Abusing SHA-1 collisions for Chromium updates
XXX: This is essentially the same as:
… except that tryEval on fetchurl isn’t working and doesn’t catch
errors for fetchurl, so we go for a different approach. We only have fixed-output derivations that can have networking access, so
we abuse SHA1 and its weaknesses to forge a fixed-output derivation which
is not so fixed, because it emits different contents that have the same
Using this method, we can distinguish whether the URL is available or
Unfortunately there’s no older version than
# We only support GNU/Linux right now. # This file is autogenerated from update.sh in the same directory.
Source: github.com