FAQ/Pinning Nixpkgs: Difference between revisions

← Older edit

FAQ/Pinning Nixpkgs (view source)

Revision as of 01:01, 13 June 2024

5,630 bytes added , 13 June

m

no edit summary

VisualWikitext

AndersonTorres

7

edits

@@ Line 4: / Line 4: @@
 not impacted by other systems' requirements.
-For example, the following code uses the host's Nixpkgs as a
+Another reason why one would want to pin nixpkgs is to get older versions of a specific software. [https://lazamar.co.uk/nix-versions/ This site] can show you all the versions a package went through, and what nixpkgs revision to use to get your specific version.
+Note: You can <code>sudo nix-channel --remove nixpkgs</code>, but you still need a nix-channel for nixos
+<pre>
+sudo nix-channel --list
+nixos https://nixos.org/channels/nixos-21.05
+</pre>
+== Nix 2.0 onwards ==
+Nix 2.0 introduces new builtins, <code>fetchTarball</code> and <code>fetchGit</code>, which make it possible to fetch a specific version of nixpkgs without depending on an existing one:
+<syntaxhighlight lang="nix">
+import (builtins.fetchTarball {
+  # Descriptive name to make the store path easier to identify
+  name = "nixos-unstable-2018-09-12";
+  # Commit hash for nixos-unstable as of 2018-09-12
+  url = "https://github.com/nixos/nixpkgs/archive/ca2ba44cab47767c8127d1c8633e2b581644eb8f.tar.gz";
+  # Hash obtained using `nix-prefetch-url --unpack <url>`
+  sha256 = "1jg7g6cfpw8qvma0y19kwyp549k1qyf11a5sg6hvn6awvmkny47v";
+}) {}
+</syntaxhighlight>
+Or, to use git for fetching<!-- (this has the advantage of being somewhat faster for updates, but is slower for the initial fetch) [not true anymore, the repository sharing mechanism has been disabled (https://github.com/NixOS/nix/pull/2358)]-->:
+<syntaxhighlight lang="nix">
+import (builtins.fetchGit {
+  # Descriptive name to make the store path easier to identify
+  name = "nixos-unstable-2018-09-12";
+  url = "https://github.com/nixos/nixpkgs/";
+  # Commit hash for nixos-unstable as of 2018-09-12
+  # `git ls-remote https://github.com/nixos/nixpkgs nixos-unstable`
+  ref = "refs/heads/nixos-unstable";
+  rev = "ca2ba44cab47767c8127d1c8633e2b581644eb8f";
+}) {}
+</syntaxhighlight>
+If the <code>ref</code> attribute is omitted, we get an error like this:
+<syntaxhighlight>
+fatal: not a tree object: 3d70d4ba0b6be256974910e635fadcc0e9579b2a
+error: while evaluating the attribute 'buildInputs' of the derivation 'nix-shell' at /nix/store/b93cq865x6qxpn4dw9ivrk3yjcsm8r97-nixos-19.09/pkgs/build-support/mkshell/default.nix:28:3:
+while evaluating 'getOutput' at /nix/store/b93cq865x6qxpn4dw9ivrk3yjcsm8r97-nixos-19.09/lib/attrsets.nix:464:23, called from undefined position:
+while evaluating anonymous function at /nix/store/b93cq865x6qxpn4dw9ivrk3yjcsm8r97-nixos-19.09/pkgs/stdenv/generic/make-derivation.nix:142:17, called from undefined position:
+program 'git' failed with exit code 128
+</syntaxhighlight>
+== Before 2.0 ==
+The following code uses the host's Nixpkgs as a
 springboard to fetch and import a specific, pinned version of Nixpkgs.
 This is safe because the specific code we're using from the variable
@@ Line 20: / Line 70: @@
    pinnedPkgs = hostPkgs.fetchFromGitHub {
      owner = "NixOS";
-     repo = "nixpkgs-channels";
+     repo = "nixpkgs";
      # nixos-unstable as of 2017-11-13T08:53:10-00:00
      rev = "ac355040656de04f59406ba2380a96f4124ebdad";
      sha256 = "0frhc7mnx88sird6ipp6578k5badibsl0jfa22ab9w6qrb88j825";
    };
-in import pinnedPkgs {};
+in import pinnedPkgs {}
 </syntaxhighlight>
@@ Line 40: / Line 90: @@
 $ nix-shell -p nix-prefetch-git
-[nix-shell:~]$ nix-prefetch-git https://github.com/nixos/nixpkgs-channels.git refs/heads/nixos-unstable > nixpkgs-version.json
+[nix-shell:~]$ nix-prefetch-git https://github.com/nixos/nixpkgs.git refs/heads/nixos-unstable > nixpkgs-version.json
 ...
