Remove DocBook manual

This commit is contained in:
Eelco Dolstra 2020-07-24 15:48:40 +02:00
parent 05a282295f
commit 1308c8404e
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
109 changed files with 0 additions and 18547 deletions

5
.gitignore vendored
View file

@ -22,14 +22,9 @@ perl/Makefile.config
/corepkgs/nar/unnar.sh /corepkgs/nar/unnar.sh
# /doc/manual/ # /doc/manual/
/doc/manual/manual.html
/doc/manual/manual.xmli
/doc/manual/manual.pdf
/doc/manual/manual.is-valid
/doc/manual/*.1 /doc/manual/*.1
/doc/manual/*.5 /doc/manual/*.5
/doc/manual/*.8 /doc/manual/*.8
/doc/manual/version.txt
# /scripts/ # /scripts/
/scripts/nix-profile.sh /scripts/nix-profile.sh

View file

@ -1,14 +0,0 @@
<part xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="part-advanced-topics"
version="5.0">
<title>Advanced Topics</title>
<xi:include href="distributed-builds.xml" />
<xi:include href="cores-vs-jobs.xml" />
<xi:include href="diff-hook.xml" />
<xi:include href="post-build-hook.xml" />
</part>

View file

@ -1,121 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="chap-tuning-cores-and-jobs">
<title>Tuning Cores and Jobs</title>
<para>Nix has two relevant settings with regards to how your CPU cores
will be utilized: <xref linkend="conf-cores" /> and
<xref linkend="conf-max-jobs" />. This chapter will talk about what
they are, how they interact, and their configuration trade-offs.</para>
<variablelist>
<varlistentry>
<term><xref linkend="conf-max-jobs" /></term>
<listitem><para>
Dictates how many separate derivations will be built at the same
time. If you set this to zero, the local machine will do no
builds. Nix will still substitute from binary caches, and build
remotely if remote builders are configured.
</para></listitem>
</varlistentry>
<varlistentry>
<term><xref linkend="conf-cores" /></term>
<listitem><para>
Suggests how many cores each derivation should use. Similar to
<command>make -j</command>.
</para></listitem>
</varlistentry>
</variablelist>
<para>The <xref linkend="conf-cores" /> setting determines the value of
<literal>NIX_BUILD_CORES</literal>. <literal>NIX_BUILD_CORES</literal> is equal
to <xref linkend="conf-cores" />, unless <xref linkend="conf-cores" />
equals <literal>0</literal>, in which case <literal>NIX_BUILD_CORES</literal>
will be the total number of cores in the system.</para>
<para>The maximum number of consumed cores is a simple multiplication,
<xref linkend="conf-max-jobs" /> * <literal>NIX_BUILD_CORES</literal>.</para>
<para>The balance on how to set these two independent variables depends
upon each builder's workload and hardware. Here are a few example
scenarios on a machine with 24 cores:</para>
<table>
<caption>Balancing 24 Build Cores</caption>
<thead>
<tr>
<th><xref linkend="conf-max-jobs" /></th>
<th><xref linkend="conf-cores" /></th>
<th><literal>NIX_BUILD_CORES</literal></th>
<th>Maximum Processes</th>
<th>Result</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>24</td>
<td>24</td>
<td>24</td>
<td>
One derivation will be built at a time, each one can use 24
cores. Undersold if a job cant use 24 cores.
</td>
</tr>
<tr>
<td>4</td>
<td>6</td>
<td>6</td>
<td>24</td>
<td>
Four derivations will be built at once, each given access to
six cores.
</td>
</tr>
<tr>
<td>12</td>
<td>6</td>
<td>6</td>
<td>72</td>
<td>
12 derivations will be built at once, each given access to six
cores. This configuration is over-sold. If all 12 derivations
being built simultaneously try to use all six cores, the
machine's performance will be degraded due to extensive context
switching between the 12 builds.
</td>
</tr>
<tr>
<td>24</td>
<td>1</td>
<td>1</td>
<td>24</td>
<td>
24 derivations can build at the same time, each using a single
core. Never oversold, but derivations which require many cores
will be very slow to compile.
</td>
</tr>
<tr>
<td>24</td>
<td>0</td>
<td>24</td>
<td>576</td>
<td>
24 derivations can build at the same time, each using all the
available cores of the machine. Very likely to be oversold,
and very likely to suffer context switches.
</td>
</tr>
</tbody>
</table>
<para>It is up to the derivations' build script to respect
host's requested cores-per-build by following the value of the
<literal>NIX_BUILD_CORES</literal> environment variable.</para>
</chapter>

View file

@ -1,202 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="chap-diff-hook"
version="5.0"
>
<title>Verifying Build Reproducibility</title>
<para>Specify a program with Nix's <xref linkend="conf-diff-hook" /> to
compare build results when two builds produce different results. Note:
this hook is only executed if the results are not the same, this hook
is not used for determining if the results are the same.</para>
<para>For purposes of demonstration, we'll use the following Nix file,
<filename>deterministic.nix</filename> for testing:</para>
<programlisting>
let
inherit (import &lt;nixpkgs&gt; {}) runCommand;
in {
stable = runCommand "stable" {} ''
touch $out
'';
unstable = runCommand "unstable" {} ''
echo $RANDOM > $out
'';
}
</programlisting>
<para>Additionally, <filename>nix.conf</filename> contains:
<programlisting>
diff-hook = /etc/nix/my-diff-hook
run-diff-hook = true
</programlisting>
where <filename>/etc/nix/my-diff-hook</filename> is an executable
file containing:
<programlisting>
#!/bin/sh
exec &gt;&amp;2
echo "For derivation $3:"
/run/current-system/sw/bin/diff -r "$1" "$2"
</programlisting>
</para>
<para>The diff hook is executed by the same user and group who ran the
build. However, the diff hook does not have write access to the store
path just built.</para>
<section>
<title>
Spot-Checking Build Determinism
</title>
<para>
Verify a path which already exists in the Nix store by passing
<option>--check</option> to the build command.
</para>
<para>If the build passes and is deterministic, Nix will exit with a
status code of 0:</para>
<screen>
$ nix-build ./deterministic.nix -A stable
this derivation will be built:
/nix/store/z98fasz2jqy9gs0xbvdj939p27jwda38-stable.drv
building '/nix/store/z98fasz2jqy9gs0xbvdj939p27jwda38-stable.drv'...
/nix/store/yyxlzw3vqaas7wfp04g0b1xg51f2czgq-stable
$ nix-build ./deterministic.nix -A stable --check
checking outputs of '/nix/store/z98fasz2jqy9gs0xbvdj939p27jwda38-stable.drv'...
/nix/store/yyxlzw3vqaas7wfp04g0b1xg51f2czgq-stable
</screen>
<para>If the build is not deterministic, Nix will exit with a status
code of 1:</para>
<screen>
$ nix-build ./deterministic.nix -A unstable
this derivation will be built:
/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv
building '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv'...
/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable
$ nix-build ./deterministic.nix -A unstable --check
checking outputs of '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv'...
error: derivation '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv' may not be deterministic: output '/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable' differs
</screen>
<para>In the Nix daemon's log, we will now see:
<screen>
For derivation /nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv:
1c1
&lt; 8108
---
&gt; 30204
</screen>
</para>
<para>Using <option>--check</option> with <option>--keep-failed</option>
will cause Nix to keep the second build's output in a special,
<literal>.check</literal> path:</para>
<screen>
$ nix-build ./deterministic.nix -A unstable --check --keep-failed
checking outputs of '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv'...
note: keeping build directory '/tmp/nix-build-unstable.drv-0'
error: derivation '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv' may not be deterministic: output '/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable' differs from '/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable.check'
</screen>
<para>In particular, notice the
<literal>/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable.check</literal>
output. Nix has copied the build results to that directory where you
can examine it.</para>
<note xml:id="check-dirs-are-unregistered">
<title><literal>.check</literal> paths are not registered store paths</title>
<para>Check paths are not protected against garbage collection,
and this path will be deleted on the next garbage collection.</para>
<para>The path is guaranteed to be alive for the duration of
<xref linkend="conf-diff-hook" />'s execution, but may be deleted
any time after.</para>
<para>If the comparison is performed as part of automated tooling,
please use the diff-hook or author your tooling to handle the case
where the build was not deterministic and also a check path does
not exist.</para>
</note>
<para>
<option>--check</option> is only usable if the derivation has
been built on the system already. If the derivation has not been
built Nix will fail with the error:
<screen>
error: some outputs of '/nix/store/hzi1h60z2qf0nb85iwnpvrai3j2w7rr6-unstable.drv' are not valid, so checking is not possible
</screen>
Run the build without <option>--check</option>, and then try with
<option>--check</option> again.
</para>
</section>
<section>
<title>
Automatic and Optionally Enforced Determinism Verification
</title>
<para>
Automatically verify every build at build time by executing the
build multiple times.
</para>
<para>
Setting <xref linkend="conf-repeat" /> and
<xref linkend="conf-enforce-determinism" /> in your
<filename>nix.conf</filename> permits the automated verification
of every build Nix performs.
</para>
<para>
The following configuration will run each build three times, and
will require the build to be deterministic:
<programlisting>
enforce-determinism = true
repeat = 2
</programlisting>
</para>
<para>
Setting <xref linkend="conf-enforce-determinism" /> to false as in
the following configuration will run the build multiple times,
execute the build hook, but will allow the build to succeed even
if it does not build reproducibly:
<programlisting>
enforce-determinism = false
repeat = 1
</programlisting>
</para>
<para>
An example output of this configuration:
<screen>
$ nix-build ./test.nix -A unstable
this derivation will be built:
/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv
building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 1/2)...
building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 2/2)...
output '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable' of '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' differs from '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable.check' from previous round
/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable
</screen>
</para>
</section>
</chapter>

View file

@ -1,190 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='chap-distributed-builds'>
<title>Remote Builds</title>
<para>Nix supports remote builds, where a local Nix installation can
forward Nix builds to other machines. This allows multiple builds to
be performed in parallel and allows Nix to perform multi-platform
builds in a semi-transparent way. For instance, if you perform a
build for a <literal>x86_64-darwin</literal> on an
<literal>i686-linux</literal> machine, Nix can automatically forward
the build to a <literal>x86_64-darwin</literal> machine, if
available.</para>
<para>To forward a build to a remote machine, its required that the
remote machine is accessible via SSH and that it has Nix
installed. You can test whether connecting to the remote Nix instance
works, e.g.
<screen>
$ nix ping-store --store ssh://mac
</screen>
will try to connect to the machine named <literal>mac</literal>. It is
possible to specify an SSH identity file as part of the remote store
URI, e.g.
<screen>
$ nix ping-store --store ssh://mac?ssh-key=/home/alice/my-key
</screen>
Since builds should be non-interactive, the key should not have a
passphrase. Alternatively, you can load identities ahead of time into
<command>ssh-agent</command> or <command>gpg-agent</command>.</para>
<para>If you get the error
<screen>
bash: nix-store: command not found
error: cannot connect to 'mac'
</screen>
then you need to ensure that the <literal>PATH</literal> of
non-interactive login shells contains Nix.</para>
<warning><para>If you are building via the Nix daemon, it is the Nix
daemon user account (that is, <literal>root</literal>) that should
have SSH access to the remote machine. If you cant or dont want to
configure <literal>root</literal> to be able to access to remote
machine, you can use a private Nix store instead by passing
e.g. <literal>--store ~/my-nix</literal>.</para></warning>
<para>The list of remote machines can be specified on the command line
or in the Nix configuration file. The former is convenient for
testing. For example, the following command allows you to build a
derivation for <literal>x86_64-darwin</literal> on a Linux machine:
<screen>
$ uname
Linux
$ nix build \
'(with import &lt;nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
--builders 'ssh://mac x86_64-darwin'
[1/0/1 built, 0.0 MiB DL] building foo on ssh://mac
$ cat ./result
Darwin
</screen>
It is possible to specify multiple builders separated by a semicolon
or a newline, e.g.
<screen>
--builders 'ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd'
</screen>
</para>
<para>Each machine specification consists of the following elements,
separated by spaces. Only the first element is required.
To leave a field at its default, set it to <literal>-</literal>.
<orderedlist>
<listitem><para>The URI of the remote store in the format
<literal>ssh://[<emphasis>username</emphasis>@]<emphasis>hostname</emphasis></literal>,
e.g. <literal>ssh://nix@mac</literal> or
<literal>ssh://mac</literal>. For backward compatibility,
<literal>ssh://</literal> may be omitted. The hostname may be an
alias defined in your
<filename>~/.ssh/config</filename>.</para></listitem>
<listitem><para>A comma-separated list of Nix platform type
identifiers, such as <literal>x86_64-darwin</literal>. It is
possible for a machine to support multiple platform types, e.g.,
<literal>i686-linux,x86_64-linux</literal>. If omitted, this
defaults to the local platform type.</para></listitem>
<listitem><para>The SSH identity file to be used to log in to the
remote machine. If omitted, SSH will use its regular
identities.</para></listitem>
<listitem><para>The maximum number of builds that Nix will execute
in parallel on the machine. Typically this should be equal to the
number of CPU cores. For instance, the machine
<literal>itchy</literal> in the example will execute up to 8 builds
in parallel.</para></listitem>
<listitem><para>The “speed factor”, indicating the relative speed of
the machine. If there are multiple machines of the right type, Nix
will prefer the fastest, taking load into account.</para></listitem>
<listitem><para>A comma-separated list of <emphasis>supported
features</emphasis>. If a derivation has the
<varname>requiredSystemFeatures</varname> attribute, then Nix will
only perform the derivation on a machine that has the specified
features. For instance, the attribute
<programlisting>
requiredSystemFeatures = [ "kvm" ];
</programlisting>
will cause the build to be performed on a machine that has the
<literal>kvm</literal> feature.</para></listitem>
<listitem><para>A comma-separated list of <emphasis>mandatory
features</emphasis>. A machine will only be used to build a
derivation if all of the machines mandatory features appear in the
derivations <varname>requiredSystemFeatures</varname>
attribute..</para></listitem>
</orderedlist>
For example, the machine specification
<programlisting>
nix@scratchy.labs.cs.uu.nl i686-linux /home/nix/.ssh/id_scratchy_auto 8 1 kvm
nix@itchy.labs.cs.uu.nl i686-linux /home/nix/.ssh/id_scratchy_auto 8 2
nix@poochie.labs.cs.uu.nl i686-linux /home/nix/.ssh/id_scratchy_auto 1 2 kvm benchmark
</programlisting>
specifies several machines that can perform
<literal>i686-linux</literal> builds. However,
<literal>poochie</literal> will only do builds that have the attribute
<programlisting>
requiredSystemFeatures = [ "benchmark" ];
</programlisting>
or
<programlisting>
requiredSystemFeatures = [ "benchmark" "kvm" ];
</programlisting>
<literal>itchy</literal> cannot do builds that require
<literal>kvm</literal>, but <literal>scratchy</literal> does support
such builds. For regular builds, <literal>itchy</literal> will be
preferred over <literal>scratchy</literal> because it has a higher
speed factor.</para>
<para>Remote builders can also be configured in
<filename>nix.conf</filename>, e.g.
<programlisting>
builders = ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd
</programlisting>
Finally, remote builders can be configured in a separate configuration
file included in <option>builders</option> via the syntax
<literal>@<emphasis>file</emphasis></literal>. For example,
<programlisting>
builders = @/etc/nix/machines
</programlisting>
causes the list of machines in <filename>/etc/nix/machines</filename>
to be included. (This is the default.)</para>
<para>If you want the builders to use caches, you likely want to set
the option <link linkend='conf-builders-use-substitutes'><literal>builders-use-substitutes</literal></link>
in your local <filename>nix.conf</filename>.</para>
<para>To build only on remote builders and disable building on the local machine,
you can use the option <option>--max-jobs 0</option>.</para>
</chapter>

View file

@ -1,158 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="chap-post-build-hook"
version="5.0"
>
<title>Using the <option linkend="conf-post-build-hook">post-build-hook</option></title>
<section xml:id="chap-post-build-hook-caveats">
<title>Implementation Caveats</title>
<para>Here we use the post-build hook to upload to a binary cache.
This is a simple and working example, but it is not suitable for all
use cases.</para>
<para>The post build hook program runs after each executed build,
and blocks the build loop. The build loop exits if the hook program
fails.</para>
<para>Concretely, this implementation will make Nix slow or unusable
when the internet is slow or unreliable.</para>
<para>A more advanced implementation might pass the store paths to a
user-supplied daemon or queue for processing the store paths outside
of the build loop.</para>
</section>
<section>
<title>Prerequisites</title>
<para>
This tutorial assumes you have configured an S3-compatible binary cache
according to the instructions at
<xref linkend="ssec-s3-substituter-authenticated-writes" />, and
that the <literal>root</literal> user's default AWS profile can
upload to the bucket.
</para>
</section>
<section>
<title>Set up a Signing Key</title>
<para>Use <command>nix-store --generate-binary-cache-key</command> to
create our public and private signing keys. We will sign paths
with the private key, and distribute the public key for verifying
the authenticity of the paths.</para>
<screen>
# nix-store --generate-binary-cache-key example-nix-cache-1 /etc/nix/key.private /etc/nix/key.public
# cat /etc/nix/key.public
example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
</screen>
<para>Then, add the public key and the cache URL to your
<filename>nix.conf</filename>'s <xref linkend="conf-trusted-public-keys" />
and <xref linkend="conf-substituters" /> like:</para>
<programlisting>
substituters = https://cache.nixos.org/ s3://example-nix-cache
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
</programlisting>
<para>We will restart the Nix daemon in a later step.</para>
</section>
<section>
<title>Implementing the build hook</title>
<para>Write the following script to
<filename>/etc/nix/upload-to-cache.sh</filename>:
</para>
<programlisting>
#!/bin/sh
set -eu
set -f # disable globbing
export IFS=' '
echo "Signing paths" $OUT_PATHS
nix sign-paths --key-file /etc/nix/key.private $OUT_PATHS
echo "Uploading paths" $OUT_PATHS
exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
</programlisting>
<note>
<title>Should <literal>$OUT_PATHS</literal> be quoted?</title>
<para>
The <literal>$OUT_PATHS</literal> variable is a space-separated
list of Nix store paths. In this case, we expect and want the
shell to perform word splitting to make each output path its
own argument to <command>nix sign-paths</command>. Nix guarantees
the paths will not contain any spaces, however a store path
might contain glob characters. The <command>set -f</command>
disables globbing in the shell.
</para>
</note>
<para>
Then make sure the hook program is executable by the <literal>root</literal> user:
<screen>
# chmod +x /etc/nix/upload-to-cache.sh
</screen></para>
</section>
<section>
<title>Updating Nix Configuration</title>
<para>Edit <filename>/etc/nix/nix.conf</filename> to run our hook,
by adding the following configuration snippet at the end:</para>
<programlisting>
post-build-hook = /etc/nix/upload-to-cache.sh
</programlisting>
<para>Then, restart the <command>nix-daemon</command>.</para>
</section>
<section>
<title>Testing</title>
<para>Build any derivation, for example:</para>
<screen>
$ nix-build -E '(import &lt;nixpkgs&gt; {}).writeText "example" (builtins.toString builtins.currentTime)'
this derivation will be built:
/nix/store/s4pnfbkalzy5qz57qs6yybna8wylkig6-example.drv
building '/nix/store/s4pnfbkalzy5qz57qs6yybna8wylkig6-example.drv'...
running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'...
post-build-hook: Signing paths /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
post-build-hook: Uploading paths /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
/nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
</screen>
<para>Then delete the path from the store, and try substituting it from the binary cache:</para>
<screen>
$ rm ./result
$ nix-store --delete /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
</screen>
<para>Now, copy the path back from the cache:</para>
<screen>
$ nix-store --realise /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
copying path '/nix/store/m8bmqwrch6l3h8s0k3d673xpmipcdpsa-example from 's3://example-nix-cache'...
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
/nix/store/m8bmqwrch6l3h8s0k3d673xpmipcdpsa-example
</screen>
</section>
<section>
<title>Conclusion</title>
<para>
We now have a Nix installation configured to automatically sign and
upload every local build to a remote binary cache.
</para>
<para>
Before deploying this to production, be sure to consider the
implementation caveats in <xref linkend="chap-post-build-hook-caveats" />.
</para>
</section>
</chapter>

View file

@ -1,20 +0,0 @@
<part xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='part-command-ref'>
<title>Command Reference</title>
<partintro>
<para>This section lists commands and options that you can use when you
work with Nix.</para>
</partintro>
<xi:include href="opt-common.xml" />
<xi:include href="env-common.xml" />
<xi:include href="main-commands.xml" />
<xi:include href="utilities.xml" />
<xi:include href="files.xml" />
</part>

File diff suppressed because it is too large Load diff

View file

@ -1,209 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-common-env">
<title>Common Environment Variables</title>
<para>Most Nix commands interpret the following environment variables:</para>
<variablelist xml:id="env-common">
<varlistentry><term><literal>IN_NIX_SHELL</literal></term>
<listitem><para>Indicator that tells if the current environment was set up by
<command>nix-shell</command>. Since Nix 2.0 the values are
<literal>"pure"</literal> and <literal>"impure"</literal></para></listitem>
</varlistentry>
<varlistentry xml:id="env-NIX_PATH"><term><literal>NIX_PATH</literal></term>
<listitem>
<para>A colon-separated list of directories used to look up Nix
expressions enclosed in angle brackets (i.e.,
<literal>&lt;<emphasis>path</emphasis>></literal>). For
instance, the value
<screen>
/home/eelco/Dev:/etc/nixos</screen>
will cause Nix to look for paths relative to
<filename>/home/eelco/Dev</filename> and
<filename>/etc/nixos</filename>, in this order. It is also
possible to match paths against a prefix. For example, the value
<screen>
nixpkgs=/home/eelco/Dev/nixpkgs-branch:/etc/nixos</screen>
will cause Nix to search for
<literal>&lt;nixpkgs/<emphasis>path</emphasis>></literal> in
<filename>/home/eelco/Dev/nixpkgs-branch/<emphasis>path</emphasis></filename>
and
<filename>/etc/nixos/nixpkgs/<emphasis>path</emphasis></filename>.</para>
<para>If a path in the Nix search path starts with
<literal>http://</literal> or <literal>https://</literal>, it is
interpreted as the URL of a tarball that will be downloaded and
unpacked to a temporary location. The tarball must consist of a
single top-level directory. For example, setting
<literal>NIX_PATH</literal> to
<screen>
nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-15.09.tar.gz</screen>
tells Nix to download the latest revision in the Nixpkgs/NixOS
15.09 channel.</para>
<para>A following shorthand can be used to refer to the official channels:
<screen>nixpkgs=channel:nixos-15.09</screen>
</para>
<para>The search path can be extended using the <option
linkend="opt-I">-I</option> option, which takes precedence over
<literal>NIX_PATH</literal>.</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_IGNORE_SYMLINK_STORE</literal></term>
<listitem>
<para>Normally, the Nix store directory (typically
<filename>/nix/store</filename>) is not allowed to contain any
symlink components. This is to prevent “impure” builds. Builders
sometimes “canonicalise” paths by resolving all symlink components.
Thus, builds on different machines (with
<filename>/nix/store</filename> resolving to different locations)
could yield different results. This is generally not a problem,
except when builds are deployed to machines where
<filename>/nix/store</filename> resolves differently. If you are
sure that youre not going to do that, you can set
<literal>NIX_IGNORE_SYMLINK_STORE</literal> to <literal>1</literal>.</para>
<para>Note that if youre symlinking the Nix store so that you can
put it on another file system than the root file system, on Linux
youre better off using <literal>bind</literal> mount points, e.g.,
<screen>
$ mkdir /nix
$ mount -o bind /mnt/otherdisk/nix /nix</screen>
Consult the <citerefentry><refentrytitle>mount</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> manual page for details.</para>
</listitem>
</varlistentry>
<varlistentry><term><literal>NIX_STORE_DIR</literal></term>
<listitem><para>Overrides the location of the Nix store (default
<filename><emphasis>prefix</emphasis>/store</filename>).</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_DATA_DIR</literal></term>
<listitem><para>Overrides the location of the Nix static data
directory (default
<filename><emphasis>prefix</emphasis>/share</filename>).</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_LOG_DIR</literal></term>
<listitem><para>Overrides the location of the Nix log directory
(default <filename><emphasis>prefix</emphasis>/var/log/nix</filename>).</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_STATE_DIR</literal></term>
<listitem><para>Overrides the location of the Nix state directory
(default <filename><emphasis>prefix</emphasis>/var/nix</filename>).</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_CONF_DIR</literal></term>
<listitem><para>Overrides the location of the system Nix configuration
directory (default
<filename><emphasis>prefix</emphasis>/etc/nix</filename>).</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_USER_CONF_FILES</literal></term>
<listitem><para>Overrides the location of the user Nix configuration files
to load from (defaults to the XDG spec locations). The variable is treated
as a list separated by the <literal>:</literal> token.</para></listitem>
</varlistentry>
<varlistentry><term><literal>TMPDIR</literal></term>
<listitem><para>Use the specified directory to store temporary
files. In particular, this includes temporary build directories;
these can take up substantial amounts of disk space. The default is
<filename>/tmp</filename>.</para></listitem>
</varlistentry>
<varlistentry xml:id="envar-remote"><term><literal>NIX_REMOTE</literal></term>
<listitem><para>This variable should be set to
<literal>daemon</literal> if you want to use the Nix daemon to
execute Nix operations. This is necessary in <link
linkend="ssec-multi-user">multi-user Nix installations</link>.
If the Nix daemon's Unix socket is at some non-standard path,
this variable should be set to <literal>unix://path/to/socket</literal>.
Otherwise, it should be left unset.</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_SHOW_STATS</literal></term>
<listitem><para>If set to <literal>1</literal>, Nix will print some
evaluation statistics, such as the number of values
allocated.</para></listitem>
</varlistentry>
<varlistentry><term><literal>NIX_COUNT_CALLS</literal></term>
<listitem><para>If set to <literal>1</literal>, Nix will print how
often functions were called during Nix expression evaluation. This
is useful for profiling your Nix expressions.</para></listitem>
</varlistentry>
<varlistentry><term><literal>GC_INITIAL_HEAP_SIZE</literal></term>
<listitem><para>If Nix has been configured to use the Boehm garbage
collector, this variable sets the initial size of the heap in bytes.
It defaults to 384 MiB. Setting it to a low value reduces memory
consumption, but will increase runtime due to the overhead of
garbage collection.</para></listitem>
</varlistentry>
</variablelist>
</chapter>

View file

@ -1,14 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='ch-files'>
<title>Files</title>
<para>This section lists configuration files that you can use when you
work with Nix.</para>
<xi:include href="conf-file.xml" />
</chapter>

View file

@ -1,17 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='ch-main-commands'>
<title>Main Commands</title>
<para>This section lists commands and options that you can use when you
work with Nix.</para>
<xi:include href="nix-env.xml" />
<xi:include href="nix-build.xml" />
<xi:include href="nix-shell.xml" />
<xi:include href="nix-store.xml" />
</chapter>

View file

@ -1,190 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-build">
<refmeta>
<refentrytitle>nix-build</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-build</refname>
<refpurpose>build a Nix expression</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-build</command>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="opt-common-syn.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(/db:nop/*)" />
<arg><option>--arg</option> <emphasis>name</emphasis> <emphasis>value</emphasis></arg>
<arg><option>--argstr</option> <emphasis>name</emphasis> <emphasis>value</emphasis></arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--attr</option></arg>
<arg choice='plain'><option>-A</option></arg>
</group>
<emphasis>attrPath</emphasis>
</arg>
<arg><option>--no-out-link</option></arg>
<arg><option>--dry-run</option></arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--out-link</option></arg>
<arg choice='plain'><option>-o</option></arg>
</group>
<emphasis>outlink</emphasis>
</arg>
<arg choice='plain' rep='repeat'><emphasis>paths</emphasis></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>The <command>nix-build</command> command builds the derivations
described by the Nix expressions in <emphasis>paths</emphasis>.
If the build succeeds, it places a symlink to the result in the
current directory. The symlink is called <filename>result</filename>.
If there are multiple Nix expressions, or the Nix expressions evaluate
to multiple derivations, multiple sequentially numbered symlinks are
created (<filename>result</filename>, <filename>result-2</filename>,
and so on).</para>
<para>If no <emphasis>paths</emphasis> are specified, then
<command>nix-build</command> will use <filename>default.nix</filename>
in the current directory, if it exists.</para>
<para>If an element of <emphasis>paths</emphasis> starts with
<literal>http://</literal> or <literal>https://</literal>, it is
interpreted as the URL of a tarball that will be downloaded and
unpacked to a temporary location. The tarball must include a single
top-level directory containing at least a file named
<filename>default.nix</filename>.</para>
<para><command>nix-build</command> is essentially a wrapper around
<link
linkend="sec-nix-instantiate"><command>nix-instantiate</command></link>
(to translate a high-level Nix expression to a low-level store
derivation) and <link
linkend="rsec-nix-store-realise"><command>nix-store
--realise</command></link> (to build the store derivation).</para>
<warning><para>The result of the build is automatically registered as
a root of the Nix garbage collector. This root disappears
automatically when the <filename>result</filename> symlink is deleted
or renamed. So dont rename the symlink.</para></warning>
</refsection>
<refsection><title>Options</title>
<para>All options not listed here are passed to <command>nix-store
--realise</command>, except for <option>--arg</option> and
<option>--attr</option> / <option>-A</option> which are passed to
<command>nix-instantiate</command>. <phrase condition="manual">See
also <xref linkend="sec-common-options" />.</phrase></para>
<variablelist>
<varlistentry><term><option>--no-out-link</option></term>
<listitem><para>Do not create a symlink to the output path. Note
that as a result the output does not become a root of the garbage
collector, and so might be deleted by <command>nix-store
--gc</command>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--dry-run</option></term>
<listitem><para>Show what store paths would be built or downloaded.</para></listitem>
</varlistentry>
<varlistentry xml:id='opt-out-link'><term><option>--out-link</option> /
<option>-o</option> <emphasis>outlink</emphasis></term>
<listitem><para>Change the name of the symlink to the output path
created from <filename>result</filename> to
<emphasis>outlink</emphasis>.</para></listitem>
</varlistentry>
</variablelist>
<para>The following common options are supported:</para>
<variablelist condition="manpage">
<xi:include href="opt-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='opt-common']/*)" />
</variablelist>
</refsection>
<refsection><title>Examples</title>
<screen>
$ nix-build '&lt;nixpkgs>' -A firefox
store derivation is /nix/store/qybprl8sz2lc...-firefox-1.5.0.7.drv
/nix/store/d18hyl92g30l...-firefox-1.5.0.7
$ ls -l result
lrwxrwxrwx <emphasis>...</emphasis> result -> /nix/store/d18hyl92g30l...-firefox-1.5.0.7
$ ls ./result/bin/
firefox firefox-config</screen>
<para>If a derivation has multiple outputs,
<command>nix-build</command> will build the default (first) output.
You can also build all outputs:
<screen>
$ nix-build '&lt;nixpkgs>' -A openssl.all
</screen>
This will create a symlink for each output named
<filename>result-<emphasis>outputname</emphasis></filename>.
The suffix is omitted if the output name is <literal>out</literal>.
So if <literal>openssl</literal> has outputs <literal>out</literal>,
<literal>bin</literal> and <literal>man</literal>,
<command>nix-build</command> will create symlinks
<literal>result</literal>, <literal>result-bin</literal> and
<literal>result-man</literal>. Its also possible to build a specific
output:
<screen>
$ nix-build '&lt;nixpkgs>' -A openssl.man
</screen>
This will create a symlink <literal>result-man</literal>.</para>
<para>Build a Nix expression given on the command line:
<screen>
$ nix-build -E 'with import &lt;nixpkgs> { }; runCommand "foo" { } "echo bar > $out"'
$ cat ./result
bar
</screen>
</para>
<para>Build the GNU Hello package from the latest revision of the
master branch of Nixpkgs:
<screen>
$ nix-build https://github.com/NixOS/nixpkgs/archive/master.tar.gz -A hello
</screen>
</para>
</refsection>
<refsection condition="manpage"><title>Environment variables</title>
<variablelist>
<xi:include href="env-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='env-common']/*)" />
</variablelist>
</refsection>
</refentry>

View file

@ -1,181 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-channel">
<refmeta>
<refentrytitle>nix-channel</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-channel</refname>
<refpurpose>manage Nix channels</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-channel</command>
<group choice='req'>
<arg choice='plain'><option>--add</option> <emphasis>url</emphasis> <arg choice='opt'><emphasis>name</emphasis></arg></arg>
<arg choice='plain'><option>--remove</option> <emphasis>name</emphasis></arg>
<arg choice='plain'><option>--list</option></arg>
<arg choice='plain'><option>--update</option> <arg rep='repeat'><emphasis>names</emphasis></arg></arg>
<arg choice='plain'><option>--rollback</option> <arg choice='opt'><emphasis>generation</emphasis></arg></arg>
</group>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>A Nix channel is a mechanism that allows you to automatically
stay up-to-date with a set of pre-built Nix expressions. A Nix
channel is just a URL that points to a place containing a set of Nix
expressions. <phrase condition="manual">See also <xref
linkend="sec-channels" />.</phrase></para>
<para>To see the list of official NixOS channels, visit <link
xlink:href="https://nixos.org/channels" />.</para>
<para>This command has the following operations:
<variablelist>
<varlistentry><term><option>--add</option> <emphasis>url</emphasis> [<emphasis>name</emphasis>]</term>
<listitem><para>Adds a channel named
<emphasis>name</emphasis> with URL
<emphasis>url</emphasis> to the list of subscribed channels.
If <emphasis>name</emphasis> is omitted, it defaults to the
last component of <emphasis>url</emphasis>, with the
suffixes <literal>-stable</literal> or
<literal>-unstable</literal> removed.</para></listitem>
</varlistentry>
<varlistentry><term><option>--remove</option> <emphasis>name</emphasis></term>
<listitem><para>Removes the channel named
<emphasis>name</emphasis> from the list of subscribed
channels.</para></listitem>
</varlistentry>
<varlistentry><term><option>--list</option></term>
<listitem><para>Prints the names and URLs of all subscribed
channels on standard output.</para></listitem>
</varlistentry>
<varlistentry><term><option>--update</option> [<emphasis>names</emphasis>…]</term>
<listitem><para>Downloads the Nix expressions of all subscribed
channels (or only those included in
<emphasis>names</emphasis> if specified) and makes them the
default for <command>nix-env</command> operations (by symlinking
them from the directory
<filename>~/.nix-defexpr</filename>).</para></listitem>
</varlistentry>
<varlistentry><term><option>--rollback</option> [<emphasis>generation</emphasis>]</term>
<listitem><para>Reverts the previous call to <command>nix-channel
--update</command>. Optionally, you can specify a specific channel
generation number to restore.</para></listitem>
</varlistentry>
</variablelist>
</para>
<para>Note that <option>--add</option> does not automatically perform
an update.</para>
<para>The list of subscribed channels is stored in
<filename>~/.nix-channels</filename>.</para>
</refsection>
<refsection><title>Examples</title>
<para>To subscribe to the Nixpkgs channel and install the GNU Hello package:</para>
<screen>
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable
$ nix-channel --update
$ nix-env -iA nixpkgs.hello</screen>
<para>You can revert channel updates using <option>--rollback</option>:</para>
<screen>
$ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.version'
"14.04.527.0e935f1"
$ nix-channel --rollback
switching from generation 483 to 482
$ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.version'
"14.04.526.dbadfad"
</screen>
</refsection>
<refsection><title>Files</title>
<variablelist>
<varlistentry><term><filename>/nix/var/nix/profiles/per-user/<emphasis>username</emphasis>/channels</filename></term>
<listitem><para><command>nix-channel</command> uses a
<command>nix-env</command> profile to keep track of previous
versions of the subscribed channels. Every time you run
<command>nix-channel --update</command>, a new channel generation
(that is, a symlink to the channel Nix expressions in the Nix store)
is created. This enables <command>nix-channel --rollback</command>
to revert to previous versions.</para></listitem>
</varlistentry>
<varlistentry><term><filename>~/.nix-defexpr/channels</filename></term>
<listitem><para>This is a symlink to
<filename>/nix/var/nix/profiles/per-user/<emphasis>username</emphasis>/channels</filename>. It
ensures that <command>nix-env</command> can find your channels. In
a multi-user installation, you may also have
<filename>~/.nix-defexpr/channels_root</filename>, which links to
the channels of the root user.</para></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Channel format</title>
<para>A channel URL should point to a directory containing the
following files:</para>
<variablelist>
<varlistentry><term><filename>nixexprs.tar.xz</filename></term>
<listitem><para>A tarball containing Nix expressions and files
referenced by them (such as build scripts and patches). At the
top level, the tarball should contain a single directory. That
directory must contain a file <filename>default.nix</filename>
that serves as the channels “entry point”.</para></listitem>
</varlistentry>
</variablelist>
</refsection>
</refentry>

