Nix (package manager): Difference between revisions

(103 intermediate revisions by 30 users not shown)

Line 1:

{{~~warning~~|~~text~~="This ~~discussion~~ article is ~~incomplete~~, ~~so contributions~~ are ~~welcome~~. ~~Please consult~~ the [[~~:Category:Discussion~~|~~discussion article metapage~~]] for ~~guidelines on contributing to discussion articles~~.~~"}}~~

{{Disambiguation|message=This article is about the Nix package manager. Not to be confused with the [[Nix ecosystem]], the [[Nix (language)|Nix language]] or the [[Nix (command)|Nix command]].}}

Nix is a package manager and build system that parses reproducible build instructions specified in the [[Nix Expression Language]], a pure functional language with lazy evaluation. Nix expressions are pure functions<ref>Values cannot change during computation. Functions always produce the same output if their input does not change. </ref>taking dependencies as arguments and producing a ''[[Derivations|derivation]]'' specifying a reproducible build environment for the package. Nix stores the results of the build in unique addresses specified by a hash of the complete dependency tree, creating an immutable package store (aka the [[#Nix store|nix store]]) that allows for atomic upgrades, rollbacks and concurrent installation of different versions of a package, essentially eliminating [https://en.wikipedia.org/wiki/Dependency_hell dependency hell].

~~This [[~~:~~Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager.~~

== Usage ==

= ~~Sandbox builds~~ =

=== Installation ===

On [[NixOS]], Nix is automatically installed.

~~When sandbox builds are enabled,~~

~~Nix will setup an isolated environment for each build process.~~

On other Linux distributions or on macOS, you can install Nix following the [https://nixos.org/manual/nix/stable/installation/installation installation section of the Nix manual].

~~It is used to remove further hidden dependencies set by the build environment to improve reproducibility.~~

~~This includes access to the network during the build outside of~~ <~~code~~>~~fetch*</code> functions and files outside the Nix store.~~

~~Depending~~ on the ~~operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);~~

~~see~~ [https://nixos.org/nix/manual~~/#description-45 build-use-sandbox~~] ~~in nix manual for details~~.

~~Sandboxes are not enabled by default in~~ Nix ~~as there are cases where it makes building packages harder (for example~~ <~~code>npm install</code> will not work due missing network access).~~

=== Nix commands ===

~~In pull requests for [https~~:~~//github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code~~>~~Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used.~~

~~Depending if you use NixOS or other platforms you can use one of~~ the ~~following methods~~ to ~~enable sandboxing~~.

The [[Nix (command line utilities)|Nix commands]] are documented in the [https://nixos.org/manual/nix/stable/command-ref/command-ref Nix reference manual]: main commands, utilities and experimental commands. Prior to version 2.0 (released in February 2018) there have been different commands.

== ~~Enable sandbox builds in~~ NixOS ==

=== Configuration ===

On NixOS, Nix can be configured using the [https://search.nixos.org/options?query=nix. <code>nix</code> option].

In <code>~~configuration~~.nix</code> ~~put~~

Standalone Nix is configured through <code>nix.conf</code> (usually found in <code>/etc/nix/</code>). Details on the available options are [https://nixos.org/manual/nix/stable/command-ref/conf-file found in the Nix reference manual].

<~~syntaxHighlight lang="nix"~~>

nix.~~useSandbox = true;~~

You can also configure Nix using [[Home Manager]], which manages declarative environments for a single user. For system-wide configuration, you can use [https://github.com/numtide/system-manager System Manager] on Linux and [https://github.com/LnL7/nix-darwin nix-darwin] on macOS.

~~</syntaxHighlight>~~

== ~~Enable sandbox builds on Non-NixOS platforms~~ ==

== Internals ==

In <~~code~~>~~/etc/nix/nix.conf</code> put~~

=== Nix store ===

<~~syntaxHighlight lang="nix"~~>

~~build-use-sandbox~~ = ~~true~~

{{Split|reason=The nix store is conceptually separate enough that it warrants a separate article.}}

~~</syntaxHighlight>~~

~~== Enable sandbox~~ builds for a ~~single build ==~~

Packages built by Nix are placed in the read-only ''Nix store'', normally found in <code>/nix/store</code>. Each package is given a unique address specified by a cryptographic hash followed by the package name and version, for example <code>/nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1</code>. These prefixes hash all the inputs to the build process, including the source files, the full dependency tree, compiler flags, etc. This allows Nix to simultaneously install different versions of the same package, and even different builds of the same version, for example variants built with different compilers. When adding, removing or updating a package, nothing is removed from the store; instead, symlinks to these packages are added, removed or changed in ''profiles''.

~~Commands like~~ <~~code>nix~~-~~build</code> or <code>nix~~-~~shell</code> accept an option flag for single builds.~~

==== Cleaning the Nix store ====

~~Suppose you want test a new package called <code~~>~~hello</code>, you have added to nixpkgs:~~

<~~syntaxHighlight lang="nix">~~

~~nix~~-~~shell~~ -~~I nixpkgs=/path/to/nixpkgs~~ --~~option build~~-~~use~~-~~sandbox true~~ -~~p hello~~

For information relating to cleaning the Nix store, refer to {{NixOS Manual|name=NixOS Manual: Chapter - Cleaning the Nix Store|anchor=#sec-nix-gc}}.

~~</syntaxHighlight>~~

= Nix ~~on Linux~~ =

==== Nix store corruption ====

~~This section is about~~ Nix ~~on Non~~-~~NixOS Linux distributions~~.

For information relating to fixing a corrupted Nix store, refer to {{NixOS Manual|name=NixOS Manual: Chapter - Nix Store Corruption|anchor=#sec-nix-store-corruption}}.

== ~~Install~~ Nix ~~for a single user~~ ==

==== Valid Nix store names ====

~~To install~~ Nix ~~from any Linux distribution, use the following two commands (assumes you have the permission to use sudo and you are logged in as the user you want to install Nix for).~~

<~~syntaxHighlight lang="bash">~~

=== Profiles ===

~~sudo install~~ -d -~~m755~~ -~~o $USER~~ -~~g $USER /nix~~

~~curl https://nixos.org/nix/install | sh~~

~~</syntaxHighlight~~>

~~After that being done~~, ~~you can use all~~ Nix ~~commands as~~ a ~~normal~~ user ~~without any special permissions (for example by using~~ <code>~~sudo~~</code>)

In order to construct a coherent user or system environment, Nix symlinks entries of the Nix store into ''profiles''. These are the front-end by which Nix allows rollbacks: since the store is immutable and previous versions of profiles are kept, reverting to an earlier state is simply a matter of change the symlink to a previous profile. To be more precise, Nix symlinks binaries into entries of the Nix store representing the user environments. These user environments are then symlinked into labeled profiles stored in <code>/nix/var/nix/profiles</code>, which are in turn symlinked to the user's <code>~/.nix-profile</code>.

== ~~Common Errors~~ ==

=== Sandboxing ===

~~=== Bad configuration option~~: ~~gssapikexalgorithms ===~~

When sandbox builds are enabled, Nix will setup an isolated environment for each build process. It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store. Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux).

~~Found when using an SSH binary from Nix~~ on ~~typically RPM-based distros like CentOS, Fedora, Scientific~~ Linux, ~~Redhat, etc~~. ~~'''The quick fix~~:~~''' Just comment out~~ the ~~configuration option~~ in ~~the ssh config file, you probably don't need it~~.

Sandboxing is enabled by default on Linux, and disabled by default on macOS.

In pull requests for [https://github.com/NixOS/nixpkgs/ Nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official Hydra builds] sandboxing is also used.

