Lazy
- Expressions are only evaluated when their value is needed - (used). +| + Package manager + | ++ ✓ + | +
| + Programming Language + | ++ ✓ + | +
| + Os + | ++ ✓ + | +
| + Package repository + | ++ ✓ + | +
+ Ok so how is Nix different from other package managers??
+
+
+ Nix is trying to stay as pure and reproducible as
+ possible.
+
+
+
+
+
![]()
+
+
+
+ # ls /bin
+ sh
+
+
+
+
+ # ls /lib
+ ls: cannot access '/lib': No such file or
+ directory
+
+
+
+
+ # ls /usr/bin
+ env
+
+
+
+ Huh??
+
+
+
+
+ # ls /nix/store
+
+ zzfarkcyb4v11ai1kbk3mdh2y7jalbiq-CVE-2017-8372-CVE-2017-8373.patch.drv
+ zzfkkrvn1f4ks46z22rxbhnxg8mmj4bp-python3.10-sphinxcontrib-jsmath-1.0.1.drv
+ zzflbnwmr19w0b5vsvf90292bszkbqx4-patchelf-0.15.0.drv
+ zzi69bi53biq6zckij6cfwcjggqskbb2-asdf-3.3.6.tar.gz.drv
+ zznxvgy5pi4ny9dpl5gkxk9y5i1k436h-wayland-1.22.0.drv
+ zzpm91md3wqllaqpzm7whvcpafblcp3d-0007-qtbase-find-tools-in-PATH.patch
+ zzrgf0qw8vd3rd3fznzif1fh5k856rdy-libass-0.17.1/
+ zzwsixlsccw8vdy6wb9qqzj1fmyjis3n-net-tools-2.10/
+ zzxszlz0zj3054j087h0a87vg9chr6vl-foldl-1.4.14-r2.cabal.drv
+ zzyy4xm6m2vdqi0h0c0dgr75jl8s0n3b-source.drv
+ ....
+
+
+
+
+ $ patchelf --print-rpath
+ /nix/store/ffll6glz3gwx342z0ch8wx30p5cnqz1z-python3-3.11.5/bin/python
+
+ /nix/store/ffll6glz3gwx342z0ch8wx30p5cnqz1z-python3-3.11.5/lib:/nix/store/gqghjch4p1s69sv4mcjksb2kb65rwqjy-glibc-2.38-23/lib:/nix/store/9fy9zzhf613xp0c3jsjxbjq6yp8afrsv-gcc-12.3.0-lib/lib
+
+
+ | Compile-time | +Explicitly listed | +
|---|---|
| Runtime | +Hashes of other paths that exist in a path | +
+
-
+
- Paths referenced by its derivation +
- That's it... +
- let
- a = abort "will never happen";
- b = "hello";
- c = "world";
- in b + c
+ builtins.derivation {
+ name = "mybuild";
+ builder = "${pkgs.python}/bin/python";
+ args = [ "${./script.py}" ];
+ system = "x86_64-linux";
+
+ # Optional additional environment
+ PATH="...";
+ ENV="...";
+ }
+ + Just another variable called
$out+ +
+ + Determined by hashing the derivation iteslf + +
+
+ builtins.derivation {
+ name = "mybuild";
+ builder = "${pkgs.python}/bin/python";
+ args = [ "${./script.py}" ];
+ system = "x86_64-linux";
+
+
+
+
+ outputHashAlgo = "sha256";
+ outputHash = "...";
+ }
+
+
+ +
-
+
- Paths referenced by its derivation +
- That's it... +
- The Internet +
+
-
+
- Reproducible, even across machines +
- Trivial to offload +
- You can be sure what's in a package +
- Trivial to distribute builds +
Functional
@@ -82,14 +315,21 @@
Nix reproducibility statistics. - -
- Nix Language
-
-
+
+
@@ -121,10 +361,12 @@
Pure
reproducible builds.Nix reproducibility statistics. - -
Lazy
+ Expressions are only evaluated when their value is needed + (used). +
+
+ let
+ a = abort "will never happen";
+ b = "hello";
+ c = "world";
+ in b + c
+
+
Top level attributes:
Inputs
- All the inputs get automatically fetched and evaluated as a flakes.
-
- If you want non flake project as an input you can specify `flake = false;`
-
+ All the inputs get automatically fetched and evaluated as a
+ flakes.
+
+ If you want non flake project as an input you can
+ specify `flake = false;`
+
@@ -149,11 +391,13 @@ Where is the reproducibility tho?
Lock file
- flake.nix are typically "unlocked" (they do NOT specify version/commit), that's why we need the
+ flake.nix are typically "unlocked" (they do NOT specify
+ version/commit), that's why we need the
flake.lock file that is generated by nix.
- The generated lock file contains a graph structure specifying the
+ The generated lock file contains a graph structure specifying
+ the
exact version (commit) and hash of the input.
To ensure reproducibility.
@@ -686,176 +930,132 @@ Lock file
- Development environments: Demo
-
-
- Declaring your own package: Demo
-
-
- How Nix works?
- FHS: Peeking behind the curtain
-
-
+ Development environments: Demo
-
-
-
-
- # ls /bin
- sh
-
-
-
-
- # ls /lib
- ls: cannot access '/lib': No such file or
- directory
-
-
-
-
- # ls /usr/bin
- env
-
-
-
- Huh??
