Merge pull request #156804 from jonringer/python-update-sri-hash

1 files changed, 9 insertions, 3 deletions

diff --git a/pkgs/development/interpreters/python/update-python-libraries/update-python-libraries.py b/pkgs/development/interpreters/python/update-python-libraries/update-python-libraries.py
index ee610b26202..5f55ed5ecaf 100755
--- a/pkgs/development/interpreters/python/update-python-libraries/update-python-libraries.py
+++ b/pkgs/development/interpreters/python/update-python-libraries/update-python-libraries.py
@@ -340,13 +340,19 @@ def _update_package(path, target):
         raise ValueError("no file available for {}.".format(pname))
 
     text = _replace_value('version', new_version, text)
+    # hashes from pypi are 16-bit encoded sha256's, normalize it to sri to avoid merge conflicts
+    # sri hashes have been the default format since nix 2.4+
+    try:
+        sri_hash = subprocess.check_output(["nix", "hash", "to-sri", "--type", "sha256", new_sha256]).decode('utf-8').strip()
+    except subprocess.CalledProcessError:
+        # nix<2.4 compat
+        sri_hash = subprocess.check_output(["nix", "to-sri", "--type", "sha256", new_sha256]).decode('utf-8').strip()
+
 
     # fetchers can specify a sha256, or a sri hash
     try:
-        text = _replace_value('sha256', new_sha256, text)
+        text = _replace_value('sha256', sri_hash, text)
     except ValueError:
-        # hashes from pypi are 16-bit encoded sha256's, need translate to an sri hash if used with "hash"
-        sri_hash = subprocess.check_output(["nix", "hash", "to-sri", "--type", "sha256", new_sha256]).decode('utf-8').strip()
         text = _replace_value('hash', sri_hash, text)
 
     if fetcher == 'fetchFromGitHub':