NixOS/nix.dev
NixOS/nix.dev
1
0
Fork 0
mirror of https://github.com/NixOS/nix.dev.git synced 2024-10-18 14:32:43 -04:00
Code Activity
nix.dev/source/tutorials/towards-reproducibility-pinning-nixpkgs.md
Garret Kelly 3264e91e74 Update example pinned nixpkgs to a recent one 
The pinned nixpkgs in these examples does not work with more recent
versions of nix.

Fixes #419
2022-12-14 11:27:22 -05:00

2.7 KiB
Raw Blame History

(pinning-nixpkgs)=

Towards reproducibility: pinning Nixpkgs

In various Nix examples, you'll often see references to <nixpkgs>, as follows.

{ pkgs ? import <nixpkgs> {}
}:

...

This is a convenient way to quickly demonstrate a Nix expression and get it working by importing Nix packages.

However, the resulting Nix expression is not fully reproducible.

Pinning packages with URLs inside a Nix expression

To create fully reproducible Nix expressions, we can pin an exact version of Nixpkgs.

The simplest way to do this is to fetch the required Nixpkgs version as a tarball specified via the relevant Git commit hash:

{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/06278c77b5d162e62df170fec307e83f1812d94b.tar.gz") {}
}:

...

Picking the commit can be done via status.nixos.org, which lists all the releases and the latest commit that has passed all tests.

When choosing a commit, it is recommended to follow either

  • the latest stable NixOS release by using a specific version, such as nixos-21.05, or
  • the latest unstable release via nixos-unstable.

Dependency management with niv

If you'd like a bit more automation around bumping dependencies, including Nixpkgs, niv is made for exactly that. Niv itself is available in nixpkgs so using it is simple:

$ nix-shell -p niv --run "niv init"

This command will generate nix/sources.json with information about how and where dependencies are fetched. It will also create nix/sources.nix, which glues the sources together in Nix.

By default, niv will use the latest stable NixOS release. However, you should check to see which version is currently specified in the niv repository if you require a specific release, as it might lag behind.

You can see which version niv is tracking as follows:

$ niv show

And you can change the tracking branch to the one you want like this:

$ niv modify nixpkgs --branch nixos-21.05

You can use the generated nix/sources.nix with a top-level default.nix:

{ sources ? import ./nix/sources.nix
, pkgs ? import sources.nixpkgs {}
}:

...

And you can update all the dependencies by running:

$ nix-shell -p niv --run "niv update"

Next steps

  • For more examples and details of the different ways to pin nixpkgs, see {ref}ref-pinning-nixpkgs.
  • To quickly set up a Nix project, read through Getting started Nix template.