Cryptographic hash function are a core part of Nix, often realized by by Nix’s built-in usage of Git, to ensure source integrity and reproducibility. This results in a development chore to provide these values when writing and maintaining a derivation. A commonly published workaround is to use a fake hash, such as a string of zeroes, which prompts Nix to throw an error indicating the correct hash:
sha256 = "0000000000000000000000000000000000000000000000000000";Leveraging the built-in variable lib.fakeSha256 reduces
the effort of ensuring the fake hash has the correct format, making it
easier to obtain the correct hash for the derivation:
sha256 = lib.fakeSha256;Avoid deliberate evoking an evaluating of the derivation with a fake
hash in order to throw an error, which feels like an anti-pattern, by
leveraging tools to preemptively compute hashes. Both Nix’s internal
nix-hash and nix hash, along with community
de-factor standard tool nix-prefetch-url, that provides
shortcuts for both fetching remote sources into the Nix store and
computing their hash are all useful to reduce the burden in maintaining
derivations, and should be preferred over the fake hash approach.