NixOS: The Only Functional GNU/Linux Distribution
Transcription
NixOS: The Only Functional GNU/Linux Distribution
NixOS: The Only Functional GNU/Linux Distribution Ludovic Courtès [email protected] Libre Software Meeting 2010, Bordeaux NixOS: The Only Functional GNU/Linux Distribution To The Author’s Knowledge Ludovic Courtès [email protected] Libre Software Meeting 2010, Bordeaux NixOS: The Only Functional GNU/Linux Distribution To The Author’s Knowledge Yes, your favorite distro works like a charm, too. Ludovic Courtès [email protected] Libre Software Meeting 2010, Bordeaux What’s NixOS? http://nixos.org/ I a free GNU/Linux distro (MIT/X11), est. 2006 I i686, x86 64, armv5tel I ≈4000 packages, ≈15 regular contributors (yeah!) I transparent binary/source deployment Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses Per-User, Unprivileged Package Installation alice@foo$ nix-env --install gcc-4.5 icecat-3.6 Per-User, Unprivileged Package Installation alice@foo$ nix-env --install gcc-4.5 icecat-3.6 bob@foo$ nix-env --install gcc-4.3 icecat-3.7 Per-User, Unprivileged Package Installation alice@foo$ nix-env --install gcc-4.5 icecat-3.6 alice@foo$ nix-store -q --requisites ‘which icecat‘ /nix/store/...-glibc-2.10 /nix/store/...-gtk+-2.16.6 /nix/store/...-alsa-lib-1.0.19 ... bob@foo$ nix-env --install gcc-4.3 icecat-3.7 Per-User, Unprivileged Package Installation alice@foo$ nix-env --install gcc-4.5 icecat-3.6 alice@foo$ nix-store -q --requisites ‘which icecat‘ /nix/store/...-glibc-2.10 /nix/store/...-gtk+-2.16.6 /nix/store/...-alsa-lib-1.0.19 ... bob@foo$ nix-env --install gcc-4.3 icecat-3.7 bob@foo$ nix-store -q --requisites ‘which icecat‘ /nix/store/...-glibc-2.11.1 /nix/store/...-gtk+-2.18.6 /nix/store/...-alsa-lib-1.0.21a ... Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses Atomic & Transactional Upgrades $ nix-env upgrading upgrading upgrading upgrading upgrading upgrading upgrading ... --upgrade ’*’ ‘git-1.6.5’ to ‘git-1.7.1’ ‘gimp-2.6.8’ to ‘gimp-2.6.9’ ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’ ‘gdb-7.0.1’ to ‘gdb-7.1’ ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’ ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’ ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2’ Atomic & Transactional Upgrades $ nix-env upgrading upgrading upgrading upgrading upgrading upgrading upgrading ... --upgrade ’*’ ‘git-1.6.5’ to ‘git-1.7.1’ ‘gimp-2.6.8’ to ‘gimp-2.6.9’ ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’ ‘gdb-7.0.1’ to ‘gdb-7.1’ ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’ ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’ ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2’ $ git --version ; gimp --version git version 1.7.1 GNU Image Manipulation Program version 2.6.9 Atomic & Transactional Upgrades $ nix-env upgrading upgrading upgrading upgrading upgrading upgrading upgrading ... --upgrade ’*’ ‘git-1.6.5’ to ‘git-1.7.1’ ‘gimp-2.6.8’ to ‘gimp-2.6.9’ ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’ ‘gdb-7.0.1’ to ‘gdb-7.1’ ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’ ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’ ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2’ Atomic & Transactional Upgrades $ nix-env --upgrade ’*’ upgrading ‘git-1.6.5’ to ‘git-1.7.1’ upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’ upgrading ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’ upgrading ‘gdb-7.0.1’ to ‘gdb-7.1’ upgrading ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’ upgrading ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’ upgrading ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2’ ... (interrupted right in the middle) $ git --version ; gimp --version git version 1.6.5 GNU Image Manipulation Program version 2.6.8 Atomic & Transactional Upgrades $ nix-env --upgrade ’*’ upgrading ‘git-1.6.5’ to ‘git-1.7.1’ upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’ upgrading ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’ upgrading ‘gdb-7.0.1’ to ‘gdb-7.1’ upgrading ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’ upgrading ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’ upgrading ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2’ ... (interrupted right in the middle) $ git --version ; gimp --version git version 1.6.5 GNU Image Manipulation Program version 2.6.8 Per-User Rollback $ gimp --version GNU Image Manipulation Program version 2.6.8 Per-User Rollback $ gimp --version GNU Image Manipulation Program version 2.6.8 $ nix-env --upgrade gimp upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’ ... Per-User Rollback $ gimp --version GNU Image Manipulation Program version 2.6.8 $ nix-env --upgrade gimp upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’ ... $ gimp --version Segmentation Fault Per-User Rollback $ gimp --version GNU Image Manipulation Program version 2.6.8 $ nix-env --upgrade gimp upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’ ... $ gimp --version Segmentation Fault $ nix-env --rollback switching from generation 278 to 277 Per-User Rollback $ gimp --version GNU Image Manipulation Program version 2.6.8 $ nix-env --upgrade gimp upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’ ... $ gimp --version Segmentation Fault $ nix-env --rollback switching from generation 278 to 277 $ gimp --version GNU Image Manipulation Program version 2.6.8 Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses System Description /etc/nixos/configuration.nix { pkgs, config, modulesPath, ... }: { boot = { kernelPackages = pkgs.linuxPackages 2 6 31; initrd.kernelModules = [ "uhci hcd" "ata piix" ]; kernelModules = [ "kvm-intel" "sdhci" "fuse" ]; loader.grub = { device = "/dev/sda"; version = 2; }; }; System Description /etc/nixos/configuration.nix fileSystems = [ { mountPoint = "/"; fsType = "ext3"; device = "/dev/sda1"; } { mountPoint = "/home"; fsType = "ext3"; device = "/dev/sda3"; } ]; swapDevices = [ device = "/dev/sda2"; ]; System Description /etc/nixos/configuration.nix networking.hostName = "mylaptop"; security.extraSetuidPrograms = [ "sudo" "xlaunch" "xscreensaver" "xlock" "wodim" ]; time.timeZone = "Europe/Paris"; users = { extraUsers = [ { name = "ludo"; group = "users"; extraGroups = [ "audio" "cdrom" "video" ]; } ]; }; System Description /etc/nixos/configuration.nix services = { lshd = { enable = true; rootLogin = true; }; tor.enable = true; avahi.enable = true; xserver = { enable = true; videoDriver = "intel"; driSupport = true; synaptics.enable = true; }; }; } Whole-System Instantiation $ sudo nixos-rebuild switch ... Whole-System Instantiation $ nixos-rebuild build-vm ... Whole-System Instantiation $ nixos-rebuild build-vm ... Whole-System Instantiation $ nixos-rebuild build-vm ... Done. The virtual machine can be started by running ./result/bin/run-my-vm. Whole-System Instantiation $ nixos-rebuild build-vm ... Whole-System Instantiation $ sudo nixos-rebuild test ... “activates” the configuration (restarts daemons, etc.) Whole-System Instantiation $ sudo nixos-rebuild switch ... activates the configuration & makes it the boot default Whole-System Instantiation $ sudo nixos-rebuild ... System-Wide Rollback $ nixos-rebuild switch --rollback ... System-Wide Rollback $ nixos-rebuild switch --rollback ... ... and voilà. So you’re already convinced... Get the ISO! :-) http://hydra.nixos.org/job/nixos/trunk/iso_graphical/ latest So you’re already convinced... Get the mug! :-) Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses Build Environments & Reproducibility I versions of the dependencies I compiler I compilation options, and those of dependencies I miscellaneous (locale, timezone, etc.) I paths Build Environments & Reproducibility I versions of the dependencies I compiler I compilation options, and those of dependencies I miscellaneous (locale, timezone, etc.) I paths -I/path/to/headers -L/path/to/lib $CPATH $LIBRARY PATH Build Environments & Reproducibility I versions of the dependencies I compiler I compilation options, and those of dependencies I miscellaneous (locale, timezone, etc.) I paths -I/path/to/headers $CPATH -L/path/to/lib $LIBRARY PATH $LD LIBRARY PATH RPATH RUNPATH Build Environments & Reproducibility I versions of the dependencies I compiler I compilation options, and those of dependencies I miscellaneous (locale, timezone, etc.) I paths -I/path/to/headers $CPATH -L/path/to/lib $LIBRARY PATH $LD LIBRARY PATH RPATH $PYTHONPATH $XML CATALOG FILES RUNPATH $CLASSPATH $PERL5LIB $GUILE LOAD PATH Build Environments & Reproducibility I versions of the dependencies I compiler I compilation options, and those of dependencies I miscellaneous (locale, timezone, etc.) I paths -I/path/to/headers $CPATH -L/path/to/lib Ahem, reproducible builds?$LIBRARY PATH $LD LIBRARY PATH RPATH RUNPATH $PYTHONPATH $XML CATALOG FILES $CLASSPATH $PERL5LIB $GUILE LOAD PATH How Nix Controls the Build Environment How Nix Controls the Build Environment 1. one directory per installed package How Nix Controls the Build Environment 1. one directory per installed package 2. immutable installation directories How Nix Controls the Build Environment 1. one directory per installed package 2. immutable installation directories 3. undeclared dependencies invisible to the build process (POLA) Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses The Nix Store /nix/store c6jbqm2mc0a7...-emacs-23.2.1 bin emacs smkabrbibqv7...-gnutls-2.10.0 lib libgnutls.so.26.16.8 l9w6773m1msy...-lsh-2.0.4 bin lsh sbin lshd im276akmsrhv...-glibc-2.11 lib libc.so.6 User Environments /nix/store $PATH /nix/.../profiles current 42 pp56i0a01si5...-user-env bin icecat ssh l9w6773m1msy...