aboutsummaryrefslogtreecommitdiff
path: root/doc/manual/src
diff options
context:
space:
mode:
authorJohn Ericson <John.Ericson@Obsidian.Systems>2021-10-14 20:07:20 +0000
committerJohn Ericson <John.Ericson@Obsidian.Systems>2021-10-14 20:07:20 +0000
commit7869be49c2735280ceabbd13c087b4a06444ae63 (patch)
treea93530cdfba9f3056f727de26548c71157de19e5 /doc/manual/src
parent2dd11f07808c8b86513260b85f35a70cbe9b1249 (diff)
parent4c0cde95ad8dc95f876e5cf32790e73e08f49b28 (diff)
Merge remote-tracking branch 'upstream/master' into trustless-remote-builder-simple
Diffstat (limited to 'doc/manual/src')
-rw-r--r--doc/manual/src/SUMMARY.md.in1
-rw-r--r--doc/manual/src/advanced-topics/cores-vs-jobs.md4
-rw-r--r--doc/manual/src/advanced-topics/distributed-builds.md10
-rw-r--r--doc/manual/src/command-ref/env-common.md74
-rw-r--r--doc/manual/src/command-ref/nix-build.md6
-rw-r--r--doc/manual/src/command-ref/nix-channel.md16
-rw-r--r--doc/manual/src/command-ref/nix-copy-closure.md14
-rw-r--r--doc/manual/src/command-ref/nix-env.md76
-rw-r--r--doc/manual/src/command-ref/nix-hash.md12
-rw-r--r--doc/manual/src/command-ref/nix-instantiate.md16
-rw-r--r--doc/manual/src/command-ref/nix-prefetch-url.md10
-rw-r--r--doc/manual/src/command-ref/nix-shell.md20
-rw-r--r--doc/manual/src/command-ref/nix-store.md64
-rw-r--r--doc/manual/src/command-ref/opt-common.md105
-rw-r--r--doc/manual/src/expressions/advanced-attributes.md100
-rw-r--r--doc/manual/src/expressions/builtin-constants.md4
-rw-r--r--doc/manual/src/expressions/builtins-prefix.md9
-rw-r--r--doc/manual/src/expressions/builtins-suffix.md1
-rw-r--r--doc/manual/src/expressions/language-values.md7
-rw-r--r--doc/manual/src/glossary.md32
-rw-r--r--doc/manual/src/installation/env-variables.md2
-rw-r--r--doc/manual/src/installation/installing-binary.md209
-rw-r--r--doc/manual/src/installation/prerequisites-source.md9
-rw-r--r--doc/manual/src/package-management/s3-substituter.md8
-rw-r--r--doc/manual/src/release-notes/rl-2.4.md506
-rw-r--r--doc/manual/src/release-notes/rl-2.5.md5
26 files changed, 846 insertions, 474 deletions
diff --git a/doc/manual/src/SUMMARY.md.in b/doc/manual/src/SUMMARY.md.in
index 448fee803..df9209c7d 100644
--- a/doc/manual/src/SUMMARY.md.in
+++ b/doc/manual/src/SUMMARY.md.in
@@ -70,6 +70,7 @@
- [Hacking](contributing/hacking.md)
- [CLI guideline](contributing/cli-guideline.md)
- [Release Notes](release-notes/release-notes.md)
+ - [Release 2.4 (2021-XX-XX)](release-notes/rl-2.4.md)
- [Release 2.3 (2019-09-04)](release-notes/rl-2.3.md)
- [Release 2.2 (2019-01-11)](release-notes/rl-2.2.md)
- [Release 2.1 (2018-09-02)](release-notes/rl-2.1.md)
diff --git a/doc/manual/src/advanced-topics/cores-vs-jobs.md b/doc/manual/src/advanced-topics/cores-vs-jobs.md
index 4a9058ca1..9e91ab9c7 100644
--- a/doc/manual/src/advanced-topics/cores-vs-jobs.md
+++ b/doc/manual/src/advanced-topics/cores-vs-jobs.md
@@ -4,13 +4,13 @@ Nix has two relevant settings with regards to how your CPU cores will
be utilized: `cores` and `max-jobs`. This chapter will talk about what
they are, how they interact, and their configuration trade-offs.
- - `max-jobs`
+ - `max-jobs`\
Dictates how many separate derivations will be built at the same
time. If you set this to zero, the local machine will do no
builds. Nix will still substitute from binary caches, and build
remotely if remote builders are configured.
- - `cores`
+ - `cores`\
Suggests how many cores each derivation should use. Similar to
`make -j`.
diff --git a/doc/manual/src/advanced-topics/distributed-builds.md b/doc/manual/src/advanced-topics/distributed-builds.md
index c6966a50b..580b36736 100644
--- a/doc/manual/src/advanced-topics/distributed-builds.md
+++ b/doc/manual/src/advanced-topics/distributed-builds.md
@@ -37,7 +37,7 @@ then you need to ensure that the `PATH` of non-interactive login shells
contains Nix.
> **Warning**
->
+>
> If you are building via the Nix daemon, it is the Nix daemon user
> account (that is, `root`) that should have SSH access to the remote
> machine. If you can’t or don’t want to configure `root` to be able to
@@ -52,7 +52,7 @@ example, the following command allows you to build a derivation for
```console
$ uname
Linux
-
+
$ nix build \
'(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
--builders 'ssh://mac x86_64-darwin'
@@ -103,7 +103,7 @@ default, set it to `-`.
```nix
requiredSystemFeatures = [ "kvm" ];
```
-
+
will cause the build to be performed on a machine that has the `kvm`
feature.
@@ -112,6 +112,10 @@ default, set it to `-`.
features appear in the derivation’s `requiredSystemFeatures`
attribute..
+8. The (base64-encoded) public host key of the remote machine. If omitted, SSH
+ will use its regular known-hosts file. Specifically, the field is calculated
+ via `base64 -w0 /etc/ssh/ssh_host_ed25519_key.pub`.
+
For example, the machine specification
nix@scratchy.labs.cs.uu.nl i686-linux /home/nix/.ssh/id_scratchy_auto 8 1 kvm
diff --git a/doc/manual/src/command-ref/env-common.md b/doc/manual/src/command-ref/env-common.md
index c670d82b8..6e2403461 100644
--- a/doc/manual/src/command-ref/env-common.md
+++ b/doc/manual/src/command-ref/env-common.md
@@ -2,45 +2,49 @@
Most Nix commands interpret the following environment variables:
- - `IN_NIX_SHELL`
+ - `IN_NIX_SHELL`\
Indicator that tells if the current environment was set up by
`nix-shell`. Since Nix 2.0 the values are `"pure"` and `"impure"`
- - `NIX_PATH`
+ - `NIX_PATH`\
A colon-separated list of directories used to look up Nix
expressions enclosed in angle brackets (i.e., `<path>`). For
instance, the value
-
+
/home/eelco/Dev:/etc/nixos
-
+
will cause Nix to look for paths relative to `/home/eelco/Dev` and
`/etc/nixos`, in this order. It is also possible to match paths
against a prefix. For example, the value
-
+
nixpkgs=/home/eelco/Dev/nixpkgs-branch:/etc/nixos
-
+
will cause Nix to search for `<nixpkgs/path>` in
`/home/eelco/Dev/nixpkgs-branch/path` and `/etc/nixos/nixpkgs/path`.
-
+
If a path in the Nix search path starts with `http://` or
`https://`, it is interpreted as the URL of a tarball that will be
downloaded and unpacked to a temporary location. The tarball must
consist of a single top-level directory. For example, setting
`NIX_PATH` to
-
- nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-15.09.tar.gz
-
- tells Nix to download the latest revision in the Nixpkgs/NixOS 15.09
- channel.
-
- A following shorthand can be used to refer to the official channels:
-
- nixpkgs=channel:nixos-15.09
-
- The search path can be extended using the `-I` option, which takes
- precedence over `NIX_PATH`.
-
- - `NIX_IGNORE_SYMLINK_STORE`
+
+ nixpkgs=https://github.com/NixOS/nixpkgs/archive/master.tar.gz
+
+ tells Nix to download and use the current contents of the
+ `master` branch in the `nixpkgs` repository.
+
+ The URLs of the tarballs from the official nixos.org channels (see
+ [the manual for `nix-channel`](nix-channel.md)) can be abbreviated
+ as `channel:<channel-name>`. For instance, the following two
+ values of `NIX_PATH` are equivalent:
+
+ nixpkgs=channel:nixos-21.05
+ nixpkgs=https://nixos.org/channels/nixos-21.05/nixexprs.tar.xz
+
+ The Nix search path can also be extended using the `-I` option to
+ many Nix commands, which takes precedence over `NIX_PATH`.
+
+ - `NIX_IGNORE_SYMLINK_STORE`\
Normally, the Nix store directory (typically `/nix/store`) is not
allowed to contain any symlink components. This is to prevent
“impure” builds. Builders sometimes “canonicalise” paths by
@@ -50,7 +54,7 @@ Most Nix commands interpret the following environment variables:
builds are deployed to machines where `/nix/store` resolves
differently. If you are sure that you’re not going to do that, you
can set `NIX_IGNORE_SYMLINK_STORE` to `1`.
-
+
Note that if you’re symlinking the Nix store so that you can put it
on another file system than the root file system, on Linux you’re
better off using `bind` mount points, e.g.,
@@ -59,44 +63,44 @@ Most Nix commands interpret the following environment variables:
$ mkdir /nix
$ mount -o bind /mnt/otherdisk/nix /nix
```
-
+
Consult the mount 8 manual page for details.
- - `NIX_STORE_DIR`
+ - `NIX_STORE_DIR`\
Overrides the location of the Nix store (default `prefix/store`).
- - `NIX_DATA_DIR`
+ - `NIX_DATA_DIR`\
Overrides the location of the Nix static data directory (default
`prefix/share`).
- - `NIX_LOG_DIR`
+ - `NIX_LOG_DIR`\
Overrides the location of the Nix log directory (default
`prefix/var/log/nix`).
- - `NIX_STATE_DIR`
+ - `NIX_STATE_DIR`\
Overrides the location of the Nix state directory (default
`prefix/var/nix`).
- - `NIX_CONF_DIR`
+ - `NIX_CONF_DIR`\
Overrides the location of the system Nix configuration directory
(default `prefix/etc/nix`).
- - `NIX_CONFIG`
+ - `NIX_CONFIG`\
Applies settings from Nix configuration from the environment.
The content is treated as if it was read from a Nix configuration file.
Settings are separated by the newline character.
- - `NIX_USER_CONF_FILES`
+ - `NIX_USER_CONF_FILES`\
Overrides the location of the user Nix configuration files to load
from (defaults to the XDG spec locations). The variable is treated
as a list separated by the `:` token.
- - `TMPDIR`
+ - `TMPDIR`\
Use the specified directory to store temporary files. In particular,
this includes temporary build directories; these can take up
substantial amounts of disk space. The default is `/tmp`.
- - `NIX_REMOTE`
+ - `NIX_REMOTE`\
This variable should be set to `daemon` if you want to use the Nix
daemon to execute Nix operations. This is necessary in [multi-user
Nix installations](../installation/multi-user.md). If the Nix
@@ -104,16 +108,16 @@ Most Nix commands interpret the following environment variables:
should be set to `unix://path/to/socket`. Otherwise, it should be
left unset.
- - `NIX_SHOW_STATS`
+ - `NIX_SHOW_STATS`\
If set to `1`, Nix will print some evaluation statistics, such as
the number of values allocated.
- - `NIX_COUNT_CALLS`
+ - `NIX_COUNT_CALLS`\
If set to `1`, Nix will print how often functions were called during
Nix expression evaluation. This is useful for profiling your Nix
expressions.