==~~= Desktop Environment does not find~~ .~~desktop files ===~~

To configure Nix for sandboxing, set <code>sandbox = true</code> in <code>/etc/nix/nix.conf</code>; to configure NixOS for sandboxing set <code>nix.useSandbox = true;</code> in <code>configuration.nix</code>. The <code>nix.useSandbox</code> option is <code>true</code> by default since NixOS 17.09.

~~IF your DE does not look in~~ <~~code>$HOME/.nix~~-~~profile/share</code> for .desktop files.~~

=== Alternative Interpreters ===

You need to add that path to the <code>XDG_DATA_DIRS</code>, the position reflects precedence so files in earlier directories shadow files in later directories. This can be accomplished in various ways depending on your login manager, see [https:~~//wiki.archlinux.org/index.php/Xprofile Arch wiki: Xprofile] for more information.~~

~~For example using <code~~>~~~/.xprofile</code> as follows:~~

<~~syntaxHighlight lang="bash"~~>

~~export XDG_DATA_DIRS=$HOME/~~.~~nix-profile/share:/usr/local/share:/usr/share~~

There is an ongoing effort to reimplement Nix, from the ground up, in Rust.

~~</syntaxHighlight>~~

~~Notice that you have to include the default locations on your system, otherwise they will be overwritten. Find out the proper paths using~~ <~~code~~>~~echo $XDG_DATA_DIRS<~~/~~code>~~. ~~(Note: <code>export XDG_DATA_DIRS=$HOME/~~.~~nix-profile~~/~~share:$XDG_DATA_DIRS<~~/~~code> did not work, XDG_DATA_DIRS ended up containing only <code>$HOME/.nix~~-~~profile~~/~~share:<~~/~~code> which isn't even a valid path.)~~

* [https://cs.tvl.fyi/depot/-/tree/tvix tvix]

There is also a community-led fork of Nix 2.18 named Lix, focused on correctness, usability, and growth. While it has also ported some components of Nix to Rust, it is not a ground-up rewrite like Tvix.

* [https://lix.systems/ lix]

[[Category:~~Discussion~~]]

Earlier attempts can be found on [https://riir-nix.github.io/ riir-nix]

==Notes==

[[Category:Pedias]]

[[Category:Nix]]

[[Category:Incomplete]]

[[Category:Software]]

