Nix (package manager): Difference between revisions

← Older edit Newer edit →

@@ Line 3: / Line 3: @@
 This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager.
+= Sandbox builds =
+When sandbox builds are enabled,
+Nix will setup an isolated environment for each build process.
+It is used in to remove further hidden dependencies set by the build environment to improve reproducibility.
+This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store.
+Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);
+see [https://nixos.org/nix/manual/#description-45 build-use-sandbox] in nix manual for details.
+Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access).
+In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used.
+== Enable sandbox builds in NixOS ==
+In <code>configuration.nix</code> put
+<syntaxHighlight lang="nix">
+nix.useSandbox = true;
+</syntaxHighlight>
+== Enable sandbox builds on Non-NixOS platforms ==
+In <code>/etc/nix/nix.conf</code> put
+<syntaxHighlight lang="nix">
+build-use-sandbox = true
+</syntaxHighlight>
+== Enable sandbox builds for a single build ==
+Commands like <code>nix-build</code> or <code>nix-shell</code> accept an option flag for single builds.
+Suppose you want test a new package called <code>hello</code>, you have added to nixpkgs:
+<syntaxHighlight lang="nix">
+nix-shell -I nixpkgs=/path/to/nixpkgs --option build-use-sandbox true -p hello
+</syntaxHighlight>
 = Nix on Linux =