- - `GC_INITIAL_HEAP_SIZE`
+ - `GC_INITIAL_HEAP_SIZE`\
If Nix has been configured to use the Boehm garbage collector, this
variable sets the initial size of the heap in bytes. It defaults to
384 MiB. Setting it to a low value reduces memory consumption, but
diff --git a/doc/manual/src/command-ref/nix-build.md b/doc/manual/src/command-ref/nix-build.md
index 4565bfbc2..43de7a6e6 100644
--- a/doc/manual/src/command-ref/nix-build.md
+++ b/doc/manual/src/command-ref/nix-build.md
@@ -47,16 +47,16 @@ All options not listed here are passed to `nix-store
--realise`, except for `--arg` and `--attr` / `-A` which are passed to
`nix-instantiate`.
- - `--no-out-link`
+ - `--no-out-link`\
Do not create a symlink to the output path. Note that as a result
the output does not become a root of the garbage collector, and so
might be deleted by `nix-store
--gc`.
- - `--dry-run`
+ - `--dry-run`\
Show what store paths would be built or downloaded.
- - `--out-link` / `-o` *outlink*
+ - `--out-link` / `-o` *outlink*\
Change the name of the symlink to the output path created from
`result` to *outlink*.
diff --git a/doc/manual/src/command-ref/nix-channel.md b/doc/manual/src/command-ref/nix-channel.md
index 4ca12d2cc..24353525f 100644
--- a/doc/manual/src/command-ref/nix-channel.md
+++ b/doc/manual/src/command-ref/nix-channel.md
@@ -17,26 +17,26 @@ To see the list of official NixOS channels, visit
This command has the following operations:
- - `--add` *url* \[*name*\]
+ - `--add` *url* \[*name*\]\
Adds a channel named *name* with URL *url* to the list of subscribed
channels. If *name* is omitted, it defaults to the last component of
*url*, with the suffixes `-stable` or `-unstable` removed.
- - `--remove` *name*
+ - `--remove` *name*\
Removes the channel named *name* from the list of subscribed
channels.
- - `--list`
+ - `--list`\
Prints the names and URLs of all subscribed channels on standard
output.
- - `--update` \[*names*…\]
+ - `--update` \[*names*…\]\
Downloads the Nix expressions of all subscribed channels (or only
those included in *names* if specified) and makes them the default
for `nix-env` operations (by symlinking them from the directory
`~/.nix-defexpr`).
- - `--rollback` \[*generation*\]
+ - `--rollback` \[*generation*\]\
Reverts the previous call to `nix-channel
--update`. Optionally, you can specify a specific channel generation
number to restore.
@@ -70,14 +70,14 @@ $ nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
# Files
- - `/nix/var/nix/profiles/per-user/username/channels`
+ - `/nix/var/nix/profiles/per-user/username/channels`\
`nix-channel` uses a `nix-env` profile to keep track of previous
versions of the subscribed channels. Every time you run `nix-channel
--update`, a new channel generation (that is, a symlink to the
channel Nix expressions in the Nix store) is created. This enables
`nix-channel --rollback` to revert to previous versions.
- - `~/.nix-defexpr/channels`
+ - `~/.nix-defexpr/channels`\
This is a symlink to
`/nix/var/nix/profiles/per-user/username/channels`. It ensures that
`nix-env` can find your channels. In a multi-user installation, you
@@ -89,7 +89,7 @@ $ nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
A channel URL should point to a directory containing the following
files:
- - `nixexprs.tar.xz`
+ - `nixexprs.tar.xz`\
A tarball containing Nix expressions and files referenced by them
(such as build scripts and patches). At the top level, the tarball
should contain a single directory. That directory must contain a
diff --git a/doc/manual/src/command-ref/nix-copy-closure.md b/doc/manual/src/command-ref/nix-copy-closure.md
index dcb844a72..7047d3012 100644
--- a/doc/manual/src/command-ref/nix-copy-closure.md
+++ b/doc/manual/src/command-ref/nix-copy-closure.md
@@ -35,21 +35,21 @@ and second to send the dump of those paths. If this bothers you, use
# Options
- - `--to`
+ - `--to`\
Copy the closure of _paths_ from the local Nix store to the Nix
store on _machine_. This is the default.
- - `--from`
+ - `--from`\
Copy the closure of _paths_ from the Nix store on _machine_ to the
local Nix store.
- - `--gzip`
+ - `--gzip`\
Enable compression of the SSH connection.
- - `--include-outputs`
+ - `--include-outputs`\
Also copy the outputs of store derivations included in the closure.
- - `--use-substitutes` / `-s`
+ - `--use-substitutes` / `-s`\
Attempt to download missing paths on the target machine using Nix’s
substitute mechanism. Any paths that cannot be substituted on the
target are still copied normally from the source. This is useful,
@@ -58,12 +58,12 @@ and second to send the dump of those paths. If this bothers you, use
`nixos.org` (the default binary cache server) is
fast.
- - `-v`
+ - `-v`\
Show verbose output.
# Environment variables
- - `NIX_SSHOPTS`
+ - `NIX_SSHOPTS`\
Additional options to be passed to `ssh` on the command
line.
diff --git a/doc/manual/src/command-ref/nix-env.md b/doc/manual/src/command-ref/nix-env.md
index 1c23bb0ad..9138fa05a 100644
--- a/doc/manual/src/command-ref/nix-env.md
+++ b/doc/manual/src/command-ref/nix-env.md
@@ -36,27 +36,27 @@ case-sensitive. The regular expression can optionally be followed by a
dash and a version number; if omitted, any version of the package will
match. Here are some examples:
- - `firefox`
+ - `firefox`\
Matches the package name `firefox` and any version.
- - `firefox-32.0`
+ - `firefox-32.0`\
Matches the package name `firefox` and version `32.0`.
- - `gtk\\+`
+ - `gtk\\+`\
Matches the package name `gtk+`. The `+` character must be escaped
using a backslash to prevent it from being interpreted as a
quantifier, and the backslash must be escaped in turn with another
backslash to ensure that the shell passes it on.
- - `.\*`
+ - `.\*`\
Matches any package name. This is the default for most commands.
- - `'.*zip.*'`
+ - `'.*zip.*'`\
Matches any package name containing the string `zip`. Note the dots:
`'*zip*'` does not work, because in a regular expression, the
character `*` is interpreted as a quantifier.
- - `'.*(firefox|chromium).*'`
+ - `'.*(firefox|chromium).*'`\
Matches any package name containing the strings `firefox` or
`chromium`.
@@ -66,7 +66,7 @@ This section lists the options that are common to all operations. These
options are allowed for every subcommand, though they may not always
have an effect.
- - `--file` / `-f` *path*
+ - `--file` / `-f` *path*\
Specifies the Nix expression (designated below as the *active Nix
expression*) used by the `--install`, `--upgrade`, and `--query
--available` operations to obtain derivations. The default is
@@ -77,13 +77,13 @@ have an effect.
unpacked to a temporary location. The tarball must include a single
top-level directory containing at least a file named `default.nix`.
- - `--profile` / `-p` *path*
+ - `--profile` / `-p` *path*\
Specifies the profile to be used by those operations that operate on
a profile (designated below as the *active profile*). A profile is a
sequence of user environments called *generations*, one of which is
the *current generation*.
- - `--dry-run`
+ - `--dry-run`\
For the `--install`, `--upgrade`, `--uninstall`,
`--switch-generation`, `--delete-generations` and `--rollback`
operations, this flag will cause `nix-env` to print what *would* be
@@ -93,7 +93,7 @@ have an effect.
[substituted](../glossary.md) (i.e., downloaded) and which paths
will be built from source (because no substitute is available).
- - `--system-filter` *system*
+ - `--system-filter` *system*\
By default, operations such as `--query
--available` show derivations matching any platform. This option
allows you to use derivations for the specified platform *system*.
@@ -102,7 +102,7 @@ have an effect.
# Files
- - `~/.nix-defexpr`
+ - `~/.nix-defexpr`\
The source for the default Nix expressions used by the
`--install`, `--upgrade`, and `--query --available` operations to
obtain derivations. The `--file` option may be used to override
@@ -140,7 +140,7 @@ have an effect.
The command `nix-channel` places symlinks to the downloaded Nix
expressions from each subscribed channel in this directory.
- - `~/.nix-profile`
+ - `~/.nix-profile`\
A symbolic link to the user's current profile. By default, this
symlink points to `prefix/var/nix/profiles/default`. The `PATH`
environment variable should include `~/.nix-profile/bin` for the
@@ -217,13 +217,13 @@ a number of possible ways:
## Flags
- - `--prebuilt-only` / `-b`
+ - `--prebuilt-only` / `-b`\
Use only derivations for which a substitute is registered, i.e.,
there is a pre-built binary available that can be downloaded in lieu
of building the derivation. Thus, no packages will be built from
source.
- - `--preserve-installed`; `-P`
+ - `--preserve-installed`; `-P`\
Do not remove derivations with a name matching one of the
derivations being installed. Usually, trying to have two versions of
the same package installed in the same generation of a profile will
@@ -231,7 +231,7 @@ a number of possible ways:
clashes between the two versions. However, this is not the case for
all packages.
- - `--remove-all`; `-r`
+ - `--remove-all`; `-r`\
Remove all previously installed packages first. This is equivalent
to running `nix-env -e '.*'` first, except that everything happens
in a single transaction.
@@ -346,24 +346,24 @@ version is installed.
## Flags
- - `--lt`
+ - `--lt`\
Only upgrade a derivation to newer versions. This is the default.
- - `--leq`
+ - `--leq`\
In addition to upgrading to newer versions, also “upgrade” to
derivations that have the same version. Version are not a unique
identification of a derivation, so there may be many derivations
that have the same version. This flag may be useful to force
“synchronisation” between the installed and available derivations.
- - `--eq`
+ - `--eq`\
*Only* “upgrade” to derivations that have the same version. This may
not seem very useful, but it actually is, e.g., when there is a new
release of Nixpkgs and you want to replace installed applications
with the same versions built against newer dependencies (to reduce
the number of dependencies floating around on your system).
- - `--always`
+ - `--always`\
In addition to upgrading to newer versions, also “upgrade” to
derivations that have the same or a lower version. I.e., derivations
may actually be downgraded depending on what is available in the
@@ -578,11 +578,11 @@ The derivations are sorted by their `name` attributes.
The following flags specify the set of things on which the query
operates.
- - `--installed`
+ - `--installed`\
The query operates on the store paths that are installed in the
current generation of the active profile. This is the default.
- - `--available`; `-a`
+ - `--available`; `-a`\
The query operates on the derivations that are available in the
active Nix expression.
@@ -593,24 +593,24 @@ selected derivations. Multiple flags may be specified, in which case the
information is shown in the order given here. Note that the name of the
derivation is shown unless `--no-name` is specified.
- - `--xml`
+ - `--xml`\
Print the result in an XML representation suitable for automatic
processing by other tools. The root element is called `items`, which
contains a `item` element for each available or installed
derivation. The fields discussed below are all stored in attributes
of the `item` elements.
- - `--json`
+ - `--json`\
Print the result in a JSON representation suitable for automatic
processing by other tools.
- - `--prebuilt-only` / `-b`
+ - `--prebuilt-only` / `-b`\
Show only derivations for which a substitute is registered, i.e.,
there is a pre-built binary available that can be downloaded in lieu
of building the derivation. Thus, this shows all packages that
probably can be installed quickly.
