[TIL] guix doesn't check hash when uri starts with file:///

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TIL] guix doesn't check hash when uri starts with file:///

From:	Rodrigo Morales
Subject:	[TIL] guix doesn't check hash when uri starts with file:///
Date:	Wed, 20 Sep 2023 19:18:57 +0000

I've opened this thread to share something which I've learned with
other Guix users.

I'm currently making some modifications to the source code of zathura
, which is a PDF viewer. The original Guix package is called
=zathura=. In that direction, I've defined the following package
definition.

#+BEGIN_SRC scheme
(define-module (my packages experiments-zathura-custom)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (gnu packages pdf)
  #:use-module (gnu packages gnome))

(define-public zathura-custom
  (package
   (inherit zathura)
   (name "zathura-custom")
   (version "4.0")
   (source
    (origin
     (method url-fetch)
     (uri "file:///home/rdrg/my/git-repos/zathura")
     (sha256
      (base32
       "0000000000000000000000000000000000000000000000000000"))))
   (native-inputs
    (modify-inputs
     (package-native-inputs zathura)
     (prepend json-glib)))))
#+END_SRC

The actual hash of the directory =file:///home/rdrg/my/git-repos/zathura= is
=0jc8iivcahq7izbcxr1kf3gjxlzkmf8ccrq54pv6v13h5wjk56jk2=, but I wrote
=0000000000000000000000000000000000000000000000000000= and I can still
the package by executing the following command (see proof below).

#+BEGIN_SRC sh
guix package --no-substitutes -L ~/my/git-repos/guix-packages/ -i zathura-custom
#+END_SRC

#+RESULTS:
#+BEGIN_EXAMPLE
The following package will be upgraded:
   zathura-custom 3.0 → my-version-1

The following derivation will be built:
  /gnu/store/nbqq72vkrjjw4vpdsbckyvk5cxk4add6-zathura-custom-my-version-1.drv

building 
/gnu/store/nbqq72vkrjjw4vpdsbckyvk5cxk4add6-zathura-custom-my-version-1.drv...
The following derivation will be built:
  /gnu/store/9sasyz1dp9qj2gaz9i2qrjzvnhyrl7pj-profile.drv

applying 19 grafts for zathura-custom-my-version-1 ...
building CA certificate bundle...
listing Emacs sub-directories...
building fonts directory...
generating GdkPixbuf loaders cache...
generating GLib schema cache...
creating GTK+ icon theme cache...
building cache files for GTK+ input methods...
building directory of Info manuals...
building XDG desktop file cache...
building XDG MIME database...
building profile with 6 packages...
hint: Consider setting the necessary environment variables by running:

     GUIX_PROFILE="/home/rdrg/.guix-profile"
     . "$GUIX_PROFILE/etc/profile"

Alternately, see `guix package --search-paths -p "/home/rdrg/.guix-profile"'.
#+END_EXAMPLE

#+BEGIN_SRC sh
echo $?
#+END_SRC

#+RESULTS:
#+BEGIN_EXAMPLE
0
#+END_EXAMPLE

Now when I change the =uri= so that it starts with =https= (please see
below) and I try to install the package, I get the error shown below.

#+BEGIN_SRC scheme
(define-module (my packages experiments-zathura-custom)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (gnu packages pdf)
  #:use-module (gnu packages gnome))

(define-public zathura-custom
  (package
   (inherit zathura)
   (name "zathura-custom")
   (version "my-version-3")
   (source
    (origin
     (method url-fetch)
     (uri "https://pwmt.org/projects/zathura/download/zathura-0.5.2.tar.xz";)
     (sha256
      (base32
       "0000000000000000000000000000000000000000000000000000"))))
   (native-inputs
    (modify-inputs
     (package-native-inputs zathura)
     (prepend json-glib)))))
#+END_SRC

#+BEGIN_SRC sh
guix package --no-substitutes -L ~/my/git-repos/guix-packages/ -i zathura-custom
#+END_SRC

#+RESULTS:
#+BEGIN_EXAMPLE
The following package will be upgraded:
   zathura-custom my-version-2 → my-version-3

The following derivations will be built:
  /gnu/store/32prmnm2f65wv3vg645c321884qz6991-zathura-custom-my-version-3.drv
  /gnu/store/1lk541cdiv7q1zfwzjql4ail5dhvrzc6-zathura-0.5.2.tar.xz.drv

building /gnu/store/1lk541cdiv7q1zfwzjql4ail5dhvrzc6-zathura-0.5.2.tar.xz.drv...
\sha256 hash mismatch for
/gnu/store/3y83i49y4inc7iclg8x3pv1nnchvsjlx-zathura-0.5.2.tar.xz:
  expected hash: 0000000000000000000000000000000000000000000000000000
  actual hash:   15314m9chmh5jkrd9vk2h2gwcwkcffv2kjcxkd4v3wmckz5sfjy6
hash mismatch for store item
'/gnu/store/3y83i49y4inc7iclg8x3pv1nnchvsjlx-zathura-0.5.2.tar.xz'
build of /gnu/store/1lk541cdiv7q1zfwzjql4ail5dhvrzc6-zathura-0.5.2.tar.xz.drv
failed
View build log at
'/var/log/guix/drvs/1l/k541cdiv7q1zfwzjql4ail5dhvrzc6-zathura-0.5.2.tar.xz.drv.gz'.
cannot build derivation
`/gnu/store/32prmnm2f65wv3vg645c321884qz6991-zathura-custom-my-version-3.drv':
1 dependencies couldn't be built
guix package: error: build of
`/gnu/store/32prmnm2f65wv3vg645c321884qz6991-zathura-custom-my-version-3.drv'
failed
#+END_EXAMPLE

#+BEGIN_SRC sh
$ echo $?
#+END_SRC

#+RESULTS:
#+BEGIN_EXAMPLE
1
#+END_EXAMPLE

>From the information shown above, I conclude that =guix= doesn't check
hash correctness when a URI starts with =file:///= but it does when it
starts with =https://=. (Please, correct me if I'm wrong.)

I personally like this behavior because I'm currently editing the
source code of Zathura and I wouldn't like to edit the package
definition to insert the correct hash whenever I make a change in any
of the files of the project directory.

This is not mentioned in the Info manual, but I think it should be
mentioned. The Info node that documents =url-fetch= is "(guix) origin
Reference".

[Prev in Thread]

Current Thread

[Next in Thread]

[TIL] guix doesn't check hash when uri starts with file:///, Rodrigo Morales <=

Prev by Date: Re: Emacs on a reMarkable
Next by Date: dune-based package design trouble
Previous by thread: [Question] Define a macro that defines two variables
Next by thread: dune-based package design trouble
Index(es):
- Date
- Thread