@@ Line 46: / Line 96: @@
 [nix-shell:~]$ cat nixpkgs-version.json
 {
-   "url": "https://github.com/nixos/nixpkgs-channels.git",
+   "url": "https://github.com/nixos/nixpkgs.git",
    "rev": "f607771d0f5e4fa905afff1c772febd9f3103e1a",
    "date": "2018-01-09T11:18:25-05:00",
@@ Line 62: / Line 112: @@
     pinnedPkgs = hostPkgs.fetchFromGitHub {
       owner = "NixOS";
-      repo = "nixpkgs-channels";
+      repo = "nixpkgs";
       inherit (pinnedVersion) rev sha256;
     };
@@ Line 80: / Line 130: @@
     pinnedPkgs = hostPkgs.fetchFromGitHub {
       owner = "NixOS";
-      repo = "nixpkgs-channels";
+      repo = "nixpkgs";
       inherit (pinnedVersion) rev sha256;
     };
@@ Line 103: / Line 153: @@
   in import patchedPkgs {};
 </syntaxhighlight>
+== Pinning an unstable service ==
+How to upgrade a single package and service to an unstable version
+There is probably a better way, especially once flakes come around. Some packages let you specify which <code>package</code> to run as an option but most don't. The following is a generic way that also works for those which don't.
+add to configuration.nix a set allowing unstable packages.
+This assumes a channel named <code>nixpkgs-unstable</code> exists, like so:
+<syntaxhighlight lang="bash">
+nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable
+nix-channel --update
+</syntaxhighlight>
+then in <code>configuration.nix</code> allow unstable packages:
+<syntaxhighlight lang="nix">
+# Allow unstable packages.
+nixpkgs.config = {
+  allowUnfree = true;
+  packageOverrides = pkgs: {
+    unstable = import <nixpkgs-unstable> {
+      config = config.nixpkgs.config;
+    };
+  };
+};
+</syntaxhighlight>
+This means you can now refer to unstable packages as <code>pkgs.unstable.nameofpackage</code> which is great.
+For example:
+<syntaxhighlight lang="nix">
+  environment.systemPackages = with pkgs; [
+        unstable.bind
+        unstable.dnsutils
+        vim
+  ];
+</syntaxhighlight>
+This will use unstable bind and dnsutils, but the stable vim.
+Except bind is a service, and if you want a service....usually you just do something like:
+<syntaxhighlight lang="nix">
+ services.bind.enable = true;
+ ...
+</syntaxhighlight>
+Except services will refer to <code>pkgs.bind</code>, not <code>pkgs.unstable.bind</code>
+so disable services.bind and create your own:
+<syntaxhighlight lang="nix">
+  users.users.named =
+      { uid = config.ids.uids.bind;
+        description = "BIND daemon user";
+      };
+  systemd.services.mybind = {
+        description = "BIND Domain Name Server";
+        unitConfig.Documentation = "man:named(8)";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        preStart = ''
+        mkdir -m 0755 -p /etc/bind
+        if ! [ -f "/etc/bind/rndc.key" ]; then
+          ${pkgs.unstable.bind.out}/sbin/rndc-confgen -c /etc/bind/rndc.key -u named -a -A hmac-sha256 2>/dev/null
+        fi
+        ${pkgs.coreutils}/bin/mkdir -p /run/named
+        chown named /run/named
+      '';
+        serviceConfig = {
+        ExecStart  = "${pkgs.unstable.bind.out}/sbin/named -u named -4 -c /etc/bind/named.conf -f";
+        ExecReload = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload";
+        ExecStop   = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' stop";
+      };
+};
+</syntaxhighlight>
+where all the stuff just comes from the bind services definition(which you can get from the source link on the nixos options page.)
+Just replace named variables, and replace <code>${pkgs.bind.out</code> with <code>${pkgs.unstable.bind.out}</code>
+== See also ==
+- [https://nix.dev/reference/pinning-nixpkgs Pinning Nixpkgs]
+- [https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs Towards Reproducibility: Pinning Nixpkgs]
+- [https://nix.dev/guides/recipes/dependency-management.html Dependency Management]