-openssh-4.6p1 bin ssh rpdqxnilb0cg...-icecat-3.5.4 bin icecat User Environments /nix/store $PATH /nix/.../profiles current 42 pp56i0a01si5...-user-env bin icecat ssh l9w6773m1msy...-openssh-4.6p1 bin ssh rpdqxnilb0cg...-icecat-3.5.4 bin icecat aqn3wygq9jzk...-openssh-5.2p1 bin ssh nix-env --upgrade openssh User Environments /nix/store $PATH /nix/.../profiles current 42 pp56i0a01si5...-user-env bin icecat ssh l9w6773m1msy...-openssh-4.6p1 bin ssh rpdqxnilb0cg...-icecat-3.5.4 bin icecat aqn3wygq9jzk...-openssh-5.2p1 bin ssh i3d9vh6d8ip1...-user-env bin ssh icecat nix-env --upgrade openssh User Environments /nix/store $PATH /nix/.../profiles current 42 43 pp56i0a01si5...-user-env bin icecat ssh l9w6773m1msy...-openssh-4.6p1 bin ssh rpdqxnilb0cg...-icecat-3.5.4 bin icecat aqn3wygq9jzk...-openssh-5.2p1 bin ssh i3d9vh6d8ip1...-user-env bin ssh icecat nix-env --upgrade openssh User Environments /nix/store $PATH /nix/.../profiles current 42 43 pp56i0a01si5...-user-env bin icecat ssh l9w6773m1msy...-openssh-4.6p1 bin ssh rpdqxnilb0cg...-icecat-3.5.4 bin icecat aqn3wygq9jzk...-openssh-5.2p1 bin ssh i3d9vh6d8ip1...-user-env bin ssh icecat nix-env --upgrade openssh User Environments /nix/store $PATH /nix/.../profiles current 43 pp56i0a01si5...-user-env bin icecat ssh l9w6773m1msy...-openssh-4.6p1 bin ssh rpdqxnilb0cg...-icecat-3.5.4 bin icecat aqn3wygq9jzk...-openssh-5.2p1 bin ssh i3d9vh6d8ip1...-user-env bin ssh icecat nix-env --remove-generations old User Environments /nix/store $PATH /nix/.../profiles current 43 rpdqxnilb0cg...-icecat-3.5.4 bin icecat aqn3wygq9jzk...-openssh-5.2p1 bin ssh i3d9vh6d8ip1...-user-env bin ssh icecat nix-collect-garbage Store Paths $ nix-build -A guile Store Paths $ nix-build -A guile /nix/store/ h2g4sc09h4... -guile-1.9.11 hash of all the dependencies Store Paths $ nix-build -A guile /nix/store/ h2g4sc09h4... -guile-1.9.11 $ nix-store -q --requisites ‘which guile‘ /nix/store/4jl83jgzaac...-glibc-2.11.1 /nix/store/iplay43cg58...-libunistring-0.9.3 /nix/store/47p47v92cj9...-libffi-3.0.9 /nix/store/drkwck2j965...-gmp-4.5.0 ... Store Paths $ nix-build -A guile /nix/store/ h2g4sc09h4... -guile-1.9.11 $ nix-store -q --requisites ‘which guile‘ /nix/store/4jl83jgzaac...-glibc-2.11.1 /nix/store/iplay43cg58...-libunistring-0.9.3 /nix/store/47p47v92cj9...-libffi-3.0.9 /nix/store/drkwck2j965...-gmp-4.5.0 ... $ nix-copy-closure --to [email protected] ‘which guile‘ ... Complete Dependency Specification build-time dependencies of GNU Hello bzip2 mkdir curl.bz2 download.sh ln bootstrap-tools.cpio.bz2.drv prehook.sh cpio sh unpack-bootstrap-tools.sh bootstrap-tools.drv default-builder.sh builder.sh write-mirror-list.sh builder.sh ld-wrapper.sh bootstrap-glibc.drv utils.sh setup-hook.sh add-flags no-sys-dirs.patch setup-hook.sh stdenv-linux-boot.drv gcc-wrapper.sh mirrors-list.drv bootstrap-gcc.drv linux-2.6.28.5.tar.bz2.drv glibc-2.9-20081208.tar.bz2.drv binutils-2.19.1.tar.bz2.drv mpfr-2.4.1.tar.bz2.drv gmp-4.3.1.tar.bz2.drv texinfo-4.13a.tar.lzma.drv ncurses-5.7.tar.gz.drv perl-5.10.0.tar.gz.drv gcc-core-4.3.3.tar.bz2.drv m4-1.4.13.tar.bz2.drv lzma-4.32.7.tar.gz.drv sed-4.1.5.tar.gz.drv gcc-g++-4.3.3.tar.bz2.drv bash40-017.drv attr_2.4.43-1.tar.gz.drv