Question 1

How to use nix-prefetch to update a Nix package hash?

Accepted Answer

Run nix-prefetch with the package attribute or expression, like 'nix-prefetch hello.src'. It automatically extracts fetcher arguments and computes the hash, which you can then copy into your Nix file. This is ideal for manual updates or scripts.

Question 2

nix-prefetch vs nix-update-fetch: which is better for automated updates?

Accepted Answer

nix-prefetch focuses on hash computation and validation with security enforcement, while nix-update-fetch uses IFD for rewriting Nix expressions. Choose nix-prefetch for TOFU security and flexibility with fetchers, but nix-update-fetch might integrate better in some automated pipelines.

Question 3

Why does nix-prefetch enforce certificate validation and can I bypass it?

Accepted Answer

It enforces validation to prevent MITM attacks, patching fetchers via an overlay as a security measure. There's no built-in bypass, as it's a core feature, so you may need to adjust fetcher arguments or use insecure flags cautiously if dealing with self-signed certificates.

Question 4

How to avoid redownloading sources with nix-prefetch?

Accepted Answer

Use the --check-store flag. If the source is already in the Nix store from an installed package, it skips the download and returns the existing hash, as shown in examples with the git package.

Question 5

Can nix-prefetch handle private Git repositories with authentication?

Accepted Answer

Yes, it works with fetchers like fetchFromGitHub and fetchgitPrivate. You may need to pass arguments like --private or set up netrc files, but ensure credentials are managed securely outside the tool.

Question 6

What are common errors in nix-prefetch and how to fix them?

Accepted Answer

Common errors include hash mismatches, fetcher detection failures, or certificate issues. For mismatches, verify source URLs; for detection, use --fetcher to specify manually. Check verbose output with --debug for details.

Question 7

How to integrate nix-prefetch into a CI/CD pipeline for automated hash updates?

Accepted Answer

Use nix-prefetch in shell scripts to compute hashes and update Nix files via tools like sed or jq. Its silent mode (-s) and direct hash output make it pipe-friendly for automation, as suggested in use cases for update scripts.

nix-prefetch

What is nix-prefetch?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions