Nix包管理器
Nix是一個包管理器和構建系統, 解析用 Nix表達式語言 (惰性求值的純函數式語言) 指定的可再現的構建指令. Nix表達式是純函數[1], 接受依賴作為參數,並為包產生一個指定了可再現的構建環境的 derivation . Nix把構建的結果存儲在由完整依賴樹的哈希值指定的唯一地址中, 創建了一個不可變的包存儲 (即nix存儲), 這使得原子升級, 回滾, 以及不同版本的包的同時安裝成為可能, 從根本上消除了依賴地獄.
用法
安裝
NixOS: 當你在安裝NixOS時, Nix就已經安裝好了.
如果你想在另一個Linux發行版或一台Mac電腦上使用Nix, 你可以進行獨立安裝: Nix手冊的安裝部分講述了從二進制文件或原始碼的獨立的Nix安裝過程
Nix命令
Nix命令被記錄在Nix參考手冊: 主要命令, 工具命令和實驗性命令. 在2.0版本(於2018年2月發佈)之前, 命令有所不同.
配置
在NixOS上, Nix通過nix 選項進行配置.
獨立的Nix的配置需要通過nix.conf (通常位於 /etc/nix/), 它定義了一系列和求值,構建,垃圾回收,沙盒,以及用戶權限的設置. 這些可用選項的細節可在Nix參考手冊中找到.
單用戶可使用 Home Manager 進一步配置對聲明式環境的管理. 對於Linux上的系統級配置, 你可以使用 System Manager. 對於macOS上的系統級配置, nix-darwin 是更佳的解決方案.
Internals
Nix存儲
由Nix構建的軟件包被放在只讀的Nix存儲, 通常位於/nix/store. 每個軟件包會被賦予一個由加密hash值指定的獨一無二的地址, 該地址位於軟件包名稱和版本之後, 例如/nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1. 這些前綴的哈希處理使用到了對構建過程的所有輸入, 包括源文件, 完整依賴關係樹, 編譯器標誌, 等等. 這讓Nix可以同時安裝同一軟件包的不同版本, 甚至同一版本的不同構建, 比如由不同的編譯器構建的變體. . When adding, removing or updating a package, nothing is removed from the store; instead, symlinks to these packages are added, removed or changed in profiles.
Profiles
In order to construct a coherent user or system environment, Nix symlinks entries of the Nix store into profiles. These are the front-end by which Nix allows rollbacks: since the store is immutable and previous versions of profiles are kept, reverting to an earlier state is simply a matter of change the symlink to a previous profile. To be more precise, Nix symlinks binaries into entries of the Nix store representing the user environments. These user environments are then symlinked into labeled profiles stored in /nix/var/nix/profiles, which are in turn symlinked to the user's ~/.nix-profile.
Sandboxing
When sandbox builds are enabled, Nix will setup an isolated environment for each build process. It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of fetch* functions and files outside the Nix store. Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux); see nix.conf section in the Nix manual for details.
Sandboxing is enabled by default on Linux, and disabled by default on macOS.
In pull requests for Nixpkgs people are asked to test builds with sandboxing enabled (see Tested using sandboxing in the pull request template) because in official Hydra builds sandboxing is also used.
To configure Nix for sandboxing, set sandbox = true in /etc/nix/nix.conf; to configure NixOS for sandboxing set nix.useSandbox = true; in configuration.nix. The nix.useSandbox option is true by default since NixOS 17.09.
Alternative Interpreters
There is an ongoing effort to reimplement Nix, from the ground up, in Rust.
There is also a community-led fork of Nix 2.18 named Lix, focused on correctness, usability, and growth. While it has also ported some components of Nix to Rust, it is not a ground-up rewrite like Tvix.
Earlier attempts can be found on riir-nix
Notes
- ↑ 計算過程中,值不可改變. 當函數的輸入不變時,函數總是輸出相同的結果.