# Pinning versions

Hackage version Nix SHA-256 Sub-Resource Integrity (SRI)
0.11.0.5 sha256-1f+EBe7HLUtvre7j17hF81J4KRdWPM71wl7TcUCQJHU=

The previous re-packing of .tar.gz to the .nar (Nix Archive) format, to be able to extract the SRI, can be done by using the following shell script and a Hackage Downloads .tar.gz link:

#!/bin/sh

url="$1"

if [ "${url}" == "" ] 
then
    echo "You must provide a URL: ./nixos_hash_sha256_nar.sh https://…/….tar.gz"
else
    nar=$(nix-prefetch-url --type sha256 --unpack ${1})
    
    echo "# Nixos SHA-256 SRI (Sub-Resource Integrity) for '${url}' is:"
    nix hash convert \
        --extra-experimental-features nix-command \
        --hash-algo sha256 --to sri ${nar}
    echo
fi

You will now be able to use the information from above, on the header script files as such:

#! /usr/bin/env nix-shell
#! nix-shell --keep --pure -i runghc
#! nix-shell --keep --pure -p haskell.compiler.ghc9103 cacert curl git
#! nix-shell --keep --pure -p '(((haskellPackages.override{ overrides = self: super: { containers = haskell.lib.dontCheck(self.callHackage "containers" "0.8" {});};}).extend (self: super: {pin = self.callHackageDirect { pkg = "A-gent"; ver = "0.11.0.5"; sha256 = "1f+EBe7HLUtvre7j17hF81J4KRdWPM71wl7TcUCQJHU=";} {};})).ghcWithPackages (ps: with ps; [pin]))'

Due to the limitations of nix scripting, we sadly need to pass the package pinning as a one-liner (horizontal scroll code block from above). However, for the sake of transparency, we are going to explain in detail:

SPISE MISU ApS logo. Hakyll logo. GitLab logo. CC BY-NC-ND logo.