View file

@ -1,63 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-collect-garbage">
<refmeta>
<refentrytitle>nix-collect-garbage</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-collect-garbage</refname>
<refpurpose>delete unreachable store paths</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-collect-garbage</command>
<arg><option>--delete-old</option></arg>
<arg><option>-d</option></arg>
<arg><option>--delete-older-than</option> <emphasis>period</emphasis></arg>
<arg><option>--max-freed</option> <emphasis>bytes</emphasis></arg>
<arg><option>--dry-run</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>The command <command>nix-collect-garbage</command> is mostly an
alias of <link linkend="rsec-nix-store-gc"><command>nix-store
--gc</command></link>, that is, it deletes all unreachable paths in
the Nix store to clean up your system. However, it provides two
additional options: <option>-d</option> (<option>--delete-old</option>),
which deletes all old generations of all profiles in
<filename>/nix/var/nix/profiles</filename> by invoking
<literal>nix-env --delete-generations old</literal> on all profiles
(of course, this makes rollbacks to previous configurations
impossible); and
<option>--delete-older-than</option> <emphasis>period</emphasis>,
where period is a value such as <literal>30d</literal>, which deletes
all generations older than the specified number of days in all profiles
in <filename>/nix/var/nix/profiles</filename> (except for the generations
that were active at that point in time).
</para>
</refsection>
<refsection><title>Example</title>
<para>To delete from the Nix store everything that is not used by the
current generations of each profile, do
<screen>
$ nix-collect-garbage -d</screen>
</para>
</refsection>
</refentry>

View file

@ -1,169 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="sec-nix-copy-closure">
<refmeta>
<refentrytitle>nix-copy-closure</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-copy-closure</refname>
<refpurpose>copy a closure to or from a remote machine via SSH</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-copy-closure</command>
<group>
<arg choice='plain'><option>--to</option></arg>
<arg choice='plain'><option>--from</option></arg>
</group>
<arg><option>--gzip</option></arg>
<!--
<arg><option>- -show-progress</option></arg>
-->
<arg><option>--include-outputs</option></arg>
<group>
<arg choice='plain'><option>--use-substitutes</option></arg>
<arg choice='plain'><option>-s</option></arg>
</group>
<arg><option>-v</option></arg>
<arg choice='plain'>
<emphasis>user@</emphasis><emphasis>machine</emphasis>
</arg>
<arg choice='plain'><emphasis>paths</emphasis></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para><command>nix-copy-closure</command> gives you an easy and
efficient way to exchange software between machines. Given one or
more Nix store <emphasis>paths</emphasis> on the local
machine, <command>nix-copy-closure</command> computes the closure of
those paths (i.e. all their dependencies in the Nix store), and copies
all paths in the closure to the remote machine via the
<command>ssh</command> (Secure Shell) command. With the
<option>--from</option>, the direction is reversed:
the closure of <emphasis>paths</emphasis> on a remote machine is
copied to the Nix store on the local machine.</para>
<para>This command is efficient because it only sends the store paths
that are missing on the target machine.</para>
<para>Since <command>nix-copy-closure</command> calls
<command>ssh</command>, you may be asked to type in the appropriate
password or passphrase. In fact, you may be asked
<emphasis>twice</emphasis> because <command>nix-copy-closure</command>
currently connects twice to the remote machine, first to get the set
of paths missing on the target machine, and second to send the dump of
those paths. If this bothers you, use
<command>ssh-agent</command>.</para>
<refsection><title>Options</title>
<variablelist>
<varlistentry><term><option>--to</option></term>
<listitem><para>Copy the closure of
<emphasis>paths</emphasis> from the local Nix store to the
Nix store on <emphasis>machine</emphasis>. This is the
default.</para></listitem>
</varlistentry>
<varlistentry><term><option>--from</option></term>
<listitem><para>Copy the closure of
<emphasis>paths</emphasis> from the Nix store on
<emphasis>machine</emphasis> to the local Nix
store.</para></listitem>
</varlistentry>
<varlistentry><term><option>--gzip</option></term>
<listitem><para>Enable compression of the SSH
connection.</para></listitem>
</varlistentry>
<varlistentry><term><option>--include-outputs</option></term>
<listitem><para>Also copy the outputs of store derivations
included in the closure.</para></listitem>
</varlistentry>
<varlistentry><term><option>--use-substitutes</option> / <option>-s</option></term>
<listitem><para>Attempt to download missing paths on the target
machine using Nixs substitute mechanism. Any paths that cannot
be substituted on the target are still copied normally from the
source. This is useful, for instance, if the connection between
the source and target machine is slow, but the connection between
the target machine and <literal>nixos.org</literal> (the default
binary cache server) is fast.</para></listitem>
</varlistentry>
<varlistentry><term><option>-v</option></term>
<listitem><para>Show verbose output.</para></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Environment variables</title>
<variablelist>
<varlistentry><term><literal>NIX_SSHOPTS</literal></term>
<listitem><para>Additional options to be passed to
<command>ssh</command> on the command line.</para></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Examples</title>
<para>Copy Firefox with all its dependencies to a remote machine:
<screen>
$ nix-copy-closure --to alice@itchy.labs $(type -tP firefox)</screen>
</para>
<para>Copy Subversion from a remote machine and then install it into a
user environment:
<screen>
$ nix-copy-closure --from alice@itchy.labs \
/nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
$ nix-env -i /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
</screen>
</para>
</refsection>
</refsection>
</refentry>

View file

@ -1,35 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-daemon">
<refmeta>
<refentrytitle>nix-daemon</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-daemon</refname>
<refpurpose>Nix multi-user support daemon</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-daemon</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>The Nix daemon is necessary in multi-user Nix installations. It
performs build actions and other operations on the Nix store on behalf
of unprivileged users.</para>
</refsection>
</refentry>

File diff suppressed because it is too large Load diff

View file

@ -1,176 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-hash">
<refmeta>
<refentrytitle>nix-hash</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-hash</refname>
<refpurpose>compute the cryptographic hash of a path</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-hash</command>
<arg><option>--flat</option></arg>
<arg><option>--base32</option></arg>
<arg><option>--truncate</option></arg>
<arg><option>--type</option> <emphasis>hashAlgo</emphasis></arg>
<arg choice='plain' rep='repeat'><emphasis>path</emphasis></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>nix-hash</command>
<arg choice='plain'><option>--to-base16</option></arg>
<arg choice='plain' rep='repeat'><emphasis>hash</emphasis></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>nix-hash</command>
<arg choice='plain'><option>--to-base32</option></arg>
<arg choice='plain' rep='repeat'><emphasis>hash</emphasis></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>The command <command>nix-hash</command> computes the
cryptographic hash of the contents of each
<emphasis>path</emphasis> and prints it on standard output. By
default, it computes an MD5 hash, but other hash algorithms are
available as well. The hash is printed in hexadecimal. To generate
the same hash as <command>nix-prefetch-url</command> you have to
specify multiple arguments, see below for an example.</para>
<para>The hash is computed over a <emphasis>serialisation</emphasis>
of each path: a dump of the file system tree rooted at the path. This
allows directories and symlinks to be hashed as well as regular files.
The dump is in the <emphasis>NAR format</emphasis> produced by <link
linkend="refsec-nix-store-dump"><command>nix-store</command>
<option>--dump</option></link>. Thus, <literal>nix-hash
<emphasis>path</emphasis></literal> yields the same
cryptographic hash as <literal>nix-store --dump
<emphasis>path</emphasis> | md5sum</literal>.</para>
</refsection>
<refsection><title>Options</title>
<variablelist>
<varlistentry><term><option>--flat</option></term>
<listitem><para>Print the cryptographic hash of the contents of
each regular file <emphasis>path</emphasis>. That is, do
not compute the hash over the dump of
<emphasis>path</emphasis>. The result is identical to that
produced by the GNU commands <command>md5sum</command> and
<command>sha1sum</command>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--base32</option></term>
<listitem><para>Print the hash in a base-32 representation rather
than hexadecimal. This base-32 representation is more compact and
can be used in Nix expressions (such as in calls to
<function>fetchurl</function>).</para></listitem>
</varlistentry>
<varlistentry><term><option>--truncate</option></term>
<listitem><para>Truncate hashes longer than 160 bits (such as
SHA-256) to 160 bits.</para></listitem>
</varlistentry>
<varlistentry><term><option>--type</option> <emphasis>hashAlgo</emphasis></term>
<listitem><para>Use the specified cryptographic hash algorithm,
which can be one of <literal>md5</literal>,
<literal>sha1</literal>, and
<literal>sha256</literal>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--to-base16</option></term>
<listitem><para>Dont hash anything, but convert the base-32 hash
representation <emphasis>hash</emphasis> to
hexadecimal.</para></listitem>
</varlistentry>
<varlistentry><term><option>--to-base32</option></term>
<listitem><para>Dont hash anything, but convert the hexadecimal
hash representation <emphasis>hash</emphasis> to
base-32.</para></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Examples</title>
<para>Computing the same hash as <command>nix-prefetch-url</command>:
<screen>
$ nix-prefetch-url file://&lt;(echo test)
1lkgqb6fclns49861dwk9rzb6xnfkxbpws74mxnx01z9qyv1pjpj
$ nix-hash --type sha256 --flat --base32 &lt;(echo test)
1lkgqb6fclns49861dwk9rzb6xnfkxbpws74mxnx01z9qyv1pjpj
</screen>
</para>
<para>Computing hashes:
<screen>
$ mkdir test
$ echo "hello" > test/world
$ nix-hash test/ <lineannotation>(MD5 hash; default)</lineannotation>
8179d3caeff1869b5ba1744e5a245c04
$ nix-store --dump test/ | md5sum <lineannotation>(for comparison)</lineannotation>
8179d3caeff1869b5ba1744e5a245c04 -
$ nix-hash --type sha1 test/
e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6
$ nix-hash --type sha1 --base32 test/
nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
$ nix-hash --type sha256 --flat test/
error: reading file `test/': Is a directory
$ nix-hash --type sha256 --flat test/world
5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03</screen>
</para>
<para>Converting between hexadecimal and base-32:
<screen>
$ nix-hash --type sha1 --to-base32 e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6
nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
$ nix-hash --type sha1 --to-base16 nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6</screen>
</para>
</refsection>
</refentry>

View file

@ -1,266 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-instantiate">
<refmeta>
<refentrytitle>nix-instantiate</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-instantiate</refname>
<refpurpose>instantiate store derivations from Nix expressions</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-instantiate</command>
<group>
<arg choice='plain'><option>--parse</option></arg>
<arg choice='plain'>
<option>--eval</option>
<arg><option>--strict</option></arg>
<arg><option>--json</option></arg>
<arg><option>--xml</option></arg>
</arg>
</group>
<arg><option>--read-write-mode</option></arg>
<arg><option>--arg</option> <emphasis>name</emphasis> <emphasis>value</emphasis></arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--attr</option></arg>
<arg choice='plain'><option>-A</option></arg>
</group>
<emphasis>attrPath</emphasis>
</arg>
<arg><option>--add-root</option> <emphasis>path</emphasis></arg>
<arg><option>--indirect</option></arg>
<group>
<arg choice='plain'><option>--expr</option></arg>
<arg choice='plain'><option>-E</option></arg>
</group>
<arg choice='plain' rep='repeat'><emphasis>files</emphasis></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>nix-instantiate</command>
<arg choice='plain'><option>--find-file</option></arg>
<arg choice='plain' rep='repeat'><emphasis>files</emphasis></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>The command <command>nix-instantiate</command> generates <link
linkend="gloss-derivation">store derivations</link> from (high-level)
Nix expressions. It evaluates the Nix expressions in each of
<emphasis>files</emphasis> (which defaults to
<emphasis>./default.nix</emphasis>). Each top-level expression
should evaluate to a derivation, a list of derivations, or a set of
derivations. The paths of the resulting store derivations are printed
on standard output.</para>
<para>If <emphasis>files</emphasis> is the character
<literal>-</literal>, then a Nix expression will be read from standard
input.</para>
<para condition="manual">See also <xref linkend="sec-common-options"
/> for a list of common options.</para>
</refsection>
<refsection><title>Options</title>
<variablelist>
<varlistentry>
<term><option>--add-root</option> <emphasis>path</emphasis></term>
<term><option>--indirect</option></term>
<listitem><para>See the <link linkend="opt-add-root">corresponding
options</link> in <command>nix-store</command>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--parse</option></term>
<listitem><para>Just parse the input files, and print their
abstract syntax trees on standard output in ATerm
format.</para></listitem>
</varlistentry>
<varlistentry><term><option>--eval</option></term>
<listitem><para>Just parse and evaluate the input files, and print
the resulting values on standard output. No instantiation of
store derivations takes place.</para></listitem>
</varlistentry>
<varlistentry><term><option>--find-file</option></term>
<listitem><para>Look up the given files in Nixs search path (as
specified by the <literal linkend="env-NIX_PATH">NIX_PATH</literal>
environment variable). If found, print the corresponding absolute
paths on standard output. For instance, if
<literal>NIX_PATH</literal> is
<literal>nixpkgs=/home/alice/nixpkgs</literal>, then
<literal>nix-instantiate --find-file nixpkgs/default.nix</literal>
will print
<literal>/home/alice/nixpkgs/default.nix</literal>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--strict</option></term>
<listitem><para>When used with <option>--eval</option>,
recursively evaluate list elements and attributes. Normally, such
sub-expressions are left unevaluated (since the Nix expression
language is lazy).</para>
<warning><para>This option can cause non-termination, because lazy
data structures can be infinitely large.</para></warning>
</listitem>
</varlistentry>
<varlistentry><term><option>--json</option></term>
<listitem><para>When used with <option>--eval</option>, print the resulting
value as an JSON representation of the abstract syntax tree rather
than as an ATerm.</para></listitem>
</varlistentry>
<varlistentry><term><option>--xml</option></term>
<listitem><para>When used with <option>--eval</option>, print the resulting
value as an XML representation of the abstract syntax tree rather than as
an ATerm. The schema is the same as that used by the <link
linkend="builtin-toXML"><function>toXML</function> built-in</link>.
</para></listitem>
</varlistentry>
<varlistentry><term><option>--read-write-mode</option></term>
<listitem><para>When used with <option>--eval</option>, perform
evaluation in read/write mode so nix language features that
require it will still work (at the cost of needing to do
instantiation of every evaluated derivation). If this option is
not enabled, there may be uninstantiated store paths in the final
output.</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist condition="manpage">
<xi:include href="opt-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='opt-common']/*)" />
</variablelist>
</refsection>
<refsection><title>Examples</title>
<para>Instantiating store derivations from a Nix expression, and
building them using <command>nix-store</command>:
<screen>
$ nix-instantiate test.nix <lineannotation>(instantiate)</lineannotation>
/nix/store/cigxbmvy6dzix98dxxh9b6shg7ar5bvs-perl-BerkeleyDB-0.26.drv
$ nix-store -r $(nix-instantiate test.nix) <lineannotation>(build)</lineannotation>
<emphasis>...</emphasis>
/nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26 <lineannotation>(output path)</lineannotation>
$ ls -l /nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26
dr-xr-xr-x 2 eelco users 4096 1970-01-01 01:00 lib
...</screen>
</para>
<para>You can also give a Nix expression on the command line:
<screen>
$ nix-instantiate -E 'with import &lt;nixpkgs> { }; hello'
/nix/store/j8s4zyv75a724q38cb0r87rlczaiag4y-hello-2.8.drv
</screen>
This is equivalent to:
<screen>
$ nix-instantiate '&lt;nixpkgs>' -A hello
</screen>
</para>
<para>Parsing and evaluating Nix expressions:
<screen>
$ nix-instantiate --parse -E '1 + 2'
1 + 2
$ nix-instantiate --eval -E '1 + 2'
3
$ nix-instantiate --eval --xml -E '1 + 2'
<![CDATA[<?xml version='1.0' encoding='utf-8'?>
<expr>
<int value="3" />
</expr>]]></screen>
</para>
<para>The difference between non-strict and strict evaluation:
<screen>
$ nix-instantiate --eval --xml -E 'rec { x = "foo"; y = x; }'
<emphasis>...</emphasis><![CDATA[
<attr name="x">
<string value="foo" />
</attr>
<attr name="y">
<unevaluated />
</attr>]]>
<emphasis>...</emphasis></screen>
Note that <varname>y</varname> is left unevaluated (the XML
representation doesnt attempt to show non-normal forms).
<screen>
$ nix-instantiate --eval --xml --strict -E 'rec { x = "foo"; y = x; }'
<emphasis>...</emphasis><![CDATA[
<attr name="x">
<string value="foo" />
</attr>
<attr name="y">
<string value="foo" />
</attr>]]>
<emphasis>...</emphasis></screen>
</para>
</refsection>
<refsection condition="manpage"><title>Environment variables</title>
<variablelist>
<xi:include href="env-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='env-common']/*)" />
</variablelist>
</refsection>
</refentry>

View file

@ -1,131 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-prefetch-url">
<refmeta>
<refentrytitle>nix-prefetch-url</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-prefetch-url</refname>
<refpurpose>copy a file from a URL into the store and print its hash</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-prefetch-url</command>
<arg><option>--version</option></arg>
<arg><option>--type</option> <emphasis>hashAlgo</emphasis></arg>
<arg><option>--print-path</option></arg>
<arg><option>--unpack</option></arg>
<arg><option>--name</option> <emphasis>name</emphasis></arg>
<arg choice='plain'><emphasis>url</emphasis></arg>
<arg><emphasis>hash</emphasis></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>The command <command>nix-prefetch-url</command> downloads the
file referenced by the URL <emphasis>url</emphasis>, prints its
cryptographic hash, and copies it into the Nix store. The file name
in the store is
<filename><emphasis>hash</emphasis>-<emphasis>baseName</emphasis></filename>,
where <emphasis>baseName</emphasis> is everything following the
final slash in <emphasis>url</emphasis>.</para>
<para>This command is just a convenience for Nix expression writers.
Often a Nix expression fetches some source distribution from the
network using the <literal>fetchurl</literal> expression contained in
Nixpkgs. However, <literal>fetchurl</literal> requires a
cryptographic hash. If you don't know the hash, you would have to
download the file first, and then <literal>fetchurl</literal> would
download it again when you build your Nix expression. Since
<literal>fetchurl</literal> uses the same name for the downloaded file
as <command>nix-prefetch-url</command>, the redundant download can be
avoided.</para>
<para>If <emphasis>hash</emphasis> is specified, then a download
is not performed if the Nix store already contains a file with the
same hash and base name. Otherwise, the file is downloaded, and an
error is signaled if the actual hash of the file does not match the
specified hash.</para>
<para>This command prints the hash on standard output. Additionally,
if the option <option>--print-path</option> is used, the path of the
downloaded file in the Nix store is also printed.</para>
</refsection>
<refsection><title>Options</title>
<variablelist>
<varlistentry><term><option>--type</option> <emphasis>hashAlgo</emphasis></term>
<listitem><para>Use the specified cryptographic hash algorithm,
which can be one of <literal>md5</literal>,
<literal>sha1</literal>, and
<literal>sha256</literal>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--print-path</option></term>
<listitem><para>Print the store path of the downloaded file on
standard output.</para></listitem>
</varlistentry>
<varlistentry><term><option>--unpack</option></term>
<listitem><para>Unpack the archive (which must be a tarball or zip
file) and add the result to the Nix store. The resulting hash can
be used with functions such as Nixpkgss
<varname>fetchzip</varname> or
<varname>fetchFromGitHub</varname>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--name</option> <emphasis>name</emphasis></term>
<listitem><para>Override the name of the file in the Nix store. By
default, this is
<literal><emphasis>hash</emphasis>-<emphasis>basename</emphasis></literal>,
where <emphasis>basename</emphasis> is the last component of
<emphasis>url</emphasis>. Overriding the name is necessary
when <emphasis>basename</emphasis> contains characters that
are not allowed in Nix store paths.</para></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Examples</title>
<screen>
$ nix-prefetch-url ftp://ftp.gnu.org/pub/gnu/hello/hello-2.10.tar.gz
0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
$ nix-prefetch-url --print-path mirror://gnu/hello/hello-2.10.tar.gz
0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
/nix/store/3x7dwzq014bblazs7kq20p9hyzz0qh8g-hello-2.10.tar.gz
$ nix-prefetch-url --unpack --print-path https://github.com/NixOS/patchelf/archive/0.8.tar.gz
079agjlv0hrv7fxnx9ngipx14gyncbkllxrp9cccnh3a50fxcmy7
/nix/store/19zrmhm3m40xxaw81c8cqm6aljgrnwj2-0.8.tar.gz
</screen>
</refsection>
</refentry>

View file

@ -1,411 +0,0 @@
<refentry xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-shell">
<refmeta>
<refentrytitle>nix-shell</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Nix</refmiscinfo>
<refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
</refmeta>
<refnamediv>
<refname>nix-shell</refname>
<refpurpose>start an interactive shell based on a Nix expression</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nix-shell</command>
<arg><option>--arg</option> <emphasis>name</emphasis> <emphasis>value</emphasis></arg>
<arg><option>--argstr</option> <emphasis>name</emphasis> <emphasis>value</emphasis></arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--attr</option></arg>
<arg choice='plain'><option>-A</option></arg>
</group>
<emphasis>attrPath</emphasis>
</arg>
<arg><option>--command</option> <emphasis>cmd</emphasis></arg>
<arg><option>--run</option> <emphasis>cmd</emphasis></arg>
<arg><option>--exclude</option> <emphasis>regexp</emphasis></arg>
<arg><option>--pure</option></arg>
<arg><option>--keep</option> <emphasis>name</emphasis></arg>
<group choice='req'>
<arg choice='plain'>
<group choice='req'>
<arg choice='plain'><option>--packages</option></arg>
<arg choice='plain'><option>-p</option></arg>
</group>
<arg choice='plain' rep='repeat'>
<group choice='req'>
<arg choice="plain"><emphasis>packages</emphasis></arg>
<arg choice="plain"><emphasis>expressions</emphasis></arg>
</group>
</arg>
</arg>
<arg><emphasis>path</emphasis></arg>
</group>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><title>Description</title>
<para>The command <command>nix-shell</command> will build the
dependencies of the specified derivation, but not the derivation
itself. It will then start an interactive shell in which all
environment variables defined by the derivation
<emphasis>path</emphasis> have been set to their corresponding
values, and the script <literal>$stdenv/setup</literal> has been
sourced. This is useful for reproducing the environment of a
derivation for development.</para>
<para>If <emphasis>path</emphasis> is not given,
<command>nix-shell</command> defaults to
<filename>shell.nix</filename> if it exists, and
<filename>default.nix</filename> otherwise.</para>
<para>If <emphasis>path</emphasis> starts with
<literal>http://</literal> or <literal>https://</literal>, it is
interpreted as the URL of a tarball that will be downloaded and
unpacked to a temporary location. The tarball must include a single
top-level directory containing at least a file named
<filename>default.nix</filename>.</para>
<para>If the derivation defines the variable
<varname>shellHook</varname>, it will be evaluated after
<literal>$stdenv/setup</literal> has been sourced. Since this hook is
not executed by regular Nix builds, it allows you to perform
initialisation specific to <command>nix-shell</command>. For example,
the derivation attribute
<programlisting>
shellHook =
''
echo "Hello shell"
'';
</programlisting>
will cause <command>nix-shell</command> to print <literal>Hello shell</literal>.</para>
</refsection>
<refsection><title>Options</title>
<para>All options not listed here are passed to <command>nix-store
--realise</command>, except for <option>--arg</option> and
<option>--attr</option> / <option>-A</option> which are passed to
<command>nix-instantiate</command>. <phrase condition="manual">See
also <xref linkend="sec-common-options" />.</phrase></para>
<variablelist>
<varlistentry><term><option>--command</option> <emphasis>cmd</emphasis></term>
<listitem><para>In the environment of the derivation, run the
shell command <emphasis>cmd</emphasis>. This command is
executed in an interactive shell. (Use <option>--run</option> to
use a non-interactive shell instead.) However, a call to
<literal>exit</literal> is implicitly added to the command, so the
shell will exit after running the command. To prevent this, add
<literal>return</literal> at the end; e.g. <literal>--command
"echo Hello; return"</literal> will print <literal>Hello</literal>
and then drop you into the interactive shell. This can be useful
for doing any additional initialisation.</para></listitem>
</varlistentry>
<varlistentry><term><option>--run</option> <emphasis>cmd</emphasis></term>
<listitem><para>Like <option>--command</option>, but executes the
command in a non-interactive shell. This means (among other
things) that if you hit Ctrl-C while the command is running, the
shell exits.</para></listitem>
</varlistentry>
<varlistentry><term><option>--exclude</option> <emphasis>regexp</emphasis></term>
<listitem><para>Do not build any dependencies whose store path
matches the regular expression <emphasis>regexp</emphasis>.
This option may be specified multiple times.</para></listitem>
</varlistentry>
<varlistentry><term><option>--pure</option></term>
<listitem><para>If this flag is specified, the environment is
almost entirely cleared before the interactive shell is started,
so you get an environment that more closely corresponds to the
“real” Nix build. A few variables, in particular
<literal>HOME</literal>, <literal>USER</literal> and
<literal>DISPLAY</literal>, are retained. Note that
<filename>~/.bashrc</filename> and (depending on your Bash
installation) <filename>/etc/bashrc</filename> are still sourced,
so any variables set there will affect the interactive
shell.</para></listitem>
</varlistentry>
<varlistentry><term><option>--packages</option> / <option>-p</option> <emphasis>packages</emphasis></term>
<listitem><para>Set up an environment in which the specified
packages are present. The command line arguments are interpreted
as attribute names inside the Nix Packages collection. Thus,
<literal>nix-shell -p libjpeg openjdk</literal> will start a shell
in which the packages denoted by the attribute names
<varname>libjpeg</varname> and <varname>openjdk</varname> are
present.</para></listitem>
</varlistentry>
<varlistentry><term><option>-i</option> <emphasis>interpreter</emphasis></term>
<listitem><para>The chained script interpreter to be invoked by
<command>nix-shell</command>. Only applicable in
<literal>#!</literal>-scripts (described <link
linkend="ssec-nix-shell-shebang">below</link>).</para>
</listitem></varlistentry>
<varlistentry><term><option>--keep</option> <emphasis>name</emphasis></term>
<listitem><para>When a <option>--pure</option> shell is started,
keep the listed environment variables.</para></listitem>
</varlistentry>
</variablelist>
<para>The following common options are supported:</para>
<variablelist condition="manpage">
<xi:include href="opt-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='opt-common']/*)" />
</variablelist>
</refsection>
<refsection><title>Environment variables</title>
<variablelist>
<varlistentry><term><literal>NIX_BUILD_SHELL</literal></term>
<listitem><para>Shell used to start the interactive environment.
Defaults to the <command>bash</command> found in <literal>PATH</literal>.</para></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Examples</title>
<para>To build the dependencies of the package Pan, and start an
interactive shell in which to build it:
<screen>
$ nix-shell '&lt;nixpkgs>' -A pan
[nix-shell]$ unpackPhase
[nix-shell]$ cd pan-*
[nix-shell]$ configurePhase
[nix-shell]$ buildPhase
[nix-shell]$ ./pan/gui/pan
</screen>
To clear the environment first, and do some additional automatic
initialisation of the interactive shell:
<screen>
$ nix-shell '&lt;nixpkgs>' -A pan --pure \
--command 'export NIX_DEBUG=1; export NIX_CORES=8; return'
</screen>
Nix expressions can also be given on the command line using the
<command>-E</command> and <command>-p</command> flags.
For instance, the following starts a shell containing the packages
<literal>sqlite</literal> and <literal>libX11</literal>:
<screen>
$ nix-shell -E 'with import &lt;nixpkgs> { }; runCommand "dummy" { buildInputs = [ sqlite xorg.libX11 ]; } ""'
</screen>
A shorter way to do the same is:
<screen>
$ nix-shell -p sqlite xorg.libX11
[nix-shell]$ echo $NIX_LDFLAGS
… -L/nix/store/j1zg5v…-sqlite-3.8.0.2/lib -L/nix/store/0gmcz9…-libX11-1.6.1/lib …
</screen>
Note that <command>-p</command> accepts multiple full nix expressions that
are valid in the <literal>buildInputs = [ ... ]</literal> shown above,
not only package names. So the following is also legal:
<screen>
$ nix-shell -p sqlite 'git.override { withManual = false; }'
</screen>
The <command>-p</command> flag looks up Nixpkgs in the Nix search
path. You can override it by passing <option>-I</option> or setting
<literal>NIX_PATH</literal>. For example, the following gives you a shell
containing the Pan package from a specific revision of Nixpkgs:
<screen>
$ nix-shell -p pan -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz
[nix-shell:~]$ pan --version
Pan 0.139
</screen>
</para>
</refsection>
<refsection xml:id="ssec-nix-shell-shebang"><title>Use as a <literal>#!</literal>-interpreter</title>
<para>You can use <command>nix-shell</command> as a script interpreter
to allow scripts written in arbitrary languages to obtain their own
dependencies via Nix. This is done by starting the script with the
following lines:
<programlisting>
#! /usr/bin/env nix-shell
#! nix-shell -i <emphasis>real-interpreter</emphasis> -p <emphasis>packages</emphasis>
</programlisting>
where <emphasis>real-interpreter</emphasis> is the “real” script
interpreter that will be invoked by <command>nix-shell</command> after
it has obtained the dependencies and initialised the environment, and
<emphasis>packages</emphasis> are the attribute names of the
dependencies in Nixpkgs.</para>
<para>The lines starting with <literal>#! nix-shell</literal> specify
<command>nix-shell</command> options (see above). Note that you cannot
write <literal>#! /usr/bin/env nix-shell -i ...</literal> because
many operating systems only allow one argument in
<literal>#!</literal> lines.</para>
<para>For example, here is a Python script that depends on Python and
the <literal>prettytable</literal> package:
<programlisting>
#! /usr/bin/env nix-shell
#! nix-shell -i python -p python pythonPackages.prettytable
import prettytable
# Print a simple table.
t = prettytable.PrettyTable(["N", "N^2"])
for n in range(1, 10): t.add_row([n, n * n])
print t
</programlisting>
</para>
<para>Similarly, the following is a Perl script that specifies that it
requires Perl and the <literal>HTML::TokeParser::Simple</literal> and
<literal>LWP</literal> packages:
<programlisting>
#! /usr/bin/env nix-shell
#! nix-shell -i perl -p perl perlPackages.HTMLTokeParserSimple perlPackages.LWP
use HTML::TokeParser::Simple;
# Fetch nixos.org and print all hrefs.
my $p = HTML::TokeParser::Simple->new(url => 'http://nixos.org/');
while (my $token = $p->get_tag("a")) {
my $href = $token->get_attr("href");
print "$href\n" if $href;
}
</programlisting>
</para>
<para>Sometimes you need to pass a simple Nix expression to customize
a package like Terraform:
<programlisting><![CDATA[
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p "terraform.withPlugins (plugins: [ plugins.openstack ])"
terraform apply
]]></programlisting>
<note><para>You must use double quotes (<literal>"</literal>) when
passing a simple Nix expression in a nix-shell shebang.</para></note>
</para>
<para>Finally, using the merging of multiple nix-shell shebangs the
following Haskell script uses a specific branch of Nixpkgs/NixOS (the
18.03 stable branch):
<programlisting><![CDATA[
#! /usr/bin/env nix-shell
#! nix-shell -i runghc -p "haskellPackages.ghcWithPackages (ps: [ps.HTTP ps.tagsoup])"
#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-18.03.tar.gz
import Network.HTTP
import Text.HTML.TagSoup
-- Fetch nixos.org and print all hrefs.
main = do
resp <- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/")
body <- getResponseBody resp
let tags = filter (isTagOpenName "a") $ parseTags body
let tags' = map (fromAttrib "href") tags
mapM_ putStrLn $ filter (/= "") tags'
]]></programlisting>
If you want to be even more precise, you can specify a specific
revision of Nixpkgs:
<programlisting>
#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/0672315759b3e15e2121365f067c1c8c56bb4722.tar.gz
</programlisting>
</para>
<para>The examples above all used <option>-p</option> to get
dependencies from Nixpkgs. You can also use a Nix expression to build
your own dependencies. For example, the Python example could have been
written as:
<programlisting>
#! /usr/bin/env nix-shell
#! nix-shell deps.nix -i python
</programlisting>
where the file <filename>deps.nix</filename> in the same directory
as the <literal>#!</literal>-script contains:
<programlisting>
with import &lt;nixpkgs> {};
runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } ""
</programlisting>
</para>
</refsection>
<refsection condition="manpage"><title>Environment variables</title>
<variablelist>
<xi:include href="env-common.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(//db:variablelist[@xml:id='env-common']/*)" />
</variablelist>
</refsection>
</refentry>

File diff suppressed because it is too large Load diff

View file

@ -1,68 +0,0 @@
<nop xmlns="http://docbook.org/ns/docbook">
<arg><option>--help</option></arg>
<arg><option>--version</option></arg>
<arg rep='repeat'>
<group choice='req'>
<arg choice='plain'><option>--verbose</option></arg>
<arg choice='plain'><option>-v</option></arg>
</group>
</arg>
<arg>
<arg choice='plain'><option>--quiet</option></arg>
</arg>
<arg>
<option>--log-format</option>
<emphasis>format</emphasis>
</arg>
<arg>
<group choice='plain'>
<arg choice='plain'><option>--no-build-output</option></arg>
<arg choice='plain'><option>-Q</option></arg>
</group>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--max-jobs</option></arg>
<arg choice='plain'><option>-j</option></arg>
</group>
<emphasis>number</emphasis>
</arg>
<arg>
<option>--cores</option>
<emphasis>number</emphasis>
</arg>
<arg>
<option>--max-silent-time</option>
<emphasis>number</emphasis>
</arg>
<arg>
<option>--timeout</option>
<emphasis>number</emphasis>
</arg>
<arg>
<group choice='plain'>
<arg choice='plain'><option>--keep-going</option></arg>
<arg choice='plain'><option>-k</option></arg>
</group>
</arg>
<arg>
<group choice='plain'>
<arg choice='plain'><option>--keep-failed</option></arg>
<arg choice='plain'><option>-K</option></arg>
</group>
</arg>
<arg><option>--fallback</option></arg>
<arg><option>--readonly-mode</option></arg>
<arg>
<option>-I</option>
<emphasis>path</emphasis>
</arg>
<arg>
<option>--option</option>
<emphasis>name</emphasis>
<emphasis>value</emphasis>
</arg>
<sbr />
</nop>

