Thanks Mark. That makes sense.
So I will just use the --no-check-certificate flag since the hash is used for verification in the end anyway. This is really a nice feature being able to download packages from untrusted sites. > On Nov 3, 2018, at 12:19 AM, Mark H Weaver <m...@netris.org> wrote: > > Hi Brian, > > When looking for a file that Guix is trying to download but which is no > longer available at the expected URL, I normally just do a web search > for the file name, in this case "texlive-20170524-extra.tar.xz". Any > site will do. It needn't be a site you trust, because Guix always > checks the sha256 hash anyway. > > If you "guix download" a file with the right name but the wrong > contents, it will be successfully added to the store, but with the wrong > hash string in the file name in /gnu/store, so nothing will ever use it. > When you attempt to restart the build that failed, it will again try to > download it, because the file it needs is not in the store. The bogus > file will be deleted the next time to run "guix gc". > > I did a web search for this file name, and found this: > > ftp://tug.org/texlive/historic/2017/texlive-20170524-extra.tar.xz > > Mark