Nix is a package manager and build system that parses reproducible build instructions specified in the [[Nix Expression Language]], a pure functional language with lazy evaluation. Nix expressions are pure functions<ref>Values cannot change during computation. Functions always produce the same output if their input does not change. </ref>taking dependencies as arguments and producing a ''[[Derivations|derivation]]'' specifying a reproducible build environment for the package. Nix stores the results of the build in unique addresses specified by a hash of the complete dependency tree, creating an immutable package store (aka the [[#Nix store|nix store]]) that allows for atomic upgrades, rollbacks and concurrent installation of different versions of a package, essentially eliminating [https://en.wikipedia.org/wiki/Dependency_hell dependency hell].
If you intend to utilize Nix on a different Linux distribution or a Mac computer, you can perform a standalone installation: The [https://nixos.org/manual/nix/stable/installation/installation installation section of the Nix manual] describes the installation of standalone Nix from binary or source.
The [[Nix command|Nix commands]] are documented in the [https://nixos.org/manual/nix/stable/command-ref/command-ref Nix reference manual]: main commands, utilities and experimental commands. Prior to version 2.0 (released in February 2018) there have been different commands.
Standalone Nix is configured through <code>nix.conf</code> (usually found in <code>/etc/nix/</code>), which defines a number of settings relating to evaluation, builds, garbage collection, sandboxing, and user permissions. Details on the available options are [https://nixos.org/manual/nix/stable/command-ref/conf-file found in the Nix reference manual].
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
你也可以使用 [[Home Manager]] 配置 Nix,它为单用户管理声明式环境。对于系统范围的配置,可以在 Linux 上使用 [https://github.com/numtide/system-manager System Manager],在 macOS 上使用 [https://github.com/LnL7/nix-darwin nix-darwin]。
Even further configuration is possible with [[Home Manager]] to manage declarative environments for a single user. For system-wide configuration on Linux, you can use [https://github.com/numtide/system-manager System Manager]. For system-wide configuration on macOS, [https://github.com/LnL7/nix-darwin nix-darwin] is the preferred solution.
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
<span id="Internals"></span>
== Internals ==
== 内部组成 ==
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
=== Nix store ===
=== Nix store ===
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
{{Split|reason=nix store 在概念上有足够的独立性,值得单独成文。}}
Packages built by Nix are placed in the read-only ''Nix store'', normally found in <code>/nix/store</code>. Each package is given a unique address specified by a cryptographic hash followed by the package name and version, for example <code>/nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1</code>. These prefixes hash all the inputs to the build process, including the source files, the full dependency tree, compiler flags, etc. This allows Nix to simultaneously install different versions of the same package, and even different builds of the same version, for example variants built with different compilers. When adding, removing or updating a package, nothing is removed from the store; instead, symlinks to these packages are added, removed or changed in ''profiles''.
有关修复 Nix store 损坏的信息,请参阅 {{NixOS Manual|name=NixOS 手册:章节 - Nix store 损坏|anchor=#sec-nix-store-corruption}}。
<span id="Valid_Nix_store_names"></span>
==== 有效的 Nix store 名称 ====
{{main|Valid Nix store path names}}
<div lang="en" dir="ltr" class="mw-content-ltr">
=== Profiles ===
=== Profiles ===
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
為了構建一個一致的用戶和系統環境,Nix 會將 Nix store 中的條目符號連結到 ''profiles'' 中。這是 Nix 實現回滾的前端:由於 store 是不可變的且保留先前版本的 profile,將系統還原到先前的狀態只需簡單地將符號連結更改為先前的 profile。更精確地說,Nix 將二進位檔符號連結到 Nix store 中代表用戶環境的條目中。這些用戶環境隨後被符號連結到儲存在 <code>/nix/var/nix/profiles</code> 中被標注的 profile,而它們則進一步符號連結到使用者的 <code>~/.nix-profile</code>。
In order to construct a coherent user or system environment, Nix symlinks entries of the Nix store into ''profiles''. These are the front-end by which Nix allows rollbacks: since the store is immutable and previous versions of profiles are kept, reverting to an earlier state is simply a matter of change the symlink to a previous profile. To be more precise, Nix symlinks binaries into entries of the Nix store representing the user environments. These user environments are then symlinked into labeled profiles stored in <code>/nix/var/nix/profiles</code>, which are in turn symlinked to the user's <code>~/.nix-profile</code>.
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
<span id="Sandboxing"></span>
=== Sandboxing ===
=== 沙盒 ===
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
启用沙盒构建后,Nix 将为每个构建过程设置一个隔离环境。这用于移除构建环境中的的其它隐藏依赖项,以提高构建结果的可复现性。这包括在构建过程中对 <code>fetch*</code> 函数之外的网络访问,以及对 Nix Store 之外的文件访问的不可行。根据操作系统的不同,对其他资源的访问也会被阻止(例如,在 Linux 上,进程间通信也是被隔离的)。
When sandbox builds are enabled, Nix will setup an isolated environment for each build process. It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store. Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux); see [https://nixos.org/nix/manual/#sec-conf-file nix.conf section] in the Nix manual for details.
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
沙盒在 Linux 上預設是開啟的,在 macOS 上則否。
Sandboxing is enabled by default on Linux, and disabled by default on macOS.
In pull requests for [https://github.com/NixOS/nixpkgs/ Nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official Hydra builds] sandboxing is also used.
To configure Nix for sandboxing, set <code>sandbox = true</code> in <code>/etc/nix/nix.conf</code>; to configure NixOS for sandboxing set <code>nix.useSandbox = true;</code> in <code>configuration.nix</code>. The <code>nix.useSandbox</code> option is <code>true</code> by default since NixOS 17.09.
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
<span id="Alternative_Interpreters"></span>
=== Alternative Interpreters ===
=== 可选的解释器 ===
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
目前正在進行一項計畫,從零開始使用 Rust 重新實作 Nix。
There is an ongoing effort to reimplement Nix, from the ground up, in Rust.
There is also a community-led fork of Nix 2.18 named Lix, focused on correctness, usability, and growth. While it has also ported some components of Nix to Rust, it is not a ground-up rewrite like Tvix.
This section is a candidate for splitting off into a separate article. nix store 在概念上有足够的独立性,值得单独成文。 For more information, consult the related discussion page.
為了構建一個一致的用戶和系統環境,Nix 會將 Nix store 中的條目符號連結到 profiles 中。這是 Nix 實現回滾的前端:由於 store 是不可變的且保留先前版本的 profile,將系統還原到先前的狀態只需簡單地將符號連結更改為先前的 profile。更精確地說,Nix 將二進位檔符號連結到 Nix store 中代表用戶環境的條目中。這些用戶環境隨後被符號連結到儲存在 /nix/var/nix/profiles 中被標注的 profile,而它們則進一步符號連結到使用者的 ~/.nix-profile。
沙盒
启用沙盒构建后,Nix 将为每个构建过程设置一个隔离环境。这用于移除构建环境中的的其它隐藏依赖项,以提高构建结果的可复现性。这包括在构建过程中对 fetch* 函数之外的网络访问,以及对 Nix Store 之外的文件访问的不可行。根据操作系统的不同,对其他资源的访问也会被阻止(例如,在 Linux 上,进程间通信也是被隔离的)。
沙盒在 Linux 上預設是開啟的,在 macOS 上則否。
在 Nixpkgs 的提取請求 (pull request) 中,請開啟沙盒模式進行測試(請見提取請求模版中的 Tested using sandboxing),因為在 官方 Hydra 構建中,沙盒會被使用。
