Nix package manager

From NixOS Wiki
Revision as of 14:28, 25 November 2017 by imported>Ixxie


This discussion article is to cover the usage, internals and configuration of the Nix package manager.

Usage

Installation

The installation section of the Nix manual describes how to install Nix from binary or source on Linux and Mac systems for a user with root privileges; it is easiest to install Nix for a single user, but steps are also included for setting up a multiuser installation. For an extensive guide on various methods for installing Nix - including how to install Nix without root privileges - see the Nix Installation Guide.

Declarative Configuration

Support for declarative configuration in Nix is limited, and the solutions are somewhat fragmented. The only only configuration file officially associated with Nix is nix.conf (usually found in /etc/nix/), which defines a number of settings relating to how Nix, including build, garbage collection, sandboxing, and user permissions. Details on the available options are found in the section of the manual.

Sandbox builds

When sandbox builds are enabled, Nix will setup an isolated environment for each build process. It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of fetch* functions and files outside the Nix store. Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux); see build-use-sandbox in nix manual for details.

Sandboxes are not enabled by default in Nix as there are cases where it makes building packages harder (for example npm install will not work due missing network access). In pull requests for nixpkgs people are asked to test builds with sandboxing enabled (see Tested using sandboxing in the pull request template) because in official hydra builds sandboxing is also used.

To configure Nix for sandboxing set build-use-sandbox = true; in /etc/nix/nix.conf; to configure NixOS for sandboxing set nix.useSandbox = true; in configuration.nix.

Internals

Nix Store

Nix parses Nix expressions written in the Nix Expression Language; these are pure functions taking dependencies as arguments and producing derivation specifying a reproducible build environment for the package. The package is then built the Nix store, receiving a unique address specified by a cryptographic hash of the build's dependency graph followed by the package name and version, for example /nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1. This allows Nix to simultaneously install different versions of the same package, and even different builds of the same version, for example variants built with different compilers.

Profiles

Channels

Garbage Collection