nix-fix-hash automatically fixes hash mismatches in Nix expressions by parsing error messages and updating the hash values.
Installation
Run directly
nix run github:spotdemo4/nur#nix-fix-hash
Add to flake
devShells.default = pkgs.mkShell {
packages = with pkgs.trev; [
nix-fix-hash
];
};
Usage
Fix hash in a file
When you get a hash mismatch error:
error: hash mismatch in fixed-output derivation
specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
got: sha256-abc123...
nix build 2>&1 | nix-fix-hash
Fix hash in specific file
nix build 2>&1 | nix-fix-hash --file package.nix
Interactive mode
Review changes before applying:
nix build 2>&1 | nix-fix-hash --interactive
How it works
Parse error message
nix-fix-hash reads the Nix build error and extracts the expected and actual hash values
Locate hash in source
Finds the file and line containing the incorrect hash
Update hash
Replaces the old hash with the correct one
Verify fix
Optionally re-runs the build to confirm the fix worked
Common workflows
Update fetchFromGitHub hash
When updating a package version:
fetchFromGitHub {
owner = "owner";
repo = "repo";
rev = "v2.0.0"; # Updated version
hash = "sha256-oldHash"; # Needs update
}
nix build .#package 2>&1 | nix-fix-hash
Batch update multiple packages
for pkg in package1 package2 package3; do
echo "Updating $pkg"
nix build .#$pkg 2>&1 | nix-fix-hash
done
CI/CD integration
Automate hash updates in pull requests:
nix flake update
nix build --no-link 2>&1 | nix-fix-hash
git add .
git commit -m "chore: update hashes"
- SRI format:
sha256-abc123...
- Nix32 format:
sha256:abc123...
- Base64 format:
abc123...
Use nix-fix-hash with nix-update to automate package updates completely. Update the version with nix-update, then fix hashes with nix-fix-hash.
nix-fix-hash only works with fixed-output derivations that produce hash mismatch errors. It cannot fix other types of build failures.
Links
