Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libexpr: add sha256 noop argument to fetch #1538

Closed
wants to merge 2 commits into from

Conversation

zimbatm
Copy link
Member

@zimbatm zimbatm commented Aug 29, 2017

Nix 1.12 is going to support that argument fully. This addition is only
there to allow forward-compatibility.

Nix 1.12 is going to support that argument fully. This addition is only
there to allow forward-compatibility.
@edolstra
Copy link
Member

This seems dangerous to me. It creates a false impression that the hash is verified.

@zimbatm
Copy link
Member Author

zimbatm commented Aug 29, 2017

I'm trying to find a solution because 1.11 is going to be around for a long time. The most ideal would to backport, but that was also rejected in #1299.

The main use-case I am trying to solve is to pin nixpkgs. Something like:

let
  repo = builtins.fromJSON (builtins.readFile ./src.json);
in
  builtins.fetchTarball {
    url = "https://github.com/${repo.owner}/${repo.repo}/tarball/${repo.rev}";
    #sha256 = repo.sha256;
  }

(also any solution that imports <nixpkgs> doesn't work when NIX_PATH is being set to that file).

But because the sha256 is missing, github.com gets hit on each invocation. There is also a workaround with the cache TTL that has it's own set of problems.

Even if it's introduced in 1.12, not everybody is going to upgrade overnight. Also the release date for 1.12 is unknown. I want a backport that can be pushed to the 17.03 and 17.09 channels so we can start use this argument, even if it's just a noop.

@zimbatm
Copy link
Member Author

zimbatm commented Aug 29, 2017

Would it be acceptable if that argument would emit some sort of warning instead?

@zimbatm
Copy link
Member Author

zimbatm commented Aug 30, 2017

Closing this as @taktoa's solution is a viable workaround: https://gist.github.com/taktoa/4ec8b0cb6d07857400b07a830ad99558

@zimbatm zimbatm closed this Aug 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants