Skip to content

flakes: Locking on effective urls breaks fetching github releases (and probably other things) #4672

Closed
Closed
flakes: Locking on effective urls breaks fetching github releases (and probably other things)#4672
Labels
bug
@johnae

Description

@johnae
johnae
opened on Mar 26, 2021

Describe the bug

Before #4595 was merged we used flakes to lock and fetch github releases. Github uses redirects to so-called signed urls which expire after some time. This means that any flake.lock will, after the merge of #4595, contain unusable urls.

The intention of the merged pull request seems to have been to enable locking of nixos channels which ALSO uses redirects but for a different purpose. I see how that might be useful but I still question the point of enabling the use of nixos channels when flakes are supposed to replace them in the end.

In any case - that merge broke many of of our projects so that we cannot update flake inputs anymore unless we use an older version of Nix.

Steps To Reproduce

  1. Use a Nix version after pull request 4595 was merged
  2. Add an input to a github release, for example:
{
   inputs.fluxcd-x86_64-linux = {
    url = "https://github.com/fluxcd/flux2/releases/download/v0.10.0/flux_0.10.0_linux_amd64.tar.gz";
    flake = false;
  };
}
  1. Lock that input by running nix flake update.
  2. See how the locked url is actually a signed expiring url

Expected behavior

The old behavior of NOT following the redirect.

nix-env --version nix-env (Nix) 2.4pre20210317_8a5203d

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions