Nix vs. Linux Standard Base

Revision as of 00:31, 20 September 2021 by imported>Nix (move to pedias category)

This article is a comparison between the way Nix install packages to the filesystem hierarchy, and the Linux Standard Base (LSB) standard which most conventional Linux distributions, package managers and installers follow.

Package Installation

In most distributions, asking for a package to be installed, means having all its files available in the root filesystem (/{,usr}/{bin,etc,lib,sbin,...}).

With Nix, the installed files of a package go into a profile (as if it was a rootfs), and you can have as many profiles as you want. There is the notion of each user having at least one profile, so `~/.nix-profile` points to the last version of the profile the user chose (last generation).

By default, the only part of the system made aware of the contents of the user profile is the PATH. The user PATH is set through bashrc to include `~/.nix-profile/bin`. So, by default, installing a Nix package means "having it in the PATH". A simple operation like nix-env -i firefox is meant to update the nix store, then generate a new profile in the store having all the programs installed plus the new one, and updating the symlink `~/.nix-profile`, so `~/.nix-profile/bin` will contain a symlink to the executable of firefox. Then a user can type firefox and have it running.

If other kind of files are to be found by programs looking at the usual `/{,usr}/{bin,etc,lib,sbin,...}` locations, other variables may be of help. For example, gcc would welcome CPATH and LIBRARY_PATH. And the dynamic loader will welcome LD_LIBRARY_PATH.

Build and install from Source

In most LSB distributions, you ask for the development tools to be installed into the system. And then you also install dependencies of the package you want to build, and then go on building the source you downloaded. The dependencies are found, and your program builds fine.

With Nix, you can install the needed development tools into your profile (gcc-wrapper, gnumake), and the dependencies for the source you want to build (libpng, qt, ...). Once that done, set the environment variables (for gcc): CPATH=~/.nix-profile/include; LIBRARY_PATH=~/.nix-profile/lib; QTDIR=~/nix-profile... And then you should get your build running. In most LSB distributions, you proceed like the section above to build the program, and then run make install to get it into /usr/local, overwritting any files you had there.

Using Nix, if you built your program like the section above, you may end up having /usr/local files depending on dynamic libraries only present in your profile. That situation may require a LD_LIBRARY_PATH variable, or your ld.so.conf pointing to your profile, but this situation can end in your programs not working if you remove those dependencies from your profile. This would be also a problem in your LSB distribution, if you remove uninstall packages required by programs you put manually in /usr/local.

Therefore, it is advisable to use Nix not only for acquiring dependencies, but also for managing the build of your package. In fact, creating an ad-hoc Nix package for the software is often easier, because the standard environment in NixPkgs automatically takes care of issues that could arise because of the differences between the Nix and LSB approaches. For example, a well packaged autotools-based project usually builds successfully after specifying its dependencies in Nix, whereas if you would install the dependencies and try to build it yourself, you will have a hard time.

Workflow

A common situation is that LSB distribution users want to keep their habits, but they additionally want the advantages claimed by nix, to mention some:

  1. rollback
  2. disable any possibility of removing dependencies of an installed program
  3. no side effects to other users (if desired), when installing programs
  4. no effects for the own user (have the program installed in the store, but not referenced in the profile)

That can be achieved only following the nix style. So, letting nix build your program from source, instead of doing that on your own in your interactive shell through profiles. Nix will provide a common build system, with whatever stated dependencies available at build time, and will also provide a target installation directory. This requires knowing how to write simple stdenv derivations, and knowing where to write them.

Modifying a Package

In LSB distributions, after installing a package, you would go to /usr/whatever and edit the files you want to change.

With Nix, any files inside the store (/nix/store, where all nix installed files end up; ~/.nix-profile is a symlink to a store path), are meant to be read-only. That is, nix expects those files only under her control, and it is a requirement to allow rollbacks and reproducibility. Of course the owner of the nix store can change files there, but then you cannot expect rollbacks or reproducibility. "nix-store --verify --check-contents" will tell you if there are files modified in the store (since the creation of each store path). Although modifying a file in the store seems like an easy quick fix, it should be regarded as bad as modifying the memory of a running process, because it has almost all the analogous downsides.

For a discussion of methods to make (durable) changes to Nix packages, see Modifying a Package