How to calculate the hash of my package directly?

[tisonkun]

I built a package for uuid.

For using it in a downstream project, I can specify the dependency:

.{
    .name = "test-uuid-zig",
    .version = "0.1.0",
    .paths = .{""},
    .dependencies = .{
        .uuid = .{
            .url = "https://github.com/zonland/uuid-zig/archive/refs/tags/v0.2.0.tar.gz",
            .hash = "1220796594b8df14a39442f5f5b0e159c9be42338bc84334589e1f8230c83be88fb9",
        },
    },
}

However, the hash part is tricky - as a package owner, I don't know how to calculate it directly, but now I put any valid hash value (not even just "") to the hash field and let zig tells me what's true.

It can be less than awesome but if I can do it directly and thus share the hash during the release instead of after the release and hotfix the release note.

[ianprime0509]

There are two ways to do this:

1. zig fetch https://github.com/andrewrk/libz/archive/6f1bcf921df0a3541a4efb65a5e0120cb0b3bb40.tar.gz - this will fetch the package to the global package cache and print the hash
2. Omit the hash field from build.zig.zon entirely and let zig build tell you what the correct hash is when you run it

Also, it's recommended to ask questions in one of the Zig communities (https://github.com/ziglang/zig/wiki/Community) rather than on the issue tracker.

[tisonkun]

one of the Zig communities

Would you select one of them? It's too many and the last time I go through them, it doesn't seem they are active.

[tisonkun]

Omit the hash field from build.zig.zon entirely and let zig build tell you what the correct hash is when you run it

Thank you! I ever used .hash = "" so it tells me that length mismatch. But totally omitting the field returns:

note: expected .hash = "1220796594b8df14a39442f5f5b0e159c9be42338bc84334589e1f8230c83be88fb9",

so this helps.

[ianprime0509]

Ziggit gets a decent amount of attention. Personally, I'm also active on the Zig Programming Language Discord, but I'm wary of trying to steer everyone into a proprietary chat platform we can't control. Ultimately, I think it's up to which platforms you feel most comfortable using; if enough other people feel the same way, then a community will naturally grow out of that.

[tisonkun]

$ zig fetch https://github.com/zonland/uuid-zig/archive/refs/tags/v0.2.0.tar.gz
info: Usage: zig [command] [options]
...
error: unknown command: fetch

It doesn't seem that zig fetch a valid command?

[ianprime0509]

If you're using 0.11, it isn't there; it was added recently in #17363 and is available on master.

[tisonkun]

@ianprime0509 Thank you!

However, I realize that these two methods still calculate the hash after the release is made. It implies to me that it's the downstream's responsibility to verify the files and specify the hash - is it correct?

[tisonkun]

Well. According to #17363, I may fetch a local package so the hash is calculated also.