Nix Hash: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>Colemickens
No edit summary
imported>Piegamesde
Corrected SRI hash definition
Line 20: Line 20:
You can specify the hash in '''any base''' that's supported. Thus, <code>sha256 = "21d536debb3076d4f6e9044bd9ef15c8c58b29f9cbd4ad406b058310a565debc";</code> is equally allowed.
You can specify the hash in '''any base''' that's supported. Thus, <code>sha256 = "21d536debb3076d4f6e9044bd9ef15c8c58b29f9cbd4ad406b058310a565debc";</code> is equally allowed.


An alternative – and supposedly preferred – way of specifying hashes are so-called "SRI hashes". They're pretty simple, you just prepend the algorithm used and a dash to the hash:
An alternative – and supposedly preferred – way of specifying hashes are so-called "SRI hashes". They're pretty simple, as the hash contains the algorithm used and always is in base64:


<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
src = fetchurl {
src = fetchurl {
   url = "https://example.org/downloads/source-code.zip";
   url = "https://example.org/downloads/source-code.zip";
   hash = "sha256-1g6ycnji10q5dd0avm6bz4lqpif82ppxjjq4x7vd8xihpgg3dm91";
   hash = "sha256-IdU23rswdtT26QRL2e8VyMWLKfnL1K1AawWDEKVl3rw=";
};
};
</syntaxHighlight>
</syntaxHighlight>
If you find a hash that uses colon as a separator (<code><type>:<hash></code>), don't use that. This relies on undocumented behavior and is not officially supported.


=== What exactly is hashed ===
=== What exactly is hashed ===
Line 39: Line 41:
=== Tools ===
=== Tools ===


The tool of choice for hashing is <code>nix-hash</code>, although it will be deprecated [https://github.com/NixOS/nix/issues/1191#issuecomment-273839319 one day]. The new alternatives are [[Nix_command/hash-file]] and [[Nix_command/hash-path]], which however are "EXPERIMENTAL and subject to change". <code>nix-hash</code> offers the <code>--to-base32</code> flag (which the new alternatives don't at the moment) that takes in a hex hash and converts that hash to custom-base32. On the other hand, <code>nix-hash</code> does not support the new <code>sha512</code> algorithm or the base64 encoding.
The tool of choice for hashing is <code>nix-hash</code>, although it will be deprecated [https://github.com/NixOS/nix/issues/1191#issuecomment-273839319 one day]. The new alternatives are [[Nix_command/hash-file]] and [[Nix_command/hash-path]], which however are "EXPERIMENTAL and subject to change". <code>nix-hash</code> offers the <code>--to-base32</code> flag (for which [[Nix_command/to-sri]] is the new alternative) that takes in a hex hash and converts that hash to custom-base32. On the other hand, <code>nix-hash</code> does not support the new <code>sha512</code> algorithm or the base64 encoding.


When dealing with remote files, <code>nix-prefetch-url</code> offers a handy shortcut for downloading the file into the Nix store and printing out its hash. (<code>nix-prefetch-url --unpack</code> is its <code>fetchzip</code> equivalent.)
When dealing with remote files, <code>nix-prefetch-url</code> offers a handy shortcut for downloading the file into the Nix store and printing out its hash. (<code>nix-prefetch-url --unpack</code> is its <code>fetchzip</code> equivalent.)
Retrieved from "https://wiki.nixos.org/wiki/Nix_Hash"