Nix (package manager): Difference between revisions

Line 3:

This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager.

== ~~Sandbox builds~~ ==

== Usage ==

~~When sandbox builds are enabled,~~

~~Nix will setup an isolated environment for each build process.~~

~~It is used to remove further hidden dependencies set by the build environment to improve reproducibility.~~

~~This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store.~~

~~Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);~~

~~see [https://nixos.org/nix/manual/#description-45 build-use-sandbox] in nix manual for details.~~

~~Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access).~~

In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used.

~~Depending if you use NixOS or other platforms you can use one of the following methods to enable sandboxing.~~

~~=== Enable sandbox builds in NixOS ===~~

~~In <code>configuration.nix</code> put~~

~~<syntaxHighlight lang="nix">~~

~~nix.useSandbox = true;~~

~~</syntaxHighlight>~~

=== ~~Enable sandbox builds on Non-NixOS platforms~~ ===

=== Installation ===

~~In <code>/etc/nix/nix.conf</code> put~~

~~<syntaxHighlight lang="nix">~~

~~build-use-sandbox = true~~

~~</syntaxHighlight>~~

~~== Nix on Linux~~ ==

This section is about Nix on Non-NixOS Linux distributions.

=== Install Nix for a single user ===

==== Install Nix for a single user ====

To install Nix from any Linux distribution, use the following two commands (assumes you have the permission to use sudo and you are logged in as the user you want to install Nix for).

Line 48:

Line 20:

After that being done, you can use all Nix commands as a normal user without any special permissions (for example by using <code>sudo</code>)

=== Install Nix without root permissions ===

==== Install Nix without root permissions ====

By using [https://github.com/lethalman/nix-user-chroot nix-user-chroot] or [https://github.com/proot-me/PRoot PRoot]

Line 121:

Line 93:

Note that you can only use nix and the installed programs within the shell started by PRoot.

== Sandbox builds ==

When sandbox builds are enabled,

Nix will setup an isolated environment for each build process.

It is used to remove further hidden dependencies set by the build environment to improve reproducibility.

This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store.

Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);

see [https://nixos.org/nix/manual/#description-45 build-use-sandbox] in nix manual for details.

Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access).

In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used.

Depending if you use NixOS or other platforms you can use one of the following methods to enable sandboxing.

=== Enable sandbox builds in NixOS ===

In <code>configuration.nix</code> put

nix.useSandbox = true;

</syntaxHighlight>

=== Enable sandbox builds on Non-NixOS platforms ===

In <code>/etc/nix/nix.conf</code> put

build-use-sandbox = true

</syntaxHighlight>

=== Common Errors ===

@@ Line 3: / Line 3: @@
 This [[:Category:Discussion|discussion]] article is to cover the usage, internals and configuration of the Nix package manager.
-== Sandbox builds ==
+== Usage ==
-When sandbox builds are enabled,
-Nix will setup an isolated environment for each build process.
-It is used to remove further hidden dependencies set by the build environment to improve reproducibility.
-This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store.
-Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);
-see [https://nixos.org/nix/manual/#description-45 build-use-sandbox] in nix manual for details.
-Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access).
-In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used.
-Depending if you use NixOS or other platforms you can use one of the following methods to enable sandboxing.
-=== Enable sandbox builds in NixOS ===
-In <code>configuration.nix</code> put
-<syntaxHighlight lang="nix">
-nix.useSandbox = true;
-</syntaxHighlight>
-=== Enable sandbox builds on Non-NixOS platforms ===
+=== Installation ===
-In <code>/etc/nix/nix.conf</code> put
-<syntaxHighlight lang="nix">
-build-use-sandbox = true
-</syntaxHighlight>
-== Nix on Linux ==
 This section is about Nix on Non-NixOS Linux distributions.
-=== Install Nix for a single user ===
+==== Install Nix for a single user ====
 To install Nix from any Linux distribution, use the following two commands (assumes you have the permission to use sudo and you are logged in as the user you want to install Nix for).
@@ Line 48: / Line 20: @@
 After that being done, you can use all Nix commands as a normal user without any special permissions (for example by using <code>sudo</code>)
-=== Install Nix without root permissions ===
+==== Install Nix without root permissions ====
 By using [https://github.com/lethalman/nix-user-chroot nix-user-chroot] or [https://github.com/proot-me/PRoot PRoot]
@@ Line 121: / Line 93: @@
 Note that you can only use nix and the installed programs within the shell started by PRoot.
+== Sandbox builds ==
+When sandbox builds are enabled,
+Nix will setup an isolated environment for each build process.
+It is used to remove further hidden dependencies set by the build environment to improve reproducibility.
+This includes access to the network during the build outside of <code>fetch*</code> functions and files outside the Nix store.
+Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux);
+see [https://nixos.org/nix/manual/#description-45 build-use-sandbox] in nix manual for details.
+Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example <code>npm install</code> will not work due missing network access).
+In pull requests for [https://github.com/NixOS/nixpkgs/ nixpkgs] people are asked to test builds with sandboxing enabled (see <code>Tested using sandboxing</code> in the pull request template) because in [https://nixos.org/hydra/ official hydra builds] sandboxing is also used.
+Depending if you use NixOS or other platforms you can use one of the following methods to enable sandboxing.
+=== Enable sandbox builds in NixOS ===
+In <code>configuration.nix</code> put
+<syntaxHighlight lang="nix">
+nix.useSandbox = true;
+</syntaxHighlight>
+=== Enable sandbox builds on Non-NixOS platforms ===
+In <code>/etc/nix/nix.conf</code> put
+<syntaxHighlight lang="nix">
+build-use-sandbox = true
+</syntaxHighlight>
 === Common Errors ===