</translate>

@@ Line 1: / Line 1: @@
-{{warning|text="This discussion article is incomplete, so contributions are welcome. Please consult the [[:Category:Discussion|discussion article metapage]] for guidelines on contributing to discussion articles."}}
+<languages/>
+<translate>
+<!--T:1-->
+{{Navbox Nix}}
+{{Disambiguation|message=This article is about the Nix package manager. Not to be confused with the [[Nix ecosystem]], the [[Nix (language)|Nix language]] or the [[Nix (command)|Nix command]].}}
+Nix is a package manager and build system that parses reproducible build instructions specified in the [[Nix Expression Language]], a pure functional language with lazy evaluation. Nix expressions are pure functions<ref>Values cannot change during computation. Functions always produce the same output if their input does not change. </ref>taking dependencies as arguments and producing a ''[[Derivations|derivation]]'' specifying a reproducible build environment for the package. Nix stores the results of the build in unique addresses specified by a hash of the complete dependency tree, creating an immutable package store (aka the [[#Nix store|nix store]]) that allows for atomic upgrades, rollbacks and concurrent installation of different versions of a package, essentially eliminating [https://en.wikipedia.org/wiki/Dependency_hell dependency hell].
-This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager.
+== Usage == <!--T:2-->
-= Sandbox builds =
+<!--T:3-->
+=== Installation ===
+On [[NixOS]], Nix is automatically installed.
-When sandbox builds are enabled,
+<!--T:4-->
-Nix will setup an isolated environment for each build process.
+On other Linux distributions or on macOS, you can install Nix following the [https://nixos.org/manual/nix/stable/installation/installation installation section of the Nix manual].
-It is used to remove further hidden dependencies set by the build environment to improve reproducibility.
-This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store.
-Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);
-see [https://nixos.org/nix/manual/#description-45 build-use-sandbox] in nix manual for details.
-Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access).
+=== Nix commands === <!--T:5-->
-In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used.
-Depending if you use NixOS or other platforms you can use one of the following methods to enable sandboxing.
+<!--T:6-->
+The [[Nix (command line utilities)|Nix commands]] are documented in the [https://nixos.org/manual/nix/stable/command-ref/command-ref Nix reference manual]: main commands, utilities and experimental commands. Prior to version 2.0 (released in February 2018) there have been different commands.
-== Enable sandbox builds in NixOS ==
+<!--T:7-->
+=== Configuration ===
+On NixOS, Nix can be configured using the [https://search.nixos.org/options?query=nix. <code>nix</code> option].
-In <code>configuration.nix</code> put
+<!--T:8-->
+Standalone Nix is configured through <code>nix.conf</code> (usually found in <code>/etc/nix/</code>). Details on the available options are [https://nixos.org/manual/nix/stable/command-ref/conf-file found in the Nix reference manual].
-<syntaxHighlight lang="nix">
+<!--T:9-->
-nix.useSandbox = true;
+You can also configure Nix using [[Home Manager]], which manages declarative environments for a single user. For system-wide configuration, you can use [https://github.com/numtide/system-manager System Manager] on Linux and [https://github.com/LnL7/nix-darwin nix-darwin] on macOS.
-</syntaxHighlight>
-== Enable sandbox builds on Non-NixOS platforms ==
+== Internals == <!--T:10-->
-In <code>/etc/nix/nix.conf</code> put
+=== Nix store === <!--T:11-->
-<syntaxHighlight lang="nix">
+<!--T:27-->
-build-use-sandbox = true
+{{Split|reason=The nix store is conceptually separate enough that it warrants a separate article.}}
-</syntaxHighlight>
-== Enable sandbox builds for a single build ==
+<!--T:28-->
+Packages built by Nix are placed in the read-only ''Nix store'', normally found in <code>/nix/store</code>. Each package is given a unique address specified by a cryptographic hash followed by the package name and version, for example <code>/nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1</code>. These prefixes hash all the inputs to the build process, including the source files, the full dependency tree, compiler flags, etc. This allows Nix to simultaneously install different versions of the same package, and even different builds of the same version, for example variants built with different compilers. When adding, removing or updating a package, nothing is removed from the store; instead, symlinks to these packages are added, removed or changed in ''profiles''.
-Commands like <code>nix-build</code> or <code>nix-shell</code> accept an option flag for single builds.