View file

@ -1,405 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook" xml:id="sec-common-options">
<title>Common Options</title>
<para>Most Nix commands accept the following command-line options:</para>
<variablelist xml:id="opt-common">
<varlistentry><term><option>--help</option></term>
<listitem><para>Prints out a summary of the command syntax and
exits.</para></listitem>
</varlistentry>
<varlistentry><term><option>--version</option></term>
<listitem><para>Prints out the Nix version number on standard output
and exits.</para></listitem>
</varlistentry>
<varlistentry><term><option>--verbose</option> / <option>-v</option></term>
<listitem>
<para>Increases the level of verbosity of diagnostic messages
printed on standard error. For each Nix operation, the information
printed on standard output is well-defined; any diagnostic
information is printed on standard error, never on standard
output.</para>
<para>This option may be specified repeatedly. Currently, the
following verbosity levels exist:</para>
<variablelist>
<varlistentry><term>0</term>
<listitem><para>“Errors only”: only print messages
explaining why the Nix invocation failed.</para></listitem>
</varlistentry>
<varlistentry><term>1</term>
<listitem><para>“Informational”: print
<emphasis>useful</emphasis> messages about what Nix is doing.
This is the default.</para></listitem>
</varlistentry>
<varlistentry><term>2</term>
<listitem><para>“Talkative”: print more informational
messages.</para></listitem>
</varlistentry>
<varlistentry><term>3</term>
<listitem><para>“Chatty”: print even more
informational messages.</para></listitem>
</varlistentry>
<varlistentry><term>4</term>
<listitem><para>“Debug”: print debug
information.</para></listitem>
</varlistentry>
<varlistentry><term>5</term>
<listitem><para>“Vomit”: print vast amounts of debug
information.</para></listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
<varlistentry><term><option>--quiet</option></term>
<listitem>
<para>Decreases the level of verbosity of diagnostic messages
printed on standard error. This is the inverse option to
<option>-v</option> / <option>--verbose</option>.
</para>
<para>This option may be specified repeatedly. See the previous
verbosity levels list.</para>
</listitem>
</varlistentry>
<varlistentry xml:id="opt-log-format"><term><option>--log-format</option> <emphasis>format</emphasis></term>
<listitem>
<para>This option can be used to change the output of the log format, with
<emphasis>format</emphasis> being one of:</para>
<variablelist>
<varlistentry><term>raw</term>
<listitem><para>This is the raw format, as outputted by nix-build.</para></listitem>
</varlistentry>
<varlistentry><term>internal-json</term>
<listitem><para>Outputs the logs in a structured manner. NOTE: the json schema is not guarantees to be stable between releases.</para></listitem>
</varlistentry>
<varlistentry><term>bar</term>
<listitem><para>Only display a progress bar during the builds.</para></listitem>
</varlistentry>
<varlistentry><term>bar-with-logs</term>
<listitem><para>Display the raw logs, with the progress bar at the bottom.</para></listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
<varlistentry><term><option>--no-build-output</option> / <option>-Q</option></term>
<listitem><para>By default, output written by builders to standard
output and standard error is echoed to the Nix command's standard
error. This option suppresses this behaviour. Note that the
builder's standard output and error are always written to a log file
in
<filename><emphasis>prefix</emphasis>/nix/var/log/nix</filename>.</para></listitem>
</varlistentry>
<varlistentry xml:id="opt-max-jobs"><term><option>--max-jobs</option> / <option>-j</option>
<emphasis>number</emphasis></term>
<listitem>
<para>Sets the maximum number of build jobs that Nix will
perform in parallel to the specified number. Specify
<literal>auto</literal> to use the number of CPUs in the system.
The default is specified by the <link
linkend='conf-max-jobs'><literal>max-jobs</literal></link>
configuration setting, which itself defaults to
<literal>1</literal>. A higher value is useful on SMP systems or to
exploit I/O latency.</para>
<para> Setting it to <literal>0</literal> disallows building on the local
machine, which is useful when you want builds to happen only on remote
builders.</para>
</listitem>
</varlistentry>
<varlistentry xml:id="opt-cores"><term><option>--cores</option></term>
<listitem><para>Sets the value of the <literal>NIX_BUILD_CORES</literal>
environment variable in the invocation of builders. Builders can
use this variable at their discretion to control the maximum amount
of parallelism. For instance, in Nixpkgs, if the derivation
attribute <varname>enableParallelBuilding</varname> is set to
<literal>true</literal>, the builder passes the
<option>-j<emphasis>N</emphasis></option> flag to GNU Make.
It defaults to the value of the <link
linkend='conf-cores'><literal>cores</literal></link>
configuration setting, if set, or <literal>1</literal> otherwise.
The value <literal>0</literal> means that the builder should use all
available CPU cores in the system.</para></listitem>
</varlistentry>
<varlistentry xml:id="opt-max-silent-time"><term><option>--max-silent-time</option></term>
<listitem><para>Sets the maximum number of seconds that a builder
can go without producing any data on standard output or standard
error. The default is specified by the <link
linkend='conf-max-silent-time'><literal>max-silent-time</literal></link>
configuration setting. <literal>0</literal> means no
time-out.</para></listitem>
</varlistentry>
<varlistentry xml:id="opt-timeout"><term><option>--timeout</option></term>
<listitem><para>Sets the maximum number of seconds that a builder
can run. The default is specified by the <link
linkend='conf-timeout'><literal>timeout</literal></link>
configuration setting. <literal>0</literal> means no
timeout.</para></listitem>
</varlistentry>
<varlistentry><term><option>--keep-going</option> / <option>-k</option></term>
<listitem><para>Keep going in case of failed builds, to the
greatest extent possible. That is, if building an input of some
derivation fails, Nix will still build the other inputs, but not the
derivation itself. Without this option, Nix stops if any build
fails (except for builds of substitutes), possibly killing builds in
progress (in case of parallel or distributed builds).</para></listitem>
</varlistentry>
<varlistentry><term><option>--keep-failed</option> / <option>-K</option></term>
<listitem><para>Specifies that in case of a build failure, the
temporary directory (usually in <filename>/tmp</filename>) in which
the build takes place should not be deleted. The path of the build
directory is printed as an informational message.
</para>
</listitem>
</varlistentry>
<varlistentry><term><option>--fallback</option></term>
<listitem>
<para>Whenever Nix attempts to build a derivation for which
substitutes are known for each output path, but realising the output
paths through the substitutes fails, fall back on building the
derivation.</para>
<para>The most common scenario in which this is useful is when we
have registered substitutes in order to perform binary distribution
from, say, a network repository. If the repository is down, the
realisation of the derivation will fail. When this option is
specified, Nix will build the derivation instead. Thus,
installation from binaries falls back on installation from source.
This option is not the default since it is generally not desirable
for a transient failure in obtaining the substitutes to lead to a
full build from source (with the related consumption of
resources).</para>
</listitem>
</varlistentry>
<varlistentry><term><option>--no-build-hook</option></term>
<listitem>
<para>Disables the build hook mechanism. This allows to ignore remote
builders if they are setup on the machine.</para>
<para>It's useful in cases where the bandwidth between the client and the
remote builder is too low. In that case it can take more time to upload the
sources to the remote builder and fetch back the result than to do the
computation locally.</para>
</listitem>
</varlistentry>
<varlistentry><term><option>--readonly-mode</option></term>
<listitem><para>When this option is used, no attempt is made to open
the Nix database. Most Nix operations do need database access, so
those operations will fail.</para></listitem>
</varlistentry>
<varlistentry><term><option>--arg</option> <emphasis>name</emphasis> <emphasis>value</emphasis></term>
<listitem><para>This option is accepted by
<command>nix-env</command>, <command>nix-instantiate</command>,
<command>nix-shell</command> and <command>nix-build</command>.
When evaluating Nix expressions, the expression evaluator will
automatically try to call functions that
it encounters. It can automatically call functions for which every
argument has a <link linkend='ss-functions'>default value</link>
(e.g., <literal>{ <emphasis>argName</emphasis> ?
<emphasis>defaultValue</emphasis> }:
<emphasis>...</emphasis></literal>). With
<option>--arg</option>, you can also call functions that have
arguments without a default value (or override a default value).
That is, if the evaluator encounters a function with an argument
named <emphasis>name</emphasis>, it will call it with value
<emphasis>value</emphasis>.</para>
<para>For instance, the top-level <literal>default.nix</literal> in
Nixpkgs is actually a function:
<programlisting>
{ # The system (e.g., `i686-linux') for which to build the packages.
system ? builtins.currentSystem
<emphasis>...</emphasis>
}: <emphasis>...</emphasis></programlisting>
So if you call this Nix expression (e.g., when you do
<literal>nix-env -i <emphasis>pkgname</emphasis></literal>),
the function will be called automatically using the value <link
linkend='builtin-currentSystem'><literal>builtins.currentSystem</literal></link>
for the <literal>system</literal> argument. You can override this
using <option>--arg</option>, e.g., <literal>nix-env -i
<emphasis>pkgname</emphasis> --arg system
\"i686-freebsd\"</literal>. (Note that since the argument is a Nix
string literal, you have to escape the quotes.)</para></listitem>
</varlistentry>
<varlistentry><term><option>--argstr</option> <emphasis>name</emphasis> <emphasis>value</emphasis></term>
<listitem><para>This option is like <option>--arg</option>, only the
value is not a Nix expression but a string. So instead of
<literal>--arg system \"i686-linux\"</literal> (the outer quotes are
to keep the shell happy) you can say <literal>--argstr system
i686-linux</literal>.</para></listitem>
</varlistentry>
<varlistentry xml:id="opt-attr"><term><option>--attr</option> / <option>-A</option>
<emphasis>attrPath</emphasis></term>
<listitem><para>Select an attribute from the top-level Nix
expression being evaluated. (<command>nix-env</command>,
<command>nix-instantiate</command>, <command>nix-build</command> and
<command>nix-shell</command> only.) The <emphasis>attribute
path</emphasis> <emphasis>attrPath</emphasis> is a sequence of
attribute names separated by dots. For instance, given a top-level
Nix expression <emphasis>e</emphasis>, the attribute path
<literal>xorg.xorgserver</literal> would cause the expression
<literal><emphasis>e</emphasis>.xorg.xorgserver</literal> to
be used. See <link
linkend='refsec-nix-env-install-examples'><command>nix-env
--install</command></link> for some concrete examples.</para>
<para>In addition to attribute names, you can also specify array
indices. For instance, the attribute path
<literal>foo.3.bar</literal> selects the <literal>bar</literal>
attribute of the fourth element of the array in the
<literal>foo</literal> attribute of the top-level
expression.</para></listitem>
</varlistentry>
<varlistentry><term><option>--expr</option> / <option>-E</option></term>
<listitem><para>Interpret the command line arguments as a list of
Nix expressions to be parsed and evaluated, rather than as a list
of file names of Nix expressions.
(<command>nix-instantiate</command>, <command>nix-build</command>
and <command>nix-shell</command> only.)</para>
<para>For <command>nix-shell</command>, this option is commonly used
to give you a shell in which you can build the packages returned
by the expression. If you want to get a shell which contain the
<emphasis>built</emphasis> packages ready for use, give your
expression to the <command>nix-shell -p</command> convenience flag
instead.</para></listitem>
</varlistentry>
<varlistentry xml:id="opt-I"><term><option>-I</option> <emphasis>path</emphasis></term>
<listitem><para>Add a path to the Nix expression search path. This
option may be given multiple times. See the <literal
linkend="env-NIX_PATH">NIX_PATH</literal> environment variable for
information on the semantics of the Nix search path. Paths added
through <option>-I</option> take precedence over
<literal>NIX_PATH</literal>.</para></listitem>
</varlistentry>
<varlistentry><term><option>--option</option> <emphasis>name</emphasis> <emphasis>value</emphasis></term>
<listitem><para>Set the Nix configuration option
<emphasis>name</emphasis> to <emphasis>value</emphasis>.
This overrides settings in the Nix configuration file (see
<citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para></listitem>
</varlistentry>
<varlistentry><term><option>--repair</option></term>
<listitem><para>Fix corrupted or missing store paths by
redownloading or rebuilding them. Note that this is slow because it
requires computing a cryptographic hash of the contents of every
path in the closure of the build. Also note the warning under
<command>nix-store --repair-path</command>.</para></listitem>
</varlistentry>
</variablelist>
</chapter>

View file

@ -1,22 +0,0 @@
<nop xmlns="http://docbook.org/ns/docbook">
<arg>
<group choice='req'>
<arg choice='plain'><option>--prebuilt-only</option></arg>
<arg choice='plain'><option>-b</option></arg>
</group>
</arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--attr</option></arg>
<arg choice='plain'><option>-A</option></arg>
</group>
</arg>
<arg><option>--from-expression</option></arg>
<arg><option>-E</option></arg>
<arg><option>--from-profile</option> <emphasis>path</emphasis></arg>
</nop>

View file

@ -1,20 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='ch-utilities'>
<title>Utilities</title>
<para>This section lists utilities that you can use when you
work with Nix.</para>
<xi:include href="nix-channel.xml" />
<xi:include href="nix-collect-garbage.xml" />
<xi:include href="nix-copy-closure.xml" />
<xi:include href="nix-daemon.xml" />
<xi:include href="nix-hash.xml" />
<xi:include href="nix-instantiate.xml" />
<xi:include href="nix-prefetch-url.xml" />
</chapter>

View file

@ -1,351 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-advanced-attributes">
<title>Advanced Attributes</title>
<para>Derivations can declare some infrequently used optional
attributes.</para>
<variablelist>
<varlistentry xml:id="adv-attr-allowedReferences"><term><varname>allowedReferences</varname></term>
<listitem><para>The optional attribute
<varname>allowedReferences</varname> specifies a list of legal
references (dependencies) of the output of the builder. For
example,
<programlisting>
allowedReferences = [];
</programlisting>
enforces that the output of a derivation cannot have any runtime
dependencies on its inputs. To allow an output to have a runtime
dependency on itself, use <literal>"out"</literal> as a list item.
This is used in NixOS to check that generated files such as
initial ramdisks for booting Linux dont have accidental
dependencies on other paths in the Nix store.</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-allowedRequisites"><term><varname>allowedRequisites</varname></term>
<listitem><para>This attribute is similar to
<varname>allowedReferences</varname>, but it specifies the legal
requisites of the whole closure, so all the dependencies
recursively. For example,
<programlisting>
allowedRequisites = [ foobar ];
</programlisting>
enforces that the output of a derivation cannot have any other
runtime dependency than <varname>foobar</varname>, and in addition
it enforces that <varname>foobar</varname> itself doesn't
introduce any other dependency itself.</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-disallowedReferences"><term><varname>disallowedReferences</varname></term>
<listitem><para>The optional attribute
<varname>disallowedReferences</varname> specifies a list of illegal
references (dependencies) of the output of the builder. For
example,
<programlisting>
disallowedReferences = [ foo ];
</programlisting>
enforces that the output of a derivation cannot have a direct runtime
dependencies on the derivation <varname>foo</varname>.</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-disallowedRequisites"><term><varname>disallowedRequisites</varname></term>
<listitem><para>This attribute is similar to
<varname>disallowedReferences</varname>, but it specifies illegal
requisites for the whole closure, so all the dependencies
recursively. For example,
<programlisting>
disallowedRequisites = [ foobar ];
</programlisting>
enforces that the output of a derivation cannot have any
runtime dependency on <varname>foobar</varname> or any other derivation
depending recursively on <varname>foobar</varname>.</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-exportReferencesGraph"><term><varname>exportReferencesGraph</varname></term>
<listitem><para>This attribute allows builders access to the
references graph of their inputs. The attribute is a list of
inputs in the Nix store whose references graph the builder needs
to know. The value of this attribute should be a list of pairs
<literal>[ <emphasis>name1</emphasis>
<emphasis>path1</emphasis> <emphasis>name2</emphasis>
<emphasis>path2</emphasis> <emphasis>...</emphasis>
]</literal>. The references graph of each
<emphasis>pathN</emphasis> will be stored in a text file
<emphasis>nameN</emphasis> in the temporary build directory.
The text files have the format used by <command>nix-store
--register-validity</command> (with the deriver fields left
empty). For example, when the following derivation is built:
<programlisting>
derivation {
...
exportReferencesGraph = [ "libfoo-graph" libfoo ];
};
</programlisting>
the references graph of <literal>libfoo</literal> is placed in the
file <filename>libfoo-graph</filename> in the temporary build
directory.</para>
<para><varname>exportReferencesGraph</varname> is useful for
builders that want to do something with the closure of a store
path. Examples include the builders in NixOS that generate the
initial ramdisk for booting Linux (a <command>cpio</command>
archive containing the closure of the boot script) and the
ISO-9660 image for the installation CD (which is populated with a
Nix store containing the closure of a bootable NixOS
configuration).</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-impureEnvVars"><term><varname>impureEnvVars</varname></term>
<listitem><para>This attribute allows you to specify a list of
environment variables that should be passed from the environment
of the calling user to the builder. Usually, the environment is
cleared completely when the builder is executed, but with this
attribute you can allow specific environment variables to be
passed unmodified. For example, <function>fetchurl</function> in
Nixpkgs has the line
<programlisting>
impureEnvVars = [ "http_proxy" "https_proxy" <emphasis>...</emphasis> ];
</programlisting>
to make it use the proxy server configuration specified by the
user in the environment variables <literal>http_proxy</literal> and
friends.</para>
<para>This attribute is only allowed in <link
linkend="fixed-output-drvs">fixed-output derivations</link>, where
impurities such as these are okay since (the hash of) the output
is known in advance. It is ignored for all other
derivations.</para>
<warning><para><varname>impureEnvVars</varname> implementation takes
environment variables from the current builder process. When a daemon is
building its environmental variables are used. Without the daemon, the
environmental variables come from the environment of the
<command>nix-build</command>.</para></warning></listitem>
</varlistentry>
<varlistentry xml:id="fixed-output-drvs">
<term xml:id="adv-attr-outputHash"><varname>outputHash</varname></term>
<term xml:id="adv-attr-outputHashAlgo"><varname>outputHashAlgo</varname></term>
<term xml:id="adv-attr-outputHashMode"><varname>outputHashMode</varname></term>
<listitem><para>These attributes declare that the derivation is a
so-called <emphasis>fixed-output derivation</emphasis>, which
means that a cryptographic hash of the output is already known in
advance. When the build of a fixed-output derivation finishes,
Nix computes the cryptographic hash of the output and compares it
to the hash declared with these attributes. If there is a
mismatch, the build fails.</para>
<para>The rationale for fixed-output derivations is derivations
such as those produced by the <function>fetchurl</function>
function. This function downloads a file from a given URL. To
ensure that the downloaded file has not been modified, the caller
must also specify a cryptographic hash of the file. For example,
<programlisting>
fetchurl {
url = "http://ftp.gnu.org/pub/gnu/hello/hello-2.1.1.tar.gz";
sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
}
</programlisting>
It sometimes happens that the URL of the file changes, e.g.,
because servers are reorganised or no longer available. We then
must update the call to <function>fetchurl</function>, e.g.,
<programlisting>
fetchurl {
url = "ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz";
sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
}
</programlisting>
If a <function>fetchurl</function> derivation was treated like a
normal derivation, the output paths of the derivation and
<emphasis>all derivations depending on it</emphasis> would change.
For instance, if we were to change the URL of the Glibc source
distribution in Nixpkgs (a package on which almost all other
packages depend) massive rebuilds would be needed. This is
unfortunate for a change which we know cannot have a real effect
as it propagates upwards through the dependency graph.</para>
<para>For fixed-output derivations, on the other hand, the name of
the output path only depends on the <varname>outputHash*</varname>
and <varname>name</varname> attributes, while all other attributes
are ignored for the purpose of computing the output path. (The
<varname>name</varname> attribute is included because it is part
of the path.)</para>
<para>As an example, here is the (simplified) Nix expression for
<varname>fetchurl</varname>:
<programlisting>
{ stdenv, curl }: # The <command>curl</command> program is used for downloading.
{ url, sha256 }:
stdenv.mkDerivation {
name = baseNameOf (toString url);
builder = ./builder.sh;
buildInputs = [ curl ];
# This is a fixed-output derivation; the output must be a regular
# file with SHA256 hash <varname>sha256</varname>.
outputHashMode = "flat";
outputHashAlgo = "sha256";
outputHash = sha256;
inherit url;
}
</programlisting>
</para>
<para>The <varname>outputHashAlgo</varname> attribute specifies
the hash algorithm used to compute the hash. It can currently be
<literal>"sha1"</literal>, <literal>"sha256"</literal> or
<literal>"sha512"</literal>.</para>
<para>The <varname>outputHashMode</varname> attribute determines
how the hash is computed. It must be one of the following two
values:
<variablelist>
<varlistentry><term><literal>"flat"</literal></term>
<listitem><para>The output must be a non-executable regular
file. If it isnt, the build fails. The hash is simply
computed over the contents of that file (so its equal to what
Unix commands like <command>sha256sum</command> or
<command>sha1sum</command> produce).</para>
<para>This is the default.</para></listitem>
</varlistentry>
<varlistentry><term><literal>"recursive"</literal></term>
<listitem><para>The hash is computed over the NAR archive dump
of the output (i.e., the result of <link
linkend="refsec-nix-store-dump"><command>nix-store
--dump</command></link>). In this case, the output can be
anything, including a directory tree.</para></listitem>
</varlistentry>
</variablelist>
</para>
<para>The <varname>outputHash</varname> attribute, finally, must
be a string containing the hash in either hexadecimal or base-32
notation. (See the <link
linkend="sec-nix-hash"><command>nix-hash</command> command</link>
for information about converting to and from base-32
notation.)</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-passAsFile"><term><varname>passAsFile</varname></term>
<listitem><para>A list of names of attributes that should be
passed via files rather than environment variables. For example,
if you have
<programlisting>
passAsFile = ["big"];
big = "a very long string";
</programlisting>
then when the builder runs, the environment variable
<literal>bigPath</literal> will contain the absolute path to a
temporary file containing <literal>a very long
string</literal>. That is, for any attribute
<emphasis>x</emphasis> listed in
<varname>passAsFile</varname>, Nix will pass an environment
variable <literal><emphasis>x</emphasis>Path</literal> holding
the path of the file containing the value of attribute
<emphasis>x</emphasis>. This is useful when you need to pass
large strings to a builder, since most operating systems impose a
limit on the size of the environment (typically, a few hundred
kilobyte).</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-preferLocalBuild"><term><varname>preferLocalBuild</varname></term>
<listitem><para>If this attribute is set to
<literal>true</literal> and <link
linkend="chap-distributed-builds">distributed building is
enabled</link>, then, if possible, the derivaton will be built
locally instead of forwarded to a remote machine. This is
appropriate for trivial builders where the cost of doing a
download or remote build would exceed the cost of building
locally.</para></listitem>
</varlistentry>
<varlistentry xml:id="adv-attr-allowSubstitutes"><term><varname>allowSubstitutes</varname></term>
<listitem>
<para>If this attribute is set to
<literal>false</literal>, then Nix will always build this
derivation; it will not try to substitute its outputs. This is
useful for very trivial derivations (such as
<function>writeText</function> in Nixpkgs) that are cheaper to
build than to substitute from a binary cache.</para>
<note><para>You need to have a builder configured which satisfies
the derivations <literal>system</literal> attribute, since the
derivation cannot be substituted. Thus it is usually a good idea
to align <literal>system</literal> with
<literal>builtins.currentSystem</literal> when setting
<literal>allowSubstitutes</literal> to <literal>false</literal>.
For most trivial derivations this should be the case.
</para></note>
</listitem>
</varlistentry>
</variablelist>
</section>

View file

@ -1,114 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='sec-arguments'>
<title>Arguments and Variables</title>
<para>The Nix expression in <xref linkend='ex-hello-nix' /> is a
function; it is missing some arguments that have to be filled in
somewhere. In the Nix Packages collection this is done in the file
<filename>pkgs/top-level/all-packages.nix</filename>, where all Nix
expressions for packages are imported and called with the appropriate
arguments. Here are some fragments of
<filename>all-packages.nix</filename>, with annotations of what they
mean:</para>
<programlisting>
...
rec { ①
hello = import ../applications/misc/hello/ex-1 ② { ③
inherit fetchurl stdenv perl;
};
perl = import ../development/interpreters/perl { ④
inherit fetchurl stdenv;
};
fetchurl = import ../build-support/fetchurl {
inherit stdenv; ...
};
stdenv = ...;
}
</programlisting>
<orderedlist>
<listitem>
<para>This file defines a set of attributes, all of which are
concrete derivations (i.e., not functions). In fact, we define a
<emphasis>mutually recursive</emphasis> set of attributes. That
is, the attributes can refer to each other. This is precisely
what we want since we want to <quote>plug</quote> the
various packages into each other.</para>
</listitem>
<listitem>
<para>Here we <emphasis>import</emphasis> the Nix expression for
GNU Hello. The import operation just loads and returns the
specified Nix expression. In fact, we could just have put the
contents of <xref linkend='ex-hello-nix' /> in
<filename>all-packages.nix</filename> at this point. That
would be completely equivalent, but it would make the file rather
bulky.</para>
<para>Note that we refer to
<filename>../applications/misc/hello/ex-1</filename>, not
<filename>../applications/misc/hello/ex-1/default.nix</filename>.
When you try to import a directory, Nix automatically appends
<filename>/default.nix</filename> to the file name.</para>
</listitem>
<listitem>
<para>This is where the actual composition takes place. Here we
<emphasis>call</emphasis> the function imported from
<filename>../applications/misc/hello/ex-1</filename> with a set
containing the things that the function expects, namely
<varname>fetchurl</varname>, <varname>stdenv</varname>, and
<varname>perl</varname>. We use inherit again to use the
attributes defined in the surrounding scope (we could also have
written <literal>fetchurl = fetchurl;</literal>, etc.).</para>
<para>The result of this function call is an actual derivation
that can be built by Nix (since when we fill in the arguments of
the function, what we get is its body, which is the call to
<varname>stdenv.mkDerivation</varname> in <xref
linkend='ex-hello-nix' />).</para>
<note><para>Nixpkgs has a convenience function
<function>callPackage</function> that imports and calls a
function, filling in any missing arguments by passing the
corresponding attribute from the Nixpkgs set, like this:
<programlisting>
hello = callPackage ../applications/misc/hello/ex-1 { };
</programlisting>
If necessary, you can set or override arguments:
<programlisting>
hello = callPackage ../applications/misc/hello/ex-1 { stdenv = myStdenv; };
</programlisting>
</para></note>
</listitem>
<listitem>
<para>Likewise, we have to instantiate Perl,
<varname>fetchurl</varname>, and the standard environment.</para>
</listitem>
</orderedlist>
</section>

View file

@ -1,114 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='sec-build-script'>
<title>Build Script</title>
<para>Here is the builder referenced
from Hello's Nix expression (stored in
<filename>pkgs/applications/misc/hello/ex-1/builder.sh</filename>):</para>
<programlisting>
source $stdenv/setup ①
PATH=$perl/bin:$PATH ②
tar xvfz $src ③
cd hello-*
./configure --prefix=$out ④
make ⑤
make install</programlisting>
<para>The builder can actually be made a lot shorter by using the
<emphasis>generic builder</emphasis> functions provided by
<varname>stdenv</varname>, but here we write out the build steps to
elucidate what a builder does. It performs the following
steps:</para>
<orderedlist>
<listitem>
<para>When Nix runs a builder, it initially completely clears the
environment (except for the attributes declared in the
derivation). This is done to prevent undeclared inputs from being
used in the build process. If for example the
<literal>PATH</literal> contained <filename>/usr/bin</filename>,
then you might accidentally use
<filename>/usr/bin/gcc</filename>.</para>
<para>So the first step is to set up the environment. This is
done by calling the <filename>setup</filename> script of the
standard environment. The environment variable
<literal>stdenv</literal> points to the location of the standard
environment being used. (It wasn't specified explicitly as an
attribute in <xref linkend='ex-hello-nix' />, but
<varname>mkDerivation</varname> adds it automatically.)</para>
</listitem>
<listitem>
<para>Since Hello needs Perl, we have to make sure that Perl is in
the <literal>PATH</literal>. The <literal>perl</literal> environment
variable points to the location of the Perl package (since it
was passed in as an attribute to the derivation), so
<filename><emphasis>$perl</emphasis>/bin</filename> is the
directory containing the Perl interpreter.</para>
</listitem>
<listitem>
<para>Now we have to unpack the sources. The
<varname>src</varname> attribute was bound to the result of
fetching the Hello source tarball from the network, so the
<literal>src</literal> environment variable points to the location in
the Nix store to which the tarball was downloaded. After
unpacking, we <command>cd</command> to the resulting source
directory.</para>
<para>The whole build is performed in a temporary directory
created in <varname>/tmp</varname>, by the way. This directory is
removed after the builder finishes, so there is no need to clean
up the sources afterwards. Also, the temporary directory is
always newly created, so you don't have to worry about files from
previous builds interfering with the current build.</para>
</listitem>
<listitem>
<para>GNU Hello is a typical Autoconf-based package, so we first
have to run its <filename>configure</filename> script. In Nix
every package is stored in a separate location in the Nix store,
for instance
<filename>/nix/store/9a54ba97fb71b65fda531012d0443ce2-hello-2.1.1</filename>.
Nix computes this path by cryptographically hashing all attributes
of the derivation. The path is passed to the builder through the
<literal>out</literal> environment variable. So here we give
<filename>configure</filename> the parameter
<literal>--prefix=$out</literal> to cause Hello to be installed in
the expected location.</para>
</listitem>
<listitem>
<para>Finally we build Hello (<literal>make</literal>) and install
it into the location specified by <literal>out</literal>
(<literal>make install</literal>).</para>
</listitem>
</orderedlist>
<para>If you are wondering about the absence of error checking on the
result of various commands called in the builder: this is because the
shell script is evaluated with Bash's <option>-e</option> option,
which causes the script to be aborted if any command fails without an
error check.</para>
</section>

File diff suppressed because it is too large Load diff

View file

@ -1,210 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-derivation">
<title>Derivations</title>
<para>The most important built-in function is
<function>derivation</function>, which is used to describe a single
derivation (a build action). It takes as input a set, the attributes
of which specify the inputs of the build.</para>
<itemizedlist>
<listitem xml:id="attr-system"><para>There must be an attribute
named <varname>system</varname> whose value must be a string
specifying a Nix system type, such as
<literal>"i686-linux"</literal> or
<literal>"x86_64-darwin"</literal>. (To figure out your system type,
run <literal>nix -vv --version</literal>.) The build can only be
performed on a machine and operating system matching the system
type. (Nix can automatically forward builds for other platforms by
forwarding them to other machines; see <xref
linkend='chap-distributed-builds' />.)</para></listitem>
<listitem><para>There must be an attribute named
<varname>name</varname> whose value must be a string. This is used
as a symbolic name for the package by <command>nix-env</command>,
and it is appended to the output paths of the
derivation.</para></listitem>
<listitem><para>There must be an attribute named
<varname>builder</varname> that identifies the program that is
executed to perform the build. It can be either a derivation or a
source (a local file reference, e.g.,
<filename>./builder.sh</filename>).</para></listitem>
<listitem><para>Every attribute is passed as an environment variable
to the builder. Attribute values are translated to environment
variables as follows:
<itemizedlist>
<listitem><para>Strings and numbers are just passed
verbatim.</para></listitem>
<listitem><para>A <emphasis>path</emphasis> (e.g.,
<filename>../foo/sources.tar</filename>) causes the referenced
file to be copied to the store; its location in the store is put
in the environment variable. The idea is that all sources
should reside in the Nix store, since all inputs to a derivation
should reside in the Nix store.</para></listitem>
<listitem><para>A <emphasis>derivation</emphasis> causes that
derivation to be built prior to the present derivation; its
default output path is put in the environment
variable.</para></listitem>
<listitem><para>Lists of the previous types are also allowed.
They are simply concatenated, separated by
spaces.</para></listitem>
<listitem><para><literal>true</literal> is passed as the string
<literal>1</literal>, <literal>false</literal> and
<literal>null</literal> are passed as an empty string.
</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>The optional attribute <varname>args</varname>
specifies command-line arguments to be passed to the builder. It
should be a list.</para></listitem>
<listitem><para>The optional attribute <varname>outputs</varname>
specifies a list of symbolic outputs of the derivation. By default,
a derivation produces a single output path, denoted as
<literal>out</literal>. However, derivations can produce multiple
output paths. This is useful because it allows outputs to be
downloaded or garbage-collected separately. For instance, imagine a
library package that provides a dynamic library, header files, and
documentation. A program that links against the library doesnt
need the header files and documentation at runtime, and it doesnt
need the documentation at build time. Thus, the library package
could specify:
<programlisting>
outputs = [ "lib" "headers" "doc" ];
</programlisting>
This will cause Nix to pass environment variables
<literal>lib</literal>, <literal>headers</literal> and
<literal>doc</literal> to the builder containing the intended store
paths of each output. The builder would typically do something like
<programlisting>
./configure --libdir=$lib/lib --includedir=$headers/include --docdir=$doc/share/doc
</programlisting>
for an Autoconf-style package. You can refer to each output of a
derivation by selecting it as an attribute, e.g.
<programlisting>
buildInputs = [ pkg.lib pkg.headers ];
</programlisting>
The first element of <varname>outputs</varname> determines the
<emphasis>default output</emphasis>. Thus, you could also write
<programlisting>
buildInputs = [ pkg pkg.headers ];
</programlisting>
since <literal>pkg</literal> is equivalent to
<literal>pkg.lib</literal>.</para></listitem>
</itemizedlist>
<para>The function <function>mkDerivation</function> in the Nixpkgs
standard environment is a wrapper around
<function>derivation</function> that adds a default value for
<varname>system</varname> and always uses Bash as the builder, to
which the supplied builder is passed as a command-line argument. See
the Nixpkgs manual for details.</para>
<para>The builder is executed as follows:
<itemizedlist>
<listitem><para>A temporary directory is created under the directory
specified by <literal>TMPDIR</literal> (default
<filename>/tmp</filename>) where the build will take place. The
current directory is changed to this directory.</para></listitem>
<listitem><para>The environment is cleared and set to the derivation
attributes, as specified above.</para></listitem>
<listitem><para>In addition, the following variables are set:
<itemizedlist>
<listitem><para><literal>NIX_BUILD_TOP</literal> contains the path of
the temporary directory for this build.</para></listitem>
<listitem><para>Also, <literal>TMPDIR</literal>,
<literal>TEMPDIR</literal>, <literal>TMP</literal>, <literal>TEMP</literal>
are set to point to the temporary directory. This is to prevent
the builder from accidentally writing temporary files anywhere
else. Doing so might cause interference by other
processes.</para></listitem>
<listitem><para><literal>PATH</literal> is set to
<filename>/path-not-set</filename> to prevent shells from
initialising it to their built-in default value.</para></listitem>
<listitem><para><literal>HOME</literal> is set to
<filename>/homeless-shelter</filename> to prevent programs from
using <filename>/etc/passwd</filename> or the like to find the
user's home directory, which could cause impurity. Usually, when
<literal>HOME</literal> is set, it is used as the location of the home
directory, even if it points to a non-existent
path.</para></listitem>
<listitem><para><literal>NIX_STORE</literal> is set to the path of the
top-level Nix store directory (typically,
<filename>/nix/store</filename>).</para></listitem>
<listitem><para>For each output declared in
<varname>outputs</varname>, the corresponding environment variable
is set to point to the intended path in the Nix store for that
output. Each output path is a concatenation of the cryptographic
hash of all build inputs, the <varname>name</varname> attribute
and the output name. (The output name is omitted if its
<literal>out</literal>.)</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>If an output path already exists, it is removed.
Also, locks are acquired to prevent multiple Nix instances from
performing the same build at the same time.</para></listitem>
<listitem><para>A log of the combined standard output and error is
written to <filename>/nix/var/log/nix</filename>.</para></listitem>
<listitem><para>The builder is executed with the arguments specified
by the attribute <varname>args</varname>. If it exits with exit
code 0, it is considered to have succeeded.</para></listitem>
<listitem><para>The temporary directory is removed (unless the
<option>-K</option> option was specified).</para></listitem>
<listitem><para>If the build was successful, Nix scans each output
path for references to input paths by looking for the hash parts of
the input paths. Since these are potential runtime dependencies,
Nix registers them as dependencies of the output
paths.</para></listitem>
<listitem><para>After the build, Nix sets the last-modified
timestamp on all files in the build result to 1 (00:00:01 1/1/1970
UTC), sets the group to the default group, and sets the mode of the
file to 0444 or 0555 (i.e., read-only, with execute permission
enabled if the file was originally executable). Note that possible
<literal>setuid</literal> and <literal>setgid</literal> bits are
cleared. Setuid and setgid programs are not currently supported by
Nix. This is because the Nix archives used in deployment have no
concept of ownership information, and because it makes the build
result dependent on the user performing the build.</para></listitem>
</itemizedlist>
</para>
<xi:include href="advanced-attributes.xml" />
</section>

View file

@ -1,30 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-expression-language">
<title>Nix Expression Language</title>
<para>The Nix expression language is a pure, lazy, functional
language. Purity means that operations in the language don't have
side-effects (for instance, there is no variable assignment).
Laziness means that arguments to functions are evaluated only when
they are needed. Functional means that functions are
<quote>normal</quote> values that can be passed around and manipulated
in interesting ways. The language is not a full-featured, general
purpose language. Its main job is to describe packages,
compositions of packages, and the variability within
packages.</para>
<para>This section presents the various features of the
language.</para>
<xi:include href="language-values.xml" />
<xi:include href="language-constructs.xml" />
<xi:include href="language-operators.xml" />
<xi:include href="derivations.xml" />
<xi:include href="builtins.xml" />
</chapter>

View file

@ -1,146 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='sec-expression-syntax'>
<title>Expression Syntax</title>
<para>Here is a Nix expression for GNU Hello:</para>
<programlisting>
{ stdenv, fetchurl, perl }: ①
stdenv.mkDerivation { ②
name = "hello-2.1.1"; ③
builder = ./builder.sh; ④
src = fetchurl { ⑤
url = "ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz";
sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
};
inherit perl; ⑥
}</programlisting>
<para>This file is actually already in the Nix Packages collection in
<filename>pkgs/applications/misc/hello/ex-1/default.nix</filename>.
It is customary to place each package in a separate directory and call
the single Nix expression in that directory
<filename>default.nix</filename>. The file has the following elements
(referenced from the figure by number):
<orderedlist>
<listitem>
<para>This states that the expression is a
<emphasis>function</emphasis> that expects to be called with three
arguments: <varname>stdenv</varname>, <varname>fetchurl</varname>,
and <varname>perl</varname>. They are needed to build Hello, but
we don't know how to build them here; that's why they are function
arguments. <varname>stdenv</varname> is a package that is used
by almost all Nix Packages packages; it provides a
<quote>standard</quote> environment consisting of the things you
would expect in a basic Unix environment: a C/C++ compiler (GCC,
to be precise), the Bash shell, fundamental Unix tools such as
<command>cp</command>, <command>grep</command>,
<command>tar</command>, etc. <varname>fetchurl</varname> is a
function that downloads files. <varname>perl</varname> is the
Perl interpreter.</para>
<para>Nix functions generally have the form <literal>{ x, y, ...,
z }: e</literal> where <varname>x</varname>, <varname>y</varname>,
etc. are the names of the expected arguments, and where
<emphasis>e</emphasis> is the body of the function. So
here, the entire remainder of the file is the body of the
function; when given the required arguments, the body should
describe how to build an instance of the Hello package.</para>
</listitem>
<listitem>
<para>So we have to build a package. Building something from
other stuff is called a <emphasis>derivation</emphasis> in Nix (as
opposed to sources, which are built by humans instead of
computers). We perform a derivation by calling
<varname>stdenv.mkDerivation</varname>.
<varname>mkDerivation</varname> is a function provided by
<varname>stdenv</varname> that builds a package from a set of
<emphasis>attributes</emphasis>. A set is just a list of
key/value pairs where each key is a string and each value is an
arbitrary Nix expression. They take the general form <literal>{
<emphasis>name1</emphasis> =
<emphasis>expr1</emphasis>; <emphasis>...</emphasis>
<emphasis>nameN</emphasis> =
<emphasis>exprN</emphasis>; }</literal>.</para>
</listitem>
<listitem>
<para>The attribute <varname>name</varname> specifies the symbolic
name and version of the package. Nix doesn't really care about
these things, but they are used by for instance <command>nix-env
-q</command> to show a <quote>human-readable</quote> name for
packages. This attribute is required by
<varname>mkDerivation</varname>.</para>
</listitem>
<listitem>
<para>The attribute <varname>builder</varname> specifies the
builder. This attribute can sometimes be omitted, in which case
<varname>mkDerivation</varname> will fill in a default builder
(which does a <literal>configure; make; make install</literal>, in
essence). Hello is sufficiently simple that the default builder
would suffice, but in this case, we will show an actual builder
for educational purposes. The value
<command>./builder.sh</command> refers to the shell script shown
in <xref linkend='ex-hello-builder' />, discussed below.</para>
</listitem>
<listitem>
<para>The builder has to know what the sources of the package
are. Here, the attribute <varname>src</varname> is bound to the
result of a call to the <command>fetchurl</command> function.
Given a URL and a SHA-256 hash of the expected contents of the file
at that URL, this function builds a derivation that downloads the
file and checks its hash. So the sources are a dependency that
like all other dependencies is built before Hello itself is
built.</para>
<para>Instead of <varname>src</varname> any other name could have
been used, and in fact there can be any number of sources (bound
to different attributes). However, <varname>src</varname> is
customary, and it's also expected by the default builder (which we
don't use in this example).</para>
</listitem>
<listitem>
<para>Since the derivation requires Perl, we have to pass the
value of the <varname>perl</varname> function argument to the
builder. All attributes in the set are actually passed as
environment variables to the builder, so declaring an attribute
<programlisting>
perl = perl;</programlisting>
will do the trick: it binds an attribute <varname>perl</varname>
to the function argument which also happens to be called
<varname>perl</varname>. However, it looks a bit silly, so there
is a shorter syntax. The <literal>inherit</literal> keyword
causes the specified attributes to be bound to whatever variables
with the same name happen to be in scope.</para>
</listitem>
</orderedlist>
</para>
</section>

