If you only change the version number, guix will cry to download that version. 
If it fails, then it relies on the provided hash to fetch from a 
content-adressed store, such as ci or sohtware heritage. It relies on the hash 
as the source of truth.

Usually, when updating a package, I alter the hash to make sure it doesn't 
build the old version. Replace the initial 1 with a 0 or initial 0 with a 1, 
and you get a wrong hash. If it fails to download the file, you'll notice 
immediately. Otherwise, it will print the expected hash.

Le 8 novembre 2024 20:18:54 GMT+01:00, Troy Figiel <t...@troyfigiel.com> a 
écrit :
>Hi Juli,
>
>On Fri, 2024-11-08 at 13:26 -0500, Juliana Sims wrote:
>> To cover all my bases, I pk'd the hash produced by `pypi-uri` and
>> used 
>> `guix download` to try to fetch the same file and check its hash,
>> only 
>> to find that `guix download` couldn't find anything at that URL or
>> its 
>> fallbacks.
>
>It seems at some point in between version 0.14.0 and 0.17.0 the name of
>the tarball has changed from `magic-wormhole` to `magic_wormhole`.  You
>have to change the uri-field accordingly to successfully download the
>source code from PyPI.
>
>When building it in the way you describe, the source code cannot be
>found on PyPI, so it is pulled from tarballs.nixos.org instead.  It
>seems NixOS uses content-addressable storage, so the hash is used to
>download the source code and since you have not changed the hash, it
>downloads version 0.14.0 again.
>
>Why tarballs.nixos.org is used as a backup, I do not know.  I do not
>recall ever having seen this behaviour before.
>
>Hope this helps a bit though!
>
>Best wishes,
>
>Troy

Reply via email to