From cb704bf922aac3032a8bd98d73d708197fa661d9 Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <v@cunat.cz>
Date: Tue, 26 Jul 2022 12:45:00 +0200
Subject: fetchurl: disallow specifying both `sha256` and `hash`

A full check would be more complicated to write -
and more importantly - probably also more expensive.

Motivation: eval-time catch for errors like in commit 8198636be07e4.
---
 pkgs/build-support/fetchurl/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix
index 7ec831c61ac..a85d53adb82 100644
--- a/pkgs/build-support/fetchurl/default.nix
+++ b/pkgs/build-support/fetchurl/default.nix
@@ -117,6 +117,9 @@ let
     else throw "fetchurl requires either `url` or `urls` to be set";
 
   hash_ =
+    # Many other combinations don't make sense, but this is the most common one:
+    if hash != "" && sha256 != "" then throw "multiple hashes passed to fetchurl" else
+
     if hash != "" then { outputHashAlgo = null; outputHash = hash; }
     else if md5 != "" then throw "fetchurl does not support md5 anymore, please use sha256 or sha512"
     else if (outputHash != "" && outputHashAlgo != "") then { inherit outputHashAlgo outputHash; }
-- 
cgit 1.4.1