nix - vendorSha256 是如何计算的？

Question

我试图了解在使用 buildGoModule 时如何计算 vendorSha256。在 nixpkgs手册我得到的唯一信息是:

“vendorSha256:是中间 fetcher 推导输出的哈希值。”

有没有一种方法可以为我正在编写的 nix 表达式计算 vendorSha256？举个具体的例子，这里的"sha256-Y4WM+o+5jiwj8/99UyNHLpBNbtJkKteIGW2P1Jd9L6M="是怎么生成的:

{ lib, buildGoModule, fetchFromGitHub }:

buildGoModule rec {
  pname = "oapi-codegen";
  version = "1.6.0";

  src = fetchFromGitHub {
    owner = "deepmap";
    repo = pname;
    rev = "v${version}";
    sha256 = "sha256-doJ1ceuJ/gL9vlGgV/hKIJeAErAseH0dtHKJX2z7pV0=";
  };

  vendorSha256 = "sha256-Y4WM+o+5jiwj8/99UyNHLpBNbtJkKteIGW2P1Jd9L6M=";

  # Tests use network
  doCheck = false;

  meta = with lib; {
    description = "Go client and server OpenAPI 3 generator";
    homepage    = "https://github.com/deepmap/oapi-codegen";
    license     = licenses.asl20;
    maintainers = [ maintainers.j4m3s ];
  };
}

Answer 1

来自manual :

The function buildGoModule builds Go programs managed with Go modules.It builds a Go Modules through a two phase build:

1. An intermediate fetcher derivation. This derivation will be used to fetch all of the dependencies of the Go module.
2. A final derivation will use the output of the intermediate derivation to build the binaries and produce the final output.

您可以看到，当您尝试在 nix-build 的输出中构建上述表达式时。如果你运行:

nix-build -E 'with import <nixpkgs> { }; callPackage ./yourExpression.nix { }'

您会看到前两行输出:

these 2 derivations will be built:
  /nix/store/j13s3dvlwz5w9xl5wbhkcs7lrkgksv3l-oapi-codegen-1.6.0-go-modules.drv
  /nix/store/4wyj1d9f2m0521nlkjgr6al0wfz12yjn-oapi-codegen-1.6.0.drv

第一个推导将用于获取您的 Go 模块的所有依赖项，第二个将用于构建您的实际模块。所以 vendorSha256 是第一次推导输出的哈希值。

当您编写 Nix 表达式来构建 Go 模块时，您事先并不知道该哈希值。你只知道一阶推导已经实现(下载依赖并根据它们找到哈希)。但是，您可以使用 Nix 验证来找出 vendorSha256 的值。

像这样修改你的 Nix 表达式:

{ lib, buildGoModule, fetchFromGitHub }:

buildGoModule rec {
  pname = "oapi-codegen";
  version = "1.6.0";

  src = fetchFromGitHub {
    owner = "deepmap";
    repo = pname;
    rev = "v${version}";
    sha256 = "sha256-doJ1ceuJ/gL9vlGgV/hKIJeAErAseH0dtHKJX2z7pV0=";
  };

   vendorSha256 = lib.fakeSha256;

  # Tests use network
  doCheck = false;

  meta = with lib; {
    description = "Go client and server OpenAPI 3 generator";
    homepage    = "https://github.com/deepmap/oapi-codegen";
    license     = licenses.asl20;
    maintainers = [ maintainers.j4m3s ];
  };
}

唯一的区别是 vendorSha256 现在有 lib.fakeSha256 的值，这只是一个假的/错误的 sha256 散列。 Nix 将尝试构建第一个推导，并将根据此值检查依赖项的哈希值。由于它们不匹配，因此会发生错误:

error: hash mismatch in fixed-output derivation '/nix/store/j13s3dvlwz5w9xl5wbhkcs7lrkgksv3l-oapi-codegen-1.6.0-go-modules.drv':
         specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
            got:    sha256-Y4WM+o+5jiwj8/99UyNHLpBNbtJkKteIGW2P1Jd9L6M=
error: 1 dependencies of derivation '/nix/store/4wyj1d9f2m0521nlkjgr6al0wfz12yjn-oapi-codegen-1.6.0.drv' failed to build

所以这回答了你的问题。您需要的 vendorSha256 的值为 sha256-Y4WM+o+5jiwj8/99UyNHLpBNbtJkKteIGW2P1Jd9L6M=。复制并将其添加到您的文件中，一切顺利!