View file

@ -1,98 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='sec-generic-builder'>
<title>Generic Builder Syntax</title>
<para>Recall from <xref linkend='ex-hello-builder' /> that the builder
looked something like this:
<programlisting>
PATH=$perl/bin:$PATH
tar xvfz $src
cd hello-*
./configure --prefix=$out
make
make install</programlisting>
The builders for almost all Unix packages look like this — set up some
environment variables, unpack the sources, configure, build, and
install. For this reason the standard environment provides some Bash
functions that automate the build process. Here is what a builder
using the generic build facilities looks like:</para>
<programlisting>
buildInputs="$perl" ①
source $stdenv/setup ②
genericBuild ③</programlisting>
<para>Here is what each line means:
<orderedlist>
<listitem>
<para>The <literal>buildInputs</literal> variable tells
<filename>setup</filename> to use the indicated packages as
<quote>inputs</quote>. This means that if a package provides a
<filename>bin</filename> subdirectory, it's added to
<literal>PATH</literal>; if it has a <filename>include</filename>
subdirectory, it's added to GCC's header search path; and so
on. (This is implemented in a modular way:
<filename>setup</filename> tries to source the file
<filename><emphasis>pkg</emphasis>/nix-support/setup-hook</filename>
of all dependencies. These “setup hooks” can then set up whatever
environment variables they want; for instance, the setup hook for
Perl sets the <literal>PERL5LIB</literal> environment variable to
contain the <filename>lib/site_perl</filename> directories of all
inputs.)
</para>
</listitem>
<listitem arearefs='ex-hello-builder2-co-2'>
<para>The function <function>genericBuild</function> is defined in
the file <literal>$stdenv/setup</literal>.</para>
</listitem>
<listitem arearefs='ex-hello-builder2-co-3'>
<para>The final step calls the shell function
<function>genericBuild</function>, which performs the steps that
were done explicitly in <xref linkend='ex-hello-builder' />. The
generic builder is smart enough to figure out whether to unpack
the sources using <command>gzip</command>,
<command>bzip2</command>, etc. It can be customised in many ways;
see the Nixpkgs manual for details.</para>
</listitem>
</orderedlist>
</para>
<para>Discerning readers will note that the
<literal>buildInputs</literal> could just as well have been set in the Nix
expression, like this:
<programlisting>
buildInputs = [ perl ];</programlisting>
The <varname>perl</varname> attribute can then be removed, and the
builder becomes even shorter:
<programlisting>
source $stdenv/setup
genericBuild</programlisting>
In fact, <varname>mkDerivation</varname> provides a default builder
that looks exactly like that, so it is actually possible to omit the
builder for Hello entirely.</para>
</section>

View file

@ -1,408 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-constructs">
<title>Language Constructs</title>
<section><title>Recursive sets</title>
<para>Recursive sets are just normal sets, but the attributes can
refer to each other. For example,
<programlisting>
rec {
x = y;
y = 123;
}.x
</programlisting>
evaluates to <literal>123</literal>. Note that without
<literal>rec</literal> the binding <literal>x = y;</literal> would
refer to the variable <varname>y</varname> in the surrounding scope,
if one exists, and would be invalid if no such variable exists. That
is, in a normal (non-recursive) set, attributes are not added to the
lexical scope; in a recursive set, they are.</para>
<para>Recursive sets of course introduce the danger of infinite
recursion. For example, the expression
<programlisting>
rec {
x = y;
y = x;
}.x</programlisting>
will crash with an <literal>infinite recursion encountered</literal>
error message.</para>
</section>
<section xml:id="sect-let-expressions"><title>Let-expressions</title>
<para>A let-expression allows you to define local variables for an
expression. For instance,
<programlisting>
let
x = "foo";
y = "bar";
in x + y</programlisting>
evaluates to <literal>"foobar"</literal>.
</para>
</section>
<section><title>Inheriting attributes</title>
<para>When defining a set or in a let-expression it is often convenient to copy variables
from the surrounding lexical scope (e.g., when you want to propagate
attributes). This can be shortened using the
<literal>inherit</literal> keyword. For instance,
<programlisting>
let x = 123; in
{ inherit x;
y = 456;
}</programlisting>
is equivalent to
<programlisting>
let x = 123; in
{ x = x;
y = 456;
}</programlisting>
and both evaluate to <literal>{ x = 123; y = 456; }</literal>. (Note that
this works because <varname>x</varname> is added to the lexical scope
by the <literal>let</literal> construct.) It is also possible to
inherit attributes from another set. For instance, in this fragment
from <filename>all-packages.nix</filename>,
<programlisting>
graphviz = (import ../tools/graphics/graphviz) {
inherit fetchurl stdenv libpng libjpeg expat x11 yacc;
inherit (xlibs) libXaw;
};
xlibs = {
libX11 = ...;
libXaw = ...;
...
}
libpng = ...;
libjpg = ...;
...</programlisting>
the set used in the function call to the function defined in
<filename>../tools/graphics/graphviz</filename> inherits a number of
variables from the surrounding scope (<varname>fetchurl</varname>
... <varname>yacc</varname>), but also inherits
<varname>libXaw</varname> (the X Athena Widgets) from the
<varname>xlibs</varname> (X11 client-side libraries) set.</para>
<para>
Summarizing the fragment
<programlisting>
...
inherit x y z;
inherit (src-set) a b c;
...</programlisting>
is equivalent to
<programlisting>
...
x = x; y = y; z = z;
a = src-set.a; b = src-set.b; c = src-set.c;
...</programlisting>
when used while defining local variables in a let-expression or
while defining a set.</para>
</section>
<section xml:id="ss-functions"><title>Functions</title>
<para>Functions have the following form:
<programlisting>
<emphasis>pattern</emphasis>: <emphasis>body</emphasis></programlisting>
The pattern specifies what the argument of the function must look
like, and binds variables in the body to (parts of) the
argument. There are three kinds of patterns:</para>
<itemizedlist>
<listitem><para>If a pattern is a single identifier, then the
function matches any argument. Example:
<programlisting>
let negate = x: !x;
concat = x: y: x + y;
in if negate true then concat "foo" "bar" else ""</programlisting>
Note that <function>concat</function> is a function that takes one
argument and returns a function that takes another argument. This
allows partial parameterisation (i.e., only filling some of the
arguments of a function); e.g.,
<programlisting>
map (concat "foo") [ "bar" "bla" "abc" ]</programlisting>
evaluates to <literal>[ "foobar" "foobla"
"fooabc" ]</literal>.</para></listitem>
<listitem><para>A <emphasis>set pattern</emphasis> of the form
<literal>{ name1, name2, …, nameN }</literal> matches a set
containing the listed attributes, and binds the values of those
attributes to variables in the function body. For example, the
function
<programlisting>
{ x, y, z }: z + y + x</programlisting>
can only be called with a set containing exactly the attributes
<varname>x</varname>, <varname>y</varname> and
<varname>z</varname>. No other attributes are allowed. If you want
to allow additional arguments, you can use an ellipsis
(<literal>...</literal>):
<programlisting>
{ x, y, z, ... }: z + y + x</programlisting>
This works on any set that contains at least the three named
attributes.</para>
<para>It is possible to provide <emphasis>default values</emphasis>
for attributes, in which case they are allowed to be missing. A
default value is specified by writing
<literal><emphasis>name</emphasis> ?
<emphasis>e</emphasis></literal>, where
<emphasis>e</emphasis> is an arbitrary expression. For example,
<programlisting>
{ x, y ? "foo", z ? "bar" }: z + y + x</programlisting>
specifies a function that only requires an attribute named
<varname>x</varname>, but optionally accepts <varname>y</varname>
and <varname>z</varname>.</para></listitem>
<listitem><para>An <literal>@</literal>-pattern provides a means of referring
to the whole value being matched:
<programlisting> args@{ x, y, z, ... }: z + y + x + args.a</programlisting>
but can also be written as:
<programlisting> { x, y, z, ... } @ args: z + y + x + args.a</programlisting>
Here <varname>args</varname> is bound to the entire argument, which
is further matched against the pattern <literal>{ x, y, z,
... }</literal>. <literal>@</literal>-pattern makes mainly sense with an
ellipsis(<literal>...</literal>) as you can access attribute names as
<literal>a</literal>, using <literal>args.a</literal>, which was given as an
additional attribute to the function.
</para>
<warning>
<para>
The <literal>args@</literal> expression is bound to the argument passed to the function which
means that attributes with defaults that aren't explicitly specified in the function call
won't cause an evaluation error, but won't exist in <literal>args</literal>.
</para>
<para>
For instance
<programlisting>
let
function = args@{ a ? 23, ... }: args;
in
function {}
</programlisting>
will evaluate to an empty attribute set.
</para>
</warning></listitem>
</itemizedlist>
<para>Note that functions do not have names. If you want to give them
a name, you can bind them to an attribute, e.g.,
<programlisting>
let concat = { x, y }: x + y;
in concat { x = "foo"; y = "bar"; }</programlisting>
</para>
</section>
<section><title>Conditionals</title>
<para>Conditionals look like this:
<programlisting>
if <emphasis>e1</emphasis> then <emphasis>e2</emphasis> else <emphasis>e3</emphasis></programlisting>
where <emphasis>e1</emphasis> is an expression that should
evaluate to a Boolean value (<literal>true</literal> or
<literal>false</literal>).</para>
</section>
<section><title>Assertions</title>
<para>Assertions are generally used to check that certain requirements
on or between features and dependencies hold. They look like this:
<programlisting>
assert <emphasis>e1</emphasis>; <emphasis>e2</emphasis></programlisting>
where <emphasis>e1</emphasis> is an expression that should
evaluate to a Boolean value. If it evaluates to
<literal>true</literal>, <emphasis>e2</emphasis> is returned;
otherwise expression evaluation is aborted and a backtrace is printed.</para>
<para>Here is a Nix expression for the Subversion package that shows
how assertions can be used:.</para>
<programlisting>
{ localServer ? false
, httpServer ? false
, sslSupport ? false
, pythonBindings ? false
, javaSwigBindings ? false
, javahlBindings ? false
, stdenv, fetchurl
, openssl ? null, httpd ? null, db4 ? null, expat, swig ? null, j2sdk ? null
}:
assert localServer -> db4 != null; ①
assert httpServer -> httpd != null &amp;&amp; httpd.expat == expat; ②
assert sslSupport -> openssl != null &amp;&amp; (httpServer -> httpd.openssl == openssl); ③
assert pythonBindings -> swig != null &amp;&amp; swig.pythonSupport;
assert javaSwigBindings -> swig != null &amp;&amp; swig.javaSupport;
assert javahlBindings -> j2sdk != null;
stdenv.mkDerivation {
name = "subversion-1.1.1";
...
openssl = if sslSupport then openssl else null; ④
...
}</programlisting>
<para>The points of interest are:</para>
<orderedlist>
<listitem>
<para>This assertion states that if Subversion is to have support
for local repositories, then Berkeley DB is needed. So if the
Subversion function is called with the
<varname>localServer</varname> argument set to
<literal>true</literal> but the <varname>db4</varname> argument
set to <literal>null</literal>, then the evaluation fails.</para>
</listitem>
<listitem>
<para>This is a more subtle condition: if Subversion is built with
Apache (<literal>httpServer</literal>) support, then the Expat
library (an XML library) used by Subversion should be same as the
one used by Apache. This is because in this configuration
Subversion code ends up being linked with Apache code, and if the
Expat libraries do not match, a build- or runtime link error or
incompatibility might occur.</para>
</listitem>
<listitem>
<para>This assertion says that in order for Subversion to have SSL
support (so that it can access <literal>https</literal> URLs), an
OpenSSL library must be passed. Additionally, it says that
<emphasis>if</emphasis> Apache support is enabled, then Apache's
OpenSSL should match Subversion's. (Note that if Apache support
is not enabled, we don't care about Apache's OpenSSL.)</para>
</listitem>
<listitem>
<para>The conditional here is not really related to assertions,
but is worth pointing out: it ensures that if SSL support is
disabled, then the Subversion derivation is not dependent on
OpenSSL, even if a non-<literal>null</literal> value was passed.
This prevents an unnecessary rebuild of Subversion if OpenSSL
changes.</para>
</listitem>
</orderedlist>
</section>
<section><title>With-expressions</title>
<para>A <emphasis>with-expression</emphasis>,
<programlisting>
with <emphasis>e1</emphasis>; <emphasis>e2</emphasis></programlisting>
introduces the set <emphasis>e1</emphasis> into the lexical
scope of the expression <emphasis>e2</emphasis>. For instance,
<programlisting>
let as = { x = "foo"; y = "bar"; };
in with as; x + y</programlisting>
evaluates to <literal>"foobar"</literal> since the
<literal>with</literal> adds the <varname>x</varname> and
<varname>y</varname> attributes of <varname>as</varname> to the
lexical scope in the expression <literal>x + y</literal>. The most
common use of <literal>with</literal> is in conjunction with the
<function>import</function> function. E.g.,
<programlisting>
with (import ./definitions.nix); ...</programlisting>
makes all attributes defined in the file
<filename>definitions.nix</filename> available as if they were defined
locally in a <literal>let</literal>-expression.</para>
<para>The bindings introduced by <literal>with</literal> do not shadow bindings
introduced by other means, e.g.
<programlisting>
let a = 3; in with { a = 1; }; let a = 4; in with { a = 2; }; ...</programlisting>
establishes the same scope as
<programlisting>
let a = 1; in let a = 2; in let a = 3; in let a = 4; in ...</programlisting>
</para>
</section>
<section><title>Comments</title>
<para>Comments can be single-line, started with a <literal>#</literal>
character, or inline/multi-line, enclosed within <literal>/*
... */</literal>.</para>
</section>
</section>

View file

@ -1,222 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-language-operators">
<title>Operators</title>
<para><xref linkend='table-operators' /> lists the operators in the
Nix expression language, in order of precedence (from strongest to
weakest binding).</para>
<table xml:id='table-operators'>
<title>Operators</title>
<tgroup cols='3'>
<thead>
<row>
<entry>Name</entry>
<entry>Syntax</entry>
<entry>Associativity</entry>
<entry>Description</entry>
<entry>Precedence</entry>
</row>
</thead>
<tbody>
<row>
<entry>Select</entry>
<entry><emphasis>e</emphasis> <literal>.</literal>
<emphasis>attrpath</emphasis>
[ <literal>or</literal> <emphasis>def</emphasis> ]
</entry>
<entry>none</entry>
<entry>Select attribute denoted by the attribute path
<emphasis>attrpath</emphasis> from set
<emphasis>e</emphasis>. (An attribute path is a
dot-separated list of attribute names.) If the attribute
doesnt exist, return <emphasis>def</emphasis> if
provided, otherwise abort evaluation.</entry>
<entry>1</entry>
</row>
<row>
<entry>Application</entry>
<entry><emphasis>e1</emphasis> <emphasis>e2</emphasis></entry>
<entry>left</entry>
<entry>Call function <emphasis>e1</emphasis> with
argument <emphasis>e2</emphasis>.</entry>
<entry>2</entry>
</row>
<row>
<entry>Arithmetic Negation</entry>
<entry><literal>-</literal> <emphasis>e</emphasis></entry>
<entry>none</entry>
<entry>Arithmetic negation.</entry>
<entry>3</entry>
</row>
<row>
<entry>Has Attribute</entry>
<entry><emphasis>e</emphasis> <literal>?</literal>
<emphasis>attrpath</emphasis></entry>
<entry>none</entry>
<entry>Test whether set <emphasis>e</emphasis> contains
the attribute denoted by <emphasis>attrpath</emphasis>;
return <literal>true</literal> or
<literal>false</literal>.</entry>
<entry>4</entry>
</row>
<row>
<entry>List Concatenation</entry>
<entry><emphasis>e1</emphasis> <literal>++</literal> <emphasis>e2</emphasis></entry>
<entry>right</entry>
<entry>List concatenation.</entry>
<entry>5</entry>
</row>
<row>
<entry>Multiplication</entry>
<entry>
<emphasis>e1</emphasis> <literal>*</literal> <emphasis>e2</emphasis>,
</entry>
<entry>left</entry>
<entry>Arithmetic multiplication.</entry>
<entry>6</entry>
</row>
<row>
<entry>Division</entry>
<entry>
<emphasis>e1</emphasis> <literal>/</literal> <emphasis>e2</emphasis>
</entry>
<entry>left</entry>
<entry>Arithmetic division.</entry>
<entry>6</entry>
</row>
<row>
<entry>Addition</entry>
<entry>
<emphasis>e1</emphasis> <literal>+</literal> <emphasis>e2</emphasis>
</entry>
<entry>left</entry>
<entry>Arithmetic addition.</entry>
<entry>7</entry>
</row>
<row>
<entry>Subtraction</entry>
<entry>
<emphasis>e1</emphasis> <literal>-</literal> <emphasis>e2</emphasis>
</entry>
<entry>left</entry>
<entry>Arithmetic subtraction.</entry>
<entry>7</entry>
</row>
<row>
<entry>String Concatenation</entry>
<entry>
<emphasis>string1</emphasis> <literal>+</literal> <emphasis>string2</emphasis>
</entry>
<entry>left</entry>
<entry>String concatenation.</entry>
<entry>7</entry>
</row>
<row>
<entry>Not</entry>
<entry><literal>!</literal> <emphasis>e</emphasis></entry>
<entry>none</entry>
<entry>Boolean negation.</entry>
<entry>8</entry>
</row>
<row>
<entry>Update</entry>
<entry><emphasis>e1</emphasis> <literal>//</literal>
<emphasis>e2</emphasis></entry>
<entry>right</entry>
<entry>Return a set consisting of the attributes in
<emphasis>e1</emphasis> and
<emphasis>e2</emphasis> (with the latter taking
precedence over the former in case of equally named
attributes).</entry>
<entry>9</entry>
</row>
<row>
<entry>Less Than</entry>
<entry>
<emphasis>e1</emphasis> <literal>&lt;</literal> <emphasis>e2</emphasis>,
</entry>
<entry>none</entry>
<entry>Arithmetic comparison.</entry>
<entry>10</entry>
</row>
<row>
<entry>Less Than or Equal To</entry>
<entry>
<emphasis>e1</emphasis> <literal>&lt;=</literal> <emphasis>e2</emphasis>
</entry>
<entry>none</entry>
<entry>Arithmetic comparison.</entry>
<entry>10</entry>
</row>
<row>
<entry>Greater Than</entry>
<entry>
<emphasis>e1</emphasis> <literal>&gt;</literal> <emphasis>e2</emphasis>
</entry>
<entry>none</entry>
<entry>Arithmetic comparison.</entry>
<entry>10</entry>
</row>
<row>
<entry>Greater Than or Equal To</entry>
<entry>
<emphasis>e1</emphasis> <literal>&gt;=</literal> <emphasis>e2</emphasis>
</entry>
<entry>none</entry>
<entry>Arithmetic comparison.</entry>
<entry>10</entry>
</row>
<row>
<entry>Equality</entry>
<entry>
<emphasis>e1</emphasis> <literal>==</literal> <emphasis>e2</emphasis>
</entry>
<entry>none</entry>
<entry>Equality.</entry>
<entry>11</entry>
</row>
<row>
<entry>Inequality</entry>
<entry>
<emphasis>e1</emphasis> <literal>!=</literal> <emphasis>e2</emphasis>
</entry>
<entry>none</entry>
<entry>Inequality.</entry>
<entry>11</entry>
</row>
<row>
<entry>Logical AND</entry>
<entry><emphasis>e1</emphasis> <literal>&amp;&amp;</literal>
<emphasis>e2</emphasis></entry>
<entry>left</entry>
<entry>Logical AND.</entry>
<entry>12</entry>
</row>
<row>
<entry>Logical OR</entry>
<entry><emphasis>e1</emphasis> <literal>||</literal>
<emphasis>e2</emphasis></entry>
<entry>left</entry>
<entry>Logical OR.</entry>
<entry>13</entry>
</row>
<row>
<entry>Logical Implication</entry>
<entry><emphasis>e1</emphasis> <literal>-></literal>
<emphasis>e2</emphasis></entry>
<entry>none</entry>
<entry>Logical implication (equivalent to
<literal>!<emphasis>e1</emphasis> ||
<emphasis>e2</emphasis></literal>).</entry>
<entry>14</entry>
</row>
</tbody>
</tgroup>
</table>
</section>

View file

@ -1,312 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='ssec-values'>
<title>Values</title>
<section><title>Simple Values</title>
<para>Nix has the following basic data types:
<itemizedlist>
<listitem>
<para><emphasis>Strings</emphasis> can be written in three
ways.</para>
<para>The most common way is to enclose the string between double
quotes, e.g., <literal>"foo bar"</literal>. Strings can span
multiple lines. The special characters <literal>"</literal> and
<literal>\</literal> and the character sequence
<literal>${</literal> must be escaped by prefixing them with a
backslash (<literal>\</literal>). Newlines, carriage returns and
tabs can be written as <literal>\n</literal>,
<literal>\r</literal> and <literal>\t</literal>,
respectively.</para>
<para>You can include the result of an expression into a string by
enclosing it in
<literal>${<emphasis>...</emphasis>}</literal>, a feature
known as <emphasis>antiquotation</emphasis>. The enclosed
expression must evaluate to something that can be coerced into a
string (meaning that it must be a string, a path, or a
derivation). For instance, rather than writing
<programlisting>
"--with-freetype2-library=" + freetype + "/lib"</programlisting>
(where <varname>freetype</varname> is a derivation), you can
instead write the more natural
<programlisting>
"--with-freetype2-library=${freetype}/lib"</programlisting>
The latter is automatically translated to the former. A more
complicated example (from the Nix expression for <link
xlink:href='http://www.trolltech.com/products/qt'>Qt</link>):
<programlisting>
configureFlags = "
-system-zlib -system-libpng -system-libjpeg
${if openglSupport then "-dlopen-opengl
-L${mesa}/lib -I${mesa}/include
-L${libXmu}/lib -I${libXmu}/include" else ""}
${if threadSupport then "-thread" else "-no-thread"}
";</programlisting>
Note that Nix expressions and strings can be arbitrarily nested;
in this case the outer string contains various antiquotations that
themselves contain strings (e.g., <literal>"-thread"</literal>),
some of which in turn contain expressions (e.g.,
<literal>${mesa}</literal>).</para>
<para>The second way to write string literals is as an
<emphasis>indented string</emphasis>, which is enclosed between
pairs of <emphasis>double single-quotes</emphasis>, like so:
<programlisting>
''
This is the first line.
This is the second line.
This is the third line.
''</programlisting>
This kind of string literal intelligently strips indentation from
the start of each line. To be precise, it strips from each line a
number of spaces equal to the minimal indentation of the string as
a whole (disregarding the indentation of empty lines). For
instance, the first and second line are indented two space, while
the third line is indented four spaces. Thus, two spaces are
stripped from each line, so the resulting string is
<programlisting>
"This is the first line.\nThis is the second line.\n This is the third line.\n"</programlisting>
</para>
<para>Note that the whitespace and newline following the opening
<literal>''</literal> is ignored if there is no non-whitespace
text on the initial line.</para>
<para>Antiquotation
(<literal>${<emphasis>expr</emphasis>}</literal>) is
supported in indented strings.</para>
<para>Since <literal>${</literal> and <literal>''</literal> have
special meaning in indented strings, you need a way to quote them.
<literal>$</literal> can be escaped by prefixing it with
<literal>''</literal> (that is, two single quotes), i.e.,
<literal>''$</literal>. <literal>''</literal> can be escaped by
prefixing it with <literal>'</literal>, i.e.,
<literal>'''</literal>. <literal>$</literal> removes any special meaning
from the following <literal>$</literal>. Linefeed, carriage-return and tab
characters can be written as <literal>''\n</literal>,
<literal>''\r</literal>, <literal>''\t</literal>, and <literal>''\</literal>
escapes any other character.
</para>
<para>Indented strings are primarily useful in that they allow
multi-line string literals to follow the indentation of the
enclosing Nix expression, and that less escaping is typically
necessary for strings representing languages such as shell scripts
and configuration files because <literal>''</literal> is much less
common than <literal>"</literal>. Example:
<programlisting>
stdenv.mkDerivation {
<emphasis>...</emphasis>
postInstall =
''
mkdir $out/bin $out/etc
cp foo $out/bin
echo "Hello World" > $out/etc/foo.conf
${if enableBar then "cp bar $out/bin" else ""}
'';
<emphasis>...</emphasis>
}
</programlisting>
</para>
<para>Finally, as a convenience, <emphasis>URIs</emphasis> as
defined in appendix B of <link
xlink:href='http://www.ietf.org/rfc/rfc2396.txt'>RFC 2396</link>
can be written <emphasis>as is</emphasis>, without quotes. For
instance, the string
<literal>"http://example.org/foo.tar.bz2"</literal>
can also be written as
<literal>http://example.org/foo.tar.bz2</literal>.</para>
</listitem>
<listitem><para>Numbers, which can be <emphasis>integers</emphasis> (like
<literal>123</literal>) or <emphasis>floating point</emphasis> (like
<literal>123.43</literal> or <literal>.27e13</literal>).</para>
<para>Numbers are type-compatible: pure integer operations will always
return integers, whereas any operation involving at least one floating point
number will have a floating point number as a result.</para></listitem>
<listitem><para><emphasis>Paths</emphasis>, e.g.,
<filename>/bin/sh</filename> or <filename>./builder.sh</filename>.
A path must contain at least one slash to be recognised as such. For
instance, <filename>builder.sh</filename> is not a path: it's parsed
as an expression that selects the attribute <varname>sh</varname>
from the variable <varname>builder</varname>. If the file name is
relative, i.e., if it does not begin with a slash, it is made
absolute at parse time relative to the directory of the Nix
expression that contained it. For instance, if a Nix expression in
<filename>/foo/bar/bla.nix</filename> refers to
<filename>../xyzzy/fnord.nix</filename>, the absolute path is
<filename>/foo/xyzzy/fnord.nix</filename>.</para>
<para>If the first component of a path is a <literal>~</literal>,
it is interpreted as if the rest of the path were relative to the
user's home directory. e.g. <filename>~/foo</filename> would be
equivalent to <filename>/home/edolstra/foo</filename> for a user
whose home directory is <filename>/home/edolstra</filename>.
</para>
<para>Paths can also be specified between angle brackets, e.g.
<literal>&lt;nixpkgs&gt;</literal>. This means that the directories
listed in the environment variable
<literal linkend="env-NIX_PATH">NIX_PATH</literal> will be searched
for the given file or directory name.
</para>
</listitem>
<listitem><para><emphasis>Booleans</emphasis> with values
<literal>true</literal> and
<literal>false</literal>.</para></listitem>
<listitem><para>The null value, denoted as
<literal>null</literal>.</para></listitem>
</itemizedlist>
</para>
</section>
<section><title>Lists</title>
<para>Lists are formed by enclosing a whitespace-separated list of
values between square brackets. For example,
<programlisting>
[ 123 ./foo.nix "abc" (f { x = y; }) ]</programlisting>
defines a list of four elements, the last being the result of a call
to the function <varname>f</varname>. Note that function calls have
to be enclosed in parentheses. If they had been omitted, e.g.,
<programlisting>
[ 123 ./foo.nix "abc" f { x = y; } ]</programlisting>
the result would be a list of five elements, the fourth one being a
function and the fifth being a set.</para>
<para>Note that lists are only lazy in values, and they are strict in length.
</para>
</section>
<section><title>Sets</title>
<para>Sets are really the core of the language, since ultimately the
Nix language is all about creating derivations, which are really just
sets of attributes to be passed to build scripts.</para>
<para>Sets are just a list of name/value pairs (called
<emphasis>attributes</emphasis>) enclosed in curly brackets, where
each value is an arbitrary expression terminated by a semicolon. For
example:
<programlisting>
{ x = 123;
text = "Hello";
y = f { bla = 456; };
}</programlisting>
This defines a set with attributes named <varname>x</varname>,
<varname>text</varname>, <varname>y</varname>. The order of the
attributes is irrelevant. An attribute name may only occur
once.</para>
<para>Attributes can be selected from a set using the
<literal>.</literal> operator. For instance,
<programlisting>
{ a = "Foo"; b = "Bar"; }.a</programlisting>
evaluates to <literal>"Foo"</literal>. It is possible to provide a
default value in an attribute selection using the
<literal>or</literal> keyword. For example,
<programlisting>
{ a = "Foo"; b = "Bar"; }.c or "Xyzzy"</programlisting>
will evaluate to <literal>"Xyzzy"</literal> because there is no
<varname>c</varname> attribute in the set.</para>
<para>You can use arbitrary double-quoted strings as attribute
names:
<programlisting>
{ "foo ${bar}" = 123; "nix-1.0" = 456; }."foo ${bar}"
</programlisting>
This will evaluate to <literal>123</literal> (Assuming
<literal>bar</literal> is antiquotable). In the case where an
attribute name is just a single antiquotation, the quotes can be
dropped:
<programlisting>
{ foo = 123; }.${bar} or 456 </programlisting>
This will evaluate to <literal>123</literal> if
<literal>bar</literal> evaluates to <literal>"foo"</literal> when
coerced to a string and <literal>456</literal> otherwise (again
assuming <literal>bar</literal> is antiquotable).</para>
<para>In the special case where an attribute name inside of a set declaration
evaluates to <literal>null</literal> (which is normally an error, as
<literal>null</literal> is not antiquotable), that attribute is simply not
added to the set:
<programlisting>
{ ${if foo then "bar" else null} = true; }</programlisting>
This will evaluate to <literal>{}</literal> if <literal>foo</literal>
evaluates to <literal>false</literal>.</para>
<para>A set that has a <literal>__functor</literal> attribute whose value
is callable (i.e. is itself a function or a set with a
<literal>__functor</literal> attribute whose value is callable) can be
applied as if it were a function, with the set itself passed in first
, e.g.,
<programlisting>
let add = { __functor = self: x: x + self.x; };
inc = add // { x = 1; };
in inc 1
</programlisting>
evaluates to <literal>2</literal>. This can be used to attach metadata to a
function without the caller needing to treat it specially, or to implement
a form of object-oriented programming, for example.
</para>
</section>
</section>

View file

@ -1,76 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='sec-building-simple'>
<title>Building and Testing</title>
<para>You can now try to build Hello. Of course, you could do
<literal>nix-env -i hello</literal>, but you may not want to install a
possibly broken package just yet. The best way to test the package is by
using the command <command linkend="sec-nix-build">nix-build</command>,
which builds a Nix expression and creates a symlink named
<filename>result</filename> in the current directory:
<screen>
$ nix-build -A hello
building path `/nix/store/632d2b22514d...-hello-2.1.1'
hello-2.1.1/
hello-2.1.1/intl/
hello-2.1.1/intl/ChangeLog
<emphasis>...</emphasis>
$ ls -l result
lrwxrwxrwx ... 2006-09-29 10:43 result -> /nix/store/632d2b22514d...-hello-2.1.1
$ ./result/bin/hello
Hello, world!</screen>
The <link linkend='opt-attr'><option>-A</option></link> option selects
the <literal>hello</literal> attribute. This is faster than using the
symbolic package name specified by the <literal>name</literal>
attribute (which also happens to be <literal>hello</literal>) and is
unambiguous (there can be multiple packages with the symbolic name
<literal>hello</literal>, but there can be only one attribute in a set
named <literal>hello</literal>).</para>
<para><command>nix-build</command> registers the
<filename>./result</filename> symlink as a garbage collection root, so
unless and until you delete the <filename>./result</filename> symlink,
the output of the build will be safely kept on your system. You can
use <command>nix-build</command>s <option
linkend='opt-out-link'>-o</option> switch to give the symlink another
name.</para>
<para>Nix has transactional semantics. Once a build finishes
successfully, Nix makes a note of this in its database: it registers
that the path denoted by <literal>out</literal> is now
<quote>valid</quote>. If you try to build the derivation again, Nix
will see that the path is already valid and finish immediately. If a
build fails, either because it returns a non-zero exit code, because
Nix or the builder are killed, or because the machine crashes, then
the output paths will not be registered as valid. If you try to build
the derivation again, Nix will remove the output paths if they exist
(e.g., because the builder died half-way through <literal>make
install</literal>) and try again. Note that there is no
<quote>negative caching</quote>: Nix doesn't remember that a build
failed, and so a failed build can always be repeated. This is because
Nix cannot distinguish between permanent failures (e.g., a compiler
error due to a syntax error in the source) and transient failures
(e.g., a disk full condition).</para>
<para>Nix also performs locking. If you run multiple Nix builds
simultaneously, and they try to build the same derivation, the first
Nix instance that gets there will perform the build, while the others
block (or perform other derivations if available) until the build
finishes:
<screen>
$ nix-build -A hello
waiting for lock on `/nix/store/0h5b7hp8d4hqfrw8igvx97x1xawrjnac-hello-2.1.1x'</screen>
So it is always safe to run multiple instances of Nix in parallel
(which isnt the case with, say, <command>make</command>).</para>
</section>

View file

@ -1,46 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-simple-expression">
<title>A Simple Nix Expression</title>
<para>This section shows how to add and test the <link
xlink:href='http://www.gnu.org/software/hello/hello.html'>GNU Hello
package</link> to the Nix Packages collection. Hello is a program
that prints out the text <quote>Hello, world!</quote>.</para>
<para>To add a package to the Nix Packages collection, you generally
need to do three things:
<orderedlist>
<listitem><para>Write a Nix expression for the package. This is a
file that describes all the inputs involved in building the package,
such as dependencies, sources, and so on.</para></listitem>
<listitem><para>Write a <emphasis>builder</emphasis>. This is a
shell script that builds the package from the inputs. (In fact, it
can be written in any language, but typically it's a
<command>bash</command> shell script.)</para></listitem>
<listitem><para>Add the package to the file
<filename>pkgs/top-level/all-packages.nix</filename>. The Nix
expression written in the first step is a
<emphasis>function</emphasis>; it requires other packages in order
to build it. In this step you put it all together, i.e., you call
the function with the right arguments to build the actual
package.</para></listitem>
</orderedlist>
</para>
<xi:include href="expression-syntax.xml" />
<xi:include href="build-script.xml" />
<xi:include href="arguments-variables.xml" />
<xi:include href="simple-building-testing.xml" />
<xi:include href="generic-builder.xml" />
</chapter>

View file

@ -1,26 +0,0 @@
<part xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='chap-writing-nix-expressions'>
<title>Writing Nix Expressions</title>
<partintro>
<para>This chapter shows you how to write Nix expressions, which
instruct Nix how to build packages. It starts with a
simple example (a Nix expression for GNU Hello), and then moves
on to a more in-depth look at the Nix expression language.</para>
<note><para>This chapter is mostly about the Nix expression language.
For more extensive information on adding packages to the Nix Packages
collection (such as functions in the standard environment and coding
conventions), please consult <link
xlink:href="http://nixos.org/nixpkgs/manual/">its
manual</link>.</para></note>
</partintro>
<xi:include href="simple-expression.xml" />
<xi:include href="expression-language.xml" />
</part>

