Jump to content

Ca-derivations: Difference between revisions

From NixOS Wiki
VisualWikitext
imported>Regnat
Created page with "'''ca derivations''' (or more formally ''Floating content-addressed derivations'') is an upcoming feature of the Nix package manager. Without entering too much into the detai..."
 
The NGI0 Cache doesn't exist since at least summer of 2024
 
(10 intermediate revisions by 6 users not shown)
Line 12: Line 12:


<syntaxhighlight lang="nix">{ pkgs, ... }: {
<syntaxhighlight lang="nix">{ pkgs, ... }: {
   nix = {
   nix.settings.experimental-features = [
    package = pkgs.nixUnstable;
    "ca-derivations"
    extraOptions = ''
  ];
      experimental-features = ca-derivations ca-references
    '';
  };
}</syntaxhighlight>
}</syntaxhighlight>
=== Non NixOS ===
=== Non NixOS ===


TODO
Make sure the file `/etc/nix/nix.conf` exists and contains the following:
 
<syntaxhighlight lang="ini">
experimental-features = ca-derivations
</syntaxhighlight>


== Using CA derivations ==
== Using CA derivations ==


The feature is currently opt-in, meaning that each derivation must individually be marked as content-addressed. When using <code>nixpkgs-unstable</code>, this can be done by setting <code>__contentAddressed = true</code> in the call to mkDerivation.
The feature is opt-in, meaning that each derivation must individually be marked as content-addressed. When using <code>nixpkgs-unstable</code>, this can be done by setting <code>__contentAddressed = true</code> in the call to mkDerivation.


It is also possible to mark all the derivations as content-addressed by default, by passing <code>config.contentAddressedByDefault = true</code> as argument to nixpkgs.
It is also possible to mark all the derivations as content-addressed by default, by passing <code>config.contentAddressedByDefault = true</code> as argument to nixpkgs.
Be warned that although there’s a [https://hydra.ngi0.nixos.org/jobset/ca-test/nixpkgs hydra instance testing ''some stuff''], it’s not a channel blocker, and [https://cache.ngi0.nixos.org its associated binary cache] won’t contain nearly as many things as <code>cache.nixos.org</code>. So doing so will probably entail rebuilding most of your system yourself, and you ''might'' encounter some unexpected breakages.
To use the binary cache <code>cache.ngi0.nixos.org</code> to speed up your builds, merge the following into your <code>nix.conf</code>:
<pre>substituters = https://cache.ngi0.nixos.org/
trusted-public-keys = cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=</pre>
== Ensuring that a derivation is properly content-addressed ==
== Ensuring that a derivation is properly content-addressed ==


Line 43: Line 37:
$ nix path-info --sigs ./result
$ nix path-info --sigs ./result
/nix/store/988jq9bj7s336q48bzdaamcl90k5g1yw-vim-8.2.2567    ca:fixed:r:sha256:0z37vk3ndszn3p2in3li6rk3kln1lfqd9b6vl6w0qhkn7bixqibc</syntaxhighlight>
/nix/store/988jq9bj7s336q48bzdaamcl90k5g1yw-vim-8.2.2567    ca:fixed:r:sha256:0z37vk3ndszn3p2in3li6rk3kln1lfqd9b6vl6w0qhkn7bixqibc</syntaxhighlight>
== Links ==
Tweag + Nix dev update #12: https://discourse.nixos.org/t/tweag-nix-dev-update-12/13185/3
[[Category:Nix]]

Latest revision as of 17:42, 18 September 2025

ca derivations (or more formally Floating content-addressed derivations) is an upcoming feature of the Nix package manager.

Without entering too much into the details − this blog post or the relevant section in Eelco’s PhD thesis provide a more detailed explanation of the underlying idea and its consequences − content-addressed Nix is an extension of the Nix model bringing several new possibilities. In particular, it enables “early cutoff” (stopping a rebuild if it can be proved that the end-result will be the same as something already known), which could reduce hydra’s (and yours) load and storage a lot. It also changes the Trust model of Nix, allowing for example several users to share the same store without trusting each other.

Setting-up Nix for CA derivations

Being still an experimental feature, CA derivations are currently only available on unstable Nix versions, and require an explicit opt-in.

On NixOS

In NixOS this can be achieved with the following options in configuration.nix. 

{ pkgs, ... }: {
   nix.settings.experimental-features = [
    "ca-derivations"
  ];
}

Non NixOS

Make sure the file `/etc/nix/nix.conf` exists and contains the following: 

experimental-features = ca-derivations

Using CA derivations

The feature is opt-in, meaning that each derivation must individually be marked as content-addressed. When using nixpkgs-unstable, this can be done by setting __contentAddressed = true in the call to mkDerivation.

It is also possible to mark all the derivations as content-addressed by default, by passing config.contentAddressedByDefault = true as argument to nixpkgs.

Ensuring that a derivation is properly content-addressed

Once a derivation has been built, one can check that it is indeed content-addressed by running nix path-info --sigs {outPath}. If this yields a line containing ca:fixed:r:…, then it means that the path is indeed content-addressed (and as such is trusted by your system). For example: 

$ nix-build '<nixpkgs>' --arg config '{ contentAddressedByDefault = true; }' -A vim
/nix/store/988jq9bj7s336q48bzdaamcl90k5g1yw-vim-8.2.2567
$ nix path-info --sigs ./result
/nix/store/988jq9bj7s336q48bzdaamcl90k5g1yw-vim-8.2.2567    ca:fixed:r:sha256:0z37vk3ndszn3p2in3li6rk3kln1lfqd9b6vl6w0qhkn7bixqibc

Tweag + Nix dev update #12: https://discourse.nixos.org/t/tweag-nix-dev-update-12/13185/3

Retrieved from "https://wiki.nixos.org/w/index.php?title=Ca-derivations&oldid=26412"