- - `--status`; `-s`
+ - `--status`; `-s`\
Print the *status* of the derivation. The status consists of three
characters. The first is `I` or `-`, indicating whether the
derivation is currently installed in the current generation of the
@@ -621,49 +621,49 @@ derivation is shown unless `--no-name` is specified.
derivation to be built. The third is `S` or `-`, indicating whether
a substitute is available for the derivation.
- - `--attr-path`; `-P`
+ - `--attr-path`; `-P`\
Print the *attribute path* of the derivation, which can be used to
unambiguously select it using the `--attr` option available in
commands that install derivations like `nix-env --install`. This
option only works together with `--available`
- - `--no-name`
+ - `--no-name`\
Suppress printing of the `name` attribute of each derivation.
- - `--compare-versions` / `-c`
+ - `--compare-versions` / `-c`\
Compare installed versions to available versions, or vice versa (if
`--available` is given). This is useful for quickly seeing whether
upgrades for installed packages are available in a Nix expression. A
column is added with the following meaning:
- - `<` *version*
+ - `<` *version*\
A newer version of the package is available or installed.
- - `=` *version*
+ - `=` *version*\
At most the same version of the package is available or
installed.
- - `>` *version*
+ - `>` *version*\
Only older versions of the package are available or installed.
- - `- ?`
+ - `- ?`\
No version of the package is available or installed.
- - `--system`
+ - `--system`\
Print the `system` attribute of the derivation.
- - `--drv-path`
+ - `--drv-path`\
Print the path of the store derivation.
- - `--out-path`
+ - `--out-path`\
Print the output path of the derivation.
- - `--description`
+ - `--description`\
Print a short (one-line) description of the derivation, if
available. The description is taken from the `meta.description`
attribute of the derivation.
- - `--meta`
+ - `--meta`\
Print all of the meta-attributes of the derivation. This option is
only available with `--xml` or `--json`.
@@ -874,7 +874,7 @@ error: no generation older than the current (91) exists
# Environment variables
- - `NIX_PROFILE`
+ - `NIX_PROFILE`\
Location of the Nix profile. Defaults to the target of the symlink
`~/.nix-profile`, if it exists, or `/nix/var/nix/profiles/default`
otherwise.
diff --git a/doc/manual/src/command-ref/nix-hash.md b/doc/manual/src/command-ref/nix-hash.md
index de0459b9e..45f67f1c5 100644
--- a/doc/manual/src/command-ref/nix-hash.md
+++ b/doc/manual/src/command-ref/nix-hash.md
@@ -29,29 +29,29 @@ md5sum`.
# Options
- - `--flat`
+ - `--flat`\
Print the cryptographic hash of the contents of each regular file
*path*. That is, do not compute the hash over the dump of *path*.
The result is identical to that produced by the GNU commands
`md5sum` and `sha1sum`.
- - `--base32`
+ - `--base32`\
Print the hash in a base-32 representation rather than hexadecimal.
This base-32 representation is more compact and can be used in Nix
expressions (such as in calls to `fetchurl`).
- - `--truncate`
+ - `--truncate`\
Truncate hashes longer than 160 bits (such as SHA-256) to 160 bits.
- - `--type` *hashAlgo*
+ - `--type` *hashAlgo*\
Use the specified cryptographic hash algorithm, which can be one of
`md5`, `sha1`, `sha256`, and `sha512`.
- - `--to-base16`
+ - `--to-base16`\
Don’t hash anything, but convert the base-32 hash representation
*hash* to hexadecimal.
- - `--to-base32`
+ - `--to-base32`\
Don’t hash anything, but convert the hexadecimal hash representation
*hash* to base-32.
diff --git a/doc/manual/src/command-ref/nix-instantiate.md b/doc/manual/src/command-ref/nix-instantiate.md
index c369397b6..2e198daed 100644
--- a/doc/manual/src/command-ref/nix-instantiate.md
+++ b/doc/manual/src/command-ref/nix-instantiate.md
@@ -29,26 +29,26 @@ standard input.
# Options
- - `--add-root` *path*
+ - `--add-root` *path*\
See the [corresponding option](nix-store.md) in `nix-store`.
- - `--parse`
+ - `--parse`\
Just parse the input files, and print their abstract syntax trees on
standard output in ATerm format.
- - `--eval`
+ - `--eval`\
Just parse and evaluate the input files, and print the resulting
values on standard output. No instantiation of store derivations
takes place.
- - `--find-file`
+ - `--find-file`\
Look up the given files in Nix’s search path (as specified by the
`NIX_PATH` environment variable). If found, print the corresponding
absolute paths on standard output. For instance, if `NIX_PATH` is
`nixpkgs=/home/alice/nixpkgs`, then `nix-instantiate --find-file
nixpkgs/default.nix` will print `/home/alice/nixpkgs/default.nix`.
- - `--strict`
+ - `--strict`\
When used with `--eval`, recursively evaluate list elements and
attributes. Normally, such sub-expressions are left unevaluated
(since the Nix expression language is lazy).
@@ -58,17 +58,17 @@ standard input.
> This option can cause non-termination, because lazy data
> structures can be infinitely large.
- - `--json`
+ - `--json`\
When used with `--eval`, print the resulting value as an JSON
representation of the abstract syntax tree rather than as an ATerm.
- - `--xml`
+ - `--xml`\
When used with `--eval`, print the resulting value as an XML
representation of the abstract syntax tree rather than as an ATerm.
The schema is the same as that used by the [`toXML`
built-in](../expressions/builtins.md).
- - `--read-write-mode`
+ - `--read-write-mode`\
When used with `--eval`, perform evaluation in read/write mode so
nix language features that require it will still work (at the cost
of needing to do instantiation of every evaluated derivation). If
diff --git a/doc/manual/src/command-ref/nix-prefetch-url.md b/doc/manual/src/command-ref/nix-prefetch-url.md
index 59ab89b29..3bcd209e2 100644
--- a/doc/manual/src/command-ref/nix-prefetch-url.md
+++ b/doc/manual/src/command-ref/nix-prefetch-url.md
@@ -37,22 +37,22 @@ Nix store is also printed.
# Options
- - `--type` *hashAlgo*
+ - `--type` *hashAlgo*\
Use the specified cryptographic hash algorithm, which can be one of
`md5`, `sha1`, `sha256`, and `sha512`.
- - `--print-path`
+ - `--print-path`\
Print the store path of the downloaded file on standard output.
- - `--unpack`
+ - `--unpack`\
Unpack the archive (which must be a tarball or zip file) and add the
result to the Nix store. The resulting hash can be used with
functions such as Nixpkgs’s `fetchzip` or `fetchFromGitHub`.
- - `--executable`
+ - `--executable`\
Set the executable bit on the downloaded file.
- - `--name` *name*
+ - `--name` *name*\
Override the name of the file in the Nix store. By default, this is
`hash-basename`, where *basename* is the last component of *url*.
Overriding the name is necessary when *basename* contains characters
diff --git a/doc/manual/src/command-ref/nix-shell.md b/doc/manual/src/command-ref/nix-shell.md
index 54812a49f..72f6730f1 100644
--- a/doc/manual/src/command-ref/nix-shell.md
+++ b/doc/manual/src/command-ref/nix-shell.md
@@ -54,7 +54,7 @@ All options not listed here are passed to `nix-store
--realise`, except for `--arg` and `--attr` / `-A` which are passed to
`nix-instantiate`.
- - `--command` *cmd*
+ - `--command` *cmd*\
In the environment of the derivation, run the shell command *cmd*.
This command is executed in an interactive shell. (Use `--run` to
use a non-interactive shell instead.) However, a call to `exit` is
@@ -64,36 +64,34 @@ All options not listed here are passed to `nix-store
drop you into the interactive shell. This can be useful for doing
any additional initialisation.
- - `--run` *cmd*
+ - `--run` *cmd*\
Like `--command`, but executes the command in a non-interactive
shell. This means (among other things) that if you hit Ctrl-C while
the command is running, the shell exits.
- - `--exclude` *regexp*
+ - `--exclude` *regexp*\
Do not build any dependencies whose store path matches the regular
expression *regexp*. This option may be specified multiple times.
- - `--pure`
+ - `--pure`\
If this flag is specified, the environment is almost entirely
cleared before the interactive shell is started, so you get an
environment that more closely corresponds to the “real” Nix build. A
few variables, in particular `HOME`, `USER` and `DISPLAY`, are
- retained. Note that (depending on your Bash
- installation) `/etc/bashrc` is still sourced, so any variables set
- there will affect the interactive shell.
+ retained.
- - `--packages` / `-p` *packages*…
+ - `--packages` / `-p` *packages*…\
Set up an environment in which the specified packages are present.
The command line arguments are interpreted as attribute names inside
the Nix Packages collection. Thus, `nix-shell -p libjpeg openjdk`
will start a shell in which the packages denoted by the attribute
names `libjpeg` and `openjdk` are present.
- - `-i` *interpreter*
+ - `-i` *interpreter*\
The chained script interpreter to be invoked by `nix-shell`. Only
applicable in `#!`-scripts (described below).
- - `--keep` *name*
+ - `--keep` *name*\
When a `--pure` shell is started, keep the listed environment
variables.
@@ -101,7 +99,7 @@ The following common options are supported:
# Environment variables
- - `NIX_BUILD_SHELL`
+ - `NIX_BUILD_SHELL`\
Shell used to start the interactive environment. Defaults to the
`bash` found in `PATH`.
diff --git a/doc/manual/src/command-ref/nix-store.md b/doc/manual/src/command-ref/nix-store.md
index 361c20cc9..7a131dc02 100644
--- a/doc/manual/src/command-ref/nix-store.md
+++ b/doc/manual/src/command-ref/nix-store.md
@@ -22,7 +22,7 @@ This section lists the options that are common to all operations. These
options are allowed for every subcommand, though they may not always
have an effect.
- - `--add-root` *path*
+ - `--add-root` *path*\
Causes the result of a realisation (`--realise` and
`--force-realise`) to be registered as a root of the garbage
collector. *path* will be created as a symlink to the resulting
@@ -79,22 +79,22 @@ paths. Realisation is a somewhat overloaded term:
system). If the path is already valid, we are done immediately.
Otherwise, the path and any missing paths in its closure may be
produced through substitutes. If there are no (successful)
- subsitutes, realisation fails.
+ substitutes, realisation fails.
The output path of each derivation is printed on standard output. (For
non-derivations argument, the argument itself is printed.)
The following flags are available:
- - `--dry-run`
+ - `--dry-run`\
Print on standard error a description of what packages would be
built or downloaded, without actually performing the operation.
- - `--ignore-unknown`
+ - `--ignore-unknown`\
If a non-derivation path does not have a substitute, then silently
ignore it.
- - `--check`
+ - `--check`\
This option allows you to check whether a derivation is
deterministic. It rebuilds the specified derivation and checks
whether the result is bitwise-identical with the existing outputs,
@@ -110,20 +110,20 @@ The following flags are available:
Special exit codes:
- - `100`
+ - `100`\
Generic build failure, the builder process returned with a non-zero
exit code.
- - `101`
+ - `101`\
Build timeout, the build was aborted because it did not complete
within the specified `timeout`.
- - `102`
+ - `102`\
Hash mismatch, the build output was rejected because it does not
match the [`outputHash` attribute of the
derivation](../expressions/advanced-attributes.md).
- - `104`
+ - `104`\
Not deterministic, the build succeeded in check mode but the
resulting output is not binary reproducable.
@@ -170,7 +170,7 @@ access to a restricted ssh user.
The following flags are available:
- - `--write`
+ - `--write`\
Allow the connected client to request the realization of
derivations. In effect, this can be used to make the host act as a
remote builder.
@@ -200,18 +200,18 @@ reachable via file system references from a set of “roots”, are deleted.
The following suboperations may be specified:
- - `--print-roots`
+ - `--print-roots`\
This operation prints on standard output the set of roots used by
the garbage collector.
- - `--print-live`
+ - `--print-live`\
This operation prints on standard output the set of “live” store
paths, which are all the store paths reachable from the roots. Live
paths should never be deleted, since that would break consistency —
it would become possible that applications are installed that
reference things that are no longer present in the store.
- - `--print-dead`
+ - `--print-dead`\
This operation prints out on standard output the set of “dead” store
paths, which is just the opposite of the set of live paths: any path
in the store that is not live (with respect to the roots) is dead.
@@ -219,7 +219,7 @@ The following suboperations may be specified:
By default, all unreachable paths are deleted. The following options
control what gets deleted and in what order:
- - `--max-freed` *bytes*
+ - `--max-freed` *bytes*\
Keep deleting paths until at least *bytes* bytes have been deleted,
then stop. The argument *bytes* can be followed by the
multiplicative suffix `K`, `M`, `G` or `T`, denoting KiB, MiB, GiB
@@ -300,22 +300,22 @@ symlink.
## Common query options
- - `--use-output`; `-u`
+ - `--use-output`; `-u`\
For each argument to the query that is a store derivation, apply the
query to the output path of the derivation instead.
- - `--force-realise`; `-f`
+ - `--force-realise`; `-f`\
Realise each argument to the query first (see [`nix-store
--realise`](#operation---realise)).
## Queries
- - `--outputs`
+ - `--outputs`\
Prints out the [output paths](../glossary.md) of the store
derivations *paths*. These are the paths that will be produced when
the derivation is built.
- - `--requisites`; `-R`
+ - `--requisites`; `-R`\
Prints out the [closure](../glossary.md) of the store path *paths*.
This query has one option:
@@ -332,31 +332,31 @@ symlink.
dependencies) is obtained by distributing the closure of a store
derivation and specifying the option `--include-outputs`.
- - `--references`
+ - `--references`\
Prints the set of [references](../glossary.md) of the store paths
*paths*, that is, their immediate dependencies. (For *all*
dependencies, use `--requisites`.)
- - `--referrers`
+ - `--referrers`\
Prints the set of *referrers* of the store paths *paths*, that is,
the store paths currently existing in the Nix store that refer to
one of *paths*. Note that contrary to the references, the set of
referrers is not constant; it can change as store paths are added or
removed.
- - `--referrers-closure`
+ - `--referrers-closure`\
Prints the closure of the set of store paths *paths* under the
referrers relation; that is, all store paths that directly or
indirectly refer to one of *paths*. These are all the path currently
in the Nix store that are dependent on *paths*.
- - `--deriver`; `-d`
+ - `--deriver`; `-d`\
Prints the [deriver](../glossary.md) of the store paths *paths*. If
the path has no deriver (e.g., if it is a source file), or if the
deriver is not known (e.g., in the case of a binary-only
deployment), the string `unknown-deriver` is printed.
- - `--graph`
+ - `--graph`\
Prints the references graph of the store paths *paths* in the format
of the `dot` tool of AT\&T's [Graphviz
package](http://www.graphviz.org/). This can be used to visualise
@@ -364,39 +364,39 @@ symlink.
this to a store derivation. To obtain a runtime dependency graph,
apply it to an output path.
- - `--tree`
+ - `--tree`\
Prints the references graph of the store paths *paths* as a nested
ASCII tree. References are ordered by descending closure size; this
tends to flatten the tree, making it more readable. The query only
recurses into a store path when it is first encountered; this
prevents a blowup of the tree representation of the graph.
- - `--graphml`
+ - `--graphml`\
Prints the references graph of the store paths *paths* in the
[GraphML](http://graphml.graphdrawing.org/) file format. This can be
used to visualise dependency graphs. To obtain a build-time
dependency graph, apply this to a store derivation. To obtain a
runtime dependency graph, apply it to an output path.
- - `--binding` *name*; `-b` *name*
+ - `--binding` *name*; `-b` *name*\
Prints the value of the attribute *name* (i.e., environment
variable) of the store derivations *paths*. It is an error for a
derivation to not have the specified attribute.
- - `--hash`
+ - `--hash`\
Prints the SHA-256 hash of the contents of the store paths *paths*
(that is, the hash of the output of `nix-store --dump` on the given
paths). Since the hash is stored in the Nix database, this is a fast
operation.
- - `--size`
+ - `--size`\
Prints the size in bytes of the contents of the store paths *paths*
— to be precise, the size of the output of `nix-store --dump` on
the given paths. Note that the actual disk space required by the
store paths may be higher, especially on filesystems with large
cluster sizes.
- - `--roots`
+ - `--roots`\
Prints the garbage collector roots that point, directly or
indirectly, at the store paths *paths*.
@@ -513,7 +513,7 @@ public url or broke since the download expression was written.
This operation has the following options:
- - `--recursive`
+ - `--recursive`\
Use recursive instead of flat hashing mode, used when adding
directories to the store.
@@ -540,14 +540,14 @@ being modified by non-Nix tools, or of bugs in Nix itself.
This operation has the following options:
- - `--check-contents`
+ - `--check-contents`\
Checks that the contents of every valid store path has not been
altered by computing a SHA-256 hash of the contents and comparing it
with the hash stored in the Nix database at build time. Paths that
have been modified are printed out. For large stores,
`--check-contents` is obviously quite slow.
- - `--repair`
+ - `--repair`\
If any valid path is missing from the store, or (if
`--check-contents` is given) the contents of a valid path has been
modified, then try to repair the path by redownloading it. See
diff --git a/doc/manual/src/command-ref/opt-common.md b/doc/manual/src/command-ref/opt-common.md
index 9650f53f8..47862bc09 100644
--- a/doc/manual/src/command-ref/opt-common.md
+++ b/doc/manual/src/command-ref/opt-common.md
@@ -2,56 +2,56 @@
Most Nix commands accept the following command-line options:
- - `--help`
+ - `--help`\
Prints out a summary of the command syntax and exits.
- - `--version`
+ - `--version`\
Prints out the Nix version number on standard output and exits.
- - `--verbose` / `-v`
+ - `--verbose` / `-v`\
Increases the level of verbosity of diagnostic messages printed on
standard error. For each Nix operation, the information printed on
standard output is well-defined; any diagnostic information is
printed on standard error, never on standard output.
-
+
This option may be specified repeatedly. Currently, the following
verbosity levels exist:
-
- - 0
+
+ - 0\
“Errors only”: only print messages explaining why the Nix
invocation failed.
-
- - 1
+
+ - 1\
“Informational”: print *useful* messages about what Nix is
doing. This is the default.
-
- - 2
+
+ - 2\
“Talkative”: print more informational messages.
-
- - 3
+
+ - 3\
“Chatty”: print even more informational messages.
-
- - 4
+
+ - 4\
“Debug”: print debug information.
-
- - 5
+
+ - 5\
“Vomit”: print vast amounts of debug information.
- - `--quiet`
+ - `--quiet`\
Decreases the level of verbosity of diagnostic messages printed on
standard error. This is the inverse option to `-v` / `--verbose`.
-
+
This option may be specified repeatedly. See the previous verbosity
levels list.
- - `--log-format` *format*
+ - `--log-format` *format*\
This option can be used to change the output of the log format, with
*format* being one of:
-
- - raw
+
+ - raw\
This is the raw format, as outputted by nix-build.
-
- - internal-json
+
+ - internal-json\
Outputs the logs in a structured manner.
> **Warning**
@@ -60,30 +60,30 @@ Most Nix commands accept the following command-line options:
> the error-messages (namely of the `msg`-field) can change
> between releases.
- - bar
+ - bar\
Only display a progress bar during the builds.
-
- - bar-with-logs
+
+ - bar-with-logs\
Display the raw logs, with the progress bar at the bottom.
- - `--no-build-output` / `-Q`
+ - `--no-build-output` / `-Q`\
By default, output written by builders to standard output and
standard error is echoed to the Nix command's standard error. This
option suppresses this behaviour. Note that the builder's standard
output and error are always written to a log file in
`prefix/nix/var/log/nix`.
- - `--max-jobs` / `-j` *number*
+ - `--max-jobs` / `-j` *number*\
Sets the maximum number of build jobs that Nix will perform in
parallel to the specified number. Specify `auto` to use the number
of CPUs in the system. The default is specified by the `max-jobs`
configuration setting, which itself defaults to `1`. A higher
value is useful on SMP systems or to exploit I/O latency.
-
+
Setting it to `0` disallows building on the local machine, which is
useful when you want builds to happen only on remote builders.
- - `--cores`
+ - `--cores`\
Sets the value of the `NIX_BUILD_CORES` environment variable in
the invocation of builders. Builders can use this variable at
their discretion to control the maximum amount of parallelism. For
@@ -94,18 +94,18 @@ Most Nix commands accept the following command-line options:
means that the builder should use all available CPU cores in the
system.
- - `--max-silent-time`
+ - `--max-silent-time`\
Sets the maximum number of seconds that a builder can go without
producing any data on standard output or standard error. The
default is specified by the `max-silent-time` configuration
setting. `0` means no time-out.
- - `--timeout`
+ - `--timeout`\
Sets the maximum number of seconds that a builder can run. The
default is specified by the `timeout` configuration setting. `0`
means no timeout.
- - `--keep-going` / `-k`
+ - `--keep-going` / `-k`\
Keep going in case of failed builds, to the greatest extent
possible. That is, if building an input of some derivation fails,
Nix will still build the other inputs, but not the derivation
@@ -113,17 +113,17 @@ Most Nix commands accept the following command-line options:
for builds of substitutes), possibly killing builds in progress (in
case of parallel or distributed builds).
- - `--keep-failed` / `-K`
+ - `--keep-failed` / `-K`\
Specifies that in case of a build failure, the temporary directory
(usually in `/tmp`) in which the build takes place should not be
deleted. The path of the build directory is printed as an
informational message.
- - `--fallback`
+ - `--fallback`\
Whenever Nix attempts to build a derivation for which substitutes
are known for each output path, but realising the output paths
through the substitutes fails, fall back on building the derivation.
-
+
The most common scenario in which this is useful is when we have
registered substitutes in order to perform binary distribution from,
say, a network repository. If the repository is down, the
@@ -134,21 +134,12 @@ Most Nix commands accept the following command-line options:
failure in obtaining the substitutes to lead to a full build from
source (with the related consumption of resources).
- - `--no-build-hook`
- Disables the build hook mechanism. This allows to ignore remote
- builders if they are setup on the machine.
-
- It's useful in cases where the bandwidth between the client and the
- remote builder is too low. In that case it can take more time to
- upload the sources to the remote builder and fetch back the result
- than to do the computation locally.
-
- - `--readonly-mode`
+ - `--readonly-mode`\
When this option is used, no attempt is made to open the Nix
database. Most Nix operations do need database access, so those
operations will fail.
- - `--arg` *name* *value*
+ - `--arg` *name* *value*\
This option is accepted by `nix-env`, `nix-instantiate`,
`nix-shell` and `nix-build`. When evaluating Nix expressions, the
expression evaluator will automatically try to call functions that
@@ -160,7 +151,7 @@ Most Nix commands accept the following command-line options:
override a default value). That is, if the evaluator encounters a
function with an argument named *name*, it will call it with value
*value*.
-
+
For instance, the top-level `default.nix` in Nixpkgs is actually a
function:
@@ -170,7 +161,7 @@ Most Nix commands accept the following command-line options:
...
}: ...
