Cryptographic hash functions are a core part of Nix, often realised through Nix’s built-in usage of Git to ensure source integrity and reproducibility. This creates a development chore to provide these values when writing and maintaining a derivation. A commonly published workaround is to use a fake hash, such as a string of zeroes, which prompts Nix to throw an error indicating the correct hash:
sha256 = "0000000000000000000000000000000000000000000000000000";Leveraging the built-in variable lib.fakeSha256 reduces
the effort of ensuring the fake hash has the correct format, making it
easier to obtain the correct hash for the derivation:
sha256 = lib.fakeSha256;Avoid deliberately invoking evaluation of the derivation with a fake
hash just to trigger an error, which feels like an anti-pattern, by
leveraging tools to preemptively compute hashes. Both Nix’s internal
nix-hash and nix hash, along with the
community de facto standard tool nix-prefetch-url, which
provides shortcuts for both fetching remote sources into the Nix store
and computing their hash, are useful for reducing the burden of
maintaining derivations and should be preferred over the fake-hash
approach.