Nix 軟體包管理器

From NixOS Wiki
Revision as of 02:18, 10 March 2025 by X807x (talk | contribs) (Created page with "== 內部組成 ==")

Nix 是一個軟體包管理器和建造系統,它會分析可重現的建造指令由 Nix 表達式語言 撰寫 (一個純函式化的延遲求值語言)。Nix 表達式是純函式的[1],將依賴當作變數並產生一個 衍生物 為套件指定一個可重現的建置環境。 Nix 將建成的結果儲存在一個由雜湊整個相依樹指定的地址中,建立一個不可改變的套件商店(又或是 nix 商店),它允許原子升級 (atomic upgrade)、回滾 (rollback)和多版本並存,從本質上消滅 相依性地獄

用法

安裝

NixOS: Nix 已經在你安裝 NixOS 時被安裝。

如果你打算使用 Nix 並在不同的 Linux 發行版或蘋果電腦上,那你可以進行獨立安裝:Nix 手冊中的安裝階段 說明的如何從二進檔或原始碼進行獨立 Nix 安裝。

Nix 指令

Nix 指令 的說明在 Nix 參考手冊: 主要指令、用途和實驗性指令。 在 2.0 版本(於 2018 年二月釋出)以前有不同的指令。

系統設定

在 NixOS,Nix 是由 nix 選項 設定。

獨立 Nix 由 nix.conf(通常在 /etc/nix/ 被找到)設定,它定義一系列關於評估、建造、資源回收、沙盒及用戶權限的設定。更多細節就在 Nix 參考手冊 中。

Even further configuration is possible with Home Manager to manage declarative environments for a single user. For system-wide configuration on Linux, you can use System Manager. For system-wide configuration on macOS, nix-darwin is the preferred solution.

內部組成

Nix store

Packages built by Nix are placed in the read-only Nix store, normally found in /nix/store. Each package is given a unique address specified by a cryptographic hash followed by the package name and version, for example /nix/store/nawl092prjblbhvv16kxxbk6j9gkgcqm-git-2.14.1. These prefixes hash all the inputs to the build process, including the source files, the full dependency tree, compiler flags, etc. This allows Nix to simultaneously install different versions of the same package, and even different builds of the same version, for example variants built with different compilers. When adding, removing or updating a package, nothing is removed from the store; instead, symlinks to these packages are added, removed or changed in profiles.

Profiles

In order to construct a coherent user or system environment, Nix symlinks entries of the Nix store into profiles. These are the front-end by which Nix allows rollbacks: since the store is immutable and previous versions of profiles are kept, reverting to an earlier state is simply a matter of change the symlink to a previous profile. To be more precise, Nix symlinks binaries into entries of the Nix store representing the user environments. These user environments are then symlinked into labeled profiles stored in /nix/var/nix/profiles, which are in turn symlinked to the user's ~/.nix-profile.

Sandboxing

When sandbox builds are enabled, Nix will setup an isolated environment for each build process. It is used to remove further hidden dependencies set by the build environment to improve reproducibility. This includes access to the network during the build outside of fetch* functions and files outside the Nix store. Depending on the operating system access to other resources are blocked as well (ex. inter process communication is isolated on Linux); see nix.conf section in the Nix manual for details.

Sandboxing is enabled by default on Linux, and disabled by default on macOS. In pull requests for Nixpkgs people are asked to test builds with sandboxing enabled (see Tested using sandboxing in the pull request template) because in official Hydra builds sandboxing is also used.

To configure Nix for sandboxing, set sandbox = true in /etc/nix/nix.conf; to configure NixOS for sandboxing set nix.useSandbox = true; in configuration.nix. The nix.useSandbox option is true by default since NixOS 17.09.

Alternative Interpreters

There is an ongoing effort to reimplement Nix, from the ground up, in Rust.

There is also a community-led fork of Nix 2.18 named Lix, focused on correctness, usability, and growth. While it has also ported some components of Nix to Rust, it is not a ground-up rewrite like Tvix.

Earlier attempts can be found on riir-nix

Notes

  1. 數值在計算過程中不能改變。 函式總是輸出相同的值只要他們的輸入不變。


Retrieved from "https://wiki.nixos.org/w/index.php?title=Nix_package_manager/zh-tw&oldid=20663"