Nix package manager: Difference between revisions
imported>Mic92 |
imported>Mic92 how to use sandbox builds |
||
| Line 3: | Line 3: | ||
This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager. | This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager. | ||
= Sandbox builds = | |||
When sandbox builds are enabled, | |||
Nix will setup an isolated environment for each build process. | |||
It is used in to remove further hidden dependencies set by the build environment to improve reproducibility. | |||
This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store. | |||
Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux); | |||
see [https://nixos.org/nix/manual/#description-45 build-use-sandbox] in nix manual for details. | |||
Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access). | |||
In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used. | |||
== Enable sandbox builds in NixOS == | |||
In <code>configuration.nix</code> put | |||
<syntaxHighlight lang="nix"> | |||
nix.useSandbox = true; | |||
</syntaxHighlight> | |||
== Enable sandbox builds on Non-NixOS platforms == | |||
In <code>/etc/nix/nix.conf</code> put | |||
<syntaxHighlight lang="nix"> | |||
build-use-sandbox = true | |||
</syntaxHighlight> | |||
== Enable sandbox builds for a single build == | |||
Commands like <code>nix-build</code> or <code>nix-shell</code> accept an option flag for single builds. | |||
Suppose you want test a new package called <code>hello</code>, you have added to nixpkgs: | |||
<syntaxHighlight lang="nix"> | |||
nix-shell -I nixpkgs=/path/to/nixpkgs --option build-use-sandbox true -p hello | |||
</syntaxHighlight> | |||
= Nix on Linux = | = Nix on Linux = | ||
Revision as of 09:48, 25 August 2017
This discussion article is to cover the usage, internals and configuration of the Nix package manager.
Sandbox builds
When sandbox builds are enabled,
Nix will setup an isolated environment for each build process.
It is used in to remove further hidden dependencies set by the build environment to improve reproducibility.
This includes access to the network during the build outside of fetch* functions and files outside the Nix store.
Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);
see build-use-sandbox in nix manual for details.
Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example npm install will not work due missing network access).
In pull requests for nixpkgs people are asked to test builds with sandboxing enabled (see Tested using sandboxing in the pull request template) because in official hydra builds sandboxing is also used.
Enable sandbox builds in NixOS
In configuration.nix put
nix.useSandbox = true;
Enable sandbox builds on Non-NixOS platforms
In /etc/nix/nix.conf put
build-use-sandbox = true
Enable sandbox builds for a single build
Commands like nix-build or nix-shell accept an option flag for single builds.
Suppose you want test a new package called hello, you have added to nixpkgs:
nix-shell -I nixpkgs=/path/to/nixpkgs --option build-use-sandbox true -p hello
Nix on Linux
Install Nix for a single user
To install Nix from any Linux distribution, use the following two commands (assumes you have the permission to use sudo and you are logged in as the user you want to install Nix for).
sudo install -d -m755 -o $USER -g $USER /nix
curl https://nixos.org/nix/install | sh
After that being done, you can use all Nix commands as a normal user without any special permissions (for example by using sudo)
Common Errors
Bad configuration option: gssapikexalgorithms
Found when using an SSH binary from Nix on typically RPM-based distros like CentOS, Fedora, Scientific Linux, Redhat, etc. The quick fix: Just comment out the configuration option in the ssh config file, you probably don't need it.