bzip2-1.0.5.tar.gz.drv bash40-016.drv bash40-015.drv coreutils-7.2.tar.gz.drv bash40-010.drv bison-2.3.tar.bz2.drv bash40-006.drv bash-4.0.tar.gz.drv stdenv-linux-boot.drv perl-5.10.0.drv linux-headers-2.6.28.5.drv builder.sh nss-skip-unavail.patch locale-override.patch rpcgen-path.patch glibc-2.9.drv bootstrap-gcc.drv new-dtags.patch ncurses-5.7.drv lzma-4.32.7.drv stdenv-linux-boot.drv binutils-2.19.1.drv gnum4-1.4.13.drv texinfo-4.13a.drv gmp-4.3.1.drv pass-cxxcpp.patch builder.sh no-sys-dirs.patch mpfr-2.4.1.drv gcc-4.3.3.drv gcc-wrapper-4.3.3.drv malloc.patch replace-2.24.drv gettext-fix.patch pcre-7.8.drv gnugrep-2.5.4.drv gawk-3.1.6.drv lzma-4.32.7.drv gettext-0.17.drv perl-5.10.0.drv stdenv-linux-boot.drv gnused-4.1.5.drv builder.sh log.patch bzip2-1.0.5.drv libtool-2.2.6a.drv gnum4-1.4.13.drv gnupatch-2.5.4.drv bison-2.3.drv attr-2.4.43.drv bash-4.0-p17.drv acl-2.2.47.drv gcc-wrapper-4.3.3.drv coreutils-7.2.drv diffutils-2.8.1.drv findutils-path.patch prehook.sh change_echo_path.patch findutils-4.4.1.drv stdenv-linux.drv mirrors-list.drv perl-5.10.0.drv zlib-1.2.3.drv openssl-0.9.8k.drv connect-timeout.patch curl-7.19.4.drv hello-2.3.tar.bz2.drv hello-2.3.drv patchelf-0.4.drv impure-dirs.patch gnulib-futimens.patch gnumake-3.81.drv gzip-1.3.12.drv implausible.patch gnutar-1.22.drv bash40-001.drv bash40-003.drv builder.sh bash40-012.drv gettext-0.17.tar.gz.drv libtool-2.2.6a.tar.lzma.drv bash40-002.drv bash40-004.drv bash40-009.drv bash40-011.drv replace-2.24-src-11.11.tar.gz.drv bash40-014.drv bash40-013.drv bash40-007.drv bash40-008.drv bash40-005.drv diffutils-2.8.1.tar.gz.drv gawk-3.1.6.tar.bz2.drv acl_2.2.47-1.tar.gz.drv pcre-7.8.tar.bz2.drv grep-2.5.4.tar.bz2.drv patch-2.5.4.tar.gz.drv findutils-4.4.1.tar.gz.drv patchelf-0.4.tar.bz2.drv make-3.81.tar.bz2.drv gzip-1.3.12.tar.gz.drv tar-1.22.tar.bz2.drv zlib-1.2.3.tar.gz.drv openssl-0.9.8k.tar.gz.drv curl-7.19.4.tar.bz2.drv setup.sh Complete Dependency Specification build-time dependencies of GNU Hello bzip2 mkdir curl.bz2 download.sh ln bootstrap-tools.cpio.bz2.drv prehook.sh cpio sh unpack-bootstrap-tools.sh bootstrap-tools.drv default-builder.sh builder.sh write-mirror-list.sh builder.sh ld-wrapper.sh bootstrap-glibc.drv utils.sh setup-hook.sh add-flags mirrors-list.drv bootstrap-gcc.drv no-sys-dirs.patch setup-hook.sh stdenv-linux-boot.drv gcc-wrapper.sh linux-2.6.28.5.tar.bz2.drv glibc-2.9-20081208.tar.bz2.drv binutils-2.19.1.tar.bz2.drv mpfr-2.4.1.tar.bz2.drv gmp-4.3.1.tar.bz2.drv texinfo-4.13a.tar.lzma.drv ncurses-5.7.tar.gz.drv perl-5.10.0.tar.gz.drv gcc-core-4.3.3.tar.bz2.drv m4-1.4.13.tar.bz2.drv lzma-4.32.7.tar.gz.drv sed-4.1.5.tar.gz.drv gcc-g++-4.3.3.tar.bz2.drv bash40-017.drv attr_2.4.43-1.tar.gz.drv bzip2-1.0.5.tar.gz.drv bash40-016.drv bash40-015.drv coreutils-7.2.tar.gz.drv bash40-010.drv bison-2.3.tar.bz2.drv bash40-006.drv bash-4.0.tar.gz.drv bash40-001.drv stdenv-linux-boot.drv perl-5.10.0.drv linux-headers-2.6.28.5.drv builder.sh nss-skip-unavail.patch locale-override.patch rpcgen-path.patch glibc-2.9.drv bootstrap-gcc.drv new-dtags.patch ncurses-5.7.drv lzma-4.32.7.drv stdenv-linux-boot.drv binutils-2.19.1.drv gnum4-1.4.13.drv texinfo-4.13a.drv gmp-4.3.1.drv pass-cxxcpp.patch