+ Nix supports a number of hash algorithms: +
+-
+
-
+
+
++ MD5 (deprecated) ++
+ -
+
+
++ SHA-1 (deprecated) ++
+ -
+
+ SHA-256 (default) +
+
+ -
+
+ SHA-512 +
+
+ -
+
+ BLAKE3 (experimental) +
+
+
+ BLAKE3 support requires Nix version 2.31+ & enabling the blake3-hashes experimental feature. +This algorithm is very good with tree-like structuresâââlike the file system, which is what Nix is often hashing. +BLAKE3 offers faster hashing & is more secure which makes it a good choice for new setups that can afford to try it out. +At the time of writing, Nix flakes does not & cannot support changing the hash algorithm away from SHA-256 for input pinning requiring an input pinner like Nixtamal to automate it. +
++ How to use the BLAKE3 hash algorithm with Nix + Nixtamal +
++ Letâs show the way using the WhisperFish repositoryâs latest commit, but you can use any input kind. +
++ Using BLAKE3 on a single input +
+// manifest.kdl +inputs { + whisperfish { + archive { + url "https://gitlab.com/whisperfish/whisperfish/-/archive/{{fresh-value}}/whisperfish-{{fresh-value}}.tar.bz2" + } + hash algorithm=BLAKE3 + } + fresh-cmd { + $ git ls-remote --branches main "https://gitlab.com/whisperfish/whisperfish.git" + | cut -f1 + } +}+
+ Additionally, you can set BLAKE3 to be the default in the manifest fileâs top level. +
++ Project-wide default +
+// manifest.kdl +version "1.0.0" +default-hash-algorithm BLAKE3+