[Backport release-25.05] treewide: add --extra-experimental-features nix-command to nix hash invocations

[mdaniels5757]

Manual backport of #421823 to release-25.05.

I resolved merge conflicts, so the cherry-pick check will fail.

Also note that because I'm only concerned with unblocking automatic backports for these packages, I didn't backport changes to files that didn't exist under the same name in master as in stable (e.g. if there was a non-backported by-name migration).

• Before merging, ensure that this backport is acceptable for the release.
  • Even as a non-committer, if you find that it is not acceptable, leave a comment.

[github-actions]

This report is automatically generated by the PR / Check / cherry-pick CI workflow.

Some of the commits in this PR require the author's and reviewer's attention.

Sometimes it is not possible to cherry-pick exactly the same patch.
This most frequently happens when resolving merge conflicts.
The range-diff will help to review the resolution of conflicts.

If you need to merge this PR despite the warnings, please dismiss this review shortly before merging.

Warning

Difference between 6804039 and original df42f85 may warrant inspection.

Show diff

@@ Metadata
  ## Commit message ##
     treewide: add --extra-experimental-features nix-command to nix hash invocations
 
+    (cherry picked from commit df42f855db1d882e75d30d8a5282a2f65959668a)
+
  ## maintainers/scripts/copy-tarballs.pl ##
 @@ maintainers/scripts/copy-tarballs.pl: elsif (defined $expr) {
  
@@ pkgs/by-name/ba/balatro/package.nix: stdenv.mkDerivation (finalAttrs: {
    };
  
 
- ## pkgs/by-name/be/beekeeper-studio/update.sh ##
-@@ pkgs/by-name/be/beekeeper-studio/update.sh: fi
- 
- nix-update beekeeper-studio --version "$latestVersion" || true
- 
--hash=$(nix hash convert --to sri --hash-algo sha256 $(nix-prefetch-url "$(nix eval -f . --raw beekeeper-studio.src.url --system aarch64-linux)"))
-+hash=$(nix --extra-experimental-features nix-command hash convert --to sri --hash-algo sha256 $(nix-prefetch-url "$(nix eval -f . --raw beekeeper-studio.src.url --system aarch64-linux)"))
- update-source-version beekeeper-studio $latestVersion $hash --system=aarch64-linux --ignore-same-version
-
  ## pkgs/by-name/bi/bilibili/update.sh ##
 @@ pkgs/by-name/bi/bilibili/update.sh: amd64_hash=$(nix-prefetch-url $amd64_url)
  arm64_hash=$(nix-prefetch-url $arm64_url)
@@ pkgs/by-name/bu/buck2/update.sh: printf ", \"_prelude\": \"$PRELUDE_SRIHASH\"\n"
  done
  echo "}" >> "$HFILE"
 
- ## pkgs/by-name/bu/buckets/package.nix ##
-@@ pkgs/by-name/bu/buckets/package.nix: let
-     .${system};
- 
-   # Get hash in sri format
--  # nix-prefetch-url <url> | xargs nix hash convert --hash-algo sha256
-+  # nix-prefetch-url <url> | xargs nix --extra-experimental-features nix-command hash convert --hash-algo sha256
-   hash =
-     {
-       x86_64-linux = "sha256-DK5+VT4+OCcJ4Bbv6GGs6R332GMsD1gNEmcz0iaJb1c=";
-
  ## pkgs/by-name/ch/chatgpt/update.sh ##
 @@ pkgs/by-name/ch/chatgpt/update.sh: XML_DATA=$(curl -s $XML_URL)
  LATEST_VERSION=$(echo "$XML_DATA" | xmllint --xpath '/rss/channel/item[1]/*[local-name()="shortVersionString"]/text()' -)
@@ pkgs/by-name/ch/chatgpt/update.sh: XML_DATA=$(curl -s $XML_URL)
  
 
  ## pkgs/by-name/cl/clojure-lsp/package.nix ##
-@@ pkgs/by-name/cl/clojure-lsp/package.nix: buildGraalvmNativeImage (finalAttrs: {
-     old_jar_hash="$(nix-instantiate --strict --json --eval -A clojure-lsp.jar.drvAttrs.outputHash | jq -r .)"
+@@ pkgs/by-name/cl/clojure-lsp/package.nix: buildGraalvmNativeImage rec {
+ 
+     old_jar_hash=$(nix-instantiate --eval --strict -A "clojure-lsp.jar.drvAttrs.outputHash" | tr -d '"' | sed -re 's|[+]|\\&|g')
  