View file

@ -1,199 +0,0 @@
<appendix xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="part-glossary">
<title>Glossary</title>
<glosslist>
<glossentry xml:id="gloss-derivation"><glossterm>derivation</glossterm>
<glossdef><para>A description of a build action. The result of a
derivation is a store object. Derivations are typically specified
in Nix expressions using the <link
linkend="ssec-derivation"><function>derivation</function>
primitive</link>. These are translated into low-level
<emphasis>store derivations</emphasis> (implicitly by
<command>nix-env</command> and <command>nix-build</command>, or
explicitly by <command>nix-instantiate</command>).</para></glossdef>
</glossentry>
<glossentry><glossterm>store</glossterm>
<glossdef><para>The location in the file system where store objects
live. Typically <filename>/nix/store</filename>.</para></glossdef>
</glossentry>
<glossentry><glossterm>store path</glossterm>
<glossdef><para>The location in the file system of a store object,
i.e., an immediate child of the Nix store
directory.</para></glossdef>
</glossentry>
<glossentry><glossterm>store object</glossterm>
<glossdef><para>A file that is an immediate child of the Nix store
directory. These can be regular files, but also entire directory
trees. Store objects can be sources (objects copied from outside of
the store), derivation outputs (objects produced by running a build
action), or derivations (files describing a build
action).</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-substitute"><glossterm>substitute</glossterm>
<glossdef><para>A substitute is a command invocation stored in the
Nix database that describes how to build a store object, bypassing
the normal build mechanism (i.e., derivations). Typically, the
substitute builds the store object by downloading a pre-built
version of the store object from some server.</para></glossdef>
</glossentry>
<glossentry><glossterm>purity</glossterm>
<glossdef><para>The assumption that equal Nix derivations when run
always produce the same output. This cannot be guaranteed in
general (e.g., a builder can rely on external inputs such as the
network or the system time) but the Nix model assumes
it.</para></glossdef>
</glossentry>
<glossentry><glossterm>Nix expression</glossterm>
<glossdef><para>A high-level description of software packages and
compositions thereof. Deploying software using Nix entails writing
Nix expressions for your packages. Nix expressions are translated
to derivations that are stored in the Nix store. These derivations
can then be built.</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-reference"><glossterm>reference</glossterm>
<glossdef>
<para>A store path <varname>P</varname> is said to have a
reference to a store path <varname>Q</varname> if the store object
at <varname>P</varname> contains the path <varname>Q</varname>
somewhere. The <emphasis>references</emphasis> of a store path are
the set of store paths to which it has a reference.
</para>
<para>A derivation can reference other derivations and sources
(but not output paths), whereas an output path only references other
output paths.
</para>
</glossdef>
</glossentry>
<glossentry xml:id="gloss-reachable"><glossterm>reachable</glossterm>
<glossdef><para>A store path <varname>Q</varname> is reachable from
another store path <varname>P</varname> if <varname>Q</varname> is in the
<link linkend="gloss-closure">closure</link> of the
<link linkend="gloss-reference">references</link> relation.
</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-closure"><glossterm>closure</glossterm>
<glossdef><para>The closure of a store path is the set of store
paths that are directly or indirectly “reachable” from that store
path; that is, its the closure of the path under the <link
linkend="gloss-reference">references</link> relation. For a package, the
closure of its derivation is equivalent to the build-time
dependencies, while the closure of its output path is equivalent to its
runtime dependencies. For correct deployment it is necessary to deploy whole
closures, since otherwise at runtime files could be missing. The command
<command>nix-store -qR</command> prints out closures of store paths.
</para>
<para>As an example, if the store object at path <varname>P</varname> contains
a reference to path <varname>Q</varname>, then <varname>Q</varname> is
in the closure of <varname>P</varname>. Further, if <varname>Q</varname>
references <varname>R</varname> then <varname>R</varname> is also in
the closure of <varname>P</varname>.
</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-output-path"><glossterm>output path</glossterm>
<glossdef><para>A store path produced by a derivation.</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-deriver"><glossterm>deriver</glossterm>
<glossdef><para>The deriver of an <link
linkend="gloss-output-path">output path</link> is the store
derivation that built it.</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-validity"><glossterm>validity</glossterm>
<glossdef><para>A store path is considered
<emphasis>valid</emphasis> if it exists in the file system, is
listed in the Nix database as being valid, and if all paths in its
closure are also valid.</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-user-env"><glossterm>user environment</glossterm>
<glossdef><para>An automatically generated store object that
consists of a set of symlinks to “active” applications, i.e., other
store paths. These are generated automatically by <link
linkend="sec-nix-env"><command>nix-env</command></link>. See <xref
linkend="sec-profiles" />.</para>
</glossdef>
</glossentry>
<glossentry xml:id="gloss-profile"><glossterm>profile</glossterm>
<glossdef><para>A symlink to the current <link
linkend="gloss-user-env">user environment</link> of a user, e.g.,
<filename>/nix/var/nix/profiles/default</filename>.</para></glossdef>
</glossentry>
<glossentry xml:id="gloss-nar"><glossterm>NAR</glossterm>
<glossdef><para>A <emphasis>N</emphasis>ix
<emphasis>AR</emphasis>chive. This is a serialisation of a path in
the Nix store. It can contain regular files, directories and
symbolic links. NARs are generated and unpacked using
<command>nix-store --dump</command> and <command>nix-store
--restore</command>.</para></glossdef>
</glossentry>
</glosslist>
</appendix>

View file

@ -1,74 +0,0 @@
<appendix xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-hacking">
<title>Hacking</title>
<para>This section provides some notes on how to hack on Nix. To get
the latest version of Nix from GitHub:
<screen>
$ git clone https://github.com/NixOS/nix.git
$ cd nix
</screen>
</para>
<para>To build Nix for the current operating system/architecture use
<screen>
$ nix-build
</screen>
or if you have a flakes-enabled nix:
<screen>
$ nix build
</screen>
This will build <literal>defaultPackage</literal> attribute defined in the <literal>flake.nix</literal> file.
To build for other platforms add one of the following suffixes to it: aarch64-linux,
i686-linux, x86_64-darwin, x86_64-linux.
i.e.
<screen>
$ nix-build -A defaultPackage.x86_64-linux
</screen>
</para>
<para>To build all dependencies and start a shell in which all
environment variables are set up so that those dependencies can be
found:
<screen>
$ nix-shell
</screen>
To build Nix itself in this shell:
<screen>
[nix-shell]$ ./bootstrap.sh
[nix-shell]$ ./configure $configureFlags
[nix-shell]$ make -j $NIX_BUILD_CORES
</screen>
To install it in <literal>$(pwd)/inst</literal> and test it:
<screen>
[nix-shell]$ make install
[nix-shell]$ make installcheck
[nix-shell]$ ./inst/bin/nix --version
nix (Nix) 2.4
</screen>
If you have a flakes-enabled nix you can replace:
<screen>
$ nix-shell
</screen>
by:
<screen>
$ nix develop
</screen>
</para>
</appendix>

View file

@ -1,49 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-building-source">
<title>Building Nix from Source</title>
<para>After unpacking or checking out the Nix sources, issue the
following commands:
<screen>
$ ./configure <emphasis>options...</emphasis>
$ make
$ make install</screen>
Nix requires GNU Make so you may need to invoke
<command>gmake</command> instead.</para>
<para>When building from the Git repository, these should be preceded
by the command:
<screen>
$ ./bootstrap.sh</screen>
</para>
<para>The installation path can be specified by passing the
<option>--prefix=<emphasis>prefix</emphasis></option> to
<command>configure</command>. The default installation directory is
<filename>/usr/local</filename>. You can change this to any location
you like. You must have write permission to the
<emphasis>prefix</emphasis> path.</para>
<para>Nix keeps its <emphasis>store</emphasis> (the place where
packages are stored) in <filename>/nix/store</filename> by default.
This can be changed using
<option>--with-store-dir=<emphasis>path</emphasis></option>.</para>
<warning><para>It is best <emphasis>not</emphasis> to change the Nix
store from its default, since doing so makes it impossible to use
pre-built binaries from the standard Nixpkgs channels — that is, all
packages will need to be built from source.</para></warning>
<para>Nix keeps state (such as its database and log files) in
<filename>/nix/var</filename> by default. This can be changed using
<option>--localstatedir=<emphasis>path</emphasis></option>.</para>
</section>

View file

@ -1,89 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-env-variables">
<title>Environment Variables</title>
<para>To use Nix, some environment variables should be set. In
particular, <literal>PATH</literal> should contain the directories
<filename><emphasis>prefix</emphasis>/bin</filename> and
<filename>~/.nix-profile/bin</filename>. The first directory contains
the Nix tools themselves, while <filename>~/.nix-profile</filename> is
a symbolic link to the current <emphasis>user environment</emphasis>
(an automatically generated package consisting of symlinks to
installed packages). The simplest way to set the required environment
variables is to include the file
<filename><emphasis>prefix</emphasis>/etc/profile.d/nix.sh</filename>
in your <filename>~/.profile</filename> (or similar), like this:</para>
<screen>
source <emphasis>prefix</emphasis>/etc/profile.d/nix.sh</screen>
<section xml:id="sec-nix-ssl-cert-file">
<title><literal>NIX_SSL_CERT_FILE</literal></title>
<para>If you need to specify a custom certificate bundle to account
for an HTTPS-intercepting man in the middle proxy, you must specify
the path to the certificate bundle in the environment variable
<literal>NIX_SSL_CERT_FILE</literal>.</para>
<para>If you don't specify a <literal>NIX_SSL_CERT_FILE</literal>
manually, Nix will install and use its own certificate
bundle.</para>
<procedure>
<step><para>Set the environment variable and install Nix</para>
<screen>
$ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
$ sh &lt;(curl -L https://nixos.org/nix/install)
</screen></step>
<step><para>In the shell profile and rc files (for example,
<filename>/etc/bashrc</filename>, <filename>/etc/zshrc</filename>),
add the following line:</para>
<programlisting>
export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
</programlisting>
</step>
</procedure>
<note><para>You must not add the export and then do the install, as
the Nix installer will detect the presense of Nix configuration, and
abort.</para></note>
<section xml:id="sec-nix-ssl-cert-file-with-nix-daemon-and-macos">
<title><literal>NIX_SSL_CERT_FILE</literal> with macOS and the Nix daemon</title>
<para>On macOS you must specify the environment variable for the Nix
daemon service, then restart it:</para>
<screen>
$ sudo launchctl setenv NIX_SSL_CERT_FILE /etc/ssl/my-certificate-bundle.crt
$ sudo launchctl kickstart -k system/org.nixos.nix-daemon
</screen>
</section>
<section xml:id="sec-installer-proxy-settings">
<title>Proxy Environment Variables</title>
<para>The Nix installer has special handling for these proxy-related
environment variables:
<varname>http_proxy</varname>, <varname>https_proxy</varname>,
<varname>ftp_proxy</varname>, <varname>no_proxy</varname>,
<varname>HTTP_PROXY</varname>, <varname>HTTPS_PROXY</varname>,
<varname>FTP_PROXY</varname>, <varname>NO_PROXY</varname>.
</para>
<para>If any of these variables are set when running the Nix installer,
then the installer will create an override file at
<filename>/etc/systemd/system/nix-daemon.service.d/override.conf</filename>
so <command>nix-daemon</command> will use them.
</para>
</section>
</section>
</chapter>

View file

@ -1,34 +0,0 @@
<part xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="chap-installation">
<title>Installation</title>
<partintro>
<para>This section describes how to install and configure Nix for first-time use.</para>
</partintro>
<xi:include href="supported-platforms.xml" />
<xi:include href="installing-binary.xml" />
<xi:include href="installing-source.xml" />
<xi:include href="nix-security.xml" />
<xi:include href="env-variables.xml" />
<!-- TODO: should be updated
<section><title>Upgrading Nix through Nix</title>
<para>You can install the latest stable version of Nix through Nix
itself by subscribing to the channel <link
xlink:href="http://nixos.org/releases/nix/channels/nix-stable" />,
or the latest unstable version by subscribing to the channel <link
xlink:href="http://nixos.org/releases/nix/channels/nix-unstable" />.
You can also do a <link linkend="sec-one-click">one-click
installation</link> by clicking on the package links at <link
xlink:href="http://nixos.org/releases/full-index-nix.html" />.</para>
</section>
-->
</part>

View file

@ -1,469 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-installing-binary">
<title>Installing a Binary Distribution</title>
<para>
If you are using Linux or macOS versions up to 10.14 (Mojave), the
easiest way to install Nix is to run the following command:
</para>
<screen>
$ sh &lt;(curl -L https://nixos.org/nix/install)
</screen>
<para>
If you're using macOS 10.15 (Catalina) or newer, consult
<link linkend="sect-macos-installation">the macOS installation instructions</link>
before installing.
</para>
<para>
As of Nix 2.1.0, the Nix installer will always default to creating a
single-user installation, however opting in to the multi-user
installation is highly recommended.
<!-- TODO: this explains *neither* why the default version is
single-user, nor why we'd recommend multi-user over the default.
True prospective users don't have much basis for evaluating this.
What's it to me? Who should pick which? Why? What if I pick wrong?
-->
</para>
<section xml:id="sect-single-user-installation">
<title>Single User Installation</title>
<para>
To explicitly select a single-user installation on your system:
<screen>
sh &lt;(curl -L https://nixos.org/nix/install) --no-daemon
</screen>
</para>
<para>
This will perform a single-user installation of Nix, meaning that
<filename>/nix</filename> is owned by the invoking user. You should
run this under your usual user account, <emphasis>not</emphasis> as
root. The script will invoke <command>sudo</command> to create
<filename>/nix</filename> if it doesnt already exist. If you dont
have <command>sudo</command>, you should manually create
<filename>/nix</filename> first as root, e.g.:
<screen>
$ mkdir /nix
$ chown alice /nix
</screen>
The install script will modify the first writable file from amongst
<filename>.bash_profile</filename>, <filename>.bash_login</filename>
and <filename>.profile</filename> to source
<filename>~/.nix-profile/etc/profile.d/nix.sh</filename>. You can set
the <literal>NIX_INSTALLER_NO_MODIFY_PROFILE</literal> environment
variable before executing the install script to disable this
behaviour.
</para>
<para>You can uninstall Nix simply by running:
<screen>
$ rm -rf /nix
</screen>
</para>
</section>
<section xml:id="sect-multi-user-installation">
<title>Multi User Installation</title>
<para>
The multi-user Nix installation creates system users, and a system
service for the Nix daemon.
</para>
<itemizedlist>
<title>Supported Systems</title>
<listitem>
<para>Linux running systemd, with SELinux disabled</para>
</listitem>
<listitem><para>macOS</para></listitem>
</itemizedlist>
<para>
You can instruct the installer to perform a multi-user
installation on your system:
</para>
<screen>sh &lt;(curl -L https://nixos.org/nix/install) --daemon</screen>
<para>
The multi-user installation of Nix will create build users between
the user IDs 30001 and 30032, and a group with the group ID 30000.
You should run this under your usual user account,
<emphasis>not</emphasis> as root. The script will invoke
<command>sudo</command> as needed.
</para>
<note><para>
If you need Nix to use a different group ID or user ID set, you
will have to download the tarball manually and <link
linkend="sect-nix-install-binary-tarball">edit the install
script</link>.
</para></note>
<para>
The installer will modify <filename>/etc/bashrc</filename>, and
<filename>/etc/zshrc</filename> if they exist. The installer will
first back up these files with a
<literal>.backup-before-nix</literal> extension. The installer
will also create <filename>/etc/profile.d/nix.sh</filename>.
</para>
<para>You can uninstall Nix with the following commands:
<screen>
sudo rm -rf /etc/profile/nix.sh /etc/nix /nix ~root/.nix-profile ~root/.nix-defexpr ~root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
# If you are on Linux with systemd, you will need to run:
sudo systemctl stop nix-daemon.socket
sudo systemctl stop nix-daemon.service
sudo systemctl disable nix-daemon.socket
sudo systemctl disable nix-daemon.service
sudo systemctl daemon-reload
# If you are on macOS, you will need to run:
sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
</screen>
There may also be references to Nix in
<filename>/etc/profile</filename>,
<filename>/etc/bashrc</filename>, and
<filename>/etc/zshrc</filename> which you may remove.
</para>
</section>
<section xml:id="sect-macos-installation">
<title>macOS Installation</title>
<para>
Starting with macOS 10.15 (Catalina), the root filesystem is read-only.
This means <filename>/nix</filename> can no longer live on your system
volume, and that you'll need a workaround to install Nix.
</para>
<para>
The recommended approach, which creates an unencrypted APFS volume
for your Nix store and a "synthetic" empty directory to mount it
over at <filename>/nix</filename>, is least likely to impair Nix
or your system.
</para>
<note><para>
With all separate-volume approaches, it's possible something on
your system (particularly daemons/services and restored apps) may
need access to your Nix store before the volume is mounted. Adding
additional encryption makes this more likely.
</para></note>
<para>
If you're using a recent Mac with a
<link xlink:href="https://www.apple.com/euro/mac/shared/docs/Apple_T2_Security_Chip_Overview.pdf">T2 chip</link>,
your drive will still be encrypted at rest (in which case "unencrypted"
is a bit of a misnomer). To use this approach, just install Nix with:
</para>
<screen>$ sh &lt;(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume</screen>
<para>
If you don't like the sound of this, you'll want to weigh the
other approaches and tradeoffs detailed in this section.
</para>
<note>
<title>Eventual solutions?</title>
<para>
All of the known workarounds have drawbacks, but we hope
better solutions will be available in the future. Some that
we have our eye on are:
</para>
<orderedlist>
<listitem>
<para>
A true firmlink would enable the Nix store to live on the
primary data volume without the build problems caused by
the symlink approach. End users cannot currently
create true firmlinks.
</para>
</listitem>
<listitem>
<para>
If the Nix store volume shared FileVault encryption
with the primary data volume (probably by using the same
volume group and role), FileVault encryption could be
easily supported by the installer without requiring
manual setup by each user.
</para>
</listitem>
</orderedlist>
</note>
<section xml:id="sect-macos-installation-change-store-prefix">
<title>Change the Nix store path prefix</title>
<para>
Changing the default prefix for the Nix store is a simple
approach which enables you to leave it on your root volume,
where it can take full advantage of FileVault encryption if
enabled. Unfortunately, this approach also opts your device out
of some benefits that are enabled by using the same prefix
across systems:
<itemizedlist>
<listitem>
<para>
Your system won't be able to take advantage of the binary
cache (unless someone is able to stand up and support
duplicate caching infrastructure), which means you'll
spend more time waiting for builds.
</para>
</listitem>
<listitem>
<para>
It's harder to build and deploy packages to Linux systems.
</para>
</listitem>
<!-- TODO: may be more here -->
</itemizedlist>
<!-- TODO: Yes, but how?! -->
It would also possible (and often requested) to just apply this
change ecosystem-wide, but it's an intrusive process that has
side effects we want to avoid for now.
<!-- magnificent hand-wavy gesture -->
</para>
<para>
</para>
</section>
<section xml:id="sect-macos-installation-encrypted-volume">
<title>Use a separate encrypted volume</title>
<para>
If you like, you can also add encryption to the recommended
approach taken by the installer. You can do this by pre-creating
an encrypted volume before you run the installer--or you can
run the installer and encrypt the volume it creates later.
<!-- TODO: see later note about whether this needs both add-encryption and from-scratch directions -->
</para>
<para>
In either case, adding encryption to a second volume isn't quite
as simple as enabling FileVault for your boot volume. Before you
dive in, there are a few things to weigh:
</para>
<orderedlist>
<listitem>
<para>
The additional volume won't be encrypted with your existing
FileVault key, so you'll need another mechanism to decrypt
the volume.
</para>
</listitem>
<listitem>
<para>
You can store the password in Keychain to automatically
decrypt the volume on boot--but it'll have to wait on Keychain
and may not mount before your GUI apps restore. If any of
your launchd agents or apps depend on Nix-installed software
(for example, if you use a Nix-installed login shell), the
restore may fail or break.
</para>
<para>
On a case-by-case basis, you may be able to work around this
problem by using <command>wait4path</command> to block
execution until your executable is available.
</para>
<para>
It's also possible to decrypt and mount the volume earlier
with a login hook--but this mechanism appears to be
deprecated and its future is unclear.
</para>
</listitem>
<listitem>
<para>
You can hard-code the password in the clear, so that your
store volume can be decrypted before Keychain is available.
</para>
</listitem>
</orderedlist>
<para>
If you are comfortable navigating these tradeoffs, you can encrypt the volume with
something along the lines of:
<!-- TODO:
I don't know if this also needs from-scratch instructions?
can we just recommend use-the-installer-and-then-encrypt?
-->
</para>
<!--
TODO: it looks like this option can be encryptVolume|encrypt|enableFileVault
It may be more clear to use encryptVolume, here? FileVault seems
heavily associated with the boot-volume behavior; I worry
a little that it can mislead here, especially as it gets
copied around minus doc context...?
-->
<screen>alice$ diskutil apfs enableFileVault /nix -user disk</screen>
<!-- TODO: and then go into detail on the mount/decrypt approaches? -->
</section>
<section xml:id="sect-macos-installation-symlink">
<!--
Maybe a good razor is: if we'd hate having to support someone who
installed Nix this way, it shouldn't even be detailed?
-->
<title>Symlink the Nix store to a custom location</title>
<para>
Another simple approach is using <filename>/etc/synthetic.conf</filename>
to symlink the Nix store to the data volume. This option also
enables your store to share any configured FileVault encryption.
Unfortunately, builds that resolve the symlink may leak the
canonical path or even fail.
</para>
<para>
Because of these downsides, we can't recommend this approach.
</para>
<!-- Leaving out instructions for this one. -->
</section>
<section xml:id="sect-macos-installation-recommended-notes">
<title>Notes on the recommended approach</title>
<para>
This section goes into a little more detail on the recommended
approach. You don't need to understand it to run the installer,
but it can serve as a helpful reference if you run into trouble.
</para>
<orderedlist>
<listitem>
<para>
In order to compose user-writable locations into the new
read-only system root, Apple introduced a new concept called
<literal>firmlinks</literal>, which it describes as a
"bi-directional wormhole" between two filesystems. You can
see the current firmlinks in <filename>/usr/share/firmlinks</filename>.
Unfortunately, firmlinks aren't (currently?) user-configurable.
</para>
<para>
For special cases like NFS mount points or package manager roots,
<link xlink:href="https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man5/synthetic.conf.5.html">synthetic.conf(5)</link>
supports limited user-controlled file-creation (of symlinks,
and synthetic empty directories) at <filename>/</filename>.
To create a synthetic empty directory for mounting at <filename>/nix</filename>,
add the following line to <filename>/etc/synthetic.conf</filename>
(create it if necessary):
</para>
<screen>nix</screen>
</listitem>
<listitem>
<para>
This configuration is applied at boot time, but you can use
<command>apfs.util</command> to trigger creation (not deletion)
of new entries without a reboot:
</para>
<screen>alice$ /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B</screen>
</listitem>
<listitem>
<para>
Create the new APFS volume with diskutil:
</para>
<screen>alice$ sudo diskutil apfs addVolume diskX APFS 'Nix Store' -mountpoint /nix</screen>
</listitem>
<listitem>
<para>
Using <command>vifs</command>, add the new mount to
<filename>/etc/fstab</filename>. If it doesn't already have
other entries, it should look something like:
</para>
<screen>
#
# Warning - this file should only be modified with vifs(8)
#
# Failure to do so is unsupported and may be destructive.
#
LABEL=Nix\040Store /nix apfs rw,nobrowse
</screen>
<para>
The nobrowse setting will keep Spotlight from indexing this
volume, and keep it from showing up on your desktop.
</para>
</listitem>
</orderedlist>
</section>
</section>
<section xml:id="sect-nix-install-pinned-version-url">
<title>Installing a pinned Nix version from a URL</title>
<para>
NixOS.org hosts version-specific installation URLs for all Nix
versions since 1.11.16, at
<literal>https://releases.nixos.org/nix/nix-<emphasis>version</emphasis>/install</literal>.
</para>
<para>
These install scripts can be used the same as the main
NixOS.org installation script:
<screen>
sh &lt;(curl -L https://nixos.org/nix/install)
</screen>
</para>
<para>
In the same directory of the install script are sha256 sums, and
gpg signature files.
</para>
</section>
<section xml:id="sect-nix-install-binary-tarball">
<title>Installing from a binary tarball</title>
<para>
You can also download a binary tarball that contains Nix and all
its dependencies. (This is what the install script at
<uri>https://nixos.org/nix/install</uri> does automatically.) You
should unpack it somewhere (e.g. in <filename>/tmp</filename>),
and then run the script named <command>install</command> inside
the binary tarball:
<screen>
alice$ cd /tmp
alice$ tar xfj nix-1.8-x86_64-darwin.tar.bz2
alice$ cd nix-1.8-x86_64-darwin
alice$ ./install
</screen>
</para>
<para>
If you need to edit the multi-user installation script to use
different group ID or a different user ID range, modify the
variables set in the file named
<filename>install-multi-user</filename>.
</para>
</section>
</chapter>

View file

@ -1,16 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-installing-source">
<title>Installing Nix from Source</title>
<para>If no binary package is available, you can download and compile
a source distribution.</para>
<xi:include href="prerequisites-source.xml" />
<xi:include href="obtaining-source.xml" />
<xi:include href="building-source.xml" />
</chapter>

View file

@ -1,107 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-multi-user">
<title>Multi-User Mode</title>
<para>To allow a Nix store to be shared safely among multiple users,
it is important that users are not able to run builders that modify
the Nix store or database in arbitrary ways, or that interfere with
builds started by other users. If they could do so, they could
install a Trojan horse in some package and compromise the accounts of
other users.</para>
<para>To prevent this, the Nix store and database are owned by some
privileged user (usually <literal>root</literal>) and builders are
executed under special user accounts (usually named
<literal>nixbld1</literal>, <literal>nixbld2</literal>, etc.). When a
unprivileged user runs a Nix command, actions that operate on the Nix
store (such as builds) are forwarded to a <emphasis>Nix
daemon</emphasis> running under the owner of the Nix store/database
that performs the operation.</para>
<note><para>Multi-user mode has one important limitation: only
<systemitem class="username">root</systemitem> and a set of trusted
users specified in <filename>nix.conf</filename> can specify arbitrary
binary caches. So while unprivileged users may install packages from
arbitrary Nix expressions, they may not get pre-built
binaries.</para></note>
<section>
<title>Setting up the build users</title>
<para>The <emphasis>build users</emphasis> are the special UIDs under
which builds are performed. They should all be members of the
<emphasis>build users group</emphasis> <literal>nixbld</literal>.
This group should have no other members. The build users should not
be members of any other group. On Linux, you can create the group and
users as follows:
<screen>
$ groupadd -r nixbld
$ for n in $(seq 1 10); do useradd -c "Nix build user $n" \
-d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \
nixbld$n; done
</screen>
This creates 10 build users. There can never be more concurrent builds
than the number of build users, so you may want to increase this if
you expect to do many builds at the same time.</para>
</section>
<section>
<title>Running the daemon</title>
<para>The <link linkend="sec-nix-daemon">Nix daemon</link> should be
started as follows (as <literal>root</literal>):
<screen>
$ nix-daemon</screen>
Youll want to put that line somewhere in your systems boot
scripts.</para>
<para>To let unprivileged users use the daemon, they should set the
<link linkend="envar-remote"><literal>NIX_REMOTE</literal> environment
variable</link> to <literal>daemon</literal>. So you should put a
line like
<programlisting>
export NIX_REMOTE=daemon</programlisting>
into the users login scripts.</para>
</section>
<section>
<title>Restricting access</title>
<para>To limit which users can perform Nix operations, you can use the
permissions on the directory
<filename>/nix/var/nix/daemon-socket</filename>. For instance, if you
want to restrict the use of Nix to the members of a group called
<literal>nix-users</literal>, do
<screen>
$ chgrp nix-users /nix/var/nix/daemon-socket
$ chmod ug=rwx,o= /nix/var/nix/daemon-socket
</screen>
This way, users who are not in the <literal>nix-users</literal> group
cannot connect to the Unix domain socket
<filename>/nix/var/nix/daemon-socket/socket</filename>, so they cannot
perform Nix operations.</para>
</section>
</section>

View file

@ -1,27 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-nix-security">
<title>Security</title>
<para>Nix has two basic security models. First, it can be used in
“single-user mode”, which is similar to what most other package
management tools do: there is a single user (typically <systemitem
class="username">root</systemitem>) who performs all package
management operations. All other users can then use the installed
packages, but they cannot perform package management operations
themselves.</para>
<para>Alternatively, you can configure Nix in “multi-user mode”. In
this model, all users can perform package management operations — for
instance, every user can install software without requiring root
privileges. Nix ensures that this is secure. For instance, its not
possible for one user to overwrite a package used by another user with
a Trojan horse.</para>
<xi:include href="single-user.xml" />
<xi:include href="multi-user.xml" />
</chapter>

View file

@ -1,30 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-obtaining-source">
<title>Obtaining a Source Distribution</title>
<para>The source tarball of the most recent stable release can be
downloaded from the <link
xlink:href="http://nixos.org/nix/download.html">Nix homepage</link>.
You can also grab the <link
xlink:href="http://hydra.nixos.org/job/nix/master/release/latest-finished#tabs-constituents">most
recent development release</link>.</para>
<para>Alternatively, the most recent sources of Nix can be obtained
from its <link
xlink:href="https://github.com/NixOS/nix">Git
repository</link>. For example, the following command will check out
the latest revision into a directory called
<filename>nix</filename>:</para>
<screen>
$ git clone https://github.com/NixOS/nix</screen>
<para>Likewise, specific releases can be obtained from the <link
xlink:href="https://github.com/NixOS/nix/tags">tags</link> of the
repository.</para>
</section>

View file

@ -1,101 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-prerequisites-source">
<title>Prerequisites</title>
<itemizedlist>
<listitem><para>GNU Autoconf
(<link xlink:href="https://www.gnu.org/software/autoconf/"/>)
and the autoconf-archive macro collection
(<link xlink:href="https://www.gnu.org/software/autoconf-archive/"/>).
These are only needed to run the bootstrap script, and are not necessary
if your source distribution came with a pre-built
<literal>./configure</literal> script.</para></listitem>
<listitem><para>GNU Make.</para></listitem>
<listitem><para>Bash Shell. The <literal>./configure</literal> script
relies on bashisms, so Bash is required.</para></listitem>
<listitem><para>A version of GCC or Clang that supports C++17.</para></listitem>
<listitem><para><command>pkg-config</command> to locate
dependencies. If your distribution does not provide it, you can get
it from <link
xlink:href="http://www.freedesktop.org/wiki/Software/pkg-config"
/>.</para></listitem>
<listitem><para>The OpenSSL library to calculate cryptographic hashes.
If your distribution does not provide it, you can get it from <link
xlink:href="https://www.openssl.org"/>.</para></listitem>
<listitem><para>The <literal>libbrotlienc</literal> and
<literal>libbrotlidec</literal> libraries to provide implementation
of the Brotli compression algorithm. They are available for download
from the official repository <link
xlink:href="https://github.com/google/brotli" />.</para></listitem>
<listitem><para>The bzip2 compressor program and the
<literal>libbz2</literal> library. Thus you must have bzip2
installed, including development headers and libraries. If your
distribution does not provide these, you can obtain bzip2 from <link
xlink:href="https://web.archive.org/web/20180624184756/http://www.bzip.org/"
/>.</para></listitem>
<listitem><para><literal>liblzma</literal>, which is provided by
XZ Utils. If your distribution does not provide this, you can
get it from <link xlink:href="https://tukaani.org/xz/"/>.</para></listitem>
<listitem><para>cURL and its library. If your distribution does not
provide it, you can get it from <link
xlink:href="https://curl.haxx.se/"/>.</para></listitem>
<listitem><para>The SQLite embedded database library, version 3.6.19
or higher. If your distribution does not provide it, please install
it from <link xlink:href="http://www.sqlite.org/" />.</para></listitem>
<listitem><para>The <link
xlink:href="http://www.hboehm.info/gc/">Boehm
garbage collector</link> to reduce the evaluators memory
consumption (optional). To enable it, install
<literal>pkgconfig</literal> and the Boehm garbage collector, and
pass the flag <option>--enable-gc</option> to
<command>configure</command>.</para></listitem>
<listitem><para>The <literal>boost</literal> library of version
1.66.0 or higher. It can be obtained from the official web site
<link xlink:href="https://www.boost.org/" />.</para></listitem>
<listitem><para>The <literal>editline</literal> library of version
1.14.0 or higher. It can be obtained from the its repository
<link xlink:href="https://github.com/troglobit/editline" />.</para></listitem>
<listitem><para>Recent versions of Bison and Flex to build the
parser. (This is because Nix needs GLR support in Bison and
reentrancy support in Flex.) For Bison, you need version 2.6, which
can be obtained from the <link
xlink:href="ftp://alpha.gnu.org/pub/gnu/bison">GNU FTP
server</link>. For Flex, you need version 2.5.35, which is
available on <link
xlink:href="http://lex.sourceforge.net/">SourceForge</link>.
Slightly older versions may also work, but ancient versions like the
ubiquitous 2.5.4a won't. Note that these are only required if you
modify the parser or when you are building from the Git
repository.</para></listitem>
<listitem><para>The <literal>libseccomp</literal> is used to provide
syscall filtering on Linux. This is an optional dependency and can
be disabled passing a <option>--disable-seccomp-sandboxing</option>
option to the <command>configure</command> script (Not recommended
unless your system doesn't support
<literal>libseccomp</literal>). To get the library, visit <link
xlink:href="https://github.com/seccomp/libseccomp"
/>.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,21 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-single-user">
<title>Single-User Mode</title>
<para>In single-user mode, all Nix operations that access the database
in <filename><emphasis>prefix</emphasis>/var/nix/db</filename>
or modify the Nix store in
<filename><emphasis>prefix</emphasis>/store</filename> must be
performed under the user ID that owns those directories. This is
typically <systemitem class="username">root</systemitem>. (If you
install from RPM packages, thats in fact the default ownership.)
However, on single-user machines, it is often convenient to
<command>chown</command> those directories to your normal user account
so that you dont have to <command>su</command> to <systemitem
class="username">root</systemitem> all the time.</para>
</section>

View file

@ -1,36 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-supported-platforms">
<title>Supported Platforms</title>
<para>Nix is currently supported on the following platforms:
<itemizedlist>
<listitem><para>Linux (i686, x86_64, aarch64).</para></listitem>
<listitem><para>macOS (x86_64).</para></listitem>
<!--
<listitem><para>FreeBSD (only tested on Intel).</para></listitem>
-->
<!--
<listitem><para>Windows through <link
xlink:href="http://www.cygwin.com/">Cygwin</link>.</para>
<warning><para>On Cygwin, Nix <emphasis>must</emphasis> be installed
on an NTFS partition. It will not work correctly on a FAT
partition.</para></warning>
</listitem>
-->
</itemizedlist>
</para>
</chapter>

View file

@ -1,27 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-upgrading-nix">
<title>Upgrading Nix</title>
<para>
Multi-user Nix users on macOS can upgrade Nix by running:
<command>sudo -i sh -c 'nix-channel --update &amp;&amp;
nix-env -iA nixpkgs.nix &amp;&amp;
launchctl remove org.nixos.nix-daemon &amp;&amp;
launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist'</command>
</para>
<para>
Single-user installations of Nix should run this:
<command>nix-channel --update; nix-env -iA nixpkgs.nix nixpkgs.cacert</command>
</para>
<para>
Multi-user Nix users on Linux should run this with sudo:
<command>nix-channel --update; nix-env -iA nixpkgs.nix nixpkgs.cacert; systemctl daemon-reload; systemctl restart nix-daemon</command>
</para>
</chapter>

