Nix Derivations, Without Guessing

For context, this particular article is a cool deep dive into how Nix <i>works</i>, but it doesn&#x27;t represent what using Nix + Nixpkgs is like in practice. I&#x27;ve been using Nix personally and professionally for almost 10 years now (yikes has time passed quickly!) and I have never needed to operate at the level of derivations like this.

What I found hard with Nix is the sheer amount of things I had to get familiar with before it started to really click:<p>- nix, the command-line tool<p>- nix, the language<p>- nixpkgs with the general API&#x2F;idioms (overriding, overlays)<p>- individual nixpkgs packages that sometimes deviate from common practices<p>- flakes (which I haven&#x27;t properly looked into yet)<p>The Nix pills series [1] and nixpkgs documentation [2] do help a lot, but that is quite a lot to process.<p>[1] <a href="https:&#x2F;&#x2F;nixos.org&#x2F;guides&#x2F;nix-pills" rel="nofollow">https:&#x2F;&#x2F;nixos.org&#x2F;guides&#x2F;nix-pills</a><p>[2] <a href="https:&#x2F;&#x2F;nixos.org&#x2F;manual&#x2F;nixpkgs&#x2F;stable&#x2F;" rel="nofollow">https:&#x2F;&#x2F;nixos.org&#x2F;manual&#x2F;nixpkgs&#x2F;stable&#x2F;</a>

I walk away from every article on or attempt to use Nix more mystified

What a fun read. Thanks for the nice call out on my blog.<p>If you&#x27;re also interested I (Farid) also had a follow up where I follow up on how the hashes are calculated. (Using the error to get the hashes also bugged me)<p>I use it to also create vanity hashes :)<p><a href="https:&#x2F;&#x2F;fzakaria.com&#x2F;2025&#x2F;03&#x2F;28&#x2F;what-s-in-a-nix-store-path" rel="nofollow">https:&#x2F;&#x2F;fzakaria.com&#x2F;2025&#x2F;03&#x2F;28&#x2F;what-s-in-a-nix-store-path</a><p><a href="https:&#x2F;&#x2F;fzakaria.com&#x2F;2025&#x2F;03&#x2F;27&#x2F;nix-vanity-store-paths" rel="nofollow">https:&#x2F;&#x2F;fzakaria.com&#x2F;2025&#x2F;03&#x2F;27&#x2F;nix-vanity-store-paths</a>

Ah, don&#x27;t you just like it when projects that use hashsums, calculate them in such a way that you can&#x27;t actually recalculate them on your own? And when you start digging, you find not only that it uses the same basic design of XML-DSig while <i>barely</i> escaping its fatal flaws, it also uses some bizarre data encodings nobody else uses for anything. And then the resulting hash is not even the truncation of the actual hash, it has an additional (again, entirely undocumented) strange post-processing step for unspecified reasons.

Nix derivations are pretty neat!<p>I&#x27;ve been building a Nix store navigator for MyNixOS v2. It can help you get a feel for how derivations are connected in Nix:<p><a href="https:&#x2F;&#x2F;v2.mynixos.com&#x2F;nix&#x2F;store&#x2F;lsk1c4v03y4lmpxdcwal99nm5nwz2rj7-texlive-2024-env.drv" rel="nofollow">https:&#x2F;&#x2F;v2.mynixos.com&#x2F;nix&#x2F;store&#x2F;lsk1c4v03y4lmpxdcwal99nm5nw...</a><p>PS: The controls to the upper right can be used to limit what is downloaded.

What a bizarre and arcane incantation

c.f. guix, where the command is simply `guix hash`.

Now we are really interested in why they do this—probably for backward compatibility with a 20‑year‑old implementation. It’s not messy, just particular.

Is there any technical pathway for changing the underlying hash function? Similar to how git is kind of stuck on SHA1, what would it take to get this onto SHA512?