-     curl -o clojure-lsp-standalone.jar -sL "https://github.com/clojure-lsp/clojure-lsp/releases/download/$latest_version/clojure-lsp-standalone.jar"
--    new_jar_hash="$(nix-hash --flat --type sha256 clojure-lsp-standalone.jar | xargs -n1 nix hash convert --hash-algo sha256)"
+-    curl -o clojure-lsp-standalone.jar -sL https://github.com/clojure-lsp/clojure-lsp/releases/download/$latest_version/clojure-lsp-standalone.jar
+-    new_jar_hash=$(nix-hash --flat --type sha256 clojure-lsp-standalone.jar | sed -re 's|[+]|\\&|g')
++    curl -o clojure-lsp-standalone.jar -sL "https://github.com/clojure-lsp/clojure-lsp/releases/download/$latest_version/clojure-lsp-standalone.jar"
 +    new_jar_hash="$(nix-hash --flat --type sha256 clojure-lsp-standalone.jar | xargs -n1 nix --extra-experimental-features nix-command hash convert --hash-algo sha256)"
  
      rm -f clojure-lsp-standalone.jar
@@ pkgs/by-name/dr/draupnir/update.sh: cd $TMPDIR
  cd -
  echo "New yarn offline hash: $NEW_YARN_OFFLINE_HASH"
 
- ## pkgs/by-name/du/duplicati/package.nix ##
-@@ pkgs/by-name/du/duplicati/package.nix: let
-     "aarch64-linux" = "linux-arm64";
-   };
-   _platform = _supportedPlatforms."${stdenv.hostPlatform.system}";
--  # nix hash convert --to sri "sha256:`nix-prefetch-url --unpack https://updates.duplicati.com/stable/duplicati-2.1.0.5_stable_2025-03-04-linux-arm64-cli.zip`"
-+  # nix --extra-experimental-features nix-command hash convert --to sri "sha256:`nix-prefetch-url --unpack https://updates.duplicati.com/stable/duplicati-2.1.0.5_stable_2025-03-04-linux-arm64-cli.zip`"
-   _fileHashForSystem = {
-     "armv7l-linux" = "sha256-FQQ07M0rwvxNkHPW6iK5WBTKgFrZ4LOP4vgINfmtq4k=";
-     "x86_64-linux" = "sha256-1QspF/A3hOtqd8bVbSqClJIHUN9gBrd18J5qvZJLkQE=";
-
  ## pkgs/by-name/dy/dynamodb-local/package.nix ##
 @@ pkgs/by-name/dy/dynamodb-local/package.nix: stdenvNoCC.mkDerivation (finalAttrs: {
        fi
@@ pkgs/by-name/fl/fluxcd/update.sh: if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; t
  
      if [ -n "${VENDOR_HASH:-}" ]; then
 
- ## pkgs/by-name/ga/gauge/plugins/make-gauge-plugin.nix ##
-@@ pkgs/by-name/ga/gauge/plugins/make-gauge-plugin.nix: stdenvNoCC.mkDerivation (
- 
-             echo "Fetching hash for $system"
-             hash=$(nix-prefetch-url --type sha256 $url --unpack)
--            sriHash="$(nix hash to-sri --type sha256 $hash)"
-+            sriHash="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $hash)"
- 
-             yq -iPoj ". + { \"$system\": { \"url\": \"$url\", \"hash\": \"$sriHash\" } }" "$tempfile"
-         }
-@@ pkgs/by-name/ga/gauge/plugins/make-gauge-plugin.nix: stdenvNoCC.mkDerivation (
- 
-             echo "Fetching hash"
-             hash=$(nix-prefetch-url --type sha256 $url --unpack)
--            sriHash="$(nix hash to-sri --type sha256 $hash)"
-+            sriHash="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $hash)"
- 
-             yq -iPoj ". + { \"url\": \"$url\", \"hash\": \"$sriHash\" }" "$tempfile"
-         }
-
  ## pkgs/by-name/go/google-chrome/update.sh ##
 @@ pkgs/by-name/go/google-chrome/update.sh: update_linux() {
  
@@ pkgs/by-name/go/google-chrome/update.sh: update_darwin() {
      sed -i "/^  darwin = stdenvNoCC.mkDerivation/,/^  });/s/version = \".*\"/version = \"$manifest_version\"/" "$DEFAULT_NIX"
      sed -i "/^  darwin = stdenvNoCC.mkDerivation/,/^  });/s|hash = \".*\"|hash = \"$new_sri_hash\"|" "$DEFAULT_NIX"
 