View file

@ -1,268 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-about-nix">
<title>About Nix</title>
<para>Nix is a <emphasis>purely functional package manager</emphasis>.
This means that it treats packages like values in purely functional
programming languages such as Haskell — they are built by functions
that dont have side-effects, and they never change after they have
been built. Nix stores packages in the <emphasis>Nix
store</emphasis>, usually the directory
<filename>/nix/store</filename>, where each package has its own unique
subdirectory such as
<programlisting>
/nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/
</programlisting>
where <literal>b6gvzjyb2pg0…</literal> is a unique identifier for the
package that captures all its dependencies (its a cryptographic hash
of the packages build dependency graph). This enables many powerful
features.</para>
<section><title>Multiple versions</title>
<para>You can have multiple versions or variants of a package
installed at the same time. This is especially important when
different applications have dependencies on different versions of the
same package — it prevents the “DLL hell”. Because of the hashing
scheme, different versions of a package end up in different paths in
the Nix store, so they dont interfere with each other.</para>
<para>An important consequence is that operations like upgrading or
uninstalling an application cannot break other applications, since
these operations never “destructively” update or delete files that are
used by other packages.</para>
</section>
<section><title>Complete dependencies</title>
<para>Nix helps you make sure that package dependency specifications
are complete. In general, when youre making a package for a package
management system like RPM, you have to specify for each package what
its dependencies are, but there are no guarantees that this
specification is complete. If you forget a dependency, then the
package will build and work correctly on <emphasis>your</emphasis>
machine if you have the dependency installed, but not on the end
user's machine if it's not there.</para>
<para>Since Nix on the other hand doesnt install packages in “global”
locations like <filename>/usr/bin</filename> but in package-specific
directories, the risk of incomplete dependencies is greatly reduced.
This is because tools such as compilers dont search in per-packages
directories such as
<filename>/nix/store/5lbfaxb722zp…-openssl-0.9.8d/include</filename>,
so if a package builds correctly on your system, this is because you
specified the dependency explicitly. This takes care of the build-time
dependencies.</para>
<para>Once a package is built, runtime dependencies are found by
scanning binaries for the hash parts of Nix store paths (such as
<literal>r8vvq9kq…</literal>). This sounds risky, but it works
extremely well.</para>
</section>
<section><title>Multi-user support</title>
<para>Nix has multi-user support. This means that non-privileged
users can securely install software. Each user can have a different
<emphasis>profile</emphasis>, a set of packages in the Nix store that
appear in the users <literal>PATH</literal>. If a user installs a
package that another user has already installed previously, the
package wont be built or downloaded a second time. At the same time,
it is not possible for one user to inject a Trojan horse into a
package that might be used by another user.</para>
</section>
<section><title>Atomic upgrades and rollbacks</title>
<para>Since package management operations never overwrite packages in
the Nix store but just add new versions in different paths, they are
<emphasis>atomic</emphasis>. So during a package upgrade, there is no
time window in which the package has some files from the old version
and some files from the new version — which would be bad because a
program might well crash if its started during that period.</para>
<para>And since packages arent overwritten, the old versions are still
there after an upgrade. This means that you can <emphasis>roll
back</emphasis> to the old version:</para>
<screen>
$ nix-env --upgrade <emphasis>some-packages</emphasis>
$ nix-env --rollback
</screen>
</section>
<section><title>Garbage collection</title>
<para>When you uninstall a package like this…
<screen>
$ nix-env --uninstall firefox
</screen>
the package isnt deleted from the system right away (after all, you
might want to do a rollback, or it might be in the profiles of other
users). Instead, unused packages can be deleted safely by running the
<emphasis>garbage collector</emphasis>:
<screen>
$ nix-collect-garbage
</screen>
This deletes all packages that arent in use by any user profile or by
a currently running program.</para>
</section>
<section><title>Functional package language</title>
<para>Packages are built from <emphasis>Nix expressions</emphasis>,
which is a simple functional language. A Nix expression describes
everything that goes into a package build action (a “derivation”):
other packages, sources, the build script, environment variables for
the build script, etc. Nix tries very hard to ensure that Nix
expressions are <emphasis>deterministic</emphasis>: building a Nix
expression twice should yield the same result.</para>
<para>Because its a functional language, its easy to support
building variants of a package: turn the Nix expression into a
function and call it any number of times with the appropriate
arguments. Due to the hashing scheme, variants dont conflict with
each other in the Nix store.</para>
</section>
<section><title>Transparent source/binary deployment</title>
<para>Nix expressions generally describe how to build a package from
source, so an installation action like
<screen>
$ nix-env --install firefox
</screen>
<emphasis>could</emphasis> cause quite a bit of build activity, as not
only Firefox but also all its dependencies (all the way up to the C
library and the compiler) would have to built, at least if they are
not already in the Nix store. This is a <emphasis>source deployment
model</emphasis>. For most users, building from source is not very
pleasant as it takes far too long. However, Nix can automatically
skip building from source and instead use a <emphasis>binary
cache</emphasis>, a web server that provides pre-built binaries. For
instance, when asked to build
<literal>/nix/store/b6gvzjyb2pg0…-firefox-33.1</literal> from source,
Nix would first check if the file
<uri>https://cache.nixos.org/b6gvzjyb2pg0….narinfo</uri> exists, and
if so, fetch the pre-built binary referenced from there; otherwise, it
would fall back to building from source.</para>
</section>
<!--
<section><title>Binary patching</title>
<para>In addition to downloading binaries automatically if theyre
available, Nix can download binary deltas that patch an existing
package in the Nix store into a new version. This speeds up
upgrades.</para>
</section>
-->
<section><title>Nix Packages collection</title>
<para>We provide a large set of Nix expressions containing hundreds of
existing Unix packages, the <emphasis>Nix Packages
collection</emphasis> (Nixpkgs).</para>
</section>
<section><title>Managing build environments</title>
<para>Nix is extremely useful for developers as it makes it easy to
automatically set up the build environment for a package. Given a
Nix expression that describes the dependencies of your package, the
command <command>nix-shell</command> will build or download those
dependencies if theyre not already in your Nix store, and then start
a Bash shell in which all necessary environment variables (such as
compiler search paths) are set.</para>
<para>For example, the following command gets all dependencies of the
Pan newsreader, as described by <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/newsreaders/pan/default.nix">its
Nix expression</link>:</para>
<screen>
$ nix-shell '&lt;nixpkgs>' -A pan
</screen>
<para>Youre then dropped into a shell where you can edit, build and test
the package:</para>
<screen>
[nix-shell]$ tar xf $src
[nix-shell]$ cd pan-*
[nix-shell]$ ./configure
[nix-shell]$ make
[nix-shell]$ ./pan/gui/pan
</screen>
<!--
<para>Since Nix packages are reproducible and have complete dependency
specifications, Nix makes an excellent basis for <a
href="[%root%]hydra">a continuous build system</a>.</para>
-->
</section>
<section><title>Portability</title>
<para>Nix runs on Linux and macOS.</para>
</section>
<section><title>NixOS</title>
<para>NixOS is a Linux distribution based on Nix. It uses Nix not
just for package management but also to manage the system
configuration (e.g., to build configuration files in
<filename>/etc</filename>). This means, among other things, that it
is easy to roll back the entire configuration of the system to an
earlier state. Also, users can install software without root
privileges. For more information and downloads, see the <link
xlink:href="http://nixos.org/">NixOS homepage</link>.</para>
</section>
<section><title>License</title>
<para>Nix is released under the terms of the <link
xlink:href="http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html">GNU
LGPLv2.1 or (at your option) any later version</link>.</para>
</section>
</chapter>

View file

@ -1,12 +0,0 @@
<part xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="chap-introduction">
<title>Introduction</title>
<xi:include href="about-nix.xml" />
<xi:include href="quick-start.xml" />
</part>

View file

@ -1,124 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="chap-quick-start">
<title>Quick Start</title>
<para>This chapter is for impatient people who don't like reading
documentation. For more in-depth information you are kindly referred
to subsequent chapters.</para>
<procedure>
<step><para>Install single-user Nix by running the following:
<screen>
$ bash &lt;(curl -L https://nixos.org/nix/install)
</screen>
This will install Nix in <filename>/nix</filename>. The install script
will create <filename>/nix</filename> using <command>sudo</command>,
so make sure you have sufficient rights. (For other installation
methods, see <xref linkend="chap-installation"/>.)</para></step>
<step><para>See what installable packages are currently available
in the channel:
<screen>
$ nix-env -qa
docbook-xml-4.3
docbook-xml-4.5
firefox-33.0.2
hello-2.9
libxslt-1.1.28
<emphasis>...</emphasis></screen>
</para></step>
<step><para>Install some packages from the channel:
<screen>
$ nix-env -i hello</screen>
This should download pre-built packages; it should not build them
locally (if it does, something went wrong).</para></step>
<step><para>Test that they work:
<screen>
$ which hello
/home/eelco/.nix-profile/bin/hello
$ hello
Hello, world!
</screen>
</para></step>
<step><para>Uninstall a package:
<screen>
$ nix-env -e hello</screen>
</para></step>
<step><para>You can also test a package without installing it:
<screen>
$ nix-shell -p hello
</screen>
This builds or downloads GNU Hello and its dependencies, then drops
you into a Bash shell where the <command>hello</command> command is
present, all without affecting your normal environment:
<screen>
[nix-shell:~]$ hello
Hello, world!
[nix-shell:~]$ exit
$ hello
hello: command not found
</screen>
</para></step>
<step><para>To keep up-to-date with the channel, do:
<screen>
$ nix-channel --update nixpkgs
$ nix-env -u '*'</screen>
The latter command will upgrade each installed package for which there
is a “newer” version (as determined by comparing the version
numbers).</para></step>
<step><para>If you're unhappy with the result of a
<command>nix-env</command> action (e.g., an upgraded package turned
out not to work properly), you can go back:
<screen>
$ nix-env --rollback</screen>
</para></step>
<step><para>You should periodically run the Nix garbage collector
to get rid of unused packages, since uninstalls or upgrades don't
actually delete them:
<screen>
$ nix-collect-garbage -d</screen>
<!--
The first command deletes old “generations” of your profile (making
rollbacks impossible, but also making the packages in those old
generations available for garbage collection), while the second
command actually deletes them.-->
</para></step>
</procedure>
</chapter>

View file

@ -2,14 +2,6 @@ ifeq ($(doc_generate),yes)
MANUAL_SRCS := $(call rwildcard, $(d)/src, *.md) MANUAL_SRCS := $(call rwildcard, $(d)/src, *.md)
#$(d)/version.txt:
# $(trace-gen) echo -n $(PACKAGE_VERSION) > $@
clean-files += $(d)/version.txt
dist-files += $(d)/version.txt
# Generate man pages. # Generate man pages.
man-pages := $(foreach n, \ man-pages := $(foreach n, \
nix-env.1 nix-build.1 nix-shell.1 nix-store.1 nix-instantiate.1 \ nix-env.1 nix-build.1 nix-shell.1 nix-store.1 nix-instantiate.1 \
@ -38,5 +30,4 @@ install: $(docdir)/manual/index.html
$(docdir)/manual/index.html: $(MANUAL_SRCS) $(docdir)/manual/index.html: $(MANUAL_SRCS)
$(trace-gen) mdbook build doc/manual -d $(docdir)/manual $(trace-gen) mdbook build doc/manual -d $(docdir)/manual
endif endif

View file

@ -1,52 +0,0 @@
<book xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0">
<info>
<title>Nix Package Manager Guide</title>
<subtitle>Version <xi:include href="version.txt" parse="text" /></subtitle>
<author>
<personname>
<firstname>Eelco</firstname>
<surname>Dolstra</surname>
</personname>
<contrib>Author</contrib>
</author>
<copyright>
<year>2004-2018</year>
<holder>Eelco Dolstra</holder>
</copyright>
</info>
<!--
<preface>
<title>Preface</title>
<para>This manual describes how to set up and use the Nix package
manager.</para>
</preface>
-->
<xi:include href="introduction/introduction.xml" />
<xi:include href="installation/installation.xml" />
<xi:include href="installation/upgrading.xml" />
<xi:include href="packages/package-management.xml" />
<xi:include href="expressions/writing-nix-expressions.xml" />
<xi:include href="advanced-topics/advanced-topics.xml" />
<xi:include href="command-ref/command-ref.xml" />
<xi:include href="glossary/glossary.xml" />
<xi:include href="hacking.xml" />
<xi:include href="release-notes/release-notes.xml" />
<!--
<appendix>
<title>Nix Release Notes</title>
<xi:include href="release-notes/release-notes.xml"
xpointer="xmlns(x=http://docbook.org/ns/docbook)xpointer(x:article/x:section)" />
</appendix>
-->
</book>

View file

@ -1,182 +0,0 @@
<appendix>
<title>Nix Language Reference</title>
<sect1>
<title>Grammar</title>
<productionset>
<title>Expressions</title>
<production id="nix.expr">
<lhs>Expr</lhs>
<rhs>
<nonterminal def="#nix.expr_function" />
</rhs>
</production>
<production id="nix.expr_function">
<lhs>ExprFunction</lhs>
<rhs>
'{' <nonterminal def="#nix.formals" /> '}' ':' <nonterminal def="#nix.expr_function" />
<sbr />|
<nonterminal def="#nix.expr_assert" />
</rhs>
</production>
<production id="nix.expr_assert">
<lhs>ExprAssert</lhs>
<rhs>
'assert' <nonterminal def="#nix.expr" /> ';' <nonterminal def="#nix.expr_assert" />
<sbr />|
<nonterminal def="#nix.expr_if" />
</rhs>
</production>
<production id="nix.expr_if">
<lhs>ExprIf</lhs>
<rhs>
'if' <nonterminal def="#nix.expr" /> 'then' <nonterminal def="#nix.expr" />
'else' <nonterminal def="#nix.expr" />
<sbr />|
<nonterminal def="#nix.expr_op" />
</rhs>
</production>
<production id="nix.expr_op">
<lhs>ExprOp</lhs>
<rhs>
'!' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '==' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '!=' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '&amp;&amp;' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '||' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '->' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '//' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '~' <nonterminal def="#nix.expr_op" />
<sbr />|
<nonterminal def="#nix.expr_op" /> '?' <nonterminal def="#nix.id" />
<sbr />|
<nonterminal def="#nix.expr_app" />
</rhs>
</production>
<production id="nix.expr_app">
<lhs>ExprApp</lhs>
<rhs>
<nonterminal def="#nix.expr_app" /> '.' <nonterminal def="#nix.expr_select" />
<sbr />|
<nonterminal def="#nix.expr_select" />
</rhs>
</production>
<production id="nix.expr_select">
<lhs>ExprSelect</lhs>
<rhs>
<nonterminal def="#nix.expr_select" /> <nonterminal def="#nix.id" />
<sbr />|
<nonterminal def="#nix.expr_simple" />
</rhs>
</production>
<production id="nix.expr_simple">
<lhs>ExprSimple</lhs>
<rhs>
<nonterminal def="#nix.id" /> |
<nonterminal def="#nix.int" /> |
<nonterminal def="#nix.str" /> |
<nonterminal def="#nix.path" /> |
<nonterminal def="#nix.uri" />
<sbr />|
'true' | 'false' | 'null'
<sbr />|
'(' <nonterminal def="#nix.expr" /> ')'
<sbr />|
'{' <nonterminal def="#nix.bind" />* '}'
<sbr />|
'let' '{' <nonterminal def="#nix.bind" />* '}'
<sbr />|
'rec' '{' <nonterminal def="#nix.bind" />* '}'
<sbr />|
'[' <nonterminal def="#nix.expr_select" />* ']'
</rhs>
</production>
<production id="nix.bind">
<lhs>Bind</lhs>
<rhs>
<nonterminal def="#nix.id" /> '=' <nonterminal def="#nix.expr" /> ';'
<sbr />|
'inherit' ('(' <nonterminal def="#nix.expr" /> ')')? <nonterminal def="#nix.id" />* ';'
</rhs>
</production>
<production id="nix.formals">
<lhs>Formals</lhs>
<rhs>
<nonterminal def="#nix.formal" /> ',' <nonterminal def="#nix.formals" />
| <nonterminal def="#nix.formal" />
</rhs>
</production>
<production id="nix.formal">
<lhs>Formal</lhs>
<rhs>
<nonterminal def="#nix.id" />
<sbr />|
<nonterminal def="#nix.id" /> '?' <nonterminal def="#nix.expr" />
</rhs>
</production>
</productionset>
<productionset>
<title>Terminals</title>
<production id="nix.id">
<lhs>Id</lhs>
<rhs>[a-zA-Z\_][a-zA-Z0-9\_\']*</rhs>
</production>
<production id="nix.int">
<lhs>Int</lhs>
<rhs>[0-9]+</rhs>
</production>
<production id="nix.str">
<lhs>Str</lhs>
<rhs>\"[^\n\"]*\"</rhs>
</production>
<production id="nix.path">
<lhs>Path</lhs>
<rhs>[a-zA-Z0-9\.\_\-\+]*(\/[a-zA-Z0-9\.\_\-\+]+)+</rhs>
</production>
<production id="nix.uri">
<lhs>Uri</lhs>
<rhs>[a-zA-Z][a-zA-Z0-9\+\-\.]*\:[a-zA-Z0-9\%\/\?\:\@\&amp;\=\+\$\,\-\_\.\!\~\*\']+</rhs>
</production>
<production id="nix.ws">
<lhs>Whitespace</lhs>
<rhs>
[ \t\n]+
<sbr />|
\#[^\n]*
<sbr />|
\/\*(.|\n)*\*\/
</rhs>
</production>
</productionset>
</sect1>
</appendix>

View file

@ -1,194 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-basic-package-mgmt">
<title>Basic Package Management</title>
<para>The main command for package management is <link
linkend="sec-nix-env"><command>nix-env</command></link>. You can use
it to install, upgrade, and erase packages, and to query what
packages are installed or are available for installation.</para>
<para>In Nix, different users can have different “views”
on the set of installed applications. That is, there might be lots of
applications present on the system (possibly in many different
versions), but users can have a specific selection of those active —
where “active” just means that it appears in a directory
in the users <literal>PATH</literal>. Such a view on the set of
installed applications is called a <emphasis>user
environment</emphasis>, which is just a directory tree consisting of
symlinks to the files of the active applications. </para>
<para>Components are installed from a set of <emphasis>Nix
expressions</emphasis> that tell Nix how to build those packages,
including, if necessary, their dependencies. There is a collection of
Nix expressions called the Nixpkgs package collection that contains
packages ranging from basic development stuff such as GCC and Glibc,
to end-user applications like Mozilla Firefox. (Nix is however not
tied to the Nixpkgs package collection; you could write your own Nix
expressions based on Nixpkgs, or completely new ones.)</para>
<para>You can manually download the latest version of Nixpkgs from
<link xlink:href='http://nixos.org/nixpkgs/download.html'/>. However,
its much more convenient to use the Nixpkgs
<emphasis>channel</emphasis>, since it makes it easy to stay up to
date with new versions of Nixpkgs. (Channels are described in more
detail in <xref linkend="sec-channels"/>.) Nixpkgs is automatically
added to your list of “subscribed” channels when you install
Nix. If this is not the case for some reason, you can add it as
follows:
<screen>
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable
$ nix-channel --update
</screen>
</para>
<note><para>On NixOS, youre automatically subscribed to a NixOS
channel corresponding to your NixOS major release
(e.g. <uri>http://nixos.org/channels/nixos-14.12</uri>). A NixOS
channel is identical to the Nixpkgs channel, except that it contains
only Linux binaries and is updated only if a set of regression tests
succeed.</para></note>
<para>You can view the set of available packages in Nixpkgs:
<screen>
$ nix-env -qa
aterm-2.2
bash-3.0
binutils-2.15
bison-1.875d
blackdown-1.4.2
bzip2-1.0.2
</screen>
The flag <option>-q</option> specifies a query operation, and
<option>-a</option> means that you want to show the “available” (i.e.,
installable) packages, as opposed to the installed packages. If you
downloaded Nixpkgs yourself, or if you checked it out from GitHub,
then you need to pass the path to your Nixpkgs tree using the
<option>-f</option> flag:
<screen>
$ nix-env -qaf <emphasis>/path/to/nixpkgs</emphasis>
</screen>
where <emphasis>/path/to/nixpkgs</emphasis> is where youve
unpacked or checked out Nixpkgs.</para>
<para>You can select specific packages by name:
<screen>
$ nix-env -qa firefox
firefox-34.0.5
firefox-with-plugins-34.0.5
</screen>
and using regular expressions:
<screen>
$ nix-env -qa 'firefox.*'
</screen>
</para>
<para>It is also possible to see the <emphasis>status</emphasis> of
available packages, i.e., whether they are installed into the user
environment and/or present in the system:
<screen>
$ nix-env -qas
-PS bash-3.0
--S binutils-2.15
IPS bison-1.875d
</screen>
The first character (<literal>I</literal>) indicates whether the
package is installed in your current user environment. The second
(<literal>P</literal>) indicates whether it is present on your system
(in which case installing it into your user environment would be a
very quick operation). The last one (<literal>S</literal>) indicates
whether there is a so-called <emphasis>substitute</emphasis> for the
package, which is Nixs mechanism for doing binary deployment. It
just means that Nix knows that it can fetch a pre-built package from
somewhere (typically a network server) instead of building it
locally.</para>
<para>You can install a package using <literal>nix-env -i</literal>.
For instance,
<screen>
$ nix-env -i subversion</screen>
will install the package called <literal>subversion</literal> (which
is, of course, the <link
xlink:href='http://subversion.tigris.org/'>Subversion version
management system</link>).</para>
<note><para>When you ask Nix to install a package, it will first try
to get it in pre-compiled form from a <emphasis>binary
cache</emphasis>. By default, Nix will use the binary cache
<uri>https://cache.nixos.org</uri>; it contains binaries for most
packages in Nixpkgs. Only if no binary is available in the binary
cache, Nix will build the package from source. So if <literal>nix-env
-i subversion</literal> results in Nix building stuff from source,
then either the package is not built for your platform by the Nixpkgs
build servers, or your version of Nixpkgs is too old or too new. For
instance, if you have a very recent checkout of Nixpkgs, then the
Nixpkgs build servers may not have had a chance to build everything
and upload the resulting binaries to
<uri>https://cache.nixos.org</uri>. The Nixpkgs channel is only
updated after all binaries have been uploaded to the cache, so if you
stick to the Nixpkgs channel (rather than using a Git checkout of the
Nixpkgs tree), you will get binaries for most packages.</para></note>
<para>Naturally, packages can also be uninstalled:
<screen>
$ nix-env -e subversion</screen>
</para>
<para>Upgrading to a new version is just as easy. If you have a new
release of Nix Packages, you can do:
<screen>
$ nix-env -u subversion</screen>
This will <emphasis>only</emphasis> upgrade Subversion if there is a
“newer” version in the new set of Nix expressions, as
defined by some pretty arbitrary rules regarding ordering of version
numbers (which generally do what youd expect of them). To just
unconditionally replace Subversion with whatever version is in the Nix
expressions, use <parameter>-i</parameter> instead of
<parameter>-u</parameter>; <parameter>-i</parameter> will remove
whatever version is already installed.</para>
<para>You can also upgrade all packages for which there are newer
versions:
<screen>
$ nix-env -u</screen>
</para>
<para>Sometimes its useful to be able to ask what
<command>nix-env</command> would do, without actually doing it. For
instance, to find out what packages would be upgraded by
<literal>nix-env -u</literal>, you can do
<screen>
$ nix-env -u --dry-run
(dry run; not doing anything)
upgrading `libxslt-1.1.0' to `libxslt-1.1.10'
upgrading `graphviz-1.10' to `graphviz-1.12'
upgrading `coreutils-5.0' to `coreutils-5.2.1'</screen>
</para>
</chapter>

View file

@ -1,70 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-binary-cache-substituter">
<title>Serving a Nix store via HTTP</title>
<para>You can easily share the Nix store of a machine via HTTP. This
allows other machines to fetch store paths from that machine to speed
up installations. It uses the same <emphasis>binary cache</emphasis>
mechanism that Nix usually uses to fetch pre-built binaries from
<uri>https://cache.nixos.org</uri>.</para>
<para>The daemon that handles binary cache requests via HTTP,
<command>nix-serve</command>, is not part of the Nix distribution, but
you can install it from Nixpkgs:
<screen>
$ nix-env -i nix-serve
</screen>
You can then start the server, listening for HTTP connections on
whatever port you like:
<screen>
$ nix-serve -p 8080
</screen>
To check whether it works, try the following on the client:
<screen>
$ curl http://avalon:8080/nix-cache-info
</screen>
which should print something like:
<screen>
StoreDir: /nix/store
WantMassQuery: 1
Priority: 30
</screen>
</para>
<para>On the client side, you can tell Nix to use your binary cache
using <option>--option extra-binary-caches</option>, e.g.:
<screen>
$ nix-env -i firefox --option extra-binary-caches http://avalon:8080/
</screen>
The option <option>extra-binary-caches</option> tells Nix to use this
binary cache in addition to your default caches, such as
<uri>https://cache.nixos.org</uri>. Thus, for any path in the closure
of Firefox, Nix will first check if the path is available on the
server <literal>avalon</literal> or another binary caches. If not, it
will fall back to building from source.</para>
<para>You can also tell Nix to always use your binary cache by adding
a line to the <filename linkend="sec-conf-file">nix.conf</filename>
configuration file like this:
<programlisting>
binary-caches = http://avalon:8080/ https://cache.nixos.org/
</programlisting>
</para>
</section>

View file

@ -1,60 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-channels">
<title>Channels</title>
<para>If you want to stay up to date with a set of packages, its not
very convenient to manually download the latest set of Nix expressions
for those packages and upgrade using <command>nix-env</command>.
Fortunately, theres a better way: <emphasis>Nix
channels</emphasis>.</para>
<para>A Nix channel is just a URL that points to a place that contains
a set of Nix expressions and a manifest. Using the command <link
linkend="sec-nix-channel"><command>nix-channel</command></link> you
can automatically stay up to date with whatever is available at that
URL.</para>
<para>To see the list of official NixOS channels, visit <link
xlink:href="https://nixos.org/channels" />.</para>
<para>You can “subscribe” to a channel using
<command>nix-channel --add</command>, e.g.,
<screen>
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable</screen>
subscribes you to a channel that always contains that latest version
of the Nix Packages collection. (Subscribing really just means that
the URL is added to the file <filename>~/.nix-channels</filename>,
where it is read by subsequent calls to <command>nix-channel
--update</command>.) You can “unsubscribe” using <command>nix-channel
--remove</command>:
<screen>
$ nix-channel --remove nixpkgs
</screen>
</para>
<para>To obtain the latest Nix expressions available in a channel, do
<screen>
$ nix-channel --update</screen>
This downloads and unpacks the Nix expressions in every channel
(downloaded from <literal><emphasis>url</emphasis>/nixexprs.tar.bz2</literal>).
It also makes the union of each channels Nix expressions available by
default to <command>nix-env</command> operations (via the symlink
<filename>~/.nix-defexpr/channels</filename>). Consequently, you can
then say
<screen>
$ nix-env -u</screen>
to upgrade all packages in your profile to the latest versions
available in the subscribed channels.</para>
</chapter>

View file

@ -1,50 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-copy-closure">
<title>Copying Closures via SSH</title>
<para>The command <command
linkend="sec-nix-copy-closure">nix-copy-closure</command> copies a Nix
store path along with all its dependencies to or from another machine
via the SSH protocol. It doesnt copy store paths that are already
present on the target machine. For example, the following command
copies Firefox with all its dependencies:
<screen>
$ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)</screen>
See <xref linkend='sec-nix-copy-closure' /> for details.</para>
<para>With <command linkend='refsec-nix-store-export'>nix-store
--export</command> and <command
linkend='refsec-nix-store-import'>nix-store --import</command> you can
write the closure of a store path (that is, the path and all its
dependencies) to a file, and then unpack that file into another Nix
store. For example,
<screen>
$ nix-store --export $(nix-store -qR $(type -p firefox)) > firefox.closure</screen>
writes the closure of Firefox to a file. You can then copy this file
to another machine and install the closure:
<screen>
$ nix-store --import &lt; firefox.closure</screen>
Any store paths in the closure that are already present in the target
store are ignored. It is also possible to pipe the export into
another command, e.g. to copy and install a closure directly to/on
another machine:
<screen>
$ nix-store --export $(nix-store -qR $(type -p firefox)) | bzip2 | \
ssh alice@itchy.example.org "bunzip2 | nix-store --import"</screen>
However, <command>nix-copy-closure</command> is generally more
efficient because it only copies paths that are not already present in
the target Nix store.</para>
</section>

View file

@ -1,86 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='sec-garbage-collection'>
<title>Garbage Collection</title>
<para><command>nix-env</command> operations such as upgrades
(<option>-u</option>) and uninstall (<option>-e</option>) never
actually delete packages from the system. All they do (as shown
above) is to create a new user environment that no longer contains
symlinks to the “deleted” packages.</para>
<para>Of course, since disk space is not infinite, unused packages
should be removed at some point. You can do this by running the Nix
garbage collector. It will remove from the Nix store any package
not used (directly or indirectly) by any generation of any
profile.</para>
<para>Note however that as long as old generations reference a
package, it will not be deleted. After all, we wouldnt be able to
do a rollback otherwise. So in order for garbage collection to be
effective, you should also delete (some) old generations. Of course,
this should only be done if you are certain that you will not need to
roll back.</para>
<para>To delete all old (non-current) generations of your current
profile:
<screen>
$ nix-env --delete-generations old</screen>
Instead of <literal>old</literal> you can also specify a list of
generations, e.g.,
<screen>
$ nix-env --delete-generations 10 11 14</screen>
To delete all generations older than a specified number of days
(except the current generation), use the <literal>d</literal>
suffix. For example,
<screen>
$ nix-env --delete-generations 14d</screen>
deletes all generations older than two weeks.</para>
<para>After removing appropriate old generations you can run the
garbage collector as follows:
<screen>
$ nix-store --gc</screen>
The behaviour of the gargage collector is affected by the
<literal>keep-derivations</literal> (default: true) and <literal>keep-outputs</literal>
(default: false) options in the Nix configuration file. The defaults will ensure
that all derivations that are build-time dependencies of garbage collector roots
will be kept and that all output paths that are runtime dependencies
will be kept as well. All other derivations or paths will be collected.
(This is usually what you want, but while you are developing
it may make sense to keep outputs to ensure that rebuild times are quick.)
If you are feeling uncertain, you can also first view what files would
be deleted:
<screen>
$ nix-store --gc --print-dead</screen>
Likewise, the option <option>--print-live</option> will show the paths
that <emphasis>wont</emphasis> be deleted.</para>
<para>There is also a convenient little utility
<command>nix-collect-garbage</command>, which when invoked with the
<option>-d</option> (<option>--delete-old</option>) switch deletes all
old generations of all profiles in
<filename>/nix/var/nix/profiles</filename>. So
<screen>
$ nix-collect-garbage -d</screen>
is a quick and easy way to clean up your system.</para>
<xi:include href="garbage-collector-roots.xml" />
</chapter>

View file

@ -1,29 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-gc-roots">
<title>Garbage Collector Roots</title>
<para>The roots of the garbage collector are all store paths to which
there are symlinks in the directory
<filename><emphasis>prefix</emphasis>/nix/var/nix/gcroots</filename>.
For instance, the following command makes the path
<filename>/nix/store/d718ef...-foo</filename> a root of the collector:
<screen>
$ ln -s /nix/store/d718ef...-foo /nix/var/nix/gcroots/bar</screen>
That is, after this command, the garbage collector will not remove
<filename>/nix/store/d718ef...-foo</filename> or any of its
dependencies.</para>
<para>Subdirectories of
<filename><emphasis>prefix</emphasis>/nix/var/nix/gcroots</filename>
are also searched for symlinks. Symlinks to non-store paths are
followed and searched for roots, but symlinks to non-store paths
<emphasis>inside</emphasis> the paths reached in that way are not
followed to prevent infinite recursion.</para>
</section>

View file

@ -1,23 +0,0 @@
<part xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id='chap-package-management'>
<title>Package Management</title>
<partintro>
<para>This chapter discusses how to do package management with Nix,
i.e., how to obtain, install, upgrade, and erase packages. This is
the “users” perspective of the Nix system — people
who want to <emphasis>create</emphasis> packages should consult
<xref linkend='chap-writing-nix-expressions' />.</para>
</partintro>
<xi:include href="basic-package-mgmt.xml" />
<xi:include href="profiles.xml" />
<xi:include href="garbage-collection.xml" />
<xi:include href="channels.xml" />
<xi:include href="sharing-packages.xml" />
</part>

View file

@ -1,154 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-profiles">
<title>Profiles</title>
<para>Profiles and user environments are Nixs mechanism for
implementing the ability to allow different users to have different
configurations, and to do atomic upgrades and rollbacks. To
understand how they work, its useful to know a bit about how Nix
works. In Nix, packages are stored in unique locations in the
<emphasis>Nix store</emphasis> (typically,
<filename>/nix/store</filename>). For instance, a particular version
of the Subversion package might be stored in a directory
<filename>/nix/store/dpmvp969yhdqs7lm2r1a3gng7pyq6vy4-subversion-1.1.3/</filename>,
while another version might be stored in
<filename>/nix/store/5mq2jcn36ldlmh93yj1n8s9c95pj7c5s-subversion-1.1.2</filename>.
The long strings prefixed to the directory names are cryptographic
hashes (to be precise, 160-bit truncations of SHA-256 hashes encoded
in a base-32 notation) of <emphasis>all</emphasis> inputs involved in
building the package — sources, dependencies, compiler flags, and so
on. So if two packages differ in any way, they end up in different
locations in the file system, so they dont interfere with each other.
Here is what a part of a typical Nix store looks like:</para>
<mediaobject>
<imageobject>
<imagedata fileref='../figures/user-environments.png' format='PNG' />
</imageobject>
</mediaobject>
<para>Of course, you wouldnt want to type
<screen>
$ /nix/store/dpmvp969yhdq...-subversion-1.1.3/bin/svn</screen>
every time you want to run Subversion. Of course we could set up the
<literal>PATH</literal> environment variable to include the
<filename>bin</filename> directory of every package we want to use,
but this is not very convenient since changing <literal>PATH</literal>
doesnt take effect for already existing processes. The solution Nix
uses is to create directory trees of symlinks to
<emphasis>activated</emphasis> packages. These are called
<emphasis>user environments</emphasis> and they are packages
themselves (though automatically generated by
<command>nix-env</command>), so they too reside in the Nix store. For
instance, in the figure above, the user environment
<filename>/nix/store/0c1p5z4kda11...-user-env</filename> contains a
symlink to just Subversion 1.1.2 (arrows in the figure indicate
symlinks). This would be what we would obtain if we had done
<screen>
$ nix-env -i subversion</screen>
on a set of Nix expressions that contained Subversion 1.1.2.</para>
<para>This doesnt in itself solve the problem, of course; you
wouldnt want to type
<filename>/nix/store/0c1p5z4kda11...-user-env/bin/svn</filename>
either. Thats why there are symlinks outside of the store that point
to the user environments in the store; for instance, the symlinks
<filename>default-42-link</filename> and
<filename>default-43-link</filename> in the example. These are called
<emphasis>generations</emphasis> since every time you perform a
<command>nix-env</command> operation, a new user environment is
generated based on the current one. For instance, generation 43 was
created from generation 42 when we did
<screen>
$ nix-env -i subversion firefox</screen>
on a set of Nix expressions that contained Firefox and a new version
of Subversion.</para>
<para>Generations are grouped together into
<emphasis>profiles</emphasis> so that different users dont interfere
with each other if they dont want to. For example:
<screen>
$ ls -l /nix/var/nix/profiles/
...
lrwxrwxrwx 1 eelco ... default-42-link -> /nix/store/0c1p5z4kda11...-user-env
lrwxrwxrwx 1 eelco ... default-43-link -> /nix/store/3aw2pdyx2jfc...-user-env
lrwxrwxrwx 1 eelco ... default -> default-43-link</screen>
This shows a profile called <filename>default</filename>. The file
<filename>default</filename> itself is actually a symlink that points
to the current generation. When we do a <command>nix-env</command>
operation, a new user environment and generation link are created
based on the current one, and finally the <filename>default</filename>
symlink is made to point at the new generation. This last step is
atomic on Unix, which explains how we can do atomic upgrades. (Note
that the building/installing of new packages doesnt interfere in
any way with old packages, since they are stored in different
locations in the Nix store.)</para>
<para>If you find that you want to undo a <command>nix-env</command>
operation, you can just do
<screen>
$ nix-env --rollback</screen>
which will just make the current generation link point at the previous
link. E.g., <filename>default</filename> would be made to point at
<filename>default-42-link</filename>. You can also switch to a
specific generation:
<screen>
$ nix-env --switch-generation 43</screen>
which in this example would roll forward to generation 43 again. You
can also see all available generations:
<screen>
$ nix-env --list-generations</screen></para>
<para>You generally wouldnt have
<filename>/nix/var/nix/profiles/<emphasis>some-profile</emphasis>/bin</filename>
in your <literal>PATH</literal>. Rather, there is a symlink
<filename>~/.nix-profile</filename> that points to your current
profile. This means that you should put
<filename>~/.nix-profile/bin</filename> in your <literal>PATH</literal>
(and indeed, thats what the initialisation script
<filename>/nix/etc/profile.d/nix.sh</filename> does). This makes it
easier to switch to a different profile. You can do that using the
command <command>nix-env --switch-profile</command>:
<screen>
$ nix-env --switch-profile /nix/var/nix/profiles/my-profile
$ nix-env --switch-profile /nix/var/nix/profiles/default</screen>
These commands switch to the <filename>my-profile</filename> and
default profile, respectively. If the profile doesnt exist, it will
be created automatically. You should be careful about storing a
profile in another location than the <filename>profiles</filename>
directory, since otherwise it might not be used as a root of the
garbage collector (see <xref linkend='sec-garbage-collection'
/>).</para>
<para>All <command>nix-env</command> operations work on the profile
pointed to by <command>~/.nix-profile</command>, but you can override
this using the <option>--profile</option> option (abbreviation
<option>-p</option>):
<screen>
$ nix-env -p /nix/var/nix/profiles/other-profile -i subversion</screen>
This will <emphasis>not</emphasis> change the
<command>~/.nix-profile</command> symlink.</para>
</chapter>

View file

@ -1,191 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-s3-substituter">
<title>Serving a Nix store via S3</title>
<para>Nix has built-in support for storing and fetching store paths
from Amazon S3 and S3-compatible services. This uses the same
<emphasis>binary</emphasis> cache mechanism that Nix usually uses to
fetch prebuilt binaries from <uri>cache.nixos.org</uri>.</para>
<para>The following options can be specified as URL parameters to
the S3 URL:</para>
<variablelist>
<varlistentry><term><literal>profile</literal></term>
<listitem>
<para>
The name of the AWS configuration profile to use. By default
Nix will use the <literal>default</literal> profile.
</para>
</listitem>
</varlistentry>
<varlistentry><term><literal>region</literal></term>
<listitem>
<para>
The region of the S3 bucket. <literal>useast-1</literal> by
default.
</para>
<para>
If your bucket is not in <literal>useast-1</literal>, you
should always explicitly specify the region parameter.
</para>
</listitem>
</varlistentry>
<varlistentry><term><literal>endpoint</literal></term>
<listitem>
<para>
The URL to your S3-compatible service, for when not using
Amazon S3. Do not specify this value if you're using Amazon
S3.
</para>
<note><para>This endpoint must support HTTPS and will use
path-based addressing instead of virtual host based
addressing.</para></note>
</listitem>
</varlistentry>
<varlistentry><term><literal>scheme</literal></term>
<listitem>
<para>
The scheme used for S3 requests, <literal>https</literal>
(default) or <literal>http</literal>. This option allows you to
disable HTTPS for binary caches which don't support it.
</para>
<note><para>HTTPS should be used if the cache might contain
sensitive information.</para></note>
</listitem>
</varlistentry>
</variablelist>
<para>In this example we will use the bucket named
<literal>example-nix-cache</literal>.</para>
<section xml:id="ssec-s3-substituter-anonymous-reads">
<title>Anonymous Reads to your S3-compatible binary cache</title>
<para>If your binary cache is publicly accessible and does not
require authentication, the simplest and easiest way to use Nix with
your S3 compatible binary cache is to use the HTTP URL for that
cache.</para>
<para>For AWS S3 the binary cache URL for example bucket will be
exactly <uri>https://example-nix-cache.s3.amazonaws.com</uri> or
<uri>s3://example-nix-cache</uri>. For S3 compatible binary caches,
consult that cache's documentation.</para>
<para>Your bucket will need the following bucket policy:</para>
<programlisting><![CDATA[
{
"Id": "DirectReads",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowDirectReads",
"Action": [
"s3:GetObject",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::example-nix-cache",
"arn:aws:s3:::example-nix-cache/*"
],
"Principal": "*"
}
]
}
]]></programlisting>
</section>
<section xml:id="ssec-s3-substituter-authenticated-reads">
<title>Authenticated Reads to your S3 binary cache</title>
<para>For AWS S3 the binary cache URL for example bucket will be
exactly <uri>s3://example-nix-cache</uri>.</para>
<para>Nix will use the <link
xlink:href="https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/credentials.html">default
credential provider chain</link> for authenticating requests to
Amazon S3.</para>
<para>Nix supports authenticated reads from Amazon S3 and S3
compatible binary caches.</para>
<para>Your bucket will need a bucket policy allowing the desired
users to perform the <literal>s3:GetObject</literal> and
<literal>s3:GetBucketLocation</literal> action on all objects in the
bucket. The anonymous policy in <xref
linkend="ssec-s3-substituter-anonymous-reads" /> can be updated to
have a restricted <literal>Principal</literal> to support
this.</para>
</section>
<section xml:id="ssec-s3-substituter-authenticated-writes">
<title>Authenticated Writes to your S3-compatible binary cache</title>
<para>Nix support fully supports writing to Amazon S3 and S3
compatible buckets. The binary cache URL for our example bucket will
be <uri>s3://example-nix-cache</uri>.</para>
<para>Nix will use the <link
xlink:href="https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/credentials.html">default
credential provider chain</link> for authenticating requests to
Amazon S3.</para>
<para>Your account will need the following IAM policy to
upload to the cache:</para>
<programlisting><![CDATA[
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "UploadToCache",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::example-nix-cache",
"arn:aws:s3:::example-nix-cache/*"
]
}
]
}
]]></programlisting>
</section>
<section><title>Examples</title>
<para>To upload with a specific credential profile for Amazon S3:</para>
<screen>
nix copy --to 's3://example-nix-cache?profile=cache-upload&amp;region=eu-west-2' nixpkgs.hello
</screen>
<para>To upload to an S3-compatible binary cache:</para>
<screen>
nix copy --to 's3://example-nix-cache?profile=cache-upload&amp;scheme=https&amp;endpoint=minio.example.com' nixpkgs.hello
</screen>
</section>
</section>

