mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-22 14:06:16 +02:00
better explain reference scanning
This commit is contained in:
parent
fa7ad4593d
commit
1681f4e9f3
1 changed files with 9 additions and 6 deletions
|
@ -70,18 +70,21 @@ This is no longer true, but longer hashes and other information are still trunca
|
|||
[hash]: https://en.m.wikipedia.org/wiki/Cryptographic_hash_function
|
||||
[sha-1]: https://en.m.wikipedia.org/wiki/SHA-1
|
||||
|
||||
|
||||
### Reference scanning
|
||||
|
||||
While references could be arbitrary paths, Nix requires them to be store paths to ensure correctness.
|
||||
Anything outside a given store is not under control of Nix, and therefore cannot be guaranteed to be present when needed.
|
||||
When a new store object is built, Nix scans its file contents for store paths to construct its set of references.
|
||||
|
||||
However, having references match store paths in files is not enforced by the data model:
|
||||
Store objects could have excess or incomplete references with respect to store paths found in their file contents.
|
||||
The special format of a store path's [digest](#digest) allows reliably detecting it among arbitrary data.
|
||||
Nix uses the [closure](store.md#closure) of build inputs to derive the list of allowed store paths, to avoid false positives.
|
||||
|
||||
Scanning files therefore allows reliably capturing run time dependencies without declaring them explicitly.
|
||||
This way, scanning files captures run time dependencies without the user having to declare them explicitly.
|
||||
Doing it at build time and persisting references in the store object avoids repeating this time-consuming operation.
|
||||
|
||||
::: {.note}
|
||||
In practice, it is sometimes still necessary to declare certain dependencies explicitly, if they are to be preserved in the build result's closure.
|
||||
This depends on the specifics of the software to build and run.
|
||||
:::
|
||||
|
||||
## Input Addressing {#input-addressing}
|
||||
|
||||
Input addressing means that the digest derives from how the store object was produced, namely its build inputs and build plan.
|
||||
|
|
Loading…
Reference in a new issue