- ## pkgs/by-name/ha/hamrs-pro/update.sh ##
-@@ pkgs/by-name/ha/hamrs-pro/update.sh: for system in \
-     aarch64-linux \
-     x86_64-darwin \
-     aarch64-darwin; do
--    hash=$(nix hash convert --to sri --hash-algo sha256 $(nix-prefetch-url $(nix-instantiate --eval -E "with import ./. {}; hamrs-pro.src.url" --system "$system" | tr -d '"')))
-+    hash=$(nix --extra-experimental-features nix-command hash convert --to sri --hash-algo sha256 $(nix-prefetch-url $(nix-instantiate --eval -E "with import ./. {}; hamrs-pro.src.url" --system "$system" | tr -d '"')))
-     update-source-version hamrs-pro $latestVersion $hash --system=$system --ignore-same-version
- done
-
  ## pkgs/by-name/he/hey-mail/package.nix ##
 @@ pkgs/by-name/he/hey-mail/package.nix: stdenv.mkDerivation (finalAttrs: {
      if [[ "x$UPDATE_NIX_OLD_VERSION" != "x$version" ]]; then
@@ pkgs/by-name/ho/hoppscotch/update.sh: for system in \
      x86_64-linux \
      x86_64-darwin \
      aarch64-darwin; do
--    hash=$(nix hash convert --to sri --hash-algo sha256 $(nix-prefetch-url $(nix-instantiate --eval -E "with import $BASEDIR {}; hoppscotch.src.url" --system "$system" | tr -d '"')))
+-    hash=$(nix hash convert --to sri --hash-algo sha256 $(nix-prefetch-url $(nix-instantiate --eval -E "with import ./. {}; hoppscotch.src.url" --system "$system" | tr -d '"')))
+-    update-source-version hoppscotch $latestVersion $hash --system=$system --ignore-same-version
 +    hash=$(nix --extra-experimental-features nix-command hash convert --to sri --hash-algo sha256 $(nix-prefetch-url $(nix-instantiate --eval -E "with import $BASEDIR {}; hoppscotch.src.url" --system "$system" | tr -d '"')))
-     (cd $BASEDIR && update-source-version hoppscotch $latestVersion $hash --system=$system --ignore-same-version)
++    (cd $BASEDIR && update-source-version hoppscotch $latestVersion $hash --system=$system --ignore-same-version)
  done
 
  ## pkgs/by-name/i-/i-dot-ming/package.nix ##
@@ pkgs/by-name/je/jenkins/package.nix: stdenv.mkDerivation (finalAttrs: {
          update-source-version jenkins "$version" "$hash"
 
  ## pkgs/by-name/je/jetbrains-toolbox/update.sh ##
-@@ pkgs/by-name/je/jetbrains-toolbox/update.sh: for system in $systems; do
-       unpack=""
-     fi
-     prefetch=$(nix-prefetch-url $unpack "$url")
+@@ pkgs/by-name/je/jetbrains-toolbox/update.sh: for entry in "${linux_systems[@]}"; do
+     arch="${entry%%:*}"
+     suffix="${entry#*:}"
+     prefetch=$(nix-prefetch-url --unpack "https://download.jetbrains.com/toolbox/jetbrains-toolbox-$latestVersion$suffix.tar.gz")
 -    hash=$(nix hash convert --hash-algo sha256 --to sri $prefetch)
 +    hash=$(nix --extra-experimental-features nix-command hash convert --hash-algo sha256 --to sri $prefetch)
-     update-source-version jetbrains-toolbox $latestVersion $hash --system=$system --ignore-same-version
+     update-source-version jetbrains-toolbox $latestVersion $hash --system=$arch --ignore-same-version
+ done
+ 
+@@ pkgs/by-name/je/jetbrains-toolbox/update.sh: for entry in "${darwin_systems[@]}"; do
+     arch="${entry%%:*}"
+     suffix="${entry#*:}"
+     prefetch=$(nix-prefetch-url "https://download.jetbrains.com/toolbox/jetbrains-toolbox-$latestVersion$suffix.dmg")
+-    hash=$(nix hash convert --hash-algo sha256 --to sri $prefetch)
++    hash=$(nix --extra-experimental-features nix-command hash convert --hash-algo sha256 --to sri $prefetch)
+     update-source-version jetbrains-toolbox $latestVersion $hash --system=$arch --ignore-same-version
  done
 
  ## pkgs/by-name/ke/keyguard/update.sh ##
@@ pkgs/by-name/om/ombi/update.sh: updateHash()
  }
 
  ## pkgs/by-name/pd/pdfium-binaries/update.sh ##
-@@ pkgs/by-name/pd/pdfium-binaries/update.sh: for system in \
-     aarch64-linux \
-     x86_64-darwin \
-     aarch64-darwin; do
--    hash=$(nix hash convert --to sri --hash-algo sha256 $(nix-prefetch-url --unpack $(nix-instantiate --eval -E "with import ./. {}; pdfium-binaries.src.url" --system "$system" | tr -d '"')))

[...truncated...]

Hint: The full diffs are also available in the runner logs with slightly better highlighting.

[philiptaron]

Thanks for your work here Michael @mdaniels5757. As the author of this PR, I don't think I would backport it. Almost all the changes are in Nix update scripts, which are not appropriate in almost every case from being run on the release branch. So the backport work (if the PR includes changes to the merge script) is just to drop those changes.

[mdaniels5757]

OK