View file

@ -1,20 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-sharing-packages">
<title>Sharing Packages Between Machines</title>
<para>Sometimes you want to copy a package from one machine to
another. Or, you want to install some packages and you know that
another machine already has some or all of those packages or their
dependencies. In that case there are mechanisms to quickly copy
packages between machines.</para>
<xi:include href="binary-cache-substituter.xml" />
<xi:include href="copy-closure.xml" />
<xi:include href="ssh-substituter.xml" />
<xi:include href="s3-substituter.xml" />
</chapter>

View file

@ -1,73 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-ssh-substituter">
<title>Serving a Nix store via SSH</title>
<para>You can tell Nix to automatically fetch needed binaries from a
remote Nix store via SSH. For example, the following installs Firefox,
automatically fetching any store paths in Firefoxs closure if they
are available on the server <literal>avalon</literal>:
<screen>
$ nix-env -i firefox --substituters ssh://alice@avalon
</screen>
This works similar to the binary cache substituter that Nix usually
uses, only using SSH instead of HTTP: if a store path
<literal>P</literal> is needed, Nix will first check if its available
in the Nix store on <literal>avalon</literal>. If not, it will fall
back to using the binary cache substituter, and then to building from
source.</para>
<note><para>The SSH substituter currently does not allow you to enter
an SSH passphrase interactively. Therefore, you should use
<command>ssh-add</command> to load the decrypted private key into
<command>ssh-agent</command>.</para></note>
<para>You can also copy the closure of some store path, without
installing it into your profile, e.g.
<screen>
$ nix-store -r /nix/store/m85bxg…-firefox-34.0.5 --substituters ssh://alice@avalon
</screen>
This is essentially equivalent to doing
<screen>
$ nix-copy-closure --from alice@avalon /nix/store/m85bxg…-firefox-34.0.5
</screen>
</para>
<para>You can use SSHs <emphasis>forced command</emphasis> feature to
set up a restricted user account for SSH substituter access, allowing
read-only access to the local Nix store, but nothing more. For
example, add the following lines to <filename>sshd_config</filename>
to restrict the user <literal>nix-ssh</literal>:
<programlisting>
Match User nix-ssh
AllowAgentForwarding no
AllowTcpForwarding no
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand nix-store --serve
Match All
</programlisting>
On NixOS, you can accomplish the same by adding the following to your
<filename>configuration.nix</filename>:
<programlisting>
nix.sshServe.enable = true;
nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];
</programlisting>
where the latter line lists the public keys of users that are allowed
to connect.</para>
</section>

View file

@ -1,51 +0,0 @@
<appendix xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-relnotes">
<title>Nix Release Notes</title>
<!--
<partintro>
<para>This section lists the release notes for each stable version of Nix.</para>
</partintro>
-->
<xi:include href="rl-2.3.xml" />
<xi:include href="rl-2.2.xml" />
<xi:include href="rl-2.1.xml" />
<xi:include href="rl-2.0.xml" />
<xi:include href="rl-1.11.10.xml" />
<xi:include href="rl-1.11.xml" />
<xi:include href="rl-1.10.xml" />
<xi:include href="rl-1.9.xml" />
<xi:include href="rl-1.8.xml" />
<xi:include href="rl-1.7.xml" />
<xi:include href="rl-1.6.1.xml" />
<xi:include href="rl-1.6.xml" />
<xi:include href="rl-1.5.2.xml" />
<xi:include href="rl-1.5.xml" />
<xi:include href="rl-1.4.xml" />
<xi:include href="rl-1.3.xml" />
<xi:include href="rl-1.2.xml" />
<xi:include href="rl-1.1.xml" />
<xi:include href="rl-1.0.xml" />
<xi:include href="rl-0.16.xml" />
<xi:include href="rl-0.15.xml" />
<xi:include href="rl-0.14.xml" />
<xi:include href="rl-0.13.xml" />
<xi:include href="rl-0.12.xml" />
<xi:include href="rl-0.11.xml" />
<xi:include href="rl-0.10.1.xml" />
<xi:include href="rl-0.10.xml" />
<xi:include href="rl-0.9.2.xml" />
<xi:include href="rl-0.9.1.xml" />
<xi:include href="rl-0.9.xml" />
<xi:include href="rl-0.8.1.xml" />
<xi:include href="rl-0.8.xml" />
<xi:include href="rl-0.7.xml" />
<xi:include href="rl-0.6.xml" />
<xi:include href="rl-0.5.xml" />
</appendix>

View file

@ -1,13 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.10.1">
<title>Release 0.10.1 (2006-10-11)</title>
<para>This release fixes two somewhat obscure bugs that occur when
evaluating Nix expressions that are stored inside the Nix store
(<literal>NIX-67</literal>). These do not affect most users.</para>
</section>

View file

@ -1,323 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.10">
<title>Release 0.10 (2006-10-06)</title>
<note><para>This version of Nix uses Berkeley DB 4.4 instead of 4.3.
The database is upgraded automatically, but you should be careful not
to use old versions of Nix that still use Berkeley DB 4.3. In
particular, if you use a Nix installed through Nix, you should run
<screen>
$ nix-store --clear-substitutes</screen>
first.</para></note>
<warning><para>Also, the database schema has changed slighted to fix a
performance issue (see below). When you run any Nix 0.10 command for
the first time, the database will be upgraded automatically. This is
irreversible.</para></warning>
<itemizedlist>
<!-- Usability / features -->
<listitem><para><command>nix-env</command> usability improvements:
<itemizedlist>
<listitem><para>An option <option>--compare-versions</option>
(or <option>-c</option>) has been added to <command>nix-env
--query</command> to allow you to compare installed versions of
packages to available versions, or vice versa. An easy way to
see if you are up to date with whats in your subscribed
channels is <literal>nix-env -qc \*</literal>.</para></listitem>
<listitem><para><literal>nix-env --query</literal> now takes as
arguments a list of package names about which to show
information, just like <option>--install</option>, etc.: for
example, <literal>nix-env -q gcc</literal>. Note that to show
all derivations, you need to specify
<literal>\*</literal>.</para></listitem>
<listitem><para><literal>nix-env -i
<emphasis>pkgname</emphasis></literal> will now install
the highest available version of
<emphasis>pkgname</emphasis>, rather than installing all
available versions (which would probably give collisions)
(<literal>NIX-31</literal>).</para></listitem>
<listitem><para><literal>nix-env (-i|-u) --dry-run</literal> now
shows exactly which missing paths will be built or
substituted.</para></listitem>
<listitem><para><literal>nix-env -qa --description</literal>
shows human-readable descriptions of packages, provided that
they have a <literal>meta.description</literal> attribute (which
most packages in Nixpkgs dont have yet).</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>New language features:
<itemizedlist>
<listitem><para>Reference scanning (which happens after each
build) is much faster and takes a constant amount of
memory.</para></listitem>
<listitem><para>String interpolation. Expressions like
<programlisting>
"--with-freetype2-library=" + freetype + "/lib"</programlisting>
can now be written as
<programlisting>
"--with-freetype2-library=${freetype}/lib"</programlisting>
You can write arbitrary expressions within
<literal>${<emphasis>...</emphasis>}</literal>, not just
identifiers.</para></listitem>
<listitem><para>Multi-line string literals.</para></listitem>
<listitem><para>String concatenations can now involve
derivations, as in the example <code>"--with-freetype2-library="
+ freetype + "/lib"</code>. This was not previously possible
because we need to register that a derivation that uses such a
string is dependent on <literal>freetype</literal>. The
evaluator now properly propagates this information.
Consequently, the subpath operator (<literal>~</literal>) has
been deprecated.</para></listitem>
<listitem><para>Default values of function arguments can now
refer to other function arguments; that is, all arguments are in
scope in the default values
(<literal>NIX-45</literal>).</para></listitem>
<!--
<listitem><para>TODO: domain checks (r5895).</para></listitem>
-->
<listitem><para>Lots of new built-in primitives, such as
functions for list manipulation and integer arithmetic. See the
manual for a complete list. All primops are now available in
the set <varname>builtins</varname>, allowing one to test for
the availability of primop in a backwards-compatible
way.</para></listitem>
<listitem><para>Real let-expressions: <literal>let x = ...;
... z = ...; in ...</literal>.</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>New commands <command>nix-pack-closure</command> and
<command>nix-unpack-closure</command> than can be used to easily
transfer a store path with all its dependencies to another machine.
Very convenient whenever you have some package on your machine and
you want to copy it somewhere else.</para></listitem>
<listitem><para>XML support:
<itemizedlist>
<listitem><para><literal>nix-env -q --xml</literal> prints the
installed or available packages in an XML representation for
easy processing by other tools.</para></listitem>
<listitem><para><literal>nix-instantiate --eval-only
--xml</literal> prints an XML representation of the resulting
term. (The new flag <option>--strict</option> forces deep
evaluation of the result, i.e., list elements and attributes are
evaluated recursively.)</para></listitem>
<listitem><para>In Nix expressions, the primop
<function>builtins.toXML</function> converts a term to an XML
representation. This is primarily useful for passing structured
information to builders.</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>You can now unambiguously specify which derivation to
build or install in <command>nix-env</command>,
<command>nix-instantiate</command> and <command>nix-build</command>
using the <option>--attr</option> / <option>-A</option> flags, which
takes an attribute name as argument. (Unlike symbolic package names
such as <literal>subversion-1.4.0</literal>, attribute names in an
attribute set are unique.) For instance, a quick way to perform a
test build of a package in Nixpkgs is <literal>nix-build
pkgs/top-level/all-packages.nix -A
<emphasis>foo</emphasis></literal>. <literal>nix-env -q
--attr</literal> shows the attribute names corresponding to each
derivation.</para></listitem>
<listitem><para>If the top-level Nix expression used by
<command>nix-env</command>, <command>nix-instantiate</command> or
<command>nix-build</command> evaluates to a function whose arguments
all have default values, the function will be called automatically.
Also, the new command-line switch <option>--arg
<emphasis>name</emphasis>
<emphasis>value</emphasis></option> can be used to specify
function arguments on the command line.</para></listitem>
<listitem><para><literal>nix-install-package --url
<emphasis>URL</emphasis></literal> allows a package to be
installed directly from the given URL.</para></listitem>
<listitem><para>Nix now works behind an HTTP proxy server; just set
the standard environment variables <literal>http_proxy</literal>,
<literal>https_proxy</literal>, <literal>ftp_proxy</literal> or
<literal>all_proxy</literal> appropriately. Functions such as
<function>fetchurl</function> in Nixpkgs also respect these
variables.</para></listitem>
<listitem><para><literal>nix-build -o
<emphasis>symlink</emphasis></literal> allows the symlink to
the build result to be named something other than
<literal>result</literal>.</para></listitem>
<!-- Stability / performance / etc. -->
<listitem><para>Platform support:
<itemizedlist>
<listitem><para>Support for 64-bit platforms, provided a <link
xlink:href="http://bugzilla.sen.cwi.nl:8080/show_bug.cgi?id=606">suitably
patched ATerm library</link> is used. Also, files larger than 2
GiB are now supported.</para></listitem>
<listitem><para>Added support for Cygwin (Windows,
<literal>i686-cygwin</literal>), Mac OS X on Intel
(<literal>i686-darwin</literal>) and Linux on PowerPC
(<literal>powerpc-linux</literal>).</para></listitem>
<listitem><para>Users of SMP and multicore machines will
appreciate that the number of builds to be performed in parallel
can now be specified in the configuration file in the
<literal>build-max-jobs</literal> setting.</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>Garbage collector improvements:
<itemizedlist>
<listitem><para>Open files (such as running programs) are now
used as roots of the garbage collector. This prevents programs
that have been uninstalled from being garbage collected while
they are still running. The script that detects these
additional runtime roots
(<filename>find-runtime-roots.pl</filename>) is inherently
system-specific, but it should work on Linux and on all
platforms that have the <command>lsof</command>
utility.</para></listitem>
<listitem><para><literal>nix-store --gc</literal>
(a.k.a. <command>nix-collect-garbage</command>) prints out the
number of bytes freed on standard output. <literal>nix-store
--gc --print-dead</literal> shows how many bytes would be freed
by an actual garbage collection.</para></listitem>
<listitem><para><literal>nix-collect-garbage -d</literal>
removes all old generations of <emphasis>all</emphasis> profiles
before calling the actual garbage collector (<literal>nix-store
--gc</literal>). This is an easy way to get rid of all old
packages in the Nix store.</para></listitem>
<listitem><para><command>nix-store</command> now has an
operation <option>--delete</option> to delete specific paths
from the Nix store. It wont delete reachable (non-garbage)
paths unless <option>--ignore-liveness</option> is
specified.</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>Berkeley DB 4.4s process registry feature is used
to recover from crashed Nix processes.</para></listitem>
<!-- <listitem><para>TODO: shared stores.</para></listitem> -->
<listitem><para>A performance issue has been fixed with the
<literal>referer</literal> table, which stores the inverse of the
<literal>references</literal> table (i.e., it tells you what store
paths refer to a given path). Maintaining this table could take a
quadratic amount of time, as well as a quadratic amount of Berkeley
DB log file space (in particular when running the garbage collector)
(<literal>NIX-23</literal>).</para></listitem>
<listitem><para>Nix now catches the <literal>TERM</literal> and
<literal>HUP</literal> signals in addition to the
<literal>INT</literal> signal. So you can now do a <literal>killall
nix-store</literal> without triggering a database
recovery.</para></listitem>
<listitem><para><command>bsdiff</command> updated to version
4.3.</para></listitem>
<listitem><para>Substantial performance improvements in expression
evaluation and <literal>nix-env -qa</literal>, all thanks to <link
xlink:href="http://valgrind.org/">Valgrind</link>. Memory use has
been reduced by a factor 8 or so. Big speedup by memoisation of
path hashing.</para></listitem>
<listitem><para>Lots of bug fixes, notably:
<itemizedlist>
<listitem><para>Make sure that the garbage collector can run
successfully when the disk is full
(<literal>NIX-18</literal>).</para></listitem>
<listitem><para><command>nix-env</command> now locks the profile
to prevent races between concurrent <command>nix-env</command>
operations on the same profile
(<literal>NIX-7</literal>).</para></listitem>
<listitem><para>Removed misleading messages from
<literal>nix-env -i</literal> (e.g., <literal>installing
`foo'</literal> followed by <literal>uninstalling
`foo'</literal>) (<literal>NIX-17</literal>).</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>Nix source distributions are a lot smaller now since
we no longer include a full copy of the Berkeley DB source
distribution (but only the bits we need).</para></listitem>
<listitem><para>Header files are now installed so that external
programs can use the Nix libraries.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,261 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-0.11">
<title>Release 0.11 (2007-12-31)</title>
<para>Nix 0.11 has many improvements over the previous stable release.
The most important improvement is secure multi-user support. It also
features many usability enhancements and language extensions, many of
them prompted by NixOS, the purely functional Linux distribution based
on Nix. Here is an (incomplete) list:</para>
<itemizedlist>
<listitem><para>Secure multi-user support. A single Nix store can
now be shared between multiple (possible untrusted) users. This is
an important feature for NixOS, where it allows non-root users to
install software. The old setuid method for sharing a store between
multiple users has been removed. Details for setting up a
multi-user store can be found in the manual.</para></listitem>
<listitem><para>The new command <command>nix-copy-closure</command>
gives you an easy and efficient way to exchange software between
machines. It copies the missing parts of the closure of a set of
store path to or from a remote machine via
<command>ssh</command>.</para></listitem>
<listitem><para>A new kind of string literal: strings between double
single-quotes (<literal>''</literal>) have indentation
“intelligently” removed. This allows large strings (such as shell
scripts or configuration file fragments in NixOS) to cleanly follow
the indentation of the surrounding expression. It also requires
much less escaping, since <literal>''</literal> is less common in
most languages than <literal>"</literal>.</para></listitem>
<listitem><para><command>nix-env</command> <option>--set</option>
modifies the current generation of a profile so that it contains
exactly the specified derivation, and nothing else. For example,
<literal>nix-env -p /nix/var/nix/profiles/browser --set
firefox</literal> lets the profile named
<filename>browser</filename> contain just Firefox.</para></listitem>
<listitem><para><command>nix-env</command> now maintains
meta-information about installed packages in profiles. The
meta-information is the contents of the <varname>meta</varname>
attribute of derivations, such as <varname>description</varname> or
<varname>homepage</varname>. The command <literal>nix-env -q --xml
--meta</literal> shows all meta-information.</para></listitem>
<listitem><para><command>nix-env</command> now uses the
<varname>meta.priority</varname> attribute of derivations to resolve
filename collisions between packages. Lower priority values denote
a higher priority. For instance, the GCC wrapper package and the
Binutils package in Nixpkgs both have a file
<filename>bin/ld</filename>, so previously if you tried to install
both you would get a collision. Now, on the other hand, the GCC
wrapper declares a higher priority than Binutils, so the formers
<filename>bin/ld</filename> is symlinked in the user
environment.</para></listitem>
<listitem><para><command>nix-env -i / -u</command>: instead of
breaking package ties by version, break them by priority and version
number. That is, if there are multiple packages with the same name,
then pick the package with the highest priority, and only use the
version if there are multiple packages with the same
priority.</para>
<para>This makes it possible to mark specific versions/variant in
Nixpkgs more or less desirable than others. A typical example would
be a beta version of some package (e.g.,
<literal>gcc-4.2.0rc1</literal>) which should not be installed even
though it is the highest version, except when it is explicitly
selected (e.g., <literal>nix-env -i
gcc-4.2.0rc1</literal>).</para></listitem>
<listitem><para><command>nix-env --set-flag</command> allows meta
attributes of installed packages to be modified. There are several
attributes that can be usefully modified, because they affect the
behaviour of <command>nix-env</command> or the user environment
build script:
<itemizedlist>
<listitem><para><varname>meta.priority</varname> can be changed
to resolve filename clashes (see above).</para></listitem>
<listitem><para><varname>meta.keep</varname> can be set to
<literal>true</literal> to prevent the package from being
upgraded or replaced. Useful if you want to hang on to an older
version of a package.</para></listitem>
<listitem><para><varname>meta.active</varname> can be set to
<literal>false</literal> to “disable” the package. That is, no
symlinks will be generated to the files of the package, but it
remains part of the profile (so it wont be garbage-collected).
Set it back to <literal>true</literal> to re-enable the
package.</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para><command>nix-env -q</command> now has a flag
<option>--prebuilt-only</option> (<option>-b</option>) that causes
<command>nix-env</command> to show only those derivations whose
output is already in the Nix store or that can be substituted (i.e.,
downloaded from somewhere). In other words, it shows the packages
that can be installed “quickly”, i.e., dont need to be built from
source. The <option>-b</option> flag is also available in
<command>nix-env -i</command> and <command>nix-env -u</command> to
filter out derivations for which no pre-built binary is
available.</para></listitem>
<listitem><para>The new option <option>--argstr</option> (in
<command>nix-env</command>, <command>nix-instantiate</command> and
<command>nix-build</command>) is like <option>--arg</option>, except
that the value is a string. For example, <literal>--argstr system
i686-linux</literal> is equivalent to <literal>--arg system
\"i686-linux\"</literal> (note that <option>--argstr</option>
prevents annoying quoting around shell arguments).</para></listitem>
<listitem><para><command>nix-store</command> has a new operation
<option>--read-log</option> (<option>-l</option>)
<parameter>paths</parameter> that shows the build log of the given
paths.</para></listitem>
<!--
<listitem><para>TODO: semantic cleanups of string concatenation
etc. (mostly in r6740).</para></listitem>
-->
<listitem><para>Nix now uses Berkeley DB 4.5. The database is
upgraded automatically, but you should be careful not to use old
versions of Nix that still use Berkeley DB 4.4.</para></listitem>
<!-- foo
<listitem><para>TODO: option <option>- -reregister</option> in
<command>nix-store - -register-validity</command>.</para></listitem>
-->
<listitem><para>The option <option>--max-silent-time</option>
(corresponding to the configuration setting
<literal>build-max-silent-time</literal>) allows you to set a
timeout on builds — if a build produces no output on
<literal>stdout</literal> or <literal>stderr</literal> for the given
number of seconds, it is terminated. This is useful for recovering
automatically from builds that are stuck in an infinite
loop.</para></listitem>
<listitem><para><command>nix-channel</command>: each subscribed
channel is its own attribute in the top-level expression generated
for the channel. This allows disambiguation (e.g. <literal>nix-env
-i -A nixpkgs_unstable.firefox</literal>).</para></listitem>
<listitem><para>The substitutes table has been removed from the
database. This makes operations such as <command>nix-pull</command>
and <command>nix-channel --update</command> much, much
faster.</para></listitem>
<listitem><para><command>nix-pull</command> now supports
bzip2-compressed manifests. This speeds up
channels.</para></listitem>
<listitem><para><command>nix-prefetch-url</command> now has a
limited form of caching. This is used by
<command>nix-channel</command> to prevent unnecessary downloads when
the channel hasnt changed.</para></listitem>
<listitem><para><command>nix-prefetch-url</command> now by default
computes the SHA-256 hash of the file instead of the MD5 hash. In
calls to <function>fetchurl</function> you should pass the
<literal>sha256</literal> attribute instead of
<literal>md5</literal>. You can pass either a hexadecimal or a
base-32 encoding of the hash.</para></listitem>
<listitem><para>Nix can now perform builds in an automatically
generated “chroot”. This prevents a builder from accessing stuff
outside of the Nix store, and thus helps ensure purity. This is an
experimental feature.</para></listitem>
<listitem><para>The new command <command>nix-store
--optimise</command> reduces Nix store disk space usage by finding
identical files in the store and hard-linking them to each other.
It typically reduces the size of the store by something like
25-35%.</para></listitem>
<listitem><para><filename>~/.nix-defexpr</filename> can now be a
directory, in which case the Nix expressions in that directory are
combined into an attribute set, with the file names used as the
names of the attributes. The command <command>nix-env
--import</command> (which set the
<filename>~/.nix-defexpr</filename> symlink) is
removed.</para></listitem>
<listitem><para>Derivations can specify the new special attribute
<varname>allowedReferences</varname> to enforce that the references
in the output of a derivation are a subset of a declared set of
paths. For example, if <varname>allowedReferences</varname> is an
empty list, then the output must not have any references. This is
used in NixOS to check that generated files such as initial ramdisks
for booting Linux dont have any dependencies.</para></listitem>
<listitem><para>The new attribute
<varname>exportReferencesGraph</varname> allows builders access to
the references graph of their inputs. This is used in NixOS for
tasks such as generating ISO-9660 images that contain a Nix store
populated with the closure of certain paths.</para></listitem>
<listitem><para>Fixed-output derivations (like
<function>fetchurl</function>) can define the attribute
<varname>impureEnvVars</varname> to allow external environment
variables to be passed to builders. This is used in Nixpkgs to
support proxy configuration, among other things.</para></listitem>
<listitem><para>Several new built-in functions:
<function>builtins.attrNames</function>,
<function>builtins.filterSource</function>,
<function>builtins.isAttrs</function>,
<function>builtins.isFunction</function>,
<function>builtins.listToAttrs</function>,
<function>builtins.stringLength</function>,
<function>builtins.sub</function>,
<function>builtins.substring</function>,
<function>throw</function>,
<function>builtins.trace</function>,
<function>builtins.readFile</function>.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,175 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-0.12">
<title>Release 0.12 (2008-11-20)</title>
<itemizedlist>
<listitem>
<para>Nix no longer uses Berkeley DB to store Nix store metadata.
The principal advantages of the new storage scheme are: it works
properly over decent implementations of NFS (allowing Nix stores
to be shared between multiple machines); no recovery is needed
when a Nix process crashes; no write access is needed for
read-only operations; no more running out of Berkeley DB locks on
certain operations.</para>
<para>You still need to compile Nix with Berkeley DB support if
you want Nix to automatically convert your old Nix store to the
new schema. If you dont need this, you can build Nix with the
<filename>configure</filename> option
<option>--disable-old-db-compat</option>.</para>
<para>After the automatic conversion to the new schema, you can
delete the old Berkeley DB files:
<screen>
$ cd /nix/var/nix/db
$ rm __db* log.* derivers references referrers reserved validpaths DB_CONFIG</screen>
The new metadata is stored in the directories
<filename>/nix/var/nix/db/info</filename> and
<filename>/nix/var/nix/db/referrer</filename>. Though the
metadata is stored in human-readable plain-text files, they are
not intended to be human-editable, as Nix is rather strict about
the format.</para>
<para>The new storage schema may or may not require less disk
space than the Berkeley DB environment, mostly depending on the
cluster size of your file system. With 1 KiB clusters (which
seems to be the <literal>ext3</literal> default nowadays) it
usually takes up much less space.</para>
</listitem>
<listitem><para>There is a new substituter that copies paths
directly from other (remote) Nix stores mounted somewhere in the
filesystem. For instance, you can speed up an installation by
mounting some remote Nix store that already has the packages in
question via NFS or <literal>sshfs</literal>. The environment
variable <literal>NIX_OTHER_STORES</literal> specifies the locations of
the remote Nix directories,
e.g. <literal>/mnt/remote-fs/nix</literal>.</para></listitem>
<listitem><para>New <command>nix-store</command> operations
<option>--dump-db</option> and <option>--load-db</option> to dump
and reload the Nix database.</para></listitem>
<listitem><para>The garbage collector has a number of new options to
allow only some of the garbage to be deleted. The option
<option>--max-freed <emphasis>N</emphasis></option> tells the
collector to stop after at least <emphasis>N</emphasis> bytes
have been deleted. The option <option>--max-links
<emphasis>N</emphasis></option> tells it to stop after the
link count on <filename>/nix/store</filename> has dropped below
<emphasis>N</emphasis>. This is useful for very large Nix
stores on filesystems with a 32000 subdirectories limit (like
<literal>ext3</literal>). The option <option>--use-atime</option>
causes store paths to be deleted in order of ascending last access
time. This allows non-recently used stuff to be deleted. The
option <option>--max-atime <emphasis>time</emphasis></option>
specifies an upper limit to the last accessed time of paths that may
be deleted. For instance,
<screen>
$ nix-store --gc -v --max-atime $(date +%s -d "2 months ago")</screen>
deletes everything that hasnt been accessed in two months.</para></listitem>
<listitem><para><command>nix-env</command> now uses optimistic
profile locking when performing an operation like installing or
upgrading, instead of setting an exclusive lock on the profile.
This allows multiple <command>nix-env -i / -u / -e</command>
operations on the same profile in parallel. If a
<command>nix-env</command> operation sees at the end that the profile
was changed in the meantime by another process, it will just
restart. This is generally cheap because the build results are
still in the Nix store.</para></listitem>
<listitem><para>The option <option>--dry-run</option> is now
supported by <command>nix-store -r</command> and
<command>nix-build</command>.</para></listitem>
<listitem><para>The information previously shown by
<option>--dry-run</option> (i.e., which derivations will be built
and which paths will be substituted) is now always shown by
<command>nix-env</command>, <command>nix-store -r</command> and
<command>nix-build</command>. The total download size of
substitutable paths is now also shown. For instance, a build will
show something like
<screen>
the following derivations will be built:
/nix/store/129sbxnk5n466zg6r1qmq1xjv9zymyy7-activate-configuration.sh.drv
/nix/store/7mzy971rdm8l566ch8hgxaf89x7lr7ik-upstart-jobs.drv
...
the following paths will be downloaded/copied (30.02 MiB):
/nix/store/4m8pvgy2dcjgppf5b4cj5l6wyshjhalj-samba-3.2.4
/nix/store/7h1kwcj29ip8vk26rhmx6bfjraxp0g4l-libunwind-0.98.6
...</screen>
</para></listitem>
<listitem><para>Language features:
<itemizedlist>
<listitem><para>@-patterns as in Haskell. For instance, in a
function definition
<programlisting>f = args @ {x, y, z}: <emphasis>...</emphasis>;</programlisting>
<varname>args</varname> refers to the argument as a whole, which
is further pattern-matched against the attribute set pattern
<literal>{x, y, z}</literal>.</para></listitem>
<listitem><para><literal>...</literal>” (ellipsis) patterns.
An attribute set pattern can now say <literal>...</literal> at
the end of the attribute name list to specify that the function
takes <emphasis>at least</emphasis> the listed attributes, while
ignoring additional attributes. For instance,
<programlisting>{stdenv, fetchurl, fuse, ...}: <emphasis>...</emphasis></programlisting>
defines a function that accepts any attribute set that includes
at least the three listed attributes.</para></listitem>
<listitem><para>New primops:
<varname>builtins.parseDrvName</varname> (split a package name
string like <literal>"nix-0.12pre12876"</literal> into its name
and version components, e.g. <literal>"nix"</literal> and
<literal>"0.12pre12876"</literal>),
<varname>builtins.compareVersions</varname> (compare two version
strings using the same algorithm that <command>nix-env</command>
uses), <varname>builtins.length</varname> (efficiently compute
the length of a list), <varname>builtins.mul</varname> (integer
multiplication), <varname>builtins.div</varname> (integer
division).
<!-- <varname>builtins.genericClosure</varname> -->
</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para><command>nix-prefetch-url</command> now supports
<literal>mirror://</literal> URLs, provided that the environment
variable <literal>NIXPKGS_ALL</literal> points at a Nixpkgs
tree.</para></listitem>
<listitem><para>Removed the commands
<command>nix-pack-closure</command> and
<command>nix-unpack-closure</command>. You can do almost the same
thing but much more efficiently by doing <literal>nix-store --export
$(nix-store -qR <emphasis>paths</emphasis>) > closure</literal> and
<literal>nix-store --import &lt;
closure</literal>.</para></listitem>
<listitem><para>Lots of bug fixes, including a big performance bug in
the handling of <literal>with</literal>-expressions.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,106 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-0.13">
<title>Release 0.13 (2009-11-05)</title>
<para>This is primarily a bug fix release. It has some new
features:</para>
<itemizedlist>
<listitem>
<para>Syntactic sugar for writing nested attribute sets. Instead of
<programlisting>
{
foo = {
bar = 123;
xyzzy = true;
};
a = { b = { c = "d"; }; };
}
</programlisting>
you can write
<programlisting>
{
foo.bar = 123;
foo.xyzzy = true;
a.b.c = "d";
}
</programlisting>
This is useful, for instance, in NixOS configuration files.</para>
</listitem>
<listitem>
<para>Support for Nix channels generated by Hydra, the Nix-based
continuous build system. (Hydra generates NAR archives on the
fly, so the size and hash of these archives isnt known in
advance.)</para>
</listitem>
<listitem>
<para>Support <literal>i686-linux</literal> builds directly on
<literal>x86_64-linux</literal> Nix installations. This is
implemented using the <function>personality()</function> syscall,
which causes <command>uname</command> to return
<literal>i686</literal> in child processes.</para>
</listitem>
<listitem>
<para>Various improvements to the <literal>chroot</literal>
support. Building in a <literal>chroot</literal> works quite well
now.</para>
</listitem>
<listitem>
<para>Nix no longer blocks if it tries to build a path and another
process is already building the same path. Instead it tries to
build another buildable path first. This improves
parallelism.</para>
</listitem>
<listitem>
<para>Support for large (> 4 GiB) files in NAR archives.</para>
</listitem>
<listitem>
<para>Various (performance) improvements to the remote build
mechanism.</para>
</listitem>
<listitem>
<para>New primops: <varname>builtins.addErrorContext</varname> (to
add a string to stack traces — useful for debugging),
<varname>builtins.isBool</varname>,
<varname>builtins.isString</varname>,
<varname>builtins.isInt</varname>,
<varname>builtins.intersectAttrs</varname>.</para>
</listitem>
<listitem>
<para>OpenSolaris support (Sander van der Burg).</para>
</listitem>
<listitem>
<para>Stack traces are no longer displayed unless the
<option>--show-trace</option> option is used.</para>
</listitem>
<listitem>
<para>The scoping rules for <literal>inherit
(<emphasis>e</emphasis>) ...</literal> in recursive
attribute sets have changed. The expression
<emphasis>e</emphasis> can now refer to the attributes
defined in the containing set.</para>
</listitem>
</itemizedlist>
</section>

View file

@ -1,46 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-0.14">
<title>Release 0.14 (2010-02-04)</title>
<para>This release has the following improvements:</para>
<itemizedlist>
<listitem>
<para>The garbage collector now starts deleting garbage much
faster than before. It no longer determines liveness of all paths
in the store, but does so on demand.</para>
</listitem>
<listitem>
<para>Added a new operation, <command>nix-store --query
--roots</command>, that shows the garbage collector roots that
directly or indirectly point to the given store paths.</para>
</listitem>
<listitem>
<para>Removed support for converting Berkeley DB-based Nix
databases to the new schema.</para>
</listitem>
<listitem>
<para>Removed the <option>--use-atime</option> and
<option>--max-atime</option> garbage collector options. They were
not very useful in practice.</para>
</listitem>
<listitem>
<para>On Windows, Nix now requires Cygwin 1.7.x.</para>
</listitem>
<listitem>
<para>A few bug fixes.</para>
</listitem>
</itemizedlist>
</section>

View file

@ -1,14 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-0.15">
<title>Release 0.15 (2010-03-17)</title>
<para>This is a bug-fix release. Among other things, it fixes
building on Mac OS X (Snow Leopard), and improves the contents of
<filename>/etc/passwd</filename> and <filename>/etc/group</filename>
in <literal>chroot</literal> builds.</para>
</section>

View file

@ -1,55 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-0.16">
<title>Release 0.16 (2010-08-17)</title>
<para>This release has the following improvements:</para>
<itemizedlist>
<listitem>
<para>The Nix expression evaluator is now much faster in most
cases: typically, <link
xlink:href="http://www.mail-archive.com/nix-dev@cs.uu.nl/msg04113.html">3
to 8 times compared to the old implementation</link>. It also
uses less memory. It no longer depends on the ATerm
library.</para>
</listitem>
<listitem>
<para>
Support for configurable parallelism inside builders. Build
scripts have always had the ability to perform multiple build
actions in parallel (for instance, by running <command>make -j
2</command>), but this was not desirable because the number of
actions to be performed in parallel was not configurable. Nix
now has an option <option>--cores
<emphasis>N</emphasis></option> as well as a configuration
setting <varname>build-cores =
<emphasis>N</emphasis></varname> that causes the
environment variable <literal>NIX_BUILD_CORES</literal> to be set to
<emphasis>N</emphasis> when the builder is invoked. The
builder can use this at its discretion to perform a parallel
build, e.g., by calling <command>make -j
<emphasis>N</emphasis></command>. In Nixpkgs, this can be
enabled on a per-package basis by setting the derivation
attribute <varname>enableParallelBuilding</varname> to
<literal>true</literal>.
</para>
</listitem>
<listitem>
<para><command>nix-store -q</command> now supports XML output
through the <option>--xml</option> flag.</para>
</listitem>
<listitem>
<para>Several bug fixes.</para>
</listitem>
</itemizedlist>
</section>

View file

@ -1,11 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.5">
<title>Release 0.5 and earlier</title>
<para>Please refer to the Subversion commit log messages.</para>
</section>

