqrsczyam6szms15icg8k-nix-repl-a1ea85e92b067a0a42354a28355c633eac7be65c-src’
0rf9711day64lgg6g6yqc5709x4sgj137zpqyn019k764i7m2xs8

[FRidh]

If src is a call to fetchTarball instead of say pkgs.fetchurl, then what I get is

error: value is a string while a set was expected

which is correct since that's what

$ nix-instantiate --eval -A src

shows.

[FRidh]

I've been using fetchTarball with a hash successfully, but now I keep getting

imported archive of ‘/nix/store/j39pygf8s8p3rcvqyqrbdmk6jxbjbsrz-auralisation-nix’ lacks a signature

even though I am sure the hash is correct.

[FRidh]

Using nixUnstable also for the daemon solves that issue.

[FRidh]

I haven't encountered the issue anymore since I'm using the nixUnstable for the daemon as well. Maybe the issue still exists when using stable and unstable Nix together but, since I supposed that isn't a recommended workflow, I'm closing this.

[zimbatm]

What would you think of also adding the sha256 to the 1.11 branch? Even if it's a noop it would allow to have code work on both branches. #1538

[FRidh]

@zimbatm it won't be backported (#1299).