```
-
+
So if you call this Nix expression (e.g., when you do `nix-env -i
pkgname`), the function will be called automatically using the
value [`builtins.currentSystem`](../expressions/builtins.md) for
@@ -179,13 +170,13 @@ Most Nix commands accept the following command-line options:
since the argument is a Nix string literal, you have to escape the
quotes.)
- - `--argstr` *name* *value*
+ - `--argstr` *name* *value*\
This option is like `--arg`, only the value is not a Nix
expression but a string. So instead of `--arg system
\"i686-linux\"` (the outer quotes are to keep the shell happy) you
can say `--argstr system i686-linux`.
- - `--attr` / `-A` *attrPath*
+ - `--attr` / `-A` *attrPath*\
Select an attribute from the top-level Nix expression being
evaluated. (`nix-env`, `nix-instantiate`, `nix-build` and
`nix-shell` only.) The *attribute path* *attrPath* is a sequence
@@ -194,34 +185,34 @@ Most Nix commands accept the following command-line options:
would cause the expression `e.xorg.xorgserver` to be used. See
[`nix-env --install`](nix-env.md#operation---install) for some
concrete examples.
-
+
In addition to attribute names, you can also specify array indices.
For instance, the attribute path `foo.3.bar` selects the `bar`
attribute of the fourth element of the array in the `foo` attribute
of the top-level expression.
- - `--expr` / `-E`
+ - `--expr` / `-E`\
Interpret the command line arguments as a list of Nix expressions to
be parsed and evaluated, rather than as a list of file names of Nix
expressions. (`nix-instantiate`, `nix-build` and `nix-shell` only.)
-
+
For `nix-shell`, this option is commonly used to give you a shell in
which you can build the packages returned by the expression. If you
want to get a shell which contain the *built* packages ready for
use, give your expression to the `nix-shell -p` convenience flag
instead.
- - `-I` *path*
+ - `-I` *path*\
Add a path to the Nix expression search path. This option may be
given multiple times. See the `NIX_PATH` environment variable for
information on the semantics of the Nix search path. Paths added
through `-I` take precedence over `NIX_PATH`.
- - `--option` *name* *value*
+ - `--option` *name* *value*\
Set the Nix configuration option *name* to *value*. This overrides
settings in the Nix configuration file (see nix.conf5).
- - `--repair`
+ - `--repair`\
Fix corrupted or missing store paths by redownloading or rebuilding
them. Note that this is slow because it requires computing a
cryptographic hash of the contents of every path in the closure of
diff --git a/doc/manual/src/expressions/advanced-attributes.md b/doc/manual/src/expressions/advanced-attributes.md
index 31ebadda1..5b208df67 100644
--- a/doc/manual/src/expressions/advanced-attributes.md
+++ b/doc/manual/src/expressions/advanced-attributes.md
@@ -2,14 +2,14 @@
Derivations can declare some infrequently used optional attributes.
- - `allowedReferences`
+ - `allowedReferences`\
The optional attribute `allowedReferences` specifies a list of legal
references (dependencies) of the output of the builder. For example,
-
+
```nix
allowedReferences = [];
```
-
+
enforces that the output of a derivation cannot have any runtime
dependencies on its inputs. To allow an output to have a runtime
dependency on itself, use `"out"` as a list item. This is used in
@@ -17,45 +17,45 @@ Derivations can declare some infrequently used optional attributes.
booting Linux don’t have accidental dependencies on other paths in
the Nix store.
- - `allowedRequisites`
+ - `allowedRequisites`\
This attribute is similar to `allowedReferences`, but it specifies
the legal requisites of the whole closure, so all the dependencies
recursively. For example,
-
+
```nix
allowedRequisites = [ foobar ];
```
-
+
enforces that the output of a derivation cannot have any other
runtime dependency than `foobar`, and in addition it enforces that
`foobar` itself doesn't introduce any other dependency itself.
- - `disallowedReferences`
+ - `disallowedReferences`\
The optional attribute `disallowedReferences` specifies a list of
illegal references (dependencies) of the output of the builder. For
example,
-
+
```nix
disallowedReferences = [ foo ];
```
-
+
enforces that the output of a derivation cannot have a direct
runtime dependencies on the derivation `foo`.
- - `disallowedRequisites`
+ - `disallowedRequisites`\
This attribute is similar to `disallowedReferences`, but it
specifies illegal requisites for the whole closure, so all the
dependencies recursively. For example,
-
+
```nix
disallowedRequisites = [ foobar ];
```
-
+
enforces that the output of a derivation cannot have any runtime
dependency on `foobar` or any other derivation depending recursively
on `foobar`.
- - `exportReferencesGraph`
+ - `exportReferencesGraph`\
This attribute allows builders access to the references graph of
their inputs. The attribute is a list of inputs in the Nix store
whose references graph the builder needs to know. The value of
@@ -65,17 +65,17 @@ Derivations can declare some infrequently used optional attributes.
files have the format used by `nix-store --register-validity`
(with the deriver fields left empty). For example, when the
following derivation is built:
-
+
```nix
derivation {
...
exportReferencesGraph = [ "libfoo-graph" libfoo ];
};
```
-
+
the references graph of `libfoo` is placed in the file
`libfoo-graph` in the temporary build directory.
-
+
`exportReferencesGraph` is useful for builders that want to do
something with the closure of a store path. Examples include the
builders in NixOS that generate the initial ramdisk for booting
@@ -84,66 +84,66 @@ Derivations can declare some infrequently used optional attributes.
with a Nix store containing the closure of a bootable NixOS
configuration).
- - `impureEnvVars`
+ - `impureEnvVars`\
This attribute allows you to specify a list of environment variables
that should be passed from the environment of the calling user to
the builder. Usually, the environment is cleared completely when the
builder is executed, but with this attribute you can allow specific
environment variables to be passed unmodified. For example,
`fetchurl` in Nixpkgs has the line
-
+
```nix
impureEnvVars = [ "http_proxy" "https_proxy" ... ];
```
-
+
to make it use the proxy server configuration specified by the user
in the environment variables `http_proxy` and friends.
-
+
This attribute is only allowed in *fixed-output derivations* (see
below), where impurities such as these are okay since (the hash
of) the output is known in advance. It is ignored for all other
derivations.
-
+
> **Warning**
- >
+ >
> `impureEnvVars` implementation takes environment variables from
> the current builder process. When a daemon is building its
> environmental variables are used. Without the daemon, the
> environmental variables come from the environment of the
> `nix-build`.
- - `outputHash`; `outputHashAlgo`; `outputHashMode`
+ - `outputHash`; `outputHashAlgo`; `outputHashMode`\
These attributes declare that the derivation is a so-called
*fixed-output derivation*, which means that a cryptographic hash of
the output is already known in advance. When the build of a
fixed-output derivation finishes, Nix computes the cryptographic
hash of the output and compares it to the hash declared with these
attributes. If there is a mismatch, the build fails.
-
+
The rationale for fixed-output derivations is derivations such as
those produced by the `fetchurl` function. This function downloads a
file from a given URL. To ensure that the downloaded file has not
been modified, the caller must also specify a cryptographic hash of
the file. For example,
-
+
```nix
fetchurl {
url = "http://ftp.gnu.org/pub/gnu/hello/hello-2.1.1.tar.gz";
sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
}
```
-
+
It sometimes happens that the URL of the file changes, e.g., because
servers are reorganised or no longer available. We then must update
the call to `fetchurl`, e.g.,
-
+
```nix
fetchurl {
url = "ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz";
sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
}
```
-
+
If a `fetchurl` derivation was treated like a normal derivation, the
output paths of the derivation and *all derivations depending on it*
would change. For instance, if we were to change the URL of the
@@ -151,16 +151,16 @@ Derivations can declare some infrequently used optional attributes.
other packages depend) massive rebuilds would be needed. This is
unfortunate for a change which we know cannot have a real effect as
it propagates upwards through the dependency graph.
-
+
For fixed-output derivations, on the other hand, the name of the
output path only depends on the `outputHash*` and `name` attributes,
while all other attributes are ignored for the purpose of computing
the output path. (The `name` attribute is included because it is
part of the path.)
-
+
As an example, here is the (simplified) Nix expression for
`fetchurl`:
-
+
```nix
{ stdenv, curl }: # The curl program is used for downloading.
@@ -180,43 +180,51 @@ Derivations can declare some infrequently used optional attributes.
inherit url;
}
```
-
+
The `outputHashAlgo` attribute specifies the hash algorithm used to
compute the hash. It can currently be `"sha1"`, `"sha256"` or
`"sha512"`.
-
+
The `outputHashMode` attribute determines how the hash is computed.
It must be one of the following two values:
-
- - `"flat"`
+
+ - `"flat"`\
The output must be a non-executable regular file. If it isn’t,
the build fails. The hash is simply computed over the contents
of that file (so it’s equal to what Unix commands like
`sha256sum` or `sha1sum` produce).
-
+
This is the default.
-
- - `"recursive"`
+
+ - `"recursive"`\
The hash is computed over the NAR archive dump of the output
(i.e., the result of [`nix-store
--dump`](../command-ref/nix-store.md#operation---dump)). In
this case, the output can be anything, including a directory
tree.
-
+
The `outputHash` attribute, finally, must be a string containing
the hash in either hexadecimal or base-32 notation. (See the
[`nix-hash` command](../command-ref/nix-hash.md) for information
about converting to and from base-32 notation.)
+
+ - `__contentAddressed`
+ If this **experimental** attribute is set to true, then the derivation
+ outputs will be stored in a content-addressed location rather than the
+ traditional input-addressed one.
+ This only has an effect if the `ca-derivation` experimental feature is enabled.
+
+ Setting this attribute also requires setting `outputHashMode` and `outputHashAlgo` like for *fixed-output derivations* (see above).
- - `passAsFile`
+ - `passAsFile`\
A list of names of attributes that should be passed via files rather
than environment variables. For example, if you have
-
+
```nix
passAsFile = ["big"];
big = "a very long string";
```
-
+
then when the builder runs, the environment variable `bigPath`
will contain the absolute path to a temporary file containing `a
very long string`. That is, for any attribute *x* listed in
@@ -226,7 +234,7 @@ Derivations can declare some infrequently used optional attributes.
builder, since most operating systems impose a limit on the size
of the environment (typically, a few hundred kilobyte).
- - `preferLocalBuild`
+ - `preferLocalBuild`\
If this attribute is set to `true` and [distributed building is
enabled](../advanced-topics/distributed-builds.md), then, if
possible, the derivaton will be built locally instead of forwarded
@@ -234,14 +242,14 @@ Derivations can declare some infrequently used optional attributes.
where the cost of doing a download or remote build would exceed
the cost of building locally.
- - `allowSubstitutes`
+ - `allowSubstitutes`\
If this attribute is set to `false`, then Nix will always build this
derivation; it will not try to substitute its outputs. This is
useful for very trivial derivations (such as `writeText` in Nixpkgs)
that are cheaper to build than to substitute from a binary cache.
-
+
> **Note**
- >
+ >
> You need to have a builder configured which satisfies the
> derivation’s `system` attribute, since the derivation cannot be
> substituted. Thus it is usually a good idea to align `system` with
diff --git a/doc/manual/src/expressions/builtin-constants.md b/doc/manual/src/expressions/builtin-constants.md
index 3345a715b..1404289e5 100644
--- a/doc/manual/src/expressions/builtin-constants.md
+++ b/doc/manual/src/expressions/builtin-constants.md
@@ -2,7 +2,7 @@
Here are the constants built into the Nix expression evaluator:
- - `builtins`
+ - `builtins`\
The set `builtins` contains all the built-in functions and values.
You can use `builtins` to test for the availability of features in
the Nix installation, e.g.,
@@ -14,7 +14,7 @@ Here are the constants built into the Nix expression evaluator:
This allows a Nix expression to fall back gracefully on older Nix
installations that don’t have the desired built-in function.
