FAQ/Pinning Nixpkgs: Difference between revisions

From NixOS Wiki
imported>Grahamc
First load, testing newlines.
 
imported>Grahamc
Complete the page on pinning and patching Nixpkgs.
Line 9: Line 9:
host Nixpkgs is using a very stable API, and will be thrown away as
host Nixpkgs is using a very stable API, and will be thrown away as
soon as we are done importing the pinned version of Nixpkgs.
soon as we are done importing the pinned version of Nixpkgs.
Where before you would use <code>pkgs = import <nixpkgs> {}</code>
(which uses the host's Nixpkgs version) you can pin to an exact
version of Nixpkgs by instead using:
<syntaxhighlight lang="nix">
pkgs = let
  hostPkgs = import <nixpkgs> {};
  pinnedPkgs = hostPkgs.fetchFromGitHub {
    owner = "NixOS";
    repo = "nixpkgs-channels";
    # nixos-unstable as of 2017-11-13T08:53:10-00:00
    rev = "ac355040656de04f59406ba2380a96f4124ebdad";
    sha256 = "0frhc7mnx88sird6ipp6578k5badibsl0jfa22ab9w6qrb88j825";
  };
in import pinnedPkgs {};
</syntaxhighlight>
This can also be instead used to pull nixpkgs from an internal fork of
Nixpkgs, with your own changes on top. Note, however, as it stands
Nix 1.11 has difficulties fetching repositories which require
authentication, this is to be fixed in Nix 1.12.
The package <code>nix-prefetch-git</code> can be used to automatically
calculate the current version and hash of a branch, and output the
information to a file:
<syntaxhighlight>
$ nix-shell -p nix-prefetch-git
[nix-shell:~]$ nix-prefetch-git https://github.com/nixos/nixpkgs-channels.git refs/heads/nixos-unstable > nixpkgs-version.json
...
[nix-shell:~]$ cat nixpkgs-version.json
{
  "url": "https://github.com/nixos/nixpkgs-channels.git",
  "rev": "f607771d0f5e4fa905afff1c772febd9f3103e1a",
  "date": "2018-01-09T11:18:25-05:00",
  "sha256": "1icphqpdcl8akqhfij2pxkfr7wfn86z5sr3jdjh88p9vv1550dx7",
  "fetchSubmodules": true
}
</syntaxhighlight>
This file can then be used to specify the version of Nixpkgs:
<syntaxhighlight lang="nix">
pkgs = let
  hostPkgs = import <nixpkgs> {};
  pinnedVersion = hostPkgs.lib.importJSON ./nixpkgs-version.json
  pinnedPkgs = hostPkgs.fetchFromGitHub {
    owner = "NixOS";
    repo = "nixpkgs-channels";
    inherit (pinnedVersion) rev sha256;
  };
in import pinnedPkgs {};
</syntaxhighlight>
Finally, this can be taken a step further, and you can apply extra
patches to the pinned version of Nixpkgs, for perhaps PRs that are not
yet merged, or private internal changes that you need. If you take
this route, probably best to move the following in to its own file
that you then import.
<syntaxhighlight lang="nix">
pkgs = let
  hostPkgs = import <nixpkgs> {};
  pinnedVersion = hostPkgs.lib.importJSON ./nixpkgs-version.json
  pinnedPkgs = hostPkgs.fetchFromGitHub {
    owner = "NixOS";
    repo = "nixpkgs-channels";
    inherit (pinnedVersion) rev sha256;
  };
  patches = [
    ./patches/0001-my-nixpkgs-change.patch
  ];
  patchedPkgs = hostPkgs.runCommand "nixpkgs-${pinnedVersion.rev}"
    {
      inherit pinnedPkgs;
      inherit patches;
    }
    ''
      cp -r $pinnedPkgs $out
      chmod -R +w $out
      for p in $patches; do
        echo "Applying patch $p";
        patch -d $out -p1 < "$p";
      done
    '';
in import patchedPkgs {};
</syntaxhighlight>

Revision as of 16:27, 11 January 2018

It is possible (and indeed, fairly easy) to pin a specific version of Nixpkgs. This can be used to upgrade individual applications separately on their own terms, and to ensure their deployability is not impacted by other systems' requirements.

For example, the following code uses the host's Nixpkgs as a springboard to fetch and import a specific, pinned version of Nixpkgs. This is safe because the specific code we're using from the variable host Nixpkgs is using a very stable API, and will be thrown away as soon as we are done importing the pinned version of Nixpkgs.

Where before you would use pkgs = import <nixpkgs> {} (which uses the host's Nixpkgs version) you can pin to an exact version of Nixpkgs by instead using:


pkgs = let
  hostPkgs = import <nixpkgs> {};
  pinnedPkgs = hostPkgs.fetchFromGitHub {
    owner = "NixOS";
    repo = "nixpkgs-channels";
    # nixos-unstable as of 2017-11-13T08:53:10-00:00
    rev = "ac355040656de04f59406ba2380a96f4124ebdad";
    sha256 = "0frhc7mnx88sird6ipp6578k5badibsl0jfa22ab9w6qrb88j825";
  };
in import pinnedPkgs {};

This can also be instead used to pull nixpkgs from an internal fork of Nixpkgs, with your own changes on top. Note, however, as it stands Nix 1.11 has difficulties fetching repositories which require authentication, this is to be fixed in Nix 1.12.

The package nix-prefetch-git can be used to automatically calculate the current version and hash of a branch, and output the information to a file:

$ nix-shell -p nix-prefetch-git
 
[nix-shell:~]$ nix-prefetch-git https://github.com/nixos/nixpkgs-channels.git refs/heads/nixos-unstable > nixpkgs-version.json
 
...
 
[nix-shell:~]$ cat nixpkgs-version.json
{
  "url": "https://github.com/nixos/nixpkgs-channels.git",
  "rev": "f607771d0f5e4fa905afff1c772febd9f3103e1a",
  "date": "2018-01-09T11:18:25-05:00",
  "sha256": "1icphqpdcl8akqhfij2pxkfr7wfn86z5sr3jdjh88p9vv1550dx7",
  "fetchSubmodules": true
}

This file can then be used to specify the version of Nixpkgs:

pkgs = let
   hostPkgs = import <nixpkgs> {};
   pinnedVersion = hostPkgs.lib.importJSON ./nixpkgs-version.json
   pinnedPkgs = hostPkgs.fetchFromGitHub {
     owner = "NixOS";
     repo = "nixpkgs-channels";
     inherit (pinnedVersion) rev sha256;
   };
 in import pinnedPkgs {};

Finally, this can be taken a step further, and you can apply extra patches to the pinned version of Nixpkgs, for perhaps PRs that are not yet merged, or private internal changes that you need. If you take this route, probably best to move the following in to its own file that you then import.

pkgs = let
   hostPkgs = import <nixpkgs> {};
   pinnedVersion = hostPkgs.lib.importJSON ./nixpkgs-version.json
   pinnedPkgs = hostPkgs.fetchFromGitHub {
     owner = "NixOS";
     repo = "nixpkgs-channels";
     inherit (pinnedVersion) rev sha256;
   };
 
   patches = [
     ./patches/0001-my-nixpkgs-change.patch
   ];
 
   patchedPkgs = hostPkgs.runCommand "nixpkgs-${pinnedVersion.rev}"
     {
       inherit pinnedPkgs;
       inherit patches;
     }
     ''
       cp -r $pinnedPkgs $out
       chmod -R +w $out
       for p in $patches; do
         echo "Applying patch $p";
         patch -d $out -p1 < "$p";
       done
     '';
 in import patchedPkgs {};