Nix Hash: Difference between revisions

Line 41:

=== Tools ===

The tool of choice for hashing is <code>nix-hash</code>, although it will be deprecated [https://github.com/NixOS/nix/issues/1191#issuecomment-273839319 one day]. ~~The new alternatives~~ are [[Nix_command/hash-file]] and [[Nix_command/hash-path]], ~~which however are "EXPERIMENTAL and subject to change"~~. <code>nix-hash</code> ~~offers the~~ <code>--to-base32</code> ~~flag~~ (~~for which~~ [[Nix_command/to-~~sri~~]] ~~is the new alternative) that takes in~~ a ~~hex hash and converts that~~ hash to ~~custom~~-base32. On the ~~other hand~~, <code>nix-hash</code> ~~does not support~~ the ~~new~~ <code>~~sha512~~</code> ~~algorithm or~~ the base64 ~~encoding~~.

The tool of choice for hashing is <code>nix-hash</code>, although it will be deprecated [https://github.com/NixOS/nix/issues/1191#issuecomment-273839319 one day] and replaced by subcommands of the [[Nix_command]]. Below is a comparison between the current <code>nix-hash</code> and the '''experimental''' replacements which already can be used today, but are subject to change.

{|class="wikitable"

!nix-hash

!nix command

!explanation

|-

| <code>nix-hash --flat --type $HASHTYPE</code>

| <code>nix hash-file --base16 --type $HASHTYPE</code>, see [[Nix_command/hash-file]]

| Hash a file by using a “flat” hash which directly hashes a file and behaves like the <code>{md5,sha1,sha256,sha512}sum</code> utilities.

|-

| <code>nix-hash --flat --base32 --type $HASHTYPE</code>

| <code> nix hash-file --base32 --type $HASHTYPE</code>

| Like above, but with the more used base32 output.

|-

| <code>nix-hash --type $HASHTYPE</code>

| <code> nix hash-path --base16 --type $HASHTYPE</code>, see [[Nix_command/hash-path]]

| Compute the hash of a given path's dump in the NAR format.

|-

| <code>nix-hash --base32 --type $HASHTYPE</code>

| <code> nix hash-path --base32 --type $HASHTYPE</code>

| Like above, but with the more common base32 representation.

|-

| <code>nix-hash --to-base32 --type $HASHTYPE</code>

| <code>nix to-base32 --type $HASHTYPE</code>, see [[Nix_command/to-base32]]

| Convert a hash of <code>$HASHTYPE</code> to its (nix-specific) base32 representation.

|-

| <code>nix-hash --to-base16 --type $HASHTYPE</code>

| <code>nix to-base16 --type $HASHTYPE</code>, see [[Nix_command/to-base16]]

| Convert a hash of <code>$HASHTYPE</code> to its (nix-specific) base32 representation.

|-

| (not supported)

| <code>nix to-sri --type $HASHTYPE</code>, see [[Nix_command/to-sri]]

| Convert a hash of <code>$HASHTYPE</code> to its SRI representation.

|-

| (not supported)

| <code>nix to-base64 --type $HASHTYPE</code>, see [[Nix_command/to-base64]]

| Convert a hash of <code>$HASHTYPE</code> to its base64 representation which is the SRI representation without the hash type indication.

|}

<code>$HASHTYPE</code> is either <code>md5</code> (deprecated in nixpkgs), <code>sha1</code>, <code>sha256</code> (current nixpkgs standard) or <code>sha512</code> ([https://github.com/NixOS/nix/issues/1191#issuecomment-273839319 candidate for the next standard hash]). The main differences between <code>nix-hash</code> and the <code>nix</code> subcommands is the lack of support for SRI and base64 in the former and the lack of stability in the latter. The defaults settings for the two tools are as follows:

{|class="wikitable"

!setting

!nix-hash default

! nix command default

|-

| output format

| base16

| SRI with base64 hash representation

|-

| hash algorithm

| md5

| sha256

|}

When dealing with remote files, <code>nix-prefetch-url</code> offers a handy shortcut for downloading the file into the Nix store and printing out its hash. (<code>nix-prefetch-url --unpack</code> is its <code>fetchzip</code> equivalent.)