Re: Package definition hash calculation

[Julien Lepiller]

When you use guix download, or url-fetch, the hash is computed over the entire 
file, whether it's a tarball that contains other files or whatever else doesn't 
matter. You can't exclude files from inside the tarball. It's just the checksum 
of the file.

What you describes sounds like you're downloading a tarball that's generated 
from your master instead of a particular commit. So everytime you push a change 
to guix.scm, it's a new commit and a different tar.gz (different checksum). So 
you're always chasing after the correct checksum, which won't work.

So you can have a guix.scm in your repo, but it can't refer to a generated 
tarball from master. Instead, you could make it refer to master and not have to 
provide a hash like so:

(source (git-checkout (url "https://…";)))

No more chasing afcer master :)

On July 9, 2022 1:09:27 PM GMT+02:00, Zelphir Kaltstahl 
<zelphirkaltstahl@posteo.de> wrote:
>Hello Guix users!
>
>I feel a bit stupid to ask about this topic again, however, to me it is not 
>really clear, what I need to do, when calculating the hash of a package, so 
>that I can write it in the package definition.
>
>I have a project (https://notabug.org/ZelphirKaltstahl/guile-fslib), which I 
>have packaged before, but that was already a year ago or so, and I forgot the 
>precise process involving the hashes.
>
>I have the following questions:
>
>(1) When I edit the `guix.scm` file and change the hash in there, make a 
>tarball release on notabug, and then run `guix download <tarball of release>`, 
>I get a new hash. If I edit the guix.scm file again and repeat the process, I 
>get a new hash … endless loop of getting a new hash and changing the file 
>accordingly. My guess is, that this is, because `guix download` does not 
>exclude the `guix.scm` file. I would have to manually make a `tar.gz` and 
>upload that as a release to notabug and then reference that. – Is this correct?
>
>(2) I guess I should be using `guix hash --exclude-vcs --serializer=nar 
>--format=??? .` instead, since my package definition makes use of the 
>`git-fetch` method of fetching the package. I had totally forgotten about 
>this, until I searched in old e-mails, reading old replies to previous 
>questions I asked on this mailing list. I think it could be made clearer in 
>the docs, which command to use in which case. However, now I am not sure which 
>`--format=` I should use. I would guess `base32`, because in my package 
>definition it says `(sha256 (base32 "..."))`. Is this correct? Or is the 
>default fine?
>
>(3) What is the recommended way to update a package's source code and then "in 
>one go" calculate the hash, update the `guix.scm` and make a proper release, 
>which only has the appropriate files in the tarball?
>
>(4) Should a release tarball contain a `guix.scm` package definition? (My 
>guess is not, since the hash in that file changes and that would change the 
>tarball. Maybe I am overlooking things/magic though.)
>
>I am feeling like I am stuck in what should be a simple process, because I 
>still have some points that are unclear to me. I try updating my guide to 
>packaging a pure Guile package when I learn new things, so that I can read up 
>next time I want to make a release or a new package, but a few things are 
>still missing or unclear.
>
>Thank you for all your help!
>
>Best regards,
>Zelphir
>
>-- 
>repositories: https://notabug.org/ZelphirKaltstahl
>
>