- - `builtins.currentSystem`
+ - `builtins.currentSystem`\
The built-in value `currentSystem` evaluates to the Nix platform
identifier for the Nix installation on which the expression is being
evaluated, such as `"i686-linux"` or `"x86_64-darwin"`.
diff --git a/doc/manual/src/expressions/builtins-prefix.md b/doc/manual/src/expressions/builtins-prefix.md
index 0f7c3d32f..87127de2a 100644
--- a/doc/manual/src/expressions/builtins-prefix.md
+++ b/doc/manual/src/expressions/builtins-prefix.md
@@ -9,7 +9,8 @@ scope. Instead, you can access them through the `builtins` built-in
value, which is a set that contains all built-in functions and values.
For instance, `derivation` is also available as `builtins.derivation`.
- - `derivation` *attrs*; `builtins.derivation` *attrs*
-
- `derivation` is described in [its own section](derivations.md).
-
+<dl>
+ <dt><code>derivation <var>attrs</var></code>;
+ <code>builtins.derivation <var>attrs</var></code></dt>
+ <dd><p><var>derivation</var> in described in
+ <a href="derivations.md">its own section</a>.</p></dd>
diff --git a/doc/manual/src/expressions/builtins-suffix.md b/doc/manual/src/expressions/builtins-suffix.md
new file mode 100644
index 000000000..a74db2857
--- /dev/null
+++ b/doc/manual/src/expressions/builtins-suffix.md
@@ -0,0 +1 @@
+</dl>
diff --git a/doc/manual/src/expressions/language-values.md b/doc/manual/src/expressions/language-values.md
index ce31029cc..28fa23b58 100644
--- a/doc/manual/src/expressions/language-values.md
+++ b/doc/manual/src/expressions/language-values.md
@@ -139,6 +139,13 @@ Nix has the following basic data types:
environment variable `NIX_PATH` will be searched for the given file
or directory name.
+ Antiquotation is supported in any paths except those in angle brackets.
+ `./${foo}-${bar}.nix` is a more convenient way of writing
+ `./. + "/" + foo + "-" + bar + ".nix"` or `./. + "/${foo}-${bar}.nix"`. At
+ least one slash must appear *before* any antiquotations for this to be
+ recognized as a path. `a.${foo}/b.${bar}` is a syntactically valid division
+ operation. `./a.${foo}/b.${bar}` is a path.
+
- *Booleans* with values `true` and `false`.
- The null value, denoted as `null`.
diff --git a/doc/manual/src/glossary.md b/doc/manual/src/glossary.md
index 56af9cd85..bb350d9de 100644
--- a/doc/manual/src/glossary.md
+++ b/doc/manual/src/glossary.md
@@ -1,48 +1,48 @@
# Glossary
- - derivation
+ - derivation\
A description of a build action. The result of a derivation is a
store object. Derivations are typically specified in Nix expressions
using the [`derivation` primitive](expressions/derivations.md). These are
translated into low-level *store derivations* (implicitly by
`nix-env` and `nix-build`, or explicitly by `nix-instantiate`).
- - store
+ - store\
The location in the file system where store objects live. Typically
`/nix/store`.
- - store path
+ - store path\
The location in the file system of a store object, i.e., an
immediate child of the Nix store directory.
- - store object
+ - store object\
A file that is an immediate child of the Nix store directory. These
can be regular files, but also entire directory trees. Store objects
can be sources (objects copied from outside of the store),
derivation outputs (objects produced by running a build action), or
derivations (files describing a build action).
- - substitute
+ - substitute\
A substitute is a command invocation stored in the Nix database that
describes how to build a store object, bypassing the normal build
mechanism (i.e., derivations). Typically, the substitute builds the
store object by downloading a pre-built version of the store object
from some server.
- - purity
+ - purity\
The assumption that equal Nix derivations when run always produce
the same output. This cannot be guaranteed in general (e.g., a
builder can rely on external inputs such as the network or the
system time) but the Nix model assumes it.
- - Nix expression
+ - Nix expression\
A high-level description of software packages and compositions
thereof. Deploying software using Nix entails writing Nix
expressions for your packages. Nix expressions are translated to
derivations that are stored in the Nix store. These derivations can
then be built.
- - reference
+ - reference\
A store path `P` is said to have a reference to a store path `Q` if
the store object at `P` contains the path `Q` somewhere. The
*references* of a store path are the set of store paths to which it
@@ -52,11 +52,11 @@
output paths), whereas an output path only references other output
paths.
- - reachable
+ - reachable\
A store path `Q` is reachable from another store path `P` if `Q`
is in the *closure* of the *references* relation.
- - closure
+ - closure\
The closure of a store path is the set of store paths that are
directly or indirectly “reachable” from that store path; that is,
it’s the closure of the path under the *references* relation. For
@@ -71,29 +71,29 @@
to path `Q`, then `Q` is in the closure of `P`. Further, if `Q`
references `R` then `R` is also in the closure of `P`.
- - output path
+ - output path\
A store path produced by a derivation.
- - deriver
+ - deriver\
The deriver of an *output path* is the store
derivation that built it.
- - validity
+ - validity\
A store path is considered *valid* if it exists in the file system,
is listed in the Nix database as being valid, and if all paths in
its closure are also valid.
- - user environment
+ - user environment\
An automatically generated store object that consists of a set of
symlinks to “active” applications, i.e., other store paths. These
are generated automatically by
[`nix-env`](command-ref/nix-env.md). See *profiles*.
- - profile
+ - profile\
A symlink to the current *user environment* of a user, e.g.,
`/nix/var/nix/profiles/default`.
- - NAR
+ - NAR\
A *N*ix *AR*chive. This is a serialisation of a path in the Nix
store. It can contain regular files, directories and symbolic
links. NARs are generated and unpacked using `nix-store --dump`
diff --git a/doc/manual/src/installation/env-variables.md b/doc/manual/src/installation/env-variables.md
index 4a49897e4..bb35c0e9f 100644
--- a/doc/manual/src/installation/env-variables.md
+++ b/doc/manual/src/installation/env-variables.md
@@ -40,7 +40,7 @@ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
> **Note**
>
> You must not add the export and then do the install, as the Nix
-> installer will detect the presense of Nix configuration, and abort.
+> installer will detect the presence of Nix configuration, and abort.
## `NIX_SSL_CERT_FILE` with macOS and the Nix daemon
diff --git a/doc/manual/src/installation/installing-binary.md b/doc/manual/src/installation/installing-binary.md
index ae7fd458b..96fa34635 100644
--- a/doc/manual/src/installation/installing-binary.md
+++ b/doc/manual/src/installation/installing-binary.md
@@ -1,18 +1,26 @@
# Installing a Binary Distribution
-If you are using Linux or macOS versions up to 10.14 (Mojave), the
-easiest way to install Nix is to run the following command:
+The easiest way to install Nix is to run the following command:
```console
$ sh <(curl -L https://nixos.org/nix/install)
```
-If you're using macOS 10.15 (Catalina) or newer, consult [the macOS
-installation instructions](#macos-installation) before installing.
+This will run the installer interactively (causing it to explain what
+it is doing more explicitly), and perform the default "type" of install
+for your platform:
+- single-user on Linux
+- multi-user on macOS
-As of Nix 2.1.0, the Nix installer will always default to creating a
-single-user installation, however opting in to the multi-user
-installation is highly recommended.
+ > **Notes on read-only filesystem root in macOS 10.15 Catalina +**
+ >
+ > - It took some time to support this cleanly. You may see posts,
+ > examples, and tutorials using obsolete workarounds.
+ > - Supporting it cleanly made macOS installs too complex to qualify
+ > as single-user, so this type is no longer supported on macOS.
+
+We recommend the multi-user install if it supports your platform and
+you can authenticate with `sudo`.
# Single User Installation
@@ -50,9 +58,9 @@ $ rm -rf /nix
The multi-user Nix installation creates system users, and a system
service for the Nix daemon.
- - Linux running systemd, with SELinux disabled
-
- - macOS
+**Supported Systems**
+- Linux running systemd, with SELinux disabled
+- macOS
You can instruct the installer to perform a multi-user installation on
your system:
@@ -96,165 +104,28 @@ sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
There may also be references to Nix in `/etc/profile`, `/etc/bashrc`,
and `/etc/zshrc` which you may remove.
-# macOS Installation
-
-Starting with macOS 10.15 (Catalina), the root filesystem is read-only.
-This means `/nix` can no longer live on your system volume, and that
-you'll need a workaround to install Nix.
-
-The recommended approach, which creates an unencrypted APFS volume for
-your Nix store and a "synthetic" empty directory to mount it over at
-`/nix`, is least likely to impair Nix or your system.
-
-> **Note**
->
-> With all separate-volume approaches, it's possible something on your
-> system (particularly daemons/services and restored apps) may need
-> access to your Nix store before the volume is mounted. Adding
-> additional encryption makes this more likely.
-
-If you're using a recent Mac with a [T2
-chip](https://www.apple.com/euro/mac/shared/docs/Apple_T2_Security_Chip_Overview.pdf),
-your drive will still be encrypted at rest (in which case "unencrypted"
-is a bit of a misnomer). To use this approach, just install Nix with:
-
-```console
-$ sh <(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume
-```
-
-If you don't like the sound of this, you'll want to weigh the other
-approaches and tradeoffs detailed in this section.
-
-> **Note**
->
-> All of the known workarounds have drawbacks, but we hope better
-> solutions will be available in the future. Some that we have our eye
-> on are:
->
-> 1. A true firmlink would enable the Nix store to live on the primary
-> data volume without the build problems caused by the symlink
-> approach. End users cannot currently create true firmlinks.
->
-> 2. If the Nix store volume shared FileVault encryption with the
-> primary data volume (probably by using the same volume group and
-> role), FileVault encryption could be easily supported by the
-> installer without requiring manual setup by each user.
-
-## Change the Nix store path prefix
-
-Changing the default prefix for the Nix store is a simple approach which
-enables you to leave it on your root volume, where it can take full
-advantage of FileVault encryption if enabled. Unfortunately, this
-approach also opts your device out of some benefits that are enabled by
-using the same prefix across systems:
-
- - Your system won't be able to take advantage of the binary cache
- (unless someone is able to stand up and support duplicate caching
- infrastructure), which means you'll spend more time waiting for
- builds.
-
- - It's harder to build and deploy packages to Linux systems.
-
-It would also possible (and often requested) to just apply this change
-ecosystem-wide, but it's an intrusive process that has side effects we
-want to avoid for now.
-
-## Use a separate encrypted volume
-
-If you like, you can also add encryption to the recommended approach
-taken by the installer. You can do this by pre-creating an encrypted
-volume before you run the installer--or you can run the installer and
-encrypt the volume it creates later.
-
-In either case, adding encryption to a second volume isn't quite as
-simple as enabling FileVault for your boot volume. Before you dive in,
-there are a few things to weigh:
-
-1. The additional volume won't be encrypted with your existing
- FileVault key, so you'll need another mechanism to decrypt the
- volume.
-
-2. You can store the password in Keychain to automatically decrypt the
- volume on boot--but it'll have to wait on Keychain and may not mount
- before your GUI apps restore. If any of your launchd agents or apps
- depend on Nix-installed software (for example, if you use a
- Nix-installed login shell), the restore may fail or break.
-
- On a case-by-case basis, you may be able to work around this problem
- by using `wait4path` to block execution until your executable is
- available.
-
- It's also possible to decrypt and mount the volume earlier with a
- login hook--but this mechanism appears to be deprecated and its
- future is unclear.
