Nix (package manager): Difference between revisions
imported>Ixxie No edit summary |
imported>Ixxie No edit summary |
||
Line 2: | Line 2: | ||
This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager. | This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager. Nix parses ''Nix expressions'' specifying reproducible build processes in the [[Nix Expression Language]]; these are pure functions taking dependencies as arguments and producing ''derivation'' specifying a reproducible build environment for the package. | ||
== Usage == | == Usage == | ||
Line 14: | Line 14: | ||
Support for declarative configuration in Nix is limited, and the solutions are somewhat fragmented. The only only configuration file officially associated with Nix is <code>nix.conf</code> (usually found in <code>/etc/nix/</code>), which defines a number of settings relating to how Nix, including build, garbage collection, sandboxing, and user permissions. Details on the available options are found in the [https://nixos.org/nix/manual/#sec-conf-file|nix.conf section of the manual]. Since most scenarios involve using [[Nixpkgs]], configuration of <code>~/.config/nixpkgs/config.nix</code> is often also helpful; here package overrides can be specified. Work on Nix user profiles is well underway, see [https://github.com/NixOS/nixpkgs/pull/9250|PR 9250]. | Support for declarative configuration in Nix is limited, and the solutions are somewhat fragmented. The only only configuration file officially associated with Nix is <code>nix.conf</code> (usually found in <code>/etc/nix/</code>), which defines a number of settings relating to how Nix, including build, garbage collection, sandboxing, and user permissions. Details on the available options are found in the [https://nixos.org/nix/manual/#sec-conf-file|nix.conf section of the manual]. Since most scenarios involve using [[Nixpkgs]], configuration of <code>~/.config/nixpkgs/config.nix</code> is often also helpful; here package overrides can be specified. Work on Nix user profiles is well underway, see [https://github.com/NixOS/nixpkgs/pull/9250|PR 9250]. | ||
== | == Internals == | ||
=== Nix Store === | |||
Packages built by Nix are placed in the read-only ''Nix store'', normally found in <code>/nix/store</code>. Each package is given a unique address specified by a cryptographic hash followed by the package name and version, for example <code>/nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1</code>. These prefixes hash all the inputs to the build process, including the source files, the full dependency tree, compiler flags, etc. This allows Nix to simultaneously install different versions of the same package, and even different builds of the same version, for example variants built with different compilers. | |||
=== Profiles === | |||
=== | === Channels === | ||
=== Sandbox builds === | |||
When sandbox builds are enabled, Nix will setup an isolated environment for each build process. It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store. Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux); see [https://nixos.org/nix/manual/#sec-conf-file nix.conf section] in the Nix manual for details. | |||
Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access). | |||
In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used. | |||
== | To configure Nix for sandboxing set <code>build-use-sandbox = true;</code> in <code>/etc/nix/nix.conf</code>; to configure NixOS for sandboxing set <code>nix.useSandbox = true;</code> in <code>configuration.nix</code>. | ||