From 8e8b3fa1bb3aaabae1cf7fabd6e91e4f4300cb6d Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Wed, 29 Sep 2021 14:34:24 +0200
Subject: [PATCH 1/2] invalidateFetcherByDrvHash: Add self-check

... so it won't break when the fetcher doesn't use name correctly.
---
 pkgs/top-level/all-packages.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2865279cbddb..d28ff9fdb813 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -618,7 +618,15 @@ with pkgs;
       drvPath = (f args).drvPath;
       # It's safe to discard the context, because we don't access the path.
       salt = builtins.unsafeDiscardStringContext (lib.substring 0 12 (baseNameOf drvPath));
-    in f (args // { name = "${args.name or "source"}-salted-${salt}"; });
+      # New derivation incorporating the original drv hash in the name
+      salted = f (args // { name = "${args.name or "source"}-salted-${salt}"; });
+      # Make sure we did change the derivation. If the fetcher ignores `name`,
+      # `invalidateFetcherByDrvHash` doesn't work.
+      checked =
+        if salted.drvPath == drvPath
+        then throw "invalidateFetcherByDrvHash: Adding the derivation hash to the fixed-output derivation name had no effect. Make sure the fetcher's name argument ends up in the derivation name. Otherwise, the fetcher will not be re-run when its implementation changes. This is important for testing."
+        else salted;
+    in checked;
 
   lazydocker = callPackage ../tools/misc/lazydocker { };
 

From 16a4da9127418cd031a5b43bcf2d3b2ce96aafd6 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Wed, 29 Sep 2021 14:37:31 +0200
Subject: [PATCH 2/2] dockerTools: Test pullImage fetcher whenever its
 implementation changes

---
 nixos/tests/docker-tools.nix           | 2 +-
 pkgs/build-support/docker/examples.nix | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix
index 4c3c26980aa2..165a99fd5873 100644
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@@ -119,7 +119,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
 
     with subtest("The pullImage tool works"):
         docker.succeed(
-            "docker load --input='${examples.nixFromDockerHub}'",
+            "docker load --input='${examples.testNixFromDockerHub}'",
             "docker run --rm nix:2.2.1 nix-store --version",
             "docker rmi nix:2.2.1",
         )
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index c66aca56fea0..fc0958a5fdd4 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -95,6 +95,15 @@ rec {
     finalImageTag = "2.2.1";
     finalImageName = "nix";
   };
+  # Same example, but re-fetches every time the fetcher implementation changes.
+  # NOTE: Only use this for testing, or you'd be wasting a lot of time, network and space.
+  testNixFromDockerHub = pkgs.invalidateFetcherByDrvHash pullImage {
+    imageName = "nixos/nix";
+    imageDigest = "sha256:85299d86263a3059cf19f419f9d286cc9f06d3c13146a8ebbb21b3437f598357";
+    sha256 = "19fw0n3wmddahzr20mhdqv6jkjn1kanh6n2mrr08ai53dr8ph5n7";
+    finalImageTag = "2.2.1";
+    finalImageName = "nix";
+  };
 
   # 5. example of multiple contents, emacs and vi happily coexisting
   editors = buildImage {