builder.sh no-sys-dirs.patch mpfr-2.4.1.drv gcc-4.3.3.drv gcc-wrapper-4.3.3.drv malloc.patch replace-2.24.drv gettext-fix.patch pcre-7.8.drv gnugrep-2.5.4.drv gawk-3.1.6.drv lzma-4.32.7.drv gettext-0.17.drv perl-5.10.0.drv stdenv-linux-boot.drv gnused-4.1.5.drv builder.sh log.patch bzip2-1.0.5.drv libtool-2.2.6a.drv gnum4-1.4.13.drv gnupatch-2.5.4.drv patchelf-0.4.drv impure-dirs.patch gnulib-futimens.patch gnumake-3.81.drv gzip-1.3.12.drv implausible.patch gnutar-1.22.drv bison-2.3.drv attr-2.4.43.drv bash-4.0-p17.drv acl-2.2.47.drv gcc-wrapper-4.3.3.drv coreutils-7.2.drv diffutils-2.8.1.drv findutils-path.patch prehook.sh change_echo_path.patch findutils-4.4.1.drv stdenv-linux.drv mirrors-list.drv perl-5.10.0.drv zlib-1.2.3.drv openssl-0.9.8k.drv connect-timeout.patch curl-7.19.4.drv hello-2.3.tar.bz2.drv hello-2.3.drv ... down to the compiler’s compiler! bash40-003.drv builder.sh bash40-012.drv gettext-0.17.tar.gz.drv libtool-2.2.6a.tar.lzma.drv bash40-002.drv bash40-004.drv bash40-009.drv bash40-011.drv replace-2.24-src-11.11.tar.gz.drv bash40-014.drv bash40-013.drv bash40-007.drv bash40-008.drv bash40-005.drv diffutils-2.8.1.tar.gz.drv gawk-3.1.6.tar.bz2.drv acl_2.2.47-1.tar.gz.drv pcre-7.8.tar.bz2.drv grep-2.5.4.tar.bz2.drv patch-2.5.4.tar.gz.drv findutils-4.4.1.tar.gz.drv patchelf-0.4.tar.bz2.drv make-3.81.tar.bz2.drv gzip-1.3.12.tar.gz.drv tar-1.22.tar.bz2.drv zlib-1.2.3.tar.gz.drv openssl-0.9.8k.tar.gz.drv curl-7.19.4.tar.bz2.drv setup.sh Complete Dependency Specification run-time dependencies of GNU Hello linux-headers-2.6.28.5 glibc-2.11 hello-2.3 run-time dependencies inferred by conservative scanning Build Recipes (a.k.a. “Nix Expressions”) function definition { fetchurl, stdenv } : formal parameters stdenv . mkDerivation { function call name = "hello-2.3"; src = fetchurl { url = mirror://gnu/hello/hello-2.3.tar.bz2; sha256 = "0c7vijq8y68..."; }; meta = { description = "Produces a friendly greeting"; homepage = http://www.gnu.org/software/hello/; license = "GPLv3+"; }; } Build Recipes (a.k.a. “Nix Expressions”) gcc, make, etc. { fetchurl, stdenv , gettext } : stdenv . mkDerivation { name = "hello-2.3"; src = fetchurl { url = mirror://gnu/hello/hello-2.3.tar.bz2; sha256 = "0c7vijq8y68..."; }; buildInputs = [ gettext ]; dependency meta = { description = "Produces a friendly greeting"; homepage = http://www.gnu.org/software/hello/; license = "GPLv3+"; }; } Package Composition all-packages.nix gettext = import ../development/libraries/gettext inherit fetchurl stdenv libiconv; }; ... actual parameters hello = import ../applications/misc/hello inherit fetchurl stdenv ; }; { function call { Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses Nix implements a functional software deployment model. Nix implements a functional software deployment model. I immutable software installations Nix implements a functional software deployment model. I immutable software installations I builds/installs have no side effects Nix implements a functional software deployment model. I immutable software installations I builds/installs have no side effects I build & deployment ≡ calling the build function I Nix store ≡ cache of function call results Nix implements a functional software deployment model. I immutable software installations I builds/installs have no side effects I build & deployment ≡ calling the build function I Nix store ≡ cache of function call results I garbage collection... Outline Bells, Whistles, and More Per-User Package Installation Transactional Upgrades & Rollback System Description & Instantiation The Mechanics Build Environments Building Packages Putting It Another Way Bonuses Cross-Compilation 1. define the target system crossSystem = { # GNU/Linux on ARM (SheevaPlug) config = "armv5tel-unknown-linux-gnueabi"; bigEndian = false; arch = "arm"; libc = "glibc"; float = "soft"; withTLS = true; platform = pkgs.platforms.sheevaplug; }; Cross-Compilation 1. define the target system crossSystem = { config = "i586-pc-gnu"; bigEndian = false; arch = "i586"; libc = "glibc"; float = "hard"; withTLS = true; platform = pkgs.platforms.pc; }; # GNU, a.k.a. GNU/Hurd Cross-Compilation 1. define the target system 2. build $ nix-build -A coreutils.hostDrv ... Cross-Compilation 1. define the target system 2. build 3. copy to the target store $ nix-copy-closure --to target@foo /nix/store/... ... Cross-Compilation 1. define the target system 2. build 3. copy to the target store 4. install on the target target$ nix-env --install /nix/store/... ... System-Wide Regression Testing Using VM Networks { pkgs, ... }: { nodes = { server = { pkgs, config, ... }: { services.openssh.enable = true; }; client = { pkgs, config, ... }: { }; }; System-Wide Regression Testing Using VM Networks { pkgs, ... }: { nodes = { server = { pkgs, config, ... }: { services.openssh.enable = true; }; client = { pkgs, config, ... }: { kernelPackages = pkgs.linuxPackages 2 6 25; }; }; System-Wide Regression Testing Using VM Networks testScript = ’’ my $key=‘$pkgs.openssh/bin/ssh-keygen -t dsa -f key -N $server->mustSucceed("mkdir -m 700 /root/.ssh"); $server->copyFileFromHost("key.pub", "/root/.ssh/author $client->mustSucceed("mkdir -m 700 /root/.ssh"); $client->copyFileFromHost("key", "/root/.ssh/id dsa"); $client->mustSucceed("chmod 600 /root/.ssh/id dsa"); $client->mustSucceed("ssh server ’echo Hello RMLL’"); ’’; } Continuous Integration with Hydra/Nix 30+ GNU packages continuously built http://hydra.nixos.org/project/gnu/ Continuous Integration with Hydra/Nix Continuous Integration with Hydra/Nix Continuous Integration with Hydra/Nix Summary NixOS rocks. Summary I Features I I I I per-user, unprivileged installation transactional upgrades; rollback whole-system configuration transactional upgrades & rollback Foundations I I I purely functional package management traceable package source & dependencies completely bootstrapped Thanks! [email protected] http://nixos.org/ http://repo.or.cz/w/nixpkgs-libre.git License c 2010 Ludovic Courtès [email protected]. Copyright Drawings of the Nix store are: c 2009 Eelco Dolstra [email protected]. Copyright Copyright of other images included in this document is held by their respective owners. This work is licensed under the Creative Commons Attribution-Share Alike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. At your option, you may instead copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/licenses/gfdl.html.