-
-3. You can hard-code the password in the clear, so that your store
- volume can be decrypted before Keychain is available.
-
-If you are comfortable navigating these tradeoffs, you can encrypt the
-volume with something along the lines of:
-
-```console
-$ diskutil apfs enableFileVault /nix -user disk
-```
-
-## Symlink the Nix store to a custom location
-
-Another simple approach is using `/etc/synthetic.conf` to symlink the
-Nix store to the data volume. This option also enables your store to
-share any configured FileVault encryption. Unfortunately, builds that
-resolve the symlink may leak the canonical path or even fail.
-
-Because of these downsides, we can't recommend this approach.
-
-## Notes on the recommended approach
-
-This section goes into a little more detail on the recommended approach.
-You don't need to understand it to run the installer, but it can serve
-as a helpful reference if you run into trouble.
-
-1. In order to compose user-writable locations into the new read-only
- system root, Apple introduced a new concept called `firmlinks`,
- which it describes as a "bi-directional wormhole" between two
- filesystems. You can see the current firmlinks in
- `/usr/share/firmlinks`. Unfortunately, firmlinks aren't (currently?)
- user-configurable.
-
- For special cases like NFS mount points or package manager roots,
- [synthetic.conf(5)](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man5/synthetic.conf.5.html)
- supports limited user-controlled file-creation (of symlinks, and
- synthetic empty directories) at `/`. To create a synthetic empty
- directory for mounting at `/nix`, add the following line to
- `/etc/synthetic.conf` (create it if necessary):
-
- nix
-
-2. This configuration is applied at boot time, but you can use
- `apfs.util` to trigger creation (not deletion) of new entries
- without a reboot:
-
- ```console
- $ /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B
- ```
-
-3. Create the new APFS volume with diskutil:
-
- ```console
- $ sudo diskutil apfs addVolume diskX APFS 'Nix Store' -mountpoint /nix
- ```
-
-4. Using `vifs`, add the new mount to `/etc/fstab`. If it doesn't
- already have other entries, it should look something like:
-
- #
- # Warning - this file should only be modified with vifs(8)
- #
- # Failure to do so is unsupported and may be destructive.
- #
- LABEL=Nix\040Store /nix apfs rw,nobrowse
-
- The nobrowse setting will keep Spotlight from indexing this volume,
- and keep it from showing up on your desktop.
+# macOS Installation <a name="sect-macos-installation-change-store-prefix"></a><a name="sect-macos-installation-encrypted-volume"></a><a name="sect-macos-installation-symlink"></a><a name="sect-macos-installation-recommended-notes"></a>
+<!-- Note: anchors above to catch permalinks to old explanations -->
+
+We believe we have ironed out how to cleanly support the read-only root
+on modern macOS. New installs will do this automatically, and you can
+also re-run a new installer to convert your existing setup.
+
+This section previously detailed the situation, options, and trade-offs,
+but it now only outlines what the installer does. You don't need to know
+this to run the installer, but it may help if you run into trouble:
+
+- create a new APFS volume for your Nix store
+- update `/etc/synthetic.conf` to direct macOS to create a "synthetic"
+ empty root directory to mount your volume
+- specify mount options for the volume in `/etc/fstab`
+- if you have FileVault enabled
+ - generate an encryption password
+ - put it in your system Keychain
+ - use it to encrypt the volume
+- create a system LaunchDaemon to mount this volume early enough in the
+ boot process to avoid problems loading or restoring any programs that
+ need access to your Nix store
# Installing a pinned Nix version from a URL
diff --git a/doc/manual/src/installation/prerequisites-source.md b/doc/manual/src/installation/prerequisites-source.md
index 6825af707..40cb79627 100644
--- a/doc/manual/src/installation/prerequisites-source.md
+++ b/doc/manual/src/installation/prerequisites-source.md
@@ -26,15 +26,6 @@
available for download from the official repository
<https://github.com/google/brotli>.
- - The bzip2 compressor program and the `libbz2` library. Thus you must
- have bzip2 installed, including development headers and libraries.
- If your distribution does not provide these, you can obtain bzip2
- from
- <https://sourceware.org/bzip2/>.
-
- - `liblzma`, which is provided by XZ Utils. If your distribution does
- not provide this, you can get it from <https://tukaani.org/xz/>.
-
- cURL and its library. If your distribution does not provide it, you
can get it from <https://curl.haxx.se/>.
diff --git a/doc/manual/src/package-management/s3-substituter.md b/doc/manual/src/package-management/s3-substituter.md
index a4f4d561f..30f2b2e11 100644
--- a/doc/manual/src/package-management/s3-substituter.md
+++ b/doc/manual/src/package-management/s3-substituter.md
@@ -7,17 +7,17 @@ cache mechanism that Nix usually uses to fetch prebuilt binaries from
The following options can be specified as URL parameters to the S3 URL:
- - `profile`
+ - `profile`\
The name of the AWS configuration profile to use. By default Nix
will use the `default` profile.
- - `region`
+ - `region`\
The region of the S3 bucket. `us–east-1` by default.
If your bucket is not in `us–east-1`, you should always explicitly
specify the region parameter.
- - `endpoint`
+ - `endpoint`\
The URL to your S3-compatible service, for when not using Amazon S3.
Do not specify this value if you're using Amazon S3.
@@ -26,7 +26,7 @@ The following options can be specified as URL parameters to the S3 URL:
> This endpoint must support HTTPS and will use path-based
> addressing instead of virtual host based addressing.
- - `scheme`
+ - `scheme`\
The scheme used for S3 requests, `https` (default) or `http`. This
option allows you to disable HTTPS for binary caches which don't
support it.
diff --git a/doc/manual/src/release-notes/rl-2.4.md b/doc/manual/src/release-notes/rl-2.4.md
index f7ab9f6ad..def4a7b66 100644
--- a/doc/manual/src/release-notes/rl-2.4.md
+++ b/doc/manual/src/release-notes/rl-2.4.md
@@ -1,8 +1,498 @@
-# Release 2.4 (202X-XX-XX)
-
- - It is now an error to modify the `plugin-files` setting via a
- command-line flag that appears after the first non-flag argument
- to any command, including a subcommand to `nix`. For example,
- `nix-instantiate default.nix --plugin-files ""` must now become
- `nix-instantiate --plugin-files "" default.nix`.
- - Plugins that add new `nix` subcommands are now actually respected.
+# Release 2.4 (2021-10-XX)
+
+This is the first release in more than two years and is the result of
+more than 2800 commits from 195 contributors since release 2.3.
+
+## Highlights
+
+* Nix's **error messages** have been improved a lot. For instance,
+ evaluation errors now point out the location of the error:
+
+ ```
+ $ nix build
+ error: undefined variable 'bzip3'
+
+ at /nix/store/449lv242z0zsgwv95a8124xi11sp419f-source/flake.nix:88:13:
+
+ 87| [ curl
+ 88| bzip3 xz brotli editline
+ | ^
+ 89| openssl sqlite
+ ```
+
+* The **`nix` command** has seen a lot of work and is now almost at
+ feature parity with the old command-line interface (the `nix-*`
+ commands). It aims to be [more modern, consistent and pleasant to
+ use](../contributing/cli-guideline.md) than the old CLI. It is still
+ marked as experimental but its interface should not change much
+ anymore in future releases.
+
+* **Flakes** are a new format to package Nix-based projects in a more
+ discoverable, composable, consistent and reproducible way. A flake
+ is just a repository or tarball containing a file named `flake.nix`
+ that specifies dependencies on other flakes and returns any Nix
+ assets such as packages, Nixpkgs overlays, NixOS modules or CI
+ tests. The new `nix` CLI is primarily based around flakes; for
+ example, a command like `nix run nixpkgs#hello` runs the `hello`
+ application from the `nixpkgs` flake.
+
+ Flakes are currently marked as experimental. For an introduction,
+ see [this blog
+ post](https://www.tweag.io/blog/2020-05-25-flakes/). For detailed
+ information about flake syntax and semantics, see the [`nix flake`
+ manual page](../command-ref/new-cli/nix3-flake.md).
+
+* Nix's store can now be **content-addressed**, meaning that the hash
+ component of a store path is the hash of the path's
+ contents. Previously Nix could only build **input-addressed** store
+ paths, where the hash is computed from the derivation dependency
+ graph. Content-addressing allows deduplication, early cutoff in
+ build systems, and unprivileged closure copying. This is still [an
+ experimental
+ feature](https://discourse.nixos.org/t/content-addressed-nix-call-for-testers/12881).
+
+* The Nix manual has been converted into Markdown, making it easier to
+ contribute. In addition, every `nix` subcommand now has a manual
+ page, documenting every option.
+
+* A new setting that allows **experimental features** to be enabled
+ selectively. This allows us to merge unstable features into Nix more
+ quickly and do more frequent releases.
+
+## Other features
+
+* There are many new `nix` subcommands:
+
+ - `nix develop` is intended to replace `nix-shell`. It has a number
+ of new features:
+
+ * It automatically sets the output environment variables (such as
+ `$out`) to writable locations (such as `./outputs/out`).
+
+ * It can store the environment in a profile. This is useful for
+ offline work.
+
+ * It can run specific phases directly. For instance, `nix develop
+ --build` runs `buildPhase`.
+
+ - It allows dependencies in the Nix store to be "redirected" to
+ arbitrary directories using the `--redirect` flag. This is
+ useful if you want to hack on a package *and* some of its
+ dependencies at the same time.
+
+ - `nix print-dev-env` prints the environment variables and bash
+ functions defined by a derivation. This is useful for users of
+ other shells than bash (especially with `--json`).
+
+ - `nix shell` was previously named `nix run` and is intended to
+ replace `nix-shell -p`, but without the `stdenv` overhead. It
+ simply starts a shell where some packages have been added to
+ `$PATH`.
+
+ - `nix run` (not to be confused with the old subcommand that has
+ been renamed to `nix shell`) runs an "app", a flake output that
+ specifies a command to run, or an eponymous program from a
+ package. For example, `nix run nixpkgs#hello` runs the `hello`
+ program from the `hello` package in `nixpkgs`.
+
+ - `nix flake` is the container for flake-related operations, such as
+ creating a new flake, querying the contents of a flake or updating
+ flake lock files.
+
+ - `nix registry` allows you to query and update the flake registry,
+ which maps identifiers such as `nixpkgs` to concrete flake URLs.
+
+ - `nix profile` is intended to replace `nix-env`. Its main advantage
+ is that it keeps track of the provenance of installed packages
+ (e.g. exactly which flake version a package came from). It also
+ has some helpful subcommands:
+
+ * `nix profile history` shows what packages were added, upgraded
+ or removed between each version of a profile.
+
+ * `nix profile diff-closures` shows the changes between the
+ closures of each version of a profile. This allows you to
+ discover the addition or removal of dependencies or size
+ changes.
+
+ **Warning**: after a profile has been updated using `nix profile`,
+ it is no longer usable with `nix-env`.
+
+ - `nix store diff-closures` shows the differences between the
+ closures of two store paths in terms of the versions and sizes of
+ dependencies in the closures.
+
+ - `nix store make-content-addressable` rewrites an arbitrary closure
+ to make it content-addressed. Such paths can be copied into other
+ stores without requiring signatures.
+
+ - `nix bundle` uses the [`nix-bundle`
+ program](https://github.com/matthewbauer/nix-bundle) to convert a
+ closure into a self-extracting executable.
+
+ - Various other replacements for the old CLI, e.g. `nix store gc`,
+ `nix store delete`, `nix store repair`, `nix nar dump-path`, `nix
+ store prefetch-file`, `nix store prefetch-tarball`, `nix key` and
+ `nix daemon`.