View file

@ -1,122 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.6">
<title>Release 0.6 (2004-11-14)</title>
<itemizedlist>
<listitem>
<para>Rewrite of the normalisation engine.
<itemizedlist>
<listitem><para>Multiple builds can now be performed in parallel
(option <option>-j</option>).</para></listitem>
<listitem><para>Distributed builds. Nix can now call a shell
script to forward builds to Nix installations on remote
machines, which may or may not be of the same platform
type.</para></listitem>
<listitem><para>Option <option>--fallback</option> allows
recovery from broken substitutes.</para></listitem>
<listitem><para>Option <option>--keep-going</option> causes
building of other (unaffected) derivations to continue if one
failed.</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem><para>Improvements to the garbage collector (i.e., it
should actually work now).</para></listitem>
<listitem><para>Setuid Nix installations allow a Nix store to be
shared among multiple users.</para></listitem>
<listitem><para>Substitute registration is much faster
now.</para></listitem>
<listitem><para>A utility <command>nix-build</command> to build a
Nix expression and create a symlink to the result int the current
directory; useful for testing Nix derivations.</para></listitem>
<listitem><para>Manual updates.</para></listitem>
<listitem>
<para><command>nix-env</command> changes:
<itemizedlist>
<listitem><para>Derivations for other platforms are filtered out
(which can be overridden using
<option>--system-filter</option>).</para></listitem>
<listitem><para><option>--install</option> by default now
uninstall previous derivations with the same
name.</para></listitem>
<listitem><para><option>--upgrade</option> allows upgrading to a
specific version.</para></listitem>
<listitem><para>New operation
<option>--delete-generations</option> to remove profile
generations (necessary for effective garbage
collection).</para></listitem>
<listitem><para>Nicer output (sorted,
columnised).</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem><para>More sensible verbosity levels all around (builder
output is now shown always, unless <option>-Q</option> is
given).</para></listitem>
<listitem>
<para>Nix expression language changes:
<itemizedlist>
<listitem><para>New language construct: <literal>with
<emphasis>E1</emphasis>;
<emphasis>E2</emphasis></literal> brings all attributes
defined in the attribute set <emphasis>E1</emphasis> in
scope in <emphasis>E2</emphasis>.</para></listitem>
<listitem><para>Added a <function>map</function>
function.</para></listitem>
<listitem><para>Various new operators (e.g., string
concatenation).</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem><para>Expression evaluation is much
faster.</para></listitem>
<listitem><para>An Emacs mode for editing Nix expressions (with
syntax highlighting and indentation) has been
added.</para></listitem>
<listitem><para>Many bug fixes.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,35 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.7">
<title>Release 0.7 (2005-01-12)</title>
<itemizedlist>
<listitem><para>Binary patching. When upgrading components using
pre-built binaries (through nix-pull / nix-channel), Nix can
automatically download and apply binary patches to already installed
components instead of full downloads. Patching is “smart”: if there
is a <emphasis>sequence</emphasis> of patches to an installed
component, Nix will use it. Patches are currently generated
automatically between Nixpkgs (pre-)releases.</para></listitem>
<listitem><para>Simplifications to the substitute
mechanism.</para></listitem>
<listitem><para>Nix-pull now stores downloaded manifests in
<filename>/nix/var/nix/manifests</filename>.</para></listitem>
<listitem><para>Metadata on files in the Nix store is canonicalised
after builds: the last-modified timestamp is set to 0 (00:00:00
1/1/1970), the mode is set to 0444 or 0555 (readable and possibly
executable by all; setuid/setgid bits are dropped), and the group is
set to the default. This ensures that the result of a build and an
installation through a substitute is the same; and that timestamp
dependencies are revealed.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,21 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.8.1">
<title>Release 0.8.1 (2005-04-13)</title>
<para>This is a bug fix release.</para>
<itemizedlist>
<listitem><para>Patch downloading was broken.</para></listitem>
<listitem><para>The garbage collector would not delete paths that
had references from invalid (but substitutable)
paths.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,246 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.8">
<title>Release 0.8 (2005-04-11)</title>
<para>NOTE: the hashing scheme in Nix 0.8 changed (as detailed below).
As a result, <command>nix-pull</command> manifests and channels built
for Nix 0.7 and below will not work anymore. However, the Nix
expression language has not changed, so you can still build from
source. Also, existing user environments continue to work. Nix 0.8
will automatically upgrade the database schema of previous
installations when it is first run.</para>
<para>If you get the error message
<screen>
you have an old-style manifest `/nix/var/nix/manifests/[...]'; please
delete it</screen>
you should delete previously downloaded manifests:
<screen>
$ rm /nix/var/nix/manifests/*</screen>
If <command>nix-channel</command> gives the error message
<screen>
manifest `http://catamaran.labs.cs.uu.nl/dist/nix/channels/[channel]/MANIFEST'
is too old (i.e., for Nix &lt;= 0.7)</screen>
then you should unsubscribe from the offending channel
(<command>nix-channel --remove
<emphasis>URL</emphasis></command>; leave out
<literal>/MANIFEST</literal>), and subscribe to the same URL, with
<literal>channels</literal> replaced by <literal>channels-v3</literal>
(e.g., <link
xlink:href='http://catamaran.labs.cs.uu.nl/dist/nix/channels-v3/nixpkgs-unstable'
/>).</para>
<para>Nix 0.8 has the following improvements:
<itemizedlist>
<listitem><para>The cryptographic hashes used in store paths are now
160 bits long, but encoded in base-32 so that they are still only 32
characters long (e.g.,
<filename>/nix/store/csw87wag8bqlqk7ipllbwypb14xainap-atk-1.9.0</filename>).
(This is actually a 160 bit truncation of a SHA-256
hash.)</para></listitem>
<listitem><para>Big cleanups and simplifications of the basic store
semantics. The notion of “closure store expressions” is gone (and
so is the notion of “successors”); the file system references of a
store path are now just stored in the database.</para>
<para>For instance, given any store path, you can query its closure:
<screen>
$ nix-store -qR $(which firefox)
... lots of paths ...</screen>
Also, Nix now remembers for each store path the derivation that
built it (the “deriver”):
<screen>
$ nix-store -qR $(which firefox)
/nix/store/4b0jx7vq80l9aqcnkszxhymsf1ffa5jd-firefox-1.0.1.drv</screen>
So to see the build-time dependencies, you can do
<screen>
$ nix-store -qR $(nix-store -qd $(which firefox))</screen>
or, in a nicer format:
<screen>
$ nix-store -q --tree $(nix-store -qd $(which firefox))</screen>
</para>
<para>File system references are also stored in reverse. For
instance, you can query all paths that directly or indirectly use a
certain Glibc:
<screen>
$ nix-store -q --referrers-closure \
/nix/store/8lz9yc6zgmc0vlqmn2ipcpkjlmbi51vv-glibc-2.3.4</screen>
</para>
</listitem>
<listitem><para>The concept of fixed-output derivations has been
formalised. Previously, functions such as
<function>fetchurl</function> in Nixpkgs used a hack (namely,
explicitly specifying a store path hash) to prevent changes to, say,
the URL of the file from propagating upwards through the dependency
graph, causing rebuilds of everything. This can now be done cleanly
by specifying the <varname>outputHash</varname> and
<varname>outputHashAlgo</varname> attributes. Nix itself checks
that the content of the output has the specified hash. (This is
important for maintaining certain invariants necessary for future
work on secure shared stores.)</para></listitem>
<listitem><para>One-click installation :-) It is now possible to
install any top-level component in Nixpkgs directly, through the web
— see, e.g., <link
xlink:href='http://catamaran.labs.cs.uu.nl/dist/nixpkgs-0.8/' />.
All you have to do is associate
<filename>/nix/bin/nix-install-package</filename> with the MIME type
<literal>application/nix-package</literal> (or the extension
<filename>.nixpkg</filename>), and clicking on a package link will
cause it to be installed, with all appropriate dependencies. If you
just want to install some specific application, this is easier than
subscribing to a channel.</para></listitem>
<listitem><para><command>nix-store -r
<emphasis>PATHS</emphasis></command> now builds all the
derivations PATHS in parallel. Previously it did them sequentially
(though exploiting possible parallelism between subderivations).
This is nice for build farms.</para></listitem>
<listitem><para><command>nix-channel</command> has new operations
<option>--list</option> and
<option>--remove</option>.</para></listitem>
<listitem><para>New ways of installing components into user
environments:
<itemizedlist>
<listitem><para>Copy from another user environment:
<screen>
$ nix-env -i --from-profile .../other-profile firefox</screen>
</para></listitem>
<listitem><para>Install a store derivation directly (bypassing the
Nix expression language entirely):
<screen>
$ nix-env -i /nix/store/z58v41v21xd3...-aterm-2.3.1.drv</screen>
(This is used to implement <command>nix-install-package</command>,
which is therefore immune to evolution in the Nix expression
language.)</para></listitem>
<listitem><para>Install an already built store path directly:
<screen>
$ nix-env -i /nix/store/hsyj5pbn0d9i...-aterm-2.3.1</screen>
</para></listitem>
<listitem><para>Install the result of a Nix expression specified
as a command-line argument:
<screen>
$ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>
The difference with the normal installation mode is that
<option>-E</option> does not use the <varname>name</varname>
attributes of derivations. Therefore, this can be used to
disambiguate multiple derivations with the same
name.</para></listitem>
</itemizedlist></para></listitem>
<listitem><para>A hash of the contents of a store path is now stored
in the database after a successful build. This allows you to check
whether store paths have been tampered with: <command>nix-store
--verify --check-contents</command>.</para></listitem>
<listitem>
<para>Implemented a concurrent garbage collector. It is now
always safe to run the garbage collector, even if other Nix
operations are happening simultaneously.</para>
<para>However, there can still be GC races if you use
<command>nix-instantiate</command> and <command>nix-store
--realise</command> directly to build things. To prevent races,
use the <option>--add-root</option> flag of those commands.</para>
</listitem>
<listitem><para>The garbage collector now finally deletes paths in
the right order (i.e., topologically sorted under the “references”
relation), thus making it safe to interrupt the collector without
risking a store that violates the closure
invariant.</para></listitem>
<listitem><para>Likewise, the substitute mechanism now downloads
files in the right order, thus preserving the closure invariant at
all times.</para></listitem>
<listitem><para>The result of <command>nix-build</command> is now
registered as a root of the garbage collector. If the
<filename>./result</filename> link is deleted, the GC root
disappears automatically.</para></listitem>
<listitem>
<para>The behaviour of the garbage collector can be changed
globally by setting options in
<filename>/nix/etc/nix/nix.conf</filename>.
<itemizedlist>
<listitem><para><literal>gc-keep-derivations</literal> specifies
whether deriver links should be followed when searching for live
paths.</para></listitem>
<listitem><para><literal>gc-keep-outputs</literal> specifies
whether outputs of derivations should be followed when searching
for live paths.</para></listitem>
<listitem><para><literal>env-keep-derivations</literal>
specifies whether user environments should store the paths of
derivations when they are added (thus keeping the derivations
alive).</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>New <command>nix-env</command> query flags
<option>--drv-path</option> and
<option>--out-path</option>.</para></listitem>
<listitem><para><command>fetchurl</command> allows SHA-1 and SHA-256
in addition to MD5. Just specify the attribute
<varname>sha1</varname> or <varname>sha256</varname> instead of
<varname>md5</varname>.</para></listitem>
<listitem><para>Manual updates.</para></listitem>
</itemizedlist>
</para>
</section>

View file

@ -1,13 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.9.1">
<title>Release 0.9.1 (2005-09-20)</title>
<para>This bug fix release addresses a problem with the ATerm library
when the <option>--with-aterm</option> flag in
<command>configure</command> was <emphasis>not</emphasis> used.</para>
</section>

View file

@ -1,28 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.9.2">
<title>Release 0.9.2 (2005-09-21)</title>
<para>This bug fix release fixes two problems on Mac OS X:
<itemizedlist>
<listitem><para>If Nix was linked against statically linked versions
of the ATerm or Berkeley DB library, there would be dynamic link
errors at runtime.</para></listitem>
<listitem><para><command>nix-pull</command> and
<command>nix-push</command> intermittently failed due to race
conditions involving pipes and child processes with error messages
such as <literal>open2: open(GLOB(0x180b2e4), >&amp;=9) failed: Bad
file descriptor at /nix/bin/nix-pull line 77</literal> (issue
<literal>NIX-14</literal>).</para></listitem>
</itemizedlist>
</para>
</section>

View file

@ -1,98 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-relnotes-0.9">
<title>Release 0.9 (2005-09-16)</title>
<para>NOTE: this version of Nix uses Berkeley DB 4.3 instead of 4.2.
The database is upgraded automatically, but you should be careful not
to use old versions of Nix that still use Berkeley DB 4.2. In
particular, if you use a Nix installed through Nix, you should run
<screen>
$ nix-store --clear-substitutes</screen>
first.</para>
<itemizedlist>
<listitem><para>Unpacking of patch sequences is much faster now
since we no longer do redundant unpacking and repacking of
intermediate paths.</para></listitem>
<listitem><para>Nix now uses Berkeley DB 4.3.</para></listitem>
<listitem><para>The <function>derivation</function> primitive is
lazier. Attributes of dependent derivations can mutually refer to
each other (as long as there are no data dependencies on the
<varname>outPath</varname> and <varname>drvPath</varname> attributes
computed by <function>derivation</function>).</para>
<para>For example, the expression <literal>derivation
attrs</literal> now evaluates to (essentially)
<programlisting>
attrs // {
type = "derivation";
outPath = derivation! attrs;
drvPath = derivation! attrs;
}</programlisting>
where <function>derivation!</function> is a primop that does the
actual derivation instantiation (i.e., it does what
<function>derivation</function> used to do). The advantage is that
it allows commands such as <command>nix-env -qa</command> and
<command>nix-env -i</command> to be much faster since they no longer
need to instantiate all derivations, just the
<varname>name</varname> attribute.</para>
<para>Also, it allows derivations to cyclically reference each
other, for example,
<programlisting>
webServer = derivation {
...
hostName = "svn.cs.uu.nl";
services = [svnService];
};
&#x20;
svnService = derivation {
...
hostName = webServer.hostName;
};</programlisting>
Previously, this would yield a black hole (infinite recursion).</para>
</listitem>
<listitem><para><command>nix-build</command> now defaults to using
<filename>./default.nix</filename> if no Nix expression is
specified.</para></listitem>
<listitem><para><command>nix-instantiate</command>, when applied to
a Nix expression that evaluates to a function, will call the
function automatically if all its arguments have
defaults.</para></listitem>
<listitem><para>Nix now uses libtool to build dynamic libraries.
This reduces the size of executables.</para></listitem>
<listitem><para>A new list concatenation operator
<literal>++</literal>. For example, <literal>[1 2 3] ++ [4 5
6]</literal> evaluates to <literal>[1 2 3 4 5
6]</literal>.</para></listitem>
<listitem><para>Some currently undocumented primops to support
low-level build management using Nix (i.e., using Nix as a Make
replacement). See the commit messages for <literal>r3578</literal>
and <literal>r3580</literal>.</para></listitem>
<listitem><para>Various bug fixes and performance
improvements.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,119 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.0">
<title>Release 1.0 (2012-05-11)</title>
<para>There have been numerous improvements and bug fixes since the
previous release. Here are the most significant:</para>
<itemizedlist>
<listitem>
<para>Nix can now optionally use the Boehm garbage collector.
This significantly reduces the Nix evaluators memory footprint,
especially when evaluating large NixOS system configurations. It
can be enabled using the <option>--enable-gc</option> configure
option.</para>
</listitem>
<listitem>
<para>Nix now uses SQLite for its database. This is faster and
more flexible than the old <emphasis>ad hoc</emphasis> format.
SQLite is also used to cache the manifests in
<filename>/nix/var/nix/manifests</filename>, resulting in a
significant speedup.</para>
</listitem>
<listitem>
<para>Nix now has an search path for expressions. The search path
is set using the environment variable <literal>NIX_PATH</literal> and
the <option>-I</option> command line option. In Nix expressions,
paths between angle brackets are used to specify files that must
be looked up in the search path. For instance, the expression
<literal>&lt;nixpkgs/default.nix></literal> looks for a file
<filename>nixpkgs/default.nix</filename> relative to every element
in the search path.</para>
</listitem>
<listitem>
<para>The new command <command>nix-build --run-env</command>
builds all dependencies of a derivation, then starts a shell in an
environment containing all variables from the derivation. This is
useful for reproducing the environment of a derivation for
development.</para>
</listitem>
<listitem>
<para>The new command <command>nix-store --verify-path</command>
verifies that the contents of a store path have not
changed.</para>
</listitem>
<listitem>
<para>The new command <command>nix-store --print-env</command>
prints out the environment of a derivation in a format that can be
evaluated by a shell.</para>
</listitem>
<listitem>
<para>Attribute names can now be arbitrary strings. For instance,
you can write <literal>{ "foo-1.2" = …; "bla bla" = …; }."bla
bla"</literal>.</para>
</listitem>
<listitem>
<para>Attribute selection can now provide a default value using
the <literal>or</literal> operator. For instance, the expression
<literal>x.y.z or e</literal> evaluates to the attribute
<literal>x.y.z</literal> if it exists, and <literal>e</literal>
otherwise.</para>
</listitem>
<listitem>
<para>The right-hand side of the <literal>?</literal> operator can
now be an attribute path, e.g., <literal>attrs ?
a.b.c</literal>.</para>
</listitem>
<listitem>
<para>On Linux, Nix will now make files in the Nix store immutable
on filesystems that support it. This prevents accidental
modification of files in the store by the root user.</para>
</listitem>
<listitem>
<para>Nix has preliminary support for derivations with multiple
outputs. This is useful because it allows parts of a package to
be deployed and garbage-collected separately. For instance,
development parts of a package such as header files or static
libraries would typically not be part of the closure of an
application, resulting in reduced disk usage and installation
time.</para>
</listitem>
<listitem>
<para>The Nix store garbage collector is faster and holds the
global lock for a shorter amount of time.</para>
</listitem>
<listitem>
<para>The option <option>--timeout</option> (corresponding to the
configuration setting <literal>build-timeout</literal>) allows you
to set an absolute timeout on builds — if a build runs for more than
the given number of seconds, it is terminated. This is useful for
recovering automatically from builds that are stuck in an infinite
loop but keep producing output, and for which
<literal>--max-silent-time</literal> is ineffective.</para>
</listitem>
<listitem>
<para>Nix development has moved to GitHub (<link
xlink:href="https://github.com/NixOS/nix" />).</para>
</listitem>
</itemizedlist>
</section>

View file

@ -1,100 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.1">
<title>Release 1.1 (2012-07-18)</title>
<para>This release has the following improvements:</para>
<itemizedlist>
<listitem>
<para>On Linux, when doing a chroot build, Nix now uses various
namespace features provided by the Linux kernel to improve
build isolation. Namely:
<itemizedlist>
<listitem><para>The private network namespace ensures that
builders cannot talk to the outside world (or vice versa): each
build only sees a private loopback interface. This also means
that two concurrent builds can listen on the same port (e.g. as
part of a test) without conflicting with each
other.</para></listitem>
<listitem><para>The PID namespace causes each build to start as
PID 1. Processes outside of the chroot are not visible to those
on the inside. On the other hand, processes inside the chroot
<emphasis>are</emphasis> visible from the outside (though with
different PIDs).</para></listitem>
<listitem><para>The IPC namespace prevents the builder from
communicating with outside processes using SysV IPC mechanisms
(shared memory, message queues, semaphores). It also ensures
that all IPC objects are destroyed when the builder
exits.</para></listitem>
<listitem><para>The UTS namespace ensures that builders see a
hostname of <literal>localhost</literal> rather than the actual
hostname.</para></listitem>
<listitem><para>The private mount namespace was already used by
Nix to ensure that the bind-mounts used to set up the chroot are
cleaned up automatically.</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>Build logs are now compressed using
<command>bzip2</command>. The command <command>nix-store
-l</command> decompresses them on the fly. This can be disabled
by setting the option <literal>build-compress-log</literal> to
<literal>false</literal>.</para>
</listitem>
<listitem>
<para>The creation of build logs in
<filename>/nix/var/log/nix/drvs</filename> can be disabled by
setting the new option <literal>build-keep-log</literal> to
<literal>false</literal>. This is useful, for instance, for Hydra
build machines.</para>
</listitem>
<listitem>
<para>Nix now reserves some space in
<filename>/nix/var/nix/db/reserved</filename> to ensure that the
garbage collector can run successfully if the disk is full. This
is necessary because SQLite transactions fail if the disk is
full.</para>
</listitem>
<listitem>
<para>Added a basic <function>fetchurl</function> function. This
is not intended to replace the <function>fetchurl</function> in
Nixpkgs, but is useful for bootstrapping; e.g., it will allow us
to get rid of the bootstrap binaries in the Nixpkgs source tree
and download them instead. You can use it by doing
<literal>import &lt;nix/fetchurl.nix> { url =
<emphasis>url</emphasis>; sha256 =
"<emphasis>hash</emphasis>"; }</literal>. (Shea Levy)</para>
</listitem>
<listitem>
<para>Improved RPM spec file. (Michel Alexandre Salim)</para>
</listitem>
<listitem>
<para>Support for on-demand socket-based activation in the Nix
daemon with <command>systemd</command>.</para>
</listitem>
<listitem>
<para>Added a manpage for
<citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
</listitem>
<listitem>
<para>When using the Nix daemon, the <option>-s</option> flag in
<command>nix-env -qa</command> is now much faster.</para>
</listitem>
</itemizedlist>
</section>

View file

@ -1,64 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.10">
<title>Release 1.10 (2015-09-03)</title>
<para>This is primarily a bug fix release. It also has a number of new
features:</para>
<itemizedlist>
<listitem>
<para>A number of builtin functions have been added to reduce
Nixpkgs/NixOS evaluation time and memory consumption:
<function>all</function>,
<function>any</function>,
<function>concatStringsSep</function>,
<function>foldl</function>,
<function>genList</function>,
<function>replaceStrings</function>,
<function>sort</function>.
</para>
</listitem>
<listitem>
<para>The garbage collector is more robust when the disk is full.</para>
</listitem>
<listitem>
<para>Nix supports a new API for building derivations that doesnt
require a <literal>.drv</literal> file to be present on disk; it
only requires an in-memory representation of the derivation. This
is used by the Hydra continuous build system to make remote builds
more efficient.</para>
</listitem>
<listitem>
<para>The function <literal>&lt;nix/fetchurl.nix></literal> now
uses a <emphasis>builtin</emphasis> builder (i.e. it doesnt
require starting an external process; the download is performed by
Nix itself). This ensures that derivation paths dont change when
Nix is upgraded, and obviates the need for ugly hacks to support
chroot execution.</para>
</listitem>
<listitem>
<para><option>--version -v</option> now prints some configuration
information, in particular what compile-time optional features are
enabled, and the paths of various directories.</para>
</listitem>
<listitem>
<para>Build users have their supplementary groups set correctly.</para>
</listitem>
</itemizedlist>
<para>This release has contributions from Eelco Dolstra, Guillaume
Maudoux, Iwan Aucamp, Jaka Hudoklin, Kirill Elagin, Ludovic Courtès,
Manolis Ragkousis, Nicolas B. Pierron and Shea Levy.</para>
</section>

View file

@ -1,31 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.11.10">
<title>Release 1.11.10 (2017-06-12)</title>
<para>This release fixes a security bug in Nixs “build user” build
isolation mechanism. Previously, Nix builders had the ability to
create setuid binaries owned by a <literal>nixbld</literal>
user. Such a binary could then be used by an attacker to assume a
<literal>nixbld</literal> identity and interfere with subsequent
builds running under the same UID.</para>
<para>To prevent this issue, Nix now disallows builders to create
setuid and setgid binaries. On Linux, this is done using a seccomp BPF
filter. Note that this imposes a small performance penalty (e.g. 1%
when building GNU Hello). Using seccomp, we now also prevent the
creation of extended attributes and POSIX ACLs since these cannot be
represented in the NAR format and (in the case of POSIX ACLs) allow
bypassing regular Nix store permissions. On macOS, the restriction is
implemented using the existing sandbox mechanism, which now uses a
minimal “allow all except the creation of setuid/setgid binaries”
profile when regular sandboxing is disabled. On other platforms, the
“build user” mechanism is now disabled.</para>
<para>Thanks go to Linus Heckemann for discovering and reporting this
bug.</para>
</section>

View file

@ -1,141 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.11">
<title>Release 1.11 (2016-01-19)</title>
<para>This is primarily a bug fix release. It also has a number of new
features:</para>
<itemizedlist>
<listitem>
<para><command>nix-prefetch-url</command> can now download URLs
specified in a Nix expression. For example,
<screen>
$ nix-prefetch-url -A hello.src
</screen>
will prefetch the file specified by the
<function>fetchurl</function> call in the attribute
<literal>hello.src</literal> from the Nix expression in the
current directory, and print the cryptographic hash of the
resulting file on stdout. This differs from <literal>nix-build -A
hello.src</literal> in that it doesn't verify the hash, and is
thus useful when youre updating a Nix expression.</para>
<para>You can also prefetch the result of functions that unpack a
tarball, such as <function>fetchFromGitHub</function>. For example:
<screen>
$ nix-prefetch-url --unpack https://github.com/NixOS/patchelf/archive/0.8.tar.gz
</screen>
or from a Nix expression:
<screen>
$ nix-prefetch-url -A nix-repl.src
</screen>
</para>
</listitem>
<listitem>
<para>The builtin function
<function>&lt;nix/fetchurl.nix></function> now supports
downloading and unpacking NARs. This removes the need to have
multiple downloads in the Nixpkgs stdenv bootstrap process (like a
separate busybox binary for Linux, or curl/mkdir/sh/bzip2 for
Darwin). Now all those files can be combined into a single NAR,
optionally compressed using <command>xz</command>.</para>
</listitem>
<listitem>
<para>Nix now supports SHA-512 hashes for verifying fixed-output
derivations, and in <function>builtins.hashString</function>.</para>
</listitem>
<listitem>
<para>
The new flag <option>--option build-repeat
<emphasis>N</emphasis></option> will cause every build to
be executed <emphasis>N</emphasis>+1 times. If the build
output differs between any round, the build is rejected, and the
output paths are not registered as valid. This is primarily
useful to verify build determinism. (We already had a
<option>--check</option> option to repeat a previously succeeded
build. However, with <option>--check</option>, non-deterministic
builds are registered in the DB. Preventing that is useful for
Hydra to ensure that non-deterministic builds don't end up
getting published to the binary cache.)
</para>
</listitem>
<listitem>
<para>
The options <option>--check</option> and <option>--option
build-repeat <emphasis>N</emphasis></option>, if they
detect a difference between two runs of the same derivation and
<option>-K</option> is given, will make the output of the other
run available under
<filename><emphasis>store-path</emphasis>-check</filename>. This
makes it easier to investigate the non-determinism using tools
like <command>diffoscope</command>, e.g.,
<screen>
$ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K
error: derivation /nix/store/l54i8wlw2265…-zlib-1.2.8.drv may not
be deterministic: output /nix/store/11a27shh6n2i…-zlib-1.2.8
differs from /nix/store/11a27shh6n2i…-zlib-1.2.8-check
$ diffoscope /nix/store/11a27shh6n2i…-zlib-1.2.8 /nix/store/11a27shh6n2i…-zlib-1.2.8-check
├── lib/libz.a
│ ├── metadata
│ │ @@ -1,15 +1,15 @@
│ │ -rw-r--r-- 30001/30000 3096 Jan 12 15:20 2016 adler32.o
│ │ +rw-r--r-- 30001/30000 3096 Jan 12 15:28 2016 adler32.o
</screen>
</para></listitem>
<listitem>
<para>Improved FreeBSD support.</para>
</listitem>
<listitem>
<para><command>nix-env -qa --xml --meta</command> now prints
license information.</para>
</listitem>
<listitem>
<para>The maximum number of parallel TCP connections that the
binary cache substituter will use has been decreased from 150 to
25. This should prevent upsetting some broken NAT routers, and
also improves performance.</para>
</listitem>
<listitem>
<para>All "chroot"-containing strings got renamed to "sandbox".
In particular, some Nix options got renamed, but the old names
are still accepted as lower-priority aliases.
</para>
</listitem>
</itemizedlist>
<para>This release has contributions from Anders Claesson, Anthony
Cowley, Bjørn Forsman, Brian McKenna, Danny Wilson, davidak, Eelco Dolstra,
Fabian Schmitthenner, FrankHB, Ilya Novoselov, janus, Jim Garrison, John
Ericson, Jude Taylor, Ludovic Courtès, Manuel Jacob, Mathnerd314,
Pascal Wittmann, Peter Simons, Philip Potter, Preston Bennes, Rommel
M. Martinez, Sander van der Burg, Shea Levy, Tim Cuthbertson, Tuomas
Tynkkynen, Utku Demir and Vladimír Čunát.</para>
</section>

View file

@ -1,157 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.2">
<title>Release 1.2 (2012-12-06)</title>
<para>This release has the following improvements and changes:</para>
<itemizedlist>
<listitem>
<para>Nix has a new binary substituter mechanism: the
<emphasis>binary cache</emphasis>. A binary cache contains
pre-built binaries of Nix packages. Whenever Nix wants to build a
missing Nix store path, it will check a set of binary caches to
see if any of them has a pre-built binary of that path. The
configuration setting <option>binary-caches</option> contains a
list of URLs of binary caches. For instance, doing
<screen>
$ nix-env -i thunderbird --option binary-caches http://cache.nixos.org
</screen>
will install Thunderbird and its dependencies, using the available
pre-built binaries in <uri>http://cache.nixos.org</uri>.
The main advantage over the old “manifest”-based method of getting
pre-built binaries is that you dont have to worry about your
manifest being in sync with the Nix expressions youre installing
from; i.e., you dont need to run <command>nix-pull</command> to
update your manifest. Its also more scalable because you dont
need to redownload a giant manifest file every time.
</para>
<para>A Nix channel can provide a binary cache URL that will be
used automatically if you subscribe to that channel. If you use
the Nixpkgs or NixOS channels
(<uri>http://nixos.org/channels</uri>) you automatically get the
cache <uri>http://cache.nixos.org</uri>.</para>
<para>Binary caches are created using <command>nix-push</command>.
For details on the operation and format of binary caches, see the
<command>nix-push</command> manpage. More details are provided in
<link xlink:href="https://nixos.org/nix-dev/2012-September/009826.html">this
nix-dev posting</link>.</para>
</listitem>
<listitem>
<para>Multiple output support should now be usable. A derivation
can declare that it wants to produce multiple store paths by
saying something like
<programlisting>
outputs = [ "lib" "headers" "doc" ];
</programlisting>
This will cause Nix to pass the intended store path of each output
to the builder through the environment variables
<literal>lib</literal>, <literal>headers</literal> and
<literal>doc</literal>. Other packages can refer to a specific
output by referring to
<literal><emphasis>pkg</emphasis>.<emphasis>output</emphasis></literal>,
e.g.
<programlisting>
buildInputs = [ pkg.lib pkg.headers ];
</programlisting>
If you install a package with multiple outputs using
<command>nix-env</command>, each output path will be symlinked
into the user environment.</para>
</listitem>
<listitem>
<para>Dashes are now valid as part of identifiers and attribute
names.</para>
</listitem>
<listitem>
<para>The new operation <command>nix-store --repair-path</command>
allows corrupted or missing store paths to be repaired by
redownloading them. <command>nix-store --verify --check-contents
--repair</command> will scan and repair all paths in the Nix
store. Similarly, <command>nix-env</command>,
<command>nix-build</command>, <command>nix-instantiate</command>
and <command>nix-store --realise</command> have a
<option>--repair</option> flag to detect and fix bad paths by
rebuilding or redownloading them.</para>
</listitem>
<listitem>
<para>Nix no longer sets the immutable bit on files in the Nix
store. Instead, the recommended way to guard the Nix store
against accidental modification on Linux is to make it a read-only
bind mount, like this:
<screen>
$ mount --bind /nix/store /nix/store
$ mount -o remount,ro,bind /nix/store
</screen>
Nix will automatically make <filename>/nix/store</filename>
writable as needed (using a private mount namespace) to allow
modifications.</para>
</listitem>
<listitem>
<para>Store optimisation (replacing identical files in the store
with hard links) can now be done automatically every time a path
is added to the store. This is enabled by setting the
configuration option <literal>auto-optimise-store</literal> to
<literal>true</literal> (disabled by default).</para>
</listitem>
<listitem>
<para>Nix now supports <command>xz</command> compression for NARs
in addition to <command>bzip2</command>. It compresses about 30%
better on typical archives and decompresses about twice as
fast.</para>
</listitem>
<listitem>
<para>Basic Nix expression evaluation profiling: setting the
environment variable <literal>NIX_COUNT_CALLS</literal> to
<literal>1</literal> will cause Nix to print how many times each
primop or function was executed.</para>
</listitem>
<listitem>
<para>New primops: <varname>concatLists</varname>,
<varname>elem</varname>, <varname>elemAt</varname> and
<varname>filter</varname>.</para>
</listitem>
<listitem>
<para>The command <command>nix-copy-closure</command> has a new
flag <option>--use-substitutes</option> (<option>-s</option>) to
download missing paths on the target machine using the substitute
mechanism.</para>
</listitem>
<listitem>
<para>The command <command>nix-worker</command> has been renamed
to <command>nix-daemon</command>. Support for running the Nix
worker in “slave” mode has been removed.</para>
</listitem>
<listitem>
<para>The <option>--help</option> flag of every Nix command now
invokes <command>man</command>.</para>
</listitem>
<listitem>
<para>Chroot builds are now supported on systemd machines.</para>
</listitem>
</itemizedlist>
<para>This release has contributions from Eelco Dolstra, Florian
Friesdorf, Mats Erik Andersson and Shea Levy.</para>
</section>

View file

@ -1,19 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.3">
<title>Release 1.3 (2013-01-04)</title>
<para>This is primarily a bug fix release. When this version is first
run on Linux, it removes any immutable bits from the Nix store and
increases the schema version of the Nix store. (The previous release
removed support for setting the immutable bit; this release clears any
remaining immutable bits to make certain operations more
efficient.)</para>
<para>This release has contributions from Eelco Dolstra and Stuart
Pernsteiner.</para>
</section>

View file

@ -1,39 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.4">
<title>Release 1.4 (2013-02-26)</title>
<para>This release fixes a security bug in multi-user operation. It
was possible for derivations to cause the mode of files outside of the
Nix store to be changed to 444 (read-only but world-readable) by
creating hard links to those files (<link
xlink:href="https://github.com/NixOS/nix/commit/5526a282b5b44e9296e61e07d7d2626a79141ac4">details</link>).</para>
<para>There are also the following improvements:</para>
<itemizedlist>
<listitem><para>New built-in function:
<function>builtins.hashString</function>.</para></listitem>
<listitem><para>Build logs are now stored in
<filename>/nix/var/log/nix/drvs/<emphasis>XX</emphasis>/</filename>,
where <emphasis>XX</emphasis> is the first two characters of
the derivation. This is useful on machines that keep a lot of build
logs (such as Hydra servers).</para></listitem>
<listitem><para>The function <function>corepkgs/fetchurl</function>
can now make the downloaded file executable. This will allow
getting rid of all bootstrap binaries in the Nixpkgs source
tree.</para></listitem>
<listitem><para>Language change: The expression <literal>"${./path}
..."</literal> now evaluates to a string instead of a
path.</para></listitem>
</itemizedlist>
</section>

View file

@ -1,12 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.5.1">
<title>Release 1.5.1 (2013-02-28)</title>
<para>The bug fix to the bug fix had a bug itself, of course. But
this time it will work for sure!</para>
</section>

View file

@ -1,12 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.5.2">
<title>Release 1.5.2 (2013-05-13)</title>
<para>This is primarily a bug fix release. It has contributions from
Eelco Dolstra, Lluís Batlle i Rossell and Shea Levy.</para>
</section>

View file

@ -1,12 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.5">
<title>Release 1.5 (2013-02-27)</title>
<para>This is a brown paper bag release to fix a regression introduced
by the hard link security fix in 1.4.</para>
</section>

View file

@ -1,69 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.6.1">
<title>Release 1.6.1 (2013-10-28)</title>
<para>This is primarily a bug fix release. Changes of interest
are:</para>
<itemizedlist>
<listitem>
<para>Nix 1.6 accidentally changed the semantics of antiquoted
paths in strings, such as <literal>"${/foo}/bar"</literal>. This
release reverts to the Nix 1.5.3 behaviour.</para>
</listitem>
<listitem>
<para>Previously, Nix optimised expressions such as
<literal>"${<emphasis>expr</emphasis>}"</literal> to
<emphasis>expr</emphasis>. Thus it neither checked whether
<emphasis>expr</emphasis> could be coerced to a string, nor
applied such coercions. This meant that
<literal>"${123}"</literal> evaluatued to <literal>123</literal>,
and <literal>"${./foo}"</literal> evaluated to
<literal>./foo</literal> (even though
<literal>"${./foo} "</literal> evaluates to
<literal>"/nix/store/<emphasis>hash</emphasis>-foo "</literal>).
Nix now checks the type of antiquoted expressions and
applies coercions.</para>
</listitem>
<listitem>
<para>Nix now shows the exact position of undefined variables. In
particular, undefined variable errors in a <literal>with</literal>
previously didn't show <emphasis>any</emphasis> position
information, so this makes it a lot easier to fix such
errors.</para>
</listitem>
<listitem>
<para>Undefined variables are now treated consistently.
Previously, the <function>tryEval</function> function would catch
undefined variables inside a <literal>with</literal> but not
outside. Now <function>tryEval</function> never catches undefined
variables.</para>
</listitem>
<listitem>
<para>Bash completion in <command>nix-shell</command> now works
correctly.</para>
</listitem>
<listitem>
<para>Stack traces are less verbose: they no longer show calls to
builtin functions and only show a single line for each derivation
on the call stack.</para>
</listitem>
<listitem>
<para>New built-in function: <function>builtins.typeOf</function>,
which returns the type of its argument as a string.</para>
</listitem>
</itemizedlist>
</section>

Some files were not shown because too many files have changed in this diff Show more