+==== Cleaning the Nix store ==== <!--T:29-->
-Suppose you want test a new package called <code>hello</code>, you have added to nixpkgs:
-<syntaxHighlight lang="nix">
+<!--T:30-->
-nix-shell -I nixpkgs=/path/to/nixpkgs --option build-use-sandbox true -p hello
+For information relating to cleaning the Nix store, refer to {{NixOS Manual|name=NixOS Manual: Chapter - Cleaning the Nix Store|anchor=#sec-nix-gc}}.
-</syntaxHighlight>
-= Nix on Linux =
+==== Nix store corruption ==== <!--T:31-->
-This section is about Nix on Non-NixOS Linux distributions.
+<!--T:32-->
+For information relating to fixing a corrupted Nix store, refer to {{NixOS Manual|name=NixOS Manual: Chapter - Nix Store Corruption|anchor=#sec-nix-store-corruption}}.
-== Install Nix for a single user ==
+==== Valid Nix store names ==== <!--T:33-->
-To install Nix from any Linux distribution, use the following two commands (assumes you have the permission to use sudo and you are logged in as the user you want to install Nix for).
+<!--T:34-->
+{{main|Valid Nix store path names}}
-<syntaxHighlight lang="bash">
+=== Profiles === <!--T:13-->
-sudo install -d -m755 -o $USER -g $USER /nix
-curl https://nixos.org/nix/install | sh
-</syntaxHighlight>
-After that being done, you can use all Nix commands as a normal user without any special permissions (for example by using <code>sudo</code>)
+<!--T:14-->
+In order to construct a coherent user or system environment, Nix symlinks entries of the Nix store into ''profiles''. These are the front-end by which Nix allows rollbacks: since the store is immutable and previous versions of profiles are kept, reverting to an earlier state is simply a matter of change the symlink to a previous profile. To be more precise, Nix symlinks binaries into entries of the Nix store representing the user environments. These user environments are then symlinked into labeled profiles stored in <code>/nix/var/nix/profiles</code>, which are in turn symlinked to the user's <code>~/.nix-profile</code>.
-== Common Errors ==
+=== Sandboxing === <!--T:15-->
-=== Bad configuration option: gssapikexalgorithms ===
+<!--T:16-->
+When sandbox builds are enabled, Nix will setup an isolated environment for each build process. It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store.  Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux).
-Found when using an SSH binary from Nix on typically RPM-based distros like CentOS, Fedora, Scientific Linux, Redhat, etc. '''The quick fix:''' Just comment out the configuration option in the ssh config file, you probably don't need it.
+<!--T:17-->
+Sandboxing is enabled by default on Linux, and disabled by default on macOS.
+In pull requests for [https://github.com/NixOS/nixpkgs/ Nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official Hydra builds] sandboxing is also used.
-=== Desktop Environment does not find .desktop files ===
+<!--T:18-->
+To configure Nix for sandboxing, set <code>sandbox = true</code> in <code>/etc/nix/nix.conf</code>; to configure NixOS for sandboxing set <code>nix.useSandbox = true;</code> in <code>configuration.nix</code>. The <code>nix.useSandbox</code> option is <code>true</code> by default since NixOS 17.09.
-IF your DE does not look in <code>$HOME/.nix-profile/share</code> for .desktop files.
+=== Alternative Interpreters === <!--T:19-->
-You need to add that path to the <code>XDG_DATA_DIRS</code>, the position reflects precedence so files in earlier directories shadow files in later directories. This can be accomplished in various ways depending on your login manager, see [https://wiki.archlinux.org/index.php/Xprofile Arch wiki: Xprofile] for more information.
-For example using <code>~/.xprofile</code> as follows:
-<syntaxHighlight lang="bash">
+<!--T:20-->
-export XDG_DATA_DIRS=$HOME/.nix-profile/share:/usr/local/share:/usr/share
+There is an ongoing effort to reimplement Nix, from the ground up, in Rust.
-</syntaxHighlight>
-Notice that you have to include the default locations on your system, otherwise they will be overwritten. Find out the proper paths using <code>echo $XDG_DATA_DIRS</code>. (Note: <code>export XDG_DATA_DIRS=$HOME/.nix-profile/share:$XDG_DATA_DIRS</code> did not work, XDG_DATA_DIRS ended up containing only <code>$HOME/.nix-profile/share:</code> which isn't even a valid path.)
+<!--T:21-->
+* [https://cs.tvl.fyi/depot/-/tree/tvix tvix]
+<!--T:22-->
+There is also a community-led fork of Nix 2.18 named Lix, focused on correctness, usability, and growth. While it has also ported some components of Nix to Rust, it is not a ground-up rewrite like Tvix.
+<!--T:23-->
+* [https://lix.systems/ lix]
-[[Category:Discussion]]
+<!--T:24-->
+Earlier attempts can be found on [https://riir-nix.github.io/ riir-nix]
+<!--T:25-->
+==Notes==
+<references />
+<!--T:26-->
+[[Category:Pedias]]
 [[Category:Nix]]
 [[Category:Incomplete]]
+[[Category:Software]]
+</translate>