+
+* Nix now has an **evaluation cache** for flake outputs. For example,
+ a second invocation of the command `nix run nixpkgs#firefox` will
+ not need to evaluate the `firefox` attribute because it's already in
+ the evaluation cache. This is made possible by the hermetic
+ evaluation model of flakes.
+
+* The new `--offline` flag disables substituters and causes all
+ locally cached tarballs and repositories to be considered
+ up-to-date.
+
+* The new `--refresh` flag causes all locally cached tarballs and
+ repositories to be considered out-of-date.
+
+* Many `nix` subcommands now have a `--json` option to produce
+ machine-readable output.
+
+* `nix repl` has a new `:doc` command to show documentation about
+ builtin functions (e.g. `:doc builtins.map`).
+
+* Binary cache stores now have an option `index-debug-info` to create
+ an index of DWARF debuginfo files for use by
+ [`dwarffs`](https://github.com/edolstra/dwarffs).
+
+* To support flakes, Nix now has an extensible mechanism for fetching
+ source trees. Currently it has the following backends:
+
+ * Git repositories
+
+ * Mercurial repositories
+
+ * GitHub and GitLab repositories (an optimisation for faster
+ fetching than Git)
+
+ * Tarballs
+
+ * Arbitrary directories
+
+ The fetcher infrastructure is exposed via flake input specifications
+ and via the `fetchTree` built-in.
+
+* **Languages changes**: the only new language feature is that you can
+ now have antiquotations in paths, e.g. `./${foo}` instead of `./. +
+ foo`.
+
+* **New built-in functions**:
+
+ - `builtins.fetchTree` allows fetching a source tree using any
+ backends supported by the fetcher infrastructure. It subsumes the
+ functionality of existing built-ins like `fetchGit`,
+ `fetchMercurial` and `fetchTarball`.
+
+ - `builtins.getFlake` fetches a flake and returns its output
+ attributes. This function should not be used inside flakes! Use
+ flake inputs instead.
+
+ - `builtins.floor` and `builtins.ceil` round a floating-point number
+ down and up, respectively.
+
+* Experimental support for recursive Nix. This means that Nix
+ derivations can now call Nix to build other derivations. This is not
+ in a stable state yet and not well
+ [documented](https://github.com/NixOS/nix/commit/c4d7c76b641d82b2696fef73ce0ac160043c18da).
+
+* The new experimental feature `no-url-literals` disables URL
+ literals. This helps to implement [RFC
+ 45](https://github.com/NixOS/rfcs/pull/45).
+
+* Nix now uses `libarchive` to decompress and unpack tarballs and zip
+ files, so `tar` is no longer required.
+
+* The priority of substituters can now be overridden using the
+ `priority` substituter setting (e.g. `--substituters
+ 'http://cache.nixos.org?priority=100 daemon?priority=10'`).
+
+* `nix edit` now supports non-derivation attributes, e.g. `nix edit
+ .#nixosConfigurations.bla`.
+
+* The `nix` command now provides command line completion for `bash`,
+ `zsh` and `fish`. Since the support for getting completions is built
+ into `nix`, it's easy to add support for other shells.
+
+* The new `--log-format` flag selects what Nix's output looks like. It
+ defaults to a terse progress indicator. There is a new
+ `internal-json` output format for use by other programs.
+
+* `nix eval` has a new `--apply` flag that applies a function to the
+ evaluation result.
+
+* `nix eval` has a new `--write-to` flag that allows it to write a
+ nested attribute set of string leaves to a corresponding directory
+ tree.
+
+* Memory improvements: many operations that add paths to the store or
+ copy paths between stores now run in constant memory.
+
+* Many `nix` commands now support the flag `--derivation` to operate
+ on a `.drv` file itself instead of its outputs.
+
+* There is a new store called `dummy://` that does not support
+ building or adding paths. This is useful if you want to use the Nix
+ evaluator but don't have a Nix store.
+
+* The `ssh-ng://` store now allows substituting paths on the remote,
+ as `ssh://` already did.
+
+* When auto-calling a function with an ellipsis, all arguments are now
+ passed.
+
+* New `nix-shell` features:
+
+ - It preserves the `PS1` environment variable if
+ `NIX_SHELL_PRESERVE_PROMPT` is set.
+
+ - With `-p`, it passes any `--arg`s as Nixpkgs arguments.
+
+ - Support for structured attributes.
+
+* `nix-prefetch-url` has a new `--executable` flag.
+
+* On `x86_64` systems, [`x86_64` microarchitecture
+ levels](https://lwn.net/Articles/844831/) are mapped to additional
+ system types (e.g. `x86_64-v1-linux`).
+
+* The new `--eval-store` flag allows you to use a different store for
+ evaluation than for building or storing the build result. This is
+ primarily useful when you want to query whether something exists in
+ a read-only store, such as a binary cache:
+
+ ```
+ # nix path-info --json --store https://cache.nixos.org \
+ --eval-store auto nixpkgs#hello
+ ```
+
+ (Here `auto` indicates the local store.)
+
+* The Nix daemon has a new low-latency mechanism for copying
+ closures. This is useful when building on remote stores such as
+ `ssh-ng://`.
+
+* Plugins can now register `nix` subcommands.
+
+## Incompatible changes
+
+* The `nix` command is now marked as an experimental feature. This
+ means that you need to add
+
+ > experimental-features = nix-command
+
+ to your `nix.conf` if you want to use it, or pass
+ `--extra-experimental-features nix-command` on the command line.
+
+* The old `nix run` has been renamed to `nix shell` (and there is a
+ new `nix run` that does something else, as described above).
+
+* It is now an error to modify the `plugin-files` setting via a
+ command-line flag that appears after the first non-flag argument to
+ any command, including a subcommand to `nix`. For example,
+ `nix-instantiate default.nix --plugin-files ""` must now become
+ `nix-instantiate --plugin-files "" default.nix`.
+
+* We no longer release source tarballs. If you want to build from
+ source, please build from the tags in the Git repository.
+
+## Contributors
+
+This release has contributions from
+Adam Höse,
+Albert Safin,
+Alex Kovar,
+Alex Zero,
+Alexander Bantyev,
+Alexandre Esteves,
+Alyssa Ross,
+Anatole Lucet,
+Anders Kaseorg,
+Andreas Rammhold,
+Antoine Eiche,
+Antoine Martin,
+Arnout Engelen,
+Arthur Gautier,
+aszlig,
+Ben Burdette,
+Benjamin Hipple,
+Bernardo Meurer,
+Björn Gohla,
+Bjørn Forsman,
+Bob van der Linden,
+Brian Leung,
+Brian McKenna,
+Brian Wignall,
+Bruce Toll,
+Bryan Richter,
+Calle Rosenquist,
+Calvin Loncaric,
+Carlo Nucera,
+Carlos D'Agostino,
+Chaz Schlarp,
+Christian Höppner,
+Christian Kampka,
+Chua Hou,
+Chuck,
+Cole Helbling,
+Daiderd Jordan,
+Dan Callahan,
+Dani,
+Daniel Fitzpatrick,
+Danila Fedorin,
+Daniël de Kok,
+Danny Bautista,
+DavHau,
+David McFarland,
+Dima,
+Domen Kožar,
+Dominik Schrempf,
+Dominique Martinet,
+dramforever,
+Dustin DeWeese,
+edef,
+Eelco Dolstra,
+Emilio Karakey,
+Emily,
+Eric Culp,
+Ersin Akinci,
+Fabian Möller,
+Farid Zakaria,
+Federico Pellegrin,
+Finn Behrens,
+Florian Franzen,
+Félix Baylac-Jacqué,
+Gabriel Gonzalez,
+Geoff Reedy,
+Georges Dubus,
+Graham Christensen,
+Greg Hale,
+Greg Price,
+Gregor Kleen,
+Gregory Hale,
+Griffin Smith,
+Guillaume Bouchard,
+Harald van Dijk,
+illustris,
+Ivan Zvonimir Horvat,
+Jade,
+Jake Waksbaum,
+jakobrs,
+James Ottaway,
+Jan Tojnar,
+Janne Heß,
+Jaroslavas Pocepko,
+Jarrett Keifer,
+Jeremy Schlatter,
+Joachim Breitner,
+Joe Hermaszewski,
+Joe Pea,
+John Ericson,
+Jonathan Ringer,
+Josef Kemetmüller,
+Joseph Lucas,
+Jude Taylor,
+Julian Stecklina,
+Julien Tanguy,
+Jörg Thalheim,
+Kai Wohlfahrt,
+keke,
+Keshav Kini,
+Kevin Quick,
+Kevin Stock,
+Kjetil Orbekk,
+Krzysztof Gogolewski,
+kvtb,
+Lars Mühmel,
+Leonhard Markert,
+Lily Ballard,
+Linus Heckemann,
+Lorenzo Manacorda,
+Lucas Desgouilles,
+Lucas Franceschino,
+Lucas Hoffmann,
+Luke Granger-Brown,
+Madeline Haraj,
+Marwan Aljubeh,
+Mat Marini,
+Mateusz Piotrowski,
+Matthew Bauer,
+Matthew Kenigsberg,
+Mauricio Scheffer,
+Maximilian Bosch,
+Michael Adler,
+Michael Bishop,
+Michael Fellinger,
+Michael Forney,
+Michael Reilly,
+mlatus,
+Mykola Orliuk,
+Nathan van Doorn,
+Naïm Favier,
+ng0,
+Nick Van den Broeck,
+Nicolas Stig124 Formichella,
+Niels Egberts,
+Niklas Hambüchen,
+Nikola Knezevic,
+oxalica,
+p01arst0rm,
+Pamplemousse,
+Patrick Hilhorst,
+Paul Opiyo,
+Pavol Rusnak,
+Peter Kolloch,
+Philipp Bartsch,
+Philipp Middendorf,
+Piotr Szubiakowski,
+Profpatsch,
+Puck Meerburg,
+Ricardo M. Correia,
+Rickard Nilsson,
+Robert Hensing,
+Robin Gloster,
+Rodrigo,
+Rok Garbas,
+Ronnie Ebrin,
+Rovanion Luckey,
+Ryan Burns,
+Ryan Mulligan,
+Ryne Everett,
+Sam Doshi,
+Sam Lidder,
+Samir Talwar,
+Samuel Dionne-Riel,
+Sebastian Ullrich,
+Sergei Trofimovich,
+Sevan Janiyan,
+Shao Cheng,
+Shea Levy,
+Silvan Mosberger,
+Stefan Frijters,
+Stefan Jaax,
+sternenseemann,
+Steven Shaw,
+Stéphan Kochen,
+SuperSandro2000,
+Suraj Barkale,
+Taeer Bar-Yam,
+Thomas Churchman,
+Théophane Hufschmitt,
+Timothy DeHerrera,
+Timothy Klim,
+Tobias Möst,
+Tobias Pflug,
+Tom Bereknyei,
+Travis A. Everett,
+Ujjwal Jain,
+Vladimír Čunát,
+Wil Taylor,
+Will Dietz,
+Yaroslav Bolyukin,
+Yestin L. Harrison,
+YI,
+Yorick van Pelt,
+Yuriy Taraday and
+zimbatm.
diff --git a/doc/manual/src/release-notes/rl-2.5.md b/doc/manual/src/release-notes/rl-2.5.md
new file mode 100644
index 000000000..9a29938c2
--- /dev/null
+++ b/doc/manual/src/release-notes/rl-2.5.md
@@ -0,0 +1,5 @@
+# Release 2.5 (2021-XX-XX)
+
+* Binary cache stores now have a setting `compression-level`.
+
+* `nix develop` now has a flag `--unpack` to run `unpackPhase`.