Nix (軟件包管理器)
Fundamental concepts
Tools and applications
Nix 是一個軟件包管理器和構建系統,它解析由 Nix 表達式語言 (惰性求值的純函數式語言) 指定的可復現的構建指令。Nix 表達式是純函數[1],它接受依賴作為參數,並生成一個 derivation,用於指定該軟件包的可復現的構建環境。Nix 把構建的結果存儲在由完整依賴樹的哈希值指定的唯一地址中,從而創建了一個不可變的包存儲 (即 nix store),使得原子升級、回滾、以及同時安裝同一軟件包的不同版本成為可能,從根本上消除了依賴地獄。
用法
安裝
在 NixOS 上,Nix 已經自動安裝好了。
如果你想在其他 Linux 發行版或在 macOS 上使用 Nix, 你可以按照 Nix 手冊的安裝章節來安裝 Nix。
Nix命令
配置
在NixOS上, Nix通過nix 選項進行配置.
獨立的Nix的配置需要通過nix.conf (通常位於 /etc/nix/), 它定義了一系列和求值,構建,垃圾回收,沙盒,以及用戶權限的設置. 這些可用選項的細節可在Nix參考手冊中找到.
單用戶可使用 Home Manager 進一步配置對聲明式環境的管理. 對於Linux上的系統級配置, 你可以使用 System Manager. 對於macOS上的系統級配置, nix-darwin 是更佳的解決方案.
內部組成
Nix store(Nix存儲庫)
Packages built by Nix are placed in the read-only Nix store, normally found in /nix/store. Each package is given a unique address specified by a cryptographic hash followed by the package name and version, for example /nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1. These prefixes hash all the inputs to the build process, including the source files, the full dependency tree, compiler flags, etc. This allows Nix to simultaneously install different versions of the same package, and even different builds of the same version, for example variants built with different compilers. When adding, removing or updating a package, nothing is removed from the store; instead, symlinks to these packages are added, removed or changed in profiles.
Cleaning the Nix store
For information relating to cleaning the Nix store, refer to NixOS Manual: Chapter - Cleaning the Nix Store.
Nix store corruption
For information relating to fixing a corrupted Nix store, refer to NixOS Manual: Chapter - Nix Store Corruption.
Valid Nix store names
- Main article: Valid Nix store path names
Profiles(系統畫像)
為了建構一個連貫的用戶或系統環境, Nix將Nix存儲庫中的條目符號連結到profile. 這些是Nix允許回滾的"前端": 因為存儲庫是不可變的, 而且以前的profile版本被保留了下來, 回到更早的狀態只需要簡單地讓符號連結指向一個先前的profile. 更精確地說, Nix將二進制文件符號連結到Nix存儲庫中描述用戶環境的條目中. 這些用戶環境隨之被符號連結到/nix/var/nix/profiles中帶有標籤的profile, 而這些profile又被符號連結到用戶的~/.nix-profile.
沙盒化
當沙盒構建被啟用時, Nix會為每一個構建進程設置一個孤立的環境.It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of fetch* functions and files outside the Nix store. Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux); see nix.conf section in the Nix manual for details.
Sandboxing is enabled by default on Linux, and disabled by default on macOS.
In pull requests for Nixpkgs people are asked to test builds with sandboxing enabled (see Tested using sandboxing in the pull request template) because in official Hydra builds sandboxing is also used.
To configure Nix for sandboxing, set sandbox = true in /etc/nix/nix.conf; to configure NixOS for sandboxing set nix.useSandbox = true; in configuration.nix. The nix.useSandbox option is true by default since NixOS 17.09.
可選的解釋器
There is an ongoing effort to reimplement Nix, from the ground up, in Rust.
There is also a community-led fork of Nix 2.18 named Lix, focused on correctness, usability, and growth. While it has also ported some components of Nix to Rust, it is not a ground-up rewrite like Tvix.
Earlier attempts can be found on riir-nix
Notes
- ↑ 值在計算過程中不會改變。當函數的輸入不變時,函數總是輸出相同的結果。