![]()
-
-
-
-
- # ls /nix/store
+
+
+{
+ inputs = {
+ nixpkgs = {
+ url = "github:NixOS/nixpkgs";
+ };
+ };
- zzfarkcyb4v11ai1kbk3mdh2y7jalbiq-CVE-2017-8372-CVE-2017-8373.patch.drv
- zzfkkrvn1f4ks46z22rxbhnxg8mmj4bp-python3.10-sphinxcontrib-jsmath-1.0.1.drv
- zzflbnwmr19w0b5vsvf90292bszkbqx4-patchelf-0.15.0.drv
- zzi69bi53biq6zckij6cfwcjggqskbb2-asdf-3.3.6.tar.gz.drv
- zznxvgy5pi4ny9dpl5gkxk9y5i1k436h-wayland-1.22.0.drv
- zzpm91md3wqllaqpzm7whvcpafblcp3d-0007-qtbase-find-tools-in-PATH.patch
- zzrgf0qw8vd3rd3fznzif1fh5k856rdy-libass-0.17.1/
- zzwsixlsccw8vdy6wb9qqzj1fmyjis3n-net-tools-2.10/
- zzxszlz0zj3054j087h0a87vg9chr6vl-foldl-1.4.14-r2.cabal.drv
- zzyy4xm6m2vdqi0h0c0dgr75jl8s0n3b-source.drv
- ....
-
-
-
-
+ outputs = {nixpkgs, ...}: let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ in {
+ devShells = {
+ x86_64-linux = {
+ default = pkgs.mkShell {
+ nativeBuildInputs = [
+ pkgs.python3
+ pkgs.nixfmt
+ (pkgs.writeShellScriptBin "foobar" ''
+ echo 'Welcome to the FIT Nix meetup'
+ '')
+ (pkgs.writeShellScriptBin "my-old-python" ''
+ ${pkgs.python38}/bin/python "$@"
+ '')
+ pkgs.hello.nativeBuildInputs
+ ];
+ };
+ };
+ };
+ };
+}
+
+
- RPath
-
- $ patchelf --print-rpath
- /nix/store/ffll6glz3gwx342z0ch8wx30p5cnqz1z-python3-3.11.5/bin/python
+
+{
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
- /nix/store/ffll6glz3gwx342z0ch8wx30p5cnqz1z-python3-3.11.5/lib:/nix/store/gqghjch4p1s69sv4mcjksb2kb65rwqjy-glibc-2.38-23/lib:/nix/store/9fy9zzhf613xp0c3jsjxbjq6yp8afrsv-gcc-12.3.0-lib/lib
+ outputs = {nixpkgs, ...}: let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ in {
+ devShells.x86_64-linux.default = pkgs.mkShell {
+ nativeBuildInputs = [
+ pkgs.python3
+ pkgs.nixfmt
+ (pkgs.writeShellScriptBin "foobar" ''
+ echo 'Welcome to the FIT Nix meetup'
+ '')
+ (pkgs.writeShellScriptBin "my-old-python" ''
+ ${pkgs.python38}/bin/python "$@"
+ '')
+ pkgs.hello.nativeBuildInputs
+ ];
+ };
+ };
+}
- Dependencies
+
+
+{
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
-
-
- Compile-time
- Explicitly listed
-
-
- Runtime
- Hashes of other paths that exist in a path
-
-
+ outputs = {nixpkgs, ...}: let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ in {
+ devShells.x86_64-linux.default = pkgs.mkShell with pkgs; {
+ nativeBuildInputs = [
+ python3
+ nixfmt
+ (writeShellScriptBin "foobar" ''
+ echo 'Welcome to the FIT Nix meetup'
+ '')
+ (writeShellScriptBin "my-old-python" ''
+ ${pkgs.python38}/bin/python "$@"
+ '')
+ hello.nativeBuildInputs
+ ];
+ };
+ };
+}
+
+
- Derivation: Sandboxed Builds
-
- The build sees:
-
-
- - Paths referenced by its derivation
- - That's it...
-
-
-
- What's a derivation?
-
-
- builtins.derivation {
- name = "mybuild";
- builder = "${pkgs.python}/bin/python";
- args = [ "${./script.py}" ];
- system = "x86_64-linux";
+
+
+{
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs";
- # Optional additional environment
- PATH="...";
- ENV="...";
- }
-
-
-
-
-
-
- Where do I output the build?
-
-
- Just another variable called $out
-
-
-
- Determined by hashing the derivation iteslf
-
-
-
- How does source code get on the machine though?
-
-
- Fixed-output Derivation:
-
-
- builtins.derivation {
- name = "mybuild";
- builder = "${pkgs.python}/bin/python";
- args = [ "${./script.py}" ];
- system = "x86_64-linux";
-
-
-
-
- outputHashAlgo = "sha256";
- outputHash = "...";
- }
-
-
-
- The build sees:
-
-
- - Paths referenced by its derivation
- - That's it...
- - The Internet
-
-
-
- In practice:
-
- Why is this awesome?
-
-
- - Reproducible, even across machines
- - Trivial to offload
- - You can be sure what's in a package
- - Trivial to distribute builds
-
-
+ outputs = {nixpkgs, ...}: let
+ system = "x86_64-linux";
+ pkgs = nixpkgs.legacyPackages.${system};
+ in {
+ devShells.${system}.default = pkgs.mkShell with pkgs; {
+ nativeBuildInputs = [
+ python3
+ nixfmt
+ (writeShellScriptBin "foobar" ''
+ echo 'Welcome to the FIT Nix meetup'
+ '')
+ (writeShellScriptBin "my-old-python" ''
+ ${pkgs.python38}/bin/python "$@"
+ '')
+ hello.nativeBuildInputs
+ ];
+ };
+ };
+}
+
+
+
+
+
+
+
+
+ Declaring your own package: Demo